path: root/data/CVE/list

CVE-2009-0431 (SQL injection vulnerability in Default.asp in LinksPro Standard ...)
	NOT-FOR-US: LinksPro
CVE-2009-0430 (Multiple cross-site scripting (XSS) vulnerabilities in Active Bids ...)
	NOT-FOR-US: Active Bids
CVE-2009-0429 (Multiple SQL injection vulnerabilities in Active Bids allow remote ...)
	NOT-FOR-US: Active Bids
CVE-2009-0428 (SQL injection vulnerability in ...)
	NOT-FOR-US: DMXReady Secure Document
CVE-2009-0427 (SQL injection vulnerability in ...)
	NOT-FOR-US: DMXReady Secure Document
CVE-2009-0426 (SQL injection vulnerability in ...)
	NOT-FOR-US: DMXReady Secure Document
CVE-2009-0425 (SQL injection vulnerability in index.php in Blue Eye CMS 1.0.0 and ...)
	NOT-FOR-US: Blue Eye CMS
CVE-2009-0424 (Cross-site scripting (XSS) vulnerability in sign1.php in AN Guestbook ...)
	NOT-FOR-US: AN Guestbook
CVE-2009-0423 (Directory traversal vulnerability in index.php in Php Photo Album ...)
	NOT-FOR-US: Php Photo Album
CVE-2009-0422 (Dynamic variable evaluation vulnerability in lists/admin.php in ...)
	NOT-FOR-US: phpList
CVE-2009-0421 (SQL injection vulnerability in the Eventing (com_eventing) 1.6.x ...)
	NOT-FOR-US: Joomla
CVE-2009-0420 (SQL injection vulnerability in the RD-Autos (com_rdautos) 1.5.5 Stable ...)
	NOT-FOR-US: Joomla
CVE-2009-0419 (Microsoft XML Core Services, as used in Microsoft Expression Web, ...)
	NOT-FOR-US: Microsoft
CVE-2009-0418 (The IPv6 Neighbor Discovery Protocol (NDP) implementation in HP HP-UX ...)
	NOT-FOR-US: HP HP-UX
CVE-2008-6067 (SQL injection vulnerability in search_results.php in E-Shop Shopping ...)
	NOT-FOR-US: E-Shop Shopping Cart
CVE-2008-6066 (Multiple PHP remote file inclusion vulnerabilities in Meet#Web 0.8 ...)
	NOT-FOR-US: Meet#Web
CVE-2008-6065 (Oracle Database Server 10.1, 10.2, and 11g grants directory WRITE ...)
	NOT-FOR-US: Oracle Database Server
CVE-2008-6064 (Multiple SQL injection vulnerabilities in DomPHP 0.81 allow remote ...)
	NOT-FOR-US: DomPHP
CVE-2008-6063 (Microsoft Word 2007, when the "Save as PDF" add-on is enabled, places ...)
	NOT-FOR-US: Microsoft
CVE-2008-6062 (Cross-site scripting (XSS) vulnerability in ActionScript in arbitrary ...)
	NOT-FOR-US: Adobe Dreamweaver
CVE-2008-6061 (Cross-site scripting (XSS) vulnerability in ActionScript in arbitrary ...)
	NOT-FOR-US: Techsmith Camtasia Studio
CVE-2008-6060 (Cross-site scripting (XSS) vulnerability in ActionScript in arbitrary ...)
	NOT-FOR-US: InfoSoft FusionCharts 
CVE-2008-6059 (xml/XMLHttpRequest.cpp in WebCore in WebKit before r38566 does not ...)
	TODO: check
CVE-2008-6058 (Syslserve 1.058 and earlier, and probably 1.059, allows remote ...)
	NOT-FOR-US: Syslserve
CVE-2008-6057 (Doug Luxem Liberum Help Desk 0.97.3 stores db/helpdesk2000.mdb under ...)
	NOT-FOR-US: Doug Luxem Liberum Help Desk
CVE-2008-6056 (Multiple cross-site scripting (XSS) vulnerabilities in World Recipe ...)
	NOT-FOR-US: World Recipe
CVE-2008-6055 (PreProjects Pre Classified Listings stores pclasp.mdb under the web ...)
	NOT-FOR-US: PreProjects Pre Classified Listings
CVE-2008-6054 (PreProjects Pre Courier and Cargo Business stores dbcourior.mdb under ...)
	NOT-FOR-US: PreProjects Pre Classified Listings
CVE-2008-6053 (PreProjects Pre Resume Submitter stores onlineresume.mdb under the web ...)
	NOT-FOR-US: PreProjects Pre Classified Listings
CVE-2008-6052 (PreProjects Pre E-Learning Portal stores db_elearning.mdb under the ...)
	NOT-FOR-US: PreProjects Pre Classified Listings
CVE-2008-6051 (MetaCart Free stores metacart.mdb under the web root with insufficient ...)
	NOT-FOR-US: MetaCart Free
CVE-2008-6050 (SQL injection vulnerability in the Tech Articles (com_tech_article) ...)
	NOT-FOR-US: Tech Articles
CVE-2008-6049 (SQL injection vulnerability in index.php in TinyMCE 2.0.1 allows ...)
	TODO: check
CVE-2008-6048 (Multiple cross-site request forgery (CSRF) vulnerabilities in TangoCMS ...)
	NOT-FOR-US: TangoCMS
CVE-2008-6047 (Cross-site scripting (XSS) vulnerability in ADbNewsSender before 1.5.2 ...)
	NOT-FOR-US: ADbNewsSender
CVE-2008-6046 (SQL injection vulnerability in ADbNewsSender before 1.5.2 allows ...)
	NOT-FOR-US: ADbNewsSender
CVE-2009-0417
	RESERVED
CVE-2009-0416 (The SSL certificate setup program (genSslCert.sh) in Standards Based ...)
	NOT-FOR-US: sblim-sfcb
CVE-2009-0415 (Untrusted search path vulnerability in trickle 1.07 allows local users ...)
	- trickle <unfixed> (bug #513456; low)
	[etch] - trickle <no-dsa> (Minor issue)
CVE-2009-0413 (Cross-site scripting (XSS) vulnerability in RoundCube Webmail ...)
	- roundcube <unfixed> (low; bug #514179)
	[lenny] - roundcube <not-affected> (Vulnerable code not present)
	NOTE: Seems to affect version 0.2, which is only in experimental
CVE-2009-0412 (The ProcessLogin function in class.auth.php in Interspire Shopping ...)
	NOT-FOR-US: Interspire Shopping Cart
CVE-2009-0411 (Google Chrome before 1.0.154.46 does not properly restrict access from ...)
	NOT-FOR-US: Google Chrome
CVE-2009-0410 (Off-by-one error in the SMTP daemon in GroupWise Internet Agent (GWIA) ...)
	NOT-FOR-US: Novell GroupWise
CVE-2009-0409 (SQL injection vulnerability in offline_auth.php in Max.Blog 1.0.6 and ...)
	NOT-FOR-US: Max.Blog
CVE-2009-0408 (Cross-site request forgery (CSRF) vulnerability in osCommerce 2.2 RC ...)
	NOT-FOR-US: osCommerce
CVE-2009-0407 (SQL injection vulnerability in admin/login.php in PHP-CMS Project 1 ...)
	NOT-FOR-US: PHP-CMS
CVE-2009-0406 (SQL injection vulnerability in index.php in Community CMS 0.4 and ...)
	NOT-FOR-US: Community CMS
CVE-2009-0405 (SQL injection vulnerability in articles.php in smartSite CMS 1.0 ...)
	NOT-FOR-US: smartSite CMS
CVE-2009-0404 (Multiple cross-site scripting (XSS) vulnerabilities in Bioinformatics ...)
	NOT-FOR-US: Bioinformatics htmLawed
CVE-2009-0403 (SQL injection vulnerability in admin/authenticate.php in Chipmunk ...)
	NOT-FOR-US: Chipmunk Blogger Script
CVE-2009-0402 (SQL injection vulnerability in client/new_account.php in Domain ...)
	NOT-FOR-US: Domain Technologie Control 
CVE-2009-0401 (SQL injection vulnerability in browsecats.php in E-Php CMS allows ...)
	NOT-FOR-US: E-Php CMS
CVE-2009-0400 (SQL injection vulnerability in blog.php in SocialEngine 3.06 trial ...)
	NOT-FOR-US: SocialEngine
CVE-2009-0399 (Chipmunk Blogger Script allows remote attackers to gain administrator ...)
	NOT-FOR-US: Chipmunk Blogger Script
CVE-2009-0398 (Array index error in the gst_qtp_trak_handler function in ...)
	- gst-plugins-good0.10 <not-affected> (Vulnerable code not present)
	- gst-plugins-bad0.10 <not-affected> (Vulnerable code not present)
CVE-2009-0397 (Heap-based buffer overflow in the qtdemux_parse_samples function in ...)
	- gst-plugins-good0.10 0.10.8-4.1 (bug #514177)
	[lenny] - gst-plugins-good0.10 0.10.8-4.1~lenny1
	[etch] - gst-plugins-good0.10 <not-affected> (plugin in other package)
	- gst-plugins-bad0.10 0.10.4-1
CVE-2009-0396 (The Sony Ericsson W910i, W660i, K618i, K610i, Z610i, K810i, K660i, ...)
	NOT-FOR-US: Sony Ericsson
CVE-2009-0395 (SQL injection vulnerability in the login feature in NetArt Media Car ...)
	NOT-FOR-US: NetArt Media Car Portal
CVE-2009-0394 (SQL injection vulnerability in login.php in Pre Lecture Exercises ...)
	NOT-FOR-US: Pre Lecture Exercises
CVE-2009-0393 (Cross-site scripting (XSS) vulnerability in sysconf.cgi in Motorola ...)
	NOT-FOR-US: Motorola Wimax
CVE-2009-0392 (Directory traversal vulnerability in sysconf.cgi in Motorola Wimax ...)
	NOT-FOR-US: Motorola Wimax
CVE-2009-0391 (Unspecified vulnerability in IBM WebSphere Application Server (WAS) ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2009-0390 (Argument injection vulnerability in Enomaly Elastic Computing Platform ...)
	NOT-FOR-US: Enomaly Elastic Computing Platform
CVE-2009-0389 (Multiple insecure method vulnerabilities in the Web On Windows (WOW) ...)
	NOT-FOR-US: ActiveX
CVE-2009-0388 (Multiple integer signedness errors in (1) UltraVNC 1.0.2 and 1.0.5 and ...)
	- tightvnc <unfixed> (medium; bug #514360)
CVE-2009-0387 (Array index error in the qtdemux_parse_samples function in ...)
	- gst-plugins-good0.10 0.10.8-4.1 (bug #514177)
	[lenny] - gst-plugins-good0.10 0.10.8-4.1~lenny1
	[etch] - gst-plugins-good0.10 <not-affected> (plugin in other package)
	- gst-plugins-bad0.10 0.10.4-1
CVE-2009-0386 (Heap-based buffer overflow in the qtdemux_parse_samples function in ...)
	- gst-plugins-good0.10 0.10.8-4.1 (bug #514177)
	[lenny] - gst-plugins-good0.10 0.10.8-4.1~lenny1
	[etch] - gst-plugins-good0.10 <not-affected> (plugin in other package)
	- gst-plugins-bad0.10 0.10.4-1
CVE-2009-0384 (SQL injection vulnerability in autor.php in OwnRS CMS 1.2 allows ...)
	NOT-FOR-US: OwnRS CMS
CVE-2009-0383 (delete.php in Max.Blog 1.0.6 does not properly restrict access, which ...)
	NOT-FOR-US: Max.Blog
CVE-2009-0382 (Unspecified vulnerability in Internationalization (i18n) Translation ...)
	- drupal5 <not-affected> (Translation module not packaged)
	- drupal6 <not-affected> (Issue only affects the 5.x branch)
CVE-2009-0381 (SQL injection vulnerability in the BazaarBuilder Ecommerce Shopping ...)
	NOT-FOR-US: BazaarBuilder Ecommerce Shopping Cart
CVE-2009-0380 (** DISPUTED ** ...)
	NOT-FOR-US: Sigsiu Online Business Index
CVE-2009-0379 (SQL injection vulnerability in the Prince Clan Chess Club ...)
	NOT-FOR-US: Prince Clan Chess Club
CVE-2009-0378 (Cross-site scripting (XSS) vulnerability in index.php in the ...)
	NOT-FOR-US: Joomla
CVE-2009-0377 (SQL injection vulnerability in the beamospetition (com_beamospetition) ...)
	NOT-FOR-US: Joomla
CVE-2009-0376
	RESERVED
CVE-2009-0375
	RESERVED
CVE-2009-0374 (** DISPUTED ** ...)
	NOT-FOR-US: Google Chrome
CVE-2009-0373 (SQL injection vulnerability in the ElearningForce Flash Magazine ...)
	NOT-FOR-US: Joomla
CVE-2009-0372 (Unrestricted file upload vulnerability in index.php in Miltenovik ...)
	NOT-FOR-US: Miltenovik Manojlo MemHT Portal
CVE-2009-0371 (Directory traversal vulnerability in post.php in SiteXS CMS 0.1.1 and ...)
	NOT-FOR-US: SiteXS CMS
CVE-2009-0370 (Multiple unspecified vulnerabilities in IBM AIX 5.2.0 through 6.1.2 ...)
	NOT-FOR-US: IBM AIX
CVE-2009-0369 (Microsoft Internet Explorer 7 allows remote attackers to trick a user ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2008-6045 (Session fixation vulnerability in xt:Commerce 3.0.4 and earlier allows ...)
	NOT-FOR-US: xt:Commerce
CVE-2008-6044 (Cross-site scripting (XSS) vulnerability in advanced_search_result.php ...)
	NOT-FOR-US: xt:Commerce
CVE-2008-6043 (Multiple SQL injection vulnerabilities in PHP Pro Bid (PPB) 6.04 allow ...)
	NOT-FOR-US: PHP Pro Bid
CVE-2008-6042 (SQL injection vulnerability in the re_search module in NetArtMedia ...)
	NOT-FOR-US: NetArtMedia Real Estate Portal
CVE-2008-6041 (Multiple cross-site scripting (XSS) vulnerabilities in Index.asp in ...)
	NOT-FOR-US: Dataspade
CVE-2008-6040 (SQL injection vulnerability in index.php in Arcadem Pro 2.700 through ...)
	NOT-FOR-US: Arcadem Pro
CVE-2008-6039 (Session fixation vulnerability in BLUEPAGE CMS 2.5 and earlier allows ...)
	NOT-FOR-US: BLUEPAGE CMS
CVE-2008-6038 (SQL injection vulnerability in index.php in MapCal 0.1 allows remote ...)
	NOT-FOR-US: MapCal
CVE-2008-6037 (SQL injection vulnerability in view.php in AvailScript Article Script ...)
	NOT-FOR-US: AvailScript Article Script
CVE-2008-6036 (PHP remote file inclusion vulnerability in main.inc.php in BaseBuilder ...)
	NOT-FOR-US: BaseBuilder
CVE-2008-6035 (Cross-site scripting (XSS) vulnerability in dispatch.php in Achievo ...)
	NOT-FOR-US: Achievo
CVE-2008-6034 (Cross-site scripting (XSS) vulnerability in dispatch.php in Achievo ...)
	NOT-FOR-US: Achievo
CVE-2008-6033 (SQL injection vulnerability in comments.php in WSN Links 2.20 allows ...)
	NOT-FOR-US: WSN Links
CVE-2008-6032 (SQL injection vulnerability in comments.php in WSN Links Free 4.0.34P ...)
	NOT-FOR-US: WSN Links
CVE-2008-6031 (SQL injection vulnerability in vote.php in WSN Links 2.22 and 2.23 ...)
	NOT-FOR-US: WSN Links
CVE-2008-6030 (Multiple SQL injection vulnerabilities in NetArtMedia Jobs Portal 1.3 ...)
	NOT-FOR-US: NetArtMedia Jobs Portal
CVE-2008-6029 (SQL injection vulnerability in search.php in BuzzyWall 1.3.1 and ...)
	NOT-FOR-US: BuzzyWall
CVE-2008-6028 (SQL injection vulnerability in list.php in University of Queensland ...)
	NOT-FOR-US: Library Fez
CVE-2008-6027 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...)
	NOT-FOR-US: BLUEPAGE CMS
CVE-2008-6026 (SQL injection vulnerability in tienda.php in BlueCUBE CMS allows ...)
	NOT-FOR-US: BlueCUBE CMS
CVE-2008-6025 (Directory traversal vulnerability in scr/form.php in openElec 3.01 and ...)
	NOT-FOR-US: openElec
CVE-2008-6024 (Unspecified vulnerability in the NFSv4 client module in the kernel on ...)
	NOT-FOR-US: Sun Solaris
CVE-2008-6023 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: Xnova
CVE-2008-6022 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: Xnova
CVE-2008-6021 (Multiple unspecified vulnerabilities in Attachmate Reflection for ...)
	NOT-FOR-US: Attachmate Reflection
CVE-2008-6020 (SQL injection vulnerability in the Views module 6.x before 6.x-2.2 for ...)
	NOT-FOR-US: View module (drupal module)
CVE-2008-6019 (SQL injection vulnerability in index.php in EACOMM DO-CMS 3.0 allows ...)
	NOT-FOR-US: EACOMM DO-CMS
CVE-2008-6018 (Directory traversal vulnerability in index.php in MyPHPSite, when ...)
	NOT-FOR-US: MyPHPSite
CVE-2008-6017 (SQL injection vulnerability in messages.php in I-Rater Basic allows ...)
	NOT-FOR-US: I-Rater Basic
CVE-2008-6016 (SQL injection vulnerability in questions.php in EsFaq 2.0 allows ...)
	NOT-FOR-US: EsFaq
CVE-2008-6015 (Multiple SQL injection vulnerabilities in search.php in EsFaq 2.0 ...)
	NOT-FOR-US: EsFaq
CVE-2008-6014 (SQL injection vulnerability in scripts/links.php in Rianxosencabos CMS ...)
	NOT-FOR-US: Rianxosencabos CMS
CVE-2008-6013 (Multiple SQL injection vulnerabilities in Freeway before 1.4.3.210 ...)
	NOT-FOR-US: Freeway
CVE-2008-6012 (Directory traversal vulnerability in index.php in Pritlog 0.4 and ...)
	NOT-FOR-US: Pritlog
CVE-2008-6011 (SQL injection vulnerability in index.php in SG Real Estate Portal 2.0 ...)
	NOT-FOR-US: SG Real Estate Portal
CVE-2008-6010 (Multiple directory traversal vulnerabilities in SG Real Estate Portal ...)
	NOT-FOR-US: SG Real Estate Portal
CVE-2008-6009 (SG Real Estate Portal 2.0 allows remote attackers to bypass ...)
	NOT-FOR-US: SG Real Estate Portal
CVE-2008-6008 (hyBook Guestbook Script stores sensitive information under the web ...)
	NOT-FOR-US: hyBook Guestbook Script
CVE-2008-6007 (SQL injection vulnerability in view_group.php in QuidaScript BookMarks ...)
	NOT-FOR-US: QuidaScript BookMarks Favourites Script
CVE-2008-6006 (Multiple PHP remote file inclusion vulnerabilities in Micronation ...)
	NOT-FOR-US: Micronation Banking System
CVE-2009-XXXX [mahara: XSS in forum posts]
	- mahara 1.0.9-1 (low)
	[lenny] - mahara 1.0.4-4
	NOTE: CVE id requested
CVE-2009-XXXX [squid: denial of server]
	- squid 2.7.STABLE3-4.1 (medium; bug #514142)
	[etch] - squid <not-affected> (Vulnerable code not present)
	NOTE: http://www.squid-cache.org/Advisories/SQUID-2009_1.txt
	NOTE: CVE id requested
CVE-2009-XXXX [bugzilla: Insufficiently Random Numbers]
	- bugzilla <unfixed> (bug filed)
CVE-2009-XXXX [bugzilla: Abuse of Functionality (Attachments)]
	- bugzilla <unfixed> (bug filed)
CVE-2009-XXXX [bugzilla: Cross-Site Request Forgery (2x)]
	- bugzilla <unfixed> (bug filed)
CVE-2009-XXXX [glpi sql injection]
	- glpi 0.71.5-1 (bug #513611)
CVE-2009-XXXX [buffer overflow]
	- audacity 1.3.6-1 (bug #514138)
	NOTE: http://www.milw0rm.com/exploits/7634
	NOTE: https://bugs.gentoo.org/show_bug.cgi?id=253493
	NOTE: CVE id requested
CVE-2009-0368
	RESERVED
CVE-2009-0367
	RESERVED
CVE-2009-0366
	RESERVED
CVE-2009-0365
	RESERVED
CVE-2009-0364
	RESERVED
CVE-2009-0363
	RESERVED
CVE-2009-0362
	RESERVED
CVE-2009-0361
	RESERVED
CVE-2009-0360
	RESERVED
CVE-2009-0359
	RESERVED
CVE-2009-0358 (Mozilla Firefox 3.x before 3.0.6 does not properly implement the (1) ...)
	- iceweasel 3.0
	[etch] - iceweasel <not-affected> (Only affects Firefox 3.x)
	NOTE: Iceweasel in Lenny links against Xulrunner
	- xulrunner 1.9.0.5-1
	[etch] - xulrunner <not-affected> (Only affects Xulrunner 1.9)
CVE-2009-0357 (Mozilla Firefox before 3.0.6 and SeaMonkey before 1.1.15 do not ...)
	- iceweasel 3.0
	NOTE: Iceweasel in Lenny links against Xulrunner
	- xulrunner 1.9.0.5-1
	- iceape 1.1.14-1.1  
	NOTE: Iceape in Lenny only provides XPCOM libs
CVE-2009-0356 (Mozilla Firefox before 3.0.6 and SeaMonkey do not block links to the ...)
	- iceweasel 3.0
	NOTE: Iceweasel in Lenny links against Xulrunner
	- xulrunner 1.9.0.5-1
	- iceape 1.1.14-1.1  
	NOTE: Iceape in Lenny only provides XPCOM libs
CVE-2009-0355 (components/sessionstore/src/nsSessionStore.js in Mozilla Firefox ...)
	- iceweasel 3.0.6-1
CVE-2009-0354 (Cross-domain vulnerability in js/src/jsobj.cpp in Mozilla Firefox 3.x ...)
	- iceweasel 3.0
	[etch] - iceweasel <not-affected> (Only affects Firefox 3.x)
	NOTE: Iceweasel in Lenny links against Xulrunner
	- xulrunner 1.9.0.5-1
	[etch] - xulrunner <not-affected> (Only affects Xulrunner 1.9)
CVE-2009-0353 (Unspecified vulnerability in Mozilla Firefox 3.x before 3.0.6, ...)
	- iceweasel 3.0
	NOTE: Iceweasel in Lenny links against Xulrunner
	- xulrunner 1.9.0.5-1
	- iceape 1.1.14-1.1  
	NOTE: Iceape in Lenny only provides XPCOM libs
	- icedove <unfixed>
CVE-2009-0352 (Multiple unspecified vulnerabilities in Mozilla Firefox 3.x before ...)
	- iceweasel 3.0
	NOTE: Iceweasel in Lenny links against Xulrunner
	- xulrunner 1.9.0.5-1
	- iceape 1.1.14-1.1  
	NOTE: Iceape in Lenny only provides XPCOM libs
	- icedove <unfixed>
CVE-2009-0343 (Niels Provos Systrace 1.6f and earlier on the x86_64 Linux platform ...)
	NOT-FOR-US: Systrace
CVE-2009-0342 (Niels Provos Systrace before 1.6f on the x86_64 Linux platform allows ...)
	NOT-FOR-US: Systrace
CVE-2009-0351 (Stack-based buffer overflow in WFTPSRV.exe in WinFTP 2.3.0 allows ...)
	NOT-FOR-US: WinFTP
CVE-2009-0350 (Stack-based buffer overflow in Merak Media Player 3.2 allows remote ...)
	NOT-FOR-US: Merak Media Player
CVE-2009-0349 (Stack-based buffer overflow in FTPShell Server 4.3 allows ...)
	NOT-FOR-US: FTPShell Server
CVE-2009-0348 (The login module in Sun Java System Access Manager 6 2005Q1 (aka 6.3), ...)
	NOT-FOR-US: Sun Java System Access Manager
CVE-2009-0347 (Open redirect vulnerability in cs.html in the Autonomy (formerly ...)
	NOT-FOR-US: Autonomy (formerly Verity) Ultraseek search engine
CVE-2009-0346 (The IP-in-IP packet processing implementation in the IPsec and IP ...)
	NOT-FOR-US: Sun Solaris
CVE-2009-0345 (Unspecified vulnerability in the Embedded Lights Out Manager (ELOM) on ...)
	NOT-FOR-US: Embedded Lights Out Manager (ELOM)
CVE-2009-0344 (Unspecified vulnerability in the Embedded Lights Out Manager (ELOM) on ...)
	NOT-FOR-US: Embedded Lights Out Manager (ELOM)
CVE-2009-0341 (The shell32 module in Microsoft Internet Explorer 7.0 on Windows XP ...)
	NOT-FOR-US: Microsoft
CVE-2009-0340 (Multiple directory traversal vulnerabilities in Simple PHP Newsletter ...)
	NOT-FOR-US: Simple PHP Newsletter
CVE-2009-0339 (SQL injection vulnerability in inc_webblogmanager.asp in DMXReady Blog ...)
	NOT-FOR-US: DMXReady Blog Manager
CVE-2009-0338 (Cross-site scripting (XSS) vulnerability in inc_webblogmanager.asp in ...)
	NOT-FOR-US: DMXReady Blog Manager
CVE-2009-0337 (SQL injection vulnerability in index.asp in Katy Whitton BlogIt! ...)
	NOT-FOR-US: Katy Whitton BlogIt!
CVE-2009-0336 (Katy Whitton BlogIt! stores sensitive information under the web root ...)
	NOT-FOR-US: Katy Whitton BlogIt!
CVE-2009-0335 (Cross-site scripting (XSS) vulnerability in index.asp in Katy Whitton ...)
	NOT-FOR-US: Katy Whitton BlogIt!
CVE-2009-0334 (SQL injection vulnerability in index.asp in Katy Whitton BlogIt! ...)
	NOT-FOR-US: Katy Whitton BlogIt!
CVE-2009-0333 (SQL injection vulnerability in the WebAmoeba (WA) Ticket System ...)
	NOT-FOR-US: Joomla!
CVE-2009-0332 (Multiple SQL injection vulnerabilities in AV Book Library before 1.1 ...)
	NOT-FOR-US: AV Book Library
CVE-2009-0331 (Directory traversal vulnerability in gallery/comment.php in Enhanced ...)
	NOT-FOR-US: Enhanced Simple PHP Gallery (ESPG)
CVE-2009-0330 (Directory traversal vulnerability in index.php in Simple Content ...)
	NOT-FOR-US: Simple Content Management System (SCMS)
CVE-2009-0329 (SQL injection vulnerability in the PcCookBook (com_pccookbook) ...)
	NOT-FOR-US: Joomla!
CVE-2009-0328 (ROBS-PROJECTS Digital Sales IPN (aka DS-IPN.NET or DS-IPN Paypal Shop) ...)
	NOT-FOR-US: ROBS-PROJECTS Digital Sales IPN
CVE-2009-0327 (SQL injection vulnerability in readbible.php in Free Bible Search PHP ...)
	NOT-FOR-US: Free Bible Search PHP Script
CVE-2009-0326 (SQL injection vulnerability in login.php in Dark Age CMS 0.2c beta ...)
	NOT-FOR-US: Dark Age CMS
CVE-2009-0325 (Directory traversal vulnerability in entries/index.php in Ninja Blog ...)
	NOT-FOR-US: Ninja Blog
CVE-2009-0324 (Multiple SQL injection vulnerabilities in BibCiter 1.4 allow remote ...)
	NOT-FOR-US: BibCiter
CVE-2009-0322 (drivers/firmware/dell_rbu.c in the Linux kernel before 2.6.27.13, and ...)
	- linux-2.6 <unfixed>
	- linux-2.6.24 <removed>
CVE-2009-0321 (Apple Safari 3.2.1 (aka AppVer 3.525.27.1) on Windows allows remote ...)
	NOT-FOR-US: Apple Safari on Windows
CVE-2009-0320 (Microsoft Windows XP, Server 2003 and 2008, and Vista exposes I/O ...)
	NOT-FOR-US: Microsoft Windows
CVE-2009-0319 (Unspecified vulnerability in the autofs module in the kernel in Sun ...)
	NOT-FOR-US: Solaris
CVE-2008-6004 (Cross-site scripting (XSS) vulnerability in search.php in AJ Auction ...)
	NOT-FOR-US: AJ Auction Pro Platinum
CVE-2008-6003 (SQL injection vulnerability in sellers_othersitem.php in AJ Auction ...)
	NOT-FOR-US: AJ Auction Pro Platinum
CVE-2008-6002 (Absolute path traversal vulnerability in sendfile.php in web-cp 0.5.7, ...)
	NOT-FOR-US: web-cp
CVE-2008-6001 (index.php in ADN Forum 1.0b and earlier allows remote attackers to ...)
	NOT-FOR-US: ADN Forum
CVE-2008-6000 (The GDTdiIcpt.sys driver in G DATA AntiVirus 2008, InternetSecurity ...)
	NOT-FOR-US: G DATA AntiVirus
CVE-2008-5999 (Cross-site scripting (XSS) vulnerability in the Ajax Checklist module ...)
	NOT-FOR-US: Ajax Checklist module for Drupal
CVE-2008-5998 (Multiple SQL injection vulnerabilities in the ajax_checklist_save ...)
	NOT-FOR-US: Ajax Checklist module for Drupal
CVE-2008-5997 (Absolute path traversal vulnerability in ...)
	NOT-FOR-US: Omnicom Content Platform
CVE-2008-5996 (Cross-site scripting (XSS) vulnerability in the Simplenews module 5.x ...)
	NOT-FOR-US: Simplenews module for Drupal
CVE-2008-5995 (Cross-site scripting (XSS) vulnerability in the freeCap CAPTCHA ...)
	NOT-FOR-US: freeCap CAPTCHA extension for Typo3
CVE-2008-5994 (Cross-site scripting (XSS) vulnerability in index.php in Check Point ...)
	NOT-FOR-US: Check Point Connectra
CVE-2008-5993 (Directory traversal vulnerability in image.php in Barcode Generator 1D ...)
	NOT-FOR-US: Barcode Generator 1D
CVE-2008-5992 (Multiple SQL injection vulnerabilities in Jetik Emlak Sistem A (ESA) ...)
	NOT-FOR-US: Jetik Emlak Sistem
CVE-2008-5991 (Directory traversal vulnerability in docs.php in MailWatch for ...)
	NOT-FOR-US: MailWatch for MailScanner 
CVE-2008-5990 (Directory traversal vulnerability in connect/init.inc in emergecolab ...)
	NOT-FOR-US: emergecolab
CVE-2008-5989 (Directory traversal vulnerability in defs.php in PHPcounter 1.3.2 and ...)
	NOT-FOR-US: PHPcounterJadu CMS
CVE-2008-5988 (SQL injection vulnerability in scripts/recruit_details.php in Jadu CMS ...)
	NOT-FOR-US: Jadu CMS
CVE-2008-XXXX [minor cyrus sasl DoS]
	- cyrus-sasl2 2.1.22.dfsg1-18 (bug #465561)
	[etch] - cyrus-sasl2 <no-dsa> (Minor issue)
CVE-2009-0385 (Integer signedness error in the fourxm_read_header function in ...)
	- ffmpeg-debian 0.svn20080206-16
	- ffmpeg <removed> 
	- mplayer 1.0~rc2-14
	NOTE: MPlayer links against libavformat since 1.0~rc2-14, etch Mplayer still needs a fix
	NOTE: http://git.ffmpeg.org/?p=ffmpeg;a=commitdiff;h=72e715fb798f2cb79fd24a6d2eaeafb7c6eeda17
CVE-2009-XXXX [file inclusion vuln in util/barcode.php and XSS in horde3]
	- horde3 3.2.2+debian0-2 (bug #513265)
CVE-2009-0318 (Untrusted search path vulnerability in the GObject Python interpreter ...)
	- gnumeric 1.8.4-3 (low; bug #513418)
	TODO: next point release: [etch] - gnumeric 1.6.3-5.1+etch2
	[etch] - gnumeric <no-dsa> (Minor issue)
CVE-2009-0317 (Untrusted search path vulnerability in the Python language bindings ...)
	- nautilus-python 0.4.3-3.2 (low; bug #513419)
CVE-2009-0316 (Untrusted search path vulnerability in the Python module in vim allows ...)
	- vim 2:7.2.025-2 (low; bug #493937)
	[lenny] - vim 1:7.1.314-3+lenny2
	NOTE: Could be fixed via next DSA with other issues
CVE-2009-0315 (Untrusted search path vulnerability in the Python module in xchat ...)
	- xchat 2.8.6-2.1 (low; bug #513509)
	[etch] - xchat <no-dsa> (Minor issue)
CVE-2009-0314 (Untrusted search path vulnerability in the Python module in gedit ...)
	- gedit 2.22.3-2 (low; bug #513513)
	[etch] - gedit <no-dsa> (Minor issue)
CVE-2009-0313 (winetricks before 20081223 allows local users to overwrite arbitrary ...)
	NOT-FOR-US: winetricks
CVE-2009-0311 (The Backbone service (ftbackbone.exe) in EMC AutoStart before 5.3 SP2 ...)
	NOT-FOR-US: EMC AutoStart
CVE-2009-0310
	RESERVED
CVE-2009-0309
	RESERVED
CVE-2009-0308
	RESERVED
CVE-2009-0307
	RESERVED
CVE-2009-0306
	RESERVED
CVE-2009-0305
	RESERVED
CVE-2009-0304 (The kernel in Sun Solaris 10 and 11 snv_101b, and OpenSolaris before ...)
	NOT-FOR-US: Solaris
CVE-2009-0303 (Cross-site scripting (XSS) vulnerability in Web Help Desk before ...)
	NOT-FOR-US: Web Help Desk
CVE-2009-0302 (SQL injection vulnerability in the Downloads 8.0 module for PHP-Nuke, ...)
	NOT-FOR-US: PHP-Nuke
CVE-2009-0301 (Multiple insecure method vulnerabilities in the FlexCell.Grid ActiveX ...)
	NOT-FOR-US: FlexCell Grid Control
CVE-2009-0300
	REJECTED
CVE-2009-0299 (SQL injection vulnerability in index.php in Groone GLinks 2.1 allows ...)
	NOT-FOR-US: Groone GLinks
CVE-2009-0298 (Heap-based buffer overflow in MW6 Technologies Barcode ActiveX control ...)
	NOT-FOR-US: MW6 Technologies Barcode
CVE-2009-0297 (SQL injection vulnerability in login_check.asp in ClickAuction allows ...)
	NOT-FOR-US: ClickAuction
CVE-2009-0296 (SQL injection vulnerability in shop_display_products.php in Script ...)
	NOT-FOR-US: Script Toko Online
CVE-2009-0295 (SQL injection vulnerability in index.php in Information Technology ...)
	NOT-FOR-US: ITLPoll
CVE-2009-0294 (Multiple PHP remote file inclusion vulnerabilities in WB News 2.0.1, ...)
	NOT-FOR-US: WB News
CVE-2009-0293 (SQL injection vulnerability in profile_view.php in Wazzum Dating ...)
	NOT-FOR-US: Wazzum Dating Software
CVE-2009-0292 (SQL injection vulnerability in show_cat2.php in SHOP-INET 4 allows ...)
	NOT-FOR-US: SHOP-INET
CVE-2009-0291 (Directory traversal vulnerability in fc.php in OpenX 2.6.3 allows ...)
	NOT-FOR-US: OpenX
CVE-2009-0290 (Directory traversal vulnerability in common.php in SIR GNUBoard ...)
	NOT-FOR-US: GNUBoard
CVE-2009-0289 (k23productions TFTPUtil GUI 1.2.0 and 1.3.0 allows remote attackers to ...)
	NOT-FOR-US: k23productions TFTPUtil GUI
CVE-2009-0288 (Directory traversal vulnerability in k23productions TFTPUtil GUI 1.2.0 ...)
	NOT-FOR-US: k23productions TFTPUtil GUI
CVE-2009-0287 (SQL injection vulnerability in lib/patUser.php in KEEP Toolkit before ...)
	NOT-FOR-US: KEEP Toolkit
CVE-2009-0286 (Directory traversal vulnerability in upgrade/index.php in OpenGoo 1.1, ...)
	NOT-FOR-US: OpenGoo
CVE-2009-0285 (Cross-site scripting (XSS) vulnerability in error.asp in BBSXP 5.13 ...)
	NOT-FOR-US: BBSXP
CVE-2009-0284 (SQL injection vulnerability in category.php in Flax Article Manager ...)
	NOT-FOR-US: Flax Article Manager
CVE-2009-0283 (Cross-site scripting (XSS) vulnerability in err.asp in Oblog allows ...)
	NOT-FOR-US: Oblog
CVE-2009-0281 (SQL injection vulnerability in login.aspx in WarHound Walking Club ...)
	NOT-FOR-US: WarHound Walking Club
CVE-2009-0280 (Asp Project Management 1.0 allows remote attackers to bypass ...)
	NOT-FOR-US: Asp Project Management
CVE-2009-0279 (SQL injection vulnerability in comentar.php in Pardal CMS 0.2.0 and ...)
	NOT-FOR-US: Pardal CMS
CVE-2008-5987 (Untrusted search path vulnerability in the Python interface in eog ...)
	- eog 2.22.3-2 (bug #504352; low)
	[etch] - eog <not-affected> (Vulnerable code not present)
CVE-2008-5986 (Untrusted search path vulnerability in the (1) &quot;VST plugin with Python ...)
	- csound 5.08.2~dfsg-1.1 (bug #504359; low)
	[lenny] - csound 1:5.08.0.dfsg2-8+lenny2 (bug #504359; low)
	[etch] - csound <not-affected> (Vulnerable code not present)
CVE-2008-5985 (Untrusted search path vulnerability in the Python interface in ...)
	- epiphany-browser 2.22.3-7 (bug #504363; low)
	[etch] - epiphany-browser <no-dsa> (Minor issue, only vulnerable when called from certain dir)
CVE-2008-5984 (Untrusted search path vulnerability in the Python plugin in Dia ...)
	- dia 0.96.1-7.1 (low; bug #504251)
	[etch] - dia <no-dsa> (Minor issue, only vulnerable when called from certain dir)
CVE-2008-5983 (Untrusted search path vulnerability in the PySys_SetArgv API function ...)
	TODO: check
CVE-2008-5982 (Format string vulnerability in BMC PATROL Agent before 3.7.30 allows ...)
	NOT-FOR-US: BMC PATROL Agent
CVE-2009-0323 (Multiple stack-based buffer overflows in W3C Amaya Web Browser 10.0 ...)
	- amaya <unfixed> (medium; bug #507587)
	NOTE: http://www.coresecurity.com/content/amaya-buffer-overflows
CVE-2009-0282 (Integer overflow in Ralink Technology USB wireless adapter (RT73) 3.08 ...)
	{DSA-1714-1 DSA-1713-1 DSA-1712-1}
	- rt2400 1.2.2+cvs20080623-3 (bug #512999)
	- rt2500 1:1.1.0-b4+cvs20080623-3 (bug #513000)
	- rt2570 1.1.0+cvs20080623-2 (bug #513001)
	- rt73 1:1.0.3.6-cvs20080623-dfsg1-3 (bug #512995)
CVE-2009-0312 (Cross-site scripting (XSS) vulnerability in the antispam feature ...)
	{DSA-1715-1 DTSA-187-1}
	- moin 1.8.1-1.1 (low)
	NOTE: http://hg.moinmo.in/moin/1.7/rev/89b91bf87dad
CVE-2009-0276 (Cross-domain vulnerability in the V8 JavaScript engine in Google ...)
	NOT-FOR-US: Google Chrome
CVE-2009-0274 (Unspecified vulnerability in WebAccess in Novell GroupWise 6.5, 7.0, ...)
	NOT-FOR-US: Novell GroupWise
CVE-2009-0273 (Multiple cross-site scripting (XSS) vulnerabilities in Novell ...)
	NOT-FOR-US: Novell GroupWise
CVE-2009-0272 (Cross-site request forgery (CSRF) vulnerability in Novell GroupWise ...)
	NOT-FOR-US: Novell GroupWise
CVE-2009-0269 (fs/ecryptfs/inode.c in the eCryptfs subsystem in the Linux kernel ...)
	- linux-2.6 <unfixed>
	[etch] - linux-2.6 <not-affected> (ecryptfs was merged in 2.6.19)
	- linux-2.6.24 <removed>
CVE-2009-0265 (Internet Systems Consortium (ISC) BIND 9.6.0 and earlier does not ...)
	- bind9 <not-affected> (vulnerable code not present, introduced in 9.6.x)
CVE-2008-5968 (Directory traversal vulnerability in print.php in PHP iCalendar 2.24 ...)
	- phpicalendar <unfixed> (bug #513517)
CVE-2008-5967 (admin/index.php in PHP iCalendar 2.3.4, 2.24, and earlier does not ...)
	- phpicalendar <unfixed> (bug #513517)
CVE-2009-0278 (Sun Java System Application Server (AS) 8.1 and 8.2 allows remote ...)
	NOT-FOR-US: Sun Java System Application Server (AS)
CVE-2009-0277 (Unspecified vulnerability in the kernel in OpenSolaris snv_100 through ...)
	NOT-FOR-US: OpenSolaris
CVE-2009-0275 (Static code injection vulnerability in admin.php in Ryneezy phoSheezy ...)
	NOT-FOR-US: Ryneezy phoSheezy
CVE-2009-0271 (Directory traversal vulnerability in the TFTP service in Fujitsu ...)
	NOT-FOR-US: Fujitsu SystemcastWizard Lite
CVE-2009-0270 (Stack-based buffer overflow in PXEService.exe in Fujitsu ...)
	NOT-FOR-US: Fujitsu SystemcastWizard Lite
CVE-2009-0268 (Race condition in the pseudo-terminal (aka pty) driver module in Sun ...)
	NOT-FOR-US: Sun Solaris
CVE-2009-0267 (libike in Sun Solaris 9 and 10, and OpenSolaris before snv_100, does ...)
	NOT-FOR-US: Sun Solaris
CVE-2009-0266 (Stack-based buffer overflow in Triologic Media Player 8.0.0.0 allows ...)
	NOT-FOR-US: Triologic Media Player
CVE-2009-0264 (Buffer overflow in the Registry Setting Tool in Fujitsu ...)
	NOT-FOR-US: Fujitsu SystemcastWizard Lite
CVE-2008-5981 (PacPoll 4.0 stores sensitive information under the web root with ...)
	NOT-FOR-US: PacPoll
CVE-2008-5980 (Ocean12 Mailing List Manager Gold stores sensitive data under the web ...)
	NOT-FOR-US: Ocean12 Mailing List Manager Gold
CVE-2008-5979 (Cross-site scripting (XSS) vulnerability in default.asp in Ocean12 ...)
	NOT-FOR-US: Ocean12 Mailing List Manager Gold
CVE-2008-5978 (Multiple SQL injection vulnerabilities in Ocean12 Mailing List Manager ...)
	NOT-FOR-US: Ocean12 Mailing List Manager Gold
CVE-2008-5977 (SQL injection vulnerability in siteadmin/forgot.php in PHP JOBWEBSITE ...)
	NOT-FOR-US: PHP JOBWEBSITE PRO
CVE-2008-5976 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
	NOT-FOR-US: PHP JOBWEBSITE PRO
CVE-2008-5975 (SQL injection vulnerability in links.asp in Active Price Comparison ...)
	NOT-FOR-US: Active Price Comparison
CVE-2008-5974 (Multiple SQL injection vulnerabilities in login.aspx in Active Price ...)
	NOT-FOR-US: Active Price Comparison
CVE-2008-5973 (SQL injection vulnerability in login.aspx in Active Web Mail 4.0 ...)
	NOT-FOR-US: Active Web Mail
CVE-2008-5972 (SQL injection vulnerability in default.asp in Active Business ...)
	NOT-FOR-US: Active Business Directory
CVE-2008-5971 (Cross-site scripting (XSS) vulnerability in profile_social.php in ...)
	NOT-FOR-US: i-Net Solution Orkut Clone
CVE-2008-5970 (SQL injection vulnerability in profile_social.php in i-Net Solution ...)
	NOT-FOR-US: i-Net Solution Orkut Clone
CVE-2008-5969 (SQL injection vulnerability in popupproduct.php in Sunbyte e-Flower ...)
	NOT-FOR-US: Sunbyte e-Flower
CVE-2008-5966 (globsy_edit.php in Globsy 1.0 and earlier allows remote attackers to ...)
	NOT-FOR-US: Globsy
CVE-2008-5965 (Directory traversal vulnerability in index.php in LokiCMS 0.3.4 and ...)
	NOT-FOR-US: LokiCMS
CVE-2009-0263 (Multiple buffer overflows in Winamp 5.541 and earlier allow remote ...)
	NOT-FOR-US: Winamp
CVE-2009-0262 (Stack-based buffer overflow in Triologic Media Player 7 and 8.0.0.0 ...)
	NOT-FOR-US: Triologic Media Player
CVE-2009-0261 (Stack-based buffer overflow in EffectMatrix Total Video Player 1.31 ...)
	NOT-FOR-US: EffectMatrix Total Video Player
CVE-2009-0260 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
	{DSA-1715-1 DTSA-187-1}
	- moin 1.8.1-1.1 (bug #513158; low)
CVE-2008-5964 (Session fixation vulnerability in Social ImpressCMS before 1.1.1 RC1 ...)
	NOT-FOR-US: Social ImpressCMS
CVE-2008-5963 (Eval injection vulnerability in library/setup/rpc.php in Gravity ...)
	NOT-FOR-US: Gravity Getting Things Done
CVE-2008-5962 (Directory traversal vulnerability in library/setup/rpc.php in Gravity ...)
	NOT-FOR-US: Gravity Getting Things Done
CVE-2008-5961 (Cross-site scripting (XSS) vulnerability in index.php in Tribiq CMS ...)
	NOT-FOR-US: Tribiq CMS Community
CVE-2008-5960 (SQL injection vulnerability in index.php in Tribiq CMS Community ...)
	NOT-FOR-US: Tribiq CMS Community
CVE-2008-5959 (Multiple SQL injection vulnerabilities in start.asp in Active Test 2.1 ...)
	NOT-FOR-US: Active Test
CVE-2008-5958 (Multiple SQL injection vulnerabilities in Active Test 2.1 allow remote ...)
	NOT-FOR-US: Active Test
CVE-2008-5957 (SQL injection vulnerability in the Mydyngallery (com_mydyngallery) ...)
	NOT-FOR-US: Joomla
CVE-2008-5956 (Wbstreet (aka PHPSTREET Webboard) 1.0 stores sensitive information ...)
	NOT-FOR-US: Wbstreet
CVE-2008-5955 (SQL injection vulnerability in show.php in Wbstreet (aka PHPSTREET ...)
	NOT-FOR-US: Wbstreet
CVE-2008-5954 (SQL injection vulnerability in KTP Computer Customer Database (KTPCCD) ...)
	NOT-FOR-US: KTP Computer Customer Database (KTPCCD) CMS
CVE-2008-5953 (Directory traversal vulnerability in KTP Computer Customer Database ...)
	NOT-FOR-US: KTP Computer Customer Database (KTPCCD) CMS
CVE-2008-5952 (SQL injection vulnerability in KTP Computer Customer Database (KTPCCD) ...)
	NOT-FOR-US: KTP Computer Customer Database (KTPCCD) CMS
CVE-2008-5951 (ASP Template Creature stores sensitive information under the web root ...)
	NOT-FOR-US: ASP Template Creature
CVE-2008-5950 (SQL injection vulnerability in media/media_level.asp in ASP Template ...)
	NOT-FOR-US: ASP Template Creature
CVE-2008-5949 (Multiple PHP remote file inclusion vulnerabilities in ccTiddly 1.7.4 ...)
	NOT-FOR-US: ccTiddly
CVE-2008-5948 (Directory traversal vulnerability in index.php in BNCwi 1.04 and ...)
	NOT-FOR-US: BNCwi
CVE-2009-XXXX [QuickTime Processing Vulnerabilities in GStreamer Good Plug-ins]
	- gst-plugins-good0.10 0.10.8-4.1 (bug #512818)
	[lenny] - gst-plugins-good0.10 0.10.8-4.1~lenny1
CVE-2009-0259 (The Word processor in OpenOffice.org 1.1.2 through 1.1.5 allows ...)
	- openoffice.org 2.0.4.dfsg.2-7
	NOTE: Checked with maintainer and issue was fixed long ago, marking etch version as fixed for now
CVE-2009-0254 (Stack-based buffer overflow in easyHDR PRO 1.60.2 allows user-assisted ...)
	NOT-FOR-US: easyHDR PRO
CVE-2009-0253 (Mozilla Firefox 3.0.5 allows remote attackers to trick a user into ...)
	- iceweasel <unfixed> (low; bug #513004)
	TODO: check if xulrunner etc are also affected by this
	NOTE: the attack basically works but the URL bar still shows the correct location after
	NOTE: clicking the link, still there is the risk to miss this
CVE-2009-0252 (Multiple SQL injection vulnerabilities in default.asp in Enthrallweb ...)
	NOT-FOR-US: Enthrallweb eReservations
CVE-2009-0251 (Static code injection vulnerability in admin.php in Ryneezy phoSheezy ...)
	NOT-FOR-US: Ryneezy phoSheezy
CVE-2009-0250 (Ryneezy phoSheezy 0.2 stores sensitive information under the web root ...)
	NOT-FOR-US: Ryneezy phoSheezy
CVE-2009-0249 (Katy Whitton RankEm stores sensitive information under the web root ...)
	NOT-FOR-US: Katy Whitton RankEm
CVE-2009-0248 (Cross-site scripting (XSS) vulnerability in rankup.asp in Katy Whitton ...)
	NOT-FOR-US: Katy Whitton RankEm
CVE-2009-0247 (The server for 53KF Web IM 2009 Home, Professional, and Enterprise ...)
	NOT-FOR-US: 53KF Web IM
CVE-2009-0246 (Stack-based buffer overflow in easyHDR PRO 1.60.2 allows user-assisted ...)
	NOT-FOR-US: easyHDR PRO
CVE-2009-0414 (Unspecified vulnerability in Tor before 0.2.0.33 has unspecified ...)
	- tor 0.2.0.33-1
CVE-2009-0245 (Cross-site scripting (XSS) vulnerability in Usagi Project MyNETS ...)
	NOT-FOR-US: Usagi Project MyNETS
CVE-2009-0244 (Directory traversal vulnerability in the OBEX FTP Service in the ...)
	NOT-FOR-US: Microsoft product
CVE-2009-0243 (Microsoft Windows does not properly enforce the Autorun and ...)
	NOT-FOR-US: Microsoft product
CVE-2008-5947 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: YapBB
CVE-2008-5946 (SQL injection vulnerability in readmore.php in PHP-Fusion 4.01 allows ...)
	NOT-FOR-US: PHP-Fusion
CVE-2008-5945 (Nukeviet 2.0 Beta allows remote attackers to bypass authentication and ...)
	NOT-FOR-US: Nukeviet
CVE-2008-5944 (Cross-site scripting (XSS) vulnerability in modules.php in NavBoard 16 ...)
	NOT-FOR-US: NavBoard
CVE-2008-5943 (Multiple directory traversal vulnerabilities in NavBoard 16 (2.6.0) ...)
	NOT-FOR-US: NavBoard
CVE-2008-5942 (Multiple cross-site scripting (XSS) vulnerabilities in MODx before ...)
	NOT-FOR-US: MODx CMS
CVE-2008-5941 (Cross-site request forgery (CSRF) vulnerability in MODx 0.9.6.1p2 and ...)
	NOT-FOR-US: MODx CMS
CVE-2008-5940 (SQL injection vulnerability in index.php in MODx 0.9.6.2 and earlier, ...)
	NOT-FOR-US: MODx CMS
CVE-2008-5939 (Cross-site scripting (XSS) vulnerability in index.php in MODx CMS ...)
	NOT-FOR-US: MODx CMS
CVE-2008-5938 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: MODx CMS
CVE-2008-5937 (AyeView 2.20 allows user-assisted attackers to cause a denial of ...)
	NOT-FOR-US: AyeView
CVE-2008-5936 (front-end/edit.php in mini-pub 0.3 and earlier allows remote attackers ...)
	NOT-FOR-US: mini-pub
CVE-2008-5935 (Facto stores sensitive information under the web root with ...)
	NOT-FOR-US: Facto
CVE-2008-5934 (SQL injection vulnerability in index.php in CMS ISWEB 3.0 allows ...)
	NOT-FOR-US: CMS ISWEB
CVE-2008-5933 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...)
	NOT-FOR-US: CMS ISWEB
CVE-2008-5932 (CodeAvalanche FreeForum stores sensitive information under the web ...)
	NOT-FOR-US: CodeAvalanche FreeForum
CVE-2008-5931 (The Net Guys ASPired2Blog stores sensitive information under the web ...)
	NOT-FOR-US: ASPired2Blog
CVE-2008-5930 (SQL injection vulnerability in admin/blog_comments.asp in The Net Guys ...)
	NOT-FOR-US: ASPired2Blog
CVE-2008-5929 (VP-ASP Shopping Cart 6.50 stores sensitive information under the web ...)
	NOT-FOR-US: VP-ASP Shopping Cart
CVE-2008-5928 (SQL injection vulnerability in redir.php in Free Links Directory ...)
	NOT-FOR-US: Free Links Directory Script
CVE-2008-5927 (Multiple SQL injection vulnerabilities in admin/usercheck.php in ...)
	NOT-FOR-US: FlexPHPNews
CVE-2008-5926 (Multiple SQL injection vulnerabilities in login.asp in ASP-DEv ...)
	NOT-FOR-US: ASP-DEv
CVE-2008-5925 (ASP-DEv XM Events Diary stores sensitive information under the web ...)
	NOT-FOR-US: ASP-DEv
CVE-2008-5924 (SQL injection vulnerability in diary_viewC.asp in ASP-DEv XM Events ...)
	NOT-FOR-US: ASP-DEv
CVE-2008-5923 (SQL injection vulnerability in default.asp in ASP-DEv XM Events Diary ...)
	NOT-FOR-US: ASP-DEv
CVE-2008-5922 (Multiple PHP remote file inclusion vulnerabilities in ...)
	NOT-FOR-US: Cant Find A Gaming CMS
CVE-2008-5921 (SQL injection vulnerability in albums.php in Umer Inc Songs Portal ...)
	NOT-FOR-US: Umer Inc Songs Portal
CVE-2009-0255 (The System extension Install tool in TYPO3 4.0.0 through 4.0.9, 4.1.0 ...)
	{DSA-1711-1}
	- typo3-src 4.2.4-1
CVE-2009-0256 (Session fixation vulnerability in the authentication library in TYPO3 ...)
	{DSA-1711-1}
	- typo3-src 4.2.4-1
CVE-2009-0257 (Multiple cross-site scripting (XSS) vulnerabilities in TYPO3 4.0.0 ...)
	{DSA-1711-1}
	- typo3-src 4.2.4-1
CVE-2009-0258 (The Indexed Search Engine (indexed_search) system extension in TYPO3 ...)
	{DSA-1711-1}
	- typo3-src 4.2.4-1
CVE-2009-0242
	REJECTED
	- ganglia-monitor-core <not-affected> (Only affects 3.1.1 branch, currently in experimental under different name)
	- ganglia-monitor <unfixed> (low; bug #512637)
CVE-2009-0241 (Stack-based buffer overflow in the process_path function in ...)
	{DSA-1710-1}
	- ganglia-monitor-core 2.5.7-5 (medium; bug #512637)
CVE-2009-0240 (listing.php in WebSVN 2.0 and possibly 1.7 beta, when using an SVN ...)
	- websvn <unfixed> (bug #512191)
	[etch] - websvn <not-affected> (authenthication doesn't exist in that version)
CVE-2009-0239
	RESERVED
CVE-2009-0238
	RESERVED
CVE-2009-0237
	RESERVED
CVE-2009-0236
	RESERVED
CVE-2009-0235
	RESERVED
CVE-2009-0234
	RESERVED
CVE-2009-0233
	RESERVED
CVE-2009-0232
	RESERVED
CVE-2009-0231
	RESERVED
CVE-2009-0230
	RESERVED
CVE-2009-0229
	RESERVED
CVE-2009-0228
	RESERVED
CVE-2009-0227
	RESERVED
CVE-2009-0226
	RESERVED
CVE-2009-0225
	RESERVED
CVE-2009-0224
	RESERVED
CVE-2009-0223
	RESERVED
CVE-2009-0222
	RESERVED
CVE-2009-0221
	RESERVED
CVE-2009-0220
	RESERVED
CVE-2009-0219 (The PDF distiller in the Attachment Service in Research in Motion ...)
	NOT-FOR-US: BlackBerry
CVE-2009-0218
	RESERVED
CVE-2009-0217
	RESERVED
CVE-2009-0216
	RESERVED
CVE-2009-0215
	RESERVED
CVE-2009-0214
	RESERVED
CVE-2009-0213
	RESERVED
CVE-2009-0212
	RESERVED
CVE-2009-0211
	RESERVED
CVE-2009-0210
	RESERVED
CVE-2009-0209
	RESERVED
CVE-2009-0208
	RESERVED
CVE-2009-0207
	RESERVED
CVE-2009-0206
	RESERVED
CVE-2009-0205
	RESERVED
CVE-2009-0204 (Cross-site scripting (XSS) vulnerability in HP Select Access 6.1 and ...)
	TODO: check
CVE-2009-0203
	RESERVED
CVE-2009-0202
	RESERVED
CVE-2009-0201
	RESERVED
CVE-2009-0200
	RESERVED
CVE-2009-0199
	RESERVED
CVE-2009-0198
	RESERVED
CVE-2009-0197
	RESERVED
CVE-2009-0196
	RESERVED
CVE-2009-0195
	RESERVED
CVE-2009-0194
	RESERVED
CVE-2009-0193
	RESERVED
CVE-2009-0192
	RESERVED
CVE-2009-0191
	RESERVED
CVE-2009-0190
	RESERVED
CVE-2009-0189
	RESERVED
CVE-2009-0188
	RESERVED
CVE-2009-0187
	RESERVED
CVE-2009-0186
	RESERVED
CVE-2009-0185
	RESERVED
CVE-2009-0184 (Multiple buffer overflows in the torrent parsing implementation in ...)
	TODO: check
CVE-2009-0183 (Stack-based buffer overflow in Remote Control Server in Free Download ...)
	TODO: check
CVE-2009-0182 (Buffer overflow in VUPlayer 2.49 and earlier allows user-assisted ...)
	NOT-FOR-US: VUPlayer
CVE-2009-0181 (Buffer overflow in VUPlayer allows user-assisted attackers to have an ...)
	NOT-FOR-US: VUPlayer
CVE-2009-0180 (Certain Fedora build scripts for nfs-utils before 1.1.2-9.fc9 on ...)
	NOT-FOR-US: Fedora specific issue
CVE-2009-0179 (libmikmod 3.1.11 through 3.2.0, as used by MikMod and possibly other ...)
	- libmikmod <unfixed> (low; bug #476339)
CVE-2009-0178 (Unspecified vulnerability in IBM Hardware Management Console (HMC) 7 ...)
	NOT-FOR-US: IBM Hardware Management Console
CVE-2009-0177 (vmwarebase.dll, as used in the vmware-authd service (aka ...)
	NOT-FOR-US: vmware-authd
CVE-2009-0176 (Multiple heap-based buffer overflows in the PDF distiller in the ...)
	NOT-FOR-US: Attachment Service in Research in Motion
CVE-2009-0175 (Heap-based buffer overflow in Heathco Software MP3 TrackMaker 1.5 ...)
	NOT-FOR-US: Heathco Software MP3 TrackMaker
CVE-2009-0174 (Stack-based buffer overflow in VUPlayer 2.49 allows remote attackers ...)
	NOT-FOR-US: VUPlayer
CVE-2008-5920 (The create_anchors function in utils.inc in WebSVN 1.x allows remote ...)
	- websvn 1.61-21 (bug #503330)
CVE-2008-5917 (Cross-site scripting (XSS) vulnerability in the XSS filter ...)
	- horde3 3.2.2+debian0-2 (bug #512592)
CVE-2008-5916 (gitweb/gitweb.perl in gitweb in Git 1.6.x before 1.6.0.6, 1.5.6.x ...)
	{DSA-1708-1}
	- git-core 1:1.5.6.5-2 (low)
CVE-2008-5915 (An unspecified function in the JavaScript implementation in Google ...)
	NOT-FOR-US: Google
CVE-2008-5914 (An unspecified function in the JavaScript implementation in Apple ...)
	NOT-FOR-US: Apple
CVE-2008-5913 (An unspecified function in the JavaScript implementation in Mozilla ...)
	TODO: check when MFSA is issued
CVE-2008-5912 (An unspecified function in the JavaScript implementation in Microsoft ...)
	NOT-FOR-US: Microsoft
CVE-2008-5911 (Multiple buffer overflows in RealNetworks Helix Server and Helix ...)
	NOT-FOR-US: RealNetworks Helix
CVE-2007-6720 (libmikmod 3.1.9 through 3.2.0, as used by MikMod, SDL-mixer, and ...)
	- libmikmod <unfixed> (low; bug #461519)
	- sdl-mixer1.2 1.2.8-1 (low; bug #422021)
CVE-2009-0173 (Unspecified vulnerability in the server in IBM DB2 9.1 before FP6a and ...)
	NOT-FOR-US: IBM DB2
CVE-2009-0172 (Unspecified vulnerability in IBM DB2 9.1 before FP6a and 9.5 before ...)
	NOT-FOR-US: IBM DB2 9.1
CVE-2009-0171 (The Sun SPARC Enterprise M4000 and M5000 Server, within a certain ...)
	NOT-FOR-US: Sun SPARC Enterprise M4000 and M5000 Server
CVE-2009-0170 (Sun Java System Access Manager 6.3 2005Q1, 7 2005Q4, and 7.1 allows ...)
	TODO: check
CVE-2009-0169 (Sun Java System Access Manager 7.1 allows remote authenticated ...)
	TODO: check
CVE-2009-0168 (Unspecified vulnerability in ppdmgr in Sun Solaris 10 and OpenSolaris ...)
	NOT-FOR-US: ppdmgr in Sun Solaris 10 and OpenSolaris
CVE-2009-0167 (Unspecified vulnerability in lpadmin in Sun Solaris 10 and OpenSolaris ...)
	NOT-FOR-US: lpadmin in Sun Solaris 10 and OpenSolaris
CVE-2009-0166
	RESERVED
CVE-2009-0165
	RESERVED
CVE-2009-0164
	RESERVED
CVE-2009-0163
	RESERVED
CVE-2009-0162
	RESERVED
CVE-2009-0161
	RESERVED
CVE-2009-0160
	RESERVED
CVE-2009-0159
	RESERVED
CVE-2009-0158
	RESERVED
CVE-2009-0157
	RESERVED
CVE-2009-0156
	RESERVED
CVE-2009-0155
	RESERVED
CVE-2009-0154
	RESERVED
CVE-2009-0153
	RESERVED
CVE-2009-0152
	RESERVED
CVE-2009-0151
	RESERVED
CVE-2009-0150
	RESERVED
CVE-2009-0149
	RESERVED
CVE-2009-0148
	RESERVED
CVE-2009-0147
	RESERVED
CVE-2009-0146
	RESERVED
CVE-2009-0145
	RESERVED
CVE-2009-0144
	RESERVED
CVE-2009-0143
	RESERVED
CVE-2009-0142
	RESERVED
CVE-2009-0141
	RESERVED
CVE-2009-0140
	RESERVED
CVE-2009-0139
	RESERVED
CVE-2009-0138
	RESERVED
CVE-2009-0137
	RESERVED
CVE-2009-0134 (Insecure method vulnerability in the EasyGrid.SGCtrl.32 ActiveX ...)
	NOT-FOR-US: EasyGrid.SGCtrl.32 ActiveX control
CVE-2008-5910 (Unspecified vulnerability in txzonemgr in Sun OpenSolaris has unknown ...)
	NOT-FOR-US: txzonemgr in Sun OpenSolaris
CVE-2008-5909 (Unspecified vulnerability in conv_lpd in Sun OpenSolaris has unknown ...)
	NOT-FOR-US: conv_lpd in Sun OpenSolaris
CVE-2008-5908 (Unspecified vulnerability in the root/boot archive tool in Sun ...)
	NOT-FOR-US: root/boot archive tool in Sun OpenSolaris
CVE-2009-0135 (Multiple integer overflows in the Audible::Tag::readTag function in ...)
	{DSA-1706-1}
	- amarok 1.4.10-2 (medium)
CVE-2009-0136 (Multiple array index errors in the Audible::Tag::readTag function in ...)
	{DSA-1706-1}
	- amarok 1.4.10-2 (medium)
CVE-2009-0133 (Buffer overflow in Microsoft HTML Help Workshop 4.74 and earlier ...)
	NOT-FOR-US: Microsoft HTML Help Workshop
CVE-2009-0132 (Integer overflow in the aio_suspend function in Sun Solaris 8 through ...)
	NOT-FOR-US: Solaris
CVE-2009-0131 (The UFS implementation in the kernel in Sun OpenSolaris snv_29 through ...)
	NOT-FOR-US: UFS in OpenSolaris
CVE-2009-0130 (** DISPUTED ** lib/crypto/c_src/crypto_drv.c in erlang does not ...)
	- erlang <unfixed> (unimportant; bug #511520)
	NOTE: the return value is passed to the caller (lib/crypto/src/crypto.erl) which
	NOTE: only return success in case of DSA_do_verify returning 1 and failure otherwise
	NOTE: this is likely to be rejected
CVE-2009-0129 (libcrypt-openssl-dsa-perl does not properly check the return value ...)
	- libcrypt-openssl-dsa-perl 0.13-4 (bug #511519)
CVE-2009-0128 (plugins/crypto/openssl/crypto_openssl.c in Simple Linux Utility for ...)
	{DTSA-185-1}
	- slurm-llnl 1.3.13-1 (bug #511511)
CVE-2009-0127 (** DISPUTED ** M2Crypto does not properly check the return value from ...)
	- m2crypto <unfixed> (bug #511515)
CVE-2009-0126 (The decrypt_public function in lib/crypt.cpp in the client in Berkeley ...)
	- boinc 6.2.14-3 (bug #511521)
CVE-2009-0125 (** DISPUTED ** ...)
	- libnasl <unfixed> (unimportant; bug #511517)
CVE-2009-0124 (The tqsl_verifyDataBlock function in openssl_cert.cpp in American ...)
	- tqsllib 2.0-8 (bug #511509)
CVE-2009-0123 (Unspecified vulnerability in Apple Safari on Mac OS X 10.5 and Windows ...)
	NOT-FOR-US: Apple Safari
CVE-2009-0122 (hplip.postinst in HP Linux Imaging and Printing (HPLIP) 2.7.7 and ...)
	- hplip <not-affected> (only a bug in ubuntus postinst script, we use our own postinst which is not vulnerable)
CVE-2008-5907 (The png_check_keyword function in pngwutil.c in libpng before 1.0.42, ...)
	- libpng <unfixed> (unimportant; bug #512665)
CVE-2008-5906 (Eval injection vulnerability in the web interface plugin in KTorrent ...)
	- ktorrent2.2 2.2.8.dfsg.1-1 (bug #504178)
	- ktorrent 3.1.4+dfsg.1-1
	[etch] - ktorrent <not-affected> (Doesn't include the web interface)
CVE-2008-5905 (The web interface plugin in KTorrent before 3.1.4 allows remote ...)
	- ktorrent2.2 2.2.8.dfsg.1-1 (bug #504178)
	- ktorrent 3.1.4+dfsg.1-1
	[etch] - ktorrent <not-affected> (Doesn't include the web interface)
CVE-2009-XXXX [unspecified multiple Drupal vulnerabilies, likely some overlap with the next temp entry]
	- drupal6 6.6-3
CVE-2009-XXXX [unspecified Drupal SQL injection]
	- drupal5 5.15-1
CVE-2009-0121 (SQL injection vulnerability in frontpage.php in Goople CMS 1.8.2 ...)
	NOT-FOR-US: Goople CMS
CVE-2009-0120 (The IBM WebSphere DataPower XML Security Gateway XS40 with firmware ...)
	NOT-FOR-US: Web Sphere
CVE-2009-0119 (Buffer overflow in Microsoft Windows XP SP3 allows remote attackers to ...)
	NOT-FOR-US: Windows
CVE-2009-0118
	RESERVED
CVE-2003-1567 (The undocumented TRACK method in Microsoft Internet Information ...)
	NOT-FOR-US: IIS
CVE-2003-1566 (Microsoft Internet Information Services (IIS) 5.0 does not log ...)
	NOT-FOR-US: IIS
CVE-1999-1593 (Windows Internet Naming Service (WINS) allows remote attackers to ...)
	NOT-FOR-US: Windows
CVE-2009-0117
	RESERVED
CVE-2009-0116
	RESERVED
CVE-2009-0115
	RESERVED
CVE-2008-5901 (iyzi Forum 1.0 beta 3 stores sensitive information under the web root ...)
	NOT-FOR-US: iyzi Forum
CVE-2008-5900 (CodeAvalanche Articles stores sensitive information under the web root ...)
	NOT-FOR-US: CodeAvalanche Articles
CVE-2008-5899 (CodeAvalanche FreeForAll stores sensitive information under the web ...)
	NOT-FOR-US: CodeAvalanche FreeForAll
CVE-2008-5898 (CodeAvalanche Directory stores sensitive information under the web ...)
	NOT-FOR-US: CodeAvalanche Directory
CVE-2008-5897 (CodeAvalanche FreeWallpaper stores sensitive information under the web ...)
	NOT-FOR-US: CodeAvalanche FreeWallpaper
CVE-2008-5896 (CodeAvalanche RateMySite stores sensitive information under the web ...)
	NOT-FOR-US: CodeAvalanche RateMySite
CVE-2008-5895 (SQL injection vulnerability in connection.php in Mediatheka 4.2 and ...)
	NOT-FOR-US: Mediatheka
CVE-2008-5894 (Directory traversal vulnerability in index.php in Mediatheka 4.2 ...)
	NOT-FOR-US: Mediatheka
CVE-2008-5893 (Cross-site scripting (XSS) vulnerability in admin_dblayers.asp in ...)
	NOT-FOR-US: ClickAndEmail
CVE-2008-5892 (Multiple SQL injection vulnerabilities in ClickAndEmail allow remote ...)
	NOT-FOR-US: ClickAndEmail
CVE-2008-5891 (Cross-site scripting (XSS) vulnerability in the profile editing ...)
	NOT-FOR-US: Injader
CVE-2008-5890 (SQL injection vulnerability in feeds.php in Injader before 2.1.2 ...)
	NOT-FOR-US: Injader
CVE-2008-5889 (Cross-site scripting (XSS) vulnerability in user.asp in Click&amp;Rank ...)
	NOT-FOR-US: Click&Rank
CVE-2008-5888 (Multiple SQL injection vulnerabilities in Click&amp;Rank allow remote ...)
	NOT-FOR-US: Click&Rank
CVE-2008-5887 (phplist before 2.10.8 allows remote attackers to include files via ...)
	NOT-FOR-US: phplist
CVE-2008-5886 (TAKempis Discussion Web 4.0 stores sensitive information under the web ...)
	NOT-FOR-US: TAKempis Discussion Web
CVE-2008-5885 (The Net Guys ASPired2Quote stores sensitive information under the web ...)
	NOT-FOR-US: Net Guys ASPired2Quote
CVE-2008-5884 (AyeView 2.20 allows user-assisted attackers to cause a denial of ...)
	NOT-FOR-US: AyeView
CVE-2008-5883 (Absolute path traversal vulnerability in front-end/dir.php in mini-pub ...)
	NOT-FOR-US: mini-pub
CVE-2008-5904 (The rdp_rdp_process_color_pointer_pdu function in rdp/rdp_rdp.c in ...)
	- xrdp 0.4.0~dfsg-9 (bug #511641)
CVE-2008-5903 (Array index error in the xrdp_bitmap_def_proc function in xrdp/funcs.c ...)
	- xrdp 0.4.0~dfsg-9 (bug #511641)
CVE-2008-5902 (Buffer overflow in the xrdp_bitmap_invalidate function in ...)
	- xrdp 0.4.0~dfsg-9 (bug #511641)
CVE-2008-6005 (Multiple buffer overflows in the CheckUniqueName function in W3C Amaya ...)
	- amaya <unfixed> (medium; bug #507587)
	NOTE: different vector than described in CVE-2008-5282, see 507587#15
CVE-2009-XXXX [openslp: insecure cert validation through openssl api misuse]
	- openslp-dfsg <not-affected> (Debian's openslp doesn't build with SSL support)
CVE-2009-0114
	RESERVED
CVE-2009-0113 (Directory traversal vulnerability in attachmentlibrary.php in the ...)
	NOT-FOR-US: Joomla! component
CVE-2009-0112 (Cross-site request forgery (CSRF) vulnerability in ...)
	NOT-FOR-US: PollPro
CVE-2009-0111 (SQL injection vulnerability in frontpage.php in Goople CMS 1.8.2 and ...)
	NOT-FOR-US: Goople CMS
CVE-2009-0110 (SQL injection vulnerability in read.php in RiotPix 0.61 and earlier ...)
	NOT-FOR-US: RiotPix
CVE-2009-0109 (SQL injection vulnerability in index.php in RiotPix 0.61 and earlier ...)
	NOT-FOR-US: RiotPix
CVE-2009-0108 (PHPAuctions (aka PHPAuctionSystem) allows remote attackers to bypass ...)
	NOT-FOR-US: PHPAuctions
CVE-2009-0107 (Cross-site scripting (XSS) vulnerability in profile.php in PHPAuctions ...)
	NOT-FOR-US: PHPAuctions
CVE-2009-0106 (SQL injection vulnerability in profile.php in PHPAuctions (aka ...)
	NOT-FOR-US: PHPAuctions
CVE-2009-0105 (Cross-site scripting (XSS) vulnerability in index.php in EZpack 4.2b2 ...)
	NOT-FOR-US: EZpack
CVE-2009-0104 (SQL injection vulnerability in index.php in EZpack 4.2b2 allows remote ...)
	NOT-FOR-US: EZpack
CVE-2009-0103 (Multiple PHP remote file inclusion vulnerabilities in playSMS 0.9.3 ...)
	NOT-FOR-US: playSMS
CVE-2008-5882 (SQL injection vulnerability in login.asp in Citrix Application Gateway ...)
	NOT-FOR-US: Citrix
CVE-2008-5881 (Multiple directory traversal vulnerabilities in playSMS 0.9.3 allow ...)
	NOT-FOR-US: playSMS
CVE-2009-0102
	RESERVED
CVE-2009-0101
	RESERVED
CVE-2009-0100
	RESERVED
CVE-2009-0099
	RESERVED
CVE-2009-0098
	RESERVED
CVE-2009-0097
	RESERVED
CVE-2009-0096
	RESERVED
CVE-2009-0095
	RESERVED
CVE-2009-0094
	RESERVED
CVE-2009-0093
	RESERVED
CVE-2009-0092
	RESERVED
CVE-2009-0091
	RESERVED
CVE-2009-0090
	RESERVED
CVE-2009-0089
	RESERVED
CVE-2009-0088
	RESERVED
CVE-2009-0087
	RESERVED
CVE-2009-0086
	RESERVED
CVE-2009-0085
	RESERVED
CVE-2009-0084
	RESERVED
CVE-2009-0083
	RESERVED
CVE-2009-0082
	RESERVED
CVE-2009-0081
	RESERVED
CVE-2009-0080
	RESERVED
CVE-2009-0079
	RESERVED
CVE-2009-0078
	RESERVED
CVE-2009-0077
	RESERVED
CVE-2009-0076
	RESERVED
CVE-2009-0075
	RESERVED
CVE-2009-0074
	RESERVED
CVE-2009-0073
	RESERVED
CVE-2009-0072 (Microsoft Internet Explorer 6.0 through 8.0 beta2 allows remote ...)
	NOT-FOR-US: Internet Explorer
CVE-2009-0071 (Mozilla Firefox 3.0.5 and earlier 3.0.x versions, when designMode is ...)
	- iceweasel <unfixed> (unimportant)
	NOTE: Browser crashes not treated as security issues
CVE-2009-0070 (Integer signedness error in Apple Safari allows remote attackers to ...)
	NOT-FOR-US: Apple Safari
CVE-2008-5880 (admin/auth.php in Gobbl CMS 1.0 allows remote attackers to bypass ...)
	NOT-FOR-US: Gobbl CMS
CVE-2008-5879 (Cross-site scripting (XSS) vulnerability in index.php in ...)
	NOT-FOR-US: Phpclanwebsite
CVE-2008-5878 (Multiple directory traversal vulnerabilities in Phpclanwebsite (aka ...)
	NOT-FOR-US: Phpclanwebsite
CVE-2008-5877 (Multiple SQL injection vulnerabilities in Phpclanwebsite (aka PCW) ...)
	NOT-FOR-US: Phpclanwebsite
CVE-2008-5876 (Buffer overflow in Irrlicht before 1.5 allows remote attackers to ...)
	NOT-FOR-US: Irrlicht engine
CVE-2008-5875 (SQL injection vulnerability in the com_lowcosthotels component in the ...)
	NOT-FOR-US: Hotel Booking Reservation System for Joomla
CVE-2008-5874 (Multiple SQL injection vulnerabilities in the Hotel Booking ...)
	NOT-FOR-US: Hotel Booking Reservation System for Joomla
CVE-2008-5873 (Yerba SACphp 6.3 and earlier allows remote attackers to bypass ...)
	NOT-FOR-US: Yerba
CVE-2008-5872 (Multiple unspecified vulnerabilities in the UNIStim File Transfer ...)
	NOT-FOR-US: Nortel Multimedia Communication Server
CVE-2008-5871 (Nortel Multimedia Communication Server (MSC) 5100 3.0.13 does not ...)
	NOT-FOR-US: Nortel Multimedia Communication Server
CVE-2008-5870 (FastStone Image Viewer 3.6 allows user-assisted attackers to cause a ...)
	NOT-FOR-US: FastStone Image Viewer
CVE-2008-5869 (Cross-site scripting (XSS) vulnerability in the Proxim Wireless ...)
	NOT-FOR-US: Proxim Wireless Tsunami
CVE-2008-5868 (Stack-based buffer overflow in IntelliTamper 2.07 and 2.08 allows ...)
	NOT-FOR-US: IntelliTamper 
CVE-2009-0069 (Unspecified vulnerability in the nfs4rename_persistent_fh function in ...)
	NOT-FOR-US: Solaris
CVE-2009-0068 (Interaction error in xdg-open allows remote attackers to execute ...)
	TODO: check
CVE-2009-0067
	RESERVED
CVE-2009-0066 (Multiple unspecified vulnerabilities in Intel system software for ...)
	TODO: will be presented at Black Hat
CVE-2009-0065 (Buffer overflow in net/sctp/sm_statefuns.c in the Stream Control ...)
	- linux-2.6 2.6.26-14
	- linux-2.6.24 <removed>
CVE-2009-0064
	RESERVED
CVE-2009-0063
	RESERVED
CVE-2009-0062 (Unspecified vulnerability in the Cisco Wireless LAN Controller (WLC), ...)
	TODO: check
CVE-2009-0061 (Unspecified vulnerability in the Wireless LAN Controller (WLC) TSEC ...)
	TODO: check
CVE-2009-0060
	RESERVED
CVE-2009-0059 (The Cisco Wireless LAN Controller (WLC), Cisco Catalyst 6500 Wireless ...)
	TODO: check
CVE-2009-0058 (The Cisco Wireless LAN Controller (WLC), Cisco Catalyst 6500 Wireless ...)
	TODO: check
CVE-2009-0057 (The Certificate Authority Proxy Function (CAPF) service in Cisco ...)
	NOT-FOR-US: Cisco
CVE-2009-0056 (Cross-site request forgery (CSRF) vulnerability in the administration ...)
	NOT-FOR-US: Cisco IronPort Encryption Appliance
CVE-2009-0055 (Cross-site request forgery (CSRF) vulnerability in the administration ...)
	NOT-FOR-US: Cisco IronPort Encryption Appliance
CVE-2009-0054 (PXE Encryption in Cisco IronPort Encryption Appliance 6.2.4 before ...)
	NOT-FOR-US: Cisco IronPort Encryption Appliance
CVE-2009-0053 (PXE Encryption in Cisco IronPort Encryption Appliance 6.2.4 before ...)
	NOT-FOR-US: Cisco IronPort Encryption Appliance
CVE-2009-0052
	RESERVED
CVE-2009-0051 (ZXID 0.29 and earlier does not properly check the return value from ...)
	NOT-FOR-US: ZXID
CVE-2009-0050 (Lasso 2.2.1 and earlier does not properly check the return value from ...)
	{DSA-1700-1}
	- lasso 2.2.1-2 (bug #511262)
CVE-2009-0049 (Belgian eID middleware (eidlib) 2.6.0 and earlier does not properly ...)
	- belpic 2.6.0-6 (bug #511261)
CVE-2009-0048 (OpenEvidence 1.0.6 and earlier does not properly check the return ...)
	NOT-FOR-US: OpenEvidence
CVE-2009-0047 (Gale 0.99 and earlier does not properly check the return value from ...)
	NOT-FOR-US: Gale
CVE-2009-0046 (Sun GridEngine 5.3 and earlier does not properly check the return ...)
	NOT-FOR-US: Sun GridEngine
CVE-2009-0045
	RESERVED
CVE-2009-0044
	RESERVED
CVE-2009-0043 (The smmsnmpd service in CA Service Metric Analysis r11.0 through r11.1 ...)
	NOT-FOR-US: CA Service Metric Analysis r11.0 through r11.1 SP1 and Service
CVE-2009-0042 (Multiple unspecified vulnerabilities in the Arclib library ...)
	NOT-FOR-US: CA Anti-Virus
CVE-2009-0041 (IAX2 in Asterisk Open Source 1.2.x before 1.2.31, 1.4.x before ...)
	- asterisk <unfixed> (low; bug filed)
	[etch] - asterisk <no-dsa> (Minor issue)
CVE-2008-5867 (Directory traversal vulnerability in Yerba SACphp 6.3 allows remote ...)
	NOT-FOR-US: Yerba
CVE-2008-5866 (The Proxim Wireless Tsunami MP.11 2411 with firmware 3.0.3 has public ...)
	NOT-FOR-US: Proxim Wireless Tsunami
CVE-2008-5865 (SQL injection vulnerability in the com_hbssearch component 1.0 in the ...)
	NOT-FOR-US: Hotel Booking Reservation System for Joomla
CVE-2008-5864 (SQL injection vulnerability in the Top Hotel (com_tophotelmodule) ...)
	NOT-FOR-US: Hotel Booking Reservation System for Joomla
CVE-2008-5863 (SQL injection vulnerability in locator.php in the Userlocator module ...)
	NOT-FOR-US: Module for Woltlab Burning Board
CVE-2008-5862 (Directory traversal vulnerability in webcamXP 5.3.2.375 and 5.3.2.410 ...)
	NOT-FOR-US: webcamXP
CVE-2008-5861 (Directory traversal vulnerability in source.php in FreeLyrics 1.0 ...)
	NOT-FOR-US: FreeLyrics
CVE-2008-5860 (Directory traversal vulnerability in backend/template.php in ...)
	NOT-FOR-US: Constructr CMS
CVE-2008-5859 (SQL injection vulnerability in index.php in Constructr CMS 3.02.5 and ...)
	NOT-FOR-US: Constructr CMS
CVE-2008-5858 (Multiple cross-site scripting (XSS) vulnerabilities in KnowledgeTree ...)
	NOT-FOR-US: KnowledgeTree
CVE-2008-5857 (The DropDocuments plugin in KnowledgeTree before 3.5.4a allows remote ...)
	NOT-FOR-US: KnowledgeTree
CVE-2008-5856 (Directory traversal vulnerability in scripts/export.php in ClaSS ...)
	NOT-FOR-US: ClaSS
CVE-2008-5855 (myPHPscripts Login Session 2.0 stores sensitive information under the ...)
	NOT-FOR-US: myPHPscripts Login Session
CVE-2008-5854 (Multiple cross-site scripting (XSS) vulnerabilities in login.php in ...)
	NOT-FOR-US: myPHPscripts Login Session
CVE-2008-5853 (Chilek Content Management System (aka ChiCoMaS) 2.0.4 and earlier ...)
	NOT-FOR-US: ChoCoMaS
CVE-2008-5852 (Emefa Guestbook 3.0 stores sensitive information under the web root ...)
	NOT-FOR-US: Emefa Guestbook
CVE-2008-5851 (SQL injection vulnerability in index.php in My PHP Baseball Stats ...)
	NOT-FOR-US: My PHP Baseball Stats
CVE-2008-5850
	REJECTED
CVE-2008-5849 (Check Point VPN-1 R55, R65, and other versions, when Port Address ...)
	NOT-FOR-US: Check Point
CVE-2008-5848 (The Advantech ADAM-6000 module has 00000000 as its default password, ...)
	NOT-FOR-US: Advantech ADAM-6000 module
CVE-2008-5847 (Constructr CMS 3.02.5 and earlier stores passwords in cleartext in a ...)
	NOT-FOR-US: Constructr CMS
CVE-2008-5846 (Six Apart Movable Type (MT) before 4.23 allows remote authenticated ...)
	- movabletype-opensource 4.2.3-1 (low)
CVE-2008-5845 (Multiple cross-site scripting (XSS) vulnerabilities in Six Apart ...)
	- movabletype-opensource 4.2.3-1 (low)
CVE-2008-5844 (PHP 5.2.7 contains an incorrect change to the FILTER_UNSAFE_RAW ...)
	- php5 <not-affected> (vulnerable code introduced in 5.2.7, we have 5.2.6 and 5.2.8 was released in the meantime)
	[etch] - php4 <not-affected> (vulnerable code introduced in php5 5.2.7)
CVE-2008-5843 (Multiple untrusted search path vulnerabilities in pdfjam allow local ...)
	- pdfjam <not-affected> (the debian package sets pdflatex and thus dirname can't result in returning .)
	NOTE: it is also not possible to include a crafted sed or pdflatex executable in the pdflatex call
	NOTE: as our version uses random names, see #510584
CVE-2008-5842 (Multiple cross-site scripting (XSS) vulnerabilities in Fujitsu-Siemens ...)
	NOT-FOR-US: Fujitsu-Siemens WebTransactions
CVE-2004-2761 (The MD5 Message-Digest Algorithm is not collision resistant, which ...)
	NOT-FOR-US: General MD5 weakness, doesn't need to tracked package-wise
CVE-2008-XXXX [auctex insecure temp file]
	- auctex 11.83-7.3 (low; bug #506961)
	[etch] - auctex <no-dsa> (Minor issue)
CVE-2008-5841 (Multiple SQL injection vulnerabilities in iGaming 1.5 and earlier ...)
	NOT-FOR-US: iGaming
CVE-2008-5840 (PHP iCalendar 2.24 and earlier allows remote attackers to bypass ...)
	- phpicalendar <unfixed> (bug #513517)
CVE-2008-5839 (Buffer overflow in Foxmail 6.5 allows remote attackers to execute ...)
	NOT-FOR-US: Foxmail
CVE-2008-5838 (SQL injection vulnerability in search_results.php in E-Php Scripts ...)
	NOT-FOR-US: E-Php Scripts E-Shop Shopping Cart
CVE-2008-5837
	RESERVED
CVE-2008-5836
	RESERVED
CVE-2008-5835
	RESERVED
CVE-2008-5834
	RESERVED
CVE-2008-5833
	RESERVED
CVE-2008-5832
	RESERVED
CVE-2008-5831
	RESERVED
CVE-2008-5830
	RESERVED
CVE-2008-5829
	RESERVED
CVE-2008-5828 (Microsoft Windows Live Messenger Client 8.5.1 and earlier, when MSN ...)
	NOT-FOR-US: Microsoft
CVE-2008-5827 (The Nokia 6131 Near Field Communication (NFC) phone with 05.12 ...)
	NOT-FOR-US: Nokia Firmware
CVE-2008-5826 (The Nokia 6131 Near Field Communication (NFC) phone with 05.12 ...)
	NOT-FOR-US: Nokia Firmware
CVE-2008-5825 (The SmartPoster implementation on the Nokia 6131 Near Field ...)
	NOT-FOR-US: Nokia Firmware
CVE-2008-5823 (An ActiveX control in prtstb06.dll in Microsoft Money 2006, when used ...)
	NOT-FOR-US: Microsoft Money
CVE-2008-5822 (Memory leak in Libxul, as used in Mozilla Firefox 3.0.5 and other ...)
	- xulrunner <unfixed> (unimportant)
	NOTE: Just a crash, no security impact
CVE-2008-5821 (Memory leak in WebKit.dll in WebKit, as used by Apple Safari 3.2 on ...)
	NOT-FOR-US: Webkit on Windows
CVE-2008-5820 (SQL injection vulnerability in eDNews_view.php in eDreamers eDNews 2 ...)
	NOT-FOR-US: eDreamers eDNews
CVE-2008-5819 (Directory traversal vulnerability in eDNews_archive.php in eDreamers ...)
	NOT-FOR-US: eDreamers eDNews
CVE-2008-5818 (Directory traversal vulnerability in index.php in eDreamers ...)
	NOT-FOR-US: eDreamers eDNews
CVE-2008-5817 (Multiple SQL injection vulnerabilities in index.php in Web Scribble ...)
	NOT-FOR-US: Web Scribble Solutions webClassifieds
CVE-2008-5816 (SQL injection vulnerability in repository.php in ILIAS 3.7.4 and ...)
	NOT-FOR-US: ILIAS
CVE-2008-5815 (SQL injection vulnerability in Acomment.php in phpAlumni allows remote ...)
	NOT-FOR-US: phpAlumni
CVE-2008-5814 (Cross-site scripting (XSS) vulnerability in PHP, possibly 5.2.7 and ...)
	- php5 <unfixed> (low)
	TODO: check php4
	NOTE: there's not enough information available, no known bug, no known fix
CVE-2008-5813 (SQL injection vulnerability in inc/rubriques.php in SPIP 1.8 before ...)
	NOT-FOR-US: SPIP
CVE-2008-5812 (Multiple unspecified vulnerabilities in SPIP 1.8 before 1.8.3b, 1.9 ...)
	NOT-FOR-US: SPIP
CVE-2008-5811 (SQL injection vulnerability in the PaxGallery (com_paxgallery) ...)
	NOT-FOR-US: joomla
CVE-2008-5810 (WBPublish (aka WBPublish.exe) in Fujitsu-Siemens WebTransactions 7.0, ...)
	NOT-FOR-US: Fujitsu-Siemens WebTransactions
CVE-2008-5809 (futomi CGI Cafe Access Analyzer CGI Standard 4.0.1 and earlier and ...)
	NOT-FOR-US: futomi CGI Cafe Access Analyzer CGI Standard
CVE-2008-5808 (Cross-site scripting (XSS) vulnerability in Six Apart Movable Type ...)
	NOT-FOR-US: Six Apart Movable Type Enterprise
CVE-2006-7236 (The default configuration of xterm on Debian GNU/Linux sid and ...)
	{DTSA-182-1}
	- xterm 238-1 (medium; bug #510030)
	[etch] - xterm <not-affected> (allowWindowOps disabled in configuration)
	NOTE: Somewhat mitigated by a filter for control characters in
	NOTE: post-etch versions.
CVE-2008-5807 (Multiple cross-site scripting (XSS) vulnerabilities in TestLink before ...)
	NOT-FOR-US: TestLink
CVE-2008-5806 (SQL injection vulnerability in login.php in DeltaScripts PHP ...)
	NOT-FOR-US: DeltaScripts PHP Classifieds
CVE-2008-5805 (SQL injection vulnerability in detail.php in DeltaScripts PHP ...)
	NOT-FOR-US: DeltaScripts PHP Classifieds
CVE-2008-5804 (SQL injection vulnerability in admin/admin_catalog.php in e-topbiz ...)
	NOT-FOR-US: e-topbiz Number Links 1 Php Script
CVE-2008-5803 (SQL injection vulnerability in admin/login.php in E-topbiz Online ...)
	NOT-FOR-US: E-topbiz
CVE-2008-5802 (SQL injection vulnerability in index.php in E-topbiz Online Store 1.0 ...)
	NOT-FOR-US: E-topbiz
CVE-2008-5801 (Unspecified vulnerability in the Dictionary (rtgdictionary) extension ...)
	NOT-FOR-US: Dictionary (rtgdictionary) extension for TYPO3
CVE-2008-5800 (SQL injection vulnerability in the Wir ber uns [sic] (fsmi_people) ...)
	NOT-FOR-US: fsmi_people extension for TYPO3
CVE-2008-5799 (Cross-site scripting (XSS) vulnerability in the Wir ber uns [sic] ...)
	NOT-FOR-US: fsmi_people extension for TYPO3
CVE-2008-5798 (SQL injection vulnerability in the CMS Poll system (cms_poll) ...)
	NOT-FOR-US: CMS Poll system for TYPO3
CVE-2008-5797 (SQL injection vulnerability in the advCalendar extension 0.3.1 and ...)
	NOT-FOR-US: advCalendar extension for TYPO3
CVE-2008-5796 (SQL injection vulnerability in the eluna Page Comments ...)
	NOT-FOR-US: Page Comments extension for TYPO3
CVE-2008-5795 (Cross-site scripting (XSS) vulnerability in the eluna Page Comments ...)
	NOT-FOR-US: Page Comments extension for TYPO3
CVE-2008-5794 (Directory traversal vulnerability in system/admin/images.php in ...)
	NOT-FOR-US: LoveCMS
CVE-2008-5793 (Multiple PHP remote file inclusion vulnerabilities in the Clickheat - ...)
	NOT-FOR-US: Clickheat - Heatmap stats (com_clickheat) component 1.0.1 for Joomla!
CVE-2008-5792 (PHP remote file inclusion vulnerability in show_joined.php in ...)
	NOT-FOR-US: Indiscripts Enthusiast
CVE-2008-5791 (Multiple unspecified vulnerabilities in PrestaShop e-Commerce Solution ...)
	NOT-FOR-US: PrestaShop e-Commerce Solution
CVE-2008-5790 (Multiple PHP remote file inclusion vulnerabilities in the ...)
	NOT-FOR-US: Recly!Competitions (com_competitions) component 1.0 for Joomla!
CVE-2008-5789 (Multiple PHP remote file inclusion vulnerabilities in the Recly ...)
	NOT-FOR-US: Recly Interactive Feederator (com_feederator) component 1.0.5 for Joomla!
CVE-2008-5788 (SQL injection vulnerability in index.php in Domain Seller Pro 1.5 ...)
	NOT-FOR-US: Domain Seller
CVE-2008-5787 (Directory traversal vulnerability in mod.php in Arab Portal 2.1 on ...)
	NOT-FOR-US: Arab Portal
CVE-2008-5786 (Cross-site scripting (XSS) vulnerability in the Silva Find extension ...)
	NOT-FOR-US: Silva Find
CVE-2008-5785 (SQL injection vulnerability in V3 Chat - Profiles/Dating Script 3.0.2 ...)
	NOT-FOR-US: V3 Chat - Profiles/Dating Script
CVE-2008-5784 (V3 Chat - Profiles/Dating Script 3.0.2 allows remote attackers to ...)
	NOT-FOR-US: V3 Chat - Profiles/Dating Script
CVE-2008-5783 (admin/index.php in V3 Chat Live Support 3.0.4 allows remote attackers ...)
	NOT-FOR-US: V3 Chat
CVE-2008-5782 (SQL injection vulnerability in bannerclick.php in ZeeMatri 3.0 allows ...)
	NOT-FOR-US: ZeeMatri
CVE-2008-5781 (SQL injection vulnerability in right.php in Cant Find A Gaming CMS ...)
	NOT-FOR-US: Cant Find A Gaming CMS (CFAGCMS)
CVE-2008-5780 (Forest Blog 1.3.2 stores sensitive information under the web root with ...)
	NOT-FOR-US: Forest Blog
CVE-2008-5779 (SQL injection vulnerability in lpro.php in Free Links Directory Script ...)
	NOT-FOR-US: Free Links Directory Script
CVE-2008-5778 (SQL injection vulnerability in report.php in Free Links Directory ...)
	NOT-FOR-US: Free Links Directory Script
CVE-2008-5777 (SQL injection vulnerability in index.php in CadeNix allows remote ...)
	NOT-FOR-US: CadeNix
CVE-2008-5776 (Multiple directory traversal vulnerabilities in Aperto Blog 0.1.1 ...)
	NOT-FOR-US: Aperto Blog
CVE-2008-5775 (SQL injection vulnerability in categories.php in Aperto Blog 0.1.1 ...)
	NOT-FOR-US: Aperto Blog
CVE-2008-5774 (Multiple SQL injection vulnerabilities in ASPSiteWare HomeBuilder 1.0 ...)
	NOT-FOR-US: ASPSiteWare HomeBuilder
CVE-2008-5773 (Nukedit 4.9.8 stores sensitive information under the web root with ...)
	NOT-FOR-US: Nukedit
CVE-2008-5772 (Multiple SQL injection vulnerabilities in ASPSiteWare RealtyListings ...)
	NOT-FOR-US: ASPSiteWare RealtyListings
CVE-2008-5771 (Directory traversal vulnerability in test.php in PHP Weather 2.2.2 ...)
	NOT-FOR-US: PHP Weather
CVE-2008-5770 (Cross-site scripting (XSS) vulnerability in config/make_config.php in ...)
	NOT-FOR-US: PHP Weather
CVE-2008-5769 (Multiple cross-site scripting (XSS) vulnerabilities in Kerio ...)
	NOT-FOR-US: Kerio MailServer
CVE-2008-5768 (SQL injection vulnerability in print.php in the AM Events (aka ...)
	NOT-FOR-US: AM Events
CVE-2008-5767 (SQL injection vulnerability in authors.asp in gNews Publisher allows ...)
	NOT-FOR-US: gNews Publisher
CVE-2008-5766 (SQL injection vulnerability in download.php in Farsi Script Faupload ...)
	NOT-FOR-US: Farsi Script Faupload
CVE-2008-5765 (WorkSimple 1.2.1 stores sensitive information under the web root with ...)
	NOT-FOR-US: WorkSimple
CVE-2008-5764 (PHP remote file inclusion vulnerability in calendar.php in WorkSimple ...)
	NOT-FOR-US: WorkSimple
CVE-2008-5763 (PHP remote file inclusion vulnerability in slogin_lib.inc.php in ...)
	NOT-FOR-US: Simple Text-File Login Script (SiTeFiLo)
CVE-2008-5762 (Simple Text-File Login Script (SiTeFiLo) 1.0.6 stores sensitive ...)
	NOT-FOR-US: Simple Text-File Login Script (SiTeFiLo)
CVE-2008-5761 (Multiple cross-site scripting (XSS) vulnerabilities in FlatnuX CMS ...)
	NOT-FOR-US: FlatnuX CMS
CVE-2008-5760 (Cross-site scripting (XSS) vulnerability in error413.php in Kerio ...)
	NOT-FOR-US: Kerio MailServer
CVE-2008-5759 (Cross-site scripting (XSS) vulnerability in FlatnuX CMS (aka ...)
	NOT-FOR-US: FlatnuX CMS
CVE-2008-5758 (Cross-site request forgery (CSRF) vulnerability in PHParanoid before ...)
	NOT-FOR-US: PHParanoid
CVE-2008-5757 (Cross-site scripting (XSS) vulnerability in textarea/index.php in ...)
	- textpattern 4.0.6-1
CVE-2008-5756 (Buffer overflow in BreakPoint Software Hex Workshop 5.1.4 allows ...)
	NOT-FOR-US: BreakPoint Software Hex Workshop
CVE-2008-5755 (Stack-based buffer overflow in IntelliTamper 2.07 and 2.08 allows ...)
	NOT-FOR-US: IntelliTamper
CVE-2008-5754 (Stack-based buffer overflow in BulletProof FTP Client allows ...)
	NOT-FOR-US: BulletProof FTP Client
CVE-2008-5753 (Stack-based buffer overflow in BulletProof FTP Client 2.63 allows ...)
	NOT-FOR-US: BulletProof FTP Client
CVE-2008-5752 (Directory traversal vulnerability in getConfig.php in the Page Flip ...)
	NOT-FOR-US: Page Flip Image Gallery plugin for WordPress
CVE-2008-5751 (SQL injection vulnerability in index.php in AlstraSoft Web Email ...)
	NOT-FOR-US: AlstraSoft Web Email Script Enterprise
CVE-2008-5750 (Argument injection vulnerability in Microsoft Internet Explorer 8 beta ...)
	NOT-FOR-US: Microsoft
CVE-2008-5749 (** DISPUTED ** ...)
	NOT-FOR-US: Google Chrome
CVE-2008-5748 (Directory traversal vulnerability in plugins/spaw2/dialogs/dialog.php ...)
	NOT-FOR-US: BloofoxCMS
CVE-2008-5747 (F-Prot 4.6.8 for GNU/Linux allows remote attackers to bypass ...)
	NOT-FOR-US: F-Prot
CVE-2008-5746 (Sun SNMP Management Agent (SUNWmasf) 1.4u2 through 1.5.4 allows local ...)
	NOT-FOR-US: Sun SNMP Management Agent
CVE-2008-5745 (Integer overflow in Microsoft Windows Media Player 9, 10, and 11 ...)
	NOT-FOR-US: Microsoft
CVE-2008-5824 (Heap-based buffer overflow in msadpcm.c in libaudiofile in audiofile ...)
	- audiofile <unfixed> (medium; bug #510205)
CVE-2008-5744 (Array index error in the dahdi/tor2.c driver in Zaptel (aka DAHDI) ...)
	{DSA-1699-1}
	- zaptel 1:1.4.11~dfsg-3 (bug #510583)
CVE-2008-5743 (pdfjam creates the (1) pdf90, (2) pdfjoin, and (3) pdfnup files with a ...)
	- pdfjam 1.10-1 (low; bug #510584)
CVE-2008-5742 (Multiple open redirect vulnerabilities in AIST NetCat 3.12 and earlier ...)
	NOT-FOR-US: AIST NetCat
CVE-2008-5741
	RESERVED
CVE-2008-5740
	RESERVED
CVE-2008-5739 (SQL injection vulnerability in evb/check_url.php in Pligg CMS 9.9.5 ...)
	NOT-FOR-US: Pligg CMS
CVE-2008-5738 (Nodstrum MySQL Calendar 1.1 and 1.2 allows remote attackers to bypass ...)
	NOT-FOR-US: Nodstrum MySQL Calendar
CVE-2008-5737 (SQL injection vulnerability in index.php in Nodstrum MySQL Calendar ...)
	NOT-FOR-US: Nodstrum MySQL Calendar
CVE-2008-5736 (Multiple unspecified vulnerabilities in FreeBSD 6 before 6.4-STABLE, ...)
	- kfreebsd-6 <unfixed>
	[lenny] - kfreebsd-6 <no-dsa> (KFreebsd not supported)
	- kfreebsd-7 7.1-1
	[lenny] - kfreebsd-7 <no-dsa> (KFreebsd not supported)
CVE-2008-5735 (Stack-based buffer overflow in skin.c in CoolPlayer 2.17 through 2.19 ...)
	NOT-FOR-US: CoolPlayer
CVE-2008-5734 (Cross-site scripting (XSS) vulnerability in WebMail Pro in IceWarp ...)
	NOT-FOR-US: IceWarp Software Merak Mail Server
CVE-2008-5733 (SQL injection vulnerability in blog.php in the Team Impact TI Blog ...)
	NOT-FOR-US: Team Impact TI Blog System mod for PHP-Fusion
CVE-2008-5732 (Unrestricted file upload vulnerability in lib/image_upload.php in ...)
	NOT-FOR-US: KafooeyBlog
CVE-2008-5731 (The PGPwded device driver (aka PGPwded.sys) in PGP Corporation PGP ...)
	NOT-FOR-US: PGP Desktop
CVE-2008-5730 (Multiple CRLF injection vulnerabilities in AIST NetCat 3.12 and ...)
	NOT-FOR-US: AIST NetCat
CVE-2008-5729 (Multiple cross-site scripting (XSS) vulnerabilities in AIST NetCat ...)
	NOT-FOR-US: AIST NetCat
CVE-2008-5728 (Multiple directory traversal vulnerabilities in AIST NetCat 3.12 and ...)
	NOT-FOR-US: AIST NetCat
CVE-2008-5727 (SQL injection vulnerability in modules/auth/password_recovery.php in ...)
	NOT-FOR-US: AIST NetCat
CVE-2008-5726 (SQL injection vulnerability in thread.php in stormBoards 1.0.1 allows ...)
	NOT-FOR-US: stormBoards
CVE-2008-5725 (The NT kernel-mode driver (aka pstrip.sys) 5.0.1.1 and earlier in ...)
	NOT-FOR-US: EnTech Taiwan PowerStrip
CVE-2008-5724 (The Personal Firewall driver (aka epfw.sys) 3.0.672.0 and earlier in ...)
	NOT-FOR-US: ESET Smart Security
CVE-2008-5723 (Directory traversal vulnerability in CGI RESCUE KanniBBS2000 (aka ...)
	NOT-FOR-US: CGI RESCUE KanniBBS2000
CVE-2008-5722 (Buffer overflow in SAWStudio 3.9i allows user-assisted remote ...)
	NOT-FOR-US: SAWStudio
CVE-2008-5721 (SapporoWorks BlackJumboDog (BJD) before 4.2.3 allows remote attackers ...)
	NOT-FOR-US: BlackJumboDog
CVE-2008-5720 (Cross-site scripting (XSS) vulnerability in Mayaa before 1.1.23 allows ...)
	NOT-FOR-US: Mayaa
CVE-2008-5719 (Cross-site scripting (XSS) vulnerability in Hitachi Groupmax Web ...)
	NOT-FOR-US: Hitachi
CVE-2008-5718 (The papd daemon in Netatalk before 2.0.4-beta2, when using certain ...)
	{DSA-1705-1 DTSA-183-1}
	- netatalk 2.0.4~beta2-1 (medium; bug #510585)
CVE-2008-5717 (Cross-site scripting (XSS) vulnerability in Hitachi JP1/Integrated ...)
	NOT-FOR-US: Hitachi
CVE-2008-5716 (xend in Xen 3.3.0 does not properly restrict a guest VM's write access ...)
	- xen-3 <not-affected> (Vulnerable code never entered Debian)
	- xen-unstable <not-affected> (Vulnerable code never entered Debian)
	NOTE: this issue was introduced as a fix to CVE-2008-4405, which has not
	NOTE: yet been fixed in Debian
CVE-2008-5715 (Mozilla Firefox 3.0.5 on Windows Vista allows remote attackers to ...)
	- iceweasel <unfixed> (unimportant)
	NOTE: Browser crashes not treated as security issues
CVE-2008-5714 (Off-by-one error in monitor.c in Qemu 0.9.1 might make it easier for ...)
	- qemu 0.9.1-10 (low; bug #509882)
	[etch] - qemu <not-affected> (Vulnerable code not present)
	- kvm 82-1 (low; bug #509997)
CVE-2008-5713 (The __qdisc_run function in net/sched/sch_generic.c in the Linux ...)
	- linux-2.6 2.6.25-1
	- linux-2.6.24 <removed>
CVE-2008-5712 (The HTML parser in KDE Konqueror 3.5.9 allows remote attackers to ...)
	- kdebase <unfixed> (unimportant)
	NOTE: Browser crashes not treated as security issues
CVE-2008-5711 (Heap-based buffer overflow in the Facebook PhotoUploader ActiveX ...)
	NOT-FOR-US: Facebook PhotoUploader ActiveX
CVE-2008-5710 (Multiple unspecified vulnerabilities in the web management interface ...)
	NOT-FOR-US: Avaya Communication Manager
CVE-2008-5709 (Multiple unspecified vulnerabilities in the web management interface ...)
	NOT-FOR-US: Avaya Communication Manager
CVE-2008-5708 (redirect.php in SlimCMS 1.0.0 does not require authentication, which ...)
	NOT-FOR-US: SlimCMS
CVE-2008-5707 (SQL injection vulnerability in urunler.asp in Iltaweb Alisveris ...)
	NOT-FOR-US: Iltaweb Alisveris Sistemi
CVE-2008-5704 (src/unit_test.c in gpsdrive (aka gpsdrive-scripts) 2.10~pre4 might ...)
	- gpsdrive 2.10~pre4-6.dfsg-2 (low; bug #508597)
	[etch] - gpsdrive <no-dsa> (Minor issue)
CVE-2008-5703 (gpsdrive (aka gpsdrive-scripts) 2.10~pre4 allows local users to ...)
	- gpsdrive 2.10~pre4-6.dfsg-2 (low; bug #508597)
	[etch] - gpsdrive <no-dsa> (Minor issue)
CVE-2008-5702 (Buffer underflow in the ibwdt_ioctl function in ...)
	- linux-2.6 2.6.26-13
	- linux-2.6.24 <removed>
CVE-2008-5701 (Array index error in arch/mips/kernel/scall64-o32.S in the Linux ...)
	- linux-2.6 2.6.26-13
	- linux-2.6.24 <removed>
CVE-2008-5700 (libata in the Linux kernel before 2.6.27.9 does not set minimum ...)
	- linux-2.6 2.6.26-13
	[etch] - linux-2.6 <not-affected> (Vulnerable code not present, was introduced later)
	- linux-2.6.24 <removed>
CVE-2008-5699 (The name service cache daemon (nscd) in Sun Solaris 10 and OpenSolaris ...)
	NOT-FOR-US: Solaris
CVE-2008-5698 (HTMLTokenizer::scriptHandler in Konqueror in KDE 3.5.9 and 3.5.10 ...)
	- kdebase <unfixed> (unimportant)
	NOTE: browser crashes not treated as security issues
CVE-2008-5697 (The skype_tool.copy_num method in the Skype extension BETA 2.2.0.95 ...)
	NOT-FOR-US: Skype extension
CVE-2008-5696 (Novell NetWare 6.5 before Support Pack 8, when an OES2 Linux server is ...)
	NOT-FOR-US: Novell NetWare
CVE-2008-5695 (wp-admin/options.php in WordPress MU before 1.3.2, and WordPress 2.3.2 ...)
	- wordpress <unfixed> (low; bug #510786)
	NOTE: only the admin has manage_options capabilities by default and only editors
	NOTE: have upload_files capabilities
CVE-2008-5694 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: Sandbox
CVE-2008-5693 (Ipswitch WS_FTP Server Manager 6.1.0.0 and earlier, and possibly other ...)
	NOT-FOR-US: Ipswitch WS_FTP Server Manager
CVE-2008-5692 (Ipswitch WS_FTP Server Manager before 6.1.1, and possibly other ...)
	NOT-FOR-US: Ipswitch WS_FTP Server Manager
CVE-2008-5691 (Heap-based buffer overflow in the Phoenician Casino FlashAX ActiveX ...)
	NOT-FOR-US: Phoenician Casino FlashAX ActiveX
CVE-2008-5690 (The Kerberos credential renewal feature in Sun Solaris 8, 9, and 10, ...)
	NOT-FOR-US: Solaris
CVE-2008-5689 (tun in IP Tunnel in Solaris 10 and OpenSolaris snv_01 through snv_76 ...)
	NOT-FOR-US: Solaris
CVE-2008-5688 (MediaWiki 1.8.1, and other versions before 1.13.3, when the ...)
	- mediawiki <unfixed> (unimportant)
	NOTE: Installation path disclosure not treated as a security issue
CVE-2008-5687 (MediaWiki 1.11, and other versions before 1.13.3, does not properly ...)
	{DTSA-186-1}
	- mediawiki 1:1.13.3-1 (low)
	NOTE: the CVE id description is wrong, this is fixed in 1.13.3, notified mitre
CVE-2008-5686 (IBM Tivoli Provisioning Manager (TPM) before 5.1.1.1 IF0006, when its ...)
	NOT-FOR-US: IBM Tivoli Provisioning Manager
CVE-2008-5685 (Sun ScApp firmware 5.18.x, 5.19.x, and 5.20.0 through 5.20.10 on Sun ...)
	NOT-FOR-US: Sun ScApp firmware
CVE-2008-5684 (Unspecified vulnerability in the X Inter Client Exchange library (aka ...)
	NOT-FOR-US: Solaris
CVE-2008-5683 (Unspecified vulnerability in Opera before 9.63 allows remote attackers ...)
	NOT-FOR-US: Opera
CVE-2008-5682 (Cross-site scripting (XSS) vulnerability in Opera before 9.63 allows ...)
	NOT-FOR-US: Opera
CVE-2008-5681 (Opera before 9.63 does not block unspecified &quot;scripted URLs&quot; during ...)
	NOT-FOR-US: Opera
CVE-2008-5680 (Multiple buffer overflows in Opera before 9.63 might allow (1) remote ...)
	NOT-FOR-US: Opera
CVE-2008-5679 (The HTML parsing engine in Opera before 9.63 allows remote attackers ...)
	NOT-FOR-US: Opera
CVE-2008-5678 (Fretwell-Downing Informatics (FDI) OLIB7 WebView 2.5.1.1 allows remote ...)
	NOT-FOR-US: OLIB7 WebView
CVE-2008-5677 (Unrestricted file upload vulnerability in Kwalbum 2.0.4, 2.0.2, and ...)
	NOT-FOR-US: Kwalbum
CVE-2008-5676 (Multiple unspecified vulnerabilities in the ModSecurity (aka ...)
	NOT-FOR-US: ModSecurity
CVE-2008-5675 (Unspecified vulnerability in IBM WebSphere Portal 6.0 before 6.0.1.5 ...)
	NOT-FOR-US: IBM WebSphere Portal
CVE-2008-5674 (Multiple array index errors in the HTTP server in Darkwet Network ...)
	NOT-FOR-US: Darkwet Network webcamXP
CVE-2008-5673 (PHParanoid before 0.4 does not properly restrict access to the members ...)
	NOT-FOR-US: PHParanoid
CVE-2008-5672 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...)
	NOT-FOR-US: PHParanoid
CVE-2008-5671 (PHP remote file inclusion vulnerability in index.php in Joomla! 1.0.11 ...)
	NOT-FOR-US: Joomla
CVE-2008-5670 (Textpattern (aka Txp CMS) 4.0.5 does not ask for the old password ...)
	- textpattern 4.0.6-1 (low)
CVE-2008-5669 (index.php in the comments preview section in Textpattern (aka Txp CMS) ...)
	- textpattern 4.0.6-1 (low)
CVE-2008-5668 (Multiple cross-site scripting (XSS) vulnerabilities in Textpattern ...)
	- textpattern 4.0.6-1 (low)
CVE-2008-5667 (The scanning engine in VirusBlokAda VBA32 Personal Antivirus 3.12.8.x ...)
	NOT-FOR-US: VBA32 Personal Antivirus
CVE-2008-5666 (WinFTP FTP Server 2.3.0, when passive (aka PASV) mode is used, allows ...)
	NOT-FOR-US: WinFTP
CVE-2008-5665 (SQL injection vulnerability in index.php in the xhresim module in ...)
	NOT-FOR-US: XOOPS
CVE-2008-5664 (Stack-based buffer overflow in Realtek Media Player (aka Realtek Sound ...)
	NOT-FOR-US: Realtek Media Player
CVE-2008-5663 (Multiple unrestricted file upload vulnerabilities in Kusaba 1.0.4 and ...)
	NOT-FOR-US: Kusaba
CVE-2008-5662 (Multiple buffer overflows in Sun Java Wireless Toolkit (WTK) for CLDC ...)
	NOT-FOR-US: Sun Java Wireless Toolkit
CVE-2008-5661 (The IPv4 Forwarding feature in Sun Solaris 10 and OpenSolaris snv_47 ...)
	NOT-FOR-US: Sun Solaris
CVE-2008-5659 (The gnu.java.security.util.PRNG class in GNU Classpath 0.97.2 and ...)
	- classpath <unfixed> (bug #512532; medium)
CVE-2008-5657 (CRLF injection vulnerability in Quassel Core before 0.3.0.3 allows ...)
	- quassel 0.2~rc1-1.1 (bug #506550)
CVE-2008-5656 (Cross-site scripting (XSS) vulnerability in the frontend plugin for ...)
	- typo3-src 4.2.3-1 (bug #505325)
	[etch] - typo3-src <not-affected> (Typo3 versions below 4.2.x are not affected)
CVE-2008-5655 (Multiple SQL injection vulnerabilities in MyioSoft EasyBookMarker 4.0 ...)
	NOT-FOR-US: MyioSoft EasyBookMarker
CVE-2008-5654 (SQL injection vulnerability in the loginADP function in ajaxp.php in ...)
	NOT-FOR-US: MyioSoft EasyBookMarker
CVE-2008-5653 (SQL injection vulnerability in the loginADP function in ajaxp.php in ...)
	NOT-FOR-US: MyioSoft EasyBookMarker
CVE-2008-5652 (SQL injection vulnerability in the loginADP function in ajaxp.php in ...)
	NOT-FOR-US: MyioSoft EasyBookMarker
CVE-2008-5651 (SQL injection vulnerability in ...)
	NOT-FOR-US: MyioSoft EasyBookMarker
CVE-2008-5650 (SQL injection vulnerability in the login directory in AlstraSoft Web ...)
	NOT-FOR-US: AlstraSoft Web Host Directory
CVE-2008-5649 (SQL injection vulnerability in admin/admin.php in AlstraSoft Article ...)
	NOT-FOR-US: AlstraSoft Web Host Directory
CVE-2008-5648 (SQL injection vulnerability in admin/login.php in DeltaScripts PHP ...)
	NOT-FOR-US: DeltaScripts PHP Shop
CVE-2008-5647 (Unspecified vulnerability in the HTML sanitizer filter in Trac before ...)
	- trac 0.11.1-2.1 (low; bug #509342)
CVE-2008-5646 (Unspecified vulnerability in Trac before 0.11.2 allows attackers to ...)
	- trac 0.11.1-2.1 (low; bug #509342)
CVE-2008-5645 (Directory traversal vulnerability in the media server in Orb Networks ...)
	NOT-FOR-US: Orb Networks Orb
CVE-2008-5644 (Cross-site scripting (XSS) vulnerability in the file backend module in ...)
	- typo3-src 4.2.3-1 (bug #505324)
	[etch] - typo3-src <not-affected> (Only Typo3 4.2.2 is affected)
CVE-2008-5643 (SQL injection vulnerability in the Books (com_books) component for ...)
	NOT-FOR-US: Joomla
CVE-2008-5642 (Directory traversal vulnerability in admin/login.php in CMS Made ...)
	NOT-FOR-US: CMS Made Simple
CVE-2008-5641 (SQL injection vulnerability in account.asp in Active Photo Gallery 6.2 ...)
	NOT-FOR-US: Active Photo Gallery
CVE-2008-5640 (SQL injection vulnerability in bidhistory.asp in Active Bids 3.5 ...)
	NOT-FOR-US: Active Bids
CVE-2008-5639 (Directory traversal vulnerability in index.php in TxtBlog 1.0 Alpha ...)
	NOT-FOR-US: TxtBlog
CVE-2008-5638 (Multiple SQL injection vulnerabilities in Active Price Comparison 4 ...)
	NOT-FOR-US: Active Price Comparison
CVE-2008-5637 (SQL injection vulnerability in blog.asp in ParsBlogger (Pb) allows ...)
	NOT-FOR-US: ParsBlogger
CVE-2008-5636 (SQL injection vulnerability in cate.php in Lito Lite CMS, when ...)
	NOT-FOR-US: Lito Lite CMS
CVE-2008-5635 (SQL injection vulnerability in account.asp in Active Membership 2.0 ...)
	NOT-FOR-US: Active Membership
CVE-2008-5634 (SQL injection vulnerability in account.asp in Active Force Matrix 2.0 ...)
	NOT-FOR-US: Active Force Matrix
CVE-2008-5633 (SQL injection vulnerability in register.asp in ActiveVotes 2.2 allows ...)
	NOT-FOR-US: ActiveVotes
CVE-2008-5632 (SQL injection vulnerability in Account.asp in Active Time Billing 3.2 ...)
	NOT-FOR-US: Active Time Billing
CVE-2008-5631 (SQL injection vulnerability in start.asp in Active eWebquiz 8.0 allows ...)
	NOT-FOR-US: Active eWebquiz
CVE-2008-5630 (SQL injection vulnerability in merchants/index.php in Post Affiliate ...)
	NOT-FOR-US: Post Affiliate
CVE-2008-5629 (SQL injection vulnerability in index.php in Turnkey Arcade Script ...)
	NOT-FOR-US: Turnkey Arcade Script
CVE-2008-5628 (SQL injection vulnerability in index.php in CMS little 0.0.1 allows ...)
	NOT-FOR-US: CMS little
CVE-2008-5627 (SQL injection vulnerability in account.asp in Active Trade 2 allows ...)
	NOT-FOR-US: Active Trade
CVE-2008-5626 (XM Easy Personal FTP Server 5.6.0 allows remote authenticated users to ...)
	NOT-FOR-US: XM Easy Personal FTP Server
CVE-2008-5623
	RESERVED
CVE-2008-5620 (RoundCube Webmail (roundcubemail) before 0.2-beta allows remote ...)
	- roundcube 0.1.1-10 (low; bug #509596)
CVE-2008-5618 (imudp in rsyslog 4.x before 4.1.2, 3.21 before 3.21.9 beta, and 3.20 ...)
	- rsyslog 3.18.6-1 (low; bug #510906)
CVE-2008-5615
	RESERVED
CVE-2008-5614
	RESERVED
CVE-2008-5613
	RESERVED
CVE-2008-5612
	RESERVED
CVE-2008-5611
	RESERVED
CVE-2008-5610
	RESERVED
CVE-2008-5609 (SQL injection vulnerability in the Commerce extension 0.9.6 and ...)
	NOT-FOR-US: Commerce extension
CVE-2008-5608 (ASP AutoDealer stores sensitive information under the web root with ...)
	NOT-FOR-US: AutoDealer
CVE-2008-5607 (SQL injection vulnerability in the JMovies (aka JM or com_jmovies) ...)
	NOT-FOR-US: joomla
CVE-2008-5606 (Gazatem QMail Mailing List Manager 1.2 stores sensitive information ...)
	NOT-FOR-US: Gazatem QMail Mailing List Manager
CVE-2008-5605 (Multiple SQL injection vulnerabilities in ASP Portal allow remote ...)
	NOT-FOR-US: ASP Portal
CVE-2008-5604 (Directory traversal vulnerability in index.php in My Simple Forum 3.0 ...)
	NOT-FOR-US: My Simple Forum
CVE-2008-5603 (ASPTicker 1.0 stores sensitive information under the web root with ...)
	NOT-FOR-US: ASPTicker
CVE-2008-5602 (Natterchat 1.12 stores sensitive information under the web root with ...)
	NOT-FOR-US: Natterchat
CVE-2008-5601 (User Engine Lite ASP stores sensitive information under the web root ...)
	NOT-FOR-US: User Engine Lite ASP
CVE-2008-5600 (Merlix Teamworx Server stores sensitive information under the web root ...)
	NOT-FOR-US: Merlix Teamworx Server
CVE-2008-5599 (SQL injection vulnerability in default.asp in Merlix Teamworx Server ...)
	NOT-FOR-US: Merlix Teamworx Server
CVE-2008-5598 (Directory traversal vulnerability in index.php in PHPmyGallery 1.51 ...)
	NOT-FOR-US: PHPmyGallery
CVE-2008-5597 (Cold BBS stores sensitive information under the web root with ...)
	NOT-FOR-US: Cold BBS
CVE-2008-5596 (Ikon AdManager 2.1 and earlier stores sensitive information under the ...)
	NOT-FOR-US: Ikon AdManager
CVE-2008-5595 (SQL injection vulnerability in detail.asp in ASP AutoDealer allows ...)
	NOT-FOR-US: ASP AutoDealer
CVE-2008-5594 (Multiple directory traversal vulnerabilities in index.php in Mini Blog ...)
	NOT-FOR-US: Mini Blog
CVE-2008-5593 (Multiple directory traversal vulnerabilities in index.php in Mini CMS ...)
	NOT-FOR-US: Mini CMS
CVE-2008-5592 (Nightfall Personal Diary 1.0 stores sensitive information under the ...)
	NOT-FOR-US: Nightfall Personal Diary
CVE-2008-5591 (Cross-site scripting (XSS) vulnerability in login.asp in Nightfall ...)
	NOT-FOR-US: Nightfall Personal Diary
CVE-2008-5590 (SQL injection vulnerability in customer.forumtopic.php in Kalptaru ...)
	NOT-FOR-US: Kalptaru Infotech Product Sale Framework
CVE-2008-5589 (SQL injection vulnerability in processlogin.asp in Katy Whitton RankEm ...)
	NOT-FOR-US: Katy Whitton RankEm
CVE-2008-5588 (SQL injection vulnerability in rankup.asp in Katy Whitton RankEm ...)
	NOT-FOR-US: Katy Whitton RankEm
CVE-2008-5587 (Directory traversal vulnerability in libraries/lib.inc.php in ...)
	{DSA-1693-1}
	- phppgadmin 4.2.1-1.1 (low; bug #508026)
	NOTE: register_globals=on is required
	NOTE: http://www.milw0rm.com/exploits/7363
CVE-2008-5586 (SQL injection vulnerability in findoffice.php in Check Up New ...)
	NOT-FOR-US: Check Up New Generation
CVE-2008-5585 (Multiple PHP remote file inclusion vulnerabilities in lcxBBportal 0.1 ...)
	NOT-FOR-US: lcxBBportal
CVE-2007-XXXX [tdiary XSS]
	- tdiary 2.2.0-1 (bug #464778)
	[etch] - tdiary 2.0.2+20060303-5
	NOTE: fixed in r6 point update
	NOTE: http://www.tdiary.org/20071215.html
CVE-2009-0040
	RESERVED
CVE-2009-0039
	RESERVED
CVE-2009-0038
	RESERVED
CVE-2009-0037
	RESERVED
CVE-2009-0036
	RESERVED
CVE-2009-0035
	RESERVED
CVE-2009-0034 (parse.c in sudo 1.6.9p17 through 1.6.9p19 does not properly interpret ...)
	- sudo 1.6.9p17-2 (medium)
	[etch] - sudo <not-affected> (Vulnerable code not present)
CVE-2009-0033
	RESERVED
CVE-2009-0032 (CUPS on Mandriva Linux 2008.0, 2008.1, 2009.0, Corporate Server (CS) ...)
	NOT-FOR-US: issue affects pdfdistiller
CVE-2009-0031 (Memory leak in the keyctl_join_session_keyring function ...)
	- linux-2.6 <unfixed>
	- linux-2.6.24 <removed>
CVE-2009-0030 (A certain Red Hat patch for SquirrelMail 1.4.8 sets the same SQMSESSID ...)
	- squirrelmail <not-affected> (RedHat-specific regression)
CVE-2009-0029 (The ABI in the Linux kernel 2.6.28 and earlier on s390, powerpc, ...)
	- linux-2.6 <unfixed>
	- linux-2.6.24 <removed>
CVE-2009-0028
	RESERVED
CVE-2009-0027
	RESERVED
CVE-2009-0026 (Multiple cross-site scripting (XSS) vulnerabilities in Apache ...)
	NOT-FOR-US: Apache Jackrabbit
CVE-2009-0025 (BIND 9.6.0, 9.5.1, 9.5.0, 9.4.3, and earlier does not properly check ...)
	{DSA-1703-1}
	- bind9 <unfixed> (low; bug #511936)
	NOTE: unlike the advisory states it is DSA_do_verify not DSA_verify
	NOTE: low severity because it is believed hard to trigger and only
	NOTE: affects DNSSEC with DSA, which is supposedly rarely used.
CVE-2009-0024 (The sys_remap_file_pages function in mm/fremap.c in the Linux kernel ...)
	- linux-2.6 2.6.24-4
	[etch] - linux-2.6 <not-affected> (Introduced in 2.6.23)
	NOTE: Fixed in 2.6.24 before initial upload
CVE-2009-0023
	RESERVED
CVE-2009-0022 (Samba 3.2.0 through 3.2.6, when registry shares are enabled, allows ...)
	- samba 2:3.2.5-3
	[etch] - samba <not-affected> (Only 3.2.x affected)
CVE-2009-0021 (NTP 4.2.4 before 4.2.4p5 and 4.2.5 before 4.2.5p150 does not properly ...)
	{DSA-1702-1}
	- ntp 1:4.2.4p4+dfsg-8
CVE-2009-0020
	RESERVED
CVE-2009-0019
	RESERVED
CVE-2009-0018
	RESERVED
CVE-2009-0017
	RESERVED
CVE-2009-0016
	RESERVED
CVE-2009-0015
	RESERVED
CVE-2009-0014
	RESERVED
CVE-2009-0013
	RESERVED
CVE-2009-0012
	RESERVED
CVE-2009-0011
	RESERVED
CVE-2009-0010
	RESERVED
CVE-2009-0009
	RESERVED
CVE-2009-0008 (Unspecified vulnerability in Apple QuickTime MPEG-2 Playback Component ...)
	NOT-FOR-US: Apple QuickTime
CVE-2009-0007 (Heap-based buffer overflow in Apple QuickTime before 7.6 allows remote ...)
	NOT-FOR-US: Apple QuickTime
CVE-2009-0006 (Integer signedness error in Apple QuickTime before 7.6 allows remote ...)
	NOT-FOR-US: Apple QuickTime
CVE-2009-0005 (Unspecified vulnerability in Apple QuickTime before 7.6 allows remote ...)
	NOT-FOR-US: Apple QuickTime
CVE-2009-0004 (Buffer overflow in Apple QuickTime before 7.6 allows remote attackers ...)
	NOT-FOR-US: Apple QuickTime
CVE-2009-0003 (Heap-based buffer overflow in Apple QuickTime before 7.6 allows remote ...)
	NOT-FOR-US: Apple QuickTime
CVE-2009-0002 (Heap-based buffer overflow in Apple QuickTime before 7.6 allows remote ...)
	NOT-FOR-US: Apple QuickTime
CVE-2009-0001 (Heap-based buffer overflow in Apple QuickTime before 7.6 allows remote ...)
	NOT-FOR-US: Apple QuickTime
CVE-2008-5622 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...)
	- phpmyadmin 4:2.11.8.1-5
CVE-2008-5621 (Cross-site request forgery (CSRF) vulnerability in phpMyAdmin 2.11.x ...)
	- phpmyadmin 4:2.11.8.1-5
CVE-2008-5584 (Multiple cross-site scripting (XSS) vulnerabilities in ProjectPier 0.8 ...)
	NOT-FOR-US: ProjectPier
CVE-2008-5583 (Cross-site request forgery (CSRF) vulnerability in index.php in ...)
	NOT-FOR-US: ProjectPier
CVE-2008-5582 (SQL injection vulnerability in utilities/login.asp in Nukedit 4.9.x, ...)
	NOT-FOR-US: Nukedit
CVE-2008-5581 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: mini-pub
CVE-2008-5580 (mini-pub.php/front-end/cat.php in mini-pub 0.3 allows remote attackers ...)
	NOT-FOR-US: mini-pub
CVE-2008-5579 (Absolute path traversal vulnerability in ...)
	NOT-FOR-US: mini-pub
CVE-2008-5578 (Multiple SQL injection vulnerabilities in index.php in sCssBoard 1.0, ...)
	NOT-FOR-US: sCssBoard
CVE-2008-5577 (PHP remote file inclusion vulnerability in index.php in sCssBoard 1.0, ...)
	NOT-FOR-US: sCssBoard
CVE-2008-5576 (admin/forums.php in sCssBoard 1.0, 1.1, 1.11, and 1.12 allows remote ...)
	NOT-FOR-US: sCssBoard
CVE-2008-5575 (Session fixation vulnerability in Pro Clan Manager 0.4.2 and earlier ...)
	NOT-FOR-US: Pro Clan Manager
CVE-2008-5574 (SQL injection vulnerability in member.php in Webmaster Marketplace ...)
	NOT-FOR-US: Webmaster Marketplace
CVE-2008-5573 (SQL injection vulnerability in the login feature in Poll Pro 2.0 ...)
	NOT-FOR-US: Poll Pro
CVE-2008-5572 (Professional Download Assistant 0.1 stores sensitive information under ...)
	NOT-FOR-US: Professional Download Assistant
CVE-2008-5571 (SQL injection vulnerability in admin/login.asp in Professional ...)
	NOT-FOR-US: Professional Download Assistant
CVE-2008-5570 (Directory traversal vulnerability in index.php in PHP Multiple ...)
	NOT-FOR-US: Multiple Newsletters
CVE-2008-5569 (Multiple cross-site scripting (XSS) vulnerabilities in PHPepperShop ...)
	NOT-FOR-US: PHPepperShop
CVE-2008-5568 (Cross-site request forgery (CSRF) vulnerability in admin/settings.php ...)
	NOT-FOR-US: IPN Pro
CVE-2008-5567 (Cross-site request forgery (CSRF) vulnerability in ...)
	NOT-FOR-US: Bonza Cart
CVE-2008-5566 (Cross-site scripting (XSS) vulnerability in index.php in Triangle ...)
	NOT-FOR-US: Multiple Newsletters
CVE-2008-5565 (Cross-site request forgery (CSRF) vulnerability in admin/settings.php ...)
	NOT-FOR-US: DL PayCart
CVE-2008-5564 (Unspecified vulnerability in the media server in Orb Networks Orb ...)
	NOT-FOR-US: Orb Networks Orb
CVE-2008-5563 (Aruba Mobility Controller 2.4.8.x-FIPS, 2.5.x, 3.1.x, 3.2.x, 3.3.1.x, ...)
	NOT-FOR-US: Aruba Mobility Controller
CVE-2008-5562 (ASPPortal stores sensitive information under the web root with ...)
	NOT-FOR-US: ASPPortal
CVE-2008-5561 (SQL injection vulnerability in Netref 4.0 allows remote attackers to ...)
	NOT-FOR-US: Netref
CVE-2008-5560 (PostEcards stores sensitive information under the web root with ...)
	NOT-FOR-US: PostEcards
CVE-2008-5559 (SQL injection vulnerability in sendcard.cfm in PostEcards allows ...)
	NOT-FOR-US: PostEcards
CVE-2008-5558 (Asterisk Open Source 1.2.26 through 1.2.30.3 and Business Edition ...)
	- asterisk 1:1.4.0~dfsg-1 (bug #509686)
CVE-2008-5557 (Heap-based buffer overflow in ...)
	{DTSA-188-1}
	- php5 5.2.6.dfsg.1-1 (bug #511493)
CVE-2008-XXXX [phpBB3 Account Re-activation Security Bypass]
	- phpbb3 3.0.2-4 (low; bug #508872)
CVE-2008-5556 (** DISPUTED ** ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2008-5555 (Microsoft Internet Explorer 8.0 Beta 2 relies on the ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2008-5554 (The XSS Filter in Microsoft Internet Explorer 8.0 Beta 2 does not ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2008-5553 (The XSS Filter in Microsoft Internet Explorer 8.0 Beta 2 disables ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2008-5552 (The XSS Filter in Microsoft Internet Explorer 8.0 Beta 2 allows remote ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2008-5551 (The XSS Filter in Microsoft Internet Explorer 8.0 Beta 2 allows remote ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2008-5550 (Open redirect vulnerability in console/faces/jsp/login/BeginLogin.jsp ...)
	NOT-FOR-US: Sun Java Web Console
CVE-2008-5549 (Unspecified vulnerability in the Sun Java Web Console components in ...)
	NOT-FOR-US: Sun Java Web Console
CVE-2008-5548 (VirusBuster 4.5.11.0, when Internet Explorer 6 or 7 is used, allows ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2008-5547 (HAURI ViRobot 2008.12.4.1499 and possibly 2008.9.12.1375, when ...)
	NOT-FOR-US: HAURI ViRobot
CVE-2008-5546 (VirusBlokAda VBA32 3.12.8.5, when Internet Explorer 6 or 7 is used, ...)
	NOT-FOR-US: VirusBlokAda VBA32
CVE-2008-5545 (Trend Micro VSAPI 8.700.0.1004 in Trend Micro AntiVirus, when Internet ...)
	NOT-FOR-US: Trend Micro VSAPI
CVE-2008-5544 (Hacksoft The Hacker 6.3.1.2.174 and possibly 6.3.0.9.081, when ...)
	NOT-FOR-US: Hacksoft The Hacker
CVE-2008-5543 (Symantec AntiVirus (SAV) 10, when Internet Explorer 6 or 7 is used, ...)
	NOT-FOR-US: Symantec AntiVirus
CVE-2008-5542 (Sunbelt VIPRE 3.1.1832.2 and possibly 3.1.1633.1, when Internet ...)
	NOT-FOR-US: Sunbelt VIPRE
CVE-2008-5541 (Sophos Anti-Virus 4.33.0, when Internet Explorer 6 or 7 is used, ...)
	NOT-FOR-US: Sophos Anti-Virus
CVE-2008-5540 (Secure Computing Secure Web Gateway (aka Webwasher), when Internet ...)
	NOT-FOR-US: Webwasher
CVE-2008-5539 (RISING Antivirus 21.06.31.00 and possibly 20.61.42.00, when Internet ...)
	NOT-FOR-US: RISING Antivirus
CVE-2008-5538 (Prevx Prevx1 2, when Internet Explorer 6 or 7 is used, allows remote ...)
	NOT-FOR-US: Prevx Prevx1 2
CVE-2008-5537 (PC Tools AntiVirus 4.4.2.0, when Internet Explorer 6 or 7 is used, ...)
	NOT-FOR-US: PC Tools AntiVirus
CVE-2008-5536 (Panda Antivirus 9.0.0.4, when Internet Explorer 6 or 7 is used, allows ...)
	NOT-FOR-US: Panda Antivirus
CVE-2008-5535 (Norman Antivirus 5.80.02, when Internet Explorer 6 or 7 is used, ...)
	NOT-FOR-US: Norman Antivirus
CVE-2008-5534 (ESET NOD32 Antivirus 3662 and possibly 3440, when Internet Explorer 6 ...)
	NOT-FOR-US: ESET NOD32 Antivirus
CVE-2008-5533 (K7AntiVirus 7.10.541 and possibly 7.10.454, when Internet Explorer 6 ...)
	NOT-FOR-US: K7AntiVirus
CVE-2008-5532 (Ikarus Virus Utilities T3.1.1.45.0 and possibly T3.1.1.34.0, when ...)
	NOT-FOR-US: Ikarus Virus Utilities
CVE-2008-5531 (Fortinet Antivirus 3.113.0.0, when Internet Explorer 6 or 7 is used, ...)
	NOT-FOR-US: Fortinet Antivirus
CVE-2008-5530 (Ewido Security Suite 4.0, when Internet Explorer 6 or 7 is used, ...)
	NOT-FOR-US: Ewido Security Suite
CVE-2008-5529 (CA eTrust Antivirus 31.6.6086, when Internet Explorer 6 or 7 is used, ...)
	NOT-FOR-US: CA eTrust Antivirus
CVE-2008-5528 (Aladdin eSafe 7.0.17.0, when Internet Explorer 6 or 7 is used, allows ...)
	NOT-FOR-US: Aladdin eSafe
CVE-2008-5527 (ESET Smart Security, when Internet Explorer 6 or 7 is used, allows ...)
	NOT-FOR-US: ESET Smart Security
CVE-2008-5526 (DrWeb Anti-virus 4.44.0.09170, when Internet Explorer 6 or 7 is used, ...)
	NOT-FOR-US: DrWeb Anti-virus
CVE-2008-5525 (ClamAV 0.94.1 and possibly 0.93.1, when Internet Explorer 6 or 7 is ...)
	TODO: check
	NOTE: CVE claims it only happens when Internet Explorer 6 or 7 is used, but ClamAV doesn't have any special code for IE
CVE-2008-5524 (CAT-QuickHeal 10.00 and possibly 9.50, when Internet Explorer 6 or 7 ...)
	NOT-FOR-US: CAT-QuickHeal
CVE-2008-5523 (avast! antivirus 4.8.1281.0, when Internet Explorer 6 or 7 is used, ...)
	NOT-FOR-US: avast! antivirus
CVE-2008-5522 (AVG Anti-Virus 8.0.0.161, when Internet Explorer 6 or 7 is used, ...)
	NOT-FOR-US: AVG Anti-Virus
CVE-2008-5521 (Avira AntiVir 7.9.0.36 and possibly 7.8.1.28, when Internet Explorer 6 ...)
	NOT-FOR-US: Avira AntiVir
CVE-2008-5520 (AhnLab V3 2008.12.4.1 and possibly 2008.9.13.0, when Internet Explorer ...)
	NOT-FOR-US: AhnLab V3
CVE-2008-5519
	RESERVED
CVE-2008-5518
	RESERVED
CVE-2008-5517 (The web interface in git (gitweb) 1.5.x before 1.5.6 allows remote ...)
	{DSA-1708-1}
	- git-core 1:1.5.6.5-2 (low; bug #512330)
CVE-2008-5516 (The web interface in git (gitweb) 1.5.x before 1.5.5 allows remote ...)
	{DSA-1708-1}
	- git-core 1:1.5.6-1
CVE-2008-5515
	RESERVED
CVE-2008-5514 (Off-by-one error in the rfc822_output_char function in the ...)
	{DTSA-174-2}
	- uw-imap 2007b~dfsg-1.1 (medium; bug #510918)
	[etch] - uw-imap <not-affected> (Vulnerable code not present)
CVE-2008-5513 (Unspecified vulnerability in the session-restore feature in Mozilla ...)
	{DSA-1707-1}
	- iceweasel 3.0.5-1
CVE-2008-5512 (Multiple unspecified vulnerabilities in Mozilla Firefox 3.x before ...)
	{DSA-1707-1 DSA-1704-1 DSA-1697-1 DSA-1696-1}
	- iceweasel 3.0.5-1
	- icedove 2.0.0.19-1
	- iceape 1.1.14-1
	- xulrunner 1.9.0.5-1
CVE-2008-5511 (Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird ...)
	{DSA-1707-1 DSA-1704-1 DSA-1697-1 DSA-1696-1}
	- iceweasel 3.0.5-1
	- icedove 2.0.0.19-1
	- iceape 1.1.14-1
	- xulrunner 1.9.0.5-1
CVE-2008-5510 (The CSS parser in Mozilla Firefox 3.x before 3.0.5 and 2.x before ...)
	{DSA-1707-1}
	- iceweasel 3.0.5-1
	- icedove 2.0.0.19-1
	- iceape 1.1.14-1
	- xulrunner 1.9.0.5-1
	NOTE: patch will be checked for icedove/iceape/xulrunner by Alexander for next round
CVE-2008-5509
	RESERVED
CVE-2008-5508 (Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird ...)
	{DSA-1707-1 DSA-1704-1 DSA-1697-1 DSA-1696-1}
	- iceweasel 3.0.5-1
	- icedove 2.0.0.19-1
	- iceape 1.1.14-1
	- xulrunner 1.9.0.5-1
CVE-2008-5507 (Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird ...)
	{DSA-1707-1 DSA-1704-1 DSA-1697-1 DSA-1696-1}
	- iceweasel 3.0.5-1
	- icedove 2.0.0.19-1
	- iceape 1.1.14-1
	- xulrunner 1.9.0.5-1
CVE-2008-5506 (Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird ...)
	{DSA-1707-1 DSA-1704-1 DSA-1697-1 DSA-1696-1}
	- iceweasel 3.0.5-1
	- icedove 2.0.0.19-1
	- iceape 1.1.14-1
	- xulrunner 1.9.0.5-1
CVE-2008-5505 (Mozilla Firefox 3.x before 3.0.5 allows remote attackers to bypass ...)
	- iceweasel 3.0.5-1
	NOTE: patch now available and will be checked for next patch round
CVE-2008-5504 (Mozilla Firefox 2.x before 2.0.0.19 allows remote attackers to run ...)
	{DSA-1707-1}
	- iceweasel 3.0
	- xulrunner 1.9
	[etch] - xulrunner <not-affected> (The vulnerable feature is only included in 1.8.1 branch)
	NOTE: Iceweasel 3.0 aka Xulrunner 1.9 not affected
	NOTE: Original fix for CVE-2008-3836 was incomplete
CVE-2008-5503 (The loadBindingDocument function in Mozilla Firefox 2.x before ...)
	{DSA-1707-1 DSA-1704-1 DSA-1697-1 DSA-1696-1}
	- iceape 1.1.13-1
	- iceweasel 3.0
	- xulrunner 1.9
	- icedove 2.0.0.19-1 (low)
	NOTE: JavaScript for mails is disabled by default and if users enable it ...
	NOTE: Iceweasel 3.0 aka Xulrunner 1.9 not affected
CVE-2008-5502 (The layout engine in Mozilla Firefox 3.x before 3.0.5, Thunderbird 2.x ...)
	- iceweasel 3.0.5-1
	[etch] - iceweasel <not-affected> (Firefox 2.x not affected)
	- xulrunner 1.9.0.5-1
	[etch] - xulrunner <not-affected> (Xulrunner 1.8 not affected)
	- icedove <not-affected> (This issue was FF3 only, CVE-2008-5500 affects icedove)
CVE-2008-5501 (The layout engine in Mozilla Firefox 3.x before 3.0.5, Thunderbird 2.x ...)
	- iceweasel 3.0.5-1
	[etch] - iceweasel <not-affected> (Firefox 2.x not affected)
	- xulrunner 1.9.0.5-1
	[etch] - xulrunner <not-affected> (Xulrunner 1.8 not affected)
	- icedove <not-affected> (This issue was FF3 only, CVE-2008-5500 affects icedove)
CVE-2008-5500 (The layout engine in Mozilla Firefox 3.x before 3.0.5 and 2.x before ...)
	{DSA-1707-1 DSA-1704-1 DSA-1697-1 DSA-1696-1}
	- iceweasel 3.0.5-1
	- icedove 2.0.0.19-1
	- iceape 1.1.14-1
	- xulrunner 1.9.0.5-1
CVE-2008-5499 (Unspecified vulnerability in Adobe Flash Player for Linux 10.0.12.36, ...)
	NOT-FOR-US: Adobe Flash Player for Linux
CVE-2008-5498 (Array index error in the imageRotate function in PHP 5.2.8 and earlier ...)
	- php5 <not-affected> (php5 links to the shared lib)
	- libgd2 <not-affected> (code is specific to php's libgd)
	NOTE: http://cvs.php.net/viewvc.cgi/php-src/NEWS?r1=1.2027.2.547.2.1360&r2=1.2027.2.547.2.1361
CVE-2008-5497 (BandSite CMS 1.1.4 allows remote attackers to bypass authentication ...)
	NOT-FOR-US: BandSite CMS
CVE-2008-5496 (SQL injection vulnerability in showcategory.php in PozScripts Business ...)
	NOT-FOR-US: PozScripts Business Directory Script
CVE-2008-5495 (Unspecified vulnerability in the GungHo LoadPrgAx ActiveX control ...)
	NOT-FOR-US: GungHo LoadPrgAx
CVE-2008-5494 (SQL injection vulnerability in the Contact Information Module ...)
	NOT-FOR-US: Contact Information Module (com_contactinfo) component for Joomla!
CVE-2008-5493 (SQL injection vulnerability in track.php in PHPStore Wholesales (aka ...)
	NOT-FOR-US: PHPStore Wholesales
CVE-2008-5492 (Heap-based buffer overflow in the PDFVIEW.PdfviewCtrl.1 ActiveX ...)
	NOT-FOR-US: PDFVIEW.PdfviewCtrl.1
CVE-2008-5491 (SQL injection vulnerability in edit.php in SlimCMS 1.0.0 and earlier ...)
	NOT-FOR-US: SlimCMS
CVE-2008-5490 (SQL injection vulnerability in index.php in PHPStore Yahoo Answers ...)
	NOT-FOR-US: PHPStore Yahoo Answers
CVE-2008-5489 (SQL injection vulnerability in channel_detail.php in ClipShare Pro 4, ...)
	NOT-FOR-US: ClipShare
CVE-2008-5488 (SQL injection vulnerability in admin.php in E-topbiz Domain Shop 2 ...)
	NOT-FOR-US: E-topbiz Domain Shop
CVE-2008-5487 (Cross-site scripting (XSS) vulnerability in admin.php in TurnkeyForms ...)
	NOT-FOR-US: TurnkeyForms Text Link Sales
CVE-2008-5486 (SQL injection vulnerability in admin.php in TurnkeyForms Text Link ...)
	NOT-FOR-US: TurnkeyForms Text Link Sales
CVE-2008-5616 (Stack-based buffer overflow in the demux_open_vqf function in ...)
	{DTSA-181-1}
	- mplayer 1.0~rc2-19 (low; bug #508803)
CVE-2008-XXXX [axel URL parser buffer overflow]
	- axel 2.2 (unimportant)
	[etch] - axel <no-dsa> (Minor issue)
	NOTE: http://alioth.debian.org/forum/forum.php?forum_id=2846
	NOTE: this only work for non-interactive sessions which is a quite exotic usecase
CVE-2008-5619 (html2text.php in RoundCube Webmail (roundcubemail) 0.2-1.alpha and ...)
	- roundcube 0.1.1-9 (high; bug #508628)
	NOTE: According to the bug report, this is being exploited.
	- moodle 1.8.2.dfsg-2 (bug #508909)
	[etch] - moodle <not-affected> (Vulnerable code not present)
	NOTE: moodle recently copied roundcube's html2text due to their copy being non-free
CVE-2008-5485
	RESERVED
CVE-2008-5484
	RESERVED
CVE-2008-5483
	RESERVED
CVE-2008-5482
	RESERVED
CVE-2008-5481
	RESERVED
CVE-2008-5480
	RESERVED
CVE-2008-5479
	RESERVED
CVE-2008-5478
	RESERVED
CVE-2008-5477
	RESERVED
CVE-2008-5476
	RESERVED
CVE-2008-5475
	RESERVED
CVE-2008-5474
	RESERVED
CVE-2008-5473
	RESERVED
CVE-2008-5472
	RESERVED
CVE-2008-5471
	RESERVED
CVE-2008-5470
	RESERVED
CVE-2008-5469
	RESERVED
CVE-2008-5468
	RESERVED
CVE-2008-5467
	RESERVED
CVE-2008-5466
	RESERVED
CVE-2008-5465
	RESERVED
CVE-2008-5464
	RESERVED
CVE-2008-5463 (Unspecified vulnerability in the PeopleSoft Enterprise Campus ...)
	NOT-FOR-US: BEA WebLogic
CVE-2008-5462 (Unspecified vulnerability in the WebLogic Portal component in BEA ...)
	NOT-FOR-US: BEA WebLogic
CVE-2008-5461 (Unspecified vulnerability in the WebLogic Server component in BEA ...)
	NOT-FOR-US: BEA WebLogic
CVE-2008-5460 (Unspecified vulnerability in the WebLogic Server component in BEA ...)
	NOT-FOR-US: BEA WebLogic
CVE-2008-5459 (Unspecified vulnerability in the WebLogic Server component in BEA ...)
	NOT-FOR-US: BEA WebLogic
CVE-2008-5458 (Unspecified vulnerability in the Oracle Application Object Library ...)
	NOT-FOR-US: Oracle
CVE-2008-5457 (Unspecified vulnerability in the Oracle BEA WebLogic Server Plugins ...)
	NOT-FOR-US: Oracle
CVE-2008-5456 (Unspecified vulnerability in the PeopleSoft Enterprise HRMS component ...)
	NOT-FOR-US: Oracle
CVE-2008-5455 (Unspecified vulnerability in the PeopleSoft Enterprise HRMS - ...)
	NOT-FOR-US: Oracle
CVE-2008-5454 (Unspecified vulnerability in the iProcurement component in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2008-5453
	RESERVED
CVE-2008-5452 (Unspecified vulnerability in the PeopleSoft Enterprise HRMS component ...)
	NOT-FOR-US: Oracle
CVE-2008-5451 (Unspecified vulnerability in the JD Edwards Tools component in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2008-5450 (Unspecified vulnerability in the Oracle Applications Platform ...)
	NOT-FOR-US: Oracle
CVE-2008-5449 (Unspecified vulnerability in the Oracle Secure Backup component in ...)
	NOT-FOR-US: Oracle
CVE-2008-5448 (Unspecified vulnerability in the Oracle Secure Backup component in ...)
	NOT-FOR-US: Oracle
CVE-2008-5447 (Unspecified vulnerability in the Oracle Enterprise Manager component ...)
	NOT-FOR-US: Oracle
CVE-2008-5446 (Unspecified vulnerability in the Oracle Applications Framework ...)
	NOT-FOR-US: Oracle
CVE-2008-5445 (Unspecified vulnerability in the Oracle Secure Backup component in ...)
	NOT-FOR-US: Oracle
CVE-2008-5444 (Unspecified vulnerability in the Oracle Secure Backup component in ...)
	NOT-FOR-US: Oracle
CVE-2008-5443 (Unspecified vulnerability in the Oracle Secure Backup component in ...)
	NOT-FOR-US: Oracle
CVE-2008-5442 (Unspecified vulnerability in the Oracle Secure Backup component in ...)
	NOT-FOR-US: Oracle
CVE-2008-5441 (Unspecified vulnerability in the Oracle Secure Backup component in ...)
	NOT-FOR-US: Oracle
CVE-2008-5440 (Unspecified vulnerability in the TimesTen Data Server component in ...)
	NOT-FOR-US: Oracle
CVE-2008-5439 (Unspecified vulnerability in the SQL*Plus Windows GUI component in ...)
	NOT-FOR-US: Oracle
CVE-2008-5438 (Unspecified vulnerability in the Oracle Portal component in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2008-5437 (Unspecified vulnerability in the Job Queue component in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2008-5436 (Unspecified vulnerability in the Oracle OLAP component in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2008-5435 (Cross-site scripting (XSS) vulnerability in moderate.php in PunBB ...)
	NOT-FOR-US: PunBB
CVE-2008-5434 (Multiple SQL injection vulnerabilities in PunBB 1.3 and 1.3.1 allow ...)
	NOT-FOR-US: PunBB
CVE-2008-5433 (Cross-site scripting (XSS) vulnerability in login.php in PunBB 1.3 and ...)
	NOT-FOR-US: PunBB
CVE-2008-5432 (Cross-site scripting (XSS) vulnerability in Moodle before 1.6.8, 1.7 ...)
	{DSA-1691-1}
	- moodle 1.8.2.dfsg-1 (bug #508593)
CVE-2008-5431 (Teamtek Universal FTP Server 1.0.44 allows remote attackers to cause a ...)
	NOT-FOR-US: Teamtek Universal FTP Server
CVE-2008-5430 (Mozilla Thunderbird 2.0.14 does not properly handle (1) ...)
	- icedove <unfixed> (unimportant)
	NOTE: crashes icedove, but no security impact
CVE-2008-5429 (Incredimail build 5853710 does not properly handle (1) multipart/mixed ...)
	NOT-FOR-US: Incredimail
CVE-2008-5428 (Opera 9.51 on Windows XP does not properly handle (1) multipart/mixed ...)
	NOT-FOR-US: Opera
CVE-2008-5427 (Norton Antivirus in Norton Internet Security 15.5.0.23 does not ...)
	NOT-FOR-US: Norton Internet Security
CVE-2008-5426 (Kaspersky Internet Security Suite 2009 does not properly handle (1) ...)
	NOT-FOR-US: Kaspersky Internet Security Suite
CVE-2008-5425 (ESet NOD32 2.70.0039.0000 does not properly handle (1) multipart/mixed ...)
	NOT-FOR-US: NOD32
CVE-2008-5424 (The MimeOleClearDirtyTree function in InetComm.dll in Microsoft ...)
	NOT-FOR-US: Microsoft Outlook Express
CVE-2008-5423 (Sun Sun Ray Server Software 3.x and 4.0 and Sun Ray Windows Connector ...)
	NOT-FOR-US: Sun Ray Software
CVE-2008-5422 (Sun Sun Ray Server Software 3.1 through 4.0 does not properly restrict ...)
	NOT-FOR-US: Sun Sun Ray Server Software
CVE-2008-5421 (The SSL web administration service in NetWin SmsGate 1.1n and earlier ...)
	NOT-FOR-US: NetWin SmsGate
CVE-2006-7235 (Teamtek Universal FTP Server 1.0.50 allows remote attackers to cause a ...)
	NOT-FOR-US: Teamtek Universal FTP Server
CVE-2008-5420 (The SAN Manager Master Agent service (aka msragent.exe) in EMC Control ...)
	NOT-FOR-US: SAN Manager Master Agent
CVE-2008-5419 (Stack-based buffer overflow in SAN Manager Master Agent service (aka ...)
	NOT-FOR-US: SAN Manager Master Agent
CVE-2008-5418 (Directory traversal vulnerability in login.php in the PunPortal module ...)
	NOT-FOR-US: PunBB
CVE-2008-5417 (HP DECnet-Plus 8.3 before ECO03 for OpenVMS on the Alpha platform uses ...)
	NOT-FOR-US: HP DECnet-Plus
CVE-2008-5416 (Heap-based buffer overflow in Microsoft SQL Server 2000 8.00.2050, ...)
	NOT-FOR-US: Microsoft SQL Server
CVE-2008-5415 (The LDBserver service in the server in CA ARCserve Backup 11.1 through ...)
	NOT-FOR-US: CA ARCserve Backup
CVE-2008-5414 (Unspecified vulnerability in the Feature Pack for Web Services in the ...)
	NOT-FOR-US: IBM WebSphere
CVE-2008-5413 (PerfServlet in the PMI/Performance Tools component in IBM WebSphere ...)
	NOT-FOR-US: IBM WebSphere
CVE-2008-5412 (Unspecified vulnerability in IBM WebSphere Application Server (WAS) 7 ...)
	NOT-FOR-US: IBM WebSphere
CVE-2008-5411 (IBM WebSphere Application Server (WAS) 7 before 7.0.0.1 sends SSL ...)
	NOT-FOR-US: IBM WebSphere
CVE-2008-5410 (The PK11_SESSION cache in the OpenSSL PKCS#11 engine in Sun Solaris 10 ...)
	NOT-FOR-US: Solaris
CVE-2008-5409 (Unspecified vulnerability in the pdf.xmd module in (1) BitDefender ...)
	NOT-FOR-US: itDefender Free Edition and Antivirus Standard, BullGuard Internet Security and Software602 Groupware Server
CVE-2008-5408 (Buffer overflow in the data management protocol in Symantec Backup ...)
	NOT-FOR-US: Symantec Backup Exec
CVE-2008-5407 (Multiple unspecified vulnerabilities in the Backup Exec remote-agent ...)
	NOT-FOR-US: Symantec Backup Exec
CVE-2008-5406 (Stack-based buffer overflow in Apple QuickTime Player 7.5.5 and iTunes ...)
	NOT-FOR-US: Apple QuickTime Player and iTunes
CVE-2008-5405 (Stack-based buffer overflow in the RDP protocol password decoder in ...)
	NOT-FOR-US: Cain & Abel
CVE-2008-5404 (Insecure method vulnerability in the FlexCell.Grid ActiveX control in ...)
	NOT-FOR-US: FlexCell
CVE-2008-5403 (Heap-based buffer overflow in the XML parser in the AIM plugin in ...)
	NOT-FOR-US: Trillian
CVE-2008-5402 (Double free vulnerability in the XML parser in Trillian before ...)
	NOT-FOR-US: Trillian
CVE-2008-5401 (Stack-based buffer overflow in the image tooltip implementation in ...)
	NOT-FOR-US: Trillian
CVE-2008-5400 (Multiple cross-site request forgery (CSRF) vulnerabilities in mvnForum ...)
	NOT-FOR-US: mvnForum
CVE-2008-5399 (Cross-site scripting (XSS) vulnerability in the listonlineusers (aka ...)
	NOT-FOR-US: mvnForum
CVE-2008-5398 (Tor before 0.2.0.32 does not properly process the ...)
	- tor 0.2.0.32-1
CVE-2008-5397 (Tor before 0.2.0.32 does not properly process the (1) User and (2) ...)
	- tor 0.2.0.32-1 (bug #505178)
CVE-2008-5396 (Array index error in the (1) torisa.c and (2) dahdi/tor2.c drivers in ...)
	{DSA-1699-1}
	- zaptel 1:1.4.11~dfsg-3
CVE-2008-5395 (The parisc_show_stack function in arch/parisc/kernel/traps.c in the ...)
	- linux-2.6 2.6.26-13
	- linux-2.6.24 <removed>
CVE-2008-5393 (UPR-Kernel in Ubuntu Privacy Remix (UPR) before 8.04_r1 includes ...)
	NOT-FOR-US: Ubuntu Privacy Remix
CVE-2008-5392
	RESERVED
CVE-2008-5391
	RESERVED
CVE-2008-5390
	RESERVED
CVE-2008-5389
	RESERVED
CVE-2008-5388
	RESERVED
CVE-2008-5387 (Buffer overflow in autoconf6 in IBM AIX 6.1.0 through 6.1.2, when ...)
	NOT-FOR-US: IBM AIX
CVE-2008-5386 (Buffer overflow in ndp in IBM AIX 6.1.0 through 6.1.2, when the netcd ...)
	NOT-FOR-US: IBM AIX
CVE-2008-5385 (enq in bos.rte.printers in IBM AIX 6.1.0 through 6.1.2, when a print ...)
	NOT-FOR-US: IBM AIX
CVE-2008-5384 (crontab in bos.rte.cron in IBM AIX 6.1.0 through 6.1.2 allows local ...)
	NOT-FOR-US: IBM AIX
CVE-2008-5383 (Stack-based buffer overflow in National Instruments Electronics ...)
	NOT-FOR-US: National Instruments Electronics Workbench
CVE-2008-5382 (Cross-site request forgery (CSRF) vulnerability in I-O DATA DEVICE ...)
	NOT-FOR-US: I-O firmware
CVE-2008-5381 (Buffer overflow in the URL processing in ffdshow (aka ffdshow-tryout) ...)
	NOT-FOR-US: ffdshow
CVE-2008-5380 (gpsdrive (aka gpsdrive-scripts) 2.09 allows local users to overwrite ...)
	- gpsdrive 2.10~pre4-6.dfsg-2 (low)
	[etch] - gpsdrive <no-dsa> (Minor issue)
CVE-2008-5379 (netdisco-mibs-installer 1.0 allows local users to overwrite arbitrary ...)
	- netdisco-mibs-installer (low; bug #508940)
	[lenny] - netdisco-mibs-installer <no-dsa> (Contrib not supported)
CVE-2008-5378 (arb-kill in arb 0.0.20071207.1 allows local users to overwrite ...)
	- arb <unfixed> (low; bug #508942)
CVE-2008-5377 (pstopdf in CUPS 1.3.8 allows local users to overwrite arbitrary files ...)
	- cups 1.3.8-1lenny1 (low)
	[etch] - cupsys <unfixed> (low)
CVE-2008-5376 (editcomment in crip 3.7 allows local users to overwrite arbitrary ...)
	- crip 3.7-5 (low; bug #509275)
	[etch] - crip <no-dsa> (Not run as root)
	TODO: next point release: [etch] - crip 3.7-3+etch1
CVE-2008-5375 (cmus-status-display in cmus 2.2.0 allows local users to overwrite ...)
	- cmus 2.2.0-1.1 (unimportant; bug #509277)
	NOTE: Just an example script
CVE-2008-5374 (bash-doc 3.2 allows local users to overwrite arbitrary files via a ...)
	- bash <unfixed> (unimportant; bug #509279)
	NOTE: scripts are examples
CVE-2008-5373 (mtx-changer.Adic-Scalar-24 in bacula-common 2.4.2 allows local users ...)
	- bacula <unfixed> (unimportant; bug #509301)
	NOTE: script is an example
CVE-2008-5372 (sdm-login in sdm-terminal 0.4.0b allows local users to overwrite ...)
	- sdm <unfixed> (unimportant; bug #509331)
	NOTE: Not really a bug since only "touch" is used on the temp file
CVE-2008-5371 (screenie in screenie 1.30.0 allows local users to overwrite arbitrary ...)
	- screenie 1.30.0-5.1 (low; bug #509332)
CVE-2008-5370 (pvpgn-support-installer in pvpgn 1.8.1 allows local users to overwrite ...)
	- pvpgn 1.8.1-2 (low; bug #509336)
	[etch] - pvpgn <no-dsa> (Contrib not supported)
CVE-2008-5369 (noip2 in noip2 2.1.7 allows local users to overwrite arbitrary files ...)
	- no-ip 2.1.9-1 (unimportant; bug #509348)
	NOTE: original issue doesn't seem to be present, however there is a tmprace in the init
	NOTE: script if it is used to debug with strace and a missing check for mkstemp failing
	NOTE: but these situations are really corner cases
CVE-2008-5368 (muttprint in muttprint 0.72d allows local users to overwrite arbitrary ...)
	- muttprint 0.72d-10 (low; bug #509487)
	[etch] - muttprint <no-dsa> (Minor issue)
	TODO: next point release: [etch] - muttprint 0.72d-8etch1
CVE-2008-5367 (ip-up in ppp-udeb 2.4.4rel on Debian GNU/Linux allows local users to ...)
	- ppp <unfixed> (unimportant)
	NOTE: insecure temp file handling in udeb is not an issue, since it is during the installation
CVE-2008-5366 (The postinst script in ppp 2.4.4rel on Debian GNU/Linux allows local ...)
	- ppp <unfixed> (unimportant; bug #509488)
	NOTE: Package postinst isn't vulnerable, only .tmp files in /etc
CVE-2008-5365 (SQL injection vulnerability in VoteHistory.asp in ActiveWebSoftwares ...)
	NOT-FOR-US: ActiveWebSoftwares
CVE-2008-5364 (Stack-based buffer overflow in the getPlus ActiveX control in gp.ocx ...)
	NOT-FOR-US: getPlus
CVE-2008-5363 (The ActionScript 2 virtual machine in Adobe Flash Player 10.x before ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2008-5362 (The DefineConstantPool action in the ActionScript 2 virtual machine in ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2008-5361 (The ActionScript 2 virtual machine in Adobe Flash Player 10.x before ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2008-5617 (The ACL handling in rsyslog 3.12.1 to 3.20.0, 4.1.0, and 4.1.1 does ...)
	- rsyslog 3.18.6-1 (bug #508027)
CVE-2008-5624 (PHP 5 before 5.2.7 does not properly initialize the page_uid and ...)
	{DTSA-188-1}
	- php5 5.2.6.dfsg.1-1 (bug #508021)
	TODO: check php4
CVE-2008-5660 (Format string vulnerability in the vinagre_utils_show_error function ...)
	- vinagre 0.5.1-2
CVE-2008-5360 (Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and ...)
	- sun-java5 <unfixed> (low; bug #508194)
	[etch] - sun-java5 <no-dsa> (Non-free not supported)
	[lenny] - sun-java5 <no-dsa> (Non-free not supported)
	- sun-java6 <unfixed> (low; bug #508195)
	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
	- openjdk-6 6b11-9.1 (bug #510972)
CVE-2008-5359 (Buffer overflow in Java Runtime Environment (JRE) for Sun JDK and JRE ...)
	- sun-java5 <unfixed> (bug #508194)
	[etch] - sun-java5 <no-dsa> (Non-free not supported)
	[lenny] - sun-java5 <no-dsa> (Non-free not supported)
	- sun-java6 <unfixed> (bug #508195)
	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
	- openjdk-6 6b11-9.1 (bug #510972)
CVE-2008-5358 (Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and ...)
	- sun-java5 <unfixed> (bug #508194)
	[etch] - sun-java5 <no-dsa> (Non-free not supported)
	[lenny] - sun-java5 <no-dsa> (Non-free not supported)
	- sun-java6 <unfixed> (bug #508195)
	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
	- openjdk-6 6b11-9.1 (bug #510972)
CVE-2008-5357 (Integer overflow in Java Runtime Environment (JRE) for Sun JDK and JRE ...)
	- sun-java5 <unfixed> (bug #508194)
	[etch] - sun-java5 <no-dsa> (Non-free not supported)
	[lenny] - sun-java5 <no-dsa> (Non-free not supported)
	- sun-java6 <unfixed> (bug #508195)
	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
	- openjdk-6 <unfixed> (bug #510972)
CVE-2008-5356 (Heap-based buffer overflow in Java Runtime Environment (JRE) for Sun ...)
	- sun-java5 <unfixed> (bug #508194)
	[etch] - sun-java5 <no-dsa> (Non-free not supported)
	[lenny] - sun-java5 <no-dsa> (Non-free not supported)
	- sun-java6 <unfixed> (bug #508195)
	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
	- openjdk-6 <unfixed> (bug #510972)
CVE-2008-5355 (The &quot;Java Update&quot; feature for Java Runtime Environment (JRE) for Sun ...)
	- sun-java5 <not-affected> (Java update not used in Debian)
	- sun-java6 <not-affected> (Java update not used in Debian)
	- openjdk-6 <not-affected> (Java update not used in Debian)
CVE-2008-5354 (Stack-based buffer overflow in Java Runtime Environment (JRE) for Sun ...)
	- sun-java5 <unfixed> (bug #508194)
	[etch] - sun-java5 <no-dsa> (Non-free not supported)
	[lenny] - sun-java5 <no-dsa> (Non-free not supported)
	- sun-java6 <unfixed> (bug #508195)
	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
	- openjdk-6 6b11-9.1 (bug #510972)
CVE-2008-5353 (Unspecified vulnerability in Java Runtime Environment (JRE) for Sun ...)
	- sun-java5 <unfixed> (bug #508194)
	[etch] - sun-java5 <no-dsa> (Non-free not supported)
	[lenny] - sun-java5 <no-dsa> (Non-free not supported)
	- sun-java6 <unfixed> (bug #508195)
	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
	- openjdk-6 6b11-9.1 (bug #510972)
CVE-2008-5352 (Integer overflow in the JAR unpacking utility (unpack200) in the ...)
	- sun-java5 <unfixed> (bug #508194)
	[etch] - sun-java5 <no-dsa> (Non-free not supported)
	[lenny] - sun-java5 <no-dsa> (Non-free not supported)
	- sun-java6 <unfixed> (bug #508195)
	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
	- openjdk-6 6b11-9.1 (bug #510972)
CVE-2008-5351 (Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and ...)
	- sun-java5 <unfixed> (bug #508194)
	[etch] - sun-java5 <no-dsa> (Non-free not supported)
	[lenny] - sun-java5 <no-dsa> (Non-free not supported)
	- sun-java6 <unfixed> (bug #508195)
	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
	- openjdk-6 6b11-9.1 (bug #510972)
CVE-2008-5350 (Unspecified vulnerability in Java Runtime Environment (JRE) for Sun ...)
	- sun-java5 <unfixed> (bug #508194)
	[etch] - sun-java5 <no-dsa> (Non-free not supported)
	[lenny] - sun-java5 <no-dsa> (Non-free not supported)
	- sun-java6 <unfixed> (bug #508195)
	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
	- openjdk-6 6b11-9.1 (bug #510972)
CVE-2008-5349 (Unspecified vulnerability in Java Runtime Environment (JRE) for Sun ...)
	- sun-java5 <unfixed> (bug #508194)
	[etch] - sun-java5 <no-dsa> (Non-free not supported)
	[lenny] - sun-java5 <no-dsa> (Non-free not supported)
	- sun-java6 <unfixed> (bug #508195)
	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
	- openjdk-6 6b11-9.1 (bug #510972)
CVE-2008-5348 (Unspecified vulnerability in Java Runtime Environment (JRE) for Sun ...)
	- sun-java5 <unfixed> (bug #508194)
	[etch] - sun-java5 <no-dsa> (Non-free not supported)
	[lenny] - sun-java5 <no-dsa> (Non-free not supported)
	- sun-java6 <unfixed> (bug #508195)
	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
	- openjdk-6 6b11-9.1 (bug #510972)
CVE-2008-5347 (Multiple unspecified vulnerabilities in Java Runtime Environment (JRE) ...)
	- sun-java5 <unfixed> (bug #508194)
	[etch] - sun-java5 <no-dsa> (Non-free not supported)
	[lenny] - sun-java5 <no-dsa> (Non-free not supported)
	- sun-java6 <unfixed> (bug #508195)
	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
	- openjdk-6 6b11-9.1 (bug #510972)
CVE-2008-5346 (Unspecified vulnerability in Java Runtime Environment (JRE) for Sun ...)
	- sun-java5 <unfixed> (bug #508194)
	[etch] - sun-java5 <no-dsa> (Non-free not supported)
	[lenny] - sun-java5 <no-dsa> (Non-free not supported)
	- sun-java6 <unfixed> (bug #508195)
	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
	- openjdk-6 <unfixed> (bug #510972)
CVE-2008-5345 (Unspecified vulnerability in Java Runtime Environment (JRE) with Sun ...)
	- sun-java5 <unfixed> (bug #508194)
	[etch] - sun-java5 <no-dsa> (Non-free not supported)
	[lenny] - sun-java5 <no-dsa> (Non-free not supported)
	- sun-java6 <unfixed> (bug #508195)
	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
	- openjdk-6 <unfixed> (bug #510972)
CVE-2008-5344 (Unspecified vulnerability in Java Web Start (JWS) and Java Plug-in ...)
	- sun-java5 <unfixed> (bug #508194)
	[etch] - sun-java5 <no-dsa> (Non-free not supported)
	[lenny] - sun-java5 <no-dsa> (Non-free not supported)
	- sun-java6 <unfixed> (bug #508195)
	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
	- openjdk-6 <unfixed> (bug #510972)
CVE-2008-5343 (Java Web Start (JWS) and Java Plug-in with Sun JDK and JRE 6 Update 10 ...)
	- sun-java5 <unfixed> (bug #508194)
	[etch] - sun-java5 <no-dsa> (Non-free not supported)
	[lenny] - sun-java5 <no-dsa> (Non-free not supported)
	- sun-java6 <unfixed> (bug #508195)
	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
	- openjdk-6 <unfixed> (bug #510972)
CVE-2008-5342 (Unspecified vulnerability in the BasicService for Java Web Start (JWS) ...)
	- sun-java5 <unfixed> (bug #508194)
	[etch] - sun-java5 <no-dsa> (Non-free not supported)
	[lenny] - sun-java5 <no-dsa> (Non-free not supported)
	- sun-java6 <unfixed> (bug #508195)
	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
	- openjdk-6 <unfixed> (bug #510972)
CVE-2008-5341 (Unspecified vulnerability in Java Web Start (JWS) and Java Plug-in ...)
	- sun-java5 <unfixed> (bug #508194)
	[etch] - sun-java5 <no-dsa> (Non-free not supported)
	[lenny] - sun-java5 <no-dsa> (Non-free not supported)
	- sun-java6 <unfixed> (bug #508195)
	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
	- openjdk-6 <unfixed> (bug #510972)
CVE-2008-5340 (Unspecified vulnerability in Java Web Start (JWS) and Java Plug-in ...)
	- sun-java5 <unfixed> (bug #508194)
	[etch] - sun-java5 <no-dsa> (Non-free not supported)
	[lenny] - sun-java5 <no-dsa> (Non-free not supported)
	- sun-java6 <unfixed> (bug #508195)
	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
	- openjdk-6 <unfixed> (bug #510972)
CVE-2008-5339 (Unspecified vulnerability in Java Web Start (JWS) and Java Plug-in ...)
	- sun-java5 <unfixed> (bug #508194)
	[etch] - sun-java5 <no-dsa> (Non-free not supported)
	[lenny] - sun-java5 <no-dsa> (Non-free not supported)
	- sun-java6 <unfixed> (bug #508195)
	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
	- openjdk-6 <unfixed> (bug #510972)
CVE-2008-5338 (Cross-site scripting (XSS) vulnerability in info.php in Bandwebsite ...)
	NOT-FOR-US: Bandwebsite
CVE-2008-5337 (SQL injection vulnerability in lyrics.php in Bandwebsite (aka Bandsite ...)
	NOT-FOR-US: Bandwebsite
CVE-2008-5336 (SQL injection vulnerability in index.php in WebStudio CMS allows ...)
	NOT-FOR-US: WebStudio CMS
CVE-2008-5335 (SQL injection vulnerability in messages.php in PHP-Fusion 6.01.15 and ...)
	NOT-FOR-US: PHP-Fusion
CVE-2008-5334 (PHP remote file inclusion vulnerability in includes/common.php in ...)
	NOT-FOR-US: NitroTech
CVE-2008-5333 (SQL injection vulnerability in members.php in NitroTech 0.0.3a allows ...)
	NOT-FOR-US: NitroTech
CVE-2008-5332 (Multiple PHP remote file inclusion vulnerabilities in Pie 0.5.3 allow ...)
	NOT-FOR-US: Pie Web M{a,e}sher
CVE-2008-5331 (Adobe Acrobat 9 uses more efficient encryption than previous versions, ...)
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2008-5330 (Multiple cross-site scripting (XSS) vulnerabilities in the web ...)
	NOT-FOR-US: ClearCase RWP IBM
CVE-2008-5329 (ClearQuest Web in IBM Rational ClearQuest MultiSite before 7.1 allows ...)
	NOT-FOR-US: IBM
CVE-2008-5328 (The ClearQuest Maintenance Tool in IBM Rational ClearQuest before 7 ...)
	NOT-FOR-US: IBM
CVE-2008-5327 (The ClearQuest Maintenance Tool in IBM Rational ClearQuest 7 before ...)
	NOT-FOR-US: IBM
CVE-2008-5326 (The ClearQuest Maintenance Tool in IBM Rational ClearQuest 7.0.0 ...)
	NOT-FOR-US: IBM
CVE-2008-5325 (Multiple cross-site scripting (XSS) vulnerabilities in CQ Web in IBM ...)
	NOT-FOR-US: IBM
CVE-2008-5324 (Multiple cross-site scripting (XSS) vulnerabilities in CQ Web in IBM ...)
	NOT-FOR-US: IBM
CVE-2007-6719 (SQL injection vulnerability in Wiz-Ad 1.3 allows remote attackers to ...)
	NOT-FOR-US: Wiz-Ad
CVE-2008-5658 (Directory traversal vulnerability in the ZipArchive::extractTo ...)
	{DTSA-188-1}
	- php5 5.2.6.dfsg.1-3 (bug #507857)
	- php4 <unfixed>
CVE-2008-5323 (Cross-site scripting (XSS) vulnerability in index.php in Wysi Wiki Wyg ...)
	NOT-FOR-US: Wysi Wiki Wyg
CVE-2008-5322 (Wysi Wiki Wyg 1.0 allows remote attackers to obtain system information ...)
	NOT-FOR-US: Wysi Wiki Wyg
CVE-2008-5321 (SQL injection vulnerability in index.php in GesGaleri, a module for ...)
	NOT-FOR-US: XOOPS module
CVE-2008-5320 (SQL injection vulnerability in usersettings.php in e107 0.7.13 and ...)
	NOT-FOR-US: e107
CVE-2008-5319 (Unspecified vulnerability in Tikiwiki before 2.2 has unknown impact ...)
	- tikiwiki <removed>
CVE-2008-5318 (Unspecified vulnerability in Tikiwiki before 2.2 has unknown impact ...)
	- tikiwiki <removed>
CVE-2008-5317 (Integer signedness error in the cmsAllocGamma function in ...)
	{DSA-1684-1}
	- lcms 1.17-1
	- openjdk-6 <unfixed>
CVE-2008-5316 (Buffer overflow in the ReadEmbeddedTextTag function in src/cmsio1.c in ...)
	{DSA-1684-1}
	- lcms 1.16-1
CVE-2008-5315 (Directory traversal vulnerability in the web interface in Apple iPhone ...)
	NOT-FOR-US: Apple iPhone Configuration Web Utility
CVE-2008-XXXX [Insecure tmpdir creation]
	[lenny] - devscripts 2.10.35lenny1 (low)
	- devscripts 2.10.42 (low; bug #507482)
	[etch] - devscripts <no-dsa> (Minor issue)
	TODO: next point release: [etch] - devscripts 2.9.26etch2
CVE-2008-XXXX [Insecure tempfile creation]
	- devscripts 2.10.42 (low; bug #508111)
	[etch] - devscripts <not-affected> (vulnerable code not present)
	[lenny] - devscripts 2.10.35lenny1 (low)
CVE-2008-5314 (Stack consumption vulnerability in libclamav/special.c in ClamAV ...)
	{DSA-1680-1}
	- clamav 0.94.dfsg.2-1 (medium; bug #507624)
CVE-2008-5311 (SQL injection vulnerability in image.php in NetArt Media Blog System ...)
	NOT-FOR-US: NetArt Media Blog System
CVE-2008-5310 (SQL injection vulnerability in image.php in NetArt Media Car Portal ...)
	NOT-FOR-US: NetArt Media Car Portal
CVE-2008-5309 (SQL injection vulnerability in NetArt Media Real Estate Portal 1.2 ...)
	NOT-FOR-US: NetArt Media Real Estate Portal
CVE-2008-5308 (The Simple Forum 3.1d module for LoveCMS 1.6.2 Final does properly ...)
	NOT-FOR-US: LoveCMS
CVE-2008-5307 (SQL injection vulnerability in admin/index.php in PG Roommate Finder ...)
	NOT-FOR-US: PG Roommate Finder Solution
CVE-2008-5306 (SQL injection vulnerability in admin/index.php in PG Real Estate ...)
	NOT-FOR-US: PG Real Estate Solution
CVE-2008-5305 (Eval injection vulnerability in TWiki before 4.2.4 allows remote ...)
	- twiki <unfixed> (medium; bug #508257)
CVE-2008-5304 (Cross-site scripting (XSS) vulnerability in TWiki before 4.2.4 allows ...)
	- twiki <unfixed> (low; bug #508256)
CVE-2008-5303 (Race condition in the rmtree function in File::Path 1.08 ...)
	{DSA-1678-1}
	- perl 5.10.0-18
CVE-2008-5302 (Race condition in the rmtree function in File::Path 1.08 and 2.07 ...)
	{DSA-1678-1}
	- perl 5.10.0-18
CVE-2008-5301 (Directory traversal vulnerability in the ManageSieve implementation in ...)
	- dovecot 1:1.0.15-2.3 (bug #506031)
CVE-2008-5300 (Linux kernel 2.6.28 allows local users to cause a denial of service ...)
	{DSA-1687-1 DSA-1681-1}
	- linux-2.6 2.6.26-12
	- linux-2.6.24 2.6.24-6~etchnhalf.7
CVE-2008-5296 (Gallery 1.5.x before 1.5.10 and 1.6 before 1.6-RC3, when ...)
	- gallery 1.5.9-1.2 (low; bug #506824)
	[etch] - gallery <not-affected> (vulnerable code introduced in 1.5.8-svn-b34)
CVE-2008-5295 (SQL injection vulnerability in index.php in Jamit Job Board 3.4.10 ...)
	NOT-FOR-US: Jamit Job Board 
CVE-2008-5294 (SQL injection vulnerability in index.php in WebStudio eCatalogue ...)
	NOT-FOR-US: WebStudio eCatalogue
CVE-2008-5293 (SQL injection vulnerability in index.php in WebStudio eHotel allows ...)
	NOT-FOR-US: WebStudio eHotel
CVE-2008-5292 (SQL injection vulnerability in view_snaps.php in VideoGirls BiZ, ...)
	NOT-FOR-US: VideoGirls
CVE-2008-5291 (Directory traversal vulnerability in code/track.php in FuzzyLime 3.03 ...)
	NOT-FOR-US: FuzzyLime
CVE-2008-5290 (Cross-site scripting (XSS) vulnerability in full_txt.php in Werner ...)
	NOT-FOR-US: Werner Hilversum Clean CMS
CVE-2008-5289 (SQL injection vulnerability in full_txt.php in Werner Hilversum Clean ...)
	NOT-FOR-US: Werner Hilversum Clean CMS
CVE-2008-5288 (PHP remote file inclusion vulnerability in include/header.php in ...)
	NOT-FOR-US: Werner Hilversum Clean CMS
CVE-2008-5287 (SQL injection vulnerability in catagorie.php in Werner Hilversum FAQ ...)
	NOT-FOR-US: Werner Hilversum Clean CMS
CVE-2008-5284 (The web server in IEA Software RadiusNT and RadiusX 5.1.38 and other ...)
	NOT-FOR-US: IEA Software RadiusNT and RadiusX
CVE-2008-5283 (Google Hack Honeypot (GHH) File Upload Manager 1.3 allows remote ...)
	NOT-FOR-US: File Upload Manager
CVE-2008-5282 (Multiple stack-based buffer overflows in W3C Amaya Web Browser 10.0.1 ...)
	NOTE: neither in Etch nor Lenny, removal has been proposed
	- amaya <unfixed> (bug #507587)
CVE-2008-5281 (Heap-based buffer overflow in Titan FTP Server 6.05 build 550 allows ...)
	NOT-FOR-US: Titan FTP Server
CVE-2008-5280 (The Local ZIM Server in Zilab Chat and Instant Messaging (ZIM) Server ...)
	NOT-FOR-US: Zilab Chat and Instant Messaging
CVE-2008-5279 (The Local ZIM Server (zcs.exe) in Zilab Chat and Instant Messaging ...)
	NOT-FOR-US: Zilab Chat and Instant Messaging
CVE-2008-5277 (PowerDNS before 2.9.21.2 allows remote attackers to cause a denial of ...)
	- pdns 2.9.21.2-1 (low)
	[etch] - pdns <not-affected> (old version of HINFO parser)
CVE-2008-5275 (Multiple directory traversal vulnerabilities in the (a) &quot;Unzip ...)
	NOT-FOR-US: net2ftp
CVE-2008-5274 (Todd Woolums ASP News Management 2.2 allows remote attackers to obtain ...)
	NOT-FOR-US: Todd Woolums ASP News Management
CVE-2008-5273 (SQL injection vulnerability in viewnews.asp in Todd Woolums ASP News ...)
	NOT-FOR-US: Todd Woolums ASP News Management
CVE-2008-5272 (Multiple directory traversal vulnerabilities in Fred Stuurman ...)
	NOT-FOR-US: SyndeoCMS
CVE-2008-5271 (Cross-site scripting (XSS) vulnerability in index.php in Fred Stuurman ...)
	NOT-FOR-US: SyndeoCMS
CVE-2008-5270 (SQL injection vulnerability in view.topics.php in Yuhhu Superstar 2008 ...)
	NOT-FOR-US: Yuhhu Superstar
CVE-2008-5269 (SQL injection vulnerability in index.php in pSys 0.7.0 alpha allows ...)
	NOT-FOR-US: pSys
CVE-2008-5268 (SQL injection vulnerability in content/forums/reply.asp in ASPPortal ...)
	NOT-FOR-US: ASPPortal
CVE-2008-5267 (SQL injection vulnerability in answer.php in Experts 1.0.0, when ...)
	NOT-FOR-US: Experts
CVE-2008-5266 (Cross-site scripting (XSS) vulnerability in ...)
	NOT-FOR-US: Sun Java System Application Server 
CVE-2008-5265 (Directory traversal vulnerability in index.php in TNT Forum 0.9.4, ...)
	NOT-FOR-US: TNT Forum
CVE-2008-5264 (Cross-site scripting (XSS) vulnerability in searcher.exe in Tornado ...)
	NOT-FOR-US: Tornado Knowledge Retrieval System
CVE-2008-5263
	RESERVED
CVE-2008-5262 (Multiple stack-based buffer overflows in the iGetHdrHeader function in ...)
	{DSA-1717-1 DTSA-184-1}
	- devil 1.7.5-4 (low; bug #511844; bug #512122)
	NOTE: fix for 1.7.5-3 incomplete, see #512122
CVE-2008-5261
	RESERVED
CVE-2008-5260 (Heap-based buffer overflow in the CamImage.CamImage.1 ActiveX control ...)
	NOT-FOR-US: ActiveX
CVE-2008-5259
	RESERVED
CVE-2008-5258
	RESERVED
CVE-2008-5257 (webseald in WebSEAL 6.0.0.17 in IBM Tivoli Access Manager for ...)
	NOT-FOR-US: WebSEAL
CVE-2008-5255
	RESERVED
CVE-2008-5254
	RESERVED
CVE-2008-5253
	RESERVED
CVE-2008-5252 (Cross-site request forgery (CSRF) vulnerability in the Special:Import ...)
	{DTSA-186-1}
	- mediawiki 1:1.13.3-1 (bug #508870)
CVE-2008-5251
	RESERVED
CVE-2008-5250 (Cross-site scripting (XSS) vulnerability in MediaWiki before 1.6.11, ...)
	{DTSA-186-1}
	- mediawiki 1:1.13.3-1 (bug #508869)
CVE-2008-5249 (Cross-site scripting (XSS) vulnerability in MediaWiki 1.13.0 through ...)
	{DTSA-186-1}
	- mediawiki 1:1.13.3-1 (bug #508868)
CVE-2008-5276 (Integer overflow in the ReadRealIndex function in real.c in the Real ...)
	- vlc <not-affected> (vulnerable code not present)
	NOTE: affected versions are >= 0.9.x (experimental)
CVE-2008-XXXX [multiple vulnerabilities in phpcas]
	- libphp-cas <itp> (bug #495542)
	- moodle <unfixed>
	- glpi <unfixed>
	NOTE: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=495542#82
	NOTE: upstream has been notified
	TODO: write proper advisory and request CVE id
CVE-2008-XXXX [php: inifile handler for the dba functions can be used to truncate a file]
	- php5 5.2.6.dfsg.1-3 (low; bug #507101)
	[lenny] - php5 5.2.6.dfsg.1-1+lenny2
	- php4 <unfixed> (low)
	NOTE: CVE id requested
CVE-2008-5278 (Cross-site scripting (XSS) vulnerability in the self_link function in ...)
	- wordpress 2.5.1-11 (low; bug #507193)
CVE-2008-5286 (Integer overflow in the _cupsImageReadPNG function in CUPS 1.1.17 ...)
	{DSA-1677-1}
	- cups 1.3.8-1lenny4 (bug #507183; medium)
CVE-2008-XXXX [geda-gnetlist: sch2eaglepos.sh has insecure temp file handling ]
	- geda-gnetlist 1:1.4.0-3 (bug #506625; unimportant)
	NOTE: sch2eaglepos.sh only used as example script
CVE-2008-5248 (xine-lib before 1.1.15 allows remote attackers to cause a denial of ...)
	- xine-lib 1.1.14-3 (unimportant)
	NOTE: just a crasher
CVE-2008-5247 (The real_parse_audio_specific_data function in demux_real.c in ...)
	- xine-lib <unfixed> (unimportant; bug #508715)
	NOTE: a devide by 0 because of a crafted media file is hardly a security issue,
	NOTE: the integer overflows covered by the ocert advisory in the same code snippet
	NOTE: got an own identifier
CVE-2008-5246 (Multiple heap-based buffer overflows in xine-lib before 1.1.15 allow ...)
	- xine-lib 1.1.14-3 (low; bug #507184; bug #498243)
CVE-2008-5245 (xine-lib before 1.1.15 performs V4L video frame preallocation before ...)
	- xine-lib 1.1.14-3 (low)
CVE-2008-5244 (Unspecified vulnerability in xine-lib before 1.1.15 has unknown impact ...)
	- xine-lib 1.1.14-3 (unimportant)
	- faad2 2.6.1-1 (unimportant)
	- mplayer 1.0~rc2-20 (unimportant; bug #407010)
	NOTE: overlaps with CVE-2008-4610, same aac issue
	NOTE: just a crasher, no security implications known so far
CVE-2008-5243 (The real_parse_headers function in demux_real.c in xine-lib 1.1.12, ...)
	- xine-lib 1.1.16-1 (unimportant; bug #508716)
	[lenny] - xine-lib 1.1.14-4
	NOTE: these are just invalid reads that result in segfaults, denial of service doesnt
	NOTE: apply here as xine reading a file is no service -> application bug
CVE-2008-5242 (demux_qt.c in xine-lib 1.1.12, and other 1.1.15 and earlier versions, ...)
	- xine-lib 1.1.16-1 (medium; bug #507165; bug #498243)
	[lenny] - xine-lib 1.1.14-4
CVE-2008-5241 (Integer underflow in demux_qt.c in xine-lib 1.1.12, and other 1.1.15 ...)
	- xine-lib 1.1.16-1 (low; bug #509008)
	[lenny] - xine-lib 1.1.14-4
CVE-2008-5240 (xine-lib 1.1.12, and other 1.1.15 and earlier versions, relies on an ...)
	- xine-lib 1.1.16-2 (low; bug #509352)
	[lenny] - xine-lib 1.1.14-5
CVE-2008-5239 (xine-lib 1.1.12, and other 1.1.15 and earlier versions, does not ...)
	- xine-lib 1.1.16-2 (medium; bug #509353)
	[lenny] - xine-lib 1.1.14-5
CVE-2008-5238 (Integer overflow in the real_parse_mdpr function in demux_real.c in ...)
	- xine-lib 1.1.14-3 (low)
	NOTE: code execution shouldn't work here as if 0xff will be extended to 0xffffffff
	NOTE: memcpy fails for copying from the complete addressable address space long before any code is executed
	NOTE: the malloc check for type_specific_data is missing, minor issue filed as #508065
CVE-2008-5237 (Multiple integer overflows in xine-lib 1.1.12, and other 1.1.15 and ...)
	- xine-lib 1.1.16-1 (bug #509265; low)
	[lenny] - xine-lib 1.1.14-4
CVE-2008-5236 (Multiple heap-based buffer overflows in xine-lib 1.1.12, and other ...)
	- xine-lib 1.1.16-1 (bug #509521)
	[lenny] - xine-lib 1.1.14-4
CVE-2008-5235 (Heap-based buffer overflow in the demux_real_send_chunk function in ...)
	- xine-lib 1.1.14-3
CVE-2008-5234 (Multiple heap-based buffer overflows in xine-lib 1.1.12, and other ...)
	- xine-lib 1.1.16-1 (medium; bug #508313; bug #498243)
	[lenny] - xine-lib 1.1.14-4
CVE-2008-5233 (xine-lib 1.1.12, and other versions before 1.1.15, does not check for ...)
	- xine-lib 1.1.14-3 (low)
CVE-2008-5232 (Buffer overflow in the CallHTMLHelp method in the Microsoft Windows ...)
	NOT-FOR-US: Microsoft Windows Media Services
CVE-2008-5231 (Stack-based buffer overflow in the ExecuteRequest method in the Novell ...)
	NOT-FOR-US: Novell iPrint
CVE-2008-5230 (The Temporal Key Integrity Protocol (TKIP) implementation in ...)
	NOT-FOR-US: WPA weakness
CVE-2008-5229 (Stack-based buffer overflow in Microsoft Device IO Control in ...)
	NOT-FOR-US: Microsoft Device IO Control
CVE-2008-5228 (Cross-site scripting (XSS) vulnerability in IBM Workplace Content ...)
	NOT-FOR-US: IBM Workplace Content Management
CVE-2008-5227 (Unspecified vulnerability in PHPCow allows remote attackers to execute ...)
	NOT-FOR-US: PHPCow
CVE-2008-5226 (SQL injection vulnerability in the MambAds (com_mambads) component 1.0 ...)
	NOT-FOR-US: com_mambads component for Mambo
CVE-2008-5225 (Multiple cross-site scripting (XSS) vulnerabilities in Xerox DocuShare ...)
	NOT-FOR-US: Xerox DocuShare
CVE-2008-5224 (Cross-site scripting (XSS) vulnerability in Kent Web Mart 1.61 and ...)
	NOT-FOR-US: Kent Web Mart
CVE-2008-5223 (SQL injection vulnerability in index.php in Airvae Commerce 3.0 allows ...)
	NOT-FOR-US: Airvae Commerce
CVE-2008-5222 (SQL injection vulnerability in login.asp in Dvbbs 8.2.0 allows remote ...)
	NOT-FOR-US: Dvbbs
CVE-2008-5221 (The account_save action in admin/userinfo.php in wPortfolio 0.3 and ...)
	NOT-FOR-US: wPortfolio
CVE-2008-5220 (Unrestricted file upload vulnerability in admin/upload_form.php in ...)
	NOT-FOR-US: wPortfolio
CVE-2008-5219 (The password change feature (admin/cp.php) in VideoScript 4.0.1.50 and ...)
	NOT-FOR-US: VideoScript
CVE-2008-5218 (ScriptsEz FREEze Greetings 1.0 stores pwd.txt under the web root with ...)
	NOT-FOR-US: ScriptsEz FREEze Greetings
CVE-2008-5217 (Directory traversal vulnerability in index.php in txtCMS 0.3, when ...)
	NOT-FOR-US: textCMS
CVE-2008-5216 (SQL injection vulnerability in category_list.php in AJ Square ZeusCart ...)
	NOT-FOR-US: AJ Square ZeusCart
CVE-2008-5215 (SQL injection vulnerability in service/profil.php in ClanLite ...)
	NOT-FOR-US: ClanLite
CVE-2008-5214 (Cross-site scripting (XSS) vulnerability in service/calendrier.php in ...)
	NOT-FOR-US: ClanLite
CVE-2008-5213 (SQL injection vulnerability in featured_article.php in AJ Article 1.0 ...)
	NOT-FOR-US: AJ Article
CVE-2008-5212 (SQL injection vulnerability in classifide_ad.php in AJ Auction 6.2.1 ...)
	NOT-FOR-US: AJ Auction
CVE-2008-5211 (Cross-site scripting (XSS) vulnerability in search.php in Sphider ...)
	NOT-FOR-US: Sphider
CVE-2008-5210 (Multiple PHP remote file inclusion vulnerabilities in PhpBlock A8.5 ...)
	NOT-FOR-US: PhpBlock
CVE-2008-5209 (Directory traversal vulnerability in modules/download/get_file.php in ...)
	NOT-FOR-US: Admidio
CVE-2008-5208 (SQL injection vulnerability in sub_votepic.php in the Datsogallery ...)
	NOT-FOR-US:  Datsogallery joomla module
CVE-2008-5207 (Multiple directory traversal vulnerabilities in Jonascms 1.2 allow ...)
	NOT-FOR-US: Jonascms
CVE-2008-5206 (PHP remote file inclusion vulnerability in modules/mod_mainmenu.php in ...)
	NOT-FOR-US: MosXML
CVE-2008-5205 (Cross-site scripting (XSS) vulnerability in edit.php in wellyblog ...)
	NOT-FOR-US: wellyblog
CVE-2008-5204 (Multiple directory traversal vulnerabilities in PowerAward 1.1.0 RC1, ...)
	NOT-FOR-US: PowerAward
CVE-2008-5203 (Cross-site scripting (XSS) vulnerability in external_vote.php in ...)
	NOT-FOR-US: PowerAward
CVE-2008-5202 (Cross-site scripting (XSS) vulnerability in index.php in OTManager CMS ...)
	NOT-FOR-US: OTManager CMS
CVE-2008-5201 (Directory traversal vulnerability in index.php in OTManager CMS 24a ...)
	NOT-FOR-US: OTManager CMS
CVE-2008-5200 (SQL injection vulnerability in the Xe webtv (com_xewebtv) component ...)
	NOT-FOR-US: Xe webtv
CVE-2008-5199 (PHP remote file inclusion vulnerability in include.php in ...)
	NOT-FOR-US: PHPOutsourcing IdeaBox
CVE-2008-5198 (SQL injection vulnerability in memberlist.php in Acmlmboard 1.A2 ...)
	NOT-FOR-US: Acmlmboard
CVE-2008-5197 (SQL injection vulnerability in classifieds.php in PHP-Fusion allows ...)
	NOT-FOR-US: PHP-Fusion
CVE-2008-5196 (SQL injection vulnerability in kroax.php in the Kroax (the_kroax) 4.42 ...)
	NOT-FOR-US: Kroax
CVE-2008-5195 (Multiple SQL injection vulnerabilities in SebracCMS (sbcms) 0.4 allow ...)
	NOT-FOR-US: SebracCMS
CVE-2008-5194 (SQL injection vulnerability in checkavail.php in SoftVisions Software ...)
	NOT-FOR-US: SoftVisions Software Online Booking Manager
CVE-2008-5193 (Cross-site scripting (XSS) vulnerability in search.asp in W1L3D4 ...)
	NOT-FOR-US: W1L3D4 Philboard
CVE-2008-5192 (SQL injection vulnerability in forum.asp in W1L3D4 Philboard 1.14 and ...)
	NOT-FOR-US: W1L3D4 Philboard
CVE-2008-5191 (Multiple SQL injection vulnerabilities in SePortal 2.4 allow remote ...)
	NOT-FOR-US: SePortal
CVE-2008-5190 (SQL injection vulnerability in index.php in eSHOP100 allows remote ...)
	NOT-FOR-US: eSHOP100
CVE-2008-5285 (Wireshark 1.0.4 and earlier allows remote attackers to cause a denial ...)
	[lenny] - wireshark 1.0.2-3+lenny3
	- wireshark 1.0.5-1 (low; bug #506741)
CVE-2008-5394 (/bin/login in shadow 4.0.18.1 in Debian GNU/Linux, and probably other ...)
	{DSA-1709-1}
	- shadow 1:4.1.1-6 (bug #505271)
CVE-2008-5706 (The cTrigger::DoIt function in src/ctrigger.cpp in the trigger ...)
	- verlihub <unfixed> (low; bug #506530)
	TODO: further investigation on this package is needed
	NOTE: see http://asdfasdf.ethz.ch/~tar/lina/rats/verlihub.rats
CVE-2008-5705 (The cTrigger::DoIt function in src/ctrigger.cpp in the trigger ...)
	- verlihub <unfixed> (low; bug #506530)
	TODO: further investigation on this package is needed
	NOTE: see http://asdfasdf.ethz.ch/~tar/lina/rats/verlihub.rats
CVE-2008-5189 (CRLF injection vulnerability in Ruby on Rails before 2.0.5 allows ...)
	- rails 2.1.0-6 (low)
CVE-2008-5188 (The (1) ecryptfs-setup-private, (2) ecryptfs-setup-confidential, and ...)
	- ecryptfs-utils 66-1 (low)
	[lenny] - ecryptfs-utils <no-dsa> (Minor issue)
CVE-2008-5184 (The web interface (cgi-bin/admin.c) in CUPS before 1.3.8 uses the ...)
	- cups 1.3.8-1
	[etch] - cupsys <not-affected> (cupsys doesn't crash, code base changed, guest username not submitted)
CVE-2008-5182 (The inotify functionality in Linux kernel 2.6 before 2.6.28-rc5 might ...)
	{DSA-1687-1 DSA-1681-1}
	- linux-2.6 2.6.26-12
	- linux-2.6.24 2.6.24-6~etchnhalf.7
CVE-2008-5181 (Microsoft Communicator allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Microsoft Communicator
CVE-2008-5180 (Microsoft Communicator allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Microsoft Communicator
CVE-2008-5179 (Unspecified vulnerability in Microsoft Office Communications Server ...)
	NOT-FOR-US: Microsoft Office Communications Server
CVE-2008-5178 (Heap-based buffer overflow in Opera 9.62 on Windows allows remote ...)
	NOT-FOR-US: Opera on Windows
CVE-2008-5177 (Stack-based buffer overflow in the DtbClsLogin function in Yosemite ...)
	NOT-FOR-US: Yosemite Backup
CVE-2008-5176 (Multiple buffer overflows in Client Software WinCom LPD Total ...)
	NOT-FOR-US: WinCom LPD
CVE-2008-5187 (The load function in the XPM loader for imlib2 1.4.2, and possibly ...)
	{DSA-1672-1}
	- imlib2 1.4.0-1.2 (bug #505714)
CVE-2008-5625 (PHP 5 before 5.2.7 does not enforce the error_log safe_mode ...)
	- php5 <unfixed> (unimportant)
	NOTE: http://securityreason.com/achievement_securityalert/57
CVE-2008-5312 (mailscanner 4.55.10 and other versions before 4.74.16-1 might allow ...)
	- mailscanner 4.74.16-1 (bug #506353)
	NOTE: there is no difference apart from the versions to CVE-2008-5313
CVE-2008-5313 (mailscanner 4.68.8 and other versions before 4.74.16-1 might allow ...)
	- mailscanner 4.74.16-1 (bug #506353)
	NOTE: there is no difference apart from the versions to CVE-2008-5312
CVE-2008-5175 (Directory traversal vulnerability in the FTP client in AceFTP Freeware ...)
	NOT-FOR-US: AceFTP
CVE-2008-5174 (SQL injection vulnerability in joke.php in Jokes Complete Website ...)
	NOT-FOR-US: Jokes Complete Website
CVE-2008-5173 (Unspecified vulnerability in testMaker before 3.0p16 allows remote ...)
	NOT-FOR-US: testMaker
CVE-2008-5172 (Multiple cross-site scripting (XSS) vulnerabilities in Yazd Forum ...)
	NOT-FOR-US: Yazd Forum Software
CVE-2008-5171 (Multiple directory traversal vulnerabilities in admin/minibb/index.php ...)
	NOT-FOR-US: phpBLASTER CMS
CVE-2008-5170 (SQL injection vulnerability in item.php in Cheats Complete Website ...)
	NOT-FOR-US: Cheats Complete Website
CVE-2008-5169 (SQL injection vulnerability in drinks/drink.php in Drinks Complete ...)
	NOT-FOR-US: Drinks Complete Website
CVE-2008-5168 (SQL injection vulnerability in tip.php in Tips Complete Website 1.2.0 ...)
	NOT-FOR-US: Tips Complete Website
CVE-2008-5167 (PHP remote file inclusion vulnerability in layout/default/params.php ...)
	NOT-FOR-US: Orca Interactive Forum Script
CVE-2008-5166 (SQL injection vulnerability in riddle.php in Riddles Website 1.2.1 ...)
	NOT-FOR-US: Riddles Website
CVE-2008-5165 (Multiple SQL injection vulnerabilities in eTicket 1.5.7 allow remote ...)
	NOT-FOR-US: eTicket
CVE-2008-5164 (Multiple cross-site scripting (XSS) vulnerabilities in The Rat CMS ...)
	NOT-FOR-US: The Rat CMS
CVE-2008-5163 (Multiple SQL injection vulnerabilities in The Rat CMS Pre-Alpha 2 ...)
	NOT-FOR-US: The Rat CMS
CVE-2008-5162 (The arc4random function in the kernel in FreeBSD 6.3 through 7.1 does ...)
	- kfreebsd-6 <unfixed>
	[lenny] - kfreebsd-6 <no-dsa> (KFreebsd not supported)
	- kfreebsd-7 7.1-1
	[lenny] - kfreebsd-7 <no-dsa> (KFreebsd not supported)
CVE-2008-5161 (Error handling in the SSH protocol in (1) SSH Tectia Client and Server ...)
	- openssh <unfixed> (low; bug #506115)
	[etch] - openssh <no-dsa> (Minor issue, see http://www.openssh.org/txt/cbc.adv)
	[lenny] - openssh <no-dsa> (Minor issue, see http://www.openssh.org/txt/cbc.adv)
CVE-2008-5185 (The highlighting functionality in geshi.php in GeSHi before 1.0.8 ...)
	{DTSA-179-1}
	- geshi 1.0.8.1-1 (medium)
CVE-2008-5160 (Unspecified vulnerability in MyServer 0.8.11 allows remote attackers ...)
	- msp-webserver <removed> (bug #506268)
CVE-2008-5159 (Integer overflow in the remote administration protocol processing in ...)
	NOT-FOR-US: WinCom LPD
CVE-2008-5158 (Client Software WinCom LPD Total 3.0.2.623 and earlier allows remote ...)
	NOT-FOR-US: WinCom LPD
CVE-2008-5157 (tau 2.16.4 allows local users to overwrite arbitrary files via a ...)
	- tau <unfixed> (bug #506348)
CVE-2008-5156 (si_mkbootserver in systemimager-server 3.6.3 allows local users to ...)
	- systemimager <unfixed> (bug #506269)
CVE-2008-5155 (mail2sms.sh in smsclient 2.0.8z allows local users to overwrite ...)
	- smsclient <unfixed> (unimportant; bug #498901)
CVE-2008-5154 (bluetooth.rc in p3nfs 5.19 allows local users to overwrite arbitrary ...)
	- p3nfs 5.19-1.2 (low; bug #506270)
	[etch] - p3nfs <no-dsa> (Minor issue)
CVE-2008-5153 (spell-check-logic.cgi in Moodle 1.8.2 allows local users to overwrite ...)
	- moodle <unfixed> (unimportant)
	NOTE: manual editing of file is required to run the unsafe code
CVE-2008-5152 (inmail-show in mh-book 200605 allows local users to overwrite ...)
	- mh-book <unfixed> (unimportant)
	NOTE: unsafe code is in example script
CVE-2008-5151 (test_parser.py in mayavi 1.5 allows local users to overwrite arbitrary ...)
	- mayavi <unfixed> (unimportant)
	NOTE: just a comment, not code
CVE-2008-5150 (sample.sh in maildirsync 1.1 allows local users to append data to ...)
	- maildirsync <unfixed> (unimportant)
	NOTE: unsafe code is in example script
CVE-2008-5149 (fwd_check.sh in libncbi6 6.1.20080302 allows local users to overwrite ...)
	- ncbi-tools6 6.1.20080302-4 (unimportant)
	NOTE: unsafe code is in example script
CVE-2008-5148 (sch2eaglepos.sh in geda-gnetlist 1.4.0 allows local users to overwrite ...)
	- geda-gnetlist <unfixed> (unimportant)
	NOTE: unsafe code is an example script
CVE-2008-5147 (test-pipe-to-pyodconverter.org.sh in docvert 2.4 allows local users to ...)
	- docvert 3.4-7 (unimportant)
	NOTE: unsafe code is in test script with multiple hardcoded files
CVE-2008-5146 (add-accession-numbers in ctn 3.0.6 allows local users to overwrite ...)
	- ctn <unfixed> (unimportant)
	NOTE: unsafe code is in example script
CVE-2008-5145 (ltpmenu in ltp 20060918 allows local users to overwrite arbitrary ...)
	- ltp 20060918-3 (low; bug #506272)
	[etch] - ltp <no-dsa> (Minor issue)
	NOTE: this is not the same as CVE-2008-4969
CVE-2008-5144 (nvidia-cg-toolkit-installer in nvidia-cg-toolkit 2.0.0015 allows local ...)
	- nvidia-cg-toolkit <unfixed> (unimportant)
	NOTE: -installer can be run from postinst but unsafe code is only executed when a special option is used when manually running the installer
CVE-2008-5143 (mgt-helper in multi-gnome-terminal 1.6.2 allows local users to ...)
	[etch] - multi-gnome-terminal <no-dsa> (Symlink issue not run as root)
	- multi-gnome-terminal <removed>
CVE-2008-5142 (sendbug in freebsd-sendpr 3.113+5.3 on Debian GNU/Linux allows local ...)
	- freebsd-sendpr <unfixed> (unimportant)
	NOTE: code is only executed when the script to send bug reports fails
CVE-2008-5141 (flamethrower in flamethrower 0.1.8 allows local users to overwrite ...)
	{DSA-1676-1}
	- flamethrower 0.1.8-2 (low; bug #506350)
CVE-2008-5140 (trend-autoupdate.new in mailscanner 4.55.10 and other versions before ...)
	- mailscanner 4.57.6-1 (unimportant)
	NOTE: script should only be used when the private Trend Micro antivirus is installed
CVE-2008-5139 (updatejail in jailer 0.4 allows local users to overwrite arbitrary ...)
	{DSA-1674-1}
	- jailer 0.4-10 (bug #410548; low)
CVE-2008-5138 (passwdehd in libpam-mount 0.43 allows local users to overwrite ...)
	- libpam-mount 1.2+gitaa4791f-1 (low)
	[lenny] - libpam-mount 0.44-1+lenny2
CVE-2008-5137 (tkman in tkman 2.2 allows local users to overwrite arbitrary files via ...)
	- tkman 2.2-4 (low; bug #506496)
	[etch] - tkman <no-dsa> (Minor issue)
CVE-2008-5136 (tkusr in tkusr 0.82 allows local users to overwrite arbitrary files ...)
	[etch] - tkusr <no-dsa> (Minor issue)
	- tkusr <removed> (low)
CVE-2008-5135 (** DISPUTED ** ...)
	- os-prober <unfixed> (unimportant)
CVE-2008-5134 (Buffer overflow in the lbs_process_bss function in ...)
	{DSA-1681-1}
	[etch] - linux-2.6 <not-affected> (Vulnerable code not present)
	- linux-2.6 2.6.26-11
	- linux-2.6.24 2.6.24-6~etchnhalf.7
CVE-2008-5133 (ipnat in IP Filter in Sun Solaris 10 and OpenSolaris before snv_96, ...)
	NOT-FOR-US: ipnat
CVE-2008-5183 (cupsd in CUPS 1.3.9 and earlier allows local users, and possibly ...)
	- cups <unfixed> (low; bug #506180)
	[etch] - cupsys <not-affected> (RSS subscription code not yet present)
CVE-2008-5297 (Buffer overflow in No-IP DUC 2.1.7 and earlier allows remote HTTP ...)
	{DSA-1686-1}
	- no-ip 2.1.7-11 (bug #506179)
CVE-2008-5132 (SQL injection vulnerability in inc/ajax/ajax_rating.php in MemHT ...)
	NOT-FOR-US: MemHT Portal
CVE-2008-5131 (Multiple SQL injection vulnerabilities in Develop It Easy News And ...)
	NOT-FOR-US: Develop It Easy News And Article System
CVE-2008-5130 (Ocean12 Calendar Manager Gold 2.04 stores sensitive information under ...)
	NOT-FOR-US: Ocean12 software
CVE-2008-5129 (Ocean12 Poll Manager Pro 1.00 stores sensitive information under the ...)
	NOT-FOR-US: Ocean12 software
CVE-2008-5128 (Ocean12 Membership Manager Pro stores sensitive information under the ...)
	NOT-FOR-US: Ocean12 software
CVE-2008-5127 (Ocean12 Contact Manager Pro 1.02 stores sensitive information under ...)
	NOT-FOR-US: Ocean12 software
CVE-2008-5126 (Cross-site scripting (XSS) vulnerability in search.php in BoutikOne ...)
	NOT-FOR-US: BoutikOne
CVE-2008-5125 (admin.php in CCleague Pro 1.2 allows remote attackers to bypass ...)
	NOT-FOR-US: CCleague Pro
CVE-2008-5124 (JSCAPE Secure FTP Applet 4.8.0 and earlier does not ask the user to ...)
	NOT-FOR-US: JSCAPE Secure FTP Applet
CVE-2008-5123 (SQL injection vulnerability in admin.php in CCleague Pro 1.2 allows ...)
	NOT-FOR-US: CCleague Pro
CVE-2008-5122 (SQL injection vulnerability in ContentRatingGraph.aspx in Ektron ...)
	NOT-FOR-US: Ektron CMS400.NET
CVE-2008-5121 (dne2000.sys in Citrix Deterministic Network Enhancer (DNE) 2.21.7.233 ...)
	NOT-FOR-US: Citrix Deterministic Network Enhancer
CVE-2008-5120 (Stack-based buffer overflow in the Process Software MultiNet finger ...)
	NOT-FOR-US: MultiNet finger service
CVE-2008-5119 (Cross-site scripting (XSS) vulnerability in search.php in ...)
	NOT-FOR-US: Scripts4Profit DXShopCart
CVE-2008-5118 (Sun Java System Identity Manager 6.0 through 6.0 SP4, 7.0, and 7.1 ...)
	NOT-FOR-US: Sun Java System Identity Manager
CVE-2008-5117 (Open redirect vulnerability in Sun Java System Identity Manager 6.0 ...)
	NOT-FOR-US: Sun Java System Identity Manager
CVE-2008-5116 (Unspecified vulnerability in Sun Java System Identity Manager 6.0 ...)
	NOT-FOR-US: Sun Java System Identity Manager
CVE-2008-5115 (Cross-site request forgery (CSRF) vulnerability in Sun Java System ...)
	NOT-FOR-US: Sun Java System Identity Manager
CVE-2008-5114 (Multiple cross-site scripting (XSS) vulnerabilities in Sun Java System ...)
	NOT-FOR-US: Sun Java System Identity Manager
CVE-2008-5112 (The LDAP server in Active Directory in Microsoft Windows 2000 SP4 and ...)
	NOT-FOR-US: Microsoft
CVE-2008-5111 (Unspecified vulnerability in the socket function in Sun Solaris 10 and ...)
	NOT-FOR-US: Solaris
CVE-2008-5109 (The default configuration of Adobe Flash Media Server (FMS) 3.0 does ...)
	NOT-FOR-US: Adobe Flash
CVE-2008-5108 (Unspecified vulnerability in Adobe AIR 1.1 and earlier allows ...)
	NOT-FOR-US: Adobe AIR
CVE-2008-5107 (The installation process for Citrix Presentation Server 4.5 and ...)
	NOT-FOR-US: Citrix PS
CVE-2008-5106 (Buffer overflow in KarjaSoft Sami FTP Server 2.0.x allows remote ...)
	NOT-FOR-US: KarjaSoft Sami FTP Server
CVE-2008-5105 (KarjaSoft Sami FTP Server 2.0.x allows remote attackers to cause a ...)
	NOT-FOR-US: KarjaSoft Sami FTP Server
CVE-2008-5104 (Ubuntu 6.06 LTS, 7.10, 8.04 LTS, and 8.10, when installed as a virtual ...)
	NOT-FOR-US: VMBuilder
CVE-2008-5103 (The (1) python-vm-builder and (2) ubuntu-vm-builder implementations in ...)
	NOT-FOR-US: VMBuilder
CVE-2008-5102 (PythonScripts in Zope 2 2.11.2 and earlier, as used in Conga and other ...)
	- zope2.10 <unfixed> (unimportant)
	NOTE: this only affects installations in which users have unrestricted access to the management
	NOTE: interface. On Debian there one admin user is added for this at installation time and
	NOTE: non-trustworthy users shouldn't have access to the interface.
	- zope3 <not-affected> (Vulnerable code not present)
CVE-2008-5100 (The strong name (SN) implementation in Microsoft .NET Framework ...)
	NOT-FOR-US: Microsoft .NET Framework
CVE-2008-5099 (Sun Logical Domain Manager (aka LDoms Manager or ldm) 1.0 through ...)
	NOT-FOR-US: Sun Logical Domain Manager
CVE-2008-5098 (Cross-site scripting (XSS) vulnerability in Sun Java System Messaging ...)
	NOT-FOR-US: Sun Java System Messaging Serve
CVE-2008-5110 (syslog-ng does not call chdir when it calls chroot, which might allow ...)
	- syslog-ng 2.0.9-4.1 (unimportant; bug #505791)
	NOTE: no security flaw by itself, still it should be fixed
CVE-2008-5097 (SQL injection vulnerability in index.php in MyFWB 1.0 allows remote ...)
	NOT-FOR-US: MyFWB
CVE-2008-5096 (Unspecified vulnerability in the TYPO3 File List (file_list) extension ...)
	NOT-FOR-US: Typo3 third party extension "file_list"
CVE-2008-5095 (Cross-site scripting (XSS) vulnerability in the Novell User ...)
	NOT-FOR-US: Novell User Application
CVE-2008-5094 (Heap-based buffer overflow in the NDS Service in Novell eDirectory ...)
	NOT-FOR-US: eDirectory
CVE-2008-5093 (Cross-site scripting (XSS) vulnerability in the HTTP Protocol Stack ...)
	NOT-FOR-US: eDirectory
CVE-2008-5092 (Heap-based buffer overflows in Novell eDirectory HTTP protocol stack ...)
	NOT-FOR-US: eDirectory
CVE-2008-5091 (Buffer overflow in the LDAP Service in Novell eDirectory before 8.8 ...)
	NOT-FOR-US: eDirectory
CVE-2008-5090 (Electron Inc. Advanced Electron Forum before 1.0.7 allows remote ...)
	NOT-FOR-US: Advanced Electron Forum
CVE-2008-5089 (Multiple insecure method vulnerabilities in the ...)
	NOT-FOR-US: Data Dynamics ActiveReports ActiveX control
CVE-2008-5088 (Multiple SQL injection vulnerabilities in PHPKB Knowledge Base ...)
	NOT-FOR-US: PHPKB
CVE-2008-5087 (SQL injection vulnerability in TYPO3 Another Backend Login ...)
	NOT-FOR-US: wrg_anotherbelogin extension for typo3
CVE-2008-5086 (Multiple methods in libvirt 0.3.2 through 0.5.1 do not check if a ...)
	- libvirt 0.4.6-10
CVE-2008-5085
	RESERVED
CVE-2008-5084
	RESERVED
CVE-2008-5083
	RESERVED
CVE-2008-5082 (The verifyProof function in the Token Processing System (TPS) ...)
	TODO: check
CVE-2008-5081 (The originates_from_local_legacy_unicast_socket function ...)
	{DSA-1690-1 DTSA-189-1}
	- avahi 0.6.23-3 (bug #508700; low)
CVE-2008-5080 (awstats.pl in AWStats 6.8 and earlier does not properly remove quote ...)
	{DSA-1679-1}
	- awstats 6.7.dfsg-5.1 (bug #495432; low)
CVE-2008-5079 (net/atm/svc.c in the ATM subsystem in the Linux kernel 2.6.27.8 and ...)
	{DSA-1687-1}
	- linux-2.6 2.6.26-12
	- linux-2.6.24 <removed>
	NOTE: http://marc.info/?l=linux-netdev&m=122841256115780&w=2
CVE-2008-5078 (Multiple buffer overflows in the (1) recognize_eps_file function ...)
	{DSA-1670-1}
	- enscript 1.6.4-13 (bug #506261)
CVE-2008-5077 (OpenSSL 0.9.8i and earlier does not properly check the return value ...)
	{DSA-1701-1}
	- openssl 0.9.8g-15
CVE-2008-5075 (Multiple SQL injection vulnerabilities in E-Uploader Pro 1.0 (aka ...)
	NOT-FOR-US: E-Uploader Pro
CVE-2008-5074 (SQL injection vulnerability in index.php in the Freshlinks 1.0 RC1 ...)
	NOT-FOR-US: Freshlinks module for PHP-Fusion
CVE-2008-5073 (Heap-based buffer overflow in an ActiveX control in Novell ZENworks ...)
	NOT-FOR-US: Novell ZENworks ActiveX control
CVE-2008-5072 (vsfilter.dll in K-Lite Mega Codec Pack 3.5.7.0 allows remote attackers ...)
	NOT-FOR-US: K-Lite Mega Codec Pack
CVE-2008-5071 (Multiple eval injection vulnerabilities in itpm_estimate.php in Yoxel ...)
	NOT-FOR-US: Yoxel
CVE-2008-5070 (SQL injection vulnerability in Pro Chat Rooms 3.0.3, when ...)
	NOT-FOR-US: Pro Chat Rooms
CVE-2008-5069 (SQL injection vulnerability in go.php in Panuwat PromoteWeb MySQL, ...)
	NOT-FOR-US: Panuwat PromoteWeb MySQL
CVE-2008-5068 (Multiple cross-site scripting (XSS) vulnerabilities in Kmita Gallery ...)
	NOT-FOR-US: Kmita Gallery
CVE-2008-5067 (Cross-site scripting (XSS) vulnerability in search.php in Kmita ...)
	NOT-FOR-US: Kmita Catalogue
CVE-2008-5066 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: Agares Media ThemeSiteScript
CVE-2008-5065 (TlGuestBook 1.2 allows remote attackers to bypass authentication and ...)
	NOT-FOR-US: TlGuestBook
CVE-2008-5064 (SQL injection vulnerability in liga.php in H&amp;H WebSoccer 2.80 allows ...)
	NOT-FOR-US: H&H WebSoccer
CVE-2008-5063 (PHP remote file inclusion vulnerability in Admin/ADM_Pagina.php in ...)
	NOT-FOR-US: OTManager
CVE-2008-5062 (Directory traversal vulnerability in php/cal_pdf.php in Mini Web ...)
	NOT-FOR-US: Mini Web Calendar
CVE-2008-5061 (Cross-site scripting (XSS) vulnerability in php/cal_default.php in ...)
	NOT-FOR-US: Mini Web Calendar
CVE-2008-5060 (Multiple PHP remote file inclusion vulnerabilities in ModernBill 4.4 ...)
	NOT-FOR-US: ModernBill
CVE-2008-5059 (Cross-site scripting (XSS) vulnerability in index.php in ModernBill ...)
	NOT-FOR-US: ModernBill
CVE-2008-5058 (SQL injection vulnerability in siteadmin/loginsucess.php in Pre Simple ...)
	NOT-FOR-US: Pre Simple CMS
CVE-2008-5057 (SQL injection vulnerability in film.asp in Yigit Aybuga Dizi Portali ...)
	NOT-FOR-US: Yigit Aybuga Dizi Portali
CVE-2008-5056 (Cross-site scripting (XSS) vulnerability in ...)
	NOT-FOR-US: ActiveCampaign TrioLive
CVE-2008-5055 (SQL injection vulnerability in department_offline_context.php in ...)
	NOT-FOR-US: ActiveCampaign TrioLive
CVE-2008-5054 (Multiple SQL injection vulnerabilities in Develop It Easy Membership ...)
	NOT-FOR-US: Develop It Easy Membership System
CVE-2008-5053 (PHP remote file inclusion vulnerability in admin.rssreader.php in the ...)
	NOT-FOR-US: com_rssreader component for Joomla!
CVE-2008-5052 (The AppendAttributeValue function in the JavaScript engine in Mozilla ...)
	{DSA-1697-1 DSA-1696-1 DSA-1671-1 DSA-1669-1}
	- iceweasel 3.0.4-1
	- xulrunner 1.9.0.4-1
	- icedove 2.0.0.19-1
	- iceape 1.1.13-1
CVE-2008-5051 (SQL injection vulnerability in the JooBlog (com_jb2) component 0.1.1 ...)
	NOT-FOR-US: joomla
CVE-2008-5049 (Buffer overflow in AKEProtect.sys 3.3.3.0 in ISecSoft Anti-Keylogger ...)
	NOT-FOR-US: ISecSoft Anti-Keylogger
CVE-2008-5048 (Buffer overflow in Atepmon.sys in ISecSoft Anti-Trojan Elite 4.2.1 and ...)
	NOT-FOR-US: ISecSoft Anti-Trojan
CVE-2008-5047 (SQL injection vulnerability in admin/index.php in Mole Group Rental ...)
	NOT-FOR-US: Mole Group Rental Script
CVE-2008-5046 (SQL injection vulnerability in index.php in Mole Group Pizza Script ...)
	NOT-FOR-US: Mole Group Pizza Script
CVE-2008-5045 (Heap-based buffer overflow in Network-Client FTP Now 2.6, and possibly ...)
	NOT-FOR-US: Network-Client FTP Now
CVE-2008-5044 (Race condition in Microsoft Windows Server 2003 and Vista allows local ...)
	NOT-FOR-US: Microsoft Windows
CVE-2008-5043 (Multiple cross-site scripting (XSS) vulnerabilities in the web-based ...)
	NOT-FOR-US: IBM Metrica Service Assurance Framework
CVE-2008-5042 (Zeeways PhotoVideoTube 1.1 and earlier allows remote attackers to ...)
	NOT-FOR-US: Zeeways PhotoVideoTube
CVE-2008-5041 (Sweex RO002 Router with firmware Ts03-072 has &quot;rdc123&quot; as its default ...)
	NOT-FOR-US: Sweex RO002 Router
CVE-2008-5040 (Graphiks MyForum 1.3 allows remote attackers to bypass authentication ...)
	NOT-FOR-US: Graphiks MyForum
CVE-2008-5039 (Cross-site scripting (XSS) vulnerability in the League module for ...)
	NOT-FOR-US: PHP-Nuke
CVE-2008-5038 (Use after free vulnerability in the NetWare Core Protocol (NCP) ...)
	NOT-FOR-US:  Novell eDirectory
CVE-2008-5037 (SQL injection vulnerability in view.php in ElkaGroup Image Gallery 1.0 ...)
	NOT-FOR-US: ElkaGroup Image Gallery
CVE-2008-XXXX [interchange Cross-Site Scripting Vulnerabilities]
	- interchange 5.6.1-1 (bug #505732)
	NOTE: this is SA32658
CVE-2008-XXXX [typo3: passwords are not changeable bug in the backend]
	- typo3-src 4.2.3-1 (bug #505326)
	[etch] - typo3-src <not-affected> (Typo3 versions below 4.2.x are not affected)
CVE-2008-5919 (Directory traversal vulnerability in rss.php in WebSVN 2.0 and ...)
	- websvn 2.0-4 (bug #503330)
	[etch] - websvn <not-affected> (vulnerable code not present)
CVE-2008-5918 (Cross-site scripting (XSS) vulnerability in the ...)
	- websvn 2.0-4 (bug #503330)
	[etch] - websvn <not-affected> (vulnerable code not present)
CVE-2008-5033 (The chip_command function in drivers/media/video/tvaudio.c in the ...)
	- linux-2.6 2.6.26-11
	[etch] - linux-2.6.24 <not-affected> (Vulnerable code not present; different ioctls3B)
	[etch] - linux-2.6 <not-affected> (Vulnerable code not present; different ioctls)
CVE-2008-5031 (Multiple integer overflows in Python 2.2.3 through 2.5.1, and 2.6, ...)
	- python2.5 2.5.2-11.1
	- python2.4 2.4.6-1 (bug #507317)
	NOTE: definitely fixed in 2.5.2-11.1 for lenny/unstable (svn-updates.dpatch)
	NOTE: maybe fixed earlier, doko is not able to tell the exact version atm
CVE-2008-5030 (Heap-based buffer overflow in the cddb_read_disc_data function in ...)
	{DSA-1665-1}
	- libcdaudio 0.99.12p2-7 (bug #505478)
CVE-2008-5024 (Mozilla Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, ...)
	{DSA-1697-1 DSA-1696-1 DSA-1671-1 DSA-1669-1}
	- iceweasel 3.0.4-1
	- xulrunner 1.9.0.4-1
	- icedove 2.0.0.19-1
	- iceape 1.1.13-1
CVE-2008-5023 (Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, and SeaMonkey ...)
	{DSA-1671-1 DSA-1669-1}
	- iceweasel 3.0.4-1
	- xulrunner 1.9.0.4-1
	- iceape 1.1.13-1
	NOTE: iceape will be checked by Alexander
CVE-2008-5022 (The nsXMLHttpRequest::NotifyEventListeners method in Firefox 3.x ...)
	{DSA-1697-1 DSA-1696-1 DSA-1671-1 DSA-1669-1}
	- xulrunner 1.9.0.4-1
	- iceweasel 3.0.4-1
	- icedove 2.0.0.19-1
	- iceape 1.1.13-1
CVE-2008-5021 (nsFrameManager in Firefox 3.x before 3.0.4, Firefox 2.x before ...)
	{DSA-1697-1 DSA-1696-1 DSA-1671-1 DSA-1669-1}
	- iceweasel 3.0.4-1
	- xulrunner 1.9.0.4-1
	- icedove 2.0.0.19-1
	- iceape 1.1.13-1
CVE-2008-5020
	RESERVED
CVE-2008-5019 (The session restore feature in Mozilla Firefox 3.x before 3.0.4 and ...)
	{DSA-1671-1}
	- iceweasel 3.0.4-1
	- xulrunner 1.9.0.4-1
	NOTE: patch for xulrunner currently not suitable, Alexander will check this further
CVE-2008-5018 (The JavaScript engine in Mozilla Firefox 3.x before 3.0.4, Firefox 2.x ...)
	{DSA-1697-1 DSA-1696-1 DSA-1671-1 DSA-1669-1}
	- iceweasel 3.0.4-1
	- xulrunner 1.9.0.4-1
	- icedove 2.0.0.19-1
	- iceape 1.1.13-1
CVE-2008-5017 (Integer overflow in xpcom/io/nsEscape.cpp in the browser engine in ...)
	{DSA-1697-1 DSA-1696-1 DSA-1671-1 DSA-1669-1}
	- iceweasel 3.0.4-1
	- xulrunner 1.9.0.4-1
	- icedove 2.0.0.19-1
	- iceape 1.1.13-1
CVE-2008-5016 (The layout engine in Mozilla Firefox 3.x before 3.0.4, Thunderbird 2.x ...)
	- iceweasel 3.0.4-1
	- xulrunner 1.9.0.4-1
	- icedove 2.0.0.19-1
	- iceape 1.1.13-1
	[etch] - iceweasel <not-affected> (Doesn't affect Firefox 2.x et al)
	[etch] - xulrunner <not-affected> (Doesn't affect Firefox 2.x et al)
	[etch] - iceape <not-affected> (Doesn't affect Firefox 2.x et al)
	[etch] - icedove <not-affected> (Doesn't affect Firefox 2.x et al)
CVE-2008-5015 (Mozilla Firefox 3.x before 3.0.4 assigns chrome privileges to a file: ...)
	- iceweasel 3.0.4-1
	- xulrunner 1.9.0.4-1
	[etch] - iceweasel <not-affected> (Doesn't affect Firefox 2.x)
	[etch] - xulrunner <not-affected> (Doesn't affect Firefox 2.x)
CVE-2008-5014 (jslock.cpp in Mozilla Firefox 3.x before 3.0.2, Firefox 2.x before ...)
	{DSA-1697-1 DSA-1696-1 DSA-1671-1 DSA-1669-1}
	- iceweasel 3.0.4-1
	- xulrunner 1.9.0.4-1
	- icedove 2.0.0.19-1
	- iceape 1.1.13-1
CVE-2008-5013 (Mozilla Firefox 2.x before 2.0.0.18 and SeaMonkey 1.x before 1.1.13 do ...)
	{DSA-1697-1 DSA-1671-1 DSA-1669-1}
	- iceape 1.1.13-1
	NOTE: Iceweasel 3.0 aka Xulrunner 1.9 not affected
	- iceweasel 3.0
	- xulrunner 1.9
CVE-2008-5012 (Mozilla Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, ...)
	{DSA-1697-1 DSA-1696-1 DSA-1671-1 DSA-1669-1}
	- iceape 1.1.13-1
	NOTE: Iceweasel 3.0 aka Xulrunner 1.9 not affected
	- iceweasel 3.0
	- xulrunner 1.9
	- icedove 2.0.0.19-1
CVE-2008-5010 (in.dhcpd in the DHCP implementation in Sun Solaris 8 through 10, and ...)
	NOT-FOR-US: in.dhcpd
CVE-2008-5101 (Buffer overflow in the BMP reader in OptiPNG 0.6 and 0.6.1 allows ...)
	- optipng 0.6.1.1-1 (bug #505399)
	[etch] - optipng <not-affected> (Vulnerable code not present referring to upstream)
CVE-2008-5035 (The Resource Monitoring and Control (RMC) daemon in IBM Hardware ...)
	NOT-FOR-US: IBM Hardware Management Console
CVE-2008-5026 (Microsoft SharePoint uses URLs with the same hostname and port number ...)
	NOT-FOR-US: Microsoft
CVE-2008-5011 (Multiple cross-site scripting (XSS) vulnerabilities in IBM Lotus ...)
	NOT-FOR-US: IBM Lotus Quickr
CVE-2008-5009 (Race condition in the s_xout kernel module in Sun Solstice X.25 9.2, ...)
	NOT-FOR-US: Sun Solstice X.25
CVE-2008-5025 (Stack-based buffer overflow in the hfs_cat_find_brec function in ...)
	{DSA-1687-1 DSA-1681-1}
	- linux-2.6 2.6.26-11
	- linux-2.6.24 2.6.24-6~etchnhalf.7
CVE-2008-5029 (The __scm_destroy function in net/core/scm.c in the Linux kernel ...)
	{DSA-1687-1 DSA-1681-1}
	- linux-2.6 2.6.26-11
	- linux-2.6.24 2.6.24-6~etchnhalf.7
CVE-2008-XXXX [Trac Multiple Vulnerabilities]
	- trac 0.11.1-2.1 (bug #505197)
CVE-2008-5008 (Buffer overflow in src/src_sinc.c in Secret Rabbit Code (aka SRC or ...)
	- libsamplerate 0.1.4-1
CVE-2008-5006 (smtp.c in the c-client library in University of Washington IMAP ...)
	{DSA-1685-1 DTSA-174-1 DTSA-174-2}
	- uw-imap 7:2007d~dfsg-1
CVE-2008-5005 (Multiple stack-based buffer overflows in (1) University of Washington ...)
	{DSA-1685-1 DTSA-174-1 DTSA-174-2}
	[lenny] - uw-imap 2007b~dfsg-4+lenny1
	- uw-imap 7:2007d~dfsg-1
	- alpine <not-affected> (vulnerable code present but tmail/dmail wont be installed)
CVE-2008-5004 (SQL injection vulnerability in genscode.php in myWebland Bloggie Lite ...)
	NOT-FOR-US: myWebland Bloggie Lite
CVE-2008-5003 (SQL injection vulnerability in ndetail.php in Shahrood allows remote ...)
	NOT-FOR-US: Shahrood
CVE-2008-5002 (Insecure method vulnerability in the ChilkatCrypt2.ChilkatCrypt2.1 ...)
	NOT-FOR-US: ActiveX
CVE-2008-5001 (Multiple stack-based buffer overflows in multiple functions in ...)
	NOT-FOR-US: UltraVNC
CVE-2008-5000 (SQL injection vulnerability in admin/includes/news.inc.php in PHPX ...)
	NOT-FOR-US: PHPX
CVE-2008-4999 (Nortel Networks UNIStim IP Phone 0604DAS allows remote attackers to ...)
	NOT-FOR-US: Nortel Networks UNIStim IP Phone
CVE-2008-4997 (** DISPUTED ** ...)
	- pilot-qof <unfixed> (unimportant; bug #496429)
CVE-2008-4996 (** DISPUTED ** ...)
	- initramfs-tools <unfixed> (unimportant; bug #496386)
CVE-2008-4992 (The SPARC hypervisor in Sun System Firmware 6.6.3 through 6.6.5 and ...)
	NOT-FOR-US: Sun System Firmware
CVE-2008-5050 (Off-by-one error in the get_unicode_name function ...)
	{DSA-1680-1}
	- clamav 0.94.dfsg.1-1 (bug #505134)
CVE-2008-4991 (SQL injection vulnerability in LOCKON CO.,LTD. EC-CUBE 2.3.0 and ...)
	NOT-FOR-US:  LOCKON CO.,LTD. EC-CUBE
CVE-2008-XXXX [yzis insecure temp file]
	- yzis 1.0~alpha1-2 (bug #504680)
CVE-2008-5113 (WordPress 2.6.3 relies on the REQUEST superglobal array in certain ...)
	- wordpress 2.5.1-10 (bug #504771)
CVE-2008-4990 (Enomaly Elastic Computing Platform (ECP), formerly Enomalism, before ...)
	TODO: check
CVE-2008-4989 (The _gnutls_x509_verify_certificate function in lib/x509/verify.c in ...)
	- gnutls26 2.4.2-3
	- gnutls13 <removed>
	[etch] - gnutls1.3 <unfixed>
CVE-2008-4963 (Unspecified vulnerability in the VLAN Trunking Protocol (VTP) ...)
	NOT-FOR-US: Cisco IOS and CatOS
CVE-2008-4962
	RESERVED
CVE-2008-4961
	RESERVED
CVE-2008-4953 (** DISPUTED ** ...)
	- firehol <unfixed> (unimportant; bug #496424)
	NOTE: attack unfeasible because of $$-${RANDOM}-${RANDOM}
CVE-2008-4950 (** DISPUTED ** gccross in dpkg-cross 2.3.0 allows local users to ...)
	- dpkg-cross <unfixed> (unimportant; bug #496413)
	NOTE: executed under a chroot when a package failed to cross-build
CVE-2008-4938 (aegis 4.24 and aegis-web 4.24 allow local users to overwrite arbitrary ...)
	- aegis 4.24-3.1 (low; bug #496400)
	[etch] - aegis <no-dsa> (Minor issue)
CVE-2008-4934 (The hfsplus_block_allocate function in fs/hfsplus/bitmap.c in the ...)
	{DSA-1687-1 DSA-1681-1}
	- linux-2.6 2.6.26-11
	- linux-2.6.24 2.6.24-6~etchnhalf.7
CVE-2008-4933 (Buffer overflow in the hfsplus_find_cat function in ...)
	{DSA-1687-1 DSA-1681-1}
	- linux-2.6 2.6.26-11
	- linux-2.6.24 2.6.24-6~etchnhalf.7
CVE-2008-4932 (webmail/modules/filesystem/edit.php in U-Mail Webmail server 4.91 ...)
	NOT-FOR-US: U-Mail Webmail server
CVE-2008-XXXX [universalindentgui insecure usage of temp files]
	- universalindentgui 0.8.1-1.2 (low; bug #504726)
CVE-2008-5032 (Stack-based buffer overflow in VideoLAN VLC media player 0.5.0 through ...)
	{DTSA-176-1}
	- vlc 0.8.6.h-5 (medium; bug #504639)
CVE-2008-5036 (Stack-based buffer overflow in VideoLAN VLC media player 0.9.x before ...)
	- vlc <not-affected> (Vulnerable code not present in 0.8.x)
	TODO: recheck if 0.9 gets uploaded to unstable
CVE-2008-4931 (Cross-site scripting (XSS) vulnerability in the account module in ...)
	NOT-FOR-US: firmCHANNEL Digital Signage
CVE-2008-4930 (MyBB (aka MyBulletinBoard) 1.4.2 does not properly handle an uploaded ...)
	NOT-FOR-US: MyBB
CVE-2008-4929 (MyBB (aka MyBulletinBoard) 1.4.2 uses insufficient randomness to ...)
	NOT-FOR-US: MyBB
CVE-2008-4928 (Cross-site scripting (XSS) vulnerability in the redirect function in ...)
	NOT-FOR-US: MyBB
CVE-2008-4927 (Microsoft Windows Media Player (WMP) 9.0 through 11 allows ...)
	NOT-FOR-US: Microsoft Windows Media Player
CVE-2008-4926 (Multiple insecure method vulnerabilities in MW6 Technologies PDF417 ...)
	NOT-FOR-US: MW6 Technologies PDF417 ActiveX
CVE-2008-4925 (Multiple insecure method vulnerabilities in MW6 Technologies ...)
	NOT-FOR-US: MW6 Technologies DataMatrix ActiveX
CVE-2008-4924 (Multiple insecure method vulnerabilities in MW6 Technologies 1D ...)
	NOT-FOR-US: MW6 Technologies 1D Barcode ActiveX
CVE-2008-4923 (Multiple insecure method vulnerabilities in MW6 Technologies Aztec ...)
	NOT-FOR-US: MW6 Technologies Aztec ActiveX
CVE-2008-4922 (Buffer overflow in the DjVu ActiveX Control 3.0 for Microsoft Office ...)
	NOT-FOR-US: DjVu ActiveX
CVE-2008-4921 (board/admin/reguser.php in Chipmunk CMS 1.3 allows remote attackers to ...)
	NOT-FOR-US: Chipmunk CMS
CVE-2008-4920
	REJECTED
	NOT-FOR-US: Agavi
CVE-2008-4919 (Insecure method vulnerability in VISAGESOFT eXPert PDF Viewer X ...)
	NOT-FOR-US: eXPert PDF Viewer X ActiveX
CVE-2008-4918 (Cross-site scripting (XSS) vulnerability in SonicWALL SonicOS Enhanced ...)
	NOT-FOR-US: SonicOS Enhanced
CVE-2008-5027 (The Nagios process in (1) Nagios before 3.0.5 and (2) op5 Monitor ...)
	- nagios3 <unfixed> (unimportant)
	NOTE: the nagios process shouldnt have rights to execute important commands and non-trusted
	NOTE: users shouldn't have access to nagios anyway
CVE-2008-5028 (Cross-site request forgery (CSRF) vulnerability in cmd.cgi in (1) ...)
	- nagios3 3.0.6-1 (low; bug #504894)
	[etch] - nagios2 <no-dsa> (CSRF can only cause DoS and needs admin's browser)
CVE-2008-4917 (Unspecified vulnerability in VMware Workstation 5.5.8 and earlier, and ...)
	NOT-FOR-US: VMware Workstation
CVE-2008-4916
	RESERVED
CVE-2008-4915 (The CPU hardware emulation in VMware Workstation 6.0.5 and earlier and ...)
	NOT-FOR-US: VMware Workstation
CVE-2008-4914 (Unspecified vulnerability in VMware ESXi 3.5 before ...)
	TODO: check
CVE-2008-4913 (Directory traversal vulnerability in admin.php in LokiCMS 0.3.3 and ...)
	NOT-FOR-US: LokiCMS
CVE-2008-4912 (SQL injection vulnerability in popup_img.php in the fotogalerie module ...)
	NOT-FOR-US: RS MAXSOFT
CVE-2008-4911 (PHP remote file inclusion vulnerability in read.php in Chattaitaliano ...)
	NOT-FOR-US: Chattaitaliano Istant-Replay
CVE-2008-4910 (The BasicService in Sun Java Web Start allows remote attackers to ...)
	NOT-FOR-US: Sun Java Web Start
CVE-2008-4909 (Cross-site request forgery (CSRF) vulnerability in CompactCMS 1.1 and ...)
	NOT-FOR-US: CompactCMS
CVE-2008-4908 (maps/Info/combine.pl in CrossFire crossfire-maps 1.11.0 allows local ...)
	- crossfire-maps 1.11.0-2 (low; bug #496358; bug #504561)
	[etch] - crossfire-maps <no-dsa> (Minor issue)
CVE-2008-4906 (SQL injection vulnerability in lyrics_song.php in the Lyrics ...)
	NOT-FOR-US: Lyrics (lyrics_menu) plugin for e107
CVE-2008-4905 (Typo 5.1.3 and earlier uses a hard-coded salt for calculating password ...)
	- typo <itp> (bug #379399)
CVE-2008-4904 (SQL injection vulnerability in the &quot;Manage pages&quot; feature ...)
	- typo <itp> (bug #379399)
CVE-2008-4903 (Cross-site scripting (XSS) vulnerability in the leave comment ...)
	- typo <itp> (bug #379399)
CVE-2008-4902 (SQL injection vulnerability in contact_author.php in Article Publisher ...)
	NOT-FOR-US: Article Publisher
CVE-2008-4901 (SQL injection vulnerability in admin/admin.php in Article Publisher ...)
	NOT-FOR-US: Article Publisher
CVE-2008-4900 (SQL injection vulnerability in tr.php in YourFreeWorld Classifieds ...)
	NOT-FOR-US: YourFreeWorld Classifieds
CVE-2008-4899 (Cross-site request forgery (CSRF) vulnerability in Planetluc RateMe ...)
	NOT-FOR-US: Planetluc RateMe
CVE-2008-4898 (Cross-site scripting (XSS) vulnerability in planetluc RateMe 1.3.3 ...)
	NOT-FOR-US: Planetluc RateMe
CVE-2008-4897 (SQL injection vulnerability in fichiers/add_url.php in Logz podcast ...)
	NOT-FOR-US: Logz podcast CMS
CVE-2008-4896 (Cross-site scripting (XSS) vulnerability in fichiers/add_url.php in ...)
	NOT-FOR-US: Logz CMS
CVE-2008-4895 (SQL injection vulnerability in tr.php in YourFreeWorld Downline ...)
	NOT-FOR-US: YourFreeWorld Downline
CVE-2008-4894 (Directory traversal vulnerability in ...)
	NOT-FOR-US: Tribiq CMS
CVE-2008-4893 (Cross-site scripting (XSS) vulnerability in ...)
	NOT-FOR-US: Tribiq CMS
CVE-2008-4892 (Cross-site scripting (XSS) vulnerability in gallery.inc.php in ...)
	NOT-FOR-US: Planetluc MyGallery
CVE-2008-4891 (Cross-site scripting (XSS) vulnerability in signme.inc.php in ...)
	NOT-FOR-US: SignMe
CVE-2008-4890 (SQL injection vulnerability in products.php in 1st News 4 Professional ...)
	NOT-FOR-US: 1st News 4 Professional
CVE-2008-4889 (SQL injection vulnerability in index.php in deV!L'z Clanportal (DZCP) ...)
	NOT-FOR-US: deV!L'z Clanportal
CVE-2008-4888 (Cross-site scripting (XSS) vulnerability in index.php in NetRisk 2.0 ...)
	NOT-FOR-US: NetRisk 2.0
CVE-2008-4887 (SQL injection vulnerability in index.php in NetRisk 2.0 and earlier ...)
	NOT-FOR-US: NetRisk 2.0
CVE-2008-4886 (SQL injection vulnerability in index.php in YourFreeWorld Shopping ...)
	NOT-FOR-US: YourFreeWorld Shopping
CVE-2008-4885 (SQL injection vulnerability in tr1.php in YourFreeWorld Scrolling Text ...)
	NOT-FOR-US: YourFreeWorld Scrolling Text
CVE-2008-4884 (SQL injection vulnerability in tr.php in YourFreeWorld Classifieds ...)
	NOT-FOR-US: YourFreeWorld Classifieds
CVE-2008-4883 (SQL injection vulnerability in tr.php in YourFreeWorld Blog Blaster ...)
	NOT-FOR-US: YourFreeWorld Blog Blaster
CVE-2008-4882 (SQL injection vulnerability in tr.php in YourFreeWorld Autoresponder ...)
	NOT-FOR-US: YourFreeWorld Autoresponder
CVE-2008-4881 (SQL injection vulnerability in tr.php in YourFreeWorld Reminder ...)
	NOT-FOR-US: YourFreeWorld Reminder
CVE-2008-4880 (SQL injection vulnerability in prodshow.php in Maran PHP Shop allows ...)
	NOT-FOR-US: Maran PHP Shop
CVE-2008-4879 (SQL injection vulnerability in prod.php in Maran PHP Shop allows ...)
	NOT-FOR-US: Maran PHP Shop
CVE-2008-4907 (The message parsing feature in Dovecot 1.1.4 and 1.1.5, when using the ...)
	- dovecot <not-affected> (Vulnerable code not present prior to 1.1.4)
	TODO: check again if >= 1.1.4 gets uploaded
CVE-2008-5186 (** DISPUTED ** ...)
	{DTSA-179-1}
	- geshi 1.0.8.1-1 (unimportant; bug #504445)
	NOTE: its rather an application bug if the input to set_language_path is unfiltered user input
	NOTE: http://comments.gmane.org/gmane.comp.security.oss.general/1152
	- dokuwiki 0.0.20080505-3.1 (unimportant; bug #504682)
	NOTE: DokuWiki passes a static string to $path parameter
	- pgfouine 1.0-1.1 (unimportant; bug #504681)
	NOTE: pgfouine too does not override default language files path
CVE-2008-6432
	REJECTED
CVE-2008-4878 (Unrestricted file upload vulnerability in the &quot;Add Image Macro&quot; ...)
	NOT-FOR-US: WebCards
CVE-2008-4877 (SQL injection vulnerability in admin.php in WebCards 1.3, when ...)
	NOT-FOR-US: WebCards
CVE-2008-4876 (Cross-site scripting (XSS) vulnerability in the web server component ...)
	NOT-FOR-US: Philips Electronics VOIP841 DECT Phone
CVE-2008-4875 (Directory traversal vulnerability in the web server in Philips ...)
	NOT-FOR-US: Philips Electronics VOIP841 DECT Phone
CVE-2008-4874 (The web component in Philips Electronics VOIP841 DECT Phone with ...)
	NOT-FOR-US: Philips Electronics VOIP841 DECT Phone
CVE-2008-4873 (board.cgi in Sepal SPBOARD 4.5 allows remote attackers to execute ...)
	NOT-FOR-US: Sepal SPBOARD
CVE-2008-4872 (Cross-site scripting (XSS) vulnerability in bidhistory.php in ...)
	NOT-FOR-US: iTechBids Gold
CVE-2008-4871 (Cross-site scripting (XSS) vulnerability in My Little Forum 1.75 and ...)
	NOT-FOR-US: My Little Forum
CVE-2008-4870 (dovecot 1.0.7 in Red Hat Enterprise Linux (RHEL) 5, and possibly ...)
	- dovecot <unfixed> (unimportant)
	NOTE: by default this file doesnt containt sensitive information and administrator
	NOTE: changing this should ensure on its own that the mode is secure
CVE-2008-4869 (FFmpeg 0.4.9, as used by MPlayer, allows context-dependent attackers ...)
	- ffmpeg-debian <unfixed> (unimportant; bug #504977)
	NOTE: A regular bug, but hardly a security issue
	- kino 1.0.0-1
	[etch] - kino <not-affected> (Does not ship ffmpeg)
	- gstreamer0.10-ffmpeg 0.10.3-2
CVE-2008-4868 (Unspecified vulnerability in the avcodec_close function in ...)
	- ffmpeg-debian <not-affected> (Vulnerable code not present)
	[etch] - ffmpeg <not-affected> (Vulnerable code not present)
	- mplayer 1.0~rc2-14
	[etch] - mplayer <not-affected> (Vulnerable code not present)
	- kino 1.0.0-1
	[etch] - kino <not-affected> (Does not ship ffmpeg)
	- gstreamer0.10-ffmpeg 0.10.3-2
	[etch] - gstreamer0.10-ffmpeg <not-affected> (Vulnerable code not present)
CVE-2008-4867 (Buffer overflow in libavcodec/dca.c in FFmpeg 0.4.9 before r14917, as ...)
	- ffmpeg-debian 0.svn20080206-14 (bug #504977)
	[etch] - ffmpeg <not-affected> (Vulnerable code not present)
	- mplayer 1.0~rc2-14
	[etch] - mplayer <not-affected> (Vulnerable code not present)
	- kino 1.0.0-1
	[etch] - kino <not-affected> (Does not ship ffmpeg)
	- gstreamer0.10-ffmpeg 0.10.3-2
	[etch] - gstreamer0.10-ffmpeg <not-affected> (Vulnerable code not present)
CVE-2008-4866 (Multiple buffer overflows in libavformat/utils.c in FFmpeg 0.4.9 ...)
	- ffmpeg-debian 0.svn20080206-14 (bug #504977)
	[etch] - ffmpeg <not-affected> (Vulnerable code not present)
	- mplayer 1.0~rc2-14
	- kino 1.0.0-1
	[etch] - kino <not-affected> (Does not ship ffmpeg)
	- gstreamer0.10-ffmpeg 0.10.3-2
	[etch] - gstreamer0.10-ffmpeg <not-affected> (Vulnerable code not present)
CVE-2008-4865 (Untrusted search path vulnerability in valgrind before 3.4.0 allows ...)
	- valgrind 1:3.3.1-3 (unimportant; bug #507312)
	NOTE: That's hardly an issue
CVE-2008-4864 (Multiple integer overflows in imageop.c in the imageop module in ...)
	- python2.5 2.5.2-12 (bug #504619)
	- python2.4 2.4.5-6 (bug #504620)
CVE-2008-4863 (Untrusted search path vulnerability in BPY_interface in Blender 2.46 ...)
	- blender 2.46+dfsg-5 (bug #503632; low)
	[etch] - blender 2.42a-8
	NOTE: minor issue fixed in etch r6 point update
CVE-2008-4862
	RESERVED
CVE-2008-4861
	RESERVED
CVE-2008-4860
	RESERVED
CVE-2008-4859
	RESERVED
CVE-2008-4858
	RESERVED
CVE-2008-4857
	RESERVED
CVE-2008-4856
	RESERVED
CVE-2008-4855
	RESERVED
CVE-2008-4854
	RESERVED
CVE-2008-4853
	RESERVED
CVE-2008-4852
	RESERVED
CVE-2008-4851
	RESERVED
CVE-2008-4850
	RESERVED
CVE-2008-4849
	RESERVED
CVE-2008-4848
	RESERVED
CVE-2008-4847
	RESERVED
CVE-2008-4846
	RESERVED
CVE-2008-4845
	RESERVED
CVE-2008-4844 (Use-after-free vulnerability in mshtml.dll in Microsoft Internet ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2008-4843
	RESERVED
CVE-2008-4842
	RESERVED
CVE-2008-4841 (The WordPad Text Converter for Word 97 files in Microsoft Windows 2000 ...)
	NOT-FOR-US: Microsoft Windows
CVE-2008-4840
	RESERVED
CVE-2008-4839
	RESERVED
CVE-2008-4838
	RESERVED
CVE-2008-4837 (Stack-based buffer overflow in Microsoft Office Word 2000 SP3, 2002 ...)
	NOT-FOR-US: Microsoft Office Word
CVE-2008-4836
	RESERVED
CVE-2008-4835 (SMB in the Server service in Microsoft Windows 2000 SP4, XP SP2 and ...)
	NOT-FOR-US: Windows
CVE-2008-4834 (Buffer overflow in SMB in the Server service in Microsoft Windows 2000 ...)
	NOT-FOR-US: Windows
CVE-2008-4833
	RESERVED
CVE-2008-4832 (rc.sysinit in initscripts 8.12-8.21 and 8.56.15-0.1 on rPath allows ...)
	NOT-FOR-US: rPath
CVE-2008-4831 (Unspecified vulnerability in Adobe ColdFusion 8 and 8.0.1 and ...)
	NOT-FOR-US: Adobe ColdFusion
CVE-2008-4830
	RESERVED
CVE-2008-4829 (Multiple buffer overflows in lib/http.c in Streamripper 1.63.5 allow ...)
	{DSA-1683-1}
	- streamripper 1.63.5-2 (bug #506377)
CVE-2008-4828
	RESERVED
CVE-2008-4827 (Multiple heap-based buffer overflows in the AddTab method in the (1) ...)
	NOT-FOR-US: ComponentOne SizerOne
CVE-2008-4826
	RESERVED
CVE-2008-4825
	RESERVED
CVE-2008-4824 (Multiple unspecified vulnerabilities in Adobe Flash Player 10.x before ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2008-4823 (Cross-site scripting (XSS) vulnerability in Adobe Flash Player ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2008-4822 (Adobe Flash Player 9.0.124.0 and earlier does not properly interpret ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2008-4821 (Adobe Flash Player 9.0.124.0 and earlier, when a Mozilla browser is ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2008-4820 (Unspecified vulnerability in the Flash Player ActiveX control in Adobe ...)
	NOT-FOR-US: Flash Player ActiveX control
CVE-2008-4819 (Unspecified vulnerability in Adobe Flash Player 9.0.124.0 and earlier ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2008-4818 (Cross-site scripting (XSS) vulnerability in Adobe Flash Player ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2008-4817 (The Download Manager in Adobe Acrobat Professional and Reader 8.1.2 ...)
	NOT-FOR-US: Adobe Acrobat
CVE-2008-4816 (Unspecified vulnerability in the Download Manager in Adobe Reader ...)
	NOT-FOR-US: Adobe Reader on Windows
CVE-2008-4815 (Untrusted search path vulnerability in Adobe Reader and Acrobat 8.1.2 ...)
	NOT-FOR-US: Adobe Acrobat
CVE-2008-4814 (Unspecified vulnerability in a JavaScript method in Adobe Reader and ...)
	NOT-FOR-US: Adobe Acrobat
CVE-2008-4813 (Adobe Reader and Acrobat 8.1.2 and earlier allow remote attackers to ...)
	NOT-FOR-US: Adobe Acrobat
CVE-2008-4812 (Array index error in Adobe Reader and Acrobat, and the Explorer ...)
	NOT-FOR-US: Adobe Reader Explorer extension
CVE-2008-4811 (The _expand_quoted_text function in libs/Smarty_Compiler.class.php in ...)
	{DSA-1691-1}
	- smarty <unfixed> (bug #504328)
	- moodle 1.8.2-2 (bug #504345)
	[etch] - gallery2 <unfixed>
	NOTE: This attack vector is *not* fixed in r2797
CVE-2008-4810 (The _expand_quoted_text function in libs/Smarty_Compiler.class.php in ...)
	{DSA-1691-1}
	- smarty <unfixed> (bug #504328)
	- moodle 1.8.2-2 (bug #504345)
	[etch] - gallery2 <unfixed>
	NOTE: This attack vector is fixed in r2797
CVE-2008-4809 (Multiple unspecified vulnerabilities in the Profiles search pages in ...)
	NOT-FOR-US: IBM Lotus Connections
CVE-2008-4808 (IBM Lotus Connections 2.x before 2.0.1 allows attackers to discover ...)
	NOT-FOR-US: IBM Lotus Connections
CVE-2008-4807 (IBM Lotus Connections 2.x before 2.0.1 stores the password for the ...)
	NOT-FOR-US: IBM Lotus Connections
CVE-2008-4806 (Multiple SQL injection vulnerabilities in IBM Lotus Connections 2.x ...)
	NOT-FOR-US: IBM Lotus Connections
CVE-2008-4805 (Multiple cross-site scripting (XSS) vulnerabilities in IBM Lotus ...)
	NOT-FOR-US: IBM Lotus Connections
CVE-2008-4804 (SQL injection vulnerability in the Gallery module 1.3 for PHP-Nuke ...)
	NOT-FOR-US: NFU Gallery module 1.3 for PHP-Nuke
CVE-2008-4803 (Cross-site scripting (XSS) vulnerability in index.php in Simple PHP ...)
	NOT-FOR-US: Simple PHP Scripts gallery
CVE-2008-4802 (Cross-site scripting (XSS) vulnerability in complete.php in Simple PHP ...)
	NOT-FOR-US: Simple PHP Scripts blog
CVE-2008-5076 (htop 0.7 writes process names to a terminal without sanitizing ...)
	- htop <unfixed> (unimportant; bug #504144)
	NOTE: That scenario is too constructed to call it a security issue, especially
	NOTE: given that the standard top will display the maliciously hidden processes
	NOTE: just fine. 
CVE-2008-5256 (The AcquireDaemonLock function in ipcdUnix.cpp in Sun Innotek ...)
	- virtualbox-ose 1.6.6-dfsg-3 (low; bug #504149)
CVE-2008-4801 (Heap-based buffer overflow in the Data Protection for SQL CAD service ...)
	NOT-FOR-US: SQL CAD service
CVE-2008-4800 (The DebugDiag ActiveX control in CrashHangExt.dll, possibly 1.0, in ...)
	NOT-FOR-US: ActiveX control
CVE-2008-4799 (pamperspective in Netpbm before 10.35.48 does not properly calculate a ...)
	- netpbm-free <not-affected> (Vulnerable code not present)
CVE-2008-4798 (The loadModule function in lib/WebGUI/Asset.pm in WebGUI before 7.5.30 ...)
	NOT-FOR-US: WebGUI
CVE-2008-4797 (Directory traversal vulnerability in Arihiro Kurata Kantan WEB Server ...)
	NOT-FOR-US: Arihiro Kurata Kantan WEB Server
CVE-2008-4796 (The _httpsrequest function (Snoopy/Snoopy.class.php) in Snoopy 1.2.3 ...)
	{DSA-1691-1}
	- libphp-snoopy 1.2.4-1 (bug #504168; medium)
	- ampache 3.4.1-2 (bug #504169)
	- mahara 1.0.5-2 (bug #504170)
	[lenny] - mahara 1.0.4-3
	- pixelpost 1.7.1-5 (bug #504171)
	- mediamate 0.9.3.6-5 (bug #504172; unimportant)
	NOTE: mediamate does not use snoopy in https requests
	- opendb <removed> (unimportant; bug #504173)
	- wordpress 2.5.1-9 (bug #504234)
	- moodle 1.8.2-2 (bug #504235)
	- gforge-plugin-scmcvs <removed>
	[etch] - gforge-plugin-scmcvs <not-affected> (Snoopy function not used on URLs that come from user input)
	- magpierss <not-affected> (Fixed in all supported distributions)
CVE-2008-4795 (The links panel in Opera before 9.62 processes Javascript within the ...)
	NOT-FOR-US: Opera
CVE-2008-4794 (Opera before 9.62 allows remote attackers to execute arbitrary ...)
	NOT-FOR-US: Opera
CVE-2008-4793 (The node module API in Drupal 5.x before 5.11 allows remote attackers ...)
	- drupal5 5.10-3 (low)
	- drupal6 <not-affected> (Vulnerable code not present)
CVE-2008-4792 (The core BlogAPI module in Drupal 5.x before 5.11 and 6.x before 6.5 ...)
	- drupal5 5.10-3 (low)
	- drupal6 6.4-2 (low)
CVE-2008-4791 (The user module in Drupal 5.x before 5.11 and 6.x before 6.5 might ...)
	- drupal5 5.10-3 (low)
	- drupal6 6.4-2 (low)
CVE-2008-4790 (The core upload module in Drupal 5.x before 5.11 allows remote ...)
	- drupal5 5.10-3 (low)
CVE-2008-4789 (The validation functionality in the core upload module in Drupal 6.x ...)
	- drupal6 6.4-2 (low)
CVE-2008-4788 (Microsoft Internet Explorer 6 omits high-bit URL-encoded characters ...)
	NOT-FOR-US: Microsoft Internet Explorer 6
CVE-2008-4787 (Visual truncation vulnerability in Microsoft Internet Explorer 6 ...)
	NOT-FOR-US: Microsoft Internet Explorer 6
CVE-2008-4786 (SQL injection vulnerability in easyshop.php in the EasyShop plugin for ...)
	NOT-FOR-US: EasyShop plugin for e107
CVE-2008-4785 (SQL injection vulnerability in newuser.php in the alternate_profiles ...)
	NOT-FOR-US: e107
CVE-2008-4784 (aflog 1.01 allows remote attackers to bypass authentication and gain ...)
	NOT-FOR-US: aflog
CVE-2008-4783 (tlAds 1.0 allows remote attackers to bypass authentication and gain ...)
	NOT-FOR-US: tlAds
CVE-2008-4782 (SQL injection vulnerability in public/code/cp_polls_results.php in All ...)
	NOT-FOR-US: AIOCP
CVE-2008-4781 (Directory traversal vulnerability in update.php in MyKtools 2.4 allows ...)
	NOT-FOR-US: MyKtools
CVE-2008-4780 (Directory traversal vulnerability in admin/centre.php in MyForum 1.3, ...)
	NOT-FOR-US: MyForum
CVE-2008-4779 (Stack-based buffer overflow in TUGzip 3.5.0.0 allows remote attackers ...)
	NOT-FOR-US: TUGzip
CVE-2008-4778 (SQL injection vulnerability in the gallery module in Koobi CMS 4.3.0 ...)
	NOT-FOR-US: Koobi CMS
CVE-2008-4777 (SQL injection vulnerability in the Showroom Joomlearn LMS (com_lms) ...)
	NOT-FOR-US: Showroom Joomlearn LMS
CVE-2008-4774 (Cross-site scripting (XSS) vulnerability in main/main.php in QuestCMS ...)
	NOT-FOR-US: QuestCMS
CVE-2008-4773 (Directory traversal vulnerability in main/main.php in QuestCMS allows ...)
	NOT-FOR-US: QuestCMS
CVE-2008-4772 (SQL injection vulnerability in main/main.php in QuestCMS allows remote ...)
	NOT-FOR-US: QuestCMS
CVE-2008-4771 (Stack-based buffer overflow in VATDecoder.VatCtrl.1 ActiveX control in ...)
	NOT-FOR-US: ActiveX
CVE-2008-4770 (The CMsgReader::readRect function in the VNC Viewer component in ...)
	{DSA-1716-1}
	- vnc4 4.1.1+X4.3.0-31 (medium; bug #513531)
CVE-2008-4776 (libgadu before 1.8.2 allows remote servers to cause a denial of ...)
	{DSA-1664-1}
	- libgadu 1:1.8.0+r592-3 (low; bug #503916)
	- kadu 0.6.0.2-3 (low; bug #504429)
	- ekg 1:1.8~rc0-1 (low)
	TODO: check other embedding packages
CVE-2008-4769 (Directory traversal vulnerability in the get_category_template ...)
	- wordpress 2.5.1-1
CVE-2008-4768 (SQL injection vulnerability in TLM CMS 3.1 allows remote attackers to ...)
	NOT-FOR-US: TLM CMS
CVE-2008-4767 (Unrestricted file upload vulnerability in the DownloadsPlus module in ...)
	NOT-FOR-US: PHP-Nuke
CVE-2008-4766 (SQL injection vulnerability in member.php in Oxygen Bulletin Board ...)
	NOT-FOR-US: Oxygen Bulletin Board
CVE-2008-4765 (SQL injection vulnerability in pollBooth.php in osCommerce Poll Booth ...)
	NOT-FOR-US: osCommerce Poll Booth Add-On
CVE-2008-4764 (Directory traversal vulnerability in the eXtplorer module ...)
	NOT-FOR-US: eXtplorer module in Joomla!
CVE-2008-4763 (Multiple cross-site scripting (XSS) vulnerabilities in sample.php in ...)
	NOT-FOR-US: WiKID wClient-PHP
CVE-2008-4762 (Stack-based buffer overflow in freeSSHd 1.2.1 allows remote ...)
	NOT-FOR-US: freeSSHd
CVE-2008-4761 (Cross-site scripting (XSS) vulnerability in ...)
	NOT-FOR-US: Kayako eSupport
CVE-2008-4760 (SQL injection vulnerability in lecture.php in Graphiks MyForum 1.3, ...)
	NOT-FOR-US: Graphiks MyForum
CVE-2008-4759 (Directory traversal vulnerability in download.php in BuzzyWall 1.3.1 ...)
	NOT-FOR-US: BuzzyWall
CVE-2008-4758 (Directory traversal vulnerability in download_file.php in PHP-Daily ...)
	NOT-FOR-US: PHPdaily
CVE-2008-4757 (Multiple SQL injection vulnerabilities in PHP-Daily allow remote ...)
	NOT-FOR-US: PHPdaily
CVE-2008-4756 (Cross-site scripting (XSS) vulnerability in add_prest_date.php in ...)
	NOT-FOR-US: PHPdaily
CVE-2008-4755 (SQL injection vulnerability in gotourl.php in PozScripts Classified ...)
	NOT-FOR-US: PozScripts Classified Auctions Script
CVE-2008-4754 (SQL injection vulnerability in forum.php in Scripts for Sites (SFS) Ez ...)
	NOT-FOR-US: Scripts for Sites Ez Forum
CVE-2008-4753 (SQL injection vulnerability in EditUrl.php in AJ Square RSS Reader ...)
	NOT-FOR-US: AJ Square RSS Reader
CVE-2008-4752 (TlNews 2.2 allows remote attackers to bypass authentication and gain ...)
	NOT-FOR-US: TlNews
CVE-2008-4751 (Cross-site scripting (XSS) vulnerability in index.php in iPei ...)
	NOT-FOR-US: iPei Guestbook
CVE-2008-4750 (Stack-based buffer overflow in the VImpX.VImpAX ActiveX control ...)
	NOT-FOR-US: ActiveX
CVE-2008-4749 (Multiple insecure method vulnerabilities in the VImpX.VImpAX ActiveX ...)
	NOT-FOR-US: ActiveX
CVE-2008-4747 (Unspecified vulnerability in the search feature in Sun Java System ...)
	NOT-FOR-US: Sun Java System LDAP JDK
CVE-2008-4746 (Multiple SQL injection vulnerabilities in Uniwin eCart Professional ...)
	NOT-FOR-US: Uniwin eCart Professional
CVE-2008-4745 (Cross-site scripting (XSS) vulnerability in emailFriend.asp in Uniwin ...)
	NOT-FOR-US: Uniwin eCart Professional
CVE-2008-4744 (SQL injection vulnerability in product_detail.php in DXShopCart 4.30mc ...)
	NOT-FOR-US: DXShopCart
CVE-2008-4743 (SQL injection vulnerability in index.php in QuidaScript FAQ Management ...)
	NOT-FOR-US: QuidaScript FAQ Management Script
CVE-2008-4742 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
	NOT-FOR-US: TimeTrex
CVE-2008-4741 (Directory traversal vulnerability in index.php in FAR-PHP 1.00, when ...)
	NOT-FOR-US: FAR-PHP
CVE-2008-4740 (Directory traversal vulnerability in templater.php in the ZZ_Templater ...)
	NOT-FOR-US: ZZ_Templater module in TinyCMS
CVE-2006-7234 (Untrusted search path vulnerability in Lynx before 2.8.6rel.4 allows ...)
	- lynx-cur 2.8.7dev4-1 (low)
	- lynx <not-affected> (Doesn't include the current directory in the search path)
CVE-2008-4748 (Format string vulnerability in the URI handler in KVirc 3.4.0, when ...)
	- kvirc 2:3.4.0-3 (bug #503401)
CVE-2008-XXXX [balazar3: insecure temp file handling]
	- balazar3 0.1-2 (bug #503750)
CVE-2008-4775 (Cross-site scripting (XSS) vulnerability in pmd_pdf.php in phpMyAdmin ...)
	- phpmyadmin 4:2.11.8.1-4 (low)
	[etch] - phpmyadmin <not-affected> (Vulnerable code not present)
	NOTE: http://www.securityfocus.com/archive/1/497815
CVE-2008-4739 (Directory traversal vulnerability in index.php in PlugSpace 0.1, when ...)
	NOT-FOR-US: PlugSpace
CVE-2008-4738 (SQL injection vulnerability in gallery.php in MyCard 1.0.2 allows ...)
	NOT-FOR-US: MyCard
CVE-2008-4737 (Cross-site scripting (XSS) vulnerability in wholite.cgi in WhoDomLite ...)
	NOT-FOR-US: WhoDomLite
CVE-2008-4736 (SQL injection vulnerability in index.php in RPG.Board 0.8 Beta2 and ...)
	NOT-FOR-US: RPG.Board
CVE-2008-4735 (PHP remote file inclusion vulnerability in header.php in Concord ...)
	NOT-FOR-US: Concord software
CVE-2008-4734 (Cross-site request forgery (CSRF) vulnerability in the ...)
	NOT-FOR-US: WP Comment Remix plugin
CVE-2008-4733 (Cross-site scripting (XSS) vulnerability in wpcommentremix.php in WP ...)
	NOT-FOR-US: WP Comment Remix plugin
CVE-2008-4732 (SQL injection vulnerability in ajax_comments.php in the WP Comment ...)
	NOT-FOR-US: WP Comment Remix plugin
CVE-2008-4731 (Multiple unspecified vulnerabilities in YaCy before 0.61 have unknown ...)
	- yacy <itp> (bug #452422)
CVE-2008-4730 (Cross-site scripting (XSS) vulnerability in MyID.php in phpMyID 0.9 ...)
	- phpmyid <itp> (bug #492325)
CVE-2008-4729 (Stack-based buffer overflow in Hummingbird.XWebHostCtrl.1 ActiveX ...)
	NOT-FOR-US: Hummingbird Xweb
CVE-2008-4728 (Multiple insecure method vulnerabilities in the ...)
	NOT-FOR-US: Hummingbird Deployment Wizard
CVE-2008-4727 (Cross-site scripting (XSS) vulnerability in the contact update page ...)
	NOT-FOR-US: SunGard Banner Student
CVE-2008-4726 (Stack-based buffer overflow in the SFTP subsystem in GoodTech SSH 6.4 ...)
	NOT-FOR-US: GoodTech SSH
CVE-2008-4725 (Cross-site scripting (XSS) vulnerability in Opera.dll in Opera 9.52 ...)
	NOT-FOR-US: Opera
CVE-2008-4724 (Multiple cross-site scripting (XSS) vulnerabilities in Google Chrome ...)
	{CVE-2008-4723}
	TODO: check if Webkit is affected
	NOTE: not reproducible using iceweasel 3.0.1
CVE-2008-4723 (Multiple cross-site scripting (XSS) vulnerabilities in Mozilla Firefox ...)
	{CVE-2008-4724}
	TODO: check
	NOTE: http://www.jorgan.users.cg.yu/ seems to be the original source
	NOTE: Not enough details to tell if this is a real vulnerability.
	NOTE: My guess is that file names containing <>& are incorrectly
	NOTE: handled in FTP mode. Since the server might directly serve
	NOTE: HTML files anyway, this seems a remote risk.
CVE-2008-4722 (Unspecified vulnerability in Sun Integrated Lights-Out Manager (ILOM) ...)
	NOT-FOR-US: Sun ILOM
CVE-2008-4721 (PHP Jabbers Post Comment 3.0 allows remote attackers to bypass ...)
	NOT-FOR-US: PHP Jabbers
CVE-2008-4720 (Multiple PHP remote file inclusion vulnerabilities in The Gemini ...)
	NOT-FOR-US: The Gemini Portal
CVE-2008-4719 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: openEngine
CVE-2008-4718 (Directory traversal vulnerability in help/mini.phpin X7 Chat 2.0.1 A1 ...)
	NOT-FOR-US: X7 Chat
CVE-2008-4717 (SQL injection vulnerability in bannerclick.php in ZEELYRICS 2.0 allows ...)
	NOT-FOR-US: ZEELYRICS
CVE-2008-4716 (SQL injection vulnerability in show.php in BitmixSoft PHP-Lance 1.52 ...)
	NOT-FOR-US: PHP-Lance
CVE-2008-4715 (SQL injection vulnerability in the Jpad (com_jpad) 1.0 component for ...)
	NOT-FOR-US: com_jpad for Joomla!
CVE-2008-4714 (Atomic Photo Album 1.1.0 pre4 does not properly handle the ...)
	NOT-FOR-US: Atomic Photo Album
CVE-2008-4713 (SQL injection vulnerability in view.php in 212cafe Board 0.07 allows ...)
	NOT-FOR-US: 212cafe Board
CVE-2008-4712 (Directory traversal vulnerability in pages/showblog.php in LnBlog ...)
	NOT-FOR-US: LnBlog
CVE-2008-4711 (SQL injection vulnerability in Joovili 3.0 and earlier, when ...)
	NOT-FOR-US: Joovili
CVE-2008-4710 (Cross-site scripting (XSS) vulnerability in the stock quotes page in ...)
	NOT-FOR-US: Stock module for Drupal
CVE-2008-4709 (SQL injection vulnerability in news_read.php in Pilot Group (PG) ...)
	NOT-FOR-US: PG eTraining
CVE-2008-4708 (BbZL.PhP 0.92 allows remote attackers to bypass authentication and ...)
	NOT-FOR-US: BbZL.PhP
CVE-2008-4707 (Directory traversal vulnerability in index.php in BbZL.PhP 0.92 allows ...)
	NOT-FOR-US: BbZL.PhP
CVE-2008-4706 (SQL injection vulnerability in VBGooglemap Hotspot Edition 1.0.3, a ...)
	NOT-FOR-US: VBGooglemap Hotspot Edition
CVE-2008-4705 (SQL injection vulnerability in success_story.php in php Online Dating ...)
	NOT-FOR-US: MyPHPDating
CVE-2008-4704 (PHP remote file inclusion vulnerability in SezHooTabsAndActions.php in ...)
	NOT-FOR-US: SezHoo
CVE-2008-4703 (SQL injection vulnerability in news.php in BosDev BosNews 4.0 allows ...)
	NOT-FOR-US: BosDev BosNews
CVE-2008-4702 (Multiple directory traversal vulnerabilities in PhpWebGallery 1.3.4 ...)
	NOT-FOR-US: PhpWebGallery
CVE-2008-4701 (SQL injection vulnerability in admin.php in Libera CMS 1.12, when ...)
	NOT-FOR-US: Libera CMS
CVE-2008-4700 (SQL injection vulnerability in admin.php in Libera CMS 1.12 and ...)
	NOT-FOR-US: Libera CMS
CVE-2008-4699 (Insecure method vulnerability in the ActiveX control (PAWWeb11.ocx) in ...)
	NOT-FOR-US: Peachtree Accounting
CVE-2008-4698 (Opera before 9.61 does not properly block scripts during preview of a ...)
	NOT-FOR-US: Opera
CVE-2008-4697 (The Fast Forward feature in Opera before 9.61, when a page is located ...)
	NOT-FOR-US: Opera
CVE-2008-4696 (Cross-site scripting (XSS) vulnerability in Opera.dll in Opera before ...)
	NOT-FOR-US: Opera
CVE-2008-4695 (Opera before 9.60 allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: Opera
CVE-2008-4694 (Unspecified vulnerability in Opera before 9.60 allows remote attackers ...)
	NOT-FOR-US: Opera
CVE-2008-4693 (The SORT/LIST SERVICES component in IBM DB2 9.1 before FP6 and 9.5 ...)
	NOT-FOR-US: IBM DB2
CVE-2008-4692 (The Native Managed Provider for .NET component in IBM DB2 8 before ...)
	NOT-FOR-US: IBM DB2
CVE-2008-4691 (Unspecified vulnerability in the SQLNLS_UNPADDEDCHARLEN function in ...)
	NOT-FOR-US: IBM DB2
CVE-2008-4690 (lynx 2.8.6dev.15 and earlier, when advanced mode is enabled and lynx ...)
	- lynx <not-affected> (advanced mode is not switched on in Debian configurations and lynxcgi handlers are really unlikely)
CVE-2008-4689 (Mantis before 1.1.3 does not unset the session cookie during logout, ...)
	- mantis 1.1.2+dfsg-9 (low; bug #503588)
CVE-2008-4688 (core/string_api.php in Mantis before 1.1.3 does not check the ...)
	- mantis 1.1.2+dfsg-9 (low; bug #503588)
CVE-2008-4685 (Use-after-free vulnerability in the dissect_q931_cause_ie function in ...)
	{DSA-1673-1}
	- wireshark 1.0.4-1 (low; bug #503589)
	[lenny] - wireshark 1.0.2-3+lenny2
CVE-2008-4684 (packet-frame in Wireshark 0.99.2 through 1.0.3 does not properly ...)
	{DSA-1673-1}
	- wireshark 1.0.4-1 (low; bug #503589)
	[lenny] - wireshark 1.0.2-3+lenny2
CVE-2008-4683 (The dissect_btacl function in packet-bthci_acl.c in the Bluetooth ACL ...)
	{DSA-1673-1}
	- wireshark 1.0.4-1 (low; bug #503589)
	[lenny] - wireshark 1.0.2-3+lenny2
CVE-2008-4682 (wtap.c in Wireshark 0.99.7 through 1.0.3 allows remote attackers to ...)
	- wireshark 1.0.4-1 (low; bug #503589)
	[etch] - wireshark <not-affected> (Vulnerable code not present, introduced in 0.99.7)
	[lenny] - wireshark 1.0.2-3+lenny2
CVE-2008-4681 (Unspecified vulnerability in the Bluetooth RFCOMM dissector in ...)
	- wireshark 1.0.4-1 (low; bug #503589)
	[etch] - wireshark <not-affected> (Vulnerable code not present, introduced in 0.99.7)
	[lenny] - wireshark 1.0.2-3+lenny2
CVE-2008-4680 (packet-usb.c in the USB dissector in Wireshark 0.99.7 through 1.0.3 ...)
	- wireshark 1.0.4-1 (low; bug #503589)
	[etch] - wireshark <not-affected> (Vulnerable code not present, introduced in 0.99.7)
	[lenny] - wireshark 1.0.2-3+lenny2
CVE-2008-4679 (The Web Services Security component in IBM WebSphere Application ...)
	NOT-FOR-US: IBM Websphere
CVE-2008-4678 (The HTTP_Request_Parser method in the HTTP Transport component in IBM ...)
	NOT-FOR-US: IBM Websphere
CVE-2008-4677 (autoload/netrw.vim (aka the Netrw Plugin) 109, 131, and other versions ...)
	- vim <unfixed> (unimportant)
	NOTE: documented in netrw documentation
CVE-2008-XXXX [local file inclusion in drupal]
	- drupal6 6.6-1 (low; bug #503222)
	- drupal5 5.10-3 (low; bug #503217)
CVE-2008-XXXX [XSS in book module in drupal]
	- drupal6 6.6-1 (low; bug #503222)
	- drupal5 <not-affected> (vulnerable code not present)
CVE-2008-4676 (Unspecified vulnerability in Citrix XenApp (formerly Presentation ...)
	NOT-FOR-US: Citrix XenApp
CVE-2008-4675 (SQL injection vulnerability in index.php in PHPcounter 1.3.2 and ...)
	NOT-FOR-US: PHPcounter
CVE-2008-4674 (SQL injection vulnerability in realestate-index.php in Conkurent Real ...)
	NOT-FOR-US: Conkurent Real Estate Manager
CVE-2008-4673 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: WebBiscuits Software Events Calendar
CVE-2008-4672 (Cross-site scripting (XSS) vulnerability in search_results.php in ...)
	NOT-FOR-US: buymyscripts Lyrics Script
CVE-2008-4671 (Cross-site scripting (XSS) vulnerability in wp-admin/wp-blogs.php in ...)
	- wordpress <not-affected> (Vulnerable code only in mulitiuser wordpress)
CVE-2008-4670 (Cross-site scripting (XSS) vulnerability in search.php in Ed Pudol ...)
	NOT-FOR-US: Ed Pudol Clickbank Portal 
CVE-2008-4669 (Cross-site scripting (XSS) vulnerability in search.php in Dan Fletcher ...)
	NOT-FOR-US: Dan Fletcher Recipe Script
CVE-2008-4668 (Directory traversal vulnerability in the Image Browser ...)
	NOT-FOR-US: com_imagebrowser for Joomla!
CVE-2008-4667 (Directory traversal vulnerability in rss.php in ArabCMS 2.0 beta 1 ...)
	NOT-FOR-US: ArabCMS
CVE-2008-4666 (SQL injection vulnerability in webboard.php in Ultimate Webboard 3.00 ...)
	NOT-FOR-US: Ultimate Webboard
CVE-2008-4665 (SQL injection vulnerability in PG Matchmaking allows remote attackers ...)
	NOT-FOR-US: PG Matchmaking
CVE-2008-4664 (Heap-based buffer overflow in QvodInsert.QvodCtrl.1 ActiveX control ...)
	NOT-FOR-US: QvodInsert
CVE-2008-4663 (Cross-site scripting (XSS) vulnerability in analysis.cgi 1.44, as used ...)
	NOT-FOR-US: K's CGI Access Log Kaiseki 
CVE-2008-4662 (Directory traversal vulnerability in admin.php in LokiCMS 0.3.4, when ...)
	NOT-FOR-US: LokiCMS
CVE-2008-4661 (Cross-site scripting (XSS) vulnerability in the Page Improvements ...)
	NOT-FOR-US: sm_pageimprovements for Typo3
CVE-2008-4660 (SQL injection vulnerability in the M1 Intern (m1_intern) 1.0.0 ...)
	NOT-FOR-US: m1_intern for Typo3
CVE-2008-4659 (SQL injection vulnerability in the Mannschaftsliste ...)
	NOT-FOR-US: kiddog_playerlist for Typo3
CVE-2008-4658 (SQL injection vulnerability in the JobControl (dmmjobcontrol) 1.15.4 ...)
	NOT-FOR-US: dmmjobcontrol for Typo3
CVE-2008-4657 (SQL injection vulnerability in the Econda Plugin (econda) 0.0.2 and ...)
	NOT-FOR-US: econda for Typo3
CVE-2008-4656 (SQL injection vulnerability in the Frontend Users View (feusersview) ...)
	NOT-FOR-US: fersview for Typo3
CVE-2008-4655 (SQL injection vulnerability in the Simple survey (simplesurvey) 1.7.0 ...)
	NOT-FOR-US: simplesurvey for Typo3
CVE-2008-4653 (SQL injection vulnerability in makale.php in Makale 0.26 and possibly ...)
	NOT-FOR-US: Makale module for XOOPS
CVE-2008-4652 (Buffer overflow in the ActiveX control (DartFtp.dll) in Dart ...)
	NOT-FOR-US: Dart Communications PowerTCP FTP
CVE-2008-4651 (Multiple SQL injection vulnerabilities in Jetbox CMS 2.1 allow remote ...)
	NOT-FOR-US: Jetbox CMS
CVE-2008-4650 (SQL injection vulnerability in viewevent.php in myEvent 1.6 allows ...)
	NOT-FOR-US: myEvent
CVE-2008-4649 (Session fixation vulnerability in Elxis CMS 2008.1 revision 2204 ...)
	NOT-FOR-US: Elxis
CVE-2008-4648 (Cross-site scripting (XSS) vulnerability in index.php in Elxis CMS ...)
	NOT-FOR-US: Elxis
CVE-2008-4647 (SQL injection vulnerability in index.php in sweetCMS 1.5.2 allows ...)
	NOT-FOR-US: sweetCMS
CVE-2008-4646 (The Websense Reporter Module in Websense Enterprise 6.3.2 stores the ...)
	NOT-FOR-US: Websense Enterprise
CVE-2008-4645 (plugins/event_tracer/event_list.php in PhpWebGallery 1.7.2 and earlier ...)
	NOT-FOR-US: PhpWebGallery
CVE-2008-4644 (hits.php in myWebland myStats allows remote attackers to bypass IP ...)
	NOT-FOR-US: myWebland myStats
CVE-2008-4643 (SQL injection vulnerability in hits.php in myWebland myStats allows ...)
	NOT-FOR-US: myWebland myStats
CVE-2008-4642 (SQL injection vulnerability in profile.php in AstroSPACES 1.1.1 allows ...)
	NOT-FOR-US: AstroSPACES
CVE-2008-4641 (The DoCommand function in jhead.c in Matthias Wandel jhead 2.84 and ...)
	- jhead 2.84-2 (low; bug #503645)
CVE-2008-4640 (The DoCommand function in jhead.c in Matthias Wandel jhead 2.84 and ...)
	- jhead 2.85-1 (unimportant; bug #504194)
	NOTE: no issue, jhead is just unlinking the output file if it already exists, this is not following symlinks
CVE-2008-4639 (jhead.c in Matthias Wandel jhead before 2.84 allows local users to ...)
	- jhead 2.84-1 (low)
CVE-2008-4638 (qioadmin in the Quick I/O for Database feature in Symantec Veritas ...)
	NOT-FOR-US: Symantec VxFS
CVE-2008-4637 (Cross-site scripting (XSS) vulnerability in cpCommerce before 1.2.4 ...)
	NOT-FOR-US: cpCommerce
CVE-2008-4636 (yast2-backup 2.14.2 through 2.16.6 on SUSE Linux and Novell Linux ...)
	NOT-FOR-US: SUSE Linux and Novell Linux (yast2-backup)
CVE-2008-4635 (Unspecified vulnerability in Hisanaga Electric Co, Ltd. hisa_cart 1.29 ...)
	NOT-FOR-US: XOOPS module
CVE-2008-4634 (Cross-site scripting (XSS) vulnerability in Movable Type 4 through ...)
	- movabletype-opensource 4.2.1-3 (low; bug #503114)
CVE-2008-4633 (SQL injection vulnerability in Node Vote 5.x before 5.x-1.1 and 6.x ...)
	NOT-FOR-US: Node Vote
CVE-2008-4632 (Multiple directory traversal vulnerabilities in index.php in Kure ...)
	NOT-FOR-US: Kure
CVE-2008-4631 (Stack-based buffer overflow in the Message::AddToString function in ...)
	NOT-FOR-US: MUSCLE, NOTE this is not the multiple alignment program for protein sequences in Debian
CVE-2008-4630 (Multiple unspecified vulnerabilities in Midgard Components (MidCOM) ...)
	NOT-FOR-US: Midgard Components Framework
CVE-2008-4629 (Cross-site scripting (XSS) vulnerability in Usagi Project MyNETS 1.2.0 ...)
	NOT-FOR-US: Usagi Project MyNETS
CVE-2008-4628 (SQL injection vulnerability in del.php in myWebland miniBloggie 1.0 ...)
	NOT-FOR-US: myWebland miniBloggie
CVE-2008-4627 (SQL injection vulnerability in the rGallery plugin 1.09 for WoltLab ...)
	NOT-FOR-US: WoltLab Burning Board
CVE-2008-4626 (Directory traversal vulnerability in index.php in Fritz Berger yet ...)
	NOT-FOR-US: yappa-ng
CVE-2008-4625 (SQL injection vulnerability in stnl_iframe.php in the ShiftThis ...)
	NOT-FOR-US: st_newsletter plugin for WordPress
CVE-2008-4624 (PHP remote file inclusion vulnerability in init.php in Fast Click SQL ...)
	NOT-FOR-US: Fast Click SQL Lite
CVE-2008-4623 (SQL injection vulnerability in the DS-Syndicate (com_ds-syndicate) ...)
	NOT-FOR-US: DS-Syndicate
CVE-2008-4622 (The isLoggedIn function in fastnews-code.php in phpFastNews 1.0.0 ...)
	NOT-FOR-US: phpFastNews
CVE-2008-4621 (SQL injection vulnerability in bannerclick.php in ZeeScripts ...)
	NOT-FOR-US: ZeeScripts Zeeproperty
CVE-2008-4620 (SQL injection vulnerability in Meeting Room Booking System (MRBS) ...)
	NOT-FOR-US: Meeting Room Booking System
CVE-2008-4619 (The RPC subsystem in Sun Solaris 9 allows remote attackers to cause a ...)
	NOT-FOR-US: Sun Solaris
CVE-2008-4618 (The Stream Control Transmission Protocol (sctp) implementation in the ...)
	{DSA-1681-1}
	- linux-2.6 2.6.26-10
	[etch] - linux-2.6 <not-affected>
	- linux-2.6.24 2.6.24-6~etchnhalf.7
	NOTE: ba0166708ef4da7eeb61dd92bbba4d5a749d6561
CVE-2008-4617 (SQL injection vulnerability in the actualite module 1.0 for Joomla! ...)
	NOT-FOR-US: actualite module for Joomla!
CVE-2008-4616 (The SpamBam plugin for WordPress allows remote attackers to bypass ...)
	NOT-FOR-US: SpamBam plugin for WordPress
CVE-2008-4615 (Unspecified vulnerability in i_utils.asp in PortalApp before 4.01a has ...)
	NOT-FOR-US: PortalApp
CVE-2008-4614 (PortalApp 4.0 does not require authentication for (1) forums.asp and ...)
	NOT-FOR-US: PortalApp
CVE-2008-4613 (SQL injection vulnerability in forums.asp in PortalApp 4.0 allows ...)
	NOT-FOR-US: PortalApp
CVE-2008-4612 (Cross-site scripting (XSS) vulnerability in PortalApp 4.0 allows ...)
	NOT-FOR-US: PortalApp
CVE-2008-4611 (SQL injection vulnerability in index.php in PHP Arsivimiz Php ...)
	NOT-FOR-US: PHP Arsivimiz Php Ziyaretci Defteri
CVE-2008-4610 (MPlayer allows remote attackers to cause a denial of service ...)
	{DTSA-181-1}
	- mplayer 1.0~rc2-20 (unimportant; bug #407010)
	NOTE: only the aac issue affected mplayer because it built against a copy of faad
	NOTE: the ogm issue is a problem in ffmpeg
	- ffmpeg-debian <unfixed> (unimportant; bug #509616)
	NOTE: just a crasher, no security implications known so far
	NOTE: http://sam.zoy.org/blog/2007-01-16-exposing-file-parsing-vulnerabilities
CVE-2008-4609 (The TCP implementation in (1) Linux, (2) platforms based on BSD Unix, ...)
	TODO: check
CVE-2008-4608
	RESERVED
CVE-2008-4607
	RESERVED
CVE-2008-4606 (Multiple SQL injection vulnerabilities in IP Reg 0.4 and earlier allow ...)
	NOT-FOR-US: IP Reg
CVE-2008-4605 (SQL injection vulnerability in CafeEngine allows remote attackers to ...)
	NOT-FOR-US: CafeEngine
CVE-2008-4604 (SQL injection vulnerability in index.php in Easy CafeEngine 1.1 allows ...)
	NOT-FOR-US: CafeEngine
CVE-2008-4603 (SQL injection vulnerability in search.php in iGaming CMS 2.0 Alpha 1 ...)
	NOT-FOR-US: iGaming CM
CVE-2008-4602 (Directory traversal vulnerability in index.php in Post Affiliate Pro ...)
	NOT-FOR-US: Post Affiliate Pro
CVE-2008-4601 (Cross-site scripting (XSS) vulnerability in the login feature in ...)
	NOT-FOR-US:  Habari CMS
CVE-2008-4600 (configure.php in PokerMax Poker League Tournament Script 0.13 allows ...)
	NOT-FOR-US: PokerMax Poker League Tournament Script
CVE-2008-4599 (SQL injection vulnerability in category.php in Mosaic Commerce allows ...)
	NOT-FOR-US: Mosaic Commerce
CVE-2008-4598 (Unspecified vulnerability in Shindig-Integrator 5.x, a module for ...)
	NOT-FOR-US: Shindig-Integrator module for Drupal
CVE-2008-4597 (Shindig-Integrator 5.x, a module for Drupal, does not properly ...)
	NOT-FOR-US: Shindig-Integrator module for Drupal
CVE-2008-4596 (Cross-site scripting (XSS) vulnerability in Shindig-Integrator 5.x, a ...)
	NOT-FOR-US: Shindig-Integrator module for Drupal
CVE-2008-4595 (Multiple unspecified vulnerabilities in Slaytanic Scripts Content Plus ...)
	NOT-FOR-US: Slaytanic Scripts Content Plus
CVE-2008-4594 (Unspecified vulnerability in the SNMPv3 component in Linksys WAP4400N ...)
	NOT-FOR-US: Linksys WAP4400N firmware
CVE-2008-4593 (Apple iPhone 2.1 with firmware 5F136, when Require Passcode is enabled ...)
	NOT-FOR-US: Apple iPhone 2.1 with firmware 5F136
CVE-2007-6718 (MPlayer, possibly 1.0rc1, allows remote attackers to cause a denial of ...)
	- mplayer <unfixed> (low; bug #407010)
	NOTE: http://sam.zoy.org/blog/2007-01-16-exposing-file-parsing-vulnerabilities
CVE-2008-4654 (Stack-based buffer overflow in the parse_master function in the Ty ...)
	- vlc <not-affected> (bug #502726)
	NOTE: code in 0.8.6.i-2 does not have this flaw, experimental version (0.9.4 is vulnerable)
	TODO: check if >= 0.9.4 is uploaded to unstable
CVE-2008-4686 (Multiple integer overflows in ty.c in the TY demux plugin (aka the ...)
	{DTSA-175-1}
	- vlc 0.8.6.h-4.1 (medium; bug #503118)
CVE-2008-4687 (manage_proj_page.php in Mantis before 1.1.4 allows remote ...)
	- mantis 1.1.2+dfsg-7 (medium; bug #502728)
	NOTE: only registered users can perform this
CVE-2008-4592 (Directory traversal vulnerability in index.php in Sports Clubs Web ...)
	NOT-FOR-US: Sports Clubs Web Panel
CVE-2008-4591 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
	NOT-FOR-US: PhpWebGallery
CVE-2008-4590 (Multiple SQL injection vulnerabilities in Stash 1.0.3 allow remote ...)
	NOT-FOR-US: Stash
CVE-2008-4589 (Heap-based buffer overflow in the tvtumin.sys kernel driver in Lenovo ...)
	NOT-FOR-US: Lenovo Rescue and Recovery
CVE-2008-4588 (Stack-based buffer overflow in the FTP server in Etype Eserv 3.x, ...)
	NOT-FOR-US: Etype Eserv
CVE-2008-4587 (Insecure method vulnerability in the ...)
	NOT-FOR-US: Macrovision FLEXnet Connect
CVE-2008-4586 (Insecure method vulnerability in the MVSNCLientWebAgent61.WebAgent.1 ...)
	NOT-FOR-US: Macrovision FLEXnet Connect
CVE-2008-4585 (Belong Software Site Builder 0.1 beta allows remote attackers to ...)
	NOT-FOR-US: Software Site Builder
CVE-2008-4584 (Insecure method vulnerability in Chilkat Mail 7.8 ActiveX control ...)
	NOT-FOR-US: Chilkat Mail
CVE-2008-4583 (Insecure method vulnerability in the Chilkat FTP 2.0 ActiveX component ...)
	NOT-FOR-US: Chilkat FTP
CVE-2008-4582 (Mozilla Firefox 3.0.1 through 3.0.3, Firefox 2.x before 2.0.0.18, and ...)
	{DSA-1697-1 DSA-1696-1 DSA-1671-1 DSA-1669-1}
	- xulrunner 1.9.0.4-1
	- iceweasel 3.0.4-1
	- iceape 1.1.13-1
CVE-2008-4581 (The Editor in IBM ENOVIA SmarTeam 5 before release 18 SP5, and release ...)
	NOT-FOR-US: IBM ENOVIA SmarTeam
CVE-2008-4580 (fence_manual, as used in fence 2.02.00-r1 and possibly cman, allows ...)
	- redhat-cluster 2.20080801-1 (low; bug #496410)
	[etch] - redhat-cluster <no-dsa> (Minor issue)
	NOTE: already fixed in lenny
CVE-2008-4579 (The (1) fence_apc and (2) fence_apc_snmp programs, as used in (a) ...)
	- redhat-cluster 2.20081102-1 (low; bug #496410)
	[lenny] - redhat-cluster 2.20080801-4+lenny1
	[etch] - redhat-cluster <no-dsa> (Minor issue)
CVE-2008-4578 (The ACL plugin in Dovecot before 1.1.4 allows attackers to bypass ...)
	- dovecot <unfixed> (low; bug #502967)
	[etch] - dovecot <no-dsa> (Minor issue)
	[lenny] - dovecot <no-dsa> (Minor issue)
CVE-2008-4577 (The ACL plugin in Dovecot before 1.1.4 treats negative access rights ...)
	- dovecot 1:1.0.15-2.2 (low; bug #502967)
	[etch] - dovecot <no-dsa> (Minor issue)
CVE-2008-4576 (sctp in Linux kernel before 2.6.25.18 allows remote attackers to cause ...)
	{DSA-1687-1 DSA-1681-1}
	- linux-2.6 2.6.26-9
	- linux-2.6.24 2.6.24-6~etchnhalf.7
CVE-2008-4575 (Buffer overflow in the DoCommand function in jhead before 2.84 might ...)
	- jhead 2.84-1 (bug #502353; low)
CVE-2008-4571 (Cross-site scripting (XSS) vulnerability in the LiveSearch module in ...)
	- plone3 3.0.4-1 (low)
CVE-2008-4569 (SQL injection vulnerability in xlacomments.asp in XIGLA Software ...)
	NOT-FOR-US: XIGLA Software Absolute Poll Manager
CVE-2008-4574 (SQL injection vulnerability in default.asp in Ayco Okul Portali allows ...)
	NOT-FOR-US: Ayco Okul Portali
CVE-2008-4573 (SQL injection vulnerability in kategori.asp in MunzurSoft Wep Portal ...)
	NOT-FOR-US: MunzurSoft Wep Portal W3
CVE-2008-4572 (GuildFTPd 0.999.14, and possibly other versions, allows remote ...)
	NOT-FOR-US: GuildFTPd
CVE-2008-4570 (SQL injection vulnerability in index.php in Real Estate Classifieds ...)
	NOT-FOR-US: Real Estate Classifieds
CVE-2008-4568
	RESERVED
CVE-2008-4567
	RESERVED
CVE-2008-4566
	RESERVED
CVE-2008-4565
	RESERVED
CVE-2008-4564
	RESERVED
CVE-2008-4563
	RESERVED
CVE-2008-4562
	RESERVED
CVE-2008-4561
	RESERVED
CVE-2008-4560
	RESERVED
CVE-2008-4559
	RESERVED
CVE-2008-4557 (plugins/wacko/highlight/html.php in Strawberry in CuteNews.ru 1.1.1 ...)
	NOT-FOR-US: CuteNews.ru
CVE-2008-4556 (Stack-based buffer overflow in the adm_build_path function in sadmind ...)
	NOT-FOR-US: Sun Solstice AdminSuite
CVE-2008-4555 (Stack-based buffer overflow in the push_subg function in parser.y ...)
	- graphviz 2.20.2-3 (low)
	[etch] - graphviz 2.8-3+etch1
	NOTE: minor issue fixed in etch r6 point update
CVE-2008-4554 (The do_splice_from function in fs/splice.c in the Linux kernel before ...)
	{DSA-1687-1 DSA-1681-1}
	- linux-2.6 2.6.26-9
	- linux-2.6.24 2.6.24-6~etchnhalf.7
CVE-2008-4553 (qemu-make-debian-root in qemu 0.9.1-5 on Debian GNU/Linux allows local ...)
	{DSA-1657-1}
	- qemu 0.9.1-6 (low; bug #496394)
CVE-2008-4552 (nfs-utils 1.0.9, and possibly other versions before 1.1.3, invokes the ...)
	- nfs-utils 1:1.1.3-1
	[lenny] - nfs-utils 1:1.1.2-6lenny1
CVE-2008-4551 (strongSwan 4.2.6 and earlier allows remote attackers to cause a denial ...)
	- strongswan 4.2.4-5 (bug #502676)
CVE-2008-4550
	RESERVED
CVE-2008-4549 (The ImageShack Toolbar ActiveX control (ImageShackToolbar.dll) in ...)
	NOT-FOR-US: ImageShack Toolbar ActiveX control
CVE-2008-4548 (Stack-based buffer overflow in the PTZCamPanelCtrl ActiveX control ...)
	NOT-FOR-US: PTZCamPanelCtrl ActiveX control
CVE-2008-4547 (Heap-based buffer overflow in the PdvrAtl.PdvrOcx.1 ActiveX control ...)
	NOT-FOR-US: DVRHOST Web CMS
CVE-2008-4546 (Adobe Flash Player 9.0.45.0, 9.0.112.0, 9.0.124.0, and 10.0.12.10 ...)
	NOT-FOR-US: Flash plugin
CVE-2008-4558 (Array index error in VLC media player 0.9.2 allows remote attackers to ...)
	- vlc <not-affected> (medium; bug #502314)
	TODO: only 0.9.0->0.9.2 are affected, check if newer upstream version is uploaded to unstable
CVE-2008-4545 (Cisco Unity 4.x before 4.2(1)ES161, 5.x before 5.0(1)ES53, and 7.x ...)
	NOT-FOR-US: Cisco
CVE-2008-4544 (Unspecified vulnerability in an unspecified Microsoft API, as used by ...)
	NOT-FOR-US: Microsoft
CVE-2008-4543 (Cisco Unity 4.x before 4.2(1)ES161, 5.x before 5.0(1)ES53, and 7.x ...)
	NOT-FOR-US: Cisco
CVE-2008-4542 (Cross-site scripting (XSS) vulnerability in Cisco Unity 4.x before ...)
	NOT-FOR-US: Cisco
CVE-2008-4541 (Heap-based buffer overflow in the FTP subsystem in Sun Java System Web ...)
	NOT-FOR-US: Sun Java System Web Proxy Server
CVE-2008-4540 (Windows Mobile 6 on the HTC Hermes device makes WLAN passwords ...)
	NOT-FOR-US: Windows Mobile
CVE-2008-4539 (Heap-based buffer overflow in the Cirrus VGA implementation in (1) KVM ...)
	- qemu 0.9.1+svn20081101-1
CVE-2008-4538
	RESERVED
CVE-2008-4537 (Cross-site scripting (XSS) vulnerability in EC-CUBE Ver1 1.4.6 and ...)
	NOT-FOR-US: EC-CUBE
CVE-2008-4536 (Cross-site scripting (XSS) vulnerability in EC-CUBE Ver1 1.4.6 and ...)
	NOT-FOR-US: EC-CUBE
CVE-2008-4535 (Cross-site scripting (XSS) vulnerability in EC-CUBE Ver2 2.1.2a and ...)
	NOT-FOR-US: EC-CUBE
CVE-2008-4534 (SQL injection vulnerability in EC-CUBE Ver2 2.1.2a and earlier, and ...)
	NOT-FOR-US: EC-CUBE
CVE-2008-5299 (chm2pdf 0.9 allows user-assisted local users to delete arbitrary files ...)
	- chm2pdf 0.9.1-1.1 (low; bug #501959)
CVE-2008-5298 (chm2pdf 0.9 uses temporary files in directories with fixed names, ...)
	- chm2pdf 0.9.1-1.1 (low; bug #501959)
CVE-2008-4533 (Cross-site scripting (XSS) vulnerability in Kantan WEB Server 1.8 and ...)
	NOT-FOR-US: Kantan WEB Server
CVE-2008-4532 (Cross-site scripting (XSS) vulnerability in index.php in MaxiScript ...)
	NOT-FOR-US: MaxiScript Website Directory
CVE-2008-4531 (SQL injection vulnerability in Brilliant Gallery 5.x before 5.x-4.2, a ...)
	NOT-FOR-US: Brilliant Gallery (drupal module)
CVE-2008-4530 (Cross-site scripting (XSS) vulnerability in Brilliant Gallery 5.x ...)
	NOT-FOR-US: Brilliant Gallery (drupal module)
CVE-2008-4529 (Multiple PHP remote file inclusion vulnerabilities in asiCMS alpha ...)
	NOT-FOR-US: asiCMS
CVE-2008-4528 (Directory traversal vulnerability in notes.php in Phlatline's Personal ...)
	NOT-FOR-US: Phlatline's Personal Information Manager
CVE-2008-4527 (SQL injection vulnerability in recept.php in the Recepies (Recept) ...)
	NOT-FOR-US: PHP-Fusion
CVE-2008-4526 (Multiple directory traversal vulnerabilities in CCMS 3.1 allow remote ...)
	NOT-FOR-US: CCMS
CVE-2008-4525 (SQL injection vulnerability in index.php in AmpJuke 0.7.5 allows ...)
	NOT-FOR-US: AmpJuke
CVE-2008-4524 (SQL injection vulnerability in the &quot;Check User&quot; feature ...)
	NOT-FOR-US:  AdaptCMS
CVE-2008-4523 (SQL injection vulnerability in login.php in IP Reg 0.4 and earlier ...)
	NOT-FOR-US: IP Reg
CVE-2008-4522 (Multiple directory traversal vulnerabilities in JMweb MP3 Music Audio ...)
	NOT-FOR-US: JMweb MP3 Music Audio Search and Download Script
CVE-2008-4521 (SQL injection vulnerability in thisraidprogress.php in the World of ...)
	NOT-FOR-US: World of Warcraft tracker 
CVE-2008-4520 (Cross-site scripting (XSS) vulnerability in bulk_update.pl in ...)
	NOT-FOR-US: AutoNessus
CVE-2008-4519 (Multiple directory traversal vulnerabilities in Fastpublish CMS 1.9999 ...)
	NOT-FOR-US: Fastpublish CMS
CVE-2008-4518 (Multiple SQL injection vulnerabilities in Fastpublish CMS 1.9.9.9.9 d ...)
	NOT-FOR-US: Fastpublish CMS
CVE-2008-4517 (SQL injection vulnerability in leggi.php in geccBBlite 2.0 allows ...)
	NOT-FOR-US: geccBBlite
CVE-2008-4516 (SQL injection vulnerability in galerie.php in Galerie 3.2 allows ...)
	NOT-FOR-US: Galerie
CVE-2008-4515 (Blue Coat K9 Web Protection 4.0.230 Beta relies on client-side ...)
	NOT-FOR-US: Blue Coat K9 Web Protection
CVE-2008-4514 (The HTML parser in KDE Konqueror 3.5.9 allows remote attackers to ...)
	- kdebase <unfixed> (unimportant)
	NOTE: browser crash is a non-issue
CVE-2008-4513 (Cross-site scripting (XSS) vulnerability in BBcode API module in ...)
	NOT-FOR-US: Phorum
CVE-2008-4512 (ASP/MS Access Shoutbox, probably 1.1 beta, stores db/shoutdb.mdb under ...)
	NOT-FOR-US: ASP/MS Access Shoutbox
CVE-2008-4511 (Todd Woolums ASP News Management, possibly 2.21, stores db/news.mdb ...)
	NOT-FOR-US: Todd Woolums ASP News Management
CVE-2008-4510 (Microsoft Windows Vista Home and Ultimate Edition SP1 and earlier ...)
	NOT-FOR-US: Microsoft
CVE-2008-4509 (Unrestricted file upload vulnerability in processFiles.php in FOSS ...)
	NOT-FOR-US: FOSS Gallery
CVE-2008-4508 (Stack-based buffer overflow in the file parsing function in Tonec ...)
	NOT-FOR-US: Tonec Internet Download Manager
CVE-2008-4507 (Unspecified vulnerability in IBM Lotus Quickr 8.1 before Fix pack 1 ...)
	NOT-FOR-US: IBM Lotus Quickr
CVE-2008-4506 (Unspecified vulnerability in IBM Lotus Quickr 8.1 before Fix pack 1 ...)
	NOT-FOR-US: IBM Lotus Quickr
CVE-2008-4505 (Unspecified vulnerability in IBM Lotus Quickr 8.1 before Fix pack 1 ...)
	NOT-FOR-US: IBM Lotus Quickr
CVE-2008-4504 (Heap-based buffer overflow in Mplayer.exe in Herosoft Inc. Hero DVD ...)
	NOT-FOR-US: Herosoft Inc. Hero DVD Player
CVE-2008-4503 (The Settings Manager in Adobe Flash Player 9.0.124.0 and earlier ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2008-4482 (The XML parser in Xerces-C++ before 3.0.0 allows context-dependent ...)
	- xerces-c2 <unfixed> (low; bug #502102)
	[lenny] - xerces-c2 <no-dsa> (Minor issue, too intrusive to backport)
CVE-2008-4480 (Heap-based buffer overflow in dhost.exe in Novell eDirectory 8.x ...)
	NOT-FOR-US: Novell eDirectory
CVE-2008-4479 (Heap-based buffer overflow in dhost.exe in Novell eDirectory 8.8 ...)
	NOT-FOR-US: Novell eDirectory
CVE-2008-4478 (Multiple integer overflows in dhost.exe in Novell eDirectory 8.8 ...)
	NOT-FOR-US: Novell eDirectory
CVE-2008-4473 (Multiple heap-based buffer overflows in Adobe Flash CS3 Professional ...)
	NOT-FOR-US: Flash CS3 Professional
CVE-2008-4502 (Multiple PHP remote file inclusion vulnerabilities in DataFeedFile ...)
	NOT-FOR-US: DataFeedFile PHP Framework API
CVE-2008-4501 (Directory traversal vulnerability in the FTP server in Serv-U 7.3, and ...)
	NOT-FOR-US: Serv-U
CVE-2008-4500 (Serv-U 7.3, and 7.2.0.1 and earlier, allows remote authenticated users ...)
	NOT-FOR-US: Serv-U
CVE-2008-4499 (Multiple directory traversal vulnerabilities in PHP Web Explorer 0.99b ...)
	NOT-FOR-US: PHP Web Explorer
CVE-2008-4498 (SQL injection vulnerability in searchresults.php in PHP Autos 2.9.1 ...)
	NOT-FOR-US: PHP Autos
CVE-2008-4497 (SQL injection vulnerability in event_detail.php in Built2Go Real ...)
	NOT-FOR-US: Built2Go Real Estate Listings
CVE-2008-4496 (SQL injection vulnerability in view_cat.php in PHP Realtor 1.5 allows ...)
	NOT-FOR-US: PHP Realtor
CVE-2008-4495 (SQL injection vulnerability in view_cat.php in PHP Auto Dealer 2.7 ...)
	NOT-FOR-US: PHP Auto Dealer
CVE-2008-4494 (SQL injection vulnerability in completed-advance.php in TorrentTrader ...)
	NOT-FOR-US: TorrentTrader Classic
CVE-2008-4493 (Microsoft PicturePusher ActiveX control (PipPPush.DLL 7.00.0709), as ...)
	NOT-FOR-US: PicturePusher ActiveX
CVE-2008-4492 (SQL injection vulnerability in referrals.php in YourOwnBux 4.0 allows ...)
	NOT-FOR-US: YourOwnBux
CVE-2008-4491 (Apple Mail.app 3.5 on Mac OS X, when &quot;Store draft messages on the ...)
	NOT-FOR-US: Mac OS
CVE-2008-4490 (Directory traversal vulnerability in config.inc.php in phpAbook 0.8.8b ...)
	NOT-FOR-US: phpAbook
CVE-2008-4489 (Directory traversal vulnerability in ap-save.php in Atarone CMS 1.2.0 ...)
	NOT-FOR-US: Atarone CMS
CVE-2008-4488 (Cross-site scripting (XSS) vulnerability in ap-pages.php in Atarone ...)
	NOT-FOR-US: Atarone CMS
CVE-2008-4487 (SQL injection vulnerability in ap-save.php in Atarone CMS 1.2.0 allows ...)
	NOT-FOR-US: Atarone CMS
CVE-2008-4486 (Directory traversal vulnerability in index.php in SAC.php (SACphp), as ...)
	NOT-FOR-US: SACphp
CVE-2008-4485 (Cross-site scripting (XSS) vulnerability in the ICAP patience page in ...)
	NOT-FOR-US: Blue Coat Security Gateway OS
CVE-2008-4484 (main.php in Crux Gallery 1.32 and earlier assumes that the user is an ...)
	NOT-FOR-US: Crux Gallery
CVE-2008-4483 (Directory traversal vulnerability in index.php in Crux Gallery 1.32 ...)
	NOT-FOR-US: Crux Gallery
CVE-2008-4481 (Cross-site scripting (XSS) vulnerability in Redmine 0.7.2 and earlier ...)
	NOT-FOR-US: Redmine
CVE-2008-4472 (The UpdateEngine class in the LiveUpdate ActiveX control ...)
	NOT-FOR-US: LiveUpdate ActiveX
CVE-2008-4471 (Directory traversal vulnerability in the CExpressViewerControl class ...)
	NOT-FOR-US: DWF Viewer ActiveX
CVE-2008-4470 (Stack-based buffer overflow in Numark CUE 5.0 rev2 allows ...)
	NOT-FOR-US: Numark
CVE-2008-4469 (SQL injection vulnerability in view_cresume.php in Vastal I-Tech ...)
	NOT-FOR-US: Vastal I-Tech Freelance Zone
CVE-2008-4468 (SQL injection vulnerability in view_news.php in Vastal I-Tech Share ...)
	NOT-FOR-US: Vastal I-Tech Freelance Zone
CVE-2008-4467 (SQL injection vulnerability in show_series_ink.php in Vastal I-Tech ...)
	NOT-FOR-US: Vastal I-Tech Freelance Zone
CVE-2008-4466 (SQL injection vulnerability in view_products_cat.php in Vastal I-Tech ...)
	NOT-FOR-US: Vastal I-Tech Freelance Zone
CVE-2008-4465 (SQL injection vulnerability in view_mags.php in Vastal I-Tech DVD Zone ...)
	NOT-FOR-US: Vastal I-Tech Freelance Zone
CVE-2008-4464 (SQL injection vulnerability in view_mags.php in Vastal I-Tech Mag Zone ...)
	NOT-FOR-US: Vastal I-Tech Freelance Zone
CVE-2008-4463 (SQL injection vulnerability in view_news.php in Vastal I-Tech Jobs ...)
	NOT-FOR-US: Vastal I-Tech Freelance Zone
CVE-2008-4462 (SQL injection vulnerability in view_news.php in Vastal I-Tech Visa ...)
	NOT-FOR-US: Vastal I-Tech Freelance Zone
CVE-2008-4461 (SQL injection vulnerability in advanced_search_results.php in Vastal ...)
	NOT-FOR-US: Vastal I-Tech Freelance Zone
CVE-2008-4460 (SQL injection vulnerability in game.php in Vastal I-Tech MMORPG Zone ...)
	NOT-FOR-US: Vastal I-Tech Freelance Zone
CVE-2008-4459 (SQL injection vulnerability in pick_users.php in the groups module in ...)
	NOT-FOR-US: eXtrovert Thyme
CVE-2008-4458 (SQL injection vulnerability in listings.php in E-Php B2B Trading ...)
	NOT-FOR-US: E-Php B2B Trading Marketplace Script
CVE-2008-4457 (SQL injection vulnerability in inc/inc_statistics.php in MemHT Portal ...)
	NOT-FOR-US: MemHT Portal
CVE-2008-4456 (Cross-site scripting (XSS) vulnerability in the command-line client in ...)
	- mysql-dfsg-5.0 5.0.51-1 (low)
CVE-2008-4455 (Directory traversal vulnerability in index.php in EKINdesigns MySQL ...)
	NOT-FOR-US: EKINdesigns MySQL Quick Admin
CVE-2008-4454 (Directory traversal vulnerability in EKINdesigns MySQL Quick Admin ...)
	NOT-FOR-US: EKINdesigns MySQL Quick Admin
CVE-2008-4453 (The GdPicture (1) Light Imaging Toolkit 4.7.1 GdPicture4S.Imaging ...)
	NOT-FOR-US: ActiveX control
CVE-2008-4452 (Buffer overflow in Cambridge Computer Corporation vxFtpSrv 2.0.3 ...)
	NOT-FOR-US: Cambridge Computer Corporation vxFtpSrv
CVE-2008-4451 (The SysInspector AntiStealth driver (esiasdrv.sys) 3.0.65535.0 in ESET ...)
	NOT-FOR-US: ESET System Analyzer Tool
CVE-2008-4450 (Cross-site scripting (XSS) vulnerability in adodb.php in XAMPP for ...)
	NOT-FOR-US: XAMPP
CVE-2008-4449 (Stack-based buffer overflow in mIRC 6.34 allows remote attackers to ...)
	NOT-FOR-US: mIRC
CVE-2008-4448 (Cross-site request forgery (CSRF) vulnerability in actions.php in ...)
	NOT-FOR-US:  Positive Software H-Sphere WebShell
CVE-2008-4447 (Cross-site scripting (XSS) vulnerability in actions.php in Positive ...)
	NOT-FOR-US:  Positive Software H-Sphere WebShell
CVE-2008-4446 (Cross-site scripting (XSS) vulnerability in Nucleus EUC-JP 3.31 SP1 ...)
	NOT-FOR-US: Nucleus EUC-JP 
CVE-2008-4445 (The sctp_auth_ep_set_hmacs function in net/sctp/auth.c in the Stream ...)
	{DSA-1655-1}
	- linux-2.6 2.6.26-5
	- linux-2.6.24 2.6.24-6~etchnhalf.6
	[etch] - linux-2.6 <not-affected> (vulnerable code not present)
CVE-2008-4444 (Cisco Unified IP Phone (aka SIP phone) 7960G and 7940G with firmware ...)
	NOT-FOR-US: Cisco Unified IP Phone
CVE-2008-4443
	RESERVED
CVE-2008-4442
	RESERVED
CVE-2008-4441 (The Marvell driver for the Linksys WAP4400N Wi-Fi access point with ...)
	NOT-FOR-US: Linksys
CVE-2008-4439 (PHP remote file inclusion vulnerability in admin/bin/patch.php in ...)
	NOT-FOR-US: MartinWood Datafeed Studio
CVE-2008-4438 (Cross-site scripting (XSS) vulnerability in search.php in Datafeed ...)
	NOT-FOR-US: Datafeed Studio
CVE-2008-4437 (Directory traversal vulnerability in importxml.pl in Bugzilla before ...)
	{DTSA-170-1}
	- bugzilla 3.0.5.0-1 (low; bug #502019)
	[etch] - bugzilla <no-dsa> (Minor issue)
CVE-2008-4436 (SQL injection vulnerability in bblog_plugins/builtin.help.php in bBlog ...)
	NOT-FOR-US: bBlog
CVE-2008-4435 (Multiple cross-site scripting (XSS) vulnerabilities in the RMSOFT ...)
	NOT-FOR-US:  RMSOFT Downloads Plus 
CVE-2008-4434 (Stack-based buffer overflow in (1) uTorrent 1.7.7 build 8179 and ...)
	NOT-FOR-US: uTorrent/Bittorrent
CVE-2008-4433 (SQL injection vulnerability in search.php in the RMSOFT MiniShop ...)
	NOT-FOR-US: RMSOFT MiniShop (xoops)
CVE-2008-4432 (Cross-site scripting (XSS) vulnerability in search.php in the RMSOFT ...)
	NOT-FOR-US: RMSOFT MiniShop (xoops)
CVE-2008-4431 (SQL injection vulnerability in index.php in IceBB 1.0-rc9.3 and ...)
	NOT-FOR-US: IceBB
CVE-2008-4430
	REJECTED
	NOTE: duplicate of CVE-2008-3699, will be rejected soon
CVE-2008-4429 (Unspecified vulnerability in SOURCENEXT Virus Security ZERO 9.5.0173 ...)
	NOT-FOR-US: SOURCENEXT Virus Security ZERO
CVE-2008-4428 (Unrestricted file upload vulnerability in upload.php in Phlatline's ...)
	NOT-FOR-US: Phlatline's Personal Information Manager
CVE-2008-4427 (changepassword.php in Phlatline's Personal Information Manager (pPIM) ...)
	NOT-FOR-US: Phlatline's Personal Information Manager
CVE-2008-4426 (Cross-site scripting (XSS) vulnerability in events.php in Phlatline's ...)
	NOT-FOR-US: Phlatline's Personal Information Manager
CVE-2008-4425 (Directory traversal vulnerability in upload.php in Phlatline's ...)
	NOT-FOR-US: Phlatline's Personal Information Manager
CVE-2008-4424 (Cross-site scripting (XSS) vulnerability in index.php in Domain Group ...)
	NOT-FOR-US: Domain Group Network GooCMS
CVE-2008-4423 (SQL injection vulnerability in index.php in Ovidentia 6.6.5 allows ...)
	NOT-FOR-US: Ovidentia
CVE-2008-4422
	REJECTED
	NOT-FOR-US: ** REJECT **
CVE-2008-4421 (Directory traversal vulnerability in MetaGauge 1.0.0.17, and probably ...)
	NOT-FOR-US: MetaGauge
CVE-2008-4420
	RESERVED
CVE-2008-4419 (Directory traversal vulnerability in the HP JetDirect web ...)
	TODO: check
CVE-2008-4418 (Unspecified vulnerability in DCE in HP HP-UX B.11.11, B.11.23, and ...)
	NOT-FOR-US: HP-UX
CVE-2008-4417
	RESERVED
CVE-2008-4416 (Unspecified vulnerability in the kernel in HP HP-UX B.11.31 allows ...)
	NOT-FOR-US: HP-UX
CVE-2008-4415 (Unspecified vulnerability in HP Service Manager (HPSM) before 7.01.71 ...)
	NOT-FOR-US: HP Service Manager (HPSM)
CVE-2008-4414 (Unspecified vulnerability in the AdvFS showfile command in HP Tru64 ...)
	NOT-FOR-US: HP Tru64 UNIX
CVE-2008-4413 (Unspecified vulnerability in HP System Management Homepage (SMH) 2.2.6 ...)
	NOT-FOR-US: HP System Management Homepage
CVE-2008-4412 (Unspecified vulnerability in HP Systems Insight Manager (SIM) before ...)
	NOT-FOR-US: HP Systems Insight Manager
CVE-2008-4411 (Cross-site scripting (XSS) vulnerability in HP System Management ...)
	NOT-FOR-US: HP System Management Homepage
CVE-2008-4410 (The vmi_write_ldt_entry function in arch/x86/kernel/vmi_32.c in the ...)
	- linux-2.6 2.6.26-8
	- linux-2.6.24 <not-affected> (Vulnerable code not present)
	[etch] - linux-2.6 <not-affected> (Vulnerable code not present)
CVE-2008-4409 (libxml2 2.7.0 and 2.7.1 does not properly handle &quot;predefined entities ...)
	- libxml2 <not-affected> (Vulnerable code not present, introduced in 2.7.0)
	TODO: check again if >= 2.7 gets uploaded
CVE-2008-4406 (A certain Debian patch to the run scripts for sabre (aka xsabre) ...)
	- sabre 0.2.4b-25 (low; bug #433996)
	[etch] - sabre <no-dsa> (Game not qualified as multi-user system, thus minor issue)
CVE-2008-4405 (xend in Xen 3.0.3 does not properly limit the contents of the ...)
	- xen-3 <unfixed> (bug #503811)
	- xen-unstable <unfixed>
	NOTE: a proposed patch leads to new problems, see CVE-2008-5716
CVE-2008-4404 (The IPv6 Neighbor Discovery Protocol (NDP) implementation on IBM ...)
	NOT-FOR-US: IPv6 NDP on IBM zSeries
CVE-2008-4403 (The CGI modules in the server in Trend Micro OfficeScan 8.0 SP1 before ...)
	NOT-FOR-US: Trend Micro OfficeScan
CVE-2008-4402 (Multiple buffer overflows in CGI modules in the server in Trend Micro ...)
	NOT-FOR-US: Trend Micro OfficeScan
CVE-2008-4408 (Cross-site scripting (XSS) vulnerability in MediaWiki 1.13.1, 1.12.0, ...)
	{DTSA-171-1}
	- mediawiki 1:1.13.2-1 (low; bug #501115)
	[etch] - mediawiki <not-affected> (Vulnerable code not present)
CVE-2008-4475 (ibackup 2.27 allows local users to overwrite arbitrary files via a ...)
	- ibackup <removed> (low; bug #496432)
	[etch] - ibackup <no-dsa> (Minor issues)
CVE-2008-4401 (ActionScript in Adobe Flash Player 9.0.124.0 and earlier does not ...)
	- flashplugin-nonfree 1.7.2
	[etch] - flashplugin-nonfree <no-dsa> (Contrib not supported)
	[lenny] - flashplugin-nonfree <no-dsa> (Contrib not supported)
CVE-2008-4400 (Unspecified vulnerability in asdbapi.dll in CA ARCserve Backup ...)
	NOT-FOR-US: CA ARCserve Backup
CVE-2008-4399 (Unspecified vulnerability in the database engine service in ...)
	NOT-FOR-US: CA ARCserve Backup
CVE-2008-4398 (Unspecified vulnerability in the tape engine service in asdbapi.dll in ...)
	NOT-FOR-US: CA ARCserve Backup
CVE-2008-4397 (Directory traversal vulnerability in the RPC interface (asdbapi.dll) ...)
	NOT-FOR-US: CA ARCserve Backup
CVE-2008-4396 (Stack-based buffer overflow in Safer Networking FileAlyzer 1.6.0.0 and ...)
	NOT-FOR-US: Safer Networking FileAlyzer
CVE-2008-4969 (ltp-network-test 20060918 allows local users to overwrite arbitrary ...)
	- ltp <unfixed> (low; bug #496411)
	[etch] - ltp <no-dsa> (Documented to be only suitable for single user setups currently)
CVE-2008-4954 (mead.pl in fml 4.0.3 allows local users to overwrite arbitrary files ...)
	- fml <removed> (low; bug #496370)
	[etch] - fml <no-dsa> (Minor issue)
CVE-2008-4957 (find_flags in gccxml 0.9.0 allows local users to overwrite arbitrary ...)
	- gccxml <unfixed> (unimportant; bug #496391)
	NOTE: Only applies to a script used for an obscure SGI compiler
CVE-2008-4943 (bulmages-servers 0.11.1 allows local users to overwrite arbitrary ...)
	- bulmages <unfixed> (unimportant; bug #496382)
	NOTE: Only present in example scripts
CVE-2008-5034 (** DISPUTED ** ...)
	- printfilters-ppd <unfixed> (unimportant; bug #496417)
	NOTE: Only exploitable when modifying master-filter by hand
CVE-2008-4955 (freevo.real in freevo 1.8.1 allows local users to overwrite arbitrary ...)
	- freevo <unfixed> (unimportant; bug #496373)
	NOTE: Only exploitable when modifying script by hand
CVE-2008-4974 (rrdedit in netmrg 0.20 allows local users to overwrite arbitrary files ...)
	- netmrg 0.20-2 (low; bug #496384)
	[etch] - netmrg <no-dsa> (Minor issue)
CVE-2008-4960 (impose in impose+ 0.2 allows local users to overwrite arbitrary files ...)
	- impose+ 0.2-11.1 (low; bug #496435)
	[etch] - impose+ <no-dsa> (Minor issue)
CVE-2008-4964 (filters/any-UTF8 in konwert 1.8 allows local users to delete arbitrary ...)
	- konwert 1.8-11.2 (low; bug #496379)
	[etch] - konwert <no-dsa> (Minor issue)
CVE-2008-4986 (wims 3.62 allows local users to overwrite arbitrary files via a ...)
	- wims 3.62-13.1 (low; bug #496387)
	[etch] - wims <no-dsa> (Minor issue)
CVE-2008-4474 (freeradius-dialupadmin in freeradius 2.0.4 allows local users to ...)
	- freeradius 2.0.4+dfsg-6 (low; bug #496389)
	[etch] - freeradius <no-dsa> (Minor issue)
CVE-2008-4995 (redirect.pl in bk2site 1.1.9 allows local users to overwrite arbitrary ...)
	- bk2site <unfixed> (unimportant; bug #496430)
	NOTE: Only debug code, script needs to be edited to exploit this
CVE-2008-4983 (scilab-bin 4.1.2 allows local users to overwrite arbitrary files via a ...)
	- scilab 4.1.2-6 (low; bug #496414)
	[etch] - scilab <no-dsa> (Non-free not supported)
CVE-2008-4395 (Multiple buffer overflows in the ndiswrapper module 1.53 for the Linux ...)
	- ndiswrapper 1.53-2 (medium; bug #504696)
CVE-2008-4394 (Multiple untrusted search path vulnerabilities in Portage before ...)
	NOT-FOR-US: Gentoo package manager Portage
CVE-2008-4393 (Cross-site scripting (XSS) vulnerability in VeriSign Kontiki Delivery ...)
	NOT-FOR-US: VeriSign Kontiki
CVE-2008-4392
	RESERVED
CVE-2008-4391 (Stack-based buffer overflow in the SetSource method in the ...)
	NOT-FOR-US: Cisco Linksys WVC54GC
CVE-2008-4390 (The Cisco Linksys WVC54GC wireless video camera before firmware 1.25 ...)
	NOT-FOR-US: Cisco Linksys WVC54GC
CVE-2008-4389
	RESERVED
CVE-2008-4388 (The LaunchObj ActiveX control before 5.2.2.865 in launcher.dll in ...)
	NOT-FOR-US: LaunchObj ActiveX
CVE-2008-4387 (Unspecified vulnerability in the Simba MDrmSap ActiveX control in ...)
	NOT-FOR-US: ActiveX
CVE-2008-4386
	RESERVED
CVE-2008-4385 (Husdawg, LLC Systems Requirements Lab 3, as used by Instant Expert ...)
	NOT-FOR-US: LLC Systems Requirements Lab
CVE-2008-4384 (Multiple stack-based buffer overflows in MGI Software LPViewer ActiveX ...)
	NOT-FOR-US: LPViewer ActiveX
CVE-2008-4383 (Stack-based buffer overflow in the Agranet-Emweb embedded management ...)
	NOT-FOR-US: Agranet-Emweb
CVE-2008-4382 (Konqueror in KDE 3.5.9 allows remote attackers to cause a denial of ...)
	- kdebase <unfixed> (unimportant)
	NOTE: browser dos not treated as security issue. This is the same like CVE-2008-4381
	NOTE: which will work in every JS browser as the PoC just creates a large string passing
	NOTE: it to alert and thus eating memory, no security issue.
CVE-2008-4381 (Microsoft Internet Explorer 7 allows remote attackers to cause a ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2008-4380 (The web interface in Samsung DVR SHR2040 allows remote attackers to ...)
	NOT-FOR-US: Samsung DVR SHR2040
CVE-2008-4379 (Cross-site scripting (XSS) vulnerability in report.php in Mr. CGI Guy ...)
	NOT-FOR-US: Mr. CGI Guy Hot Links SQL-PHP
CVE-2008-4378 (SQL injection vulnerability in report.php in Mr. CGI Guy Hot Links ...)
	NOT-FOR-US: Mr. CGI Guy Hot Links SQL-PHP
CVE-2008-4377 (SQL injection vulnerability in index.asp in Creative Mind Creator CMS ...)
	NOT-FOR-US: Creative Mind Creator CMS
CVE-2008-4376 (SQL injection vulnerability in index.php in Live TV Script allows ...)
	NOT-FOR-US: Live TV Script
CVE-2008-4375 (SQL injection vulnerability in viewprofile.php in Availscript ...)
	NOT-FOR-US: Availscript
CVE-2008-4374 (SQL injection vulnerability in index.php in CMS Buzz allows remote ...)
	NOT-FOR-US: CMS Buzz
CVE-2008-4373 (SQL injection vulnerability in job_seeker/applynow.php in AvailScript ...)
	NOT-FOR-US: Availscript
CVE-2008-4372 (Cross-site scripting (XSS) vulnerability in articles.php in ...)
	NOT-FOR-US: Availscript
CVE-2008-4371 (SQL injection vulnerability in articles.php in AvailScript Article ...)
	NOT-FOR-US: Availscript
CVE-2008-4370 (Multiple cross-site scripting (XSS) vulnerabilities in Availscript ...)
	NOT-FOR-US: Availscript
CVE-2008-4369 (SQL injection vulnerability in pics.php in Availscript Photo Album ...)
	NOT-FOR-US: Availscript
CVE-2008-4368 (The default configuration of Java 1.5 on Apple Mac OS X 10.5.4 and ...)
	NOT-FOR-US: Java on OSX
CVE-2008-4367
	RESERVED
CVE-2008-4965 (liguidsoap.py in liguidsoap 0.3.8.1+2 allows local users to overwrite ...)
	{DTSA-177-1 DTSA-178-1}
	- liquidsoap 0.3.8.1+2-2 (low; bug #496360)
	[lenny] - liquidsoap 0.3.6-4+lenny1
CVE-2008-4966 (linux-patch-openswan 2.4.12 allows local users to overwrite arbitrary ...)
	- openswan <unfixed> (unimportant; bug #496376)
	NOTE: Only unused packaging bits
CVE-2008-4941 (arb-common 0.0 allows local users to overwrite arbitrary files via a ...)
	- arb 0.0.20071207.1-5 (low; bug #496396)
CVE-2008-4940 (xmlfile.py in aptoncd 0.1 allows local users to overwrite arbitrary ...)
	- aptoncd 0.1-1.2 (bug #496390; low)
CVE-2008-4947 (dhis-dummy-log-engine in dhis-server 5.3 allows local users to ...)
	- dhis-server 5.3-1.2 (bug #496388; unimportant)
CVE-2008-4967 (linuxtrade 3.65 allows local users to overwrite arbitrary files via a ...)
	- linuxtrade <removed> (unimportant; bug #496372)
	NOTE: unimportant since the program is dysfunctional with the current
	NOTE: trading website and thus not exploitable for practical purposes
CVE-2008-4980 (delqueueask in rccp 0.9 allows local users to overwrite arbitrary ...)
	- rccp 0.9-2.1 (low; bug #496364)
	[etch] - rccp <no-dsa> (Minor issue)
CVE-2008-4948 (fest.pl in digitaldj 0.7.5 allows local users to overwrite arbitrary ...)
	- digitaldj 0.7.5-6.1 (low; bug #496399)
	[etch] - digitaldj <no-dsa> (Minor issue)
CVE-2008-4945 (amlabel-cdrw in cdrw-taper 0.4 might allow local users to overwrite ...)
	- cdrw-taper 0.4-2.1 (low; bug #496380)
	[etch] - cdrw-taper <no-dsa> (Minor issue)
CVE-2008-4958 (gdrae in gdrae 0.1 allows local users to overwrite arbitrary files via ...)
	- gdrae 0.1-1.1 (low; bug #496378)
	[etch] - gdrae <no-dsa> (Minor issue)
CVE-2008-4407 (XRunSabre in sabre (aka xsabre) 0.2.4b relies on the ability to create ...)
	- sabre 0.2.4b-25 (low; bug #433996)
	[etch] - sabre <no-dsa> (Game not qualified as multi-user system, thus minor issue)
CVE-2008-4366 (Unrestricted file upload vulnerability in the image upload component ...)
	NOT-FOR-US: Camera Life
CVE-2008-4365 (Cross-site scripting (XSS) vulnerability in search.php in Siteman ...)
	NOT-FOR-US: Siteman
CVE-2008-4364 (SQL injection vulnerability in default.aspx in ParsaGostar ParsaWeb ...)
	NOT-FOR-US: ParsaGostar ParsaWeb CMS
CVE-2008-4363 (DLMFENC.sys 1.0.0.28 in DESlock+ 3.2.7 allows local users to cause a ...)
	NOT-FOR-US: DESlock
CVE-2008-4362 (The Virtual Token driver (vdlptokn.sys) 1.0.2.43 in DESlock+ 3.2.7 ...)
	NOT-FOR-US: DESlock
CVE-2008-4361 (Directory traversal vulnerability in PowerPortal 2.0.13 allows remote ...)
	NOT-FOR-US: PowerPortal
CVE-2008-4360 (mod_userdir in lighttpd before 1.4.20, when a case-insensitive ...)
	{DSA-1645-1}
	- lighttpd 1.4.19-5 (low)
	NOTE: http://www.lighttpd.net/security/lighttpd_sa_2008_06.txt
CVE-2008-4359 (lighttpd before 1.4.20 compares URIs to patterns in the (1) ...)
	{DSA-1645-1}
	- lighttpd 1.4.19-5 (low)
	NOTE: http://www.lighttpd.net/security/lighttpd_sa_2008_05.txt
CVE-2008-4358 (Unspecified vulnerability in class/theme.class.php in SPAW Editor PHP ...)
	NOT-FOR-US: SPAW Editor PHP
CVE-2008-4357 (SQL injection vulnerability in linkto.php in Powie pLink 2.07 allows ...)
	NOT-FOR-US: Powie pLink
CVE-2008-4356 (Multiple SQL injection vulnerabilities in Kasseler CMS 1.1.0 and 1.2.0 ...)
	NOT-FOR-US: Kasseler CMS
CVE-2008-4355 (SQL injection vulnerability in showprofil.php in Powie PSCRIPT Forum ...)
	NOT-FOR-US: Powie PSCRIPT Forum
CVE-2008-4354 (SQL injection vulnerability in the products module in NetArt Media ...)
	NOT-FOR-US: NetArt Media iBoutique
CVE-2008-4353 (SQL injection vulnerability in link.php in Linkarity allows remote ...)
	NOT-FOR-US: Linkarity
CVE-2008-4352 (SQL injection vulnerability in inc/pages/viewprofile.php in ...)
	NOT-FOR-US: phpSmartCom
CVE-2008-4351 (Directory traversal vulnerability in index.php in phpSmartCom 0.2 ...)
	NOT-FOR-US: phpSmartCom
CVE-2008-4350 (SQL injection vulnerability in main.php in vbLOGIX Tutorial Script 1.0 ...)
	NOT-FOR-US: vbLOGIX Tutorial Script 
CVE-2008-4349 (Multiple cross-site scripting (XSS) vulnerabilities in news.php in ...)
	NOT-FOR-US: s0nic Paranews
CVE-2008-4348 (SQL injection vulnerability in photo.php in PHPortfolio allows remote ...)
	NOT-FOR-US: PHPortfolio
CVE-2008-4347 (SQL injection vulnerability in newskom.php in Powie pNews 2.03 allows ...)
	NOT-FOR-US: Powie pNews
CVE-2008-4346 (Directory traversal vulnerability in TalkBack 2.3.6 and 2.3.6.4 allows ...)
	NOT-FOR-US: TalkBack
CVE-2008-4345 (SQL injection vulnerability in download.php in WebPortal CMS 0.7.4 and ...)
	NOT-FOR-US: WebPortal CMS
CVE-2008-4344 (SQL injection vulnerability in cat.php in 6rbScript allows remote ...)
	NOT-FOR-US: 6rbScript
CVE-2008-4343 (The Chilkat XML ChilkatUtil.CkData.1 ActiveX control (ChilkatUtil.dll) ...)
	NOT-FOR-US: Chilkat XML ChilkatUtil.CkData.1 ActiveX control
CVE-2008-4342 (NuMedia Soft NMS DVD Burning SDK Activex NMSDVDX.DVDEngineX.1 ActiveX ...)
	NOT-FOR-US: ActiveX
CVE-2008-4341 (add.php in MyBlog 0.9.8 and earlier allows remote attackers to bypass ...)
	NOT-FOR-US: MyBlog
CVE-2008-4340 (Google Chrome 0.2.149.29 and 0.2.149.30 allows remote attackers to ...)
	NOT-FOR-US: Google Chrome
CVE-2008-4339 (Unspecified vulnerability in the Java Administration GUI (jnbSA) in ...)
	NOT-FOR-US: Symantec Veritas NetBackup Server
CVE-2008-4338 (SQL injection vulnerability in the brilliant_gallery_checklist_save ...)
	NOT-FOR-US: drupal brilliant gallery 3rd party module
CVE-2008-4337 (Cross-site scripting (XSS) vulnerability in Bitweaver 2.0.2 allows ...)
	NOT-FOR-US: Bitweaver
CVE-2008-4336 (Cross-site scripting (XSS) vulnerability in album.php in Atomic Photo ...)
	NOT-FOR-US: Atomic Photo Album
CVE-2008-4335 (SQL injection vulnerability in album.php in Atomic Photo Album (APA) ...)
	NOT-FOR-US: Atomic Photo Album
CVE-2008-4334 (PHP infoBoard V.7 Plus allows remote attackers to bypass ...)
	NOT-FOR-US: PHP infoBoard
CVE-2008-4333 (Cross-site scripting (XSS) vulnerability in PHP infoBoard V.7 Plus ...)
	NOT-FOR-US: PHP infoBoard
CVE-2008-4332 (SQL injection vulnerability in the showjavatopic function in func.php ...)
	NOT-FOR-US: PHP infoBoard
CVE-2008-4331 (Directory traversal vulnerability in library/pagefunctions.inc.php in ...)
	NOT-FOR-US: phpOCS
CVE-2008-4330 (Directory traversal vulnerability in index.php in LanSuite 3.3.2 ...)
	NOT-FOR-US: LanSuite
CVE-2008-4329 (PHP remote file inclusion vulnerability in cms/system/openengine.php ...)
	NOT-FOR-US: openEngine
CVE-2008-4328 (SQL injection vulnerability in site_search.php in EasyRealtorPRO 2008 ...)
	NOT-FOR-US:  EasyRealtorPRO
CVE-2008-4327 (gdiplus.dll in GDI+ in Microsoft Windows XP SP3 does not properly ...)
	NOT-FOR-US: Microsoft
CVE-2008-4326 (The PMA_escapeJsString function in libraries/js_escape.lib.php in ...)
	{DSA-1675-1}
	- phpmyadmin 4:2.11.8.1-3
CVE-2008-4325 (lib/viewvc.py in ViewVC 1.0.5 uses the content-type parameter in the ...)
	- viewvc <unfixed> (bug #500779; unimportant)
CVE-2008-4324 (The user interface event dispatcher in Mozilla Firefox 3.0.3 on ...)
	- iceweasel <unfixed> (unimportant)
	NOTE: reproducible but browser DoS not treated as security issue
CVE-2008-4323 (Windows Explorer in Microsoft Windows XP SP3 allows user-assisted ...)
	NOT-FOR-US: Windows Explorer
CVE-2008-4322 (Stack-based buffer overflow in RealFlex Technologies Ltd. RealWin ...)
	NOT-FOR-US: Microsoft
CVE-2008-4321 (Buffer overflow in FlashGet (formerly JetCar) FTP 1.9 allows remote FTP ...)
	NOT-FOR-US: FlashGet FTP
CVE-2008-4320 (Multiple cross-site scripting (XSS) vulnerabilities in OpenNMS before ...)
	NOT-FOR-US: OpenNMS
CVE-2008-4319 (fileadmin.php in Libra File Manager (aka Libra PHP File Manager) 1.18 ...)
	NOT-FOR-US: Libra File Manager
CVE-2008-4318 (Observer 0.3.2.1 and earlier allows remote attackers to execute ...)
	NOT-FOR-US: Observer
CVE-2008-4317
	RESERVED
CVE-2008-4316
	RESERVED
CVE-2008-4315 (tog-pegasus in OpenGroup Pegasus 2.7.0 on Red Hat Enterprise Linux ...)
	NOT-FOR-US: OpenPegasus
CVE-2008-4314 (smbd in Samba 3.0.29 through 3.2.4 might allow remote attackers to ...)
	- samba 2:3.2.5-1
	[etch] - samba <not-affected> (Vulnerable code not present)
CVE-2008-4313 (A certain Red Hat patch for tog-pegasus in OpenGroup Pegasus 2.7.0 ...)
	NOT-FOR-US: OpenPegasus
CVE-2008-4312
	RESERVED
CVE-2008-4311 (The default configuration of system.conf in D-Bus (aka DBus) before ...)
	- dbus 1.2.1-5 (bug #508032)
CVE-2008-4310 (httputils.rb in WEBrick in Ruby 1.8.1 and 1.8.5, as used in Red Hat ...)
	- ruby <not-affected> (bug #508030)
	NOTE: Red Hat-specific
CVE-2008-4309 (Integer overflow in the netsnmp_create_subtree_cache function in ...)
	{DSA-1663-1}
	- net-snmp 5.4.1~dfsg-11 (bug #504150)
CVE-2008-4308
	RESERVED
CVE-2008-4307 (Race condition in the do_setlk function in fs/nfs/file.c in the Linux ...)
	- linux-2.6 2.6.26-1
	- linux-2.6.24 <removed>
CVE-2008-4306 (Buffer overflow in enscript before 1.6.4 has unknown impact and attack ...)
	{DSA-1670-1}
	- enscript 1.6.4-13 (bug #506261)
CVE-2008-4305 (Static code injection vulnerability in installation/setup.php in ...)
	NOT-FOR-US: phpCollab
CVE-2008-4304 (general/login.php in phpCollab 2.5 rc3 and earlier allows remote ...)
	NOT-FOR-US: phpCollab
CVE-2008-4303 (Multiple SQL injection vulnerabilities in phpCollab 2.5 rc3, 2.4, and ...)
	NOT-FOR-US: phpCollab
CVE-2008-4302 (fs/splice.c in the splice subsystem in the Linux kernel before ...)
	{DSA-1653-1}
	- linux-2.6 2.6.22-4 (low)
	- linux-2.6.24 <not-affected> (Vulnerable code not present)
CVE-2008-4301 (** DISPUTED ** ...)
	NOT-FOR-US: Microsoft
CVE-2008-4300 (A certain ActiveX control in adsiis.dll in Microsoft Internet ...)
	NOT-FOR-US: Microsoft
CVE-2008-4299 (A certain ActiveX control in the Microsoft Internet Authentication ...)
	NOT-FOR-US: Microsoft
CVE-2008-4297 (Mercurial before 1.0.2 does not enforce the allowpull permission ...)
	- mercurial 1.0.1-5.1 (low; bug #500781)
	NOTE: the package doesnt install this script by default but ships it with the examples
	[etch] - mercurial <no-dsa> (Only shipped in examples)
CVE-2008-4296 (The Cisco Linksys WRT350N with firmware 1.0.3.7 has &quot;admin&quot; as its ...)
	NOT-FOR-US: Cisco Linksys WRT350N
CVE-2008-4295 (Microsoft Windows Mobile 6.0 on HTC Wiza 200 and HTC MDA 8125 devices ...)
	NOT-FOR-US: Microsoft
CVE-2008-4294 (IBM Tivoli Netcool/Webtop 2.1 before 2.1.0.5 preserves cached user ...)
	NOT-FOR-US: IBM Tivoli Netcool/Webtop
CVE-2008-4293 (Unspecified vulnerability in Opera before 9.52 on Windows, when ...)
	NOT-FOR-US: Opera
CVE-2008-4292 (Opera before 9.52 does not check the CRL override upon encountering a ...)
	NOT-FOR-US: Opera
CVE-2008-4291
	RESERVED
CVE-2008-4290
	RESERVED
CVE-2008-4289
	RESERVED
CVE-2008-4288
	RESERVED
CVE-2008-4287
	RESERVED
CVE-2008-4286
	RESERVED
CVE-2008-4285
	RESERVED
CVE-2008-4284
	RESERVED
CVE-2008-4283
	RESERVED
CVE-2008-4282
	RESERVED
CVE-2008-4281 (Directory traversal vulnerability in VMWare ESXi 3.5 before ...)
	NOT-FOR-US: VMWare ESXi
CVE-2008-4280
	RESERVED
CVE-2008-4279 (The CPU hardware emulation for 64-bit guest operating systems in ...)
	NOT-FOR-US: VMware Workstation
CVE-2008-4278 (VMware VirtualCenter 2.5 before Update 3 build 119838 on Windows ...)
	NOT-FOR-US: VMWare VirtualCenter
CVE-2008-4277
	RESERVED
CVE-2008-4276
	RESERVED
CVE-2008-4275
	RESERVED
CVE-2008-4274
	RESERVED
CVE-2008-4273
	RESERVED
CVE-2008-4272
	RESERVED
CVE-2008-4271
	RESERVED
CVE-2008-4270
	REJECTED
CVE-2008-4269 (The search-ms protocol handler in Windows Explorer in Microsoft ...)
	NOT-FOR-US: Microsoft Windows Explorer
CVE-2008-4268 (The Windows Search component in Microsoft Windows Vista Gold and SP1 ...)
	NOT-FOR-US: Microsoft Office Excel
CVE-2008-4267
	RESERVED
CVE-2008-4266 (Arracy index vulnerability in Microsoft Office Excel 2000 SP3, 2002 ...)
	NOT-FOR-US: Microsoft Office Excel
CVE-2008-4265 (Microsoft Office Excel 2000 SP3 allows remote attackers to execute ...)
	NOT-FOR-US: Microsoft Office Excel
CVE-2008-4264 (Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and ...)
	NOT-FOR-US: Microsoft Office Excel
CVE-2008-4263
	RESERVED
CVE-2008-4262
	RESERVED
CVE-2008-4261 (Stack-based buffer overflow in Microsoft Internet Explorer 5.01 SP4, 6 ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2008-4260 (Microsoft Internet Explorer 7 sometimes attempts to access a deleted ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2008-4259 (Microsoft Internet Explorer 7 sometimes attempts to access ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2008-4258 (Microsoft Internet Explorer 5.01 SP4 and 6 SP1 does not properly ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2008-4257
	RESERVED
CVE-2008-4256 (The Charts ActiveX control in Microsoft Visual Basic 6.0, Visual ...)
	NOT-FOR-US: Microsoft Visual Basic
CVE-2008-4255 (Heap-based buffer overflow in mscomct2.ocx (aka Windows Common ActiveX ...)
	NOT-FOR-US: Microsoft Visual Basic
CVE-2008-4254 (Multiple integer overflows in the Hierarchical FlexGrid ActiveX ...)
	NOT-FOR-US: Microsoft Visual Basic
CVE-2008-4253 (The FlexGrid ActiveX control in Microsoft Visual Basic 6.0, Visual ...)
	NOT-FOR-US: Microsoft Visual Basic
CVE-2008-4252 (The DataGrid ActiveX control in Microsoft Visual Basic 6.0 and Visual ...)
	NOT-FOR-US: Microsoft Visual Basic
CVE-2008-4251
	RESERVED
CVE-2008-4250 (The Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, ...)
	NOT-FOR-US: Microsoft Windows 
CVE-2008-4249
	RESERVED
CVE-2008-4248
	RESERVED
CVE-2008-4246 (Unspecified vulnerability in Denora IRC Stats Server before 1.4.1 ...)
	NOT-FOR-US: Denora IRC Stats Server
CVE-2008-4245 (The Admin Control Panel in Rianxosencabos CMS 0.9 does not require ...)
	NOT-FOR-US: Rianxosencabos CMS
CVE-2008-4244 (Rianxosencabos CMS 0.9 allows remote attackers to bypass ...)
	NOT-FOR-US: Rianxosencabos CMS
CVE-2008-4243 (Directory traversal vulnerability in ImageServer (aka UTImageServer) ...)
	NOT-FOR-US: Epic Games Unreal Tournament
CVE-2008-4242 (ProFTPD 1.3.1 interprets long commands from an FTP client as multiple ...)
	{DSA-1689-1}
	- proftpd-dfsg 1.3.1-15 (low; bug #502674)
CVE-2008-4241 (SQL injection vulnerability in CJ Ultra Plus 1.0.4 and earlier allows ...)
	NOT-FOR-US: CJ Ultra Plus
CVE-2008-4240
	RESERVED
CVE-2008-4239
	RESERVED
CVE-2008-4238
	RESERVED
CVE-2008-4237 (Managed Client in Apple Mac OS X before 10.5.6 sometimes misidentifies ...)
	NOT-FOR-US: Managed Client Mac OS X
CVE-2008-4236 (Apple Type Services (ATS) in Apple Mac OS X 10.5 before 10.5.6 allows ...)
	NOT-FOR-US: Apple Type Services
CVE-2008-4235
	RESERVED
CVE-2008-4234 (Incomplete blacklist vulnerability in the Quarantine feature in ...)
	NOT-FOR-US:  CoreTypes Apple Mac OS X
CVE-2008-4233 (Safari in Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch ...)
	NOT-FOR-US: Apple
CVE-2008-4232 (Safari in Apple iPhone OS 2.0 through 2.1 and iPhone OS for iPod touch ...)
	NOT-FOR-US: Safari
CVE-2008-4231 (Safari in Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch ...)
	NOT-FOR-US: Safari
CVE-2008-4230 (The Passcode Lock feature in Apple iPhone OS 1.0 through 2.1 and ...)
	NOT-FOR-US: Apple
CVE-2008-4229 (Race condition in the Passcode Lock feature in Apple iPhone OS 2.0 ...)
	NOT-FOR-US: Apple
CVE-2008-4228 (The Passcode Lock feature in Apple iPhone OS 1.0 through 2.1 and ...)
	NOT-FOR-US: Apple
CVE-2008-4227 (Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch 1.1 ...)
	NOT-FOR-US: Apple
CVE-2008-4226 (Integer overflow in the xmlSAX2Characters function in libxml2 2.7.2 ...)
	{DSA-1666-1}
	- libxml2 2.6.32.dfsg-5
CVE-2008-4225 (Integer overflow in the xmlBufferResize function in libxml2 2.7.2 ...)
	{DSA-1666-1}
	- libxml2 2.6.32.dfsg-5
CVE-2008-4224 (UDF in Apple Mac OS X before 10.5.6 allows user-assisted attackers to ...)
	NOT-FOR-US: UDF Mac OS X
CVE-2008-4223 (Podcast Producer in Apple Mac OS X 10.5 before 10.5.6 allows remote ...)
	NOT-FOR-US: Podcast Producer Mac OS X
CVE-2008-4222 (natd in network_cmds in Apple Mac OS X before 10.5.6, when Internet ...)
	NOT-FOR-US: natd Mac OS X
CVE-2008-4221 (The strptime API in Libsystem in Apple Mac OS X before 10.5.6 allows ...)
	NOT-FOR-US: Libsystem Mac OS X
CVE-2008-4220 (Integer overflow in the inet_net_pton API in Libsystem in Apple Mac OS ...)
	NOT-FOR-US: Libsystem Mac OS X
CVE-2008-4219 (The kernel in Apple Mac OS X before 10.5.6 allows local users to cause ...)
	NOT-FOR-US: kernel Mac OS X
CVE-2008-4218 (Multiple integer overflows in the kernel in Apple Mac OS X before ...)
	NOT-FOR-US: kernel Mac OS X
CVE-2008-4217 (Integer signedness error in BOM in Apple Mac OS X before 10.5.6 allows ...)
	NOT-FOR-US: BOM Apple Mac OS X
CVE-2008-4216 (The plug-in interface in WebKit in Apple Safari before 3.2 does not ...)
	NOT-FOR-US: Safari
CVE-2008-4215 (Weblog in Mac OS X Server 10.4.11 does not properly check an error ...)
	NOT-FOR-US: Weblog Mac OS X
CVE-2008-4214 (Unspecified vulnerability in Script Editor in Mac OS X 10.4.11 and ...)
	NOT-FOR-US: Script Editor in Mac OS X
CVE-2008-4213
	RESERVED
CVE-2008-4212 (Unspecified vulnerability in rlogind in the rlogin component in Mac OS ...)
	NOT-FOR-US: MacOS-only issue
CVE-2008-4211 (nteger signedness error in (1) QuickLook in Apple Mac OS X 10.5.5 and ...)
	NOT-FOR-US: QuickLook Mac OS X
CVE-2008-4210 (fs/open.c in the Linux kernel before 2.6.22 does not properly strip ...)
	{DSA-1653-1}
	- linux-2.6 2.6.22-1
	- linux-2.6.24 <not-affected> (Vulnerable code not prsent)
	NOTE: easily exploitable but of limited use as the attacker already needs access to a
	NOTE: directory that is setgid to the group he wants to get privileges for
CVE-2008-4209
	RESERVED
CVE-2008-4208 (Unspecified vulnerability in OSADS Alliance Database before 2.1 has ...)
	NOT-FOR-US: OSADS Alliance Database
CVE-2008-4207 (Attachmax Dolphin 2.1.0 and earlier does not properly protect info.php ...)
	NOT-FOR-US: Attachmax Dolphin
CVE-2008-4206 (PHP remote file inclusion vulnerability in config.php in Attachmax ...)
	NOT-FOR-US: Attachmax Dolphin
CVE-2008-4205 (SQL injection vulnerability in index.php in Attachmax Dolphin 2.1.0 ...)
	NOT-FOR-US: Attachmax Dolphin
CVE-2008-4204 (SQL injection vulnerability in city.asp in SoftAcid Hotel Reservation ...)
	NOT-FOR-US: SoftAcid Hotel Reservation System 
CVE-2008-4203 (SQL injection vulnerability in cn_users.php in CzarNews 1.20 and ...)
	NOT-FOR-US: CzarNews
CVE-2008-4202 (SQL injection vulnerability in index.php in Gonafish LinksCaffePRO 4.5 ...)
	NOT-FOR-US: Gonafish LinksCaffePRO
CVE-2008-4200 (Opera before 9.52 does not ensure that the address field of a news ...)
	NOT-FOR-US: Opera
CVE-2008-4199 (Opera before 9.52 does not prevent use of links from web pages to feed ...)
	NOT-FOR-US: Opera
CVE-2008-4198 (Opera before 9.52, when rendering an http page that has loaded an ...)
	NOT-FOR-US: Opera
CVE-2008-4197 (Opera before 9.52 on Windows, Linux, FreeBSD, and Solaris, when ...)
	NOT-FOR-US: Opera
CVE-2008-4196 (Cross-site scripting (XSS) vulnerability in Opera before 9.52 allows ...)
	NOT-FOR-US: Opera
CVE-2008-4195 (Opera before 9.52 does not properly restrict the ability of a framed ...)
	NOT-FOR-US: Opera
CVE-2008-4194 (The p_exec_query function in src/dns_query.c in pdnsd before 1.2.7-par ...)
	- pdnsd 1.2.6-par-10 (bug #500910)
CVE-2008-4193 (Stack-based buffer overflow in SecurityGateway.dll in Alt-N ...)
	NOT-FOR-US: Alt-N Technologies SecurityGateway
CVE-2008-4192 (The pserver_shutdown function in fence_egenera in cman 2.20080629 and ...)
	- redhat-cluster 2.20081102-1 (bug #496410; low)
	[lenny] - redhat-cluster 2.20080801-4+lenny1
CVE-2008-4191 (extract-table.pl in Emacspeak 26 and 28 allows local users to ...)
	- emacspeak 28.0-2 (bug #496431; low)
	[lenny] - emacspeak 26.0-3+lenny1 
	[etch] - emacspeak <no-dsa> (Minor issue)
CVE-2008-4190 (The IPSEC livetest tool in Openswan 2.4.12 and earlier, and 2.6.x ...)
	- openswan 1:2.4.12+dfsg-1.3 (bug #496374; low)
	[etch] - openswan <no-dsa> (Vulnerable code only in example script)
CVE-2008-XXXX [jumpnbump: insecure temp file]
	- jumpnbump 1.50+dfsg1-1 (low; bug #500611)
	[etch] - jumpnbump 1.50-6+etch1
CVE-2008-4959 (geo-code in gpsdrive-scripts 2.10~pre4 allows local users to overwrite ...)
	- gpsdrive 2.10~pre4-6.dfsg-1 (low; bug #496436)
	[etch] - gpsdrive <no-dsa> (Minor issue)
CVE-2008-4949 (dist 3.5 allows local users to overwrite arbitrary files via a symlink ...)
	- dist 1:3.5-17-2 (low; bug #496412)
	[etch] - dist 3.70-31etch1
CVE-2008-4970 (runiozone in lustre 1.6.5 allows local users to overwrite arbitrary ...)
	- lustre 1.6.5.1-1 (low; bug #496371)
CVE-2008-4247 (ftpd in OpenBSD 4.3, FreeBSD 7.0, and NetBSD 4.0 interprets long ...)
	- linux-ftpd-ssl 0.17.27+0.3-3 (bug #500518)
	[etch] - linux-ftpd-ssl <no-dsa> (Minor issue)
	TODO: next point release [etch] - linux-ftpd-ssl 0.17.18+0.3-6etch1
	- linux-ftpd 0.17-29 (bug #500278)
	[etch] - linux-ftpd <no-dsa> (Minor issue)
CVE-2008-XXXX [possible script injection via /etc/wordpress/wp-config.php]
	- wordpress <unfixed> (bug #500295; unimportant)
	NOTE: bigger problems, if attacker has access to /etc/wordpress/*
CVE-2008-4298 (Memory leak in the http_request_parse function in request.c in ...)
	{DSA-1645-1}
	- lighttpd 1.4.19-5 (medium)
	NOTE: http://www.lighttpd.net/security/lighttpd_sa_2008_07.txt
CVE-2008-XXXX [unsafe usage of temp file]
	- chillispot 1.0-10 (low; bug #500181)
	NOTE: the changelog doesn't mention the fix but its included in -10
	[etch] - chillispot <no-dsa> (minor issue)
CVE-2008-XXXX [unsafe usage of temp file]
	- debtorrent <unfixed> (unimportant; bug #500180)
	NOTE: Only exploitable when upgrading from an ancient version, package also not in Etch
	NOTE: Marking as unimportant
CVE-2008-4189
	REJECTED
CVE-2008-4188 (Unspecified vulnerability in the TYPO3 Secure Directory (kw_secdir) ...)
	NOT-FOR-US: kw_secdir extension for TYPO3
CVE-2008-4187 (Directory traversal vulnerability in index.php in ProActive CMS allows ...)
	NOT-FOR-US: ProActive CMS
CVE-2008-4186 (SQL injection vulnerability in index.php in webCMS Portal Edition ...)
	NOT-FOR-US: webCMS Portal Edition
CVE-2008-4185 (SQL injection vulnerability in index.php in webCMS Portal Edition ...)
	NOT-FOR-US: webCMS Portal Edition
CVE-2008-4184 (Cross-site scripting (XSS) vulnerability in index.php in webCMS Portal ...)
	NOT-FOR-US: webCMS Portal Edition
CVE-2008-4183 (IntegraMOD 1.4.x stores sensitive information under the web root with ...)
	NOT-FOR-US: IntegraMOD
CVE-2008-4182 (Cross-site scripting (XSS) vulnerability in imp/test.php in Horde ...)
	- turba2 2.2.1-2 (bug #500114; low)
	[etch] - turba2 <no-dsa> (Minor issue)
	- imp4 4.2-3 (bug #500553; low)
	[etch] - imp4 <no-dsa> (Minor issue)
CVE-2008-4181 (Directory traversal vulnerability in includes/xml.php in the Netenberg ...)
	NOT-FOR-US: Netenberg Fantastico De Luxe module for cPanel
CVE-2008-4180 (Unspecified vulnerability in db.php in NooMS 1.1 allows remote ...)
	NOT-FOR-US: NooMS
CVE-2008-4179 (Multiple cross-site scripting (XSS) vulnerabilities in NooMS 1.1 allow ...)
	NOT-FOR-US: NooMS
CVE-2008-4178 (SQL injection vulnerability in tr.php in DownlineGoldmine Special ...)
	NOT-FOR-US: DownlineGoldmine, etc.
CVE-2008-4177 (SQL injection vulnerability in search.php in Pre Real Estate Listings ...)
	NOT-FOR-US: Pre Real Estate Listings
CVE-2008-4176 (SQL injection vulnerability in izle.asp in FoT Video scripti 1.1 beta ...)
	NOT-FOR-US: FoT Video scripti
CVE-2008-4175 (Multiple SQL injection vulnerabilities in Link Bid Script 1.5 allow ...)
	NOT-FOR-US: Link Bid Script
CVE-2008-4174 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...)
	NOT-FOR-US: Dynamic MP3 Lister
CVE-2008-4173 (SQL injection vulnerability in ProArcadeScript 1.3 allows remote ...)
	NOT-FOR-US: ProArcadeScript
CVE-2008-4172 (SQL injection vulnerability in page.php in Cars &amp; Vehicle (aka ...)
	NOT-FOR-US: Cars & Vehicle
CVE-2008-4171 (SQL injection vulnerability in xmlout.php in Invision Power Board ...)
	NOT-FOR-US: Invision Power Board
CVE-2008-4170 (create_account.php in osCommerce 2.2 RC 2a allows remote attackers to ...)
	NOT-FOR-US: osCommerce
CVE-2008-4169 (SQL injection vulnerability in detaillist.php in iScripts EasyIndex ...)
	NOT-FOR-US: iScripts EasyIndex
CVE-2008-4168 (Cross-site scripting (XSS) vulnerability in verify_login.jsp in ...)
	NOT-FOR-US: Pro2col Stingray FTS
CVE-2008-4167 (useradmin.php in Easy Photo Gallery (aka Ezphotogallery) 2.1 does not ...)
	NOT-FOR-US: Easy Photo Gallery
CVE-2008-4166 (Integer overflow in the JavaScript engine in Avant Browser 11.7 Build ...)
	NOT-FOR-US: Avant Browser
CVE-2008-4165 (admin/user/create_user.php in Kolab Groupware Server 1.0.0 places a ...)
	NOT-FOR-US: Kolab Groupware Server 1.0.0
	NOTE: Debian has kolabd and kolab-webadmin, but neither has the file create_user.php.
	NOTE: But we have only 0.4 (in etch) and 2.1 (in lenny+sid), maybe 1.0 is different.
CVE-2008-4164 (cron.php in MemHT Portal 3.9.0 and earlier allows remote attackers to ...)
	NOT-FOR-US: MemHT Portal
CVE-2008-4163 (Unspecified vulnerability in ISC BIND 9.3.5-P2-W1, 9.4.2-P2-W1, and ...)
	- bind9 <not-affected> (windows specific issue)
CVE-2008-4162 (Open redirect vulnerability in admin/auth.php in NooMS 1.1 allows ...)
	NOT-FOR-US: NooMS
CVE-2008-4161 (SQL injection vulnerability in search_inv.php in Assetman 2.5b allows ...)
	NOT-FOR-US: Assetman
CVE-2008-4160 (Unspecified vulnerability in the UFS module in Sun Solaris 8 through ...)
	NOT-FOR-US: Sun Solaris
CVE-2008-4159 (SQL injection vulnerability in index.php in Jaw Portal and Zanfi CMS ...)
	NOT-FOR-US: Jaw Portal and Zanfi CMS
CVE-2008-4158 (Multiple directory traversal vulnerabilities in index.php in Zanfi CMS ...)
	NOT-FOR-US: Zanfi CMS
CVE-2008-4157 (SQL injection vulnerability in groups.php in Vastal I-Tech phpVID 1.1 ...)
	NOT-FOR-US: Vastal I-Tech phpVID
CVE-2008-4156 (SQL injection vulnerability in print.php in CustomCms (CCMS) Gaming ...)
	NOT-FOR-US: CustomCms (CCMS) Gaming Portal
CVE-2008-4155 (Multiple directory traversal vulnerabilities in EasySite 2.3 allow ...)
	NOT-FOR-US: EasySite
CVE-2008-4154 (SQL injection vulnerability in living-e webEdition CMS allows remote ...)
	NOT-FOR-US: living-e webEdition CMS
CVE-2008-4153 (The Talk module 5.x before 5.x-1.3 and 6.x before 6.x-1.5, a module ...)
	NOT-FOR-US: Talk module for Drupal
CVE-2008-4152 (Cross-site scripting (XSS) vulnerability in the Talk module 5.x before ...)
	NOT-FOR-US: Talk module for Drupal
CVE-2008-4151 (Directory traversal vulnerability in collect.php in CYASK 3.x allows ...)
	NOT-FOR-US: CYASK
CVE-2008-4150 (SQL injection vulnerability in picture_category.php in Diesel Joke ...)
	NOT-FOR-US: Diesel Joke Site
CVE-2008-4149 (Cross-site scripting (XSS) vulnerability in the Greg Holsclaw Link to ...)
	NOT-FOR-US: Greg Holsclaw Link to Us module for Drupal
CVE-2008-4148 (SQL injection vulnerability in the Mailhandler module 5.x before ...)
	NOT-FOR-US: Mailhandler module for Drupal
CVE-2008-4147 (Cross-site scripting (XSS) vulnerability in the Mailsave module 5.x ...)
	NOT-FOR-US: Mailsave module for Drupal
CVE-2008-4146 (Addalink 1.0 beta 4 and earlier allows remote attackers to (1) approve ...)
	NOT-FOR-US: Addalink
CVE-2008-4145 (SQL injection vulnerability in user_read_links.php in Addalink 1.0 ...)
	NOT-FOR-US: Addalink
CVE-2008-4144 (SQL injection vulnerability in index.php in ACG-ScriptShop E-Gold ...)
	NOT-FOR-US: ACG-ScriptShop E-Gold Script Shop
CVE-2008-4143 (SQL injection vulnerability in category_search.php in RazorCommerce ...)
	NOT-FOR-US: RazorCommerce Shopping Cart
CVE-2008-4142 (SQL injection vulnerability in article.php in E-Php CMS allows remote ...)
	NOT-FOR-US: E-Php CMS
CVE-2008-4141 (Multiple PHP remote file inclusion vulnerabilities in x10Media x10 ...)
	NOT-FOR-US: x10Media x10 Automatic MP3 Script
CVE-2008-4140 (Cross-site scripting (XSS) vulnerability in admin.php in Quick.Cart ...)
	NOT-FOR-US: Quick.Cart
CVE-2008-4139 (Cross-site scripting (XSS) vulnerability in admin.php in OpenSolution ...)
	NOT-FOR-US: OpenSolution Quick.Cms.Lite
CVE-2008-4138 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: Technote
CVE-2008-4137 (PHP remote file inclusion vulnerability in footer.php in PHP-Crawler ...)
	NOT-FOR-US: PHP-Crawler
CVE-2008-4136 (Michael Roth Software Personal FTP Server (PFT) 6.0f allows remote ...)
	NOT-FOR-US: Michael Roth Software Personal FTP Server (PFT)
CVE-2008-4135 (Symbian OS S60 3rd edition on the Nokia E90 Communicator and Nseries ...)
	NOT-FOR-US: Symbian
CVE-2008-4134 (PHP remote file inclusion vulnerability in manager/static/view.php in ...)
	NOT-FOR-US: phpRealty
CVE-2008-4133 (The web proxy service on the D-Link DIR-100 with firmware 1.12 and ...)
	NOT-FOR-US: D-Link
CVE-2008-4132 (Stack-based buffer overflow in the VSFlexGrid.VSFlexGridL ActiveX ...)
	NOT-FOR-US: SFlexGrid.VSFlexGridL ActiveX
CVE-2008-4131 (Multiple unspecified vulnerabilities in Sun Solaris 8 through 10 allow ...)
	NOT-FOR-US: Sun Solaris
CVE-2008-4130 (Cross-site scripting (XSS) vulnerability in Gallery 2.x before 2.2.6 ...)
	- gallery2 2.2.6-1
CVE-2008-4129 (Gallery before 1.5.9, and 2.x before 2.2.6, does not properly handle ...)
	- gallery 1.5.9-1 (medium)
	- gallery2 2.2.6-1 (medium)
CVE-2008-4128 (Multiple cross-site request forgery (CSRF) vulnerabilities in the HTTP ...)
	NOT-FOR-US: Cisco
CVE-2008-4127 (Mshtml.dll in Microsoft Internet Explorer 7 Gold 7.0.5730 and 8 Beta ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2008-4126 (PyDNS (aka python-dns) before 2.3.1-5 in Debian GNU/Linux does not use ...)
	- python-dns 2.3.1-5 (bug #490217)
CVE-2008-4125 (The search function in phpBB 2.x provides a search_id value that leaks ...)
	- phpbb2 2.0.23+repack-3 (low; bug #500086)
	- phpbb3 <not-affected> (vulnerable code not present)
	NOTE: this is actually a bug in the seeding by PHP, not phpBB per se, but
	NOTE: fixing it nonetheless as a workaround.
CVE-2008-4124
	RESERVED
CVE-2008-4123
	RESERVED
CVE-2008-4122 (Joomla! 1.5.8 does not set the secure flag for the session cookie in ...)
	NOT-FOR-US: Joomla
CVE-2008-4121 (Multiple cross-site scripting (XSS) vulnerabilities in cpCommerce ...)
	NOT-FOR-US: cpCommerce
CVE-2008-4120 (Multiple cross-site scripting (XSS) vulnerabilities in FlatPress 0.804 ...)
	NOT-FOR-US: FlatPress
CVE-2008-4119 (Multiple cross-site scripting (XSS) vulnerabilities in CA Service Desk ...)
	NOT-FOR-US: CA Service Desk
CVE-2008-4118 (Cross-site scripting (XSS) vulnerability in High Norm Sound Master 2nd ...)
	NOT-FOR-US: High Norm Sound Master
CVE-2008-4117 (Unspecified vulnerability in a web page in the PRM module in Sun ...)
	NOT-FOR-US: Sun Management Center (SunMC)
CVE-2008-4116 (Buffer overflow in Apple QuickTime 7.5.5 and iTunes 8.0 allows remote ...)
	NOT-FOR-US: Apple
CVE-2008-4201 (Heap-based buffer overflow in the decodeMP4file function ...)
	- faad2 2.6.1-3.1 (bug #499899)
	NOTE: http://bugs.gentoo.org/show_bug.cgi?id=238445
	NOTE: http://www.audiocoding.com/
	NOTE: http://www.audiocoding.com/patch/main_overflow.diff
CVE-2008-4115 (TalkBack 2.3.6 allows remote attackers to obtain configuration ...)
	NOT-FOR-US: TalkBack
CVE-2008-4114 (srv.sys in the Server service in Microsoft Windows 2000 SP4, XP SP2 ...)
	NOT-FOR-US: Microsoft Windows
CVE-2008-4113 (The sctp_getsockopt_hmac_ident function in net/sctp/socket.c in the ...)
	{DSA-1655-1}
	- linux-2.6 2.6.26-5
	[etch] - linux-2.6 <not-affected> (Vulnerable code not present)
	- linux-2.6.24 2.6.24-6~etchnhalf.6
CVE-2008-4112
	REJECTED
CVE-2008-4111 (Unspecified vulnerability in Servlet Engine/Web Container in IBM ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2008-4110 (Buffer overflow in the SQLVDIRLib.SQLVDirControl ActiveX control in ...)
	NOT-FOR-US: Microsoft
CVE-2008-4107 (The (1) rand and (2) mt_rand functions in PHP 5.2.6 do not produce ...)
	- php5 <unfixed> (unimportant; bug #500087)
	NOTE: the rand() and mt_rand() functions were never said to be cryptographically strong
	NOTE: http://www.math.sci.hiroshima-u.ac.jp/~m-mat/MT/efaq.html
CVE-2008-4106 (WordPress before 2.6.2 does not properly handle MySQL warnings about ...)
	- wordpress 2.5.1-8 (bug #500115)
CVE-2008-4105 (JRequest in Joomla! 1.5 before 1.5.7 does not sanitize variables that ...)
	NOT-FOR-US: Joomla
CVE-2008-4104 (Multiple open redirect vulnerabilities in Joomla! 1.5 before 1.5.7 ...)
	NOT-FOR-US: Joomla
CVE-2008-4103 (The mailto (aka com_mailto) component in Joomla! 1.5 before 1.5.7 ...)
	NOT-FOR-US: Joomla
CVE-2008-4102 (Joomla! 1.5 before 1.5.7 initializes PHP's PRNG with a weak seed, ...)
	NOT-FOR-US: Joomla
CVE-2008-4101 (Vim 3.0 through 7.x before 7.2.010 does not properly escape ...)
	- vim 2:7.2.010-1 (low; bug #500381)
	[lenny] - vim 1:7.1.314-3+lenny1
CVE-2008-4098 (MySQL before 5.0.67 allows local users to bypass certain privilege ...)
	{DSA-1662-1}
	- mysql-dfsg-5.0 5.0.67-1
	[lenny] - mysql-dfsg-5.0 5.0.51a-18
CVE-2008-4097 (MySQL 5.0.51a allows local users to bypass certain privilege checks by ...)
	{DSA-1608-1}
	- mysql-dfsg-5.0 5.0.51a-10
CVE-2008-4095 (Multiple unspecified vulnerabilities in the Importer in Flip4Mac WMV ...)
	NOT-FOR-US: Flip4Mac WMV
CVE-2008-4094 (Multiple SQL injection vulnerabilities in Ruby on Rails before 2.1.1 ...)
	- rails 2.1.0-1 (medium; bug #500791)
	NOTE: in mysql this only allows information disclosure as multiline statements are
	NOTE: not allowed by default
CVE-2008-4093 (SQL injection vulnerability in memberstats.php in YourOwnBux 3.1 and ...)
	NOT-FOR-US: YourOwnBux
CVE-2008-4092 (SQL injection vulnerability in printfeature.php in myPHPNuke (MPN) ...)
	NOT-FOR-US: myPHPNuke
CVE-2008-4091 (SQL injection vulnerability in index.php in Web Directory Script 1.5.3 ...)
	NOT-FOR-US: Web Directory Script
CVE-2008-4090 (SQL injection vulnerability in index.php in PHP Coupon Script 4.0 ...)
	NOT-FOR-US: PHP Coupon Script
CVE-2008-4089 (Cross-site scripting (XSS) vulnerability in print.php in myPHPNuke ...)
	NOT-FOR-US: myPHPNuke
CVE-2008-4088 (SQL injection vulnerability in print.php in myPHPNuke (MPN) before ...)
	NOT-FOR-US: myPHPNuke
CVE-2008-4087 (Stack-based buffer overflow in Acoustica Beatcraft 1.02 Build 19 ...)
	NOT-FOR-US: Acoustica Beatcraft
CVE-2008-4086 (SQL injection vulnerability in index.php in Reciprocal Links Manager ...)
	NOT-FOR-US: Reciprocal Links Manager
CVE-2008-4085 (plaiter in Plait before 1.6 allows local users to overwrite arbitrary ...)
	- plait 1.5.2-2 (low; bug #496381)
CVE-2008-4084 (SQL injection vulnerability in staticpages/easyclassifields/index.php ...)
	NOT-FOR-US: MyioSoft EasyClassifields
CVE-2008-4083 (Cross-site scripting (XSS) vulnerability in the Bookmarks plugin in ...)
	NOT-FOR-US: Brim
CVE-2008-4082 (SQL injection vulnerability in the Tasks plugin in Brim 2.0.0, when ...)
	NOT-FOR-US: Brim
CVE-2008-4081 (admin/login.php in Stash 1.0.3 allows remote attackers to bypass ...)
	NOT-FOR-US: Stash
CVE-2008-4080 (SQL injection vulnerability in Stash 1.0.3, when magic_quotes_gpc is ...)
	NOT-FOR-US: Stash
CVE-2008-4079 (Cross-site scripting (XSS) vulnerability in Movable Type (MT) 4.x ...)
	- movabletype-opensource 4.2~rc5-1 (low; bug #499252)
CVE-2008-4078 (SQL injection vulnerability in the AR/AP transaction report in (1) ...)
	- sql-ledger <unfixed> (unimportant)
	NOTE: Only supported behind an authenticated HTTP zone, see README.Debian
CVE-2008-4077 (The CGI scripts in (1) LedgerSMB (LSMB) before 1.2.15 and (2) ...)
	- sql-ledger <unfixed> (unimportant)
	NOTE: Only supported behind an authenticated HTTP zone
CVE-2008-4076 (Cross-site scripting (XSS) vulnerability in (1) Tor World Tor Board ...)
	NOT-FOR-US: Tor World Software
CVE-2008-4075 (Directory traversal vulnerability in index.php in D-iscussion Board ...)
	NOT-FOR-US: D-iscussion Board
CVE-2008-4074 (SQL injection vulnerability in index.php in Zanfi Autodealers CMS ...)
	NOT-FOR-US: Zanfi Autodealers CMS
CVE-2008-4073 (SQL injection vulnerability in index.php in Zanfi Autodealers CMS ...)
	NOT-FOR-US: Zanfi Autodealers CMS
CVE-2008-4072 (Multiple SQL injection vulnerabilities in index.php in phsBlog 0.2 ...)
	NOT-FOR-US: phsBlog
CVE-2008-4071 (A certain ActiveX control in Adobe Acrobat 9, when used with Microsoft ...)
	NOT-FOR-US: Microsoft
CVE-2008-4070 (Heap-based buffer overflow in Mozilla Thunderbird before 2.0.0.17 and ...)
	{DSA-1697-1 DSA-1696-1}
	- iceape 1.1.12-1
	- icedove 2.0.0.17-1
CVE-2008-4069 (The XBM decoder in Mozilla Firefox before 2.0.0.17 and SeaMonkey ...)
	{DSA-1697-1 DSA-1669-1 DSA-1649-1}
	NOTE: Iceweasel 3.0 aka Xulrunner 1.9 not affected
	- iceweasel 3.0
	- xulrunner 1.9
	- iceape 1.1.12-1
CVE-2008-4068 (Directory traversal vulnerability in Mozilla Firefox before 2.0.0.17 ...)
	{DSA-1697-1 DSA-1696-1 DSA-1669-1 DSA-1649-1}
	- xulrunner 1.9.0.3-1
	- iceape 1.1.12-1
	- iceweasel 3.0.3-1
	- icedove 2.0.0.17-1
CVE-2008-4067 (Directory traversal vulnerability in Mozilla Firefox before 2.0.0.17 ...)
	{DSA-1697-1 DSA-1696-1 DSA-1669-1 DSA-1649-1}
	- xulrunner 1.9.0.3-1
	- iceape 1.1.12-1
	- iceweasel 3.0.3-1
	- icedove 2.0.0.17-1
CVE-2008-4066 (Mozilla Firefox 2.0.0.14, and other versions before 2.0.0.17, allows ...)
	{DSA-1669-1 DSA-1649-1}
	NOTE: Iceweasel 3.0 aka Xulrunner 1.9 not affected
	NOTE: Fix should be in next iceape/icedove DSA patchround
	- iceweasel 3.0
	- xulrunner 1.9
	- iceape 1.1.12-1
	- icedove 2.0.0.17-1
CVE-2008-4065 (Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird ...)
	{DSA-1697-1 DSA-1696-1 DSA-1669-1 DSA-1649-1}
	- xulrunner 1.9.0.3-1
	- iceape 1.1.12-1
	- iceweasel 3.0.3-1
	- icedove 2.0.0.17-1
CVE-2008-4064 (Multiple unspecified vulnerabilities in Mozilla Firefox 3.x before ...)
	{DSA-1669-1}
	- xulrunner 1.9.0.3-1
	- iceweasel 3.0.3-1
	[etch] - iceweasel <not-affected> (Vulnerable code not present)
CVE-2008-4063 (Multiple unspecified vulnerabilities in Mozilla Firefox 3.x before ...)
	{DSA-1669-1}
	- xulrunner 1.9.0.3-1
	- iceweasel 3.0.3-1
	[etch] - iceweasel <not-affected> (Vulnerable code not present)
CVE-2008-4062 (Multiple unspecified vulnerabilities in Mozilla Firefox before ...)
	{DSA-1697-1 DSA-1696-1 DSA-1669-1 DSA-1649-1}
	- xulrunner 1.9.0.3-1
	- iceape 1.1.12-1
	- iceweasel 3.0.3-1
	- icedove 2.0.0.17-1
CVE-2008-4061 (Integer overflow in the MathML component in Mozilla Firefox before ...)
	{DSA-1697-1 DSA-1696-1 DSA-1669-1 DSA-1649-1}
	- xulrunner 1.9.0.3-1
	- iceape 1.1.12-1
	- iceweasel 3.0.3-1
	- icedove 2.0.0.17-1
CVE-2008-4060 (Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird ...)
	{DSA-1697-1 DSA-1696-1 DSA-1669-1 DSA-1649-1}
	- xulrunner 1.9.0.3-1
	- iceape 1.1.12-1
	- iceweasel 3.0.3-1
	- icedove 2.0.0.17-1
CVE-2008-4059 (The XPConnect component in Mozilla Firefox before 2.0.0.17 allows ...)
	{DSA-1697-1 DSA-1696-1 DSA-1669-1 DSA-1649-1}
	- xulrunner 1.9.0.3-1
	- iceape 1.1.12-1
	- iceweasel 3.0.3-1
	- icedove 2.0.0.17-1
CVE-2008-4058 (The XPConnect component in Mozilla Firefox before 2.0.0.17 and 3.x ...)
	{DSA-1697-1 DSA-1696-1 DSA-1669-1 DSA-1649-1}
	- xulrunner 1.9.0.3-1
	- iceape 1.1.12-1
	- iceweasel 3.0.3-1
	- icedove 2.0.0.17-1
CVE-2008-4057 (Unspecified vulnerability in Objective Development Sharity 3 before ...)
	NOT-FOR-US: Objective Development Sharity
CVE-2008-4056 (Cross-site scripting (XSS) vulnerability in admin/login.php in ...)
	NOT-FOR-US: Matterdaddy Market
CVE-2008-4055 (SQL injection vulnerability in tops_top.php in Million Pixel Ad Script ...)
	NOT-FOR-US: Million Pixel Ad Script
CVE-2008-4054 (SQL injection vulnerability in indir.php in Kolifa.net Download Script ...)
	NOT-FOR-US: Kolifa.net Download Script
CVE-2008-4053 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...)
	NOT-FOR-US: Bluemoon PopnupBLOG
CVE-2008-4052 (Stack-based buffer overflow in SMGSHR.EXE in OpenVMS for Integrity ...)
	NOT-FOR-US: OpenVMS for Integrity Servers
CVE-2008-4051 (Cross-site scripting (XSS) vulnerability in surveyresults.asp in Smart ...)
	NOT-FOR-US: Smart Survey
CVE-2008-4050 (A certain ActiveX control in fwRemoteCfg.dll 3.3.3.1 in Friendly ...)
	NOT-FOR-US: Friendly Technologies FriendlyPPPoE Client
CVE-2008-4049 (A certain ActiveX control in fwRemoteCfg.dll 3.3.3.1 in Friendly ...)
	NOT-FOR-US: Friendly Technologies FriendlyPPPoE Client
CVE-2008-4048 (Heap-based buffer overflow in a certain ActiveX control in ...)
	NOT-FOR-US: Friendly Technologies FriendlyPPPoE Client
CVE-2008-4047 (Unspecified vulnerability in Novell Forum (formerly SiteScape Forum) ...)
	NOT-FOR-US: Novell Forum
CVE-2008-4046 (SQL injection vulnerability in index.php in eliteCMS 1.0 allows remote ...)
	NOT-FOR-US: eliteCMS
CVE-2008-4045 (Multiple cross-site scripting (XSS) vulnerabilities in @Mail 5.42 ...)
	NOT-FOR-US: @Mail
CVE-2008-4044 (SQL injection vulnerability in article/readarticle.php in AJ Square ...)
	NOT-FOR-US: AJ Square aj-hyip
CVE-2008-4043 (Multiple SQL injection vulnerabilities in AJ Square AJ HYIP Acme allow ...)
	NOT-FOR-US: AJ Square aj-hyip
CVE-2008-4042
	REJECTED
CVE-2008-4041 (The IMAP server in Softalk Mail Server (formerly WorkgroupMail) ...)
	NOT-FOR-US: Softalk Mail Server
CVE-2008-4040 (Directory traversal vulnerability in the Kyocera Command Center in ...)
	NOT-FOR-US: Kyocera FS-118MFP
CVE-2008-4039 (SQL injection vulnerability in index.php in Spice Classifieds allows ...)
	NOT-FOR-US: Spice Classifieds
CVE-2008-4038 (Buffer underflow in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server ...)
	NOT-FOR-US: Microsoft Windows
CVE-2008-4037 (Microsoft Windows 2000 Gold through SP4, XP Gold through SP3, Server ...)
	NOT-FOR-US: Microsoft Windows
CVE-2008-4036 (Integer overflow in Memory Manager in Microsoft Windows XP SP2 and ...)
	NOT-FOR-US: Microsoft Windows
CVE-2008-4035
	RESERVED
CVE-2008-4034
	RESERVED
CVE-2008-4033 (Cross-domain vulnerability in Microsoft XML Core Services 3.0 through ...)
	NOT-FOR-US: Microsoft XML Core
CVE-2008-4032 (Microsoft Office SharePoint Server 2007 Gold and SP1 and Microsoft ...)
	NOT-FOR-US: Microsoft Office Word
CVE-2008-4031 (Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and ...)
	NOT-FOR-US: Microsoft Office Word
CVE-2008-4030 (Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and ...)
	NOT-FOR-US: Microsoft Office Word
CVE-2008-4029 (Cross-domain vulnerability in Microsoft XML Core Services 3.0 and 4.0, ...)
	NOT-FOR-US: Microsoft XML Core
CVE-2008-4028 (Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and ...)
	NOT-FOR-US: Microsoft Office Word
CVE-2008-4027 (Double free vulnerability in Microsoft Office Word 2000 SP3, 2002 SP3, ...)
	NOT-FOR-US: Microsoft Office Word
CVE-2008-4026 (Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and ...)
	NOT-FOR-US: Microsoft Office Word
CVE-2008-4025 (Integer overflow in Microsoft Office Word 2000 SP3, 2002 SP3, 2003 ...)
	NOT-FOR-US: Microsoft Office Word
CVE-2008-4024 (Microsoft Office Word 2000 SP3 and 2002 SP3 and Office 2004 for Mac ...)
	NOT-FOR-US: Microsoft Office Word
CVE-2008-4023 (Active Directory in Microsoft Windows 2000 SP4 does not properly ...)
	NOT-FOR-US: Microsoft Windows
CVE-2008-4022
	RESERVED
CVE-2008-4021
	RESERVED
CVE-2008-4020 (Cross-site scripting (XSS) vulnerability in Microsoft Office XP SP3 ...)
	NOT-FOR-US: Microsoft Office
CVE-2008-4019 (Integer overflow in the REPT function in Microsoft Excel 2000 SP3, ...)
	NOT-FOR-US: Microsoft Office
CVE-2008-4109 (A certain Debian patch for OpenSSH before 4.3p2-9etch3 on etch; before ...)
	{DSA-1638-1 CVE-2006-5051}
	- openssh 1:4.6p1-1 (low)
	NOTE: The patch backported for CVE-2006-5051 was incorrect and did not
	NOTE: fully address the issue.  The upstream fix in 4.4p1 was
	NOTE: right, and it the next unstable upload after that was 4.6p1.
CVE-2008-4100 (GNU adns 1.4 and earlier uses a fixed source port and sequential ...)
	- adns 1.4-2 (unimportant; bug #492698)
	NOTE: adns is not supported in untrusted contexts, fix documents this in README.Debian
CVE-2008-4099 (PyDNS (aka python-dns) before 2.3.1-4 in Debian GNU/Linux does not use ...)
	{DSA-1619-1}
	- python-dns 2.3.1-5 (low; bug #490217)
CVE-2008-4096 (libraries/database_interface.lib.php in phpMyAdmin before 2.11.9.1 ...)
	{DSA-1641-1}
	- phpmyadmin 4:2.11.8.1-2 (medium)
CVE-2008-XXXX [unsafe use of tempfile in ssmclient]
	- smsclient <unfixed> (unimportant; bug #498901)
	NOTE: script is not in use and only a suggestion for users
CVE-2008-4108 (Tools/faqwiz/move-faqwiz.sh (aka the generic FAQ wizard moving tool) ...)
	- python-defaults <unfixed> (unimportant; bug #498899)
	NOTE: script is an example, which can be used by users
CVE-2008-4018 (swcons in bos.rte.console in IBM AIX 5.2.0 through 6.1.1 allows local ...)
	NOT-FOR-US: IBM AIX
CVE-2008-4017 (Unspecified vulnerability in the OC4J component in Oracle Application ...)
	NOT-FOR-US: Oracle
CVE-2008-4016 (Unspecified vulnerability in the Collaborative Workspaces component in ...)
	NOT-FOR-US: Oracle
CVE-2008-4015 (Unspecified vulnerability in the Oracle Streams component in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2008-4014 (Unspecified vulnerability in the Oracle BPEL Process Manager component ...)
	NOT-FOR-US: Oracle
CVE-2008-4013 (Unspecified vulnerability in the WebLogic Server component in BEA ...)
	NOT-FOR-US: BEA WebLogic
CVE-2008-4012 (Unspecified vulnerability in the WebLogic Workshop component in BEA ...)
	NOT-FOR-US: BEA WebLogic
CVE-2008-4011 (Unspecified vulnerability in the WebLogic Server component in BEA ...)
	NOT-FOR-US: BEA WebLogic
CVE-2008-4010 (Unspecified vulnerability in the WebLogic Workshop component in BEA ...)
	NOT-FOR-US: BEA WebLogic
CVE-2008-4009 (Unspecified vulnerability in the WebLogic Server component in BEA ...)
	NOT-FOR-US: BEA WebLogic
CVE-2008-4008 (Unspecified vulnerability in the WebLogic Server Plugins for Apache ...)
	NOT-FOR-US: BEA WebLogic
CVE-2008-4007 (Unspecified vulnerability in the PeopleSoft Enterprise Components ...)
	NOT-FOR-US: Oracle
CVE-2008-4006 (Unspecified vulnerability in the Oracle Secure Backup component in ...)
	NOT-FOR-US: Oracle
CVE-2008-4005 (Unspecified vulnerability in the Oracle Application Express component ...)
	NOT-FOR-US: Oracle
CVE-2008-4004 (Unspecified vulnerability in the JDE EnterpriseOne Business Service ...)
	NOT-FOR-US: Oracle
CVE-2008-4003 (Unspecified vulnerability in the PeopleTools component in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2008-4002 (Unspecified vulnerability in the PeopleTools component in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2008-4001 (Unspecified vulnerability in the PeopleSoft Enterprise Portal ...)
	NOT-FOR-US: Oracle
CVE-2008-4000 (Unspecified vulnerability in the PeopleTools component in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2008-3999 (Unspecified vulnerability in the Oracle OLAP component in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2008-3998 (Unspecified vulnerability in the Oracle iStore component in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2008-3997 (Unspecified vulnerability in the Oracle OLAP component in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2008-3996 (Unspecified vulnerability in the Change Data Capture component in ...)
	NOT-FOR-US: Oracle
CVE-2008-3995 (Unspecified vulnerability in the Change Data Capture component in ...)
	NOT-FOR-US: Oracle
CVE-2008-3994 (Unspecified vulnerability in the Workspace Manager component in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2008-3993 (Unspecified vulnerability in the Oracle Applications Framework ...)
	NOT-FOR-US: Oracle
CVE-2008-3992 (Unspecified vulnerability in the Oracle Data Mining component in ...)
	NOT-FOR-US: Oracle
CVE-2008-3991 (Unspecified vulnerability in the Oracle OLAP component in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2008-3990 (Unspecified vulnerability in the Oracle OLAP component in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2008-3989 (Unspecified vulnerability in the Oracle Data Mining component in ...)
	NOT-FOR-US: Oracle
CVE-2008-3988 (Unspecified vulnerability in the iSupplier Portal component in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2008-3987 (Unspecified vulnerability in the Oracle Discoverer Desktop component ...)
	NOT-FOR-US: Oracle
CVE-2008-3986 (Unspecified vulnerability in the Oracle Discoverer Administrator ...)
	NOT-FOR-US: Oracle
CVE-2008-3985 (Unspecified vulnerability in the Oracle Applications Technology Stack ...)
	NOT-FOR-US: Oracle
CVE-2008-3984 (Unspecified vulnerability in the Workspace Manager component in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2008-3983 (Unspecified vulnerability in the Workspace Manager component in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2008-3982 (Unspecified vulnerability in the Workspace Manager component in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2008-3981 (Unspecified vulnerability in the Oracle Secure Backup component in ...)
	NOT-FOR-US: Oracle
CVE-2008-3980 (Unspecified vulnerability in the Upgrade component in Oracle Database ...)
	NOT-FOR-US: Oracle
CVE-2008-3979 (Unspecified vulnerability in the Oracle Spatial component in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2008-3978 (Unspecified vulnerability in the Oracle Spatial component in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2008-3977 (Unspecified vulnerability in the Oracle Portal component in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2008-3976 (Unspecified vulnerability in the Oracle Spatial component in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2008-3975 (Unspecified vulnerability in the Oracle Portal component in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2008-3974 (Unspecified vulnerability in the Oracle OLAP component in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2008-3973 (Unspecified vulnerability in the SQL*Plus Windows GUI component in ...)
	NOT-FOR-US: Oracle
CVE-2008-3972 (pkcs15-tool in OpenSC before 0.11.6 does not apply security updates to ...)
	{DSA-1627-2}
	- opensc 0.11.4-5
CVE-2008-3971 (Heap-based buffer overflow in the open_man_file function in ...)
	- gmanedit 0.4.1-1.1 (low; bug #497835)
	[etch] - gmanedit <no-dsa> (Minor issue)
CVE-2008-3970 (pam_mount 0.10 through 0.45, when luserconf is enabled, does not ...)
	{DTSA-169-1}
	- libpam-mount 0.48-1 (low; bug #499841)
CVE-2008-3969 (Multiple unspecified vulnerabilities in BitlBee before 1.2.3 allow ...)
	- bitlbee 1.2.3-1 (bug #498159)
	[etch] - bitlbee <not-affected> (1.0.x not affected)
CVE-2008-3968 (Cross-site scripting (XSS) vulnerability in userlist.php in PunBB ...)
	NOT-FOR-US: PunBB
CVE-2008-3967 (moderation.php in MyBB (aka MyBulletinBoard) before 1.4.1 does not ...)
	NOT-FOR-US: MyBB
CVE-2008-3966 (Multiple cross-site scripting (XSS) vulnerabilities in MyBB (aka ...)
	NOT-FOR-US: MyBB
CVE-2008-3965 (SQL injection vulnerability in misc.php in MyBB (aka MyBulletinBoard) ...)
	NOT-FOR-US: MyBB
CVE-2008-3961 (Multiple unspecified vulnerabilities in Adobe Illustrator CS2 on ...)
	NOT-FOR-US: Adobe Illustrator
CVE-2008-3960 (Unspecified vulnerability in the JDBC Applet Server Service (aka ...)
	NOT-FOR-US: IBM DB2 UDB
CVE-2008-3959 (IBM DB2 UDB 8.1 before FixPak 16, 8.2 before FixPak 9, and 9.1 before ...)
	NOT-FOR-US: IBM DB2 UDB
CVE-2008-3958 (IBM DB2 UDB 8 before Fixpak 17 allows remote attackers to cause a ...)
	NOT-FOR-US: IBM DB2 UDB
CVE-2008-3957 (The Microsoft Windows Image Acquisition Logger ActiveX control allows ...)
	NOT-FOR-US: Microsoft
CVE-2008-3956 (orgchart.exe in Microsoft Organization Chart 2.00 allows user-assisted ...)
	NOT-FOR-US: Microsoft
CVE-2008-3955 (SQL injection vulnerability in index.php in Masir Camp E-Shop Module ...)
	NOT-FOR-US: Masir Camp E-Shop Module
CVE-2008-3954 (SQL injection vulnerability in index.php in AlstraSoft Forum Pay Per ...)
	NOT-FOR-US: AlstraSoft Forum Pay Per Post Exchange
CVE-2008-3953 (SQL injection vulnerability in keyword_search_action.php in Vastal ...)
	NOT-FOR-US: Vastal I-Tech Shaadi Zone
CVE-2008-3952 (SQL injection vulnerability in questions.php in EsFaq 2.0 allows ...)
	NOT-FOR-US: EsFaq
CVE-2008-3951 (SQL injection vulnerability in view_ann.php in Vastal I-Tech Agent ...)
	NOT-FOR-US: The Real Estate Script
CVE-2008-3950 (Off-by-one error in the ...)
	- webkit <not-affected> (Vulnerable code not present)
CVE-2008-3949 (Emacs 22.1 and 22.2 imports Python script from the current working ...)
	- emacs22 22.2+2-4 (low; bug #499568)
	- emacs21 <not-affected> (doesn't provide the python functionality)
	- xemacs21 <not-affected> (doesn't provide the python functionality)
	NOTE: This can happen with any Python script, just because Emacs autoloads one
	NOTE: doesn't make it much worse
CVE-2008-3948 (SQL injection vulnerability in admin/users/self-2.php in XRMS allows ...)
	NOT-FOR-US: XRMS
CVE-2008-3947 (DCL (aka the CLI) in OpenVMS Alpha 8.3 allows local users to gain ...)
	NOT-FOR-US: OpenVMS
CVE-2008-3946 (The finger client in HP TCP/IP Services for OpenVMS 5.x allows local ...)
	NOT-FOR-US: OpenVMS
CVE-2008-3945 (SQL injection vulnerability in index.php in Words tag 1.2 allows ...)
	NOT-FOR-US: Words tag
CVE-2008-3944 (SQL injection vulnerability in index.php in ACG-PTP 1.0.6 allows ...)
	NOT-FOR-US: ACG-PTP
CVE-2008-3943 (SQL injection vulnerability in listtest.php in eZoneScripts Living ...)
	NOT-FOR-US: eZoneScripts Living Local
CVE-2008-3942 (SQL injection vulnerability in landsee.php in Full PHP Emlak Script ...)
	NOT-FOR-US: Full PHP Emlak Script
CVE-2008-3941 (Cross-site scripting (XSS) vulnerability in BizDirectory 2.04 and ...)
	NOT-FOR-US: BizDirectory
CVE-2008-3940 (Format string vulnerability in the finger client in HP TCP/IP Services ...)
	NOT-FOR-US: OpenVMS
CVE-2008-3939 (Directory traversal vulnerability in the web interface in AVTECH PageR ...)
	NOT-FOR-US: AVTECH PageR Enterprise
CVE-2008-3938 (Cross-site request forgery (CSRF) vulnerability in user_admin.php in ...)
	NOT-FOR-US: Open Media Collectors Database
CVE-2008-3937 (Multiple cross-site scripting (XSS) vulnerabilities in Open Media ...)
	NOT-FOR-US: Open Media Collectors Database
CVE-2008-3936 (The web interface in Dreambox DM500C allows remote attackers to cause ...)
	NOT-FOR-US: Dreambox DM500C
CVE-2008-3935 (Cross-site scripting (XSS) vulnerability in DIC shop_v50 3.0 and ...)
	NOT-FOR-US: DIC shop_v50
CVE-2008-3931 (javareconf in R 2.7.2 allows local users to overwrite arbitrary files ...)
	- r-base-core-ra 1.1.1-2 (low; bug #496363)
	- r-base 2.7.2-1 (low; bug #496418)
	[etch] - r-base <no-dsa> (Minor issue)
	[lenny] - r-base 2.7.1-1+lenny1
CVE-2008-3930 (migrate_aliases.sh in Citadel Server 7.37 allows local users to ...)
	- citadel 7.37-3 (low; bug #496359)
CVE-2008-3929 (gather-messages.sh in Ampache 3.4.1 allows local users to overwrite ...)
	- ampache 3.4.1-2 (unimportant; bug #496369)
	NOTE: Tracking as unimportant, since the script is only used
	NOTE: when translating ampache to a new language
CVE-2008-3928 (test.sh in Honeyd 1.5c might allow local users to overwrite arbitrary ...)
	- honeyd 1.5c-5 (unimportant; bug #496365)
	NOTE: Script not used by package, only a manual test script
CVE-2008-3927 (genmsgidx in Tiger 3.2.2 allows local users to overwrite or delete ...)
	- tiger 1:3.2.2-4 (unimportant; bug #496415)
	NOTE: Tracking as unimportant, since the script is only used
	NOTE: during build time
CVE-2008-3926 (Multiple directory traversal vulnerabilities in Content Management ...)
	NOT-FOR-US: Content Management Made Easy
CVE-2008-3925 (Cross-site request forgery (CSRF) vulnerability in admin.php in ...)
	NOT-FOR-US: Content Management Made Easy
CVE-2008-3924 (The &quot;Make a backup&quot; functionality in Content Management Made Easy ...)
	NOT-FOR-US: Content Management Made Easy
CVE-2008-3923 (Multiple cross-site scripting (XSS) vulnerabilities in statistics.php ...)
	NOT-FOR-US: Content Management Made Easy
CVE-2008-3922 (awstatstotals.php in AWStats Totals 1.0 through 1.14 allows remote ...)
	NOT-FOR-US: AWStats Totals
CVE-2008-3921 (Multiple cross-site scripting (XSS) vulnerabilities in AWStats Totals ...)
	NOT-FOR-US: AWStats Totals
CVE-2008-3919 (Unspecified vulnerability in multiple JustSystems Ichitaro products ...)
	NOT-FOR-US: JustSystems Ichitaro
CVE-2008-3918 (SQL injection vulnerability in index.php in Ovidentia 6.6.5 allows ...)
	NOT-FOR-US: Ovidentia
CVE-2008-3917 (Cross-site scripting (XSS) vulnerability in index.php in Ovidentia ...)
	NOT-FOR-US: Ovidentia
CVE-2008-3916 (Heap-based buffer overflow in the strip_escapes function in signal.c ...)
	- ed 0.7-2 (low)
	[etch] - ed <no-dsa> (Minor issue)
CVE-2008-3915 (Buffer overflow in nfsd in the Linux kernel before 2.6.26.4, when ...)
	{DSA-1636-1}
	- linux-2.6 2.6.26-5
	- linux-2.6.24 2.6.24-6~etchnhalf.5
	[etch] - linux-2.6 <not-affected> (Vulnerable code was introduced in 2.6.19)
	NOTE: 91b80969ba466ba4b915a4a1d03add8c297add3f
CVE-2008-3911 (The proc_do_xprt function in net/sunrpc/sysctl.c in the Linux kernel ...)
	- linux-2.6 2.6.26-5
	[etch] - linux-2.6 <not-affected> (Vulnerable code not present)
	- linux-2.6.24 <not-affected> (Vulnerable code not present)
CVE-2008-3906 (CRLF injection vulnerability in Sys.Web in Mono 2.0 and earlier allows ...)
	- mono 1.9.1+dfsg-4 (low; bug #498894)
CVE-2008-3905 (resolv.rb in Ruby 1.8.5 and earlier, 1.8.6 before 1.8.6-p287, 1.8.7 ...)
	{DSA-1652-1 DSA-1651-1}
	- ruby1.8 1.8.7.72-1 (bug #498978)
	- ruby1.9 1.9.0.2-6 (bug #498977)
CVE-2008-3903 (Asterisk PBX 1.2 through 1.6 and Trixbox PBX 2.6.1, when running with ...)
	NOT-FOR-US: Asterisk PBX
CVE-2008-3902 (HP firmware 68DTT F.0D stores pre-boot authentication passwords in the ...)
	NOT-FOR-US: HP firmware 68DTT
CVE-2007-6717 (Buffer overflow in tftp in bos.net.tcp.client in IBM AIX 5.2.0 and ...)
	NOT-FOR-US: IBM AIX
CVE-2007-6716 (fs/direct-io.c in the dio subsystem in the Linux kernel before 2.6.23 ...)
	{DSA-1653-1}
	- linux-2.6 2.6.23-1
	- linux-2.6.24 <not-affected> (Vulnerable code not present)
	NOTE: 848c4dd5153c7a0de55470ce99a8e13a63b4703f
CVE-2008-3962 (The from_format function in ssmtp.c in ssmtp 2.61 and 2.62, in certain ...)
	- ssmtp 2.62-1.1 (low; bug #498366)
	[etch] - ssmtp <no-dsa> (Minor issue, only affects rare corner cases)
CVE-2008-3963 (MySQL 5.0 before 5.0.66, 5.1 before 5.1.26, and 6.0 before 6.0.6 does ...)
	- mysql-dfsg-5.0 5.0.51a-15 (low; bug #498362)
begin claimed by white
CVE-2008-3964 (Multiple off-by-one errors in libpng before 1.2.32beta01, and 1.4 ...)
	- libpng 1.2.27-2 (low; bug #501109)
	[etch] - libpng <not-affected> (Vulnerable code not present)
	NOTE: off-by-one error in pngpread.c is not present, must have
	NOTE: been introduced later, but pngtest.c is affected. However, there
	NOTE: is no known exploit.
end claimed by white
CVE-2008-3912 (libclamav in ClamAV before 0.94 allows attackers to cause a denial of ...)
	{DSA-1660-1}
	- clamav 0.94.dfsg-1
CVE-2008-3913 (Multiple memory leaks in freshclam/manager.c in ClamAV before 0.94 ...)
	{DSA-1660-1}
	- clamav 0.94.dfsg-1
CVE-2008-3914 (Multiple unspecified vulnerabilities in ClamAV before 0.94 have ...)
	{DSA-1660-1}
	- clamav 0.94.dfsg-1
CVE-2008-XXXX [buffer overflow via crafted configuration file (COMMAND)]
	- gmanedit 0.4.1-1.1 (unimportant; bug #497835)
	NOTE: you can execute commands via this with a valid configuration string anyway
CVE-2008-3934 (Unspecified vulnerability in Wireshark (formerly Ethereal) 0.99.6 ...)
	{DTSA-167-1}
	- wireshark 1.0.3-1 (bug #497878)
	[etch] - wireshark <not-affected> (Only >= 0.99.6)
CVE-2008-3933 (Wireshark (formerly Ethereal) 0.10.14 through 1.0.2 allows attackers ...)
	{DSA-1673-1 DTSA-167-1}
	- wireshark 1.0.3-1 (low; bug #497878)
CVE-2008-3932 (Wireshark (formerly Ethereal) 0.9.7 through 1.0.2 allows attackers to ...)
	{DTSA-167-1}
	- wireshark 1.0.3-1 (low; bug #497878)
CVE-2008-3904 (src/main-win.c in GPicView 0.1.9 in Lightweight X11 Desktop ...)
	- gpicview 0.1.9-2 (low; bug #498022)
CVE-2008-3909 (The administration application in Django 0.91, 0.95, and 0.96 stores ...)
	{DSA-1640-1}
	- python-django 1.0-1
	NOTE: http://www.djangoproject.com/weblog/2008/sep/02/security/
CVE-2008-3910 (dns2tcp before 0.4.1 does not properly handle negative values in a ...)
	- dns2tcp 0.4.dfsg-2 (medium; bug #497730)
CVE-2008-3901 (Software suspend 2 2-2.2.1, when used with the Linux kernel 2.6.16, ...)
	TODO: check
CVE-2008-3900 (Intel firmware PE94510M.86A.0050.2007.0710.1559 stores pre-boot ...)
	NOT-FOR-US: Intel firmware
CVE-2008-3899 (TrueCrypt 5.0 stores pre-boot authentication passwords in the BIOS ...)
	NOT-FOR-US: TrueCrypt
CVE-2008-3898 (Secu Star DriveCrypt Plus Pack 3.9 stores pre-boot authentication ...)
	NOT-FOR-US: Secu Star DriveCrypt
CVE-2008-3897 (DiskCryptor 0.2.6 on Windows stores pre-boot authentication passwords ...)
	NOT-FOR-US: DiskCryptor
CVE-2008-3896 (Grub Legacy 0.97 and earlier stores pre-boot authentication passwords ...)
	- grub <unfixed> (unimportant)
	NOTE: you need to be root on linux to do this, root can easily edit menu.lst anyway
CVE-2008-3895 (LILO 22.6.1 and earlier stores pre-boot authentication passwords in ...)
	- lilo <unfixed> (unimportant)
	NOTE: you need to be root on linux to do this, root can edit the configuration anyway
CVE-2008-3894 (IBM Lenovo firmware 7CETB5WW 2.05 stores pre-boot authentication ...)
	NOT-FOR-US: IBM Lenovo firmware
CVE-2008-3893 (Microsoft Bitlocker in Windows Vista before SP1 stores pre-boot ...)
	NOT-FOR-US: Bitlocker
CVE-2008-3892 (Buffer overflow in a certain ActiveX control in the COM API in VMware ...)
	NOT-FOR-US: VMware COM API
CVE-2008-3891 (The SAML Single Sign-On (SSO) Service for Google Apps allows remote ...)
	NOT-FOR-US: SAML Service for Google Apps
CVE-2008-3890 (The kernel in FreeBSD 6.3 through 7.0 on amd64 platforms can make an ...)
	- kfreebsd-6 6.3-7
	- kfreebsd-7 7.0-5
CVE-2008-3888 (SQL injection vulnerability in members.asp in Mini-NUKE Freehost 2.3 ...)
	NOT-FOR-US: Mini-NUKE Freehost
CVE-2008-3887 (Multiple SQL injection vulnerabilities in index.php in dotProject ...)
	NOT-FOR-US: dotProject
CVE-2008-3886 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...)
	NOT-FOR-US: dotProject
CVE-2008-3885 (Cross-site request forgery (CSRF) vulnerability in Blogn (BURO GUN) ...)
	NOT-FOR-US: Blogn
CVE-2008-3884 (Cross-site scripting (XSS) vulnerability in Blogn (BURO GUN) 1.9.7 and ...)
	NOT-FOR-US: Blogn
CVE-2008-3883 (configvar in Caudium 1.4.12 allows local users to overwrite arbitrary ...)
	- caudium 1.4.12-11.1 (low; bug #496404)
CVE-2008-3882 (Unspecified &quot;Command Injection&quot; vulnerability in ZoneMinder 1.23.3 and ...)
	- zoneminder <unfixed> (bug #497640)
CVE-2008-3881 (Multiple cross-site scripting (XSS) vulnerabilities in ZoneMinder ...)
	- zoneminder <unfixed> (low; bug #497640)
CVE-2008-3880 (SQL injection vulnerability in zm_html_view_event.php in ZoneMinder ...)
	- zoneminder <unfixed> (bug #497640)
CVE-2008-3879 (The Ultra.OfficeControl ActiveX control in OfficeCtrl.ocx 2.0.2008.801 ...)
	NOT-FOR-US: ActiveX control in OfficeCtrl.ocx
CVE-2008-3878 (Stack-based buffer overflow in the Ultra.OfficeControl ActiveX control ...)
	NOT-FOR-US: ActiveX control in OfficeCtrl.ocx
CVE-2008-3877 (Stack-based buffer overflow in Acoustica Mixcraft 4.1 Build 96 and 4.2 ...)
	NOT-FOR-US: Acoustica Mixcraft
CVE-2008-3876 (Apple iPhone 2.0.2, in some configurations, allows physically ...)
	NOT-FOR-US: Apple iPhone
CVE-2008-3875 (The kernel in Sun Solaris 8 through 10 and OpenSolaris before snv_90 ...)
	NOT-FOR-US: Sun Solaris 8
CVE-2008-3874 (Cross-site scripting (XSS) vulnerability in account.php in Lussumo ...)
	NOT-FOR-US: Lussumo Vanilla
CVE-2008-3873 (The System.setClipboard method in ActionScript in Adobe Flash Player ...)
	NOT-FOR-US: Adobe Flash Player
	NOTE: System.setClipboard is not implemented (yet?) in gnash 0.8.3 and swfdec0.6 0.6.8
CVE-2008-3872 (Adobe Flash Player 8.0.39.0 and earlier, and 9.x up to 9.0.115.0, ...)
	- flashplugin-nonfree 1:1.4
	[etch] - flashplugin-nonfree <no-dsa> (Contrib not supported)
	NOTE: automatically downloads latest update from adobe which is 9.0.124.0 currently
CVE-2008-3871
	RESERVED
CVE-2008-3870
	RESERVED
CVE-2008-3869
	RESERVED
CVE-2008-3868 (Cross-site request forgery (CSRF) vulnerability in Interact 2.4.1 ...)
	NOT-FOR-US: Interact
CVE-2008-3867 (SQL injection vulnerability in spaces/emailuser.php in Interact 2.4.1 ...)
	NOT-FOR-US: Interact
CVE-2008-3866 (The Trend Micro Personal Firewall service (aka TmPfw.exe) in Trend ...)
	NOT-FOR-US: Trend Micro Personal Firewall
CVE-2008-3865 (Multiple heap-based buffer overflows in the ApiThread function in the ...)
	NOT-FOR-US: Trend Micro Network Security Component
CVE-2008-3864 (The ApiThread function in the firewall service (aka TmPfw.exe) in ...)
	NOT-FOR-US: Trend Micro Network Security Component
CVE-2008-3863 (Stack-based buffer overflow in the read_special_escape function in ...)
	{DSA-1670-1}
	- enscript 1.6.4-13 (bug #506261)
CVE-2008-3862 (Stack-based buffer overflow in CGI programs in the server in Trend ...)
	NOT-FOR-US: Trend Micro OfficeScan
CVE-2008-3861 (Multiple SQL injection vulnerabilities in phpMyRealty (PMR) 1.0.9 and ...)
	NOT-FOR-US: phpMyRealty
CVE-2008-3860 (Multiple cross-site scripting (XSS) vulnerabilities (1) in the WYSIWYG ...)
	NOT-FOR-US: IBM, Lotus Quickr 8.1 
CVE-2008-3859 (Davlin Thickbox Gallery 2 allows remote attackers to obtain the ...)
	NOT-FOR-US: Davlin Thickbox Gallery
CVE-2008-3858 (The Downlevel DB2RA Support component in IBM DB2 9.1 before Fixpak 4a ...)
	NOT-FOR-US: IBM DB2
CVE-2008-3857 (The Base Service Utilities component in IBM DB2 9.1 before Fixpak 5 ...)
	NOT-FOR-US: IBM DB2
CVE-2008-3856 (The routine infrastructure component in IBM DB2 9.1 before Fixpak 5, ...)
	NOT-FOR-US: IBM DB2
CVE-2008-3855 (Unspecified vulnerability in the DB2 Administration Server (DAS) in ...)
	NOT-FOR-US: IBM DB2
CVE-2008-3854 (Multiple stack-based buffer overflows in IBM DB2 9.1 before Fixpak 5 ...)
	NOT-FOR-US: IBM DB2
CVE-2008-3853 (Buffer overflow in the DAS server program in the Core DAS function ...)
	NOT-FOR-US: IBM DB2
CVE-2008-3852 (Unspecified vulnerability in the CLR stored procedure deployment from ...)
	NOT-FOR-US: IBM DB2
CVE-2008-3851 (Multiple directory traversal vulnerabilities in Pluck CMS 4.5.2 on ...)
	NOT-FOR-US: Pluck CMS
CVE-2008-3850 (Cross-site scripting (XSS) vulnerability in Accellion File Transfer ...)
	NOT-FOR-US: Accellion File Transfer
CVE-2008-3849 (Cross-site scripting (XSS) vulnerability in the calendar controller in ...)
	NOT-FOR-US: Civic Website Manager
CVE-2008-3848 (SQL injection vulnerability in single.php in Z-Breaknews 2.0 allows ...)
	NOT-FOR-US: Z-Breaknews
CVE-2008-3847 (Multiple cross-site scripting (XSS) vulnerabilities in AN Guestbook ...)
	NOT-FOR-US: AN Guestbook
CVE-2008-3846 (Cross-site scripting (XSS) vulnerability in mysql-lists 1.2 and ...)
	NOT-FOR-US: mysql-lists
CVE-2008-3845 (Multiple SQL injection vulnerabilities in Crafty Syntax Live Help ...)
	NOT-FOR-US: Crafty Syntax Live Help
CVE-2003-1564 (libxml2, possibly before 2.5.0, does not properly detect recursion ...)
	NOT-FOR-US: Old CVE id
CVE-2008-XXXX [nfdump vulnerable to symlink attacks]
	- nfdump 1.5.7-5 (bug #497452)
CVE-2008-3889 (Postfix 2.4 before 2.4.9, 2.5 before 2.5.5, and 2.6 before ...)
	- postfix 2.5.5-1 (low)
	[etch] - postfix <not-affected> (Vulnerable code not present)
	NOTE: http://www.postfix.org/announcements/20080902.html
CVE-2008-3908 (Multiple buffer overflows in Princeton WordNet (wn) 3.0 allow ...)
	{DSA-1634-1 DTSA-163-1}
	- wordnet 1:3.0-12 (medium; bug #497441)
	[lenny] - wordnet 3.0-11+lenny1
	[etch] - wordnet 1:2.1-4+etch1
	NOTE: 1:3.0-12 had a regression and the patch was slightly updated
	NOTE: by 1:3.0-13 to fix this bug
CVE-2008-3907 (The open-in-browser command in newsbeuter before 1.1 allows remote ...)
	{DTSA-164-1 DTSA-164-2}
	[lenny] - newsbeuter 0.9.1-1+lenny3
	- newsbeuter 1.2-1 (medium)
	NOTE: medium as versions < 1.0-1 didn't include a patch to wrap long article URLs so the
	NOTE: crafted part of the URL can be hidden. This of course only affects people not reading
	NOTE: articles in the built-in reader.
CVE-2008-3920 (Unspecified vulnerability in BitlBee before 1.2.2 allows remote ...)
	- bitlbee 1.2.2-1
	[etch] - bitlbee <not-affected> (1.0.x not affected)
CVE-2008-4978 (radiance 3R9+20080530 allows local users to overwrite arbitrary files ...)
	- radiance 3R9+20080530-4 (low; bug #496423)
CVE-2008-3844 (Certain Red Hat Enterprise Linux (RHEL) 4 and 5 packages for OpenSSH, ...)
	NOT-FOR-US: Red Hat services issue
CVE-2008-3843 (Request Validation (aka the ValidateRequest filters) in ASP.NET in ...)
	NOT-FOR-US: Microsoft .NET Framework
CVE-2008-3842 (Request Validation (aka the ValidateRequest filters) in ASP.NET in ...)
	NOT-FOR-US: Microsoft .NET Framework
CVE-2008-3841 (Cross-site scripting (XSS) vulnerability in admin/search_links.php in ...)
	NOT-FOR-US: Freeway eCommerce
CVE-2008-3840 (Crafty Syntax Live Help (CSLH) 2.14.6 and earlier stores passwords in ...)
	NOT-FOR-US: Crafty Syntax Live Help (CSLH)
CVE-2008-3839 (Unspecified vulnerability in the NFS module in the kernel in Sun ...)
	NOT-FOR-US: Solaris
CVE-2008-3838 (Unspecified vulnerability in the NFS Remote Procedure Calls (RPC) ...)
	NOT-FOR-US: Solaris
CVE-2008-3837 (Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, and SeaMonkey ...)
	{DSA-1697-1 DSA-1669-1 DSA-1649-1}
	- iceweasel 3.0.3-1 (low)
	- xulrunner 1.9.0.3-1 (low)
	- iceape 1.1.12-1 (low)
CVE-2008-3836 (feedWriter in Mozilla Firefox before 2.0.0.17 allows remote attackers ...)
	{DSA-1697-1 DSA-1669-1 DSA-1649-1}
	NOTE: Iceweasel 3.0 aka Xulrunner 1.9 not affected
	- iceweasel 3.0
	- xulrunner 1.9
CVE-2008-3835 (The nsXMLDocument::OnChannelRedirect function in Mozilla Firefox ...)
	{DSA-1697-1 DSA-1696-1 DSA-1669-1 DSA-1649-1}
	NOTE: Iceweasel 3.0 aka Xulrunner 1.9 not affected
	- xulrunner 1.9
	- iceweasel 3.0
	- iceape 1.1.12-1
	- icedove 2.0.0.17-1
CVE-2008-3834 (The dbus_signature_validate function in the D-bus library (libdbus) ...)
	{DSA-1658-1}
	- dbus 1.2.1-4 (bug #501443)
CVE-2008-3833 (The generic_file_splice_write function in fs/splice.c in the Linux ...)
	{DSA-1653-1}
	- linux-2.6 2.6.19-1
	- linux-2.6.24 <not-affected> (Fixed in upstream before 2.6.24)
CVE-2008-3832 (A certain Fedora patch for the utrace subsystem in the Linux kernel ...)
	- linux-2.6 <not-affected> (Fedora-specific patch)
	- linux-2.6.24 <not-affected> (Fedora-specific patch)
CVE-2008-3831 (The i915 driver in (1) drivers/char/drm/i915_dma.c in the Linux kernel ...)
	{DSA-1655-1}
	[etch] - linux-2.6 <not-affected> (Vulnerable code not present)
	- linux-2.6 2.6.26-9
CVE-2008-3830 (Condor before 7.0.5 does not properly handle when the configuration ...)
	- condor <itp> (bug #233482)
CVE-2008-3829 (Unspecified vulnerability in the condor_ schedd daemon in Condor ...)
	- condor <itp> (bug #233482)
CVE-2008-3828 (Stack-based buffer overflow in the condor_ schedd daemon in Condor ...)
	- condor <itp> (bug #233482)
CVE-2008-3827 (Multiple integer underflows in the Real demuxer (demux_real.c) in ...)
	{DSA-1644-1 DTSA-168-1}
	- mplayer 1.0~rc2-18 (medium; bug #500683)
	NOTE: http://www.ocert.org/advisories/ocert-2008-013.html
CVE-2008-3826 (Unspecified vulnerability in Condor before 7.0.5 allows attackers to ...)
	- condor <itp> (bug #233482)
CVE-2008-3825 (pam_krb5 2.2.14 in Red Hat Enterprise Linux (RHEL) 5 and earlier, when ...)
	NOT-FOR-US: Different code base than Debian's libpam-krb5
CVE-2008-3824 (Cross-site scripting (XSS) vulnerability in (1) ...)
	{DSA-1642-1 DTSA-165-1}
	- horde3 3.2.2+debian0-1 (low; bug #499579)
CVE-2008-3823 (Cross-site scripting (XSS) vulnerability in MIME/MIME/Contents.php in ...)
	{DSA-1642-1 DTSA-165-1}
	- horde3 3.2.2+debian0-1 (low; bug #499579)
CVE-2008-3822
	RESERVED
CVE-2008-3821 (Multiple cross-site scripting (XSS) vulnerabilities in the HTTP server ...)
	NOT-FOR-US: Cisco IOS
CVE-2008-3820 (Cisco Security Manager 3.1 and 3.2 before 3.2.2, when Cisco IPS Event ...)
	NOT-FOR-US: Cisco Security Manager
CVE-2008-3819 (dnsserver in Cisco Application Control Engine Global Site Selector ...)
	NOT-FOR-US: Cisco Application Control Engine Global Site Selector (GSS)
CVE-2008-3818 (Cisco ONS 15310-CL, 15310-MA, 15327, 15454, 15454 SDH, and 15600 with ...)
	NOT-FOR-US: Cisco ONS
CVE-2008-3817 (Memory leak in Cisco Adaptive Security Appliances (ASA) 5500 Series ...)
	NOT-FOR-US: Cisco
CVE-2008-3816 (Unspecified vulnerability in Cisco Adaptive Security Appliances (ASA) ...)
	NOT-FOR-US: Cisco
CVE-2008-3815 (Unspecified vulnerability in Cisco Adaptive Security Appliances (ASA) ...)
	NOT-FOR-US: Cisco
CVE-2008-3814 (Unspecified vulnerability in Cisco Unity 4.x before 4.2(1)ES161, 5.x ...)
	NOT-FOR-US: Cisco
CVE-2008-3813 (Unspecified vulnerability in Cisco IOS 12.2 and 12.4, when the L2TP ...)
	NOT-FOR-US: Cisco IOS
CVE-2008-3812 (Cisco IOS 12.4, when IOS firewall Application Inspection Control (AIC) ...)
	NOT-FOR-US: Cisco IOS
CVE-2008-3811 (Cisco IOS 12.2 and 12.4, when NAT Skinny Call Control Protocol (SCCP) ...)
	NOT-FOR-US: Cisco IOS
CVE-2008-3810 (Cisco IOS 12.2 and 12.4, when NAT Skinny Call Control Protocol (SCCP) ...)
	NOT-FOR-US: Cisco IOS
CVE-2008-3809 (Cisco IOS 12.0 through 12.4 on Gigabit Switch Router (GSR) devices ...)
	NOT-FOR-US: Cisco IOS
CVE-2008-3808 (Unspecified vulnerability in Cisco IOS 12.0 through 12.4 allows remote ...)
	NOT-FOR-US: Cisco IOS
CVE-2008-3807 (Cisco IOS 12.2 and 12.3 on Cisco uBR10012 series devices, when ...)
	NOT-FOR-US: Cisco IOS
CVE-2008-3806 (Cisco IOS 12.0 through 12.4 on Cisco 10000, uBR10012 and uBR7200 ...)
	NOT-FOR-US: Cisco IOS
CVE-2008-3805 (Cisco IOS 12.0 through 12.4 on Cisco 10000, uBR10012 and uBR7200 ...)
	NOT-FOR-US: Cisco IOS
CVE-2008-3804 (Unspecified vulnerability in the Multi Protocol Label Switching (MPLS) ...)
	NOT-FOR-US: Cisco IOS
CVE-2008-3803 (A &quot;logic error&quot; in Cisco IOS 12.0 through 12.4, when a Multiprotocol ...)
	NOT-FOR-US: Cisco IOS
CVE-2008-3802 (Unspecified vulnerability in the Session Initiation Protocol (SIP) ...)
	NOT-FOR-US: Cisco IOS
CVE-2008-3801 (Unspecified vulnerability in the Session Initiation Protocol (SIP) ...)
	NOT-FOR-US: Cisco IOS
CVE-2008-3800 (Unspecified vulnerability in the Session Initiation Protocol (SIP) ...)
	NOT-FOR-US: Cisco IOS
CVE-2008-3799 (Memory leak in the Session Initiation Protocol (SIP) implementation in ...)
	NOT-FOR-US: Cisco IOS
CVE-2008-3798 (Cisco IOS 12.4 allows remote attackers to cause a denial of service ...)
	NOT-FOR-US: Cisco IOS
CVE-2008-3797
	RESERVED
CVE-2008-3796 (Swfdec 0.6 before 0.6.8 allows remote attackers to cause a denial of ...)
	- swfdec0.6 0.6.8-1
CVE-2008-3795 (Buffer overflow in Ipswitch WS_FTP Home client allows remote FTP ...)
	NOT-FOR-US: WS_FTP Home
CVE-2008-3793
	RESERVED
CVE-2008-3792 (net/sctp/socket.c in the Stream Control Transmission Protocol (sctp) ...)
	{DSA-1636-1}
	- linux-2.6.24 2.6.24-6~etchnhalf.5
	- linux-2.6 2.6.26-4
	[etch] - linux-2.6 <not-affected>
CVE-2008-3788 (Multiple SQL injection vulnerabilities in PICTURESPRO Photo Cart 3.9, ...)
	NOT-FOR-US: PICTURESPRO Photo Cart 3.9
CVE-2008-3787 (SQL injection vulnerability in listing_view.php in Web Directory ...)
	NOT-FOR-US: Web Directory Script 
CVE-2008-3786 (Cross-site scripting (XSS) vulnerability in index.php in PICTURESPRO ...)
	NOT-FOR-US: PICTURESPRO Photo Cart 3.9
CVE-2008-3785 (Multiple SQL injection vulnerabilities in the com_content component in ...)
	NOT-FOR-US: MiaCMS
CVE-2008-3784 (SQL injection vulnerability in scrape.php in BtiTracker 1.4.7 and ...)
	NOT-FOR-US: BtiTracker
CVE-2008-3783 (Multiple SQL injection vulnerabilities in index.php in Matterdaddy ...)
	NOT-FOR-US: Matterdaddy Market
CVE-2008-3782 (Multiple cross-site scripting (XSS) vulnerabilities in admin/index.php ...)
	NOT-FOR-US: ACG-PTP
CVE-2008-3781 (Cross-site scripting (XSS) vulnerability in GMOD GBrowse before 1.69 ...)
	NOT-FOR-US: GMOD GBrowse
CVE-2008-3780 (SQL injection vulnerability in recommend.php in Five Star Review ...)
	NOT-FOR-US: Five Star Review Script 
CVE-2008-3779 (Cross-site scripting (XSS) vulnerability in search/index.php in Five ...)
	NOT-FOR-US: Five Star Review Script 
CVE-2008-3778 (The remote management interface in SIP Enablement Services (SES) ...)
	NOT-FOR-US: Avaya SIP Enablement Services
CVE-2008-3777 (The SIP Enablement Services (SES) Server in Avaya SIP Enablement ...)
	NOT-FOR-US: Avaya SIP Enablement Services
CVE-2008-3776 (Directory traversal vulnerability in Fujitsu Web-Based Admin View ...)
	NOT-FOR-US: Fujitsu Web-Based Admin View 
CVE-2008-3775 (Folder Lock 5.9.5 and earlier uses weak encryption (ROT-25) for the ...)
	NOT-FOR-US: Folder Lock
CVE-2008-3774 (SQL injection vulnerability in index.php in Simasy CMS allows remote ...)
	NOT-FOR-US: Simasy CMS
CVE-2008-3773 (Cross-site scripting (XSS) vulnerability in vBulletin 3.7.2 PL1 and ...)
	NOT-FOR-US: vBulletin
CVE-2008-3772 (SQL injection vulnerability in categories_portal.php in Pars4u ...)
	NOT-FOR-US:  Pars4u Videosharing
CVE-2008-3771 (Cross-site scripting (XSS) vulnerability in members.php in Pars4u ...)
	NOT-FOR-US:  Pars4u Videosharing
CVE-2008-3770 (Multiple directory traversal vulnerabilities in Freeway 1.4.1.171, ...)
	NOT-FOR-US: Freeway
CVE-2008-3769 (PHP remote file inclusion vulnerability in admin/create_order_new.php ...)
	NOT-FOR-US: Freeway
CVE-2008-3768 (Multiple SQL injection vulnerabilities in class.ajax.php in Turnkey ...)
	NOT-FOR-US: Turnkey Web Tools SunShop Shopping Cart 
CVE-2008-3767 (SQL injection vulnerability in classified.php in phpBazar 2.0.2 allows ...)
	NOT-FOR-US: phpBazar
CVE-2008-3766 (Realtime Internet Band Rehearsal Low-Latency (Internet) Connection ...)
	NOT-FOR-US: Realtime Internet Band Rehearsal Low-Latency (Internet) Connection tool (llcon)
CVE-2008-3765 (SQL injection vulnerability in code.php in Quick Poll Script allows ...)
	NOT-FOR-US: Quick Poll Script
CVE-2008-3764 (Eval injection vulnerability in globalsoff.php in Turnkey PHP Live ...)
	NOT-FOR-US: Turnkey PHP Live Helper
CVE-2008-3763 (Variable overwrite vulnerability in libsecure.php in Turnkey PHP Live ...)
	NOT-FOR-US: Turnkey PHP Live Helper
CVE-2008-3762 (SQL injection vulnerability in onlinestatus_html.php in Turnkey PHP ...)
	NOT-FOR-US: Turnkey PHP Live Helper
CVE-2008-3761 (hcmon.sys in VMware Workstation 6.0.0.45731 uses the METHOD_NEITHER ...)
	NOT-FOR-US: VMware Workstation
	NOTE: we only share a package to build VMware
CVE-2008-3760 (Cross-site request forgery (CSRF) vulnerability in the sign-out page ...)
	NOT-FOR-US: Vanilla
CVE-2008-3759 (Cross-site request forgery (CSRF) vulnerability in ...)
	NOT-FOR-US: Vanilla
CVE-2008-3758 (Multiple cross-site scripting (XSS) vulnerabilities in Lussumo Vanilla ...)
	NOT-FOR-US: Vanilla
CVE-2008-3757 (SQL injection vulnerability in tr1.php in YourFreeWorld Forced Matrix ...)
	NOT-FOR-US: YourFreeWorld
CVE-2008-3756 (SQL injection vulnerability in tr.php in YourFreeWorld Viral Marketing ...)
	NOT-FOR-US: YourFreeWorld
CVE-2008-3755 (SQL injection vulnerability in view.php in YourFreeWorld Classifieds ...)
	NOT-FOR-US: YourFreeWorld
CVE-2008-3754 (SQL injection vulnerability in trl.php in YourFreeWorld Stylish Text ...)
	NOT-FOR-US: YourFreeWorld
CVE-2008-3753 (SQL injection vulnerability in details.php in YourFreeWorld Programs ...)
	NOT-FOR-US: YourFreeWorld
CVE-2008-3752 (SQL injection vulnerability in tr.php in YourFreeWorld Ad-Exchange ...)
	NOT-FOR-US: YourFreeWorld
CVE-2008-3751 (SQL injection vulnerability in tr.php in YourFreeWorld Short Url &amp; Url ...)
	NOT-FOR-US: YourFreeWorld
CVE-2008-3750 (SQL injection vulnerability in tr.php in YourFreeWorld URL Rotator ...)
	NOT-FOR-US: YourFreeWorld
CVE-2008-3749 (SQL injection vulnerability in tr.php in Banner Management Script ...)
	NOT-FOR-US: Banner Management Script
CVE-2008-3748 (SQL injection vulnerability in view_group.php in Active PHP Bookmarks ...)
	NOT-FOR-US: Active PHP Bookmarks
CVE-2008-4952 (emacs-jabber in emacs-jabber 0.7.91 allows local users to overwrite ...)
	- emacs-jabber 0.7.91-2 (low; bug #496428)
	[etch] - emacs-jabber <no-dsa> (Minor issue)
CVE-2008-4987 (xastir 1.9.2 allows local users to overwrite arbitrary files via a ...)
	- xastir 1.9.2-1.1 (low; bug #496383)
	[etch] - xastir <no-dsa> (Minor issue)
CVE-2008-4477 (alert.d/test.alert in mon 0.99.2 allows local users to overwrite ...)
	{DSA-1648-1}
	- mon 0.99.2-13 (medium; bug #496398)
CVE-2008-3790 (The REXML module in Ruby 1.8.6 through 1.8.6-p287, 1.8.7 through ...)
	{DSA-1652-1 DSA-1651-1}
	- ruby1.8 1.8.7.72-1 (bug #496808)
	- ruby1.9 1.9.0.2-6 (bug #497610)
CVE-2008-4939 (apertium 3.0.7 allows local users to overwrite arbitrary files via a ...)
	- apertium 3.0.7+1-1.1 (low; bug #496395)
	[etch] - apertium <no-dsa> (Minor issue)
CVE-2008-4946 (convirt 0.8.2 allows local users to overwrite arbitrary files via a ...)
	- convirt <unfixed> (medium; bug #496419)
CVE-2008-4942 (audiolink in audiolink 0.05 allows local users to overwrite arbitrary ...)
	- audiolink 0.05-1.1 (low; bug #496433)
	[etch] - audiolink <no-dsa> (Minor issue)
CVE-2008-4968 (The (1) rccs and (2) STUFF scripts in lmbench 3.0-a7 allow local users ...)
	- lmbench <unfixed> (low; bug #496427)
	[etch] - lmbench <no-dsa> (Non-free not supported)
CVE-2008-4975 (mkmailpost in newsgate 1.6 allows local users to overwrite arbitrary ...)
	- newsgate <removed> (low; bug #496437)
	[etch] - newsgate <no-dsa> (Non-free not supported)
CVE-2008-4973 (i2myspell in myspell 3.1 allows local users to overwrite arbitrary ...)
	- myspell 1:3.0+pre3.1-21 (low; bug #496392)
	[etch] - myspell <no-dsa> (Minor issue)
CVE-2008-4976 (ogle 0.9.2 and ogle-mmx 0.9.2 allow local users to overwrite arbitrary ...)
	- ogle <unfixed> (unimportant; bug #496420; bug #496425)
	NOTE: This only affects debugging scripts not present in standard path
CVE-2008-3789 (Samba 3.2.0 uses weak permissions (0666) for the (1) group_mapping.tdb ...)
	{DTSA-161-1}
	- samba 2:3.2.3-1 (bug #496073; medium)
	[etch] - samba <not-affected> (Only affects Samba 3.2.x)
CVE-2008-XXXX [insecure temp file in nvi]
	- nvi 1.81.6-4 (low; bug #496462)
	[etch] - nvi <no-dsa> (Minor issue, only exploitable in postinst)
CVE-2008-4982 (rkhunter in rkhunter 1.3.2 allows local users to overwrite arbitrary ...)
	- rkhunter 1.3.2-6 (low; bug #496375)
	[etch] - rkhunter <no-dsa> (Minor issue, only in debug mode)
CVE-2008-4984 (scratchbox2 1.99.0.24 allows local users to overwrite arbitrary files ...)
	- scratchbox2 1.99.0.24-2 (low; bug #496409)
CVE-2008-4981 (perl.robot in realtimebattle 1.0.8 allows local users to overwrite ...)
	- realtimebattle 1.0.8-8 (low; bug #496385)
	[etch] - realtimebattle <no-dsa> (Minor issue)
CVE-2008-4972 (mailgo in mgt 2.31 allows local users to overwrite arbitrary files via ...)
	- mgt 2.31-6 (low; bug #496434)
	[etch] - mgt <no-dsa> (Minor issue)
CVE-2008-4998 (** DISPUTED ** ...)
	- twiki 1:4.1.2-4 (low; bug #494648)
CVE-2008-4971 (mafft-homologs in mafft 6.240 allows local users to overwrite ...)
	- mafft 6.240-2 (low; bug #496366)
CVE-2008-4993 (qemu-dm.debug in Xen 3.2.1 allows local users to overwrite arbitrary ...)
	- xen-3 <unfixed> (low; bug #496367)
	[etch] - xen-3 <no-dsa> (Minor issue)
CVE-2008-4936 (faxspool in mgetty 1.1.36 allows local users to overwrite arbitrary ...)
	- mgetty 1.1.36-1.3 (low; bug #496403)
	[etch] - mgetty <no-dsa> (Minor issue)
CVE-2008-4476 (sympa.pl in sympa 5.3.4 allows local users to overwrite arbitrary ...)
	- sympa 5.3.4-5.1 (low; bug #496405; bug #494969)
	[etch] - sympa <no-dsa> (Minor issues)
CVE-2008-XXXX [sng: insecure temp file]
	- sng 1.0.2-6 (low; bug #496407)
	[etch] - sng <no-dsa> (Minor issue)
CVE-2008-4935 (asciiview in aview 1.3.0 allows local users to overwrite arbitrary ...)
	- aview 1.3.0rc1-8.1 (low; bug #496422)
	[etch] - aview <no-dsa> (Minor issue)
CVE-2008-4956 (fwb_install in fwbuilder 2.1.19 allows local users to overwrite ...)
	- fwbuilder 2.1.19-5 (low; bug #496406)
	[etch] - fwbuilder <no-dsa> (Minor issue)
CVE-2008-4440 (The to-upgrade plugin in feta 1.4.16 allows local users to overwrite ...)
	{DSA-1643-1}
	- feta 1.4.16+nmu1 (low; bug #496397)
CVE-2008-4977 (** DISPUTED ** ...)
	- postfix <unfixed> (unimportant; bug #496401)
	NOTE: Not enabled by default, needs manual modification of a script
CVE-2008-4944 (writtercontrol in cdcontrol 1.90 allows local users to overwrite ...)
	- cdcontrol <removed> (low; bug #496438)
	[etch] - cdcontrol <no-dsa> (Minor issue)
CVE-2008-XXXX [sgml2x: insecure temp file]
	- sgml2x 1.0.0-11.2 (low; bug #496368)
	[etch] - sgml2x <no-dsa> (Minor issue)
CVE-2008-4951 (dtc 0.29.6 allows local users to overwrite arbitrary files via a ...)
	- dtc 0.29.10-1 (low; bug #496362)
CVE-2008-4994 (The (1) ncsarmt and (2) ncsawrap scripts in xmcd 2.6 allows local ...)
	- xmcd 2.6-21 (low; bug #496416)
	[etch] - xmcd <no-dsa> (Minor issue)
CVE-2008-4988 (pscal in xcal 4.1 allows local users to overwrite arbitrary files via ...)
	- xcal 4.1-19 (low; bug #496393)
	[etch] - xcal <no-dsa> (Minor issue)
CVE-2008-3791 (src/main-win.c in GPicView 0.1.9 in Lightweight X11 Desktop ...)
	- gpicview 0.1.9-2 (low; bug #495968)
	NOTE: http://sourceforge.net/tracker/index.php?func=detail&aid=2019481&group_id=180858&atid=894869
CVE-2008-XXXX [Overwrite symlink without check]
	- gpicview 0.1.10-1 (unimportant; bug #497005)
	NOTE: http://sourceforge.net/tracker/index.php?func=detail&aid=2019485&group_id=180858&atid=894869
	NOTE: CVE id requested
	NOTE: non-issue, not exploitable by other users
CVE-2008-XXXX [Overwrite certain images without notice]
	- gpicview 0.1.10-1 (unimportant; bug #497005)
	NOTE: http://sourceforge.net/tracker/index.php?func=detail&aid=2019492&group_id=180858&atid=894869
	NOTE: non-issue, not exploitable by other users
	NOTE: CVE id requested
CVE-2008-4937 (senddoc in OpenOffice.org (OOo) 2.4.1 allows local users to overwrite ...)
	- openoffice.org 1:2.4.1-8 (low; bug #496361)
	[etch] - openoffice.org <not-affected> (Vulnerable code not present)
	NOTE: also not present in 3.0.0, only in 2.4.1. Fix pending upload.
CVE-2008-4979 (getipacctg in rancid 2.3.2~a8 allows local users to overwrite ...)
	- rancid 2.3.2~a8-2 (low; bug #496426)
	[etch] - rancid <no-dsa> (Minor issue)
CVE-2008-4985 (vdrleaktest in vdr 1.6.0 allows local users to overwrite arbitrary ...)
	- vdr 1.6.0-6 (low; bug #496421)
	[etch] - vdr <not-affected> (Vulnerable code not present)
CVE-2008-5007 (create_lazarus_export_tgz.sh in lazarus 0.9.24 allows local users to ...)
	- lazarus 0.9.24-0-11 (unimportant; bug #496377)
	NOTE: vulnerable script only called when updating the source
	NOTE: thus neither actively used nor invoked automatically
CVE-2008-3794 (Integer signedness error in the mms_ReceiveCommand function in ...)
	{DTSA-166-1}
	- vlc 0.8.6.h-4 (medium; bug #496265)
CVE-2008-3747 (The (1) get_edit_post_link and (2) get_edit_comment_link functions in ...)
	- wordpress 2.5.1-6 (low; bug #497216)
	NOTE: not so sure about etch. It contains this code but doesn't have the force-ssl
	NOTE: mechanism in the first place.
CVE-2008-3746 (neon 0.28.0 through 0.28.2 allows remote servers to cause a denial of ...)
	- neon27 0.28.2-4
CVE-2008-3739 (Cross-site scripting (XSS) vulnerability in (1) System Consultants ...)
	NOT-FOR-US: La!Cooda WIZ
CVE-2008-3738 (Session fixation vulnerability in SpaceTag LacoodaST 2.1.3 and earlier ...)
	NOT-FOR-US: SpaceTag LacoodaST
CVE-2008-3737 (Unspecified vulnerability in (1) System Consultants La!Cooda WIZ 1.4.0 ...)
	NOT-FOR-US: La!Cooda WIZ
CVE-2008-3736 (Multiple cross-site request forgery (CSRF) vulnerabilities in (1) ...)
	NOT-FOR-US: La!Cooda WIZ
CVE-2008-3735 (Cross-site scripting (XSS) vulnerability in index.php in PHPizabi ...)
	NOT-FOR-US: PHPizabi
CVE-2008-3734 (Format string vulnerability in Ipswitch WS_FTP Home 2007.0.0.2 and ...)
	NOT-FOR-US: WS_FTP Home
CVE-2008-3733 (Stack-based buffer overflow in EO Video (eo-video) 1.36 allows remote ...)
	NOT-FOR-US: EO Video
CVE-2008-3732 (Integer overflow in the Open function in modules/demux/tta.c in VLC ...)
	{DTSA-166-1}
	- vlc 0.8.6.h-2
CVE-2008-3731 (Unspecified vulnerability in Serv-U File Server 7.x before 7.2.0.1 ...)
	NOT-FOR-US: Serv-U File
CVE-2008-3730 (Cross-site scripting (XSS) vulnerability in Nordicwind Document ...)
	NOT-FOR-US: NOAH
CVE-2008-3729 (Web Based Administration in MicroWorld Technologies MailScan 5.6.a ...)
	NOT-FOR-US: MicroWorld Technologies MailScan
CVE-2008-3728 (Web Based Administration in MicroWorld Technologies MailScan 5.6.a ...)
	NOT-FOR-US: MicroWorld Technologies MailScan
CVE-2008-3727 (Directory traversal vulnerability in Web Based Administration in ...)
	NOT-FOR-US: MicroWorld Technologies MailScan
CVE-2008-3726 (Cross-site scripting (XSS) vulnerability in Web Based Administration ...)
	NOT-FOR-US: MicroWorld Technologies MailScan
CVE-2008-3725 (SQL injection vulnerability in trr.php in YourFreeWorld Ad Board ...)
	NOT-FOR-US: YourFreeWorld Ad Board Script
CVE-2008-3724 (SQL injection vulnerability in index.php in Papoo before 3.7.2 allows ...)
	NOT-FOR-US: Papoo
CVE-2008-3723 (Directory traversal vulnerability in index.php in PHPizabi 0.848b C1 ...)
	NOT-FOR-US: PHPizabi
CVE-2008-3722 (SQL injection vulnerability in forum/neu.asp in fipsCMS 2.1 allows ...)
	NOT-FOR-US: fipsCMS
CVE-2008-3721 (PHP remote file inclusion vulnerability in user_language.php in DeeEmm ...)
	NOT-FOR-US: DeeEmm CMS
CVE-2008-3720 (SQL injection vulnerability in index.php in DeeEmm CMS (DMCMS) 0.7.4 ...)
	NOT-FOR-US: DeeEmm CMS
CVE-2008-3719 (SQL injection vulnerability in directory.php in SFS Affiliate ...)
	NOT-FOR-US: SFS Affiliate Directory
CVE-2008-3718 (Multiple SQL injection vulnerabilities in cyberBB 0.6 allow remote ...)
	NOT-FOR-US: cyberBB
CVE-2008-3717 (Harmoni before 1.6.0 does not require administrative privileges to ...)
	NOT-FOR-US: Harmoni
CVE-2008-3716 (Cross-site request forgery (CSRF) vulnerability in Harmoni before ...)
	NOT-FOR-US: Harmoni
CVE-2008-3715 (Cross-site scripting (XSS) vulnerability in ...)
	NOT-FOR-US: FlexCMS
CVE-2008-3714 (Cross-site scripting (XSS) vulnerability in awstats.pl in AWStats 6.8 ...)
	{DSA-1679-1}
	- awstats 6.7.dfsg-5.1 (bug #495432; low)
	NOTE: upstream bug 2001151
CVE-2008-3713 (SQL injection vulnerability in product.php in PHPBasket allows remote ...)
	NOT-FOR-US: PHPBasket
CVE-2008-3712 (Multiple cross-site scripting (XSS) vulnerabilities in Mambo 4.6.2 and ...)
	NOT-FOR-US: Mambo
CVE-2008-3711 (SQL injection vulnerability in index.php in PHPArcadeScript (PHP ...)
	NOT-FOR-US: PHPArcadeScript
CVE-2008-3710 (Multiple directory traversal vulnerabilities in CyBoards PHP Lite 1.21 ...)
	NOT-FOR-US: CyBoards PHP Lite
CVE-2008-3709 (Multiple cross-site scripting (XSS) vulnerabilities in CyBoards PHP ...)
	NOT-FOR-US: CyBoards PHP Lite
CVE-2008-3708 (Multiple directory traversal vulnerabilities in dotCMS 1.6.0.9 allow ...)
	NOT-FOR-US: dotCMS
CVE-2008-3707 (Multiple PHP remote file inclusion vulnerabilities in CyBoards PHP ...)
	NOT-FOR-US: CyBoards PHP Lite
CVE-2008-3706 (SQL injection vulnerability in bannerclick.php in ZEEJOBSITE 2.0 ...)
	NOT-FOR-US: ZEEJOBSITE
CVE-2008-3705 (Stack-based buffer overflow in the CLogger::WriteFormated function in ...)
	NOT-FOR-US:  EchoVNC Linux
CVE-2008-3704 (Heap-based buffer overflow in the MaskedEdit ActiveX control in ...)
	NOT-FOR-US: Msmask32.ocx
CVE-2008-3703 (The management console in the Volume Manager Scheduler Service (aka ...)
	NOT-FOR-US: Symantec Veritas Storage Foundation
CVE-2008-3702 (Multiple stack-based buffer overflows in the Animation GIF ActiveX ...)
	NOT-FOR-US:  SpeedBit Download Accelerator Plus
CVE-2008-3701 (SQL injection vulnerability in staff/index.php in Kayako SupportSuite ...)
	NOT-FOR-US: Kayako SupportSuite
CVE-2008-3700 (Multiple cross-site scripting (XSS) vulnerabilities in Kayako ...)
	NOT-FOR-US: Kayako SupportSuite
CVE-2008-3698 (Unspecified vulnerability in the OpenProcess function in VMware ...)
	- vmware-package <not-affected> (Only vulnerable on windows hosted systems)
CVE-2008-3697 (An unspecified ISAPI extension in VMware Server before 1.0.7 build ...)
	NOT-FOR-US: VMware Server on Windows
CVE-2008-3696 (Unspecified vulnerability in a certain ActiveX control in VMware ...)
	- vmware-package <not-affected> (Only vulnerable on windows hosted systems)
CVE-2008-3695 (Unspecified vulnerability in a certain ActiveX control in VMware ...)
	- vmware-package <not-affected> (Only vulnerable on windows hosted systems)
CVE-2008-3694 (Unspecified vulnerability in a certain ActiveX control in VMware ...)
	- vmware-package <not-affected> (Only vulnerable on windows hosted systems)
CVE-2008-3693 (Unspecified vulnerability in a certain ActiveX control in VMware ...)
	- vmware-package <not-affected> (Only vulnerable on windows hosted systems)
CVE-2008-3692 (Unspecified vulnerability in a certain ActiveX control in VMware ...)
	- vmware-package <not-affected> (Only vulnerable on windows hosted systems)
CVE-2008-3691 (Unspecified vulnerability in a certain ActiveX control in VMware ...)
	- vmware-package <not-affected> (Only vulnerable on windows hosted systems)
CVE-2008-3690
	RESERVED
CVE-2008-3689
	RESERVED
CVE-2008-3688 (sockethandler.cpp in HTTP Antivirus Proxy (HAVP) 0.88 allows remote ...)
	{DTSA-159-1}
	- havp 0.88-1.1 (bug #496034)
CVE-2008-3687 (Heap-based buffer overflow in the flask_security_label function in Xen ...)
	- xen-3 <not-affected> (Not compiled with XSM:FLASK)
CVE-2008-3686 (The rt6_fill_node function in net/ipv6/route.c in Linux kernel ...)
	- linux-2.6.24 <not-affected> (Vulnerable code was introduced in 2.6.26)
	- linux-2.6 2.6.26-5
	[etch] - linux-2.6 <not-affected> (Vulnerable code was introduced in 2.6.26)
CVE-2008-3685
	RESERVED
CVE-2008-3684
	RESERVED
CVE-2008-3683 (Unspecified vulnerability in the FTP subsystem in Sun Java System Web ...)
	NOT-FOR-US: Sun Java System Web Proxy Server
CVE-2008-3682 (SQL injection vulnerability in dpage.php in YPN PHP Realty allows ...)
	NOT-FOR-US: YPN PHP Realty
CVE-2008-3681 (components/com_user/models/reset.php in Joomla! 1.5 through 1.5.5 does ...)
	NOT-FOR-US: Joomla
CVE-2008-3680 (The decryption function in Flagship Industries Ventrilo 3.0.2 and ...)
	NOT-FOR-US: Flagship Industries Ventrilo
CVE-2008-3679 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...)
	NOT-FOR-US: IDevSpot PhpLinkExchange
CVE-2008-3678 (Cross-site scripting (XSS) vulnerability in admin/search_links.php in ...)
	NOT-FOR-US: Freeway
CVE-2008-3677 (Directory traversal vulnerability in ...)
	NOT-FOR-US: Freeway
CVE-2008-3676 (Unspecified vulnerability in the IMAP server in hMailServer 4.4.1 ...)
	NOT-FOR-US: hMailServer
CVE-2008-3675 (Directory traversal vulnerability in classes/imgsize.php in Gelato ...)
	NOT-FOR-US: Gelato
CVE-2008-3674 (SQL injection vulnerability in ugroups.php in PozScripts TubeGuru ...)
	NOT-FOR-US: PozScripts TubeGuru Video Sharing Script
CVE-2008-3673 (SQL injection vulnerability in browsecats.php in PozScripts Classified ...)
	NOT-FOR-US:  PozScripts Classified Ads
CVE-2008-3672 (SQL injection vulnerability in showcategory.php in PozScripts ...)
	NOT-FOR-US:  PozScripts Classified Ads
CVE-2008-3671 (Acronis True Image Echo Server 9.x build 8072 on Linux does not ...)
	NOT-FOR-US: Echo Server
CVE-2008-3670 (SQL injection vulnerability in authordetail.php in Article Friendly ...)
	NOT-FOR-US: Article Friendly Pro
CVE-2008-3669 (SQL injection vulnerability in comments.php in ZeeScripts Reviews ...)
	NOT-FOR-US: ZeeScripts Reviews Opinions Rating Posting Engine Web-Site PHP
CVE-2008-3668 (Multiple cross-site scripting (XSS) vulnerabilities in the Yogurt ...)
	NOT-FOR-US: XOOPS
CVE-2008-3667 (Stack-based buffer overflow in Maxthon Browser 2.0 and earlier allows ...)
	NOT-FOR-US: Maxthon Browser
CVE-2006-7233 (Cross-site scripting (XSS) vulnerability in the login form (login.jsp) ...)
	NOT-FOR-US: Openfire
CVE-2005-4877 (Cross-site scripting (XSS) vulnerability in the login form (login.jsp) ...)
	NOT-FOR-US: Openfire
CVE-2005-4876 (Cross-site scripting (XSS) vulnerability in the login form (login.jsp) ...)
	NOT-FOR-US: Openfire
CVE-2003-1563 (Sun Cluster 2.2 through 3.2 for Oracle Parallel Server / Real ...)
	NOT-FOR-US: Oracle
CVE-2008-3699 (The MagnatuneBrowser::listDownloadComplete function in ...)
	- amarok 1.4.10-1 (unimportant; bug #494765)
	NOTE: The code in question doesn't dereference the symlink, tested with Etch
	NOTE: and Lenny. Given that it only takes a minute to test this, it's surprising
	NOTE: that at least one vendor issued an advisory and upstream pushed a new release...
CVE-2008-3740 (Cross-site scripting (XSS) vulnerability in the output filter in ...)
	{DTSA-156-1}
	- drupal5 5.10-1 (low; bug #495122)
	- drupal-4.7 <removed>
CVE-2008-3741 (The private filesystem in Drupal 5.x before 5.10 and 6.x before 6.4 ...)
	{DTSA-156-1}
	- drupal5 5.10-1 (low; bug #495122)
	- drupal-4.7 <removed>
CVE-2008-3742 (Unrestricted file upload vulnerability in the BlogAPI module in Drupal ...)
	{DTSA-156-1}
	- drupal5 5.10-1 (medium; bug #495122)
	- drupal-4.7 <removed>
CVE-2008-3743 (Multiple cross-site request forgery (CSRF) vulnerabilities in forms in ...)
	{DTSA-156-1}
	- drupal5 <not-affected> (Vulnerable code not present)
	- drupal-4.7 <removed>
CVE-2008-3744 (Multiple cross-site request forgery (CSRF) vulnerabilities in Drupal ...)
	{DTSA-156-1}
	- drupal5 5.10-1 (low; bug #495122)
	- drupal-4.7 <removed>
CVE-2008-3745 (The Upload module in Drupal 6.x before 6.4 allows remote authenticated ...)
	{DTSA-156-1}
	- drupal5 <not-affected> (Vulnerable code only present in 6.x)
	- drupal-4.7 <removed>
CVE-2008-3666 (Unspecified vulnerability in Sun Solaris 10 and OpenSolaris before ...)
	NOT-FOR-US: Sun Solaris 10
CVE-2008-3665
	RESERVED
CVE-2008-3664 (Multiple cross-site scripting (XSS) vulnerabilities in XRMS allow ...)
	NOT-FOR-US: XRMS
CVE-2008-3663 (Squirrelmail 1.4.15 does not set the secure flag for the session ...)
	- squirrelmail 2:1.4.15-3 (low; bug #499942)
	[etch] - squirrelmail <no-dsa> (less important and fix changes behaviour)
	NOTE: only relevant for installations that are also offered over http
	NOTE: which isn't normally a good idea anyway. Fixing in stable will
	NOTE: change behaviour so not really suited for DSA.
CVE-2008-3662 (Gallery before 1.5.9, and 2.x before 2.2.6, does not set the secure ...)
	- gallery 1.5.9-1
	- gallery2 2.2.6-1
CVE-2008-3661 (Drupal, probably 5.10 and 6.4, does not set the secure flag for the ...)
	- drupal5 5.10-2 (low; bug #501063)
	- drupal6 6.4-2 (low; bug #501058)
	NOTE: drupal upstreams advise the users to set session.cookie_secure in the php configuration
	NOTE: to fix this has been documented in README.Debian
CVE-2008-3660 (PHP 4.4.x before 4.4.9, and 5.x through 5.2.6, when used as a FastCGI ...)
	{DSA-1647-1}
	- php5 5.2.6-4 (medium)
	- php4 <removed>
	NOTE: *not* duplicate after all, needs review
	NOTE: http://cvs.php.net/viewvc.cgi/php-src/sapi/cgi/cgi_main.c?r1=1.267.2.15.2.57&r2=1.267.2.15.2.58&view=patch
CVE-2008-3659 (Buffer overflow in the memnstr function in PHP 4.4.x before 4.4.9 and ...)
	{DSA-1647-1}
	- php4 <removed>
	- php5 5.2.6-4 (medium)
	NOTE: php5 -d memory_limit=256M -r '$res = explode(str_repeat("A",145999999),1);'
	NOTE: (From upstream's ext/standard/tests/strings/explode_bug.phpt)
	NOTE: could not reproduce locally
	NOTE: fix in pkg-php svn for both etch and sid
CVE-2008-3658 (Buffer overflow in the imageloadfont function in ext/gd/gd.c in PHP ...)
	{DSA-1647-1}
	- php4 <removed>
	- php5 5.2.6-4 (medium)
	NOTE: fix in pkg-php svn for both etch and sid
CVE-2008-3657 (The dl module in Ruby 1.8.5 and earlier, 1.8.6 through 1.8.6-p286, ...)
	{DSA-1652-1 DSA-1651-1}
	- ruby1.8 1.8.7.72-1 (bug #494401)
	- ruby1.9 1.9.0.2-6 (bug #494402)
	NOTE: http://www.ruby-lang.org/en/news/2008/08/08/multiple-vulnerabilities-in-ruby/
CVE-2008-3656 (Algorithmic complexity vulnerability in ...)
	{DSA-1652-1 DSA-1651-1}
	- ruby1.8 1.8.7.72-1 (bug #494401)
	- ruby1.9 1.9.0.2-6 (bug #494402)
	NOTE: http://www.ruby-lang.org/en/news/2008/08/08/multiple-vulnerabilities-in-ruby/
CVE-2008-3655 (Ruby 1.8.5 and earlier, 1.8.6 through 1.8.6-p286, 1.8.7 through ...)
	{DSA-1652-1 DSA-1651-1}
	- ruby1.8 1.8.7.72-1 (bug #494401)
	- ruby1.9 1.9.0.2-6 (bug #494402)
	NOTE: http://www.ruby-lang.org/en/news/2008/08/08/multiple-vulnerabilities-in-ruby/
CVE-2008-3654 (Unspecified vulnerability in TikiWiki CMS/Groupware before 2.0 allows ...)
	- tikiwiki <removed>
CVE-2008-3653 (Multiple unspecified vulnerabilities in TikiWiki CMS/Groupware before ...)
	- tikiwiki <removed>
CVE-2008-3652 (src/racoon/handler.c in racoon in ipsec-tools does not remove an ...)
	- ipsec-tools 0.7.1-1.2 (low; bug #501026)
	[etch] - ipsec-tools <no-dsa> (Minor issue)
	NOTE: attacker needs to be authenticated, see https://bugzilla.redhat.com/show_bug.cgi?id=456660
CVE-2008-3651 (Memory leak in racoon/proposal.c in the racoon daemon in ipsec-tools ...)
	- ipsec-tools 1:0.7.1-1 (low; bug #495214)
	[etch] - ipsec-tools <no-dsa> (Minor issue)
CVE-2008-3650 (Multiple unspecified vulnerabilities in Horde Groupware Webmail before ...)
	- horde3 3.2.1+debian0-1 (low; bug #495332)
	- turba2 2.2.1-1
	[etch] - turba2 <not-affected> (Vulnerable code not present)
	[etch] - horde3 <no-dsa> (Minor issue, dup of CVE-2008-3330)
	NOTE: this is actually two issues:
	NOTE: - one a dup of CVE-2008-3330 in horde3
	NOTE: - another an issue in turba2
CVE-2008-3649 (SQL injection vulnerability in categorydetail.php in Article Friendly ...)
	NOT-FOR-US: Article Friendly Standard
CVE-2008-3648 (nslookup.exe in Microsoft Windows XP SP2 allows user-assisted remote ...)
	NOT-FOR-US: Microsoft Windows
CVE-2008-3647 (Buffer overflow in PSNormalizer in Mac OS X 10.4.11 and 10.5.5 allows ...)
	NOT-FOR-US: Mac OS
CVE-2008-3646 (The Postfix configuration file in Mac OS X 10.5.5 causes Postfix to be ...)
	NOT-FOR-US: MacOS-only problem
CVE-2008-3645 (Heap-based buffer overflow in the local IPC component in the ...)
	NOT-FOR-US: Mac OS
CVE-2008-3644 (Apple Safari before 3.2 does not properly prevent caching of form data ...)
	NOT-FOR-US: Apple Safari
CVE-2008-3643 (Unspecified vulnerability in Finder in Mac OS X 10.5.5 allows ...)
	NOT-FOR-US: Mac OS
CVE-2008-3642 (Buffer overflow in ColorSync in Mac OS X 10.4.11 and 10.5.5 allows ...)
	NOT-FOR-US: Mac OS
CVE-2008-3641 (The Hewlett-Packard Graphics Language (HPGL) filter in CUPS before ...)
	{DSA-1656-1}
	- cupsys <removed>
	- cups 1.3.8-1lenny2 (medium)
CVE-2008-3640 (Integer overflow in the WriteProlog function in texttops in CUPS ...)
	{DSA-1656-1}
	- cupsys <removed>
	- cups 1.3.8-1lenny2 (medium)
CVE-2008-3639 (Heap-based buffer overflow in the read_rle16 function in imagetops in ...)
	{DSA-1656-1}
	- cupsys <removed>
	- cups 1.3.8-1lenny2 (medium)
CVE-2008-3638 (Java on Apple Mac OS X 10.5.4 and 10.5.5 does not prevent applets from ...)
	NOT-FOR-US: Mac OSX
CVE-2008-3637 (The Hash-based Message Authentication Code (HMAC) provider in Java on ...)
	NOT-FOR-US: Mac OSX
CVE-2008-3636 (Integer overflow in the IopfCompleteRequest API in the kernel in ...)
	NOT-FOR-US: Apple iTunes
CVE-2008-3635 (Stack-based buffer overflow in QuickTimeInternetExtras.qtx in an ...)
	NOT-FOR-US: Apple Quick Times
CVE-2008-3634 (Apple iTunes before 8.0 on Mac OS X 10.4.11, when iTunes Music Sharing ...)
	NOT-FOR-US: Apple iTunes
CVE-2008-3633
	RESERVED
CVE-2008-3632 (Use-after-free vulnerability in WebKit in Apple iPod touch 1.1 through ...)
	- webkit 1.0.1-4 (bug #499771)
	TODO: check other packages using webkit
CVE-2008-3631 (Application Sandbox in Apple iPod touch 2.0 through 2.0.2, and iPhone ...)
	NOT-FOR-US: Apple iPod
CVE-2008-3630 (mDNSResponder in Apple Bonjour for Windows before 1.0.5, when an ...)
	NOT-FOR-US: Apple Bonjour
CVE-2008-3629 (Apple QuickTime before 7.5.5 allows remote attackers to cause a denial ...)
	NOT-FOR-US: Apple QuickTime
CVE-2008-3628 (Apple QuickTime before 7.5.5 on Windows allows remote attackers to ...)
	NOT-FOR-US: Apple QuickTime
CVE-2008-3627 (Apple QuickTime before 7.5.5 does not properly handle (1) MDAT atoms ...)
	NOT-FOR-US: Apple QuickTime
CVE-2008-3626 (The CallComponentFunctionWithStorage function in Apple QuickTime ...)
	NOT-FOR-US: Apple QuickTime
CVE-2008-3625 (Stack-based buffer overflow in Apple QuickTime before 7.5.5 allows ...)
	NOT-FOR-US: Apple QuickTime
CVE-2008-3624 (Heap-based buffer overflow in Apple QuickTime before 7.5.5 allows ...)
	NOT-FOR-US: Apple QuickTime
CVE-2008-3623 (Heap-based buffer overflow in CoreGraphics in Apple Safari before 3.2 ...)
	NOT-FOR-US: Apple Safari on Windows
CVE-2008-3622 (Cross-site scripting (XSS) vulnerability in Wiki Server in Apple Mac ...)
	NOT-FOR-US: Mac OS X
CVE-2008-3621 (VideoConference in Apple Mac OS X 10.4.11 and 10.5 through 10.5.4 ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2008-3620
	RESERVED
CVE-2008-3619 (Time Machine in Apple Mac OS X 10.5 through 10.5.4 uses weak ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2008-3618 (The File Sharing pane in the Sharing preference pane in Apple Mac OS X ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2008-3617 (Remote Management and Screen Sharing in Apple Mac OS X 10.5 through ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2008-3616 (Multiple integer overflows in the SearchKit API in Apple Mac OS X ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2008-3615 (ir50_32.qtx in an unspecified third-party Indeo v5 codec for ...)
	NOT-FOR-US: Apple QuickTime
CVE-2008-3614 (Integer overflow in Apple QuickTime before 7.5.5 on Windows allows ...)
	NOT-FOR-US: Apple QuickTime
CVE-2008-3613 (Finder in Apple Mac OS X 10.5.2 through 10.5.4 allows remote attackers ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2008-3612 (The Networking subsystem in Apple iPod touch 2.0 through 2.0.2, and ...)
	NOT-FOR-US: Apple iPod
CVE-2008-3611 (Login Window in Apple Mac OS X 10.4.11 does not clear the current ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2008-3610 (Race condition in Login Window in Apple Mac OS X 10.5 through 10.5.4, ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2008-3609 (The kernel in Apple Mac OS X 10.5 through 10.5.4 does not properly ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2008-3608 (ImageIO in Apple Mac OS X 10.4.11 and 10.5 through 10.5.4 allows ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2008-3607 (The IMAP server in NoticeWare Email Server NG 4.6.3 and earlier allows ...)
	NOT-FOR-US: NoticeWare Email Server NG
CVE-2008-3606 (Heap-based buffer overflow in the IMAP service in Qbik WinGate ...)
	NOT-FOR-US: Qbik WinGate
CVE-2008-3605 (Unspecified vulnerability in McAfee Encrypted USB Manager 3.1.0.0, ...)
	NOT-FOR-US: McAfee Encrypted USB Manager
CVE-2008-3604 (SQL injection vulnerability in bannerclick.php in ZeeBuddy 2.1 allows ...)
	NOT-FOR-US: ZeeBuddy
CVE-2008-3603 (SQL injection vulnerability in index.php in Vacation Rental Script 3.0 ...)
	NOT-FOR-US: Vacation Rental Script
CVE-2008-3602 (admin/wr_admin.php in PHP-Ring Webring System (aka uPHP_ring_website) ...)
	NOT-FOR-US: PHP-Ring Webring System
CVE-2008-3601 (SQL injection vulnerability in index.php in Quicksilver Forums 1.4.1 ...)
	NOT-FOR-US: Quicksilver Forums
CVE-2008-3600 (Directory traversal vulnerability in contrib/phpBB2/modules.php in ...)
	- gallery <unfixed> (unimportant)
	- gallery2 <not-affected> (Vulnerable code not present)
	NOTE: We haven't supported installations with register_globals enabled since a long time
CVE-2008-3599 (SQL injection vulnerability in image.php in OpenImpro 1.1 allows ...)
	NOT-FOR-US: OpenImpro
CVE-2008-3598 (Multiple SQL injection vulnerabilities in psipuss 1.0 allow remote ...)
	NOT-FOR-US: psipuss
CVE-2008-3597 (Skulltag before 0.97d2-RC6 allows remote attackers to cause a denial ...)
	NOT-FOR-US: Skulltag
CVE-2008-3596 (Cross-site scripting (XSS) vulnerability in Harmoni before 1.4.7 ...)
	NOT-FOR-US: Harmoni
CVE-2008-3595 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: txtSQL
CVE-2008-3594 (SQL injection vulnerability in viewdetails.php in MagicScripts E-Store ...)
	NOT-FOR-US: MagicScripts E-Store
CVE-2008-3593 (Directory traversal vulnerability in index.php in SyzygyCMS 0.3 allows ...)
	NOT-FOR-US: SyzygyCMS
CVE-2008-3592 (Unrestricted file upload vulnerability in the File Manager in the ...)
	NOT-FOR-US: Twentyone Degrees Symphony 1.7.01
CVE-2008-3591 (SQL injection vulnerability in lib/class.admin.php in Twentyone ...)
	NOT-FOR-US: Twentyone Degrees Symphony 1.7.01
CVE-2008-3590 (Multiple SQL injection vulnerabilities in admin/login.asp in E. Z. ...)
	NOT-FOR-US: E. Z. Poll 2
CVE-2008-3589 (Directory traversal vulnerability in download.php in moziloCMS 1.10.1, ...)
	NOT-FOR-US: mozilo CMS 1.10.1
CVE-2008-3588 (Multiple SQL injection vulnerabilities in phsBlog 0.1.1 allow remote ...)
	NOT-FOR-US: phsBlog 0.1.1
CVE-2008-3587 (Cross-site scripting (XSS) vulnerability in result.php in Chris ...)
	NOT-FOR-US: Homes 4 Sale
CVE-2008-3586 (SQL injection vulnerability in the EZ Store (com_ezstore) component ...)
	NOT-FOR-US: EZ Store (com_ezstore) component for Joomla!
CVE-2008-3585 (Multiple SQL injection vulnerabilities in PozScripts GreenCart PHP ...)
	NOT-FOR-US: PozScripts GreenCart PHP Shopping Cart
CVE-2008-3584 (NetBSD 3.0, 3.1, and 4.0, when a pppoe instance exists, does not ...)
	NOT-FOR-US: NetBSD
CVE-2008-3583 (Buffer overflow in the HTML parser in IntelliTamper 2.07 allows remote ...)
	NOT-FOR-US: IntelliTamper 2.07
CVE-2008-3582 (SQL injection vulnerability in login.php in Keld PHP-MySQL News Script ...)
	NOT-FOR-US: Keld PHP-MySQL News Script 0.7.1
CVE-2008-3581 (Cross-site scripting (XSS) vulnerability in index.php in Qsoft K-Links ...)
	NOT-FOR-US: Qsoft K-Links
CVE-2008-3580 (Multiple SQL injection vulnerabilities in Qsoft K-Links allow remote ...)
	NOT-FOR-US: Qsoft K-Links
CVE-2008-3579 (Calacode @Mail 5.41 on Linux does not require administrative ...)
	NOT-FOR-US: Calacode Atmail
CVE-2008-3578 (HydraIRC 0.3.164 and earlier allows remote attackers to cause a denial ...)
	NOT-FOR-US: HydraIRC
CVE-2008-3577 (Buffer overflow in src/openttd.cpp in OpenTTD before 0.6.2 allows ...)
	- openttd 0.6.2-1 (unimportant)
	NOTE: no vulnerability at all, not exploitable remote or local, openttd
CVE-2008-3576 (Buffer overflow in the TruncateString function in src/gfx.cpp in ...)
	- openttd 0.6.2-1
CVE-2008-3575 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: ezContents CMS
CVE-2008-3574 (Multiple cross-site scripting (XSS) vulnerabilities in Pluck 4.5.2, ...)
	NOT-FOR-US: Pluck CMS
CVE-2008-3573 (The CAPTCHA implementation in (1) Pligg 9.9.5 and possibly (2) ...)
	NOT-FOR-US: Pligg
CVE-2008-3572 (Cross-site scripting (XSS) vulnerability in index.php in Pligg 9.9.5 ...)
	NOT-FOR-US: Pligg
CVE-2008-3571 (The Xerox Phaser 8400 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Xerox Phaser 8400
CVE-2008-3570 (PHP remote file inclusion vulnerability in index.php in Africa Be Gone ...)
	NOT-FOR-US: Africa Be Gone
CVE-2008-3569 (Multiple cross-site scripting (XSS) vulnerabilities in XAMPP 1.6.7, ...)
	NOT-FOR-US: XAMPP
CVE-2008-3568 (Absolute path traversal vulnerability in ...)
	- fckeditor <not-affected> (Vulnerable code not present)
	NOTE: unak specific change, see fckeditor/unak_changes.txt in source
CVE-2008-3567 (Cross-zone scripting vulnerability in the NowPlaying functionality in ...)
	NOT-FOR-US: NullSoft Winamp
CVE-2008-3566 (Cross-site scripting (XSS) vulnerability in ZoneO-soft freeForum 1.7 ...)
	NOT-FOR-US: ZoneO-soft freeForum
CVE-2008-3565 (Multiple cross-site scripting (XSS) vulnerabilities in Meeting Room ...)
	NOT-FOR-US: Meeting Room Booking System (MRBS)
CVE-2008-3564 (Multiple directory traversal vulnerabilities in index.php in Dayfox ...)
	NOT-FOR-US: Dayfox Blog
CVE-2008-3563 (Multiple SQL injection vulnerabilities in Plogger 3.0 and earlier ...)
	NOT-FOR-US: Plogger
CVE-2008-3562 (Directory traversal vulnerability in index.php in the Contact module ...)
	NOT-FOR-US: Chupix CMS
CVE-2008-3561 (SQL injection vulnerability in s03.php in Powergap Shopsystem, when ...)
	NOT-FOR-US: Powergap Shopsystem
CVE-2008-3560 (Cross-site scripting (XSS) vulnerability in kshop_search.php in the ...)
	NOT-FOR-US: Kshop module for Xoops
CVE-2008-3559 (Multiple cross-site scripting (XSS) vulnerabilities in KAPhotoservice ...)
	NOT-FOR-US: KAPhotoservice
CVE-2008-3558 (Stack-based buffer overflow in the WebexUCFObject ActiveX control in ...)
	NOT-FOR-US: Webex Meeting Manager (Windows)
CVE-2008-3557 (Free Hosting Manager 1.2 and 2.0 allows remote attackers to bypass ...)
	NOT-FOR-US: Free Hosting Manager
CVE-2008-3556 (Multiple SQL injection vulnerabilities in index.php in Battle.net Clan ...)
	NOT-FOR-US: Battle.net Clan Script
CVE-2008-3555 (Directory traversal vulnerability in index.php in (1) WSN Forum 4.1.43 ...)
	NOT-FOR-US: Wsn Knowledge Base
CVE-2008-3554 (SQL injection vulnerability in index.php in Discuz! 6.0.1 allows ...)
	NOT-FOR-US: Discuz!
CVE-2008-3553 (Multiple unspecified vulnerabilities in Nokia Series 40 3rd edition ...)
	NOT-FOR-US: Nokia Series 40 3rd edition devices
CVE-2008-3552 (Multiple unspecified vulnerabilities in Nokia Series 40 3rd edition ...)
	NOT-FOR-US: Nokia Series 40 3rd edition devices
CVE-2008-3551 (Multiple unspecified vulnerabilities in Sun Java Platform Micro ...)
	NOT-FOR-US: Sun Java Platform Micro Edition
CVE-2008-3550 (The CQWeb login page in IBM Rational ClearQuest 7.0.1 allows remote ...)
	NOT-FOR-US: IBM Rational ClearQuest
CVE-2008-3549 (Unspecified vulnerability in the pthread_mutex_reltimedlock_np API in ...)
	NOT-FOR-US: Sun Solaris 10 and OpenSolaris
CVE-2008-3548 (Unspecified vulnerability in the Sun Netra T5220 Server with firmware ...)
	NOT-FOR-US: Sun Netra T5220 Server
CVE-2008-3545 (Unspecified vulnerability in ovtopmd in HP OpenView Network Node ...)
	NOT-FOR-US: HP OpenView
CVE-2008-3544 (Multiple stack-based buffer overflows in ovalarmsrv in HP OpenView ...)
	NOT-FOR-US: HP OpenView
CVE-2008-3543 (Unspecified vulnerability in NFS / ONCplus B.11.31_04 and earlier on ...)
	NOT-FOR-US: HP-UX
CVE-2008-3542 (Unspecified vulnerability in HP Insight Diagnostics before 7.9.1.2402 ...)
	NOT-FOR-US: HP Insight Diagnostics
CVE-2008-3541
	RESERVED
CVE-2008-3540
	RESERVED
CVE-2008-3539 (Unspecified vulnerability in HP OpenView Select Identity (HPSI) ...)
	NOT-FOR-US: HP OpenView Select Identity (HPSI)
CVE-2008-3538 (Unspecified vulnerability in HP Enterprise Discovery 2.0 through 2.52 ...)
	NOT-FOR-US: HP Enterprise Discovery
CVE-2008-3537 (Unspecified vulnerability in ovalarmsrv in HP OpenView Network Node ...)
	NOT-FOR-US: HP OpenView Network Node Manager
CVE-2008-3536 (Unspecified vulnerability in ovalarmsrv in HP OpenView Network Node ...)
	NOT-FOR-US: HP OpenView Network Node Manager
CVE-2008-3535 (Off-by-one error in the iov_iter_advance function in mm/filemap.c in ...)
	{DSA-1636-1}
	- linux-2.6 2.6.26-2
	[etch] - linux-2.6 <not-affected> (Vulnerable code not present)
	- linux-2.6.24 2.6.24-6~etchnhalf.5
	NOTE: 94ad374a0751f40d25e22e036c37f7263569d24c
	NOTE: Fixed in 2.6.25.14 and 2.6.26.1
CVE-2008-3534 (The shmem_delete_inode function in mm/shmem.c in the tmpfs ...)
	{DSA-1636-1}
	- linux-2.6.24 2.6.24-6~etchnhalf.5
	- linux-2.6 2.6.26-2
	[etch] - linux-2.6 <not-affected> (Vulnerable code not present)
	NOTE: 14fcc23fdc78e9d32372553ccf21758a9bd56fa1
	NOTE: Fixed in 2.6.25.14 and 2.6.26.1
CVE-2008-3533 (Format string vulnerability in the window_error function in ...)
	{DTSA-154-1}
	- yelp 2.22.1-4 (low)
	[etch] - yelp <not-affected> (Vulnerable code not present)
CVE-2008-3531 (Stack-based buffer overflow in sys/kern/vfs_mount.c in the kernel in ...)
	- kfreebsd-7 7.0-5
CVE-2008-3530 (sys/netinet6/icmp6.c in the kernel in FreeBSD 6.3 through 7.1, NetBSD ...)
	- kfreebsd-6 6.3-7
	- kfreebsd-7 7.0-5
CVE-2008-3529 (Heap-based buffer overflow in the xmlParseAttValueComplex function in ...)
	{DSA-1654-1}
	- libxml2 2.6.32.dfsg-4 (bug #498768)
CVE-2008-3528 (The error-reporting functionality in (1) fs/ext2/dir.c, (2) ...)
	{DSA-1687-1 DSA-1681-1}
	- linux-2.6 2.6.26-11 (unimportant)
	- linux-2.6.24 2.6.24-6~etchnhalf.7 (unimportant)
	NOTE: cdbf6dba28e8e6268c8420857696309470009fd9 (ext3)
	NOTE: bd39597cbd42a784105a04010100e27267481c67 (ext2)
	NOTE: 9d9f177572d9e4eba0f2e18523b44f90dd51fe74 (ext4)
	NOTE: Comment from tytso:
	NOTE: Note: some people thinks this represents a security bug, since it
	NOTE: might make the system go away while it is printing a large number of
	NOTE: console messages, especially if a serial console is involved.  Hence,
	NOTE: it has been assigned CVE-2008-3528, but it requires that the attacker
	NOTE: either has physical access to your machine to insert a USB disk with a
	NOTE: corrupted filesystem image (at which point why not just hit the power
	NOTE: button), or is otherwise able to convince the system administrator to
	NOTE: mount an arbitrary filesystem image (at which point why not just
	NOTE: include a setuid shell or world-writable hard disk device file or some
	NOTE: such).  Me, I think they're just being silly.
CVE-2008-3527 (arch/i386/kernel/sysenter.c in the Virtual Dynamic Shared Objects ...)
	{DSA-1687-1}
	- linux-2.6 2.6.21-1
CVE-2008-3526 (Integer overflow in the sctp_setsockopt_auth_key function in ...)
	{DSA-1636-1}
	- linux-2.6 2.6.26-4
	- linux-2.6.24 2.6.24-6~etchnhalf.5
	[etch] - linux-2.6 <not-affected>
CVE-2008-3525 (The sbni_ioctl function in drivers/net/wan/sbni.c in the wan subsystem ...)
	{DSA-1655-1 DSA-1653-1}
	- linux-2.6 2.6.26-7
	- linux-2.6.24 2.6.24-6~etchnhalf.6
CVE-2008-3524 (rc.sysinit in initscripts before 8.76.3-1 on Fedora 9 and other Linux ...)
	NOT-FOR-US: rc.sysinit on Fedora
CVE-2008-3523
	RESERVED
CVE-2008-3522 (Buffer overflow in the jas_stream_printf function in ...)
	- jasper 1.900.1-5.1 (medium; bug #501021)
CVE-2008-3521 (Race condition in the jas_stream_tmpfile function in ...)
	- jasper 1.900.1-5.1 (unimportant; bug #501021)
	NOTE: file is opened with O_EXCL even if tmpnam is used in this case
CVE-2008-3520 (Multiple integer overflows in JasPer 1.900.1 might allow ...)
	- jasper 1.900.1-5.1 (medium; bug #501021)
CVE-2008-3519 (The default configuration of the JBossAs component in Red Hat JBoss ...)
	- jbossas4 <not-affected> (configuration not yet included in Debian package)
CVE-2008-3518
	RESERVED
CVE-2008-3517
	RESERVED
CVE-2008-3516 (Multiple cross-site scripting (XSS) vulnerabilities in files generated ...)
	NOT-FOR-US: Adobe Presenter
CVE-2008-3515 (Multiple cross-site scripting (XSS) vulnerabilities in files generated ...)
	NOT-FOR-US: Adobe Presenter
CVE-2008-3514 (VMware VirtualCenter 2.5 before Update 2 and 2.0.2 before Update 5 ...)
	NOT-FOR-US: VMware VirtualCenter
CVE-2008-3513 (SQL injection vulnerability in the Book Catalog module 1.0 for ...)
	NOT-FOR-US: PHP-Nuke
CVE-2008-3512 (SQL injection vulnerability in the Kleinanzeigen module for PHP-Nuke ...)
	NOT-FOR-US: PHP-Nuke
CVE-2008-3511 (Multiple cross-site scripting (XSS) vulnerabilities in Softbiz Image ...)
	NOT-FOR-US: Softbiz Image Gallery
CVE-2008-3510 (Cross-site scripting (XSS) vulnerability in livehelp_js.php in Crafty ...)
	NOT-FOR-US: Crafty Syntax Live Help (CSLH)
CVE-2008-3509 (LoveCMS 1.6.2 does not require administrative authentication for (1) ...)
	NOT-FOR-US: LoveCMS
CVE-2008-3508 (LiteNews 0.1 (aka 01), and possibly 1.2 and earlier, allows remote ...)
	NOT-FOR-US: LiteNews
CVE-2008-3507 (SQL injection vulnerability in index.php in LiteNews 0.1 (aka 01), and ...)
	NOT-FOR-US: LiteNews
CVE-2008-3506 (SQL injection vulnerability in PolyPager 1.0 rc2 and earlier allows ...)
	NOT-FOR-US: PolyPager
CVE-2008-3505 (Cross-site scripting (XSS) vulnerability in PolyPager 1.0 rc2 and ...)
	NOT-FOR-US: PolyPager
CVE-2008-3504 (Unspecified vulnerability in mask PHP File Manager (mPFM) before 2.3 ...)
	NOT-FOR-US: mask PHP File Manager (mPFM)
CVE-2008-3503 (RSSFromParent in Plain Black WebGUI before 7.5.13 does not restrict ...)
	NOT-FOR-US: Plain Black WebGUI
CVE-2008-3502 (Unspecified vulnerability in Best Practical Solutions RT 3.0.0 through ...)
	NOT-FOR-US: Best Practical Solutions RT
CVE-2008-3501 (Cross-site scripting (XSS) vulnerability in the WebAccess simple ...)
	NOT-FOR-US: Novell Groupwise
CVE-2008-3500 (Cross-site scripting (XSS) vulnerability in the Suggested Terms module ...)
	NOT-FOR-US: suggested terms, additional drupal module
CVE-2008-3499 (Unspecified vulnerability in &quot;a page in the workarea folder&quot; in Ektron ...)
	NOT-FOR-US: Ektron CMS400.NET
CVE-2008-3498 (SQL injection vulnerability in the nBill (com_netinvoice) component ...)
	NOT-FOR-US: nBill, joomla component
CVE-2008-3497 (SQL injection vulnerability in pages.php in MyPHP CMS 0.3.1 allows ...)
	NOT-FOR-US: MyPHP CMS
CVE-2008-3496 (Buffer overflow in format descriptor parsing in the uvc_parse_format ...)
	- linux-2.6 2.6.26-2
	[etch] - linux-2.6 <not-affected> (code not present)
	- linux-2.6.24 <not-affected> (code not present)
CVE-2008-3495 (SQL injection vulnerability in kategori.asp in Pcshey Portal allows ...)
	NOT-FOR-US: Pcshey Portal
CVE-2008-3494 (8e6 R3000 Internet Filter 2.0.12.10 allows remote attackers to bypass ...)
	NOT-FOR-US: 8e6 R3000 Internet Filter
CVE-2008-3493 (vncviewer.exe in RealVNC Windows Client 4.1.2.0 allows remote VNC ...)
	NOT-FOR-US: RealVNC Windows Client
CVE-2008-3492 (America's Army (aka AA or Army Game Project) 2.8.3.1 and earlier ...)
	NOT-FOR-US: America's Army (aka AA or Army Game Project)
CVE-2008-3491 (SQL injection vulnerability in go.php in Scripts24 iPost 1.0.1 and ...)
	NOT-FOR-US: Scripts24 iPost
CVE-2008-3490 (SQL injection vulnerability in members/mail.php in E-topbiz Online ...)
	NOT-FOR-US: E-topbiz Online Dating 3
CVE-2008-3489 (SQL injection vulnerability in checkCookie function in ...)
	NOT-FOR-US: PHPX
CVE-2008-3488 (Unspecified vulnerability in Novell iManager before 2.7 SP1 (2.7.1) ...)
	NOT-FOR-US: Novell iManager
CVE-2008-3487 (SQL injection vulnerability in profile.php in PHPAuction GPL Enhanced ...)
	NOT-FOR-US: PHPAuction GPL Enhanced
CVE-2008-3486 (Directory traversal vulnerability in the user_get_profile function in ...)
	NOT-FOR-US: Coppermine Photo Gallery
CVE-2008-3485 (Untrusted search path vulnerability in Citrix MetaFrame Presentation ...)
	NOT-FOR-US: Citrix MetaFrame Presentation Server
CVE-2008-3532 (The NSS plugin in libpurple in Pidgin 2.4.3 does not verify SSL ...)
	- pidgin 2.4.3-2 (bug #492434)
	- gaim 1:2.0.0+fake.1
	NOTE: gaim is now a transitional package depending on pidgin with its own source package
	NOTE: http://developer.pidgin.im/ticket/6500
CVE-2008-3546 (Stack-based buffer overflow in the (1) diff_addremove and (2) ...)
	{DSA-1637-1 DTSA-153-1 DTSA-153-2}
	- git-core 1:1.5.6.5 (medium; bug #494097)
CVE-2008-3484 (SQL injection vulnerability in eStoreAff 0.1 allows remote attackers ...)
	NOT-FOR-US: eStoreAff
CVE-2008-3483 (Cross-site scripting (XSS) vulnerability in ScrewTurn Wiki 2.0.29 and ...)
	NOT-FOR-US: ScrewTurn Wiki
CVE-2008-3482 (Cross-site scripting (XSS) vulnerability in the error page feature in ...)
	NOT-FOR-US: Panasonic Network Camera
CVE-2008-3481 (themes/sample/theme.php in Coppermine Photo Gallery (CPG) 1.4.18 and ...)
	NOT-FOR-US: Coppermine Photo Gallery
CVE-2008-3480 (Stack-based buffer overflow in the Anzio Web Print Object (WePO) ...)
	NOT-FOR-US: Anzio Web Print Object 
CVE-2008-3479 (Heap-based buffer overflow in the Microsoft Message Queuing (MSMQ) ...)
	NOT-FOR-US: Microsoft Windows
CVE-2008-3478
	RESERVED
CVE-2008-3477 (Microsoft Excel 2000 SP3, 2002 SP3, and 2003 SP2 and SP3 does not ...)
	NOT-FOR-US: Microsoft Excel
CVE-2008-3476 (Microsoft Internet Explorer 5.01 SP4 and 6 does not properly handle ...)
	NOT-FOR-US: Microsoft
CVE-2008-3475 (Microsoft Internet Explorer 6 does not properly handle errors related ...)
	NOT-FOR-US: Microsoft
CVE-2008-3474 (Microsoft Internet Explorer 6 and 7 does not properly determine the ...)
	NOT-FOR-US: Microsoft
CVE-2008-3473 (Microsoft Internet Explorer 6 and 7 does not properly determine the ...)
	NOT-FOR-US: Microsoft
CVE-2008-3472 (Microsoft Internet Explorer 6 and 7 does not properly determine the ...)
	NOT-FOR-US: Microsoft
CVE-2008-3471 (Stack-based buffer overflow in Microsoft Excel 2000 SP3, 2002 SP3, ...)
	NOT-FOR-US: Microsoft
CVE-2008-3470
	RESERVED
CVE-2008-3469
	RESERVED
CVE-2008-3468
	RESERVED
CVE-2008-3467
	RESERVED
CVE-2008-3466 (Microsoft Host Integration Server (HIS) 2000, 2004, and 2006 does not ...)
	NOT-FOR-US: Microsoft
CVE-2008-3465 (Heap-based buffer overflow in an API in GDI in Microsoft Windows 2000 ...)
	NOT-FOR-US: Microsoft Windows 
CVE-2008-3464 (afd.sys in the Ancillary Function Driver (AFD) component in Microsoft ...)
	NOT-FOR-US: Microsoft
CVE-2008-3463
	RESERVED
CVE-2008-3462
	RESERVED
CVE-2008-3461
	RESERVED
CVE-2008-3460 (WPGIMP32.FLT in Microsoft Office 2000 SP3, XP SP3, and 2003 SP2; ...)
	NOT-FOR-US: Microsoft Office 2000
CVE-2008-3459 (Unspecified vulnerability in OpenVPN 2.1-beta14 through 2.1-rc8, when ...)
	- openvpn 2.1~rc9-1 (low; bug #493488)
	NOTE: pull/push needs to be allowed, successful authentication, compromised or malicious server
	[etch] - openvpn <not-affected> (Upstream states that the 2.0.x versions are unaffected)
CVE-2008-3458 (Vtiger CRM before 5.0.4 stores sensitive information under the web ...)
	NOT-FOR-US: Vtiger CRM
CVE-2008-3457 (Cross-site scripting (XSS) vulnerability in setup.php in phpMyAdmin ...)
	{DSA-1641-1}
	- phpmyadmin 4:2.11.8~rc1-1 (unimportant)
	NOTE: if an attacker can write arbitrary content to config/config.php you have way more problems than this XSS
CVE-2008-3455 (PHP remote file inclusion vulnerability in include/admin.php in ...)
	NOT-FOR-US: JnSHosts PHP Hosting Directory
CVE-2008-3454 (JnSHosts PHP Hosting Directory 2.0 allows remote attackers to bypass ...)
	NOT-FOR-US: JnSHosts PHP Hosting Directory
CVE-2008-3453 (Multiple unspecified vulnerabilities in ImpressCMS 1.0 have unknown ...)
	NOT-FOR-US: ImpressCMS
CVE-2008-3452 (SQL injection vulnerability in the Calendar module in eNdonesia 8.4 ...)
	NOT-FOR-US: eNdonesia
CVE-2008-3451 (PhpWebGallery 1.7.0 and 1.7.1 allows remote authenticated users with ...)
	NOT-FOR-US: PhpWebGallery
CVE-2008-3450 (Unspecified vulnerability in the namefs kernel module in Sun Solaris 8 ...)
	NOT-FOR-US: Solaris
CVE-2008-3449 (MailEnable Professional 3.5.2 and Enterprise 3.52 allow remote ...)
	NOT-FOR-US: MailEnable
CVE-2008-3448 (Cross-site scripting (XSS) vulnerability in index.php in common ...)
	NOT-FOR-US: csphonebook
CVE-2008-3447 (The scanning engine in F-Prot Antivirus 6.2.1 4252 allows remote ...)
	NOT-FOR-US: F-Prot Antivirus
CVE-2008-3446 (Directory traversal vulnerability in inc/wysiwyg.php in LetterIt 2 ...)
	NOT-FOR-US: LetterIt
CVE-2008-3445 (SQL injection vulnerability in index.php in phpMyRealty (PMR) 2.0.0 ...)
	NOT-FOR-US: phpMyRealty
CVE-2008-3444 (The content layout component in Mozilla Firefox 3.0 and 3.0.1 allows ...)
	- iceweasel <unfixed> (unimportant)
	NOTE: browser dos not treated as security issues
CVE-2008-3443 (The regular expression engine (regex.c) in Ruby 1.8.5 and earlier, ...)
	{DSA-1695-1}
	- ruby1.8 1.8.7.72-1 (low; bug #494401)
	- ruby1.9 1.9.0.2-9 (low)
	NOTE: Upstream commits 18212 (for 1.8) and 18213 (for 1.9).
	NOTE: this specific problem does not exist in ruby1.9 but a very similar problem
	NOTE: that has been fixed in this version (308_regexp_segv.dpatch)
CVE-2008-3442 (WinZip before 11.0 does not properly verify the authenticity of ...)
	NOT-FOR-US: WinZip
CVE-2008-3441 (Nullsoft Winamp before 5.24 does not properly verify the authenticity ...)
	NOT-FOR-US: Nullsoft Winamp
CVE-2008-3440 (Sun Java 1.6.0_03 and earlier versions, and possibly later versions, ...)
	- sun-java5 <not-affected> (only java updater for windows affected)
	- sun-java6 <not-affected> (only java updater for windows affected)
CVE-2008-3439 (SpeedBit Video Acceleration before 2.2.1.8 does not properly verify ...)
	NOT-FOR-US: SpeedBit Video Acceleration
CVE-2008-3438 (Apple Mac OS X does not properly verify the authenticity of updates, ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2008-3437 (OpenOffice.org (OOo) before 2.1.0 does not properly verify the ...)
	- openoffice.org <not-affected> (update feature disabled)
CVE-2008-3436 (The GUP generic update process in Notepad++ before 4.8.1 does not ...)
	NOT-FOR-US: Notepad++
CVE-2008-3435 (LinkedIn Browser Toolbar 3.0.3.1100 and earlier does not properly ...)
	NOT-FOR-US: LinkedIn
CVE-2008-3434 (Apple iTunes before 6.0.5.20 does not properly verify the authenticity ...)
	NOT-FOR-US: Apple iTunes
CVE-2008-3433 (SpeedBit Download Accelerator Plus (DAP) before 8.6.3.9 does not ...)
	NOT-FOR-US: SpeedBit Download Accelerator Plus
CVE-2008-3432 (Heap-based buffer overflow in the mch_expand_wildcards function in ...)
	- vim <not-affected> (Vulnerable code only present in 6.2 and 6.3, none of them in the archive anymore)
CVE-2008-3430 (Buffer overflow in the CoVideoWindow.ocx ActiveX control 5.0.907.1 in ...)
	NOT-FOR-US: Eyeball MessengerSDK
CVE-2008-3428 (Session fixation vulnerability in phpFreeChat 1.1 allows remote ...)
	NOT-FOR-US: phpFreeChat
CVE-2008-3427
	REJECTED
CVE-2008-3426 (Unspecified vulnerability in the Solaris Platform Information and ...)
	NOT-FOR-US: Solaris
CVE-2008-3425 (Unspecified vulnerability in the Sun Java System Web Server 7.0 plugin ...)
	NOT-FOR-US: Sun Java System Web Server
CVE-2008-3424 (Condor before 7.0.4 does not properly handle wildcards in the ...)
	- condor <itp> (bug #233482)
CVE-2008-3423 (IBM WebSphere Portal 5.1 through 6.1.0.0 allows remote attackers to ...)
	NOT-FOR-US: IBM WebSphere Portal
CVE-2008-3422 (Multiple cross-site scripting (XSS) vulnerabilities in the ASP.net ...)
	- mono 1.9.1+dfsg-4 (low; bug #494406)
	NOTE: https://bugzilla.novell.com/show_bug.cgi?id=413534
	NOTE: http://n2.nabble.com/-PATCH--HTML-encode-attributes-that-might-need-encoding-td584193.html
CVE-2004-2760 (sshd in OpenSSH 3.5p1, when PermitRootLogin is disabled, immediately ...)
	- openssh 1:3.6p1-1 (unimportant)
CVE-2003-1562 (sshd in OpenSSH 3.6.1p2 and earlier, when PermitRootLogin is disabled ...)
	- openssh 1:3.8.1p1-8.sarge.4 (low)
CVE-2008-3431 (The VBoxDrvNtDeviceControl function in VBoxDrv.sys in Sun xVM ...)
	- virtualbox-ose <not-affected> (affects only windows host systems)
	NOTE: CORE-2008-0716
CVE-2008-3456 (phpMyAdmin before 2.11.8 does not sufficiently prevent its pages from ...)
	{DSA-1641-1}
	- phpmyadmin 4:2.11.8~rc1-1 (low)
	NOTE: exploitation circumstances are rare or require other vulnerabilities to be present already. may fix combined with another issue but doesn't warrant DSA on its own
CVE-2008-3547 [openttd remote buffer overflow]
	RESERVED
	- openttd 0.6.2-1 (medium; bug #493714)
CVE-2008-3421 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...)
	NOT-FOR-US: Blackboard Academic Suite
CVE-2008-3420 (Multiple SQL injection vulnerabilities in Mobius for Mimsy XG 1 ...)
	NOT-FOR-US: Mobius Web Publishing Software
CVE-2008-3419 (SQL injection vulnerability in ugroups.php in Youtuber Clone allows ...)
	NOT-FOR-US: Youtuber Clone
CVE-2008-3418 (SQL injection vulnerability in browse.php in TriO 2.1 and earlier ...)
	NOT-FOR-US: TriO
CVE-2008-3417 (SQL injection vulnerability in home/index.asp in fipsCMS light 2.1 and ...)
	NOT-FOR-US: fipsCMS
CVE-2008-3416 (SQL injection vulnerability in modules/members.php in IceBB before ...)
	NOT-FOR-US: IceBB
CVE-2008-3415 (Directory traversal vulnerability in common.php in CMScout 2.05, when ...)
	NOT-FOR-US: CMScout
CVE-2008-3414 (SQL injection vulnerability in line2.php in SiteAdmin allows remote ...)
	NOT-FOR-US: SiteAdmin
CVE-2008-3413 (SQL injection vulnerability in category.php in Greatclone GC Auction ...)
	NOT-FOR-US: Greatclone GC Auction Platinum
CVE-2008-3412 (SQL injection vulnerability in Comsenz EPShop (aka ECShop) before 3.0 ...)
	NOT-FOR-US: Comsenz EPShop
CVE-2008-3411 (The Axesstel AXW-D800 modem with D2_ETH_109_01_VEBR Jun-14-2006 ...)
	NOT-FOR-US: The Axesstel AXW-D800 modem
CVE-2008-3410 (Unreal Tournament 3 1.3beta4 and earlier allows remote attackers to ...)
	NOT-FOR-US: Unreal Tournament
CVE-2008-3409 (Buffer overflow in Unreal Tournament 3 1.3beta4 and earlier allows ...)
	NOT-FOR-US: Unreal Tournament
CVE-2008-3408 (Stack-based buffer overflow in CoolPlayer allows user-assisted remote ...)
	NOT-FOR-US: CoolPlayer
CVE-2008-3407 (phpLinkat 0.1 allows remote attackers to bypass authentication and ...)
	NOT-FOR-US: phpLinkat
CVE-2008-3406 (SQL injection vulnerability in showcat.php in phpLinkat 0.1 allows ...)
	NOT-FOR-US: phpLinkat
CVE-2008-3405 (Directory traversal vulnerability in index.php in Ricardo Amaral ...)
	NOT-FOR-US: Ricardo Amaral nzFotolog
CVE-2008-3404 (Cross-site scripting (XSS) vulnerability in guestbook.js.php in ...)
	NOT-FOR-US: MJGuest
CVE-2008-3403 (SQL injection vulnerability in mojoClassified.cgi in MojoPersonals ...)
	NOT-FOR-US: MojoPersonals
CVE-2008-3402 (Multiple PHP remote file inclusion vulnerabilities in HIOX Browser ...)
	NOT-FOR-US: HIOX Browser Statistics
CVE-2008-3401 (PHP remote file inclusion vulnerability in hioxRandomAd.php in HIOX ...)
	NOT-FOR-US: HIOX Random Ad 
CVE-2008-3400 (XRMS CRM 1.99.2 allows remote attackers to obtain configuration ...)
	NOT-FOR-US: XRMS CRM
CVE-2008-3399 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: XRMS CRM
CVE-2008-3398 (Multiple cross-site scripting (XSS) vulnerabilities in XRMS CRM 1.99.2 ...)
	NOT-FOR-US: XRMS CRM
CVE-2008-3397 (Cross-site scripting (XSS) vulnerability in Runesoft Cerberus CMS ...)
	NOT-FOR-US: Runesoft Cerberus CMS
CVE-2008-3396 (Unreal Tournament 2004 (UT2004) 3369 and earlier allows remote ...)
	NOT-FOR-US: Unreal Tournament
CVE-2008-3395 (Calacode @Mail 5.41 on Linux uses weak world-readable permissions for ...)
	NOT-FOR-US: Calacode
CVE-2008-3394 (Multiple cross-site scripting (XSS) vulnerabilities in search.cfm in ...)
	NOT-FOR-US: BookMine
CVE-2008-3393 (SQL injection vulnerability in events.cfm in BookMine allows remote ...)
	NOT-FOR-US: BookMine
CVE-2008-3392 (Cross-site request forgery (CSRF) vulnerability in Web Wiz Forum 9.5 ...)
	NOT-FOR-US: Web Wiz Forum
CVE-2008-3391 (Multiple cross-site scripting (XSS) vulnerabilities in Web Wiz Forum ...)
	NOT-FOR-US: Web Wiz Forum
CVE-2008-3390 (Directory traversal vulnerability in libraries/general.init.php in ...)
	NOT-FOR-US: Minishowcase Image Gallery
CVE-2008-3389 (Stack-based buffer overflow in the libbecompat library in Ingres 2.6, ...)
	NOT-FOR-US: Ingres
CVE-2008-3388 (Multiple SQL injection vulnerabilities in Def-Blog 1.0.3 allow remote ...)
	NOT-FOR-US: Def-Blog
CVE-2008-3387 (SQL injection vulnerability in show.php in PHPFootball 1.6 allows ...)
	NOT-FOR-US: PHPFootball
CVE-2008-3386 (SQL injection vulnerability in album.php in AlstraSoft Video Share ...)
	NOT-FOR-US: AlstraSoft Video Share Enterprise
CVE-2008-3385 (Directory traversal vulnerability in include/head_chat.inc.php in php ...)
	NOT-FOR-US: Help Agent 
CVE-2008-3384 (Multiple directory traversal vulnerabilities in help/help.php in ...)
	NOT-FOR-US: Interact Learning Community Environment Interact
CVE-2008-3383 (SQL injection vulnerability in mojoAuto.cgi in MojoAuto allows remote ...)
	NOT-FOR-US: MojoAuto
CVE-2008-3382 (SQL injection vulnerability in mojoClassified.cgi in MojoClassifieds ...)
	NOT-FOR-US: MojoClassifieds
CVE-2008-3381 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
	- moin 1.7.1-1 (low)
	[etch] - moin <not-affected> (Vulnerable macro not present)
CVE-2008-3380 (Cross-site scripting (XSS) vulnerability in ajaxp_backend.php in ...)
	NOT-FOR-US: MyioSoft EasyBookMarker
CVE-2008-3379 (Cross-site scripting (XSS) vulnerability in Snark VisualPic 0.3.1 ...)
	NOT-FOR-US: Snark VisualPic
CVE-2008-3378 (SQL injection vulnerability in comment.php in Fizzmedia 1.51.2 allows ...)
	NOT-FOR-US: Fizzmedia
CVE-2008-3377 (SQL injection vulnerability in picture.php in phpTest 0.6.3 allows ...)
	NOT-FOR-US: phpTest
CVE-2008-3376 (Multiple unspecified vulnerabilities in JamRoom before 3.4.0 have ...)
	NOT-FOR-US: JamRoom
CVE-2008-3375 (The jrCookie function in includes/jamroom-misc.inc.php in JamRoom ...)
	NOT-FOR-US: JamRoom
CVE-2008-3374 (SQL injection vulnerability in ajax.php in Gregarius 0.5.4 and earlier ...)
	NOT-FOR-US: Gregarius
CVE-2008-3373 (The files parsing engine in Grisoft AVG Anti-Virus before 8.0.156 ...)
	NOT-FOR-US: Grisoft AVG Anti-Virus
CVE-2008-3372 (SQL injection vulnerability in search_form.php in Getacoder Clone ...)
	NOT-FOR-US: Getacoder Clone
CVE-2008-3371 (Directory traversal vulnerability in install/help.php in TalkBack ...)
	NOT-FOR-US: TalkBack
CVE-2008-3370 (SQL injection vulnerability in the CUA Login Module in EMC Centera ...)
	NOT-FOR-US: CUA Login Module in EMC Centera Universal Access
CVE-2008-3369 (SQL injection vulnerability in products_rss.php in ViArt Shop 3.5 and ...)
	NOT-FOR-US: ViArt Shop
CVE-2008-3368 (PHP remote file inclusion vulnerability in tools/packages/import.php ...)
	NOT-FOR-US: ATutor
CVE-2008-3367 (Cross-site scripting (XSS) vulnerability in RTE_popup_link.asp in Web ...)
	NOT-FOR-US: Web Wiz Rich Text Editor
CVE-2008-3366 (SQL injection vulnerability in story.php in Pligg CMS Beta 9.9.0 ...)
	NOT-FOR-US: Pligg CMS
CVE-2008-3365 (Directory traversal vulnerability in index.php in Pixelpost 1.7.1 on ...)
	- pixelpost <not-affected> (Exploit relies on register_globals to be on)
CVE-2008-3364 (Buffer overflow in the ObjRemoveCtrl Class ActiveX control in ...)
	NOT-FOR-US: Trend Micro OfficeScan Corp Edition Web-Deployment
CVE-2008-3363 (Directory traversal vulnerability in user_portal.php in the Dokeos ...)
	NOT-FOR-US: Dokeos E-Learning System
CVE-2008-3362 (Unrestricted file upload vulnerability in upload.php in the Giulio ...)
	NOT-FOR-US: Giulio Ganci Wp Downloads Manager module
CVE-2008-3361 (Stack-based buffer overflow in IntelliTamper 2.07 allows remote web ...)
	NOT-FOR-US: IntelliTamper
CVE-2008-3360 (Stack-based buffer overflow in the HTML parser in IntelliTamper 2.0.7 ...)
	NOT-FOR-US: IntelliTamper
CVE-2008-3359 (SQL injection vulnerability in register.php in Steve Bourgeois and ...)
	- owl-dms 0.95-1.1 (bug #493372)
	NOTE: Hardly maintained and very few users, long standing sec issues in Etch,
	NOTE: Emailed release team to ask for removal from lenny
CVE-2008-3358 (Cross-site scripting (XSS) vulnerability in Web Dynpro (WD) in the SAP ...)
	NOT-FOR-US: SAP NetWeaver portal
CVE-2008-3357 (Untrusted search path vulnerability in ingvalidpw in Ingres 2.6, ...)
	NOT-FOR-US: Ingres
CVE-2008-3356 (verifydb in Ingres 2.6, Ingres 2006 release 1 (aka 9.0.4), and Ingres ...)
	NOT-FOR-US: Ingres
CVE-2008-3355 (SQL injection vulnerability in sitemap.xml.php in Camera Life 2.6.2 ...)
	NOT-FOR-US: Camera Life
CVE-2008-3354 (Multiple PHP remote file inclusion vulnerabilities in the Newbb Plus ...)
	NOT-FOR-US: Newbb Plus
CVE-2008-3353 (Multiple cross-site scripting (XSS) vulnerabilities in Pure Software ...)
	NOT-FOR-US: Pure Software Lore
CVE-2008-3352 (SQL injection vulnerability in index.php in Live Music Plus 1.1.0 ...)
	NOT-FOR-US: Live Music Plus
CVE-2008-3351 (SQL injection vulnerability in atomPhotoBlog.php in Atom PhotoBlog ...)
	NOT-FOR-US: Atom PhotoBlog
CVE-2008-3350 (dnsmasq 2.43 allows remote attackers to cause a denial of service ...)
	- dnsmasq 2.44-1 (low)
	[etch] - dnsmasq <not-affected> (Issue was introduced in 2.43)
CVE-2008-3349 (Multiple unspecified vulnerabilities in NetApp Data ONTAP, as used on ...)
	NOT-FOR-US: NetApp Data ONTAP
CVE-2008-3348 (Cross-site scripting (XSS) vulnerability in ...)
	NOT-FOR-US: MyioSoft EasyDynamicPages
CVE-2008-3347 (SQL injection vulnerability in staticpages/easycalendar/index.php in ...)
	NOT-FOR-US: MyioSoft EasyDynamicPages
CVE-2008-3346 (SQL injection vulnerability in product_detail.php in ShopCart DX ...)
	NOT-FOR-US: ShopCart DX
CVE-2008-3345 (SQL injection vulnerability in staticpages/easyecards/index.php in ...)
	NOT-FOR-US: MyioSoft EasyE-Cards
CVE-2008-3344 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
	NOT-FOR-US: MyioSoft EasyE-Cards
CVE-2008-3343 (SQL injection vulnerability in staticpages/easypublish/index.php in ...)
	NOT-FOR-US: MyioSoft EasyPublish
CVE-2008-3342 (Cross-site scripting (XSS) vulnerability in ...)
	NOT-FOR-US: MyioSoft EasyPublish
CVE-2008-3341 (Multiple SQL injection vulnerabilities in search_result.cfm in Jobbex ...)
	NOT-FOR-US: Jobbex JobSite
CVE-2008-3340 (Cross-site scripting (XSS) vulnerability in search_result.cfm in ...)
	NOT-FOR-US: Jobbex JobSite
CVE-2008-3339 (search_result.cfm in Jobbex JobSite allows remote attackers to obtain ...)
	NOT-FOR-US: Jobbex JobSite
CVE-2008-3429 (Buffer overflow in URI processing in HTTrack and WinHTTrack before ...)
	{DSA-1626-1}
	- httrack 3.42.3-1 (low)
CVE-2008-3338 (Multiple buffer overflows in TIBCO Hawk (1) AMI C library ...)
	NOT-FOR-US: TIBCO Hawk
CVE-2008-3337 (PowerDNS Authoritative Server before 2.9.21.1 drops malformed queries, ...)
	{DSA-1628-1}
	- pdns 2.9.21.1-1 (low)
CVE-2008-3336 (Multiple cross-site scripting (XSS) vulnerabilities in PunBB before ...)
	NOT-FOR-US: PunBB
CVE-2008-3335 (Unspecified vulnerability in PunBB before 1.2.19 allows remote ...)
	NOT-FOR-US: PunBB
CVE-2008-3334 (Cross-site scripting (XSS) vulnerability in MyBB 1.2.x before 1.2.14 ...)
	NOT-FOR-US: MyBB
CVE-2008-3333 (Directory traversal vulnerability in core/lang_api.php in Mantis ...)
	- mantis 1.1.2+dfsg-2
	NOTE: I've marked the above version as fixed, however I am not sure if it wasn't fixed
	NOTE: earlier. However, lenny is fixed and it is not in etch and sarge is not supported anymore.
CVE-2008-3332 (Eval injection vulnerability in adm_config_set.php in Mantis before ...)
	- mantis 1.1.2+dfsg-2
CVE-2008-3331 (Cross-site scripting (XSS) vulnerability in return_dynamic_filters.php ...)
	- mantis 1.1.2+dfsg-2
CVE-2008-3329 (Unspecified vulnerability in Links before 2.1, when &quot;only proxies&quot; is ...)
	- links2 2.1pre37-1.1 (low; bug #492744)
	[etch] - links2 <no-dsa> (Minor information leak)
CVE-2008-3328 (Cross-site scripting (XSS) vulnerability in the wiki engine in Trac ...)
	- trac 0.11-1
	[etch] - trac 0.10.3-1etch4
CVE-2008-3324 (The PartyGaming PartyPoker client program 121/120 does not properly ...)
	NOT-FOR-US:  PartyGaming PartyPoker
CVE-2008-3323 (setup.exe before 2.573.2.3 in Cygwin does not properly verify the ...)
	NOT-FOR-US: Cygwin
CVE-2008-3322 (admin/index.php in Maian Recipe 1.2 and earlier allows remote ...)
	NOT-FOR-US: Maian *
CVE-2008-3321 (admin/index.php in Maian Uploader 4.0 and earlier allows remote ...)
	NOT-FOR-US: Maian *
CVE-2008-3320 (admin/index.php in Maian Guestbook 3.2 and earlier allows remote ...)
	NOT-FOR-US: Maian *
CVE-2008-3319 (admin/index.php in Maian Links 3.1 and earlier allows remote attackers ...)
	NOT-FOR-US: Maian *
CVE-2008-3318 (admin/index.php in Maian Weblog 4.0 and earlier allows remote ...)
	NOT-FOR-US: Maian *
CVE-2008-3317 (admin/index.php in Maian Search 1.1 and earlier allows remote ...)
	NOT-FOR-US: Maian *
CVE-2008-3316 (Cross-site scripting (XSS) vulnerability in the search feature in the ...)
	NOT-FOR-US: Geeklog
CVE-2008-3315 (Multiple cross-site scripting (XSS) vulnerabilities in Claroline ...)
	NOT-FOR-US: Claroline
CVE-2008-3314 (ZDaemon 1.08.07 and earlier allows remote attackers to cause a denial ...)
	NOT-FOR-US: ZDaemon
CVE-2008-3313 (Multiple PHP remote file inclusion vulnerabilities in CreaCMS 1.0 ...)
	NOT-FOR-US: CreaCMS
CVE-2008-3312 (Directory traversal vulnerability in ...)
	- fckeditor <not-affected> (Vulnerable code not present)
	NOTE: lemon cms patched sources, vulnerable code not present in plain fckeditor in no version.
	NOTE: if in doubt contact the fsckeditor people.
CVE-2008-3311 (PHP remote file inclusion vulnerability in config.php in Adam ...)
	NOT-FOR-US: Adam Scheinberg Flip
CVE-2008-3310 (SQL injection vulnerability in default.asp in Pre Survey Poll allows ...)
	NOT-FOR-US: Pre Survey Poll
CVE-2008-3309 (SQL injection vulnerability in info_book.asp in DigiLeave 1.2 and ...)
	NOT-FOR-US: DigiLeave
CVE-2008-3308 (PHP remote file inclusion vulnerability in cuenta/cuerpo.php in C. ...)
	NOT-FOR-US: C. Desseno YouTube Blog
CVE-2008-3307 (SQL injection vulnerability in todos.php in C. Desseno YouTube Blog ...)
	NOT-FOR-US: C. Desseno YouTube Blog
CVE-2008-3306 (SQL injection vulnerability in info.php in C. Desseno YouTube Blog ...)
	NOT-FOR-US: C. Desseno YouTube Blog
CVE-2008-3305 (Cross-site scripting (XSS) vulnerability in mensaje.php in C. Desseno ...)
	NOT-FOR-US: C. Desseno YouTube Blog
CVE-2008-3304 (BilboBlog 0.2.1 allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: BilboBlog
CVE-2008-3303 (admin/login.php in BilboBlog 0.2.1, when register_globals is enabled, ...)
	NOT-FOR-US: BilboBlog
CVE-2008-3302 (SQL injection vulnerability in admin/delete.php in BilboBlog 0.2.1, ...)
	NOT-FOR-US: BilboBlog
CVE-2008-3301 (Multiple cross-site scripting (XSS) vulnerabilities in BilboBlog 0.2.1 ...)
	NOT-FOR-US: BilboBlog
CVE-2008-3300 (AlphAdmin CMS 1.0.5/03 allows remote attackers to bypass ...)
	NOT-FOR-US: AlphAdmin CMS
CVE-2008-3299 (eSyndiCat 1.6 allows remote attackers to bypass authentication and ...)
	NOT-FOR-US: eSyndiCat
CVE-2008-3298 (SocialEngine (SE) before 2.83 grants certain write privileges for ...)
	NOT-FOR-US: SocialEngine
CVE-2008-3297 (Multiple SQL injection vulnerabilities in SocialEngine (SE) before ...)
	NOT-FOR-US: SocialEngine
CVE-2008-3296 (Directory traversal vulnerability in modules/system/admin.php in XOOPS ...)
	NOT-FOR-US: XOOPS
CVE-2008-3295 (Cross-site scripting (XSS) vulnerability in modules/system/admin.php ...)
	NOT-FOR-US: XOOPS
CVE-2008-3294 (src/configure.in in Vim 5.0 through 7.1, when used for a build with ...)
	- vim <not-affected> (Build issue)
	NOTE: It looks like the vulnerability only occurs during build, so it shouldn't be an issue for Debian
CVE-2008-3293 (Directory traversal vulnerability in download.php in EZWebAlbum allows ...)
	NOT-FOR-US: EZWebAlbum
CVE-2008-3292 (constants.inc in EZWebAlbum 1.0 allows remote attackers to bypass ...)
	NOT-FOR-US: EZWebAlbum
CVE-2008-3291 (SQL injection vulnerability in index.php in AproxEngine (aka Aprox CMS ...)
	NOT-FOR-US: AproxEngine
CVE-2008-3290 (retroclient.exe in EMC Dantz Retrospect Backup Client 7.5.116 allows ...)
	NOT-FOR-US: EMC Dantz Retrospect Backup Client
CVE-2008-3289 (EMC Dantz Retrospect Backup Client 7.5.116 sends the password hash in ...)
	NOT-FOR-US: EMC Dantz Retrospect Backup Client
CVE-2008-3288 (The Server Authentication Module in EMC Dantz Retrospect Backup Server ...)
	NOT-FOR-US: EMC Dantz Retrospect Backup Server
CVE-2008-3287 (retroclient.exe in EMC Dantz Retrospect Backup Client 7.5.116 allows ...)
	NOT-FOR-US: EMC Dantz Retrospect Backup Client
CVE-2008-3286 (SWAT 4 1.1 and earlier allows remote attackers to cause a denial of ...)
	NOT-FOR-US: SWAT 4
CVE-2008-3285 (The Filesys::SmbClientParser module 2.7 and earlier for Perl allows ...)
	NOT-FOR-US: Filesys::SmbClientParser
CVE-2008-3284
	RESERVED
CVE-2008-3283 (Multiple memory leaks in Red Hat Directory Server 7.1 before SP7, Red ...)
	NOT-FOR-US: Red Hat Directory Server
CVE-2008-3282 (Integer overflow in the rtl_allocateMemory function in ...)
	- openoffice.org <not-affected> (openoffice in Debian does not use the custom allocations but g/malloc)
	NOTE: see ooo-build/distro-configs/CommonLinux.conf.in, openoffice builds on Debian using
	NOTE: --with-alloc=system which causes the build scripts to use the system allocators instead of the
	NOTE: custom ones
CVE-2008-3281 (libxml2 2.6.32 and earlier does not properly detect recursion during ...)
	{DSA-1631-1 DTSA-158-1}
	- libxml2 2.6.32.dfsg-3 (medium)
CVE-2008-3280
	RESERVED
CVE-2008-3279
	RESERVED
CVE-2008-3278
	RESERVED
CVE-2008-3277
	RESERVED
CVE-2008-3276 (Integer overflow in the dccp_setsockopt_change function in ...)
	{DSA-1653-1 DSA-1636-1}
	- linux-2.6 2.6.26-4
	- linux-2.6.24 2.6.24-6~etchnhalf.5
CVE-2008-3275 (The (1) real_lookup and (2) __lookup_hash functions in fs/namei.c in ...)
	{DSA-1636-1 DSA-1630-1}
	- linux-2.6.24 2.6.24-6~etchnhalf.5
	- linux-2.6 2.6.26-2
	NOTE: d70b67c8bc72ee23b55381bd6a884f4796692f77        
CVE-2008-3274 (The default configuration of Red Hat Enterprise IPA 1.0.0 and FreeIPA ...)
	NOT-FOR-US: FreeIPA
CVE-2008-3273 (JBoss Enterprise Application Platform (aka JBossEAP or EAP) before ...)
	NOT-FOR-US: JBoss
CVE-2008-3272 (The snd_seq_oss_synth_make_info function in ...)
	{DSA-1636-1 DSA-1630-1}
	- linux-2.6.24 2.6.24-6~etchnhalf.5
	- linux-2.6 2.6.26-2
	NOTE: 82e68f7ffec3800425f2391c8c86277606860442
CVE-2008-3271 (Apache Tomcat 5.5.0 and 4.1.0 through 4.1.31 allows remote attackers ...)
	- tomcat5 <removed> (unimportant)
	- tomcat5.5 5.5.1
	- tomcat6 <not-affected>
	NOTE: It is unlikely that this is exploitable in real world scenarios.
CVE-2008-3270 (yum-rhn-plugin in Red Hat Enterprise Linux (RHEL) 5 does not verify ...)
	NOT-FOR-US: Red Hat
CVE-2008-3269 (WRPCServer.exe in WinSoftMagic WinRemotePC (WRPC) Lite 2008 and Full ...)
	NOT-FOR-US: WinRemotePC
CVE-2008-3268 (Unspecified vulnerability in phpScheduleIt 1.2.0 through 1.2.9, when ...)
	NOT-FOR-US: phpScheduleIt
CVE-2008-3267 (SQL injection vulnerability in mojoJobs.cgi in MojoJobs allows remote ...)
	NOT-FOR-US: MojoJobs
CVE-2008-3266 (SQL injection vulnerability in picture_pic_bv.asp in SoftAcid Hotel ...)
	NOT-FOR-US: SoftAcid Hotel Reservation System
CVE-2008-3265 (SQL injection vulnerability in the DT Register (com_dtregister) 2.2.3 ...)
	NOT-FOR-US: DT Register
CVE-2008-3264 (The FWDOWNL firmware-download implementation in Asterisk Open Source ...)
	- asterisk 1:1.4.21.2~dfsg-1
	NOTE: http://downloads.digium.com/pub/security/AST-2008-011.html
CVE-2008-3263 (The IAX2 protocol implementation in Asterisk Open Source 1.0.x, 1.2.x ...)
	- asterisk 1:1.4.21.2~dfsg-1
	NOTE: http://downloads.digium.com/pub/security/AST-2008-010.html
CVE-2008-3262 (Cross-site request forgery (CSRF) vulnerability in Claroline before ...)
	NOT-FOR-US: Claroline
CVE-2008-3261 (Open redirect vulnerability in claroline/redirector.php in Claroline ...)
	NOT-FOR-US: Claroline
CVE-2008-3260 (Multiple cross-site scripting (XSS) vulnerabilities in Claroline ...)
	NOT-FOR-US: Claroline
CVE-2008-3259 (OpenSSH before 5.1 sets the SO_REUSEADDR socket option when the ...)
	- openssh <not-affected> (linux check that the effective userid matches or that bind addresses dont overlap on rebind)
CVE-2008-3258 (Multiple SQL injection vulnerabilities in Zoph before 0.7.0.5 allow ...)
	- zoph 0.7.1-1
	NOTE: http://sourceforge.net/project/shownotes.php?group_id=69353&release_id=614672
CVE-2008-3257 (Stack-based buffer overflow in the Apache Connector (mod_wl) in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2008-3256 (SQL injection vulnerability in folder.php in Siteframe CMS 3.2.3 and ...)
	NOT-FOR-US: Siteframe CMS
CVE-2008-3255 (Cross-site scripting (XSS) vulnerability in LunarNight Laboratory ...)
	NOT-FOR-US: LunarNight Laboratory WebProxy
CVE-2008-3254 (SQL injection vulnerability in index.php in preCMS 1 allows remote ...)
	NOT-FOR-US: preCMS
CVE-2008-3253 (Cross-site scripting (XSS) vulnerability in the XenAPI HTTP interfaces ...)
	NOT-FOR-US: Citrix XenServer Express
CVE-2008-3252 (Stack-based buffer overflow in the read_article function in ...)
	{DSA-1622-1}
	- newsx 1.6-3 (bug #492742)
CVE-2008-3251 (Multiple SQL injection vulnerabilities in tplSoccerSite 1.0 allow ...)
	NOT-FOR-US: tplSoccerSite
CVE-2008-3250 (SQL injection vulnerability in index.php in Arctic Issue Tracker 2.0.0 ...)
	NOT-FOR-US: Arctic Issue Tracker
CVE-2008-3249 (The client in Lenovo System Update before 3.14 does not properly ...)
	NOT-FOR-US: Lenovo System Update
CVE-2008-3248 (qiomkfile in the Quick I/O for Database feature in Symantec Veritas ...)
	NOT-FOR-US: Symantec Veritas File System on HP-UX
CVE-2008-3247 (The LDT implementation in the Linux kernel 2.6.25.x before 2.6.25.11 ...)
	- linux-2.6 2.6.25-7
	[etch] - linux-2.6 <not-affected> (2.6.25-only issue)
	- linux-2.6.24 <not-affected> (2.6.25-only issue)
CVE-2008-3246 (Unspecified vulnerability in the PDF distiller component in the ...)
	NOT-FOR-US: BlackBerry Attachment Service
CVE-2008-3245 (SQL injection vulnerability in phpHoo3.php in phpHoo3 4.3.9, 4.3.10, ...)
	NOT-FOR-US: phpHoo3
CVE-2008-3244 (The scanning engine before 4.4.4 in F-Prot Antivirus before 6.0.9.0 ...)
	NOT-FOR-US: F-Prot Antivirus
CVE-2008-3243 (Multiple unspecified vulnerabilities in the scanning engine before ...)
	NOT-FOR-US: F-Prot Antivirus
CVE-2008-3242 (Heap-based buffer overflow in the PPMedia Class ActiveX control in ...)
	NOT-FOR-US: PPMate
CVE-2008-3241 (SQL injection vulnerability in players-detail.php in UltraStats ...)
	NOT-FOR-US: UltraStats
CVE-2008-3240 (SQL injection vulnerability in index.php in AlstraSoft Affiliate ...)
	NOT-FOR-US: AlstraSoft Affiliate Network Pro 
CVE-2008-3239 (Unrestricted file upload vulnerability in the writeLogEntry function ...)
	NOT-FOR-US: PHPizabi
CVE-2008-3238 (Multiple SQL injection vulnerabilities in ITechBids 7.0 Gold allow ...)
	NOT-FOR-US: ITechBids
CVE-2008-3237 (Cross-site scripting (XSS) vulnerability in forward_to_friend.php in ...)
	NOT-FOR-US: ITechBids
CVE-2008-3236 (Unspecified vulnerability in Wsadmin in the System ...)
	NOT-FOR-US: Wsadmin
CVE-2008-3235 (Unspecified vulnerability in the PropFilePasswordEncoder utility in ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2008-3234 (sshd in OpenSSH 4 on Debian GNU/Linux, and the 20070303 OpenSSH ...)
	- openssh <unfixed> (unimportant)
	NOTE: this is by design
CVE-2008-3233 (Cross-site scripting (XSS) vulnerability in WordPress before 2.6, SVN ...)
	- wordpress <not-affected> (Code was only present in svn versions)
CVE-2008-3232 (Unrestricted file upload vulnerability in ecrire/images.php in ...)
	NOT-FOR-US: dotclear
CVE-2008-3231 (xine-lib before 1.1.15 allows remote attackers to cause a denial of ...)
	- xine-lib 1.1.14-2 (bug #492870; unimportant)
	NOTE: Only a NULL pointer deference, hardly security relevant
CVE-2008-3230 (The ffmpeg lavf demuxer allows user-assisted attackers to cause a ...)
	- ffmpeg-debian 0.svn20080206-16 (unimportant; bug #498764)
	- ffmpeg <removed> (unimportant)
	NOTE: Only a NULL pointer deference, hardly security relevant
CVE-2008-3228 (Joomla! before 1.5.4 does not configure .htaccess to apply certain ...)
	NOT-FOR-US: Joomla
CVE-2008-3227 (Unspecified vulnerability in Joomla! before 1.5.4 has unknown impact ...)
	NOT-FOR-US: Joomla
CVE-2008-3226 (The file caching implementation in Joomla! before 1.5.4 allows ...)
	NOT-FOR-US: Joomla
CVE-2008-3225 (Joomla! before 1.5.4 allows attackers to access administration ...)
	NOT-FOR-US: Joomla
CVE-2008-3217 (PowerDNS Recursor before 3.1.6 does not always use the strongest ...)
	{DSA-1544-2}
	- pdns-recursor 3.1.7-1 (low; bug #493576)
CVE-2008-3215 (libclamav/petite.c in ClamAV before 0.93.3 allows remote attackers to ...)
	{DSA-1616-2}
	- clamav 0.93.1.dfsg-1.1 (medium)
CVE-2008-3214 (dnsmasq 2.25 allows remote attackers to cause a denial of service ...)
	- dnsmasq 2.26-1 (medium)
CVE-2008-3213 (SQL injection vulnerability in secciones/tablon/tablon.php in WebCMS ...)
	NOT-FOR-US: WebCMS
CVE-2008-3212 (Multiple SQL injection vulnerabilities in Scripteen Free Image Hosting ...)
	NOT-FOR-US: Scripteen Free Image Hosting
CVE-2008-3211 (Scripteen Free Image Hosting Script 1.2 and 1.2.1 allows remote ...)
	NOT-FOR-US: Scripteen Free Image Hosting
CVE-2008-3210 (rutil/dns/DnsStub.cxx in ReSIProcate 1.3.2, as used by repro, allows ...)
	NOT-FOR-US: ReSIProcate
CVE-2008-3209 (Heap-based buffer overflow in the OpenGifFile function in BiGif.dll in ...)
	NOT-FOR-US: Black Ice Document Imaging SDK
CVE-2008-3208 (Simple DNS Plus 4.1, 5.0, and possibly other versions before 5.1.101 ...)
	NOT-FOR-US: Simple DNS Plus
CVE-2008-3207 (PHP remote file inclusion vulnerability in cms/modules/form.lib.php in ...)
	NOT-FOR-US: Pragyan CMS
CVE-2008-3206 (SQL injection vulnerability in browse.groups.php in Yuhhu Pubs Black ...)
	NOT-FOR-US: Yuhhu Pubs Black Cat
CVE-2008-3205 (Directory traversal vulnerability in index.php in Easy-Script Wysi ...)
	NOT-FOR-US: Easy-Script Wysi Wiki Wyg
CVE-2008-3204 (SQL injection vulnerability in tops_top.php in E-topbiz Million Pixels ...)
	NOT-FOR-US: E-topbiz Million Pixels
CVE-2008-3203 (js/pages/pages_data.php in AuraCMS 2.2 through 2.2.2 does not perform ...)
	NOT-FOR-US: AuraCMS
CVE-2008-3202 (Cross-site scripting (XSS) vulnerability in index.php in Xomol CMS 1.2 ...)
	NOT-FOR-US: Xomol
CVE-2008-3201 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...)
	NOT-FOR-US: Pagefusion
CVE-2008-3200 (SQL injection vulnerability in vlc_forum.php in Avlc Forum as of ...)
	NOT-FOR-US: Avlc Forum
CVE-2008-3199 (Multiple unspecified vulnerabilities in ReSIProcate before 1.3.4 allow ...)
	NOT-FOR-US: ReSIProcate
CVE-2008-3198 (Mozilla Firefox 3.x before 3.0.1 allows remote attackers to inject ...)
	{DSA-1614-1}
	- iceweasel 3.0.1-1 (low)
	NOTE: http://www.mozilla.org/security/announce/2008/mfsa2008-35.html
CVE-2008-3195 (Directory traversal vulnerability in bin/configure in TWiki before ...)
	{DSA-1639-1}
	- twiki 1:4.1.2-5 (low; bug #499534)
	NOTE: access to configure script is restricted to localhost on Debian
CVE-2008-3194 (Multiple directory traversal vulnerabilities in ...)
	NOT-FOR-US: pluck CMS
CVE-2008-3193 (SQL injection vulnerability in jSite 1.0 OE allows remote attackers to ...)
	NOT-FOR-US: jSite
CVE-2008-3192 (Directory traversal vulnerability in index.php in jSite 1.0 OE allows ...)
	NOT-FOR-US: jSite
CVE-2008-3191 (Multiple SQL injection vulnerabilities in usercp.php in mForum 0.1a, ...)
	NOT-FOR-US: mForum
CVE-2008-3190 (Directory traversal vulnerability in list.php in 1Scripts CodeDB 1.1.1 ...)
	NOT-FOR-US: CodeDB
CVE-2008-3189 (SQL injection vulnerability in dreamnews-rss.php in DreamNews Manager ...)
	NOT-FOR-US: DreamNews Manager
CVE-2008-3188 (libxcrypt in SUSE openSUSE 11.0 uses the DES algorithm when the ...)
	- libxcrypt <not-affected> (Suse issue)
CVE-2008-3187 (zypp-refresh-patches in zypper in SUSE openSUSE 10.2, 10.3, and 11.0 ...)
	NOT-FOR-US: zypper
CVE-2008-3330 (Cross-site scripting (XSS) vulnerability in ...)
	- horde3 3.2.1+debian0-1 (low; bug #492578)
	- turba2 2.2.1-1 (low)
	[etch] - turba2 <not-affected> (only version 2.2 contains vulnerable code, etch has 2.1)
	[etch] - horde3 <no-dsa> (Minor issue)
CVE-2008-3325 (Cross-site request forgery (CSRF) vulnerability in Moodle 1.6.x before ...)
	{DSA-1691-1}
	- moodle 1.8.1-1 (low)
	NOTE: http://moodle.org/mod/forum/discuss.php?d=101405
CVE-2008-3326 (Cross-site scripting (XSS) vulnerability in blog/edit.php in Moodle ...)
	{DSA-1691-1}
	- moodle 1.8.2-2 (low; bug #492492)
	NOTE: http://moodle.org/mod/forum/discuss.php?d=101401
CVE-2008-3327 (Moodle 1.6.5, when display_errors is enabled, allows remote attackers ...)
	- moodle <unfixed> (unimportant)
	NOTE: http://moodle.org/mod/forum/discuss.php?d=101403
	NOTE: Does not allow any attack vendors, apart from gaining non-sensible information
CVE-2008-XXXX [mantis multiple issues]
	- mantis 1.1.2+dfsg-1 (low)
	NOTE: http://www.mantisbt.org/bugs/changelog_page.php
	NOTE: CVE id requested by redhat
	NOTE: 0008975 (CSRF) covered by CVE-2008-2276
	NOTE: 0008976 remote code execution only possible with valid administrator account
CVE-2008-3196 (skeleton.c in yacc does not properly handle reduction of a rule with ...)
	- byacc 20070509-1.1 (low; bug #491182)
	[etch] - byacc <no-dsa> (Minor issue)
CVE-2008-XXXX [libetpan NULL deref]
	- libetpan 0.54-3 (low)
	[etch] - libetpan <no-dsa> (Minor issue)
	NOTE: http://lwn.net/Alerts/287640/
	NOTE: http://libetpan.cvs.sourceforge.net/libetpan/libetpan/src/low-level/imf/mailimf.c?view=diff&r1=1.46&r2=1.47
CVE-2008-XXXX [XSS in press-this of wordpress]
	- wordpress <not-affected> (Vulnerable code not present)
	NOTE: this code was never present in a released wordpress version
	NOTE: http://www.openwall.com/lists/oss-security/2008/07/15/5
CVE-2008-3224 (Unspecified vulnerability in phpBB before 3.0.1 has unknown impact and ...)
	- phpbb3 3.0.2-1 (low)
	- phpbb2 <not-affected> (Vulnerable code not present)
CVE-2008-3197 (Cross-site request forgery (CSRF) vulnerability in phpMyAdmin before ...)
	{DSA-1641-1}
	- phpmyadmin 4:2.11.7.1-1 (low)
	NOTE: this only allows via csrf to create an empty database.
	NOTE: this would take a lot of work to get it only to the 'annoying' level, let alone a DoS
CVE-2008-3186 (Multiple cross-site scripting (XSS) vulnerabilities in Chipmunk Blog ...)
	NOT-FOR-US: Chipmunk Blog
CVE-2008-3185 (SQL injection vulnerability in index.php in Relative Real Estate ...)
	NOT-FOR-US: Relative Real Estate Systems
CVE-2008-3184 (Multiple cross-site scripting (XSS) vulnerabilities in vBulletin ...)
	NOT-FOR-US: vBulletin
CVE-2008-3183 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: gapicms
CVE-2008-3182 (Stack-based buffer overflow in DAP.exe in Download Accelerator Plus ...)
	NOT-FOR-US: Download Accelerator Plus
CVE-2008-3181 (Unrestricted file upload vulnerability in upload.php in ContentNow CMS ...)
	NOT-FOR-US: ContentNow CMS
CVE-2008-3180 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
	NOT-FOR-US: ContentNow CMS
CVE-2008-3179 (Directory traversal vulnerability in website.php in Web 2 Business ...)
	NOT-FOR-US: phpDatingClub
CVE-2008-3178 (Unrestricted file upload vulnerability in upload_pictures.php in ...)
	NOT-FOR-US: WebXell Editor
CVE-2008-3177 (Sophos virus detection engine 2.75 on Linux and Unix, as used in ...)
	NOT-FOR-US: Sophos virus detection engine
CVE-2008-3176
	RESERVED
CVE-2008-3175 (Integer underflow in rxRPC.dll in the LGServer service in the ...)
	NOT-FOR-US: CA ARCserve Backup
CVE-2008-3174 (Unspecified vulnerability in the kmxfw.sys driver in CA Host-Based ...)
	NOT-FOR-US: r8 (Host-Based Intrusion Prevention System (HIPS))
CVE-2008-3173 (Microsoft Internet Explorer allows web sites to set cookies for ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2008-3172 (Opera allows web sites to set cookies for country-specific top-level ...)
	NOT-FOR-US: Opera
CVE-2008-3171 (Apple Safari sends Referer headers containing https URLs to different ...)
	NOT-FOR-US: Apple Safari
CVE-2008-3170 (Apple Safari allows web sites to set cookies for country-specific ...)
	NOT-FOR-US: Apple Safari
CVE-2008-3169 (Multiple heap-based buffer overflows in Empire Server before 4.3.15 ...)
	NOT-FOR-US: Empire Server
CVE-2008-3168 (The files utility in Empire Server before 4.3.15 discloses the world ...)
	NOT-FOR-US: Empire Server
CVE-2008-3167 (Multiple PHP remote file inclusion vulnerabilities in BoonEx Dolphin ...)
	NOT-FOR-US: BoonEx Dolphin
CVE-2008-3166 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: BoonEx Ray
CVE-2008-3165 (Directory traversal vulnerability in rss.php in fuzzylime (cms) 3.01a ...)
	NOT-FOR-US: fuzzylime
CVE-2008-3164 (Directory traversal vulnerability in blog.php in fuzzylime (cms) 3.01, ...)
	NOT-FOR-US: fuzzylime
CVE-2008-3163 (Directory traversal vulnerability in dodosmail.php in DodosMail 2.5 ...)
	NOT-FOR-US: DodosMail
CVE-2008-3162 (Stack-based buffer overflow in the str_read_packet function in ...)
	- ffmpeg-debian 0.svn20080206-10 (bug #489965; low)
	- ffmpeg <removed>
	TODO: Check the various embedders in Etch, horray for librification in Lenny
CVE-2008-3161 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
	NOT-FOR-US: IBM Maximo
CVE-2008-3160 (Multiple unspecified vulnerabilities in IBM Data ONTAP 7.1 before ...)
	NOT-FOR-US: IBM Data ONTAP
CVE-2008-3159 (Integer overflow in ds.dlm, as used by dhost.exe, in Novell eDirectory ...)
	NOT-FOR-US: eDirectory
CVE-2008-3158 (Unspecified vulnerability in NWFS.SYS in Novell Client for Windows ...)
	NOT-FOR-US: Novell Client for Windows
CVE-2008-3157 (Nortel SIP Multimedia PC Client 4.x MCS5100 and MCS5200 does not limit ...)
	NOT-FOR-US: Nortel SIP Multimedia PC Client
CVE-2008-3156 (The ActiveScan ActiveX Control (as2guiie.dll) in Panda ActiveScan ...)
	NOT-FOR-US: Panda ActiveScan
CVE-2008-3155 (Stack-based buffer overflow in the ActiveX control (as2guiie.dll) in ...)
	NOT-FOR-US: Panda ActiveScan
CVE-2008-3154 (SQL injection vulnerability in index.php in WebBlizzard CMS allows ...)
	NOT-FOR-US: WebBlizzard CMS
CVE-2008-3153 (SQL injection vulnerability in Triton CMS Pro allows remote attackers ...)
	NOT-FOR-US: Triton CMS Pro
CVE-2008-3152 (SQL injection vulnerability in directory.php in SmartPPC and SmartPPC ...)
	NOT-FOR-US: SmartPPC
CVE-2008-3151 (SQL injection vulnerability in the 4ndvddb 0.91 module for PHP-Nuke ...)
	NOT-FOR-US: PHP-NUke
CVE-2008-3150 (Directory traversal vulnerability in index.php in Neutrino Atomic ...)
	NOT-FOR-US: Neutrino Atomic Edition
CVE-2008-3149 (The SNMP daemon in the F5 FirePass 1200 6.0.2 hotfix 3 allows remote ...)
	NOT-FOR-US: F5 FirePass
CVE-2008-3148 (Stack-based buffer overflow in (1) OllyDBG 1.10 and (2) ImpREC 1.7f ...)
	NOT-FOR-US: OllyDBG/ImpREC
CVE-2008-3147 (WeFi 3.2.1.4.1, when diagnostic mode is enabled, stores (1) WEP, (2) ...)
	NOT-FOR-US: WeFi
CVE-2008-3146 (Multiple buffer overflows in packet_ncp2222.inc in Wireshark (formerly ...)
	{DTSA-167-1}
	- wireshark 1.0.3-1 (medium; bug #497878)
CVE-2008-3144 (Multiple integer overflows in the PyOS_vsnprintf function in ...)
	{DSA-1667-1 DTSA-157-1}
	- python2.4 2.4.5-5
	- python2.5 2.5.2-7
	[etch] - python2.5 <no-dsa> (Minor issue, not the default Python runtime)
CVE-2008-3143 (Multiple integer overflows in Python before 2.5.2 might allow ...)
	{DSA-1667-1}
	- python2.4 2.4.5-1
	[etch] - python2.5 <no-dsa> (Minor issue, not the default Python runtime)
	- python2.5 2.5.2-1
CVE-2008-3142 (Multiple buffer overflows in Python 2.5.2 and earlier on 32bit ...)
	{DSA-1667-1 DTSA-157-1}
	- python2.5 2.5.2-10
	[etch] - python2.5 <no-dsa> (Minor issue, not the default Python runtime)
	- python2.4 2.4.5-5
CVE-2008-3136 (SQL injection vulnerability in catalogue.php in AShop Deluxe 4.x ...)
	NOT-FOR-US: AShop Delux
CVE-2008-3135 (Soldner Secret Wars 33724 and earlier allows remote attackers to cause ...)
	NOT-FOR-US: Soldner Secret Wars
CVE-2008-3134 (Multiple unspecified vulnerabilities in GraphicsMagick before 1.2.4 ...)
	- graphicsmagick <unfixed> (unimportant; bug #491439)
	NOTE: several DoS fixed in 1.2.4 according to upstream
	NOTE: http://sourceforge.net/project/shownotes.php?release_id=610253
	TODO: check imagemagick
	NOTE: *magick don't really meet the robustness/quality criteria to treat such crashes as
	NOTE: security issues
CVE-2008-3133 (SQL injection vulnerability in admin/index.php in BareNuked CMS 1.1.0, ...)
	NOT-FOR-US: BareNuked CMS
CVE-2008-3132 (SQL injection vulnerability in the beamospetition (com_beamospetition) ...)
	NOT-FOR-US: Joomla component
CVE-2008-3131 (SQL injection vulnerability in chatbox.php in pSys 0.7.0 Alpha, when ...)
	NOT-FOR-US: PSys
CVE-2008-3130 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...)
	NOT-FOR-US: OpenCart
CVE-2008-3129 (Multiple SQL injection vulnerabilities in index.php in Catviz 0.4 beta ...)
	NOT-FOR-US: Catviz
CVE-2008-3128 (Directory traversal vulnerability in search.php in Pivot 1.40.5 allows ...)
	NOT-FOR-US: Pivot
CVE-2008-3127 (PHP remote file inclusion vulnerability in hioxBannerRotate.php in ...)
	NOT-FOR-US:  HIOX Banner Rotator
CVE-2008-3126 (Multiple stack-based buffer overflows in the ServerView web interface ...)
	NOT-FOR-US: Fujitsu Siemens Computers ServerView
CVE-2008-3125 (SQL injection vulnerability in index.php in Mole Group Lastminute ...)
	NOT-FOR-US: Mole Group Lastminute Script
CVE-2008-3124 (SQL injection vulnerability in index.php in Mole Group Hotel Script ...)
	NOT-FOR-US: Mole Group
CVE-2008-3123 (SQL injection vulnerability in index.php in Mole Group Real Estate ...)
	NOT-FOR-US: Mole Group
CVE-2008-3122 (Multiple SQL injection vulnerabilities in Xerox CentreWare Web (CWW) ...)
	NOT-FOR-US: Xerox CentreWare Web
CVE-2008-3121 (Multiple cross-site scripting (XSS) vulnerabilities in Xerox ...)
	NOT-FOR-US: Xerox CentreWare Web
CVE-2008-3120 (Directory traversal vulnerability in user_portal.php in Dokeos 1.8.5, ...)
	NOT-FOR-US: Dokeos
CVE-2008-3119 (SQL injection vulnerability in index.php in DreamPics Builder allows ...)
	NOT-FOR-US: DreamPics Builder
CVE-2008-3118 (SQL injection vulnerability in play.php in PHPmotion 2.0 and earlier ...)
	NOT-FOR-US: PHPmotion
CVE-2008-3117 (Unrestricted file upload vulnerability in update_profile.php in ...)
	NOT-FOR-US: PHPmotion
CVE-2008-3116 (Format string vulnerability in dx8render.dll in Snail Game (aka Suzhou ...)
	NOT-FOR-US: Snail Game
CVE-2003-1561 (Opera, probably before 7.50, sends Referer headers containing https:// ...)
	NOT-FOR-US: ancient issue
CVE-2003-1560 (Netscape 4 sends Referer headers containing https:// URLs in requests ...)
	NOT-FOR-US: ancient issue
CVE-2003-1559 (Microsoft Internet Explorer 5.22, and other 5 through 6 SP1 versions, ...)
	NOT-FOR-US: ancient issue
CVE-2008-3229 (Stack-based buffer overflow in op before Changeset 563, when xauth ...)
	- op <not-affected> (not configured with xauth support)
CVE-2008-3218 (Multiple cross-site scripting (XSS) vulnerabilities in Drupal 6.x ...)
	- drupal5 <not-affected> (Vulnerable code not present, feature introduced in 6.0)
	- drupal-4.7 <not-affected> (Vulnerable code not present, feature introduced in 6.0)
CVE-2008-3219 (The Drupal filter_xss_admin function in 5.x before 5.8 and 6.x before ...)
	- drupal5 5.8-1 (low; bug #490559)
	- drupal-4.7 <removed>
CVE-2008-3220 (Cross-site request forgery (CSRF) vulnerability in Drupal 5.x before ...)
	- drupal5 5.8-1 (low; bug #490559)
	- drupal-4.7 <not-affected> (Vulnerable code not present)
	NOTE: drupal-4.7 uses the locale_admin_string_delete callback which returns a confirmation dialog
CVE-2008-3221 (Cross-site request forgery (CSRF) vulnerability in Drupal 6.x before ...)
	- drupal5 <not-affected> (Vulnerable code not present, openids introduced in 6.0)
	- drupal-4.7 <not-affected> (Vulnerable code not present, openids introduced in 6.0)
CVE-2008-3222 (Session fixation vulnerability in Drupal 5.x before 5.9 and 6.x before ...)
	- drupal5 5.9-1 (low; bug #490559)
	- drupal-4.7 <removed>
CVE-2008-3223 (SQL injection vulnerability in the Schema API in Drupal 6.x before 6.3 ...)
	- drupal5 <not-affected> (Vulnerable code not present, introduced in 6.0)
	- drupal-4.7 <not-affected> (Vulnerable code not present, introduced in 6.0)
CVE-2008-3145 (The fragment_add_work function in epan/reassemble.c in Wireshark ...)
	{DSA-1673-1}
	- wireshark 1.0.2-1 (low)
	NOTE: http://www.wireshark.org/security/wnpa-sec-2008-04.html
CVE-2008-3115 (Secure Static Versioning in Sun Java JDK and JRE 6 Update 6 and ...)
	- sun-java5 1.5.0-16-1 (bug #490260)
	[etch] - sun-java5 <no-dsa> (Non-free not supported)
	- sun-java6 6-07-1 (bug #490260)
CVE-2008-3114 (Unspecified vulnerability in Sun Java Web Start in JDK and JRE 6 ...)
	- sun-java5 1.5.0-16-1 (bug #490260)
	[etch] - sun-java5 <no-dsa> (Non-free not supported)
	- sun-java6 6-07-1 (bug #490260)
CVE-2008-3113 (Unspecified vulnerability in Sun Java Web Start in JDK and JRE 5.0 ...)
	- sun-java5 1.5.0-16-1 (bug #490260)
	[etch] - sun-java5 <no-dsa> (Non-free not supported)
	- sun-java6 <not-affected> (Only for sun-java5)
CVE-2008-3112 (Directory traversal vulnerability in Sun Java Web Start in JDK and JRE ...)
	- sun-java5 1.5.0-16-1 (bug #490260)
	[etch] - sun-java5 <no-dsa> (Non-free not supported)
	- sun-java6 6-07-1 (bug #490260)
CVE-2008-3111 (Multiple buffer overflows in Sun Java Web Start in JDK and JRE 6 ...)
	- sun-java5 1.5.0-16-1 (bug #490260)
	[etch] - sun-java5 <no-dsa> (Non-free not supported)
	- sun-java6 6-04-1 (bug #490260)
CVE-2008-3110 (Unspecified vulnerability in scripting language support in Sun Java ...)
	- sun-java5 <not-affected> (Only for sun-java6)
	[etch] - sun-java5 <no-dsa> (Non-free not supported)
	- sun-java6 6-07-1 (bug #490260)
CVE-2008-3109 (Unspecified vulnerability in scripting language support in Sun Java ...)
	- sun-java5 <not-affected> (Only for sun-java6)
	[etch] - sun-java5 <no-dsa> (Non-free not supported)
	- sun-java6 6-07-1 (bug #490260)
CVE-2008-3108 (Buffer overflow in Sun Java Runtime Environment (JRE) in JDK and JRE ...)
	- sun-java5 1.5.0-10-1 (bug #490260)
	[etch] - sun-java5 <no-dsa> (Non-free not supported)
	- sun-java6 <not-affected> (Only for sun-java5)
CVE-2008-3107 (Unspecified vulnerability in the Virtual Machine in Sun Java Runtime ...)
	- sun-java5 1.5.0-16-1 (bug #490260)
	[etch] - sun-java5 <no-dsa> (Non-free not supported)
	- sun-java6 6-07-1 (bug #490260)
CVE-2008-3106 (Unspecified vulnerability in Sun Java Runtime Environment (JRE) in JDK ...)
	- sun-java5 1.5.0-16-1 (bug #490260)
	[etch] - sun-java5 <no-dsa> (Non-free not supported)
	- sun-java6 6-07-1 (bug #490260)
CVE-2008-3105 (Unspecified vulnerability in the JAX-WS client and service in Sun Java ...)
	- sun-java5 <not-affected> (Only for sun-java6)
	- sun-java6 6-07-1 (bug #490260)
CVE-2008-3104 (Multiple unspecified vulnerabilities in Sun Java Runtime Environment ...)
	[etch] - sun-java5 <no-dsa> (Non-free not supported)
	- sun-java5 1.5.0-16-1 (bug #490260)
	- sun-java6 6-07-1 (bug #490260)
CVE-2008-3103 (Unspecified vulnerability in the Java Management Extensions (JMX) ...)
	[etch] - sun-java5 <no-dsa> (Non-free not supported)
	- sun-java5 1.5.0-16-1 (bug #490260)
	- sun-java6 6-07-1 (bug #490260)
CVE-2008-3102 (Mantis 1.1.x through 1.1.2 and 1.2.x through 1.2.0a2 does not set the ...)
	- mantis 1.1.2+dfsg-6 (low; bug #501179)
CVE-2008-3101 (Multiple cross-site scripting (XSS) vulnerabilities in vtiger CRM ...)
	NOT-FOR-US: vtiger CRM
CVE-2008-3100 (Cross-site scripting (XSS) vulnerability in lib/owl.lib.php in Steve ...)
	- owl-dms 0.95-1.1 (low; bug #493579)
CVE-2008-3099
	RESERVED
CVE-2008-3098 (Cross-site scripting (XSS) vulnerability in admin/usercheck.php in ...)
	NOT-FOR-US: fuzzylime
CVE-2008-3097 (Cross-site scripting (XSS) vulnerability in the Tinytax module (aka ...)
	NOT-FOR-US: additional drupal module Tinytax
CVE-2008-3096 (The Outline Designer module 5.x before 5.x-1.4 for Drupal changes each ...)
	NOT-FOR-US: additional drupal module Outline Designer
CVE-2008-3095 (Cross-site scripting (XSS) vulnerability in the Organic Groups (OG) ...)
	NOT-FOR-US: additional drupal module Organic Groups
CVE-2008-3094 (The Organic Groups (OG) module 5.x before 5.x-7.3 and 6.x before ...)
	NOT-FOR-US: additional drupal module Organic Groups
CVE-2008-3093 (Unrestricted file upload vulnerability in ImperialBB 2.3.5 and earlier ...)
	NOT-FOR-US: ImperialBB
CVE-2008-3092 (SQL injection vulnerability in the Taxonomy Autotagger module 5.x ...)
	NOT-FOR-US: additional drupal module Taxonomy Autotagger 
CVE-2008-3091 (Cross-site scripting (XSS) vulnerability in the Taxonomy Autotagger ...)
	NOT-FOR-US: additional drupal module Taxonomy Autotagger 
CVE-2008-3090 (Multiple SQL injection vulnerabilities in index.php in BlognPlus (BURO ...)
	NOT-FOR-US: BlognPlus
CVE-2008-3089 (SQL injection vulnerability in user.html in Xpoze Pro 3.06 (aka Xpoze ...)
	NOT-FOR-US: ImperialBB
CVE-2008-3088 (Cross-site scripting (XSS) vulnerability in the Files module in ...)
	NOT-FOR-US: Kasseler CMS
CVE-2008-3087 (Directory traversal vulnerability in Kasseler CMS 1.3.0 allows remote ...)
	NOT-FOR-US: Kasseler CMS
CVE-2008-3086
	RESERVED
CVE-2008-3085
	RESERVED
CVE-2008-3084
	RESERVED
CVE-2008-3216 (The save function in br/prefmanager.d in projectl 1.001 creates a ...)
	- projectl 1.001.dfsg1-2 (low; bug #489988)
	[etch] - projectl <no-dsa> (Minor issue)
CVE-2008-3083 (SQL injection vulnerability in Brightcode Weblinks ...)
	NOT-FOR-US: com_brightweblinks omponent for Joomla!
CVE-2008-3082 (Cross-site scripting (XSS) vulnerability in ...)
	NOT-FOR-US: Commtouch Enterprise Anti-Spam Gateway
CVE-2008-3081 (Multiple unspecified &quot;input validation&quot; vulnerabilities in the Web ...)
	NOT-FOR-US: Avaya Message Storage Server
CVE-2008-3080 (Cross-site request forgery (CSRF) vulnerability in admin.php in ...)
	NOT-FOR-US: myBloggie
CVE-2008-3079 (Unspecified vulnerability in Opera before 9.51 on Windows allows ...)
	NOT-FOR-US: Opera
CVE-2008-3078 (Opera before 9.51 does not properly manage memory within functions ...)
	NOT-FOR-US: Opera
CVE-2008-3077 (arch/x86/kernel/ptrace.c in the Linux kernel before 2.6.25.10 on the ...)
	- linux-2.6 2.6.25-7
	- linux-2.6.24 <not-affected> (Vulnerable code added later)
	[etch] - linux-2.6 <not-affected> (Vulnerable code added later)
	NOTE: 1e9a615bfce7996ea4d815d45d364b47ac6a74e8
CVE-2008-3076 [arbitrary code execution through netrw.vim plugin]
	RESERVED
	- vim 2:7.2.010-1 (bug #506919)
	[lenny] - vim 1:7.1.314-3+lenny1 (bug #506919)
CVE-2008-3075 [arbitrary code execution through zip.vim plugin]
	RESERVED
	- vim 2:7.2.010-1 (bug #506919)
	[lenny] - vim 1:7.1.314-3+lenny1 (bug #506919)
CVE-2008-3074 [arbitrary code execution through tar.vim plugin]
	RESERVED
	- vim 2:7.2.010-1 (bug #506919)
	[lenny] - vim 1:7.1.314-3+lenny1 (bug #506919)
CVE-2008-3073 (Unspecified vulnerability in Simple Machines Forum (SMF) 1.1.x before ...)
	NOT-FOR-US: Simple Machines Forum
CVE-2008-3072 (Simple Machines Forum (SMF) 1.1.x before 1.1.5 and 1.0.x before ...)
	NOT-FOR-US: Simple Machines Forum
CVE-2008-3071 (Directory traversal vulnerability in inc/class_language.php in MyBB ...)
	NOT-FOR-US: MyBB
CVE-2008-3070 (Unspecified vulnerability in inc/datahandler/user.php in MyBB before ...)
	NOT-FOR-US: MyBB
CVE-2008-3069 (Multiple cross-site scripting (XSS) vulnerabilities in MyBB before ...)
	NOT-FOR-US: MyBB
CVE-2008-3068 (Microsoft Crypto API 5.131.2600.2180 through 6.0, as used in Outlook, ...)
	NOT-FOR-US: Microsoft Crypto API
CVE-2008-3067 (sudo in SUSE openSUSE 10.3 does not clear the stdin buffer when ...)
	- sudo 1.6.9p12-1
	[etch] - sudo <not-affected> (Issue was introduced in 1.6.9)
CVE-2008-3066 (Stack-based buffer overflow in a certain ActiveX control in rjbdll.dll ...)
	NOT-FOR-US: RealNetworks RealPlayer Enterprise
CVE-2008-3065
	RESERVED
CVE-2008-3064 (Unspecified vulnerability in RealNetworks RealPlayer Enterprise, ...)
	NOT-FOR-US: RealNetworks RealPlayer Enterprise
CVE-2008-3063 (SQL injection vulnerability in login.php in V-webmail 1.5.0 might ...)
	NOT-FOR-US: V-webmail
CVE-2008-3062
	RESERVED
CVE-2008-3061 (Open redirect vulnerability in redirect.php in V-webmail 1.5.0 allows ...)
	NOT-FOR-US: V-webmail
CVE-2008-3060 (V-webmail 1.5.0 allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: V-webmail
CVE-2008-3059 (member/settings_account.php in Octeth Oempro 3.5.5.1, and possibly ...)
	NOT-FOR-US: Octeth Oempro
CVE-2008-3058 (Multiple SQL injection vulnerabilities in Octeth Oempro 3.5.5.1, and ...)
	NOT-FOR-US: Octeth Oempro
CVE-2008-3057 (Octeth Oempro 3.5.5.1, and possibly other versions before 4, does not ...)
	NOT-FOR-US: Octeth Oempro
CVE-2008-3056 (SQL injection vulnerability in the Codeon Petition (cd_petition) ...)
	NOT-FOR-US: cd_petition extension for TYPO3
CVE-2008-3055 (SQL injection vulnerability in the Support view (ext_tbl) extension ...)
	NOT-FOR-US: ext_tbl extension for TYPO3
CVE-2008-3054 (SQL injection vulnerability in the Branchenbuch (aka Yellow Pages ...)
	NOT-FOR-US: mh_branchenbuch extension for TYPO3
CVE-2008-3053 (SQL injection vulnerability in the SQL Frontend (mh_omsqlio) extension ...)
	NOT-FOR-US: mh_omsqlio extension for TYPO3
CVE-2008-3052 (Unspecified vulnerability in the SQL Frontend (mh_omsqlio) extension ...)
	NOT-FOR-US: mh_omsqlio extension for TYPO3
CVE-2008-3051 (SQL injection vulnerability in the Pinboard extension 0.0.6 and ...)
	NOT-FOR-US: Pinboard extension for TYPO3
CVE-2008-3050 (Unspecified vulnerability in the PDF Generator 2 (pdf_generator2) ...)
	NOT-FOR-US: pdfcreator extension for TYPO3
CVE-2008-3049 (The PDF Generator 2 (pdf_generator2) extension 0.5.0 and earlier for ...)
	NOT-FOR-US: pdfcreator extension for TYPO3
CVE-2008-3048 (Unspecified vulnerability in the PDF Generator 2 (pdf_generator2) ...)
	NOT-FOR-US: pdfcreator extension for TYPO3
CVE-2008-3047 (Incomplete blacklist vulnerability in the KB Unpack (kb_unpack) ...)
	NOT-FOR-US: kb_unpack extension for TYPO3
CVE-2008-3046 (Incomplete blacklist vulnerability in the Packman (kb_packman) ...)
	NOT-FOR-US: kb_packman extension for TYPO3
CVE-2008-3045 (Unspecified vulnerability in the Industry Database (aka ...)
	NOT-FOR-US: pro_industrydb extension for TYPO3
CVE-2008-3044 (SQL injection vulnerability in the News Calendar (newscalendar) ...)
	NOT-FOR-US: newscalendar extension for TYPO3
CVE-2008-3043 (Unspecified vulnerability in the WEC Discussion Forum (wec_discussion) ...)
	NOT-FOR-US: wec_discussion extension for TYPO3
CVE-2008-3042 (Unspecified vulnerability in the DAM Frontend (dam_frontend) extension ...)
	NOT-FOR-US: dam_frontend extension for TYPO3
CVE-2008-3041 (Unspecified vulnerability in the DAM Frontend (dam_frontend) extension ...)
	NOT-FOR-US: dam_frontend extension for TYPO3
CVE-2008-3040 (Unspecified vulnerability in the DAM Frontend (dam_frontend) extension ...)
	NOT-FOR-US: dam_frontend extension for TYPO3
CVE-2008-3039 (SQL injection vulnerability in the DAM Frontend (dam_frontend) ...)
	NOT-FOR-US: dam_frontend extension for TYPO3
CVE-2008-3038 (SQL injection vulnerability in the Address Directory (sp_directory) ...)
	NOT-FOR-US: sp_directory extension for TYPO3
CVE-2008-3037 (Cross-site scripting (XSS) vulnerability in the Address Directory ...)
	NOT-FOR-US: sp_directory extension for TYPO3
CVE-2008-3036 (Directory traversal vulnerability in index.php in CMS little 0.0.1 ...)
	NOT-FOR-US: CMS little
CVE-2008-3035 (SQL injection vulnerability in newThread.php in XchangeBoard 1.70 ...)
	NOT-FOR-US: XchangeBoard
CVE-2008-3034 (Multiple SQL injection vulnerabilities in RSS-aggregator 1.0 allow ...)
	NOT-FOR-US: RSS-aggregator
CVE-2008-3033 (RSS-aggregator 1.0 does not require administrative authentication for ...)
	NOT-FOR-US: RSS-aggregator
CVE-2008-3032 (Cross-site scripting (XSS) vulnerability in the phpMyAdmin ...)
	NOT-FOR-US: phpmyadmin extension for TYPO3
CVE-2008-3031 (Directory traversal vulnerability in index.php in Simple PHP Agenda ...)
	NOT-FOR-US: Simple PHP Agenda
CVE-2008-3030 (SQL injection vulnerability in default.asp in EfesTECH Shop 2.0 allows ...)
	NOT-FOR-US: EfesTECH Shop
CVE-2008-3029 (Cross-site scripting (XSS) vulnerability in the WEC Discussion Forum ...)
	NOT-FOR-US: WEC Discussion Forum
CVE-2008-3028 (Multiple cross-site scripting (XSS) vulnerabilities in the Send-A-Card ...)
	NOT-FOR-US: sr_sendcard extension for TYPO3
CVE-2008-3027 (SQL injection vulnerability in get_article.php in VanGogh Web CMS 0.9 ...)
	NOT-FOR-US: VanGogh Web CMS
CVE-2008-3026 (SQL injection vulnerability in index.php in OneClick CMS (aka Sisplet ...)
	NOT-FOR-US: OneClick CMS
CVE-2008-3025 (SQL injection vulnerability in ad.php in plx Ad Trader 3.2 allows ...)
	NOT-FOR-US: plx Ad Trader
CVE-2008-3024 (Stack-based buffer overflow in phgrafx in QNX Momentics (aka RTOS) ...)
	NOT-FOR-US: phgrafx in QNX Momentics
CVE-2008-3023 (Cross-site scripting (XSS) vulnerability in FreeStyle Wiki 3.6.2 and ...)
	NOT-FOR-US: FreeStyle Wiki
CVE-2008-3022 (Multiple PHP remote file inclusion vulnerabilities in ...)
	NOT-FOR-US: PHPortal
CVE-2008-3021 (Microsoft Office 2000 SP3, XP SP3, and 2003 SP2; Office Converter ...)
	NOT-FOR-US: Microsoft Office 2000
CVE-2008-3020 (Microsoft Office 2000 SP3 and XP SP3; Office Converter Pack; and Works ...)
	NOT-FOR-US: Microsoft Office 2000
CVE-2008-3019 (Microsoft Office 2000 SP3, XP SP3, and 2003 SP2; Office Converter ...)
	NOT-FOR-US: Microsoft Office 2000
CVE-2008-3018 (Microsoft Office 2000 SP3, XP SP3, and 2003 SP2; Office Converter ...)
	NOT-FOR-US: Microsoft Office 2000
CVE-2008-3017
	RESERVED
CVE-2008-3016
	RESERVED
CVE-2008-3015 (Integer overflow in gdiplus.dll in GDI+ in Microsoft Office XP SP3, ...)
	NOT-FOR-US: Microsoft Office XP
CVE-2008-3014 (Buffer overflow in gdiplus.dll in GDI+ in Microsoft Internet Explorer ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2008-3013 (gdiplus.dll in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2008-3012 (gdiplus.dll in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2008-3011
	RESERVED
CVE-2008-3010 (Microsoft Windows Media Player 6.4, Windows Media Format Runtime 7.1 ...)
	NOT-FOR-US: Microsoft Windows Media Player
CVE-2008-3009 (Microsoft Windows Media Player 6.4, Windows Media Format Runtime 7.1 ...)
	NOT-FOR-US: Microsoft Windows Media Player
CVE-2008-3008 (Stack-based buffer overflow in the WMEncProfileManager ActiveX control ...)
	NOT-FOR-US: Microsoft Windows Media Encoder
CVE-2008-3007 (Microsoft Office XP SP3, 2003 SP2 and SP3, 2007 Office System Gold and ...)
	NOT-FOR-US: Microsoft Office XP
CVE-2008-3006 (Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP2 and SP3, and 2007 ...)
	NOT-FOR-US: Microsoft Office Excel
CVE-2008-3005 (Array index vulnerability in Microsoft Office Excel 2000 SP3 and 2002 ...)
	NOT-FOR-US: Microsoft Office Excel
CVE-2008-3004 (Microsoft Office Excel 2000 SP3, 2002 SP3, and 2003 SP2 and SP3; ...)
	NOT-FOR-US: Microsoft Office Excel
CVE-2008-3003 (Microsoft Office Excel 2007 Gold and SP1 does not properly delete the ...)
	NOT-FOR-US: Microsoft Office Excel
CVE-2008-3002
	RESERVED
CVE-2008-3001 (The Aggregation module 5.x before 5.x-4.4 for Drupal allows remote ...)
	NOT-FOR-US: additional drupal module Aggregation module
CVE-2008-3000 (The Aggregation module 5.x before 5.x-4.4 for Drupal, when node access ...)
	NOT-FOR-US: additional drupal module Aggregation module
CVE-2008-2999 (Multiple SQL injection vulnerabilities in the Aggregation module 5.x ...)
	NOT-FOR-US: additional drupal module Aggregation module
CVE-2008-2998 (Multiple cross-site scripting (XSS) vulnerabilities in the Aggregation ...)
	NOT-FOR-US: additional drupal module Aggregation module
CVE-2008-2997 (Cross-site scripting (XSS) vulnerability in index.php in Gravity Board ...)
	NOT-FOR-US: Gravity Board
CVE-2008-2996 (Multiple SQL injection vulnerabilities in index.php in Gravity Board X ...)
	NOT-FOR-US: Gravity Board
CVE-2008-2995 (Multiple SQL injection vulnerabilities in PHPEasyData 1.5.4 allow ...)
	NOT-FOR-US: PHPEasyData
CVE-2008-2994 (Multiple cross-site scripting (XSS) vulnerabilities in PHPEasyData ...)
	NOT-FOR-US: PHPEasyData
CVE-2008-2993 (Multiple directory traversal vulnerabilities in index.php in FOG Forum ...)
	NOT-FOR-US: FOG Forum
CVE-2008-2992 (Stack-based buffer overflow in Adobe Acrobat and Reader 8.1.2 and ...)
	NOT-FOR-US: Adobe Acrobat
CVE-2008-2991 (Cross-site scripting (XSS) vulnerability in Adobe RoboHelp Server 6 ...)
	NOT-FOR-US: Adobe RoboHelp Server 7
CVE-2008-2990 (PHP remote file inclusion vulnerability in facileforms.frame.php in ...)
	NOT-FOR-US: FacileForms
CVE-2008-2989 (SQL injection vulnerability in index.php in HoMaP-CMS 0.1 allows ...)
	NOT-FOR-US: HoMaP-CMS
CVE-2008-2988 (Unrestricted file upload vulnerability in admin/upload.php in Benja ...)
	NOT-FOR-US: Benja CMS
CVE-2008-2987 (Multiple cross-site scripting (XSS) vulnerabilities in Benja CMS 0.1 ...)
	NOT-FOR-US: Benja CMS
CVE-2008-2986 (Multiple PHP remote file inclusion vulnerabilities in phpDMCA 1.0.0 ...)
	NOT-FOR-US: phpDMCA
CVE-2008-2985 (Directory traversal vulnerability in load_language.php in CMReams CMS ...)
	NOT-FOR-US: CMReams CMS
CVE-2008-2984 (Cross-site scripting (XSS) vulnerability in backend/umleitung.php in ...)
	NOT-FOR-US: CMReams CMS
CVE-2008-2983 (SQL injection vulnerability in index.php in Demo4 CMS 01 Beta allows ...)
	NOT-FOR-US: Demo4 CMS
CVE-2008-2982 (Multiple directory traversal vulnerabilities in HomePH Design 2.10 ...)
	NOT-FOR-US: HomePH
CVE-2008-2981 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: HomePH
CVE-2008-2980 (Multiple cross-site scripting (XSS) vulnerabilities in HomePH Design ...)
	NOT-FOR-US: HomePH
CVE-2008-2979 (Multiple cross-site scripting (XSS) vulnerabilities in phpi/login.php ...)
	NOT-FOR-US: Ourvideo CMS
CVE-2008-2978 (Directory traversal vulnerability in phpi/rss.php in Ourvideo CMS 9.5, ...)
	NOT-FOR-US: Ourvideo CMS
CVE-2008-2977 (Multiple PHP remote file inclusion vulnerabilities in Ourvideo CMS 9.5 ...)
	NOT-FOR-US: Ourvideo CMS
CVE-2008-2976 (Multiple directory traversal vulnerabilities in TinX/cms 1.1, when ...)
	NOT-FOR-US: TinX/cms
CVE-2008-2975 (Cross-site scripting (XSS) vulnerability in ...)
	NOT-FOR-US: TinX/cms
CVE-2008-2974 (Directory traversal vulnerability in chatconfig.php in MM Chat 1.5, ...)
	NOT-FOR-US: MM Chat
CVE-2008-2973 (Multiple cross-site scripting (XSS) vulnerabilities in chathead.php in ...)
	NOT-FOR-US: MM Chat
CVE-2008-2972 (SQL injection vulnerability in index.php in KbLance allows remote ...)
	NOT-FOR-US: KbLance
CVE-2008-2971 (SQL injection vulnerability in links-extern.php in CiBlog 3.1 allows ...)
	NOT-FOR-US: CiBlog
CVE-2008-2970 (Multiple session fixation vulnerabilities in Academic Web Tools (AWT ...)
	NOT-FOR-US: Academic Web Tools
CVE-2008-2969 (Directory traversal vulnerability in download.php in Academic Web ...)
	NOT-FOR-US: Academic Web Tools
CVE-2008-2968 (SQL injection vulnerability in rating.php in Academic Web Tools (AWT ...)
	NOT-FOR-US: Academic Web Tools
CVE-2008-2967 (Multiple cross-site scripting (XSS) vulnerabilities in Academic Web ...)
	NOT-FOR-US: Academic Web Tools
CVE-2008-2966 (Directory traversal vulnerability in viewprofile.php in JaxUltraBB 2.0 ...)
	NOT-FOR-US: JaxUltraBB
CVE-2008-2965 (Cross-site scripting (XSS) vulnerability in viewforum.php in ...)
	NOT-FOR-US: JaxUltraBB
CVE-2008-2964 (SQL injection vulnerability in guide.php in ResearchGuide 0.5 allows ...)
	NOT-FOR-US: ResearchGuide
CVE-2008-2963 (Multiple SQL injection vulnerabilities in MyBlog allow remote ...)
	NOT-FOR-US: MyBlog
CVE-2008-2962 (Multiple cross-site scripting (XSS) vulnerabilities in MyBlog allow ...)
	NOT-FOR-US: MyBlog
CVE-2008-2961 (Multiple directory traversal vulnerabilities in view/index.php in CMS ...)
	NOT-FOR-US: CMS Mini 
CVE-2008-2959 (Buffer overflow in a certain ActiveX control (vb6skit.dll) in ...)
	NOT-FOR-US: ActiveX control
CVE-2008-2951 (Open redirect vulnerability in the search script in Trac before 0.10.5 ...)
	- trac 0.11-1
	[etch] - trac 0.10.3-1etch4
CVE-2008-2949 (Cross-domain vulnerability in Microsoft Internet Explorer 6 and 7 ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2008-2948 (Cross-domain vulnerability in Microsoft Internet Explorer 7 and 8 ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2008-2947 (Cross-domain vulnerability in Microsoft Internet Explorer 5.01 SP4, 6, ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2008-2946 (The SNMP-DMI mapper subagent daemon (aka snmpXdmid) in Solstice ...)
	NOT-FOR-US: Solstice Enterprise Agents in Sun Solaris
CVE-2008-2945 (Sun Java System Access Manager 6.3 through 7.1 and Sun Java System ...)
	NOT-FOR-US: Sun Java System Access Manager
CVE-2008-2944 (Double free vulnerability in the utrace support in the Linux kernel, ...)
	- linux-2.6 <not-affected>
	[etch] - linux-2.6 <not-affected>
	- linux-2.6.24 <not-affected>
CVE-2008-2943 (Double free vulnerability in IBM Tivoli Directory Server (TDS) 6.1.0.0 ...)
	NOT-FOR-US: IBM Tivoli Directory Server
CVE-2008-2941 (The hpssd message parser in hpssd.py in HP Linux Imaging and Printing ...)
	- hplip 2.8.6-1 (low; bug #499842)
	[etch] - hplip <no-dsa> (Minor issue)
	NOTE: Does not affect current version in lenny, marking as fixed in current upstream release
CVE-2008-2940 (The alert-mailing implementation in HP Linux Imaging and Printing ...)
	- hplip 2.8.6-1 (low; bug #499842)
	[etch] - hplip <no-dsa> (Minor issue)
	NOTE: Does not affect current version in lenny, marking as fixed in current upstream release
CVE-2008-2939 (Cross-site scripting (XSS) vulnerability in proxy_ftp.c in the ...)
	- apache2 2.2.9-7 (low)
	[etch] - apache2 2.2.3-4+etch6
	- apache <not-affected> (vulnerable code not present)
CVE-2008-2938 (Directory traversal vulnerability in Apache Tomcat 4.1.0 through ...)
	- tomcat5.5 5.5.26-5 (low; bug #496309)
CVE-2008-2937 (Postfix 2.5 before 2.5.4 and 2.6 before 2.6-20080814 delivers to a ...)
	- postfix 2.5.4-1 (low)
	[etch] - postfix <no-dsa> (minor issue)
CVE-2008-2936 (Postfix before 2.3.15, 2.4 before 2.4.8, 2.5 before 2.5.4, and 2.6 ...)
	{DSA-1629-2 DSA-1629-1 DTSA-155-1}
	- postfix 2.5.4-1
CVE-2008-2935 (Multiple heap-based buffer overflows in the rc4 (1) encryption (aka ...)
	{DSA-1624-1 DTSA-152-1}
	- libxslt 1.1.24-2 (bug #493162)
	NOTE: http://www.ocert.org/advisories/ocert-2008-009.html
CVE-2008-2934 (Mozilla Firefox 3 before 3.0.1 on Mac OS X allows remote attackers to ...)
	- iceweasel <not-affected> (MacOS-specific)
CVE-2008-2933 (Mozilla Firefox before 2.0.0.16, and 3.x before 3.0.1, interprets '|' ...)
	{DSA-1697-1 DSA-1615-1 DSA-1614-1}
	- iceweasel 3.0.1-1 (low)
CVE-2008-2932 (Heap-based buffer overflow in Red Hat adminutil 1.1.6 allows remote ...)
	NOT-FOR-US: Red Hat adminutil
CVE-2008-2931 (The do_change_type function in fs/namespace.c in the Linux kernel ...)
	{DSA-1630-1}
	- linux-2.6 2.6.22
	NOTE: ee6f958291e2a768fd727e7a67badfff0b67711a
CVE-2008-2930 (Red Hat Directory Server 7.1 before SP7, Red Hat Directory Server 8, ...)
	NOT-FOR-US: Red Hat Directory Server / Fedora Directory Server
CVE-2008-2929 (Multiple cross-site scripting (XSS) vulnerabilities in the adminutil ...)
	NOT-FOR-US: Red Hat Directory Server / Fedora Directory Server
CVE-2008-2928 (Multiple buffer overflows in the adminutil library in CGI applications ...)
	NOT-FOR-US: Red Hat Directory Server / Fedora Directory Server
CVE-2008-2926 (The kmxfw.sys driver in CA Host-Based Intrusion Prevention System ...)
	NOT-FOR-US: r8 (Host-Based Intrusion Prevention System)
CVE-2008-2925 (SQL injection vulnerability in Webmatic before 2.8 allows remote ...)
	NOT-FOR-US: Webmatic
CVE-2008-2924 (Cross-site scripting (XSS) vulnerability in Webmatic before 2.8 allows ...)
	NOT-FOR-US: Webmatic
CVE-2008-2923 (Cross-site scripting (XSS) vulnerability in read/search/results in ...)
	NOT-FOR-US: Lyris ListManager
CVE-2008-2922 (Stack-based buffer overflow in artegic Dana IRC client 1.3 and earlier ...)
	NOT-FOR-US: Dana IRC client
CVE-2008-2921 (SQL injection vulnerability in index.php in EZTechhelp EZCMS 1.2 and ...)
	NOT-FOR-US: EZTechhelp
CVE-2008-2920 (admin/filemanager/ (aka the File Manager) in EZTechhelp EZCMS 1.2 and ...)
	NOT-FOR-US: EZTechhelp
CVE-2008-2919 (SQL injection vulnerability in listing.php in Gryphon gllcTS2 4.2.4 ...)
	NOT-FOR-US: Gryphon
CVE-2008-2918 (SQL injection vulnerability in details.php in Application Dynamics ...)
	NOT-FOR-US: Application Dynamics Cartweaver
CVE-2008-2917 (SQL injection vulnerability in productsofcat.asp in E-SMART CART ...)
	NOT-FOR-US: E-SMART CART
CVE-2008-2916 (Multiple SQL injection vulnerabilities in Pre ADS Portal 2.0 and ...)
	NOT-FOR-US: Pre ADS Portal
CVE-2008-2915 (Multiple SQL injection vulnerabilities in jobseekers/JobSearch.php ...)
	NOT-FOR-US: Pre Job Board
CVE-2008-2914 (SQL injection vulnerability in jobseekers/JobSearch3.php (aka the ...)
	NOT-FOR-US: Pre Job Board
CVE-2008-2913 (Directory traversal vulnerability in func.php in Devalcms 1.4a, when ...)
	NOT-FOR-US: Devalcms
CVE-2008-2912 (Multiple PHP remote file inclusion vulnerabilities in Contenido CMS ...)
	NOT-FOR-US: Contenido CMS
CVE-2008-2911 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...)
	NOT-FOR-US: Contenido CMS
CVE-2008-2910 (Buffer overflow in the DXTTextOutEffect ActiveX control (aka the ...)
	NOT-FOR-US: ActiveX control
CVE-2008-2909 (SQL injection vulnerability in results.php in Clever Copy 3.0 allows ...)
	NOT-FOR-US: Clever Copy
CVE-2008-2908 (Multiple stack-based buffer overflows in a certain ActiveX control in ...)
	NOT-FOR-US: ActiveX control
CVE-2008-2907 (SQL injection vulnerability in admin/index.php in WebChamado 1.1, when ...)
	NOT-FOR-US: WebChamado
CVE-2008-2906 (SQL injection vulnerability in lista_anexos.php in WebChamado 1.1 ...)
	NOT-FOR-US: WebChamado
CVE-2008-2905 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: Mambo
	NOTE: Mambo is only in experimental
	NOTE: filed removal bug for Mambo from experimental #490291
CVE-2008-2904 (SQL injection vulnerability in shop.php in Conkurent PHPMyCart allows ...)
	NOT-FOR-US: Conkurent PHPMyCart
CVE-2008-2903 (SQL injection vulnerability in news.php in Advanced Webhost Billing ...)
	NOT-FOR-US: Advanced Webhost Billing System
CVE-2008-2902 (SQL injection vulnerability in profile.php in AlstraSoft AskMe Pro 2.1 ...)
	NOT-FOR-US: AlstraSoft AskMe Pro
CVE-2008-2901 (Multiple SQL injection vulnerabilities in Haudenschilt Family ...)
	NOT-FOR-US: Haudenschilt Family Connections CMS
CVE-2008-2900 (SQL injection vulnerability in item.php in PHPAuction 3.2 allows ...)
	NOT-FOR-US: PHPAuction
CVE-2008-2899 (Unspecified vulnerability in includes/classes/page.php in j00lean-CMS ...)
	NOT-FOR-US: j00lean-CMS
CVE-2008-2898 (Directory traversal vulnerability in includes/header.php in ...)
	NOT-FOR-US: Hedgehog-CMS
CVE-2008-2897 (SQL injection vulnerability in index.php in PageSquid CMS 0.3 Beta ...)
	NOT-FOR-US: PageSquid
CVE-2008-2896 (Directory traversal vulnerability in index.php in FireAnt 1.3 allows ...)
	NOT-FOR-US: FireAnt
CVE-2008-2895 (Directory traversal vulnerability in index.php in AproxEngine 5.1.0.4 ...)
	NOT-FOR-US: AproxEngine
CVE-2008-2894 (Directory traversal vulnerability in the FTP client in NCH Software ...)
	NOT-FOR-US: NCH Software Classic FTP Windows
CVE-2008-2893 (SQL injection vulnerability in news.php in AJ Square aj-hyip (aka AJ ...)
	NOT-FOR-US: AJ Square aj-hyip
CVE-2008-2892 (SQL injection vulnerability in the EXP Shop (com_expshop) component ...)
	NOT-FOR-US: Joomla
CVE-2008-2891 (SQL injection vulnerability in index.php in eMuSOFT emuCMS 0.3 allows ...)
	NOT-FOR-US: emuCMS
CVE-2008-2890 (Multiple SQL injection vulnerabilities in Online Fantasy Football ...)
	NOT-FOR-US: Online Fantasy Football League
CVE-2008-2889 (Directory traversal vulnerability in the FTP client in AceBIT WISE-FTP ...)
	NOT-FOR-US: AceBIT WISE-FTP
CVE-2008-2888 (Multiple PHP remote file inclusion vulnerabilities in MiGCMS 2.0.5, ...)
	NOT-FOR-US: MiGCMS
CVE-2008-2887 (Directory traversal vulnerability in index.php in chaozz@work ...)
	NOT-FOR-US: FubarForum
CVE-2008-2886 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: Jamroom
CVE-2008-2885 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: Open Digital Assets Repository System
CVE-2008-2884 (PHP remote file inclusion vulnerability in display.php in ...)
	NOT-FOR-US: RSS-aggregator
CVE-2008-2883 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: Jamroom
CVE-2008-2882 (upgrade.asp in sHibby sHop 2.2 and earlier does not require ...)
	NOT-FOR-US: sHibby sHop
CVE-2008-2881 (Relative Real Estate Systems 3.0 and earlier stores passwords in ...)
	NOT-FOR-US: Relative Real Estate Systems
CVE-2008-2880 (Heap-based buffer overflow in the IBM AFP Viewer Plug-in 2.0.7.1 and ...)
	NOT-FOR-US: IBM AFP Viewer Plug-in
CVE-2008-2879 (Benja CMS 0.1 does not require authentication for access to admin/, ...)
	NOT-FOR-US: Benja CMS
CVE-2008-2878 (Open redirect vulnerability in rss_getfile.php in Academic Web Tools ...)
	NOT-FOR-US: Academic Web Tools
CVE-2008-2877 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: cmsWorks
CVE-2008-2876 (Directory traversal vulnerability in index.php in mUnky 0.0.1 allows ...)
	NOT-FOR-US: mUnky
CVE-2008-2875 (SQL injection vulnerability in index.php in Webdevindo-CMS 1.0.0 ...)
	NOT-FOR-US: Webdevindo-CMS
CVE-2008-2874 (SQL injection vulnerability in index.php in Softbiz Jokes &amp; Funny Pics ...)
	NOT-FOR-US: Softbiz Jokes & Funny Pics
CVE-2008-2873 (sHibby sHop 2.2 and earlier stores sensitive information under the web ...)
	NOT-FOR-US: sHibby sHop
CVE-2008-2872 (SQL injection vulnerability in default.asp in sHibby sHop 2.2 and ...)
	NOT-FOR-US: sHibby sHop
CVE-2008-2871 (Multiple cross-site scripting (XSS) vulnerabilities in template2.php ...)
	NOT-FOR-US: PEGames
CVE-2008-2870 (Multiple SQL injection vulnerabilities in ShareCMS 0.1 Beta allow ...)
	NOT-FOR-US: ShareCMS
CVE-2008-2869 (SQL injection vulnerability in out.php in E-topbiz Link ADS 1 allows ...)
	NOT-FOR-US: E-topbiz Link ADS
CVE-2008-2868 (SQL injection vulnerability in detail.asp in DUware DUcalendar 1.0 and ...)
	NOT-FOR-US: ware DUcalendar
CVE-2008-2867 (SQL injection vulnerability in adclick.php in E-topbiz Viral DX 1 2.07 ...)
	NOT-FOR-US: E-topbiz Viral
CVE-2008-2866 (SQL injection vulnerability in csc_article_details.php in Caupo.net ...)
	NOT-FOR-US: CaupoShop Classic 
CVE-2008-2865 (SQL injection vulnerability in index.php in Kalptaru Infotech PHP Site ...)
	NOT-FOR-US: Kalptaru Infotech PHP Site
CVE-2008-2864 (eLineStudio Site Composer (ESC) 2.6 and earlier allows remote ...)
	NOT-FOR-US: eLineStudio Site Composer
CVE-2008-2863 (Multiple absolute path traversal vulnerabilities in eLineStudio Site ...)
	NOT-FOR-US: eLineStudio Site Composer
CVE-2008-2862 (Multiple SQL injection vulnerabilities in eLineStudio Site Composer ...)
	NOT-FOR-US: eLineStudio Site Composer
CVE-2008-2861 (Multiple cross-site scripting (XSS) vulnerabilities in eLineStudio ...)
	NOT-FOR-US: eLineStudio Site Composer
CVE-2008-2860 (SQL injection vulnerability in category.php in AJSquare AJ Auction Pro ...)
	NOT-FOR-US: AJSquare AJ Auction Pro Web
CVE-2008-2859 (Unspecified vulnerability in the IMAP service in NetWin SurgeMail ...)
	NOT-FOR-US: NetWin SurgeMail
CVE-2008-2858 (SQL injection vulnerability in index.php in WebChamado 1.1 allows ...)
	NOT-FOR-US: WebChamado
CVE-2008-2857 (AlstraSoft AskMe Pro 2.1 and earlier stores passwords in cleartext in ...)
	NOT-FOR-US: AlstraSoft AskMe Pro
CVE-2008-2856 (SQL injection vulnerability in clanek.php in OwnRS Beta 3 allows ...)
	NOT-FOR-US: OwnRS
CVE-2008-2855 (Cross-site scripting (XSS) vulnerability in clanek.php in OwnRS Beta 3 ...)
	NOT-FOR-US: OwnRS
CVE-2008-2854 (Multiple PHP remote file inclusion vulnerabilities in Orlando CMS 0.6 ...)
	NOT-FOR-US: Orlando CMS
CVE-2008-2853 (SQL injection vulnerability in index.php in Easy Webstore 1.2 allows ...)
	NOT-FOR-US: Easy Webstore
CVE-2008-2852 (Cross-site scripting (XSS) vulnerability in CGIWrap before 4.1, when ...)
	- cgiwrap <removed> (low; bug #497761)
	[etch] - cgiwrap <no-dsa> (Minor issue)
	NOTE: only applies to certain character sets and only works with
	NOTE: browsers. There isn't a good solution available, the patch uses
	NOTE: a compile-time charset specification. All in all not a real
	NOTE: priority to fix in etch.
CVE-2008-2851 (Multiple buffer overflows in OFF System before 0.19.14 allow remote ...)
	NOT-FOR-US: OFF System
CVE-2008-2850 (SQL injection vulnerability in the TrailScout module 5.x before ...)
	NOT-FOR-US: additional drupal module TrailScout
CVE-2008-2849 (Cross-site scripting (XSS) vulnerability in the TrailScout module 5.x ...)
	NOT-FOR-US: additional drupal module TrailScout
CVE-2008-2848 (Cross-site scripting (XSS) vulnerability in the search functionality ...)
	NOT-FOR-US: MindTouch DekiWiki 
CVE-2008-2847 (SQL injection vulnerability in the Trade module in Maxtrade AIO 1.3.23 ...)
	NOT-FOR-US: Maxtrade
CVE-2008-2846 (SQL injection vulnerability in index.php in BoatScripts Classifieds ...)
	NOT-FOR-US: BoatScripts Classifieds
CVE-2008-2845 (SQL injection vulnerability in index.php in MyBizz-Classifieds allows ...)
	NOT-FOR-US: MyBizz-Classifieds
CVE-2008-2844 (SQL injection vulnerability in index.php in Carscripts Classifieds ...)
	NOT-FOR-US: Carscripts Classifieds
CVE-2008-2843 (Multiple SQL injection vulnerabilities in doITLive CMS 2.50 and ...)
	NOT-FOR-US: doITLive CMS
CVE-2008-2842 (Cross-site scripting (XSS) vulnerability in edit/showmedia.asp in ...)
	NOT-FOR-US: doITLive CMS
CVE-2008-2950 (The Page destructor in Page.cc in libpoppler in Poppler 0.8.4 and ...)
	{DTSA-146-1}
	- poppler 0.8.4-1.1 (medium; bug #489756)
	[etch] - poppler <not-affected> (Vulnerable code not present)
	- xpdf <not-affected> (Page.cc is not allocating the widget and therefore not vulnerable in the destructor, attrs initialized)
CVE-2008-2927 (Multiple integer overflows in the msn_slplink_process_msg functions in ...)
	{DSA-1610-1}
	- pidgin 2.4.3-1
	- gaim 1:2.0.0+fake.1
	NOTE: gaim is now a transitional package depending on pidgin with its own source package
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=453764
CVE-2008-3137 (The GSM SMS dissector in Wireshark (formerly Ethereal) 0.99.2 through ...)
	{DSA-1673-1}
	- wireshark 1.0.1-1 (low; bug #488834)
	NOTE: http://www.wireshark.org/security/wnpa-sec-2008-03.html
CVE-2008-3138 (The (1) PANA and (2) KISMET dissectors in Wireshark (formerly ...)
	{DSA-1673-1}
	- wireshark 1.0.1-1 (low; bug #488834)
	NOTE: http://www.wireshark.org/security/wnpa-sec-2008-03.html
CVE-2008-3139 (The RTMPT dissector in Wireshark (formerly Ethereal) 0.99.8 through ...)
	- wireshark 1.0.1-1 (low; bug #488834)
	[etch] - wireshark <not-affected> (Only affects 0.99.8 to 1.0.0)
	NOTE: http://www.wireshark.org/security/wnpa-sec-2008-03.html
CVE-2008-3140 (The syslog dissector in Wireshark (formerly Ethereal) 1.0.0 allows ...)
	- wireshark 1.0.1-1 (low; bug #488834)
	[etch] - wireshark <not-affected> (Only affects 1.0.0)
	NOTE: http://www.wireshark.org/security/wnpa-sec-2008-03.html
CVE-2008-3141 (Unspecified vulnerability in the RMI dissector in Wireshark (formerly ...)
	{DSA-1673-1}
	- wireshark 1.0.1-1 (low; bug #488834)
	NOTE: http://www.wireshark.org/security/wnpa-sec-2008-03.html
CVE-2008-2952 (liblber/io.c in OpenLDAP 2.2.4 to 2.4.10 allows remote attackers to ...)
	{DSA-1650-1 DTSA-151-1}
	- openldap2.3 <removed> (low; bug #488710)
	- openldap 2.4.10-3 (low; bug #488710)
CVE-2008-2955 (Pidgin 2.4.1 allows remote attackers to cause a denial of service ...)
	- pidgin 2.4.3-1 (low; bug #488632)
	- gaim 1:2.0.0+fake.1
	NOTE: gaim is now a transitional package depending on pidgin with its own source package
CVE-2008-2956 (Memory leak in Pidgin 2.0.0, and possibly other versions, allows ...)
	- pidgin <unfixed> (low; bug #488632)
	[lenny] - pidgin <no-dsa> (Minor issue)
	- gaim 1:2.0.0+fake.1
	NOTE: gaim is now a transitional package depending on pidgin with its own source package
	NOTE: jabber servers should not forward malformed XML
CVE-2008-2957 (The UPnP functionality in Pidgin 2.0.0, and possibly other versions, ...)
	- pidgin 2.4.3-4 (low; bug #488632)
	- gaim 1:2.0.0+fake.1
	NOTE: gaim is now a transitional package depending on pidgin with its own source package
	NOTE: probably only a bandwidth issue
CVE-2008-2942 (Directory traversal vulnerability in patch.py in Mercurial 1.0.1 ...)
	- mercurial 1.0.1-2 (low; bug #488628)
	[etch] - mercurial <not-affected> (Vulnerable functionality not present)
CVE-2008-2953 (Linux DC++ (linuxdcpp) before 0.707 allows remote attackers to cause a ...)
	- linuxdcpp 1.0.1-2 (low; bug #488630)
	[etch] - linuxdcpp <no-dsa> (Minor issue)
CVE-2008-2954 (client/NmdcHub.cpp in Linux DC++ (linuxdcpp) before 0.707 allows ...)
	- linuxdcpp 1.0.1-2 (low; bug #488630)
	[etch] - linuxdcpp <no-dsa> (Minor issue)
CVE-2008-2958 (Race condition in (1) checkinstall 1.6.1 and (2) installwatch allows ...)
	- checkinstall 1.6.1-7 (low; bug #488140)
CVE-2008-XXXX [werkzeug hashes its secret instead of using hmac]
	- python-werkzeug 0.3.1-1 (unknown)
	NOTE: http://lucumr.pocoo.org/cogitations/2008/06/24/werkzeug-031-released/
CVE-2008-2841 (Argument injection vulnerability in XChat 2.8.7b and earlier on ...)
	- xchat <not-affected> (Windows specific problem)
CVE-2008-2840 (Multiple directory traversal vulnerabilities in Exero CMS 1.0.0 and ...)
	NOT-FOR-US: Exero CMS
CVE-2008-2839 (Cross-site scripting (XSS) vulnerability in the search module in ...)
	NOT-FOR-US: Traindepot
CVE-2008-2838 (Directory traversal vulnerability in index.php in Traindepot 0.1 ...)
	NOT-FOR-US: Traindepot
CVE-2008-2837 (SQL injection vulnerability in index.php in CMS-BRD allows remote ...)
	NOT-FOR-US: CMS-BRD
CVE-2008-2836 (PHP remote file inclusion vulnerability in send_reminders.php in ...)
	- webcalendar 1.0.5-1 (low)
	- gforge <not-affected> (code in lenny internally sets its own path)
CVE-2008-2835 (SQL injection vulnerability in cgi-bin/igsuite in IGSuite 3.2.4 allows ...)
	NOT-FOR-US: IGSuite
CVE-2008-2834 (SQL injection vulnerability in projects.php in Scientific Image ...)
	NOT-FOR-US: Scientific Image DataBase
CVE-2008-2833 (admin/upload.php in le.cms 1.4 and earlier allows remote attackers to ...)
	NOT-FOR-US: le.cms
CVE-2008-2832 (Unrestricted file upload vulnerability in calendar_admin.asp in Full ...)
	NOT-FOR-US: aspWebCalendar 2008
CVE-2008-2831 (Multiple cross-site scripting (XSS) vulnerabilities in the delegated ...)
	NOT-FOR-US: MailMarshal
CVE-2008-2830 (Open Scripting Architecture in Apple Mac OS X 10.4.11 and 10.5.4, and ...)
	NOT-FOR-US: Apple Mac OS
CVE-2008-2829 (php_imap.c in PHP 5.2.5, 5.2.6, 4.x, and other versions, uses obsolete ...)
	{DTSA-144-1}
	- php5 5.2.6-2 (low)
	NOTE: the fix sent to t-s and unstable does not seem possible in etch due to
	NOTE: missing api features from the version of libc-client in etch.
CVE-2008-2826 (Integer overflow in the sctp_getsockopt_local_addrs_old function in ...)
	{DSA-1630-1}
	- linux-2.6 2.6.25-6 (low)
	- linux-2.6.24 2.6.24-6~etchnhalf.4 (low)
	NOTE: 735ce972fbc8a65fb17788debd7bbe7b4383cc62, present in 2.6.25.9
CVE-2008-2825 (Cross-site scripting (XSS) vulnerability in the embedded Web Server in ...)
	NOT-FOR-US: Xerox WorkCentre
CVE-2008-2824 (Unspecified vulnerability in the Extensible Interface Platform in Web ...)
	NOT-FOR-US: Xerox WorkCentre
CVE-2008-2823 (SQL injection vulnerability in newsarchive.php in PHPeasyblog ...)
	NOT-FOR-US: PHPeasyblog
CVE-2008-2822 (Multiple directory traversal vulnerabilities in the FTP client in ...)
	NOT-FOR-US: 3D-FTP Client
CVE-2008-2821 (Directory traversal vulnerability in the FTP client in Glub Tech ...)
	NOT-FOR-US: Glub Tech Secure FTP
CVE-2008-2820 (Directory traversal vulnerability in lang/lang-system.php in Open ...)
	NOT-FOR-US: Open Azimyt CMS
CVE-2008-2819 (SQL injection vulnerability in BlognPlus (BURO GUN +) 2.5.4 and ...)
	NOT-FOR-US: BlognPlus
CVE-2008-2818 (Directory traversal vulnerability in Easy-Clanpage 3.0 b1 allows ...)
	NOT-FOR-US: Easy-Clanpage
CVE-2008-2817 (SQL injection vulnerability in albums.php in NiTrO Web Gallery 1.4.3 ...)
	NOT-FOR-US: NiTrO Web Gallery
CVE-2008-2816 (SQL injection vulnerability in post.php in Oxygen (aka O2PHP Bulletin ...)
	NOT-FOR-US: Oxygen
CVE-2008-2815 (SQL injection vulnerability in shopping/index.php in MyMarket 1.72 ...)
	NOT-FOR-US: MyMarket
CVE-2008-2814 (Cross-site scripting (XSS) vulnerability in WallCity-Server Shoutcast ...)
	NOT-FOR-US: WallCity-Server
CVE-2008-2813 (Directory traversal vulnerability in index.php in WallCity-Server ...)
	NOT-FOR-US: WallCity-Server
CVE-2008-2812 (The Linux kernel before 2.6.25.10 does not properly perform tty ...)
	{DSA-1630-1}
	- linux-2.6 2.6.25-7
	- linux-2.6.24 2.6.24-6~etchnhalf.4
CVE-2008-2811 (The block reflow implementation in Mozilla Firefox before 2.0.0.15, ...)
	{DSA-1697-1 DSA-1621-1 DSA-1615-1 DSA-1607-1}
	- iceweasel 3.0
	NOTE: Firefox 3 not affected
	- iceape 1.1.10-1
	- xulrunner 1.9.0.1-1
	- icedove 2.0.0.16-1
CVE-2008-2810 (Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 do not ...)
	{DSA-1697-1}
	- iceweasel <not-affected> (Windows-specific)
	- iceape <not-affected> (Windows-specific)
CVE-2008-2809 (Mozilla 1.9 M8 and earlier, Mozilla Firefox 2 before 2.0.0.15, ...)
	{DSA-1697-1 DSA-1621-1 DSA-1615-1 DSA-1607-1}
	- iceweasel 3.0
	NOTE: Firefox 3 not affected
	- iceape 1.1.10-1
	- xulrunner 1.9.0.1-1
	- icedove 2.0.0.16-1
CVE-2008-2808 (Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 do not ...)
	{DSA-1697-1 DSA-1615-1 DSA-1607-1}
	- iceweasel 3.0
	- iceape 1.1.10-1
	- xulrunner 1.9.0.1-1
CVE-2008-2807 (Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 do not ...)
	{DSA-1697-1 DSA-1621-1 DSA-1615-1 DSA-1607-1}
	- iceweasel 3.0
	- iceape 1.1.10-1
	- xulrunner 1.9.0.1-1
	- icedove 2.0.0.16-1
CVE-2008-2806 (Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 on Mac OS ...)
	- iceweasel <not-affected> (MacOS-specific)
	- iceape <not-affected> (MacOS-specific)
CVE-2008-2805 (Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 allow ...)
	{DSA-1697-1 DSA-1615-1 DSA-1607-1}
	- iceweasel 3.0
	NOTE: Firefox 3 not affected
	- iceape 1.1.10
	- xulrunner 1.9.0.1-1
CVE-2008-2804
	RESERVED
CVE-2008-2803 (The mozIJSSubScriptLoader.LoadScript function in Mozilla Firefox ...)
	{DSA-1697-1 DSA-1621-1 DSA-1615-1 DSA-1607-1}
	- iceweasel 3.0~b2-1
	- iceape 1.1.10-1
	- xulrunner 1.9.0.1-1
CVE-2008-2802 (Mozilla Firefox before 2.0.0.15, Thunderbird 2.0.0.14 and earlier, and ...)
	{DSA-1697-1 DSA-1621-1 DSA-1615-1 DSA-1607-1}
	- iceweasel 3.0~b2-1
	- iceape 1.1.10-1
	- icedove 2.0.0.16-1
	- xulrunner 1.9.0.1-1
CVE-2008-2801 (Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 do not ...)
	{DSA-1697-1 DSA-1615-1 DSA-1607-1}
	- iceweasel 3.0~b2-1
	- iceape 1.1.10-1
	- xulrunner 1.9.0.1-1
CVE-2008-2800 (Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 allow ...)
	{DSA-1697-1 DSA-1615-1 DSA-1607-1}
	- iceweasel 3.0~b2-1
	- iceape 1.1.10-1
	- xulrunner 1.9.0.1-1
CVE-2008-2799 (Multiple unspecified vulnerabilities in Mozilla Firefox before ...)
	{DSA-1697-1 DSA-1621-1 DSA-1615-1 DSA-1607-1}
	- iceweasel 3.0~b2-1
	- iceape 1.1.10-1
	- xulrunner 1.9.0.1-1
	- icedove 2.0.0.16-1
CVE-2008-2798 (Multiple unspecified vulnerabilities in Mozilla Firefox before ...)
	{DSA-1697-1 DSA-1621-1 DSA-1615-1 DSA-1607-1}
	- iceweasel 3.0~b2-1
	- iceape 1.1.10-1
	- xulrunner 1.9.0.1-1
	- icedove 2.0.0.16-1
CVE-2008-2797 (Cross-site scripting (XSS) vulnerability in MainLayout.do in ...)
	NOT-FOR-US: ManageEngine OpUtils
CVE-2008-2796 (SQL injection vulnerability in index.php in FreeCMS 0.2 allows remote ...)
	NOT-FOR-US: FreeCMS
CVE-2008-2795 (Directory traversal vulnerability in the FTP and SFTP clients in IDM ...)
	NOT-FOR-US: IDM Computer Solutions Inc UltraEdit
CVE-2008-2794 (Unspecified vulnerability in the GUI in Symantec Altiris Notification ...)
	NOT-FOR-US: Symantec Altiris Notification
CVE-2008-2793 (SQL injection vulnerability in group_posts.php in ClipShare before ...)
	NOT-FOR-US: ClipShare
CVE-2008-2792 (SQL injection vulnerability in index.php in eroCMS 1.4 and earlier ...)
	NOT-FOR-US: eroCMS
CVE-2008-2791 (SQL injection vulnerability in product.detail.php in Kalptaru Infotech ...)
	NOT-FOR-US: Kalptaru Infotech
CVE-2008-2790 (SQL injection vulnerability in detail.php in MountainGrafix easyTrade ...)
	NOT-FOR-US: MountainGrafix easyTrade
CVE-2008-2789 (SQL injection vulnerability in pages/index.php in BASIC-CMS allows ...)
	NOT-FOR-US: BASIC-CMS
CVE-2008-2788 (Cross-site scripting (XSS) vulnerability in index.php in OpenDocMan ...)
	NOT-FOR-US: OpenDocMan
CVE-2008-2787 (Cross-site scripting (XSS) vulnerability in out.php in OpenDocMan ...)
	NOT-FOR-US: OpenDocMan
CVE-2008-2960 (Cross-site scripting (XSS) vulnerability in phpMyAdmin before 2.11.7, ...)
	- phpmyadmin 4:2.11.7~rc2-1 (unimportant)
	NOTE: We haven't supported installations with register_globals enabled since a long time
CVE-2008-2827 (The rmtree function in lib/File/Path.pm in Perl 5.10 does not properly ...)
	{DTSA-142-1}
	- perl 5.10.0-11 (bug #487319; medium)
	[etch] - perl <not-affected> (doesn't change link target permissions)
	NOTE: affects other packages like debsums, see bugreport
CVE-2008-2828 (Stack-based buffer overflow in tmsnc allows remote attackers to cause ...)
	- tmsnc 0.3.2-1.1 (low; bug #487222)
CVE-2008-2786 (Buffer overflow in Firefox 3.0 and 2.0.x has unknown impact and attack ...)
	NOT-FOR-US: Just hashes posted to full-disclosure, no specific information
	NOTE: Unless more specific information pops up, this can be considered covered by
	NOTE: CVE-2008-2785
CVE-2008-2785 (Mozilla Firefox before 2.0.0.16 and 3.x before 3.0.1, Thunderbird ...)
	{DSA-1697-1 DSA-1621-1 DSA-1615-1 DSA-1614-1}
	- iceweasel 3.0 (medium; bug #488358)
	- icedove 2.0.0.16-1
	- iceape 1.1.11-1 (bug #491163)
	- xulrunner 1.9.0.1-1 (bug #491161)
	NOTE: Since 3.0 iceweasel links against xulrunner, marking it as fixed, since also need to track etch
	NOTE: http://www.mozilla.org/security/announce/2008/mfsa2008-34.html
CVE-2008-2784 (The smtp_filter function in spamdyke before 3.1.8 does not filter RCPT ...)
	NOT-FOR-US: spamdyke
CVE-2008-2783 (Multiple cross-site scripting (XSS) vulnerabilities in Horde ...)
	- kronolith2 <not-affected> (unimportant; Nonreproducable 'issue')
	- horde3 <not-affected> (unimportant; Nonreproducable 'issue')
	NOTE: not reproducible, redhat also seems to have problems reproducing this https://bugzilla.redhat.com/show_bug.cgi?id=452209
CVE-2008-2782 (Multiple directory traversal vulnerabilities in OtomiGenX 2.2 allow ...)
	NOT-FOR-US: OtomiGenX
CVE-2008-2781 (SQL injection vulnerability in index.php in DZOIC Handshakes 3.5 ...)
	NOT-FOR-US: DZOIC Handshakes
CVE-2008-2780 (The Anubis (aka Anubis+Ripe160) plugin before 1.3 for encrypt stores ...)
	NOT-FOR-US: Anubis
CVE-2008-2779 (Directory traversal vulnerability in GlobalSCAPE CuteFTP Home 8.2.0 ...)
	NOT-FOR-US: GlobalSCAPE CuteFTP Home
CVE-2008-2778 (SQL injection vulnerability in inc/class_search.php in the Search ...)
	NOT-FOR-US: RevokeBB
CVE-2008-2777 (Cross-site scripting (XSS) vulnerability in Ortro before 1.3.1 allows ...)
	NOT-FOR-US: Ortro
CVE-2008-2776 (Cross-site scripting (XSS) vulnerability in search.asp in DT ...)
	NOT-FOR-US: DT Centrepiece
CVE-2008-2775 (SQL injection vulnerability in search.asp in DT Centrepiece 4.0 allows ...)
	NOT-FOR-US: DT Centrepiece
CVE-2008-2774 (SQL injection vulnerability in item.php in CartKeeper CKGold Shopping ...)
	NOT-FOR-US: CartKeeper CKGold Shopping Cart
CVE-2008-2773 (Cross-site scripting (XSS) vulnerability in the Taxonomy Image module ...)
	NOT-FOR-US: Taxonomy Image module for Drupal
CVE-2008-2772 (The Magic Tabs module 5.x before 5.x-1.1 for Drupal allows remote ...)
	NOT-FOR-US: Magic Tabs module for Drupal
CVE-2008-2771 (The Node Hierarchy module 5.x before 5.x-1.1 and 6.x before 6.x-1.0 ...)
	NOT-FOR-US: Node Hierarchy module for Drupal
CVE-2008-2770 (SQL injection vulnerability in index.php in MycroCMS 0.5, when ...)
	NOT-FOR-US: MycroCMS
CVE-2008-2769 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: phpRaider
CVE-2008-2768 (Cross-site scripting (XSS) vulnerability in admin/search.asp in Xigla ...)
	NOT-FOR-US: Xigla Poll Manager XE
CVE-2008-2767 (SQL injection vulnerability in search.asp in Xigla Poll Manager XE ...)
	NOT-FOR-US: Xigla Poll Manager XE
CVE-2008-2766 (Cross-site scripting (XSS) vulnerability in Xigla Absolute Image ...)
	NOT-FOR-US: Xigla Absolute Image Gallery XE
CVE-2008-2765 (SQL injection vulnerability in gallery.asp in Xigla Absolute Image ...)
	NOT-FOR-US: Xigla Absolute Image Gallery XE
CVE-2008-2764 (Cross-site scripting (XSS) vulnerability in admin/search.asp in Xigla ...)
	NOT-FOR-US: Xigla Absolute Live Support XE
CVE-2008-2763 (SQL injection vulnerability in search.asp in Xigla Absolute Live ...)
	NOT-FOR-US: Xigla Absolute Live Support XE
CVE-2008-2762 (SQL injection vulnerability in search.asp in Xigla Absolute Form ...)
	NOT-FOR-US: Xigla Absolute Form Processor XE
CVE-2008-2761 (Multiple cross-site scripting (XSS) vulnerabilities in Xigla Absolute ...)
	NOT-FOR-US: Xigla Absolute Banner Manager XE
CVE-2008-2760 (SQL injection vulnerability in searchbanners.asp in Xigla Absolute ...)
	NOT-FOR-US: Xigla Absolute Banner Manager XE
CVE-2008-2759 (Multiple cross-site scripting (XSS) vulnerabilities in Xigla Absolute ...)
	NOT-FOR-US: Xigla Absolute Form Processor XE
CVE-2008-2758 (Multiple cross-site scripting (XSS) vulnerabilities in Xigla Absolute ...)
	NOT-FOR-US: Xigla Absolute News Manager XE
CVE-2008-2757 (SQL injection vulnerability in search.asp in Xigla Absolute News ...)
	NOT-FOR-US: Xigla Absolute News Manager XE
CVE-2008-2756 (Cross-site scripting (XSS) vulnerability in admin/users.asp in Xigla ...)
	NOT-FOR-US: Xigla Absolute Control Panel XE
CVE-2008-2755 (SQL injection vulnerability in index.php in JAMM CMS allows remote ...)
	NOT-FOR-US: JAMM CMS
CVE-2008-2754 (SQL injection vulnerability in toplists.php in eFiction 3.0 and 3.4.3, ...)
	NOT-FOR-US: eFiction
CVE-2008-2753 (Multiple SQL injection vulnerabilities in Pooya Site Builder (PSB) 6.0 ...)
	NOT-FOR-US: Pooya Site Builder
CVE-2008-2752 (Microsoft Word 2000 9.0.2812 and 2003 11.8106.8172 does not properly ...)
	NOT-FOR-US: Microsoft Word
CVE-2008-2751 (Multiple cross-site scripting (XSS) vulnerabilities in the Glassfish ...)
	NOT-FOR-US: Sun Java System Application Server
CVE-2008-2750 (The pppol2tp_recvmsg function in drivers/net/pppol2tp.c in the Linux ...)
	- linux-2.6 2.6.26
	[etch] - linux-2.6 <not-affected> (Vulnerable code was introduced in 2.6.23)
	- linux-2.6.24 2.6.24-6~etchnhalf.4
	NOTE: 6b6707a50c7598a83820077393f8823ab791abf8 
CVE-2008-2749 (Unspecified vulnerability in cshttpd in Sun Java System Calendar ...)
	NOT-FOR-US: Sun Java System Application Server
CVE-2008-2748 (Skulltag 0.97d2-RC2 and earlier allows remote attackers to cause a ...)
	NOT-FOR-US: Skulltag
CVE-2008-2747 (No-IP Dynamic Update Client (DUC) 2.2.1 on Windows uses weak ...)
	NOT-FOR-US: Windows
CVE-2008-2746 (SQL injection vulnerability in login.php in Gryphon gllcTS2 4.2.4 ...)
	NOT-FOR-US: Gryphon gllcTS2
CVE-2008-2745 (Stack-based buffer overflow in BiAnno ActiveX Control (BiAnno.ocx) in ...)
	NOT-FOR-US: BiAnno ActiveX Control
CVE-2008-2744 (Cross-site scripting (XSS) vulnerability in vBulletin 3.6.10 and 3.7.1 ...)
	NOT-FOR-US: vBulletin
CVE-2008-2743 (Cross-site scripting (XSS) vulnerability in the embedded web server in ...)
	NOT-FOR-US: web server Xerox
CVE-2008-2742 (Unrestricted file upload in the mcpuk file editor ...)
	NOT-FOR-US: Achievo
CVE-2008-2741
	RESERVED
CVE-2008-2740
	RESERVED
CVE-2008-2739 (The SERVICE.DNS signature engine in the Intrusion Prevention System ...)
	NOT-FOR-US: Cisco IOS
CVE-2008-2738
	RESERVED
CVE-2008-2737
	REJECTED
CVE-2008-2736 (Unspecified vulnerability in Cisco Adaptive Security Appliance (ASA) ...)
	NOT-FOR-US: Cisco Adaptive Security Appliance (ASA)
CVE-2008-2735 (The HTTP server in Cisco Adaptive Security Appliance (ASA) 5500 ...)
	NOT-FOR-US: Cisco Adaptive Security Appliance (ASA)
CVE-2008-2734 (Memory leak in the crypto functionality in Cisco Adaptive Security ...)
	NOT-FOR-US: Cisco Adaptive Security Appliance (ASA)
CVE-2008-2733 (Cisco PIX and Adaptive Security Appliance (ASA) 5500 devices 7.2 ...)
	NOT-FOR-US: Cisco Adaptive Security Appliance (ASA)
CVE-2008-2732 (Multiple unspecified vulnerabilities in the SIP inspection ...)
	NOT-FOR-US: Cisco Adaptive Security Appliance (ASA)
CVE-2008-2731
	RESERVED
CVE-2008-2730 (The Real-Time Information Server (RIS) Data Collector service in Cisco ...)
	NOT-FOR-US: cisco
CVE-2008-2729 (arch/x86_64/lib/copy_user.S in the Linux kernel before 2.6.19 on some ...)
	{DSA-1630-1}
	- linux-2.6 2.6.19-1
	NOTE: 3022d734a54cbd2b65eea9a024564821101b4a9a
CVE-2008-2728
	REJECTED
CVE-2008-2727
	REJECTED
CVE-2008-2726 (Integer overflow in the (1) rb_ary_splice function in Ruby 1.8.4 and ...)
	{DSA-1618-1 DSA-1612-1}
	- ruby1.9 1.9.0.2-1
	- ruby1.8 1.8.7.22-1
CVE-2008-2725 (Integer overflow in the (1) rb_ary_splice function in Ruby 1.8.4 and ...)
	{DSA-1618-1 DSA-1612-1}
	- ruby1.9 1.9.0.2-1
	- ruby1.8 1.8.7.22-1
CVE-2008-2718 (Cross-site scripting (XSS) vulnerability in fe_adminlib.inc in TYPO3 ...)
	{DSA-1596-1}
	- typo3-src 4.1.7-1 (bug #485814)
CVE-2008-2716 (Unspecified vulnerability in Opera before 9.5 allows remote attackers ...)
	NOT-FOR-US: Opera
CVE-2008-2715 (Unspecified vulnerability in Opera before 9.5 allows remote attackers ...)
	NOT-FOR-US: Opera
CVE-2008-2714 (Opera before 9.26 allows remote attackers to misrepresent web page ...)
	NOT-FOR-US: Opera
CVE-2008-2710 (Integer signedness error in the ip_set_srcfilter function in the IP ...)
	NOT-FOR-US: Solaris
CVE-2008-2709 (Buffer overflow in the BrSmRcvAndCheck function in the RCHMGR module ...)
	NOT-FOR-US: Solaris
CVE-2008-2708 (Unspecified vulnerability in the Sun (1) UltraSPARC T2 and (2) ...)
	NOT-FOR-US: Solaris
CVE-2008-2707 (Unspecified vulnerability in the e1000g driver in Sun Solaris 10 and ...)
	NOT-FOR-US: Solaris
CVE-2008-2706 (Unspecified vulnerability in the event port implementation in Sun ...)
	NOT-FOR-US: Sun Solaris
CVE-2008-2705 (Unspecified vulnerability in Sun Java System Access Manager (AM) 7.1, ...)
	NOT-FOR-US: Sun Java System Access Manager
CVE-2008-2704 (Novell GroupWise Messenger (GWIM) before 2.0.3 Hot Patch 1 allows ...)
	NOT-FOR-US: Novell GroupWise
CVE-2008-2703 (Multiple stack-based buffer overflows in Novell GroupWise Messenger ...)
	NOT-FOR-US: Novell GroupWise
CVE-2008-2702 (Directory traversal vulnerability in the FTP client in ALTools ESTsoft ...)
	NOT-FOR-US: ALTools ESTsoft ALFTP
CVE-2008-2701 (SQL injection vulnerability in the GameQ (com_gameq) component 4.0 and ...)
	NOT-FOR-US: joomla extension
CVE-2008-2700 (SQL injection vulnerability in view.php in Galatolo WebManager 1.0 and ...)
	NOT-FOR-US: Galatolo WebManager
CVE-2008-2699 (Multiple directory traversal vulnerabilities in Galatolo WebManager ...)
	NOT-FOR-US: Galatolo WebManager
CVE-2008-2698 (Multiple cross-site scripting (XSS) vulnerabilities in photo_add-c.php ...)
	NOT-FOR-US: WEBalbum
CVE-2008-2697 (SQL injection vulnerability in the Rapid Recipe (com_rapidrecipe) ...)
	NOT-FOR-US: joomla extension
CVE-2008-2695 (Directory traversal vulnerability in entry.php in phpInv 0.8.0 allows ...)
	NOT-FOR-US: phpInv
CVE-2008-2694 (Cross-site scripting (XSS) vulnerability in search.php in phpInv 0.8.0 ...)
	NOT-FOR-US: phpInv
CVE-2008-2693 (Stack-based buffer overflow in the BITIFF.BITiffCtrl.1 ActiveX control ...)
	NOT-FOR-US: ActiveX control
CVE-2008-2692 (SQL injection vulnerability in the yvComment (com_yvcomment) component ...)
	NOT-FOR-US: Joomla!
CVE-2008-2691 (SQL injection vulnerability in read.asp in JiRo's FAQ Manager ...)
	NOT-FOR-US: JiRo's FAQ Manager eXperience
CVE-2008-2690 (Multiple PHP remote file inclusion vulnerabilities in BrowserCRM ...)
	NOT-FOR-US: BrowserCRM
CVE-2008-2689 (PHP remote file inclusion vulnerability in pub/clients.php in ...)
	NOT-FOR-US: BrowserCRM
CVE-2008-2688 (SQL injection vulnerability in pilot.asp in ASPilot Pilot Cart 7.3 ...)
	NOT-FOR-US: ASPilot Pilot Cart
CVE-2008-2687 (Directory traversal vulnerability in inc/config.php in ProManager 0.73 ...)
	NOT-FOR-US: ProManager
CVE-2008-2686 (webinc/bxe/scripts/loadsave.php in Flux CMS 1.5.0 and earlier allows ...)
	NOT-FOR-US: Flux CMS
CVE-2008-XXXX [insecure tempfile in wdiff]
	- wdiff 0.5-18 (low; bug #425254)
	[etch] - wdiff  <no-dsa> (Minor issue)
CVE-2008-2719 (Off-by-one error in the ppscan function (preproc.c) in Netwide ...)
	- nasm 2.03.01-1 (low; bug #486715)
	[etch] - nasm <not-affected> (vulnerable code not present)
CVE-2008-2712 (Vim 7.1.314, 6.4, and other versions allows user-assisted remote ...)
	{DTSA-143-1}
	- vim 1:7.1.314-3 (low; bug #486502)
CVE-2008-2696 (Exiv2 0.16 allows user-assisted remote attackers to cause a denial of ...)
	- exiv2 0.17-1 (low; bug #486328)
	[etch] - exiv2 <no-dsa> (Minor issue)
	NOTE: http://dev.robotbattle.com/cgi-bin/viewvc.cgi/exiv2/trunk/src/nikonmn.cpp?r1=1473&r2=1499
CVE-2008-2713 (libclamav/petite.c in ClamAV before 0.93.1 allows remote attackers to ...)
	{DSA-1616-2 DTSA-138-1}
	- clamav 0.93.1.dfsg-1.1 (low; bug #490925)
CVE-2008-2711 (fetchmail 6.3.8 and earlier, when running in -v -v (aka verbose) mode, ...)
	- fetchmail 6.3.9~rc2-1 (unimportant)
	NOTE: http://www.openwall.com/lists/oss-security/2008/06/13/1
	NOTE: -vv is only used for debugging purposes so this does not
	NOTE: prevent a victim from getting mails. -vv is not used in non-interactive
	NOTE: use.
CVE-2008-2720 (Cross-site scripting (XSS) vulnerability in Menalto Gallery before ...)
	- gallery2 2.2.5-1 (low; bug #485947)
	- gallery <not-affected> (Vulnerable code not present, different codebase)
CVE-2008-2721 (Unspecified vulnerability in the album-select module in Menalto ...)
	- gallery2 2.2.5-1 (low; bug #485947)
	- gallery <not-affected> (Vulnerable code not present, different codebase)
CVE-2008-2722 (Menalto Gallery before 2.2.5 allows remote attackers to bypass ...)
	- gallery2 2.2.5-1 (low; bug #485947)
	- gallery <not-affected> (Vulnerable code not present, different codebase)
CVE-2008-2723 (embed.php in Menalto Gallery before 2.2.5 allows remote attackers to ...)
	- gallery2 2.2.5-1 (low; bug #485947)
	- gallery <not-affected> (Vulnerable code not present, different codebase)
CVE-2008-2724 (Menalto Gallery before 2.2.5 does not enforce permissions for ...)
	- gallery2 2.2.5-1 (low; bug #485947)
	- gallery <not-affected> (Vulnerable code not present, different codebase)
CVE-2008-2717 (TYPO3 4.0.x before 4.0.9, 4.1.x before 4.1.7, and 4.2.x before 4.2.1, ...)
	{DSA-1596-1}
	- typo3-src 4.1.7-1 (bug #485814)
CVE-2008-2685 (SQL injection vulnerability in article.asp in Battle Blog 1.25 Build 4 ...)
	NOT-FOR-US: Battle Blog
CVE-2008-2684 (The BIDIB.BIDIBCtrl.1 ActiveX control in BIDIB.ocx 10.9.3.0 in Black ...)
	NOT-FOR-US: Black Ice Barcode
CVE-2008-2683 (The BIDIB.BIDIBCtrl.1 ActiveX control in BIDIB.ocx 10.9.3.0 in Black ...)
	NOT-FOR-US: Black Ice Barcode
CVE-2008-2682 (_RealmAdmin/login.asp in Realm CMS 2.3 and earlier allows remote ...)
	NOT-FOR-US: Realm CMS
CVE-2008-2681 (Realm CMS 2.3 and earlier allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: Realm CMS
CVE-2008-2680 (Multiple cross-site scripting (XSS) vulnerabilities in _db/compact.asp ...)
	NOT-FOR-US: Realm CMS
CVE-2008-2679 (SQL injection vulnerability in the KeyWordsList function in ...)
	NOT-FOR-US: Realm CMS
CVE-2008-2678 (Multiple SQL injection vulnerabilities in Telephone Directory 2008, ...)
	NOT-FOR-US: Telephone Directory 2008
CVE-2008-2677 (Cross-site scripting (XSS) vulnerability in edit1.php in Telephone ...)
	NOT-FOR-US: Telephone Directory 2008
CVE-2008-2676 (SQL injection vulnerability in the iJoomla News Portal ...)
	NOT-FOR-US: com_news_portal component for Joomla!
CVE-2008-2675 (Cross-site scripting (XSS) vulnerability in index.php in PHP Image ...)
	NOT-FOR-US: PHP Image Gallery
CVE-2008-2674 (Unspecified vulnerability in the Interstage Management Console, as ...)
	NOT-FOR-US: Interstage Management Console
CVE-2008-2673 (SQL injection vulnerability in index.php in Powie pNews 2.08 and 2.10, ...)
	NOT-FOR-US: pNews
CVE-2008-2672 (Multiple directory traversal vulnerabilities in ErfurtWiki R1.02b and ...)
	- ewiki <removed> (unimportant)
	NOTE: register_globals is not supported
CVE-2008-2671 (SQL injection vulnerability in comments.php in DCFM Blog 0.9.4 allows ...)
	NOT-FOR-US: DCFM Blog
CVE-2008-2670 (Multiple SQL injection vulnerabilities in index.php in Insanely Simple ...)
	NOT-FOR-US: Insanely Simple Blog 
CVE-2008-2669 (Multiple SQL injection vulnerabilities in yBlog 0.2.2.2 allow remote ...)
	NOT-FOR-US: yBlog
CVE-2008-2668 (Multiple cross-site scripting (XSS) vulnerabilities in yBlog 0.2.2.2 ...)
	NOT-FOR-US: yBlog
CVE-2008-2666 (Multiple directory traversal vulnerabilities in PHP 5.2.6 and earlier ...)
	- php5 <unfixed> (unimportant)
	NOTE: safe mode not supported
CVE-2008-2665 (Directory traversal vulnerability in the posix_access function in PHP ...)
	- php5 5.2.6.dfsg.1-3 (unimportant)
	NOTE: safe mode not supported
CVE-2008-2664 (The rb_str_format function in Ruby 1.8.4 and earlier, 1.8.5 before ...)
	{DSA-1618-1 DSA-1612-1}
	- ruby1.9 1.9.0.2-1
	- ruby1.8 1.8.7.22-1
CVE-2008-2663 (Multiple integer overflows in the rb_ary_store function in Ruby 1.8.4 ...)
	{DSA-1618-1 DSA-1612-1}
	- ruby1.9 1.9.0.2-1
	- ruby1.8 1.8.7.22-1
CVE-2008-2662 (Multiple integer overflows in the rb_str_buf_append function in Ruby ...)
	{DSA-1618-1 DSA-1612-1}
	- ruby1.9 1.9.0.2-1
	- ruby1.8 1.8.7.22-1
CVE-2008-2661
	RESERVED
CVE-2008-2660
	RESERVED
CVE-2008-2659
	RESERVED
CVE-2008-2658
	RESERVED
CVE-2008-2657
	RESERVED
CVE-2008-2656
	RESERVED
CVE-2008-2655
	RESERVED
CVE-2008-2653
	RESERVED
CVE-2008-2652 (Multiple SQL injection vulnerabilities in catalog.php in SMEWeb 1.4b ...)
	NOT-FOR-US: SMEWeb
CVE-2008-2651 (SQL injection vulnerability in the Joomla! Bulletin Board (aka Joo!BB ...)
	NOT-FOR-US: com_joobb component for Joomla!
CVE-2008-2650 (Directory traversal vulnerability in cmsimple/cms.php in CMSimple 3.1, ...)
	NOT-FOR-US: CMSimple
CVE-2008-2649 (Multiple PHP remote file inclusion vulnerabilities in DesktopOnNet 3 ...)
	NOT-FOR-US: DesktopOnNet
CVE-2008-2648 (Unrestricted file upload vulnerability in upload/uploader.html in ...)
	NOT-FOR-US: meBiblio
CVE-2008-2647 (SQL injection vulnerability in admin/journal_change_mask.inc.php in ...)
	NOT-FOR-US: meBiblio
CVE-2008-2646 (Multiple cross-site scripting (XSS) vulnerabilities in meBiblio 0.4.7 ...)
	NOT-FOR-US: meBiblio
CVE-2008-2645 (Multiple PHP remote file inclusion vulnerabilities in Brim (formerly ...)
	NOT-FOR-US: Brim
CVE-2008-2644 (Multiple cross-site scripting (XSS) vulnerabilities in SMEWeb 1.4b and ...)
	NOT-FOR-US: SMEWeb
CVE-2008-2643 (SQL injection vulnerability in the Bible Study (com_biblestudy) ...)
	NOT-FOR-US: com_biblestudy component for Joomla!
CVE-2008-2642 (SQL injection vulnerability in login.php in OtomiGenX 2.2 allows ...)
	NOT-FOR-US: OtomiGenX
CVE-2008-2641 (Unspecified vulnerability in Adobe Reader and Acrobat 7.0.9 and ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2008-2640 (Multiple cross-site scripting (XSS) vulnerabilities in the Flex 3 ...)
	NOT-FOR-US: Adobe Flex
CVE-2008-2639 (Stack-based buffer overflow in the ODBC server service in Citect ...)
	NOT-FOR-US: Citect CitectSCADA
CVE-2008-2638 (Static code injection vulnerability in guestbook.php in 1Book 1.0.1 ...)
	NOT-FOR-US: 1Book
CVE-2008-2637 (Multiple cross-site scripting (XSS) vulnerabilities in F5 FirePass SSL ...)
	NOT-FOR-US: F5 FirePass SSL VPN
CVE-2008-2636 (The HTTP service on the Cisco Linksys WRH54G with firmware 1.01.03 ...)
	NOT-FOR-US: Cisco firmware
CVE-2008-2635 (Multiple directory traversal vulnerabilities in BitKinex 2.9.3 allow ...)
	NOT-FOR-US: BitKinex
CVE-2008-2634 (SQL injection vulnerability in index.asp in I-Pos Internet Pay Online ...)
	NOT-FOR-US: I-Pos Internet Pay Online Store
CVE-2008-2633 (Multiple SQL injection vulnerabilities in the EXP JoomRadio ...)
	NOT-FOR-US: com_joomradio component for Joomla!
CVE-2008-2632 (SQL injection vulnerability in the acctexp (com_acctexp) component ...)
	NOT-FOR-US: com_acctexp component for Joomla!
CVE-2008-2631 (The WordClient interface in Alt-N Technologies MDaemon 9.6.5 allows ...)
	NOT-FOR-US: MDaemon
CVE-2008-2630 (SQL injection vulnerability in the JooBlog (com_jb2) component 0.1.1 ...)
	NOT-FOR-US: com_jb2 component for Joomla!
CVE-2008-2629 (SQL injection vulnerability in the LifeType (formerly pLog) module for ...)
	NOT-FOR-US: LifeType module for Drupal
CVE-2008-2628 (SQL injection vulnerability in the eQuotes (com_equotes) component ...)
	NOT-FOR-US: com_equotes component for Joomla!
CVE-2008-2627 (SQL injection vulnerability in the IDoBlog (com_idoblog) component b24 ...)
	NOT-FOR-US: com_idoblog for Joomla!
CVE-2008-2626 (SQL injection vulnerability in comment.asp in Battle Blog 1.25 and ...)
	NOT-FOR-US: Battle Blog
CVE-2008-2625 (Unspecified vulnerability in the Core RDBMS component in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2008-2624 (Unspecified vulnerability in the Oracle OLAP component in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2008-2623 (Unspecified vulnerability in the Oracle JDeveloper component in Oracle ...)
	NOT-FOR-US: Oracle Application Server
CVE-2008-2622 (Unspecified vulnerability in the PeopleSoft PeopleTools component in ...)
	NOT-FOR-US: Oracle PeopleSoft Enterprise
CVE-2008-2621 (Unspecified vulnerability in the PeopleSoft PeopleTools component in ...)
	NOT-FOR-US: Oracle PeopleSoft Enterprise
CVE-2008-2620 (Unspecified vulnerability in the PeopleSoft PeopleTools component in ...)
	NOT-FOR-US: Oracle PeopleSoft Enterprise
CVE-2008-2619 (Unspecified vulnerability in the Oracle Reports Developer component in ...)
	NOT-FOR-US: Oracle
CVE-2008-2618 (Unspecified vulnerability in the PeopleSoft PeopleTools component in ...)
	NOT-FOR-US: Oracle PeopleSoft Enterprise
CVE-2008-2617 (Unspecified vulnerability in the PeopleSoft PeopleTools component in ...)
	NOT-FOR-US: Oracle PeopleSoft Enterprise
CVE-2008-2616 (Unspecified vulnerability in the PeopleSoft PeopleTools component in ...)
	NOT-FOR-US: Oracle PeopleSoft Enterprise
CVE-2008-2615 (Unspecified vulnerability in the PeopleSoft PeopleTools component in ...)
	NOT-FOR-US: Oracle PeopleSoft Enterprise
CVE-2008-2614 (Unspecified vulnerability in the Oracle HTTP Server component in ...)
	NOT-FOR-US: Oracle PeopleSoft Enterprise
CVE-2008-2613 (Unspecified vulnerability in the Database Scheduler component in ...)
	NOT-FOR-US: Oracle database
CVE-2008-2612 (Unspecified vulnerability in the Hyperion BI Plus component in Oracle ...)
	NOT-FOR-US: Oracle database
CVE-2008-2611 (Unspecified vulnerability in the Core RDBMS component in Oracle ...)
	NOT-FOR-US: Oracle database
CVE-2008-2610 (Unspecified vulnerability in the Oracle Applications Technology Stack ...)
	NOT-FOR-US: Oracle database
CVE-2008-2609 (Unspecified vulnerability in the Oracle Portal component in Oracle ...)
	NOT-FOR-US: Oracle database
CVE-2008-2608 (Unspecified vulnerability in the Data Pump component in Oracle ...)
	NOT-FOR-US: Oracle database
CVE-2008-2607 (Unspecified vulnerability in the Advanced Queuing component in Oracle ...)
	NOT-FOR-US: Oracle database
CVE-2008-2606 (Unspecified vulnerability in the Oracle Application Object Library ...)
	NOT-FOR-US: Oracle database
CVE-2008-2605 (Unspecified vulnerability in the Authentication component in Oracle ...)
	NOT-FOR-US: Oracle database
CVE-2008-2604 (Unspecified vulnerability in the Authentication component in Oracle ...)
	NOT-FOR-US: Oracle database
CVE-2008-2603 (Unspecified vulnerability in the Resource Manager component in Oracle ...)
	NOT-FOR-US: Oracle database
CVE-2008-2602 (Unspecified vulnerability in the Data Pump component in Oracle ...)
	NOT-FOR-US: Oracle database
CVE-2008-2601 (Unspecified vulnerability in the Oracle iStore component in Oracle ...)
	NOT-FOR-US: Oracle database
CVE-2008-2600 (Unspecified vulnerability in the Oracle Spatial component in Oracle ...)
	NOT-FOR-US: Oracle database
CVE-2008-2599 (Unspecified vulnerability in the TimesTen Client/Server component in ...)
	NOT-FOR-US: Oracle database
CVE-2008-2598 (Unspecified vulnerability in the TimesTen Client/Server component in ...)
	NOT-FOR-US: Oracle database
CVE-2008-2597 (Unspecified vulnerability in the TimesTen Client/Server component in ...)
	NOT-FOR-US: Oracle database
CVE-2008-2596 (Unspecified vulnerability in the Mobile Application Server component ...)
	NOT-FOR-US: Oracle database
CVE-2008-2595 (Unspecified vulnerability in the Oracle Internet Directory component ...)
	NOT-FOR-US: Oracle database
CVE-2008-2594 (Unspecified vulnerability in the Oracle Portal component in Oracle ...)
	NOT-FOR-US: Oracle database
CVE-2008-2593 (Unspecified vulnerability in the Oracle Portal component in Oracle ...)
	NOT-FOR-US: Oracle database
CVE-2008-2592 (Unspecified vulnerability in the Advanced Replication component in ...)
	NOT-FOR-US: Oracle database
CVE-2008-2591 (Unspecified vulnerability in the Oracle Database Vault component in ...)
	NOT-FOR-US: Oracle database
CVE-2008-2590 (Unspecified vulnerability in the Instance Management component in ...)
	NOT-FOR-US: Oracle database
CVE-2008-2589 (Unspecified vulnerability in the Oracle Portal component in Oracle ...)
	NOT-FOR-US: Oracle database
CVE-2008-2588 (Unspecified vulnerability in the Oracle JDeveloper component in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2008-2587 (Unspecified vulnerability in the Advanced Replication component in ...)
	NOT-FOR-US: Oracle database
CVE-2008-2586 (Unspecified vulnerability in the Oracle Application Object Library ...)
	NOT-FOR-US: Oracle database
CVE-2008-2585 (Unspecified vulnerability in the Oracle Report Manager component in ...)
	NOT-FOR-US: Oracle database
CVE-2008-2584
	RESERVED
CVE-2008-2583 (Unspecified vulnerability in the sample Discussion Forum Portlet for ...)
	NOT-FOR-US: Oracle database
CVE-2008-2582 (Unspecified vulnerability in the WebLogic Server component in Oracle ...)
	NOT-FOR-US: BEA Product Suite
CVE-2008-2581 (Unspecified vulnerability in the WebLogic Server component in Oracle ...)
	NOT-FOR-US: BEA Product Suite
CVE-2008-2580 (Unspecified vulnerability in the WebLogic Server component in Oracle ...)
	NOT-FOR-US: BEA Product Suite
CVE-2008-2579 (Unspecified vulnerability in the WebLogic Server Plugins for Apache, ...)
	NOT-FOR-US: BEA Product Suite
CVE-2008-2578 (Unspecified vulnerability in the WebLogic Server component in Oracle ...)
	NOT-FOR-US: BEA Product Suite
CVE-2008-2577 (Unspecified vulnerability in the WebLogic Server component in Oracle ...)
	NOT-FOR-US: BEA Product Suite
CVE-2008-2576 (Unspecified vulnerability in the WebLogic Server component in Oracle ...)
	NOT-FOR-US: BEA Product Suite
CVE-2008-2574 (Unrestricted file upload vulnerability in admin/Editor/imgupload.php ...)
	NOT-FOR-US: FlashBlog
CVE-2008-2573 (Stack-based buffer overflow in SFTP in freeSSHd 1.2.1 allows remote ...)
	NOT-FOR-US: freeSSHd
CVE-2008-2572 (SQL injection vulnerability in php/leer_comentarios.php in FlashBlog ...)
	NOT-FOR-US: FlashBlog
CVE-2008-2571 (Cross-site request forgery (CSRF) vulnerability in LimeSurvey ...)
	NOT-FOR-US: LimeSurvey
CVE-2008-2570 (Multiple unspecified vulnerabilities in LimeSurvey (formerly ...)
	NOT-FOR-US: LimeSurvey
CVE-2008-2569 (SQL injection vulnerability in the EasyBook (com_easybook) component ...)
	NOT-FOR-US: com_easybook component for Joomla!
CVE-2008-2568 (SQL injection vulnerability in the Simple Shop Galore (com_simpleshop) ...)
	NOT-FOR-US: com_simpleshop component for Joomla!
CVE-2008-2567 (Cross-site scripting (XSS) vulnerability in Fenriru Sleipnir 2.7.1 ...)
	NOT-FOR-US: Fenriru Sleipnir
CVE-2008-2566 (Multiple cross-site scripting (XSS) vulnerabilities in PHP Address ...)
	NOT-FOR-US: PHP Address Book
CVE-2008-2565 (Multiple SQL injection vulnerabilities in PHP Address Book 3.1.5 and ...)
	NOT-FOR-US: PHP Address Book
CVE-2008-2564 (SQL injection vulnerability in the JotLoader (com_jotloader) component ...)
	NOT-FOR-US: com_jotloader component for Joomla!
CVE-2008-2563 (Multiple cross-site scripting (XSS) vulnerabilities in (1) ...)
	NOT-FOR-US: SamTodo
CVE-2008-2562 (SQL injection vulnerability in edCss.php in PowerPhlogger 2.2.5 and ...)
	NOT-FOR-US: PowerPhlogger
CVE-2008-2561 (Multiple cross-site scripting (XSS) vulnerabilities in 427BB 2.3.1 ...)
	NOT-FOR-US: 427BB
CVE-2008-2560 (SQL injection vulnerability in showpost.php in 427BB 2.3.1 allows ...)
	NOT-FOR-US: 427BB
CVE-2008-2654 (Off-by-one error in the read_client function in webhttpd.c in Motion ...)
	- motion 3.2.9-3 (low; bug #484572)
	[etch] - motion <no-dsa> (minor issue)
CVE-2008-2667 (SQL injection vulnerability in the Courier Authentication Library (aka ...)
	{DSA-1688-1}
	- courier-authlib 0.60.1-2.1 (bug #485424)
CVE-2008-XXXX [missing sanity checks allow DoS via mis-formated timestamp]
	- evolution 2.22.2-1.1 (low; bug #484639)
	[etch] - evolution <no-dsa> (Minor issue)
CVE-2008-2559 (Integer overflow in Borland Interbase 2007 SP2 (8.1.0.256) allows ...)
	NOT-FOR-US: Borland Interbase
CVE-2008-2558 (CRE Loaded 6.2.13.1 and earlier does not set the &quot;Secure&quot; attribute ...)
	NOT-FOR-US: CRE Loaded
CVE-2008-2557 (Cross-site scripting (XSS) vulnerability in CRE Loaded 6.2.13.1 and ...)
	NOT-FOR-US: CRE Loaded
CVE-2008-2556 (SQL injection vulnerability in read.php in PHP Visit Counter 0.4 and ...)
	NOT-FOR-US: PHP Visit Counter
CVE-2008-2555 (SQL injection vulnerability in index.php in EasyWay CMS allows remote ...)
	NOT-FOR-US: EasyWay CMS
CVE-2008-2554 (Multiple SQL injection vulnerabilities in BP Blog 6.0 allow remote ...)
	NOT-FOR-US: BP Blog
CVE-2008-2553 (Cross-site scripting (XSS) vulnerability in Slashdot Like Automated ...)
	{DSA-1633-1}
	- slash <unfixed> (low; bug #484499)
	NOTE: See CVE-2008-2231
	NOTE: maintainer wants to remove package from unstable and move to experimental
CVE-2008-2552 (Unspecified vulnerability in the Service Tag Registry on Sun Solaris ...)
	NOT-FOR-US: Sun Solaris
CVE-2008-2551 (The DownloaderActiveX Control (DownloaderActiveX.ocx) in Icona SpA C6 ...)
	NOT-FOR-US: DownloaderActiveX Control
CVE-2008-2550 (Unspecified vulnerability in the Web Services Security component in ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2008-2549 (Adobe Acrobat Reader 8.1.2 and earlier allows remote attackers to ...)
	NOT-FOR-US: Acrobat Reader
CVE-2008-2548 (Stack-based buffer overflow in the JPEG thumbprint component in the ...)
	NOT-FOR-US: JPEG thumbprint component in the EXIF parser on Motorola cell phones
CVE-2008-2547 (Stack-based buffer overflow in msiexec.exe 3.1.4000.1823 and ...)
	NOT-FOR-US: Microsoft Windows Installer
CVE-2008-2546
	REJECTED
CVE-2008-2545 (Skype 3.6.0.248, and other versions before 3.8.0.139, uses a ...)
	NOT-FOR-US: Skype
CVE-2008-2544
	RESERVED
CVE-2008-2543 (The ooh323 channel driver in Asterisk Addons 1.2.x before 1.2.9 and ...)
	- asterisk-addons 1.4.7-1 (bug #484796)
CVE-2008-2542 (Stack-based buffer overflow in the getline function in Ppm/ppm.C in ...)
	NOT-FOR-US: NASA Ames Research Center BigView
CVE-2008-2541 (Multiple stack-based buffer overflows in the HTTP Gateway Service ...)
	NOT-FOR-US: CA eTrust
CVE-2008-2540 (Apple Safari on Mac OS X, and before 3.1.2 on Windows, does not prompt ...)
	NOT-FOR-US: Apple Safari
CVE-2008-2539 (The Sun Cluster Global File System in Sun Cluster 3.1 on Sun Solaris 8 ...)
	NOT-FOR-US: Sun Solaris 8
CVE-2008-2538 (Unspecified vulnerability in crontab on Sun Solaris 8 through 10, and ...)
	NOT-FOR-US: Sun Solaris 8
CVE-2008-2537 (SQL injection vulnerability in cat.php in HispaH Model Search allows ...)
	NOT-FOR-US: HispaH Model Search
CVE-2008-2536 (SQL injection vulnerability in out.php in YABSoft Advanced Image ...)
	NOT-FOR-US: YABSoft Advanced Image
CVE-2008-2535 (Multiple SQL injection vulnerabilities in Phoenix View CMS Pre Alpha2 ...)
	NOT-FOR-US: Phoenix View CMS Pre Alpha2
CVE-2008-2534 (Directory traversal vulnerability in admin/admin_frame.php in Phoenix ...)
	NOT-FOR-US: Phoenix View CMS Pre Alpha2
CVE-2008-2533 (Multiple cross-site scripting (XSS) vulnerabilities in Phoenix View ...)
	NOT-FOR-US: Phoenix View CMS Pre Alpha2
CVE-2008-2532 (SQL injection vulnerability in forum/topic_detail.php in AJ Square ...)
	NOT-FOR-US: AJ Square aj-hyip
CVE-2008-2531 (Cross-site scripting (XSS) vulnerability in the search script in Build ...)
	NOT-FOR-US: Build A Niche Store
CVE-2008-2530 (Multiple SQL injection vulnerabilities in Concepts &amp; Solutions ...)
	NOT-FOR-US: Concepts & Solutions QuickUpCMS
CVE-2008-2529 (SQL injection vulnerability in read.php in Advanced Links Management ...)
	NOT-FOR-US: Advanced Links Management
CVE-2008-2528 (Unspecified vulnerability in Citrix Access Gateway Standard Edition ...)
	NOT-FOR-US: Citrix Access Gateway Standard Edition
CVE-2008-2527 (Cross-site scripting (XSS) vulnerability in view.php in ActualScripts ...)
	NOT-FOR-US: ActualScripts ActualAnalyzer Server
CVE-2008-2526 (Cross-site scripting (XSS) vulnerability in the WT Gallery (aka ...)
	NOT-FOR-US: WT Gallery
CVE-2008-2525 (Cross-site scripting (XSS) vulnerability in the Event Database (aka ...)
	NOT-FOR-US: typo3 extension Event Database
CVE-2008-2524 (BlogPHP 2.0 allows remote attackers to bypass authentication, and post ...)
	NOT-FOR-US: BlogPHP
CVE-2008-2523 (SQL injection vulnerability in the Autopatcher server plugin in RakNet ...)
	NOT-FOR-US: RakNet
CVE-2008-2522 (SQL injection vulnerability in members.php in Battle.net Clan Script ...)
	NOT-FOR-US: Battle.net Clan Script
CVE-2008-2521 (SQL injection vulnerability in members.php in YABSoft Mega File ...)
	NOT-FOR-US: YABSoft Mega File
CVE-2008-2520 (Multiple PHP remote file inclusion vulnerabilities in BigACE 2.4, when ...)
	NOT-FOR-US: BigACE
CVE-2008-2519 (Directory traversal vulnerability in Core FTP client 2.1 Build 1565 ...)
	NOT-FOR-US: Core FTP client
CVE-2008-2518 (Cross-site scripting (XSS) vulnerability in the advanced search ...)
	NOT-FOR-US: Sun Java System Web Server
CVE-2008-2517 (The sarab.sh script in SaraB before 0.2.4 places the dar program's ...)
	NOT-FOR-US: SaraB
CVE-2008-2515 (Unspecified vulnerability in iostat in IBM AIX 5.2, 5.3, and 6.1 ...)
	NOT-FOR-US: IBM AIX
CVE-2008-2514 (Buffer overflow in errpt in IBM AIX 5.2, 5.3, and 6.1 allows local ...)
	NOT-FOR-US: IBM AIX
CVE-2008-2513 (Buffer overflow in the kernel in IBM AIX 5.2, 5.3, and 6.1 allows ...)
	NOT-FOR-US: IBM AIX
CVE-2008-2512 (Directory traversal vulnerability in Symantec Backup Exec System ...)
	NOT-FOR-US: Symantec Backup Exec System Recovery Manager
CVE-2008-2511 (Directory traversal vulnerability in the ...)
	NOT-FOR-US: CA Internet Security Suite
CVE-2008-2510 (SQL injection vulnerability in wp-uploadfile.php in the Upload File ...)
	NOT-FOR-US: Upload File plugin for WordPress
CVE-2008-2509 (SQL injection vulnerability in pwd.asp in Excuse Online allows remote ...)
	NOT-FOR-US: Excuse Online
CVE-2008-2508 (Cross-site scripting (XSS) vulnerability in news.php in Tr Script News ...)
	NOT-FOR-US:  Tr Script News
CVE-2008-2507 (Cross-site scripting (XSS) vulnerability in Calcium40.pl in Brown Bear ...)
	NOT-FOR-US: Brown Bear Software Calcium
CVE-2008-2506 (Multiple SQL injection vulnerabilities in Simpel Side Weblosning 1 ...)
	NOT-FOR-US: Simpel Side Weblosning
CVE-2008-2505 (Cross-site scripting (XSS) vulnerability in result.php in Simpel Side ...)
	NOT-FOR-US: Simpel Side Weblosning
CVE-2008-2504 (Multiple SQL injection vulnerabilities in Simpel Side Netbutik 1 ...)
	NOT-FOR-US: Simpel Side Netbutik
CVE-2008-2503 (Buffer overflow in Uploadlist in eMule X-Ray before 1.4 has unknown ...)
	NOT-FOR-US: eMule X-Ray
CVE-2008-2502 (Unspecified vulnerability in the web server in eMule X-Ray before 1.4 ...)
	NOT-FOR-US: eMule X-Ray
CVE-2008-2501 (Multiple SQL injection vulnerabilities in PHPhotoalbum 0.5 allow ...)
	NOT-FOR-US: PHPhotoalbum
CVE-2008-2500 (Cross-site scripting (XSS) vulnerability in the MOStlyContent Editor ...)
	NOT-FOR-US: MOStlyContent Editor
CVE-2008-2499 (Stack-based buffer overflow in the Community Services Multiplexer (aka ...)
	NOT-FOR-US: Community Services Multiplexer
CVE-2008-2498 (Multiple SQL injection vulnerabilities in index.php in Mambo before ...)
	NOT-FOR-US: Mambo
CVE-2008-2497 (CRLF injection vulnerability in Mambo before 4.6.4 allows remote ...)
	NOT-FOR-US: Mambo
CVE-2008-2496 (Multiple cross-site scripting (XSS) vulnerabilities in Quate CMS 0.3.4 ...)
	NOT-FOR-US: Quate CMS
CVE-2008-2495 (Directory traversal vulnerability in index.php in Zina 1.0 RC3 allows ...)
	NOT-FOR-US: Zina
CVE-2008-2494 (Cross-site scripting (XSS) vulnerability in index.php in Zina 1.0 RC3 ...)
	NOT-FOR-US: Zina
CVE-2008-2493 (Cross-site scripting (XSS) vulnerability in post3/Book.asp in Campus ...)
	NOT-FOR-US: Campus Bulletin Board
CVE-2008-2492 (Multiple SQL injection vulnerabilities in Campus Bulletin Board 3.4 ...)
	NOT-FOR-US: Campus Bulletin Board
CVE-2008-2491 (SQL injection vulnerability in adv_cat.php in AbleSpace 1.0 allows ...)
	NOT-FOR-US: AbleSpace
CVE-2008-2490 (Cross-site scripting (XSS) vulnerability in the KJ Image Lightbox 2 ...)
	NOT-FOR-US: KJ Image Lightbox 2
CVE-2008-2489 (SQL injection vulnerability in the Library for Frontend Plugins (aka ...)
	NOT-FOR-US: Library for Frontend Plugins sg_zfelib
CVE-2008-2488 (admin/userform.php in RoomPHPlanning 1.5 does not require ...)
	NOT-FOR-US: RoomPHPlanning
CVE-2008-2487 (SQL injection vulnerability in index.php in MAXSITE 1.10 and earlier ...)
	NOT-FOR-US: MAXSITE
CVE-2008-2486 (Unspecified vulnerability in eMule Plus before 1.2d has unknown impact ...)
	- amule <not-affected> (Different code)
CVE-2008-2485 (Cross-site scripting (XSS) vulnerability in the URL redirection script ...)
	NOT-FOR-US: PCPIN chat
CVE-2008-2484 (SQL injection vulnerability in index.php in Xomol CMS 1.20071213, when ...)
	NOT-FOR-US: Xomol CMS
CVE-2008-2483 (Directory traversal vulnerability in index.php in Xomol CMS 1.20071213 ...)
	NOT-FOR-US: Xomol CMS
CVE-2008-2482 (Directory traversal vulnerability in install_mod.php in insanevisions ...)
	NOT-FOR-US: OneCMS
CVE-2008-2481 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: phpRaider
CVE-2008-2480 (PHP remote file inclusion vulnerability in plus.php in plusPHP Short ...)
	NOT-FOR-US: plusPHP
CVE-2008-2479 (Multiple SQL injection vulnerabilities in phpFix 2.0 allow remote ...)
	NOT-FOR-US: phpFix
CVE-2008-2478 (** DISPUTED ** ...)
	NOT-FOR-US: cPanel
CVE-2008-2477 (SQL injection vulnerability in index.php in MxBB (aka MX-System) ...)
	NOT-FOR-US: MxBB (MX-System)
CVE-2008-2476 (The IPv6 Neighbor Discovery Protocol (NDP) implementation in (1) ...)
	- kfreebsd-7 7.0-6
	NOTE: IPv6 NDP flaw not affecting Linux
CVE-2008-2475
	RESERVED
CVE-2008-2474 (Buffer overflow in x87 before 3.5.5 in ABB Process Communication Unit ...)
	NOT-FOR-US: ABB Process Communication Unit
CVE-2008-2473
	RESERVED
CVE-2008-2472
	RESERVED
CVE-2008-2471
	RESERVED
CVE-2008-2470 (The InstallShield Update Service Agent ActiveX control in isusweb.dll ...)
	NOT-FOR-US: InstallShield
CVE-2008-2469 (Heap-based buffer overflow in the SPF_dns_resolv_lookup function in ...)
	{DSA-1659-1 DTSA-172-1}
	- libspf2 1.2.9-1 (high)
CVE-2008-2468 (Multiple buffer overflows in the QIP Server Service (aka qipsrvr.exe) ...)
	NOT-FOR-US: LANDesk Management Suite
CVE-2008-2467
	RESERVED
CVE-2008-2466
	RESERVED
CVE-2008-2465
	RESERVED
CVE-2008-2464 (The mld_input function in sys/netinet6/mld6.c in the kernel in NetBSD ...)
	NOT-FOR-US: NetBSD
CVE-2008-2463 (The Microsoft Office Snapshot Viewer ActiveX control in snapview.ocx, ...)
	NOT-FOR-US: Microsoft Office Snapshot Viewer ActiveX
CVE-2008-2462 (Cross-site scripting (XSS) vulnerability in the viewfile documentation ...)
	NOT-FOR-US: Caucho Resin
CVE-2008-2461 (SQL injection vulnerability in index.php in Netious CMS 0.4 allows ...)
	NOT-FOR-US: Netious
CVE-2008-2460 (SQL injection vulnerability in faq.php in vBulletin 3.7.0 Gold allows ...)
	NOT-FOR-US: vBulletin
CVE-2008-2459 (Directory traversal vulnerability in page.php in EntertainmentScript ...)
	NOT-FOR-US: EntertainmentScript
CVE-2008-2458 (Cross-site scripting (XSS) vulnerability in index.php in Starsgames ...)
	NOT-FOR-US: Starsgames
CVE-2008-2457 (SQL injection vulnerability in jokes_category.php in PHP-Jokesite 2.0 ...)
	NOT-FOR-US: PHP-Jokesite
CVE-2008-2456 (SQL injection vulnerability in index.php in ComicShout 2.5 and earlier ...)
	NOT-FOR-US: ComicShout
CVE-2008-2455 (SQL injection vulnerability in comment.php in the MacGuru BLOG Engine ...)
	NOT-FOR-US: MacGuru BLOG Engine
CVE-2008-2454 (SQL injection vulnerability in the xsstream-dm (com_xsstream-dm) ...)
	NOT-FOR-US: xsstream-dm
CVE-2008-2453 (Multiple SQL injection vulnerabilities in PHP Classifieds Script allow ...)
	NOT-FOR-US: PHP Classifieds Script
CVE-2008-2452 (Cross-site scripting (XSS) vulnerability in the Questionaire (aka ...)
	NOT-FOR-US: Questionaire pbsurvey
CVE-2008-2451 (Multiple SQL injection vulnerabilities in the Statistics (aka ...)
	NOT-FOR-US: Statistics ke_stats
CVE-2008-2450 (Multiple cross-site scripting (XSS) vulnerabilities in the Statistics ...)
	NOT-FOR-US: Statistics ke_stats
CVE-2008-2449 (Multiple cross-site scripting (XSS) vulnerabilities in Isaac McGowan ...)
	NOT-FOR-US: phpInstantGallery
CVE-2008-2448 (Multiple SQL injection vulnerabilities in Meto Forum 1.1 allow remote ...)
	NOT-FOR-US: Meto Forum
CVE-2008-2447 (SQL injection vulnerability in products.php in the Mytipper ZoGo-shop ...)
	NOT-FOR-US: Mytipper ZoGo-shop
CVE-2008-2446 (Multiple SQL injection vulnerabilities in Web Group Communication ...)
	NOT-FOR-US: Web Group Communication Center
CVE-2008-2445 (Cross-site scripting (XSS) vulnerability in profile.php in Web Group ...)
	NOT-FOR-US: Web Group Communication Center
CVE-2008-2444 (SQL injection vulnerability in userreg.php in CaLogic Calendars 1.2.2 ...)
	NOT-FOR-US: CaLogic Calendars
CVE-2008-2443 (SQL injection vulnerability in dpage.php in The Real Estate Script ...)
	NOT-FOR-US: Real Estate Script
CVE-2008-2442
	RESERVED
CVE-2008-2441 (Cisco Secure ACS 3.x before 3.3(4) Build 12 patch 7, 4.0.x, 4.1.x ...)
	NOT-FOR-US: Cisco Secure ACS
CVE-2008-2440
	RESERVED
CVE-2008-2439 (Directory traversal vulnerability in the UpdateAgent function in ...)
	NOT-FOR-US: Trend Micro OfficeScan
CVE-2008-2438
	RESERVED
CVE-2008-2437 (Stack-based buffer overflow in cgiRecvFile.exe in Trend Micro ...)
	NOT-FOR-US: Trend Micro OfficeScan
CVE-2008-2436 (Multiple heap-based buffer overflows in the IppCreateServerRef ...)
	NOT-FOR-US: Novell iPrint Client
CVE-2008-2435 (Use-after-free vulnerability in the Trend Micro HouseCall ActiveX ...)
	NOT-FOR-US: ActiveX
CVE-2008-2434 (The Trend Micro HouseCall ActiveX control 6.51.0.1028 and 6.6.0.1278 ...)
	NOT-FOR-US: ActiveX
CVE-2008-2433 (The web management console in Trend Micro OfficeScan 7.0 through 8.0, ...)
	NOT-FOR-US: Trend Micro OfficeScan
CVE-2008-2432 (Insecure method vulnerability in the GetFileList method in an ...)
	NOT-FOR-US: Novell iPrint
CVE-2008-2431 (Multiple buffer overflows in Novell iPrint Client before 5.06 allow ...)
	NOT-FOR-US: Novell iPrint
CVE-2008-2430 (Integer overflow in the Open function in modules/demux/wav.c in VLC ...)
	{DTSA-148-1}
	- vlc 0.8.6.h-1 (medium; bug #489004)
CVE-2008-2429 (Multiple SQL injection vulnerabilities in Calendarix Basic ...)
	NOT-FOR-US: Calendarix
CVE-2008-2428 (Multiple SQL injection vulnerabilities in TorrentTrader 1.08 Classic ...)
	NOT-FOR-US: TorrentTrader
CVE-2008-2427 (Stack-based buffer overflow in NConvert 4.92, GFL SDK 2.82, and XnView ...)
	NOT-FOR-US: NConvert, GFL SDK, XnView
CVE-2008-2426 (Multiple stack-based buffer overflows in Imlib 2 (aka imlib2) 1.4.0 ...)
	{DSA-1594-1}
	- imlib2 1.4.0-1.1 (medium; bug #483816)
	- imlib <not-affected> (Partly not present / partly fixed)
CVE-2008-2425 (SQL injection vulnerability in index.php in FicHive 1.0 allows remote ...)
	NOT-FOR-US: FicHive
CVE-2008-2422 (SQL injection vulnerability in index.php in Web Slider 0.6 allows ...)
	NOT-FOR-US: Web Slider
CVE-2008-2421 (Cross-site scripting (XSS) vulnerability in the Web GUI in SAP Web ...)
	NOT-FOR-US: Web GUI in SAP Web Application Server (WAS)
CVE-2008-2419 (Mozilla Firefox 2.0.0.14 allows remote attackers to cause a denial of ...)
	- iceweasel <unfixed> (low; bug #484484)
CVE-2008-2418 (Race condition in the STREAMS Administrative Driver (sad) in Sun ...)
	NOT-FOR-US: STREAMS Administrative Driver SUN
CVE-2008-2417 (SQL injection vulnerability in showQAnswer.asp in How2ASP.net Webboard ...)
	NOT-FOR-US: Webboard
CVE-2008-2416 (SQL injection vulnerability in index.php in FicHive 1.0 allows remote ...)
	NOT-FOR-US: FicHive
CVE-2008-2415 (Directory traversal vulnerability in ...)
	NOT-FOR-US: DigitalHive
CVE-2008-2414 (Cross-site scripting (XSS) vulnerability in send_email.php in AN ...)
	NOT-FOR-US: AN Guestbook
CVE-2008-2413 (Cross-site scripting (XSS) vulnerability in glossaire.php in ACGV News ...)
	NOT-FOR-US: ACGV News
CVE-2008-2412 (SQL injection vulnerability in glossaire.php in ACGV News 0.9.1 allows ...)
	NOT-FOR-US: ACGV News
CVE-2008-2411 (SQL injection vulnerability in index.php in SazCart 1.5.1 and earlier, ...)
	NOT-FOR-US: SazCart
CVE-2008-2410 (Cross-site scripting (XSS) vulnerability in the servlet engine and Web ...)
	NOT-FOR-US: Web Server service in IBM Lotus Domino
CVE-2008-2409 (Stack-based buffer overflow in Cerulean Studios Trillian before ...)
	NOT-FOR-US: Cerulean Studios Trillian
CVE-2008-2408 (Heap-based buffer overflow in the XML parsing functionality in ...)
	NOT-FOR-US: Cerulean Studios Trillian
CVE-2008-2407 (Stack-based buffer overflow in AIM.DLL in Cerulean Studios Trillian ...)
	NOT-FOR-US: Cerulean Studios Trillian
CVE-2008-2406 (The administration application server in Sun Java Active Server Pages ...)
	NOT-FOR-US: Sun Java System Active Server Pages
CVE-2008-2405 (Sun Java Active Server Pages (ASP) Server before 4.0.3 allows remote ...)
	NOT-FOR-US: Sun Java System Active Server Pages
CVE-2008-2404 (Stack-based buffer overflow in the request handling implementation in ...)
	NOT-FOR-US: Sun Java System Active Server Pages
CVE-2008-2403 (Multiple directory traversal vulnerabilities in unspecified ASP ...)
	NOT-FOR-US: Sun Java System Active Server Pages
CVE-2008-2402 (The Admin Server in Sun Java Active Server Pages (ASP) Server before ...)
	NOT-FOR-US: Sun Java System Active Server Pages
CVE-2008-2401 (The Admin Server in Sun Java Active Server Pages (ASP) Server before ...)
	NOT-FOR-US: Sun Java System Active Server Pages
CVE-2008-2400 (Unspecified vulnerability in stunnel before 4.23, when running as a ...)
	- stunnel4 <not-affected> (Windows specific issue)
CVE-2008-2399 (Directory traversal vulnerability in the FireFTP add-on before ...)
	NOT-FOR-US: FireFTP
CVE-2008-2575 (cbrPager before 0.9.17 allows user-assisted remote attackers to ...)
	- cbrpager 0.9.17-1 (low; bug #482853)
	[etch] - cbrpager 0.9.14-3+etch1
	NOTE: Minor issue fixed in 4.0r4 point release
CVE-2008-XXXX [resizing the monitor with xrandr can crash xscreensaver]
	- xscreensaver 5.05-3 (unimportant; bug #482385)
CVE-2008-2516 (pam_sm_authenticate in pam_pgsql.c in libpam-pgsql 0.6.3 does not ...)
	- pam-pgsql 0.6.3-2 (medium; bug #481970)
	[etch] - pam-pgsql <not-affected> (Vulnerable code not present)
	NOTE: pam_pgsql is not configured as "sufficient" in Debian default configuration
CVE-2008-2424 (Unspecified vulnerability in the 404 error page for the &quot;Standard ...)
	- interchange 5.5.1 (low; bug #482636)
CVE-2008-2423 (Unspecified vulnerability in Interchange before 5.6.0 allows remote ...)
	- interchange 5.5.1 (low; bug #482636)
CVE-2008-2420 (The OCSP functionality in stunnel before 4.24 does not properly search ...)
	- stunnel4 3:4.22-1.1 (low; bug #482644)
CVE-2008-2398 (Cross-site scripting (XSS) vulnerability in index.php in AppServ Open ...)
	NOT-FOR-US: AppServ Open Project
CVE-2008-2397 (Cross-site scripting (XSS) vulnerability in search-results.dot in ...)
	NOT-FOR-US: dotCMS
CVE-2008-2396 (PHP remote file inclusion vulnerability in index.php in Wajox Software ...)
	NOT-FOR-US: microSSys
CVE-2008-2395 (SQL injection vulnerability in thread.php in AlkalinePHP 0.80.00 beta ...)
	NOT-FOR-US: AlkalinePHP
CVE-2008-2394 (Multiple SQL injection vulnerabilities in TAGWORX.CMS 3.00.02 allow ...)
	NOT-FOR-US: TAGWORX.CMS
CVE-2008-2393 (SQL injection vulnerability in play.php in EntertainmentScript 1.4.0 ...)
	NOT-FOR-US: EntertainmentScript
CVE-2008-2392 (Unrestricted file upload vulnerability in WordPress 2.5.1 and earlier ...)
	- wordpress 2.5.1-4 (low; bug #485807)
CVE-2008-2391 (SubSonic allows remote attackers to bypass pagesize limits and cause a ...)
	NOT-FOR-US: SubSonic
CVE-2008-2390 (Hpufunction.dll 4.0.0.1 in HP Software Update exposes the unsafe (1) ...)
	NOT-FOR-US: HP Software Update
CVE-2008-2389 (opensuse-updater in openSUSE 10.2 allows local users to access ...)
	NOT-FOR-US: opensuse-updater
CVE-2008-2388 (Multiple off-by-one errors in opensuse-updater in openSUSE 10.2 have ...)
	NOT-FOR-US: opensuse-updater
CVE-2008-2387
	RESERVED
CVE-2008-2386
	RESERVED
CVE-2008-2385
	RESERVED
CVE-2008-2384 (SQL injection vulnerability in mod_auth_mysql.c in the mod-auth-mysql ...)
	- mod-auth-mysql 4.3.9-11 (medium)
CVE-2008-2383 (CRLF injection vulnerability in xterm allows user-assisted attackers ...)
	{DSA-1694-1 DTSA-182-1}
	- xterm 238-2 (medium; bug #510030)
CVE-2008-2382 (The protocol_client_msg function in vnc.c in the VNC server in (1) ...)
	- qemu 0.9.1-9
	[etch] - qemu <not-affected> (Tested by maintainer)
	- kvm 72+dfsg-4
	- xen-unstable <not-affected> (Vulnerable code not present)
	- xen-3 <not-affected> (Vulnerable code not present)
CVE-2008-2381 (SQL injection vulnerability in the create function in ...)
	{DSA-1698-1}
	- gforge 4.7~rc2-7
CVE-2008-2380 (SQL injection vulnerability in authpgsqllib.c in Courier-Authlib ...)
	{DSA-1688-1 DTSA-180-1}
	- courier-authlib 0.61.0-1+lenny1
CVE-2008-2379 (Cross-site scripting (XSS) vulnerability in SquirrelMail before 1.4.17 ...)
	{DSA-1682-1}
	- squirrelmail 2:1.4.15-4
CVE-2008-2378 (Untrusted search path vulnerability in hfkernel in hf 0.7.3 and 0.8 ...)
	{DSA-1668-1}
	- hf 0.8-8.1 (medium; bug #504182)
CVE-2008-2377 (Use after free vulnerability in the ...)
	- gnutls26 2.4.1-1 (medium)
CVE-2008-2376 (Integer overflow in the rb_ary_fill function in array.c in Ruby before ...)
	{DSA-1618-1 DSA-1612-1}
	- ruby1.9 1.9.0.2-2
	- ruby1.8 1.8.7.22-2
	NOTE: http://www.openwall.com/lists/oss-security/2008/07/02/3
CVE-2008-2375 (Memory leak in a certain Red Hat deployment of vsftpd before 2.0.5 on ...)
	- vsftpd <not-affected> (debian versions all include the fix)
CVE-2008-2374 (src/sdp.c in bluez-libs 3.30 in BlueZ, and other bluez-libs before ...)
	- bluez-libs 3.34 (low)
	- bluez-utils 3.34 (low)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2008-2374
CVE-2008-2373
	RESERVED
CVE-2008-2372 (The Linux kernel 2.6.24 and 2.6.25 before 2.6.25.9 allows local users ...)
	- linux-2.6 2.6.26-1
	[etch] - linux-2.6 <not-affected> (Introduced between 2.6.23 and 2.6.24)
	- linux-2.6.24 2.6.24-6~etchnhalf.4
	NOTE: IMO this is a lack of optimisation, not a security issue? - jmm
	NOTE: 89f5b7da2a6bad2e84670422ab8192382a5aeb9f
CVE-2008-2371 (Heap-based buffer overflow in pcre_compile.c in the Perl-Compatible ...)
	{DSA-1602-1 DTSA-145-1}
	- pcre3 7.6-2.1 (medium; bug #488919)
CVE-2008-2370 (Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 ...)
	- tomcat5.5 5.5.26-4 (bug #494504)
CVE-2008-2369 (manzier.pxt in Red Hat Network Satellite Server before 5.1.1 has a ...)
	NOT-FOR-US: Red Hat Network Satellite Server
CVE-2008-2368 (Red Hat Certificate System 7.2 stores passwords in cleartext in the ...)
	NOT-FOR-US: Red Hat Certificate System
CVE-2008-2367 (Red Hat Certificate System 7.2 uses world-readable permissions for ...)
	NOT-FOR-US: Red Hat Certificate System
CVE-2008-2366 (Untrusted search path vulnerability in a certain Red Hat build script ...)
	- openoffice.org <not-affected> (RedHat-specific packaging flaw)
CVE-2008-2365 (Race condition in the ptrace and utrace support in the Linux kernel ...)
	- linux-2.6 2.6.17
	NOTE: 5ecfbae093f0c37311e89b29bfc0c9d586eace87 f5b40e363ad6041a96e3da32281d8faa191597b9
	NOTE: f358166a9405e4f1d8e50d8f415c26d95505b6de
CVE-2008-2364 (The ap_proxy_http_process_response function in mod_proxy_http.c in the ...)
	- apache2 2.2.9-1 (low)
	[etch] - apache2 2.2.3-4+etch6
	TODO: check apache 1.3
CVE-2008-2363 (The PartsBatch class in Pan 0.132 and earlier does not properly manage ...)
	- pan 0.132-3.1 (bug #483562)
	[etch] - pan <not-affected> (Vulnerable code not added until 0.130)
	NOTE: see http://svn.gnome.org/viewvc/pan2/trunk/pan/data/parts.cc?view=log&pathrev=286
CVE-2008-2362 (Multiple integer overflows in the Render extension in the X server 1.4 ...)
	{DSA-1595-1 DTSA-141-1}
	- xorg-server 2:1.4.1~git20080517-2
CVE-2008-2361 (Integer overflow in the ProcRenderCreateCursor function in the Render ...)
	{DSA-1595-1 DTSA-141-1}
	- xorg-server 2:1.4.1~git20080517-2
CVE-2008-2360 (Integer overflow in the AllocateGlyph function in the Render extension ...)
	{DSA-1595-1 DTSA-141-1}
	- xorg-server 2:1.4.1~git20080517-2
CVE-2008-2359 (The default configuration of consolehelper in system-config-network ...)
	NOT-FOR-US: system-config-network Fedora
CVE-2008-2358 (Integer overflow in the dccp_feat_change function in net/dccp/feat.c ...)
	{DSA-1592-1}
	- linux-2.6 2.6.20-1
	NOTE: DCCP feature sanitising was introduced in 2.6.20
	NOTE: this version casts sizeof to int. This is a module, not a compiled in feature in Debian
CVE-2008-2357 (Stack-based buffer overflow in the split_redraw function in split.c in ...)
	{DSA-1587-1}
	- mtr 0.73-1
CVE-2008-2356 (SQL injection vulnerability in index.php in Archangel Weblog 0.90.02 ...)
	NOT-FOR-US: Archangel Weblog
CVE-2008-2355 (Directory traversal vulnerability in index.php in WR-Meeting 1.0, when ...)
	NOT-FOR-US: WR-Meeting
CVE-2008-2354 (Unspecified vulnerability in the data export function in testMaker ...)
	NOT-FOR-US: testMaker
CVE-2008-2353 (Directory traversal vulnerability in admin.php in GNU/Gallery 1.1.1.0 ...)
	NOT-FOR-US: GNU/Gallery
CVE-2008-2352 (Directory traversal vulnerability in index.php in Smeego 1.0, when ...)
	NOT-FOR-US: Smeego
CVE-2008-2351 (Multiple SQL injection vulnerabilities in index.php in CMS ...)
	NOT-FOR-US: WebManager-Pro
CVE-2008-2350 (Directory traversal vulnerability in highlight.php in bcoos 1.0.9 ...)
	NOT-FOR-US: bcoos
CVE-2008-2349 (Zomplog 3.8.2 and earlier allows remote attackers to gain ...)
	NOT-FOR-US: Zomplog
CVE-2008-2348 (MeltingIce File System 1.0 allows remote attackers to bypass ...)
	NOT-FOR-US: MeltingIce File System
CVE-2008-2347 (MyPicGallery 1.0 allows remote attackers to bypass application ...)
	NOT-FOR-US: MyPicGallery
CVE-2008-2346 (AlkalinePHP 0.77.35 and earlier allows remote attackers to bypass ...)
	NOT-FOR-US: AlkalinePHP
CVE-2008-2345 (Unspecified vulnerability in the air_filemanager 0.6.0 and earlier ...)
	NOT-FOR-US: air_filemanager extension for typo3
CVE-2008-2344 (Cross-site scripting (XSS) vulnerability in the air_filemanager 0.6.0 ...)
	NOT-FOR-US: air_filemanager extension for typo3
CVE-2008-2343 (News Manager 2.0 allows remote attackers to bypass restrictions and ...)
	NOT-FOR-US: News Manager
CVE-2008-2342 (Directory traversal vulnerability in attachments.php in News Manager ...)
	NOT-FOR-US: News Manager
CVE-2008-2341 (PHP remote file inclusion vulnerability in ch_readalso.php in News ...)
	NOT-FOR-US: News Manager
CVE-2008-2340 (Multiple SQL injection vulnerabilities in News Manager 2.0 allow ...)
	NOT-FOR-US: News Manager
CVE-2008-2339 (SQL injection vulnerability in index.php in Turnkey Web Tools SunShop ...)
	NOT-FOR-US: Turnkey Web Tools SunShop Shopping Cart
CVE-2008-2338 (Interspire ActiveKB 1.5 and earlier allows remote attackers to gain ...)
	NOT-FOR-US: Interspire ActiveKB
CVE-2008-2337 (Multiple SQL injection vulnerabilities in IMGallery 2.5, when ...)
	NOT-FOR-US: IMGallery
CVE-2008-2336 (SQL injection vulnerability in category.php in 68 Classifieds 4.0.1 ...)
	NOT-FOR-US: 68 Classifieds
CVE-2008-2335 (Cross-site scripting (XSS) vulnerability in search_results.php in ...)
	NOT-FOR-US: Vastal I-Tech phpVID
CVE-2008-2334 (Multiple SQL injection vulnerabilities in W1L3D4 Philboard 0.5 allow ...)
	NOT-FOR-US: W1L3D4 Philboard
CVE-2008-2333 (Cross-site scripting (XSS) vulnerability in ldap_test.cgi in Barracuda ...)
	NOT-FOR-US: Barracuda
CVE-2008-2332 (ImageIO in Apple Mac OS X 10.4.11 and 10.5 through 10.5.4 allows ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2008-2331 (Finder in Apple Mac OS X 10.5 through 10.5.4 does not properly update ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2008-2330 (slapconfig in Directory Services in Apple Mac OS X 10.5 through 10.5.4 ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2008-2329 (Directory Services in Apple Mac OS X 10.5 through 10.5.4, when Active ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2008-2328
	RESERVED
CVE-2008-2327 (Multiple buffer underflows in the (1) LZWDecode, (2) LZWDecodeCompat, ...)
	{DSA-1632-1 DTSA-160-1}
	- tiff 3.8.2-11 (medium)
CVE-2008-2326 (mDNSResponder in the Bonjour Namespace Provider in Apple Bonjour for ...)
	NOT-FOR-US: Apple Bonjour for Windows
CVE-2008-2325 (QuickLook in Apple Mac OS X 10.4.11 and 10.5.4 allows remote attackers ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2008-2324 (The Repair Permissions tool in Disk Utility in Apple Mac OS X 10.4.11 ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2008-2323 (Unspecified vulnerability in Data Detectors Engine in Apple Mac OS X ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2008-2322 (Integer overflow in CoreGraphics in Apple Mac OS X 10.4.11, 10.5.2, ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2008-2321 (Unspecified vulnerability in CoreGraphics in Apple Mac OS X 10.4.11 ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2008-2320 (Stack-based buffer overflow in CarbonCore in Apple Mac OS X 10.4.11 ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2008-2319
	RESERVED
CVE-2008-2318 (The WOHyperlink implementation in WebObjects in Apple Xcode tools ...)
	NOT-FOR-US: Apple Xcode
CVE-2008-2317 (WebCore in Apple Safari does not properly perform garbage collection ...)
	NOT-FOR-US: Safari
CVE-2008-2316 (Integer overflow in _hashopenssl.c in the hashlib module in Python ...)
	{DTSA-157-1}
	- python2.5 2.5.2-11 (low; bug #493797)
	- python2.4 <not-affected> (hashlib module introduced in python2.5)
CVE-2008-2315 (Multiple integer overflows in Python 2.5.2 and earlier allow ...)
	{DSA-1667-1 DTSA-157-1}
	- python2.5 2.5.2-10
	[etch] - python2.5 <no-dsa> (Minor issue, not the default Python runtime)
	- python2.4 2.4.5-5
CVE-2008-2314 (Dock in Apple Mac OS X 10.5 before 10.5.4, when Expos&#233; hot corners is ...)
	NOT-FOR-US: Mac OS X
CVE-2008-2313 (Apple Mac OS X before 10.5 uses weak permissions for the User Template ...)
	NOT-FOR-US: Mac OS X
CVE-2008-2312 (Network Preferences in Apple Mac OS X 10.4.11 stores PPP passwords in ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2008-2311 (Launch Services in Apple Mac OS X before 10.5, when Open Safe Files is ...)
	NOT-FOR-US: Mac OS X
CVE-2008-2310 (Format string vulnerability in c++filt in Apple Mac OS X 10.5 before ...)
	- binutils 2.18.1~cvs20080103-1 (low)
	[etch] - binutils <no-dsa> (Minor issue)
CVE-2008-2309 (Incomplete blacklist vulnerability in CoreTypes in Apple Mac OS X ...)
	NOT-FOR-US: CoreTypes in Apple Mac OS X
CVE-2008-2308 (Unspecified vulnerability in Alias Manager in Apple Mac OS X 10.5.1 ...)
	NOT-FOR-US: Alias Manager in Apple Mac OS X
CVE-2008-2307 (Unspecified vulnerability in WebKit in Apple Safari before 3.1.2, as ...)
	- webkit 1.0.1-1
	NOTE: http://trac.webkit.org/changeset/34204
CVE-2008-2306 (Apple Safari before 3.1.2 on Windows does not properly interpret the ...)
	NOT-FOR-US: Windows issue
CVE-2008-2305 (Heap-based buffer overflow in Apple Type Services (ATS) in Apple Mac ...)
	NOT-FOR-US: Apple Type Services (ATS)
CVE-2008-2304 (Buffer overflow in Apple Core Image Fun House 2.0 and earlier in ...)
	NOT-FOR-US: Apple Core Image Fun House
CVE-2008-2303 (Integer signedness error in Safari on Apple iPhone before 2.0 and iPod ...)
	NOT-FOR-US: Safari
CVE-2008-2301 (SQL injection vulnerability in Kostenloses Linkmanagementscript allows ...)
	NOT-FOR-US: Kostenloses Linkmanagementscript
CVE-2008-2300 (Unspecified vulnerability in Citrix Presentation Server 4.5 and ...)
	NOT-FOR-US: Citrix Software
CVE-2008-2299 (Unspecified vulnerability in SecureICA and ICA Basic encryption of ...)
	NOT-FOR-US: Citrix Software
CVE-2008-2298 (Admin.php in Web Slider 0.6 allows remote attackers to bypass ...)
	NOT-FOR-US: Web Slider
CVE-2008-2297 (The admin.php file in Rantx allows remote attackers to bypass ...)
	NOT-FOR-US: Rantx
CVE-2008-2296 (PHP remote file inclusion vulnerability in include/bbs.lib.inc.php in ...)
	NOT-FOR-US: Rgboard
CVE-2008-2295 (Cross-site scripting (XSS) vulnerability in rg_search.php in Rgboard ...)
	NOT-FOR-US: Rgboard
CVE-2008-2294 (Pet Grooming Management System 2.0 allows remote attackers to gain ...)
	NOT-FOR-US: Pet Grooming Management System
CVE-2008-2293 (admin.php in Multi-Page Comment System (MPCS) 1.0 and 1.1 allows ...)
	NOT-FOR-US: Multi-Page Comment System
CVE-2008-2292 (Buffer overflow in the __snprint_value function in snmp_get in ...)
	{DSA-1663-1 DTSA-134-1}
	- net-snmp 5.4.1~dfsg-8 (medium; bug #482333)
CVE-2008-2291 (axengine.exe in Symantec Altiris Deployment Solution 6.8.x and 6.9.x ...)
	NOT-FOR-US: Symantec Altiris Deployment Solution
CVE-2008-2290 (Unspecified vulnerability in the Agent user interface in Symantec ...)
	NOT-FOR-US: Symantec Altiris Deployment Solution
CVE-2008-2289 (Unspecified vulnerability in a tooltip element in Symantec Altiris ...)
	NOT-FOR-US: Symantec Altiris Deployment Solution
CVE-2008-2288 (Symantec Altiris Deployment Solution 6.8.x and 6.9.x before 6.9.176 ...)
	NOT-FOR-US: Symantec Altiris Deployment Solution
CVE-2008-2287 (Symantec Altiris Deployment Solution 6.8.x and 6.9.x before 6.9.176 ...)
	NOT-FOR-US: Symantec Altiris Deployment Solution
CVE-2008-2286 (SQL injection vulnerability in axengine.exe in Symantec Altiris ...)
	NOT-FOR-US: Symantec Altiris Deployment Solution
CVE-2008-2285 (The ssh-vulnkey tool on Ubuntu Linux 7.04, 7.10, and 8.04 LTS does not ...)
	{DSA-1576-1}
	- openssh 1:4.7p1-10
CVE-2008-2284 (PHP remote file inclusion vulnerability in fusebox5.php in Fusebox ...)
	NOT-FOR-US: Fusebox
CVE-2008-2283 (IDAutomation allows remote attackers to overwrite arbitrary files via ...)
	NOT-FOR-US: IDAutomation
CVE-2008-2282 (admin.php in Internet Photoshow and Internet Photoshow Special Edition ...)
	NOT-FOR-US: Internet Photoshow
CVE-2008-2281 (Cross-zone scripting vulnerability in the Print Table of Links feature ...)
	NOT-FOR-US: Internet Explorer
CVE-2005-4875 (TYPO3 3.8.0 and earlier allows remote attackers to obtain sensitive ...)
	- typo3-src 4.0.2-1
CVE-2008-2280 (Cross-site scripting (XSS) vulnerability in admin/index.php in Script ...)
	NOT-FOR-US: PHP PicEngine
CVE-2008-2279 (Freelance Auction Script 1.0 stores user passwords in plaintext in the ...)
	NOT-FOR-US: Freelance Auction Script
CVE-2008-2278 (SQL injection vulnerability in browseproject.php in Freelance Auction ...)
	NOT-FOR-US: Freelance Auction Script
CVE-2008-2277 (SQL injection vulnerability in detail.php in Feedback and Rating ...)
	NOT-FOR-US: Feedback and Rating Script
CVE-2008-2275 (Unspecified vulnerability in sr_feuser_register 1.4.0, 1.6.0, 2.2.1 to ...)
	NOT-FOR-US: sr_feuser_register extension for TYPO3
CVE-2008-2274 (Cross-site scripting (XSS) vulnerability in the sr_feuser_register ...)
	NOT-FOR-US: sr_feuser_register extension for TYPO3
CVE-2008-2273 (Unspecified vulnerability in the TACACS authentication component in ...)
	NOT-FOR-US: TACACS authentication component in Aruba Mobility Controller
CVE-2008-2272 (Multiple cross-site scripting (XSS) vulnerabilities in the web ...)
	NOT-FOR-US: Aruba Mobility Controller
CVE-2008-2271 (The Site Documentation Drupal module 5.x before 5.x-1.8 and 6.x before ...)
	NOT-FOR-US: Site Documentation Drupal module
CVE-2008-2270 (Multiple PHP remote file inclusion vulnerabilities in PHPWAY ...)
	NOT-FOR-US: PHPWAY Linkmanagementscript
CVE-2008-2269 (AustinSmoke GasTracker (AS-GasTracker) 1.0.0 allows remote attackers ...)
	NOT-FOR-US: GasTracker
CVE-2008-2268 (Open redirect vulnerability in interface/redirect.htm.php in Mjguest ...)
	NOT-FOR-US: Mjguest
CVE-2008-2267 (Incomplete blacklist vulnerability in javaUpload.php in Postlet in the ...)
	NOT-FOR-US: Postlet
CVE-2008-2265 (SQL injection vulnerability in news.php in EMO Realty Manager allows ...)
	NOT-FOR-US: EMO Realty Manager
CVE-2008-2264 (Cross-site scripting (XSS) vulnerability in index.php in CyrixMED 1.4 ...)
	NOT-FOR-US: CyrixMED
CVE-2008-2263 (SQL injection vulnerability in linking.page.php in Automated Link ...)
	NOT-FOR-US: Automated Link Exchange Portal 
CVE-2008-2262
	RESERVED
CVE-2008-2261
	RESERVED
CVE-2008-2260
	RESERVED
CVE-2008-2259 (Microsoft Internet Explorer 6 and 7 does not perform proper &quot;argument ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2008-2258 (Microsoft Internet Explorer 5.01, 6, and 7 accesses uninitialized ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2008-2257 (Microsoft Internet Explorer 5.01, 6, and 7 accesses uninitialized ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2008-2256 (Microsoft Internet Explorer 5.01, 6, and 7 does not properly handle ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2008-2255 (Microsoft Internet Explorer 5.01, 6, and 7 accesses uninitialized ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2008-2254 (Microsoft Internet Explorer 6 and 7 accesses uninitialized memory, ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2008-2253 (Unspecified vulnerability in Microsoft Windows Media Player 11 allows ...)
	NOT-FOR-US: Microsoft Windows Media Player
CVE-2008-2252 (The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 ...)
	NOT-FOR-US: Microsoft
CVE-2008-2251 (Double free vulnerability in the kernel in Microsoft Windows 2000 SP4, ...)
	NOT-FOR-US: Microsoft
CVE-2008-2250 (The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 ...)
	NOT-FOR-US: Microsoft
CVE-2008-2249 (Integer overflow in GDI in Microsoft Windows 2000 SP4, XP SP2 and SP3, ...)
	NOT-FOR-US: Microsoft Windows
CVE-2008-2248 (Cross-site scripting (XSS) vulnerability in Outlook Web Access (OWA) ...)
	NOT-FOR-US: Exchange Server
CVE-2008-2247 (Cross-site scripting (XSS) vulnerability in Outlook Web Access (OWA) ...)
	NOT-FOR-US: Exchange Server
CVE-2008-2246 (Microsoft Windows Vista through SP1 and Server 2008 do not properly ...)
	NOT-FOR-US: Microsoft Windows Vista
CVE-2008-2245 (Heap-based buffer overflow in the InternalOpenColorProfile function in ...)
	NOT-FOR-US: Microsoft Windows Image Color Management System (MSCMS)
CVE-2008-2244 (Microsoft Office Word 2002 SP3 allows remote attackers to execute ...)
	NOT-FOR-US: Microsoft Office Word 
CVE-2008-2243
	RESERVED
CVE-2008-2242 (Multiple buffer overflows in xdr functions in the server in CA ...)
	NOT-FOR-US: CA BrightStor ARCServe Backup
CVE-2008-2241 (Directory traversal vulnerability in caloggerd in CA BrightStor ...)
	NOT-FOR-US: CA BrightStor ARCServe Backup
CVE-2008-2240 (Stack-based buffer overflow in the Web Server service in IBM Lotus ...)
	NOT-FOR-US: IBM Lotus Domino
CVE-2008-2239
	RESERVED
CVE-2008-2238 (Multiple integer overflows in OpenOffice.org (OOo) 2.x before 2.4.2 ...)
	{DSA-1661-1}
	- openoffice.org 1:2.4.1-12
CVE-2008-2237 (Heap-based buffer overflow in OpenOffice.org (OOo) 2.x before 2.4.2 ...)
	{DSA-1661-1}
	- openoffice.org 1:2.4.1-12
CVE-2008-2236 (Cross-site scripting (XSS) vulnerability in blosxom.cgi in Blosxom ...)
	- blosxom 2.1.2-1 (low; bug #500873)
	[etch] - blosxom 2.0-14+etch1 (low; bug #500873)
CVE-2008-2235 (OpenSC before 0.11.5 uses weak permissions (ADMIN file control ...)
	{DSA-1627-2}
	- opensc 0.11.4-4
	NOTE: http://www.opensc-project.org/security.html
CVE-2008-2234 (Multiple buffer overflows in Openwsman 1.2.0 and 2.0.0 allow remote ...)
	NOT-FOR-US: Openwsman
CVE-2008-2233 (The client in Openwsman 1.2.0 and 2.0.0, in unknown configurations, ...)
	NOT-FOR-US: Openwsman
CVE-2008-2232 (The expand_template function in afuse.c in afuse 0.2 allows local ...)
	{DSA-1611-1 DTSA-149-1}
	- afuse 0.2-3 (bug #490921; medium)
CVE-2008-2231 (SQL injection vulnerability in Slashdot Like Automated Storytelling ...)
	{DSA-1633-1}
	- slash <unfixed> (medium; bug #484499)
	NOTE: See CVE-2008-2553
	NOTE: maintainer wants to remove package from unstable and move to experimental
CVE-2008-2230 (Untrusted search path vulnerability in (1) reportbug 3.8 and 3.31, and ...)
	- reportbug 3.41 (low; bug #484311)
	- reportbug-ng 0.2008.03.28 (low; bug #484474)
	[etch] - reportbug <no-dsa> (Unlikely attack scenario)
CVE-2008-2229
	RESERVED
CVE-2008-2228 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: Cyberfolio
CVE-2008-2227 (Multiple directory traversal vulnerabilities in PHP-Fusion Forum Rank ...)
	NOT-FOR-US: PHP-Fusion
CVE-2008-2226 (Unspecified vulnerability in the export feature in OpenKM before 2.0 ...)
	NOT-FOR-US: OpenKM
CVE-2008-2225 (SQL injection vulnerability in index.php in gameCMS Lite 1.0 allows ...)
	NOT-FOR-US: gameCMS
CVE-2008-2224 (Multiple PHP remote file inclusion vulnerabilities in SazCart 1.5.1, ...)
	NOT-FOR-US: SazCart
CVE-2008-2223 (SQL injection vulnerability in group_posts.php in vShare YouTube Clone ...)
	NOT-FOR-US: vShare YouTube Clone
CVE-2008-2222 (SQL injection vulnerability in login.php in EQdkp 1.3.2f allows remote ...)
	NOT-FOR-US: EQdkp
CVE-2008-2221 (Unspecified vulnerability in the Java plugin in IBM WebSphere ...)
	NOT-FOR-US: IBM WebSphere
CVE-2008-2220 (Multiple PHP remote file inclusion vulnerabilities in Interact ...)
	NOT-FOR-US: Interact Learning Community Environment
CVE-2008-2219 (Cross-site scripting (XSS) vulnerability in install.php in C-News.fr ...)
	NOT-FOR-US: C-News.fr
CVE-2008-2218 (Buffer overflow in the Multimedia PC Client in Nortel Multimedia ...)
	NOT-FOR-US: Nortel Multimedia
CVE-2008-2217 (Directory traversal vulnerability in cm/graphie.php in Content ...)
	NOT-FOR-US: CMS Phprojekt
CVE-2008-2216 (Unrestricted file upload vulnerability in src/yopy_upload.php in ...)
	NOT-FOR-US: PBCS
CVE-2008-2215 (Multiple directory traversal vulnerabilities in Project-Based ...)
	NOT-FOR-US: PBCS
CVE-2008-2214 (Stack-based buffer overflow in the Network Manager in Castle Rock ...)
	NOT-FOR-US: Castle Rock Computing SNMPc
CVE-2008-2213 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
	NOT-FOR-US: Maian Links
CVE-2008-2212 (Multiple cross-site scripting (XSS) vulnerabilities in Maian Cart 1.1 ...)
	NOT-FOR-US: Maian Cart
CVE-2008-2211 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
	NOT-FOR-US: Maian Guestbook
CVE-2008-2210 (Multiple cross-site scripting (XSS) vulnerabilities in Maian Support ...)
	NOT-FOR-US: Maian Support
CVE-2008-2209 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
	NOT-FOR-US: Maian Greeting
CVE-2008-2208 (SQL injection vulnerability in index.php in Maian Greeting 2.1 allows ...)
	NOT-FOR-US: Maian Greeting
CVE-2008-2207 (Cross-site scripting (XSS) vulnerability in admin/index.php in Maian ...)
	NOT-FOR-US: Maian Gallery
CVE-2008-2206 (Multiple cross-site scripting (XSS) vulnerabilities in Maian Music 1.1 ...)
	NOT-FOR-US: Maian Music
CVE-2008-2205 (SQL injection vulnerability in index.php in Maian Music 1.1 allows ...)
	NOT-FOR-US: Maian Music
CVE-2008-2204 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
	NOT-FOR-US: Maian Search
CVE-2008-2203 (SQL injection vulnerability in search.php in Maian Search 1.1 allows ...)
	NOT-FOR-US: Maian Search
CVE-2008-2202 (Multiple cross-site scripting (XSS) vulnerabilities in Maian Uploader ...)
	NOT-FOR-US: Maian Uploader
CVE-2008-2201 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
	NOT-FOR-US: Maian Recipe
CVE-2008-2200 (Multiple cross-site scripting (XSS) vulnerabilities in Maian Weblog ...)
	NOT-FOR-US: Maian Weblog
CVE-2008-2199 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: Kmita Mail
CVE-2008-2198 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: Kmita Tellfriend
CVE-2008-2197 (SQL injection vulnerability in the blogwriter module 2.0 for Miniweb ...)
	NOT-FOR-US: Miniweb
CVE-2008-2196 (Cross-site scripting (XSS) vulnerability in admin.php in LifeType ...)
	NOT-FOR-US: LifeType
CVE-2008-2195 (Static code injection vulnerability in admincp.php in DeluxeBB 1.2 and ...)
	NOT-FOR-US: DeluxeBB
CVE-2008-2194 (SQL injection vulnerability in forums.php in DeluxeBB 1.2 and earlier ...)
	NOT-FOR-US: DeluxeBB
CVE-2008-2193 (PHP remote file inclusion vulnerability in example.php in Thomas ...)
	NOT-FOR-US: ScorpNews
CVE-2008-2192 (Static code injection vulnerability in box/minichat/boxpop.php in ...)
	NOT-FOR-US: itcms
CVE-2008-2191 (SQL injection vulnerability in the pnEncyclopedia module 0.2.0 and ...)
	NOT-FOR-US: pnEncyclopedia
CVE-2008-2190 (SQL injection vulnerability in index.php in Online Rent (aka Online ...)
	NOT-FOR-US: Online Rental Property Script
CVE-2008-2189 (SQL injection vulnerability in viewfaqs.php in AnServ Auction XL ...)
	NOT-FOR-US: Online AnServ Auction XL
CVE-2008-2188 (Multiple cross-site scripting (XSS) vulnerabilities in EJ3 BlackBook ...)
	NOT-FOR-US: EJ3 BlackBook
CVE-2008-2187 (Cross-site scripting (XSS) vulnerability in mjguest.php in Mjguest 6.7 ...)
	NOT-FOR-US: Mjguest
CVE-2008-2186 (Cross-site scripting (XSS) vulnerability in index.php in Chilek ...)
	NOT-FOR-US: Chilek CMS
CVE-2008-2185 (Directory traversal vulnerability in index.php in SMartBlog (aka ...)
	NOT-FOR-US: SMartBlog (SMBlog)
CVE-2008-2184 (Multiple SQL injection vulnerabilities in SMartBlog (aka SMBlog) 1.3 ...)
	NOT-FOR-US: SMartBlog (SMBlog)
CVE-2008-2183 (SQL injection vulnerability in index.php in SMartBlog (aka SMBlog) 1.3 ...)
	NOT-FOR-US: SMartBlog (SMBlog)
CVE-2008-2182 (Cross-site scripting (XSS) vulnerability in the powermail extension ...)
	NOT-FOR-US: powermail extension for TYPO3
CVE-2008-2181 (Multiple cross-site scripting (XSS) vulnerabilities in search.php in ...)
	NOT-FOR-US: cpLinks
CVE-2008-2180 (Multiple SQL injection vulnerabilities in cpLinks 1.03, when ...)
	NOT-FOR-US: cpLinks
CVE-2008-2179 (Cross-site scripting (XSS) vulnerability in SystemList.jsp in SysAid ...)
	NOT-FOR-US: SysAid
CVE-2008-2178 (Cross-site scripting (XSS) vulnerability in admin.php in LifeType ...)
	NOT-FOR-US: LifeType
CVE-2008-2177 (Multiple SQL injection vulnerabilities in phpDirectorySource 1.1.06, ...)
	NOT-FOR-US: phpDirectorySource
CVE-2008-2176 (Cross-site scripting (XSS) vulnerability in admin/category.php in ...)
	NOT-FOR-US: Zomplog
CVE-2008-2175 (SQL injection vulnerability in comments.php in Gamma Scripts BlogMe ...)
	NOT-FOR-US: Gamma Scripts BlogMe PHP
CVE-2008-2174 (Multiple unspecified vulnerabilities in Robin Rawson-Tetley Animal ...)
	NOT-FOR-US: Animal Shelter Manager
CVE-2008-2173 (Unspecified vulnerability in Yamaha routers allows remote attackers to ...)
	NOT-FOR-US: Yamaha routers
CVE-2008-2172 (Unspecified vulnerability in Hitachi GR routers allows remote ...)
	NOT-FOR-US: Hitachi GR routers
CVE-2008-2171 (Unspecified vulnerability in AlaxalA AX routers allows remote ...)
	NOT-FOR-US: AlaxalA AX routers
CVE-2008-2170 (Unspecified vulnerability in Century routers allows remote attackers ...)
	NOT-FOR-US: Century routers
CVE-2008-2169 (Unspecified vulnerability in Avici routers allows remote attackers to ...)
	NOT-FOR-US: Avici routers
CVE-2008-2168 (Cross-site scripting (XSS) vulnerability in Apache 2.2.6 and earlier ...)
	- apache2 2.2.8-1 (low)
	[etch] - apache2 2.2.3-4+etch4 (low)
	NOTE: This is really a browser issue. Recent apache versions add a workaround.
CVE-2008-2167 (Cross-site scripting (XSS) vulnerability in ZyXEL ZyWALL 100 allows ...)
	NOT-FOR-US: ZyXEL ZyWALL
CVE-2008-2166 (Cross-site scripting (XSS) vulnerability in the search module in Sun ...)
	NOT-FOR-US: Sun Java System
CVE-2008-2165 (Cross-site scripting (XSS) vulnerability in AccessCodeStart.asp in ...)
	NOT-FOR-US: Cisco Building Broadband Service Manager (BBSM) Captive Portal
CVE-2008-2164
	RESERVED
CVE-2008-2163 (Cross-site scripting (XSS) vulnerability in IBM Lotus Quickr 8.1 ...)
	NOT-FOR-US: IBM Lotus Quickr
CVE-2008-2276 (Cross-site request forgery (CSRF) vulnerability in ...)
	- mantis 1.0.8-4.1 (bug #481504)
CVE-2008-2266 (uulib/uunconc.c in UUDeview 0.5.20, as used in nzbget before 0.3.0 and ...)
	- uudeview 0.5.20-3.1 (low; bug #480972)
	[etch] - uudeview <no-dsa> (Minor issue)
	- libconvert-uulib-perl <not-affected> (Code patched by libconver-uulib upstream to use mkstemp)
	- pan <not-affected> (Code patched to use g_mkstemp)
	NOTE: See CVE-2004-2265, where the problem occured as well
CVE-2008-2302 (Cross-site scripting (XSS) vulnerability in the login form in the ...)
	- python-django 0.96.2-1 (bug #481164; low)
	[etch] - python-django 0.95.1-1etch1
	NOTE: Minor issue fixed in 4.0r4 point release
CVE-2008-2162 (Cross-site scripting (XSS) vulnerability in SonicWall Email Security ...)
	NOT-FOR-US: SonicWall Email Security
CVE-2008-2161 (Buffer overflow in TFTP Server SP 1.4 and 1.5 on Windows, and possibly ...)
	NOT-FOR-US: TFTP Server SP 1.4 and 1.5 on Windows
CVE-2008-2160 (Multiple unspecified vulnerabilities in the JPEG (GDI+) and GIF image ...)
	NOT-FOR-US: Microsoft Windows CE 5.0
CVE-2008-2159 (Microsoft Internet Explorer 7 can save encrypted pages in the cache ...)
	NOT-FOR-US: Microsoft Internet Explorer 7
CVE-2008-2158 (Multiple stack-based buffer overflows in the Command Line Interface ...)
	NOT-FOR-US: AlphaStor
CVE-2008-2157 (robotd in the Library Manager in EMC AlphaStor 3.1 SP1 for Windows ...)
	NOT-FOR-US: AlphaStor
CVE-2008-2156
	RESERVED
CVE-2008-2155
	RESERVED
CVE-2008-2154
	RESERVED
CVE-2008-2153
	RESERVED
CVE-2008-2152 (Integer overflow in the rtl_allocateMemory function in ...)
	- openoffice.org <not-affected> (openoffice in Debian does not use the custom allocations but g/malloc)
	NOTE: see ooo-build/distro-configs/CommonLinux.conf.in, openoffice builds on Debian using
	NOTE: --with-alloc=system which causes the build scripts to use the system allocators instead of the
	NOTE: custom ones
CVE-2008-2151
	RESERVED
CVE-2008-2150
	RESERVED
CVE-2008-2149 (Stack-based buffer overflow in the searchwn function in Wordnet 2.0, ...)
	{DSA-1634-1}
	- wordnet 1:3.0-10 (bug #481186)
	NOTE: wordnet can be used as a backend to web applications
CVE-2008-2148 (The utimensat system call (sys_utimensat) in Linux kernel 2.6.22 and ...)
	- linux-2.6 2.6.25-3 (bug #481195)
	[etch] - linux-2.6 <not-affected> (vulnerable code not present)
	- linux-2.6.24 2.6.24-6~etchnhalf.3
	NOTE: utimensat() was introduced in 2.6.22 and sched_slice() in 2.6.24
CVE-2008-2145 (Stack-based buffer overflow in Novell Client 4.91 SP4 and earlier ...)
	NOT-FOR-US: Novell Client 4.91 SP4
CVE-2008-2144 (Multiple unspecified vulnerabilities in Solaris print service for Sun ...)
	NOT-FOR-US: Solaris print service
CVE-2008-2143 (Unspecified versions of Microsoft Outlook Web Access (OWA) use the ...)
	NOT-FOR-US: Microsoft Outlook Web Access (OWA)
CVE-2008-2141
	RESERVED
CVE-2008-2140 (Cross-site request forgery (CSRF) vulnerability in the rootpw plugin ...)
	NOT-FOR-US: rpath Appliance Platform Agent
CVE-2008-2139 (The rootpw plugin in rPath Appliance Platform Agent 2 and 3 does not ...)
	NOT-FOR-US: rpath Appliance Platform Agent
CVE-2008-2138 (Oracle Application Server (OracleAS) Portal 10g allows remote ...)
	NOT-FOR-US: Oracle Application Server (OracleAS) Portal 10g
CVE-2008-2137 (The (1) sparc_mmap_check function in arch/sparc/kernel/sys_sparc.c and ...)
	{DSA-1588-1}
	- linux-2.6 2.6.25-3
	- linux-2.6.24 2.6.24-6~etchnhalf.3
	NOTE: Upstream commit: 5816339310b2d9623cf413d33e538b45e815da5d, part of 2.6.25.3
CVE-2008-2136 (Memory leak in the ipip6_rcv function in net/ipv6/sit.c in the Linux ...)
	{DSA-1588-1}
	- linux-2.6 2.6.25-3
	- linux-2.6.24 2.6.24-6~etchnhalf.3
	NOTE: Upstream commit: 36ca34cc3b8335eb1fe8bd9a1d0a2592980c3f02, part of 2.6.25.3
CVE-2008-2135 (Multiple SQL injection vulnerabilities in VisualShapers ezContents ...)
	NOT-FOR-US: VisualShapers ezContents
CVE-2008-2134 (The Journal module in Tru-Zone Nuke ET 3.x allows remote attackers to ...)
	NOT-FOR-US: Tru-Zone Nuke ET
CVE-2008-2133 (Cross-site scripting (XSS) vulnerability in the Journal module in ...)
	NOT-FOR-US: Tru-Zone Nuke ET
CVE-2008-2132 (SQL injection vulnerability in step1.asp in Systementor PostcardMentor ...)
	NOT-FOR-US: Systementor PostcardMentor
CVE-2008-2131 (Cross-site scripting (XSS) vulnerability in mvnForum 1.1 GA allows ...)
	NOT-FOR-US: mvnForum
CVE-2008-2130 (SQL injection vulnerability in poll_vote.php in iGaming CMS 1.5 allows ...)
	NOT-FOR-US: iGaming
CVE-2008-2129 (SQL injection vulnerability in index.php in Galleristic 1.0, when ...)
	NOT-FOR-US: Galleristic
CVE-2008-2128 (PHP remote file inclusion vulnerability in templates/header.php in CMS ...)
	NOT-FOR-US: Faethon
CVE-2008-2127 (Cross-site scripting (XSS) vulnerability in search.php in CMS Faethon ...)
	NOT-FOR-US: Faethon
CVE-2008-2126 (Multiple cross-site scripting (XSS) vulnerabilities in Tux CMS 0.1 ...)
	NOT-FOR-US: Tux CMS
CVE-2008-2125 (SQL injection vulnerability in viewalbums.php in Musicbox 2.3.6 and ...)
	NOT-FOR-US: Musicbox
CVE-2008-2124 (SQL injection vulnerability in modules/print.asp in fipsASP fipsCMS ...)
	NOT-FOR-US: fipsASP
CVE-2008-2123 (Cross-site scripting (XSS) vulnerability in WGate in SAP Internet ...)
	NOT-FOR-US: WGate
CVE-2008-2122 (IBM Rational Build Forge 7.0.2 allows remote attackers to cause a ...)
	NOT-FOR-US: IBM Rational Build Forge
CVE-2008-2121 (The TCP implementation in Sun Solaris 8, 9, and 10 allows remote ...)
	NOT-FOR-US: Sun Solaris
CVE-2008-2120 (Unspecified vulnerability in Sun Java System Application Server 7 ...)
	NOT-FOR-US: Sun Java System Application Server
CVE-2008-2119 (Asterisk Open Source 1.0.x and 1.2.x before 1.2.29 and Business ...)
	- asterisk 1.4
	NOTE: http://downloads.digium.com/pub/security/AST-2008-008.html
CVE-2008-2118 (SQL injection vulnerability in info.php in Project Alumni 1.0.9 allows ...)
	NOT-FOR-US: Project Alumni
CVE-2008-2117 (Cross-site scripting (XSS) vulnerability in pages/news.page.inc in ...)
	NOT-FOR-US: Project Alumni
CVE-2008-2116 (Multiple directory traversal vulnerabilities in editor.php in ...)
	NOT-FOR-US: ScriptsEZ.net Power Editor
CVE-2008-2115 (Multiple cross-site scripting (XSS) vulnerabilities in editor.php in ...)
	NOT-FOR-US: ScriptsEZ.net Power Editor
CVE-2008-2114 (SQL injection vulnerability in emall/search.php in Pre Shopping Mall ...)
	NOT-FOR-US:  Pre Shopping Mall
CVE-2008-2113 (SQL injection vulnerability in annuaire.php in PHPEasyData 1.5.4 ...)
	NOT-FOR-US: PHPEasyData
CVE-2003-1558 (Buffer overflow in httpd.c of fnord 1.6 allows remote attackers to ...)
	- fnord 1.7-1 (low)
CVE-2008-2142 (Emacs 21 and XEmacs automatically load and execute .flc (fast lock) ...)
	- emacs22 22.2+2-3 (low; bug #480885)
	- xemacs21 <unfixed> (low; bug #480886)
	[etch] - xemacs21 <no-dsa> (Minor issue)
	- emacs21 21.4a+1-5.5 (low; bug #480877)
	[etch] - emacs21 <no-dsa> (Minor issue)
CVE-2008-2147 (Untrusted search path vulnerability in VideoLAN VLC before 0.9.0 ...)
	{DTSA-132-1}
	- vlc 0.8.6.e-2.2 (low; bug #480724)
	NOTE: https://trac.videolan.org/vlc/ticket/1578
	NOTE: http://git.videolan.org/?p=vlc.git;a=commit;h=c7cef4fdd8dd72ce0a45be3cda8ba98df5e83181
CVE-2008-6339
	REJECTED
CVE-2008-2112 (Unspecified vulnerability in Sun Ray Kiosk Mode 4.0 allows local and ...)
	NOT-FOR-US: Sun Ray Kiosk Mode
CVE-2008-2111 (The ActiveX Control (yNotifier.dll) in Yahoo! Assistant 3.6 and ...)
	NOT-FOR-US: Yahoo Assistant
CVE-2008-2110 (Unrestricted file upload vulnerability in qtofm.php in QTOFileManager ...)
	NOT-FOR-US: QTOFileManager
CVE-2008-2109 (field.c in the libid3tag 0.15.0b library allows context-dependent ...)
	- libid3tag 0.15.1b-8 (low; bug #480187)
	[etch] - libid3tag <no-dsa> (Minor issue)
	NOTE: totally different approach to fix the bug, see Kurts comments in the bug report
CVE-2008-2108 (The GENERATE_SEED macro in PHP 4.x before 4.4.8 and 5.x before 5.2.5, ...)
	- php5 5.2.2-1 (low)
	NOTE: http://www.sektioneins.de/advisories/SE-2008-02.txt
CVE-2008-2107 (The GENERATE_SEED macro in PHP 4.x before 4.4.8 and 5.x before 5.2.5, ...)
	- php5 5.2.2-1 (low)
	NOTE: closely related to CVE-2008-2108
CVE-2008-2106 (Call of Duty 4 (CoD4) 1.5 and earlier allows remote authenticated ...)
	NOT-FOR-US: Call of Duty
CVE-2008-2105 (email_in.pl in Bugzilla 2.23.4, 3.0.x before 3.0.3, and 3.1.x before ...)
	- bugzilla 3.0.4-1 (low)
	[etch] - bugzilla <not-affected> (vulnerable code introduced in 2.23.4)
CVE-2008-2104 (The WebService in Bugzilla 3.1.3 allows remote authenticated users ...)
	- bugzilla <not-affected> (regression introduced in 3.1.3 referring to upstream)
CVE-2008-2103 (Cross-site scripting (XSS) vulnerability in Bugzilla 2.17.2 and later ...)
	- bugzilla 3.0.4-1 (low; bug #480190)
	[etch] - bugzilla <no-dsa> (Minor issue)
CVE-2008-2102
	RESERVED
CVE-2008-2101 (The VMware Consolidated Backup (VCB) command-line utilities in VMware ...)
	NOT-FOR-US: VMware ESX
CVE-2008-2100 (Multiple buffer overflows in VIX API 1.1.x before 1.1.4 build 93057 on ...)
	- vmware-package <unfixed> (low; bug #485919)
	[etch] - vmware-package <no-dsa> (Contrib not supported)
	NOTE: vmware-package just builds vmware from downloaded tarballs, the package itself
	NOTE: does not download them, however it needs to update its hashes for upstream tarballs
CVE-2008-2099 (Unspecified vulnerability in VMCI in VMware Workstation 6 before 6.0.4 ...)
	- vmware-package <not-affected> (Windows issue according to CVE)
	[etch] - vmware-package <no-dsa> (Contrib not supported)
CVE-2008-2098 (Heap-based buffer overflow in the VMware Host Guest File System (HGFS) ...)
	- vmware-package <unfixed> (low; bug #484491)
	[etch] - vmware-package <no-dsa> (Contrib not supported)
	NOTE: vmware-package just builds vmware from downloaded tarballs, the package itself
	NOTE: does not download them, however it needs to update its hashes for upstream tarballs
CVE-2008-2097 (Buffer overflow in the openwsman management service in VMware ESXi 3.5 ...)
	NOT-FOR-US: Vmware ESX/i
CVE-2008-2096 (SQL injection vulnerability in BackLinkSpider allows remote attackers ...)
	NOT-FOR-US: BackLinkSpider
CVE-2008-2095 (SQL injection vulnerability in index.php in the FlippingBook ...)
	NOT-FOR-US: FlippingBook
CVE-2008-2094 (SQL injection vulnerability in article.php in the Article module for ...)
	NOT-FOR-US: XOOPS
CVE-2008-2093 (SQL injection vulnerability in the Profiler (com_comprofiler) ...)
	NOT-FOR-US: JOOMLA extra component
CVE-2008-2092 (Linksys SPA-2102 Phone Adapter 3.3.6 allows remote attackers to cause ...)
	NOT-FOR-US: Linksys SPA-2102 Phone Adapter
CVE-2008-2091 (Directory traversal vulnerability in ipn.php in KubeLabs Kubelance ...)
	NOT-FOR-US: Kubelance
CVE-2008-2090 (Unspecified vulnerability in the SCTP protocol implementation in Sun ...)
	NOT-FOR-US: Sun Solaris
CVE-2008-2089 (Unspecified vulnerability in the SCTP protocol implementation in Sun ...)
	NOT-FOR-US: Sun Solaris
CVE-2008-2088 (SQL injection vulnerability in admin/news.php in PHP Forge 3.0 beta 2 ...)
	NOT-FOR-US: PHP Forge
CVE-2008-2087 (SQL injection vulnerability in search_result.php in Softbiz Web Host ...)
	NOT-FOR-US: Softbiz Web Host Directory Script
CVE-2008-2086 (Sun Java Web Start and Java Plug-in for JDK and JRE 6 Update 10 and ...)
	TODO: check
CVE-2008-2084 (SQL injection vulnerability in topics.php in the MyArticles 0.6 beta-1 ...)
	NOT-FOR-US: MyArticles
CVE-2008-2083 (SQL injection vulnerability in directory.php in Prozilla Hosting ...)
	NOT-FOR-US: Prozilla Hosting
CVE-2008-2082 (Cross-site scripting (XSS) vulnerability in index.php in Siteman ...)
	NOT-FOR-US: Siteman
CVE-2008-2081 (Directory traversal vulnerability in index.php in Siteman 2.0.x2 ...)
	NOT-FOR-US: Siteman
CVE-2008-2080 (Stack-based buffer overflow in the Read32s_64 function in ...)
	NOT-FOR-US: NASA Goddard Space Flight Center Common Data Format (CDF) library
CVE-2008-2079 (MySQL 4.1.x before 4.1.24, 5.0.x before 5.0.60, 5.1.x before 5.1.24, ...)
	{DSA-1608-1 DTSA-150-1}
	- mysql-dfsg-5.0 5.0.51a-10 (low; bug #480292)
CVE-2008-2078 (Robocode before 1.6.0 allows user-assisted remote attackers to &quot;access ...)
	- robocode 1.6.0~beta2-1 (low)
CVE-2008-2077 (Unspecified vulnerability in Plain Black WebGUI 7.4.34 has unknown ...)
	NOT-FOR-US: Plain Black WebGUI
CVE-2008-2076 (Directory traversal vulnerability in admin.php in ActualScripts ...)
	NOT-FOR-US: ActualScripts
CVE-2008-2075 (Cross-site scripting (XSS) vulnerability in pic.php in AstroCam 2.5.0 ...)
	NOT-FOR-US: AstroCam
CVE-2008-2074 (Multiple PHP remote file inclusion vulnerabilities Harris Yusuf Arifin ...)
	NOT-FOR-US: Harris Yusuf Arifin Harris Wap Chat 1.0
CVE-2008-2073 (Directory traversal vulnerability in include/global.inc.php in Virtual ...)
	NOT-FOR-US: vlbook
CVE-2008-2072 (Cross-site scripting (XSS) vulnerability in index.php in Virtual ...)
	NOT-FOR-US: vlbook
CVE-2008-2071 (Multiple cross-site request forgery (CSRF) vulnerabilities in the WHM ...)
	NOT-FOR-US: cPanel
CVE-2008-2070 (The WHM interface 11.15.0 for cPanel 11.18 before 11.18.4 and 11.22 ...)
	NOT-FOR-US: cPanel
CVE-2008-2069 (Buffer overflow in Novell GroupWise 7 allows remote attackers to cause ...)
	NOT-FOR-US: Novell GroupWise
CVE-2008-2068 (Cross-site scripting (XSS) vulnerability in WordPress 2.5 allows ...)
	- wordpress 2.5.1-1
CVE-2008-2067 (SQL injection vulnerability in bb_admin.php in miniBB 2.2a allows ...)
	NOT-FOR-US: miniBB
CVE-2008-2066 (Cross-site scripting (XSS) vulnerability in bb_admin.php in miniBB ...)
	NOT-FOR-US: miniBB
CVE-2008-2065 (SQL injection vulnerability in jokes.php in YourFreeWorld Jokes Site ...)
	NOT-FOR-US: YourFreeWorld
CVE-2008-2064 (Multiple unspecified vulnerabilities in PhpGedView before 4.1.5 have ...)
	{DSA-1580-1}
	- phpgedview 4.1.e+4.1.5-1
CVE-2008-2063 (SQL injection vulnerability in browse.videos.php in Joovili 3.1 allows ...)
	NOT-FOR-US: Joovili
CVE-2008-2062 (The Real-Time Information Server (RIS) Data Collector service in Cisco ...)
	NOT-FOR-US: Cisco Real-Time Information Server (RIS) Data Collector service
CVE-2008-2061 (The Computer Telephony Integration (CTI) Manager service in Cisco ...)
	NOT-FOR-US: Cisco Computer Telephony Integration (CTI) Manager service
CVE-2008-2060 (Unspecified vulnerability in Cisco Intrusion Prevention System (IPS) ...)
	NOT-FOR-US: Cisco
CVE-2008-2059 (Cisco Adaptive Security Appliance (ASA) and Cisco PIX security ...)
	NOT-FOR-US: Cisco
CVE-2008-2058 (Cisco Adaptive Security Appliance (ASA) and Cisco PIX security ...)
	NOT-FOR-US: Cisco
CVE-2008-2057 (The Instant Messenger (IM) inspection engine in Cisco Adaptive ...)
	NOT-FOR-US: Cisco
CVE-2008-2056 (Cisco Adaptive Security Appliance (ASA) and Cisco PIX security ...)
	NOT-FOR-US: Cisco
CVE-2008-2055 (Cisco Adaptive Security Appliance (ASA) and Cisco PIX security ...)
	NOT-FOR-US: Cisco
CVE-2008-2054 (Unspecified vulnerability in Cisco CiscoWorks Common Services 3.0.3 ...)
	NOT-FOR-US: Cisco CiscoWorks Common Services
CVE-2008-2053 (Unspecified vulnerability in Cisco Unified Customer Voice Portal (CVP) ...)
	NOT-FOR-US: Cisco Unified Customer Voice Portal
CVE-2008-2052 (Open redirect vulnerability in redirect.php in Bitrix Site Manager 6.5 ...)
	NOT-FOR-US: Bitrix Site Manager
CVE-2008-2049 (The POP3 server (EPSTPOP3S.EXE) 4.22 in E-Post Mail Server 4.10 allows ...)
	NOT-FOR-US: E-Post Mail Server
CVE-2008-2048 (Cross-site scripting (XSS) vulnerability in hpz/admin/Default.asp in ...)
	NOT-FOR-US: Angelo-Emlak
CVE-2008-2047 (Multiple SQL injection vulnerabilities in Angelo-Emlak 1.0 allow ...)
	NOT-FOR-US: Angelo-Emlak
CVE-2008-2046 (Cross-site scripting (XSS) vulnerability in index.php in Softpedia ...)
	NOT-FOR-US: Softpedia
CVE-2008-2045 (Absolute path traversal vulnerability in SugarCRM Sugar Community ...)
	NOT-FOR-US: SugarCRM
CVE-2008-2044 (includes/library.php in netOffice Dwins 1.3 p2 compares the ...)
	NOT-FOR-US: netOffice Dwins
CVE-2008-2043 (Multiple cross-site request forgery (CSRF) vulnerabilities in cPanel, ...)
	NOT-FOR-US: cPanel
CVE-2008-2085 (Multiple stack-based buffer overflows in the (1) get_remote_ip_media ...)
	- sip-tester 2.0.1-1.2 (low; bug #479039)
	[etch] - sip-tester <no-dsa> (Minor issue)
CVE-2008-2051 (The escapeshellcmd API function in PHP before 5.2.6 has unknown impact ...)
	{DSA-1578-1 DSA-1572-1 DTSA-135-1}
	- php5 5.2.6-1
	NOTE: http://www.php.net/ChangeLog-5.php
	NOTE: http://www.sektioneins.de/advisories/SE-2008-03.txt
CVE-2008-2050 (Stack-based buffer overflow in the FastCGI SAPI (fastcgi.c) in PHP ...)
	{DSA-1572-1 DTSA-135-1}
	- php5 5.2.6-1
	NOTE: php4 not affected, the vulnerable code isn't present
	NOTE: http://www.php.net/ChangeLog-5.php
CVE-2008-2042 (The Javascript API in Adobe Acrobat Professional 7.0.9 and possibly ...)
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2008-2039
	RESERVED
CVE-2008-2038 (Multiple SQL injection vulnerabilities in admin/adminindex.php in ...)
	NOT-FOR-US: Tunkey WebTools
CVE-2008-2037 (Multiple cross-site scripting (XSS) vulnerabilities in EditeurScripts ...)
	NOT-FOR-US: EidteurScripts
CVE-2008-2036 (SQL injection vulnerability in index.php in dream4 Koobi Pro 6.25 ...)
	NOT-FOR-US: Koobi Pro
CVE-2008-2035 (Cross-site scripting (XSS) vulnerability in the Bluemoon, Inc. (1) ...)
	NOT-FOR-US: Bluemoon
CVE-2008-2034 (SQL injection vulnerability in wp-download_monitor/download.php in the ...)
	NOT-FOR-US: wordpress Download Monitor 2.0.6 plugin
CVE-2008-2033
	REJECTED
CVE-2008-2032 (The FTP service in Acritum Femitter Server 1.03 allows remote ...)
	NOT-FOR-US: Acritum Femitter Server
CVE-2008-2031 (VicFTPS 5.0 allows remote attackers to cause a denial of service ...)
	NOT-FOR-US: VicFTPS
CVE-2008-2030 (Cross-site scripting (XSS) vulnerability in installControl.php3 in F5 ...)
	NOT-FOR-US: FirePass
CVE-2008-2029 (Multiple SQL injection vulnerabilities in (1) setup_mysql.php and (2) ...)
	NOT-FOR-US: miniBB
CVE-2008-2028 (miniBB 2.2, and possibly earlier, when register_globals is enabled, ...)
	NOT-FOR-US: miniBB
CVE-2008-2027 (Open redirect vulnerability in WebID/IISWebAgentIF.dll in RSA ...)
	NOT-FOR-US:  RSA Authentication Agent
CVE-2008-2026 (Cross-site scripting (XSS) vulnerability in WebID/IISWebAgentIF.dll in ...)
	NOT-FOR-US:  RSA Authentication Agent
CVE-2008-2025
	RESERVED
CVE-2008-2024 (Cross-site scripting (XSS) vulnerability in index.php in miniBB 2.2, ...)
	NOT-FOR-US: miniBB
CVE-2008-2023 (Multiple SQL injection vulnerabilities in PD9 Software MegaBBS 2.2 ...)
	NOT-FOR-US: MegaBBS
CVE-2008-2022 (Mulatiple cross-site scripting (XSS) vulnerabilities in PD9 Software ...)
	NOT-FOR-US: MegaBBS
CVE-2008-2021 (Heap-based buffer overflow in Lhaplus before 1.57 allows remote ...)
	NOT-FOR-US: Lhaplus
CVE-2008-2020 (The CAPTCHA implementation as used in (1) Francisco Burzi PHP-Nuke 7.0 ...)
	NOT-FOR-US: PHP-Nuke
CVE-2008-2019 (Simple Machines Forum (SMF), probably 1.1.4, relies on &quot;randomly ...)
	NOT-FOR-US: Simple Machines Forum
CVE-2008-2018 (The AssignUser function in template.class.php in PHPizabi 0.848b C1 ...)
	NOT-FOR-US: PHPizabi
CVE-2008-2017 (Directory traversal vulnerability in Chilek Content Management System ...)
	NOT-FOR-US: Chilek Content Management System
CVE-2008-2016 (PHP remote file inclusion vulnerability in Chilek Content Management ...)
	NOT-FOR-US: Chilek Content Management System
CVE-2008-2015 (Multiple absolute path traversal vulnerabilities in certain ActiveX ...)
	NOT-FOR-US: WatchFire
CVE-2008-2014 (Mozilla Firefox 3.0 beta 5 allows remote attackers to cause a denial ...)
	- iceweasel <unfixed> (unimportant)
	NOTE: Browser crashes / hangs not treated as security issues
CVE-2008-2013 (SQL injection vulnerability in index.php in the pnFlashGames 1.5 ...)
	NOT-FOR-US: pnFlashGames
CVE-2008-2012 (SQL injection vulnerability in index.php in the PostSchedule 1.0 ...)
	NOT-FOR-US: PostSchedule
CVE-2008-2011 (Cross-site scripting (XSS) vulnerability in the National Rail ...)
	NOT-FOR-US: National Rail Enquiries Live Departure Boards gadget
CVE-2008-2010 (Unspecified vulnerability in Apple QuickTime Player on Windows XP SP2 ...)
	NOT-FOR-US: Windows
CVE-2008-2009 (Xiph.org libvorbis before 1.0 does not properly check for ...)
	NOTE: #482039 has information to inform maintainer about new upstream code and problem
	NOTE: however, it is not clear that the version is vulnerable
	TODO: check vulnerability of debian packages and value of upstream patch
CVE-2008-2008 (Buffer overflow in the Display Names message feature in Cerulean ...)
	NOT-FOR-US: Cerulean Studios Trillian Basic
CVE-2008-2007
	REJECTED
CVE-2008-2006 (Apple iCal 3.0.1 on Mac OS X allows remote CalDAV servers, and ...)
	NOT-FOR-US: Apple iCal
CVE-2008-2005 (The SuiteLink Service (aka slssvc.exe) in WonderWare SuiteLink before ...)
	NOT-FOR-US: SuiteLink
CVE-2008-2004 (The drive_init function in QEMU 0.9.1 determines the format of a raw ...)
	{DTSA-133-1}
	- qemu 0.9.1-5
	- kvm 66+dfsg-1.1 (bug #481204)
	- xen-3 <unfixed> (bug #490409)
	- xen-unstable <unfixed> (bug #490411)
	- xen-3.0 <removed>
CVE-2008-2003 (BadBlue 2.72 Personal Edition stores multiple programs in the web ...)
	NOT-FOR-US: BadBlue
CVE-2008-2002 (Multiple cross-site request forgery (CSRF) vulnerabilities on Motorola ...)
	NOT-FOR-US: Motorola software
CVE-2008-2001 (Apple Safari 3.1.1 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Apple Safari
CVE-2008-2000 (Unspecified vulnerability in Apple Safari 3.1.1 allows remote ...)
	NOT-FOR-US: Apple Safari
CVE-2008-1999 (Apple Safari 3.1.1 allows remote attackers to spoof the address bar by ...)
	NOT-FOR-US: Apple Safari
CVE-2008-1998 (The NNSTAT (aka SYSPROC.NNSTAT) procedure in IBM DB2 8 before FP16, ...)
	NOT-FOR-US: Windows specific
CVE-2008-1997 (Unspecified vulnerability in the ADMIN_SP_C2 procedure in IBM DB2 8 ...)
	NOT-FOR-US: IBM DB2
CVE-2008-1996 (licq before 1.3.6 allows remote attackers to cause a denial of service ...)
	- licq 1.3.5-6 (low; bug #479036)
	[etch] - licq <no-dsa> (Minor issue)
CVE-2008-1995 (Sun Java System Directory Proxy Server 6.0, 6.1, and 6.2 classifies a ...)
	NOT-FOR-US: Sun Java System Directory Proxy Server
CVE-2008-1994 (Multiple stack-based buffer overflows in (a) acon.c, (b) menu.c, and ...)
	- acon 1.0.5-6.1 (low; bug #475733)
CVE-2008-1993 (Acidcat CMS 3.4.1 does not restrict access to the FCKEditor component, ...)
	NOT-FOR-US: Acidcat
CVE-2008-1992 (Acidcat CMS 3.4.1 does not properly restrict access to (1) ...)
	NOT-FOR-US: Acidcat
CVE-2008-1991 (Cross-site scripting (XSS) vulnerability in admin_colors_swatch.asp in ...)
	NOT-FOR-US: Acidcat
CVE-2008-1990 (Multiple SQL injection vulnerabilities in Acidcat CMS 3.4.1 allow ...)
	NOT-FOR-US: Acidcat
CVE-2008-1989 (PHP remote file inclusion vulnerability in 123flashchat.php in the 123 ...)
	NOT-FOR-US: Flash Chat
CVE-2008-1988 (Unrestricted file upload vulnerability in the file_upload function in ...)
	NOT-FOR-US: EncapsGallery
CVE-2008-1987 (Cross-site scripting (XSS) vulnerability in search.php in ...)
	NOT-FOR-US: EncapsGallery
CVE-2008-1986 (Cross-site scripting (XSS) vulnerability in liste_article.php in Blog ...)
	NOT-FOR-US: PixelMotion
CVE-2008-1985 (Cross-site scripting (XSS) vulnerability in base.php in DigitalHive ...)
	NOT-FOR-US: DigitalHive
CVE-2008-1984 (The eTrust Common Services (Transport) Daemon (eCSqdmn) in CA Secure ...)
	NOT-FOR-US: eTrust
CVE-2008-1983 (Cross-site scripting (XSS) vulnerability in Advanced Electron Forum ...)
	NOT-FOR-US: Advanced Electron Forum (AEF)
CVE-2008-1982 (SQL injection vulnerability in ss_load.php in the Spreadsheet (wpSS) ...)
	NOT-FOR-US: Spreadsheet plugin
CVE-2008-1981 (Cross-site request forgery (CSRF) vulnerability in E-Publish 5.x ...)
	NOT-FOR-US: e-publish
CVE-2008-1980 (Cross-site scripting (XSS) vulnerability in E-Publish 5.x before ...)
	NOT-FOR-US: e-publish
CVE-2008-1979 (The Discovery Service (casdscvc) in CA ARCserve Backup 12.0.5454.0 and ...)
	NOT-FOR-US: CA ARCserve Backup
CVE-2008-1978 (Cross-site scripting (XSS) vulnerability in the Ubercart 5.x before ...)
	NOT-FOR-US: Ubercart
CVE-2008-1977 (Cross-site request forgery (CSRF) vulnerability in the ...)
	NOT-FOR-US: Drupal internationalization and localizer module
CVE-2008-1976 (Multiple cross-site scripting (XSS) vulnerabilities in the Drupal ...)
	NOT-FOR-US: Drupal internationalization and localizer module
CVE-2008-1975 (SQL injection vulnerability in index.php in E-RESERV 2.1 allows remote ...)
	NOT-FOR-US: E-RESERV
CVE-2008-1973 (Heap-based buffer overflow in SubEdit Player build 4056 and 4066 ...)
	NOT-FOR-US: SubEdit Player
CVE-2008-1972 (Multiple cross-site scripting (XSS) vulnerabilities in the user ...)
	NOT-FOR-US: Exponent CMS
CVE-2008-1971 (phShoutBox Final 1.5 and earlier only checks passwords when specified ...)
	NOT-FOR-US: phShoutBox
CVE-2008-1970 (muCommander before 0.8.2 stores credentials.xml with insecure ...)
	NOT-FOR-US: muCommander
CVE-2008-1969 (Multiple cross-site scripting (XSS) vulnerabilities in Cezanne 6.5.1 ...)
	NOT-FOR-US: Cezanne
CVE-2008-1968 (Multiple SQL injection vulnerabilities in Cezanne 7 allow remote ...)
	NOT-FOR-US: Cezanne
CVE-2008-1967 (Cross-site scripting (XSS) vulnerability in CFLogon/CFLogon.asp in ...)
	NOT-FOR-US: Cezanne
CVE-2008-1966 (Multiple buffer overflows in the JAR file administration routines in ...)
	NOT-FOR-US: Windows specific
CVE-2008-1965 (Argument injection vulnerability in the cai: URI handler in ...)
	NOT-FOR-US: Lotus Expeditor
CVE-2008-1964 (** DISPUTED ** ...)
	- xine-lib <not-affected> (nsf support disabled by maintainer)
	NOTE: xine-lib (1.1.12) uses strndup to allocate the needed memory and limits it to 32 bytes
	NOTE: while copyright is 100 bytes long (+ padding for chunks)
CVE-2008-1963 (PHP remote file inclusion vulnerability in includes/functions.php in ...)
	NOT-FOR-US: Quate Grape Web Statistics
CVE-2008-1962 (Multiple directory traversal vulnerabilities in Aterr 0.9.1 allow ...)
	NOT-FOR-US: Aterr
CVE-2008-1961 (SQL injection vulnerability in index.php in Voice Of Web AllMyGuests ...)
	NOT-FOR-US: Voice Of Web AllMyGuests
CVE-2008-1960 (Cross-site scripting (XSS) vulnerability in cgi-bin/contray/search.cgi ...)
	NOT-FOR-US: ContRay
CVE-2008-1959 (Stack-based buffer overflow in the get_remote_video_port_media ...)
	- sip-tester 2.0.1-1.2 (low; bug #479039)
	[etch] - sip-tester <no-dsa> (Minor issue)
CVE-2008-1958 (Unrestricted file upload vulnerability in the ajout_cat mode in ...)
	NOT-FOR-US: Tr Script News
CVE-2008-1957 (SQL injection vulnerability in news.php in Tr Script News 2.1 allows ...)
	NOT-FOR-US: Tr Script News
CVE-2008-2146 (wp-includes/vars.php in Wordpress before 2.2.3 does not properly ...)
	{DSA-1564-1}
	- wordpress 2.2.3-1
	NOTE: http://trac.wordpress.org/ticket/4748
	NOTE: fixed in DSA-1564-1
CVE-2008-2040 (Stack-based buffer overflow in the HTTP::getAuthUserPass function ...)
	{DSA-1583-1 DSA-1582-1}
	- peercast 0.1218+svn20080104-1.1 (medium; bug #478573)
	- gnome-peercast <removed>
	NOTE: etch version tested with PoC, affected
CVE-2008-1974 (Cross-site scripting (XSS) vulnerability in addevent.php in Horde ...)
	{DSA-1560-1}
	- kronolith2 2.1.8-1
CVE-2008-1956 (Cross-site scripting (XSS) vulnerability in index.php in Wikepage Opus ...)
	NOT-FOR-US: Wikepage Opus
CVE-2008-1955 (Cross-site scripting (XSS) vulnerability in rep.php in Martin BOUCHER ...)
	NOT-FOR-US: Martin BOUCHER MyBoard
CVE-2008-1954 (SQL injection vulnerability in one_day.php in Web Calendar Pro 4.1 and ...)
	NOT-FOR-US: Web Calendar Pro
CVE-2008-1953 (Cross-site scripting (XSS) vulnerability in the Sitedesigner before ...)
	NOT-FOR-US: Sitedesigner
CVE-2008-1952 (The backend for XenSource Xen Para Virtualized Frame Buffer (PVFB) in ...)
	- xen-3 3.2.1-2 (medium; bug #487095)
	- xen-unstable <not-affected> (Vulnerable code not present, introduced in changeset 17630)
	TODO: check that next upload includes changes until changeset 17643 or higher
CVE-2008-1951 (Untrusted search path vulnerability in a certain Red Hat build script ...)
	NOT-FOR-US: Red Hat issue
CVE-2008-1950 (Integer signedness error in the _gnutls_ciphertext2compressed function ...)
	{DSA-1581-1}
	- gnutls13 2.0.4-4 (low)
	- gnutls26 2.2.5-1 (low)
CVE-2008-1949 (The _gnutls_recv_client_kx_message function in lib/gnutls_kx.c in ...)
	{DSA-1581-1}
	- gnutls13 2.0.4-4 (low)
	- gnutls26 2.2.5-1 (low)
CVE-2008-1948 (The _gnutls_server_name_recv_params function in lib/ext_server_name.c ...)
	{DSA-1581-1}
	- gnutls13 2.0.4-4 (medium)
	- gnutls26 2.2.5-1 (medium)
CVE-2008-1947 (Cross-site scripting (XSS) vulnerability in Apache Tomcat 5.5.9 ...)
	{DSA-1593-1}
	- tomcat5.5 5.5.26-3 (low; bug #484643)
	- tomcat5 <removed>
CVE-2008-1946 (The default configuration of su in /etc/pam.d/su in GNU coreutils ...)
	- coreutils 5.93-1
CVE-2008-1945 (QEMU 0.9.0 does not properly handle changes to removable media, which ...)
	- qemu 0.9.1-5
CVE-2008-1944 (Buffer overflow in the backend framebuffer of XenSource Xen ...)
	- xen-3 3.2.1-2 (medium; bug #487095)
	- xen-unstable 3.3-unstable+hg17602-1 (medium; bug #487097)
CVE-2008-1943 (Buffer overflow in the backend of XenSource Xen Para Virtualized Frame ...)
	- xen-3 3.2.1-2 (medium; bug #487095)
	- xen-unstable 3.3-unstable+hg17602-1 (medium; bug #487097)
CVE-2008-1942 (Foxit Reader 2.2 allows remote attackers to cause a denial of service ...)
	NOT-FOR-US: Foxit Reader
CVE-2008-1941 (Cross-site scripting (XSS) vulnerability in the profile update feature ...)
	NOT-FOR-US: Akiva WebBoard
CVE-2008-1940 (The RBAC functionality in grsecurity before 2.1.11-2.6.24.5 and ...)
	- linux-patch-grsecurity2 2.1.11+2.6.24.5+200804211829-1 (bug #478133)
CVE-2008-1939 (Multiple SQL injection vulnerabilities in W1L3D4 Philboard 1.0 allow ...)
	NOT-FOR-US: W1L3D4 Philboard
CVE-2008-1938 (Sony Mylo COM-2 Japanese model firmware before 1.002 does not properly ...)
	NOT-FOR-US: Sony firmware
CVE-2008-1937 (The user form processing (userform.py) in MoinMoin before 1.6.3, when ...)
	- moin 1.6.3-1
	[etch] - moin <not-affected> (1.5.x is not affected)
	NOTE: acl_hierarchic was introduced in 1.6.0
	NOTE: userform processing issue was introduced in 1.6.1
CVE-2008-1936 (SQL injection vulnerability in index.php in Classifieds Caffe allows ...)
	NOT-FOR-US: Classifieds Caffe
CVE-2008-1935 (SQL injection vulnerability in the Filiale 1.0.4 component for Joomla! ...)
	NOT-FOR-US: Filiale
CVE-2008-1934 (SQL injection vulnerability in commentaires.php in Crazy Goomba 1.2.1 ...)
	NOT-FOR-US: Crazy Goomba
CVE-2008-1933 (Absolute path traversal vulnerability in a certain ActiveX control in ...)
	NOT-FOR-US: Zune
CVE-2008-1932 (Integer overflow in Realtek HD Audio Codec Drivers RTKVHDA.sys and ...)
	NOT-FOR-US: Realtek HD Audio Codec
CVE-2008-1931 (Realtek HD Audio Codec Drivers RTKVHDA.sys and RTKVHDA64.sys before ...)
	NOT-FOR-US: Realtek HD Audio Codec
CVE-2008-1929
	RESERVED
CVE-2008-1928 (Buffer overflow in Imager 0.42 through 0.63 allows attackers to cause ...)
	- libimager-perl 0.64-1
CVE-2008-1926 (Argument injection vulnerability in login (login-utils/login.c) in ...)
	{DTSA-126-1}
	- util-linux 2.13.1.1-1 (low; bug #478135)
	[etch] - util-linux <not-affected> (Audit support not available in Etch's version)
CVE-2008-1923 (The IAX2 channel driver (chan_iax2) in Asterisk 1.2 before revision ...)
	- asterisk 1:1.4.19.1~dfsg-1 (medium)
CVE-2008-1922 (Multiple stack-based buffer overflows in Sarg might allow attackers to ...)
	- sarg 2.2.4-1
CVE-2008-1921 (SQL injection vulnerability in store_pages/category_list.php in 5th ...)
	NOT-FOR-US: 5th Avenue Shopping Cart
CVE-2008-1920 (Heap-based buffer overflow in the boxelyRenderer module in the ...)
	NOT-FOR-US: ICQ
CVE-2008-1919 (SQL injection vulnerability in listtest.php in YourFreeWorld Apartment ...)
	NOT-FOR-US: YourFreeWorld Apartment Search Script
CVE-2008-1918 (SQL injection vulnerability in submit.php in PHP-Fusion 6.01.14 and ...)
	NOT-FOR-US: PHP-Fusion
CVE-2008-1917 (Multiple cross-site scripting (XSS) vulnerabilities in AMFPHP 1.2 ...)
	NOT-FOR-US: AMFPHP
CVE-2008-1916 (Multiple cross-site scripting (XSS) vulnerabilities in the Ubercart ...)
	NOT-FOR-US: Ubercart (drupal module)
CVE-2008-1915 (SQL injection vulnerability in view.asp in DevWorx BlogWorx 1.0 allows ...)
	NOT-FOR-US: BlogWorx
CVE-2008-1930 (The cookie authentication method in WordPress 2.5 relies on a hash of ...)
	- wordpress 2.5.1-1 (medium; bug #477910)
	NOTE: only exploitable in blogs that allow user registering
	[etch] - wordpress <not-affected> (Vulnerable code was introduced in 2.5)
CVE-2008-1927 (Double free vulnerability in Perl 5.8.8 allows context-dependent ...)
	{DSA-1556-2}
	- perl 5.10.0-1 (bug #454792)
CVE-2008-1925 (Buffer overflow in InspIRCd before 1.1.18, when using the namesx and ...)
	- inspircd 1.1.18+dfsg-1 (low)
CVE-2008-1924 (Unspecified vulnerability in phpMyAdmin before 2.11.5.2, when running ...)
	{DSA-1557-1}
	- phpmyadmin 4:2.11.5.2-1
	NOTE: PMASA-2008-3
	NOTE: http://phpmyadmin.svn.sourceforge.net/viewvc/phpmyadmin/branches/QA_2_9/phpMyAdmin/libraries/tbl_replace_fields.inc.php?r1=11211&r2=11210&pathrev=11211
CVE-2008-1914 (Stack-based buffer overflow in the AntServer module (AntServer.exe) in ...)
	NOT-FOR-US: BigAnt Messenger
CVE-2008-1913 (SQL injection vulnerability in index.php in Lasernet CMS 1.5 and 1.11, ...)
	NOT-FOR-US: Lasernet CMS
CVE-2008-1912 (Stack-based buffer overflow in DivX Player 6.7 build 6.7.0.22 and ...)
	NOT-FOR-US: DivX Player
CVE-2008-1911 (SQL injection vulnerability in includes/system.php in 1024 CMS 1.4.2 ...)
	NOT-FOR-US: 1024 CMS
CVE-2008-1910 (Stack-based buffer overflow in the database service (ibserver.exe) in ...)
	NOT-FOR-US: Borland InterBase
CVE-2008-1909 (SQL injection vulnerability in comment.php in PHP Knowledge Base ...)
	NOT-FOR-US: PHPKB
CVE-2008-1908 (Multiple directory traversal vulnerabilities in cpCommerce 1.1.0 allow ...)
	NOT-FOR-US: cpCommerce
CVE-2008-1907 (Multiple SQL injection vulnerabilities in ...)
	NOT-FOR-US: cpCommerce
CVE-2008-1906 (Cross-site scripting (XSS) vulnerability in calendar.php in cpCommerce ...)
	NOT-FOR-US: cpCommerce
CVE-2008-1905 (NMMediaServer.exe in Nero MediaHome 3.3.3.0 and earlier, as used in ...)
	NOT-FOR-US: Nero MediaHome
CVE-2008-1904 (Cicoandcico CcMail 1.0.1 and earlier does not verify that the ...)
	NOT-FOR-US: CcMail
CVE-2008-1903 (PHP remote file inclusion vulnerability in news_show.php in Newanz ...)
	NOT-FOR-US: Newanz NewsOffice
CVE-2008-1902 (The GUI for aptlinex before 0.91 does not sufficiently warn the user ...)
	- aptlinex 0.91-1 (low; bug #476572)
	NOTE: the user gets a confirmation dialog
CVE-2008-1901 (aptlinex before 0.91 allows local users to overwrite arbitrary files ...)
	- aptlinex 0.91-1 (medium; bug #476588)
	NOTE: code execution via /tmp/gambas-apt-exec is also possible, maintainer confirmed this
CVE-2008-1900 (option_Update.asp in Carbon Communities 2.4 and earlier allows remote ...)
	NOT-FOR-US: Carbon Communities
CVE-2008-1899
	RESERVED
CVE-2008-1898 (A certain ActiveX control in WkImgSrv.dll 7.03.0616.0, as distributed ...)
	NOT-FOR-US: Microsoft Works
CVE-2008-1897 (The IAX2 channel driver (chan_iax2) in Asterisk Open Source 1.0.x, ...)
	{DSA-1563-1}
	- asterisk 1:1.4.19.1~dfsg-1 (medium)
CVE-2008-1896 (Multiple cross-site scripting (XSS) vulnerabilities in Carbon ...)
	NOT-FOR-US: Carbon Communities
CVE-2008-1895 (Multiple SQL injection vulnerabilities in Carbon Communities 2.4 and ...)
	NOT-FOR-US: Carbon Communities
CVE-2008-1894 (Cross-site scripting (XSS) vulnerability in ...)
	NOT-FOR-US: BusinessObjects InfoView
CVE-2008-1893 (PHP remote file inclusion vulnerability in index.php in W2B Online ...)
	NOT-FOR-US: W2B Online Banking
CVE-2008-1892 (Cross-site scripting (XSS) vulnerability in bs_auth.php in ...)
	NOT-FOR-US: Blogator-script
CVE-2008-1891 (Directory traversal vulnerability in WEBrick in Ruby 1.8.4 and ...)
	- ruby1.8 1.8.7.22-1 (unimportant)
	- ruby1.9 1.9.0.2-1 (unimportant)
	NOTE: corner-case only exploitable if web application is run on windows fs
CVE-2008-1890 (SQL injection vulnerability in the Jom Comment 2.0 build 345 component ...)
	NOT-FOR-US: Jom Comment for Joomla!
CVE-2008-1889 (SQL injection vulnerability in viewcat.php in XplodPHP AutoTutorials ...)
	NOT-FOR-US: XplodPHP AutoTutorials
CVE-2008-1888 (Cross-site scripting (XSS) vulnerability in Microsoft Windows ...)
	NOT-FOR-US: Windows
CVE-2008-1886 (The NeffyLauncher 1.0.5 ActiveX control (NeffyLauncher.dll) in ...)
	NOT-FOR-US: CDNetworks Nefficient Download
CVE-2008-1885 (Directory traversal vulnerability in the NeffyLauncher 1.0.5 ActiveX ...)
	NOT-FOR-US: NeffyLauncher
CVE-2008-1884 (Directory traversal vulnerability in index.php in Wikepage Opus 13 ...)
	NOT-FOR-US: Wikepage
CVE-2008-1883 (The server in Blackboard Academic Suite 7.x stores MD5 password hashes ...)
	NOT-FOR-US: Blackboard Academic Suite
CVE-2008-1882
	RESERVED
CVE-2008-1881 (Stack-based buffer overflow in the ParseSSA function ...)
	{DTSA-125-1}
	- vlc 0.8.6.e-2.1 (medium; bug #477805)
CVE-2008-1880 (The default configuration of Firebird before 2.0.3.12981.0-r6 on ...)
	- firebird2 <removed>
	[etch] - firebird2 <no-dsa> (Firebird 1.5 no longer supported, see last DSA)
	- firebird2.0 2.0.3.12981.ds1-14 (bug #481389)
	NOTE: on debian after the installation firebird2.0-super is disabled, to enable it
	NOTE: you need to call dpkg-reconfigure
CVE-2008-1879
	RESERVED
CVE-2007-6715 (Mozilla Firefox allows remote attackers to cause a denial of service ...)
	- iceweasel <unfixed> (unimportant)
	NOTE: browser dos not treated as security issues
	NOTE: cant reproduce on 2.0.0.12-1 and 2.0.0.14-2, already fixed?
CVE-2008-2041 (Multiple unspecified vulnerabilities in eGroupWare before 1.4.004 have ...)
	- egroupware 1.4.004-2.dfsg-1 (bug #476977)
CVE-2008-1876 (PHP remote file inclusion vulnerability in index.php in VisualPic ...)
	NOT-FOR-US: VisualPic
CVE-2008-1875 (SQL injection vulnerability in index.php in Terong PHP Photo Gallery ...)
	NOT-FOR-US: Terong PHP Photo Gallery
CVE-2008-1874 (SQL injection vulnerability in account/user/mail.html in Xpoze Pro ...)
	NOT-FOR-US: Xpoze Pro
CVE-2008-1873 (Cross-site scripting (XSS) vulnerability in the private message ...)
	NOT-FOR-US: Nuke ET
CVE-2008-1872 (SQL injection vulnerability in home.news.php in Comdev News Publisher ...)
	NOT-FOR-US: Comdev News Publisher
CVE-2008-1871 (SQL injection vulnerability in links.php in Scriptsagent.com Links ...)
	NOT-FOR-US: Scriptsagent.com
CVE-2008-1870 (SQL injection vulnerability in getdata.php in PIGMy-SQL 1.4.1 and ...)
	NOT-FOR-US: PIGMy-SQL
CVE-2008-1869 (SQL injection vulnerability in Site Sift Listings allows remote ...)
	NOT-FOR-US: Site Sift Listings
CVE-2008-1868 (admin/sauvBase.php in Blog Pixel Motion (aka Blog PixelMotion) does ...)
	NOT-FOR-US: Blog Pixel Motion
CVE-2008-1867 (SQL injection vulnerability in Blog Pixel Motion (aka Blog ...)
	NOT-FOR-US: Blog Pixel Motion
CVE-2008-1866 (admin/modif_config.php in Blog Pixel Motion (aka PixelMotion) ...)
	NOT-FOR-US: Blog Pixel Motion
CVE-2008-1865 (Stack-based buffer overflow in the msx_readnode function in libmosix.c ...)
	NOT-FOR-US: openmosix-tools
CVE-2008-1864 (SQL injection vulnerability in project.php in Prozilla Freelancers ...)
	NOT-FOR-US: Prozilla Freelancers
CVE-2008-1863 (SQL injection vulnerability in view_reviews.php in Prozilla Cheat ...)
	NOT-FOR-US: Prozilla Cheat Script
CVE-2008-1862 (ExBB Italia 0.22 and earlier only checks GET requests that use the ...)
	NOT-FOR-US: ExBB Italia
CVE-2008-1861 (Directory traversal vulnerability in modules/threadstop/threadstop.php ...)
	NOT-FOR-US: ExBB Italia
CVE-2008-1860 (Static code injection vulnerability in admin.php in LokiCMS 0.3.3 and ...)
	NOT-FOR-US: LokiCMS
CVE-2008-1859 (SQL injection vulnerability in events.php in iScripts SocialWare ...)
	NOT-FOR-US: iScripts SocialWare
CVE-2008-1858 (SQL injection vulnerability in index.php in 724Networks 724CMS 4.01 ...)
	NOT-FOR-US: 724Networks 724CMS
CVE-2008-1857 (Multiple directory traversal vulnerabilities in viewsource.php in Make ...)
	NOT-FOR-US: Mole
CVE-2008-1856 (plugins/maps/db_handler.php in LinPHA 1.3.3 and earlier does not ...)
	NOT-FOR-US: LinPHA
CVE-2008-1855 (FrameworkService.exe in McAfee Common Management Agent (CMA) 3.6.0.574 ...)
	NOT-FOR-US: McAfee
CVE-2008-1854 (Unspecified vulnerability in SmarterMail Web Server (SMWebSvr.exe) in ...)
	NOT-FOR-US: SmarterMail Web Server
CVE-2008-1853 (The ovtopmd service in HP OpenView Network Node Manager (OV NNM) 7.51, ...)
	NOT-FOR-US: HP OpenView
CVE-2008-1852 (ovalarmsrv in HP OpenView Network Node Manager (OV NNM) 7.51, 7.53, ...)
	NOT-FOR-US: HP OpenView
CVE-2008-1851 (ovalarmsrv in HP OpenView Network Node Manager (OV NNM) 7.51, 7.53, ...)
	NOT-FOR-US: HP OpenView
CVE-2008-1850 (Multiple cross-site scripting (XSS) vulnerabilities in login.php in ...)
	NOT-FOR-US: Omnistar Interactive OSI Affiliate
CVE-2008-1849 (Directory traversal vulnerability in index.php in the joomlaXplorer ...)
	NOT-FOR-US: com_joomlaxplorer Mambo/Joomla! component
CVE-2008-1848 (Cross-site scripting (XSS) vulnerability in the joomlaXplorer ...)
	NOT-FOR-US: com_joomlaxplorer Mambo/Joomla!
CVE-2008-1847 (SQL injection vulnerability in view.php in CoronaMatrix phpAddressBook ...)
	NOT-FOR-US: phpAddressBook
CVE-2008-1846 (The default configuration of SAP NetWeaver before 7.0 SP15 does not ...)
	NOT-FOR-US: SAP
CVE-2008-1845 (The Korn shell (aka mksh) before R33d on MirOS (aka MirBSD) does not ...)
	- mksh 33.4-1 (low)
	[etch] - mksh <no-dsa> (Minor issue)
CVE-2008-1844 (SQL injection vulnerability in cat.php in W2B phpHotResources allows ...)
	NOT-FOR-US: W2B phpHotResources
CVE-2008-1843 (SQL injection vulnerability in browse.php in W2B DatingClub (aka ...)
	NOT-FOR-US: W2B DatingClub
CVE-2008-1842 (Integer signedness error in ovspmd.exe in HP OpenView Network Node ...)
	NOT-FOR-US: HP OpenView
CVE-2008-1841 (SQL injection vulnerability in the session handling functionality in ...)
	NOT-FOR-US: Coppermine
CVE-2008-1840 (SQL injection vulnerability in upload.php in Coppermine Photo Gallery ...)
	NOT-FOR-US: Coppermine
CVE-2008-1839 (Multgiple cross-site scripting (XSS) vulnerabilities in ...)
	NOT-FOR-US: WORK system e-commerce
CVE-2008-1838 (SQL injection vulnerability in BosClassifieds Classified Ads System ...)
	NOT-FOR-US: BosClassifieds Classified Ads System
CVE-2008-1836 (The rfc2231 function in message.c in libclamav in ClamAV before 0.93 ...)
	- clamav <not-affected> (Vulnerable code introduced later, checked back with upstream)
CVE-2008-1834 (swfdec_load_object.c in Swfdec before 0.6.4 does not properly restrict ...)
	- swfdec0.6 0.6.4-1 (low)
	- swfdec0.5 <removed> (low; bug #477037)
CVE-2008-1833 (Heap-based buffer overflow in libclamav in ClamAV 0.92.1 allows remote ...)
	{DSA-1549-1}
	- clamav 0.92.1~dfsg2-1.1 (medium; bug #476694)
CVE-2007-6713 (Unspecified vulnerability in Flip4Mac WMV before 2.2.0.49 has unknown ...)
	NOT-FOR-US: Flip4Mac
CVE-2007-6714 (DBMail before 2.2.9, when using authldap with an LDAP server that ...)
	- dbmail 2.2.9
CVE-2008-1878 (Stack-based buffer overflow in the demux_nsf_send_chunk function in ...)
	{DSA-1586-1 DTSA-128-1}
	- xine-lib 1.1.12-2 (medium; bug #476990)
	NOTE: not patched but disabled in testing/unstable
CVE-2008-1831 (Multiple unspecified vulnerabilities in the Siebel SimBuilder ...)
	NOT-FOR-US: Oracle Siebel Enterprise
CVE-2008-1830 (Unspecified vulnerability in the PeopleSoft HCM ePerformance component ...)
	NOT-FOR-US: Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne
CVE-2008-1829 (Unspecified vulnerability in the PeopleSoft HCM Recruiting component ...)
	NOT-FOR-US: Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne
CVE-2008-1828 (Unspecified vulnerability in the PeopleSoft PeopleTools component in ...)
	NOT-FOR-US: Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne
CVE-2008-1827 (Multiple unspecified vulnerabilities in Oracle E-Business Suite ...)
	NOT-FOR-US: Oracle E-Business Suite
CVE-2008-1826 (Multiple unspecified vulnerabilities in Oracle E-Business Suite ...)
	NOT-FOR-US: Oracle E-Business Suite
CVE-2008-1825 (Unspecified vulnerability in the Oracle Portal component in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2008-1824 (Unspecified vulnerability in the Oracle Dynamic Monitoring Service ...)
	NOT-FOR-US: Oracle
CVE-2008-1823 (Unspecified vulnerability in the Oracle Jinitiator component in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2008-1822 (Unspecified vulnerability in the Oracle Application Express component ...)
	NOT-FOR-US: Oracle
CVE-2008-1821 (Unspecified vulnerability in the Advanced Queuing component in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2008-1820 (Unspecified vulnerability in the Data Pump component in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2008-1819 (Unspecified vulnerability in the Oracle Net Services component in ...)
	NOT-FOR-US: Oracle
CVE-2008-1818 (Unspecified vulnerability in the Authentication component in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2008-1817 (Multiple unspecified vulnerabilities in Oracle Database 9.0.1.5 FIPS+, ...)
	NOT-FOR-US: Oracle
CVE-2008-1816 (Multiple unspecified vulnerabilities in Oracle Database 10.1.0.5 and ...)
	NOT-FOR-US: Oracle
CVE-2008-1815 (Unspecified vulnerability in the Change Data Capture component in ...)
	NOT-FOR-US: Oracle
CVE-2008-1814 (Unspecified vulnerability in the Oracle Secure Enterprise Search or ...)
	NOT-FOR-US: Oracle
CVE-2008-1813 (Multiple unspecified vulnerabilities in Oracle Database 9.0.1.5 FIPS+, ...)
	NOT-FOR-US: Oracle
CVE-2008-1812 (Unspecified vulnerability in the Oracle Enterprise Manager component ...)
	NOT-FOR-US: Oracle
CVE-2008-1811 (Unspecified vulnerability in Oracle Application Express 3.0.1 has ...)
	NOT-FOR-US: Oracle
CVE-2008-1810 (Untrusted search path vulnerability in dbmsrv in SAP MaxDB 7.6.03.15 ...)
	NOT-FOR-US: SAP MaxDB
CVE-2008-1809 (Heap-based buffer overflow in Novell eDirectory 8.7.3 before ...)
	NOT-FOR-US: Novell eDirectory
CVE-2008-1808 (Multiple off-by-one errors in FreeType2 before 2.3.6 allow ...)
	{DSA-1635-1 DTSA-139-1}
	- freetype 2.3.6-1 (low; bug #485841)
CVE-2008-1807 (FreeType2 before 2.3.6 allow context-dependent attackers to execute ...)
	{DSA-1635-1 DTSA-139-1}
	- freetype 2.3.6-1 (medium; bug #485841)
CVE-2008-1806 (Integer overflow in FreeType2 before 2.3.6 allows context-dependent ...)
	{DSA-1635-1 DTSA-139-1}
	- freetype 2.3.6-1 (medium; bug #485841)
CVE-2008-1805 (Incomplete blacklist vulnerability in Skype 3.6.0.248, and other ...)
	NOT-FOR-US: Skype
CVE-2008-1804 (preprocessors/spp_frag3.c in Sourcefire Snort before 2.8.1 does not ...)
	{DTSA-173-1}
	- snort 2.7.0-20 (low; bug #483160)
	[lenny] - snort 2.7.0-20.2 (low; bug #483160)
	[etch] - snort <not-affected> (Only 2.6 and 2.8 are affected)
CVE-2008-1803 (Integer signedness error in the xrealloc function (rdesktop.c) in ...)
	{DSA-1573-1}
	- rdesktop 1.5.0-4+cvs20071006 (bug #480135)
CVE-2008-1802 (Buffer overflow in the process_redirect_pdu (rdp.c) function in ...)
	{DSA-1573-1}
	- rdesktop 1.5.0-4+cvs20071006 (bug #480134)
CVE-2008-1801 (Integer underflow in the iso_recv_msg function (iso.c) in rdesktop ...)
	{DSA-1573-1}
	- rdesktop 1.5.0-4+cvs20071006 (bug #480133)
CVE-2008-1800 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...)
	NOT-FOR-US: DivXDB
CVE-2008-1799 (Directory traversal vulnerability in thumbnails.php in sabros.us 1.75 ...)
	NOT-FOR-US: sabros.us
CVE-2008-1798 (Directory traversal vulnerability in forum/kietu/libs/calendrier.php ...)
	NOT-FOR-US: Dragoon
CVE-2008-1797 (Unspecified vulnerability in Secure Computing Webwasher 5.30 before ...)
	NOT-FOR-US: Secure Computing Webwasher
CVE-2008-1796 (Comix 3.6.4 creates temporary directories with predictable names, ...)
	- comix 3.6.4-1.1 (unimportant)
	NOTE: only exploitable with insecure umask settings
CVE-2008-1795 (Multiple cross-site scripting (XSS) vulnerabilities in Blackboard ...)
	NOT-FOR-US: Blackboard Academic Suite
CVE-2008-1794 (Multiple cross-site scripting (XSS) vulnerabilities in the Webform ...)
	NOT-FOR-US: Webform Drupal module
CVE-2008-1793 (Multiple cross-site scripting (XSS) vulnerabilities in view.cgi in ...)
	NOT-FOR-US: Smart
CVE-2008-1792 (Cross-site scripting (XSS) vulnerability in the insertion filter in ...)
	NOT-FOR-US: Flickr Drupal module
CVE-2008-1791 (SQL injection vulnerability in ladder.php in My Gaming Ladder 7.5 and ...)
	NOT-FOR-US: My Gaming Ladder
CVE-2008-1790 (Unrestricted file upload vulnerability in iScripts SocialWare allows ...)
	NOT-FOR-US: iScripts
CVE-2008-1789 (SQL injection vulnerability in forum.php in Prozilla Forum allows ...)
	NOT-FOR-US: Prozilla Forum
CVE-2008-1788 (SQL injection vulnerability in directory.php in Prozilla Entertainers ...)
	NOT-FOR-US: Prozilla Entertainers
CVE-2008-1787 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...)
	NOT-FOR-US: Poplar Gedcom Viewer
CVE-2008-1786 (The DSM gui_cm_ctrls ActiveX control (gui_cm_ctrls.ocx), as used in ...)
	NOT-FOR-US: CA products
CVE-2008-1785 (delete.php in Prozilla Top 100 1.2 allows remote authenticated users ...)
	NOT-FOR-US: Prozilla Top 100
CVE-2008-1784 (Prozilla Topsites 1.0 allows remote attackers to perform ...)
	NOT-FOR-US: Prozilla Topsites
CVE-2008-1783 (Prozilla Reviews 1.0 allows remote attackers to delete arbitrary users ...)
	NOT-FOR-US: Prozilla Reviews
CVE-2008-1782 (phpdemo/viewsource.php in Advanced Software Engineering ChartDirector ...)
	NOT-FOR-US: Advanced Software Engineering ChartDirector
CVE-2008-1837 (libclamunrar in ClamAV before 0.93 allows remote attackers to cause a ...)
	- clamav <not-affected> (Debian doesn't include libunrar since it's non-free)
CVE-2008-1835 (ClamAV before 0.93 allows remote attackers to bypass the scanning ...)
	- clamav <not-affected> (Debian doesn't include libunrar since it's non-free)
CVE-2008-1832 (lib/prefs.tcl in Cecilia 2.0.5 allows local users to overwrite ...)
	- cecilia 2.0.5-2.1 (low; bug #476321)
	[etch] - cecilia <no-dsa> (Minor issue)
CVE-2008-1781
	REJECTED
CVE-2008-1780 (Unspecified vulnerability in the labeled networking functionality in ...)
	NOT-FOR-US: Solaris
CVE-2008-1779 (Sun Solaris 8, 9, and 10 allows &quot;remote privileged&quot; users to cause a ...)
	NOT-FOR-US: Solaris
CVE-2008-1778 (Unspecified vulnerability in the floating point context switch ...)
	NOT-FOR-US: Solaris
CVE-2008-1777 (The eDirectory Host Environment service (dhost.exe) in Novell ...)
	NOT-FOR-US: Novell eDirectory
CVE-2008-1776 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: PhpBlock
CVE-2008-1775 (Cross-site scripting (XSS) vulnerability in mindex.do in ManageEngine ...)
	NOT-FOR-US: ManageEngine Firewall Analyzer
CVE-2008-1774 (SQL injection vulnerability in editlink.php in Pligg 9.9.0 allows ...)
	NOT-FOR-US: Pligg
CVE-2008-1773 (PHP remote file inclusion vulnerability in includes/header.inc.php in ...)
	NOT-FOR-US: Dragoon
CVE-2008-1772 (iScripts SocialWare stores passwords in cleartext in a database, which ...)
	NOT-FOR-US: iScripts SocialWare
CVE-2008-1771 (Integer overflow in the ws_getpostvars function in Firefly Media ...)
	{DSA-1597-1}
	- mt-daapd 0.9~r1696-1.3 (medium; bug #476241)
CVE-2008-1770 (CRLF injection vulnerability in Akamai Download Manager ActiveX ...)
	NOT-FOR-US: Akamai Download Manager
CVE-2008-1769 (VLC before 0.8.6f allow remote attackers to cause a denial of service ...)
	{DTSA-125-1}
	- vlc 0.8.6.e-2.1 (low; bug #478140)
CVE-2008-1768 (Multiple integer overflows in VLC before 0.8.6f allow remote attackers ...)
	{DTSA-125-1}
	- vlc 0.8.6.e-2.1 (medium; bug #478140)
CVE-2008-1767 (Buffer overflow in pattern.c in libxslt before 1.1.24 allows ...)
	{DSA-1589-1}
	- libxslt 1.1.24-1 (bug #482664)
CVE-2008-1766 (Multiple unspecified vulnerabilities in phpBB before 3.0.1 have ...)
	- phpbb3 3.0.1-1 (low)
	- phpbb2 <not-affected> (Vulnerable code not present)
CVE-2008-1765 (Buffer overflow in Adobe Photoshop Album Starter Edition 3.2, and ...)
	NOT-FOR-US: Adobe
CVE-2008-1764 (Unspecified vulnerability in Opera before 9.27 has unknown impact and ...)
	NOT-FOR-US: Opera
CVE-2008-1763 (SQL injection vulnerability in _blogadata/include/sond_result.php in ...)
	NOT-FOR-US: Blogator-script
CVE-2008-1762 (Opera before 9.27 allows remote attackers to cause a denial of service ...)
	NOT-FOR-US: Opera
CVE-2008-1761 (Opera before 9.27 allows remote attackers to cause a denial of service ...)
	NOT-FOR-US: Opera
CVE-2008-1760 (Multiple PHP remote file inclusion vulnerabilities in Blogator-script ...)
	NOT-FOR-US: Blogator-script
CVE-2008-1759 (SQL injection vulnerability in the jeuxflash module for KwsPHP allows ...)
	NOT-FOR-US: KwsPHP
CVE-2008-1758 (SQL injection vulnerability in the ConcoursPhoto module for KwsPHP ...)
	NOT-FOR-US: KwsPHP
CVE-2008-1757 (Cross-site scripting (XSS) vulnerability in index.php in the ...)
	NOT-FOR-US: KwsPHP
CVE-2008-1756 (Unspecified vulnerability in the Qmaster daemon in Sun N1 Grid Engine ...)
	NOT-FOR-US: Sun
CVE-2008-1755 (Directory traversal vulnerability in the showSource function in ...)
	NOT-FOR-US: World of Phaos
CVE-2008-1754 (Symantec Altiris Deployment Solution before 6.9.164 stores the ...)
	NOT-FOR-US: Symantec
CVE-2008-1753 (Cross-site scripting (XSS) vulnerability in ...)
	NOT-FOR-US: Alkacon OpenCMS
CVE-2008-1752 (ezRADIUS 0.1 stores sensitive information under the web root with ...)
	NOT-FOR-US: ezRADIUS
CVE-2008-1751 (Multiple directory traversal vulnerabilities in index.php in Ksemail ...)
	NOT-FOR-US: Ksemail
CVE-2008-1750 (SQL injection vulnerability in Integry Systems LiveCart 1.1.1 and ...)
	NOT-FOR-US: LiveCart
CVE-2008-1749 (Memory leak in Cisco Content Switching Module (CSM) 4.2(3) up to ...)
	NOT-FOR-US: Cisco firmware
CVE-2008-1748 (Cisco Unified Communications Manager 4.1 before 4.1(3)SR7, 4.2 before ...)
	NOT-FOR-US: Cisco firmware
CVE-2008-1747 (Unspecified vulnerability in Cisco Unified Communications Manager 4.1 ...)
	NOT-FOR-US: Cisco firmware
CVE-2008-1746 (The SNMP Trap Agent service in Cisco Unified Communications Manager ...)
	NOT-FOR-US: Cisco firmware
CVE-2008-1745 (Cisco Unified Communications Manager (CUCM) 5.x before 5.1(2) and 6.x ...)
	NOT-FOR-US: Cisco firmware
CVE-2008-1744 (The Certificate Authority Proxy Function (CAPF) service in Cisco ...)
	NOT-FOR-US: Cisco firmware
CVE-2008-1743 (Memory leak in the Certificate Trust List (CTL) Provider service in ...)
	NOT-FOR-US: Cisco firmware
CVE-2008-1742 (Memory leak in the Certificate Trust List (CTL) Provider service in ...)
	NOT-FOR-US: Cisco firmware
CVE-2008-1741 (The SIP Proxy (SIPD) service in Cisco Unified Presence before 6.0(3) ...)
	NOT-FOR-US: Cisco firmware
CVE-2008-1740 (The Presence Engine (PE) service in Cisco Unified Presence before ...)
	NOT-FOR-US: Cisco firmware
CVE-2008-1739 (Apple QuickTime before 7.4.5 allows remote attackers to cause a denial ...)
	NOT-FOR-US: Apple QuickTime
CVE-2008-1738 (Rising Antivirus 2008 before 20.38.20 allows local users to cause a ...)
	NOT-FOR-US: Rising Antivirus
CVE-2008-1737 (Sophos Anti-Virus 7.0.5, and other 7.x versions, when Runtime ...)
	NOT-FOR-US: Sophos Anti-Virus
CVE-2008-1736 (Comodo Firewall Pro before 3.0 does not properly validate certain ...)
	NOT-FOR-US: Comodo Firewall
CVE-2008-1735 (BitDefender Antivirus 2008 20080118 and earlier allows local users to ...)
	NOT-FOR-US: BitDefender Antivirus
CVE-2008-1734 (Interpretation conflict in PHP Toolkit before 1.0.1 on Gentoo Linux ...)
	NOT-FOR-US: PHP Toolkit (Gentoo specific)
CVE-2008-1733 (SQL injection vulnerability in puarcade.class.php 2.2 and earlier in ...)
	NOT-FOR-US: Joomla component Pragmatic Utopia PU Arcade
CVE-2008-1732 (SQL injection vulnerability in showpredictionsformatch.php in ...)
	NOT-FOR-US: Prediction Football
CVE-2008-1731 (The Simple Access module for Drupal 5.x through 5.x-1.2-2 does not ...)
	NOT-FOR-US: Drupal module Simple Access
CVE-2008-1730 (Directory traversal vulnerability in download.html in ARWScripts ...)
	NOT-FOR-US: ARWScripts Gallery Script Lite
CVE-2008-1729 (The menu system in Drupal 6 before 6.2 has incorrect menu settings, ...)
	NOT-FOR-US: Drupal 6 (not packaged yet)
CVE-2008-1728 (ConnectionManagerImpl.java in Ignite Realtime Openfire 3.4.5 allows ...)
	NOT-FOR-US: Ignite Realtime Openfire
CVE-2008-1727 (KnowledgeQuest 2.5 and 2.6 does not require authentication for access ...)
	NOT-FOR-US: KnowledgeQuest
CVE-2008-1726 (Multiple SQL injection vulnerabilities in KnowledgeQuest 2.6, when ...)
	NOT-FOR-US: KnowledgeQuest
CVE-2008-1725 (The IBizEBank.FIProfile.1 ActiveX control in fiprofile20.ocx in IBiz ...)
	NOT-FOR-US: ActiveX
CVE-2008-1724 (Stack-based buffer overflow in the IActiveXTransfer.FileTransfer ...)
	NOT-FOR-US: ActiveX
CVE-2008-1723
	RESERVED
CVE-2008-1722 (Multiple integer overflows in (1) filter/image-png.c and (2) ...)
	{DSA-1625-1}
	- cups 1.3.7-2 (medium; bug #476305)
	- cupsys 1.3.7-2 (medium; bug #476305)
CVE-2008-1721 (Integer signedness error in the zlib extension module in Python 2.5.2 ...)
	{DSA-1620-1 DSA-1551-1}
	- python2.4 2.4.5-2
	- python2.5 2.5.2-3
CVE-2008-1719 (Multiple cross-site request forgery (CSRF) vulnerabilities in Nuke ET ...)
	NOT-FOR-US: Nuke ET
CVE-2008-1718 (Buffer overflow in mimesr.dll in Autonomy (formerly Verity) KeyView, ...)
	NOT-FOR-US: IBM Lotus Notes
CVE-2008-1717 (WoltLab Community Framework (WCF) 1.0.6 in WoltLab Burning Board 3.0.5 ...)
	NOT-FOR-US: WoltLab Community Framework
CVE-2008-1716 (Cross-site scripting (XSS) vulnerability in WoltLab Community ...)
	NOT-FOR-US: WoltLab Community Framework
CVE-2008-1715 (SQL injection vulnerability in content/user.php in AuraCMS 2.2.1 and ...)
	NOT-FOR-US: AuraCMS
CVE-2008-1714 (SQL injection vulnerability in show.php in FaScript FaPhoto 1.0, when ...)
	NOT-FOR-US: FaScript FaPhoto
CVE-2008-1713 (MailServer.exe in NoticeWare Email Server 4.6.1.0 allows remote ...)
	NOT-FOR-US: NoticeWare Email Server
CVE-2008-1712 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: mx_blogs
CVE-2008-1711 (Terong PHP Photo Gallery (aka Advanced Web Photo Gallery) 1.0 stores ...)
	NOT-FOR-US: Terong PHP Photo Gallery
CVE-2008-1710 (Untrusted search path vulnerability in chnfsmnt in IBM AIX 6.1 allows ...)
	NOT-FOR-US: IBM AIX
CVE-2008-1709 (Buffer overflow in Microsoft Visual InterDev 6.0 (SP6) allows ...)
	NOT-FOR-US: Microsoft Visual InterDev
CVE-2008-1708 (IBM solidDB 06.00.1018 and earlier does not validate a certain field ...)
	NOT-FOR-US: IBM solidDB
CVE-2008-1707 (IBM solidDB 06.00.1018 and earlier allows remote attackers to cause a ...)
	NOT-FOR-US: IBM solidDB
CVE-2008-1706 (Uncontrolled array index in IBM solidDB 06.00.1018 and earlier allows ...)
	NOT-FOR-US: IBM solidDB
CVE-2008-1705 (Format string vulnerability in the logging function in IBM solidDB ...)
	NOT-FOR-US: IBM solidDB
CVE-2007-6712 (Integer overflow in the hrtimer_forward function (hrtimer.c) in Linux ...)
	{DSA-1588-1}
	- linux-2.6 2.6.26-1
	- linux-2.6.24 <not-affected>
	NOTE: upstream commit 13788ccc41ceea5893f9c747c59bc0b28f2416c2, not present in 2.6.25.x,
	NOTE: but fixed in git, so marking as fixed in 2.6.26-1
CVE-2008-1887 (Python 2.5.2 and earlier allows context-dependent attackers to execute ...)
	{DSA-1620-1 DSA-1551-1}
	- python2.4 2.4.5-2
	- python2.5 2.5.2-3
CVE-2008-1877 (tss 0.8.1 allows local users to read arbitrary files via the -a ...)
	- tss <removed> (medium; bug #475747; bug #475736)
CVE-2008-1720 (Buffer overflow in rsync 2.6.9 to 3.0.1, with extended attribute ...)
	{DSA-1545-1}
	- rsync 3.0.2-1
	NOTE: Etch is affected (it enables the acl upstream patch)
	NOTE: http://samba.anu.edu.au/rsync/security.html#s3_0_2
CVE-2008-1704 (Multiple buffer overflows in TIBCO Software Enterprise Message Service ...)
	NOT-FOR-US: TIBCO
CVE-2008-1703 (Multiple buffer overflows in TIBCO Software Rendezvous before 8.1.0, ...)
	NOT-FOR-US: TIBCO
CVE-2008-1702 (Absolute path traversal vulnerability in dload.php in the my_gallery ...)
	NOT-FOR-US: my_gallery plugin for e107
CVE-2008-1701 (Novell NetWare 6.5 allows attackers to cause a denial of service ...)
	NOT-FOR-US: Novell NetWare
CVE-2008-1700 (The Web TransferCtrl Class 8,2,1,4 (iManFile.cab), as used in WorkSite ...)
	NOT-FOR-US: WorkSite Web
CVE-2008-1699 (SQL injection vulnerability in permalink.php in Desi Quintans Writer's ...)
	NOT-FOR-US: Desi Quintans Writer's Block CMS
CVE-2008-1698 (Cross-site scripting (XSS) vulnerability in gallery.php in Simple ...)
	NOT-FOR-US: Simple Gallery
CVE-2008-1697 (Stack-based buffer overflow in ovwparser.dll in HP OpenView Network ...)
	NOT-FOR-US: HP OpenView Network Node Manager
CVE-2008-1696 (Directory traversal vulnerability in makepost.php in DaZPHPNews 0.1-1, ...)
	NOT-FOR-US: DaZPHPNews
CVE-2008-1695
	RESERVED
CVE-2008-1694 (vcdiff in Emacs 20.7 to 22.1.50, when used with SCCS, allows local ...)
	- emacs21 21.4a+1-5.6 (low; bug #476612) 
	[etch] - emacs21 <no-dsa> (Minor issue)
	- emacs22 22.2+2-2 (low; bug #476611)
	- xemacs21 21.4.21-4 (low; bug #476613)
	[etch] - xemacs21 <no-dsa> (Minor issue)
CVE-2008-1693 (The CairoFont::create function in CairoFontEngine.cc in Poppler, ...)
	{DSA-1606-1 DSA-1548-1}
	- xpdf 3.02
	- poppler 0.6.4-1 (bug #476842)
	- kdegraphics <not-affected> (Vulnerable code not present)
	- texlive-bin <not-affected> (code already has the needed fix)
	NOTE: see GfxFont.cc GfxFont::readEmbFontFile, line 362 checks if the font file is
	NOTE: a stream or not. Anyone knows a fixed version?
	- texlive-base <not-affected> (Vulnerable code not present)
CVE-2008-1692 (Eterm 0.9.4 opens a terminal window on :0 if -display is not specified ...)
	- eterm 0.9.4.0debian1-2.1 (unimportant; bug #473127)
CVE-2008-1691 (Unspecified vulnerability in SLMail.exe in SLMail Pro 6.3.1.0 and ...)
	NOT-FOR-US: SLMail Pro
CVE-2008-1690 (WebContainer.exe 1.0.0.336 and earlier in SLMail Pro 6.3.1.0 and ...)
	NOT-FOR-US: SLMail Pro
CVE-2008-1689 (Stack consumption vulnerability in WebContainer.exe 1.0.0.336 and ...)
	NOT-FOR-US: SLMail Pro
CVE-2008-1688 (Unspecified vulnerability in GNU m4 before 1.4.11 might allow ...)
	- m4 <unfixed> (unimportant)
	NOTE: The file name is passed through a cmdline argument and m4 doesn't run with
	NOTE: elevated privileges.
CVE-2008-1687 (The (1) maketemp and (2) mkstemp builtin functions in GNU m4 before ...)
	- m4 <unfixed> (unimportant)
	NOTE: This is more a generic bug and not a security issue: the random output would 
	NOTE: need to match the name of an existing macro
CVE-2008-1686 (Array index vulnerability in Speex 1.1.12 and earlier, as used in ...)
	{DSA-1586-1 DSA-1585-1 DSA-1584-1 DTSA-127-1 DTSA-128-1 DTSA-129-1}
	- speex 1.2~beta2-1 (medium)
	- libfishsound 0.7.0-2.2 (medium; bug #475152)
	- xine-lib 1.1.12-1 (medium)
CVE-2008-1685 (gcc 4.2.0 through 4.3.0 in GNU Compiler Collection, when casts are not ...)
	- gcc-4.3 4.3.1-1 (bug #482698; unimportant)
	NOTE: dup of CVE-2006-1902 which is fixed in Debian?
CVE-2008-1684 (inetd on Sun Solaris 10, when debug logging is enabled, allows local ...)
	NOT-FOR-US: Sun Solaris
CVE-2008-1683
	REJECTED
CVE-2008-1682 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: com_onlineflashquiz component for Joomla!
CVE-2008-1681 (Unspecified vulnerability in IBM DB2 Content Manager before 8.3 FP8 ...)
	NOT-FOR-US: IBM DB2IBM DB2
CVE-2008-1680 (PHP-Nuke Platinum 7.6.b.5 allows remote attackers to obtain ...)
	NOT-FOR-US: PHP-Nuke Platinum
CVE-2008-1679 (Multiple integer overflows in imageop.c in Python before 2.5.3 allow ...)
	{DSA-1620-1 DSA-1551-1}
	- python2.4 2.4.5-2
	- python2.5 2.5.2-3
CVE-2008-1678 (Memory leak in the zlib_stateful_init function in crypto/comp/c_zlib.c ...)
	{DTSA-131-1}
	- apache2 2.2.8-4
	[etch] - apache2 <not-affected> (only a problem with openssl 0.9.8f or later)
	NOTE: https://issues.apache.org/bugzilla/show_bug.cgi?id=44975
CVE-2008-1677 (Buffer overflow in the regular expression handler in Red Hat Directory ...)
	NOT-FOR-US: Red Hat Directory Server
CVE-2008-1676 (Red Hat PKI Common Framework (rhpki-common) in Red Hat Certificate ...)
	NOT-FOR-US: Red Hat Issue
CVE-2008-1675 (The bdx_ioctl_priv function in the tehuti driver (tehuti.c) in Linux ...)
	- linux-2.6 2.6.25-2 (low)
	[etch] - linux-2.6 <not-affected> (Tehuti driver not in 2.6.18)
	- linux-2.6.24 2.6.24-6~etchnhalf.2
	NOTE: Fixed in 2.6.24.6 and 2.6.25.1
CVE-2008-1674
	RESERVED
CVE-2008-1673 (The asn1 implementation in (a) the Linux kernel 2.4 before 2.4.36.6 ...)
	{DSA-1592-1}
	- linux-2.6 2.6.25-5 (bug #485944)
	- linux-2.6.24 2.6.24-6~etchnhalf.3
CVE-2008-1672 (OpenSSL 0.9.8f and 0.9.8g allows remote attackers to cause a denial of ...)
	{DTSA-136-1}
	- openssl 0.9.8g-10.1 (bug #483379)
	[etch] - openssl <not-affected> (Vulnerable code (TLS extensions) not present)
CVE-2008-1671 (start_kdeinit in KDE 3.5.5 through 3.5.9, when installed setuid root, ...)
	- kdelibs 4:3.5.9.dfsg.1-4 (low; bug #478024)
	NOTE: unimportant, opinions?
CVE-2008-1670 (Heap-based buffer overflow in the progressive PNG Image loader ...)
	- kdelibs <not-affected> (Vulnerable code introduce in kde 4.0)
	- kde4libs 4:4.0.72-1 (bug #478283)
CVE-2008-1669 (Linux kernel before 2.6.25.2 does not apply a certain protection ...)
	{DSA-1575-1}
	- linux-2.6 2.6.25-2 (low)
	- linux-2.6.24 2.6.24-6~etchnhalf.2
	NOTE: 0b2bac2f1ea0d33a3621b27ca68b9ae760fca2e9, fixed in 2.6.24.7 and 2.6.25.2
CVE-2008-1668 (ftpd.c in (1) wu-ftpd 2.4.2 and (2) ftpd in HP HP-UX B.11.11 assigns ...)
	NOT-FOR-US: wu-ftpd in HP-UX
CVE-2008-1667 (The Probe Builder Service (aka PBOVISServer.exe) in European ...)
	NOT-FOR-US: Probe Builder 2.2
CVE-2008-1666 (Unspecified vulnerability in HP Oracle for OpenView (OfO) 8.1.7, ...)
	NOT-FOR-US: HP Oracle for OpenView
CVE-2008-1665 (Multiple unspecified vulnerabilities in HP Select Identity (HPSI) ...)
	NOT-FOR-US: HP Select Identity
CVE-2008-1664 (Unspecified vulnerability in libc on HP HP-UX B.11.23 and B.11.31 ...)
	NOT-FOR-US: HP HP-UX
CVE-2008-1663 (Cross-site scripting (XSS) vulnerability in HP System Management ...)
	NOT-FOR-US: HP System Management Homepage
CVE-2008-1662 (Unspecified vulnerability in the HP System Administration Manager ...)
	NOT-FOR-US: HP System Administration Manager
CVE-2008-1661 (Stack-based buffer overflow in DoubleTake.exe in HP StorageWorks ...)
	NOT-FOR-US: HP StorageWorks
CVE-2008-1660 (Unspecified vulnerability in useradd on HP-UX B.11.11, B.11.23, and ...)
	NOT-FOR-US: HP-UX
CVE-2008-1659 (Unspecified vulnerability in HP LDAP-UX vB.04.10 through vB.04.15 ...)
	NOT-FOR-US: HP LDAP-UX
CVE-2008-1658 (Format string vulnerability in the grant helper ...)
	- policykit 0.8-1 (medium; bug #476615; bug #476616)
CVE-2008-1657 (OpenSSH 4.4 up to versions before 4.9 allows remote authenticated ...)
	- openssh 1:4.7p1-8 (low; bug #475156)
	[etch] - openssh <not-affected> (Vulnerable functionality was introduced in 4.4)
CVE-2008-1656 (Adobe ColdFusion 8 and 8.0.1 does not properly implement the public ...)
	NOT-FOR-US: Adobe ColdFusion
CVE-2008-1655 (Unspecified vulnerability in Adobe Flash Player 9.0.115.0 and earlier, ...)
	- flashplugin-nonfree 1:1.4
	[etch] - flashplugin-nonfree <no-dsa> (Contrib not supported)
	NOTE: Fix came from Adobe via new Adobe Flash Player, debian package didn't change
CVE-2008-1654 (Interaction error between Adobe Flash and multiple Universal Plug and ...)
	- flashplugin-nonfree 1:1.4
	[etch] - flashplugin-nonfree <no-dsa> (Contrib not supported)
CVE-2008-1653 (Directory traversal vulnerability in index.php in Sava's Link Manager ...)
	NOT-FOR-US: Sava's Link Manager
CVE-2008-1652 (Directory traversal vulnerability in the _serve_request_multiple ...)
	- perlbal <itp> (bug #456534)
CVE-2008-1651 (Directory traversal vulnerability in admin/login.php in EasyNews 4.0 ...)
	NOT-FOR-US: EasyNews
CVE-2008-1650 (SQL injection vulnerability in dynamicpages/index.php in EasyNews 4.0 ...)
	NOT-FOR-US: EasyNews
CVE-2008-1649 (Cross-site scripting (XSS) vulnerability in ...)
	NOT-FOR-US: EasyNews
CVE-2008-1648 (Sympa before 5.4 allows remote attackers to cause a denial of service ...)
	{DSA-1600-1}
	- sympa 5.3.4-4 (medium; bug #475163)
CVE-2008-1647 (The ChilkatHttp.ChilkatHttp.1 and ChilkatHttp.ChilkatHttpRequest.1 ...)
	NOT-FOR-US: ChilkatHttp
CVE-2008-1646 (SQL injection vulnerability in wp-download.php in the WP-Download 1.2 ...)
	NOT-FOR-US: WP-Download plugin for WordPress
CVE-2008-1645 (Directory traversal vulnerability in body.php in phpSpamManager ...)
	NOT-FOR-US: phpSpamManager
CVE-2008-1644 (SQL injection vulnerability in viewlinks.php in Sava's Link Manager ...)
	NOT-FOR-US: Sava's Link Manager
CVE-2008-1643 (Directory traversal vulnerability in the PXE TFTP Service ...)
	NOT-FOR-US: LANDesk Management Suite
CVE-2008-1642 (Directory traversal vulnerability in index.php in Sava's GuestBook 2.0 ...)
	NOT-FOR-US: Sava's GuestBook
CVE-2008-1641 (SQL injection vulnerability in default.asp in EfesTECH Video 5.0 ...)
	NOT-FOR-US: EfesTECH Video
CVE-2008-1640 (SQL injection vulnerability in jgs_treffen.php in the JGS-XA ...)
	NOT-FOR-US: JGS-Treffen
CVE-2008-1639 (SQL injection vulnerability in index.php in Neat weblog 0.2 allows ...)
	NOT-FOR-US: Neat weblog
CVE-2008-1638 (Nik Sharpener Pro, possibly 2.0, uses world-writable permissions for ...)
	NOT-FOR-US: Nik Sharpener Pro
CVE-2008-1637 (PowerDNS Recursor before 3.1.5 uses insufficient randomness to ...)
	{DSA-1544-2 DSA-1544-1}
	- pdns-recursor 3.1.7-1
	NOTE: Fix in 3.1.5 was incomplete, see CVE-2008-3217
CVE-2008-1636 (Cross-site scripting (XSS) vulnerability in index.php in JV2 Quick ...)
	NOT-FOR-US: JV2 Quick Gallery
CVE-2008-1635 (Directory traversal vulnerability in view_private.php in Keep It ...)
	NOT-FOR-US: Keep It Simple Guest Book
CVE-2008-1634 (Cross-site scripting (XSS) vulnerability in index.php in JV2 Folder ...)
	NOT-FOR-US: JV2 Folder Gallery
CVE-2008-1633 (Unspecified vulnerability in Mondo Rescue before 2.2.5 has unknown ...)
	- mondo 1:2.2.7-1 (bug #475221)
CVE-2008-1632 (Multiple SQL injection vulnerabilities in CuteFlow 2.10.0 allow remote ...)
	- cuteflow <itp> (bug #465372)
CVE-2008-1631 (SQL injection vulnerability in login.php in CuteFlow 1.5.0 and 2.10.0 ...)
	- cuteflow <itp> (bug #465372)
CVE-2008-1630 (Multiple cross-site scripting (XSS) vulnerabilities in CuteFlow 1.5.0 ...)
	- cuteflow <itp> (bug #465372)
CVE-2008-1629 (Cross-site scripting (XSS) vulnerability in PHPkrm before 1.5.0 allows ...)
	NOT-FOR-US: PHPkrm
CVE-2008-1628 (Stack-based buffer overflow in the audit_log_user_command function in ...)
	{DTSA-123-1}
	- audit 1.5.3-2.1 (medium; bug #475227)
	NOTE: auditd runs as root
CVE-2008-1627 (CDS Invenio 0.92.1 and earlier allows remote authenticated users to ...)
	NOT-FOR-US: CDS Invenio
CVE-2008-1626 (SQL injection vulnerability in eggBlog before 4.0.1 allows remote ...)
	NOT-FOR-US: eggBlog
CVE-2008-1625 (aavmker4.sys in avast! Home and Professional 4.7 for Windows does not ...)
	NOT-FOR-US: avast! Home and Professional
CVE-2008-1624 (Directory traversal vulnerability in v2demo/page.php in Jshop Server ...)
	NOT-FOR-US: Jshop Server
CVE-2008-1623 (SQL injection vulnerability in admin_view_image.php in Smoothflash ...)
	NOT-FOR-US: Smoothflash
CVE-2008-1622 (Multiple PHP remote file inclusion vulnerabilities in GeeCarts allow ...)
	NOT-FOR-US: GeeCarts
CVE-2008-1621 (Multiple cross-site scripting (XSS) vulnerabilities in GeeCarts allow ...)
	NOT-FOR-US: GeeCarts
CVE-2008-1620 (Directory traversal vulnerability in 2X TFTP service (TFTPd.exe) ...)
	NOT-FOR-US: ThinClientServer
CVE-2008-1619 (The ssm_i emulation in Xen 5.1 on IA64 architectures allows attackers ...)
	- xen-3 <not-affected> (Debian Xen does not support ia64)
	- xen-unstable <not-affected> (Debian Xen does not support ia64)
	- xen-3.0 <not-affected> (Debian Xen does not support ia64)
CVE-2008-1618 (The PPTP VPN service in Watchguard Firebox before 10, when performing ...)
	NOT-FOR-US: Watchguard Firebox
CVE-2008-1617 (Double free vulnerability in Web TransferCtrl Class 8,2,1,4 ...)
	NOT-FOR-US: WorkSite Web
CVE-2008-1616
	RESERVED
CVE-2008-1615 (Linux kernel 2.6.18, and possibly other versions, when running on ...)
	{DSA-1588-1}
	- linux-2.6 2.6.25-1 (medium; bug #480390)
	- linux-2.6.24 2.6.24-6~etchnhalf.3
CVE-2008-1614 (suPHP before 0.6.3 allows local users to gain privileges via (1) a ...)
	{DSA-1550-1 DTSA-124-1}
	- suphp 0.6.2-2.1 (low; bug #475431)
CVE-2008-1613 (SQL injection vulnerability in ioRD.asp in RedDot CMS 7.5 Build ...)
	NOT-FOR-US: RedDot CMS
CVE-2008-1612 (The arrayShrink function (lib/Array.c) in Squid 2.6.STABLE17 allows ...)
	{DSA-1646-2}
	- squid 2.6.18-1 (medium)
CVE-2008-1611 (Stack-based buffer overflow in TFTP Server SP 1.4 for Windows allows ...)
	NOT-FOR-US: TFTP Server for Windows
CVE-2008-1610 (Stack-based buffer overflow in TallSoft Quick TFTP Server Pro 2.1 ...)
	NOT-FOR-US: TFTP Server Pro
CVE-2008-1609 (Multiple PHP remote file inclusion vulnerabilities in just another ...)
	NOT-FOR-US: JAF CMS
CVE-2008-1608 (SQL injection vulnerability in postview.php in Clever Copy 3.0 allows ...)
	NOT-FOR-US: Clever Copy
CVE-2008-1607 (SQL injection vulnerability in haberoku.php in Serbay Arslanhan Bomba ...)
	NOT-FOR-US: Serbay Arslanhan Bomba Haber
CVE-2008-1606 (Multiple directory traversal vulnerabilities in Elastic Path (EP) 4.1 ...)
	NOT-FOR-US: Elastic Path
CVE-2008-1605 (The (1) ltmmCaptureCtrl Class, (2) ltmmConvertCtrl Class, and (3) ...)
	NOT-FOR-US: LEADTOOLS
CVE-2008-1604 (Cross-site scripting (XSS) vulnerability in PerlMailer before 3.02 ...)
	NOT-FOR-US: PerlMailer
CVE-2008-1603 (Cross-site scripting (XSS) vulnerability in GNB DesignForm before 3.9 ...)
	NOT-FOR-US: GNB DesignForm
CVE-2008-1602 (Stack-based buffer overflow in Orbit downloader 2.6.3 and 2.6.4 allows ...)
	NOT-FOR-US: Orbit downloader
CVE-2003-1557 (Off-by-one buffer overflow in spamc of SpamAssassin 2.40 through 2.43, ...)
	- spamassassin 3.1.7-2
CVE-2003-1556 (Cross-site scripting (XSS) vulnerability in cc_guestbook.pl in CGI ...)
	NOT-FOR-US: CGI City CC Guestbook
CVE-2008-1601 (Stack-based buffer overflow in the reboot program on IBM AIX 5.2 and ...)
	NOT-FOR-US: IBM AIX
CVE-2008-1600 (The lsmcode program on IBM AIX 5.2, 5.3, and 6.1 does not properly ...)
	NOT-FOR-US: IBM AIX
CVE-2008-1599 (The nddstat programs on IBM AIX 5.2, 5.3, and 6.1 do not properly ...)
	NOT-FOR-US: IBM AIX
CVE-2008-1598 (The kernel in IBM AIX 6.1 allows local users with ProbeVue privileges ...)
	NOT-FOR-US: IBM AIX
CVE-2008-1597 (The WPAR system call implementation in the kernel in IBM AIX 6.1 ...)
	NOT-FOR-US: IBM AIX
CVE-2008-1596 (Trusted Execution in IBM AIX 6.1 uses an incorrect pathname argument ...)
	NOT-FOR-US: IBM AIX
CVE-2008-1595 (The proc filesystem in the kernel in IBM AIX 5.2 and 5.3 does not ...)
	NOT-FOR-US: IBM AIX
CVE-2008-1594 (The kernel in IBM AIX 5.2 and 5.3 does not properly handle resizing ...)
	NOT-FOR-US: IBM AIX
CVE-2008-1593 (The checkpoint and restart feature in the kernel in IBM AIX 5.2, 5.3, ...)
	NOT-FOR-US: IBM AIX
CVE-2008-1592 (MQSeries 5.1 in IBM WebSphere MQ 5.1 through 5.3.1 on the HP NonStop ...)
	NOT-FOR-US: IBM WebSphere
CVE-2008-1591 (The pnVarPrepForStore function in PostNuke 0.764 and earlier skips ...)
	NOT-FOR-US: PostNuke
CVE-2008-1590 (JavaScriptCore in WebKit on Apple iPhone before 2.0 and iPod touch ...)
	NOT-FOR-US: iPhone
CVE-2008-1589 (Safari on Apple iPhone before 2.0 and iPod touch before 2.0 ...)
	NOT-FOR-US: iPhone
CVE-2008-1588 (Safari on Apple iPhone before 2.0 and iPod touch before 2.0 allows ...)
	NOT-FOR-US: iPhone
CVE-2008-1587
	RESERVED
CVE-2008-1586 (ImageIO in Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod ...)
	TODO: check this is about tiff
CVE-2008-1585 (Apple QuickTime before 7.5 uses the url.dll!FileProtocolHandler ...)
	NOT-FOR-US: Apple QuickTime
CVE-2008-1584 (Stack-based buffer overflow in Indeo.qtx in Apple QuickTime before 7.5 ...)
	NOT-FOR-US: Apple QuickTime
CVE-2008-1583 (Heap-based buffer overflow in Apple QuickTime before 7.5 allows remote ...)
	NOT-FOR-US: Apple QuickTime
CVE-2008-1582 (Unspecified vulnerability in Apple QuickTime before 7.5 allows remote ...)
	NOT-FOR-US: Apple QuickTime
CVE-2008-1581 (Heap-based buffer overflow in Apple QuickTime before 7.5 on Windows ...)
	NOT-FOR-US: Apple QuickTime
CVE-2008-1580 (CFNetwork in Safari in Apple Mac OS X before 10.5.3 automatically ...)
	NOT-FOR-US: CFNetwork Safari Apple Mac OS
CVE-2008-1579 (Wiki Server in Apple Mac OS X 10.5 before 10.5.3 allows remote ...)
	NOT-FOR-US: Wiki Server Apple Mac OS
CVE-2008-1578 (The sso_util program in Single Sign-On in Apple Mac OS X before 10.5.3 ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2008-1577 (Unspecified vulnerability in the Pixlet codec in Apple Pixlet Video in ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2008-1576 (Mail in Apple Mac OS X before 10.5, when an IPv6 SMTP server is used, ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2008-1575 (Unspecified vulnerability in the Apple Type Services (ATS) server in ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2008-1574 (Integer overflow in ImageIO in Apple Mac OS X before 10.5.3 allows ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2008-1573 (The BMP and GIF image decoding engine in ImageIO in Apple Mac OS X ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2008-1572 (Image Capture in Apple Mac OS X before 10.5 does not properly use ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2008-1571 (Directory traversal vulnerability in the embedded web server in Image ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2008-1566 (Cross-site scripting (XSS) vulnerability in Search.do in ManageEngine ...)
	NOT-FOR-US: ManageEngine Applications Manager
CVE-2008-1565 (Directory traversal vulnerability in forum/irc/irc.php in the PJIRC ...)
	NOT-FOR-US: PJIRC module for phpBB
CVE-2008-1564 (Directory traversal vulnerability in Dan Costin File Transfer before ...)
	NOT-FOR-US: Dan Costin File Transfer
CVE-2008-1563 (The &quot;decode as&quot; feature in packet-bssap.c in the SCCP dissector in ...)
	- wireshark 1.0.0-1 (low)
	[etch] - wireshark <not-affected> (Only 0.99.6 to 0.99.8 are affected)
CVE-2008-1562 (The LDAP dissector in Wireshark (formerly Ethereal) 0.99.2 through ...)
	- wireshark <not-affected> (Only Windows builds are affected according to #1613)
CVE-2008-1561 (Multiple unspecified vulnerabilities in Wireshark (formerly Ethereal) ...)
	- wireshark 1.0.0-1 (low)
	[etch] - wireshark <not-affected> (Only 0.99.5 to 0.99.8 are affected)
CVE-2008-1560 (Multiple cross-site scripting (XSS) vulnerabilities in Digiappz ...)
	NOT-FOR-US: Digiappz DigiDomain
CVE-2008-1559 (SQL injection vulnerability in the Bernard Gilly AlphaContent ...)
	NOT-FOR-US: com_alphacontent component for Joomla!
CVE-2008-1558 (Uncontrolled array index in the sdpplin_parse function in ...)
	{DSA-1552-1 DTSA-121-1}
	- mplayer 1.0~rc2-10 (medium; bug #473056)
CVE-2008-1557 (BolinOS 4.6.1 allows remote attackers to obtain sensitive information ...)
	NOT-FOR-US: BolinOS
CVE-2008-1556 (Multiple cross-site scripting (XSS) vulnerabilities in BolinOS 4.6.1 ...)
	NOT-FOR-US: BolinOS
CVE-2008-1555 (Directory traversal vulnerability in ...)
	NOT-FOR-US: BolinOS
CVE-2008-1554 (SQL injection vulnerability in account/index.php in TopperMod 2.0, ...)
	NOT-FOR-US: TopperMod
CVE-2008-1553 (Directory traversal vulnerability in mod.php in TopperMod 1.0 allows ...)
	NOT-FOR-US: TopperMod
CVE-2008-1552 (The silc_pkcs1_decode function in the silccrypt library (silcpkcs1.c) ...)
	- silc-toolkit 1.1.7-1 (low)
	- silc-client <not-affected> (links against libsilc)
	NOTE: this can't result code execution but only in a crash as data_len - i always results
	NOTE: in -1 and malloc will never succeed and thus not reaching any free
CVE-2008-1551 (SQL injection vulnerability in viewcat.php in the Photo 3.02 module ...)
	NOT-FOR-US: RunCMS
CVE-2008-1550 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...)
	NOT-FOR-US: CubeCart
CVE-2008-1549 (Multiple SQL injection vulnerabilities in Aeries Browser Interface ...)
	NOT-FOR-US: Eagle Software Aries Student Information System
CVE-2008-1548 (Multiple cross-site scripting (XSS) vulnerabilities in Aeries Browser ...)
	NOT-FOR-US: Eagle Software Aries Student Information System
CVE-2008-1547 (Open redirect vulnerability in exchweb/bin/redir.asp in Microsoft ...)
	NOT-FOR-US: Outlook
CVE-2008-1546 (servlet/MIMEReceiveServlet in the web controller for Mitsubishi ...)
	NOT-FOR-US: Mitsubishi Electric GB-50 and GB-50A air-conditioning control systems
CVE-2008-1545 (The setRequestHeader method of the XMLHttpRequest object in Microsoft ...)
	NOT-FOR-US: Microsoft IE7
CVE-2008-1544 (The setRequestHeader method of the XMLHttpRequest object in Microsoft ...)
	NOT-FOR-US: Microsoft IE7
CVE-2008-1543 (The Advanced User Interface Pages in the ProST Web Management ...)
	NOT-FOR-US: Airspan WiMAX ProST
CVE-2008-1542 (Airspan Base Station Distribution Unit (BSDU) has &quot;topsecret&quot; as its ...)
	NOT-FOR-US: BSDU
CVE-2008-1541 (Directory traversal vulnerability in cgi-bin/his-webshop.pl in HIS ...)
	NOT-FOR-US: HIS Webshop
CVE-2008-1540 (SQL injection vulnerability in the Datsogallery (com_datsogallery) ...)
	NOT-FOR-US: com_datsogallery module for Joomla!
CVE-2008-1539 (SQL injection vulnerability in includes/dynamic_titles.php in PHP-Nuke ...)
	NOT-FOR-US: PHP-Nuke Platinum
CVE-2008-1538 (Cross-site scripting (XSS) vulnerability in searchAction.do in ...)
	NOT-FOR-US: ManageEngine EventLog Analyzer
CVE-2008-1537 (Directory traversal vulnerability in pb_inc/admincenter/index.php in ...)
	NOT-FOR-US: PowerScripts PowerBook
CVE-2008-1536 (Cross-site scripting (XSS) vulnerability in index.php in Pictures Pro ...)
	NOT-FOR-US: Photo Cart
CVE-2008-1535 (SQL injection vulnerability in the Matti Kiviharju rekry (aka ...)
	NOT-FOR-US: com_rekry component for Joomla!
CVE-2008-1534 (Multiple directory traversal vulnerabilities in PowerPHPBoard 1.00b ...)
	NOT-FOR-US: PowerPHPBoard
CVE-2008-1533 (Unspecified vulnerability in the XML-RPC Blogger API plugin in Joomla! ...)
	NOT-FOR-US: Joomla
CVE-2008-1532 (Perlbal before 1.70, when buffered upload is enabled, allows remote ...)
	- perlbal <itp> (bug #456534)
CVE-2008-1531 (The connection_state_machine function (connections.c) in lighttpd ...)
	{DSA-1540-1}
	- lighttpd 1.4.19-2 (low; bug #475438)
CVE-2005-4874 (The XMLHttpRequest object in Mozilla 1.7.8 supports the HTTP TRACE ...)
	- iceweasel <not-affected> (old version and CVE)
CVE-2003-1555 (ScozNet ScozBook 1.1 BETA allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: ScozNet ScozBook
CVE-2003-1554 (Cross-site scripting (XSS) vulnerability in scozbook/add.php in ...)
	NOT-FOR-US: ScozNet ScozBook
CVE-2003-1553 (Haakon Nilsen Simple Internet Publishing System (SIPS) 0.2.2 stores ...)
	NOT-FOR-US: Haakon Nilsen Simple Internet Publishing System
CVE-2008-1570 (Race condition in the create_lockpath function in policyd-weight ...)
	{DSA-1531-2}
	- policyd-weight 0.1.14.17-1 (low)
	NOTE: http://www.mail-archive.com/policyd-weight-list%40ek-muc.de/msg00798.html
CVE-2008-1569 (policyd-weight 0.1.14 beta-16 and earlier allows local users to modify ...)
	{DSA-1531-2}
	- policyd-weight 0.1.14.17-1 (low)
CVE-2008-1568 (comix 3.6.4 allows attackers to execute arbitrary commands via a ...)
	- comix 3.6.4-1.1 (low; bug #462840)
	[etch] - comix <no-dsa> (Minor issue)
	NOTE: comix can't be used in a non-interactive setup thus the impact level
CVE-2008-1567 (phpMyAdmin before 2.11.5.1 stores the MySQL (1) username and (2) ...)
	{DSA-1557-1}
	- phpmyadmin 2.11.5.1 (unimportant)
	NOTE: http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2008-2
	NOTE: It is a workaround for the limited security that PHP has for
	NOTE: session files on a shared host. This limitation is documented with
	NOTE: PHP, warned against and not a specific vulnerability in phpMyAdmin.
	NOTE: I hence consider it a security enhancement/feature, not a vulnerability.
CVE-2008-1530 (GnuPG (gpg) 1.4.8 and 2.0.8 allows remote attackers to cause a denial ...)
	- gnupg <not-affected> (Only 1.4.8 is affected)
	NOTE: The next upload was 1.4.9-1, so no vulnerable version was ever in the
	NOTE: archive
	[etch] - gnupg <not-affected> (Only 1.4.8 is affected)
	[sarge] - gnupg <not-affected> (Only 1.4.8 is affected)
	- gnupg2 2.0.9-1 (bug #472928)
	[etch] - gnupg2 <not-affected> (Only 2.0.8 is affected)
	[sarge] - gnupg2 <not-affected> (Only 2.0.8 is affected)
CVE-2008-1529 (ZyXEL Prestige routers have a minimum password length for the admin ...)
	NOT-FOR-US: ZyXEL Prestige router firmware
CVE-2008-1528 (ZyXEL Prestige routers, including P-660, P-661, and P-662 models with ...)
	NOT-FOR-US: ZyXEL Prestige router firmware
CVE-2008-1527 (ZyXEL Prestige routers, including P-660, P-661, and P-662 models with ...)
	NOT-FOR-US: ZyXEL Prestige router firmware
CVE-2008-1526 (ZyXEL Prestige routers, including P-660, P-661, and P-662 models with ...)
	NOT-FOR-US: ZyXEL Prestige router firmware
CVE-2008-1525 (The default SNMP configuration on ZyXEL Prestige routers, including ...)
	NOT-FOR-US: ZyXEL Prestige router firmware
CVE-2008-1524 (The SNMP service on ZyXEL Prestige routers, including P-660 and P-661 ...)
	NOT-FOR-US: ZyXEL Prestige router firmware
CVE-2008-1523 (ZyXEL Prestige routers, including P-660, P-661, and P-662 models with ...)
	NOT-FOR-US: ZyXEL Prestige router firmware
CVE-2008-1522 (ZyXEL Prestige routers, including P-660 and P-661 models with firmware ...)
	NOT-FOR-US: ZyXEL Prestige router firmware
CVE-2008-1521 (ZyXEL Prestige routers, including P-660 and P-661 models with firmware ...)
	NOT-FOR-US: ZyXEL Prestige router firmware
CVE-2008-1520
	RESERVED
CVE-2008-1519
	RESERVED
CVE-2008-1518 (Stack-based buffer overflow in kl1.sys in Kaspersky Anti-Virus 6.0 and ...)
	NOT-FOR-US: Kaspersky Anti-Virus
CVE-2008-1517
	RESERVED
CVE-2008-1516
	RESERVED
CVE-2008-1515 (The SOAP interface in OTRS 2.1.x before 2.1.8 and 2.2.x before 2.2.6 ...)
	- otrs2 2.2.5-2
	[etch] - otrs2 <not-affected> (Vulnerable code not present)
	[etch] - otrs <not-affected> (Vulnerable code not present)
	[sarge] - otrs <not-affected> (Vulnerable code not present)
	NOTE: http://packages.qa.debian.org/o/otrs2/news/20080320T211729Z.html
CVE-2008-1514 (arch/s390/kernel/ptrace.c in Linux kernel 2.6.9, and other versions ...)
	{DSA-1655-1 DSA-1653-1}
	- linux-2.6 2.6.26-8
	NOTE: s390 specific issue, counterpart for x86 not reproducible with 2.6.24 here
CVE-2008-1513 (SQL injection vulnerability in index.php in Danneo CMS 0.5.1 and ...)
	NOT-FOR-US: Danneo CMS
CVE-2008-1512 (Directory traversal vulnerability in admin/admin_xs.php in eXtreme ...)
	NOT-FOR-US: XS module for phpBB
CVE-2008-1511 (Multiple PHP remote file inclusion vulnerabilities in ooComments 1.0 ...)
	NOT-FOR-US: ooComments
CVE-2008-1510 (Cross-site scripting (XSS) vulnerability in ...)
	NOT-FOR-US: Alkacon OpenCMS
CVE-2008-1509 (SQL injection vulnerability in index.php in XLPortal 2.2.4 and earlier ...)
	NOT-FOR-US: XLPortal
CVE-2008-1508 (SQL injection vulnerability in EfesTech E-Kont&#246;r and earlier allows ...)
	NOT-FOR-US: EfesTech E-Kontoer
CVE-2008-1507 (PEEL, possibly 3.x and earlier, has (1) a default info@peel.fr account ...)
	NOT-FOR-US: Peel
CVE-2008-1506 (PEEL, possibly 3.x and earlier, allows remote attackers to obtain ...)
	NOT-FOR-US: Peel
CVE-2008-1505 (PHP remote file inclusion vulnerability in the SSTREAMTV custompages ...)
	NOT-FOR-US: com_custompages component for Joomla!
CVE-2008-1504 (Cross-site scripting (XSS) vulnerability in setup.php3 in phpHeaven ...)
	NOT-FOR-US: phpMyChat
CVE-2008-1503 (Cross-site scripting (XSS) vulnerability in the web management ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2008-1501 (The send_user_mode function in s_user.c in (1) Undernet ircu ...)
	- ircd-ircu <not-affected> (Vulnerable code not present)
	NOTE: vulnerable code introduced later than 2.0.12.10, see: http://hg.quakenet.org/snircd/rev/1ee48bee2f20
	NOTE: no other possible NULL ptr dereferences of p found and PoC not reproducible
CVE-2008-1500 (Cross-site scripting (XSS) vulnerability in index.php in TinyPortal ...)
	NOT-FOR-US: TinyPortal
CVE-2008-1499 (Cross-site scripting (XSS) vulnerability in frontend/x/manpage.html in ...)
	NOT-FOR-US: cPanel
CVE-2008-1498 (Stack-based buffer overflow in the IMAP service in NetWin Surgemail ...)
	NOT-FOR-US: Surgemail
CVE-2008-1497 (Stack-based buffer overflow in the IMAP service in NetWin SurgeMail ...)
	NOT-FOR-US: Surgemail
CVE-2008-1496 (Multiple SQL injection vulnerabilities in PEEL, possibly 3.x and ...)
	NOT-FOR-US: PEEL
CVE-2008-1495 (Unrestricted file upload vulnerability in administrer/produits.php in ...)
	NOT-FOR-US: PEEL
CVE-2008-1494 (SQL injection vulnerability in inc/module/online.php in Easy-Clanpage ...)
	NOT-FOR-US: Easy-Clanpage
CVE-2008-1493 (Directory traversal vulnerability in login.php in Cuteflow Bin 1.5.0 ...)
	- cuteflow <itp> (bug #465372)
CVE-2008-1492 (Multiple directory traversal vulnerabilities in CoronaMatrix ...)
	NOT-FOR-US: CoronaMatrix
CVE-2008-1491 (Stack-based buffer overflow in the DPC Proxy server (DpcProxy.exe) in ...)
	NOT-FOR-US: ASUS Remote Console
CVE-2008-1490 (Buffer overflow in a certain Aurigma ActiveX control in ...)
	NOT-FOR-US: ImageUploader4
CVE-2008-1489 (Integer overflow in the MP4_ReadBox_rdrf function in libmp4.c for VLC ...)
	{DSA-1543-1 DTSA-119-1}
	- vlc 0.8.6.e-1.1 (medium; bug #472635)
CVE-2008-1488 (Stack-based buffer overflow in apc.c in Alternative PHP Cache (APC) ...)
	- php-apc <not-affected> (Fixed before initial upload)
CVE-2008-1487 (Multiple cross-site scripting (XSS) vulnerabilities in LinPHA before ...)
	NOT-FOR-US: LinPHA
CVE-2008-1486 (SQL injection vulnerability in Phorum before 5.2.6, when mysql_use_ft ...)
	NOT-FOR-US: Phorum
CVE-2008-1485 (Cross-site scripting (XSS) vulnerability in PunBB 1.2.16 and earlier ...)
	NOT-FOR-US: PunBB
CVE-2008-1484 (The password reset feature in PunBB 1.2.16 and earlier uses ...)
	NOT-FOR-US: PunBB
CVE-2008-1483 (OpenSSH 4.3p2, and probably other versions, allows local users to ...)
	{DSA-1576-1}
	- openssh 1:4.7p1-5 (bug #463011)
CVE-2008-1482 (Multiple integer overflows in xine-lib 1.1.11 and earlier allow remote ...)
	{DSA-1586-1 DTSA-120-1}
	- xine-lib 1.1.11.1-1 (medium; bug #472639)
CVE-2008-1481 (Cross-site scripting (XSS) vulnerability in index.php in webSPELL ...)
	NOT-FOR-US: webSPELL
CVE-2008-1480 (rpc.metad in Sun Solaris 10 allows remote attackers to cause a denial ...)
	NOT-FOR-US: Sun Solaris
CVE-2008-1479 (Cross-site scripting (XSS) vulnerability in index.php in ...)
	NOT-FOR-US: cfnetgs
CVE-2008-1478 (Home FTP Server 1.4.5.89 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Home FTP Server
CVE-2008-1477 (Multiple cross-site scripting (XSS) vulnerabilities in busca.php in ...)
	NOT-FOR-US: eForum
CVE-2008-1475 (The xml-rpc server in Roundup 1.4.4 does not check property ...)
	- roundup 1.4.4-1.1 (medium; bug #484728)
	[etch] - roundup <not-affected> (xml-rpc code introduced in 1.4.0)
CVE-2008-1474 (Multiple unspecified vulnerabilities in Roundup before 1.4.4 have ...)
	{DSA-1554-1}
	- roundup 1.3.3-3.1 (low; bug #472643)
CVE-2008-1473 (The Altiris Client Service (AClient.exe) in Symantec Altiris ...)
	NOT-FOR-US: Symantec Altiris
CVE-2008-1472 (Stack-based buffer overflow in the ListCtrl ActiveX Control ...)
	NOT-FOR-US: ARCserve Backup
CVE-2008-1471 (The cpoint.sys driver in Panda Internet Security 2008 and Antivirus+ ...)
	NOT-FOR-US: Panda Internet Security/Antivirus+ Firewall
CVE-2008-1470 (Incomplete blacklist vulnerability in IISWebAgentIF.dll in the WebID ...)
	NOT-FOR-US: WebID RSA Authentication Agent
CVE-2008-1469 (Gallarific Free Edition 1.1 does not require authentication for (1) ...)
	NOT-FOR-US: Gallarific
CVE-2008-1468 (Cross-site scripting (XSS) vulnerability in namazu.cgi in Namazu ...)
	- namazu2 2.0.18-0.1 (low; bug #472644)
CVE-2008-1467 (** DISPUTED ** ...)
	- centerim 4.22.3-1 (unimportant; bug #472649)
	NOTE: the victim needs to list the URLs in the message with F2 and press enter on it
	NOTE: the victim can see the complete URL including the commands however so the impact is really low
CVE-2008-1466 (Multiple PHP remote file inclusion vulnerabilities in W-Agora 4.0 ...)
	NOT-FOR-US: W-Agora
CVE-2008-1465 (SQL injection vulnerability in the Detodas Restaurante ...)
	NOT-FOR-US: com_restaurante component for Mambo and Joomla!
CVE-2008-1464 (Multiple SQL injection vulnerabilities in Gallarific Free Edition 1.1 ...)
	NOT-FOR-US: Gallarific
CVE-2008-1463 (Cross-site scripting (XSS) vulnerability in the management GUI in ...)
	NOT-FOR-US: Imperva SecureSphere MX Management Server
CVE-2008-1462 (SQL injection vulnerability in the sections (Section) module in RunCMS ...)
	NOT-FOR-US: RunCMS
CVE-2008-1461 (Buffer overflow in XnView 1.92.1 allows user-assisted remote attackers ...)
	NOT-FOR-US: XnView
CVE-2008-1460 (SQL injection vulnerability in the Joovideo (com_joovideo) 1.0 and ...)
	NOT-FOR-US: com_joovideo component for Mambo and Joomla!
CVE-2008-1459 (SQL injection vulnerability in the Alberghi (com_alberghi) 2.1.3 and ...)
	NOT-FOR-US: com_alberghi component for Mambo and Joomla!
CVE-2008-1458 (Cross-site scripting (XSS) vulnerability in index.php in CS-Cart 1.3.2 ...)
	NOT-FOR-US: CS-Cart
CVE-2008-1457 (The Event System in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server ...)
	NOT-FOR-US: Microsoft Windows 2000
CVE-2008-1456 (Array index vulnerability in the Event System in Microsoft Windows ...)
	NOT-FOR-US: Microsoft Windows 2000
CVE-2008-1455 (A &quot;memory calculation error&quot; in Microsoft Office PowerPoint 2000 SP3, ...)
	NOT-FOR-US: Microsoft Office PowerPoint
CVE-2008-1454 (Unspecified vulnerability in Microsoft DNS in Windows 2000 SP4, Server ...)
	NOT-FOR-US: Windows issue
CVE-2008-1453 (The Bluetooth stack in Microsoft Windows XP SP2 and SP3, and Vista ...)
	NOT-FOR-US: Windows Xp
CVE-2008-1452
	RESERVED
CVE-2008-1451 (The WINS service on Microsoft Windows 2000 SP4, and Server 2003 SP1 ...)
	NOT-FOR-US: Microsoft Windows
CVE-2008-1450
	RESERVED
CVE-2008-1449
	RESERVED
CVE-2008-1448 (The MHTML protocol handler in a component of Microsoft Outlook Express ...)
	NOT-FOR-US: Microsoft Outlook Express
CVE-2008-1447 (The DNS protocol, as implemented in (1) BIND 8 and 9 before 9.5.0-P1, ...)
	{DSA-1623-1 DSA-1619-1 DSA-1617-1 DSA-1603-1 DTSA-147-1}
	- bind9 1:9.5.0.dfsg-5 (high)
	NOTE: glibc stub resolver relies on source port randomisation in kernel
	- dnsmasq 2.43-1 (medium; bug #490123)
	- pdnsd 1.2.6-par-11 (bug #502275)
	- python-dns 2.3.1-5 (low; bug #490217)
	- dnspython <unfixed> (low; bug #492465)
	[etch] - dnspython <no-dsa> (Just a stub resolver, 2.6.24 kernel from 4.0r4 provides source port randomisation)
	[lenny] - dnspython <no-dsa> (Just a stub resolver, Linux kernel provides source port randomisation)
	NOTE: Upstream is planning to add its own randomisation
	- adns 1.4-2 (unimportant; bug #492698)
	NOTE: adns is not suitable to use with untrusted responses, documented in README.Debian
	- udns <unfixed> (bug #493599)
	- libnet-dns-perl 0.63-2 (low; bug #492700)
	NOTE: Source port randomization from Lenny kernel should provide sufficient protection
	NOTE: since this is just a Perl nodule for DNS queries and not a high-profile server app like
	NOTE: Bind, it's unlikely that a home-grown fix will provide an implementation of higher
	NOTE: cryptographical quality. Marking the version from Lenny as fixed, since Lenny includes
	NOTE: a kernel which provides source port randomization
	- ruby1.9 1.9.0.2-6 (low)
	NOTE: Unbound, djbdns, pdnsd and PowerDNS are affected by the underlying protocol issue, but
	NOTE: already use source port randomization.
	NOTE: Marking non-caching stub resolvers as low since these really should be fixed, but are much less vulnerable than a caching server.
CVE-2008-1446 (Integer overflow in the Internet Printing Protocol (IPP) ISAPI ...)
	NOT-FOR-US: Microsoft
CVE-2008-1445 (Active Directory on Microsoft Windows 2000 Server SP4, XP Professional ...)
	NOT-FOR-US: Microsoft Windows
CVE-2008-1444 (Stack-based buffer overflow in Microsoft DirectX 7.0 and 8.1 on ...)
	NOT-FOR-US: Microsoft Windows
CVE-2008-1443
	RESERVED
CVE-2008-1442 (Heap-based buffer overflow in the substringData method in Microsoft ...)
	NOT-FOR-US: Microsoft Windows
CVE-2008-1441 (Microsoft Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold ...)
	NOT-FOR-US: Microsoft Windows
CVE-2008-1440 (Microsoft Windows XP SP2 and SP3, and Server 2003 SP1 and SP2, does ...)
	NOT-FOR-US: Microsoft Windows
CVE-2008-1439
	RESERVED
CVE-2008-1438 (Unspecified vulnerability in Microsoft Malware Protection Engine ...)
	NOT-FOR-US: Microsoft Malware Protection Engine
CVE-2008-1437 (Unspecified vulnerability in Microsoft Malware Protection Engine ...)
	NOT-FOR-US: Microsoft Malware Protection Engine
CVE-2008-1436 (Microsoft Windows XP Professional SP2, Vista, and Server 2003 and 2008 ...)
	NOT-FOR-US: Windows
CVE-2008-1435 (Windows Explorer in Microsoft Windows Vista up to SP1, and Server ...)
	NOT-FOR-US: Windows issue
CVE-2008-1434 (Use-after-free vulnerability in Microsoft Word in Office 2000 and XP ...)
	NOT-FOR-US: Microsoft Word
CVE-2008-1433
	RESERVED
CVE-2008-1432 (Cross-site scripting (XSS) vulnerability in SolutionSearch.do in ...)
	NOT-FOR-US: ManageEngine SupportCenter Plus
CVE-2008-1431 (RaidSonic NAS-4220-B with 2.6.0-n(2007-10-11) firmware stores a ...)
	NOT-FOR-US: RaidSonic NAS-4220-B firmware
CVE-2008-1430 (SQL injection vulnerability in links.asp in ASPapp allows remote ...)
	NOT-FOR-US: ASPapp
CVE-2008-1429 (Secure Internet Live Conferencing (SILC) Server before 1.1.1 allows ...)
	- silc-server 1.1.1-1 (medium)
CVE-2008-1428 (Multiple cross-site scripting (XSS) vulnerabilities in the Ubercart ...)
	NOT-FOR-US: Ubercart
CVE-2008-1427 (SQL injection vulnerability in the Joobi Acajoom (com_acajoom) 1.1.5 ...)
	NOT-FOR-US: com_acajoom component for Joomla!
CVE-2008-1426 (SQL injection vulnerability in album.asp in KAPhotoservice allows ...)
	NOT-FOR-US: KAPhotoservice
CVE-2008-1425 (SQL injection vulnerability in index.php in the gallery module in ...)
	NOT-FOR-US: Easy-Clanpage
CVE-2008-1424
	RESERVED
CVE-2008-1423 (Integer overflow in a certain quantvals and quantlist calculation in ...)
	{DSA-1591-1}
	- libvorbis 1.2.0.dfsg-3.1 (bug #482518)
CVE-2008-1422
	RESERVED
CVE-2008-1421
	RESERVED
CVE-2008-1420 (Integer overflow in residue partition value (aka partvals) evaluation ...)
	{DSA-1591-1}
	- libvorbis 1.2.0.dfsg-3.1 (bug #482518)
CVE-2008-1419 (Xiph.org libvorbis 1.2.0 and earlier does not properly handle a zero ...)
	{DSA-1591-1}
	- libvorbis 1.2.0.dfsg-3.1 (bug #482518)
CVE-2008-1418
	RESERVED
CVE-2008-1416 (Multiple PHP remote file inclusion vulnerabilities in PHPauction GPL ...)
	NOT-FOR-US: PHPauction GPL
CVE-2008-1415 (Directory traversal vulnerability in index.php in Multiple Time Sheets ...)
	NOT-FOR-US: Multiple Time Sheets
CVE-2008-1414 (Cross-site scripting (XSS) vulnerability in Multiple Time Sheets (MTS) ...)
	NOT-FOR-US: Multiple Time Sheets
CVE-2008-1413 (Cross-site scripting (XSS) vulnerability in search.php in SNewsCMS Rus ...)
	NOT-FOR-US: SNewsCMS Rus
CVE-2008-1412 (Unspecified vulnerability in multiple F-Secure anti-virus products, ...)
	NOT-FOR-US: F-Secure anti-virus
CVE-2008-1411 (The PXE Server (pxesrv.exe) in Acronis Snap Deploy 2.0.0.1076 and ...)
	NOT-FOR-US: Acronis Snap Deploy
CVE-2008-1410 (Directory traversal vulnerability in the PXE Server (pxesrv.exe) in ...)
	NOT-FOR-US: Acronis Snap Deploy
CVE-2008-1409 (Multiple directory traversal vulnerabilities in the Default theme in ...)
	NOT-FOR-US: Exero CMS
CVE-2008-1408 (SQL injection vulnerability in includes/functions/banners-external.php ...)
	NOT-FOR-US: phpBP
CVE-2008-1407 (SQL injection vulnerability in index.php in the WebChat 1.60 module ...)
	NOT-FOR-US: WebChat module for eXV2
CVE-2008-1406 (SQL injection vulnerability in annonces-p-f.php in the MyAnnonces 1.8 ...)
	NOT-FOR-US: MyAnnonces
CVE-2008-1405 (PHP remote file inclusion vulnerability in code/display.php in ...)
	NOT-FOR-US: fuzzylime
CVE-2008-1404 (SQL injection vulnerability in index.php in the Viso (Industry Book) ...)
	NOT-FOR-US: Viso module for eXV2
CVE-2008-1403 (Stack-based buffer overflow in the TFTP server in BootManage TFTPD ...)
	NOT-FOR-US: BootManage TFTPD
CVE-2008-1402 (MG-SOFT Net Inspector 6.5.0.828 and earlier for Windows allows remote ...)
	NOT-FOR-US: MG-SOFT Net Inspector
CVE-2008-1401 (Format string vulnerability in the Net Inspector HTTP server (mghttpd) ...)
	NOT-FOR-US: MG-SOFT Net Inspector
CVE-2008-1400 (Directory traversal vulnerability in the Net Inspector HTTP Server ...)
	NOT-FOR-US: MG-SOFT Net Inspector
CVE-2008-1399 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...)
	NOT-FOR-US: Clansphere
CVE-2008-1398 (SQL injection vulnerability in online.php in AuraCMS 2.0 through 2.2.1 ...)
	NOT-FOR-US: AuraCMS
CVE-2008-1397 (Check Point VPN-1 Power/UTM, with NGX R60 through R65 and NG AI R55 ...)
	NOT-FOR-US: Check Point VPN
CVE-2008-1396 (Plone CMS 3.x uses invariant data (a client username and a server ...)
	- plone3 <unfixed> (low; bug #473571)
	[lenny] - plone3 <no-dsa> (Only an issue if not following best practices, see bug #473571)
CVE-2008-1395 (Plone CMS does not record users' authentication states, and implements ...)
	- plone3 <unfixed> (low; bug #473571)
	[lenny] - plone3 <no-dsa> (Only an issue if not following best practices, see bug #473571)
CVE-2008-1394 (Plone CMS before 3 places a base64 encoded form of the username and ...)
	- zope-cmfplone <removed>
	[etch] - zope-cmfplone <no-dsa> (low)
	NOTE: doesn't apply to v3
	NOTE: more a security enhancement
CVE-2008-1393 (Plone CMS 3.0.5, and probably other 3.x versions, places a base64 ...)
	- plone3 <unfixed> (low; bug #473571)
	[lenny] - plone3 <no-dsa> (Only an issue if not following best practices, see bug #473571)
CVE-2008-1392 (The default configuration of VMware Workstation 6.0.2, VMware Player ...)
	- vmware-package <unfixed> (low; bug #486177)
	[etch] - vmware-package <no-dsa> (Contrib not supported)
	NOTE: vmware-package just builds vmware from downloaded tarballs, the package itself
	NOTE: does not download them, however it needs to update its hashes for upstream tarballs
CVE-2007-6711 (Unspecified vulnerability in customer.php in FreeWebshop.org 2.2.5, ...)
	NOT-FOR-US: FreeWebShop.org
CVE-2005-4873 (Multiple stack-based buffer overflows in the phpcups PHP module for ...)
	- cups 1.1.23-10sarge1
	- cupsys 1.1.23-10sarge1
CVE-2008-1476 (Cross-site scripting (XSS) vulnerability in Serendipity (S9Y) before ...)
	{DSA-1528-1}
	- serendipity 1.3-1
	NOTE: http://blog.s9y.org/archives/192-Serendipity-1.3-released-addresses-security.html
CVE-2008-1502 (The _bad_protocol_once function in phpgwapi/inc/class.kses.inc.php in ...)
	{DSA-1691-1}
	- egroupware 1.4.002.dfsg-2.1 (bug #471839)
	- wordpress 2.5.0-1 (bug #504243)
	- moodle 1.8.2-1.3 (bug #489533)
CVE-2008-1391 (Multiple integer overflows in libc in NetBSD 4.x, FreeBSD 6.x and 7.x, ...)
	- kfreebsd-6 <not-affected> (see bug #483152)
	- kfreebsd-7 <not-affected> (see bug #483152)
CVE-2008-1390 (The AsteriskGUI HTTP server in Asterisk Open Source 1.4.x before ...)
	- asterisk 1:1.4.19.1~dfsg-1 (low)
	[etch] - asterisk <not-affected> (Only 1.4.x affected)
	[sarge] - asterisk <not-affected> (Only 1.4.x affected)
CVE-2008-1389 (libclamav/chmunpack.c in the chm-parser in ClamAV before 0.94 allows ...)
	- clamav 0.94.dfsg-1
	[etch] - clamav <not-affected> (parsing does not continue on error)
	NOTE: see <20081203184852.GB30968@l03.local>
CVE-2008-1388
	RESERVED
CVE-2008-1387 (ClamAV before 0.93 allows remote attackers to cause a denial of ...)
	- clamav 0.92.1~dfsg2-1
	[etch] - clamav <not-affected> (Vulnerable code not present)
CVE-2008-1386 (Multiple cross-site scripting (XSS) vulnerabilities in the installer ...)
	- serendipity <not-affected> (Vulnerable code not present)
	NOTE: we do not ship the serendipity installer
CVE-2008-1385 (Cross-site scripting (XSS) vulnerability in the Top Referrers (aka ...)
	- serendipity 1.3.1-1 (low)
	NOTE: etch affected, but only in specific plugin.
CVE-2008-1384 (Integer overflow in PHP 5.2.5 and earlier allows context-dependent ...)
	{DSA-1572-1 DTSA-135-1}
	- php5 5.2.6-1 (unimportant)
	NOTE: http://securityreason.com/achievement_securityalert/52
	NOTE: Only exploitable through malicious script
	NOTE: http://cvs.php.net/viewvc.cgi/php-src/ext/standard/formatted_print.c?r1=1.104&r2=1.105&diff_format=u
CVE-2008-1383 (The docert function in ssl-cert.eclass, when used by src_compile or ...)
	NOT-FOR-US: Gentoo Linux Ebuilds
CVE-2008-1382 (libpng 1.0.6 through 1.0.32, 1.2.0 through 1.2.26, and 1.4.0beta01 ...)
	- libpng 1.2.26-1 (low; bug #476669)
	NOTE: 1.2.26-1 contains a patch to fix that
	[etch] - libpng <no-dsa> (Minor issue, rare function)
CVE-2008-1381 (ZoneMinder before 1.23.3 allows remote authenticated users, and ...)
	{DTSA-130-1}
	- zoneminder 1.23.3-1 (medium; bug #479034)
	NOTE: http://www.awe.com/mark/blog/200804272230.html
CVE-2008-1380 (The JavaScript engine in Mozilla Firefox before 2.0.0.14, Thunderbird ...)
	{DSA-1696-1 DSA-1562-1 DSA-1558-1 DSA-1555-1}
	- iceweasel 2.0.0.14-1
	- icedove 2.0.0.14-1
	- iceape 1.1.9-2
	- xulrunner 1.8.1.14-1
CVE-2008-1379 (Integer overflow in the fbShmPutImage function in the MIT-SHM ...)
	{DSA-1595-1 DTSA-141-1}
	- xorg-server 2:1.4.1~git20080517-2
CVE-2008-1378
	RESERVED
CVE-2008-1377 (The (1) SProcRecordCreateContext and (2) SProcRecordRegisterClients ...)
	{DSA-1595-1 DTSA-141-1}
	- xorg-server 2:1.4.1~git20080517-2
CVE-2008-1376 (A certain Red Hat build script for nfs-utils before 1.0.9-35z.el5_2 on ...)
	NOT-FOR-US: Red Hat build script
CVE-2008-1375 (Race condition in the directory notification subsystem (dnotify) in ...)
	{DSA-1565-1}
	- linux-2.6 2.6.25-2 (low)
	- linux-2.6.24 2.6.24-6~etchnhalf.2
CVE-2008-1374 (Integer overflow in pdftops filter in CUPS in Red Hat Enterprise Linux ...)
	- cupsys <not-affected> (Redhat-specific incomplete patch, upstream patch is complete)
	- cups <not-affected> (Redhat-specific incomplete patch, upstream patch is complete)
CVE-2008-1373 (Buffer overflow in the gif_read_lzw function in CUPS 1.3.6 allows ...)
	{DSA-1625-1 DTSA-122-1}
	- cupsys 1.3.7-1 (medium)
	- cups 1.3.7-1 (medium)
CVE-2008-1372 (bzlib.c in bzip2 before 1.0.5 allows user-assisted remote attackers to ...)
	- bzip2 1.0.5-0.1 (low; bug #471670)
	[etch] - bzip2 <no-dsa> (Pure crasher, no code injection, mostly a regular bug)
CVE-2008-1371 (Absolute path traversal vulnerability in install/index.php in Drake ...)
	NOT-FOR-US: Drake CMS
CVE-2008-1370 (PHP remote file inclusion vulnerability in index.php in wildmary Yap ...)
	NOT-FOR-US: wildmary Yap Blog
CVE-2008-1369 (A certain incorrect Sun Solaris 10 image on SPARC Enterprise T5120 and ...)
	NOT-FOR-US:  Sun Solaris
CVE-2008-1368 (CRLF injection vulnerability in Microsoft Internet Explorer 5 and 6 ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2008-1367 (gcc 4.3.x does not generate a cld instruction while compiling ...)
	- linux-2.6 2.6.24-5 (bug #469058)
	[etch] - linux-2.6 <not-affected> (Only exposed with GCC 4.3)
	- kfreebsd-6 6.3-4 (bug #469564)
	- kfreebsd-7 7.0-2 (bug #469565)
	- gcc-4.3 4.3.0-2 (bug #469567)
	- glibc 2.7-8 (bug #465583)
	[etch] - glibc <not-affected> (Problem only exposed with GCC 4.3)
CVE-2008-1366 (Trend Micro OfficeScan Corporate Edition 8.0 Patch 2 build 1189 and ...)
	NOT-FOR-US: Trend Micro OfficeScan Corporate Edition
CVE-2008-1365 (Stack-based buffer overflow in Trend Micro OfficeScan Corporate ...)
	NOT-FOR-US: Trend Micro OfficeScan Corporate Edition
CVE-2008-1364 (Unspecified vulnerability in the DHCP service in VMware Workstation ...)
	- vmware-package <unfixed> (low; bug #486177)
	[etch] - vmware-package <no-dsa> (Contrib not supported)
	NOTE: vmware-package just builds vmware from downloaded tarballs, the package itself
	NOTE: does not download them, however it needs to update its hashes for upstream tarballs
CVE-2008-1363 (VMware Workstation 6.0.x before 6.0.3 and 5.5.x before 5.5.6, VMware ...)
	- vmware-package <not-affected> (Only vulnerable on windows hosted systems)
CVE-2008-1362 (VMware Workstation 6.0.x before 6.0.3 and 5.5.x before 5.5.6, VMware ...)
	- vmware-package <not-affected> (Only vulnerable on windows hosted systems)
CVE-2008-1361 (VMware Workstation 6.0.x before 6.0.3 and 5.5.x before 5.5.6, VMware ...)
	- vmware-package <not-affected> (Only vulnerable on windows hosted systems)
CVE-2008-1359 (Cross-site scripting (XSS) vulnerability in Invision Power Board (IPB ...)
	NOT-FOR-US: Invision Power Board
CVE-2008-1358 (Stack-based buffer overflow in the IMAP server in Alt-N Technologies ...)
	NOT-FOR-US: MDaemon
CVE-2008-1357 (Format string vulnerability in the logDetail function of applib.dll in ...)
	NOT-FOR-US: McAfee Common Management Agent
CVE-2008-1356 (Unspecified vulnerability in xscreensaver in Sun Solaris 10 Java ...)
	NOT-FOR-US: Sun Solaris
CVE-2008-1355 (Cross-site scripting (XSS) vulnerability in index.php in Jeebles ...)
	NOT-FOR-US: Jeebles Directory
CVE-2008-1354 (SQL injection vulnerability in MyIssuesView.asp in Advanced Data ...)
	NOT-FOR-US: VSO-XP
CVE-2008-1353 (zabbix_agentd in ZABBIX 1.4.4 allows remote attackers to cause a ...)
	- zabbix 1:1.4.5-1 (low; bug #471678)
	[etch] - zabbix <no-dsa> (Minor issue)
CVE-2008-1352 (Directory traversal vulnerability in search.php in EdiorCMS (ecms) 3.0 ...)
	NOT-FOR-US: EdiorCMS
CVE-2008-1351 (SQL injection vulnerability in the Tutorials 2.1b module for XOOPS ...)
	NOT-FOR-US: Tutorials module for XOOPS
CVE-2008-1350 (SQL injection vulnerability in kb.php in Fully Modded phpBB (phpbbfm) ...)
	NOT-FOR-US: Fully Modded phpBB
CVE-2008-1349 (SQL injection vulnerability in viewcat.php in the bamaGalerie (Bama ...)
	NOT-FOR-US: bamaGalerie
CVE-2008-1348 (Cross-site scripting (XSS) vulnerability in index.php in the eWebsite ...)
	NOT-FOR-US: eWeather module for PHP-Nuke
CVE-2008-1347 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
	NOT-FOR-US: MyioSoft EasyGallery
CVE-2008-1346 (SQL injection vulnerability in staticpages/easygallery/index.php in ...)
	NOT-FOR-US: MyioSoft EasyGallery
CVE-2008-1345 (Cross-site scripting (XSS) vulnerability in ...)
	NOT-FOR-US: MyioSoft EasyCalendar
CVE-2008-1344 (Multiple SQL injection vulnerabilities in MyioSoft EasyCalendar 4.0tr ...)
	NOT-FOR-US: MyioSoft EasyCalendar
CVE-2008-1343 (Directory traversal vulnerability in (1) pkgadd and (2) pkgrm in SCO ...)
	NOT-FOR-US: SCO Unixware
CVE-2008-1342 (Multiple cross-site scripting (XSS) vulnerabilities in the search ...)
	NOT-FOR-US: Polymita BPM-Suite and CollagePortal
CVE-2008-1341 (SQL injection vulnerability in SearchResults.aspx in LaGarde ...)
	NOT-FOR-US: LaGarde StoreFront
CVE-2008-1340 (Virtual Machine Communication Interface (VMCI) in VMware Workstation ...)
	- vmware-package <unfixed> (low; bug #486177)
	[etch] - vmware-package <no-dsa> (Contrib not supported)
	NOTE: vmware-package just builds vmware from downloaded tarballs, the package itself
	NOTE: does not download them, however it needs to update its hashes for upstream tarballs
CVE-2008-1339
	RESERVED
CVE-2008-1338 (The Perforce service (p4s.exe) in Perforce Server 2007.3/143793 and ...)
	NOT-FOR-US: Perforce Server
CVE-2008-1337 (The instant message service in Timbuktu Pro 8.6.5 RC 229 and earlier ...)
	NOT-FOR-US: Timbuktu Pro for Windows
CVE-2008-1336 (SQL injection vulnerability in Koobi CMS 4.2.3 through 4.3.0 allows ...)
	NOT-FOR-US: Koobi CMS
CVE-2008-1335 (The ipsec4_get_ulp function in the kernel in NetBSD 2.0 through 3.1 ...)
	NOT-FOR-US: NetBSD
CVE-2008-1334 (cgi/b on the BT Home Hub router allows remote attackers to bypass ...)
	NOT-FOR-US: BT Home Hub router
CVE-2008-1333 (Format string vulnerability in Asterisk Open Source 1.6.x before ...)
	{DSA-1525-1}
	- asterisk 1:1.4.18.1~dfsg-1 (medium)
	NOTE: Etch's release is unimportant, since not exploitable, but was fixed anyway
	[sarge] - asterisk <not-affected> (Only 1.6.x affected)
CVE-2008-1332 (Unspecified vulnerability in Asterisk Open Source 1.2.x before 1.2.27, ...)
	{DSA-1525-1}
	- asterisk 1:1.4.18.1~dfsg-1 (medium)
CVE-2008-1331 (Unspecified vulnerability in OmniPCX Office with Internet Access ...)
	NOT-FOR-US: OmniPCX Office
CVE-2008-1330 (Unspecified vulnerability in the Windows client API in Novell ...)
	NOT-FOR-US: Novell Groupwise
CVE-2008-1329 (Unspecified vulnerability in the NetBackup service in CA ARCserve ...)
	NOT-FOR-US: CA ARCserve
CVE-2008-1328 (Buffer overflow in the LGServer service in CA ARCserve Backup for ...)
	NOT-FOR-US: CA ARCserve
CVE-2008-1327 (Gallarific does not require authentication for (1) users.php and (2) ...)
	NOT-FOR-US: Gallarific
CVE-2008-1326 (Cross-site scripting (XSS) vulnerability in search.php in Gallarific ...)
	NOT-FOR-US: Gallarific
CVE-2008-1325 (Multiple directory traversal vulnerabilities in index.php in Uberghey ...)
	NOT-FOR-US: Uberghey CMS
CVE-2008-1324 (Multiple directory traversal vulnerabilities in index.php in ...)
	NOT-FOR-US: Travelsized CMS
CVE-2008-1323 (Cross-site request forgery (CSRF) vulnerability in index.php in ...)
	NOT-FOR-US: WoltLab Burning Board
CVE-2008-1322 (The File Check Utility (fcheck.exe) in ASG-Sentry Network Manager ...)
	NOT-FOR-US: ASG-Sentry Network Manager
CVE-2008-1321 (The FxIAList service in ASG-Sentry Network Manager 7.0.0 and earlier ...)
	NOT-FOR-US: ASG-Sentry Network Manager
CVE-2008-1320 (Multiple buffer overflows in ASG-Sentry Network Manager 7.0.0 and ...)
	NOT-FOR-US: ASG-Sentry Network Manager
CVE-2008-1319 (Untrusted search path and argument injection vulnerability in the ...)
	NOT-FOR-US: Versant Object Database
CVE-2008-1317 (Unspecified vulnerability in the Inter-Process Communication (IPC) ...)
	NOT-FOR-US: Sun Solaris
CVE-2008-1316 (SQL injection vulnerability in qtf_ind_search_ov.php in QT-cute ...)
	NOT-FOR-US: QuickTalk Forum
CVE-2008-1315 (SQL injection vulnerability in the ZClassifieds module for PHP-Nuke ...)
	NOT-FOR-US: ZClassifieds module for PHP-Nuke
CVE-2008-1314 (SQL injection vulnerability in the Johannes Hass gaestebuch 2.2 module ...)
	NOT-FOR-US: Johannes Hass gaestebuch
CVE-2008-1313 (Multiple SQL injection vulnerabilities in index.php in Bloo 1.00 and ...)
	NOT-FOR-US: Bloo
CVE-2008-1312 (Unspecified vulnerability in the TFTP server in PacketTrap Networks ...)
	NOT-FOR-US: PacketTrap Networks Tool Suite
CVE-2008-1311 (The TFTP server in PacketTrap pt360 Tool Suite PRO 2.0.3901.0 and ...)
	NOT-FOR-US: PacketTrap Networks Tool Suite
CVE-2008-1310 (Directory traversal vulnerability in the TFTP server in PacketTrap ...)
	NOT-FOR-US: PacketTrap Networks Tool Suite
CVE-2008-1309 (The RealAudioObjects.RealAudio ActiveX control in rmoc3260.dll in ...)
	NOT-FOR-US: RealPlayer
CVE-2008-1308 (SQL injection vulnerability in the Sudirman Angriawan NukeC30 3.0 ...)
	NOT-FOR-US: NukeC30 module for PHP-Nuke
CVE-2008-1307 (Heap-based buffer overflow in the KUpdateObj2 Class ActiveX control in ...)
	NOT-FOR-US: KingSoft Antivirus
CVE-2008-1306 (Multiple cross-site scripting (XSS) vulnerabilities in Savvy Content ...)
	NOT-FOR-US: Savvy Content Manager
CVE-2008-1305 (SQL injection vulnerability in filebase.php in the Filebase mod for ...)
	NOT-FOR-US: Filebase mod for phpBb
CVE-2008-1304 (Multiple cross-site scripting (XSS) vulnerabilities in WordPress 2.3.2 ...)
	- wordpress <not-affected> (Vulnerable code not present)
	NOTE: referring to upstream this only affected wordpress.com and not the regular wordpress code
CVE-2008-1303 (The Perforce service (p4s.exe) in Perforce Server 2007.3/143793 and ...)
	NOT-FOR-US: Perforce Server
CVE-2008-1302 (The Perforce service (p4s.exe) in Perforce Server 2007.3/143793 and ...)
	NOT-FOR-US: Perforce Server
CVE-2008-1301 (Absolute path traversal vulnerability in ...)
	NOT-FOR-US: Alkacon OpenCms
CVE-2008-1300 (Cross-site scripting (XSS) vulnerability in the Logfile Viewer ...)
	NOT-FOR-US: Alkacon OpenCms
CVE-2008-1299 (Cross-site scripting (XSS) vulnerability in SolutionSearch.do in ...)
	NOT-FOR-US: ManageEngine ServiceDesk Plus
CVE-2008-1298 (SQL injection vulnerability in Hadith module for PHP-Nuke allows ...)
	NOT-FOR-US: Hadith module for PHP-Nuke
CVE-2008-1297 (SQL injection vulnerability in index.php in the eWriting ...)
	NOT-FOR-US: com_ewriting module for Mambo and Joomla!
CVE-2008-1296 (Multiple cross-site scripting (XSS) vulnerabilities in EncapsGallery ...)
	NOT-FOR-US: EncapsGallery
CVE-2008-1295 (SQL injection vulnerability in archives.php in Gregory Kokanosky (aka ...)
	NOT-FOR-US: phpMyNewsletter
CVE-2008-1292 (ViewVC before 1.0.5 provides revision metadata without properly ...)
	- viewvc 1.0.5-0.1 (bug #471380)
CVE-2008-1291 (ViewVC before 1.0.5 stores sensitive information under the web root ...)
	- viewvc 1.0.5-0.1 (bug #471380)
CVE-2008-1290 (ViewVC before 1.0.5 includes &quot;all-forbidden&quot; files within search ...)
	- viewvc 1.0.5-0.1 (bug #471380)
CVE-2008-1289 (Multiple buffer overflows in Asterisk Open Source 1.4.x before ...)
	- asterisk 1:1.4.18.1~dfsg-1 (medium)
	[etch] - asterisk <not-affected> (Only 1.4.x and above affected)
	[sarge] - asterisk <not-affected> (Only 1.4.x and above affected)
CVE-2007-6710
	RESERVED
CVE-2007-6709 (The Cisco Linksys WAG54GS Wireless-G ADSL Gateway with 1.01.03 and ...)
	NOT-FOR-US: Cisco Linksys
CVE-2007-6708 (Multiple cross-site request forgery (CSRF) vulnerabilities on the ...)
	NOT-FOR-US: Cisco Linksys
CVE-2007-6707 (Multiple cross-site scripting (XSS) vulnerabilities on the Cisco ...)
	NOT-FOR-US: Cisco Linksys
CVE-2008-1360 (Cross-site scripting (XSS) vulnerability in Nagios before 2.11 allows ...)
	- nagios2 2.11-1 (low)
CVE-2008-1417 (The prerm script in axyl 2.1.7 allows local users to overwrite ...)
	- axyl 2.2.0 (low; bug #471227)
	[sarge] - axyl <not-affected> (Vulnerable code not present)
	[etch] - axyl <not-affected> (Vulnerable code not present)
CVE-2008-1294 (Linux kernel 2.6.17, and other versions before 2.6.22, does not check ...)
	{DSA-1565-1}
	- linux-2.6 2.6.22-1 (low)
CVE-2008-1318 (Unspecified vulnerability in MediaWiki 1.11 before 1.11.2 allows ...)
	- mediawiki 1:1.11.2-1
	[etch] - mediawiki <not-affected> (Versions prior to 1.11 do not include callback feature)
	NOTE: http://lists.wikimedia.org/pipermail/mediawiki-announce/2008-March/000070.html
CVE-2008-1288 (IBM Rational ClearQuest 7.0.1.1 and 7.0.0.2 might allow local or ...)
	NOT-FOR-US: IBM Rational ClearQuest
CVE-2008-1287 (IBM Rational ClearQuest 7.0.1.1 and 7.0.0.2 generates different error ...)
	NOT-FOR-US: IBM Rational ClearQuest
CVE-2008-1286 (Unspecified vulnerability in Sun Java Web Console 3.0.2, 3.0.3, and ...)
	NOT-FOR-US: Sun Javav Web Console
CVE-2008-1285 (Cross-site scripting (XSS) vulnerability in Sun Java Server Faces ...)
	NOT-FOR-US: Sun Java Server Faces
CVE-2008-1284 (Directory traversal vulnerability in Horde 3.1.6, Groupware before ...)
	{DSA-1519-1}
	- horde3 3.1.7-1 (medium; bug #470640)
CVE-2008-1283 (Cross-site scripting (XSS) vulnerability in Neptune Web Server 3.0 ...)
	NOT-FOR-US: Neptune Web Server
CVE-2008-1282 (Buffer overflow in the BFup ActiveX control (BFup.dll) in B21Soft BFup ...)
	NOT-FOR-US: B21Soft BFup
CVE-2008-1281 (Directory traversal vulnerability in TFTPsrvs.exe 2.5.3.1 and earlier, ...)
	NOT-FOR-US: Argon Technology Client Management Services
CVE-2008-1280 (Acronis True Image Windows Agent 1.0.0.54 and earlier, included in ...)
	NOT-FOR-US: Acronis True Image
CVE-2008-1279 (Acronis True Image Group Server 1.5.19.191 and earlier, included in ...)
	NOT-FOR-US: Acronis True Image
CVE-2008-1278 (The RemotelyAnywhere.exe service in the Remotely Anywhere Server and ...)
	NOT-FOR-US: Remotely Anywhere
CVE-2008-1277 (The IMAP service (MEIMAPS.exe) in MailEnable Professional Edition and ...)
	NOT-FOR-US: MailEnable
CVE-2008-1276 (Multiple buffer overflows in the IMAP service (MEIMAPS.EXE) in ...)
	NOT-FOR-US: MailEnable
CVE-2008-1275 (Multiple unspecified vulnerabilities in the SMTP service in MailEnable ...)
	NOT-FOR-US: MailEnable
CVE-2008-1274 (Untrusted search path vulnerability in man in IBM AIX 6.1.0 allows ...)
	NOT-FOR-US: IBM AIX
CVE-2008-1273 (Multiple cross-site scripting (XSS) vulnerabilities in imageVue 1.7 ...)
	NOT-FOR-US: imageVue
CVE-2008-1272 (Multiple SQL injection vulnerabilities in BM Classifieds 20080309 and ...)
	NOT-FOR-US: BM Classifieds
CVE-2008-1271
	REJECTED
CVE-2004-2759 (Shared Sun StorEdge QFS and SAM-QFS file systems, as used in ...)
	NOT-FOR-US: Shared Sun StorEdge QFS and SAM-QFS
CVE-2008-1270 (mod_userdir in lighttpd 1.4.18 and earlier, when userdir.path is not ...)
	{DSA-1521-1}
	- lighttpd 1.4.19-1 (unimportant)
	NOTE: user configuration error, default documented in moduserdir documentation
CVE-2008-1269 (cp06_wifi_m_nocifr.cgi in the admin panel on the Alice Gate 2 Plus ...)
	NOT-FOR-US: Alice Gate 2 Plus router firmware
CVE-2008-1268 (The FTP server on the Linksys WRT54G 7 router with 7.00.1 firmware ...)
	NOT-FOR-US: Linksys WRT54G
CVE-2008-1267 (The Siemens SpeedStream 6520 router allows remote attackers to cause a ...)
	NOT-FOR-US: Siemens SpeedStream
CVE-2008-1266 (Multiple buffer overflows in the web interface on the D-Link DI-524 ...)
	NOT-FOR-US: D-Link router
CVE-2008-1265 (The Linksys WRT54G router allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Linksys WRT54G
CVE-2008-1264 (The Linksys WRT54G router has &quot;admin&quot; as its default FTP password, ...)
	NOT-FOR-US: Linksys WRT54G
CVE-2008-1263 (The Linksys WRT54G router stores passwords and keys in cleartext in ...)
	NOT-FOR-US: Linksys WRT54G
CVE-2008-1262 (The administration panel on the Airspan WiMax ProST 4.1 antenna with ...)
	NOT-FOR-US: Airspan WiMax ProST antenna
CVE-2008-1261 (The Zyxel P-2602HW-D1A router with 3.40(AJZ.1) firmware provides ...)
	NOT-FOR-US: Zyxel router
CVE-2008-1260 (Multiple cross-site request forgery (CSRF) vulnerabilities on the ...)
	NOT-FOR-US: Zyxel router
CVE-2008-1259 (The Zyxel P-2602HW-D1A router with 3.40(AJZ.1) firmware maintains ...)
	NOT-FOR-US: Zyxel router
CVE-2008-1258 (Cross-site scripting (XSS) vulnerability in prim.htm on the D-Link ...)
	NOT-FOR-US: D-Link router
CVE-2008-1257 (Cross-site scripting (XSS) vulnerability in Forms/DiagGeneral_2 on the ...)
	NOT-FOR-US: Zyxel router
CVE-2008-1256 (The ZyXEL P-660HW series router has &quot;admin&quot; as its default password, ...)
	NOT-FOR-US: Zyxel router
CVE-2008-1255 (The ZyXEL P-660HW series router maintains authentication state by IP ...)
	NOT-FOR-US: Zyxel router
CVE-2008-1254 (Multiple cross-site request forgery (CSRF) vulnerabilities on the ...)
	NOT-FOR-US: Zyxel router
CVE-2008-1253 (Cross-site scripting (XSS) vulnerability in cgi-bin/webcm on the ...)
	NOT-FOR-US: D-Link router
CVE-2008-1252 (b_banner.stm (aka the login page) on the Deutsche Telekom Speedport ...)
	NOT-FOR-US: Telekom Speedport W500 DSL router
CVE-2008-1251 (Cross-site scripting (XSS) vulnerability in the web interface on the ...)
	NOT-FOR-US: Snom 320 SIP Phone
CVE-2008-1250 (Multiple cross-site request forgery (CSRF) vulnerabilities in the web ...)
	NOT-FOR-US: Snom 320 SIP Phone
CVE-2008-1249 (snomControl.swf in the central phone server for the Snom 320 SIP Phone ...)
	NOT-FOR-US: Snom 320 SIP Phone
CVE-2008-1248 (The web interface on the central phone server for the Snom 320 SIP ...)
	NOT-FOR-US: Snom 320 SIP Phone
CVE-2008-1247 (The web interface on the Linksys WRT54g router with firmware 1.00.9 ...)
	NOT-FOR-US: Linksys WRT54g router
CVE-2008-1246 (** DISPUTED ** ...)
	NOT-FOR-US: Cisco PIX/ASA Finesse Operation System
CVE-2008-1245 (cgi-bin/setup_virtualserver.exe on the Belkin F5D7230-4 router with ...)
	NOT-FOR-US: Belkin router
CVE-2008-1244 (cgi-bin/setup_dns.exe on the Belkin F5D7230-4 router with firmware ...)
	NOT-FOR-US: Belkin router
CVE-2008-1243 (Cross-site scripting (XSS) vulnerability on the Linksys WRT300N router ...)
	NOT-FOR-US: Linksys WRT300N router
CVE-2008-1242 (The control panel on the Belkin F5D7230-4 router with firmware 9.01.10 ...)
	NOT-FOR-US: Belkin router
CVE-2008-1241 (GUI overlay vulnerability in Mozilla Firefox before 2.0.0.13 and ...)
	{DSA-1534-2 DSA-1535-1 DSA-1534-1 DSA-1532-1}
	- iceweasel 2.0.0.13-1
	- xulrunner 1.8.1.13-1
	- iceape 1.1.9-1
CVE-2008-1240 (LiveConnect in Mozilla Firefox before 2.0.0.13 and SeaMonkey before ...)
	{DSA-1534-2 DSA-1535-1 DSA-1534-1 DSA-1532-1}
	- iceweasel 2.0.0.13-1
	- xulrunner 1.8.1.13-1
	- iceape 1.1.9-1
CVE-2008-1239
	RESERVED
CVE-2008-1238 (Mozilla Firefox before 2.0.0.13 and SeaMonkey before 1.1.9, when ...)
	{DSA-1534-2 DSA-1535-1 DSA-1534-1 DSA-1532-1}
	- iceweasel 2.0.0.13-1
	- xulrunner 1.8.1.13-1
	- iceape 1.1.9-1
CVE-2008-1237 (Multiple unspecified vulnerabilities in Mozilla Firefox before ...)
	{DSA-1574-1 DSA-1534-2 DSA-1535-1 DSA-1534-1 DSA-1532-1}
	- iceweasel 2.0.0.13-1
	- xulrunner 1.8.1.13-1
	- iceape 1.1.9-1
	- icedove 2.0.0.14-1
CVE-2008-1236 (Multiple unspecified vulnerabilities in Mozilla Firefox before ...)
	{DSA-1574-1 DSA-1534-2 DSA-1535-1 DSA-1534-1 DSA-1532-1}
	- iceweasel 2.0.0.13-1
	- xulrunner 1.8.1.13-1
	- iceape 1.1.9-1
	- icedove 2.0.0.14-1
CVE-2008-1235 (Unspecified vulnerability in Mozilla Firefox before 2.0.0.13, ...)
	{DSA-1574-1 DSA-1534-2 DSA-1535-1 DSA-1534-1 DSA-1532-1}
	- iceweasel 2.0.0.13-1
	- xulrunner 1.8.1.13-1
	- iceape 1.1.9-1
	- icedove 2.0.0.14-1
CVE-2008-1234 (Cross-site scripting (XSS) vulnerability in Mozilla Firefox before ...)
	{DSA-1574-1 DSA-1534-2 DSA-1535-1 DSA-1534-1 DSA-1532-1}
	- iceweasel 2.0.0.13-1
	- xulrunner 1.8.1.13-1
	- iceape 1.1.9-1
	- icedove 2.0.0.14-1
CVE-2008-1233 (Unspecified vulnerability in Mozilla Firefox before 2.0.0.13, ...)
	{DSA-1574-1 DSA-1534-2 DSA-1535-1 DSA-1534-1 DSA-1532-1}
	- iceweasel 2.0.0.13-1
	- xulrunner 1.8.1.13-1
	- iceape 1.1.9-1
	- icedove 2.0.0.14-1
CVE-2008-1232 (Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1.0 ...)
	- tomcat5.5 5.5.26-4 (low; bug #494504)
CVE-2008-1231 (Directory traversal vulnerability in Edit.jsp in JSPWiki 2.4.104 and ...)
	- jspwiki 2.8.0-1 (bug #470477)
CVE-2008-1230 (Unrestricted file upload vulnerability in JSPWiki 2.4.104 and 2.5.139 ...)
	- jspwiki 2.8.0-1 (bug #470477)
CVE-2008-1229 (Cross-site scripting (XSS) vulnerability in Edit.jsp in JSPWiki ...)
	- jspwiki 2.8.0-1 (bug #470477)
CVE-2008-1228 (Cross-site scripting (XSS) vulnerability in admin.php in MG2 (formerly ...)
	NOT-FOR-US: MG2
CVE-2008-1227 (Stack-based buffer overflow in the silc_fingerprint function in ...)
	- silc-toolkit 1.1.6-1
CVE-2008-1226 (Multiple cross-site scripting (XSS) vulnerabilities in Zimbra ...)
	NOT-FOR-US: Zimbra Collaboration Suite
CVE-2008-1225 (Multiple cross-site scripting (XSS) vulnerabilities in WebCT Campus ...)
	NOT-FOR-US: WebCT Campus Edition
CVE-2008-1224 (Cross-site scripting (XSS) vulnerability in account.php in ...)
	NOT-FOR-US: BosClassifieds Classified Ads System
CVE-2008-1223 (Unspecified vulnerability in Dokeos 1.8.4 before SP3 allows attackers ...)
	NOT-FOR-US: Dokeos
CVE-2008-1222 (Cross-site scripting (XSS) vulnerability in Dokeos 1.8.4 before SP3 ...)
	NOT-FOR-US: Dokeos
CVE-2008-1221 (Absolute path traversal vulnerability in the FTP server in MicroWorld ...)
	NOT-FOR-US: MicroWorld eScan
CVE-2008-1220 (SQL injection vulnerability in the 4nChat 0.91 module for PHP-Nuke ...)
	NOT-FOR-US: 4nChat for PHP-Nuke
CVE-2008-1219 (SQL injection vulnerability in the Kutub-i Sitte (KutubiSitte) 1.1 ...)
	NOT-FOR-US: Kutub-i Sitte for PHP-Nuke
CVE-2008-1217 (Unspecified vulnerability in nlnotes.dll in the client in IBM Lotus ...)
	NOT-FOR-US: IBM Lotus Notes
CVE-2008-1216 (IBM Lotus Quickr 8.0 server, and possibly QuickPlace 7.x, does not ...)
	NOT-FOR-US: IBM Lotus Notes
CVE-2008-1215 (Stack-based buffer overflow in the command_Expand_Interpret function ...)
	NOT-FOR-US: BSD net/userppp
CVE-2008-1214 (MRcgi/MRProcessIncomingForms.pl in Numara FootPrints 8.1 on Linux ...)
	NOT-FOR-US: Numara FootPrints
CVE-2008-1213 (Cross-site scripting (XSS) vulnerability in Numara FootPrints for ...)
	NOT-FOR-US: Numara FootPrints
CVE-2008-1212 (Cross-site scripting (XSS) vulnerability in set_permissions.php in ...)
	NOT-FOR-US: Podcast Generator
CVE-2008-1211 (Cross-site scripting (XSS) vulnerability in BosDates 3.x and 4.x ...)
	NOT-FOR-US: BosDates
CVE-2008-1210 (Stack-based buffer overflow in the ctags parsing code in Programmer's ...)
	NOT-FOR-US: Programmer's Notepad
CVE-2008-1209 (Cross-site scripting (XSS) vulnerability in redirect.do in Xitex ...)
	NOT-FOR-US: Xitex WebContent M1
CVE-2008-1208 (Cross-site scripting (XSS) vulnerability in the login page in Check ...)
	NOT-FOR-US: CheckPoint VPN-1
CVE-2008-1207 (Multiple unspecified vulnerabilities in Fujitsu Interstage Smart ...)
	NOT-FOR-US: Fujitsu Interstage
CVE-2008-1206 (Format string vulnerability in the log_message function in lks.c in ...)
	NOT-FOR-US: Linux Kiss Server
CVE-2008-1205 (Unspecified vulnerability in the ipsecah kernel module in Sun Solaris ...)
	NOT-FOR-US: Sun Solaris
CVE-2008-1204 (Multiple cross-site scripting (XSS) vulnerabilities in the ...)
	NOT-FOR-US: Sun Java System
CVE-2008-1203 (The administrator interface for Adobe ColdFusion 8 and ColdFusion MX7 ...)
	NOT-FOR-US: Adobe ColdFusion
CVE-2008-1202 (Cross-site scripting (XSS) vulnerability in the web management ...)
	NOT-FOR-US: Adobe LiveCycle Workflow
CVE-2008-1201 (Multiple unspecified vulnerabilities in FLA file parsing in Adobe ...)
	NOT-FOR-US: Adobe Flash CS3 Professional
CVE-2008-1200 (Unspecified vulnerability in Microsoft Access allows remote ...)
	NOT-FOR-US: Microsoft Access
CVE-2008-1198 (The default IPSec ifup script in Red Hat Enterprise Linux 3 through 5 ...)
	NOT-FOR-US: Red Hat specific
CVE-2008-1197 (The Marvell driver for the Netgear WN802T Wi-Fi access point with ...)
	NOT-FOR-US: Marvell driver for the Netgear WN802T Wi-Fi access point
CVE-2008-1196 (Stack-based buffer overflow in Java Web Start (javaws.exe) in Sun JDK ...)
	- sun-java6 6-05-1 (medium)
	- sun-java5 1.5.0-15-1 (medium)
	[etch] - sun-java5 <no-dsa> (Non-free not supported)
CVE-2008-1195 (Unspecified vulnerability in Sun JDK and Java Runtime Environment ...)
	- sun-java6 6-05-1 (low)
	- sun-java5 1.5.0-15-1 (low)
	[etch] - sun-java5 <no-dsa> (Non-free not supported)
CVE-2008-1194 (Multiple unspecified vulnerabilities in the color management library ...)
	- sun-java6 6-05-1 (unimportant)
	- sun-java5 1.5.0-15-1 (unimportant)
	[etch] - sun-java5 <no-dsa> (Non-free not supported)
CVE-2008-1193 (Unspecified vulnerability in Java Runtime Environment Image Parsing ...)
	- sun-java6 6-05-1 (low)
	- sun-java5 1.5.0-15-1 (low)
	[etch] - sun-java5 <no-dsa> (Non-free not supported)
CVE-2008-1192 (Unspecified vulnerability in the Java Plug-in for Sun JDK and JRE 6 ...)
	- sun-java6 6-05-1 (medium)
	- sun-java5 1.5.0-15-1 (medium)
	[etch] - sun-java5 <no-dsa> (Non-free not supported)
CVE-2008-1191 (Unspecified vulnerability in Java Web Start in Sun JDK and JRE 6 ...)
	- sun-java6 6-05-1 (medium)
	- sun-java5 1.5.0-15-1 (medium)
	[etch] - sun-java5 <no-dsa> (Non-free not supported)
CVE-2008-1190 (Unspecified vulnerability in Java Web Start in Sun JDK and JRE 6 ...)
	- sun-java6 6-05-1 (medium)
	- sun-java5 <not-affected> (No more information by sun)
CVE-2008-1189 (Buffer overflow in Java Web Start in Sun JDK and JRE 6 Update 4 and ...)
	- sun-java6 6-05-1 (medium)
	- sun-java5 1.5.0-15-1 (medium)
	[etch] - sun-java5 <no-dsa> (Non-free not supported)
CVE-2008-1188 (Multiple buffer overflows in the useEncodingDecl function in Java Web ...)
	- sun-java6 6-05-1 (medium)
	- sun-java5 1.5.0-15-1 (medium)
	[etch] - sun-java5 <no-dsa> (Non-free not supported)
CVE-2008-1187 (Unspecified vulnerability in Sun Java Runtime Environment (JRE) and ...)
	- sun-java6 6-05-1 (low)
	- sun-java5 1.5.0-15-1 (low)
	[etch] - sun-java5 <no-dsa> (Non-free not supported)
CVE-2008-1186 (Unspecified vulnerability in the Virtual Machine for Sun Java Runtime ...)
	- sun-java6 6-05-1
	- sun-java5 1.5.0-15-1
	[etch] - sun-java5 <no-dsa> (Non-free not supported)
CVE-2008-1185 (Unspecified vulnerability in the Virtual Machine for Sun Java Runtime ...)
	- sun-java6 6-05-1
	- sun-java5 1.5.0-15-1
	[etch] - sun-java5 <no-dsa> (Non-free not supported)
CVE-2008-1184 (The DNSSEC validation library (libval) library in dnssec-tools before ...)
	NOT-FOR-US: dnssec-tools
CVE-2008-1183 (Multiple cross-site scripting (XSS) vulnerabilities in Crafty Syntax ...)
	NOT-FOR-US: Crafty Syntax Live Help
CVE-2008-1182 (Cross-site scripting (XSS) vulnerability in BSD Perimeter pfSense ...)
	NOT-FOR-US: BSD Perimeter pfSense
CVE-2008-1181 (Juniper Networks Secure Access 2000 5.5 R1 (build 11711) allows remote ...)
	NOT-FOR-US: Juniper
CVE-2008-1180 (Cross-site scripting (XSS) vulnerability in ...)
	NOT-FOR-US: Juniper
CVE-2008-1179 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
	NOT-FOR-US: Centreon
CVE-2008-1178 (Directory traversal vulnerability in include/doc/index.php in Centreon ...)
	NOT-FOR-US: Centreon
CVE-2008-1177 (SQL injection vulnerability in shop/detail.php in Affiliate Market ...)
	NOT-FOR-US: Affiliate Market
CVE-2008-1176 (Cross-site scripting (XSS) vulnerability in function/sideblock.php in ...)
	NOT-FOR-US: Affiliate Market
CVE-2008-1175 (Cross-site scripting (XSS) vulnerability in AuthentiX 6.3b1 Trial ...)
	NOT-FOR-US: AuthentiX
CVE-2008-1174 (Cross-site scripting (XSS) vulnerability in editUser.asp in AuthentiX ...)
	NOT-FOR-US: AuthentiX
CVE-2008-1173 (Cross-site scripting (XSS) vulnerability in account-inbox.php in ...)
	NOT-FOR-US: TorrentTrader
CVE-2008-1172 (Cross-site request forgery (CSRF) vulnerabilities in account-inbox.php ...)
	NOT-FOR-US: TorrentTrader
CVE-2008-1171 (** DISPUTED ** ...)
	NOT-FOR-US: 123 Flash Chat Module for phpBB
CVE-2008-1170 (Multiple PHP remote file inclusion vulnerabilities in KCWiki 1.0 allow ...)
	NOT-FOR-US: KCWiki
CVE-2008-1169 (Directory traversal vulnerability in the embedded HTTP server in SCI ...)
	NOT-FOR-US: SCI Photo Chat Server
CVE-2008-1168 (Cross-site scripting (XSS) vulnerability in Squid Analysis Report ...)
	- sarg 2.2.5-1
CVE-2008-1167 (Stack-based buffer overflow in the useragent function in useragent.c ...)
	- sarg 2.2.4-1
CVE-2008-1166 (Flyspray 0.9.9.4 generates different error messages depending on ...)
	- flyspray <removed>
CVE-2008-1165 (Multiple cross-site scripting (XSS) vulnerabilities in Flyspray 0.9.9 ...)
	- flyspray <removed>
CVE-2008-1164 (SQL injection vulnerability in index.php in phpComasy 0.8 allows ...)
	NOT-FOR-US: phpComasy CMS
CVE-2008-1163 (SQL injection vulnerability in index.php in phpArcadeScript 1.0 ...)
	NOT-FOR-US: phpArcadeScript
CVE-2008-1162 (SQL injection vulnerability in album.php in PHP WEB SCRIPT Dynamic ...)
	NOT-FOR-US: phpwebscript
CVE-2008-1161 (Buffer overflow in the Matroska demuxer (demuxers/demux_matroska.c) in ...)
	{DSA-1536-1}
	- xine-lib 1.1.10.1-1 (medium)
CVE-2008-1160 (ZyXEL ZyWALL 1050 has a hard-coded password for the Quagga and Zebra ...)
	NOT-FOR-US: ZyXEL ZyWALL 1050
CVE-2008-1159 (Multiple unspecified vulnerabilities in the SSH server in Cisco IOS ...)
	NOT-FOR-US: Cisco ssh server
CVE-2008-1158 (The Presence Engine (PE) service in Cisco Unified Presence before ...)
	NOT-FOR-US: Presence Engine (PE) Cisco Unified Presence
CVE-2008-1157 (Cisco CiscoWorks Internetwork Performance Monitor (IPM) 2.6 creates a ...)
	NOT-FOR-US: Cisco IPM
CVE-2008-1156 (Unspecified vulnerability in the Multicast Virtual Private Network ...)
	NOT-FOR-US: Cisco IOS
CVE-2008-1155 (Cisco Network Admission Control (NAC) Appliance 3.5.x, 3.6.x before ...)
	NOT-FOR-US: Cisco
CVE-2008-1154 (The Disaster Recovery Framework (DRF) master server in Cisco Unified ...)
	NOT-FOR-US: Cisco IOS
CVE-2008-1153 (Cisco IOS 12.1, 12.2, 12.3, and 12.4, with IPv4 UDP services and the ...)
	NOT-FOR-US: Cisco IOS
CVE-2008-1152 (The data-link switching (DLSw) component in Cisco IOS 12.0 through ...)
	NOT-FOR-US: Cisco IOS
CVE-2008-1151 (Memory leak in the virtual private dial-up network (VPDN) component in ...)
	NOT-FOR-US: Cisco IOS
CVE-2008-1150 (The virtual private dial-up network (VPDN) component in Cisco IOS ...)
	NOT-FOR-US: Cisco IOS
CVE-2008-1149 (phpMyAdmin before 2.11.5 accesses $_REQUEST to obtain some parameters ...)
	{DSA-1557-1}
	- phpmyadmin 4:2.11.5-1 (low)
	[etch] - phpmyadmin <no-dsa> (Minor issue)
	[sarge] - phpmyadmin <not-affected> (Vulnerable code not present)
	NOTE: PMASA-2008-1. SQL injection if you can set local cookies, which means
	NOTE: you must be able to create pages in the same cookie domain, which seems
	NOTE: rare and unwise. low priority.
CVE-2008-1148 (A certain pseudo-random number generator (PRNG) algorithm that uses ...)
	- kfreebsd-5 <removed>
	[etch] - kfreebsd-5 <no-dsa> (KFreebsd not supported)
	- kfreebsd-6 <unfixed>
	[lenny] - kfreebsd-6 <no-dsa> (KFreebsd not supported)
	- kfreebsd-7 <unfixed> (bug #483152)
	[lenny] - kfreebsd-7 <no-dsa> (KFreebsd not supported)
CVE-2008-1147 (A certain pseudo-random number generator (PRNG) algorithm that uses ...)
	- kfreebsd-5 <removed>
	[etch] - kfreebsd-5 <no-dsa> (KFreebsd not supported)
	- kfreebsd-6 <unfixed>
	[lenny] - kfreebsd-6 <no-dsa> (KFreebsd not supported)
	- kfreebsd-7 <unfixed> (bug #483152)
	[lenny] - kfreebsd-7 <no-dsa> (KFreebsd not supported)
CVE-2008-1146 (A certain pseudo-random number generator (PRNG) algorithm that uses ...)
	- kfreebsd-5 <removed>
	[etch] - kfreebsd-5 <no-dsa> (KFreebsd not supported)
	- kfreebsd-6 <unfixed> (bug #483152)
	[lenny] - kfreebsd-6 <no-dsa> (KFreebsd not supported)
	- kfreebsd-7 <unfixed> (bug #483152)
	[lenny] - kfreebsd-7 <no-dsa> (KFreebsd not supported)
CVE-2008-1144 (The Marvell driver for the Netgear WN802T Wi-Fi access point with ...)
	NOT-FOR-US: Marvell driver for the Netgear WN802T Wi-Fi access point
CVE-2008-1143
	RESERVED
CVE-2008-1141 (Memory leak in DLMFENC.sys 1.0.0.26 in DESlock+ 3.2.6 and earlier ...)
	NOT-FOR-US: DESlock+
CVE-2008-1140 (DLMFDISK.sys 1.2.0.27 in DESlock+ 3.2.6 and earlier allows local users ...)
	NOT-FOR-US: DESlock+
CVE-2008-1139 (DESlock+ 3.2.6 and earlier, when DLMFENC.sys 1.0.0.26 and DLMFDISK.sys ...)
	NOT-FOR-US: DESlock+
CVE-2008-1138 (DLMFENC.sys 1.0.0.26 in DESlock+ 3.2.6 and earlier allows local users ...)
	NOT-FOR-US: DESlock+
CVE-2008-1137 (SQL injection vulnerability in the Garys Cookbook (com_garyscookbook) ...)
	NOT-FOR-US: com_garyscookbook component for Mambo and Joomla!
CVE-2008-1136 (The Utils::runScripts function in src/utils.cpp in vdccm 0.92 through ...)
	- vdccm <removed>
CVE-2008-1135 (OMEGA (aka Omegasoft) INterneSErvicesLosungen (INSEL) 7 generates ...)
	NOT-FOR-US: OMEGA
CVE-2008-1134 (OMEGA (aka Omegasoft) INterneSErvicesLosungen (INSEL) 7 supports ...)
	NOT-FOR-US: OMEGA
CVE-2008-1133 (The Drupal.checkPlain function in Drupal 6.0 only escapes the first ...)
	- drupal5 <not-affected> (Vulnerable code introduced in 6.x)
CVE-2007-6706 (Unspecified vulnerability in nlnotes.dll in the client in IBM Lotus ...)
	NOT-FOR-US: IBM Lotus Notes
CVE-2007-6705 (The WebSphere MQ XA 5.3 before FP13 and 6.0.x before 6.0.2.1 client ...)
	NOT-FOR-US: WebSphere
CVE-2007-6704 (Multiple cross-site scripting (XSS) vulnerabilities in F5 FirePass ...)
	NOT-FOR-US: F5 FirePass
CVE-2007-6703 (Unspecified vulnerability in vdccm before 0.10.1 in SynCE (SynCE-dccm) ...)
	- vdccm <removed>
CVE-2007-6702 (goform/QuickStart_c0 on the GoAhead Web Server on the FS4104-AW (aka ...)
	NOT-FOR-US: FS4104-AW firmware
CVE-2003-1552 (Unrestricted file upload vulnerability in uploader.php in Uploader 1.1 ...)
	NOT-FOR-US: Uploader
CVE-2003-1551 (Unspecified vulnerability in Novell GroupWise 6 SP3 WebAccess before ...)
	NOT-FOR-US: Novell GroupWise
CVE-2003-1550 (XOOPS 2.0, and possibly earlier versions, allows remote attackers to ...)
	NOT-FOR-US: XOOPS
CVE-2003-1549 (Cross-site scripting (XSS) vulnerability in header.php in ...)
	NOT-FOR-US: MyABraCaDaWeb
CVE-2003-1548 (MyABraCaDaWeb 1.0.2 and earlier allows remote attackers to obtain ...)
	NOT-FOR-US: MyABraCaDaWeb
CVE-2003-1547 (Cross-site scripting (XSS) vulnerability in block-Forums.php in the ...)
	NOT-FOR-US: Splatt Forum module for PHP-Nuke
CVE-2003-1546 (Cross-site scripting (XSS) vulnerability in gbook.php in Filebased ...)
	NOT-FOR-US: Filebased guestbook
CVE-2008-1218 (Argument injection vulnerability in Dovecot 1.0.x before 1.0.13, and ...)
	{DSA-1516-1}
	- dovecot 1:1.0.13-1
	[etch] - dovecot <not-affected> (Vulnerable code not present)
	[sarge] - dovecot <not-affected> (Vulnerable code not present)
	NOTE: exploitable through code introduced in 1.0.11
	NOTE: http://www.dovecot.org/list/dovecot-news/2008-March/000064.html
CVE-2008-1293 (ldm in Linux Terminal Server Project (LTSP) 0.99 and 2 passes the -ac ...)
	{DSA-1561-1 DTSA-118-1}
	- ldm 2:0.1~bzr20080308-1 (bug #469462)
	- ltsp 5.0.40~bzr20071229-1
	NOTE: In revision 5.0.40~bzr20071229-1 ldm has been split into a separate source package
CVE-2008-1145 (Directory traversal vulnerability in WEBrick in Ruby 1.8 before ...)
	- ruby1.8 1.8.6.114-1 (unimportant; bug #469475)
	- ruby1.9 1.9.0.1-1 (unimportant; bug #469482)
	[sarge] - ruby1.8 <no-dsa> (case insensitive FS, corner case)
	[etch] - ruby1.8 <no-dsa> (case insensitive FS, corner case)
	[etch] - ruby1.9 <no-dsa> (case insensitive FS, corner case)
	NOTE: http://www.ruby-lang.org/en/news/2008/03/03/webrick-file-access-vulnerability/
CVE-2008-1199 (Dovecot before 1.0.11, when configured to use mail_extra_groups to ...)
	{DSA-1516-1}
	- dovecot 1:1.0.12-1 (medium; bug #469457)
CVE-2008-1132 (Untrusted search path vulnerability in src/mainwindow.c in Net ...)
	NOT-FOR-US: Net Activity Viewer
CVE-2008-1131 (Cross-site scripting (XSS) vulnerability in Drupal 6.0 allows remote ...)
	- drupal <not-affected> (Vulnerable code not present, affects only 6.x branch)
	- drupal5 <not-affected> (Vulnerable code not present, affects only 6.x branch)
CVE-2008-1130 (Unspecified vulnerability in IBM WebSphere MQ 6.0.x before 6.0.2.2 and ...)
	NOT-FOR-US: WebSphere
CVE-2008-1129 (Cross-site scripting (XSS) vulnerability in admin/users/self.php in ...)
	NOT-FOR-US: XRMS
CVE-2008-1128 (PHP remote file inclusion vulnerability in tourney/index.php in ...)
	NOT-FOR-US: phpMyTourney
CVE-2008-1127 (Format string vulnerability in the cryactio function in Crysis ...)
	NOT-FOR-US: Crysis
CVE-2008-1126 (PHP remote file inclusion vulnerability in main.php in Barryvan Compo ...)
	NOT-FOR-US: Barryvan Compo Manager
CVE-2008-1125 (Multiple directory traversal vulnerabilities in Podcast Generator 1.0 ...)
	NOT-FOR-US: Podcast Generator
CVE-2008-1124 (Multiple PHP remote file inclusion vulnerabilities in Podcast ...)
	NOT-FOR-US: Podcast Generator
CVE-2008-1123 (Multiple PHP remote file inclusion vulnerabilities in SiteBuilder ...)
	NOT-FOR-US: SiteBuilder
CVE-2008-1122 (SQL injection vulnerability in the downloads module in Koobi Pro 5.7 ...)
	NOT-FOR-US: Koobi
CVE-2008-1121 (SQL injection vulnerability in index.php in eazyPortal 1.0 and earlier ...)
	NOT-FOR-US: eazyPortal
CVE-2008-1120 (Format string vulnerability in the embedded Internet Explorer ...)
	NOT-FOR-US: ICQ
CVE-2008-1119 (Directory traversal vulnerability in include/doc/get_image.php in ...)
	NOT-FOR-US: Centreon
CVE-2008-1118 (Timbuktu Pro 8.6.5 for Windows, and possibly 8.7 for Mac OS X, does ...)
	NOT-FOR-US: Timbuktu Pro
CVE-2008-1117 (Directory traversal vulnerability in the Notes (aka Flash Notes or ...)
	NOT-FOR-US: Timbuktu Pro
CVE-2008-1116 (Insecure method vulnerability in the Web Scan Object ActiveX control ...)
	NOT-FOR-US: Rising Antivirus
CVE-2008-1115 (Unspecified vulnerability in Sun Solaris 8 directory functions allows ...)
	NOT-FOR-US: Sun Solaris
CVE-2008-1114 (Vocera Communications wireless handsets, when using Protected ...)
	NOT-FOR-US: Vocera
CVE-2008-1113 (Cisco Unified Wireless IP Phone 7921, when using Protected Extensible ...)
	NOT-FOR-US: Cisco
CVE-2008-1112
	REJECTED
CVE-2008-1110 (Buffer overflow in demuxers/demux_asf.c (aka the ASF demuxer) in the ...)
	- xine-lib 1.1.10-1
	[etch] - xine-lib <not-affected> (Not affected per assessment of maintainer)
	[sarge] - xine-lib <not-affected> (Not affected per assessment of maintainer)
CVE-2008-1109 (Heap-based buffer overflow in Evolution 2.22.1 allows user-assisted ...)
	- evolution 2.22.2-1.1 (low; bug #484639)
	[etch] - evolution <no-dsa> (Minor issue)
	NOTE: Requires that the user accepts the iCalendar request and replies
	NOTE: to it from the "Calendars" window.
CVE-2008-1108 (Buffer overflow in Evolution 2.22.1, when the ITip Formatter plugin is ...)
	- evolution 2.22.2-1.1 (low; bug #484639)
	[etch] - evolution <no-dsa> (Minor issue)
	NOTE: Requires that the ITip Formatter plugin is disabled, which is enabled by default.
CVE-2008-1107
	RESERVED
CVE-2008-1106 (The management interface in Akamai Client (formerly Red Swoosh) 3322 ...)
	NOT-FOR-US: Akamai Client
CVE-2008-1105 (Heap-based buffer overflow in the receive_smb_raw function in ...)
	{DSA-1590-1}
	- samba 1:3.0.30-1 (medium; bug #483410)
CVE-2008-1104 (Stack-based buffer overflow in Foxit Reader before 2.3 build 2912 ...)
	NOT-FOR-US: Foxit Reader
CVE-2008-1103 (Multiple unspecified vulnerabilities in Blender have unknown impact ...)
	- blender 2.40-1 (low)
CVE-2008-1102 (Stack-based buffer overflow in the imb_loadhdr function in Blender ...)
	{DSA-1567-1}
	- blender 2.45-5 (medium; bug #477808)
CVE-2008-1101 (Buffer overflow in kvdocve.dll in the KeyView document viewing engine ...)
	NOT-FOR-US: KeyView
CVE-2008-1100 (Buffer overflow in the cli_scanpe function in libclamav ...)
	{DSA-1549-1}
	- clamav 0.92.1~dfsg2-1
CVE-2008-1099 (_macro_Getval in wikimacro.py in MoinMoin 1.5.8 and earlier does not ...)
	{DSA-1514-1}
	- moin 1.5.8-5.1
CVE-2008-1098 (Multiple cross-site scripting (XSS) vulnerabilities in MoinMoin 1.5.8 ...)
	{DSA-1514-1}
	- moin 1.5.8-5.1
CVE-2008-1097 (Heap-based buffer overflow in the ReadPCXImage function in the PCX ...)
	- graphicsmagick 1.1.7-13
	- imagemagick 7:6.2.4.5.dfsg1-1
CVE-2008-1096 (The load_tile function in the XCF coder in coders/xcf.c in (1) ...)
	- imagemagick 7:6.3.7.9.dfsg1-2.1 (medium; bug #414370)
	[lenny] - imagemagick 7:6.3.7.9.dfsg1-2.1+lenny1
	- graphicsmagick 1.1.11-3.2 (medium; bug #414370)
CVE-2008-1095 (Unspecified vulnerability in the Internet Protocol (IP) implementation ...)
	NOT-FOR-US: Sun Solaris
CVE-2008-1094 (SQL injection vulnerability in index.cgi in the Account View page in ...)
	NOT-FOR-US: Barracuda Spam Firewall
CVE-2008-1093 (Acresso InstallShield Update Agent does not properly verify the ...)
	NOT-FOR-US: FLEXnet Connect 
CVE-2008-1092 (Buffer overflow in msjet40.dll before 4.0.9505.0 in Microsoft Jet ...)
	NOT-FOR-US: Microsoft Jet Database Engine
CVE-2008-1091 (Unspecified vulnerability in Microsoft Word in Office 2000 and XP SP3, ...)
	NOT-FOR-US: Microsoft Word
CVE-2008-1090 (Unspecified vulnerability in Microsoft Visio 2002 SP2, 2003 SP2 and ...)
	NOT-FOR-US: Microsoft
CVE-2008-1089 (Unspecified vulnerability in Microsoft Visio 2002 SP2, 2003 SP2 and ...)
	NOT-FOR-US: Microsoft
CVE-2008-1088 (Microsoft Project 2000 Service Release 1, 2002 SP1, and 2003 SP2 ...)
	NOT-FOR-US: Microsoft
CVE-2008-1087 (Stack-based buffer overflow in GDI in Microsoft Windows 2000 SP4, XP ...)
	NOT-FOR-US: Microsoft
CVE-2008-1086 (The HxTocCtrl ActiveX control (hxvz.dll), as used in Microsoft ...)
	NOT-FOR-US: Microsoft
CVE-2008-1085 (Use after free vulnerability in Microsoft Internet Explorer 5.01 SP4, ...)
	NOT-FOR-US: Microsoft
CVE-2008-1084 (Unspecified vulnerability in the kernel in Microsoft Windows 2000 SP4, ...)
	NOT-FOR-US: Microsoft
CVE-2008-1083 (Heap-based buffer overflow in the CreateDIBPatternBrushPt function in ...)
	NOT-FOR-US: Microsoft
CVE-2008-1082 (Opera before 9.26 allows remote attackers to &quot;bypass sanitization ...)
	NOT-FOR-US: Opera
CVE-2008-1081 (Opera before 9.26 allows user-assisted remote attackers to execute ...)
	NOT-FOR-US: Opera
CVE-2008-1080 (Opera before 9.26 allows user-assisted remote attackers to read ...)
	NOT-FOR-US: Opera
CVE-2008-1079 (The outboxWriteUnsent function in FTPThread.class in SendFile.jar for ...)
	NOT-FOR-US: Beehive Software SendFile.NET
CVE-2008-1078 (expn in the am-utils and net-fs packages for Gentoo, rPath Linux, and ...)
	- am-utils <not-affected> (Affected code not present in the binary package)
	NOTE: sendmail includes a copy of the script, which has been fixed since
	NOTE: several years
CVE-2008-1077 (SQL injection vulnerability in index.php in the Simpleboard ...)
	NOT-FOR-US: com_simpleboard component for Mambo and Joomla!
CVE-2008-1076 (Cross-site scripting (XSS) vulnerability in search.php in Interspire ...)
	NOT-FOR-US: Interspire Shopping Cart
CVE-2008-1075 (Cross-site scripting (XSS) vulnerability in index.php in Maian Cart ...)
	NOT-FOR-US: Maian Cart
CVE-2008-1074 (PHP remote file inclusion vulnerability in lib/head_auth.php in ...)
	NOT-FOR-US: GROUP-E
CVE-2008-1073 (Cross-site scripting (XSS) vulnerability in the report interface in ...)
	NOT-FOR-US: Internet Security Systems
CVE-2008-1072 (The TFTP dissector in Wireshark (formerly Ethereal) 0.6.0 through ...)
	- wireshark 0.99.8-1 (low; bug #469488)
	[etch] - wireshark <not-affected> (Only affected in conjunction with later libcairo)
	[sarge] - ethereal <not-affected> (Only affected in conjunction with later libcairo)
CVE-2008-1071 (The SNMP dissector in Wireshark (formerly Ethereal) 0.99.6 through ...)
	- wireshark 0.99.8-1 (low; bug #469488)
	[etch] - wireshark <not-affected> (Only affects 0.99.6 onwards)
	[sarge] - ethereal <not-affected> (Only affects 0.99.6 onwards)
CVE-2008-1070 (The SCTP dissector in Wireshark (formerly Ethereal) 0.99.5 through ...)
	- wireshark 0.99.8-1 (low; bug #469488)
	[etch] - wireshark <not-affected> (Only affects 0.99.5 onwards)
	[sarge] - ethereal <not-affected> (Only affects 0.99.5 onwards)
CVE-2008-1069 (Multiple PHP remote file inclusion vulnerabilities in Quantum Game ...)
	NOT-FOR-US: Quantum Game Library
CVE-2008-1068 (Multiple PHP remote file inclusion vulnerabilities in Portail Web Php ...)
	NOT-FOR-US: Portail Web Php
CVE-2008-1067 (Multiple PHP remote file inclusion vulnerabilities in phpQLAdmin 2.2.7 ...)
	- phpqladmin <removed>
CVE-2008-1066 (The modifier.regex_replace.php plugin in Smarty before 2.6.19, as used ...)
	{DSA-1520-1}
	- smarty 2.6.18-1.1 (low; bug #469492)
	- moodle <not-affected> (low; bug #471158)
	- gallery2 2.2.5-2 (low; bug #471160)
	- mahara 0.9.2-2 (low; bug #471201)
	NOTE: Moodle ships Smarty but uses it in only one file, which doesn't use regex_replace
CVE-2008-1065 (Multiple SQL injection vulnerabilities in index.php in the ...)
	NOT-FOR-US: xmmemberstats module for XOOPS
CVE-2008-1064 (Cross-site scripting (XSS) vulnerability in images.php in the Red ...)
	NOT-FOR-US: rmgs module for XOOPs
CVE-2008-1063 (Cross-site scripting (XSS) vulnerability index.php in the ...)
	NOT-FOR-US: xmmemberstats module for XOOPS
CVE-2008-1062 (InterVideo IMC Server (aka IMCSvr.exe) and InterVideo Home Theater ...)
	NOT-FOR-US: InterVideo IMC Server/InterVideo Home Theater
CVE-2008-1061 (Multiple cross-site scripting (XSS) vulnerabilities in the Sniplets ...)
	NOT-FOR-US: Sniplets plugin for WordPress
CVE-2008-1060 (Eval injection vulnerability in modules/execute.php in the Sniplets ...)
	NOT-FOR-US: Sniplets plugin for WordPress
CVE-2008-1059 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: Sniplets plugin for WordPress
CVE-2008-1058 (The tcp_respond function in netinet/tcp_subr.c in OpenBSD 4.1 and 4.2 ...)
	NOT-FOR-US: OpenBSD
CVE-2008-1057 (The ip6_check_rh0hdr function in netinet6/ip6_input.c in OpenBSD 4.2 ...)
	NOT-FOR-US: OpenBSD
CVE-2008-1056 (Multiple stack-based buffer overflows in Symark PowerBroker 2.8 ...)
	NOT-FOR-US: Symark PowerBroker
CVE-2003-1545 (Absolute path traversal vulnerability in nukestyles.com viewpage.php ...)
	NOT-FOR-US: nukestyles.com addon for PHP-Nuke
CVE-2008-1111 (mod_cgi in lighttpd 1.4.18 sends the source code of CGI scripts ...)
	{DSA-1513-1}
	- lighttpd 1.4.18-4 (low; bug #469307)
CVE-2008-1142 (rxvt 2.6.4 opens a terminal window on :0 if the DISPLAY environment ...)
	- rxvt 1:2.6.4-13 (unimportant; bug #469296)
CVE-2008-1055 (Format string vulnerability in webmail.exe in NetWin SurgeMail 38k4 ...)
	NOT-FOR-US: SurgeMail
CVE-2008-1054 (Stack-based buffer overflow in the _lib_spawn_user_getpid function in ...)
	NOT-FOR-US: SurgeMail
CVE-2008-1053 (Multiple SQL injection vulnerabilities in the Kose_Yazilari module for ...)
	NOT-FOR-US: Kose_Yazilari module for PHP-Nuke
CVE-2008-1052 (The administration web interface in NetWin SurgeFTP 2.3a2 and earlier ...)
	NOT-FOR-US: SurgeFTP
CVE-2008-1051 (PHP remote file inclusion vulnerability in include/body_comm.inc.php ...)
	NOT-FOR-US: phpProfiles
CVE-2008-1050 (SQL injection vulnerability in index.php in Softbiz Jokes &amp; Funny Pics ...)
	NOT-FOR-US: Softbiz Jokes & Funny Pics Script
CVE-2008-1049 (Unspecified vulnerability in Parallels SiteStudio before 1.7.2, and ...)
	NOT-FOR-US: Parallels SiteStudio
CVE-2008-1048 (Cross-site scripting (XSS) vulnerability in manager/xmedia.php in ...)
	NOT-FOR-US: Plume CMS
CVE-2008-1047 (Cross-site scripting (XSS) vulnerability in tiki-edit_article.php in ...)
	- tikiwiki <removed>
CVE-2008-1046 (PHP remote file inclusion vulnerability in footer.php in Quinsonnas ...)
	NOT-FOR-US: Quinsonnas Mail Checker
CVE-2008-1045 (Cross-site scripting (XSS) vulnerability in the file tree navigation ...)
	NOT-FOR-US: OpenCMS
CVE-2008-1044 (Stack-based buffer overflow in the Quantum Streaming Player (Quantum ...)
	NOT-FOR-US: Quantum Streaming Player
CVE-2008-1043 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: Linux Web Shop
CVE-2008-1042 (Directory traversal vulnerability in include/body.inc.php in Linux Web ...)
	NOT-FOR-US: Linux Web Shop
CVE-2008-1041 (Cross-site scripting (XSS) vulnerability in mwhois.php in Matt Wilson ...)
	NOT-FOR-US: MWhois
CVE-2008-1040 (Buffer overflow in the Single Sign-On function in Fujitsu Interstage ...)
	NOT-FOR-US: Fujitsu Interstage Application Server
CVE-2008-1039 (SQL injection vulnerability in question.asp in PORAR WEBBOARD allows ...)
	NOT-FOR-US: PORAR WEBBOARD
CVE-2008-1038 (PHP remote file inclusion vulnerability in mod/mod.extmanager.php in ...)
	NOT-FOR-US: DBHcms
CVE-2008-1037 (Cross-site scripting (XSS) vulnerability in the file listing function ...)
	NOT-FOR-US: Packeteer PacketShaper
CVE-2008-1036 (International Components for Unicode (ICU) in Apple Mac OS X before ...)
	NOT-FOR-US: Apple Mac OS
CVE-2008-1035 (Use-after-free vulnerability in Apple iCal 3.0.1 on Mac OS X allows ...)
	NOT-FOR-US: Apple iCal
CVE-2008-1034 (Integer underflow in Help Viewer in Apple Mac OS X before 10.5 allows ...)
	NOT-FOR-US: Apple Mac OS
CVE-2008-1033 (The scheduler in CUPS in Apple Mac OS X 10.5 before 10.5.3, when debug ...)
	NOT-FOR-US: Apple Mac OS
CVE-2008-1032 (Incomplete blacklist vulnerability in CoreTypes in Apple Mac OS X ...)
	NOT-FOR-US: Apple Mac OS
CVE-2008-1031 (CoreGraphics in Apple Mac OS X before 10.5.3 allows remote attackers ...)
	NOT-FOR-US: Apple Mac OS
CVE-2008-1030 (Integer overflow in the CFDataReplaceBytes function in the CFData API ...)
	NOT-FOR-US: Apple Mac OS
CVE-2008-1029
	RESERVED
CVE-2008-1028 (Unspecified vulnerability in AppKit in Apple Mac OS X before 10.5 ...)
	NOT-FOR-US: Apple Mac OS
CVE-2008-1027 (Apple Filing Protocol (AFP) Server in Apple Mac OS X before 10.5.3 ...)
	NOT-FOR-US: Apple Mac OS
CVE-2008-1026 (Integer overflow in the PCRE regular expression compiler ...)
	- webkit 0~svn31841-1
	- qt4-x11 <not-affected> (vulnerable code not present referring to upstream)
	NOTE: for qt, referring to upstream this only applies to optimized code in safari 3.1
	NOTE: branch and qt 4.4 is based on safari 3.0
CVE-2008-1025 (Cross-site scripting (XSS) vulnerability in Apple WebKit, as used in ...)
	- qt4-x11 <not-affected> (QUrl handles URLs and is not vulnerable to this CVE, see bug #479644)
	- webkit 0~svn31841-1 (medium)
CVE-2008-1024 (Apple Safari before 3.1.1, when running on Windows XP or Vista, allows ...)
	NOT-FOR-US: Apple Safari
CVE-2008-1023 (Heap-based buffer overflow in Clip opcode parsing in Apple QuickTime ...)
	NOT-FOR-US: Apple QuickTime
CVE-2008-1022 (Stack-based buffer overflow in Apple QuickTime before 7.4.5 allows ...)
	NOT-FOR-US: Apple QuickTime
CVE-2008-1021 (Heap-based buffer overflow in Animation codec content handling in ...)
	NOT-FOR-US: Apple QuickTime
CVE-2008-1020 (Heap-based buffer overflow in quickTime.qts in Apple QuickTime before ...)
	NOT-FOR-US: Apple QuickTime
CVE-2008-1019 (Heap-based buffer overflow in quickTime.qts in Apple QuickTime before ...)
	NOT-FOR-US: Apple QuickTime
CVE-2008-1018 (Heap-based buffer overflow in Apple QuickTime before 7.4.5 allows ...)
	NOT-FOR-US: Apple QuickTime
CVE-2008-1017 (Heap-based buffer overflow in clipping region (aka crgn) atom handling ...)
	NOT-FOR-US: Apple QuickTime
CVE-2008-1016 (Apple QuickTime before 7.4.5 does not properly handle movie media ...)
	NOT-FOR-US: Apple QuickTime
CVE-2008-1015 (Buffer overflow in the data reference atom handling in Apple QuickTime ...)
	NOT-FOR-US: Apple QuickTime
CVE-2008-1014 (Apple QuickTime before 7.4.5 does not properly handle external URLs in ...)
	NOT-FOR-US: Apple QuickTime
CVE-2008-1013 (Apple QuickTime before 7.4.5 enables deserialization of QTJava objects ...)
	NOT-FOR-US: Apple QuickTime
CVE-2008-1012 (Unspecified vulnerability in Apple AirPort Extreme Base Station ...)
	NOT-FOR-US: Apple AirPort 
CVE-2008-1011 (Cross-site scripting (XSS) vulnerability in WebKit, as used in Apple ...)
	NOT-FOR-US: Safari (Mac OS X)
CVE-2008-1010 (Buffer overflow in WebKit, as used in Apple Safari before 3.1, allows ...)
	NOT-FOR-US: Safari (Mac OS X)
CVE-2008-1009 (Cross-site scripting (XSS) vulnerability in WebCore, as used in Apple ...)
	NOT-FOR-US: WebCore (Apple Safari)
CVE-2008-1008 (Cross-site scripting (XSS) vulnerability in WebCore, as used in Apple ...)
	NOT-FOR-US: WebCore (Apple Safari)
CVE-2008-1007 (WebCore, as used in Apple Safari before 3.1, does not enforce the ...)
	NOT-FOR-US: WebCore (Apple Safari)
CVE-2008-1006 (Cross-site scripting (XSS) vulnerability in WebCore, as used in Apple ...)
	NOT-FOR-US: WebCore (Apple Safari)
CVE-2008-1005 (WebCore, as used in Apple Safari before 3.1, does not properly mask ...)
	NOT-FOR-US: WebCore (Apple Safari)
CVE-2008-1004 (Cross-site scripting (XSS) vulnerability in WebCore, as used in Apple ...)
	NOT-FOR-US: WebCore (Apple Safari)
CVE-2008-1003 (Cross-site scripting (XSS) vulnerability in WebCore, as used in Apple ...)
	NOT-FOR-US: WebCore (Apple Safari)
CVE-2008-1002 (Cross-site scripting (XSS) vulnerability in Apple Safari before 3.1 ...)
	NOT-FOR-US: Apple Safari
CVE-2008-1001 (Cross-site scripting (XSS) vulnerability in Apple Safari before 3.1, ...)
	NOT-FOR-US: Apple Safari
CVE-2008-1000 (Directory traversal vulnerability in ContentServer.py in the Wiki ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2008-0999 (Apple Mac OS X 10.5.2 allows user-assisted attackers to cause a denial ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2008-0998 (Unspecified vulnerability in NetCfgTool in the System Configuration ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2008-0997 (Stack-based buffer overflow in AppKit in Apple Mac OS X 10.4.11 allows ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2008-0996 (The Printing component in Apple Mac OS X 10.5.2 might save ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2008-0995 (The Printing component in Apple Mac OS X 10.5.2 uses 40-bit RC4 when ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2008-0994 (Preview in Apple Mac OS X 10.5.2 uses 40-bit RC4 when saving a PDF ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2008-0993 (Podcast Capture in Podcast Producer for Apple Mac OS X 10.5.2 invokes ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2008-0992 (Array index error in pax in Apple Mac OS X 10.5.2 allows ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2008-0991
	RESERVED
CVE-2008-0990 (notifyd in Apple Mac OS X 10.4.11 does not verify that Mach port death ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2008-0989 (Format string vulnerability in mDNSResponderHelper in Apple Mac OS X ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2008-0988 (Off-by-one error in the Libsystem strnstr API in libc on Apple Mac OS ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2008-0987 (Stack-based buffer overflow in Image Raw in Apple Mac OS X 10.5.2, and ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2008-0986 (Integer overflow in the BMP::readFromStream method in the libsgl.so ...)
	NOT-FOR-US: Google Android
CVE-2008-0985 (Heap-based buffer overflow in the GIF library in the WebKit framework ...)
	NOT-FOR-US: Google Android
CVE-2006-7232 (sql_select.cc in MySQL 5.0.x before 5.0.32 and 5.1.x before 5.1.14 ...)
	- mysql-dfsg-4.1 <removed>
	- mysql-dfsg-5.0 5.0.32-1
CVE-2008-0984 (The MP4 demuxer (mp4.c) for VLC media player 0.8.6d and earlier, as ...)
	{DSA-1543-1 DTSA-116-1}
	- vlc 0.8.6.e-1 (medium; bug #467652)
CVE-2008-6426
	REJECTED
CVE-2008-0982 (Spyce - Python Server Pages (PSP) 2.1.3 allows remote attackers to ...)
	NOT-FOR-US: Spyce
CVE-2008-0981 (Open redirect vulnerability in spyce/examples/redirect.spy in Spyce - ...)
	NOT-FOR-US: Spyce
CVE-2008-0980 (Multiple cross-site scripting (XSS) vulnerabilities in Spyce - Python ...)
	NOT-FOR-US: Spyce
CVE-2008-0979 (Stack consumption vulnerability in Double-Take 5.0.0.2865 and earlier, ...)
	NOT-FOR-US: Double-Take
CVE-2008-0978 (Double-Take 5.0.0.2865 and earlier, distributed under the HP ...)
	NOT-FOR-US: Double-Take
CVE-2008-0977 (Double-Take 5.0.0.2865 and earlier, distributed under the HP ...)
	NOT-FOR-US: Double-Take
CVE-2008-0976 (Double-Take 5.0.0.2865 and earlier, distributed under the HP ...)
	NOT-FOR-US: Double-Take
CVE-2008-0975 (Double-Take 5.0.0.2865 and earlier, distributed under the HP ...)
	NOT-FOR-US: Double-Take
CVE-2008-0974 (Double-Take 5.0.0.2865 and earlier, distributed under the HP ...)
	NOT-FOR-US: Double-Take
CVE-2008-0973 (Buffer overflow in Double-Take (aka HP StorageWorks Storage Mirroring) ...)
	NOT-FOR-US: Double-Take
CVE-2008-0972
	RESERVED
CVE-2008-0971 (Multiple cross-site scripting (XSS) vulnerabilities in index.cgi in ...)
	NOT-FOR-US: Barracuda Networks products
CVE-2008-0970
	RESERVED
CVE-2008-0969
	RESERVED
CVE-2008-0968
	RESERVED
CVE-2008-0967 (Untrusted search path vulnerability in vmware-authd in VMware ...)
	- vmware-package <unfixed> (low; bug #486110)
	[etch] - vmware-package <no-dsa> (Contrib not supported)
	NOTE: vmware-package just builds vmware from downloaded tarballs, the package itself
	NOTE: does not download them, however it needs to update its hashes for upstream tarballs
CVE-2008-0966
	RESERVED
CVE-2008-0965 (Multiple format string vulnerabilities in snoop on Sun Solaris 8 ...)
	NOT-FOR-US: Sun Solaris and OpenSolaris
CVE-2008-0964 (Multiple stack-based buffer overflows in snoop on Sun Solaris 8 ...)
	NOT-FOR-US: Sun Solaris and OpenSolaris
CVE-2008-0963 (Format string vulnerability in EMC DiskXtender MediaStor 6.20.060 ...)
	NOT-FOR-US: EMC DiskXtender
CVE-2008-0962 (Stack-based buffer overflow in the File System Manager for EMC ...)
	NOT-FOR-US: EMC DiskXtender
CVE-2008-0961 (EMV DiskXtender 6.20.060 has a hard-coded login and password, which ...)
	NOT-FOR-US: EMC DiskXtender
CVE-2008-0960 (SNMPv3 HMAC verification in (1) Net-SNMP 5.2.x before 5.2.4.1, 5.3.x ...)
	{DSA-1663-1 DTSA-137-1}
	- net-snmp 5.4.1~dfsg-8.1 (medium; bug #485945)
CVE-2008-0959 (Multiple stack-based buffer overflows in the Online Media Technologies ...)
	NOT-FOR-US: Online Media Technologies NCTSoft NCTAudioInformation2
CVE-2008-0958 (Multiple stack-based buffer overflows in the Online Media Technologies ...)
	NOT-FOR-US: Online Media Technologies NCTSoft NCTAudioInformation2
CVE-2008-0957 (Multiple stack-based buffer overflows in the PhotoStockPlus Uploader ...)
	NOT-FOR-US: PhotoStockPlus Uploader Tool ActiveX control
CVE-2008-0956 (Multiple stack-based buffer overflows in the BackWeb Lite Install ...)
	NOT-FOR-US: BackWeb Lite Install
CVE-2008-0955 (Stack-based buffer overflow in the Creative Software AutoUpdate Engine ...)
	NOT-FOR-US: CTSUEng.ocx
CVE-2008-0954
	RESERVED
CVE-2008-0953 (Unspecified vulnerability in a certain ActiveX control in ...)
	NOT-FOR-US: ActiveX control
CVE-2008-0952 (Unspecified vulnerability in a certain ActiveX control in ...)
	NOT-FOR-US: ActiveX control
CVE-2008-0951 (Microsoft Windows Vista does not properly enforce the ...)
	NOT-FOR-US: Windows Vista
CVE-2008-0950
	RESERVED
CVE-2008-0949 (Unspecified vulnerability in IBM Informix Dynamic Server (IDS) 7.x ...)
	NOT-FOR-US: IBM Informix Dynamic Server
CVE-2008-0948 (Buffer overflow in the RPC library (lib/rpc/rpc_dtablesize.c) used by ...)
	- krb5 1.3-1 (unimportant)
	NOTE: glibc properly defines FD_SETSIZE
CVE-2008-0947 (Buffer overflow in the RPC library used by libgssrpc and kadmind in ...)
	{DSA-1524-1}
	- krb5 1.6.dfsg.3~beta1-4 (medium)
CVE-2008-0946 (Directory traversal vulnerability in the IM Server (aka IMserve or ...)
	NOT-FOR-US: Ipswitch Instant Messaging
CVE-2008-0945 (Format string vulnerability in the logging function in the IM Server ...)
	NOT-FOR-US: Ipswitch Instant Messaging
CVE-2008-0944 (Ipswitch Instant Messaging (IM) 2.0.8.1 and earlier allows remote ...)
	NOT-FOR-US: Ipswitch Instant Messaging
CVE-2008-0943 (Multiple SQL injection vulnerabilities in Eagle Software Aeries ...)
	NOT-FOR-US: Eagle Software Aeries
CVE-2008-0942 (SQL injection vulnerability in GradebookStuScores.asp in Eagle ...)
	NOT-FOR-US: Eagle Software Aeries Browser Interface
CVE-2008-0941 (Cross-site scripting (XSS) vulnerability in Eagle Software Aeries ...)
	NOT-FOR-US: Eagle Software Aeries Browser Interface
CVE-2008-0940 (Cross-site scripting (XSS) vulnerability in Plain Black WebGUI before ...)
	NOT-FOR-US: Plain Black WebGUI
CVE-2008-0939 (Multiple SQL injection vulnerabilities in wppa.php in the WP Photo ...)
	NOT-FOR-US: WP Photo Album plugin for WordPress
CVE-2008-0938 (Unspecified vulnerability in the dynamic tracing framework (DTrace) in ...)
	NOT-FOR-US: Sun Solaris
CVE-2008-0937 (SQL injection vulnerability in index.php in the Tiny Event (tinyevent) ...)
	NOT-FOR-US: XOOPS module
CVE-2008-0936 (SQL injection vulnerability in index.php in the Prayer List ...)
	NOT-FOR-US: XOOPS module
CVE-2008-0935 (Stack-based buffer overflow in the Novell iPrint Control ActiveX ...)
	NOT-FOR-US: Novell iPrint Client
CVE-2008-0934 (SQL injection vulnerability in modules.php in the NukeC 2.1 module for ...)
	NOT-FOR-US: NukeC phpnuke module
CVE-2008-0933 (Multiple race conditions in the CPU Performance Counters (cpc) ...)
	NOT-FOR-US: Sun Solaris
CVE-2008-0931 (w_export.c in XWine 1.0.1 on Debian GNU/Linux sets insecure ...)
	{DSA-1526-1}
	- xwine <removed> (low; bug #468050)
CVE-2008-0930 (w_editeur.c in XWine 1.0.1 for Debian GNU/Linux allows local users to ...)
	{DSA-1526-1}
	- xwine <removed> (low; bug #468050)
CVE-2008-0929
	REJECTED
CVE-2008-0928 (Qemu 0.9.1 and earlier does not perform range checks for block device ...)
	{DTSA-133-1}
	- qemu <unfixed> (low; bug #469649)
	- xen-unstable 3.2.0-4 (bug #469654)
	- xen-3 3.2.0-4 (bug #469662)
	- xen-3.0 <removed>
	- kvm 63+dfsg-1 (bug #469666)
CVE-2008-0927 (dhost.exe in Novell eDirectory 8.7.3 before sp10 and 8.8.2 allows ...)
	NOT-FOR-US: Novell eDirectory
CVE-2008-0926 (The SOAP interface to the eMBox module in Novell eDirectory 8.7.3.9 ...)
	NOT-FOR-US: Novell eDirectory
CVE-2008-0925 (Cross-site scripting (XSS) vulnerability in the iMonitor interface in ...)
	NOT-FOR-US: Novell eDirectory
CVE-2008-0924 (Stack-based buffer overflow in the DoLBURPRequest function in libnldap ...)
	NOT-FOR-US: Novell eDirectory
CVE-2008-0923 (Directory traversal vulnerability in the Shared Folders feature for ...)
	- vmware-package <not-affected> (Only vulnerable on windows hosted systems)
CVE-2008-0922 (SQL injection vulnerability in the Manuales 0.1 module for PHP-Nuke ...)
	NOT-FOR-US: Manuales module for PHP-Nuke
CVE-2008-0921 (SQL injection vulnerability in news.php in beContent 0.3.1 allows ...)
	NOT-FOR-US: beContent
CVE-2008-0920 (SQL injection vulnerability in port/modifyportform.php in Open Source ...)
	NOT-FOR-US: OSSIM
CVE-2008-0919 (Cross-site scripting (XSS) vulnerability in session/login.php in Open ...)
	NOT-FOR-US: OSSIM
CVE-2008-0918 (SQL injection vulnerability in includes/count_dl_or_link.inc.php in ...)
	NOT-FOR-US: astatsPRO component for Joomla!
CVE-2008-0917 (Cross-site scripting (XSS) vulnerability in Tor World Tor Search 1.1 ...)
	NOT-FOR-US: TorWorld software
CVE-2008-0916 (SQL injection vulnerability in the Highwood Design hwdVideoShare ...)
	NOT-FOR-US: com_hwdvideoshare component for Joomla!
CVE-2008-0915 (The Mediation server in IPdiva SSL VPN Server 2.2 before 2.2.8.84 and ...)
	NOT-FOR-US: IPdiva SSL VPN Server
CVE-2008-0914 (Multiple cross-site scripting (XSS) vulnerabilities in the Mediation ...)
	NOT-FOR-US: IPdiva SSL VPN Server
CVE-2008-0913 (Cross-site scripting (XSS) vulnerability in Invision Power Board (IPB ...)
	NOT-FOR-US: Invision Power Board
CVE-2008-0912 (Multiple heap-based buffer overflows in mlsrv10.exe in Sybase MobiLink ...)
	NOT-FOR-US: Sybase MobiLink
CVE-2008-0911 (SQL injection vulnerability in productdetails.php in iScripts ...)
	NOT-FOR-US: iScripts MultiCart
CVE-2008-0910 (Multiple F-Secure anti-virus products, including Internet Security ...)
	NOT-FOR-US: Internet Security, Anti-Virus, F-Secure Protection Service
CVE-2008-0909 (Cross-site scripting (XSS) vulnerability in browse.asp in Schoolwires ...)
	NOT-FOR-US: Schoolwires Academic Portal
CVE-2008-0908 (SQL injection vulnerability in browse.asp in Schoolwires Academic ...)
	NOT-FOR-US: Schoolwires Academic Portal
CVE-2008-0907 (SQL injection vulnerability in the Inhalt module for PHP-Nuke allows ...)
	NOT-FOR-US: Inhalt module for PHP-Nuke
CVE-2008-0906 (SQL injection vulnerability in the Docum module in PHP-Nuke allows ...)
	NOT-FOR-US: Docum module for PHP-Nuke
CVE-2008-0905 (Directory traversal vulnerability in globsy_edit.php in Globsy 1.0 ...)
	NOT-FOR-US: Globsy
CVE-2008-0904 (Unspecified vulnerability in the download servlet in BEA Plumtree ...)
	NOT-FOR-US: BEA Plumtree Collaboration and AquaLogic Interaction
CVE-2008-0903 (Unspecified vulnerability in the BEA WebLogic Server and Express proxy ...)
	NOT-FOR-US: BEA WebLogic Server and Express proxy plugin
CVE-2008-0902 (Multiple cross-site scripting (XSS) vulnerabilities in BEA WebLogic ...)
	NOT-FOR-US: BEA WebLogic Server and Express
CVE-2008-0901 (BEA WebLogic Server and Express 7.0 through 10.0 allows remote ...)
	NOT-FOR-US: BEA WebLogic Server and Express
CVE-2008-0900 (Session fixation vulnerability in BEA WebLogic Server and Express 8.1 ...)
	NOT-FOR-US: BEA WebLogic Server and Express
CVE-2008-0899 (Cross-site scripting (XSS) vulnerability in the Administration Console ...)
	NOT-FOR-US: BEA WebLogic Server and Express
CVE-2008-0898 (The distributed queue feature in JMS in BEA WebLogic Server 9.0 ...)
	NOT-FOR-US: BEA WebLogic Server
CVE-2008-0897 (Unspecified vulnerability in BEA WebLogic Server 9.0 through 10.0 ...)
	NOT-FOR-US: BEA WebLogic Server
CVE-2008-0896 (BEA WebLogic Portal 10.0 and 9.2 through MP1, when an administrator ...)
	NOT-FOR-US: BEA WebLogic Portal
CVE-2008-0895 (BEA WebLogic Server and WebLogic Express 6.1 through 10.0 allows ...)
	NOT-FOR-US: BEA WebLogic Server and Express
CVE-2008-0894 (Apple Safari might allow remote attackers to obtain potentially ...)
	NOT-FOR-US: Apple Safari
CVE-2008-0893 (Red Hat Administration Server, as used by Red Hat Directory Server 8.0 ...)
	NOT-FOR-US: Red Hat Administration Server
CVE-2008-0892 (The replication monitor CGI script (repl-monitor-cgi.pl) in Red Hat ...)
	NOT-FOR-US: Red Hat Administration Server
CVE-2008-0891 (Double free vulnerability in OpenSSL 0.9.8f and 0.9.8g, when the TLS ...)
	{DTSA-136-1}
	- openssl 0.9.8g-10.1 (bug #483379)
	[etch] - openssl <not-affected> (Vulnerable code (TLS extensions) not present)
CVE-2008-0890 (Red Hat Directory Server 7.1 before SP4 uses insecure permissions for ...)
	NOT-FOR-US: Red Hat Directory Server
CVE-2008-0889 (Red Hat Directory Server 8.0, when running on Red Hat Enterprise ...)
	NOT-FOR-US: Red Hat Directory Server
CVE-2008-0888 (The NEEDBITS macro in the inflate_dynamic function in inflate.c for ...)
	{DSA-1522-1}
	- unzip 5.52-11
CVE-2008-0887 (gnome-screensaver before 2.22.1, when a remote authentication server ...)
	- gnome-screensaver 2.22.2-1 (low; bug #475154)
	[etch] - gnome-screensaver <no-dsa> (Minor issue, requires attacker with high level of control, see #433964)
CVE-2008-0886
	REJECTED
CVE-2008-0885
	RESERVED
CVE-2008-0884 (The Replace function in the capp-lspp-config script in the (1) ...)
	NOT-FOR-US: Red Hat Enterprise Linux
	NOTE: Seems Redhat specific
CVE-2008-0882 (Double free vulnerability in the process_browse_data function in CUPS ...)
	{DSA-1530-1 DTSA-117-1}
	- cupsys 1.3.6-1 (medium; bug #467653)
	- cups 1.3.6-1 (medium; bug #467653)
	[sarge] - cupsys <no-dsa> (Remote DoS is minor issue)
CVE-2008-0881 (SQL injection vulnerability in modules.php in the Okul 1.0 module for ...)
	NOT-FOR-US: Okul module for PHP-Nuke
CVE-2008-0880 (SQL injection vulnerability in modules.php in the EasyContent module ...)
	NOT-FOR-US: EasyContent module for PHP-Nuke
CVE-2008-0879 (SQL injection vulnerability in modules.php in the Web_Links module for ...)
	NOT-FOR-US: Web_Links module for PHP-Nuke
CVE-2008-0878 (SQL injection vulnerability in index.php in the MyAnnonces 1.7 and ...)
	NOT-FOR-US: MyAnnonces module for RunCMS
CVE-2008-0877 (Multiple cross-site scripting (XSS) vulnerabilities in Jinzora Media ...)
	NOT-FOR-US: Jinzora Media Jukebox
CVE-2008-0876 (Unspecified vulnerability in the SEWB3 messaging service in Hitachi ...)
	NOT-FOR-US: Hitachi SEWB3
CVE-2008-0875 (Unspecified vulnerability in Hitachi EUR Print Manager, and related ...)
	NOT-FOR-US: Hitachi EUR Print Manager
CVE-2008-0874 (SQL injection vulnerability in index.php in the eEmpregos module for ...)
	NOT-FOR-US: eEmpregos module for XOOPS
CVE-2008-0873 (SQL injection vulnerability in index.php in the jlmZone Classifieds ...)
	NOT-FOR-US: jlmZone Classifieds module for XOOPS
CVE-2008-0872 (Cross-site scripting (XSS) vulnerability in SmarterTools SmarterMail ...)
	NOT-FOR-US: SmarterTools SmarterMail Enterprise
CVE-2008-0871 (Multiple stack-based buffer overflows in Now SMS/MMS Gateway ...)
	NOT-FOR-US: Now SMS/MMS Gateway
CVE-2008-0870 (BEA WebLogic Portal 10.0 and 9.2 through Maintenance Pack 2, under ...)
	NOT-FOR-US: BEA WebLogic
CVE-2008-0869 (Cross-site scripting (XSS) vulnerability in BEA WebLogic Workshop 8.1 ...)
	NOT-FOR-US: BEA WebLogic
CVE-2008-0868 (Cross-site scripting (XSS) vulnerability in Groupspace in BEA WebLogic ...)
	NOT-FOR-US: BEA WebLogic
CVE-2008-0867 (Cross-site scripting (XSS) vulnerability in portal/server.pt in BEA ...)
	NOT-FOR-US: BEA WebLogic
CVE-2008-0866 (Multiple cross-site scripting (XSS) vulnerabilities in BEA WebLogic ...)
	NOT-FOR-US: BEA WebLogic
CVE-2008-0865 (Unspecified vulnerability in BEA WebLogic Portal 8.1 through SP6 ...)
	NOT-FOR-US: BEA WebLogic
CVE-2008-0864 (Admin Tools in BEA WebLogic Portal 8.1 SP3 through SP6 can ...)
	NOT-FOR-US: BEA WebLogic
CVE-2008-0863 (BEA WebLogic Server and WebLogic Express 9.0 and 9.1 exposes the web ...)
	NOT-FOR-US: BEA WebLogic
CVE-2008-0862 (IBM Lotus Notes 6.0, 6.5, 7.0, and 8.0 signs an unsigned applet when a ...)
	NOT-FOR-US: IBM Lotus Notes
CVE-2008-0861 (Cross-site scripting (XSS) vulnerability in leg/Main.nsf in IBM Lotus ...)
	NOT-FOR-US: IBM Lotus Quickplace
CVE-2008-0860 (Unspecified vulnerability in the AVG plugin in Kerio MailServer before ...)
	NOT-FOR-US: Kerio MailServer
CVE-2008-0859 (Unspecified vulnerability in Kerio MailServer before 6.5.0 allows ...)
	NOT-FOR-US: Kerio MailServer
CVE-2008-0858 (Buffer overflow in the Visnetic anti-virus plugin in Kerio MailServer ...)
	NOT-FOR-US: Kerio MailServer
CVE-2008-0857 (SQL injection vulnerability in index.php in WoltLab Burning Board ...)
	NOT-FOR-US: WoltLab Burning Board
CVE-2008-0856 (Multiple SQL injection vulnerabilities in e-Vision CMS 2.02 allow ...)
	NOT-FOR-US: e-Vision CMS
CVE-2008-0855 (SQL injection vulnerability in the Facile Forms (com_facileforms) ...)
	NOT-FOR-US: com_facileforms component for Joomla! and Mambo
CVE-2008-0854 (SQL injection vulnerability in the com_salesrep component for Joomla! ...)
	NOT-FOR-US: com_salesrep component for Joomla! and Mambo
CVE-2008-0853 (SQL injection vulnerability in the com_detail component for Joomla! ...)
	NOT-FOR-US: com_detail component for Joomla! and Mambo
CVE-2008-0852 (freeSSHd 1.2 and earlier allows remote attackers to cause a denial of ...)
	NOT-FOR-US: freeSSHd
CVE-2008-0851 (Multiple cross-site scripting (XSS) vulnerabilities in Dokeos 1.8.4 ...)
	NOT-FOR-US: Dokeos
	NOTE: there is an RFP for Dokeos #433352
CVE-2008-0850 (Multiple SQL injection vulnerabilities in Dokeos 1.8.4 allow remote ...)
	NOT-FOR-US: Dokeos
	NOTE: there is an RFP for Dokeos #433352
CVE-2008-0849 (SQL injection vulnerability in index.php in the Downloads ...)
	NOT-FOR-US: com_downloads component for Mambo and Joomla!
CVE-2008-0848 (Cross-site scripting (XSS) vulnerability in lostsheep.php in Crafty ...)
	NOT-FOR-US: Crafty Syntax Live Help
CVE-2008-0847 (SQL injection vulnerability in print.php in the myTopics module for ...)
	NOT-FOR-US: myTopics module for XOOPS
CVE-2008-0846 (SQL injection vulnerability in index.php in the com_profile component ...)
	NOT-FOR-US: com_profile component for Mambo and Joomla!
CVE-2008-0845 (SQL injection vulnerability in wp-people-popup.php in Dean Logan ...)
	NOT-FOR-US: WP-People plugin for WordPress
CVE-2008-0844 (SQL injection vulnerability in index.php in the PccookBook ...)
	NOT-FOR-US: com_pccookbook component for Joomla!
CVE-2008-0843 (StatCounteX 3.0 and 3.1 allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: StatCounteX
CVE-2008-0842 (SQL injection vulnerability in index.php in the Classifier ...)
	NOT-FOR-US: com_clasifier component for Joomla!
CVE-2008-0841 (SQL injection vulnerability in index.php in the Giorgio Nordo Ricette ...)
	NOT-FOR-US: com_ricette component for Joomla!
CVE-2008-0840 (Directory traversal vulnerability in view_member.php in Public ...)
	NOT-FOR-US: LightBlog
CVE-2008-0839 (SQL injection vulnerability in refer.php in the astatsPRO ...)
	NOT-FOR-US: com_astatspro component for Joomla!
CVE-2008-0838 (Multiple cross-site scripting (XSS) vulnerabilities in the web ...)
	NOT-FOR-US: Sophos, Email Security Appliance
CVE-2008-0837 (Cross-site scripting (XSS) vulnerability in the log feature in the ...)
	NOT-FOR-US: John Godley Search Unleashed plugin for WordPress
CVE-2008-0836 (Unspecified vulnerability in the vuidmice STREAMS modules in Sun ...)
	NOT-FOR-US: Sun Solaris
CVE-2008-0835 (SQL injection vulnerability in indexen.php in Simple CMS 1.0.3 and ...)
	NOT-FOR-US: Simple CMS
CVE-2008-0834 (Cross-site scripting (XSS) vulnerability in Lotus Quickr for i5/OS ...)
	NOT-FOR-US: Lotus Quickr
CVE-2008-0833 (SQL injection vulnerability in index.php in the com_galeria component ...)
	NOT-FOR-US: com_galeria component for Joomla!
CVE-2008-0832 (SQL injection vulnerability in index.php in the Kemas Antonius ...)
	NOT-FOR-US: com_quran component for Mambo and Joomla!
CVE-2008-0831 (Multiple SQL injection vulnerabilities in the Rapid Recipe ...)
	NOT-FOR-US: com_rapidrecipe component for Joomla!
CVE-2008-0830 (The Digital Photo Access Protocol (DPAP) server for iPhoto 4.0.3 ...)
	NOT-FOR-US: DPAP server for iPhoto
CVE-2008-0829 (SQL injection vulnerability in jooget.php in the Joomlapixel Jooget! ...)
	NOT-FOR-US: com_jooget component for Joomla! and Mambo
CVE-2008-0828 (Multiple cross-site scripting (XSS) vulnerabilities in ATutor 1.5.5 ...)
	NOT-FOR-US: ATutor
CVE-2008-0827 (SQL injection vulnerability in the Books module of PHP-Nuke allows ...)
	NOT-FOR-US: Books module of PHP-Nuke
CVE-2008-0826 (Cross-site scripting (XSS) vulnerability in Claroline before 1.8.9 ...)
	NOT-FOR-US: Claroline
CVE-2008-0825 (SQL injection vulnerability in Claroline before 1.8.9 allows remote ...)
	NOT-FOR-US: Claroline
CVE-2008-0824 (Unspecified vulnerability in the php2phps function in Claroline before ...)
	NOT-FOR-US: Claroline
CVE-2008-0823 (Unspecified vulnerability in the Header Image Module before 5.x-1.1 ...)
	NOT-FOR-US: Header Image Module for Drupal
CVE-2008-0822 (Directory traversal vulnerability in index.php in Scribe 0.2 allows ...)
	NOT-FOR-US: Scribe
CVE-2008-0821 (SQL injection vulnerability in admin/traffic/knowledge_searchm.php in ...)
	NOT-FOR-US: PHP Live!
CVE-2008-0820 (** DISPUTED ** ...)
	NOT-FOR-US: Etomite CMS
CVE-2008-0819 (Directory traversal vulnerability in index.php in PlutoStatus Locator ...)
	NOT-FOR-US: PlutoStatus Locator
CVE-2008-0818 (Multiple directory traversal vulnerabilities in freePHPgallery 0.6 ...)
	NOT-FOR-US: freePHPgallery
CVE-2008-0817 (SQL injection vulnerability in the com_filebase component for Joomla! ...)
	NOT-FOR-US: com_filebase component for Joomla! and Mambo
CVE-2008-0816 (SQL injection vulnerability in the com_sg component for Joomla! and ...)
	NOT-FOR-US: com_sg component for Joomla! and Mambo
CVE-2008-0815 (SQL injection vulnerability in the com_mezun component for Joomla! ...)
	NOT-FOR-US: com_mezun component for Joomla!
CVE-2008-0814 (Directory traversal vulnerability in download.php in Tracking ...)
	NOT-FOR-US: TRUC
CVE-2008-0813 (Directory traversal vulnerability in Download.php in XPWeb 3.0.1, ...)
	NOT-FOR-US: XPWeb
CVE-2008-0812 (Directory traversal vulnerability in DMS/index.php in BanPro DMS 1.0 ...)
	NOT-FOR-US: BanPro DMS
CVE-2008-0811 (Multiple SQL injection vulnerabilities in AuraCMS 1.62 allow remote ...)
	NOT-FOR-US: AuraCMS
CVE-2008-0810 (SQL injection vulnerability in the com_scheduling module for Joomla! ...)
	NOT-FOR-US: com_scheduling module for Joomla! and Mambo
CVE-2008-0805 (Unrestricted file upload vulnerability in image.php in PHPizabi 0.848b ...)
	NOT-FOR-US: PHPizabi
CVE-2008-0804 (PHP remote file inclusion vulnerability in usrgetform.html in Thecus ...)
	NOT-FOR-US: Thecus N5200Pro NAS Server
CVE-2008-0983 (lighttpd 1.4.18, and possibly other versions before 1.5.0, does not ...)
	{DSA-1609-1}
	- lighttpd 1.4.18-2 (medium; bug #466663)
CVE-2008-0883 (acroread in Adobe Acrobat Reader 8.1.2 allows local users to overwrite ...)
	NOT-FOR-US: Adobe Acrobat Reader
	NOTE: http://www.openwall.com/lists/oss-security/2008/02/21/5
CVE-2008-0803 (Multiple PHP remote file inclusion vulnerabilities in LookStrike Lan ...)
	NOT-FOR-US: LookStrike Lan Manager
CVE-2008-0802 (SQL injection vulnerability in index.php in the MediaSlide ...)
	NOT-FOR-US: Joomla component
CVE-2008-0801 (SQL injection vulnerability in index.php in the PAXXGallery ...)
	NOT-FOR-US: Joomla component
CVE-2008-0800 (SQL injection vulnerability in index.php in the McQuiz (com_mcquiz) ...)
	NOT-FOR-US: Joomla component
CVE-2008-0799 (SQL injection vulnerability in index.php in the Quiz (com_quiz) 0.81 ...)
	NOT-FOR-US: Joomla component
CVE-2008-0798 (Multiple directory traversal vulnerabilities in artmedic webdesign ...)
	NOT-FOR-US: artmedic webdesign
CVE-2008-0797 (Directory traversal vulnerability in lib/download.php in iTheora 1.0 ...)
	NOT-FOR-US: iTheora
CVE-2008-0796 (SQL injection vulnerability in threads.php in Nuboard 0.5 allows ...)
	NOT-FOR-US: Nuboard
CVE-2008-0795 (SQL injection vulnerability in index.php in the MGFi XfaQ (com_xfaq) ...)
	NOT-FOR-US: Joomla component
CVE-2008-0794 (Directory traversal vulnerability in user/header.php in Affiliate ...)
	NOT-FOR-US: Affiliate Market
CVE-2008-0793 (Multiple cross-site scripting (XSS) vulnerabilities in search.asp in ...)
	NOT-FOR-US: Tendenci CMS
CVE-2008-0792 (Multiple F-Secure anti-virus products, including Internet Security ...)
	NOT-FOR-US: F-Secure
CVE-2008-0791 (ipdsserver.exe in Intermate WinIPDS 3.3 G52-33-021 allows remote ...)
	NOT-FOR-US: Intermate WinIPDS
CVE-2008-0790 (Directory traversal vulnerability in ipdsserver.exe in Intermate ...)
	NOT-FOR-US: Intermate WinIPDS
CVE-2008-0789 (SQL injection vulnerability in countdown.php in LI-Scripts ...)
	NOT-FOR-US: LI Countdown
CVE-2008-0788 (Multiple cross-site request forgery (CSRF) vulnerabilities in MyBB ...)
	NOT-FOR-US: MyBB
CVE-2008-0787 (SQL injection vulnerability in inc/datahandlers/pm.php in MyBB before ...)
	NOT-FOR-US: MyBB
CVE-2008-0786 (CRLF injection vulnerability in Cacti 0.8.7 before 0.8.7b and 0.8.6 ...)
	- cacti 0.8.7b-1
	[etch] - cacti <not-affected> (Not exploitable with Etch PHP version)
	NOTE: this is prevented by PHP since 4.4.2/5.1.2.
CVE-2008-0785 (Multiple SQL injection vulnerabilities in Cacti 0.8.7 before 0.8.7b ...)
	{DSA-1569-1}
	- cacti 0.8.7b-1
CVE-2008-0784 (graph.php in Cacti 0.8.7 before 0.8.7b and 0.8.6 before 0.8.6k allows ...)
	- cacti 0.8.7b-1 (unimportant)
	NOTE: paths on Debian already known
CVE-2008-0783 (Multiple cross-site scripting (XSS) vulnerabilities in Cacti 0.8.7 ...)
	{DSA-1569-1}
	- cacti 0.8.7b-1
CVE-2008-0782 (Directory traversal vulnerability in MoinMoin 1.5.8 and earlier allows ...)
	{DSA-1514-1}
	- moin 1.5.8-5.1
CVE-2008-0781 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
	{DSA-1514-1}
	- moin 1.5.8-5.1
CVE-2008-0780 (Cross-site scripting (XSS) vulnerability in MoinMoin 1.5.x through ...)
	{DSA-1514-1}
	- moin 1.5.8-5.1
CVE-2008-0932 (diatheke.pl in The SWORD Project Diatheke 1.5.9 and earlier allows ...)
	{DSA-1508-1}
	- sword 1.5.9-8 (high; bug #466449)
	NOTE: source package named sword, binary package named diatheke
CVE-2008-0806 (wyrd 1.4.3b allows local users to overwrite arbitrary files via a ...)
	- wyrd 1.4.3b-4 (low; bug #466382)
	[etch] - wyrd <no-dsa> (Minor issue)
CVE-2008-0807 (lib/Driver/sql.php in Turba 2 (turba2) Contact Manager H3 2.1.x before ...)
	{DSA-1507-1}
	- turba2 2.1.7-1 (bug #464058)
CVE-2008-0779 (The fortimon.sys device driver in Fortinet FortiClient Host Security ...)
	NOT-FOR-US: Fortinet FortiClient 3.0
CVE-2008-0778 (Multiple stack-based buffer overflows in an ActiveX control in ...)
	NOT-FOR-US: QuickTime
CVE-2008-0777 (The sendfile system call in FreeBSD 5.5 through 7.0 does not check the ...)
	- kfreebsd-5 <removed>
	[etch] - kfreebsd-5 <no-dsa> (FreeBSD not supported)
	- kfreebsd-6 6.3-3 (bug #483152)
	- kfreebsd-7 7.0-1 (bug #483152)
CVE-2008-0776 (SQL injection vulnerability in detail.php in iTechBids Gold 6.0 allows ...)
	NOT-FOR-US: iTechBids
CVE-2008-0775 (Cross-site scripting (XSS) vulnerability in sboxDB.php in Simple ...)
	NOT-FOR-US: Simple Machines Forum
CVE-2008-0774 (Cross-site scripting (XSS) vulnerability in search.cgi in Loris Hotel ...)
	NOT-FOR-US: Loris Hotel Reservations
CVE-2008-0773 (SQL injection vulnerability in Phil Taylor Comments (com_comments, aka ...)
	NOT-FOR-US: Mambo plugin
CVE-2008-0772 (SQL injection vulnerability in index.php in the com_doc component for ...)
	NOT-FOR-US: Mambo plugin
CVE-2008-0771 (Multiple SQL injection vulnerabilities in default.asp in Site2Nite ...)
	NOT-FOR-US: Site2Nite
CVE-2008-0770 (SQL injection vulnerability in arcade.php in ibProArcade 3.3.0 and ...)
	NOT-FOR-US: ibProArcade
CVE-2008-0769 (Cross-site scripting (XSS) vulnerability in Livelink ECM 9.0.0 through ...)
	NOT-FOR-US: Livelink
CVE-2008-0768 (Multiple stack-based and heap-based buffer overflows in the Windows ...)
	NOT-FOR-US: IBM Informix
CVE-2008-0767 (ExtremeZ-IP.exe in ExtremeZ-IP File and Print Server 5.1.2x15 and ...)
	NOT-FOR-US: ExtremeZ-IP
CVE-2008-0766 (Stack-based buffer overflow in RpmSrvc.exe in Brooks Remote Print ...)
	NOT-FOR-US: Brooks Remote Print Manager
CVE-2008-0765 (Multiple cross-site scripting (XSS) vulnerabilities in artmedic ...)
	NOT-FOR-US: artmedic
CVE-2008-0764 (Format string vulnerability in the logging function in Larson Network ...)
	NOT-FOR-US: Larson Network Print Server
CVE-2008-0763 (Stack-based buffer overflow in NPSpcSVR.exe in Larson Network Print ...)
	NOT-FOR-US: Larson Network Print Server
CVE-2008-0762 (SQL injection vulnerability in index.php in the com_iomezun component ...)
	NOT-FOR-US: com_iomezun component for Joomla!
CVE-2008-0761 (SQL injection vulnerability in index.php in the Prince Clan Chess Club ...)
	NOT-FOR-US: Prince Clan Chess Club component for Joomla!
CVE-2008-0760 (Directory traversal vulnerability in SafeNet Sentinel Protection ...)
	NOT-FOR-US: SafeNet Sentinel Protection Server
CVE-2008-0759 (ExtremeZ-IP.exe in ExtremeZ-IP File and Print Server 5.1.2x15 and ...)
	NOT-FOR-US: ExtremeZ-IP
CVE-2008-0758 (Multiple directory traversal vulnerabilities in the Zidget/HTTP ...)
	NOT-FOR-US: ExtremeZ-IP
CVE-2008-0757 (Cross-site scripting (XSS) vulnerability in index.php in MercuryBoard ...)
	NOT-FOR-US: MercuryBoard
CVE-2008-0756 (The LPD server in cyan soft Opium OPI Server 4.10.1028 and earlier; ...)
	NOT-FOR-US: cyan soft Opium OPI software
CVE-2008-0755 (Format string vulnerability in the ReportSysLogEvent function in the ...)
	NOT-FOR-US: cyan soft Opium OPI software
CVE-2008-0754 (Multiple SQL injection vulnerabilities in index.php in the Rapid ...)
	NOT-FOR-US: Rapid Recipe component for Joomla!
CVE-2008-0753 (SQL injection vulnerability in calendar.php in Virtual War (VWar) 1.5 ...)
	NOT-FOR-US: Virtual War
CVE-2008-0752 (SQL injection vulnerability in index.php in the Neogallery ...)
	NOT-FOR-US: Neogallery component for Joomla!
CVE-2008-0751 (Cross-site scripting (XSS) vulnerability in the Freetag before 2.96 ...)
	NOT-FOR-US: Spartacus plugin (freetag) for serendipity
CVE-2008-0750 (SQL injection vulnerability in philboard_forum.asp in Husrev ...)
	NOT-FOR-US: Husrev BlackBoard
CVE-2008-0749 (Cross-site scripting (XSS) vulnerability in index.php in Calimero.CMS ...)
	NOT-FOR-US: Calimero.CMS
CVE-2008-0748 (Buffer overflow in the Sony AxRUploadServer.AxRUploadControl.1 ActiveX ...)
	NOT-FOR-US: Sony ImageStation
CVE-2008-0747 (Stack-based buffer overflow in COWON America jetAudio 7.0.5 and ...)
	NOT-FOR-US: COWON America jetAudio
CVE-2008-0746 (SQL injection vulnerability in index.php in the Gallery (com_gallery) ...)
	NOT-FOR-US: Gallery component for Mambo and Joomla!
CVE-2008-0745 (Directory traversal vulnerability in aides/index.php in DomPHP 0.82 ...)
	NOT-FOR-US: DomPHP
CVE-2008-0744 (SQL injection vulnerability in user_login.asp in PreProjects.com Pre ...)
	NOT-FOR-US: Pre Hotels & Resorts Management System
CVE-2008-0743 (PHP remote file inclusion vulnerability in members_help.php in Joovili ...)
	NOT-FOR-US: Joovili
CVE-2008-0742 (Multiple directory traversal vulnerabilities in PowerScripts PowerNews ...)
	NOT-FOR-US: PowerNews
CVE-2008-0741 (Unspecified vulnerability in the PropFilePasswordEncoder utility in ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2008-0740 (IBM WebSphere Application Server (WAS) before 6.0.2 Fix Pack 25 ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2008-0739 (SQL injection vulnerability in admin/SA_shipFedExMeter.asp in ...)
	NOT-FOR-US: CandyPress
CVE-2008-0738 (Multiple SQL injection vulnerabilities in CandyPress (CP) 4.1.1.26, ...)
	NOT-FOR-US: CandyPress
CVE-2008-0737 (SQL injection vulnerability in admin/utilities_ConfigHelp.asp in ...)
	NOT-FOR-US: CandyPress
CVE-2008-0736 (admin/SA_shipFedExMeter.asp in CandyPress (CP) 4.1.1.26, and possibly ...)
	NOT-FOR-US: CandyPress
CVE-2008-0735 (SQL injection vulnerability in mod/gallery/ajax/gallery_data.php in ...)
	NOT-FOR-US: AuraCMS
CVE-2008-0734 (SQL injection vulnerability in class_auth.php in Limbo CMS 1.0.4.2, ...)
	NOT-FOR-US: Limbo CMS
CVE-2008-0733 (SQL injection vulnerability in index.php in CS Team Counter Strike ...)
	NOT-FOR-US: CS Team Counter Strike Portals
CVE-2007-6701 (Multiple stack-based buffer overflows in the Spooler service ...)
	NOT-FOR-US: Novell Client
CVE-2006-7231 (SQL injection vulnerability in display.asp in Civica Software Civica ...)
	NOT-FOR-US: Civica Software Civica
CVE-2003-1544 (Unrestricted critical resource lock in Terminal Services for Windows ...)
	NOT-FOR-US: Windows
CVE-2003-1543 (Cross-site scripting (XSS) vulnerability in Bajie Http Web Server ...)
	NOT-FOR-US: Bajie Http Web Server
CVE-2003-1542 (Directory traversal vulnerability in plugins/file.php in ...)
	NOT-FOR-US: phpWebFileManager
CVE-2003-1541 (PlanetMoon Guestbook tr3.a stores sensitive information under the web ...)
	NOT-FOR-US: PlanetMoon Guestbook
CVE-2003-1540 (WF-Chat 1.0 Beta stores sensitive information under the web root with ...)
	NOT-FOR-US: WF-Chat
CVE-2008-0732 (The init script for Apache Geronimo on SUSE Linux follows symlinks ...)
	NOT-FOR-US: Apache Geronimo
CVE-2008-0731 (The Linux kernel before 2.6.18.8-0.8 in SUSE openSUSE 10.2 does not ...)
	NOT-FOR-US: SuSE kernel/apparmor
CVE-2008-0730 (The (1) Simplified Chinese, (2) Traditional Chinese, (3) Korean, and ...)
	NOT-FOR-US: Sun Solaris
CVE-2008-0729 (Mobile Safari on Apple iPhone 1.1.2 and 1.1.3 allows remote attackers ...)
	NOT-FOR-US: Apple iPhone
CVE-2008-0728 (The unmew11 function in libclamav/mew.c in libclamav in ClamAV before ...)
	- clamav 0.92.1~dfsg-1
	[etch] - clamav <not-affected> (Vulnerable code not present)
CVE-2008-0727 (Multiple buffer overflows in oninit.exe in IBM Informix Dynamic Server ...)
	NOT-FOR-US: IBM Informix Dynamic Server
CVE-2008-0726 (Integer overflow in Adobe Reader and Acrobat 8.1.1 and earlier allows ...)
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2008-0725 (Multiple heap-based buffer overflows in the (1) FTP service and (2) ...)
	NOT-FOR-US: Titan FTP Server
CVE-2008-0724 (The Everything Development Engine in The Everything Development System ...)
	NOT-FOR-US: The Everything Development System
CVE-2008-0723 (Cross-site scripting (XSS) vulnerability in mynews.inc.php in MyNews ...)
	NOT-FOR-US: MyNews
CVE-2008-0722 (Cross-site scripting (XSS) vulnerability in index.php in Pagetool ...)
	NOT-FOR-US: Pagetool
CVE-2008-0721 (SQL injection vulnerability in index.php in the Sermon (com_sermon) ...)
	NOT-FOR-US: Sermon component for Mambo
CVE-2008-0720 (Cross-site scripting (XSS) vulnerability in Webmin 1.370 and 1.390 and ...)
	- webmin <removed>
CVE-2008-0719 (SQL injection vulnerability in customer_testimonials.php in the ...)
	NOT-FOR-US: osCommerce Online Merchant
CVE-2008-0718 (Unspecified vulnerability in the USB Mouse STREAMS module (usbms) in ...)
	NOT-FOR-US: Sun Solaris
CVE-2008-0717 (Cross-site scripting (XSS) vulnerability in Caching Proxy (CP) 5.1 ...)
	NOT-FOR-US: IBM WebSphere Edge Server
CVE-2008-0716 (The agent in Symantec Altiris Notification Server before 6.0 SP3 R7 ...)
	NOT-FOR-US: Symantec Altiris Notification Server
CVE-2008-0715 (Buffer overflow in ACDSee Photo Manager 8.1, 9.0, and 10.0 allows ...)
	NOT-FOR-US: ACDSee
CVE-2008-0714 (SQL injection vulnerability in users.php in Mihalism Multi Host allows ...)
	NOT-FOR-US: Mihalism Multi Host
CVE-2008-0713 (Unspecified vulnerability in the FTP server for HP-UX B.11.11, ...)
	NOT-FOR-US: HP-UX B
CVE-2008-0712 (Unspecified vulnerability in the HP HPeDiag (aka eSupportDiagnostics) ...)
	NOT-FOR-US: HP HPeDiag
CVE-2008-0711 (Unspecified vulnerability in the embedded management console in HP ...)
	NOT-FOR-US: HP iLO-2 management processors
CVE-2008-0710
	RESERVED
CVE-2008-0709 (Multiple unspecified vulnerabilities in HP Select Identity 4.00, 4.01, ...)
	NOT-FOR-US: HP Select Identity
CVE-2008-0708 (HP USB 2.0 Floppy Drive Key product options (1) 442084-B21 and (2) ...)
	NOT-FOR-US: HP USB 2.0 Floppy Drive Key
CVE-2008-0707 (HP StorageWorks Library and Tape Tools (LTT) before 4.5 SR1 on HP-UX ...)
	NOT-FOR-US: HP-UX
CVE-2008-0706 (Unspecified vulnerability in the BIOS F.26 and earlier for the HP ...)
	NOT-FOR-US: BIOS F.26
CVE-2008-0705
	RESERVED
CVE-2008-0704 (Unspecified vulnerability in the SSH server in HP OpenVMS TCP/IP ...)
	NOT-FOR-US: HP OpenVMS
CVE-2008-0703 (Multiple directory traversal vulnerabilities in sflog! 0.96 allow ...)
	NOT-FOR-US: sflog!
CVE-2008-0702 (Multiple heap-based buffer overflows in Titan FTP Server 6.03 and ...)
	NOT-FOR-US: Titan FTP Server
CVE-2008-0701 (ActivationHandler in Magnolia CE 3.5.x before 3.5.4 does not check ...)
	NOT-FOR-US: Magnolia CE
CVE-2008-0700 (Cross-site scripting (XSS) vulnerability in search.php in Crux ...)
	NOT-FOR-US: CruxCMS
CVE-2008-0699 (Unspecified vulnerability in the ADMIN_SP_C procedure ...)
	NOT-FOR-US: IBM DB2
CVE-2008-0698 (Buffer overflow in the DAS server in IBM DB2 UDB before 8.2 Fixpak 16 ...)
	NOT-FOR-US: IBM DB2
CVE-2008-0697 (Unspecified vulnerability in DB2PD in IBM DB2 UDB before 8.2 Fixpak 16 ...)
	NOT-FOR-US: IBM DB2
CVE-2008-0696 (IBM DB2 UDB before 8.2 Fixpak 16 does not properly check authorization ...)
	NOT-FOR-US: IBM DB2
CVE-2008-0695 (SQL injection vulnerability in index.php in BookmarkX script 2007 ...)
	NOT-FOR-US: BookmarkX
CVE-2008-0694 (Cross-site scripting (XSS) vulnerability in the HTTP Server in IBM ...)
	NOT-FOR-US: IBM OS/400 V5R3M0 and V5R4M0
CVE-2008-0693 (Stack-based buffer overflow in PQCore.exe in Print Manager Plus 2008 ...)
	NOT-FOR-US: Print Manager Plus
CVE-2008-0692 (SQL injection vulnerability in bidhistory.php in iTechBids 3 Gold and ...)
	NOT-FOR-US: iTechBids
CVE-2008-0691 (Multiple cross-site scripting (XSS) vulnerabilities in admin_panel.php ...)
	NOT-FOR-US: WP-Footnotes plugin for WordPress
CVE-2008-0690 (SQL injection vulnerability in index.php in the mosDirectory ...)
	NOT-FOR-US: mosDirectory component for Joomla!
CVE-2008-0689 (SQL injection vulnerability in index.php in the Marketplace ...)
	NOT-FOR-US: Marketplace component for Joomla!
CVE-2008-0688 (Cross-site scripting (XSS) vulnerability in catalog.php in Smartscript ...)
	NOT-FOR-US: Smartscript Domain Trader
CVE-2008-0687 (Cross-site scripting (XSS) vulnerability in ...)
	NOT-FOR-US: Youtube Clone Script
CVE-2008-0686 (SQL injection vulnerability in index.php in the NeoReferences ...)
	NOT-FOR-US: NeoReferences component for Joomla!
CVE-2008-0685 (SQL injection vulnerability in ViewCat.php in iTechClassifieds 3.0 ...)
	NOT-FOR-US: iTechClassifieds
CVE-2008-0684 (Cross-site scripting (XSS) vulnerability in ViewCat.php in ...)
	NOT-FOR-US: iTechClassifieds
CVE-2008-0683 (SQL injection vulnerability in shiftthis-preview.php in the ShiftThis ...)
	NOT-FOR-US: st_newsletter plugin for WordPress
CVE-2008-0682 (SQL injection vulnerability in wordspew-rss.php in the Wordspew plugin ...)
	NOT-FOR-US: Wordspew plugin for Wordpress
CVE-2008-0681 (SQL injection vulnerability in index.php in PHPShop 0.8.1 allows ...)
	NOT-FOR-US: PHPShop
CVE-2008-0680 (SNMPd in MicroTik RouterOS 3.2 and earlier allows remote attackers to ...)
	NOT-FOR-US: MicroTik RouterOS
CVE-2008-0679 (Cross-site scripting (XSS) vulnerability in index.php in BlogPHP 2.0 ...)
	NOT-FOR-US: BlogPHP
CVE-2008-0678 (SQL injection vulnerability in index.php in BlogPHP 2.0 allows remote ...)
	NOT-FOR-US: BlogPHP
CVE-2008-0677 (SQL injection vulnerability in blog.php in A-Blog 2 allows remote ...)
	NOT-FOR-US: A-Blog
CVE-2008-0676 (Cross-site scripting (XSS) vulnerability in search.php in A-Blog 2 ...)
	NOT-FOR-US: A-Blog
CVE-2008-0675 (SQL injection vulnerability in cms/index.pl in The Everything ...)
	NOT-FOR-US: Everything Development System
CVE-2008-0674 (Buffer overflow in PCRE before 7.6 allows remote attackers to execute ...)
	{DSA-1499-1 DTSA-115-1}
	- pcre3 7.6-1 (medium)
	- php5 <not-affected> (Uses sytem copy)
CVE-2008-0673 (TinTin++ 1.97.9 and WinTin++ 1.97.9 open files on the basis of an ...)
	- tintin++ 1.97.9-2 (low; bug #465643)
	[etch] - tintin++ <no-dsa> (Minor issue)
CVE-2008-0672 (The process_chat_input function in TinTin++ 1.97.9 and WinTin++ 1.97.9 ...)
	- tintin++ 1.97.9-2 (low; bug #465643)
	[etch] - tintin++ <no-dsa> (Minor issue)
CVE-2008-0671 (Stack-based buffer overflow in the add_line_buffer function in ...)
	- tintin++ 1.97.9-2 (medium; bug #465643)
	[etch] - tintin++ <no-dsa> (Minor issue)
CVE-2008-0670 (SQL injection vulnerability in index.php in the Noticias ...)
	NOT-FOR-US: Noticias component for Joomla!
CVE-2008-0669 (Cross-site scripting (XSS) vulnerability in search.cgi in Sift Unity ...)
	NOT-FOR-US: Sift Unity
CVE-2008-0668 (The excel_read_HLINK function in plugins/excel/ms-excel-read.c in ...)
	{DSA-1546-1}
	- gnumeric 1.8.1-1 (medium)
CVE-2008-0667 (The DOC.print function in the Adobe JavaScript API, as used by Adobe ...)
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2008-0663 (Novell Challenge Response Client (LCM) 2.7.5 and earlier, as used with ...)
	NOT-FOR-US: Novell Challenge Response Client
CVE-2008-0662 (The Auto Local Logon feature in Check Point VPN-1 ...)
	NOT-FOR-US: SecuRemote/SecureClient NGX R60 and R56
CVE-2008-0661 (Buffer overflow in dBpowerAMP Audio Player Release 2 allows remote ...)
	NOT-FOR-US: dBpowerAMP Audio Player
CVE-2008-0660 (Multiple stack-based buffer overflows in Aurigma Image Uploader ...)
	NOT-FOR-US: Aurigma Image Uploader
CVE-2008-0659 (Stack-based buffer overflow in Aurigma Image Uploader ActiveX control ...)
	NOT-FOR-US: Aurigma Image Uploader
CVE-2008-0658 (slapd/back-bdb/modrdn.c in the BDB backend for slapd in OpenLDAP ...)
	{DSA-1541-1}
	- openldap2.3 2.4.7-6.1 (low; bug #465875)
	- openldap2.2 <removed>
	- openldap2 <not-affected> (slapd not built from this version)
	NOTE: only authenticated users can exploit this
CVE-2008-0657 (Multiple unspecified vulnerabilities in the Java Runtime Environment ...)
	- sun-java6 6-02-1
	- sun-java5 1.5.0-14-1
	[etch] - sun-java5 <no-dsa> (Non-free not supported)
	[etch] - sun-java5 1.5.0-14-1etch1
CVE-2008-0656 (Unrestricted file upload vulnerability in dmclTrace.jsp in EMC ...)
	NOT-FOR-US: Documentum Administrator and Webtop
CVE-2008-0655 (Multiple unspecified vulnerabilities in Adobe Reader and Acrobat ...)
	NOT-FOR-US: Adobe Reader
CVE-2008-0654 (Multiple directory traversal vulnerabilities in Azucar CMS 1.3 allow ...)
	NOT-FOR-US: Azucar CMS
CVE-2008-0653 (SQL injection vulnerability in index.php in the Ynews (com_ynews) ...)
	NOT-FOR-US: Ynews component for Joomla!
CVE-2008-0652 (SQL injection vulnerability in index.php in the Downloads ...)
	NOT-FOR-US: Downloads for Mambo and Joomla!
CVE-2008-0651 (SQL injection vulnerability in login.php in Pedro Santana Codice CMS ...)
	NOT-FOR-US: Pedro Santana Codice CMS
CVE-2008-0650 (SQL injection vulnerability in login.php in Simple OS CMS 0.1c beta ...)
	NOT-FOR-US: Simple OS CMS
CVE-2008-0649 (SQL injection vulnerability in detail.php in Astanda Directory Project ...)
	NOT-FOR-US: Astanda Directory Project
CVE-2008-0648 (Multiple PHP remote file inclusion vulnerabilities in OpenSiteAdmin ...)
	NOT-FOR-US: OpenSiteAdmin
CVE-2008-0647 (Multiple stack-based buffer overflows in the ...)
	NOT-FOR-US: Ourgame GLWorld
CVE-2008-0646 (The bdecode_recursive function in include/libtorrent/bencode.hpp in ...)
	- deluge-torrent 0.5.8.3-1 (unknown; bug #463357)
CVE-2008-0645 (Multiple PHP remote file inclusion vulnerabilities in Portail Web Php ...)
	NOT-FOR-US: Portail Web Php
CVE-2008-0644 (Adobe ColdFusion MX 7 and ColdFusion 8 allows remote attackers to ...)
	NOT-FOR-US: Adobe ColdFusion
CVE-2008-0643 (Cross-site scripting (XSS) vulnerability in Adobe ColdFusion MX 7 and ...)
	NOT-FOR-US: Adobe ColdFusion
CVE-2008-0642 (Cross-site scripting (XSS) vulnerability in files created by Adobe ...)
	NOT-FOR-US: Adobe
CVE-2008-0808 (Cross-site scripting (XSS) vulnerability in the meta plugin in Ikiwiki ...)
	{DSA-1523-1}
	- ikiwiki 2.31.1 (low; bug #465110)
CVE-2008-0809 (Cross-site scripting (XSS) vulnerability in the htmlscrubber in ...)
	{DSA-1523-1}
	- ikiwiki 2.31.1 (low; bug #465110)
CVE-2008-0641
	RESERVED
CVE-2008-0640 (Symantec Ghost Solution Suite 1.1 before 1.1 patch 2, 2.0.0, and 2.0.1 ...)
	NOT-FOR-US: Symantec Ghost Solution Suite
CVE-2008-0639 (Stack-based buffer overflow in the EnumPrinters function in the ...)
	NOT-FOR-US: Novell Client
CVE-2008-0638 (Heap-based buffer overflow in the Veritas Enterprise Administrator ...)
	NOT-FOR-US: Veritas Enterprise Administrator service
CVE-2008-0637
	RESERVED
CVE-2008-0636 (Level Platforms, Inc. (LPI) Managed Workplace Service Center 4.x, 5.x ...)
	NOT-FOR-US: Managed Workplace Service Center
CVE-2008-0635 (Unspecified vulnerability in the delivery engine in Openads 2.4.0 ...)
	NOT-FOR-US: Openads
CVE-2008-0634 (Buffer overflow in the NamoInstaller.NamoInstall.1 ActiveX control in ...)
	NOT-FOR-US: NamoInstaller
CVE-2008-0633 (Buffer overflow in Anon Proxy Server 0.102 and earlier, when user ...)
	NOT-FOR-US: Anon Proxy Server
	NOTE: this is not anon-proxy
CVE-2008-0632 (Unrestricted file upload vulnerability in cp_upload_image.php in ...)
	NOT-FOR-US: LightBlog
CVE-2008-0631 (Multiple ActiveX controls in MailBee.dll in MailBee Objects 5.5 allow ...)
	NOT-FOR-US: MailBee Objects
CVE-2008-0630 (Buffer overflow in url.c in MPlayer 1.0rc2 and SVN before r25823 ...)
	{DSA-1496-1 DTSA-114-1}
	- mplayer 1.0~rc2-8 (medium; bug #464532)
CVE-2008-0629 (Buffer overflow in stream_cddb.c in MPlayer 1.0rc2 and SVN before ...)
	{DSA-1496-1 DTSA-114-1}
	- mplayer 1.0~rc2-8 (medium; bug #464533)
CVE-2008-0628 (The XML parsing code in Sun Java Runtime Environment JDK and JRE 6 ...)
	- sun-java6 6-04-1
	- sun-java5 <not-affected> (referring to sun this vulnerability is not present in java5)
CVE-2008-0627
	REJECTED
CVE-2008-0626
	REJECTED
CVE-2008-0625 (Buffer overflow in the MediaGrid ActiveX control (mediagrid.dll) in ...)
	NOT-FOR-US: Yahoo! Music Jukebox
CVE-2008-0624 (Buffer overflow in the YMP Datagrid ActiveX control (datagrid.dll) in ...)
	NOT-FOR-US: Yahoo! JukeBox
CVE-2008-0623 (Stack-based buffer overflow in the YMP Datagrid ActiveX control ...)
	NOT-FOR-US: Yahoo! JukeBox
CVE-2008-0622 (Cross-site scripting (XSS) vulnerability in RaidenHTTPD 2.0.19 and ...)
	NOT-FOR-US: RaidenHTTPD
CVE-2008-0621 (Buffer overflow in SAPLPD 6.28 and earlier included in SAP GUI 7.10 ...)
	NOT-FOR-US: SAP GUI
CVE-2008-0620 (SAPLPD 6.28 and earlier included in SAP GUI 7.10 and SAPSprint before ...)
	NOT-FOR-US: SAPSprint
CVE-2008-0619 (Buffer overflow in NeroMediaPlayer.exe in Nero Media Player 1.4.0.35 ...)
	NOT-FOR-US: Nero Media Player
CVE-2008-0618 (Multiple cross-site scripting (XSS) vulnerabilities in the ...)
	NOT-FOR-US: DMSGuestbook for wordpress
CVE-2008-0617 (Multiple cross-site scripting (XSS) vulnerabilities in the ...)
	NOT-FOR-US: DMSGuestbook for wordpress
CVE-2008-0616 (SQL injection vulnerability in the administration panel in the ...)
	NOT-FOR-US: DMSGuestbook for wordpress
CVE-2008-0615 (Directory traversal vulnerability in wp-admin/admin.php in the ...)
	NOT-FOR-US: DMSGuestbook for wordpress
CVE-2008-0614 (SQL injection vulnerability in index.php in Photokorn Gallery 1.543 ...)
	NOT-FOR-US: Photokorn Gallery
CVE-2008-0613 (Open redirect vulnerability in htdocs/user.php in XOOPS 2.0.18 allows ...)
	NOT-FOR-US: XOOPS
CVE-2008-0612 (Directory traversal vulnerability in htdocs/install/index.php in XOOPS ...)
	NOT-FOR-US: XOOPS
CVE-2008-0611 (SQL injection vulnerability in rmgs/images.php in the RMSOFT Gallery ...)
	NOT-FOR-US: RMSOFT Gallery module for XOOPS
CVE-2008-0610 (Stack-based buffer overflow in the ...)
	NOT-FOR-US: UltraVNC
CVE-2008-0609 (Directory traversal vulnerability in index.php in DivideConcept VHD ...)
	NOT-FOR-US: Web Pack 2.0
CVE-2008-0608 (The Logging Server (ftplogsrv.exe) 7.9.14.0 and earlier in IPSwitch ...)
	NOT-FOR-US: IPSwitch WS_FTP
CVE-2008-0607 (SQL injection vulnerability in index.php in the Sigsiu Online Business ...)
	NOT-FOR-US: Sigsiu Online Business Index 2 component for Joomla! and Mambo
CVE-2008-0606 (SQL injection vulnerability in index.php in the Shambo2 (com_shambo2) ...)
	NOT-FOR-US: Shambo2 component for Mambo and Joomla!
CVE-2008-0605 (Multiple cross-site scripting (XSS) vulnerabilities in AstroSoft ...)
	NOT-FOR-US: AstroSoft HelpDesk
CVE-2008-0604 (The LDAP authentication feature in XLight FTP Server before 2.83, when ...)
	NOT-FOR-US: XLight FTP Server
CVE-2008-0603 (SQL injection vulnerability in index.php in the amazOOP Awesom! ...)
	NOT-FOR-US: amazOOP Awesom! component for Mambo and Joomla!
CVE-2008-0602 (Directory traversal vulnerability in index.php in All Club CMS (ACCMS) ...)
	NOT-FOR-US: All Club CMS (ACCMS)
CVE-2008-0601 (SQL injection vulnerability in index.php in All Club CMS (ACCMS) ...)
	NOT-FOR-US: All Club CMS (ACCMS)
CVE-2008-0600 (The vmsplice_to_pipe function in Linux kernel 2.6.17 through 2.6.24.1 ...)
	{DSA-1494-1 DTSA-113-1}
	- linux-2.6 2.6.24-4 (high)
	- linux-2.6.24 <not-affected> (Fixed before initial upload, in 2.6.24-4 of linux-2.6)
CVE-2008-0599 (The init_request_info function in sapi/cgi/cgi_main.c in PHP before ...)
	{DTSA-135-1}
	- php5 5.2.6-1
	[etch] - php5 <not-affected> (Vulnerable code not yet present, introduced in 5.2.3)
	[etch] - php4 <not-affected> (Vulnerable code not yet present, introduced in 5.2.3)
CVE-2008-0598 (Unspecified vulnerability in the 32-bit and 64-bit emulation in the ...)
	{DSA-1630-1}
	- linux-2.6 2.6.26-4 (bug #490910)
	- linux-2.6.24 2.6.24-6~etchnhalf.4
CVE-2008-0597 (Use-after-free vulnerability in CUPS before 1.1.22, and possibly other ...)
	- cupsys 1.2.1-1
	- cups <not-affected> (Vulnerable code not present)
	NOTE: (mimeDeleteType included since 1.2.x
	NOTE: according to maintainer, applies to 1.1.x series only. exact fixed
	NOTE: version in 1.1 unknown but irrelevant. cups package never had 1.1
	NOTE: versions in Debian.
CVE-2008-0596 (Memory leak in CUPS before 1.1.22, and possibly other versions, allows ...)
	- cupsys 1.2.1-1
	- cups <not-affected> (Vulnerable code not present)
	NOTE: see CVE-2008-0597
CVE-2008-0595 (dbus-daemon in D-Bus before 1.0.3, and 1.1.x before 1.1.20, recognizes ...)
	{DSA-1599-1}
	- dbus 1.1.20-1
CVE-2008-0594 (Mozilla Firefox before 2.0.0.12 does not always display a web forgery ...)
	{DSA-1506-1 DSA-1489-1 DSA-1485-2 DSA-1484-1}
	- iceweasel 2.0.0.12-1
	- xulrunner 1.8.1.12-1
CVE-2008-0593 (Gecko-based browsers, including Mozilla Firefox before 2.0.0.12 and ...)
	{DSA-1506-1 DSA-1489-1 DSA-1485-2 DSA-1484-1}
	- iceweasel 2.0.0.12-1
	- xulrunner 1.8.1.12-1
	- iceape 1.1.8-1
CVE-2008-0592 (Mozilla Firefox before 2.0.0.12 and SeaMonkey before 1.1.8 allows ...)
	{DSA-1506-1 DSA-1489-1 DSA-1485-2 DSA-1484-1}
	- iceweasel 2.0.0.12-1
	- xulrunner 1.8.1.12-1
	- iceape 1.1.8-1
CVE-2008-0591 (Mozilla Firefox before 2.0.0.12 and Thunderbird before 2.0.0.12 does ...)
	{DSA-1506-1 DSA-1489-1 DSA-1484-1}
	- iceweasel 2.0.0.12-1
	- xulrunner 1.8.1.12-1
CVE-2008-0590 (Buffer overflow in Ipswitch WS_FTP Server with SSH 6.1.0.0 allows ...)
	NOT-FOR-US: WS_FTP Server with SSH
CVE-2008-0589 (The ps program in bos.rte.control in IBM AIX 5.2, 5.3, and 6.1 allows ...)
	NOT-FOR-US: IBM AIX
CVE-2008-0588 (Buffer overflow in the utape program in devices.scsi.tape.diag in IBM ...)
	NOT-FOR-US: IBM AIX
CVE-2008-0587 (Buffer overflow in the uspchrp program in devices.chrp.base.diag in ...)
	NOT-FOR-US: IBM AIX
CVE-2008-0586 (Multiple buffer overflows in IBM AIX 5.2 and 5.3 allow local users to ...)
	NOT-FOR-US: IBM AIX
CVE-2008-0585 (sysmgt.websm.webaccess in IBM AIX 5.2 and 5.3 has world writable ...)
	NOT-FOR-US: IBM AIX
CVE-2008-0584 (Multiple buffer overflows in bos.rte.control in IBM AIX 5.2 and 5.3 ...)
	NOT-FOR-US: IBM AIX
CVE-2008-0583 (Cross-zone scripting vulnerability in the Internet Explorer web ...)
	NOT-FOR-US: Skype
CVE-2008-0582 (Cross-zone scripting vulnerability in the Internet Explorer web ...)
	NOT-FOR-US: Skype
CVE-2008-0581 (Geert Moernaut LSrunasE allows local users to gain privileges by ...)
	NOT-FOR-US: LSrunasE
CVE-2008-0580 (Geert Moernaut LSrunasE and Supercrypt use an encryption key composed ...)
	NOT-FOR-US: LSrunasE and Supercrypt
CVE-2008-0579 (SQL injection vulnerability in index.php in the buslicense ...)
	NOT-FOR-US: buslicense component for Joomla!
CVE-2008-0578 (Cross-site scripting (XSS) vulnerability in the web management login ...)
	NOT-FOR-US: Tripwire Enterprise/Server Management Web Interface
CVE-2008-0577 (The Project Issue Tracking module 5.x-2.x-dev before 20080130 in the ...)
	NOT-FOR-US: Project Issue Tracking module for Drupal
CVE-2008-0576 (Cross-site scripting (XSS) vulnerability in the Project Issue Tracking ...)
	NOT-FOR-US: Project Issue Tracking module for Drupal
CVE-2008-0575 (Cross-site request forgery (CSRF) vulnerability in ...)
	NOT-FOR-US: webSPELL
CVE-2008-0574 (Cross-site scripting (XSS) vulnerability in index.php in webSPELL ...)
	NOT-FOR-US: webSPELL
CVE-2008-0573 (IPSecDrv.sys 10.4.0.12 in SafeNET HighAssurance Remote and SoftRemote ...)
	NOT-FOR-US: SafeNET HighAssurance Remote and SoftRemote
CVE-2008-0572 (Multiple PHP remote file inclusion vulnerabilities in Mindmeld ...)
	NOT-FOR-US: Mindmeld
CVE-2008-0571 (The point moderation form in the Userpoints 4.7.x before 4.7.x-2.3, ...)
	NOT-FOR-US: Userpoints module for Drupal
CVE-2008-0570 (The OpenID 5.x-1.0 and earlier module for Drupal does not properly ...)
	NOT-FOR-US: OpenID module for Drupal
CVE-2008-0569 (The Comment Upload 4.7.x before 4.7.x-0.1 and 5.x before 5.x-0.1 ...)
	NOT-FOR-US: Comment upload module for Drupal
CVE-2008-0568 (Unspecified vulnerability in the IP-authentication feature in the ...)
	NOT-FOR-US: Secure Site module for Drupal
CVE-2008-0567 (Multiple PHP remote file inclusion vulnerabilities in ChronoEngine ...)
	NOT-FOR-US: ChronoEngine ChronoForms component for Joomla!
CVE-2008-0566 (PHP remote file inclusion vulnerability in includes/smarty.php in ...)
	NOT-FOR-US: DeltaScripts PHP Links
CVE-2008-0565 (SQL injection vulnerability in vote.php in DeltaScripts PHP Links 1.3 ...)
	NOT-FOR-US: DeltaScripts PHP Links
CVE-2008-0563 (Cross-site request forgery (CSRF) vulnerability in ...)
	NOT-FOR-US: Liferay Portal
CVE-2008-0562 (SQL injection vulnerability in index.php in the Restaurant ...)
	NOT-FOR-US: Restaurant component for Mambo and Joomla!
CVE-2008-0561 (SQL injection vulnerability in index.php in the Arthur Konze ...)
	NOT-FOR-US: AkoGallery component for Mambo and Joomla!
CVE-2008-0560 (** DISPUTED ** ...)
	NOT-FOR-US: cforms wordpress plugin
CVE-2008-0559 (Multiple directory traversal vulnerabilities in Nilson's Blogger 0.11 ...)
	NOT-FOR-US: cforms wordpress plugin
CVE-2008-0558 (Cross-site scripting (XSS) vulnerability in Uniwin eCart Professional ...)
	NOT-FOR-US: Uniwin eCart Professiona
CVE-2008-0557 (SQL injection vulnerability in index.php in the CatalogShop ...)
	NOT-FOR-US: CatalogShop componenent for Mambo and Joomla!
CVE-2008-0556 (Cross-site request forgery (CSRF) vulnerability in OpenCA PKI 0.9.2.5, ...)
	NOT-FOR-US: OpenCA PKI Project
CVE-2008-0555 (The ExpandCert function in Apache-SSL before apache_1.3.41+ssl_1.59 ...)
	- apache <removed>
	[etch] - apache <no-dsa> (only exploitable in very specific setups)
	NOTE: Only affects the apache-ssl package, not apache or apache-perl.
	NOTE: Only relevant if the attacker can get a CA that is trusted by the server
	NOTE: to sign client certs with arbitrary CN, but cannot influence the contents
	NOTE: of the other DN fields.
	NOTE: OTOH, the configuration used in Debian's apache-ssl 1.55 (per-dir
	NOTE: ssl-renegotiation switched off), has obviously not been tested by upstream
	NOTE: with 1.59 (it doesn't even compile).
	NOTE: Also, upstream's fix breaks API/ABI compatibility in some corner cases.
	NOTE: While these cases are not really supported by Debian, all in all the low
	NOTE: severity of the issue is not in proportion to the risk of breaking something
	NOTE: with the fix.
CVE-2008-0552 (Cross-site scripting (XSS) vulnerability in index.php in eTicket ...)
	NOT-FOR-US: eTicket
CVE-2008-0551 (The NamoInstaller.NamoInstall.1 ActiveX control in NamoInstaller.dll ...)
	NOT-FOR-US: Namo Web Editor
CVE-2008-0550 (Off-by-one error in Steamcast 0.9.75 and earlier allows remote ...)
	NOT-FOR-US: Steamcast
CVE-2008-0549 (Integer overflow in the OggHeaderParse function in Steamcast 0.9.75 ...)
	NOT-FOR-US: Steamcast
CVE-2008-0548 (Steamcast 0.9.75 and earlier allows remote attackers to cause a denial ...)
	NOT-FOR-US: Steamcast
CVE-2008-0547 (Cross-site scripting (XSS) vulnerability in ...)
	NOT-FOR-US: CandyPress
CVE-2008-0546 (Multiple SQL injection vulnerabilities in CandyPress (CP) 4.1.1.26, ...)
	NOT-FOR-US: CandyPress
CVE-2008-0545 (Multiple directory traversal vulnerabilities in Bubbling Library 1.32 ...)
	NOT-FOR-US: Bubbling Library
CVE-2008-0543 (Multiple SQL injection vulnerabilities in Pre Dynamic Institution ...)
	NOT-FOR-US: Pre Dynamic Institution
CVE-2008-0542 (Directory traversal vulnerability in thumbnail.php in Gerd Tentler ...)
	NOT-FOR-US: Simple Forum
CVE-2008-0541 (Multiple cross-site scripting (XSS) vulnerabilities in forum.php in ...)
	NOT-FOR-US: Simple Forum
CVE-2008-0540 (Multiple cross-site scripting (XSS) vulnerabilities in trixbox 2.4.2.0 ...)
	NOT-FOR-US: trixbox
CVE-2008-0539 (Cross-site scripting (XSS) vulnerability in dms/policy/rep_request.php ...)
	NOT-FOR-US: F5 BIG-IP Application Security Manager
CVE-2008-0538 (Multiple SQL injection vulnerabilities in phpIP Management 4.3.2 allow ...)
	NOT-FOR-US: phpIP Management
CVE-2008-0537 (Unspecified vulnerability in the Supervisor Engine 32 (Sup32), ...)
	NOT-FOR-US: Cisco
CVE-2008-0536 (Unspecified vulnerability in the SSH server in (1) Cisco Service ...)
	NOT-FOR-US: Cisco
CVE-2008-0535 (Unspecified vulnerability in the SSH server in (1) Cisco Service ...)
	NOT-FOR-US: Cisco
CVE-2008-0534 (The SSH server in (1) Cisco Service Control Engine (SCE) before 3.1.6, ...)
	NOT-FOR-US: Cisco
CVE-2008-0533 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
	NOT-FOR-US: Cisco ACS
CVE-2008-0532 (Multiple buffer overflows in securecgi-bin/CSuserCGI.exe in ...)
	NOT-FOR-US: Cisco ACS
CVE-2008-0531 (Heap-based buffer overflow in Cisco Unified IP Phone 7940, 7940G, ...)
	NOT-FOR-US: Cisco
CVE-2008-0530 (Buffer overflow in Cisco Unified IP Phone 7940, 7940G, 7960, and 7960G ...)
	NOT-FOR-US: Cisco
CVE-2008-0529 (Buffer overflow in the telnet server in Cisco Unified IP Phone 7906G, ...)
	NOT-FOR-US: Cisco
CVE-2008-0528 (Buffer overflow in Cisco Unified IP Phone 7940, 7940G, 7960, and 7960G ...)
	NOT-FOR-US: Cisco
CVE-2008-0527 (The HTTP server in Cisco Unified IP Phone 7935 and 7936 running SCCP ...)
	NOT-FOR-US: Cisco
CVE-2008-0526 (Cisco Unified IP Phone 7940, 7940G, 7960, and 7960G running SCCP ...)
	NOT-FOR-US: Cisco
CVE-2008-0525 (PatchLink Update client for Unix, as used by Novell ZENworks Patch ...)
	NOT-FOR-US: PatchLink Update client for Unix
CVE-2008-0524 (Cross-site request forgery (CSRF) vulnerability in the management ...)
	NOT-FOR-US: Yamaha router firmware
CVE-2008-0523 (Multiple cross-site scripting (XSS) vulnerabilities in SoftCart.exe in ...)
	NOT-FOR-US: SoftCart
CVE-2008-0522 (Cross-site scripting (XSS) vulnerability in multiple Hal Networks ...)
	NOT-FOR-US: Hal Networks shopping-cart products
CVE-2008-0521 (Multiple directory traversal vulnerabilities in Bubbling Library 1.32 ...)
	NOT-FOR-US: Bubbling Library
CVE-2008-0520 (Multiple SQL injection vulnerabilities in main.php in the WassUp ...)
	NOT-FOR-US: WassUp plugin for WordPress
CVE-2008-0519 (SQL injection vulnerability in index.php in the Atapin Jokes ...)
	NOT-FOR-US: Atapin Jokes component for Mambo and Joomla!
CVE-2008-0518 (SQL injection vulnerability in index.php in the Recipes (com_recipes) ...)
	NOT-FOR-US: Recipes component for Mambo and Joomla!
CVE-2008-0517 (SQL injection vulnerability in index.php in the Darko Selesi ...)
	NOT-FOR-US: EstateAgent component for Mambo and Joomla!
CVE-2008-0516 (PHP remote file inclusion vulnerability in spaw/dialogs/confirm.php in ...)
	NOT-FOR-US: SQLiteManager
CVE-2008-0515 (SQL injection vulnerability in index.php in the musepoes ...)
	NOT-FOR-US: musepoes component for Mambo and Joomla!
CVE-2008-0514 (SQL injection vulnerability in index.php in the Glossary ...)
	NOT-FOR-US: Glossary component for Mambo and Joomla!
CVE-2008-0513 (Directory traversal vulnerability in ...)
	NOT-FOR-US: phpCMS
CVE-2008-0512 (SQL injection vulnerability in index.php in the fq (com_fq) component ...)
	NOT-FOR-US: fq component for Mambo and Joomla!
CVE-2008-0511 (SQL injection vulnerability in index.php in the MaMML (com_mamml) ...)
	NOT-FOR-US: MaMML component for Mambo and Joomla!
CVE-2008-0510 (SQL injection vulnerability in index.php in the Newsletter ...)
	NOT-FOR-US: Newsletter component for Mambo and Joomla!
CVE-2008-0509 (Multiple buffer overflows in IBM AIX 4.3 allow remote attackers to ...)
	NOT-FOR-US: IBM AIX
CVE-2008-0508 (Cross-site request forgery (CSRF) vulnerability in ...)
	NOT-FOR-US: Dean's Permalinks Migration plugin for WordPress
CVE-2008-0507 (SQL injection vulnerability in adclick.php in the AdServe 0.2 plugin ...)
	NOT-FOR-US: AdServe plugin for WordPress
CVE-2008-0506 (include/imageObjectIM.class.php in Coppermine Photo Gallery (CPG) ...)
	NOT-FOR-US: Coppermine Photo Gallery
CVE-2008-0505 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
	NOT-FOR-US: Coppermine Photo Gallery
CVE-2008-0504 (Multiple SQL injection vulnerabilities in Coppermine Photo Gallery ...)
	NOT-FOR-US: Coppermine Photo Gallery
CVE-2008-0503 (Eval injection vulnerability in admin/op/disp.php in Netwerk Smart ...)
	NOT-FOR-US: Netwerk Smart Publisher
CVE-2008-0502 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: Connectix Boards
CVE-2007-6700 (Cross-site scripting (XSS) vulnerability in cgi-bin/bgplg in the web ...)
	NOT-FOR-US: web interface for the BGPD daemon
CVE-2007-6699 (Multiple buffer overflows in the AIM PicEditor 9.5.1.8 ActiveX control ...)
	NOT-FOR-US: AIM PicEditor
CVE-2007-6698 (The BDB backend for slapd in OpenLDAP before 2.3.36 allows remote ...)
	{DSA-1541-1}
	- openldap2.3 2.3.38-1
	- openldap2.2 <removed>
	- openldap2 <not-affected> (slapd not built)
CVE-2007-6696 (Multiple cross-site scripting (XSS) vulnerabilities in WebCalendar ...)
	- webcalendar 1.1.6-7 (bug #466935)
	[lenny] - webcalendar <not-affected> (See http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=466935#37)
CVE-2007-6695 (Cross-site scripting (XSS) vulnerability in index.php in Drake CMS ...)
	NOT-FOR-US: Drake CMS
CVE-2008-0664 (The XML-RPC implementation (xmlrpc.php) in WordPress before 2.3.3, ...)
	{DSA-1601-1}
	- wordpress 2.3.3-1 (medium; bug #464170)
	NOTE: The blog has to provide user accounts
	NOTE: A crafted XML-RPC request referring to a valid user can exploit this
	TODO: check if packages embedding xmlrpc share this code
CVE-2008-0553 (Stack-based buffer overflow in the ReadImage function in tkImgGIF.c in ...)
	{DSA-1598-1 DSA-1491-1 DSA-1490-1 DTSA-140-1}
	- tk8.5 8.5.0-3
	- tk8.4 8.4.17-2
	- tk8.3 8.3.5-12
	- libtk-img 1:1.3-release-7 (bug #485785)
CVE-2008-0554 (Buffer overflow in the readImageData function in giftopnm.c in netpbm ...)
	{DSA-1579-1}
	- netpbm-free 10.0-11.1 (medium; bug #464056)
CVE-2008-0564 (Multiple cross-site scripting (XSS) vulnerabilities in Mailman before ...)
	- mailman 1:2.1.10~b3-1 (low)
	[etch] - mailman <no-dsa> (Minor issue)
	[sarge] - mailman <no-dsa> (Minor issue)
	NOTE: Someone authenticated as list admin can insert malicious script
	NOTE: into list templates. This already consists of a high degree of
	NOTE: control over the mailinglist, so not a very important issue.
	NOTE: This enhances the fix for CVE-2006-3636.
	NOTE: http://mail.python.org/pipermail/mailman-announce/2008-February/000095.html
CVE-2008-0665 (wml_backend/p1_ipp/ipp.src in Website META Language (WML) 2.0.11 ...)
	{DSA-1492-1}
	- wml 2.0.11-3.1 (low; bug #463907)
	[sarge] - wml <not-affected> (Vulnerable code is patched to use mkdtemp)
CVE-2008-0666 (Website META Language (WML) 2.0.11 allows local users to overwrite ...)
	{DSA-1492-1}
	- wml 2.0.11-3.1 (low; bug #463907)
	[sarge] - wml <not-affected> (Vulnerable code is patched to use mkdtemp)
CVE-2008-0501 (Directory traversal vulnerability in phpMyClub 0.0.1 allows remote ...)
	NOT-FOR-US: phpMyClub
CVE-2008-0500 (Multiple unspecified vulnerabilities in Mambo LaiThai 4.5.5 have ...)
	NOT-FOR-US: MamboXChange LaiThai
CVE-2008-0499 (SQL injection vulnerability in Mambo LaiThai 4.5.5 allows remote ...)
	NOT-FOR-US: MamboXChange LaiThai
CVE-2008-0498 (SQL injection vulnerability in main_bigware_53.tpl.php in Bigware Shop ...)
	NOT-FOR-US: Bigware Shop
CVE-2008-0497 (Cross-site scripting (XSS) vulnerability in action.php in Nucleus CMS ...)
	NOT-FOR-US: Nucleus CMS
CVE-2008-0496 (Cross-site scripting (XSS) vulnerability in index.php in AmpJuke 0.7.0 ...)
	NOT-FOR-US: AmpJuke
CVE-2008-0495 (Unspecified vulnerability in the Pegasus CIM Server in IBM Hardware ...)
	NOT-FOR-US: Pegasus CIM Server
CVE-2008-0494 (Cross-site scripting (XSS) vulnerability in vpnum/userslist.php in ...)
	NOT-FOR-US: Endian Firewall
CVE-2008-0493 (fpx.dll 3.9.8.0 in the FlashPix plugin for IrfanView 4.10 allows ...)
	NOT-FOR-US: FlashPix plugin for IrfanView
CVE-2008-0492 (Stack-based buffer overflow in the Persits.XUpload.2 ActiveX control ...)
	NOT-FOR-US: Persits XUpload
CVE-2008-0491 (SQL injection vulnerability in fim_rss.php in the fGallery 2.4.1 ...)
	NOT-FOR-US: fGallery for WordPress
CVE-2008-0490 (SQL injection vulnerability in functions/editevent.php in the WP-Cal ...)
	NOT-FOR-US: WP-Cal plugin for WordPress
CVE-2008-0489 (Directory traversal vulnerability in install.php in Clansphere ...)
	NOT-FOR-US: Clansphere
CVE-2008-0488 (Directory traversal vulnerability in tseekdir.cgi in VB Marketing ...)
	NOT-FOR-US: VB Marketing
CVE-2008-0487 (Multiple SQL injection vulnerabilities in login.asp in ASPired2Protect ...)
	NOT-FOR-US: ASPired2Protect
CVE-2008-0486 (Array index vulnerability in libmpdemux/demux_audio.c in MPlayer ...)
	{DSA-1536-1 DSA-1496-1 DTSA-114-1}
	- mplayer 1.0~rc2-8 (bug #464060)
	- xine-lib 1.1.10.1-1 (bug #464696)
	[sarge] - xine-lib <not-affected> (Vulnerable code not present)
CVE-2008-0485 (Array index error in libmpdemux/demux_mov.c in MPlayer 1.0 rc2 and ...)
	{DSA-1496-1 DTSA-114-1}
	- mplayer 1.0~rc2-8 (bug #464060)
CVE-2008-0484
	RESERVED
CVE-2008-0483
	RESERVED
CVE-2008-0482
	RESERVED
CVE-2008-0481 (Directory traversal vulnerability in RTE_file_browser.asp in Web Wiz ...)
	NOT-FOR-US: Web Wiz Rich Text Editor
CVE-2008-0480 (Multiple directory traversal vulnerabilities in Web Wiz Forums 9.07 ...)
	NOT-FOR-US: Web Wiz Forums
CVE-2008-0479 (Directory traversal vulnerability in RTE_file_browser.asp in Web Wiz ...)
	NOT-FOR-US: Web Wiz NewsPad
CVE-2008-0478 (Directory traversal vulnerability in index.php in SetCMS 3.6.5 allows ...)
	NOT-FOR-US: SetCMS
CVE-2008-0477 (Stack-based buffer overflow in the QMPUpgrade.Upgrade.1 ActiveX ...)
	NOT-FOR-US: Move Networks Upgrade Manager
CVE-2008-0476 (ManageEngine Applications Manager 8.1 build 8100 does not check ...)
	NOT-FOR-US: ManageEngine Applications Manager
CVE-2008-0475 (ManageEngine Applications Manager 8.1 build 8100 allows remote ...)
	NOT-FOR-US: ManageEngine Applications Manager
CVE-2008-0474 (Multiple cross-site scripting (XSS) vulnerabilities in ManageEngine ...)
	NOT-FOR-US: ManageEngine Applications Manager
CVE-2008-0473 (RTE_popup_save_file.asp in Web Wiz Rich Text Editor 4.0 allows remote ...)
	NOT-FOR-US: Web Wiz Rich Text Editor
CVE-2008-0472 (Cross-site request forgery (CSRF) vulnerability in modcp.php in ...)
	NOT-FOR-US: Woltlab Burning Board
CVE-2008-0471 (Cross-site request forgery (CSRF) vulnerability in privmsg.php in ...)
	{DSA-1488-1}
	- phpbb2 2.0.22-3 (low; bug #463589)
CVE-2008-0470 (A certain ActiveX control in Comodo AntiVirus 2.0 allows remote ...)
	NOT-FOR-US: Comodo AntiVirus
CVE-2008-0469 (SQL injection vulnerability in index.php in Tiger Php News System ...)
	NOT-FOR-US: Tiger Php News System
CVE-2008-0468 (SQL injection vulnerability in category.php in Flinx 1.3 and earlier ...)
	NOT-FOR-US: Flinx
CVE-2008-0467 (Stack-based buffer overflow in Firebird before 2.0.4, and 2.1.x before ...)
	- firebird2 <removed>
	[etch] - firebird2 <no-dsa> (Fixed packages have been released through backports.org, see #1529)
	- firebird2.0 2.0.3.12981.ds1-5 (medium; bug #463596)
CVE-2008-0466 (Web Wiz RTE_file_browser.asp in, as used in Web Wiz Rich Text Editor ...)
	NOT-FOR-US: Web Wiz Rich Text Editor
CVE-2008-0465 (Directory traversal vulnerability in optimizer.php in Seagull 0.6.3 ...)
	NOT-FOR-US: Seagull
CVE-2008-0464 (Directory traversal vulnerability in archiv.cgi in absofort aconon ...)
	NOT-FOR-US: aconon Mail Enterprise SQL
CVE-2008-0463 (Cross-site scripting (XSS) vulnerability in the Workflow 4.7.x before ...)
	NOT-FOR-US: Workflow module for Drupal
CVE-2008-0462 (Cross-site scripting (XSS) vulnerability in the Archive 5.x before ...)
	NOT-FOR-US: Archive module for Drupal
CVE-2008-0461 (SQL injection vulnerability in index.php in the Search module in ...)
	NOT-FOR-US: PHP-Nuke
CVE-2008-0460 (Cross-site scripting (XSS) vulnerability in api.php in (1) MediaWiki ...)
	- mediawiki 1:1.11.1-1 (low)
	[etch] - mediawiki <not-affected> (Doesn't include API functionality)
CVE-2008-0459 (Directory traversal vulnerability in update/index.php in Liquid-Silver ...)
	NOT-FOR-US: Liquit-Silver CMS
CVE-2008-0458 (Directory traversal vulnerability in function/sources.php in SLAED CMS ...)
	NOT-FOR-US: SLAED CMS
CVE-2008-0457 (Unrestricted file upload vulnerability in the FileUpload class running ...)
	NOT-FOR-US: Symantec LiveState Apache Tomcat server
CVE-2008-0456 (CRLF injection vulnerability in the mod_negotiation module in the ...)
	- apache <unfixed> (unimportant)
	- apache2 <unfixed> (unimportant)
	NOTE: This is only relevant if an attacker can upload files with arbitrary names
	NOTE: but not with arbitrary contents.
CVE-2008-0455 (Cross-site scripting (XSS) vulnerability in the mod_negotiation module ...)
	- apache <unfixed> (unimportant)
	- apache2 <unfixed> (unimportant)
	NOTE: This is only relevant if an attacker can upload files with arbitrary names
	NOTE: but not with arbitrary contents.
CVE-2008-0454 (Cross-zone scripting vulnerability in the Internet Explorer web ...)
	NOT-FOR-US: Skype
CVE-2008-0453 (SQL injection vulnerability in list.php in Easysitenetwork Recipe ...)
	NOT-FOR-US: Easysitenetwork Recipe
CVE-2008-0452 (Directory traversal vulnerability in articles.php in Siteman 1.1.9 ...)
	NOT-FOR-US: Siteman
CVE-2008-0451 (Multiple SQL injection vulnerabilities in PacerCMS 0.6 allow remote ...)
	NOT-FOR-US: PacerCMS
CVE-2008-0450 (Multiple PHP remote file inclusion vulnerabilities in BLOG:CMS 4.2.1.c ...)
	NOT-FOR-US: BLOG:CMS
CVE-2008-0449 (SQL injection vulnerability in paypalresult.asp in VP-ASP Shopping ...)
	NOT-FOR-US: VP-ASP Shopping Cart
CVE-2008-0448 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: phpSearch
CVE-2008-0447 (SQL injection vulnerability in index.php in Foojan WMS PHP Weblog 1.0 ...)
	NOT-FOR-US: Foojan WMS PHP Weblog
CVE-2008-0446 (SQL injection vulnerability in voircom.php in LulieBlog 1.02 allows ...)
	NOT-FOR-US: Foojan WMS PHP Weblog
CVE-2008-0445 (The replace_inline_img function in elogd in Electronic Logbook (ELOG) ...)
	- elog <removed> (low; bug #463600)
CVE-2008-0444 (Cross-site scripting (XSS) vulnerability in Electronic Logbook (ELOG) ...)
	- elog <removed> (low; bug #463600)
CVE-2008-0443 (Heap-based buffer overflow in the FileUploader.FUploadCtl.1 ActiveX ...)
	NOT-FOR-US: Lycos FileUploader Module
CVE-2008-0442 (PHP remote file inclusion vulnerability in inc/linkbar.php in Small ...)
	NOT-FOR-US: Small Axe Weblog
CVE-2008-0441 (IBM Tivoli Business Service Manager (TBSM) 4.1.1 stores passwords in ...)
	NOT-FOR-US: IBM Tivoli Business Service Manager
CVE-2008-0440 (AlstraSoft Forum Pay Per Post Exchange 2.0 stores passwords in ...)
	NOT-FOR-US: AlstraSoft Forum Pay Per Post Exchange
CVE-2008-0439 (Cross-site scripting (XSS) vulnerability in ...)
	NOT-FOR-US: DeluxeBB
CVE-2008-0438 (Cross-site scripting (XSS) vulnerability in the font rendering ...)
	NOT-FOR-US: Novemberborn sIFR
CVE-2008-0437 (Multiple buffer overflows in the WebHPVCInstall.HPVirtualRooms14 ...)
	NOT-FOR-US: HP Virtual Rooms
CVE-2008-0436 (Cross-site scripting (XSS) vulnerability in profile-upload/upload.asp ...)
	NOT-FOR-US: PD9 Software MegaBBS
CVE-2008-0435 (Directory traversal vulnerability in index.php in OZJournals 2.1.1 ...)
	NOT-FOR-US: OZJournals
CVE-2008-0434 (Format string vulnerability in the AXIMilter module in AXIGEN Mail ...)
	NOT-FOR-US: AXIGEN Mail Server
CVE-2008-0433 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: Agares Media phpAutoVideo
CVE-2008-0432 (Cross-site scripting (XSS) vulnerability in index.php in phpAutoVideo ...)
	NOT-FOR-US: Agares Media phpAutoVideo
CVE-2008-0431 (Directory traversal vulnerability in administrator/download.php in ...)
	NOT-FOR-US: IDMOS
CVE-2008-0430 (SQL injection vulnerability in form.php in 360 Web Manager 3.0 allows ...)
	NOT-FOR-US: 360 Web Manager
CVE-2008-0429 (SQL injection vulnerability in index.php in AlstraSoft Forum Pay Per ...)
	NOT-FOR-US: AlstraSoft Forum Pay Per Post Exchange
CVE-2008-0428 (Multiple SQL injection vulnerabilities in the login function in ...)
	NOT-FOR-US: bloofoxCMS
CVE-2008-0427 (Directory traversal vulnerability in file.php in bloofoxCMS 0.3 allows ...)
	NOT-FOR-US: bloofoxCMS
CVE-2008-0426 (Multiple cross-site scripting (XSS) vulnerabilities in submit.php in ...)
	NOT-FOR-US: PacerCMS
CVE-2008-0425 (Absolute path traversal vulnerability in explorerdir.php in Frimousse ...)
	NOT-FOR-US: Frimousse
CVE-2008-0424 (SQL injection vulnerability in blog.php in Mooseguy Blog System (MGBS) ...)
	NOT-FOR-US: Mooseguy Blog System
CVE-2008-0423 (Multiple PHP remote file inclusion vulnerabilities in Lama Software ...)
	NOT-FOR-US: Lama Software
CVE-2008-0422 (SQL injection vulnerability in mail.php in boastMachine (aka bMachine) ...)
	NOT-FOR-US: bMachine
CVE-2008-0421 (SQL injection vulnerability in Invision Gallery 2.0.7 and earlier ...)
	NOT-FOR-US: Invision Gallery
CVE-2008-0420 (modules/libpr0n/decoders/bmp/nsBMPDecoder.cpp in Mozilla Firefox ...)
	{DSA-1534-1 DSA-1484-1}
	- iceape 1.1.8-1
	- iceweasel 2.0.0.12-1
	- xulrunner 1.8.1.12-1
	NOTE: The initial advisory claimed Thunderbird/Icedove were vulnerable, but clarified
	NOTE: later, see http://www.mozilla.org/security/announce/2008/mfsa2008-07.html
CVE-2008-0419 (Mozilla Firefox before 2.0.0.12 and SeaMonkey before 1.1.8 allows ...)
	{DSA-1506-1 DSA-1489-1 DSA-1485-2 DSA-1484-1}
	- iceweasel 2.0.0.12-1
	- xulrunner 1.8.1.12-1
	- iceape 1.1.8-1
	- icedove 2.0.0.12-1
CVE-2008-0418 (Directory traversal vulnerability in Mozilla Firefox before 2.0.0.12, ...)
	{DSA-1506-1 DSA-1489-1 DSA-1485-2 DSA-1484-1}
	- iceweasel 2.0.0.12-1
	- xulrunner 1.8.1.12-1
	- iceape 1.1.8-1
	- icedove 2.0.0.12-1
CVE-2008-0417 (CRLF injection vulnerability in Mozilla Firefox before 2.0.0.12 allows ...)
	{DSA-1506-1 DSA-1489-1 DSA-1485-2 DSA-1484-1}
	- iceweasel 2.0.0.12-1
	- xulrunner 1.8.1.12-1
CVE-2008-0416 (Multiple cross-site scripting (XSS) vulnerabilities in Mozilla Firefox ...)
	{DSA-1506-1 DSA-1489-1 DSA-1485-2 DSA-1484-1}
	- iceweasel 2.0.0.12-1
	- icedove 2.0.0.12-1
	TODO: check xulrunner and iceape
CVE-2008-0415 (Mozilla Firefox before 2.0.0.12, Thunderbird before 2.0.0.12, and ...)
	{DSA-1506-1 DSA-1489-1 DSA-1485-2 DSA-1484-1}
	- iceweasel 2.0.0.12-1
	- iceape 1.1.8-1
	- icedove 2.0.0.12-1
	- xulrunner 1.8.1.12-1
CVE-2008-0414 (Mozilla Firefox before 2.0.0.12 and SeaMonkey before 1.1.8 allows ...)
	{DSA-1506-1 DSA-1489-1 DSA-1485-2 DSA-1484-1}
	- iceweasel 2.0.0.12-1
	- xulrunner 1.8.1.12-1
	- iceape 1.1.8-1
CVE-2008-0413 (The JavaScript engine in Mozilla Firefox before 2.0.0.12, Thunderbird ...)
	{DSA-1506-1 DSA-1489-1 DSA-1485-2 DSA-1484-1}
	- iceweasel 2.0.0.12-1
	- xulrunner 1.8.1.12-1
	- iceape 1.1.8-1
	- icedove 2.0.0.12-1
CVE-2008-0412 (The browser engine in Mozilla Firefox before 2.0.0.12, Thunderbird ...)
	{DSA-1506-1 DSA-1489-1 DSA-1485-2 DSA-1484-1}
	- iceweasel 2.0.0.12-1
	- xulrunner 1.8.1.12-1
	- iceape 1.1.8-1
	- icedove 2.0.0.12-1
CVE-2008-0411 (Stack-based buffer overflow in the zseticcspace function in zicc.c in ...)
	{DSA-1510-1}
	- ghostscript 8.61.dfsg.1-1.1 (medium; bug #468190)
CVE-2007-6694 (The chrp_show_cpuinfo function (chrp/setup.c) in Linux kernel 2.4.21 ...)
	{DSA-1565-1 DSA-1503-2 DSA-1504-1 DSA-1503-1}
	- linux-2.6 2.6.24-1
	- linux-2.6.24 <not-affected> (Fixed before initial upload, upstream in 2.6.24)
	NOTE: Upstream commit 9ac71d00398674aaec664f30559f0a21d963862f, part of 2.6.24
CVE-2008-XXXX [exempi buffer overflow in GIF ReadHeader() function]
	- exempi 1.99.7-1 (bug #454297)
CVE-2008-0544 (Heap-based buffer overflow in the IMG_LoadLBM_RW function in IMG_lbm.c ...)
	{DSA-1493-2 DSA-1493-1}
	- sdl-image1.2 1.2.6-3 (medium)
CVE-2007-6697 (Buffer overflow in the LWZReadByte function in IMG_gif.c in SDL_image ...)
	{DSA-1493-2 DSA-1493-1}
	- sdl-image1.2 1.2.6-2 (medium)
CVE-2008-0410 (HTTP File Server (HFS) before 2.2c allows remote attackers to obtain ...)
	NOT-FOR-US: HTTP File Server
CVE-2008-0409 (Cross-site scripting (XSS) vulnerability in HTTP File Server (HFS) ...)
	NOT-FOR-US: HTTP File Server
CVE-2008-0408 (HTTP File Server (HFS) before 2.2c allows remote attackers to append ...)
	NOT-FOR-US: HTTP File Server
CVE-2008-0407 (HTTP File Server (HFS) before 2.2c tags HTTP request log entries with ...)
	NOT-FOR-US: HTTP File Server
CVE-2008-0406 (HTTP File Server (HFS) before 2.2c, when account names are used as log ...)
	NOT-FOR-US: HTTP File Server
CVE-2008-0405 (Multiple directory traversal vulnerabilities in HTTP File Server (HFS) ...)
	NOT-FOR-US: HTTP File Server
CVE-2008-0404 (Cross-site scripting (XSS) vulnerability in Mantis before 1.1.1 allows ...)
	- mantis <not-affected> (Vulnerable code not present)
	NOTE: code was introduced in the 1.1.x series, which are not shipped by us yet
CVE-2008-0403 (The web server in Belkin Wireless G Plus MIMO Router F5D9230-4 does ...)
	NOT-FOR-US: Belkin Wireless firmware
CVE-2008-0402 (Unspecified vulnerability in IBM WebSphere Business Modeler Basic and ...)
	NOT-FOR-US: IBM WebSphere Business Modeler
CVE-2008-0401 (Buffer overflow in the logging functionality of the HTTP server in IBM ...)
	NOT-FOR-US: IBM Tivoli Provisioning Manager for OS Deployment before
CVE-2008-0400 (Cross-site scripting (XSS) vulnerability in header.tpl.php in the ...)
	NOT-FOR-US: Singapore
CVE-2008-0399 (Multiple buffer overflows in Toshiba Surveillance (Surveillix) ...)
	NOT-FOR-US: Toshiba Surveillance
CVE-2008-0398 (Cross-site scripting (XSS) vulnerability in aflog 1.01, and possibly ...)
	NOT-FOR-US: aflog
CVE-2008-0397 (Multiple SQL injection vulnerabilities in aflog 1.01, and possibly ...)
	NOT-FOR-US: aflog
CVE-2008-0396 (Directory traversal vulnerability in BitDefender Update Server ...)
	NOT-FOR-US: BitDefender Update Server
CVE-2008-0395 (Kayako SupportSuite 3.11.01 allows remote attackers to obtain server ...)
	NOT-FOR-US: Kayako SupportSuite
CVE-2008-0394 (Buffer overflow in Citadel SMTP server 7.10 and earlier allows remote ...)
	NOT-FOR-US: Citadel SMTP server
CVE-2008-0393 (Directory traversal vulnerability in info.php in GradMan 0.1.3 and ...)
	NOT-FOR-US: GradMan
CVE-2008-0392 (Multiple buffer overflows in Microsoft Visual Basic Enterprise Edition ...)
	NOT-FOR-US: Microsoft Visual Basic
CVE-2008-0391 (inc/elementz.php in aliTalk 1.9.1.1 does not properly verify ...)
	NOT-FOR-US: aliTalk
CVE-2008-0390 (stat.php in AuraCMS 1.62, and Mod Block Statistik for AuraCMS, allows ...)
	NOT-FOR-US: AuraCMS
CVE-2008-0389 (Unspecified vulnerability in the serveServletsByClassnameEnabled ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2008-0388 (SQL injection vulnerability in the WP-Forum 1.7.4 plugin for WordPress ...)
	NOT-FOR-US: WP-Forum plugin for WordPress
CVE-2008-0387 (Integer overflow in Firebird SQL 1.0.3 and earlier, 1.5.x before ...)
	- firebird2.0 2.0.3.12981.ds1-4 (bug #460048)
	[lenny] - firebird2.0 2.0.3.12981.ds1-1+lenny1
	- firebird2 <removed>
	[etch] - firebird2 <no-dsa> (Fixed packages have been released through backports.org, see #1529)
CVE-2008-0386 (Xdg-utils 1.0.2 and earlier allows user-assisted remote attackers to ...)
	- xdg-utils <not-affected> (Ships a patch that modifies the vulnerable code and uses sed secure)
	NOTE: xdg-open-generic replaces the vulnerable code and runs view-mailcap or sensible-browser
CVE-2008-0385 (SQL injection vulnerability in server/widgetallocator.php in Urulu 2.1 ...)
	NOT-FOR-US: Urulu
CVE-2008-0384 (OpenBSD 4.2 allows local users to cause a denial of service (kernel ...)
	NOT-FOR-US: OpenBSD
CVE-2008-0383 (Multiple SQL injection vulnerabilities in MyBB 1.2.10 and earlier ...)
	NOT-FOR-US: MyBB
CVE-2008-0382 (Multiple eval injection vulnerabilities in MyBB 1.2.10 and earlier ...)
	NOT-FOR-US: MyBB
CVE-2008-0381 (Unspecified vulnerability in Mahara before 0.9.1 has unknown impact ...)
	- mahara 0.9.1-1 (low)
CVE-2008-0380 (Buffer overflow in the Digital Data Communications RtspVaPgCtrl ...)
	NOT-FOR-US: Digital Data Communications
CVE-2008-0379 (Race condition in the Enterprise Tree ActiveX control ...)
	NOT-FOR-US: Crystal Reports
CVE-2008-0378 (Stack-based buffer overflow in SocksCap 2.40-051231 and earlier, when ...)
	NOT-FOR-US: SocksCap
CVE-2008-0377 (MicroNews allows remote attackers to bypass authentication and gain ...)
	NOT-FOR-US: MicroNews
CVE-2008-0376 (PHP remote file inclusion vulnerability in inc/linkbar.php in Small ...)
	NOT-FOR-US: Small Axe Weblog
CVE-2008-0375 (Unspecified vulnerability in OKI C5510MFP Printer CU H2.15, PU ...)
	NOT-FOR-US: OKI C5510MFP Printer firmware
CVE-2008-0374 (OKI C5510MFP Printer CU H2.15, PU 01.03.01, System F/W 1.01, and Web ...)
	NOT-FOR-US: OKI C5510MFP Printer firmware
CVE-2008-0373 (Unrestricted file upload vulnerability in PHP F1 Max's File Uploader ...)
	NOT-FOR-US: PHP F1 Max's File Uploader
CVE-2008-0372 (8e6 R3000 Internet Filter 2.0.05.33, and other versions before 2.0.11, ...)
	NOT-FOR-US: 8e6 R3000 Internet Filter
CVE-2008-0371 (Multiple SQL injection vulnerabilities in aliTalk 1.9.1.1, when ...)
	NOT-FOR-US: aliTalk
CVE-2008-0370 (Cross-site scripting (XSS) vulnerability in dohtaccess.html in cPanel ...)
	NOT-FOR-US: cPanel
CVE-2008-0369 (Multiple unspecified programs in IBM Informix Dynamic Server (IDS) ...)
	NOT-FOR-US: IBM Informix Dynamic Server
CVE-2008-0368 (onedcu in IBM Informix Dynamic Server (IDS) 10.x before 10.00.xC8 ...)
	NOT-FOR-US: IBM Informix Dynamic Server
CVE-2008-0367 (Mozilla Firefox 2.0.0.11, 3.0b2, and possibly earlier versions, when ...)
	- iceweasel <unfixed> (low)
CVE-2008-0366 (CORE FORCE before 0.95.172 does not properly validate arguments to ...)
	NOT-FOR-US: CORE FORCE
CVE-2008-0365 (Multiple buffer overflows in CORE FORCE before 0.95.172 allow local ...)
	NOT-FOR-US: CORE FORCE
CVE-2008-0364 (Buffer overflow in (1) BitTorrent 6.0 and earlier; and (2) uTorrent ...)
	NOT-FOR-US: BitTorrent/uTorrent
CVE-2008-0363 (Multiple SQL injection vulnerabilities in Clever Copy 3.0 and earlier ...)
	NOT-FOR-US: Clever Copy
CVE-2008-0362 (Cross-site scripting (XSS) vulnerability in gallery.php in Clever Copy ...)
	NOT-FOR-US: Clever Copy
CVE-2008-0361 (Directory traversal vulnerability in agregar_info.php in GradMan 0.1.3 ...)
	NOT-FOR-US: GradMan
CVE-2008-0360 (Multiple SQL injection vulnerabilities in BLOG:CMS 4.2.1b allow remote ...)
	NOT-FOR-US: BLOG:CMS
CVE-2008-0359 (Multiple cross-site scripting (XSS) vulnerabilities in BLOG:CMS 4.2.1b ...)
	NOT-FOR-US: BLOG:CMS
CVE-2008-0358 (SQL injection vulnerability in index.php in Pixelpost 1.7 allows ...)
	NOT-FOR-US: Pixelpost
CVE-2008-0357 (Directory traversal vulnerability in pages/upload.php in Galaxyscripts ...)
	NOT-FOR-US: Galaxyscripts
CVE-2008-0356 (Buffer overflow in the Independent Management Architecture (IMA) ...)
	NOT-FOR-US: Citrix Presentation Server
CVE-2008-0355 (SQL injection vulnerability in index.php in the forum module in ...)
	NOT-FOR-US: PHPEcho CMS
CVE-2008-0354 (Cross-site scripting (XSS) vulnerability in the chat client in IBM ...)
	NOT-FOR-US: IBM Lotus Sametime
CVE-2008-0353 (SQL injection vulnerability in visualizza_tabelle.php in php-residence ...)
	NOT-FOR-US: php-residence
CVE-2008-XXXX [apt-cacher arbitrary command execution]
	- apt-cacher 1.6.1
	[etch] - apt-cacher <not-affected> (vulnerable code introduced in 1.6.0)
	[sarge] - apt-cacher <not-affected> (vulnerable code introduced in 1.6.0)
CVE-2008-0352 (The Linux kernel 2.6.20 through 2.6.21.1 allows remote attackers to ...)
	- linux-2.6 2.6.22-1
	[etch] - linux-2.6 <not-affected> (Vulnerable code was introduced after 2.6.19 release)
CVE-2008-0351 (admin/config.php in Evilsentinel 1.0.9 and earlier allows remote ...)
	NOT-FOR-US: EvilSentinel
CVE-2008-0350 (admin/index.php in Evilsentinel 1.0.9 and earlier sends a redirect to ...)
	NOT-FOR-US: EvilSentinel
CVE-2008-0349 (Unspecified vulnerability in the PeopleTools component in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2008-0348 (Multiple unspecified vulnerabilities in the PeopleTools component in ...)
	NOT-FOR-US: Oracle
CVE-2008-0347 (Unspecified vulnerability in the Oracle Ultra Search component in ...)
	NOT-FOR-US: Oracle
CVE-2008-0346 (Unspecified vulnerability in the Oracle Jinitiator component in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2008-0345 (Unspecified vulnerability in the Core RDBMS component in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2008-0344 (Unspecified vulnerability in the Oracle Spatial component in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2008-0343 (Unspecified vulnerability in the Oracle Spatial component in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2008-0342 (Unspecified vulnerability in the Upgrade/Downgrade component in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2008-0341 (Unspecified vulnerability in the Advanced Queuing component in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2008-0340 (Multiple unspecified vulnerabilities in Oracle Database 9.0.1.5 FIPS+, ...)
	NOT-FOR-US: Oracle
CVE-2008-0339 (Unspecified vulnerability in the XML DB component in Oracle Database ...)
	NOT-FOR-US: Oracle
CVE-2008-0338 (Directory traversal vulnerability in the mwGetLocalFileName function ...)
	NOT-FOR-US: miniweb
CVE-2008-0337 (Heap-based buffer overflow in the _mwProcessReadSocket function in ...)
	NOT-FOR-US: miniweb
CVE-2008-0336 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...)
	NOT-FOR-US: BugTracker.NET
CVE-2008-0335 (Cross-site scripting (XSS) vulnerability in BugTracker.NET before ...)
	NOT-FOR-US: BugTracker.NET
CVE-2008-0334 (Cross-site scripting (XSS) vulnerability in ...)
	NOT-FOR-US: pMachine
CVE-2008-0333 (Directory traversal vulnerability in download_view_attachment.aspx in ...)
	NOT-FOR-US: AfterLogic MailBee WebMail Pro 4.1 for ASP.NET
CVE-2008-0332 (Directory traversal vulnerability in arias/help/effect.php in aria ...)
	NOT-FOR-US: Aria ERP (not the aria we ship)
CVE-2008-0331 (Unspecified vulnerability in Funkwerk System Software before 7.4.1 ...)
	NOT-FOR-US: Funkwerk
CVE-2008-0330 (Open System Consultants (OSC) Radiator before 4.0 allows remote ...)
	NOT-FOR-US: Radiator
CVE-2008-0329 (LulieBlog 1.0.1 and 1.0.2 does not restrict access to (1) ...)
	NOT-FOR-US: LulieBlog
CVE-2008-0328 (SQL injection vulnerability in page.php in FaScript FaName 1.0 allows ...)
	NOT-FOR-US: FaScript
CVE-2008-0327 (SQL injection vulnerability in show.php in FaScript FaMp3 1.0 allows ...)
	NOT-FOR-US: FaScript
CVE-2008-0326 (SQL injection vulnerability in class/show.php in FaScript ...)
	NOT-FOR-US: FaScript
CVE-2008-0325 (SQL injection vulnerability in show.php in FaScript FaPersian Petition ...)
	NOT-FOR-US: FaScript
CVE-2008-0324 (Cisco Systems VPN Client IPSec Driver (CVPNDRVA.sys) 5.0.02.0090 ...)
	NOT-FOR-US: Cisco
CVE-2008-0323
	RESERVED
CVE-2008-0322 (The I2O Utility Filter driver (i2omgmt.sys) 5.1.2600.2180 for ...)
	NOT-FOR-US: Microsoft Windows XP driver
CVE-2008-0321
	RESERVED
CVE-2008-0320 (Heap-based buffer overflow in the OLE importer in OpenOffice.org ...)
	{DSA-1547-1}
	- openoffice.org 2.4.0~ooh680m5-1
CVE-2008-0319
	RESERVED
CVE-2008-0318 (Integer overflow in the cli_scanpe function in libclamav in ClamAV ...)
	{DSA-1497-1}
	- clamav 0.92.1~dfsg-1 (medium)
CVE-2008-0317
	RESERVED
CVE-2008-0316
	RESERVED
CVE-2008-0315
	RESERVED
CVE-2008-0314 (Heap-based buffer overflow in spin.c in libclamav in ClamAV 0.92.1 ...)
	{DSA-1549-1}
	- clamav 0.92.1~dfsg2-1 (medium)
CVE-2008-0313 (The ActiveDataInfo.LaunchProcess method in the ...)
	NOT-FOR-US: Symantec Norton products
CVE-2008-0312 (Stack-based buffer overflow in the AutoFix Support Tool ActiveX ...)
	NOT-FOR-US: Symantec Norton products
CVE-2008-0311 (Stack-based buffer overflow in the PGMWebHandler::parse_request ...)
	NOT-FOR-US: Borland CaliberRM
CVE-2008-0310 (Directory traversal vulnerability in pkgadd in SCO UnixWare 7.1.4 ...)
	NOT-FOR-US: SCO UnixWare
CVE-2008-0309 (Stack-based buffer overflow in Symantec Decomposer, as used in certain ...)
	NOT-FOR-US: Symantec Decomposer
CVE-2008-0308 (Symantec Decomposer, as used in certain Symantec antivirus products ...)
	NOT-FOR-US: Symantec Decomposer
CVE-2008-0307 (Integer signedness error in vserver in SAP MaxDB 7.6.0.37, and ...)
	- maxdb-7.5.00 <removed>
CVE-2008-0306 (sdbstarter in SAP MaxDB 7.6.0.37, and possibly other versions, allows ...)
	- maxdb-7.5.00 <removed>
CVE-2008-0305
	RESERVED
CVE-2008-0304 (Heap-based buffer overflow in Mozilla Thunderbird before 2.0.0.12 and ...)
	{DSA-1697-1 DSA-1621-1}
	- icedove 2.0.0.12-1 (medium)
	- iceape 1.1.8-1 (medium)
CVE-2008-0303 (The FTP print feature in multiple Canon printers, including ...)
	NOT-FOR-US: Canon printer firmware
CVE-2008-0301 (Multiple SQL injection vulnerabilities in Mapbender 2.4.4 allow remote ...)
	NOT-FOR-US: Mapbender
CVE-2008-0300 (mapFiler.php in Mapbender 2.4 to 2.4.4 allows remote attackers to ...)
	NOT-FOR-US: Mapbender
CVE-2008-0298 (KHTML WebKit as used in Apple Safari 2.x allows remote attackers to ...)
	- webkit <unfixed> (unimportant)
	NOTE: khtml originates from konqueror. browser crashes are considered unimportant
CVE-2008-0297 (PhotoKorn allows remote attackers to obtain database credentials via a ...)
	NOT-FOR-US: PhotoKorn
CVE-2008-0296 (Heap-based buffer overflow in the libaccess_realrtsp plugin in ...)
	{DSA-1543-1 DTSA-111-1}
	- vlc 0.8.6.c-6 (bug #461544; medium)
CVE-2008-0295 (Heap-based buffer overflow in modules/access/rtsp/real_sdpplin.c in ...)
	{DSA-1543-1 DTSA-111-1}
	- vlc 0.8.6.c-6 (bug #461544; medium)
	NOTE: this does not affect xine-lib itself, its just vlc that ships a really old version of it
CVE-2008-0294 (Unspecified vulnerability in the seat-locking implementation in ...)
	NOT-FOR-US: FreeSeat
CVE-2008-0293 (Unspecified vulnerability in cron.php in FreeSeat before 1.1.5d, when ...)
	NOT-FOR-US: FreeSeat
CVE-2008-0292 (Cross-site scripting (XSS) vulnerability in photo_album.pl in Dansie ...)
	NOT-FOR-US: Dansie Photo Album
CVE-2008-0291 (SQL injection vulnerability in showproduct.asp in RichStrong CMS ...)
	NOT-FOR-US: RichStrong CMS
CVE-2007-6693 (Unspecified vulnerability in the WebCam module in Menalto Gallery ...)
	- gallery2 2.2.4-1 (bug #457644)
	- gallery <not-affected> (Vulnerable code not present)
CVE-2007-6692 (Open redirect vulnerability in Menalto Gallery before 2.2.4 allows ...)
	- gallery2 2.2.4-1 (bug #457644)
	- gallery <not-affected> (Vulnerable code not present)
CVE-2007-6691 (Multiple unspecified vulnerabilities in Menalto Gallery before 2.2.4 ...)
	- gallery2 2.2.4-1 (bug #457644)
	- gallery <not-affected> (Vulnerable code not present)
CVE-2007-6690 (The Gallery Remote module in Menalto Gallery before 2.2.4 does not ...)
	- gallery2 2.2.4-1 (bug #457644)
	- gallery <not-affected> (Vulnerable code not present)
CVE-2007-6689 (Menalto Gallery before 2.2.4 does not properly check for malicious ...)
	- gallery2 2.2.4-1 (bug #457644)
	- gallery <not-affected> (Vulnerable code not present)
CVE-2007-6688 (Unspecified vulnerability in the Installation application in Menalto ...)
	- gallery <not-affected> (Vulnerable code not present)
	- gallery2 2.2.4-1 (bug #457644)
	- gallery <not-affected> (Vulnerable code not present)
CVE-2007-6687 (Multiple cross-site scripting (XSS) vulnerabilities in Menalto Gallery ...)
	- gallery2 2.2.4-1 (bug #457644)
	- gallery <not-affected> (Vulnerable code not present)
CVE-2007-6686 (The URL rewrite module in Menalto Gallery before 2.2.4 allows ...)
	- gallery2 2.2.4-1 (bug #457644)
	- gallery <not-affected> (Vulnerable code not present)
CVE-2007-6685 (Unspecified vulnerability in the Publish XP module Menalto Gallery ...)
	- gallery <not-affected> (Vulnerable code not present)
	- gallery2 2.2.4-1 (bug #457644)
CVE-2008-0161
	RESERVED
CVE-2008-0290 (Multiple SQL injection vulnerabilities in Digital Hive 2.0 RC2 and ...)
	NOT-FOR-US: Digital Hive
CVE-2008-0289 (PHP remote file inclusion vulnerability in view_func.php in Member ...)
	NOT-FOR-US: Member Area System
CVE-2008-0288 (Multiple SQL injection vulnerabilities in ImageAlbum 2.0.0b2 allow ...)
	NOT-FOR-US: ImageAlbum
CVE-2008-0287 (PHP remote file inclusion vulnerability in VisionBurst vcart 3.3.2 ...)
	NOT-FOR-US: VisionBurst vcart
CVE-2008-0286 (SQL injection vulnerability in admin/login.php in Article Dashboard ...)
	NOT-FOR-US: Article Dashboard
CVE-2008-0285 (ngIRCd 0.10.x before 0.10.4 and 0.11.0 before 0.11.0-pre2 allows ...)
	- ngircd 0.10.3-2 (bug #461067; low)
	[etch] - ngircd <no-dsa> (Minor issue)
CVE-2008-0284 (Cross-site scripting (XSS) vulnerability in Simple Machines Forum ...)
	NOT-FOR-US: Simple Machines Forum
CVE-2008-0283 (PHP remote file inclusion vulnerability in /aides/index.php in DomPHP ...)
	NOT-FOR-US: DomPHP
CVE-2008-0282 (SQL injection vulnerability in welcome/inscription.php in DomPHP 0.81 ...)
	NOT-FOR-US: DomPHP
CVE-2008-0281 (SQL injection vulnerability in liste.php in ID-Commerce 2.0 and ...)
	NOT-FOR-US: ID-Commerce
CVE-2008-0280 (SQL injection vulnerability in index.php in MTCMS 2.0 and possibly ...)
	NOT-FOR-US: MTCMS
CVE-2008-0279 (SQL injection vulnerability in liretopic.php in Xforum 1.4 and ...)
	NOT-FOR-US: Xforum
CVE-2008-0278 (SQL injection vulnerability in index.php in X7 Chat 2.0.5 and possibly ...)
	NOT-FOR-US: X7 Chat
CVE-2008-0277 (Unspecified vulnerability in the Fileshare module for Drupal allows ...)
	NOT-FOR-US: Fileshare module for Drupal
CVE-2008-0276 (Cross-site scripting (XSS) vulnerability in the Devel module before ...)
	NOT-FOR-US: Devel module for Drupal
CVE-2008-0275 (The Atom 4.7 before 4.7.x-1.0 and 5.x before 5.x-1.0 module for Drupal ...)
	NOT-FOR-US: Atom module for Drupal
CVE-2008-0274 (Cross-site scripting (XSS) vulnerability in Drupal 4.7.x and 5.x, when ...)
	- drupal5 5.6-1 (unimportant)
	NOTE: needs register_globals on
CVE-2008-0273 (Interpretation conflict in Drupal 4.7.x before 4.7.11 and 5.x before ...)
	- drupal5 5.6-1 (low)
CVE-2008-0272 (Cross-site request forgery (CSRF) vulnerability in the aggregator ...)
	- drupal5 5.6-1 (low)
CVE-2008-0271 (The editor deletion form in BUEditor 4.7.x before 4.7.x-1.0 and 5.x ...)
	NOT-FOR-US: BUEditor
CVE-2008-0270 (SQL injection vulnerability in index.php in TaskFreak! 0.6.1 and ...)
	NOT-FOR-US: TaskFreak!
CVE-2008-0269 (Unspecified vulnerability in the dotoprocs function in Sun Solaris 10 ...)
	NOT-FOR-US: Sun Solaris
CVE-2008-0268 (Cross-site scripting (XSS) vulnerability in view.php in eTicket ...)
	NOT-FOR-US: eTicket
CVE-2008-0267 (Multiple SQL injection vulnerabilities in eTicket 1.5.5.2 allow remote ...)
	NOT-FOR-US: eTicket
CVE-2008-0266 (Cross-site request forgery (CSRF) vulnerability in admin.php in ...)
	NOT-FOR-US: eTicket
CVE-2008-0265 (Multiple cross-site scripting (XSS) vulnerabilities in the Search ...)
	NOT-FOR-US:  F5 BIG-IP
CVE-2008-0264 (Unspecified vulnerability in the Meta Tags (aka Nodewords) 5.x-1.6 ...)
	NOT-FOR-US: Meta Tags module for Drupal
CVE-2008-0263 (The SIP module in Ingate Firewall before 4.6.1 and SIParator before ...)
	NOT-FOR-US: Ingate Firewall
CVE-2008-0262 (SQL injection vulnerability in includes/articleblock.php in Agares ...)
	NOT-FOR-US: Agares PhpAutoVideo
CVE-2008-0261 (Unspecified vulnerability in the search component and module in Mambo ...)
	NOT-FOR-US: Mambo
	NOTE: Mambo is in experimental
CVE-2008-0260 (minimal Gallery 0.8 allows remote attackers to obtain configuration ...)
	NOT-FOR-US: minimal Gallery
CVE-2008-0259 (Multiple directory traversal vulnerabilities in _mg/php/mg_thumbs.php ...)
	NOT-FOR-US: minimal Gallery
CVE-2008-0258 (Cross-site scripting (XSS) vulnerability in index.php in PHP Running ...)
	NOT-FOR-US: PHP Running Management
CVE-2008-0257 (Cross-site scripting (XSS) vulnerability in search.pl in Dansie Search ...)
	NOT-FOR-US: Dansie Search
CVE-2008-0256 (Multiple SQL injection vulnerabilities in Matteo Binda ASP Photo ...)
	NOT-FOR-US: Matteo Binda ASP Photo Gallery
CVE-2008-0255 (SQL injection vulnerability in archive.php in iGaming 1.5, and 1.3.1 ...)
	NOT-FOR-US: iGaming
CVE-2008-0254 (SQL injection vulnerability in activate.php in TutorialCMS (aka ...)
	NOT-FOR-US: TutorialCMS
CVE-2008-0253 (SQL injection vulnerability in full_text.php in Binn SBuilder allows ...)
	NOT-FOR-US: Binn SBuilder
CVE-2008-0252 (Directory traversal vulnerability in the _get_file_path function in ...)
	{DSA-1481-1}
	- python-cherrypy 2.2.1-3.1 (low; bug #461069)
	- cherrypy3 3.0.2-2
CVE-2008-0251 (Unrestricted file upload vulnerability in PhotoPost vBGallery before ...)
	NOT-FOR-US: PhotoPost vBGallery
CVE-2008-0250 (Buffer overflow in Microsoft Visual InterDev 6.0 (SP6) allows ...)
	NOT-FOR-US: Microsoft Visual InterDev
CVE-2008-0249 (PHP Webquest 2.6 allows remote attackers to retrieve database ...)
	NOT-FOR-US: PHP Webquest
CVE-2008-0248 (Buffer overflow in an ActiveX control in ccpm_0237.dll for StreamAudio ...)
	NOT-FOR-US: StreamAudio ChainCast ProxyManager
CVE-2008-0247 (Heap-based buffer overflow in the Express Backup Server service ...)
	NOT-FOR-US: IBM Tivoli Storage Manager
CVE-2008-0246 (admin.php in UploadScript 1.0 does not check for the original password ...)
	NOT-FOR-US: UploadScript
CVE-2008-0245 (admin.php in UploadImage 1.0 does not check for the original password ...)
	NOT-FOR-US: UploadImage
CVE-2008-0244 (SAP MaxDB 7.6.03 build 007 and earlier allows remote attackers to ...)
	- maxdb-7.5.00 <removed> (medium; bug #461444)
	NOTE: see #461456 for removal explanation
CVE-2008-0243 (Unspecified vulnerability in Lotus Domino 7.0.2 before Fix Pack 3 ...)
	NOT-FOR-US: Lotus Domino
CVE-2008-0242 (Unspecified vulnerability in libdevinfo in Sun Solaris 10 allows local ...)
	NOT-FOR-US: Sun Solari
CVE-2008-0241 (Open redirect vulnerability in /idm/user/login.jsp in Sun Java System ...)
	NOT-FOR-US: Sun Java System Identity Manager
CVE-2008-0240 (/idm/help/index.jsp in Sun Java System Identity Manager 6.0 SP1 ...)
	NOT-FOR-US: Sun Java System Identity Manager
CVE-2008-0239 (Multiple cross-site scripting (XSS) vulnerabilities in Sun Java System ...)
	NOT-FOR-US: Sun Java System Identity Manager
CVE-2008-0238 (Multiple heap-based buffer overflows in the rmff_dump_cont function in ...)
	NOTE: Dupe of CVE-2008-0225
CVE-2008-0299 (common.py in Paramiko 1.7.1 and earlier, when using threads or forked ...)
	- paramiko 1.6.4-1.1 (low; bug #460706)
	[etch] - paramiko <no-dsa> (Minor issue)
	NOTE: http://www.lag.net/pipermail/paramiko/2008-January/000599.html
CVE-2008-0237 (The Microsoft Rich Textbox ActiveX Control (RICHTX32.OCX) 6.1.97.82 ...)
	NOT-FOR-US: Microsoft Rich Textbox ActiveX Control
CVE-2008-0236 (An ActiveX control for Microsoft Visual FoxPro (vfp6r.dll 6.0.8862.0) ...)
	NOT-FOR-US: Microsoft Visual FoxPro
CVE-2008-0235 (The Microsoft VFP_OLE_Server ActiveX control allows remote attackers ...)
	NOT-FOR-US: Microsoft VFP_OLE_Server ActiveX control
CVE-2008-0234 (Buffer overflow in Apple Quicktime Player 7.3.1.70 and other versions ...)
	NOT-FOR-US: Apple Quicktime Player
CVE-2008-0233 (Unrestricted file upload vulnerability in Zero CMS 1.0 Alpha and ...)
	NOT-FOR-US: Zero CMS
CVE-2008-0232 (Multiple SQL injection vulnerabilities in Zero CMS 1.0 Alpha allow ...)
	NOT-FOR-US: Zero CMS
CVE-2008-0231 (Multiple directory traversal vulnerabilities in index.php in Tuned ...)
	NOT-FOR-US: Tune Studio
CVE-2008-0230 (PHP remote file inclusion vulnerability in php121db.php in osDate ...)
	NOT-FOR-US: osDate
CVE-2008-0229 (The telnet service in LevelOne WBR-3460 4-Port ADSL 2/2+ Wireless ...)
	NOT-FOR-US: LevelOne router firmware
CVE-2008-0228 (Cross-site request forgery (CSRF) vulnerability in apply.cgi in the ...)
	NOT-FOR-US: Linksys WRT54GL firmware
CVE-2008-0227 (yaSSL 1.7.5 and earlier, as used in MySQL and possibly other products, ...)
	{DSA-1478-1}
	- mysql-dfsg-4.1 <removed>
	- mysql-dfsg-5.0 5.0.51-3 (low; bug #460873)
CVE-2008-0226 (Multiple buffer overflows in yaSSL 1.7.5 and earlier, as used in MySQL ...)
	{DSA-1478-1}
	- mysql-dfsg-4.1 <removed>
	- mysql-dfsg-5.0 5.0.51-3 (medium; bug #460873)
CVE-2008-0225 (Heap-based buffer overflow in the rmff_dump_cont function in ...)
	{DSA-1472-1 DTSA-109-1}
	- xine-lib 1.1.10-1 (medium; bug #460551)
CVE-2008-0224 (SQL injection vulnerability in index.php in the Newbb_plus 0.92 and ...)
	NOT-FOR-US: RunCMS
CVE-2008-0223 (Buffer overflow in JustSystems JSFC.DLL, as used in multiple ...)
	NOT-FOR-US: JustSystem
CVE-2008-0222 (Unrestricted file upload vulnerability in ajaxfilemanager.php in the ...)
	NOT-FOR-US: Wp-FileManager plugin for WordPress
CVE-2008-0221 (Directory traversal vulnerability in the WebLaunch.WeblaunchCtl.1 (aka ...)
	NOT-FOR-US: Gateway Weblaunch
CVE-2008-0220 (Multiple stack-based buffer overflows in the WebLaunch.WeblaunchCtl.1 ...)
	NOT-FOR-US: Gateway Weblaunch
CVE-2008-0219 (SQL injection vulnerability in soporte_horizontal_w.php in PHP ...)
	NOT-FOR-US: Webquest
CVE-2008-0218 (Cross-site scripting (XSS) vulnerability in admin/index.html in Merak ...)
	NOT-FOR-US: Merak IceWarp Mail Server
CVE-2008-0217 (The script program in FreeBSD 5.0 through 7.0-PRERELEASE invokes ...)
	- kfreebsd-5 <removed>
	[etch] - kfreebsd-5 <no-dsa> (FreeBSD not supported)
	- kfreebsd-6 <not-affected> (see bug #483152)
	- kfreebsd-7 <not-affected> (see bug #483152)
CVE-2008-0216 (The ptsname function in FreeBSD 6.0 through 7.0-PRERELEASE does not ...)
	- kfreebsd-5 <not-affected> (see bug #483152)
	- kfreebsd-6 <not-affected> (see bug #483152)
	- kfreebsd-7 <not-affected> (see bug #483152)
CVE-2008-0215 (Multiple unspecified vulnerabilities in HP Storage Essentials Storage ...)
	NOT-FOR-US: HP SRM
CVE-2008-0214 (Multiple unspecified vulnerabilities in HP Select Identity 4.00, 4.01, ...)
	NOT-FOR-US: HP Select Identity
CVE-2008-0213 (Unspecified vulnerability in a certain ActiveX control for HP Virtual ...)
	NOT-FOR-US: HP Virtual Rooms
CVE-2008-0212 (ovtopmd in HP OpenView Network Node Manager (OV NNM) 6.41, 7.01, and ...)
	NOT-FOR-US: HP OpenView Network Node Manager
CVE-2008-0211 (Unspecified vulnerability in the BIOS F.04 through F.11 for the HP ...)
	NOT-FOR-US: BIOS F.04
CVE-2008-0210 (Uebimiau Webmail 2.7.10 and 2.7.2 does not protect authentication ...)
	NOT-FOR-US: Uebimiau Webmail
CVE-2008-0209 (Open redirect vulnerability in Forums/login.asp in Snitz Forums 2000 ...)
	NOT-FOR-US: Snitz Forums 2000
CVE-2008-0208 (Cross-site scripting (XSS) vulnerability in login.asp in Snitz Forums ...)
	NOT-FOR-US: Snitz Forums 2000
CVE-2008-0207 (Multiple cross-site scripting (XSS) vulnerabilities in PRO-Search 0.17 ...)
	NOT-FOR-US: PRO-Search
CVE-2008-0206 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
	NOT-FOR-US: Captcha!
CVE-2008-0205 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...)
	NOT-FOR-US: Math Comment Spam Protection plugin for WordPress
CVE-2008-0204 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
	NOT-FOR-US: Math Comment Spam Protection plugin for WordPress
CVE-2008-0203 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
	NOT-FOR-US: Cryptographp plugin for WordPress
CVE-2008-0202 (CRLF injection vulnerability in index.php in ExpressionEngine 1.2.1 ...)
	NOT-FOR-US: ExpressionEngine
CVE-2008-0201 (Cross-site scripting (XSS) vulnerability in index.php in ...)
	NOT-FOR-US: ExpressionEngine
CVE-2008-0200 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
	NOT-FOR-US: RotaBanner
CVE-2008-0199 (PRO-Search 0.17 and earlier allows remote attackers to cause a denial ...)
	NOT-FOR-US: PRO-Search
CVE-2008-0198 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...)
	NOT-FOR-US: WP-ContactForm plugin for WordPress
CVE-2008-0197 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
	NOT-FOR-US: WP-ContactForm plugin for WordPress
CVE-2008-0196 (Multiple directory traversal vulnerabilities in WordPress 2.0.11 and ...)
	- wordpress 2.3.3-1
CVE-2008-0195 (WordPress 2.0.11 and earlier allows remote attackers to obtain ...)
	- wordpress <unfixed> (unimportant)
	NOTE: full path and DB structure already known on Debian
	NOTE: poked hendry
CVE-2008-0194 (Directory traversal vulnerability in wp-db-backup.php in WordPress ...)
	{DSA-1502-1}
	- wordpress 2.1.0-1
	NOTE: Vulnerable code removed since 2.1 release
CVE-2008-0193 (Cross-site scripting (XSS) vulnerability in wp-db-backup.php in ...)
	{DSA-1502-1}
	- wordpress 2.1.0-1
	NOTE: Vulnerable code removed since 2.1 release
CVE-2008-0192 (Multiple cross-site scripting (XSS) vulnerabilities in WordPress 2.0.9 ...)
	- wordpress 2.0.10-1
	NOTE: poked hendry
CVE-2008-0191 (WordPress 2.2.x and 2.3.x allows remote attackers to obtain sensitive ...)
	- wordpress <unfixed> (unimportant)
	NOTE: full path and DB structure already known on Debian
	NOTE: poked hendry
CVE-2008-0190 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
	NOT-FOR-US: AwesomeTemplateEngine
CVE-2008-0189
	REJECTED
CVE-2008-0188
	REJECTED
CVE-2008-0187 (SQL injection vulnerability in songinfo.php in SAM Broadcaster ...)
	NOT-FOR-US: SAM Broadcaster samPHPweb
CVE-2008-0186 (Cross-site scripting (XSS) vulnerability in index.php in NetRisk 1.9.7 ...)
	NOT-FOR-US: NetRisk
CVE-2008-0185 (SQL injection vulnerability in index.php in NetRisk 1.9.7 and possibly ...)
	NOT-FOR-US: NetRisk
CVE-2008-0184 (Absolute path traversal vulnerability in index.php in Sys-Hotel on ...)
	NOT-FOR-US: Sys-Hotel
CVE-2008-0183
	RESERVED
CVE-2008-0182 (Cross-site request forgery (CSRF) vulnerability in the Admin portlet ...)
	NOT-FOR-US: Liferay Portal
CVE-2008-0181 (Cross-site scripting (XSS) vulnerability in the Admin portlet in ...)
	NOT-FOR-US: Liferay Portal
CVE-2008-0180 (Cross-site scripting (XSS) vulnerability in ...)
	NOT-FOR-US: Liferay Portal
CVE-2008-0179 (Cross-site scripting (XSS) vulnerability in ...)
	NOT-FOR-US: Liferay Portal
CVE-2008-0178 (Cross-site scripting (XSS) vulnerability in the Enterprise Admin ...)
	NOT-FOR-US: Liferay Portal
CVE-2008-0177 (The ipcomp6_input function in sys/netinet6/ipcomp_input.c in the KAME ...)
	- kfreebsd-7 <not-affected> (see bug #483152)
	- kfreebsd-6 <not-affected> (see bug #483152)
	- kfreebsd-5 <removed>
	[etch] - kfreebsd-5 <no-dsa> (FreeBSD not supported)
	NOTE: Linux kernel code is not affected, the proper check is there
	NOTE: (somewhat difficult to spot, it happens in the caller).
CVE-2008-0176 (Heap-based buffer overflow in w32rtr.exe in GE Fanuc CIMPLICITY HMI ...)
	NOT-FOR-US: GE Fanuc CIMPLICITY
CVE-2008-0175 (Unrestricted file upload vulnerability in GE Fanuc Proficy Real-Time ...)
	NOT-FOR-US: GE Fanuc Proficy Real-Time Information Portal
CVE-2008-0174 (GE Fanuc Proficy Real-Time Information Portal 2.6 and earlier uses ...)
	NOT-FOR-US: GE Fanuc Proficy Real-Time Information Portal
CVE-2008-0172 (The get_repeat_type function in basic_regex_creator.hpp in the Boost ...)
	- boost 1.34.1-5 (low; bug #461236)
	[etch] - boost <no-dsa> (Minor issue)
CVE-2008-0171 (regex/v4/perl_matcher_non_recursive.hpp in the Boost regex library ...)
	- boost 1.34.1-5 (low; bug #461236)
	[etch] - boost <no-dsa> (Minor issue)
CVE-2008-0170
	RESERVED
CVE-2008-0169 (Plugin/passwordauth.pm (aka the passwordauth plugin) in ikiwiki 1.34 ...)
	- ikiwiki 2.48 (medium; bug #483770)
	[etch] - ikiwiki <not-affected> (Vulnerable code introduced in 1.34)
CVE-2008-0168
	RESERVED
CVE-2008-0167 (The write_array_file function in utils/include.pl in GForge 4.5.14 ...)
	{DSA-1577-1}
	- gforge 4.6.99+svn6496-1 (low)
	NOTE: https://rt.debian.org/Ticket/Display.html?id=672
CVE-2008-0166 (OpenSSL 0.9.8c-1 up to versions before 0.9.8g-9 on Debian-based ...)
	{DSA-1576-1 DSA-1571-1}
	- openssl 0.9.8g-9 (high)
	[sarge] - openssl <not-affected> (Vulnerable code not present)
	NOTE: http://www.debian.org/security/key-rollover/
CVE-2008-0165 (Cross-site request forgery (CSRF) vulnerability in Ikiwiki before 2.42 ...)
	{DSA-1553-1}
	- ikiwiki 2.42
CVE-2008-0164 (Multiple cross-site request forgery (CSRF) vulnerabilities in Plone ...)
	- plone3 3.1.1-1 (bug #473571)
CVE-2008-0163 (Linux kernel 2.6, when using vservers, allows local users to access ...)
	{DSA-1494-1}
	- linux-2.6 2.6.25-1 (high)
CVE-2008-0162 (misc.c in splitvt 1.6.6 and earlier does not drop group privileges ...)
	{DSA-1500-1}
	- splitvt 1.6.6-4
CVE-2008-0302 (Untrusted search path vulnerability in apt-listchanges.py in ...)
	{DSA-1465-2}
	- apt-listchanges 2.82 (medium)
	[sarge] - apt-listchanges <not-affected> (Vulnerable code not present)
	NOTE: see http://git.madism.org/?p=apt-listchanges.git;a=commitdiff;h=1bcfbf3dc55413bb83a1782dc9a54515a963fb32
CVE-2008-0160
	RESERVED
CVE-2007-6680 (Trusted Execution in IBM AIX 6.1 uses an incorrect pathname argument ...)
	NOT-FOR-US: IBM AIX
CVE-2007-6679 (Unspecified vulnerability in the Administrative Console in IBM ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2007-6678
	REJECTED
CVE-2007-6677 (Cross-site scripting (XSS) vulnerability in Peter's Random Anti-Spam ...)
	NOT-FOR-US: Peter's Random Anti-Spam Image
CVE-2003-1539 (Cross-site scripting (XSS) vulnerability in ONEdotOH Simple File ...)
	NOT-FOR-US: ONEdotOH Simple File
CVE-2008-0173 (SQL injection vulnerability in Gforge 4.6.99 and earlier allows remote ...)
	{DSA-1459-1}
	- gforge 4.6.99+svn6330-1 (medium)
	NOTE: this is exploitable by unauthenticated users
	NOTE: Requires register_globals to be On, unsupported in lenny+sid.
	NOTE: In lenny+sid these scripts just don't work, so no security issue.
	NOTE: In etch+sarge we support gforge with rg On, unfortunately.
CVE-2008-0159 (SQL injection vulnerability in index.php in eggBlog 3.1.0 and earlier ...)
	NOT-FOR-US: eggBlog
CVE-2008-0158 (Directory traversal vulnerability in index.php in Shop-Script 2.0 and ...)
	NOT-FOR-US: Shop-Script
CVE-2008-0157 (SQL injection vulnerability in FlexBB 0.6.3 and earlier allows remote ...)
	NOT-FOR-US: FlexBB
CVE-2008-0156 (Absolute path traversal vulnerability in index.php in Million Dollar ...)
	NOT-FOR-US: Million Dollar Script
CVE-2008-0155 (Cross-site scripting (XSS) vulnerability in index.php in EvilBoard ...)
	NOT-FOR-US: EvilBoard
CVE-2008-0154 (SQL injection vulnerability in index.php in EvilBoard 0.1a (Alpha) ...)
	NOT-FOR-US: EvilBoard
CVE-2008-0153 (telnetd.exe in Pragma TelnetServer 7.0.4.589 allows remote attackers ...)
	NOT-FOR-US: Pragma TelnetServer
CVE-2008-0152 (SLnet.exe in SeattleLab SLNet RF Telnet Server 4.1.1.3758 and earlier ...)
	NOT-FOR-US: SeattleLab SLNet RF Telnet Server
CVE-2008-0151 (Foxit WAC Server 2.1.0.910, 2.0 Build 3503, and earlier allows remote ...)
	NOT-FOR-US: Foxit WAC Server
CVE-2008-0150 (Unspecified vulnerability in the LDAP authentication feature in Aruba ...)
	NOT-FOR-US: Aruba Mobility Controller
CVE-2008-0149 (TUTOS 1.3 allows remote attackers to read system information via a ...)
	- tutos <removed>
	- tutos2 <not-affected> (vulnerable code not present)
CVE-2008-0148 (TUTOS 1.3 does not restrict access to php/admin/cmd.php, which allows ...)
	- tutos <removed>
	- tutos2 <not-affected> (vulnerable code not present)
CVE-2008-0147 (SQL injection vulnerability in index.php in SmallNuke 2.0.4 and ...)
	NOT-FOR-US: SmallNuke
CVE-2008-0146 (Cross-site scripting (XSS) vulnerability in the error page in W3-mSQL ...)
	NOT-FOR-US: W3-mSQL
CVE-2008-0145 (Unspecified vulnerability in glob in PHP before 4.4.8, when ...)
	- php4 <unfixed> (unimportant)
	NOTE: open_basedir bypasses not supported
CVE-2008-0144 (PHP remote file inclusion vulnerability in index.php in NetRisk 1.9.7 ...)
	NOT-FOR-US: NetRisk
CVE-2008-0143 (PHP remote file inclusion vulnerability in common/db.php in samPHPweb, ...)
	NOT-FOR-US: samPHPweb
CVE-2008-0142 (Multiple SQL injection vulnerabilities in WebPortal CMS 0.6-beta allow ...)
	NOT-FOR-US: WebPortal CMS
CVE-2008-0141 (actions.php in WebPortal CMS 0.6-beta generates predictable passwords ...)
	NOT-FOR-US: WebPortal CMS
CVE-2008-0140 (Directory traversal vulnerability in error.php in Uebimiau Webmail ...)
	NOT-FOR-US: Uebimiau Webmail
CVE-2008-0139 (Eval injection vulnerability in loudblog/inc/parse_old.php in Loudblog ...)
	NOT-FOR-US: Loudblog
CVE-2008-0138 (PHP remote file inclusion vulnerability in xoopsgallery/init_basic.php ...)
	NOT-FOR-US: XOOPS
CVE-2008-0137 (PHP remote file inclusion vulnerability in config.inc.php in SNETWORKS ...)
	NOT-FOR-US: SNETWORKS
CVE-2008-0136 (Snitz Forums 2000 3.4.05 allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: Snitz Forums 2000
CVE-2008-0135 (Snitz Forums 2000 3.4.06 and earlier stores sensitive information ...)
	NOT-FOR-US: Snitz Forums 2000
CVE-2008-0134 (Cross-site scripting (XSS) vulnerability in Forums/setup.asp in Snitz ...)
	NOT-FOR-US: Snitz Forums 2000
CVE-2008-0133 (Multiple SQL injection vulnerabilities in Tribisur 2.1 and earlier ...)
	NOT-FOR-US: Tribisur
CVE-2008-0132 (Pragma FortressSSH 5.0 Build 4 Revision 293 and earlier handles long ...)
	NOT-FOR-US: Pragma FortressSSH
CVE-2008-0131 (Cross-site scripting (XSS) vulnerability in login_form.asp in Instant ...)
	NOT-FOR-US: Instant Softwares Dating Site
CVE-2008-0130 (SQL injection vulnerability in login_form.asp in Instant Softwares ...)
	NOT-FOR-US: Instant Softwares Dating Site
CVE-2008-0129 (SQL injection vulnerability in starnet/addons/slideshow_full.php in ...)
	NOT-FOR-US: Site@School
CVE-2008-0128 (The SingleSignOn Valve ...)
	{DSA-1468-1}
	- tomcat5 <removed> (unimportant)
	NOTE: SSO cookies not working in 5.0, have only been fixed in 5.5.13, see #34724
	- tomcat5.5 5.5.23-1 (low)
	NOTE: SSO cookies sent over secure connections do not require
	NOTE: secure connections, possibly defeating HTTPS encryption.
	NOTE: See: http://issues.apache.org/bugzilla/show_bug.cgi?id=41217
CVE-2008-0127 (The administration interface in McAfee E-Business Server 8.5.2 and ...)
	NOT-FOR-US: McAfee E-Business Server
CVE-2008-0126
	RESERVED
CVE-2008-0125 (Cross-site scripting (XSS) vulnerability in phpstats.php in Michael ...)
	NOT-FOR-US: Michael Wagner phpstats
CVE-2008-0124 (Cross-site scripting (XSS) vulnerability in Serendipity (S9Y) before ...)
	{DSA-1528-1}
	- serendipity 1.3~b1-1 (low; bug #469667)
CVE-2008-0123 (Cross-site scripting (XSS) vulnerability in install.php for Moodle ...)
	- moodle <unfixed> (unimportant)
	NOTE: the issue itself has a quite small attack vector
	NOTE: and considering that the apache configuration that comes
	NOTE: with moodle limits connections to localhost this is no issue
CVE-2008-0122 (Off-by-one error in the inet_network function in libbind in ISC BIND ...)
	- bind <removed>
	[sarge] - bind <no-dsa> (applications will use inet_network in libc)
	[etch] - bind <no-dsa> (applications will use inet_network in libc)
	- bind9 <not-affected> (does not build libbind)
	- glibc 2.2-1
	NOTE: The fix for the BIND-based resolver in GNU libc was made in 2000.
	NOTE: libbind9 is distinct code, not related to the old libbind.
CVE-2008-0121 (A &quot;memory calculation error&quot; in Microsoft PowerPoint Viewer 2003 ...)
	NOT-FOR-US: Microsoft PowerPoint Viewer
CVE-2008-0120 (Integer overflow in Microsoft PowerPoint Viewer 2003 allows remote ...)
	NOT-FOR-US: Microsoft PowerPoint Viewer
CVE-2008-0119 (Unspecified vulnerability in Microsoft Publisher in Office 2000 and XP ...)
	NOT-FOR-US: Microsoft Publisher
CVE-2008-0118 (Unspecified vulnerability in Microsoft Office 2000 SP3, XP SP3, 2003 ...)
	NOT-FOR-US: Microsoft Office
CVE-2008-0117 (Unspecified vulnerability in Microsoft Excel 2000 SP3 and 2002 SP2, ...)
	NOT-FOR-US: Microsoft Excel
CVE-2008-0116 (Microsoft Excel 2000 SP3 through 2003 SP2, Viewer 2003, Compatibility ...)
	NOT-FOR-US: Microsoft Excel
CVE-2008-0115 (Unspecified vulnerability in Microsoft Excel 2000 SP3 through 2007, ...)
	NOT-FOR-US: Microsoft Excel
CVE-2008-0114 (Unspecified vulnerability in Microsoft Excel 2000 SP3 through 2003 ...)
	NOT-FOR-US: Microsoft Excel
CVE-2008-0113 (Unspecified vulnerability in Microsoft Office Excel Viewer 2003 up to ...)
	NOT-FOR-US: Microsoft Excel
CVE-2008-0112 (Unspecified vulnerability in Microsoft Excel 2000 SP3, and Office for ...)
	NOT-FOR-US: Microsoft Excel
CVE-2008-0111 (Unspecified vulnerability in Microsoft Excel 2000 SP3 through 2007, ...)
	NOT-FOR-US: Microsoft Excel
CVE-2008-0110 (Unspecified vulnerability in Microsoft Outlook in Office 2000 SP3, XP ...)
	NOT-FOR-US: Microsoft Outlook
CVE-2008-0109 (Word in Microsoft Office 2000 SP3, XP SP3, Office 2003 SP2, and Office ...)
	NOT-FOR-US: Microsoft Office
CVE-2008-0108 (Stack-based buffer overflow in wkcvqd01.dll in Microsoft Works 6 File ...)
	NOT-FOR-US: Microsoft Office
CVE-2008-0107 (Integer underflow in SQL Server 7.0 SP4, 2000 SP4, 2005 SP1 and SP2, ...)
	NOT-FOR-US: Microsoft SQL Server
CVE-2008-0106 (Buffer overflow in Microsoft SQL Server 2005 SP1 and SP2, and 2005 ...)
	NOT-FOR-US: Microsoft SQL Server
CVE-2008-0105 (Microsoft Works 6 File Converter, as used in Office 2003 SP2 and SP3, ...)
	NOT-FOR-US: Microsoft Office
CVE-2008-0104 (Unspecified vulnerability in Microsoft Office Publisher 2000, 2002, ...)
	NOT-FOR-US: Microsoft Office
CVE-2008-0103 (Unspecified vulnerability in Microsoft Office 2000 SP3, Office XP SP3, ...)
	NOT-FOR-US: Microsoft Office
CVE-2008-0102 (Unspecified vulnerability in Microsoft Office Publisher 2000, 2002, ...)
	NOT-FOR-US: Microsoft Office
CVE-2008-0101 (Format string vulnerability in the swDebugf function in DuneApp.cpp in ...)
	- whitedune 0.28.13-1 (medium)
CVE-2008-0100 (Stack-based buffer overflow in the Scene::errorf function in Scene.cpp ...)
	- whitedune 0.28.13-1 (medium)
CVE-2008-0099 (Multiple SQL injection vulnerabilities in MyPHP Forum 3.0 and earlier ...)
	NOT-FOR-US: MyPHP Forum
CVE-2008-0098 (Buffer overflow in RealPlayer 11 build 6.0.14.748 allows remote ...)
	NOT-FOR-US: RealPlayer
CVE-2008-0097 (Format string vulnerability in the log function in Georgia SoftWorks ...)
	NOT-FOR-US: Georgia SoftWorks SSH2 Server
CVE-2008-0096 (Multiple buffer overflows in Georgia SoftWorks SSH2 Server (GSW_SSHD) ...)
	NOT-FOR-US: Georgia SoftWorks SSH2 Server
CVE-2008-0095 (The SIP channel driver in Asterisk Open Source 1.4.x before 1.4.17, ...)
	- asterisk 1:1.4.17~dfsg-1 (medium; bug #458952)
	[etch] - asterisk <not-affected> (Only Asterisk 1.4.x affected)
	[sarge] - asterisk <not-affected> (Only Asterisk 1.4.x affected)
CVE-2008-0094 (Multiple directory traversal vulnerabilities in MODx Content ...)
	NOT-FOR-US: MODx Content Management System
CVE-2008-0093 (Multiple cross-site scripting (XSS) vulnerabilities in newticket.php ...)
	NOT-FOR-US: eTicket
CVE-2007-6676 (The default configuration of Uber Uploader (UU) 5.3.6 and earlier does ...)
	NOT-FOR-US: Uber Uploader
CVE-2007-6675 (The b_system_comments_show function in ...)
	NOT-FOR-US: XOOPS
CVE-2007-6674 (Cross-site scripting (XSS) vulnerability in Default.asp in RapidShare ...)
	NOT-FOR-US: RapidShare Database
CVE-2007-6673 (Cross-site scripting (XSS) vulnerability in Makale Scripti allows ...)
	NOT-FOR-US: Makale Scripti
CVE-2007-6672 (Mortbay Jetty 6.1.5 and 6.1.6 allows remote attackers to bypass ...)
	- jetty <not-affected> (medium; bug #462793)
	NOTE: only applies to version >= 6
	TODO: check if version >= 6 is uploaded
CVE-2007-6671 (SQL injection vulnerability in login_form.asp in Instant Softwares ...)
	NOT-FOR-US: Instant Softwares Dating Site
CVE-2007-6670 (SQL injection vulnerability in search.php in PHCDownload 1.1.0 allows ...)
	NOT-FOR-US: PHCDownload
CVE-2007-6669 (Cross-site scripting (XSS) vulnerability in search.php in PHCDownload ...)
	NOT-FOR-US: PHCDownload
CVE-2007-6668 (admin/uploadgames.php in MySpace Content Zone (MCZ) 3.x does not ...)
	NOT-FOR-US: MySpace Content Zone
CVE-2008-0092 (Cross-site scripting (XSS) vulnerability in index.php in the search ...)
	NOT-FOR-US: Appalachian State University phpWebSite
CVE-2008-0091 (Directory traversal vulnerability in download2.php in AGENCY4NET ...)
	NOT-FOR-US: AGENCY4NET WEBFTP
CVE-2008-0090 (A certain ActiveX control in npUpload.dll in DivX Player 6.6.0 allows ...)
	NOT-FOR-US: DivX Player
CVE-2008-0089 (SQL injection vulnerability in uprofile.php in ClipShare allows remote ...)
	NOT-FOR-US: ClipShare
CVE-2008-0088 (Unspecified vulnerability in Active Directory on Microsoft Windows ...)
	NOT-FOR-US: Windows
CVE-2008-0087 (The DNS client in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 ...)
	NOT-FOR-US: Microsoft Windows
CVE-2008-0086 (Buffer overflow in the convert function in Microsoft SQL Server 2000 ...)
	NOT-FOR-US: Microsoft SQL Server
CVE-2008-0085 (SQL Server 7.0 SP4, 2000 SP4, 2005 SP1 and SP2, 2000 Desktop Engine ...)
	NOT-FOR-US: Microsoft SQL Server
CVE-2008-0084 (Unspecified vulnerability in the TCP/IP support in Microsoft Windows ...)
	NOT-FOR-US: Windows
CVE-2008-0083 (The (1) VBScript (VBScript.dll) and (2) JScript (JScript.dll) ...)
	NOT-FOR-US: Microsoft Windows
CVE-2008-0082 (An ActiveX control (Messenger.UIAutomation.1) in Windows Messenger 4.7 ...)
	NOT-FOR-US: Windows Messenger
CVE-2008-0081 (Unspecified vulnerability in Microsoft Excel 2000 SP3 through 2003 ...)
	NOT-FOR-US: Microsoft
CVE-2008-0080 (Heap-based buffer overflow in the WebDAV Mini-Redirector in Microsoft ...)
	NOT-FOR-US: Windows
CVE-2008-0079
	RESERVED
CVE-2008-0078 (Unspecified vulnerability in an ActiveX control (dxtmsft.dll) in ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2008-0077 (Use-after-free vulnerability in Microsoft Internet Explorer 6 SP1, 6 ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2008-0076 (Unspecified vulnerability in Microsoft Internet Explorer 5.01, 6 SP1 ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2008-0075 (Unspecified vulnerability in Microsoft Internet Information Services ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2008-0074 (Unspecified vulnerability in Microsoft Internet Information Services ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2008-0073 (Array index error in the sdpplin_parse function in ...)
	{DSA-1543-1 DSA-1536-1 DTSA-119-1 DTSA-128-1}
	- xine-lib 1.1.11-1 (medium)
	- vlc 0.8.6.e-2 (medium; bug #473057)
	NOTE: http://bugs.xine-project.org/show_bug.cgi?id=58
CVE-2008-0072 (Format string vulnerability in the emf_multipart_encrypted function in ...)
	{DSA-1512-1}
	- evolution 2.12.3-1.1
	NOTE: SA29057
CVE-2008-0071 (The Web UI interface in (1) BitTorrent before 6.0.3 build 8642 and (2) ...)
	NOT-FOR-US: uTorrent 1.7.7 (build 8179) / BitTorrent 6.0.1 (build 7859)
CVE-2008-0070 (Integer overflow in Orb Networks Orb 2.00.1014 and Winamp Remote BETA ...)
	NOT-FOR-US: Orb Networks Orb and Winamp Remote BETA
CVE-2008-0069 (Stack-based buffer overflow in XnView 1.92 and 1.92.1 allows ...)
	NOT-FOR-US: XnView
CVE-2008-0068 (Directory traversal vulnerability in OpenView5.exe in HP OpenView ...)
	NOT-FOR-US: HP OpenView
CVE-2008-0067 (Multiple stack-based buffer overflows in HP OpenView Network Node ...)
	NOT-FOR-US: HP OpenView Network Node Manager (OV NNM)
CVE-2008-0066 (Multiple buffer overflows in htmsr.dll in the HTML speed reader in ...)
	NOT-FOR-US: KeyView
CVE-2008-0065 (Multiple stack-based buffer overflows in in_mp3.dll in Winamp 5.21, ...)
	NOT-FOR-US: Winamp
CVE-2008-0064 (Stack-based buffer overflow in Pierre-emmanuel Gougelet (1) XnView ...)
	NOT-FOR-US: XnView, nconvert GFL SDK for Windows
CVE-2008-0063 (The Kerberos 4 support in KDC in MIT Kerberos 5 (krb5kdc) does not ...)
	{DSA-1524-1}
	- krb5 1.6.dfsg.3~beta1-4 (medium)
CVE-2008-0062 (KDC in MIT Kerberos 5 (krb5kdc) does not set a global variable for ...)
	{DSA-1524-1}
	- krb5 1.6.dfsg.3~beta1-4 (high)
CVE-2008-0060 (Help Viewer in Apple Mac OS X 10.4.11 and 10.5.2 allows remote ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2008-0059 (Race condition in NSXML in Foundation for Apple Mac OS X 10.4.11 ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2008-0058 (Race condition in the NSURLConnection cache management functionality ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2008-0057 (Multiple integer overflows in a &quot;legacy serialization format&quot; parser ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2008-0056 (Stack-based buffer overflow in Foundation in Apple Mac OS X 10.4.11 ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2008-0055 (Foundation in Apple Mac OS X 10.4.11 creates world-writable ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2008-0054 (Foundation in Apple Mac OS X 10.4.11 might allow context-dependent ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2008-0053 (Multiple buffer overflows in the HP-GL/2-to-PostScript filter in CUPS ...)
	{DSA-1625-1}
	- cupsys 1.3.6-1
	- cups 1.3.6-1
	NOTE: https://bugzilla.redhat.com/attachment.cgi?id=298651
CVE-2008-0052 (CoreServices in Apple Mac OS X 10.4.11 treats .ief as a safe file ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2008-0051 (Integer overflow in CoreFoundation in Apple Mac OS X 10.4.11 might ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2008-0050 (CFNetwork in Apple Mac OS X 10.4.11 allows remote HTTPS proxy servers ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2008-0049 (AppKit in Apple Mac OS X 10.4.11 inadvertently makes an NSApplication ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2008-0048 (Stack-based buffer overflow in AppKit in Apple Mac OS X 10.4.11 allows ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2008-0047 (Heap-based buffer overflow in the cgiCompileSearch function in CUPS ...)
	{DSA-1530-1}
	- cupsys 1.3.6-3 (medium; bug #472105)
	- cups 1.3.6-3 (medium; bug #472105)
	[sarge] - cupsys <not-affected> (Vulnerable code not present)
CVE-2008-0046 (The Application Firewall in Apple Mac OS X 10.5.2 has an incorrect ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2008-0045 (Unspecified vulnerability in AFP Server in Apple Mac OS X 10.4.11 ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2008-0044 (Multiple buffer overflows in AFP Client in Apple Mac OS X 10.4.11 and ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2008-0043 (Format string vulnerability in Apple iPhoto before 7.1.2 allows remote ...)
	NOT-FOR-US: Apple iPhoto
CVE-2008-0042 (Argument injection vulnerability in Terminal.app in Terminal in Apple ...)
	NOT-FOR-US: Apple Mac OSX
CVE-2008-0041 (Parental Controls in Apple Mac OS X 10.5 through 10.5.1 contacts ...)
	NOT-FOR-US: Apple Mac OSX
CVE-2008-0040 (Unspecified vulnerability in NFS in Apple Mac OS X 10.5 through 10.5.1 ...)
	NOT-FOR-US: Apple Mac OSX
CVE-2008-0039 (Unspecified vulnerability in Mail in Apple Mac OS X 10.4.11 allows ...)
	NOT-FOR-US: Apple Mac OSX
CVE-2008-0038 (Launch Services in Apple Mac OS X 10.5 through 10.5.1 allows an ...)
	NOT-FOR-US: Apple Mac OSX
CVE-2008-0037 (X11 in Apple Mac OS X 10.5 through 10.5.1 does not properly handle ...)
	NOT-FOR-US: Apple Mac OSX
CVE-2008-0036 (Buffer overflow in Apple QuickTime before 7.4 allows remote attackers ...)
	NOT-FOR-US: Apple QuickTime
CVE-2008-0035 (Unspecified vulnerability in Foundation, as used in Apple iPhone 1.0 ...)
	NOT-FOR-US: Apple cocoa Foundation
	NOTE: AFAICS this is not the same as libfoundation in Debian
CVE-2008-0034 (Unspecified vulnerability in Passcode Lock in Apple iPhone 1.0 through ...)
	NOT-FOR-US: Apple iPhone
CVE-2008-0033 (Unspecified vulnerability in Apple QuickTime before 7.4 allows remote ...)
	NOT-FOR-US: Apple QuickTime
CVE-2008-0032 (Apple QuickTime before 7.4 allows remote attackers to execute ...)
	NOT-FOR-US: Apple QuickTime
CVE-2008-0031 (Unspecified vulnerability in Apple QuickTime before 7.4 allows remote ...)
	NOT-FOR-US: Apple QuickTime
CVE-2007-6667 (SQL injection vulnerability in faq.php in MyPHP Forum 3.0 and earlier ...)
	NOT-FOR-US: MyPHP Forum
CVE-2007-6666 (SQL injection vulnerability in rss.php in Zenphoto 1.1 through 1.1.3 ...)
	NOT-FOR-US: Zenphoto
CVE-2007-6665 (SQL injection vulnerability in admin/login.asp in Netchemia oneSCHOOL ...)
	NOT-FOR-US: Netchemia
CVE-2007-6664 (SQL injection vulnerability in index.php in WebPortal CMS 0.6.0 and ...)
	NOT-FOR-US: WebPortal
CVE-2007-6663 (SQL injection vulnerability in (1) Puarcade.php and (2) ...)
	NOT-FOR-US: Pragmatic Utopia PU Arcade
CVE-2007-6662 (Directory traversal vulnerability in file.php in CuteNews 2.6 allows ...)
	NOT-FOR-US: CuteNews
CVE-2007-6661 (2z project 0.9.6.1 allows attackers to change the password without ...)
	NOT-FOR-US: 2z project
CVE-2007-6660 (2z project 0.9.6.1 allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: 2z project
CVE-2007-6659 (Multiple cross-site scripting (XSS) vulnerabilities in 2z project ...)
	NOT-FOR-US: 2z project
CVE-2007-6658 (SQL injection vulnerability in admin.php/vars.php in CustomCMS (CCMS) ...)
	NOT-FOR-US: CCMS
CVE-2007-6657 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: Mihalism
CVE-2007-6656 (SQL injection vulnerability in content_css.php in the TinyMCE module ...)
	NOT-FOR-US: CMS Made Simple
CVE-2007-6655 (PHP remote file inclusion vulnerability in includes/function.php in ...)
	NOT-FOR-US: Kontakt Formular
CVE-2007-6654 (Buffer overflow in a certain ActiveX control in Macrovision ...)
	NOT-FOR-US: Macrovision InstallShield Update Service Web Agent
CVE-2007-6653 (Directory traversal vulnerability in download.php in Mihalism Multi ...)
	NOT-FOR-US: Mihalism
CVE-2007-6652 (cpie.php in XCMS 1.83 and earlier sends a redirect to the web browser ...)
	NOT-FOR-US: XCMS
CVE-2007-6651 (Directory traversal vulnerability in wiki/edit.php in Bitweaver R2 CMS ...)
	NOT-FOR-US: Bitweaver
CVE-2007-6650 (Unrestricted file upload vulnerability in fisheye/upload.php in ...)
	NOT-FOR-US: Bitweaver
CVE-2007-6649 (PHP remote file inclusion vulnerability in includes/tumbnail.php in ...)
	NOT-FOR-US: MatPo Bilder Gallery
CVE-2007-6648 (Directory traversal vulnerability in index.php in SanyBee Gallery ...)
	NOT-FOR-US: SanyBee Gallery
CVE-2007-6647 (SQL injection vulnerability in index.php in w-Agora 4.2.1 and earlier ...)
	NOT-FOR-US: w-Agora
CVE-2007-6646 (Multiple cross-site scripting (XSS) vulnerabilities in LiveCart 1.0.1, ...)
	NOT-FOR-US: LiveCart
CVE-2007-6645 (Unspecified vulnerability in Joomla! before 1.5 RC4 allows remote ...)
	NOT-FOR-US: Joomla
CVE-2007-6644 (Joomla! before 1.5 RC4 allows remote authenticated administrators to ...)
	NOT-FOR-US: Joomla
CVE-2007-6643 (Cross-site scripting (XSS) vulnerability in the com_poll component in ...)
	NOT-FOR-US: Joomla
CVE-2007-6642 (Multiple cross-site request forgery (CSRF) vulnerabilities in Joomla! ...)
	NOT-FOR-US: Joomla
CVE-2007-6641 (Cross-site scripting (XSS) vulnerability in dir.php in milliscripts ...)
	NOT-FOR-US: milliscripts
CVE-2007-6640 (Creammonkey 0.9 through 1.1 and GreaseKit 1.2 through 1.3 does not ...)
	NOT-FOR-US: Creammonkey and GreaseKit
CVE-2007-6639 (SQL injection vulnerability in index.php in IPTBB 0.5.4 and earlier ...)
	NOT-FOR-US: IPTBB
CVE-2007-6638 (March Networks DVR 3204 stores sensitive information under the web ...)
	NOT-FOR-US: March Networks
CVE-2007-6637 (Multiple cross-site scripting (XSS) vulnerabilities in Adobe Flash ...)
	- flashplugin-nonfree 1:1.4 (bug #459071)
	[sarge] - flashplugin-nonfree <no-dsa> (Contrib not supported)
	[etch] - flashplugin-nonfree <no-dsa> (Contrib not supported)
	NOTE: http://www.adobe.com/support/security/advisories/apsa07-06.html
CVE-2007-6636 (Unspecified vulnerability in the StorageFarabDb module in Bitflu ...)
	NOT-FOR-US: Bitflu
CVE-2007-6635 (FAQMasterFlexPlus, possibly 1.5 or 1.52, stores the admin password in ...)
	NOT-FOR-US: FAQMasterFlexPlus
CVE-2007-6634 (Multiple SQL injection vulnerabilities in FAQMasterFlexPlus, possibly ...)
	NOT-FOR-US: FAQMasterFlexPlus
CVE-2007-6633 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
	NOT-FOR-US: FAQMasterFlexPlus
CVE-2007-6632 (showCode.php in xml2owl 0.1.1 allows remote attackers to execute ...)
	NOT-FOR-US: xml2owl
CVE-2007-6631 (Multiple buffer overflows in LScube libnemesi 0.6.4-rc1 and earlier ...)
	NOT-FOR-US: LScube libnemesi
CVE-2007-6630 (The Url_init function in utils/url.c in Netembryo 0.0.4, when used by ...)
	NOT-FOR-US: Netembryo
CVE-2007-6629 (Interpretation conflict in LScube Feng 0.1.15 and earlier allows ...)
	NOT-FOR-US: LScube Feng
CVE-2007-6628 (LScube Feng 0.1.15 and earlier allows remote attackers to cause a ...)
	NOT-FOR-US: LScube Feng
CVE-2007-6627 (Integer overflow in the RTSP_remove_msg function in RTSP_lowlevel.c in ...)
	NOT-FOR-US: LScube Feng
CVE-2007-6626 (Multiple buffer overflows in the RTSP_valid_response_msg function in ...)
	NOT-FOR-US: LScube Feng
CVE-2007-6625 (The Platform Service Process (asampsp) in Fan-Out Driver Platform ...)
	NOT-FOR-US: Platform Service Process (asampsp)
CVE-2007-6624 (Directory traversal vulnerability in printview.php in PNphpBB2 1.2i ...)
	NOT-FOR-US: PNphpBB2
CVE-2007-6623 (Absolute path traversal vulnerability in ZeusCMS 0.3 and earlier might ...)
	NOT-FOR-US: ZeusCMS
CVE-2007-6622 (SQL injection vulnerability in security.php in ZeusCMS 0.3 and earlier ...)
	NOT-FOR-US: ZeusCMS
CVE-2007-6621 (Directory traversal vulnerability in joovili.images.php in Joovili ...)
	NOT-FOR-US: Joovili
CVE-2007-6620 (Directory traversal vulnerability in include/images.inc.php in Joovili ...)
	NOT-FOR-US: Joovili
CVE-2007-6619 (The Setup Wizard in Atlassian JIRA Enterprise Edition before 3.12.1 ...)
	NOT-FOR-US: Setup Wizard in Atlassian JIRA Enterprise Edition
CVE-2007-6618 (JIRA Enterprise Edition before 3.12.1 allows remote attackers to ...)
	NOT-FOR-US: JIRA Enterprise Edition
CVE-2007-6617 (Cross-site scripting (XSS) vulnerability in 500page.jsp in JIRA ...)
	NOT-FOR-US: JIRA Enterprise Edition
CVE-2007-6616 (Cross-site scripting (XSS) vulnerability in simpleforum.cgi in ...)
	NOT-FOR-US: SimpleForum
CVE-2007-6615 (Directory traversal vulnerability in includes/block.php in Agares ...)
	NOT-FOR-US: Agares Media phpAutoVideo
CVE-2007-6614 (PHP remote file inclusion vulnerability in admin/frontpage_right.php ...)
	NOT-FOR-US: Agares Media phpAutoVideo
CVE-2007-6613 (Stack-based buffer overflow in the print_iso9660_recurse function in ...)
	- libcdio 0.78.2+dfsg1-2 (low; bug #459129)
	[sarge] - libcdio <not-affected> (Packages prior to 0.78.2 didn't build the tools into binary package)
	[etch] - libcdio <not-affected> (Packages prior to 0.78.2 didn't build the tools into binary package)
	NOTE: applications that use libcdio are not vulnerable, problem only lies in the info tool
CVE-2007-6610 (unp 1.0.12, and other versions before 1.0.14, does not properly escape ...)
	- unp 1.0.13 (bug #448437; low)
	[etch] - unp <no-dsa> (Only used as archiver in third-party software)
CVE-2007-6609 (Multiple stack-based buffer overflows in the CPLI_ReadTag_OGG function ...)
	NOT-FOR-US: CoolPlayer
CVE-2007-6608 (Multiple cross-site scripting (XSS) vulnerabilities in OpenBiblio ...)
	NOT-FOR-US: OpenBiblio
CVE-2007-6607 (OpenBiblio 0.5.2-pre4 and earlier allows remote attackers to obtain ...)
	NOT-FOR-US: OpenBiblio
CVE-2007-6606 (OpenBiblio 0.5.2-pre4 and earlier allows remote attackers to obtain ...)
	NOT-FOR-US: OpenBiblio
CVE-2007-6605 (Buffer overflow in a certain ActiveX control in SkyFexClient.ocx ...)
	NOT-FOR-US: SkyFex Client
CVE-2007-6604 (Multiple directory traversal vulnerabilities in index.php in XCMS 1.82 ...)
	NOT-FOR-US: XCMS
CVE-2007-6603 (Hot or Not Clone has insufficient access control for producing and ...)
	NOT-FOR-US: Hot or Not Clone
CVE-2007-6602 (SQL injection vulnerability in app/models/identity.php in NoseRub ...)
	NOT-FOR-US: NoseRub
CVE-2007-6601 (The DBLink module in PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, ...)
	{DSA-1463-1 DSA-1460-1}
	- postgresql-8.2 8.2.6-1
	- postgresql-8.1 8.1.11-1
CVE-2007-6600 (PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, 7.4 ...)
	{DSA-1463-1 DSA-1460-1}
	- postgresql-8.2 8.2.6-1
	- postgresql-8.1 8.1.11-1
	[sarge] - postgresql <unfixed>
CVE-2007-6597 (Multiple cross-site scripting (XSS) vulnerabilities in IPortalX before ...)
	NOT-FOR-US: IPortalX
CVE-2007-6599 (Race condition in fileserver in OpenAFS 1.3.50 through 1.4.5 and 1.5.0 ...)
	{DSA-1458-1}
	- openafs 1.4.6.dfsg1-1 (medium)
	NOTE: http://www.openafs.org/security/OPENAFS-SA-2007-003.txt
CVE-2007-6595 (ClamAV 0.92 allows local users to overwrite arbitrary files via a ...)
	{DSA-1497-1}
	- clamav 0.92.1~dfsg-1 (low; bug #458532)
	[etch] - clamav <not-affected> (Minor issue, first issue doesn't apply)
	[sarge] - clamav <no-dsa> (Security Support has stopped)
CVE-2007-6596 (ClamAV 0.92 does not recognize Base64 UUEncoded archives, which allows ...)
	- clamav <unfixed> (unimportant; bug #458532)
	[etch] - clamav <no-dsa> (Minor issue)
	[sarge] - clamav <no-dsa> (Security Support has stopped)
	NOTE: this is more a feature request than a bug
CVE-2007-6594 (IBM Lotus Notes 8 for Linux before 8.0.1 uses (1) unspecified weak ...)
	NOT-FOR-US: Lotus Notes
CVE-2007-6593 (Multiple stack-based buffer overflows in l123sr.dll in Autonomy ...)
	NOT-FOR-US: IBM Lotus Notes
CVE-2007-6592 (Apple Safari 2, when a user accepts an SSL server certificate on the ...)
	NOT-FOR-US: Safari
CVE-2007-6591 (KDE Konqueror 3.5.5 and 3.95.00, when a user accepts an SSL server ...)
	- kdebase 4:4.0.3-1 (low; bug #458968)
	[etch] - kdebase <no-dsa> (Minor issue)
	[lenny] - kdebase <no-dsa> (Minor issue)
	NOTE: filed http://bugs.kde.org/show_bug.cgi?id=154921
	NOTE: No longer occurs in KDE 4.0.3 according to upstream bug
CVE-2007-6590
	REJECTED
CVE-2007-6589 (The jar protocol handler in Mozilla Firefox before 2.0.0.10 and ...)
	{DSA-1534-1}
	- iceape 1.1.7-1 (medium)
	- iceweasel 2.0.0.10-1 (medium)	
CVE-2007-6588 (Cross-site scripting (XSS) vulnerability in PHCDownload 1.10 allows ...)
	NOT-FOR-US: PHCDownload
CVE-2007-6587 (SQL injection vulnerability in plog-rss.php in Plogger 1.0 Beta 3.0 ...)
	NOT-FOR-US: Plogger
CVE-2007-6586 (SQL injection vulnerability in sezione_news.php in nicLOR-CMS allows ...)
	NOT-FOR-US: nicLOR-CMS
CVE-2007-6585 (PHP remote file inclusion vulnerability in confirmUnsubscription.php ...)
	NOT-FOR-US: NmnNewsletter
CVE-2007-6584 (Multiple directory traversal vulnerabilities in 1024 CMS 1.3.1 allow ...)
	NOT-FOR-US: 1024 CMS
CVE-2007-6583 (SQL injection vulnerability in admin/ops/findip/ajax/search.php in ...)
	NOT-FOR-US: 1024 CMS
CVE-2007-6582 (Directory traversal vulnerability in index.php in mBlog 1.2 allows ...)
	NOT-FOR-US: mBlog
CVE-2007-6581 (Multiple directory traversal vulnerabilities in Social Engine 2.0 ...)
	NOT-FOR-US: Social Engine
CVE-2007-6580 (Multiple SQL injection vulnerabilities in Wallpaper Site 1.0.09 allow ...)
	NOT-FOR-US: Wallpaper Site
CVE-2007-6579 (Multiple SQL injection vulnerabilities in Ip Reg 0.3 allow remote ...)
	NOT-FOR-US: Ip Reg
CVE-2007-6578 (SQL injection vulnerability in go.php in PHP ZLink 0.3 allows remote ...)
	NOT-FOR-US: PHP ZLink
CVE-2007-6577 (Multiple SQL injection vulnerabilities in index.php in zBlog 1.2 allow ...)
	NOT-FOR-US: zBlog
CVE-2007-6576 (Multiple SQL injection vulnerabilities in Adult Script 1.6.5 and ...)
	NOT-FOR-US: Adult Script
CVE-2007-6575 (SQL injection vulnerability in default.php in MMSLamp allows remote ...)
	NOT-FOR-US: MMSLamp
CVE-2007-6574 (Multiple cross-site scripting (XSS) vulnerabilities in Dokeos 1.8.4 ...)
	NOT-FOR-US: Dokeos
CVE-2007-6573 (QK SMTP Server 3 allows remote attackers to cause a denial of service ...)
	NOT-FOR-US: QK SMTP
CVE-2007-6572 (Cross-site scripting (XSS) vulnerability in Sun Java System Web Server ...)
	NOT-FOR-US: Sun Java System Web Server
CVE-2007-6571 (Cross-site scripting (XSS) vulnerability in Sun Java System Web Proxy ...)
	NOT-FOR-US: Sun Java System Web Proxy
CVE-2007-6570 (Cross-site scripting (XSS) vulnerability in the View URL Database ...)
	NOT-FOR-US: Sun Java System Web Proxy Server
CVE-2007-6569 (Cross-site scripting (XSS) vulnerability in the View Error Log ...)
	NOT-FOR-US: Sun Java System Web Proxy Server
CVE-2007-6568 (PHP remote file inclusion vulnerability in config.inc.php in XZero ...)
	NOT-FOR-US: XZero Community Classifieds
CVE-2007-6567 (Directory traversal vulnerability in index.php in XZero Community ...)
	NOT-FOR-US: XZero Community Classifieds
CVE-2007-6566 (SQL injection vulnerability in post.php in XZero Community Classifieds ...)
	NOT-FOR-US: XZero Community Classifieds
CVE-2007-6565 (Multiple SQL injection vulnerabilities in Blakord Portal 1.3.A Beta ...)
	NOT-FOR-US: Blakord Portal
CVE-2007-6611 (Cross-site scripting (XSS) vulnerability in view.php in Mantis before ...)
	{DSA-1467-1}
	- mantis 1.0.8-4 (low; bug #458377)
CVE-2007-6683 (The browser plugin in VideoLAN VLC 0.8.6d allows remote attackers to ...)
	{DSA-1543-1 DTSA-132-1}
	- vlc 0.8.6.c-4.1 (medium; bug #458318)
	- mozilla-browser-plugin 0.8.6.e-2.2 (bug #480370)
	NOTE: the plugin is in the same srcpkg but has its own implementation for VLCOPT
	[lenny] - vlc 0.8.6.c-4.1~lenny1
	NOTE: see https://trac.videolan.org/vlc/ticket/1371
CVE-2007-6682 (Format string vulnerability in the httpd_FileCallBack function ...)
	{DSA-1543-1}
	- vlc 0.8.6.c-4.1 (medium; bug #458318)
	[lenny] - vlc 0.8.6.c-4.1~lenny1
	NOTE: see http://www.securityfocus.com/archive/1/485488/30/0/threaded
CVE-2007-6681 (Stack-based buffer overflow in modules/demux/subtitle.c in VideoLAN ...)
	{DSA-1543-1}
	- vlc 0.8.6.c-4.1 (low; bug #458318)
	[lenny] - vlc 0.8.6.c-4.1~lenny1
	NOTE: see http://www.securityfocus.com/archive/1/485488/30/0/threaded
CVE-2007-6684 (The RTSP module in VideoLAN VLC 0.8.6d allows remote attackers to ...)
	- vlc 0.8.6.c-4.1 (unimportant; bug #458318)
	[lenny] - vlc 0.8.6.c-4.1~lenny1
	NOTE: That's hardly a security problem, just a bug
CVE-2007-6598 (Dovecot before 1.0.10, with certain configuration options including ...)
	{DSA-1457-1}
	- dovecot 1:1.0.10-1 (low; bug #458315)
	[sarge] - dovecot <not-affected> (Vulnerable code not present)
	[etch] - dovecot <no-dsa> (very minor issue)
	NOTE: http://dovecot.org/list/dovecot-news/2007-December/000057.html
	NOTE: low, because issue is only with quite rare configurations
CVE-2007-6612 (Directory traversal vulnerability in DirHandler ...)
	- mongrel 1.1.3-1 (medium)
CVE-2007-6564 (Cross-site scripting (XSS) vulnerability in admin.php in Limbo CMS ...)
	NOT-FOR-US: Limbo CMS
CVE-2007-6563 (Heap-based buffer overflow in WinAce 2.65 and earlier, and possibly ...)
	NOT-FOR-US: WinAce
CVE-2007-6562 (Multiple stack-based buffer overflows in the use of FD_SET in TCPreen ...)
	{DSA-1443-1}
	- tcpreen 1.4.3-0.3 (medium; bug #457781)
CVE-2007-6561 (Multiple stack-based buffer overflows in PDFLib allow user-assisted ...)
	NOT-FOR-US: PDFLib
CVE-2007-6560 (Multiple cross-site scripting (XSS) vulnerabilities in Logaholic allow ...)
	NOT-FOR-US: Logaholic
CVE-2007-6559 (Multiple SQL injection vulnerabilities in Logaholic allow remote ...)
	NOT-FOR-US: Logaholic
CVE-2007-6558 (TotalPlayer 3.0 allows user-assisted remote attackers to cause a ...)
	NOT-FOR-US: TotalPlayer
CVE-2007-6557 (Multiple SQL injection vulnerabilities in MeGaCheatZ 1.1 allow remote ...)
	NOT-FOR-US: MeGaCheatZ
CVE-2007-6556 (Multiple SQL injection vulnerabilities in websihirbazi 5.1.1 allow ...)
	NOT-FOR-US: websihirbazi
CVE-2007-6555 (PHP remote file inclusion vulnerability in modules/mod_pxt_latest.php ...)
	NOT-FOR-US: Joomla! extension
CVE-2007-6554 (Multiple directory traversal vulnerabilities in TeamCal Pro 3.1.000 ...)
	NOT-FOR-US: TeamCal
CVE-2007-6553 (Multiple PHP remote file inclusion vulnerabilities in TeamCal Pro ...)
	NOT-FOR-US: TeamCal
CVE-2007-6552 (Directory traversal vulnerability in index.php in AuraCMS 2.2 allows ...)
	NOT-FOR-US: AuraCMS
CVE-2007-6551 (SQL injection vulnerability in showMsg.php in MailMachine Pro 2.2.4, ...)
	NOT-FOR-US: MailMachine
CVE-2007-6550 (form.php in PMOS Help Desk 2.4 and earlier sends a redirect to the web ...)
	NOT-FOR-US: PMOS Help Desk
CVE-2007-6549 (Unspecified vulnerability in RunCMS before 1.6.1 has unknown impact ...)
	NOT-FOR-US: RunCMS
CVE-2007-6548 (Multiple direct static code injection vulnerabilities in RunCMS before ...)
	NOT-FOR-US: RunCMS
CVE-2007-6547 (RunCMS before 1.6.1 does not require entry of the old password during ...)
	NOT-FOR-US: RunCMS
CVE-2007-6546 (RunCMS before 1.6.1 uses a predictable session id, which makes it ...)
	NOT-FOR-US: RunCMS
CVE-2007-6545 (Multiple cross-site scripting (XSS) vulnerabilities in RunCMS before ...)
	NOT-FOR-US: RunCMS
CVE-2007-6544 (Multiple SQL injection vulnerabilities in RunCMS before 1.6.1 allow ...)
	NOT-FOR-US: RunCMS
CVE-2007-6543 (SQL injection vulnerability in suggest-link.php in eSyndiCat Link ...)
	NOT-FOR-US: eSyndiCat Link Exchange Script
CVE-2007-6542 (PHP remote file inclusion vulnerability in admin/frontpage_right.php ...)
	NOT-FOR-US: Arcadem LEArcadem LE
CVE-2007-6541 (Multiple cross-site scripting (XSS) vulnerabilities in neuron news 1.0 ...)
	NOT-FOR-US: neuron news
CVE-2007-6540 (SQL injection vulnerability in neuron news 1.0 allows remote attackers ...)
	NOT-FOR-US: neuron news
CVE-2007-6539 (PHP local file inclusion vulnerability in index.php in IDevspot ...)
	NOT-FOR-US: IDevspot iSupport
CVE-2007-6538 (SQL injection vulnerability in ing/blocks/mrbs/code/web/view_entry.php ...)
	- moodle <not-affected> (Vulnerable code not present, third party module)
CVE-2007-6537 (Stack-based buffer overflow in the zfile_gunzip function in zfile.c in ...)
	NOT-FOR-US: WinUAE
CVE-2007-6536 (The Custom Button Installer dialog in Google Toolbar 4 and 5 beta ...)
	NOT-FOR-US: Google Toolbar
CVE-2007-6535 (Buffer overflow in the YShortcut ActiveX control in YShortcut.dll ...)
	NOT-FOR-US: YShortcut ActiveX control
CVE-2007-6534 (Multiple unspecified vulnerabilities in Microsoft Office Publisher ...)
	NOT-FOR-US: Microsoft Office Publisher
CVE-2007-6533 (Buffer overflow in Zoom Player 6.00 beta 2 and earlier allows ...)
	NOT-FOR-US: Zoom Player
CVE-2007-6532 (Double free vulnerability in the Widget Library (libxfcegui4) in Xfce ...)
	- xfce4 4.4.2 (low)
	[sarge] - xfce4 <no-dsa> (Minor issue)
	[etch] - xfce4 <no-dsa> (Minor issue)
CVE-2007-6531 (Stack-based buffer overflow in the Panel (xfce4-panel) component in ...)
	- xfce4 4.4.2 (low)
	[sarge] - xfce4 <no-dsa> (Minor issue)
	[etch] - xfce4 <no-dsa> (Minor issue)
CVE-2007-6530 (Buffer overflow in the XUpload.ocx ActiveX control in Persits Software ...)
	NOT-FOR-US: XUpload
CVE-2007-6529 (Multiple unspecified vulnerabilities in TikiWiki before 1.9.9 have ...)
	- tikiwiki <removed>
CVE-2007-6528 (Directory traversal vulnerability in tiki-listmovies.php in TikiWiki ...)
	- tikiwiki <removed>
CVE-2007-6527 (uploadimg.php in the Automatic Image Upload with Thumbnails ...)
	NOT-FOR-US: PunBB
CVE-2007-6526 (Cross-site scripting (XSS) vulnerability in tiki-special_chars.php in ...)
	- tikiwiki <removed>
CVE-2007-6525 (Unspecified vulnerability in eClient in IBM DB2 Content Manager (CM) ...)
	NOT-FOR-US: IBM DB2 Content Manager
CVE-2007-6524 (Opera before 9.25 allows remote attackers to obtain potentially ...)
	NOT-FOR-US: Opera
CVE-2007-6523 (Algorithmic complexity vulnerability in Opera 9.50 beta and 9.x before ...)
	NOT-FOR-US: Opera
CVE-2007-6522 (The rich text editing functionality in Opera before 9.25 allows remote ...)
	NOT-FOR-US: Opera
CVE-2007-6521 (Unspecified vulnerability in Opera before 9.25 allows remote attackers ...)
	NOT-FOR-US: Opera
CVE-2007-6520 (Opera before 9.25 allows remote attackers to conduct cross-domain ...)
	NOT-FOR-US: Opera
CVE-2007-6519 (Unspecified vulnerability in the File-on-File Mounting File System ...)
	NOT-FOR-US: HP Tru64 UNIX
CVE-2007-6518 (Multiple SQL injection vulnerabilities in search.php in WoltLab ...)
	NOT-FOR-US: WoltLab Burning Board
CVE-2007-6517 (SQL injection vulnerability in the forget password section ...)
	NOT-FOR-US: Eagle Software Aeries Browser Interface
CVE-2007-6516 (Buffer overflow in RavWare Software MAS Flic ActiveX Control ...)
	NOT-FOR-US: RavWare Software MAS Flic ActiveX Control
CVE-2007-6515 (support/dispatch.cgi in SiteScape Forum allows remote attackers to ...)
	NOT-FOR-US: SiteScape
CVE-2007-6513 (HP eSupportDiagnostics ActiveX control (hpediag.dll) 1.0.11.0 exports ...)
	NOT-FOR-US: HP eSupportDiagnostics ActiveX control
CVE-2007-6512 (PHP MySQL Banner Exchange 2.2.1 stores sensitive information under the ...)
	NOT-FOR-US: PHP MySQL Banner Exchange
CVE-2007-6511 (Websense Enterprise 6.3.1 allows remote attackers to bypass content ...)
	NOT-FOR-US: Websense Enterprise
CVE-2007-6510 (Multiple stack-based buffer overflows in ProWizard 4 PC (prowiz) 1.62 ...)
	NOT-FOR-US: ProWizard
CVE-2007-6509 (Unspecified vulnerability in Appian Enterprise Business Process ...)
	NOT-FOR-US: Appian Enterprise Business Process Management Suite
CVE-2007-6508 (Directory traversal vulnerability in view.php in xeCMS 1.0 allows ...)
	NOT-FOR-US: xeCMS
CVE-2007-6514 (Apache HTTP Server, when running on Linux with a document root on a ...)
	- linux-2.6 <unfixed> 
	NOTE: While labeled as an Apache flaw, this needs to be fixed in smbfs
	NOTE: This is likely already fixed in recent kernels, but we need to pin point
	NOTE: a fixed version
CVE-2007-XXXX [venkman preinst symlink dos]
	- venkman 0.9.87.2-1 (bug #456520)
	[lenny] - venkman <not-affected> (Vulnerable code not present)
	[sarge] - venkman <not-affected> (Vulnerable code not present)
	[etch] - venkman <not-affected> (Vulnerable code not present)
CVE-2007-XXXX [unace unspecified security issue related to uninitialized variable]
	- unace-nonfree 2.5-3
	[etch] - unace-nonfree <no-dsa> (non-free not supported)
	[etch] - unace-nonfree 2.5-1etch1
CVE-2007-6507 (SpntSvc.exe daemon in Trend Micro ServerProtect 5.58 for Windows, ...)
	NOT-FOR-US: Trend Micro ServerProtect
CVE-2007-6506 (The HPRulesEngine.ContentCollection.1 ActiveX Control in ...)
	NOT-FOR-US: HP Software Update
CVE-2007-6505 (Solaris 9, with Solaris Auditing enabled and certain patches for sshd ...)
	NOT-FOR-US: Solaris
CVE-2007-6504 (Unspecified vulnerability in IIS/iibind.asp in Hosting Controller 6.1 ...)
	NOT-FOR-US: Hosting Controller
CVE-2007-6503 (Multiple unspecified vulnerabilities in Hosting Controller 6.1 Hot fix ...)
	NOT-FOR-US: Hosting Controller
CVE-2007-6502 (Hosting Controller 6.1 Hot fix 3.3 and earlier allows remote ...)
	NOT-FOR-US: Hosting Controller
CVE-2007-6501 (Unspecified vulnerability in Hosting Controller 6.1 Hot fix 3.3 and ...)
	NOT-FOR-US: Hosting Controller
CVE-2007-6500 (Unspecified vulnerability in Hosting Controller 6.1 Hot fix 3.3 and ...)
	NOT-FOR-US: Hosting Controller
CVE-2007-6499 (Unspecified vulnerability in Hosting Controller 6.1 Hot fix 3.3 and ...)
	NOT-FOR-US: Hosting Controller
CVE-2007-6498 (Multiple SQL injection vulnerabilities in Hosting Controller 6.1 Hot ...)
	NOT-FOR-US: Hosting Controller
CVE-2007-6497 (Hosting Controller 6.1 Hot fix 3.3 and earlier (1) allows remote ...)
	NOT-FOR-US: Hosting Controller
CVE-2007-6496 (Hosting Controller 6.1 Hot fix 3.3 and earlier allows remote attackers ...)
	NOT-FOR-US: Hosting Controller
CVE-2007-6495 (inc_newuser.asp in Hosting Controller 6.1 Hot fix 3.3 and earlier ...)
	NOT-FOR-US: Hosting Controller
CVE-2007-6494 (Hosting Controller 6.1 Hot fix 3.3 and earlier allows remote attackers ...)
	NOT-FOR-US: Hosting Controller
CVE-2007-6493 (The IMWeb.IMWebControl.1 ActiveX control in IMWeb.dll 7.0.0.x, and ...)
	NOT-FOR-US: iMesh
CVE-2007-6492 (The IMWeb.IMWebControl.1 ActiveX control in IMWeb.dll 7.0.0.x, and ...)
	NOT-FOR-US: iMesh
CVE-2007-6491 (Multiple SQL injection vulnerabilities in Kvaliitti WebDoc 3.0 CMS ...)
	NOT-FOR-US: Kvaliitti WebDoc CMS
CVE-2007-6490 (Cross-site request forgery (CSRF) vulnerability in Falcon Series One ...)
	NOT-FOR-US: Falcon Series One CMS
CVE-2007-6489 (Multiple cross-site scripting (XSS) vulnerabilities in Falcon Series ...)
	NOT-FOR-US: Falcon Series One CMS
CVE-2007-6488 (Multiple PHP remote file inclusion vulnerabilities in Falcon Series ...)
	NOT-FOR-US: Falcon Series One CMS
CVE-2007-6487 (Unspecified vulnerability in Plain Black WebGUI 7.4.0 through 7.4.17 ...)
	NOT-FOR-US: Plain Black WebGUI
CVE-2007-6486 (Multiple cross-site scripting (XSS) vulnerabilities in shout.php (aka ...)
	NOT-FOR-US: LineShout
CVE-2007-6485 (Multiple PHP remote file inclusion vulnerabilities in Centreon 1.4.1 ...)
	NOT-FOR-US: Centreon
CVE-2007-6484 (SQL injection vulnerability in index.php in phpRPG 0.8 allows remote ...)
	NOT-FOR-US: phpRPG
CVE-2007-6483 (Directory traversal vulnerability in SafeNet Sentinel Protection ...)
	NOT-FOR-US: SafeNet Sentinel Protection and Keys Server
CVE-2007-6482 (Unspecified vulnerability in the Device Manager daemon (utdevmgrd) in ...)
	NOT-FOR-US: utdevmgrd in Sun Ray Server Software
CVE-2007-6481 (Unspecified vulnerability in the Device Manager daemon (utdevmgrd) in ...)
	NOT-FOR-US: utdevmgrd in Sun Ray Server Software
CVE-2007-6480 (The Oracle database component in Sun Management Center (Sun MC) 3.6.1, ...)
	NOT-FOR-US: Oracle database component in Sun Management Center
CVE-2007-6479 (Unrestricted file upload vulnerability in the &quot;My productions&quot; ...)
	NOT-FOR-US: Dokeos
CVE-2007-6478 (Stack-based buffer overflow in Rosoft Media Player 4.1.7, 4.1.8, and ...)
	NOT-FOR-US: Rosoft Media Player
CVE-2007-6477 (Cross-site scripting (XSS) vulnerability in the on-line help feature ...)
	NOT-FOR-US: Citrix Web Interface and NFuse
CVE-2007-6476 (GF-3XPLORER 2.4 allows remote attackers to obtain configuration ...)
	NOT-FOR-US: GF-3XPLORER
CVE-2007-6475 (Multiple directory traversal vulnerabilities in GF-3XPLORER 2.4 allow ...)
	NOT-FOR-US: GF-3XPLORER
CVE-2007-6474 (Multiple cross-site scripting (XSS) vulnerabilities in GF-3XPLORER 2.4 ...)
	NOT-FOR-US: GF-3XPLORER
CVE-2007-6473 (Heap-based buffer overflow in Texas Imperial Software WFTPD Pro ...)
	NOT-FOR-US: WFTPD Explorer Pro
CVE-2007-6472 (Multiple SQL injection vulnerabilities in phpMyRealty (PMR) 1.0.9 ...)
	NOT-FOR-US: phpMyRealty
CVE-2007-6471 (Incomplete blacklist vulnerability in main.php in phPay 2.02.01 on ...)
	NOT-FOR-US: phPay
CVE-2007-6470 (phpRPG 0.8 stores sensitive information under the web root with ...)
	NOT-FOR-US: phpRPG
CVE-2007-6469 (SQL injection vulnerability in index.php in phpRPG 0.8, when ...)
	NOT-FOR-US: phpRPG
CVE-2007-6468 (Buffer overflow in the HuffDecode function in ...)
	NOT-FOR-US: Hammer of Thyrion
CVE-2007-6467 (SQL injection vulnerability in index.php in MKPortal 1.1 RC1 allows ...)
	NOT-FOR-US: MKPortal
CVE-2007-6466 (Multiple SQL injection vulnerabilities in index.php in FreeWebshop ...)
	NOT-FOR-US: FreeWebshop
CVE-2007-6465 (Multiple cross-site scripting (XSS) vulnerabilities in ganglia-web in ...)
	- ganglia-monitor-core <not-affected> (ganglia web-frontend not included)
CVE-2007-6464 (Multiple PHP remote file inclusion vulnerabilities in Form tools ...)
	NOT-FOR-US: Form tools
CVE-2007-6463 (Multiple cross-site scripting (XSS) vulnerabilities in the admin panel ...)
	NOT-FOR-US: PHP Real Estate Classifieds
CVE-2007-6462 (SQL injection vulnerability in fullnews.php in PHP Real Estate ...)
	NOT-FOR-US: PHP Real Estate Classifieds
CVE-2007-6461 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...)
	- flyspray <removed>
CVE-2007-6460 (Multiple cross-site scripting (XSS) vulnerabilities in Anon Proxy ...)
	NOT-FOR-US: Anon Proxy Server
CVE-2007-6459 (Anon Proxy Server 0.100, and probably 0.101, allows remote attackers ...)
	NOT-FOR-US: Anon Proxy Server
CVE-2007-6458 (SQL injection vulnerability in shop/mainfile.php in 123tkShop 0.9.1 ...)
	NOT-FOR-US: 123tkShop
CVE-2007-6457 (Stack-based buffer overflow in the webmail feature in SurgeMail 38k4 ...)
	NOT-FOR-US: NetWin SurgeMail 38k4
CVE-2007-6456 (Unspecified vulnerability in OpenOffice.org code in Planamesa ...)
	NOT-FOR-US: Planamesa NeoOffice
	NOTE: referring to OpenOffice security team this is what is described in CVE-2007-4575 for OO
CVE-2007-6455 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...)
	NOT-FOR-US: Mambo
	NOTE: Mambo is in experimental
CVE-2007-6454 (Heap-based buffer overflow in the handshakeHTTP function in servhs.cpp ...)
	{DSA-1583-1 DSA-1441-1}
	- peercast 0.1218+svn20071220+2 (medium; bug #457300)
	- gnome-peercast 0.5.4-1.2 (medium; bug #466539)
CVE-2007-6453 (Directory traversal vulnerability in raidenhttpd-admin/workspace.php ...)
	NOT-FOR-US: RaidenHTTPD
CVE-2007-6452 (Unspecified vulnerability in the benchmark reporting system in Google ...)
	- gwt <itp> (bug #402841)
CVE-2007-6451 (Unspecified vulnerability in the CIP dissector in Wireshark (formerly ...)
	{DSA-1446-1 DTSA-104-1}
	- wireshark 0.99.7-1
	- ethereal <removed>
CVE-2007-6450 (The RPL dissector in Wireshark (formerly Ethereal) 0.9.8 to 0.99.6 ...)
	{DSA-1446-1 DTSA-104-1}
	- wireshark 0.99.7-1
	- ethereal <removed>
CVE-2007-6449
	REJECTED
CVE-2007-6448
	REJECTED
CVE-2007-6447
	REJECTED
CVE-2007-6446
	REJECTED
CVE-2007-6445
	REJECTED
CVE-2007-6444
	REJECTED
CVE-2007-6443
	REJECTED
CVE-2007-6442
	REJECTED
CVE-2007-6441 (The WiMAX dissector in Wireshark (formerly Ethereal) 0.99.6 allows ...)
	{DTSA-104-1}
	- wireshark 0.99.7-1
	[sarge] - ethereal <not-affected> (vulnerable code introduced in 0.99.6)
	[etch] - wireshark <not-affected> (vulnerable code introduced in 0.99.6)
CVE-2007-6440
	REJECTED
CVE-2007-6439 (Wireshark (formerly Ethereal) 0.99.6 allows remote attackers to cause ...)
	{DTSA-104-1}
	- wireshark 0.99.7-1
	[sarge] - ethereal <not-affected> (vulnerable code introduced in 0.99.6)
	[etch] - wireshark <not-affected> (vulnerable code introduced in 0.99.6)
CVE-2007-6438 (Unspecified vulnerability in the SMB dissector in Wireshark (formerly ...)
	{DTSA-104-1}
	- wireshark 0.99.7-1
	[sarge] - ethereal <not-affected> (vulnerable code introduced in 0.99.6)
	[etch] - wireshark <not-affected> (vulnerable code introduced in 0.99.6)
CVE-2007-6437 (Balabit syslog-ng 2.0.x before 2.0.6 and 2.1.x before 2.1.8 allows ...)
	{DSA-1464-1 DTSA-105-1}
	- syslog-ng 2.0.6-1 (low; bug #457334)
	[sarge] - syslog-ng <not-affected> (Vulnerable code not present)
CVE-2003-1538 (susehelp in SuSE Linux 8.1, Enterprise Server 8, Office Server, and ...)
	NOT-FOR-US: predating security tracker
CVE-2008-0030
	RESERVED
CVE-2008-0029 (Cisco Application Velocity System (AVS) before 5.1.0 is installed with ...)
	NOT-FOR-US: Cisco
CVE-2008-0028 (Unspecified vulnerability in Cisco PIX 500 Series Security Appliance ...)
	NOT-FOR-US: Cisco
CVE-2008-0027 (Heap-based buffer overflow in the Certificate Trust List (CTL) ...)
	NOT-FOR-US: Cisco
CVE-2008-0026 (SQL injection vulnerability in Cisco Unified ...)
	NOT-FOR-US: Cisco
CVE-2007-6436 (Stack-based buffer overflow in JSGCI.DLL in JustSystems Ichitaro 2005, ...)
	NOT-FOR-US: JustSystems
CVE-2007-6435 (Stack-based buffer overflow in Novell GroupWise before 6.5.7, when ...)
	NOT-FOR-US: Novell GroupWise
CVE-2007-6434 (Linux kernel 2.6.23 allows local users to create low pages in virtual ...)
	- linux-2.6 2.6.23-2
	[etch] - linux-2.6 <not-affected> (Only Linux 2.6.23 and above affected)
CVE-2007-6433 (The getRenderedEjbql method in the org.jboss.seam.framework.Query ...)
	- jbosseam <itp> (bug #451956)
CVE-2007-6432 (Stack-based buffer overflow in AldFs32.dll in Adobe PageMaker 7.0.1 ...)
	NOT-FOR-US: Adobe PageMaker
CVE-2007-6431 (Unspecified vulnerability in Adobe Flash Media Server 2 before 2.0.5, ...)
	NOT-FOR-US: Adobe Flash Media Server
CVE-2007-6430 (Asterisk Open Source 1.2.x before 1.2.26 and 1.4.x before 1.4.16, and ...)
	{DSA-1525-1}
	- asterisk 1:1.4.16.2~dfsg-1 (low; bug #457063)
	[etch] - asterisk <no-dsa> (Minor issue, eventually fix in a later DSA)
	[sarge] - asterisk <not-affected> (Vulnerable code not present)
CVE-2007-6429 (Multiple integer overflows in X.Org Xserver before 1.4.1 allow ...)
	{DSA-1466-2 DTSA-110-1}
	- xorg-server 2:1.4.1~git20080105-2
CVE-2007-6428 (The ProcGetReservedColormapEntries function in the TOG-CUP extension ...)
	{DSA-1466-2 DTSA-110-1}
	- xorg-server 2:1.4.1~git20080105-2
CVE-2007-6427 (The XInput extension in X.Org Xserver before 1.4.1 allows ...)
	{DSA-1466-2 DTSA-110-1}
	- xorg-server 2:1.4.1~git20080105-2
CVE-2007-6426 (Multiple heap-based buffer overflows in EMC RepliStor 6.2 SP2, and ...)
	NOT-FOR-US: EMC RepliStor
CVE-2007-6425 (Unspecified vulnerability in HP-UX B.11.31, when running ARPA ...)
	NOT-FOR-US: HP-UX
CVE-2007-6424 (registry.pl in Fonality Trixbox 2.0 PBX products, when running in ...)
	NOT-FOR-US: Fonality Trixbox
CVE-2007-6423 (** DISPUTED ** ...)
	- apache2 <not-affected> (disputed / only for Windows)
CVE-2007-6422 (The balancer_handler function in mod_proxy_balancer in the Apache HTTP ...)
	- apache2 2.2.8-1 (low)
	[sarge] - apache2 <not-affected> (vulnerable code introduced in 2.2)
	[etch] - apache2 2.2.3-4+etch4 (low)
CVE-2007-6421 (Cross-site scripting (XSS) vulnerability in balancer-manager in ...)
	- apache2 2.2.8-1 (low)
	[sarge] - apache2 <not-affected> (vulnerable code introduced in 2.2)
	[etch] - apache2 2.2.3-4+etch4 (low)
CVE-2007-6420 (Cross-site request forgery (CSRF) vulnerability in the ...)
	- apache2 2.2.9-1 (low)
	[etch] - apache2 <no-dsa> (minor issue)
	[sarge] - apache2 <not-affected> (vulnerable code introduced in 2.2)
	NOTE: Won't be fixed in etch.
CVE-2007-6419 (Unspecified vulnerability in rpc.yppasswdd in HP HP-UX B.11.11, ...)
	NOT-FOR-US: HP-UX
CVE-2007-6417 (The shmem_getpage function (mm/shmem.c) in Linux kernel 2.6.11 through ...)
	{DSA-1436-1}
	- linux-2.6 2.6.23-2
CVE-2007-6416 (The copy_to_user function in the PAL emulation functionality for Xen ...)
	- xen-unstable <not-affected> (We only have xen for i386 and amd64)
	- xen-3 <not-affected> (We only have xen for i386 and amd64)
	- xen-3.0 <not-affected> (We only have xen for i386 and amd64)
CVE-2007-6415 (scponly 4.6 and earlier allows remote authenticated users to bypass ...)
	{DSA-1473-1}
	- scponly 4.6-1.2 (high)
CVE-2007-6414 (admin/administrator.php in Adult Script 1.6 and earlier sends a ...)
	NOT-FOR-US: Adult ScriptAdult Script
CVE-2007-6413 (Sun Solaris 10 with the 120011-04 and 120012-04 patches, and later ...)
	NOT-FOR-US: Sun Solaris
CVE-2007-6412 (Direct static code injection vulnerability in wiki/index.php in ...)
	NOT-FOR-US: Bitweaver
CVE-2007-6411 (Multiple buffer overflows in the HandleEmotsConfig function in the GG ...)
	NOT-FOR-US: Gadu-Gadu client
CVE-2007-6410 (Gadu-Gadu does not properly perform protocol handling, which allows ...)
	NOT-FOR-US: Gadu-Gadu client
CVE-2007-6409 (The gg protocol handler in Gadu-Gadu, when this product is installed ...)
	NOT-FOR-US: Gadu-Gadu client
CVE-2007-6408 (IBM Tivoli Provisioning Manager Express provides unspecified ...)
	NOT-FOR-US: IBM Tivoli Provisioning Manager Express
CVE-2007-6407 (Multiple cross-site scripting (XSS) vulnerabilities in IBM Tivoli ...)
	NOT-FOR-US: IBM Tivoli Provisioning Manager Express
CVE-2007-6406 (Multiple cross-site scripting (XSS) vulnerabilities in CA (formerly ...)
	NOT-FOR-US: CA eTrust Threat Management Console
CVE-2007-6405 (Sergey Lyubka Simple HTTPD (shttpd) 1.38 and earlier on Windows allows ...)
	NOT-FOR-US: Simple HTTPD
CVE-2007-6404 (Directory traversal vulnerability in Sergey Lyubka Simple HTTPD ...)
	NOT-FOR-US: Simple HTTPD
CVE-2007-6403 (Stack-based buffer overflow in Nullsoft Winamp 5.32 allows ...)
	NOT-FOR-US: Winamp
CVE-2007-6402 (Stack-based buffer overflow in mplayerc.exe in Media Player Classic ...)
	NOT-FOR-US: Media Player Classic
CVE-2007-6401 (Stack-based buffer overflow in mplayer2.exe in Microsoft Windows Media ...)
	NOT-FOR-US: Microsoft Windows Media Player
CVE-2007-6400 (Directory traversal vulnerability in download_file.php in PolDoc CMS ...)
	NOT-FOR-US: PolDoc CMS
CVE-2007-6399 (index.php in Flat PHP Board 1.2 and earlier allows remote ...)
	NOT-FOR-US: Flat PHP Board
CVE-2007-6398 (Flat PHP Board 1.2 and earlier allows remote attackers to bypass ...)
	NOT-FOR-US: Flat PHP Board
CVE-2007-6397 (Multiple directory traversal vulnerabilities in index.php in Flat PHP ...)
	NOT-FOR-US: Flat PHP Board
CVE-2007-6396 (Direct static code injection vulnerability in index.php in Flat PHP ...)
	NOT-FOR-US: Flat PHP Board
CVE-2007-6395 (Flat PHP Board 1.2 and earlier stores sensitive information under the ...)
	NOT-FOR-US: Flat PHP Board
CVE-2007-6394 (SQL injection vulnerability in index.php in Content Injector 1.53 ...)
	NOT-FOR-US: Content Injector
CVE-2007-6393 (SQL injection vulnerability in albums.php in Ace Image Hosting Script ...)
	NOT-FOR-US: Ace Image Hosting Script
CVE-2007-6392 (SQL injection vulnerability in DWdirectory 2.1 and earlier allows ...)
	NOT-FOR-US: DWdirectory
CVE-2007-6391 (SQL injection vulnerability in patch/comments.php in SH-News 3.0 ...)
	NOT-FOR-US: SH-News
CVE-2007-6390 (Cross-site request forgery (CSRF) vulnerability in the mycalendar ...)
	- serendipity <not-affected> (This is an external plugin not included in our packages)
CVE-2007-6389 (The notify feature in GNOME screensaver (gnome-screensaver) 2.20.0 ...)
	- gnome-screensaver 2.22.0-1 (low; bug #455484)
	[etch] - gnome-screensaver <no-dsa> (Minor issue)
CVE-2007-6388 (Cross-site scripting (XSS) vulnerability in mod_status in the Apache ...)
	- apache <removed> (low)
	- apache2 2.2.8-1 (low)
	[etch] - apache2 2.2.3-4+etch6
	[etch] - apache 1.3.34-4.1+etch1
CVE-2007-6358 (pdftops.pl before 1.20 in alternate pdftops filter allows local users ...)
	{DSA-1437-1}
	- cups 1.3.5-1 (low; bug #456960)
	- cupsys 1.3.5-1 (low; bug #456960)
	[sarge] - cupsys <no-dsa> (Minor issue)
	NOTE: the debian package is a bit confusing here as it also ships a pdftops
	NOTE: wrapper script as an example but the original script is installed
	NOTE: under /usr/lib/cups/filters
CVE-2007-6356 (exiftags before 1.01 allows attackers to cause a denial of service ...)
	{DSA-1533-2 DSA-1533-1}
	- exiftags 1.01-0.1 (low; bug #457062)
CVE-2007-6355 (Integer overflow in exiftags before 1.01 has unknown impact and attack ...)
	{DSA-1533-2 DSA-1533-1}
	- exiftags 1.01-0.1 (bug #457062)
CVE-2007-6354 (Unspecified vulnerability in exiftags before 1.01 has unknown impact ...)
	{DSA-1533-2 DSA-1533-1}
	- exiftags 1.01-0.1 (bug #457062)
CVE-2007-6352 (Integer overflow in libexif 0.6.16 and earlier allows ...)
	{DSA-1487-1}
	- libexif 0.6.16-2.1 (medium; bug #457330)
CVE-2007-6351 (libexif 0.6.16 and earlier allows context-dependent attackers to cause ...)
	{DSA-1487-1}
	- libexif 0.6.16-2.1 (low; bug #457330)
CVE-2007-6349 (P4Webs.exe in Perforce P4Web 2006.2 and earlier, when running on ...)
	NOT-FOR-US: P4Web
CVE-2007-6418 (The libdspam7-drv-mysql cron job in Debian GNU/Linux includes the ...)
	{DSA-1501-1}
	- dspam 3.6.8-5.1 (low; bug #448519)
CVE-2008-0025
	RESERVED
CVE-2008-0024
	RESERVED
CVE-2008-0023
	RESERVED
CVE-2008-0022
	RESERVED
CVE-2008-0021
	RESERVED
CVE-2008-0020
	RESERVED
CVE-2008-0019
	RESERVED
CVE-2008-0018
	RESERVED
CVE-2008-0017 (The http-index-format MIME type parser (nsDirIndexParser) in Firefox ...)
	{DSA-1697-1 DSA-1671-1 DSA-1669-1}
	- iceweasel 3.0.4-1
	- xulrunner 1.9.0.4-1
	- iceape 1.1.13-1
CVE-2008-0016 (Stack-based buffer overflow in the URL parsing implementation in ...)
	{DSA-1697-1 DSA-1696-1 DSA-1669-1 DSA-1649-1}
	NOTE: Iceweasel 3.0 aka Xulrunner 1.9 not affected
	- xulrunner 1.9
	- iceweasel 3.0
	- iceape 1.1.12-1
	- icedove 2.0.0.17-1
CVE-2008-0015
	RESERVED
CVE-2008-0014 (Heap-based buffer overflow in an unspecified procedure in Trend Micro ...)
	NOT-FOR-US: Trend Micro
CVE-2008-0013 (Heap-based buffer overflow in an unspecified procedure in Trend Micro ...)
	NOT-FOR-US: Trend Micro
CVE-2008-0012 (Heap-based buffer overflow in an unspecified procedure in Trend Micro ...)
	NOT-FOR-US: Trend Micro
CVE-2008-0011 (Microsoft DirectX 8.1 through 9.0c, and DirectX on Microsoft XP SP2 ...)
	NOT-FOR-US: Microsoft DirectX
CVE-2007-6387 (Multiple stack-based buffer overflows in the awApi4.AnswerWorks.1 ...)
	NOT-FOR-US: Vantage Linguistics AnswerWorks ActiveX
CVE-2007-6386 (Stack-based buffer overflow in PccScan.dll before build 1451 in Trend ...)
	NOT-FOR-US: Trend Micro AntiVirus
CVE-2007-6385 (The proxy server in Kerio WinRoute Firewall before 6.4.1 does not ...)
	NOT-FOR-US: Kerio WinRoute Firewall
CVE-2007-6384 (Unspecified vulnerability in the Image Converter functionality in BEA ...)
	NOT-FOR-US: BEA WebLogic Mobility Server
CVE-2007-6383 (The DAV component in Chandler Server (Cosmo) before 0.10.1 does not ...)
	NOT-FOR-US: Chandler
CVE-2007-6382 (The Event Dispatch Thread in Robocode before 1.5.1 allows remote ...)
	NOT-FOR-US: Robocode
CVE-2007-6381 (SQL injection vulnerability in the indexed_search system extension in ...)
	{DSA-1439-1}
	- typo3-src 4.1.5-1 (low; bug #457446)
	NOTE: you need to be a logged in backend user to exploit this
CVE-2007-6380 (Multiple SQL injection vulnerabilities in e-Xoops (exoops) 1.08, and ...)
	NOT-FOR-US: e-Xoops
CVE-2007-6379 (BadBlue 2.72b and earlier allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: BadBlue
CVE-2007-6378 (Directory traversal vulnerability in upload.dll in BadBlue 2.72b and ...)
	NOT-FOR-US: BadBlue
CVE-2007-6377 (Stack-based buffer overflow in the PassThru functionality in ext.dll ...)
	NOT-FOR-US: BadBlue
CVE-2007-6376 (Directory traversal vulnerability in autohtml.php in Francisco Burzi ...)
	NOT-FOR-US: PHP-Nuke
CVE-2007-6375 (Multiple SQL injection vulnerabilities in Bitweaver 2.0.0 and earlier ...)
	NOT-FOR-US: Bitweaver
CVE-2007-6374 (Multiple cross-site scripting (XSS) vulnerabilities in Bitweaver 2.0.0 ...)
	NOT-FOR-US: Bitweaver
CVE-2007-6373 (Multiple SQL injection vulnerabilities in GestDown 1.00 Beta allow ...)
	NOT-FOR-US: GestDown
CVE-2007-6372 (Unspecified vulnerability in Juniper JUNOS 7.3 through 8.4 allows ...)
	NOT-FOR-US: JUNOS
CVE-2007-6371 (Nokia N95 cell phone with RM-159 12.0.013 firmware allows remote ...)
	NOT-FOR-US: Nokia N95
CVE-2007-6370
	REJECTED
CVE-2007-6369 (Multiple directory traversal vulnerabilities in resize.php in the ...)
	NOT-FOR-US: PictPress
CVE-2007-6368 (Directory traversal vulnerability in index.php in ezContents 1.4.5 ...)
	NOT-FOR-US: ezContents
CVE-2007-6367 (Multiple cross-site scripting (XSS) vulnerabilities in the guestbook ...)
	NOT-FOR-US: SineCMS
CVE-2007-6366 (Multiple SQL injection vulnerabilities in SineCMS 2.3.4 and earlier ...)
	NOT-FOR-US: SineCMS
CVE-2007-6365 (Cross-site scripting (XSS) vulnerability in modules/ecal/display.php ...)
	NOT-FOR-US: bcoos
CVE-2007-6364 (Cross-site scripting (XSS) vulnerability in modificarPerfil.php in ...)
	NOT-FOR-US: JLMForo System
CVE-2007-6363 (IBM Tivoli Netcool Security Manager 1.3.0 before Interim Fix 1, when ...)
	NOT-FOR-US: IBM Tivoli Netcool Security Manager
CVE-2007-6362 (SQL injection vulnerability in index.php in the RSGallery ...)
	NOT-FOR-US: RSGallery
CVE-2007-6361 (Gekko 0.8.2 and earlier stores sensitive information under the web ...)
	NOT-FOR-US: Gekko
CVE-2007-6360 (Unspecified vulnerability in the Sun eXtended System Control Facility ...)
	NOT-FOR-US: Sun eXtended System Control Facility
CVE-2007-6359 (The cs_validate_page function in bsd/kern/ubc_subr.c in the xnu kernel ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2007-6357 (Stack-based buffer overflow in Microsoft Office Access allows remote, ...)
	NOT-FOR-US: Microsoft Office Access
CVE-2007-6353 (Integer overflow in exif.cpp in exiv2 library allows context-dependent ...)
	{DSA-1474-1}
	- exiv2 0.15-2 (medium; bug #456760)
CVE-2007-6350 (scponly 4.6 and earlier allows remote authenticated users to bypass ...)
	{DSA-1473-1}
	- scponly 4.6-1.1 (high; bug #437148)
CVE-2007-6348 (SquirrelMail 1.4.11 and 1.4.12, as distributed on sourceforge.net ...)
	- squirrelmail <not-affected> (Compromised packages were never in Debian)
CVE-2007-6347 (PHP remote file inclusion vulnerability in blocks/block_site_map.php ...)
	NOT-FOR-US: ViArt, CMS, HelpDesk, Shop Evaluation, Shop Free
CVE-2007-6346 (Cross-site scripting (XSS) vulnerability in Rainboard before 2.10 ...)
	NOT-FOR-US: Rainboard
CVE-2007-6345 (SQL injection vulnerability in aurora framework before 20071208 allows ...)
	NOT-FOR-US: aurora
CVE-2007-6344 (Directory traversal vulnerability in modules/cms/index.php in Mcms ...)
	NOT-FOR-US: Mcms Easy Web Make
CVE-2007-6343 (Cross-site scripting (XSS) vulnerability in HP OpenView Network Node ...)
	NOT-FOR-US: HP OpenView Network Node Manager
CVE-2007-6342 (SQL injection vulnerability in the David Castro AuthCAS module ...)
	NOT-FOR-US: Apache AuthCAS module
CVE-2007-6341 (Net/DNS/RR/A.pm in Net::DNS 0.60 build 654, as used in packages such ...)
	{DSA-1515-1}
	- libnet-dns-perl 0.63-1 (low; bug #457445)
	NOTE: maybe this should be unimportant as applications using net-dns should handle this croak
CVE-2007-6340 (Geert Moernaut LSrunasE 1.0 and Supercrypt 1.0 use the RC4 stream ...)
	NOT-FOR-US: Geert Moernaut LSrunasE and Supercrypt
CVE-2007-6339 (The Akamai Download Manager (aka DLM or dlmanager) ActiveX control ...)
	NOT-FOR-US: Akamai Download Manager
CVE-2007-6338 (SQL injection vulnerability in userlogin.jsp in Trivantis CourseMill ...)
	NOT-FOR-US: Trivantis CourseMill Enterprise Learning Management System
CVE-2007-6337 (Unspecified vulnerability in the bzip2 decompression algorithm in ...)
	{DTSA-101-1}
	- clamav 0.92~dfsg-1~volatile2
	[sarge] - clamav <not-affected> (Vulnerable code not present)
	[etch] - clamav <not-affected> (Vulnerable code not present)
CVE-2007-6336 (Off-by-one error in ClamAV before 0.92 allows remote attackers to ...)
	{DSA-1435-1 DTSA-101-1}
	- clamav 0.92~dfsg-1~volatile2
	[sarge] - clamav <not-affected> (Vulnerable code not present)
CVE-2007-6335 (Integer overflow in libclamav in ClamAV before 0.92 allows remote ...)
	{DSA-1435-1 DTSA-101-1}
	- clamav 0.92~dfsg-1~volatile2
	[sarge] - clamav <not-affected> (Vulnerable code not present)
CVE-2007-6334 (Ingres 2.5 and 2.6 on Windows, as used in multiple CA products and ...)
	NOT-FOR-US: Ingres on Windows
CVE-2007-6333 (The HPInfoDLL.HPInfo.1 ActiveX control in HPInfoDLL.dll 1.0, as ...)
	NOT-FOR-US: HP Info Center / HP Quick Launch Buttons
CVE-2007-6332 (The HPInfoDLL.HPInfo.1 ActiveX control in HPInfoDLL.dll 1.0, as ...)
	NOT-FOR-US: HP Info Center HP Quick Launch Buttons
CVE-2007-6331 (Absolute path traversal vulnerability in the HPInfoDLL.HPInfo.1 ...)
	NOT-FOR-US: HP Info Center / HP Quick Launch Buttons
CVE-2007-6330 (Meridian Prolog Manager 2007, and 7.5 and earlier, sends all usernames ...)
	NOT-FOR-US: Meridian Prolog Manager
CVE-2007-6329 (Microsoft Office 2007 12.0.6015.5000 and MSO 12.0.6017.5000 do not ...)
	NOT-FOR-US: Microsoft Office
CVE-2007-6328 (** DISPUTED ** ...)
	- dosbox 0.72-1 (unimportant; bug #458950)
	NOTE: this is not a security issue, its a feature of dosbox and the first
	NOTE: thing documented in the manpage
CVE-2007-6327 (Buffer overflow in a certain ActiveX control in Online Media ...)
	NOT-FOR-US: Online Media Technologies
CVE-2007-6326 (Sergey Lyubka Simple HTTPD (shttpd) 1.3 on Windows allows remote ...)
	NOT-FOR-US: Simple HTTPD
CVE-2007-6325 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: Fastpublish
CVE-2007-6324 (PHP remote file inclusion vulnerability in head.php in CityWriter ...)
	NOT-FOR-US: CityWriter
CVE-2007-6323 (Multiple directory traversal vulnerabilities in MMS Gallery PHP 1.0 ...)
	NOT-FOR-US: MMS Gallery PHP
CVE-2007-6322 (Directory traversal vulnerability in filedownload.php in xml2owl 0.1.1 ...)
	NOT-FOR-US: xml2owl
CVE-2007-6320 (Feature 4.7.x-dev and 5.x-dev before 20071206, a Drupal module, does ...)
	NOT-FOR-US: Feature (third party drupal module)
CVE-2007-6319 (Multiple unspecified vulnerabilities in Lyris ListManager 8.x before ...)
	NOT-FOR-US: Lyris ListManager
CVE-2007-6318 (SQL injection vulnerability in wp-includes/query.php in WordPress ...)
	- wordpress 2.3.2-1 (low; bug #459305)
	[etch] - wordpress <not-affected> (Vulnerable code not present)
	NOTE: Patch: https://bugs.edge.launchpad.net/ubuntu/+source/wordpress/+bug/181416
CVE-2007-6317 (Multiple directory traversal vulnerabilities in BarracudaDrive Web ...)
	NOT-FOR-US: BarracudaDrive
CVE-2007-6316 (Cross-site scripting (XSS) vulnerability in BarracudaDrive Web Server ...)
	NOT-FOR-US: BarracudaDrive
CVE-2007-6315 (Group Chat in BarracudaDrive Web Server before 3.8 allows remote ...)
	NOT-FOR-US: BarracudaDrive
CVE-2007-6314 (BarracudaDrive Web Server before 3.8 allows remote attackers to read ...)
	NOT-FOR-US: BarracudaDrive
CVE-2007-6313 (MySQL Server 5.1.x before 5.1.23 and 6.0.x before 6.0.4 does not check ...)
	- mysql-dfsg-5.0 <not-affected> (this only affects >= 5.1.x, update for experimental is on its way)
	- mysql-dfsg-4.1 <removed>
CVE-2007-6312 (Cross-site scripting (XSS) vulnerability in the logon page in Web ...)
	NOT-FOR-US: Web Security Suite
CVE-2007-6311 (SQL injection vulnerability in (1) index.php, and possibly (2) ...)
	NOT-FOR-US: Falt4Extreme
CVE-2007-6310 (Multiple cross-site scripting (XSS) vulnerabilities in Falt4Extreme ...)
	NOT-FOR-US: Falt4Extreme
CVE-2007-6309 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...)
	NOT-FOR-US: webSPELL
CVE-2007-6308 (Cross-site scripting (XSS) vulnerability in HttpLogger 0.8.1 allows ...)
	NOT-FOR-US: HttpLogger
CVE-2007-6307 (Multiple cross-site scripting (XSS) vulnerabilities in clickstats.php ...)
	NOT-FOR-US: wwwstats
CVE-2007-6306 (Multiple cross-site scripting (XSS) vulnerabilities in the image map ...)
	- libjfreechart-java 1.0.9-1 (low; bug #456148)
	[sarge] - libjfreechart-java <no-dsa> (Contrib not supported)
CVE-2007-6305 (Multiple unspecified vulnerabilities in IBM Hardware Management ...)
	NOT-FOR-US: IBM Hardware Management Console
CVE-2007-6302 (Multiple heap-based buffer overflows in avirus.exe in Novell NetMail ...)
	NOT-FOR-US: Novell NetMail
CVE-2007-6301 (Cross-site scripting (XSS) vulnerability in compose.php in ...)
	NOT-FOR-US: OpenNewsletter
CVE-2007-6300 (Cross-site request forgery (CSRF) vulnerability in Fusion News 3.9.0 ...)
	NOT-FOR-US: Fusion News
CVE-2007-6298 (Cross-site scripting (XSS) vulnerability in the Shoutbox module for ...)
	NOT-FOR-US: shoutbox (third party module for Drupal)
CVE-2007-6297 (Multiple cross-site scripting (XSS) vulnerabilities in PHPMyChat ...)
	NOT-FOR-US: PHPMyChat
CVE-2007-6296 (PHP remote file inclusion vulnerability in users_popupL.php3 in ...)
	NOT-FOR-US: PHPMyChat
CVE-2007-6295 (Cross-site scripting (XSS) vulnerability in the WebRunMenuFrame page ...)
	NOT-FOR-US: IBM Lotus Sametime
CVE-2007-6294 (Multiple unspecified vulnerabilities in IBM Hardware Management ...)
	NOT-FOR-US: IBM Hardware Management Console
CVE-2007-6293 (Multiple unspecified vulnerabilities in IBM Hardware Management ...)
	NOT-FOR-US: IBM Hardware Management Console
CVE-2007-6292 (SQL injection vulnerability in leggi_commenti.asp in MWOpen 1.4 and ...)
	NOT-FOR-US: MWOpen
CVE-2007-6291 (SQL injection vulnerability in abm.aspx in Xigla Absolute Banner ...)
	NOT-FOR-US: Xigla Absolute Banner Manager .NET
CVE-2007-6290 (Multiple directory traversal vulnerabilities in js/get_js.php in ...)
	NOT-FOR-US: SERWeb
CVE-2007-6289 (Multiple PHP remote file inclusion vulnerabilities in SerWeb 2.0.0 ...)
	NOT-FOR-US: SERWeb
CVE-2007-6288 (Multiple SQL injection vulnerabilities in TCExam before 5.1.000 allow ...)
	NOT-FOR-US: TCExam
CVE-2007-6287 (Cross-site scripting (XSS) vulnerability in the login page in Lxlabs ...)
	NOT-FOR-US: HyperVM
CVE-2007-6286 (Apache Tomcat 5.5.11 through 5.5.25 and 6.0.0 through 6.0.15, when the ...)
	- tomcat5.5 <not-affected> (Does not use apr connector)
	- tomcat5 <removed>
CVE-2007-6285 (The default configuration for autofs 5 (autofs5) in some Linux ...)
	- autofs <not-affected> (-hosts feature not present, auto.net has nosuid,nodev)
	- autofs5 5.0.3-1
	NOTE: for autofs5 see 12disable_default_auto_master.dpatch
CVE-2007-6284 (The xmlCurrentChar function in libxml2 before 2.6.31 allows ...)
	{DSA-1461-1}
	- libxml2 2.6.30.dfsg-3.1 (medium; bug #460292)
	- libxml 1.8.17-14.1 (medium)
CVE-2007-6283 (Red Hat Enterprise Linux 5 and Fedora install the Bind /etc/rndc.key ...)
	- bind9 <not-affected> (On Debian this file is rw for user bind and just readable for group bind)
CVE-2007-6282 (The IPsec implementation in Linux kernel before 2.6.25 allows remote ...)
	{DSA-1630-1}
	- linux-2.6 2.6.25-1
	- linux-2.6.24 2.6.24-6~etchnhalf.4
	NOTE: Upstream commit 920fc941a9617f95ccb283037fe6f8a38d95bb69 
CVE-2007-6281 (Heap-based buffer overflow in Open File Manager service (ofmnt.exe) in ...)
	NOT-FOR-US: St. Bernard Open File Manager
CVE-2007-6304 (The federated engine in MySQL 5.0.x before 5.0.51a, 5.1.x before ...)
	{DSA-1451-1}
	- mysql-dfsg-5.0 5.0.45-5 (low; bug #455737)
	- mysql-dfsg-4.1 <removed>
CVE-2007-6303 (MySQL 5.0.x before 5.0.51a, 5.1.x before 5.1.23, and 6.0.x before 6.0.4 ...)
	- mysql-dfsg-5.0 5.0.45-5 (low; bug #455737)
	- mysql-dfsg-4.1 <removed>
	[etch] - mysql-dfsg-5.0 <not-affected> (Vulnerable code introduced after 5.0.32)
CVE-2007-6299 (Multiple SQL injection vulnerabilities in Drupal and vbDrupal 4.7.x ...)
	- drupal5 5.5-1
	- drupal 4.7.10-1
CVE-2007-6321 (Cross-site scripting (XSS) vulnerability in RoundCube webmail 0.1rc2, ...)
	- roundcube 0.1~rc2-6 (low; bug #455840)
	NOTE: http://seclists.org/bugtraq/2007/Dec/0107.html
CVE-2007-6280
	RESERVED
CVE-2007-6279 (Multiple double free vulnerabilities in Free Lossless Audio Codec ...)
	- flac 1.2.1-1 (unimportant)
	NOTE: According to upstream this issue is not exploitable for code injection
	NOTE: due to the layout of the seektable memory
CVE-2007-6278 (Free Lossless Audio Codec (FLAC) libFLAC before 1.2.1 allows ...)
	- flac 1.2.1-1 (unimportant)
	NOTE: Such validations are within the responsibility of the respective applications
CVE-2007-6277 (Multiple buffer overflows in Free Lossless Audio Codec (FLAC) libFLAC ...)
	{DSA-1469-1}
	- flac 1.2.1-1
CVE-2007-6276 (The accept_connections function in the virtual private network daemon ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2007-6275 (SQL injection vulnerability in modules/adresses/ratefile.php in bcoos ...)
	NOT-FOR-US: bcoos
CVE-2007-6274 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
	NOT-FOR-US: bcoos
CVE-2007-6273 (Multiple format string vulnerabilities in the configuration file in ...)
	NOT-FOR-US: SonicWALL GLobal VPN Client
CVE-2007-6272 (Multiple SQL injection vulnerabilities in index.php in Joomla! 1.5 RC3 ...)
	NOT-FOR-US: Joomla
CVE-2007-6271 (Absolute News Manager.NET 5.1 allows remote attackers to obtain ...)
	NOT-FOR-US: Absolute News Manager.NET
CVE-2007-6270 (Multiple cross-site scripting (XSS) vulnerabilities in Absolute News ...)
	NOT-FOR-US: Absolute News Manager.NET
CVE-2007-6269 (Multiple SQL injection vulnerabilities in xlaabsolutenm.aspx in ...)
	NOT-FOR-US: Absolute News Manager.NET
CVE-2007-6268 (Directory traversal vulnerability in pages/default.aspx in Absolute ...)
	NOT-FOR-US: Absolute News Manager.NET
CVE-2007-6267 (Citrix EdgeSight 4.2 and 4.5 for Presentation Server, EdgeSight 4.2 ...)
	NOT-FOR-US: Citrix EdgeSight
CVE-2007-6266 (Multiple SQL injection vulnerabilities in bcoos 1.0.10 and earlier ...)
	NOT-FOR-US: bcoos
CVE-2007-6265 (Unspecified vulnerability in avast! 4 Home and Professional Editions ...)
	NOT-FOR-US: avast!
CVE-2007-6264
	RESERVED
CVE-2007-6263 (The dataconn function in ftpd.c in netkit ftpd (netkit-ftpd) 0.17, ...)
	- linux-ftpd-ssl 0.17.18+0.3-9.1 (low; bug #454733)
	[sarge] - linux-ftpd-ssl <no-dsa> (Minor issue)
	[etch] - linux-ftpd-ssl <no-dsa> (Minor issue)
CVE-2007-6262 (A certain ActiveX control in axvlc.dll in VideoLAN VLC 0.8.6 before ...)
	- vlc <not-affected> (Windows only issue)
CVE-2007-6261 (Integer overflow in the load_threadstack function in the Mach-O loader ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2007-6260 (The installation process for Oracle 10g and llg uses accounts with ...)
	NOT-FOR-US: Oracle
CVE-2004-2758 (Multiple unspecified vulnerabilities in the H.323 protocol ...)
	NOT-FOR-US: Sun SunForum
CVE-2007-6259
	RESERVED
CVE-2007-6258 (Multiple stack-based buffer overflows in the legacy mod_jk2 2.0.3-DEV ...)
	- libapache2-mod-jk2 2.0.4-1
CVE-2007-6257
	RESERVED
CVE-2007-6256
	RESERVED
CVE-2007-6255 (Buffer overflow in the Microsoft HeartbeatCtl ActiveX control in ...)
	NOT-FOR-US: Microsoft HRTBEAT.OCX
CVE-2007-6254 (Stack-based buffer overflow in the SAP Business Objects ...)
	NOT-FOR-US: SAP
CVE-2007-6253 (Multiple buffer overflows in Adobe Form Designer 5.0 and Form Client ...)
	NOT-FOR-US: Adobe Form Designer
CVE-2007-6252 (Multiple stack-based buffer overflows in the Learn2 Corporation ...)
	NOT-FOR-US: Street Technologies
CVE-2007-6251
	RESERVED
CVE-2007-6250 (Stack-based buffer overflow in AOL AOLMediaPlaybackControl ...)
	NOT-FOR-US: AmpX ActiveX control
CVE-2007-6249 (etc-update in Portage before 2.1.3.11 on Gentoo Linux relies on the ...)
	NOT-FOR-US: Gentoo portage
CVE-2007-6248
	RESERVED
CVE-2007-6247
	RESERVED
CVE-2007-6246 (Adobe Flash Player 9.x up to 9.0.48.0, 8.x up to 8.0.35.0, and 7.x up ...)
	- flashplugin-nonfree 9.0.115.0.1
	[sarge] - flashplugin-nonfree <no-dsa> (Contrib not supported)
	[etch] - flashplugin-nonfree <no-dsa> (Contrib not supported)
CVE-2007-6245 (Adobe Flash Player 9.x up to 9.0.48.0, 8.x up to 8.0.35.0, and 7.x up ...)
	- flashplugin-nonfree 9.0.115.0.1
	[sarge] - flashplugin-nonfree <no-dsa> (Contrib not supported)
	[etch] - flashplugin-nonfree <no-dsa> (Contrib not supported)
CVE-2007-6244 (Multiple cross-site scripting (XSS) vulnerabilities in Adobe Flash ...)
	- flashplugin-nonfree 9.0.115.0.1
	[sarge] - flashplugin-nonfree <no-dsa> (Contrib not supported)
	[etch] - flashplugin-nonfree <no-dsa> (Contrib not supported)
CVE-2007-6243 (Adobe Flash Player 9.x up to 9.0.48.0, 8.x up to 8.0.35.0, and 7.x up ...)
	- flashplugin-nonfree 9.0.115.0.1
	[sarge] - flashplugin-nonfree <no-dsa> (Contrib not supported)
	[etch] - flashplugin-nonfree <no-dsa> (Contrib not supported)
CVE-2007-6242 (Unspecified vulnerability in Adobe Flash Player 9.0.48.0 and earlier ...)
	- flashplugin-nonfree 9.0.115.0.1
	[sarge] - flashplugin-nonfree <no-dsa> (Contrib not supported)
	[etch] - flashplugin-nonfree <no-dsa> (Contrib not supported)
CVE-2007-6241 (Multiple unspecified vulnerabilities in Beehive Forum 0.7.1 have ...)
	NOT-FOR-US: Beehive Forum
CVE-2007-6240 (SQL injection vulnerability in active.asp in Snitz Forums 2000 3.4.06 ...)
	NOT-FOR-US: Snitz Forums
CVE-2007-6239 (The &quot;cache update reply processing&quot; functionality in Squid 2.x before ...)
	{DSA-1646-2 DSA-1482-1}
	- squid 2.6.17-1 (medium; bug #455910)
CVE-2007-6238 (Unspecified vulnerability in Apple QuickTime 7.2 on Windows XP allows ...)
	NOT-FOR-US: Apple QuickTime
CVE-2007-6237 (cp.php in DeluxeBB 1.09 does not verify that the membercookie ...)
	NOT-FOR-US: DeluxeBB
CVE-2007-6236 (Microsoft Windows Media Player (WMP) allows remote attackers to cause ...)
	NOT-FOR-US: Microsoft Windows Media Player
CVE-2007-6235 (A certain ActiveX control in RealNetworks RealPlayer 11 allows remote ...)
	NOT-FOR-US: RealNetworks RealPlayer 11
CVE-2007-6234 (index.php in FTP Admin 0.1.0 allows remote attackers to bypass ...)
	NOT-FOR-US: FTP Admin 0.1.0
CVE-2007-6233 (Directory traversal vulnerability in index.php in FTP Admin 0.1.0 ...)
	NOT-FOR-US: FTP Admin 0.1.0
CVE-2007-6232 (Cross-site scripting (XSS) vulnerability in index.php in FTP Admin ...)
	NOT-FOR-US: FTP Admin 0.1.0
CVE-2007-6231 (Multiple PHP remote file inclusion vulnerabilities in tellmatic 1.0.7 ...)
	NOT-FOR-US: tellmatic
CVE-2007-6230 (Directory traversal vulnerability in ...)
	NOT-FOR-US: Rayzz
CVE-2007-6229 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: Rayzz
CVE-2007-6228 (Stack-based buffer overflow in the Helper class in the yt.ythelper.2 ...)
	NOT-FOR-US: Yahoo! Toolbar
CVE-2007-6227 (QEMU 0.9.0 allows local users of a Windows XP SP2 guest operating ...)
	- qemu <not-affected> (Windows issue)
CVE-2007-6226 (The American Power Conversion (APC) AP7932 0u 30amp Switched Rack ...)
	NOT-FOR-US: American Power Conversion (APC)
CVE-2007-6225 (Unspecified vulnerability in Sun Solaris 10, when 64bit mode is used ...)
	NOT-FOR-US: Sun Solaris 10
CVE-2007-6224 (The RealNetworks RealAudioObjects.RealAudio ActiveX control in ...)
	NOT-FOR-US: RealAudioObjects.RealAudio ActiveX
CVE-2007-6223 (SQL injection vulnerability in garage.php in phpBB Garage 1.2.0 Beta3 ...)
	NOT-FOR-US: phpBB Garage
CVE-2007-6222 (The CheckCustomerAccess function in functions.php in CRM-CTT ...)
	NOT-FOR-US: Interleave
CVE-2007-6221 (TuMusika Evolution 1.7R5 allows remote attackers to obtain ...)
	NOT-FOR-US: TuMusika
CVE-2007-6220 (typespeed before 0.6.4 allows remote attackers to cause a denial of ...)
	- typespeed 0.6.4-1 (unimportant; bug #454527)
CVE-2007-6219 (Cross-site scripting (XSS) vulnerability in IBM Tivoli Netcool ...)
	NOT-FOR-US: IBM Tivoli Netcool Security Manager
CVE-2007-6218 (Multiple PHP remote file inclusion vulnerabilities in Ossigeno CMS 2.2 ...)
	NOT-FOR-US: Ossigeno CMS
CVE-2007-6217 (Multiple SQL injection vulnerabilities in login.asp in Irola My-Time ...)
	NOT-FOR-US: Irola My-Time
CVE-2007-6216 (Race condition in the Fibre Channel protocol (fcp) driver and Devices ...)
	NOT-FOR-US: Sun Solaris
CVE-2007-6215 (Multiple directory traversal vulnerabilities in play.php in Web-MeetMe ...)
	NOT-FOR-US: Web-MeetMe
CVE-2007-6214 (Directory traversal vulnerability in include/file_download.php in ...)
	NOT-FOR-US: LearnLoop
CVE-2007-6213 (Multiple directory traversal vulnerabilities in mod/chat/index.php in ...)
	NOT-FOR-US: WebED
CVE-2007-6212 (Directory traversal vulnerability in region.php in KML share 1.1 ...)
	NOT-FOR-US: KML share
CVE-2008-0010 (The copy_from_user_mmap_sem function in fs/splice.c in the Linux ...)
	- linux-2.6 2.6.24-4
	- linux-2.6.24 <not-affected> (Fixed before initial upload, in 2.6.24-4 of linux-2.6)
	[etch] - linux-2.6 <not-affected> (vulnerable code not present)
CVE-2008-0009 (The vmsplice_to_user function in fs/splice.c in the Linux kernel ...)
	- linux-2.6 2.6.24-4
	- linux-2.6.24 <not-affected> (Fixed before initial upload, in 2.6.24-4 of linux-2.6)
	[etch] - linux-2.6 <not-affected> (vulnerable code not present)
CVE-2008-0008 (The pa_drop_root function in PulseAudio 0.9.8, and a certain 0.9.9 ...)
	{DSA-1476-1}
	- pulseaudio 0.9.9-1
CVE-2008-0007 (Linux kernel before 2.6.22.17, when using certain drivers that ...)
	{DSA-1565-1 DSA-1503-2 DSA-1504-1 DSA-1503-1}
	- linux-2.6.24 <not-affected> (Fixed before initial upload, in 2.6.24-4 of linux-2.6)
	- linux-2.6 2.6.24-4
CVE-2008-0006 (Buffer overflow in (1) X.Org Xserver before 1.4.1, and (2) the libfont ...)
	{DSA-1466-2 DTSA-110-1}
	- xorg-server 2:1.4.1~git20080105-2
	- libxfont 1:1.3.1-2
	[etch] - libxfont 1:1.2.2-2.etch1
CVE-2008-0005 (mod_proxy_ftp in Apache 2.2.x before 2.2.7-dev, 2.0.x before ...)
	- apache2 2.2.8-1 (low)
	- apache <removed> (low)
	[etch] - apache <no-dsa> (browser issue; low impact)
	[sarge] - apache <no-dsa> (browser issue; low impact)
	[sarge] - apache2 <no-dsa> (browser issue; low impact)
	[etch] - apache2 2.2.3-4+etch4 (low)
CVE-2008-0004
	RESERVED
CVE-2008-0003 (Stack-based buffer overflow in the PAMBasicAuthenticator::PAMCallback ...)
	NOT-FOR-US: OpenPegasus CIM management server
CVE-2008-0002 (Apache Tomcat 6.0.0 through 6.0.15 processes parameters in the context ...)
	- tomcat5.5 <not-affected> (Only Tomcat 6 is affected, according to upstream)
CVE-2008-0001 (VFS in the Linux kernel before 2.6.22.16, and 2.6.23.x before ...)
	{DSA-1479-1}
	- linux-2.6 2.6.24-1
	- linux-2.6.24 <not-affected> (Fixed before initial upload, upstream in 2.6.24)
CVE-2007-6207 (Xen 3.x, possibly before 3.1.2, when running on IA64 systems, does not ...)
	- xen-3 3.1.2-1
CVE-2007-6206 (The do_coredump function in fs/exec.c in Linux kernel 2.4.x and 2.6.x ...)
	{DSA-1503-2 DSA-1504-1 DSA-1503-1 DSA-1436-1}
	- linux-2.6 2.6.24-1
	- linux-2.6.24 <not-affected> (Fixed before initial upload, upstream in 2.6.24)
CVE-2007-6205 (Cross-site scripting (XSS) vulnerability in the remote RSS sidebar ...)
	{DSA-1528-1}
	- serendipity 1.2.1-1 (low)
CVE-2007-6204 (Multiple stack-based buffer overflows in HP OpenView Network Node ...)
	NOT-FOR-US: HP OpenView
CVE-2007-6203 (Apache HTTP Server 2.0.x and 2.2.x does not sanitize the HTTP Method ...)
	- apache2 2.2.6-3 (low)
	[sarge] - apache2 <no-dsa> (minor issue)
	- apache <not-affected> (vulnerable code not present)
	NOTE: Might be exploitable with older flash plugins via HTTP Request Splitting
	[etch] - apache2 2.2.3-4+etch4
CVE-2007-6208 (sylprint.pl in claws mail tools (claws-mail-tools) allows local users ...)
	- claws-mail 3.1.0-2 (low; bug #454089)
CVE-2007-6210 (zabbix_agentd 1.1.4 in ZABBIX before 1.4.3 runs &quot;UserParameter&quot; ...)
	{DSA-1420-1 DTSA-93-1}
	- zabbix 1:1.4.2-4 (bug #452682)
CVE-2007-6202 (SQL injection vulnerability in plugins/search/search.php in Neocrome ...)
	NOT-FOR-US: Neocrome Seditio CMS
CVE-2007-6211 (Send ICMP Nasty Garbage (sing) on Debian GNU/Linux allows local users ...)
	- sing 1.1-16 (low; bug #454167)
	[etch] - sing <no-dsa> (Only exploitable in inherently broken setups)
	[etch] - sing 1.1-13etch1
	[sarge] - sing 1.1-9sarge1
CVE-2007-6209 (Util/difflog.pl in zsh 4.3.4 allows local users to overwrite arbitrary ...)
	- zsh 4.3.4-dev-3-2 (low; bug #454073)
	[etch] - zsh <no-dsa> (Minor issue)
	[sarge] - zsh <no-dsa> (Minor issue)
CVE-2007-6201 (Unspecified vulnerability in Wesnoth 1.2.x before 1.2.8, and 1.3.x ...)
	- wesnoth 1:1.2.8-1 (low)
	[etch] - wesnoth 1.2-4
	[sarge] - wesnoth 0.9.0-8
CVE-2007-6200 (Unspecified vulnerability in rsync before 3.0.0pre6, when running a ...)
	- rsync 2.6.9-6 (low; bug #453652)
	[etch] - rsync <no-dsa> (Minor issue)
CVE-2007-6199 (rsync before 3.0.0pre6, when running a writable rsync daemon that is ...)
	- rsync 2.6.9-6 (unimportant; bug #453652)
	NOTE: Security feature enhancement, not really a security problem
CVE-2007-6198 (portal/server.pt in the Plumtree portal in BEA AquaLogic Interaction ...)
	NOT-FOR-US: Plumtree
CVE-2007-6197 (The Plumtree portal in BEA AquaLogic Interaction 5.0.2 through 5.0.4 ...)
	NOT-FOR-US: Plumtree
CVE-2007-6196 (Cross-site scripting (XSS) vulnerability in util.php in Calacode @Mail ...)
	NOT-FOR-US: Calacode
CVE-2007-6195 (Buffer overflow in the sw_rpc_agent_init function in swagentd in ...)
	NOT-FOR-US: HP-UX
CVE-2007-6194 (Unspecified vulnerability in HP Select Identity 4.01 before 4.01.012 ...)
	NOT-FOR-US: HP Select Identity
CVE-2007-6193 (The web management interface in Citrix NetScaler 8.0 build 47.8 stores ...)
	NOT-FOR-US: Citrix
CVE-2007-6192 (The web management interface in Citrix NetScaler 8.0 build 47.8 uses ...)
	NOT-FOR-US: Citrix
CVE-2007-6191 (Multiple PHP remote file inclusion vulnerabilities in Armin Burger ...)
	NOT-FOR-US: Armin Burger p.mapper
CVE-2007-6190 (The HTTP daemon in the Cisco Unified IP Phone, when the Extension ...)
	NOT-FOR-US: Cisco Unified IP Phone
CVE-2007-6189 (A certain ActiveX control in (1) OScan8.ocx and (2) Oscan81.ocx in ...)
	NOT-FOR-US: BitDefender Online Anti-Virus Scanner
CVE-2007-6188 (Multiple directory traversal vulnerabilities in TuMusika Evolution ...)
	NOT-FOR-US: TuMusika Evolution
CVE-2007-6187 (Multiple directory traversal vulnerabilities in PHP Content Architect ...)
	NOT-FOR-US: PHP Content Architect
CVE-2007-6186 (Unspecified vulnerability in PHPDevShell before 0.7.0 has unknown ...)
	NOT-FOR-US: PHPDevShell
CVE-2007-6185 (Directory traversal vulnerability in users/files.php in Eurologon CMS ...)
	NOT-FOR-US: Eurologon CMS
CVE-2007-6184 (Directory traversal vulnerability in index.php in Project Alumni 1.0.9 ...)
	NOT-FOR-US: Project Alumni
CVE-2007-6182 (The responder program in ISPsystem ISPmanager (aka ISPmgr) 4.2.15.1 ...)
	NOT-FOR-US: ISPmanager
CVE-2007-6181 (Heap-based buffer overflow in cygwin1.dll in Cygwin 1.5.7 and earlier ...)
	NOT-FOR-US: Cygwin
CVE-2007-6180 (Race condition in the Remote Procedure Call kernel module (rpcmod) in ...)
	NOT-FOR-US: Solaris
CVE-2007-6179 (Multiple PHP remote file inclusion vulnerabilities in Charray's CMS ...)
	NOT-FOR-US: Charray's CMS
CVE-2007-6178 (Multiple PHP remote file inclusion vulnerabilities in Easy Hosting ...)
	NOT-FOR-US: Easy Hosting Control Panel for Ubuntu
CVE-2007-6177 (PHP remote file inclusion vulnerability in Exchange/include.php in ...)
	NOT-FOR-US: PHP-CON
CVE-2007-6176 (kb_whois.cgi in K+B-Bestellsystem (aka KB-Bestellsystem) allows remote ...)
	NOT-FOR-US: KB-Bestellsystem
CVE-2007-6175 (Buffer overflow in Lhaplus 1.55 and earlier allows remote attackers to ...)
	NOT-FOR-US: Lhaplus
CVE-2007-6174 (PHPDevShell before 0.7.0 allows remote authenticated users to gain ...)
	NOT-FOR-US: PHPDevShell
CVE-2007-6173 (Cross-site scripting (XSS) vulnerability in c/portal/login in Liferay ...)
	NOT-FOR-US: Liferay
CVE-2007-6172 (Multiple SQL injection vulnerabilities in wpQuiz 2.7 allow remote ...)
	NOT-FOR-US: wpQuiz
CVE-2007-6169 (SQL injection vulnerability in admin/index2.asp in GOUAE DWD Realty ...)
	NOT-FOR-US: GOUAE DWD Realty
CVE-2007-6168 (SQL injection vulnerability in default.asp in VU Case Manager allows ...)
	NOT-FOR-US: VU Case Manager
CVE-2007-6167 (Untrusted search path vulnerability in yast2-core in SUSE Linux might ...)
	NOT-FOR-US: Yast2
CVE-2007-6166 (Stack-based buffer overflow in Apple QuickTime before 7.3.1, as used ...)
	NOT-FOR-US: Apple QuickTime
CVE-2007-6165 (Mail in Apple Mac OS X Leopard (10.5.1) allows user-assisted remote ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2007-6164 (Multiple SQL injection vulnerabilities in Eurologon CMS allow remote ...)
	NOT-FOR-US: Eurologon CMS
CVE-2007-6163 (SQL injection vulnerability in admin/index2.asp in GOUAE DWD Realty ...)
	NOT-FOR-US: GOUAE DWD Realty
CVE-2007-6162 (Cross-site scripting (XSS) vulnerability in index.php in FMDeluxe ...)
	NOT-FOR-US: FMDeluxe
CVE-2007-6161 (index.php in Tilde CMS 4.x and earlier allows remote attackers to ...)
	NOT-FOR-US: Tilde CMS
CVE-2007-6160 (Cross-site scripting (XSS) vulnerability in index.php in Tilde CMS 4.x ...)
	NOT-FOR-US: Tilde CMS
CVE-2007-6159 (SQL injection vulnerability in index.php in Tilde CMS 4.x and earlier ...)
	NOT-FOR-US: Tilde CMS
CVE-2007-6158 (Multiple SQL injection vulnerabilities in caladmin.inc.php in Proverbs ...)
	NOT-FOR-US: Proverbs Web Calendar
CVE-2007-6157 (Cross-site scripting (XSS) vulnerability in index.php in SimpleGallery ...)
	NOT-FOR-US: SimpleGallery
CVE-2007-6156 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
	- acidbase 1.3.9-1 (low; bug #453838)
	[etch] - acidbase <not-affected> (vulnerable code not present, in etch acidbase exits in this case)
CVE-2007-6155
	RESERVED
CVE-2007-6154
	RESERVED
CVE-2007-6153
	RESERVED
CVE-2007-6152
	RESERVED
CVE-2007-6151 (The isdn_ioctl function in isdn_common.c in Linux kernel 2.6.23 allows ...)
	{DSA-1503-2 DSA-1504-1 DSA-1503-1 DSA-1479-1}
	- linux-2.6 2.6.23-2
CVE-2007-6149 (Multiple integer overflows in the Edge server in Adobe Flash Media ...)
	NOT-FOR-US: Adobe Flash Media Server
CVE-2007-6148 (Use-after-free vulnerability in the Edge server in Adobe Flash Media ...)
	NOT-FOR-US: Adobe Flash Media Server
CVE-2007-6147 (Multiple PHP remote file inclusion vulnerabilities in IAPR COMMENCE ...)
	NOT-FOR-US: IAPR COMMENCE
CVE-2007-6146 (Hitachi JP1/File Transmission Server/FTP 01-00 through 08-10-02 on ...)
	NOT-FOR-US: JP1/File Transmission Server/FTP on windows
CVE-2007-6145 (Unspecified vulnerability in Hitachi JP1/File Transmission Server/FTP ...)
	NOT-FOR-US: Hitachi JP1/File Transmission Server/FTP
CVE-2007-6144 (Heap-based buffer overflow in the PPlayer.XPPlayer.1 ActiveX control ...)
	NOT-FOR-US: Xunlei Thunder
CVE-2007-6143 (SQL injection vulnerability in default.asp (aka the Login Page) in VU ...)
	NOT-FOR-US: VU Case Manager
CVE-2007-6142 (Multiple cross-site scripting (XSS) vulnerabilities in ph03y3nk just ...)
	NOT-FOR-US: JAF CMS
CVE-2007-6141 (Cross-site scripting (XSS) vulnerability in vBTube.php in vBTube 1.1 ...)
	NOT-FOR-US: vBTube
CVE-2007-6140 (Multiple SQL injection vulnerabilities in Dora Emlak 2.0 allow remote ...)
	NOT-FOR-US: Dora Emlak
CVE-2007-6139 (PHP remote file inclusion vulnerability in index.php in Mp3 ToolBox ...)
	NOT-FOR-US: Mp3 ToolBox
CVE-2007-6138 (SQL injection vulnerability in redir.asp in VU Mass Mailer allows ...)
	NOT-FOR-US: VU Mass Mailer
CVE-2007-6137 (SQL injection vulnerability in news.php in Content Injector 1.52 ...)
	NOT-FOR-US: Content Injector
CVE-2007-6136 (Multiplce cross-site scripting (XSS) vulnerabilities in index.php in ...)
	NOT-FOR-US: M2Scripts MySpace Scripts
CVE-2007-6135 (Cross-site scripting (XSS) vulnerability in phpslideshow.php in ...)
	NOT-FOR-US: PHPSlideShow
CVE-2007-6134 (SQL injection vulnerability in pkinc/public/article.php in PHPKIT ...)
	NOT-FOR-US: PHPKIT
CVE-2007-6133 (PHP remote file inclusion vulnerability in admin/kfm/initialise.php in ...)
	NOT-FOR-US: DevMass Shopping Cart
CVE-2007-6183 (Format string vulnerability in the mdiag_initialize function in ...)
	{DSA-1431-1 DTSA-102-1}
	- ruby-gnome2 0.16.0-10 (medium; bug #453689)
CVE-2007-6171 (SQL injection vulnerability in the Postgres Realtime Engine ...)
	- asterisk 1:1.4.15~dfsg-1 (medium)
	[sarge] - asterisk <not-affected> (Vulnerable code not present)
	[etch] - asterisk <not-affected> (Vulnerable code not present)
CVE-2007-6170 (SQL injection vulnerability in the Call Detail Record Postgres logging ...)
	{DSA-1417-1}
	- asterisk 1:1.4.15~dfsg-1 (medium)
CVE-2007-6150 (The &quot;internal state tracking&quot; code for the random and urandom devices ...)
	- kfreebsd-7 7.0~cvs20080107-1
	- kfreebsd-6 6.3~cvs20080107-1
	- kfreebsd-5 <removed> (medium; bug #453944)
	[etch] - kfreebsd-5 <no-dsa> (kfreebsd not supported)
CVE-2007-6132
	REJECTED
CVE-2007-6131 (buttonpressed.sh in scanbuttond 0.2.3 allows local users to overwrite ...)
	- scanbuttond 0.2.3-6 (unimportant; bug #453239)
	NOTE: this is just an example script, maintainer adds a note about it
	NOTE: 0.2.3-6 adds a security note about this script
CVE-2007-6130 (gnump3d 2.9final does not apply password protection to its plugins, ...)
	- gnump3d 3.0-1 (medium)
	[sarge] - gnump3d <not-affected> (Vulnerable code not present)
	[etch] - gnump3d <not-affected> (Vulnerable code not present)
CVE-2007-6129 (Directory traversal vulnerability in scripts/include/show_content.php ...)
	NOT-FOR-US: Amber script
CVE-2007-6128 (SQL injection vulnerability in events.php in WorkingOnWeb 2.0.1400 ...)
	NOT-FOR-US: WorkingOnWeb
CVE-2007-6127 (Multiple SQL injection vulnerabilities in project alumni 1.0.9 and ...)
	NOT-FOR-US: Alumni
CVE-2007-6126 (Multiple cross-site scripting (XSS) vulnerabilities in project alumni ...)
	NOT-FOR-US: Alumni
CVE-2007-6125 (SQL injection vulnerability in search_form.php in Softbiz Freelancers ...)
	NOT-FOR-US: Softbiz Freelancers Script
CVE-2007-6124 (Cross-site scripting (XSS) vulnerability in signin.php in Softbiz ...)
	NOT-FOR-US: Softbiz Freelancers Script
CVE-2007-6123 (Unspecified vulnerability in IRC Services 5.1.8 has unknown impact and ...)
	NOT-FOR-US: IRC Services
CVE-2007-6122 (The default_encrypt function in encrypt.c in IRC Services before ...)
	NOT-FOR-US: IRC Services
CVE-2007-6110 (Cross-site scripting (XSS) vulnerability in htsearch in htdig 3.2.0b6 ...)
	{DSA-1429-1}
	- htdig 1:3.2.0b6-4 (low; bug #453278)
	[sarge] - htdig <not-affected> (Vulnerable code not present)
CVE-2007-6109 (Stack-based buffer overflow in emacs allows user-assisted attackers to ...)
	{DTSA-98-1 DTSA-99-1}
	- emacs22 22.1+1-2.2 (bug #455432)
	- emacs21 21.4a+1-5.2 (bug #455433)
	[etch] - emacs21 <no-dsa> (Minor issue, .el scripts opened need to be trusted)
	- xemacs21 21.4.21-4 (bug #457764)
	[etch] - xemacs21 <no-dsa> (Minor issue, .el scripts opened need to be trusted)
CVE-2007-6108
	RESERVED
CVE-2007-6107
	RESERVED
CVE-2007-6106 (SQL injection vulnerability in index.php in AlstraSoft E-Friends 4.98 ...)
	NOT-FOR-US: AlstraSoft E-Friends
CVE-2007-6105 (Multiple PHP remote file inclusion vulnerabilities in TalkBack 2.2.7 ...)
	NOT-FOR-US: TalkBack
CVE-2007-6104 (Cross-site scripting (XSS) vulnerability in the Instant Web Publishing ...)
	NOT-FOR-US: FileMaker Pro
CVE-2007-6103 (I Hear U (IHU) 0.5.6 and earlier allows remote attackers to cause (1) ...)
	- ihu 0.5.6-3.1 (unimportant; bug #453280)
	NOTE: Would only terminate normal phone call by hanging up, not a real security bug
CVE-2007-6102 (Cross-site scripting (XSS) vulnerability in Feed to JavaScript ...)
	NOT-FOR-US: feed2js
CVE-2007-6101 (Ability Mail Server before 2.61 allows remote authenticated users to ...)
	NOT-FOR-US: Ability Mail Server
CVE-2007-6100 (Cross-site scripting (XSS) vulnerability in ...)
	- phpmyadmin 4:2.11.2.2-1
	[sarge] - phpmyadmin <not-affected> (Vulnerable code not present)
	[etch] - phpmyadmin <not-affected> (Vulnerable code not present)
CVE-2007-6099 (Unspecified vulnerability in Ingate Firewall before 4.6.0 and ...)
	NOT-FOR-US: Ingate Firewall Siparator
CVE-2007-6098 (Ingate Firewall before 4.6.0 and SIParator before 4.6.0 do not log ...)
	NOT-FOR-US: Ingate Firewall Siparator
CVE-2007-6097 (Unspecified vulnerability in the ICMP implementation in Ingate ...)
	NOT-FOR-US: Ingate Firewall Siparator
CVE-2007-6096 (Ingate Firewall before 4.6.0 and SIParator before 4.6.0 use cleartext ...)
	NOT-FOR-US: Ingate Firewall Siparator
CVE-2007-6095 (The SIP component in Ingate Firewall before 4.6.0 and SIParator before ...)
	NOT-FOR-US: Ingate Firewall Siparator
CVE-2007-6094 (The IPsec module in the VPN component in Ingate Firewall before 4.6.0 ...)
	NOT-FOR-US: Ingate Firewall Siparator
CVE-2007-6093 (The SRTP implementation in Ingate Firewall before 4.6.0 and SIParator ...)
	NOT-FOR-US: Ingate Firewall Siparator
CVE-2007-6092 (Buffer overflow in libsrtp in Ingate Firewall before 4.6.0 and ...)
	NOT-FOR-US: Ingate Firewall Siparator
CVE-2007-6091 (Multiple SQL injection vulnerabilities in files/login.asp in JiRo's ...)
	NOT-FOR-US: JiRo's Banner System (JBS)
CVE-2007-6090 (Cross-site scripting (XSS) vulnerability in index.php in Nuked-Klan ...)
	NOT-FOR-US: Nuked-Klan
CVE-2007-6089 (PHP remote file inclusion vulnerability in index.php in meBiblio 0.4.5 ...)
	NOT-FOR-US: meBiblio
CVE-2007-6088 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: phpBBViet
CVE-2007-6087 (Cross-site request forgery (CSRF) vulnerability in index.php in ...)
	NOT-FOR-US: VigileCMS
CVE-2007-6086 (Directory traversal vulnerability in index.php in VigileCMS 1.4 allows ...)
	NOT-FOR-US: VigileCMS
CVE-2007-6085 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...)
	NOT-FOR-US: VigileCMS
CVE-2007-6084 (SQL injection vulnerability in software-description.php in HotScripts ...)
	NOT-FOR-US: HotScripts Clone script
CVE-2007-6083 (SQL injection vulnerability in admin/index.php in IceBB 1.0-rc6 allows ...)
	NOT-FOR-US: IceBB
CVE-2007-6082 (Direct static code injection vulnerability in acp/savenews.php in ...)
	NOT-FOR-US: Sciurus Hosting Panel
CVE-2007-6081 (AdventNet EventLog Analyzer build 4030 for Windows, and possibly other ...)
	NOT-FOR-US: Windows
CVE-2007-6080 (SQL injection vulnerability in modules/banners/click.php in the ...)
	NOT-FOR-US: bcoos
CVE-2007-6079 (Directory traversal vulnerability in include/common.php in bcoos ...)
	NOT-FOR-US: bcoos
CVE-2007-6078 (Multiple SQL injection vulnerabilities in SkyPortal RC6 allow remote ...)
	NOT-FOR-US: SkyPortal
CVE-2007-6076
	RESERVED
CVE-2007-6075
	RESERVED
CVE-2007-6074
	RESERVED
CVE-2007-6073
	RESERVED
CVE-2007-6072
	RESERVED
CVE-2007-6071
	RESERVED
CVE-2007-6070
	RESERVED
CVE-2007-6069
	RESERVED
CVE-2007-6068
	RESERVED
CVE-2007-6067 (Algorithmic complexity vulnerability in the regular expression parser ...)
	{DSA-1463-1 DSA-1460-1}
	- postgresql-8.2 8.2.6-1
	- postgresql-8.1 8.1.11-1
	- tcl8.3 8.3.5-13
	[etch] - tcl8.3 <no-dsa> (Minor issue)
	- tcl8.4 8.4.17-1
	[etch] - tcl8.4 <no-dsa> (Minor issue)
	[sarge] - postgresql <unfixed>
CVE-2007-6066
	RESERVED
CVE-2007-6065
	RESERVED
CVE-2007-6064
	RESERVED
CVE-2007-6063 (Buffer overflow in the isdn_net_setcfg function in isdn_net.c in Linux ...)
	{DSA-1503-2 DSA-1504-1 DSA-1503-1 DSA-1436-1}
	- linux-2.6 2.6.23-2
	NOTE: kernel-sec is aware of this
CVE-2007-6062 (irc-channel.c in ngIRCd before 0.10.3 allows remote attackers to cause ...)
	- ngircd 0.10.3-1 (bug #451875)
	[etch] - ngircd 0.10.0-2etch1
CVE-2007-6061 (Audacity 1.3.2 creates a temporary directory with a predictable name ...)
	- audacity 1.3.4-1.1 (bug #453283; low)
	[etch] - audacity <no-dsa> (Minor issue)
CVE-2007-6060 (AhnLab Antivirus 3 Internet Security 2008 Platinum appends data to a ...)
	NOT-FOR-US: AhnLab Antivirus 3 Internet Security 2008 Platinum
CVE-2007-6059 (** DISPUTED ** ...)
	NOT-FOR-US: Javamail
CVE-2007-6058 (Multiple SQL injection vulnerabilities in index.php in ProfileCMS 1.0 ...)
	NOT-FOR-US: ProfileCMS
CVE-2007-6057 (PHP remote file inclusion vulnerability in index.php in datecomm ...)
	NOT-FOR-US: datecomm Social Networking Script
CVE-2007-6056 (frame.html in Aida-Web (Aida Web) allows remote attackers to bypass a ...)
	NOT-FOR-US: Aida-Web
CVE-2007-6055 (Cross-site scripting (XSS) vulnerability in c/portal/login in Liferay ...)
	NOT-FOR-US: Liferay Portal
CVE-2007-6054 (Cross-site scripting (XSS) vulnerability in the login page in the ...)
	NOT-FOR-US: Aruba 800 Mobility Controller
CVE-2007-6053 (IBM DB2 UDB 9.1 before Fixpak 4 does not properly handle use of large ...)
	NOT-FOR-US: IBM DB2
CVE-2007-6052 (IBM DB2 UDB 9.1 before Fixpak 4 does not properly perform vector ...)
	NOT-FOR-US: IBM DB2
CVE-2007-6051 (IBM DB2 UDB 9.1 before Fixpak 4 assigns incorrect privileges to the ...)
	NOT-FOR-US: IBM DB2
CVE-2007-6050 (Unspecified vulnerability in DB2LICD in IBM DB2 UDB 9.1 before Fixpak ...)
	NOT-FOR-US: IBM DB2
CVE-2007-6049 (Unspecified vulnerability in the SSL LOAD GSKIT action in IBM DB2 UDB ...)
	NOT-FOR-US: IBM DB2
CVE-2007-6048 (IBM DB2 UDB 9.1 before Fixpak 4 uses incorrect permissions on ACLs for ...)
	NOT-FOR-US: IBM DB2
CVE-2007-6047 (Unspecified vulnerability in the DB2DART tool in IBM DB2 UDB 9.1 ...)
	NOT-FOR-US: IBM DB2
CVE-2007-6046 (Unspecified vulnerability in unspecified setuid programs in IBM DB2 ...)
	NOT-FOR-US: IBM DB2
CVE-2007-6045 (Unspecified vulnerability in (1) DB2WATCH and (2) DB2FREEZE in IBM DB2 ...)
	NOT-FOR-US: IBM DB2
CVE-2007-6044 (Multiple unspecified vulnerabilities in IBM WebSphere MQ 6.0 have ...)
	NOT-FOR-US: IBM WebSphere
CVE-2007-6043 (The CryptGenRandom function in Microsoft Windows 2000 generates ...)
	NOT-FOR-US: Windows
CVE-2007-6042 (PHP remote file inclusion vulnerability in fehler.inc.php in SWSoft ...)
	NOT-FOR-US: SWSoft Confixx Professional
CVE-2007-6041 (Buffer overflow in the Sequencer::queueMessage function in ...)
	NOT-FOR-US: Rigs of Rods (RoR)
CVE-2007-6040 (The Belkin F5D7230-4 Wireless G Router allows remote attackers to ...)
	NOT-FOR-US: Belkin F5D7230-4 Wireless G Router
CVE-2007-6039 (PHP 5.2.5 and earlier allows context-dependent attackers to cause a ...)
	- php5 5.2.5-1 (unimportant; bug #453295)
	NOTE: Not a vulnerability per Debian PHP security policy, requires malicious
	NOTE: script to trigger this issue
CVE-2007-6077 (The session fixation protection mechanism in cgi_process.rb in Rails ...)
	- rails 1.2.6-1 (low; bug #452748)
CVE-2007-6111 (Multiple unspecified vulnerabilities in Wireshark (formerly Ethereal) ...)
	{DTSA-92-1}
	- wireshark 0.99.7~pre1-1 (low; bug #452381)
	[etch] - wireshark <not-affected> (Vulnerable code not present)
	[sarge] - ethereal <not-affected> (Vulnerable code not present)
CVE-2007-6112 (Buffer overflow in the PPP dissector Wireshark (formerly Ethereal) ...)
	{DTSA-92-1}
	- wireshark 0.99.7~pre1-1 (medium; bug #452381)
	[etch] - wireshark <not-affected> (Vulnerable code not present)
	[sarge] - ethereal <not-affected> (Vulnerable code not present)
CVE-2007-6113 (Integer signedness error in the DNP3 dissector in Wireshark (formerly ...)
	{DTSA-92-1}
	- wireshark 0.99.6pre1-1 (low)
	[etch] - wireshark <no-dsa> (Minor issue, exotic dissector, very intrusive backport)
CVE-2007-6114 (Multiple buffer overflows in Wireshark (formerly Ethereal) 0.99.0 ...)
	{DSA-1414-1 DTSA-92-1}
	- wireshark 0.99.7~pre1-1 (medium; bug #452381)
	[sarge] - ethereal <not-affected> (Vulnerable code not present)
CVE-2007-6115 (Buffer overflow in the ANSI MAP dissector for Wireshark (formerly ...)
	{DTSA-92-1}
	- wireshark 0.99.7~pre1-1 (medium; bug #452381)
	[etch] - wireshark <not-affected> (Vulnerable code not present)
	[sarge] - ethereal <not-affected> (Vulnerable code not present)
CVE-2007-6116 (The Firebird/Interbase dissector in Wireshark (formerly Ethereal) ...)
	{DTSA-92-1}
	- wireshark 0.99.7~pre1-1 (low; bug #452381)
	[etch] - wireshark <not-affected> (Vulnerable code not present)
	[sarge] - ethereal <not-affected> (Vulnerable code not present)
CVE-2007-6117 (Unspecified vulnerability in the HTTP dissector for Wireshark ...)
	{DSA-1414-1 DTSA-92-1}
	- wireshark 0.99.7~pre1-1 (bug #452381)
	[sarge] - ethereal <not-affected> (Vulnerable code not present)
CVE-2007-6118 (The MEGACO dissector in Wireshark (formerly Ethereal) 0.9.14 to 0.99.6 ...)
	{DSA-1414-1 DTSA-92-1}
	- wireshark 0.99.7~pre1-1 (low; bug #452381)
CVE-2007-6119 (The DCP ETSI dissector in Wireshark (formerly Ethereal) 0.99.6 allows ...)
	{DTSA-92-1}
	- wireshark 0.99.7~pre1-1 (low; bug #452381)
	[etch] - wireshark <not-affected> (Vulnerable code not present)
	[sarge] - ethereal <not-affected> (Vulnerable code not present)
CVE-2007-6120 (The Bluetooth SDP dissector Wireshark (formerly Ethereal) 0.99.2 to ...)
	{DSA-1414-1 DTSA-92-1}
	- wireshark 0.99.7~pre1-1 (low; bug #452381)
	[sarge] - ethereal <not-affected> (Vulnerable code not present)
CVE-2007-6121 (Wireshark (formerly Ethereal) 0.8.16 to 0.99.6 allows remote attackers ...)
	{DSA-1414-1 DTSA-92-1}
	- wireshark 0.99.7~pre1-1 (low; bug #452381)
CVE-2007-6038 (PHP remote file inclusion vulnerability in xajax_functions.php in the ...)
	NOT-FOR-US: Joomla! extension
CVE-2007-6037 (Cross-site scripting (XSS) vulnerability in ws/generic_api_call.pl in ...)
	NOT-FOR-US: Citrix NetScaler
CVE-2007-6036 (The parseRTSPRequestString function in LIVE555 Media Server 2007.11.01 ...)
	NOT-FOR-US: LIVE555 Media Server
CVE-2007-6034
	REJECTED
CVE-2007-6033 (Invensys Wonderware InTouch 8.0 creates a NetDDE share with insecure ...)
	NOT-FOR-US: Invensys Wonderware InTouch
CVE-2007-6032 (SQL injection vulnerability in calendar/page.asp in Aleris Web ...)
	NOT-FOR-US: Aleris Web Publishing Server
CVE-2007-6031 (Unspecified vulnerability in VanDyke VShell 3.0.1 allows remote ...)
	NOT-FOR-US: VanDyke VShell
CVE-2007-6030 (Unspecified vulnerability in Weird Solutions BOOTPTurbo 1.2 has ...)
	NOT-FOR-US: Weird Solutions BOOTPTurbo
CVE-2007-6029 (Unspecified vulnerability in ClamAV 0.91.1 and 0.91.2 allows remote ...)
	NOTE: this information is based upon a vague advisory by a vulnerability
	NOTE: information sales organization that does not coordinate with vendors or
	NOTE: release actionable advisories. So maybe it is not fixed _but_ since it is
	NOTE: not disclosed it would be hard to fix and track it.
CVE-2007-6028 (Multiple stack-based buffer overflows in the VSFlexGrid.VSFlexGridL ...)
	NOT-FOR-US: ComponentOne FlexGrid
CVE-2007-6027 (PHP remote file inclusion vulnerability in admin.jjgallery.php in the ...)
	NOT-FOR-US: Joomla! extension
CVE-2007-6026 (Stack-based buffer overflow in Microsoft msjet40.dll 4.0.8618.0 (aka ...)
	NOT-FOR-US: Microsoft Jet Engine
CVE-2007-6025 (Stack-based buffer overflow in driver_wext.c in wpa_supplicant 0.6.0 ...)
	- wpasupplicant 0.6.0-4
	[etch] - wpasupplicant <not-affected> (Vulnerable code not present)
	[sarge] - wpasupplicant <not-affected> (Vulnerable code not present)
CVE-2007-6024
	RESERVED
CVE-2007-6023
	RESERVED
CVE-2007-6022
	RESERVED
CVE-2007-6021 (Heap-based buffer overflow in Adobe PageMaker 7.0.1 and 7.0.2 allows ...)
	NOT-FOR-US: Adobe PageMaker
CVE-2007-6020 (Multiple stack-based buffer overflows in foliosr.dll in the Folio Flat ...)
	NOT-FOR-US: KeyView
CVE-2007-6019 (Adobe Flash Player 9.0.115.0 and earlier, and 8.0.39.0 and earlier, ...)
	- flashplugin-nonfree 1:1.4
CVE-2007-6018 (IMP Webmail Client 4.1.5, Horde Application Framework 3.1.5, and Horde ...)
	{DSA-1470-1}
	- horde3 3.1.6-1 (bug #461131; low)
	- imp4 <not-affected> (xss.php is only present in horde3 package)
CVE-2007-6017 (The PVATLCalendar.PVCalendar.1 ActiveX control in pvcalendar.ocx in ...)
	NOT-FOR-US: Symantec Backup Exec
CVE-2007-6016 (Multiple stack-based buffer overflows in the ...)
	NOT-FOR-US: Symantec Backup Exec
CVE-2007-6015 (Stack-based buffer overflow in the send_mailslot function in nmbd in ...)
	{DSA-1427-1 DTSA-100-1}
	- samba 3.0.28-1 (high)
CVE-2007-6014 (SQL injection vulnerability in post.php in Beehive Forum 0.7.1 and ...)
	NOT-FOR-US: Beehive Forum
CVE-2007-6013 (Wordpress 1.5 through 2.3.1 uses cookie values based on the MD5 hash ...)
	- wordpress 2.5.0-1 (low; bug #452251)
	NOTE: if untrusted people are allowed to read the database they could still
	NOTE: crack the hash with more work, so maybe this is unimportant?
CVE-2007-6012 (SQL injection vulnerability in SearchR.asp in DocuSafe 4.1.0 allows ...)
	NOT-FOR-US: DocuSafe
CVE-2004-2757 (Cross-site scripting (XSS) vulnerability in the failed login page in ...)
	NOT-FOR-US: Novell iChain
CVE-2004-2756 (Cross-site scripting (XSS) vulnerability in viewtopic.php in Xoops ...)
	NOT-FOR-US: Xoops
CVE-2002-2426 (Cross-site request forgery (CSRF) vulnerability in Citrix Presentation ...)
	NOT-FOR-US: predating security tracker
CVE-2007-6035 (SQL injection vulnerability in graph.php in Cacti before 0.8.7a allows ...)
	{DSA-1418-1}
	- cacti 0.8.7a-1 (medium; bug #452085)
CVE-2007-6011 (Unspecified vulnerability in main.php of BugHotel Reservation System ...)
	NOT-FOR-US: BugHotel
CVE-2007-6010 (Unspecified vulnerability in pioneers (formerly gnocatan) 0.11.3 ...)
	{DTSA-89-1}
	- pioneers 0.11.3-2 (low; bug #449541)
	[etch] - pioneers <no-dsa> (Minor issue)	
CVE-2007-6009 (Multiple buffer overflows in ACD products allow user-assisted remote ...)
	NOT-FOR-US: ACD products
CVE-2007-6008 (Heap-based buffer overflow in emlsr.dll before 2.0.0.4 in Autonomy ...)
	NOT-FOR-US: Autonomy
CVE-2007-6007 (Integer overflow in the ID_PSP.apl plug-in for ACD ACDSee Photo ...)
	NOT-FOR-US: Pro Photo Manager
CVE-2007-6006 (TestLink before 1.7.1 does not enforce an unspecified authorization ...)
	NOT-FOR-US: TestLink
CVE-2007-6005 (Unspecified vulnerability in the GpcContainer.GpcContainer.1 ActiveX ...)
	NOT-FOR-US: WebEx
CVE-2007-6004 (Multiple SQL injection vulnerabilities in index.php in Toko Instan 7.6 ...)
	NOT-FOR-US: Toko Instan
CVE-2007-6003 (Cross-site scripting (XSS) vulnerability in cgi/b/ic/connect in the ...)
	NOT-FOR-US: SpeedTouch
CVE-2007-6002 (Cross-site scripting (XSS) vulnerability in Fenriru (1) Sleipnir ...)
	NOT-FOR-US: Fenriru
CVE-2007-6001 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...)
	- bandersnatch <removed> (low; bug #435709)
CVE-2007-6000 (KDE Konqueror 3.5.6 and earlier allows remote attackers to cause a ...)
	- kdebase <unfixed> (unimportant; bug #451794)
	NOTE: not reproducible with 4:3.5.8.dfsg.1-1, poked maintainer
	NOTE: it seems konqueror only treats the cookie value until some special length
	NOTE: as cookie, after this length it will open the rest as site content. This eats alot
	NOTE: ram and cpu but depending on how much ram the system has, konqueror will die after
	NOTE: no memory is left, not treated as security problem.
CVE-2007-5999 (SQL injection vulnerability in product_desc.php in Softbiz Auctions ...)
	NOT-FOR-US: Softbiz
CVE-2007-5998 (SQL injection vulnerability in ads.php in Softbiz Ad Management plus ...)
	NOT-FOR-US: Softbiz
CVE-2007-5997 (SQL injection vulnerability in campaign_stats.php in Softbiz Banner ...)
	NOT-FOR-US: Softbiz Banner Exchange Network Script
CVE-2007-5996 (SQL injection vulnerability in searchresult.php in Softbiz Link ...)
	NOT-FOR-US: Softbiz Link Directory Script
CVE-2007-5995 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: patBBcode
CVE-2007-5994 (PHP remote file inclusion vulnerability in check_noimage.php in Fritz ...)
	NOT-FOR-US: php photo album
CVE-2007-5993 (Cross-site scripting (XSS) vulnerability in Visionary Technology in ...)
	NOT-FOR-US: vtls
CVE-2007-5992 (SQL injection vulnerability in index.php in datecomm Social Networking ...)
	NOT-FOR-US: Social Networking Script
CVE-2007-5991 (SQL injection vulnerability in index.php in ExoPHPdesk allows remote ...)
	NOT-FOR-US: ExoPHPdesk
CVE-2007-5990 (Cross-site scripting (XSS) vulnerability in ExoPHPdesk allows remote ...)
	NOT-FOR-US: ExoPHPdesk
CVE-2006-7230 (Perl-Compatible Regular Expression (PCRE) library before 7.0 does not ...)
	{DSA-1570-1}
	- pcre3 7.0-1
	- kazehakase 0.5.2-1
	[sarge] - pcre3 4.5+7.4-1
	[etch] - pcre3 6.7+7.4-2
CVE-2004-2755 (Cross-site scripting (XSS) vulnerability in Symantec Web Security 2.5, ...)
	NOT-FOR-US: Symantec Web Security
CVE-2004-2754 (SQL injection vulnerability in SSI.php in YaBB SE 1.5.4, 1.5.3, and ...)
	NOT-FOR-US: YaBB
CVE-2007-5989 (Unspecified vulnerability in the skype4com URI handler in Skype before ...)
	NOT-FOR-US: Skype
CVE-2007-5988 (blocks/shoutbox_block.php in BtiTracker 1.4.4 does not verify user ...)
	NOT-FOR-US: BtiTracker
CVE-2007-5987 (details.php in BtiTracker before 1.4.5, when torrent viewing is ...)
	NOT-FOR-US: BtiTracker
CVE-2007-5986 (SQL injection vulnerability in include/functions.php in BtiTracker ...)
	NOT-FOR-US: BtiTracker
CVE-2007-5985 (Multiple cross-site scripting (XSS) vulnerabilities in BtiTracker ...)
	NOT-FOR-US: BtiTracker
CVE-2007-5984 (classes/Url.php in Justin Hagstrom AutoIndex PHP Script before 2.2.4 ...)
	NOT-FOR-US: AutoIndex
CVE-2007-5983 (Cross-site scripting (XSS) vulnerability in index.php in Justin ...)
	NOT-FOR-US: AutoIndex
CVE-2007-5982 (Multiple cross-site scripting (XSS) vulnerabilities in X7 Chat 2.0.4, ...)
	NOT-FOR-US: X7 Chat
CVE-2007-5981 (Lantronix SCS3200 does not properly handle public-key requests, which ...)
	NOT-FOR-US: Lantronix
CVE-2007-5980 (Cross-site scripting (XSS) vulnerability in home/rss.php in eggblog ...)
	NOT-FOR-US: eggblog
CVE-2007-5979 (Cross-site scripting (XSS) vulnerability in download_plugin.php3 in F5 ...)
	NOT-FOR-US: F5 Firepass
CVE-2007-5978 (SQL injection vulnerability in brokenlink.php in the mylinks module ...)
	NOT-FOR-US: XOOPS
CVE-2007-5977 (Cross-site scripting (XSS) vulnerability in db_create.php in ...)
	- phpmyadmin 4:2.11.2.1-1 (unimportant; bug #451465)
	[etch] - phpmyadmin <not-affected> (Vulnerable code not present)
	[sarge] - phpmyadmin <not-affected> (Vulnerable code not present)
CVE-2007-5976 (SQL injection vulnerability in db_create.php in phpMyAdmin before ...)
	- phpmyadmin 4:2.11.2.1-1 (unimportant; bug #451465)
CVE-2007-5975 (SQL injection vulnerability in index.php in TBSource, as used in (1) ...)
	NOT-FOR-US: TBSource
CVE-2007-5974 (SQL injection vulnerability in mailer.php in JPortal 2 allows remote ...)
	NOT-FOR-US: JPortal
CVE-2007-5973 (SQL injection vulnerability in articles.php in JPortal 2.3.1 and ...)
	NOT-FOR-US: JPortal
CVE-2007-5972 (Double free vulnerability in the krb5_def_store_mkey function in ...)
	- krb5 1.6.dfsg.4~beta1-1 (unimportant; bug #454974)
	NOTE: potential attackers must have privileges to store the krb5kdc master key
	NOTE: http://mailman.mit.edu/pipermail/kerberos/2007-December/012717.html
CVE-2007-5971 (Double free vulnerability in the gss_krb5int_make_seal_token_v3 ...)
	- krb5 1.6.dfsg.4~beta1-1 (unimportant; bug #454974)
	NOTE: Not exploitable in real-world circumstances:
	NOTE: http://mailman.mit.edu/pipermail/kerberos/2007-December/012717.html
CVE-2007-5970 (MySQL 5.1.x before 5.1.23 and 6.0.x before 6.0.4 allows remote ...)
	- mysql-dfsg-5.0 <not-affected> (Vulnerable code not present referring to maintainer)
	- mysql-dfsg-4.1 <removed>
	- mysql-dfsg <removed>
	NOTE: version in experimental is affected by this
	NOTE: the debian maintainers do not yet have access to this issue: http://lists.mysql.com/packagers/377
CVE-2007-5969 (MySQL Community Server 5.0.x before 5.0.51, Enterprise Server 5.0.x ...)
	{DSA-1451-1}
	- mysql-dfsg-5.0 5.0.45-4 (low; bug #455010)
	- mysql-dfsg-4.1 <removed>
CVE-2007-5968
	REJECTED
CVE-2007-5967
	RESERVED
CVE-2007-5966 (Integer overflow in the hrtimer_start function in kernel/hrtimer.c in ...)
	{DSA-1436-1}
	- linux-2.6 2.6.23-2
CVE-2007-5965 (QSslSocket in Trolltech Qt 4.3.0 through 4.3.2 does not properly ...)
	- qt4-x11 4.3.3-1
	[etch] - qt4-x11 <not-affected> (Vulnerable code was introduced in 4.3)
	- qt-x11-free <not-affected> (Vulnerable code was introduced in 4.3)
CVE-2007-5964 (The default configuration of autofs 5 in some Linux distributions, ...)
	- autofs 3.1.4-8 (medium)
	- autofs5 5.0.3-1
CVE-2007-5963 (Unspecified vulnerability in kdebase allows local users to cause a ...)
	- kdebase <unfixed> (unimportant)
	NOTE: This has only theoretical security impact
CVE-2007-5962 (Memory leak in a certain Red Hat patch, applied to vsftpd 2.0.5 on Red ...)
	- vsftpd <not-affected> (Vulnerability in Red Hat-specific patch)
CVE-2007-5961 (Cross-site scripting (XSS) vulnerability in the Red Hat Network ...)
	NOT-FOR-US: Red Hat Network channel search feature
CVE-2007-5960 (Mozilla Firefox before 2.0.0.10 and SeaMonkey before 1.1.7 sets the ...)
	{DSA-1506-1 DSA-1425-1 DSA-1424-1}
	- iceweasel 2.0.0.10-1
	- iceape 1.1.7-1
	- xulrunner 1.8.1.11-1
	NOTE: MFSA2007-39
CVE-2007-5959 (Multiple unspecified vulnerabilities in Mozilla Firefox before ...)
	{DSA-1506-1 DSA-1425-1 DSA-1424-1}
	- iceweasel 2.0.0.10-1
	- iceape 1.1.7-1
	- xulrunner 1.8.1.11-1
	NOTE: MFSA2007-38
CVE-2007-5958 (X.Org Xserver before 1.4.1 allows local users to determine the ...)
	{DSA-1466-2 DTSA-110-1}
	- xorg-server 2:1.4.1~git20080105-2
CVE-2006-7229 (The skge driver 1.5 in Linux kernel 2.6.15 on Ubuntu does not properly ...)
	- linux-2.6 2.6.20-1
	[etch] - linux-2.6 <not-affected> (Ubuntu-specific regression)
CVE-2006-7228 (Integer overflow in Perl-Compatible Regular Expression (PCRE) library ...)
	{DSA-1570-1}
	- pcre3 6.2-1
	- kazehakase 0.5.2-1
	[sarge] - pcre3 4.5+7.4-1
	NOTE: http://www.pcre.org/changelog.txt states fixed in 6.2
CVE-2006-7227 (Integer overflow in Perl-Compatible Regular Expression (PCRE) library ...)
	{DSA-1570-1}
	- pcre3 6.2-1
	- kazehakase 0.5.2-1
	[sarge] - pcre3 4.5+7.4-1
	NOTE: http://www.pcre.org/changelog.txt states fixed in 6.2
CVE-2005-4872 (Perl-Compatible Regular Expression (PCRE) library before 6.2 does not ...)
	- pcre3 6.2-1
	[sarge] - pcre3 4.5+7.4-1
	NOTE: http://www.pcre.org/changelog.txt states fixed in 6.2
CVE-2007-5957 (Unspecified vulnerability in IBM Informix Dynamic Server (IDS) ...)
	NOT-FOR-US: IBM Informix Dynamic Server
CVE-2007-5956 (Directory traversal vulnerability in IBM Informix Dynamic Server (IDS) ...)
	NOT-FOR-US: IBM Informix Dynamic Server
CVE-2007-5955 (Cross-site scripting (XSS) vulnerability in updir.php in UPDIR.NET ...)
	NOT-FOR-US: UPDIR.NET
CVE-2007-5954 (Cross-site scripting (XSS) vulnerability in buscador.php in JLMForo ...)
	NOT-FOR-US: JLMForo System
CVE-2007-5953 (Unspecified vulnerability in Really Simple CalDAV Store (RSCDS) before ...)
	NOT-FOR-US: Really Simple CalDAV Store
CVE-2007-5952 (Cross-site scripting (XSS) vulnerability in admin/index.php in Helios ...)
	NOT-FOR-US: Helios Calendar
CVE-2007-5951 (SQL injection vulnerability in articles.php in E-Vendejo 0.2 allows ...)
	NOT-FOR-US: E-Vendejo
CVE-2007-5950 (Cross-site scripting (XSS) vulnerability in NetCommons before 1.0.11, ...)
	NOT-FOR-US: NetCommons
CVE-2007-5949 (Cross-site scripting (XSS) vulnerability in IBM Tivoli Service Desk ...)
	NOT-FOR-US: IBM Tivoli Service Desk
CVE-2007-5948 (Multiple cross-site scripting (XSS) vulnerabilities in main.php in ...)
	NOT-FOR-US: SF-Shoutbox
CVE-2007-5947 (The jar protocol handler in Mozilla Firefox before 2.0.0.10 and ...)
	{DSA-1506-1 DSA-1425-1 DSA-1424-1}
	- iceweasel 2.0.0.10-1 (low; bug #451624)
	- iceape 1.1.7-1
	- xulrunner 1.8.1.11-1
	NOTE: MFSA2007-37
CVE-2007-5946 (Unspecified vulnerability in the Aries PA-RISC emulator on HP-UX ...)
	NOT-FOR-US: HP-UX
CVE-2007-5945 (USVN before 0.6.5 allows remote attackers to obtain a list of ...)
	NOT-FOR-US: usvn
CVE-2007-5944 (Cross-site scripting (XSS) vulnerability in Servlet Engine / Web ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2007-5943 (Simple Machines Forum (SMF) 1.1.4 allows remote attackers to read a ...)
	NOT-FOR-US: Simple Machines Forum
CVE-2007-5942 (Bandersnatch 0.4 allows remote attackers to obtain sensitive ...)
	- bandersnatch <removed> (unimportant; bug #451365)
	NOTE: Installation path disclosure not treated as a security issue
CVE-2007-5941 (Stack-based buffer overflow in the SWCtl.SWCtl ActiveX control in ...)
	NOT-FOR-US: Adobe Shockwave
CVE-2007-5940 (feynmf.pl in feynmf 1.08, as used in TeXLive 2007, allows local users ...)
	- texlive-bin 2005.dfsg.2-1
	- feynmf 1.08-1
CVE-2007-5939 (The gss_userok function in appl/ftp/ftpd/gss_userok.c in Heimdal 0.7.2 ...)
	- heimdal <not-affected> (vulnerable code not present, ticketfile is just unlinked which is ok)
CVE-2007-5938 (The iwl_set_rate function in compatible/iwl3945-base.c in iwlwifi ...)
	- linux-2.6 2.6.23-2
	[etch] - linux-2.6 <not-affected> (Vulnerable code not present)
	NOTE: we ship the iwl code in /debian/patches/features/all/v7-iwlwifi-add-iwlwifi-wireless-drivers.patch
CVE-2007-5937 (Multiple buffer overflows in dvi2xx.c in dviljk in teTeX and TeXlive ...)
	- texlive-bin 2007-13
	[etch] - texlive-bin <no-dsa> (Minor issue)
CVE-2007-5936 (dvips in teTeX and TeXlive 2007 and earlier allows local users to ...)
	- texlive-bin 2007-13
	[etch] - texlive-bin <no-dsa> (Minor issue)
CVE-2007-5935 (Stack-based buffer overflow in hpc.c in dvips in teTeX and TeXlive ...)
	{DTSA-97-1}
	- texlive-bin 2007.dfsg.1-1
	[etch] - texlive-bin <no-dsa> (Minor issue)
CVE-2007-5934 (The LOB functionality in PEAR MDB2 before 2.5.0a1 interprets a request ...)
	NOT-FOR-US: php PEAR MDB2
CVE-2007-5933 (Pioneers (formerly gnocatan) before 0.11.3 allows remote attackers to ...)
	{DTSA-89-1}
	- pioneers 0.11.3-2 (low; bug #449541)
	[etch] - pioneers <no-dsa> (Minor issue)	
CVE-2006-7226 (Perl-Compatible Regular Expression (PCRE) library before 6.7 does not ...)
	- pcre3 6.7-1
	- glib2.0 2.14.3-1 (unimportant)
	NOTE: glib only embeds pcre in the udeb, no attack vector
	[sarge] - pcre3 4.5+7.4-1
	[etch] - pcre3 6.7+7.4-2
CVE-2006-7225 (Perl-Compatible Regular Expression (PCRE) library before 6.7 allows ...)
	- pcre3 6.7-1
	- glib2.0 2.14.3-1 (unimportant)
	NOTE: glib only embeds pcre in the udeb, no attack vector
	[sarge] - pcre3 4.5+7.4-1
	[etch] - pcre3 6.7+7.4-2
CVE-2004-2753 (Unspecified vulnerability in SharedX in HP-UX B.11.00, B.11.11, and ...)
	NOT-FOR-US: HP-UX
CVE-2004-2752 (Cross-site scripting (XSS) vulnerability in the Downloads module in ...)
	NOT-FOR-US: PostNuke
CVE-2004-2751 (SQL injection vulnerability in the members_list module in PostNuke ...)
	NOT-FOR-US: PostNuke
CVE-2004-2750 (Directory traversal vulnerability in browser.php in JBrowser 1.0 ...)
	NOT-FOR-US: JBrowser
CVE-2004-2749 (Directory traversal vulnerability in wra/public/wralogin in 2Wire ...)
	NOT-FOR-US: 2Wire Gateway
CVE-2003-1537 (Directory traversal vulnerability in PostNuke 0.723 and earlier allows ...)
	NOT-FOR-US: PostNuke
CVE-2007-5932 (Multiple cross-site scripting (XSS) vulnerabilities in Fatwire Content ...)
	NOT-FOR-US: Fatwire Content Server
CVE-2007-5931 (The reDirect function in lib/controllers/RepViewController.php in ...)
	NOT-FOR-US: OrangeHRM
CVE-2007-5930 (Cross-site scripting (XSS) vulnerability in the web interface in ...)
	NOT-FOR-US: Cerberus Ftp Server
CVE-2007-5929 (Buffer overflow in OpenBase 10.0.5 and earlier might allow remote ...)
	NOT-FOR-US: OpenBase
CVE-2007-5928 (OpenBase 10.0.5 and earlier allows remote authenticated users to ...)
	NOT-FOR-US: OpenBase
CVE-2007-5927 (Directory traversal vulnerability in OpenBase 10.0.5 and earlier ...)
	NOT-FOR-US: OpenBase
CVE-2007-5926 (OpenBase 10.0.5 and earlier allows remote authenticated users to ...)
	NOT-FOR-US: OpenBase
CVE-2007-5925 (The convert_search_mode_to_innobase function in ha_innodb.cc in the ...)
	{DSA-1413-1 DTSA-91-1}
	- mysql-dfsg-5.0 5.0.45-3 (medium; bug #451235)
	- mysql-dfsg-4.1 <removed>
	- mysql-dfsg <removed>
CVE-2007-5924 (Cross-site scripting (XSS) vulnerability in the Web Server (HTTP) task ...)
	NOT-FOR-US: IBM Lotus Domino
CVE-2007-5923 (Cross-site scripting (XSS) vulnerability in forms/smpwservices.fcc in ...)
	NOT-FOR-US: eTrust SiteMinder Agent
CVE-2007-5922 (The modules/mdop.m in the Cypress 1.0k script for BitchX, as ...)
	- ircii-pana <not-affected> (Does not ship this script)
CVE-2007-5921 (Unspecified vulnerability in the ioctl interface in the Solaris Volume ...)
	NOT-FOR-US: Solaris
CVE-2007-5920 (index.php in Domenico Mancini PicoFlat CMS before 0.4.18 allows remote ...)
	NOT-FOR-US: Domenico Mancini PicoFlat CMS
CVE-2007-5919 (MyWebFTP, possibly 5.3.2, stores sensitive information under the web ...)
	NOT-FOR-US: MyWebFTP
CVE-2007-5918 (Cross-site request forgery (CSRF) vulnerability in edit.php in the MS ...)
	NOT-FOR-US: MS TopSites
CVE-2007-5917 (Cross-site request forgery (CSRF) vulnerability in ...)
	NOT-FOR-US: Skalinks
CVE-2007-5916 (SQL injection vulnerability in the login page in phphelpdesk 0.6.16 ...)
	NOT-FOR-US: phphelpdesk
CVE-2007-5915 (Directory traversal vulnerability in index.php in phphelpdesk 0.6.16 ...)
	NOT-FOR-US: phphelpdesk
CVE-2007-5914 (Direct static code injection vulnerability in ...)
	NOT-FOR-US: JBC Explorer
CVE-2007-5913 (dirsys/modules/auth.php in JBC Explorer 7.20 RC1 and earlier does not ...)
	NOT-FOR-US: JBC Explorer
CVE-2007-5912 (SQL injection vulnerability in mailer.php in jPORTAL 2 allows remote ...)
	NOT-FOR-US: jPORTAL
CVE-2007-5911 (Multiple stack-based buffer overflows in the AxMetaStream ActiveX ...)
	NOT-FOR-US: Viewpoint Media Player
CVE-2007-5910 (Stack-based buffer overflow in Autonomy (formerly Verity) KeyView ...)
	NOT-FOR-US: IBM Lotus Notes, Symantec Mail Security, and others
CVE-2007-5909 (Multiple stack-based buffer overflows in Autonomy (formerly Verity) ...)
	NOT-FOR-US: IBM Lotus Notes, Symantec Mail Security, and others
CVE-2007-5908
	REJECTED
CVE-2007-5907 (Xen 3.1.1 does not prevent modification of the CR4 TSC from ...)
	- xen-3 3.1.2-1 (unimportant; bug #451626)
	- xen-3.0 <unfixed> (unimportant)
	NOTE: CONFIG_SECCOMP isn't activated in Debian kernels
CVE-2007-5906 (Xen 3.1.1 allows virtual guest system users to cause a denial of ...)
	- xen-3 3.1.2-1 (medium; bug #451626)
	- xen-3.0 <unfixed>
CVE-2007-5905 (Adobe ColdFusion 8 and MX 7 allows remote attackers to hijack sessions ...)
	NOT-FOR-US: Adobe ColdFusion
CVE-2007-5904 (Multiple buffer overflows in CIFS VFS in Linux kernel 2.6.23 and ...)
	{DSA-1428-1}
	- linux-2.6 2.6.24-1
	- linux-2.6.24 <not-affected> (Fixed before initial upload, upstream in 2.6.24)
	NOTE: Upstream commit 133672efbc1085f9af990bdc145e1822ea93bcf3 
CVE-2007-5903
	RESERVED
CVE-2007-5902 (Integer overflow in the svcauth_gss_get_principal function in ...)
	- krb5 1.6.dfsg.4~beta1-1 (unimportant; bug #454974)
	NOTE: Not exploitable in real-world circumstances:
	NOTE: http://mailman.mit.edu/pipermail/kerberos/2007-December/012717.html
CVE-2007-5901 (Use-after-free vulnerability in the gss_indicate_mechs function in ...)
	- krb5 1.6.dfsg.4~beta1-1 (unimportant; bug #454974)
	NOTE: Not exploitable in real-world circumstances:
	NOTE: http://mailman.mit.edu/pipermail/kerberos/2007-December/012717.html
CVE-2007-5900 (PHP before 5.2.5 allows local users to bypass protection mechanisms ...)
	NOTE: Apparently a dupe of CVE-2007-4659 due to temporary revoke of the patch
	NOTE: from CVS and later re-introduction
	NOTE: http://bugs.php.net/bug.php?id=41561
CVE-2007-5899 (The output_add_rewrite_var function in PHP before 5.2.5 rewrites local ...)
	{DSA-1444-1}
	- php5 5.2.5-1 (bug #453295)
	NOTE: http://cvs.php.net/viewvc.cgi/php-src/ext/standard/url_scanner_ex.re?r1=1.76.2.2.2.1&r2=1.76.2.2.2.2&view=patch
	NOTE: fixed in php5/etch svn
CVE-2007-5898 (The (1) htmlentities and (2) htmlspecialchars functions in PHP before ...)
	{DSA-1444-1}
	- php5 5.2.5-1 (bug #453295)
	NOTE: http://cvs.php.net/viewvc.cgi/php-src/ext/standard/html.c?r1=1.111.2.2.2.14&r2=1.111.2.2.2.15&view=patch
	NOTE: fixed in php5/etch svn
CVE-2007-5897 (Buffer overflow in MDSYS.SDO_CS in Oracle Database Server 8iR3, 9iR1, ...)
	NOT-FOR-US: Oracle
CVE-2007-5896 (Mozilla Firefox 2.0.0.9 allows remote attackers to cause a denial of ...)
	- iceweasel <unfixed> (unimportant)
	NOTE: Browser crashes not treated as security problems
CVE-2007-5895
	RESERVED
CVE-2007-5894 (** DISPUTED ** ...)
	- krb5 1.6.dfsg.4~beta1-1 (unimportant; bug #454974)
	NOTE: Not exploitable in real-world circumstances:
	NOTE: http://mailman.mit.edu/pipermail/kerberos/2007-December/012717.html
CVE-2006-7224
	REJECTED
CVE-2004-2748 (viewreport.pl in NetIQ WebTrends Reporting Center Enterprise Edition ...)
	NOT-FOR-US: WebTrends Reporting Center
CVE-2004-2747 (Directory traversal vulnerability in Pablo Software Solutions Quick 'n ...)
	NOT-FOR-US: Quick 'n Easy FTP Server (Windows only)
CVE-2004-2746 (SQL injection vulnerability in adminlogin.asp in XTREME ASP Photo ...)
	NOT-FOR-US: XTREME ASP Photo Gallery
CVE-2003-1536 (Multiple cross-site scripting (XSS) vulnerabilities in Codeworx ...)
	NOT-FOR-US: Codeworx Technologies DCP-Portal
CVE-2003-1535 (Justice Guestbook 1.3 allows remote attackers to obtain the full ...)
	NOT-FOR-US: Justice Guestbook
CVE-2003-1534 (Cross-site scripting (XSS) vulnerability in jgb.php3 in Justice ...)
	NOT-FOR-US: Justice Guestbook
CVE-2003-1533 (SQL injection vulnerability in accesscontrol.php in PhpPass 2 allows ...)
	NOT-FOR-US: PhpPass
CVE-2003-1532 (SQL injection vulnerability in compte.php in PhpMyShop 1.00 allows ...)
	NOT-FOR-US: PhpMyShop
CVE-2003-1531 (Cross-site scripting (XSS) vulnerability in testcgi.exe in Lilikoi ...)
	NOT-FOR-US: Lilikoi Software Ceilidh
CVE-2003-1530 (SQL injection vulnerability in privmsg.php in phpBB 2.0.3 and earlier ...)
	- phpbb2 <not-affected> (Vulnerable versions too old to have been in Debian)
CVE-2003-1529 (Directory traversal vulnerability in Seagull Software Systems J Walk ...)
	NOT-FOR-US: Seagull Software Systems J Walk
CVE-2003-1528 (nsr_shutdown in Fujitsu Siemens NetWorker 6.0 allows local users to ...)
	NOT-FOR-US: Fujitsu Siemens NetWorker
CVE-2007-5893 (HTTPSocket.cpp in the C++ Sockets Library before 2.2.5 allows remote ...)
	NOT-FOR-US: Sockets Library
CVE-2007-5892 (Stack-based buffer overflow in the pdg2.dll ActiveX control in ...)
	NOT-FOR-US: SSReader
CVE-2007-5891 (Multiple cross-site scripting (XSS) vulnerabilities in jsp/Login.do in ...)
	NOT-FOR-US: ManageEngine OpManager and OpManager
CVE-2007-5890 (Directory traversal vulnerability in index.php in easyGB 2.1.1 allows ...)
	NOT-FOR-US: easyGB
CVE-2007-5889 (Multiple PHP remote file inclusion vulnerabilities in IDMOS 1.0 Alpha ...)
	NOT-FOR-US: IDMOS
CVE-2007-5888 (Cross-site scripting (XSS) vulnerability in displayecard.php in ...)
	NOT-FOR-US: Coppermine Photo Gallery
CVE-2007-5887 (SQL injection vulnerability in boards/printer.asp in ASP Message Board ...)
	NOT-FOR-US: ASP Message Board
CVE-2007-5886
	RESERVED
CVE-2007-5885
	RESERVED
CVE-2007-5884
	RESERVED
CVE-2007-5883
	RESERVED
CVE-2007-5882
	RESERVED
CVE-2007-5881
	RESERVED
CVE-2007-5880
	RESERVED
CVE-2007-5879
	RESERVED
CVE-2007-5878
	RESERVED
CVE-2007-5877
	RESERVED
CVE-2007-5876
	RESERVED
CVE-2007-5875
	RESERVED
CVE-2007-5874
	RESERVED
CVE-2007-5873
	RESERVED
CVE-2007-5872
	RESERVED
CVE-2007-5871
	RESERVED
CVE-2007-5870
	RESERVED
CVE-2007-5869
	RESERVED
CVE-2007-5868
	RESERVED
CVE-2007-5867
	RESERVED
CVE-2007-5866
	RESERVED
CVE-2007-5865
	RESERVED
CVE-2007-5864
	RESERVED
CVE-2007-5863 (Software Update in Apple Mac OS X 10.5.1 allows remote attackers to ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2007-5862 (Java in Mac OS X 10.4 through 10.4.11 allows remote attackers to ...)
	NOT-FOR-US: Cisco IP Phone 7940
CVE-2007-5861 (Unspecified vulnerability in Spotlight in Apple Mac OS X 10.4.11 ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2007-5860 (Unspecified vulnerability in Spin Tracer in Apple Mac OS X 10.5.1 ...)
	NOT-FOR-US: Spin Tracer (Apple Mac OS X)
CVE-2007-5859 (Unspecified vulnerability in Safari RSS in Apple Mac OS X 10.4.11 ...)
	NOT-FOR-US: Safari RSS (Apple Mac OS X)
CVE-2007-5858 (WebKit in Safari in Apple Mac OS X 10.4.11 and 10.5.1, iPhone 1.0 ...)
	NOT-FOR-US: Safari (Apple Mac OS X)
CVE-2007-5857 (Quick Look in Apple Mac OS X 10.5.1 does not prevent a movie from ...)
	NOT-FOR-US: Quick Look (Apple Mac OS X)
CVE-2007-5856 (Quick Look Apple Mac OS X 10.5.1, when previewing an HTML file, does ...)
	NOT-FOR-US: Quick Look (Apple Mac OS X)
CVE-2007-5855 (Mail in Apple Mac OS X 10.4.11 and 10.5.1, when an SMTP account has ...)
	NOT-FOR-US: Mail (Apple Mac OS X)
CVE-2007-5854 (Launch Services in Apple Mac OS X 10.4.11 and 10.5.1 does not treat ...)
	NOT-FOR-US: Launch Services (Apple Mac OS X)
CVE-2007-5853 (Unspecified vulnerability in IO Storage Family in Apple Mac OS X ...)
	NOT-FOR-US: IO Storage Family (Apple Mac OS X)
CVE-2007-5852
	RESERVED
CVE-2007-5851 (iChat in Apple Mac OS X 10.4.11 allows network-adjacent remote ...)
	NOT-FOR-US: iChat (Apple Mac OS X)
CVE-2007-5850 (Heap-based buffer overflow in Desktop Services in Apple Mac OS X ...)
	NOT-FOR-US: Desktop Services (Apple Mac OS X)
CVE-2007-5849 (Integer underflow in the asn1_get_string function in the SNMP back end ...)
	{DSA-1437-1}
	- cupsys 1.3.5-1 (medium; bug #457453)
	- cups 1.3.5-1 (medium; bug #457453)
	[sarge] - cupsys <not-affected> (Vulnerable code not present)
CVE-2007-5848 (Buffer overflow in CUPS in Apple Mac OS X 10.4.11 allows local admin ...)
	- cupsys 1.2.0
	- cups 1.2.0
	NOTE: This only affects the Cups 1.1 series
	[sarge] - cupsys <no-dsa> (Minor issue, may only lead to an infinite loop)
CVE-2007-5847 (Race condition in the CFURLWriteDataAndPropertiesToResource API in ...)
	NOT-FOR-US: Core Foundation (Apple Mac OS X)
CVE-2007-5846 (The SNMP agent (snmp_agent.c) in net-snmp before 5.4.1 allows remote ...)
	{DSA-1483-1 DTSA-88-1}
	- net-snmp 5.4.1~dfsg-1
	NOTE: 5.4.1 already includes a fix by the upstream author
CVE-2007-5845 (Directory traversal vulnerability in error.php in GuppY 4.6.3, 4.5.16, ...)
	NOT-FOR-US: GuppY
CVE-2007-5844 (Directory traversal vulnerability in inc/includes.inc in GuppY 4.6.3 ...)
	NOT-FOR-US: GuppY
CVE-2007-5843 (PHP remote file inclusion vulnerability in includes/common.php in ...)
	NOT-FOR-US: scWiki
CVE-2007-5842 (Multiple PHP remote file inclusion vulnerabilities in Vortex Portal ...)
	NOT-FOR-US: Vortex Portal
CVE-2007-5841 (PHP remote file inclusion vulnerability in admin/index.php in nuBoard ...)
	NOT-FOR-US: nuBoard
CVE-2007-5840 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: SyndeoCMS
CVE-2007-5838 (Aclient in Symantec Altiris Deployment Solution 6.x before 6.8.380.0 ...)
	NOT-FOR-US: Symantec
CVE-2007-5837 (GUI.pm in yarssr 0.2.2, when Gnome default URL handling is disabled, ...)
	{DSA-1477-1}
	- yarssr 0.2.2-3 (bug #448721)
CVE-2007-5836 (SQL injection vulnerability in Amazing Flash AFCommerce allows remote ...)
	NOT-FOR-US: Amazing Flash AFCommerce
CVE-2007-5835 (Install.php in BosDev BosNews 4 and 5 does not require authentication ...)
	NOT-FOR-US: BosDev BosNews
CVE-2007-5834 (Cross-site scripting (XSS) vulnerability in BosDev BosNews 4 allows ...)
	NOT-FOR-US: BosDev BosNews
CVE-2007-5833 (Multiple cross-site scripting (XSS) vulnerabilities in BosDev ...)
	NOT-FOR-US: BosDev BosMarket Business Directory System
CVE-2007-5832 (Unspecified vulnerability in selectLanguage.do in SSL-Explorer before ...)
	NOT-FOR-US: SSL-Explorer
CVE-2007-5831 (Directory traversal vulnerability in fileSystem.do in SSL-Explorer ...)
	NOT-FOR-US: SSL-Explorer
CVE-2007-5830 (Unspecified vulnerability in the administrative interface in Avaya ...)
	NOT-FOR-US: Avaya Messaging Storage Server
CVE-2007-5829 (The Disk Mount scanner in Symantec AntiVirus for Macintosh 9.x and ...)
	NOT-FOR-US: Symantec AntiVirus
CVE-2007-5828 (** DISPUTED ** ...)
	- python-django <unfixed> (unimportant)
	NOTE: this is documented in docs/csrf.txt included in the python-django package and
	NOTE: there is a plugin enabling this feature. This is intended behaviour.
CVE-2007-5827 (iSCSI Enterprise Target (iscsitarget) 0.4.15 uses weak permissions for ...)
	{DTSA-106-1}
	- iscsitarget 0.4.15-5 (bug #448873)
	NOTE: init script has "dump" function, which marks conffile correctly
CVE-2007-5826 (Absolute path traversal vulnerability in the EDraw Flowchart ActiveX ...)
	NOT-FOR-US: EDraw Flowchart
CVE-2007-5825 (Format string vulnerability in the ws_addarg function in webserver.c ...)
	{DSA-1597-1}
	- mt-daapd 0.9~r1696-1 (bug #459961)
CVE-2007-5824 (webserver.c in mt-dappd in Firefly Media Server 0.2.4 and earlier ...)
	{DSA-1597-1}
	- mt-daapd 0.9~r1696-1.1 (bug #459961)
CVE-2007-5823 (Directory traversal vulnerability in forum.php in Ben Ng Scribe 0.2 ...)
	NOT-FOR-US: Ben Ng Scribe
CVE-2007-5822 (Direct static code injection vulnerability in forum.php in Ben Ng ...)
	NOT-FOR-US: Ben Ng Scribe
CVE-2007-5821 (Multiple directory traversal vulnerabilities in DM Guestbook 0.4.1 and ...)
	NOT-FOR-US: DM Guestbook
CVE-2007-5820 (Directory traversal vulnerability in index.php in Ax Developer CMS ...)
	NOT-FOR-US: Ax Developer CMS
CVE-2007-5819 (IBM Tivoli Continuous Data Protection for Files (CDP) 3.1.0 uses weak ...)
	NOT-FOR-US: IBM Tivoli
CVE-2007-5818 (Cross-site request forgery (CSRF) vulnerability in blocks_edit_do.php ...)
	NOT-FOR-US: sBlog
CVE-2007-5817 (dialog.php in CONTENTCustomizer 3.1mp and earlier allows remote ...)
	NOT-FOR-US: CONTENTCustomizer
CVE-2007-5816 (dialog.php in CONTENTCustomizer 3.1mp and earlier allows remote ...)
	NOT-FOR-US: CONTENTCustomizer
CVE-2007-5815 (Absolute path traversal vulnerability in the WebCacheCleaner ActiveX ...)
	NOT-FOR-US: WebCacheCleaner
CVE-2007-5814 (Multiple buffer overflows in the SonicWall SSL-VPN NetExtender ...)
	NOT-FOR-US: SonicWall SSL-VPN NetExtender
CVE-2007-5813 (Multiple directory traversal vulnerabilities in download.php in ...)
	NOT-FOR-US: ISPworker
CVE-2007-5812 (Directory traversal vulnerability in ...)
	NOT-FOR-US: ModuleBuilder
CVE-2007-5811 (** DISPUTED ** ...)
	NOT-FOR-US: phpMyConferences
CVE-2007-5810 (Hitachi Web Server 01-00 through 03-00-01, as used by certain ...)
	NOT-FOR-US: Hitachi Web Server
CVE-2007-5809 (Cross-site scripting (XSS) vulnerability in Hitachi Web Server 01-00 ...)
	NOT-FOR-US: Hitachi Web Server
CVE-2007-5808 (Unspecified vulnerability in the Groupmax Collaboration - Schedule ...)
	NOT-FOR-US: Hitachi Groupmax Collaboration Portal
CVE-2007-5807 (Buffer overflow in the register function in Ultra Star Reader ActiveX ...)
	NOT-FOR-US: SSReader
CVE-2007-5806 (Cross-site scripting (XSS) vulnerability in ...)
	NOT-FOR-US: ILIAS
CVE-2007-5805 (cfgcon in IBM AIX 5.2 and 5.3 does not properly validate the argument ...)
	NOT-FOR-US: IBM AIX
CVE-2007-5804 (cfgcon in IBM AIX 5.2 and 5.3 does not properly validate the argument ...)
	NOT-FOR-US: IBM AIX
CVE-2007-5803 (Multiple cross-site scripting (XSS) vulnerabilities in CGI programs in ...)
	- nagios2 <removed> (low; bug #482445)
	- nagios3 3.0.2-1 (low; bug #485439)
CVE-2007-5802 (Directory traversal vulnerability in index.php in Firewolf ...)
	NOT-FOR-US: Firewolf Technologies Synergiser
CVE-2007-5801 (Unspecified vulnerability in WORK system e-commerce before 4.0.2 has ...)
	NOT-FOR-US: WORK system e-commerce
CVE-2007-5800 (Multiple PHP remote file inclusion vulnerabilities in the ...)
	NOT-FOR-US: BackUpWordPress
CVE-2007-5799 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...)
	NOT-FOR-US: IBM WebSphere
CVE-2007-5798 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
	NOT-FOR-US: IBM WebSphere
CVE-2007-5797 (SQLLoginModule in Apache Geronimo 2.0 through 2.1 does not throw an ...)
	NOT-FOR-US: Apache Geronimo
CVE-2007-5796 (Cross-site scripting (XSS) vulnerability in the management console in ...)
	NOT-FOR-US: Blue Coat ProxySG
CVE-2007-5794 (Race condition in nss_ldap, when used in applications that are linked ...)
	{DSA-1430-1}
	- libnss-ldap 256-1 (bug #453868)
CVE-2007-5839 (The e_hostname function in commands.c in BitchX 1.1a allows local ...)
	- ircii-pana <removed> (low; bug #449149)
	[etch] - ircii-pana <no-dsa> (Minor issue)
	[sarge] - ircii-pana <no-dsa> (Minor issue)
CVE-2007-5795 (The hack-local-variables function in Emacs before 22.2, when ...)
	{DTSA-79-1}
	- emacs22 22.1+1-2.1 (medium; bug #449008)
	NOTE: Emacs 21 is not affected
CVE-2007-5793 (Stonesoft StoneGate IPS before 4.0 does not properly decode ...)
	NOT-FOR-US: Stonesoft StoneGate IPS
CVE-2007-5792 (The Vonage Motorola Phone Adapter VT 2142-VD does not encrypt RTP ...)
	NOT-FOR-US: Vonage Motorola Phone Adapter
CVE-2007-5791 (The Vonage Motorola Phone Adapter VT 2142-VD does not properly verify ...)
	NOT-FOR-US: Vonage Motorola Phone Adapter
CVE-2007-5790 (The Globe7 soft phone client 7.3 uses weak cryptography (reversed ...)
	NOT-FOR-US: Globe7 soft phone client
CVE-2007-5789 (The Grandstream HT-488 0.1 allows remote attackers to cause a denial ...)
	NOT-FOR-US: Grandstream HT-488
CVE-2007-5788 (Buffer overflow in the SIP parser on the Grandstream HT-488 0.1 allows ...)
	NOT-FOR-US: Grandstream HT-488
CVE-2007-5787 (Micro Login System 1.0 stores sensitive information under the web root ...)
	NOT-FOR-US: Micro Login System
CVE-2007-5786 (Multiple PHP remote file inclusion vulnerabilities in GoSamba 1.0.1 ...)
	NOT-FOR-US: GoSamba
CVE-2007-5785 (SQL injection vulnerability in file.php in JobSite Professional 2.0 ...)
	NOT-FOR-US: JobSite
CVE-2007-5784 (PHP remote file inclusion vulnerability in index.php in CaupoShop Pro ...)
	NOT-FOR-US: CaupoShop Pro
CVE-2007-5783 (SQL injection vulnerability in emc.asp in emagiC CMS.Net 4.0 allows ...)
	NOT-FOR-US: emagiC cms
CVE-2007-5782 (Directory traversal vulnerability in dl.php in FireConfig 0.5 allows ...)
	NOT-FOR-US: FireConfig
CVE-2007-5781 (PHP remote file inclusion vulnerability in inc/sige_init.php in Sige ...)
	NOT-FOR-US: Sige
CVE-2007-5780 (PHP remote file inclusion vulnerability in pub/pub08_comments.php in ...)
	NOT-FOR-US: teatro
CVE-2007-5779 (Buffer overflow in the GomManager (GomWeb Control) ActiveX control in ...)
	NOT-FOR-US: Gretech Online Movie Player
CVE-2007-5778 (Mobile Spy (1) stores login credentials in cleartext under the ...)
	NOT-FOR-US: Mobile Spy
CVE-2007-5777 (Blue-Collar Productions i-Gallery 3.4 stores sensitive information ...)
	NOT-FOR-US: Blue-Collar Productions i-Gallery
CVE-2007-5776 (Directory traversal vulnerability in igallery.asp in Blue-Collar ...)
	NOT-FOR-US: Blue-Collar Productions i-Gallery
CVE-2007-5775 (Unspecified vulnerability in BitDefender allows attackers to execute ...)
	NOT-FOR-US: BitDefender
CVE-2007-5774 (index.php in the File Manager module in Flatnuke 3 allows remote ...)
	NOT-FOR-US: Flatnuke
CVE-2007-5773 (Cross-site request forgery (CSRF) vulnerability in index.php in the ...)
	NOT-FOR-US: Flatnuke
CVE-2007-5772 (Direct static code injection vulnerability in the download module in ...)
	NOT-FOR-US: Flatnuke
CVE-2007-5771 (Flatnuke 3 (aka FlatnuX) allows remote attackers to obtain ...)
	NOT-FOR-US: Flatnuke
CVE-2007-5770 (The (1) Net::ftptls, (2) Net::telnets, (3) Net::imap, (4) Net::pop, ...)
	{DSA-1412-1 DSA-1411-1 DSA-1410-1}
	- ruby1.9 1.9.0+20071016-1
	- ruby1.8 1.8.6.111-1 (low; bug #451374)
CVE-2007-5769 (Double free vulnerability in the getreply function in ftp.c in netkit ...)
	- netkit-ftp <not-affected> (Vulnerable code not present)
CVE-2007-5768 (The Globe7 soft phone client 7.3 sends username and password ...)
	NOT-FOR-US: Globe7 soft phone client
CVE-2007-5767 (Heap-based buffer overflow in the Client Trust application ...)
	NOT-FOR-US: Geronimo Apache
CVE-2007-5766 (SQL injection vulnerability in okxLOV.jsp in Oracle E-Business Suite ...)
	NOT-FOR-US: Oracle
CVE-2007-5765
	RESERVED
CVE-2007-5764 (Buffer overflow in the pioout program in printers.rte in IBM AIX 5.2, ...)
	NOT-FOR-US: IBM AIX
CVE-2007-5763
	REJECTED
CVE-2007-5762 (NICM.SYS driver 3.0.0.4, as used in Novell NetWare Client 4.91 SP4, ...)
	NOT-FOR-US: Novell NetWare Client
CVE-2007-5761 (The NantSys device 5.0.0.115 in Motorola netOctopus 5.1.2 build 1011 ...)
	NOT-FOR-US: Motorola netOctopus
CVE-2007-5760 (Array index error in the XFree86-Misc extension in X.Org Xserver ...)
	{DSA-1466-2 DTSA-110-1}
	- xorg-server 2:1.4.1~git20080105-2
CVE-2007-5759
	REJECTED
CVE-2007-5758 (Stack-based buffer overflow in db2dasrrm in the DB2 Administration ...)
	NOT-FOR-US: IBM DB2
CVE-2007-5757 (Untrusted search path vulnerability in db2pd in IBM DB2 Universal ...)
	NOT-FOR-US: IBM DB2
CVE-2007-5756 (Multiple array index errors in the bpf_filter_init function in NPF.SYS ...)
	NOT-FOR-US: WinPcap
CVE-2007-5755 (Multiple stack-based buffer overflows in the AOL AmpX ActiveX control ...)
	NOT-FOR-US: AOL Radio
CVE-2007-5754 (PHP remote file inclusion vulnerability in urlinn_includes/config.php ...)
	NOT-FOR-US: phpFaber
CVE-2007-5753 (Unspecified vulnerability in Light FMan PHP (lfman or lightfman) ...)
	NOT-FOR-US: Light FMan PHP
CVE-2007-5752 (adduser.php in PHP-AGTC Membership (AGTC-Membership) System 1.1a does ...)
	NOT-FOR-US: PHP-AGTC Membership
CVE-2007-5750
	RESERVED
CVE-2007-5749
	RESERVED
CVE-2007-5748
	RESERVED
CVE-2007-5747 (Integer underflow in OpenOffice.org before 2.4 allows remote attackers ...)
	{DSA-1547-1}
	- openoffice.org 2.4.0~ooh680m5-1
CVE-2007-5746 (Integer overflow in OpenOffice.org before 2.4 allows remote attackers ...)
	{DSA-1547-1}
	- openoffice.org 2.4.0~ooh680m5-1
CVE-2007-5745 (Multiple heap-based buffer overflows in OpenOffice.org before 2.4 ...)
	{DSA-1547-1}
	- openoffice.org 2.4.0~ooh680m5-1
CVE-2007-5744
	RESERVED
CVE-2007-5743
	RESERVED
	- viewvc 1.0.3-2.1 (bug #416696)
CVE-2007-5742 (Directory traversal vulnerability in the WML engine preprocessor for ...)
	{DSA-1421-1 DTSA-90-1}
	- wesnoth 1:1.2.8-1 (medium; bug #453500)
CVE-2007-5741 (Plone 2.5 through 2.5.4 and 3.0 through 3.0.2 allows remote attackers ...)
	{DSA-1405-2 DSA-1405-1}
	- zope-cmfplone 2.5.2-2 (bug #449523)
	[sarge] - zope-cmfplone <not-affected> (Upstream confirms that 2.0 branch is not vulnerable)
	NOTE: Fix available:
	NOTE: http://plone.org/about/security/advisories/cve-2007-5741
CVE-2004-2745 (Directory traversal vulnerability in Anteco Visual Technologies ...)
	NOT-FOR-US: Anteco Visual Technologies OwnServer
CVE-2002-2425 (Sun AnswerBook2 1.2 through 1.4.2 allows remote attackers to execute ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-2424 (Cross-site scripting (XSS) vulnerability in PHP(Reactor) 1.2.7 pl1 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-2423 (Sendmail 8.12.0 through 8.12.6 truncates log messages longer than 100 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-2422 (Cross-site scripting (XSS) vulnerability in Compaq Insight Management ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-2421 (acWEB 1.14 allows remote attackers to cause a denial of service ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-2420 (site_searcher.cgi in Super Site Searcher allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-2419 (Direct connect text client (DCTC) client 0.83.3 allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-2418 (Cross-site scripting (XSS) vulnerability in acFreeProxy (aka acFP) ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-2417 (acFTP 1.4 does not properly handle when an invalid password is ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-2416 (Directory traversal vulnerability in Zeroo web server 1.5 allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-2415 (Allied Telesyn AT-8024 1.3.1 and Rapier 24 switches allow remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-2414 (Opera 6.0.3, when using Squid 2.4 for HTTPS proxying, does not ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-2413 (WebSite Pro 3.1.11.0 on Windows allows remote attackers to read script ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-2412 (Winamp 2.80 stores authentication credentials in plaintext in the (1) ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-2411 (Buffer overflow in badmin.c in BannerWheel 1.0 allows remote attackers ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-2410 (openwebmail.pl in Open WebMail 1.7 and 1.71 reveals sensitive ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-2409 (Photon microGUI in QNX Neutrino realtime operating system (RTOS) 6.1.0 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-2408 (Gordano Messaging Server (GMS) Mail 8 (a.k.a. NTMail) only filters ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-2407 (Certain patches for QNX Neutrino realtime operating system (RTOS) ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-2406 (Buffer overflow in HTTP server in LiteServe 2.0, 2.0.1 and 2.0.2 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-2405 (Check Point FireWall-1 4.1 and Next Generation (NG), with UserAuth ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-2404 (Buffer overflow in IISPop email server 1.161 and 1.181 allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-2403 (Directory traversal vulnerability in KeyFocus web server 1.0.8 allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-2402 (SURECOM broadband router EP-4501 uses a default SNMP read community ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-2401 (NT Virtual DOS Machine (NTVDM.EXE) in Windows 2000, NT and XP does not ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-2400 (Buffer overflow in the httpdProcessRequest function in LibHTTPD 1.2 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-2399 (Directory traversal vulnerability in viewAttachment.cgi in W3Mail ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-2398 (The new thread posting page in APBoard 2.02 and 2.03 allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-2397 (Sygate personal firewall 5.0 could allow remote attackers to bypass ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-2396 (Buffer overflow in Advanced TFTP (atftp) 0.5 and 0.6, if installed ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-2395 (InterScan VirusWall 3.52 for Windows allows remote attackers to bypass ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-2394 (InterScan VirusWall 3.6 for Linux and 3.52 for Windows allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-2393 (Serv-U FTP server 3.0, 3.1 and 4.0.0.4 does not accept new connections ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-2392 (Winamp 2.65 through 3.0 stores skin files in a predictable file ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-2391 (SQL injection vulnerability in index.php of WebChat 1.5 included in ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-2390 (Buffer overflow in the IDENT daemon (identd) in Trillian 0.6351, ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-2389 (TheServer 1.74 web server stores server.ini under the web document ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-2388 (Buffer overflow in INweb POP3 mail server 2.01 allows remote attackers ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-2387 (Directory traversal vulnerability in Hyperion FTP server 2.8.1 allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-2386 (Cross-site scripting (XSS) vulnerability in the Quizz module for XOOPS ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-2385 (Buffer overflow in hotfoon4.exe in Hotfoon 4.0 allows remote attackers ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-2384 (hotfoon4.exe in Hotfoon 4.00 stores user names and passwords in ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-2383 (SQL injection vulnerability in f2html.pl 0.1 through 0.4 allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-2382 (cvsupd.sh in CVSup 1.2 allows local users to overwrite arbitrary files ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-2381 (Multiple buffer overflows in (1) tetrinet_inmessage, (2) speclist_add ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-2380 (NetDSL ADSL Modem 800 with Microsoft Network firmware 5.5.11 allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-2379 (** DISPUTED ** ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-2378 (Cross-site scripting (XSS) vulnerability in AN HTTP 1.41d allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-2377 (Cross-site scripting (XSS) vulnerability in addentry.cgi in ZAP 1.0.3 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-2376 (Cross-site scripting (XSS) vulnerability in E-Guest_sign.pl in E-Guest ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-2375 (Directory traversal vulnerability in CommuniGate Pro 4.0b4 and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-2374 (Unspecified vulnerability in pprosetup in Sun PatchPro 2.0 has unknown ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-2373 (The default configuration of the TCP/IP printer configuration utility ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-2372 (The telnet server in Infoprint 21 running controller software before ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-2371 (Linksys WET11 firmware 1.31 and 1.32 allows remote attackers to cause ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-2370 (SWS web server 0.0.4, 0.0.3 and 0.1.0 allows remote attackers to cause ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-2369 (Perception LiteServe 2.0 allows remote attackers to read password ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-2368 (Multiple buffer overflows in NEC SOCKS5 1.0 r11 and earlier allow ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-2367 (Off-by-one buffer overflow in NEC SOCKS5 1.0 r11 and earlier allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-2366 (Buffer overflow in the XML parser of Trillian 0.6351, 0.725 and 0.73 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-2365 (Simple WAIS (SWAIS) 1.11 allows remote attackers to execute arbitrary ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2007-5740 (The format string protection mechanism in IMAPD for Perdition Mail ...)
	{DSA-1398-1 DTSA-84-1}
	- perdition 1.17.1-1 (medium; bug #448853)
CVE-2007-5751 (Liferea before 1.4.6 uses weak permissions (0644) for the ...)
	{DTSA-107-1}
	- liferea 1.4.6-1 (low; bug #448850)
	[etch] - liferea <not-affected> (backup feedlist introduced in 1.2.7)
	[sarge] - liferea <not-affected> (backup feedlist introduced in 1.2.7)
	NOTE: this file can contain credentials for rss feeds
CVE-2007-5739 (Directory traversal vulnerability in ...)
	NOT-FOR-US: Korean GHBoard
CVE-2007-5738 (The FlashUpload component in Korean GHBoard uses a client-side ...)
	NOT-FOR-US: Korean GHBoard
CVE-2007-5737 (Unrestricted file upload vulnerability in component/upload.jsp in ...)
	NOT-FOR-US: Korean GHBoard
CVE-2007-5736 (Unrestricted file upload vulnerability in upload.php in SeeBlick 1.0 ...)
	NOT-FOR-US: SeeBlick
CVE-2007-5735 (eFileMan 7.1.0.87-88 stores sensitive information under the web root ...)
	NOT-FOR-US: eFileMan
CVE-2007-5734 (Unrestricted file upload vulnerability in eFileMan 7.1.0.87-88 allows ...)
	NOT-FOR-US: eFileMan
CVE-2007-5733 (Unrestricted file upload vulnerability in upload/upload.php in ...)
	NOT-FOR-US: Japanese PHP Gallery Hosting
CVE-2007-5732 (Directory traversal vulnerability in downloadfile.php in eLouai's ...)
	NOT-FOR-US: eLouai's Force Download
CVE-2007-5731 (Absolute path traversal vulnerability in Apache Jakarta Slide 2.1 and ...)
	- slide-webdavclient <not-affected> (Vulnerable code is only in the server part, but debian only has the client part)
CVE-2007-5730 (Heap-based buffer overflow in QEMU 0.8.2, as used in Xen and possibly ...)
	{DSA-1284-1}
	- qemu 0.9.0-2 (bug #424070)
CVE-2007-5729 (The NE2000 emulator in QEMU 0.8.2 allows local users to execute ...)
	{DSA-1284-1}
	- qemu 0.9.0-2 (bug #424070)
CVE-2007-5728 (Cross-site scripting (XSS) vulnerability in phpPgAdmin 3.5 to 4.1.1, ...)
	{DSA-1693-1}
	- phppgadmin 4.1.3-0.1 (bug #449103; low)
CVE-2007-5727 (Incomplete blacklist vulnerability in the stripScripts function in ...)
	NOT-FOR-US: OneOrZero Helpdesk
CVE-2007-5726 (Unspecified vulnerability in the Stream Control Transmission Protocol ...)
	NOT-FOR-US: Sun Solaris
CVE-2007-5725 (Multiple cross-site scripting (XSS) vulnerabilities in Smart-Shop ...)
	NOT-FOR-US: Smart-Shop
CVE-2007-5724 (Multiple cross-site scripting (XSS) vulnerabilities in Omnistar Live ...)
	NOT-FOR-US: Omnistar Live
CVE-2007-5723 (Heap-based buffer overflow in the samp_send function in nuauth/sasl.c ...)
	{DTSA-82-1}
	- nufw 2.2.7-1 (low)
	[etch] - nufw <not-affected> (Vulnerable code not present)
CVE-2007-5722 (Stack-based buffer overflow in a certain ActiveX control in GLChat.ocx ...)
	NOT-FOR-US: GlobalLink
CVE-2007-5721 (PHP remote file inclusion vulnerability in _theme/breadcrumb.php in ...)
	NOT-FOR-US: MySpacePros MySpace Resource Script
CVE-2007-5720 (Unrestricted file upload vulnerability in the profiles script in ...)
	NOT-FOR-US: ProfileCMS
CVE-2007-5719 (SQL injection vulnerability in bb_func_search.php in miniBB 2.1 allows ...)
	NOT-FOR-US: miniBB
CVE-2007-5717 (Unspecified vulnerability in Sun Fire X2100 M2 and X2200 M2 Embedded ...)
	NOT-FOR-US: Sun Fire
CVE-2007-5716 (Unspecified vulnerability in the Internet Protocol (IP) functionality ...)
	NOT-FOR-US: Sun Solaris 10
CVE-2007-5715 (DenyHosts 2.6 processes OpenSSH sshd &quot;not listed in AllowUsers&quot; log ...)
	- denyhosts 2.6-2 (low)
	[etch] - denyhosts <no-dsa> (Minor issue)
	NOTE: bug was fixed with 06_permit_rootlogin_no.dpatch
CVE-2007-5714 (The Gentoo ebuild of MLDonkey before 2.9.0-r3 has a p2p user account ...)
	- mldonkey <not-affected> (Gentoo-specific packaging flaw)
CVE-2007-5713 (Off-by-one error in the GeoIP module in the AMX Mod X 1.76d plugin for ...)
	NOT-FOR-US: Half-Life Server
CVE-2007-5712 (The internationalization (i18n) framework in Django 0.91, 0.95, ...)
	{DSA-1640-1}
	- python-django 0.96-1.1 (low; bug #448838)
CVE-2007-5711 (Massive Entertainment World in Conflict 1.001 and earlier allows ...)
	NOT-FOR-US: Conflict
CVE-2007-5710 (Cross-site scripting (XSS) vulnerability in ...)
	- wordpress 2.3.1-1 (unimportant)
	NOTE: requires register_globals On, which we don't support
CVE-2007-5709 (Stack-based buffer overflow in Sony SonicStage CONNECT Player (CP) 4.3 ...)
	NOT-FOR-US: Sony SonicStage CONNECT Player
CVE-2007-5718 (vobcopy 0.5.14 allows local users to append data to an arbitrary file, ...)
	- vobcopy 1.0.2-1 (low; bug #448319)
	[etch] - vobcopy <no-dsa> (Minor issue)
	[sarge] - vobcopy <no-dsa> (Minor issue)
CVE-2007-5706 (Absolute path traversal vulnerability in download.php in Jeebles ...)
	NOT-FOR-US: Jeebles
CVE-2007-5705 (Unspecified vulnerability in the Settings component in the ...)
	NOT-FOR-US: Jeebles
CVE-2007-5704 (Multiple SQL injection vulnerabilities in CodeWidgets.com Online Event ...)
	NOT-FOR-US: CodeWidgets
CVE-2007-5703 (Multiple cross-site scripting (XSS) vulnerabilities in (1) ...)
	NOT-FOR-US: RSA KEON
CVE-2007-5702 (Cross-site scripting (XSS) vulnerability in swamp/action/LoginActions ...)
	NOT-FOR-US: SWAMP OpenSUSE
CVE-2007-5701 (Incomplete blacklist vulnerability in the Certificate Authority (CA) ...)
	NOT-FOR-US: IBM Lotus Domino
CVE-2007-5700 (The Evaluate LotusScript method in IBM Lotus Domino before 7.0.3 uses ...)
	NOT-FOR-US: IBM Lotus Domino
CVE-2007-5699 (Stack-based buffer overflow in eIQNetworks Enterprise Security ...)
	NOT-FOR-US: eIQNetworks
CVE-2007-5698 (Cross-site scripting (XSS) vulnerability in default.asp in CREApark ...)
	NOT-FOR-US: CREApark GOLD KOY PORTALI
CVE-2007-5697 (Multiple PHP remote file inclusion vulnerabilities in PHP Image 1.2 ...)
	NOT-FOR-US: phpImage
CVE-2007-5696 (PHP remote file inclusion vulnerability in includes.php in phpBasic ...)
	NOT-FOR-US: phpBasic
CVE-2007-5695 (Open redirect vulnerability in command.php in SiteBar 3.3.8 allows ...)
	{DSA-1423-1}
	- sitebar 3.3.8-12.1 (low; bug #448690)
	NOTE: there is no real exploit scenario
CVE-2007-5694 (Absolute path traversal vulnerability in the translation module ...)
	{DSA-1423-1}
	- sitebar 3.3.8-12.1 (low; bug #447135)
CVE-2007-5693 (Eval injection vulnerability in the translation module ...)
	{DSA-1423-1}
	- sitebar 3.3.8-12.1 (low; bug #447135)
CVE-2007-5692 (Multiple cross-site scripting (XSS) vulnerabilities in SiteBar 3.3.8 ...)
	{DSA-1423-1}
	- sitebar 3.3.8-12.1 (low; bug #448689)
CVE-2007-5691 (ParseFTPList.cpp in Mozilla Firefox 2.0.0.7 allows remote FTP servers ...)
	- iceweasel 2.0.0.8-1 (unimportant)
	NOTE: Browser crashes not treated as security problems
CVE-2007-5690 (** DISPUTED ** ...)
	- zaptel 1:1.4.8~dfsg-1 (unimportant; bug #448763)
	NOTE: zaptel does copy argv[1] into ifr_name but zaptel is not suid root or something
	NOTE: similar so this is no security issue in Debian even if sethdl-new will segfault
CVE-2007-5689 (The Java Virtual Machine (JVM) in Sun Java Runtime Environment (JRE) ...)
	- sun-java6 6-03-1 (medium)
	- sun-java5 1.5.0-13-1 (medium)
	[etch] - sun-java5 <no-dsa> (Non-free not supported)
	[etch] - sun-java5 1.5.0-14-1etch1
CVE-2007-5688 (Multiple SQL injection vulnerabilities in directory.php in the ...)
	NOT-FOR-US: Multi Host Forum Pro
CVE-2007-5687 (Multiple buffer overflows in the rich text processing functionality in ...)
	NOT-FOR-US: JustSystems Ichitaro
CVE-2007-5686 (initscripts in rPath Linux 1 sets insecure permissions for the ...)
	- shadow <unfixed> (unimportant)
	NOTE: See #290803, on Debian LOG_UNKFAIL_ENAB in login.defs is set to no so
	NOTE: unknown usernames are not recorded on login failures
CVE-2007-5685 (The safe_path function in shttp before 0.0.5 allows remote attackers ...)
	NOT-FOR-US: shttp
CVE-2007-5684 (Multiple directory traversal vulnerabilities in TikiWiki 1.9.8.1 and ...)
	- tikiwiki <removed>
CVE-2007-5683 (Multiple cross-site scripting (XSS) vulnerabilities in TikiWiki ...)
	- tikiwiki <removed>
CVE-2007-5682 (Incomplete blacklist vulnerability in tiki-graph_formula.php in ...)
	- tikiwiki <removed>
CVE-2007-5681
	RESERVED
CVE-2007-5680
	RESERVED
CVE-2003-1527 (BlackICE Defender 2.9.cap and Server Protection 3.5.cdf, when ...)
	NOT-FOR-US: not processed, predates tracker
CVE-2002-2364 (Cross-site scripting (XSS) vulnerability in PHP Ticket 0.5 and earlier ...)
	NOT-FOR-US: not processed, predates tracker
CVE-2002-2363 (VJE.VJE-RUN in HP-UX 11.00 adds bin to /etc/PATH, which could allow ...)
	NOT-FOR-US: not processed, predates tracker
CVE-2002-2362 (Cross-site scripting (XSS) vulnerability in form_header.php in ...)
	NOT-FOR-US: not processed, predates tracker
CVE-2002-2361 (The installer in Yahoo! Messenger 4.0, 5.0 and 5.5 does not verify ...)
	NOT-FOR-US: not processed, predates tracker
CVE-2002-2360 (The RPC module in Webmin 0.21 through 0.99, when installed without ...)
	NOT-FOR-US: not processed, predates tracker
CVE-2002-2359 (Cross-site scripting (XSS) vulnerability in the FTP view feature in ...)
	NOT-FOR-US: not processed, predates tracker
CVE-2002-2358 (Cross-site scripting (XSS) vulnerability in the FTP view feature in ...)
	NOT-FOR-US: not processed, predates tracker
CVE-2002-2357 (MailEnable 1.5 015 through 1.5 018 allows remote attackers to cause a ...)
	NOT-FOR-US: not processed, predates tracker
CVE-2002-2356 (HAMweather 2.x allows remote attackers to modify administrative ...)
	NOT-FOR-US: not processed, predates tracker
CVE-2002-2355 (Netgear FM114P firmware 1.3 wireless firewall, when configured to ...)
	NOT-FOR-US: not processed, predates tracker
CVE-2002-2354 (Netgear FM114P firmware 1.3 wireless firewall allows remote attackers ...)
	NOT-FOR-US: not processed, predates tracker
CVE-2002-2353 (tftpd32 2.50 and 2.50.2 allows remote attackers to read or write ...)
	NOT-FOR-US: not processed, predates tracker
CVE-2002-2352 (The NBActiveX.ocx ActiveX control in NeoBook 4 allows remote attackers ...)
	NOT-FOR-US: not processed, predates tracker
CVE-2002-2351 (Eudora 5.1 allows remote attackers to bypass security warnings and ...)
	NOT-FOR-US: not processed, predates tracker
CVE-2002-2350 (Cross-site scripting (XSS) vulnerability in z_user_show.php in ...)
	NOT-FOR-US: not processed, predates tracker
CVE-2002-2349 (phpinfo.php in phpBBmod 1.3.3 executes the phpinfo function, which ...)
	NOT-FOR-US: not processed, predates tracker
CVE-2002-2348 (Cross-site scripting (XSS) vulnerability in athcgi.exe in Authoria HR ...)
	NOT-FOR-US: not processed, predates tracker
CVE-2002-2347 (Cross-site scripting (XSS) vulnerability in Oracle Java Server Page ...)
	NOT-FOR-US: not processed, predates tracker
CVE-2002-2346 (phpBB 2.0 through 2.0.3 generates names for uploaded avatar files with ...)
	NOT-FOR-US: not processed, predates tracker
CVE-2002-2345 (Oracle 9i Application Server 9.0.2 stores the web cache administrator ...)
	NOT-FOR-US: not processed, predates tracker
CVE-2002-2344 (Ensim WEBppliance 3.0 and 3.1 allows remote attackers to read mail ...)
	NOT-FOR-US: not processed, predates tracker
CVE-2002-2343 (Cross-site scripting (XSS) vulnerability in NOCC 0.9 through 0.9.5 ...)
	NOT-FOR-US: not processed, predates tracker
CVE-2002-2342 (Bannermatic 1, 2, and 3 stores the (1) ban.log, (2) ban.bak, (3) ...)
	NOT-FOR-US: not processed, predates tracker
CVE-2002-2341 (Cross-site scripting (XSS) vulnerability in content blocking in ...)
	NOT-FOR-US: not processed, predates tracker
CVE-2002-2340 (Cross-site scripting (XSS) vulnerability in read.php in Phorum 3.3.2a ...)
	NOT-FOR-US: not processed, predates tracker
CVE-2002-2339 (Cross-site scripting (XSS) vulnerability in configure.asp in ...)
	NOT-FOR-US: not processed, predates tracker
CVE-2002-2338 (The POP3 mail client in Mozilla 1.0 and earlier, and Netscape ...)
	NOT-FOR-US: not processed, predates tracker
CVE-2002-2337 (Kaspersky Anti-Hacker 1.0, when configured to automatically block ...)
	NOT-FOR-US: not processed, predates tracker
CVE-2002-2336 (Norton Personal Firewall 2002 4.0, when configured to automatically ...)
	NOT-FOR-US: not processed, predates tracker
CVE-2002-2335 (Killer Protection 1.0 stores the vars.inc include file under the web ...)
	NOT-FOR-US: not processed, predates tracker
CVE-2002-2334 (Joe text editor 2.8 through 2.9.7 does not remove the group and user ...)
	NOT-FOR-US: not processed, predates tracker
CVE-2002-2333 (Buffer overflow in konqueror in KDE 2.1 through 3.0 and 3.0.2 allows ...)
	NOT-FOR-US: not processed, predates tracker
CVE-2002-2332 (Buffer overflow in Opera 6.01 allows remote attackers to cause a ...)
	NOT-FOR-US: not processed, predates tracker
CVE-2002-2331 (W3Mail 1.0.2 through 1.0.5 with server side scripting (SSI) enabled in ...)
	NOT-FOR-US: not processed, predates tracker
CVE-2002-2330 (Cross-site scripting (XSS) vulnerability in stat.pl in StatsPlus 1.25 ...)
	NOT-FOR-US: not processed, predates tracker
CVE-2002-2329 (ICQ client 2001b, 2002a and 2002b allows remote attackers to cause a ...)
	NOT-FOR-US: not processed, predates tracker
CVE-2002-2328 (Active Directory in Windows 2000, when supporting Kerberos V ...)
	NOT-FOR-US: not processed, predates tracker
CVE-2002-2327 (Unspecified vulnerability in the environmental monitoring subsystem in ...)
	NOT-FOR-US: not processed, predates tracker
CVE-2002-2326 (The default configuration of Mail.app in Mac OS X 10.0 through 10.0.4 ...)
	NOT-FOR-US: not processed, predates tracker
CVE-2002-2325 (The c-client library in Internet Message Access Protocol (IMAP) dated ...)
	NOT-FOR-US: not processed, predates tracker
CVE-2002-2324 (The &quot;System Restore&quot; directory and subdirectories, and possibly other ...)
	NOT-FOR-US: not processed, predates tracker
CVE-2002-2323 (Sun PC NetLink 1.0 through 1.2 does not properly set the access ...)
	NOT-FOR-US: not processed, predates tracker
CVE-2002-2322 (Ultimate PHP Board (UPB) 1.0b stores the users.dat data file under the ...)
	NOT-FOR-US: not processed, predates tracker
CVE-2002-2321 (Cross-site scripting (XSS) vulnerability in (1) showcat.php and (2) ...)
	NOT-FOR-US: not processed, predates tracker
CVE-2002-2320 (MySimpleNews 1.0 allows remote attackers to delete arbitrary email ...)
	NOT-FOR-US: not processed, predates tracker
CVE-2002-2319 (Static code injection vulnerability in users.php in MySimpleNews ...)
	NOT-FOR-US: not processed, predates tracker
CVE-2002-2318 (Cross-site scripting (XSS) vulnerability in Falcon web server ...)
	NOT-FOR-US: not processed, predates tracker
CVE-2002-2317 (Memory leak in the (1) httpd, (2) nntpd, and (3) vpn driver in ...)
	NOT-FOR-US: not processed, predates tracker
CVE-2002-2316 (Cisco Catalyst 4000 series switches running CatOS 5.5.5, 6.3.5, and ...)
	NOT-FOR-US: not processed, predates tracker
CVE-2002-2315 (Cisco IOS 11.2.x and 12.0.x does not limit the size of its redirect ...)
	NOT-FOR-US: not processed, predates tracker
CVE-2002-2314 (Mozilla 1.0 allows remote attackers to steal cookies from other ...)
	NOT-FOR-US: not processed, predates tracker
CVE-2002-2313 (Eudora email client 5.1.1, with &quot;use Microsoft viewer&quot; enabled, allows ...)
	NOT-FOR-US: not processed, predates tracker
CVE-2002-2312 (Opera 6.0.1 allows remote attackers to upload arbitrary file contents ...)
	NOT-FOR-US: not processed, predates tracker
CVE-2002-2311 (Microsoft Internet Explorer 6.0 and possibly others allows remote ...)
	NOT-FOR-US: not processed, predates tracker
CVE-2002-2310 (ClickCartPro 4.0 stores the admin_user.db data file under the web ...)
	NOT-FOR-US: not processed, predates tracker
CVE-2002-2309 (php.exe in PHP 3.0 through 4.2.2, when running on Apache, does not ...)
	NOT-FOR-US: not processed, predates tracker
CVE-2002-2308 (Netscape Communicator 6.2.1 allows remote attackers to cause a denial ...)
	NOT-FOR-US: not processed, predates tracker
CVE-2002-2307 (The default configuration of BenHur Firewall release 3 update 066 fix ...)
	NOT-FOR-US: not processed, predates tracker
CVE-2007-5707 (OpenLDAP before 2.3.39 allows remote attackers to cause a denial of ...)
	{DSA-1541-1}
	- openldap2.3 2.3.38-1 (medium; bug #440632)
	- openldap2.2 <removed>
	- openldap2 <not-affected> (slapd not built)
CVE-2007-5708 (slapo-pcache (overlays/pcache.c) in slapd in OpenLDAP before 2.3.39, ...)
	{DSA-1541-1 DTSA-87-1}
	- openldap2.3 2.3.39-1 (medium; bug #448644)
CVE-2007-2983 (Multiple buffer overflows in the British Telecommunications Consumer ...)
	NOT-FOR-US: British Telecommunications Consumer webhelper
CVE-2003-1526 (PHP-Nuke 7.0 allows remote attackers to obtain the installation path ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1525 (Unspecified vulnerability in My Photo Gallery 3.5, and possibly ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1524 (PGPi PGPDisk 6.0.2i does not unmount a PGP partition when the switch ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1523 (SQL injection vulnerability in the IMAP daemon in dbmail 1.1 allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1522 (Cross-site scripting (XSS) vulnerability in PSCS VPOP3 Web Mail server ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1521 (Sun Java Plug-In 1.4 through 1.4.2_02 allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1520 (SQL injection vulnerability in FuzzyMonkey My Classifieds 2.11 allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1519 (Cross-site scripting (XSS) vulnerability in Vivisimo clustering engine ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1518 (Adiscon WinSyslog 4.21 SP1 allows remote attackers to cause a denial ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1517 (cart.pl in Dansie shopping cart allows remote attackers to obtain the ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1516 (The org.apache.xalan.processor.XSLProcessorVersion class in Java ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1515 (Origo ASR-8100 ADSL Router 3.21 has an administration service running ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1514 (eMule 0.29c allows remote attackers to cause a denial of service ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1513 (Multiple cross-site scripting (XSS) vulnerabilities in example scripts ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1512 (Buffer overflow in mIRC 6.1 and 6.11 allows remote attackers to cause ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1511 (Cross-site scripting (XSS) vulnerability in Bajie Java HTTP Server ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1510 (TinyWeb 1.9 allows remote attackers to cause a denial of service (CPU ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1509 (Real Networks RealOne Enterprise Desktop 6.0.11.774, RealOne Player ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1508 (Buffer overflow in mIRC 6.12, when the DCC get dialog window has been ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1507 (Planet Technology WGSD-1020 and WSW-2401 Ethernet switches use a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1506 (Cross-site scripting (XSS) vulnerability in dansguardian.pl in Adelix ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1505 (Microsoft Internet Explorer 6.0 allows remote attackers to cause a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1504 (SQL injection vulnerability in variables.php in Goldlink 3.0 allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1503 (Buffer overflow in AOL Instant Messenger (AIM) 5.2.3292 allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1502 (mod_throttle 3.0 allows local users with Apache privileges to access ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1501 (Directory traversal vulnerability in the file upload CGI of Gast ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1500 (PHP remote file inclusion vulnerability in _functions.php in ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1499 (Directory traversal vulnerability in index.php in Bytehoard 0.7 allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1498 (Cross-site scripting (XSS) vulnerability in search.php for WRENSOFT ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1497 (Buffer overflow in the system log viewer of Linksys BEFSX41 1.44.3 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1496 (Unspecified vulnerability in CDE dtmailpr of HP Tru64 4.0F through ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1495 (Unspecified vulnerability in the non-SSL web agent in various HP ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2007-5679 (SQL injection vulnerability in index.php in DeeEmm.com DM CMS ...)
	NOT-FOR-US: DM CMS
CVE-2007-5678 (SQL injection vulnerability in the Music module in phpBasic allows ...)
	NOT-FOR-US: phpBasic
CVE-2007-5677 (Cross-site scripting (XSS) vulnerability in shoutbox/blocco.php in ...)
	NOT-FOR-US: Hackish
CVE-2007-5676 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: PHP-Nuke
CVE-2007-5675 (Stack-based buffer overflow in the DebugPrint function in MultiXTpm ...)
	NOT-FOR-US: MultiXTpm Application Server
CVE-2007-5674 (Directory traversal vulnerability in index.php in InstaGuide Weather ...)
	NOT-FOR-US: InstaGuide Weather
CVE-2007-5673 (Cross-site scripting (XSS) vulnerability in cgi-bin/webif.exe in ifnet ...)
	NOT-FOR-US: ifnet WebIf
CVE-2007-5672
	RESERVED
CVE-2007-5671 (HGFS.sys in the VMware Tools package in VMware Workstation 5.x before ...)
	- vmware-package <not-affected> (Only vulnerable on windows hosted systems)
CVE-2007-5670
	REJECTED
CVE-2007-5669
	RESERVED
CVE-2007-5668
	RESERVED
CVE-2007-5667 (NWFILTER.SYS in Novell Client 4.91 SP 1 through SP 4 for Windows 2000, ...)
	NOT-FOR-US: Novell Client
CVE-2007-5666 (Untrusted search path vulnerability in Adobe Reader and Acrobat 8.1.1 ...)
	NOT-FOR-US: Adobe Reader
CVE-2007-5665 (STEngine.exe 3.5.0.20 in Novell ZENworks Endpoint Security Management ...)
	NOT-FOR-US: Novell ZENworks Endpoint Security Management
CVE-2007-5664 (db2dasrrm in the DB2 Administration Server (DAS) in IBM DB2 Universal ...)
	NOT-FOR-US: IBM DB2
CVE-2007-5663 (Adobe Reader and Acrobat 8.1.1 and earlier allows remote attackers to ...)
	NOT-FOR-US: Adobe Reader
CVE-2007-5662
	RESERVED
CVE-2007-5661 (The Macrovision InstallShield InstallScript One-Click Install (OCI) ...)
	NOT-FOR-US: Macrovision InstallShield
CVE-2007-5660 (Unspecified vulnerability in the Update Service ActiveX control in ...)
	NOT-FOR-US:  MacroVision FLEXnet Connect and InstallShield 2008
CVE-2007-5659 (Multiple buffer overflows in Adobe Reader and Acrobat 8.1.1 and ...)
	NOT-FOR-US: Adobe Reader
CVE-2007-5658 (Heap-based buffer overflow in TIBCO SmartSockets RTserver 6.8.0 and ...)
	NOT-FOR-US: TIBCO SmartSockets RTserver
CVE-2007-5657 (TIBCO SmartSockets RTserver 6.8.0 and earlier, RTworks before 4.0.4, ...)
	NOT-FOR-US: TIBCO SmartSockets RTserver
CVE-2007-5656 (TIBCO SmartSockets RTserver 6.8.0 and earlier, RTworks before 4.0.4, ...)
	NOT-FOR-US: TIBCO SmartSockets RTserver
CVE-2007-5655 (TIBCO SmartSockets RTserver 6.8.0 and earlier, RTworks before 4.0.4, ...)
	NOT-FOR-US: TIBCO SmartSockets RTserver
CVE-2007-5654 (LiteSpeed Web Server before 3.2.4 allows remote attackers to trigger ...)
	NOT-FOR-US: LiteSpeed
CVE-2007-5653 (The Component Object Model (COM) functions in PHP 5.x on Windows do ...)
	- php5 <not-affected> (windows only)
CVE-2007-5652 (IBM DB2 UDB 9.1 before Fixpak 4 does not properly manage storage of a ...)
	NOT-FOR-US: IBM DB2
CVE-2007-5651 (Unspecified vulnerability in the Extensible Authentication Protocol ...)
	NOT-FOR-US: Cisco IOS
CVE-2007-5650 (Directory traversal vulnerability in system.php in ReloadCMS 1.2.7 ...)
	NOT-FOR-US: ReloadCMS
CVE-2007-5649 (Cross-site scripting (XSS) vulnerability in lostpwd.php in Creative ...)
	NOT-FOR-US: Creative Digital Resources SocketMail
CVE-2007-5648 (Multiple cross-site scripting (XSS) vulnerabilities in rnote.php in ...)
	NOT-FOR-US: rnote
CVE-2007-5647 (Multiple cross-site scripting (XSS) vulnerabilities in SocketKB 1.1.5 ...)
	NOT-FOR-US: SocketKB
CVE-2007-5646 (SQL injection vulnerability in Sources/Search.php in Simple Machines ...)
	NOT-FOR-US: Simple Machines Forum
CVE-2007-5644 (Lussumo Vanilla 1.1.3 and earlier does not require admin privileges ...)
	NOT-FOR-US: Lussumo Vanilla
CVE-2007-5643 (Multiple SQL injection vulnerabilities in Lussumo Vanilla 1.1.3 and ...)
	NOT-FOR-US: Lussumo Vanilla
CVE-2007-5642 (Multiple directory traversal vulnerabilities in PHP Project Management ...)
	NOT-FOR-US: PHP Project Management
CVE-2007-5641 (Multiple PHP remote file inclusion vulnerabilities in PHP Project ...)
	NOT-FOR-US: PHP Project Management
CVE-2007-5640 (The Nortel UNIStim IP Softphone 2050, IP Phone 1140E, and additional ...)
	NOT-FOR-US: Nortel VOIP products
CVE-2007-5639 (The Nortel UNIStim IP Softphone 2050, IP Phone 1140E, and other Nortel ...)
	NOT-FOR-US: Nortel VOIP products
CVE-2007-5638 (The Nortel UNIStim IP Softphone 2050, IP Phone 1140E, and additional ...)
	NOT-FOR-US: Nortel VOIP products
CVE-2007-5637 (The Nortel UNIStim IP Softphone 2050, IP Phone 1140E, and additional ...)
	NOT-FOR-US: Nortel VOIP products
CVE-2007-5636 (Buffer overflow in the Nortel UNIStim IP Softphone 2050 allows remote ...)
	NOT-FOR-US: Nortel VOIP products
CVE-2007-5635 (Multiple unspecified vulnerabilities in Salford Software Support ...)
	NOT-FOR-US: Salford Software Support Incident Tracke
CVE-2007-5634 (Speedfan.sys in Alfredo Milani Comparetti SpeedFan 4.33, when used on ...)
	NOT-FOR-US: SpeedFan
CVE-2007-5633 (Speedfan.sys in Alfredo Milani Comparetti SpeedFan 4.33, when used on ...)
	NOT-FOR-US: SpeedFan
CVE-2007-5632 (Multiple unspecified vulnerabilities in the kernel in Sun Solaris 8 ...)
	NOT-FOR-US: Solaris
CVE-2007-5631 (Multiple PHP remote file inclusion vulnerabilities in PeopleAggregator ...)
	NOT-FOR-US: PeopleAggregator
CVE-2007-5630 (SQL injection vulnerability in tnews.php in BBsProcesS BBPortalS ...)
	NOT-FOR-US: BBsProcesS BBPortalS
CVE-2007-5629 (Cross-site scripting (XSS) vulnerability in admin/logon.asp in ...)
	NOT-FOR-US: ShoppingTree CandyPress Store #
CVE-2007-5628 (PHP remote file inclusion vulnerability in src/scripture.php in The ...)
	NOT-FOR-US: TOWeLS
CVE-2007-5627 (PHP remote file inclusion vulnerability in content/fnc-readmail3.php ...)
	NOT-FOR-US: Socketmail
CVE-2007-5626 (make_catalog_backup in Bacula 2.2.5, and probably earlier, sends a ...)
	- bacula <unfixed> (unimportant; bug #446809)
	NOTE: this script needs the default database password and name needs to be set which
	NOTE: would be a bigger problem in a non-trusted environment. Apart from
	NOTE: this is documented in the bacula documentation
CVE-2007-5625 (Cross-site scripting (XSS) vulnerability in filename.asp in ASP Site ...)
	NOT-FOR-US: Site Search SearchSimon Lite
CVE-2007-5624 (Cross-site scripting (XSS) vulnerability in Nagios 2.x before 2.10 ...)
	- nagios2 2.9-1.1 (low; bug #448371)
CVE-2007-5623 (Buffer overflow in the check_snmp function in Nagios Plugins ...)
	{DSA-1495-1}
	- nagios-plugins 1.4.8-2.2 (medium; bug #448372)
	[sarge] - nagios-plugins <not-affected> (Vulnerable code not present)
CVE-2003-1494 (Unspecified vulnerability in HP OpenView Network Node Manager (NNM) ...)
	NOT-FOR-US: HP OpenView Network Node Manager
CVE-2003-1493 (Memory leak in HP OpenView Network Node Manager (NNM) 6.2 and 6.4 ...)
	NOT-FOR-US: HP OpenView Network Node Manager
CVE-2003-1492 (Netscape Navigator 7.0.2 and Mozilla allows remote attackers to access ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1491 (Kerio Personal Firewall (KPF) 2.1.4 has a default rule to accept ...)
	NOT-FOR-US: Kerio Personal Firewall
CVE-2003-1490 (SonicWall Pro running firmware 6.4.0.1 allows remote attackers to ...)
	NOT-FOR-US: SonicWall Pro
CVE-2003-1489 (upload.php in Truegalerie 1.0 allows remote attackers to read ...)
	NOT-FOR-US: Truegalerie
CVE-2003-1488 (The (1) verif_admin.php and (2) check_admin.php scripts in Truegalerie ...)
	NOT-FOR-US: Truegalerie
CVE-2003-1487 (Multiple &quot;command injection&quot; vulnerabilities in Phorum 3.4 through ...)
	NOT-FOR-US: Phorum
CVE-2003-1486 (Phorum 3.4 through 3.4.2 allows remote attackers to obtain the full ...)
	NOT-FOR-US: Phorum
CVE-2003-1485 (Clearswift MAILsweeper 4.0 through 4.3.7 allows remote attackers to ...)
	NOT-FOR-US: Clearswift MAILsweeper
CVE-2003-1484 (Microsoft Internet Explorer 6.0 SP1 allows remote attackers to cause a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1483 (FlashFXP 1.4 uses a weak encryption algorithm for user passwords, ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1482 (The backup configuration file for Microsoft MN-500 wireless base ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1481 (CommuniGate Pro 3.1 through 4.0.6 sends the session ID in the referer ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1480 (MySQL 3.20 through 4.1.0 uses a weak algorithm for hashed passwords, ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1479 (Cross-site scripting (XSS) vulnerability in webcamXP 1.02.432 and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1478 (Konqueror in KDE 3.0.3 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1477 (MAILsweeper for SMTP 4.3.6 and 4.3.7 allows remote attackers to cause ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1476 (Cerberus FTP Server 2.1 stores usernames and passwords in plaintext, ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1475 (Netbus 1.5 through 1.7 allows more than one client to be connected at ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1474 (slashem-tty in the FreeBSD Ports Collection is installed with write ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1473 (Buffer overflow in LTris 1.0.1 of FreeBSD Ports Collection 2003-02-25 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1472 (Buffer overflow in 3D-FTP client 4.0 allows remote FTP servers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1471 (MDaemon POP server 6.0.7 and earlier allows remote authenticated users ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1470 (Buffer overflow in IMAP service in MDaemon 6.7.5 and earlier allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1469 (The default configuration of ColdFusion MX has the &quot;Enable Robust ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1468 (The Web_Links module in PHP-Nuke 6.0 through 6.5 final allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1467 (Multiple cross-site scripting (XSS) vulnerabilities in (1) login.php, ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1466 (Unspecified vulnerability in Phorum 3.4 through 3.4.2 allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1465 (Directory traversal vulnerability in download.php in Phorum 3.4 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1464 (Buffer overflow in Siemens 45 series mobile phones allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1463 (Absolute path traversal vulnerability in Alt-N Technologies WebAdmin ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1462 (mod_survey 3.0.0 through 3.0.15-pre6 does not check whether a survey ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1461 (Buffer overflow in rwrite for HP-UX 11.0 could allow local users to ...)
	NOT-FOR-US: HP-UX
CVE-2003-1460 (Worker Filemanager 1.0 through 2.7 sets the permissions on the ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1459 (Multiple PHP remote file inclusion vulnerabilities in ttCMS 2.2 and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1458 (SQL injection vulnerability in Profile.php in ttCMS 2.2 and ttForum ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1457 (Auerswald COMsuite CTI ControlCenter 3.1 creates a default ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1456 (Album.pl 6.1 allows remote attackers to execute arbitrary commands, ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1455 (Multiple buffer overflows in the launch_bcrelay function in pptpctrl.c ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1454 (Invision Power Services Invision Board 1.0 through 1.1.1, when a forum ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1453 (Cross-site scripting (XSS) vulnerability in the MytextSanitizer ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1452 (Untrusted search path vulnerability in Qualcomm qpopper 4.0 through ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1451 (Buffer overflow in Symantec Norton AntiVirus 2002 allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1450 (BitchX 75p3 and 1.0c16 through 1.0c20cvs allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1449 (Aladdin Knowlege Systems eSafe Gateway 3.5.126.0 does not check the ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1448 (Memory leak in the Windows 2000 kernel allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1447 (IBM WebSphere Advanced Server Edition 4.0.4 uses a weak encryption ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1446 (Buffer overflow in the save_into_file function in save.c for Rogue ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1445 (Stack-based buffer overflow in Far Manager 1.70beta1 and earlier ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1444 (Kaspersky Antivirus (KAV) 4.0.9.0 allows local users to cause a denial ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1443 (Kaspersky Antivirus (KAV) 4.0.9.0 does not detect viruses in files ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1442 (The web administration page for the Ericsson HM220dp ADSL modem does ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1441 (Posadis 0.50.4 through 0.50.8 allows remote attackers to cause a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1440 (SpamProbe 0.8a allows remote attackers to cause a denial of service ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1439 (Secure Internet Live Conferencing (SILC) 0.9.11 and 0.9.12 stores ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1438 (Race condition in BEA WebLogic Server and Express 5.1 through 7.0.0.1, ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1437 (BEA WebLogic Express and WebLogic Server 7.0 and 7.0.0.1, stores ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1436 (PHP remote file inclusion vulnerability in nukebrowser.php in ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1435 (SQL injection vulnerability in PHP-Nuke 5.6 and 6.0 allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1434 (login_ldap 3.1 and 3.2 allows remote attackers to initiate ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1433 (Epic Games Unreal Engine 226f through 436 does not validate the ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1432 (Epic Games Unreal Engine 226f through 436 allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1431 (Buffer overflow in Epic Games Unreal Engine 226f through 436 allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1430 (Directory traversal vulnerability in Unreal Tournament Server 436 and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1429 (Buffer overflow in Proxomitron Naoko 4.4 allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2007-5622 (Double free vulnerability in the ftpprchild function in ftppr in ...)
	NOT-FOR-US: 3proxy
CVE-2007-5621 (Multiple cross-site scripting (XSS) vulnerabilities in the Token ...)
	NOT-FOR-US: Token Drupal
	NOTE: Token is not included in the drupal packages
CVE-2007-5620 (Directory traversal vulnerability in admin/inc/help.php in ...)
	NOT-FOR-US: ZZ:FlashChat
CVE-2007-5619 (Unspecified vulnerability in VMware Server before 1.0.4 causes user ...)
	- vmware-package <unfixed> (low; bug #486177)
	[etch] - vmware-package <no-dsa> (Contrib not supported)
	NOTE: vmware-package just builds vmware from downloaded tarballs, the package itself
	NOTE: does not download them, however it needs to update its hashes for upstream tarballs
CVE-2007-5618 (Unquoted Windows search path in the Authorization and other services ...)
	- vmware-package <not-affected> (Only vulnerable on windows hosted systems)
	[etch] - vmware-package <no-dsa> (Contrib not supported)
CVE-2007-5617 (Unspecified vulnerability in VMware Player 1.0.x before 1.0.5 and 2.0 ...)
	- vmware-package <unfixed> (low; bug #486177)
	[etch] - vmware-package <no-dsa> (Contrib not supported)
	NOTE: vmware-package just builds vmware from downloaded tarballs, the package itself
	NOTE: does not download them, however it needs to update its hashes for upstream tarballs
CVE-2007-5616 (ssh-signer in SSH Tectia Client and Server 5.x before 5.2.4, and 5.3.x ...)
	NOT-FOR-US: SSH Tectia Client and Server
CVE-2007-5615 (CRLF injection vulnerability in Mortbay Jetty before 6.1.6rc0 allows ...)
	- jetty <unfixed> (low; bug #454529)
CVE-2007-5614 (Mortbay Jetty before 6.1.6rc1 does not properly handle &quot;certain quote ...)
	- jetty <unfixed> (low; bug #454529)
CVE-2007-5613 (Cross-site scripting (XSS) vulnerability in Dump Servlet in Mortbay ...)
	- jetty <unfixed> (low; bug #454529)
CVE-2007-5612 (CIM Server in IBM Director 5.20.1 and earlier allows remote attackers ...)
	NOT-FOR-US: IBM Director
CVE-2007-5611
	RESERVED
CVE-2007-5610 (Unspecified vulnerability in a certain ActiveX control in ...)
	NOT-FOR-US: ActiveX control
CVE-2007-5609
	RESERVED
CVE-2007-5608 (Unspecified vulnerability in a certain ActiveX control in ...)
	NOT-FOR-US: ActiveX control
CVE-2007-5607 (Unspecified vulnerability in a certain ActiveX control in ...)
	NOT-FOR-US: ActiveX control
CVE-2007-5606 (Unspecified vulnerability in a certain ActiveX control in ...)
	NOT-FOR-US: ActiveX control
CVE-2007-5605 (Unspecified vulnerability in a certain ActiveX control in ...)
	NOT-FOR-US: ActiveX control
CVE-2007-5604 (Unspecified vulnerability in a certain ActiveX control in ...)
	NOT-FOR-US: ActiveX control
CVE-2007-5603 (Stack-based buffer overflow in the SonicWall SSL-VPN NetExtender ...)
	NOT-FOR-US: SonicWall SSL-VPN NetExtender
CVE-2007-5602 (Multiple stack-based buffer overflows in SwiftView Viewer before ...)
	NOT-FOR-US: SwiftView Viewer
CVE-2007-5601 (Stack-based buffer overflow in the Database Component in MPAMedia.dll ...)
	NOT-FOR-US: RealPlayer (windows only issue)
CVE-2007-5600 (Incomplete blacklist vulnerability in index.php in Artmedic CMS 3.4 ...)
	NOT-FOR-US: Artmedic CMS
CVE-2007-5599 (Multiple PHP remote file inclusion vulnerabilities in awrate 1.0 allow ...)
	NOT-FOR-US: awrate
CVE-2007-5598 (Cross-site scripting (XSS) vulnerability in Weblinks for Drupal 4.7.x ...)
	- drupal5 <not-affected> (bug #447748)
	- drupal <not-affected> (bug #447746)
	NOTE: drupal weblinks is not included in the drupal package in debian
CVE-2007-5597 (The hook_comments API in Drupal 4.7.x before 4.7.8 and 5.x before 5.3 ...)
	- drupal5 5.3-1
	- drupal 4.7.8-1
CVE-2007-5596 (The core Upload module in Drupal 4.7.x before 4.7.8 and 5.x before 5.3 ...)
	- drupal5 5.3-1
	- drupal 4.7.8-1
CVE-2007-5595 (CRLF injection vulnerability in the drupal_goto function in ...)
	- drupal5 5.3-1
	- drupal 4.7.8-1
CVE-2007-5594 (Drupal 5.x before 5.3 does not apply its Drupal Forms API protection ...)
	- drupal5 5.3-1
	- drupal 4.7.8-1
CVE-2007-5593 (install.php in Drupal 5.x before 5.3, when the configured database ...)
	- drupal5 5.3-1
	- drupal 4.7.8-1
CVE-2007-5592 (Multiple PHP remote file inclusion vulnerabilities in awzMB 4.2 beta 1 ...)
	NOT-FOR-US: awzMB
CVE-2007-5591 (The CS1000 signaling server in Nortel Enterprise VoIP-Core-CS 1000M ...)
	NOT-FOR-US: Nortel Enterprise VoIP-Core-CS
CVE-2007-5590 (Multiple buffer overflows in Miranda before 0.7.1 allow remote ...)
	NOT-FOR-US: Miranda
CVE-2007-5588 (Cross-site scripting (XSS) vulnerability in mnoGoSearch before 3.2.43 ...)
	{DTSA-103-1}
	- mnogosearch 3.3.4-4.1 (low; bug #447753)
	[sarge] - mnogosearch <no-dsa> (Minor issue)
	[etch] - mnogosearch <no-dsa> (Minor issue)
CVE-2007-5587 (Buffer overflow in Macrovision SafeDisc secdrv.sys before 4.3.86.0, as ...)
	NOT-FOR-US: Microsoft Windows
CVE-2007-5586
	REJECTED
CVE-2007-5585 (xscreensaver 5.03 and earlier, when running without ...)
	{DTSA-83-1}
	- xscreensaver 5.03-3.1 (medium; bug #448157)
	[etch] - xscreensaver <not-affected> (Vulnerable code not present)
	[sarge] - xscreensaver <not-affected> (Vulnerable code not present)
CVE-2007-5584 (Unspecified vulnerability in Cisco Firewall Services Module (FWSM) ...)
	NOT-FOR-US: Cisco
CVE-2007-5583 (Cisco IP Phone 7940 with firmware P0S3-08-7-00 allows remote attackers ...)
	NOT-FOR-US: Cisco IP Phone
CVE-2007-5582 (Cross-site scripting (XSS) vulnerability in the login page in Cisco ...)
	NOT-FOR-US: Cisco
CVE-2007-5581 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
	NOT-FOR-US: Cisco Unified MeetingPlace
CVE-2007-5580 (Buffer overflow in a certain driver in Cisco Security Agent 4.5.1 ...)
	NOT-FOR-US: Cisco
CVE-2003-1428 (Gallery 1.3.3 creates directories with insecure permissions, which ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1427 (Directory traversal vulnerability in the web configuration interface ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1426 (Openwebmail in cPanel 5.0, when run using suid Perl, adds the ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1425 (guestbook.cgi in cPanel 5.0 allows remote attackers to execute ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1424 (message.php in Petitforum does not properly authenticate users, which ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1423 (Petitforum stores the liste.txt data file under the web document root ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1422 (Multiple unspecified vulnerabilities in the installer for SYSLINUX ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1421 (Unspecified vulnerability in mod_mysql_logger shared object in SuckBot ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1420 (Cross-site scripting (XSS) vulnerability in Opera 6.0 through 7.0 with ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1419 (Netscape 7.0 allows remote attackers to cause a denial of service ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1418 (Apache HTTP Server 1.3.22 through 1.3.27 on OpenBSD allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1417 (nCipher Support Software 6.00, when using generatekey KeySafe to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1416 (BisonFTP Server 4 release 2 allows remote attackers to cause a denial ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1415 (NetCharts XBRL Server 4.0.0 allows remote attackers to obtain ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1414 (Directory traversal vulnerability in parse_xml.cg Apple Darwin ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1413 (parse_xml.cgi in Apple Darwin Streaming Server 4.1.1 allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1412 (PHP remote file inclusion vulnerability in index.php for GONiCUS ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1411 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1410 (PHP remote file inclusion vulnerability in email.php (aka email.php3) ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1409 (TOPo 1.43 allows remote attackers to obtain sensitive information by ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1408 (Lotus Domino Server 5.0 and 6.0 allows remote attackers to read the ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1407 (Buffer overflow in cmd.exe in Windows NT 4.0 may allow local users to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1406 (PHP remote file inclusion vulnerability in D-Forum 1.00 through 1.11 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1405 (DotBr 0.1 allows remote attackers to execute arbitrary shell commands ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1404 (DotBr 0.1 stores config.inc with insufficient access control under the ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1403 (foo.php3 in DotBr 0.1 allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1402 (PHP remote file inclusion vulnerability in hit.php for Kietu 2.0 and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1401 (login.php in php-Board 1.0 stores plaintext passwords in $username.txt ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2007-5589 (Muliple cross-site scripting (XSS) vulnerabilities in phpMyAdmin ...)
	{DSA-1403-1}
	- phpmyadmin 4:2.11.1.2-1
CVE-2007-5579 (login.php in Pligg CMS 9.5 uses a guessable confirmation code when ...)
	NOT-FOR-US: Pligg CMS
CVE-2007-5578 (Basic Analysis and Security Engine (BASE) before 1.3.8 sends a ...)
	- acidbase 1.3.8
CVE-2007-5577 (Multiple cross-site scripting (XSS) vulnerabilities in Joomla! before ...)
	NOT-FOR-US: Joomla
CVE-2007-5576 (BEA Tuxedo 8.0 before RP392 and 8.1 before RP293, and WebLogic ...)
	NOT-FOR-US: BEA Tuxedo
CVE-2007-5575 (Cross-site request forgery (CSRF) vulnerability in 1024 CMS 1.2.5 ...)
	NOT-FOR-US: 1024 CMS
CVE-2007-5574 (PHP remote file inclusion vulnerability in djpage.php in PHPDJ 0.5 ...)
	NOT-FOR-US: PHPDJPHPDJ
CVE-2007-5573 (PHP remote file inclusion vulnerability in classes/core/language.php ...)
	NOT-FOR-US: LimeSurvey
CVE-2007-5572 (Multiple cross-site request forgery (CSRF) vulnerabilities in Simple ...)
	NOT-FOR-US: SPHPBlog
CVE-2007-5571 (Cisco Firewall Services Module (FWSM) 3.1(6), and 3.2(2) and earlier, ...)
	NOT-FOR-US: Cisco Firewall Services Module
CVE-2007-5570 (Cisco Firewall Services Module (FWSM) 3.2(1), and 3.1(5) and earlier, ...)
	NOT-FOR-US: Cisco Firewall Services Module
CVE-2007-5569 (Cisco PIX and ASA appliances with 7.1 and 7.2 software, when ...)
	NOT-FOR-US: Cisco
CVE-2007-5568 (Cisco PIX and ASA appliances with 7.0 through 8.0 software, and Cisco ...)
	NOT-FOR-US: Cisco
CVE-2007-5567 (PHP remote file inclusion vulnerability in ...)
	- moin <not-affected> (Does not contain the vulnerable code)
	- karrigell <not-affected> (Does not contain the vulnerable code)
	- knowledgeroot <not-affected> (Does not contain the vulnerable code)
CVE-2007-5566 (** DISPUTED ** ...)
	NOT-FOR-US: PHPBlog
CVE-2007-5565 (** DISPUTED ** ...)
	NOT-FOR-US: phpSCMS
CVE-2007-5564 (Multiple cross-site scripting (XSS) vulnerabilities in NSSboard ...)
	NOT-FOR-US: NSSboard
CVE-2007-5563 (Unspecified vulnerability in VirtueMart before 1.0.13 allows remote ...)
	NOT-FOR-US: VirtueMart
CVE-2007-5562 (Cross-site scripting (XSS) vulnerability in cgi-bin/welcome (aka the ...)
	NOT-FOR-US: Netgear firmware
CVE-2007-5561 (Format string vulnerability in the logging function in the Oracle OPMN ...)
	NOT-FOR-US: Oracle
CVE-2007-5560 (Heap-based buffer overflow in the Juniper HTTP Service allows remote ...)
	NOT-FOR-US: Juniper HTTP Service
CVE-2007-5559 (Heap-based buffer overflow in the IBM ThinkVantage TPM Service allows ...)
	NOT-FOR-US: IBM ThinkVantage TPM Service
CVE-2007-5558 (Integer overflow in the LG Mobile handset allows remote attackers to ...)
	NOT-FOR-US: LG Mobile handset
CVE-2007-5557 (Unspecified vulnerability in the NEC mobile handset allows remote ...)
	NOT-FOR-US: NEC mobile handset
CVE-2007-5556 (Unspecified vulnerability in the Avaya VoIP Handset allows remote ...)
	NOT-FOR-US: Avaya VoIP Handset
CVE-2007-5555 (Unspecified vulnerability in Symantec Altiris Deployment Solution ...)
	NOT-FOR-US: Symantec Altiris Deployment Solution
CVE-2007-5554 (Oracle allows remote attackers to obtain server memory contents via ...)
	NOT-FOR-US: Oracle
CVE-2007-5553
	REJECTED
CVE-2007-5552 (Integer overflow in Cisco IOS allows remote attackers to execute ...)
	NOT-FOR-US: Cisco
CVE-2007-5551 (Off-by-one error in Cisco IOS allows remote attackers to execute ...)
	NOT-FOR-US: Cisco
CVE-2007-5550 (Unspecified vulnerability in Cisco IOS allows remote attackers to ...)
	NOT-FOR-US: Cisco
CVE-2007-5549 (Unspecified vulnerability in Command EXEC in Cisco IOS allows local ...)
	NOT-FOR-US: Cisco
CVE-2007-5548 (Multiple stack-based buffer overflows in Command EXEC in Cisco IOS ...)
	NOT-FOR-US: Cisco
CVE-2007-5547 (Cross-site scripting (XSS) vulnerability in Cisco IOS allows remote ...)
	NOT-FOR-US: Cisco
CVE-2007-5546 (Multiple stack-based buffer overflows in TIBCO SmartPGM FX allow ...)
	NOT-FOR-US: TIBCO SmartPGM FX
CVE-2007-5545 (Format string vulnerability in TIBCO SmartPGM FX allows remote ...)
	NOT-FOR-US: TIBCO SmartPGM FX
CVE-2007-5544 (IBM Lotus Notes before 6.5.6, and 7.x before 7.0.3; and Domino before ...)
	NOT-FOR-US: IBM Lotus Notes
CVE-2007-5543
	RESERVED
CVE-2007-5542
	RESERVED
CVE-2003-1400 (Cross-site scripting (XSS) vulnerability in the Your_Account module ...)
	NOT-FOR-US: PhpNuke
CVE-2003-1399 (eject 2.0.10, when installed setuid on systems such as SuSE Linux 7.3, ...)
	- eject 2.0.13-1
CVE-2003-1398 (Cisco IOS 12.0 through 12.2, when IP routing is disabled, accepts ...)
	NOT-FOR-US: Cisco
CVE-2003-1397 (The PluginContext object of Opera 6.05 and 7.0 allows remote attackers ...)
	NOT-FOR-US: Opera
CVE-2003-1396 (Heap-based buffer overflow in Opera 6.05 through 7.10 allows remote ...)
	NOT-FOR-US: Opera
CVE-2003-1395 (Buffer overflow in KaZaA Media Desktop 2.0 allows remote attackers to ...)
	NOT-FOR-US: KaZaA Media Desktop
CVE-2003-1394 (CoffeeCup Software Password Wizard 4.0 stores sensitive information ...)
	NOT-FOR-US: CoffeeCup Software Password Wizard
CVE-2003-1393 (Buffer overflow in Gupta SQLBase 8.1.0 allows remote attackers to ...)
	NOT-FOR-US: Gupta SQLBase
CVE-2003-1392 (CryptoBuddy 1.0 and 1.2 does not use the user-supplied passphrase to ...)
	NOT-FOR-US: CryptoBuddy
CVE-2003-1391 (RTS CryptoBuddy 1.0 and 1.2 uses a weak encryption algorithm for the ...)
	NOT-FOR-US: CryptoBuddy
CVE-2003-1390 (RTS CryptoBuddy 1.2 and earlier stores bytes 53 through 55 of a ...)
	NOT-FOR-US: CryptoBuddy
CVE-2003-1389 (RTS CryptoBuddy 1.2 and earlier truncates long passphrases without ...)
	NOT-FOR-US: CryptoBuddy
CVE-2003-1388 (Buffer overflow in Opera 7.02 Build 2668 allows remote attackers to ...)
	NOT-FOR-US: Opera
CVE-2003-1387 (Buffer overflow in Opera 6.05 and 6.06, and possibly other versions, ...)
	NOT-FOR-US: Opera
CVE-2003-1386 (AXIS 2400 Video Server 2.00 through 2.33 allows remote attackers to ...)
	NOT-FOR-US: AXIS 2400 Video Server
CVE-2003-1385 (ipchat.php in Invision Power Board 1.1.1 allows remote attackers to ...)
	NOT-FOR-US: Invision Power Board
CVE-2003-1384 (Cross-site scripting (XSS) vulnerability in index.php in PY-Livredor ...)
	NOT-FOR-US: PY-Livredor
CVE-2003-1383 (WEB-ERP 0.1.4 and earlier allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: WEB-ERP
CVE-2003-1382 (Buffer overflow in ISMail 1.4.3 and earlier allow remote attackers to ...)
	NOT-FOR-US: ISMail
CVE-2003-1381 (Format string vulnerability in AMX 0.9.2 and earlier, a plugin for ...)
	NOT-FOR-US: AMX Half-Life Server
CVE-2003-1380 (Directory traversal vulnerability in BisonFTP Server 4 release 2 ...)
	NOT-FOR-US: BisonFTP Server
CVE-2003-1379 (clarkconnectd in ClarkConnect Linux 1.2 allows remote attackers to ...)
	NOT-FOR-US: clarkconnectd
CVE-2003-1378 (Microsoft Outlook Express 6.0 and Outlook 2000, with the security zone ...)
	NOT-FOR-US: Microsoft Outlook
CVE-2003-1377 (Buffer overflow in the reverse DNS lookup of Smart IRC Daemon (SIRCD) ...)
	NOT-FOR-US: Smart IRC Daemon
CVE-2003-1376 (WinZip 8.0 uses weak random number generation for password protected ...)
	NOT-FOR-US: WinZip 8.0
CVE-2003-1375 (Buffer overflow in wall for HP-UX 10.20 through 11.11 may allow local ...)
	NOT-FOR-US: HP-UX 10.20
CVE-2003-1374 (Buffer overflow in disable of HP-UX 11.0 may allow local users to ...)
	NOT-FOR-US: HP-UX 11.0
CVE-2002-2306 (Sharman Networks KaZaA Media Desktop 1.7.1 allows remote attackers to ...)
	NOT-FOR-US: KaZaA Media Desktop
CVE-2002-2305 (SQL injection vulnerability in agentadmin.php in Immobilier allows ...)
	NOT-FOR-US: Immobilier
CVE-2002-2304 (SQL injection vulnerability in admin/auth/checksession.php in ...)
	NOT-FOR-US: MyPHPLinks
CVE-2002-2303 (3D3.Com ShopFactory 5.8 uses client-side encryption and decryption for ...)
	NOT-FOR-US: ShopFactory
CVE-2002-2302 (3D3.Com ShopFactory 5.5 through 5.8 allows remote attackers to modify ...)
	NOT-FOR-US: ShopFactory
CVE-2002-2301 (Lawson Financials 8.0, when configured to use a third party relational ...)
	NOT-FOR-US: Lawson Financials
CVE-2002-2300 (Buffer overflow in ftpd 5.4 in 3Com NBX 4.0.17 or ftpd 5.4.2 in 3Com ...)
	NOT-FOR-US: 3Com NBX ftpd
CVE-2002-2299 (PHP remote file inclusion vulnerability in thatfile.php in Thatware ...)
	NOT-FOR-US: Thatware
CVE-2002-2298 (PHP remote file inclusion vulnerability in config.php in Thatware 0.3 ...)
	NOT-FOR-US: Thatware
CVE-2002-2297 (PHP remote file inclusion vulnerability in artlist.php in Thatware ...)
	NOT-FOR-US: Thatware
CVE-2002-2296 (Cross-site scripting (XSS) vulnerability in YaBB.pl in Yet Another ...)
	NOT-FOR-US: YABB
CVE-2002-2295 (Buffer overflow in Pico Server (pServ) 2.0 beta 1 through beta 5 ...)
	NOT-FOR-US: Pico Server
CVE-2002-2294 (Multiple buffer overflows in Symantec Raptor Firewall 6.5 and 6.5.3, ...)
	NOT-FOR-US: Symantec Raptor
CVE-2002-2293 (Webshots Desktop screensaver allows local users to bypass the password ...)
	NOT-FOR-US: Webshots Desktop screensaver
CVE-2002-2292 (Directory traversal vulnerability in Remote Console Applet in Halycon ...)
	NOT-FOR-US: Remote Console Applet in Halycon
CVE-2002-2291 (Calisto Internet Talker 0.04 and earlier allows remote attackers to ...)
	NOT-FOR-US: Calisto Internet Talker
CVE-2002-2290 (Mambo Site Server 4.0.11 installs with a default username and password ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-2289 (soinfo.php in BadBlue 1.7.1 calls the phpinfo function, which allows ...)
	NOT-FOR-US: BadBlue
CVE-2002-2288 (Mambo Site Server 4.0.11 allows remote attackers to obtain the ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-2287 (PHP remote file inclusion vulnerability in quick_reply.php for phpBB ...)
	NOT-FOR-US: phpBB Advanced Quick Reply Hack
CVE-2002-2286 (The parse-get function in utils.c for apt-www-proxy 0.1 allows remote ...)
	NOT-FOR-US: apt-www-proxy
CVE-2002-2285 (eTrust InoculateIT 6.0 with the &quot;Incremental Scan&quot; option enabled may ...)
	NOT-FOR-US: eTrust
CVE-2002-2284 (Netscape Communicator 4.0 through 4.79 allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-2283 (Microsoft Windows XP with Fast User Switching (FUS) enabled does not ...)
	NOT-FOR-US: Microsoft Windows XP
CVE-2002-2282 (McAfee VirusScan 4.5.1, when the WebScanX.exe module is enabled, ...)
	NOT-FOR-US: McAfee VirusScan
CVE-2002-2281 (Symantec Java! JIT (Just-In-Time) Compiler for Netscape Communicator ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-2280 (syslogd on OpenBSD 2.9 through 3.2 does not change the source IP ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-2279 (Unspecified vulnerability in the bind function in config.inc of aldap 0.09 ...)
	NOT-FOR-US: aldap
CVE-2002-2278 (Cross-site scripting (XSS) vulnerability in mod_search/index.php in ...)
	NOT-FOR-US: PortailPHP
CVE-2002-2277 (SQL injection vulnerability in mod_search/index.php in PortailPHP 0.99 ...)
	NOT-FOR-US: PortailPHP
CVE-2002-2276 (Ultimate PHP Board (UPB) 1.0 allows remote attackers to view the ...)
	NOT-FOR-US: PHP Board
CVE-2002-2275 (Fortres 101 4.1 allows local users to bypass Fortres by pressing the ...)
	NOT-FOR-US: Fortres
CVE-2002-2274 (akfingerd 0.5 allows local users to read arbitrary files as the ...)
	NOT-FOR-US: akfingerd
CVE-2002-2273 (Cross-site scripting (XSS) vulnerability in Webster HTTP Server allows ...)
	NOT-FOR-US: Webster HTTP Server
CVE-2002-2272 (Tomcat 4.0 through 4.1.12, using mod_jk 1.2.1 module on Apache 1.3 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-2271 (Buffer overflow in BigFun 1.51b IRC client, when the Direct Client ...)
	NOT-FOR-US: BigFun
CVE-2002-2270 (Unspecified vulnerability in the ied command in HP-UX 10.10, 10.20, and ...)
	NOT-FOR-US: HP-UX
CVE-2002-2269 (Directory traversal vulnerability in Webster HTTP Server allows remote ...)
	NOT-FOR-US: Webster HTTP Server
CVE-2002-2268 (Buffer overflow in Webster HTTP Server allows remote attackers to ...)
	NOT-FOR-US: Webster HTTP Server
CVE-2002-2267 (bogopass in bogofilter 0.9.0.4 allows local users to overwrite ...)
	- bogofilter 0.9.0.5
CVE-2002-2266 (NetScreen ScreenOS 2.8 through 4.0, when forwarding H.323 or ...)
	NOT-FOR-US: NetScreen
CVE-2002-2265 (Unspecified vulnerability in LDAP Module in System Authentication of Open ...)
	NOT-FOR-US: Open Source Internet Solutions
CVE-2002-2264 (Unspecified vulnerability in Internet Group Management Protocol (IGMP) ...)
	NOT-FOR-US: Internet Group Management Protocol
CVE-2002-2263 (The installation program for HP-UX Visualize Conference B.11.00.11 ...)
	NOT-FOR-US: HP-UX Visualize Conference
CVE-2002-2262 (Unspecified vulnerability in xntpd of HP-UX 10.20 through 11.11 allows ...)
	NOT-FOR-US: HP-UX xntpd
CVE-2002-2261 (Sendmail 8.9.0 through 8.12.6 allows remote attackers to bypass ...)
	- sendmail 8.12.7
CVE-2002-2260 (Cross-site scripting (XSS) vulnerability in the quips feature in ...)
	{DSA-218}
	- bugzilla 2.14.2-1
CVE-2002-2259 (Buffer overflow in the French documentation patch for Gnuplot 3.7 in ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1244 (Computer Associates InoculateIT Agent for Exchange Server does not ...)
	NOT-FOR-US: Exchange Server
CVE-2007-5541 (Unspecified vulnerability in Opera before 9.24, when using an ...)
	NOT-FOR-US: Opera
CVE-2007-5540 (Unspecified vulnerability in Opera before 9.24 allows remote attackers ...)
	NOT-FOR-US: Opera
CVE-2007-5539 (Unspecified vulnerability in Cisco Unified Intelligent Contact ...)
	NOT-FOR-US: Cisco
CVE-2007-5538 (Buffer overflow in the Centralized TFTP File Locator Service in Cisco ...)
	NOT-FOR-US: Cisco
CVE-2007-5537 (Cisco Unified Communications Manager (CUCM, formerly CallManager) 5.1 ...)
	NOT-FOR-US: Cisco
CVE-2007-5536 (Unspecified vulnerability in OpenSSL before A.00.09.07l on HP-UX ...)
	NOT-FOR-US: HP-UX
CVE-2007-5535 (Unspecified vulnerability in newbb_plus in RunCms 1.5.2 has unknown ...)
	NOT-FOR-US: RunCms
CVE-2007-5534 (Unspecified vulnerability in the HCM component in Oracle PeopleSoft ...)
	NOT-FOR-US: Oracle
CVE-2007-5533 (Unspecified vulnerability in the People Tools component in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2007-5532 (Unspecified vulnerability in the People Tools component in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2007-5531 (Unspecified vulnerability in Oracle Help for Web, as used in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2007-5530 (Unspecified vulnerability in the Database Control component in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2007-5529 (Unspecified vulnerability in the Oracle Self-Service Web Applications ...)
	NOT-FOR-US: Oracle
CVE-2007-5528 (Multiple unspecified vulnerabilities in Oracle E-Business Suite 12.0.2 ...)
	NOT-FOR-US: Oracle
CVE-2007-5527 (Multiple unspecified vulnerabilities in Oracle E-Business Suite ...)
	NOT-FOR-US: Oracle
CVE-2007-5526 (Unspecified vulnerability in the Oracle Portal component in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2007-5525 (Unspecified vulnerability in the Oracle Single Sign-On component in ...)
	NOT-FOR-US: Oracle
CVE-2007-5524 (Unspecified vulnerability in the Oracle Single Sign-On component in ...)
	NOT-FOR-US: Oracle
CVE-2007-5523 (Unspecified vulnerability in the Oracle Internet Directory component ...)
	NOT-FOR-US: Oracle
CVE-2007-5522 (Unspecified vulnerability in the Oracle Portal component in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2007-5521 (Unspecified vulnerability in the Oracle Containers for J2EE component ...)
	NOT-FOR-US: Oracle
CVE-2007-5520 (Unspecified vulnerability in the Oracle Internet Directory component ...)
	NOT-FOR-US: Oracle
CVE-2007-5519 (Unspecified vulnerability in the Oracle Portal component in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2007-5518 (Unspecified vulnerability in the Oracle HTTP Server component in ...)
	NOT-FOR-US: Oracle
CVE-2007-5517 (Unspecified vulnerability in the Oracle Portal component in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2007-5516 (Unspecified vulnerability in the Oracle Process Mgmt &amp; Notification ...)
	NOT-FOR-US: Oracle
CVE-2007-5515 (Unspecified vulnerability in the Spatial component in Oracle Database ...)
	NOT-FOR-US: Oracle
CVE-2007-5514 (Multiple unspecified vulnerabilities in Oracle Database 10.2.0.3 have ...)
	NOT-FOR-US: Oracle
CVE-2007-5513 (The XML DB (XMLDB) component in Oracle Database 9.2.0.8, 9.2.0.8DV, ...)
	NOT-FOR-US: Oracle
CVE-2007-5512 (Unspecified vulnerability in the Oracle Database Vault component in ...)
	NOT-FOR-US: Oracle
CVE-2007-5511 (SQL injection vulnerability in Workspace Manager for Oracle Database ...)
	NOT-FOR-US: Oracle
CVE-2007-5510 (Multiple unspecified vulnerabilities in the Workspace Manager ...)
	NOT-FOR-US: Oracle
CVE-2007-5509 (Unspecified vulnerability in the Spatial component in Oracle Database ...)
	NOT-FOR-US: Oracle
CVE-2007-5508 (Multiple SQL injection vulnerabilities in the CTXSYS Intermedia ...)
	NOT-FOR-US: Oracle
CVE-2007-5507 (The GIOP service in TNS Listener in the Oracle Net Services component ...)
	NOT-FOR-US: Oracle
CVE-2007-5506 (The Core RDBMS component in Oracle Database 9.0.1.5+, 9.2.0.8, ...)
	NOT-FOR-US: Oracle
CVE-2007-5505 (Multiple unspecified vulnerabilities in Oracle Database 9.0.1.5+, ...)
	NOT-FOR-US: Oracle
CVE-2007-5504 (Multiple unspecified vulnerabilities in Oracle Database 9.0.1.5+ and ...)
	NOT-FOR-US: Oracle
CVE-2007-5503 (Multiple integer overflows in Cairo before 1.4.12 might allow remote ...)
	{DSA-1542-1 DTSA-96-1}
	- libcairo 1.4.10-1.1 (medium; bug #453686)
CVE-2007-5502 (The PRNG implementation for the OpenSSL FIPS Object Module 1.1.1 does ...)
	NOT-FOR-US: OpenSSL Fips object module
CVE-2007-5501 (The tcp_sacktag_write_queue function in net/ipv4/tcp_input.c in Linux ...)
	- linux-2.6 2.6.23-1 (high)
	[etch] - linux-2.6 <not-affected> (Vulnerable code was introduced in 2.6.21)
	NOTE: http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=96a2d41a3e495734b63bff4e5dd0112741b93b38
CVE-2007-5500 (The wait_task_stopped function in the Linux kernel before 2.6.23.8 ...)
	{DSA-1428-1}
	- linux-2.6 2.6.23-2
CVE-2007-5499
	REJECTED
CVE-2007-5498 (The Xen hypervisor block backend driver for Linux kernel 2.6.18, when ...)
	- xen-unstable <not-affected> (Vulnerable code not present)
	- xen-3 <not-affected> (Vulnerable code not present)
CVE-2007-5497 (Multiple integer overflows in libext2fs in e2fsprogs before 1.40.3 ...)
	{DSA-1422-1 DTSA-95-1}
	- e2fsprogs 1.40.3-1 (bug #454760)
CVE-2007-5496 (Cross-site scripting (XSS) vulnerability in setroubleshoot 2.0.5 ...)
	NOT-FOR-US: setroubleshoot
CVE-2007-5495 (sealert in setroubleshoot 2.0.5 allows local users to overwrite ...)
	NOT-FOR-US: setroubleshoot
CVE-2007-5494 (Memory leak in the Red Hat Content Accelerator kernel patch in Red Hat ...)
	- linux-2.6 <not-affected> (RedHat specific patch)
CVE-2007-5493 (The SMS handler for Windows Mobile 2005 Pocket PC Phone edition allows ...)
	NOT-FOR-US: Windows Mobile
CVE-2007-5492 (Static code injection vulnerability in the translation module ...)
	{DSA-1423-1}
	- sitebar 3.3.8-12.1 (bug #447135)
CVE-2007-5491 (Directory traversal vulnerability in the translation module ...)
	{DSA-1423-1}
	- sitebar 3.3.8-12.1 (bug #447135)
CVE-2007-5490 (SQL injection vulnerability in default.asp in Okul Otomasyon Portal ...)
	NOT-FOR-US: Okul Otomasyon Portal
CVE-2007-5489 (Directory traversal vulnerability in index.php in Artmedic CMS 3.4 and ...)
	NOT-FOR-US: Artmedic CMS
CVE-2007-5487 (Stack-based buffer overflow in COWON America jetAudio Basic 7.0.3 ...)
	NOT-FOR-US: COWON America jetAudioc
CVE-2007-5486 (dotProject before 2.1 does not properly check privileges when invoking ...)
	NOT-FOR-US: dotProject
CVE-2007-5485 (SQL injection vulnerability in index.php in the mg2 1.0 module for ...)
	NOT-FOR-US: KwsPHP
CVE-2007-5484 (Directory traversal vulnerability in wxis.exe in WWWISIS 7.1 allows ...)
	NOT-FOR-US: WWWISIS
CVE-2007-5483 (Unspecified vulnerability in the Administrative Scripting Tools (such ...)
	NOT-FOR-US: IBM WebSphere
CVE-2007-5482 (Unspecified vulnerability in the FTP service in Sun ...)
	NOT-FOR-US: Sun firmware
CVE-2007-5481 (Distributed Checksum Clearinghouse (DCC) 1.3.65 allows remote ...)
	- dcc <not-affected> (vulnerable code introduced in 1.3.65)
CVE-2007-5480 (Multiple cross-site scripting (XSS) vulnerabilities in InnovaAge ...)
	NOT-FOR-US: ZInnovaAge InnovaShop
CVE-2007-5479 (Cross-site scripting (XSS) vulnerability in Search.asp in Xcomputer ...)
	NOT-FOR-US: Xcomputer
CVE-2007-5478 (Cross-site scripting (XSS) vulnerability in projects in Nabh ...)
	NOT-FOR-US: Sbportal
CVE-2007-5477 (Cross-site scripting (XSS) vulnerability in auth.w in djeyl.net WebMod ...)
	NOT-FOR-US: djeyl.net WebMod
CVE-2007-5476 (Unspecified vulnerability in Adobe Flash Player 9.0.47.0 and earlier, ...)
	NOT-FOR-US: Opera specific flash vulnerability
CVE-2007-5475
	RESERVED
CVE-2007-5474 (The driver for the Linksys WRT350N Wi-Fi access point with firmware ...)
	NOT-FOR-US: Linksys WRT350N Wi-Fi access point
CVE-2007-5473 (StaticFileHandler.cs in System.Web in Mono before 1.2.5.2, when ...)
	- mono <not-affected> (Windows-specific vulnerability)
CVE-2007-5472 (Cross-site scripting (XSS) vulnerability in the Server component in CA ...)
	NOT-FOR-US: HIPS
CVE-2003-1373 (Directory traversal vulnerability in auth.php for PhpBB 1.4.0 through ...)
	- phpbb2 <not-affected> (phpbb was the vulnerable one)
CVE-2003-1372 (Cross-site scripting (XSS) vulnerability in links.php script in ...)
	NOT-FOR-US: myPHPNuke
CVE-2003-1371 (Nuked-Klan 1.3b, and possibly earlier versions, allows remote ...)
	NOT-FOR-US: Nuked-Klan
CVE-2003-1370 (Multiple cross-site scripting (XSS) vulnerabilities in Nuked-Klan 1.2b ...)
	NOT-FOR-US: Nuked-Klan
CVE-2003-1369 (Buffer overflow in ByteCatcher FTP client 1.04b allows remote ...)
	NOT-FOR-US: ByteCatcher FTP client
CVE-2003-1368 (Buffer overflow in the 32bit FTP client 9.49.1 allows remote attackers ...)
	NOT-FOR-US: 32bit FTP client
CVE-2003-1367 (The which_access variable for Majordomo 2.0 through 1.94.4, and ...)
	NOT-FOR-US: Majordomo
CVE-2003-1366 (chpass in OpenBSD 2.0 through 3.2 allows local users to read portions ...)
	NOT-FOR-US: OpenBSD 2.0
CVE-2003-1365 (The escape_dangerous_chars function in CGI::Lite 2.0 and earlier does ...)
	NOT-FOR-US: CGI::Lite 2.0
CVE-2003-1364 (Aprelium Technologies Abyss Web Server 1.1.2, and possibly other ...)
	NOT-FOR-US: Abyss Web Server
CVE-2003-1363 (The remote web management interface of Aprelium Technologies Abyss Web ...)
	NOT-FOR-US: Abyss Web Server
CVE-2003-1362 (Bastille B.02.00.00 of HP-UX 11.00 and 11.11 does not properly ...)
	NOT-FOR-US: HP-UX
CVE-2003-1361 (Unknown vulnerability in VERITAS Bare Metal Restore (BMR) of Tivoli ...)
	NOT-FOR-US: HP-UX
CVE-2003-1360 (Buffer overflow in the setupterm function of (1) lanadmin and (2) ...)
	NOT-FOR-US: HP-UX
CVE-2003-1359 (Buffer overflow in stmkfont utility of HP-UX 10.0 through 11.22 allows ...)
	NOT-FOR-US: HP-UX
CVE-2003-1358 (rs.F300 for HP-UX 10.0 through 11.22 uses the PATH environment ...)
	NOT-FOR-US: HP-UX
CVE-2007-5488 (Multiple SQL injection vulnerabilities in cdr_addon_mysql in ...)
	- asterisk-addons 1.4.4-1
CVE-2007-5471 (libgssapi before 0.6-13.7, as used by the ISC BIND named daemon in ...)
	- libgssapi 0.8-1
CVE-2007-5470 (Microsoft Expression Media stores the catalog password in cleartext in ...)
	NOT-FOR-US: Microsoft Expression Media
CVE-2007-5469 (** DISPUTED ** ...)
	- openser 1.3.0-1 (unimportant; bug #446956)
	NOTE: should be only "exploitable" in local network with untrusted users
CVE-2007-5468 (Cisco CallManager 5.1.1.3000-5 does not verify the Digest ...)
	NOT-FOR-US: Cisco
CVE-2007-5467 (Integer overflow in eXtremail 2.1.1 and earlier allows remote ...)
	NOT-FOR-US: eXtremail
CVE-2007-5466 (Multiple buffer overflows in eXtremail 2.1.1 and earlier allow remote ...)
	NOT-FOR-US: eXtremail
CVE-2007-5465 (Directory traversal vulnerability in doop CMS 1.3.7 and earlier allows ...)
	NOT-FOR-US: doop CMS
CVE-2007-5464 (Stack-based buffer overflow in Live for Speed 0.5X10 and earlier ...)
	NOT-FOR-US: Live for Speed
CVE-2007-5463 (ideal_process.php in the iDEAL payment module in ViArt Shop 3.3 beta ...)
	NOT-FOR-US: ViArt Shop
CVE-2007-5462 (Unspecified vulnerability in the Sun Solaris RPC services library ...)
	NOT-FOR-US: Solaris
CVE-2007-5460 (Microsoft ActiveSync 4.1, as used in Windows Mobile 5.0, uses weak ...)
	NOT-FOR-US: Microsoft ActiveSync
CVE-2007-5459 (Cross-site scripting (XSS) vulnerability in the sidebar HTML page in ...)
	NOT-FOR-US: MouseoverDictionary
CVE-2007-5458 (SQL injection vulnerability in index.php in the newsletter module 1.0 ...)
	NOT-FOR-US: KwsPHP
CVE-2007-5457 (Multiple PHP remote file inclusion vulnerabilities in Michael Dempfle ...)
	NOT-FOR-US: Joomla! extension
CVE-2007-5456 (Microsoft Internet Explorer 7 and earlier allows remote attackers to ...)
	NOT-FOR-US: Internet Explorer
CVE-2007-5455 (Cross-site scripting (XSS) vulnerability in wxis.exe in WWWISIS 7.1 ...)
	NOT-FOR-US: WWWISIS
CVE-2007-5454 (Directory traversal vulnerability in index.php in PHP File Sharing ...)
	NOT-FOR-US: PHP File Sharing
CVE-2007-5453 (Multiple eval injection vulnerabilities in Php-Stats 0.1.9.2 allow ...)
	NOT-FOR-US: Php-Stats
CVE-2007-5452 (Multiple SQL injection vulnerabilities in php-stats.recjs.php in ...)
	NOT-FOR-US: Php-Stats
CVE-2007-5451 (PHP remote file inclusion vulnerability in admin.color.php in the ...)
	NOT-FOR-US: Joomla! extension
CVE-2007-5450 (Unspecified vulnerability in Safari on the Apple iPod touch (aka ...)
	NOT-FOR-US: Apple firmware
CVE-2007-5449 (SQL injection vulnerability in searchresult.php in Softbiz Recipes ...)
	NOT-FOR-US: Softbiz Recipes Portal Script
CVE-2007-5448 (Madwifi 0.9.3.2 and earlier allows remote attackers to cause a denial ...)
	- madwifi 1:0.9.3.2-2 (medium; bug #446824)
	[etch] - madwifi 1:0.9.2+r1842.20061207-2etch2
CVE-2007-5447 (ioncube_loader_win_5.2.dll in the ionCube Loader 6.5 extension for PHP ...)
	NOT-FOR-US: ionCube
CVE-2007-5446 (Absolute path traversal vulnerability in a certain ActiveX control in ...)
	NOT-FOR-US: PBEmail
CVE-2007-5445 (Buffer overflow in the DB Software Laboratory VImpX (VImpAX1) ActiveX ...)
	NOT-FOR-US: VImpX
CVE-2007-5444 (CMS Made Simple 1.1.3.1 allows remote attackers to obtain the full ...)
	NOT-FOR-US: CMS Made Simpe
CVE-2007-5443 (Multiple cross-site scripting (XSS) vulnerabilities in CMS Made Simple ...)
	NOT-FOR-US: CMS Made Simpe
CVE-2007-5442 (CMS Made Simple 1.1.3.1 does not check the permissions assigned to ...)
	NOT-FOR-US: CMS Made Simpe
CVE-2007-5441 (CMS Made Simple 1.1.3.1 does not check the permissions assigned to ...)
	NOT-FOR-US: CMS Made Simpe
CVE-2007-5440 (** DISPUTED ** ...)
	NOT-FOR-US: Crs Manager
CVE-2007-5439 (CA (formerly Computer Associates) eTrust ITM (Threat Manager) 8.1 ...)
	NOT-FOR-US: eTrust ITM
CVE-2007-5438 (Unspecified vulnerability in a certain ActiveX control in Reconfig.DLL ...)
	- vmware-package <not-affected> (Windows only)
CVE-2007-5437 (The web console in CA (formerly Computer Associates) eTrust ITM ...)
	NOT-FOR-US: eTrust ITM
CVE-2007-5436 (Buffer overflow in a certain ActiveX control in ScanObjectBrowser.DLL ...)
	NOT-FOR-US: G DATA Antivirus
CVE-2007-5435 (Unspecified vulnerability in CA ERwin Process Modeler (formerly ...)
	NOT-FOR-US: CA ERwin Process Modeler
CVE-2007-5434 (Cross-site scripting (XSS) vulnerability in PRO-search 0.17.1 and ...)
	NOT-FOR-US: PRO-search
CVE-2007-5433 (Multiple cross-site scripting (XSS) vulnerabilities in index.cgi in ...)
	NOT-FOR-US: Site-Up
CVE-2007-5432 (Stride 1.0 has a default administrator username of &quot;scott&quot; with the ...)
	NOT-FOR-US: Stride
CVE-2007-5431 (include/imageupload.js in the MyFTPUploader module in Stride 1.0 ...)
	NOT-FOR-US: Stride module
CVE-2007-5430 (Multiple SQL injection vulnerabilities in Stride 1.0 allow remote ...)
	NOT-FOR-US: Stride
CVE-2007-5429 (Cross-site scripting (XSS) vulnerability in index.php in Nucleus 3.01 ...)
	NOT-FOR-US: Nucleus
CVE-2007-5428 (Cross-site scripting (XSS) vulnerability in UMI CMS allows remote ...)
	NOT-FOR-US: UMI CMS
CVE-2007-5427 (Cross-site scripting (XSS) vulnerability in the com_search component ...)
	NOT-FOR-US: Joomla
CVE-2007-5426 (Multiple cross-site scripting (XSS) vulnerabilities in ActiveKB NX ...)
	NOT-FOR-US: ActiveKB NX
CVE-2007-5425 (SQL injection vulnerability in admin/index.php in Interspire ActiveKB ...)
	NOT-FOR-US: ActiveKB NX
CVE-2007-5424 (The disable_functions feature in PHP 4 and 5 allows attackers to ...)
	- php4 <unfixed> (unimportant)
	- php5 <unfixed> (unimportant)
	NOTE: if the function is blacklisted but not its alias it is a configuration
	NOTE: issue of the site not a vulnerability in php
CVE-2007-5423 (tiki-graph_formula.php in TikiWiki 1.9.8 allows remote attackers to ...)
	- tikiwiki <removed>
CVE-2007-5422 (Unspecified vulnerability in &quot;Solaris Auditing&quot; in the Basic Security ...)
	NOT-FOR-US: Solaris Auditing
CVE-2007-5421
	REJECTED
CVE-2007-5420 (The 3Com 3CRWER100-75 router with 1.2.10ww software, when remote ...)
	NOT-FOR-US: 3Com 3CRWER100-75
CVE-2007-5419 (The 3Com 3CRWER100-75 router with 1.2.10ww software, when enabling an ...)
	NOT-FOR-US: 3Com 3CRWER100-75
CVE-2007-5418 (Multiple PHP remote file inclusion vulnerabilities in CARE2X 2G 2.2 ...)
	NOT-FOR-US: CARE2X
CVE-2007-5417 (Directory traversal vulnerability in index.php in boastMachine (aka ...)
	NOT-FOR-US: boastMachine
CVE-2007-5416 (Drupal 5.2 and earlier does not properly unset variables when the ...)
	- drupal5 <unfixed> (unimportant; bug #446887)
	- drupal <unfixed> (unimportant)
	NOTE: The underlying PHP issue has been fixed in DSA 1206.
	NOTE: Plus, register_globals is not supported in Debian
CVE-2007-5415 (Cross-site scripting (XSS) vulnerability in Mozilla Firefox 2.0, when ...)
	- iceweasel <unfixed> (unimportant)
	NOTE: if you are on a site which allows UTF-7 sure you need to sanitize the
	NOTE: equivalent strings in UTF-7
	NOTE: referring to the mozilla security team this is a non-issue and a duplicate of
	NOTE: CVE-2007-5414, mailed mitre
CVE-2007-5414 (Cross-site scripting (XSS) vulnerability in Mozilla Firefox before ...)
	- iceweasel 2.0+dfsg-1
CVE-2007-5413 (httpd.tkd in Radia Integration Server in Hewlett-Packard (HP) OpenView ...)
	NOT-FOR-US: HP OpenView
CVE-2007-5412 (Multiple PHP remote file inclusion vulnerabilities in the Quoc-Huy MP3 ...)
	NOT-FOR-US: Joomla! extension
CVE-2007-5411 (Cross-site scripting (XSS) vulnerability in the Linksys SPA941 VoIP ...)
	NOT-FOR-US: Linksys
CVE-2007-5410 (PHP remote file inclusion vulnerability in admin.wmtrssreader.php in ...)
	NOT-FOR-US: Joomla! extension
CVE-2007-5409 (PHP remote file inclusion vulnerability in admin/nuseo_admin_d.php in ...)
	NOT-FOR-US: NuSEO
CVE-2007-5408 (SQL injection vulnerability in category.php in cpDynaLinks 1.02 allows ...)
	NOT-FOR-US: cpDynaLinks
CVE-2007-5407 (Multiple PHP remote file inclusion vulnerabilities in the ...)
	NOT-FOR-US: Joomla! extension
CVE-2007-5406 (kpagrdr.dll 2.0.0.2 and 10.3.0.0 in the Applix Presents reader in ...)
	NOT-FOR-US: KeyView
CVE-2007-5405 (Multiple buffer overflows in kpagrdr.dll 2.0.0.2 and 10.3.0.0 in the ...)
	NOT-FOR-US: KeyView
CVE-2007-5404 (Layton HelpBox 3.7.1 generates different responses depending on ...)
	NOT-FOR-US: Layton HelpBox
CVE-2007-5403 (Multiple cross-site scripting (XSS) vulnerabilities in Layton HelpBox ...)
	NOT-FOR-US: Layton HelpBox
CVE-2007-5402 (Multiple SQL injection vulnerabilities in Layton HelpBox 3.7.1 allow ...)
	NOT-FOR-US: Layton HelpBox
CVE-2007-5401 (Unrestricted file upload vulnerability in uploadrequest.asp in Layton ...)
	NOT-FOR-US: Layton HelpBox
CVE-2007-5400 (Heap-based buffer overflow in the Shockwave Flash (SWF) frame handling ...)
	NOT-FOR-US: RealPlayer
CVE-2007-5399 (Multiple heap-based buffer overflows in emlsr.dll in the EML reader in ...)
	NOT-FOR-US: KeyView
CVE-2007-5398 (Stack-based buffer overflow in the reply_netbios_packet function in ...)
	{DSA-1409-3 DSA-1409-2 DSA-1409-1}
	- samba 3.0.27-1 (high)
CVE-2007-5397 (Heap-based buffer overflow in the activePDF Server service (aka ...)
	NOT-FOR-US: activePDF Server
CVE-2007-5396 (Format string vulnerability in the ext_yahoo_contact_added function in ...)
	NOT-FOR-US: Miranda
CVE-2007-5395 (Stack-based buffer overflow in the separate_word function in ...)
	{DSA-1432-1}
	- link-grammar 4.2.5-1 (medium; bug #450695)
CVE-2007-5394 (Stack-based buffer overflow in AldFs32.dll in Adobe PageMaker 7.0.1 ...)
	NOT-FOR-US: Adobe PageMaker
CVE-2007-5393 (Heap-based buffer overflow in the CCITTFaxStream::lookChar method in ...)
	{DSA-1537-1 DSA-1509-1 DSA-1480-1 DSA-1408-1 DTSA-85-1 DTSA-86-1}
	- poppler 0.6.2-1 (medium; bug #450628)
	- kdegraphics 4:3.5.8-2 (medium; bug #450630)
	- xpdf 3.02-1.3 (medium; bug #450629)
	- koffice 1:1.6.3-4 (medium; bug #450631)
	- libextractor 0.5.9-1
	- cups 1.1.22-7
	- gpdf <removed>
	- pdftohtml <removed>
	[etch] - pdftohtml 0.36-13etch1
	- tetex-bin 3.0-12
	NOTE: pdftex links to poppler since 3.0-12, thus marking as fixed
	- cups <not-affected> (we use xpdf-utils in sarge and poppler-utils since etch to not embedd this code)
	- cupsys <not-affected> (we use xpdf-utils in sarge and poppler-utils since etch to not embedd this code)
	NOTE: cups uses xpdf-utils and poppler-utils
	- libextractor 0.5.12-1
	NOTE: libextractor uses internal pdf decoder since 0.5.12-1, thus marking as fixed
CVE-2007-5392 (Integer overflow in the DCTStream::reset method in xpdf/Stream.cc in ...)
	{DSA-1537-1 DSA-1509-1 DSA-1480-1 DTSA-85-1 DTSA-86-1}
	- poppler 0.6.2-1 (medium; bug #450628)
	- kdegraphics 4:3.5.8-2 (medium; bug #450630)
	[etch] - kdegraphics <not-affected> (Vulnerable code not used)
	- xpdf 3.02-1.3 (medium; bug #450629)
	- koffice 1:1.6.3-4 (medium; bug #450631)
	- libextractor 0.5.9-1
	- cupsys <removed>
	- cups 1.1.22-7
	- gpdf <removed>
	- pdftohtml <removed>
	[etch] - pdftohtml 0.36-13etch1
	- tetex-bin 3.0-12
	NOTE: pdftex links to poppler since 3.0-12, thus marking as fixed
	- cups <not-affected> (we use xpdf-utils in sarge and poppler-utils since etch to not embedd this code)
	- cupsys <not-affected> (we use xpdf-utils in sarge and poppler-utils since etch to not embedd this code)
	NOTE: cups uses xpdf-utils and poppler-utils
	- libextractor 0.5.12-1
	NOTE: libextractor uses internal pdf decoder since 0.5.12-1, thus marking as fixed
CVE-2003-1357 (ProxyView has a default administrator password of Administrator for ...)
	NOT-FOR-US: ProxyView
CVE-2003-1356 (The &quot;file handling&quot; in sort in HP-UX 10.01 through 10.20, and 11.00 ...)
	NOT-FOR-US: HP-UX
CVE-2003-1355 (Buffer overflow in the remote console (rcon) in Battlefield 1942 1.2 ...)
	NOT-FOR-US: Battlefield
CVE-2003-1354 (Multiple GameSpy 3D 2.62 compatible gaming servers generate very large ...)
	NOT-FOR-US: Battlefield
CVE-2003-1353 (Multiple cross-site scripting (XSS) vulnerabilities in Outreach ...)
	NOT-FOR-US: Outreach
CVE-2003-1352 (Gabber 0.8.7 sends an email to a specific address during user login ...)
	- gabber 0.8.8-1
	- gabber2 <not-affected> (No code to send data to update@jabber.org)
CVE-2003-1351 (Directory traversal vulnerability in edittag.cgi in EditTag 1.1 allows ...)
	NOT-FOR-US: EditTag
CVE-2003-1350 (List Site Pro 2.0 allows remote attackers to hijack user accounts by ...)
	NOT-FOR-US: List Site Pro 2.0
CVE-2003-1349 (Directory traversal vulnerability in NITE ftp-server (NiteServer) 1.83 ...)
	NOT-FOR-US: NITE ftp-server
CVE-2003-1348 (Cross-site scripting (XSS) vulnerability in guestbook.cgi in ftls.org ...)
	NOT-FOR-US: Guestbook
CVE-2003-1347 (Multiple cross-site scripting (XSS) vulnerabilities in Geeklog 1.3.7 ...)
	NOT-FOR-US: Geeklog
CVE-2003-1346 (D-Link wireless access point DWL-900AP+ 2.2, 2.3 and possibly 2.5 ...)
	NOT-FOR-US: DWL-900AP
CVE-2003-1345 (Directory traversal vulnerability in s.dll in WebCollection Plus 5.00 ...)
	NOT-FOR-US: WebCollection
CVE-2003-1344 (Trend Micro Virus Control System (TVCS) Log Collector allows remote ...)
	NOT-FOR-US: Trend Micro Virus Control System
CVE-2003-1343 (Trend Micro ScanMail for Exchange (SMEX) before 3.81 and before 6.1 ...)
	NOT-FOR-US: Trend Micro ScanMail for Exchange
CVE-2003-1342 (Trend Micro Virus Control System (TVCS) 1.8 running with IIS allows ...)
	NOT-FOR-US: Trend Micro Virus Control System
CVE-2003-1341 (The default installation of Trend Micro OfficeScan 3.0 through 3.54 ...)
	NOT-FOR-US: Trend Micro OfficeScan
CVE-2002-2258 (Moby NetSuite allows remote attackers to cause a denial of service ...)
	NOT-FOR-US: Moby NetSuite
CVE-2002-2257 (Stack-based buffer overflow in the parse_field function in cgi_lib.c ...)
	NOT-FOR-US: libcgi
	NOTE: this is another libcgi than the one we ship
CVE-2002-2256 (Directory traversal vulnerability in pWins Webserver 0.2.5 and earlier ...)
	NOT-FOR-US: pWins
CVE-2002-2255 (Cross-site scripting (XSS) vulnerability in search.php in phpBB 2.0.3 ...)
	- phpbb2 2.0.13-6sarge3
	NOTE: might be fixed in prior versions
CVE-2002-2254 (The experimental IP packet queuing feature in Netfilter / IPTables in ...)
	- linux-2.6 <not-affected> (Fixed before initial upload into the archive, during 2.4)
CVE-2002-2253 (Multiple buffer overflows in Cyrus Sieve / libSieve 2.1.2 and earlier ...)
	- libsieve <not-affected> (was fixed in 2.1.3 before debian version was uploaded)
CVE-2002-2252 (SQL injection vulnerability in auth.inc.php in Thatware 0.5.0 and ...)
	NOT-FOR-US: Thatware
CVE-2002-2251 (Buffer overflow in the changevalue function in libcgi.h for Marcos ...)
	NOT-FOR-US: Marcos Luiz Onisto
CVE-2002-2250 (Multiple buffer overflows in Sybase Adaptive Server 12.0 and 12.5 ...)
	NOT-FOR-US: Sybase
CVE-2002-2249 (PHP remote file inclusion vulnerability in News Evolution 2.0 allows ...)
	NOT-FOR-US: News Evolution
CVE-2002-2248 (Buffer overflow in the sun.awt.windows.WDefaultFontCharset Java class ...)
	NOT-FOR-US: Netscape
CVE-2002-2247 (The administrator/phpinfo.php script in Mambo Site Server 4.0.11 ...)
	NOT-FOR-US: Mambo
	NOTE: mambo is in experimental
CVE-2002-2246 (Cross-site scripting (XSS) vulnerability in VisNetic Website before ...)
	NOT-FOR-US: VisNetic Website
CVE-2002-2245 (ftpd in NetBSD 1.5 through 1.5.3 and 1.6 does not properly quote a ...)
	NOT-FOR-US: NetBSD ftpd
CVE-2002-2244 (Akfingerd 0.5 and earlier versions allow local users to cause a denial ...)
	NOT-FOR-US: Akfingerd
CVE-2002-2243 (Akfingerd 0.5 and possibly earlier versions only allows one connection ...)
	NOT-FOR-US: Akfingerd
CVE-2002-2242 (The Apple Package Manager in KisMAC 0.02a and earlier modifies file ...)
	NOT-FOR-US: Apple Package Manager of KisMAC
CVE-2002-2241 (Buffer overflow in httpd32.exe in Deerfield VisNetic WebSite before ...)
	NOT-FOR-US: Deerfield VisNetic WebSite
CVE-2002-2240 (Directory traversal vulnerability in MyServer 0.11 and 0.2 allows ...)
	NOT-FOR-US: MyServer
CVE-2002-2239 (The Cisco Optical Service Module (OSM) for the Catalyst 6500 and 7600 ...)
	NOT-FOR-US: Cisco
CVE-2002-2238 (Directory traversal vulnerability in the Kunani ODBC FTP Server 1.0.10 ...)
	NOT-FOR-US: Kunani ODBC FTP Server
CVE-2002-2237 (tftp32 TFTP server 2.21 and earlier allows remote attackers to cause a ...)
	NOT-FOR-US: tftp32 TFTP
CVE-2002-2236 (Format string vulnerability in the awp_log function in apt-www-proxy ...)
	NOT-FOR-US: apt-www-proxy
CVE-2002-2235 (member2.php in vBulletin 2.2.9 and earlier does not properly restrict ...)
	NOT-FOR-US: vBulletin
CVE-2002-2234 (NetScreen ScreenOS before 4.0.1 allows remote attackers to bypass the ...)
	NOT-FOR-US: NetScreen ScreenOS
CVE-2002-2233 (Directory traversal vulnerability in Enceladus Server Suite 3.9 allows ...)
	NOT-FOR-US: Enceladus Server Suite
CVE-2002-2232 (Buffer overflow in Enceladus Server Suite 3.9 allows remote attackers ...)
	NOT-FOR-US: Enceladus Server Suite
CVE-2002-2231 (Cross-site scripting (XSS) vulnerability in Ikonboard 3.1.1 allows ...)
	NOT-FOR-US: Ikonboard
CVE-2002-2230 (Cross-site scripting (XSS) vulnerability in Ikonboard 3.1.1 allows ...)
	NOT-FOR-US: Ikonboard
CVE-2002-2229 (Directory traversal vulnerability in Sapio Design Ltd. WebReflex 1.53 ...)
	NOT-FOR-US: WebReflex
CVE-2002-2228 (MailScanner before 4.0 5-1 and before 3.2 6-1 allows remote attackers ...)
	- mailscanner 4.22.5-1
CVE-2007-5461 (Absolute path traversal vulnerability in Apache Tomcat 4.0.0 through ...)
	{DSA-1453-1 DSA-1447-1}
	- tomcat5.5 5.5.25-2 (low; bug #448664)
	- tomcat5 <removed>
	NOTE: patch: http://mail-archives.apache.org/mod_mbox/tomcat-users/200710.mbox/%3C47135C2D.1000705@apache.org%3E
CVE-2007-5391 (Unspecified vulnerability in HP Select Identity 4.01 through 4.01.010 ...)
	NOT-FOR-US: HP Select Identity
CVE-2007-5390 (PHP remote file inclusion vulnerability in index.php in PicoFlat CMS ...)
	NOT-FOR-US: PicoFlat
CVE-2007-5389 (** DISPUTED ** ...)
	NOT-FOR-US: Joomla! extension
CVE-2007-5388 (Multiple PHP remote file inclusion vulnerabilities in WebDesktop 0.1 ...)
	NOT-FOR-US: WebDesktop
CVE-2007-5387 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: Pindorama
CVE-2007-5386 (Cross-site scripting (XSS) vulnerability in scripts/setup.php in ...)
	{DSA-1403-1}
	- phpmyadmin 4:2.11.1.2-1 (unimportant; bug #446451)
	[sarge] - phpmyadmin <not-affected> (vulnerable script not present)
CVE-2007-5385 (Multiple cross-site scripting (XSS) vulnerabilities in the ...)
	NOT-FOR-US: Thomson/Alcatel SpeedTouch 7G router
CVE-2007-5384 (Multiple cross-site request forgery (CSRF) vulnerabilities in the ...)
	NOT-FOR-US: Thomson/Alcatel SpeedTouch 7G router
CVE-2007-5383 (The Thomson/Alcatel SpeedTouch 7G router, as used for the BT Home Hub ...)
	NOT-FOR-US: Thomson/Alcatel SpeedTouch 7G router
CVE-2007-5382 (The conversion utility for converting CiscoWorks Wireless LAN Solution ...)
	NOT-FOR-US: CiscoWorks
CVE-2007-5381 (Stack-based buffer overflow in the Line Printer Daemon (LPD) in Cisco ...)
	NOT-FOR-US: Line Printer Daemon (LPD) Cisco
CVE-2007-5380 (Session fixation vulnerability in Rails before 1.2.4, as used for Ruby ...)
	- rails 1.2.5-1
CVE-2007-5379 (Rails before 1.2.4, as used for Ruby on Rails, allows remote attackers ...)
	- rails 1.2.5-1
	[etch] - rails <not-affected> (Vulnerable code not present)
CVE-2007-5378 (Buffer overflow in the FileReadGIF function in tkImgGIF.c for Tk ...)
	{DSA-1416-1 DSA-1415-1}
	- tk8.3 8.3.5-10 (medium; bug #446465)
	- tk8.4 8.4.16-1 (medium)
CVE-2007-5377 (The (1) tramp-make-temp-file and (2) tramp-make-tramp-temp-file ...)
	- tramp <not-affected> (the version we ship still uses make-temp-file)
	- emacs22 <not-affected> (the version we ship still uses make-temp-file)
	TODO: check if upstream release > 22.1 gets uploaded
CVE-2007-5376
	RESERVED
CVE-2007-5375 (Interpretation conflict in the Sun Java Virtual Machine (JVM) allows ...)
	- sun-java6 6-03-1 (low)
	- sun-java5 1.5.0-13-1 (low)
	[etch] - sun-java5 <no-dsa> (Non-free not supported)
	[etch] - sun-java5 1.5.0-14-1etch1
CVE-2007-5374 (cp_memberedit.php in LightBlog 8.4.1.1 does not check for ...)
	NOT-FOR-US: LightBlog
CVE-2007-5373 (ldapscripts 1.4 and 1.7 sends a password as a command line argument ...)
	{DSA-1517-1 DTSA-68-1}
	- ldapscripts 1.7.1-2 (bug #445582; medium)
CVE-2007-5372 (Multiple SQL injection vulnerabilities in (a) LedgerSMB 1.0.0 through ...)
	- sql-ledger <unfixed> (unimportant; bug #446366)
	NOTE: It's documented behaviour that SQL-Ledger should only be run in an
	NOTE: authenticated HTTP zone and without untrusted users
CVE-2007-5371 (Multiple SQL injection vulnerabilities in mutate_content.dynamic.php ...)
	NOT-FOR-US: MODx
CVE-2007-5370 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
	NOT-FOR-US: NetWin
CVE-2007-5369 (The GetMagicNumberString function in Massive Entertainment World in ...)
	NOT-FOR-US: conflict
CVE-2007-5368 (Multiple unspecified vulnerabilities in labeld in Trusted Extensions ...)
	NOT-FOR-US: Sun Solaris
CVE-2007-5367 (Unspecified vulnerability in the Virtual File System (VFS) in Sun ...)
	NOT-FOR-US: Sun Solaris
CVE-2007-5366 (The Tomcat 4.1-based Servlet Service in Fujitsu Interstage Application ...)
	NOT-FOR-US: Fujitsu Interstage Application Server
CVE-2007-5365 (Stack-based buffer overflow in the cons_options function in options.c ...)
	{DSA-1388-3 DSA-1388-1}
	- dhcp 2.0pl5dfsg1-20.2 (medium; bug #446354)
	- dhcp3 <not-affected> (dhcp3 does enforce a fixed minimum paket size if it is lower, see line 513 in options.c)
	NOTE: dhcp has a request for removal #446386
CVE-2007-5364 (** DISPUTED ** ...)
	NOT-FOR-US: ViArt Shopping Cart
CVE-2007-5363 (PHP remote file inclusion vulnerability in admin.panoramic.php in the ...)
	NOT-FOR-US: Joomla! extension
CVE-2007-5362 (Multiple PHP remote file inclusion vulnerabilities in the Avant-Garde ...)
	NOT-FOR-US: Joomla! and mambo extension
CVE-2007-5361 (The Communication Server in Alcatel-Lucent OmniPCX Enterprise 7.1 and ...)
	NOT-FOR-US: Alcatel-Lucent OmniPCX Enterprise
CVE-2007-5360 (Buffer overflow in OpenPegasus Management server, when compiled to use ...)
	NOT-FOR-US: OpenPegasus Management server
CVE-2007-5359
	RESERVED
CVE-2007-5358 (Multiple buffer overflows in the voicemail functionality in Asterisk ...)
	- asterisk 1:1.4.13~dfsg-1 (medium)
	[sarge] - asterisk <not-affected> (Only Asterisk 1.4.x is affected)
	[etch] - asterisk <not-affected> (Only Asterisk 1.4.x is affected)
CVE-2007-5357
	RESERVED
CVE-2007-5356
	RESERVED
CVE-2007-5355 (The Web Proxy Auto-Discovery (WPAD) feature in Microsoft Internet ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2007-5354
	RESERVED
CVE-2007-5353
	RESERVED
CVE-2007-5352 (Unspecified vulnerability in Local Security Authority Subsystem ...)
	NOT-FOR-US: Microsoft Windows
CVE-2007-5351 (Unspecified vulnerability in Server Message Block Version 2 (SMBv2) ...)
	NOT-FOR-US: Microsoft Vista
CVE-2007-5350 (Unspecified vulnerability in the Windows Advanced Local Procedure Call ...)
	NOT-FOR-US: Microsoft Vista
CVE-2007-5349
	RESERVED
CVE-2007-5348 (Integer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2007-5347 (Microsoft Internet Explorer 5.01 through 7 allows remote attackers to ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2007-5346
	RESERVED
CVE-2007-5345
	RESERVED
CVE-2007-5344 (Microsoft Internet Explorer 5.01 through 7 allows remote attackers to ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2007-5343
	RESERVED
CVE-2007-5342 (The default catalina.policy in the JULI logging component in Apache ...)
	{DSA-1447-1}
	- tomcat5.5 5.5.25-4 (low; bug #458237)
	- tomcat5 <not-affected> (Vulnerable code not present)
CVE-2007-5341
	RESERVED
CVE-2007-5340 (Multiple vulnerabilities in the Javascript engine in Mozilla Firefox ...)
	{DSA-1401-1 DSA-1396-1 DSA-1392-1 DSA-1391-1 DTSA-69-1 DTSA-71-1 DTSA-80-1}
	- iceweasel 2.0.0.8-1 (high)
	- xulrunner 1.8.1.9-1 (high)
	- icedove 2.0.0.9-1 (low)
	- iceape 1.1.5 (high)
	NOTE: MFSA2007-29
CVE-2007-5339 (Multiple vulnerabilities in Mozilla Firefox before 2.0.0.8, ...)
	{DSA-1401-1 DSA-1396-1 DSA-1392-1 DSA-1391-1 DTSA-69-1 DTSA-71-1 DTSA-80-1}
	- iceweasel 2.0.0.8-1 (high)
	- xulrunner 1.8.1.9-1 (bug #447734; high)
	- icedove 2.0.0.9-1 (low)
	- iceape 1.1.5
	NOTE: MFSA2007-29
CVE-2007-5338 (Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5 allow remote ...)
	{DSA-1534-2 DSA-1401-1 DSA-1396-1 DSA-1392-1 DTSA-69-1 DTSA-80-1}
	- iceweasel 2.0.0.8-1
	- xulrunner 1.8.1.9-1
	- iceape 1.1.5
	NOTE: MFSA2007-35
CVE-2007-5337 (Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5, when ...)
	{DSA-1401-1 DSA-1396-1 DSA-1392-1 DTSA-69-1 DTSA-80-1}
	- iceweasel 2.0.0.8-1
	- xulrunner 1.8.1.9-1
	- iceape 1.1.5
	NOTE: MFSA2007-34
CVE-2007-5336
	REJECTED
CVE-2007-5335 (Mozilla Firefox 2.0 before 2.0.0.8 allows remote attackers to obtain ...)
	{DSA-1396-1}
	- iceweasel 2.0.0.8-1 (low)
	NOTE: Firefox 2.0-specific issue, doesn't affect xulrunner, iceape or icedove
	NOTE: not mentioned in debian changelog, but mozilla #390983 confirms it went into 2.0.0.8
CVE-2007-5334 (Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5 can hide the ...)
	{DSA-1401-1 DSA-1396-1 DSA-1392-1 DTSA-69-1 DTSA-80-1}
	- iceweasel 2.0.0.8-1
	- xulrunner 1.8.1.9-1
	- iceape 1.1.5
	NOTE: MFSA2007-33
CVE-2007-5333 (Apache Tomcat 6.0.0 through 6.0.14, 5.5.0 through 5.5.25, and 4.1.0 ...)
	- tomcat5.5 5.5.26-1 (medium; bug #465645)
	- tomcat5 <removed>
CVE-2007-5332 (Multiple unspecified vulnerabilities in (1) mediasvr and (2) caloggerd ...)
	NOT-FOR-US: ARCServe BackUp
CVE-2007-5331 (Queue.dll for the message queuing service (LQserver.exe) in CA ...)
	NOT-FOR-US: ARCServe BackUp
CVE-2007-5330 (The cadbd RPC service in CA BrightStor ARCServe BackUp v9.01 through ...)
	NOT-FOR-US: ARCServe BackUp
CVE-2007-5329 (Unspecified vulnerability in dbasvr in CA BrightStor ARCServe BackUp ...)
	NOT-FOR-US: ARCServe BackUp
CVE-2007-5328 (The Message Engine RPC service in CA BrightStor ARCServe BackUp v9.01 ...)
	NOT-FOR-US: ARCServe BackUp
CVE-2007-5327 (Stack-based buffer overflow in the RPC interface for the Message ...)
	NOT-FOR-US: ARCServe BackUp
CVE-2007-5326 (Multiple buffer overflows in (1) RPC and (2) rpcx.dll in CA BrightStor ...)
	NOT-FOR-US: ARCServe BackUp
CVE-2007-5325 (Multiple buffer overflows in (1) the Message Engine and (2) AScore.dll ...)
	NOT-FOR-US: ARCServe BackUp
CVE-2007-5324
	REJECTED
CVE-2007-5323 (The RepliStor Server Service in EMC Replistor 6.1.3 allows remote ...)
	NOT-FOR-US: RepliStor Server Service
CVE-2007-5322 (Insecure method vulnerability in the FPOLE.OCX 6.0.8450.0 ActiveX ...)
	NOT-FOR-US: Microsoft Visual FoxPro
CVE-2007-5321 (Directory traversal vulnerability in index.php in Verlihub Control ...)
	NOT-FOR-US: Verlihub Control Panel
CVE-2007-5320 (Multiple absolute path traversal vulnerabilities in Pegasus Imaging ...)
	NOT-FOR-US: Imaging ImagXpress
CVE-2007-5319 (Unspecified vulnerability in the vuidmice STREAMS modules in Sun ...)
	NOT-FOR-US: Solaris
CVE-2007-5318 (Unspecified vulnerability in preview.php in TYPOlight webCMS 2.4.6 ...)
	NOT-FOR-US: Typolight webCMS
CVE-2007-5317
	REJECTED
CVE-2007-5316 (SQL injection vulnerability in browsecats.php in Softbiz Jobs and ...)
	NOT-FOR-US: Softbiz Jobs
CVE-2007-5315 (PHP remote file inclusion vulnerability in common.php in LiveAlbum ...)
	NOT-FOR-US: LiveAlbum
CVE-2007-5314 (PHP remote file inclusion vulnerability in system/funcs/xkurl.php in ...)
	NOT-FOR-US: xKiosk WEB
CVE-2007-5313 (PHP remote file inclusion vulnerability in install/config.php in ...)
	NOT-FOR-US: Picturesolution
CVE-2007-5312 (Cross-site scripting (XSS) vulnerability in TorrentTrader Classic 1.07 ...)
	NOT-FOR-US: TorrentTrader Classic
CVE-2007-5311 (Directory traversal vulnerability in backend/admin-functions.php in ...)
	NOT-FOR-US: TorrentTrader Classic
CVE-2007-5310 (PHP remote file inclusion vulnerability in admin.wmtportfolio.php in ...)
	NOT-FOR-US: TorrentTrader Classic
CVE-2007-5309 (PHP remote file inclusion vulnerability in admin.wmtgallery.php in the ...)
	NOT-FOR-US: Joomla! extension
CVE-2007-5308 (SQL injection vulnerability in galerie.php in PHP Homepage M (phpHPm) ...)
	NOT-FOR-US: phpHPm)
CVE-2007-5307 (ELSEIF CMS Beta 0.6 does not properly unset variables when the input ...)
	NOT-FOR-US: ELSEIF CMS
CVE-2007-5306 (ELSEIF CMS Beta 0.6 allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: ELSEIF CMS
CVE-2007-5305 (Multiple PHP remote file inclusion vulnerabilities in ELSEIF CMS Beta ...)
	NOT-FOR-US: ELSEIF CMS
CVE-2007-5304 (Multiple cross-site scripting (XSS) vulnerabilities in ELSEIF CMS Beta ...)
	NOT-FOR-US: ELSEIF CMS
CVE-2007-5303 (Cross-site scripting (XSS) vulnerability in news_page.php in SnewsCMS ...)
	NOT-FOR-US: SnewsCMS
CVE-2007-5302 (Multiple cross-site scripting (XSS) vulnerabilities in HP System ...)
	NOT-FOR-US: HP System Management Homepage
CVE-2007-5300 (Off-by-one error in the do_login_loop function in ...)
	{DSA-1452-1}
	- wzdftpd 0.8.2-2.1 (medium; bug #446192)
CVE-2007-5299 (Multiple directory traversal vulnerabilities in SkaDate 5.0 and 6.0, ...)
	NOT-FOR-US: SkaDate
CVE-2007-5298 (Multiple PHP remote file inclusion vulnerabilities in CMS Creamotion ...)
	NOT-FOR-US: CMS Creamotion
CVE-2007-5297 (Cross-site scripting (XSS) vulnerability in index.php in Minki 1.30 ...)
	NOT-FOR-US: Minki
CVE-2007-5296 (Multiple cross-site scripting (XSS) vulnerabilities in dblisttest.asp ...)
	NOT-FOR-US: dbList
CVE-2007-5295 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...)
	NOT-FOR-US: Wikepage Opus
CVE-2007-5294 (PHP remote file inclusion vulnerability in core/aural.php in IDMOS ...)
	NOT-FOR-US: IDMOS
CVE-2007-5293 (Multiple cross-site scripting (XSS) vulnerabilities in IDMOS 1.0-beta ...)
	NOT-FOR-US: IDMOS
CVE-2007-5292 (Cross-site scripting (XSS) vulnerability in photos.cfm in Directory ...)
	NOT-FOR-US: Directory Image Gallery
CVE-2007-5291 (Cross-site scripting (XSS) vulnerability in Edit.asp in DB Manager 2.0 ...)
	NOT-FOR-US: DB Manager
CVE-2007-5290 (Multiple cross-site scripting (XSS) vulnerabilities in MailBee WebMail ...)
	NOT-FOR-US: MailBee WebMail Pro
CVE-2007-5289
	RESERVED
CVE-2007-5301 (Buffer overflow in the vorbis_stream_info function in ...)
	{DSA-1538-1 DTSA-66-1}
	- alsaplayer 0.99.80~rc4-1 (low; bug #446034)
CVE-2007-5288
	REJECTED
CVE-2007-5287
	REJECTED
CVE-2007-5286
	REJECTED
CVE-2007-5285
	REJECTED
CVE-2007-5284
	REJECTED
CVE-2007-5283 (The TSC Domain Manager in Hitachi TPBroker Object Transaction Monitor ...)
	NOT-FOR-US: Hitachi TPBroker
CVE-2007-5282 (Hitachi Cosminexus Agent 03-00 through 03-05, and Cosminexus Library ...)
	NOT-FOR-US: Hitachi Cosminexus
CVE-2007-5281 (The Java Secure Socket Extension (JSSE) in the Hitachi Cosminexus ...)
	NOT-FOR-US: Hitachi Cosminexus
CVE-2007-5280 (Multiple cross-site scripting (XSS) vulnerabilities in messages.jsp in ...)
	NOT-FOR-US: Appfuse
CVE-2007-5279 (Heap-based buffer overflow in ConeXware PowerArchiver before 10.20.21 ...)
	NOT-FOR-US: PowerArchiver
CVE-2007-5278 (Zomplog 3.8.1 and earlier stores potentially sensitive information ...)
	NOT-FOR-US: Zomplog
CVE-2007-5277 (Microsoft Internet Explorer 6 drops DNS pins based on failed ...)
	NOT-FOR-US: Internet Explorer
CVE-2007-5276 (Opera 9 drops DNS pins based on failed connections to irrelevant TCP ...)
	NOT-FOR-US: Opera
CVE-2007-5275 (The Adobe Macromedia Flash 9 plug-in allows remote attackers to cause ...)
	- flashplugin-nonfree 9.0.115.0.1 (bug #449110)
	[sarge] - flashplugin-nonfree <no-dsa> (Contrib not supported)
	[etch] - flashplugin-nonfree <no-dsa> (Contrib not supported)
CVE-2007-5274 (Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 2 and ...)
	- sun-java6 6-03-1 (low)
	- sun-java5 1.5.0-13-1 (low)
	[etch] - sun-java5 <no-dsa> (Non-free not supported)
	[etch] - sun-java5 1.5.0-14-1etch1
CVE-2007-5273 (Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 2 and ...)
	- sun-java6 6-03-1 (low)
	- sun-java5 1.5.0-13-1 (low)
	[etch] - sun-java5 <no-dsa> (Non-free not supported)
	[etch] - sun-java5 1.5.0-14-1etch1
CVE-2007-5272 (SQL injection vulnerability in kategori.asp in Furkan Tastan Blog ...)
	NOT-FOR-US: Furkan Tastan Blog
CVE-2007-5271 (Multiple PHP remote file inclusion vulnerabilities in Trionic Cite CMS ...)
	NOT-FOR-US: Trionic Cite CMS
CVE-2007-5270 (Unspecified vulnerability in the Boost module before 4.7.x-1.0, and ...)
	- drupal <not-affected> (does not ship this module)
CVE-2007-5269 (Certain chunk handlers in libpng before 1.0.29 and 1.2.x before 1.2.21 ...)
	- libpng 1.2.15~beta5-3 (low; bug #446308)
	[etch] - libpng <no-dsa> (Minor issue)
	[sarge] - libpng <no-dsa> (Minor issue)
CVE-2007-5268 (pngrtran.c in libpng before 1.0.29 and 1.2.x before 1.2.21 use (1) ...)
	- libpng <not-affected> (Vulnerable code not present in Debian version, introduced in 1.2.19)
CVE-2007-5267 (Off-by-one error in ICC profile chunk handling in the png_set_iCCP ...)
	- libpng <not-affected> (vulnerable code not present)
	NOTE: the version in Debian does not use strncpy to copy the buffer so this off-by-one
	NOTE: is not present in this old version. Instead it allocates space for strlen(name)+1
	NOTE: and uses strcpy(new_iccp_name, name) which is not nice but safe
CVE-2007-5266 (Off-by-one error in ICC profile chunk handling in the png_set_iCCP ...)
	- libpng <not-affected> (vulnerable code not present)
	NOTE: the version in Debian does not use strncpy to copy the buffer so this off-by-one
	NOTE: is not present in this old version. Instead it allocates space for strlen(name)+1
	NOTE: and uses strcpy(new_iccp_name, name) which is not nice but safe
CVE-2007-5265 (Multiple format string vulnerabilities in websrv.cpp in Dawn of Time ...)
	NOT-FOR-US: Dawn of Time
CVE-2007-5264 (Battlefront Dropteam 1.3.3 and earlier sends the client's online ...)
	NOT-FOR-US: Battlefront
CVE-2007-5263 (Multiple buffer overflows in Battlefront Dropteam 1.3.3 and earlier ...)
	NOT-FOR-US: Battlefront
CVE-2007-5262 (Multiple format string vulnerabilities in Battlefront Dropteam 1.3.3 ...)
	NOT-FOR-US: Battlefront
CVE-2004-2744 (Unspecified vulnerability in Tincan Limited PHPlist before 2.8.12 has ...)
	NOT-FOR-US: Tincan Limited PHPlist
CVE-2004-2743 (upload.cgi in Mega Upload Progress Bar before 1.45 allows remote ...)
	NOT-FOR-US: Mega Upload Progress Bar
CVE-2004-2742 (Cross-site scripting (XSS) vulnerability in the report viewer in ...)
	NOT-FOR-US: Crystal Enterprise
CVE-2004-2741 (Cross-site scripting (XSS) vulnerability in the &quot;help window&quot; ...)
	- horde2 <removed>
CVE-2004-2740 (PHP remote file inclusion vulnerability in authform.inc.php in ...)
	NOT-FOR-US: PHProjekt
CVE-2004-2739 (The setup routine (setup.php) in PHProjekt 4.2.1 and earlier allows ...)
	NOT-FOR-US: PHProjekt
CVE-2004-2738 (Cross-site scripting (XSS) vulnerability in check_user_id.php in ...)
	NOT-FOR-US: Zero board
CVE-2004-2737 (SQL injection vulnerability in problist.asp in NetSupport DNA HelpDesk ...)
	NOT-FOR-US: NetSupport DNA HelpDesk
CVE-2004-2736 (Polar HelpDesk 3.0 allows remote attackers to bypass authentication by ...)
	NOT-FOR-US: Polar HelpDesk
CVE-2004-2735 (Cross-site scripting (XSS) vulnerability in P4DB 2.01 and earlier ...)
	NOT-FOR-US: P4DB
CVE-2004-2734 (webadmin-apache.conf in Novell Web Manager of Novell NetWare 6.5 uses ...)
	NOT-FOR-US: Novell NetWare
CVE-2004-2733 (Web Wiz Forums 7.7a uses invalid logic to determine user privileges, ...)
	NOT-FOR-US: Web Wiz Forums
CVE-2004-2732 (nbmember.cgi in Netbilling 2.0 allows remote attackers to obtain ...)
	NOT-FOR-US: Netbilling
CVE-2004-2731 (Multiple integer overflows in Sbus PROM driver ...)
	{DSA-1503-2 DSA-1503-1}
	- linux-2.6 2.6.18-1
	NOTE: bufsize is unsigned since (at least) 2.6.18, might be fixed in prior versions
CVE-2004-2730 (Sysinternals PsTools before 2.05, including (1) PsExec before 1.54, ...)
	NOT-FOR-US: PsTools
CVE-2004-2729 (Inetd32 Administration Tool of Hummingbird Connectivity 7.1 and 9.0 ...)
	NOT-FOR-US: Hummingbird Connectivity
CVE-2004-2728 (Buffer overflow in the FTP server of Hummingbird Connectivity 7.1 and ...)
	NOT-FOR-US: Hummingbird Connectivity
CVE-2004-2727 (Buffer overflow in MEHTTPS (HTTPMail) of MailEnable Professional 1.5 ...)
	NOT-FOR-US: MailEnable
CVE-2004-2726 (HTTPMail service in MailEnable Professional 1.18 does not properly ...)
	NOT-FOR-US: MailEnable
CVE-2007-5261 (Multiple SQL injection vulnerabilities in MultiCart 1.0 allow remote ...)
	NOT-FOR-US: MultiCart
CVE-2007-5260 (ASP-CMS 1.0 stores sensitive information under the web root with ...)
	NOT-FOR-US: ASP-CMS
CVE-2007-5259 (Cross-site request forgery (CSRF) vulnerability in Ilient SysAid ...)
	NOT-FOR-US: SysAid
CVE-2007-5258 (PHP remote file inclusion vulnerability in log.php in phpFreeLog alpha ...)
	NOT-FOR-US: FreeLog
CVE-2007-5257 (Stack-based buffer overflow in the EDraw.OfficeViewer ActiveX control ...)
	NOT-FOR-US: EDraw Office Viewer
CVE-2007-5256 (Multiple stack-based buffer overflows in FSD 2.052 d9 and earlier, and ...)
	NOT-FOR-US: FSD
CVE-2007-5255 (Cross-site scripting (XSS) vulnerability in Google Mini Search ...)
	NOT-FOR-US: Google Mini Search Appliance
CVE-2007-5254 (VirusBlokAda Vba32 AntiVirus 3.12.2 uses weak permissions ...)
	NOT-FOR-US: VirusBlokAda Vba32 AntiVirus
CVE-2007-5253 (c32web.exe in McMurtrey/Whitaker Cart32 before 6.4 allows remote ...)
	NOT-FOR-US: Cart32
CVE-2007-5252 (Buffer overflow in NetSupport Manager (NSM) Client 10.00 and 10.20, ...)
	NOT-FOR-US: NetSupport Manager/School Student
CVE-2007-5251 (Multiple cross-site scripting (XSS) vulnerabilities in Helm 3.2.16 ...)
	NOT-FOR-US: Helm
CVE-2007-5250 (The Windows dedicated server for the Unreal engine, as used by ...)
	NOT-FOR-US: Americas Army
CVE-2007-5249 (Multiple buffer overflows in the logging function in the Unreal ...)
	NOT-FOR-US: Americas Army
CVE-2007-5248 (Multiple format string vulnerabilities in the ID Software Doom 3 ...)
	NOT-FOR-US: Doom 3 engine
CVE-2007-5247 (Multiple format string vulnerabilities in the Monolith Lithtech ...)
	NOT-FOR-US: Monolith engine
CVE-2007-5246 (Multiple stack-based buffer overflows in Firebird LI 2.0.0.12748 and ...)
	- firebird2.0 2.0.3.12981.ds1-1
	- firebird1.5 <removed> (medium; bug #446472)
CVE-2007-5245 (Multiple stack-based buffer overflows in Firebird LI 1.5.3.4870 and ...)
	- firebird2.0 2.0.3.12981.ds1-1
	- firebird1.5 <removed> (medium; bug #446475)
CVE-2007-5244 (Stack-based buffer overflow in Borland InterBase LI 8.0.0.53 through ...)
	NOT-FOR-US: Borland InterBase
CVE-2007-5243 (Multiple stack-based buffer overflows in Borland InterBase LI 8.0.0.53 ...)
	NOT-FOR-US: Borland InterBase
CVE-2007-5242 (Unspecified vulnerability in (1) SYS$EI1000.EXE and (2) ...)
	NOT-FOR-US: HP OpenVMS
CVE-2007-5241 (Buffer overflow in NET$CSMACD.EXE in HP OpenVMS 8.3 and earlier allows ...)
	NOT-FOR-US: HP OpenVMS
CVE-2007-5240 (Visual truncation vulnerability in the Java Runtime Environment in Sun ...)
	- sun-java6 6-03-1 (low)
	- sun-java5 1.5.0-13-1 (low)
	[etch] - sun-java5 <no-dsa> (Non-free not supported)
	[etch] - sun-java5 1.5.0-14-1etch1
CVE-2007-5239 (Java Web Start in Sun JDK and JRE 6 Update 2 and earlier, JDK and JRE ...)
	- sun-java6 6-03-1 (low)
	- sun-java5 1.5.0-13-1 (low)
	[etch] - sun-java5 <no-dsa> (Non-free not supported)
	[etch] - sun-java5 1.5.0-14-1etch1
CVE-2007-5238 (Java Web Start in Sun JDK and JRE 6 Update 2 and earlier, JDK and JRE ...)
	- sun-java6 6-03-1 (unimportant)
	- sun-java5 1.5.0-13-1 (unimportant)
	[etch] - sun-java5 1.5.0-14-1etch1
	NOTE: Leaked information hardly sensitive
CVE-2007-5237 (Java Web Start in Sun JDK and JRE 6 Update 2 and earlier does not ...)
	- sun-java6 6-03-1 (medium)
	- sun-java5 1.5.0-13-1 (medium)
	[etch] - sun-java5 <no-dsa> (Non-free not supported)
	[etch] - sun-java5 1.5.0-14-1etch1
CVE-2007-5236 (Java Web Start in Sun JDK and JRE 5.0 Update 12 and earlier, and SDK ...)
	- sun-java6 <not-affected> (Windows only)
	- sun-java5 <not-affected> (Windows only)
CVE-2007-5235 (Cross-site scripting (XSS) vulnerability in index.php in Uebimiau ...)
	NOT-FOR-US: Uebimiau
CVE-2007-5234 (PHP remote file inclusion vulnerability in upload/common/footer.php in ...)
	NOT-FOR-US: Ossigeno CMS
CVE-2007-5233 (SQL injection vulnerability in index.php in Web Template Management ...)
	NOT-FOR-US: Web Template Management System
CVE-2007-5232 (Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 2 and ...)
	- sun-java6 6-03-1 (low)
	- sun-java5 1.5.0-13-1 (low)
	[etch] - sun-java5 <no-dsa> (Non-free not supported)
	[etch] - sun-java5 1.5.0-14-1etch1
CVE-2007-5231 (Unrestricted file upload vulnerability in admin/upload_files.php in ...)
	NOT-FOR-US: Zomplog
CVE-2007-5230 (admin/upload_files.php in Zomplog 3.8.1 and earlier does not check for ...)
	NOT-FOR-US: Zomplog
CVE-2007-5229 (Cross-site request forgery (CSRF) vulnerability in the FeedBurner ...)
	NOT-FOR-US: FeedBurner FeedSmith wordpress plugin
CVE-2007-5228 (Cross-site scripting (XSS) vulnerability in the subscription ...)
	- drupal <not-affected> (does not shipt this module)
CVE-2007-5227 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
	NOT-FOR-US: BlackBoard Learning System
CVE-2007-5226 (irc_server.c in dircproxy 1.2.0 and earlier allows remote attackers to ...)
	- dircproxy 1.0.5-5.1 (low; bug #445883)
	[sarge] - dircproxy <no-dsa> (Minor issue)
	[etch] - dircproxy 1.0.5-5etch1
CVE-2005-4871 (Certain XML functions in IBM DB2 8.1 run with the privileges of DB2 ...)
	NOT-FOR-US: IBM DB2
CVE-2005-4870 (Stack-based buffer overflows in the (1) xmlvarcharfromfile, (2) ...)
	NOT-FOR-US: IBM DB2
CVE-2005-4869 (The (1) to_char and (2) to_date function in IBM DB2 8.1 allows local ...)
	NOT-FOR-US: IBM DB2
CVE-2005-4868 (Shared memory sections and events in IBM DB2 8.1 have default ...)
	NOT-FOR-US: IBM DB2
CVE-2005-4867 (Stack-based buffer overflow in the SATENCRYPT function in IBM DB2 8.1, ...)
	NOT-FOR-US: IBM DB2
CVE-2005-4866 (Stack-based buffer overflow in JDBC Applet Server in IBM DB2 8.1 ...)
	NOT-FOR-US: IBM DB2
CVE-2005-4865 (Stack-based buffer overflow in call in IBM DB2 7.x and 8.1 allows ...)
	NOT-FOR-US: IBM DB2
CVE-2005-4864 (Stack-based buffer overflow in libdb2.so in IBM DB2 7.x and 8.1 allows ...)
	NOT-FOR-US: IBM DB2
CVE-2005-4863 (Stack-based buffer overflow in db2fmp in IBM DB2 7.x and 8.1 allows ...)
	NOT-FOR-US: IBM DB2
CVE-2004-2725 (Multiple cross-site scripting (XSS) vulnerabilities in Aztek Forum 4.0 ...)
	NOT-FOR-US: Aztek Forum
CVE-2004-2724 (LionMax Software Chat Anywhere 2.72a allows remote attackers to cause ...)
	NOT-FOR-US: Chat Anywhere
CVE-2004-2723 (NessusWX 1.4.4 stores account passwords in plaintext in .session ...)
	NOT-FOR-US: NessusWXdd
CVE-2004-2722 (** DISPUTED ** ...)
	- nessus-core <unfixed> (unimportant)
	NOTE: this is no security issue assuming correct permissions
CVE-2004-2721 (The CheckGroup function in openSkat VTMF before 2.1 generates public ...)
	NOT-FOR-US: openSkat
CVE-2004-2720 (Cross-site scripting (XSS) vulnerability in register.asp in Snitz ...)
	NOT-FOR-US: Snitz Forums
CVE-2004-2719 (Buffer overflow in the UrlToLocal function in PunyLib.dll of Foxmail ...)
	NOT-FOR-US: Foxmail
CVE-2004-2718 (PHPMyChat 0.14.5 does not remove or protect setup.php3 after ...)
	NOT-FOR-US: PHPMyChat
CVE-2004-2717 (Multiple directory traversal vulnerabilities in admin.php3 in ...)
	NOT-FOR-US: PHPMyChat
CVE-2004-2716 (Multiple SQL injection vulnerabilities in usersL.php3 in PHPMyChat ...)
	NOT-FOR-US: PHPMyChat
CVE-2004-2715 (edituser.php3 in PHPMyChat 0.14.5 allow remote attackers to bypass ...)
	NOT-FOR-US: PHPMyChat
CVE-2004-2714 (Unspecified vulnerability in Window Maker 0.80.2 and earlier allows ...)
	- wmaker 0.90-1
CVE-2004-2713 (** DISPUTED ** ...)
	NOT-FOR-US: ZoneAlarm
CVE-2004-2712 (Buffer overflow in Gyach Enhanced (Gyach-E) before 1.0.0-SneakPeek-3 ...)
	NOT-FOR-US: Gyach-E
CVE-2004-2711 (Multiple buffer overflows in Gyach Enhanced (Gyach-E) before 1.0.2 ...)
	NOT-FOR-US: Gyach-E
CVE-2004-2710 (Multiple buffer overflows in Gyach Enhanced (Gyach-E) before 1.0.3 ...)
	NOT-FOR-US: Gyach-E
CVE-2004-2709 (Buffer overflow in the strip_html_tags method for Gyach Enhanced ...)
	NOT-FOR-US: Gyach-E
CVE-2004-2708 (Gyach Enhanced (Gyach-E) before 1.0.0 stores passwords in plaintext, ...)
	NOT-FOR-US: Gyach-E
CVE-2004-2707 (Multiple unspecified vulnerabilities in Gyach Enhanced (Gyach-E) ...)
	NOT-FOR-US: Gyach-E
CVE-2004-2706 (Unspecified vulnerability in Gyach Enhanced (Gyach-E) before 1.0.4 ...)
	NOT-FOR-US: Gyach-E
CVE-2004-2705 (Unspecified vulnerability in Player vs. Player Gaming Network (PvPGN) ...)
	- pvpgn 1.6.4+20040826-1
CVE-2004-2704 (Hastymail 1.0.1 and earlier (stable) and 1.1 and earlier (development) ...)
	NOT-FOR-US: Hastymail
CVE-2004-2703 (Clearswift MIMEsweeper 5.0.5, when it has been upgraded from ...)
	NOT-FOR-US: MIMEsweeper
CVE-2004-2702 (Cross-site scripting (XSS) vulnerability in login_up.php3 in Plesk 7.0 ...)
	NOT-FOR-US: Plesk
CVE-2004-2701 (Cross-site scripting (XSS) vulnerability in signin.aspx for ...)
	NOT-FOR-US: AspDotNetStorefront
CVE-2004-2700 (Unrestricted file upload vulnerability in AspDotNetStorefront 3.3 ...)
	NOT-FOR-US: AspDotNetStorefront
CVE-2004-2699 (deleteicon.aspx in AspDotNetStorefront 3.3 allows remote attackers to ...)
	NOT-FOR-US: AspDotNetStorefront
CVE-2004-2698 (Race condition in IMWheel 1.0.0pre11 and earlier, when running with ...)
	- imwheel 1.0.0pre12-1
CVE-2004-2697 (The Inventory Scout daemon (invscoutd) 1.3.0.0 and 2.0.2 for AIX 4.3.3 ...)
	NOT-FOR-US: InvScoutd
CVE-2004-2696 (BEA WebLogic Server and WebLogic Express 6.1, 7.0, and 8.1, when using ...)
	NOT-FOR-US: BEA WebLogic
CVE-2004-2695 (SQL injection vulnerability in the Authorize.net callback code ...)
	NOT-FOR-US: vBulletin
CVE-2004-2694 (Microsoft Outlook Express 6.0 allows remote attackers to bypass ...)
	NOT-FOR-US: Outlook
CVE-2004-2693 (HP-UX B.11.00 and B.11.11 with B6848AB GTK+ Support Libraries ...)
	NOT-FOR-US: HP-UX
CVE-2004-2692 (The exec_dir PHP patch (php-exec-dir) 4.3.2 through 4.3.7 with safe ...)
	NOT-FOR-US: php-exec-dir patch
CVE-2004-2691 (Unspecified vulnerability in 3Com SuperStack 3 4400 switches with ...)
	NOT-FOR-US: 3Com firmware
CVE-2004-2690 (Unrestricted file upload vulnerability in the Administration Panel for ...)
	NOT-FOR-US: NewsPHP
CVE-2004-2689 (NewsPHP allows remote attackers to gain unauthorized administrative ...)
	NOT-FOR-US: NewsPHP
CVE-2004-2688 (Cross-site scripting (XSS) vulnerability in index.php in NewsPHP ...)
	NOT-FOR-US: NewsPHP
CVE-2001-1585 (SSH protocol 2 (aka SSH-2) public key authentication in the ...)
	- openssh <not-affected> (fixed in 2001)
CVE-2001-1584 (CardBoard 2.4 greeting card CGI by Michael Barretto allows remote ...)
	NOT-FOR-US: CardBoard
CVE-2007-5225 (Integer signedness error in FIFO filesystems (named pipes) on Sun ...)
	NOT-FOR-US: Sun Solaris
CVE-2007-5224 (inc/exif.inc.php in Original Photo Gallery 0.11.2 and earlier allows ...)
	NOT-FOR-US: Original Photo Gallery
CVE-2007-5223 (Multiple unspecified vulnerabilities in AlstraSoft Affiliate Network ...)
	NOT-FOR-US: AlstraSoft
CVE-2007-5222 (SQL injection vulnerability in index.php in MAXdev MDPro (MD-Pro) ...)
	NOT-FOR-US: MAXdev
CVE-2007-5221 (PHP remote file inclusion vulnerability in mail/childwindow.inc.php in ...)
	NOT-FOR-US: Poppawid
CVE-2007-5220 (SQL injection vulnerability in catalog.asp in ASP Product Catalog ...)
	NOT-FOR-US: ASP Product Catalog
CVE-2007-5219 (Directory traversal vulnerability in the CLAVSetting.CLSetting.1 ...)
	NOT-FOR-US: CyberLink Power DVD
CVE-2007-5218 (Cross-site scripting (XSS) vulnerability in index.php in Don Barnes ...)
	NOT-FOR-US: Don Barnes DRBGuestbook
CVE-2007-5217 (Stack-based buffer overflow in the ADM4 ActiveX control in adm4.dll in ...)
	NOT-FOR-US: Altnet Download Manager
CVE-2007-5216 (Multiple PHP remote file inclusion vulnerabilities in eArk (e-Ark) 1.0 ...)
	NOT-FOR-US: eArk
CVE-2007-5215 (Multiple PHP remote file inclusion vulnerabilities in Jacob Hinkle ...)
	NOT-FOR-US: GodSend
CVE-2007-5214 (Multiple cross-site scripting (XSS) vulnerabilities in the AXIS 2100 ...)
	NOT-FOR-US: Axis Network Camera
CVE-2007-5213 (Multiple cross-site request forgery (CSRF) vulnerabilities in the AXIS ...)
	NOT-FOR-US: Axis Network Camera
CVE-2007-5212 (Multiple cross-site scripting (XSS) vulnerabilities in the AXIS 2100 ...)
	NOT-FOR-US: Axis Network Camera
CVE-2007-5211 (Multiple cross-site scripting (XSS) vulnerabilities in Arbor Networks ...)
	NOT-FOR-US: Peakflow
CVE-2007-5210 (Arbor Networks Peakflow SP before 3.5.1 patch 14, and 3.6.x before ...)
	NOT-FOR-US: Peakflow
CVE-2007-5209 (Stack-based buffer overflow in DriveLock.exe in CenterTools DriveLock ...)
	NOT-FOR-US: CenterTools
CVE-2007-5208 (hpssd in Hewlett-Packard Linux Imaging and Printing Project (hplip) ...)
	{DSA-1462-1 DTSA-72-1}
	- hplip 1.6.10-4.3 (medium; bug #447341)
	[sarge] - hplip <not-affected> (This code was using smtp directly)
CVE-2007-5206
	RESERVED
CVE-2007-5205
	RESERVED
CVE-2007-5204
	RESERVED
CVE-2007-5203
	RESERVED
CVE-2007-5202
	RESERVED
CVE-2007-5201 (The FTP backend for Duplicity before 0.4.9 sends the password as a ...)
	- duplicity 0.4.3-2 (low; bug #442840)
	[etch] - duplicity <not-affected> (Vulnerable code introduced in 0.4.3)
	[sarge] - duplicity <not-affected> (Vulnerable code introduced in 0.4.3)
	NOTE: ftp is an inherently insecure protocol, any security-sensitive data would
	NOTE: be transferred through the scp, sftp or rsync backends.
	NOTE: http://lists.debian.org/debian-release/2008/01/msg00190.html
CVE-2007-5200 (hugin, as used on various operating systems including SUSE openSUSE ...)
	{DTSA-74-1}
	- hugin 0.6.1-1.1 (low; bug #447344)
	[etch] - hugin <no-dsa> (Minor issue)
CVE-2007-5199
	RESERVED
CVE-2007-5198 (Buffer overflow in the redir function in check_http.c in Nagios ...)
	{DSA-1495-1 DTSA-67-1}
	- nagios-plugins 1.4.8-2.2 (low; bug #445475)
	NOTE: Requires the webserver, which has to be checked, to be compromised
CVE-2007-5197 (Buffer overflow in the Mono.Math.BigInteger class in Mono 1.2.5.1 and ...)
	{DSA-1397-1 DTSA-76-1}
	- mono 1.2.5.1-2
CVE-2007-5196 (Unspecified vulnerability in the SSL implementation in Groupwise ...)
	NOT-FOR-US: novell-groupwise-client
CVE-2007-5195 (Unspecified vulnerability in the SSL implementation in Groupwise ...)
	NOT-FOR-US: novell-groupwise-client
CVE-2007-5194 (The Chroot server in rMake 1.0.11 creates a /dev/zero device file with ...)
	NOT-FOR-US: rMake
CVE-2007-5192
	RESERVED
CVE-2007-5191 (mount and umount in util-linux and loop-aes-utils call the setuid and ...)
	{DSA-1450-1 DSA-1449-1 DTSA-64-1 DTSA-70-1}
	- util-linux 2.13-8 (low)
	- loop-aes-utils 2.13-2 (low)
CVE-2007-5190 (Multiple cross-site scripting (XSS) vulnerabilities in Alcatel ...)
	NOT-FOR-US: Alcatel OmniVista
CVE-2007-5189 (Multiple SQL injection vulnerabilities in mes_add.php in x-script ...)
	NOT-FOR-US: X-Script
CVE-2007-5188 (Unspecified vulnerability in the XOOPS uploader class in Xoops ...)
	NOT-FOR-US: Xoops
CVE-2007-5187 (SQL injection vulnerability in ...)
	NOT-FOR-US: Php-Fusion
CVE-2007-5186 (PHP remote file inclusion vulnerability in index.php in Segue CMS ...)
	NOT-FOR-US: Segue CMS
CVE-2007-5185 (Multiple PHP remote file inclusion vulnerabilities in phpWCMS XT 0.0.7 ...)
	NOT-FOR-US: phpWCMS XT
CVE-2007-5184 (Format string vulnerability in the SMBDirList function in dirlist.c in ...)
	NOT-FOR-US: smbFtpd
CVE-2007-5183 (Cross-site scripting (XSS) vulnerability in Mailbox.mws in ...)
	NOT-FOR-US: OdysseySuite
CVE-2007-5182 (Cross-site scripting (XSS) vulnerability in mail.asp in Netkamp Emlak ...)
	NOT-FOR-US: Netkamp Emlak Scripti
CVE-2007-5181 (SQL injection vulnerability in detay.asp in Netkamp Emlak Scripti ...)
	NOT-FOR-US: Netkamp Emlak Scripti
CVE-2007-5180 (Multiple SQL injection vulnerabilities in Ohesa Emlak Portali allow ...)
	NOT-FOR-US: Ohesa Emlak Portali
CVE-2007-5179 (Multiple cross-site scripting (XSS) vulnerabilities in iletisim.asp in ...)
	NOT-FOR-US: Iletisim Formu
CVE-2007-5178 (contrib/mx_glance_sdesc.php in the mx_glance 2.3.3 module for mxBB ...)
	NOT-FOR-US: mxBB
CVE-2007-5177 (SQL injection vulnerability in index.php in the MambAds (com_mambads) ...)
	NOT-FOR-US: Mambo extension
CVE-2007-5176 (Multiple cross-site scripting (XSS) vulnerabilities in GroupLink ...)
	NOT-FOR-US: eHelpDesk
CVE-2007-5175 (PHP remote file inclusion vulnerability lib/base.php in actSite 1.991 ...)
	NOT-FOR-US: actSite
CVE-2007-5174 (Directory traversal vulnerability in phpinc/news.php in actSite 1.56 ...)
	NOT-FOR-US: actSite
CVE-2007-5173 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: phpBB Openid
CVE-2007-5207 (guilt 0.27 allows local users to overwrite arbitrary files via a ...)
	- guilt 0.27-1.2 (medium; bug #445308)
CVE-2007-5193 (The default configuration for twiki 4.1.2 on Debian GNU/Linux, and ...)
	- twiki 1:4.1.2-3 (bug #444982; low)
	[etch] - twiki <no-dsa> (Minor packaging flaw, doesn't warrant an update)
CVE-2007-5172 (Quicksilver Forums before 1.4.1 allows remote attackers to obtain ...)
	NOT-FOR-US: Quicksilver Forums
CVE-2007-5171 (Unspecified vulnerability in Quicksilver Forums before 1.4.1 allows ...)
	NOT-FOR-US: Quicksilver Forums
CVE-2007-5170 (Unspecified vulnerability in the embedded service processor (SP) ...)
	NOT-FOR-US: Sun Fire
CVE-2007-5169 (Stack-based buffer overflow in MAIPM6.dll in Adobe PageMaker 7.0.1 and ...)
	NOT-FOR-US: Adobe PageMaker
CVE-2007-5168 (Multiple PHP remote file inclusion vulnerabilities in ClanLite ...)
	NOT-FOR-US: Clan lite
CVE-2007-5167 (PHP remote file inclusion vulnerability in .systeme/fonctions.php in ...)
	NOT-FOR-US: phpLister
CVE-2007-5166 (Multiple PHP remote file inclusion vulnerabilities in SiteSys 1.0a ...)
	NOT-FOR-US: SiteSys
CVE-2007-5165 (** DISPUTED ** ...)
	NOT-FOR-US: myIpacNG-stats
CVE-2007-5164 (** DISPUTED ** ...)
	NOT-FOR-US: UniversiBO
CVE-2007-5163 (** DISPUTED ** ...)
	NOT-FOR-US: nexty
CVE-2007-5162 (The connect method in lib/net/http.rb in the (1) Net::HTTP and (2) ...)
	{DSA-1412-1 DSA-1411-1 DSA-1410-1}
	- ruby1.9 1.9.0+20071016-1 (low)
	- ruby1.8 1.8.6.111-1 (low; bug #444929)
	NOTE: fix for 1.8 http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=rev&revision=13504
CVE-2007-5161 (Cross-zone scripting vulnerability in the internal browser in ...)
	NOT-FOR-US: Feedreader 3
	NOTE: editor not included in native wordpress
CVE-2007-5160 (Multiple PHP remote file inclusion vulnerabilities in Thierry Leriche ...)
	NOT-FOR-US: Thierry Leriche Restaurant Management System
CVE-2007-5159 (The ntfs-3g package before 1.913-2.fc7 in Fedora 7, and an ntfs-3g ...)
	- ntfs-3g 1:1.913-2 (medium; bug #445315)
CVE-2007-5158 (The focus handling for the onkeydown event in Microsoft Internet ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2007-5157 (PHP remote file inclusion vulnerability in phfito-post.php in Alex ...)
	NOT-FOR-US: PHP Fidonet Tosser
CVE-2007-5156 (Incomplete blacklist vulnerability in ...)
	- knowledgeroot 0.9.8.4-1.1 (unimportant; bug #444928)
	- moin 1.5.8-4.1 (unimportant)
	NOTE: This problem should rather be addressed by proper httpd config
	NOTE: The change only adds a workaround for insecure configs
	- karrigell <not-affected> (Does not include vulnerable php code)
	- gforge 4.6.99+svn6169-1 (low; bug #447590)
	[etch] - gforge <not-affected> (fckeditor is not shipped in these versions)
	[sarge] - gforge <not-affected> (fckeditor is not shipped in these versions)
CVE-2007-5155 (IceGUI.DLL in ICEOWS 4.20b invokes a function with incorrect ...)
	NOT-FOR-US: ICEOWS
CVE-2007-5154 (Session fixation vulnerability in Aipo and Aipo ASP 3.0.1.0 and ...)
	NOT-FOR-US: Aipo
CVE-2007-5153 (Unspecified vulnerability in Sun Java System Access Manager 7.1, when ...)
	NOT-FOR-US: Sun Java System Access Manager
CVE-2007-5152 (Sun Java System Access Manager 7.1, when installed in a Sun Java ...)
	NOT-FOR-US: Sun Java System Access Manager
CVE-2007-5151 (SQL injection vulnerability in the abget_admin function in ...)
	NOT-FOR-US: NukeSentinel
CVE-2007-5150 (SQL injection vulnerability in the is_god function in ...)
	NOT-FOR-US: NukeSentinel
CVE-2007-5149 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: North Country Public Radio Public Media Manager
CVE-2007-5148 (** DISPUTED ** ...)
	NOT-FOR-US: FrontAccounting
CVE-2007-5147 (Multiple PHP remote file inclusion vulnerabilities in Puzzle Apps CMS ...)
	NOT-FOR-US: Puzzle Apps CMS
CVE-2007-5146 (Multiple PHP remote file inclusion vulnerabilities in dedi-group Der ...)
	NOT-FOR-US: Der Dirigent
CVE-2007-5145 (Multiple buffer overflows in system DLL files in Microsoft Windows XP, ...)
	NOT-FOR-US: Windows XP
CVE-2007-5144 (Buffer overflow in the GDI engine in Windows Live Messenger, as used ...)
	NOT-FOR-US: Windows Live Messenger
CVE-2007-5143 (F-Secure Anti-Virus for Windows Servers 7.0 64-bit edition allows ...)
	NOT-FOR-US: Anti-Virus for Windows Servers
CVE-2007-5142 (Cross-site scripting (XSS) vulnerability in buscar.asp in Solidweb ...)
	NOT-FOR-US: Solidweb Novus
CVE-2007-5141 (SQL injection vulnerability in search.php in SiteX CMS 0.7.3 Beta ...)
	NOT-FOR-US: SiteX
CVE-2007-5140 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: IntegraMOD Nederland
CVE-2007-5139 (PHP remote file inclusion vulnerability in admin/include/header.php in ...)
	NOT-FOR-US: Chupix
CVE-2007-5138 (PHP remote file inclusion vulnerability in forum/forum.php in ...)
	NOT-FOR-US: lustig.cms
CVE-2007-5137 (Buffer overflow in the ReadImage function in generic/tkImgGIF.c in Tcl ...)
	- tk8.4 8.4.16-1
	[etch] - tk8.4 <not-affected> (Vulnerability was introduced in 8.4.13)
	[sarge] - tk8.4 <not-affected> (Vulnerability was introduced in 8.4.13)
	- tk8.3 <not-affected> (Vulnerability was introduced in 8.4.13)
CVE-2007-5136 (Cross-site scripting (XSS) vulnerability in DFD Cart 1.1.4 and earlier ...)
	NOT-FOR-US: DFD Cart
CVE-2007-5134 (Cisco Catalyst 6500 and Cisco 7600 series devices use 127/8 IP ...)
	NOT-FOR-US: Cisco firmware
CVE-2007-5133 (Microsoft Windows Explorer (explorer.exe) allows user-assisted remote ...)
	NOT-FOR-US: Microsoft Windows Explorer
CVE-2007-5132 (Race condition in the kernel in Sun Solaris 8 through 10 allows local ...)
	NOT-FOR-US: Solaris
CVE-2007-5131 (SQL injection vulnerability in index.php in Interspire ActiveKB NX 2.x ...)
	NOT-FOR-US: ActiveKB
CVE-2007-5130 (SimpGB 1.46.02 allows remote attackers to obtain sensitive information ...)
	NOT-FOR-US: SimpGB
CVE-2007-5129 (SimpGB 1.46.02 stores sensitive information under the web root with ...)
	NOT-FOR-US: SimpGB
CVE-2007-5128 (SimpNews 2.41.03 on Windows, when PHP before 5.0.0 is used, allows ...)
	NOT-FOR-US: SimpNews
CVE-2007-5127 (Multiple cross-site scripting (XSS) vulnerabilities in SimpGB 1.46.02 ...)
	NOT-FOR-US: SimpGB
CVE-2007-5126 (Unspecified vulnerability in the client in Symantec Veritas Backup ...)
	NOT-FOR-US: Symantec Veritas Backup Exec
CVE-2007-5125
	REJECTED
CVE-2007-5124 (The embedded Internet Explorer server control in AOL Instant Messenger ...)
	NOT-FOR-US: AOL Messenger
CVE-2007-5123 (SQL injection vulnerability in notas.asp in Novus 1.0 allows remote ...)
	NOT-FOR-US: Solidweb Novus
CVE-2007-5122 (SQL injection vulnerability in store_info.php in SoftBiz Classifieds ...)
	NOT-FOR-US: SoftBiz Classifieds PLUS
CVE-2007-5121 (Cross-site scripting (XSS) vulnerability in JSPWiki 2.5.139-beta ...)
	- jspwiki <not-affected> (The version we ship does not process a redirect parameter in Login.jsp and other source files)
	[sarge] - jspwiki <no-dsa> (Contrib not supported)
CVE-2007-5120 (Multiple cross-site scripting (XSS) vulnerabilities in JSPWiki 2.4.103 ...)
	- jspwiki 2.5.139-1 (medium; bug #445477)
	[sarge] - jspwiki <no-dsa> (Contrib not supported)
CVE-2007-5119 (JSPWiki 2.4.103 and 2.5.139-beta allows remote attackers to obtain ...)
	- jspwiki 2.5.139-1 (unimportant; bug #445477)
	[sarge] - jspwiki <no-dsa> (Contrib not supported)
CVE-2007-5118 (Unspecified vulnerability in the HID (Human Interface Device) class ...)
	NOT-FOR-US: Solaris
CVE-2007-5117 (Multiple PHP remote file inclusion vulnerabilities in FrontAccounting ...)
	NOT-FOR-US: FrontAccounting
CVE-2007-5116 (Buffer overflow in the polymorphic opcode support in the Regular ...)
	{DSA-1400-1 DTSA-78-1}
	- perl 5.8.8-12 (medium; bug #450794)
	NOTE: http://public.activestate.com/cgi-bin/perlbrowse/30647
CVE-2003-1340 (Multiple SQL injection vulnerabilities in Francisco Burzi PHP-Nuke 5.6 ...)
	NOT-FOR-US: Php-Nuke
CVE-2007-5135 (Off-by-one error in the SSL_get_shared_ciphers function in OpenSSL ...)
	{DSA-1379-1}
	- openssl 0.9.8e-9 (low; bug #444435)
	[sarge] - openssl 0.9.7e-3sarge5
CVE-2007-5115 (Multiple PHP remote file inclusion vulnerabilities in Ekke Doerre ...)
	NOT-FOR-US: Ekke Doerre Contenido
CVE-2007-5114 (** DISPUTED ** ...)
	NOT-FOR-US: phpmyProfiler
CVE-2007-5113 (report.cgi in Google Urchin allows remote attackers to bypass ...)
	NOT-FOR-US: Google Urchin
CVE-2007-5112 (Cross-site scripting (XSS) vulnerability in session.cgi (aka the login ...)
	NOT-FOR-US: Google Urchin
CVE-2007-5111 (A certain ActiveX control in EBCRYPT.DLL 2.0 in EB Design ebCrypt ...)
	NOT-FOR-US: ebCrypt
CVE-2007-5110 (Absolute path traversal vulnerability in the ...)
	NOT-FOR-US: ebCrypt
CVE-2007-5109 (Cross-site request forgery (CSRF) vulnerability in index.php in ...)
	NOT-FOR-US: flatnuke
CVE-2007-5108 (Unspecified vulnerability in IAC Search &amp; Media ask.com toolbar has ...)
	NOT-FOR-US: IAC Search & Media ask.com toolbar
CVE-2007-5107 (Stack-based buffer overflow in the AskJeevesToolBar.SettingsPlugin.1 ...)
	NOT-FOR-US: AskJeevesToolBar
CVE-2007-5106 (Cross-site scripting (XSS) vulnerability in wp-register.php in ...)
	- wordpress 2.0.2-1 (low)
CVE-2007-5105 (Cross-site scripting (XSS) vulnerability in wp-register.php in ...)
	- wordpress 2.0.4-1 (low)
CVE-2007-5104 (SQL injection vulnerability in index.php in the Arcade module in bcoos ...)
	NOT-FOR-US: bcoos
CVE-2007-5103 (Directory traversal vulnerability in config.inc.php in Wordsmith 1.0 ...)
	NOT-FOR-US: Wordsmith
CVE-2007-5102 (PHP remote file inclusion vulnerability in config.inc.php in Wordsmith ...)
	NOT-FOR-US: Wordsmith
CVE-2007-5101 (ChironFS before 1.0 RC7 sets user/group ownership to the mounter ...)
	NOT-FOR-US: ChironFS
CVE-2007-5100 (Multiple PHP remote file inclusion vulnerabilities in phpBB Plus 1.53, ...)
	NOT-FOR-US: phpBB plus (phpbb2 does not include this module)
CVE-2007-5099 (PHP remote file inclusion vulnerability in show.php in David Watters ...)
	NOT-FOR-US: helplink
CVE-2007-5098 (Multiple PHP remote file inclusion vulnerabilities in DFD Cart 1.1.4 ...)
	NOT-FOR-US: DFD Cart
CVE-2007-5097 (** DISPUTED ** ...)
	NOT-FOR-US: Online Fantasy Football League
CVE-2007-5096 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: guanxiCRM Business Solution
CVE-2007-5095 (Microsoft Windows Media Player (WMP) 9 on Windows XP SP2 invokes ...)
	NOT-FOR-US: Windows Media Player
CVE-2007-5094 (Heap-based buffer overflow in iaspam.dll in the SMTP Server in ...)
	NOT-FOR-US: Ipswitch IMail Server
CVE-2007-5093 (The disconnect method in the Philips USB Webcam (pwc) driver in Linux ...)
	{DSA-1503-2 DSA-1504-1 DSA-1503-1 DSA-1381-2}
	- linux-2.6 2.6.23-1
CVE-2007-5092 (Directory traversal vulnerability in index.php in the Dance Music ...)
	NOT-FOR-US: phpNuke module
CVE-2007-5091 (Multiple cross-site scripting (XSS) vulnerabilities in eGroupWare ...)
	- egroupware 1.2.107-2.dfsg-2 (low; bug #444351)
CVE-2007-5090 (Unspecified vulnerability in IBM Rational ClearQuest (CQ), when a ...)
	NOT-FOR-US: IBM Rational ClearQuest
CVE-2007-5089 (PHP remote file inclusion vulnerability in php-inc/log.inc.php in ...)
	NOT-FOR-US: Sklog
CVE-2007-5088 (Cross-site scripting (XSS) vulnerability in search/cust_bill_event.cgi ...)
	NOT-FOR-US: freeside
CVE-2007-5087 (The ATM module in the Linux kernel before 2.4.35.3, when CLIP support ...)
	- linux-2.6 <not-affected> (2.6 code base handles ARP entries differently)
CVE-2007-5086 (Kaspersky Anti-Virus (KAV) and Internet Security 7.0 build 125 do not ...)
	NOT-FOR-US: Kaspersky Anti-Virus and Internet Security 7.0
CVE-2007-5085 (Unspecified vulnerability in the management EJB (MEJB) in Apache ...)
	NOT-FOR-US: Geronimo Apache
CVE-2007-5084 (Multiple SQL injection vulnerabilities in Computer Associates (CA) ...)
	NOT-FOR-US: CA BrightStor Hierarchical Storage Manager
CVE-2007-5083 (Multiple integer overflows in Computer Associates (CA) BrightStor ...)
	NOT-FOR-US: CA BrightStor Hierarchical Storage Manager
CVE-2007-5082 (Multiple stack-based buffer overflows in Computer Associates (CA) ...)
	NOT-FOR-US: CA BrightStor Hierarchical Storage Manager
CVE-2002-2227 (Buffer underflow in ssldump 0.9b2 and earlier allows remote attackers ...)
	- ssldump 0.9b3-1 (low)
CVE-2007-5081 (Heap-based buffer overflow in RealNetworks RealPlayer 8, 10, 10.1, and ...)
	NOT-FOR-US: RealPlayer
CVE-2007-5080 (Integer overflow in RealNetworks RealPlayer 10 and 10.5, RealOne ...)
	NOT-FOR-US: RealPlayer
CVE-2007-5079 (Red Hat Enterprise Linux 4 does not properly compile and link gdm with ...)
	- gdm <not-affected> (Red Hat-specific packaging flaw)
CVE-2007-5078 (Multiple cross-site scripting (XSS) vulnerabilities in eGov Manager ...)
	NOT-FOR-US: eGov Manager
CVE-2007-5077
	RESERVED
CVE-2007-5076
	RESERVED
CVE-2007-5075
	RESERVED
CVE-2007-5074
	RESERVED
CVE-2007-5073
	RESERVED
CVE-2007-5072 (Multiple cross-site scripting (XSS) vulnerabilities in Simple PHP Blog ...)
	NOT-FOR-US: Simple PHP Blog
CVE-2007-5071 (Incomplete blacklist vulnerability in upload_img_cgi.php in Simple PHP ...)
	NOT-FOR-US: Simple PHP Blog
CVE-2007-5070 (Heap-based buffer overflow in the EasyMailMessagePrinter ActiveX ...)
	NOT-FOR-US: Easy Mail Message Printer
CVE-2007-5069 (Directory traversal vulnerability in data/compatible.php in the Nuke ...)
	NOT-FOR-US: PHP-Nuke
CVE-2007-5068 (SQL injection vulnerability in index.php in phpFullAnnu (PFA) 6.0 ...)
	NOT-FOR-US: phpFullAnnu
CVE-2007-5067 (Multiple buffer overflows in iMatix Xitami Web Server 2.5c2 allow ...)
	NOT-FOR-US: iMatix Xitami Web Server
CVE-2007-5066 (Unspecified vulnerability in Webmin before 1.370 on Windows allows ...)
	- webmin <removed>
CVE-2007-5065 (PHP remote file inclusion vulnerability in admin.slideshow1.php in the ...)
	NOT-FOR-US: Joomla! extension
CVE-2007-5064 (Buffer overflow in a certain ActiveX control in Xunlei Web Thunder ...)
	NOT-FOR-US: Xunlei Web Thunder
CVE-2007-5063 (Adam Scheinberg Flip 3.0 and earlier stores sensitive information ...)
	NOT-FOR-US: Adam Scheinberg Flip
CVE-2007-5062 (account.php in Adam Scheinberg Flip 3.0 and earlier allows remote ...)
	NOT-FOR-US: Adam Scheinberg Flip
CVE-2007-5061 (SQL injection vulnerability in mods/banners/navlist.php in Clansphere ...)
	NOT-FOR-US: Clansphere
CVE-2007-5060 (Cross-site request forgery (CSRF) vulnerability in the cpass ...)
	NOT-FOR-US: XCMS
CVE-2007-5059 (Multiple cross-site scripting (XSS) vulnerabilities in GreenSQL allow ...)
	NOT-FOR-US: GreenSQL
CVE-2007-5058 (Cross-site scripting (XSS) vulnerability in the Web administration ...)
	NOT-FOR-US: Barracuda
CVE-2007-5057 (NetSupport Manager Client before 10.20.0004 allows remote attackers to ...)
	NOT-FOR-US: NetSupport Manager Client
CVE-2007-5056 (Eval injection vulnerability in adodb-perf-module.inc.php in ADOdb ...)
	NOT-FOR-US: ADOdb Lite
CVE-2007-5055 (Multiple directory traversal vulnerabilities in iziContents 1 RC6 and ...)
	NOT-FOR-US: iziContents
CVE-2007-5054 (Multiple PHP remote file inclusion vulnerabilities in iziContents 1 ...)
	NOT-FOR-US: iziContents
CVE-2007-5053 (Multiple incomplete blacklist vulnerabilities in iziContents 1 RC6 and ...)
	NOT-FOR-US: iziContents
CVE-2007-5052 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...)
	NOT-FOR-US: Vigile CMS
CVE-2007-5051 (Multiple cross-site scripting (XSS) vulnerabilities in PhpGedView ...)
	{DSA-1559-1}
	- phpgedview 4.1.e+4.1.1-2 (low; bug #443901)
CVE-2007-5050 (Directory traversal vulnerability in index.php in Neuron News 1.0 ...)
	NOT-FOR-US: Neuron News
CVE-2007-5049
	REJECTED
CVE-2007-5048 (Heap-based buffer overflow in Lhaplus before 1.55 allows remote ...)
	NOT-FOR-US: lhaplus
CVE-2007-5047 (Norton Internet Security 2008 15.0.0.60 does not properly validate ...)
	NOT-FOR-US: Norton Internet Security
CVE-2007-5046 (Cross-site scripting (XSS) vulnerability in the Webmail interface for ...)
	NOT-FOR-US: IceWarp Merak Mail Server
CVE-2007-5045 (Argument injection vulnerability in Apple QuickTime 7.1.5 and earlier, ...)
	- iceweasel <not-affected> (Only affects Firefox/Thunderbird on Windows)
	- icedove <not-affected> (Only affects Firefox/Thunderbird on Windows)
CVE-2007-5044 (ZoneAlarm Pro 7.0.362.000 does not properly validate certain ...)
	NOT-FOR-US: ZoneAlam Pro
CVE-2007-5043 (Kaspersky Internet Security 7.0.0.125 does not properly validate ...)
	NOT-FOR-US: Kaspersky Internet Security
CVE-2007-5042 (Outpost Firewall Pro 4.0.1025.7828 does not properly validate certain ...)
	NOT-FOR-US: Outpost Firewall PRO
CVE-2007-5041 (G DATA InternetSecurity 2007 does not properly validate certain ...)
	NOT-FOR-US: G DATA InternetSecurity
CVE-2007-5040 (Ghost Security Suite alpha 1.200 does not properly validate certain ...)
	NOT-FOR-US: Ghost Security Suite
CVE-2007-5039 (Ghost Security Suite beta 1.110 does not properly validate certain ...)
	NOT-FOR-US: Ghost Security Suite
CVE-2007-5038 (The offer_account_by_email function in User.pm in the WebService for ...)
	- bugzilla <not-affected> (Affected versions were never present in the archive)
CVE-2007-5037 (Buffer overflow in the inotifytools_snprintf function in ...)
	{DSA-1440-1}
	- inotify-tools 3.11-1 (medium; bug #443913)
CVE-2007-5036 (Multiple buffer overflows in the AirDefense Airsensor M520 with ...)
	NOT-FOR-US: AirDefense firmware
CVE-2007-5035 (** DISPUTED ** ...)
	NOT-FOR-US: openEngine
CVE-2007-5034 (ELinks before 0.11.3, when sending a POST request for an https URL, ...)
	{DSA-1380-1}
	- elinks 0.11.1-1.5 (low; bug #443914)
CVE-2007-5033 (Cross-site scripting (XSS) vulnerability in profile.php in phpBB XS 2 ...)
	NOT-FOR-US: phpBB XS
CVE-2007-5032 (Cross-site request forgery (CSRF) vulnerability in admin.php in ...)
	NOT-FOR-US: Php-Nuke
CVE-2007-5031 (The TSrvOptIA_NA::rebind method in SrvOptions/SrvOptIA_NA.cpp in ...)
	- dibbler 0.6.1-1 (low; bug #444002)
CVE-2007-5030 (Multiple integer overflows in Dibbler 0.6.0 allow remote attackers to ...)
	- dibbler 0.6.1-1 (low; bug #444002)
CVE-2007-5029 (Dibbler 0.6.0 does not verify that certain length parameters are ...)
	- dibbler 0.6.1-1 (low; bug #444002)
CVE-2007-5028 (Dibbler 0.6.0 on Linux uses weak world-writable permissions for ...)
	- dibbler 0.6.1-1 (medium; bug #444002)
CVE-2007-5027 (Multiple cross-site scripting (XSS) vulnerabilities in cgi-bin/ddns in ...)
	NOT-FOR-US: WBR3404TX firmware
CVE-2007-5026 (dBlog CMS, probably 2.0, stores sensitive information under the web ...)
	NOT-FOR-US: dBlog CMS
CVE-2007-5025 (Unspecified vulnerability in EMC VMware ACE before 1.0.3 Build 54075 ...)
	NOT-FOR-US: VMware
CVE-2007-5024 (EMC VMware Server before 1.0.4 Build 56528 writes passwords in ...)
	NOT-FOR-US: VMware
CVE-2007-5023 (Unquoted Windows search path vulnerability in EMC VMware Workstation ...)
	NOT-FOR-US: VMware
CVE-2007-5022 (Unspecified vulnerability in certain IBM Tivoli Storage Manager (TSM) ...)
	NOT-FOR-US: IBM Tivoli Storage Manager
CVE-2007-5021
	REJECTED
CVE-2007-5020 (Unspecified vulnerability in Adobe Acrobat and Reader 8.1 on Windows ...)
	NOT-FOR-US: Acrobat Reader
CVE-2004-2687 (distcc 2.x, as used in XCode 1.5 and others, when not configured to ...)
	- distcc 2.18.1-1 (low)
	NOTE: since 2.18.1-1 there is the --allow switch to control network access
CVE-2004-2686 (Directory traversal vulnerability in the vfs_getvfssw function in ...)
	NOT-FOR-US: Solaris
CVE-2003-1339 (Stack-based buffer overflow in eZnet.exe, as used in eZ (a) ...)
	NOT-FOR-US: eZnet
CVE-2003-1338 (CRLF injection vulnerability in Aprelium Abyss Web Server 1.1.2 and ...)
	NOT-FOR-US: Abyss Web Server
CVE-2003-1337 (Heap-based buffer overflow in Aprelium Abyss Web Server 1.1.2 and ...)
	NOT-FOR-US: Abyss Web Server
CVE-2003-1336 (Buffer overflow in mIRC before 6.11 allows remote attackers to execute ...)
	NOT-FOR-US: mIRC
CVE-2002-2226 (Buffer overflow in tftpd of TFTP32 2.21 and earlier allows remote ...)
	NOT-FOR-US: Tftpd32
CVE-2001-1583 (lpd daemon (in.lpd) in Solaris 8 and earlier allows remote attackers ...)
	NOT-FOR-US: Solaris
CVE-2001-1582 (Buffer overflow in the LDAP naming services library (libsldap) in Sun ...)
	NOT-FOR-US: Solaris
CVE-2007-XXXX [mimep insecure tempfile usage and insecure calls to LaTeX and dvips]
	- mp 3.7.1-8 (low)
	[sarge] - mp <no-dsa> (Minor issue)
	[etch] - mp <no-dsa> (Minor issue)
	NOTE: Can be fixed in a point update
CVE-2007-5019 (Buffer overflow in the Sun Java Web Start ActiveX control in Java ...)
	- sun-java6 <unfixed> (unimportant)
	- sun-java5 <unfixed> (unimportant)
	NOTE: exploiting this would not work under Linux
CVE-2007-5018 (Stack-based buffer overflow in IMAPD in Mercury/32 4.52 allows remote ...)
	NOT-FOR-US: Pegasus Mail Mercury
CVE-2007-5017 (Absolute path traversal vulnerability in a certain ActiveX control in ...)
	NOT-FOR-US: Yahoo! Messenger
CVE-2007-5016 (SQL injection vulnerability in userreviews.php in OneCMS 2.4 allows ...)
	NOT-FOR-US: OneCMS
CVE-2007-5015 (Multiple PHP remote file inclusion vulnerabilities in Streamline PHP ...)
	NOT-FOR-US: Streamline
CVE-2007-5014 (Multiple PHP remote file inclusion vulnerabilities in pSlash 0.70 ...)
	NOT-FOR-US: pSlash
CVE-2007-5013 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...)
	NOT-FOR-US: Phormer
CVE-2007-5012 (Cross-site scripting (XSS) vulnerability in picture.php in ...)
	NOT-FOR-US: PhpWebGallery
CVE-2007-5011 (webbatch.exe in WebBatch allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: WebBatch
CVE-2007-5010 (Cross-site scripting (XSS) vulnerability in WebBatch allows remote ...)
	NOT-FOR-US: WebBatch
CVE-2007-5009 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: Phpbb Plus
	NOTE: vulnerable code not included in phpbb2
CVE-2007-5008 (The logins command in HP-UX B.11.31, B.11.23, and B.11.11 does not ...)
	NOT-FOR-US: HP-UX
CVE-2007-5007 (Stack-based buffer overflow in the ir_fetch_seq function in balsa ...)
	- balsa 2.3.20-1 (low)
	[etch] - balsa 2.3.13-3
	NOTE: Minor issue fixed in 4.0r4 point release
	[sarge] - balsa <no-dsa> (Minor issue)
	NOTE: attacker needs to get the victim a prepared server to use
CVE-2007-5006 (Multiple command handlers in CA (Computer Associates) BrightStor ...)
	NOT-FOR-US: CA ARCserve Backup
CVE-2007-5005 (Directory traversal vulnerability in rxRPC.dll in CA (Computer ...)
	NOT-FOR-US: CA ARCserve Backup
CVE-2007-5004 (Integer overflow in CA (Computer Associates) BrightStor ARCserve ...)
	NOT-FOR-US: CA ARCserve Backup
CVE-2007-5003 (Multiple stack-based buffer overflows in CA (Computer Associates) ...)
	NOT-FOR-US: CA ARCserve Backup
CVE-2007-5002
	RESERVED
CVE-2007-5001 (Linux kernel before 2.4.21 allows local users to cause a denial of ...)
	- linux-2.6 <not-affected> (RedHat/RHEL3 specific patch only)
CVE-2007-5000 (Cross-site scripting (XSS) vulnerability in the (1) mod_imap module in ...)
	[sarge] - apache2 <no-dsa> (minor issue)
	[sarge] - apache <no-dsa> (minor issue)
	- apache2 2.2.8-1 (low)
	- apache <removed> (low)
	[etch] - apache2 2.2.3-4+etch4
	[etch] - apache 1.3.34-4.1+etch1
CVE-2007-4999 (libpurple in Pidgin 2.1.0 through 2.2.1, when using HTML logging, ...)
	- pidgin 2.2.2-1 (medium)
CVE-2007-4998 (cp, when running with an option to preserve symlinks on multiple OSes, ...)
	- coreutils 4.1.2
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=356471
CVE-2007-4997 (Integer underflow in the ieee80211_rx function in ...)
	{DSA-1428-1}
	- linux-2.6 2.6.23-1
CVE-2007-4996 (libpurple in Pidgin before 2.2.1 does not properly handle MSN nudge ...)
	- pidgin 2.2.1-1 (medium)
	NOTE: Gaim not affected, vulnerable code was introduced in 2.2.0
CVE-2007-4995 (Off-by-one error in the DTLS implementation in OpenSSL 0.9.8 before ...)
	{DSA-1571-1}
	- openssl 0.9.8f-1 (low)
	- openssl097 <not-affected> (DTLS support was introduced in 0.9.8)
	- openssl096 <not-affected> (DTLS support was introduced in 0.9.8)
	[sarge] - openssl <not-affected> (DTLS support was introduced in 0.9.8)
CVE-2007-4994 (Certificate Server 7.2 in Red Hat Certificate System (RHCS) does not ...)
	NOT-FOR-US: Redhat Certificate Server
CVE-2007-4993 (pygrub (tools/pygrub/src/GrubConf.py) in Xen 3.0.3, when booting a ...)
	{DSA-1384-1}
	- xen-3 3.1.1-1 (medium; bug #444430)
	- xen-3.0 <removed>
CVE-2007-4992 (Stack-based buffer overflow in the process_packet function in ...)
	- firebird1.5 <removed> (medium; bug #446373)
	- firebird2.0 2.0.3.12981.ds1-1 (medium)
CVE-2007-4991 (The SOCKS4 Proxy in Microsoft Internet Security and Acceleration (ISA) ...)
	NOT-FOR-US: Microsoft Internet Security and Acceleration
CVE-2007-4990 (The swap_char2b function in X.Org X Font Server (xfs) before 1.0.5 ...)
	{DSA-1385-1}
	- xfs 1:1.0.5-1
CVE-2007-4989
	REJECTED
CVE-2007-4988 (Sign extension error in the ReadDIBImage function in ImageMagick ...)
	{DTSA-63-1}
	- imagemagick 7:6.2.4.5.dfsg1-2 (medium; bug #444267)
	- graphicsmagick 1.1.11-1 (medium; bug #444266)
CVE-2007-4987 (Off-by-one error in the ReadBlobString function in blob.c in ...)
	{DTSA-63-1}
	- imagemagick 7:6.2.4.5.dfsg1-2 (medium; bug #444267)
CVE-2007-4986 (Multiple integer overflows in ImageMagick before 6.3.5-9 allow ...)
	{DTSA-63-1}
	- imagemagick 7:6.2.4.5.dfsg1-2 (medium; bug #444267)
	- graphicsmagick 1.1.11-1 (medium; bug #444266)
CVE-2007-4985 (ImageMagick before 6.3.5-9 allows context-dependent attackers to cause ...)
	{DTSA-63-1}
	- imagemagick 7:6.2.4.5.dfsg1-2 (medium; bug #444267)
	- graphicsmagick 1.1.11-1 (medium; bug #444266)
CVE-2007-4984 (SQL injection vulnerability in index.php in the Ktauber.com StylesDemo ...)
	NOT-FOR-US: StylesDemo
CVE-2007-4983 (Directory traversal vulnerability in the JetAudio.Interface.1 ActiveX ...)
	NOT-FOR-US: jetAudio
CVE-2007-4982 (Multiple absolute path traversal vulnerabilities in the ...)
	NOT-FOR-US: QRCode
CVE-2007-4981 (Cross-site scripting (XSS) vulnerability in the save function in ...)
	NOT-FOR-US: Obedit
CVE-2007-4980 (The readRequest method in org/gcaldaemon/core/http/HTTPListener.java ...)
	NOT-FOR-US: GCALDaemon
CVE-2007-4979 (SQL injection vulnerability in index.php in the sondages module in ...)
	NOT-FOR-US: KwsPHP
CVE-2007-4978 (Multiple PHP remote file inclusion vulnerabilities in phpSyncML 0.1.2 ...)
	NOT-FOR-US: phpSyncML
CVE-2007-4977 (Cross-site scripting (XSS) vulnerability in mode.php in Coppermine ...)
	NOT-FOR-US: Coppermine Photo Gallery
CVE-2007-4976 (Directory traversal vulnerability in viewlog.php in Coppermine Photo ...)
	NOT-FOR-US: Coppermine Photo Gallery
CVE-2007-4975 (Cross-site scripting (XSS) vulnerability in hilfe.php in b1gMail 6.3.1 ...)
	NOT-FOR-US: b1gMail
CVE-2007-4974 (Heap-based buffer overflow in the flac_buffer_copy function in ...)
	{DSA-1442-1}
	- libsndfile 1.0.17-4 (bug #443386; medium)
	[sarge] - libsndfile <not-affected> (Vulnerable code not present)
	- ardour 1:2.1-1.1 (medium; bug #445889)
	[sarge] - ardour <not-affected> (Vulnerable code not present)
	[etch] - ardour <not-affected> (Vulnerable code not present)
CVE-2007-4973
	RESERVED
CVE-2007-4972 (RegMon 7.04 does not properly validate certain parameters to System ...)
	NOT-FOR-US: NtRegmon
CVE-2007-4971 (ProSecurity 1.40 Beta 2 does not properly validate certain parameters ...)
	NOT-FOR-US: ProSecurity
CVE-2007-4970 (ProcessGuard 3.410 does not properly validate certain parameters to ...)
	NOT-FOR-US: ProcessGuard
CVE-2007-4969 (Process Monitor 1.22 does not properly validate certain parameters to ...)
	NOT-FOR-US: Process Monitor
CVE-2007-4968 (Privatefirewall 5.0.14.2 does not properly validate certain parameters ...)
	NOT-FOR-US: Privatefirewal
CVE-2007-4967 (Online Armor Personal Firewall 2.0.1.215 does not properly validate ...)
	NOT-FOR-US: Online Armor Personal Firewall
CVE-2007-4966 (SQL injection vulnerability in www/people/editprofile.php in GForge ...)
	{DTSA-57-1}
	NOTE: Duplicate of CVE-2007-3913
CVE-2007-4965 (Multiple integer overflows in the imageop module in Python 2.5.1 and ...)
	{DSA-1620-1 DSA-1551-1}
	- python2.5 2.5.1-6 (low; bug #443333)
	[etch] - python2.5 <no-dsa> (Minor issue)
	[sarge] - python2.5 <no-dsa> (Minor issue)
	- python2.4 2.4.4-7 (low; bug #443335)
	[etch] - python2.4 <no-dsa> (Minor issue)
CVE-2007-4964 (WinImage 8.10 and earlier allows remote attackers to cause a denial of ...)
	NOT-FOR-US: WinImage
CVE-2007-4963 (Visual truncation vulnerability in WinImage 8.10 and earlier allows ...)
	NOT-FOR-US: WinImage
CVE-2007-4962 (Directory traversal vulnerability in WinImage 8.10 and earlier allows ...)
	NOT-FOR-US: WinImage
CVE-2007-4961 (The login_to_simulator method in Linden Lab Second Life, as used by ...)
	- secondlife-client <itp> (low; bug #406335)
CVE-2007-4960 (Argument injection vulnerability in the Linden Lab Second Life ...)
	- secondlife-client <itp> (low; bug #406335)
CVE-2007-4959 (Cross-site scripting (XSS) vulnerability in ...)
	NOT-FOR-US: osCMax
CVE-2007-4958 (Multiple cross-site scripting (XSS) vulnerabilities in TinyWebGallery ...)
	NOT-FOR-US: TinyWebGallery
CVE-2007-4957 (Multiple directory traversal vulnerabilities in download.php in Chupix ...)
	NOT-FOR-US: ChupixCMS
CVE-2007-4956 (Multiple SQL injection vulnerabilities in KwsPHP 1.0 allow remote ...)
	NOT-FOR-US: KwsPhp
CVE-2007-4955 (PHP remote file inclusion vulnerability in admin.joomlaflashfun.php in ...)
	NOT-FOR-US: Joomla! extension
CVE-2007-4954 (PHP remote file inclusion vulnerability in admin.joom12pic.php in the ...)
	NOT-FOR-US: Joomla! extension
CVE-2007-4953 (SQL injection vulnerability in index.php in SimpCMS allows remote ...)
	NOT-FOR-US: SimpCMS
CVE-2007-4952 (SQL injection vulnerability in article.php in OmniStar Article Manager ...)
	NOT-FOR-US: OmniStar Article Manager
CVE-2007-4951 (** DISPUTED ** ...)
	NOT-FOR-US: YaPiG
CVE-2007-4950 (** DISPUTED ** ...)
	NOT-FOR-US: Phportal
CVE-2007-4949 (** DISPUTED ** ...)
	NOT-FOR-US: phpreactor
CVE-2007-4948 (Multiple PHP remote file inclusion vulnerabilities in Webmedia ...)
	NOT-FOR-US: Webmedia Explorer
CVE-2007-4947 (Multiple PHP remote file inclusion vulnerabilities in myphpPagetool ...)
	NOT-FOR-US: myphpPagetool
CVE-2007-4946 (LetterGrade allows remote attackers to obtain sensitive information ...)
	NOT-FOR-US: LetterGrade
CVE-2007-4945 (Multiple cross-site scripting (XSS) vulnerabilities in LetterGrade ...)
	NOT-FOR-US: LetterGrade
CVE-2007-4944 (The canvas.createPattern function in Opera 9.x before 9.22 for Linux, ...)
	NOT-FOR-US: Opera
CVE-2007-4943 (Multiple buffer overflows in a certain ActiveX control in sparser.dll ...)
	NOT-FOR-US: Baofeng Storm
CVE-2007-4942 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: Focus/SIS
CVE-2007-4941 (KMPlayer 2.9.3.1210 and earlier allows remote attackers to cause a ...)
	NOT-FOR-US: KMPlayer for windows
	NOTE: its not kmplayer we ship its a windows only media player
CVE-2007-4940 (Multiple integer overflows in Media Player Classic (MPC) 6.4.9.0 and ...)
	NOT-FOR-US: Media Player Classic
CVE-2007-4939 (Heap-based buffer overflow in mplayerc.exe in Media Player Classic ...)
	NOT-FOR-US: Media Player Classic
CVE-2007-4938 (Heap-based buffer overflow in libmpdemux/aviheader.c in MPlayer 1.0rc1 ...)
	{DTSA-65-1}
	- mplayer 1.0~rc1-16.1 (bug #443478; unimportant)
	NOTE: just a NULL pointer dereference, not treated as a security problem for this class of applications
CVE-2007-4937 (CS Guestbook stores sensitive information under the web root with ...)
	NOT-FOR-US: CS Guestbook
CVE-2007-4936 (Unspecified vulnerability in Office Efficiencies SafeSquid 4.1.x has ...)
	NOT-FOR-US: SafeSquid
CVE-2007-4935 (Multiple PHP remote file inclusion vulnerabilities in phpFFL 1.24 ...)
	NOT-FOR-US: phpFFL
CVE-2007-4934 (Multiple PHP remote file inclusion vulnerabilities in phpFFL 1.24 ...)
	NOT-FOR-US: phpFFL
CVE-2007-4933 (Direct static code injection vulnerability in ...)
	NOT-FOR-US: Shop-Script FREE
CVE-2007-4932 (admin.php in Shop-Script FREE 2.0 and earlier sends a redirect to the ...)
	NOT-FOR-US: Shop-Script FREE
CVE-2007-4931 (HP System Management Homepage (SMH) for Windows, when used in ...)
	NOT-FOR-US: HP System Management Homepage
CVE-2007-4930 (Multiple cross-site request forgery (CSRF) vulnerabilities in the AXIS ...)
	NOT-FOR-US: Axis firmware
CVE-2007-4929 (Multiple cross-site scripting (XSS) vulnerabilities in the AXIS 207W ...)
	NOT-FOR-US: Axis firmware
CVE-2007-4928 (The AXIS 207W camera stores a WEP or WPA key in cleartext in the ...)
	NOT-FOR-US: Axis firmware
CVE-2007-4927 (axis-cgi/buffer/command.cgi on the AXIS 207W camera allows remote ...)
	NOT-FOR-US: Axis firmware
CVE-2007-4926 (The AXIS 207W camera uses a base64-encoded cleartext username and ...)
	NOT-FOR-US: Axis firmware
CVE-2007-4925 (The ewirePC_Decrypt function in ewirepcfunctions.php in eWire Payment ...)
	NOT-FOR-US: eWire Payment Client
CVE-2007-4924 (The Open Phone Abstraction Library (opal), as used by (1) Ekiga before ...)
	- opal 2.2.11~dfsg1-1 (low)
	[etch] - opal 2.2.3.dfsg-3+etch1 (bug #454141)
	NOTE: will be fixed by regular stable update
CVE-2007-4923 (PHP remote file inclusion vulnerability in admin.joomlaradiov5.php in ...)
	NOT-FOR-US: Joomla extension
CVE-2007-4922 (SQL injection vulnerability in play.php in the jeuxflash 1.0 module ...)
	NOT-FOR-US: KwsPhp
CVE-2007-4921 (PHP remote file inclusion vulnerability in _includes/settings.inc.php ...)
	NOT-FOR-US: Ajax File Browser
CVE-2007-4920 (SQL injection vulnerability in soporte_derecha_w.php in PHP Webquest ...)
	NOT-FOR-US: Webquest
CVE-2007-4919 (Multiple SQL injection vulnerabilities in JBlog 1.0 allow (1) remote ...)
	NOT-FOR-US: Jblog
CVE-2007-4918 (SQL injection vulnerability in classes/gelato.class.php in Gelato ...)
	NOT-FOR-US: Gelato
CVE-2007-4917 (Cross-site scripting (XSS) vulnerability in tracking.php in PHP-Stats ...)
	NOT-FOR-US: Php-Stats
CVE-2007-4916 (Heap-based buffer overflow in the FileFind::FindFile method in (1) ...)
	NOT-FOR-US: MFC Library
CVE-2007-4915 (The Intersil isl3893 extensions for Boa 0.93.15, as used on the ...)
	- boa <not-affected> (We don't ship this extension)
CVE-2007-4914 (Unspecified vulnerability in the subscriptions manager in Invision ...)
	NOT-FOR-US: Invision Power Board
CVE-2007-4913 (ips_kernel/class_upload.php in Invision Power Board (IPB or IP.Board) ...)
	NOT-FOR-US: Invision Power Board
CVE-2007-4912 (Cross-site scripting (XSS) vulnerability in ips_kernel/class_ajax.php ...)
	NOT-FOR-US: Invision Power Board
CVE-2007-4911 (JSMP3OGGWt.dll in JetCast Server 2.0.0.4308 allows remote attackers to ...)
	NOT-FOR-US: JetCast Server
CVE-2007-4910 (Unspecified vulnerability in netInvoicing before 2.7.3 has unknown ...)
	NOT-FOR-US: Netinvoicing
CVE-2007-4909 (Interpretation conflict in WinSCP before 4.0.4 allows remote attackers ...)
	NOT-FOR-US: WinSCP
CVE-2007-4908 (Directory traversal vulnerability in index.php in AuraCMS 2.1 and ...)
	NOT-FOR-US: AuraCMS
CVE-2007-4907 (Multiple PHP remote file inclusion vulnerabilities in X-Cart allow ...)
	NOT-FOR-US: X-Cart
CVE-2007-4906 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: NuclearBB
CVE-2007-4905 (Unrestricted file upload vulnerability in mod/contak.php in AuraCMS ...)
	NOT-FOR-US: AuraCMS
CVE-2007-4904 (RealNetworks RealPlayer 10.1.0.3114 and earlier, and Helix Player ...)
	- helix-player <unfixed> (unimportant; bug #443130)
	NOTE: Just a floating point exception by via a crafted .au file)
CVE-2007-4903 (Multiple buffer overflows in a certain ActiveX control in CryptoX.dll ...)
	NOT-FOR-US: Ultra Crypto Component
CVE-2007-4902 (Absolute path traversal vulnerability in a certain ActiveX control in ...)
	NOT-FOR-US: Ultra Crypto Component
CVE-2007-4901 (The embedded Internet Explorer server control in AOL Instant Messenger ...)
	NOT-FOR-US: AOL Instant Messenger
CVE-2007-4900 (Cross-site scripting (XSS) vulnerability in the logon page in RSA ...)
	NOT-FOR-US: RSA EnVision
CVE-2007-4899 (Multiple cross-site scripting (XSS) vulnerabilities in Boinc Forum ...)
	NOT-FOR-US: Boinc Forum
CVE-2007-4898 (Unspecified vulnerability in the Multiwiki plugin in XWiki before 1.1 ...)
	NOT-FOR-US: Xwiki
CVE-2007-4897 (pwlib, as used by Ekiga 2.0.5 and possibly other products, allows ...)
	{DTSA-94-1}
	- pwlib 1.10.10-1.1 (low; bug #454133)
	- pwlib-titan 1.11.2-1.1 (low; bug #454139)
	[etch] - pwlib 1.10.2-2+etch1
	[sarge] - pwlib 1.8.4-1+sarge1.1
CVE-2007-4896 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
	NOT-FOR-US: Toms Gaestebuch
CVE-2007-4895 (Directory traversal vulnerability in dwoprn.php in Sisfo Kampus 2006 ...)
	NOT-FOR-US: Sisfo Kampus
CVE-2007-4894 (Multiple SQL injection vulnerabilities in Wordpress before 2.2.3 and ...)
	- wordpress 2.2.3-1 (medium)
	[etch] - wordpress <not-affected> (Vulnerable code not yet introduced)
CVE-2007-4893 (wp-admin/admin-functions.php in Wordpress before 2.2.3 and Wordpress ...)
	- wordpress 2.2.3-1 (low)
	[etch] - wordpress <not-affected> (Vulnerable code not yet introduced)
CVE-2007-4892 (Multiple SQL injection vulnerabilities in SWSoft Plesk 7.6.1, 8.1.0, ...)
	NOT-FOR-US: Plesk (Windows)
CVE-2007-XXXX [libgd2: gdImageColorTransparent can write outside buffer]
	- libgd2 2.0.35.dfsg-3
	[etch] - libgd2 2.0.33-5.2etch1 
CVE-2007-4891 (A certain ActiveX control in PDWizard.ocx 6.0.0.9782 and earlier in ...)
	NOT-FOR-US: PDWizard
CVE-2007-4890 (Absolute directory traversal vulnerability in a certain ActiveX ...)
	NOT-FOR-US: Microsoft Visual Studio
CVE-2007-4889 (The MySQL extension in PHP 5.2.4 and earlier allows remote attackers ...)
	- php5 <unfixed> (unimportant)
	NOTE: basedir and safemode not supported
CVE-2007-4888 (The &quot;You are not allowed...&quot; error handler in XWiki 1.0 B1 and 1.0 B2 ...)
	NOT-FOR-US: Xwiki
CVE-2007-4887 (The dl function in PHP 5.2.4 and earlier allows context-dependent ...)
	- php5 5.2.5-1 (unimportant)
	NOTE: Only triggerable by malicious script
CVE-2007-4886 (Incomplete blacklist vulnerability in index.php in AuraCMS 1.x and ...)
	NOT-FOR-US: Aura CMS
CVE-2007-4885 (Avnex AV MP3 Player allows user-assisted remote attackers to cause a ...)
	NOT-FOR-US: Avnex AV MP3 Player
CVE-2007-4884 (Media Player Classic (MPC) allows user-assisted remote attackers to ...)
	NOT-FOR-US: Windows
CVE-2007-4883 (Cross-site scripting (XSS) vulnerability in the BotQuery extension in ...)
	- mediawiki-extensions <not-affected> (We don't ship this extension)
CVE-2007-4882 (Multiple cross-site scripting (XSS) vulnerabilities in TechExcel ...)
	NOT-FOR-US: TechExcel CustomerWise
CVE-2007-4881 (SQL injection vulnerability in profile/myprofile.php in psi-labs.com ...)
	NOT-FOR-US: Psilabs
CVE-2007-4880 (Buffer overflow in the Client Acceptor Daemon (CAD), dsmcad.exe, in ...)
	NOT-FOR-US: IBM Tivoli Storage Manager (TSM)
CVE-2007-4879 (Mozilla Firefox before Firefox 2.0.0.13, and SeaMonkey before 1.1.9, ...)
	{DSA-1534-2 DSA-1535-1 DSA-1534-1 DSA-1532-1}
	- iceweasel 2.0.0.13-1 (low; bug #444803)
	- iceape 1.1.9-1 (low; bug #444805)
	- xulrunner 1.8.1.13-1
CVE-2007-4878
	RESERVED
CVE-2007-4877
	RESERVED
CVE-2007-4876
	RESERVED
CVE-2007-4875
	RESERVED
CVE-2007-4874 (Multiple cross-site scripting (XSS) vulnerabilities in SimpNews ...)
	NOT-FOR-US: SimpNews
CVE-2007-4873 (SimpNews 2.41.03 stores sensitive information under the web root with ...)
	NOT-FOR-US: SimpNews
CVE-2007-4872 (SimpNews 2.41.03 allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: SimpNews
CVE-2007-4871
	RESERVED
CVE-2007-4870
	RESERVED
CVE-2007-4869
	RESERVED
CVE-2007-4868
	RESERVED
CVE-2007-4867
	RESERVED
CVE-2007-4866
	RESERVED
CVE-2007-4865
	RESERVED
CVE-2007-4864
	RESERVED
CVE-2007-4863 (SQL injection vulnerability in example.php in SAXON 5.4 allows remote ...)
	NOT-FOR-US: SAXON
CVE-2007-4862 (Cross-site scripting (XSS) vulnerability in admin/menu.php in SAXON ...)
	NOT-FOR-US: SAXON
CVE-2007-4861 (SAXON 5.4, with display_errors enabled, allows remote attackers to ...)
	NOT-FOR-US: SAXON
CVE-2007-4860
	RESERVED
CVE-2007-4859
	RESERVED
CVE-2007-4858
	RESERVED
CVE-2007-4857
	RESERVED
CVE-2007-4856
	RESERVED
CVE-2007-4855
	RESERVED
CVE-2007-4854
	RESERVED
CVE-2007-4853
	RESERVED
CVE-2007-4852
	RESERVED
CVE-2007-4851
	REJECTED
CVE-2006-7223 (PreviewAction in XWiki 0.9.543 through 0.9.1252 does not set the ...)
	NOT-FOR-US: Xwiki
CVE-2005-4862 (The search functionality in XWiki 0.9.793 indexes cleartext user ...)
	NOT-FOR-US: Xwiki
CVE-2007-4850 (curl/interface.c in the cURL library (aka libcurl) in PHP 5.2.4 and ...)
	- php4 <removed> (unimportant)
	- php5 5.2.6-1 (unimportant)
	NOTE: Safe mode bypasses not treated as security problems
CVE-2007-4849 (JFFS2, as used on One Laptop Per Child (OLPC) build 542 and possibly ...)
	{DSA-1378-2 DSA-1378-1}
	- linux-2.6 2.6.23-1 (bug #442245; low)
CVE-2007-4848 (Microsoft Internet Explorer 4.0 through 7 allows remote attackers to ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2007-4847 (Google Picasa allows remote attackers to read image files stored by ...)
	NOT-FOR-US: Google Picasa
CVE-2007-4846 (SQL injection vulnerability in start.php in Webace-Linkscript (wls) ...)
	NOT-FOR-US: Webace-Linkscript
CVE-2007-4845 (Multiple SQL injection vulnerabilities in UPLOAD/index.php in ...)
	NOT-FOR-US: RW::Download
CVE-2007-4844 (X-Diesel Unreal Commander 0.92 build 565 and 573 does not properly ...)
	NOT-FOR-US: Unreal Commander
CVE-2007-4843 (Directory traversal vulnerability in X-Diesel Unreal Commander 0.92 ...)
	NOT-FOR-US: Unreal Commander
CVE-2007-4842 (Directory traversal vulnerability in Enriva Development Magellan ...)
	NOT-FOR-US: Magellan Explorer
CVE-2007-4841 (Mozilla Firefox before 2.0.0.8, Thunderbird before 2.0.0.8, and ...)
	{DTSA-69-1}
	- iceweasel <not-affected> (windows only issue)
	- iceape <not-affected> (windows only issue)
	- xulrunner <not-affected> (windows only issue)
	- icedove <not-affected> (windows only issue)
	NOTE: MFSA2007-36
	NOTE: see https://bugzilla.mozilla.org/show_bug.cgi?id=394974
CVE-2007-4840 (PHP 5.2.4 and earlier allows context-dependent attackers to cause a ...)
	- glibc 2.7-1 (unimportant)
	NOTE: Original PHP issue only triggerable by malicious script
CVE-2007-4839 (Unspecified vulnerability in the PD tools component in IBM WebSphere ...)
	NOT-FOR-US: IBM WebSphere
CVE-2007-4838 (Multiple buffer overflows in CellFactor Revolution 1.03 and earlier ...)
	NOT-FOR-US: CellFactor Revolution
CVE-2007-4837 (SQL injection vulnerability in anket.asp in Proxy Anket 3.0.1 allows ...)
	NOT-FOR-US: Proxy Anket
CVE-2007-4836 (Cross-site scripting (XSS) vulnerability in index.php in phpMyQuote ...)
	NOT-FOR-US: phpMyQuote
CVE-2007-4835 (SQL injection vulnerability in index.php in phpMyQuote 0.20 allows ...)
	NOT-FOR-US: phpMyQuote
CVE-2007-4834 (Multiple PHP remote file inclusion vulnerabilities in phpRealty 0.02 ...)
	NOT-FOR-US: phpRealty
CVE-2007-4833 (Unspecified vulnerability in the Edge Component in IBM WebSphere ...)
	NOT-FOR-US: IBM WebSphere
CVE-2007-4832 (Format string vulnerability in CellFactor Revolution 1.03 and earlier ...)
	NOT-FOR-US: CellFactor Revolution
CVE-2007-4831 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
	NOT-FOR-US: TorrentTrader
CVE-2007-4830 (Cross-site scripting (XSS) vulnerability in CMD_BANDWIDTH_BREAKDOWN in ...)
	NOT-FOR-US: DirectAdmin
CVE-2007-4829 (Directory traversal vulnerability in the Archive::Tar Perl module 1.36 ...)
	- perl 5.10.0-19
	- libarchive-tar-perl 1.38-1 (low; bug #449544)
	[sarge] - libarchive-tar-perl <no-dsa> (Minor issue)
	[etch] - libarchive-tar-perl <no-dsa> (Minor issue)
CVE-2007-4828 (Cross-site scripting (XSS) vulnerability in the API pretty-printing ...)
	- mediawiki 1.10.2-1 (low; bug #442255)
	[etch] - mediawiki <not-affected> (Does not include the vulnerable code)
CVE-2007-4827 (Unspecified vulnerability in the Modbus/TCP Diagnostic function in ...)
	NOT-FOR-US: Modbus Slave ActiveX Control
CVE-2007-4826 (bgpd in Quagga before 0.99.9 allows explicitly configured BGP peers to ...)
	{DSA-1382-1}
	- quagga 0.99.9-1 (low; bug #442133)
	NOTE: Upstream says that this can only be exploited by configured peers.
CVE-2007-4825 (Directory traversal vulnerability in PHP 5.2.4 and earlier allows ...)
	- php5 5.2.5-1 (unimportant)
	- php4 <not-affected> (error message "Allowed memory size of 8388608 bytes exhausted...")
	NOTE: php5 PoC can be reproduced, basedir violations not treated as security problems
CVE-2007-4824 (Multiple cross-application scripting (XAS) vulnerabilities in Google ...)
	NOT-FOR-US: Google Picasa
CVE-2007-4823 (Multiple buffer overflows in Google Picasa have unspecified attack ...)
	NOT-FOR-US: Google Picasa
CVE-2007-4822 (Cross-site request forgery (CSRF) vulnerability in the device ...)
	NOT-FOR-US: Buffalo AirStation firmware
CVE-2007-4821 (Buffer overflow in a certain ActiveX control in officeviewer.ocx ...)
	NOT-FOR-US: EDraw Office Viewer
CVE-2007-4820 (Absolute path traversal vulnerability in blanko.preview.php in Sisfo ...)
	NOT-FOR-US: Sisfo Kampus
CVE-2007-4819 (Multiple cross-site scripting (XSS) vulnerabilities in Txx CMS 0.2 ...)
	NOT-FOR-US: Txx CMS
CVE-2007-4818 (Multiple PHP remote file inclusion vulnerabilities in Txx CMS 0.2 ...)
	NOT-FOR-US: Txx CMS
CVE-2007-4817 (Unrestricted file upload vulnerability in the Restaurante ...)
	NOT-FOR-US: Joomla component
	NOTE: not included in standard joomla installation, joomla has an itp though
CVE-2007-4816 (Multiple buffer overflows in the BaoFeng2 storm ActiveX control in ...)
	NOT-FOR-US: BaoFeng2
CVE-2007-4815 (Multiple PHP remote file inclusion vulnerabilities in WebED in Markus ...)
	NOT-FOR-US: WebED
CVE-2007-4814 (Buffer overflow in the SQLServer ActiveX control in the Distributed ...)
	NOT-FOR-US: Microsoft SQL Server Enterprise Manager
CVE-2007-4813 (Cross-site scripting (XSS) vulnerability in Domino Blogsphere 3.01 ...)
	NOT-FOR-US: Domino Blogsphere
CVE-2007-4812 (Buffer overflow in Apple Safari 3.0.3 522.15.5, and other versions ...)
	NOT-FOR-US: Mac OS
CVE-2007-4811 (Multiple cross-site scripting (XSS) vulnerabilities in Netjuke 1.0-rc2 ...)
	NOT-FOR-US: Netjuke
CVE-2007-4810 (Multiple SQL injection vulnerabilities in Netjuke 1.0-rc2 allow remote ...)
	NOT-FOR-US: Netjuke
CVE-2007-4809 (Multiple PHP remote file inclusion vulnerabilities in Online Fantasy ...)
	NOT-FOR-US: Online Fantasy Football League
CVE-2007-4808 (Multiple SQL injection vulnerabilities in TLM CMS 3.2 allow remote ...)
	NOT-FOR-US: TLM CMS
CVE-2007-4807 (Multiple PHP remote file inclusion vulnerabilities in Focus/SIS 2.2 ...)
	NOT-FOR-US: Focus/SIS
CVE-2007-4806 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: Focus/SIS
CVE-2007-4805 (Directory traversal vulnerability in getgalldata.php in fuzzylime ...)
	NOT-FOR-US: Fuzzylime CMS
CVE-2007-4804 (Multiple SQL injection vulnerabilities in AuraCMS 1.5rc allow remote ...)
	NOT-FOR-US: AuraCMS
CVE-2007-4803 (Buffer overflow in AtomixMP3 2.3 allows user-assisted remote attackers ...)
	NOT-FOR-US: AtomixMP3
CVE-2007-4802 (Multiple heap-based buffer overflows in GlobalLink 2.7.0.8 allow ...)
	NOT-FOR-US: GlobalLink
CVE-2007-4801
	RESERVED
CVE-2007-4800
	RESERVED
CVE-2007-4799 (The perfstat kernel extension in bos.perf.perfstat in AIX 5.3 does not ...)
	NOT-FOR-US: AIX perfstat kernel extension
CVE-2007-4798 (Unspecified vulnerability in invscout in Inventory Scout in ...)
	NOT-FOR-US: invscout
CVE-2007-4797 (Multiple buffer overflows in unspecified svprint (System V print) ...)
	NOT-FOR-US: System V print
CVE-2007-4796 (Buffer overflow in uucp in bos.net.uucp in IBM AIX 5.2 and 5.3 allows ...)
	NOT-FOR-US: uucp IBM AIX
CVE-2007-4795 (Buffer overflow in mkpath in bos.rte.methods in IBM AIX 5.2 and 5.3 ...)
	NOT-FOR-US: mkpath IBM AIX
CVE-2007-4794 (Buffer overflow in fcstat in devices.common.IBM.fc.rte in IBM AIX 5.2 ...)
	NOT-FOR-US: fcstat IBM AIX
CVE-2007-4793 (Buffer overflow in xlplm in plm.server.rte in IBM AIX 5.2 and 5.3 ...)
	NOT-FOR-US: xlplm IBM AIX
CVE-2007-4792 (Buffer overflow in ibstat in devices.common.IBM.ib.rte in IBM AIX 5.3 ...)
	NOT-FOR-US: ibstat IBM AIX
CVE-2007-4791 (Buffer overflow in the swcons command in bos.rte.console in IBM AIX ...)
	NOT-FOR-US: swcons IBM AIX
CVE-2007-4790 (Stack-based buffer overflow in certain ActiveX controls in (1) ...)
	NOT-FOR-US: Microsoft Visual FoxPro
CVE-2007-4789 (Cisco Content Switching Modules (CSM) 4.2 before 4.2.7, and Cisco ...)
	NOT-FOR-US: Cisco CSM
CVE-2007-4788 (Cisco Content Switching Modules (CSM) 4.2 before 4.2.3a, and Cisco ...)
	NOT-FOR-US: Cisco CSM
CVE-2007-4787 (The virus detection engine in Sophos Anti-Virus before 2.49.0 does not ...)
	NOT-FOR-US: Sophos Anti-Virus
CVE-2007-4786 (Cisco Adaptive Security Appliance (ASA) running PIX 7.0 before ...)
	NOT-FOR-US: Cisco ASA
CVE-2007-4785 (Sony Micro Vault Fingerprint Access Software, as distributed with Sony ...)
	NOT-FOR-US: Sony Micro Vault
CVE-2007-4784 (The setlocale function in PHP before 5.2.4 allows context-dependent ...)
	- php5 5.2.5-1 (unimportant; bug #441972)
	NOTE: Only triggerable by malicious script
CVE-2007-4783 (The iconv_substr function in PHP 5.2.4 and earlier allows ...)
	- php5 5.2.5-1 (unimportant; bug #441972)
	NOTE: Only triggerable by malicious script
CVE-2007-4782 (PHP before 5.2.3 allows context-dependent attackers to cause a denial ...)
	- php5 5.2.3-1 (unimportant)
	NOTE: Only triggerable by malicious script
CVE-2007-4781 (administrator/index.php in the installer component (com_installer) in ...)
	NOT-FOR-US: Joomla
CVE-2007-4780 (Joomla! 1.5 before RC2 (aka Endeleo) allows remote attackers to obtain ...)
	NOT-FOR-US: Joomla
CVE-2007-4779 (Cross-site scripting (XSS) vulnerability in Joomla! 1.5 before RC2 ...)
	NOT-FOR-US: Joomla
CVE-2007-4778 (Multiple SQL injection vulnerabilities in the content component ...)
	NOT-FOR-US: Joomla
CVE-2007-4777 (SQL injection vulnerability in Joomla! 1.5 before RC2 (aka Endeleo) ...)
	NOT-FOR-US: Joomla
CVE-2007-4776 (Buffer overflow in Microsoft Visual Basic 6.0 and Enterprise Edition ...)
	NOT-FOR-US: Microsoft Visual Basic
CVE-2007-4775
	RESERVED
CVE-2007-4774
	RESERVED
CVE-2007-4773
	RESERVED
CVE-2007-4772 (The regular expression parser in TCL before 8.4.17, as used in ...)
	{DSA-1463-1 DSA-1460-1}
	- postgresql-8.2 8.2.6-1
	- postgresql-8.1 8.1.11-1
	- tcl8.3 8.3.5-13 (low)
	[etch] - tcl8.3 <no-dsa> (Minor issue)
	- tcl8.4 8.4.17-1 (low)
	[etch] - tcl8.4 <no-dsa> (Minor issue)
	[sarge] - postgresql <unfixed>
CVE-2007-4771 (Heap-based buffer overflow in the doInterval function in regexcmp.cpp ...)
	{DSA-1511-1}
	- icu 3.8-6 (bug #463688)
CVE-2007-4770 (libicu in International Components for Unicode (ICU) 3.8.1 and earlier ...)
	{DSA-1511-1}
	- icu 3.8-6 (bug #463688)
CVE-2007-4769 (The regular expression parser in TCL before 8.4.17, as used in ...)
	{DSA-1463-1 DSA-1460-1}
	- postgresql-8.2 8.2.6-1
	- postgresql-8.1 8.1.11-1
	- tcl8.3 <not-affected> (only builds with UCS-4 internal char encoding affected, Debian builds use UCS-2 referring to maintainer)
	- tcl8.4 <not-affected> (only builds with UCS-4 internal char encoding affected, Debian builds use UCS-2 referring to maintainer)
	[sarge] - postgresql <unfixed>
CVE-2007-4768 (Heap-based buffer overflow in Perl-Compatible Regular Expression ...)
	{DSA-1570-1 DSA-1399-1 DTSA-77-1}
	- pcre3 7.3-1
	- kazehakase 0.5.2-1
	- glib2.0 2.14.3-1 (unimportant)
	NOTE: glib only embeds pcre in the udeb, no attack vector
CVE-2007-4767 (Perl-Compatible Regular Expression (PCRE) library before 7.3 does not ...)
	{DSA-1570-1 DSA-1399-1 DTSA-77-1}
	- pcre3 7.3-1
	- kazehakase 0.5.2-1
	- glib2.0 2.14.3-1 (unimportant)
	NOTE: glib only embeds pcre in the udeb, no attack vector
CVE-2007-4766 (Multiple integer overflows in Perl-Compatible Regular Expression ...)
	{DSA-1570-1 DSA-1399-1 DTSA-77-1}
	- pcre3 7.3-1
	- kazehakase 0.5.2-1
	- glib2.0 2.14.3-1 (unimportant)
	NOTE: glib only embeds pcre in the udeb, no attack vector
CVE-2007-4765
	RESERVED
CVE-2007-4764 (Directory traversal vulnerability in pawfaliki.php in Pawfaliki 0.5.1 ...)
	NOT-FOR-US: Pawfaliki
CVE-2007-4763 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: PHPOF
CVE-2007-4762 (Multiple SQL injection vulnerabilities in embadmin/login.asp in ...)
	NOT-FOR-US: E-SMARTCART
CVE-2007-4761 (Unrestricted file upload vulnerability in upload.php in Barbo91 1.1 ...)
	NOT-FOR-US: Barbo91
CVE-2007-4760 (The javadoc tool in Cosminexus Developer's Kit for Java in Cosminexus ...)
	NOT-FOR-US: Cosminexus Developer's Kit
CVE-2007-4759 (Multiple unspecified vulnerabilities in the image-processing APIs in ...)
	NOT-FOR-US: Cosminexus Developer's Kit
CVE-2007-4758 (Multiple buffer overflows in the image-processing APIs in Cosminexus ...)
	NOT-FOR-US: Cosminexus Developer's Kit
CVE-2007-4757 (PHP remote file inclusion vulnerability in menu.php in phpMytourney ...)
	NOT-FOR-US: phpMytourney
CVE-2007-4756 (Directory traversal vulnerability in the FTP client in Total Commander ...)
	NOT-FOR-US: Total Commander
CVE-2007-4755 (Alien Arena 2007 6.10 and earlier allows remote attackers to cause a ...)
	- alien-arena 6.05-4.1 (low; bug #442075)
CVE-2007-4754 (Format string vulnerability in the safe_bprintf function in ...)
	- alien-arena 6.05-4.1 (medium; bug #442075)
CVE-2007-4753 (The Thomson ST 2030 SIP phone with software 1.52.1 allows remote ...)
	NOT-FOR-US: Thomson ST 2030 SIP phone
CVE-2007-4751 (RemoteDocs R-Viewer before 1.6.3768 stores encrypted RDZ file data in ...)
	NOT-FOR-US: RemoteDocs R-Viewer
CVE-2007-4750 (Unspecified vulnerability in RemoteDocs R-Viewer before 1.6.3768 ...)
	NOT-FOR-US: RemoteDocs R-Viewer
CVE-2007-4749 (The cmdjob utility in Autodesk Backburner 3.0.2 allows remote ...)
	NOT-FOR-US: Autodesk Backburner
CVE-2007-4752 (ssh in OpenSSH before 4.7 does not properly handle when an untrusted ...)
	{DSA-1576-1}
	- openssh 1:4.7p1-1 (low; bug #444738)
	[etch] - openssh <no-dsa> (minor issue in weak security measure)
	[sarge] - openssh <no-dsa> (minor issue in weak security measure)
	NOTE: An exploit needs limited control over the machine running a
	NOTE: trusted X client, so this is only a slight privilege
	NOTE: escalation.  The X Security extension is merely an afterthought
	NOTE: and is unlikely to provide strong security guarantees.
CVE-2007-4748 (Buffer overflow in the PowerPlayer.dll ActiveX control in PPStream ...)
	NOT-FOR-US: PowerPlayer
CVE-2007-4747 (The telnet service in Cisco Video Surveillance IP Gateway ...)
	NOT-FOR-US: Cisco firmware
CVE-2007-4746 (The Cisco Video Surveillance IP Gateway Encoder/Decoder (Standalone ...)
	NOT-FOR-US: Cisco firmware
CVE-2007-4745 (Multiple cross-site scripting (XSS) vulnerabilities in the AkoBook ...)
	NOT-FOR-US: AkoBook
CVE-2007-4744 (PHP remote file inclusion vulnerability in environment.php in ...)
	NOT-FOR-US: AnyInventory
CVE-2007-4742 (Claroline before 1.8.6 allows remote authenticated administrators to ...)
	NOT-FOR-US: Claroline
CVE-2007-4741 (Cross-site scripting (XSS) vulnerability in admin/adminusers.php in ...)
	NOT-FOR-US: Claroline
CVE-2007-4740 (The HPRevolutionRegistryManager ActiveX control in ...)
	NOT-FOR-US: HPRevolutionRegistryManager
CVE-2007-4739 (reprepro 1.3.0 through 2.2.3 does not properly verify signatures when ...)
	{DSA-1394-1}
	- reprepro 2.2.4-1 (high; bug #440535)
	NOTE: patch for etch in the BTS
	[sarge] - reprepro <not-affected> (Vulnerable code introduced in 1.3.0)
CVE-2007-4738 (Multiple PHP remote file inclusion vulnerabilities in SpeedTech PHP ...)
	NOT-FOR-US: SpeedTech PHP Library
CVE-2007-4737 (Multiple PHP remote file inclusion vulnerabilities in SpeedTech PHP ...)
	NOT-FOR-US: SpeedTech PHP Library
CVE-2007-4736 (SQL injection vulnerability in category.php in CartKeeper CKGold ...)
	NOT-FOR-US: CartKeeper CKGold Shopping Cart
CVE-2007-4735 (Buffer overflow in Next Generation Software Virtual DJ (VDJ) 5.0 ...)
	NOT-FOR-US: Virtual DJ
CVE-2007-4734 (Buffer overflow in Ots Labs OTSTurntables 1.00 allows user-assisted ...)
	NOT-FOR-US: OTSTurntables
CVE-2007-4733 (The Aztech DSL600EU router, when WAN access to the web interface is ...)
	NOT-FOR-US: Aztech firmware
CVE-2007-4732 (Unspecified vulnerability in the strfreectty function in the Special ...)
	NOT-FOR-US: Special File System
CVE-2004-2685 (Buffer overflow in YoungZSoft CCProxy 6.2 and earlier allows remote ...)
	NOT-FOR-US: Ccproxy
CVE-2007-4743 (The original patch for CVE-2007-3999 in svc_auth_gss.c in the ...)
	{DSA-1387-1 DSA-1367-1}
	- krb5 1.6.dfsg.1-7 (high; bug #441209)
	[sarge] - krb5 <not-affected> (Vulnerable code not present)
	- librpcsecgss 0.14-4 (high; bug #441393)
	NOTE: http://article.gmane.org/gmane.comp.encryption.kerberos.announce/86
	NOTE: 1.6.dfsg.1-7 somehow already includes the updated version
CVE-2007-4731 (Stack-based buffer overflow in the TMregChange function in TMReg.dll ...)
	NOT-FOR-US: Trend Micro ServerProtect
CVE-2007-4730 (Buffer overflow in the compNewPixmap function in compalloc.c in the ...)
	{DSA-1372-1 DTSA-73-1}
	- xorg-server 2:1.4-1
	NOTE: XFree86 is not affected
CVE-2007-4729
	RESERVED
CVE-2007-4728
	RESERVED
CVE-2007-4727 (Buffer overflow in the fcgi_env_add function in ...)
	{DSA-1362-1}
	- lighttpd 1.4.18-1 (medium; bug #441555)
	NOTE: http://www.lighttpd.net/assets/2007/9/9/lighttpd_sa_2007_12.txt
	NOTE: http://www.lighttpd.net/download/lighttpd-1.4.x_mod_fastcgi_overrun.patch
	NOTE: http://www.milw0rm.com/exploits/4391
CVE-2007-4726 (Directory traversal vulnerability in Web Oddity 0.09b allows remote ...)
	NOT-FOR-US: Web Oddity
CVE-2007-4725 (Stack consumption vulnerability in AkkyWareHOUSE 7-zip32.dll before ...)
	NOT-FOR-US: AkkyWareHOUSE
CVE-2007-4724 (Cross-site request forgery (CSRF) vulnerability in cal2.jsp in the ...)
	- tomcat5.5 <not-affected> (Version already ships fixed files)
	- tomcat5 <unfixed> (unimportant; bug #441205)
	- libservlet2.4-java 5.0.30-6 (unimportant)
	NOTE: DSA should not be required, minor issue, jsp just present as example
CVE-2007-4723 (Directory traversal vulnerability in Ragnarok Online Control Panel ...)
	NOT-FOR-US: Ragnarok
CVE-2007-4722 (Multiple stack-based buffer overflows in the Quantum Streaming ...)
	NOT-FOR-US: Quantum Streaming
CVE-2007-4721
	REJECTED
CVE-2007-4720 (Unspecified vulnerability in the Shared Trace Service in Hitachi ...)
	NOT-FOR-US: Hitachi
CVE-2007-4719 (SQL injection vulnerability in read.php in 212cafeBoard 6.30 Beta ...)
	NOT-FOR-US: 212cafeBoard
CVE-2007-4718 (Directory traversal vulnerability in inc/lib/language.lib.php in ...)
	NOT-FOR-US: Claroline
CVE-2007-4717 (Multiple cross-site scripting (XSS) vulnerabilities in Claroline ...)
	NOT-FOR-US: Claroline
CVE-2007-4716 (Multiple SQL injection vulnerabilities in PHD Help Desk before 1.31 ...)
	NOT-FOR-US: PHD Help Desk
CVE-2007-4715 (Multiple PHP remote file inclusion vulnerabilities in Weblogicnet ...)
	NOT-FOR-US: Weblogicnet
CVE-2007-4714 (SQL injection vulnerability in error_view.php in Yvora 1.0 allows ...)
	NOT-FOR-US: Yvora
CVE-2007-4713 (Multiple cross-site scripting (XSS) vulnerabilities in urchin.cgi in ...)
	NOT-FOR-US: Urchin
CVE-2007-4712 (PHP remote file inclusion vulnerability in index.php in eNetman 1 ...)
	NOT-FOR-US: eNetman
CVE-2007-4711 (Multiple cross-site scripting (XSS) vulnerabilities in Toms Gaestebuch ...)
	NOT-FOR-US: Toms Gaestebuch
CVE-2007-4710 (Unspecified vulnerability in ColorSync in Apple Mac OS X 10.4.11 ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2007-4709 (Directory traversal vulnerability in CFNetwork in Apple Mac OS X ...)
	NOT-FOR-US: CFNetwork (Apple Mac OS X)
CVE-2007-4708 (Format string vulnerability in Address Book in Apple Mac OS X 10.4.11 ...)
	NOT-FOR-US: Address Book (Apple Mac OS X)
CVE-2007-4707 (Multiple unspecified vulnerabilities in the Flash media handler in ...)
	NOT-FOR-US: Apple QuickTime
CVE-2007-4706 (Heap-based buffer overflow in Apple QuickTime before 7.3.1 allows ...)
	NOT-FOR-US: Apple QuickTime
CVE-2007-4705
	RESERVED
CVE-2007-4704 (The Application Firewall in Apple Mac OS X 10.5 does not apply changed ...)
	NOT-FOR-US: Mac OS X
CVE-2007-4703 (The Application Firewall in Apple Mac OS X 10.5 does not prevent a ...)
	NOT-FOR-US: Mac OS X
CVE-2007-4702 (The Application Firewall in Apple Mac OS X 10.5, when &quot;Block all ...)
	NOT-FOR-US: Mac OS X
CVE-2007-4701 (WebKit on Apple Mac OS X 10.4 through 10.4.10 does not create ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2007-4700 (Unspecified vulnerability in WebKit on Apple Mac OS X 10.4 through ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2007-4699 (The default configuration of Safari in Apple Mac OS X 10.4 through ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2007-4698 (Apple Safari 3 before Beta Update 3.0.4 on Windows, and Mac OS X 10.4 ...)
	NOT-FOR-US: Apple Mac OS X, Windows
CVE-2007-4697 (Unspecified vulnerability in WebCore in Apple Mac OS X 10.4 through ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2007-4696 (Race condition in WebCore in Apple Mac OS X 10.4 through 10.4.10 ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2007-4695 (Unspecified &quot;input validation&quot; vulnerability in WebCore in Apple Mac ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2007-4694 (Safari in Apple Mac OS X 10.4 through 10.4.10 allows remote attackers ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2007-4693 (The SecurityAgent component in Mac OS X 10.4 through 10.4.10 allows ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2007-4692 (The tabbed browsing feature in Apple Safari 3 before Beta Update 3.0.4 ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2007-4691 (The NSURL component in Apple Mac OS X 10.4 through 10.4.10 performs ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2007-4690 (Double free vulnerability in the NFS component in Apple Mac OS X 10.4 ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2007-4689 (Double free vulnerability in the Networking component in Apple Mac OS ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2007-4688 (The Networking component in Apple Mac OS X 10.4 through 10.4.10 allows ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2007-4687 (The remote_cmds component in Apple Mac OS X 10.4 through 10.4.10 ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2007-4686 (Integer signedness error in the ttioctl function in bsd/kern/tty.c in ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2007-4685 (The kernel in Apple Mac OS X 10.4 through 10.4.10 allows local users ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2007-4684 (Integer overflow in the kernel in Apple Mac OS X 10.4 through 10.4.10 ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2007-4683 (Directory traversal vulnerability in the kernel in Apple Mac OS X 10.4 ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2007-4682 (CoreText in Apple Mac OS X 10.4 through 10.4.10 allows attackers to ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2007-4681 (Buffer overflow in CoreFoundation in Apple Mac OS X 10.3.9 and 10.4 ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2007-4680 (CFNetwork in Apple Mac OS X 10.3.9 and 10.4 through 10.4.10 does not ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2007-4679 (CFFTP in CFNetwork for Apple Mac OS X 10.4 through 10.4.10 allows ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2007-4678 (AppleRAID in Apple Mac OS X 10.3.9 and 10.4 through 10.4.10 allows ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2007-4677 (Heap-based buffer overflow in Apple QuickTime before 7.3 allows remote ...)
	NOT-FOR-US: Apple QuickTime
CVE-2007-4676 (Heap-based buffer overflow in Apple QuickTime before 7.3 allows remote ...)
	NOT-FOR-US: Apple QuickTime
CVE-2007-4675 (Heap-based buffer overflow in the QuickTime VR extension 7.2.0.240 in ...)
	NOT-FOR-US: Apple QuickTime
CVE-2007-4674 (An &quot;integer arithmetic&quot; error in Apple QuickTime 7.2 allows remote ...)
	NOT-FOR-US: Apple QuickTime
CVE-2007-4673 (Argument injection vulnerability in Apple QuickTime 7.2 for Windows XP ...)
	NOT-FOR-US: Apple QuickTime
CVE-2007-4672 (Stack-based buffer overflow in Apple QuickTime before 7.3 allows ...)
	NOT-FOR-US: Apple QuickTime
CVE-2007-4671 (Unspecified vulnerability in Safari in Apple iPhone 1.1.1, and Safari ...)
	NOT-FOR-US: Safari
CVE-2007-4670 (Unspecified vulnerability in PHP before 5.2.4 has unknown impact and ...)
	- php5 5.2.4-1 (unimportant)
	- php4 <removed> (unimportant)
	NOTE: This refers to an improved fix for MOPB 03-2007, which is CVE-2007-1285 and a non-issue
CVE-2007-4669 (The Services API in Firebird before 2.0.2 allows remote authenticated ...)
	- firebird2.0 2.0.3.12981.ds1-1 (bug #441405)
	[etch] - firebird2 <no-dsa> (Fixed packages have been released through backports.org, see #1529)
	[sarge] - firebird2 <unfixed>
CVE-2007-4668 (Unspecified vulnerability in the server in Firebird before 2.0.2 ...)
	- firebird2.0 2.0.3.12981.ds1-1 (bug #441405)
	[etch] - firebird2 <no-dsa> (Fixed packages have been released through backports.org, see #1529)
	[sarge] - firebird2 <unfixed>
CVE-2007-4667 (Unspecified vulnerability in the Services API in Firebird before 2.0.2 ...)
	- firebird2.0 2.0.3.12981.ds1-1 (bug #441405)
	[etch] - firebird2 <no-dsa> (Fixed packages have been released through backports.org, see #1529)
	[sarge] - firebird2 <unfixed>
CVE-2007-4666 (Unspecified vulnerability in the server in Firebird before 2.0.2, when ...)
	- firebird2.0 2.0.3.12981.ds1-1 (bug #441405)
	[etch] - firebird2 <no-dsa> (Fixed packages have been released through backports.org, see #1529)
	[sarge] - firebird2 <unfixed>
CVE-2007-4665 (Unspecified vulnerability in the server in Firebird before 2.0.2 ...)
	- firebird2.0 2.0.3.12981.ds1-1 (bug #441405)
	[etch] - firebird2 <no-dsa> (Fixed packages have been released through backports.org, see #1529)
	[sarge] - firebird2 <unfixed>
CVE-2007-4664 (Unspecified vulnerability in the (1) attach database and (2) create ...)
	- firebird2.0 2.0.3.12981.ds1-1 (bug #441405)
	[etch] - firebird2 <no-dsa> (Fixed packages have been released through backports.org, see #1529)
	[sarge] - firebird2 <unfixed>
CVE-2007-4663 (Directory traversal vulnerability in PHP before 5.2.4 allows attackers ...)
	- php5 5.2.4-1 (unimportant)
	NOTE: open_basedir not supported
CVE-2007-4662 (Buffer overflow in the php_openssl_make_REQ function in PHP before ...)
	{DSA-1444-1 DTSA-61-1}
	- php5 5.2.4-1
	NOTE: fixed in php5/etch svn
	NOTE: fix is at http://cvs.php.net/viewcvs.cgi/php-src/ext/openssl/openssl.c?r1=1.146&r2=1.147
CVE-2007-4661 (The chunk_split function in string.c in PHP 5.2.3 does not properly ...)
	- php5 5.2.4-1 (unimportant)
	NOTE: This CVE refers to an incomplete fix for CVE-2007-2872, an issue only
	NOTE: triggerable by malicious script
CVE-2007-4660 (Unspecified vulnerability in the chunk_split function in PHP before ...)
	{DSA-1444-1 DTSA-61-1}
	- php5 5.2.4-1
	NOTE: fixed in php5/etch svn
	NOTE: http://cvs.php.net/viewvc.cgi/php-src/ext/standard/string.c?r1=1.445.2.14.2.60&r2=1.445.2.14.2.61&pathrev=PHP_5_2
	NOTE: http://cvs.php.net/viewvc.cgi/php-src/ext/standard/string.c?r1=1.445.2.14.2.61&r2=1.445.2.14.2.62&pathrev=PHP_5_2
CVE-2007-4659 (The zend_alter_ini_entry function in PHP before 5.2.4 does not ...)
	{DTSA-61-1}
	- php5 5.2.4-1 (low)
	[etch] - php5 <no-dsa> (Backport prone to regressions, causes more problems that it does resolved, minor issue anyway)
CVE-2007-4658 (The money_format function in PHP 5 before 5.2.4, and PHP 4 before ...)
	{DSA-1444-1 DTSA-61-1}
	- php5 5.2.4-1 (low)
	NOTE: fixed in php5/etch svn
	NOTE: http://cvs.php.net/viewcvs.cgi/php-src/ext/standard/string.c?r1=1.640&r2=1.641, starting "Line 7667"
	NOTE: limited format string vulnerability, the will be put into strfmon and the format string chars are limited to i,n and %
CVE-2007-4657 (Multiple integer overflows in PHP 4 before 4.4.8, and PHP 5 before ...)
	{DSA-1578-1 DSA-1444-1 DTSA-61-1}
	- php5 5.2.4-1 (unimportant)
	- php4 <removed> (unimportant)
	NOTE: fixed in php4/etch, php5/etch, php4/sarge svn
	NOTE: http://cvs.php.net/viewcvs.cgi/php-src/ext/standard/string.c?r1=1.640&r2=1.641
	NOTE: Only exploitable by malicious script
CVE-2007-4656 (backup-manager-upload in Backup Manager before 0.6.3 provides the FTP ...)
	{DSA-1518-1}
	- backup-manager 0.7.6-3 (bug #439392)
CVE-2007-4655 (Multiple directory traversal vulnerabilities in CGI RESCUE Shopping ...)
	NOT-FOR-US: CGI RESCUE Shopping Basket
CVE-2007-4654 (Unspecified vulnerability in SSHield 1.6.1 with OpenSSH 3.0.2p1 on ...)
	NOT-FOR-US: SSHield
CVE-2007-4653 (SQL injection vulnerability in links.php in the Links MOD 1.2.2 and ...)
	NOT-FOR-US: Cisco Content Services Switch
CVE-2007-4652 (The session extension in PHP before 5.2.4 might allow local users to ...)
	- php5 5.2.4-1 (unimportant)
	NOTE: open_basedir() not supported
CVE-2007-4651 (Unspecified vulnerability in Adobe Connect Enterprise Server 6 allows ...)
	NOT-FOR-US: Adobe Connect Enterprise Server
CVE-2007-4650 (Multiple unspecified vulnerabilities in Gallery before 2.2.3 allow ...)
	{DSA-1404-1}
	- gallery2 2.2.3-1
	NOTE: does not affect gallery 1.x (package 'gallery')
CVE-2005-4861 (functions.php in Ragnarok Online Control Panel (ROCP) 4.3.4a allows ...)
	NOT-FOR-US: Ragnarok
CVE-2007-4649 (MicroWorld eScan Virus Control 9.0.722.1, Anti-Virus 9.0.722.1, and ...)
	NOT-FOR-US: MicroWorld eScan Virus Contro
CVE-2007-4648 (The nvcoaft51 driver in Norman Virus Control (NVC) 5.82 uses weak ...)
	NOT-FOR-US: Norman Virus Control
CVE-2007-4647 (newswire/uploadmedia.cgi in 2coolcode Our Space (Ourspace) 2.0.9 ...)
	NOT-FOR-US: Ourspace
CVE-2007-4646 (Buffer overflow in the pop3 service in Hexamail Server 3.0.0.001 Lite ...)
	NOT-FOR-US: Hexamail
CVE-2007-4645 (SQL injection vulnerability in index.php in NMDeluxe 2.0.0 allows ...)
	NOT-FOR-US: NMDeluxe
CVE-2007-4644 (Format string vulnerability in the Cl_GetPackets function in cl_main.c ...)
	NOT-FOR-US: Doomsday/deng
CVE-2007-4643 (Integer underflow in Doomsday (aka deng) 1.9.0-beta5.1 and earlier ...)
	NOT-FOR-US: Doomsday/deng
CVE-2007-4642 (Multiple buffer overflows in Doomsday (aka deng) 1.9.0-beta5.1 and ...)
	NOT-FOR-US: Doomsday/deng
CVE-2007-4641 (Directory traversal vulnerability in index.php in Pakupaku CMS 0.4 and ...)
	NOT-FOR-US: Pakupaku
CVE-2007-4640 (Unrestricted file upload vulnerability in index.php in Pakupaku CMS ...)
	NOT-FOR-US: Pakupaku
CVE-2007-4639 (EnterpriseDB Advanced Server 8.2 does not properly handle certain ...)
	NOT-FOR-US: EnterpriseDB
CVE-2007-4638 (Blizzard Entertainment StarCraft Brood War 1.15.1 and earlier allows ...)
	NOT-FOR-US: StarCraft
CVE-2007-4637 (xGB.php in xGB 2.0 does not require authentication for an admin edit ...)
	NOT-FOR-US: xGB
CVE-2007-4636 (Multiple PHP remote file inclusion vulnerabilities in phpBG 0.9.1 ...)
	NOT-FOR-US: phpBG
CVE-2007-4635 (Yahoo! Messenger 8.1.0.209 and 8.1.0.402 allows remote attackers to ...)
	NOT-FOR-US: Yahoo! Messenger
CVE-2007-4634 (Multiple SQL injection vulnerabilities in Cisco CallManager and ...)
	NOT-FOR-US: Cisco
CVE-2007-4633 (Multiple cross-site scripting (XSS) vulnerabilities in Cisco ...)
	NOT-FOR-US: Cisco
CVE-2007-4632 (Cisco IOS 12.2E, 12.2F, and 12.2S places a &quot;no login&quot; line into the ...)
	NOT-FOR-US: Cisco
CVE-2007-4631 (The DataLoader::doStart function in dataloader.cpp in QGit 1.5.6 and ...)
	- qgit 1.5.5-1.1 (bug #440950; low)
	[etch] - qgit <no-dsa> (Minor issue)
CVE-2008-0061 (MaraDNS 1.0 before 1.0.41, 1.2 before 1.2.12.08, and 1.3 before ...)
	{DSA-1445-1}
	- maradns 1.2.12.08-1
	NOTE: http://marc.info/?l=maradns-list&m=118842373527534&w=2
CVE-2007-4630 (Cross-site scripting (XSS) vulnerability in xlaapmview.asp in Absolute ...)
	NOT-FOR-US: Absolute Poll Manager
CVE-2007-4629 (Buffer overflow in the processLine funtion in maptemplate.c in ...)
	{DSA-1539-1}
	- mapserver 4.10.3-1
CVE-2007-4628 (SQL injection vulnerability in shownews.php in phpns 1.1 allows remote ...)
	NOT-FOR-US: phpns
CVE-2007-4627 (SQL injection vulnerability in index.php in ABC eStore 3.0 allows ...)
	NOT-FOR-US: ABC eStore
CVE-2007-4626 (Unspecified vulnerability in Polipo before 1.0.2 allows remote ...)
	- polipo 1.0.2-1 (low)
	[sarge] - polipo <no-dsa> (Minor issue)
	[etch] - polipo <no-dsa> (Minor issue)
CVE-2007-4625 (Polipo before 1.0.2 allows remote HTTP servers to cause a denial of ...)
	- polipo 1.0.2-1 (low)
	[sarge] - polipo <no-dsa> (Minor issue)
	[etch] - polipo <no-dsa> (Minor issue)
CVE-2007-4624 (Cross-site scripting (XSS) vulnerability in pframe.php in AbleDesign ...)
	NOT-FOR-US: AbleDesign Dynamic Picture Frame
CVE-2007-4623 (Stack-based buffer overflow in the sendrmt function in bellmail in IBM ...)
	NOT-FOR-US: IBM AIX
CVE-2007-4622 (Integer underflow in the dns_name_fromtext function in (1) ...)
	NOT-FOR-US: IBM AIX
CVE-2007-4621 (Buffer overflow in crontab in IBM AIX 5.2 allows local users to gain ...)
	NOT-FOR-US: IBM AIX
CVE-2007-4620 (Multiple stack-based buffer overflows in Computer Associates (CA) ...)
	NOT-FOR-US: CA products
CVE-2007-4619 (Multiple integer overflows in Free Lossless Audio Codec (FLAC) libFLAC ...)
	{DSA-1469-1}
	- flac 1.2.1-1 (medium)
CVE-2007-4618 (Unspecified vulnerability in BEA WebLogic Server 6.1 Gold through SP7 ...)
	NOT-FOR-US: BEA WebLogic
CVE-2007-4617 (Unspecified vulnerability in BEA WebLogic Server 6.1 Gold through SP7, ...)
	NOT-FOR-US: BEA WebLogic
CVE-2007-4616 (The SSL server implementation in BEA WebLogic Server 7.0 Gold through ...)
	NOT-FOR-US: BEA WebLogic
CVE-2007-4615 (The SSL client implementation in BEA WebLogic Server 7.0 SP7, 8.1 SP2 ...)
	NOT-FOR-US: BEA WebLogic
CVE-2007-4614 (BEA WebLogic Server 9.1 does not properly handle propagation of an ...)
	NOT-FOR-US: BEA WebLogic
CVE-2007-4613 (SSL libraries in BEA WebLogic Server 6.1 Gold through SP7, 7.0 Gold ...)
	NOT-FOR-US: BEA WebLogic
CVE-2007-4612 (CRLF injection vulnerability in contact.php in Moonware (aka Dale ...)
	NOT-FOR-US: Moonware
CVE-2007-4611 (SQL injection vulnerability in viewevent.php in Moonware (aka Dale ...)
	NOT-FOR-US: Moonware
CVE-2007-4610 (Unrestricted file upload vulnerability in config/upload.php in ...)
	NOT-FOR-US: Moonware
CVE-2007-4609 (eyeOS uses predictable checksum values in the checknum parameter for ...)
	NOT-FOR-US: eyeOS
CVE-2007-4608 (PHP remote file inclusion vulnerability in protection.php in ...)
	NOT-FOR-US: ePersonnel
CVE-2007-4607 (Buffer overflow in the EasyMailSMTPObj ActiveX control in emsmtp.dll ...)
	NOT-FOR-US: EasyMailSMTPObj ActiveX control
CVE-2007-4606 (PHP remote file inclusion vulnerability in convert/mvcw_conver.php in ...)
	NOT-FOR-US: Php-Nuke
CVE-2007-4605 (PHP remote file inclusion vulnerability in convert/mvcw.php in Virtual ...)
	NOT-FOR-US: Vwar
CVE-2007-4604 (SQL injection vulnerability in viewitem.php in DL PayCart 1.01 allows ...)
	NOT-FOR-US: DL PayCart
CVE-2007-4603 (Multiple SQL injection vulnerabilities in index.php in ACG News 1.0 ...)
	NOT-FOR-US: ACG news
CVE-2007-4602 (SQL injection vulnerability in cms/revert-content.php in Implied by ...)
	NOT-FOR-US: Micro-CMS
CVE-2007-4600 (The &quot;Protect Worksheet&quot; functionality in Mathsoft Mathcad 12 through ...)
	NOT-FOR-US: Mathsoft Mathcad
CVE-2007-4599 (Stack-based buffer overflow in RealNetworks RealPlayer 10 and possibly ...)
	NOT-FOR-US: RealPlayer
CVE-2007-4598 (IBM SurePOS 500 has (1) a default password of &quot;12345&quot; for the manager ...)
	NOT-FOR-US: IBM
CVE-2007-4597 (SQL injection vulnerability in index.php in TurnkeyWebTools SunShop ...)
	NOT-FOR-US: SunShop Shopping Cart
CVE-2007-4596 (The perl extension in PHP does not follow safe_mode restrictions, ...)
	- php5 <unfixed> (unimportant)
	NOTE: Safe mode violations not treated as vulnerabilities
CVE-2007-4595 (Cross-site scripting (XSS) vulnerability in Mayaa before 1.1.12 allows ...)
	NOT-FOR-US: Mayaa
CVE-2007-4594 (Entrust Entelligence Security Provider (ESP) 8 does not properly ...)
	NOT-FOR-US: Entrust Entelligence Security Provider
CVE-2007-4593 (Unspecified vulnerability in vstor2-ws60.sys in VMWare Workstation 6.0 ...)
	- vmware-package <not-affected> (Only vulnerable on windows hosted systems)
CVE-2007-4592 (Multiple cross-site scripting (XSS) vulnerabilities in the web ...)
	NOT-FOR-US: Rational
CVE-2007-4591 (vstor-ws60.sys in VMWare Workstation 6.0 allows local users to cause a ...)
	- vmware-package <not-affected> (Only vulnerable on windows hosted systems)
CVE-2007-4590 (The get_system_info command in Ignite-UX C.7.0 through C.7.3, and ...)
	NOT-FOR-US: Ignite-UX
CVE-2007-4589 (Multiple cross-site scripting (XSS) vulnerabilities in InterWorx ...)
	NOT-FOR-US: InterWorx Hosting Control Panel
CVE-2007-4588 (Multiple cross-site scripting (XSS) vulnerabilities in InterWorx ...)
	NOT-FOR-US: InterWorx Hosting Control Panel
CVE-2007-4587 (Cross-site scripting (XSS) vulnerability in Easy Software Cafeteria ...)
	NOT-FOR-US: escafeWeb
CVE-2007-4586 (Multiple buffer overflows in php_iisfunc.dll in the iisfunc extension ...)
	NOT-FOR-US: iisfunc (windows only)
CVE-2007-4585 (Directory traversal vulnerability in activateuser.php in 2532|Gigs ...)
	NOT-FOR-US: 2532|Gigs
CVE-2007-4584 (Stack-based buffer overflow in BitchX 1.1 Final allows remote IRC ...)
	- ircii-pana <removed> (medium; bug #443544)
CVE-2007-4583 (Multiple absolute path traversal vulnerabilities in the ...)
	NOT-FOR-US: ACTi Network Video Recorder
CVE-2007-4582 (Buffer overflow in the nvUnifiedControl.AUnifiedControl.1 ActiveX ...)
	NOT-FOR-US: ACTi Network Video Recorder
CVE-2007-4581 (SQL injection vulnerability in acrotxt.php in WBB2-Addon: Acrotxt 1 ...)
	NOT-FOR-US: WBB2-Addon: Acrotxt 1
CVE-2007-4601 (A regression error in tcp-wrappers 7.6.dbs-10 and 7.6.dbs-11 might ...)
	- tcp-wrappers 7.6.dbs-12 (bug #405342; medium)
	[etch] - tcp-wrappers <not-affected> (Vulnerability was introduced in -10)
	[sarge] - tcp-wrappers <not-affected> (Vulnerability was introduced in -10)
CVE-2007-4580 (Buffer underflow in redlight.sys in BufferZone 2.1 and 2.5 allows ...)
	NOT-FOR-US: BufferZone (Windows)
CVE-2007-4579
	REJECTED
CVE-2007-4578 (Sophos Anti-Virus for Windows and for Unix/Linux before 2.48.0 allows ...)
	NOT-FOR-US: Sophos
CVE-2007-4577 (Sophos Anti-Virus for Unix/Linux before 2.48.0 allows remote attackers ...)
	NOT-FOR-US: Sophos
CVE-2007-4576
	REJECTED
CVE-2007-4575 (HSQLDB before 1.8.0.9, as used in OpenOffice.org (OOo) 2 before 2.3.1, ...)
	{DSA-1419-1}
	- openoffice.org 2.3.1~rc1-1 (medium; bug #454463)
	- hsqldb 1.8.0.9-1
CVE-2007-4574 (Unspecified vulnerability in the &quot;stack unwinder fixes&quot; in kernel in ...)
	- linux-2.6 <not-affected> (Redhat specific vulnerability)
	NOTE: I contacted the redhat security team about this, this was caused by an incomplete
	NOTE: backport for stack unwinder fixes in the linux kernel made by them.
	NOTE: redhat sent a reproducer to the vendor-sec list
CVE-2007-4573 (The IA32 system call emulation functionality in Linux kernel 2.4.x and ...)
	{DSA-1504-1 DSA-1381-2 DSA-1378-2 DSA-1378-1}
	- linux-2.6 2.6.22-5 (medium)
CVE-2007-4572 (Stack-based buffer overflow in nmbd in Samba 3.0.0 through 3.0.26a, ...)
	{DSA-1409-3 DSA-1409-2 DSA-1409-1}
	- samba 3.0.27-1 (high; bug #451385)
CVE-2007-4571 (The snd_mem_proc_read function in sound/core/memalloc.c in the ...)
	{DSA-1505-1 DSA-1479-1}
	- linux-2.6 2.6.22-5 (low; bug #444571)
	- alsa-driver 1.0.15-1
	NOTE: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=600
	NOTE: http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=ccec6e2c4a74adf76ed4e2478091a311b1806212
	NOTE: very easy to exploit locally
CVE-2007-4570 (Algorithmic complexity vulnerability in the MCS translation daemon in ...)
	NOT-FOR-US: MCS translation daemon
CVE-2007-4569 (backend/session.c in KDM in KDE 3.3.0 through 3.5.7, when autologin is ...)
	{DSA-1376-1 DTSA-60-1}
	- kdebase 4:3.5.7-4
	[sarge] - kdebase <not-affected> (problem not present in code)
	NOTE: http://www.kde.org/info/security/advisory-20070919-1.txt
CVE-2007-4568 (Integer overflow in the build_range function in X.Org X Font Server ...)
	{DSA-1385-1}
	- xfs 1:1.0.5-1
CVE-2007-4567 (Linux kernel 2.6.22 and earlier, and possibly other versions, does not ...)
	- linux-2.6 2.6.22-1
	[etch] - linux-2.6 <not-affected> (Introduced in 2.6.20)
CVE-2007-4566 (Multiple buffer overflows in the login mechanism in sidvault in Alpha ...)
	NOT-FOR-US: SIDVault
CVE-2007-4565 (sink.c in fetchmail before 6.3.9 allows context-dependent attackers to ...)
	{DSA-1377-2}
	- fetchmail 6.3.8-8 (bug #440006; low)
	[etch] - fetchmail <no-dsa> (Hardly a security problem)
	[sarge] - fetchmail <not-affected> (problem not present in source)
CVE-2007-4564 (Cosminexus Manager in Cosminexus Application Server 07-00 and later ...)
	NOT-FOR-US: Hitachi Cosminexus
CVE-2007-4563 (Cosminexus Manager in Cosminexus Application Server 06-50 and later ...)
	NOT-FOR-US: Hitachi Cosminexus
CVE-2007-4562 (Unspecified vulnerability in Hitachi DABroker before 03-02-/D and ...)
	NOT-FOR-US: Hitachi DABroker
CVE-2007-4561 (Heap-based buffer overflow in the RTSP service in Helix DNA Server ...)
	NOT-FOR-US: Helix DNA Server
CVE-2007-4560 (clamav-milter in ClamAV before 0.91.2, when run in black hole mode, ...)
	{DSA-1366-1}
	- clamav 0.91.2-1~volatile1 (high)
CVE-2007-4559 (Directory traversal vulnerability in the (1) extract and (2) ...)
	- python2.3 <removed> (unimportant)
	- python2.4 <unfixed> (unimportant; bug #440097)
	- python2.5 <unfixed> (unimportant; bug #440099)
	NOTE: According to upstream this is the intended behaviour for the module.
	NOTE: Since this is a library interface to embed Tar functionality into applications
	NOTE: it is in order to not provide the full security safety belts one might
	NOTE: expect from an enduser application like tar(1). Plus, addressing this would
	NOTE: mean to diverge from upstream permanently and could break the behaviour
	NOTE: of external apps. Anyone who wants to see this "fixed" should rather file
	NOTE: a PEP on an improved tar interface with additional security guarantees
	NOTE: provided by design.
CVE-2007-4558
	REJECTED
CVE-2007-4557 (Cross-site scripting (XSS) vulnerability in the webacc servlet in ...)
	NOT-FOR-US: Novell
CVE-2007-4556 (Struts support in OpenSymphony XWork before 1.2.3, and 2.x before ...)
	NOT-FOR-US: OpenSymphony XWork
CVE-2007-4555 (Cross-site scripting (XSS) vulnerability in Ipswitch WS_FTP allows ...)
	NOT-FOR-US: Ipswitch WS_FTP
CVE-2007-4554 (Cross-site scripting (XSS) vulnerability in tiki-remind_password.php ...)
	- tikiwiki <removed>
CVE-2007-4553 (The Thomson ST 2030 SIP phone with software 1.52.1 allows remote ...)
	NOT-FOR-US: Thomson ST 2030 SIP phone
CVE-2007-4552 (SQL injection vulnerability in index.php in Agares Media Arcadem 2.01 ...)
	NOT-FOR-US: Agares Media Arcadem
CVE-2007-4551 (PHP remote file inclusion vulnerability in index.php in Agares Media ...)
	NOT-FOR-US: Agares Media Arcadem
CVE-2007-4550 (Format string vulnerability in ALPass 2.7 English and 3.02 Korean ...)
	NOT-FOR-US: ALPass
CVE-2007-4549 (Multiple buffer overflows in ALPass 2.7 English and 3.02 Korean allow ...)
	NOT-FOR-US: ALPass
CVE-2007-4548 (The login method in LoginModule implementations in Apache Geronimo 2.0 ...)
	NOT-FOR-US: Apache Geronimo
CVE-2007-4547 (Unreal Commander 0.92 build 565 and 573 writes portions of heap memory ...)
	NOT-FOR-US: Unreal Commander
CVE-2007-4546 (Unreal Commander 0.92 build 565 and 573 lists the filenames from the ...)
	NOT-FOR-US: Unreal Commander
CVE-2007-4545 (Multiple directory traversal vulnerabilities in Unreal Commander 0.92 ...)
	NOT-FOR-US: Unreal Commander
CVE-2007-4544 (Cross-site scripting (XSS) vulnerability in wp-newblog.php in ...)
	NOT-FOR-US: WordPress multi-user (MU)
CVE-2007-4543 (Cross-site scripting (XSS) vulnerability in enter_bug.cgi in Bugzilla ...)
	- bugzilla 2.22.1-2.2 (low; bug #440106)
	[etch] - bugzilla <no-dsa> (Affected code only shipped in example, minor issue anyway)
	[sarge] - bugzilla <not-affected> (Vulnerable code not present)
CVE-2007-4542 (Multiple cross-site scripting (XSS) vulnerabilities in MapServer ...)
	{DSA-1539-1}
	- mapserver 4.10.3-1 (bug #439346)
CVE-2007-4541 (Multiple cross-site scripting (XSS) vulnerabilities in Olate Download ...)
	NOT-FOR-US: Olate Download
CVE-2007-4540 (Multiple SQL injection vulnerabilities in download.php in Olate ...)
	NOT-FOR-US: Olate Download
CVE-2007-4539 (The WebService (XML-RPC) interface in Bugzilla 2.23.3 through 3.0.0 ...)
	- bugzilla <not-affected> (Affected versions were never present in the archive)
CVE-2007-4538 (email_in.pl in Bugzilla 2.23.4 through 3.0.0 allows remote attackers ...)
	- bugzilla <not-affected> (Affected versions were never present in the archive)
CVE-2007-4537 (Heap-based buffer overflow in the Huffman decompression algorithm ...)
	NOT-FOR-US: Skulltag
CVE-2007-4536 (TorrentTrader 1.07 and earlier sets insecure permissions for files in ...)
	NOT-FOR-US: TorrentTrader
CVE-2007-4535 (The VStr::Resize function in str.cpp in Vavoom 1.24 and earlier allows ...)
	NOT-FOR-US: Vavoom
CVE-2007-4534 (Buffer overflow in the VThinker::BroadcastPrintf function in ...)
	NOT-FOR-US: Vavoom
CVE-2007-4533 (Format string vulnerability in the Say command in sv_main.cpp in ...)
	NOT-FOR-US: Vavoom
CVE-2007-4532 (Soldat game server 1.4.2 and earlier, and dedicated server 2.6.2 and ...)
	NOT-FOR-US: Soldat game server
CVE-2007-4531 (Soldat game server 1.4.2 and earlier, and dedicated server 2.6.2 and ...)
	NOT-FOR-US: Soldat game server
CVE-2007-4530 (Multiple cross-site scripting (XSS) vulnerabilities in TeamSpeak ...)
	- teamspeak-server 2.0.23.19-1
CVE-2007-4529 (The WebAdmin interface in TeamSpeak Server 2.0.20.1 allows remote ...)
	- teamspeak-server 2.0.23.19-1
CVE-2007-4528 (The Foreign Function Interface (ffi) extension in PHP 5.0.5 does not ...)
	NOT-FOR-US: ffi extension for php
CVE-2007-4527 (Unrestricted file upload vulnerability in phUploader.php in phphq.Net ...)
	NOT-FOR-US: phUploader
CVE-2007-4526 (The Client Login Extension (CLE) in Novell Identity Manager before ...)
	NOT-FOR-US: Novell Identity Manager
CVE-2007-4525 (** DISPUTED ** ...)
	NOT-FOR-US: SPIP (was in unstable some time, but not in any supported release)
CVE-2007-4524 (PHP remote file inclusion vulnerability in adisplay.php in PhPress ...)
	NOT-FOR-US: PhPress
CVE-2007-4523 (Multiple cross-site scripting (XSS) vulnerabilities in Ripe Website ...)
	NOT-FOR-US: Ripe Website Manager
CVE-2007-4522 (Multiple SQL injection vulnerabilities in Ripe Website Manager 0.8.9 ...)
	NOT-FOR-US: Ripe Website Manager
CVE-2007-4521 (Asterisk Open Source 1.4.5 through 1.4.11, when configured to use an ...)
	- asterisk <not-affected> (The voicemail backend is not enabled in Debian)
	[sarge] - asterisk <not-affected> (Only Asterisk 1.4.x is affected)
	[etch] - asterisk <not-affected> (Only Asterisk 1.4.x is affected)
	NOTE: Patch: http://lists.digium.com/pipermail/asterisk-commits/2007-August/015743.html
	NOTE: the backend will be enabled in future uploads with a fixed package.
CVE-2007-4520
	RESERVED
CVE-2007-4519
	RESERVED
CVE-2007-4518
	RESERVED
CVE-2007-4517 (Buffer overflow in the XDB.XDB_PITRIG_PKG.PITRIG_DROPMETADATA ...)
	NOT-FOR-US: Oracle
CVE-2007-4516 (The Volume Manager Scheduler Service (aka VxSchedService.exe) in ...)
	NOT-FOR-US: Volume Manager Scheduler Service
CVE-2007-4515 (Buffer overflow in a certain ActiveX control in YVerInfo.dll before ...)
	NOT-FOR-US: Yahoo! Messenger
CVE-2007-4514
	RESERVED
CVE-2007-4513 (Multiple stack-based buffer overflows in IBM AIX 5.2 and 5.3 allow ...)
	NOT-FOR-US: IBM AIX
CVE-2007-4512 (Cross-site scripting (XSS) vulnerability in Sophos Anti-Virus for ...)
	NOT-FOR-US: Sophos Anti-Virus for Windows
CVE-2007-4511 (The Sun Admin Console in Sun Application Server 9.0_0.1 does not apply ...)
	NOT-FOR-US: Sun Application Server
CVE-2007-4510 (ClamAV before 0.91.2, as used in Kolab Server 2.0 through 2.2beta1 and ...)
	{DSA-1366-1}
	- clamav 0.91.2-1~volatile1
	[sarge] - clamav <not-affected> (Vulnerable code not present)
CVE-2007-4509 (SQL injection vulnerability in index.php in the EventList component ...)
	NOT-FOR-US: EventList component for Joomla!
CVE-2007-4508 (Stack-based buffer overflow in Rebellion Asura engine, as used for the ...)
	NOT-FOR-US: Rebellion Asura engine
CVE-2007-4507 (Multiple buffer overflows in the php_ntuser component for PHP 5.2.3 ...)
	NOT-FOR-US: External PHP component only relevant for Windows
CVE-2007-4506 (SQL injection vulnerability in index.php in the NeoRecruit component ...)
	NOT-FOR-US: NeoRecruit component for Joomla!
CVE-2007-4505 (SQL injection vulnerability in index.php in the RemoSitory component ...)
	NOT-FOR-US: RemoSitory component for Mambo
CVE-2007-4504 (Directory traversal vulnerability in index.php in the RSfiles ...)
	NOT-FOR-US: RSfiles component for Joomla!
CVE-2007-4503 (SQL injection vulnerability in index.php in the Nice Talk component ...)
	NOT-FOR-US: Nice Talk component for Joomla!
CVE-2007-4502 (SQL injection vulnerability in index.php in the BibTeX component ...)
	NOT-FOR-US: BibTeX component for Joomla!
CVE-2007-4501 (Unspecified vulnerability in PassphraseRequester in SSHKeychain before ...)
	NOT-FOR-US: SSHKeychain
CVE-2007-4500 (Unspecified vulnerability in TunnelRunner in SSHKeychain before 0.8.2 ...)
	NOT-FOR-US: SSHKeychain
CVE-2007-4499 (Unrestricted file upload vulnerability in output.php in American ...)
	NOT-FOR-US: American Financing eMail Image Upload
CVE-2007-4498 (The Grandstream SIP Phone GXV-3000 with firmware 1.0.1.7, Loader ...)
	NOT-FOR-US: Grandstream SIP Phone
CVE-2007-4497 (Unspecified vulnerability in EMC VMware Workstation before 5.5.5 Build ...)
	- vmware-package 0.16
CVE-2007-4496 (Unspecified vulnerability in EMC VMware Workstation before 5.5.5 Build ...)
	- vmware-package 0.16
CVE-2007-4495 (Unspecified vulnerability in the ata disk driver in Sun Solaris 10 on ...)
	NOT-FOR-US: Solaris
CVE-2007-4494 (The tipafriend function in eZ publish before 3.8.9, and 3.9 before ...)
	- ezpublish <removed>
CVE-2007-4493 (eZ publish before 3.8.9, and 3.9 before 3.9.3, does not properly check ...)
	- ezpublish <removed>
CVE-2007-4492 (Multiple unspecified vulnerabilities in the ata disk driver in Sun ...)
	NOT-FOR-US: Solaris
CVE-2007-4491 (SQL injection vulnerability in uyeler2.php in Gurur haber 2.0 allows ...)
	NOT-FOR-US: Gurur haber
CVE-2007-4490 (Multiple buffer overflows in EarthAgent.exe in Trend Micro ...)
	NOT-FOR-US: Trend Micro
CVE-2007-4489 (Buffer overflow in the IUAComFormX ActiveX control in uacomx.ocx 2.0.1 ...)
	NOT-FOR-US: eCentrex VOIP
CVE-2007-4488 (Multiple cross-site scripting (XSS) vulnerabilities in the Siemens ...)
	NOT-FOR-US: Siemens GigaSet firmware
CVE-2007-4487 (Cross-site scripting (XSS) vulnerability in D22-Shoutbox for Invision ...)
	NOT-FOR-US: Invision Power Board
CVE-2007-4486 (Multiple PHP remote file inclusion vulnerabilities in index.php in ...)
	NOT-FOR-US: Linkliste
CVE-2007-4485 (PHP remote file inclusion vulnerability in visitor.php in Butterfly ...)
	NOT-FOR-US: Butterfly online visitors counter
CVE-2007-4484 (PHP remote file inclusion vulnerability in login.php in My_REFERER ...)
	NOT-FOR-US: My_REFERER
CVE-2007-4483 (Cross-site scripting (XSS) vulnerability in index.php in the WordPress ...)
	- wordpress 2.1.3-1 (medium)
CVE-2007-4482 (Cross-site scripting (XSS) vulnerability in index.php in the Pool ...)
	NOT-FOR-US: Pool 1.0.7 theme for WordPress
CVE-2007-4481 (Cross-site scripting (XSS) vulnerability in index.php in the (1) Blix ...)
	NOT-FOR-US: Rus themes for WordPress
CVE-2007-4480 (Cross-site scripting (XSS) vulnerability in index.php in the Sirius ...)
	NOT-FOR-US: Sirius 1.0 theme for WordPress
CVE-2007-4479 (Cross-site scripting (XSS) vulnerability in search.html in Search ...)
	NOT-FOR-US: Search Engine Builder
CVE-2007-4478 (Cross-site scripting (XSS) vulnerability in Microsoft Internet ...)
	NOT-FOR-US: Internet Explorer
CVE-2007-4477 (The administration interface in the Planet VC-200M VDSL2 router allows ...)
	NOT-FOR-US: Planet VC-200M VDSL2 router
CVE-2007-4476 (Buffer overflow in the safer_name_suffix function in GNU tar has ...)
	{DSA-1566-1 DSA-1438-1}
	- tar 1.18-1 (low; bug #441444)
	- cpio 2.9-5 (low; bug #449222)
CVE-2007-4475
	RESERVED
CVE-2007-4474 (Multiple stack-based buffer overflows in the IBM Lotus Domino Web ...)
	NOT-FOR-US: IBM Lotus Domino Web Access
CVE-2007-4473 (Gesytec Easylon OPC Server before 2.3.44 does not properly validate ...)
	NOT-FOR-US: Gesytec Easylon OPC Server
CVE-2007-4472 (Multiple buffer overflows in the Broderbund Expressit 3DGreetings ...)
	NOT-FOR-US: Broderbund Expressit
CVE-2007-4471 (Multiple unspecified vulnerabilities in the Intuit QuickBooks Online ...)
	NOT-FOR-US: QuickBooks
CVE-2007-4470 (Multiple stack-based buffer overflows in the Earth Resource Mapping ...)
	NOT-FOR-US: Earth Resource Mapping NCSView
CVE-2007-4469
	RESERVED
CVE-2007-4468
	RESERVED
CVE-2007-4467 (Multiple stack-based buffer overflows in the Oracle JInitiator ActiveX ...)
	NOT-FOR-US: Oracle
CVE-2007-4466 (Multiple stack-based buffer overflows in Electronic Arts (EA) ...)
	NOT-FOR-US: Electronic Arts (EA) SnoopyCtrl ActiveX
CVE-2006-7222 (Buffer overflow in the CFLICStream::_deltachunk function in ...)
	NOT-FOR-US: Media Player Classic
CVE-2003-1335 (Directory traversal vulnerability in Kai Blankenhorn Bitfolge simple ...)
	NOT-FOR-US: snif
CVE-2003-1334 (Cross-site scripting (XSS) vulnerability in Kai Blankenhorn Bitfolge ...)
	NOT-FOR-US: snif
CVE-2007-4465 (Cross-site scripting (XSS) vulnerability in mod_autoindex.c in the ...)
	- apache <removed> (low)
	- apache2 2.2.6-1 (bug #453783)
	[sarge] - apache <no-dsa> (browser issue, low impact)
	[sarge] - apache2 <no-dsa> (browser issue, low impact)
	[etch] - apache <no-dsa> (browser issue, low impact)
	[etch] - apache2 2.2.3-4+etch4
	NOTE: This is really a browser bug, see CVE-2006-5152. But still unfixed in MSIE.
	NOTE: Etch's default configuration not vulnerable due to AddDefaultCharset,
	NOTE: but many users change this.
	NOTE: The apache2 fix is actually a workaround. It will not be applied to apache 1.3.
	[etch] - apache2 2.2.3-4+etch4
CVE-2007-4464 (CRLF injection vulnerability in the Fileinfo 2.0.9 plugin for Total ...)
	NOT-FOR-US: Total Commander
CVE-2007-4463 (The Fileinfo 2.0.9 plugin for Total Commander allows user-assisted ...)
	NOT-FOR-US: Total Commander
CVE-2007-4462 (lib/Locale/Po4a/Po.pm in po4a before 0.32 allows local users to ...)
	- po4a 0.31-1 (bug #439226)
	[etch] - po4a 0.29-1etch1
	[sarge] - po4a 0.20-2sarge1
CVE-2007-4461 (NuFW 2.2.3, and certain other versions after 2.0, allows remote ...)
	- nufw 2.2.4-1 (bug #439227)
	[etch] - nufw <not-affected>
CVE-2007-4460 (The RenderV2ToFile function in tag_file.cpp in id3lib (aka libid3) ...)
	{DSA-1365-3 DSA-1365-2 DSA-1365-1}
	- id3lib3.8.3 3.8.3-7 (low; bug #438540)
CVE-2007-4459 (Cisco IP Phone 7940 and 7960 with P0S3-08-6-00 firmware, and other SIP ...)
	NOT-FOR-US: Cisco IP Phone
CVE-2007-4458 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: Firesoft
CVE-2007-4457 (Directory traversal vulnerability in forumreply.php in Dalai Forum 1.1 ...)
	NOT-FOR-US: Dalai Forum
CVE-2007-4456 (SQL injection vulnerability in index.php in the SimpleFAQ ...)
	NOT-FOR-US: mambo
	NOTE: mambo is in experimental though
CVE-2007-4455 (The SIP channel driver (chan_sip) in Asterisk Open Source 1.4.x before ...)
	- asterisk 1:1.4.11~dfsg-1
	[sarge] - asterisk <not-affected> (not affected according to advisory)
	[etch] - asterisk <not-affected> (not affected according to advisory)
CVE-2007-4454 (Eval injection vulnerability in environment.php in Olate Download (od) ...)
	NOT-FOR-US: Olate Download
CVE-2007-4453 (** DISPUTED ** ...)
	NOT-FOR-US: vBulletin
CVE-2007-4452 (The client in Toribash 2.71 and earlier allows remote attackers to ...)
	NOT-FOR-US: Toribash
CVE-2007-4451 (The server in Toribash 2.71 and earlier on Windows allows remote ...)
	NOT-FOR-US: Toribash
CVE-2007-4450 (The server in Toribash 2.71 and earlier does not properly handle long ...)
	NOT-FOR-US: Toribash
CVE-2007-4449 (The client in Toribash 2.71 and earlier allows remote attackers to ...)
	NOT-FOR-US: Toribash
CVE-2007-4448 (The server in Toribash 2.71 and earlier does not properly handle ...)
	NOT-FOR-US: Toribash
CVE-2007-4447 (Multiple buffer overflows in the client in Toribash 2.71 and earlier ...)
	NOT-FOR-US: Toribash
CVE-2007-4446 (Format string vulnerability in the server in Toribash 2.71 and earlier ...)
	NOT-FOR-US: Toribash
CVE-2007-4445 (Image Space rFactor 1.250 and earlier allows remote attackers to cause ...)
	NOT-FOR-US: Image space rfactor
CVE-2007-4444 (Multiple buffer overflows in Image Space rFactor 1.250 and earlier ...)
	NOT-FOR-US: Image space rfactor
CVE-2007-4443 (The UCC dedicated server for the Unreal engine, possibly 2003 and ...)
	NOT-FOR-US: Unreal on Windows
CVE-2007-4442 (Stack-based buffer overflow in the logging function in the Unreal ...)
	NOT-FOR-US: Unreal on Windows
CVE-2007-4441 (Buffer overflow in php_win32std.dll in the win32std extension for PHP ...)
	- php5 <not-affected> (Windows-specific)
CVE-2007-4440 (Stack-based buffer overflow in the MercuryS SMTP server in Mercury ...)
	NOT-FOR-US: Mercury mail system
CVE-2007-4439 (PHP remote file inclusion vulnerability in popup_window.php in ...)
	NOT-FOR-US: Squirrelcart
CVE-2007-4438 (Session fixation vulnerability in Ampache before 3.3.3.5 allows remote ...)
	- ampache 3.3.3.5-dfsg-1 (bug #407337)
CVE-2007-4437 (SQL injection vulnerability in albums.php in Ampache before 3.3.3.5 ...)
	- ampache 3.3.3.5-dfsg-1 (bug #407337)
CVE-2007-4436 (The Drupal Project module before 5.x-1.0, 4.7.x-2.3, and 4.7.x-1.3 and ...)
	- drupal <not-affected> (External addon, see bug #439379)
CVE-2007-4435 (Multiple SQL injection vulnerabilities in TorrentTrader before 1.07 ...)
	NOT-FOR-US: TorrentTrader
CVE-2007-4434 (Cross-site scripting (XSS) vulnerability in textfilesearch.asp in the ...)
	NOT-FOR-US: Text File Search ASP
CVE-2007-4433 (Cross-site scripting (XSS) vulnerability in textfilesearch.aspx in the ...)
	NOT-FOR-US: Text File Search ASP
CVE-2007-4432 (Untrusted search path vulnerability in the wrapper scripts for the (1) ...)
	NOT-FOR-US: SUSE
CVE-2007-4431 (Cross-domain vulnerability in Apple Safari for Windows 3.0.3 and ...)
	NOT-FOR-US: Safari/windows
CVE-2007-4430 (Unspecified vulnerability in Cisco IOS 12.0 through 12.4 allows ...)
	NOT-FOR-US: Cisco IOS
CVE-2007-4429 (Unspecified vulnerability in Skype allows remote attackers to cause a ...)
	NOT-FOR-US: Skype
CVE-2007-4428 (Lhaz 1.33 allows remote attackers to execute arbitrary code via ...)
	NOT-FOR-US: lhaz
CVE-2007-4427 (Unspecified vulnerability in the login page redirection logic in the ...)
	NOT-FOR-US: InterSystems Cache
CVE-2007-4426 (Live for Speed (LFS) S1 and S2 allows remote attackers to cause a ...)
	NOT-FOR-US: Live for Speed
CVE-2007-4425 (Multiple buffer overflows in Live for Speed (LFS) demo, S1, and S2 ...)
	NOT-FOR-US: Live for Speed
CVE-2007-4424 (Apple Safari for Windows 3.0.3 and earlier does not prompt the user ...)
	NOT-FOR-US: Safari
CVE-2007-4423 (Stack-based buffer overflow in the AUTH_LIST_GROUPS_FOR_AUTHID ...)
	NOT-FOR-US: IBM DB2
CVE-2007-4422 (The login interface in Symantec Enterprise Firewall 6.x, when a VPN ...)
	NOT-FOR-US: Symantec Enterprise Firewall
CVE-2007-4421 (SQL injection vulnerability in Admin.php in Olate Download (od) 3.4.1 ...)
	NOT-FOR-US: Olate Download
CVE-2007-4420 (Absolute path traversal vulnerability in a certain ActiveX control in ...)
	NOT-FOR-US: EDraw Office Viewer Component
CVE-2007-4419 (Admin.php in Olate Download (od) 3.4.1 uses an MD5 hash of the admin ...)
	NOT-FOR-US: Olate Download
CVE-2007-4418 (IBM DB2 UDB 8 before Fixpak 15 does not properly check authorization, ...)
	NOT-FOR-US: IBM DB2
CVE-2007-4417 (IBM DB2 UDB 8 before Fixpak 15 and 9.1 before Fixpak 3 does not ...)
	NOT-FOR-US: IBM DB2
CVE-2007-4416 (** DISPUTED ** ...)
	NOT-FOR-US: BellaBook
CVE-2007-4415 (Cisco VPN Client on Windows before 5.0.01.0600, and the 5.0.01.0600 ...)
	NOT-FOR-US: Cisco VPN client/windows
CVE-2007-4414 (Cisco VPN Client on Windows before 4.8.02.0010 allows local users to ...)
	NOT-FOR-US: Cisco VPN client/windows
CVE-2007-4413 (Direct static code injection vulnerability in admincp/user_help.php in ...)
	NOT-FOR-US: Headstart Solutions DeskPRO 3.0.2
CVE-2007-4412 (Multiple cross-site scripting (XSS) vulnerabilities in Headstart ...)
	NOT-FOR-US: Deskpro
CVE-2007-4411 (ircu 2.10.12.05 and earlier allows remote attackers to discover the ...)
	- ircd-ircu 2.10.12.10.dfsg1-1 (low; bug #439314)
	[etch] - ircd-ircu <no-dsa> (Minor issue)
CVE-2007-4410 (ircu 2.10.12.05 and earlier does not properly synchronize a kick ...)
	- ircd-ircu 2.10.12.10.dfsg1-1 (low; bug #439314)
	[etch] - ircd-ircu <no-dsa> (Minor issue)
CVE-2007-4409 (Race condition in ircu 2.10.12.01 through 2.10.12.05 allows remote ...)
	- ircd-ircu <not-affected> (Version affected not yet in unstable, maintainer informed)
CVE-2007-4408 (ircu 2.10.12.05 and earlier ignores timestamps in bounces, which ...)
	- ircd-ircu 2.10.12.10.dfsg1-1 (low; bug #439314)
	[etch] - ircd-ircu <no-dsa> (Minor issue)
CVE-2007-4407 (ircu 2.10.12.03 and 2.10.12.04 does not associate a timestamp with ops ...)
	- ircd-ircu <not-affected> (Version affected not yet in unstable, maintainer informed)
CVE-2007-4406 (ircu 2.10.12.01 through 2.10.12.04 does not remove ops privilege after ...)
	- ircd-ircu <not-affected> (Version affected not yet in unstable, maintainer informed)
CVE-2007-4405 (ircu 2.10.12.02 through 2.10.12.04 allows remote attackers to cause a ...)
	- ircd-ircu <not-affected> (Version affected not yet in unstable, maintainer informed)
CVE-2007-4404 (ircu 2.10.12.01 allows remote attackers to (1) cause a denial of ...)
	- ircd-ircu <not-affected> (Version affected not yet in unstable, maintainer informed)
CVE-2007-4403 (The mIRC Control Plug-in for Winamp allows user-assisted remote ...)
	NOT-FOR-US: mirc/winamp
CVE-2007-4402 (Multiple unspecified scripts in mIRC allow user-assisted remote ...)
	NOT-FOR-US: mirc
CVE-2007-4401 (Multiple CRLF injection vulnerabilities in the Advanced mIRC ...)
	NOT-FOR-US: mirc
CVE-2007-4400 (CRLF injection vulnerability in the included media script in ...)
	- konversation 1.0.1-4 (low; bug #439837)
	[etch] - konversation <no-dsa> (minor issue)
	[sarge] - konversation <no-dsa> (minor issue)
CVE-2007-4399 (CRLF injection vulnerability in the xmms.bx 1.0 script for BitchX ...)
	NOT-FOR-US: xmms.bx 1.0 script for BitchX (not included in Debian package)
CVE-2007-4398 (Multiple CRLF injection vulnerabilities in the (1) now-playing.rb and ...)
	- irssi-scripts 20070925 (low; bug #439840)
	- weechat-scripts 20070425-0.1 (low; bug #439839)
	[etch] - irssi-scripts <no-dsa> (minor issue)
	[etch] - weechat-scripts <no-dsa> (minor issue)
	[sarge] - irssi-scripts <no-dsa> (minor issue)
CVE-2007-4397 (Multiple CRLF injection vulnerabilities in (1) xmms-thing 1.0, (2) ...)
	NOT-FOR-US: various IRC now_playing scripts
CVE-2007-4396 (Multiple CRLF injection vulnerabilities in (1) ixmmsa.pl 0.3, (2) ...)
	- irssi-scripts 20070925 (low; bug #439840)
	[etch] - irssi-scripts <no-dsa> (minor issue)
	[sarge] - irssi-scripts <no-dsa> (minor issue)
	NOTE: weechat-scripts does not include the mentioned scripts
CVE-2007-4395 (Multiple unspecified vulnerabilities in the Role Based Access Control ...)
	NOT-FOR-US: Sun Solaris 8
CVE-2007-4394 (Unspecified vulnerability in a &quot;core clean&quot; cron job created by the ...)
	NOT-FOR-US: findutils-locate on SUSE Linux
CVE-2007-4393 (The installation script for orarun on SUSE Linux before 20070810 ...)
	NOT-FOR-US: oracle
CVE-2007-4392 (Winamp 5.35 allows remote attackers to cause a denial of service ...)
	NOT-FOR-US: winamp
CVE-2007-4391 (Heap-based buffer overflow in Kakadu kdu_v32m.dll in Yahoo! Messenger ...)
	NOT-FOR-US: kakadu
CVE-2007-4390 (The Command Line Interface (CLI), aka Adonis Administration Console, ...)
	NOT-FOR-US: BlueCat
CVE-2007-4389 (Cross-site request forgery (CSRF) vulnerability in /xslt in 2wire ...)
	NOT-FOR-US: 2wire
CVE-2007-4388 (2wire 1701HG and 2071 Gateway routers, with 5.29.51 and possibly ...)
	NOT-FOR-US: 2wire
CVE-2007-4387 (Cross-site request forgery (CSRF) vulnerability in /xslt in 2wire ...)
	NOT-FOR-US: 2wire
CVE-2007-4386 (SQL injection vulnerability in search.php in GetMyOwnArcade allows ...)
	NOT-FOR-US: GetMyOwnArcade
CVE-2007-4385 (OWASP Stinger before 2.5 allows remote attackers to bypass input ...)
	NOT-FOR-US: Stinger
CVE-2007-4384 (Multiple PHP remote file inclusion vulnerabilities in depouilg.php3 in ...)
	NOT-FOR-US: Stephane Pineau VOTE
CVE-2007-4383 (** DISPUTED ** ...)
	NOT-FOR-US: Trackeur
CVE-2007-4382 (CounterPath X-Lite 3.0 34025, and possibly eyeBeam, allows remote ...)
	NOT-FOR-US: CounterPath X-Lite
CVE-2007-4381 (Unspecified vulnerability in the font parsing implementation in Sun ...)
	- sun-java5 1.5.0-10-1
CVE-2007-4380 (Aclient in Symantec Altiris Deployment Solution 6 before 6.8 SP2 ...)
	NOT-FOR-US: Altiris Deployment Solution
CVE-2007-4379 (Babo Violent 2 2.08.00 and earlier allows remote attackers to cause a ...)
	NOT-FOR-US: Babo Violent
CVE-2007-4378 (Multiple format string vulnerabilities in Babo Violent 2 2.08.00 and ...)
	NOT-FOR-US: Babo Violent
CVE-2007-4377 (Stack-based buffer overflow in the IMAP service in SurgeMail 38k ...)
	NOT-FOR-US: SurgeMail
CVE-2007-4376 (Unrestricted file upload vulnerability in banner-upload.php in Szymon ...)
	NOT-FOR-US: Szymon Kosok Best Top List
CVE-2007-4375 (The administrative interface (aka DkService.exe) in Diskeeper 9 ...)
	NOT-FOR-US: Diskeeper
CVE-2007-4374 (Babo Violent 2 2.08.00 does not validate the sender field of a chat ...)
	NOT-FOR-US: Babo Violent
CVE-2007-4373 (The server in Babo Violent 2 2.08.00 and earlier does not properly ...)
	NOT-FOR-US: Babo Violent
CVE-2007-4372 (Unspecified vulnerability in NetWin SurgeMail 38k on Windows Server ...)
	NOT-FOR-US: SurgeMail
CVE-2004-2684 (Unspecified vulnerability in the %template package in InterSystems ...)
	NOT-FOR-US: InterSystems Cache
CVE-2004-2683 (Unspecified vulnerability in the %XML.Utils.SchemaServer class in ...)
	NOT-FOR-US: InterSystems Cache
CVE-2003-1333 (Unspecified vulnerability in the Cache' Server Page (CSP) ...)
	NOT-FOR-US: InterSystems Cache
CVE-2007-XXXX [clamav htmlnorm DoS]
	- clamav <not-affected> (Only exploitable if CL_EXPERIMENTAL is set)
CVE-2007-XXXX [clamav floating point exception in OLE2 scanner DoS]
	- clamav 0.91.2-1~volatile1
	[etch] - clamav <not-affected> (Vulnerable code not present)
	[sarge] - clamav <not-affected> (Vulnerable code not present)
CVE-2007-XXXX [pam usb wrongly allows authentication without password in ssh sessions]
	- libpam-usb 0.4.1-1 (medium)
	NOTE: see http://sourceforge.net/mailarchive/forum.php?thread_name=7D75703BC8E1C149BF78A1E79AAAB169B8A2E4%40svits28.main.ad.rit.edu&forum_name=pamusb-devel
CVE-2007-XXXX [lwat sometimes logs passwords in access.log]
	- lwat 0.15-2 (low)
CVE-2007-4371 (Unrestricted file upload vulnerability in admin/pages/blog-add.php in ...)
	NOT-FOR-US: Neuron Blog
CVE-2007-4370 (Multiple buffer overflows in the (1) client and (2) server in Racer ...)
	NOT-FOR-US: Racer
CVE-2007-4369 (Directory traversal vulnerability in go/_files in SOTEeSKLEP before ...)
	NOT-FOR-US: SOTEeSKLEP
CVE-2007-4368 (SQL injection vulnerability in /main in IBM Rational ClearQuest (CQ) ...)
	NOT-FOR-US: IBM Rational ClearQuest (CQ)
CVE-2007-4367 (Opera before 9.23 allows remote attackers to execute arbitrary code ...)
	NOT-FOR-US: Opera
CVE-2007-4366 (WengoPhone 2.1 allows remote attackers to cause a denial of service ...)
	- wengophone 2.1.1.dfsg0-3 (bug #438419)
CVE-2007-4365 (Cross-site scripting (XSS) vulnerability in eXV2 CMS 2.0.5 and earlier ...)
	NOT-FOR-US: eXV2 CMS
CVE-2007-4364 (Fedora Commons before 2.2.1 does not properly handle certain ...)
	NOT-FOR-US: Fedora Commons
CVE-2007-4363 (Multiple cross-site scripting (XSS) vulnerabilities in the ...)
	NOT-FOR-US: Drupal Content Construction Kit (CCK)
CVE-2007-4362 (SQL injection vulnerability in category.php in Prozilla Webring allows ...)
	NOT-FOR-US: Prozilla Webring
CVE-2007-4361 (NETGEAR (formerly Infrant) ReadyNAS RAIDiator before 4.00b2-p2-T1 beta ...)
	NOT-FOR-US: ReadyNAS RAIDiator
CVE-2007-4360 (Unspecified vulnerability in Dell Remote Access Card 4 (DRAC4) with ...)
	NOT-FOR-US: Dell
CVE-2007-4359 (Multiple SQL injection vulnerabilities in SkilMatch Staffing Systems ...)
	NOT-FOR-US: JobLister3
CVE-2007-4358 (Zoidcom 0.6.7 and earlier allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Zoidcom
CVE-2007-4357 (Mozilla Firefox 2.0.0.6 and earlier allows remote attackers to spoof ...)
	- mozilla-firefox <removed> (unimportant)
	- mozilla <removed> (unimportant)
	- iceweasel <unfixed> (unimportant)
	- iceape <unfixed> (unimportant)
CVE-2007-4356 (Microsoft Internet Explorer 6 and 7 embeds FTP credentials in HTML ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2007-4355 (Buffer overflow in the at program on IBM AIX 5.3 allows local users to ...)
	NOT-FOR-US: AIX
CVE-2007-4354 (Buffer overflow in fileplace in bos.perf.tools in IBM AIX 5.2 and 5.3 ...)
	NOT-FOR-US: AIX
CVE-2007-4353 (Multiple buffer overflows in IBM AIX 5.2 and 5.3 allow local users in ...)
	NOT-FOR-US: AIX
CVE-2007-4352 (Array index error in the DCTStream::readProgressiveDataUnit method in ...)
	{DSA-1537-1 DSA-1509-1 DSA-1480-1 DTSA-85-1 DTSA-86-1}
	- poppler 0.6.2-1 (medium; bug #450628)
	- kdegraphics 4:3.5.8-2 (medium; bug #450630)
	[etch] - kdegraphics <not-affected> (Vulnerable code not used)
	- xpdf 3.02-1.3 (medium; bug #450629)
	- koffice 1:1.6.3-4 (medium; bug #450631)
	- libextractor 0.5.9-1
	- cupsys 1.1.22-7
	- cups 1.1.22-7
	- gpdf <removed>
	- pdftohtml <removed>
	[etch] - pdftohtml 0.36-13etch1
	- tetex-bin 3.0-12
	NOTE: pdftex links to poppler since 3.0-12, thus marking as fixed
	- cups <not-affected> (we use xpdf-utils in sarge and poppler-utils since etch to not embedd this code)
	- cupsys <not-affected> (we use xpdf-utils in sarge and poppler-utils since etch to not embedd this code)
	NOTE: cups uses xpdf-utils and poppler-utils
	- libextractor 0.5.12-1
	NOTE: libextractor uses internal pdf decoder since 0.5.12-1, thus marking as fixed
CVE-2007-4351 (Off-by-one error in the ippReadIO function in cups/ipp.c in CUPS 1.3.3 ...)
	{DSA-1407-1 DTSA-81-1}
	- cupsys 1.3.4-1 (medium; bug #448866)
	- cups 1.3.4-1 (medium; bug #448866)
	[sarge] - cupsys <not-affected> (Only vulnerable to code injection since 1.2.x, effects are harmless otherwise)
CVE-2007-4350 (Cross-site scripting (XSS) vulnerability in the management interface ...)
	NOT-FOR-US: HP SiteScope
CVE-2007-4349 (The Shared Trace Service (aka OVTrace) in HP Performance Agent C.04.70 ...)
	NOT-FOR-US: HP OpenView Report
CVE-2007-4348 (Cross-site scripting (XSS) vulnerability in the CAD service in IBM ...)
	NOT-FOR-US: IBM Tivoli Storage Manager
CVE-2007-4347 (Multiple integer overflows in the Job Engine (bengine.exe) service in ...)
	NOT-FOR-US: Job Engine
CVE-2007-4346 (The Job Engine (bengine.exe) service in Symantec Backup Exec for ...)
	NOT-FOR-US: Job Engine
CVE-2007-4345 (Buffer overflow in IMail Client 9.22, as shipped with IPSwitch IMail ...)
	NOT-FOR-US: IMail Client
CVE-2007-4344 (Multiple input validation errors in ACD ACDSee Photo Manager 9.0 build ...)
	NOT-FOR-US: ACDSee
CVE-2007-4343 (Stack-based buffer overflow in IrfanView 3.99 and 4.00 allows ...)
	NOT-FOR-US: IrfanView
CVE-2007-4342 (PHP remote file inclusion vulnerability in include.php in PHPCentral ...)
	NOT-FOR-US: PHPCentral
CVE-2007-4341 (PHP remote file inclusion vulnerability in adm/my_statistics.php in ...)
	NOT-FOR-US: Omnistar Lib2 PHP
CVE-2007-4340 (PHP remote file inclusion vulnerability in index.php in phpDVD 1.0.4 ...)
	NOT-FOR-US: phpDVD
CVE-2007-4339 (Multiple PHP remote file inclusion vulnerabilities in PHPCentral Poll ...)
	NOT-FOR-US: PHPCentral Poll Script
CVE-2007-4338 (index.php in Ryan Haudenschilt Family Connections (FCMS) before 0.9 ...)
	NOT-FOR-US: Family Connections
CVE-2007-4337 (Multiple buffer overflows in the httplib_parse_sc_header function in ...)
	{DSA-1683-1}
	- streamripper 1.62.2-1 (low)
	[etch] - streamripper <no-dsa> (Minor issue)
CVE-2007-4336 (Buffer overflow in the Live Picture Corporation ...)
	NOT-FOR-US: Microsoft
CVE-2007-4335 (Format string vulnerability in the SMTP server component in Qbik ...)
	NOT-FOR-US: Qbik WinGate
CVE-2007-4334 (Cross-site scripting (XSS) vulnerability in whois.php in Php-stats ...)
	NOT-FOR-US: Php-stats
CVE-2007-4333 (Multiple cross-site scripting (XSS) vulnerabilities in signup.php in ...)
	NOT-FOR-US: Article Dashboard
CVE-2007-4332 (SQL injection vulnerability in article.php in Article Dashboard, when ...)
	NOT-FOR-US: Article Dashboard
CVE-2007-4331 (PHP remote file inclusion vulnerability in index.php in FindNix allows ...)
	NOT-FOR-US: FindNix
CVE-2007-4330 (PHP remote file inclusion vulnerability in shoutbox.php in Shoutbox ...)
	NOT-FOR-US: Shoutbox
CVE-2007-4329 (Multiple PHP remote file inclusion vulnerabilities in Web News 1.1 ...)
	NOT-FOR-US: Web News
CVE-2007-4328 (Multiple PHP remote file inclusion vulnerabilities in Mapos Bilder ...)
	NOT-FOR-US: Bilder Galerie
CVE-2007-4327 (Multiple PHP remote file inclusion vulnerabilities in File Uploader ...)
	NOT-FOR-US: File Uploader
CVE-2007-4326 (Multiple PHP remote file inclusion vulnerabilities in Bilder Uploader ...)
	NOT-FOR-US: Bilder Uploader
CVE-2007-4325 (PHP remote file inclusion vulnerability in index.php in Gaestebuch 1.5 ...)
	NOT-FOR-US: Gaestebuch
CVE-2007-4324 (ActionScript 3 (AS3) in Adobe Flash Player 9.0.47.0, and other ...)
	- flashplugin-nonfree 9.0.115.0.1
	[etch] - flashplugin-nonfree 9.0.115.0.1~etch1
	[sarge] - flashplugin-nonfree <no-dsa> (Non-free not supported)
CVE-2007-4323 (DenyHosts 2.6 does not properly parse sshd log files, which allows ...)
	- denyhosts 2.6-2.1 (bug #438162; medium)
	[etch] - denyhosts 2.6-1etch1
CVE-2007-4322 (BlockHosts before 2.0.4 does not properly parse (1) sshd and (2) ...)
	NOT-FOR-US: BlockHosts
CVE-2007-4321 (fail2ban 0.8 and earlier does not properly parse sshd log files, which ...)
	{DSA-1456-1}
	- fail2ban 0.8.0-4 (bug #438187; medium)
CVE-2007-4320 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: Ncaster
CVE-2007-4319 (The management interface in ZyNOS firmware 3.62(WK.6) on the Zyxel ...)
	NOT-FOR-US: Zyxel
CVE-2007-4318 (Cross-site scripting (XSS) vulnerability in Forms/General_1 in the ...)
	NOT-FOR-US: Zyxel
CVE-2007-4317 (Multiple cross-site request forgery (CSRF) vulnerabilities in the ...)
	NOT-FOR-US: Zyxel
CVE-2007-4316 (The management interface in ZyNOS firmware 3.62(WK.6) on the Zyxel ...)
	NOT-FOR-US: Zyxel
CVE-2007-4315 (The AMD ATI atidsmxx.sys 3.0.502.0 driver on Windows Vista allows ...)
	NOT-FOR-US: ATI
CVE-2007-4314 (pixlie.php in Pixlie 1.7 allows remote attackers to trigger the ...)
	NOT-FOR-US: Pixlie
CVE-2007-4313 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: Php Blue Dragon CMS
CVE-2007-4312 (SQL injection vulnerability in index.php in Php Blue Dragon CMS 3.0.0 ...)
	NOT-FOR-US: Php Blue Dragon CMS
CVE-2007-4311 (The xfer_secondary_pool function in drivers/char/random.c in the Linux ...)
	{DSA-1503-2 DSA-1503-1}
	- linux-2.6 <not-affected> (buffer is local to the function that uses sizeof on it)
CVE-2007-4310 (The finger daemon (in.fingerd) in Sun Solaris 7 through 9 allows ...)
	NOT-FOR-US: Solaris
CVE-2007-4309 (IBM Lotus Notes 5.x through 7.0.2 allows user-assisted remote ...)
	NOT-FOR-US: IBM Lotus Notes
CVE-2007-4308 (The (1) aac_cfg_open and (2) aac_compat_ioctl functions in the SCSI ...)
	{DSA-1503-2 DSA-1504-1 DSA-1503-1 DSA-1363-1}
	- linux-2.6 2.6.22-4 (medium; bug #443694)
CVE-2007-4307 (Multiple cross-site scripting (XSS) vulnerabilities in Storesprite 7 ...)
	NOT-FOR-US: Storesprite
CVE-2007-4306 (Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin ...)
	- phpmyadmin <unfixed> (unimportant)
	[sarge] - phpmyadmin <not-affected>
	NOTE: It seems that this requires knowledge of a unguessable session token.
	NOTE: Confirmed by upstream. Sarge is not affected at all.
CVE-2007-4305 (Multiple race conditions in the (1) Sudo monitor mode and (2) Sysjail ...)
	NOT-FOR-US: NetBSD and OpenBSD
CVE-2007-4304 (CerbNG for FreeBSD 4.8 does not properly implement VM protection when ...)
	NOT-FOR-US: CerbNG for FreeBSD
CVE-2007-4303 (Multiple race conditions in (1) certain rules and (2) argument copying ...)
	NOT-FOR-US: CerbNG for FreeBSD
CVE-2007-4302 (Multiple race conditions in certain system call wrappers in Generic ...)
	NOT-FOR-US: Generic Software Wrappers Toolkit
CVE-2007-4301 (Multiple cross-site scripting (XSS) vulnerabilities in the management ...)
	NOT-FOR-US: WebCart
CVE-2007-4300
	RESERVED
CVE-2007-4299
	RESERVED
CVE-2007-4298
	RESERVED
CVE-2007-4297 (Multiple cross-site scripting (XSS) vulnerabilities in yorumkaydet.asp ...)
	NOT-FOR-US: Modulu
CVE-2007-4296 (Unspecified vulnerability in assp.pl in Anti-Spam SMTP Proxy Server ...)
	NOT-FOR-US: Anti-Spam SMTP Proxy Server
CVE-2007-4295 (Unspecified vulnerability in Cisco IOS 12.0 through 12.4 allows remote ...)
	NOT-FOR-US: Cisco
CVE-2007-4294 (Unspecified vulnerability in Cisco Unified Communications Manager ...)
	NOT-FOR-US: Cisco
CVE-2007-4293 (Cisco IOS 12.0 through 12.4 allows remote attackers to cause a denial ...)
	NOT-FOR-US: Cisco
CVE-2007-4292 (Multiple memory leaks in Cisco IOS 12.0 through 12.4 allow remote ...)
	NOT-FOR-US: Cisco
CVE-2007-4291 (Cisco IOS 12.0 through 12.4 allows remote attackers to cause a denial ...)
	NOT-FOR-US: Cisco
CVE-2007-4290 (** DISPUTED ** ...)
	NOT-FOR-US: Guestbook Script
CVE-2007-4289 (Sun Java System Portal Server 7.0 does not properly process XSLT ...)
	NOT-FOR-US: Sun Java System Portal Server
CVE-2007-4288 (Microsoft Windows Media Player 11 (wmplayer.exe) allows user-assisted ...)
	NOT-FOR-US: Microsoft
CVE-2007-4287 (PHP remote file inclusion vulnerability in fc_functions/fc_example.php ...)
	NOT-FOR-US: FishCart
CVE-2007-4286 (Buffer overflow in the Next Hop Resolution Protocol (NHRP) ...)
	NOT-FOR-US: Cisco
CVE-2007-4285 (Unspecified vulnerability in Cisco IOS and Cisco IOS XR 12.x up to ...)
	NOT-FOR-US: Cisco
CVE-2007-4284 (Multiple cross-site scripting (XSS) vulnerabilities in Cisco Unified ...)
	NOT-FOR-US: Cisco
CVE-2007-4283 (PHP remote file inclusion vulnerability in bridge/yabbse.inc.php in ...)
	NOT-FOR-US: Coppermine Photo Gallery (CPG)
CVE-2007-4282 (The &quot;Extended properties for entries&quot; (entryproperties) plugin in ...)
	- serendipity 1.1.4-1
	[etch] - serendipity <not-affected> (introduced in 1.1.x)
CVE-2007-4281 (Cross-site scripting (XSS) vulnerability in KnowledgeTree Open Source ...)
	- knowledgetree <removed>
CVE-2007-4279 (PHP remote file inclusion vulnerability in config.php in ...)
	NOT-FOR-US: FrontAccounting
CVE-2007-4278 (Stack-based buffer overflow in the giomgr process in ESRI ArcSDE ...)
	NOT-FOR-US: ESRI ArcSDE
CVE-2007-4277 (The Trend Micro AntiVirus scan engine before 8.550-1001, as used in ...)
	NOT-FOR-US: Trend Micro AntiVirus
CVE-2007-4276 (Stack-based buffer overflow in IBM DB2 UDB 8 before Fixpak 15 and 9.1 ...)
	NOT-FOR-US: IBM DB2
CVE-2007-4275 (Multiple untrusted search path vulnerabilities in IBM DB2 UDB 8 before ...)
	NOT-FOR-US: IBM DB2
CVE-2007-4274
	REJECTED
CVE-2007-4273 (IBM DB2 UDB 8 before Fixpak 15 and 9.1 before Fixpak 3 allows local ...)
	NOT-FOR-US: IBM DB2
CVE-2007-4272 (Multiple vulnerabilities in IBM DB2 UDB 8 before Fixpak 15 and 9.1 ...)
	NOT-FOR-US: IBM DB2
CVE-2007-4271 (Directory traversal vulnerability in IBM DB2 UDB 8 before Fixpak 15 ...)
	NOT-FOR-US: IBM DB2
CVE-2007-4270 (Multiple race conditions in IBM DB2 UDB 8 before Fixpak 15 and 9.1 ...)
	NOT-FOR-US: IBM DB2
CVE-2007-4269 (Integer overflow in the Networking component in Apple Mac OS X 10.4 ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2007-4268 (Integer signedness error in the Networking component in Apple Mac OS X ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2007-4267 (Stack-based buffer overflow in the Networking component in Apple Mac ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2007-4266
	RESERVED
CVE-2007-4265 (Multiple cross-site scripting (XSS) vulnerabilities in VisionProject ...)
	NOT-FOR-US: VisionProject
CVE-2007-4264 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...)
	NOT-FOR-US: snif
CVE-2007-4280 (The Skinny channel driver (chan_skinny) in Asterisk Open Source before ...)
	- asterisk 1:1.4.10~dfsg-1
	NOTE: http://ftp.digium.com/pub/asa/ASA-2007-019.html
	[sarge] - asterisk <not-affected> (not affected according to advisory)
	[etch] - asterisk <not-affected> (not affected according to advisory)
CVE-2007-4263 (Unspecified vulnerability in the server side of the Secure Copy (SCP) ...)
	NOT-FOR-US: Cisco
CVE-2007-4262 (Unrestricted file upload vulnerability in EZPhotoSales 1.9.3 and ...)
	NOT-FOR-US: EZPhotoSales
CVE-2007-4261 (EZPhotoSales 1.9.3 and earlier stores sensitive information under the ...)
	NOT-FOR-US: EZPhotoSales
CVE-2007-4260 (EZPhotoSales 1.9.3 and earlier has a default &quot;admin&quot; account for ...)
	NOT-FOR-US: EZPhotoSales
CVE-2007-4259 (EZPhotoSales 1.9.3 and earlier allows remote attackers to download ...)
	NOT-FOR-US: EZPhotoSales
CVE-2007-4258 (SQL injection vulnerability in directory.php in Prozilla Pub Site ...)
	NOT-FOR-US: Prozilla
CVE-2007-4257 (Multiple buffer overflows in Live for Speed (LFS) S1 and S2 allow ...)
	NOT-FOR-US: Live for Speed
CVE-2007-4256 (Directory traversal vulnerability in showpage.cgi in YNP Portal System ...)
	NOT-FOR-US: YNP Portal System
CVE-2007-4255 (Buffer overflow in the mSQL extension in PHP 5.2.3 allows ...)
	- php5 <unfixed> (unimportant)
	- php4 <removed> (unimportant)
	NOTE: Only exploitable by malicious script
CVE-2007-4254 (Stack-based buffer overflow in a certain ActiveX control in VDT70.DLL ...)
	NOT-FOR-US: Microsoft
CVE-2007-4253 (SQL injection vulnerability in the News module in modules.php in ...)
	NOT-FOR-US: Envolution
CVE-2007-4252 (Absolute path traversal vulnerability in a certain ActiveX control in ...)
	NOT-FOR-US: CHILKAT ASP String
CVE-2007-4251 (OpenOffice.org (OOo) 2.2 does not properly handle files with multiple ...)
	- openoffice.org (unimportant)
	NOTE: Only a crasher with malformed documents
CVE-2007-4250 (The isChecked function in Toolbar.DLL in Advanced Searchbar before ...)
	NOT-FOR-US: Advanced Searchbar
CVE-2007-4249 (The isChecked function in Toolbar.DLL in the ExportNation toolbar for ...)
	NOT-FOR-US: ExportNation toolbar
CVE-2007-4248 (The CallCmd function in toolbar_gaming.dll in the Toolbar Gaming ...)
	NOT-FOR-US: Toolbar Gaming toolbar
CVE-2007-4247 (Windows Calendar on Microsoft Windows Vista allows remote attackers to ...)
	NOT-FOR-US: Microsoft
CVE-2007-4246 (Unspecified vulnerability, possibly a buffer overflow, in Justsystem ...)
	NOT-FOR-US: Justsystem Ichitaro
CVE-2007-4245 (Cross-site scripting (XSS) vulnerability in Search.php in DiMeMa ...)
	NOT-FOR-US: DiMeMa CONTENTdm
CVE-2007-4244 (PHP remote file inclusion vulnerability in langset.php in J! ...)
	NOT-FOR-US: Joomla
CVE-2007-4243 (Unspecified vulnerability in pfilter-reporter.pl in Astaro Security ...)
	NOT-FOR-US: Astaro Security Gateway
CVE-2007-4242 (The pop3 Proxy in Astaro Security Gateway (ASG) 7 does not perform ...)
	NOT-FOR-US: Astaro Security Gateway
CVE-2007-4241 (Buffer overflow in ldcconn in Hewlett-Packard (HP) Controller for ...)
	NOT-FOR-US: Hewlett-Packard
CVE-2007-4240 (The check_logout function in class/auth.php in Help Center Live (hcl) ...)
	NOT-FOR-US: Help Center Live
CVE-2007-4239 (Cross-site scripting (XSS) vulnerability in user/forgotPassStep2.jsp ...)
	NOT-FOR-US: C-SAM oneWallet
CVE-2007-4238 (AIX 5.2 and 5.3 install pioinit with user and group ownership of bin, ...)
	NOT-FOR-US: AIX
CVE-2007-4237 (Buffer overflow in the atm subset in arp in devices.common.IBM.atm.rte ...)
	NOT-FOR-US: AIX
CVE-2007-4236 (Buffer overflow in lpd in bos.rte.printers in AIX 5.2 and 5.3 allows ...)
	NOT-FOR-US: AIX
CVE-2007-4235 (Multiple PHP remote file inclusion vulnerabilities in VietPHP allow ...)
	NOT-FOR-US: VietPHP
CVE-2007-4234 (Unspecified vulnerability in Camera Life before 2.6 allows remote ...)
	NOT-FOR-US: Camera Life
CVE-2007-4233 (Multiple unspecified vulnerabilities in Camera Life before 2.6 allow ...)
	NOT-FOR-US: Camera Life
CVE-2007-4232 (PHP remote file inclusion vulnerability in admin/inc/change_action.php ...)
	NOT-FOR-US: PHPNews
CVE-2007-4231 (PHP remote file inclusion vulnerability in order/login.php in IDevSpot ...)
	NOT-FOR-US: PhpHostBot
CVE-2007-4230 (** DISPUTED ** ...)
	NOT-FOR-US: BellaBiblio
CVE-2007-4229 (Unspecified vulnerability in KDE Konqueror 3.5.7 and earlier allows ...)
	- kdebase <unfixed> (unimportant)
	NOTE: Browser DoS not treated as vulnerabilities
CVE-2007-4228 (rmpvc on IBM AIX 4.3 allows local users to cause a denial of service ...)
	NOT-FOR-US: AIX
CVE-2007-4227 (Microsoft Windows Explorer (explorer.exe) allows user-assisted remote ...)
	NOT-FOR-US: Microsoft
CVE-2007-4226 (Directory traversal vulnerability in the BlueCat Networks Proteus IPAM ...)
	NOT-FOR-US: BlueCat Networks Proteus IPAM appliance
CVE-2007-4225 (Visual truncation vulnerability in KDE Konqueror 3.5.7 allows remote ...)
	- kdebase 4:3.5.7-3 (bug #433072; low)
	[sarge] - kdebase <no-dsa> (Minor issue)
	[etch] - kdebase <no-dsa> (Minor issue)
CVE-2007-4224 (KDE Konqueror 3.5.7 allows remote attackers to spoof the URL address ...)
	- kdebase 4:3.5.7-3 (bug #433072; low)
	[sarge] - kdebase <no-dsa> (Minor issue)
	[etch] - kdebase <no-dsa> (Minor issue)
CVE-2007-4223 (Dbgv.sys in Microsoft Sysinternals DebugView before 4.72 provides an ...)
	NOT-FOR-US: Microsoft Sysinternals DebugView
CVE-2007-4222 (Buffer overflow in the TagAttributeListCopy function in nnotes.dll in ...)
	NOT-FOR-US: IBM Lotus Notes
CVE-2007-4221 (Multiple buffer overflows in Motorola Timbuktu Pro before 8.6.5 for ...)
	NOT-FOR-US: Motorola Timbuktu
CVE-2007-4220 (Directory traversal vulnerability in Motorola Timbuktu Pro before ...)
	NOT-FOR-US: Motorola Timbuktu
CVE-2007-4219 (Integer overflow in the RPCFN_SYNC_TASK function in StRpcSrv.dll, as ...)
	NOT-FOR-US: Trend Micro ServerProtect
CVE-2007-4218 (Multiple buffer overflows in the ServerProtect service (SpntSvc.exe) ...)
	NOT-FOR-US: Trend Micro ServerProtect
CVE-2007-4217 (Stack-based buffer overflow in the domacro function in ftp in IBM AIX ...)
	NOT-FOR-US: IBM AIX
CVE-2007-4216 (vsdatant.sys 6.5.737.0 in Check Point Zone Labs ZoneAlarm before ...)
	NOT-FOR-US: ZoneAlarm
CVE-2007-4215
	RESERVED
CVE-2007-4214
	RESERVED
CVE-2007-4213 (Palm OS on Treo 650, 680, 700p, and 755p Smart phones allows remote ...)
	NOT-FOR-US: Palm OS
CVE-2007-4212 (Multiple cross-site scripting (XSS) vulnerabilities in the Search ...)
	NOT-FOR-US: PHP-Nuke
CVE-2007-4211 (The ACL plugin in Dovecot before 1.0.3 allows remote authenticated ...)
	- dovecot 1:1.0.3-2 (low)
	[etch] - dovecot <no-dsa> (minor issue)
	[sarge] - dovecot <no-dsa> (minor issue)
CVE-2007-4210 (Multiple SQL injection vulnerabilities in module.php in LANAI (la-nai) ...)
	NOT-FOR-US: LANAI CMS
CVE-2007-4209 (SQL injection vulnerability in Recherche.php in Aceboard forum allows ...)
	NOT-FOR-US: Aceboard forum
CVE-2007-4208 (SQL injection vulnerability in default.asp in Next Gen Portfolio ...)
	NOT-FOR-US: Next Gen Portfolio Manager
CVE-2007-4207 (SQL injection vulnerability in admin_console/index.asp in Gallery In A ...)
	NOT-FOR-US: Gallery In A Box
CVE-2007-4206 (Kaspersky Anti-Spam 3.0 MP1 before Critical Fix 2 (3.0.278.4) sets ...)
	NOT-FOR-US: Kaspersky Anti-Spam
CVE-2007-4205 (XHA (Linux-HA) on the BlueCat Networks Adonis DNS/DHCP Appliance ...)
	NOT-FOR-US: BlueCat Networks Adonis
CVE-2007-4204 (Hitachi Groupmax Collaboration - Schedule, as used in Groupmax ...)
	NOT-FOR-US: Hitachi Groupmax Collaboration
CVE-2007-4203 (Session fixation vulnerability in Mambo 4.6.2 CMS allows remote ...)
	NOT-FOR-US: Mambo
CVE-2007-4202 (Guidance Software EnCase Enterprise Edition (EEE) 6 does not properly ...)
	NOT-FOR-US: Guidance Software EnCase
CVE-2007-4201 (Guidance Software EnCase 6.2 and 6.5 does not properly handle a volume ...)
	NOT-FOR-US: Guidance Software EnCase
CVE-2007-4200 (ntfs.c in fsstat in Brian Carrier The Sleuth Kit (TSK) before 2.09 ...)
	- sleuthkit 2.09-1 (unimportant)
	NOTE: Labelling this as a security problem is a bit far-fetched.
CVE-2007-4199 (Brian Carrier The Sleuth Kit (TSK) before 2.09 allows user-assisted ...)
	- sleuthkit 2.09-1 (unimportant)
	NOTE: Labelling this as a security problem is a bit far-fetched.
CVE-2007-4198 (The fs_data_put_str function in ntfs.c in fls in Brian Carrier The ...)
	- sleuthkit 2.09-1 (unimportant)
	NOTE: Labelling this as a security problem is a bit far-fetched.
CVE-2007-4197 (icat in Brian Carrier The Sleuth Kit (TSK) before 2.09 omits NULL ...)
	- sleuthkit 2.09-1 (unimportant)
	NOTE: Labelling this as a security problem is a bit far-fetched.
CVE-2007-4196 (icat in Brian Carrier The Sleuth Kit (TSK) before 2.09 misinterprets a ...)
	- sleuthkit 2.09-1 (unimportant)
	NOTE: Labelling this as a security problem is a bit far-fetched.
CVE-2007-4195 (Use-after-free vulnerability in ext2fs.c in Brian Carrier The Sleuth ...)
	- sleuthkit 2.09-1 (unimportant)
	NOTE: Labelling this as a security problem is a bit far-fetched.
CVE-2007-4194 (Guidance Software EnCase 5.0 allows user-assisted remote attackers to ...)
	NOT-FOR-US: Guidance Software EnCase
CVE-2007-4193 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...)
	NOT-FOR-US: DVD Rental System
CVE-2007-4192 (Multiple cross-site scripting (XSS) vulnerabilities in IDE Group DVD ...)
	NOT-FOR-US: DVD Rental System
CVE-2007-4191 (Panda Antivirus 2008 stores service executables under the product's ...)
	NOT-FOR-US: Panda Antivirus
CVE-2007-4190 (CRLF injection vulnerability in Joomla! before 1.0.13 (aka Sunglow) ...)
	NOT-FOR-US: Joomla
CVE-2007-4189 (Multiple cross-site scripting (XSS) vulnerabilities in Joomla! before ...)
	NOT-FOR-US: Joomla
CVE-2007-4188 (Session fixation vulnerability in Joomla! before 1.0.13 (aka Sunglow) ...)
	NOT-FOR-US: Joomla
CVE-2007-4187 (Multiple eval injection vulnerabilities in the com_search component in ...)
	NOT-FOR-US: Joomla
CVE-2007-4186 (PHP remote file inclusion vulnerability in admin.tour_toto.php in the ...)
	NOT-FOR-US: Joomla! addon
CVE-2007-4185 (Joomla! 1.0.12 allows remote attackers to obtain sensitive information ...)
	NOT-FOR-US: Joomla
CVE-2007-4184 (SQL injection vulnerability in administrator/popups/pollwindow.php in ...)
	NOT-FOR-US: Joomla
CVE-2007-4183 (SQL injection vulnerability in main.php in paBugs 2.0 Beta 3 and ...)
	NOT-FOR-US: paBugs
CVE-2007-4182 (Unrestricted file upload vulnerability in index.php in WikiWebWeaver ...)
	NOT-FOR-US: WikiWebWeaver
CVE-2007-4181 (** DISPUTED ** ...)
	NOT-FOR-US: Pluck
CVE-2007-4180 (** DISPUTED ** ...)
	NOT-FOR-US: Pluck
CVE-2007-4179 (Unspecified vulnerability in the Address and Routing Parameter Area ...)
	NOT-FOR-US: HPUX
CVE-2007-4178 (Cross-site scripting (XSS) vulnerability in index.php in WebDirector ...)
	NOT-FOR-US: Webdirector
CVE-2007-4177 (Multiple cross-site scripting (XSS) vulnerabilities in Interact before ...)
	NOT-FOR-US: Interact
CVE-2007-4176 (Multiple unspecified vulnerabilities in EQDKP Plus before 0.4.4.5 have ...)
	NOT-FOR-US: EQDKP Plus
CVE-2007-4175 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...)
	NOT-FOR-US: Openrat CMS
CVE-2007-4174 (Tor before 0.1.2.16, when ControlPort is enabled, does not properly ...)
	- tor 0.1.2.16-1 (medium)
CVE-2007-4173 (SQL injection vulnerability in duyuruoku.asp in Hunkaray Okul Portali ...)
	NOT-FOR-US: Hunkaray Okul Portali
CVE-2007-4172 (Multiple cross-site scripting (XSS) vulnerabilities in Open Webmail ...)
	NOT-FOR-US: Openwebmail
CVE-2007-4171 (SQL injection vulnerability in komentar.php in the Forum Module for ...)
	NOT-FOR-US: Aura CMS
CVE-2007-4170 (Multiple PHP remote file inclusion vulnerabilities in AL-Athkar 2.0 ...)
	NOT-FOR-US: AL-Athkar
CVE-2007-4169 (** DISPUTED ** ...)
	NOT-FOR-US: vgallite
CVE-2007-4167 (PHP remote file inclusion vulnerability in cat_viewed.php in ...)
	NOT-FOR-US: AL-Caricatier
CVE-2007-4166 (Cross-site scripting (XSS) vulnerability in index.php in the Unnamed ...)
	NOT-FOR-US: Xu Yiyang
CVE-2007-4165 (Cross-site scripting (XSS) vulnerability in index.php in the Blue ...)
	- wordpress <not-affected> (Wordpress doesn't ship this theme)
CVE-2007-4164 (CRLF injection vulnerability in the redirect feature in Sun Java ...)
	NOT-FOR-US: IndexScript
CVE-2007-4163 (Multiple SQL injection vulnerabilities in IndexScript 2.7 and 2.8 ...)
	NOT-FOR-US: IndexScript
CVE-2007-4162 (TIBCO Rendezvous (RV) 7.5.2 does not protect confidentiality or ...)
	NOT-FOR-US: TIBCO Rendezvous (RV)
CVE-2007-4161 (rvd in TIBCO Rendezvous (RV) 7.5.2, when -no-lead-wc is omitted, might ...)
	NOT-FOR-US: TIBCO Rendezvous (RV)
CVE-2007-4160 (The default configuration of TIBCO Rendezvous (RV) 7.5.2 clients, when ...)
	NOT-FOR-US: TIBCO Rendezvous (RV)
CVE-2007-4159 (index.html in the HTTP administration interface in certain daemons in ...)
	NOT-FOR-US: TIBCO Rendezvous (RV)
CVE-2007-4158 (Memory leak in TIBCO Rendezvous (RV) daemon (rvd) 7.5.2, 7.5.3 and ...)
	NOT-FOR-US: TIBCO Rendezvous (RV)
CVE-2007-4157 (PHPBlogger stores sensitive information under the web root with ...)
	NOT-FOR-US: PHPBlogger
CVE-2007-4156 (Multiple SQL injection vulnerabilities in wolioCMS allow remote ...)
	NOT-FOR-US: wolioCMS
CVE-2007-4155 (Absolute path traversal vulnerability in a certain ActiveX control in ...)
	- vmware-package 0.16
CVE-2007-4154 (SQL injection vulnerability in options.php in WordPress 2.2.1 allows ...)
	{DSA-1564-1}
	- wordpress 2.2.2-1
CVE-2007-4153 (Multiple cross-site scripting (XSS) vulnerabilities in WordPress 2.2.1 ...)
	{DSA-1564-1}
	- wordpress 2.2.2-1 (low)
	NOTE: see issue 4690 and 4691 in wordpress trac
CVE-2007-4152 (The Visionsoft Audit on Demand Service (VSAOD) in Visionsoft Audit ...)
	NOT-FOR-US: Visionsoft Audit on Demand Service
CVE-2007-4151 (The Visionsoft Audit on Demand Service (VSAOD) in Visionsoft Audit ...)
	NOT-FOR-US: Visionsoft Audit on Demand Service
CVE-2007-4150 (The Visionsoft Audit on Demand Service (VSAOD) in Visionsoft Audit ...)
	NOT-FOR-US: Visionsoft Audit on Demand Service
CVE-2007-4149 (The Visionsoft Audit on Demand Service (VSAOD) in Visionsoft Audit ...)
	NOT-FOR-US: Visionsoft Audit on Demand Service
CVE-2007-4148 (Heap-based buffer overflow in the Visionsoft Audit on Demand Service ...)
	NOT-FOR-US: Visionsoft Audit on Demand Service
CVE-2007-4147 (Multiple unspecified vulnerabilities in Interspire ArticleLive NX ...)
	NOT-FOR-US: Interspire ArticleLive NX
CVE-2007-4146 (Cross-site scripting (XSS) vulnerability in webevent.cgi in WebEvent ...)
	NOT-FOR-US: WebEvent
CVE-2007-4145 (Heap-based buffer overflow in the BlueSkychat (BlueSkyCat) ActiveX ...)
	NOT-FOR-US: BlueSkychat
CVE-2007-4144 (Cross-site scripting (XSS) vulnerability in ...)
	NOT-FOR-US: MitriDAT eMail Form Processor Pro
CVE-2007-4143 (user.php in the Billing Control Panel in phpCoupon allows remote ...)
	NOT-FOR-US: Billing Control Panel in phpCoupon
CVE-2007-4142 (Cross-site scripting (XSS) vulnerability in IBM Lotus Sametime Server ...)
	NOT-FOR-US: BM Lotus Sametime Server
CVE-2007-4141 (OpenRat CMS 0.8-beta1 and earlier allows remote attackers to obtain ...)
	NOT-FOR-US: OpenRat CMS
CVE-2007-4140 (Buffer overflow in Live for Speed (LFS) S2 ALPHA PATCH 0.5x allows ...)
	NOT-FOR-US: Live for Speed
CVE-2007-4139 (Cross-site scripting (XSS) vulnerability in the Temporary Uploads ...)
	NOT-FOR-US: Temporary Uploads
CVE-2007-4138 (The Winbind nss_info extension (nsswitch/idmap_ad.c) in idmap_ad.so in ...)
	- samba 3.0.26-1
	[etch] - samba <not-affected> (Vulnerable code was introduced in 3.0.25)
	[sarge] - samba <not-affected> (Vulnerable code was introduced in 3.0.25)
CVE-2007-4137 (Off-by-one error in the QUtf8Decoder::toUnicode function in Trolltech ...)
	{DSA-1426-1}
	- qt-x11-free 3:3.3.7-8 (medium; bug #442780)
	- qt4-x11 <not-affected> (Not exploitable according to upstream)
CVE-2007-4136 (The ricci daemon in Red Hat Conga 0.10.0 allows remote attackers to ...)
	NOT-FOR-US: Conga
CVE-2007-4135 (The NFSv4 ID mapper (nfsidmap) before 0.17 does not properly handle ...)
	- libnfsidmap 0.18-0 (low; bug #442935)
	NOTE: https://issues.rpath.com/browse/RPL-1731
CVE-2007-4134 (Directory traversal vulnerability in extract.c in star before 1.5a84 ...)
	- star 1.5a67-1.1 (bug #440100; low)
	[etch] - star <no-dsa> (Minor issue)
CVE-2007-4133 (The (1) hugetlb_vmtruncate_list and (2) hugetlb_vmtruncate functions ...)
	{DSA-1504-1 DSA-1381-2}
	- linux-2.6 2.6.20-1
CVE-2007-4132 (Unspecified vulnerability in Red Hat Network Satellite Server 5.0.0 ...)
	NOT-FOR-US: Red Hat Satellite Server
CVE-2007-4131 (Directory traversal vulnerability in the contains_dot_dot function in ...)
	{DSA-1438-1}
	- tar 1.18-2 (medium; bug #439335)
CVE-2007-4130 (The Linux kernel 2.6.9 before 2.6.9-67 in Red Hat Enterprise Linux ...)
	- linux-2.6 2.6.12-1 (low)
	NOTE: a fix is included in 2.6, see line 854 mempolicy.c
	NOTE: it was maybe fixed earlier, 2.6.12 is the first version in git
	NOTE: which I can see and ships the fix
CVE-2007-4129 (CoolKey 1.1.0 allows local users to overwrite arbitrary files via a ...)
	- coolkey 1.1.0-3
CVE-2007-4128 (SQL injection vulnerability in index.php in the Firestorm Technologies ...)
	NOT-FOR-US: com_gmaps for Joomla!
CVE-2007-4127 (** DISPUTED ** ...)
	NOT-FOR-US: Ralf Image Gallery
CVE-2007-4126 (Unspecified vulnerability in the dynamic tracing framework (DTrace) on ...)
	NOT-FOR-US: Sun Solaris
CVE-2007-4125 (Unspecified vulnerability in the Address and Routing Parameter Area ...)
	NOT-FOR-US: HP-UX
CVE-2007-4124 (The session failover function in Cosminexus Component Container in ...)
	NOT-FOR-US: Cosminexus
CVE-2007-4123 (The Groupmax Scheduler_Facilities management tool in Hitachi Groupmax ...)
	NOT-FOR-US: Hitachi Groupmax
CVE-2007-4122 (Unspecified vulnerability in Hitachi JP1/Cm2/Hierarchical Viewer (HV) ...)
	NOT-FOR-US: Hitachi Hierarchical Viewer
CVE-2007-4121 (Multiple SQL injection vulnerabilities in admin.aspx in E-Commerce ...)
	NOT-FOR-US: E-Commerce Scripts Shopping Cart Script
CVE-2007-4120 (** DISPUTED ** ...)
	NOT-FOR-US: vBulletin
CVE-2007-4119 (Multiple SQL injection vulnerabilities in yonetici.asp in Berthanas ...)
	NOT-FOR-US: Defteri
CVE-2007-4118 (PHP remote file inclusion vulnerability in includes/functions.inc.php ...)
	NOT-FOR-US: phpVoter
CVE-2007-4117 (** DISPUTED ** ...)
	NOT-FOR-US: phpVoter
CVE-2005-4860 (Spectrum Cash Receipting System before 6.504 uses weak cryptography ...)
	NOT-FOR-US: Spectrum Cash Receipting System
CVE-2007-XXXX [teamspeak-server arbitrary file disclosure]
	- teamspeak-server 2.0.23.19-1 (bug #435707; medium)
CVE-2007-XXXX [tor insufficient authentication on control port]
	- tor 0.1.2.16-1
CVE-2007-4116 (SQL injection vulnerability in philboard_forum.asp in Metyus Forum ...)
	NOT-FOR-US: Metyus Forum Portal
CVE-2007-4115 (Multiple cross-site scripting (XSS) vulnerabilities in IT!CMS (itcms) ...)
	NOT-FOR-US: IT!CMS (itcms)
CVE-2007-4114 (Multiple SQL injection vulnerabilities in unuttum.asp in ...)
	NOT-FOR-US: SuskunDuygular Uyelik Sistemi
CVE-2007-4113 (Unspecified vulnerability in Advanced Webhost Billing System (AWBS) ...)
	NOT-FOR-US: Advanced Webhost Billing System (AWBS)
CVE-2007-4112 (Multiple SQL injection vulnerabilities in Advanced Webhost Billing ...)
	NOT-FOR-US: Advanced Webhost Billing System (AWBS)
CVE-2007-4111 (SQL injection vulnerability in the login script in Real Estate listing ...)
	NOT-FOR-US: Real Estate listing website
CVE-2007-4110 (SQL injection vulnerability in sign_in.aspx in Message Board / ...)
	NOT-FOR-US: Message Board / Threaded Discussion Forum Application Template
CVE-2007-4109 (SQL injection vulnerability in sign_in.aspx in WebStore (Online Store ...)
	NOT-FOR-US: WebStore (Online StoreWebStore (Online Store Application Template)
CVE-2007-4108 (SQL injection vulnerability in sign_in.aspx in WebEvents (Online Event ...)
	NOT-FOR-US: WebEvents (Online Event Registration Template)
CVE-2007-4107 (SQL injection vulnerability in editpost.php in phpMyForum before 4.1.4 ...)
	NOT-FOR-US: phpMyForum
CVE-2007-4106 (SQL injection vulnerability in login.asp in CodeWidgets Pay Roll - ...)
	NOT-FOR-US: CodeWidgets Pay Roll - Time Sheet and Punch Card Application With Web Interface
CVE-2007-4105 (A certain ActiveX control in BaiduBar.dll in Baidu Soba Search Bar 5.4 ...)
	NOT-FOR-US: Baidu Soba Search Bar
CVE-2007-4104 (Multiple cross-site scripting (XSS) vulnerabilities in the ...)
	NOT-FOR-US: WP-FeedStats plugin for WordPress
CVE-2007-4103 (The IAX2 channel driver (chan_iax2) in Asterisk Open 1.2.x before ...)
	- asterisk 1:1.4.9~dfsg-1
	[etch] - asterisk <not-affected> (Only 1.2.20, 1.2.21, 1.2.21.1 and 1.2.22 affected)
	[sarge] - asterisk <not-affected> (1.0 not affected)
CVE-2007-4102 (Cross-site scripting (XSS) vulnerability in search.php for sBlog 0.7.3 ...)
	NOT-FOR-US: sBlog
CVE-2007-4101 (Multiple PHP remote file inclusion vulnerabilities in Madoa Poll 1.1 ...)
	NOT-FOR-US: Madoa Poll
CVE-2007-4100 (MLDonkey before 2.9.0 does not load certain code from ...)
	- mldonkey 2.9.0-1 (bug #435439)
	[etch] - mldonkey <no-dsa> (Minor issue)
CVE-2007-4099 (Tor before 0.1.2.15 can select a guard node beyond the first listed ...)
	- tor 0.1.2.15-1
CVE-2007-4098 (Tor before 0.1.2.15 does not properly distinguish &quot;streamids from ...)
	- tor 0.1.2.15-1
CVE-2007-4097 (Tor before 0.1.2.15 sends &quot;destroy cells&quot; containing the reason for ...)
	- tor 0.1.2.15-1
CVE-2007-4096 (Buffer overflow in Tor before 0.1.2.15, when using BSD natd support, ...)
	- tor 0.1.2.15-1
CVE-2007-4095 (SQL injection vulnerability in BSM Store Dependent Forums 1.02 allows ...)
	NOT-FOR-US: BSM Store Dependent Forums
CVE-2007-4094 (PHP remote file inclusion vulnerability in library/authorize.php in ...)
	NOT-FOR-US: IDevSpot PhpHostBot
CVE-2007-4093 (Minb Is Not a Blog (minb) stores sensitive information under the web ...)
	NOT-FOR-US: Minb Is Not a Blog (minb)
CVE-2007-4092 (Directory traversal vulnerability in index.php in iFoto 1.0.1 and ...)
	NOT-FOR-US: iFoto
CVE-2007-4091 (Multiple off-by-one errors in the sender.c in rsync 2.6.9 might allow ...)
	{DSA-1360-1}
	- rsync 2.6.9-5 (bug #438125; medium)
CVE-2007-4090 (Multiple cross-site scripting (XSS) vulnerabilities in Vikingboard ...)
	NOT-FOR-US: Vikingboard
CVE-2007-4089 (Vikingboard 0.1.2 allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: Vikingboard
CVE-2007-4088 (Multiple cross-site scripting (XSS) vulnerabilities in Vikingboard ...)
	NOT-FOR-US: Vikingboard
CVE-2007-4087 (AlstraSoft Video Share Enterprise allows remote attackers to obtain ...)
	NOT-FOR-US: AlstraSoft Video Share Enterprise
CVE-2007-4086 (Multiple SQL injection vulnerabilities in AlstraSoft Video Share ...)
	NOT-FOR-US: AlstraSoft Video Share Enterprise
CVE-2007-4085 (Multiple SQL injection vulnerabilities in AlstraSoft AskMe Pro allow ...)
	NOT-FOR-US: AlstraSoft AskMe Pro
CVE-2007-4084 (Multiple SQL injection vulnerabilities in AlstraSoft Affiliate Network ...)
	NOT-FOR-US: AlstraSoft Affiliate Network
CVE-2007-4083 (Multiple cross-site scripting (XSS) vulnerabilities in AlstraSoft ...)
	NOT-FOR-US: AlstraSoft AskMe Pro
CVE-2007-4082 (Cross-site scripting (XSS) vulnerability in contact_author.php ...)
	NOT-FOR-US: AlstraSoft Article Manager Pro
CVE-2007-4081 (Multiple cross-site scripting (XSS) vulnerabilities in AlstraSoft ...)
	NOT-FOR-US: AlstraSoft Affiliate Network Pro
CVE-2007-4080 (Cross-site scripting (XSS) vulnerability in index.php AlstraSoft ...)
	NOT-FOR-US: AlstraSoft
CVE-2007-4079 (Multiple cross-site scripting (XSS) vulnerabilities in AlstraSoft SMS ...)
	NOT-FOR-US: AlstraSoft
CVE-2007-4078 (Multiple cross-site scripting (XSS) vulnerabilities in AlstraSoft Text ...)
	NOT-FOR-US: AlstraSoft
CVE-2007-4077 (Multiple cross-site scripting (XSS) vulnerabilities in AlstraSoft ...)
	NOT-FOR-US: AlstraSoft
CVE-2007-4076 (Multiple SQL injection vulnerabilities in index.asp in Alisveris ...)
	NOT-FOR-US: Alisveris Sitesi Scripti
CVE-2007-4075 (Cross-site scripting (XSS) vulnerability in index.asp in Alisveris ...)
	NOT-FOR-US: Alisveris Sitesi Scripti
CVE-2007-4074 (The default configuration of Centre for Speech Technology Research ...)
	- festival 1.96~beta-6 (bug #435445; low)
	[etch] - festival <no-dsa> (Minor issue)
CVE-2007-4073 (Webbler CMS before 3.1.6 does not properly restrict use of &quot;mail a ...)
	NOT-FOR-US: Webbler CMS
CVE-2007-4072 (Webbler CMS before 3.1.6 provides the full installation path within ...)
	NOT-FOR-US: Webbler CMS
CVE-2007-4071 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
	NOT-FOR-US: Webbler CMS
CVE-2007-4070 (Unspecified vulnerability in Low Bandwidth X proxy (lbxproxy) on Sun ...)
	- lbxproxy <removed>
CVE-2007-4069 (SQL injection vulnerability in show_cat.php in IndexScript 2.8 and ...)
	NOT-FOR-US: IndexScript
CVE-2007-4068 (Multiple SQL injection vulnerabilities in Webyapar 2.0 allow remote ...)
	NOT-FOR-US: Webyapar
CVE-2007-4067 (Absolute path traversal vulnerability in the clInetSuiteX6.clWebDav ...)
	NOT-FOR-US: Clever Internet ActiveX Suite
CVE-2007-4066 (Multiple buffer overflows in Xiph.Org libvorbis before 1.2.0 allow ...)
	{DSA-1471-1}
	- libvorbis 1.2.0.dfsg-1
	NOTE: svn revisionsions fixing this: https://bugzilla.redhat.com/show_bug.cgi?id=249780
CVE-2007-4065 (lib/vorbisfile.c in libvorbisfile in Xiph.Org libvorbis before 1.2.0 ...)
	{DSA-1471-1}
	- libvorbis 1.2.0.dfsg-1 (unimportant)
	NOTE: Just an infinite loop in an enduser multimedia libarary, not treated as a vulnerability
	NOTE: svn revisionions fixing this: https://bugzilla.redhat.com/show_bug.cgi?id=249780
CVE-2007-4064 (Multiple cross-site scripting (XSS) vulnerabilities in Drupal 5.x ...)
	- drupal 4.7.7-1 (low)
	- drupal5 5.2-1 (low)
	[sarge] - drupal <not-affected> (Only Drupal 5.x is affected)
CVE-2007-4063 (Multiple cross-site request forgery (CSRF) vulnerabilities in Drupal ...)
	- drupal5 5.2-1 (low)
	NOTE: DRUPAL-SA-2007-017
CVE-2007-4062 (The SCANCTRL.ScanCtrlCtrl.1 ActiveX control in scan.dll in Nessus ...)
	- nessus-core <not-affected> (Windows only)
CVE-2007-4061 (Directory traversal vulnerability in a certain ActiveX control in ...)
	- nessus-core <not-affected> (Windows only)
CVE-2007-4060 (Multiple buffer overflows in the HttpSprockMake function in http.c in ...)
	NOT-FOR-US: corehttp
CVE-2007-4059 (Absolute path traversal vulnerability in a certain ActiveX control in ...)
	- vmware-package 0.16
CVE-2007-4058 (Absolute path traversal vulnerability in a certain ActiveX control in ...)
	- vmware-package 0.16
CVE-2007-4057 (Unrestricted file upload vulnerability in pfs.php in Neocrome Seditio ...)
	NOT-FOR-US: Neocrome Seditio
CVE-2007-4056 (SQL injection vulnerability in directory.php in Prozilla Adult ...)
	NOT-FOR-US: Adult Directory
CVE-2007-4055 (SQL injection vulnerability in comments_get.asp in SimpleBlog 3.0 ...)
	NOT-FOR-US: SimpleBlog
CVE-2007-4054 (SQL injection vulnerability in category.php in PHP123 Top Sites allows ...)
	NOT-FOR-US: PHP123 Top Sites
CVE-2007-4053 (SQL injection vulnerability in include/img_view.class.php in LinPHA ...)
	NOT-FOR-US: LinPHA
CVE-2007-4052 (Cross-site scripting (XSS) vulnerability in utilities/login.asp in ...)
	NOT-FOR-US: nukedit
CVE-2007-4051 (Heap-based buffer overflow in the FindFiles function in UltraDefrag ...)
	NOT-FOR-US: UltraDefrag
CVE-2007-4050 (Unspecified vulnerability in WebUI in ADempiere Bazaar before 3.3 beta ...)
	NOT-FOR-US: ADempiere Bazaar
CVE-2007-4049
	REJECTED
CVE-2007-4048 (Cross-site scripting (XSS) vulnerability in index.php in phpSysInfo ...)
	{DTSA-58-1}
	- phpsysinfo 2.5.1-6.1 (unimportant; bug #435935)
	- phpgroupware 0.9.16.012-1 (low; bug #435936)
	[etch] - phpgroupware <not-affected> (Affected code is not used in phpgroupware)
	- egroupware 1.2.107-2.dfsg-1.1 (low; bug #435937)
	NOTE: phpsysinfo alone doesn't maintain any data, which makes this an issue
CVE-2007-4047 (geoBlog (aka BitDamaged) 1 does not require authentication for (1) ...)
	NOT-FOR-US: geoBlog
CVE-2007-4046 (SQL injection vulnerability in index.php in the Pony Gallery ...)
	NOT-FOR-US: Pony Gallery
CVE-2007-4045 (The CUPS service, as used in SUSE Linux before 20070720 and other ...)
	- cupsys 1.2
	- cups 1.2 
	NOTE: Since 1.2 allocation has changed and this issue is no longer exploitable
CVE-2007-4044
	REJECTED
CVE-2007-4043 (file.cgi in Secure Computing SecurityReporter (aka Network Security ...)
	NOT-FOR-US: Secure Computing SecurityReporter
CVE-2007-4042 (Multiple argument injection vulnerabilities in Netscape Navigator 9 ...)
	NOT-FOR-US: Netscape Navigator
CVE-2007-4041 (Multiple argument injection vulnerabilities in Mozilla Firefox 2.0.0.5 ...)
	{DSA-1346-1 DSA-1345-1 DSA-1344-1 DTSA-51-1 DTSA-52-1 DTSA-53-1}
	- iceweasel 2.0.0.6-1
CVE-2007-4040 (Argument injection vulnerability involving Microsoft Outlook and ...)
	NOT-FOR-US: Micrsoft Outlook
CVE-2007-4039 (Argument injection vulnerability involving Mozilla, when certain URIs ...)
	- icedove <not-affected> (Windows-specific)
CVE-2007-4038 (Argument injection vulnerability in Mozilla Firefox before 2.0.0.5, ...)
	{DSA-1338-1}
	- iceweasel 2.0.0.5-1
CVE-2007-4037 (** DISPUTED ** ...)
	NOT-FOR-US: Guidance Software
CVE-2007-4036 (** DISPUTED ** ...)
	NOT-FOR-US: Guidance Software
CVE-2007-4035 (** DISPUTED ** ...)
	NOT-FOR-US: Guidance Software
CVE-2007-4034 (Stack-based buffer overflow in the YDPCTL.YDPControl.1 (aka Yahoo! ...)
	NOT-FOR-US: Yahoo! Widgets
CVE-2007-4033 (Buffer overflow in the intT1_EnvGetCompletePath function in ...)
	{DSA-1390-1}
	- t1lib 5.1.0-3 (bug #439927)
	NOTE: originally posted as a php vuln, actually in libt1
	NOTE: http://www.securityfocus.com/bid/25079 (particularly the discussions)
CVE-2007-4032 (Buffer overflow in CrystalPlayer Pro 1.98 allows user-assisted remote ...)
	NOT-FOR-US: CrystalPlayer
CVE-2007-4031 (Directory traversal vulnerability in a certain ActiveX control in ...)
	NOT-FOR-US: Nessus ActiveX control
CVE-2007-4030
	RESERVED
CVE-2007-4029 (libvorbis 1.1.2, and possibly other versions before 1.2.0, allows ...)
	{DSA-1471-1}
	- libvorbis 1.2.0.dfsg-1 (medium; bug #437916)
	NOTE: svn revisions fixing this https://bugzilla.redhat.com/show_bug.cgi?id=249780
CVE-2007-4028 (Absolute path traversal vulnerability in index.php in Webspell 4.01.02 ...)
	NOT-FOR-US: WebSPELL
CVE-2007-4027 (Buffer overflow in cli32 in Areca CLI 1.72.250 and earlier might allow ...)
	NOT-FOR-US: Areca
CVE-2007-4026 (epesi framework before 0.8.6 does not properly verify file extensions, ...)
	NOT-FOR-US: epesi
CVE-2007-4025 (Unspecified vulnerability in Sun Java System (SJS) Application Server ...)
	NOT-FOR-US: Sun Java System Application Server
CVE-2007-4024 (Cross-site scripting (XSS) vulnerability in W1L3D4_aramasonuc.asp in ...)
	NOT-FOR-US: W1L3D4
CVE-2007-4023 (Cross-site scripting (XSS) vulnerability in the login CGI program in ...)
	NOT-FOR-US: Aruba Mobility Controller
CVE-2007-4022 (Cross-site scripting (XSS) vulnerability in ...)
	NOT-FOR-US: cPanel
CVE-2007-4021 (Multiple cross-site scripting (XSS) vulnerabilities in login.php in ...)
	NOT-FOR-US: Brain Book Software Secure
CVE-2007-4020 (Multiple cross-site scripting (XSS) vulnerabilities in login.php in ...)
	NOT-FOR-US: AdMan
CVE-2007-4019
	REJECTED
CVE-2007-5645
	REJECTED
CVE-2007-4018 (Citrix Access Gateway Advanced Edition before firmware 4.5.5 allows ...)
	NOT-FOR-US: Citrix
CVE-2007-4017 (Cross-site request forgery (CSRF) vulnerability in the web-based ...)
	NOT-FOR-US: Citrix
CVE-2007-4016 (Unspecified vulnerability in the client components in Citrix Access ...)
	NOT-FOR-US: Citrix
CVE-2007-4015
	REJECTED
CVE-2007-4014 (Cross-site scripting (XSS) vulnerability in a certain index.php ...)
	NOT-FOR-US: Blix themes for WordPress
CVE-2007-4013 (Multiple unspecified vulnerabilities in (1) Net6Helper.DLL (aka ...)
	NOT-FOR-US: Citrix
CVE-2007-4012 (Cisco 4100 and 4400, Airespace 4000, and Catalyst 6500 and 3750 ...)
	NOT-FOR-US: Cisco
CVE-2007-4011 (Cisco 4100 and 4400, Airespace 4000, and Catalyst 6500 and 3750 ...)
	NOT-FOR-US: Cisco
CVE-2007-4010 (The win32std extension in PHP 5.2.3 does not follow safe_mode and ...)
	- php5 <not-affected> (Windows-specific issue)
CVE-2007-4009 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: SWSoft Confixx
CVE-2007-4008 (Directory traversal vulnerability in custom.php in Entertainment Media ...)
	NOT-FOR-US: Entertainment CMS
CVE-2007-4007 (PHP remote file inclusion vulnerability in index.php in Article ...)
	NOT-FOR-US: Article Directory
CVE-2007-4006 (Buffer overflow in Mike Dubman Windows RSH daemon (rshd) 1.7 has ...)
	NOT-FOR-US: Mike Dubman Windows RSH daemon
CVE-2007-4005 (Stack-based buffer overflow in Mike Dubman Windows RSH daemon (rshd) ...)
	NOT-FOR-US: Mike Dubman Windows RSH daemon
CVE-2007-4004 (Buffer overflow in the ftp client in IBM AIX 5.3 SP6 and 5.2.0 allows ...)
	NOT-FOR-US: IBM AIX
CVE-2007-4003 (pioout in IBM AIX 5.3 SP6 allows local users to execute arbitrary code ...)
	NOT-FOR-US: IBM AIX
CVE-2007-4002
	RESERVED
CVE-2007-4001
	RESERVED
CVE-2007-4000 (The kadm5_modify_policy_internal function in ...)
	- krb5 1.6.dfsg.1-7 (high)
	[etch] - krb5 <not-affected> (Vulnerable code not present)
	[sarge] - krb5 <not-affected> (Vulnerable code not present)
CVE-2007-3999 (Stack-based buffer overflow in the svcauth_gss_validate function in ...)
	{DSA-1368-1 DSA-1367-1}
	- librpcsecgss 0.14-3
	- krb5 1.6.dfsg.1-7 (high)
	[sarge] - krb5 <not-affected> (Vulnerable code not present)
CVE-2007-3998 (The wordwrap function in PHP 4 before 4.4.8, and PHP 5 before 5.2.4, ...)
	{DSA-1578-1 DSA-1444-1 DTSA-61-1}
	- php5 5.2.4-1 (low)
	- php4 <removed> (low)
	NOTE: this applies to php4 as well
	NOTE: i think it is medium since it can be easily used to DoS on shared hosting systems
	NOTE: a diff between 5.2.3 (debian) and 5.2.4 (upstream) of ext/standard/string.c
	NOTE: so maybe this is already fixed in 5.2.3, not sure
	NOTE: fixed in php5/etch svn
	NOTE: http://cvs.php.net/viewcvs.cgi/php-src/ext/standard/string.c?r1=1.445.2.14.2.63&r2=1.445.2.14.2.64
CVE-2007-3997 (The (1) MySQL and (2) MySQLi extensions in PHP 4 before 4.4.8, and PHP ...)
	- php5 5.2.4-1 (unimportant)
	- php4 <unfixed> (unimportant)
	NOTE: only exploitable by malicious script
CVE-2007-3996 (Multiple integer overflows in libgd in PHP before 5.2.4 allow remote ...)
	{DSA-1613-1}
	- libgd2 2.0.35.dfsg-1 (bug #443456; medium)
	NOTE: Debian's PHP packages are linked dynamically against libgd
	NOTE: see http://www.php.net/releases/5_2_4.php
CVE-2007-3995
	RESERVED
CVE-2007-3994
	RESERVED
CVE-2007-3993 (Unspecified vulnerability in the attachment filter in Kerio MailServer ...)
	NOT-FOR-US: Kerio MailServer
CVE-2007-3992 (SQL injection vulnerability in vir_login.asp in iExpress Property Pro ...)
	NOT-FOR-US: iExpress Property Pro
CVE-2007-3991 (Multiple cross-site scripting (XSS) vulnerabilities in cv.asp in Asp ...)
	NOT-FOR-US: Asp cvmatik
CVE-2007-3990 (SQL injection vulnerability in default.asp in Dora Emlak 1.0, when the ...)
	NOT-FOR-US: Dora Emlak
CVE-2007-3989 (Multiple cross-site scripting (XSS) vulnerabilities in default.asp in ...)
	NOT-FOR-US: Dora Emlak
CVE-2007-3988 (Session fixation vulnerability in Virtual Hosting Control System ...)
	NOT-FOR-US: Virtual Hosting Control System
CVE-2007-3987 (SQL injection vulnerability in SearchResults.asp in ImageRacer 1.0, ...)
	NOT-FOR-US: ImageRacer
CVE-2007-3986 (file.cgi in Secure Computing SecurityReporter (aka Network Security ...)
	NOT-FOR-US: Secure Computing SecurityReporter
CVE-2007-3985 (Directory traversal vulnerability in file.cgi in Secure Computing ...)
	NOT-FOR-US: Secure Computing SecurityReporter
CVE-2007-3984 (Buffer overflow in a certain ActiveX control in the NixonMyPrograms ...)
	NOT-FOR-US: Zenturi ProgramChecker
CVE-2007-3983 (Absolute path traversal vulnerability in the Data Dynamics ...)
	NOT-FOR-US: ActiveReports
CVE-2007-3982 (Absolute path traversal vulnerability in the Data Dynamics ...)
	NOT-FOR-US: ActiveReports
CVE-2007-3981 (SQL injection vulnerability in index.php in WSN Links Basic Edition ...)
	NOT-FOR-US: WSN Links
CVE-2007-3980 (PHP remote file inclusion vulnerability in page.php in RCMS Pro ...)
	NOT-FOR-US: RCMS Pro RGameScript Pro
CVE-2007-3979 (SQL injection vulnerability in index.php in BlogSite Professional (aka ...)
	NOT-FOR-US: BlogSite Professional
CVE-2007-3978 (Session fixation vulnerability in bwired allows remote attackers to ...)
	NOT-FOR-US: bwired
CVE-2007-3977 (Cross-site scripting (XSS) vulnerability in bwired allows remote ...)
	NOT-FOR-US: bwired
CVE-2007-3976 (SQL injection vulnerability in index.php in bwired allows remote ...)
	NOT-FOR-US: bwired
CVE-2007-3975 (Cross-site scripting (XSS) vulnerability in index.php in Elite Forum ...)
	NOT-FOR-US: Elite Forum
CVE-2007-3974 (admin/ajoutaut.php in JBlog 1.0 does not require authentication, which ...)
	NOT-FOR-US: JBlog
CVE-2007-3973 (Multiple cross-site scripting (XSS) vulnerabilities in JBlog 1.0 allow ...)
	NOT-FOR-US: JBlog
CVE-2007-3972 (ESET NOD32 Antivirus before 2.2289 allows remote attackers to cause a ...)
	NOT-FOR-US: ESET NOD32 Antivirus
CVE-2007-3971 (Integer overflow in ESET NOD32 Antivirus before 2.2289 allows remote ...)
	NOT-FOR-US: ESET NOD32 Antivirus
CVE-2007-3970 (Race condition in ESET NOD32 Antivirus before 2.2289 allows remote ...)
	NOT-FOR-US: ESET NOD32 Antivirus
CVE-2007-3969 (Buffer overflow in Panda Antivirus before 20070720 allows remote ...)
	NOT-FOR-US: Panda Antivirus
CVE-2007-3968 (index.php in dirLIST before 0.1.1 allows remote attackers to list the ...)
	NOT-FOR-US: dirLIST
CVE-2007-3967 (Directory traversal vulnerability in index.php in PHP Directory Lister ...)
	NOT-FOR-US: dirLIST
CVE-2007-3966 (SQL injection vulnerability in Munch Pro allows remote attackers to ...)
	NOT-FOR-US: Munch Pro
CVE-2007-3965 (Unspecified vulnerability in uFMOD before 1.2.5 has unknown impact and ...)
	NOT-FOR-US: uFMOD
CVE-2007-3964 (Itaka before 0.2.1, when using Authentication mode, allows remote ...)
	NOT-FOR-US: Itaka
CVE-2007-3963 (Multiple cross-site scripting (XSS) vulnerabilities in UseBB 1.0.7, ...)
	NOT-FOR-US: UseBB
CVE-2007-3962 (Multiple stack-based buffer overflows in fsplib.c in fsplib before 0.9 ...)
	NOT-FOR-US: fsplib, vulnerable code not present in lib.c from fsp source package
CVE-2007-3961 (Off-by-one error in the fsp_readdir_r function in fsplib.c in fsplib ...)
	NOT-FOR-US: fsplib, vulnerable code not present in lib.c from fsp source package
CVE-2007-3960 (Multiple unspecified vulnerabilities in IBM WebSphere Application ...)
	NOT-FOR-US: IBM WebSphere
CVE-2007-3959 (The IM Server (aka IMserve or IMserver) 2.0.5.30 and probably earlier ...)
	NOT-FOR-US: Ipswitch Collaboration Suite (ICS)
CVE-2007-3958 (Microsoft Windows Explorer (explorer.exe) allows user-assisted remote ...)
	NOT-FOR-US: Microsoft
CVE-2007-3957 (Buffer overflow in Nipun Jain xserver 0.1 alpha allows remote ...)
	NOT-FOR-US: Nipun Jain xserver
CVE-2007-3956 (TeamSpeak WebServer 2.0 for Windows does not validate parameter value ...)
	- teamspeak-server 2.0.23.19-1 (bug #435707)
CVE-2007-3955 (Buffer overflow in the IEToolbar.IEContextMenu.1 ActiveX control in ...)
	NOT-FOR-US: LinkedIn Toolbar
CVE-2007-3954 (Argument injection vulnerability in Microsoft Internet Explorer, when ...)
	NOT-FOR-US: Microsoft
CVE-2007-3953 (The OLE2 parsing in Norman Antivirus before 5.91.02 allows remote ...)
	NOT-FOR-US: Norman Antivirus
CVE-2007-3952 (The OLE2 parsing in Norman Antivirus before 5.91.02 allows remote ...)
	NOT-FOR-US: Norman Antivirus
CVE-2007-3951 (Multiple buffer overflows in Norman Antivirus 5.90 allow remote ...)
	NOT-FOR-US: Norman Antivirus
CVE-2007-3950 (lighttpd 1.4.15, when run on 32 bit platforms, allows remote attackers ...)
	{DSA-1362-1}
	- lighttpd 1.4.16-1 (bug #434888)
CVE-2007-3949 (mod_access.c in lighttpd 1.4.15 ignores trailing / (slash) characters ...)
	{DSA-1362-1}
	- lighttpd 1.4.16-1 (bug #434888)
CVE-2007-3948 (connections.c in lighttpd before 1.4.16 might accept more connections ...)
	{DSA-1609-1}
	- lighttpd 1.4.16-1 (low; bug #434888)
CVE-2007-3947 (request.c in lighttpd 1.4.15 allows remote attackers to cause a denial ...)
	{DSA-1362-1}
	- lighttpd 1.4.16-1 (bug #428368)
	[etch] - libghttpd <no-dsa> (Accidentally omitted in DSA, but doesn't warrant another update itself)
CVE-2007-3946 (mod_auth (http_auth.c) in lighttpd before 1.4.16 allows remote ...)
	{DSA-1362-1}
	- lighttpd 1.4.16-1 (bug #434888)
CVE-2007-3945 (Rule Set Based Access Control (RSBAC) before 1.3.5 does not properly ...)
	NOT-FOR-US: Rule Set Based Access Control (RSBAC)
CVE-2007-3944 (Multiple heap-based buffer overflows in the Perl Compatible Regular ...)
	NOT-FOR-US: MobileSafari
CVE-2007-3943 (SQL injection vulnerability in Infinite Responder before 1.48 allows ...)
	NOT-FOR-US: Infinite Responder
CVE-2007-3942 (** DISPUTED ** ...)
	NOT-FOR-US: Simple Machines Forum
CVE-2007-3941 (Cross-site scripting (XSS) vulnerability in profile.php in Jasmine CMS ...)
	NOT-FOR-US: Jasmine CMS
CVE-2007-3940 (Cross-site scripting (XSS) vulnerability in default.asp in QuickerSite ...)
	NOT-FOR-US: QuickerSite
CVE-2007-3939 (SQL injection vulnerability in index.php in SpoonLabs Vivvo Article ...)
	NOT-FOR-US: Vivvo Article Management CMS
CVE-2007-3938 (SQL injection vulnerability in index.php in MAXdev MDPro (MD-Pro) ...)
	NOT-FOR-US: MAXdev MDPro (MD-Pro)
CVE-2007-3937 (Multiple SQL injection vulnerabilities in A-shop 0.70 and earlier ...)
	NOT-FOR-US: A-shop
CVE-2007-3936 (Directory traversal vulnerability in admin/filebrowser.asp in A-shop ...)
	NOT-FOR-US: A-shopA-shop
CVE-2007-3935 (PHP remote file inclusion vulnerability in link_main.php in the ...)
	NOT-FOR-US: SupaNav
CVE-2007-3934 (PHP remote file inclusion vulnerability in postscript/postscript.php ...)
	NOT-FOR-US: BBS E-Market
CVE-2007-3933 (SQL injection vulnerability in insertorder.cfm in QuickEStore 8.2 and ...)
	NOT-FOR-US: QuickEStore
CVE-2007-3932 (uploadimg.php in the Expose RC35 and earlier (com_expose) component ...)
	NOT-FOR-US: Expose RC35 for Joomla
CVE-2007-3931 (The wrap_setuid_third_party_application function in the installation ...)
	NOT-FOR-US: Samsung SCX-4200 Driver installation script
CVE-2007-3930 (Interpretation conflict between Microsoft Internet Explorer and ...)
	NOT-FOR-US: Microsoft
CVE-2007-3929 (Use-after-free vulnerability in the BitTorrent support in Opera before ...)
	NOT-FOR-US: Opera
CVE-2007-3928 (Buffer overflow in Yahoo! Messenger 8.1 allows user-assisted remote ...)
	NOT-FOR-US: Yahoo! Messenger
CVE-2007-3927 (Multiple buffer overflows in Ipswitch IMail Server 2006 before 2006.21 ...)
	NOT-FOR-US: Ipswitch IMail Server
CVE-2007-3926 (Ipswitch IMail Server 2006 before 2006.21 allows remote attackers to ...)
	NOT-FOR-US: Ipswitch IMail Server
CVE-2007-3925 (Multiple buffer overflows in the IMAP service (imapd32.exe) in ...)
	NOT-FOR-US: Ipswitch IMail Server
CVE-2007-3924 (Argument injection vulnerability in Microsoft Internet Explorer, when ...)
	NOT-FOR-US: Microsoft
CVE-2007-3923 (The Common Internet File System (CIFS) optimization in Cisco Wide Area ...)
	NOT-FOR-US: Cisco
CVE-2007-3922 (Unspecified vulnerability in the Java Runtime Environment (JRE) Applet ...)
	- sun-java5 1.5.0-12-2
	[etch] - sun-java5 <no-dsa> (non-free not supported)
	[etch] - sun-java5 1.5.0-14-1etch1
	- sun-java6 6-02-1
CVE-2007-3921 (gforge 3.1 and 4.5.14 allows local users to truncate arbitrary files ...)
	{DSA-1402-1}
	- gforge 4.6.99+svn6169-1
CVE-2007-3920 (GNOME screensaver 2.20 in Ubuntu 7.10, when used with Compiz, does not ...)
	{DTSA-75-1}
	[etch] - gnome-screensaver <not-affected> (Affected Compiz not present in Etch version)
	[etch] - xorg-server <not-affected> (Affected Compiz not present in Etch version)
	- gnome-screensaver 2.20.0-1.1
	- xorg-server 2:1.4.1~git20080118-1 (bug #449108; medium)
CVE-2007-3919 ((1) xenbaked and (2) xenmon.py in Xen 3.1 and earlier allow local ...)
	{DSA-1395-1}
	- xen-unstable 3.0-unstable+hg11561-1 (low; bug #464044)
	- xen-3 3.1.2-1 (low)
CVE-2007-3918 (Cross-site scripting (XSS) vulnerability in account/verify.php in ...)
	{DSA-1383-1}
	- gforge 4.6.99+svn6094-1
CVE-2007-3917 (The multiplayer engine in Wesnoth 1.2.x before 1.2.7 and 1.3.x before ...)
	{DSA-1386-1}
	- wesnoth 1.2.7-1
CVE-2007-3916 (The main function in skkdic-expr.c in SKK Tools 1.2 allows local users ...)
	- skktools 1.2+0.20061004-3 (low)
	[sarge] - skktools <no-dsa> (Minor issue)
	[etch] - skktools <no-dsa> (Minor issue)
CVE-2007-3915 [mondo insecure handling of temporary files]
	RESERVED
	- mondo 2.24-2 (low)
CVE-2007-3914
	RESERVED
CVE-2007-3913 (SQL injection vulnerability in Gforge before 3.1 allows remote ...)
	{DSA-1369-1 DTSA-57-1}
	- gforge 4.6.99+svn6086-1
CVE-2007-3912 (checkrestart in debian-goodies before 0.34 allows local users to gain ...)
	{DSA-1527-1}
	- debian-goodies 0.34 (bug #440411; medium)
CVE-2007-3911 (Multiple heap-based buffer overflows in (1) clsscheduler.exe (aka ...)
	NOT-FOR-US: BakBone NetVault Reporter
CVE-2007-3910 (Cross-site scripting (XSS) vulnerability in Bandersnatch 0.4 allows ...)
	- bandersnatch <removed> (low; bug #435709)
CVE-2007-3909 (Multiple SQL injection vulnerabilities in Bandersnatch 0.4 allow ...)
	- bandersnatch <removed> (low; bug #435709)
CVE-2007-3908 (Unspecified vulnerability in HP ServiceGuard for Linux for Red Hat ...)
	NOT-FOR-US: HP ServiceGuard
CVE-2007-3907 (Unspecified vulnerability in login.pl in LedgerSMB 1.2.0 through 1.2.6 ...)
	NOT-FOR-US: LedgerSMB
CVE-2007-3906 (Unspecified vulnerability in Kaspersky Anti-Virus for Check Point ...)
	NOT-FOR-US: Kaspersky Anti-Virus
CVE-2007-3905 (SQL injection vulnerability in Zoph before 0.7.0.1 might allow remote ...)
	{DSA-1389-2 DSA-1389-1}
	- zoph 0.7.0.2-1 (bug #435711)
CVE-2007-3904
	RESERVED
CVE-2007-3903 (Microsoft Internet Explorer 6 and 7 allows remote attackers to execute ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2007-3902 (Use-after-free vulnerability in the CRecalcProperty function in ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2007-3901 (Stack-based buffer overflow in the DirectShow Synchronized Accessible ...)
	NOT-FOR-US: Microsoft DirectX
CVE-2007-3900
	RESERVED
CVE-2007-3899 (Unspecified vulnerability in Microsoft Word 2000 SP3, Word 2002 SP3, ...)
	NOT-FOR-US: Microsoft Word
CVE-2007-3898 (The DNS server in Microsoft Windows 2000 Server SP4, and Server 2003 ...)
	NOT-FOR-US: Microsoft Windows
CVE-2007-3897 (Heap-based buffer overflow in Microsoft Outlook Express 6 and earlier, ...)
	NOT-FOR-US: Outlook Express
CVE-2007-3896 (The URL handling in Shell32.dll in the Windows shell in Microsoft ...)
	NOT-FOR-US: Windows
CVE-2007-3895 (Buffer overflow in Microsoft DirectShow in Microsoft DirectX 7.0 ...)
	NOT-FOR-US: Microsoft DirectX
CVE-2007-3894
	RESERVED
CVE-2007-3893 (Unspecified vulnerability in Microsoft Internet Explorer 5.01 through ...)
	NOT-FOR-US: Internet Explorer
CVE-2007-3892 (Microsoft Internet Explorer 5.01 through 7 allows remote attackers to ...)
	NOT-FOR-US: Internet Explorer
CVE-2007-3891 (Unspecified vulnerability in Windows Vista Weather Gadgets in Windows ...)
	NOT-FOR-US: Windows Vista
CVE-2007-3890 (Microsoft Excel in Office 2000 SP3, Office XP SP3, Office 2003 SP2, ...)
	NOT-FOR-US: Microsoft
CVE-2007-3889 (Multiple SQL injection vulnerabilities in Insanely Simple Blog 0.5 and ...)
	NOT-FOR-US: Insanely Simple Blog
CVE-2007-3888 (Multiple cross-site scripting (XSS) vulnerabilities in Insanely Simple ...)
	NOT-FOR-US: Insanely Simple Blog
CVE-2007-3887 (Multiple cross-site scripting (XSS) vulnerabilities in mesaj_formu.asp ...)
	NOT-FOR-US: ASP Ziyaretci Defteri
CVE-2007-3886 (Cross-site scripting (XSS) vulnerability in default.asp in Element CMS ...)
	NOT-FOR-US: Element CMS
CVE-2007-3885 (Cross-site scripting (XSS) vulnerability in philboard_search.asp in ...)
	NOT-FOR-US: husrevforum
CVE-2007-3884 (SQL injection vulnerability in philboard_forum.asp in husrevforum ...)
	NOT-FOR-US: husrevforum
CVE-2007-3883 (The Data Dynamics ActiveBar ActiveX control (actbar3.ocx) 3.1 and ...)
	NOT-FOR-US: Data Dynamics ActiveBar ActiveX control
CVE-2007-3882 (SQL injection vulnerability in index.php in Expert Advisor allows ...)
	NOT-FOR-US: Expert Advisor
CVE-2007-3881 (SQL injection vulnerability in index.php in Pictures Rating (Picture ...)
	NOT-FOR-US: Pictures Rating
CVE-2007-3880 (Format string vulnerability in srsexec in Sun Remote Services (SRS) ...)
	NOT-FOR-US: Net Connect
CVE-2007-3879
	RESERVED
CVE-2007-3878
	RESERVED
CVE-2007-3877
	RESERVED
CVE-2007-3876 (Stack-based buffer overflow in SMB in Apple Mac OS X 10.4.11 allows ...)
	NOT-FOR-US: SMB (Apple Mac OS X)
CVE-2007-3875 (arclib.dll before 7.3.0.9 in CA Anti-Virus (formerly eTrust Antivirus) ...)
	NOT-FOR-US: CA Anti-Virus
CVE-2007-3874 (Directory traversal vulnerability in the tftp/mftp daemon in the PXE ...)
	NOT-FOR-US: Symantec Altiris Deployment Solution
CVE-2007-3873 (Stack-based buffer overflow in vstlib32.dll 1.2.0.1012 in the SSAPI ...)
	NOT-FOR-US: SSAPI Engine
CVE-2007-3872 (Multiple stack-based buffer overflows in the Shared Trace Service ...)
	NOT-FOR-US: HP OpenView
CVE-2007-3871 (Stampit Web uses guessable id values for online stamp purchases, which ...)
	NOT-FOR-US: Stampit
CVE-2006-7221 (Multiple off-by-one errors in fsplib.c in fsplib before 0.8 allow ...)
	- gftp 2.0.18-17 (unimportant; bug #437710)
CVE-2007-XXXX [dokuwiki XSS in spellchecker]
	- dokuwiki 0.0.20070626b-1 (unimportant; bug #434134)
	NOTE: IE browser bug are not treated as security issues in packages applications
CVE-2007-3870 (Multiple unspecified vulnerabilities in the Human Capital Management ...)
	NOT-FOR-US: Oracle
CVE-2007-3869 (Multiple unspecified vulnerabilities in the Customer Relationship ...)
	NOT-FOR-US: Oracle
CVE-2007-3868 (Multiple unspecified vulnerabilities in PeopleTools in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2007-3867 (Multiple unspecified vulnerabilities in Oracle E-Business Suite ...)
	NOT-FOR-US: Oracle
CVE-2007-3866 (Multiple unspecified vulnerabilities in Oracle E-Business Suite ...)
	NOT-FOR-US: Oracle
CVE-2007-3865 (Unspecified vulnerability in the Oracle Customer Intelligence ...)
	NOT-FOR-US: Oracle
CVE-2007-3864 (Multiple unspecified vulnerabilities in Oracle Collaboration Suite ...)
	NOT-FOR-US: Oracle
CVE-2007-3863 (Unspecified vulnerability in Oracle JDeveloper for Application Server ...)
	NOT-FOR-US: Oracle
CVE-2007-3862 (Unspecified vulnerability in Oracle Application Server 9.0.4.3 and ...)
	NOT-FOR-US: Oracle
CVE-2007-3861 (Unspecified vulnerability in Oracle Jdeveloper in Oracle Application ...)
	NOT-FOR-US: Oracle
CVE-2007-3860 (Unspecified vulnerability in Oracle Application Express (formerly ...)
	NOT-FOR-US: Oracle
CVE-2007-3859 (Unspecified vulnerability in the Oracle Internet Directory component ...)
	NOT-FOR-US: Oracle
CVE-2007-3858 (Multiple unspecified vulnerabilities in Oracle Database 10.2.0.3 allow ...)
	NOT-FOR-US: Oracle
CVE-2007-3857 (Multiple unspecified vulnerabilities in Oracle Database 10.1.0.5 allow ...)
	NOT-FOR-US: Oracle
CVE-2007-3856 (Unspecified vulnerability in the Oracle Data Mining component for ...)
	NOT-FOR-US: Oracle
CVE-2007-3855 (Multiple unspecified vulnerabilities in Oracle Database 9.0.1.5+, ...)
	NOT-FOR-US: Oracle
CVE-2007-3854 (Multiple unspecified vulnerabilities in Oracle Database 9.0.1.5+, ...)
	NOT-FOR-US: Oracle
CVE-2007-3853 (Multiple unspecified vulnerabilities in Oracle Database 10.1.0.5 and ...)
	NOT-FOR-US: Oracle
CVE-2007-3852 (The init script (sysstat.in) in sysstat 5.1.2 up to 7.1.6 creates ...)
	- sysstat <not-affected> (We have our own init script not prone to this vulnerability)
CVE-2007-3851 (The drm/i915 component in the Linux kernel before 2.6.22.2, when used ...)
	{DSA-1356-1}
	- linux-2.6 2.6.22-4
CVE-2007-3850 (The eHCA driver in Linux kernel 2.6 before 2.6.22, when running on ...)
	- linux-2.6 <not-affected> (Debian's kernel doesn't enable CONFIG_PPC_64K_PAGES)
CVE-2007-3849 (Red Hat Enterprise Linux (RHEL) 5 ships the rpm for the Advanced ...)
	NOT-FOR-US: RedHat Advanced Intrusion Detection Environment
CVE-2007-3848 (Linux kernel 2.4.35 and other versions allows local users to send ...)
	{DSA-1503-2 DSA-1504-1 DSA-1503-1 DSA-1356-1}
	- linux-2.6 2.6.22-4
CVE-2007-3847 (The date handling code in modules/proxy/proxy_util.c (mod_proxy) in ...)
	- apache2 2.2.6-1 (bug #441845; low)
	[etch] - apache2 2.2.3-4+etch3 (bug #441845; low)
	- apache <removed> (unimportant)
	NOTE: Apache 1.3 is non-threaded, therefore unimportant
CVE-2007-3846 (Directory traversal vulnerability in Subversion before 1.4.5, as used ...)
	NOT-FOR-US: TortoiseSVN on Windows
CVE-2007-3845 (Mozilla Firefox before 2.0.0.6, Thunderbird before 1.5.0.13 and 2.x ...)
	{DSA-1391-1 DSA-1346-1 DSA-1345-1 DSA-1344-1 DTSA-51-1 DTSA-52-1 DTSA-53-1 DTSA-71-1}
	- iceweasel 2.0.0.6-1 (medium)
	- xulrunner 1.8.1.6-1 (medium)
	- iceape 1.1.3-2 (medium)
	- icedove 2.0.0.6-1 (medium)
	NOTE: MFSA2007-27
CVE-2007-3844 (Mozilla Firefox 2.0.0.5, Thunderbird 2.0.0.5 and before 1.5.0.13, and ...)
	{DSA-1391-1 DSA-1346-1 DSA-1345-1 DSA-1344-1 DTSA-51-1 DTSA-52-1 DTSA-53-1 DTSA-71-1}
	- iceweasel 2.0.0.6-1 (medium)
	- xulrunner 1.8.1.6-1 (medium)
	- iceape 1.1.3-2 (medium)
	- icedove 2.0.0.6-1 (medium)
	NOTE: MFSA2007-26
CVE-2007-3843 (The Linux kernel before 2.6.23-rc1 checks the wrong global variable ...)
	{DSA-1363-1}
	- linux-2.6 2.6.23-1 (bug #446073)
CVE-2007-3842 (Cross-site scripting (XSS) vulnerability in the 8e6 R3000 Enterprise ...)
	NOT-FOR-US: 8e6 R3000 Enterprise Filter
CVE-2007-3841 (Unspecified vulnerability in Pidgin (formerly Gaim) 2.0.2 for Linux ...)
	NOTE: this information is based upon a vague advisory by a vulnerability
	NOTE: information sales organization that does not coordinate with vendors or
	NOTE: release actionable advisories. So maybe it is not fixed _but_ since it is
	NOTE: not disclosed it would be hard to fix and track it.
CVE-2007-3840 (SQL injection vulnerability in referralUrl.php in Traffic Stats allows ...)
	NOT-FOR-US: Traffic Stats
CVE-2007-3839 (Cross-site scripting (XSS) vulnerability in takeprofedit.php in ...)
	NOT-FOR-US: TBDev.NET
CVE-2007-3838 (Cross-site scripting (XSS) vulnerability in takeprofedit.php in ...)
	NOT-FOR-US: TBDev.NET
CVE-2007-3837 (Heap-based buffer overflow in HydraIRC 0.3.151 allows remote IRC ...)
	NOT-FOR-US: HydraIRC
CVE-2007-3836 (Format string vulnerability in HydraIRC 0.3.151 allows remote ...)
	NOT-FOR-US: HydraIRC
CVE-2007-3835 (Cross-site scripting (XSS) vulnerability in Ex Libris MetaLib 3.13 and ...)
	NOT-FOR-US: Ex Libris MetaLib
CVE-2007-3834 (Multiple cross-site scripting (XSS) vulnerabilities in Ex Libris ALEPH ...)
	NOT-FOR-US: Ex Libris ALEPH
CVE-2007-3833 (The AOL Instant Messenger (AIM) protocol handler in Cerulean Studios ...)
	NOT-FOR-US: Trillian
CVE-2007-3832 (Buffer overflow in the AOL Instant Messenger (AIM) protocol handler in ...)
	NOT-FOR-US: Trillian
CVE-2007-3831 (PHP remote file inclusion in main.php in ISS Proventia Network IPS ...)
	NOT-FOR-US: ISS Proventia Network IPS
CVE-2007-3830 (Cross-site scripting (XSS) vulnerability in alert.php in ISS Proventia ...)
	NOT-FOR-US: ISS Proventia Network IPS
CVE-2007-3829 (Multiple stack-based buffer overflows in (a) InterActual Player ...)
	NOT-FOR-US: InterActual Player
CVE-2007-3828 (Unspecified vulnerability in mDNSResponder in Apple Mac OS X allows ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2007-3827 (Mozilla Firefox allows for cookies to be set with a null domain (aka ...)
	[sarge] - mozilla-firefox <no-dsa> (Mozilla products in Sarge no longer supported)
	- mozilla-firefox <removed>
	- iceweasel <unfixed> (low)
	- iceape <unfixed> (low)
	- xulrunner <unfixed> (low)
	NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=388097
CVE-2007-3826 (Microsoft Internet Explorer 7 on Windows XP SP2 allows remote ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2007-3825 (Multiple stack-based buffer overflows in the RPC implementation in ...)
	NOT-FOR-US: CA Alert Notification Server
CVE-2007-3824 (SQL injection vulnerability in katgoster.asp in MzK Blog (tr) allows ...)
	NOT-FOR-US: MzK Blog
CVE-2007-3823 (The Logging Server (Logsrv.exe) in IPSwitch WS_FTP 7.5.29.0 allows ...)
	NOT-FOR-US: IPSwitch WS_FTP
CVE-2007-3822 (Multiple cross-site scripting (XSS) vulnerabilities in Webcit before ...)
	NOT-FOR-US: Webcit
CVE-2007-3821 (Cross-site request forgery (CSRF) vulnerability in Webcit before 7.11 ...)
	NOT-FOR-US: Webcit
CVE-2007-3819 (Opera 9.21 allows remote attackers to spoof the data: URI scheme in ...)
	NOT-FOR-US: Opera
CVE-2007-3818 (Cross-site scripting (XSS) vulnerability in the LoginToboggan module ...)
	NOT-FOR-US: LoginToboggan
CVE-2007-3817 (Cross-site scripting (XSS) vulnerability in the LoginToboggan module ...)
	NOT-FOR-US: LoginToboggan
CVE-2007-3816 (** DISPUTED ** ...)
	NOT-FOR-US: JWIG
CVE-2007-3815 (Buffer overflow in pirs32.exe in Poslovni informator Republike ...)
	NOT-FOR-US: Poslovni informator Republike Slovenije
CVE-2007-3814 (Multiple SQL injection vulnerabilities in MKPortal 1.1.1 allow remote ...)
	NOT-FOR-US: MKPortal
CVE-2007-3813 (PHP remote file inclusion vulnerability in include/user.php in the ...)
	NOT-FOR-US: NoBoard BETA module for MKPortal
CVE-2007-3812 (SQL injection vulnerability in forums.php in CMScout 1.23 and earlier ...)
	NOT-FOR-US: CMScout
CVE-2007-3811 (Multiple SQL injection vulnerabilities in eSyndiCat allow remote ...)
	NOT-FOR-US: eSyndiCat
CVE-2007-3810 (SQL injection vulnerability in index.php in Realtor 747 allows remote ...)
	NOT-FOR-US: Realtor 747
CVE-2007-3809 (Multiple SQL injection vulnerabilities in Prozilla Directory Script ...)
	NOT-FOR-US: Prozilla Directory Script
CVE-2007-3808 (SQL injection vulnerability in includes/search.php in paFileDB 3.6 ...)
	NOT-FOR-US: paFileDB
CVE-2007-3807 (Multiple cross-site scripting (XSS) vulnerabilities in SiteScape Forum ...)
	NOT-FOR-US: SiteScape Forum
CVE-2007-3806 (The glob function in PHP 5.2.3 allows context-dependent attackers to ...)
	{DSA-1578-1 DSA-1572-1 DTSA-61-1}
	- php5 5.2.4-1 (medium; bug #441433)
	- php4 <removed>
	[etch] - php5 <no-dsa> (requires malicious script)
	[etch] - php4 <no-dsa> (requires malicious script)
	[sarge] - php4 <no-dsa> (requires malicious script)
CVE-2007-3805 (The IKE implementation in Clavister CorePlus before 8.80.03, and ...)
	NOT-FOR-US: Clavister CorePlus
CVE-2007-3804 (The AntiVirus engine in the HTTP-ALG in Clavister CorePlus before ...)
	NOT-FOR-US: Clavister CorePlus
CVE-2007-3803 (The SMTP ALG in Clavister CorePlus before 8.80.04, and 8.81.00, does ...)
	NOT-FOR-US: Clavister CorePlus
CVE-2007-3802
	REJECTED
CVE-2007-3801
	REJECTED
CVE-2007-3800 (Unspecified vulnerability in the Real-time scanner (RTVScan) component ...)
	NOT-FOR-US: Symantec
CVE-2007-3799 (The session_start function in ext/session in PHP 4.x up to 4.4.7 and ...)
	{DSA-1578-1 DSA-1444-1 DTSA-61-1}
	NOTE: this does not affect default installs, only those who have written
	NOTE: custom session handlers (which isn't *that* uncommon though), and
	NOTE: also may not work if other cookie values are set.
	NOTE: fix sneaked into php 5.2.3 sans-mention:
	NOTE: http://cvs.php.net/viewvc.cgi/php-src/ext/session/session.c?r1=1.417.2.8.2.36&r2=1.417.2.8.2.37&pathrev=PHP_5_2
	NOTE: fixed in php4/etch, php5/etch, php4/sarge svn
	- php4 <unfixed> (low)
	- php5 5.2.4-1 (low; bug #441433)
CVE-2007-3798 (Integer overflow in print-bgp.c in the BGP dissector in tcpdump 3.9.6 ...)
	{DSA-1353-1}
	- tcpdump 3.9.5-3 (bug #434030)
CVE-2007-3797
	RESERVED
CVE-2007-3796 (The password reset feature in the Spam Quarantine HTTP interface for ...)
	NOT-FOR-US: Spam Quarantine HTTP interface for MailMarshal SMTP
CVE-2007-3795 (Unspecified vulnerability in Hitachi TP1/Server Base before 03-05-/P, ...)
	NOT-FOR-US: Hitachi
CVE-2007-3794 (Buffer overflow in Hitachi Cosminexus V4 through V7, Processing Kit ...)
	NOT-FOR-US: Hitachi
CVE-2007-3793 (SQL injection vulnerability in Job Management Partner 1/NETM/DM ...)
	NOT-FOR-US: Job Management Partner
CVE-2007-3792 (Multiple PHP remote file inclusion vulnerabilities in AzDG Dating Gold ...)
	NOT-FOR-US: AzDG Dating Gold
CVE-2007-3791 (Buffer overflow in the w_read function in sockets.c in Cami Sardinha ...)
	{DSA-1361-1}
	- postfix-policyd 1.80-2.2 (bug #435735)
CVE-2007-3790 (The com_print_typeinfo function in the bz2 extension in PHP 5.2.3 ...)
	- php5 <not-affected> (com_print_typeinfo is a windows only func)
	- php4 <not-affected> (com_print_typeinfo is a windows only func)
CVE-2007-3789 (SQL injection vulnerability in admin/index.php in Inmostore 4.0 allows ...)
	NOT-FOR-US: Inmostore
CVE-2007-3788 (The eSoft InstaGate EX2 UTM device stores the admin password within ...)
	NOT-FOR-US: eSoft InstaGate
CVE-2007-3787 (The eSoft InstaGate EX2 UTM device does not require entry of the old ...)
	NOT-FOR-US: eSoft InstaGate
CVE-2007-3786 (** DISPUTED ** ...)
	NOT-FOR-US: eSoft InstaGate
CVE-2007-3785 (Absolute path traversal vulnerability in a certain ActiveX control in ...)
	NOT-FOR-US: EldoS SecureBlackbox
CVE-2007-3784 (Cross-site scripting (XSS) vulnerability in the Belkin G Plus Router ...)
	NOT-FOR-US: Belkin
CVE-2007-3783 (SQL injection vulnerability in default.asp in enVivo!CMS allows remote ...)
	NOT-FOR-US: enVivo!CMS
CVE-2007-3782 (MySQL Community Server before 5.0.45 allows remote authenticated users ...)
	{DSA-1413-1}
	- mysql-dfsg-5.0 5.0.42
	[sarge] - mysql-dfsg <not-affected> (Vulnerable functionality was introduced in 5.0)
	[sarge] - mysql-dfsg-4.1 <not-affected> (Vulnerable functionality was introduced in 5.0)
CVE-2007-3781 (MySQL Community Server before 5.0.45 does not require privileges such ...)
	{DSA-1451-1}
	- mysql-dfsg-5.0 5.0.45-1
	[etch] - mysql-dfsg-5.0 <no-dsa> (Minor issue, too intrusive to backport)
	[sarge] - mysql-dfsg <no-dsa> (Minor issue, too intrusive to backport)
	[sarge] - mysql-dfsg-4.1 <no-dsa> (Minor issue, too intrusive to backport)
CVE-2007-3780 (MySQL Community Server before 5.0.45 allows remote attackers to cause ...)
	{DSA-1413-1}
	- mysql-dfsg-5.0 5.0.44
	[sarge] - mysql-dfsg <not-affected> (Introduced with SSL support in 4.1)
CVE-2007-3779 (PHP local file inclusion vulnerability in gpg_pop_init.php in the ...)
	NOT-FOR-US: G/PGP (GPG) Plugin for Squirrelmail
CVE-2007-3778 (The G/PGP (GPG) Plugin 2.0, and 2.1dev before 20060912, for ...)
	NOT-FOR-US: G/PGP (GPG) Plugin for Squirrelmail
CVE-2007-3777 (avg7core.sys 7.5.0.444 in Grisoft AVG Anti-Virus 7.5.448 and Free ...)
	NOT-FOR-US: Grisoft AVG Anti-Virus
CVE-2007-3776 (Cisco Unified Communications Manager (CUCM, formerly CallManager) and ...)
	NOT-FOR-US: Cisco
CVE-2007-3775 (Unspecified vulnerability in Cisco Unified Communications Manager ...)
	NOT-FOR-US: Cisco
CVE-2007-3774 (Dvbbs 7.1.0 SP1 stores sensitive information under the web root with ...)
	NOT-FOR-US: Dvbbs
CVE-2007-3773 (Cross-site request forgery (CSRF) vulnerability in the Email-Template ...)
	NOT-FOR-US: Generic YouTube Clone Script
CVE-2007-3772 (Directory traversal vulnerability in news/show.php in PsNews 1.1 ...)
	NOT-FOR-US: PsNews
CVE-2007-3771 (Stack-based buffer overflow in the Internet E-mail Auto-Protect ...)
	NOT-FOR-US: Symantec Antivirus
CVE-2007-3770 (The terminal_helper_execute function in terminal/terminal.c in Xfce ...)
	{DSA-1393-1}
	- xfce4-terminal 0.2.6-3 (bug #437454)
CVE-2007-3769 (Cross-site scripting (XSS) vulnerability in the mirrored server ...)
	NOT-FOR-US: SurgeFTP
CVE-2007-3768 (The mirror mechanism in SurgeFTP 2.3a1 allows user-assisted, remote ...)
	NOT-FOR-US: SurgeFTP
CVE-2007-3767
	RESERVED
CVE-2007-3766
	RESERVED
CVE-2007-3765 (The STUN implementation in Asterisk 1.4.x before 1.4.8, AsteriskNOW ...)
	- asterisk 1:1.4.8~dfsg-1 (bug #433681)
	[sarge] - asterisk <not-affected> (1.0.x not affected)
	[etch] - asterisk <not-affected> (1.2.x not affected)
	NOTE: http://ftp.digium.com/pub/asa/ASA-2007-017.html
CVE-2007-3764 (The Skinny channel driver (chan_skinny) in Asterisk before 1.2.22 and ...)
	{DSA-1358-1}
	- asterisk 1:1.4.8~dfsg-1
	NOTE: Etch and Sarge affected
	NOTE: http://ftp.digium.com/pub/asa/ASA-2007-016.html
CVE-2007-3763 (The IAX2 channel driver (chan_iax2) in Asterisk before 1.2.22 and ...)
	{DSA-1358-1}
	- asterisk 1:1.4.8~dfsg-1
	NOTE: Etch and Sarge affected
	NOTE: http://ftp.digium.com/pub/asa/ASA-2007-015.html
CVE-2007-3762 (Stack-based buffer overflow in the IAX2 channel driver (chan_iax2) in ...)
	{DSA-1358-1}
	- asterisk 1:1.4.8~dfsg-1 (high)
	NOTE: Etch and Sarge affected
	NOTE: http://ftp.digium.com/pub/asa/ASA-2007-014.html
CVE-2007-3820 (konqueror/konq_combo.cc in Konqueror 3.5.7 allows remote attackers to ...)
	- kdebase 4:3.5.7-3 (bug #433072; low)
	[sarge] - kdebase <no-dsa> (Minor issue)
	[etch] - kdebase <no-dsa> (Minor issue)
	NOTE: http://marc.info/?l=full-disclosure&m=118437069815691&w=2
CVE-2007-3761 (Cross-site scripting (XSS) vulnerability in Safari in Apple iPhone ...)
	NOT-FOR-US: Safari
CVE-2007-3760 (Cross-site scripting (XSS) vulnerability in Safari in Apple iPhone ...)
	NOT-FOR-US: Safari
CVE-2007-3759 (Safari in Apple iPhone 1.1.1, when requested to disable Javascript, ...)
	NOT-FOR-US: Safari
CVE-2007-3758 (Safari in Apple iPhone 1.1.1, and Safari 3 before Beta Update 3.0.4 on ...)
	NOT-FOR-US: Safari
CVE-2007-3757 (Safari in Apple iPhone 1.1.1 allows remote user-assisted attackers to ...)
	NOT-FOR-US: Safari
CVE-2007-3756 (Safari in Apple iPhone 1.1.1, and Safari 3 before Beta Update 3.0.4 on ...)
	NOT-FOR-US: Safari
CVE-2007-3755 (Mail in Apple iPhone 1.1.1 allows remote user-assisted attackers to ...)
	NOT-FOR-US: Aplle iPhone
CVE-2007-3754 (Mail in Apple iPhone 1.1.1, when using SSL, does not warn the user ...)
	NOT-FOR-US: Aplle iPhone
CVE-2007-3753 (Apple iPhone 1.1.1, with Bluetooth enabled, allows physically ...)
	NOT-FOR-US: Aplle iPhone
CVE-2007-3752 (Heap-based buffer overflow in Apple iTunes before 7.4 allows remote ...)
	NOT-FOR-US: iTunes
CVE-2007-3751 (Unspecified vulnerability in QuickTime for Java in Apple QuickTime ...)
	NOT-FOR-US: Apple QuickTime
CVE-2007-3750 (Heap-based buffer overflow in Apple QuickTime before 7.3 allows remote ...)
	NOT-FOR-US: Apple QuickTime
CVE-2007-3749 (The kernel in Apple Mac OS X 10.4 through 10.4.10 does not reset the ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2007-3748 (Buffer overflow in the UPnP IGD (Internet Gateway Device Standardized ...)
	NOT-FOR-US: iChat on Apple Mac OS X
CVE-2007-3747 (The Java interface to CoreAudio on Apple Mac OS X 10.3.9 and 10.4.10 ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2007-3746 (The Java interface to CoreAudio on Apple Mac OS X 10.3.9 and 10.4.10 ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2007-3745 (The Java interface to CoreAudio on Apple Mac OS X 10.3.9 and 10.4.10 ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2007-3744 (Heap-based buffer overflow in the UPnP IGD (Internet Gateway Device ...)
	NOT-FOR-US: Apple Mac OSX
CVE-2007-3743 (Stack-based buffer overflow in bookmark handling in Apple Safari 3 ...)
	NOT-FOR-US: Apple Safari
CVE-2007-3742 (WebKit in Apple Safari 3 Beta before Update 3.0.3, and iPhone before ...)
	NOT-FOR-US: Apple Safari
CVE-2007-3741 (The (1) psp (aka .tub), (2) bmp, (3) pcx, and (4) psd plugins in gimp ...)
	- gimp 2.2.17-1 (unimportant)
	NOTE: Only DoS by memleaks or double-frees, not treated as security problems
CVE-2007-3740 (The CIFS filesystem in the Linux kernel before 2.6.22, when Unix ...)
	{DSA-1504-1 DSA-1378-2 DSA-1378-1}
	- linux-2.6 2.6.22
CVE-2007-3739 (mm/mmap.c in the hugetlb kernel, when run on PowerPC systems, does not ...)
	{DSA-1504-1 DSA-1378-2 DSA-1378-1}
	- linux-2.6 2.6.20-1
CVE-2007-3738 (Multiple unspecified vulnerabilities in Mozilla Firefox before 2.0.0.5 ...)
	{DSA-1534-2 DSA-1339-1 DSA-1338-1 DSA-1337-1 DTSA-45-1 DTSA-47-1 DTSA-51-1}
	- iceape 1.1.3-1 (medium)
	- xulrunner 1.8.1.5-1 (medium)
	- iceweasel 2.0.0.5-1 (medium)
	NOTE: MFSA2007-25
CVE-2007-3737 (Mozilla Firefox before 2.0.0.5 allows remote attackers to execute ...)
	{DSA-1339-1 DSA-1338-1 DSA-1337-1 DTSA-45-1 DTSA-47-1 DTSA-51-1}
	- iceape 1.1.3-1 (high)
	- xulrunner 1.8.1.5-1 (high)
	- iceweasel 2.0.0.5-1 (high)
	NOTE: MFSA2007-21
CVE-2007-3736 (Cross-site scripting (XSS) vulnerability in Mozilla Firefox before ...)
	{DSA-1339-1 DSA-1338-1 DSA-1337-1 DTSA-45-1 DTSA-47-1 DTSA-51-1}
	- iceweasel 2.0.0.5-1 (high)
	- iceape 1.1.3-1 (high)
	- xulrunner 1.8.1.5-1 (high)
	NOTE: MFSA2007-19
CVE-2007-3735 (Multiple unspecified vulnerabilities in the JavaScript engine in ...)
	{DSA-1391-1 DSA-1339-1 DSA-1338-1 DSA-1337-1 DTSA-45-1 DTSA-47-1 DTSA-51-1 DTSA-71-1}
	- iceweasel 2.0.0.5-1 (high)
	- icedove 2.0.0.6-1 (low)
	NOTE: Affects only broken setups, enabling js in Icedove is strongly not recommended
	- iceape 1.1.3-1 (high)
	- xulrunner 1.8.1.5-1 (high)
	NOTE: MFSA2007-18
CVE-2007-3734 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...)
	{DSA-1391-1 DSA-1339-1 DSA-1338-1 DSA-1337-1 DTSA-45-1 DTSA-47-1 DTSA-51-1 DTSA-71-1}
	- iceweasel 2.0.0.5-1 (high)
	- icedove 2.0.0.6-1 (high; bug #444010)
	- iceape 1.1.3-1 (high)
	- xulrunner 1.8.1.5-1 (high)
	NOTE: MFSA2007-18
CVE-2007-3733
	RESERVED
CVE-2007-3732
	RESERVED
CVE-2007-3731 (The Linux kernel 2.6.20 and 2.6.21 does not properly handle an invalid ...)
	{DSA-1378-2 DSA-1378-1}
	- linux-2.6 2.6.23-1
CVE-2007-3730 (The default configuration of the POP server in TCP/IP Services 5.6 for ...)
	NOT-FOR-US: HP OpenVMS
CVE-2007-3729 (The default configuration of the POP server in TCP/IP Services 5.6 for ...)
	NOT-FOR-US: HP OpenVMS
CVE-2007-3728 (Buffer overflow in lib/silcclient/client_notify.c of SILC Client and ...)
	- silc-toolkit 1.1.2-1
	[etch] - silc-toolkit <not-affected> (Only the 1.1.x branch is affected)
	NOTE: http://silcnet.org/docs/changelog/SILC Toolkit 1.1.2
CVE-2007-3727 (Multiple unspecified vulnerabilities in Webmatic before 2.7 have ...)
	NOT-FOR-US: WebMatic
CVE-2007-3726 (Integer signedness error in the SET_VALUE function in rarvm.cpp in ...)
	- unrar-nonfree 3.7.3-1.1 (low; bug #437703)
	[etch] - unrar-nonfree <no-dsa> (Non-free not supported)
	[sarge] - unrar-nonfree <no-dsa> (Non-free not supported)
	- rar 3.7b1-1 (low; bug #437704)
	[etch] - rar <not-affected> (Vulnerable code was fixed already)
	[sarge] - rar <no-dsa> (Non-free not supported)
CVE-2007-3725 (The RAR VM (unrarvm.c) in Clam Antivirus (ClamAV) before 0.91 allows ...)
	{DSA-1340-1 DTSA-43-1}
	- clamav 0.91-1
	[sarge] - clamav <not-affected> (Vulnerable code was introduced in 0.9x)
CVE-2007-3724 (The process scheduler in the Microsoft Windows XP kernel does not make ...)
	NOT-FOR-US: Microsoft Windows XP
CVE-2007-3723 (The process scheduler in the Sun Solaris kernel does not make use of ...)
	NOT-FOR-US: Solaris
CVE-2007-3722 (The 4BSD process scheduler in the FreeBSD kernel performs scheduling ...)
	- kfreebsd-5 <unfixed> (low)
	[etch] - kfreebsd-5 <no-dsa> (kfreebsd not supported)
CVE-2007-3721 (The ULE process scheduler in the FreeBSD kernel gives preference to ...)
	- kfreebsd-5 <unfixed> (low)
	[etch] - kfreebsd-5 <no-dsa> (kfreebsd not supported)
CVE-2007-3720 (The process scheduler in the Linux kernel 2.4 performs scheduling ...)
	- linux-2.6 <not-affected> (There's a separate ID for 2.6, see CVE-2007-3719)
CVE-2007-3719 (The process scheduler in the Linux kernel 2.6.16 gives preference to ...)
	- linux-2.6 <unfixed> (unimportant)
	NOTE: This is the existing default behaviour of the scheduler, can be tuned
	NOTE: to suit individual needs
CVE-2007-3718 (Multiple unspecified vulnerabilities in the SVG parsing engine in ...)
	NOT-FOR-US: Apple Safari
CVE-2007-3717 (rcp on Sun Solaris 8, 9, and 10 before 20070710 does not properly call ...)
	NOT-FOR-US: Sun Solaris
CVE-2007-3716 (The Java XML Digital Signature implementation in Sun JDK and JRE 6 ...)
	- sun-java6 6-02-1 (medium)
CVE-2007-3715 (Sun Java System Application Server and Web Server 7.0 through 9.0 ...)
	NOT-FOR-US: Sun Java System Application Server and Web Server
CVE-2007-3714 (Directory traversal vulnerability in Ada Image Server (ImgSvr) 0.6.5 ...)
	NOT-FOR-US: Ada Image Server
CVE-2007-3713 (Multiple buffer overflows in Konst CenterICQ 4.9.11 through 4.21 allow ...)
	{DSA-1433-1 DTSA-55-1}
	- centericq 4.22.1-2.1 (bug #438511; medium)
	- centerim 4.22.1-2.1 (medium)
CVE-2007-3712 (Multiple cross-site scripting (XSS) vulnerabilities in HiddenChest &quot;is ...)
	NOT-FOR-US: HiddenChest
CVE-2007-3711 (Unspecified vulnerability in TOS 2.1.x, 2.2.x before 2.2.5, and 2.5.x ...)
	NOT-FOR-US: TippingPoint IPS
CVE-2007-3710 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: PHP Comet-Server
CVE-2007-3709 (CRLF injection vulnerability in the redirect function in ...)
	NOT-FOR-US: CodeIgniter
CVE-2007-3708 (Cross-site scripting (XSS) vulnerability in CodeIgniter 1.5.3 before ...)
	NOT-FOR-US: CodeIgniter
CVE-2007-3707 (Directory traversal vulnerability in index.php in CodeIgniter 1.5.3 ...)
	NOT-FOR-US: CodeIgniter
CVE-2007-3706 (The _sanitize_globals function in CodeIgniter 1.5.3 before 20070628 ...)
	NOT-FOR-US: CodeIgniter
CVE-2007-3705 (SQL injection vulnerability in FuseTalk 2.0 allows remote attackers to ...)
	NOT-FOR-US: FuseTalk
CVE-2007-3704 (Entertainment CMS allows remote attackers to bypass authentication and ...)
	NOT-FOR-US: Entertainment CMS
CVE-2007-3703 (Stack-based buffer overflow in a certain ActiveX control in sasatl.dll ...)
	NOT-FOR-US: Zenturi ProgramChecker
CVE-2007-3702 (Directory traversal vulnerability in the load function in ...)
	NOT-FOR-US: Mail Machine
CVE-2007-3701 (TippingPoint IPS before 20070710 does not properly handle a ...)
	NOT-FOR-US: TippingPoint IPS
CVE-2007-3700 (Sun Java System Access Manager (formerly Java System Identity Server) ...)
	NOT-FOR-US: Sun Java System Access Manager
CVE-2007-3699 (The Decomposer component in multiple Symantec products allows remote ...)
	NOT-FOR-US: Symantec
CVE-2007-3698 (The Java Secure Socket Extension (JSSE) in Sun JDK and JRE 6 Update 1 ...)
	- sun-java5 1.5.0-12-1
	- sun-java6 6-02-1
	[etch] - sun-java5 <no-dsa> (non-free not supported)
	[etch] - sun-java5 1.5.0-14-1etch1
CVE-2007-3697 (PHP remote file inclusion vulnerability in phpbb/sendmsg.php in ...)
	NOT-FOR-US: FlashBB
CVE-2007-3696 (CA ERwin Data Model Validator (formerly AllFusion Data Model ...)
	NOT-FOR-US: CA ERwin Data Model Validator
CVE-2007-3695 (Buffer overflow in LICRCMD.EXE in CA ERwin Process Modeler (formerly ...)
	NOT-FOR-US: CA ERwin
CVE-2007-3694 (Cross-site scripting (XSS) vulnerability in login.php in Miro Project ...)
	NOT-FOR-US: Broadcast Machine
CVE-2007-3693 (Cross-site scripting (XSS) vulnerability in Gobi as of 20070711, built ...)
	NOT-FOR-US: gobi
CVE-2007-3692 (Directory traversal vulnerability in download.cgi in EZFactory KDDI ...)
	NOT-FOR-US: EZFactory KDDI Download CGI
CVE-2007-3691 (Multiple SQL injection vulnerabilities in changePW.php in AV Tutorial ...)
	NOT-FOR-US: AV Tutorial
CVE-2007-3690 (The Forward module before 4.7-1.1 and 5.x before 5.x-1.0 for Drupal ...)
	NOT-FOR-US: Forward module for Drupal
CVE-2007-3689 (The Print module before 4.7-1.0 and 5.x before 5.x-1.2 for Drupal ...)
	NOT-FOR-US: Print module for Drupal
CVE-2007-3688 (Multiple cross-site request forgery (CSRF) vulnerabilities in DotClear ...)
	NOT-FOR-US: DotClear
CVE-2007-3687 (SQL injection vulnerability in inferno.php in the Inferno Technologies ...)
	NOT-FOR-US: Inferno Technologies
CVE-2007-3686 (CRLF injection vulnerability in db.php in Unobtrusive Ajax Star Rating ...)
	NOT-FOR-US: Unobtrusive Ajax Star Rating Bar
CVE-2007-3685 (Cross-site scripting (XSS) vulnerability in rpc.php in Unobtrusive ...)
	NOT-FOR-US: Unobtrusive Ajax Star Rating Bar
CVE-2007-3684 (Multiple SQL injection vulnerabilities in Unobtrusive Ajax Star Rating ...)
	NOT-FOR-US: Unobtrusive Ajax Star Rating Bar
CVE-2007-3683 (SQL injection vulnerability in pagetopic.php in Aigaion 1.3.3 and ...)
	NOT-FOR-US: Aigaion
CVE-2007-3682 (SQL injection vulnerability in index.php in OpenLD 1.2.2 and earlier ...)
	NOT-FOR-US: OpenLD
CVE-2007-3681 (The IOCTL 9031 (BIOCGSTATS) handler in the NPF.SYS device driver in ...)
	NOT-FOR-US: WinPcap
CVE-2007-3680 (Stack-based buffer overflow in the odm_searchpath function in libodm ...)
	NOT-FOR-US: IBM AIX
CVE-2007-3679 (The Citrix EPA ActiveX control (aka the &quot;endpoint checking control&quot; or ...)
	NOT-FOR-US: Citrix
CVE-2007-3678 (Stack-based buffer overflow in the MSWord text-import extension (Word ...)
	NOT-FOR-US: QuarkXPress
CVE-2007-3677 (Multiple SQL injection vulnerabilities in Maxsi eVisit Analyst allow ...)
	NOT-FOR-US: Maxsi eVisit Analyst
CVE-1999-1592 (Multiple unspecified vulnerabilities in sendmail 5, as installed on ...)
	- sendmail <not-affected> (Concerns only ancient sendmail V5)
CVE-2007-3676 (IBM DB2 Universal Database (UDB) Administration Server (DAS) 8 before ...)
	NOT-FOR-US: IBM DB2
CVE-2007-3675 (Multiple format string vulnerabilities in the kavwebscan.CKAVWebScan ...)
	NOT-FOR-US: Kaspersky Online Scanner
CVE-2007-3674
	RESERVED
CVE-2007-3673 (Symantec symtdi.sys before 7.0.0, as distributed in Symantec AntiVirus ...)
	NOT-FOR-US: Symantec AntiVirus
CVE-2007-3672 (Cross-site scripting (XSS) vulnerability in ecrire/tools.php in ...)
	NOT-FOR-US: DotClear
CVE-2007-3671 (Unspecified vulnerability in the kernel in Microsoft Windows Vista has ...)
	NOT-FOR-US: Microsoft Windows
CVE-2007-3670 (Argument injection vulnerability in Microsoft Internet Explorer, when ...)
	- iceweasel <not-affected> (Only affects Firefox/Thunderbird on Windows)
	- icedove <not-affected> (Only affects Firefox/Thunderbird on Windows)
	NOTE: MFSA2007-23
CVE-2007-3669 (Multiple unspecified vulnerabilities in the Innovasys DockStudioXP ...)
	NOT-FOR-US: InnovaDSXP2.OCX ActiveX Control
CVE-2007-3668 (Multiple unspecified vulnerabilities in NMSDVDXU.DLL in NuMedia ...)
	NOT-FOR-US: NMSDVDXLib
CVE-2007-3667 (Unspecified vulnerability in EXCLEXPT.DLL in ActiveReportsExcelReport ...)
	NOT-FOR-US: ActiveReportsExcelReport
CVE-2007-3666 (Buffer overflow in RemoteCommand.DLL in Symantec Norton Ghost 12.0 ...)
	NOT-FOR-US: Symantec Ghost
CVE-2007-3665 (Multiple unspecified vulnerabilities in FileBackup.DLL in Symantec ...)
	NOT-FOR-US: Symantec Ghost
CVE-2007-3664 (Multiple unspecified vulnerabilities in Eltima Software RunService ...)
	NOT-FOR-US: Eltima Software
CVE-2007-3663 (Divide-by-zero error in Media Player Classic (MPC) 6.4.9.0 allows ...)
	NOT-FOR-US: guliverkli Media Player Classic
CVE-2007-3662 (Media Player Classic (MPC) 6.4.9.0 allows user-assisted remote ...)
	NOT-FOR-US: guliverkli Media Player Classic
CVE-2007-3661 (Eltima Software Virtual Serial Port (VSPAX) ActiveX control ...)
	NOT-FOR-US: Eltima Software
CVE-2007-3660 (The Nonnoi ASP/Barcode ActiveX control (nonnoi_ASPBarcode.dll) allows ...)
	NOT-FOR-US: Nonnoi
CVE-2007-3659 (Buffer overflow in the doBrowserAction function in FreeWRL 1.19.3 ...)
	NOT-FOR-US: FreeWRL
CVE-2007-3658 (Unspecified vulnerability in Microsoft Register Server (REGSVR) allows ...)
	NOT-FOR-US: Microsoft
CVE-2007-3657 (** DISPUTED ** ...)
	NOTE: Disputed Firefox issue, browser crashes not treated as security problems anyway
CVE-2007-3656 (Mozilla Firefox before 1.8.0.13 and 1.8.1.x before 1.8.1.5 does not ...)
	{DSA-1339-1 DSA-1338-1 DSA-1337-1 DTSA-45-1 DTSA-47-1 DTSA-51-1}
	- iceweasel 2.0.0.5-1 (high)
	- iceape 1.1.3-1 (high)
	- xulrunner 1.8.1.5-1 (high)
	NOTE: MFSA2007-24
CVE-2007-3655 (Stack-based buffer overflow in javaws.exe in Sun Java Web Start in JRE ...)
	- sun-java5 1.5.0-12-1
	[etch] - sun-java5 <no-dsa> (Non-free not supported)
	[etch] - sun-java5 1.5.0-14-1etch1
	- sun-java6 6-02-1
CVE-2007-3654 (The display driver allocattr functions in NetBSD 3.0 through ...)
	NOT-FOR-US: NetBSD
CVE-2007-3653 (Multiple cross-site scripting (XSS) vulnerabilities in Farsi Script ...)
	NOT-FOR-US: Farsi Script
CVE-2007-3652 (SQL injection vulnerability in class/page.php in Farsi Script (aka ...)
	NOT-FOR-US: Farsi Script
CVE-2007-3651 (class/page.php in Farsi Script (aka FaScript) FaName 1.0 allows remote ...)
	NOT-FOR-US: Farsi Script
CVE-2007-3650 (myWebland myBloggie 2.1.6 allow remote attackers to obtain sensitive ...)
	NOT-FOR-US: myWebland myBloggie
CVE-2007-3649 (Absolute path traversal vulnerability in a certain ActiveX control in ...)
	NOT-FOR-US: Hewlett-Packard (HP) Photo Digital Imaging ActiveX control
CVE-2007-3648 (SQL injection vulnerability in Webmatic before 2.6.2, and possibly ...)
	NOT-FOR-US: WebMatic
CVE-2007-3647 (The isloggedin function in Php/login.inc.php in phpTrafficA 1.4.3 and ...)
	NOT-FOR-US: phpTrafficA
CVE-2007-3646 (SQL injection vulnerability in index.php in FlashGameScript 1.7 and ...)
	NOT-FOR-US: FlashGameScript
CVE-2007-3645 (archive_read_support_format_tar.c in libarchive before 2.2.4 allows ...)
	{DSA-1455-1}
	- libarchive 2.2.4-1 (bug #432924; low)
CVE-2007-3644 (archive_read_support_format_tar.c in libarchive before 2.2.4 allows ...)
	{DSA-1455-1}
	- libarchive 2.2.4-1 (bug #432924; low)
CVE-2007-3643 (admin/index.php in AV Arcade 2.1b grants administrative privileges ...)
	NOT-FOR-US: AV Arcade
CVE-2007-3642 (The decode_choice function in net/netfilter/nf_conntrack_h323_asn1.c ...)
	{DSA-1356-1}
	- linux-2.6 2.6.22-2
CVE-2007-3641 (archive_read_support_format_tar.c in libarchive before 2.2.4 does not ...)
	{DSA-1455-1}
	- libarchive 2.2.4-1 (bug #432924; low)
CVE-2007-3640 (Adobe Integrated Runtime (AIR, aka Apollo) allows context-dependent ...)
	NOT-FOR-US: Adobe Apollo
CVE-2007-3639 (WordPress before 2.2.2 allows remote attackers to redirect visitors to ...)
	{DSA-1564-1}
	- wordpress 2.2.2-1
CVE-2007-3638 (Buffer overflow in Yahoo! Messenger 8.1 allows user-assisted remote ...)
	NOT-FOR-US: Yahoo! Messenger
CVE-2007-3637 (SQL injection vulnerability in MKPortal 1.1.1 allows remote attackers ...)
	NOT-FOR-US: MKPortal
CVE-2007-3636 (Multiple unspecified vulnerabilities in the G/PGP (GPG) Plugin 2.1 for ...)
	NOT-FOR-US: G/PGP (GPG) Plugin for Squirrelmail
CVE-2007-3635 (Multiple unspecified vulnerabilities in the G/PGP (GPG) Plugin before ...)
	NOT-FOR-US: G/PGP (GPG) Plugin for Squirrelmail
CVE-2007-3634 (Unspecified vulnerability in the G/PGP (GPG) Plugin 2.0 for ...)
	NOT-FOR-US: G/PGP (GPG) Plugin for Squirrelmail
CVE-2007-3633 (Absolute path traversal vulnerability in the Chilkat Software Chilkat ...)
	NOT-FOR-US: Chilkat Software
CVE-2007-3632 (Multiple PHP remote file inclusion vulnerabilities in LimeSurvey (aka ...)
	NOTE: Moodle contains a copy of the files, but not the string
	NOTE: "homedir", so it is not affected.
CVE-2007-3631 (SQL injection vulnerability in index.php in GameSiteScript (gss) 3.1 ...)
	NOT-FOR-US: GameSiteScript
CVE-2007-3630 (changePW.php in AV Tutorial Script (avtutorial) 1.0 does not require ...)
	NOT-FOR-US: AV Tutorial
CVE-2007-3629 (SQL injection vulnerability in oku.asp in Levent Veysi Portal 1.0 ...)
	NOT-FOR-US: Levent Veysi Portal
CVE-2007-3628 (Unspecified vulnerability in the fetch function in MDB2.php in PEAR ...)
	NOT-FOR-US: Structures-DataGrid-DataSource-MDB2
CVE-2007-3627 (Multiple SQL injection vulnerabilities in PHP Lite Calendar Express ...)
	NOT-FOR-US: PHP Lite Calender Express
CVE-2007-3626 (Unspecified vulnerability in the ADM daemon in Hitachi TPBroker before ...)
	NOT-FOR-US: Hitachi
CVE-2007-3625 (The Program Neighborhood Agent in Citrix Presentation Server Clients ...)
	NOT-FOR-US: Citrix
CVE-2007-3624 (Heap-based buffer overflow in the Message HTTP Server in SAP Message ...)
	NOT-FOR-US: SAP
CVE-2007-3623 (Cross-site scripting (XSS) vulnerability in the Hitachi JP1/HiCommand ...)
	NOT-FOR-US: Hitachi
CVE-2007-3622 (Unspecified vulnerability in DomainPOP in Alt-N Technologies MDaemon ...)
	NOT-FOR-US: MDaemon
CVE-2007-3621 (Multiple CRLF injection vulnerabilities in callboth.php in AsteriDex ...)
	NOT-FOR-US: AsteriDex
CVE-2007-3620 (Multiple directory traversal vulnerabilities in Maia Mailguard 1.0.2 ...)
	NOT-FOR-US: Maia Mailguard
CVE-2007-3619 (Directory traversal vulnerability in login.php in Maia Mailguard 1.0.2 ...)
	NOT-FOR-US: Maia Mailguard
CVE-2007-3618 (Stack-based buffer overflow in the NetWorker Remote Exec Service ...)
	NOT-FOR-US: EMC Software NetWorker
CVE-2007-3617 (The report module in vtiger CRM before 5.0.3 does not properly apply ...)
	NOT-FOR-US: vtiger CRM
CVE-2007-3616 (index.php in vtiger CRM before 5.0.3 allows remote authenticated users ...)
	NOT-FOR-US: vtiger CRM
CVE-2007-3615 (Internet Communication Manager (aka ICMAN.exe or ICM) in SAP NetWeaver ...)
	NOT-FOR-US: SAP
CVE-2007-3614 (Multiple stack-based buffer overflows in waHTTP.exe (aka the SAP DB ...)
	NOT-FOR-US: SAP DB Web Server
CVE-2007-3613 (Cross-site scripting (XSS) vulnerability in ADM:GETLOGFILE in SAP ...)
	NOT-FOR-US: SAP
CVE-2007-3612 (Stack-based buffer overflow in Visual IRC (ViRC) 2.0 allows remote IRC ...)
	NOT-FOR-US: Visual IRC
CVE-2007-3611 (admin.php in VRNews 1.1.1, and possibly other 1.x versions, does not ...)
	NOT-FOR-US: VRNews
CVE-2007-3610 (SQL injection vulnerability in categories_type.php in phpVID 0.9.9 ...)
	NOT-FOR-US: phpVID
CVE-2007-3609 (Multiple SQL injection vulnerabilities in eMeeting Online Dating ...)
	NOT-FOR-US: eMeeting
CVE-2007-3608 (Multiple unspecified vulnerabilities in ActiveX controls in the ...)
	NOT-FOR-US: SAP
CVE-2007-3607 (Multiple unspecified vulnerabilities in ActiveX controls in the ...)
	NOT-FOR-US: SAP
CVE-2007-3606 (Heap-based buffer overflow in the rfcguisink.rfcguisink.1 ActiveX ...)
	NOT-FOR-US: SAP
CVE-2007-3605 (Stack-based buffer overflow in the kweditcontrol.kwedit.1 ActiveX ...)
	NOT-FOR-US: SAP
CVE-2007-3604 (vtiger CRM before 5.0.3 allows remote authenticated users with access ...)
	NOT-FOR-US: vtiger CRM
CVE-2007-3603 (SQL injection vulnerability in the dashboard ...)
	NOT-FOR-US: vtiger CRM
CVE-2007-3602 (The SOAP webservice in vtiger CRM before 5.0.3 does not ensure that ...)
	NOT-FOR-US: vtiger CRM
CVE-2007-3601 (vtiger CRM before 5.0.3, when a migrated build is used, allows remote ...)
	NOT-FOR-US: vtiger CRM
CVE-2007-3600 (WordPlugin in the wordintegration component in vtiger CRM before 5.0.3 ...)
	NOT-FOR-US: vtiger CRM
CVE-2007-3599 (vtiger CRM before 5.0.3 allows remote authenticated users to import ...)
	NOT-FOR-US: vtiger CRM
CVE-2007-3598 (index.php in vtiger CRM before 5.0.3 allows remote authenticated users ...)
	NOT-FOR-US: vtiger CRM
CVE-2007-3597 (Session fixation vulnerability in Zen Cart 1.3.7 and earlier allows ...)
	NOT-FOR-US: Zen Cart
CVE-2007-3596 (inc/vul_check.inc in phpVideoPro before 0.8.8 permits non-alphanumeric ...)
	NOT-FOR-US: phpVideoPro
CVE-2007-3595
	REJECTED
CVE-2007-3594 (Multiple cross-site scripting (XSS) vulnerabilities in AdventNet ...)
	NOT-FOR-US: ManageEngine OpManager
CVE-2007-3593 (Multiple cross-site scripting (XSS) vulnerabilities in ManageEngine ...)
	NOT-FOR-US: ManageEngine NetflowAnalyzer
CVE-2007-3592 (PM.php in Elite Bulletin Board before 1.0.10 allows remote ...)
	NOT-FOR-US: Elite Bulletin Board
CVE-2007-3591 (Unspecified vulnerability in Profile.php in Elite Bulletin Board ...)
	NOT-FOR-US: Elite Bulletin Board
CVE-2007-3590 (Cross-site scripting (XSS) vulnerability in visitenkarte.php in b1gBB ...)
	NOT-FOR-US: b1gBB
CVE-2007-3589 (Multiple SQL injection vulnerabilities in b1gbb 2.24.0 allow remote ...)
	NOT-FOR-US: b1gbb
CVE-2007-3588 (SQL injection vulnerability in reply.php in VBZooM 1.12 allows remote ...)
	NOT-FOR-US: VBZooM
CVE-2007-3587 (MyCMS 0.9.8 and earlier allows remote attackers to gain privileges via ...)
	NOT-FOR-US: MyCMS
CVE-2007-3586 (Multiple direct static code injection vulnerabilities in MyCMS 0.9.8 ...)
	NOT-FOR-US: MyCMS
CVE-2007-3585 (PHP remote file inclusion vulnerability in games.php in MyCMS 0.9.8 ...)
	NOT-FOR-US: MyCMS
CVE-2007-3584 (SQL injection vulnerability in viewforum.php in PNphpBB2 1.2i and ...)
	NOT-FOR-US: PNphpBB2
CVE-2007-3583 (SQL injection vulnerability in details_news.php in Girlserv ads 1.5 ...)
	NOT-FOR-US: Girlserv ads
CVE-2007-3582 (SQL injection vulnerability in index.php in SuperCali PHP Event ...)
	NOT-FOR-US: SuperCali PHP Event Calendar
CVE-2007-3581 (The Jedox Palo 1.5 client transmits the password in cleartext, which ...)
	NOT-FOR-US: Jedox
CVE-2007-3580 (PHPIDS does not properly handle certain code containing newlines, as ...)
	NOT-FOR-US: PHPIDS
CVE-2007-3579 (PHPIDS before 20070703 does not properly handle setting the .text ...)
	NOT-FOR-US: PHPIDS
CVE-2007-3578 (PHPIDS before 20070703 does not properly handle (1) arithmetic ...)
	NOT-FOR-US: PHPIDS
CVE-2007-3577 (PHPIDS before 20070703 does not properly handle use of the substr ...)
	NOT-FOR-US: PHPIDS
CVE-2007-3576 (** DISPUTED ** ...)
	NOT-FOR-US: Microsoft
CVE-2007-3575 (SQL injection vulnerability in includes/functions in FreeDomain.co.nr ...)
	NOT-FOR-US: FreeDomain.co.nr Clone
CVE-2007-3574 (Multiple cross-site scripting (XSS) vulnerabilities in setup.cgi on ...)
	NOT-FOR-US: Linksys
CVE-2007-3573 (Multiple SQL injection vulnerabilities in akocomment allow remote ...)
	NOT-FOR-US: AkoComment
CVE-2007-3572 (Incomplete blacklist vulnerability in cgi-bin/runDiagnostics.cgi in ...)
	NOT-FOR-US: Yoggie
CVE-2007-3571 (The Apache Web Server as used in Novell NetWare 6.5 and GroupWise ...)
	NOT-FOR-US: Novell
CVE-2007-3570 (The Linux Access Gateway in Novell Access Manager before 3.0 SP1 ...)
	NOT-FOR-US: Novell
CVE-2007-3569 (Multiple cross-site scripting (XSS) vulnerabilities in Oliver Library ...)
	NOT-FOR-US: Oliver Library Management System
CVE-2007-3568 (The _LoadBMP function in imlib 1.9.15 and earlier allows ...)
	- imlib 1.9.15-3 (bug #437708; low)
	[sarge] - imlib <no-dsa> (Minor issue, just a crash)
	[etch] - imlib <no-dsa> (Minor issue, just a crash)
CVE-2007-3567 (MySQLDumper 1.21b through 1.23 REV227 uses a &quot;Limit GET&quot; statement in ...)
	NOT-FOR-US: MysqlDumper
CVE-2007-3566 (Stack-based buffer overflow in the database service (ibserver.exe) in ...)
	NOT-FOR-US: Borland InterBase
CVE-2007-3565
	RESERVED
CVE-2007-3564 (libcurl 7.14.0 through 7.16.3, when built with GnuTLS support, does ...)
	{DSA-1333-1}
	- curl 7.16.4-1 (low)
CVE-2007-3563 (SQL injection vulnerability in includes/view_page.php in AV Arcade ...)
	NOT-FOR-US: AV Arcade
CVE-2007-3562 (SQL injection vulnerability in videos.php in PHP Director 0.21 and ...)
	NOT-FOR-US: PHP Director
CVE-2007-3561 (Cross-site scripting (XSS) vulnerability in ara.asp in Efendy Blog 1.0 ...)
	NOT-FOR-US: Efendy Blog
CVE-2007-3560 (Multiple unspecified vulnerabilities in Esqlanelapse before 2.6 have ...)
	NOT-FOR-US: Esqlanelapse
CVE-2007-3559 (Cross-site scripting (XSS) vulnerability in ...)
	NOT-FOR-US: PHP-Fusion
CVE-2007-3558 (SQL injection vulnerability in Coppermine Photo Gallery (CPG) before ...)
	NOT-FOR-US: Coppermine Photo Gallery
CVE-2007-3557 (SQL injection vulnerability in admin/login.php in Wheatblog (wB) 1.1, ...)
	NOT-FOR-US: Wheatblog
CVE-2007-3556 (Liesbeth base CMS stores sensitive information under the web root with ...)
	NOT-FOR-US: Liesbeth
CVE-2007-3555 (Cross-site scripting (XSS) vulnerability in index.php in Moodle 1.7.1 ...)
	{DSA-1691-1}
	- moodle 1.8.2-1 (low; bug #432264)
CVE-2007-3554 (Stack-based buffer overflow in the HPSDDX Class (SDD) ActiveX control ...)
	NOT-FOR-US: HP
CVE-2007-3553 (Cross-site scripting (XSS) vulnerability in Rapid Install Web Server ...)
	NOT-FOR-US: Oracle
CVE-2007-3552 (Multiple unspecified vulnerabilities in bbs100 before 3.2 allow remote ...)
	NOT-FOR-US: bbs100
CVE-2007-3551 (Buffer overflow in bbs100 before 3.2 allows remote attackers to cause ...)
	NOT-FOR-US: bbs100
CVE-2007-3550 (** DISPUTED ** ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2007-3549 (SQL injection vulnerability in view_sub_cat.php in Buddy Zone 1.5 ...)
	NOT-FOR-US: Buddy Zone
CVE-2007-3548 (Stack-based buffer overflow in W3Filer 2.1.3 allows remote FTP servers ...)
	NOT-FOR-US: W3Filer
CVE-2007-3547 (Directory traversal vulnerability in qti_checkname.php in QuickTicket ...)
	NOT-FOR-US: QuickTicket
CVE-2007-3546 (Cross-site scripting (XSS) vulnerability in the Windows GUI in Nessus ...)
	NOT-FOR-US: Nessus Windows GUI
CVE-2007-3545 (Buffer overflow in Warzone 2100 Resurrection before 2.0.7 allows ...)
	NOT-FOR-US: Warzone
CVE-2007-3544 (Unrestricted file upload vulnerability in (1) wp-app.php and (2) ...)
	- wordpress 2.2.2-1
CVE-2007-3543 (Unrestricted file upload vulnerability in WordPress before 2.2.1 and ...)
	- wordpress 2.2.1-1
CVE-2007-3542 (Cross-site scripting (XSS) vulnerability in admin/auth.php in Pluxml ...)
	NOT-FOR-US: Pluxml
CVE-2007-3541 (Cross-site scripting (XSS) vulnerability in Kurinton sHTTPd 20070408 ...)
	NOT-FOR-US: Kurinton sHTTPd
CVE-2007-3540 (Multiple cross-site scripting (XSS) vulnerabilities in search.asp in ...)
	NOT-FOR-US: rwAuction
CVE-2007-3539 (Multiple SQL injection vulnerabilities in QuickTicket 1.2 ...)
	NOT-FOR-US: QuickTicket
CVE-2007-3538 (SQL injection vulnerability in qtg_msg_view.php in QuickTalk guestbook ...)
	NOT-FOR-US: QuickTalk
CVE-2007-3537 (IBM OS/400 (aka i5/OS) V4R2M0 through V5R3M0 on iSeries machines sends ...)
	NOT-FOR-US: IBM OS/400
CVE-2007-3536 (Multiple buffer overflows in the AMX NetLinx VNC (AmxVnc) ActiveX ...)
	NOT-FOR-US: AMX NetLinx VNC
CVE-2007-3535 (Multiple directory traversal vulnerabilities in GL-SH Deaf Forum 6.4.4 ...)
	NOT-FOR-US: GL-SH Deaf Forum
CVE-2007-3534 (SQL injection vulnerability in login.php in WebChat 0.78 allows remote ...)
	NOT-FOR-US: WebChat
CVE-2007-3533 (The 3Com IntelliJack Switch NJ220 before 2.0.23 allows remote ...)
	NOT-FOR-US: 3Com
CVE-2007-3532 (NVIDIA drivers (nvidia-drivers) before 1.0.7185, 1.0.9639, and ...)
	- nvidia-kernel-common 20051028+1-0.1 (bug #434398; low)
	[sarge] - nvidia-kernel-common <no-dsa> (Contrib and non-free not supported)
	[etch] - nvidia-kernel-common <no-dsa> (Contrib and non-free not supported)
CVE-2007-3531 (The set_default_speeds function in backend/backend.c in NVidia NVClock ...)
	- nvclock 0.8b-1 (low)
CVE-2007-3530 (PHPDirector 0.21 and earlier stores the admin account name and ...)
	NOT-FOR-US: PHPDirector
CVE-2007-3529 (videos.php in PHPDirector 0.21 and earlier allows remote attackers to ...)
	NOT-FOR-US: PHPDirector
CVE-2007-3528 (The blowfish mode in DAR before 2.3.4 uses weak Blowfish-CBC ...)
	- dar 2.3.3-1 (low; bug #425335)
	[etch] - dar <no-dsa> (Minor issue)
	[sarge] - dar <no-dsa> (Minor issue)
CVE-2007-3527 (Integer overflow in Firebird 2.0.0 allows remote authenticated users ...)
	- firebird2.0 2.0.3.12981.ds1-1 (bug #441405)
	[etch] - firebird2 <no-dsa> (Fixed packages have been released through backports.org, see #1529)
	[sarge] - firebird2 <unfixed>
CVE-2007-3526 (Multiple SQL injection vulnerabilities in Buddy Zone 1.5 and earlier ...)
	NOT-FOR-US: Buddy Zone
CVE-2007-3525 (Ripe Website Manager 0.8.9 and earlier allows remote attackers to ...)
	NOT-FOR-US: Ripe Website Manager
CVE-2007-3524 (Multiple PHP remote file inclusion vulnerabilities in Ripe Website ...)
	NOT-FOR-US: Ripe Website Manager
CVE-2007-3523 (Multiple directory traversal vulnerabilities in Module/Galerie.php in ...)
	NOT-FOR-US: XCMS
CVE-2007-3522 (Multiple PHP remote file inclusion vulnerabilities in sPHPell 1.01 ...)
	NOT-FOR-US: sPHPell
CVE-2007-3521 (SQL injection vulnerability in ArcadeBuilder Game Portal Manager 1.7 ...)
	NOT-FOR-US: ArcadeBuilder Game Portal Manager
CVE-2007-3520 (SQL injection vulnerability in process.php in Easybe 1-2-3 Music Store ...)
	NOT-FOR-US: Easybe
CVE-2007-3519 (SQL injection vulnerability in eventdisplay.php in phpEventCalendar ...)
	NOT-FOR-US: phpEventCalendar
CVE-2007-3518 (SQL injection vulnerability in msg.php in HispaH YouTube Clone Script ...)
	NOT-FOR-US: HispaH YouTube Clone Script
CVE-2007-3517 (Multiple cross-site scripting (XSS) vulnerabilities in Claroline 1.8.3 ...)
	NOT-FOR-US: Claroline
CVE-2007-3516 (Multiple cross-site scripting (XSS) vulnerabilities in kayit.asp in ...)
	NOT-FOR-US: Gorki Online Santrac Sitesi
CVE-2007-3515 (SQL injection vulnerability in view_event.php in TotalCalendar 2.402 ...)
	NOT-FOR-US: TotalCalendar
CVE-2006-7220 (Unspecified vulnerability in SAP SAPLPD and SAPSPRINT allows remote ...)
	NOT-FOR-US: SAP SAPLPD
CVE-2006-7219 (eZ publish before 3.8.5 does not properly enforce permissions for ...)
	- ezpublish <not-affected> (Debian's version is too old)
CVE-2006-7218 (eZ publish before 3.8.1 does not properly enforce permissions for ...)
	- ezpublish <not-affected> (Debian's version is too old)
CVE-2006-7217 (Apache Derby before 10.2.1.6 does not determine schema privilege ...)
	NOT-FOR-US: Apache Derby
CVE-2006-7216 (Apache Derby before 10.2.1.6 does not determine privilege requirements ...)
	NOT-FOR-US: Apache Derby
CVE-2006-7215 (The Intel Core 2 Extreme processor X6800 and Core 2 Duo desktop ...)
	NOT-FOR-US: Intel processor
CVE-2005-4859 (mimicboard2 (Mimic2) 086 and earlier stores sensitive information ...)
	NOT-FOR-US: mimicboard2
CVE-2005-4858 (Multiple cross-site scripting (XSS) vulnerabilities in mimic2.cgi in ...)
	NOT-FOR-US: mimicboard2
CVE-2005-4857 (eZ publish 3.5 before 3.5.7, 3.6 before 3.6.5, 3.7 before 3.7.3, and ...)
	- ezpublish <removed>
CVE-2005-4856 (The admin interface in eZ publish 3.5 before 3.5.7, 3.6 before 3.6.5, ...)
	- ezpublish <removed>
CVE-2005-4855 (Unrestricted file upload vulnerability in eZ publish 3.5 before 3.5.5, ...)
	- ezpublish <removed> (bug #424790)
CVE-2005-4854 (eZ publish 3.5 through 3.7 before 20050830 does not use a folder's ...)
	- ezpublish <removed> (bug #424790)
CVE-2005-4853 (The default configuration of the forum package in eZ publish 3.5 ...)
	- ezpublish <removed> (bug #424790)
CVE-2005-4852 (The siteaccess URIMatching implementation in eZ publish 3.5 through ...)
	- ezpublish <removed> (bug #424790)
CVE-2005-4851 (eZ publish 3.4.4 through 3.7 before 20050722 applies certain ...)
	- ezpublish <removed> (bug #424790)
CVE-2005-4850 (eZ publish 3.5 through 3.7 before 20050608 requires both edit and ...)
	- ezpublish <removed> (bug #424790)
CVE-2005-4849 (Apache Derby before 10.1.2.1 exposes the (1) user and (2) password ...)
	NOT-FOR-US: Apache Derby
CVE-2004-2682 (PeerSec MatrixSSL before 1.1 does not implement RSA blinding, which ...)
	- matrixssl 1.1-1
CVE-2004-2681 (PeerSec MatrixSSL before 1.1 caches session keys for an indefinitely ...)
	- matrixssl 1.1-1
CVE-1999-1591 (Microsoft Internet Information Services (IIS) server 4.0 SP4, without ...)
	NOT-FOR-US: Microsoft IIS
CVE-2007-3514 (Cross-domain vulnerability in Apple Safari for Windows 3.0.2 allows ...)
	NOT-FOR-US: Apple Safari
CVE-2007-3513 (The lcd_write function in drivers/usb/misc/usblcd.c in the Linux ...)
	{DSA-1356-1}
	- linux-2.6 2.6.22-1
	NOTE: Fixed in commit 5afeb104e7901168b21aad0437fb51dc620dfdd3
	NOTE: in Linus' tree.
CVE-2007-3512 (Stack-based buffer overflow in Lhaca File Archiver before 1.22 allows ...)
	NOT-FOR-US: Lhaca
CVE-2007-3511 (The focus handling for the onkeydown event in Mozilla Firefox ...)
	{DSA-1401-1 DSA-1396-1 DSA-1392-1 DTSA-69-1 DTSA-80-1}
	- iceweasel 2.0.0.8-1 (bug #438873; low)
	- xulrunner 1.8.1.9-1
	- iceape 1.1.5
	NOTE: MFSA2007-32
CVE-2007-3510 (Buffer overflow in the IMAP service in IBM Lotus Domino before 6.5.6 ...)
	NOT-FOR-US: IBM Lotus Domino
CVE-2007-3509 (Heap-based buffer overflow in the RPC subsystem in Symantec Backup ...)
	NOT-FOR-US: Symantec
CVE-2007-3508 (** DISPUTED ** ...)
	- glibc 2.6-2 (unimportant; bug #431858)
	NOTE: Not security-relevant
CVE-2007-3507 (Stack-based buffer overflow in the local__vcentry_parse_value function ...)
	- flac123 0.0.11-1 (low; bug #432008)
	[etch] - flac123 <no-dsa> (Minor issue)
CVE-2007-3506 (The ft_bitmap_assure_buffer function in src/base/ftbimap.c in FreeType ...)
	- freetype 2.3.4 (bug #432013)
	[sarge] - freetype <not-affected> (Vulnerable code introduced in 2.3.x)
	[etch] - freetype <not-affected> (Vulnerable code introduced in 2.3.x)
	[lenny] - freetype <not-affected> (Vulnerable code introduced in 2.3.x)
CVE-2007-3505 (Multiple directory traversal vulnerabilities in QuickTalk forum 1.3 ...)
	NOT-FOR-US: QuickTalk forum
CVE-2007-3504 (Directory traversal vulnerability in the PersistenceService in Sun ...)
	- sun-java5 <not-affected>
	NOTE: Sun Alert ID 102957 says issue is Windows only
CVE-2007-3503 (The Javadoc tool in Sun JDK 6 and JDK 5.0 Update 11 can generate HTML ...)
	[etch] - sun-java5 <no-dsa> (non-free)
	[etch] - sun-java5 1.5.0-14-1etch1
	- sun-java5 1.5.0-12-1
	[etch] - sun-java6 <no-dsa> (non-free)
	- sun-java6 6-01-1 (bug #432006)
CVE-2007-3502 (Unspecified vulnerability in the web-based product configuration ...)
	NOT-FOR-US: Kaspersky Anti-Spam
CVE-2007-3501 (Cross-site scripting (XSS) vulnerability in CMD_USER_STATS in ...)
	NOT-FOR-US: DirectAdmin
CVE-2007-3500 (Xeweb XEForum allows remote attackers to gain privileges via a ...)
	NOT-FOR-US: Xeweb XEForum
CVE-2007-3499 (SlackRoll before 8 accepts gpg exit codes other than 0 and 1 as ...)
	NOT-FOR-US: SlackRoll
CVE-2007-3498 (Cross-site scripting (XSS) vulnerability in smoketests/configForm.php ...)
	NOT-FOR-US: HTML Purifier
CVE-2007-3497 (Microsoft Internet Explorer 7 allows remote attackers to determine the ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2007-3496 (Cross-site scripting (XSS) vulnerability in SAP Web Dynpro Java ...)
	NOT-FOR-US: SAP Web Dynpro Java
CVE-2007-3495 (Multiple cross-site scripting (XSS) vulnerabilities in the SAP ...)
	NOT-FOR-US: SAP Internet Communication Framework
CVE-2007-3494 (Papoo CMS 3.6, and possibly earlier, does not verify user privileges ...)
	NOT-FOR-US: Papoo CMS
CVE-2007-3493 (A certain ActiveX control in NCTWavChunksEditor2.dll 2.6.1.148 in ...)
	NOT-FOR-US: NCTAudioStudio
CVE-2007-3492 (Conti FtpServer 1.0 allows remote authenticated users to cause a ...)
	NOT-FOR-US: Conti FtpServer
CVE-2007-3491 (Buffer overflow in _mprosrv in Progress Software OpenEdge before ...)
	NOT-FOR-US: Progress Software OpenEdge
CVE-2007-3490 (Unspecified vulnerability in Microsoft Excel 2003 SP2 allows remote ...)
	NOT-FOR-US: Microsoft Excel 2003 SP2
CVE-2007-3489 (Cross-site request forgery (CSRF) vulnerability in pop/WizU.html in ...)
	NOT-FOR-US: Check Point VPN-1 Edge X
CVE-2007-3488 (Heap-based buffer overflow in the viewer ActiveX control in Sony ...)
	NOT-FOR-US: Sony Network Camera SNC-P5 1.0
CVE-2007-3487 (Absolute path traversal in a certain ActiveX control in hpqxml.dll ...)
	NOT-FOR-US: Hewlett-Packard (HP) Photo Digital Imaging ActiveX control
CVE-2007-3486 (Cross-site scripting (XSS) vulnerability in AltaVista search engine ...)
	NOT-FOR-US: AltaVista
CVE-2007-3485 (Multiple cross-site scripting (XSS) vulnerabilities in Yandex.Server ...)
	NOT-FOR-US: Yandex.Server
CVE-2007-3484 (** DISPUTED ** ...)
	NOT-FOR-US: Google Custom Search Engine
CVE-2007-3483 (Research in Motion BlackBerry Enterprise Server 4.0 through 4.1 has a ...)
	NOT-FOR-US: BlackBerry Enterprise Server
CVE-2007-3482 (Cross-domain vulnerability in Apple Safari for Windows 3.0.1 allows ...)
	NOT-FOR-US: Apple Safari
CVE-2007-3481 (** DISPUTED ** ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2007-3480 (PCSoft WinDEV 11 (01F110053p) allows user-assisted remote attackers to ...)
	NOT-FOR-US: PCSoft WinDEV
CVE-2007-3479 (Stack-based buffer overflow in PCSoft WinDEV 11 (01F110053p) allows ...)
	NOT-FOR-US: PCSoft WinDEV
CVE-2007-3478 (Race condition in gdImageStringFTEx (gdft_draw_bitmap) in gdft.c in ...)
	- libgd2 <unfixed> (unimportant)
	NOTE: this is a crash, and does not seem to be attacker controlled.
CVE-2007-3477 (The (a) imagearc and (b) imagefilledarc functions in GD Graphics ...)
	{DSA-1613-1}
	- libgd2 2.0.35.dfsg-1 (low)
	NOTE: CPU consumption DoS
CVE-2007-3476 (Array index error in gd_gif_in.c in the GD Graphics Library (libgd) ...)
	{DSA-1613-1}
	- libgd2 2.0.35.dfsg-1 (low)
	NOTE: can write a 0 to a 4k window in heap, very unlikely to be controllable.
CVE-2007-3475 (The GD Graphics Library (libgd) before 2.0.35 allows user-assisted ...)
	- libgd2 <unfixed> (unimportant)
	NOTE: out-of-band memory read, does not appear attacker controlled.
CVE-2007-3474 (Multiple unspecified vulnerabilities in the GIF reader in the GD ...)
	NOTE: appears to be prophylactic dup of CVE-2007-3476.
CVE-2007-3473 (The gdImageCreateXbm function in the GD Graphics Library (libgd) ...)
	- libgd2 <unfixed> (unimportant)
	NOTE: this is only a NULL deref crash (same as CVE-2007-3472)
CVE-2007-3472 (Integer overflow in gdImageCreateTrueColor function in the GD Graphics ...)
	- libgd2 <unfixed> (unimportant)
	NOTE: this is only a NULL deref crash.
CVE-2007-3471 (Buffer overflow in the dtsession Common Desktop Environment (CDE) ...)
	NOT-FOR-US: Sun Solaris dtsession
CVE-2007-3470 (Multiple unspecified vulnerabilities in the KSSL kernel module in Sun ...)
	NOT-FOR-US: Sun Solaris
CVE-2007-3469 (Unspecified vulnerability in the TCP Loopback/Fusion implementation in ...)
	NOT-FOR-US: Sun Solaris
CVE-2007-3468 (input.c in VideoLAN VLC Media Player before 0.8.6c allows remote ...)
	{DSA-1332-1}
	- vlc 0.8.6.c.debian-1 (unimportant; bug #429726)
CVE-2007-3467 (Integer overflow in the __status_Update function in stats.c VideoLAN ...)
	{DSA-1332-1}
	- vlc 0.8.6.c-1 (unknown; bug #429726)
CVE-2007-3466
	RESERVED
CVE-2007-3465 (Check Point SofaWare Safe@Office, with firmware before Embedded NGX ...)
	NOT-FOR-US: Check Point SofaWare Safe
CVE-2007-3464 (Check Point SofaWare Safe@Office, with firmware before Embedded NGX ...)
	NOT-FOR-US: Check Point SofaWare Safe
CVE-2007-3463 (** DISPUTED ** ...)
	NOT-FOR-US: Microsoft Windows XP SP2
CVE-2007-3462 (Cross-site request forgery (CSRF) vulnerability in Check Point ...)
	NOT-FOR-US: Check Point SofaWare Safe
CVE-2007-3461 (SQL injection vulnerability in property.php in elkagroup Image Gallery ...)
	NOT-FOR-US: elkagroup Image Gallery
CVE-2007-3460 (Multiple PHP remote file inclusion vulnerabilities in index.php3 in ...)
	NOT-FOR-US: EVA-Web
CVE-2007-3459 (A certain ActiveX control in Avaxswf.dll 1.0.0.1 in Civitech Avax ...)
	NOT-FOR-US: Civitech Avax Vector
CVE-2007-3458 (The libsldap library in Sun Solaris 8, 9, and 10 allows local users to ...)
	NOT-FOR-US: Sun Solaris libsldap
CVE-2007-3457 (Adobe Flash Player 8.0.34.0 and earlier insufficiently validates HTTP ...)
	- flashplugin-nonfree 9.0.48.0.1
	[sarge] - flashplugin-nonfree <no-dsa> (non-free not supported)
	[etch] - flashplugin-nonfree <no-dsa> (non-free not supported)
CVE-2007-3456 (Integer overflow in Adobe Flash Player 9.0.45.0 and earlier might ...)
	- flashplugin-nonfree 9.0.48.0.1
	[sarge] - flashplugin-nonfree <no-dsa> (non-free not supported)
	[etch] - flashplugin-nonfree <no-dsa> (non-free not supported)
CVE-2006-7214 (Multiple unspecified vulnerabilities in Firebird 1.5 allow remote ...)
	- firebird1.5 <removed> (bug #432753)
	- firebird2 <removed>
	[etch] - firebird2 <no-dsa> (Fixed packages have been released through backports.org, see #1529)
	- firebird2.0 <not-affected> (fixed in 2.0)
CVE-2006-7213 (Firebird 1.5 allows remote authenticated users without SYSDBA and ...)
	- firebird1.5 <removed> (bug #432753)
	- firebird2 <removed>
	[etch] - firebird2 <no-dsa> (Fixed packages have been released through backports.org, see #1529)
	- firebird2.0 <not-affected> (fixed in 2.0)
CVE-2006-7212 (Multiple buffer overflows in Firebird 1.5, one of which affects WNET, ...)
	- firebird1.5 <removed> (bug #432753)
	- firebird2 <removed>
	[etch] - firebird2 <no-dsa> (Fixed packages have been released through backports.org, see #1529)
	- firebird2.0 <not-affected> (fixed in 2.0)
CVE-2006-7211 (fb_lock_mgr in Firebird 1.5 uses weak permissions (0666) for the ...)
	- firebird1.5 <not-affected> (fixed before rename to firebird1.5)
	- firebird2 1.5.3.4870-4 (low; bug #362001)
	[etch] - firebird2 <no-dsa> (Fixed packages have been released through backports.org, see #1529)
	- firebird2.0 <not-affected> (fixed in 2.0)
	[sarge] - firebird2 <no-dsa> (Minor issue)
CVE-2006-7210 (Microsoft Windows 2000, XP, and Server 2003 allows remote attackers to ...)
	NOT-FOR-US: Windows
CVE-2005-4848 (Buffer overflow in the decompression algorithm in Research in Motion ...)
	NOT-FOR-US: BlackBerry Enterprise Server
CVE-2007-3455 (cgiChkMasterPwd.exe before 8.0.0.142 in Trend Micro OfficeScan ...)
	NOT-FOR-US: Trend Micro OfficeScan Corporate Edition
CVE-2007-3454 (Stack-based buffer overflow in CGIOCommon.dll before 8.0.0.1042 in ...)
	NOT-FOR-US: Trend Micro OfficeScan Corporate Edition
CVE-2007-3453 (SQL injection vulnerability in Papoo 3.6, and possibly earlier, allows ...)
	NOT-FOR-US: Papoo
CVE-2007-3452 (SQL injection vulnerability in essentials/minutes/doc.php in eDocStore ...)
	NOT-FOR-US: eDocStore
CVE-2007-3451 (PHP remote file inclusion vulnerability in admin/index.php in 6ALBlog ...)
	NOT-FOR-US: 6ALBlog
CVE-2007-3450 (SQL injection vulnerability in member.php in 6ALBlog allows remote ...)
	NOT-FOR-US: 6ALBlog
CVE-2007-3449 (SQL injection vulnerability in member.php in 6ALBlog allows remote ...)
	NOT-FOR-US: 6ALBlog
CVE-2007-3448 (Cross-site scripting (XSS) vulnerability in index.php in BugMall ...)
	NOT-FOR-US: BugMall Shopping Cart
CVE-2007-3447 (SQL injection vulnerability in BugMall Shopping Cart 2.5 and earlier ...)
	NOT-FOR-US: BugMall Shopping Cart
CVE-2007-3446 (BugMall Shopping Cart 2.5 and earlier has a default username &quot;demo&quot; ...)
	NOT-FOR-US: BugMall Shopping Cart
CVE-2007-3445 (Buffer overflow in SJ Labs SJphone 1.60.303c, running under Windows ...)
	NOT-FOR-US: SJphone
CVE-2007-3444 (The Research in Motion BlackBerry 7270 with 4.0 SP1 Bundle 83 allows ...)
	NOT-FOR-US: BlackBerry 7270
CVE-2007-3443 (The Research in Motion BlackBerry 7270 before 4.0 SP1 Bundle 108 does ...)
	NOT-FOR-US: BlackBerry 7270
CVE-2007-3442 (Format string vulnerability on the Research in Motion BlackBerry 7270 ...)
	NOT-FOR-US: BlackBerry 7270
CVE-2007-3441 (Format string vulnerability in the Aastra 9112i SIP Phone with ...)
	NOT-FOR-US: Aastra 9112i SIP Phone
CVE-2007-3440 (The Snom 320 SIP Phone, running snom320 linux 3.25, snom320-SIP 6.2.3, ...)
	NOT-FOR-US: Snom 320 SIP Phone
CVE-2007-3439 (The Snom 320 SIP Phone, running snom320 linux 3.25, snom320-SIP 6.2.3, ...)
	NOT-FOR-US: Snom 320 SIP Phone
CVE-2007-3438 (Buffer overflow in the SIP header parsing module in the Nortel PC ...)
	NOT-FOR-US: Nortel PC Client SIP Soft Phone
CVE-2007-3437 (AOL Instant Messenger (AIM) 6.1.32.1 on Windows XP allows remote ...)
	NOT-FOR-US: AOL Instant Messenger
CVE-2007-3436 (Microsoft MSN Messenger 4.7 on Windows XP allows remote attackers to ...)
	NOT-FOR-US: Microsoft
CVE-2007-3435 (Stack-based buffer overflow in the BeginPrint method in a certain ...)
	NOT-FOR-US: BarCodeAx.dll
CVE-2007-3434 (index.php in Pharmacy System 2 and earlier allows remote attackers to ...)
	NOT-FOR-US: Pharmacy System
CVE-2007-3433 (SQL injection vulnerability in index.php in Pharmacy System 2 and ...)
	NOT-FOR-US: Pharmacy System
CVE-2007-3432 (Unrestricted file upload vulnerability in admin/images.php in Pluxml ...)
	NOT-FOR-US: Pluxml
CVE-2007-3431 (PHP remote file inclusion vulnerability in cal.func.php in Valerio ...)
	NOT-FOR-US: Dagger
CVE-2007-3430 (SQL injection vulnerability in index.php in Simple Invoices 2007 05 25 ...)
	NOT-FOR-US: Simple Invoices
CVE-2007-3429 (Unrestricted file upload vulnerability in signup.php in e107 0.7.8 and ...)
	NOT-FOR-US: e107
CVE-2007-3428 (Multiple unspecified vulnerabilities in phpTrafficA before 1.4.2 allow ...)
	NOT-FOR-US: phpTrafficA
CVE-2007-3427 (SQL injection vulnerability in index.php in phpTrafficA 1.4.2 and ...)
	NOT-FOR-US: phpTrafficA
CVE-2007-3426 (Cross-site scripting (XSS) vulnerability in index.php in phpTrafficA ...)
	NOT-FOR-US: phpTrafficA
CVE-2007-3425 (Directory traversal vulnerability in index.php in phpTrafficA 1.4.2 ...)
	NOT-FOR-US: phpTrafficA
CVE-2007-3424 (The moveim function in cgi-bin/cgi-lib/instantmessage.pl in ...)
	NOT-FOR-US: WebAPP
CVE-2007-3423 (cgi-bin/cgi-lib/instantmessage.pl in web-app.org WebAPP before 0.9.9.7 ...)
	NOT-FOR-US: WebAPP
CVE-2007-3422 (The getcgi function in cgi-bin/cgi-lib/subs.pl in web-app.org WebAPP ...)
	NOT-FOR-US: WebAPP
CVE-2007-3421 (The (1) login, (2) admin profile edit, (3) reminder, (4) edit profile, ...)
	NOT-FOR-US: WebAPP
CVE-2007-3420 (The Random Cookie Password functionality in the loaduser function in ...)
	NOT-FOR-US: WebAPP
CVE-2007-3419 (The editprofile3 function in cgi-bin/cgi-lib/user.pl in web-app.org ...)
	NOT-FOR-US: WebAPP
CVE-2007-3418 (The displaypost function in cgi-bin/cgi-lib/forum_display.pl in ...)
	NOT-FOR-US: WebAPP
CVE-2007-3417 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
	NOT-FOR-US: WebAPP
CVE-2007-3416 (Multiple cross-site request forgery (CSRF) vulnerabilities in the ...)
	NOT-FOR-US: WebAPP
CVE-2007-3415 (Multiple SQL injection vulnerabilities in index.php in phpRaider 1.0.0 ...)
	NOT-FOR-US: phpRaider
CVE-2007-3414 (Multiple cross-site scripting (XSS) vulnerabilities in access2asp 4.5 ...)
	NOT-FOR-US: access2asp
CVE-2007-3413 (Multiple cross-site scripting (XSS) vulnerabilities in bosDataGrid ...)
	NOT-FOR-US: bosDataGrid
CVE-2007-3412 (Cross-site scripting (XSS) vulnerability in edit_image.asp in ...)
	NOT-FOR-US: ClickGallery Server
CVE-2007-3411 (SQL injection vulnerability in edit_image.asp in ClickGallery Server ...)
	NOT-FOR-US: ClickGallery Server
CVE-2007-3410 (Stack-based buffer overflow in the SmilTimeValue::parseWallClockValue ...)
	- helix-player <not-affected> (Debian versions of Helix player not affected according to maintainer)
CVE-2007-3409 (Net::DNS before 0.60, a Perl module, allows remote attackers to cause ...)
	{DSA-1515-1}
	- libnet-dns-perl 0.60-1 (low)
CVE-2007-3408 (Multiple unspecified vulnerabilities in Dia before 0.96.1-6 have ...)
	- dia <not-affected> (Windows packaging with bundled FreeType libs)
CVE-2007-3407 (Sergey Lyubka Simple HTTPD (shttpd) 1.38 allows remote attackers to ...)
	NOT-FOR-US: Simple HTTPD
CVE-2007-3406 (Multiple absolute path traversal vulnerabilities in Microsoft Internet ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2007-3405 (Multiple cross-site scripting (XSS) vulnerabilities in defter_yaz.asp ...)
	NOT-FOR-US: Lebisoft zdefter
CVE-2007-3404 (Directory traversal vulnerability in ShowImage.php in SiteDepth CMS ...)
	NOT-FOR-US: SiteDepth CMS
CVE-2007-3403 (Unrestricted file upload vulnerability in upload.php in dreamLog (aka ...)
	NOT-FOR-US: dreamLog
CVE-2007-3402 (SQL injection vulnerability in index.php in pagetool 1.07 allows ...)
	NOT-FOR-US: pagetool
CVE-2007-3401 (PHP remote file inclusion vulnerability in footer.inc.php in B1G b1gBB ...)
	NOT-FOR-US: B1GBB
CVE-2007-3400 (The NCTAudioEditor2 ActiveX control in NCTWMAFile2.dll 2.6.2.157, as ...)
	NOT-FOR-US: NCTAudioEditor2 ActiveX control
CVE-2007-3399 (SQL injection vulnerability in include/get_userdata.php in Power ...)
	NOT-FOR-US: Power Phlogger
CVE-2007-3398 (LiteWEB 2.7 allows remote attackers to cause a denial of service ...)
	NOT-FOR-US: LiveWEB
CVE-2007-3397 (The web container in IBM WebSphere Application Server (WAS) before ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2007-3396 (Cross-site scripting (XSS) vulnerability in index.wkf in KeyFocus (KF) ...)
	NOT-FOR-US: KeyFocus
CVE-2007-3395
	REJECTED
CVE-2007-3394 (Multiple SQL injection vulnerabilities in eNdonesia 8.4 allow remote ...)
	NOT-FOR-US: eNdonesia
CVE-2007-3388 (Multiple format string vulnerabilities in (1) qtextedit.cpp, (2) ...)
	{DSA-1426-1}
	- qt-x11-free 3:3.3.7-6
	- qt4-x11 <not-affected> (This problem is not present in any version of Qt 4)
	NOTE: http://trolltech.com/company/newsroom/announcements/press.2007-07-27.7503755960
CVE-2007-3387 (Integer overflow in the StreamPredictor::StreamPredictor function in ...)
	{DSA-1357-1 DSA-1355-1 DSA-1354-1 DSA-1352-1 DSA-1350-1 DSA-1349-1 DSA-1348-1 DSA-1347-1 DTSA-49-1 DTSA-50-1 DTSA-54-1 DTSA-62-1}
	- poppler 0.5.4-6.1 (bug #435460)
	- gpdf <removed>
	- xpdf 3.02-1.1 (bug #435462)
	- kdegraphics 4:3.5.7-3
	- koffice 1:1.6.3-2
	- pdftohtml <removed>
	[etch] - pdftohtml 0.36-13etch1
	- tetex-bin 3.0-12
	NOTE: pdftex links to poppler since 3.0-12, thus marking as fixed
	- cupsys <not-affected> (unimportant; bug #436099)
	- cups <not-affected> (unimportant; bug #436099)
	NOTE: cups uses xpdf-utils
	- pdfkit.framework 0.8-4
	NOTE: links to poppler since 0.8-4, thus marking as fixed
	- libextractor 0.5.12-1
	NOTE: libextractor uses internal pdf decoder since 0.5.12-1, thus marking as fixed
	- ipe <not-affected> (Does not include the vulnerable code)
CVE-2007-3386 (Cross-site scripting (XSS) vulnerability in the Host Manager Servlet ...)
	{DSA-1447-1}
	- tomcat5.5 5.5.25-1
CVE-2007-3385 (Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 ...)
	{DSA-1453-1 DSA-1447-1}
	- tomcat5.5 5.5.25-1
	- tomcat5 <removed>
CVE-2007-3384 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
	NOT-FOR-US: tomcat 3.3
CVE-2007-3383 (Cross-site scripting (XSS) vulnerability in SendMailServlet in the ...)
	- tomcat4 <removed> (low)
	[sarge] - tomcat4 <no-dsa> (Contrib not supported)
	NOTE: affects example app in tomcat4-webapps
CVE-2007-3382 (Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 ...)
	{DSA-1453-1 DSA-1447-1}
	- tomcat5.5 5.5.25-1
	- tomcat5 <removed>
CVE-2007-3381 (The GDM daemon in GNOME Display Manager (GDM) before 2.14.13, 2.16.x ...)
	- gdm 2.18.4-1 (low)
	[sarge] - gdm <no-dsa> (Minor issue)
	[etch] - gdm <no-dsa> (Minor issue)
CVE-2007-3380 (The Distributed Lock Manager (DLM) in the cluster manager for Linux ...)
	- linux-2.6 2.6.23-1
	[etch] - linux-2.6 <not-affected> (Vulnerable code not present)
CVE-2007-3379 (Unspecified vulnerability in the kernel in Red Hat Enterprise Linux ...)
	- linux-2.6 <not-affected> (Red Hat-specific vulnerability)
CVE-2007-3378 (The (1) session_save_path, (2) ini_set, and (3) error_log functions in ...)
	- php4 <unfixed> (unimportant)
	- php5 5.2.4-1 (unimportant)
CVE-2007-3377 (Header.pm in Net::DNS before 0.60, a Perl module, (1) generates ...)
	{DSA-1515-1}
	- libnet-dns-perl 0.60-1 (low)
CVE-2007-3376 (Buffer overflow in Apple Safari 3.0.2 on Windows XP SP2 allows ...)
	NOT-FOR-US: Apple Safari
CVE-2007-3375 (Stack-based buffer overflow in Lhaca File Archiver before 1.21 allows ...)
	NOT-FOR-US: Lhaca
CVE-2007-3374 (Buffer overflow in cluster/cman/daemon/daemon.c in cman ...)
	- redhat-cluster <not-affected> (Just relevant in newer versions, we don't ship this file)
CVE-2007-3373 (daemon.c in cman (redhat-cluster-suite) before 20070622 does not clear ...)
	- redhat-cluster <not-affected> (Just relevant in newer versions, we don't ship this file)
CVE-2006-7209 (Multiple cross-site scripting (XSS) vulnerabilities in phpTrafficA ...)
	NOT-FOR-US: phpTrafficA
CVE-2006-7208 (PHP remote file inclusion vulnerability in download.php in the Adam ...)
	NOT-FOR-US: phpBB component com_forum
CVE-2003-1332 (Stack-based buffer overflow in the reply_nttrans function in Samba ...)
	- samba <not-affected> (Vulnerable version not in any suite)
CVE-2003-1331 (Stack-based buffer overflow in the mysql_real_connect function in the ...)
	- mysql-dfsg-5.0 <not-affected> (Newer versions in all suites apart oldstable)
	NOTE: oldstable is affected, everything else uses libmysqlclient15
CVE-2007-3389 (Wireshark before 0.99.6 allows remote attackers to cause a denial of ...)
	- wireshark 0.99.6pre1-1
	[etch] - wireshark <not-affected> (Only affected 0.99.5)
	- ethereal <not-affected> (Vulnerable code not present)
CVE-2007-3390 (Wireshark 0.99.5 and 0.10.x up to 0.10.14, when running on certain ...)
	{DSA-1322-1}
	- wireshark 0.99.6pre1-1
	- ethereal <not-affected> (Vulnerable code not present)
CVE-2007-3391 (Wireshark 0.99.5 allows remote attackers to cause a denial of service ...)
	- wireshark 0.99.6pre1-1
	[etch] - wireshark <not-affected> (Only affected 0.99.5)
	- ethereal <not-affected> (Vulnerable code not present)
CVE-2007-3392 (Wireshark before 0.99.6 allows remote attackers to cause a denial of ...)
	{DSA-1322-1}
	- wireshark 0.99.6pre1-1
	- ethereal <not-affected> (Vulnerable code not present)
CVE-2007-3393 (Off-by-one error in the DHCP/BOOTP dissector in Wireshark before ...)
	{DSA-1322-1}
	- wireshark 0.99.6pre1-1
	- ethereal <not-affected> (Vulnerable code not present)
CVE-2007-3372 (The Avahi daemon in Avahi before 0.6.20 allows attackers to cause a ...)
	{DSA-1690-1}
	- avahi 0.6.20-2 (low)
	[etch] - avahi <no-dsa> (Minor issue, only affects local users)
CVE-2007-3371 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: Powl
CVE-2007-3370 (Multiple PHP remote file inclusion vulnerabilities in Sun Board ...)
	NOT-FOR-US: Sun Board
CVE-2007-3369 (Buffer overflow in the Polycom SoundPoint IP 601 SIP phone with ...)
	NOT-FOR-US: Polycom SoundPoint IP 601 SIP phone
CVE-2007-3368 (Buffer overflow in the HTTP server on the Polycom SoundPoint IP 601 ...)
	NOT-FOR-US: Polycom SoundPoint IP 601 SIP phone
CVE-2007-3367 (Simple CGI Wrapper (scgiwrap) in cPanel before 10.9.1, and 11.x before ...)
	NOT-FOR-US: cPanel
CVE-2007-3366 (Cross-site scripting (XSS) vulnerability in Simple CGI Wrapper ...)
	NOT-FOR-US: cPanel
CVE-2007-3365 (MyServer 0.8.9 and earlier does not properly handle uppercase ...)
	NOT-FOR-US: MyServer
CVE-2007-3364 (Cross-site scripting (XSS) vulnerability in the cgi-bin/post.mscgi ...)
	NOT-FOR-US: MyServer
CVE-2007-3363 (Multiple unspecified vulnerabilities in ageet AGEphone before 1.6.3 ...)
	NOT-FOR-US: AGEphone
CVE-2007-3362 (ageet AGEphone before 1.6.2, running on Windows Mobile 5 on the HTC ...)
	NOT-FOR-US: AGEphone
CVE-2007-3361 (The Nortel PC Client SIP Soft Phone 4.1 3.5.208[20051015] allows ...)
	NOT-FOR-US: Nortel PC Client SIP Soft Phone
CVE-2007-3360 (hook.c in BitchX 1.1-final allows remote IRC servers to execute ...)
	- ircii-pana <removed> (medium; bug #432120)
	NOTE: http://bugs.debian.org/cgi-bin/bugreport.cgi?msg=10;filename=bitchx_CVE-2007-3360.patch;att=1;bug=432120
CVE-2007-3359 (Multiple PHP remote file inclusion vulnerabilities in SerWeb 0.9.6 and ...)
	NOT-FOR-US: SerWeb
CVE-2007-3358 (PHP remote file inclusion vulnerability in html/load_lang.php in ...)
	NOT-FOR-US: SerWeb
CVE-2007-3357 (NetClassifieds Premium Edition does not use encryption for (1) stored ...)
	NOT-FOR-US: NetClassifieds Premium Edition
CVE-2007-3356 (NetClassifieds Premium Edition allows remote attackers to obtain ...)
	NOT-FOR-US: NetClassifieds Premium Edition
CVE-2007-3355 (Multiple cross-site scripting (XSS) vulnerabilities in NetClassifieds ...)
	NOT-FOR-US: NetClassifieds Premium Edition
CVE-2007-3354 (Multiple SQL injection vulnerabilities in NetClassifieds Premium ...)
	NOT-FOR-US: NetClassifieds Premium Edition
CVE-2007-3353 (** DISPUTED ** ...)
	NOT-FOR-US: MyEvent
CVE-2007-3352 (Cross-site scripting (XSS) vulnerability in the preview form in ...)
	NOT-FOR-US: Stephen Ostermiller Contact Form
CVE-2007-3351 (The SJPhone SIP soft phone 1.60.303c, when installed on the Dell Axim ...)
	NOT-FOR-US: SJPhone SIP
CVE-2007-3350 (AOL Instant Messenger (AIM) 6.1.32.1 on Windows XP allows remote ...)
	NOT-FOR-US: AIM
CVE-2007-3349 (The Aastra 9112i SIP Phone with firmware 1.4.0.1048 and boot version ...)
	NOT-FOR-US: Aastra 9112i SIP Phone
CVE-2007-3348 (The D-Link DPH-540/DPH-541 phone allows remote attackers to cause a ...)
	NOT-FOR-US: D-Link DPH-540/DPH-541 phone
CVE-2007-3347 (The D-Link DPH-540/DPH-541 phone accepts SIP INVITE messages that are ...)
	NOT-FOR-US: D-Link DPH-540/DPH-541 phone
CVE-2007-3346 (Directory traversal vulnerability in index.php in PHPAccounts 0.5 ...)
	NOT-FOR-US: PHPAccounts
CVE-2007-3345 (Multiple SQL injection vulnerabilities in index.php in PHPAccounts 0.5 ...)
	NOT-FOR-US: PHPAccounts
CVE-2007-3344 (Multiple cross-site scripting (XSS) vulnerabilities in netjukebox ...)
	NOT-FOR-US: netjukebox
CVE-2007-3343 (Cross-site scripting (XSS) vulnerability in RaidenHTTPD before 2.0.14 ...)
	NOT-FOR-US: RaidenHTTPD
CVE-2007-3342 (Multiple cross-site scripting (XSS) vulnerabilities in Movable Type ...)
	NOT-FOR-US: Movable Type
CVE-2007-3341 (Unspecified vulnerability in the FTP implementation in Microsoft ...)
	NOT-FOR-US: Microsoft
CVE-2007-3340 (BugHunter HTTP SERVER (httpsv.exe) 1.6.2 allows remote attackers to ...)
	NOT-FOR-US: HTTP Server 1.6.2
CVE-2007-3339 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
	NOT-FOR-US: ColdFusion
CVE-2007-3338 (Multiple stack-based buffer overflows in Ingres database server 2006 ...)
	NOT-FOR-US: Ingres
CVE-2007-3337 (wakeup in Ingres database server 2006 9.0.4, r3, 2.6, and 2.5, as used ...)
	NOT-FOR-US: Ingres
CVE-2007-3336 (Multiple &quot;pointer overwrite&quot; vulnerabilities in Ingres database server ...)
	NOT-FOR-US: Ingres
CVE-2007-3335 (Multiple SQL injection vulnerabilities in the admin panel in PHPEcho ...)
	NOT-FOR-US: PHPEcho CMS
CVE-2007-3334 (Multiple heap-based buffer overflows in the (1) Communications Server ...)
	NOT-FOR-US: Ingres
CVE-2007-3333 (Stack-based buffer overflow in capture in IBM AIX 5.3 SP6 and 5.2.0 ...)
	NOT-FOR-US: IBM AIX
CVE-2007-3332 (Directory traversal vulnerability in Satellite.php in Satel Lite for ...)
	NOT-FOR-US: Satel Lite for PhpNuke
CVE-2007-3331 (Cross-site request forgery (CSRF) vulnerability in STphp EasyNews PRO ...)
	NOT-FOR-US: STphp EasyNews PRO
CVE-2007-3330 (Cross-site scripting (XSS) vulnerability in STphp EasyNews PRO 4.0 ...)
	NOT-FOR-US: STphp EasyNews PRO
CVE-2007-3329 (Multiple array index errors in the (1) get_intra_block, (2) ...)
	NOT-FOR-US: Xvid
CVE-2007-3328 (Multiple cross-site scripting (XSS) vulnerabilities in Interact 2.4 ...)
	NOT-FOR-US: Interact
CVE-2007-3327 (httpsv.exe in HTTP Server 1.6.2 allows remote attackers to obtain ...)
	NOT-FOR-US: HTTP Server 1.6.2
CVE-2007-3326 (Multiple directory traversal vulnerabilities in vBulletin 3.x.x allow ...)
	NOT-FOR-US: vBulletin
CVE-2007-3325 (PHP remote file inclusion vulnerability in lib/language.php in LAN ...)
	NOT-FOR-US: LAN Management System
CVE-2007-3324 (Multiple cross-site scripting (XSS) vulnerabilities in Comersus Cart ...)
	NOT-FOR-US: Comersus Cart
CVE-2007-3323 (SQL injection vulnerability in comersus_optReviewReadExec.asp in ...)
	NOT-FOR-US: Comersus Shop Cart
CVE-2006-7207 (Buffer overflow in ageet AGEphone before 1.4.0 might allow remote ...)
	NOT-FOR-US: AGEphone
CVE-2006-7206 (Microsoft Internet Explorer 6 on Windows XP SP2 allows remote ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2007-4168
	REJECTED
CVE-2007-3322 (The Avaya 4602 SW IP Phone (Model 4602D02A) with 2.2.2 and earlier SIP ...)
	NOT-FOR-US: Avaya IP Phone
CVE-2007-3321 (The Avaya 4602 SW IP Phone (Model 4602D02A) with 2.2.2 and earlier SIP ...)
	NOT-FOR-US: Avaya IP Phone
CVE-2007-3320 (The Avaya 4602SW IP Phone (Model 4602D02A) with 2.2.2 and earlier SIP ...)
	NOT-FOR-US: Avaya IP Phone
CVE-2007-3319 (The Avaya 4602SW IP Phone (Model 4602D02A) with 2.2.2 and earlier SIP ...)
	NOT-FOR-US: Avaya IP Phone
CVE-2007-3318 (Buffer overflow in the Session Initiation Protocol (SIP) User Access ...)
	NOT-FOR-US: Avaya one-X Desktop Edition
CVE-2007-3317 (The Session Initiation Protocol (SIP) User Access Client (UAC) message ...)
	NOT-FOR-US: Avaya one-X Desktop Edition
CVE-2007-3316 (Multiple format string vulnerabilities in plugins in VideoLAN VLC ...)
	{DSA-1332-1}
	- vlc 0.8.6.c-1 (medium; bug #429726)
CVE-2007-3315 (Multiple PHP remote file inclusion vulnerabilities in YourFreeScreamer ...)
	NOT-FOR-US: YourFreeScreamer
CVE-2007-3314 (Stack-based buffer overflow in peviewer.spl in Altap Servant ...)
	NOT-FOR-US: Altap Servant Salamander
CVE-2007-3313 (Multiple SQL injection vulnerabilities in Jasmine CMS 1.0 allow remote ...)
	NOT-FOR-US: Jasmine CMS
CVE-2007-3312 (Directory traversal vulnerability in admin/plugin_manager.php in ...)
	NOT-FOR-US: Jasmine CMS
CVE-2007-3311 (SQL injection vulnerability in print.php in the Articles 1.02 and ...)
	NOT-FOR-US: Articles
CVE-2007-3310 (Cross-site scripting (XSS) vulnerability in arama.asp in TDizin allows ...)
	NOT-FOR-US: TDizin
CVE-2007-3309 (Unspecified vulnerability in Simple Machines Forum (SMF) 1.1.2 allows ...)
	NOT-FOR-US: Simple Machines Forum
CVE-2007-3308 (Simple Machines Forum (SMF) 1.1.2 uses a concatenation method with ...)
	NOT-FOR-US: Simple Machines Forum
CVE-2007-3307 (SQL injection vulnerability in game_listing.php in Solar Empire ...)
	NOT-FOR-US: Solar Empire
CVE-2007-3306 (PHP remote file inclusion vulnerability in crontab/run_billing.php in ...)
	NOT-FOR-US: MiniBill
CVE-2007-3305 (Heap-based buffer overflow in Cerulean Studios Trillian 3.x before ...)
	NOT-FOR-US: Cerulean Studios Trillian
CVE-2007-3304 (Apache httpd 1.3.37, 2.0.59, and 2.2.4 with the Prefork MPM module, ...)
	- apache <removed> (low)
	- apache2 2.2.4-2 (low)
	[etch] - apache2 2.2.3-4+etch2
	[sarge] - apache2 2.0.54-5sarge2 (low)
	[etch] - apache 1.3.34-4.1+etch1
CVE-2007-3303 (Apache httpd 2.0.59 and 2.2.4, with the Prefork MPM module, allows ...)
	- apache2 <unfixed> (unimportant)
	NOTE: If you can execute arbitrary code, a DoS is not a problem.
CVE-2007-3302 (The CallCode ActiveX control in caller.dll 3.0 before 20070713, and ...)
	NOT-FOR-US: CA
CVE-2007-3301 (SQL injection vulnerability in forum/include/error/autherror.cfm in ...)
	NOT-FOR-US: FuseTalk
CVE-2007-3300 (Multiple F-Secure anti-virus products for Microsoft Windows and Linux ...)
	NOT-FOR-US: F-Secure
CVE-2007-3299 (Cross-site scripting (XSS) vulnerability in AWFFull before 3.7.4, when ...)
	- awffull 3.7.4final-1 (unimportant)
	NOTE: awffull (a webalizer fork) does not have any cookie based authentication
	NOTE: or other sensitive data that could be leaked through this
CVE-2007-3298 (SQL injection vulnerability in Spey before 0.4.1 allows remote ...)
	NOT-FOR-US: Spey
CVE-2007-3297 (Multiple PHP remote file inclusion vulnerabilities in Musoo 0.21 allow ...)
	NOT-FOR-US: Musoo
CVE-2007-3296 (The ThunderServer.webThunder.1 ActiveX control in xunlei Web ...)
	NOT-FOR-US: Web Thunderbolt
CVE-2007-3295 (Directory traversal vulnerability in Yet another Bulletin Board (YaBB) ...)
	NOT-FOR-US: YaBB
CVE-2007-3294 (Multiple buffer overflows in libtidy, as used in the Tidy extension ...)
	- php5 <unfixed> (unimportant)
	NOTE: Only exploitable by malicious script
CVE-2007-3293 (SQL injection vulnerability in categoria.php in LiveCMS 3.4 and ...)
	NOT-FOR-US: LiveCMS
CVE-2007-3292 (Unrestricted file upload vulnerability in LiveCMS 3.4 and earlier ...)
	NOT-FOR-US: LiveCMS
CVE-2007-3291 (Cross-site scripting (XSS) vulnerability in LiveCMS 3.4 and earlier ...)
	NOT-FOR-US: LiveCMS
CVE-2007-3290 (categoria.php in LiveCMS 3.4 and earlier allows remote attackers to ...)
	NOT-FOR-US: LiveCMS
CVE-2007-3289 (PHP remote file inclusion vulnerability in spaw/spaw_control.class.php ...)
	NOT-FOR-US: WiwiMod for XOOPS
CVE-2007-3288 (Cross-site scripting (XSS) vulnerability in the skeltoac stats ...)
	NOT-FOR-US: skeltoac stats plugin for WordPress
CVE-2007-3287
	RESERVED
CVE-2007-3286 (Multiple buffer overflows in unspecified ActiveX controls in COM ...)
	NOT-FOR-US: Avaya IP Softphone
CVE-2007-3285 (Mozilla Firefox before 2.0.0.5, when run on Windows, allows remote ...)
	- iceweasel <not-affected> (Affects only Firefox in Windows)
	NOTE: MFSA2007-22
CVE-2007-3284 (corefoundation.dll in Apple Safari 3.0.1 (552.12.2) for Windows allows ...)
	NOT-FOR-US: Apple Safari
CVE-2007-3283 (GNOME XScreenSaver in Sun Solaris 8 and 9 before 20070417, when root ...)
	- xscreensaver <not-affected> (Not a security issue: works as documented)
CVE-2007-3282 (Buffer overflow in the Microsoft Office MSODataSourceControl ActiveX ...)
	NOT-FOR-US: Microsoft Office
CVE-2007-3281 (Cross-site scripting (XSS) vulnerability in index.php in Php Hosting ...)
	NOT-FOR-US: Php Hosting Biller
CVE-2007-3280 (The Database Link library (dblink) in PostgreSQL 8.1 implements ...)
	- postgresql-8.1 <not-affected> (Neither PL/pgsql nor dblink are enabled by default)
	- postgresql-8.2 <not-affected> (Neither PL/pgsql nor dblink are enabled by default)
CVE-2007-3279 (PostgreSQL 8.1 and probably later versions, when the PL/pgSQL ...)
	- postgresql-8.1 <not-affected> (Neither PL/pgsql nor dblink are enabled by default)
	- postgresql-8.2 <not-affected> (Neither PL/pgsql nor dblink are enabled by default)
CVE-2007-3278 (PostgreSQL 8.1 and probably later versions, when local trust ...)
	{DSA-1463-1 DSA-1460-1}
	- postgresql-8.1 <not-affected> (local trust authentication is not enabled in Debian)
	- postgresql-8.2 <not-affected> (local trust authentication is not enabled in Debian)
CVE-2007-3277 (Unspecified vulnerability in the localization before 1.2 module for ...)
	NOT-FOR-US: localization module for WIKINDX
CVE-2007-3276 (Cross-site scripting (XSS) vulnerability in index.php in Site@School ...)
	NOT-FOR-US: Site
CVE-2007-3275 (MailWasher Server before 2.2.1, when used with LDAP or Active ...)
	NOT-FOR-US: MailWasher Server
CVE-2007-3274 (Apple Safari 3.0 and 3.0.1 on Windows XP SP2 allows attackers to cause ...)
	NOT-FOR-US: Apple Safari
CVE-2007-3273 (SQL injection vulnerability in index.cfm in FuseTalk 2.0 allows remote ...)
	NOT-FOR-US: FuseTalk
CVE-2007-3272 (Directory traversal vulnerability in index.php in MiniBB 2.0.5 allows ...)
	NOT-FOR-US: MiniBB
CVE-2007-3271 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: YourFreeScreamer
CVE-2007-3270 (PHP remote file inclusion vulnerability in Includes/global.inc.php in ...)
	NOT-FOR-US: phpMyInventory
CVE-2007-3269 (Multiple cross-site scripting (XSS) vulnerabilities in Papoo Light 3.6 ...)
	NOT-FOR-US: Papoo Light
CVE-2007-3268 (The TFTP implementation in IBM Tivoli Provisioning Manager for OS ...)
	NOT-FOR-US: IBM Tivoli Provisioning Manager
CVE-2007-3267 (Cross-site scripting (XSS) vulnerability in low.php in Fuzzylime Forum ...)
	NOT-FOR-US: Fuzzylime Forum
CVE-2007-3266 (Directory traversal vulnerability in webif.cgi in ifnet WEBIF allows ...)
	NOT-FOR-US: WEBIF
CVE-2007-3265 (Cross-site scripting (XSS) vulnerability in the Samples component in ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2007-3264 (Unspecified vulnerability in the PD tools component in IBM WebSphere ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2007-3263 (Unspecified vulnerability in the Default Messaging Component in IBM ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2007-3262 (Unspecified vulnerability in the Default Messaging Component in IBM ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2007-3261 (Cross-site scripting (XSS) vulnerability in widgets/widget_search.php ...)
	NOT-FOR-US: dKret
CVE-2007-3260 (HP System Management Homepage (SMH) before 2.1.9 for Linux, when used ...)
	NOT-FOR-US: HP System Management Homepage
CVE-2007-3259 (Calendarix 0.7.20070307 allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: Calendarix
CVE-2007-3258 (calendar.php in Calendarix 0.7.20070307 allows remote attackers to ...)
	NOT-FOR-US: Calendarix
CVE-2007-3257 (Camel (camel-imap-folder.c) in the mailer component for Evolution Data ...)
	{DSA-1325-1 DSA-1321-1}
	- evolution-data-server 1.10.2-2 (bug #429876)
	[sarge] - evolution-data-server <not-affected> (Vulnerable code present in a different source package)
CVE-2007-3256 (Xythos Enterprise Document Manager (XEDM), Digital Locker (XDL), and ...)
	NOT-FOR-US: Xythos Enterprise Document Manager
CVE-2007-3255 (Multiple cross-site request forgery (CSRF) vulnerabilities in Xythos ...)
	NOT-FOR-US: Xythos Enterprise Document Manager
CVE-2007-3254 (Multiple cross-site scripting (XSS) vulnerabilities in Xythos ...)
	NOT-FOR-US: Xythos Enterprise Document Manager
CVE-2007-3253 (Multiple unspecified vulnerabilities in Astaro Security Gateway (ASG) ...)
	NOT-FOR-US: Astaro Security Gateway
CVE-2007-3252 (PortalApp stores sensitive information under the web root with ...)
	NOT-FOR-US: PortalApp
CVE-2007-3251 (Multiple directory traversal vulnerabilities in e-Vision CMS 2.02 and ...)
	NOT-FOR-US: e-Vision CMS
CVE-2007-3250 (SQL injection vulnerability in mod_banners.php in Elxis CMS before ...)
	NOT-FOR-US: Elxis CMS
CVE-2007-3249 (Cross-site scripting (XSS) vulnerability in mod_lettermansubscribe.php ...)
	NOT-FOR-US: Letterman Subscriber
CVE-2007-3248 (Unspecified vulnerability in Sun Solaris 10 before 20070614, when IPv6 ...)
	NOT-FOR-US: Sun Solaris
CVE-2007-3247 (SQL injection vulnerability in VirtueMart before 1.0.11 allows remote ...)
	NOT-FOR-US: VirtueMart
CVE-2005-4847 (Unspecified vulnerability in Spey 0.3.3 has unknown impact and attack ...)
	NOT-FOR-US: Spey
CVE-2005-4846 (Format string vulnerability in Logger.cc for Spey 0.3.3 allows ...)
	NOT-FOR-US: Spey
CVE-2007-3246 (The do_set_password function in modules/chanserv/set.c in IRC Services ...)
	NOT-FOR-US: IRC Services
CVE-2007-3245 (IRC Services before 5.0.62, and 5.1 before 5.1pre3, allows remote ...)
	NOT-FOR-US: IRC Services
CVE-2007-3244 (SQL injection vulnerability in bb-includes/formatting-functions.php in ...)
	NOT-FOR-US: bbPress
CVE-2007-3243 (Cross-site scripting (XSS) vulnerability in bb-login.php in bbPress ...)
	NOT-FOR-US: bbPress
CVE-2007-3242 (The Menu Manager Mod for (1) web-app.net WebAPP (aka WebAPP NE) ...)
	NOT-FOR-US: WebAPP
CVE-2007-3241 (Cross-site scripting (XSS) vulnerability in blogroll.php in the ...)
	NOT-FOR-US: cordobo-green-park theme for WordPress
CVE-2007-3240 (Cross-site scripting (XSS) vulnerability in 404.php in the ...)
	NOT-FOR-US: Vistered-Little theme for WordPress
CVE-2007-3239 (Cross-site scripting (XSS) vulnerability in searchform.php in the ...)
	NOT-FOR-US: AndyBlue theme for WordPress
CVE-2007-3238 (Cross-site scripting (XSS) vulnerability in functions.php in the ...)
	{DSA-1502-1}
	- wordpress 2.2.2-1 (low)
CVE-2007-3237 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: XOOPS
CVE-2007-3236 (PHP remote file inclusion vulnerability in footer.php in the Horoscope ...)
	NOT-FOR-US: XOOPS
CVE-2007-3235 (Cross-site scripting (XSS) vulnerability in low.php in Fuzzylime Forum ...)
	NOT-FOR-US: Fuzzylime Forum
CVE-2007-3234 (SQL injection vulnerability in low.php in Fuzzylime Forum 1.0 allows ...)
	NOT-FOR-US: Fuzzylime Forum
CVE-2007-3233 (The TEC-IT TBarCode OCX ActiveX control (TBarCode7.ocx) 7.0.2.3524 ...)
	NOT-FOR-US: TEC-IT
CVE-2007-3232 (The IBM TotalStorage DS400 with firmware 4.15 uses a blank password ...)
	NOT-FOR-US: IBM
CVE-2007-3231 (Buffer overflow in MeCab before 0.96 has unknown impact and attack ...)
	- mecab 0.95-1.1 (bug #429174; low)
	[etch] - mecab <no-dsa> (Minor issue)
	[sarge] - mecab <no-dsa> (Minor issue)
CVE-2007-3230 (PHP remote file inclusion vulnerability in phphtml.php in Idan Sofer ...)
	NOT-FOR-US: PHP::HTML
CVE-2007-3229 (index.php in Singapore Gallery allows remote attackers to obtain ...)
	NOT-FOR-US: Singapore Gallery
CVE-2007-3228 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: Sitellite CMS
CVE-2007-3227 (Cross-site scripting (XSS) vulnerability in the to_json ...)
	- rails 1.2.5-1 (bug #429177)
CVE-2007-3226 (Cross-site scripting (XSS) vulnerability in dotProject before 2.1 RC2 ...)
	NOT-FOR-US: dotProject
CVE-2007-3225 (Unspecified vulnerability in Sun Java System Directory Server (slapd) ...)
	NOT-FOR-US: Sun Java System Directory Server
CVE-2007-3224 (Unspecified vulnerability in Sun ONE/Java System Directory Server ...)
	NOT-FOR-US: Sun Java System Directory Server
CVE-2007-3223 (Unspecified vulnerability in the NFS server in Sun Solaris 10 before ...)
	NOT-FOR-US: Sun Solaris
CVE-2007-3222 (PHP remote file inclusion vulnerability in modify.php in the XFsection ...)
	NOT-FOR-US: XOOPS
CVE-2007-3221 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: XOOPS
CVE-2007-3220 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: XOOPS
CVE-2007-3219 (Unspecified vulnerability in sources/action_public/xmlout.php in ...)
	NOT-FOR-US: Invision Power Board (IPB)
CVE-2007-3218 (Cross-site scripting (XSS) vulnerability in request.php in PHP Live! ...)
	NOT-FOR-US: PHP Live!
CVE-2007-3217 (Multiple PHP remote file inclusion vulnerabilities in Prototype of an ...)
	NOT-FOR-US: Prototype of an PHP application
CVE-2007-3216 (Multiple buffer overflows in the LGServer component of CA (Computer ...)
	NOT-FOR-US: CA BrightStor products
CVE-2007-3215 (PHPMailer 1.7, when configured to use sendmail, allows remote ...)
	{DSA-1315-1}
	- libphp-phpmailer 1.73-4 (high; bug #429179)
	- flyspray 0.9.8-12 (bug #429191; bug #429195)
	[etch] - flyspray <not-affected> (Vulnerable code not)
	[sarge] - flyspray <not-affected> (Vulnerable code not included)
	- moodle <not-affected> (Doesn't affect moodle per maintainer)
	[lenny] - moodle 1.8.2-2 (bug #429190)
	- owl-dms 0.94-2 (bug #429197)
	- knowledgeroot 0.9.8.2-2 (bug #429196)
	[etch] - knowledgeroot <not-affected> (Vulnerable code not used)
	[etch] - owl-dms <not-affected> (Vulnerable code not used)
	- ipplan 4.85-2 (bug #429193)
	- glpi 0.68.3.2-1 (bug #429192)
	[etch] - glpi <not-affected> (Vulnerable code not used)
	- wordpress 2.2.1-1 (bug #429194)
	[etch] - wordpress <not-affected> (Vulnerable code not present)
	- mahara 1.0.5-2 (bug #504253)
	[lenny] - mahara 1.0.4-3
	[etch] - phpgroupware <not-affected> (bug #504255; Vulnerable code not used)
	- egroupware <not-affected> (bug #504283; Vulnerable code not used) 
CVE-2007-3214 (SQL injection vulnerability in style.php in e-Vision CMS 2.02 and ...)
	NOT-FOR-US: e-Vision CMS
CVE-2007-3213 (Multiple cross-site scripting (XSS) vulnerabilities in comments.cgi in ...)
	NOT-FOR-US: Sporum Forum
CVE-2007-3212 (Multiple cross-site scripting (XSS) vulnerabilities in links.php in ...)
	NOT-FOR-US: Beehive Forum
CVE-2007-3211 (Cross-site scripting (XSS) vulnerability in 404.php in Domain ...)
	NOT-FOR-US: Domain Technologie Control (DTC)
CVE-2007-3210 (Stack-based buffer overflow in nptoken.mox in the Cellosoft Tokens ...)
	NOT-FOR-US: Cellosoft Tokens Object
CVE-2007-3209 (Mail Notification 4.0, when WITH_SSL is set to 0 at compile time, uses ...)
	- mail-notification 4.0.dfsg.1-2 (low; bug #428157)
	[sarge] - mail-notification <not-affected> (Only affects 3.x and 4.x)
	[etch] - mail-notification <no-dsa> (Minor issue, needs proper documentation in errata)
CVE-2007-3208 (CRLF injection vulnerability in Yet another Bulletin Board (YaBB) 2.1 ...)
	NOT-FOR-US: YaBB
CVE-2007-3207 (Buffer overflow in the NFS mount daemon (XNFS.NLM) in Novell NetWare ...)
	NOT-FOR-US: Novell NetWare
CVE-2007-3206
	RESERVED
CVE-2007-3205 (The parse_str function in (1) PHP, (2) Hardened-PHP, and (3) Subhosin, ...)
	- php4 <unfixed> (unimportant)
	- php5 <unfixed> (unimportant)
	NOTE: That's by design
CVE-2007-3204 (SQL injection vulnerability in auth.php in Just For Fun Network ...)
	NOTE: This is an jffnms ID, which has been wrongly reported by an external party,
	NOTE: The data is sufficiently sanitised with the Debian fix for CVE-2007-3192
CVE-2007-3203 (Stack-based buffer overflow in smtpdll.dll in the SMTP service in ...)
	NOT-FOR-US: 602Pro LAN SUITE
CVE-2007-3202 (Cross-site scripting (XSS) vulnerability in the rich text editor in ...)
	NOT-FOR-US: Webwiz
CVE-2007-3201 (Visual truncation vulnerability in Windows Privacy Tray (WinPT) 1.2.0 ...)
	NOT-FOR-US: Windows Privacy Tray (WinPT)
CVE-2007-3200 (NMASINST in Novell Modular Authentication Service (NMAS) 3.1.2 and ...)
	NOT-FOR-US: Novell
CVE-2007-3199 (Unrestricted file upload vulnerability in Link Request Contact Form ...)
	NOT-FOR-US: Link Request Contact Form
CVE-2007-3198 (Cross-site scripting (XSS) vulnerability in comments.php in Maran PHP ...)
	NOT-FOR-US: Maran PHP Blog
CVE-2007-3197 (SQL injection vulnerability in vBSupport.php in vBSupport 1.1 before ...)
	NOT-FOR-US: vBulletin
CVE-2007-3196 (SQL injection vulnerability in vBSupport.php in vSupport Integrated ...)
	NOT-FOR-US: VBulletin
CVE-2007-3195 (Cross-site scripting (XSS) vulnerability in index.php in ERFAN WIKI ...)
	NOT-FOR-US: ERFAN WIKI
CVE-2007-3194 (** DISPUTED ** ...)
	NOT-FOR-US: myBloggie
CVE-2007-3193 (lib/WikiUser/LDAP.php in PhpWiki before 1.3.13p1, when the ...)
	{DSA-1371-1}
	- phpwiki 1.3.12p3-6.1 (low; bug #429201)
CVE-2007-3192 (admin/setup.php in Just For Fun Network Management System (JFFNMS) ...)
	{DSA-1374-1}
	- jffnms 0.8.3dfsg.1-4 (medium)
	NOTE: 20_security.dpatch is addressing this bug however the maintainer didn't include
	NOTE: a note about the CVE id.
CVE-2007-3191 (Just For Fun Network Management System (JFFNMS) 0.8.3 allows remote ...)
	{DSA-1374-1}
	- jffnms 0.8.3dfsg.1-4
CVE-2007-3190 (Multiple SQL injection vulnerabilities in auth.php in Just For Fun ...)
	{DSA-1374-1}
	- jffnms 0.8.3dfsg.1-4
CVE-2007-3189 (Cross-site scripting (XSS) vulnerability in auth.php in Just For Fun ...)
	{DSA-1374-1}
	- jffnms 0.8.3dfsg.1-4
CVE-2007-3188 (SQL injection vulnerability in down_indir.asp in Fullaspsite GeometriX ...)
	NOT-FOR-US: Fullaspsite GeometriX Download Portal
CVE-2007-3187 (Multiple unspecified vulnerabilities in Apple Safari for Windows allow ...)
	NOT-FOR-US: Apple
CVE-2007-3186 (Apple Safari Beta 3.0.1 for Windows allows remote attackers to execute ...)
	NOT-FOR-US: Apple
CVE-2007-3185 (Apple Safari Beta 3.0.1 for Windows public beta allows remote ...)
	NOT-FOR-US: Apple
CVE-2007-3184 (Cisco Trust Agent (CTA) before 2.1.104.0, when running on MacOS X, ...)
	NOT-FOR-US: Cisco
CVE-2007-3183 (Multiple SQL injection vulnerabilities in Calendarix 0.7.20070307, ...)
	NOT-FOR-US: Calendarix
CVE-2007-3182 (Multiple cross-site scripting (XSS) vulnerabilities in Calendarix ...)
	NOT-FOR-US: Calendarix
CVE-2007-3181 (Buffer overflow in fbserver.exe in Firebird SQL 2 before 2.0.1 allows ...)
	- firebird2.0 2.0.3.12981.ds1-1 (medium)
	[etch] - firebird2 <no-dsa> (Fixed packages have been released through backports.org, see #1529)
	[sarge] - firebird2 <unfixed> (medium)
	NOTE: maybe fixed prior to 2.0.3.12981.ds1-1 (2.0.1) but couldn't find any earlier source code
	NOTE: in the pool to check and since this version is in testing and unstable...
CVE-2007-3180 (Buffer overflow in Help and Support Center before 4.4 C on HP Windows ...)
	NOT-FOR-US: HP
CVE-2007-3179 (Multiple SQL injection vulnerabilities in archives.php in Particle ...)
	NOT-FOR-US: Particle Blogger
CVE-2007-3178 (Multiple SQL injection vulnerabilities in Zindizayn Okul Web Sistemi ...)
	NOT-FOR-US: Sistemi
CVE-2007-3177 (Ingate Firewall and SIParator before 4.5.2 allow remote attackers to ...)
	NOT-FOR-US: Ingate Firewall / SIParator
CVE-2007-3176 (Unspecified vulnerability in Ingate Firewall and SIParator before ...)
	NOT-FOR-US: Ingate Firewall / SIParator
CVE-2007-3175 (Multiple SQL injection vulnerabilities in W2B Online Banking allow ...)
	NOT-FOR-US: W2B Online Banking
CVE-2007-3174 (Cross-site scripting (XSS) vulnerability in auth.w2b in W2B Online ...)
	NOT-FOR-US: W2B Online Banking
CVE-2007-3173 (Almnzm allows remote attackers to obtain sensitive information via an ...)
	NOT-FOR-US: Almnzm
CVE-2007-3172 (Directory traversal vulnerability in demo/pop3/error.php in Uebimiau ...)
	NOT-FOR-US: UebiMiau
CVE-2007-3171 (Uebimiau Webmail allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: UebiMiau
CVE-2007-3170 (Multiple cross-site scripting (XSS) vulnerabilities in Uebimiau ...)
	NOT-FOR-US: Uebimiau
CVE-2007-3169 (Buffer overflow in a certain ActiveX control in the EDraw Office ...)
	NOT-FOR-US: EDraw Office Viewer Component
CVE-2007-3168 (A certain ActiveX control in the EDraw Office Viewer Component ...)
	NOT-FOR-US: EDraw Office Viewer Component
CVE-2007-3167 (Stack-based buffer overflow in the Vivotek Motion Jpeg ActiveX control ...)
	NOT-FOR-US: Vivotek
CVE-2007-3166 (Buffer overflow in Qualcomm Eudora 7.1.0.9 allows user-assisted, ...)
	NOT-FOR-US: Qualcomm Eudora
CVE-2007-3165 (Tor before 0.1.2.14 can construct circuits in which an entry guard is ...)
	- tor 0.1.2.14-1 (medium)
CVE-2007-3164 (Microsoft Internet Explorer 7, when prompting for HTTP Basic ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2007-3163 (Incomplete blacklist vulnerability in the filemanager in Frederico ...)
	- moin 1.5.8-4.1 (unimportant; bug #429205)
	- knowledgeroot 0.9.8.2-2 (unimportant; bug #429204)
	- karrigell <removed> (unimportant; bug #429207)
	NOTE: This is only exploitable on NTFS filesystems
	NOTE: Given the state of Linux' NTFS support it seems highly unlikely
	NOTE: and given the state of ext3/XFS highly stupid to run a Debian-based
	NOTE: web server with NTFS
CVE-2007-3162 (Buffer overflow in the NotSafe function in the idaiehlp ActiveX ...)
	NOT-FOR-US: Internet Download Accelerator
CVE-2007-3161 (Buffer overflow in Ace-FTP Client 1.24a allows user-assisted, remote ...)
	NOT-FOR-US: Ace-FTP Client
CVE-2007-3160 (PHP remote file inclusion vulnerability in admin/header.php in PHP ...)
	NOT-FOR-US: PHP Real Estate Classifieds Premium Plus
CVE-2007-3159 (http.c in MiniWeb Http Server 0.8.x allows remote attackers to cause a ...)
	NOT-FOR-US: MiniWeb
CVE-2007-3158 (download_script.asp in ASP Folder Gallery allows remote attackers to ...)
	NOT-FOR-US: ASP Folder Gallery
CVE-2007-3157 (IPSecDrv.sys 10.4.0.12 in SafeNET High Assurance Remote 1.4.0 Build ...)
	NOT-FOR-US: SafeNET
CVE-2007-3156 (Multiple cross-site scripting (XSS) vulnerabilities in pam_login.cgi ...)
	- webmin <removed>
CVE-2007-3155 (Unspecified vulnerability in eGroupWare before 1.2.107-2 has unknown ...)
	- egroupware 1.2.107-2.dfsg-1 (bug #429208)
CVE-2007-3154 (Unspecified vulnerability in Walter Zorn wz_tooltip.js (aka ...)
	NOTE: Apparently a bogus issue; upstream developer of wz_tooltip.js isn't aware
	NOTE: of any security problem, see #429215, #429209, #429214, #429213
CVE-2007-3153 (The ares_init:randomize_key function in c-ares, on platforms other ...)
	NOT-FOR-US: c-ares
CVE-2007-3152 (c-ares before 1.4.0 uses a predictable seed for the random number ...)
	NOT-FOR-US: c-ares
CVE-2007-3151 (rpttop.htm in the web management interface in Packeteer PacketShaper ...)
	NOT-FOR-US: Packeteer PacketShaper
CVE-2007-3150 (Google Desktop allows user-assisted remote attackers to execute ...)
	NOT-FOR-US: Google Desktop
CVE-2007-3149 (sudo, when linked with MIT Kerberos 5 (krb5), does not properly check ...)
	- sudo <not-affected> (Not linked with krb5)
CVE-2007-3148 (Buffer overflow in the Yahoo! Webcam Viewer ActiveX control in ...)
	NOT-FOR-US: Yahoo! Webcam Viewer
CVE-2007-3147 (Buffer overflow in the Yahoo! Webcam Upload ActiveX control in ...)
	NOT-FOR-US: Yahoo! Webcam Upload
CVE-2007-3146 (Zen Help Desk 2.1 stores sensitive information under the web root with ...)
	NOT-FOR-US: Zen Help Desk
CVE-2007-3145 (Visual truncation vulnerability in Galeon 2.0.1 allows remote ...)
	- galeon <unfixed> (unimportant; bug #429216)
	NOTE: Hardly a problem, Galeon's rotting any way and doesn't offer up-to-date
	NOTE: phishing protections anyway
CVE-2007-3144 (Visual truncation vulnerability in Mozilla 1.7.12 allows remote ...)
	- iceweasel <unfixed> (low)
	[etch] - iceweasel <no-dsa> (Minor issue)
	- iceape <unfixed> (low)
	[etch] - iceape <no-dsa> (Minor issue)
	[sarge] - mozilla <no-dsa> (Mozilla products from Sarge no longer supported)
	- xulrunner <unfixed> (low)
	[etch] - xulrunner <no-dsa> (Minor issue)
CVE-2007-3143 (Visual truncation vulnerability in Konqueror 3.5.5 allows remote ...)
	- kdebase 4:3.5.7-3 (low)
	[sarge] - kdebase <no-dsa> (Minor issue)
	[etch] - kdebase <no-dsa> (Minor issue)
	NOTE: referring to maintainer this is definetly fixed in 4:3.5.7-3
CVE-2007-3142 (Visual truncation vulnerability in Opera 9.21 allows remote attackers ...)
	NOT-FOR-US: Opera
CVE-2007-3141 (PHP remote file inclusion vulnerability in core/editor.php in ...)
	NOT-FOR-US: phpWebThings
CVE-2007-3140 (SQL injection vulnerability in xmlrpc.php in WordPress 2.2 allows ...)
	- wordpress 2.2.1-1 (bug #428073)
	[etch] - wordpress <not-affected> (Doesn't affect 2.0.x branch)
CVE-2007-3139 (config/general.php in Quick.Cart 2.2 and earlier uses a default ...)
	NOT-FOR-US: Quick.Cart
CVE-2007-3138 (Directory traversal vulnerability in index.php in Open Solution ...)
	NOT-FOR-US: Quick.Cart
CVE-2007-3137 (Multiple cross-site scripting (XSS) vulnerabilities in 4print.asp in ...)
	NOT-FOR-US: WmsCMS
CVE-2007-3136 (PHP remote file inclusion vulnerability in inc/nuke_include.php in ...)
	NOT-FOR-US: newsSync
CVE-2007-3135 (Cross-site scripting (XSS) vulnerability in atomPhotoBlog.php in Atom ...)
	NOT-FOR-US: Atom Photoblog
CVE-2007-3134 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
	NOT-FOR-US: Atom PhotoBlog
CVE-2007-3133 (SQL injection vulnerability in urunbak.asp in W1L3D4 WEBmarket 0.1 ...)
	NOT-FOR-US: W1L3D4
CVE-2007-3132 (Multiple vulnerabilities in Symantec Ghost Solution Suite 2.0.0 and ...)
	NOT-FOR-US: Symantec Ghost
CVE-2007-3131 (Cross-site scripting (XSS) vulnerability in add_comment.php in Light ...)
	NOT-FOR-US: Light Blog
CVE-2007-3130 (Multiple PHP remote file inclusion vulnerabilities in the OpenWiki ...)
	NOT-FOR-US: OpenWiki
CVE-2005-4845 (The Java Plug-in 1.4.2_03 and 1.4.2_04 controls, and the 1.4.2_03 and ...)
	NOT-FOR-US: Sun Java on Microsoft Windows
CVE-2005-4844 (The CLSID_ApprenticeICW control allows remote attackers to cause a ...)
	NOT-FOR-US: Microsoft
CVE-2005-4843 (The SmartConnect Class control allows remote attackers to cause a ...)
	NOT-FOR-US: Microsoft
CVE-2005-4842 (The System Monitor Source Properties control allows remote attackers ...)
	NOT-FOR-US: Microsoft
CVE-2005-4841 (The Outlook Progress Ctl control allows remote attackers to cause a ...)
	NOT-FOR-US: Microsoft
CVE-2007-3129 (Cross-site scripting (XSS) vulnerability in login.php in Utopia News ...)
	NOT-FOR-US: Utopia News Pro
CVE-2007-3128 (SQL injection vulnerability in content.php in WSPortal 1.0, when ...)
	NOT-FOR-US: WSPortal
CVE-2007-3127 (content.php in WSPortal 1.0, when magic_quotes_gpc is disabled, allows ...)
	NOT-FOR-US: WSPortal
CVE-2007-3126 (Gimp 2.3.14 allows context-dependent attackers to cause a denial of ...)
	- gimp <unfixed> (unimportant)
CVE-2007-3125
	REJECTED
CVE-2007-3124 (Buffer overflow in backup/src/vmsbackup.c (aka the backup utility) in ...)
	NOT-FOR-US: FreeVMS
CVE-2007-3123 (unrar.c in libclamav in ClamAV before 0.90.3 and 0.91 before 0.91rc1 ...)
	{DSA-1320-1 DTSA-43-1}
	- clamav 0.90.3-1
CVE-2007-3122 (The parsing engine in ClamAV before 0.90.3 and 0.91 before 0.91rc1 ...)
	{DSA-1320-1 DTSA-43-1}
	- clamav 0.90.3-1
CVE-2007-3121 (Buffer overflow in the CCdecode function in contrib/ntsc-cc.c in the ...)
	- zvbi 0.2.25-1 (bug #429221; unimportant)
	NOTE: Only exploitable through malformed closed captions
	NOTE: Malicious TV networks have more subtle methods to control people...
CVE-2007-3120 (Cross-site scripting (XSS) vulnerability in public/code/cp_dpage.php ...)
	NOT-FOR-US: All In One Control Panel (AIOCP)
CVE-2007-3119 (SQL injection vulnerability in news.asp in Kartli Alisveris Sistemi ...)
	NOT-FOR-US: Kartli Alisveris Sistemi
CVE-2007-3118 (Multiple PHP remote file inclusion vulnerabilities in Kravchuk letter ...)
	NOT-FOR-US: Kravchuk letter
CVE-2007-3117 (Cross-site scripting (XSS) vulnerability in the SEO module in ADPLAN 3 ...)
	NOT-FOR-US: ADPLAN
CVE-2007-3116 (Memory leak in server/MaraDNS.c in MaraDNS 1.2.12.06 and 1.3.05 allows ...)
	{DSA-1319-1}
	- maradns 1.2.12.06-1
	[sarge] - maradns <not-affected> (1.0.x branch not affected)
CVE-2007-3115 (Multiple memory leaks in server/MaraDNS.c in MaraDNS before 1.2.12.06, ...)
	{DSA-1319-1}
	- maradns 1.2.12.06-1
	[sarge] - maradns <not-affected> (1.0.x branch not affected)
CVE-2007-3114 (Memory leak in server/MaraDNS.c in MaraDNS before 1.2.12.05, and 1.3.x ...)
	{DSA-1319-1}
	- maradns 1.2.12.05-1
	[sarge] - maradns <not-affected> (1.0.x branch not affected)
CVE-2007-3113 (Cacti 0.8.6i, and possibly other versions, allows remote authenticated ...)
	- cacti 0.8.6j-1.1 (low; bug #429224)
	[sarge] - cacti <no-dsa> (Minor issue, would only be run within authentication)
	[etch] - cacti <no-dsa> (Minor issue, would only be run within authentication)
CVE-2007-3112 (Cacti 0.8.6i, and possibly other versions, allows remote authenticated ...)
	- cacti 0.8.6j-1.1 (low; bug #429224)
	[sarge] - cacti <no-dsa> (Minor issue, would only be run within authentication)
	[etch] - cacti <no-dsa> (Minor issue, would only be run within authentication)
CVE-2007-3111 (Buffer overflow in the Provideo Camimage ActiveX control in ...)
	NOT-FOR-US: Provideo Camimage
CVE-2007-3110 (Cross-site scripting (XSS) vulnerability in the Andy Frank Beatnik 1.0 ...)
	NOT-FOR-US: Andy Frank Beatnik
CVE-2007-3109 (The CERN Image Map Dispatcher (htimage.exe) in Microsoft FrontPage ...)
	NOT-FOR-US: Microsoft FrontPage
CVE-2007-3108 (The BN_from_montgomery function in crypto/bn/bn_mont.c in OpenSSL ...)
	{DSA-1571-1}
	- openssl 0.9.8e-6 (bug #438142; low)
	- openssl097 <removed> (bug #438180)
	[sarge] - openssl <no-dsa> (Not exploitable in a real-world scenario)
	[etch] - openssl097 <no-dsa> (Not exploitable in a real-world scenario)
CVE-2007-3107 (The signal handling in the Linux kernel before 2.6.22, including ...)
	- linux-2.6 2.6.22-1 (unimportant)
	NOTE: Not reproducibly reliably by an attacker, mostly a bug
	NOTE: This is fixed by 9a08e732533b940d2d31f4e9999dfee5e1ca3914
	NOTE: in Linus' tree.
CVE-2007-3106 (lib/info.c in libvorbis 1.1.2, and possibly other versions before ...)
	{DSA-1471-1}
	- libvorbis 1.2.0.dfsg-1 (medium)
CVE-2007-3105 (Stack-based buffer overflow in the random number generator (RNG) ...)
	{DSA-1504-1 DSA-1363-1}
	- linux-2.6 2.6.22-4
CVE-2007-3104 (The sysfs_readdir function in the Linux kernel 2.6, as used in Red Hat ...)
	{DSA-1428-1}
	- linux-2.6 2.6.22-4 (low)
CVE-2007-3103 (The init.d script for the X.Org X11 xfs font server on various Linux ...)
	{DSA-1342-1}
	- xfs 1:1.0.4-2
CVE-2007-3102 (Unspecified vulnerability in the linux_audit_record_event function in ...)
	- openssh <not-affected> (This is a redhat/fedora specific issue)
	NOTE: this issue was introduced by a patch of redhat (openssh-4.3p1-audit.patch)
	NOTE: The patch fixing this (openssh-4.3p2-cve-2007-3102.patch) can be found on:
	NOTE: http://mirror.linux.duke.edu/pub/fedora/linux/core/updates/6/SRPMS/openssh-4.3p2-25.fc6.src.rpm
CVE-2007-3101 (Multiple cross-site scripting (XSS) vulnerabilities in certain JSF ...)
	NOT-FOR-US: Apache MyFaces Tomahawk
CVE-2007-3100 (usr/log.c in iscsid in open-iscsi (iscsi-initiator-utils) before ...)
	{DSA-1314-1}
	- open-iscsi 2.0.865-1 (low; bug #429225)
CVE-2007-3099 (usr/mgmt_ipc.c in iscsid in open-iscsi (iscsi-initiator-utils) before ...)
	{DSA-1314-1}
	- open-iscsi 2.0.865-1 (medium; bug #429225)
CVE-2007-3098 (The SNMPc Server (crserv.exe) process in Castle Rock Computing SNMPc ...)
	NOT-FOR-US: Castle Rock Computing SNMPc
CVE-2007-3097 (my.activation.php3 in F5 FirePass 4100 SSL VPN allows remote attackers ...)
	NOT-FOR-US: F5 Firepass 4100 SSL VPN
CVE-2007-3096 (Directory traversal vulnerability in login.php in PBLang (PBL) ...)
	NOT-FOR-US: PBLang (PBL)
CVE-2007-3095 (Unspecified vulnerability in Symantec Reporting Server 1.0.197.0, and ...)
	NOT-FOR-US: Symantec Reporting Server
CVE-2007-3094 (Unspecified vulnerability in the authentication mechanism in Solaris ...)
	NOT-FOR-US: Solaris Management Console
CVE-2007-3093 (Unspecified vulnerability in the logging mechanism in Solaris ...)
	NOT-FOR-US: Solaris Management Console
CVE-2007-3092 (Microsoft Internet Explorer 6 allows remote attackers to spoof the URL ...)
	NOT-FOR-US: MSIE6
CVE-2007-3091 (Race condition in Microsoft Internet Explorer 6 and 7 allows remote ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2007-3090
	REJECTED
CVE-2007-3089 (Mozilla Firefox before 2.0.0.5 does not prevent use of document.write ...)
	{DSA-1339-1 DSA-1338-1 DSA-1337-1 DTSA-45-1 DTSA-47-1 DTSA-51-1}
	- iceweasel 2.0.0.5-1 (low; bug #427691)
	- iceape 1.1.3-1 (low)
	- xulrunner 1.8.1.5-1 (low)
	NOTE: MFSA2007-20
CVE-2007-3088 (SQL injection vulnerability in index.php in Comicsense allows remote ...)
	NOT-FOR-US: Comicsense
CVE-2007-3087 (Peercast places a cleartext password in a query string, which might ...)
	NOT-FOR-US: PeerCast
CVE-2007-3086 (Unrestricted critical resource lock in Agnitum Outpost Firewall PRO ...)
	NOT-FOR-US: Outpost Firewall PRO
CVE-2007-3085 (Multiple PHP remote file inclusion vulnerabilities in PBSite allow ...)
	NOT-FOR-US: PBSite
CVE-2007-3084 (PHP remote file inclusion vulnerability in sampleblogger.php in Comdev ...)
	NOT-FOR-US: Comdev Web Blogger
CVE-2007-3083 (Z-Blog 1.7 stores sensitive information under the web root with ...)
	NOT-FOR-US: Z-Blog
CVE-2007-3082 (Directory traversal vulnerability in sendcard.php in Sendcard 3.4.1 ...)
	NOT-FOR-US: Sendcard
CVE-2007-3081 (PHP remote file inclusion vulnerability in sampleecommerce.php in ...)
	NOT-FOR-US: Comdev eCommerce
CVE-2007-3080 (SQL injection vulnerability in haberoku.asp in Hunkaray Okul Portaly ...)
	NOT-FOR-US: Hunkaray Okul Portaly
CVE-2007-3079 (listmembers.php in EQdkp 1.3.2c and earlier allows remote attackers to ...)
	NOT-FOR-US: EQdkp
CVE-2007-3078 (Multiple cross-site scripting (XSS) vulnerabilities in Aigaion before ...)
	NOT-FOR-US: Aigaion
CVE-2007-3077 (SQL injection vulnerability in listmembers.php in EQdkp 1.3.2 and ...)
	NOT-FOR-US: EQdkp
CVE-2007-3076 (A certain ActiveX control in sasatl.dll in Zenturi ProgramChecker ...)
	NOT-FOR-US: Zenturi ProgramChecker
CVE-2007-3075 (Directory traversal vulnerability in Microsoft Internet Explorer ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2007-3074 (Mozilla Firefox 2.0.0.4 and earlier allows remote attackers to read ...)
	{DSA-1707-1 DSA-1704-1 DSA-1697-1}
	- iceweasel 2.0.0.4-1 (low)
	- iceape 1.0.9-1 (low)
	- xulrunner 1.8.1.4-1 (low)
CVE-2007-3073 (Directory traversal vulnerability in Mozilla Firefox 2.0.0.4 and ...)
	NOTE: Duplicate of CVE-2008-4067              
CVE-2007-3072 (Directory traversal vulnerability in Mozilla Firefox before 2.0.0.4 on ...)
	- iceweasel <not-affected> (Only affects Windows versions of Firefox)
CVE-2007-3071 (Buffer overflow in the GetWebStoreURL function in a certain ActiveX ...)
	NOT-FOR-US: eSellerate
CVE-2007-3070 (Cross-site scripting (XSS) vulnerability in index.php in BDigital Web ...)
	NOT-FOR-US: BDigital Web Solutions WebStudio
CVE-2007-3069 (xscreensaver in Sun Solaris 10 before 20070604, when a GNOME session ...)
	NOT-FOR-US: Sun Solaris
CVE-2007-3068 (Stack-based buffer overflow in DVD X Player 4.1 Professional allows ...)
	NOT-FOR-US: DVD X Player
CVE-2007-3067 (Cross-site scripting (XSS) vulnerability in the Attunement and Key ...)
	NOT-FOR-US: EQdkp
CVE-2007-3066 (Multiple PHP remote file inclusion vulnerabilities in php(Reactor) ...)
	NOT-FOR-US: IBM DB2
CVE-2007-3065 (SQL injection vulnerability in viewimage.php in Particle Soft Particle ...)
	NOT-FOR-US: Particle Gallery
CVE-2007-3064 (Cross-site scripting (XSS) vulnerability in diary.php in My Databook ...)
	NOT-FOR-US: My Datebook
CVE-2007-3063 (SQL injection vulnerability in diary.php in My Databook allows remote ...)
	NOT-FOR-US: My Datebook
CVE-2007-3062 (Cross-site scripting (XSS) vulnerability in HP System Management ...)
	NOT-FOR-US: HP System Management Homepage
CVE-2007-3061 (Cactushop 6 and earlier stores sensitive information under the web ...)
	NOT-FOR-US: Cactushop
CVE-2007-3060 (Multiple cross-site scripting (XSS) vulnerabilities in PHP Live! 3.2.2 ...)
	NOT-FOR-US: PHP Live!
CVE-2007-3059 (SendCard 3.3.0 allows remote attackers to obtain sensitive information ...)
	NOT-FOR-US: SendCard
CVE-2007-3058 (Multiple PHP remote file inclusion vulnerabilities in Madirish Webmail ...)
	NOT-FOR-US: Madirish Webmail
CVE-2007-3057 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: XOOPS
CVE-2007-3056 (Cross-site scripting (XSS) vulnerability in filedetails.php in WebSVN ...)
	- websvn 1.61-22.3 (unimportant; bug #439337)
	NOTE: Websvn does not have cookie based authentication by itself.
	NOTE: I therefore don't think this is serious enough for a stable update.
CVE-2007-3055 (Cross-site scripting (XSS) vulnerability in index.php in Codelib ...)
	NOT-FOR-US: Codelib Linker
CVE-2007-3054 (Cross-site scripting (XSS) vulnerability in search.php in Codelib ...)
	NOT-FOR-US: Codelib Linker
CVE-2007-3053 (Session fixation vulnerability in Calimero.CMS 3.3.1232 and earlier ...)
	NOT-FOR-US: Calimero
CVE-2007-3052 (SQL injection vulnerability in index.php in the PNphpBB2 1.2i and ...)
	NOT-FOR-US: PostNuke
CVE-2007-3051 (SQL injection vulnerability in inc/class_users.php in RevokeSoft ...)
	NOT-FOR-US: RevokeSoft RevokeBB
CVE-2007-3050 (Session fixation vulnerability in chameleon cms 3.0 and earlier allows ...)
	NOT-FOR-US: chameleon cms
CVE-2007-3049 (Cross-site scripting (XSS) vulnerability in index.php in Buttercup web ...)
	NOT-FOR-US: Buttercup BWFM
CVE-2007-3048 (** DISPUTED ** ...)
	- screen <not-affected> (not reproducible)
CVE-2007-3047 (The Vonage VoIP Telephone Adapter has a default administrator username ...)
	NOT-FOR-US: Vonage
CVE-2007-3046 (Buffer overflow in Advanced Software Production Line Vortex Library ...)
	NOT-FOR-US: Advanced Software Production Line Vortex Library
CVE-2007-3045 (Unspecified vulnerability in Hitachi TP1/NET/OSI-TP-Extended on ...)
	NOT-FOR-US: Hitachi TP1
CVE-2007-3044 (Unspecified vulnerability in the Map I/O Service (xpwmap) in Hitachi ...)
	NOT-FOR-US: Hitachi
CVE-2007-3043 (Cross-site scripting (XSS) vulnerability in Collaboration - File ...)
	NOT-FOR-US: Hitachi Collaboration
CVE-2007-3042 (Cross-site scripting (XSS) vulnerability in Meneame before 2 allows ...)
	NOT-FOR-US: Meneame
CVE-2007-3041 (Unspecified vulnerability in the pdwizard.ocx ActiveX object for ...)
	NOT-FOR-US: Microsoft
CVE-2007-3040 (Stack-based buffer overflow in agentdpv.dll 2.0.0.3425 in Microsoft ...)
	NOT-FOR-US: Windows
CVE-2007-3039 (Stack-based buffer overflow in the Microsoft Message Queuing (MSMQ) ...)
	NOT-FOR-US: Windows
CVE-2007-3038 (The Teredo interface in Microsoft Windows Vista and Vista x64 Edition ...)
	NOT-FOR-US: Microsoft
CVE-2007-3037 (Microsoft Windows Media Player 7.1, 9, 10, and 11 allows remote ...)
	NOT-FOR-US: Microsoft
CVE-2007-3036 (Unspecified vulnerability in the (1) Windows Services for UNIX 3.0 and ...)
	NOT-FOR-US: Windows Services for UNIX
CVE-2007-3035 (Unspecified vulnerability in Microsoft Windows Media Player 7.1, 9, ...)
	NOT-FOR-US: Microsoft
CVE-2007-3034 (Integer overflow in the AttemptWrite function in Graphics Rendering ...)
	NOT-FOR-US: Microsoft
CVE-2007-3033 (Cross-site scripting (XSS) vulnerability in Windows Vista Feed ...)
	NOT-FOR-US: Microsoft
CVE-2007-3032 (Unspecified vulnerability in Windows Vista Contacts Gadget in Windows ...)
	NOT-FOR-US: Microsoft
CVE-2007-3031
	RESERVED
CVE-2007-3030 (Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, and 2003 Viewer allows ...)
	NOT-FOR-US: Microsoft Excel
CVE-2007-3029 (Unspecified vulnerability in Microsoft Excel 2002 SP3 and 2003 SP2 ...)
	NOT-FOR-US: Microsoft Excel
CVE-2007-3028 (The LDAP service in Windows Active Directory in Microsoft Windows 2000 ...)
	NOT-FOR-US: Microsoft
CVE-2007-3027 (Race condition in Microsoft Internet Explorer 5.01, 6, and 7 allows ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2007-3026 (Integer overflow in Panda Software AdminSecure allows remote attackers ...)
	NOT-FOR-US: Panda
CVE-2007-3025 (Unspecified vulnerability in libclamav/phishcheck.c in ClamAV before ...)
	- clamav <not-affected> (Solaris-specific bug)
CVE-2007-3024 (libclamav/others.c in ClamAV before 0.90.3 and 0.91 before 0.91rc1 ...)
	{DSA-1320-1 DTSA-43-1}
	- clamav 0.90.3-1
CVE-2007-3023 (unsp.c in ClamAV before 0.90.3 and 0.91 before 0.91rc1 does not ...)
	{DSA-1320-1 DTSA-43-1}
	- clamav 0.90.3-1
CVE-2007-3022 (Symantec Reporting Server 1.0.197.0, and other versions before ...)
	NOT-FOR-US: Symantec
CVE-2007-3021 (Symantec Reporting Server 1.0.197.0, and other versions before ...)
	NOT-FOR-US: Symantec
CVE-2007-3020
	RESERVED
CVE-2007-3019
	RESERVED
CVE-2007-3018 (activeWeb contentserver CMS before 5.6.2964 does not limit the ...)
	NOT-FOR-US: activeWeb contentserver CMS
CVE-2007-3017 (The WYSIWYG editor applet in activeWeb contentserver CMS before ...)
	NOT-FOR-US: activeWeb contentserver CMS
CVE-2007-3016
	RESERVED
CVE-2007-3015
	RESERVED
CVE-2007-3014 (Multiple cross-site scripting (XSS) vulnerabilities in activeWeb ...)
	NOT-FOR-US: activeWeb contentserver CMS
CVE-2007-3013 (SQL injection vulnerability in activeWeb contentserver before 5.6.2964 ...)
	NOT-FOR-US: activeWeb contentserver CMS
CVE-2007-3012 (The web interface in Fujitsu-Siemens Computers PRIMERGY BX300 Switch ...)
	NOT-FOR-US: Fujitsu-Siemens
CVE-2007-3011 (The DBAsciiAccess CGI Script in the web interface in Fujitsu-Siemens ...)
	NOT-FOR-US: Fujitsu-Siemens
CVE-2007-3010 (masterCGI in the Unified Maintenance Tool in Alcatel OmniPCX ...)
	NOT-FOR-US: Alcatel OmniPCX Enterprise Communication Server
CVE-2007-3009 (Format string vulnerability in the MprLogToFile::logEvent function in ...)
	NOT-FOR-US: Mbedthis AppWeb
CVE-2007-3008 (Mbedthis AppWeb before 2.2.2 enables the HTTP TRACE method, which has ...)
	NOT-FOR-US: Mbedthis AppWeb
CVE-2007-3007 (PHP 5 before 5.2.3 does not enforce the open_basedir or safe_mode ...)
	- php5 5.2.3-1 (unimportant)
CVE-2007-3006 (Buffer overflow in Acoustica MP3 CD Burner 4.32 allows user-assisted ...)
	NOT-FOR-US: Acoustica MP3 CD Burner
CVE-2007-3005
	REJECTED
CVE-2007-3004
	REJECTED
CVE-2007-3003 (Multiple SQL injection vulnerabilities in myBloggie 2.1.6 and earlier ...)
	NOT-FOR-US: myBloggie
CVE-2007-3002 (PHP JackKnife (PHPJK) allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: PHP JackKnife
CVE-2007-3001 (Multiple cross-site scripting (XSS) vulnerabilities in PHP JackKnife ...)
	NOT-FOR-US: PHP JackKnife
CVE-2007-3000 (Multiple SQL injection vulnerabilities in PHP JackKnife (PHPJK) allow ...)
	NOT-FOR-US: PHP JackKnife
CVE-2007-2999 (Microsoft Windows Server 2003, when time restrictions are in effect ...)
	NOT-FOR-US: Microsoft
CVE-2007-2998 (The Pascal run-time library (PAS$RTL.EXE) before 20070418 on OpenVMS ...)
	NOT-FOR-US: OpenVMS
CVE-2007-2997 (** DISPUTED ** ...)
	NOT-FOR-US: SalesCart Shopping Cart
CVE-2007-2996 (Unspecified vulnerability in perl.rte 5.8.0.10 through 5.8.0.95 on IBM ...)
	NOT-FOR-US: IBM AIX
CVE-2007-2995 (Unspecified vulnerability in sysmgt.websm.rte in IBM AIX 5.2.0 and ...)
	NOT-FOR-US: IBM AIX
CVE-2007-2994 (SQL injection vulnerability in news.php in DGNews 2.1 allows remote ...)
	NOT-FOR-US: DGNews
CVE-2007-2993 (Multiple cross-site scripting (XSS) vulnerabilities in OmegaMw7.asp in ...)
	NOT-FOR-US: OMEGA INterneSErvicesLosungen (INSEL)
CVE-2007-2992 (Multiple SQL injection vulnerabilities in OmegaMw7.asp in OMEGA (aka ...)
	NOT-FOR-US: OMEGA INterneSErvicesLosungen (INSEL)
CVE-2007-2991 (Cross-site scripting (XSS) vulnerability in includes/send.inc.php in ...)
	NOT-FOR-US: Evenzia CMS
CVE-2007-2990 (Unspecified vulnerability in inetd in Sun Solaris 10 before 20070529 ...)
	NOT-FOR-US: Sun Solaris
CVE-2007-2989 (The libike library in Sun Solaris 9 before 20070529 contains a logic ...)
	NOT-FOR-US: Sun Solaris
CVE-2007-2988 (A certain admin script in Inout Meta Search Engine sends a redirect to ...)
	NOT-FOR-US: Inout Meta Search Engine
CVE-2007-2987 (Multiple buffer overflows in certain ActiveX controls in sasatl.dll in ...)
	NOT-FOR-US: Zenturi ProgramChecker
CVE-2007-2986 (PHP remote file inclusion vulnerability in lib/live_status.lib.php in ...)
	NOT-FOR-US: AdminBot
CVE-2007-2985 (Pheap 2.0 allows remote attackers to bypass authentication by setting ...)
	NOT-FOR-US: Pheap
CVE-2007-2984 (Multiple stack-based buffer overflows in the Media Technology Group ...)
	NOT-FOR-US: Media Technology Group CDPass
CVE-2007-2982 (Multiple buffer overflows in the British Telecommunications Business ...)
	NOT-FOR-US: British Telecommunications Business Connect
CVE-2007-2981 (Buffer overflow in a certain ActiveX control in LEAD Technologies ...)
	NOT-FOR-US: LeadTools
CVE-2007-2980 (Heap-based buffer overflow in a certain ActiveX control in LEADTOOLS ...)
	NOT-FOR-US: LeadTools
CVE-2007-2979 (Techno Dreams Web Directory / Search Engine 2.0 stores sensitive ...)
	NOT-FOR-US: Techno Dreams Web Directory / Search Engine
CVE-2007-2978 (Session fixation vulnerability in eggblog 3.1.0 and earlier allows ...)
	NOT-FOR-US: eggblog
CVE-2007-2977 (Buffer overflow in the receive function in submit/submitcommon.c in ...)
	NOT-FOR-US: DOMjudge
CVE-2007-2976 (Centrinity FirstClass 8.3 and earlier, and Server and Internet ...)
	NOT-FOR-US: Centrinity
CVE-2007-2975 (The admin console in Ignite Realtime Openfire 3.3.0 and earlier ...)
	NOT-FOR-US: Ignite Realtime
CVE-2007-2974 (Buffer overflow in the file parsing engine in Avira Antivir Antivirus ...)
	NOT-FOR-US: Avira Antivirus
CVE-2007-2973 (Avira Antivir Antivirus before 7.03.00.09 allows remote attackers to ...)
	NOT-FOR-US: Avira Antivirus
CVE-2007-2972 (The file parsing engine in Avira Antivir Antivirus before 7.04.00.24 ...)
	NOT-FOR-US: Avira Antivirus
CVE-2007-2971 (SQL injection vulnerability in getnewsitem.php in gCards 1.46 and ...)
	NOT-FOR-US: gCards
CVE-2007-2970 (Multiple cross-site scripting (XSS) vulnerabilities in cgi/block.cgi ...)
	NOT-FOR-US: 8e6 R3000 Internet Filter
CVE-2007-2969 (PHP remote file inclusion vulnerability in newsletter.php in ...)
	NOT-FOR-US: WAnewsletter
CVE-2007-2968 (Cross-site scripting (XSS) vulnerability in register.php in cpCommerce ...)
	NOT-FOR-US: cpCommerce
CVE-2005-4840 (The Outlook Express Address Book control, when using Internet Explorer ...)
	NOT-FOR-US: Microsoft
CVE-2000-1243 (Privacy leak in Dansie Shopping Cart 3.04, and probably earlier ...)
	NOT-FOR-US: Dansie Shopping Cart
CVE-2007-XXXX [webpy HTTP response splitting vulnerability]
	- webpy 0.210-1 (bug #427715; unimportant)
	NOTE: This is not a vulnerability, but an additional precaution function for
	NOTE: a development framework. If someone wants to have this updated in Etch, this
	NOTE: needs to go through a point update
CVE-2006-XXXX [Owl Intranet Engine multiple cross-site scripting, SQL-injection]
	- owl-dms 0.94-1 (medium; bug #416296)
CVE-2007-2967 (Multiple F-Secure anti-virus products for Microsoft Windows and Linux ...)
	NOT-FOR-US: F-Secure
CVE-2007-2966 (Buffer overflow in the LHA decompresion component in F-Secure ...)
	NOT-FOR-US: F-Secure
CVE-2007-2965 (Unspecified vulnerability in the Real-time Scanning component in ...)
	NOT-FOR-US: F-Secure
CVE-2007-2964 (The fsmsh.dll host module in F-Secure Policy Manager Server 7.00 and ...)
	NOT-FOR-US: F-Secure
CVE-2007-2963 (Multiple cross-site scripting (XSS) vulnerabilities in Invision Power ...)
	NOT-FOR-US: Invision Power Board
CVE-2007-2962 (Cross-site scripting (XSS) vulnerability in search.php in Particle ...)
	NOT-FOR-US: Particle Gallery
CVE-2007-2961 (Unrestricted file upload vulnerability in FileCloset before 1.1.5 ...)
	NOT-FOR-US: FileCloset
CVE-2007-2960 (Multiple directory traversal vulnerabilities in Scallywag 2005-04-25 ...)
	NOT-FOR-US: Scallywag
CVE-2007-2959 (SQL injection vulnerability in manufacturer.php in cpCommerce before ...)
	NOT-FOR-US: cpCommerce
CVE-2007-2958 (Format string vulnerability in the inc_put_error function in src/inc.c ...)
	- sylpheed-claws 1.0.5-5.2 (low; bug #441854)
	[etch] - sylpheed-claws <no-dsa> (Minor issue)
	[sarge] - sylpheed-claws <no-dsa> (Minor issue)
	- sylpheed 2.4.5-1 (low)
	[etch] - sylpheed <no-dsa> (Minor issue)
	[sarge] - sylpheed <no-dsa> (Minor issue)
	NOTE: the cvs referenced in redhat bugzilla is not available anymore however
	NOTE: http://www.colino.net/claws-mail/getpatchset.php3?ver=2.10.0cvs153 fixes the bug
CVE-2007-2957 (Integer overflow in McAfee E-Business Server before 8.5.3 for Solaris, ...)
	NOT-FOR-US: McAfee on Solaris
CVE-2007-2956 (Stack-based buffer overflow in the readRadianceHeader function in (1) ...)
	NOT-FOR-US: Qtpfsgui and pfstools
CVE-2007-2955 (Multiple unspecified &quot;input validation error&quot; vulnerabilities in ...)
	NOT-FOR-US: Norton Antivirus/Internet Security/System Works
CVE-2007-2954 (Multiple stack-based buffer overflows in the Spooler service ...)
	NOT-FOR-US: Novell Client
CVE-2007-2953 (Format string vulnerability in the helptags_one function in ...)
	{DSA-1364-2 DSA-1364-1}
	- vim 1:7.1-056+1 (low)
CVE-2007-2952 (Multiple stack-based buffer overflows in the filter service (aka ...)
	NOT-FOR-US: Blue Coat K9 Web Protection
CVE-2007-2951 (The parseIrcUrl function in src/kvirc/kernel/kvi_ircurl.cpp in KVIrc ...)
	- kvirc 2:3.2.4-5 (bug #434419; medium)
CVE-2007-2950 (Centennial Discovery 2006 Feature Pack 1, which is used by (1) Numara ...)
	NOT-FOR-US: Centennial
CVE-2007-2949 (Integer overflow in the seek_to_and_unpack_pixeldata function in the ...)
	{DSA-1335-1}
	- gimp 2.2.16-1 (medium)
	- ingimp 2.2.16.20070710-1
	NOTE: http://secunia.com/secunia_research/2007-63/advisory
CVE-2007-2948 (Multiple stack-based buffer overflows in stream/stream_cddb.c in ...)
	{DSA-1313-1}
	- mplayer 1.0~rc1-14
CVE-2007-2947 (Multiple PHP remote file inclusion vulnerabilities in OpenBASE Alpha ...)
	NOT-FOR-US: OpenBASE Alpha
CVE-2007-2946 (Buffer overflow in a certain ActiveX control in LeadTools Raster ...)
	NOT-FOR-US: LeadTools Raster Dialog File_D Object (LTRDFD14e.DLL)
CVE-2007-2945 (RMForum stores sensitive information under the web root with ...)
	NOT-FOR-US: RMForum
CVE-2007-2944 (WabCMS 1.0 stores sensitive information under the web root with ...)
	NOT-FOR-US: WabCMS
CVE-2007-2943 (PHP remote file inclusion vulnerability in class/class.php in Webavis ...)
	NOT-FOR-US: Webavis
CVE-2007-2942 (SQL injection vulnerability in user.php in My Little Forum 1.7 and ...)
	NOT-FOR-US: My Little Forum
CVE-2007-2941 (Multiple PHP remote file inclusion vulnerabilities in the creator in ...)
	NOT-FOR-US: vBulletin Google Yahoo Site Map
CVE-2007-2940 (Multiple PHP remote file inclusion vulnerabilities in FlaP 1.0b (1.0 ...)
	NOT-FOR-US: FlaP
CVE-2007-2939 (Multiple PHP remote file inclusion vulnerabilities in Mazen's PHP Chat ...)
	NOT-FOR-US: Mazen's PHP Chat
CVE-2007-2938 (Buffer overflow in the BaseRunner ActiveX control in the Ademco ...)
	NOT-FOR-US: BaseRunner ActiveX control in the Ademco ATNBaseLoader100 Module
CVE-2007-2937 (PHP remote file inclusion vulnerability in admin/admin.php in TROforum ...)
	NOT-FOR-US: TROforum
CVE-2007-2936 (Multiple PHP remote file inclusion vulnerabilities in Frequency Clock ...)
	NOT-FOR-US: Frequency Clock
CVE-2007-2935 (core/spellcheck/spellcheck.php in Fundanemt before 2.2.0.1 allows ...)
	NOT-FOR-US: Fundanemt
CVE-2007-2934 (Directory traversal vulnerability in skins/common.css.php in Vistered ...)
	NOT-FOR-US: Vistered Little
CVE-2007-2933 (SQL injection vulnerability in index.php in the Phil-a-Form ...)
	NOT-FOR-US: Phil-a-Form
CVE-2007-2932 (Cross-site scripting (XSS) vulnerability in index.php in BoastMachine ...)
	NOT-FOR-US: BoastMachine
CVE-2007-2931 (Heap-based buffer overflow in Microsoft MSN Messenger 6.2, 7.0, and ...)
	NOT-FOR-US: MSN Messenger
CVE-2007-2930 (The (1) NSID_SHUFFLE_ONLY and (2) NSID_USE_POOL PRNG algorithms in ISC ...)
	- bind <removed> (bug #442910)
	[etch] - bind <no-dsa> (It's documented in README.Debian that Bind 8 has architectual limitations and should not be used unless you know what you're doing)
	[sarge] - bind <no-dsa> (It's documented in README.Debian that Bind 8 has architectual limitations and should not be used unless you know what you're doing)
CVE-2007-2929 (The IBM Lenovo Access Support acpRunner ActiveX control, as ...)
	NOT-FOR-US: IBM Lenovo Access Support
CVE-2007-2928 (Format string vulnerability in the IBM Lenovo Access Support acpRunner ...)
	NOT-FOR-US: IBM Lenovo Access Support
CVE-2007-2927 (Unspecified vulnerability in Atheros 802.11 a/b/g wireless adapter ...)
	NOT-FOR-US: Windows Atheros drivers
CVE-2007-2926 (ISC BIND 9 through 9.5.0a5 uses a weak random number generator during ...)
	{DSA-1341-2}
	- bind9 1:9.4.1-P1-1
CVE-2007-2925 (The default access control lists (ACL) in ISC BIND 9.4.0, 9.4.1, and ...)
	- bind9 1:9.4.1-P1-1 (medium)
	[etch] - bind9 <not-affected> (Only 9.4.x and 9.5.x are affected)
	[sarge] - bind9 <not-affected> (Only 9.4.x and 9.5.x are affected)
CVE-2007-2924 (Multiple buffer overflows in RealNetworks GameHouse dldisplay ActiveX ...)
	NOT-FOR-US: RealNetworks GameHouse
CVE-2007-2923 (The launch method in the LocalExec ActiveX control (LocalExec.ocx) in ...)
	NOT-FOR-US: LocalExec ActiveX control
CVE-2007-2922
	RESERVED
CVE-2007-2921 (Multiple buffer overflows in acgm.dll in the Corel / Micrografx ...)
	NOT-FOR-US: Corel
CVE-2007-2920 (Multiple stack-based buffer overflows in the Zoomify Viewer ActiveX ...)
	NOT-FOR-US: Zoomify Viewer
CVE-2007-2919 (Multiple stack-based buffer overflows in the FViewerLoading ActiveX ...)
	NOT-FOR-US: FViewerLoading
CVE-2007-2918 (Multiple stack-based buffer overflows in ActiveX controls (1) VibeC in ...)
	NOT-FOR-US: Logitech
CVE-2007-2917 (Multiple buffer overflows in a certain ActiveX control in odapi.dll in ...)
	NOT-FOR-US: Authentium
CVE-2007-2916 (Cross-site scripting (XSS) vulnerability in showown.php in GMTT Music ...)
	NOT-FOR-US: GMTT Music Distro
CVE-2007-2915 (Cross-site scripting (XSS) vulnerability in RM EasyMail Plus allows ...)
	NOT-FOR-US: RM EasyMail Plus
CVE-2007-2914 (Multiple cross-site scripting (XSS) vulnerabilities in PsychoStats ...)
	NOT-FOR-US: PsychoStats
CVE-2007-2913 (Cross-site scripting (XSS) vulnerability in index.php in ClonusWiki .5 ...)
	NOT-FOR-US: ClonusWiki
CVE-2007-2912 (Unspecified vulnerability in Jelsoft vBulletin before 3.6.6, when ...)
	NOT-FOR-US: Jelsoft vBulletin
CVE-2007-2911 (SQL injection vulnerability in admincp/attachment.php in Jelsoft ...)
	NOT-FOR-US: Jelsoft vBulletin
CVE-2007-2910 (Cross-site scripting (XSS) vulnerability in Jelsoft vBulletin before ...)
	NOT-FOR-US: Jelsoft vBulletin
CVE-2007-2909 (Cross-site scripting (XSS) vulnerability in calendar.php in Jelsoft ...)
	NOT-FOR-US: Jelsoft vBulletin
CVE-2007-2908 (Cross-site scripting (XSS) vulnerability in calendar.php in Jelsoft ...)
	NOT-FOR-US: vBulletin
CVE-2007-2907 (Unspecified vulnerability in SSL-Explorer before 0.2.13 allows remote ...)
	NOT-FOR-US: SSL-Explorer
CVE-2007-2906 (Java Embedding Plugin 0.9.6.1 allows remote attackers to cause a ...)
	NOT-FOR-US: Java Embedding Plugin for Mac OS X
CVE-2007-2905 (SQL injection vulnerability in includes/rating.php in 2z Project 0.9.5 ...)
	NOT-FOR-US: 2z Project
CVE-2007-2904 (Cross-site scripting (XSS) vulnerability in Sun Java System Messaging ...)
	NOT-FOR-US: Sun Java System Messaging Server
CVE-2007-2903 (Buffer overflow in the HelpPopup method in the Microsoft Office 2000 ...)
	NOT-FOR-US: Microsoft Office ActiveX control
CVE-2007-2902 (SQL injection vulnerability in main/auth/my_progress.php in Dokeos ...)
	NOT-FOR-US: Dokeos
CVE-2007-2901 (Multiple cross-site scripting (XSS) vulnerabilities in Dokeos 1.8.0 ...)
	NOT-FOR-US: Dokeos
CVE-2007-2900 (Multiple PHP remote file inclusion vulnerabilities in Scallywag ...)
	NOT-FOR-US: Scallywag
CVE-2007-2899 (Direct static code injection vulnerability in admin_config.php in ...)
	NOT-FOR-US: Navboard
CVE-2007-2898 (SQL injection vulnerability in includes/rating.php in 2z Project 0.9.5 ...)
	NOT-FOR-US: 2z Project
CVE-2007-2897 (Microsoft Internet Information Services (IIS) 6.0 allows remote ...)
	NOT-FOR-US: Microsoft IIS
CVE-2007-2896 (Race condition in the Symantec Enterprise Security Manager (ESM) 6.5.3 ...)
	NOT-FOR-US: Symantec
CVE-2007-2895 (Buffer overflow in a certain ActiveX control in LTRDF14e.DLL 14.5.0.44 ...)
	NOT-FOR-US: LeadTools Raster Dialog File_D Object (LTRDFD14e.DLL)
CVE-2007-2894 (The emulated floppy disk controller in Bochs 2.3 allows local users of ...)
	- bochs <unfixed> (unimportant)
CVE-2007-2893 (Heap-based buffer overflow in the bx_ne2k_c::rx_frame function in ...)
	{DSA-1351-1}
	- bochs 2.3+20070705-1 (low; bug #427144)
CVE-2007-2892 (Cross-site scripting (XSS) vulnerability in news.asp in ASP-Nuke 2.0.7 ...)
	NOT-FOR-US: ASP-Nuke
CVE-2007-2891 (Multiple PHP remote file inclusion vulnerabilities in FirmWorX 0.1.2 ...)
	NOT-FOR-US: FirmWorX
CVE-2007-2890 (SQL injection vulnerability in category.php in cpCommerce 1.1.0 and ...)
	NOT-FOR-US: cpCommerce
CVE-2007-2889 (SQL injection vulnerability in tracking/courseLog.php in Dokeos 1.6.5 ...)
	NOT-FOR-US: Dokeos
CVE-2007-2888 (Stack-based buffer overflow in UltraISO 8.6.2.2011 and earlier allows ...)
	NOT-FOR-US: UltraISO
CVE-2007-2887 (Cross-site scripting (XSS) vulnerability in index.php in Web Icerik ...)
	NOT-FOR-US: WIYS
CVE-2007-2886 (Unspecified vulnerability in the Nortel CS 1000 M media card in ...)
	NOT-FOR-US: Nortel
CVE-2007-2885 (The NotSafe function in the MSVDTDatabaseDesigner7 ActiveX control in ...)
	NOT-FOR-US: Microsoft Visual Database Tools
CVE-2007-2884 (Multiple stack-based buffer overflows in Microsoft Visual Basic 6 ...)
	NOT-FOR-US: Microsoft Visual Basic
CVE-2007-2883 (Credant Mobile Guardian Shield for Windows 5.2.1.105 and earlier ...)
	NOT-FOR-US: Credant
CVE-2007-2882 (Unspecified vulnerability in the NFS client module in Sun Solaris 8 ...)
	NOT-FOR-US: Sun Solaris
CVE-2007-2881 (Multiple stack-based buffer overflows in the SOCKS proxy support ...)
	NOT-FOR-US: Sun Java Web Proxy Server
CVE-2007-2880 (Multiple cross-site scripting (XSS) vulnerabilities in Digirez 3.4 ...)
	NOT-FOR-US: Digirez
CVE-2007-2879 (Cross-site scripting (XSS) vulnerability in mods.php in GTP GNUTurk ...)
	NOT-FOR-US: GNUTurk
CVE-2007-2878 (The VFAT compat ioctls in the Linux kernel before 2.6.21.2, when run ...)
	{DSA-1479-1}
	- linux-2.6 2.6.21-3
CVE-2007-2877 (Buffer overflow in tcl/win/tclWinReg.c in Tcl (Tcl/Tk) before 8.5a6 ...)
	NOTE: Not a security issue; Windows-only anyway.
CVE-2007-2876 (The sctp_new function in (1) ip_conntrack_proto_sctp.c and (2) ...)
	{DSA-1356-1}
	- linux-2.6 2.6.21-5 (medium)
CVE-2007-2875 (Integer underflow in the cpuset_tasks_read function in the Linux ...)
	{DSA-1363-1}
	- linux-2.6 2.6.21-5 (medium)
CVE-2007-2874 (Buffer overflow in the wpa_printf function in the debugging code in ...)
	- wpasupplicant <not-affected> (Fedora-only issue)
CVE-2007-2873 (SpamAssassin 3.1.x, 3.2.0, and 3.2.1 before 20070611, when running as ...)
	- spamassassin 3.2.1-1 (low)
	[sarge] - spamassassin <no-dsa> (Only obscure setups affected, only locally exploitable)
	[etch] - spamassassin 3.1.7-2etch1
	NOTE: Minor issue fixed in etch r6 point update
	NOTE: Only obscure setups affected, only locally exploitable
CVE-2007-2872 (Multiple integer overflows in the chunk_split function in PHP 5 before ...)
	- php5 5.2.3-1 (unimportant)
	NOTE: Only triggerable by malicious script
	NOTE: Fix from 5.2.3 was ineffective
CVE-2007-2871 (Mozilla Firefox 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, and ...)
	{DSA-1308-1 DSA-1306-1 DSA-1300-1 DTSA-45-1 DTSA-47-1 DTSA-51-1}
	NOTE: MFSA2007-17
	- iceweasel 2.0.0.4-1 (low)
	- iceape 1.1.2-1 (low)
	[sarge] - mozilla <no-dsa> (Mozilla products from Sarge no longer supported)
	- xulrunner 1.8.1.4-1 (low)
CVE-2007-2870 (Mozilla Firefox 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, and ...)
	{DSA-1308-1 DSA-1306-1 DSA-1300-1 DTSA-45-1 DTSA-47-1 DTSA-51-1}
	NOTE: MFSA2007-16
	- iceweasel 2.0.0.4-1 (medium)
	- iceape 1.1.2-1 (medium)
	[sarge] - mozilla <no-dsa> (Mozilla products from Sarge no longer supported)
	- xulrunner 1.8.1.4-1 (medium)
CVE-2007-2869 (The form autocomplete feature in Mozilla Firefox 1.5.x before ...)
	{DSA-1308-1 DSA-1306-1 DTSA-45-1 DTSA-51-1}
	NOTE: MFSA2007-13
	- iceweasel 2.0.0.4-1 (unimportant)
	- iceape 1.1.2-1 (unimportant)
	- mozilla <removed> (unimportant)
	- xulrunner 1.8.1.4-1 (unimportant)
CVE-2007-2868 (Multiple vulnerabilities in the JavaScript engine for Mozilla Firefox ...)
	{DSA-1308-1 DSA-1306-1 DSA-1305-1 DSA-1300-1 DTSA-45-1 DTSA-46-1 DTSA-47-1 DTSA-51-1}
	NOTE: MFSA2007-12
	- iceweasel 2.0.0.4-1 (high)
	- iceape 1.1.2-1 (high)
	[sarge] - mozilla <no-dsa> (Mozilla products from Sarge no longer supported)
	- icedove 2.0.0.4-1 (low)
	- xulrunner 1.8.1.4-1 (high)
	[sarge] - mozilla-thunderbird <no-dsa> (Mozilla products from Sarge no longer supported)
CVE-2007-2867 (Multiple vulnerabilities in the layout engine for Mozilla Firefox ...)
	{DSA-1308-1 DSA-1306-1 DSA-1305-1 DSA-1300-1 DTSA-45-1 DTSA-46-1 DTSA-47-1 DTSA-51-1}
	NOTE: MFSA2007-12
	- iceweasel 2.0.0.4-1 (high)
	- iceape 1.1.2-1 (high)
	[sarge] - mozilla <no-dsa> (Mozilla products from Sarge no longer supported)
	- icedove 2.0.0.4-1 (low)
	- xulrunner 1.8.1.4-1 (high)
	[sarge] - mozilla-thunderbird <no-dsa> (Mozilla products from Sarge no longer supported)
CVE-2007-2866 (Multiple SQL injection vulnerabilities in ...)
	NOT-FOR-US: PHPEcho CMS
CVE-2007-2865 (Cross-site scripting (XSS) vulnerability in sqledit.php in phpPgAdmin ...)
	{DSA-1693-1}
	- phppgadmin 4.1.2-1 (low; bug #427151)
	[sarge] - phppgadmin <not-affected> (Vulnerable code not present)
	NOTE: http://phppgadmin.cvs.sourceforge.net/phppgadmin/webdb/classes/Misc.php?r1=1.156&r2=1.157&pathrev=MAIN
CVE-2007-2864 (Stack-based buffer overflow in the Anti-Virus engine before content ...)
	NOT-FOR-US: CA Anti-Virus
CVE-2007-2863 (Stack-based buffer overflow in the Anti-Virus engine before content ...)
	NOT-FOR-US: CA Anti-Virus
CVE-2007-2862 (Multiple SQL injection vulnerabilities in CubeCart 3.0.16 might allow ...)
	NOT-FOR-US: CubeCart
CVE-2007-2861 (Multiple PHP remote file inclusion vulnerabilities in Simple ...)
	NOT-FOR-US: SAXON
CVE-2007-2860 (user.php in BoastMachine 3.0 platinum allows remote authenticated ...)
	NOT-FOR-US: BoastMachine
CVE-2007-2859 (Multiple PHP remote file inclusion vulnerabilities in SimpGB 1.46.0 ...)
	NOT-FOR-US: SimpGB
CVE-2007-2858 (SQL injection vulnerability in the IP-Search functionality in the ...)
	NOT-FOR-US: IP-Tracking Mod for phpBB
CVE-2007-2857 (PHP remote file inclusion vulnerability in sample/xls2mysql in ABC ...)
	NOT-FOR-US: ABC Excel Parser Pro
CVE-2007-2856 (Buffer overflow in the Dart Communications PowerTCP ZIP Compression ...)
	NOT-FOR-US: Dart Communications PowerTCP
CVE-2007-2855 (Buffer overflow in a certain ActiveX control in DartZipLite.dll ...)
	NOT-FOR-US: Dart ZipLite
CVE-2007-2854 (Multiple SQL injection vulnerabilities in account_change.php in ...)
	NOT-FOR-US: BtiTracker
CVE-2007-2853 (The VCDAPILibApi ActiveX control in vc9api.DLL 9.0.0.57 in Virtual CD ...)
	NOT-FOR-US: Virtual CD
CVE-2007-2852 (Multiple stack-based buffer overflows in ESET NOD32 Antivirus before ...)
	NOT-FOR-US: ESET NOD32 Antivirus
CVE-2007-2851 (A certain ActiveX control in LeadTools Raster Variant Object Library ...)
	NOT-FOR-US: LeadTools
CVE-2007-2850 (The Session Reliability Service (XTE) in Citrix MetaFrame Presentation ...)
	NOT-FOR-US: Citrix
CVE-2007-2849 (KnowledgeTree Document Management (aka KnowledgeTree Open Source) ...)
	- knowledgetree <removed> (bug #432123)
CVE-2007-2848 (Stack-based buffer overflow in the SetPath function in the shComboBox ...)
	NOT-FOR-US: Sky Software
CVE-2007-2847 (Multiple cross-site scripting (XSS) vulnerabilities in hlstats.php in ...)
	NOT-FOR-US: HLstats
CVE-2007-2846 (Heap-based buffer overflow in the SIS unpacker in avast! Anti-Virus ...)
	NOT-FOR-US: Avast
CVE-2007-2845 (Heap-based buffer overflow in the CAB unpacker in avast! Anti-Virus ...)
	NOT-FOR-US: Avast
CVE-2007-2844 (PHP 4.x and 5.x before 5.2.1, when running on multi-threaded systems, ...)
	- php5 <not-affected> (Multi-threaded operation not supported in Debian)
	- php4 <not-affected> (Multi-threaded operation not supported in Debian)
CVE-2007-2843 (Cross-domain vulnerability in Apple Safari 2.0.4 allows remote ...)
	NOT-FOR-US: Apple Safari
	NOTE: Does not seem to work with Konqueror.
CVE-2007-2842
	RESERVED
CVE-2007-2841 [lighttpd DoS]
	RESERVED
	NOTE: Duplicate of CVE-2007-3947, was assigned from Debian CNA and clashed with MITRE
	NOTE: assignment
CVE-2007-2840
	RESERVED
CVE-2007-2839 (gfax 0.4.2 and probably other versions creates temporary files ...)
	{DSA-1329-1}
	- gfax 0.6 (bug #431893; low)
	NOTE: Vulnerable code no longer present since 0.6, so marking this as fixed version
CVE-2007-2838 (The populate_conns function in src/populate_conns.c in GSAMBAD 0.1.4 ...)
	{DSA-1327-1}
	- gsambad 0.1.6-2 (bug #431331)
CVE-2007-2837 (The (1) getRule and (2) getChains functions in server/rules.cpp in ...)
	{DSA-1326-1}
	- fireflier 1.1.7
CVE-2007-2836 (Directory traversal vulnerability in session.rb in Hiki 0.8.0 through ...)
	{DSA-1324-1}
	- hiki 0.8.7-1 (bug #430691; medium)
	[sarge] - hiki <not-affected> (Vulnerable code not present)
CVE-2007-2835 (Multiple stack-based buffer overflows in (1) CCE_pinyin.c and (2) ...)
	{DSA-1328-1}
	- unicon 3.0.4-12 (bug #431336)
CVE-2007-2834 (Integer overflow in the TIFF parser in OpenOffice.org (OOo) before ...)
	{DSA-1375-1}
	- openoffice.org 2.2.1-9 (medium)
	[sarge] - openoffice.org 1.1.3-9sarge8
CVE-2007-2833 (Emacs 21 allows user-assisted attackers to cause a denial of service ...)
	{DSA-1316-1}
	- emacs21 21.4a+1-5.1 (bug #408929; low)
	- emacs-snapshot <removed>
	NOTE: The bug is not present in emacs22 22.2+1-1.  It was probably
	NOTE: fixed before the first emacs22 upload.
CVE-2007-2832 (Cross-site scripting (XSS) vulnerability in the web application ...)
	NOT-FOR-US: Cisco
CVE-2007-2831 (Array index error in the (1) ieee80211_ioctl_getwmmparams and (2) ...)
	- madwifi 1:0.9.3-2 (high; bug #425738)
	[etch] - madwifi 1:0.9.2+r1842.20061207-2etch1
CVE-2007-2830 (The ath_beacon_config function in if_ath.c in MadWifi before 0.9.3.1 ...)
	- madwifi 1:0.9.3-2 (medium; bug #425738)
	[etch] - madwifi 1:0.9.2+r1842.20061207-2etch1
CVE-2007-2829 (The 802.11 network stack in net80211/ieee80211_input.c in MadWifi ...)
	- madwifi 1:0.9.3-2 (medium; bug #425738)
	[etch] - madwifi 1:0.9.2+r1842.20061207-2etch1
CVE-2007-2828 (Cross-site request forgery (CSRF) vulnerability in adsense-deluxe.php ...)
	NOT-FOR-US: AdSense-Deluxe
CVE-2007-2827 (Heap-based buffer overflow in LEAD Technologies LEADTOOLS ISIS ActiveX ...)
	NOT-FOR-US: LeadTools
CVE-2007-2826 (PHP remote file inclusion vulnerability in lib/addressbook.php in ...)
	NOT-FOR-US: Madirish Webmail
CVE-2007-2825 (Multiple cross-site scripting (XSS) vulnerabilities in ReadMsg.php in ...)
	NOT-FOR-US: @Mail
CVE-2007-2824 (SQL injection vulnerability in paypal.php in AlstraSoft E-Friends 4.21 ...)
	NOT-FOR-US: AlstraSoft E-Friends
CVE-2007-2823 (Multiple buffer overflows in HT Editor before 2.0.6 might allow remote ...)
	NOT-FOR-US: HT Editor
CVE-2007-2822 (TutorialCMS 1.01 and earlier, when register_globals is enabled, allows ...)
	NOT-FOR-US: TutorialCMS
CVE-2007-2821 (SQL injection vulnerability in wp-admin/admin-ajax.php in WordPress ...)
	{DSA-1502-1}
	- wordpress 2.2-1 (high)
	NOTE: seems present in etch even though admin-ajax.php was not shipped yet
CVE-2007-2820 (Multiple stack-based buffer overflows in the KSign KSignSWAT ActiveX ...)
	NOT-FOR-US: KSign
CVE-2007-2819 (Cross-site scripting (XSS) vulnerability in reportItem.do in Track+ ...)
	NOT-FOR-US: Track+
CVE-2007-2818 (Cross-site scripting (XSS) vulnerability in cand_login.asp in ...)
	NOT-FOR-US: Parodia
CVE-2007-2817 (SQL injection vulnerability in read/index.php in ol'bookmarks 0.7.4 ...)
	NOT-FOR-US: ol'bookmarks
CVE-2007-2816 (Multiple PHP remote file inclusion vulnerabilities in ol'bookmarks ...)
	NOT-FOR-US: ol'bookmarks
CVE-2007-2815 (The &quot;hit-highlighting&quot; functionality in webhits.dll in Microsoft ...)
	NOT-FOR-US: Microsoft IIS
CVE-2007-2814 (Multiple stack-based buffer overflows in the Pegasus ImagN' ActiveX ...)
	NOT-FOR-US: Pegasus ImagN'
CVE-2007-2813 (Cisco IOS 12.4 and earlier, when using the crypto packages and SSL ...)
	NOT-FOR-US: Cisco
CVE-2007-2812 (Cross-site scripting (XSS) vulnerability in hlstats.php in HLstats ...)
	NOT-FOR-US: HLstats
CVE-2007-2811 (Cross-site scripting (XSS) vulnerability in OSK Advance-Flow 4.41 and ...)
	NOT-FOR-US: OSK Advance-Flow
CVE-2007-2810 (SQL injection vulnerability in down_indir.asp in Gazi Download Portal ...)
	NOT-FOR-US: Gazi Download Portal
CVE-2007-2809 (Buffer overflow in the transfer manager in Opera before 9.21 for ...)
	NOT-FOR-US: Opera
CVE-2007-2808 (Cross-site scripting (XSS) vulnerability in gnatsweb.pl in Gnatsweb ...)
	{DSA-1486-1}
	- gnatsweb 4.00-1.1 (low; bug #427156)
CVE-2007-2807 (Stack-based buffer overflow in mod/server.mod/servrmsg.c in Eggdrop ...)
	{DSA-1448-1}
	- eggdrop 1.6.18-1.1 (medium; bug #427157)
CVE-2007-2806 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...)
	NOT-FOR-US: GaliX
CVE-2007-2805 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...)
	NOT-FOR-US: ClientExec
CVE-2007-2804 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
	NOT-FOR-US: CandyPress Store
CVE-2007-2803 (SQL injection vulnerability in default.asp in Vizayn Urun Tanitim ...)
	NOT-FOR-US: Vizayn Urun Tanitim Sitesi
CVE-2007-2802 (Cross-site scripting (XSS) vulnerability in cp/ps/Main/login/Login in ...)
	NOT-FOR-US: RM EasyMail Plus
CVE-2007-2801 (Multiple cross-site scripting (XSS) vulnerabilities in open.php in ...)
	NOT-FOR-US: eTicket
CVE-2007-2800 (index.php in eTicket 1.5.5.1 and earlier allows remote attackers to ...)
	NOT-FOR-US: eTicket
CVE-2007-2799 (Integer overflow in the &quot;file&quot; program 4.20, when running on 32-bit ...)
	{DSA-1343-2 DSA-1343-1}
	- file 4.21-1 (medium; bug #428293)
CVE-2007-2798 (Stack-based buffer overflow in the rename_principal_2_svc function in ...)
	{DSA-1323-1}
	- krb5 1.6.dfsg.1-5 (high; bug #430785)
CVE-2006-7205 (The array_fill function in ext/standard/array.c in PHP 4.4.2 and 5.1.2 ...)
	- php4 <unfixed> (unimportant)
	- php5 <unfixed> (unimportant)
	NOTE: local DoS when Apache memory limit is set high
CVE-2006-7204 (The imap_body function in PHP before 4.4.4 does not implement safemode ...)
	- php4 <unfixed> (unimportant)
	NOTE: open_basedir bypasses not supported
CVE-2003-1330 (Clearswift MAILsweeper for SMTP 4.3.6 SP1 does not execute custom &quot;on ...)
	NOT-FOR-US: MAILsweeper
CVE-2001-1581 (The File Blocker feature in Clearswift MAILsweeper for SMTP 4.2 allows ...)
	NOT-FOR-US: MAILsweeper
CVE-2007-XXXX [mantis multiple issues fixed in 1.0.7]
	- mantis 1.0.7+dfsg-1
	[sarge] - mantis 0.19.2-5sarge5
	NOTE: "email notifications bypass security on custom fields" and "XSS vulnerabilities"
CVE-2007-XXXX [NTFS driver for FUSE unspecified issue]
	- ntfs-3g 1:1.516-1
	NOTE: local root exploit
CVE-2007-2797 (xterm, including 192-7.el4 in Red Hat Enterprise Linux and 208-3.1 in ...)
	- xterm <not-affected> (Debian uses safe compile-time settings)
CVE-2007-2796 (Arris Cadant C3 CMTS allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Arris Cadant
CVE-2007-2795 (Multiple buffer overflows in Ipswitch IMail before 2006.21 allow ...)
	NOT-FOR-US: Ipswitch IMail
CVE-2007-2794
	RESERVED
CVE-2007-2793 (PHP remote file inclusion vulnerability in ImageImageMagick.php in ...)
	NOT-FOR-US: Geeklog
CVE-2007-2792 (SQL injection vulnerability in index.php in the com_yanc 1.4 beta ...)
	NOT-FOR-US: com_yanc for Mambo
	NOTE: com_yanc component not in Mambo Debian package
CVE-2007-2791 (Unspecified vulnerability in the Secure Shell (SSH) in HP Tru64 UNIX ...)
	NOT-FOR-US: HP Tru64
CVE-2007-2790 (Cross-site scripting (XSS) vulnerability in shopcontent.asp in VP-ASP ...)
	NOT-FOR-US: VP-ASP Shopping Cart
CVE-2007-2789 (The BMP image parser in Sun Java Development Kit (JDK) before ...)
	- sun-java5 1.5.0-11-1 (medium)
	[etch] - sun-java5 1.5.0-14-1etch1
	[etch] - sun-java5 <no-dsa> (Non-free not supported)
	- sun-java6 6-01-1 (bug #422403)
CVE-2007-2788 (Integer overflow in the embedded ICC profile image parser in Sun Java ...)
	- sun-java5 1.5.0-11-1 (medium)
	[etch] - sun-java5 1.5.0-14-1etch1
	[etch] - sun-java5 <no-dsa> (Non-free not supported)
	- sun-java6 6-01-1 (bug #422403)
CVE-2007-2787 (Stack-based buffer overflow in the BrowseDir function in the (1) ...)
	NOT-FOR-US: LeadTools Raster Thumbnail Object Library
CVE-2007-2786 (Ratbox IRC Daemon (aka ircd-ratbox) 2.2.5 and earlier allows remote ...)
	NOT-FOR-US: ircd-ratbox
CVE-2007-2785 (manage-admins.php in eSyndiCat Pro 1.x allows remote attackers to ...)
	NOT-FOR-US: eSyndiCat Pro
CVE-2007-2784 (Unspecified vulnerability in globus-job-manager in Globus Toolkit ...)
	NOT-FOR-US: Globus Toolkit
CVE-2007-2783 (Unspecified vulnerability in Rational Soft Hidden Administrator 1.7 ...)
	NOT-FOR-US: Rational Soft Hidden Administrator
CVE-2007-2782 (Packeteer PacketShaper uses fixed increments in TCP initial sequence ...)
	NOT-FOR-US: Packeteer PacketShaper
CVE-2007-2781 (Cross-site scripting (XSS) vulnerability in ...)
	NOT-FOR-US: WikyBlog
CVE-2007-2780 (PsychoStats 3.0.6b and earlier allows remote attackers to obtain ...)
	NOT-FOR-US: PsychoStats
CVE-2007-2779 (PHP remote file inclusion vulnerability in template_csv.php in ...)
	NOT-FOR-US: Libstats
CVE-2007-2778 (Multiple directory traversal vulnerabilities in MolyX BOARD 2.5.0 ...)
	NOT-FOR-US: MolyX BOARD
CVE-2007-2777 (Unrestricted file upload vulnerability in admin/addsptemplate.php in ...)
	NOT-FOR-US: AlstraSoft Template Seller Pro
CVE-2007-2776 (AlstraSoft Template Seller Pro 3.25 and earlier sends a redirect to ...)
	NOT-FOR-US: AlstraSoft Template Seller Pro
CVE-2007-2775 (AlstraSoft Live Support 1.21 sends a redirect to the web browser but ...)
	NOT-FOR-US: AlstraSoft Live Support
CVE-2007-2774 (Multiple PHP remote file inclusion vulnerabilities in SunLight CMS 5.3 ...)
	NOT-FOR-US: SunLight CMS
CVE-2007-2773 (SQL injection vulnerability in plugins/mp3playlist/mp3playlist.php in ...)
	NOT-FOR-US: Zomplog
CVE-2007-2772 ((1) caloggerd.exe (camt70.dll) and (2) mediasvr.exe (catirpc.dll and ...)
	NOT-FOR-US: CA BrightStor Backup
CVE-2007-2771 (Stack-based buffer overflow in the LEAD Technologies LeadTools JPEG ...)
	NOT-FOR-US: LeadTools JPEG 2000
CVE-2007-2770 (Stack-based buffer overflow in Eudora 7.1 allows user-assisted, remote ...)
	NOT-FOR-US: Eudora
CVE-2007-2769 (BES before 3.5.0 in OPeNDAP 4 (Hydrax) before 1.2.1 does not properly ...)
	NOT-FOR-US: OPeNDAP
CVE-2007-2768 (OpenSSH, when using OPIE (One-Time Passwords in Everything) for PAM, ...)
	- openssh <unfixed> (bug #436571; unimportant)
	[etch] - openssh <no-dsa> (Minor issue)
	[sarge] - openssh <no-dsa> (Minor issue)
	NOTE: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=112279
CVE-2007-2767 (Unspecified vulnerability in BES before 3.5.0 in OPeNDAP 4 (Hydrax) ...)
	NOT-FOR-US: OPeNDAP
CVE-2007-2766 (lib/backup-methods.sh in Backup Manager before 0.7.6 provides the ...)
	- backup-manager 0.7.6-1 (low)
	[sarge] - backup-manager <no-dsa> (Minor issue)
	[etch] - backup-manager <no-dsa> (Minor issue)
CVE-2007-2765 (blockhosts.py in BlockHosts before 2.0.3 does not properly parse ...)
	NOT-FOR-US: BlockHosts
CVE-2007-2764 (The embedded Linux kernel in certain Sun-Brocade SilkWorm switches ...)
	NOT-FOR-US: Sun-Brocade SilkWorm
CVE-2007-2763 (Buffer overflow in the UnlockSupport function in the LockModules ...)
	NOT-FOR-US: Sienzo Digital Music Mentor ActiveX control
CVE-2007-2762 (Multiple PHP remote file inclusion vulnerabilities in Build it Fast ...)
	NOT-FOR-US: Build it Fast
CVE-2007-2761 (Stack-based buffer overflow in MagicISO 5.4 build 239 and earlier ...)
	NOT-FOR-US: MagicISO
CVE-2007-2760 (The canUpdate function in model/MRole.java in Adempiere before 3.1.6 ...)
	NOT-FOR-US: Adempiere
CVE-2007-2759 (Multiple SQL injection vulnerabilities in the insert function in the ...)
	NOT-FOR-US: Adempiere
CVE-2007-2758 (Multiple buffer overflows in WinImage 8.0.8000 allow user-assisted ...)
	NOT-FOR-US: WinImage
CVE-2007-2757 (Multiple cross-site scripting (XSS) vulnerabilities in Redoable 1.2 ...)
	NOT-FOR-US: Redoable
CVE-2007-2756 (The gdPngReadData function in libgd 2.0.34 allows user-assisted ...)
	- libgd2 2.0.35.dfsg-1 (bug #426100; bug #426099; low)
	[etch] - libgd <no-dsa> (Minor issue)
	[sarge] - libgd <no-dsa> (Minor issue)
	[etch] - libgd2 <no-dsa> (Minor issue)
	[sarge] - libgd2 <no-dsa> (Minor issue)
	NOTE: http://bugs.libgd.org/?do=details&task_id=86
CVE-2007-2755 (The PrecisionID Barcode 1.9 ActiveX control in ...)
	NOT-FOR-US: PrecisionID
CVE-2007-2754 (Integer signedness error in truetype/ttgload.c in Freetype 2.3.4 and ...)
	{DSA-1334-1 DSA-1302-1}
	- freetype 2.2.1-6 (bug #425625)
	[sarge] - freetype 2.1.7-8
CVE-2007-2753 (RunawaySoft Haber portal 1.0 stores sensitive information under the ...)
	NOT-FOR-US: RunawaySoft
CVE-2007-2752 (SQL injection vulnerability in devami.asp in RunawaySoft Haber portal ...)
	NOT-FOR-US: RunawaySoft
CVE-2007-2751 (Multiple PHP remote file inclusion vulnerabilities in PHPGlossar 0.8 ...)
	NOT-FOR-US: PHPGlossar
CVE-2007-2750 (SQL injection vulnerability in print.php in SimpNews 2.40.01 and ...)
	NOT-FOR-US: SimpNews
CVE-2007-2749 (SQL injection vulnerability in question.php in FAQEngine 4.16.03 and ...)
	NOT-FOR-US: FAQEngine
CVE-2007-2748 (The substr_count function in PHP 5.2.1 and earlier allows ...)
	- php4 <not-affected> (Debian shipped the correct fix from the beginning)
	- php5 <not-affected> (Debian shipped the correct fix from the beginning)
CVE-2007-2747 (Directory traversal vulnerability in rdw_helpers.py in rdiffWeb before ...)
	NOT-FOR-US: rdiffWeb
CVE-2007-2746 (The viewList function in lib/WebGUI/Asset/Wobject/DataForm.pm in Plain ...)
	NOT-FOR-US: Plain Black WebGUI
CVE-2007-2745 (Cross-site scripting (XSS) vulnerability in printcal.pl in vDesk ...)
	NOT-FOR-US: vDesk Webmail
CVE-2007-2744 (Stack-based buffer overflow in the PrecisionID Barcode 1.9 ActiveX ...)
	NOT-FOR-US: PrecisionID
CVE-2007-2743 (PHP remote file inclusion vulnerability in custom_vars.php in ...)
	NOT-FOR-US: GlossWord
CVE-2007-2742 (Unrestricted file upload vulnerability in labs.beffa.org w2box 4.0.0 ...)
	NOT-FOR-US: w2box
CVE-2007-2741 (Stack-based buffer overflow in Little CMS (lcms) before 1.15 allows ...)
	- lcms 1.15-1 (medium)
CVE-2007-2740 (Unspecified vulnerability in xajax before 0.2.5 has unknown impact and ...)
	- php-xajax 0.2.5-1 (bug #426103; unimportant)
	NOTE: This issue was created because of an upstream changelog entry, which however
	NOTE: was meant for the XSS, which is the general issue.
CVE-2007-2739 (Cross-site scripting (XSS) vulnerability in xajax before 0.2.5 allows ...)
	{DSA-1692-1}
	- php-xajax 0.2.5-1 (bug #426103; low)
CVE-2007-2738 (SQL injection vulnerability in glossaire-p-f.php in the Glossaire 1.7 ...)
	NOT-FOR-US: Glossaire for Xoops
CVE-2007-2737 (SQL injection vulnerability in index.php in the MyConference 1.0 ...)
	NOT-FOR-US: MyConference for Xoops
CVE-2007-2736 (PHP remote file inclusion vulnerability in index.php in Achievo 1.1.0 ...)
	NOT-FOR-US: Achievo
CVE-2007-2735 (SQL injection vulnerability in edit_day.php in the ResManager 1.2.1 ...)
	NOT-FOR-US: ResManager for Xoops
CVE-2007-2734 (The 3Com TippingPoint IPS do not properly handle certain full-width ...)
	NOT-FOR-US: 3Com TippingPoint IPS
CVE-2007-2733 (Unrestricted file upload vulnerability in Jetbox CMS allows remote ...)
	NOT-FOR-US: Jetbox CMS
CVE-2007-2732 (Multiple cross-site scripting (XSS) vulnerabilities in Jetbox CMS ...)
	NOT-FOR-US: Jetbox CMS
CVE-2007-2731 (CRLF injection vulnerability in formmail.php in Jetbox CMS 2.1 might ...)
	NOT-FOR-US: Jetbox CMS
CVE-2007-2730 (Check Point ZoneAlarm Pro before 6.5.737.000 does not properly test ...)
	NOT-FOR-US: Check Point Zone Labs ZoneAlarm Internet Security Suite
CVE-2007-2729 (Comodo Firewall Pro 2.4.18.184 and Comodo Personal Firewall 2.3.6.81, ...)
	NOT-FOR-US: Comodo Personal Firewall
CVE-2007-2728 (The soap extension in PHP calls php_rand_r with an uninitialized seed ...)
	- php5 5.2.3-1 (low)
	[etch] - php5 <not-affected> (Version from 5.2.0 correctly uses rand())
	- php4 <not-affected> (no soap functions in php4)
CVE-2007-2727 (The mcrypt_create_iv function in ext/mcrypt/mcrypt.c in PHP before ...)
	[etch] - php5 <not-affected> (Version from 5.2.0 correctly uses rand())
	- php5 5.2.2-1 (low)
	NOTE: Code not present in PHP 4.
CVE-2007-2726 (BitsCast 0.13.0 allows remote attackers to cause a denial of service ...)
	NOT-FOR-US: BitsCast
CVE-2007-2725 (The DB Software Laboratory DeWizardX (DEWizardAX.ocx) ActiveX control ...)
	NOT-FOR-US: DeWizardX
CVE-2007-2724 (Cross-site scripting (XSS) vulnerability in all_photos.html in fotolog ...)
	NOT-FOR-US: fotolog
CVE-2007-2723 (Media Player Classic 6.4.9.0 allows user-assisted remote attackers to ...)
	NOT-FOR-US: guliverkli Media Player Classic
CVE-2007-2722 (Unspecified vulnerability in NewzCrawler 1.8 allows remote attackers ...)
	NOT-FOR-US: NewzCrawler
CVE-2007-2721 (The jpc_qcx_getcompparms function in jpc/jpc_cs.c for the JasPer ...)
	- jasper 1.900.1-3 (medium; bug #413033)
	- ghostscript 8.61.dfsg.1~svn8187-1.1 (medium; bug #447188)
	NOTE: see http://ghostscript.com/pipermail/gs-cvs/2007-October/007877.html
CVE-2007-2720 (Group-Office before 2.16-13 does not properly validate user IDs, which ...)
	NOT-FOR-US: Group-Office
CVE-2007-2719 (Session fixation vulnerability in HP Systems Insight Manager (SIM) 4.2 ...)
	NOT-FOR-US: HP Systems Insight Manager
CVE-2007-2718 (Cross-site scripting (XSS) vulnerability in the WebMail system in ...)
	NOT-FOR-US: Stalker CommuniGate Pro
CVE-2007-2717 (SQL injection vulnerability in shop/page.php in iGeneric (iG) Shop 1.4 ...)
	NOT-FOR-US: iGeneric (iG) Shop
CVE-2007-2716 (Multiple cross-site scripting (XSS) vulnerabilities in EQdkp 1.3.2c ...)
	NOT-FOR-US: EQdkp
CVE-2003-1329 (ftpd.c in wu-ftpd 2.6.2, when running on &quot;operating systems that only ...)
	- wu-ftpd 2.6.2-4
CVE-2007-2715 (Admin/users.php in Snaps! Gallery 1.4.4 allows remote attackers to ...)
	NOT-FOR-US: Snaps! Gallery
CVE-2007-2714 (Unspecified vulnerability in akismet.php in Matt Mullenweg Akismet ...)
	NOT-FOR-US: Akismet
CVE-2007-2713 (ifdate 2.x sends a redirect to the web browser but does not exit when ...)
	NOT-FOR-US: iFdate
CVE-2007-2712 (Unspecified vulnerability in MH Software Connect Daily before 3.3.3 ...)
	NOT-FOR-US: MH Software Connect Daily Web Calendar
CVE-2007-2711 (Stack-based buffer overflow in TinyIdentD 2.2 and earlier allows ...)
	NOT-FOR-US: TinyIdentD
CVE-2007-2710 (PHP remote file inclusion vulnerability in functions/prepend_adm.php ...)
	NOT-FOR-US: NagiosQL
CVE-2007-2709 (PHP remote file inclusion vulnerability in functions/prepend_adm.php ...)
	NOT-FOR-US: NagiosQL
CVE-2007-2708 (PHP remote file inclusion vulnerability in newsadmin.php in Feindt ...)
	NOT-FOR-US: News-Script
CVE-2007-2707 (PHP remote file inclusion vulnerability in linksnet_linkslog_rss.php ...)
	NOT-FOR-US: Linksnet Newsfeed
CVE-2007-2706 (PHP remote file inclusion vulnerability in maint/ftpmedia.php in Media ...)
	NOT-FOR-US: Geeklog
CVE-2007-2705 (Directory traversal vulnerability in the Test View Console in BEA ...)
	NOT-FOR-US: BEA WebLogic Integration
CVE-2007-2704 (BEA WebLogic Server 9.0 through 9.2 allows remote attackers to cause a ...)
	NOT-FOR-US: BEA WebLogic Server
CVE-2007-2703 (BEA WebLogic Portal 9.2 GA can corrupt a visitor entitlements role if ...)
	NOT-FOR-US: BEA WebLogic Portal
CVE-2007-2702 (Cross-site scripting (XSS) vulnerability in the GroupSpace application ...)
	NOT-FOR-US: BEA WebLogic Portal
CVE-2007-2701 (The JMS Message Bridge in BEA WebLogic Server 7.0 through SP7 and 8.1 ...)
	NOT-FOR-US: BEA WebLogic
CVE-2007-2700 (The WLST script generated by the configToScript command in BEA ...)
	NOT-FOR-US: BEA WebLogic
CVE-2007-2699 (The Administration Console in BEA WebLogic Express and WebLogic Server ...)
	NOT-FOR-US: BEA WebLogic
CVE-2007-2698 (The Administration Console in BEA WebLogic Server 9.0 may show ...)
	NOT-FOR-US: BEA WebLogic
CVE-2007-2697 (The embedded LDAP server in BEA WebLogic Express and WebLogic Server ...)
	NOT-FOR-US: BEA WebLogic
CVE-2007-2696 (The JMS Server in BEA WebLogic Server 6.1 through SP7, 7.0 through ...)
	NOT-FOR-US: BEA WebLogic
CVE-2007-2695 (The HttpClusterServlet and HttpProxyServlet in BEA WebLogic Express ...)
	NOT-FOR-US: BEA WebLogic
CVE-2007-2694 (Multiple cross-site scripting (XSS) vulnerabilities in BEA WebLogic ...)
	NOT-FOR-US: BEA WebLogic
CVE-2007-2693 (MySQL before 5.1.18 allows remote authenticated users without SELECT ...)
	- mysql-dfsg-5.0 <not-affected> (Only MySQL 5.1 affected)
	[sarge] - mysql-dfsg-4.1 <not-affected> (Only MySQL 5.1 affected)
	[sarge] - mysql-dfsg <not-affected> (Only MySQL 5.1 affected)
CVE-2007-2692 (The mysql_change_db function in MySQL 5.0.x before 5.0.40 and 5.1.x ...)
	{DSA-1413-1}
	- mysql-dfsg-5.0 5.0.42 (bug #424778)
	[sarge] - mysql-dfsg-4.1 <not-affected> (Vulnerable functionality not implemented)
	[sarge] - mysql-dfsg <not-affected> (Vulnerable functionality not implemented)
	NOTE: http://bugs.mysql.com/bug.php?id=28499
CVE-2007-2691 (MySQL before 4.1.23, 5.0.x before 5.0.42, and 5.1.x before 5.1.18 does ...)
	{DSA-1413-1}
	- mysql-dfsg-5.0 5.0.41a-1 (bug #424778; bug #424830)
CVE-2007-2690 (Multiple IBM ISS Proventia Series products, including the A, G, and M ...)
	NOT-FOR-US: ISS
CVE-2007-2689 (Check Point Web Intelligence does not properly handle certain ...)
	NOT-FOR-US: Check Point
CVE-2007-2688 (The Cisco Intrusion Prevention System (IPS) and IOS with Firewall/IPS ...)
	NOT-FOR-US: Cisco
CVE-2007-2687 (Stack-based buffer overflow in the MicroWorld Agent service ...)
	NOT-FOR-US: MicroWorld
CVE-2007-2686 (Cross-site scripting (XSS) vulnerability in index.php in Jetbox CMS ...)
	NOT-FOR-US: Jetbox CMS
CVE-2007-2685 (Multiple SQL injection vulnerabilities in index.php in Jetbox CMS 2.1 ...)
	NOT-FOR-US: Jetbox CMS
CVE-2007-2684 (Jetbox CMS 2.1 allows remote attackers to obtain sensitive information ...)
	NOT-FOR-US: Jetbox CMS
CVE-2007-2683 (Buffer overflow in Mutt 1.4.2 might allow local users to execute ...)
	- mutt 1.5.15+20070608-1 (low; bug #426116)
	[etch] - mutt <no-dsa> (Minor issue, hardly exploitable)
	[sarge] - mutt <no-dsa> (Minor issue, hardly exploitable)
CVE-2007-2682 (The installer for Adobe Version Cue CS3 Server on Apple Mac OS X, as ...)
	NOT-FOR-US: Adobe
CVE-2007-2681 (Directory traversal vulnerability in blogs/index.php in b2evolution ...)
	- b2evolution <unfixed> (unimportant)
	NOTE: This is a register_globals=on issue.
	NOTE: More than just blogs/index.php is affected (that file isn't
	NOTE: installed by the Debian package).
CVE-2007-2680 (Cross-site scripting (XSS) vulnerability in the management interface ...)
	NOT-FOR-US: Canon
CVE-2007-2679 (PHP file inclusion vulnerability in index.php in Ivan Peevski gallery ...)
	NOT-FOR-US: Simple PHP Scripts
CVE-2007-2678 (Buffer overflow in the isChecked function in toolbar.dll in Netsprint ...)
	NOT-FOR-US: Netsprint
CVE-2007-2677 (Multiple PHP remote file inclusion vulnerabilities in phpChess ...)
	NOT-FOR-US: phpChess
CVE-2007-2676 (PHP remote file inclusion vulnerability in skins/header.php in Open ...)
	NOT-FOR-US: Open Translation Engine
CVE-2007-2675 (SQL injection vulnerability in search.php in Pre Classifieds Listings ...)
	NOT-FOR-US: Pre Classifieds Listings
CVE-2007-2674 (SQL injection vulnerability in detail.php in Pre Shopping Mall 1.0 ...)
	NOT-FOR-US: Pre Shopping Mall
CVE-2007-2673 (SQL injection vulnerability in includes/funcs_vendors.php in Censura ...)
	NOT-FOR-US: Censura
CVE-2007-2672 (SQL injection vulnerability in index.php in PHP Coupon Script 3.0 ...)
	NOT-FOR-US: PHP Coupon Script
CVE-2007-2671 (Mozilla Firefox 2.0.0.3 allows remote attackers to cause a denial of ...)
	- iceweasel <unfixed> (unimportant)
	NOTE: Browser crashes not treated as security problems
CVE-2007-2670 (PHPChain 1.0 and earlier allows remote attackers to obtain the ...)
	NOT-FOR-US: PHPChain
CVE-2007-2669 (Multiple cross-site scripting (XSS) vulnerabilities in PHPChain 1.0 ...)
	NOT-FOR-US: PHPChain
CVE-2007-2668 (Buffer overflow in webdesproxy 0.0.1 allows remote attackers to ...)
	NOT-FOR-US: webdesproxy
CVE-2007-2667 (Buffer overflow in the DB Software Laboratory VImpX ActiveX control in ...)
	NOT-FOR-US: VImpX
CVE-2007-2666 (Stack-based buffer overflow in LexRuby.cxx (SciLexer.dll) in Scintilla ...)
	NOT-FOR-US: notepad++
CVE-2007-2665 (PHP remote file inclusion vulnerability in block.php in PhpFirstPost ...)
	NOT-FOR-US: PhpFirstPost
CVE-2007-2664 (PHP remote file inclusion vulnerability in includes/common.php in Yaap ...)
	NOT-FOR-US: Yaap
CVE-2007-2663 (PHP remote file inclusion vulnerability in language/1/splash.lang.php ...)
	NOT-FOR-US: Beacon
CVE-2007-2662 (SQL injection vulnerability in EfesTECH Haber 5.0 allows remote ...)
	NOT-FOR-US: EfesTECH
CVE-2007-2661 (SQL injection vulnerability in archshow.asp in BlogMe 3.0 allows ...)
	NOT-FOR-US: BlogMe
CVE-2007-2660 (** DISPUTED ** ...)
	NOT-FOR-US: PhpConcept
CVE-2007-2659 (Directory traversal vulnerability in index.php in PHP Advanced ...)
	NOT-FOR-US: PHP Advanced Transfer Manager (phpATM)
CVE-2007-2658 (Unspecified vulnerability in the ID Automation Linear Barcode 1.6.0.5 ...)
	NOT-FOR-US: ID Automation
CVE-2007-2657 (Unspecified vulnerability in the PrecisionID Barcode 1.3 ActiveX ...)
	NOT-FOR-US: PrecisionID
CVE-2007-2656 (Stack-based buffer overflow in the Hewlett-Packard (HP) Magview ...)
	NOT-FOR-US: HP
CVE-2007-2655 (Unspecified vulnerability in NetWin Webmail 3.1s-1 in SurgeMail before ...)
	NOT-FOR-US: NetWin
CVE-2007-2654 (xfs_fsr in xfsdump creates a .fsr temporary directory with insecure ...)
	- xfsdump 2.2.45-1 (bug #417894; low)
	[etch] - xfsdump <no-dsa> (Minor issue)
CVE-2007-2653
	REJECTED
CVE-2007-2652 (Multiple unspecified vulnerabilities in Free-SA before 1.2.2 allow ...)
	NOT-FOR-US: Free-SA
CVE-2007-2651 (Multiple off-by-one errors in VooDoo cIRCle before 1.1.beta27 allow ...)
	NOT-FOR-US: VooDoo cIRCle
CVE-2007-2650 (The OLE2 parser in Clam AntiVirus (ClamAV) allows remote attackers to ...)
	{DSA-1320-1 DTSA-43-1}
	- clamav 0.90.2-1
CVE-2007-2649 (Deutsche Telekom (T-com) Speedport W 700v uses JavaScript delays for ...)
	NOT-FOR-US: Speedport W 700v
CVE-2007-2648 (Stack-based buffer overflow in the Clever Database Comparer 2.2 ...)
	NOT-FOR-US: Clever Database Comparer
CVE-2007-2647 (Static code injection vulnerability in admin/admin_configuration.php ...)
	NOT-FOR-US: MonAlbum
CVE-2007-2646 (Heap-based buffer overflow in yEnc32 1.0.7.207 allows user-assisted ...)
	NOT-FOR-US: yEnc32
CVE-2007-2645 (Integer overflow in the exif_data_load_data_entry function in ...)
	{DSA-1487-1}
	- libexif 0.6.15-1 (bug #424775)
CVE-2007-2644 (A certain ActiveX control in Morovia Barcode ActiveX Professional ...)
	NOT-FOR-US: Morovia
CVE-2007-2643 (Directory traversal vulnerability in phpThumb.php in PinkCrow Designs ...)
	NOT-FOR-US: maGAZIn
CVE-2007-2642 (Directory traversal vulnerability in galeria.php in R2K Gallery 1.7 ...)
	NOT-FOR-US: R2K Gallery
CVE-2007-2641 (SQL injection vulnerability in W1L3D4_bolum.asp in W1L3D4 Philboard ...)
	NOT-FOR-US: W1L3D4
CVE-2007-2640 (LibTMCG before 1.1.1 does not perform a range check to avoid &quot;trivial ...)
	NOT-FOR-US: LibTMCG
CVE-2007-2639 (Directory traversal vulnerability in TFTPdWin 0.4.2 allows remote ...)
	NOT-FOR-US: TFTPDWIN
CVE-2007-2638 (eFileCabinet 3.3 allows remote attackers to bypass authentication and ...)
	NOT-FOR-US: eFileCabinet
CVE-2007-2637 (MoinMoin before 20070507 does not properly enforce ACLs for calendars ...)
	{DSA-1514-1}
	- moin 1.5.7-2 (low)
CVE-2007-2636 (Unspecified vulnerability in phpTodo before 0.8.1 allows remote ...)
	NOT-FOR-US: phpTodo
CVE-2007-2635 (Unspecified vulnerability in Interchange before 5.4.2 allows remote ...)
	- interchange 5.4.2-1 (low)
CVE-2007-2634 (PHP remote file inclusion vulnerability in common/errormsg.php in ...)
	NOT-FOR-US: aForum
CVE-2007-2633 (Directory traversal vulnerability in H-Sphere SiteStudio 1.6 allows ...)
	NOT-FOR-US: H-Sphere
CVE-2007-2632 (Multiple cross-site scripting (XSS) vulnerabilities in PHP Multi User ...)
	NOT-FOR-US: phpMUR
CVE-2007-2631 (Cross-site request forgery (CSRF) vulnerability in SquirrelMail ...)
	NOTE: Duplicate of CVE-2007-2589
CVE-2007-2630 (Incomplete blacklist vulnerability in ...)
	- moin 1.5.8-4.1 (unimportant)
	- karrigell <not-affected> (Vulnerable php code not present)
	- knowledgeroot 0.9.8.2-2 (unimportant)
CVE-2007-2629 (Bradford CampusManager Network Control Application Server 3.1(6) ...)
	NOT-FOR-US: Bradford
CVE-2007-2628 (PHP remote file inclusion vulnerability in include/logout.php in ...)
	NOT-FOR-US: PHPSecurityAdmin
CVE-2007-2627 (Cross-site scripting (XSS) vulnerability in sidebar.php in WordPress, ...)
	- wordpress 2.2.2-1 (low)
	[etch] - wordpress <not-affected> (Vulnerable code not present)
CVE-2007-2626 (** DISPUTED ** ...)
	NOT-FOR-US: SchoolBoard
CVE-2007-2625 (Cross-site scripting (XSS) vulnerability in ...)
	NOT-FOR-US: All In One Control Panel (AIOCP)
CVE-2007-2624 (Dynamic variable evaluation vulnerability in ...)
	NOT-FOR-US: All In One Control Panel (AIOCP)
CVE-2007-2623 (Multiple buffer overflows in RControl.dll in Remote Display Dev kit ...)
	NOT-FOR-US: Remote Display Dev kit
CVE-2007-2622 (Multiple SQL injection vulnerabilities in TaskDriver 1.2 and earlier ...)
	NOT-FOR-US: TaskDriver
CVE-2007-2621 (SQL injection vulnerability in event_view.php in Thyme Calendar 1.3 ...)
	NOT-FOR-US: Thyme Calendar
CVE-2007-2620 (PHP remote file inclusion vulnerability in inc/config.inc.php in Jakub ...)
	NOT-FOR-US: Jakub Steiner (aka jimmac) original
CVE-2007-2619 (Symantec pcAnywhere 11.5.x and 12.0.x retains unencrypted login ...)
	NOT-FOR-US: Symantec pcAnywhere
CVE-2007-2618 (CRLF injection vulnerability in index.php in Drake CMS 0.4.0 allows ...)
	NOT-FOR-US: Drake CMS
CVE-2007-2617 (srsexec in Sun Remote Services (SRS) Net Connect Software Proxy Core ...)
	NOT-FOR-US: Sun Solaris
CVE-2007-2616 (Stack-based buffer overflow in the SSL version of the NMDMC.EXE ...)
	NOT-FOR-US: Novell NetMail
CVE-2007-2615 (Multiple PHP remote file inclusion vulnerabilities in Crie seu ...)
	NOT-FOR-US: PHPLojaFacil
CVE-2007-2614 (PHP remote file inclusion vulnerability in examples/widget8.php in ...)
	NOT-FOR-US: phpHtmlLib
CVE-2007-2613 (WikkaWiki (Wikka Wiki) before 1.1.6.3 allows attackers in a shared ...)
	NOT-FOR-US: WikkaWiki
CVE-2007-2612 (SQL injection vulnerability in libs/Wakka.class.php in WikkaWiki ...)
	NOT-FOR-US: WikkaWiki
CVE-2007-2611 (Multiple PHP remote file inclusion vulnerabilities in CGX 20050314 ...)
	NOT-FOR-US: CGX
CVE-2007-2610 (Cross-site scripting (XSS) vulnerability in OpenLD before 1.1.9, and ...)
	NOT-FOR-US: OpenLD
CVE-2007-2609 (Multiple PHP remote file inclusion vulnerabilities in gnuedu 1.3b2 ...)
	NOT-FOR-US: gnuedu
CVE-2007-2608 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: Miplex2
CVE-2007-2607 (PHP remote file inclusion vulnerability in views/print/printbar.php in ...)
	NOT-FOR-US: LaVague
CVE-2007-2606 (Multiple buffer overflows in Firebird 2.1 allow attackers to trigger ...)
	- firebird2.0 2.0.3.12981.ds1-1 (low; bug #444976)
	[etch] - firebird2 <no-dsa> (Fixed packages have been released through backports.org, see #1529)
	[sarge] - firebird2 <unfixed> (low)
	NOTE: Minor issue, because conffile is restricted
CVE-2007-2605 (Unspecified vulnerability in the GetPropertyById function in ...)
	NOT-FOR-US: Brujula Toolbar
CVE-2007-2604 (Unspecified vulnerability in the FlexLabel ActiveX control allows ...)
	NOT-FOR-US: FlexLabel
CVE-2007-2603 (Unspecified vulnerability in the Init function in the Audio CD Ripper ...)
	NOT-FOR-US: Audio CD Ripper
CVE-2007-2602 (Buffer overflow in MIBEXTRA.EXE in Ipswitch WhatsUp Gold 11 allows ...)
	NOT-FOR-US: Ipswitch WhatsUp
CVE-2007-2601 (Buffer overflow in a certain ActiveX control in the GDivX Zenith ...)
	NOT-FOR-US: GDivX Zenith Player
CVE-2007-2600 (Multiple cross-site scripting (XSS) vulnerabilities in TutorialCMS ...)
	NOT-FOR-US: TutorialCMS
CVE-2007-2599 (Multiple SQL injection vulnerabilities in TutorialCMS (aka Photoshop ...)
	NOT-FOR-US: TutorialCMS
CVE-2007-2598 (SQL injection vulnerability in print.php in SimpleNews 1.0.0 FINAL ...)
	NOT-FOR-US: PHP SimpleNEWS
CVE-2007-2597 (Multiple PHP remote file inclusion vulnerabilities in telltarget CMS ...)
	NOT-FOR-US: telltarget CMS
CVE-2007-2596 (PHP remote file inclusion vulnerability in common/func.php in aForum ...)
	NOT-FOR-US: aForum
CVE-2007-2595 (RSAuction 2.73.1.3 allows remote authenticated users to move their own ...)
	NOT-FOR-US: RSAuction
CVE-2007-2594 (PHP remote file inclusion vulnerability in inc/articles.inc.php in ...)
	NOT-FOR-US: phpMyPortal
CVE-2007-2593 (The Terminal Server in Microsoft Windows 2003 Server, when using TLS, ...)
	NOT-FOR-US: Microsoft
CVE-2007-2592 (Multiple cross-site scripting (XSS) vulnerabilities in Nokia ...)
	NOT-FOR-US: Nokia
CVE-2007-2591 (usrmgr/userList.asp in Nokia Intellisync Mobile Suite 6.4.31.2, ...)
	NOT-FOR-US: Nokia
CVE-2007-2590 (Nokia Intellisync Mobile Suite 6.4.31.2, 6.6.0.107, and 6.6.2.2, ...)
	NOT-FOR-US: Nokia
CVE-2007-2589 (Cross-site request forgery (CSRF) vulnerability in compose.php in ...)
	{DSA-1290-1}
	- squirrelmail 2:1.4.10a-1 (low)
	NOTE: CVE id has later been assigned to a part of this issue
CVE-2003-1327 (Buffer overflow in the SockPrintf function in wu-ftpd 2.6.2 and ...)
	- wu-ftpd 2.6.2-26 (unimportant; bug #425162)
	NOTE: Linux' limit is 4096 chars
CVE-2006-7203 (The compat_sys_mount function in fs/compat.c in Linux kernel 2.6.20 ...)
	{DSA-1504-1}
	- linux-2.6 2.6.18.dfsg.1-9 (low)
CVE-2007-2588 (Multiple buffer overflows in the Office Viewer OCX ActiveX control ...)
	NOT-FOR-US: Office Viewer OCX ActiveX
CVE-2007-2587 (The IOS FTP Server in Cisco IOS 11.3 through 12.4 allows remote ...)
	NOT-FOR-US: Cisco
CVE-2007-2586 (The IOS FTP Server in Cisco IOS 11.3 through 12.4 does not properly ...)
	NOT-FOR-US: Cisco
CVE-2007-2585 (Stack-based buffer overflow in the Verify function in the BarCodeWiz ...)
	NOT-FOR-US: BarCodeWiz ActiveX control
CVE-2007-2584 (Buffer overflow in the IsOldAppInstalled function in the ...)
	NOT-FOR-US: Subscription Manager ActiveX control
CVE-2007-2583 (The in_decimal::set function in item_cmpfunc.cc in MySQL before ...)
	{DSA-1413-1}
	- mysql-dfsg-5.0 5.0.41-1 (low; bug #426353)
	[sarge] - mysql-dfsg <not-affected> (Vulnerable functionality not implemented)
	[sarge] - mysql-dfsg <not-affected> (Not affected, test case doesn't crash the daemon)
CVE-2007-2582 (Multiple buffer overflows in the DB2 JDBC Applet Server (DB2JDS) ...)
	NOT-FOR-US: IBM DB2
CVE-2007-2581 (Multiple cross-site scripting (XSS) vulnerabilities in Microsoft ...)
	NOT-FOR-US: Microsoft
CVE-2007-2580 (Unspecified vulnerability in Apple Safari allows local users to obtain ...)
	NOT-FOR-US: Safari
CVE-2007-2579 (Multiple cross-site scripting (XSS) vulnerabilities in ACP3 4.0 beta 3 ...)
	NOT-FOR-US: ACP3
CVE-2007-2578 (Unspecified vulnerability in search/list/action_search/index.php in ...)
	NOT-FOR-US: ACP3
CVE-2007-2577 (Multiple SQL injection vulnerabilities in ACP3 4.0 beta 3 allow remote ...)
	NOT-FOR-US: ACP3
CVE-2007-2576 (Buffer overflow in the East Wind Software advdaudio.ocx 1.5.1.1 ...)
	NOT-FOR-US: advdaudio.ocx ActiveX control
CVE-2007-2575 (PHP remote file inclusion vulnerability in watermark.php in the vm ...)
	NOT-FOR-US: vm watermark 0.4.1 mod for Gallery
CVE-2007-2574 (Directory traversal vulnerability in index.php in Archangel Weblog ...)
	NOT-FOR-US: Archangel Weblog
CVE-2007-2573 (PHP remote file inclusion vulnerability in plugin/HP_DEV/cms2.php in ...)
	NOT-FOR-US: PHPtree
CVE-2007-2572 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: NoAh (aka PHP Content Architect, phparch)
CVE-2007-2571 (SQL injection vulnerability in index.php in the wfquotes 1.0 0 module ...)
	NOT-FOR-US: wfquotes module for XOOPS
CVE-2007-2570 (PHP remote file inclusion vulnerability in handlers/page/show.php in ...)
	NOT-FOR-US: Wikivi5
CVE-2007-2569 (Multiple PHP remote file inclusion vulnerabilities in Friendly 1.0d1 ...)
	NOT-FOR-US: Friendly
CVE-2007-2568 (Multiple stack-based buffer overflows in VCDGear 3.55 allow ...)
	NOT-FOR-US: VCDGear
CVE-2007-2567 (Buffer overflow in the SaveBarCode function in the Taltech Tal Bar ...)
	NOT-FOR-US: Taltech Tal Bar Code ActiveX control
CVE-2007-2566 (The SaveBarCode function in the Taltech Tal Bar Code ActiveX control ...)
	NOT-FOR-US: Taltech Tal Bar Code ActiveX control
CVE-2007-2565 (Cdelia Software ImageProcessing allows user-assisted remote attackers ...)
	NOT-FOR-US: Cdelia Software ImageProcessing
CVE-2007-2564 (Multiple stack-based buffer overflows in the Sienzo Digital Music ...)
	NOT-FOR-US: Sienzo Digital Music Mentor ActiveX control
CVE-2007-2563 (Buffer overflow in the AddFile function in VersalSoft HTTP File Upload ...)
	NOT-FOR-US: VersalSoft HTTP File Upload ActiveX control
CVE-2007-2562 (Cross-site scripting (XSS) vulnerability in index.php in Kayako ...)
	NOT-FOR-US: Kayako eSupport
CVE-2007-2561 (SQL injection vulnerability in index.asp in fipsCMS 2.1 allows remote ...)
	NOT-FOR-US: fipsCMS
CVE-2007-2560 (Directory traversal vulnerability in theme/acgv.php in ACGVannu 1.3 ...)
	NOT-FOR-US: ACGVannu
CVE-2007-2559 (Multiple PHP remote file inclusion vulnerabilities in american cart ...)
	NOT-FOR-US: american cart
CVE-2007-2558 (** DISPUTED ** ...)
	NOT-FOR-US: pfa CMS
CVE-2007-2557 (MOStlyDB Admin in Mambo 4.6.1 does not properly check privileges, ...)
	NOT-FOR-US: Mambo
CVE-2007-2556 (SQL injection vulnerability in Nuked-klaN 1.7.6 allows remote ...)
	NOT-FOR-US: Nuked-klaN
CVE-2007-2555 (Unspecified vulnerability in Default.aspx in Podium CMS allows remote ...)
	NOT-FOR-US: Podium CMS
CVE-2007-2554 (Associated Press (AP) Newspower 4.0.1 and earlier uses a default blank ...)
	NOT-FOR-US: Newspower
CVE-2007-2553 (Unspecified vulnerability in dop in HP Tru64 UNIX 5.1B-4, 5.1B-3, and ...)
	NOT-FOR-US: HP Tru64 UNIX
CVE-2007-2552 (The RecentChanges feature in WikkaWiki (Wikka Wiki) before 1.1.6.3 ...)
	NOT-FOR-US: WikkaWiki
CVE-2007-2551 (Cross-site scripting (XSS) vulnerability in usersettings.php in ...)
	NOT-FOR-US: WikkaWiki
CVE-2007-2550 (Multiple CRLF injection vulnerabilities in Devellion CubeCart 3.0.15 ...)
	NOT-FOR-US: CubeCart
CVE-2007-2549 (SQL injection vulnerability in index.php in TurnkeyWebTools SunShop ...)
	NOT-FOR-US: TurnkeyWebTools
CVE-2007-2548 (Unspecified vulnerability in index.php in TurnkeyWebTools SunShop ...)
	NOT-FOR-US: TurnkeyWebTools
CVE-2007-2547 (Cross-site scripting (XSS) vulnerability in index.php in ...)
	NOT-FOR-US: TurnkeyWebTools
CVE-2007-2546 (Session fixation vulnerability in Simple Machines Forum (SMF) 1.1.2 ...)
	NOT-FOR-US: SMF
CVE-2007-2545 (Multiple PHP remote file inclusion vulnerabilities in Persism CMS ...)
	NOT-FOR-US: Persism
CVE-2007-2544 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: TopTree BBS
CVE-2007-2543 (SQL injection vulnerability in game.php in the Flashgames 1.0.1 module ...)
	NOT-FOR-US: XOOPS
CVE-2007-2542 (PHP remote file inclusion vulnerability in header.php in workbench ...)
	NOT-FOR-US: workbench survival guide
CVE-2007-2541 (PHP remote file inclusion vulnerability in includes/ajax_listado.php ...)
	NOT-FOR-US: Versado
CVE-2007-2540 (Multiple PHP remote file inclusion vulnerabilities in PMECMS 1.0 and ...)
	NOT-FOR-US: PMECMS
CVE-2007-2539 (The show_files function in RunCms 1.5.2 and earlier allows remote ...)
	NOT-FOR-US: RunCms
CVE-2007-2538 (SQL injection vulnerability in class/debug/debug_show.php in RunCms ...)
	NOT-FOR-US: RunCms
CVE-2007-2537 (Multiple SQL injection vulnerabilities in mainfile.php in NPDS 5.10 ...)
	NOT-FOR-US: NPDS
CVE-2007-2536 (PicoZip allows remote attackers to cause a denial of service (infinite ...)
	NOT-FOR-US: Picozip
CVE-2007-2535 (WinAce allows remote attackers to cause a denial of service (infinite ...)
	NOT-FOR-US: WinAce
CVE-2007-2534 (** DISPUTED ** ...)
	NOT-FOR-US: phpHoo3
CVE-2007-2533 (Multiple buffer overflows in Trend Micro ServerProtect 5.58 before ...)
	NOT-FOR-US: Trend Micro ServerProtect
CVE-2007-2532 (Multiple cross-site scripting (XSS) vulnerabilities in Minh Nguyen ...)
	NOT-FOR-US: Minh Nguyen Duong Obie Website Mini Web Shop
CVE-2007-2531 (PHP remote file inclusion vulnerability in berylium-classes.php in ...)
	NOT-FOR-US: Berylium2
CVE-2007-2530 (Multiple PHP remote file inclusion vulnerabilities in Tropicalm ...)
	NOT-FOR-US: Tropicalm
CVE-2007-2529 (Integer signedness error in the acl (facl) system call in Solaris 10 ...)
	NOT-FOR-US: Solaris 10
CVE-2007-2528 (Buffer overflow in AgRpcCln.dll for Trend Micro ServerProtect 5.58 for ...)
	NOT-FOR-US: Trend Micro ServerProtect
CVE-2007-2527 (Multiple PHP remote file inclusion vulnerabilities in DynamicPAD ...)
	NOT-FOR-US: DynamicPAD
CVE-2007-2526 (Heap-based buffer overflow in the ConnectAsyncEx function in VNC ...)
	NOT-FOR-US: VNC Viewer ActiveX control
CVE-2007-2525 (Memory leak in the PPP over Ethernet (PPPoE) socket implementation in ...)
	{DSA-1503-2 DSA-1504-1 DSA-1503-1 DSA-1356-1}
	- linux-2.6 2.6.22-1
	NOTE: Fixed in commit 202a03acf9994076055df40ae093a5c5474ad0bd in
	NOTE: Linus' tree.
CVE-2007-2524 (Cross-site scripting (XSS) vulnerability in index.pl in OTRS (Open ...)
	{DSA-1298-1}
	- otrs2 2.1.1-1 (bug #423524)
	NOTE: 2.1 and 2.2 are not affected, so recording earliest 2.1 version as fix
CVE-2007-2523 (CA Anti-Virus for the Enterprise r8 and Threat Manager r8 before ...)
	NOT-FOR-US: CA Anti-Virus
CVE-2007-2522 (Stack-based buffer overflow in the inoweb Console Server in CA ...)
	NOT-FOR-US: CA Anti-Virus
CVE-2007-2521 (PHP remote file inclusion vulnerability in common.php in E-GADS! ...)
	NOT-FOR-US: E-GADS!
CVE-2007-2520 (SQL injection vulnerability in admin.php in MyNews 0.10, when ...)
	NOT-FOR-US: MyNews
CVE-2007-2519 (Directory traversal vulnerability in the installer in PEAR 1.0 through ...)
	- php5 5.2.3-1 (unimportant; bug #441433)
	- php4 <removed> (unimportant)
	NOTE: The installation of the PEAR needs to be trusted anyway, this doesn't
	NOTE: cross trust boundaries
CVE-2007-2518
	REJECTED
CVE-2007-2517
	RESERVED
CVE-2007-2516
	RESERVED
CVE-2007-2515
	RESERVED
CVE-2007-2514 (Stack-based buffer overflow in XferWan.exe as used in multiple ...)
	NOT-FOR-US: Symantec
CVE-2007-2513 (Novell GroupWise 7 before SP2 20070524, and GroupWise 6 before 6.5 ...)
	NOT-FOR-US: Novell GroupWise
CVE-2007-2512 (Alcatel-Lucent IP-Touch Telephone running OmniPCX Enterprise 7.0 and ...)
	NOT-FOR-US: Alcatel-Lucent
CVE-2007-2511 (Buffer overflow in the user_filter_factory_create function in PHP ...)
	{DTSA-39-1}
	- php5 5.2.2-1 (unimportant)
	NOTE: Only triggerable by malicious script
CVE-2007-2510 (Buffer overflow in the make_http_soap_request function in PHP before ...)
	{DSA-1295-1 DTSA-39-1}
	- php5 5.2.2-1 (low)
CVE-2007-2509 (CRLF injection vulnerability in the ftp_putcmd function in PHP before ...)
	{DSA-1296-1 DSA-1295-1 DTSA-39-1 DTSA-40-1}
	- php5 5.2.2-1 (low)
	- php4 4.4.7-1 (low)
CVE-2007-2508 (Multiple stack-based buffer overflows in Trend Micro ServerProtect ...)
	NOT-FOR-US: Trend Micro
CVE-2007-2507 (Directory traversal vulnerability in includes/download.php in Treble ...)
	NOT-FOR-US: Treble Designs 1024 CMS
CVE-2007-2506 (WebSpeed 3.x in OpenEdge 10.x in Progress Software Progress 9.1e, and ...)
	NOT-FOR-US: OpenEdge WebSpeed
CVE-2007-2505 (Stack-based buffer overflow in InterVations MailCOPA 8.01 20070323 ...)
	NOT-FOR-US: MailCOPA
CVE-2007-2504 (** DISPUTED ** ...)
	NOT-FOR-US: PHP Turbulence
CVE-2007-2503 (** DISPUTED ** ...)
	NOT-FOR-US: PHP Turbulence
CVE-2007-2502 (Unspecified vulnerability in HP ProCurve 9300m Series switches with ...)
	NOT-FOR-US: HP ProCurve 9300m Series switches
CVE-2007-2501 (Eval injection vulnerability in codepress.html in CodePress before ...)
	NOT-FOR-US: CodePress
CVE-2007-2500 (server/parser/sprite_definition.cpp in GNU Gnash (aka GNU Flash ...)
	{DTSA-48-1}
	- gnash 0.7.2+cvs20070518.1557-1 (bug #423433)
CVE-2007-2499 (Multiple cross-site scripting (XSS) vulnerabilities in DVDdb 0.6 and ...)
	NOT-FOR-US: DVDdb
CVE-2007-2498 (libmp4v2.dll in Winamp 5.02 through 5.34 allows user-assisted remote ...)
	NOT-FOR-US: Winamp
CVE-2007-2497 (RealNetworks RealPlayer 10 Gold allows remote attackers to cause a ...)
	NOT-FOR-US: RealPlayer
	NOTE: helix-player not affected
CVE-2007-2496 (The WordOCX ActiveX control in WordViewer.ocx 3.2.0.5 allows remote ...)
	NOT-FOR-US: WordViewer.ocx
CVE-2007-2495 (Multiple stack-based buffer overflows in the ExcelOCX ActiveX control ...)
	NOT-FOR-US: ExcelViewer .ocx
CVE-2007-2494 (Multiple stack-based buffer overflows in the PowerPointOCX ActiveX ...)
	NOT-FOR-US: PowerPointViewer .ocx
CVE-2007-2493 (PHP remote file inclusion vulnerability in faq.php in the FAQ &amp; RULES ...)
	NOT-FOR-US: FAQ & RULES module for mxBB
CVE-2007-2492 (SQL injection vulnerability in index.php in the v4bJournal module for ...)
	NOT-FOR-US: v4bJournal module for PostNuke
CVE-2007-2491 (The PIIX4 power management subsystem in EMC VMware Workstation ...)
	NOT-FOR-US: EMC VMware
CVE-2007-2490 (Unspecified vulnerability in LiveData Server before 5.00.62 allows ...)
	NOT-FOR-US: LiveData Server
CVE-2007-2489 (Heap-based buffer overflow in LiveData Protocol Server 5.00.045, and ...)
	NOT-FOR-US: LiveData Protocol Server
CVE-2007-2487 (Stack-based buffer overflow in AtomixMP3 allows remote attackers to ...)
	NOT-FOR-US: AtomixMP3
CVE-2007-2486 (Directory traversal vulnerability in download.asp in Motobit 1.3 and ...)
	NOT-FOR-US: Motobit
CVE-2007-2485 (PHP remote file inclusion vulnerability in myflash-button.php in the ...)
	NOT-FOR-US: myflash plugin for WordPress
CVE-2007-2484 (PHP remote file inclusion vulnerability in js/wptable-button.php in ...)
	NOT-FOR-US: wp-Table plugin for WordPress
CVE-2007-2483 (Directory traversal vulnerability in js/wptable-button.php in the ...)
	NOT-FOR-US: wp-Table plugin for WordPress
CVE-2007-2482 (Directory traversal vulnerability in wordtube-button.php in the ...)
	NOT-FOR-US: wordTube plugin for WordPress
CVE-2007-2481 (PHP remote file inclusion vulnerability in wordtube-button.php in the ...)
	NOT-FOR-US: wordTube plugin for WordPress
CVE-2006-7202 (The dofreePDF function in includes/pdf.php in Mambo 4.6.1 does not ...)
	NOT-FOR-US: Mambo
CVE-2007-XXXX [schroot may use outdated configuration information]
	- schroot <not-affected> (Upstream: "This bug was never present in a Debian release.")
CVE-2007-2488 (The IAX2 channel driver (chan_iax2) in Asterisk before 20070504 does ...)
	{DSA-1358-1}
	- asterisk 1:1.4.5~dfsg-1 (low)
	NOTE: no-dsa / unimportant candidate, the opposite side of the telephone line
	NOTE: could just as well hang-up
	NOTE: http://ftp.digium.com/pub/asa/ASA-2007-013.html
CVE-2007-2480 (The _udp_lib_get_port function in net/ipv4/udp.c in Linux kernel ...)
	- linux-2.6 2.6.22-1 (medium)
CVE-2007-2479 (Cerulean Studios Trillian Pro before 3.1.5.1 allows remote attackers ...)
	NOT-FOR-US: Cerulean Trillian
CVE-2007-2478 (Multiple heap-based buffer overflows in the IRC component in Cerulean ...)
	NOT-FOR-US: Cerulean Trillian
CVE-2007-2477 (** DISPUTED ** ...)
	NOT-FOR-US: phpMyChat
CVE-2007-2476 (Unspecified vulnerability in Novell SecureLogin (NSL) 6 SP1 before ...)
	NOT-FOR-US: Novell
CVE-2007-2475 (Unspecified vulnerability in the ADSCHEMA utility in Novell ...)
	NOT-FOR-US: Novell
CVE-2007-2474 (Multiple PHP remote file inclusion vulnerabilities in Turnkey Web ...)
	NOT-FOR-US: Turnkey Web Tools SunShop Shopping Cart
CVE-2007-2473 (SQL injection vulnerability in stylesheet.php in CMS Made Simple 1.0.5 ...)
	NOT-FOR-US: CMS Made Simple
CVE-2007-2472 (Cross-site scripting (XSS) vulnerability in sendcard.php in Sendcard ...)
	NOT-FOR-US: Sendcard
CVE-2007-2471 (Directory traversal vulnerability in sendcard.php in Sendcard 3.4.1 ...)
	NOT-FOR-US: Sendcard
CVE-2007-2470 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...)
	NOT-FOR-US: FileRun
CVE-2007-2469 (SQL injection vulnerability in index.php in FileRun 1.0 and earlier ...)
	NOT-FOR-US: FileRun
CVE-2007-2468 (Unspecified vulnerability in HP OpenVMS for Integrity Servers 8.2-1 ...)
	NOT-FOR-US: HP OpenVMS
CVE-2007-2467 (ZoneAlarm Pro 6.5.737.000, 6.1.744.001, and possibly earlier versions ...)
	NOT-FOR-US: Check Point Zone Labs ZoneAlarm Internet Security Suite
CVE-2007-2466 (Unspecified vulnerability in the LDAP Software Development Kit (SDK) ...)
	NOT-FOR-US: Sun Java System Directory Server
CVE-2007-2465 (Unspecified vulnerability in Sun Solaris 9, when Solaris Auditing ...)
	NOT-FOR-US: Sun Solaris
CVE-2007-2464 (Race condition in Cisco Adaptive Security Appliance (ASA) and PIX 7.1 ...)
	NOT-FOR-US: Cisco
CVE-2007-2463 (Unspecified vulnerability in Cisco Adaptive Security Appliance (ASA) ...)
	NOT-FOR-US: Cisco
CVE-2007-2462 (Unspecified vulnerability in Cisco Adaptive Security Appliance (ASA) ...)
	NOT-FOR-US: Cisco
CVE-2007-2461 (The DHCP relay agent in Cisco Adaptive Security Appliance (ASA) and ...)
	NOT-FOR-US: Cisco
CVE-2007-2460 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: FireFly
CVE-2007-2459 (Heap-based buffer overflow in the BMP reader (bmp.c) in Imager perl ...)
	{DSA-1498-1}
	- libimager-perl 0.58-1 (unimportant; bug #421582)
	NOTE: Only CVE-2007-2413 is exploitable per upstream
CVE-2007-2458 (Multiple PHP remote file inclusion vulnerabilities in Pixaria Gallery ...)
	NOT-FOR-US: Pixaria Gallery
CVE-2007-2457 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: Pixaria Gallery
CVE-2007-2456 (Multiple PHP remote file inclusion vulnerabilities in FireFly 1.1.01 ...)
	NOT-FOR-US: FireFly
CVE-2007-2455 (Parallels allows local users to cause a denial of service (virtual ...)
	NOT-FOR-US: Parallels
CVE-2007-2454 (Heap-based buffer overflow in the VGA device in Parallels allows local ...)
	NOT-FOR-US: Parallels
CVE-2007-2453 (The random number feature in Linux kernel 2.6 before 2.6.20.13, and ...)
	{DSA-1356-1}
	- linux-2.6 2.6.21-5 (low)
CVE-2007-2452 (Heap-based buffer overflow in the visit_old_format function in ...)
	- findutils 4.2.31-1 (low; bug #426862)
	[sarge] - findutils <no-dsa> (Not vulnerable in default configuration, minor issue)
	[etch] - findutils 4.2.28-1etch1 (low)
CVE-2007-2451 (Unspecified vulnerability in drivers/crypto/geode-aes.c in GEODE-AES ...)
	- linux-2.6 2.6.21-3
	[etch] - linux-2.6 <not-affected> (Vulnerable code not present, introduced in 2.6.20)
CVE-2007-2450 (Multiple cross-site scripting (XSS) vulnerabilities in the (1) Manager ...)
	{DSA-1468-1}
	- tomcat4 <removed> (low)
	- tomcat5 <unfixed> (low)
	- tomcat5.5 5.5.25-1 (low)
	[sarge] - tomcat4 <no-dsa> (Contrib not supported)
CVE-2007-2449 (Multiple cross-site scripting (XSS) vulnerabilities in certain JSP ...)
	- tomcat4 <removed> (unimportant)
	- tomcat5 <removed> (unimportant)
	- tomcat5.5 5.5.25-1 (unimportant)
	NOTE: Only present in the examples, not in production code
CVE-2007-2448 (Subversion 1.4.3 and earlier does not properly implement the &quot;partial ...)
	- subversion 1.4.4dfsg1-1 (bug #428194; low)
	[etch] - subversion <no-dsa> (Minor issue)
	[sarge] - subversion <no-dsa> (Minor issue)
CVE-2007-2447 (The MS-RPC functionality in smbd in Samba 3.0.0 through 3.0.25rc3 ...)
	{DSA-1291-2 DTSA-41-1}
	- samba 3.0.25-1 (high)
CVE-2007-2446 (Multiple heap-based buffer overflows in the NDR parsing in smbd in ...)
	{DSA-1291-2 DTSA-41-1}
	- samba 3.0.25-1 (high)
CVE-2007-2445 (The png_handle_tRNS function in pngrutil.c in libpng before 1.0.25 and ...)
	{DSA-1613-1}
	- libpng 1.2.15~beta5-2 (unimportant)
	- libpng3 <unfixed> (unimportant)
	NOTE: Only a crash, no code injection. Calling this DoS stretches things rather far
CVE-2007-2444 (Logic error in the SID/Name translation functionality in smbd in Samba ...)
	{DSA-1291-2 DTSA-41-1}
	- samba 3.0.25-1
CVE-2007-2443 (Integer signedness error in the gssrpc__svcauth_unix function in ...)
	{DSA-1323-1}
	- krb5 1.6.dfsg.1-5 (bug #430787; medium)
CVE-2007-2442 (The gssrpc__svcauth_gssapi function in the RPC library in MIT Kerberos ...)
	{DSA-1323-1}
	- krb5 1.6.dfsg.1-5 (bug #430787; high)
CVE-2007-2441 (Caucho Resin Professional 3.1.0 and Caucho Resin 3.1.0 and earlier for ...)
	NOT-FOR-US: Caucho Resin Professional
CVE-2007-2440 (Directory traversal vulnerability in Caucho Resin Professional 3.1.0 ...)
	NOT-FOR-US: Caucho Resin Professional
CVE-2007-2439 (Caucho Resin Professional 3.1.0 and Caucho Resin 3.1.0 and earlier for ...)
	NOT-FOR-US: Caucho Resin Professional
CVE-2007-2438 (The sandbox for vim allows dangerous functions such as (1) writefile, ...)
	{DSA-1364-2 DSA-1364-1}
	- vim 1:7.1-022+1 (bug #435401; low)
	[sarge] - vim <not-affected> (Vulnerable code not present)
	NOTE: Exploitable through modelines, needs to be used with care in any case
CVE-2007-2437 (The X render (Xrender) extension in X.org X Window System 7.0, 7.1, ...)
	- xorg-server 2:1.3.0.0.dfsg-4 (unimportant; bug #422936)
	NOTE: etch vulnerable (patch below applies)
	NOTE: git url to fix the issue
	NOTE: http://gitweb.freedesktop.org/?p=xorg/xserver.git;a=commitdiff;h=71fc5b3e9309182978ead676965d65ca93a4e3b9
	NOTE: Not considered a security problem, only exploitable by authenticated users
	NOTE: If an attacker convinces such a user to run his exploit code blindly she could
	NOTE: just as well provide a binary which does more harm
CVE-2007-2436
	REJECTED
CVE-2007-2435 (Sun Java Web Start in JDK and JRE 5.0 Update 10 and earlier, and Java ...)
	- sun-java5 1.5.0-11-1 (medium; bug #423062)
	[etch] - sun-java5 1.5.0-14-1etch1
	[etch] - sun-java5 <no-dsa> (Non-free not supported)
CVE-2007-2434 (Buffer overflow in asnsp.dll in Aventail Connect 4.1.2.13 allows ...)
	NOT-FOR-US: Aventail Connect
CVE-2007-2433 (Cross-site scripting (XSS) vulnerability in index.php in Ariadne 2.4.1 ...)
	NOT-FOR-US: Ariadne
CVE-2007-2432 (Cross-site scripting (XSS) vulnerability in utilities/search.asp in ...)
	NOT-FOR-US: Nukedit
CVE-2007-2431 (Dynamic variable evaluation vulnerability in ...)
	NOT-FOR-US: TCExam
CVE-2007-2430 (shared/code/tce_tmx.php in TCExam 4.0.011 and earlier allows remote ...)
	NOT-FOR-US: TCExam
CVE-2007-2429 (ManageEngine PasswordManager Pro (PMP) allows remote attackers to ...)
	NOT-FOR-US: ManageEngine PasswordManager Pro (PMP)
CVE-2007-2428 (Multiple PHP remote file inclusion vulnerabilities in page.php in ...)
	NOT-FOR-US: Ahhp-Portal
CVE-2007-2427 (SQL injection vulnerability in index.php in the pnFlashGames 1.5 ...)
	NOT-FOR-US: pnFlashGames
CVE-2007-2426 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: myGallery
CVE-2007-2425 (Directory traversal vulnerability in fileview.php in Imageview 5.3 ...)
	NOT-FOR-US: Imageview
CVE-2007-2424 (PHP remote file inclusion vulnerability in help/index.php in The ...)
	NOT-FOR-US: The Merchant
CVE-2007-2423 (Cross-site scripting (XSS) vulnerability in index.php in MoinMoin ...)
	{DSA-1514-1}
	- moin 1.5.7-3 (medium; bug #422408)
CVE-2007-2422 (** DISPUTED ** ...)
	NOT-FOR-US: Comdev One Admin
CVE-2007-2421 (Buffer overflow in Hitachi Groupmax Mobile Option for Mobile-Phone ...)
	NOT-FOR-US: Hitachi Groupmax
CVE-2007-2420 (SQL injection vulnerability in bry.asp in Burak Yilmaz Blog 1.0 allows ...)
	NOT-FOR-US: Burak Yilmaz Blog
CVE-2007-2419 (Multiple buffer overflows in an ActiveX control (boisweb.dll) in ...)
	NOT-FOR-US: Macrovision
CVE-2007-2418 (Heap-based buffer overflow in the Rendezvous / Extensible Messaging ...)
	NOT-FOR-US: Cerulean Trillian
CVE-2007-2417 (Heap-based buffer overflow in _mprosrv.exe in Progress Software ...)
	NOT-FOR-US: Progress Software Progress and OpenEdge
CVE-2007-2416 (SQL injection vulnerability in home.php in E-Annu allows remote ...)
	NOT-FOR-US: E-Annu
CVE-2007-2415 (Pi3Web Web Server 2.0.3 PL1 allows remote attackers to cause a denial ...)
	NOT-FOR-US: Pi3Web Web Server
CVE-2007-2414 (MyServer before 0.8.8 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: MyServer
CVE-2007-2413
	REJECTED
	{DSA-1498-1}
	- libimager-perl 0.58-1 (bug #421582)
CVE-2007-2412 (** DISPUTED ** ...)
	NOT-FOR-US: Seir Anphin
CVE-2007-2411 (** DISPUTED ** ...)
	NOT-FOR-US: Sphider
CVE-2007-2410 (WebCore on Apple Mac OS X 10.3.9 and 10.4.10 retains properties of ...)
	NOT-FOR-US: Mac OS X
CVE-2007-2409 (Cross-domain vulnerability in WebCore on Apple Mac OS X 10.3.9 and ...)
	NOT-FOR-US: Mac OS X
CVE-2007-2408 (WebKit in Apple Safari 3 Beta before Update 3.0.3 does not properly ...)
	NOT-FOR-US: Apple Safari
CVE-2007-2407 (The Samba server on Apple Mac OS X 10.3.9 and 10.4.10, when Windows ...)
	- samba <not-affected> (MacOS/Apple-specific vulnerability)
CVE-2007-2406 (Quartz Composer on Apple Mac OS X 10.4.10 does not initialize a ...)
	NOT-FOR-US: Mac OS X
CVE-2007-2405 (Integer underflow in Preview in PDFKit on Apple Mac OS X 10.4.10 ...)
	NOT-FOR-US: Mac OS X
CVE-2007-2404 (CRLF injection vulnerability in CFNetwork on Apple Mac OS X 10.3.9 and ...)
	NOT-FOR-US: Mac OS X
CVE-2007-2403 (CFNetwork on Apple Mac OS X 10.3.9 and 10.4.10 does not properly ...)
	NOT-FOR-US: Mac OS X
CVE-2007-2402 (QuickTime for Java in Apple Quicktime before 7.2 does not perform ...)
	NOT-FOR-US: Apple Quicktime
CVE-2007-2401 (CRLF injection vulnerability in WebCore in Apple Mac OS X 10.3.9, ...)
	NOT-FOR-US: Apple
CVE-2007-2400 (Race condition in Apple Safari 3 Beta before 3.0.2 on Mac OS X, ...)
	NOT-FOR-US: Apple
CVE-2007-2399 (WebKit in Apple Mac OS X 10.3.9, 10.4.9 and later, and iPhone before ...)
	NOT-FOR-US: Apple
CVE-2007-2398 (Apple Safari 3.0.1 beta (522.12.12) on Windows allows remote attackers ...)
	NOT-FOR-US: Apple Safari
CVE-2007-2397 (QuickTime for Java in Apple Quicktime before 7.2 does not properly ...)
	NOT-FOR-US: Apple Quicktime
CVE-2007-2396 (The JDirect support in QuickTime for Java in Apple Quicktime before ...)
	NOT-FOR-US: Apple Quicktime
CVE-2007-2395 (Unspecified vulnerability in Apple QuickTime before 7.3 allows remote ...)
	NOT-FOR-US: Apple QuickTime
CVE-2007-2394 (Integer overflow in Apple Quicktime before 7.2 on Mac OS X 10.3.9 and ...)
	NOT-FOR-US: Apple Quicktime
CVE-2007-2393 (The design of QuickTime for Java in Apple Quicktime before 7.2 allows ...)
	NOT-FOR-US: Apple Quicktime
CVE-2007-2392 (Apple Quicktime before 7.2 on Mac OS X 10.3.9 and 10.4.9 allows ...)
	NOT-FOR-US: Apple Quicktime
CVE-2007-2391 (Cross-site scripting (XSS) vulnerability in Apple Safari Beta 3.0.1 ...)
	NOT-FOR-US: Apple
CVE-2007-2390 (Buffer overflow in iChat in Apple Mac OS X 10.3.9 and 10.4.9 allows ...)
	NOT-FOR-US: Apple
CVE-2007-2389 (Apple QuickTime for Java 7.1.6 on Mac OS X and Windows does not clear ...)
	NOT-FOR-US: Apple
CVE-2007-2388 (Apple QuickTime for Java 7.1.6 on Mac OS X and Windows does not ...)
	NOT-FOR-US: Apple
CVE-2007-2387 (Apple Xserve Lights-Out Management before Firmware Update 1.0 on Intel ...)
	NOT-FOR-US: Apple
CVE-2007-2386 (Buffer overflow in mDNSResponder in Apple Mac OS X 10.4 up to 10.4.9 ...)
	NOT-FOR-US: Apple mDNSResponder
CVE-2007-2385 (The Yahoo! UI framework exchanges data using JavaScript Object ...)
	TODO: check yui
	NOTE: see http://www.fortifysoftware.com/servlet/downloads/public/JavaScript_Hijacking.pdf
	NOTE: This allows to steal data from affected websites. Therefore web applications should
	NOTE: only be considered vunerabile if they process confidential data.
	NOTE: The frameworks should be fixed in any case.
CVE-2007-2384 (The Script.aculo.us framework exchanges data using JavaScript Object ...)
	TODO: check glpi knowledgeroot mt-daapd op-panel python-webhelpers qwik rails wordpress
	NOTE: see http://www.fortifysoftware.com/servlet/downloads/public/JavaScript_Hijacking.pdf
	NOTE: This allows to steal data from affected websites. Therefore web applications should
	NOTE: only be considered vunerabile if they process confidential data.
	NOTE: The frameworks should be fixed in any case.
CVE-2007-2383 (The Prototype (prototypejs) framework before 1.5.1 RC3 exchanges data ...)
	TODO: check glpi hobix knowledgeroot libbio-ruby1.8 mt-daapd op-panel poker-web python-webhelpers qwik rails wordpress
	NOTE: see http://www.fortifysoftware.com/servlet/downloads/public/JavaScript_Hijacking.pdf
	NOTE: This allows to steal data from affected websites. Therefore web applications should
	NOTE: only be considered vunerabile if they process confidential data.
	NOTE: The frameworks should be fixed in any case.
CVE-2007-2382 (The Moo.fx framework exchanges data using JavaScript Object Notation ...)
	NOT-FOR-US: Moo.fx framework
	NOTE: see http://www.fortifysoftware.com/servlet/downloads/public/JavaScript_Hijacking.pdf
	NOTE: This allows to steal data from affected websites. Therefore web applications should
	NOTE: only be considered vunerabile if they process confidential data.
	NOTE: The frameworks should be fixed in any case.
CVE-2007-2381 (The MochiKit framework exchanges data using JavaScript Object Notation ...)
	TODO: check python-paste
	NOTE: see http://www.fortifysoftware.com/servlet/downloads/public/JavaScript_Hijacking.pdf
	NOTE: This allows to steal data from affected websites. Therefore web applications should
	NOTE: only be considered vunerabile if they process confidential data.
	NOTE: The frameworks should be fixed in any case.
CVE-2007-2380 (The Microsoft Atlas framework exchanges data using JavaScript Object ...)
	NOT-FOR-US: Microsoft Atlas
CVE-2007-2379 (The jQuery framework exchanges data using JavaScript Object Notation ...)
	NOT-FOR-US: jQuery framework
CVE-2007-2378 (The Google Web Toolkit (GWT) framework exchanges data using JavaScript ...)
	NOT-FOR-US: Google Web Toolkit (GWT)
CVE-2007-2377 (The Getahead Direct Web Remoting (DWR) framework 1.1.4 exchanges data ...)
	NOT-FOR-US: Getahead Direct Web Remoting
CVE-2007-2376 (The Dojo framework exchanges data using JavaScript Object Notation ...)
	NOT-FOR-US: Dojo
CVE-2007-2375 (The agent remote upgrade interface in Symantec Enterprise Security ...)
	NOT-FOR-US: Symantec
CVE-2007-2374 (Unspecified vulnerability in Microsoft Windows 2000, XP, and Server ...)
	NOT-FOR-US: Microsoft
CVE-2007-2373 (SQL injection vulnerability in viewcat.php in the WF-Links (wflinks) ...)
	NOT-FOR-US: WF-Links (wflinks) module for XOOPS
CVE-2007-2372 (admin/send_mod.php in Gregory Kokanosky phpMyNewsletter 0.8 beta5 and ...)
	NOT-FOR-US: phpMyNewsletter
CVE-2007-2371 (admin/index.php in Gregory Kokanosky phpMyNewsletter 0.8 beta5 and ...)
	NOT-FOR-US: phpMyNewsletter
CVE-2007-2370 (SQL injection vulnerability in index.php in the John Mordo Jobs 2.4 ...)
	NOT-FOR-US: Jobs module for XOOPS
CVE-2007-2369 (Directory traversal vulnerability in picture.php in WebSPELL 4.01.02 ...)
	NOT-FOR-US: WebSPELL
CVE-2007-2368 (picture.php in WebSPELL 4.01.02 and earlier allows remote attackers to ...)
	NOT-FOR-US: WebSPELL
CVE-2007-2367 (Buffer overflow in wserve_console.exe in Wserve HTTP Server (whttp) ...)
	NOT-FOR-US: Wserve HTTP Server (whttp)
CVE-2007-2366 (Buffer overflow in Corel Paint Shop Pro 11.20 allows user-assisted ...)
	NOT-FOR-US: Corel
CVE-2007-2365 (Buffer overflow in Adobe Photoshop CS2 and CS3, Photoshop Elements ...)
	NOT-FOR-US: Adobe
CVE-2007-2364 (Multiple PHP remote file inclusion vulnerabilities in burnCMS 0.2 and ...)
	NOT-FOR-US: burnCMS
CVE-2007-2363 (Buffer overflow in IrfanView 4.00 and earlier allows user-assisted ...)
	NOT-FOR-US: IrfanView
CVE-2007-2362 (Multiple buffer overflows in MyDNS 1.1.0 allow remote attackers to (1) ...)
	{DSA-1434-1 DTSA-36-1}
	- mydns 1:1.1.0-8
	[sarge] - mydns <not-affected> (Vulnerable code not present)
CVE-2007-2361 (Symantec Norton Ghost, Norton Save &amp; Recovery, LiveState Recovery, and ...)
	NOT-FOR-US: Symantec
CVE-2007-2360 (Symantec Norton Ghost, Norton Save &amp; Recovery, LiveState Recovery, and ...)
	NOT-FOR-US: Symantec
CVE-2007-2359 (Buffer overflow in Ghost Service Manager, as used in Symantec Norton ...)
	NOT-FOR-US: Symantec
CVE-2007-2358 (** DISPUTED ** ...)
	- b2evolution <not-affected> (Debian's version does not contain the affected variables)
CVE-2007-2357 (Cross-site scripting (XSS) vulnerability in mods/Core/result.php in ...)
	NOT-FOR-US: SineCms
CVE-2007-2356 (Stack-based buffer overflow in the set_color_table function in ...)
	{DSA-1301-1}
	- gimp 2.2.14-2
CVE-2007-2355 (The get_url function in DODS_Dispatch.pm for the CGI_server in OPeNDAP ...)
	NOT-FOR-US: OPeNDAP
CVE-2007-2354 (Progress Webspeed Messenger allows remote attackers to obtain ...)
	NOT-FOR-US: Progress Webspeed Messenger
CVE-2007-2353 (Apache Axis 1.0 allows remote attackers to obtain sensitive ...)
	- axis <unfixed> (unimportant)
	NOTE: only path disclosure
CVE-2007-2352 (Multiple format string vulnerabilities in AFFLIB 2.2.6 allow remote ...)
	NOT-FOR-US: AFFLIB
CVE-2007-2351 (Unspecified vulnerability in the HP Power Manager Remote Agent (RA) ...)
	NOT-FOR-US: HP Power Manager Remote Agent
CVE-2007-2350 (admin/config.php in the music-on-hold module in freePBX 2.2.x allows ...)
	NOT-FOR-US: freePBX
CVE-2007-2349 (Cross-site scripting (XSS) vulnerability in Invision Power Board ...)
	NOT-FOR-US: Invision Power Board
CVE-2007-2348 (mirror --script in lftp before 3.5.9 does not properly quote shell ...)
	- lftp <unfixed> (unimportant)
	NOTE: Non-issue, also already documented as potentially risky
CVE-2007-2347 (PHP remote file inclusion vulnerability in main/forum/komentar.php in ...)
	NOT-FOR-US: OneClick CMS
CVE-2007-2346 (Multiple PHP remote file inclusion vulnerabilities in PHP-Generics 1.0 ...)
	NOT-FOR-US: PHP-Generics
CVE-2007-2345 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: phpBrowse
CVE-2007-2344 (The BOOTPD component in Enterasys NetSight Console 2.1 and NetSight ...)
	NOT-FOR-US: Enterasys
CVE-2007-2343 (Stack-based buffer overflow in the TFTPD component in Enterasys ...)
	NOT-FOR-US: Enterasys
CVE-2007-2342 (SQL injection vulnerability in error.asp in CreaScripts CreaDirectory ...)
	NOT-FOR-US: CreaScripts Creadirectory
CVE-2007-2341 (PHP remote file inclusion vulnerability in suite/index.php in ...)
	NOT-FOR-US: phpBandManager
CVE-2007-2340 (Multiple PHP remote file inclusion vulnerabilities in ...)
	NOT-FOR-US: phporacleview
CVE-2007-2339 (Multiple SQL injection vulnerabilities in Phorum before 5.1.22 allow ...)
	NOT-FOR-US: Phorum
CVE-2007-2338 (Cross-site request forgery (CSRF) vulnerability in ...)
	NOT-FOR-US: Phorum
CVE-2007-2337 (Multiple cross-site scripting (XSS) vulnerabilities in Exponent CMS ...)
	NOT-FOR-US: Exponent CMS
CVE-2007-2336 (Unspecified vulnerability in InterVations NaviCOPA Web Server 2.01 ...)
	NOT-FOR-US: NaviCOPA HTTP Server
CVE-2007-2335 (Cross-site scripting (XSS) vulnerability in the RSS feed reader ...)
	NOT-FOR-US: Lunascape
CVE-2007-2334 (Nortel VPN Router (aka Contivity) 1000, 2000, 4000, and 5000 before ...)
	NOT-FOR-US: Nortel
CVE-2007-2333 (Nortel VPN Router (aka Contivity) 1000, 2000, 4000, and 5000 before ...)
	NOT-FOR-US: Nortel
CVE-2007-2332 (Nortel VPN Router (aka Contivity) 1000, 2000, 4000, and 5000 before ...)
	NOT-FOR-US: Nortel
CVE-2006-7201 (EMC RSA Security SiteKey does not set the secure qualifier on the ...)
	NOT-FOR-US: EMC RSA Security SiteKey
CVE-2006-7200 (EMC RSA Security SiteKey issues challenge-bypass tokens that persist ...)
	NOT-FOR-US: EMC RSA Security SiteKey
CVE-2006-7199 (EMC RSA Security SiteKey allows remote attackers to display the ...)
	NOT-FOR-US: EMC RSA Security SiteKey
CVE-2006-7198 (Unspecified vulnerability in IBM WebSphere Application Server (WAS) ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2005-4839 (PureTLS before 0.9b5 does not clear optional Extensions and ...)
	NOT-FOR-US: PureTLS
CVE-2007-2331 (PHP remote file inclusion vulnerability in cart.php in Shop-Script 2.0 ...)
	NOT-FOR-US: Shop-Script
CVE-2007-2330 (PHP remote file inclusion vulnerability in includes_handler.php in ...)
	NOT-FOR-US: DynaTracker
CVE-2007-2329 (PHP remote file inclusion vulnerability in searchbot.php in ...)
	NOT-FOR-US: Searchactivity
CVE-2007-2328 (PHP remote file inclusion vulnerability in addvip.php in phpMYTGP 1.4b ...)
	NOT-FOR-US: phpMYTGP
CVE-2007-2327 (PHP remote file inclusion vulnerability in _editor.php in HTMLeditbox ...)
	NOT-FOR-US: HTMLeditbox
CVE-2007-2326 (Multiple PHP remote file inclusion vulnerabilities in HYIP Manager Pro ...)
	- smarty <unfixed> (unimportant; bug #488523)
	- moodle 1.8.2-2 (unimportant; bug #488525)
	- gallery2 2.2.5-2 (unimportant; bug #488527)
	NOTE: this is a non-issue
	NOTE: to exploit this, the smarty files need to be installed in a http daemon accessible directory
	NOTE: (should be the case for embedded copies), however
	NOTE: additionally this relies on register_globals being switched on.
CVE-2007-2325 (PHP remote file inclusion vulnerability in include.php in MyNewsGroups :) ...)
	NOT-FOR-US: MyNewsGroups
CVE-2007-2324 (Directory traversal vulnerability in file.php in JulmaCMS 1.4 allows ...)
	NOT-FOR-US: JulmaCMS
CVE-2007-2323 (Multiple buffer overflows in the WinDVDX ActiveX control in InterVideo ...)
	NOT-FOR-US: InterVideo
CVE-2007-2322 (NMMediaServer.exe in Nero MediaHome 2.5.5.0 and CE 1.3.0.4 allows ...)
	NOT-FOR-US: Nero
CVE-2007-2321 (Unspecified vulnerability in the search functionality in SilverStripe ...)
	NOT-FOR-US: SilverStripe
CVE-2007-2320 (SQL injection vulnerability in kontakt.php in Papoo 3.02 and earlier ...)
	NOT-FOR-US: Papoo
CVE-2007-2319 (PHP remote file inclusion vulnerability in the AutoStand 1.1 and ...)
	NOT-FOR-US: AutoStand
CVE-2007-2318 (Multiple format string vulnerabilities in FileZilla before 2.2.32 ...)
	- filezilla 3.0.0~beta2-3 (bug #421776)
	NOTE: http://sourceforge.net/project/shownotes.php?release_id=501534&group_id=21558
CVE-2007-2317 (Multiple PHP remote file inclusion vulnerabilities in MiniBB Forum ...)
	NOT-FOR-US: MiniBB
CVE-2007-2316 (Unspecified vulnerability in the admin script in Open Business ...)
	NOT-FOR-US: Open Business Management
CVE-2007-2315 (MiniShare 1.5.4, and possibly earlier, allows remote attackers to ...)
	NOT-FOR-US: MiniShare
CVE-2007-2314 (Multiple SQL injection vulnerabilities in Crea-Book 1.0, and possibly ...)
	NOT-FOR-US: Crea-Book
CVE-2007-2313 (PHP remote file inclusion vulnerability in getinfo1.php in the ...)
	NOT-FOR-US: Shotcast module for mxBB
CVE-2007-2312 (Multiple SQL injection vulnerabilities in the Virtual War (VWar) 1.5.0 ...)
	NOT-FOR-US: Virtual War (VWar)
CVE-2007-2311 (** DISPUTED ** ...)
	NOT-FOR-US: BlooFoxCMS
CVE-2007-2310 (Cross-site scripting (XSS) vulnerability in plugins/spaw/img_popup.php ...)
	NOT-FOR-US: BloofoxCMS
CVE-2007-2309 (Cross-site scripting (XSS) vulnerability in cas.php in FloweRS 2.0 ...)
	NOT-FOR-US: FloweRS
CVE-2007-2308 (Cross-site scripting (XSS) vulnerability in cas.php in FloweRS 2.0 ...)
	NOT-FOR-US: FloweRS
CVE-2007-2307 (PHP remote file inclusion vulnerability in engine/engine.inc.php in ...)
	NOT-FOR-US: WebKalk2
CVE-2007-2306 (Multiple cross-site scripting (XSS) vulnerabilities in the Virtual War ...)
	NOT-FOR-US: Virtual War (VWar)
CVE-2007-2305 (Multiple SQL injection vulnerabilities in authenticate.php in Quick ...)
	NOT-FOR-US: QDBlog
CVE-2007-2304 (Multiple directory traversal vulnerabilities in Quick and Dirty Blog ...)
	NOT-FOR-US: QDBlog
CVE-2007-2303 (Directory traversal vulnerability in includes/footer.php in News ...)
	NOT-FOR-US: NMDeluxe
CVE-2007-2302 (PHP remote file inclusion vulnerability in autoindex.php in Expow 0.8 ...)
	NOT-FOR-US: Expow
CVE-2007-2301 (Multiple PHP remote file inclusion vulnerabilities in audioCMS arash ...)
	NOT-FOR-US: audioCMS
CVE-2007-2300 (Multiple cross-site scripting (XSS) vulnerabilities in Endy Kristanto ...)
	NOT-FOR-US: phpwebnews
CVE-2007-2299 (Multiple SQL injection vulnerabilities in Frogss CMS 0.7 and earlier ...)
	NOT-FOR-US: CMS Frogss
CVE-2007-2298 (Multiple PHP remote file inclusion vulnerabilities in Garennes 0.6.1 ...)
	NOT-FOR-US: Garennes
CVE-2007-2297 (The SIP channel driver (chan_sip) in Asterisk before 1.2.18 and 1.4.x ...)
	{DSA-1358-1}
	- asterisk 1:1.4.2~dfsg-1 (medium; bug #419820)
	[sarge] - asterisk <not-affected> (correctly logs a warning)
CVE-2007-2296 (Integer overflow in the FlipFileTypeAtom_BtoN function in Apple ...)
	NOT-FOR-US: Apple QuickTime
CVE-2007-2295 (Heap-based buffer overflow in the JVTCompEncodeFrame function in Apple ...)
	NOT-FOR-US: Apple QuickTime
CVE-2007-2294 (The Manager Interface in Asterisk before 1.2.18 and 1.4.x before 1.4.3 ...)
	{DSA-1358-1}
	- asterisk 1:1.4.3~dfsg-1 (low)
	NOTE: Etch and Sarge affected
	NOTE: http://ftp.digium.com/pub/asa/ASA-2007-012.html
CVE-2007-2293 (Multiple stack-based buffer overflows in the process_sdp function in ...)
	- asterisk 1:1.4.3~dfsg-1 (high)
	[sarge] - asterisk <not-affected> (1.0.x not affected)
	[etch] - asterisk <not-affected> (1.2.x not affected)
	[lenny] - asterisk <not-affected> (vulnerable code not present)
	NOTE: http://ftp.digium.com/pub/asa/ASA-2007-010.html
CVE-2007-2292 (CRLF injection vulnerability in the Digest Authentication support for ...)
	{DSA-1401-1 DSA-1396-1 DSA-1392-1 DTSA-69-1 DTSA-80-1}
	- iceweasel 2.0.0.8-1 (low)
	- xulrunner 1.8.1.9-1
	- iceape 1.1.5
CVE-2007-2291 (CRLF injection vulnerability in the Digest Authentication support for ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2007-2290 (Multiple PHP remote file inclusion vulnerabilities in B2 Weblog and ...)
	NOT-FOR-US: B2 Weblog
	NOTE: Debian's b2evolution does not contain the string "b2inc",
	NOTE: and does not seem to suffer from this vulnerability.
CVE-2007-2289 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: Download-Engine
CVE-2007-2288 (PHP remote file inclusion vulnerability in info.php in Doruk100.net ...)
	NOT-FOR-US: doruk100net
CVE-2007-2287 (PHP remote file inclusion vulnerability in accept.php in comus 2.0 ...)
	NOT-FOR-US: comus
CVE-2007-2286 (PHP remote file inclusion vulnerability in config.php in Built2Go PHP ...)
	NOT-FOR-US: Built2Go
CVE-2007-2285 (Directory traversal vulnerability in examples/layout/feed-proxy.php in ...)
	NOT-FOR-US: Jack Slocum Ext
CVE-2007-2284 (Buffer overflow in ABC-View Manager 1.42 allows user-assisted remote ...)
	NOT-FOR-US: ABC-View Manager
CVE-2007-2283 (Buffer overflow in Fresh View 7.15 allows user-assisted remote ...)
	NOT-FOR-US: Fresh View
CVE-2007-2282 (Cisco Network Services (CNS) NetFlow Collection Engine (NFC) before ...)
	NOT-FOR-US: Cisco
CVE-2007-2281
	RESERVED
CVE-2007-2280
	RESERVED
CVE-2007-2279 (The Scheduler Service (VxSchedService.exe) in Symantec Storage ...)
	NOT-FOR-US: Symantec
CVE-2007-2278 (Multiple PHP remote file inclusion vulnerabilities in DCP-Portal 6.1.1 ...)
	NOT-FOR-US: DCP-Portal
CVE-2007-2277 (Session fixation vulnerability in Plogger allows remote attackers to ...)
	NOT-FOR-US: Plogger
CVE-2007-2276 (** DISPUTED ** ...)
	NOT-FOR-US: TippingPoint IPS
CVE-2007-2275 (Unspecified vulnerability in HP StorageWorks Command View Advanced ...)
	NOT-FOR-US: HP StorageWorks
CVE-2007-2274 (The BitTorrent implementation in Opera 9.2 allows remote attackers to ...)
	NOT-FOR-US: Opera
CVE-2007-2273 (PHP remote file inclusion vulnerability in include/loading.php in ...)
	NOT-FOR-US: wavewoo
CVE-2007-2272 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: Advanced Webhost Billing System
CVE-2007-2271 (Directory traversal vulnerability in Rajneel Lal TotaRam USP FOSS ...)
	NOT-FOR-US: TotaRam
CVE-2007-2270 (The Linksys SPA941 VoIP Phone allows remote attackers to cause a ...)
	NOT-FOR-US: Linksys
CVE-2007-2269 (Directory traversal vulnerability in top.php3 in SWsoft Plesk for ...)
	NOT-FOR-US: Plesk
CVE-2007-2268 (Multiple directory traversal vulnerabilities in SWsoft Plesk for ...)
	NOT-FOR-US: Plesk
CVE-2007-2267 (Unspecified vulnerability in Sun Cluster 3.1 and Solaris Cluster 3.2 ...)
	NOT-FOR-US: Sun Cluster
CVE-2007-2266 (Progress Webspeed Messenger allows remote attackers to read, create, ...)
	NOT-FOR-US: Progress Webspeed Messenger
CVE-2007-2265 (Cross-site scripting (XSS) vulnerability in YA Book 0.98-alpha allows ...)
	NOT-FOR-US: YA Book
CVE-2007-2264 (Heap-based buffer overflow in RealNetworks RealPlayer 8, 10, 10.1, and ...)
	NOT-FOR-US: RealPlayer
CVE-2007-2263 (Heap-based buffer overflow in RealNetworks RealPlayer 10.0, 10.1, and ...)
	NOT-FOR-US: RealPlayer
CVE-2006-7197 (The AJP connector in Apache Tomcat 5.5.15 uses an incorrect length for ...)
	- tomcat5.5 5.5.17-1 (low)
CVE-2005-4838 (Multiple cross-site scripting (XSS) vulnerabilities in the example web ...)
	- tomcat5.5 5.5.15-1 (low)
CVE-2007-2262 (Multiple PHP remote file inclusion vulnerabilities in ...)
	NOT-FOR-US: jmuffin
CVE-2007-2261 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: C-Arbre
CVE-2007-2260 (Multiple PHP remote file inclusion vulnerabilities in bibtex mase beta ...)
	NOT-FOR-US: bibtex mase
CVE-2007-2259 (SQL injection vulnerability in forum.php in EsForum 3.0 allows remote ...)
	NOT-FOR-US: EsForum
CVE-2007-2258 (PHP remote file inclusion vulnerability in includes/init.inc.php in ...)
	NOT-FOR-US: PHPMyBibli
CVE-2007-2257 (PHP remote file inclusion vulnerability in subscp.php in Fully Modded ...)
	NOT-FOR-US: Fully Modded phpBB2
CVE-2007-2256 (Cross-site scripting (XSS) vulnerability in you.php in TJSChat 0.95 ...)
	NOT-FOR-US: TJSChat
CVE-2007-2255 (Multiple PHP remote file inclusion vulnerabilities in Download-Engine ...)
	NOT-FOR-US: Download-Engine
CVE-2007-2254 (PHP remote file inclusion vulnerability in admin/setup/level2.php in ...)
	NOT-FOR-US: PHP Classifieds
CVE-2007-2253 (Exponent CMS 0.96.6 Alpha and earlier allows remote attackers to ...)
	NOT-FOR-US: Exponent CMS
CVE-2007-2252 (Directory traversal vulnerability in iconspopup.php in Exponent CMS ...)
	NOT-FOR-US: Exponent CMS
CVE-2007-2251 (Unspecified vulnerability in the Roles module in Xaraya 1.1.2 and ...)
	NOT-FOR-US: Xaraya
CVE-2007-2250 (admin.php in Phorum before 5.1.22 allows remote attackers to obtain ...)
	NOT-FOR-US: Phorum
CVE-2007-2249 (include/controlcenter/users.php in Phorum before 5.1.22 allows remote ...)
	NOT-FOR-US: Phorum
CVE-2007-2248 (Multiple cross-site scripting (XSS) vulnerabilities in admin.php in ...)
	NOT-FOR-US: Phorum
CVE-2007-2247 (SQL injection vulnerability in modules/news/article.php in phpMySpace ...)
	NOT-FOR-US: phpMySpace
CVE-2007-2246 (Unspecified vulnerability in HP-UX B.11.00 and B.11.11, when running ...)
	NOT-FOR-US: HP-UX
CVE-2007-2245 (Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin ...)
	{DSA-1370-2 DSA-1370-1}
	- phpmyadmin 4:2.10.1-1 (low)
	NOTE: http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2007-4
CVE-2007-2244 (Multiple buffer overflows in Adobe Photoshop CS2 and CS3, Illustrator ...)
	NOT-FOR-US: Adobe Photoshop
CVE-2007-2243 (OpenSSH 4.6 and earlier, when ChallengeResponseAuthentication is ...)
	- openssh <unfixed> (bug #436571; unimportant)
	[etch] - openssh <no-dsa> (Minor issue)
	[sarge] - openssh <no-dsa> (Minor issue)
CVE-2007-2242 (The IPv6 protocol allows remote attackers to cause a denial of service ...)
	{DSA-1356-1}
	- linux-2.6 2.6.21-1 (low; bug #421595)
	- kfreebsd-5 <unfixed> (low)
	[etch] - kfreebsd-5 <no-dsa> (No security support for KFreeBSD)
	NOTE: This should be off by default, tweakable by a simple knob.
	NOTE: (FreeBSD has it turned on for hosts, too.)
CVE-2007-2241 (Unspecified vulnerability in query.c in ISC BIND 9.4.0, and 9.5.0a1 ...)
	- bind9 1:9.4.1-1 (medium)
	[etch] - bind9 <not-affected> (Only 9.4/9.5 branches affected)
	[sarge] - bind9 <not-affected> (Only 9.4/9.5 branches affected)
CVE-2007-2240 (The IBM Lenovo Access Support acpRunner ActiveX control, as ...)
	NOT-FOR-US: IBM Lenovo Access Support acpRunner ActiveX control
CVE-2007-2239 (Stack-based buffer overflow in the SaveBMP method in the AXIS Camera ...)
	NOT-FOR-US: AXIS Camera Control
CVE-2007-2238
	RESERVED
CVE-2007-2237 (Microsoft Windows Graphics Device Interface (GDI+, GdiPlus.dll) allows ...)
	NOT-FOR-US: Microsoft
CVE-2007-2236 (footer.php in PunBB 1.2.14 and earlier allows remote attackers to ...)
	NOT-FOR-US: PunBB
CVE-2007-2235 (Multiple cross-site scripting (XSS) vulnerabilities in PunBB 1.2.14 ...)
	NOT-FOR-US: PunBB
CVE-2007-2234 (include/common.php in PunBB 1.2.14 and earlier does not properly ...)
	NOT-FOR-US: PunBB
CVE-2007-2233 (cosign-bin/cosign.cgi in Cosign 2.0.2 and earlier allows remote ...)
	NOT-FOR-US: CoSign
CVE-2007-2232 (The CHECK command in Cosign 2.0.1 and earlier allows remote attackers ...)
	NOT-FOR-US: CoSign
CVE-2007-2231 (Directory traversal vulnerability in index/mbox/mbox-storage.c in ...)
	{DSA-1359-1}
	- dovecot 1.0.rc29-1
	[sarge] - dovecot <not-affected> (Vulnerable code not present)
CVE-2007-2230 (SQL injection vulnerability in CA Clever Path Portal allows remote ...)
	NOT-FOR-US: CA Clever Path
CVE-2007-2229 (Microsoft Windows Vista uses insecure default permissions for ...)
	NOT-FOR-US: Microsoft
CVE-2007-2228 (rpcrt4.dll (aka the RPC runtime library) in Microsoft Windows XP SP2, ...)
	NOT-FOR-US: Windows
CVE-2007-2227 (The MHTML protocol handler in Microsoft Outlook Express 6 and Windows ...)
	NOT-FOR-US: Microsoft
CVE-2007-2226
	RESERVED
CVE-2007-2225 (A component in Microsoft Outlook Express 6 and Windows Mail in Windows ...)
	NOT-FOR-US: Microsoft
CVE-2007-2224 (Object linking and embedding (OLE) Automation, as used in Microsoft ...)
	NOT-FOR-US: Microsoft
CVE-2007-2223 (Microsoft XML Core Services (MSXML) 3.0 through 6.0 allows remote ...)
	NOT-FOR-US: Microsoft XML
CVE-2007-2222 (Multiple buffer overflows in the (1) ActiveListen (Xlisten.dll) and ...)
	NOT-FOR-US: Microsoft
CVE-2007-2221 (Unspecified vulnerability in the mdsauth.dll COM object in Microsoft ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2007-2220
	RESERVED
CVE-2007-2219 (Unspecified vulnerability in the Win32 API on Microsoft Windows 2000, ...)
	NOT-FOR-US: Microsoft
CVE-2007-2218 (Unspecified vulnerability in the Windows Schannel Security Package for ...)
	NOT-FOR-US: Microsoft
CVE-2007-2217 (Kodak Image Viewer in Microsoft Windows 2000 SP4, and in some cases XP ...)
	NOT-FOR-US: Kodak Image Viewer
CVE-2007-2216 (The tblinf32.dll (aka vstlbinf.dll) ActiveX control for Internet ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2007-2215
	RESERVED
CVE-2007-2214 (Unrestricted file upload vulnerability in includes/upload_file.php in ...)
	NOT-FOR-US: DmCMS
CVE-2007-2213 (Unspecified vulnerability in the Initialize function in ...)
	NOT-FOR-US: WS_FTP
CVE-2007-2212 (Multiple SQL injection vulnerabilities in calendar.php in MyBB (aka ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2007-2211 (SQL injection vulnerability in calendar.php in MyBB (aka ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2007-2210 (A certain ActiveX control in askPopStp.dll in Netsprint Ask IE Toolbar ...)
	NOT-FOR-US: Netsprint
CVE-2007-2209 (Buffer overflow in igcore15d.dll 15.1.2.0 and 15.2.0.0 for AccuSoft ...)
	NOT-FOR-US: AccuSoft
CVE-2007-2208 (Multiple PHP remote file inclusion vulnerabilities in Extreme PHPBB2 ...)
	NOT-FOR-US: Extreme PHPBB2
CVE-2007-2207 (SQL injection vulnerability in contact/index.php in Ripe Website ...)
	NOT-FOR-US: Ripe Website Manager
CVE-2007-2206 (Cross-site scripting (XSS) vulnerability in contact/index.php in Ripe ...)
	NOT-FOR-US: Ripe Website Manager
CVE-2007-2205 (PHP remote file inclusion vulnerability in modules/rtmessageadd.php in ...)
	NOT-FOR-US: LAN Management System
CVE-2007-2204 (Multiple PHP remote file inclusion vulnerabilities in GPL PHP Board ...)
	NOT-FOR-US: GPL PHP Board
CVE-2007-2203 (Cross-site scripting (XSS) vulnerability in Big Blue Guestbook allows ...)
	NOT-FOR-US: Big Blue Guestbook
CVE-2007-2202 (PHP remote file inclusion vulnerability in inc_ACVS/SOAP/Transport.php ...)
	NOT-FOR-US: Accueil et Conseil en Visites et Sejours Web Services
CVE-2007-2201 (Multiple PHP remote file inclusion vulnerabilities in Post Revolution ...)
	NOT-FOR-US: Post Revolution
CVE-2007-2200 (Directory traversal vulnerability in navigator/navigator_ok.php in ...)
	NOT-FOR-US: Pagode
CVE-2007-2199 (PHP remote file inclusion vulnerability in lib/pcltar.lib.php (aka ...)
	NOT-FOR-US: Joomla
CVE-2007-2198 (Cross-site scripting (XSS) vulnerability in LAN Management System ...)
	NOT-FOR-US: LAN Management System
CVE-2007-2197 (Race condition in the NeatUpload ASP.NET component 1.2.11 through ...)
	NOT-FOR-US: NeatUpload
CVE-2007-2196 (** DISPUTED ** ...)
	NOT-FOR-US: Jambook module for Mambo and Joomla
CVE-2007-2195 (aMSN (aka Alvaro's Messenger) 0.96 and earlier allows remote attackers ...)
	NOT-FOR-US: Alvaro's Messenger
CVE-2007-2194 (Stack-based buffer overflow in XnView 1.90.3 allows user-assisted ...)
	NOT-FOR-US: XnView
CVE-2007-2193 (Stack-based buffer overflow in the ID_X.apl plugin in ACDSee 9.0 Build ...)
	NOT-FOR-US: ACDSee
CVE-2007-2192 (Buffer overflow in Photofiltre Studio 8.1.1 allows user-assisted ...)
	NOT-FOR-US: Photofiltre
CVE-2007-2191 (Multiple cross-site scripting (XSS) vulnerabilities in freePBX 2.2.x ...)
	NOT-FOR-US: freePBX
CVE-2007-2190 (PHP remote file inclusion vulnerability in admin/public/webpages.php ...)
	NOT-FOR-US: Eba News
CVE-2007-2189 (PHP remote file inclusion vulnerability in admin/admin_album_otf.php ...)
	NOT-FOR-US: mxBB Smartor Album
CVE-2007-2188 (eXtremail 2.1.1 and earlier does not verify the ID field (aka ...)
	NOT-FOR-US: eXtremail
CVE-2007-2187 (Stack-based buffer overflow in eXtremail 2.1.1 and earlier allows ...)
	NOT-FOR-US: eXtremail
CVE-2007-2186 (Foxit Reader 2.0 allows remote attackers to cause a denial of service ...)
	NOT-FOR-US: Foxit Reader
CVE-2007-2185 (Multiple PHP remote file inclusion vulnerabilities in Supasite 1.23b ...)
	NOT-FOR-US: Supasite
CVE-2007-2184 (Directory traversal vulnerability in imgsrv.php in jchit counter 1.0.0 ...)
	NOT-FOR-US: jchit
CVE-2007-2183 (SQL injection vulnerability in index.php in PHP-Ring Webring System ...)
	NOT-FOR-US: PHP-Ring Webring System
CVE-2007-2182 (Unrestricted file upload vulnerability in forum_write.php in Maran PHP ...)
	NOT-FOR-US: Maran PHP Forum
CVE-2007-2181 (PHP remote file inclusion vulnerability in admin/login.php in Webinsta ...)
	NOT-FOR-US: WEBInsta
CVE-2007-2180 (Buffer overflow in Nullsoft Winamp 5.3 allows user-assisted remote ...)
	NOT-FOR-US: Nullsoft Winamp
CVE-2007-2179 (Multiple unspecified vulnerabilities in IXceedCompression in ...)
	NOT-FOR-US: RaidenFTPD
CVE-2007-2178 (Multiple unspecified vulnerabilities in Objective Development Sharity ...)
	NOT-FOR-US: Sharity
CVE-2007-2177 (Stack-based buffer overflow in the Microgaming Download Helper ActiveX ...)
	NOT-FOR-US: Microgaming Download Helper
CVE-2007-2176 (Unspecified vulnerability in Mozilla Firefox allows remote attackers ...)
	NOT-FOR-US: Related to Apple QuickTime as well, no information about Mozilla being affected is available
CVE-2007-2175 (Apple QuickTime Java extensions (QTJava.dll), as used in Safari and ...)
	NOT-FOR-US: Apple QuickTime
CVE-2007-2174 (The IOCTL handling in srescan.sys in the ZoneAlarm Spyware Removal ...)
	NOT-FOR-US: ZoneAlarm
CVE-2007-2173 (Eval injection vulnerability in (1) courier-imapd.indirect and (2) ...)
	NOT-FOR-US: Gentoo's packaging of courier
CVE-2007-2172 (A typo in Linux kernel 2.6 before 2.6.21-rc6 and 2.4 before 2.4.35 ...)
	{DSA-1503-2 DSA-1504-1 DSA-1503-1 DSA-1363-1 DSA-1356-1}
	- linux-2.6 2.6.21-1 (medium)
CVE-2007-2171 (Stack-based buffer overflow in the base64_decode function in ...)
	NOT-FOR-US: Novell GroupWise
CVE-2007-2170 (The APPLSYS.FND_DM_NODES package in Oracle E-Business Suite does not ...)
	NOT-FOR-US: Oracle E-Business Suite
CVE-2007-2169 (Static code injection vulnerability in add.php in Mozzers SubSystem ...)
	NOT-FOR-US: Mozzers SubSystem
CVE-2007-2168 (Static code injection vulnerability in process.php in AimStats 3.2 and ...)
	NOT-FOR-US: AimStats
CVE-2007-2167 (Static code injection vulnerability in process.php in AimStats 3.2 ...)
	NOT-FOR-US: AimStats
CVE-2007-2166 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: OpenSurveyPilot
CVE-2007-2165 (The Auth API in ProFTPD before 20070417, when multiple simultaneous ...)
	- proftpd 1.3.0-24 (low)
	[sarge] - proftpd <no-dsa> (Minor issue)
	- proftpd-dfsg 1.3.0-24 (low)
	[etch] - proftpd-dfsg 1.3.0-19etch1
	NOTE: Minor issue Fixed in 4.0r4 point release
CVE-2007-2164 (Konqueror 3.5.5 release 45.4 allows remote attackers to cause a denial ...)
	- kdelibs <unfixed> (unimportant)
	NOTE: Browser crashes are not treated as security problems
CVE-2007-2163 (Apple Safari allows remote attackers to cause a denial of service ...)
	NOT-FOR-US: Apple Safari
CVE-2007-2162 ((1) Mozilla Firefox 2.0.0.3 and (2) GNU IceWeasel 2.0.0.3 allow remote ...)
	- iceweasel <unfixed> (unimportant)
	NOTE: Browser crashes are not treated as security problems
CVE-2007-2161 (Microsoft Internet Explorer 7 allows remote attackers to cause a ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2007-2160 (Multiple cross-site request forgery (CSRF) vulnerabilities in the ...)
	NOT-FOR-US: dba module for Drupal
CVE-2007-2159 (Multiple cross-site scripting (XSS) vulnerabilities in the Database ...)
	NOT-FOR-US: dba module for Drupal
CVE-2007-2158 (PHP remote file inclusion vulnerability in index.php in jGallery 1.3 ...)
	NOT-FOR-US: jGallery
CVE-2007-2157 (Directory traversal vulnerability in upload/force_download.php in ...)
	NOT-FOR-US: Zomplog
CVE-2007-2156 (Multiple PHP remote file inclusion vulnerabilities in Rezervi Generic ...)
	NOT-FOR-US: Rezervi Generic
CVE-2007-2155 (Directory traversal vulnerability in template.php in in phpFaber ...)
	NOT-FOR-US: phpFaber TopSites
CVE-2007-2154 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: Cabron Connector
CVE-2007-2153 (Cross-site scripting (XSS) vulnerability in atmail.php in @Mail 5.0 ...)
	NOT-FOR-US: @Mail
CVE-2007-2152 (Buffer overflow in the On-Access Scanner in McAfee VirusScan ...)
	NOT-FOR-US: McAfee VirusScan Enterprise
CVE-2007-2151 (The administration server in McAfee e-Business Server before 8.1.1 and ...)
	NOT-FOR-US: McAfee
CVE-2007-2150 (BlueArc-FTPD in BlueArc Titan 2x00 devices with firmware 4.2.944b ...)
	NOT-FOR-US: BlueArc
CVE-2007-2149 (Stephen Craton (aka WiredPHP) Chatness 2.5.3 and earlier stores ...)
	NOT-FOR-US: Chatness
CVE-2007-2148 (Direct static code injection vulnerability in admin/save.php in ...)
	NOT-FOR-US: Chatness
CVE-2007-2147 (admin/options.php in Stephen Craton (aka WiredPHP) Chatness 2.5.3 and ...)
	NOT-FOR-US: Chatness
CVE-2007-2146 (The imagecomments function in classes.php in MiniGal b13 allow remote ...)
	NOT-FOR-US: MiniGal
CVE-2007-2145 (The imagecomments function in classes.php in MiniGal b13 allows remote ...)
	NOT-FOR-US: MiniGal
CVE-2007-2144 (PHP remote file inclusion vulnerability in includes/CAltInstaller.php ...)
	NOT-FOR-US: JoomlaPack
CVE-2007-2143 (PHP remote file inclusion vulnerability in index.php in the Be2004-2 ...)
	NOT-FOR-US: Be2004-2 template for Joomla
CVE-2007-2142 (Multiple PHP remote file inclusion vulnerabilities in AjPortal2Php ...)
	NOT-FOR-US: AjPortal2Php
CVE-2007-2141 (Direct static code injection vulnerability in shoutbox.php in ShoutPro ...)
	NOT-FOR-US: ShoutPro
CVE-2007-2140 (PHP remote file inclusion vulnerability in everything.php in Franklin ...)
	NOT-FOR-US: Flip-search-add-on
CVE-2007-2139 (Multiple stack-based buffer overflows in the SUN RPC service in CA ...)
	NOT-FOR-US: CA BrightStor
CVE-2007-2137 (Heap-based buffer overflow in kde.dll in IBM Tivoli Monitoring Express ...)
	NOT-FOR-US: Tivoli
CVE-2007-2136 (Stack-based buffer overflow in bgs_sdservice.exe in BMC Patrol ...)
	NOT-FOR-US: BMC Patrol PerformAgent
CVE-2007-2135 (The ADI_BINARY component in the Oracle E-Business Suite allows remote ...)
	NOT-FOR-US: Oracle
CVE-2007-2134 (Unspecified vulnerability in the HTML Server in Oracle JD Edwards ...)
	NOT-FOR-US: Oracle
CVE-2007-2133 (Unspecified vulnerability in the PeopleSoft Enterprise Human Capital ...)
	NOT-FOR-US: Oracle
CVE-2007-2132 (Unspecified vulnerability in the PeopleTools component in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2007-2131 (Unspecified vulnerability in PeopleTools in Oracle PeopleSoft ...)
	NOT-FOR-US: Oracle
CVE-2007-2130 (Unspecified vulnerability in Workflow Cartridge, as used in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2007-2129 (Unspecified vulnerability in the Agent component in Oracle Enterprise ...)
	NOT-FOR-US: Oracle
CVE-2007-2128 (Unspecified vulnerability in the Sales Online component for Oracle ...)
	NOT-FOR-US: Oracle
CVE-2007-2127 (Multiple unspecified vulnerabilities in Oracle E-Business Suite 12.0.0 ...)
	NOT-FOR-US: Oracle
CVE-2007-2126 (Unspecified vulnerability in Oracle E-Business Suite 11.5.10CU2 has ...)
	NOT-FOR-US: Oracle
CVE-2007-2125 (Unspecified vulnerability in Collaborative Workspace in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2007-2124 (Unspecified vulnerability in the Portal component in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2007-2123 (Unspecified vulnerability in the Portal component in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2007-2122 (Unspecified vulnerability in the Wireless component in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2007-2121 (Unspecified vulnerability in the COREid Access component in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2007-2120 (The Oracle Discoverer servlet in Oracle Application Server 9.0.4.3, ...)
	NOT-FOR-US: Oracle
CVE-2007-2119 (Cross-site scripting (XSS) vulnerability in boundary_rules.jsp in the ...)
	NOT-FOR-US: Oracle
CVE-2007-2118 (Unspecified vulnerability in the Upgrade/Downgrade component of Oracle ...)
	NOT-FOR-US: Oracle
CVE-2007-2117 (Unspecified vulnerability in the Oracle Text component in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2007-2116 (Unspecified vulnerability in the Advanced Replication component in ...)
	NOT-FOR-US: Oracle
CVE-2007-2115 (Unspecified vulnerability in the Change Data Capture (CDC) component ...)
	NOT-FOR-US: Oracle
CVE-2007-2114 (Multiple unspecified vulnerabilities in Oracle Database 10.1.0.5 and ...)
	NOT-FOR-US: Oracle
CVE-2007-2113 (SQL injection vulnerability in the Upgrade/Downgrade component ...)
	NOT-FOR-US: Oracle
CVE-2007-2112 (Unspecified vulnerability in the Authentication component for Oracle ...)
	NOT-FOR-US: Oracle
CVE-2007-2111 (SQL injection vulnerability in the SYS.DBMS_AQADM_SYS package in ...)
	NOT-FOR-US: Oracle
CVE-2007-2110 (Unspecified vulnerability in the Core RDBMS component for Oracle ...)
	NOT-FOR-US: Oracle
CVE-2007-2109 (Multiple unspecified vulnerabilities in Oracle Database 10.2.0.3 have ...)
	NOT-FOR-US: Oracle
CVE-2007-2108 (Unspecified vulnerability in the Core RDBMS component Oracle Database ...)
	NOT-FOR-US: Oracle
CVE-2006-7196 (Cross-site scripting (XSS) vulnerability in the calendar application ...)
	- tomcat5.5 5.5.16-1 (unimportant)
	- tomcat5 <unfixed> (unimportant)
	- tomcat4 <removed> (unimportant)
	NOTE: Only present in an example, not in production code
CVE-2006-7195 (Cross-site scripting (XSS) vulnerability in implicit-objects.jsp in ...)
	- tomcat5.5 5.5.20-1 (unimportant)
	- tomcat5 <removed> (unimportant)
	- tomcat4 <removed> (unimportant)
	NOTE: Only present in an example, not in production code
CVE-2007-XXXX [buffer overflow in mixmaster importing type 2 messages]
	- mixmaster 3.0b2-5 (low; bug #418662)
	[etch] - mixmaster 3.0b2-4.etch1
	[sarge] - mixmaster <not-affected> (Code generation in Sarge pads over this)
CVE-2007-XXXX [heap-based buffer overflow in git-blame with long file names]
	[etch] - git-core <not-affected> (1.4.4.4 tagged 2007-1-8, bug introduced 2007-1-30)
	- git-core 1:1.5.1.2-1 (low)
	NOTE: http://git.kernel.org/?p=git/git.git;a=commit;h=1bb88be99e4fdedcd5cc5292c11b566a00028deb, http://git.kernel.org/?p=git/git.git;a=commitdiff;h=1cfe77333f274c9ba9879c2eb61057a790eb050f, http://git.kernel.org/?p=git/git.git;a=tag;h=ae9ced19800491a5d80de5ee36bc07d68868a4dd
CVE-2007-2138 (Untrusted search path vulnerability in PostgreSQL before 7.3.19, 7.4.x ...)
	{DSA-1311-1 DSA-1309-1}
	- postgresql-8.2 8.2.4-1
	- postgresql-8.1 8.1.9-1
	- postgresql-7.4 1:7.4.17-1
CVE-2007-2107 (SQL injection vulnerability in visit.php in the Rha7 Downloads ...)
	NOT-FOR-US: Rha7 Downloads
CVE-2007-2106 (Directory traversal vulnerability in index.php in Kai Content ...)
	NOT-FOR-US: Kai Content Management System
CVE-2007-2105 (Directory traversal vulnerability in admin/index.php in Monkey CMS ...)
	NOT-FOR-US: Monkey CMS
CVE-2007-2104 (Multiple directory traversal vulnerabilities in iXon CMS 0.30 allow ...)
	NOT-FOR-US: iXon CMS
CVE-2007-2103 (Multiple PHP remote file inclusion vulnerabilities in my little forum ...)
	NOT-FOR-US: my little forum
CVE-2007-2102 (Cross-site scripting (XSS) vulnerability in weblog.php in my little ...)
	NOT-FOR-US: my little weblog
CVE-2007-2101 (FAC Guestbook 3.01 stores sensitive information under the web root ...)
	NOT-FOR-US: FAC Guestbook
CVE-2007-2100 (FAC Guestbook 2.0 stores sensitive information under the web root with ...)
	NOT-FOR-US: FAC Guestbook
CVE-2007-2099 (Cross-site scripting (XSS) vulnerability in htdocs/php.php in ...)
	NOT-FOR-US: OpenConcept Back-End CMS
CVE-2007-2098 (Multiple cross-site scripting (XSS) vulnerabilities in showpic.php in ...)
	NOT-FOR-US: Wabbit PHP Gallery
CVE-2007-2097 (** DISPUTED ** ...)
	NOT-FOR-US: OpenConcept Back-End CMS
CVE-2007-2096 (PHP remote file inclusion vulnerability in common.php in Hinton Design ...)
	NOT-FOR-US: PHPHD Download System
CVE-2007-2095 (PHP remote file inclusion vulnerability in chat.php in MySpeach 1.9 ...)
	NOT-FOR-US: MySpeach
CVE-2007-2094 (PHP remote file inclusion vulnerability in index.php in Anthologia ...)
	NOT-FOR-US: Anthologia
CVE-2007-2093 (Direct static code injection vulnerability in index.php in Limesoft ...)
	NOT-FOR-US: Limesoft Guestbook
CVE-2007-2092 (Direct static code injection vulnerability in index.php in Limesoft ...)
	NOT-FOR-US: Limesoft Guestbook
CVE-2007-2091 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: tsdisplay4xoops
CVE-2007-2090 (Cross-site scripting (XSS) vulnerability in index.php in TuMusika ...)
	NOT-FOR-US: TuMusika Evolution
CVE-2007-2089 (Multiple PHP remote file inclusion vulnerabilities in the Jx ...)
	NOT-FOR-US: Jx Development Article component for Mambo and Joomla
CVE-2007-2088 (Multiple PHP remote file inclusion vulnerabilities in Sitebar 3.3.5 ...)
	- sitebar 3.3.8-7 (low)
	NOTE: this was register globals only and is fixed in Debian anyway
CVE-2007-2087 (Multiple PHP remote file inclusion vulnerabilities in CNStats 2.12, ...)
	NOT-FOR-US: CNStats
CVE-2007-2086 (Multiple PHP remote file inclusion vulnerabilities in CNStats 2.9 ...)
	NOT-FOR-US: CNStats
CVE-2007-2085 (Cross-site scripting (XSS) vulnerability in oe2edit.cgi in oe2edit CMS ...)
	NOT-FOR-US: oe2edit CMS
CVE-2007-2084 (** DISPUTED ** ...)
	NOT-FOR-US: MobilePublisherphp
CVE-2007-2083 (vsdatant.sys in Check Point Zone Labs ZoneAlarm Pro before 7.0.302.000 ...)
	NOT-FOR-US: Check Point Zone Labs ZoneAlarm Internet Security Suite
CVE-2007-2082 (Direct static code injection vulnerability in admin/settings.php in ...)
	NOT-FOR-US: MyBlog
CVE-2007-2081 (MyBlog 0.9.8 and earlier allows remote attackers to bypass ...)
	NOT-FOR-US: MyBlog
CVE-2007-2080 (Multiple SQL injection vulnerabilities in XAMPP 1.6.0a for Windows ...)
	NOT-FOR-US: XAMPP
CVE-2007-2079 (The ADONewConnection Connect function in adodb.php in XAMPP 1.6.0a and ...)
	NOT-FOR-US: XAMPP
CVE-2007-2078 (** DISPUTED ** ...)
	NOT-FOR-US: Maian Weblog
CVE-2007-2077 (PHP remote file inclusion vulnerability in search.php in Maian Search ...)
	NOT-FOR-US: Maian Search
CVE-2007-2076 (PHP remote file inclusion vulnerability in index.php in Maian Gallery ...)
	NOT-FOR-US: Maian Gallery
CVE-2007-2075 (ScramDisk 4 Linux before 1.0-1 does not perform permission checks on ...)
	NOT-FOR-US: ScramDisk
CVE-2007-2074 (Certain programs in containers in ScramDisk 4 Linux before 1.0-1 ...)
	NOT-FOR-US: ScramDisk
CVE-2007-2073 (PHP remote file inclusion vulnerability in index.php in Ivan Gallery ...)
	NOT-FOR-US: Ivan Gallery Script
CVE-2007-2072 (** DISPUTED ** ...)
	NOT-FOR-US: Ivan Gallery Script
CVE-2007-2071 (Multiple cross-site scripting (XSS) vulnerabilities in Open-gorotto ...)
	NOT-FOR-US: Open-gorotto
CVE-2007-2070 (Multiple PHP remote file inclusion vulnerabilities in Turnkey Web ...)
	NOT-FOR-US: SunShop Shopping Cart
CVE-2007-2069 (Directory traversal vulnerability in scr/soustab.php in openMairie ...)
	NOT-FOR-US: openMairie
CVE-2007-2068 (Multiple PHP remote file inclusion vulnerabilities in the StoreFront ...)
	NOT-FOR-US: StoreFront extension for Gallery
CVE-2007-2067 (Multiple PHP remote file inclusion vulnerabilities in Marco Antonio ...)
	NOT-FOR-US: WebSlider
CVE-2007-2066 (UseBB before 1.0.6 allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: UseBB
CVE-2007-2065 (PHP remote file inclusion vulnerability in db/PollDB.php in Robert ...)
	NOT-FOR-US: ActionPoll
CVE-2007-2064 (Multiple PHP remote file inclusion vulnerabilities in Robert ...)
	NOT-FOR-US: ActionPoll
CVE-2007-2063 (SSH Tectia Server for IBM z/OS before 5.4.0 uses insecure ...)
	NOT-FOR-US: IBM zOS
CVE-2007-2062 (Stack-based buffer overflow in VCDGear 3.55 and 3.56 BETA allows ...)
	NOT-FOR-US: VCDGear
CVE-2007-2061 (Cross-site scripting (XSS) vulnerability in check_login.asp in ...)
	NOT-FOR-US: MailBee WebMail Pro
CVE-2007-2060 (Cross-zone scripting vulnerability in the Wizz RSS Reader before 2.1.9 ...)
	NOT-FOR-US: Wizz RSS Reader
CVE-2007-2059 (Multiple buffer overflows in the ESA protocol implementation in ...)
	NOT-FOR-US: eIQnetworks Enterprise Security Analyzer
CVE-2007-2058 (Directory traversal vulnerability in Acubix PicoZip 4.02 allows ...)
	NOT-FOR-US: Acubix PicoZip
CVE-2007-2057 (Stack-based buffer overflow in aircrack-ng airodump-ng 0.7 allows ...)
	{DSA-1280-1 DTSA-35-1}
	- aircrack-ng 1:0.7-3 (medium)
	NOTE: http://trac.aircrack-ng.org/changeset/288
CVE-2007-2056
	REJECTED
CVE-2007-2055 (AFFLIB 2.2.8 and earlier allows attackers to execute arbitrary ...)
	NOT-FOR-US: AFFLIB
CVE-2007-2054 (Multiple format string vulnerabilities in AFFLIB before 2.2.6 allow ...)
	NOT-FOR-US: AFFLIB
CVE-2007-2053 (Multiple stack-based buffer overflows in AFFLIB before 2.2.6 allow ...)
	NOT-FOR-US: AFFLIB
CVE-2007-2052 (Off-by-one error in the PyLocale_strxfrm function in ...)
	{DSA-1620-1 DSA-1551-1}
	- python2.4 2.4.4-3 (bug #416931; low)
	- python2.5 2.5.1-1 (bug #416934; low)
	- python2.3 <removed> (low)
CVE-2007-2051 (Buffer overflow in the parsecmd function in bftpd before 1.8 has ...)
	NOT-FOR-US: bftpd
CVE-2007-2050 (Multiple directory traversal vulnerabilities in header.php in ...)
	NOT-FOR-US: RicarGBooK
CVE-2007-2049 (Multiple PHP remote file inclusion vulnerabilities in the Calendar ...)
	NOT-FOR-US: Calendar Module for Mambo
CVE-2007-2048 (Directory traversal vulnerability in /console in the Management ...)
	NOT-FOR-US: webMethods Glue
CVE-2007-2047 (CRLF injection vulnerability in www/delivery/ck.php in Openads 2.3 ...)
	NOT-FOR-US: Openads
CVE-2007-2046 (Multiple CRLF injection vulnerabilities in adclick.php in (a) Openads ...)
	NOT-FOR-US: Openads
CVE-2007-2045 (Unspecified vulnerability in the IP implementation in Sun Solaris 8 ...)
	NOT-FOR-US: Sun Solaris
CVE-2007-2044 (PHP remote file inclusion vulnerability in mod_weather.php in the ...)
	NOT-FOR-US: Weather module for Mambo and Joomla
CVE-2007-2043 (Multiple PHP remote file inclusion vulnerabilities in the Avant-Garde ...)
	NOT-FOR-US: MOSMedia Lite
CVE-2007-2042 (Multiple PHP remote file inclusion vulnerabilities in the Avant-Garde ...)
	NOT-FOR-US: MOSMedia Lite
CVE-2007-2041 (Cisco Wireless LAN Controller (WLC) before 4.0.206.0 saves the WLAN ...)
	NOT-FOR-US: Cisco
CVE-2007-2040 (Cisco Aironet 1000 Series and 1500 Series Lightweight Access Points ...)
	NOT-FOR-US: Cisco
CVE-2007-2039 (The Network Processing Unit (NPU) in the Cisco Wireless LAN Controller ...)
	NOT-FOR-US: Cisco
CVE-2007-2038 (The Network Processing Unit (NPU) in the Cisco Wireless LAN Controller ...)
	NOT-FOR-US: Cisco
CVE-2007-2037 (Cisco Wireless LAN Controller (WLC) before 3.2.116.21, and 4.0.x ...)
	NOT-FOR-US: Cisco
CVE-2007-2036 (The SNMP implementation in the Cisco Wireless LAN Controller (WLC) ...)
	NOT-FOR-US: Cisco
CVE-2007-2035 (Cisco Wireless Control System (WCS) before 4.0.66.0 stores sensitive ...)
	NOT-FOR-US: Cisco
CVE-2007-2034 (Unspecified vulnerability in Cisco Wireless Control System (WCS) ...)
	NOT-FOR-US: Cisco
CVE-2007-2033 (Unspecified vulnerability in Cisco Wireless Control System (WCS) ...)
	NOT-FOR-US: Cisco
CVE-2007-2032 (Cisco Wireless Control System (WCS) before 4.0.96.0 has a hard-coded ...)
	NOT-FOR-US: Cisco
CVE-2007-2031 (Buffer overflow in the HTTP proxy service for 3proxy 0.5 to 0.5.3g, ...)
	NOT-FOR-US: 3proxy
CVE-2007-2030 (lharc.c in lha does not securely create temporary files, which might ...)
	- lha 1.14i-10.2 (bug #437621; low)
	[sarge] - lha <no-dsa> (Non-free not supported)
	[etch] - lha <no-dsa> (Non-free not supported)
CVE-2007-2029 (File descriptor leak in the PDF handler in Clam AntiVirus (ClamAV) ...)
	{DSA-1281-1 DTSA-37-1}
	- clamav 0.90.2-1 (low; bug #418849)
	NOTE: closed report: https://wwws.clamav.net/bugzilla/show_bug.cgi?id=459
	NOTE: Commit r3021 looks as if it's just a null pointer dereference.
CVE-2007-2028 (Memory leak in freeRADIUS 1.1.5 and earlier allows remote attackers to ...)
	- freeradius 1.1.6-1 (low)
	[sarge] - freeradius <no-dsa> (Minor issue)
	[etch] - freeradius <no-dsa> (Minor issue)
CVE-2007-2027 (Untrusted search path vulnerability in the add_filename_to_string ...)
	- elinks 0.11.1-1.4 (bug #417789; low)
	[sarge] - elinks <no-dsa> (Hardly exploitable)
	[etch] - elinks <no-dsa> (Hardly exploitable)
	NOTE: Unrealistic attack vector, no evidence code injection is possible
CVE-2007-2026 (The gnu regular expression code in file 4.20 allows context-dependent ...)
	- file 4.20-6 (low)
	[etch] - file 4.17-5etch3
	[sarge] - file <not-affected> (version too old)
CVE-2007-2025 (Unrestricted file upload vulnerability in the UpLoad feature ...)
	{DSA-1371-1}
	- phpwiki 1.3.12p3-6.1 (bug #441390)
CVE-2007-2024 (Unrestricted file upload vulnerability in the UpLoad feature ...)
	{DSA-1371-1}
	- phpwiki 1.3.12p3-6.1 (bug #441390)
CVE-2007-2023 (USB20.dll in Secustick USB flash drive decouples the authorization and ...)
	NOT-FOR-US: Secustick USB flash drive
CVE-2007-2022 (Adobe Macromedia Flash Player 7 and 9, when used with Opera before ...)
	- flashplugin-nonfree 9.0.48.0.1
	[sarge] - flashplugin-nonfree <no-dsa> (Non-free not supported)
	[etch] - flashplugin-nonfree <no-dsa> (Non-free not supported)
	NOTE: Flash Plugin has a vulnerablity, which will only be disclosed in a few months
	NOTE: Some browser vendors produce updates, which fix this issue on the browser side,
	NOTE: but that it not of concern for Debian
CVE-2007-2021 (Multiple PHP remote file inclusion vulnerabilities in Pineapple ...)
	NOT-FOR-US: Pineapple Technologies Lore
CVE-2007-2020 (** DISPUTED ** ...)
	NOT-FOR-US: xodagallery
CVE-2007-2019 (PHP remote file inclusion vulnerability in init.gallery.php in ...)
	NOT-FOR-US: phpGalleryScript
CVE-2007-2018 (SQL injection vulnerability in msg.php in AlstraSoft Video Share ...)
	NOT-FOR-US: AlstraSoft Video Share Enterprise
CVE-2007-2017 (siteadmin/useredit.php in AlstraSoft Video Share Enterprise does not ...)
	NOT-FOR-US: AlstraSoft Video Share Enterprise
CVE-2007-2016 (Cross-site scripting (XSS) vulnerability in mysql/phpinfo.php in ...)
	- phpmyadmin 4:2.6.2-3 (unimportant)
CVE-2007-2015 (PHP remote file inclusion vulnerability in index.php in Request It ...)
	NOT-FOR-US: Request It
CVE-2007-2014 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: MyNews
CVE-2007-2013 (Cross-site scripting (XSS) vulnerability in index.php in JEx-Treme ...)
	NOT-FOR-US: Passworschutz
CVE-2007-2012 (Multiple directory traversal vulnerabilities in MimarSinan CompreXX ...)
	NOT-FOR-US: CompreXX
CVE-2007-2011 (Cross-site scripting (XSS) vulnerability in login.php in DeskPro 2.0.1 ...)
	NOT-FOR-US: DeskPro
CVE-2007-2010 (Double free vulnerability in bftpd before 1.8 allows remote ...)
	NOT-FOR-US: bftpd
CVE-2007-2009 (PHP remote file inclusion vulnerability in index.php in SimpCMS Light ...)
	NOT-FOR-US: SimpCMS Light
CVE-2007-2008 (Directory traversal vulnerability in admin.php in pL-PHP beta 0.9 ...)
	NOT-FOR-US: pL-PHP
CVE-2007-2007 (admin.php in pL-PHP beta 0.9 allows remote attackers to bypass ...)
	NOT-FOR-US: pL-PHP
CVE-2007-2006 (Multiple SQL injection vulnerabilities in login.php in pL-PHP beta 0.9 ...)
	NOT-FOR-US: pL-PHP
CVE-2007-2005 (Multiple PHP remote file inclusion vulnerabilities in the Taskhopper ...)
	NOT-FOR-US: Taskhopper component for Mambo and Joomla
CVE-2007-2004 (Multiple SQL injection vulnerabilities in InoutMailingListManager 3.1 ...)
	{DTSA-133-1}
	NOT-FOR-US: InoutMailingListManager
CVE-2007-2003 (InoutMailingListManager 3.1 and earlier sends a Location redirect ...)
	NOT-FOR-US: InoutMailingListManager
CVE-2007-2002 (InoutMailingListManager 3.1 and earlier allows remote attackers to ...)
	NOT-FOR-US: InoutMailingListManager
CVE-2007-2001 (Multiple direct static code injection vulnerabilities in ...)
	NOT-FOR-US: Crea-Book
CVE-2007-2000 (Multiple SQL injection vulnerabilities in admin/admin.php in Crea-Book ...)
	NOT-FOR-US: Crea-Book
CVE-2007-1999 (PHP remote file inclusion vulnerability in index.php in Weatimages ...)
	NOT-FOR-US: Weatimages
CVE-2007-1998 (Direct static code injection vulnerability in HIOX Guest Book (HGB) ...)
	NOT-FOR-US: HIOX Guest Book
CVE-2007-1997 (Integer signedness error in the (1) cab_unstore and (2) cab_extract ...)
	{DSA-1281-1 DTSA-37-1}
	- clamav 0.90.2-1 (high)
CVE-2007-1996 (PHP remote file inclusion vulnerability in codebreak.php in CodeBreak, ...)
	NOT-FOR-US: CodeBreak
CVE-2007-1995 (bgpd/bgp_attr.c in Quagga 0.98.6 and earlier, and 0.99.6 and earlier ...)
	{DSA-1293-1}
	- quagga 0.99.6-5 (low; bug #418323)
	NOTE: The attributes are non-transitive, which means that they
	NOTE: are not propagated via BGP and therefore must originate
	NOTE: from a peer (which is explicitly configured).
CVE-2007-1994 (Unspecified vulnerability in the Address and Routing Parameter Area ...)
	NOT-FOR-US: HP-UX ARPA transport
CVE-2007-1993 (Buffer overflow in the pfs_mountd.rpc RPC daemon in the Portable File ...)
	NOT-FOR-US: HP-UX Portable File System
CVE-2007-1992 (Multiple PHP remote file inclusion vulnerabilities in the com_zoom 2.5 ...)
	NOT-FOR-US: com_zoom
CVE-2007-1991 (Cross-site scripting (XSS) vulnerability in mail/signup.asp in ...)
	NOT-FOR-US: CmailServer WebMail
CVE-2007-1990 (PHP remote file inclusion vulnerability in games.php in Sam Crew ...)
	NOT-FOR-US: MyBlog
CVE-2007-1989 (Multiple cross-site scripting (XSS) vulnerabilities in DotClear before ...)
	NOT-FOR-US: DotClear
CVE-2007-1988 (Cross-site scripting (XSS) vulnerability in kernel/filters.inc.php in ...)
	NOT-FOR-US: PHPEcho CMS
CVE-2007-1987 (** DISPUTED ** ...)
	NOT-FOR-US: PHPEcho CMS
CVE-2007-1986 (Multiple PHP remote file inclusion vulnerabilities in barnraiser ...)
	NOT-FOR-US: AROUNDMe
CVE-2007-1985 (Multiple PHP remote file inclusion vulnerabilities in ...)
	NOT-FOR-US: phpexplorator
CVE-2007-1984 (PHP remote file inclusion vulnerability in index.php in lite-cms 0.2.1 ...)
	NOT-FOR-US: lite-cms
CVE-2007-1983 (PHP remote file inclusion vulnerability in include/default_header.php ...)
	NOT-FOR-US: Cyboards PHP Lite
CVE-2007-1982 (Multiple PHP remote file inclusion vulnerabilities in Really Simple ...)
	NOT-FOR-US: Really Simple PHP and Ajax
CVE-2007-1981 (The safevoid_vsnprintf function in Metamod-P 1.19p29 and earlier on ...)
	NOT-FOR-US: Metamod-P
CVE-2007-1980 (SQL injection vulnerability in index.php in the Topliste 1.0 module ...)
	NOT-FOR-US: Topliste module for PHP-Fusion
CVE-2007-1979 (SQL injection vulnerability in index.php in the PopnupBlog 2.52 and ...)
	NOT-FOR-US: PopnupBlog module for Xoops
CVE-2007-1978 (SQL injection vulnerability in index.php in the Arcade 1.00 module for ...)
	NOT-FOR-US: Arcade module for PHP-Fusion
CVE-2007-1977 (Cross-site scripting (XSS) vulnerability in index_cms.php in holaCMS ...)
	NOT-FOR-US: holaCMS
CVE-2007-1976 (** DISPUTED ** ...)
	NOT-FOR-US: Virii Info module for Xoops
CVE-2007-1975 (Multiple PHP remote file inclusion vulnerabilities in SLAED CMS 2 ...)
	NOT-FOR-US: SLAED CMS
CVE-2007-1974 (SQL injection vulnerability in the getArticle function in ...)
	NOT-FOR-US: Xoops modules
CVE-2007-1973 (Race condition in the Virtual DOS Machine (VDM) in the Windows Kernel ...)
	NOT-FOR-US: Microsoft Windows
CVE-2007-1972 (** DISPUTED ** ...)
	NOT-FOR-US: BMC Patrol PerformAgent
CVE-2006-7194 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: Agora
CVE-2006-7193 (** DISPUTED ** ...)
	NOT-FOR-US: disputed (SMARTY_DIR is a constant)
CVE-2003-1325 (The SV_CheckForDuplicateNames function in Valve Software Half-Life ...)
	NOT-FOR-US: Half-Life
CVE-2007-XXXX [mydms SQL injection]
	- mydms 1.4.4+1-5
CVE-2007-1971 (SQL injection vulnerability in fotokategori.asp in Gazi Okul Sitesi ...)
	NOT-FOR-US: fotokategori.asp
CVE-2007-1970 (Mozilla Firefox does not warn the user about HTTP elements on an HTTPS ...)
	- iceweasel <unfixed> (low)
	[etch] - iceweasel <no-dsa> (Minor issue)
CVE-2007-1969 (Cross-site scripting (XSS) vulnerability in admin/modify.php in Sam ...)
	NOT-FOR-US: MyBlog
CVE-2007-1968 (PHP remote file inclusion vulnerability in games.php in Sam Crew ...)
	NOT-FOR-US: MyBlog
CVE-2007-1967 (** DISPUTED ** ...)
	NOT-FOR-US: stat12
CVE-2007-1966 (Session fixation vulnerability in eXV2 CMS 2.0.4.3 and earlier allows ...)
	NOT-FOR-US: eXV2 CMS
CVE-2007-1965 (Multiple cross-site scripting (XSS) vulnerabilities in eXV2 CMS ...)
	NOT-FOR-US: eXV2 CMS
CVE-2007-1964 (member.php in MyBB (aka MyBulletinBoard), when debug mode is ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2007-1963 (SQL injection vulnerability in the create_session function in ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2007-1962 (SQL injection vulnerability in index.php in the WF-Snippets 1.02 and ...)
	NOT-FOR-US: WF-Snippets module for Xoops
CVE-2007-1961 (PHP remote file inclusion vulnerability in mutant_functions.php in the ...)
	NOT-FOR-US: Mutant portal for phpBB
CVE-2007-1960 (SQL injection vulnerability in visit.php in the Rha7 Downloads ...)
	NOT-FOR-US: Rha7 Downloads
CVE-2007-1959 (Unspecified vulnerability in the process_cmdent function in ...)
	- tinymux <unfixed> (unimportant)
CVE-2007-1958 (Buffer overflow in TinyMUX before 2.4 allows attackers to cause a ...)
	- tinymux 2.4.3.31-1
CVE-2007-1957 (Multiple PHP remote file inclusion vulnerabilities in Guernion Sylvain ...)
	NOT-FOR-US: Portail Web Php
CVE-2007-1956 (SQL injection vulnerability in ubbthreads.php in Groupee UBB.threads ...)
	NOT-FOR-US: Groupee UBB.threads
CVE-2007-1955 (Multiple stack-based buffer overflows in the SignKorea SKCrypAX ...)
	NOT-FOR-US: SKCrypAX ActiveX control
CVE-2007-1954 (Multiple directory traversal vulnerabilities in ArchiveXpert 2.02 ...)
	NOT-FOR-US: ArchiveXpert
CVE-2007-1953 (Session fixation vulnerability in onelook courts on-line allows remote ...)
	NOT-FOR-US: onelook courts on-line
CVE-2007-1952 (Session fixation vulnerability in onelook onebyone CMS allows remote ...)
	NOT-FOR-US: onelook onebyone CMS
CVE-2007-1951 (Session fixation vulnerability in onelook obo Shop allows remote ...)
	NOT-FOR-US: onelook obo Shop
CVE-2007-1950 (Cross-site scripting (XSS) vulnerability in index_cms.php in ...)
	NOT-FOR-US: WebBlizzard CMS
CVE-2007-1949 (Session fixation vulnerability in WebBlizzard CMS allows remote ...)
	NOT-FOR-US: WebBlizzard CMS
CVE-2007-1948 (Buffer overflow in IrfanView 3.99 allows context-dependent attackers ...)
	NOT-FOR-US: IrfanView
CVE-2007-1947 (Cross-zone scripting vulnerability in the DOM templates (domplates) ...)
	NOT-FOR-US: Firebug extension for Firefox
CVE-2007-1946 (Integer overflow in Windows Explorer in Microsoft Windows XP SP1 might ...)
	NOT-FOR-US: WIndows Explorer
CVE-2007-1945 (Unspecified vulnerability in the Servlet Engine/Web Container in IBM ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2007-1944 (The Java Message Service (JMS) in IBM WebSphere Application Server ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2007-1943 (Integer overflow in ACDSee Photo Manager 9.0 allows context-dependent ...)
	NOT-FOR-US: ACDSee Photo Manager
CVE-2007-1942 (Integer overflow in FastStone Image Viewer 2.9 allows ...)
	NOT-FOR-US: FastStone Image Viewer
CVE-2007-1941 (Cross-site scripting (XSS) vulnerability in the Active Content Filter ...)
	NOT-FOR-US: Domino Web Access
CVE-2007-1940 (IBM Tivoli Business Service Manager (TBSM) 4.1 before Interim Fix 1 ...)
	NOT-FOR-US: IBM Tivoli Business Service Manager
CVE-2007-1939 (Cross-site scripting (XSS) vulnerability in the embedded webserver in ...)
	NOT-FOR-US: LanguageTool
CVE-2007-1938 (Ichitaro 2005 through 2007, and possibly related products, allows ...)
	NOT-FOR-US: Ichitaro
CVE-2007-1937 (PHP remote file inclusion vulnerability in smilies.php in Scorp Book ...)
	NOT-FOR-US: Scorp Book
CVE-2007-1936 (PHP remote file inclusion vulnerability in scaradcontrol.php in ...)
	NOT-FOR-US: ScarAdControl
CVE-2007-1935 (PHP file inclusion vulnerability in admin/index.php in ScarAdControl ...)
	NOT-FOR-US: ScarAdControl
CVE-2007-1934 (Directory traversal vulnerability in member.php in the eBoard 1.0.7 ...)
	NOT-FOR-US: eBoard module for PHP-Nuke
CVE-2007-1933 (Multiple directory traversal vulnerabilities in PcP-Guestbook ...)
	NOT-FOR-US: PcP-Guestbook
CVE-2007-1932 (Directory traversal vulnerability in scarnews.inc.php in ScarNews ...)
	NOT-FOR-US: ScarNews
CVE-2007-1931 (SQL injection vulnerability in index.php in the slownik module in ...)
	NOT-FOR-US: SmodCMS
CVE-2007-1930 (Directory traversal vulnerability in download2.php in cattaDoc 2.21, ...)
	NOT-FOR-US: cattaDoc
CVE-2007-1929 (Directory traversal vulnerability in downloadpic.php in Beryo 2.0, and ...)
	NOT-FOR-US: Beryo
CVE-2007-1928 (Directory traversal vulnerability in index.php in witshare 0.9 allows ...)
	NOT-FOR-US: witshare
CVE-2007-1927 (Cross-site scripting (XSS) vulnerability in signup.asp in CmailServer ...)
	NOT-FOR-US: CmailServer WebMail
CVE-2007-1926 (Cross-site scripting (XSS) vulnerability in JBMC Software DirectAdmin ...)
	NOT-FOR-US: JBMC Software DirectAdmin
CVE-2007-1925 (The borrado function in modules/Your_Account/index.php in Tru-Zone ...)
	NOT-FOR-US: Tru-Zone Nuke ET
CVE-2007-1924 (** DISPUTED ** ...)
	NOT-FOR-US: phpContact
CVE-2007-1923 ((1) LedgerSMB and (2) DWS Systems SQL-Ledger implement access control ...)
	- sql-ledger <unfixed> (unimportant; bug #409703)
CVE-2007-1922 (The Impulse Tracker (IT) and ScreamTracker 3 (S3M) modules in ...)
	NOT-FOR-US: Winamp
CVE-2007-1921 (LIBSNDFILE.DLL, as used by AOL Nullsoft Winamp 5.33 and possibly other ...)
	NOT-FOR-US: Winamp
CVE-2007-1920 (SQL injection vulnerability in index.php in the aktualnosci module in ...)
	NOT-FOR-US: aktualnosci module in SmodBIP
CVE-2007-1919 (Cross-site scripting (XSS) vulnerability in index.php in Arizona Dream ...)
	NOT-FOR-US: Arizona Dream Livre d'or
CVE-2007-1918 (The RFC_SET_REG_SERVER_PROPERTY function in the SAP RFC Library 6.40 ...)
	NOT-FOR-US: SAP RFC Library
CVE-2007-1917 (Buffer overflow in the SYSTEM_CREATE_INSTANCE function in the SAP RFC ...)
	NOT-FOR-US: SAP RFC Library
CVE-2007-1916 (Buffer overflow in the RFC_START_GUI function in the SAP RFC Library ...)
	NOT-FOR-US: SAP RFC Library
CVE-2007-1915 (Buffer overflow in the RFC_START_PROGRAM function in the SAP RFC ...)
	NOT-FOR-US: SAP RFC Library
CVE-2007-1914 (The RFC_START_PROGRAM function in the SAP RFC Library 6.40 and 7.00 ...)
	NOT-FOR-US: SAP RFC Library
CVE-2007-1913 (The TRUSTED_SYSTEM_SECURITY function in the SAP RFC Library 6.40 and ...)
	NOT-FOR-US: SAP RFC Library
CVE-2007-1912 (Heap-based buffer overflow in Microsoft Windows allows user-assisted ...)
	NOT-FOR-US: Microsoft Windows
CVE-2007-1911 (Multiple unspecified vulnerabilities in Microsoft Word 2007 allow ...)
	NOT-FOR-US: Microsoft Word
CVE-2007-1910 (Buffer overflow in wwlib.dll in Microsoft Word 2007 allows remote ...)
	NOT-FOR-US: Microsoft Word
CVE-2007-1909 (SQL injection vulnerability in login.php in Ryan Haudenschilt ...)
	NOT-FOR-US: Battle.net Clan Script
CVE-2007-1908 (PHP file inclusion vulnerability in php121db.php in PHP121 Instant ...)
	NOT-FOR-US: PHP121 Instant Messenger
CVE-2007-1907 (PHP remote file inclusion vulnerability in warn.php in Pathos Content ...)
	NOT-FOR-US: Pathos CMS
CVE-2007-1906 (Directory traversal vulnerability in richedit/keyboard.php in eCardMAX ...)
	NOT-FOR-US: eCardMAX HotEditor
CVE-2007-1905 (Cross-site scripting (XSS) vulnerability in auth.php in Pineapple ...)
	NOT-FOR-US: QuizShock
CVE-2007-1904 (Directory traversal vulnerability in AOL Instant Messenger (AIM) 5.9 ...)
	NOT-FOR-US: AOL Instant Messenger
CVE-2007-1903 (Cross-site scripting (XSS) vulnerability in search.php in SonicBB 1.0 ...)
	NOT-FOR-US: SonicBB
CVE-2007-1902 (Multiple SQL injection vulnerabilities in SonicBB 1.0 allow remote ...)
	NOT-FOR-US: SonicBB
CVE-2007-1901 (SonicBB 1.0 allows remote attackers to obtain sensitive information ...)
	NOT-FOR-US: SonicBB
CVE-2007-1900 (CRLF injection vulnerability in the FILTER_VALIDATE_EMAIL filter in ...)
	{DSA-1283-1 DTSA-39-1}
	- php5 5.2.0-11 (low)
CVE-2007-1899 (Multiple SQL injection vulnerabilities in myWebland myBloggie 2.1.6 ...)
	NOT-FOR-US: myWebland myBloggie
CVE-2007-1898 (formmail.php in Jetbox CMS 2.1 allows remote attackers to send ...)
	NOT-FOR-US: Jetbox CMS
CVE-2007-1897 (SQL injection vulnerability in xmlrpc (xmlrpc.php) in WordPress 2.1.2, ...)
	{DSA-1285-1}
	- wordpress 2.1.3-1 (medium)
CVE-2007-1896 (Directory traversal vulnerability in chat.php in Sky GUNNING MySpeach ...)
	NOT-FOR-US: Sky GUNNING MySpeach
CVE-2007-1895 (PHP remote file inclusion vulnerability in chat.php in Sky GUNNING ...)
	NOT-FOR-US: Sky GUNNING MySpeach
CVE-2007-1894 (Cross-site scripting (XSS) vulnerability in ...)
	{DSA-1285-1}
	- wordpress 2.1.3-1 (medium)
CVE-2007-1893 (xmlrpc (xmlrpc.php) in WordPress 2.1.2, and probably earlier, allows ...)
	{DSA-1285-1}
	- wordpress 2.1.3-1 (medium)
CVE-2007-1892 (Stack-based buffer overflow in Akamai Technologies Download Manager ...)
	NOT-FOR-US: Akamai
CVE-2007-1891 (Stack-based buffer overflow in the GetPrivateProfileSectionW function ...)
	NOT-FOR-US: Akamai
CVE-2007-1890 (Integer overflow in the msg_receive function in PHP 4 before 4.4.5 and ...)
	- php4 <unfixed> (unimportant)
	- php5 <unfixed> (unimportant)
	NOTE: local code execution only, possibly only on FreeBSD
CVE-2007-1889 (Integer signedness error in the _zend_mm_alloc_int function in the ...)
	{DSA-1283-1 DTSA-39-1}
	- php5 5.2.0-11 (medium)
CVE-2007-1888 (Buffer overflow in the sqlite_decode_binary function in src/encode.c ...)
	- sqlite 2.8.17-2.1 (unimportant; bug #441233)
	NOTE: this is really just an "unsafe" API, not really a security issue against sqlite itself.
	NOTE: SQLite 3 no longer contains the affected function.
CVE-2007-1887 (Buffer overflow in the sqlite_decode_binary function in the bundled ...)
	{DSA-1283-1 DTSA-39-1}
	- php4 <not-affected> (SQLite not enabled in PHP 4 packages)
	- php5 5.2.0-11 (medium)
	NOTE: php5 is vulnerable due to improper use of the system sqlite libs
CVE-2007-1886 (Integer overflow in the str_replace function in PHP 4.4.5 and PHP ...)
	NOTE: Duplicate of CVE-2007-1885
CVE-2007-1885 (Integer overflow in the str_replace function in PHP 4 before 4.4.5 and ...)
	NOTE: Dupe of CVE-2007-0906; Fixed in DSA-1264, php5 5.2.0-9, php4 6:4.4.4-9
CVE-2007-1884 (Multiple integer signedness errors in the printf function family in ...)
	NOTE: Dupe of CVE-2007-0909; Fixed in DSA-1264, php5 5.2.0-9, php4 6:4.4.4-9
CVE-2007-1883 (PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 allows ...)
	- php4 <unfixed> (unimportant)
	- php5 <unfixed> (unimportant)
	NOTE: Only triggerable by malicious script
CVE-2007-1882 (qcbin/servlet/tdservlet/TDAPI_GeneralWebTreatment in HP Mercury ...)
	NOT-FOR-US: HP Mercury Quality Center
CVE-2007-1881 (Unspecified vulnerability in KLIF (klif.sys) in Kaspersky Anti-Virus, ...)
	NOT-FOR-US: Kaspersky Anti-Virus
CVE-2007-1880 (Integer overflow in the _NtSetValueKey function in klif.sys in ...)
	NOT-FOR-US: Kaspersky Anti-Virus
CVE-2007-1879 (The StartUploading function in KL.SysInfo ActiveX control ...)
	NOT-FOR-US: KL.SysInfo ActiveX control
CVE-2007-1878 (Cross-zone scripting vulnerability in the DOM templates (domplates) ...)
	NOT-FOR-US: Firebug extension for Firefox
CVE-2007-1877 (VMware Workstation before 5.5.4 allows attackers to cause a denial of ...)
	NOT-FOR-US: VMware
CVE-2007-1876 (VMware Workstation before 5.5.4, when running a 64-bit Windows guest ...)
	NOT-FOR-US: VMware
CVE-2007-1875
	RESERVED
CVE-2007-1874 (Adobe ColdFusion MX 7 for Linux and Solaris uses insecure permissions ...)
	NOT-FOR-US: Adobe ColdFusion MX
CVE-2007-1873 (Cross-site scripting (XSS) vulnerability in Mephisto 0.7.3 allows ...)
	NOT-FOR-US: mephisto
CVE-2007-1872 (Cross-site scripting (XSS) vulnerability in toendaCMS 1.5.3 allows ...)
	NOT-FOR-US: toendaCMS
CVE-2007-1871 (Cross-site scripting (XSS) vulnerability in chcounter 3.1.3 allows ...)
	NOT-FOR-US: chcounter
CVE-2007-1870 (lighttpd before 1.4.14 allows attackers to cause a denial of service ...)
	{DSA-1303-1}
	- lighttpd 1.4.15-1 (low; bug #422254)
CVE-2007-1869 (lighttpd 1.4.12 and 1.4.13 allows remote attackers to cause a denial ...)
	{DSA-1303-1}
	- lighttpd 1.4.15-1 (medium; bug #422254)
CVE-2007-1868 (The management service in IBM Tivoli Provisioning Manager for OS ...)
	NOT-FOR-US: IBM Tivoli Provisioning Manager
CVE-2007-1867 (Buffer overflow in IrfanView 3.99 allows remote attackers to execute ...)
	NOT-FOR-US: IrfanView
CVE-2007-1866 (Stack-based buffer overflow in the dns_decode_reverse_name function in ...)
	NOT-FOR-US: dproxy-nexgen
CVE-2007-1865 (** DISPUTED ** ...)
	NOT-FOR-US: not a bug
CVE-2007-1864 (Buffer overflow in the bundled libxmlrpc library in PHP before 4.4.7, ...)
	{DSA-1331-1 DSA-1330-1}
	- php4 <unfixed>
	- php5 5.2.2-1
CVE-2007-1863 (cache_util.c in the mod_cache module in Apache HTTP Server (httpd), ...)
	- apache2 2.2.4-1 (low)
	- apache <removed> (unimportant)
	[sarge] - apache2 2.0.54-5sarge2
	[etch] - apache2 2.2.3-4+etch2
	NOTE: Apache 1.3 is non-threaded, therefore unimportant
CVE-2007-1862 (The recall_headers function in mod_mem_cache in Apache 2.2.4 does not ...)
	- apache2 <not-affected> (Only Apache 2.2.4 was affected, and all versions of 2.2.4 in Debian are fixed)
CVE-2007-1861 (The nl_fib_lookup function in net/ipv4/fib_frontend.c in Linux Kernel ...)
	{DSA-1289-1}
	- linux-2.6 2.6.21-1
CVE-2007-1860 (mod_jk in Apache Tomcat JK Web Server Connector 1.2.x before 1.2.23 ...)
	{DSA-1312-1}
	- libapache-mod-jk 1:1.2.23-1 (bug #425836)
CVE-2007-1859 (XScreenSaver 4.10, when using a remote directory service for ...)
	- xscreensaver 5.03-1 (low; bug #433964)
	[etch] - xscreensaver <no-dsa> (Minor issue, requires attacker with high level of control, see #433964)
	[sarge] - xscreensaver <no-dsa> (Minor issue, requires attacker with high level of control, see #433964)
CVE-2007-1858 (The default SSL cipher configuration in Apache Tomcat 4.1.28 through ...)
	NOTE: insecure ciphers should not be (and usually are not) enabled in browsers
	[sarge] - tomcat4 <no-dsa> (low)
	[etch] - tomcat5 <no-dsa> (low; bug #423435)
	- tomcat5 <unfixed> (low; bug #423435)
	- tomcat5.5 5.5.17-1 (low)
	- tomcat4 <removed> (low)
CVE-2007-1857
	RESERVED
CVE-2007-1856 (Vixie Cron before 4.1-r10 on Gentoo Linux is installed with insecure ...)
	- cron <not-affected> (Debian uses proper permission scheme)
CVE-2007-1855 (Multiple PHP remote file inclusion vulnerabilities in ...)
	NOT-FOR-US: Shop-Script
CVE-2007-1854 (Unspecified vulnerability in Hitachi Cosminexus Component Container ...)
	NOT-FOR-US: Hitachi Cosminexus Component Container
CVE-2007-1853 (Unspecified vulnerability in Hitachi JP1/HiCommand DeviceManager, ...)
	NOT-FOR-US: Hitachi DeviceManager
CVE-2007-1852 (** DISPUTED ** ...)
	NOT-FOR-US: 2BGal
CVE-2007-1851 (Multiple directory traversal vulnerabilities in Really Simple PHP and ...)
	NOT-FOR-US: Really Simple PHP and Ajax
CVE-2007-1850 (Directory traversal vulnerability in classes/captcha/captcha.jpg.php ...)
	NOT-FOR-US: Drake CMS
CVE-2007-1849 (Directory traversal vulnerability in 404.php in Drake CMS allows ...)
	NOT-FOR-US: Drake CMS
CVE-2007-1848 (Cross-site scripting (XSS) vulnerability in admin/classes/ui.dta.php ...)
	NOT-FOR-US: Drake CMS
CVE-2007-1847 (SQL injection vulnerability in viewcat.php in the Repository module ...)
	NOT-FOR-US: Repository module for Xoops
CVE-2007-1846 (SQL injection vulnerability in index.php in the MyAds 2.04jp and ...)
	NOT-FOR-US: MyAds
CVE-2007-1845 (SQL injection vulnerability in show_event.php in the Expanded Calendar ...)
	NOT-FOR-US: Expanded Calendar module for PHP-Fusion
CVE-2007-1844 (Multiple PHP remote file inclusion vulnerabilities in Aardvark ...)
	NOT-FOR-US: Aardvark Topsites
CVE-2007-1843 (PHP remote file inclusion vulnerability in gmapfactory/params.php in ...)
	NOT-FOR-US: MapLab
CVE-2007-1842 (Directory traversal vulnerability in login.php in JSBoard before ...)
	NOT-FOR-US: JSBoard
CVE-2007-1841 (The isakmp_info_recv function in src/racoon/isakmp_inf.c in racoon in ...)
	{DSA-1299-1 DTSA-42-1}
	- ipsec-tools 1:0.6.6-3.2 (medium; bug #423252)
	[sarge] - ipsec-tools <not-affected> (the older stream of development used in the sarge package is not vulnerable - a code change that went into that branch coincidentally fixed it and this change was already there in sarge)
CVE-2006-7192 (Microsoft ASP .NET Framework 2.0.50727.42 does not properly handle ...)
	NOT-FOR-US: Microsoft ASP .NET Framework
CVE-2005-4837 (snmp_api.c in snmpd in Net-SNMP 5.2.x before 5.2.2, 5.1.x before ...)
	- net-snmp 5.2.2-1 (medium)
CVE-2005-4836 (The HTTP/1.1 connector in Apache Tomcat 4.1.15 and later does not ...)
	[sarge] - tomcat4 <no-dsa> (affects deprecated HTTP/1.1 connector only)
CVE-2007-XXXX [initramfs-tools creates /dev/root world-readable]
	- initramfs-tools 0.85g (low; bug #417995)
CVE-2007-1840 (lib/modules.inc in LDAP Account Manager (LAM) before 1.3.0 does not ...)
	{DSA-1287-1}
	- ldap-account-manager 1.1.1-2 (medium; bug #415379)
CVE-2007-1839 (Multiple PHP remote file inclusion vulnerabilities in CodeBB 1.1b3 and ...)
	NOT-FOR-US: CodeBB
CVE-2007-1838 (SQL injection vulnerability in view.php in the Friendfinder 3.3 and ...)
	NOT-FOR-US: Friendfinder module for Xoops
CVE-2007-1837 (Multiple PHP remote file inclusion vulnerabilities in MangoBery CMS ...)
	NOT-FOR-US: MangoBery CMS
CVE-2007-1836 (The command line administration interface in Data Domain OS before ...)
	NOT-FOR-US: Data Domain OS
CVE-2007-1835 (PHP 4 before 4.4.5 and PHP 5 before 5.2.1, when using an empty session ...)
	- php4 <unfixed> (unimportant)
	- php5 <unfixed> (unimportant)
	NOTE: open_basedir bypasses not supported
CVE-2007-1834 (Cisco Unified CallManager (CUCM) 5.0 before 5.0(4a)SU1 and Cisco ...)
	NOT-FOR-US: Cisco
CVE-2007-1833 (The Skinny Call Control Protocol (SCCP) implementation in Cisco ...)
	NOT-FOR-US: Cisco
CVE-2007-1832 (web-app.org WebAPP before 0.9.9.6 allows remote authenticated users to ...)
	NOT-FOR-US: WebAPP
CVE-2007-1831 (web-app.org WebAPP before 0.9.9.6 allows remote authenticated users to ...)
	NOT-FOR-US: WebAPP
CVE-2007-1830 (Unspecified vulnerability in the Username Hijacking Patch 20070312 for ...)
	NOT-FOR-US: WebAPP
CVE-2007-1829 (Multiple unspecified vulnerabilities in web-app.net WebAPP have ...)
	NOT-FOR-US: WebAPP
CVE-2007-1828 (Multiple cross-site scripting (XSS) vulnerabilities in web-app.org ...)
	NOT-FOR-US: WebAPP
CVE-2007-1827 (Multiple unspecified vulnerabilities in form input validation in ...)
	NOT-FOR-US: WebAPP
CVE-2007-1826 (Unspecified vulnerability in the IPSec Manager Service for Cisco ...)
	NOT-FOR-US: Cisco
CVE-2007-1825 (Buffer overflow in the imap_mail_compose function in PHP 5 before ...)
	NOTE: Dupe of CVE-2007-0906; Fixed in DSA-1264, php5 5.2.0-9, php4 6:4.4.4-9
CVE-2007-1824 (Buffer overflow in the php_stream_filter_create function in PHP 5 ...)
	{DSA-1283-1 DTSA-39-1}
	- php5 5.2.0-11 (medium)
CVE-2007-1823 (T-Mobile voice mail systems allow remote attackers to retrieve or ...)
	NOT-FOR-US: T-Mobile
CVE-2007-1822 (Alcatel-Lucent Lucent Technologies voice mail systems allow remote ...)
	NOT-FOR-US: Alcatel-Lucent
CVE-2007-1821 (Sprint Nextel Sprint voice mail systems allow remote attackers to ...)
	NOT-FOR-US: Sprint Nextel
CVE-2007-1820 (Nortel Networks CallPilot and Meridian Mail voicemail systems, when a ...)
	NOT-FOR-US: Nortel Networks
CVE-2007-1819 (Stack-based buffer overflow in the SPIDERLib.Loader ActiveX control ...)
	NOT-FOR-US: ActiveX control in TestDirector
CVE-2007-1818 (PHP remote file inclusion vulnerability in MOD_forum_fields_parse.php ...)
	NOT-FOR-US: Forum picture and META tags module for phpBB
CVE-2007-1817 (SQL injection vulnerability in index.php in the Lykos Reviews ...)
	NOT-FOR-US: Lykos Reviews module for Xoops
CVE-2007-1816 (SQL injection vulnerability in viewcat.php in the Tutoriais module for ...)
	NOT-FOR-US: Tutorials module for Xoops
CVE-2007-1815 (SQL injection vulnerability in viewcat.php in the Library module for ...)
	NOT-FOR-US: Library module for Xoops
CVE-2007-1814 (SQL injection vulnerability in viewcat.php in the Core module for ...)
	NOT-FOR-US: Core module for Xoops
CVE-2007-1813 (SQL injection vulnerability in display.php in the eCal 2.24 and ...)
	NOT-FOR-US: eCal module for Xoops
CVE-2007-1812 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: BT-Sondage
CVE-2007-1811 (SQL injection vulnerability in index.php in the Tiny Event (tinyevent) ...)
	NOT-FOR-US: Tiny Event module for Xoops
CVE-2007-1810 (SQL injection vulnerability in product_details.php in the Kshop 1.17 ...)
	NOT-FOR-US: Kshop module for Xoops
CVE-2007-1809 (Multiple PHP remote file inclusion vulnerabilities in GraFX Company ...)
	NOT-FOR-US: WebSite Builder
CVE-2007-1808 (SQL injection vulnerability in show.php in the Camportail 1.1 and ...)
	NOT-FOR-US: Camportail module for Xoops
CVE-2007-1807 (SQL injection vulnerability in modules/myalbum/viewcat.php in the ...)
	NOT-FOR-US: myAlbum-P module for Xoops
CVE-2007-1806 (SQL injection vulnerability in categos.php in the RM+Soft Gallery ...)
	NOT-FOR-US: RM+Soft Gallery module for Xoops
CVE-2007-1805 (SQL injection vulnerability in genre.php in the debaser 0.92 and ...)
	NOT-FOR-US: debaser module for Xoops
CVE-2007-1804 (PulseAudio 0.9.5 allows remote attackers to cause a denial of service ...)
	{DTSA-44-1}
	- pulseaudio 0.9.6-1 (low)
	[etch] - pulseaudio <no-dsa> (Minor issue)
CVE-2007-1803 (Unspecified vulnerability in MailDwarf 3.01 and earlier allows remote ...)
	NOT-FOR-US: MailDwarf
CVE-2007-1802 (Cross-site scripting (XSS) vulnerability in MailDwarf 3.01 and earlier ...)
	NOT-FOR-US: MailDwarf
CVE-2007-1801 (Directory traversal vulnerability in inc/lang.php in sBLOG 0.7.3 Beta ...)
	NOT-FOR-US: sBLOG
CVE-2007-1800 (Cisco Secure ACS does not require authentication when Cisco Trust ...)
	NOT-FOR-US: Cisco
CVE-2007-1799 (Directory traversal vulnerability in torrent.cpp in KTorrent before ...)
	{DSA-1373-2 DSA-1373-1}
	- ktorrent 2.1.4.dfsg.1-1 (medium; bug #432007)
CVE-2007-1798 (Buffer overflow in the drmgr command in IBM AIX 5.2 and 5.3 allows ...)
	NOT-FOR-US: IBM AIX
CVE-2007-1797 (Multiple integer overflows in ImageMagick before 6.3.3-5 allow remote ...)
	- imagemagick 7:6.2.4.5.dfsg1-1 (medium)
	- graphicsmagick 1.1.7-15 (medium)
CVE-2007-1796 (Multiple unspecified vulnerabilities in JCcorp URLshrink before 1.3.2 ...)
	NOT-FOR-US: URLshrink
CVE-2007-1795 (JCcorp URLshrink 1.3.1 allows remote attackers to execute arbitrary ...)
	NOT-FOR-US: URLshrink
CVE-2007-1794 (The Javascript engine in Mozilla 1.7 and earlier on Sun Solaris 8, 9, ...)
	NOTE: Duplicate of CVE-2006-3805
CVE-2007-1793 (SPBBCDrv.sys in Symantec Norton Personal Firewall 2006 9.1.0.33 and ...)
	NOT-FOR-US: Symantec Norton Personal Firewall
CVE-2007-1792 (libdayzero.dll in the Filter Hub Service (filter-hub.exe) in Symantec ...)
	NOT-FOR-US: Symantec Mail Security
CVE-2007-1791 (SQL injection vulnerability in wall.php in Picture-Engine 1.2.0 and ...)
	NOT-FOR-US: Picture-Engine
CVE-2007-1790 (Multiple PHP remote file inclusion vulnerabilities in Kaqoo Auction ...)
	NOT-FOR-US: Kaqoo Auction Software
CVE-2007-1789 (Flyspray 0.9.9 allows remote attackers to obtain sensitive information ...)
	- flyspray <not-affected> (Code was introduced in 0.9.9, not sensitive anyway)
CVE-2007-1788 (Flyspray 0.9.9, when output_buffering is disabled or &quot;set to a low ...)
	- flyspray 0.9.8-10 (medium)
	[sarge] - flyspray <not-affected> (Vulnerable code not present)
CVE-2007-1787 (Multiple PHP remote file inclusion vulnerabilities in ...)
	NOT-FOR-US: Time-Assistant
CVE-2007-1786 (SQL injection vulnerability in Hitachi Collaboration - Online ...)
	NOT-FOR-US: Hitachi Collaboration
CVE-2007-1785 (The RPC service in mediasvr.exe in CA BrightStor ARCserve Backup 11.5 ...)
	NOT-FOR-US: CA BrightStor ARCserve Backup
CVE-2007-1784 (The JNILoader ActiveX control (STJNILoader.ocx) 3.1.0.26 in IBM Lotus ...)
	NOT-FOR-US: JNILoader ActiveX control
CVE-2007-1783
	RESERVED
CVE-2006-7191 (Untrusted search path vulnerability in lamdaemon.pl in LDAP Account ...)
	{DSA-1287-1}
	- ldap-account-manager 1.0.0-1 (medium)
CVE-2006-7190 (Cross-site scripting (XSS) vulnerability in cgi-bin/user-lib/topics.pl ...)
	NOT-FOR-US: WebAPP
CVE-2006-7189 (Cross-site scripting (XSS) vulnerability in cgi-bin/admin/logs.cgi in ...)
	NOT-FOR-US: WebAPP
CVE-2006-7188 (The search function in cgi-lib/user-lib/search.pl in web-app.net ...)
	NOT-FOR-US: WebAPP
CVE-2006-7187 (Cross-site scripting (XSS) vulnerability in the show_recent_searches ...)
	NOT-FOR-US: WebAPP
CVE-2006-7186 (cgi-lib/subs.pl in web-app.net WebAPP before 0.9.9.3.5 allows ...)
	NOT-FOR-US: WebAPP
CVE-2006-7185 (PHP remote file inclusion vulnerability in includes/user_standard.php ...)
	NOT-FOR-US: CMSmelborp
CVE-2006-7184 (Multiple PHP remote file inclusion vulnerabilities in Exhibit Engine ...)
	NOT-FOR-US: Exhibit Engine
CVE-2006-7183 (PHP remote file inclusion vulnerability in styles.php in Exhibit ...)
	NOT-FOR-US: Exhibit Engine
CVE-2007-XXXX [low-entropy default passphrase in Debian's dtc-xen]
	- dtc-xen 0.2.8-1 (low; bug #414480)
CVE-2007-XXXX [file permission race conidition in Debian's dtc-xen]
	- dtc-xen 0.2.8-1 (low; bug #414482)
CVE-2007-XXXX [too lenient UTF-8 decoder in kjs/function.cpp]
	- kdelibs 4:3.5.5a.dfsg.1-8
CVE-2007-XXXX [double-free vulnerability in the Real Media demuxer]
	- ffmpeg 0.cvs20060823-8 (low; bug #379922)
CVE-2007-XXXX [various crashes and infinite loops in ffmpeg]
	- ffmpeg 0.cvs20060823-8 (low; bug #407003)
CVE-2007-1782 (CruiseWorks 1.09e and earlier does not properly restrict user access ...)
	NOT-FOR-US: CruiseWorks
CVE-2007-1781 (Minna De Office 1.x and 2.x does not properly restrict user access to ...)
	NOT-FOR-US: Minna De Office
CVE-2007-1780 (Cross-site scripting (XSS) vulnerability in the DHT shell (owdhtshell) ...)
	NOT-FOR-US: Overlay Weaver
CVE-2007-1779 (Multiple SQL injection vulnerabilities in the MySQL back-end in ...)
	NOT-FOR-US: Advanced Website Creator
CVE-2007-1778 (PHP remote file inclusion vulnerability in db/mysql.php in the ...)
	NOT-FOR-US: Eve-Nuke
CVE-2007-1777 (Integer overflow in the zip_read_entry function in PHP 4 before 4.4.5 ...)
	{DSA-1283-1 DSA-1282-1 DTSA-39-1 DTSA-40-1}
	- php4 6:4.4.6-1 (medium)
CVE-2007-1776 (SQL injection vulnerability in index.php in the DesignForJoomla.com ...)
	NOT-FOR-US: D4J eZine
CVE-2007-1775 (Unrestricted file upload vulnerability in upload.php3 in JBrowser 2.4 ...)
	NOT-FOR-US: JBrowser
CVE-2007-1774 (Multiple cross-site scripting (XSS) vulnerabilities in aBitWhizzy ...)
	NOT-FOR-US: aBitWhizzy
CVE-2007-1773 (Multiple directory traversal vulnerabilities in aBitWhizzy allow ...)
	NOT-FOR-US: aBitWhizzy
CVE-2007-1772 (The FTP service in HP JetDirect print servers allows remote attackers ...)
	NOT-FOR-US: HP JetDirect
CVE-2007-1771 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: Ay System Solutions Web Content System
CVE-2007-1770 (Buffer overflow in the ArcSDE service (giomgr) in Environmental ...)
	NOT-FOR-US: ArcSDE
CVE-2007-1769
	REJECTED
CVE-2007-1768 (Cross-site scripting (XSS) vulnerability in ...)
	NOT-FOR-US: Mephisto
CVE-2007-1767 (Unspecified vulnerability in (1) Deskbar.dll and (2) Toolbar.dll in ...)
	NOT-FOR-US: AOL
CVE-2007-1766 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: Advanced Login
CVE-2007-1765 (Unspecified vulnerability in Microsoft Windows 2000 SP4 through Vista ...)
	NOT-FOR-US: Microsoft
CVE-2007-1764 (Stack-based buffer overflow in FastStone Image Viewer 2.8 allows ...)
	NOT-FOR-US: FastStone Image Viewer
CVE-2007-1763 (The ATI kernel driver (atikmdag.sys) in Microsoft Windows Vista allows ...)
	NOT-FOR-US: Microsoft
CVE-2007-1762 (Mozilla Firefox 2.0.0.1 through 2.0.0.3 does not canonicalize URLs ...)
	- iceweasel <unfixed> (unimportant; bug #445515)
	NOTE: I don't believe this has relevant security impact, such a black list
	NOTE: will register URLs found in the wild and the used adresses will be
	NOTE: volatile anyway
CVE-2007-1761
	RESERVED
CVE-2007-1760
	RESERVED
CVE-2007-1759
	RESERVED
CVE-2007-1758
	RESERVED
CVE-2007-1757
	RESERVED
CVE-2007-1756 (Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2003 Viewer, and Office ...)
	NOT-FOR-US: Microsoft Excel
CVE-2007-1755
	RESERVED
CVE-2007-1754 (PUBCONV.DLL in Microsoft Office Publisher 2007 does not properly clear ...)
	NOT-FOR-US: Microsoft Office
CVE-2007-1753
	RESERVED
CVE-2007-1752
	REJECTED
CVE-2007-1751 (Microsoft Internet Explorer 5.01, 6, and 7 allows remote attackers to ...)
	NOT-FOR-US: Microsoft
CVE-2007-1750 (Unspecified vulnerability in Microsoft Internet Explorer 6 allows ...)
	NOT-FOR-US: Microsoft
CVE-2007-1749 (Integer underflow in the CDownloadSink class code in the Vector Markup ...)
	NOT-FOR-US: Vector Markup Language
CVE-2007-1748 (Stack-based buffer overflow in the RPC interface in the Domain Name ...)
	NOT-FOR-US: Microsoft Windows
CVE-2007-1747 (Unspecified vulnerability in MSO.dll in Microsoft Office 2000 SP3, ...)
	NOT-FOR-US: Microsoft Office
CVE-2007-1746
	RESERVED
CVE-2007-1745 (The chm_decompress_stream function in libclamav/chmunpack.c in Clam ...)
	{DSA-1281-1 DTSA-37-1}
	- clamav 0.90.2-1 (high)
CVE-2007-1744 (Directory traversal vulnerability in the Shared Folders feature for ...)
	NOT-FOR-US: VMware
CVE-2007-1743 (suexec in Apache HTTP Server (httpd) 2.2.3 does not verify ...)
	- apache2 <unfixed> (unimportant)
CVE-2007-1742 (suexec in Apache HTTP Server (httpd) 2.2.3 uses a partial comparison ...)
	- apache2 2.2.8-5 (unimportant)
CVE-2007-1741 (Multiple race conditions in suexec in Apache HTTP Server (httpd) 2.2.3 ...)
	- apache2 2.2.8-5 (unimportant)
CVE-2007-1740
	REJECTED
CVE-2007-1739 (Heap-based buffer overflow in the LDAP server in IBM Lotus Domino ...)
	NOT-FOR-US: IBM Lotus Domino
CVE-2007-1738 (TrueCrypt 4.3, when installed setuid root, allows local users to cause ...)
	NOT-FOR-US: TrueCrypt
CVE-2007-1737 (Opera 9.10 does not check URLs embedded in (1) object or (2) iframe ...)
	NOT-FOR-US: Opera
CVE-2007-1736 (Mozilla Firefox 2.0.0.3 does not check URLs embedded in (1) object or ...)
	- iceweasel <unfixed> (unimportant)
	NOTE: I don't believe this has relevant security impact, such a black list
	NOTE: will register URLs found in the wild and the used adresses will be
	NOTE: volatile anyway
CVE-2007-1735 (Stack-based buffer overflow in Corel WordPerfect Office X3 ...)
	NOT-FOR-US: Corel WordPerfect
CVE-2007-1734 (The DCCP support in the do_dccp_getsockopt function in ...)
	- linux-2.6 2.6.20-1 (medium; bug #420875)
	[etch] - linux-2.6 <not-affected> (Vulnerable code not present)
CVE-2007-1733 (Buffer overflow in InterVations NaviCOPA HTTP Server 2.01 allows ...)
	NOT-FOR-US: NaviCOPA HTTP Server
CVE-2007-1732 (** DISPUTED ** ...)
	- wordpress 2.1.3-1 (unimportant)
	NOTE: Administrators can post full HTML, that is a feature. Rightly disputed.
CVE-2007-1731 (Multiple stack-based buffer overflows in High Performance Anonymous ...)
	NOT-FOR-US: hpaftpd
CVE-2007-1730 (Integer signedness error in the DCCP support in the do_dccp_getsockopt ...)
	- linux-2.6 2.6.21-1 (medium)
	[etch] - linux-2.6 <not-affected> (Vulnerable code not present)
CVE-2007-1729 (SQL injection vulnerability in includes/start.php in Flexbb 1.0.0 ...)
	NOT-FOR-US: Flexbb
CVE-2007-1728 (The Remote Play feature in Sony Playstation 3 (PS3) 1.60 and ...)
	NOT-FOR-US: Sony Playstation 3
CVE-2007-1727 (Unspecified vulnerability in HP OpenView Network Node Manager (OV NNM) ...)
	NOT-FOR-US: HP OpenView
CVE-2007-1726 (Unrestricted file upload vulnerability in index.php in IceBB 1.0-rc5 ...)
	NOT-FOR-US: IceBB
CVE-2007-1725 (SQL injection vulnerability in index.php in IceBB 1.0-rc5 allows ...)
	NOT-FOR-US: IceBB
CVE-2007-1724 (Unspecified vulnerability in ReactOS 0.3.1 has unknown impact and ...)
	NOT-FOR-US: ReactOS
CVE-2007-1723 (Multiple cross-site scripting (XSS) vulnerabilities in the ...)
	NOT-FOR-US: IronMail
CVE-2007-1722 (Buffer overflow in the DownloadCertificateExt function in SignKorea ...)
	NOT-FOR-US: SKCommAX ActiveX control
CVE-2007-1721 (Multiple PHP remote file inclusion vulnerabilities in C-Arbre 0.6PR7 ...)
	NOT-FOR-US: C-Arbre
CVE-2007-1720 (Directory traversal vulnerability in addressbook.php in the ...)
	NOT-FOR-US: Addressbook 1.2 module for PHP-Nuke
CVE-2007-1719 (Buffer overflow in eject.c in Jason W. Bacon mcweject 0.9 on FreeBSD, ...)
	NOT-FOR-US: mcweject
CVE-2007-1718 (CRLF injection vulnerability in the mail function in PHP 4.0.0 through ...)
	{DSA-1283-1 DSA-1282-1 DTSA-39-1 DTSA-40-1}
	- php4 <unfixed> (medium)
	[sarge] - php4 <not-affected> (Vulnerable code not present)
	- php5 5.2.0-11 (medium)
CVE-2007-1717 (The mail function in PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 ...)
	- php4 6:4.4.6-2 (unimportant)
	- php5 5.2.2-1 (unimportant)
	NOTE: This is a regular bug, not a security problem
CVE-2007-1716 (pam_console does not properly restore ownership for certain console ...)
	NOT-FOR-US: pam_console
CVE-2007-1715 (PHP remote file inclusion vulnerability in frontpage.php in Free Image ...)
	NOT-FOR-US: Free Image Hosting
CVE-2007-1714 (Cross-site scripting (XSS) vulnerability in index.php in CcCounter 2.0 ...)
	NOT-FOR-US: CcCounter
CVE-2007-1713 (CRLF injection vulnerability in BSMTP.DLL in B21Soft BASP21 2003.0211, ...)
	NOT-FOR-US: BASP21
CVE-2007-1712 (SQL injection vulnerability in default.asp in ActiveWebSoftwares ...)
	NOT-FOR-US: Active Auction Pro
CVE-2007-1711 (Double free vulnerability in the unserializer in PHP 4.4.5 and 4.4.6 ...)
	{DSA-1283-1 DSA-1282-1}
	- php4 6:4.4.6-2 (unimportant)
	- php5 5.2.0-9 (unimportant)
	NOTE: register_globals not supported
CVE-2007-1710 (The readfile function in PHP 4.4.4, 5.1.6, and 5.2.1 allows ...)
	- php4 <unfixed> (unimportant)
	- php5 <unfixed> (unimportant)
	NOTE: Safe mode violations not supported, insufficient measure
CVE-2007-1709 (Buffer overflow in the confirm_phpdoc_compiled function in the phpDOC ...)
	NOT-FOR-US: PECL phpDOC
CVE-2007-1708 (PHP remote file inclusion vulnerability in lib/db/ez_sql.php in ttCMS ...)
	NOT-FOR-US: ttCMS
CVE-2007-1707 (PHP remote file inclusion vulnerability in index.php in Net Side ...)
	NOT-FOR-US: Net-Side.net CMS
CVE-2007-1706 (SQL injection vulnerability in eWebQuiz.asp in eWebQuiz 8 allows ...)
	NOT-FOR-US: eWebQuiz
CVE-2007-1705 (SQL injection vulnerability in default.asp in Active Trade 2 allows ...)
	NOT-FOR-US: Active Trade
CVE-2007-1704 (SQL injection vulnerability in index.php in the Car Manager ...)
	NOT-FOR-US: Joomla module Car Manager
CVE-2007-1703 (SQL injection vulnerability in index.php in the RWCards (com_rwcards) ...)
	NOT-FOR-US: Joomla module RWCards
CVE-2007-1702 (PHP remote file inclusion vulnerability in mod_flatmenu.php in the ...)
	NOT-FOR-US: Flatmenu
CVE-2007-1701 (PHP 4 before 4.4.5, and PHP 5 before 5.2.1, when register_globals is ...)
	- php5 5.2.0-9 (unimportant)
	- php4 6:4.4.4-9 (unimportant)
	NOTE: register_globals not supported
	NOTE: Dupe of CVE-2007-0910
CVE-2007-1700 (The session extension in PHP 4 before 4.4.5, and PHP 5 before 5.2.1, ...)
	{DSA-1283-1 DTSA-39-1}
	- php5 5.2.0-9
	- php4 6:4.4.4-9
	[etch] - php5 5.2.0-8+etch1
	[etch] - php4 6:4.4.4-8+etch1
	[sarge] - php4 4:4.3.10-21
	NOTE: This was fixed as a side-effect of previous security fixes, noting the
	NOTE: status as of DSA-1286 as fixed version.  likewise the oldstable
	NOTE: version was fixed.
CVE-2007-1699 (Multiple PHP remote file inclusion vulnerabilities in the SWmenu ...)
	NOT-FOR-US: Mambo module SWmenu
CVE-2007-1698 (download.php in Philex 0.2.3 and earlier allows remote attackers to ...)
	NOT-FOR-US: Philex
CVE-2007-1697 (PHP remote file inclusion vulnerability in header.inc.php in Philex ...)
	NOT-FOR-US: Philex
CVE-2007-1696 (SQL injection vulnerability in ViewNewspapers.asp in Active Newsletter ...)
	NOT-FOR-US: Active Newsletter
CVE-2007-1695 (** DISPUTED ** ...)
	- phpbb2 <not-affected> (requires register_globals to exploit)
	NOTE: Vulnerability is disputed, but is a non-issue anyway.
CVE-2007-1694
	RESERVED
CVE-2007-1693 (The SIP channel module in Yet Another Telephony Engine (Yate) before ...)
	- yate 1.2.0-1.dfsg-1 (low; bug #421994)
	[etch] - yate <no-dsa> (Minor issue, fringe application)
CVE-2007-1692 (The default configuration of Microsoft Windows uses the Web Proxy ...)
	NOT-FOR-US: Microsoft
CVE-2007-1691 (Stack-based buffer overflow in Second Sight Software ActiveMod ActiveX ...)
	NOT-FOR-US: Second Sight Software
CVE-2007-1690 (Multiple stack-based buffer overflows in Second Sight Software ...)
	NOT-FOR-US: Second Sight Software
CVE-2007-1689 (Buffer overflow in the ISAlertDataCOM ActiveX control in ISLALERT.DLL ...)
	NOT-FOR-US: Norton
CVE-2007-1688 (Buffer overflow in the PhPInfo ActiveX control in PhPCtrl.dll in ...)
	NOT-FOR-US: PhPInfo ActiveX control
CVE-2007-1687 (Multiple buffer overflows in the Internet Pictures Corporation iPIX ...)
	NOT-FOR-US: iPIX Image Well ActiveX control
CVE-2007-1686
	RESERVED
CVE-2007-1685 (Buffer overflow in k9filter.exe in BlueCoat K9 Web Protection 3.2.36, ...)
	NOT-FOR-US: BlueCoat
CVE-2007-1684 (The Run function in SolidWorks sldimdownload ActiveX control in ...)
	NOT-FOR-US: sldimdownload ActiveX control
CVE-2007-1683 (Stack-based buffer overflow in the DoWebMenuAction function in the ...)
	NOT-FOR-US: IncrediMail
CVE-2007-1682 (Multiple stack-based buffer overflows in the FileManager ActiveX ...)
	NOT-FOR-US: FileManager ActiveX
CVE-2007-1681 (Format string vulnerability in libwebconsole_services.so in Sun Java ...)
	NOT-FOR-US: Sun Solaris
CVE-2007-1680 (Stack-based buffer overflow in the createAndJoinConference function in ...)
	NOT-FOR-US: AudioConf ActiveX control
CVE-2007-1679 (** DISPUTED ** ...)
	NOTE: Allegedly a duplicate of CVE-2006-4255.
	NOTE: The other issue needs a CSRF attack to exploit.
CVE-2007-1678 (Cross-site scripting (XSS) vulnerability in the Fizzle 0.5 extension ...)
	NOT-FOR-US: Fizzle 0.5 extension for Firefox
CVE-2007-1677 (Multiple buffer overflows in the ISO network protocol support in the ...)
	NOT-FOR-US: NetBSD
CVE-2007-1676
	RESERVED
CVE-2007-1675 (Buffer overflow in the CRAM-MD5 authentication mechanism in the IMAP ...)
	NOT-FOR-US: IBM Lotus Domino
CVE-2007-1674 (Stack-based buffer overflow in the Alert Service (aolnsrvr.exe) in ...)
	NOT-FOR-US: LANDesk Management Suite
CVE-2007-1673 (unzoo.c, as used in multiple products including AMaViS 2.4.1 and ...)
	[sarge] - zoo <no-dsa> (Minor issue)
	[etch] - zoo <no-dsa> (Minor issue)
	- zoo 2.10-19 (bug #424686)
	- unzoo 4.4-7 (bug #424690)
	[sarge] - unzoo <no-dsa> (Minor issue)
	[etch] - unzoo <no-dsa> (Minor issue)
CVE-2007-1672 (avast! antivirus before 4.7.981 allows remote attackers to cause a ...)
	NOT-FOR-US: avast
CVE-2007-1671 (avpack32.dll before 7.3.0.6 in Avira AntiVir allows remote attackers ...)
	NOT-FOR-US: Avira
CVE-2007-1670 (Panda Software Antivirus before 20070402 allows remote attackers to ...)
	NOT-FOR-US: Panda
CVE-2007-1669 (zoo decoder 2.10 (zoo-2.10), as used in multiple products including ...)
	NOT-FOR-US: Barracuda
CVE-2007-1668
	RESERVED
CVE-2007-1666 (The processor_request function in the debugger server for DataRescue ...)
	NOT-FOR-US: IDA Pro
CVE-2007-1665 (Memory leak in the token OCR functionality in ekg before ...)
	{DSA-1318-1}
	- ekg 1:1.7~rc2-2 (low)
	[sarge] - ekg <not-affected> (Vulnerable code not present)
CVE-2007-1664 (ekg before 1:1.7~rc2-1etch1 on Debian GNU/Linux Etch allows remote ...)
	{DSA-1318-1}
	- ekg 1:1.7~rc2-2 (low)
	[sarge] - ekg <not-affected> (Vulnerable code not present)
CVE-2007-1663 (Memory leak in the image message functionality in ekg before ...)
	{DSA-1318-1}
	- ekg 1:1.7~rc2-2 (low)
	[sarge] - ekg <not-affected> (Vulnerable code not present)
CVE-2007-1662 (Perl-Compatible Regular Expression (PCRE) library before 7.3 reads ...)
	{DSA-1570-1 DSA-1399-1 DTSA-77-1}
	- pcre3 7.3-1
	- kazehakase 0.5.2-1
	- glib2.0 2.14.3-1 (unimportant)
	NOTE: glib only embeds pcre in the udeb, no attack vector
CVE-2007-1661 (Perl-Compatible Regular Expression (PCRE) library before 7.3 ...)
	{DSA-1570-1 DSA-1399-1 DTSA-77-1}
	- pcre3 7.3-1
	- kazehakase 0.5.2-1
	- glib2.0 2.14.3-1 (unimportant)
	NOTE: glib only embeds pcre in the udeb, no attack vector
CVE-2007-1660 (Perl-Compatible Regular Expression (PCRE) library before 7.0 does not ...)
	{DSA-1570-1 DSA-1399-1 DTSA-77-1}
	- pcre3 7.3-1
	- kazehakase 0.5.2-1
	- glib2.0 2.14.3-1 (unimportant)
	NOTE: glib only embeds pcre in the udeb, no attack vector
CVE-2007-1659 (Perl-Compatible Regular Expression (PCRE) library before 7.3 allows ...)
	{DSA-1570-1 DSA-1399-1 DTSA-77-1}
	- kazehakase 0.5.2-1
	- pcre3 7.3-1
	- glib2.0 2.14.3-1 (unimportant)
	NOTE: glib only embeds pcre in the udeb, no attack vector
CVE-2007-1658 (Windows Mail in Microsoft Windows Vista might allow user-assisted ...)
	NOT-FOR-US: Microsoft
CVE-2007-1657 (Stack-based buffer overflow in the file_compress function in minigzip ...)
	- python2.5 <not-affected> (does not build minigzip.c)
CVE-2007-1656 (Multiple SQL injection vulnerabilities in index.php in Katalog Plyt ...)
	NOT-FOR-US: Plyt Audio
CVE-2007-1655 (Buffer overflow in the fun_ladd function in funmath.cpp in TinyMUX ...)
	{DSA-1317-1}
	- tinymux 2.4.3.31-1.1 (bug #417539)
CVE-2007-1654 (Buffer overflow in the Ne7sshSftp::addOpenHandle function in ...)
	NOT-FOR-US: ne7ssh
CVE-2007-1653 (GlowWorm FW before 1.5.3b4 allows remote attackers to cause a denial ...)
	NOT-FOR-US: GlowWorm FW
CVE-2007-1652 (OpenID allows remote attackers to forcibly log a user into an OpenID ...)
	NOT-FOR-US: MyOpenID.com
CVE-2007-1651 (Cross-site request forgery (CSRF) vulnerability in OpenID allows ...)
	NOT-FOR-US: MyOpenID.com
CVE-2007-1650 (pcapsipdump.cpp in pcapsipdump before 0.1.3 allows remote attackers to ...)
	NOT-FOR-US: pcapsipdump
CVE-2007-1649 (PHP 5.2.1 allows context-dependent attackers to read portions of heap ...)
	- php5 5.2.2-1
	[etch] - php5 <not-affected> (Only affects PHP 5.2.1)
CVE-2007-1648 (0irc 1345 build 20060823 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: 0irc
CVE-2007-1647 (Moodle 1.5.2 and earlier stores sensitive information under the web ...)
	- moodle 1.5.3-1 (low)
CVE-2007-1646 (Multiple cross-site scripting (XSS) vulnerabilities in SubHub 2.3.0 ...)
	NOT-FOR-US: SubHub
CVE-2007-1645 (Buffer overflow in FutureSoft TFTP Server 2000 on Microsoft Windows ...)
	NOT-FOR-US: FutureSoft TFTP Server
CVE-2007-1644 (The dynamic DNS update mechanism in the DNS Server service on ...)
	NOT-FOR-US: Microsoft DNS Server
CVE-2007-1643 (Multiple PHP remote file inclusion vulnerabilities in LAN Management ...)
	NOT-FOR-US: LAN Management System
CVE-2007-1642 (Unspecified vulnerability in ManageEngine Firewall Analyzer allows ...)
	NOT-FOR-US: ManageEngine Firewall Analyzer
CVE-2007-1641 (SQL injection vulnerability in index.php in PortailPHP 2.0 allows ...)
	NOT-FOR-US: PortailPHP
CVE-2007-1640 (Multiple PHP remote file inclusion vulnerabilities in ClassWeb 2.03 ...)
	NOT-FOR-US: ClassWeb
CVE-2007-1639 (Unrestricted file upload vulnerability in PHProjekt 5.2.0, when ...)
	NOT-FOR-US: PHProjekt
CVE-2007-1638 (Multiple cross-site request forgery (CSRF) vulnerabilities in the ...)
	NOT-FOR-US: PHProjekt
CVE-2007-1637 (Multiple buffer overflows in the IMAILAPILib ActiveX control ...)
	NOT-FOR-US: IMAILAPILib ActiveX control
CVE-2007-1636 (Directory traversal vulnerability in index.php in RoseOnlineCMS 3 B1 ...)
	NOT-FOR-US: RoseOnlineCMS
CVE-2007-1635 (Static code injection vulnerability in admin/settings.php in Net ...)
	NOT-FOR-US: Net Portal Dynamic System
CVE-2007-1634 (Variable extraction vulnerability in grab_globals.php in Net Portal ...)
	NOT-FOR-US: Net Portal Dynamic System
CVE-2007-1633 (Directory traversal vulnerability in bbcode_ref.php in the Giorgio ...)
	NOT-FOR-US: Splatt Forum
CVE-2007-1632 (Unspecified vulnerability in TYPOlight webCMS before 2.2 Build 5 has ...)
	NOT-FOR-US: webCMS
CVE-2007-1631 (** DISPUTED ** ...)
	NOT-FOR-US: CLBOX
CVE-2007-1630 (SQL injection vulnerability in default.asp in ActiveWebSoftwares ...)
	NOT-FOR-US: Active Link Engine
CVE-2007-1629 (SQL injection vulnerability in default.asp in ActiveWebSoftwares ...)
	NOT-FOR-US: Active Photo Gallery
CVE-2007-1628 (Multiple PHP remote file inclusion vulnerabilities in Study planner ...)
	NOT-FOR-US: Study planner
CVE-2007-1627
	REJECTED
CVE-2007-1626 (PHP remote file inclusion vulnerability in iframe.php in the iFrame ...)
	NOT-FOR-US: iFrame Module for PHP-NUKE
CVE-2007-1625 (Cross-site scripting (XSS) vulnerability in save_entry.php in ...)
	NOT-FOR-US: realGuestbook
CVE-2007-1624 (Multiple SQL injection vulnerabilities in realGuestbook 5.01 allow ...)
	NOT-FOR-US: realGuestbook
CVE-2007-1623 (Multiple cross-site scripting (XSS) vulnerabilities in realGuestbook ...)
	NOT-FOR-US: realGuestbook
CVE-2007-1622 (Cross-site scripting (XSS) vulnerability in wp-admin/vars.php in ...)
	{DSA-1285-1}
	- wordpress 2.1.3-1 (medium)
CVE-2007-1621 (PHP remote file inclusion vulnerability in templates/head.php in ...)
	NOT-FOR-US: Active PHP Bookmark Notes
CVE-2007-1620 (Multiple PHP remote file inclusion vulnerabilities in PHP DB Designer ...)
	NOT-FOR-US: PHP DB Designer
CVE-2007-1619 (SQL injection vulnerability in viewcomments.php in ScriptMagix Photo ...)
	NOT-FOR-US: ScriptMagix
CVE-2007-1618 (SQL injection vulnerability in index.php in ScriptMagix FAQ Builder ...)
	NOT-FOR-US: ScriptMagix
CVE-2007-1617 (SQL injection vulnerability in index.php in ScriptMagix Recipes 2.0 ...)
	NOT-FOR-US: ScriptMagix
CVE-2007-1616 (SQL injection vulnerability in index.php in ScriptMagix Lyrics 2.0 and ...)
	NOT-FOR-US: ScriptMagix
CVE-2007-1615 (SQL injection vulnerability in index.php in ScriptMagix Jokes 2.0 and ...)
	NOT-FOR-US: ScriptMagix
CVE-2007-1614 (Stack-based buffer overflow in the zzip_open_shared_io function in ...)
	{DTSA-56-1}
	- zziplib 0.13.49-0 (bug #436701; low)
	[etch] - zziplib <no-dsa> (Minor issue)
	NOTE: http://www.securitylab.ru/forum/read.php?FID=21&TID=40858&MID=326187#message326187
	NOTE: If an attacker can supply arbitrary file names, we likely suffer from
	NOTE: an information disclosure issue anyway.
CVE-2007-1613 (Directory traversal vulnerability in view.php in MPM Chat 2.5 allows ...)
	NOT-FOR-US: MPM Chat
CVE-2007-1612 (SQL injection vulnerability in index.php in Katalog Plyt Audio 1.0 and ...)
	NOT-FOR-US: Plyt Audio
CVE-2007-1611 (Cross-site scripting (XSS) vulnerability in the RSS reader in a ...)
	NOT-FOR-US: IKANARI JIJYOU
CVE-2007-1610 (Cross-site scripting (XSS) vulnerability in the RSS reader in Glue ...)
	NOT-FOR-US: NewsGlue
CVE-2007-1609 (Cross-site scripting (XSS) vulnerability in servlet/Spy in Dynamic ...)
	NOT-FOR-US: Oracle Application Server
CVE-2007-1608 (CRLF injection vulnerability in IBM WebSphere Application Server (WAS) ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2007-1607 (search.php in w-Agora (Web-Agora) allows remote attackers to obtain ...)
	NOT-FOR-US: Web-Agora
CVE-2007-1606 (Multiple cross-site scripting (XSS) vulnerabilities in w-Agora ...)
	NOT-FOR-US: Web-Agora
CVE-2007-1605 (w-Agora (Web-Agora) allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: Web-Agora
CVE-2007-1604 (Multiple unrestricted file upload vulnerabilities in w-Agora ...)
	NOT-FOR-US: Web-Agora
CVE-2007-1603 (admin/contest.php in Weekly Drawing Contest 0.0.1 allows remote ...)
	NOT-FOR-US: Weekly Drawing Contest
CVE-2007-1602 (SQL injection vulnerability in check_vote.php in Weekly Drawing ...)
	NOT-FOR-US: Weekly Drawing Contest
CVE-2007-1601 (** DISPUTED ** ...)
	NOT-FOR-US: Weekly Drawing Contest
CVE-2007-1600 (PHP remote file inclusion vulnerability in module.php in Digital Eye ...)
	NOT-FOR-US: Digital Eye Gallery
CVE-2007-1599 (wp-login.php in WordPress allows remote attackers to redirect ...)
	{DSA-1601-1}
	- wordpress 2.2.2-1 (bug #437085; low)
	NOTE: see issue 5023 in the wordpress trac
	TODO: issue 5023 seems not related and 2.2.2 changelog does not mention such a thing.
CVE-2007-1598 (Stack-based buffer overflow in InterVations FileCOPA FTP Server 1.01 ...)
	NOT-FOR-US: FileCOPA FTP
CVE-2007-1597 (Unclassified NewsBoard 1.6.3 stores sensitive information under the ...)
	NOT-FOR-US: Unclassified NewsBoard
CVE-2007-1596 (Multiple PHP remote file inclusion vulnerabilities in the NFN Address ...)
	NOT-FOR-US: NFN Address Book
CVE-2007-1595 (The Asterisk Extension Language (AEL) in pbx/pbx_ael.c in Asterisk ...)
	- asterisk 1:1.4.0~dfsg-1 (low)
	[etch] - asterisk <not-affected> (Only affects 1.4.x)
	[sarge] - asterisk <not-affected> (Only affects 1.4.x)
CVE-2007-1593 (The administrative service in Symantec Veritas Volume Replicator (VVR) ...)
	NOT-FOR-US: Symantec
CVE-2007-1592 (net/ipv6/tcp_ipv6.c in Linux kernel 2.6.x up to 2.6.21-rc3 ...)
	{DSA-1503-2 DSA-1503-1 DSA-1304 DSA-1286-1}
	- linux-2.6 2.6.20-1 (medium)
CVE-2007-1591 (VsapiNT.sys in the Scan Engine 8.0 for Trend Micro AntiVirus ...)
	NOT-FOR-US: Trend Micro
CVE-2006-7182 (PHP remote file inclusion vulnerability in noticias.php in MNews 2.0 ...)
	NOT-FOR-US: MNews
CVE-2006-7181 (** DISPUTED ** ...)
	NOT-FOR-US: Morcego CMS
CVE-2006-7180 (ieee80211_output.c in MadWifi before 0.9.3 sends unencrypted packets ...)
	- madwifi 1:0.9.2+r1842.20061207-2 (low)
	[etch] - madwifi <no-dsa> (Non-free not supported)
CVE-2006-7179 (ieee80211_input.c in MadWifi before 0.9.3 does not properly process ...)
	- madwifi 1:0.9.2+r1842.20061207-2 (low)
	[etch] - madwifi <no-dsa> (Non-free not supported)
CVE-2006-7178 (MadWifi before 0.9.3 does not properly handle reception of an AUTH ...)
	- madwifi 1:0.9.2+r1842.20061207-2 (low)
	[etch] - madwifi <no-dsa> (Non-free not supported)
CVE-2006-7177 (MadWifi, when Ad-Hoc mode is used, allows remote attackers to cause a ...)
	- madwifi 1:0.9.2+r1842.20061207-2 (low)
	[etch] - madwifi <no-dsa> (Non-free not supported)
CVE-2006-7176 (The version of Sendmail 8.13.1-2 on Red Hat Enterprise Linux 4 Update ...)
	- sendmail <not-affected> (Not a program flaw, a DNS error)
CVE-2006-7175 (The version of Sendmail 8.13.1-2 on Red Hat Enterprise Linux 4 Update ...)
	- sendmail <not-affected> (Debian compiles with FFR_TLS correctly)
CVE-2005-4835 (The ath_rate_sample function in the ath_rate/sample/sample.c sample ...)
	- madwifi 1:0.9.2+r1842.20061207-2 (low)
	[etch] - madwifi <no-dsa> (Non-free not supported)
CVE-2003-1324 (Race condition in the can_open function in Elm ME+ 2.4, when installed ...)
	NOT-FOR-US: Elm, removed in 2002
CVE-2003-1323 (Elm ME+ 2.4 before PL109S, when installed setgid mail and the ...)
	NOT-FOR-US: Elm, removed in 2002
CVE-2007-1590 (The Grandstream BudgeTone 200 IP phone, with program 1.1.1.14 and ...)
	NOT-FOR-US: Grandstream
CVE-2007-1589 (TrueCrypt before 4.3, when set-euid mode is used on Linux, allows ...)
	NOT-FOR-US: Truecrypt
CVE-2007-1588 (server.cpp in MyServer 0.8.5 calls Process::setuid before calling ...)
	NOT-FOR-US: MyServer
CVE-2007-1587 (templates/config/mail.tpl in Tim Soderstrom StatsDawg 0.92 allows ...)
	NOT-FOR-US: StatsDawg
CVE-2007-1586 (ZynOS 3.40 allows remote attackers to cause a denial of service (link ...)
	NOT-FOR-US: Zyxel
CVE-2007-1585 (The Linksys WAG200G with firmware 1.01.01, WRT54GC 2 with firmware ...)
	NOT-FOR-US: Cisco
CVE-2007-1584 (Buffer underflow in the header function in PHP 5.2.0 allows ...)
	NOTE: Dupe of CVE-2007-0907; Fixed in DSA-1264, php5 5.2.0-9, php4 6:4.4.4-9
CVE-2007-1583 (The mb_parse_str function in PHP 4.0.0 through 4.4.6 and 5.0.0 through ...)
	{DSA-1283-1 DSA-1282-1 DTSA-39-1 DTSA-40-1}
	- php5 5.2.0-11 (medium)
	- php4 <unfixed> (medium)
CVE-2007-1582 (The resource system in PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 ...)
	- php5 <unfixed> (unimportant)
	- php4 <unfixed> (unimportant)
	NOTE: Only triggerable by malicious script
CVE-2007-1581 (The resource system in PHP 5.0.0 through 5.2.1 allows ...)
	- php5 <unfixed> (unimportant)
	NOTE: Only triggerable by malicious script
CVE-2007-1580 (FTPDMIN 0.96 allows remote attackers to cause a denial of service ...)
	NOT-FOR-US: FTPDMIN
CVE-2007-1579 (Stack-based buffer overflow in Atrium MERCUR IMAPD allows remote ...)
	NOT-FOR-US: MERCUR IMAPD
CVE-2007-1578 (Multiple integer signedness errors in the NTLM implementation in ...)
	NOT-FOR-US: MERCUR IMAPD
CVE-2007-1577 (Directory traversal vulnerability in index.php in GeBlog 0.1 allows ...)
	NOT-FOR-US: GeBlog
CVE-2007-1576 (Multiple cross-site scripting (XSS) vulnerabilities in PHProjekt ...)
	NOT-FOR-US: PHProjekt
CVE-2007-1575 (Multiple SQL injection vulnerabilities in PHProjekt 5.2.0, when ...)
	NOT-FOR-US: PHProjekt
CVE-2007-1574 (CARE2X 2.2, and possibly earlier, allows remote attackers to obtain ...)
	NOT-FOR-US: CARE2X
CVE-2007-1573 (SQL injection vulnerability in admincp/attachment.php in Jelsoft ...)
	NOT-FOR-US: vBulletin
CVE-2007-1572 (SQL injection vulnerability in search.asp in JGBBS 3.0 Beta 1 and ...)
	NOT-FOR-US: JGBBS
CVE-2007-1571 (PHP remote file inclusion vulnerability in includes/base.php in ...)
	NOT-FOR-US: Activist Mobilization Platform
CVE-2007-1570
	REJECTED
CVE-2007-1569 (Stack-based buffer overflow in NewsBin Pro 4.32 allows remote ...)
	NOT-FOR-US: NewsBin Pro
CVE-2007-1568 (Stack-based buffer overflow in DaanSystems NewsReactor 20070220.21 ...)
	NOT-FOR-US: NewsReactor
CVE-2007-1567 (Stack-based buffer overflow in War FTP Daemon 1.65, and possibly ...)
	NOT-FOR-US: WarFTPd
CVE-2007-1566 (SQL injection vulnerability in News/page.asp in NetVIOS Portal allows ...)
	NOT-FOR-US: NetVIOS Portal
CVE-2007-1565 (Konqueror 3.5.5 allows remote attackers to cause a denial of service ...)
	- kdelibs <unfixed> (unimportant)
CVE-2007-1564 (The FTP protocol implementation in Konqueror 3.5.5 allows remote ...)
	- kdelibs 4:3.5.5a.dfsg.1-7
CVE-2007-1563 (The FTP protocol implementation in Opera 9.10 allows remote attackers ...)
	NOT-FOR-US: Opera
CVE-2007-1562 (The FTP protocol implementation in Mozilla Firefox before 1.5.0.11 and ...)
	- iceweasel 2.0.0.3-1 (low)
CVE-2007-1560 (The clientProcessRequest() function in src/client_side.c in Squid 2.6 ...)
	- squid 2.6.5-6 (low)
	[sarge] - squid <not-affected> (Vulnerable code not present)
CVE-2007-1559 (Stack-based buffer overflow in SonicDVDDashVRNav.dll in Roxio ...)
	NOT-FOR-US: Roxio
CVE-2007-1558 (The APOP protocol allows remote attackers to guess the first 3 ...)
	{DSA-1305-1 DSA-1300-1 DTSA-46-1 DTSA-47-1}
	NOTE: Affects various clients, but no practical security implications
	NOTE: MFSA2007-15
	- icedove 2.0.0.4-1 (unimportant)
	- iceape 1.1.2-1 (unimportant)
CVE-2007-1557 (Format string vulnerability in F-Secure Anti-Virus Client Security ...)
	NOT-FOR-US: F-Secure
CVE-2007-1556 (SQL injection vulnerability in kommentare.php in Creative Files 1.2 ...)
	NOT-FOR-US: Creative Files
CVE-2007-1555 (SQL injection vulnerability in forum.php in the Minerva mod 2.0.21 ...)
	NOT-FOR-US: Minerva module of phpBB
CVE-2007-1554 (Direct static code injection vulnerability in admin/configuration.php ...)
	NOT-FOR-US: Guestbara
CVE-2007-1553 (admin/configuration.php in Guestbara 1.2 and earlier allows remote ...)
	NOT-FOR-US: Guestbara
CVE-2007-1552 (Unrestricted file upload vulnerability in usercp.php in MetaForum ...)
	NOT-FOR-US: MetaForum
CVE-2007-1551 (Multiple cross-site scripting (XSS) vulnerabilities in phpx 3.5.15 ...)
	NOT-FOR-US: phpx
CVE-2007-1550 (Multiple SQL injection vulnerabilities in phpx 3.5.15 allow remote ...)
	NOT-FOR-US: phpx
CVE-2007-1549 (Unrestricted file upload vulnerability in gallery.php in phpx 3.5.15 ...)
	NOT-FOR-US: phpx
CVE-2007-1548 (SQL injection vulnerability in functions/functions_filters.asp in Web ...)
	NOT-FOR-US: Web Wiz Forums
CVE-2007-1547 (The ReadRequestFromClient function in server/os/io.c in Network Audio ...)
	{DSA-1273-1}
	- nas 1.8-4 (low; bug #416038)
CVE-2007-1546 (Array index error in Network Audio System (NAS) before 1.8a SVN 237 ...)
	{DSA-1273-1}
	- nas 1.8-4 (low; bug #416038)
CVE-2007-1545 (The AddResource function in server/dia/resource.c in Network Audio ...)
	{DSA-1273-1}
	- nas 1.8-4 (low; bug #416038)
CVE-2007-1544 (Integer overflow in the ProcAuWriteElement function in ...)
	{DSA-1273-1}
	- nas 1.8-4 (low; bug #416038)
CVE-2007-1543 (Stack-based buffer overflow in the accept_att_local function in ...)
	{DSA-1273-1}
	- nas 1.8-4 (medium; bug #416038)
CVE-2007-1542 (Unspecified vulnerability in the Cisco IP Phone 7940 and 7960 running ...)
	NOT-FOR-US: Cisco
CVE-2007-1541 (Directory traversal vulnerability in am.pl in SQL-Ledger 2.6.27 only ...)
	- sql-ledger 2.8.14-1 (unimportant; bug #409703)
	NOTE: It's documented behaviour that SQL-Ledger should only be run in an
	NOTE: authenticated HTTP zone and without untrusted users
CVE-2007-1540 (Directory traversal vulnerability in am.pl in (1) SQL-Ledger 2.6.27 ...)
	- sql-ledger 2.8.14-1 (unimportant; bug #409703)
	NOTE: It's documented behaviour that SQL-Ledger should only be run in an
	NOTE: authenticated HTTP zone and without untrusted users
CVE-2007-1539 (Directory traversal vulnerability in inc/map.func.php in pragmaMX ...)
	NOT-FOR-US: pragmaMX Landkarten
CVE-2007-1538 (** DISPUTED ** ...)
	NOT-FOR-US: McAfee
CVE-2007-1537 (\Device\NdisTapi (NDISTAPI.sys) in Microsoft Windows XP SP2 and 2003 ...)
	NOT-FOR-US: Microsoft
CVE-2007-1536 (Integer underflow in the file_printf function in the &quot;file&quot; program ...)
	{DSA-1274-1}
	- file 4.20-1 (bug #415362; high)
	NOTE: Has got lots of reverse dependencies.
	NOTE: Some of them process remotely supplied untrusted input.
CVE-2007-1535 (Microsoft Windows Vista establishes a Teredo address without user ...)
	NOT-FOR-US: Microsoft
CVE-2007-1534 (DFSR.exe in Windows Meeting Space in Microsoft Windows Vista remains ...)
	NOT-FOR-US: Microsoft
CVE-2007-1533 (The Teredo implementation in Microsoft Windows Vista uses the same ...)
	NOT-FOR-US: Microsoft
CVE-2007-1532 (The neighbor discovery implementation in Microsoft Windows Vista ...)
	NOT-FOR-US: Microsoft
CVE-2007-1531 (Microsoft Windows XP and Vista overwrites ARP table entries included ...)
	NOT-FOR-US: Microsoft
CVE-2007-1530 (The LLTD Mapper in Microsoft Windows Vista does not properly gather ...)
	NOT-FOR-US: Microsoft
CVE-2007-1529 (The LLTD Responder in Microsoft Windows Vista does not send the Mapper ...)
	NOT-FOR-US: Microsoft
CVE-2007-1528 (The LLTD Mapper in Microsoft Windows Vista allows remote attackers to ...)
	NOT-FOR-US: Microsoft
CVE-2007-1527 (The LLTD Mapper in Microsoft Windows Vista does not verify that an IP ...)
	NOT-FOR-US: Microsoft
CVE-2007-1526 (Sun Java System Web Server 6.1 before 20070314 allows remote ...)
	NOT-FOR-US: Sun Java System Web Server
CVE-2007-1525 (Direct static code injection vulnerability in postpost.php in Dayfox ...)
	NOT-FOR-US: Dayfox Blog
CVE-2007-1524 (Directory traversal vulnerability in themes/default/ in ZomPlog 3.7.6 ...)
	NOT-FOR-US: ZomPlog
CVE-2007-1523 (Heap-based buffer overflow in the kernel in NetBSD 3.0, certain ...)
	NOT-FOR-US: NetBSD
CVE-2007-1522 (Double free vulnerability in the session extension in PHP 5.2.0 and ...)
	{DSA-1283-1}
	- php5 5.2.2-1 (medium)
CVE-2007-1521 (Double free vulnerability in PHP before 4.4.7, and 5.x before 5.2.2, ...)
	{DSA-1283-1 DSA-1282-1 DTSA-39-1 DTSA-40-1}
	- php5 5.2.0-11 (medium)
	- php4 6:4.4.6-2 (medium)
CVE-2007-1520 (The cross-site request forgery (CSRF) protection in PHP-Nuke 8.0 and ...)
	NOT-FOR-US: PHP-Nuke
CVE-2007-1519 (Cross-site scripting (XSS) vulnerability in modules.php in PHP-Nuke ...)
	NOT-FOR-US: PHP-Nuke
CVE-2007-1518 (SQL injection vulnerability in usergroups.php in Woltlab Burning Board ...)
	NOT-FOR-US: Woltlab Burning Board
CVE-2007-1517 (SQL injection vulnerability in comments.php in WSN Guest 1.02 and 1.21 ...)
	NOT-FOR-US: WSN Guest
CVE-2006-7174 (PHP remote file inclusion vulnerability in includes/functions.php in ...)
	NOT-FOR-US: Dimension module of phpBB
CVE-2006-7173 (Direct static code injection vulnerability in admin.php in PHP-Stats ...)
	NOT-FOR-US: PHP-Stats
CVE-2006-7172 (Multiple SQL injection vulnerabilities in php-stats.recphp.php in ...)
	NOT-FOR-US: PHP-Stats
CVE-2003-1322 (Multiple stack-based buffer overflows in Atrium MERCUR IMAPD in MERCUR ...)
	NOT-FOR-US: MERCUR IMAPD
CVE-2007-1561 (The channel driver in Asterisk before 1.2.17 and 1.4.x before 1.4.2 ...)
	{DSA-1358-1}
	- asterisk 1:1.4.2~dfsg-5 (bug #415466; medium)
	NOTE: http://voipsa.org/pipermail/voipsec_voipsa.org/2007-March/002275.html
CVE-2007-1594 (The handle_response function in chan_sip.c in Asterisk before 1.2.17 ...)
	NOTE: Duplicate of CVE-2007-2297
CVE-2007-1516 (PHP remote file inclusion vulnerability in functions/update.php in ...)
	NOT-FOR-US: CcMail
CVE-2007-1515 (Multiple cross-site scripting (XSS) vulnerabilities in Horde IMP H3 ...)
	- imp4 4.1.3-4 (medium; bug #415117)
CVE-2007-1514 (PHP remote file inclusion vulnerability in index.php in ViperWeb ...)
	NOT-FOR-US: ViperWeb Portal
CVE-2007-1513 (PHP remote file inclusion vulnerability in comanda.php in GraFX ...)
	NOT-FOR-US: WebSite Builder
CVE-2007-1512 (Stack-based buffer overflow in the AfxOleSetEditMenu function in the ...)
	NOT-FOR-US: Microsoft Windows
CVE-2007-1511 (Buffer overflow in FrontBase Relational Database Server 4.2.7 and ...)
	NOT-FOR-US: FrontBase Relational Database Server
CVE-2007-1510 (SQL injection vulnerability in post.php in Particle Blogger 1.0.0 ...)
	NOT-FOR-US: Particle Blogger
CVE-2007-1509 (Directory traversal vulnerability in enkrypt.php in Sascha Schroeder ...)
	NOT-FOR-US: krypt
CVE-2007-1508 (Cross-site scripting (XSS) vulnerability in CMD_USER_STATS in ...)
	NOT-FOR-US: DirectAdmin
CVE-2007-1507 (The default configuration in OpenAFS 1.4.x before 1.4.4 and 1.5.x ...)
	{DSA-1271-1}
	- openafs 1.4.2-6 (medium)
CVE-2007-1506 (Cross-site scripting (XSS) vulnerability in ...)
	NOT-FOR-US: Oracle Portal
CVE-2007-1505 (Fujistu FENCE-Pro before V5L01, and Systemwalker Desktop Encryption ...)
	NOT-FOR-US: Fujistu FENCE-Pro
CVE-2007-1504 (Cross-site scripting (XSS) vulnerability in the Servlet Service in ...)
	NOT-FOR-US: Fujitsu Interstage Application Server
CVE-2007-1503 (Multiple format string vulnerabilities in comm.c in Rhapsody IRC 0.28b ...)
	- rhapsody <removed> (medium)
CVE-2007-1502 (Multiple buffer overflows in Rhapsody IRC 0.28b allow remote attackers ...)
	- rhapsody <removed> (medium)
CVE-2007-1501 (Stack-based buffer overflow in Avant Browser 11.0 build 26 allows ...)
	NOT-FOR-US: Avant Browse
CVE-2007-1500 (The Linux Security Auditing Tool (LSAT) allows local users to ...)
	NOT-FOR-US: Linux Security Auditing Tool
CVE-2007-1499 (Microsoft Internet Explorer 7.0 on Windows XP and Vista allows remote ...)
	NOT-FOR-US: Internet Explorer
CVE-2007-1498 (Multiple stack-based buffer overflows in the SiteManager.SiteMgr.1 ...)
	NOT-FOR-US: SiteManager.SiteMgr.1 ActiveX control
CVE-2007-1497 (nf_conntrack in netfilter in the Linux kernel before 2.6.20.3 does not ...)
	{DSA-1289-1}
	- linux-2.6 2.6.20-1 (medium)
CVE-2007-1496 (nfnetlink_log in netfilter in the Linux kernel before 2.6.20.3 allows ...)
	{DSA-1289-1}
	- linux-2.6 2.6.21-1 (medium)
CVE-2007-1495 (The \Device\SymEvent driver in Symantec Norton Personal Firewall 2006 ...)
	NOT-FOR-US: Symantec Norton Personal Firewall
CVE-2007-1494 (Cross-site scripting (XSS) vulnerability in NukeSentinel before 2.5.06 ...)
	NOT-FOR-US: NukeSentinel
CVE-2007-1493 (nukesentinel.php in NukeSentinel 2.5.06 and earlier uses a permissive ...)
	NOT-FOR-US: NukeSentinel
CVE-2007-1492 (winmm.dll in Microsoft Windows XP allows user-assisted remote ...)
	NOT-FOR-US: Microsoft Windows XP
CVE-2007-1491 (Apache Tomcat in Avaya S87XX, S8500, and S8300 before CM 3.1.3, and ...)
	NOT-FOR-US: Avaya S87XX
CVE-2007-1490 (Unspecified maintenance web pages in Avaya S87XX, S8500, and S8300 ...)
	NOT-FOR-US: Avaya S87XX
CVE-2007-1489 (Unspecified vulnerability in web-app.org Web Automated Perl Portal ...)
	NOT-FOR-US: WebAPP
CVE-2007-1488 (Unspecified vulnerability in Sun Java System Web Server 6.0 and 6.1 ...)
	NOT-FOR-US: Sun Java System Web Server
CVE-2007-1487 (Directory traversal vulnerability in index.php in Sascha Schroeder ...)
	NOT-FOR-US: CyberTeddy WebLog
CVE-2007-1486 (PHP remote file inclusion vulnerability in template.class.php in ...)
	NOT-FOR-US: Carbonize Lazarus Guestbook
CVE-2007-1485 (** DISPUTED ** ...)
	NOT-FOR-US: LIBFtp
CVE-2007-1484 (The array_user_key_compare function in PHP 4.4.6 and earlier, and 5.x ...)
	- php4 <unfixed> (unimportant)
	- php5 5.2.2-1 (unimportant)
	NOTE: local malicious scripts only
CVE-2007-1483 (Multiple PHP remote file inclusion vulnerabilities in WebCalendar ...)
	- webcalendar 1.0.5-1 (high)
	[sarge] - webcalendar 0.9.45-4sarge7
	NOTE: This was fixed in Sarge as a side-effect of an earlier fix, marking current
	NOTE: Sarge version as fixed version
CVE-2007-1482 (Cross-site scripting (XSS) vulnerability in index.php in WBBlog allows ...)
	NOT-FOR-US: WBBlog
CVE-2007-1481 (SQL injection vulnerability in index.php in WBBlog allows remote ...)
	NOT-FOR-US: WBBlog
CVE-2007-1480 (Creative Guestbook 1.0 allows remote attackers to add an ...)
	NOT-FOR-US: Creative Guestbook
CVE-2007-1479 (Cross-site scripting (XSS) vulnerability in Guestbook.php in Creative ...)
	NOT-FOR-US: Creative Guestbook
CVE-2007-1478 (download.php in McGallery 0.5b allows remote attackers to read ...)
	NOT-FOR-US: McGallery
CVE-2007-1477 (** DISPUTED ** ...)
	NOT-FOR-US: Point Of Sale for osCommerce
CVE-2007-1476 (The SymTDI device driver (SYMTDI.SYS) in Symantec Norton Personal ...)
	NOT-FOR-US: Symantec Norton Personal Firewall
CVE-2007-1475 (Multiple buffer overflows in the (1) ibase_connect and (2) ...)
	- php4 <unfixed> (unimportant)
	NOTE: Can only be triggered by malicious script
CVE-2007-1474 (Argument injection vulnerability in the cleanup cron script in Horde ...)
	{DSA-1406-1}
	- horde3 3.1.3-4 (medium)
CVE-2007-1473 (Cross-site scripting (XSS) vulnerability in framework/NLS/NLS.php in ...)
	{DSA-1406-1}
	- horde3 3.1.4-1 (low; bug #434045)
CVE-2007-1472 (Variable overwrite vulnerability in groupit/base/groupit.start.inc in ...)
	NOT-FOR-US: Groupit
CVE-2007-1471 (admin/default.asp in Orion-Blog 2.0 allows remote attackers to bypass ...)
	NOT-FOR-US: Orion-Blog
CVE-2007-1470 (Multiple buffer overflows in LIBFtp 5.0 allow user-assisted remote ...)
	NOT-FOR-US: LIBFtp
CVE-2007-1469 (SQL injection vulnerability in gallery.asp in Absolute Image Gallery ...)
	NOT-FOR-US: Absolute Image Gallery
CVE-2007-1468 (Cross-site scripting (XSS) vulnerability in IBM Rational ClearQuest ...)
	NOT-FOR-US: IBM Rational ClearQuest
CVE-2007-1467 (Multiple cross-site scripting (XSS) vulnerabilities in (1) ...)
	NOT-FOR-US: Cisco
CVE-2007-1466 (Integer overflow in the the WP6GeneralTextPacket::_readContents ...)
	- libwpd 0.8.9-1 (medium)
	[etch] - libwpd 0.8.7-6
CVE-2007-1465 (Stack-based buffer overflow in dproxy.c for dproxy 0.1 through 0.5 ...)
	NOT-FOR-US: dproxy
CVE-2007-1464 (Format string vulnerability in the whiteboard Jabber protocol in ...)
	- inkscape 0.45.1-1 (medium)
	[etch] - inkscape <not-affected> (Versions prior to 0.45 used loudmouth, which isn't affected)
CVE-2007-1463 (Format string vulnerability in Inkscape before 0.45.1 allows ...)
	- inkscape 0.45.1-1 (low)
	[etch] - inkscape <no-dsa> (Minor issue)
	[sarge] - inkscape <no-dsa> (Minor issue)
	NOTE: shell code would be prominently inside the file names
CVE-2007-1462 (The luci server component in conga preserves the password between page ...)
	NOT-FOR-US: conga
CVE-2007-1461 (The compress.bzip2:// URL wrapper provided by the bz2 extension in PHP ...)
	- php5 5.2.2-1 (unimportant)
	NOTE: Safemode and open_basedir bypasses not supported
CVE-2007-1460 (The zip:// URL wrapper provided by the PECL zip extension in PHP ...)
	- php5 5.2.2-1 (unimportant)
	NOTE: Safemode and open_basedir bypasses not supported
CVE-2007-1459 (Multiple PHP remote file inclusion vulnerabilities in WebCreator ...)
	NOT-FOR-US: WebCreator
CVE-2007-1458 (Multiple PHP remote file inclusion vulnerabilities in CARE2X 1.1 allow ...)
	NOT-FOR-US: CARE2X
CVE-2007-1457 (Buffer overflow in the urarlib_get function in Christian Scheurer ...)
	NOT-FOR-US: UniquE RAR File Library
CVE-2007-1456 (** DISPUTED ** ...)
	NOT-FOR-US: PHP Photo Album
CVE-2007-1455 (Multiple absolute path traversal vulnerabilities in Fantastico, as ...)
	NOT-FOR-US: Fantastico
CVE-2007-1454 (ext/filter in PHP 5.2.0, when FILTER_SANITIZE_STRING is used with the ...)
	{DSA-1283-1 DTSA-39-1}
	- php5 5.2.0-11 (medium)
CVE-2007-1453 (Buffer underflow in the PHP_FILTER_TRIM_DEFAULT macro in the filtering ...)
	{DSA-1283-1 DTSA-39-1}
	- php5 5.2.0-11 (medium)
CVE-2007-1452 (The FDF support (ext/fdf) in PHP 5.2.0 and earlier does not implement ...)
	- php5 <not-affected> (cpdf extension not enabled in binary build)
CVE-2007-1451 (GuppY 4.0 allows remote attackers to delete arbitrary files via a ...)
	NOT-FOR-US: GuppY
CVE-2007-1450 (SQL injection vulnerability in mainfile.php in PHP-Nuke 8.0 and ...)
	NOT-FOR-US: PHP-Nuke
CVE-2007-1449 (Directory traversal vulnerability in mainfile.php in PHP-Nuke 8.0 and ...)
	NOT-FOR-US: PHP-Nuke
CVE-2007-1448 (The Tape Engine in CA (formerly Computer Associates) BrightStor ...)
	NOT-FOR-US: BrightStor ARCserve Backup
CVE-2007-1447 (The Tape Engine in CA (formerly Computer Associates) BrightStor ...)
	NOT-FOR-US: BrightStor ARCserve Backup
CVE-2007-1446 (Multiple PHP remote file inclusion vulnerabilities in Open Education ...)
	NOT-FOR-US: Open Education System
CVE-2007-1445 (SQL injection vulnerability in the heme preview feature for ...)
	NOT-FOR-US: BP Blog
CVE-2007-1444 (netserver in netperf 2.4.3 allows local users to overwrite arbitrary ...)
	- netperf 2.4.3-8 (bug #413658; medium)
	[sarge] - netperf <no-dsa> (Non-free not supported)
	[etch] - netperf <no-dsa> (Non-free not supported)
CVE-2007-1443 (Multiple cross-site scripting (XSS) vulnerabilities in register.php in ...)
	NOT-FOR-US: Woltlab Burning Board
CVE-2007-1442 (Oracle Database 10g uses a NULL pDacl parameter when calling the ...)
	NOT-FOR-US: Oracle Database
CVE-2007-1441 (The 4thPass browser (BlackBerry Browser) on the RIM BlackBerry 8100 ...)
	NOT-FOR-US: BlackBerry 8100
CVE-2007-1440 (SQL injection vulnerability in search.asp in JGBBS 3.0 Beta 1 allows ...)
	NOT-FOR-US: JGBBS
CVE-2007-1439 (PHP remote file inclusion vulnerability in ressourcen/dbopen.php in ...)
	NOT-FOR-US: MySQL Commander
CVE-2007-1438 (SQL injection vulnerability in devami.asp in X-Ice News System 1.0 ...)
	NOT-FOR-US: X-Ice News System
CVE-2006-7171 (product_review.php in Koan Software Mega Mall allows remote attackers ...)
	NOT-FOR-US: Mega Mall
CVE-2006-7170 (Multiple SQL injection vulnerabilities in Koan Software Mega Mall ...)
	NOT-FOR-US: Mega Mall
CVE-2006-7169 (PHP remote file inclusion vulnerability in includes/header_simple.php ...)
	NOT-FOR-US: Ultimate PHP Board
CVE-2006-7168 (PHP remote file inclusion vulnerability in includes/not_mem.php in the ...)
	NOT-FOR-US: phpBB module Add Name
CVE-2006-7167 (Unspecified vulnerability in ProRat Server 1.9 Fix2 allows remote ...)
	NOT-FOR-US: ProRat Server
CVE-2006-7166 (IBM WebSphere Application Server (WAS) 5.1.1.9 and earlier allows ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2006-7165 (IBM WebSphere Application Server (WAS) 5.0 through 5.1.1.0 allows ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2006-7164 (SimpleFileServlet in IBM WebSphere Application Server 5.0.1 through ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2005-4834 (IBM WebSphere Application Server (WAS) 5.0.2.5 through 5.1.1.3 allows ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2005-4833 (IBM WebSphere Application Server (WAS) 6.0 before 20050201, when ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2003-1321 (Buffer overflow in Avant Browser 8.02 allows remote attackers to cause ...)
	NOT-FOR-US: Avant Browser
CVE-2007-1437 (Unspecified vulnerability in LedgerSMB before 1.1.5 and SQL-Ledger ...)
	- sql-ledger 2.8.14-1 (unimportant; bug #409703)
	NOTE: It's documented behaviour that SQL-Ledger should only be run in an
	NOTE: authenticated HTTP zone and without untrusted users
CVE-2007-1436 (Unspecified vulnerability in admin.pl in SQL-Ledger before 2.6.26 and ...)
	- sql-ledger 2.8.14-1 (unimportant; bug #409703)
	NOTE: It's documented behaviour that SQL-Ledger should only be run in an
	NOTE: authenticated HTTP zone and without untrusted users
CVE-2007-1435 (Buffer overflow in D-Link TFTP Server 1.0 allows remote attackers to ...)
	NOT-FOR-US: D-Link TFTP Server
CVE-2007-1434 (SQL injection vulnerability in Grayscale Blog 0.8.0, and possibly ...)
	NOT-FOR-US: Grayscale Blog
CVE-2007-1433 (Cross-site scripting (XSS) vulnerability in Grayscale Blog 0.8.0, and ...)
	NOT-FOR-US: Grayscale Blog
CVE-2007-1432 (Grayscale Blog 0.8.0, and possibly earlier versions, allows remote ...)
	NOT-FOR-US: Grayscale Blog
CVE-2007-1431 (Multiple unspecified vulnerabilities in PennMUSH 1.8.3 before 1.8.3p1 ...)
	- pennmush 1.8.2p7-1 (low; bug #436249)
	[sarge] - pennmush <no-dsa> (Minor issue)
	[etch] - pennmush <no-dsa> (Minor issue)
CVE-2007-1430 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: ClipShare
CVE-2007-1429 (Multiple PHP remote file inclusion vulnerabilities in Moodle 1.7.1 ...)
	- moodle <not-affected>
	NOTE: Security problem with the Windows version
	NOTE: Debian Maintainer and Upstream state that debian is not affected
	NOTE: and the problem is not reproducible there
CVE-2007-1428 (SQL injection vulnerability in search.php in PHP Labs JobSitePro 1.0 ...)
	NOT-FOR-US: JobSitePro
CVE-2007-1427 (Directory traversal vulnerability in download_pdf.php in AssetMan 2.4a ...)
	NOT-FOR-US: AssetMan
CVE-2007-1426 (The web interface in AstroCam 2.0.0 through 2.6.5 allows remote ...)
	NOT-FOR-US: AstroCam
CVE-2007-1425 (SQL injection vulnerability in index.php in Triexa SonicMailer Pro ...)
	NOT-FOR-US: SonicMailer Pro
CVE-2007-1424 (Multiple PHP remote file inclusion vulnerabilities in Softnews Media ...)
	NOT-FOR-US: DataLife Engine
CVE-2007-1423 (Multiple PHP remote file inclusion vulnerabilities in WORK system ...)
	NOT-FOR-US: WORK system e-commerce
CVE-2007-1422 (SQL injection vulnerability in goster.asp in fystyq Duyuru Scripti ...)
	NOT-FOR-US: Duyuru Scripti
CVE-2007-1421 (Multiple PHP remote file inclusion vulnerabilities in Premod SubDog 2 ...)
	NOT-FOR-US: SubDog
CVE-2007-1420 (MySQL 5.x before 5.0.36 allows local users to cause a denial of ...)
	- mysql-dfsg-5.0 5.0.32-8 (bug #414790)
	[etch] - mysql-dfsg-5.0 5.0.32-7etch1
CVE-2007-1419 (The Java Management Extensions Remote API Remote Method Invocation ...)
	NOT-FOR-US: JMX RMI-IIOP
CVE-2007-1418 (Cross-site scripting (XSS) vulnerability in ...)
	NOT-FOR-US: DekiWiki
CVE-2007-1417 (SQL injection vulnerability in index.php in HC NEWSSYSTEM 1.0-4 allows ...)
	NOT-FOR-US: NEWSSYSTEM
CVE-2007-1416 (PHP remote file inclusion vulnerability in createurl.php in JCcorp ...)
	NOT-FOR-US: URLshrink
CVE-2007-1415 (Multiple PHP remote file inclusion vulnerabilities in PMB Services ...)
	NOT-FOR-US: PMB Services
CVE-2007-1414 (Multiple PHP remote file inclusion vulnerabilities in Coppermine Photo ...)
	NOT-FOR-US: Coppermine Photo Gallery
CVE-2007-1413 (Buffer overflow in the snmpget function in the snmp extension in PHP ...)
	- php4 <unfixed> (unimportant)
	- php5 <unfixed> (unimportant)
	NOTE: Only triggerable by malicious script
CVE-2007-1412 (The cpdf_open function in the ClibPDF (cpdf) extension in PHP 4.4.6 ...)
	- php4 <not-affected> (cpdf extension not enabled in binary build)
	- php5 <not-affected> (cpdf extension not enabled in binary build)
CVE-2007-1411 (Buffer overflow in PHP 4.4.6 and earlier, and unspecified PHP 5 ...)
	- php4 <not-affected> (no mssql extension in Debian)
	- php5 <not-affected> (no mssql extension in Debian)
CVE-2007-1410 (SQL injection vulnerability in kategori.asp in GaziYapBoz Game Portal ...)
	NOT-FOR-US: GaziYapBoz Game Portal
CVE-2007-1409 (WordPress allows remote attackers to obtain sensitive information via ...)
	- wordpress <not-affected> (Path disclosure)
CVE-2007-1408 (Multiple vulnerabilities in (1) bank.php, (2) landfill.php, (3) ...)
	NOT-FOR-US: Vallheru
CVE-2007-1407 (Unspecified vulnerability in OpenSolution Quick.Cart before 2.1 has ...)
	NOT-FOR-US: Quick.Cart
CVE-2007-1406 (Trac before 0.10.3.1 does not send a Content-Disposition HTTP header ...)
	[etch] - trac 0.10.3-1etch1
	- trac 0.10.4-1 (unimportant; bug #414134; bug #420219)
	NOTE: Browser bug, only exploitable on IE, still fixed in a point release
CVE-2007-1405 (Cross-site scripting (XSS) vulnerability in the &quot;download wiki page as ...)
	[etch] - trac 0.10.3-1etch1
	- trac 0.10.4-1 (unimportant; bug #414134; bug #420219)
	NOTE: Browser bug, only exploitable on IE, still fixed in a point release
CVE-2007-1404 (tftpd.exe in ProSysInfo TFTP Server TFTPDWIN 0.4.2 allows remote ...)
	NOT-FOR-US: ProSysInfo TFTP Server
CVE-2007-1403 (Multiple stack-based buffer overflows in an ActiveX control in ...)
	NOT-FOR-US: ActiveX control
CVE-2007-1402 (The Rediff Toolbar 2.0 ActiveX control in redifftoolbar.dll allows ...)
	NOT-FOR-US: Rediff Toolbar ActiveX control
CVE-2007-1401 (Buffer overflow in the crack extension (CrackLib), as bundled with PHP ...)
	NOT-FOR-US: php doesn't ship with cracklib activated in debian.
CVE-2007-1400 (Plash permits sandboxed processes to open /dev/tty, which allows local ...)
	NOT-FOR-US: Plash
CVE-2007-1399 (Stack-based buffer overflow in the zip:// URL wrapper in PECL ZIP ...)
	{DSA-1330-1}
	- php5 5.2.2-1 (medium)
CVE-2007-1398 (The frag3 preprocessor in Snort 2.6.1.1, 2.6.1.2, and 2.7.0 beta, when ...)
	- snort <not-affected> (Vulnerable code not present)
CVE-2007-1397 (Multiple stack-based buffer overflows in the (1) ExtractRnick and (2) ...)
	NOT-FOR-US: FiSH IRC Encryption
CVE-2007-1396 (The import_request_variables function in PHP 4.0.7 through 4.4.6, and ...)
	- php5 5.2.2-1 (unimportant)
	NOTE: Non-issue
CVE-2007-1395 (Incomplete blacklist vulnerability in index.php in phpMyAdmin 2.8.0 ...)
	{DSA-1370-2 DSA-1370-1}
	- phpmyadmin 4:2.10.0.2-1 (medium)
	[sarge] - phpmyadmin <not-affected> (Vulnerable code not present)
CVE-2007-1394 (Direct static code injection vulnerability in startsession.php in Flat ...)
	NOT-FOR-US: Flat Chat
CVE-2007-1393 (PHP remote file inclusion vulnerability in mysave.php in Magic CMS ...)
	NOT-FOR-US: Magic CMS
CVE-2007-1392 (Directory traversal vulnerability in down.php in netForo! 0.1g allows ...)
	NOT-FOR-US: netForo!
CVE-2007-1391 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: WEBO
CVE-2007-1390 (Multiple cross-site scripting (XSS) vulnerabilities in dynaliens 2.0 ...)
	NOT-FOR-US: dynalias
CVE-2007-1389 (dynaliens 2.0 and 2.1 allows remote attackers to bypass authentication ...)
	NOT-FOR-US: dynalias
CVE-2007-1388 (The do_ipv6_setsockopt function in net/ipv6/ipv6_sockglue.c in Linux ...)
	- linux-2.6 2.6.18.dfsg.1-12
CVE-2007-1387 (The DirectShow loader (loader/dshow/DS_VideoDecoder.c) in MPlayer ...)
	{DSA-1536-1}
	- mplayer 1.0~rc1-13 (bug #414075; low)
	- xine-lib 1.1.2+dfsg-3 (bug #414072; low)
	[etch] - mplayer 1.0~rc1-12etch
	[sarge] - xine-lib <no-dsa> (Only affects external, proprietary w32codecs addons)
CVE-2007-1386
	RESERVED
CVE-2007-1385 (chunkcounter.cpp in KTorrent before 2.1.2 allows remote attackers to ...)
	- ktorrent 2.0.3+dfsg1-2.1 (bug #414832; medium)
CVE-2007-1384 (Directory traversal vulnerability in torrent.cpp in KTorrent before ...)
	- ktorrent 2.0.3+dfsg1-2.1 (bug #414832; medium)
CVE-2007-1383 (Integer overflow in the 16 bit variable reference counter in PHP 4 ...)
	- php4 <unfixed> (unimportant)
	NOTE: Only triggerable by malicious PHP scripts, PHP5 not "affected"
CVE-2007-1382 (The PHP COM extensions for PHP on Windows systems allow ...)
	NOT-FOR-US: Windows PHP COM extensions
CVE-2007-1381 (The wddx_deserialize function in wddx.c 1.119.2.10.2.12 and ...)
	- php5 <not-affected> (Affected only a php5 CVS version, not a release)
CVE-2007-1380 (The php_binary serialization handler in the session extension in PHP ...)
	{DSA-1283-1 DSA-1282-1 DTSA-39-1 DTSA-40-1}
	[etch] - php5 5.2.0-8+etch1
	- php4 6:4.4.6-1 (low)
	- php5 5.2.0-11 (low)
CVE-2007-1379 (The ovrimos_close function in the Ovrimos extension for PHP before ...)
	- php4 <not-affected> (Ovrimus support not included in Debian's PHP packages)
CVE-2007-1378 (The ovrimos_longreadlen function in the Ovrimos extension for PHP ...)
	- php4 <not-affected> (Ovrimus support not included in Debian's PHP packages)
CVE-2007-1377 (AcroPDF.DLL in Adobe Reader 8.0, when accessed from Mozilla Firefox, ...)
	NOT-FOR-US: Adobe Reader
CVE-2007-1376 (The shmop functions in PHP before 4.4.5, and before 5.2.1 in the 5.x ...)
	{DSA-1283-1 DTSA-39-1}
	- php4 <unfixed> (unimportant)
	- php5 5.2.0-11 (unimportant)
	NOTE: Only triggerable by malicious script
CVE-2007-1375 (Integer overflow in the substr_compare function in PHP 5.2.1 and ...)
	{DSA-1283-1 DTSA-39-1}
	- php5 5.2.0-11 (low)
	NOTE: Should be fixed, could be used as a stepstone for further attacks
CVE-2007-1374 (Cross-site scripting (XSS) vulnerability in pop_profile.asp in Snitz ...)
	NOT-FOR-US: Snitz Forums
CVE-2007-1373 (Stack-based buffer overflow in Mercury/32 (aka Mercury Mail Transport ...)
	NOT-FOR-US: Mercury Mail Transport System
CVE-2007-1372 (PHP remote file inclusion vulnerability in styles/internal/header.php ...)
	NOT-FOR-US: PostGuestbook
CVE-2007-1371 (Multiple buffer overflows in Conquest 8.2a and earlier (1) allow local ...)
	- conquest 8.2b-1 (low)
	[sarge] - conquest <no-dsa> (Minor issue)
	[etch] - conquest <no-dsa> (Minor issue)
CVE-2007-1370 (Zend Platform 2.2.3 and earlier has incorrect ownership for scd.sh and ...)
	NOT-FOR-US: Zend Platform
CVE-2007-1369 (ini_modifier (sgid-zendtech) in Zend Platform 2.2.3 and earlier allows ...)
	NOT-FOR-US: Zend Platform
CVE-2007-1368 (The Project issue tracking module before 4.7.x-1.3, 4.7.x-2.* before ...)
	NOT-FOR-US: Drupal module Project
CVE-2007-1367 (Cross-site scripting (XSS) vulnerability in the login page in Avaya ...)
	NOT-FOR-US: Avaya Communications Manager
CVE-2007-1366 (QEMU 0.8.2 allows local users to crash a virtual machine via the ...)
	{DSA-1284-1 DTSA-38-1 DTSA-133-1}
	- qemu 0.9.0-2 (bug #424070)
	- kvm 66+dfsg-1.1
CVE-2007-1365 (Buffer overflow in kern/uipc_mbuf2.c in OpenBSD 3.9 and 4.0 allows ...)
	NOT-FOR-US: OpenBSD Kernel
CVE-2007-1364 (DropAFew before 0.2.1 does not require authorization for certain ...)
	NOT-FOR-US: DropAFew
CVE-2007-1363 (Multiple SQL injection vulnerabilities in DropAFew before 0.2.1 allow ...)
	NOT-FOR-US: DropAFew
CVE-2007-1362 (Mozilla Firefox 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, and ...)
	{DSA-1308-1 DSA-1306-1 DSA-1300-1 DTSA-45-1 DTSA-47-1 DTSA-51-1}
	NOTE: MFSA2007-14
	- iceape 1.1.2-1 (low)
	- iceweasel 2.0.0.4-1 (low)
	- xulrunner 1.8.1.4-1 (low)
CVE-2007-1361 (Cross-site scripting (XSS) vulnerability in virtuemart_parser.php in ...)
	NOT-FOR-US: VirtueMart
CVE-2007-1360 (Unspecified vulnerability in the Nodefamily module for Drupal 5.x ...)
	NOT-FOR-US: Drupal module Nodefamily
CVE-2007-1359 (Interpretation conflict in ModSecurity (mod_security) 2.1.0 and ...)
	- libapache-mod-security 2.1.2-1
CVE-2007-1358 (Cross-site scripting (XSS) vulnerability in certain applications using ...)
	- tomcat4 <removed> (low)
	[sarge] - tomcat4 <no-dsa> (Contrib not supported)
CVE-2007-1357 (The atalk_sum_skb function in AppleTalk for Linux kernel 2.6.x before ...)
	{DSA-1304 DSA-1286-1}
	- linux-2.6 2.6.20-1
CVE-2007-1356
	REJECTED
CVE-2007-1355 (Multiple cross-site scripting (XSS) vulnerabilities in the ...)
	- tomcat4 <removed> (unimportant)
	- tomcat5 <removed> (unimportant)
	- tomcat5.5 5.5.25-1 (unimportant)
	NOTE: Just an example application for documentation purposes
CVE-2007-1354 (The Access Control functionality (JMXOpsAccessControlFilter) in JMX ...)
	NOT-FOR-US: JBoss Application Server
CVE-2007-1353 (The setsockopt function in the L2CAP and HCI Bluetooth support in the ...)
	{DSA-1503-2 DSA-1504-1 DSA-1503-1 DSA-1356-1}
	- linux-2.6 2.6.22-1 (low)
CVE-2007-1352 (Integer overflow in the FontFileInitTable function in X.Org libXfont ...)
	{DSA-1294-1}
	- libxfont 1:1.2.2-2 (medium)
CVE-2007-1351 (Integer overflow in the bdfReadCharacters function in bdfread.c in (1) ...)
	{DSA-1454-1 DSA-1294-1}
	- libxfont 1:1.2.2-2 (medium)
	- freetype 2.3.5-1 (medium; bug #426771)
CVE-2007-1350 (Stack-based buffer overflow in webadmin.exe in Novell NetMail 3.5.2 ...)
	NOT-FOR-US: Novell NetMail
CVE-2007-1349 (PerlRun.pm in Apache mod_perl before 1.30, and RegistryCooker.pm in ...)
	- apache <removed> (low)
	- libapache2-mod-perl2 2.0.2-5 (low; bug #433549)
	[etch] - libapache2-mod-perl2 <no-dsa> (Minor issue)
	[etch] - apache <no-dsa> (scheduled for stable point release)
	[etch] - apache 1.3.34-4.1+etch1
CVE-2007-1348
	RESERVED
CVE-2007-1347 (Microsoft Windows Explorer on Windows 2000 SP4 FR and XP SP2 FR, and ...)
	NOT-FOR-US: Microsoft Windows Explorer
CVE-2007-1346 (Unspecified vulnerability in ipmitool for Sun Fire X2100M2 and X2200M2 ...)
	NOT-FOR-US: Sun Fire Server
CVE-2007-1345 (Unspecified vulnerability in cube.exe in the GINA component for CA ...)
	NOT-FOR-US: CA eTrust Admin
CVE-2007-1344 (Multiple buffer overflows in src/ezstream.c in Ezstream before 0.3.0 ...)
	NOT-FOR-US: Ezstream
CVE-2007-1343 (includes/functions.php in Craig Knudsen WebCalendar before 1.0.5 does ...)
	{DSA-1267-1}
	- webcalendar 1.0.5-1 (high)
CVE-2007-1342 (Cross-site scripting (XSS) vulnerability in admincp/index.php in ...)
	NOT-FOR-US: vBulletin
CVE-2007-1341 (include/auth/auth.php in Simple Invoices before 2007 03 05 does not ...)
	NOT-FOR-US: Simple Invoices
CVE-2007-1340 (PHP remote file inclusion vulnerability in eintrag.php in Weltennetz ...)
	NOT-FOR-US: News-Letterman
CVE-2007-1339 (SQL injection vulnerability in index.php in Links Management ...)
	NOT-FOR-US: Links Management Application
CVE-2007-1338 (The default configuration of the AirPort utility in Apple AirPort ...)
	NOT-FOR-US: Apple AirPort Extreme
CVE-2007-1337 (The virtual machine process (VMX) in VMware Workstation before 5.5.4 ...)
	NOT-FOR-US: VMware
CVE-2007-1336
	RESERVED
CVE-2007-1335
	RESERVED
CVE-2007-1334
	RESERVED
CVE-2007-1333
	RESERVED
CVE-2007-1332 (Multiple cross-site request forgery (CSRF) vulnerabilities in TKS ...)
	NOT-FOR-US: TKS Banking Solutions ePortfolio
CVE-2007-1331 (Multiple cross-site scripting (XSS) vulnerabilities in TKS Banking ...)
	NOT-FOR-US: TKS Banking Solutions ePortfolio
CVE-2007-1330 (Comodo Firewall Pro (CFP) (formerly Comodo Personal Firewall) ...)
	NOT-FOR-US: Comodo Firewall Pro
CVE-2007-1329 (Directory traversal vulnerability in SQL-Ledger, and LedgerSMB before ...)
	- sql-ledger <unfixed> (unimportant; bug #409703)
	NOTE: It's documented behaviour that SQL-Ledger should only be run in an
	NOTE: authenticated HTTP zone and without untrusted users
CVE-2007-1328 (Cross-site scripting (XSS) vulnerability in formulaire.php in Bernard ...)
	NOT-FOR-US: JOLY BJ Webring
CVE-2007-1327 (The SILC_SERVER_CMD_FUNC function in apps/silcd/command.c in ...)
	NOT-FOR-US: silc daemon
CVE-2007-1326 (SQL injection vulnerability in index.php in Serendipity 1.1.1 allows ...)
	- serendipity <unfixed> (unimportant)
	NOTE: http://blog.s9y.org/archives/164-Serendipity-1.1.2-released.html
CVE-2007-1325 (The PMA_ArrayWalkRecursive function in libraries/common.lib.php in ...)
	{DSA-1370-2 DSA-1370-1}
	- phpmyadmin 4:2.10.0.2-1
	[sarge] - phpmyadmin <not-affected> (Vulnerable code not present)
CVE-2007-1324 (SnapGear 560, 585, 580, 640, 710, and 720 appliances before the ...)
	NOT-FOR-US: SnapGear
CVE-2007-1323
	REJECTED
	{DTSA-38-1}
CVE-2007-1322 (QEMU 0.8.2 allows local users to halt a virtual machine by executing ...)
	{DSA-1284-1 DTSA-38-1 DTSA-133-1}
	- qemu 0.9.0-2 (bug #424070)
	- kvm 66+dfsg-1.1
CVE-2007-1321 (Integer signedness error in the NE2000 emulator in QEMU 0.8.2, as used ...)
	{DSA-1284-1 DTSA-38-1 DTSA-133-1}
	- qemu 0.9.0-2 (bug #424070)
	- kvm 66+dfsg-1.1
CVE-2007-1320 (Multiple heap-based buffer overflows in the cirrus_invalidate_region ...)
	{DSA-1384-1 DSA-1284-1 DTSA-38-1 DTSA-133-1}
	- qemu 0.9.0-2 (bug #424070)
	- kvm 66+dfsg-1.1
	- xen-3 3.1.0-2 (bug #444007; medium)
	- xen-3.0 <removed>
CVE-2007-1319 (Unspecified vulnerability in the IOPCServer::RemoveGroup function in ...)
	NOT-FOR-US: DeviceXPlorer OLE
CVE-2007-1318
	RESERVED
CVE-2007-1317
	RESERVED
CVE-2007-1316
	RESERVED
CVE-2007-1315
	RESERVED
CVE-2007-1314
	RESERVED
CVE-2007-1313 (NETxAutomation NETxEIB OPC Server before 3.0.1300 does not properly ...)
	NOT-FOR-US: NETxAutomation NETxEIB OPC Server
CVE-2007-1312
	RESERVED
CVE-2007-1311
	RESERVED
CVE-2007-1310
	RESERVED
CVE-2007-1309 (Novell Access Management 3 SSLVPN Server allows remote authenticated ...)
	NOT-FOR-US: Novell Access Management
CVE-2007-1308 (ecma/kjs_html.cpp in KDE JavaScript (KJS), as used in Konqueror in KDE ...)
	- kdelibs <unfixed> (unimportant)
	NOTE: Browser crashes not treated as security problems
CVE-2007-1307 (Unspecified vulnerability in Lenovo Intel PRO/1000 LAN adapter before ...)
	NOT-FOR-US: Microsoft Windows Driver for Intel PRO/1000 LAN
CVE-2007-1306 (Asterisk 1.4 before 1.4.1 and 1.2 before 1.2.16 allows remote ...)
	{DSA-1358-1}
	- asterisk 1:1.2.16~dfsg-1 (medium)
CVE-2007-1305 (Multiple cross-site scripting (XSS) vulnerabilities in add2.php in ...)
	NOT-FOR-US: Sava's Guestbook
CVE-2007-1304 (Multiple SQL injection vulnerabilities in add2.php in Sava's Guestbook ...)
	NOT-FOR-US: Sava's Guestbook
CVE-2007-1303 (Directory traversal vulnerability in rb.cgi in RRDBrowse 1.6 and ...)
	NOT-FOR-US: RRDBrowse
CVE-2007-1302 (SQL injection vulnerability in guestbook.php in LI-Guestbook 1.1, when ...)
	NOT-FOR-US: LI-Guestbook
CVE-2007-1301 (Stack-based buffer overflow in the IMAP service in MailEnable ...)
	NOT-FOR-US: MailEnable Enterprise
CVE-2007-1300 (DOURAN Software Technologies ISPUtil 3.32.84.1, and possibly earlier ...)
	NOT-FOR-US: ISPUtil
CVE-2007-1299 (PHP remote file inclusion vulnerability in index.php in Mani Stats ...)
	NOT-FOR-US: Mani Stats Reader
CVE-2007-1298 (SQL injection vulnerability in subcat.php in AJ Auction 1.0 allows ...)
	NOT-FOR-US: AJ Auction
CVE-2007-1297 (SQL injection vulnerability in view_profile.php in AJDating 1.0 allows ...)
	NOT-FOR-US: AJ Dating
CVE-2007-1296 (SQL injection vulnerability in postingdetails.php in AJ Classifieds ...)
	NOT-FOR-US: AJ Classifieds
CVE-2007-1295 (SQL injection vulnerability in topic_title.php in AJ Forum 1.0 allows ...)
	NOT-FOR-US: AJ Forum
CVE-2007-1294 (A certain ActiveX control in the DivXBrowserPlugin (npdivx32.dll) in ...)
	NOT-FOR-US: DivXBrowserPlugin ActiveX control
CVE-2007-1293 (SQL injection vulnerability in Rigter Portal System (RPS) 6.2, when ...)
	NOT-FOR-US: Rigter Portal System
CVE-2007-1292 (SQL injection vulnerability in inlinemod.php in Jelsoft vBulletin ...)
	NOT-FOR-US: vBulletin
CVE-2007-1291 (Multiple cross-site scripting (XSS) vulnerabilities in Tyger Bug ...)
	NOT-FOR-US: TygerBT
CVE-2007-1290 (SQL injection vulnerability in ViewReport.php in Tyger Bug Tracking ...)
	NOT-FOR-US: TygerBT
CVE-2007-1289 (SQL injection vulnerability in ViewBugs.php in Tyger Bug Tracking ...)
	NOT-FOR-US: TygerBT
CVE-2007-1288 (Multiple PHP remote file inclusion vulnerabilities in Webmobo WB News ...)
	NOT-FOR-US: WB News
CVE-2006-7163 (DreameeSoft Password Master 1.0 stores the database in an unencrypted ...)
	NOT-FOR-US: DreameeSoft Password Master
CVE-2006-7162 (PuTTY 0.59 and earlier uses weak file permissions for (1) ppk files ...)
	- putty 0.59-1 (bug #400804; unimportant)
	NOTE: Unsafe default, but not a vulnerability
	NOTE: Sensitive operations like key generation should only be done in private home
CVE-2006-7161 (SQL injection vulnerability in giris_yap.asp in Hazir Site 2.0 allows ...)
	NOT-FOR-US: Hazir Site
CVE-2006-7160 (The Sandbox.sys driver in Outpost Firewall PRO 4.0, and possibly ...)
	NOT-FOR-US: Outpost Firewall PRO
CVE-2006-7159 (Directory traversal vulnerability in include/prune_torrents.php in ...)
	NOT-FOR-US: BTI-Tracker
CVE-2006-7158 (Cross-site scripting (XSS) vulnerability in Oracle Application Express ...)
	NOT-FOR-US: Oracle Application Express
CVE-2006-7157 (Buffer overflow in Google Earth v4.0.2091 (beta) allows remote ...)
	NOT-FOR-US: Google Earth
CVE-2006-7156 (PHP remote file inclusion vulnerability in addon_keywords.php in ...)
	NOT-FOR-US: miniBB module Keyword Replacer
CVE-2006-7155 (Novell BorderManager 3.8 SP4 generates the same ISAKMP cookies for the ...)
	NOT-FOR-US: Novell BorderManager
CVE-2006-7154 (Iono allows remote attackers to obtain the full server path via ...)
	NOT-FOR-US: Iono
CVE-2006-7153 (PHP remote file inclusion vulnerability in index.php in MiniBB Forum 2 ...)
	NOT-FOR-US: MiniBB Forum
CVE-2006-7152 (default.asp in ASP-Nuke Community 1.5 and earlier allows remote ...)
	NOT-FOR-US: ASP-Nuke Community
CVE-2006-7151 (Untrusted search path vulnerability in the libtool-ltdl library ...)
	- libtool <not-affected> (Specific to Fedora build)
CVE-2006-7150 (Multiple SQL injection vulnerabilities in Mambo 4.6.x allow remote ...)
	NOT-FOR-US: Mambo
CVE-2006-7149 (Multiple cross-site scripting (XSS) vulnerabilities in Mambo 4.6.x ...)
	NOT-FOR-US: Mambo
CVE-2006-7148 (PHP remote file inclusion vulnerability in includes/bb_usage_stats.php ...)
	NOT-FOR-US: phpBB module maluinfo
CVE-2006-7147 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: phpBB module Import Tools
CVE-2006-7146 (** DISPUTED ** ...)
	NOT-FOR-US: communityPortals
CVE-2006-7145 (edit_user.php in Call Center Software 0.93 and earlier allows remote ...)
	NOT-FOR-US: Call Center Software
CVE-2006-7144 (SQL injection vulnerability in Call Center Software 0.93 and earlier ...)
	NOT-FOR-US: Call Center Software
CVE-2006-7143 (Cross-site scripting (XSS) vulnerability in Call Center Software 0.93 ...)
	NOT-FOR-US: Call Center Software
CVE-2006-7142 (The centralized management feature for Utimaco Safeguard stores ...)
	NOT-FOR-US: Utimaco Safeguard
CVE-2006-7141 (** DISPUTED ** ...)
	NOT-FOR-US: Oracle Database
CVE-2006-7140 (The libike library, as used by in.iked, elfsign, and kcfd in Sun ...)
	NOT-FOR-US: Sun Solaris
CVE-2006-7139 (Kmail 1.9.1 on KDE 3.5.2, with &quot;Prefer HTML to Plain Text&quot; enabled, ...)
	- kdepim <unfixed> (unimportant)
	NOTE: Annoying bug, but neglectable "security implications"
CVE-2006-7138 (SQL injection vulnerability in wwv_flow_utilities.gen_popup_list in ...)
	NOT-FOR-US: Oracle APEX
CVE-2006-7137 (Cross-site scripting (XSS) vulnerability in TinyPortal before 0.8.6 ...)
	NOT-FOR-US: TinyPortal
CVE-2006-7136 (Multiple PHP remote file inclusion vulnerabilities in PHP Poll Creator ...)
	NOT-FOR-US: PHP Poll Creator
CVE-2006-7135 (PHP remote file inclusion vulnerability in lib/functions.inc.php in ...)
	NOT-FOR-US: PHP Poll Creator
CVE-2007-XXXX [unsafe temporary file in lintian's objdump-info]
	- lintian 1.23.28 (low)
	[sarge] - lintian <not-affected> (Vulnerable code not present)
CVE-2007-1287 (A regression error in the phpinfo function in PHP 4.4.3 to 4.4.6, and ...)
	- php4 <unfixed> (unimportant)
	[sarge] - php4 <not-affected> (Regression introduced in 4.4.3)
	NOTE: Non-issue, explicit debug feature
CVE-2007-1286 (Integer overflow in PHP 4.4.4 and earlier allows remote ...)
	{DSA-1283-1 DSA-1282-1 DTSA-39-1 DTSA-40-1}
	- php4 6:4.4.6-1 (low)
CVE-2007-1285 (The Zend Engine in PHP 4.x before 4.4.7, and 5.x before 5.2.2, allows ...)
	- php5 5.2.2-1 (unimportant)
	- php4 <unfixed> (unimportant)
	NOTE: Needs to be sanisited within apps, only crashes the current instance anyway
CVE-2007-1284
	RESERVED
CVE-2007-1283
	RESERVED
CVE-2007-1282 (Integer overflow in Mozilla Thunderbird before 1.5.0.10 and SeaMonkey ...)
	{DSA-1336-1}
	- icedove 1.5.0.10.dfsg1-1 (medium)
CVE-2007-1281 (Kaspersky AntiVirus Engine 6.0.1.411 for Windows and 5.5-10 for Linux ...)
	NOT-FOR-US: Kaspersky AntiVirus Engine
CVE-2007-1280 (Cross-site scripting (XSS) vulnerability in Adobe RoboHelp X5, 6, and ...)
	NOT-FOR-US: Adobe
CVE-2007-1279 (Unspecified vulnerability in the installer for Adobe Bridge 1.0.3 ...)
	NOT-FOR-US: Adobe
CVE-2007-1278 (Unspecified vulnerability in the IIS connector in Adobe JRun 4.0 ...)
	NOT-FOR-US: Adobe JRun and Coldfusion
CVE-2007-1277 (WordPress 2.1.1, as downloaded from some official distribution sites ...)
	- wordpress <not-affected> (orig.tar.gz not compromised)
CVE-2007-1276 (Multiple cross-site scripting (XSS) vulnerabilities in chooser.cgi in ...)
	- webmin <removed>
CVE-2007-1275
	RESERVED
CVE-2007-1274
	RESERVED
CVE-2006-7134 (Unrestricted file upload vulnerability in main_user.php in Upload Tool ...)
	NOT-FOR-US: Upload Tool for PHP
CVE-2006-7133 (Directory traversal vulnerability in upload/bin/download.php in Upload ...)
	NOT-FOR-US: Upload Tool for PHP
CVE-2006-7132 (Directory traversal vulnerability in pmd-config.php in PHPMyDesk ...)
	NOT-FOR-US: PHPMyDesk
CVE-2006-7131 (PHP remote file inclusion vulnerability in extras/mt.php in Jinzora ...)
	NOT-FOR-US: Jinzora
CVE-2006-7130 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: Jinzora
CVE-2006-7129 (ISS BlackICE PC Protection 3.6 cpj and cpu, and possibly earlier ...)
	NOT-FOR-US: ISS BlackICE
CVE-2006-7128 (PHP remote file inclusion vulnerability in forum/forum.php JAF CMS 4.0 ...)
	NOT-FOR-US: JAF CMS
CVE-2006-7127 (Multiple PHP remote file inclusion vulnerabilities in JAF CMS 4.0 and ...)
	NOT-FOR-US: JAF CMS
CVE-2006-7126 (SQL injection vulnerability in Joomla BSQ Sitestats 1.8.0 and 2.2.1 ...)
	NOT-FOR-US: Joomla component BSQ Sitestats
CVE-2006-7125 (Cross-site scripting (XSS) vulnerability in Joomla BSQ Sitestats 1.8.0 ...)
	NOT-FOR-US: Joomla component BSQ Sitestats
CVE-2006-7124 (PHP remote file inclusion vulnerability in external/rssfeeds.php in ...)
	NOT-FOR-US: Joomla component BSQ Sitestats
CVE-2006-7123 (Multiple SQL injection vulnerabilities in BSQ Sitestats (component for ...)
	NOT-FOR-US: Joomla component BSQ Sitestats
CVE-2006-7122 (Cross-site scripting (XSS) vulnerability in the IP Address Lookup ...)
	NOT-FOR-US: Joomla component BSQ Sitestats
CVE-2006-7121 (The HTTP server in Linksys SPA-921 VoIP Desktop Phone allows remote ...)
	NOT-FOR-US: Linksys SPA-921
CVE-2006-7120 (** DISPUTED ** ...)
	NOT-FOR-US: OSL maintain
CVE-2006-7119 (PHP remote file inclusion vulnerability in kernel/system/startup.php ...)
	NOT-FOR-US: PHPGiggle
CVE-2006-7118 (SQL injection vulnerability in index.asp in DMXReady Site Engine ...)
	NOT-FOR-US: DMXReady Site Engine Manager
CVE-2006-7117 (Multiple directory traversal vulnerabilities in Kubix 0.7 and earlier ...)
	NOT-FOR-US: Kubix
CVE-2006-7116 (SQL injection vulnerability in includes/functions.php in Kubix 0.7 and ...)
	NOT-FOR-US: Kubix
CVE-2006-7115 (SQL injection vulnerability in PHPKit 1.6.1 RC2 allows remote ...)
	NOT-FOR-US: PHPKit
CVE-2006-7114 (P-News 2.0 stores db/user.txt under the web document root with ...)
	NOT-FOR-US: P-News
CVE-2006-7113 (Unrestricted file upload vulnerability in P-News 2.0 allows remote ...)
	NOT-FOR-US: P-News
CVE-2006-7112 (Directory traversal vulnerability in error.php in MD-Pro 1.0.76 and ...)
	NOT-FOR-US: MD-Pro
CVE-2006-7111 (Unspecified vulnerability in Futomi's CGI Cafe KMail CGI 1.0.3 and ...)
	NOT-FOR-US: KMail CGI
CVE-2006-7110 (Directory traversal vulnerability in the delete function in IMCE ...)
	NOT-FOR-US: Drupal module IMCE
CVE-2006-7109 (Unrestricted file upload vulnerability in IMCE before 1.6, a Drupal ...)
	NOT-FOR-US: Drupal module IMCE
CVE-2007-XXXX [buffer overruns in GIT's http-push.c, fixed in 1.5.0.3]
	- git-core 1:1.5.0.3-1 (bug #413629; low)
	[etch] - git-core 1:1.4.4.4-2 (bug #413629; low)
CVE-2007-1273 (Integer overflow in the ktruser function in NetBSD-current before ...)
	NOT-FOR-US: NetBSD Kernel
CVE-2007-1272
	RESERVED
CVE-2007-1271 (Buffer overflow in VMware ESX Server 3.0.0 and 3.0.1 might allow ...)
	NOT-FOR-US: VMware ESX Server
CVE-2007-1270 (Double free vulnerability in VMware ESX Server 3.0.0 and 3.0.1 allows ...)
	NOT-FOR-US: VMware ESX Server
CVE-2007-1269 (GNUMail 1.1.2 and earlier does not properly use the --status-fd ...)
	- gnumail <unfixed> (unimportant)
	NOTE: this is a "feature request", since gnupg is fixed from CVE-2007-1263
CVE-2007-1268 (Mutt 1.5.13 and earlier does not properly use the --status-fd argument ...)
	- mutt <unfixed> (unimportant)
	NOTE: this is a "feature request", since gnupg is fixed from CVE-2007-1263
CVE-2007-1267 (Sylpheed 2.2.7 and earlier does not properly use the --status-fd ...)
	- sylpheed <unfixed> (unimportant)
	NOTE: this is a "feature request", since gnupg is fixed from CVE-2007-1263
CVE-2007-1266 (Evolution 2.8.1 and earlier does not properly use the --status-fd ...)
	- evolution <unfixed> (unimportant)
	NOTE: this is a "feature request", since gnupg is fixed from CVE-2007-1263
CVE-2007-1265 (KMail 1.9.5 and earlier does not properly use the --status-fd argument ...)
	- kdepim <unfixed> (unimportant)
	NOTE: this is a "feature request", since gnupg is fixed from CVE-2007-1263
CVE-2007-1264 (Enigmail 0.94.2 and earlier does not properly use the --status-fd ...)
	- enigmail <unfixed> (unimportant; bug #415225)
	NOTE: this is a "feature request", since gnupg is fixed from CVE-2007-1263
CVE-2007-1263 (GnuPG 1.4.6 and earlier and GPGME before 1.1.4, when run from the ...)
	{DSA-1266-1}
	- gnupg 1.4.6-2 (bug #413922; low)
	- gpgme1.0 1.1.2-3 (bug #414170; low)
	- gnupg2 2.0.3-1
	[sarge] - gnupg2 <no-dsa> (Minor issue)
	[etch] - gnupg2 <no-dsa> (Minor issue)
CVE-2007-1262 (Multiple cross-site scripting (XSS) vulnerabilities in the HTML filter ...)
	{DSA-1290-1}
	- squirrelmail 2:1.4.10a-1
CVE-2007-1261 (Unspecified vulnerability in the reports system in OpenBiblio before ...)
	NOT-FOR-US: OpenBiblio
CVE-2007-1260 (Stack-based buffer overflow in the connectHandle function in ...)
	NOT-FOR-US: WebMod
CVE-2007-1259 (Multiple unspecified vulnerabilities in WebAPP before 0.9.9.6 have ...)
	NOT-FOR-US: WebAPP
CVE-2007-1258 (Unspecified vulnerability in Cisco IOS 12.2SXA, SXB, SXD, and SXF; and ...)
	NOT-FOR-US: Cisco
CVE-2007-1257 (The Network Analysis Module (NAM) in Cisco Catalyst Series 6000, 6500, ...)
	NOT-FOR-US: Cisco
CVE-2007-1256 (Mozilla Firefox 2.0.0.2 allows remote attackers to spoof the address ...)
	- iceweasel <unfixed> (unimportant)
	NOTE: Not exploitable
CVE-2007-1255 (Unrestricted file upload vulnerability in admin.bbcode.php in ...)
	NOT-FOR-US: Connectix Boards
CVE-2007-1254 (SQL injection vulnerability in part.userprofile.php in Connectix ...)
	NOT-FOR-US: Connectix Boards
CVE-2007-1253 (Eval injection vulnerability in the (a) kmz_ImportWithMesh.py Script ...)
	- blender 2.42a-6 (medium)
	[sarge] - blender <not-affected> (bug was introduced in version 2.42)
	NOTE: http://lists.alioth.debian.org/pipermail/secure-testing-team/2007-March/001095.html
CVE-2007-1252 (Buffer overflow in Symantec Mail Security for SMTP 5.0 before Patch ...)
	NOT-FOR-US: Symantec Mail Security
CVE-2007-1251 (Format string vulnerability in the new_warning function in ...)
	NOT-FOR-US: Netrek Vanilla Server
CVE-2007-1250 (SQL injection vulnerability in section/default.asp in ANGEL Learning ...)
	NOT-FOR-US: Learning Management Suite
CVE-2007-1249 (MoveSortedContentAction in C1 Financial Services Contelligent 9.1.4 ...)
	NOT-FOR-US: Contelligent
CVE-2007-1248 (Multiple cross-site scripting (XSS) vulnerabilities in built2go News ...)
	NOT-FOR-US: News Manager Blog
CVE-2007-1247 (Multiple PHP remote file inclusion vulnerabilities in aWeb Labs ...)
	NOT-FOR-US: aWebNews
CVE-2007-1246 (The DMO_VideoDecoder_Open function in loader/dmo/DMO_VideoDecoder.c in ...)
	{DSA-1536-1}
	- mplayer 1.0~rc1-13 (bug #414075; medium)
	- xine-lib 1.1.2+dfsg-3 (bug #414072; medium)
	[etch] - mplayer 1.0~rc1-12etch
	[sarge] - xine-lib <no-dsa> (Only affects external, proprietary w32codecs addons)
	NOTE: vlc checked, and is not affected.
CVE-2007-1245 (IrfanView 3.99 allows remote attackers to cause a denial of service ...)
	NOT-FOR-US: IrfanView
CVE-2007-1244 (Cross-site request forgery (CSRF) vulnerability in the AdminPanel in ...)
	- wordpress 2.1.2-1 (medium)
	[etch] - wordpress 2.0.10
CVE-2007-1243 (Audins Audiens 3.3 allows remote attackers to bypass authentication ...)
	NOT-FOR-US: Audins Audiens
CVE-2007-1242 (SQL injection vulnerability in system/index.php in Audins Audiens 3.3 ...)
	NOT-FOR-US: Audins Audiens
CVE-2007-1241 (Cross-site scripting (XSS) vulnerability in setup.php in Audins ...)
	NOT-FOR-US: Audins Audiens
CVE-2007-1240 (Multiple cross-site scripting (XSS) vulnerabilities in Docebo CMS ...)
	NOT-FOR-US: Docebo CMS
CVE-2007-1239 (Microsoft Excel 2003 does not properly parse .XLS files, which allows ...)
	NOT-FOR-US: Microsoft Office
CVE-2007-1238 (Microsoft Office 2003 allows user-assisted remote attackers to cause a ...)
	NOT-FOR-US: Microsoft Office
CVE-2007-1237 (sitex allows remote attackers to obtain potentially sensitive ...)
	NOT-FOR-US: sitex
CVE-2007-1236 (sitex allows remote attackers to obtain sensitive information via a ...)
	NOT-FOR-US: sitex
CVE-2007-1235 (Unrestricted file upload vulnerability in sitex allows remote ...)
	NOT-FOR-US: sitex
CVE-2007-1234 (Multiple cross-site scripting (XSS) vulnerabilities in sitex allow ...)
	NOT-FOR-US: sitex
CVE-2007-1233 (PHP remote file inclusion vulnerability in downloadcounter.php in ...)
	NOT-FOR-US: STWC-Counter
CVE-2007-1232 (Directory traversal vulnerability in SQLiteManager 1.2.0 allows remote ...)
	NOT-FOR-US: SQLiteManager
CVE-2007-1231 (Multiple cross-site scripting (XSS) vulnerabilities in SQLiteManager ...)
	NOT-FOR-US: SQLiteManager
CVE-2007-1230 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
	- wordpress 2.1.2-1 (medium)
	[etch] - wordpress 2.0.10
CVE-2007-1229 (Cross-site scripting (XSS) vulnerability in the Nullsoft ...)
	NOT-FOR-US: Nullsoft ShoutcastServer
CVE-2007-1228 (IBM DB2 UDB 8.2 before Fixpak 7 (aka fixpack 14), and DB2 9 before Fix ...)
	NOT-FOR-US: IBM DB2
CVE-2007-1227 (VShieldCheck in McAfee VirusScan for Mac (Virex) before 7.7 patch 1 ...)
	NOT-FOR-US: McAfee VirusScan
CVE-2007-1226 (McAfee VirusScan for Mac (Virex) before 7.7 patch 1 has weak ...)
	NOT-FOR-US: McAfee VirusScan
CVE-2007-1225 (The connection log file implementation in Grok Developments NetProxy ...)
	NOT-FOR-US: Grok Developments NetProxy
CVE-2007-1224 (Grok Developments NetProxy 4.03 allows remote attackers to bypass URL ...)
	NOT-FOR-US: Grok Developments NetProxy
CVE-2007-1223 (Unspecified vulnerability in Hitachi OSAS/FT/W before 20070223 allows ...)
	NOT-FOR-US: Hitachi OSAS/FT/W
CVE-2007-1222 (Parallels Desktop for Mac before 20070216 implements Drag and Drop by ...)
	NOT-FOR-US: Parallels Desktop
CVE-2007-1221 (The Hypervisor in Microsoft Xbox 360 kernel 4532 and 4548 allows ...)
	NOT-FOR-US: Microsoft Xbox 360
CVE-2007-1220 (The Hypervisor in Microsoft Xbox 360 kernel 4532 and 4548 does not ...)
	NOT-FOR-US: Microsoft Xbox 360
CVE-2007-1219 (PHP remote file inclusion vulnerability in actions/del.php in Admin ...)
	NOT-FOR-US: Phorum
CVE-2007-1217 (Buffer overflow in the bufprint function in capiutil.c in libcapi, as ...)
	- isdnutils 1:3.9.20060704-3 (bug #408530; low)
	[sarge] - isdnutils <no-dsa> (Not exploitable over ISDN network)
	- asterisk-chan-capi 0.7.1-1.1 (bug #411293; unimportant)
	- linux-2.6 2.6.21-1 (bug #411294; unimportant)
	NOTE: Not exploitable over ISDN network, only theoretically through a dedicated CAPI server
CVE-2007-1216 (Double free vulnerability in the GSS-API library ...)
	{DSA-1276-1}
	- krb5 1.4.4-8 (high)
CVE-2007-1215 (Buffer overflow in the Graphics Device Interface (GDI) in Microsoft ...)
	NOT-FOR-US: Microsoft GDI
CVE-2007-1214 (Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2003 Viewer, and 2004 ...)
	NOT-FOR-US: Microsoft Excel
CVE-2007-1213 (The TrueType Fonts rasterizer in Microsoft Windows 2000 SP4 allows ...)
	NOT-FOR-US: Microsoft Windows
CVE-2007-1212 (Buffer overflow in the Graphics Device Interface (GDI) in Microsoft ...)
	NOT-FOR-US: Microsoft GDI
CVE-2007-1211 (Unspecified kernel GDI functions in Microsoft Windows 2000 SP4; XP ...)
	NOT-FOR-US: Microsoft Windows
CVE-2007-1210
	RESERVED
CVE-2007-1209 (Use-after-free vulnerability in the Client/Server Run-time Subsystem ...)
	NOT-FOR-US: Windows Vista
CVE-2007-1208
	RESERVED
CVE-2007-1207
	RESERVED
CVE-2007-1206 (The Virtual DOS Machine (VDM) in the Windows Kernel in Microsoft ...)
	NOT-FOR-US: Microsoft Windows
CVE-2007-1205 (Unspecified vulnerability in Microsoft Agent (msagent\agentsvr.exe) in ...)
	NOT-FOR-US: Microsoft Windows
CVE-2007-1204 (Stack-based buffer overflow in the Universal Plug and Play (UPnP) ...)
	NOT-FOR-US: Microsoft Windows
CVE-2007-1203 (Unspecified vulnerability in Microsoft Excel 2000 SP3, 2002 SP3, 2003 ...)
	NOT-FOR-US: Microsoft Excel
CVE-2007-1202 (Word (or Word Viewer) in Microsoft Office 2000 SP3, XP SP3, 2003 SP2, ...)
	NOT-FOR-US: Microsoft Word
CVE-2007-1201 (Unspecified vulnerability in certain COM objects in Microsoft Office ...)
	NOT-FOR-US: Microsoft Office
CVE-2007-1200
	RESERVED
CVE-2007-1199 (Adobe Reader and Acrobat Trial allow remote attackers to read ...)
	NOT-FOR-US: Acrobat Reader
CVE-2007-1198 (Cross-site scripting (XSS) vulnerability in TaskFreak! before 0.5.7 ...)
	NOT-FOR-US: TaskFreak!
CVE-2007-1197 (Multiple unspecified vulnerabilities in Epiware before 4.7.5 have ...)
	NOT-FOR-US: Epiware
CVE-2007-1196 (Unspecified vulnerability in Citrix Presentation Server Client for ...)
	NOT-FOR-US: Citrix
CVE-2007-1195 (Multiple buffer overflows in XM Easy Personal FTP Server 5.3.0 allow ...)
	NOT-FOR-US: XM Easy Personal FTP Server
CVE-2007-1194 (Norman SandBox Analyzer does not use the proper range for Interrupt ...)
	NOT-FOR-US: SandBox Analyzer
CVE-2007-1193 (Multiple unspecified vulnerabilities in the Login page in OrangeHRM ...)
	NOT-FOR-US: OrangeHRM
CVE-2007-1192 (Thomas R. Pasawicz HyperBook Guestbook 1.30 stores sensitive ...)
	NOT-FOR-US: HyperBook Guestbook
CVE-2007-1191 (The Social Bookmarks (del.icio.us) plug-in 8F in Quicksilver writes ...)
	NOT-FOR-US: Quicksilver plugin Social Bookmarks
CVE-2007-1190 (Unspecified vulnerability in the EmbeddedWB Web Browser ActiveX ...)
	NOT-FOR-US: EmbeddedWB ActiveX control
CVE-2007-1189 (Integer overflow in the envwrite function in the Alcatel-Lucent Bell ...)
	NOT-FOR-US: Alcatel-Lucent Bell Labs Plan 9
CVE-2007-1188 (WebAPP before 0.9.9.5 allows remote attackers to submit Search form ...)
	NOT-FOR-US: WebAPP
CVE-2007-1187 (WebAPP before 0.9.9.5 allows remote authenticated users, without admin ...)
	NOT-FOR-US: WebAPP
CVE-2007-1186 (WebAPP before 0.9.9.5 does not &quot;censor&quot; the Latest Member real name, ...)
	NOT-FOR-US: WebAPP
CVE-2007-1185 (The (1) Search, (2) Edit Profile, (3) Recommend, and (4) User Approval ...)
	NOT-FOR-US: WebAPP
CVE-2007-1184 (The default configuration of WebAPP before 0.9.9.5 has a CAPTCHA ...)
	NOT-FOR-US: WebAPP
CVE-2007-1183 (WebAPP before 0.9.9.5 allows remote authenticated users to spoof ...)
	NOT-FOR-US: WebAPP
CVE-2007-1182 (WebAPP before 0.9.9.5 allows remote Guest users to edit a Guest ...)
	NOT-FOR-US: WebAPP
CVE-2007-1181 (WebAPP before 0.9.9.5 passes (1) Unused Informations and (2) the ...)
	NOT-FOR-US: WebAPP
CVE-2007-1180 (WebAPP before 0.9.9.5 does not check referrers in certain forms, which ...)
	NOT-FOR-US: WebAPP
CVE-2007-1179 (WebAPP before 0.9.9.5 does not properly manage e-mail addresses in ...)
	NOT-FOR-US: WebAPP
CVE-2007-1178 (WebAPP before 0.9.9.5 does not check access in certain contexts ...)
	NOT-FOR-US: WebAPP
CVE-2007-1177 (WebAPP before 0.9.9.5 does not properly filter certain characters in ...)
	NOT-FOR-US: WebAPP
CVE-2007-1176 (Multiple cross-site scripting (XSS) vulnerabilities in WebAPP before ...)
	NOT-FOR-US: WebAPP
CVE-2007-1175 (Cross-site scripting (XSS) vulnerability in an admin feature in WebAPP ...)
	NOT-FOR-US: WebAPP
CVE-2007-1174 (Multiple cross-site scripting (XSS) vulnerabilities in WebAPP before ...)
	NOT-FOR-US: WebAPP
CVE-2007-1173 (Multiple buffer overflows in the CentennialIPTransferServer service ...)
	NOT-FOR-US: CentennialIPTransferServer
CVE-2007-1172 (SQL injection vulnerability in nukesentinel.php in NukeSentinel ...)
	NOT-FOR-US: WebAPP
CVE-2007-1171 (SQL injection vulnerability in includes/nsbypass.php in NukeSentinel ...)
	NOT-FOR-US: NukeSentinel
CVE-2007-1170 (SimBin GTR - FIA GT Racing Game 1.5.0.0 and earlier, GT Legends ...)
	NOT-FOR-US: SimBin Racing
CVE-2007-1169 (The web interface in Trend Micro ServerProtect for Linux (SPLX) 1.25, ...)
	NOT-FOR-US: Trend Micro ServerProtect
CVE-2007-1168 (Trend Micro ServerProtect for Linux (SPLX) 1.25, 1.3, and 2.5 before ...)
	NOT-FOR-US: Trend Micro ServerProtect
CVE-2007-1167 (inc/filebrowser/browser.php in deV!L`z Clanportal (DZCP) 1.4.5 and ...)
	NOT-FOR-US: Clanportal
CVE-2007-1166 (SQL injection vulnerability in result.php in Nabopoll 1.2 allows ...)
	NOT-FOR-US: Nabopoll
CVE-2007-1165 (Multiple PHP remote file inclusion vulnerabilities in DBGuestbook 1.1 ...)
	NOT-FOR-US: DBGuestbook
CVE-2007-1164 (Multiple PHP remote file inclusion vulnerabilities in DBImageGallery ...)
	NOT-FOR-US: DBImageGallery
CVE-2007-1163 (SQL injection vulnerability in printview.php in webSPELL 4.01.02 and ...)
	NOT-FOR-US: webSPELL
CVE-2007-1162 (A certain ActiveX control in the Common Controls Replacement Project ...)
	NOT-FOR-US: Common Controls ActiveX control
CVE-2007-1161 (Cross-site scripting (XSS) vulnerability in call_entry.php in Call ...)
	NOT-FOR-US: Call Center Software
CVE-2006-7108 (login in util-linux-2.12a skips pam_acct_mgmt and chauth_tok when ...)
	- util-linux <unfixed> (unimportant)
	NOTE: Expected behaviour; pam_acct_mgmt() requires prior pam_authenticate()
CVE-2006-7107 (PHP remote file inclusion vulnerability in upgrade.php in Coalescent ...)
	NOT-FOR-US: freePBX
CVE-2006-7106 (PHP remote file inclusion vulnerability in config.inc.php3 in Power ...)
	NOT-FOR-US: Power Phlogger
CVE-2006-7105 (** DISPUTED ** ...)
	- smarty <not-affected> (described vulnerability never existed)
CVE-2006-7104 (PHP remote file inclusion vulnerability in htmltemplate.php in the ...)
	NOT-FOR-US: MOStlyContent Editor
CVE-2006-7103 (Multiple directory traversal vulnerabilities in EZOnlineGallery 1.3 ...)
	NOT-FOR-US: EZOnlineGallery
CVE-2006-7102 (Multiple PHP remote file inclusion vulnerabilities in phpBurningPortal ...)
	NOT-FOR-US: phpBurningPortal quiz-modul
CVE-2006-7101 (SQL injection vulnerability in admin.php in PHPWind 5.0.1 and earlier ...)
	NOT-FOR-US: PHPWind
CVE-2006-7100 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: phpBB Insert User
CVE-2006-7099 (Directory traversal vulnerability in index.php in SolarPay allows ...)
	NOT-FOR-US: SolarPay
CVE-2006-7098 (The Debian GNU/Linux 033_-F_NO_SETSID patch for the Apache HTTP Server ...)
	- apache 1.3.34-4.1 (low; bug #357561)
CVE-2006-7097 (Multiple unspecified vulnerabilities in TaskFreak! before 0.1.4 have ...)
	NOT-FOR-US: TaskFreak!
CVE-2006-7096 (Buffer overflow in the network_host_handle_join function in host.c in ...)
	NOT-FOR-US: dimension 3 engine
CVE-2006-7095 (Integer signedness error in the network_receive_packet function in ...)
	NOT-FOR-US: dimension 3 engine
CVE-2006-7094 (ftpd, as used by Gentoo and Debian Linux, sets the gid to the ...)
	- linux-ftpd 0.17-23 (bug #384454; low)
CVE-2005-4832 (SQL injection vulnerability in the Oracle Database Server 10g allows ...)
	NOT-FOR-US: Oracle Database Server
CVE-2005-4831 (viewcvs in ViewCVS 0.9.2 allows remote attackers to set the ...)
	- viewvc 0.9.4+svn20060318-1 (low)
CVE-2005-4830 (CRLF injection vulnerability in viewcvs in ViewCVS 0.9.2 allows remote ...)
	- viewvc 0.9.4+svn20060318-1 (low)
	NOTE: referring to http://www.securityfocus.com/archive/1/461427/100/0/threaded this
	NOTE: has been fixed in cvs for 0.9.3
CVE-2004-2680 (mod_python (libapache2-mod-python) 3.1.4 and earlier does not properly ...)
	- libapache2-mod-python 3.2.8-1 (low)
CVE-2007-1218 (Off-by-one buffer overflow in the parse_elements function in the ...)
	{DSA-1272-1}
	- tcpdump 3.9.5-2 (bug #413430; low)
CVE-2007-1160 (webSPELL 4.0, and possibly later versions, allows remote attackers to ...)
	NOT-FOR-US: webSPELL
CVE-2007-1159 (Cross-site scripting (XSS) vulnerability in modules/out.php in ...)
	NOT-FOR-US: Pyrophobia
CVE-2007-1158 (Directory traversal vulnerability in index.php in the Pagesetter 6.2.0 ...)
	NOT-FOR-US: Pagesetter
CVE-2007-1157 (Cross-site request forgery (CSRF) vulnerability in ...)
	NOT-FOR-US: JBoss
CVE-2007-1156 (JBrowser allows remote attackers to bypass authentication and access ...)
	NOT-FOR-US: JBrowser
CVE-2007-1155 (Unrestricted file upload vulnerability in webSPELL allows remote ...)
	NOT-FOR-US: webSPELL
CVE-2007-1154 (SQL injection vulnerability in webSPELL allows remote attackers to ...)
	NOT-FOR-US: webSPELL
CVE-2007-1153 (Multiple PHP remote file inclusion vulnerabilities in CutePHP CuteNews ...)
	NOT-FOR-US: CuteNews
CVE-2007-1152 (Multiple directory traversal vulnerabilities in Pyrophobia 2.1.3.1 ...)
	NOT-FOR-US: Pyrophobia
CVE-2007-1151 (Cross-site scripting (XSS) vulnerability in LoveCMS 1.4 allows remote ...)
	NOT-FOR-US: LoveCMS
CVE-2007-1150 (Unrestricted file upload vulnerability in LoveCMS 1.4 allows remote ...)
	NOT-FOR-US: LoveCMS
CVE-2007-1149 (Multiple directory traversal vulnerabilities in LoveCMS 1.4 allow ...)
	NOT-FOR-US: LoveCMS
CVE-2007-1148 (PHP remote file inclusion vulnerability in install/index.php in ...)
	NOT-FOR-US: LoveCMS
CVE-2007-1147 (PHP remote file inclusion vulnerability in view.php in hbm allows ...)
	NOT-FOR-US: hbm
CVE-2007-1146 (PHP remote file inclusion vulnerability in function.php in arabhost ...)
	NOT-FOR-US: arabhost
CVE-2007-1145 (Multiple cross-site scripting (XSS) vulnerabilities in Kayako ...)
	NOT-FOR-US: Kayako SupportSuite
CVE-2007-1144 (Directory traversal vulnerability in jwpn-photos.php in J-Web Pics ...)
	NOT-FOR-US: J-Web Pics Navigator
CVE-2007-1143 (Directory traversal vulnerability in pn-menu.php in J-Web Pics ...)
	NOT-FOR-US: J-Web Pics Navigator
CVE-2007-1142 (Cross-site scripting (XSS) vulnerability in Magic News Plus 1.0.2 ...)
	NOT-FOR-US: Magic News Plus
CVE-2007-1141 (PHP remote file inclusion vulnerability in preview.php in Magic News ...)
	NOT-FOR-US: Magic News Plus
CVE-2007-1140 (Directory traversal vulnerability in edit.php in pheap allows remote ...)
	NOT-FOR-US: pheap
CVE-2007-1139 (Unrestricted file upload vulnerability in Cromosoft Simple Plantilla ...)
	NOT-FOR-US: Simple Plantilla PHP
CVE-2007-1138 (Absolute path traversal vulnerability in list_main_pages.php in ...)
	NOT-FOR-US: Simple Plantilla PHP
CVE-2007-1137 (putmail.py in Putmail before 1.4 does not detect when a user attempts ...)
	NOT-FOR-US: Putmail
CVE-2007-1136 (index.php in WebMplayer before 0.6.1-Alpha allows remote attackers to ...)
	NOT-FOR-US: WebMplayer
CVE-2007-1135 (Multiple SQL injection vulnerabilities in WebMplayer before ...)
	NOT-FOR-US: WebMplayer
CVE-2007-1134 (Unspecified vulnerability in Watchtower (WT) before 0.12 has unknown ...)
	NOT-FOR-US: Watchtower
CVE-2007-1133 (PHP remote file inclusion vulnerability in fcring.php in FCRing 1.3 ...)
	NOT-FOR-US: FCRing
CVE-2007-1132 (Multiple cross-site scripting (XSS) vulnerabilities in the &quot;Contact ...)
	NOT-FOR-US: MTCMS
CVE-2007-1131 (PHP remote file inclusion vulnerability in sinapis.php in Sinapis ...)
	NOT-FOR-US: Sinapis Forum
CVE-2007-1130 (PHP remote file inclusion vulnerability in sinagb.php in Sinapis ...)
	NOT-FOR-US: Sinapis Gastebuch
CVE-2007-1129 (Multiple unrestricted file upload vulnerabilities in MTCMS 3.2 allow ...)
	NOT-FOR-US: MTCMS
CVE-2007-1128 (shopkitplus allows remote attackers to obtain sensitive information ...)
	NOT-FOR-US: shopkitplus
CVE-2007-1127 (Directory traversal vulnerability in enc/stylecss.php in shopkitplus ...)
	NOT-FOR-US: shopkitplus
CVE-2007-1126 (Directory traversal vulnerability in index.php in xtcommerce allows ...)
	NOT-FOR-US: xtcommerce
CVE-2007-1125 (Cross-site scripting (XSS) vulnerability in gallery.php in XeroXer ...)
	NOT-FOR-US: XeroXer Simple
CVE-2007-1124 (Directory traversal vulnerability in gallery.php in XeroXer Simple ...)
	NOT-FOR-US: XeroXer Simple
CVE-2007-1123 (Multiple PHP remote file inclusion vulnerabilities in ZPanel 2.0 allow ...)
	NOT-FOR-US: ZPanel
CVE-2007-1122 (Multiple SQL injection vulnerabilities in Mathis Dirksen-Thedens ...)
	NOT-FOR-US: ZephyrSoft Toolbox Address Book Continued
CVE-2007-1121 (Multiple SQL injection vulnerabilities in Mathis Dirksen-Thedens ...)
	NOT-FOR-US: ZephyrSoft Toolbox Address Book Continued
CVE-2007-1120 (The (1) Import.LoadFromURL and (2) Export.asText.SaveToFile functions ...)
	NOT-FOR-US: TeeChart Pro ActiveX control
CVE-2007-1119 (Unspecified vulnerability in Novell ZENworks 7 Desktop Management ...)
	NOT-FOR-US: Novell ZENworks
CVE-2007-1118 (Multiple PHP remote file inclusion vulnerabilities in eFiction 3.1.1 ...)
	NOT-FOR-US: eFiction
CVE-2007-1117 (Unspecified vulnerability in Publisher 2007 in Microsoft Office 2007 ...)
	NOT-FOR-US: Microsoft Office
CVE-2007-1116 (The CheckLoadURI function in Mozilla Firefox 1.8 lists the about: URI ...)
	{DSA-1308-1 DSA-1306-1 DSA-1300-1 DTSA-45-1 DTSA-47-1 DTSA-51-1}
	- iceweasel 2.0.0.4-1 (low)
	- iceape 1.1.2-1 (low)
	- xulrunner 1.8.1.4-1 (bug #415919; bug #415944; bug #415945; low)
	NOTE: according to a blog comment at http://www.gnucitizen.org/projects/hscan-redux/,
	NOTE: older mozillas are not vulnerable
CVE-2007-1115 (The child frames in Opera 9 before 9.20 inherit the default charset ...)
	NOT-FOR-US: Opera
CVE-2007-1114 (The child frames in Microsoft Internet Explorer 7 inherit the default ...)
	NOT-FOR-US: Microsoft IE
CVE-2007-1113
	RESERVED
CVE-2007-1112 (Kaspersky Anti-Virus 6.0 and Internet Security 6.0 exposes unsafe ...)
	NOT-FOR-US: Kaspersky Anti-Virus
CVE-2007-1111 (Multiple cross-site scripting (XSS) vulnerabilities in ActiveCalendar ...)
	NOT-FOR-US: ActiveCalendar
CVE-2007-1110 (Directory traversal vulnerability in data/showcode.php in ...)
	NOT-FOR-US: ActiveCalendar
CVE-2007-1109 (Multiple cross-site scripting (XSS) vulnerabilities in Phpwebgallery ...)
	NOT-FOR-US: Phpwebgallery
CVE-2007-1108 (PHP remote file inclusion vulnerability in index.php in Christian ...)
	NOT-FOR-US: CS-Gallery
CVE-2007-1107 (SQL injection vulnerability in thumbnails.php in Coppermine Photo ...)
	NOT-FOR-US: Coppermine Photo Gallery
CVE-2007-1106 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: NoMoKeTos Rules
CVE-2007-1105 (PHP remote file inclusion vulnerability in functions.php in Extreme ...)
	NOT-FOR-US: phpBB Extreme
CVE-2007-1104 (PHP remote file inclusion vulnerability in top.php in PHP Module ...)
	NOT-FOR-US: PHP Module Implementation
CVE-2007-1103 (Tor does not verify a node's uptime and bandwidth advertisements, ...)
	- tor <unfixed> (unimportant)
	NOTE: Minor issue, just puts more noise on the node
CVE-2007-1102 (Photostand 1.2.0 allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: Photostand
CVE-2007-1101 (Multiple cross-site scripting (XSS) vulnerabilities in Photostand ...)
	NOT-FOR-US: Photostand
CVE-2007-1100 (Directory traversal vulnerability in download.php in Ahmet Sacan ...)
	NOT-FOR-US: Pickle
CVE-2007-1099 (dbclient in Dropbear SSH client before 0.49 does not sufficiently warn ...)
	- dropbear 0.49-1 (unimportant; bug #412899)
	NOTE: That's a lack of a security feature (strict hostkey checking in openssh
	NOTE: termininoloy) and an awkward interface, but not a vulnerability per se
	NOTE: Especially as dropbear is specifically labeled a stripped down SSH implementation
	[etch] - dropbear 0.48.1-2
CVE-2007-1098 (Multiple unspecified vulnerabilities in ScryMUD before 2.1.11 have ...)
	NOT-FOR-US: ScryMUD
CVE-2007-1097 (Unrestricted file upload vulnerability in the onAttachFiles function ...)
	NOT-FOR-US: Wiclear
CVE-2007-1096 (Cross-site scripting (XSS) vulnerability in ps_cart.php in VirtueMart ...)
	NOT-FOR-US: VirtueMart
CVE-2007-1095 (Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5 do not ...)
	{DSA-1401-1 DSA-1396-1 DSA-1392-1 DTSA-69-1 DTSA-80-1}
	- iceweasel 2.0.0.8-1 (low; bug #445514)
	- xulrunner 1.8.1.9-1
	- iceape 1.1.5
	NOTE: MFSA2007-30
CVE-2007-1094 (Microsoft Internet Explorer 7 allows remote attackers to cause a ...)
	NOT-FOR-US: Microsoft IE
CVE-2007-1093 (Multiple unspecified vulnerabilities in JP1/Cm2/Network Node Manager ...)
	NOT-FOR-US: Network Node Manager
CVE-2007-1092 (Mozilla Firefox 1.5.0.9 and 2.0.0.1, and SeaMonkey before 1.0.8 allow ...)
	- iceweasel 2.0.0.2+dfsg-1 (low)
CVE-2007-1091 (Microsoft Internet Explorer 7 allows remote attackers to prevent users ...)
	NOT-FOR-US: Microsoft IE
CVE-2007-1090 (Microsoft Windows Explorer on Windows XP and 2003 allows remote ...)
	NOT-FOR-US: Microsoft Windows
CVE-2007-1089 (IBM DB2 Universal Database (UDB) 9.1 GA through 9.1 FP1 allows local ...)
	NOT-FOR-US: IBM DB2
CVE-2007-1088 (Stack-based buffer overflow in IBM DB2 8.x before 8.1 FixPak 15 and ...)
	NOT-FOR-US: IBM DB2
CVE-2007-1087 (IBM DB2 8.x before 8.1 FixPak 15 and 9.1 before Fix Pack 2 does not ...)
	NOT-FOR-US: IBM DB2
CVE-2007-1086 (Unspecified binaries in IBM DB2 8.x before 8.1 FixPak 15 and 9.1 ...)
	NOT-FOR-US: IBM DB2
CVE-2007-1085 (Cross-site scripting (XSS) vulnerability in Google Desktop allows ...)
	NOT-FOR-US: Google Desktop
CVE-2007-1084 (Mozilla Firefox 2.0.0.1 and earlier does not prompt users before ...)
	- iceweasel 2.0.0.3-1 (low)
	[etch] - iceweasel <no-dsa> (Minor issue)
	- iceape <unfixed> (low)
	[etch] - iceape <no-dsa> (Minor issue)
	NOTE: xulrunner by itself is not affeced, but other browsers based on xulrunner may be affected
	TODO: check epiphany, galeon and kazehakase
CVE-2007-1083 (Buffer overflow in the Configuration Checker (ConfigChk) ActiveX ...)
	NOT-FOR-US: ConfigChk ActiveX control
CVE-2007-1082 (FTP Explorer 1.0.1 Build 047, and other versions before 1.0.1.52, ...)
	NOT-FOR-US: FTP Explorer
CVE-2007-1081 (The start function in class.t3lib_formmail.php in TYPO3 before 4.0.5, ...)
	- typo3-src 4.0.5+debian-1
	[etch] - typo3-src 4.0.2+debian-3
CVE-2007-1080 (Multiple heap-based buffer overflows in TurboFTP 5.30 Build 572 allow ...)
	NOT-FOR-US: TurboFTP
CVE-2007-1079 (Stack-based buffer overflow in Rhino Software, Inc. FTP Voyager ...)
	NOT-FOR-US: FTP Voyager
CVE-2007-1078 (PHP remote file inclusion vulnerability in index.php in ...)
	NOT-FOR-US: FlashGameScript
CVE-2007-1077 (SQL injection vulnerability in page.asp in Design4Online UserPages2 ...)
	NOT-FOR-US: UserPages2
CVE-2007-1076 (Multiple directory traversal vulnerabilities in phpTrafficA 1.4.1, and ...)
	NOT-FOR-US: phpTrafficA
CVE-2007-1075 (TurboFTP 5.30 Build 572 allows remote servers to cause a denial of ...)
	NOT-FOR-US: TurboFTP
CVE-2007-1074 (Multiple buffer overflows in NewsBin Pro 5.33 and NewsBin Pro 4.x ...)
	NOT-FOR-US: NewsBin Pro
CVE-2007-1073 (Static code injection vulnerability in install.php in mcRefer allows ...)
	NOT-FOR-US: mcRefer
CVE-2007-1072 (The command line interface (CLI) in Cisco Unified IP Phone 7906G, ...)
	NOT-FOR-US: Cisco
CVE-2007-1071 (Integer overflow in the gifGetBandProc function in ImageIO in Apple ...)
	NOT-FOR-US: Apple ImageIO
CVE-2007-1069 (The memory management in VMware Workstation before 5.5.4 allows ...)
	NOT-FOR-US: VMware
CVE-2007-1068 (The (1) TTLS CHAP, (2) TTLS MSCHAP, (3) TTLS MSCHAPv2, (4) TTLS PAP, ...)
	NOT-FOR-US: Cisco
CVE-2007-1067 (Cisco Secure Services Client (CSSC) 4.x, Trust Agent 1.x and 2.x, ...)
	NOT-FOR-US: Cisco
CVE-2007-1066 (Cisco Secure Services Client (CSSC) 4.x, Trust Agent 1.x and 2.x, ...)
	NOT-FOR-US: Cisco
CVE-2007-1065 (Cisco Secure Services Client (CSSC) 4.x, Trust Agent 1.x and 2.x, ...)
	NOT-FOR-US: Cisco
CVE-2007-1064 (Cisco Secure Services Client (CSSC) 4.x, Trust Agent 1.x and 2.x, ...)
	NOT-FOR-US: Cisco
CVE-2007-1063 (The SSH server in Cisco Unified IP Phone 7906G, 7911G, 7941G, 7961G, ...)
	NOT-FOR-US: Cisco
CVE-2007-1062 (The Cisco Unified IP Conference Station 7935 3.2(15) and earlier, and ...)
	NOT-FOR-US: Cisco
CVE-2007-1061 (SQL injection vulnerability in index.php in Francisco Burzi PHP-Nuke ...)
	NOT-FOR-US: PHP-Nuke
CVE-2007-1060 (Multiple PHP remote file inclusion vulnerabilities in Interspire ...)
	NOT-FOR-US: SendStudio
CVE-2007-1059 (PHP remote file inclusion vulnerability in function.php in Ultimate ...)
	NOT-FOR-US: Ultimate Fun Book
CVE-2007-1058 (SQL injection vulnerability in user_pages/page.asp in Online Web ...)
	NOT-FOR-US: Online Web Building
CVE-2007-1057 (The Net Direct client for Linux before 6.0.5 in Nortel Application ...)
	NOT-FOR-US: Nortel Application Switch
CVE-2007-1056 (VMware Workstation 5.5.3 build 34685 does not provide per-user ...)
	NOT-FOR-US: VMware
CVE-2007-1055 (Cross-site scripting (XSS) vulnerability in the AJAX features in ...)
	- mediawiki 1.7.1-9 (bug #406238; medium)
CVE-2007-1054 (Cross-site scripting (XSS) vulnerability in the AJAX features in ...)
	- mediawiki 1.7.1-9 (bug #406238; medium)
CVE-2007-1053 (** DISPUTED ** ...)
	NOT-FOR-US: phpXmms
CVE-2007-1052 (** DISPUTED ** ...)
	NOT-FOR-US: PBLang
CVE-2007-1051 (Comodo Firewall Pro (formerly Comodo Personal Firewall) 2.4.17.183 and ...)
	NOT-FOR-US: Comodo Firewall Pro
CVE-2007-1050 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...)
	NOT-FOR-US: MyCalendar
CVE-2007-1048 (PHP remote file inclusion vulnerability in admin_rebuild_search.php in ...)
	NOT-FOR-US: phpbb_wordsearch
CVE-2007-1047 (Unspecified vulnerability in Distributed Checksum Clearinghouse (DCC) ...)
	- dcc <removed> (medium; bug #439718)
CVE-2007-1046 (Dem_trac allows remote attackers to read log file contents via a ...)
	NOT-FOR-US: Dem_trac
CVE-2007-1045 (mAlbum 0.3 has default accounts (1) &quot;login&quot;/&quot;pass&quot; for its ...)
	NOT-FOR-US: mAlbum
CVE-2007-1044 (Pearson Education PowerSchool 4.3.6 allows remote attackers to list ...)
	NOT-FOR-US: PowerSchool
CVE-2007-1043 (Ezboo webstats, possibly 3.0.3, allows remote attackers to bypass ...)
	NOT-FOR-US: Ezboo
CVE-2007-1042 (Directory traversal vulnerability in news.php in Xpression News ...)
	NOT-FOR-US: Xpression News
CVE-2007-1041 (Multiple stack-based buffer overflows in S&amp;H Computer Systems News ...)
	NOT-FOR-US: News Rover
CVE-2007-1040 (Directory traversal vulnerability in archives.php in Xpression News ...)
	NOT-FOR-US: Xpression News
CVE-2007-1039 (Unspecified vulnerability in Peanut Knowledge Base (PeanutKB) 0.0.3 ...)
	NOT-FOR-US: Peanut Knowledge Base
CVE-2007-1038 (Shemes.com Grabit 1.5.3, and possibly earlier, allows remote attackers ...)
	NOT-FOR-US: Grabit
CVE-2007-1037 (Stack-based buffer overflow in News File Grabber 4.1.0.1 and earlier ...)
	NOT-FOR-US: News File Grabber
CVE-2006-7093 (Cross-site scripting (XSS) vulnerability in Mambo LaiThai 4.5.4 ...)
	NOT-FOR-US: Mambo LaiThai
CVE-2006-7092 (SQL injection vulnerability in includes/mambo.php in Mambo LaiThai ...)
	NOT-FOR-US: Mambo LaiThai
CVE-2006-7091 (PHP remote file inclusion vulnerability in config.php in phpht ...)
	NOT-FOR-US: Topsites FREE
CVE-2006-7090 (PHP remote file inclusion vulnerability in phpbb_security.php in phpBB ...)
	NOT-FOR-US: phpBB Security
CVE-2006-7089 (SQL injection vulnerability in connexion.php in Ban 0.1 allows remote ...)
	NOT-FOR-US: Ban
CVE-2006-7088 (Multiple SQL injection vulnerabilities in Simple PHP Forum before 0.4 ...)
	NOT-FOR-US: Simple PHP Forum
CVE-2006-7087 (CRLF injection vulnerability in the mail function in Dotdeb PHP before ...)
	NOT-FOR-US: Dotdeb PHP
CVE-2006-7086 (The (1) dlback.php and (2) dlback.cgi scripts in Hot Links allow ...)
	NOT-FOR-US: Hot Links
CVE-2006-7085 (Rigter Portal System (RPS) 1.0, 2.0, and 3.0 allows remote attackers ...)
	NOT-FOR-US: Rigter Portal System
CVE-2006-7084
	REJECTED
CVE-2006-7083 (Directory traversal vulnerability in index.php in Rigter Portal System ...)
	NOT-FOR-US: Rigter Portal System
CVE-2006-7082 (Rigter Portal System (RPS) 1.0, 2.0, and 3.0 allows remote attackers ...)
	NOT-FOR-US: Rigter Portal System
CVE-2006-7081 (Multiple PHP remote file inclusion vulnerabilities in PhpNews 1.0 ...)
	NOT-FOR-US: PhpNews
CVE-2006-7080 (Directory traversal vulnerability in the avatar upload feature in exV2 ...)
	NOT-FOR-US: exV2
CVE-2006-7079 (Variable extraction vulnerability in include/common.php in exV2 ...)
	NOT-FOR-US: exV2
CVE-2006-7078 (Multiple cross-site scripting (XSS) vulnerabilities in Professional ...)
	NOT-FOR-US: Professional Home Page Tools Login Script
CVE-2006-7077 (SQL injection vulnerability in guestbook.php in Advanced Guestbook 2.4 ...)
	NOT-FOR-US: Advanced Guestbook
CVE-2006-7076 (Cross-site scripting (XSS) vulnerability in guestbook.php in Advanced ...)
	NOT-FOR-US: Advanced Guestbook
CVE-2006-7075 (Buffer overflow in the meta_read_flac function in meta_decoder.c for ...)
	- aqualung 0.9~beta6-1 (medium)
CVE-2006-7074 (admin.php in SmartSiteCMS 1.0 allows remote attackers to bypass ...)
	NOT-FOR-US: SmartSiteCMS
CVE-2006-7073 (Cross-site scripting (XSS) vulnerability in Opentools Attachment Mod ...)
	NOT-FOR-US: Opentools Attachment Mod
CVE-2006-7072 (Cross-site scripting (XSS) vulnerability in GeoClassifieds Enterprise ...)
	NOT-FOR-US: GeoClassifieds Enterprise
CVE-2006-7071 (SQL injection vulnerability in classes/class_session.php in Invision ...)
	NOT-FOR-US: Invision Power Board
CVE-2006-7070 (Unrestricted file upload vulnerability in ...)
	NOT-FOR-US: Etomite CMS
CVE-2006-7069 (PHP remote file inclusion vulnerability in smarty_config.php in ...)
	NOT-FOR-US: Socketwiz Bookmarks
CVE-2006-7068 (PHP remote file inclusion vulnerability in CliServ Web Community 0.65 ...)
	NOT-FOR-US: CliServ Web Community
CVE-2006-7067 (Oracle 10g R2 and possibly other versions allows remote attackers to ...)
	NOT-FOR-US: Oracle
CVE-2006-7066 (Microsoft Internet Explorer 6 on Windows XP SP2 allows remote ...)
	NOT-FOR-US: Microsoft IE
CVE-2006-7065 (Microsoft Internet Explorer allows remote attackers to cause a denial ...)
	NOT-FOR-US: Microsoft IE
CVE-2006-7064 (Cross-site scripting (XSS) vulnerability in forum/admin.php for ...)
	NOT-FOR-US: Invision Power Board
CVE-2006-7063 (Directory traversal vulnerability in profile.php in TinyPHPforum 3.6 ...)
	NOT-FOR-US: TinyPHPforum
CVE-2006-7062 (calendar.php in Kamgaing Email System (kmail) 2.3 and earlier allows ...)
	NOT-FOR-US: Kamgaing Email System
CVE-2006-7061 (Scriptsez.net E-Dating System stores data files with predictable names ...)
	NOT-FOR-US: E-Dating System
CVE-2006-7060 (cindex.php in Scriptsez.net E-Dating System allows remote attackers to ...)
	NOT-FOR-US: E-Dating System
CVE-2006-7059 (Multiple cross-site scripting (XSS) vulnerabilities in Scriptsez.net ...)
	NOT-FOR-US: E-Dating System
CVE-2006-7058 (Multiple cross-site scripting (XSS) vulnerabilities in Sphider before ...)
	NOT-FOR-US: Sphider
CVE-2006-7057 (SQL injection vulnerability in search.php in Sphider before 1.3.1c ...)
	NOT-FOR-US: Sphider
CVE-2006-7056 (Multiple PHP remote file inclusion vulnerabilities in DreamCost ...)
	NOT-FOR-US: HostAdmin
CVE-2006-7055 (PHP remote file inclusion vulnerability in index.php in TotalCalendar ...)
	NOT-FOR-US: TotalCalendar
CVE-2006-7054 (The DNS module in Arkoon FAST360 UTM appliances 3.0 up to 3.0/29, 3.1 ...)
	NOT-FOR-US: FAST360 UTM
CVE-2006-7053 (Unspecified vulnerability in Arkoon FAST360 UTM appliances 3.0 through ...)
	NOT-FOR-US: FAST360 UTM
CVE-2006-7052 (Multiple PHP remote file inclusion vulnerabilities in DotWidget For ...)
	NOT-FOR-US: DotWidget
CVE-2006-7051 (The sys_timer_create function in posix-timers.c for Linux kernel 2.6.x ...)
	- linux-2.6 2.6.23-1 (low)
	[etch] - linux-2.6 <no-dsa> (Design limitation, use resource limits if it poses a problem)
CVE-2006-7050 (Cross-site scripting (XSS) vulnerability in WikkaWiki (Wikka Wiki) ...)
	NOT-FOR-US: WikkaWiki
CVE-2006-7049 (The Method method in WikkaWiki (Wikka Wiki) before 1.1.6.2 calls the ...)
	NOT-FOR-US: WikkaWiki
CVE-2006-7048 (Multiple PHP remote file inclusion vulnerabilities in Claroline 1.7.5 ...)
	NOT-FOR-US: Claroline
CVE-2006-7047 (include.php in Shoutpro 1.0 might allow remote attackers to bypass IP ...)
	NOT-FOR-US: Shoutpro
CVE-2006-7046 (PHP remote file inclusion vulnerability in cmpro.intern/login.inc.php ...)
	NOT-FOR-US: Clan Manager Pro
CVE-2006-7045 (PHP remote file inclusion vulnerability in Clan Manager Pro (CMPRO) ...)
	NOT-FOR-US: Clan Manager Pro
CVE-2006-7044 (PHP remote file inclusion vulnerability in comment.core.inc.php in ...)
	NOT-FOR-US: Clan Manager Pro
CVE-2006-7043 (Multiple cross-site scripting (XSS) vulnerabilities in Chipmunk ...)
	NOT-FOR-US: Chipmunk
CVE-2006-7042 (Cross-site scripting (XSS) vulnerability in directory/index.php in ...)
	NOT-FOR-US: Chipmunk
CVE-2006-7041 (The SMTP service in MERCUR Messaging 2005 before Service Pack 4 allows ...)
	NOT-FOR-US: MERCUR Messaging
CVE-2006-7040 (Unspecified vulnerability in MERCUR Messaging 2005 before Service Pack ...)
	NOT-FOR-US: MERCUR Messaging
CVE-2006-7039 (The IMAP4 service in MERCUR Messaging 2005 before Service Pack 4 ...)
	NOT-FOR-US: MERCUR Messaging
CVE-2006-7038 (Multiple buffer overflows in MERCUR Messaging 2005 before Service Pack ...)
	NOT-FOR-US: MERCUR Messaging
CVE-2006-7037 (Mathcad 12 through 13.1 allows local users to bypass the security ...)
	NOT-FOR-US: MathCAD
CVE-2006-7036 (PHP remote file inclusion vulnerability in register.php for Andys Chat ...)
	NOT-FOR-US: Andy's Chat
CVE-2006-7035 (Directory traversal vulnerability in make_thumbnail.php in Super Link ...)
	NOT-FOR-US: Super Link Exchange Script
CVE-2006-7034 (SQL injection vulnerability in directory.php in Super Link Exchange ...)
	NOT-FOR-US: Super Link Exchange Script
CVE-2006-7033 (Cross-site scripting (XSS) vulnerability in Super Link Exchange Script ...)
	NOT-FOR-US: Super Link Exchange Script
CVE-2006-7032 (PHP remote file inclusion vulnerability in phpbb/getmsg.php in FlashBB ...)
	NOT-FOR-US: FlashBB
CVE-2006-7031 (Microsoft Internet Explorer 6.0.2900 SP2 and earlier allows remote ...)
	NOT-FOR-US: Microsoft IE
CVE-2006-7030 (Microsoft Internet Explorer 6 SP2 and earlier allows remote attackers ...)
	NOT-FOR-US: Microsoft IE
CVE-2006-7029 (Microsoft Internet Explorer 6 SP2 and earlier allows remote attackers ...)
	NOT-FOR-US: Microsoft IE
CVE-2006-7028 (Single CPU Sun systems running Solaris 7, 8, or 9, such as Netra, ...)
	NOT-FOR-US: Sun Solaris
CVE-2006-7027 (Microsoft Internet Security and Acceleration (ISA) Server 2004 logs ...)
	NOT-FOR-US: Microsoft ISA
CVE-2006-7026 (PHP remote file inclusion vulnerability in sources/join.php in ...)
	NOT-FOR-US: Topsites PHP
CVE-2006-7025 (SQL injection vulnerability in admin/config.php in Bookmark4U 2.0 and ...)
	NOT-FOR-US: Bookmark4U
CVE-2005-4829 (VirtueMart before 1.0.1 does not properly handle errors when a user is ...)
	NOT-FOR-US: VirtueMart
CVE-2004-2679 (Check Point Firewall-1 4.1 up to NG AI R55 allows remote attackers to ...)
	NOT-FOR-US: CheckPoint Firewall
CVE-2004-2678 (Unspecified vulnerability in HP Tru64 UNIX 5.1B PK2(BL22) and ...)
	NOT-FOR-US: HP Tru64 UNIX
CVE-2004-2677 (Format string vulnerability in qwik-smtpd.c in QwikMail SMTP ...)
	NOT-FOR-US: QwikMail SMTP
CVE-2003-1320 (SonicWALL firmware before 6.4.0.1 allows remote attackers to cause a ...)
	NOT-FOR-US: SonicWALL
CVE-2002-2225 (SafeNet VPN client allows remote attackers to cause a denial of ...)
	NOT-FOR-US: SafeNet VPN
CVE-2002-2224 (Buffer overflow in PGPFreeware 7.03 running on Windows NT 4.0 SP6 ...)
	NOT-FOR-US: PGPFreeware
CVE-2002-2223 (Buffer overflow in NetScreen-Remote 8.0 allows remote attackers to ...)
	NOT-FOR-US: NetScreen-Remote
CVE-2002-2222 (isakmpd/message.c in isakmpd in FreeBSD before isakmpd-20020403_1, and ...)
	NOT-FOR-US: FreeBSD
CVE-2007-XXXX [vserver patch allows renice of processes in different context]
	- linux-2.6 2.6.18.dfsg.1-12 (bug #412143)
CVE-2007-XXXX [apg generates insecure passwords on 64-bit architectures]
	- apg 2.2.3.dfsg.1-2 (low; bug #412618)
	[etch] - apg <no-dsa> (Minor issue)
	[sarge] - apg <no-dsa> (Minor issue)
CVE-2007-XXXX [mt-daapd remote access & default password]
	- mt-daapd 0.9~r1586-1 (unimportant; bug #404640)
	NOTE: User-unfriendly packaging flaw, but not a vulnerability per se
CVE-2007-XXXX [amavids-new uses contrib/non-free packers without security support in default config]
	- amavisd-new 1:2.5.2-1 (unimportant; bug #410588)
	NOTE: Doesn't affect a standard Debian installation, only users, which install
	NOTE: proprietary apps, it should be fixed for sanity, but not a direct vulnerability
CVE-2006-XXXX [pure-ftpd-mysql: any problems with a home dir will allow rw to the entire filesystem]
	- pure-ftpd 1.0.21-1 (low)
	NOTE: oldstable is affected
CVE-2007-XXXX [MediaWiki XSS based on Microsoft Internet Explorer's UTF-7 charset autodetection]
	- mediawiki1.7 1.7.1-9 (low)
CVE-2007-1049 (Cross-site scripting (XSS) vulnerability in the wp_explain_nonce ...)
	{DTSA-34-1}
	- wordpress 2.1.1-1 (low)
CVE-2007-1070 (Multiple stack-based buffer overflows in Trend Micro ServerProtect for ...)
	NOT-FOR-US: Trend Micro ServerProtect
CVE-2007-1036 (The default configuration of JBoss does not restrict access to the (1) ...)
	NOT-FOR-US: JBoss
CVE-2007-1035 (Unspecified vulnerability in certain demonstration scripts in getID3 ...)
	NOT-FOR-US: Mediafield and Audio modules for Drupal
	NOTE: this is not a php-getid3 problem, but related to the way these modules embed getid3
CVE-2007-1034 (SQL injection vulnerability in the category file in modules.php in the ...)
	NOT-FOR-US: Emporium for PHP-Nuke
CVE-2007-1033 (Unspecified vulnerability in the Secure site 4.7.x-1.x-dev and ...)
	NOT-FOR-US: Secure site for Drupal
CVE-2007-1032 (Unspecified vulnerability in phpMyFAQ 1.6.9 and earlier, when ...)
	NOT-FOR-US: phpMyFAQ
CVE-2007-1031 (Directory traversal vulnerability in include/db_conn.php in SpoonLabs ...)
	NOT-FOR-US: Vivvo Article Management CMS
CVE-2007-1030 (Niels Provos libevent 1.2 and 1.2a allows remote attackers to cause a ...)
	- libevent <not-affected> (vulnerable version 1.2 was never uploaded)
CVE-2007-1029 (Stack-based buffer overflow in the Connect method in the IMAP4 ...)
	NOT-FOR-US: Quiksoft EasyMail Objects
CVE-2007-1028 (Cross-site scripting (XSS) vulnerability in the Barry Jaspan Image ...)
	NOT-FOR-US: Image Pager
CVE-2007-1027 (Certain setuid DB2 binaries in IBM DB2 before 9 Fix Pack 2 for Linux ...)
	NOT-FOR-US: IBM DB2
CVE-2007-1026 (SQL injection vulnerability in view.php in XLAtunes 0.1 and earlier ...)
	NOT-FOR-US: XLAtunes
CVE-2007-1025 (PHP remote file inclusion vulnerability in inc/functions_inc.php in ...)
	NOT-FOR-US: VS-Link-Partner
CVE-2007-1024 (PHP remote file inclusion vulnerability in include.php in Meganoide's ...)
	NOT-FOR-US: Meganoide's news
CVE-2007-1023 (SQL injection vulnerability in pop_profile.asp in Snitz Forums 2000 ...)
	NOT-FOR-US: Snitz Forums 2000
CVE-2007-1022 (SQL injection vulnerability in h_goster.asp in Turuncu Portal 1.0 ...)
	NOT-FOR-US: Turuncu Portal
CVE-2007-1021 (SQL injection vulnerability in inc_listnews.asp in CodeAvalanche News ...)
	NOT-FOR-US: CodeAvalanche News
CVE-2007-1020 (Cross-site scripting (XSS) vulnerability in index.php in CedStat 1.31 ...)
	NOT-FOR-US: CedStat
CVE-2007-1019 (SQL injection vulnerability in news.php in webSPELL 4.01.02, when ...)
	NOT-FOR-US: webSPELL
CVE-2007-1018 (PHP remote file inclusion vulnerability in tpl/header.php in ...)
	NOT-FOR-US: VS-News-System
CVE-2007-1017 (PHP remote file inclusion vulnerability in show_news_inc.php in ...)
	NOT-FOR-US: VS-News-System
CVE-2007-1016 (SQL injection vulnerability in Aktueldownload Haber script allows ...)
	NOT-FOR-US: Aktueldownload Haber
CVE-2007-1015 (SQL injection vulnerability in HaberDetay.asp in Aktueldownload Haber ...)
	NOT-FOR-US: Aktueldownload Haber
CVE-2007-1014 (Stack-based buffer overflow in VicFTPS before 5.0 allows remote ...)
	NOT-FOR-US: VicFTPS
CVE-2007-1013 (PHP remote file inclusion vulnerability in generate.php in ...)
	NOT-FOR-US: VirtualSystem Htaccess Password Generator
CVE-2007-1012 (Cross-site scripting (XSS) vulnerability in faq.php in DeskPRO 1.1.0 ...)
	NOT-FOR-US: DeskPRO
CVE-2007-1011 (PHP remote file inclusion vulnerability in functions_inc.php in ...)
	NOT-FOR-US: VS-Gastebuch
CVE-2007-1010 (Multiple PHP remote file inclusion vulnerabilities in ZebraFeeds 1.0, ...)
	NOT-FOR-US: ZebraFeeds
CVE-2007-1009 (Macrovision InstallAnywhere Enterprise before 8.0.1 uses the ...)
	NOT-FOR-US: InstallAnywhere
CVE-2007-1008 (Apple iTunes 7.0.2 allows user-assisted remote attackers to cause a ...)
	NOT-FOR-US: Apple iTunes
CVE-2007-1007 (Format string vulnerability in GnomeMeeting 1.0.2 and earlier allows ...)
	{DSA-1262-1}
	- gnomemeeting <removed> (high)
CVE-2007-1006 (Multiple format string vulnerabilities in the ...)
	- ekiga 2.0.3-2.1 (bug #411944; high)
CVE-2007-1005 (Heap-based buffer overflow in SW3eng.exe in the eID Engine service in ...)
	NOT-FOR-US: eTrust Intrusion Detection
CVE-2007-1004 (Mozilla Firefox might allow remote attackers to conduct spoofing and ...)
	- iceweasel 2.0.0.4-1 (low)
	- iceape 1.0.9-1 (low)
	- xulrunner 1.8.0.4-1 (low)
	NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=370555
CVE-2007-1003 (Integer overflow in ALLOCATE_LOCAL in the ProcXCMiscGetXIDList ...)
	{DSA-1294-1}
	- xorg-server 2:1.1.1-21 (medium)
CVE-2007-1002 (Format string vulnerability in the write_html function in ...)
	{DSA-1325-1}
	- evolution 2.10.2-1
	[sarge] - evolution <not-affected> (Vulnerable code not present)
CVE-2007-1001 (Multiple integer overflows in the (1) createwbmp and (2) readwbmp ...)
	- libgd2 2.0.33-1 (medium)
	NOTE: This has been fixed in libgd2 for a while, and php is linked against libgd2.
CVE-2007-1000 (The ipv6_getsockopt_sticky function in net/ipv6/ipv6_sockglue.c in the ...)
	- linux-2.6 2.6.18.dfsg.1-12 (medium)
CVE-2007-0999 (Format string vulnerability in Ekiga 2.0.3, and probably other ...)
	- ekiga 2.0.3-5 (bug #414069; high)
CVE-2007-0998 (The VNC server implementation in QEMU, as used by Xen and possibly ...)
	- xen-3.0 <removed> (bug #436250; medium)
	[etch] - xen-3.0 <unfixed>
	NOTE: Fedora disabled the VNC access to the Qemu monitor
	NOTE: An adjusted patch has been sent to the debian bugreport
CVE-2007-0997 (Race condition in the tee (sys_tee) system call in the Linux kernel ...)
	- linux-2.6 2.6.18-1
CVE-2007-0996 (The child frames in Mozilla Firefox before 1.5.0.10 and 2.x before ...)
	{DSA-1336-1}
	NOTE: MFSA-2007-02
	- iceweasel 2.0.0.2+dfsg-1 (low)
	- xulrunner 1.8.0.10-1 (low)
CVE-2007-0995 (Mozilla Firefox before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey ...)
	{DSA-1336-1}
	NOTE: MFSA-2007-02
	- iceweasel 2.0.0.2+dfsg-1 (low)
	- iceape 1.0.8-1 (low)
	- xulrunner 1.8.0.10-1 (low)
	[sarge] - mozilla-thunderbird <no-dsa> (Mozilla products from Sarge no longer supported)
	[sarge] - mozilla-firefox <no-dsa> (Mozilla products from Sarge no longer supported)
	[sarge] - mozilla <no-dsa> (Mozilla products from Sarge no longer supported)
CVE-2007-0994 (A regression error in Mozilla Firefox 2.x before 2.0.0.2 and 1.x ...)
	{DSA-1336-1}
	- iceweasel 2.0.0.2+dfsg-2 (medium)
CVE-2007-0993
	REJECTED
CVE-2007-0992
	RESERVED
CVE-2007-0991
	RESERVED
CVE-2007-0990
	RESERVED
CVE-2007-0989
	RESERVED
CVE-2007-0988 (The zend_hash_init function in PHP 5 before 5.2.1 and PHP 4 before ...)
	{DSA-1264-1}
	[etch] - php4 6:4.4.4-8+etch1
	[etch] - php5 5.2.0-8+etch1
	- php4 6:4.4.4-9
	- php5 5.2.0-9
CVE-2007-0987 (Directory traversal vulnerability in index.php in Jupiter CMS 1.1.5 ...)
	NOT-FOR-US: Jupiter CMS
CVE-2007-0986 (PHP remote file inclusion vulnerability in index.php in Jupiter CMS ...)
	NOT-FOR-US: Jupiter CMS
CVE-2007-0985 (SQL injection vulnerability in nickpage.php in phpCC 4.2 beta and ...)
	NOT-FOR-US: phpCC
CVE-2007-0984 (SQL injection vulnerability in admin_poll.asp in PollMentor 2.0 allows ...)
	NOT-FOR-US: PollMentor
CVE-2007-0983 (PHP remote file inclusion vulnerability in _admin/nav.php in AT ...)
	NOT-FOR-US: AT Contenator
CVE-2007-0982 (Cross-site scripting (XSS) vulnerability in error.php in TaskFreak! ...)
	NOT-FOR-US: TaskFreak!
CVE-2007-0981 (Mozilla based browsers, including Firefox before 1.5.0.10 and 2.x ...)
	{DSA-1336-1}
	NOTE: MFSA-2007-07
	- iceweasel 2.0.0.1+dfsg-3 (bug #411192; high)
	- xulrunner 1.8.0.10-1 (high)
	- iceape 1.0.8-1 (high)
	[sarge] - mozilla-firefox <no-dsa> (Mozilla products from Sarge no longer supported)
	[sarge] - mozilla <no-dsa> (Mozilla products from Sarge no longer supported)
CVE-2007-0980 (Unspecified vulnerability in HP Serviceguard for Linux; packaged for ...)
	NOT-FOR-US: HP Serviceguard
CVE-2007-0979 (Unspecified vulnerability in LifeType before 1.1.6, and 1.2 before ...)
	NOT-FOR-US: LifeType
CVE-2007-0978 (Buffer overflow in swcons in IBM AIX 5.3 allows local users to gain ...)
	NOT-FOR-US: IBM AIX
CVE-2007-0977 (IBM Lotus Domino R5 and R6 WebMail, with &quot;Generate HTML for all ...)
	NOT-FOR-US: IBM Lotus Domino
CVE-2007-0976 (Buffer overflow in the ActSoft DVD-Tools ActiveX control ...)
	NOT-FOR-US: ActSoft DVD-Tools ActiveX control
CVE-2007-0975 (Variable extraction vulnerability in Ian Bezanson Apache Stats before ...)
	NOT-FOR-US: Apache Stats
CVE-2007-0974 (Multiple unspecified vulnerabilities in Ian Bezanson DropBox before ...)
	NOT-FOR-US: DropBox
CVE-2007-0973 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...)
	NOT-FOR-US: Jupiter CMS
CVE-2007-0972 (Unrestricted file upload vulnerability in modules/emoticons.php in ...)
	NOT-FOR-US: Jupiter CMS
CVE-2007-0971 (Multiple SQL injection vulnerabilities in Jupiter CMS 1.1.5 allow ...)
	NOT-FOR-US: Jupiter CMS
CVE-2007-0970 (Multiple SQL injection vulnerabilities in WebTester 5.0.20060927 and ...)
	NOT-FOR-US: WebTester
CVE-2007-0969 (Multiple cross-site scripting (XSS) vulnerabilities in WebTester ...)
	NOT-FOR-US: WebTester
CVE-2007-0968 (Unspecified vulnerability in Cisco Firewall Services Module (FWSM) ...)
	NOT-FOR-US: Cisco
CVE-2007-0967 (Cisco Firewall Services Module (FWSM) 3.x before 3.1(3.1) allows ...)
	NOT-FOR-US: Cisco
CVE-2007-0966 (Cisco Firewall Services Module (FWSM) 3.x before 3.1(3.11), when the ...)
	NOT-FOR-US: Cisco
CVE-2007-0965 (Cisco FWSM 3.x before 3.1(3.2), when authentication is configured to ...)
	NOT-FOR-US: Cisco
CVE-2007-0964 (Cisco FWSM 3.x before 3.1(3.18), when authentication is configured to ...)
	NOT-FOR-US: Cisco
CVE-2007-0963 (Unspecified vulnerability in Cisco Firewall Services Module (FWSM) 3.x ...)
	NOT-FOR-US: Cisco
CVE-2007-0962 (Cisco PIX 500 and ASA 5500 Series Security Appliances 7.0 before ...)
	NOT-FOR-US: Cisco
CVE-2007-0961 (Cisco PIX 500 and ASA 5500 Series Security Appliances 6.x before ...)
	NOT-FOR-US: Cisco
CVE-2007-0960 (Unspecified vulnerability in Cisco PIX 500 and ASA 5500 Series ...)
	NOT-FOR-US: Cisco
CVE-2007-0959 (Cisco PIX 500 and ASA 5500 Series Security Appliances 7.2.2, when ...)
	NOT-FOR-US: Cisco
CVE-2007-0958 (Linux kernel 2.6.x before 2.6.20 allows local users to read unreadable ...)
	{DSA-1304 DSA-1286-1}
	- linux-2.6 2.6.20-1 (unimportant)
CVE-2007-0957 (Stack-based buffer overflow in the krb5_klog_syslog function in the ...)
	{DSA-1276-1}
	- krb5 1.4.4-8 (high)
CVE-2007-0956 (The telnet daemon (telnetd) in MIT krb5 before 1.6.1 allows remote ...)
	{DSA-1276-1}
	- krb5 1.4.4-8 (high)
CVE-2007-0955 (The NTLM_UnPack_Type3 function in MENTLM.dll in MailEnable ...)
	NOT-FOR-US: Mail Enable Professional
CVE-2007-0954 (MOHA Chat 0.1b7 and earlier does not require authentication for use of ...)
	NOT-FOR-US: MOHA Chat
CVE-2007-0953 (Cross-site scripting (XSS) vulnerability in search.pl in @Mail 4.61 ...)
	NOT-FOR-US: @Mail
CVE-2007-0952 (Multiple cross-site scripting (XSS) vulnerabilities in Scriptsez.net ...)
	NOT-FOR-US: Virtual Calendar
CVE-2007-0951 (SQL injection vulnerability in listmain.asp in Fullaspsite ASP Hosting ...)
	NOT-FOR-US: Fullaspsite ASP Hosting Site
CVE-2007-0950 (Cross-site scripting (XSS) vulnerability in listmain.asp in ...)
	NOT-FOR-US: Fullaspsite ASP Hosting Site
CVE-2007-0949 (Stack-based buffer overflow in iTinySoft Studio Total Video Player ...)
	NOT-FOR-US: iTinySoft
CVE-2007-0948 (Heap-based buffer overflow in Microsoft Virtual PC 2004 and PC for Mac ...)
	NOT-FOR-US: Microsoft Virtual PC
CVE-2007-0947 (Use-after-free vulnerability in Microsoft Internet Explorer 7 on ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2007-0946 (Unspecified vulnerability in Microsoft Internet Explorer 7 on Windows ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2007-0945 (Microsoft Internet Explorer 6 SP1 on Windows 2000 SP4; 6 and 7 on ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2007-0944 (Unspecified vulnerability in the CTableCol::OnPropertyChange method in ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2007-0943 (Unspecified vulnerability in Internet Explorer 5.01 and 6 SP1 allows ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2007-0942 (Microsoft Internet Explorer 5.01 SP4 on Windows 2000 SP4; 6 SP1 on ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2007-0941
	RESERVED
CVE-2007-0940 (Unspecified vulnerability in the Cryptographic API Component Object ...)
	NOT-FOR-US: Microsoft CAPICOM
CVE-2007-0939 (Cross-site scripting (XSS) vulnerability in Microsoft Content ...)
	NOT-FOR-US: Microsoft Content Management Server
CVE-2007-0938 (Microsoft Content Management Server (MCMS) 2001 SP1 and 2002 SP2 does ...)
	NOT-FOR-US: Microsoft Content Management Server
CVE-2007-0937
	RESERVED
CVE-2007-0936 (Multiple unspecified vulnerabilities in Microsoft Visio 2002 allow ...)
	NOT-FOR-US: Microsoft
CVE-2007-0935
	RESERVED
CVE-2007-0934 (Unspecified vulnerability in Microsoft Visio 2002 allows remote ...)
	NOT-FOR-US: Microsoft
CVE-2007-0933 (Buffer overflow in the wireless driver 6.0.0.18 for D-Link DWL-G650+ ...)
	NOT-FOR-US: D-Link
CVE-2007-0932 (The (1) Aruba Mobility Controllers 200, 600, 2400, and 6000 and (2) ...)
	NOT-FOR-US: Aruba Mobility Controller
CVE-2007-0931 (Heap-based buffer overflow in the management interfaces in (1) Aruba ...)
	NOT-FOR-US: Aruba Mobility Controller
CVE-2007-0930 (Variable extract vulnerability in Apache Stats before 0.0.3beta allows ...)
	NOT-FOR-US: Apache Stats
CVE-2007-0929 (Directory traversal vulnerability in php rrd browser before 0.2.1 ...)
	NOT-FOR-US: prb (php rrd browser)
CVE-2007-0928 (Virtual Calendar stores sensitive information under the web root with ...)
	{DTSA-133-1}
	NOT-FOR-US: Virtual Calendar
CVE-2007-0927 (Heap-based buffer overflow in uTorrent 1.6 allows remote attackers to ...)
	NOT-FOR-US: uTorrent
CVE-2007-0926 (The dologin function in guestbook.php in KvGuestbook 1.0 Beta allows ...)
	NOT-FOR-US: KvGuestbook
CVE-2007-0925 (Cross-site scripting (XSS) vulnerability in search/SearchResults.aspx ...)
	NOT-FOR-US: Community Server
CVE-2007-0924 (Till Gerken phpPolls 1.0.3 allows remote attackers to bypass ...)
	NOT-FOR-US: phpPolls
CVE-2007-0923 (buscador/buscador.htm in Portal Search allows remote attackers to ...)
	NOT-FOR-US: Portal Search
CVE-2007-0922 (Cross-site scripting (XSS) vulnerability in buscador/buscador.htm in ...)
	NOT-FOR-US: Portal Search
CVE-2007-0921 (Portal Search allows remote attackers to redirect a URL to an ...)
	NOT-FOR-US: Portal Search
CVE-2007-0920 (SQL injection vulnerability in philboard_forum.asp in Philboard 1.14 ...)
	NOT-FOR-US: Philboard
CVE-2007-0919 (Directory traversal vulnerability in Nickolas Grigoriadis Mini Web ...)
	NOT-FOR-US: MiniWebsvr
CVE-2007-0918 (The ATOMIC.TCP signature engine in the Intrusion Prevention System ...)
	NOT-FOR-US: Cisco
CVE-2007-0917 (The Intrusion Prevention System (IPS) feature for Cisco IOS 12.4XE to ...)
	NOT-FOR-US: Cisco
CVE-2007-0916 (Unspecified vulnerability in the Address and Routing Parameter Area ...)
	NOT-FOR-US: HP-UX
CVE-2007-0915 (Distributed SLS daemon (SLSd) on HP-UX B.11.11 allows remote attackers ...)
	NOT-FOR-US: HP-UX
CVE-2007-0914 (Race condition in the TCP subsystem for Solaris 10 allows remote ...)
	NOT-FOR-US: Sun Solaris
CVE-2007-0913 (Unspecified vulnerability in Microsoft Powerpoint allows remote ...)
	NOT-FOR-US: Microsoft
CVE-2006-7024 (Multiple PHP remote file inclusion vulnerabilities in Harpia CMS 1.0.5 ...)
	NOT-FOR-US: Harpia CMS
CVE-2006-7023 (Multiple cross-site scripting (XSS) vulnerabilities in fx-APP 0.0.8.1 ...)
	NOT-FOR-US: fx-APP
CVE-2006-7022 (The Tools module in fx-APP 0.0.8.1 allows remote attackers to ...)
	NOT-FOR-US: fx-APP
CVE-2006-7021 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: Plume CMS
CVE-2006-7020 (CRLF injection vulnerability in (1) include/inc_act/act_formmailer.php ...)
	NOT-FOR-US: phpwcms
CVE-2006-7019 (phpwcms 1.2.5-DEV and earlier, and 1.1 before RC4, allows remote ...)
	NOT-FOR-US: phpwcms
CVE-2006-7018 (phpwcms 1.2.5-DEV and earlier, and 1.1 before RC4, allows remote ...)
	NOT-FOR-US: phpwcms
CVE-2006-7017 (Multiple PHP remote file inclusion vulnerabilities in Indexu 5.0.1 ...)
	NOT-FOR-US: Indexu
CVE-2006-7016 (phpjobboard allows remote attackers to bypass authentication and gain ...)
	NOT-FOR-US: Jobline
CVE-2006-7015 (** DISPUTED ** ...)
	NOT-FOR-US: Jobline
CVE-2006-7014 (admin.php in BloggIT 1.01 and earlier does not properly establish a ...)
	NOT-FOR-US: BloggIT
CVE-2006-7013 (** DISPUTED ** ...)
	NOT-FOR-US: Simple Machine Forum
CVE-2006-7012 (scart.cgi in SCart 2.0 allows remote attackers to execute arbitrary ...)
	NOT-FOR-US: SCart
CVE-2006-7011 (** DISPUTED ** ...)
	NOT-FOR-US: FlashChat
CVE-2007-0912 (Cross-Site Request Forgery (CSRF) vulnerability in admin/admin.adm.php ...)
	NOT-FOR-US: JPortal
CVE-2007-0911 (Off-by-one error in the str_ireplace function in PHP 5.2.1 might allow ...)
	- php5 5.2.2-1 (bug #410561; bug #410995; medium)
	[etch] - php5 <not-affected> (A regression only affecting 5.2.1)
CVE-2007-0910 (Unspecified vulnerability in PHP before 5.2.1 allows attackers to ...)
	{DSA-1264-1}
	- php5 5.2.0-9 (bug #410561; bug #410995; medium)
	[etch] - php5 5.2.0-8+etch1
	- php4 6:4.4.4-9
	[etch] - php4 6:4.4.4-8+etch1
CVE-2007-0909 (Multiple format string vulnerabilities in PHP before 5.2.1 might allow ...)
	{DSA-1264-1}
	- php5 5.2.0-9 (bug #410561; bug #410995; medium)
	[etch] - php5 5.2.0-8+etch1
	- php4 6:4.4.4-9
	[etch] - php4 6:4.4.4-8+etch1
CVE-2007-0908 (The WDDX deserializer in the wddx extension in PHP 5 before 5.2.1 and ...)
	{DSA-1264-1}
	- php5 5.2.0-9 (unimportant)
	[etch] - php5 5.2.0-8+etch1
	- php4 6:4.4.4-9 (unimportant)
	NOTE: this extension is not enabled in the php packages
CVE-2007-0907 (Buffer underflow in PHP before 5.2.1 allows attackers to cause a ...)
	{DSA-1264-1}
	- php5 5.2.0-9 (bug #410561; bug #410995; medium)
	[etch] - php5 5.2.0-8+etch1
CVE-2007-0906 (Multiple buffer overflows in PHP before 5.2.1 allow attackers to cause ...)
	{DSA-1264-1}
	NOTE: (4) is a non-issue, as we don't use the bundled sqlite
	- php5 5.2.0-9 (bug #410561; bug #410995; medium)
	- php4 6:4.4.4-9
	[etch] - php4 6:4.4.4-8+etch1
	[etch] - php5 5.2.0-8+etch1
CVE-2007-0905 (PHP before 5.2.1 allows attackers to bypass safe_mode and open_basedir ...)
	- php5 5.2.0-9 (bug #410561; bug #410995; unimportant)
	NOTE: we normally don't spend much time on safe_mode and open_basedir
	NOTE: issues, but the because the attack vectors are "unspecified", it
	NOTE: might be harder for us to try and sort out the fixes for this
	NOTE: from the session fixes in CVE-2007-0906 (see there for more info)
CVE-2007-0904 (SQL injection vulnerability in projects.php in LightRO CMS 1.0 allows ...)
	NOT-FOR-US: LightRO CMS
CVE-2007-0903 (Unspecified vulnerability in the mod_roster_odbc module in ejabberd ...)
	- ejabberd 1.1.2-5
CVE-2007-0902 (Unspecified vulnerability in the &quot;Show debugging information&quot; feature ...)
	- moin <unfixed> (unimportant)
	NOTE: this is a version information disclosure.
CVE-2007-0901 (Multiple cross-site scripting (XSS) vulnerabilities in Info pages in ...)
	- moin 1.5 (bug #411084; medium)
	NOTE: Despite what the CVE says, this is not a problem in the 1.5.x code
CVE-2007-0900 (Multiple PHP remote file inclusion vulnerabilities in TagIt! Tagboard ...)
	NOT-FOR-US: TagIt! Tagboard
CVE-2007-0899 [Possible heap overflow in libclamav/fsg.c]
	RESERVED
	{DSA-1263-1}
	- clamav 0.90-1
	[etch] - clamav	0.88.7-2
CVE-2007-0898 (Directory traversal vulnerability in clamd in Clam AntiVirus ClamAV before ...)
	{DSA-1263-1}
	- clamav 0.90-1 (bug #411117)
	[etch] - clamav	0.88.7-2
CVE-2007-0897 (Clam AntiVirus ClamAV before 0.90 does not close open file descriptors under ...)
	{DSA-1263-1}
	- clamav 0.90-1 (bug #411118)
	[etch] - clamav	0.88.7-2
CVE-2007-0896 (Cross-site scripting (XSS) vulnerability in the (1) Sage before ...)
	- firefox-sage 1.3.10-1
	[etch] - firefox-sage <not-affected> (HTML mode not enabled in Etch)
	NOTE: http://secunia.com/advisories/24086/
	NOTE: might not affect Debian version because HTML mode is disabled. sf: pinged maintainer
CVE-2007-0451 (Apache SpamAssassin before 3.1.8 allows remote attackers to cause a ...)
	- spamassassin 3.1.7-2 (bug #410843)
	NOTE: http://issues.apache.org/SpamAssassin/show_bug.cgi?id=5318
CVE-2007-0895 (Race condition in recursive directory deletion with the (1) -r or (2) ...)
	NOT-FOR-US: Sun Solaris
CVE-2007-0894 (MediaWiki before 1.9.2 allows remote attackers to obtain sensitive ...)
	- mediawiki <unfixed> (unimportant)
	NOTE: Only path disclosure
CVE-2007-0893 (Directory traversal vulnerability in phpMyVisites before 2.2 allows ...)
	NOT-FOR-US: phpMyVisites
CVE-2007-0892 (CRLF injection vulnerability in phpMyVisites before 2.2 allows remote ...)
	NOT-FOR-US: phpMyVisites
CVE-2007-0891 (Cross-site scripting (XSS) vulnerability in the GetCurrentCompletePath ...)
	NOT-FOR-US: phpMyVisites
CVE-2007-0890 (Cross-site scripting (XSS) vulnerability in scripts/passwdmysql in ...)
	NOT-FOR-US: cPanel
CVE-2007-0889 (Kiwi CatTools before 3.2.0 beta uses weak encryption (&quot;reversible ...)
	NOT-FOR-US: Kiwi CatTools
CVE-2007-0888 (Directory traversal vulnerability in the TFTP server in Kiwi CatTools ...)
	NOT-FOR-US: Kiwi CatTools
CVE-2007-0887 (axigen 1.2.6 through 2.0.0b1 does not properly parse login ...)
	NOT-FOR-US: Axigen
CVE-2007-0886 (Heap-based buffer underflow in axigen 1.2.6 through 2.0.0b1 allows ...)
	NOT-FOR-US: Axigen
CVE-2007-0885 (Cross-site scripting (XSS) vulnerability in ...)
	NOT-FOR-US: Rainbow.Zen
CVE-2007-0884 (Buffer overflow in Roaring Penguin MIMEDefang 2.59 and 2.60 allows ...)
	- mimedefang <not-affected> (Only versions 2.59 and 2.60 vulnerable)
CVE-2007-0883 (Directory traversal vulnerability in ...)
	NOT-FOR-US: IP3 NetAccess
CVE-2007-0882 (Argument injection vulnerability in the telnet daemon (in.telnetd) in ...)
	NOT-FOR-US: Sun Solaris
CVE-2007-0881 (PHP remote file inclusion vulnerability in the Seitenschutz plugin for ...)
	NOT-FOR-US: OPENi-CMS
CVE-2007-0880 (Capital Request Forms stores sensitive information under the web root ...)
	NOT-FOR-US: Capital Request Forms
CVE-2007-0879 (Buffer overflow in SmidgeonSoft PEBrowse Professional 8.2.1.0 allows ...)
	NOT-FOR-US: PEBrowse
CVE-2007-0878 (Unspecified vulnerability in Microsoft Internet Explorer on Windows ...)
	NOT-FOR-US: Microsoft
CVE-2007-0877 (Unspecified vulnerability in March Networks DVR 3000 and 4000 Digital ...)
	NOT-FOR-US: March Networks DVR
CVE-2007-0876 (Cross-site scripting (XSS) vulnerability in Quick Digital Image ...)
	NOT-FOR-US: Quick Digital Image Gallery
CVE-2007-0875 (** DISPUTED ** ...)
	NOT-FOR-US: mcRefer
CVE-2007-0874 (Allons_voter 1.0 allows remote attackers to bypass authentication and ...)
	NOT-FOR-US: Allons_voter
CVE-2007-0873 (nabopoll 1.1.2 allows remote attackers to bypass authentication and ...)
	NOT-FOR-US: nabopoll
CVE-2007-0872 (Directory traversal vulnerability in the Plain Old Webserver (POW) ...)
	NOT-FOR-US: Plain Old Webserver
CVE-2007-0871 (Unrestricted file upload vulnerability in eXtremePow eXtreme File ...)
	NOT-FOR-US: eXtreme File Hosting
CVE-2006-7010 (The mosgetparam implementation in Joomla! before 1.0.10, does not set ...)
	NOT-FOR-US: Joomla
CVE-2006-7009 (Joomla! before 1.0.10 allows remote attackers to spoof the frontend ...)
	NOT-FOR-US: Joomla
CVE-2006-7008 (Unspecified vulnerability in Joomla! before 1.0.10 has unknown impact ...)
	NOT-FOR-US: Joomla
CVE-2006-7007 (Buffer overflow in Tiny FTPd 1.4 and earlier allows remote attackers ...)
	NOT-FOR-US: Tiny FTPd
CVE-2006-7006 (** DISPUTED ** ...)
	NOT-FOR-US: Somery
CVE-2006-7005 (SQL injection vulnerability in item.php in PSY Auction allows remote ...)
	NOT-FOR-US: PSY Auction
CVE-2006-7004 (Cross-site scripting (XSS) vulnerability in email_request.php in PSY ...)
	NOT-FOR-US: PSY Auction
CVE-2006-7003 (PHP remote file inclusion vulnerability in admin/index.php in Fusion ...)
	NOT-FOR-US: Fusion Polls
CVE-2006-7002 (Cross-site scripting (XSS) vulnerability in add_comment.php in ...)
	NOT-FOR-US: Wheatblog
CVE-2006-7001 (Directory traversal vulnerability in avatar.php in PhpMyChat Plus 1.9 ...)
	NOT-FOR-US: PhpMyChat Plus
CVE-2006-7000 (Headstart Solutions DeskPRO allows remote attackers to obtain the full ...)
	NOT-FOR-US: DeskPRO
CVE-2006-6999 (attachment.php in Headstart Solutions DeskPRO allows remote attackers ...)
	NOT-FOR-US: DeskPRO
CVE-2006-6998 (install/loader_help.php in Headstart Solutions DeskPRO allows remote ...)
	NOT-FOR-US: DeskPRO
CVE-2006-6997 (Unspecified vulnerability in a cryptographic feature in MailEnable ...)
	NOT-FOR-US: MailEnable
CVE-2006-6996 (Multiple cross-site scripting (XSS) vulnerabilities in warforge.NEWS ...)
	NOT-FOR-US: warforge.NEWS
CVE-2006-6995 (mycontacts.php in V3 Chat allows remote authenticated users to gain ...)
	NOT-FOR-US: V3 Chat
CVE-2006-6994 (Unrestricted file upload vulnerability in add.asp in OzzyWork Gallery, ...)
	NOT-FOR-US: OzzyWork Gallery
CVE-2006-6993 (Multiple SQL injection vulnerabilities in pages/addcomment2.php in ...)
	NOT-FOR-US: Neuron Blog
CVE-2005-4828 (Kolab Server 2.0.0 and 2.0.1 does not properly handle when a large ...)
	- kolabd <not-affected> (Only vulnerable in 2.0-2.1; not packaged Debian)
CVE-2007-XXXX [dokuwiki conf directory accessible by web users]
	- dokuwiki 0.0.20061106-3 (bug #410557)
CVE-2007-0870 (Unspecified vulnerability in Microsoft Word 2000 allows remote ...)
	NOT-FOR-US: Microsoft
CVE-2007-0869 (Cross-site scripting (XSS) vulnerability in the Attachment Manager ...)
	NOT-FOR-US: vBulletin
CVE-2007-0868 (Unspecified vulnerability in the Chat Room functionality in Yahoo! ...)
	NOT-FOR-US: Yahoo! Messenger
CVE-2007-0867 (PHP remote file inclusion vulnerability in classes/menu.php in ...)
	NOT-FOR-US: Site-Assistant
CVE-2007-0866 (Unspecified vulnerability in HP OpenView Storage Data Protector on ...)
	NOT-FOR-US: HP OpenView
CVE-2007-0865 (SQL injection vulnerability in comments.php in LushiNews 1.01 and ...)
	NOT-FOR-US: LushiWarPlaner
CVE-2007-0864 (SQL injection vulnerability in register.php in LushiWarPlaner 1.0 ...)
	NOT-FOR-US: LushiWarPlaner
CVE-2007-0863 (** DISPUTED ** ...)
	NOT-FOR-US: Trevorchan
CVE-2007-0862 (** DISPUTED ** ...)
	NOT-FOR-US: gnopaste
CVE-2007-0861 (** DISPUTED ** ...)
	NOT-FOR-US: phpCOIN
CVE-2007-0860 (** DISPUTED ** ...)
	NOT-FOR-US: local Calendar System
CVE-2007-0859 (The Find feature in Palm OS Treo smart phones operates despite the ...)
	NOT-FOR-US: Palm OS Treo
CVE-2006-6992 (Cross-domain vulnerability in GoSuRF Browser 2.62 allows remote ...)
	NOT-FOR-US: GoSuRF Browser
CVE-2006-6991 (Cross-domain vulnerability in Fast Browser Pro 8.1 allows remote ...)
	NOT-FOR-US: Fast Browser Pro
CVE-2006-6990 (Cross-domain vulnerability in Enigma Browser 3.8.8 allows remote ...)
	NOT-FOR-US: Enigma Browser
CVE-2006-6989 (Cross-domain vulnerability in NetCaptor 4.5.7 Personal Edition allows ...)
	NOT-FOR-US: NetCaptor
CVE-2006-6988 (Cross-domain vulnerability in Slim Browser 4.07 build 100 allows ...)
	NOT-FOR-US: Slim Browser
CVE-2006-6987 (Cross-domain vulnerability in FineBrowser Freeware 3.2.2 allows remote ...)
	NOT-FOR-US: FineBrowser Freeware
CVE-2006-6986 (Cross-domain vulnerability in PhaseOut 5.4.4 allows remote attackers ...)
	NOT-FOR-US: PhaseOut
CVE-2006-6985 (Cross-domain vulnerability in Maxthon 1.5.6 build 42 allows remote ...)
	NOT-FOR-US: Maxthon
CVE-2006-6984 (Cross-domain vulnerability in GreenBrowser 3.4.0622 allows remote ...)
	NOT-FOR-US: GreenBrowser
CVE-2006-6983 (Cross-domain vulnerability in MYweb4net Browser 3.8.8.0 allows remote ...)
	NOT-FOR-US: MYweb4net Browser
CVE-2007-XXXX [ikiwiki allows web user to edit images and other non-page format files in the wiki]
	- ikiwiki 1.42 (low)
	[etch] - ikiwiki 1.33.1
CVE-2007-0858
	RESERVED
CVE-2007-0857 (Multiple cross-site scripting (XSS) vulnerabilities in MoinMoin before ...)
	- moin 1.5.3-1.2 (bug #410338; medium; bug #410552)
CVE-2007-0856 (TmComm.sys 1.5.0.1052 in the Trend Micro Anti-Rootkit Common Module ...)
	NOT-FOR-US: Trend Micro Anti-Rootkit Common Module
CVE-2007-0855 (Stack-based buffer overflow in RARLabs Unrar, as packaged in WinRAR ...)
	- rar 1:3.7b1-1 (high; bug #410582)
	[sarge]	- rar <no-dsa> (Non-free)
	[etch] - rar <no-dsa> (Non-free)
	- unrar-nonfree 1:3.7.3-1 (high; bug #410580)
	[etch] - unrar-nonfree <no-dsa> (Non-free not supported)
	[sarge] - unrar-nonfree 1:3.5.2-0.2
	[etch] - unrar-nonfree 1:3.5.4-1.1
	NOTE: amavid-new automatically uses "rar -p-" or "unrar -p-",
	NOTE: which probably turns this into remote code execution
	NOTE: clamav can also call unrar -p-, but AFAICS not in default configuration
	NOTE: unrar-free and clamav (which embeds unrar-free code) not affected
CVE-2007-0854 (Remote file inclusion vulnerability in scripts2/objcache in cPanel ...)
	NOT-FOR-US: cPanel WebHost Manager
CVE-2007-0853 (SQL injection vulnerability in DevTrack 6.0.3 allows remote attackers ...)
	NOT-FOR-US: DevTrack
CVE-2007-0852 (Cross-site scripting (XSS) vulnerability in DevTrack 6.x allows remote ...)
	NOT-FOR-US: DevTrack
CVE-2007-0851 (Buffer overflow in the Trend Micro Scan Engine 8.000 and 8.300 before ...)
	NOT-FOR-US: Trend Micro Scan Engine
CVE-2007-0850 (scripts/cronscript.php in SysCP 1.2.15 and earlier includes and ...)
	NOT-FOR-US: SysCP
CVE-2007-0849 (scripts/cronscript.php in SysCP 1.2.15 and earlier does not properly ...)
	NOT-FOR-US: SysCP
CVE-2007-0848 (PHP remote file inclusion vulnerability in classes/class_mail.inc.php ...)
	NOT-FOR-US: Maian Recipe
CVE-2007-0847 (SQL injection vulnerability in mod/PM/reply.php in Open Tibia Server ...)
	NOT-FOR-US: Open Tibia Server CMS
CVE-2007-0846 (Cross-site scripting (XSS) vulnerability in forum.php in Open Tibia ...)
	NOT-FOR-US: Open Tibia Server CMS
CVE-2007-0845 (admin/index.php in Advanced Poll 2.0.0 through 2.0.5-dev allows remote ...)
	NOT-FOR-US: Advanced Poll
CVE-2007-0843 (The ReadDirectoryChangesW API function on Microsoft Windows 2000, XP, ...)
	NOT-FOR-US: Microsoft Windows
CVE-2007-0842 (The 64-bit versions of Microsoft Visual C++ 8.0 standard library ...)
	NOT-FOR-US: Microsoft
CVE-2007-0841 (Multiple unspecified vulnerabilities in vbDrupal before 4.7.6.0 have ...)
	NOT-FOR-US: vbDrupal
CVE-2007-0840 (Cross-site scripting (XSS) vulnerability in HLstats before 1.35 allows ...)
	NOT-FOR-US: HLstats
CVE-2007-0839 (Multiple PHP remote file inclusion vulnerabilities in ...)
	NOT-FOR-US: WebMatic
CVE-2007-0838 (FreeProxy before 3.92 Build 1626 allows malicious users to cause a ...)
	NOT-FOR-US: FreeProxy
CVE-2007-0837 (PHP remote file inclusion vulnerability in examples/inc/top.inc.php in ...)
	NOT-FOR-US: AgerMenu
CVE-2007-0836 (admin.php in Coppermine Photo Gallery 1.4.10, and possibly earlier, ...)
	NOT-FOR-US: Coppermine Photo Gallery
CVE-2007-0835 (admin.php in Coppermine Photo Gallery 1.4.10, and possibly earlier, ...)
	NOT-FOR-US: Coppermine Photo Gallery
CVE-2007-0834 (Cross-site scripting (XSS) vulnerability in FlashChat 4.7.8 allows ...)
	NOT-FOR-US: FlashChat
CVE-2007-0833 (VMware Workstation 5.5.3 34685, when the &quot;Enable copy and paste to and ...)
	NOT-FOR-US: VMware
CVE-2007-0832 (VMware Workstation 5.5.3 34685 does not immediately change the ...)
	NOT-FOR-US: VMware
CVE-2007-0831 (** DISPUTED ** Multiple PHP remote file inclusion vulnerabilities in ...)
	NOT-FOR-US: Atsphp
CVE-2007-0830 (** DISPUTED ** ...)
	NOT-FOR-US: vBulletin
CVE-2007-0829 (avast! Server Edition before 4.7.726 does not demand a password in a ...)
	NOT-FOR-US: avast!
CVE-2007-0828 (PHP remote file inclusion vulnerability in affichearticles.php3 in ...)
	NOT-FOR-US: MySQLNewsEngine
CVE-2007-0827 (The Alibaba Alipay PTA Module ActiveX control (PTA.DLL) allows remote ...)
	NOT-FOR-US: Alibaba Alipay PTA Module ActiveX control
CVE-2007-0826 (SQL injection vulnerability in forum.asp in Kisisel Site 2007 allows ...)
	NOT-FOR-US: Kisisel Site
CVE-2007-0825 (FlashFXP 3.4.0 build 1145 allows remote servers to cause a denial of ...)
	NOT-FOR-US: FlashFXP
CVE-2007-0824 (PHP remote file inclusion vulnerability in inhalt.php in LightRO CMS ...)
	NOT-FOR-US: LightRO CMS
CVE-2007-0823 (xterm on Slackware Linux 10.2 stores information that had been ...)
	- xterm <not-affected> (Not a security problem)
CVE-2007-0822 (umount, when running with the Linux 2.6.15 kernel on Slackware Linux ...)
	- util-linux <not-affected> (Not a security problem)
CVE-2007-0821 (Multiple directory traversal vulnerabilities in Cedric CLAIRE ...)
	NOT-FOR-US: PortailPhp
CVE-2007-0820 (Multiple PHP remote file inclusion vulnerabilities in Cedric CLAIRE ...)
	NOT-FOR-US: PortailPhp
CVE-2007-0819 (HP Network Node Manager (NNM) Remote Console 7.50 assigns Everyone ...)
	NOT-FOR-US: HP Network Node Manager
CVE-2007-0818
	REJECTED
CVE-2007-0817 (Cross-site scripting (XSS) vulnerability in Adobe ColdFusion web ...)
	NOT-FOR-US: Adobe ColdFusion web server
CVE-2007-0816 (The RPC Server service (catirpc.exe) in CA (formerly Computer ...)
	NOT-FOR-US: (CA) BrightStor
CVE-2007-0815 (Cross-site scripting (XSS) vulnerability in images_archive.asp in ...)
	NOT-FOR-US: Uphotogallery
CVE-2007-0814 (Multiple cross-site scripting (XSS) vulnerabilities in Adrenalin's ASP ...)
	NOT-FOR-US: ASP Chat
CVE-2007-0813 (Cross-site scripting (XSS) vulnerability in Home production ...)
	NOT-FOR-US: MySearchEngine
CVE-2007-0812 (SQL injection vulnerability in pms.php in Woltlab Burning Board (wBB) ...)
	NOT-FOR-US: Woltlab Burning Board
CVE-2007-0811 (Microsoft Internet Explorer 6.0 SP1 on Windows 2000, and 6.0 SP2 on ...)
	NOT-FOR-US: Microsoft
CVE-2007-0810 (PHP remote file inclusion vulnerability in MVCnPHP/BaseView.php in ...)
	NOT-FOR-US: GeekLog
CVE-2007-0809 (PHP remote file inclusion vulnerability in includes/class_template.php ...)
	NOT-FOR-US: Categories Hierarchy
CVE-2007-0808 (PHP remote file inclusion vulnerability in Mina Ajans Script allows ...)
	NOT-FOR-US: Mina Ajans Script
CVE-2007-0807 (Cross-site scripting (XSS) vulnerability in info.php in flashChat ...)
	NOT-FOR-US: flashChat
CVE-2007-0806 (Les News 2.2 allows remote attackers to bypass authentication and gain ...)
	NOT-FOR-US: Les News
CVE-2007-0805 (The ps (/usr/ucb/ps) command on HP Tru64 UNIX 5.1 1885 allows local ...)
	NOT-FOR-US: HP Tru64 UNIX
CVE-2007-0804 (Directory traversal vulnerability in admin/subpages.php in GGCMS 1.1.0 ...)
	NOT-FOR-US: GGCMS
CVE-2007-0803 (Multiple buffer overflows in STLport before 5.0.3 allow remote ...)
	- stlport5 5.0.3-1 (bug #410864; low)
	[etch] - stlport5 5.0.2-12
	[sarge] - stlport5 <not-affected> (Vulnerable code not compiled in)
CVE-2007-0802 (Mozilla Firefox 2.0.0.1 allows remote attackers to bypass the Phishing ...)
	- iceweasel 2.0.0.16-1 (low)
	NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=367538
CVE-2007-0801 (The nsExternalAppHandler::SetUpTempFile function in Mozilla Firefox ...)
	- iceweasel 2.0.0.2+dfsg-1 (low)
	- firefox <removed> (low)
	- iceape 1.0.8-1 (low)
	- xulrunner 1.8.0.10-1 (low)
CVE-2007-0800 (Cross-zone vulnerability in Mozilla Firefox 1.5.0.9 considers blocked ...)
	NOTE: MFSA-2007-05
	- iceweasel 2.0.0.2+dfsg-1 (medium)
	- iceape 1.0.8-1 (medium)
	- xulrunner 1.8.0.10-1 (medium)
	[sarge] - mozilla-firefox <no-dsa> (Mozilla products from Sarge no longer supported)
	[sarge] - mozilla <no-dsa> (Mozilla products from Sarge no longer supported)
CVE-2007-0799 (SQL injection vulnerability in badword.asp in Ublog Reload 1.0.5 ...)
	NOT-FOR-US: Ublog Reload
CVE-2007-0798 (Multiple cross-site scripting (XSS) vulnerabilities in Ublog Reload ...)
	NOT-FOR-US: Ublog Reload
CVE-2007-0797 (PHP remote file inclusion vulnerability in theme/settings.php in ...)
	NOT-FOR-US: SMA-DB
CVE-2007-0796 (Blue Coat Systems WinProxy 6.1a and 6.0 r1c, and possibly earlier, ...)
	NOT-FOR-US: WinProxy
CVE-2007-0795 (Multiple PHP remote file inclusion vulnerabilities in Wap Portal ...)
	NOT-FOR-US: Wap Portal Server
CVE-2007-0794 (** DISPUTED ** ...)
	NOT-FOR-US: GlobalMegaCorp dvddb
CVE-2007-0793 (PHP remote file inclusion vulnerability in inc/common.php in ...)
	NOT-FOR-US: GlobalMegaCorp dvddb
CVE-2007-0792 (The mod_perl initialization script in Bugzilla 2.23.3 does not set the ...)
	- bugzilla <not-affected> (Only development version 2.23.3 is affected)
CVE-2007-0791 (Cross-site scripting (XSS) vulnerability in Atom feeds in Bugzilla ...)
	- bugzilla 2.22.1-2.1 (bug #409824; low)
	[etch] - bugzilla <no-dsa> (Minor issue, far-fetched attack, minor impact)
	[sarge] - bugzilla <not-affected> (Vulnerable code not present)
CVE-2007-0790 (Heap-based buffer overflow in SmartFTP 2.0.1002 allows remote FTP ...)
	NOT-FOR-US: SmartFTP
CVE-2007-0789 (SQL injection vulnerability in Mambo before 4.5.5 allows remote ...)
	- mambo 4.6.1-1 (medium)
	NOTE: only the 4.5.x tree was vulnerable
CVE-2007-0788 (Cross-site scripting (XSS) vulnerability in MediaWiki 1.9.x before ...)
	- mediawiki <not-affected> (Only in 1.9 branch, fixed in 1.9.2)
CVE-2007-0787 (PHP remote file inclusion vulnerability in controller.php in Simple ...)
	NOT-FOR-US: Simple Invoices
CVE-2007-0786 (SQL injection vulnerability in view.php in Noname Media Photo Galerie ...)
	NOT-FOR-US: Noname Media Photo Galerie Standard
CVE-2007-0785 (PHP remote file inclusion vulnerability in previewtheme.php in ...)
	NOT-FOR-US: Flipsource Flip
CVE-2007-0784 (SQL injection vulnerability in login.asp for tPassword in the Raymond ...)
	NOT-FOR-US: RBL ASP tPassword
CVE-2007-0783
	RESERVED
CVE-2007-0782
	RESERVED
CVE-2007-0781
	RESERVED
CVE-2007-0780 (browser.js in Mozilla Firefox 1.5.x before 1.5.0.10 and 2.x before ...)
	NOTE: MFSA-2007-05
	- iceweasel 2.0.0.2+dfsg-1 (medium)
	- iceape 1.0.8-1 (medium)
	- xulrunner 1.8.0.10-1 (medium)
	[sarge] - mozilla-firefox <not-affected> (Vulnerable code not present)
	[sarge] - mozilla <not-affected> (Vulnerable code not present)
CVE-2007-0779 (GUI overlay vulnerability in Mozilla Firefox 1.5.x before 1.5.0.10 and ...)
	NOTE: MFSA-2007-04
	- iceweasel 2.0.0.2+dfsg-1 (low)
	- iceape 1.0.8-1 (low)
	- xulrunner 1.8.0.10-1 (low)
	[sarge] - mozilla-firefox <no-dsa> (Mozilla products from Sarge no longer supported)
	[sarge] - mozilla <not-affected> (introduced in firefox 1.5)
CVE-2007-0778 (The page cache feature in Mozilla Firefox before 1.5.0.10 and 2.x ...)
	{DSA-1336-1}
	NOTE: MFSA-2007-03
	- iceweasel 2.0.0.2+dfsg-1 (low)
	- iceape 1.0.8-1 (low)
	- xulrunner 1.8.0.10-1 (low)
	[sarge] - mozilla-firefox <no-dsa> (Mozilla products from Sarge no longer supported)
	[sarge] - mozilla <no-dsa> (Mozilla products from Sarge no longer supported)
CVE-2007-0777 (The JavaScript engine in Mozilla Firefox before 1.5.0.10 and 2.x ...)
	NOTE: MFSA-2007-01
	- iceweasel 2.0.0.2+dfsg-1 (high)
	- iceape 1.0.8-1 (high)
	- icedove 1.5.0.10.dfsg1-1 (low)
	- xulrunner 1.8.0.10-1 (high)
	[sarge] - mozilla-firefox <no-dsa> (Mozilla products from Sarge no longer supported)
	[sarge] - mozilla-thunderbird <no-dsa> (Mozilla products from Sarge no longer supported)
	[sarge] - mozilla <no-dsa> (Mozilla products from Sarge no longer supported)
CVE-2007-0776 (Heap-based buffer overflow in the _cairo_pen_init function in Mozilla ...)
	NOTE: MFSA-2007-01
	- iceweasel 2.0.0.2+dfsg-1 (high)
	- iceape 1.0.8-1 (high)
	- icedove 1.5.0.10.dfsg1-1 (low)
	- xulrunner 1.8.0.10-1 (high)
	[sarge] - mozilla-firefox <not-affected> (Only affected Firefox 2.0 et al)
	[sarge] - mozilla-thunderbird <not-affected> (Only affected Firefox 2.0 et al)
	[sarge] - mozilla <not-affected> (Only affected Firefox 2.0 et al)
CVE-2007-0775 (Multiple unspecified vulnerabilities in the layout engine in Mozilla ...)
	{DSA-1336-1}
	NOTE: MFSA-2007-01
	- iceweasel 2.0.0.2+dfsg-1 (high)
	- iceape 1.0.8-1 (high)
	- icedove 1.5.0.10.dfsg1-1 (low)
	- xulrunner 1.8.0.10-1 (high)
	[sarge] - mozilla-firefox <no-dsa> (Mozilla products from Sarge no longer supported)
	[sarge] - mozilla-thunderbird <no-dsa> (Mozilla products from Sarge no longer supported)
	[sarge] - mozilla <no-dsa> (Mozilla products from Sarge no longer supported)
	NOTE: Only one of the crashes can be triggered in Sarge, 326864
CVE-2007-0774 (Stack-based buffer overflow in the map_uri_to_worker function ...)
	- libapache-mod-jk 1:1.2.21-1 (medium)
	[sarge] - libapache-mod-jk <not-affected>
	[etch] - libapache-mod-jk <not-affected>
	NOTE: affects only 1.2.19 and 1.2.20
CVE-2007-0773 (The Linux kernel before 2.6.9-42.0.8 in Red Hat 4.4 allows local users ...)
	- linux-2.6 2.6.12-1
CVE-2007-0772 (The Linux kernel 2.6.13 and other versions before 2.6.20.1 allows ...)
	- linux-2.6 2.6.18.dfsg.1-11
CVE-2007-0771 (The utrace support in Linux kernel 2.6.18, and other versions, allows ...)
	- linux-2.6 <not-affected> (RHEL-specific backport, only present in -mm tree)
CVE-2007-0770 (Buffer overflow in GraphicsMagick and ImageMagick allows user-assisted ...)
	{DSA-1260}
	- graphicsmagick 1.1.7-12
	- imagemagick 7:6.2.4.5.dfsg1-0.14 (bug #410435)
CVE-2007-1667 (Multiple integer overflows in (1) the XGetPixel function in ImUtil.c ...)
	{DSA-1294-1}
	- xfree86 <removed> (bug #414046; medium)
	- libx11 2:1.0.3-7 (bug #414045; medium)
	- graphicsmagick 1.1.7-14 (bug #417862; medium)
	- imagemagick 7:6.2.4.5.dfsg1-1 (medium)
	NOTE: Discovered through CVE-2007-0770.
	NOTE: With certain mail user agents, this issue is likely exploitable
	NOTE: without much user interaction.
CVE-2006-6982 (3proxy 0.5 to 0.5.2 does not offer NTLM authentication before basic ...)
	NOT-FOR-US: 3proxy
CVE-2006-6981 (3proxy 0.5 to 0.5.2, when NT-encoded passwords are being used, allows ...)
	NOT-FOR-US: 3proxy
CVE-2006-6980 (The magnatune.com album browser in Amarok allows attackers to cause a ...)
	- amarok 1.4.4-4 (bug #410850; unimportant)
	NOTE: This could only be exploited through the Magnatune shop
CVE-2006-6979 (The ruby handlers in the Magnatune component in Amarok do not properly ...)
	- amarok 1.4.4-1 (bug #410850; low)
	[sarge] - amarok <not-affected> (Vulnerable code not present)
CVE-2006-6978 (Cross-site scripting (XSS) vulnerability in the &quot;Basic Toolbar ...)
	NOT-FOR-US: FCKEditor
CVE-2006-6977 (Cross-site scripting (XSS) vulnerability in the &quot;Basic Toolbar ...)
	NOT-FOR-US: FreeTextBox
CVE-2006-6976 (PHP remote file inclusion vulnerability in centipaid_class.php in ...)
	NOT-FOR-US: CentiPaid
CVE-2006-6975 (** DISPUTED ** ...)
	NOT-FOR-US: CentiPaid
CVE-2006-6974 (Headstart Solutions DeskPRO stores sensitive information under the web ...)
	NOT-FOR-US: DeskPRO
CVE-2006-6973 (Headstart Solutions DeskPRO does not require authentication for ...)
	NOT-FOR-US: DeskPRO
CVE-2006-6972 (SQL injection in torrents.php in BtitTracker 1.3.2 and earlier allows ...)
	NOT-FOR-US: BtitTracker
CVE-2006-6971 (Mozilla Firefox 2.0, possibly only when running on Windows, allows ...)
	- iceweasel <not-affected> (Windows only)
CVE-2006-6970 (Opera 9.10 Final allows remote attackers to bypass the Fraud ...)
	NOT-FOR-US: Opera
CVE-2006-6969 (Jetty before 4.2.27, 5.1 before 5.1.12, 6.0 before 6.0.2, and 6.1 ...)
	- jetty 5.1.10-4 (medium; bug #445283)
	NOTE: http://jetty.cvs.sourceforge.net/jetty/Jetty/src/org/mortbay/jetty/servlet/AbstractSessionManager.java?r1=1.52&r2=1.53&view=patch
CVE-2005-4827 (Internet Explorer 6.0, and possibly other versions, allows remote ...)
	NOT-FOR-US: Microsoft
CVE-2003-1319 (Multiple buffer overflows in SmartFTP 1.0.973, and other versions ...)
	NOT-FOR-US: SmartFTP
CVE-2007-0844 (The auth_via_key function in pam_ssh.c in pam_ssh before 1.92, when ...)
	- libpam-ssh 1.91.0-9.2 (bug #410236; low)
	[etch] - libpam-ssh <no-dsa> (Minor issue)
	[sarge] - libpam-ssh <no-dsa> (Minor issue)
CVE-2007-0769 (** DISPUTED ** ...)
	NOT-FOR-US: Phorum
CVE-2007-0768 (Multiple cross-site scripting (XSS) vulnerabilities in the Contact ...)
	NOT-FOR-US: Yahoo! Messenger
CVE-2007-0767 (Cross-site scripting (XSS) vulnerability in the core in Phorum before ...)
	NOT-FOR-US: Phorum
CVE-2007-0766 (Stack-based buffer overflow in Remotesoft .NET Explorer 2.0.1 allows ...)
	NOT-FOR-US: .NET Explorer
CVE-2007-0765 (SQL injection vulnerability in news.php in dB Masters Curium CMS 1.03 ...)
	NOT-FOR-US: Curium CMS
CVE-2007-0764 (Unrestricted file upload vulnerability in F3Site 2.1 and earlier ...)
	NOT-FOR-US: F3Site
CVE-2007-0763 (Cross-site scripting (XSS) vulnerability in the news comment ...)
	NOT-FOR-US: F3Site
CVE-2007-0762 (PHP remote file inclusion vulnerability in includes/functions.php in ...)
	NOT-FOR-US: phpBB++
CVE-2007-0761 (PHP remote file inclusion vulnerability in config.php in phpBB ezBoard ...)
	NOT-FOR-US: phpBB ezBoard converter
CVE-2007-0760 (EQdkp 1.3.1 and earlier authenticates administrative requests by ...)
	NOT-FOR-US: EQdkp
CVE-2007-0759 (Multiple SQL injection vulnerabilities in EasyMoblog 0.5.1 allow ...)
	NOT-FOR-US: EasyMoblog
CVE-2007-0758 (PHP remote file inclusion vulnerability in lang.php in PHPProbid 5.24 ...)
	NOT-FOR-US: PHPProbid
CVE-2007-0757 (PHP remote file inclusion vulnerability in index.php in Miguel Nunes ...)
	NOT-FOR-US: CoD2 DreamStats
CVE-2007-0756 (Chicken of the VNC (cotv) 2.0 allows remote attackers to cause a ...)
	NOT-FOR-US: Chicken of the VNC
CVE-2007-0755
	RESERVED
CVE-2007-0754 (Heap-based buffer overflow in Apple QuickTime before 7.1.3 allows ...)
	NOT-FOR-US: Apple QuickTime
CVE-2007-0753 (Format string vulnerability in the VPN daemon (vpnd) in Apple Mac OS X ...)
	NOT-FOR-US: Apple
CVE-2007-0752 (The PPP daemon (pppd) in Apple Mac OS X 10.4.8 checks ownership of the ...)
	NOT-FOR-US: Apple
CVE-2007-0751 (A cleanup script in crontabs in Apple Mac OS X 10.3.9 and 10.4.9 might ...)
	NOT-FOR-US: Apple
CVE-2007-0750 (Integer overflow in CoreGraphics in Apple Mac OS X 10.4 up to 10.4.9 ...)
	NOT-FOR-US: Apple
CVE-2007-0749 (Multiple stack-based buffer overflows in the is_command function in ...)
	NOT-FOR-US: Apple Darwin Streaming Server
CVE-2007-0748 (Heap-based buffer overflow in Apple Darwin Streaming Proxy, when using ...)
	NOT-FOR-US: Apple Darwin Streaming Server
CVE-2007-0747 (load_webdav in Apple Mac OS X 10.3.9 through 10.4.9 does not properly ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2007-0746 (Heap-based buffer overflow in the VideoConference framework in Apple ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2007-0745 (The Apple Security Update 2007-004 uses an incorrect configuration ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2007-0744 (SMB in Apple Mac OS X 10.3.9 through 10.4.9 does not properly clean ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2007-0743 (URLMount in Apple Mac OS X 10.3.9 through 10.4.9 passes the username ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2007-0742 (The WebFoundation framework in Apple Mac OS X 10.3.9 and earlier ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2007-0741 (Buffer overflow in natd in network_cmds in Apple Mac OS X 10.3.9 ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2007-0740 (Alias Manager in Apple Mac OS X 10.3.9 and 10.4.9 does not display ...)
	NOT-FOR-US: Apple
CVE-2007-0739 (The Login Window in Apple Mac OS X 10.4 through 10.4.9 displays the ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2007-0738 (The Login Window in Apple Mac OS X 10.4 through 10.4.9 does not ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2007-0737 (The Login Window in Apple Mac OS X 10.3.9 through 10.4.9 does not ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2007-0736 (Integer overflow in the RPC library in Libinfo in Apple Mac OS X ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2007-0735 (Use-after-free vulnerability in Libinfo in Apple Mac OS X 10.3.9 ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2007-0734 (fsck, as used by the AirPort Disk feature of the AirPort Extreme Base ...)
	NOT-FOR-US: AirPort Extreme Base Station
CVE-2007-0733 (Unspecified vulnerability in ImageIO in Apple Mac OS X 10.3.9 and 10.4 ...)
	NOT-FOR-US: Apple Mac ImageIO
CVE-2007-0732 (Unspecified vulnerability in the CoreServices daemon in CarbonCore in ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2007-0731 (Stack-based buffer overflow in the Apple-specific Samba module (SMB ...)
	NOT-FOR-US: Apple Mac
CVE-2007-0730 (Server Manager (servermgrd) in Apple Mac OS X 10.3.9 and 10.4 through ...)
	NOT-FOR-US: Apple Mac Server Manager
CVE-2007-0729 (Apple File Protocol (AFP) Client in Apple Mac OS X 10.3.9 through ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2007-0728 (Unspecified vulnerability in Apple Mac OS X 10.3.9 and 10.4 through ...)
	NOT-FOR-US: Apple Mac
CVE-2007-0727
	RESERVED
CVE-2007-0726 (The SSH key generation process in OpenSSH in Apple Mac OS X 10.3.9 and ...)
	NOT-FOR-US: Apple OpenSSH
CVE-2007-0725 (Buffer overflow in the AirPortDriver module for AirPort in Apple Mac ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2007-0724 (The IOKit HID interface in Apple Mac OS X 10.3.9 and 10.4 through ...)
	NOT-FOR-US: Apple Mac
CVE-2007-0723 (Unspecified vulnerability in the authentication feature for ...)
	NOT-FOR-US: Mac OS X
CVE-2007-0722 (Integer overflow in Apple Mac OS X 10.3.9 and 10.4 through 10.4.8 ...)
	NOT-FOR-US: Apple Mac
CVE-2007-0721 (Unspecified vulnerability in diskimages-helper in Apple Mac OS X ...)
	NOT-FOR-US: Apple Mac
CVE-2007-0720 (The CUPS service on multiple platforms allows remote attackers to ...)
	- cups 1.2.7-1 (bug #434734; low)
	- cupsys 1.2.7-1 (bug #434734; low)
	[sarge] - cupsys <no-dsa> (Minor, conceptual design problem)
	[etch] - cupsys <no-dsa> (Minor, conceptual design problem)
CVE-2007-0719 (Stack-based buffer overflow in Apple Mac OS X 10.3.9 and 10.4 through ...)
	NOT-FOR-US: Apple Mac
CVE-2007-0718 (Heap-based buffer overflow in Apple QuickTime before 7.1.5 allows ...)
	NOT-FOR-US: Apple QuickTime
CVE-2007-0717 (Integer overflow in Apple QuickTime before 7.1.5 allows remote ...)
	NOT-FOR-US: Apple QuickTime
CVE-2007-0716 (Stack-based buffer overflow in Apple QuickTime before 7.1.5 allows ...)
	NOT-FOR-US: Apple QuickTime
CVE-2007-0715 (Heap-based buffer overflow in Apple QuickTime before 7.1.5 allows ...)
	NOT-FOR-US: Apple QuickTime
CVE-2007-0714 (Integer overflow in Apple QuickTime before 7.1.5 allows remote ...)
	NOT-FOR-US: Apple QuickTime
CVE-2007-0713 (Heap-based buffer overflow in Apple QuickTime before 7.1.5 allows ...)
	NOT-FOR-US: Apple QuickTime
CVE-2007-0712 (Heap-based buffer overflow in Apple QuickTime before 7.1.5 allows ...)
	NOT-FOR-US: Apple QuickTime
CVE-2007-0711 (Integer overflow in Apple QuickTime before 7.1.5, when installed on ...)
	NOT-FOR-US: Apple QuickTime
CVE-2007-0710 (The Bonjour functionality in iChat in Apple Mac OS X 10.3.9 allows remote ...)
	NOT-FOR-US: Apple iChat
CVE-2007-0709 (cmdmon.sys in Comodo Firewall Pro (formerly Comodo Personal Firewall) ...)
	NOT-FOR-US: Comodo Firewall Pro
CVE-2007-0708 (cmdmon.sys in Comodo Firewall Pro (formerly Comodo Personal Firewall) ...)
	NOT-FOR-US: Comodo Firewall Pro
CVE-2007-0707 (Stack-based buffer overflow in GOM Player 2.0.12.3375 allows ...)
	NOT-FOR-US: GOM Player
CVE-2007-0706 (Cross-zone scripting vulnerability in Darksky RSS bar for Internet ...)
	NOT-FOR-US: Darksky RSS
CVE-2007-0705 (Cross-zone scripting vulnerability in Sleipnir 2.49 and earlier, and ...)
	NOT-FOR-US: Sleipnir
CVE-2007-0704 (PHP remote file inclusion vulnerability in install.php in Somery 0.4.6 ...)
	NOT-FOR-US: Somery
CVE-2007-0703 (PHP remote file inclusion vulnerability in library/StageLoader.php in ...)
	NOT-FOR-US: WebBuilder
CVE-2007-0702 (Multiple PHP remote file inclusion vulnerabilities in phpEventMan ...)
	NOT-FOR-US: phpEventMan
CVE-2007-0701 (PHP remote file inclusion vulnerability in inc/common.inc.php in ...)
	NOT-FOR-US: Epistemon
CVE-2007-0700 (Directory traversal vulnerability in index.php in Guernion Sylvain ...)
	NOT-FOR-US: Portail Web
CVE-2007-0699 (PHP remote file inclusion vulnerability in includes/includes.php in ...)
	NOT-FOR-US: Portail Web
CVE-2007-0698 (Multiple SQL injection vulnerabilities in ACGVannu 1.3 and earlier ...)
	NOT-FOR-US: ACGVannu
CVE-2007-0697 (index2.php in ACGVannu 1.3 and earlier allows remote attackers to ...)
	NOT-FOR-US: ACGVannu
CVE-2007-0696 (Cross-site scripting (XSS) vulnerability in error messages in Free LAN ...)
	NOT-FOR-US: Free LAN Intranet Portal
CVE-2007-0695 (Multiple SQL injection vulnerabilities in Free LAN In(tra|ter)net ...)
	NOT-FOR-US: Free LAN Intranet Portal
CVE-2007-0694 (Cross-site scripting (XSS) vulnerability in footer.php in DGNews 2.1 ...)
	NOT-FOR-US: DGNews
CVE-2007-0693 (SQL injection vulnerability in news.php in DGNews 2.1 allows remote ...)
	NOT-FOR-US: DGNews
CVE-2007-0692 (DGNews 2.1 allows remote attackers to obtain sensitive information via ...)
	NOT-FOR-US: DGNews
CVE-2007-0691
	REJECTED
CVE-2007-0690 (myEvent 1.6 allows remote attackers to obtain sensitive information ...)
	NOT-FOR-US: myEvent
CVE-2007-0689 (MyBB 1.2.4 allows remote attackers to obtain sensitive information via ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2006-6968 (Cross-site scripting (XSS) vulnerability in the group moderation ...)
	NOT-FOR-US: Phorum
CVE-2006-6967 (Check Point FireWall-1 allows remote attackers to obtain certificate ...)
	NOT-FOR-US: Check Point Firewall-1
CVE-2006-6966 (phpGraphy before 0.9.13a does not properly unset variables when the ...)
	NOT-FOR-US: phpGraphy
CVE-2007-XXXX [remctl ACL bypass vulnerability]
	- remctl 2.2-2
	[sarge] - remctl <not-affected> (Vulnerable code not present)
CVE-2007-XXXX [ejabberd unspecified vulnerability in mod_roster_odbc]
	- ejabberd 1.1.2-5
CVE-2007-0688 (SQL injection vulnerability in oku.asp in Hunkaray Duyuru Scripti ...)
	NOT-FOR-US: Hunkaray Duyuru Scripti
CVE-2007-0687 (SQL injection vulnerability in i-search.php in Michelle's L2J Dropcalc ...)
	NOT-FOR-US: L2J Dropcalc
CVE-2007-0686 (The Intel 2200BG 802.11 Wireless Mini-PCI driver 9.0.3.9 (w29n51.sys) ...)
	NOT-FOR-US: Intel 2200BG Cards drive.
CVE-2007-0685 (Internet Explorer on Windows Mobile 5.0 and Windows Mobile 2003 and ...)
	NOT-FOR-US: Internet Explorer
CVE-2007-0684 (PHP remote file inclusion vulnerability in portal.php in Cerulean ...)
	NOT-FOR-US: Cerulean Portal System
CVE-2007-0683 (PHP remote file inclusion vulnerability in includes/functions.php in ...)
	NOT-FOR-US: Omegaboard
CVE-2007-0682 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: JV2 Folder Gallery
CVE-2007-0681 (profile.php in ExtCalendar 2 and earlier allows remote attackers to ...)
	NOT-FOR-US: ExtCalendar
CVE-2007-0680 (PHP remote file inclusion vulnerability in includes/functions.php in ...)
	NOT-FOR-US: Phpbb Tweaked it is a module to phpbb
CVE-2007-0679 (PHP remote file inclusion vulnerability in lang/leslangues.php in ...)
	NOT-FOR-US: PHPMyRing
CVE-2007-0678 (SQL injection vulnerability in windows.asp in Fullaspsite Asp Hosting ...)
	NOT-FOR-US: Fullaspsite Asp Hosting Sites
CVE-2007-0677 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: Cadre PHP Framework
CVE-2007-0676 (SQL injection vulnerability in faq.php in ExoPHPDesk 1.2.1 and earlier ...)
	NOT-FOR-US: ExoPHPDesk
CVE-2007-0675 (A certain ActiveX control in sapi.dll (aka the Speech API) in Speech ...)
	NOT-FOR-US: Windows Vista
CVE-2007-0674 (Pictures and Videos on Windows Mobile 5.0 and Windows Mobile 2003 and ...)
	NOT-FOR-US: Windows Mobile
CVE-2007-0673 (LGSERVER.EXE in BrightStor ARCserve Backup for Laptops &amp; Desktops ...)
	NOT-FOR-US: (CA) BrightStor
CVE-2007-0672 (LGSERVER.EXE in BrightStor Mobile Backup 4.0 allows remote attackers ...)
	NOT-FOR-US: (CA) BrightStor
CVE-2007-0671 (Unspecified vulnerability in Microsoft Excel 2000, XP, 2003, and 2004 ...)
	NOT-FOR-US: Microsoft Excel
CVE-2007-0670 (Buffer overflow in bos.rte.libc in IBM AIX 5.2 and 5.3 allows local ...)
	NOT-FOR-US: IBM AIX
CVE-2007-0669 (Unspecified vulnerability in Twiki 4.0.0 through 4.1.0 allows local ...)
	- twiki 1:4.0.5-9 (bug #410256)
CVE-2007-0668 (The Loopback Filesystem (LOFS) in Sun Solaris 10 allows local users in ...)
	NOT-FOR-US: Sun Solaris.
CVE-2007-0667 (The redirect function in Form.pm for (1) LedgerSMB before 1.1.5 and ...)
	- sql-ledger <unfixed> (bug #409703; unimportant)
	NOTE: It's documented behaviour that SQL-Ledger should only be run in an
	NOTE: authenticated HTTP zone and without untrusted users
	[etch] - sql-ledger <no-dsa> (Should only be used with trusted users)
	NOTE: sql-ledger 2.6.22-2 adds a note to README.Debian that sql-ledger
	NOTE: is not secure with untrusted users.
CVE-2007-0666 (Ipswitch WS_FTP Server 5.04 allows FTP site administrators to execute ...)
	NOT-FOR-US: WS_FTP Server
CVE-2007-0665 (Format string vulnerability in the SCP module in Ipswitch WS_FTP 2007 ...)
	NOT-FOR-US: WS_FTP Server
CVE-2007-0664 (thttpd before 2.25b-r6 in Gentoo Linux is started from the system root ...)
	- thttpd <not-affected> (Gentoo-specific packaging flaw)
	NOTE: In accordance with Debian Policy is not possible start Webserver
	NOTE: in root directory (/).
CVE-2007-0663 (SQL injection vulnerability in index.php in Eclectic Designs ...)
	NOT-FOR-US: Eclectic Designs CascadianFAQ
CVE-2007-0662 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: Hailboards
CVE-2007-0661 (Intel Enterprise Southbridge 2 Baseboard Management Controller (BMC), ...)
	NOT-FOR-US: Intel BMC
CVE-2007-0660 (Cross-site scripting (XSS) vulnerability in the IFrame module before ...)
	NOT-FOR-US: DotNetNuke
CVE-2007-0659 (download.php in the MuddyDogPaws FileDownload snippet before 2.5 for ...)
	NOT-FOR-US: MODx MuddyDogPaws FileDownload
CVE-2007-0658 (The (1) Textimage 4.7.x before 4.7-1.2 and 5.x before 5.x-1.1 module ...)
	NOT-FOR-US: Drupal addon module "Textimage"
CVE-2007-0657 (Unspecified vulnerability in Nexuiz 2.2.2 allows remote attackers to ...)
	- nexuiz 2.2.3-1 (medium)
	[etch] - nexuiz <not-affected> (Vulnerable code not present, was introduced in 2.2.2)
CVE-2007-0656 (PHP remote file inclusion vulnerability in includes/functions.php in ...)
	NOT-FOR-US: phpBB2-MODificat it is a module to phpbb2
CVE-2007-0655 (The MicroWorld Agent service (MWAGENT.EXE) in MicroWorld Technologies eScan ...)
	NOT-FOR-US: MicroWorld
CVE-2007-0654 (Integer underflow in X MultiMedia System (xmms) 1.2.10 allows ...)
	{DSA-1277-1}
	- xmms 1:1.2.10+20070301-2 (bug #416423; low)
CVE-2007-0653 (Integer overflow in X MultiMedia System (xmms) 1.2.10, and possibly ...)
	{DSA-1277-1}
	- xmms 1:1.2.10+20070301-2 (bug #416423; low)
CVE-2007-0652 (Cross-site request forgery (CSRF) vulnerability in MailEnable Professional ...)
	NOT-FOR-US: MailEnable Professional
CVE-2007-0651 (Multiple cross-site scripting (XSS) vulnerabilities in MailEnable ...)
	NOT-FOR-US: MailEnable Professional
CVE-2007-0650 (Buffer overflow in the open_sty function in mkind.c for makeindex 2.14 ...)
	- tetex-bin <not-affected> (Only vulnerable if compiled w/o kpathsea support, Debian does)
CVE-2007-0649 (Variable overwrite vulnerability in interface/globals.php in OpenEMR ...)
	NOT-FOR-US: OpenEMR
CVE-2007-0648 (Cisco IOS after 12.3(14)T, 12.3(8)YC1, 12.3(8)YG, and 12.4, with voice ...)
	NOT-FOR-US: Cisco
CVE-2007-0647 (Format string vulnerability in Help Viewer 3.0.0 allows remote ...)
	NOT-FOR-US: AppleKit
CVE-2007-0646 (Format string vulnerability in iMovie HD 6.0.3, and Safari in Apple ...)
	NOT-FOR-US: iMovie
CVE-2007-0645 (Format string vulnerability in iPhoto 6.0.5 allows remote ...)
	NOT-FOR-US: iPhoto
CVE-2007-0644 (Format string vulnerability in Apple Safari 2.0.4 (419.3) allows ...)
	NOT-FOR-US: Apple Safari
CVE-2007-0643 (Stack-based buffer overflow in Bloodshed Dev-C++ 4.9.9.2 allows ...)
	NOT-FOR-US: Bloodshed Dev-C++
CVE-2007-0642 (SQL injection vulnerability in tForum 2.00 in the Raymond BERTHOU ...)
	NOT-FOR-US: Raymond BERTHOU script collection
CVE-2007-0641 (Buffer overflow in the EnumPrintersA function in dapcnfsd.dll 0.6.4.0 ...)
	NOT-FOR-US: Shaffer Solutions (SSC)
CVE-2007-0640 (Buffer overflow in ZABBIX before 1.1.5 has unknown impact and attack ...)
	- zabbix 1:1.1.4-8 (bug #409257)
CVE-2007-0639 (Multiple static code injection vulnerabilities in error.php in GuppY ...)
	NOT-FOR-US: GuppY
CVE-2007-0638 (show.php in Vlad Alexa Mancini PHPFootball 1.6 allows remote attackers ...)
	NOT-FOR-US: PHPFootball
CVE-2007-0637 (Directory traversal vulnerability in zd_numer.php in Galeria Zdjec 3.0 ...)
	NOT-FOR-US: Galeria Zdjec
CVE-2007-0636 (Unspecified vulnerability in inotify before 0.3.5 has unknown impact ...)
	NOT-FOR-US: incron
CVE-2007-0635 (Multiple PHP remote file inclusion vulnerabilities in EncapsCMS 0.3.6 ...)
	NOT-FOR-US: EncapsCMS
CVE-2007-0634 (Unspecified vulnerability in Sun Solaris 10 before 20070130 allows ...)
	NOT-FOR-US: Sun Solaris
CVE-2007-XXXX [kaya buffer overflow, cross-site scripting and data leak]
	- kaya 0.2.0-6 (bug #409062)
CVE-2007-XXXX [file descriptor leak when a Compose file uses the "include" directive]
	- libx11 2:1.0.3-5 (low)
	NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=9279
CVE-2007-0633 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: MyNews
CVE-2007-0632 (SQL injection vulnerability in artreplydelete.asp in ASP EDGE 1.3a and ...)
	NOT-FOR-US: ASP EDGE
CVE-2007-0631 (SQL injection vulnerability in index.php in Eclectic Designs ...)
	NOT-FOR-US: Eclectic Designs CascadianFAQ
CVE-2007-0630 (Multiple SQL injection vulnerabilities in the generate_csv function in ...)
	NOT-FOR-US: xNews
CVE-2007-0629 (The www_purgeList method in Plain Black WebGUI before 7.3.8 does not ...)
	NOT-FOR-US: Plain Black WebGUI
CVE-2007-0628 (Multiple cross-site scripting (XSS) vulnerabilities in Sun Java System ...)
	NOT-FOR-US: Sun Java System Access Manager
CVE-2007-0627 (Michael Still gtalkbot before 1.2 places username and password ...)
	NOT-FOR-US: gtalkbot
CVE-2007-0626 (The comment_form_add_preview function in comment.module in Drupal ...)
	- drupal 4.7.6-1
CVE-2007-0625 (nxconfigure.sh in NoMachine NX Server before 2.1.0-18 does not ...)
	NOT-FOR-US: NoMachine NX Server
CVE-2007-0624 (user.php in MAXdev MDPro 1.0.76 allows remote attackers to obtain the ...)
	NOT-FOR-US: MAXdev MDPro
CVE-2007-0623 (SQL injection vulnerability in index.php in MAXdev MDPro 1.0.76 allows ...)
	NOT-FOR-US: MAXdev MDPro
CVE-2007-0622 (Cross-site request forgery (CSRF) vulnerability in MyBB (aka ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2007-0621
	REJECTED
CVE-2007-0620 (download.php in FD Script 1.3.2 and earlier allows remote attackers to ...)
	NOT-FOR-US: FD Script
CVE-2007-0619 (chmlib before 0.39 allows user-assisted remote attackers to execute ...)
	- chmlib 2:0.39-1 (bug #408603; medium)
CVE-2007-0618 (Unspecified vulnerability in (1) pop3d, (2) pop3ds, (3) imapd, and (4) ...)
	NOT-FOR-US: IBM AIX
CVE-2007-0617 (The SpamBlocker.dll ActiveX control in Earthlink TotalAccess is marked ...)
	NOT-FOR-US: Earthlink TotalAccess
CVE-2007-0616 (Directory traversal vulnerability in zen/template-functions.php in ...)
	NOT-FOR-US: zenphoto
CVE-2007-0615 (Unspecified vulnerability in Hitachi JP1/HIBUN Advanced Edition ...)
	NOT-FOR-US: Hitachi
CVE-2007-0614 (The Bonjour functionality in mDNSResponder, iChat 3.1.6, and ...)
	NOT-FOR-US: Apple
CVE-2007-0613 (The Bonjour functionality in mDNSResponder, iChat 3.1.6, and ...)
	NOT-FOR-US: Apple
CVE-2007-0612 (Multiple ActiveX controls in Microsoft Windows 2000, XP, 2003, and ...)
	NOT-FOR-US: Microsoft ActiveX
CVE-2007-0611 (Multiple cross-site scripting (XSS) vulnerabilities in Free LAN ...)
	NOT-FOR-US: Free LAN Intranet Portal
CVE-2007-0610 (Cross-site scripting (XSS) vulnerability in the mailform feature in ...)
	NOT-FOR-US: CMSimple
CVE-2007-0609 (Directory traversal vulnerability in Advanced Guestbook 2.4.2 allows ...)
	NOT-FOR-US: Advanced Guestbook
CVE-2007-0608 (Advanced Guestbook 2.4.2 allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: Advanced Guestbook
CVE-2007-0607 (W-Agora (Web-Agora) 4.2.1, when register_globals is enabled, stores ...)
	NOT-FOR-US: Web-Agora
CVE-2007-0606 (w-agora 4.2.1 allows remote attackers to obtain sensitive information ...)
	NOT-FOR-US: Web-Agora
CVE-2007-0605 (Cross-site scripting (XSS) vulnerability in picture.php in Advanced ...)
	NOT-FOR-US: Advanced Guestbook
CVE-2007-0604 (Cross-site scripting (XSS) vulnerability in Movable Type (MT) before ...)
	NOT-FOR-US: Movable Type
CVE-2007-0603 (PGP Desktop before 9.5.1 does not validate data objects received over ...)
	NOT-FOR-US: PGP Desktop
CVE-2007-0602 (Buffer overflow in libvsapi.so in the VSAPI library in Trend Micro ...)
	NOT-FOR-US: Trend Micro AntiVirus
CVE-2007-0601 (common/safety.php in Aztek Forum 4.00 allows remote attackers to enter ...)
	NOT-FOR-US: Aztek Forum
CVE-2007-0600 (SQL injection vulnerability in news_page.asp in Martyn Kilbryde ...)
	NOT-FOR-US: makit news
CVE-2007-0599 (Variable overwrite vulnerability in common/config.php in Aztek Forum ...)
	NOT-FOR-US: Aztek Forum
CVE-2007-0598 (SQL injection vulnerability in forum/load.php in Aztek Forum 4.00 ...)
	NOT-FOR-US: Aztek Forum
CVE-2007-0597 (Aztek Forum 4.00 allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: Aztek Forum
CVE-2007-0596 (PHP remote file inclusion vulnerability in index/main.php in Aztek ...)
	NOT-FOR-US: Aztek Forum
CVE-2007-0595 (Cross-site scripting (XSS) vulnerability in search in High 5 Review ...)
	NOT-FOR-US: high5 Review
CVE-2007-0594 (Siteman 2.0.x2 stores sensitive information under the web root with ...)
	NOT-FOR-US: Siteman
CVE-2007-0593 (Siteman 1.1.11 stores sensitive information under the web root with ...)
	NOT-FOR-US: Siteman
CVE-2007-0592 (Cross-site scripting (XSS) vulnerability in EzDatabase 2.1.3 allows ...)
	NOT-FOR-US: EzDatabase
CVE-2007-0591 (PHP remote file inclusion vulnerability in configure.php in Vu Le An ...)
	NOT-FOR-US: VirtualPath
CVE-2007-0590 (Cross-site scripting (XSS) vulnerability in busca2.asp in Forum Livre ...)
	NOT-FOR-US: Forum Livre
CVE-2007-0589 (SQL injection vulnerability in Forum Livre 1.0 allows remote attackers ...)
	NOT-FOR-US: Forum Livre
CVE-2007-0588 (The InternalUnpackBits function in Apple QuickDraw, as used by ...)
	NOT-FOR-US: Apple
CVE-2007-0587
	RESERVED
CVE-2007-0586
	RESERVED
CVE-2007-0585 (include/debug.php in Webfwlog 0.92 and earlier, when register_globals ...)
	NOT-FOR-US: Webfwlog
CVE-2007-0584 (PHP remote file inclusion vulnerability in membres/membreManager.php ...)
	NOT-FOR-US: PhP Generic
CVE-2007-0583 (Multiple cross-site scripting (XSS) vulnerabilities in HTTP Commander ...)
	NOT-FOR-US: HTTP Commander
CVE-2007-0582 (SQL injection vulnerability in default.asp in ChernobiLe 1.0 allows ...)
	NOT-FOR-US: ChernobiLe
CVE-2007-0581 (PHP remote file inclusion vulnerability in functions.php in EclipseBB ...)
	NOT-FOR-US: EclipseBB
CVE-2007-0580 (PHP remote file inclusion vulnerability in menu.php in Foro Domus 2.10 ...)
	NOT-FOR-US: Foro Domus
CVE-2007-0579 (Unspecified vulnerability in the calendar component in Horde Groupware ...)
	NOT-FOR-US: Horde Groupware
CVE-2007-0578 (The http_open function in httpget.c in mpg123 before 0.64 allows ...)
	- mpg123 0.61-5 (bug #409296; unimportant)
	NOTE: Not much of a security problem; user will abort mpg123 and never listen to
	NOTE: the faulty stream again
CVE-2007-0577 (PHP remote file inclusion vulnerability in function.inc.php in ...)
	NOT-FOR-US: ACGVclick
CVE-2007-0576 (PHP remote file inclusion vulnerability in xt_counter.php in Xt-Stats ...)
	NOT-FOR-US: Xt-Stats
CVE-2007-0575 (Multiple SQL injection vulnerabilities in the administrative login ...)
	NOT-FOR-US: ASPCode.net AdMentor
CVE-2007-0574 (SQL injection vulnerability in rss/show_webfeed.php in SpoonLabs Vivvo ...)
	NOT-FOR-US: SpoonLabs Vivvo Article Management CMS
CVE-2007-0573 (PHP remote file inclusion vulnerability in includes/config.inc.php in ...)
	NOT-FOR-US: nsGalPHP
CVE-2007-0572 (PHP remote file inclusion vulnerability in include/irc/phpIRC.php in ...)
	NOT-FOR-US: Drunken:Golem Gaming Portal
CVE-2007-0571 (PHP remote file inclusion vulnerability in include/lib/lib_head.php in ...)
	NOT-FOR-US: phpMyReports
CVE-2007-0570 (PHP remote file inclusion vulnerability in ains_main.php in Johannes ...)
	NOT-FOR-US: Ad Fundum Integratable News Script
CVE-2007-0569 (SQL injection vulnerability in xNews.php in xNews 1.3 allows remote ...)
	NOT-FOR-US: xNews
CVE-2007-0568 (PHP remote file inclusion vulnerability in system/lib/package.php in ...)
	NOT-FOR-US: MyPHPCommander
CVE-2007-0567 (Cross-site scripting (XSS) vulnerability in admin.php in ...)
	NOT-FOR-US: Interactive-Scripts.Com
CVE-2007-0566 (SQL injection vulnerability in news_detail.asp in ASP NEWS 3 and ...)
	NOT-FOR-US: ASP NEWS
CVE-2007-0565 (CGI-Rescue Shopping Basket Professional 7.50 and earlier allows remote ...)
	NOT-FOR-US: CGI RESCUE
CVE-2007-0564 (The license registering interface in Symantec Web Security (SWS) ...)
	NOT-FOR-US: Symantec
CVE-2007-0563 (Multiple cross-site scripting (XSS) vulnerabilities in Symantec Web ...)
	NOT-FOR-US: Symantec
CVE-2007-0562 (Windows Explorer (explorer.exe) 6.0.2900.2180 in Microsoft Windows XP ...)
	NOT-FOR-US: Windows Explorer
CVE-2007-0561 (Multiple PHP remote file inclusion vulnerabilities in Xero Portal 1.2 ...)
	NOT-FOR-US: Xero Portal
CVE-2007-0560 (SQL injection vulnerability in user.asp in ASP EDGE 1.2b and earlier ...)
	NOT-FOR-US: ASP EDGE
CVE-2007-0559 (PHP remote file inclusion vulnerability in config.php in RPW 1.0.2 ...)
	NOT-FOR-US: RPW
CVE-2007-0558 (PHP remote file inclusion vulnerability in modules/mail/main.php in ...)
	NOT-FOR-US: vHostAdmin
CVE-2005-4826 (Unspecified vulnerability in the VLAN Trunking Protocol (VTP) feature ...)
	NOT-FOR-US: Cisco
CVE-2007-0557 (rMake before 1.0.4 drops root privileges in a way that retains the ...)
	NOT-FOR-US: rPath
CVE-2007-0556 (The query planner in PostgreSQL before 8.0.11, 8.1 before 8.1.7, and ...)
	- postgresql-8.2 8.2.2-1
	- postgresql-8.1 8.1.7-1
	- postgresql-7.4 <not-affected> (only PostgreSQL 8.x)
	- postgresql <not-affected> (only PostgreSQL 8.x)
CVE-2007-0555 (PostgreSQL 7.3 before 7.3.13, 7.4 before 7.4.16, 8.0 before 8.0.11, ...)
	{DSA-1261-1}
	- postgresql-8.2 8.2.2-1
	- postgresql-8.1 8.1.7-1
	- postgresql-7.4 1:7.4.16-1
	- postgresql <not-affected> (only transitional package)
CVE-2007-0554 (SQL injection vulnerability in print.asp in Guo Xu Guos Posting System ...)
	NOT-FOR-US: Guos Posting System
CVE-2007-0553 (Multiple cross-site scripting (XSS) vulnerabilities in index.inc.php ...)
	NOT-FOR-US: PHProxy
CVE-2007-0552 (Cross-site scripting (XSS) vulnerability in ...)
	NOT-FOR-US: Onnac
CVE-2007-0551 (Multiple PHP remote file inclusion vulnerabilities in cmsimple/cms.php ...)
	NOT-FOR-US: CMSimple
CVE-2007-0550 (Cross-site scripting (XSS) vulnerability in search.php in 212cafeBoard ...)
	NOT-FOR-US: 212cafe Guestbook
CVE-2007-0549 (Cross-site scripting (XSS) vulnerability in list3.php in 212cafeBoard ...)
	NOT-FOR-US: 212cafe Guestbook
CVE-2007-0548 (KarjaSoft Sami HTTP Server 2.0.1 allows remote attackers to cause a ...)
	NOT-FOR-US: KarjaSoft
CVE-2007-0547 (Cross-site scripting (XSS) vulnerability in CGI-RESCUE WebFORM 4.3 and ...)
	NOT-FOR-US: CGI RESCUE
CVE-2007-0546 (Toxiclab Shoutbox 1 stores sensitive information under the web root ...)
	NOT-FOR-US: Toxiclab Shoutbox
CVE-2007-0545 (Maxtricity Tagger 0.1 stores sensitive information under the web root ...)
	NOT-FOR-US: Maxtricity Tagger
CVE-2007-0544 (Cross-site scripting (XSS) vulnerability in private.php in MyBB (aka ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2007-0543 (ZixForum 1.14 and earlier stores sensitive information under the web ...)
	NOT-FOR-US: ZixForum
CVE-2007-0542 (Cross-site scripting (XSS) vulnerability in show.php in 212cafe ...)
	NOT-FOR-US: 212cafe Guestbook
CVE-2007-0541 (WordPress allows remote attackers to determine the existence of ...)
	{DTSA-33-1}
	- wordpress 2.1.0-1 (low)
CVE-2007-0540 (WordPress allows remote attackers to cause a denial of service ...)
	{DSA-1564-1}
	- wordpress 2.1.0-1 (low)
CVE-2007-0539 (The wp_remote_fopen function in WordPress before 2.1 allows remote ...)
	{DTSA-33-1}
	- wordpress 2.1.0-1 (low)
CVE-2007-0538 (Telligent Community Server 2.1 and earlier allows remote attackers to ...)
	NOT-FOR-US: Telligent
CVE-2007-0537 (The KDE HTML library (kdelibs), as used by Konqueror 3.5.5, does not ...)
	- kdelibs 4:3.5.5a.dfsg.1-6 (bug #409868; medium)
CVE-2007-0536 (The chroot helper in rMake for rPath Linux 1 does not drop ...)
	NOT-FOR-US: rPath
CVE-2007-0535 (Multiple eval injection vulnerabilities in Vote! Pro 4.0, and possibly ...)
	NOT-FOR-US: Vote! Pro
CVE-2007-0534 (Multiple cross-site scripting (XSS) vulnerabilities in the (1) Project ...)
	NOT-FOR-US: Drupal module "Project"
CVE-2007-0533 (The AToZed IntraWeb component 8.0 and earlier for Borland Delphi and ...)
	NOT-FOR-US: Borland Delphi
CVE-2007-0532 (Tuan Do Uploader (aka php-uploader) 6 beta 1 stores sensitive ...)
	NOT-FOR-US: Uploader
CVE-2007-0531 (PHP remote file inclusion vulnerability in includes/login.php in ...)
	NOT-FOR-US: FreeWebShop
CVE-2007-0530 (** DISPUTED ** ...)
	NOT-FOR-US: Advanced Guestbook
CVE-2007-0529 (Cross-site scripting (XSS) vulnerability in index.html (aka the ...)
	NOT-FOR-US: PHP Link Directory
CVE-2007-0528 (The admin web console implemented by the Centrality Communications ...)
	NOT-FOR-US: Centrality Communications
CVE-2007-0527 (SQL injection vulnerability in the is_remembered function in ...)
	NOT-FOR-US: Website Baker
CVE-2007-0526 (Multiple cross-site scripting (XSS) vulnerabilities in Bitweaver 1.3.1 ...)
	NOT-FOR-US: Bitweaver
CVE-2007-0525 (Multiple buffer overflows in Nickolas Grigoriadis Mini Web server ...)
	NOT-FOR-US: Mini Web server
CVE-2007-0524 (The LG Chocolate KG800 phone allows remote attackers to cause a denial ...)
	NOT-FOR-US: LG
CVE-2007-0523 (The Nokia N70 phone allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Nokia
CVE-2007-0522 (The Motorola MOTORAZR V3 phone allows remote attackers to cause a ...)
	NOT-FOR-US: Motorola
CVE-2007-0521 (The Sony Ericsson K700i and W810i phones allow remote attackers to ...)
	NOT-FOR-US: Sony Ericsson
CVE-2007-0520 (SQL injection vulnerability in banner.php in Unique Ads (UDS) 1.x ...)
	NOT-FOR-US: Unique Ads
CVE-2007-0519 (Cross-site scripting (XSS) vulnerability in memcp.php in XMB U2U ...)
	NOT-FOR-US: XMB Host
CVE-2007-0518 (Scriptsez Smart PHP Subscriber (aka subscribe) stores sensitive ...)
	NOT-FOR-US: Scriptsez
CVE-2007-0517 (Scriptsez Random PHP Quote 1.0 stores sensitive information under the ...)
	NOT-FOR-US: Scriptsez
CVE-2007-0516 (Yana Framework before 2.8.5a allows remote authenticated users with ...)
	NOT-FOR-US: Yana
CVE-2007-0515 (Unspecified vulnerability in Microsoft Word allows user-assisted ...)
	NOT-FOR-US: Microsoft
CVE-2007-0514 (Multiple cross-site scripting (XSS) vulnerabilities in multiple ...)
	NOT-FOR-US: Hitachi
CVE-2007-0513 (Hitachi HiRDB Datareplicator 7HiRDB, 7(64), 6, 6(64), 5.0, and ...)
	NOT-FOR-US: Hitachi
CVE-2007-0512 (Hitachi TP1/LiNK 05-00 through 05-03-/F, 03-04 through 03-06-/K, and ...)
	NOT-FOR-US: Hitachi
CVE-2007-0511 (Multiple PHP remote file inclusion vulnerabilities in phpXMLDOM ...)
	NOT-FOR-US: phpXD
CVE-2007-0510 (Multiple buffer overflows in (1) graphs.c, (2) output.c, and (3) ...)
	- awffull <unfixed> (unimportant)
	NOTE: This appears to be a bug without a vulnerability vector.
CVE-2007-0509 (Multiple unspecified vulnerabilities in MaklerPlus before 1.2 have ...)
	NOT-FOR-US: MaklerPlus
CVE-2007-0507 (SQL injection vulnerability in the Acidfree module for Drupal before ...)
	NOT-FOR-US: Drupal module "Acidfree"
CVE-2007-0506 (The project_issue_access function in the Project issue tracking 4.7.0 ...)
	NOT-FOR-US: Drupal module "Project"
CVE-2007-0505 (Unrestricted file upload vulnerability in the Project issue tracking ...)
	NOT-FOR-US: Drupal module "Project"
CVE-2007-0504 (Eval injection vulnerability in poll_frame.php in Vote! Pro 4.0, and ...)
	NOT-FOR-US: Vote! Pro
CVE-2007-0503 (Unspecified vulnerability in kcms_calibrate in Sun Solaris 8 and 9 ...)
	NOT-FOR-US: Sun
CVE-2007-0502 (SQL injection vulnerability in gallery.php in webSPELL 4.01.02 allows ...)
	NOT-FOR-US: webSPELL
CVE-2007-0501 (PHP remote file inclusion vulnerability in index.php in Mafia Scum ...)
	NOT-FOR-US: Advanced Random Generators
CVE-2007-0500 (PHP remote file inclusion vulnerability in include/includes.php in ...)
	NOT-FOR-US: Bradabra
CVE-2007-0499 (PHP remote file inclusion vulnerability in config.php in Sangwan Kim ...)
	NOT-FOR-US: phpIndexPage
CVE-2007-0498 (PHP remote file inclusion vulnerability in up.php in MySpeach 2.1 beta ...)
	NOT-FOR-US: MySpeach
CVE-2007-0497 (PHP remote file inclusion vulnerability in upload/top.php in ...)
	NOT-FOR-US: Upload-Service
CVE-2007-0496 (PHP remote file inclusion vulnerability in lib/nl/nl.php in Neon Labs ...)
	NOT-FOR-US: Neon Lab
CVE-2007-0495 (PHP remote file inclusion vulnerability in include/config.inc.php in ...)
	NOT-FOR-US: PhpSherpa
CVE-2007-0492 (Multiple SQL injection vulnerabilities in gallery.php in webSPELL ...)
	NOT-FOR-US: webSPELL
CVE-2007-0491 (PHP remote file inclusion vulnerability in up.php in Sky GUNNING ...)
	NOT-FOR-US: MySpeach
CVE-2007-0490 (index.php in Open-Realty 2.3.4 allows remote attackers to obtain ...)
	NOT-FOR-US: Open-Realty
CVE-2007-0489 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: VisoHotlink
CVE-2007-0488 (The Huawei Versatile Routing Platform 1.43 2500E-003 firmware on the ...)
	NOT-FOR-US: Huawei
CVE-2007-0487 (** DISPUTED ** ...)
	NOT-FOR-US: FreeForum
CVE-2007-0486 (** DISPUTED ** ...)
	NOT-FOR-US: Openads
CVE-2007-0485 (PHP remote file inclusion vulnerability in defines.php in WebChat 0.77 ...)
	NOT-FOR-US: Webdev
CVE-2007-0484 (Multiple SQL injection vulnerabilities in Enthusiast 3.1 allow remote ...)
	NOT-FOR-US: ReviewPost
CVE-2007-0483 (Multiple cross-site scripting (XSS) vulnerabilities in Enthusiast 3.1 ...)
	NOT-FOR-US: ReviewPost
CVE-2007-0482 (cgi-bin/main in Sun Ray Server Software 2.0 and 3.0 before 20070123 ...)
	NOT-FOR-US: Sun
CVE-2007-0481 (Cisco IOS allows remote attackers to cause a denial of service (crash) ...)
	NOT-FOR-US: Cisco
CVE-2007-0480 (Cisco IOS 9.x, 10.x, 11.x, and 12.x and IOS XR 2.0.x, 3.0.x, and 3.2.x ...)
	NOT-FOR-US: Cisco
CVE-2007-0479 (Memory leak in the TCP listener in Cisco IOS 9.x, 10.x, 11.x, and 12.x ...)
	NOT-FOR-US: Cisco
CVE-2007-0478 (WebCore on Apple Mac OS X 10.3.9 and 10.4.10, as used in Safari, does ...)
	NOT-FOR-US: Apple Safari
CVE-2007-0477 (Cross-site scripting (XSS) vulnerability in Openads 2.0.x before ...)
	NOT-FOR-US: Openads
CVE-2007-0476 (The gencert.sh script, when installing OpenLDAP before 2.1.30-r10, ...)
	- openldap2 <not-affected> (Gentoo packaging bug)
CVE-2007-0475 (Multiple stack-based buffer overflows in utilities/smb4k_*.cpp in ...)
	- smb4k 0.8.1-1 (low)
	[etch] - smb4k <no-dsa> (Minor issue)
	NOTE: not all problems fixed in 0.8.0
CVE-2007-0474 (Smb4K before 0.8.0 allow local users, when present on the Smb4K ...)
	- smb4k 0.8.1-1 (low)
	[etch] - smb4k <no-dsa> (Minor issue)
	NOTE: not fixed in 0.8.0, see
	NOTE: http://developer.berlios.de/bugs/?func=detailbug&bug_id=9631&group_id=769
CVE-2007-0473 (The writeFile function in core/smb4kfileio.cpp in Smb4K before 0.8.0 ...)
	- smb4k 0.8.0-1 (low)
	[etch] - smb4k <no-dsa> (Minor issue)
CVE-2007-0472 (Multiple race conditions in Smb4K before 0.8.0 allow local users to ...)
	- smb4k 0.8.0-1 (low)
	[etch] - smb4k <no-dsa> (Minor issue)
CVE-2006-6965 (CRLF injection vulnerability in lib/exe/fetch.php in DokuWiki ...)
	- dokuwiki 0.0.20061106-1 (low)
CVE-2006-6964 (MailEnable Professional before 1.78 provides a cleartext user password ...)
	NOT-FOR-US: MailEnable
CVE-2006-6963 (Multiple PHP remote file inclusion vulnerabilities in Docebo LMS 3.0.3 ...)
	NOT-FOR-US: Docebo
CVE-2006-6962 (PHP remote file inclusion vulnerability in rsgallery2.html.php in the ...)
	NOT-FOR-US: RS Gallery2
CVE-2006-6961 (WebRoot Spy Sweeper 4.5.9 and earlier does not detect malware based on ...)
	NOT-FOR-US: WebRoot Spy Sweeper
CVE-2006-6960 (The Compression Sweep feature in WebRoot Spy Sweeper 4.5.9 and earlier ...)
	NOT-FOR-US: WebRoot Spy Sweeper
CVE-2006-6959 (WebRoot Spy Sweeper 4.5.9 and earlier allows local users to bypass the ...)
	NOT-FOR-US: WebRoot Spy Sweeper
CVE-2006-6958 (Multiple PHP remote file inclusion vulnerabilities in phpBlueDragon ...)
	NOT-FOR-US: phpBlueDragon CMS
CVE-2006-6957 (PHP remote file inclusion vulnerability in addons/mod_media/body.php ...)
	NOT-FOR-US: Docebo
CVE-2006-6956 (Microsoft Internet Explorer allows remote attackers to cause a denial ...)
	NOT-FOR-US: Microsoft
CVE-2006-6955 (Opera allows remote attackers to cause a denial of service ...)
	NOT-FOR-US: Opera
CVE-2006-6954 (Flock beta 1 0.7 allows remote attackers to cause a denial of service ...)
	- iceweasel <unfixed> (unimportant)
	NOTE: Browser crashes not treated as security problems
	NOTE: Tested the proof of concept in iceweasel 2.0.0.1 and it crash.
	NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=239840
CVE-2006-6953 (The virtual keyboard implementation in GlobeTrotter Mobility Manager ...)
	NOT-FOR-US: GlobeTrotter Mobility Manager
CVE-2006-6952 (Computer Associates Host Intrusion Prevention System (HIPS) drivers ...)
	NOT-FOR-US: Computer Associates (CA)
CVE-2005-4825 (Cisco Clean Access 3.5.5 and earlier on the Secure Smart Manager ...)
	NOT-FOR-US: Cisco
CVE-2004-2676 (The Spy Sweeper Enterprise Client (SpySweeperTray.exe) in WebRoot Spy ...)
	NOT-FOR-US: WebRoot Spy Sweeper
CVE-2007-0508 (PHP remote file inclusion vulnerability in lib/selectlang.php in ...)
	- bbclone 0.4.6-8 (bug #408839; medium)
CVE-2007-XXXX [hinfo code injection]
	- hinfo 1.02-3.1 (bug #402316; low)
	[sarge] - hinfo <no-dsa> (Package completely broken, hardly usable for an attack)
CVE-2007-0494 (ISC BIND 9.0.x, 9.1.x, 9.2.0 up to 9.2.7, 9.3.0 up to 9.3.3, 9.4.0a1 ...)
	{DSA-1254-1}
	- bind9 1:9.3.4-2 (medium; bug #408432)
	- bind <not-affected>
CVE-2007-0493 (Use-after-free vulnerability in ISC BIND 9.3.0 up to 9.3.3, 9.4.0a1 up ...)
	- bind9 1:9.3.4-2 (medium; bug #408432)
	[sarge] - bind9 <not-affected> (Vulnerable code not present)
	- bind <not-affected>
CVE-2007-XXXX [gstreamer ffmpeg missing checks of packet sizes, chunk sizes, and fragment positions]
	- gstreamer0.10-ffmpeg 0.10.1-6
	- gst-ffmpeg 0.8.7-10
	[etch] - ffmpeg 0.cvs20060823-5
	- ffmpeg 0.cvs20060823-6
	- mplayer 1.0~rc1-12
CVE-2007-0471 (sre/params.php in the Integrity Clientless Security (ICS) component in ...)
	NOT-FOR-US: Check Point
CVE-2007-0470 (Multiple unspecified vulnerabilities in tip in Sun Solaris 8, 9, and ...)
	NOT-FOR-US: Sun Solaris
CVE-2007-0469 (The extract_files function in installer.rb in RubyGems before 0.9.1 ...)
	- libgems-ruby 0.9.3-1 (low; bug #408299)
	[etch] - libgems-ruby <no-dsa> (Minor issue, needs implicit trust on installed data)
CVE-2007-0468 (Stack-based buffer overflow in rcdll.dll in msdev.exe in Visual C++ ...)
	NOT-FOR-US: Visual C++
CVE-2007-0467 (crashdump in Apple Mac OS X 10.4.8 allows local users in the admin ...)
	NOT-FOR-US: Apple
CVE-2007-0466 (Telestream Flip4Mac Windows Media Components for Quicktime 2.1.0.33 ...)
	NOT-FOR-US: Telestream
CVE-2007-0465 (Format string vulnerability in Apple Installer 2.1.5 on Mac OS X ...)
	NOT-FOR-US: Apple
CVE-2007-0464 (The _CFNetConnectionWillEnqueueRequests function in CFNetwork 129.19 ...)
	NOT-FOR-US: CFNetwork on Apple Mac OS
CVE-2007-0463 (Format string vulnerability in Apple Software Update 2.0.5 on Mac OS X ...)
	NOT-FOR-US: Apple
CVE-2007-0462 (The _GetSrcBits32ARGB function in Apple QuickDraw, as used by ...)
	NOT-FOR-US: Apple
CVE-2007-0461 (Multiple memory leaks in the Dazuko anti-virus helper module before ...)
	- dazuko-source <removed> (bug #408300)
	[sarge] - dazuko-source <not-affected> (Vulnerable code not present)
CVE-2007-0460 (Multiple buffer overflows in ulogd for SUSE Linux 9.3 up to 10.1, and ...)
	- ulogd 1.23-6 (medium)
CVE-2007-0459 (packet-tcp.c in the TCP dissector in Wireshark (formerly Ethereal) ...)
	- wireshark 0.99.4-5 (low)
	[sarge] - ethereal <not-affected> (Vulnerable code not present)
CVE-2007-0458 (Unspecified vulnerability in the HTTP dissector in Wireshark (formerly ...)
	- wireshark 0.99.4-5 (low)
	[sarge] - ethereal <not-affected> (Vulnerable code not present)
CVE-2007-0457 (Unspecified vulnerability in the IEEE 802.11 dissector in Wireshark ...)
	- wireshark 0.99.4-5 (low)
	[sarge] - ethereal <not-affected> (Vulnerable code not present)
CVE-2007-0456 (Unspecified vulnerability in the LLT dissector in Wireshark (formerly ...)
	- wireshark 0.99.4-5 (low)
	[sarge] - ethereal <not-affected> (Vulnerable code not present)
CVE-2007-0455 (Buffer overflow in the gdImageStringFTEx function in gdft.c in GD ...)
	- libgd2 2.0.35.dfsg-1 (bug #408982; low)
	[sarge] - libgd2 <no-dsa> (Minor issue, hardly exploitable)
	[etch] - libgd2 <no-dsa> (Minor issue, hardly exploitable)
CVE-2007-0454 (Format string vulnerability in the afsacl.so VFS module in Samba 3.0.6 ...)
	{DSA-1257}
	- samba 3.0.23d-5 (medium)
CVE-2007-0453 (Buffer overflow in the nss_winbind.so.1 library in Samba 3.0.21 ...)
	- samba <not-affected> (Solaris-specific vulnerability)
CVE-2007-0452 (smbd in Samba 3.0.6 through 3.0.23d allows remote authenticated users ...)
	{DSA-1257}
	- samba 3.0.23d-5 (low)
CVE-2007-0450 (Directory traversal vulnerability in Apache HTTP Server and Tomcat 5.x ...)
	- tomcat5 <removed> (unimportant)
	- tomcat5.5 5.5.23-1 (unimportant)
	NOTE: This only adds an additional control settings for path delimiters, the
	NOTE: necessary proxies still need to be secured or fixed individually (e.g.
	NOTE: as done for mod_jk in a DSA
CVE-2007-0449 (Multiple buffer overflows in LGSERVER.EXE in CA BrightStor ARCserve ...)
	NOT-FOR-US: CA BrightStor
CVE-2007-0448 (The fopen function in PHP 5.2.0 does not properly handle invalid URI ...)
	- php5 <unfixed> (unimportant)
	NOTE: open_basedir bypasses not supported
CVE-2007-0447 (Heap-based buffer overflow in the Decomposer component in multiple ...)
	NOT-FOR-US: Symantec
CVE-2007-0446 (Stack-based buffer overflow in magentproc.exe for Hewlett-Packard ...)
	NOT-FOR-US: HP Mercury
CVE-2007-0445 (Heap-based buffer overflow in the arj.ppl module in the OnDemand ...)
	NOT-FOR-US: Kaspersky Anti-Virus
CVE-2007-0444 (Stack-based buffer overflow in the print provider library (cpprov.dll) ...)
	NOT-FOR-US: Citrix
CVE-2007-0443 (Multiple buffer overflows in the CDDBControl ActiveX control in ...)
	NOT-FOR-US: GraceNote ActiveX Control
CVE-2007-0442 (Unspecified vulnerability in IBM OS/400 R530 and R535 has unknown ...)
	NOT-FOR-US: IBM OS/400
CVE-2007-0441 (Unspecified vulnerability in HP OpenView Network Node Manager (OV NNM) ...)
	NOT-FOR-US: OpenView Network Node Manager
CVE-2007-0440
	RESERVED
CVE-2007-0439
	RESERVED
CVE-2007-0438
	RESERVED
CVE-2007-0437 (Multiple cross-site scripting (XSS) vulnerabilities in the sample ...)
	NOT-FOR-US: InterSystems Cache
CVE-2007-0436 (Barron McCann X-Kryptor Driver BMS1446HRR (Xgntr BMS1351 Install ...)
	NOT-FOR-US: X-Kryptor
CVE-2005-4824 (PHP remote file inclusion vulnerability in web/classes.php in ...)
	NOT-FOR-US: siteframe
CVE-2007-0435 (T-Com Speedport 500V routers with firmware 1.31 allow remote attackers ...)
	NOT-FOR-US: T-Com Speedport
CVE-2007-0434 (BEA AquaLogic Enterprise Security 2.0 through 2.0 SP2, 2.1 through 2.1 ...)
	NOT-FOR-US: BEA
CVE-2007-0433 (Unspecified vulnerability in BEA AquaLogic Enterprise Security 2.0 ...)
	NOT-FOR-US: BEA
CVE-2007-0432 (BEA AquaLogic Service Bus 2.0, 2.1, and 2.5 does not properly reject ...)
	NOT-FOR-US: BEA
CVE-2007-0431 (AVM Fritz!Box 7050, and possibly other product models, allows remote ...)
	NOT-FOR-US: AVM
CVE-2007-0430 (The shared_region_map_file_np function in Apple Mac OS X 10.4.8 and ...)
	NOT-FOR-US: Apple Mac OS
CVE-2007-0429 (DivXBrowserPlugin (aka DivX Web Player) npdivx32.dll, as distributed ...)
	NOT-FOR-US: DivX Web Player
CVE-2007-0428 (Unspecified vulnerability in the chtbl_lookup function in hash.c for ...)
	- wzdftpd 0.8.1-1 (medium)
CVE-2007-0427 (Stack-based buffer overflow in Microsoft Help Workshop 4.03.0002 ...)
	NOT-FOR-US: Microsoft
CVE-2007-0426 (BEA WebLogic Portal 9.2, when running in a WebLogic Server clustered ...)
	NOT-FOR-US: BEA
CVE-2007-0425 (Unspecified vulnerability in BEA WebLogic Platform and Server 8.1 ...)
	NOT-FOR-US: BEA
CVE-2007-0424 (Unspecified vulnerability in the BEA WebLogic Server proxy plug-in for ...)
	NOT-FOR-US: BEA
CVE-2007-0423 (BEA WebLogic Portal 9.2 does not properly handle when an administrator ...)
	NOT-FOR-US: BEA
CVE-2007-0422 (BEA WebLogic Server 9.0, 9.1, and 9.2 Gold, when running on Solaris 9, ...)
	NOT-FOR-US: BEA
CVE-2007-0421 (BEA WebLogic Server 6.1 through 6.1 SP7, and 7.0 through 7.0 SP7 ...)
	NOT-FOR-US: BEA
CVE-2007-0420 (BEA WebLogic Server 9.0, 9.1, and 9.2 Gold allows remote attackers to ...)
	NOT-FOR-US: BEA
CVE-2007-0419 (The BEA WebLogic Server proxy plug-in before June 2006 for the Apache ...)
	NOT-FOR-US: BEA
CVE-2007-0418 (BEA WebLogic Server 7.0 through 7.0 SP6, 8.1 through 8.1 SP5, 9.0, and ...)
	NOT-FOR-US: BEA
CVE-2007-0417 (BEA WebLogic Server 7.0 through 7.0 SP7, 8.1 through 8.1 SP5, 9.0, and ...)
	NOT-FOR-US: BEA
CVE-2007-0416 (The WSEE runtime (WS-Security runtime) in BEA WebLogic Server 9.0 and ...)
	NOT-FOR-US: BEA
CVE-2007-0415 (BEA WebLogic Server 8.1 through 8.1 SP5 does not properly enforce ...)
	NOT-FOR-US: BEA
CVE-2007-0414 (BEA WebLogic Server 6.1 through 6.1 SP7, 7.0 through 7.0 SP6, 8.1 ...)
	NOT-FOR-US: BEA
CVE-2007-0413 (BEA WebLogic Server 8.1 through 8.1 SP5 stores cleartext data in a ...)
	NOT-FOR-US: BEA
CVE-2007-0412 (BEA WebLogic Server 6.1 through 6.1 SP7, 7.0 through 7.0 SP7, and 8.1 ...)
	NOT-FOR-US: BEA
CVE-2007-0411 (BEA WebLogic Server 8.1 through 8.1 SP5, 9.0, 9.1, and 9.2 Gold, when ...)
	NOT-FOR-US: BEA
CVE-2007-0410 (Unspecified vulnerability in the thread management in BEA WebLogic 7.0 ...)
	NOT-FOR-US: BEA
CVE-2007-0409 (BEA WebLogic 7.0 through 7.0 SP6, 8.1 through 8.1 SP4, and 9.0 initial ...)
	NOT-FOR-US: BEA
CVE-2007-0408 (BEA Weblogic Server 8.1 through 8.1 SP4 does not properly validate ...)
	NOT-FOR-US: BEA
CVE-2007-0407 (Cross-site scripting (XSS) vulnerability in Operation/User.pm in Plain ...)
	NOT-FOR-US: Poplar Gedcom Viewer
CVE-2007-0406 (Multiple buffer overflows in the (1) main function in (a) client.c, ...)
	- gxine 0.5.8-2 (medium; bug #405876)
CVE-2007-0405 (The LazyUser class in the AuthenticationMiddleware for Django 0.95 ...)
	- python-django 0.95.1-1 (bug #407786)
CVE-2007-0404 (bin/compile-messages.py in Django 0.95 does not quote argument strings ...)
	- python-django 0.95.1-1 (bug #407786)
CVE-2007-0403 (SQL injection vulnerability in admin/memberlist.php in Easebay ...)
	NOT-FOR-US: Easebay Resources
CVE-2007-0402 (Cross-site scripting (XSS) vulnerability in admin/edit_member.php in ...)
	NOT-FOR-US: Easebay Resources
CVE-2007-0401 (SQL injection vulnerability in admin/memberlist.php in Easebay ...)
	NOT-FOR-US: Easebay Resources
CVE-2007-0400 (Cross-site scripting (XSS) vulnerability in admin/memberlist.php in ...)
	NOT-FOR-US: Easebay Resources
CVE-2007-0399 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...)
	NOT-FOR-US: Simple Machines Forum
CVE-2007-0398 (Multiple cross-site scripting (XSS) vulnerabilities in forum.php3 in ...)
	NOT-FOR-US: MisterSPa-forum
CVE-2006-6951 (Cross-site scripting (XSS) vulnerability in blog.php in OdysseusBlog ...)
	NOT-FOR-US: Odysseus Blog
CVE-2006-6950 (Directory traversal vulnerability in Conti FTPServer 1.0 Build 2.8 ...)
	NOT-FOR-US: Conti FtpServer
CVE-2006-6949 (Conti FTPServer 1.0 Build 2.8 stores user passwords in cleartext in ...)
	NOT-FOR-US: Conti FtpServer
CVE-2006-6948 (MyODBC Japanese conversion edition 3.51.06, 2.50.29, and 2.50.25 ...)
	NOT-FOR-US: JVN
CVE-2006-6947 (The FTP server in the NEC MultiWriter 1700C allows remote attackers to ...)
	NOT-FOR-US: NEC
CVE-2006-6946 (The web server in the NEC MultiWriter 1700C allows remote attackers to ...)
	NOT-FOR-US: NEC
CVE-2007-XXXX [wordpress unregister_globals workaround from 2.0.7]
	- wordpress 2.0.7 (bug #407116; unimportant)
	NOTE: Non-issue, hash issue fixed since months in Sarge and Etch,
	NOTE: register_globals unsupported anyway
CVE-2007-0397 (The Cisco Security Monitoring, Analysis and Response System (CS-MARS) ...)
	NOT-FOR-US: Cisco
CVE-2007-0396 (Unspecified vulnerability in HP-UX B.11.23, when running IPFilter in ...)
	NOT-FOR-US: HP-UX
CVE-2007-0395 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: ComVironment
CVE-2007-0394 (HP HP-UX B11.11 does not properly verify the status of file ...)
	NOT-FOR-US: HP-UX
CVE-2007-0393 (Sun Solaris 9 does not properly verify the status of file descriptors ...)
	NOT-FOR-US: Sun Solaris
CVE-2007-0392 (IBM AIX 5.3 does not properly verify the status of file descriptors ...)
	NOT-FOR-US: IBM AIX
CVE-2007-0391 (Format string vulnerability in the log creation functionality of ...)
	NOT-FOR-US: BitDefender
CVE-2007-0390 (Cross-site scripting (XSS) vulnerability in index.php in sabros.us 1.7 ...)
	NOT-FOR-US: sabros.us
CVE-2007-0389 (Directory traversal vulnerability in ArsDigita Community System (ACS) ...)
	NOT-FOR-US: ArsDigita Community System
CVE-2007-0388 (SQL injection vulnerability in search.php in Woltlab Burning Board ...)
	NOT-FOR-US: Woltlab Burning Board
CVE-2007-0387 (SQL injection vulnerability in models/category.php in the Weblinks ...)
	NOT-FOR-US: Joomla
CVE-2007-0386 (Unspecified vulnerability in the rating section in PostNuke 0.764 has ...)
	NOT-FOR-US: PostNuke
CVE-2007-0385 (The faq section in PostNuke 0.764 allows remote attackers to obtain ...)
	NOT-FOR-US: PostNuke
CVE-2007-0384 (Cross-site scripting (XSS) vulnerability in preview in the reviews ...)
	NOT-FOR-US: PostNuke
CVE-2007-0383 (** DISPUTED ** ...)
	NOT-FOR-US: WDaemon
CVE-2007-0382 (Multiple SQL injection vulnerabilities in letterman.class.php in the ...)
	NOT-FOR-US: Letterman 1.2.3 (com_letterman) component for Joomla!
CVE-2007-0381 (Multiple SQL injection vulnerabilities in ATutor 1.5.3.2 allow remote ...)
	NOT-FOR-US: ATutor
CVE-2007-0380 (DocMan 1.3 RC2 allows remote attackers to obtain sensitive information ...)
	NOT-FOR-US: DocMan
CVE-2007-0379 (Cross-site scripting (XSS) vulnerability in DocMan 1.3 RC2 allows ...)
	NOT-FOR-US: DocMan
CVE-2007-0378 (Multiple SQL injection vulnerabilities in DocMan 1.3 RC2 allow ...)
	NOT-FOR-US: DocMan
CVE-2007-0377 (Multiple SQL injection vulnerabilities in Xoops 2.0.16 allow remote ...)
	NOT-FOR-US: Xoops
CVE-2007-0376 (Cross-site scripting (XSS) vulnerability in Virtuemart 1.0.7 allows ...)
	NOT-FOR-US: Virtuemart
CVE-2007-0375 (Joomla! 1.5.0 Beta allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: Joomla
CVE-2007-0374 (SQL injection vulnerability in (1) Joomla! 1.0.11 and 1.5 Beta, and ...)
	- mambo 4.6.1-5 (bug #407995; low)
CVE-2007-0373 (Multiple SQL injection vulnerabilities in Joomla! 1.5.0 Beta allow ...)
	NOT-FOR-US: Joomla
CVE-2007-0372 (Multiple SQL injection vulnerabilities in Francisco Burzi PHP-Nuke 7.9 ...)
	NOT-FOR-US: PHP-Nuke
CVE-2007-0371 (A certain ActiveX control in the Common Controls Replacement Project ...)
	NOT-FOR-US: Common Controls Replacement Project (CCRP)
CVE-2007-0370 (Unrestricted file upload vulnerability in index.php in phpBP RC3 ...)
	NOT-FOR-US: phpBP
CVE-2007-0369 (SQL injection vulnerability in phpBP RC3 (2.204) and earlier allows ...)
	NOT-FOR-US: phpBP
CVE-2007-0368 (Stack-based buffer overflow in mbse-bbs 0.70 and earlier allows local ...)
	NOT-FOR-US: mbse
CVE-2007-0367 (Rumpus 5.1 and earlier has weak permissions for certain files and ...)
	NOT-FOR-US: Maxum Rumpus
CVE-2007-0366 (Untrusted search path vulnerability in Rumpus 5.1 and earlier allows ...)
	NOT-FOR-US: Maxum Rumpus
CVE-2007-0365 (Multiple cross-site scripting (XSS) vulnerabilities in All In One ...)
	NOT-FOR-US: All In One Control Panel
CVE-2007-0364 (Multiple cross-site scripting (XSS) vulnerabilities in nicecoder.com ...)
	NOT-FOR-US: nicecoder.com INDEXU
CVE-2006-6945 (SQL injection vulnerability in Virtuemart 1.0.7 allows remote ...)
	NOT-FOR-US: VirtueMart
CVE-2007-XXXX [libjabber DoS]
	- centericq 4.21.0-18 (unimportant; bug #406982)
	NOTE: Affected function isn't used in the source
CVE-2007-XXXX [python-django flup/FastCGI/debugging issue]
	- python-django 0.95.1-1 (bug #407607)
CVE-2007-XXXX [gstreamer-ffmpeg unspecified issue related to sps and pps ids]
	- gstreamer0.10-ffmpeg 0.10.1-5
	- gst-ffmpeg 0.8.7-9
	- mplayer 1.0~rc1-12
	[etch] - ffmpeg 0.cvs20060823-5
	- ffmpeg 0.cvs20060823-6
CVE-2007-XXXX [netpbm heap corruption]
	- netpbm-free 2:10.0-11 (bug #407605)
CVE-2007-0363 (Cross-site scripting (XSS) vulnerability in admin-search.php in (1) ...)
	NOT-FOR-US: Openads
CVE-2007-0362 (Cross-site scripting (XSS) vulnerability in the RSS feed component in ...)
	NOT-FOR-US: FreshReader
CVE-2007-0361 (PHP remote file inclusion vulnerability in mep/frame.php in ...)
	NOT-FOR-US: PHPMyphorum
CVE-2007-0360 (PHP remote file inclusion vulnerability in lang/index.php in Oreon ...)
	NOT-FOR-US: Oreon
CVE-2007-0359 (PHP remote file inclusion vulnerability in frontpage.php in Uberghey ...)
	NOT-FOR-US: Travelsized CMS
CVE-2007-0358 (Unspecified vulnerability in the FTP server implementation in HP ...)
	NOT-FOR-US: HP Jetdirect
CVE-2007-0357 (Directory traversal vulnerability in the AVM IGD CTRL Service in ...)
	NOT-FOR-US: AVM
CVE-2007-0356 (The Common Controls Replacement Project (CCRP) FolderTreeview (FTV) ...)
	NOT-FOR-US: Common Controls Replacement Project (CCRP)
CVE-2007-0355 (Buffer overflow in the Apple Minimal SLP v2 Service Agent (slpd) in ...)
	NOT-FOR-US: Apple
CVE-2007-0354 (SQL injection vulnerability in email.php in MGB OpenSource Guestbook ...)
	NOT-FOR-US: MGB OpenSource Guestbook
CVE-2007-0353 (Cross-site scripting (XSS) vulnerability in (1) index.php and (2) ...)
	NOT-FOR-US: myBloggie
CVE-2007-0352 (Stack-based buffer overflow in Microsoft Help Workshop 4.03.0002 ...)
	NOT-FOR-US: Microsoft
CVE-2007-0351 (Microsoft Windows XP and Windows Server 2003 do not properly handle ...)
	NOT-FOR-US: Microsoft
CVE-2007-0350 (Multiple SQL injection vulnerabilities in (a) index.php and (b) dl.php ...)
	NOT-FOR-US: FileMailer
CVE-2007-0349 (Directory traversal vulnerability in upgrade.php in nicecoder.com ...)
	NOT-FOR-US: INDEXU
CVE-2007-0348 (Stack-based buffer overflow in the IASystemInfo.dll ActiveX control in ...)
	NOT-FOR-US: ActiveX control in InterActual Player
CVE-2007-0347 (The is_eow function in format.c in CVSTrac before 2.0.1 does not ...)
	- cvstrac 2.0.1-1
	[etch] - cvstrac <not-affected> (Vulnerable code not present)
	[sarge] - cvstrac <not-affected> (Vulnerable code not present)
	NOTE: the vulnerable code can't be found on other places in 1.1.5 and also similar things
	NOTE: are done like using %q instead of %s for user supplied data
CVE-2007-0346 (SQL injection vulnerability in index.php in SmE FileMailer 1.21 allows ...)
	NOT-FOR-US: FileMailer
CVE-2007-0345 (The (1) Activity Monitor.app/Contents/Resources/pmTool, (2) Keychain ...)
	NOT-FOR-US: Apple
CVE-2007-0344 (Multiple format string vulnerabilities in (1) _invitedToRoom: and (2) ...)
	- colloquy <removed>
CVE-2007-0343 (OpenBSD before 20070116 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: OpenBSD
CVE-2007-0342 (WebCore in Apple WebKit build 18794 allows remote attackers to cause a ...)
	NOT-FOR-US: Apple WebKit
CVE-2007-0341 (Cross-site scripting (XSS) vulnerability in phpMyAdmin 2.8.1 and ...)
	- phpmyadmin 4:2.9.1.1-2 (medium)
	[sarge] - phpmyadmin <not-affected> (Vulnerable code not present)
CVE-2007-0340 (SQL injection vulnerability in inc/header.inc.php in ThWboard ...)
	NOT-FOR-US: ThWboard
CVE-2007-0339 (SQL injection vulnerability in index.php (aka the login form) in ...)
	NOT-FOR-US: FileMailer
CVE-2007-0338 (Heap-based buffer overflow in Dream FTP Server allows remote attackers ...)
	NOT-FOR-US: BolinTech Dream FTP Server
CVE-2007-0337 (Directory traversal vulnerability in sesskglogadmin.php in KGB 1.9 and ...)
	NOT-FOR-US: KGB
CVE-2007-0336 (Undercover.app/Contents/Resources/uc in Rixstep Undercover allows ...)
	NOT-FOR-US: Rixstep
CVE-2007-0335 (Multiple directory traversal vulnerabilities in Jax Petition Book ...)
	NOT-FOR-US: Jax Petition Book
CVE-2007-0334 (Unspecified vulnerability in the SIP module in InGate Firewall and ...)
	NOT-FOR-US: Outpost Firewall Pro
CVE-2007-0333 (Agnitum Outpost Firewall PRO 4.0 allows local users to bypass access ...)
	NOT-FOR-US: Outpost Firewall Pro
CVE-2007-0332 ((1) admin/adminlien.php3 and (2) admin/modif.php3 in liens_dynamiques ...)
	NOT-FOR-US: liens_dynamiques
CVE-2007-0331 (Cross-site scripting (XSS) vulnerability in liens.php3 in ...)
	NOT-FOR-US: liens_dynamiques
CVE-2007-0330 (Buffer overflow in wsbho2k0.dll, as used by wsftpurl.exe, in Ipswitch ...)
	NOT-FOR-US: Ipswitch WS_FTP
CVE-2007-0329 (download.php in Joonas Viljanen JV2 Folder Gallery allows remote ...)
	NOT-FOR-US: Joonas Viljanen JV2 Folder Gallery
CVE-2007-0328 (The DWUpdateService ActiveX control in the agent (agent.exe) in ...)
	NOT-FOR-US: Macrovision
CVE-2007-0327
	RESERVED
CVE-2007-0326 (Multiple stack-based buffer overflows in the PhotoChannel Networks PNI ...)
	NOT-FOR-US: PNI Digital Media Photo Upload
CVE-2007-0325 (Multiple buffer overflows in the Trend Micro OfficeScan Web-Deployment ...)
	NOT-FOR-US: Trend Micro OfficeScan
CVE-2007-0324 (Multiple buffer overflows in the LizardTech DjVu Browser Plug-in ...)
	NOT-FOR-US: LizardTech DjVu Browser Plug-in
CVE-2007-0323 (Buffer overflow in the SetLanguage function in Research In Motion ...)
	NOT-FOR-US: Research In Motion (RIM) TeamOn Import Object ActiveX control
CVE-2007-0322 (Multiple stack-based buffer overflows in the Intuit QuickBooks Online ...)
	NOT-FOR-US: Intuit QuickBooks
CVE-2007-0321 (Buffer overflow in the Update Service Agent ActiveX Control in ...)
	NOT-FOR-US: FLEXnet Connect
CVE-2007-0320 (Multiple buffer overflows in (a) an ActiveX control (iftw.dll) and (b) ...)
	NOT-FOR-US: InstallFromTheWeb
CVE-2007-0319 (Multiple stack-based buffer overflows in the Motive ...)
	NOT-FOR-US: Motive ActiveEmailTest
CVE-2007-0318 (The do_hfs_truncate function in Mac OS X 10.4.8 allows ...)
	NOT-FOR-US: Apple Mac OS
CVE-2007-0317 (Format string vulnerability in the LogMessage function in FileZilla ...)
	- filezilla 3.0.0~beta2-3 (medium; bug #407683)
CVE-2007-0316 (Multiple SQL injection vulnerabilities in All In One Control Panel ...)
	NOT-FOR-US: All In One Control Panel (AIOCP)
CVE-2007-0315 (Multiple buffer overflows in FileZilla before 2.2.30a allow remote ...)
	- filezilla <not-affected> (fixed before the first Debian upload)
CVE-2007-0314 (Multiple PHP remote file inclusion vulnerabilities in Article System ...)
	NOT-FOR-US: Article System
CVE-2007-0313 (Unspecified vulnerability in GONICUS System Administration (GOsa) ...)
	- gosa 2.5.8-1 (medium)
	[etch] - gosa 2.5.6-2.1
CVE-2007-0312 (wcSimple Poll stores sensitive information under the web root with ...)
	NOT-FOR-US: wcSimple
CVE-2007-0311 (Texas Imperial Software WFTPD and WFTPD Pro Server 3.25 and earlier ...)
	NOT-FOR-US: Texas Imperial Software WFTPD Pro Server
CVE-2007-0310 (BMC Remedy Action Request System 5.01.02 Patch 1267 generates ...)
	NOT-FOR-US: BMC Software
CVE-2007-0309 (SQL injection vulnerability in blocks/block-Old_Articles.php in ...)
	NOT-FOR-US: PHP-Nuke
CVE-2007-0308 (Cross-site scripting (XSS) vulnerability in Plain Black WebGUI before ...)
	NOT-FOR-US: Poplar Gedcom Viewer
CVE-2007-0307 (PHP remote file inclusion vulnerability in include/common.php in ...)
	NOT-FOR-US: Poplar Gedcom Viewer
CVE-2007-0306 (SQL injection vulnerability in visu_user.asp in Digiappz DigiAffiliate ...)
	NOT-FOR-US: Digiappz
CVE-2007-0305 (SQL injection vulnerability in etkinlikbak.asp in Okul Web Otomasyon ...)
	NOT-FOR-US: Okul Merkezi Portal
CVE-2007-0304 (SQL injection vulnerability in duyuru.asp in MiNT Haber Sistemi 2.7 ...)
	NOT-FOR-US: MiNT Haber Sistemi
CVE-2007-0303 (Multiple unspecified vulnerabilities in Zina 1.0rc1 and earlier have ...)
	NOT-FOR-US: Zina
CVE-2007-0302 (Multiple cross-site scripting (XSS) vulnerabilities in InstantASP ...)
	NOT-FOR-US: InstantASP
CVE-2007-0301 (PHP remote file inclusion vulnerability in _admin/admin_menu.php in ...)
	NOT-FOR-US: FdWeB
CVE-2007-0300 (PHP remote file inclusion vulnerability in i-accueil.php in TLM CMS ...)
	NOT-FOR-US: TLM CMS
CVE-2007-0299 (Integer overflow in the byte_swap_sbin function in ...)
	NOT-FOR-US: Apple Mac OS
CVE-2007-0298 (PHP remote file inclusion vulnerability in show.php in LunarPoll, when ...)
	NOT-FOR-US: LunarPoll
CVE-2006-6944 (phpMyAdmin before 2.9.1.1 allows remote attackers to bypass Allow/Deny ...)
	{DSA-1370-2 DSA-1370-1}
	- phpmyadmin 4:2.9.1.1-2 (medium)
CVE-2006-6943 (PhpMyAdmin before 2.9.1.1 allows remote attackers to obtain the full ...)
	- phpmyadmin 4:2.9.1.1-2 (unimportant)
	NOTE: Only path disclosure
CVE-2006-6942 (Multiple cross-site scripting (XSS) vulnerabilities in PhpMyAdmin ...)
	{DSA-1370-2 DSA-1370-1}
	- phpmyadmin 4:2.9.1.1-2 (medium)
	NOTE: All versions 2.9.1 is vulnerable, solution is 2.9.1.1 or newer.
CVE-2006-6941 (index.php in FreeWebshop 2.2.2 and earlier allows remote attackers to ...)
	NOT-FOR-US: FreeWebshop
CVE-2006-6940 (Buffer overflow in the ParseHeader function in clsOWA.cls in POP3/SMTP ...)
	NOT-FOR-US: OWA
CVE-2003-1318 (Twilight Webserver 1.3.3.0 allows remote attackers to cause a denial ...)
	NOT-FOR-US: Twilight Webserver
CVE-2007-0297 (Unspecified vulnerability in Oracle PeopleSoft Enterprise and JD ...)
	NOT-FOR-US: Oracle
CVE-2007-0296 (Unspecified vulnerability in Oracle PeopleSoft Enterprise and JD ...)
	NOT-FOR-US: Oracle
CVE-2007-0295 (Unspecified vulnerability in Oracle PeopleSoft Enterprise and JD ...)
	NOT-FOR-US: Oracle
CVE-2007-0294 (Unspecified vulnerability in Oracle Enterprise Manager 10.2.0.1 has ...)
	NOT-FOR-US: Oracle
CVE-2007-0293 (Multiple unspecified vulnerabilities in Oracle Enterprise Manager ...)
	NOT-FOR-US: Oracle
CVE-2007-0292 (Multiple unspecified vulnerabilities in Oracle Enterprise Manager ...)
	NOT-FOR-US: Oracle
CVE-2007-0291 (Unspecified vulnerability in Oracle E-Business Suite and Applications ...)
	NOT-FOR-US: Oracle
CVE-2007-0290 (Multiple unspecified vulnerabilities in Oracle E-Business Suite and ...)
	NOT-FOR-US: Oracle
CVE-2007-0289 (Multiple unspecified vulnerabilities in Oracle Collaboration Suite ...)
	NOT-FOR-US: Oracle
CVE-2007-0288 (Unspecified vulnerability in Oracle Application Server 10.1.4.0 has ...)
	NOT-FOR-US: Oracle
CVE-2007-0287 (Unspecified vulnerability in Oracle Application Server 9.0.4.3, ...)
	NOT-FOR-US: Oracle
CVE-2007-0286 (Unspecified vulnerability in Oracle Application Server 10.1.2.0.2 and ...)
	NOT-FOR-US: Oracle
CVE-2007-0285 (Unspecified vulnerability in Oracle Application Server 9.0.4.3, ...)
	NOT-FOR-US: Oracle
CVE-2007-0284 (Multiple unspecified vulnerabilities in Oracle Application Server ...)
	NOT-FOR-US: Oracle
CVE-2007-0283 (Unspecified vulnerability in Oracle Application Server 9.0.4.3 and ...)
	NOT-FOR-US: Oracle
CVE-2007-0282 (Unspecified vulnerability in Oracle HTTP Server 9.0.1.5, Application ...)
	NOT-FOR-US: Oracle
CVE-2007-0281 (Multiple unspecified vulnerabilities in Oracle HTTP Server 9.0.1.5, ...)
	NOT-FOR-US: Oracle
CVE-2007-0280 (Unspecified vulnerability in Oracle HTTP Server 9.0.1.5, Application ...)
	NOT-FOR-US: Oracle
CVE-2007-0279 (Multiple unspecified vulnerabilities in Oracle HTTP Server 9.2.0.8 and ...)
	NOT-FOR-US: Oracle
CVE-2007-0278 (Multiple unspecified vulnerabilities in Oracle Database 8.1.7.4, ...)
	NOT-FOR-US: Oracle
CVE-2007-0277 (Unspecified vulnerability in Oracle Database client-only 10.1.0.4 has ...)
	NOT-FOR-US: Oracle
CVE-2007-0276 (Multiple unspecified vulnerabilities in Oracle Database 8.1.7.4 and ...)
	NOT-FOR-US: Oracle
CVE-2007-0275 (Cross-site scripting (XSS) vulnerability in Oracle Reports Web ...)
	NOT-FOR-US: Oracle
CVE-2007-0274 (Multiple unspecified vulnerabilities in Oracle Database 9.2.0.7 and ...)
	NOT-FOR-US: Oracle
CVE-2007-0273 (Unspecified vulnerability in Oracle Database 9.0.1.5, 9.2.0.8, ...)
	NOT-FOR-US: Oracle
CVE-2007-0272 (Multiple buffer overflows in MDSYS.MD in Oracle Database 8.1.7.4, ...)
	NOT-FOR-US: Oracle
CVE-2007-0271 (Unspecified vulnerability in Oracle Database 9.0.1.5 and 9.2.0.7 has ...)
	NOT-FOR-US: Oracle
CVE-2007-0270 (Buffer overflow in SYS.DBMS_DRS in Oracle Database 9.2.0.7 and ...)
	NOT-FOR-US: Oracle
CVE-2007-0269 (Unspecified vulnerability in Oracle Database 9.2.0.8, 10.1.0.5, and ...)
	NOT-FOR-US: Oracle
CVE-2007-0268 (Multiple unspecified vulnerabilities in Oracle Database 9.0.1.5, ...)
	NOT-FOR-US: Oracle
CVE-2007-0267 (The ufs_lookup function in the Mac OS X 10.4.8 and FreeBSD 6.1 kernels ...)
	NOT-FOR-US: UFS filesystem on MacOS/FreeBSD
CVE-2007-0266 (SQL injection vulnerability in boxx/ShowAppendix.asp in Ezboxx Portal ...)
	NOT-FOR-US: Ezboxx Portal
CVE-2007-0265 (Multiple cross-site scripting (XSS) vulnerabilities in Ezboxx Portal ...)
	NOT-FOR-US: Ezboxx Portal
CVE-2007-0264 (Buffer overflow in Winzip32.exe in WinZip 9.0 allows local users to ...)
	NOT-FOR-US: Winzip
CVE-2007-0263 (Unspecified vulnerability in Total Commander before 6.5.6 allows ...)
	NOT-FOR-US: Total Commander
CVE-2007-0262 (WordPress 2.0.6, and 2.1Alpha 3 (SVN:4662), does not properly verify ...)
	{DTSA-33-1}
	- wordpress 2.0.8-1 (unimportant; bug #407289)
CVE-2007-0261 (snews.php in sNews 1.5.30 and earlier does not properly exit when ...)
	NOT-FOR-US: sNews
CVE-2007-0260 (** DISPUTED ** ...)
	NOT-FOR-US: Naig
CVE-2007-0259 (Ezboxx Portal System Beta 0.7.6 and earlier allows remote attackers to ...)
	NOT-FOR-US: Ezboxx Portal
CVE-2007-0258 (Cross-site scripting (XSS) vulnerability in index.php in (1) Fastilo ...)
	NOT-FOR-US: Fastilo
CVE-2007-0257 (** DISPUTED ** ...)
	- kernel-patch-grsecurity2 2.1.10-1 (bug #407350)
	NOTE: exploitable as per http://grsecurity.net/pipermail/grsecurity/2007-January/000830.html
CVE-2007-0256 (VideoLAN VLC 0.8.6a allows remote attackers to cause a denial of ...)
	- vlc 0.8.6.c-1 (unimportant; bug #407290)
CVE-2007-0255 (XINE 0.99.4 allows user-assisted remote attackers to cause a denial of ...)
	NOTE: I've been looking into this, but I can't find a copy of the VLC code anywhere
	NOTE: This appears to be a generic crash
CVE-2007-0254 (Format string vulnerability in the errors_create_window function in ...)
	- xine-ui 0.99.4+dfsg+cvs20061111-1 (low; bug #407369)
	NOTE: If've verified the Etch version to contain the necessary format strings
CVE-2007-0253 (** DISPUTED ** ...)
	- kernel-patch-grsecurity2 2.1.10-1 (unimportant; bug #407350)
	NOTE: See CVE-2007-0257
CVE-2007-0252 (Unspecified vulnerability in easy-content filemanager allows remote ...)
	NOT-FOR-US: easy-content
CVE-2007-0251 (Integer underflow in the DecodeGRE function in src/decode.c in Snort ...)
	- snort <not-affected> (DecodeGRE function not in unstable version)
	NOTE: unstable contains version 2.3.3-11, and the last upstream is 2.6.1.2
	NOTE: This is fixed in upstream CVS so it's very likely to never affect Debian.
CVE-2007-0250 (index.php in Nwom topsites 3.0 allows remote attackers to obtain ...)
	NOT-FOR-US: NWOM Topsites 3.0
CVE-2007-0249 (Cross-site scripting (XSS) vulnerability in index.php in Nwom topsites ...)
	NOT-FOR-US: NWOM Topsites 3.0
CVE-2007-0247 (squid/src/ftp.c in Squid before 2.6.STABLE7 allows remote FTP servers ...)
	- squid 2.6.5-4 (low)
	[sarge] - squid <not-affected> (Vulnerable code not present)
CVE-2007-0246 (plugins/scmcvs/www/cvsweb.php in the CVSWeb CGI in GForge 4.5.16 ...)
	{DSA-1297-1}
	- gforge-plugin-scmcvs 4.5.14-6
CVE-2007-0245 (Heap-based buffer overflow in OpenOffice.org (OOo) 2.2.1 and earlier ...)
	{DSA-1307-1}
	- openoffice.org 2.2.1~rc1-1
	[lenny] - openoffice.org 2.0.4.dfsg.2-7etch1
CVE-2007-0244 (pptpgre.c in PoPToP Point to Point Tunneling Server (pptpd) before ...)
	{DSA-1288-2 DSA-1288-1}
	- pptpd 1.3.4-1
CVE-2007-0243 (Buffer overflow in Sun JDK and Java Runtime Environment (JRE) 5.0 ...)
	- sun-java5 1.5.0-10-1
CVE-2007-0242 (The UTF-8 decoder in codecs/qutfcodec.cpp in Qt 3.3.8 and 4.2.3 does ...)
	{DSA-1292-1}
	- qt4-x11 4.2.2-2
	- qt-x11-free 3:3.3.7-4
CVE-2007-0241
	RESERVED
	- linux-2.6 2.6.18.dfsg.1-12
CVE-2007-0240 (Cross-site scripting (XSS) vulnerability in Zope 2.10.2 and earlier ...)
	{DSA-1275-1}
	- zope2.9 2.9.7-1
	[etch] - zope2.9 2.9.6-4etch1
CVE-2007-0239 (OpenOffice.org (OOo) Office Suite allows user-assisted remote ...)
	{DSA-1270-1}
	- openoffice.org 2.0.4.dfsg.2-6
	[etch] - openoffice.org 2.0.4.dfsg.2-5etch1
CVE-2007-0238 (Stack-based buffer overflow in filter\starcalc\scflt.cxx in the ...)
	{DSA-1270-1}
	- openoffice.org 2.0.4.dfsg.2-6
	[etch] - openoffice.org 2.0.4.dfsg.2-5etch1
CVE-2007-0237 (The ndeb-binary feature in Lookup (lookup-el) allows local users to ...)
	{DSA-1269-1}
	- lookup-el 1.4-5 (low)
CVE-2007-0236 (Double free vulnerability in the _ATPsndrsp function in Apple Mac OS X ...)
	NOT-FOR-US: Mac OS X
CVE-2007-0235 (Stack-based buffer overflow in the glibtop_get_proc_map_s function in ...)
	{DSA-1255-1}
	- libgtop2 2.14.4-3 (medium; bug #407020)
	NOTE: libgtop does not contain the affected code.
CVE-2007-0234
	REJECTED
CVE-2007-0233 (wp-trackback.php in WordPress 2.0.6 and earlier does not properly ...)
	- wordpress 2.1.0-1 (unimportant)
	NOTE: This is argubly a php bug, CVE-2006-3017
CVE-2007-0232 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: Jshop Server
CVE-2007-0231 (Cross-site scripting (XSS) vulnerability in Movable Type (MT) 3.33, ...)
	NOT-FOR-US: Movable Type
CVE-2007-0230 (** DISPUTED ** PHP remote file inclusion vulnerability in install.php ...)
	NOT-FOR-US: CS-Cart
CVE-2007-0229 (Integer overflow in the ffs_mountfs function in Mac OS X 10.4.8 and ...)
	NOT-FOR-US: MacOS X
CVE-2007-0228 (The DataCollector service in EIQ Networks Network Security Analyzer ...)
	NOT-FOR-US: EIQ Networks Network Security Analyzer
CVE-2007-0227 (slocate 3.1 does not properly manage database entries that specify ...)
	- slocate 3.1-1.1 (bug #411937; low)
	[sarge] - slocate <not-affected> (Performs correct access checks)
	[etch] - slocate <no-dsa> (Minor issue)
	NOTE: slocate will allow users to find files in directories with the
	NOTE: executable bit set but without the readable bit set.  This is
	NOTE: an information leak.
CVE-2007-0226 (SQL injection vulnerability in wbsearch.aspx in uniForum 4 and earlier ...)
	NOT-FOR-US: uniForum
CVE-2007-0225 (Cross-site scripting (XSS) vulnerability in shopcustadmin.asp in ...)
	NOT-FOR-US: Shopping Cart
CVE-2007-0224 (SQL injection vulnerability in shopgiftregsearch.asp in VP-ASP ...)
	NOT-FOR-US: Shopping Cart
CVE-2007-0223 (SQL injection vulnerability in shared/code/cp_functions_downloads.php ...)
	NOT-FOR-US: All In One Control Panel (AIOCP)
CVE-2007-0222 (Directory traversal vulnerability in the EmChartBean server side ...)
	NOT-FOR-US: Oracle Application Server
CVE-2007-0221 (Integer overflow in the IMAP (IMAP4) support in Microsoft Exchange ...)
	NOT-FOR-US: Microsoft
CVE-2007-0220 (Cross-site scripting (XSS) vulnerability in Outlook Web Access (OWA) ...)
	NOT-FOR-US: Microsoft
CVE-2007-0219 (Microsoft Internet Explorer 5.01, 6, and 7 uses certain COM objects ...)
	NOT-FOR-US: Microsoft
CVE-2007-0218 (Microsoft Internet Explorer 5.01 and 6 allows remote attackers to ...)
	NOT-FOR-US: Microsoft
CVE-2007-0217 (The wininet.dll FTP client code in Microsoft Internet Explorer 5.01 ...)
	NOT-FOR-US: Microsoft
CVE-2007-0216 (wkcvqd01.dll in Microsoft Works 6 File Converter, as used in Office ...)
	NOT-FOR-US: Microsoft Office
CVE-2007-0215 (Stack-based buffer overflow in Microsoft Excel 2000 SP3, 2002 SP3, ...)
	NOT-FOR-US: Microsoft Excel
CVE-2007-0214 (The HTML Help ActiveX control (Hhctrl.ocx) in Microsoft Windows 2000 ...)
	NOT-FOR-US: Microsoft
CVE-2007-0213 (Microsoft Exchange Server 2000 SP3, 2003 SP1 and SP2, and 2007 does ...)
	NOT-FOR-US: Microsoft
CVE-2007-0212
	RESERVED
CVE-2007-0211 (The hardware detection functionality in the Windows Shell in Microsoft ...)
	NOT-FOR-US: Microsoft
CVE-2007-0210 (The Window Image Acquisition (WIA) Service in Microsoft Windows XP SP2 ...)
	NOT-FOR-US: Microsoft
CVE-2007-0209 (Microsoft Word in Office 2000 SP3, XP SP3, Office 2003 SP2, Works ...)
	NOT-FOR-US: Microsoft
CVE-2007-0208 (Microsoft Word in Office 2000 SP3, XP SP3, Office 2003 SP2, Works ...)
	NOT-FOR-US: Microsoft
CVE-2007-0207
	RESERVED
CVE-2007-0206 (Unspecified vulnerability in HP OpenView Network Node Manager (OV NNM) ...)
	NOT-FOR-US: OpenView Network Node Manager
CVE-2006-6939 (GNU ed before 0.3 allows local users to overwrite arbitrary files via ...)
	- ed 0.2-19
CVE-2006-6938 (Directory traversal vulnerability in includes/common.php in NitroTech ...)
	NOT-FOR-US: NitroTech CMS
CVE-2006-6937 (SQL injection vulnerability in displaypic.asp in Xtreme ASP Photo ...)
	NOT-FOR-US: ASP Photo Gallery
CVE-2006-6936 (Cross-site scripting (XSS) vulnerability in Xtreme ASP Photo Gallery ...)
	NOT-FOR-US: ASP Photo Gallery
CVE-2006-6935 (SQL injection vulnerability in the login component in Portix-PHP 0.4.2 ...)
	NOT-FOR-US: Portix
CVE-2006-6934 (Multiple cross-site scripting (XSS) vulnerabilities in Portix-PHP ...)
	NOT-FOR-US: Portix
CVE-2006-6933 (Easy Chat Server 2.1 stores sensitive information under the web root ...)
	NOT-FOR-US: Easy Chat Server
CVE-2006-6932 (Multiple SQL injection vulnerabilities in Image Gallery with Access ...)
	NOT-FOR-US: Image Gallery
CVE-2006-6931 (Algorithmic complexity vulnerability in Snort before 2.6.1, during ...)
	- snort 2.7.0-1 (low; bug #407421)
	[sarge] - snort <no-dsa> (Minor issue)
	[etch] - snort <no-dsa> (Minor issue)
CVE-2006-6930 (SQL injection vulnerability in viewad.asp in Rapid Classified 3.1 ...)
	NOT-FOR-US: Rapid Classified
CVE-2006-6929 (Multiple cross-site scripting (XSS) vulnerabilities in Rapid ...)
	NOT-FOR-US: Rapid Classified
CVE-2006-6928 (Multiple cross-site scripting (XSS) vulnerabilities in Rialto 1.6 ...)
	NOT-FOR-US: Rialto
CVE-2006-6927 (Multiple SQL injection vulnerabilities in Rialto 1.6 allow remote ...)
	NOT-FOR-US: Rialto
CVE-2006-6926 (Buffer overflow in eXtremail 2.1 has unknown impact and attack ...)
	NOT-FOR-US: eXtremail
CVE-2006-6925 (Multiple cross-site scripting (XSS) vulnerabilities in bitweaver 1.3.1 ...)
	NOT-FOR-US: bitweaver
CVE-2006-6924 (bitweaver 1.3.1 and earlier allows remote attackers to obtain ...)
	NOT-FOR-US: bitweaver
CVE-2006-6923 (SQL injection vulnerability in newsletters/edition.php in bitweaver ...)
	NOT-FOR-US: bitweaver
CVE-2006-6922 (SQL injection vulnerability in Deadlock User Management System ...)
	NOT-FOR-US: Deadlock
CVE-2006-6921 (Unspecified versions of the Linux kernel allow local users to cause a ...)
	- linux-2.6 2.6.18-1 (low)
CVE-2005-4823 (Buffer overflow in the HP HTTP Server 5.0 through 5.95 of the HP ...)
	NOT-FOR-US: HP
CVE-2007-XXXX [udev wrong permissions on raid devices]
	- udev 0.105-2 (bug #404927)
	[sarge] - udev <not-affected> (Doesn't affect Sarge)
CVE-2007-XXXX [yacas insecure rpath]
	- yacas 1.0.57-3 (bug #399226; bug #399227; low)
CVE-2007-0248 (The aclMatchExternal function in Squid before 2.6.STABLE7 allows ...)
	- squid 2.6.5-4 (low; bug #407202)
	[sarge] - squid <not-affected> (Vulnerable code not present)
	NOTE: reference - http://secunia.com/advisories/23767/
CVE-2007-XXXX [bcfg2 password disclosure]
	- bcfg2 0.8.7.3-1 (low; bug #406285)
	[etch] - bcfg2 0.8.6.1-1.1etch1
CVE-2007-XXXX [mysql 5.0 several DoS vulns]
	- mysql-dfsg-5.0 5.0.32-1
CVE-2007-0205 (Directory traversal vulnerability in admin/skins.php for @lex ...)
	NOT-FOR-US: @alex
CVE-2006-6920 (Cross-site scripting (XSS) vulnerability in Nucleus before 3.24 allows ...)
	NOT-FOR-US: Nucleus
CVE-2006-6919 (Firefox Sage extension 1.3.8 and earlier allows remote attackers to ...)
	- firefox-sage 1.3.6-3
	NOTE: 1.3.6-3 disabled HTML mode entirely
CVE-2006-6918 (Unspecified vulnerability in the Admin login for Georgian discussion ...)
	NOT-FOR-US: GeoBB
CVE-2006-6917 (Multiple buffer overflows in Computer Associates (CA) BrightStor ...)
	NOT-FOR-US: Computer Associates (CA)
CVE-2006-6916 (Getahead Direct Web Remoting (DWR) before 1.1.3 allows attackers to ...)
	NOT-FOR-US: Getahead
CVE-2007-0204 (Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin ...)
	- phpmyadmin 4:2.9.1.1-2 (bug #406486; low)
	[sarge] - phpmyadmin <not-affected> (vulnerable code not present)
CVE-2007-0203 (Multiple unspecified vulnerabilities in phpMyAdmin before 2.9.2-rc1 ...)
	- phpmyadmin 4:2.9.1.1-2 (bug #406486; low)
	[sarge] - phpmyadmin <not-affected> (vulnerable code not present)
	NOTE: duplicate of CVE-2006-6374?
CVE-2007-0202 (SQL injection vulnerability in index.php in @lex Guestbook 4.0.2 and ...)
	NOT-FOR-US: @lex
CVE-2007-0201 (Buffer overflow in the cmd_usr function in ftp-gw in TIS Internet ...)
	NOT-FOR-US: TIS
CVE-2007-0200 (PHP remote file inclusion vulnerability in template.php in Geoffrey ...)
	NOT-FOR-US: Geoffrey Golliher Axiom Photo/News Gallery
CVE-2007-0199 (The Data-link Switching (DLSw) feature in Cisco IOS 11.0 through 12.4 ...)
	NOT-FOR-US: Cisco
CVE-2007-0198 (The JTapi Gateway process in Cisco Unified Contact Center Enterprise, ...)
	NOT-FOR-US: Cisco
CVE-2007-0197 (Finder 10.4.6 on Apple Mac OS X 10.4.8 allows user-assisted remote ...)
	NOT-FOR-US: Apple Mac OS
CVE-2007-0196 (SQL injection vulnerability in admin_check_user.asp in Motionborg Web ...)
	NOT-FOR-US: Motionborg Web Real Estate
CVE-2007-0195 (my.activation.php3 in F5 FirePass 5.4 through 5.5.1 and 6.0 displays ...)
	NOT-FOR-US: F5
CVE-2007-0194 (admin.php in MKPortal M1.1 RC1 allows remote attackers to obtain ...)
	NOT-FOR-US: MKPortal
CVE-2007-0193 (FON La Fonera routers do not properly limit DNS service access by ...)
	NOT-FOR-US: FON La Fonera
CVE-2007-0192 (Cross-site request forgery (CSRF) vulnerability in the save_main ...)
	NOT-FOR-US: MKPortal
CVE-2007-0191 (Cross-site scripting (XSS) vulnerability in admin.php in MKPortal ...)
	NOT-FOR-US: MKPortal
CVE-2007-0190 (PHP remote file inclusion vulnerability in edit_address.php in edit-x ...)
	NOT-FOR-US: edit-x ecommerce
CVE-2007-0189 (** DISPUTED ** ...)
	NOT-FOR-US: GeoBB
CVE-2007-0188 (F5 FirePass 5.4 through 5.5.1 does not properly enforce host access ...)
	NOT-FOR-US: F5
CVE-2007-0187 (F5 FirePass 5.4 through 5.5.2 and 6.0 allows remote attackers to ...)
	NOT-FOR-US: F5
CVE-2007-0186 (Multiple cross-site scripting (XSS) vulnerabilities in F5 FirePass SSL ...)
	NOT-FOR-US: F5
CVE-2007-0185 (Getahead Direct Web Remoting (DWR) before 1.1.4 allows attackers to ...)
	NOT-FOR-US: Getahead
CVE-2007-0184 (Getahead Direct Web Remoting (DWR) before 1.1.4 allows attackers to ...)
	NOT-FOR-US: Getahead
CVE-2007-0183 (Cross-site scripting (XSS) vulnerability in /search in iPlanet Web ...)
	NOT-FOR-US: iPlanet Web
CVE-2007-0182 (Multiple PHP remote file inclusion vulnerabilities in magic photo ...)
	NOT-FOR-US: Magic photo storage website
CVE-2007-0181 (PHP remote file inclusion vulnerability in include/common_function.php ...)
	NOT-FOR-US: Magic Photo Storage website
CVE-2007-0180 (Stack-based buffer overflow in EF Commander 5.75 allows user-assisted ...)
	NOT-FOR-US: EF Commander
CVE-2007-0179 (SQL injection vulnerability in comment.php in PHPKIT 1.6.1 R2 allows ...)
	NOT-FOR-US: PHPKIT
CVE-2007-0178 (PHP remote file inclusion vulnerability in info.php in Easy Banner Pro ...)
	NOT-FOR-US: Easy Banner Pro
CVE-2007-0177 (Cross-site scripting (XSS) vulnerability in the AJAX module in ...)
	- mediawiki 1.7.1-6 (bug #406238; medium)
	NOTE: vendor advisory: http://sourceforge.net/forum/forum.php?forum_id=652721
CVE-2007-0176 (Cross-site scripting (XSS) vulnerability in search/advanced_search.php ...)
	{DSA-1475-1}
	- gforge 4.6.99+svn6347-1 (low; bug #406244)
	[sarge] - gforge <not-affected> (Vulnerable code not present)
CVE-2007-0175 (Cross-site scripting (XSS) vulnerability in htsrv/login.php in ...)
	{DSA-1568-1}
	- b2evolution 0.9.2-4 (bug #410568; low)
CVE-2007-0174 (Multiple stack-based multiple buffer overflows in the BRWOSSRE2UC.dll ...)
	NOT-FOR-US: Sina UC2006
CVE-2007-0173 (Directory traversal vulnerability in index.php in L2J Statistik Script ...)
	NOT-FOR-US: L2J Statistik Script
CVE-2007-0172 (Multiple PHP remote file inclusion vulnerabilities in AllMyGuests ...)
	NOT-FOR-US: AllMyGuest
CVE-2007-0171 (PHP remote file inclusion vulnerability in index.php in AllMyLinks ...)
	NOT-FOR-US: AllMyLinks
CVE-2007-0170 (PHP remote file inclusion vulnerability in index.php in AllMyVisitors ...)
	NOT-FOR-US: AllmyVisitors
CVE-2007-0169 (Multiple buffer overflows in Computer Associates (CA) BrightStor ...)
	NOT-FOR-US: Computer Associates (CA)
CVE-2007-0168 (The Tape Engine service in Computer Associates (CA) BrightStor ...)
	NOT-FOR-US: Computer Associates (CA)
CVE-2007-0167 (Multiple PHP file inclusion vulnerabilities in WGS-PPC (aka PPC Search ...)
	NOT-FOR-US: PPC Search
CVE-2007-0166 (The jail rc.d script in FreeBSD 5.3 up to 6.2 does not verify ...)
	- kfreebsd-5 <not-affected>
CVE-2007-0165 (Unspecified vulnerability in libnsl in Sun Solaris 8 and 9 allows ...)
	NOT-FOR-US: Solaris
CVE-2007-0164 (Camouflage 1.2.1 embeds password information in the carrier file, ...)
	NOT-FOR-US: Camouflage
CVE-2007-0163 (SecureKit Steganography 1.7.1 and 1.8 embeds password information in ...)
	NOT-FOR-US: Steganography
CVE-2007-0162 (Unsanity Application Enhancer (APE) 2.0.2 installs with insecure ...)
	NOT-FOR-US: Mac OS X
CVE-2007-0161 (The PML Driver HPZ12 (HPZipm12.exe) in the HP all-in-one drivers, as ...)
	NOT-FOR-US: HP all-in-one drivers
CVE-2007-0160 (Stack-based buffer overflow in the LiveJournal support ...)
	- centericq 4.21.0-17 (low)
	[sarge] - centericq <no-dsa> (Not exploitable with official LiveJournal server)
	NOTE: The bug really exist but, is not exploitable because the LiveJournal server
	NOTE: has a length restriction on both the username (15 characters) and the real name
	NOTE: (50 characters). In my opnion is only exploitable if the user try connect in
	NOTE: fake LiveJournal server. All version of Debian centericq packages have a
	NOTE: compromised code.
CVE-2007-0159 (Directory traversal vulnerability in the GeoIP_update_database_general ...)
	- geoip 1.3.17-1.1 (bug #406628; low)
	[sarge] - geoip <no-dsa> (Minor issue)
CVE-2007-0158
	RESERVED
CVE-2007-0157 (Array index error in the uri_lookup function in the URI parser for ...)
	- neon26 0.26.2-3.1 (medium; bug #404723)
	NOTE: neon25 doesn't have the uri_lookup macro
CVE-2007-0156 (M-Core stores the database under the web document root, which allows ...)
	NOT-FOR-US: M-Core
CVE-2007-0155 (HarikaOnline 2.0 stores sensitive information under the web root with ...)
	NOT-FOR-US: HarikaOnline
CVE-2007-0154 (Webulas stores sensitive information under the web root with ...)
	NOT-FOR-US: Webulas
CVE-2007-0153 (AJLogin 3.5 stores sensitive information under the web root with ...)
	NOT-FOR-US: AJLogin
CVE-2007-0152 (OhhASP stores sensitive information under the web root with ...)
	NOT-FOR-US: OhhASP
CVE-2007-0151 (MitiSoft stores sensitive information under the web root with ...)
	NOT-FOR-US: MitiSoft
CVE-2007-0150 (Multiple PHP remote file inclusion vulnerabilities in index.php in ...)
	NOT-FOR-US: Dayfox
CVE-2007-0149 (EMembersPro 1.0 stores sensitive information under the web root with ...)
	NOT-FOR-US: EMembersPro
CVE-2007-0148 (Format string vulnerability in OmniGroup OmniWeb 5.5.1 allows remote ...)
	NOT-FOR-US: OminiGroup
CVE-2007-0147 (Cuyahoga before 1.0.1 installs the FCKEditor component with an ...)
	NOT-FOR-US: Cuyahoga
CVE-2007-0146 (Multiple cross-site scripting (XSS) vulnerabilities in Fix and Chips ...)
	NOT-FOR-US: Fix and Chips
CVE-2007-0145 (PHP remote file inclusion vulnerability in bn_smrep1.php in BinGoPHP ...)
	NOT-FOR-US: BinGoPHP
CVE-2007-0144 (Cross-site scripting (XSS) vulnerability in search.asp in Digitizing ...)
	NOT-FOR-US: DIGITIZING QUOTE AND ORDERING SYSTEM
CVE-2007-0143 (Multiple PHP remote file inclusion vulnerabilities in NUNE News Script ...)
	NOT-FOR-US: NUNE News
CVE-2007-0142 (SQL injection vulnerability in orange.asp in ShopStoreNow E-commerce ...)
	NOT-FOR-US: ShopStoreNow
CVE-2007-0141 (Cross-site scripting (XSS) vulnerability in yald.php in Yet Another ...)
	NOT-FOR-US: YALD
CVE-2007-0140 (SQL injection vulnerability in down.asp in Kolayindir Download ...)
	NOT-FOR-US: Kolayindir
CVE-2006-6915 (ftpd in IBM AIX 5.2.0 and 5.3.0 allows remote authenticated users to ...)
	NOT-FOR-US: IBM
CVE-2006-6914 (Unspecified vulnerability in ftpd in IBM AIX 5.2.0 and 5.3.0 allows ...)
	NOT-FOR-US: IBM
CVE-2006-6913 (Unspecified vulnerability in phpMyFAQ 1.6.7 and earlier allows remote ...)
	NOT-FOR-US: phpMyFAQ
CVE-2006-6912 (SQL injection vulnerability in phpMyFAQ 1.6.7 and earlier allows ...)
	NOT-FOR-US: phpMyFAQ
CVE-2006-6911 (SQL injection vulnerability in search.asp in Digitizing Quote And ...)
	NOT-FOR-US: DIGITIZING QUOTE AND ORDERING SYSTEM
CVE-2004-2675 (ArGoSoft FTP Server before 1.4.1.6 allows remote authenticated users ...)
	NOT-FOR-US: ArgoSoft FTP Server
CVE-2004-2674 (Directory traversal vulnerability in ArGoSoft FTP Server before ...)
	NOT-FOR-US: ArgoSoft FTP Server
CVE-2004-2673 (Multiple buffer overflows in ArGoSoft FTP Server before 1.4.1.6 allow ...)
	NOT-FOR-US: ArgoSoft FTP Server
CVE-2004-2672 (Unspecified vulnerability in ArGoSoft FTP server before 1.4.2.2 allows ...)
	NOT-FOR-US: ArgoSoft FTP Server
CVE-2007-0139 (Unspecified vulnerability in the DECnet-Plus 7.3-2 feature in ...)
	NOT-FOR-US: DECnet-Plus
CVE-2007-0138 (formbankcgi.exe in Fersch Formbankserver 1.9, when the PATH_INFO ...)
	NOT-FOR-US: Formbankserver
CVE-2007-0137 (Cross-site scripting (XSS) vulnerability in SimpleBoxes/SerendipityNZ ...)
	NOT-FOR-US: Serene Bach
CVE-2007-0136 (Multiple cross-site scripting (XSS) vulnerabilities in Drupal before ...)
	- drupal 4.7.5-1
	NOTE: vendor advisory: http://drupal.org/node/104233, DRUPAL-SA-2007-001
CVE-2007-0135 (PHP remote file inclusion vulnerability in inc/init.inc.php in Aratix ...)
	NOT-FOR-US: Aratix
CVE-2007-0134 (Multiple eval injection vulnerabilities in iGeneric iG Shop 1.0 allow ...)
	NOT-FOR-US: IG Shop
CVE-2007-0133 (Multiple SQL injection vulnerabilities in display_review.php in ...)
	NOT-FOR-US: IG Shop
CVE-2007-0132 (SQL injection vulnerability in compare_product.php in iGeneric iG Shop ...)
	NOT-FOR-US: IG Shop
CVE-2007-0131 (JAMWiki before 0.5.0 does not properly check permissions during moves ...)
	NOT-FOR-US: JAMWiki
CVE-2007-0130 (SQL injection vulnerability in user.php in iGeneric iG Calendar 1.0 ...)
	NOT-FOR-US: iG Calendar
CVE-2007-0129 (SQL injection vulnerability in main.asp in LocazoList 2.01a beta5 and ...)
	NOT-FOR-US: LocazoList
CVE-2007-0128 (SQL injection vulnerability in info_book.asp in Digirez 3.4 and ...)
	NOT-FOR-US: Digirez
CVE-2007-0127 (The Javascript SVG support in Opera before 9.10 does not properly ...)
	NOT-FOR-US: Opera
CVE-2007-0126 (Heap-based buffer overflow in Opera 9.02 allows remote attackers to ...)
	NOT-FOR-US: Opera
CVE-2007-0125 (Kaspersky Labs Antivirus Engine 6.0 for Windows and 5.5-10 for Linux ...)
	NOT-FOR-US: Kaspersky Labs
CVE-2007-0124 (Unspecified vulnerability in Drupal before 4.6.11, and 4.7 before ...)
	- drupal 4.7.5-1 (low)
CVE-2007-0123 (Unrestricted file upload vulnerability in Uber Uploader 4.2 allows ...)
	NOT-FOR-US: Uber Uploader
CVE-2007-0122 (Multiple SQL injection vulnerabilities in Coppermine Photo Gallery ...)
	NOT-FOR-US: Coppermine Photo Gallery
CVE-2007-0121 (Cross-site scripting (XSS) vulnerability in search.asp in RI Blog 1.3 ...)
	NOT-FOR-US: RI Blog
CVE-2007-0120 (Acunetix Web Vulnerability Scanner (WVS) 4.0 Build 20060717 and ...)
	NOT-FOR-US: Acunetix Web Vulnerability Scanner
CVE-2007-0119 (Multiple cross-site scripting (XSS) vulnerabilities in EditTag 1.2 ...)
	NOT-FOR-US: EditTag
CVE-2007-0118 (Multiple absolute path traversal vulnerabilities in EditTag 1.2 allow ...)
	NOT-FOR-US: EditTag
CVE-2007-0117 (DiskManagementTool in the DiskManagement.framework 92.29 on Mac OS X ...)
	NOT-FOR-US: Mac OS
CVE-2007-0116 (Digger Solutions Intranet Open Source (IOS) stores sensitive ...)
	NOT-FOR-US: Digger Solutions Intranet Open Source (IOS)
CVE-2007-0115 (Static code injection vulnerability in Coppermine Photo Gallery 1.4.10 ...)
	NOT-FOR-US: Coppermine Photo Gallery
CVE-2007-0114 (Sun Java System Content Delivery Server 5.0 and 5.0 PU1 allows remote ...)
	NOT-FOR-US: Sun Java System Content Delivery Server
CVE-2007-0113 (Buffer overflow in Packeteer PacketShaper PacketWise 8.x allows remote ...)
	NOT-FOR-US: PacketWise
CVE-2007-0112 (SQL injection vulnerability in cats.asp in createauction allows remote ...)
	NOT-FOR-US: createauction
CVE-2007-0111 (Buffer overflow in Resco Photo Viewer for PocketPC 4.11 and 6.01, as ...)
	NOT-FOR-US: PocketPC
CVE-2007-0110 (Cross-site scripting (XSS) vulnerability in nidp/idff/sso in Novell ...)
	NOT-FOR-US: Novell Access Manager
CVE-2007-0109 (wp-login.php in WordPress 2.0.5 and earlier displays different error ...)
	- wordpress 2.0.6-1 (low)
	NOTE: http://trac.wordpress.org/changeset/4665
CVE-2007-0108 (nwgina.dll in Novell Client 4.91 SP3 for Windows 2000/XP/2003 does not ...)
	NOT-FOR-US: Novell Client
CVE-2007-0105 (Stack-based buffer overflow in the CSAdmin service in Cisco Secure ...)
	NOT-FOR-US: Cisco
CVE-2007-0104 (The Adobe PDF specification 1.3, as implemented by (a) xpdf 3.0.1 ...)
	- kdegraphics 4:3.5.5-3 (unimportant)
	- koffice <unfixed> (unimportant)
	- poppler 0.4.5-5.1 (unimportant)
	- xpdf <unfixed> (bug #406852; unimportant)
	NOTE: hardly a security issue; if someone sends someone a crafted PDF file triggering
	NOTE: such an endless loop the user will simply abort kpdf and never look at
	NOTE: that file again, this is only denial of service by a _very_ far stretch
	NOTE: of imagination. I suppose KDE Security only issued an update for it
	NOTE: because the shared underlying code was part of the Month of Apple Bugs
	NOTE: and they wanted to debunk claims of code injection.
CVE-2007-0103 (The Adobe PDF specification 1.3, as implemented by Adobe Acrobat ...)
	NOT-FOR-US: Acrobat Reader
CVE-2007-0102 (The Adobe PDF specification 1.3, as implemented by Apple Mac OS X ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2007-0101 (Cross-site request forgery (CSRF) vulnerability in SPINE allows remote ...)
	NOT-FOR-US: SPINE
CVE-2007-0100 (The Perforce client does not restrict the set of files that it ...)
	NOT-FOR-US: Perforce
CVE-2007-0099 (Race condition in the msxml3 module in Microsoft XML Core Services ...)
	NOT-FOR-US: Microsoft
CVE-2007-0098 (Directory traversal vulnerability in language.php in VerliAdmin 0.3 ...)
	NOT-FOR-US: VerliAdmin
CVE-2007-0097 (Multiple stack-based buffer overflows in the (1) LoadTree and (2) ...)
	NOT-FOR-US: ConeXware PowerArchive
CVE-2007-0096 (CarbonCommunities stores sensitive information under the web root with ...)
	NOT-FOR-US: Carbon Communities
CVE-2007-0095 (phpMyAdmin 2.9.1.1 allows remote attackers to obtain sensitive ...)
	- phpmyadmin 4:2.9.1.1-1 (bug #399329; unimportant)
	NOTE: Only path disclosure
CVE-2007-0094 (Sven Moderow GuestBook 0.3a stores sensitive information under the web ...)
	NOT-FOR-US: Sven Moderow GuestBook
CVE-2007-0093 (SQL injection vulnerability in page.php in Simple Web Content ...)
	NOT-FOR-US: Simple Web Content Management System
CVE-2007-0092 (SQL injection vulnerability in productdetail.asp in E-SMARTCART 1.0 ...)
	NOT-FOR-US: E-SMARTCART
CVE-2007-0091 (newsCMSlite stores sensitive information under the web root with ...)
	NOT-FOR-US: newsCMSlite
CVE-2007-0090 (WineGlass stores sensitive information under the web root with ...)
	NOT-FOR-US: WineGlass
CVE-2007-0089 (jgbbs stores sensitive information under the web root with ...)
	NOT-FOR-US: jgbbs
CVE-2007-0088 (Multiple directory traversal vulnerabilities in openmedia allow remote ...)
	NOT-FOR-US: openmedia
CVE-2007-0087 (** DISPUTED ** ...)
	NOT-FOR-US: Microsoft IIS
CVE-2007-0086 (** DISPUTED ** ...)
	- apache <unfixed> (unimportant)
	- apache2 <unfixed> (unimportant)
CVE-2007-0085 (Unspecified vulnerability in sys/dev/pci/vga_pci.c in the VGA graphics ...)
	NOT-FOR-US: OpenBSD VGA wscons driver
CVE-2007-0084 (** DISPUTED ** ...)
	NOT-FOR-US: Windows NT
CVE-2007-0083 (Cross-site scripting (XSS) vulnerability in Nuked Klan 1.7 and earlier ...)
	NOT-FOR-US: Nuked Klan
CVE-2007-0082 (users_adm/start1.php in IMGallery 2.5 and earlier does not properly ...)
	NOT-FOR-US: IMGallery
CVE-2007-0081 (Sunbelt Kerio Personal Firewall (SKPF) 4.3.268 and 4.3.246, and ...)
	NOT-FOR-US: Sunbelt Kerio Personal Firewall
CVE-2007-0080 (** DISPUTED ** ...)
	- freeradius <unfixed> (unimportant)
	NOTE: Data triggering the buffer overflow can only be controlled by root
CVE-2007-0079 (rblog stores sensitive information under the web root with ...)
	NOT-FOR-US: rblog
CVE-2007-0078 (BattleBlog stores sensitive information under the web root with ...)
	NOT-FOR-US: BattleBlog
CVE-2007-0077 (lblog stores sensitive information under the web root with ...)
	NOT-FOR-US: lblog
CVE-2007-0076 (Openforum stores sensitive information under the web root with ...)
	NOT-FOR-US: Openforum
CVE-2007-0075 (AspBB stores sensitive information under the web root with ...)
	NOT-FOR-US: AspBB
CVE-2007-0074 (Heap-based buffer overflow in an unspecified procedure in Trend Micro ...)
	NOT-FOR-US: Trend Micro
CVE-2007-0073 (Heap-based buffer overflow in an unspecified procedure in Trend Micro ...)
	NOT-FOR-US: Trend Micro
CVE-2007-0072 (Heap-based buffer overflow in an unspecified procedure in Trend Micro ...)
	NOT-FOR-US: Trend Micro
CVE-2007-0071 (Integer overflow in Adobe Flash Player 9.0.115.0 and earlier, and ...)
	- flashplugin-nonfree 1:1.4
	NOTE: Fix came from Adobe via new Adobe Flash Player, debian package didn't change
CVE-2007-0070
	RESERVED
CVE-2007-0069 (Unspecified vulnerability in the kernel in Microsoft Windows XP SP2, ...)
	NOT-FOR-US: Microsoft Windows
CVE-2007-0068 (IBM Lotus Domino 7.0.x before 7.0.3 does not revalidate the signature ...)
	NOT-FOR-US: IBM Lotus Domino
CVE-2007-0067 (Unspecified vulnerability in the Lotus Domino Web Server 6.0, 6.5.x ...)
	NOT-FOR-US: Lotus Domino Server
CVE-2007-0066 (The kernel in Microsoft Windows 2000 SP4, XP SP2, and Server 2003, ...)
	NOT-FOR-US: Microsoft Windows
CVE-2007-0065 (Heap-based buffer overflow in Object Linking and Embedding (OLE) ...)
	NOT-FOR-US: Microsoft Windows
CVE-2007-0064 (Heap-based buffer overflow in Windows Media Format Runtime 7.1, 9, ...)
	NOT-FOR-US: Windows
CVE-2007-0063 (Integer underflow in the DHCP server in EMC VMware Workstation before ...)
	- vmware-package 0.16
CVE-2007-0062 (Integer overflow in the ISC dhcpd 3.0.x before 3.0.7 and 3.1.x before ...)
	- vmware-package 0.16
CVE-2007-0061 (The DHCP server in EMC VMware Workstation before 5.5.5 Build 56455 and ...)
	- vmware-package 0.16
CVE-2007-0060 (Stack-based buffer overflow in the Message Queuing Server (Cam.exe) in ...)
	NOT-FOR-US: CA
CVE-2007-0059 (Cross-zone scripting vulnerability in Apple Quicktime 3 to 7.1.3 ...)
	NOT-FOR-US: Apple Quicktime
CVE-2007-0058 (Cisco Clean Access (CCA) 3.5.x through 3.5.9 and 3.6.x through 3.6.1.1 ...)
	NOT-FOR-US: Cisco
CVE-2007-0057 (Cisco Clean Access (CCA) 3.6.x through 3.6.4.2 and 4.0.x through ...)
	NOT-FOR-US: Cisco
CVE-2007-0056 (Multiple cross-site scripting (XSS) vulnerabilities in AShop Deluxe ...)
	NOT-FOR-US: AShop Deluxe
CVE-2007-0055 (Directory traversal vulnerability in formbankcgi.exe/AbfrageForm in ...)
	NOT-FOR-US: Formbankserver
CVE-2007-0054 (Cross-site scripting (XSS) vulnerability in gbrowse.php in Belchior ...)
	NOT-FOR-US: Belchior Foundry vCard PRO
CVE-2007-0053 (SQL injection vulnerability in detail.asp in ASP SiteWare autoDealer ...)
	NOT-FOR-US: ASP SiteWare autoDealer
CVE-2007-0052 (SQL injection vulnerability in haberdetay.asp in Vizayn Haber allows ...)
	NOT-FOR-US: Vizayn Haber
CVE-2007-0051 (Format string vulnerability in Apple iPhoto 6.0.5 (316), and other ...)
	NOT-FOR-US: Apple iPhoto
CVE-2006-6910 (formbankcgi.exe in Fersch Formbankserver 1.9, when the PATH_INFO ...)
	NOT-FOR-US: Fersch Formbankserver
CVE-2006-6909 (Stack-based buffer overflow in http.c in Karl Dahlke Edbrowse (aka ...)
	NOT-FOR-US: Karl Dahlke Edbrowse
CVE-2006-6908 (Buffer overflow in the Bluetooth Stack COM Server in the Widcomm ...)
	NOT-FOR-US: Bluetooth Stack COM Server (Windows)
CVE-2006-6907 (Unspecified vulnerability in the Bluesoil Bluetooth stack has unknown ...)
	NOT-FOR-US: Bluesoil Bluetooth
CVE-2006-6906 (Unspecified vulnerability in the Bluetooth stack on Mac OS 10.4.7 and ...)
	NOT-FOR-US: Bluetooth stack on Mac OS
CVE-2006-6905 (Unspecified vulnerability in the Widcomm Bluetooth stack allows remote ...)
	NOT-FOR-US: Widcomm Bluetooth
CVE-2006-6904 (Unspecified vulnerability in the Broadcom Bluetooth stack allows ...)
	NOT-FOR-US: Broadcom
CVE-2006-6903 (Unspecified vulnerability in the Toshiba Bluetooth stack allows remote ...)
	NOT-FOR-US: Toshiba Bluetooth stack
CVE-2006-6902 (Unspecified vulnerability in the Bluetooth stack in Microsoft Windows ...)
	NOT-FOR-US: Windows Mobile
CVE-2006-6901 (Unspecified vulnerability in the Bluetooth stack in Microsoft Windows ...)
	NOT-FOR-US: Microsoft Windows
CVE-2006-6900 (Unspecified vulnerability in the Bluetooth stack in Apple Mac OS 10.4 ...)
	NOT-FOR-US: Mac OS
CVE-2006-6899 (hidd in BlueZ (bluez-utils) before 2.25 allows remote attackers to ...)
	- bluez-utils 3.7-1 (bug #408889; medium)
CVE-2006-6898 (Widcomm Bluetooth for Windows (BTW) before 4.0.1.1500 allows remote ...)
	NOT-FOR-US: Widcomm Bluetooth
CVE-2006-6897 (Directory traversal vulnerability in Widcomm Bluetooth for Windows ...)
	NOT-FOR-US: Widcomm Bluetooth
CVE-2006-6896 (The Bluetooth stack in the Plantronic Headset does not properly ...)
	NOT-FOR-US: Plantronic Headset
CVE-2006-6895 (The Bluetooth stack in the Sony Ericsson T60 does not properly ...)
	NOT-FOR-US: Sony Ericsson T60
CVE-2006-6894 (Multiple unspecified vulnerabilities in SPINE before 1.2 have unknown ...)
	NOT-FOR-US: SPINE
CVE-2006-6893 (Tor allows remote attackers to discover the IP address of a hidden ...)
	- tor <unfixed> (unimportant)
	NOTE: It could be argued that this is a laws-of-physics vulnerability
	NOTE: that is a fundamental design limitation of certain hardware
	NOTE: implementations.
CVE-2006-6892 (Cross-site scripting (XSS) vulnerability in the GetLocation function ...)
	NOT-FOR-US: Jonathon J. Freeman OvBB
CVE-2006-6891 (Vz (Adp) Forum 2.0.3 stores sensitive information under the web root ...)
	NOT-FOR-US: Vz Scripts ADP Forum
CVE-2006-6890 (Voodoo chat 1.0RC1b stores sensitive information under the web root ...)
	NOT-FOR-US: Voodoo chat
CVE-2006-6889 (FreeStyle Wiki (fswiki) 3.6.2 and earlier stores sensitive information ...)
	NOT-FOR-US: FreeStyle Wiki
CVE-2006-6888 (P-News 1.16 and 1.17 store sensitive information under the web root ...)
	NOT-FOR-US: P-News
CVE-2006-6887 (Unrestricted file upload vulnerability in logahead UNU 1.0 allows ...)
	NOT-FOR-US: logahead UNU
CVE-2006-6886 (phpwcms 1.2.5-DEV allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: phpwcms
CVE-2006-6885 (An ActiveX control in SwDir.dll in Macromedia Shockwave 10 allows ...)
	- flashplugin-nonfree <not-affected> (Windows-specific)
CVE-2006-6884 (Buffer overflow in the WZFILEVIEW.FileViewCtrl.61 ActiveX control (aka ...)
	NOT-FOR-US: Sky Software
CVE-2006-6883 (** DISPUTED ** ...)
	NOT-FOR-US: PHPIrc_bot
CVE-2006-6882 (Cross-site scripting (XSS) vulnerability in golden book allows remote ...)
	NOT-FOR-US: Golden Book
CVE-2006-6881 (Buffer overflow in the Get_Wep function in cofvnet.c for ATMEL Linux ...)
	NOT-FOR-US: ATMEL WLAN drivers
CVE-2006-6880 (Multiple SQL injection vulnerabilities in code/guestadd.php in ...)
	NOT-FOR-US: PHP-Update
CVE-2006-6879 (Unrestricted file upload vulnerability in admin/uploads.php in ...)
	NOT-FOR-US: PHP-Update
CVE-2006-6878 (admin/uploads.php in PHP-Update 2.7 and earlier allows remote ...)
	NOT-FOR-US: PHP-Update
CVE-2006-6877 (Directory traversal vulnerability in index.php in Matteo Lucarelli ...)
	NOT-FOR-US: Matteo Lucarelli 3editor
CVE-2006-6876 (Buffer overflow in the fetchsms function in the SMS handling module ...)
	- openser 1.1.1-1 (medium)
	[etch] - openser 1.1.0-9etch1
	NOTE: http://www.openser.org/pub/openser/1.1.1/ChangeLog
CVE-2006-6875 (Buffer overflow in the validateospheader function in the Open ...)
	- openser 1.1.1-1 (medium)
	[etch] - openser 1.1.0-9etch1
	NOTE: http://www.openser.org/pub/openser/1.1.1/ChangeLog
CVE-2006-6874 (Multiple cross-site scripting (XSS) vulnerabilities in friend.php in ...)
	NOT-FOR-US: eNdonesia CMS
CVE-2006-6873 (Multiple SQL injection vulnerabilities in mod.php in eNdonesia 8.4 ...)
	NOT-FOR-US: eNdonesia CMS
CVE-2006-6872 (Directory traversal vulnerability in mod.php in eNdonesia 8.4 allows ...)
	NOT-FOR-US: eNdonesia CMS
CVE-2006-6871 (Multiple cross-site scripting (XSS) vulnerabilities in eNdonesia 8.4 ...)
	NOT-FOR-US: eNdonesia CMS
CVE-2006-6869 (Directory traversal vulnerability in ...)
	NOT-FOR-US: MAXdev
CVE-2006-6868 (Multiple cross-site scripting (XSS) vulnerabilities in Zen Cart Web ...)
	NOT-FOR-US: Zen Cart
CVE-2006-6867 (Multiple PHP remote file inclusion vulnerabilities in Vladimir ...)
	NOT-FOR-US: buratinable templator (aka bubla)
CVE-2006-6866 (STphp EasyNews PRO 4.0 stores sensitive information under the web root ...)
	NOT-FOR-US: Ahead4
CVE-2006-6865 (Directory traversal vulnerability in SAFileUpSamples/util/viewsrc.asp ...)
	NOT-FOR-US: Softartisans
CVE-2006-6864 (PHP remote file inclusion vulnerability in E2_header.inc.php in ...)
	NOT-FOR-US: Enigma2
CVE-2006-6863 (** DISPUTED ** ...)
	NOT-FOR-US: Enigma2
CVE-2006-6862 (Multiple cross-site scripting (XSS) vulnerabilities in Outfront Spooky ...)
	NOT-FOR-US: Outfront Spooky Login
CVE-2006-6861 (Multiple SQL injection vulnerabilities in Outfront Spooky Login 2.7 ...)
	NOT-FOR-US: Outfront Spooky Login
CVE-2006-6860 (Buffer overflow in the sendToMythTV function in MythControlServer.c in ...)
	NOT-FOR-US: MythControl
CVE-2006-6859 (SQL injection vulnerability in coupon_detail.asp in Website Designs ...)
	NOT-FOR-US: Website Designs for Less
CVE-2004-2671 (mod.php in eNdonesia 8.3 allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: eNdonesia CMS
CVE-2004-2670 (Multiple cross-site scripting (XSS) vulnerabilities in mod.php in ...)
	NOT-FOR-US: eNdonesia
CVE-2003-1317 (Cross-site scripting (XSS) vulnerability in mod.php in eNdonesia 8.2 ...)
	NOT-FOR-US: eNdonesia CMS
CVE-2003-1316 (mod.php in eNdonesia 8.2 allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: eNdonesia CMS
CVE-2006-XXXX [ssmtp password leak]
	- ssmtp 2.61-10.1 (bug #369542; low)
CVE-2006-6870 (The consume_labels function in avahi-core/dns.c in Avahi before 0.6.16 ...)
	- avahi 0.6.16-1 (low)
CVE-2007-0106 (Cross-site scripting (XSS) vulnerability in the CSRF protection scheme ...)
	- wordpress 2.0.6-1 (bug #405691; medium)
	NOTE: http://www.hardened-php.net/advisory_022007.141.html
CVE-2007-0107 (WordPress before 2.0.6, when mbstring is enabled for PHP, decodes ...)
	- wordpress 2.0.6-1 (bug #405691; medium)
	NOTE: http://www.hardened-php.net/advisory_012007.140.html
CVE-2007-0050 (** DISPUTED ** ...)
	NOT-FOR-US: OpenPinboard
CVE-2007-0049 (Geckovich TaskTracker Pro 1.5 and earlier allows remote attackers to ...)
	NOT-FOR-US: TaskTracker
CVE-2007-0048 (Adobe Acrobat Reader Plugin before 8.0.0, when used with Internet ...)
	NOT-FOR-US: Adobe Acrobat Reader with Internet Explorer
CVE-2007-0047 (CRLF injection vulnerability in Adobe Acrobat Reader Plugin before ...)
	NOT-FOR-US: Adobe Acrobat Reader with Internet Explorer
CVE-2007-0046 (Double free vulnerability in the Adobe Acrobat Reader Plugin before ...)
	NOT-FOR-US: Adobe Acrobat Reader Plugin
CVE-2007-0045 (Multiple cross-site scripting (XSS) vulnerabilities in Adobe Acrobat ...)
	{DSA-1336-1}
	NOT-FOR-US: Adobe Acrobat Reader Plugin
	NOTE: a fix for this is also in iceweasle 2.0.0.2+dfsg-1 (MFSA-2007-02)
	NOTE: and icape 1.0.8-1
CVE-2007-0044 (Adobe Acrobat Reader Plugin before 8.0.0 for the Firefox, Internet ...)
	NOT-FOR-US: Adobe Acrobat Reader Plugin
CVE-2007-0043 (The Just In Time (JIT) Compiler service in Microsoft .NET Framework ...)
	NOT-FOR-US: Microsoft .NET
CVE-2007-0042 (Interpretation conflict in ASP.NET in Microsoft .NET Framework 1.0, ...)
	NOT-FOR-US: Microsoft .NET
CVE-2007-0041 (The PE Loader service in Microsoft .NET Framework 1.0, 1.1, and 2.0 ...)
	NOT-FOR-US: Microsoft .NET
CVE-2007-0040 (The LDAP service in Windows Active Directory in Microsoft Windows 2000 ...)
	NOT-FOR-US: Microsoft Windows
CVE-2007-0039 (The Exchange Collaboration Data Objects (EXCDO) functionality in ...)
	NOT-FOR-US: Microsoft
CVE-2007-0038 (Stack-based buffer overflow in the animated cursor code in Microsoft ...)
	NOT-FOR-US: Microsoft
CVE-2007-0037
	RESERVED
CVE-2007-0036
	RESERVED
CVE-2007-0035 (Word (or Word Viewer) in Microsoft Office 2000 SP3, XP SP3, 2003 SP2, ...)
	NOT-FOR-US: Microsoft Word
CVE-2007-0034 (Buffer overflow in the Advanced Search (Finder.exe) feature of ...)
	NOT-FOR-US: Microsoft Outlook
CVE-2007-0033 (Microsoft Outlook 2002 and 2003 allows user-assisted remote attackers to ...)
	NOT-FOR-US: Microsoft Outlook
CVE-2007-0032
	RESERVED
CVE-2007-0031 (Heap-based buffer overflow in Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, ...)
	NOT-FOR-US: Microsoft Excel
CVE-2007-0030 (Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2004 for Mac, and v.X ...)
	NOT-FOR-US: Microsoft Excel
CVE-2007-0029 (Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2004 for Mac, and v.X for Mac ...)
	NOT-FOR-US: Microsoft Excel
CVE-2007-0028 (Microsoft Excel 2000, 2002, 2003, Viewer 2003, Office 2004 for Mac, ...)
	NOT-FOR-US: Microsoft Excel
CVE-2007-0027 (Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2004 for Mac, and v.X for Mac ...)
	NOT-FOR-US: Microsoft Excel
CVE-2007-0026 (The OLE Dialog component in Microsoft Windows 2000 SP4, XP SP2, and 2003 SP1 ...)
	NOT-FOR-US: Microsoft
CVE-2007-0025 (The MFC component in Microsoft Windows 2000 SP4, XP SP2, and 2003 SP1 ...)
	NOT-FOR-US: Microsoft
CVE-2007-0024 (Integer overflow in the Vector Markup Language (VML) implementation ...)
	NOT-FOR-US: Microsoft IE
CVE-2007-0023 (The CFUserNotificationSendRequest function in ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2007-0022 (Untrusted search path vulnerability in writeconfig in Apple Mac OS X ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2007-0021 (Format string vulnerability in Apple iChat 3.1.6 allows remote ...)
	NOT-FOR-US: Apple iChat
CVE-2007-0020 (Heap-based buffer overflow in the SFTP protocol handler for Panic ...)
	NOT-FOR-US: Panic Transmit
CVE-2007-0019 (Multiple heap-based buffer overflows in rumpusd in Rumpus 5.1 and ...)
	NOT-FOR-US: Maxum Rumpus
CVE-2007-0018 (Stack-based buffer overflow in the NCTAudioFile2.AudioFile ActiveX ...)
	NOT-FOR-US: NCTAudioFile2 ActiveX control
CVE-2007-0017 (Multiple format string vulnerabilities in (1) the cdio_log_handler ...)
	{DSA-1252-1}
	- vlc 0.8.6-svn20061012.debian-1.2 (bug #405425; medium)
CVE-2007-0016 (Stack-based buffer overflow in MoviePlay 4.76 allows remote attackers ...)
	NOT-FOR-US: MoviePlay
CVE-2006-6858 (Miredo 0.9.8 through 1.0.5 does not properly authenticate a Teredo ...)
	- miredo 1.0.4-2 (bug #405412; bug #405111; medium)
CVE-2006-6857 (Cross-site scripting (XSS) vulnerability in ...)
	NOT-FOR-US: Docebo LMS
CVE-2006-6856 (Direct static code injection vulnerability in WebText CMS 0.4.5.2 and ...)
	NOT-FOR-US: WebText CMS
CVE-2006-6855 (AIDeX Mini-WebServer 1.1 early release 3 allows remote attackers to ...)
	NOT-FOR-US: AIDeX Mini-WebServer
CVE-2006-6854 (The qcamvc_video_init function in qcamvc.c in De Marchi Daniele ...)
	NOT-FOR-US: QuickCam VC (linux-uvc and qc-usb in Debian are not related)
CVE-2006-6853 (Buffer overflow in Durian Web Application Server 3.02 freeware on ...)
	NOT-FOR-US: Durian Web Application Server
CVE-2006-6852 (Eval injection vulnerability in tDiary 2.0.3 and 2.1.4.200 61127 ...)
	- tdiary 2.0.2+20060303-5 (bug #403345; bug #404940; medium)
CVE-2006-6851 (Multiple cross-site scripting (XSS) vulnerabilities in contact_us.php ...)
	NOT-FOR-US: ac4p Mobilelib gold
CVE-2006-6850 (PHP remote file inclusion vulnerability in include.php in the Roster ...)
	NOT-FOR-US: Shadowed Portal / Roster Module
CVE-2006-6849 (administration/index.php in Cahier de texte (CDT) 2.2 does not ...)
	NOT-FOR-US: Cahier de texte (CDT)
CVE-2006-6848 (SQL injection vulnerability in admin.asp in ASPTicker 1.0 allows ...)
	NOT-FOR-US: ASPTicker
CVE-2006-6847 (An ActiveX control in ierpplug.dll for RealNetworks RealPlayer 10.5 ...)
	NOT-FOR-US: RealPlayer for Windows
CVE-2006-6846 (Multiple SQL injection vulnerabilities in While You Were Out (WYWO) ...)
	NOT-FOR-US: WYWO - InOut Board
CVE-2006-6845 (Cross-site scripting (XSS) vulnerability in index.php in CMS Made ...)
	NOT-FOR-US: CMS Made Simple
CVE-2006-6844 (Cross-site scripting (XSS) vulnerability in the optional user comment ...)
	NOT-FOR-US: CMS Made Simple
CVE-2006-6843 (PHP remote file inclusion vulnerability in the BE IT EasyPartner 0.0.9 ...)
	NOT-FOR-US: EasyPartner component for Joomla!
CVE-2006-6842 (SQL injection vulnerability in admin/admin_acronyms.php in the Acronym ...)
	NOT-FOR-US: Acronym Mod for phpBB2
CVE-2006-6841 (Certain forms in phpBB before 2.0.22 lack session checks, which has ...)
	{DSA-1488-1}
	- phpbb2 2.0.21-6 (bug #405980)
CVE-2006-6840 (Unspecified vulnerability in phpBB before 2.0.22 has unknown impact ...)
	{DSA-1488-1}
	- phpbb2 2.0.21-6 (bug #405980)
CVE-2006-6839 (Unspecified vulnerability in phpBB before 2.0.22 has unknown impact ...)
	{DSA-1488-1}
	- phpbb2 2.0.21-6 (bug #405980)
CVE-2006-6838 (Rediff Bol Downloader ActiveX (OCX) control allows remote attackers to ...)
	NOT-FOR-US: Rediff Bol Downloader ActiveX (OCX) control
CVE-2006-6837 (Multiple stack-based buffer overflows in the (1) LoadTree, (2) ...)
	NOT-FOR-US: Total Commander
CVE-2007-XXXX [webcam-server unspecified vulnerability]
	- webcam-server 0.50-2
CVE-2007-0015 (Buffer overflow in Apple QuickTime 7.1.3 allows remote attackers to ...)
	NOT-FOR-US: Apple Quicktime
CVE-2007-0014 (ChainKey Java Code Protection allows attackers to decompile Java class ...)
	NOT-FOR-US: ChainKey Java Code Protection
CVE-2007-0013
	RESERVED
CVE-2007-0012 (Sun JRE 5.0 before update 14 allows remote attackers to cause a denial ...)
	- sun-java5 <unfixed> (unimportant)
	- sun-java6 <unfixed> (unimportant)
	NOTE: not a security issue, browser dos treated as regular bugs, also likely Windows-specific
CVE-2007-0011 (The web portal interface in Citrix Access Gateway (aka Citrix Advanced ...)
	NOT-FOR-US: Citrix Access Gateway
CVE-2006-6836 (Multiple unspecified vulnerabilities in osp-cert in IBM OS/400 V5R3M0 ...)
	NOT-FOR-US: IBM
CVE-2006-6835 (SQL injection vulnerability in Journal.inc.php in Neocrome Land Down ...)
	NOT-FOR-US: Land Down Under
CVE-2006-6834 (Multiple unspecified vulnerabilities in Joomla! before 1.0.12 have ...)
	NOT-FOR-US: Joomla
CVE-2006-6833 (com_categories in Joomla! before 1.0.12 does not validate input, which ...)
	NOT-FOR-US: Joomla
CVE-2006-6832 (Cross-site scripting (XSS) vulnerability in Joomla! before 1.0.12 ...)
	NOT-FOR-US: Joomla
CVE-2006-6831 (SQL injection vulnerability in faqDsp.asp in aFAQ 1.0 allows remote ...)
	NOT-FOR-US: aFAQ
CVE-2006-6830 (PHP remote file inclusion vulnerability in b2verifauth.php in b2 Blog ...)
	NOT-FOR-US: b2 Blog
CVE-2006-6829 (Efkan Forum 1.0 and earlier store sensitive information under the web ...)
	NOT-FOR-US: Efkan Forum
CVE-2006-6828 (Multiple SQL injection vulnerabilities in Efkan Forum 1.0 and earlier ...)
	NOT-FOR-US: Efkan Forum
CVE-2006-6827 (Flash8b.ocx in Macromedia Flash 8 allows remote attackers to cause a ...)
	- flashplugin-nonfree <not-affected> (Windows-specific)
CVE-2006-6826 (Unspecified vulnerability in the tab editor for Personal .NET Portal ...)
	NOT-FOR-US: Personal .NET Portal
CVE-2006-6825 (Calendar MX BASIC 1.0.2 and earlier store sensitive information under ...)
	NOT-FOR-US: Calendar MX
CVE-2006-6824 (Multiple cross-site scripting (XSS) vulnerabilities in Jim Hu and Chad ...)
	NOT-FOR-US: iCalendar
CVE-2006-6823 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: Yrch!
CVE-2006-6822 (myprofile.asp in Enthrallweb eClassifieds does not properly validate ...)
	NOT-FOR-US: Enthrallweb eClassifieds
CVE-2006-6821 (myprofile.asp in Enthrallweb eNews does not properly validate the ...)
	NOT-FOR-US: Enthrallweb eNews
CVE-2006-6820 (myprofile.asp in Enthrallweb eCoupons does not properly validate the ...)
	NOT-FOR-US: Enthrallweb eCoupons
CVE-2006-6819 (AlstraSoft Web Host Directory stores sensitive information under the ...)
	NOT-FOR-US: AlstraSoft Web Host Directory
CVE-2006-6818 (AlstraSoft Web Host Directory allows remote attackers to bypass ...)
	NOT-FOR-US: AlstraSoft Web Host Directory
CVE-2006-6817 (AlstraSoft Web Host Directory allows remote attackers to obtain ...)
	NOT-FOR-US: AlstraSoft Web Host Directory
CVE-2006-6816 (Multiple SQL injection vulnerabilities in DMXReady Secure Login ...)
	NOT-FOR-US: DMXReady Secure Login Manager
CVE-2006-6815 (Multiple cross-site scripting (XSS) vulnerabilities in DMXReady Secure ...)
	NOT-FOR-US: DMXReady Secure Login Manager
CVE-2006-6814 (Directory traversal vulnerability in FolderManager/FolderManager.aspx ...)
	NOT-FOR-US: Hosting Controller
CVE-2006-6813 (SQL injection vulnerability in detail.asp in Mxmania File Upload ...)
	NOT-FOR-US: Mxmania File Upload Manager
CVE-2006-6812 (Multiple PHP remote file inclusion vulnerabilities in myPHPCalendar ...)
	NOT-FOR-US: myPHPCalendar
CVE-2006-6811 (KsIRC 1.3.12 allows remote attackers to cause a denial of service ...)
	- kdenetwork 4:3.5.5-4 (low; bug #405828)
	[sarge] - kdenetwork <no-dsa> (Minor issue)
CVE-2006-6810 (Unspecified vulnerability in the clear_user_list function in ...)
	NOT-FOR-US: DB Hub
CVE-2006-6809 (Multiple PHP remote file inclusion vulnerabilities in process.php in ...)
	NOT-FOR-US: buratinable templator (aka bubla)
CVE-2006-6808 (Cross-site scripting (XSS) vulnerability in wp-admin/templates.php in ...)
	- wordpress 2.0.6-1 (bug #405299)
CVE-2006-6807 (SQL injection vulnerability in list.asp in Softwebs Nepal (aka Ananda ...)
	NOT-FOR-US: Ananda Real Estate
CVE-2006-6806 (SQL injection vulnerability in newsdetail.asp in Enthrallweb eMates ...)
	NOT-FOR-US: Enthrallweb eMates
CVE-2006-6805 (SQL injection vulnerability in newsdetail.asp in Enthrallweb eJobs ...)
	NOT-FOR-US: Enthrallweb eJobs
CVE-2006-6804 (SQL injection vulnerability in bus_details.asp in Dragon Business ...)
	NOT-FOR-US: Dragon Business Directory - Pro
CVE-2006-6803 (SQL injection vulnerability in Types.asp in Enthrallweb eCars 1.0 ...)
	NOT-FOR-US: Enthrallweb eCars
CVE-2006-6802 (SQL injection vulnerability in actualpic.asp in Enthrallweb ePages ...)
	NOT-FOR-US: Enthrallweb ePages
CVE-2006-6801 (PHP remote file inclusion vulnerability in misc.php in SH-News 0.93, ...)
	NOT-FOR-US: SH-News
CVE-2006-6800 (PHP remote file inclusion in eventcal/mod_eventcal.php in the event ...)
	NOT-FOR-US: Limbo CMS
CVE-2006-6799 (SQL injection vulnerability in Cacti 0.8.6i and earlier, when ...)
	{DSA-1250-1}
	- cacti 0.8.6i-3 (bug #404818; high)
CVE-2006-6798
	RESERVED
CVE-2006-6797 (The Client Server Run-Time Subsystem (CSRSS) in Microsoft Windows ...)
	NOT-FOR-US: Microsoft
CVE-2006-6796 (PHP remote file inclusion vulnerability in admin/admin_settings.php in ...)
	NOT-FOR-US: MTCMS
CVE-2006-6795 (PHP remote file inclusion vulnerability in gallery/displayCategory.php ...)
	NOT-FOR-US: myPHPNuke
CVE-2006-6794 (SQL injection vulnerability in default.asp in Efkan Forum 1.0 allows ...)
	NOT-FOR-US: Efkan Forum
CVE-2006-6793 (PHP remote file inclusion vulnerability in ataturk.php in Okul Merkezi ...)
	NOT-FOR-US: Okul Merkezi Portal
CVE-2006-6792 (SQL injection vulnerability in calendar_detail.asp in Calendar MX ...)
	NOT-FOR-US: Calendar MX
CVE-2006-6791 (SQL injection vulnerability in SelGruFra.asp in chatwm 1.0 allows ...)
	NOT-FOR-US: chatwm
CVE-2006-6790 (Direct static code injection vulnerability in chat/login.php in ...)
	NOT-FOR-US: Ultimate PHP Board
CVE-2006-6789 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: Phpbbxtra
CVE-2006-6788 (Multiple PHP remote file inclusion vulnerabilities in LuckyBot 3 allow ...)
	NOT-FOR-US: LuckyBot
CVE-2006-6787 (SQL injection vulnerability in admin/admin_mail_adressee.asp in ...)
	NOT-FOR-US: Newsletter MX
CVE-2006-6786 (Open Newsletter 2.5 and earlier allows remote authenticated ...)
	NOT-FOR-US: Open Newsletter
CVE-2006-6785 (The (1) settings.php and (2) subscribers.php scripts in Open ...)
	NOT-FOR-US: Open Newsletter
CVE-2006-6784 (SQL injection vulnerability in Netbula Anyboard allows remote ...)
	NOT-FOR-US: Netbula Anyboard
CVE-2006-6783 (logahead UNU 1.0 before 20061226 allows remote attackers to upload ...)
	NOT-FOR-US: logahead UNU
CVE-2006-6782 (Cross-site scripting (XSS) vulnerability in pnamazu 2006.02.28 and ...)
	NOT-FOR-US: pnamazu
CVE-2006-6781 (HLstats 1.20 through 1.34 allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: HLstats
CVE-2006-6780 (SQL injection vulnerability in the login form in HLstats 1.20 through ...)
	NOT-FOR-US: HLstats
CVE-2006-6779 (Cross-site scripting (XSS) vulnerability in Jelsoft vBulletin allows ...)
	NOT-FOR-US: vBulletin
CVE-2006-6778 (Cross-site scripting (XSS) vulnerability in shownews.php in TimberWolf ...)
	NOT-FOR-US: TimberWolf
CVE-2006-6777 (Cross-site scripting (XSS) vulnerability in index.cfm in Future ...)
	NOT-FOR-US: Future Internet
CVE-2006-6776 (Multiple SQL injection vulnerabilities in Future Internet allow remote ...)
	NOT-FOR-US: Future Internet
CVE-2006-6775 (acFTP 1.5 allows remote authenticated users to cause a denial of ...)
	NOT-FOR-US: acFTP
CVE-2006-6774 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: Content Federator
CVE-2006-6773 (pages/register/register.php in Fishyshoop 0.930 beta allows remote ...)
	NOT-FOR-US: Fishyshoop
CVE-2006-6772 (Format string vulnerability in the inputAnswer function in file.c in ...)
	- w3m 0.5.1-5.1 (bug #404564; low)
	- w3mmee <not-affected> (Does not include this format string vuln in the code)
	[sarge] - w3m <no-dsa> (Minor issue, only exploitable in dump mode)
CVE-2006-6771 (Multiple PHP remote file inclusion vulnerabilities in Irokez CMS 0.7.1 ...)
	NOT-FOR-US: Irokez CMS
CVE-2006-6770 (Multiple PHP remote file inclusion vulnerabilities in Jinzora Media ...)
	NOT-FOR-US: Jinzora Media Jukebox
CVE-2006-6769 (Multiple cross-site scripting (XSS) vulnerabilities in PHP Live! 3.2.2 ...)
	NOT-FOR-US: PHP Live!
CVE-2005-4822 (SQL injection vulnerability in projects/project-edit.asp in Digger ...)
	NOT-FOR-US: Digger Solutions Intranet Open Source (IOS)
CVE-2005-4821 (Multiple SQL injection vulnerabilities in Land Down Under (LDU) v801 ...)
	NOT-FOR-US: Land Down Under
CVE-2005-4820 (SMC Wireless Router model SMC7904WBRA allows remote attackers to cause ...)
	NOT-FOR-US: SMC
CVE-2005-4819 (Cross-site scripting (XSS) vulnerability in Lotus Domino versions ...)
	NOT-FOR-US: Lotus Domino
CVE-2005-4818 (Multiple SQL injection vulnerabilities in Copernicus Europa allow ...)
	NOT-FOR-US: Copernicus Europa
CVE-2005-4817 (Format string vulnerability in ui.c in Textbased MSN Client (TMSNC) ...)
	- tmsnc 0.2.5-1
CVE-2004-2669 (Multiple SQL injection vulnerabilities in Land Down Under (LDU) v701 ...)
	NOT-FOR-US: Land Down Under
CVE-2004-2668 (SQL injection vulnerability in Interchange before 4.8.9 allows remote ...)
	- interchange 4.9.8-1
CVE-2004-2667 (Cross-site scripting (XSS) vulnerability in Lotus Domino 6.0.x before ...)
	NOT-FOR-US: Lotus Domino
CVE-2003-1315 (SQL injection vulnerability in auth.php in Land Down Under (LDU) v601 ...)
	NOT-FOR-US: Land Down Under (LDU)
CVE-2006-6768 (Multiple cross-site scripting (XSS) vulnerabilities in default.asp in ...)
	NOT-FOR-US: PWP Technologies The Classified Ad System
CVE-2006-6767 (oftpd before 0.3.7 allows remote attackers to cause a denial of ...)
	- oftpd <removed>
CVE-2006-6766 (Multiple SQL injection vulnerabilities in cwmExplorer 1.1.0 and ...)
	NOT-FOR-US: cwmExplorer
CVE-2006-6765 (Multiple PHP file inclusion vulnerabilities in src/admin/pt_upload.php ...)
	NOT-FOR-US: Pagetool
CVE-2006-6764 (PHP remote file inclusion vulnerability in authenticate.php in Keep It ...)
	NOT-FOR-US: Keep It Simple Guest Book (KISGB)
CVE-2006-6763 (Multiple PHP remote file inclusion vulnerabilities in the Keep It ...)
	NOT-FOR-US: Keep It Simple Guest Book (KISGB)
CVE-2006-6762 (The IMAP daemon (IMAPD) in Novell NetMail before 3.52e FTF2 allows ...)
	NOT-FOR-US: Novell NetMail
CVE-2006-6761 (Stack-based buffer overflow in the IMAP daemon (IMAPD) in Novell ...)
	NOT-FOR-US: Novell NetMail
CVE-2006-6760 (Multiple PHP remote file inclusion vulnerabilities in template.php in ...)
	NOT-FOR-US: phpMyAnime (aka phpmymanga)
CVE-2006-6759 (A certain ActiveX control in rpau3260.dll in RealNetworks RealPlayer ...)
	NOT-FOR-US: RealNetworks RealPlayer
CVE-2006-6758 (Directory traversal vulnerability in Http explorer 1.02 allows remote ...)
	NOT-FOR-US: Http explorer
CVE-2006-6757 (Directory traversal vulnerability in index.php in cwmExplorer 1.0 ...)
	NOT-FOR-US: cwmExplorer
CVE-2006-6756 (The code function in install.fct.php in Ixprim 1.2 produces a ...)
	NOT-FOR-US: Ixprim
CVE-2006-6755 (Ixprim 1.2 allows remote attackers to obtain sensitive information via ...)
	NOT-FOR-US: Ixprim
CVE-2006-6754 (Multiple SQL injection vulnerabilities in Ixprim 1.2 allow remote ...)
	NOT-FOR-US: Ixprim
CVE-2006-6753 (Event Viewer (eventvwr.exe) in Microsoft Windows does not properly ...)
	NOT-FOR-US: Microsoft
CVE-2006-6752 (Buffer overflow in FTPRush 1.0.0.610 might allow attackers to gain ...)
	NOT-FOR-US: FTPRush
CVE-2006-6751 (Format string vulnerability in XM Easy Personal FTP Server 5.2.1 ...)
	NOT-FOR-US: XM Easy Personal FTP Server
CVE-2006-6750 (Format string vulnerability in XM Easy Personal FTP Server 5.0.1 ...)
	NOT-FOR-US: XM Easy Personal FTP Server
CVE-2006-6748 (PHP remote file inclusion vulnerability in i-accueil.php in Newxooper ...)
	NOT-FOR-US: Newxooper
CVE-2006-6747 (SQL injection vulnerability in show_news.php in Xt-News 0.1 allows ...)
	NOT-FOR-US: Xt-News
CVE-2006-6746 (Multiple cross-site scripting (XSS) vulnerabilities in Xt-News 0.1 ...)
	NOT-FOR-US: Xt-News
CVE-2006-6745 (Multiple unspecified vulnerabilities in Sun Java Development Kit (JDK) ...)
	- sun-java5 1.5.0-08-1
CVE-2006-6744 (phpProfiles before 2.1.1 does not have an index.php or other index ...)
	NOT-FOR-US: phpProfiles
CVE-2006-6743 (phpProfiles before 2.1.1 uses world writable permissions for certain ...)
	NOT-FOR-US: phpProfiles
CVE-2006-6742 (Multiple buffer overflows in FTP Print Server 2.4 and 2.4.5 in HP ...)
	NOT-FOR-US: HP
CVE-2006-6741 (Cross-site request forgery (CSRF) vulnerability in urlobox in MKPortal ...)
	NOT-FOR-US: MKPortal
CVE-2006-6740 (Multiple PHP remote file inclusion vulnerabilities in phpProfiles ...)
	NOT-FOR-US: phpProfiles
CVE-2006-6739 (PHP remote file inclusion vulnerability in buycd.php in Paristemi ...)
	NOT-FOR-US: Paristemi
CVE-2006-6738 (PHP remote file inclusion vulnerability in statistic.php in cwmCounter ...)
	NOT-FOR-US: cwmCounter
CVE-2006-6737 (Unspecified vulnerability in Sun Java Development Kit (JDK) and Java ...)
	- sun-java5 1.5.0-07-1
CVE-2006-6736 (Unspecified vulnerability in Sun Java Development Kit (JDK) and Java ...)
	- sun-java5 1.5.0-07-1
CVE-2006-6735 (modules/viewcategory.php in Minh Nguyen Duong Obie Website Mini Web ...)
	NOT-FOR-US: Website Mini Web Shop
CVE-2006-6734 (Cross-site scripting (XSS) vulnerability in modules/viewcategory.php ...)
	NOT-FOR-US: Website Mini Web Shop
CVE-2006-6733 (Cross-site scripting (XSS) vulnerability in support/view.php in ...)
	NOT-FOR-US: Support Cards 1 (osTicket)
CVE-2006-6732 (PHP remote file inclusion vulnerability in archive.php in cwmVote 1.0 ...)
	NOT-FOR-US: cwmVote
CVE-2006-6731 (Multiple buffer overflows in Sun Java Development Kit (JDK) and Java ...)
	- sun-java5 1.5.0-08-1
CVE-2006-6730 (OpenBSD and NetBSD permit usermode code to kill the display server and ...)
	NOTE: Access to DMA-capable hardware such as graphics cards can,
	NOTE: by design, bypass security restrictions.  Not a real issue.
CVE-2006-6729 (Cross-site scripting (XSS) vulnerability in a-blog 1.51 and earlier ...)
	NOT-FOR-US: a-blog
CVE-2006-6728 (Unspecified vulnerability in the info request mechanism in LAN ...)
	NOT-FOR-US: LAN Messenger
CVE-2006-6727 (PHP remote file inclusion vulnerability in inertianews_class.php in ...)
	NOT-FOR-US: inertianews
CVE-2006-6726 (PHP remote file inclusion vulnerability in inertianews_main.php in ...)
	NOT-FOR-US: inertianews
CVE-2006-6725 (Multiple directory traversal vulnerabilities in PHPBuilder 0.0.2 and ...)
	NOT-FOR-US: PHPBuilder
CVE-2006-6724 (BolinTech Dream FTP Server 1.02 allows remote authenticated users, ...)
	NOT-FOR-US: BolinTech Dream FTP Server
CVE-2006-6723 (The Workstation service in Microsoft Windows 2000 SP4 and XP SP2 allows ...)
	NOT-FOR-US: Microsoft
CVE-2006-6722 (Bandwebsite (aka Bandsite portal system) 1.5 allows remote attackers ...)
	NOT-FOR-US: Bandwebsite (aka Bandsite portal system)
CVE-2006-6721 (Multiple cross-site scripting (XSS) vulnerabilities in shout.php in ...)
	NOT-FOR-US: Knusperleicht ShoutBox
CVE-2006-6720 (PHP remote file inclusion vulnerability in admin/index_sitios.php in ...)
	NOT-FOR-US: Azucar CMS
CVE-2006-6719 (The ftp_syst function in ftp-basic.c in Free Software Foundation (FSF) ...)
	- wget <unfixed> (unimportant)
	NOTE: An FTP server crashing a download utility is a bug, but not a DoS security issue
CVE-2006-6718 (The Allied Telesis AT-9000/24 Ethernet switch has a default password ...)
	NOT-FOR-US: Allied Telesis
CVE-2006-6717 (The Allied Telesis AT-9000/24 Ethernet switch accepts management ...)
	NOT-FOR-US: Allied Telesis
CVE-2006-6716 (SQL injection vulnerability in administration/administre2.php in Eric ...)
	NOT-FOR-US: uploader&downloader
CVE-2006-6715 (PHP remote file inclusion vulnerability in footer.inc.php in PowerClan ...)
	NOT-FOR-US: PowerClan
CVE-2006-6714 (Multiple memory leaks in Hitachi Directory Server 2 P-2444-A124 before ...)
	NOT-FOR-US: Hitachi Directory Server
CVE-2006-6713 (Buffer overflow in Hitachi Directory Server 2 P-2444-A124 before ...)
	NOT-FOR-US: Hitachi Directory Server
CVE-2006-6712 (Cross-site scripting (XSS) vulnerability in SugarCRM Open Source ...)
	NOT-FOR-US: SugarCRM Open Source
CVE-2006-6711 (PHP remote file inclusion vulnerability in compteur/mapage.php in ...)
	NOT-FOR-US: Newxooper
CVE-2006-6710 (Multiple PHP remote file inclusion vulnerabilities in PgmReloaded ...)
	NOT-FOR-US: PgmReloaded
CVE-2006-6709 (Multiple SQL injection vulnerabilities in MGinternet Property Site ...)
	NOT-FOR-US: MGinternet Property Site Manager
CVE-2006-6708 (Cross-site scripting (XSS) vulnerability in listings.asp in MGinternet ...)
	NOT-FOR-US: MGinternet Property Site Manager
CVE-2006-6707 (Stack-based buffer overflow in the NeoTraceExplorer.NeoTraceLoader ...)
	NOT-FOR-US: NeoTraceExplorer.NeoTraceLoader ActiveX control
CVE-2006-6706 (SQL injection vulnerability in Soumu Workflow for Groupmax 01-00 ...)
	NOT-FOR-US: Soumu Workflow
CVE-2006-6705 (Multiple unspecified vulnerabilities in the template files in Soumu ...)
	NOT-FOR-US: Soumu Workflow
CVE-2006-6704 (Cross-site scripting (XSS) vulnerability in the Webadmin in @Mail ...)
	NOT-FOR-US: @Mail
CVE-2006-6703 (Multiple cross-site scripting (XSS) vulnerabilities in Oracle Portal ...)
	NOT-FOR-US: Oracle Portal
CVE-2006-6702 (Cross-site scripting (XSS) vulnerability in Global.pm in @Mail before ...)
	NOT-FOR-US: @Mail
CVE-2006-6701 (Cross-site request forgery (CSRF) vulnerability in util.pl in @Mail ...)
	NOT-FOR-US: @Mail
CVE-2006-6700 (Cross-site scripting (XSS) vulnerability in @Mail WebMail allows ...)
	NOT-FOR-US: @Mail
CVE-2006-6699 (Multiple CRLF injection vulnerabilities in Oracle Portal 9.0.2 and ...)
	NOT-FOR-US: Oracle Portal
CVE-2006-6698 (The GConf daemon (gconfd) in GConf 2.14.0 creates temporary files ...)
	- gconf2 2.24.0-1 (unimportant; bug #404743)
	NOTE: Minor nuisance, not much of a security problem
CVE-2005-4816 (Buffer overflow in mod_radius in ProFTPD before 1.3.0rc2 allows remote ...)
	{DSA-1245-1}
	- proftpd-dfsg 1.2.10+1.3.0rc5-1 (bug #404751; medium)
CVE-2003-1314 (PHP remote file inclusion vulnerability in admin/auth.php in ...)
	NOT-FOR-US: EternalMart Guestbook (EMGB)
CVE-2003-1313 (Multiple PHP remote file inclusion vulnerabilities in EternalMart ...)
	NOT-FOR-US: EternalMart Mailing List Manager (EMLM)
CVE-2006-6749 (Buffer overflow in the parse_expression function in parse_config in ...)
	- openser 1.1.0-8 (medium; bug #404591)
CVE-2006-XXXX [insecure rpath in libflash-mozplugin]
	- libflash 0.4.13-9 (low; bug #399508)
	[etch] - libflash <no-dsa> (Not exploitable through directory writable by an unprivileged user)
CVE-2006-6697 (CRLF injection vulnerability in webapp/jsp/calendar.jsp in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2006-6696 (Double free vulnerability in Microsoft Windows 2000, XP, 2003, and ...)
	NOT-FOR-US: Microsoft
CVE-2006-6695 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...)
	NOT-FOR-US: Carsen Klock TextSend
CVE-2006-6694 (Directory traversal vulnerability in include/config.php in E-Uploader ...)
	NOT-FOR-US: E-Uploader
CVE-2006-6693 (Multiple buffer overflows in zabbix before 20061006 allow attackers to ...)
	- zabbix 1:1.1.2-4 (medium; bug #391388)
CVE-2006-6692 (Multiple format string vulnerabilities in zabbix before 20061006 allow ...)
	- zabbix 1:1.1.2-4 (medium; bug #391388)
CVE-2006-6691 (Multiple PHP remote file inclusion vulnerabilities in Valdersoft ...)
	NOT-FOR-US: Valdersoft Shopping Cart
CVE-2006-6690 (rtehtmlarea/pi1/class.tx_rtehtmlarea_pi1.php in Typo3 4.0.0 through ...)
	- typo3-src 4.0.2+debian-2 (high; bug #403906)
	NOTE: http://typo3.org/news-single-view/?tx_newsimporter_pi1%5BshowItem%5D=0&cHash=e4a40a11a9
CVE-2006-6689 (Multiple PHP remote file inclusion vulnerabilities in Paristemi 0.8.3 ...)
	NOT-FOR-US: Paristemi
CVE-2006-6688 (Web Automated Perl Portal (WebAPP) 0.9.9.4, and 0.9.9.3.4 Network ...)
	NOT-FOR-US: Web Automated Perl Portal (WebAPP)
CVE-2006-6687 (Cross-site scripting (XSS) vulnerability in Web Automated Perl Portal ...)
	NOT-FOR-US: Web Automated Perl Portal (WebAPP)
CVE-2006-6686 (PHP remote file inclusion vulnerability in sender.php in Carsen Klock ...)
	NOT-FOR-US: Carsen Klock TextSend
CVE-2006-6685 (Heap-based buffer overflow in Pedro Lineu Orso chetcpasswd 2.3.3 ...)
	- chetcpasswd <removed> (medium)
CVE-2006-6684 (Heap-based buffer overflow in Pedro Lineu Orso chetcpasswd before 2.4 ...)
	- chetcpasswd <removed> (medium)
CVE-2006-6683 (Pedro Lineu Orso chetcpasswd 2.4.1 and earlier verifies and updates ...)
	- chetcpasswd <removed> (medium)
CVE-2006-6682 (Pedro Lineu Orso chetcpasswd 2.3.3 provides a different error message ...)
	- chetcpasswd <removed> (medium)
CVE-2006-6681 (Pedro Lineu Orso chetcpasswd 2.3.3 does not have a rate limit for ...)
	- chetcpasswd <removed> (medium)
CVE-2006-6680 (Pedro Lineu Orso chetcpasswd before 2.3.1 does not document the need ...)
	- chetcpasswd <removed> (low)
CVE-2006-6679 (Pedro Lineu Orso chetcpasswd before 2.4 relies on the X-Forwarded-For ...)
	- chetcpasswd <removed> (medium)
CVE-2006-6678 (The edit_textarea function in form-file.c in Netrik 1.15.4 and earlier ...)
	{DSA-1251-1}
	- netrik 1.15.3-1.1 (medium; bug #404233)
CVE-2006-6677 (ESET NOD32 Antivirus before 1.1743 allows remote attackers to cause a ...)
	NOT-FOR-US: ESET NOD32 Antivirus
CVE-2006-6676 (Integer overflow in the (a) OLE2 and (b) CHM parsers for ESET NOD32 ...)
	NOT-FOR-US: ESET NOD32 Antivirus
CVE-2006-6675 (Cross-site scripting (XSS) vulnerability in Novell NetWare 6.5 Support ...)
	NOT-FOR-US: Novell
CVE-2006-6674 (Ozeki HTTP-SMS Gateway 1.0, and possibly earlier, stores usernames and ...)
	NOT-FOR-US: Ozeki HTTP-SMS Gateway
CVE-2006-6673 (WinFtp Server 2.0.2 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: WinFtp Server
CVE-2006-6672 (Multiple SQL injection vulnerabilities in Burak Yylmaz Download Portal ...)
	NOT-FOR-US: Download Portal
CVE-2006-6671 (SQL injection vulnerability in down.asp in Burak Yylmaz Download ...)
	NOT-FOR-US: Download Portal
CVE-2006-6670 (Unspecified vulnerability in Nortel CallPilot 4.x Server has unknown ...)
	NOT-FOR-US: Nortel CallPilot
CVE-2006-6669 (Cross-site scripting (XSS) vulnerability in export_handler.php in ...)
	{DSA-1279-1}
	- webcalendar 1.0.5-2 (low; bug #404234)
CVE-2006-6668 (Cross-site scripting (XSS) vulnerability in VerliAdmin 0.3 and earlier ...)
	NOT-FOR-US: VerliAdmin
CVE-2006-6667 (Multiple SQL injection vulnerabilities in VerliAdmin 0.3 and earlier ...)
	NOT-FOR-US: VerliAdmin
CVE-2006-6666 (PHP remote file inclusion vulnerability in index.php in VerliAdmin 0.3 ...)
	NOT-FOR-US: VerliAdmin
CVE-2006-6665 (Buffer overflow in Astonsoft DeepBurner Pro and Free 1.8.0 and earlier ...)
	NOT-FOR-US: DeepBurner
CVE-2006-6664 (Format string vulnerability in Marathon Aleph One before 0.17.1 and ...)
	NOT-FOR-US: Aleph One
CVE-2006-6663 (The server component in Marathon Aleph One before 0.17.1 and ...)
	NOT-FOR-US: Aleph One
CVE-2006-6662 (Unspecified vulnerability in Linux User Management (novell-lum) on ...)
	NOT-FOR-US: Linux User Management (novell-lum)
CVE-2006-6661 (Variable overwrite vulnerability in blog.php in PHP-Update 2.7 and ...)
	NOT-FOR-US: PHP-Update
CVE-2006-6660 (The nodeType function in KDE libkhtml 4.2.0 and earlier, as used by ...)
	- kdelibs <not-affected> (at least it is fixed in 4:3.5.5a.dfsg.1-5)
	NOTE: is DoS only, anyway
CVE-2002-2221 (Untrusted search path vulnerability in Pedro Lineu Orso chetcpasswd ...)
	- chetcpasswd <removed> (medium)
CVE-2002-2220 (Buffer overflow in Pedro Lineu Orso chetcpasswd before 1.12, when ...)
	- chetcpasswd <removed> (medium)
CVE-2002-2219 (chetcpasswd.cgi in Pedro Lineu Orso chetcpasswd before 2.1 allows ...)
	- chetcpasswd <removed> (low)
CVE-2007-0010 (The GdkPixbufLoader function in GIMP ToolKit (GTK+) in GTK 2 (gtk2) ...)
	{DSA-1256-1}
	- gtk+2.0 2.8.20-5
CVE-2007-0009 (Stack-based buffer overflow in the SSLv2 support in Mozilla Network ...)
	{DSA-1336-1}
	NOTE: MFSA-2007-06
	- iceweasel 2.0.0.2+dfsg-1 (low)
	- iceape 1.0.8-1 (low)
	- xulrunner 1.8.0.10-1 (low)
	- icedove 1.5.0.10.dfsg1-1
	[sarge] - mozilla-firefox <no-dsa> (Mozilla products from Sarge no longer supported)
	[sarge] - mozilla <no-dsa> (Mozilla products from Sarge no longer supported)
CVE-2007-0008 (Integer underflow in the SSLv2 support in Mozilla Network Security ...)
	{DSA-1336-1}
	NOTE: MFSA-2007-06
	- iceweasel 2.0.0.2+dfsg-1 (low)
	- iceape 1.0.8-1 (low)
	- xulrunner 1.8.0.10-1 (low)
	- icedove 1.5.0.10.dfsg1-1
	[sarge] - mozilla-firefox <no-dsa> (Mozilla products from Sarge no longer supported)
	[sarge] - mozilla <no-dsa> (Mozilla products from Sarge no longer supported)
CVE-2007-0007 (gnucash 2.0.4 and earlier allows local users to overwrite arbitrary ...)
	- gnucash 2.0.5-1 (bug #411942; medium)
CVE-2007-0006 (The key serial number collision avoidance code in the key_alloc_serial ...)
	- linux-2.6 2.6.18.dfsg.1-12
CVE-2007-0005 (Multiple buffer overflows in the (1) read and (2) write handlers in ...)
	{DSA-1286-1}
	- linux-2.6 2.6.20-1
CVE-2007-0004 (The NFS client implementation in the kernel in Red Hat Enterprise ...)
	NOTE: if security relevant at all, it's 2.4.* only
	- linux-2.6 <not-affected> (2.4 only)
CVE-2007-0003 (pam_unix.so in Linux-PAM 0.99.7.0 allows context-dependent attackers ...)
	- pam <not-affected> (Only pam 0.99.7 affected)
CVE-2007-0002 (Multiple heap-based buffer overflows in WordPerfect Document ...)
	{DSA-1270-1 DSA-1268-1}
	- libwpd 0.8.9-1
	NOTE: openoffice.org changelog indicates libwpd is included but not used
	- openoffice.org 2.0.4.dfsg.2-6
	[etch] - openoffice.org 2.0.4.dfsg.2-5etch1
	[etch] - libwpd 0.8.7-6
CVE-2007-0001 (The file watch implementation in the audit subsystem (auditctl -w) in ...)
	- linux-2.6 <not-affected> (Red Hat specific vulnerability)
CVE-2006-6659 (The Microsoft Office Outlook Recipient ActiveX control (ole32.dll) in ...)
	NOT-FOR-US: Microsoft
CVE-2006-6658 (Inktomi Search 4.1.4 allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: Inktomi
CVE-2006-6657 (The if_clone_list function in NetBSD-current before 20061027, NetBSD ...)
	NOT-FOR-US: NetBSD
CVE-2006-6656 (Unspecified vulnerability in ptrace in NetBSD-current before 20061027, ...)
	NOT-FOR-US: NetBSD
CVE-2006-6655 (The procfs implementation in NetBSD-current before 20061023, NetBSD ...)
	NOT-FOR-US: NetBSD
CVE-2006-6654 (The sendmsg function in NetBSD-current before 20061023, NetBSD 3.0 and ...)
	NOT-FOR-US: NetBSD
CVE-2006-6653 (The accept function in NetBSD-current before 20061023, NetBSD 3.0 and ...)
	NOT-FOR-US: NetBSD
CVE-2006-6652 (Buffer overflow in the glob implementation (glob.c) in libc in ...)
	NOT-FOR-US: NetBSD
CVE-2006-6651 (Race condition in W29N51.SYS in the Intel 2200BG wireless driver ...)
	NOT-FOR-US: Intel
CVE-2006-6650 (PHP remote file inclusion vulnerability in charts_constants.php in the ...)
	NOT-FOR-US: mxBB
CVE-2006-6649 (Cross-site scripting (XSS) vulnerability in display.php in HyperVM 1.2 ...)
	NOT-FOR-US: HyperVM
CVE-2006-6648 (PHP remote file inclusion vulnerability in main.inc.php in ...)
	NOT-FOR-US: RateMe
CVE-2006-6647 (Cross-site scripting (XSS) vulnerability in the MySite 4.7.x before ...)
	NOT-FOR-US: MySite for Drupal
CVE-2006-6646 (Multiple cross-site scripting (XSS) vulnerabilities in Drupal (1) ...)
	NOT-FOR-US: Drupal Project Issue Tracking
CVE-2006-6645 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: Web Links module for mxBB
CVE-2006-6644 (PHP remote file inclusion vulnerability in pages/meeting_constants.php ...)
	NOT-FOR-US: Meeting module for mxBB
CVE-2006-6643 (Fightersoft Multimedia Star FTP server 1.10 allows remote attackers to ...)
	NOT-FOR-US: Fightersoft Multimedia Star FTP server
CVE-2006-6642 (SQL injection vulnerability in haber.asp in Contra Haber Sistemi 1.0 ...)
	NOT-FOR-US: Sistemi
CVE-2006-6641 (Unspecified vulnerability in CA CleverPath Portal before maintenance ...)
	NOT-FOR-US: CA CleverPath Portal
CVE-2006-6640 (Multiple cross-site scripting (XSS) vulnerabilities in Omniture ...)
	NOT-FOR-US: SiteCatalyst
CVE-2006-6639 (Multiple unspecified vulnerabilities in chetcpasswd 2.4.1 allow local ...)
	- chetcpasswd <removed> (medium)
CVE-2006-6638 (IBM DB2 8.1 before FixPak 14 allows remote attackers to cause a denial ...)
	NOT-FOR-US: IBM
CVE-2006-6637 (The Servlet Engine and Web Container in IBM WebSphere Application ...)
	NOT-FOR-US: IBM
CVE-2006-6636 (Unspecified vulnerability in the Utility Classes for IBM WebSphere ...)
	NOT-FOR-US: IBM
CVE-2006-6635 (PHP remote file inclusion vulnerability in includes/functions.php in ...)
	NOT-FOR-US: JumbaCMS
CVE-2006-6634 (Multiple PHP remote file inclusion vulnerabilities in the ExtCalThai ...)
	NOT-FOR-US: ExtCalThai for Mambo
CVE-2006-6633 (PHP remote file inclusion vulnerability in include/yapbb_session.php ...)
	NOT-FOR-US: YapBB
CVE-2006-6632 (PHP remote file inclusion vulnerability in genepi.php in Genepi 1.6 ...)
	NOT-FOR-US: Genepi
CVE-2006-6631 (PHP remote file inclusion vulnerability in lib/xml/oai/GetRecord.php ...)
	NOT-FOR-US: osprey
CVE-2006-6630 (PHP remote file inclusion vulnerability in ListRecords.php in osprey ...)
	NOT-FOR-US: osprey
CVE-2006-6629 (lib/WeBWorK/PG/Translator.pm in WeBWorK Program Generation (PG) ...)
	NOT-FOR-US: WeBWorK
CVE-2006-6628 (Integer overflow in OpenOffice.org (OOo) 2.1 allows user-assisted ...)
	- openoffice.org 2.0.4.dfsg.2-3 (unimportant; bug #404105)
	NOTE: No code injection possible, just a crash
CVE-2006-6627 (Integer overflow in the packed PE file parsing implementation in ...)
	NOT-FOR-US: BitDefender
CVE-2006-6626 (Cross-site scripting (XSS) vulnerability in an unspecified component ...)
	- moodle 1.6-1
	NOTE: Does not affect moodle 1.6 according to SecurityFocus.
CVE-2006-6625 (Cross-site scripting (XSS) vulnerability in mod/forum/discuss.php in ...)
	- moodle 1.6.3-2 (low)
	NOTE: "SC#341 fixed initilaization of navtail variable"
	NOTE: http://moodle.cvs.sourceforge.net/moodle/moodle/mod/forum/discuss.php?view=log
CVE-2006-6624 (The FTP Server in Sambar Server 6.4 allows remote authenticated users ...)
	NOT-FOR-US: Sambar
CVE-2006-6623 (Sygate Personal Firewall 5.6.2808 relies on the Process Environment ...)
	NOT-FOR-US: Sygate
CVE-2006-6622 (Soft4Ever Look 'n' Stop (LnS) 2.05p2 before 20061215 relies on the ...)
	NOT-FOR-US: Soft4Ever Look 'n' Stop
CVE-2006-6621 (Filseclab Personal Firewall 3.0.0.8686 relies on the Process ...)
	NOT-FOR-US: Filseclab Personal Firewall
CVE-2006-6620 (Comodo Personal Firewall 2.3.6.81 relies on the Process Environment ...)
	NOT-FOR-US: Comodo Personal Firewall
CVE-2006-6619 (AVG Anti-Virus plus Firewall 7.5.431 relies on the Process Environment ...)
	NOT-FOR-US: AVG Anti-Virus plus Firewall
CVE-2006-6618 (AntiHook 3.0.0.23 - Desktop relies on the Process Environment Block ...)
	NOT-FOR-US: AntiHook 3.0.0.23 - Desktop
CVE-2006-6617 (projectserver/logon/pdsrequest.asp in Microsoft Project Server 2003 ...)
	NOT-FOR-US: Microsoft
CVE-2006-6616 (index.php in w00t Gallery 1.4.0 allows remote authenticated users with ...)
	NOT-FOR-US: w00t Gallery
CVE-2006-6615 (PHP remote file inclusion vulnerability in includes/act_constants.php ...)
	NOT-FOR-US: Activity Games module for mxBB
CVE-2006-6614 (The save_log_local function in Fully Automatic Installation (FAI) ...)
	- fai 3.1.3 (low; bug #402644)
	[sarge] - fai <no-dsa> (Minor issue, only in rare configs and use cases)
CVE-2006-6613 (Directory traversal vulnerability in language.php in phpAlbum 0.4.1 ...)
	NOT-FOR-US: phpAlbum
CVE-2006-6612 (PHP remote file inclusion vulnerability in basic.inc.php in PhpMyCms ...)
	NOT-FOR-US: PhpMyCms
CVE-2006-6611 (PHP remote file inclusion vulnerability in interface.php in Barman ...)
	NOT-FOR-US: Barman
CVE-2006-6610 (clientcommands in Nexuiz before 2.2.1 has unknown impact and remote ...)
	- nexuiz 2.2.1-1 (low)
	NOTE: Only game console command execution possible, not shell commands
CVE-2006-6609 (Nexuiz before 2.2.1 allows remote attackers to cause a denial of ...)
	- nexuiz 2.2.1-1
CVE-2006-6608 (Unspecified vulnerability in SSH key based authentication in HP ...)
	NOT-FOR-US: HP
CVE-2006-6607 (The Java Key Store (JKS) for WebSphere Application Server (WAS) for ...)
	NOT-FOR-US: IBM
CVE-2006-6606 (Multiple SQL injection vulnerabilities in Clarens jclarens before ...)
	NOT-FOR-US: jclarens
CVE-2006-6605 (Stack-based buffer overflow in the POP service in MailEnable Standard ...)
	NOT-FOR-US: MailEnable
CVE-2006-6604 (Directory traversal vulnerability in downloaddetails.php in ...)
	- torrentflux 2.1-7 (medium; bug #400582)
CVE-2006-6603 (Buffer overflow in the YMMAPI.YMailAttach ActiveX control (ymmapi.dll) ...)
	NOT-FOR-US: YMMAPI.YMailAttach
CVE-2006-6602 (explorer.exe in Windows Explorer 6.00.2900.2180 in Microsoft Windows ...)
	NOT-FOR-US: Windows
CVE-2006-6601 (Windows Media Player 10.00.00.4036 in Microsoft Windows XP SP2 allows ...)
	NOT-FOR-US: Microsoft
CVE-2006-6600 (Cross-site scripting (XSS) vulnerability in dir.php in TorrentFlux ...)
	- torrentflux 2.1-7 (medium; bug #400582)
CVE-2006-6599 (maketorrent.php in TorrentFlux 2.2 allows remote authenticated users ...)
	- torrentflux 2.1-7 (medium; bug #400582)
CVE-2006-6598 (Directory traversal vulnerability in viewnfo.php in (1) TorrentFlux ...)
	- torrentflux 2.1-6
CVE-2006-6597 (Argument injection vulnerability in HyperAccess 8.4 allows ...)
	NOT-FOR-US: HyperAccess
CVE-2006-6596 (HyperAccess 8.4 allows user-assisted remote attackers to execute ...)
	NOT-FOR-US: HyperAccess
CVE-2006-6595 (Multiple SQL injection vulnerabilities in ScriptMate User Manager 2.1 ...)
	NOT-FOR-US: ScriptMate User Manager
CVE-2006-6594 (SQL injection vulnerability in utilities/usermessages.asp in ...)
	NOT-FOR-US: ScriptMate User Manager
CVE-2006-6593 (PHP remote file inclusion vulnerability in zufallscodepart.php in ...)
	NOT-FOR-US: AMAZONIA MOD for phpBB
CVE-2006-6592 (Multiple PHP remote file inclusion vulnerabilities in Bloq 0.5.4 allow ...)
	NOT-FOR-US: Bloq
CVE-2006-6591 (PHP remote file inclusion vulnerability in fonctions/template.php in ...)
	NOT-FOR-US: EXlor
CVE-2006-6590 (PHP remote file inclusion vulnerability in usercp_menu.php in AR ...)
	NOT-FOR-US: AR Memberscript
CVE-2006-6589 (Cross-site scripting (XSS) vulnerability in ...)
	NOT-FOR-US: Apache Open For BusinessProject (OFBiz)
CVE-2006-6588 (The forum implementation in the ecommerce component in the Apache Open ...)
	NOT-FOR-US: Apache Open For BusinessProject (OFBiz)
CVE-2006-6587 (Cross-site scripting (XSS) vulnerability in the forum implementation ...)
	NOT-FOR-US: Apache Open For BusinessProject (OFBiz)
CVE-2006-6586 (Multiple PHP remote file inclusion vulnerabilities in Vortex Blog ...)
	NOT-FOR-US: Vortex Blog
CVE-2006-6585 (The Extensions manager in Mozilla Firefox 2.0 does not properly ...)
	- iceweasel 2.0.0.1+dfsg-1
	- firefox <removed>
CVE-2006-6584 (Multiple buffer overflows in italkplus (Italk+) before 0.92.1 allow ...)
	NOT-FOR-US: italkplus (Italk+)
CVE-2006-6583 (ScriptMate User Manager 2.1 and earlier allow remote attackers to ...)
	NOT-FOR-US: ScriptMate User Manager
CVE-2006-6582 (Multiple cross-site scripting (XSS) vulnerabilities in ScriptMate User ...)
	NOT-FOR-US: ScriptMate User Manager
CVE-2006-6581 (PHP remote file inclusion vulnerability in tests/debug_test.php in ...)
	NOT-FOR-US: PHP_Debug
CVE-2006-6580 (admin/change.php in ProNews 1.5 does not check whether a user is ...)
	NOT-FOR-US: ProNews
CVE-2006-6579 (Microsoft Windows XP has weak permissions (FILE_WRITE_DATA and ...)
	NOT-FOR-US: Microsoft
CVE-2006-6578 (Microsoft Internet Information Services (IIS) 5.1 permits the ...)
	NOT-FOR-US: Microsoft
CVE-2006-6577 (SQL injection vulnerability in polls.php in Neocrome Land Down Under ...)
	NOT-FOR-US: Neocrome Land Down Under
CVE-2006-6576 (Heap-based buffer overflow in Golden FTP Server (goldenftpd) 1.92 ...)
	NOT-FOR-US: Golden FTP Server
CVE-2006-6575 (PHP remote file inclusion vulnerability in ldap.php in Brian Drawert ...)
	NOT-FOR-US: Yet Another PHP LDAP Admin Project (yaplap)
CVE-2006-6574 (Mantis before 1.1.0a2 does not implement per-item access control for ...)
	{DSA-1467-1}
	- mantis 1.0.6+dfsg-3 (bug #402802)
	[sarge] - mantis 0.19.2-5sarge5
CVE-2004-2666 (Mantis before 20041016 provides a complete Issue History (Bug History) ...)
	- mantis 0.19.2-1
CVE-2003-1312 (siteminderagent/SmMakeCookie.ccc in Netegrity SiteMinder places a ...)
	NOT-FOR-US: Netegrity SiteMinder
CVE-2003-1311 (siteminderagent/SmMakeCookie.ccc in Netegrity SiteMinder does not ...)
	NOT-FOR-US: Netegrity SiteMinder
CVE-2006-XXXX [gaim crash when receiving an invalid UPnP response]
	- gaim 1:2.0.0+beta5-9 (low)
	[sarge] - gaim <no-dsa> (minor issue)
CVE-2006-XXXX [dsniff urlsnarf missing output sanitization]
	- dsniff 2.4b1+debian-16 (unimportant; bug #400624)
	NOTE: While older terminals were vulnerable to some attacks involving terminal
	NOTE: sequences, the lack of shell escaping is not a vulnerability in dsniff
CVE-2006-XXXX [archivemail insecure temporary file issues]
	- archivemail 0.6.2-2
	[sarge] - archivemail <no-dsa> (minor issue)
CVE-2006-XXXX [pythonpaste web root esacpe]
	- paste 1.0.1-1
	NOTE: http://pythonpaste.org/archives/message/20061218.050654.e8997561.en.html
CVE-2006-XXXX [moodle unspecified security bug in the forum module (discuss.php)]
	- moodle 1.6.3-2
CVE-2006-XXXX [znc file access security hole]
	- znc 0.045-3 (bug #403141; medium)
CVE-2006-6573 (Unspecified vulnerability in Citrix Access Gateway 4.5 Advanced ...)
	NOT-FOR-US: Citrix
CVE-2006-6572 (Unspecified vulnerability in Citrix Advanced Access Control (AAC) ...)
	NOT-FOR-US: Citrix
CVE-2006-6571 (Multiple cross-site scripting (XSS) vulnerabilities in form.php in ...)
	NOT-FOR-US: GenesisTrader
CVE-2006-6570 (Unrestricted file upload vulnerability in upload.php in GenesisTrader ...)
	NOT-FOR-US: GenesisTrader
CVE-2006-6569 (form.php in GenesisTrader 1.0 allows remote attackers to read source ...)
	NOT-FOR-US: GenesisTrader
CVE-2006-6568 (Directory traversal vulnerability in includes/kb_constants.php in the ...)
	NOT-FOR-US: Knowledge Base (mx_kb) 2.0.2 module for mxBB
CVE-2006-6567 (PHP remote file inclusion vulnerability in includes/kb_constants.php ...)
	NOT-FOR-US: Knowledge Base (mx_kb) 2.0.2 module for mxBB
CVE-2006-6566 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: Profile Control Panel (CPanel) module for mxBB
CVE-2006-6565 (FileZilla Server before 0.9.22 allows remote attackers to cause a ...)
	NOT-FOR-US: FileZilla Server
CVE-2006-6564 (FileZilla Server before 0.9.22 allows remote attackers to cause a ...)
	NOT-FOR-US: FileZilla Server
CVE-2006-6563 (Stack-based buffer overflow in the pr_ctrls_recv_request function in ...)
	- proftpd-dfsg 1.3.0-17 (medium)
	[sarge] - proftpd <not-affected> (Vulnerable code not activated in binary build)
CVE-2006-6562
	RESERVED
CVE-2006-6561 (Unspecified vulnerability in Microsoft Word 2000, 2002, and Word ...)
	NOT-FOR-US: Microsoft
CVE-2006-6560 (PHP remote file inclusion vulnerability in includes/common.php in the ...)
	NOT-FOR-US: mx_modsdb 1.0.0 module for MxBBmx_modsdb 1.0.0 module for MxBB
CVE-2006-6559 (SQL injection vulnerability in ProductDetails.asp in Lotfian Request ...)
	NOT-FOR-US: Lotfian Request For Travel
CVE-2006-6558 (Crob FTP Server 3.6.1 b.263 allows remote attackers to cause a denial ...)
	NOT-FOR-US: Crob FTP Server
CVE-2006-6557 (Multiple unspecified vulnerabilities in Skulls! before 0.2.6 have ...)
	NOT-FOR-US: Skulls!
CVE-2006-6556 (The eyeHome function in apps/eyeHome.eyeapp/aplic.php in EyeOS before ...)
	NOT-FOR-US: EyeOS
CVE-2006-6555 (Multiple SQL injection vulnerabilities in EasyFill before 0.5.1 allow ...)
	NOT-FOR-US: EasyFill
CVE-2006-6554 (Unspecified vulnerability in Kerio MailServer before 6.3.1 allows ...)
	NOT-FOR-US: Kerio MailServer
CVE-2006-6553 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: NewsSuite 1.03 module for mxBB
CVE-2006-6552 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: BLOG:CMS
CVE-2006-6551 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: Tucows Client Code Suite (CCS)
CVE-2006-6550 (** DISPUTED ** ...)
	NOT-FOR-US: Phorum
CVE-2006-6549 (** DISPUTED ** ...)
	NOT-FOR-US: Rad Upload
CVE-2006-6548 (Multiple cross-site scripting (XSS) vulnerabilities in cPanel WebHost ...)
	NOT-FOR-US: cPanel WebHost Manager
CVE-2006-6547 (Buffer overflow in the readAA function in read_aa.cpp in Winamp iPod ...)
	NOT-FOR-US: Winamp
CVE-2006-6546 (PHP remote file inclusion vulnerability in inc/shows.inc.php in ...)
	NOT-FOR-US: cutenews
CVE-2006-6545 (PHP remote file inclusion vulnerability in includes/common.php in the ...)
	NOT-FOR-US: ErrorDocs 1.0.0 and earlier module for mxBB
CVE-2006-6544 (Cross-site scripting (XSS) vulnerability in CM68 News allows remote ...)
	NOT-FOR-US: CM68 News
CVE-2006-6543 (Multiple SQL injection vulnerabilities in login.asp in AppIntellect ...)
	NOT-FOR-US: AppIntellect SpotLight CRM
CVE-2006-6542 (SQL injection vulnerability in news.php in Fantastic News 2.1.4 and ...)
	NOT-FOR-US: Fantastic News
CVE-2006-6541 (** DISPUTED ** ...)
	NOT-FOR-US: Animated Smiley Generator
CVE-2006-6540 (SQL injection vulnerability in bt-trackback.php in Bluetrait before ...)
	NOT-FOR-US: Bluetrait
CVE-2006-6539 (Multiple buffer overflows in Winamp Web Interface (Wawi) 7.5.13 and ...)
	NOT-FOR-US: Winamp Web Interface
CVE-2006-6538 (D-LINK DWL-2000AP+ firmware 2.11 allows remote attackers to cause (1) ...)
	NOT-FOR-US: D-LINK
CVE-2006-6537 (IBM WebSphere Host On-Demand 6.0, 7.0, 8.0, 9.0, and possibly 10, ...)
	NOT-FOR-US: IBM
CVE-2006-6536 (Cross-site scripting (XSS) vulnerability in hata.asp in Cilem Haber ...)
	NOT-FOR-US: Cilem Haber Free Edition
CVE-2006-6535 (The dev_queue_xmit function in Linux kernel 2.6 can fail before ...)
	{DSA-1304}
	- linux-2.6 <not-affected> (Fixed before upload into the archive; 2.6.10)
CVE-2006-6534 (Multiple cross-site scripting (XSS) vulnerabilities in osCommerce ...)
	NOT-FOR-US: osCommerce
CVE-2006-6533 (Directory traversal vulnerability in admin/templates_boxes_layout.php ...)
	NOT-FOR-US: osCommerce
CVE-2006-6532 (Multiple cross-site scripting (XSS) vulnerabilities in Vt-Forum Lite ...)
	NOT-FOR-US: Vt-Forum Lite
CVE-2006-6531 (Cross-site scripting (XSS) vulnerability in the Help Tip module before ...)
	NOT-FOR-US: Help Tip module for Drupal
CVE-2006-6530 (SQL injection vulnerability in the Help Tip module before 4.7.x-1.0 ...)
	NOT-FOR-US: Help Tip module for Drupal
CVE-2006-6529 (The Chatroom Module before 4.7.x.-1.0 for Drupal displays private ...)
	NOT-FOR-US: Chatroom Module for Drupal
CVE-2006-6528 (The Chatroom Module before 4.7.x.-1.0 for Drupal broadcasts Chatroom ...)
	NOT-FOR-US: Chatroom Module for Drupal
CVE-2006-6527 (PHP remote file inclusion vulnerability in guest.php in Gizzar ...)
	NOT-FOR-US: Gizzar
CVE-2006-6526 (PHP remote file inclusion vulnerability in index.php in Gizzar ...)
	NOT-FOR-US: Gizzar
CVE-2006-6525 (SQL injection vulnerability in vdateUsr.asp in EzHRS HR Assist 1.05 ...)
	NOT-FOR-US: EzHRS HR Assist
CVE-2006-6524 (SQL injection vulnerability in vdateUsr.asp in EzHRS HR Assist 1.05 ...)
	NOT-FOR-US: EzHRS HR Assist
CVE-2006-6523 (Cross-site scripting (XSS) vulnerability in mail/manage.html in ...)
	NOT-FOR-US: BoxTrapper in cPanel
CVE-2006-6522 (Multiple cross-site scripting (XSS) vulnerabilities in WikiTimeScale ...)
	NOT-FOR-US: WikiTimeScale TwoZero
CVE-2006-6521 (SQL injection vulnerability in lire-avis.php in Messageriescripthp 2.0 ...)
	NOT-FOR-US: Messageriescripthp
CVE-2006-6520 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
	NOT-FOR-US: Messageriescripthp
CVE-2006-6519 (SQL injection vulnerability in lire-avis.php in ProNews 1.5 allows ...)
	NOT-FOR-US: ProNews
CVE-2006-6518 (Multiple cross-site scripting (XSS) vulnerabilities in ProNews 1.5 ...)
	NOT-FOR-US: ProNews
CVE-2006-6517 (Multiple cross-site scripting (XSS) vulnerabilities in KDPics 1.16 and ...)
	NOT-FOR-US: KDPics
CVE-2006-6516 (Multiple PHP remote file inclusion vulnerabilities in KDPics 1.16 and ...)
	NOT-FOR-US: KDPics
CVE-2006-6515 (Mantis before 1.1.0a2 sets the default value of ...)
	- mantis 1.0.6+dfsg-1 (unimportant)
	NOTE: http://www.mantisbt.org/bugs/print_bug_page.php?bug_id=5163
	NOTE: Not a security bug, only a very annoying feature.
CVE-2006-6514 (Winamp Web Interface (Wawi) 7.5.13 and earlier uses an insufficient ...)
	NOT-FOR-US: Winamp Web Interface (Wawi)
CVE-2006-6513 (The CControl::Download function (/dl URI) in Winamp Web Interface ...)
	NOT-FOR-US: Winamp Web Interface (Wawi)
CVE-2006-6512 (Directory traversal vulnerability in the Browse function (/browse URI) ...)
	NOT-FOR-US: Winamp Web Interface (Wawi)
CVE-2006-6511 (dadaIMC .99.3 uses an insufficiently restrictive FilesMatch directive ...)
	NOT-FOR-US: dadaIMC
CVE-2006-6510 (An unspecified ActiveX control in SiteKiosk before 6.5.150 is ...)
	NOT-FOR-US: SiteKiosk
CVE-2006-6509 (Cross-site scripting (XSS) vulnerability in the skinning feature in ...)
	NOT-FOR-US: SiteKiosk
CVE-2006-6508 (Cross-site request forgery (CSRF) vulnerability in phpBB 2.0.21 allows ...)
	{DSA-1488-1}
	NOTE: This is covered/duped by CVE-2006-6841
	- phpbb2 2.0.21-6
CVE-2006-6507 (Mozilla Firefox 2.0 before 2.0.0.1 allows remote attackers to bypass ...)
	NOTE: MFSA-2006-76
	- iceweasel 2.0.0.1+dfsg-1 (high)
	- xulrunner <not-affected> (maintainer reported)
	- iceape <not-affected> (maintainer reported)
CVE-2006-6506 (The &quot;Feed Preview&quot; feature in Mozilla Firefox 2.0 before 2.0.0.1 sends ...)
	NOTE: MFSA-2006-75
	- iceweasel 2.0.0.1+dfsg-1 (low)
	- iceape <not-affected> (maintainer reported)
CVE-2006-6505 (Multiple heap-based buffer overflows in Mozilla Thunderbird before ...)
	{DSA-1265-1}
	NOTE: MFSA-2006-74
	[sarge] - mozilla-thunderbird <no-dsa> (Mozilla products from Sarge no longer supported)
	- icedove 1.5.0.9.dfsg1-1 (high)
	- iceape 1.0.7-1 (high)
	- mozilla <removed>
CVE-2006-6504 (Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, and ...)
	NOTE: MFSA-2006-73
	- iceweasel 2.0.0.1+dfsg-1 (high)
	- xulrunner 1.8.0.9-1 (high)
	- iceape 1.0.7-1 (high)
	- firefox <removed> (high)
	NOTE: Flaw was introduced in Firefox 1.5.0.4
	- icedove 1.5.0.9.dfsg1-1 (high)
CVE-2006-6503 (Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, Thunderbird ...)
	{DSA-1265-1 DSA-1258-1 DSA-1253-1}
	NOTE: MFSA-2006-72
	- iceweasel 2.0.0.1+dfsg-1 (high)
	- xulrunner 1.8.0.9-1 (high)
	- iceape 1.0.7-1 (high)
	- firefox <removed> (high)
	- mozilla <removed> (high)
	- mozilla-firefox <removed> (high)
	- mozilla-thunderbird <removed> (high)
	- icedove 1.5.0.9.dfsg1-1 (high)
CVE-2006-6502 (Use-after-free vulnerability in the LiveConnect bridge code for ...)
	{DSA-1265-1 DSA-1258-1 DSA-1253-1}
	NOTE: MFSA-2006-71
	- iceweasel 2.0.0.1+dfsg-1 (high)
	- xulrunner 1.8.0.9-1 (high)
	- iceape 1.0.7-1 (high)
	- firefox <removed> (high)
	- mozilla <removed> (high)
	- mozilla-firefox <removed> (high)
	- mozilla-thunderbird <removed> (unimportant)
	- icedove 1.5.0.9.dfsg1-1 (unimportant)
	NOTE: Not exploitable in standard Icedove configuration
CVE-2006-6501 (Unspecified vulnerability in Mozilla Firefox 2.x before 2.0.0.1, 1.5.x ...)
	{DSA-1265-1 DSA-1258-1 DSA-1253-1}
	NOTE: MFSA-2006-70
	- iceweasel 2.0.0.1+dfsg-1 (high)
	- xulrunner 1.8.0.9-1 (high)
	- iceape 1.0.7-1 (high)
	- firefox <removed> (high)
	- mozilla <removed> (high)
	- mozilla-firefox <removed> (high)
	- mozilla-thunderbird <removed> (low)
	- icedove 1.5.0.9.dfsg1-1 (low)
CVE-2006-6500 (Heap-based buffer overflow in Mozilla Firefox 2.x before 2.0.0.1, ...)
	NOTE: MFSA-2006-69
	- iceweasel <not-affected> (windows only)
	- xulrunner <not-affected> (Windows only)
	- iceape <not-affected> (windows only)
	- firefox <not-affected> (windows only)
	- mozilla <not-affected> (windows only)
	- mozilla-firefox <not-affected> (windows only)
	- mozilla-thunderbird <not-affected> (windows only)
	- icedove <not-affected> (windows only)
CVE-2006-6499 (The js_dtoa function in Mozilla Firefox 2.x before 2.0.0.1, 1.5.x ...)
	{DSA-1265-1 DSA-1258-1 DSA-1253-1}
	NOTE: MFSA-2006-68
	- iceweasel 2.0.0.1+dfsg-1 (high)
	- xulrunner 1.8.0.9-1 (high)
	- iceape 1.0.7-1 (high)
	- firefox <removed> (high)
	- mozilla <removed> (high)
	- mozilla-firefox <removed> (high)
	- mozilla-thunderbird <removed> (low)
	- icedove 1.5.0.9.dfsg1-1 (low)
	NOTE: Is it possible to reduce the floating point precision in Linux as a non-priv
	NOTE: user? I don't think so
CVE-2006-6498 (Multiple unspecified vulnerabilities in the JavaScript engine for ...)
	{DSA-1265-1 DSA-1258-1 DSA-1253-1}
	NOTE: MFSA-2006-68
	- iceweasel 2.0.0.1+dfsg-1 (high)
	- xulrunner 1.8.0.9-1 (high)
	- iceape 1.0.7-1 (high)
	- firefox <removed> (high)
	- mozilla <removed> (high)
	- mozilla-firefox <removed> (high)
	- mozilla-thunderbird <removed> (low)
	- icedove 1.5.0.9.dfsg1-1 (low)
CVE-2006-6497 (Multiple unspecified vulnerabilities in the layout engine for Mozilla ...)
	{DSA-1265-1 DSA-1258-1 DSA-1253-1}
	NOTE: MFSA-2006-68
	- iceweasel 2.0.0.1+dfsg-1 (medium)
	- xulrunner 1.8.0.9-1 (medium)
	- iceape 1.0.7-1 (medium)
	- firefox <removed> (medium)
	- mozilla <removed> (medium)
	- mozilla-firefox <removed> (medium)
	- mozilla-thunderbird <removed> (low)
	- icedove 1.5.0.9.dfsg1-1 (low)
CVE-2006-6496 (The (1) VetMONNT.sys and (2) VetFDDNT.sys drivers in CA Anti-Virus ...)
	NOT-FOR-US: CA Anti-Virus
CVE-2006-6495 (Stack-based buffer overflow in ld.so.1 in Sun Solaris 8, 9, and 10 ...)
	NOT-FOR-US: Solaris
CVE-2006-6494 (Directory traversal vulnerability in ld.so.1 in Sun Solaris 8, 9, and ...)
	NOT-FOR-US: Solaris
CVE-2006-6493 (Buffer overflow in the krbv4_ldap_auth function in ...)
	- openldap2.3 <not-affected> (kerberos support not enabled)
	- openldap2 <not-affected> (kerberos support not enabled)
CVE-2006-6492
	REJECTED
CVE-2006-6491
	REJECTED
CVE-2006-6490 (Multiple buffer overflows in the SupportSoft (1) SmartIssue ...)
	NOT-FOR-US: SupportSoft ActiveX
CVE-2006-6489 (The SISCO OSI stack, as used in SISCO MMS-EASE, ICCP Toolkit for ...)
	NOT-FOR-US: SISCO OSI stack
CVE-2006-6488 (Stack-based buffer overflow in the DoModal function in the Dialog Wrapper ...)
	NOT-FOR-US: ICONICS
CVE-2006-6487 (Cross-site scripting (XSS) vulnerability in index.php in DT Guestbook ...)
	NOT-FOR-US: DT Guestbook
CVE-2006-6486 (SQL injection vulnerability in EasyPage allows remote attackers to ...)
	NOT-FOR-US: EasyPage
CVE-2006-6485 (Multiple cross-site scripting (XSS) vulnerabilities in ShopSite 8.1 ...)
	NOT-FOR-US: ShopSite
CVE-2006-6484 (The IMAP service for MailEnable Professional and Enterprise Edition ...)
	NOT-FOR-US: MailEnable
CVE-2006-6483 (Adobe ColdFusion MX 7.x before 7.0.2 does not properly filter HTML ...)
	NOT-FOR-US: ColdFusion
CVE-2006-6482 (Adobe ColdFusion MX7 allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: ColdFusion
CVE-2006-6481 (Clam AntiVirus (ClamAV) 0.88.6 allows remote attackers to cause a ...)
	{DSA-1238-1}
	- clamav 0.88.7-1 (low; bug #401874)
CVE-2006-6480 (admin/admin_membre/fiche_membre.php in AnnonceScriptHP 2.0 allows ...)
	NOT-FOR-US: AnnonceScriptHP
CVE-2006-6479 (Multiple cross-site scripting (XSS) vulnerabilities in AnnonceScriptHP ...)
	NOT-FOR-US: AnnonceScriptHP
CVE-2006-6478 (Multiple SQL injection vulnerabilities in AnnonceScriptHP 2.0 allow ...)
	NOT-FOR-US: AnnonceScriptHP
CVE-2006-6477 (FRAgent.exe in Mandiant First Response (MFR) before 1.1.1, when run in ...)
	NOT-FOR-US: Mandiant First Response (MFR)
CVE-2006-6476 (FRAgent.exe in Mandiant First Response (MFR) before 1.1.1, when run in ...)
	NOT-FOR-US: Mandiant First Response (MFR)
CVE-2006-6475 (FRAgent.exe in Mandiant First Response (MFR) before 1.1.1, when run in ...)
	NOT-FOR-US: Mandiant First Response (MFR)
CVE-2006-6474 (Untrusted search path vulnerability in McAfee VirusScan for Linux ...)
	NOT-FOR-US: McAfee
CVE-2006-6473 (Multiple unspecified vulnerabilities in Xerox WorkCentre and ...)
	NOT-FOR-US: Xerox WorkCentre
CVE-2006-6472 (The httpd.conf file in Xerox WorkCentre and WorkCentre Pro before ...)
	NOT-FOR-US: Xerox WorkCentre
CVE-2006-6471 (Xerox WorkCentre and WorkCentre Pro before 12.050.03.000, 13.x before ...)
	NOT-FOR-US: Xerox WorkCentre
CVE-2006-6470 (The SNMP Agent in Xerox WorkCentre and WorkCentre Pro before ...)
	NOT-FOR-US: Xerox WorkCentre
CVE-2006-6469 (Xerox WorkCentre and WorkCentre Pro before 12.050.03.000, 13.x before ...)
	NOT-FOR-US: Xerox WorkCentre
CVE-2006-6468 (Xerox WorkCentre and WorkCentre Pro before 12.050.03.000, 13.x before ...)
	NOT-FOR-US: Xerox WorkCentre
CVE-2006-6467 (Xerox WorkCentre and WorkCentre Pro before 12.050.03.000, 13.x before ...)
	NOT-FOR-US: Xerox WorkCentre
CVE-2006-6466 (Multiple cross-site scripting (XSS) vulnerabilities in WBmap.php in ...)
	NOT-FOR-US: WikyBlog
CVE-2006-6465 (** DISPUTED ** ...)
	NOT-FOR-US: WikyBlog
CVE-2006-6464 (viewcart in Midicart accepts negative numbers in the Qty (quantity) ...)
	NOT-FOR-US: Midicart
CVE-2006-6463 (Unrestricted file upload vulnerability in admin/add.php in Midicart ...)
	NOT-FOR-US: Midicart
CVE-2006-6462 (PHP remote file inclusion vulnerability in engine/oldnews.inc.php in ...)
	NOT-FOR-US: CM68 News
CVE-2006-6461 (tr1.php in Yourfreeworld Stylish Text Ads Script allows remote ...)
	NOT-FOR-US: Yourfreeworld Stylish Text Ads Script
CVE-2006-6460 (Yourfreeworld.com Short Url &amp; Url Tracker Script allows remote ...)
	NOT-FOR-US: Yourfreeworld.com Short Url Script
CVE-2006-6459 (Cross-site scripting (XSS) vulnerability in toplist.php in PhpBB ...)
	NOT-FOR-US: Toplist for phpBB
CVE-2006-6458 (The Trend Micro scan engine before 8.320 for Windows and before 8.150 ...)
	NOT-FOR-US: Trend Micro (Windows)
CVE-2006-6457 (tiki-wiki_rss.php in Tikiwiki 1.9.5, 1.9.2, and possibly other ...)
	- tikiwiki <removed> (bug #404472)
	NOTE: Might be a mis-report, check with upstream
CVE-2006-6456 (Unspecified vulnerability in Microsoft Word 2000, 2002, and 2003 and ...)
	NOT-FOR-US: Microsoft Word
CVE-2006-6455 (Multiple SQL injection vulnerabilities in admin/default.asp in DUware ...)
	NOT-FOR-US: DUware
CVE-2006-6454 (execInBackground.php in J-OWAMP Web Interface 2.1b and earlier allows ...)
	NOT-FOR-US: J-OWAMP Web Interface
CVE-2006-6453 (PHP remote file inclusion vulnerability in JOWAMP_ShowPage.php in ...)
	NOT-FOR-US: J-OWAMP Web Interface
CVE-2006-6452 (Multiple cross-site scripting (XSS) vulnerabilities in the MyArticles ...)
	NOT-FOR-US: RunCMS
CVE-2006-6451 (Multiple cross-site scripting (XSS) vulnerabilities in SWsoft Plesk ...)
	NOT-FOR-US: Plesk
CVE-2006-6450 (Multiple SQL injection vulnerabilities in dagent/downloadreport.asp in ...)
	NOT-FOR-US: Novell ZENworks Patch Management
CVE-2006-6449 (Vt-Forum Lite 1.3 and earlier store sensitive information under the ...)
	NOT-FOR-US: Vt-Forum Lite
CVE-2006-6448 (Multiple SQL injection vulnerabilities in Vt-Forum Lite 1.3 and ...)
	NOT-FOR-US: Vt-Forum
CVE-2006-6447 (Multiple cross-site scripting (XSS) vulnerabilities in Vt-Forum Lite ...)
	NOT-FOR-US: Vt-Forum Lite
CVE-2006-6446 (SQL injection vulnerability in index.php in iWare Professional 5.0.4, ...)
	NOT-FOR-US: iWare Professional
CVE-2006-6445 (Directory traversal vulnerability in error.php in Envolution 1.1.0 and ...)
	NOT-FOR-US: Envolution
CVE-2006-6444 (Stack-based buffer overflow in Nostra DivX Player 2.1, 2.2.00.0, and ...)
	NOT-FOR-US: Nostra DivX Player
CVE-2006-6443 (Buffer overflow in the Novell Distributed Print Services (NDPS) Print ...)
	NOT-FOR-US: Novell Distributed Print Services
CVE-2006-6442 (Stack-based buffer overflow in the SetClientInfo function in the ...)
	NOT-FOR-US: America Online
CVE-2006-6441 (Xerox WorkCentre and WorkCentre Pro before 12.050.03.000, 13.x before ...)
	NOT-FOR-US: Xerox WorkCentre and WorkCentre Pro
CVE-2006-6440 (Multple unspecified vulnerabilities in Xerox WorkCentre and WorkCentre ...)
	NOT-FOR-US: Xerox WorkCentre and WorkCentre Pro
CVE-2006-6439 (Xerox WorkCentre and WorkCentre Pro before 12.050.03.000, 13.x before ...)
	NOT-FOR-US: Xerox WorkCentre and WorkCentre Pro
CVE-2006-6438 (Xerox WorkCentre and WorkCentre Pro before 12.050.03.000, 13.x before ...)
	NOT-FOR-US: Xerox WorkCentre and WorkCentre Pro
CVE-2006-6437 (ops3-dmn in Xerox WorkCentre and WorkCentre Pro before 12.050.03.000, ...)
	NOT-FOR-US: Xerox WorkCentre and WorkCentre Pro
CVE-2006-6436 (Cross-site scripting (XSS) vulnerability in the Network controller in ...)
	NOT-FOR-US: Xerox WorkCentre and WorkCentre Pro
CVE-2006-6435 (The SNMP implementation in Xerox WorkCentre and WorkCentre Pro before ...)
	NOT-FOR-US: Xerox WorkCentre and WorkCentre Pro
CVE-2006-6434 (Unspecified vulnerability in the Web User Interface in Xerox ...)
	NOT-FOR-US: Xerox WorkCentre and WorkCentre Pro
CVE-2006-6433 (Xerox WorkCentre and WorkCentre Pro before 12.060.17.000, 13.x before ...)
	NOT-FOR-US: Xerox WorkCentre and WorkCentre Pro
CVE-2006-6432 (Unspecified vulnerability in the Scan-to-mailbox feature in Xerox ...)
	NOT-FOR-US: Xerox WorkCentre and WorkCentre Pro
CVE-2006-6431 (Unspecified vulnerability in Xerox WorkCentre and WorkCentre Pro ...)
	NOT-FOR-US: Xerox WorkCentre and WorkCentre Pro
CVE-2006-6430 (Web services in Xerox WorkCentre and WorkCentre Pro before ...)
	NOT-FOR-US: Xerox WorkCentre and WorkCentre Pro
CVE-2006-6429 (Xerox WorkCentre and WorkCentre Pro before 12.060.17.000, 13.x before ...)
	NOT-FOR-US: Xerox WorkCentre and WorkCentre Pro
CVE-2006-6428 (Xerox WorkCentre and WorkCentre Pro before 12.060.17.000, 13.x before ...)
	NOT-FOR-US: Xerox WorkCentre and WorkCentre Pro
CVE-2006-6427 (The Web User Interface in Xerox WorkCentre and WorkCentre Pro before ...)
	NOT-FOR-US: Xerox WorkCentre and WorkCentre Pro
CVE-2006-6426 (PHP remote file inclusion vulnerability in design/thinkedit/render.php ...)
	NOT-FOR-US: ThinkEdit
CVE-2006-6425 (Stack-based buffer overflow in the IMAP daemon (IMAPD) in Novell ...)
	NOT-FOR-US: Novell NetMail
CVE-2006-6424 (Multiple buffer overflows in Novell NetMail before 3.52e FTF2 allow ...)
	NOT-FOR-US: Novell NetMail
CVE-2006-6423 (Stack-based buffer overflow in the IMAP service for MailEnable ...)
	NOT-FOR-US: MailEnable
CVE-2006-6422 (Agileco AgileBill 1.4.x and AgileVoice 1.4.x do not properly handle ...)
	NOT-FOR-US: AgileBill AgileVoice
CVE-2006-6421 (Cross-site scripting (XSS) vulnerability in the private message box ...)
	- phpbb2 2.0.21-6 (medium)
	[sarge] - phpbb2 <not-affected>
CVE-2006-6420 (Multiple cross-site scripting (XSS) vulnerabilities in jce.php in the ...)
	NOT-FOR-US: Joomla Content Editor (JCE)
CVE-2006-6419 (jce.php in the JCE Admin Component in Ryan Demmer Joomla Content ...)
	NOT-FOR-US: Joomla Content Editor (JCE)
CVE-2006-6418 (Buffer overflow in the POSIX Threads library (libpthread) on HP Tru64 ...)
	NOT-FOR-US: HP Tru64 UNIX
CVE-2006-6417 (PHP remote file inclusion vulnerability in ...)
	- b2evolution <not-affected> (vulnerable code added later)
CVE-2006-6416 (Multiple PHP remote file inclusion vulnerabilities in PhpLeague - ...)
	NOT-FOR-US: PhpLeague
CVE-2006-6415 (** DISPUTED ** ...)
	NOT-FOR-US: phpAdsNew
CVE-2006-6414 (Multiple SQL injection vulnerabilities in dettaglio.asp in dol storye ...)
	NOT-FOR-US: dol storye
CVE-2006-6413 (Cross-site scripting (XSS) vulnerability in Amateras sns 3.11 and ...)
	NOT-FOR-US: Amateras sns
CVE-2006-6412
	RESERVED
CVE-2006-6411 (PhoneCtrl.exe in Linksys WIP 330 Wireless-G IP Phone 1.00.06A allows ...)
	NOT-FOR-US: Linksys
CVE-2006-6410 (Buffer overflow in an ActiveX control in VMWare 5.5.1 allows local ...)
	NOT-FOR-US: VMWare
CVE-2006-6409 (F-Secure Anti-Virus for Linux Gateways 4.65 allows remote attackers to ...)
	NOT-FOR-US: F-Secure
CVE-2006-6408 (Kaspersky Anti-Virus for Linux Mail Servers 5.5.10 allows remote ...)
	NOT-FOR-US: Kaspersky
CVE-2006-6407 (F-Prot Antivirus for Linux x86 Mail Servers 4.6.6 allows remote ...)
	NOT-FOR-US: F-Prot
CVE-2006-6406 (Clam AntiVirus (ClamAV) 0.88.6 allows remote attackers to bypass virus ...)
	{DSA-1238-1}
	- clamav 0.88.7-1 (medium; bug #401873)
CVE-2006-6405 (BitDefender Mail Protection for SMB 2.0 allows remote attackers to ...)
	NOT-FOR-US: BitDefender
CVE-2006-6404
	RESERVED
CVE-2006-6403 (mystats.php in MyStats 1.0.8 and earlier allows remote attackers to ...)
	NOT-FOR-US: MyStats
CVE-2006-6402 (SQL injection vulnerability in mystats.php in MyStats 1.0.8 and ...)
	NOT-FOR-US: MyStats
CVE-2006-6401 (Multiple cross-site scripting (XSS) vulnerabilities in mystats.php in ...)
	NOT-FOR-US: MyStats
CVE-2006-6400 (Buffer overflow in JustSystems Hanako 2004 through 2006, Hanako viewer ...)
	NOT-FOR-US: JustSystems
CVE-2006-6399 (SQL injection vulnerability in Superfreaker Studios UPublisher 1.0 ...)
	NOT-FOR-US: Superfreaker Studios UPublisher
CVE-2006-6398 (Multiple SQL injection vulnerabilities in Superfreaker Studios ...)
	NOT-FOR-US: Superfreaker Studios UPublisher
CVE-2006-6397 (** DISPUTED ** ...)
	NOTE: not a vuln
CVE-2006-6396 (Stack-based buffer overflow in BlazeVideo HDTV Player 2.1, and ...)
	NOT-FOR-US: BlazeVideo HDTV Player
CVE-2006-6395 (Multiple memory leaks in Ulrik Petersen Emdros Database Engine before ...)
	NOT-FOR-US: Ulrik Petersen Emdros Database Engine
CVE-2006-6394 (SQL injection vulnerability in certain database classes in Jonas ...)
	NOT-FOR-US: Jonas Gauffin Publicera
CVE-2006-6393 (Cross-site scripting (XSS) vulnerability in Jonas Gauffin Publicera ...)
	NOT-FOR-US: Jonas Gauffin Publicera
CVE-2006-6392 (Directory traversal vulnerability in index.php in plx Web Studio (aka ...)
	NOT-FOR-US: plxWebDev
CVE-2006-6391 (Multiple directory traversal vulnerabilities in Open Solution ...)
	NOT-FOR-US: Open Solution Quick.Cart
CVE-2006-6390 (Multiple directory traversal vulnerabilities in Open Solution ...)
	NOT-FOR-US: Open Solution Quick.Cart
CVE-2006-6389 (Multiple cross-site scripting (XSS) vulnerabilities in ac4p Mobile ...)
	NOT-FOR-US: ac4p Mobile
CVE-2006-6388 (Cross-site scripting (XSS) vulnerability in naprednaPretraga.php in ...)
	NOT-FOR-US: LINK Content Management Server
CVE-2006-6387 (Multiple SQL injection vulnerabilities in LINK Content Management ...)
	NOT-FOR-US: LINK Content Management Server
CVE-2006-6386 (Cross-site scripting (XSS) vulnerability in the CVS management/tracker ...)
	NOT-FOR-US: CVS management/tracker (drupal plugin)
CVE-2006-6384 (Absolute path traversal vulnerability in abitwhizzy.php before ...)
	NOT-FOR-US: abitwhizzy.php
CVE-2006-6383 (PHP 5.2.0 and 4.4 allows local users to bypass safe_mode and ...)
	- php5 <unfixed> (unimportant)
	- php4 <unfixed> (unimportant)
	NOTE: safe-mode and basedir violations not treated as security issues
CVE-2006-6382 (The control panel for Positive Software H-Sphere before 2.5.0 RC3 ...)
	NOT-FOR-US: Positive Software H-Sphere
CVE-2006-6381 (Directory traversal vulnerability in getfile.asp in Ultimate HelpDesk ...)
	NOT-FOR-US: Ultimate HelpDesk
CVE-2006-6380 (Cross-site scripting (XSS) vulnerability in index.asp in Ultimate ...)
	NOT-FOR-US: Ultimate HelpDesk
CVE-2006-6379 (Buffer overflow in the BrightStor Backup Discovery Service in multiple ...)
	NOT-FOR-US: BrightStor Backup Discovery Service
CVE-2006-6378 (BTSaveMySql 1.2 stores sensitive data under the web root with ...)
	NOT-FOR-US: BTSaveMySql
CVE-2006-6377 (Uploadscript 1.2 and earlier stores sensitive data under the web root ...)
	NOT-FOR-US: Uploadscript
CVE-2006-6376 (Multiple directory traversal vulnerabilities in fm.php in Simple File ...)
	NOT-FOR-US: Simple File Manager
CVE-2006-6375 (Cross-site scripting (XSS) vulnerability in display.php in Simple ...)
	NOT-FOR-US: Simple machines Forum
CVE-2006-6374 (Multiple CRLF injection vulnerabilities in PhpMyAdmin 2.7.0-pl2 allow ...)
	- phpmyadmin <not-affected> (low; bug #404744)
	[sarge] - phpmyadmin <not-affected> (doesn't use sessions at all)
	[etch] - phpmyadmin <not-affected> (not exploitable with Etch's php versions)
	NOTE: not exploitable with PHP 5.1.2+ and 4.4.2+
CVE-2006-6373 (PhpMyAdmin 2.7.0-pl2 allows remote attackers to obtain sensitive ...)
	- phpmyadmin <unfixed> (unimportant)
	NOTE: path is known in Debian anyway
CVE-2006-6372 (Multiple cross-site scripting (XSS) vulnerabilities in pbguestbook.php ...)
	NOT-FOR-US: JAB Guest Book
CVE-2006-6371 (Cross-site scripting (XSS) vulnerability in pbguestbook.php in JAB ...)
	NOT-FOR-US: JAB Guest Book
CVE-2006-6370 (SQL injection vulnerability in forum/modules/gallery/post.php in ...)
	NOT-FOR-US: Invision Gallery
CVE-2006-6369 (SQL injection vulnerability in lib/entry_reply_entry.php in Invision ...)
	NOT-FOR-US: Invision Community Blog Mod
CVE-2000-1242 (The HTTP service in American Power Conversion (APC) PowerChute uses a ...)
	NOT-FOR-US: APC PowerChute
CVE-2006-6385 (Stack-based buffer overflow in Intel PRO 10/100, PRO/1000, and ...)
	NOT-FOR-US: Affects only Windows despite other claims
CVE-2006-6368 (PHP remote file inclusion vulnerability in login.php.inc in awrate 1.0 ...)
	NOT-FOR-US: awrate
CVE-2006-6367 (Multiple SQL injection vulnerabilities in detail.asp in DUware ...)
	NOT-FOR-US: Duware
CVE-2006-6366 (Cross-site scripting (XSS) vulnerability in ...)
	NOT-FOR-US: Cerberus Helpdesk
CVE-2006-6365 (SQL injection vulnerability in detail.asp in DUware DUpaypal 3.1, and ...)
	NOT-FOR-US: Duware
CVE-2006-6364 (Cross-site scripting (XSS) vulnerability in error.php in Inside ...)
	NOT-FOR-US: Inside Systems Mail (ISMail)
CVE-2006-6363 (Cross-site scripting (XSS) vulnerability in admin.pl in BlueSocket ...)
	NOT-FOR-US: BlueSocket Secure Controller
CVE-2006-6362
	REJECTED
CVE-2006-6361 (Heap-based buffer overflow in the uploadprogress_php_rfc1867_file ...)
	NOT-FOR-US: Bitflux Upload Progress Mete
CVE-2006-6360 (PHP remote file inclusion vulnerability in activate.php in PHP Upload ...)
	NOT-FOR-US: PHP Upload Center
CVE-2006-6359 (Cross-site scripting (XSS) vulnerability in Stefan Frech ...)
	NOT-FOR-US: Stefan Frech online-bookmarks
CVE-2006-6358 (SQL injection vulnerability in the login function in auth.inc in ...)
	NOT-FOR-US: Stefan Frech online-bookmarks
CVE-2006-6357 (Cross-site scripting (XSS) vulnerability in templates/cat_temp.php in ...)
	NOT-FOR-US: PHPNews
CVE-2006-6356 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
	NOT-FOR-US: PHPNews
CVE-2006-6355 (SQL injection vulnerability in default.asp in DuWare DuClassmate ...)
	NOT-FOR-US: DuWare
CVE-2006-6354 (Multiple SQL injection vulnerabilities in detail.asp in DuWare DuNews ...)
	NOT-FOR-US: DuWare
CVE-2006-6353 (Multiple unspecified vulnerabilities in BOMArchiveHelper in Mac OS X ...)
	NOT-FOR-US: Mac OS X
CVE-2006-6352 (FRISK Software F-Prot Antivirus before 4.6.7 allows user-assisted ...)
	NOT-FOR-US: F-Prot Antivirus
CVE-2006-6351 (KhaledMuratList stores sensitive data under the web root with ...)
	NOT-FOR-US: KhaledMuratList
CVE-2006-6350 (listpics 5 stores sensitive data under the web root with insufficient ...)
	NOT-FOR-US: listpics 5
CVE-2006-6349 (Multiple SQL injection vulnerabilities in PWP Technologies The ...)
	NOT-FOR-US: PWP Technologies The Classified Ad System
CVE-2006-6348 (Cross-site scripting (XSS) vulnerability in board.php in mowdBB RC-6 ...)
	NOT-FOR-US: mowdBB
CVE-2006-6347 (Unrestricted file upload vulnerability in TFT-Gallery allows remote ...)
	NOT-FOR-US: TFT-Gallery
CVE-2006-6346 (Unspecified vulnerability in SAP Internet Graphics Service (IGS) 6.40 ...)
	NOT-FOR-US: SAP
CVE-2006-6345 (Directory traversal vulnerability in SAP Internet Graphics Service ...)
	NOT-FOR-US: SAP
CVE-2006-6344 (Multiple unspecified vulnerabilities in Neocrome Seditio 1.10 and ...)
	NOT-FOR-US: Neocrome Seditio
CVE-2006-6343 (SQL injection vulnerability in polls.php in Neocrome Seditio 1.10 and ...)
	NOT-FOR-US: Neocrome Seditio
CVE-2006-6342 (Multiple SQL injection vulnerabilities in KLF-DESIGN (aka Kim L. ...)
	NOT-FOR-US: KLF-DESIGN
CVE-2006-6341 (Multiple PHP remote file inclusion vulnerabilities in mg.applanix ...)
	NOT-FOR-US: mg.applanix
CVE-2006-6340 (keystone.exe in nVIDIA nView allows attackers to cause a denial of ...)
	NOT-FOR-US: nVIDIA nView
CVE-2006-6339 (SQL injection vulnerability in sites/index.php in deV!L`z Clanportal ...)
	NOT-FOR-US: deV!L`z Clanportal
CVE-2006-6338 (Unrestricted file upload vulnerability in upload/index.php in deV!L`z ...)
	NOT-FOR-US: deV!L`z Clanportal
CVE-2006-6337 (Multiple SQL injection vulnerabilities in giris.asp in Aspee and ...)
	NOT-FOR-US: Aspee Ziyaretci Defteri
CVE-2006-6336 (Heap-based buffer overflow in the Mail Management Server (MAILMA.exe) ...)
	NOT-FOR-US: Eudora WorldMail
CVE-2006-6335 (Multiple buffer overflows in Sophos Anti-Virus scanning engine before ...)
	NOT-FOR-US: Sophos Anti-Virus
CVE-2006-6334 (Heap-based buffer overflow in the SendChannelData function in wfica.ocx in ...)
	NOT-FOR-US: Citrix Presentation Server Client
CVE-2006-6333 (The tr_rx function in ibmtr.c for Linux kernel 2.6.19 assigns the ...)
	- linux-2.6 2.6.20-1
	[etch] - linux-2.6 <not-affected> (Only affects 2.6.19, introduced after 2.6.18)
CVE-2006-6332 (Stack-based buffer overflow in net80211/ieee80211_wireless.c in ...)
	- madwifi 1:0.9.2+r1842.20061207-2 (high; bug #402836; bug #402111)
	[etch] - madwifi <no-dsa> (Non-free not supported)
CVE-2006-6331 (metaInfo.php in TorrentFlux 2.2, when $cfg[&quot;enable_file_priority&quot;] is ...)
	- torrentflux 2.1-7 (bug #400582; medium)
CVE-2006-6330 (index.php for TorrentFlux 2.2 allows remote registered users to ...)
	- torrentflux 2.1-6 (bug #399169; medium)
CVE-2006-6329 (index.php for TorrentFlux 2.2 allows remote attackers to delete files ...)
	- torrentflux 2.1-6 (bug #399169)
CVE-2006-6328 (Directory traversal vulnerability in index.php for TorrentFlux 2.2 ...)
	- torrentflux 2.1-5 (bug #395930; medium)
	NOTE: duplicate of CVE-2006-5609
CVE-2006-6327
	RESERVED
CVE-2006-6326
	RESERVED
CVE-2006-6325
	RESERVED
CVE-2006-6324
	RESERVED
CVE-2006-6323
	RESERVED
CVE-2006-6322
	RESERVED
CVE-2006-6321
	RESERVED
CVE-2006-6320
	RESERVED
CVE-2006-6319
	RESERVED
CVE-2006-6318 (The show_elog_list function in elogd.c in elog 2.6.2 and earlier ...)
	{DSA-1242-1}
	- elog 2.6.2+r1754-1
CVE-2006-6317
	RESERVED
CVE-2006-6316
	RESERVED
CVE-2006-6315
	RESERVED
CVE-2006-6314
	RESERVED
CVE-2006-6313
	RESERVED
CVE-2006-6312
	RESERVED
CVE-2006-6311 (Microsoft Internet Explorer 6.0.2900.2180 allows remote attackers to ...)
	NOT-FOR-US: Microsoft
CVE-2006-6310 (Microsoft Internet Explorer 6.0 SP1 and earlier allows remote ...)
	NOT-FOR-US: Microsoft
CVE-2006-6309 (Multiple array index errors in IBM Tivoli Storage Manager (TSM) before ...)
	NOT-FOR-US: Tivoli
CVE-2006-6308 (** DISPUTED ** ...)
	NOT-FOR-US: Symantec LiveState
CVE-2006-6307 (srvloc.sys in Novell Client for Windows before 4.91 SP3 allows remote ...)
	NOT-FOR-US: Novell Netware
CVE-2006-6306 (Format string vulnerability in Novell Modular Authentication Services ...)
	NOT-FOR-US: Novell Netware
CVE-2006-6305 (Unspecified vulnerability in Net-SNMP 5.3 before 5.3.0.1, when ...)
	- net-snmp <not-affected> (Only affects version 5.3.0)
CVE-2006-6304 (The do_coredump function in fs/exec.c in the Linux kernel 2.6.19 sets ...)
	- linux-2.6 <not-affected> (Only affects plain 2.6.19)
CVE-2006-6303 (The read_multipart function in cgi.rb in Ruby before 1.8.5-p2 does not ...)
	NOTE: http://www.ruby-lang.org/en/news/2006/12/04/another-dos-vulnerability-in-cgi-library/
	- ruby1.8 1.8.5-4 (low)
CVE-2006-6300 (Cross-site scripting (XSS) vulnerability in CuteNews 1.3.6 allows ...)
	NOT-FOR-US: CuteNews
CVE-2006-6299 (Integer overflow in Msg.dll in Novell ZENworks 7 Asset Management ...)
	NOT-FOR-US: Novell ZENworks
CVE-2006-6298 (SQL injection vulnerability in uye_giris_islem.asp in Metyus Okul ...)
	NOT-FOR-US: Metyus Okul Yonetim Sistemi
CVE-2006-6297 (Stack consumption vulnerability in the KFILE JPEG (kfile_jpeg) plugin ...)
	- kdegraphics <unfixed> (unimportant)
	NOTE: Generic bug, treating it as a security problem is quite a stretch
CVE-2006-6296 (The RpcGetPrinterData function in the Print Spooler (spoolsv.exe) ...)
	NOT-FOR-US: Microsoft
CVE-2006-6295 (PHP remote file inclusion vulnerability in includes/mx_common.php in ...)
	NOT-FOR-US: MxBB Portal
CVE-2006-6294 (Multiple unspecified vulnerabilities in FRISK Software F-Prot ...)
	NOT-FOR-US: F-Prot Antivirus
CVE-2006-6293 (Heap-based buffer overflow in FRISK Software F-Prot Antivirus before ...)
	NOT-FOR-US: F-Prot Antivirus
CVE-2006-6292 (Apple Airport Extreme firmware 0.1.27 in Mac OS X 10.4.8 on Mac mini, ...)
	NOT-FOR-US: Apple Airport
CVE-2006-6291 (Stack overflow in the IMAP module (MEIMAPS.EXE) in MailEnable ...)
	NOT-FOR-US: MailEnable Professional
CVE-2006-6290 (Multiple stack-based buffer overflows in the IMAP module (MEIMAPS.EXE) ...)
	NOT-FOR-US: MailEnable
CVE-2006-6289 (Woltlab Burning Board (wBB) Lite 1.0.2 does not properly unset ...)
	NOT-FOR-US: Woltlab Burning Board
CVE-2006-6288 (Multiple buffer overflows in Niek Albers CoolPlayer 216 and earlier ...)
	NOT-FOR-US: Niek Albers CoolPlayer
CVE-2006-6287 (Stack-based buffer overflow in AtomixMP3 2.3 and earlier allows remote ...)
	NOT-FOR-US: AtomixMP3
CVE-2006-6286 (Palm Desktop 4.1.4 and earlier stores user data with weak permissions ...)
	NOT-FOR-US: Palm Desktop
CVE-2006-6285 (** DISPUTED ** ...)
	NOT-FOR-US: Kai Blankenhorn Bitfolge
CVE-2006-6284 (Directory traversal vulnerability in admin.php in Vikingboard 0.1.2 ...)
	NOT-FOR-US: Vikingboard
CVE-2006-6283 (Multiple cross-site scripting (XSS) vulnerabilities in Vikingboard ...)
	NOT-FOR-US: Vikingboard
CVE-2006-6282 (members.php in Vikingboard 0.1.2 allows remote attackers to trigger a ...)
	NOT-FOR-US: Vikingboard
CVE-2006-6281 (PHP remote file inclusion vulnerability in check_status.php in ...)
	NOT-FOR-US: dicshunary
CVE-2006-6280 (SQL injection vulnerability in viewthread.php in Oxygen (O2PHP ...)
	NOT-FOR-US: Oxygen (O2PHP Bulletin Board)
CVE-2006-6279 (index.php in @lex Guestbook 4.0.1 allows remote attackers to obtain ...)
	NOT-FOR-US: @lex Guestbook
CVE-2006-6278 (Cross-site scripting (XSS) vulnerability in index.php in @lex ...)
	NOT-FOR-US: @lex Guestbook
CVE-2006-6277 (Directory traversal vulnerability in admin/FileServer.php in ...)
	NOT-FOR-US: ContentServ
CVE-2006-6276 (HTTP request smuggling vulnerability in Sun Java System Proxy Server ...)
	NOT-FOR-US: Sun Java System Proxy Server
CVE-2006-6275 (Race condition in the kernel in Sun Solaris 8 through 10 allows local ...)
	NOT-FOR-US: Solaris
CVE-2006-6274 (SQL injection vulnerability in articles.asp in Expinion.net iNews (1) ...)
	NOT-FOR-US: Expinion.net iNews
CVE-2006-6302 (fail2ban 0.7.4 and earlier does not properly parse sshd log files, ...)
	- fail2ban <not-affected> (looks fixed in 0.6, see #401793)
CVE-2006-6301 (DenyHosts 2.5 does not properly parse sshd log files, which allows ...)
	- denyhosts 2.6-1 (medium; bug #401795)
CVE-2006-6273 (sp_index.php in Simple PHP Gallery 1.1 allows remote attackers to ...)
	NOT-FOR-US: Simple PHP Gallery
CVE-2006-6272 (Cross-site scripting (XSS) vulnerability in sp_index.php in Simple PHP ...)
	NOT-FOR-US: Simple PHP Gallery
CVE-2006-6271 (Multiple cross-site scripting (XSS) vulnerabilities in PHPOLL 0.96 ...)
	NOT-FOR-US: PHPOLL
CVE-2006-6270 (Multiple SQL injection vulnerabilities in ASPMForum allow remote ...)
	NOT-FOR-US: ASPMForum
CVE-2006-6269 (Multiple SQL injection vulnerabilities in Infinitytechs Restaurants CM ...)
	NOT-FOR-US: Infinitytechs Restaurants CM
CVE-2006-6268 (SQL injection vulnerability in system/core/profile/profile.inc.php in ...)
	NOT-FOR-US: Neocrome Land Down Under
CVE-2006-6267 (PostNuke 0.7.5.0, and certain minor versions, allows remote attackers ...)
	NOT-FOR-US: PostNuke
CVE-2006-6266 (Teredo clients, when following item 6 of RFC4380 section 5.2.3, start ...)
	NOTE: It seems that no significant packet amplification takes place.
	NOTE: Probably harmless.
CVE-2006-6265 (Teredo clients, when located behind a restricted NAT, allow remote ...)
	NOTE: Potential firewall bypass is inherent to tunneling software.
	NOTE: Not a bug.
CVE-2006-6264 (Teredo creates trusted peer entries for arbitrary incoming source ...)
	NOTE: Potential firewall bypass is inherent to tunneling software.
	NOTE: Not a bug.
CVE-2006-6263 (Teredo clients, when source routing is enabled, recognize a Routing ...)
	NOTE: Potential firewall bypass is inherent to tunneling software.
	NOTE: Not a bug.
CVE-2006-6262 (Directory traversal vulnerability in mboard.php in PHPJunkYard (aka ...)
	NOT-FOR-US: PHPJunkYard MBoard
CVE-2006-6261 (Buffer overflow in Quintessential Player 4.50.1.82 and earlier allows ...)
	NOT-FOR-US: Quintessential Player
CVE-2006-6260 (SQL injection vulnerability in login.asp in Redbinaria Sistema ...)
	NOT-FOR-US: Redbinaria Sistema Integrado de Administracion de Portales (SIAP)
CVE-2006-6259 (Multiple directory traversal vulnerabilities in (a) ...)
	NOT-FOR-US: AlternC
CVE-2006-6258 (The phpmyadmin subsystem in AlternC 0.9.5 and earlier transmits the ...)
	NOT-FOR-US: AlternC
CVE-2006-6257 (The file manager in AlternC 0.9.5 and earlier, when warnings are ...)
	NOT-FOR-US: AlternC
CVE-2006-6256 (Cross-site scripting (XSS) vulnerability in the file manager in ...)
	NOT-FOR-US: AlternC
CVE-2006-6255 (Direct static code injection vulnerability in util.php in the NukeAI ...)
	NOT-FOR-US: NukeAI
CVE-2006-6254 (administration/telecharger.php in Cahier de texte 2.0 allows remote ...)
	NOT-FOR-US: Cahier de texte
CVE-2006-6253 (Cahier de texte 2.0 stores sensitive information under the web root, ...)
	NOT-FOR-US: Cahier de texte
CVE-2006-6252 (Microsoft Windows Live Messenger 8.0 and earlier, when gestual ...)
	NOT-FOR-US: Microsoft Windows Live Messenger
CVE-2006-6251 (Stack-based buffer overflow in VUPlayer 2.44 and earlier allows remote ...)
	NOT-FOR-US: VUPlayer
CVE-2006-6250 (Format string vulnerability in Songbird Media Player 0.2 and earlier ...)
	NOT-FOR-US: Songbird Media Player
CVE-2006-6249 (Cross-site scripting (XSS) vulnerability in Chama Cargo 4.36 and ...)
	NOT-FOR-US: Chama Cargo
CVE-2006-6248 (index.php in GPhotos 1.5 allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: GPhotos
CVE-2006-6247 (Multiple SQL injection vulnerabilities in Uapplication UPhotoGallery ...)
	NOT-FOR-US: UPhotoGallery
CVE-2006-6246 (Photo Organizer 2.32b and earlier does not properly check the ...)
	NOT-FOR-US: Photo Organizer
CVE-2006-6245 (Multiple SQL injection vulnerabilities in Photo Organizer (PO) 2.32b ...)
	NOT-FOR-US: Photo Organizer
CVE-2006-6244 (Coalescent Systems freePBX (formerly Asterisk Management Portal) ...)
	NOT-FOR-US: Coalescent Systems freePBX
CVE-2006-6243 (Multiple SQL injection vulnerabilities in index.asp in FipsSHOP allow ...)
	NOT-FOR-US: FipsSHOP
CVE-2006-6242 (Multiple directory traversal vulnerabilities in Serendipity 1.0.3 and ...)
	- serendipity 1.0.4-1 (unimportant; bug #401614)
	NOTE: Only exploitable with register_globals
CVE-2006-6241 (Sorin Chitu Telnet-FTP Server 1.0 allows remote authenticated users to ...)
	NOT-FOR-US: Sorin Chitu Telnet-FTP Server
CVE-2006-6240 (Directory traversal vulnerability in Sorin Chitu Telnet-FTP Server 1.0 ...)
	NOT-FOR-US: Sorin Chitu Telnet-FTP Server
CVE-2006-6239 (webadmin in MailEnable NetWebAdmin Professional 2.32 and Enterprise ...)
	NOT-FOR-US: MailEnable NetWebAdmin
CVE-2006-6238 (The AutoFill feature in Apple Safari 2.0.4 does not properly verify ...)
	NOT-FOR-US: Apple Safari
CVE-2006-6237 (SQL injection vulnerability in the decode_cookie function in ...)
	NOT-FOR-US: Woltlab Burning Board Lite
CVE-2006-6236 (Adobe Reader (Adobe Acrobat Reader) 7.0 through 7.0.8 allows remote ...)
	NOT-FOR-US: Acrobat Reader
CVE-2006-6235 (A &quot;stack overwrite&quot; vulnerability in GnuPG (gpg) 1.x before 1.4.6, 2.x ...)
	{DSA-1231-1}
	- gnupg 1.4.6-1 (high; bug #401894; bug #401898; bug #401914)
	- gnupg2 2.0.0-5.2 (high; bug #401895; bug #401913)
CVE-2006-6234 (Multiple SQL injection vulnerabilities in the Content module in ...)
	NOT-FOR-US: PHP-Nuke
CVE-2006-6233 (SQL injection vulnerability in the Downloads module for unknown ...)
	NOT-FOR-US: PostNuke
CVE-2006-6232 (PHP remote file inclusion vulnerability in admin/index.php in ...)
	NOT-FOR-US: DreamAccount
CVE-2006-6231 (vuBB 0.2.1 and earlier allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: VuBB
CVE-2006-6230 (SQL injection vulnerability in vuBB 0.2.1 and earlier allows remote ...)
	NOT-FOR-US: VuBB
CVE-2006-6229 (Codewalkers ltwCalendar (aka PHP Event Calendar) before 4.2.1 logs ...)
	NOT-FOR-US: Codewalkers ltwCalendar
CVE-2006-6228 (Cross-site scripting (XSS) vulnerability in Codewalkers ltwCalendar ...)
	NOT-FOR-US: Codewalkers ltwCalendar
CVE-2006-6227 (The Core::Receive function in neonet/core.cpp for NeoEngine 0.8.2 and ...)
	NOT-FOR-US: NeoEngine
CVE-2006-6226 (Multiple format string vulnerabilities in NeoEngine 0.8.2 and earlier, ...)
	NOT-FOR-US: NeoEngine
CVE-2006-6225 (Multiple PHP remote file inclusion vulnerabilities in GeekLog 1.4 ...)
	NOT-FOR-US: GeekLog
CVE-2006-6224 (PHP remote file inclusion vulnerability in the installation scripts in ...)
	NOT-FOR-US: Puntal
CVE-2006-6223 (Cross-site scripting (XSS) vulnerability in Google Search Appliance ...)
	NOT-FOR-US: Google Search Appliance
CVE-2006-6222 (Stack-based buffer overflow in the NetBackup bpcd daemon (bpcd.exe) in ...)
	NOT-FOR-US: Symantec Veritas NetBackup
CVE-2006-6221 (2X ThinClientServer Enterprise Edition before 4.0.2248 allows remote ...)
	NOT-FOR-US: 2X ThinClientServer Enterprise Edition
CVE-2006-6220 (Multiple SQL injection vulnerabilities in Recipes Website (Recipes ...)
	NOT-FOR-US: Recipes Complete Website
CVE-2006-6219 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...)
	NOT-FOR-US: dev4u CMS
CVE-2006-6218 (Multiple SQL injection vulnerabilities in index.php in dev4u CMS allow ...)
	NOT-FOR-US: dev4u CMS
CVE-2006-6217 (PHP remote file inclusion vulnerability in formdisp.php in the Mermaid ...)
	NOT-FOR-US: Mermaid module for PHP-NUKE
CVE-2006-6216 (SQL injection vulnerability in admin_hacks_list.php in the Nivisec ...)
	NOT-FOR-US: Nivisec Hacks List
CVE-2006-6215 (Multiple SQL injection vulnerabilities in Wallpaper Website (Wallpaper ...)
	NOT-FOR-US: Wallpaper Complete Website
CVE-2006-6214 (SQL injection vulnerability in wallpaper.php in Wallpaper Website ...)
	NOT-FOR-US: Wallpaper Complete Website
CVE-2006-6213 (index.php in PEGames uses the extract function to overwrite critical ...)
	NOT-FOR-US: PEGames
CVE-2006-6212 (PHP remote file inclusion vulnerability in centre.php in Site News ...)
	NOT-FOR-US: Site News
CVE-2006-6211 (Multiple cross-site scripting (XSS) vulnerabilities in BirdBlog 1.4.0 ...)
	NOT-FOR-US: BirdBlog
CVE-2006-6210 (SQL injection vulnerability in listpics.asp in ASP ListPics 5.0 allows ...)
	NOT-FOR-US: ASP ListPics
CVE-2006-6209 (Multiple SQL injection vulnerabilities in MidiCart ASP Shopping Cart ...)
	NOT-FOR-US: MidiCart ASP Shopping Cart
CVE-2006-6208 (Multiple SQL injection vulnerabilities in Enthrallweb eClassifieds ...)
	NOT-FOR-US: Enthreallweb eClassifieds
CVE-2006-6207 (** DISPUTED ** ...)
	NOT-FOR-US: Evolve Merchant
CVE-2006-6206 (SQL injection vulnerability in item.asp in WarHound General Shopping ...)
	NOT-FOR-US: WarHound General Shopping Cart
CVE-2006-6205 (Multiple cross-site scripting (XSS) vulnerabilities in result.asp in ...)
	NOT-FOR-US: Enthrallweb eHomes
CVE-2006-6204 (Multiple SQL injection vulnerabilities in Enthrallweb eHomes allow ...)
	NOT-FOR-US: Enthrallweb eHomes
CVE-2006-6203 (Directory traversal vulnerability in startdown.php in the Flyspray ME ...)
	NOT-FOR-US: Flyspray componenten for Mamba, this appears to be different from the Flyspray bug tracker
CVE-2006-6202 (PHP remote file inclusion vulnerability in modules/NukeAI/util.php in ...)
	NOT-FOR-US: PHP-Nuke
CVE-2006-6201 (Heap-based buffer overflow in Borland idsql32.dll 5.1.0.4, as used by ...)
	NOT-FOR-US: Borland idsql32.dll
CVE-2006-6200 (Multiple SQL injection vulnerabilities in the (1) rate_article and (2) ...)
	NOT-FOR-US: PHP-Nuke
CVE-2006-6199 (Stack-based buffer overflow in BlazeVideo BlazeDVD Standard and ...)
	NOT-FOR-US: BlazeVideo BlazeDVD
CVE-2006-6198 (Multiple cross-site scripting (XSS) vulnerabilities in cPanel WebHost ...)
	NOT-FOR-US: cPanel
CVE-2006-6197 (Multiple cross-site scripting (XSS) vulnerabilities in b2evolution ...)
	- b2evolution <not-affected> (0.9 releases not vulnerable)
CVE-2006-6196 (Cross-site scripting (XSS) vulnerability in the search functionality ...)
	NOT-FOR-US: Fixit iDMS Pro Image Gallery
CVE-2006-6195 (Multiple SQL injection vulnerabilities in Fixit iDMS Pro Image Gallery ...)
	NOT-FOR-US: Fixit iDMS Pro Image Gallery
CVE-2006-6194 (Multiple SQL injection vulnerabilities in index.asp in Ultimate Survey ...)
	NOT-FOR-US: Ultimate Survey Pro
CVE-2006-6193 (SQL injection vulnerability in edit.asp in BasicForum 1.1 and earlier ...)
	NOT-FOR-US: BasicForum
CVE-2006-6192 (Unspecified scripts in the admin directory in 8pixel.net SimpleBlog ...)
	NOT-FOR-US: 8pixel.net SimpleBlog
CVE-2006-6191 (SQL injection vulnerability in admin/edit.asp in 8pixel.net simpleblog ...)
	NOT-FOR-US: 8pixel.net SimpleBlog
CVE-2006-6190 (SQL injection vulnerability in anna.pl in Anna^ IRC Bot before 0.30 ...)
	NOT-FOR-US: Anna^ IRC Bot
CVE-2006-6189 (SQL injection vulnerability in displayCalendar.asp in ClickTech Click ...)
	NOT-FOR-US: ClickTech Click Blog
CVE-2006-6188 (Cross-site scripting (XSS) vulnerability in view_search.asp in ...)
	NOT-FOR-US: ClickTech Click Gallery
CVE-2006-6187 (Multiple SQL injection vulnerabilities in ClickTech Click Gallery ...)
	NOT-FOR-US: ClickTech Click Gallery
CVE-2006-6186 (Multiple directory traversal vulnerabilities in enomphp 4.0 allow ...)
	NOT-FOR-US: enomphp
CVE-2006-6185 (Directory traversal vulnerability in script.php in Wabbit PHP Gallery ...)
	NOT-FOR-US: Wabbit PHP Gallery
CVE-2006-6184 (Multiple stack-based buffer overflows in Allied Telesyn TFTP Server ...)
	NOT-FOR-US: Allied Telesyn TFTP Server
CVE-2006-6183 (Multiple stack-based buffer overflows in 3Com 3CTftpSvc 2.0.1, and ...)
	NOT-FOR-US: 3Com 3CTftpSvc
CVE-2006-6182 (The Gabriele Teotino GNotebook 0.7.0.1 gadget for Google Desktop ...)
	NOT-FOR-US: Gabriele Teotino GNotebook
CVE-2006-6181 (Multiple SQL injection vulnerabilities in default.asp in ClickTech ...)
	NOT-FOR-US: ClickTech ClickContact
CVE-2006-6180 (Cross-site scripting (XSS) vulnerability in articles.asp in ...)
	NOT-FOR-US: iNews Publisher
CVE-2006-6179 (Buffer overflow in ...)
	NOT-FOR-US: Trend Micro OfficeScan
CVE-2006-6178 (Buffer overflow in PCCSRV\Web_console\RemoteInstallCGI\Wizard.exe for ...)
	NOT-FOR-US: Trend Micro OfficeScan
CVE-1999-1590 (Directory traversal vulnerability in Muhammad A. Muquit wwwcount ...)
	NOT-FOR-US: Muhammad A. Muquit wwwcoun
CVE-2006-XXXX [libxslt segfault / DoS]
	- libxslt 1.1.19-1 (low)
	[sarge] - libxslt <not-affected> (vulnerability added later)
CVE-2006-6177 (SQL injection vulnerability in system/core/users/users.profile.inc.php ...)
	NOT-FOR-US: Neocrome Seditio
CVE-2006-6176 (Cross-site scripting (XSS) vulnerability in admin.php in Blogn before ...)
	NOT-FOR-US: Blogn
CVE-2006-6175 (Directory traversal vulnerability in lib/FBView.php in Horde Kronolith ...)
	- kronolith2 2.1.4-1 (bug #400899; bug #401061)
	- kronolith <not-affected> (Vulnerable code not present)
CVE-2006-6174 (Cross-site scripting (XSS) vulnerability in tDiary before 2.0.3 and ...)
	- tdiary 2.0.2+20060303-4.1 (bug #400447; bug #400650)
CVE-2006-6173 (Buffer overflow in the shared_region_make_private_np function in ...)
	NOT-FOR-US: Mac OS X
CVE-2006-6172 (Buffer overflow in the asmrp_eval function in the RealMedia RTSP ...)
	{DSA-1244-1}
	- xine-lib 1.1.2+dfsg-2 (medium; bug #401740)
	- mplayer 1.0~rc1-11 (medium)
CVE-2006-6171 (** DISPUTED ** ...)
	{DSA-1218}
	- proftpd-dfsg 1.3.0-13 (low; bug #399070)
CVE-2006-6170 (Buffer overflow in the tls_x509_name_oneline function in the mod_tls ...)
	{DSA-1222-1}
	- proftpd-dfsg 1.3.0-16 (medium; bug #400793)
CVE-2003-1310 (The DeviceIoControl function in the Norton Device Driver (NAVAP.sys) ...)
	NOT-FOR-US: Norton
CVE-2003-1309 (The DeviceIoControl function in the TrueVector Device Driver ...)
	NOT-FOR-US: ZoneAlarm
CVE-2006-6168 (tiki-register.php in TikiWiki before 1.9.7 allows remote attackers to ...)
	- tikiwiki 1.9.7+dfsg-1 (low)
CVE-2006-6167 (** DISPUTED ** ...)
	NOT-FOR-US: Active PHP Bookmarks
CVE-2006-6166 (Cross-site scripting (XSS) vulnerability in jce.php in the JCE Admin ...)
	NOT-FOR-US: Joomla Content Editor (JCE) for Joomla!
CVE-2006-6165 (** DISPUTED ** ...)
	NOTE: non-issue
CVE-2006-6164 (The _dl_unsetenv function in loader.c in the ELF ld.so in OpenBSD 3.9 ...)
	NOT-FOR-US: OpenBSD
CVE-2006-6163 (Cross-site scripting (XSS) vulnerability in tiki-setup_base.php in ...)
	- tikiwiki 1.9.7+dfsg-1 (low)
CVE-2006-6162 (Cross-site scripting (XSS) vulnerability in tiki-edit_structures.php ...)
	- tikiwiki 1.9.7+dfsg-1 (low)
CVE-2006-6161 (Multiple SQL injection vulnerabilities in Doug Luxem Liberum Help Desk ...)
	NOT-FOR-US: Doug Luxem Liberum Help Desk
CVE-2006-6160 (SQL injection vulnerability in details.asp in Doug Luxem Liberum Help ...)
	NOT-FOR-US: Doug Luxem Liberum Help Desk
CVE-2006-6159 (Multiple cross-site scripting (XSS) vulnerabilities in newticket.php ...)
	NOT-FOR-US: DeskPRO
CVE-2006-6158 (Multiple cross-site scripting (XSS) vulnerabilities in (a) PMOS Help ...)
	NOT-FOR-US: PMOS Help Desk
CVE-2006-6157 (SQL injection vulnerability in index.php in ContentNow 1.39 and ...)
	NOT-FOR-US: ContentNow
CVE-2006-6156 (Cross-site scripting (XSS) vulnerability in auth/message.php in HIOX ...)
	NOT-FOR-US: HIOX Star Rating System Script (HSRS)
CVE-2006-6155 (Multiple SQL injection vulnerabilities in addrating.php in HIOX Star ...)
	NOT-FOR-US: HIOX Star Rating System Script (HSRS)
CVE-2006-6154 (PHP remote file inclusion vulnerability in addcode.php in HIOX Star ...)
	NOT-FOR-US: HIOX Star Rating System Script (HSRS)
CVE-2006-6153 (Multiple cross-site scripting (XSS) vulnerabilities in vSpin.net ...)
	NOT-FOR-US: vSpin.net
CVE-2006-6152 (Multiple SQL injection vulnerabilities in vSpin.net Classified System ...)
	NOT-FOR-US: vSpin.net
CVE-2006-6151 (PHP remote file inclusion vulnerability in centre.php in Messagerie ...)
	NOT-FOR-US: Messagerie Locale
CVE-2006-6150 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: OWLLib
CVE-2006-6149 (SQL injection vulnerability in index.asp in JiRos FAQ Manager 1.0 ...)
	NOT-FOR-US: JiRos FAQ Manager
CVE-2006-6148 (Multiple cross-site scripting (XSS) vulnerabilities in submitlink.asp ...)
	NOT-FOR-US: JiRos FAQ Manager
CVE-2006-6147 (Multiple SQL injection vulnerabilities in JiRos Links Manager allow ...)
	NOT-FOR-US: JiRos Links Manager
CVE-2006-6146 (Buffer overflow in the HPDF_Page_Circle function in ...)
	NOT-FOR-US: libharu
CVE-2006-6145 (CRYPTOCard CRYPTO-Server before 6.4.56 stores LDAP credentials in ...)
	NOT-FOR-US: CRYPTOCard
CVE-2006-6144 (The &quot;mechglue&quot; abstraction interface of the GSS-API library for ...)
	- krb5 <not-affected> (Only 1.5 onwards are vulnerable)
CVE-2006-6143 (The RPC library in Kerberos 5 1.4 through 1.4.4, and 1.5 through ...)
	- krb5 1.4.4-6 (high)
	[sarge] - krb5 <not-affected>
CVE-2006-6142 (Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail ...)
	{DSA-1241-1}
	- squirrelmail 2:1.4.9a-1
CVE-2006-6141 (Buffer overflow in Tftpd32 3.01 allows remote attackers to cause a ...)
	NOT-FOR-US: Tftpd32
CVE-2006-6140 (PHP remote file inclusion vulnerability in Sisfo Kampus 2006 (Semarang ...)
	NOT-FOR-US: Sisfo Kampus
CVE-2006-6139 (Directory traversal vulnerability in downloadexcel.php in Sisfo Kampus ...)
	NOT-FOR-US: Sisfo Kampus
CVE-2006-6138 (Directory traversal vulnerability in download.php in Sisfo Kampus 0.8 ...)
	NOT-FOR-US: Sisfo Kampus
CVE-2006-6137 (Multiple PHP remote file inclusion vulnerabilities in Sisfo Kampus 0.8 ...)
	NOT-FOR-US: Sisfo Kampus
CVE-2006-6136 (IBM WebSphere Application Server 6.1.0 before Fix Pack 3 (6.1.0.3) ...)
	NOT-FOR-US: IBM WebSphere
CVE-2006-6135 (Multiple unspecified vulnerabilities in IBM WebSphere Application ...)
	NOT-FOR-US: IBM WebSphere
CVE-2006-6134 (Heap-based buffer overflow in the WMCheckURLScheme function in ...)
	NOT-FOR-US: Windows Media
CVE-2006-6133 (Stack-based buffer overflow in Visual Studio Crystal Reports for ...)
	NOT-FOR-US: Business Objects Crystal Reports
CVE-2006-6132 (Multiple SQL injection vulnerabilities in Link Exchange Lite allow ...)
	NOT-FOR-US: Link Exchange Lite
CVE-2006-6131 (Untrusted search path vulnerability in (1) WSAdminServer and (2) ...)
	NOT-FOR-US: Kerio WebSTAR
CVE-2006-6130 (Apple Mac OS X AppleTalk allows local users to cause a denial of ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2006-6169 (Heap-based buffer overflow in the ask_outfile_name function in ...)
	{DSA-1231-1}
	- gnupg 1.4.5-3 (medium; bug #401765)
	- gnupg2 2.0.0-5.1 (medium; bug #400777)
CVE-2006-XXXX [smb4k security issue]
	- smb4k 0.7.5-1
	[sarge] - smb4k <not-affected> (Vulnerable code not present)
CVE-2006-6129 (Integer overflow in the fatfile_getarch2 in Apple Mac OS X allows ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2006-6128 (The ReiserFS functionality in Linux kernel 2.6.18, and possibly other ...)
	- linux-2.6 <unfixed> (unimportant)
	NOTE: Mounting filesystem partitions should be limited to root
CVE-2006-6127 (Apple Mac OS X kernel allows local users to cause a denial of service ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2006-6126 (Apple Mac OS X allows local users to cause a denial of service (memory ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2006-6125 (Heap-based buffer overflow in the wireless driver (WG311ND5.SYS) ...)
	NOT-FOR-US: NetGear
CVE-2006-6124 (Cross-site scripting (XSS) vulnerability in SeleniumServer Web Server ...)
	NOT-FOR-US: SeleniumServer Web Server
CVE-2006-6123 (Coppermine Photo Gallery (CPG) 1.4.8 stable, with register_globals ...)
	NOT-FOR-US: Coppermine Photo Gallery (CPG)
CVE-2006-6122 (Multiple buffer overflows in TIN before 1.8.2 have unspecified impact ...)
	- tin 1:1.8.2-1
CVE-2006-6121 (Acer Notebook LunchApp.APlunch ActiveX control allows remote attackers ...)
	NOT-FOR-US: Acer
CVE-2006-6120 (Integer overflow in the KPresenter import filter for Microsoft ...)
	- koffice 1:1.6.1-1 (bug #401230; medium)
CVE-2006-6119 (mmgallery 1.55 allows remote attackers to obtain sensitive information ...)
	NOT-FOR-US: mmgallery
CVE-2006-6118 (Cross-site scripting (XSS) vulnerability in thumbs.php in mmgallery ...)
	NOT-FOR-US: mmgallery
CVE-2006-6117 (SQL injection vulnerability in index1.asp in fipsGallery 1.5 and ...)
	NOT-FOR-US: fipsGallery
CVE-2006-6116 (SQL injection vulnerability in default2.asp in fipsForum 2.6 and ...)
	NOT-FOR-US: fipsForum
CVE-2006-6115 (SQL injection vulnerability in index.asp in fipsCMS 4.5 and earlier ...)
	NOT-FOR-US: fipsCMS
CVE-2006-6114
	REJECTED
CVE-2006-6113 (Monkey Boards 0.3.5 allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: Monkey Boards
CVE-2006-6112 (LifeType 1.0.x and 1.1.x have insufficient access control for all of the PHP ...)
	NOT-FOR-US: LifeType
CVE-2006-6111 (Multiple SQL injection vulnerabilities in Alan Ward A-Cart Pro 2.0 ...)
	NOT-FOR-US: Alan Ward A-Cart Pro
CVE-2006-6110 (Multiple SQL injection vulnerabilities in an unspecified BPG-InfoTech ...)
	NOT-FOR-US: BPG-InfoTech Content Management System
CVE-2006-6109 (Multiple SQL injection vulnerabilities in CandyPress Store 3.5.2.14 ...)
	NOT-FOR-US: CandyPress Store
CVE-2006-6108 (Cross-site scripting (XSS) vulnerability in EC-CUBE before 1.0.1a-beta ...)
	NOT-FOR-US: EC-CUBE
CVE-2006-6107 (Unspecified vulnerability in the match_rule_equal function in ...)
	- dbus 1.0.2-1 (low)
	[sarge] - dbus <no-dsa> (Minor issue)
CVE-2006-6106 (Multiple buffer overflows in the cmtp_recv_interopmsg function in the ...)
	{DSA-1503-2 DSA-1503-1 DSA-1304}
	- linux-2.6 2.6.18.dfsg.1-9
CVE-2006-6105 (Format string vulnerability in the host chooser window (gdmchooser) in ...)
	- gdm 2.16.4-1 (medium; bug #403219)
	[sarge] - gdm <not-affected> (Vulnerable code not present)
CVE-2006-6104 (The System.Web class in the XSP for ASP.NET server 1.1 through 2.0 in ...)
	- mono 1.2.2.1-1 (low)
CVE-2006-6103 (Integer overflow in the ProcDbeSwapBuffers function in the DBE ...)
	{DSA-1249-1}
	- xorg-server 2:1.1.1-15
CVE-2006-6102 (Integer overflow in the ProcDbeGetVisualInfo function in the DBE ...)
	{DSA-1249-1}
	- xorg-server 2:1.1.1-15
CVE-2006-6101 (Integer overflow in the ProcRenderAddGlyphs function in the Render ...)
	{DSA-1249-1}
	- xorg-server 2:1.1.1-15
CVE-2006-6100
	REJECTED
CVE-2006-6099
	REJECTED
CVE-2006-6098
	REJECTED
CVE-2006-6097 (GNU tar 1.16 and 1.15.1, and possibly other versions, allows ...)
	{DSA-1223-1}
	- tar 1.16-2 (high; bug #399845)
CVE-2006-6096 (Cross-site scripting (XSS) vulnerability in activenews_search.asp in ...)
	NOT-FOR-US: ActiveNews Manage
CVE-2006-6095 (Multiple SQL injection vulnerabilities in ActiveNews Manager allow ...)
	NOT-FOR-US: ActiveNews Manage
CVE-2006-6094 (Multiple SQL injection vulnerabilities in ActiveNews Manager allow ...)
	NOT-FOR-US: ActiveNews Manage
CVE-2006-6093 (Multiple PHP remote file inclusion vulnerabilities in adminprint.php ...)
	NOT-FOR-US: PicturesPro Photo Cart
CVE-2006-6092 (Multiple SQL injection vulnerabilities in vehiclelistings.asp in 20/20 ...)
	NOT-FOR-US: Auto Gallery
CVE-2006-6091 (Cross-site scripting (XSS) vulnerability in Grim Pirate GrimBB before ...)
	NOT-FOR-US: GrimBB
CVE-2006-6090 (Multiple SQL injection vulnerabilities in BaalAsp forum allow remote ...)
	NOT-FOR-US: BaalAsp
CVE-2006-6089 (Multiple cross-site scripting (XSS) vulnerabilities in addpost1.asp in ...)
	NOT-FOR-US: BaalAsp forum
CVE-2006-6088 (Multiple cross-site scripting (XSS) vulnerabilities in BlueCollar ...)
	NOT-FOR-US: i-Gallery
CVE-2006-6087 (Cross-site scripting (XSS) vulnerability in weblog.php in my little ...)
	NOT-FOR-US: my little weblog
CVE-2006-6086 (PHP remote file inclusion vulnerability in src/ark_inc.php in e-Ark ...)
	NOT-FOR-US: e-Ark
CVE-2006-6085 (Kile before 1.9.3 does not assign a backup file the same permissions ...)
	- kile 1:1.9.3-1 (low)
	[sarge] - kile <no-dsa> (Minor issue)
CVE-2006-6084 (Directory traversal vulnerability in abitwhizzy.php in aBitWhizzy ...)
	NOT-FOR-US: aBitWhizzy
CVE-2006-6083 (SQL injection vulnerability in search.asp in CreaScripts Creadirectory ...)
	NOT-FOR-US: CreaScripts Creadirectory
CVE-2006-6082 (Multiple cross-site scripting (XSS) vulnerabilities in CreaScripts ...)
	NOT-FOR-US: CreaScripts Creadirectory
CVE-2006-6081 (PHP remote file inclusion vulnerability in Smarty_Compiler.class.php ...)
	NOT-FOR-US: Telaen
CVE-2006-6080 (Multiple SQL injection vulnerabilities in categories.asp in gNews ...)
	NOT-FOR-US: gNews
CVE-2006-6079 (Multiple PHP remote file inclusion vulnerabilities in LoudMouth 2.4 ...)
	NOT-FOR-US: LoudMouth (PHP thingy, not libloudmouth)
CVE-2006-6078 (PHP remote file inclusion vulnerability in common.inc.php in a-ConMan ...)
	NOT-FOR-US: a-ConMan
CVE-2006-6077 (The (1) Password Manager in Mozilla Firefox 2.0, and 1.5.0.8 and ...)
	{DSA-1336-1}
	NOTE: MFSA-2007-02
	- iceweasel 2.0.0.2+dfsg-1 (high; bug #409220)
	- iceape 1.0.8-1 (high)
	[sarge] - mozilla-firefox <no-dsa> (Mozilla products from Sarge no longer supported)
	[sarge] - mozilla <no-dsa> (Mozilla products from Sarge no longer supported)
	- xulrunner 1.8.0.10-1 (medium)
	NOTE: Epiphany affected by xulrunner
CVE-2006-6076 (Buffer overflow in the Tape Engine (tapeeng.exe) in CA (formerly ...)
	NOT-FOR-US: BrightStor
CVE-2006-6075 (Cross-site scripting (XSS) vulnerability in addpost1.asp in BaalAsp ...)
	NOT-FOR-US: BaalAsp forum
CVE-2006-6074 (Multiple SQL injection vulnerabilities in Enthrallweb eShopping Cart ...)
	NOT-FOR-US: Enthrallweb eShopping Cart
CVE-2006-6073 (Multiple SQL injection vulnerabilities in Enthrallweb eShopping Cart ...)
	NOT-FOR-US: Enthrallweb eShopping Cart
CVE-2006-6072 (SQL injection vulnerability in bpg/publications_list.asp in ...)
	NOT-FOR-US: BPG-InfoTech Easy Publisher
CVE-2006-6071 (TWiki 4.0.5 and earlier, when running under Apache 1.3 using ...)
	- twiki 1:4.0.5-2 (bug #401303; low)
CVE-2006-6070 (SQL injection vulnerability in module/account/register/register.asp in ...)
	NOT-FOR-US: ASP Nuke
CVE-2006-6069 (index.php in mAlbum 0.3 and earlier allows remote attackers to obtain ...)
	NOT-FOR-US: mAlbum
CVE-2006-6068 (Directory traversal vulnerability in the cached_album function in ...)
	NOT-FOR-US: mAlbum
CVE-2006-6067 (Multiple SQL injection vulnerabilities in 20/20 DataShed (aka Real ...)
	NOT-FOR-US: DataShed
CVE-2006-6066 (Multiple SQL injection vulnerabilities in Dragon Calendar / Events ...)
	NOT-FOR-US: Dragon Calendar
CVE-2006-6065 (PHP remote file inclusion vulnerability in includes/mx_common.php in ...)
	NOT-FOR-US: CalSnails Module for MxBB Portal
CVE-2006-6064 (Multiple buffer overflows in the Message Parsing Interpreter (MPI) in ...)
	NOT-FOR-US: Fuzzball MUCK
CVE-2006-6063 (Stack-based buffer overflow in Un4seen XMPlay 3.3.0.5 and earlier ...)
	NOT-FOR-US: XMPlay
CVE-2006-6062 (Unspecified vulnerability in Apple Mac OS X 10.4.8, and possibly other ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2006-6061 (com.apple.AppleDiskImageController in Apple Mac OS X 10.4.8, and ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2006-6060 (The NTFS filesystem code in Linux kernel 2.6.x up to 2.6.18, and ...)
	{DSA-1304}
	- linux-2.6 2.6.18.dfsg.1-10 (unimportant)
	NOTE: Mounting filesystem partitions should be limited to root
CVE-2006-6059 (Buffer overflow in MA521nd5.SYS driver 5.148.724.2003 for NetGear ...)
	NOT-FOR-US: NetGear
CVE-2006-6058 (The minix filesystem code in Linux kernel 2.6.x before 2.6.24, ...)
	{DSA-1504-1 DSA-1436-1}
	- linux-2.6 2.6.22-6 (unimportant)
	NOTE: Mounting filesystem partitions should be limited to root
CVE-2006-6057 (The Linux kernel 2.6.x up to 2.6.18, and possibly other versions, on ...)
	- linux-2.6 <not-affected> (Debian kernels up to 2.6.18 didn't include GFS)
CVE-2006-6056 (Linux kernel 2.6.x up to 2.6.18 and possibly other versions, when ...)
	{DSA-1304}
	- linux-2.6 2.6.18.dfsg.1-10 (unimportant)
	NOTE: Mounting filesystem partitions should be limited to root
CVE-2006-6055 (Stack-based buffer overflow in A5AGU.SYS 1.0.1.41 for the D-Link ...)
	NOT-FOR-US: D-Link
CVE-2006-6054 (The ext2 file system code in Linux kernel 2.6.x allows local users to ...)
	{DSA-1503-2 DSA-1504-1 DSA-1503-1}
	- linux-2.6 2.6.18.dfsg.1-10 (unimportant)
	NOTE: Mounting filesystem partitions should be limited to root
CVE-2006-6053 (The ext3fs_dirhash function in Linux kernel 2.6.x allows local users ...)
	{DSA-1503-2 DSA-1503-1 DSA-1304}
	- linux-2.6 2.6.18.dfsg.1-10 (unimportant)
	NOTE: Mounting filesystem partitions should be limited to root
CVE-2006-6052 (NetEpi Case Manager before 0.98 generates different error messages ...)
	NOT-FOR-US: NetEpi Case Manager
CVE-2006-6051 (PHP remote file inclusion vulnerability in reporter.logic.php in the ...)
	NOT-FOR-US: MosReporter (com_reporter) component for Joomla!
CVE-2006-6050 (Multiple SQL injection vulnerabilities in ClickTech Texas Rank'em ...)
	NOT-FOR-US: Rank'em
CVE-2006-6049 (PHP remote file inclusion vulnerability in shambo2.php in the Shambo2 ...)
	NOT-FOR-US: Shambo2 (com_shambo2) component for Mambo
CVE-2006-6048 (SQL injection vulnerability in index.php in Etomite CMS 0.6.1.2, when ...)
	NOT-FOR-US: Etomite CMS
CVE-2006-6047 (Directory traversal vulnerability in manager/index.php in Etomite ...)
	NOT-FOR-US: Etomite CMSEtomite CMS
CVE-2006-6046 (Multiple cross-site scripting (XSS) vulnerabilities in eggblog 3.1.0 ...)
	NOT-FOR-US: eggblog
CVE-2006-6045 (Multiple PHP remote file inclusion vulnerabilities in Comdev One Admin ...)
	NOT-FOR-US: omdev One Admin
CVE-2006-6044 (PHP remote file inclusion vulnerability in gallery_top.inc.php in ...)
	NOT-FOR-US: PHPQuickGallery
CVE-2006-6043 (PHP file inclusion vulnerability in loginform-inc.php in Oliver ...)
	NOT-FOR-US: Oliver (formerly Webshare)
CVE-2006-6042 (PHP remote file inclusion vulnerability in core/editor.php in ...)
	NOT-FOR-US: phpWebThings
CVE-2006-6041 (Multiple PHP remote file inclusion vulnerabilities in Laurent Van den ...)
	NOT-FOR-US: WORK system e-commerce
CVE-2006-6040 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
	NOT-FOR-US: vBulletin
CVE-2006-6039 (SQL injection vulnerability in matchdetail.php in Powie's PHP ...)
	NOT-FOR-US: MatchMaker
CVE-2006-6038 (SQL injection vulnerability in editpoll.php in Powie's PHP Forum ...)
	NOT-FOR-US: Powie's PHP Forum
CVE-2006-6037 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...)
	NOT-FOR-US: Travelsized CMS
CVE-2006-6036 (SQL injection vulnerability in OpenHuman before 1.0 allows remote ...)
	NOT-FOR-US: OpenHuman
CVE-2006-6035 (Cross-site scripting (XSS) vulnerability in list.php in BLOG:CMS 4.1.3 ...)
	NOT-FOR-US: BLOG:CMS
CVE-2006-6034 (Multiple SQL injection vulnerabilities in SitesOutlet E-commerce Kit-1 ...)
	NOT-FOR-US: SitesOutlet E-commerce Kit-1
CVE-2006-6033 (Multiple directory traversal vulnerabilities in Simple PHP Blog ...)
	NOT-FOR-US: Simple PHP Blog
CVE-2006-6032 (Multiple cross-site scripting (XSS) vulnerabilities in Simple PHP Blog ...)
	NOT-FOR-US: Simple PHP Blog
CVE-2006-6031 (Multiple SQL injection vulnerabilities in Greater Cincinnati Internet ...)
	NOT-FOR-US: ASPCart
CVE-2006-6030 (Multiple SQL injection vulnerabilities in E-Calendar Pro 3.0 allow ...)
	NOT-FOR-US: E-Calendar ProE-Calendar Pro
CVE-2006-6029 (SQL injection vulnerability in vir_Login.asp in Property Pro 1.0 ...)
	NOT-FOR-US: Property Pro
CVE-2006-6028 (Directory traversal vulnerability in textview.php in Anton Vlasov ...)
	NOT-FOR-US: DoSePa
CVE-2006-6027 (Adobe Reader (Adobe Acrobat Reader) 7.0 through 7.0.8 allows remote ...)
	NOT-FOR-US: Adobe Reader
CVE-2006-6026 (Heap-based buffer overflow in Real Networks Helix Server and Helix ...)
	NOT-FOR-US: Helix DNA Server
CVE-2006-6025 (QUALCOMM Eudora WorldMail 4.0 allows remote attackers to cause a ...)
	NOT-FOR-US: QUALCOMM Eudora WorldMail
CVE-2006-6024 (Multiple buffer overflows in Eudora Worldmail, possibly Worldmail 3 ...)
	NOT-FOR-US: Eudora Worldmail
CVE-2006-6023 (** DISPUTED ** ...)
	NOT-FOR-US: Bloo
CVE-2006-6022 (Cross-site scripting (XSS) vulnerability in login_form.asp in ...)
	NOT-FOR-US: BestWebApp Dating Site
CVE-2006-6021 (SQL injection vulnerability in the login component in BestWebApp ...)
	NOT-FOR-US: BestWebApp Dating Site
CVE-2006-6020 (Cross-site scripting (XSS) vulnerability in announce.php in Blog ...)
	NOT-FOR-US: Blog Torrent Preview
CVE-2006-6019 (Cross-site scripting (XSS) vulnerability in ...)
	NOT-FOR-US: Bloo
CVE-2006-6018 (** DISPUTED ** ...)
	NOT-FOR-US: My-BIC
CVE-2006-6017 (WordPress before 2.0.5 does not properly store a profile containing a ...)
	- wordpress 2.0.5-0.1
CVE-2006-6016 (wp-admin/user-edit.php in WordPress before 2.0.5 allows remote ...)
	- wordpress 2.0.5-0.1
CVE-2006-6015 (Buffer overflow in the JavaScript implementation in Safari on Apple ...)
	- kdebase <unfixed> (unimportant; bug #400121)
	NOTE: Browser crashes are not treated as security problems
CVE-2006-6014 (The NetBSD-current kernel before 20061028 does not properly perform ...)
	NOT-FOR-US: NetBSD
CVE-2006-6013 (Integer signedness error in the fw_ioctl (FW_IOCTL) function in the ...)
	- kfreebsd-5 5.4-21
	[etch] - kfreebsd-5 <no-dsa> (no security support)
CVE-2006-6012 (Cross-site scripting (XSS) vulnerability in csm/asp/listings.asp in ...)
	NOT-FOR-US: Car Site Manager
CVE-2006-6011 (Unspecified vulnerability in SAP Web Application Server before 6.40 ...)
	NOT-FOR-US: SAP
CVE-2006-6010 (SAP allows remote attackers to obtain potentially sensitive ...)
	NOT-FOR-US: SAP
CVE-2006-6009 (Unspecified vulnerability in the Java Runtime Environment (JRE) Swing ...)
	- sun-java5 1.5.0-08-1
CVE-2006-6008 (ftpd in Linux Netkit (linux-ftpd) 0.17, and possibly other versions, ...)
	{DSA-1217}
	- linux-ftpd 0.17-23
CVE-2006-6007 (save_profile.asp in WebEvents (Online Event Registration Template) 2.0 ...)
	NOT-FOR-US: WebEvents (Online Event Registration Template)
CVE-2006-6006
	RESERVED
CVE-2006-6005
	RESERVED
CVE-2006-6004
	RESERVED
CVE-2006-6003
	RESERVED
CVE-2006-6002
	RESERVED
CVE-2006-6001
	RESERVED
CVE-2006-6000
	RESERVED
CVE-2006-5999
	RESERVED
CVE-2006-5998
	RESERVED
CVE-2006-5997
	RESERVED
CVE-2006-5996
	RESERVED
CVE-2006-5995
	RESERVED
CVE-2006-5994 (Unspecified vulnerability in Microsoft Word 2000 and 2002, Office Word ...)
	NOT-FOR-US: Microsoft Word
CVE-2006-5993
	RESERVED
CVE-2006-5992
	RESERVED
CVE-2006-5991 (Multiple SQL injection vulnerabilities in wwweb concepts CactuShop ...)
	NOT-FOR-US: CactuShop
CVE-2006-5990 (VMWare VirtualCenter client 2.x before 2.0.1 Patch 1 (Build 33643) and ...)
	NOT-FOR-US: VMWare
CVE-2006-5989 (Off-by-one error in the der_get_oid function in mod_auth_kerb 5.0 ...)
	{DSA-1247-1}
	- libapache-mod-auth-kerb 5.3-1 (low; bug #400589)
CVE-2006-5988 (Unspecified vulnerability in Windows 2000 Advanced Server SP4 running ...)
	NOT-FOR-US: Windows
CVE-2006-5987 (SQL injection vulnerability in default.asp in ASPintranet, possibly ...)
	NOT-FOR-US: ASPintranet
CVE-2006-5986 (admin/options.php in Extreme CMS 0.9, and possibly earlier, does not ...)
	NOT-FOR-US: Extreme CMS
CVE-2006-5985 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
	NOT-FOR-US: Extreme CMS
CVE-2006-5984 (Multiple cross-site scripting (XSS) vulnerabilities in Helm Web ...)
	NOT-FOR-US: Helm Hosting Control Panel
CVE-2006-5983 (Multiple cross-site scripting (XSS) vulnerabilities in JBMC Software ...)
	NOT-FOR-US: DirectAdmin
CVE-2006-5982 (SeleniumServer FTP Server 1.0, and possibly earlier, stores user ...)
	NOT-FOR-US: Selenium Server
CVE-2006-5981 (Multiple directory traversal vulnerabilities in SeleniumServer FTP ...)
	NOT-FOR-US: Selenium Server
CVE-2006-5980 (adm_lgn_admin.asp in Renasoft NetJetServer 2.5.3.939, and possibly ...)
	NOT-FOR-US: NetJetServer
CVE-2006-5979 (Renasoft NetJetServer 2.5.3.939, and possibly earlier, uses insecure ...)
	NOT-FOR-US: NetJetServer
CVE-2006-5978 (Unspecified vulnerability in E-Xoopport before 2.2.0 has unknown ...)
	NOT-FOR-US: E-Xoopport
CVE-2006-5977 (Multiple SQL injection vulnerabilities in MultiCalendars allow remote ...)
	NOT-FOR-US: MultiCalendars
CVE-2006-5976 (Multiple SQL injection vulnerabilities in admin_login.asp in BlogMe ...)
	NOT-FOR-US: BlogMe
CVE-2006-5975 (Multiple cross-site scripting (XSS) vulnerabilities in comments.asp in ...)
	NOT-FOR-US: BlogMe
CVE-2006-5974 (fetchmail 6.3.5 and 6.3.6 before 6.3.6-rc4, when refusing a message ...)
	- fetchmail 6.3.6-1 (low)
	[sarge] - fetchmail <not-affected> (Vulnerable code not present)
CVE-2006-5973 (Off-by-one buffer overflow in Dovecot 1.0test53 through 1.0.rc14, and ...)
	- dovecot 1.0.rc15-1
	[sarge] - dovecot <not-affected> (Vulnerable code not present)
CVE-2005-4815 (SAP 6.4 before 6.40 patch 4, 6.2 before 6.20 patch 1364, 4.6 before ...)
	NOT-FOR-US: SAP
CVE-2006-XXXX [Firefox Sage Extension Feed Script Insertion Vulnerability]
	- firefox-sage <not-affected> (medium; bug #399170)
	NOTE: Debian's version has HTML disabled
CVE-2006-5972 (Stack-based buffer overflow in WG111v2.SYS in NetGear WG111v2 wireless ...)
	NOT-FOR-US: NetGear
CVE-2006-5971 (Absolute path traversal vulnerability in admin/logfile.txt in Verity ...)
	NOT-FOR-US: Verity Ultraseek
CVE-2006-5970 (Verity Ultraseek before 5.7 allows remote attackers to obtain ...)
	NOT-FOR-US: Verity Ultraseek
CVE-2006-5969 (CRLF injection vulnerability in the evalFolderLine function in fvwm ...)
	- fvwm 1:2.5.18-2 (low; bug #400303)
	[sarge] - fvwm <no-dsa> (Minor issue)
CVE-2006-5968 (MDaemon 9.0.5, 9.0.6, 9.51, and 9.53, and possibly other versions, ...)
	NOT-FOR-US: MDaemon
CVE-2006-5967 (Race condition in Panda ActiveScan 5.53.00, and other versions before ...)
	NOT-FOR-US: Panda ActiveScan
CVE-2006-5966 (Panda ActiveScan 5.53.00, and other versions before 5.54.01, allows ...)
	NOT-FOR-US: Panda ActiveScan
CVE-2006-5965 (PassGo SSO Plus 2.1.0.32, and probably earlier versions, uses insecure ...)
	NOT-FOR-US: PassGo SSO Plus
CVE-2006-5964 (choShilA.bpl in PentaZip 8.5.1.190 and PentaSuite-PRO 8.5.1.221 allows local ...)
	NOT-FOR-US: PentaZip
CVE-2006-5963 (Directory traversal vulnerability in PentaZip 8.5.1.190 and PentaSuite-PRO ...)
	NOT-FOR-US: PentaZip
CVE-2006-5962 (Multiple SQL injection vulnerabilities in Hpecs Shopping Cart allow ...)
	NOT-FOR-US: Hpecs Shopping Cart
CVE-2006-5961 (Buffer overflow in Mercury Mail Transport System 4.01b for Windows has ...)
	NOT-FOR-US: Mercury Mail Transport
CVE-2006-5960 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
	NOT-FOR-US: A+ Store E-Commerce
CVE-2006-5959 (SQL injection vulnerability in browse.asp in A+ Store E-Commerce ...)
	NOT-FOR-US: A+ Store E-Commerce
CVE-2006-5958 (Multiple cross-site scripting (XSS) vulnerabilities in INFINICART ...)
	NOT-FOR-US: INFINICART
CVE-2006-5957 (** DISPUTED ** ...)
	NOT-FOR-US: INFINICART
CVE-2006-5956 (XLineSoft PHPRunner 3.1 stores the (1) database server name, (2) ...)
	NOT-FOR-US: PHPRunner
CVE-2006-5955 (SQL injection vulnerability in listings.asp in 20/20 DataShed (aka ...)
	NOT-FOR-US: DataShed
CVE-2006-5954 (SQL injection vulnerability in page.asp in NetVIOS 2.0 and earlier ...)
	NOT-FOR-US: NetVIOS
CVE-2006-5953 (SQL injection vulnerability in viewcart.asp in Evolve shopping cart ...)
	NOT-FOR-US: Evolve shopping cart
CVE-2006-5952 (SQL injection vulnerability in admin/default.asp in ASP Smiley 1.0 ...)
	NOT-FOR-US: ASP Smiley
CVE-2006-5951 (PHP remote file inclusion vulnerability in pipe.php in Exophpdesk 1.2 ...)
	NOT-FOR-US: Exophpdesk
CVE-2006-5950 (Unspecified vulnerability in ALTools ALFTP FTP Server 4.1 beta 1, and ...)
	NOT-FOR-US: ALTools ALFTP FTP Server
CVE-2006-5949 (Directory traversal vulnerability in ALTools ALFTP FTP Server 4.1 beta ...)
	NOT-FOR-US: ALTools ALFTP FTP Server
CVE-2006-5948 (PHP remote file inclusion vulnerability in pntUnit/Inspect.php in ...)
	NOT-FOR-US: phpPeanuts
CVE-2006-5947 (Multiple directory traversal vulnerabilities in Conxint FTP Server ...)
	NOT-FOR-US: Conxint FTP Server
CVE-2006-5946 (SQL injection vulnerability in demo/glossary/glossary.asp in FunkyASP ...)
	NOT-FOR-US: FunkyASP Glossary
CVE-2006-5945 (Multiple SQL injection vulnerabilities in MGinternet Car Site Manager ...)
	NOT-FOR-US: MGinternet Car Site Manager
CVE-2006-5944 (Cross-site scripting (XSS) vulnerability in csm/asp/listings.asp in ...)
	NOT-FOR-US: MGinternet Car Site Manager
CVE-2006-5943 (Multiple SQL injection vulnerabilities in inventory/display/imager.asp ...)
	NOT-FOR-US: Less Inventory Manager
CVE-2006-5942 (Cross-site scripting (XSS) vulnerability in ...)
	NOT-FOR-US: Less Inventory Manager
CVE-2006-5941
	REJECTED
CVE-2006-5940 (Unspecified vulnerability in Grisoft AVG Anti-Virus before 7.1.407 has ...)
	NOT-FOR-US: Grisoft AVG Anti-Virus
CVE-2006-5939 (Grisoft AVG Anti-Virus before 7.1.407 allows remote attackers to cause ...)
	NOT-FOR-US: Grisoft AVG Anti-Virus
CVE-2006-5938 (Grisoft AVG Anti-Virus before 7.1.407 has unknown impact and remote ...)
	NOT-FOR-US: Grisoft AVG Anti-Virus
CVE-2006-5937 (Multiple integer overflows in Grisoft AVG Anti-Virus before 7.1.407 ...)
	NOT-FOR-US: Grisoft AVG Anti-Virus
CVE-2006-5936 (SQL injection vulnerability in dept.asp in SiteXpress E-Commerce ...)
	NOT-FOR-US: SiteXpress E-Commerce
CVE-2006-5935 (SQL injection vulnerability in index.php in ShopSystems 4.0 and ...)
	NOT-FOR-US: ShopSystems
CVE-2006-5934 (SQL injection vulnerability in admin/default.asp in Estate Agent ...)
	NOT-FOR-US: Estate Agent Manager
CVE-2006-5933 (SQL injection vulnerability in update.asp in UltraSite 1.0 allows ...)
	NOT-FOR-US: UltraSite
CVE-2006-5932 (Kahua before 0.7, when running multiple applications under a single ...)
	NOT-FOR-US: Kahua
CVE-2006-5931 (Multiple PHP remote file inclusion vulnerabilities in Aigaion Web ...)
	NOT-FOR-US: Aigaion
CVE-2006-5930 (Multiple PHP remote file inclusion vulnerabilities in Aigaion Web ...)
	NOT-FOR-US: Aigaion
CVE-2006-5929 (PHP remote file inclusion vulnerability in firepjs.php in ...)
	NOT-FOR-US: Phpjobscheduler
CVE-2006-5928 (Multiple PHP remote file inclusion vulnerabilities in Phpjobscheduler ...)
	NOT-FOR-US: Phpjobscheduler
CVE-2006-5927 (SQL injection vulnerability in cpLogin.asp in ASP Scripter Easy Portal ...)
	NOT-FOR-US: ASP Scripter Easy Portal
CVE-2006-5926 (Multiple SQL injection vulnerabilities in mail.php in Vallheru before ...)
	NOT-FOR-US: Vallheru
CVE-2006-5925 (Links web browser 1.00pre12 and Elinks 0.9.2 with smbclient installed ...)
	{DSA-1240-1 DSA-1228-1 DSA-1226-1}
	- links 0.99+1.00pre12-1.1 (medium; bug #399188)
	- elinks 0.11.1-1.2 (medium; bug #399187)
	- links2 2.1pre25-2 (medium; bug #400718)
CVE-2006-5924 (Cross-site scripting (XSS) vulnerability in index.php in Efficient IP ...)
	NOT-FOR-US: Efficient IP iPmanager (IPm)
CVE-2006-5923 (PHP remote file inclusion vulnerability in index.php in Chris Mac ...)
	NOT-FOR-US: gtcatalog
CVE-2006-5922 (index.php in Wheatblog (wB) allows remote attackers to obtain ...)
	NOT-FOR-US: Wheatblog
CVE-2006-5921 (Multiple cross-site scripting (XSS) vulnerabilities in add_comment.php ...)
	NOT-FOR-US: Wheatblog
CVE-2006-5920 (** DISPUTED ** ...)
	NOT-FOR-US: Exporia
CVE-2006-5919 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: KnowledgeBuilder
CVE-2006-5918 (Unrestricted file upload vulnerability in RapidKill (aka PHP Rapid ...)
	NOT-FOR-US: RapidKill
CVE-2006-5917 (Multiple SQL injection vulnerabilities in OmniStar Article Manager ...)
	NOT-FOR-US: OmniStar Article Manager
CVE-2006-5916 (Intego VirusBarrier X4 allows context-dependent attackers to bypass ...)
	NOT-FOR-US: Intego VirusBarrier
CVE-2006-5915 (Multiple cross-site scripting (XSS) vulnerabilities in ls.php in ...)
	NOT-FOR-US: LandShop
CVE-2006-5914 (SQL injection vulnerability in ls.php in SAMEDIA LandShop allows ...)
	NOT-FOR-US: LandShop
CVE-2006-5913 (Microsoft Internet Explorer 7 allows remote attackers to (1) cause a ...)
	NOT-FOR-US: Microsoft
CVE-2006-5912 (Unspecified vulnerability in Campware Campsite before 2.6.2 has ...)
	NOT-FOR-US: Campware Campsite
CVE-2006-5911 (Multiple PHP remote file inclusion vulnerabilities in Campware ...)
	NOT-FOR-US: Campware Campsite
CVE-2006-5910 (Multiple PHP remote file inclusion vulnerabilities in Campware ...)
	NOT-FOR-US: Campware Campsite
CVE-2006-5909 (generaloptions.php in Paul Tarjan Stanford Conference And Research ...)
	NOT-FOR-US: Stanford Conference And Research Forum (SCARF)
CVE-2006-5908 (Multiple SQL injection vulnerabilities in the login_user function in ...)
	NOT-FOR-US: Yet Another News System
CVE-2006-5907 (SQL injection vulnerability in modules/bannieres/bannieres.php in ...)
	NOT-FOR-US: SCRIPT BANNIERES
CVE-2006-5906 (** DISPUTED ** ...)
	NOT-FOR-US: SCRIPT BANNIERES
CVE-2006-5905 (Web Directory Pro allows remote attackers to (1) backup the database ...)
	NOT-FOR-US: Web Directory Pro
CVE-2006-5904 (Multiple PHP remote file inclusion vulnerabilities in MWChat Pro 7.0 ...)
	NOT-FOR-US: MWChat Pro
CVE-2006-5903 (Rahul Jonna Gmail File Space (GSpace) allows remote attackers to ...)
	NOT-FOR-US: GSpace
CVE-2006-5902 (viksoe GMail Drive shell extension allows remote attackers to perform ...)
	NOT-FOR-US: viksoe GMail Drive
CVE-2006-5901 (Hawking Technology wireless router WR254-CA uses a hardcoded IP ...)
	NOT-FOR-US: Hawking Technology wireless router WR254-CA
CVE-2006-5900 (Cross-site scripting (XSS) vulnerability in the ...)
	NOT-FOR-US: Zend Framework Preview
CVE-2006-5899 (** DISPUTED ** ...)
	NOT-FOR-US: @cid stat
CVE-2006-5898 (Directory traversal vulnerability in localization/languages.lib.php3 ...)
	NOT-FOR-US: PhpMyChat
CVE-2006-5897 (Multiple directory traversal vulnerabilities in PhpMyChat Plus 1.9 and ...)
	NOT-FOR-US: PhpMyChat Plus
CVE-2006-5896 (REMLAB Web Mech Designer 2.0.5 allows remote attackers to obtain the ...)
	NOT-FOR-US: Web Mech Designer
CVE-2006-5895 (PHP remote file inclusion vulnerability in core/core.php in EncapsCMS ...)
	NOT-FOR-US: EncapsCMS
CVE-2006-5894 (Directory traversal vulnerability in lang.php in Rama CMS 0.68 and ...)
	NOT-FOR-US: Rama CMS
CVE-2006-5893 (Multiple PHP remote file inclusion vulnerabilities in iWonder Designs ...)
	NOT-FOR-US: iWonder Designs Storystream
CVE-2006-5892 (SQL injection vulnerability in MoreInfo.asp in The Net Guys ...)
	NOT-FOR-US: The Net Guys ASPired2Poll
CVE-2006-5891 (SQL injection vulnerability in detail.asp in Superfreaker Studios ...)
	NOT-FOR-US: Superfreaker Studios UStore
CVE-2006-5890 (SQL injection vulnerability in detail.asp in Superfreaker Studios ...)
	NOT-FOR-US: Superfreaker Studios UStore
CVE-2006-5889 (SQL injection vulnerability in printLog.php in BrewBlogger (BB) 1.3.1 ...)
	NOT-FOR-US: BrewBlogger
CVE-2006-5888 (SQL injection vulnerability in viewarticle.asp in Superfreaker Studios ...)
	NOT-FOR-US: Superfreaker Studios UPublisher
CVE-2006-5887 (SQL injection vulnerability in CampusNewsDetails.asp in Dynamic ...)
	NOT-FOR-US: Dynamic Dataworx NuSchool
CVE-2006-5886 (SQL injection vulnerability in propertysdetails.asp in Dynamic ...)
	NOT-FOR-US: Dynamic Dataworx NuRealestate (NuRems)
CVE-2006-5885 (SQL injection vulnerability in Products.asp in NuStore 1.0 allows ...)
	NOT-FOR-US: NuStore
CVE-2003-1308 (CRLF injection vulnerability in fvwm-menu-directory for fvwm 2.5.x ...)
	- fvwm 2.5.10-1
CVE-2006-5884 (Multiple unspecified vulnerabilities in DirectAnimation ActiveX ...)
	NOT-FOR-US: DirectAnimation ActiveX controls for Microsoft Internet Explorer
CVE-2006-5883 (Multiple cross-site scripting (XSS) vulnerabilities in cPanel 10 allow ...)
	NOT-FOR-US: cPanel 10
CVE-2006-5882 (Stack-based buffer overflow in the Broadcom BCMWL5.SYS wireless device ...)
	NOT-FOR-US: Broadcom BCMWL5.SYS
CVE-2006-5881 (SQL injection vulnerability in cl_CatListing.asp in Dynamic Dataworx ...)
	NOT-FOR-US: Dynamic Dataworx NuCommunity
CVE-2006-5880 (SQL injection vulnerability on the subMenu page in switch.asp in Munch ...)
	NOT-FOR-US: Munch Pro
CVE-2006-5879 (SQL injection vulnerability in default1.asp in ASPPortal 4.0.0 beta ...)
	NOT-FOR-US: ASPPortal
CVE-2006-5878 (Cross-site request forgery (CSRF) vulnerability in Edgewall Trac 0.10 ...)
	{DSA-1209}
	- trac 0.10.1-1 (bug #397683)
CVE-2006-5877 (The enigmail extension before 0.94.2 does not properly handle large, ...)
	- enigmail 2:0.94.2-1 (bug #406604)
CVE-2006-5876 (The soup_headers_parse function in soup-headers.c for libsoup HTTP ...)
	{DSA-1248-1}
	- libsoup 2.2.98-2 (bug #405197; medium)
CVE-2006-5875 (eoc.py in Enemies of Carlotta (EoC) before 1.2.4 allows remote ...)
	{DSA-1236-1}
	- enemies-of-carlotta 1.2.4-1 (medium)
CVE-2006-5874 (Clam AntiVirus (ClamAV) 0.88 and earlier allows remote attackers to ...)
	{DSA-1232-1}
	- clamav 0.86-1
CVE-2006-5873 (Buffer overflow in the cluster_process_heartbeat function in cluster.c ...)
	{DSA-1230-1}
	- l2tpns 2.1.21-1 (medium; bug #401742)
	NOTE: http://secunia.com/advisories/23230/
CVE-2006-5872 (login.pl in SQL-Ledger before 2.6.21 and LedgerSMB before 1.1.5 allows ...)
	{DSA-1239-1}
	- sql-ledger 2.6.21-1
CVE-2006-5871 (smbfs in Linux kernel 2.6.8 and other versions, and 2.4.x before ...)
	{DSA-1237 DSA-1233}
	- linux-2.6 <not-affected> (Current Linux versions already implement intended behaviour)
CVE-2006-5870 (Multiple integer overflows in OpenOffice.org (OOo) 2.0.4 and earlier, ...)
	{DSA-1246-1}
	- openoffice.org 2.0.4-1 (medium; bug #405986; bug #405679)
CVE-2006-5869 (pstotext before 1.9 allows user-assisted attackers to execute ...)
	{DSA-1220}
	- pstotext 1.9-4 (bug #356988; medium)
CVE-2006-5868 (Multiple buffer overflows in Imagemagick 6.0 before 6.0.6.2, and 6.2 ...)
	{DSA-1213}
	- imagemagick 7:6.2.4.5.dfsg1-0.11
CVE-2006-5867 (fetchmail before 6.3.6-rc4 does not properly enforce TLS and may transmit ...)
	{DSA-1259-1}
	- fetchmail 6.3.6-1 (low)
CVE-2006-5866 (Directory traversal vulnerability in Mdoc/view-sourcecode.php for ...)
	NOT-FOR-US: phpManta
CVE-2006-5865 (PHP remote file inclusion vulnerability in language.inc.php in MyAlbum ...)
	NOT-FOR-US: Script Dowload
CVE-2006-5863 (PHP remote file inclusion vulnerability in inc/session.php for ...)
	NOT-FOR-US: LetterIt
CVE-2006-5862 (Directory traversal vulnerability in the session mechanism of the web ...)
	NOT-FOR-US: Network Administration Visualized
CVE-2006-5861 (The Independent Management Architecture (IMA) service (ImaSrv.exe) in ...)
	NOT-FOR-US: Citrix
CVE-2006-5860 (Cross-site scripting (XSS) vulnerability in the administrator console ...)
	NOT-FOR-US: Adobe JRun
CVE-2006-5859 (Cross-site scripting (XSS) vulnerability in Adobe ColdFusion MX 7 7.0 ...)
	NOT-FOR-US: Adobe ColdFusion
CVE-2006-5858 (Adobe ColdFusion MX 7 through 7.0.2, and JRun 4, when run on Microsoft ...)
	NOT-FOR-US: Adobe
CVE-2006-5857 (Adobe Reader and Acrobat 7.0.8 and earlier allows user-assisted remote ...)
	NOT-FOR-US: Adobe
CVE-2006-5856 (Stack-based buffer overflow in the Adobe Download Manager before 2.2 ...)
	NOT-FOR-US: Adobe Download Manager
CVE-2006-5855 (Multiple buffer overflows in IBM Tivoli Storage Manager (TSM) before 5.2.9 ...)
	NOT-FOR-US: Tivoli
CVE-2006-5854 (Multiple buffer overflows in the Spooler service (nwspool.dll) in ...)
	NOT-FOR-US: Novell Netware
CVE-2006-5853 (Cross-site scripting (XSS) vulnerability in logon.aspx in Immediacy ...)
	NOT-FOR-US: Immediacy CMS
CVE-2006-5852 (Untrusted search path vulnerability in openexec in OpenBase SQL before ...)
	NOT-FOR-US: OpenBase SQL
CVE-2006-5851 (openexec in OpenBase SQL before 10.0.1 allows local users to create ...)
	NOT-FOR-US: OpenBase SQL
CVE-2006-5850 (Stack-based buffer overflow in Essentia Web Server 2.15 for Windows ...)
	NOT-FOR-US: Essentia Web Server
CVE-2006-5849 (PHP remote file inclusion vulnerability in inc/irayofuncs.php in ...)
	NOT-FOR-US: IrayoBlog
CVE-2006-5848
	REJECTED
CVE-2006-5847 (Cross-site scripting (XSS) vulnerability in index.php in FreeWebshop ...)
	NOT-FOR-US: FreeWebshop
CVE-2006-5846 (Directory traversal vulnerability in index.php in FreeWebshop 2.2.2 ...)
	NOT-FOR-US: FreeWebshop
CVE-2006-5845 (Unrestricted file upload vulnerability in index.php in Speedywiki 2.0 ...)
	NOT-FOR-US: Speedywiki
CVE-2006-5844 (Speedywiki 2.0 allows remote attackers to obtain the full path of the ...)
	NOT-FOR-US: Speedywiki
CVE-2006-5843 (Cross-site scripting (XSS) vulnerability in index.php in Speedywiki ...)
	NOT-FOR-US: Speedywiki
CVE-2006-5842 (The keystore file in Unicore Client before 5.6 build 5, when running ...)
	NOT-FOR-US: Unicore
CVE-2006-5841 (Multiple PHP remote file inclusion vulnerabilities in dodosmail.php in ...)
	NOT-FOR-US: DodosMail
CVE-2006-5840 (** DISPUTED ** ...)
	NOT-FOR-US: Abarcar Realty Portal
CVE-2006-5839 (PHP remote file inclusion vulnerability in ad_main.php in PHPAdventure ...)
	NOT-FOR-US: PHPAdventure
CVE-2006-5838 (PHP remote file inclusion vulnerability in lib/class.Database.php in ...)
	NOT-FOR-US: NewP News Publication System
CVE-2006-5837 (Static code injection vulnerability in chat_panel.php in the ...)
	NOT-FOR-US: SimpleChat 1.0.0 module for iWare Professional CMS
CVE-2006-5836 (The fpathconf syscall function in bsd/kern/kern_descrip.c in the ...)
	NOT-FOR-US: Darwin kernel (XNU) 8.8.1 in Apple Mac OS X
CVE-2006-5835 (The Notes Remote Procedure Call (NRPC) protocol in IBM Lotus Notes ...)
	NOT-FOR-US: IBM Lotus Notes Domino
CVE-2006-5834 (Directory traversal vulnerability in general.php in OpenSolution ...)
	NOT-FOR-US: OpenSolution Quick.Cms.Lite
CVE-2006-5833 (gbcms_php_files/up_loader.php GreenBeast CMS 1.3 does not require ...)
	NOT-FOR-US: GreenBeast CMS
CVE-2006-5832 (All In One Control Panel (AIOCP) 1.3.007 and earlier allows remote ...)
	NOT-FOR-US: All In One Control Panel (AIOCP)
CVE-2006-5831 (PHP remote file inclusion vulnerability in admin/code/index.php in All ...)
	NOT-FOR-US: All In One Control Panel (AIOCP)
CVE-2006-5830 (Multiple cross-site scripting (XSS) vulnerabilities in All In One ...)
	NOT-FOR-US: All In One Control Panel (AIOCP)
CVE-2006-5829 (Multiple SQL injection vulnerabilities in All In One Control Panel ...)
	NOT-FOR-US: All In One Control Panel (AIOCP)
CVE-2006-5828 (SQL injection vulnerability in detail.php in DeltaScripts PHP ...)
	NOT-FOR-US: PHP Classifieds
CVE-2006-5827 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...)
	NOT-FOR-US: phpComasy CMS
CVE-2006-5826 (Buffer overflow in Texas Imperial Software WFTPD Pro Server 3.23.1.1 ...)
	NOT-FOR-US: Texas Imperial Software WFTPD Pro Server
CVE-2006-5825 (Cross-site scripting (XSS) vulnerability in index.php in Kayako ...)
	NOT-FOR-US: Kayako SupportSuite
CVE-2006-5824 (Integer overflow in the ffs_rdextattr function in FreeBSD 6.1 allows ...)
	- kfreebsd-5 <unfixed>
	[etch] - kfreebsd-5 <no-dsa> (no security support for freebsd)
CVE-2006-5823 (The zlib_inflate function in Linux kernel 2.6.x allows local users to ...)
	{DSA-1503-2 DSA-1504-1 DSA-1503-1}
	- linux-2.6 2.6.18.dfsg.1-10 (low)
CVE-2006-5822 (Stack-based buffer overflow in the NetBackup bpcd daemon (bpcd.exe) in ...)
	NOT-FOR-US: Symantec Veritas NetBackup
CVE-2006-5821 (Heap-based buffer overflow in the IMA_SECURE_DecryptData1 function in ...)
	NOT-FOR-US: Citrix
CVE-2006-5820 (The LinkSBIcons method in the SuperBuddy ActiveX control ...)
	NOT-FOR-US: SuperBuddy ActiveX control
CVE-2006-5819 (Verity Ultraseek before 5.7 allows remote attackers to use the server ...)
	NOT-FOR-US: Verity Ultraseek
CVE-2006-5864 (Stack-based buffer overflow in the ps_gettext function in ps.c for GNU ...)
	{DSA-1243-1 DSA-1214}
	- gv 1:3.6.2-3 (medium; bug #398292)
	- evince 0.4.0-3 (medium; bug #400904; bug #400906; bug #402063)
CVE-2006-5818 (Multiple buffer overflows in tunekrnl in IBM Lotus Domino 6.x before ...)
	NOT-FOR-US: Lotus Domino
CVE-2006-5817 (prl_dhcpd in Parallels Desktop for Mac Build 1940 uses insecure ...)
	NOT-FOR-US: Parallels
CVE-2006-5816 (Multiple PHP remote file inclusion vulnerabilities in Dmitry Sheiko ...)
	NOT-FOR-US: Business Card Web Builder
CVE-2006-5815 (Stack-based buffer overflow in the sreplace function in ProFTPD 1.3.0 ...)
	{DSA-1222-1}
	- proftpd-dfsg 1.3.0-15 (bug #399070; high)
CVE-2006-5814 (Unspecified vulnerability in Novell eDirectory allows remote attackers ...)
	NOT-FOR-US: Novell eDirectory
CVE-2006-5813 (Unspecified vulnerability in Novell eDirectory 8.8 allows attackers to ...)
	NOT-FOR-US: Novell eDirectory
CVE-2006-5812 (Unspecified vulnerability in Kerio MailServer allows attackers to ...)
	NOT-FOR-US: Kerio
CVE-2006-5811 (PHP remote file inclusion vulnerability in library/translation.inc.php ...)
	NOT-FOR-US: OpenEMR
CVE-2006-5810 (Cross-site scripting (XSS) vulnerability in ...)
	NOT-FOR-US: XOOPS
CVE-2006-5809 (Multiple unspecified vulnerabilities in Jonathon J. Freeman OvBB ...)
	NOT-FOR-US: OvBB
CVE-2006-5808 (The installation of Cisco Secure Desktop (CSD) before 3.1.1.45 uses ...)
	NOT-FOR-US: Cicso
CVE-2006-5807 (Cisco Secure Desktop (CSD) before 3.1.1.45 allows local users to ...)
	NOT-FOR-US: Cicso
CVE-2006-5806 (SSL VPN Client in Cisco Secure Desktop before 3.1.1.45, when ...)
	NOT-FOR-US: Cisco
CVE-2006-5805 (Microsoft Internet Explorer 7 allows remote attackers to cause a ...)
	NOT-FOR-US: Microsoft
CVE-2006-5804 (PHP remote file inclusion vulnerability in admin.php in Advanced ...)
	NOT-FOR-US: Advanced Guestbook
CVE-2006-5803 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: mxBB Smartor Album
CVE-2006-5802 (SQL injection vulnerability in message_details.php in The Web Drivers ...)
	NOT-FOR-US: The Web Drivers Simple Forum
CVE-2006-5801 (The owserver module in owfs and owhttpd 2.5p5 and earlier does not ...)
	NOT-FOR-US: owfs
CVE-2006-5800 (Cross-site scripting (XSS) vulnerability in default.asp in ...)
	NOT-FOR-US: Xenis.creator
CVE-2006-5799 (Multiple cross-site scripting (XSS) vulnerabilities in default.asp in ...)
	NOT-FOR-US: Xenis.creator
CVE-2006-5798 (SQL injection vulnerability in default.asp in Xenis.creator CMS allows ...)
	NOT-FOR-US: Xenis.creator
CVE-2006-5797 (Multiple SQL injection vulnerabilities in default.asp in Xenis.creator ...)
	NOT-FOR-US: Xenis.creator
CVE-2006-5796 (Multiple PHP remote file inclusion vulnerabilities in Soholaunch Pro ...)
	NOT-FOR-US: Soholaunch Pro
CVE-2006-5795 (Multiple PHP remote file inclusion vulnerabilities in OpenEMR 2.8.1 ...)
	NOT-FOR-US: OpenEMR
CVE-2006-5794 (Unspecified vulnerability in the sshd Privilege Separation Monitor in ...)
	- openssh 1:4.3p2-6 (unimportant)
	NOTE: Not a direct vulnerability
CVE-2006-5793 (The sPLT chunk handling code (png_set_sPLT function in pngset.c) in ...)
	- libpng 1.2.13-0 (low; bug #398706)
	[sarge] - libpng <no-dsa> (Minor issue)
CVE-2006-XXXX [obexpushd arbitrary command execution]
	- obexpushd 0.4+svn10-1 (bug #397297; medium)
CVE-2006-XXXX [motion insecure tempfile creation]
	- motion 3.2.3-2 (bug #393846; low)
	[sarge] - motion <no-dsa> (Minor issue)
CVE-2006-5792 (Unspecified vulnerability in XLink Omni-NFS Enterprise allows remote ...)
	NOT-FOR-US: XLink Omni-NFS Enterprise
CVE-2006-5791 (Multiple cross-site scripting (XSS) vulnerabilities in elogd.c in ELOG ...)
	{DSA-1242-1}
	- elog 2.6.2+r1754-1 (medium; bug #392016)
CVE-2006-5790 (Multiple format string vulnerabilities in elogd.c in ELOG 2.6.2 and ...)
	{DSA-1242-1}
	- elog 2.6.2+r1754-1 (medium; bug #392016)
CVE-2006-5789 (War FTP Daemon (WarFTPd) 1.82.00-RC11 allows remote authenticated ...)
	NOT-FOR-US: WarFTPd
CVE-2006-5788 (PHP remote file inclusion vulnerability in (1) index.php and (2) ...)
	NOT-FOR-US: IPrimal Forums
CVE-2006-5787 (admin/index.php in IPrimal Forums as of 20061105 allows remote ...)
	NOT-FOR-US: IPrimal Forums
CVE-2006-5786 (Directory traversal vulnerability in class2.php in e107 0.7.5 and ...)
	NOT-FOR-US: e107
CVE-2006-5785 (Unspecified vulnerability in SAP Web Application Server 6.40 before ...)
	NOT-FOR-US: SAP Web Application Server
CVE-2006-5784 (Unspecified vulnerability in enserver.exe in SAP Web Application ...)
	NOT-FOR-US: SAP Web Application Server
CVE-2006-5783 (** DISPUTED ** ...)
	NOTE: irreproducible firefox issue
CVE-2006-5782 (radexecd.exe in HP OpenView Client Configuraton Manager (CCM) does not ...)
	NOT-FOR-US: HP OpenView
CVE-2006-5781 (Stack-based buffer overflow in the handshake function in iodine 0.3.2 ...)
	NOT-FOR-US: iodine
CVE-2006-5780 (Stack-based buffer overflow in nfsd.exe in XLink Omni-NFS Server 5.2 ...)
	NOT-FOR-US: XLink Omni-NFS
CVE-2006-5779 (OpenLDAP before 2.3.29 allows remote attackers to cause a denial of ...)
	- openldap2.2 <removed> (bug #397673)
	- openldap2.3 2.3.29-1
CVE-2006-5777 (Creasito E-Commerce Content Manager 1.3.08 allows remote attackers to ...)
	NOT-FOR-US: Creasito E-Commerce Content Manager
CVE-2006-5776 (** DISPUTED ** ...)
	NOT-FOR-US: Ariadne
CVE-2006-5775 (Cross-site scripting (XSS) vulnerability in profile.php in FunkBoard ...)
	NOT-FOR-US: FunkBoard
CVE-2006-5774 (Cross-site scripting (XSS) vulnerability in Hyper NIKKI System before ...)
	NOT-FOR-US: Hyper NIKKI System
CVE-2006-5773 (Directory traversal vulnerability in index.php in FreeWebshop 2.2.1 ...)
	NOT-FOR-US: FreeWebshop
CVE-2006-5772 (Multiple SQL injection vulnerabilities in index.php in FreeWebshop ...)
	NOT-FOR-US: FreeWebshop
CVE-2006-5771 (Cross-site scripting (XSS) vulnerability in Arkoon SSL360 1.0 and 2.0 ...)
	NOT-FOR-US: Arkoon SSL360
CVE-2006-5770 (Multiple cross-site scripting (XSS) vulnerabilities in ac4p Mobile ...)
	NOT-FOR-US: Mobile
CVE-2006-5769 (Multiple cross-site scripting (XSS) vulnerabilities in admin.tool CMS ...)
	NOT-FOR-US: admin.tool CMS
CVE-2006-5768 (Multiple PHP remote file inclusion vulnerabilities in Cyberfolio 2.0 ...)
	NOT-FOR-US: Cyberfolio
CVE-2006-5767 (PHP remote file inclusion vulnerability in includes/xhtml.php in Drake ...)
	NOT-FOR-US: Drake CMS
CVE-2006-5766 (PHP remote file inclusion vulnerability in volume.php in Article ...)
	NOT-FOR-US: Article System
CVE-2006-5765 (SQL injection vulnerability in rss.php in Article Script 1.6.3 and ...)
	NOT-FOR-US: Article Script
CVE-2006-5764 (PHP remote file inclusion vulnerability in contact.php in Free File ...)
	NOT-FOR-US: Free File Hosting
CVE-2006-5763 (Multiple PHP remote file inclusion vulnerabilities in Free File ...)
	NOT-FOR-US: Free File Hosting
CVE-2006-5762 (PHP remote file inclusion vulnerability in forgot_pass.php in Free ...)
	NOT-FOR-US: Free File Hosting
CVE-2006-5761 (Cross-site scripting (XSS) vulnerability in index.php in Rhadrix ...)
	NOT-FOR-US: Rhadrix If-CMS
CVE-2006-5760 (Multiple PHP remote file inclusion vulnerabilities in phpDynaSite ...)
	NOT-FOR-US: phpDynaSite
CVE-2006-5759 (index.php in Rhadrix If-CMS, possibly 1.01 and 2.07, allows remote ...)
	NOT-FOR-US: Rhadrix If-CMS
CVE-2006-5758 (The Graphics Rendering Engine in Microsoft Windows 2000 through 2000 ...)
	NOT-FOR-US: Microsoft
CVE-2006-5757 (Race condition in the __find_get_block_slow function in the ISO9660 ...)
	{DSA-1304}
	- linux-2.6 2.6.18.dfsg.1-10 (low)
CVE-2006-5756
	REJECTED
CVE-2006-5755 (Linux kernel before 2.6.18, when running on x86_64 systems, does not ...)
	{DSA-1381-2}
	- linux-2.6 2.6.18.dfsg.1-10
CVE-2006-5754 (The aio_setup_ring function in Linux kernel does not properly ...)
	{DSA-1304}
	- linux-2.6 <not-affected> (Fixed before initial upload; 2.6.10)
CVE-2006-5753 (Unspecified vulnerability in the listxattr system call in Linux ...)
	{DSA-1503-2 DSA-1503-1 DSA-1356-1 DSA-1304}
	- linux-2.6 2.6.20-1
CVE-2006-5752 (Cross-site scripting (XSS) vulnerability in mod_status.c in the ...)
	- apache2 2.2.4-2 (low)
	[sarge] - apache2 2.0.54-5sarge2
	[etch] - apache2 2.2.3-4+etch2
	- apache <removed> (low)
	[etch] - apache 1.3.34-4.1+etch1
CVE-2006-5751 (Integer overflow in the get_fdb_entries function in ...)
	{DSA-1233}
	- linux-2.6 2.6.18-8 (medium)
CVE-2006-5750 (Directory traversal vulnerability in the DeploymentFileRepository ...)
	NOT-FOR-US: JBoss
CVE-2006-5749 (The isdn_ppp_ccp_reset_alloc_state function in drivers/isdn/isdn_ppp.c ...)
	- linux-2.6 2.6.18.dfsg.1-10
CVE-2006-5748 (Multiple unspecified vulnerabilities in the JavaScript engine in ...)
	{DSA-1227-1 DSA-1225-1 DSA-1224-1}
	NOTE: MFSA-2006-65
	- firefox <removed> (high)
	- iceweasel 2.0+dfsg-1 (high)
	- icedove 1.5.0.8-1 (medium)
	- mozilla <unfixed> (high)
	- xulrunner 1.8.0.8-1 (high)
CVE-2006-5747 (Unspecified vulnerability in Mozilla Firefox before 1.5.0.8, ...)
	NOTE: MFSA-2006-65
	- firefox <removed> (high)
	- iceweasel 2.0+dfsg-1 (high)
	- icedove 1.5.0.8-1 (medium)
	- mozilla <unfixed> (medium)
	[sarge] - mozilla <not-affected> (Vulnerable code not present)
	- xulrunner 1.5.0.8-1 (high)
	- mozilla-firefox <removed>
	- mozilla-thunderbird <removed>
	[sarge] - mozilla <not-affected> (Vulnerable code not present)
	[sarge] - mozilla-firefox <not-affected> (Vulnerable code not present)
	[sarge] - mozilla-thunderbird <not-affected> (Vulnerable code not present)
CVE-2006-5746 (The console in AirMagnet Enterprise before 7.5 build 6307 does not ...)
	NOT-FOR-US: AirMagnet
CVE-2006-5745 (Unspecified vulnerability in the setRequestHeader method in the ...)
	NOT-FOR-US: Microsoft
CVE-2006-5744 (Multiple SQL injection vulnerabilities in Highwall Enterprise and ...)
	NOT-FOR-US: Highwall Enterprise
CVE-2006-5743 (Multiple cross-site scripting (XSS) vulnerabilities in Highwall ...)
	NOT-FOR-US: Highwall Enterprise
CVE-2006-5742 (The AirMagnet Enterprise console and Remote Sensor console (Laptop) in ...)
	NOT-FOR-US: AirMagnet Enterprise
CVE-2006-5741 (Multiple cross-site scripting (XSS) vulnerabilities in AirMagnet ...)
	NOT-FOR-US: AirMagnet Enterprise
CVE-2006-5739 (PHP remote file inclusion vulnerability in cpadmin/cpa_index.php in ...)
	NOT-FOR-US: communityPortals
CVE-2006-5738 (Multiple SQL injection vulnerabilities in PunBB before 1.2.14 allow ...)
	NOT-FOR-US: PunBB
CVE-2006-5737 (PunBB uses a predictable cookie_seed value that can be derived from ...)
	NOT-FOR-US: PunBB
CVE-2006-5736 (SQL injection vulnerability in search.php in PunBB before 1.2.14, when ...)
	NOT-FOR-US: PunBB
CVE-2006-5735 (Directory traversal vulnerability in include/common.php in PunBB ...)
	NOT-FOR-US: PunBB
CVE-2006-5734 (Multiple PHP remote file inclusion vulnerabilities in ATutor 1.5.3.2 ...)
	NOT-FOR-US: ATutor
CVE-2006-5733 (Directory traversal vulnerability in error.php in PostNuke 0.763 and ...)
	NOT-FOR-US: PostNuke
CVE-2006-5732 (SQL injection vulnerability in logout.php in T.G.S. CMS 0.1.7 and ...)
	NOT-FOR-US: T.G.S. CMS
CVE-2006-5731 (Directory traversal vulnerability in classes/index.php in Lithium CMS ...)
	NOT-FOR-US: Lithium CMS
CVE-2006-5730 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: Modx CMS
CVE-2006-5729 (Yazd Discussion Forum before 3.0 beta does not properly manage forum ...)
	NOT-FOR-US: Yazd Discussion Forum
CVE-2006-5728 (XM Easy Personal FTP Server 5.2.1 and earlier allows remote ...)
	NOT-FOR-US: XM Easy Personal FTP Server
CVE-2006-5727 (PHP remote file inclusion vulnerability in admin/controls/cart.php in ...)
	NOT-FOR-US: sazcart
CVE-2006-5726 (alloccgblk in the UFS filesystem in Solaris 10 allows local users to ...)
	NOT-FOR-US: Solaris
CVE-2006-5725 (The SSL server in AEP Smartgate 4.3b allows remote attackers to ...)
	NOT-FOR-US: AEP Smartgate
CVE-2006-5724 (Heap-based buffer overflow the &quot;Answering Service&quot; function in ICQ ...)
	NOT-FOR-US: ICQ
CVE-2006-5723 (SQL injection vulnerability in DataparkSearch Engine 4.42 and earlier ...)
	NOT-FOR-US: DataparkSearch Engine
CVE-2006-5722 (Multiple PHP remote file inclusion vulnerabilities in Segue CMS 1.5.9 ...)
	NOT-FOR-US: Segue CMS
CVE-2006-5721 (The \Device\SandBox driver in Outpost Firewall PRO 4.0 (964.582.059) ...)
	NOT-FOR-US: Outpost Firewall PRO
CVE-2006-5720 (SQL injection vulnerability in modules/journal/search.php in the ...)
	NOT-FOR-US: PHP-Nuke
CVE-2006-5719 (SQL injection vulnerability in libs/sessions.lib.php in BytesFall ...)
	NOT-FOR-US: BytesFall Explorer (bfExplorer)
CVE-2006-5718 (Cross-site scripting (XSS) vulnerability in error.php in phpMyAdmin ...)
	- phpmyadmin 4:2.9.0.3-1 (low; bug #396638)
	[sarge]	- phpmyadmin <not-affected> (Vulnerable code not present)
CVE-2006-5717 (Multiple cross-site scripting (XSS) vulnerabilities in Zend Google ...)
	NOT-FOR-US: Zend Google Data Client Library (ZendGData)
CVE-2006-5716 (Directory traversal vulnerability in aff_news.php in FreeNews 2.1 ...)
	NOT-FOR-US: FreeNews
CVE-2006-5715 (Easy File Sharing (EFS) Easy Address Book 1.2, when run on an NTFS ...)
	NOT-FOR-US: Easy File Sharing (EFS) Easy Address Book
CVE-2006-5714 (Easy File Sharing (EFS) Web Server 4.0, when running on an NTFS file ...)
	NOT-FOR-US: Easy File Sharing (EFS) Web Server
CVE-2006-5713 (Cross-site scripting (XSS) vulnerability in Easy File Sharing (EFS) ...)
	NOT-FOR-US: Easy File Sharing (EFS) Web Server
CVE-2006-5712 (Cross-site scripting (XSS) vulnerability in Mirapoint WebMail allows ...)
	NOT-FOR-US: Mirapoint WebMail
CVE-2006-5711 (ECI Telecom B-FOCuS Wireless 802.11b/g ADSL2+ Router allows remote ...)
	NOT-FOR-US: ECI Telecom
CVE-2006-5710 (The Airport driver for certain Orinoco based Airport cards in Darwin ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2006-5709 (Unspecified vulnerability in WorldClient in Alt-N Technologies MDaemon ...)
	NOT-FOR-US: Alt-N Technologies MDaemon
CVE-2006-5708 (Multiple unspecified vulnerabilities in MDaemon and WorldClient in ...)
	NOT-FOR-US: Alt-N Technologies MDaemon
CVE-2006-5707 (SQL injection vulnerability in index.php in PHPEasyData Pro 1.4.1 and ...)
	NOT-FOR-US: PHPEasyData
CVE-2006-5706 (Unspecified vulnerabilities in PHP, probably before 5.2.0, allow local ...)
	- php5 5.2.0-1 (unimportant)
	- php4 <unfixed> (unimportant)
	NOTE: lack of basedir restrictions are not security-relevant by Debian PHP security policy
CVE-2006-5705 (Multiple directory traversal vulnerabilities in ...)
	- wordpress 2.0.5-0.1
CVE-2006-5704 (HP NonStop Server G06.29, when running Standard Security T6533G06 ...)
	NOT-FOR-US: HP
CVE-2006-5703 (Cross-site scripting (XSS) vulnerability in tiki-featured_link.php in ...)
	- tikiwiki 1.9.6+dfsg-1 (low)
CVE-2006-5702 (Tikiwiki 1.9.5 allows remote attackers to obtain sensitive information ...)
	- tikiwiki 1.9.6+dfsg-1 (medium)
CVE-2006-5701 (Double free vulnerability in squashfs module in the Linux kernel ...)
	- linux-2.6 <unfixed> (unimportant)
	- squashfs 1:3.1r2-6.1
	NOTE: Mounting filesystem partitions should be limited to root
CVE-2006-5700
	RESERVED
CVE-2006-5699
	RESERVED
CVE-2006-5698
	RESERVED
CVE-2006-5697
	RESERVED
CVE-2006-5696
	RESERVED
CVE-2006-5695
	RESERVED
CVE-2006-5694
	RESERVED
CVE-2006-5693
	RESERVED
CVE-2006-5692
	RESERVED
CVE-2006-5691
	RESERVED
CVE-2006-5690
	RESERVED
CVE-2006-5689
	RESERVED
CVE-2006-5688
	RESERVED
CVE-2006-5687
	RESERVED
CVE-2006-5686
	RESERVED
CVE-2006-5685
	RESERVED
CVE-2006-5684
	RESERVED
CVE-2006-5683
	RESERVED
CVE-2006-5682
	RESERVED
CVE-2006-5681 (QuickTime for Java on Mac OS X 10.4 through 10.4.8, when used with ...)
	NOT-FOR-US: QuickTime on Mac OS X
CVE-2006-5680 (The libarchive library in FreeBSD 6-STABLE after 2006-09-05 and before ...)
	- libarchive 1.3.1-1 (unimportant)
CVE-2006-5679 (Integer overflow in the ffs_mountfs function in FreeBSD 6.1 allows ...)
	- kfreebsd-5 <unfixed> (medium)
	[etch] - kfreebsd-5 <no-dsa> (no security support for freebsd)
CVE-2006-5678 (** DISPUTED ** ...)
	NOT-FOR-US: Les Visiteurs
CVE-2006-5677 (resmom/start_exec.c in pbs_mom in TORQUE Resource Manager 2.0.0p8 and ...)
	NOT-FOR-US: TORQUE Resource Manager
CVE-2006-5676 (SQL injection vulnerability in consult/classement.php in Uni-Vert ...)
	NOT-FOR-US: PhpLeague
CVE-2006-5675 (Multiple unspecified vulnerabilities in Pentaho Business Intelligence ...)
	NOT-FOR-US: Pentaho Business Intelligence (BI) Suite
CVE-2006-5674 (Multiple PHP remote file inclusion vulnerabilities in miniBB 2.0.2 and ...)
	NOT-FOR-US: miniBB
CVE-2006-5673 (PHP remote file inclusion vulnerability in bb_func_txt.php in miniBB ...)
	NOT-FOR-US: miniBB
CVE-2006-5672 (PHP remote file inclusion vulnerability in web/init_mysource.php in ...)
	NOT-FOR-US: MySource CMS
CVE-2006-5671 (PHP remote file inclusion vulnerability in contact.php in Free Image ...)
	NOT-FOR-US: Free Image Hosting
CVE-2006-5670 (PHP remote file inclusion vulnerability in forgot_pass.php in Free ...)
	NOT-FOR-US: Free Image Hosting
CVE-2006-5669 (PHP remote file inclusion vulnerability in gestion/savebackup.php in ...)
	NOT-FOR-US: Gepi
CVE-2006-5668 (Unspecified vulnerability in Ampache 3.3.2 and earlier, when ...)
	NOT-FOR-US: Ampache
CVE-2006-5667 (Multiple PHP remote file inclusion vulnerabilities in P-Book 1.17 and ...)
	NOT-FOR-US: P-Book
CVE-2006-5666 (SQL injection vulnerability in includes/menu.inc.php in E-Annu 1.0 ...)
	NOT-FOR-US: E-Annu
CVE-2006-5665 (PHP remote file inclusion vulnerability in admin/modules_data.php in ...)
	NOT-FOR-US: phpBB module Spider Friendly
CVE-2006-5664 (The installation script in IBM Informix Dynamic Server 10.00, Informix ...)
	NOT-FOR-US: IBM Informix
CVE-2006-5663 (IBM Informix Dynamic Server 10.00, Informix Client Software ...)
	NOT-FOR-US: IBM Informix
CVE-2006-5662 (SQL injection vulnerability in easy notesManager (eNM) 0.0.1 allows ...)
	NOT-FOR-US: easy notesManager (eNM)
CVE-2006-5661 (Cross-site scripting (XSS) vulnerability in nquser.php in VIRtech ...)
	NOT-FOR-US: Netquery
CVE-2006-5660 (Cisco Security Agent Management Center (CSAMC) 5.1 before 5.1.0.79 ...)
	NOT-FOR-US: Cisco
CVE-2006-5659 (PAM_extern before 0.2 sends a password as a command line argument, ...)
	NOT-FOR-US: PAM_extern
CVE-2006-5658 (BlooMooWeb ActiveX control (AidemATL.dll) allows remote attackers to ...)
	NOT-FOR-US: BlooMooWeb ActiveX control
CVE-2006-5657 (Multiple off-by-one errors in src/text.c in Vilistextum before 2.6.9 ...)
	NOT-FOR-US: Vilistextum
CVE-2006-5656 (Memory leak in the push_align function in src/util.c in Vilistextum ...)
	NOT-FOR-US: Vilistextum
CVE-2006-5655 (SQL injection vulnerability in index.php in OpenDocMan 1.2p3 allows ...)
	NOT-FOR-US: OpenDocMan
CVE-2006-5654 (Unspecified vulnerability in the Network Security Services (NSS) in ...)
	NOT-FOR-US: Sun Java System Web Server
CVE-2006-5653 (Cross-site scripting (XSS) vulnerability in the errorHTML function in ...)
	NOT-FOR-US: Sun Java System Messenger Express
CVE-2006-5652 (Cross-site scripting (XSS) vulnerability in Sun iPlanet Messaging ...)
	NOT-FOR-US: Sun
CVE-2006-5651 (list.php in DigiOz Guestbook before 1.7.1 allows remote attackers to ...)
	NOT-FOR-US: DigiOz Guestbook
CVE-2006-5650 (The ICQPhone.SipxPhoneManager ActiveX control in America Online ICQ ...)
	NOT-FOR-US: ICQPhone.SipxPhoneManager
CVE-2006-5649 (Unspecified vulnerability in the &quot;alignment check exception handling&quot; ...)
	{DSA-1237 DSA-1233}
	- linux-2.6 2.6.18-4
CVE-2006-5648 (Ubuntu Linux 6.10 for the PowerPC (PPC) allows local users to cause a ...)
	- linux-2.6 2.6.18-1 (low)
CVE-2006-5647 (Sophos Anti-Virus and Endpoint Security before 6.0.5, Anti-Virus for ...)
	NOT-FOR-US: Sophos
CVE-2006-5646 (Heap-based buffer overflow in Sophos Anti-Virus and Endpoint Security ...)
	NOT-FOR-US: Sophos
CVE-2006-5645 (Sophos Anti-Virus and Endpoint Security before 6.0.5, Anti-Virus for ...)
	NOT-FOR-US: Sophos
CVE-2006-5644
	RESERVED
CVE-2006-5643 (Cross-site scripting (XSS) vulnerability in search_de.html in foresite ...)
	NOT-FOR-US: foresite CMS
CVE-2006-5642 (Unspecified vulnerability in NmnLogger 1.0.0 and earlier has unknown ...)
	NOT-FOR-US: NmnLogger
CVE-2006-5641 (SQL injection vulnerability in MainAnnounce2.asp in Techno Dreams ...)
	NOT-FOR-US: Techno Dreams
CVE-2006-5640 (SQL injection vulnerability in guestbookview.asp in Techno Dreams ...)
	NOT-FOR-US: Techno Dreams
CVE-2006-5639 (Unspecified vulnerability in the random number generator in OpenWBEM ...)
	NOT-FOR-US: OpenWBEM
CVE-2006-5638 (Multiple SQL injection vulnerabilities in cherche.php in PHPMyRing ...)
	NOT-FOR-US: PHPMyRing
CVE-2006-5637 (PHP remote file inclusion vulnerability in faq_reply.php in Faq ...)
	NOT-FOR-US: Faq Administrator
CVE-2006-5636 (PHP remote file inclusion vulnerability in common.php in Simple ...)
	NOT-FOR-US: Simple Website Software
CVE-2006-5635 (SQL injection vulnerability in forum/search.asp in Web Wiz Forums ...)
	NOT-FOR-US: Web Wiz Forums
CVE-2006-5634 (Multiple PHP remote file inclusion vulnerabilities in phpProfiles 2.1 ...)
	NOT-FOR-US: phpProfiles
CVE-2006-5633 (Firefox 1.5.0.7 and 2.0, and Seamonkey 1.1b, allows remote attackers ...)
	- firefox <removed> (unimportant)
	- iceweasel <unfixed> (unimportant)
	- icedove <unfixed> (unimportant)
	- mozilla <unfixed> (unimportant)
	- xulrunner <unfixed> (unimportant)
	- mozilla-firefox <removed> (unimportant)
	- mozilla-thunderbird <removed> (unimportant)
CVE-2006-5632 (Cross-site scripting (XSS) vulnerability in change_pass.php in iG Shop ...)
	NOT-FOR-US: iG Shop
CVE-2006-5631 (Cross-site scripting (XSS) vulnerability in change_pass.php in iG Shop ...)
	NOT-FOR-US: iG Shop
CVE-2006-5630 (Hosting Controller 6.1 before Hotfix 3.3 allows remote attackers to ...)
	NOT-FOR-US: Hosting Controller
CVE-2006-5629 (Multiple SQL injection vulnerabilities in Hosting Controller 6.1 ...)
	NOT-FOR-US: Hosting Controller
CVE-2006-5628 (SQL injection vulnerability in login.asp in UNISOR Content Management ...)
	NOT-FOR-US: UNISOR Content Management System (CMS)
CVE-2006-5627 (Multiple PHP remote file inclusion vulnerabilities in QnECMS 2.5.6 and ...)
	NOT-FOR-US: QnECMS
CVE-2006-5626 (Cross-site scripting (XSS) vulnerability in ...)
	NOT-FOR-US: phpFaber
CVE-2006-5625 (PHP remote file inclusion vulnerability in wwwdev/nxheader.inc.php in ...)
	NOT-FOR-US: N/X 2002 Professional Edition Web Content Management System (WCMS)
CVE-2006-5624 (Multiple PHP remote file inclusion vulnerabilities in Multi-Page ...)
	NOT-FOR-US: Multi-Page Comment System (MPCS)
CVE-2006-5623 (PHP remote file inclusion vulnerability in ip.inc.php in Electronic ...)
	NOT-FOR-US: Electronic Engineering Tool (EE Tool)
CVE-2006-5622 (SQL injection vulnerability in picmgr.php in Coppermine Photo Gallery ...)
	NOT-FOR-US: Coppermine Photo Gallery
CVE-2006-5621 (PHP remote file inclusion vulnerability in end.php in ask_rave 0.9 PR, ...)
	NOT-FOR-US: ask_rave
CVE-2006-5620 (PHP remote file inclusion vulnerability in include/menu_builder.php in ...)
	NOT-FOR-US: MiniBILL
CVE-2006-5619 (The seqfile handling (ip6fl_get_n function in ip6_flowlabel.c) in ...)
	{DSA-1233}
	- linux-2.6 2.6.18-4 (low)
CVE-2006-5618 (Directory traversal vulnerability in script/cat_for_aff.php in Netref ...)
	NOT-FOR-US: Netref
CVE-2006-5617 (Directory traversal vulnerability in index.php in Thepeak File Upload ...)
	NOT-FOR-US: Thepeak File Upload Manager
CVE-2006-5616 (Multiple unspecified vulnerabilities in OpenPBS, as used in SUSE Linux ...)
	NOT-FOR-US: OpenPBS
CVE-2006-5615 (PHP remote file inclusion vulnerability in publish.php in Textpattern ...)
	NOT-FOR-US: Textpattern
CVE-2006-5614 (Microsoft Windows NAT Helper Components (ipnathlp.dll) on Windows XP ...)
	NOT-FOR-US: Microsoft
CVE-2006-5613 (PHP remote file inclusion in Core/core.inc.php in MP3 Streaming ...)
	NOT-FOR-US: MP3 Streaming DownSampler (mp3SDS)
CVE-2006-5612 (PHP remote file inclusion vulnerability in aide.php3 (aka aide.php) in ...)
	NOT-FOR-US: GestArt
CVE-2006-5611 (Unspecified vulnerability in Toshiba Bluetooth Stack before 4.20.01 ...)
	NOT-FOR-US: Toshiba
CVE-2006-5610 (PHP remote file inclusion vulnerability in player/includes/common.php ...)
	NOT-FOR-US: Teake Nutma Foing
CVE-2006-5609 (Directory traversal vulnerability in dir.php in TorrentFlux 2.1 allows ...)
	- torrentflux 2.1-5 (bug #395930; medium)
CVE-2006-5608 (SQL injection vulnerability in Extended Tracker (xtracker) 4.7 before ...)
	NOT-FOR-US: Extended Tracker (xtracker) for Drupal
CVE-2006-5607 (Directory traversal vulnerability in /cgi-bin/webcm in INCA IM-204 ...)
	NOT-FOR-US: INCA IM-204
CVE-2006-5606 (Multiple SQL injection vulnerabilities in BytesFall Explorer ...)
	NOT-FOR-US: BytesFall Explorer (bfExplorer)
CVE-2006-5605 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
	NOT-FOR-US: phpCards
CVE-2006-5604 (Directory traversal vulnerability in phpcards.header.php in phpCards ...)
	NOT-FOR-US: phpCards
CVE-2006-5603 (SQL injection vulnerability in pop_mail.asp in Snitz Forums 2000 ...)
	NOT-FOR-US: Snitz Forums
CVE-2006-5600 (Axalto Protiva 1.1, possibly only non-commercial versions, stores ...)
	NOT-FOR-US: Axalto Protiva
CVE-2006-5599 (Cross-site scripting (XSS) vulnerability in Oracle Application Express ...)
	NOT-FOR-US: Oracle
CVE-2006-5598 (Cross-site scripting (XSS) vulnerability in index.php for GOOP Gallery ...)
	NOT-FOR-US: GOOP Gallery
CVE-2006-5597 (join.asp in MiniHTTP Web Forum &amp; File Server PowerPack 4.0 allows ...)
	NOT-FOR-US: MiniHTTP Web Forum
CVE-2006-5596 (Directory traversal vulnerability in the SSL server in AEP Smartgate ...)
	NOT-FOR-US: AEP Smartgate
CVE-2006-5595 (Unspecified vulnerability in the AirPcap support in Wireshark ...)
	- wireshark 0.99.4-1 (bug #396258)
CVE-2006-5594 (PHP remote file inclusion vulnerability in University of British ...)
	NOT-FOR-US: iPeer
CVE-2006-5593 (Buffer overflow in Desknet's (niokeru) before 5.0J R1.0 might allow ...)
	NOT-FOR-US: Desknet's (niokeru)
CVE-2006-5592 (Admin/adpoll.asp in PacPoll 4.0 and earlier allows remote attackers to ...)
	NOT-FOR-US: PacPoll
CVE-2006-5591 (Multiple SQL injection vulnerabilities in Admin/check.asp in PacPoll ...)
	NOT-FOR-US: PacPoll
CVE-2006-5590 (PHP remote file inclusion vulnerability in index.php in ArticleBeach ...)
	NOT-FOR-US: ArticleBeach Script
CVE-2006-5589 (Multiple SQL injection vulnerabilities in LedgerSMB (LSMB) 1.1.0 and ...)
	NOT-FOR-US: LedgerSMB (LSMB)
CVE-2006-5588 (Multiple PHP remote file inclusion vulnerabilities in CMS Faethon 2.0 ...)
	NOT-FOR-US: CMS Faethon
CVE-2006-5587 (Multiple PHP remote file inclusion vulnerabilities in MDweb 1.3 and ...)
	NOT-FOR-US: MDweb
CVE-2006-5586 (The Graphics Rendering Engine in Microsoft Windows 2000 SP4 and XP SP2 ...)
	NOT-FOR-US: Microsoft GDI
CVE-2006-5585 (The Client-Server Run-time Subsystem in Microsoft Windows XP SP2 and ...)
	NOT-FOR-US: Microsoft
CVE-2006-5584 (The Remote Installation Service (RIS) in Microsoft Windows 2000 SP4 ...)
	NOT-FOR-US: Microsoft
CVE-2006-5583 (Buffer overflow in the SNMP Service in Microsoft Windows 2000 SP4, XP SP2, ...)
	NOT-FOR-US: Microsoft
CVE-2006-5582
	RESERVED
CVE-2006-5581 (Unspecified vulnerability in Microsoft Internet Explorer 6 allows ...)
	NOT-FOR-US: Microsoft
CVE-2006-5580
	RESERVED
CVE-2006-5579 (Microsoft Internet Explorer 6 allows remote attackers to execute ...)
	NOT-FOR-US: Microsoft
CVE-2006-5578 (Microsoft Internet Explorer 6 and earlier allows remote attackers to read ...)
	NOT-FOR-US: Microsoft
CVE-2006-5577 (Microsoft Internet Explorer 6 and earlier allows remote attackers to obtain ...)
	NOT-FOR-US: Microsoft
CVE-2006-5576
	RESERVED
CVE-2006-5575
	RESERVED
CVE-2006-5574 (Unspecified vulnerability in the Brazilian Portuguese Grammar Checker ...)
	NOT-FOR-US: Microsoft
CVE-2006-5573
	RESERVED
CVE-2006-5572
	RESERVED
CVE-2006-5571 (Stack-based buffer overflow in /scripts/cruise/cws.exe in CruiseWorks ...)
	NOT-FOR-US: CruiseWorks
CVE-2006-5570 (Directory traversal vulnerability in /scripts/cruise/cws.exe in ...)
	NOT-FOR-US: CruiseWorks
CVE-2006-5569 (FtpXQ Server 3.0.1 installs with two default testing accounts, which ...)
	NOT-FOR-US: FtpXQ
CVE-2006-5568 (FtpXQ Server 3.0.1 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: FtpXQ
CVE-2006-5567 (Multiple heap-based buffer overflows in AOL Nullsoft WinAmp before ...)
	NOT-FOR-US: WinAmp
CVE-2006-5566 (CRLF injection vulnerability in premium/index.php in Shop-Script ...)
	NOT-FOR-US: Shop-Script
CVE-2006-5565 (CRLF injection vulnerability in MAXdev MD-Pro 1.0.76 allows remote ...)
	NOT-FOR-US: MAXdev MD-Pro
CVE-2006-5564 (Cross-site scripting (XSS) vulnerability in user.php in MAXdev MD-Pro ...)
	NOT-FOR-US: MAXdev MD-Pro
CVE-2006-5563 (Unspecified vulnerability in Yahoo! Messenger (Service 18) before ...)
	NOT-FOR-US: Yahoo! Messenger
CVE-2006-5562 (PHP remote file inclusion vulnerability in include/database.php in ...)
	NOT-FOR-US: SourceForge (gforge is not affected)
CVE-2006-5561 (SQL injection vulnerability in admincp.php in Discuz! GBK 5.0.0 allows ...)
	NOT-FOR-US: Discuz! GBK
CVE-2006-5560 (Cross-site scripting (XSS) vulnerability in heading.php in Boesch ...)
	NOT-FOR-US: ProgSys
CVE-2006-5559 (The Execute method in the ADODB.Connection 2.7 and 2.8 ActiveX control ...)
	NOT-FOR-US: ADODB.Connection 2.7 ActiveX control
CVE-2006-5558 (Format string vulnerability in the swask command in HP-UX B.11.11 and ...)
	NOT-FOR-US: HP-UX
CVE-2006-5557 (Stack-based buffer overflow in the (1) swpackage and (2) swmodify ...)
	NOT-FOR-US: HP-UX
CVE-2006-5556 (Buffer overflow in the localtime_r function, and certain other ...)
	NOT-FOR-US: swask
CVE-2006-5555 (PHP remote file inclusion vulnerability in constantes.inc.php in ...)
	NOT-FOR-US: EPNadmin
CVE-2006-5554 (Directory traversal vulnerability in index.php in Imageview 5 allows ...)
	NOT-FOR-US: Imageview
CVE-2006-5553 (Cisco Security Agent (CSA) for Linux 4.5 before 4.5.1.657 and 5.0 ...)
	NOT-FOR-US: Cisco
CVE-2006-5552 (Multiple heap-based buffer overflows in RevilloC MailServer 1.21 and ...)
	NOT-FOR-US: RevilloC MailServer
CVE-2006-5551 (Stack-based buffer overflow in QK SMTP 3.01 and earlier might allow ...)
	NOT-FOR-US: QK SMTP
CVE-2006-5550 (The kernel in FreeBSD 6.1 and OpenBSD 4.0 allows local users to cause ...)
	- kfreebsd-5 <unfixed> (low)
	[etch] - kfreebsd-5 <no-dsa> (no security support for freebsd)
CVE-2006-5549 (** DISPUTED ** ...)
	NOT-FOR-US: Adobe PHP SDK
CVE-2006-5548 (PHP remote file inclusion vulnerability in OTSCMS/OTSCMS.php in Open ...)
	NOT-FOR-US: Open Tibia Server Content Management System
CVE-2006-5547 (PHP remote file inclusion vulnerability in OTSCMS/OTSCMS.php in Open ...)
	NOT-FOR-US: Open Tibia Server Content Management System
CVE-2006-5546 (PHP remote file inclusion vulnerability in OTSCMS/OTSCMS.php in Open ...)
	NOT-FOR-US: Open Tibia Server Content Management System
CVE-2006-5545 (Premium Antispam in Symantec Mail Security for Domino Server 5.1.x ...)
	NOT-FOR-US: Symantec
CVE-2006-5544 (Visual truncation vulnerability in Microsoft Internet Explorer 7 ...)
	NOT-FOR-US: Microsoft
CVE-2006-5543 (PHP remote file inclusion vulnerability in misc/function.php3 in PHP ...)
	NOT-FOR-US: PHP Generator of Object SQL Database
CVE-2006-5542 (backend/tcop/postgres.c in PostgreSQL 8.1.x before 8.1.5 allows remote ...)
	- postgresql-8.1 8.1.5-1 (unimportant)
	NOTE: All crashes can only be triggered by authenticated users, these are not
	NOTE: treated as vulnerabilities.
CVE-2006-5541 (backend/parser/parse_coerce.c in PostgreSQL 7.4.1 through 7.4.14, ...)
	- postgresql-7.4 1:7.4.14-1 (unimportant)
	- postgresql-8.1 8.1.5-1 (unimportant)
	[sarge] - postgresql <unfixed> (unimportant)
	NOTE: All crashes can only be triggered by authenticated users, these are not
	NOTE: treated as vulnerabilities.
CVE-2006-5540 (backend/parser/analyze.c in PostgreSQL 8.1.x before 8.1.5 allows ...)
	- postgresql-8.1 8.1.5-1 (unimportant)
	NOTE: All crashes can only be triggered by authenticated users, these are not
	NOTE: treated as vulnerabilities.
CVE-2006-5539 (PHP remote file inclusion vulnerability in login/secure.php in ...)
	NOT-FOR-US: UeberProject Management System
CVE-2006-5538 (D-Link DSL-G624T firmware 3.00B01T01.YA-C.20060616 allows remote ...)
	NOT-FOR-US: D-Link
CVE-2006-5537 (Multiple cross-site scripting (XSS) vulnerabilities in cgi-bin/webcm ...)
	NOT-FOR-US: D-Link
CVE-2006-5536 (Directory traversal vulnerability in cgi-bin/webcm in D-Link DSL-G624T ...)
	NOT-FOR-US: D-Link
CVE-2006-5535 (Multiple cross-site scripting (XSS) vulnerabilities in WebHostManager ...)
	NOT-FOR-US: WebHostManager cPanel
CVE-2006-5534 (Multiple cross-site scripting (XSS) vulnerabilities in index.htm in ...)
	NOT-FOR-US: Zwahlen Online Shop Freeware
CVE-2006-5533 (Multiple PHP remote file inclusion vulnerabilities in AROUNDMe 0.6.9, ...)
	NOT-FOR-US: AROUNDMe
CVE-2006-5532 (Cross-site scripting (XSS) vulnerability in rmgs/images.php in RMSOFT ...)
	NOT-FOR-US: RMSOFT Gallery System
CVE-2006-5531 (PHP remote file inclusion vulnerability in embedded.php in Ascended ...)
	NOT-FOR-US: Ascended Guestbook
CVE-2006-5530 (Multiple cross-site scripting (XSS) vulnerabilities in Boesch SimpNews ...)
	NOT-FOR-US: SimpNews
CVE-2006-5529 (Cross-site scripting (XSS) vulnerability in ...)
	NOT-FOR-US: SchoolAlumni Portal
CVE-2006-5528 (Directory traversal vulnerability in mod.php in SchoolAlumni Portal ...)
	NOT-FOR-US: SchoolAlumni Portal
CVE-2006-5527 (PHP remote file inclusion vulnerability in lib.editor.inc.php in ...)
	NOT-FOR-US: InteliEditor
CVE-2006-5526 (Multiple PHP remote file inclusion vulnerabilities in Teake Nutma ...)
	NOT-FOR-US: Fully Modded phpBB (phpbbfm) / Teake Nutma Foing
CVE-2006-5525 (Incomplete blacklist vulnerability in mainfile.php in PHP-Nuke 7.9 and ...)
	NOT-FOR-US: PHP-Nuke
CVE-2006-5524 (Cross-site scripting (XSS) vulnerability in index.php in phplist ...)
	NOT-FOR-US: phplist
CVE-2006-5523 (PHP remote file inclusion vulnerability in common.php in EZ-Ticket ...)
	NOT-FOR-US: EZ-Ticket
CVE-2006-5522 (Multiple PHP remote file inclusion vulnerabilities in Johannes Erdfelt ...)
	NOT-FOR-US: Kawf
CVE-2006-5521 (PHP remote file inclusion vulnerability in DNS/RR.php in Net_DNS 0.03 ...)
	NOT-FOR-US: Net_DNS
CVE-2006-5520 (PHP remote file inclusion vulnerability in functions.php in ...)
	NOT-FOR-US: PHP Classifieds
CVE-2006-5519 (PHP remote file inclusion vulnerability in ...)
	- egroupware <not-affected> (there is no path variable used to include plugin.php)
CVE-2006-5518 (Multiple PHP remote file inclusion vulnerabilities in Christopher ...)
	NOT-FOR-US: RSSonate
CVE-2006-5517 (Multiple PHP remote file inclusion vulnerabilities in Rhode Island ...)
	NOT-FOR-US: Open Meetings Filing Application
CVE-2006-5516 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
	NOT-FOR-US: WikiNi
CVE-2006-5515 (Cross-site scripting (XSS) vulnerability in lib-history.inc.php in ...)
	NOT-FOR-US: phpPgAds / phpAdsNew
CVE-2006-5514 (SQL injection vulnerability in quiz.php in Web Group Communication ...)
	NOT-FOR-US: Web Group Communication
CVE-2006-5513 (SQL injection vulnerability in GeoNetwork opensource before 2.0.3 ...)
	NOT-FOR-US: GeoNetwork opensource
CVE-2005-4814 (Unrestricted file upload vulnerability in Segue CMS before 1.3.6, when ...)
	NOT-FOR-US: Segue CMS
CVE-2006-5740 (Unspecified vulnerability in the LDAP dissector in Wireshark (formerly ...)
	- wireshark 0.99.4-1 (bug #396258; medium)
CVE-2006-5602 (Multiple memory leaks in xsupplicant before 1.2.6, and possibly other ...)
	- xsupplicant 1.2.4.dfsg.1-3 (bug #396204; medium)
CVE-2006-5601 (Stack-based buffer overflow in the eap_do_notify function in eap.c in ...)
	- xsupplicant 1.2.4.dfsg.1-3 (bug #396204; medium)
CVE-2006-XXXX [several possible mysql 5.0 local DoS vulnerabilities]
	- mysql-dfsg-5.0 5.0.26-1 (low)
CVE-2006-5512 (Cross-site scripting (XSS) vulnerability in article.htm in Zwahlen ...)
	NOT-FOR-US: Zwahlen Online Shop
CVE-2006-5511 (Direct static code injection vulnerability in delete.php in JaxUltraBB ...)
	NOT-FOR-US: JaxUltraBB
CVE-2006-5510 (Directory traversal vulnerability in explorer_load_lang.php in PH ...)
	NOT-FOR-US: Pexplorer
CVE-2006-5509 (Eval injection vulnerability in addentry.php in WoltLab Burning Book ...)
	NOT-FOR-US: Burning Book
CVE-2006-5508 (Multiple SQL injection vulnerabilities in addentry.php in WoltLab ...)
	NOT-FOR-US: Burning Book
CVE-2006-5507 (Multiple PHP remote file inclusion vulnerabilities in Der Dirigent ...)
	NOT-FOR-US: Der Dirigent
CVE-2006-5506 (Multiple PHP remote file inclusion vulnerabilities in WiClear 0.10 ...)
	NOT-FOR-US: WiClear
CVE-2006-5505 (Multiple PHP file inclusion vulnerabilities in 2BGal 3.0 allow remote ...)
	NOT-FOR-US: 2BGal
CVE-2006-5504 (Cross-site scripting (XSS) vulnerability in index.php in Simple ...)
	NOT-FOR-US: Simple Machines Forum
CVE-2006-5503 (Cross-site scripting (XSS) vulnerability in index.php in Simple ...)
	NOT-FOR-US: Simple Machines Forum
CVE-2006-5502 (Heap-based buffer overflow in the AOL.PicDownloadCtrl.1 ActiveX ...)
	NOT-FOR-US: AOL Security Edition
CVE-2006-5501 (Buffer overflow in the AOL.PicDownloadCtrl.1 ActiveX control ...)
	NOT-FOR-US: AOL Security Edition
CVE-2006-5500 (Multiple SQL injection vulnerabilities in the checkUser function in ...)
	NOT-FOR-US: XchangeBoard
CVE-2006-5499 (Multiple cross-site scripting (XSS) vulnerabilities in Serendipity ...)
	- serendipity 1.0.2-1
CVE-2006-5498 (Directory traversal vulnerability in ...)
	NOT-FOR-US: Segue CMS
CVE-2006-5497 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: Segue CMS
CVE-2006-5496 (Multiple cross-site scripting (XSS) vulnerabilities in Timothy Claason ...)
	NOT-FOR-US: Timothy Claason KnowledgeBank
CVE-2006-5495 (Multiple PHP remote file inclusion vulnerabilities in Trawler Web CMS ...)
	NOT-FOR-US: Trawler Web CMS
CVE-2006-5494 (Multiple PHP remote file inclusion vulnerabilities in ...)
	NOT-FOR-US: pandaBB for PHP-Nuke
CVE-2006-5493 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: DigitalHive
CVE-2006-5492 (Unspecified vulnerability in Maerys Archive (Maarch) before 2.0.1 ...)
	NOT-FOR-US: Maarch
CVE-2006-5491 (Multiple SQL injection vulnerabilities in include/index.php in ...)
	NOT-FOR-US: UltraCMS
CVE-2006-5490 (Multiple SQL injection vulnerabilities in Segue Content Management ...)
	NOT-FOR-US: Segue CMS
CVE-2006-5489 (Research in Motion (RIM) BlackBerry Enterprise Server 4.1 SP2 before ...)
	NOT-FOR-US: RIM BlackBerry Enterprise Server
CVE-2006-5488 (SQL injection vulnerability in XchangeBoard 1.70, and possibly ...)
	NOT-FOR-US: XchangeBoard
CVE-2006-5487 (Directory traversal vulnerability in Marshal MailMarshal SMTP 5.x, ...)
	NOT-FOR-US: Marshal MailMarshal SMTP
CVE-2006-5486 (Cross-site scripting (XSS) vulnerability in Webmail in Sun Java System ...)
	NOT-FOR-US: Sun Java System Messaging Server
CVE-2006-5485 (Multiple PHP remote file inclusion vulnerabilities in SpeedBerg ...)
	NOT-FOR-US: SpeedBerg
CVE-2006-5484 (SSH Tectia Client/Server/Connector 5.1.0 and earlier, Manager 2.2.0 ...)
	NOT-FOR-US: SSH Tectia
CVE-2006-5483 (p1003_1b.c in FreeBSD 6.1 allows local users to cause an unspecified ...)
	- kfreebsd-5 <unfixed> (low)
	[etch] - kfreebsd-5 <no-dsa> (no security support for freebsd)
CVE-2006-5482 (ufs_vnops.c in FreeBSD 6.1 allows local users to cause an unspecified ...)
	- kfreebsd-5 <unfixed> (low)
	[etch] - kfreebsd-5 <no-dsa> (no security support for freebsd)
CVE-2006-5481 (Multiple PHP remote file inclusion vulnerabilities in Castor 1.1.1 ...)
	NOT-FOR-US: Castor
CVE-2006-5480 (PHP remote file inclusion vulnerability in lib/rs.php in Castor 1.1.1 ...)
	NOT-FOR-US: Castor
CVE-2006-5479 (The NCP Engine in Novell eDirectory before 8.7.3.8 FTF1 allows remote ...)
	NOT-FOR-US: Novell eDirectory
CVE-2006-5478 (Multiple stack-based buffer overflows in Novell eDirectory 8.8.x ...)
	NOT-FOR-US: Novell eDirectory
CVE-2006-5477 (Drupal 4.6.x before 4.6.10 and 4.7.x before 4.7.4 allows form ...)
	- drupal <not-affected> (Our version of drupal is too old)
CVE-2006-5476 (Cross-site request forgery (CSRF) vulnerability in Drupal 4.6.x before ...)
	- drupal <not-affected> (Our version of drupal is too old)
CVE-2006-5475 (Multiple cross-site scripting (XSS) vulnerabilities in the XML parser ...)
	- drupal <not-affected> (Our version of drupal is too old)
CVE-2006-5474 (The &quot;forgot password&quot; function in OneOrZero Helpdesk before 1.6.5.4 ...)
	NOT-FOR-US: OneOrZero Helpdesk
CVE-2006-5473 (** DISPUTED ** ...)
	NOT-FOR-US: Softerra PHP Developer Library
CVE-2006-5472 (PHP remote file inclusion vulnerability in Softerra PHP Developer ...)
	NOT-FOR-US: Softerra PHP Developer Library
CVE-2006-5471 (PHP remote file inclusion vulnerability in example/lib/grid3.lib.php ...)
	NOT-FOR-US: Softerra PHP Developer Library
CVE-2006-5470
	REJECTED
CVE-2006-5469 (Unspecified vulnerability in the WBXML dissector in Wireshark ...)
	- wireshark 0.99.4-1 (bug #396258; medium)
CVE-2006-5468 (Unspecified vulnerability in the HTTP dissector in Wireshark (formerly ...)
	- wireshark 0.99.4-1 (bug #396258; medium)
CVE-2006-5467 (The cgi.rb CGI library for Ruby 1.8 allows remote attackers to cause a ...)
	{DSA-1235-1 DSA-1234-1}
	- ruby1.8 1.8.5-3 (low; bug #398457)
	- ruby1.9 1.9.0+20070606-1 (low)
	[etch] - ruby1.9 <no-dsa> (Minor issue)
CVE-2006-5466 (Heap-based buffer overflow in the showQueryPackage function in librpm ...)
	- rpm 4.4.1-11 (low; bug #397076)
	[sarge] - rpm <no-dsa> (You need to trust the RPMs you're installing)
	NOTE: Only hypothetical, far-fetched attacks feasible
CVE-2006-5465 (Buffer overflow in PHP before 5.2.0 allows remote attackers to execute ...)
	{DSA-1206-1}
	- php4 4:4.4.4-4 (high; bug #396764)
	- php5 5.1.6-6 (high; bug #396766)
CVE-2006-5464 (Multiple unspecified vulnerabilities in the layout engine in Mozilla ...)
	{DSA-1227-1 DSA-1225-1 DSA-1224-1}
	NOTE: MFSA-2006-65
	- firefox <removed> (low)
	- iceweasel 2.0+dfsg-1 (low)
	- icedove 1.5.0.8-1 (low)
	- mozilla <unfixed> (low)
	- xulrunner 1.8.0.8-1 (low)
CVE-2006-5463 (Unspecified vulnerability in Mozilla Firefox before 1.5.0.8, ...)
	{DSA-1227-1 DSA-1225-1 DSA-1224-1}
	NOTE: MFSA-2006-67
	- firefox <removed> (high)
	- iceweasel 2.0+dfsg-1 (high)
	- icedove 1.5.0.8-1 (medium)
	- mozilla <unfixed> (high)
	- xulrunner 1.8.0.8-1 (high)
CVE-2006-5462 (Mozilla Network Security Service (NSS) library before 3.11.3, as used ...)
	{DSA-1227-1 DSA-1225-1 DSA-1224-1}
	NOTE: MFSA-2006-66
	NOTE: this is the similar to CVE-2006-4339, see also CVE-2006-4340
	NOTE: the fixes for CVE-2006-4340 were incomplete
	- firefox <removed> (high)
	- iceweasel 2.0+dfsg-1 (high)
	- icedove 1.5.0.8-1 (medium)
	- mozilla <unfixed> (high)
	- xulrunner 1.8.0.8-1 (high)
CVE-2006-5461 (Avahi before 0.6.15 does not verify the sender identity of netlink ...)
	- avahi 0.6.15-1 (low)
CVE-2006-XXXX [diffmon information leakage]
	- diffmon 20020222-2.2 (bug #382132)
CVE-2006-5460 (** DISPUTED ** ...)
	NOT-FOR-US: phpht Topsites
CVE-2006-5459 (Multiple PHP remote file inclusion vulnerabilities in Download-Engine ...)
	NOT-FOR-US: Download-Engine
CVE-2006-5458 (PHP remote file inclusion vulnerability in common.php in Hinton Design ...)
	NOT-FOR-US: phpht Topsites
CVE-2006-5457 (Multiple cross-site scripting (XSS) vulnerabilities in the ...)
	NOT-FOR-US: Casino Script (Masvet)
CVE-2006-5456 (Multiple buffer overflows in GraphicsMagick before 1.1.7 and ...)
	{DSA-1213}
	- graphicsmagick 1.1.7-9 (medium)
	- imagemagick 7:6.2.4.5.dfsg1-0.11 (bug #393025)
CVE-2006-5455 (Cross-site request forgery (CSRF) vulnerability in editversions.cgi in ...)
	- bugzilla 2.22.1-1 (bug #395094; low)
	[sarge] - bugzilla <no-dsa> (CSRF infrastructure not present, too intrusive to backport)
CVE-2006-5454 (Bugzilla 2.18.x before 2.18.6, 2.20.x before 2.20.3, 2.22.x before ...)
	- bugzilla 2.22.1-1 (bug #395094; low)
	[sarge] - bugzilla <not-affected> (Vulnerable code not present)
CVE-2006-5453 (Multiple cross-site scripting (XSS) vulnerabilities in Bugzilla 2.18.x ...)
	{DSA-1208-1}
	- bugzilla 2.22.1-1 (bug #395094; low)
CVE-2006-5452 (Buffer overflow in dtmail on HP Tru64 UNIX 4.0F through 5.1B and HP-UX ...)
	NOT-FOR-US: HP Tru64
CVE-2006-5451 (Multiple cross-site scripting (XSS) vulnerabilities in TorrentFlux 2.1 ...)
	- torrentflux 2.1-5 (bug #395099; low)
CVE-2006-5450 (SQL injection vulnerability in index.asp in Kinesis Interactive Cinema ...)
	NOT-FOR-US: Kinesis Interactive Cinema System (KICS) CMS
CVE-2006-5449 (procmail in Ingo H3 before 1.1.2 Horde module allows remote ...)
	{DSA-1204-1}
	- ingo1 1.1.2-1 (bug #396099)
CVE-2006-5448 (The drmstor.dll ActiveX object in Microsoft Windows Digital Rights ...)
	NOT-FOR-US: Microsoft
CVE-2006-5447 (Cross-site scripting (XSS) vulnerability in index.php in DEV Web ...)
	NOT-FOR-US: DEV Web Management System (WMS)
CVE-2006-5446 (SQL injection vulnerability in lobby/config.php in Casinosoft Casino ...)
	NOT-FOR-US: Casinosoft Casino Script (aka Masvet)
CVE-2006-5445 (Unspecified vulnerability in the SIP channel driver ...)
	- asterisk 1:1.2.13~dfsg-1 (medium; bug #395080)
CVE-2006-5444 (Integer overflow in the get_input function in the Skinny channel ...)
	{DSA-1229-1}
	- asterisk 1:1.2.13~dfsg-1 (medium; bug #395080; bug #394025)
CVE-2006-5443 (Unspecified vulnerability in XIAO Gang WWW Interactive Mathematics ...)
	- wims 3.60-1 (bug #395102)
CVE-2006-5442 (ViewVC 1.0.2 and earlier does not specify a charset in its HTTP ...)
	- viewvc 1.0.3-1 (medium; bug #397669)
CVE-2006-5441 (PHP remote file inclusion vulnerability in adminfoot.php in Comdev Web ...)
	NOT-FOR-US: Comdev Web Blogger
CVE-2006-5440 (PHP remote file inclusion vulnerability in adminfoot.php in Comdev ...)
	NOT-FOR-US: Comdev Web Blogger
CVE-2006-5439 (PHP remote file inclusion vulnerability in adminfoot.php in Comdev ...)
	NOT-FOR-US: Comdev Web Blogger
CVE-2006-5438 (PHP remote file inclusion vulnerability in adminfoot.php in Comdev ...)
	NOT-FOR-US: Comdev Web Blogger
CVE-2006-5437 (** DISPUTED ** ...)
	NOT-FOR-US: phpAdsNew
CVE-2006-5436 (PHP remote file inclusion vulnerability in index.php in FreeFAQ 1.0.e ...)
	NOT-FOR-US: FreeFAQ
CVE-2006-5435 (** DISPUTED ** ...)
	- phpbb2 <not-affected> (not vulnerable)
CVE-2006-5434 (PHP remote file inclusion vulnerability in p-news.php in P-News 1.16 ...)
	NOT-FOR-US: P-News
CVE-2006-5433 (PHP remote file inclusion vulnerability in modules/guestbook/index.php ...)
	NOT-FOR-US: ALiCE-CMS
CVE-2006-5432 (Multiple direct static code injection vulnerabilities in ...)
	NOT-FOR-US: phpPowerCards
CVE-2006-5431 (PHP remote file inclusion vulnerability in gorum/dbproperty.php in ...)
	NOT-FOR-US: PHPOutsourcing Zorum
CVE-2006-5430 (Cross-site scripting (XSS) vulnerability in the search functionality ...)
	NOT-FOR-US: db-central (dbc) Enterprise CMS
CVE-2006-5429 (Multiple PHP remote file inclusion vulnerabilities in Barry Nauta BRIM ...)
	NOT-FOR-US: BRIM
CVE-2006-5428 (rpc.php in Cerberus Helpdesk 3.2.1 does not verify a client's ...)
	NOT-FOR-US: Cerberus Helpdesk
CVE-2006-5427 (PHP remote file inclusion vulnerability in plugins/main.php in Php AMX ...)
	NOT-FOR-US: Php AMX
CVE-2006-5426 (PHP remote file inclusion vulnerability in lib/lcUser.php in LoCal ...)
	NOT-FOR-US: LoCal Calendar System
CVE-2006-5425 (XORP (eXtensible Open Router Platform) 1.2 and 1.3 allows remote ...)
	NOT-FOR-US: XORP (eXtensible Open Router Platform)
CVE-2006-5424 (Unspecified vulnerability in Justsystem Ichitaro 2006, 2006 trial ...)
	NOT-FOR-US: Justsystem Ichitaro
CVE-2006-5423 (PHP remote file inclusion vulnerability in admin/admin_module.php in ...)
	NOT-FOR-US: Lou Portail
CVE-2006-5422 (PHP remote file inclusion vulnerability in calcul-page.php in Lodel ...)
	NOT-FOR-US: Lodel
CVE-2006-5421 (WSN Forum 1.3.4 and earlier allows remote attackers to execute ...)
	NOT-FOR-US: WSN Forum
CVE-2006-5420 (Kerio WinRoute Firewall 6.2.2 and earlier allows remote attackers to ...)
	NOT-FOR-US: Kerio WinRoute Firewall
CVE-2006-5419 (PHP remote file inclusion vulnerability in client.php in University of ...)
	NOT-FOR-US: Specimen Image Database (SID)
CVE-2006-5418 (PHP remote file inclusion vulnerability in archive/archive_topic.php ...)
	NOT-FOR-US: pbpbb archive for search engines (SearchIndexer) (aka phpBBSEI) for phpBB
CVE-2006-5417 (McAfee Network Agent (mcnasvc.exe) 1.0.178.0, as used by multiple ...)
	NOT-FOR-US: McAfee
CVE-2006-5416 (Cross-site scripting (XSS) vulnerability in my.acctab.php3 in F5 ...)
	NOT-FOR-US: F5
CVE-2006-5415 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: News Defilante Horizontale
CVE-2006-5414 (Barry Nauta BRIM before 1.2.1 allows remote authenticated users to ...)
	NOT-FOR-US: Barry Nauta BRIM
CVE-2006-5413 (Multiple PHP remote file inclusion vulnerabilities in SuperMod 3.0.0 ...)
	NOT-FOR-US: SuperMod for YABB (YaBBSM)
CVE-2006-5412 (admin.php in PHP Outburst Easynews 4.4.1 and earlier, when ...)
	NOT-FOR-US: PHP Outburst Easynews
CVE-2006-5411 (Unrestricted file upload vulnerability in upload.php for Free Web ...)
	NOT-FOR-US: Free Web Publishing System (FreeWPS)
CVE-2006-5410 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: BoonEx Dolphin
CVE-2006-5409 (Multiple SQL injection vulnerabilities in the wireless IDS management ...)
	NOT-FOR-US: Highwall Enterprise and Highwall Endpoint
CVE-2006-5408 (Multiple cross-site scripting (XSS) vulnerabilities in the wireless ...)
	NOT-FOR-US: Highwall Enterprise and Highwall Endpoint
CVE-2006-5407 (PHP remote file inclusion vulnerability in open_form.php in osTicket ...)
	NOT-FOR-US: osTicket
CVE-2006-5406 (Passgo Defender 5.2 creates the application directory with insecure ...)
	NOT-FOR-US: Passgo Defender
CVE-2006-5405 (Unspecified vulnerability in Toshiba Bluetooth wireless device driver ...)
	NOT-FOR-US: Toshiba Bluetooth wireless device driver
CVE-2006-5404 (Unspecified vulnerability in an ActiveX control used in Symantec ...)
	NOT-FOR-US: Symantec
CVE-2006-5403 (Stack-based buffer overflow in an ActiveX control used in Symantec ...)
	NOT-FOR-US: Symantec
CVE-2006-5402 (Multiple PHP remote file inclusion vulnerabilities in PHPmybibli 3.0.1 ...)
	NOT-FOR-US: PHPMyBibli
CVE-2006-5401 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: AROUNDMe
CVE-2006-5400 (PHP remote file inclusion vulnerability in forum/track.php in ...)
	NOT-FOR-US: CyberBrau
CVE-2006-5399 (PHP remote file inclusion vulnerability in classes/Import_MM.class.php ...)
	NOT-FOR-US: PHPRecipeBook
CVE-2006-5398 (SQL injection vulnerability in comments.php in Simplog 0.9.3.1 allows ...)
	NOT-FOR-US: Simplog
CVE-2006-5397 (The Xinput module (modules/im/ximcp/imLcIm.c) in X.Org libX11 1.0.2 ...)
	- libx11 2:1.0.3-3 (low; bug #398460)
CVE-2006-5396 (The tcp_fuse_rcv_drain function in the Sun Solaris 10 kernel before ...)
	NOT-FOR-US: Sun Solaris
CVE-2006-5395 (Buffer overflow in Microsoft Class Package Export Tool (aka ...)
	NOT-FOR-US: Microsoft
CVE-2006-5394 (The default configuration of Cisco Secure Desktop (CSD) has an ...)
	NOT-FOR-US: Cisco
CVE-2006-5393 (Cisco Secure Desktop (CSD) does not require that the ...)
	NOT-FOR-US: Cisco
CVE-2006-5392 (Multiple PHP remote file inclusion vulnerabilities in OpenDock ...)
	NOT-FOR-US: OpenDock FullCore
CVE-2006-5391 (Xfire 1.64 and earlier allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Xfire
CVE-2006-5390 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: ACP User Registration (MMW) module for phpBB
CVE-2006-5389 (tools/tellhim.php in PHP-Wyana allows remote attackers to obtain ...)
	NOT-FOR-US: PHP-Wyana
CVE-2006-5388 (SQL injection vulnerability in index.php in WebSPELL 4.01.01 and ...)
	NOT-FOR-US: WebSPELL
CVE-2006-5387 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: PlusXL phpBB module
CVE-2006-5386 (PHP remote file inclusion vulnerability in process.php in NuralStorm ...)
	NOT-FOR-US: NuralStorm Webmail
CVE-2006-5385 (PHP remote file inclusion vulnerability in admin/admin_spam.php in the ...)
	NOT-FOR-US: SpamOborona phpBB module
CVE-2006-5384 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: CDS Agenda
CVE-2006-5383 (SQL injection vulnerability in comadd.php in Def-Blog 1.0.1 and ...)
	NOT-FOR-US: Def-Blog
CVE-2006-5382 (3Com Switch SS3 4400 switches, firmware 5.11, 6.00 and 6.10 and ...)
	NOT-FOR-US: 3Com
CVE-2003-1307 (** DISPUTED ** ...)
	NOTE: More of an apache flaw than a php flaw. And just one more reason
	NOTE: why you have lost as soon as an attacker can execute arbitrary
	NOTE: php scripts.
	NOTE: http://www.securityfocus.com/bid/9302
	NOTE: Probably an unfixable design flaw. But if you can execute a malicious
	NOTE: program, you can do $BADSTUFF anyway.
	- apache <unfixed> (unimportant)
	- apache2 <unfixed> (unimportant)
CVE-2006-XXXX [unspecified steam cache vulnerability]
	- steam 2.2.31-1
	[sarge] - steam <not-affected> (Sarge version doesn't implement caching)
CVE-2006-5381 (Contenido CMS stores sensitive data under the web root with ...)
	NOT-FOR-US: Contenido CMS
CVE-2006-5380 (** DISPUTED ** ...)
	NOT-FOR-US: Contenido CMS
CVE-2006-5379 (The accelerated rendering functionality of NVIDIA Binary Graphics ...)
	- nvidia-graphics-drivers 1.0.8776-1 (bug #393573)
	[sarge] - nvidia-graphics-drivers <not-affected> (1.0.7174 not affected)
	NOTE: see http://nvidia.custhelp.com/cgi-bin/nvidia.cfg/php/enduser/std_adp.php?p_faqid=1971
CVE-2006-5378 (Unspecified vulnerability in JD Edwards HTML Server in JD Edwards ...)
	NOT-FOR-US: EnterpriseOne
CVE-2006-5377 (Unspecified vulnerability in PeopleSoft component in Oracle PeopleSoft ...)
	NOT-FOR-US: PeopleSoft
CVE-2006-5376 (Multiple unspecified vulnerabilities in PeopleTools component in ...)
	NOT-FOR-US: PeopleSoft
CVE-2006-5375 (Multiple unspecified vulnerabilities in PeopleTools component in ...)
	NOT-FOR-US: PeopleSoft
CVE-2006-5374 (Unspecified vulnerability in Oracle Pharmaceutical Applications 4.5.1 ...)
	NOT-FOR-US: Oracle
CVE-2006-5373 (Unspecified vulnerability in Oracle Install Base component in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2006-5372 (Multiple unspecified vulnerabilities in Oracle E-Business Suite ...)
	NOT-FOR-US: Oracle
CVE-2006-5371 (Unspecified vulnerability in Oracle Email Center component in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2006-5370 (Multiple unspecified vulnerabilities in Oracle E-Business Suite ...)
	NOT-FOR-US: Oracle
CVE-2006-5369 (Unspecified vulnerability in Oracle Application Object Library in ...)
	NOT-FOR-US: Oracle
CVE-2006-5368 (Unspecified vulnerability in Oracle Exchange component in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2006-5367 (Multiple unspecified vulnerabilities in Oracle E-Business Suite 11.5.7 ...)
	NOT-FOR-US: Oracle
CVE-2006-5366 (Multiple unspecified vulnerabilities in Oracle Collaboration Suite ...)
	NOT-FOR-US: Oracle
CVE-2006-5365 (Unspecified vulnerability in Oracle Forms in Oracle Application Server ...)
	NOT-FOR-US: Oracle
CVE-2006-5364 (Unspecified vulnerability in Oracle Containers for J2EE component in ...)
	NOT-FOR-US: Oracle
CVE-2006-5363 (Unspecified vulnerability in Oracle Single Sign-On component in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2006-5362 (Unspecified vulnerability in Oracle Containers for J2EE component in ...)
	NOT-FOR-US: Oracle
CVE-2006-5361 (Unspecified vulnerability in Oracle Containers for J2EE in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2006-5360 (Unspecified vulnerability in Oracle Forms component in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2006-5359 (Multiple unspecified vulnerabilities in Oracle Reports Developer ...)
	NOT-FOR-US: Oracle
CVE-2006-5358 (Unspecified vulnerability in Oracle Forms component in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2006-5357 (Unspecified vulnerability in Oracle HTTP Server component in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2006-5356 (Unspecified vulnerability in Oracle Containers for J2EE component in ...)
	NOT-FOR-US: Oracle
CVE-2006-5355 (Unspecified vulnerability in Oracle Single Sign-On component in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2006-5354 (Unspecified vulnerability in Oracle HTTP Server 9.2.0.7 and 10.1.0.5, ...)
	NOT-FOR-US: Oracle
CVE-2006-5353 (Unspecified vulnerability in Oracle HTTP Server component in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2006-5352 (Multiple unspecified vulnerabilities in Oracle Application Express 1.5 ...)
	NOT-FOR-US: Oracle
CVE-2006-5351 (Multiple unspecified vulnerabilities in Oracle Application Express ...)
	NOT-FOR-US: Oracle
CVE-2006-5350 (Unspecified vulnerability in Oracle HTTP Server 9.2.0.7 and Oracle ...)
	NOT-FOR-US: Oracle
CVE-2006-5349 (Unspecified vulnerability in Oracle HTTP Server 9.2.0.7, when running ...)
	NOT-FOR-US: Oracle
CVE-2006-5348 (Unspecified vulnerability in Oracle HTTP Server 9.2.0.7, Oracle ...)
	NOT-FOR-US: Oracle
CVE-2006-5347 (Unspecified vulnerability in Oracle HTTP Server 9.2.0.7 and Oracle ...)
	NOT-FOR-US: Oracle
CVE-2006-5346 (Unspecified vulnerability in Oracle HTTP Server 9.2.0.7, as used in ...)
	NOT-FOR-US: Oracle
CVE-2006-5345 (Unspecified vulnerability in Oracle Spatial component in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2006-5344 (Multiple unspecified vulnerabilities in Oracle Spatial component in ...)
	NOT-FOR-US: Oracle
CVE-2006-5343 (Unspecified vulnerability in Database Scheduler component in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2006-5342 (Unspecified vulnerability in Oracle Spatial component in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2006-5341 (Multiple unspecified vulnerabilities in XMLDB component in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2006-5340 (Multiple unspecified vulnerabilities in Oracle Spatial component in ...)
	NOT-FOR-US: Oracle
CVE-2006-5339 (Unspecified vulnerability in Oracle Spatial component in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2006-5338 (Unspecified vulnerability in the Core RDBMS component in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2006-5337 (Unspecified vulnerability in the Core RDBMS component in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2006-5336 (Multiple unspecified vulnerabilities in the Change Data Capture (CDC) ...)
	NOT-FOR-US: Oracle
CVE-2006-5335 (Multiple unspecified vulnerabilities in Oracle Database 10.1.0.5 and ...)
	NOT-FOR-US: Oracle
CVE-2006-5334 (Unspecified vulnerability in Oracle Spatial component in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2006-5333 (Unspecified vulnerability in Oracle Spatial component in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2006-5332 (Unspecified vulnerability in xdb.dbms_xdbz in the XMLDB component for ...)
	NOT-FOR-US: Oracle
CVE-2006-5331
	RESERVED
CVE-2006-5330 (CRLF injection vulnerability in Adobe Flash Player plugin 9.0.16 and ...)
	- flashplugin-nonfree 9.0.31.0.1 (bug #402822; medium)
	NOTE: It is not clear if this is already fix in 9.0.21.78.X (previous version)
	NOTE: or not but it's fix in 9.0.31.0.1 for sure.
	[sarge] - flashplugin-nonfree <no-dsa> (Contrib not supported, only installer package)
	[etch] - flashplugin-nonfree <no-dsa> (Contrib not supported, only installer package)
CVE-2006-5329
	RESERVED
CVE-2006-5328 (OpenBase SQL 10.0 and earlier, as used in Apple Xcode 2.2 2.2 and ...)
	NOT-FOR-US: OpenBase SQL
CVE-2006-5327 (Untrusted search path vulnerability in OpenBase SQL 10.0 and earlier, ...)
	NOT-FOR-US: OpenBase SQL
CVE-2006-5326 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: Prillian French module for phpBB
CVE-2006-5325 (Multiple PHP remote file inclusion vulnerabilities in Dimitri Seitz ...)
	NOT-FOR-US: dwingmods for phpBB
CVE-2006-5324 (The Web Services Notification (WSN) security component of IBM ...)
	NOT-FOR-US: IBM WebSphere
CVE-2006-5323 (Unspecified vulnerability in IBM WebSphere Application Server before ...)
	NOT-FOR-US: IBM WebSphere
CVE-2006-5322 (Multiple SQL injection vulnerabilities in phplist before 2.10.3 allow ...)
	NOT-FOR-US: phplist
CVE-2006-5321 (Multiple cross-site scripting (XSS) vulnerabilities in phplist before ...)
	NOT-FOR-US: phplist
CVE-2006-5320 (Directory traversal vulnerability in getimg.php in Album Photo Sans ...)
	NOT-FOR-US: Album Photo Sans Nom
CVE-2006-5319 (Directory traversal vulnerability in redir.php in Foafgen 0.3 allows ...)
	NOT-FOR-US: Foafgen
CVE-2006-5318 (PHP remote file inclusion vulnerability in index.php in Nayco JASmine ...)
	NOT-FOR-US: Nayco JASmine
CVE-2006-5317 (PHP remote file inclusion vulnerability in index.php in eboli allows ...)
	NOT-FOR-US: eboli
CVE-2006-5316 (registroTL stores sensitive information under the web root with ...)
	NOT-FOR-US: registroTL
CVE-2006-5315 (PHP remote file inclusion vulnerability in main.php in registroTL ...)
	NOT-FOR-US: registroTL
CVE-2006-5314 (PHP remote file inclusion vulnerability in ftag.php in TribunaLibre ...)
	NOT-FOR-US: TribunaLibre
CVE-2006-5313 (Hastymail 1.5 and earlier before 20061008 allows remote authenticated ...)
	NOT-FOR-US: Hastymail
CVE-2006-5312 (PHP remote file inclusion vulnerability in shoutbox.php in the Ajax ...)
	NOT-FOR-US: Ajax Shoutbox
CVE-2006-5311 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: Buzlas
CVE-2006-5310 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: phpMyConferences
CVE-2006-5309 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: Prillian French module for phpBB
CVE-2006-5308 (Multiple PHP remote file inclusion vulnerabilities in Open Conference ...)
	NOT-FOR-US: Open Conference Systems
CVE-2006-5307 (Multiple PHP remote file inclusion vulnerabilities in AFGB GUESTBOOK ...)
	NOT-FOR-US: AFGB GUESTBOOK
CVE-2006-5306 (Multiple PHP remote file inclusion vulnerabilities in the Journals ...)
	NOT-FOR-US: Journals System module for phpBB
CVE-2006-5305 (PHP remote file inclusion vulnerability in lat2cyr.php in the lat2cyr ...)
	NOT-FOR-US: lat2cyr
CVE-2006-5304 (PHP remote file inclusion vulnerability in inc/settings.php in IncCMS ...)
	NOT-FOR-US: IncCMS Core
CVE-2006-5303 (Secure Computing SafeWord RemoteAccess 2.1 allows local users to ...)
	NOT-FOR-US: Secure Computing SafeWord RemoteAccess
CVE-2006-5302 (Multiple PHP remote file inclusion vulnerabilities in Redaction System ...)
	NOT-FOR-US: Redaction System
CVE-2006-5301 (PHP remote file inclusion vulnerability in includes/antispam.php in ...)
	NOT-FOR-US: SpamBlockerMODv module for phpBB
CVE-2006-5300 (Unspecified vulnerability in HP Version Control Agent before 2.1.5 ...)
	NOT-FOR-US: HP
CVE-2006-5299 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...)
	NOT-FOR-US: Gcontact
CVE-2006-5298 (The mutt_adv_mktemp function in the Mutt mail client 1.5.12 and ...)
	- mutt 1.5.13-1.1 (bug #396104; low)
	[sarge] - mutt <no-dsa> (Minor issue, tmp dirs on NFS cause problems in many scenarios)
CVE-2006-5297 (Race condition in the safe_open function in the Mutt mail client ...)
	- mutt 1.5.13-1.1 (bug #396104; low)
	[sarge] - mutt <no-dsa> (Minor issue, tmp dirs on NFS cause problems in many scenarios)
CVE-2006-5296 (PowerPoint in Microsoft Office 2003 does not properly handle a ...)
	NOT-FOR-US: Microsoft
CVE-2006-5294 (Cross-site scripting (XSS) vulnerability in index.php in phplist ...)
	NOT-FOR-US: phplist
CVE-2006-5293 (Cross-site scripting (XSS) vulnerability in index.php in ...)
	NOT-FOR-US: PhpOutsourcing Noah's Classifieds
CVE-2006-5292 (PHP remote file inclusion vulnerability in photo_comment.php in ...)
	NOT-FOR-US: Exhibit Engine
CVE-2006-5291 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: Download-Engine
CVE-2006-5290 (The ESS/ Network Controller and MicroServer Web Server components of ...)
	NOT-FOR-US: Xerox WorkCentre
CVE-2006-5289 (Multiple PHP remote file inclusion vulnerabilities in Vtiger CRM 4.2 ...)
	NOT-FOR-US: Vtiger CRM
CVE-2006-5288 (Cisco 2700 Series Wireless Location Appliances before 2.1.34.0 have a ...)
	NOT-FOR-US: Cisco
CVE-2006-5287 (Multiple SQL injection vulnerabilities in sign.php in Xeobook 0.93 ...)
	NOT-FOR-US: Xeobook
CVE-2006-5286 (Unspecified vulnerability in IKE.NLM in Novell BorderManager 3.8 ...)
	NOT-FOR-US: Novell BorderManager
CVE-2006-5285 (SQL injection vulnerability in index.php in XeoPort 0.81, and possibly ...)
	NOT-FOR-US: XeoPort
CVE-2006-5284 (PHP remote file inclusion vulnerability in auth/phpbb.inc.php in Shen ...)
	NOT-FOR-US: PHP News Reader (aka pnews)
CVE-2006-5283 (PHP remote file inclusion vulnerability in ftag.php in Minichat 6.0 ...)
	NOT-FOR-US: Minichat
CVE-2006-5282 (Multiple PHP remote file inclusion vulnerabilities in SH-News 3.1 and ...)
	NOT-FOR-US: SH-News
CVE-2006-5281 (PHP remote file inclusion vulnerability in naboard_pnr.php in n@board ...)
	NOT-FOR-US: n@board
CVE-2006-5280 (PHP remote file inclusion vulnerability in includes/import-archive.php ...)
	NOT-FOR-US: communityPortals
CVE-2006-5279
	RESERVED
CVE-2006-5278 (Integer overflow in the Real-Time Information Server (RIS) Data ...)
	NOT-FOR-US: Cisco
CVE-2006-5277 (Off-by-one error in the Certificate Trust List (CTL) Provider service ...)
	NOT-FOR-US: Cisco
CVE-2006-5276 (Stack-based buffer overflow in the DCE/RPC preprocessor in Snort ...)
	- snort <not-affected> (snort versions 2.3.x do not contain the DCE RPC preprocessor)
CVE-2006-5275
	RESERVED
CVE-2006-5274 (Integer overflow in McAfee ePolicy Orchestrator 3.5 through 3.6.1, ...)
	NOT-FOR-US: McAfee
CVE-2006-5273 (Heap-based buffer overflow in McAfee ePolicy Orchestrator 3.5 through ...)
	NOT-FOR-US: McAfee
CVE-2006-5272 (Stack-based buffer overflow in McAfee ePolicy Orchestrator 3.5 through ...)
	NOT-FOR-US: McAfee
CVE-2006-5271 (Integer underflow in McAfee ePolicy Orchestrator 3.5 through 3.6.1, ...)
	NOT-FOR-US: McAfee
CVE-2006-5270 (Integer overflow in the Microsoft Malware Protection Engine ...)
	NOT-FOR-US: Microsoft
CVE-2006-5269 (Heap-based buffer overflow in an unspecified procedure in Trend Micro ...)
	NOT-FOR-US: Trend Micro
CVE-2006-5268 (Unspecified vulnerability in Trend Micro ServerProtect 5.7 and 5.58 ...)
	NOT-FOR-US: Trend Micro
CVE-2006-5267
	RESERVED
CVE-2006-5266 (Multiple buffer overflows in Microsoft Dynamics GP (formerly Great ...)
	NOT-FOR-US: Microsoft issue
CVE-2006-5265 (Unspecified vulnerability in Microsoft Dynamics GP (formerly Great ...)
	NOT-FOR-US: Microsoft issue
CVE-2006-5264 (Cross-site scripting (XSS) vulnerability in sql.php in MysqlDumper ...)
	NOT-FOR-US: MysqlDumper
CVE-2006-5263 (Directory traversal vulnerability in templates/header.php3 in ...)
	NOT-FOR-US: phpMyAgenda
CVE-2006-5262 (CRLF injection vulnerability in lib/session.php in Hastymail 1.5 and ...)
	NOT-FOR-US: Hastymail
CVE-2006-5261 (Multiple PHP remote file inclusion vulnerabilities in PHPMyNews 1.4 ...)
	NOT-FOR-US: PHPMyNews
CVE-2006-5260 (PHP remote file inclusion vulnerability in compteur.php in Compteur 2 ...)
	NOT-FOR-US: Compteur 2
CVE-2006-5259 (PHP remote file inclusion vulnerability in param_editor.php in ...)
	NOT-FOR-US: Compteur 2
CVE-2006-5258 (The spell checking component of (1) Asbru Web Content Management ...)
	NOT-FOR-US: Asbru Web Content Management
CVE-2006-5257 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: Ciamos Content Management System
CVE-2006-5256 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: Claroline
CVE-2006-5255 (** DISPUTED ** ...)
	NOT-FOR-US: gCards
CVE-2006-5254 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: Detailed User Registration (com_registration_detailed), aka regdetailed
CVE-2006-5253 (PHP remote file inclusion vulnerability in strload.php in Dayana ...)
	NOT-FOR-US: phpOnline (aka PHP-Online)
CVE-2006-5252 (PHP remote file inclusion vulnerability in includes/core.lib.php in ...)
	NOT-FOR-US: Webmedia Explorer
CVE-2006-5251 (PHP remote file inclusion vulnerability in index.php in Deep CMS 2.0a ...)
	NOT-FOR-US: Deep CMS
CVE-2006-5250 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: BlueShoes
CVE-2006-5249 (PHP remote file inclusion vulnerability in tagmin/delTagUser.php in ...)
	NOT-FOR-US: TagIt! Tagboard
CVE-2006-5248 (Eazy Cart stores sensitive information under the web root with ...)
	NOT-FOR-US: Eazy Cart
CVE-2006-5247 (Multiple cross-site scripting (XSS) vulnerabilities in Eazy Cart allow ...)
	NOT-FOR-US: Eazy Cart
CVE-2006-5246 (Eazy Cart allows remote attackers to change prices and other critical ...)
	NOT-FOR-US: Eazy Cart
CVE-2006-5245 (Eazy Cart allows remote attackers to bypass authentication and gain ...)
	NOT-FOR-US: Eazy Cart
CVE-2006-5244 (Multilple PHP remote file inclusion vulnerabilities in OpenDock Easy ...)
	NOT-FOR-US: Easy Blog
CVE-2006-5243 (Multiple PHP remote file inclusion vulnerabilities in OpenDock Easy ...)
	NOT-FOR-US: Easy Blog
CVE-2006-5242 (SQL injection vulnerability in Etomite Content Management System (CMS) ...)
	NOT-FOR-US: Etomite Content Management System
CVE-2006-5241 (Multiple PHP remote file inclusion vulnerabilities in OpenDock Easy ...)
	NOT-FOR-US: Easy Gallery
CVE-2006-5240 (PHP remote file inclusion vulnerability in engine/require.php in ...)
	NOT-FOR-US: Docmint
CVE-2006-5239 (Multiple cross-site scripting (XSS) vulnerabilities in eXpBlog 0.3.5 ...)
	NOT-FOR-US: eXpBlog
CVE-2006-5238 (Unspecified vulnerability in the file upload module in Blue Smiley ...)
	NOT-FOR-US: Blue Smiley Organizer
CVE-2006-5237 (SQL injection vulnerability in Blue Smiley Organizer before 4.46 ...)
	NOT-FOR-US: Blue Smiley Organizer
CVE-2006-5236 (SQL injection vulnerability in search.php in 4images 1.7.x allows ...)
	NOT-FOR-US: 4images
CVE-2006-5235 (PHP remote file inclusion vulnerability in includes/functions_kb.php ...)
	NOT-FOR-US: Dimension of phpBB
CVE-2006-5234 (** DISPUTED ** ...)
	NOT-FOR-US: phpWebSite
CVE-2006-5233 (Polycom SoundPoint IP 301 VoIP Desktop Phone, firmware version ...)
	NOT-FOR-US: Polycom SoundPoint IP 301 VoIP Desktop Phone
CVE-2006-5232 (** DISPUTED ** ...)
	NOT-FOR-US: iSearch
CVE-2006-5231 (Grandstream GXP-2000 VoIP Desktop Phone, firmware version 1.1.0.5, ...)
	NOT-FOR-US: Grandstream GXP-2000 VoIP Desktop Phone
CVE-2006-5230 (PHP remote file inclusion vulnerability in forum.php in FreeForum ...)
	NOT-FOR-US: FreeForum
CVE-2006-5295 (Unspecified vulnerability in ClamAV before 0.88.5 allows remote ...)
	{DSA-1196-1}
	- clamav 0.88.5-1 (high; bug #393445)
CVE-2006-5229 (OpenSSH portable 4.1 on SUSE Linux, and possibly other platforms and ...)
	NOTE: This issues depends on the stack of selected authentication modules, while
	NOTE: some are resilient against such timing attacks, some aren't
	NOTE: This is inside responsibility of an admin
CVE-2006-5228 (Multiple SQL injection vulnerabilities in the Google Gadget login.php ...)
	NOT-FOR-US: ackerTodo
CVE-2006-5227 (Cross-site scripting (XSS) vulnerability in admin.php in TorrentFlux ...)
	- torrentflux 2.1-4 (bug #392501; low)
CVE-2006-5226 (PHP remote file inclusion vulnerability in moteur/moteur.php in ...)
	NOT-FOR-US: Freenews
CVE-2006-5225 (Multiple SQL injection vulnerabilities in AAIportal before 1.4.0 allow ...)
	NOT-FOR-US: AAIportal
CVE-2006-5224 (PHP remote file inclusion vulnerability in includes/logger_engine.php ...)
	NOT-FOR-US: Security Suite IP Logger in dwingmods for phpBB
CVE-2006-5223 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: User Viewed Posts Tracker module for phpBB
CVE-2006-5222 (Multiple PHP remote file inclusion vulnerabilities in Dimension of ...)
	NOT-FOR-US: Dimension of phpBB
CVE-2006-5221 (Multiple SQL injection vulnerabilities in Cahier de texte 2.0 allow ...)
	NOT-FOR-US: Cahier de textes
CVE-2006-5220 (Multiple PHP remote file inclusion vulnerabilities in WebYep 1.1.9, ...)
	NOT-FOR-US: WebYep
CVE-2006-5219 (SQL injection vulnerability in blog/index.php in the blog module in ...)
	- moodle 1.6.2+20060930-1 (medium; bug #390294)
	[sarge] - moodle <not-affected> (Vulnerable code not present)
CVE-2006-5218 (Integer overflow in the systrace_preprepl function (STRIOCREPLACE) in ...)
	NOT-FOR-US: systrace in OpenBSD and NetBSD
CVE-2006-5217 (SQL injection vulnerability in giris_yap.asp in Emek Portal 2.1 allows ...)
	NOT-FOR-US: Emek Portal
CVE-2006-5216 (Stack-based buffer overflow in Sergey Lyubka Simple HTTPD (shttpd) ...)
	NOT-FOR-US: Simple HTTPD
CVE-2006-5215 (The Xsession script, as used by X Display Manager (xdm) in NetBSD ...)
	- xdm 1:1.0.5-1 (low)
	[sarge] - xfree86 <no-dsa> (Minor issue)
	NOTE: probably fixed earlier than 1:1.0.5
CVE-2006-5214 (Race condition in the Xsession script, as used by X Display Manager ...)
	- xdm 1:1.0.5-1 (low)
	- xorg 1:7.1.0-13 (low)
	[sarge] - xfree86 <no-dsa> (Minor issue)
	NOTE: probably fixed earlier than 1:1.0.5
CVE-2006-5213 (Sun Solaris 10 before 20061006 uses &quot;incorrect and insufficient ...)
	NOT-FOR-US: Solaris
CVE-2006-5212 (Trend Micro OfficeScan 6.0 in Client/Server/Messaging (CSM) Suite for ...)
	NOT-FOR-US: Trend Micro OfficeScan
CVE-2006-5211 (Trend Micro OfficeScan 6.0 in Client/Server/Messaging (CSM) Suite for ...)
	NOT-FOR-US: Trend Micro OfficeScan
CVE-2006-5210 (Directory traversal vulnerability in IronWebMail before 6.1.1 ...)
	NOT-FOR-US: IronWebMail
CVE-2006-5209 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: Admin Topic Action Logging Mod for phpBB
CVE-2006-5208 (Multiple SQL injection vulnerabilities in PHP Classifieds 7.1 allow ...)
	NOT-FOR-US: PHP Classifieds
CVE-2006-5207 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: phpMyTeam
CVE-2006-5206 (SQL injection vulnerability in Invision Gallery 2.0.7 allows remote ...)
	NOT-FOR-US: Invision Gallery
CVE-2006-5205 (Directory traversal vulnerability in Invision Gallery 2.0.7 allows ...)
	NOT-FOR-US: Invision Gallery
CVE-2006-5204 (Cross-site scripting (XSS) vulnerability in action_admin/member.php in ...)
	NOT-FOR-US: Invision Power Board (IPB)
CVE-2006-5203 (Invision Power Board (IPB) 2.1.7 and earlier allows remote restricted ...)
	NOT-FOR-US: Invision Power Board (IPB)
CVE-2006-5202 (Linksys WRT54g firmware 1.00.9 does not require credentials when ...)
	NOT-FOR-US: Linksys
CVE-2006-5201 (Multiple packages on Sun Solaris, including (1) NSS; (2) Java JDK and ...)
	- sun-java5 1.5.0-10-1 (bug #393042)
	NOTE: this is similar to CVE-2006-4339
CVE-2006-5200 (Unspecified vulnerability in Adobe Breeze 5 Licensed Server and Breeze ...)
	NOT-FOR-US: Adobe
CVE-2006-5199 (Adobe Contribute Publishing Server leaks the administrator password in ...)
	NOT-FOR-US: Adobe
CVE-2006-5198 (The WZFILEVIEW.FileViewCtrl.61 ActiveX control (aka Sky Software ...)
	NOT-FOR-US: WinZip
CVE-2006-5197 (PDshopPro stores sensitive information under the web root with ...)
	NOT-FOR-US: PDshopPro
CVE-2006-5196 (The HTTP interface in the Motorola SURFboard SB4200 Cable Modem allows ...)
	NOT-FOR-US: Motorola SURFboard
CVE-2006-5195 (Multiple cross-site scripting (XSS) vulnerabilities in Wheatblog 1.0 ...)
	NOT-FOR-US: Wheatblog
CVE-2006-5194 (Cross-site scripting (XSS) vulnerability in index.php in net2ftp 0.93 ...)
	NOT-FOR-US: net2ftp
CVE-2006-5193 (PHP remote file inclusion vulnerability in index.php in Josh Schmidt ...)
	NOT-FOR-US: WikyBlog
CVE-2006-5192 (PHP remote file inclusion vulnerability in includes/footer.php in ...)
	NOT-FOR-US: phpGreetz
CVE-2006-5191 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: Nivisec Static Topics module for phpBB
CVE-2006-5190 (Multiple cross-site scripting (XSS) vulnerabilities in osCommerce 2.2 ...)
	NOT-FOR-US: osCommerce
CVE-2006-5189 (PHP remote file inclusion vulnerability in funzioni/lib/show_hlp.php ...)
	NOT-FOR-US: klinza professional cms
CVE-2006-5188 (Directory traversal vulnerability in download.php in webGENEius GOOP ...)
	NOT-FOR-US: webGENEius GOOP Gallery
CVE-2006-5187 (PHP remote file inclusion vulnerability in includes/functions.php in ...)
	NOT-FOR-US: Bulletin Board Ace (BBaCE)
CVE-2006-5186 (PHP remote file inclusion vulnerability in functions.php in ...)
	NOT-FOR-US: phpMyProfiler
CVE-2006-5185 (Eval injection vulnerability in Template.php in HAMweather 3.9.8.4 and ...)
	NOT-FOR-US: HAMweather
CVE-2006-5184 (SQL injection vulnerability in PKR Internet Taskjitsu before 2.0.6 ...)
	NOT-FOR-US: PKR Internet Taskjitsu
CVE-2006-5183 (Multiple PHP remote file inclusion vulnerabilities in Dayfox Designs ...)
	NOT-FOR-US: Dayfox Blog
CVE-2006-5182 (PHP remote file inclusion vulnerability in frontpage.php in Dan Jensen ...)
	NOT-FOR-US: Travelsized CMS
CVE-2006-5181 (Multiple PHP remote file inclusion vulnerabilities in Joshua Muheim ...)
	NOT-FOR-US: phpMyWebmin
CVE-2006-5180 (PHP remote file inclusion vulnerability in include/main.inc.php in ...)
	NOT-FOR-US: Newswriter SW
CVE-2006-5179 (Intoto iGateway VPN and iGateway SSL-VPN allow context-dependent ...)
	NOT-FOR-US: Intoto iGateway
CVE-2006-5178 (Race condition in the symlink function in PHP 5.1.6 and earlier allows ...)
	- php5 <unfixed> (bug #391281; unimportant)
	- php4 4:4.4.4-1 (bug #391282; unimportant)
	NOTE: open_basedir is not supported
CVE-2006-5177 (The NTLM authentication in MailEnable Professional 2.0 and Enterprise ...)
	NOT-FOR-US: MailEnable Professional
CVE-2006-5176 (Buffer overflow in NTLM authentication in MailEnable Professional 2.0 ...)
	NOT-FOR-US: MailEnable Professional
CVE-2006-5175 (Cross-site request forgery (CSRF) vulnerability in the administrative ...)
	NOT-FOR-US: TeraStation HD-HTGL
CVE-2006-5174 (The copy_from_user function in the uaccess code in Linux kernel 2.6 ...)
	{DSA-1237 DSA-1233}
	- linux-2.6 2.6.18-5
	NOTE: s390 only, fix in 2.6.18-3 was reverted in 2.6.18-4
CVE-2006-5173 (Linux kernel does not properly save or restore EFLAGS during a context ...)
	- linux-2.6 2.6.18-1
CVE-2006-5172 (Stack-based buffer overflow in the RPC interface in Mediasvr.exe in ...)
	NOT-FOR-US: Computer Associates (CA) Brightstor
CVE-2006-5171 (Stack-based buffer overflow in the RPC interface in Mediasvr.exe in ...)
	NOT-FOR-US: Computer Associates (CA) Brightstor
CVE-2006-5170 (pam_ldap in nss_ldap on Red Hat Enterprise Linux 4, Fedora Core 3 and ...)
	{DSA-1203-1}
	- libpam-ldap 180-1.2 (bug #392984; medium)
CVE-2006-5169 (Cross-site scripting (XSS) vulnerability in John Himmelman (aka ...)
	NOT-FOR-US: PowerPortal
CVE-2006-5168 (Cross-site scripting (XSS) vulnerability in the search functionality ...)
	NOT-FOR-US: Pebble
CVE-2005-4813 (Unspecified vulnerability in Report Application Server ...)
	NOT-FOR-US: Business Objects Crystal Reports
CVE-2003-1306 (Microsoft URLScan 2.5, with the RemoveServerHeader option enabled, ...)
	NOT-FOR-US: Microsoft
CVE-2006-XXXX [zabbix format string vulnerabilities]
	- zabbix 1:1.1.2-4 (bug #391388)
CVE-2006-XXXX [zabbix buffer overflows]
	- zabbix 1:1.1.2-4 (bug #391388)
CVE-2006-5167 (Multiple PHP remote file inclusion vulnerabilities in BasiliX 1.1.1 ...)
	NOT-FOR-US: BasiliX
CVE-2006-5166 (PHP remote file inclusion vulnerability in functions.php in PHP Web ...)
	NOT-FOR-US: PHP Web Scripts Easy Banner Free
CVE-2006-5165 (PHP remote file inclusion vulnerability in inc/functions.inc.php in ...)
	NOT-FOR-US: Skrypty PPA Gallery
CVE-2006-5164 (Multiple cross-site scripting (XSS) vulnerabilities in cart.php in Sum ...)
	NOT-FOR-US: digiSHOP
CVE-2006-5163 (IBM Informix Dynamic Server 10.UC3RC1 Trial for Linux and possibly ...)
	NOT-FOR-US: IBM
CVE-2006-5162 (wininet.dll in Microsoft Internet Explorer 6.0 SP2 and earlier allows ...)
	NOT-FOR-US: Microsoft
CVE-2006-5161 (IBM Client Security Password Manager stores and distributes saved ...)
	NOT-FOR-US: IBM
CVE-2006-5160 (** DISPUTED ** ...)
	- firefox <not-affected> (no real issues)
CVE-2006-5159 (** DISPUTED ** ...)
	NOT-FOR-US: Bogus Firefox issue
CVE-2006-5158 (The nlmclnt_mark_reclaim in clntlock.c in NFS lockd in Linux kernel ...)
	- linux-2.6 2.6.15
CVE-2006-5157 (Format string vulnerability in the ActiveX control (ATXCONSOLE.OCX) in ...)
	NOT-FOR-US: TrendMicro OfficeScan
CVE-2006-5156 (Buffer overflow in McAfee ePolicy Orchestrator before 3.5.0.720 and ...)
	NOT-FOR-US: McAfee
CVE-2006-5155 (PHP remote file inclusion vulnerability in core/pdf.php in VideoDB ...)
	NOT-FOR-US: VideoDB
CVE-2006-5154 (PHP remote file inclusion vulnerability in cp/sig.php in DeluxeBB 1.09 ...)
	NOT-FOR-US: DeluxeBB
CVE-2006-5153 (The (1) fwdrv.sys and (2) khips.sys drivers in Sunbelt Kerio Personal ...)
	NOT-FOR-US: Kerio Personal Firewall
CVE-2006-5152 (Cross-site scripting (XSS) vulnerability in Microsoft Internet ...)
	NOT-FOR-US: Microsoft
CVE-2006-5151 (Unspecified vulnerability in HP Ignite-UX server before C.6.9.150 for ...)
	NOT-FOR-US: HP
CVE-2006-5150 (SQL injection vulnerability in the reports system in OpenBiblio before ...)
	NOT-FOR-US: OpenBiblio
CVE-2006-5149 (Multiple directory traversal vulnerabilities in OpenBiblio before ...)
	NOT-FOR-US: OpenBiblio
CVE-2006-5148 (Multiple PHP remote file inclusion vulnerabilities in Forum82 2.5.2b ...)
	NOT-FOR-US: Forum82
CVE-2006-5147 (PHP remote file inclusion vulnerability in wamp_dir/setup/yesno.phtml ...)
	NOT-FOR-US: VAMP Webmail
CVE-2006-5146 (Multiple cross-site scripting (XSS) vulnerabilities in Yblog allow ...)
	NOT-FOR-US: Yblog
CVE-2006-5145 (Multiple SQL injection vulnerabilities in OlateDownload 3.4.0 allow ...)
	NOT-FOR-US: OlateDownload
CVE-2006-5144 (Cross-site scripting (XSS) vulnerability in userupload.php in ...)
	NOT-FOR-US: OlateDownload
CVE-2006-5143 (Multiple buffer overflows in CA BrightStor ARCserve Backup r11.5 SP1 ...)
	NOT-FOR-US: Backup Agent RPC Server
CVE-2006-5142 (Stack-based buffer overflow in CA BrightStor ARCserve Backup R11.5 ...)
	NOT-FOR-US: CA BrightStor ARCserver Backup
CVE-2006-5141 (PHP remote file inclusion vulnerability in script.php in Kevin A. ...)
	NOT-FOR-US: Open Geo Targeting (aka geotarget)
CVE-2006-5140 (SQL injection vulnerability in display.php in Lappy512 PHP Krazy Image ...)
	NOT-FOR-US: Image Host Script (phpkimagehost)
CVE-2006-5139 (Unspecified vulnerability in MkPortal allows remote attackers to ...)
	NOT-FOR-US: MkPortal
CVE-2006-5138 (Groupee UBB.threads 6.5.1.1 allows remote attackers to obtain ...)
	NOT-FOR-US: Groupee UBB.threads
CVE-2006-5137 (Multiple direct static code injection vulnerabilities in Groupee ...)
	NOT-FOR-US: Groupee UBB.threads
CVE-2006-5136 (Multiple PHP remote file inclusion vulnerabilities in ubbt.inc.php in ...)
	NOT-FOR-US: Groupee UBB.threads
CVE-2006-5135 (Multiple PHP remote file inclusion vulnerabilities in A-Blog 2 allow ...)
	NOT-FOR-US: A-Blog
CVE-2006-5134 (Mercury SiteScope 8.2 (8.1.2.0) allows remote authenticated users to ...)
	NOT-FOR-US: Mercury SiteScope
CVE-2006-5133 (Buffer overflow in GuildFTPd 0.999.13 allows remote attackers to have ...)
	NOT-FOR-US: GuildFTPd
CVE-2006-5132 (Multiple PHP remote file inclusion vulnerabilities in phpMyAgenda 3.0 ...)
	NOT-FOR-US: phpMyAgenda
CVE-2006-5131 (module/shout/jafshout.php (aka the shoutbox) in ph03y3nk just another ...)
	NOT-FOR-US: just another flat file (JAF) CMS
CVE-2006-5130 (Multiple cross-site scripting (XSS) vulnerabilities in ph03y3nk just ...)
	NOT-FOR-US: ust another flat file (JAF) CMS
CVE-2006-5129 (Multiple cross-site scripting (XSS) vulnerabilities in ph03y3nk just ...)
	NOT-FOR-US: ust another flat file (JAF) CMS
CVE-2006-5128 (SQL injection vulnerability in index.php in Bartels Schoene ConPresso ...)
	NOT-FOR-US: ConPresso
CVE-2006-5127 (Multiple cross-site scripting (XSS) vulnerabilities in Bartels Schoene ...)
	NOT-FOR-US: ConPresso
CVE-2006-5126 (PHP remote file inclusion vulnerability in index.php in John Himmelman ...)
	NOT-FOR-US: PowerPortal
CVE-2006-5125 (Directory traversal vulnerability in window.php, possibly used by ...)
	NOT-FOR-US: phpMyWebmin
CVE-2006-5124 (Multiple PHP remote file inclusion vulnerabilities in Joshua Muheim ...)
	NOT-FOR-US: phpMyWebmin
CVE-2006-5123 (Multiple PHP remote file inclusion vulnerabilities in Albrecht ...)
	NOT-FOR-US: PHProjekt
CVE-2006-5122 (Multiple cross-site scripting (XSS) vulnerabilities in Mercury ...)
	NOT-FOR-US: SiteScope
CVE-2006-5121 (SQL injection vulnerability in modules/Downloads/admin.php in the ...)
	NOT-FOR-US: PostNuke
CVE-2006-5120 (Multiple cross-site scripting (XSS) vulnerabilities in Scott Metoyer ...)
	NOT-FOR-US: Red Mombin
CVE-2006-5119 (Multiple cross-site scripting (XSS) vulnerabilities in Zen Cart 1.3.5 ...)
	NOT-FOR-US: Zen Cart
CVE-2006-5118 (PHP remote file inclusion vulnerability in index.php3 in the PDD ...)
	NOT-FOR-US: PHPSelect Web Development Division
CVE-2006-5117 (phpMyAdmin before 2.9.1-rc1 has a libraries directory under the web ...)
	- phpmyadmin 4:2.9.0.2-0.1 (bug #391090; unimportant)
	NOTE: Only path disclosure
CVE-2006-5116 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...)
	{DSA-1207-1}
	- phpmyadmin 4:2.9.0.2-0.1 (bug #391090; bug #400553; low)
	[sarge] - phpmyadmin <not-affected> (Vulnerable code not present)
CVE-2006-5115 (Directory traversal vulnerability in kgcall.php in KGB 1.87 allows ...)
	NOT-FOR-US: KGB
CVE-2006-5114 (Multiple cross-site scripting (XSS) vulnerabilities in wgate in SAP ...)
	NOT-FOR-US: SAP
CVE-2006-5113 (Directory traversal vulnerability in common.php in Yuuki Yoshizawa ...)
	NOT-FOR-US: Exporia
CVE-2006-5112 (Buffer overflow in InterVations NaviCOPA Web Server 2.01 allows remote ...)
	NOT-FOR-US: NaviCOPA Web Server
CVE-2006-5111 (The libksba library 0.9.12 and possibly other versions, as used by ...)
	- libksba 0.9.14-1 (low; bug #391278)
	[sarge] - libksba <no-dsa> (Minor issue)
CVE-2006-5110 (Cross-site scripting (XSS) vulnerability in home.php in PHP Invoice ...)
	NOT-FOR-US: PHP Invoice
CVE-2006-5109 (Devellion CubeCart 2.0.x allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: CubeCart
CVE-2006-5108 (Multiple cross-site scripting (XSS) vulnerabilities in Devellion ...)
	NOT-FOR-US: CubeCart
CVE-2006-5107 (Multiple SQL injection vulnerabilities in Devellion CubeCart 2.0.x ...)
	NOT-FOR-US: CubeCart
CVE-2006-5106 (Cross-site scripting (XSS) vulnerability in FacileForms before 1.4.7 ...)
	NOT-FOR-US: FacileForms for Mambo and Joomla!
CVE-2006-5105 (Multiple PHP remote file inclusion vulnerabilities in SyntaxCMS 1.1.1 ...)
	NOT-FOR-US: SyntaxCMS
CVE-2006-5104 (SQL injection vulnerability in global.php in Jelsoft vBulletin 2.x ...)
	NOT-FOR-US: vBulletin
CVE-2006-5103 (PHP remote file inclusion vulnerability in admin/index2.php in bbsNew ...)
	NOT-FOR-US: bbsNew
CVE-2006-5102 (PHP remote file inclusion vulnerability in include/editfunc.inc.php in ...)
	NOT-FOR-US: Newswriter SW
CVE-2006-5101 (PHP remote file inclusion vulnerability in include.php in Comdev CSV ...)
	NOT-FOR-US: Comdev CSV Importer
CVE-2006-5100 (PHP remote file inclusion vulnerability in parse/parser.php in ...)
	NOT-FOR-US: WEB//NEWS (aka webnews)
CVE-2006-5099 (lib/exec/fetch.php in DokuWiki before 2006-03-09e, when ...)
	- dokuwiki 0.0.20060309-5.2 (bug #391291; medium)
CVE-2006-5098 (lib/exec/fetch.php in DokuWiki before 2006-03-09e allows remote ...)
	- dokuwiki 0.0.20060309-5.2 (bug #391291; medium)
CVE-2006-5097 (** DISPUTED ** ...)
	NOT-FOR-US: net2ftp
CVE-2006-5096 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...)
	NOT-FOR-US: VirtueMart
CVE-2006-5095 (** DISPUTED ** ...)
	NOT-FOR-US: MyPhotos
CVE-2006-5094 (PHP remote file inclusion vulnerability in includes/functions_kb.php ...)
	NOT-FOR-US: phpBB XS
CVE-2006-5093 (PHP remote file inclusion vulnerability in index.php in Tagmin Control ...)
	NOT-FOR-US: TagIt! Tagboard
CVE-2006-5092 (PHP remote file inclusion vulnerability in navigation/menu.php in ...)
	NOT-FOR-US: A-Blog
CVE-2006-5091 (Unspecified vulnerability in HP-UX B.11.11 and B.11.23 CIFS Server ...)
	NOT-FOR-US: HP-UX Samba
CVE-2006-5090 (Multiple cross-site scripting (XSS) vulnerabilities in Phoenix ...)
	NOT-FOR-US: Phoenix Evolution CMS (PECMS)
CVE-2006-5089 (** DISPUTED ** ...)
	NOT-FOR-US: My-BIC
CVE-2006-5088 (PHP remote file inclusion vulnerability in connected_users.lib.php3 in ...)
	NOT-FOR-US: phpMyChat
CVE-2006-5087 (Multiple PHP remote file inclusion vulnerabilities in evoBB 0.3 and ...)
	NOT-FOR-US: evoBB
CVE-2006-5086 (Blog Pixel Motion 2.1.1 allows remote attackers to change the username ...)
	NOT-FOR-US: Blog Pixel Motion
CVE-2006-5085 (Static code injection vulnerability in config.php in Blog Pixel Motion ...)
	NOT-FOR-US: Blog Pixel Motion
CVE-2006-5084 (Format string vulnerability in the NSRunAlertPanel function in eBay ...)
	NOT-FOR-US: Skype
CVE-2006-5083 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: Integrated MODs (IM) Portal
CVE-2006-5082 (Unspecified vulnerability in Sugar Suite Open Source (SugarCRM) before ...)
	NOT-FOR-US: Sugar Suite Open Source (SugarCRM)
CVE-2006-5081 (PHP remote file inclusion vulnerability in acc.php in QuickBlogger ...)
	NOT-FOR-US: QuickBlogger
CVE-2006-5080 (Cross-site scripting (XSS) vulnerability in the search function in Six ...)
	NOT-FOR-US: Movable Type
CVE-2006-5079 (PHP remote file inclusion vulnerability in class.mysql.php in Matt ...)
	NOT-FOR-US: paBugs
CVE-2006-5078 (PHP remote file inclusion vulnerability in view/general.php in ...)
	NOT-FOR-US: Polaring
CVE-2006-5077 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: Minerva
CVE-2006-5076 (Multiple PHP remote file inclusion vulnerabilities in OpenConcept ...)
	NOT-FOR-US: OpenConcept Back-End
CVE-2006-5075 (The Kernel SSL Proxy service (svc:/network/ssl/proxy) in Sun Solaris ...)
	NOT-FOR-US: Solaris
CVE-2006-5074 (Cross-site scripting (XSS) vulnerability in home.php in PHP Invoice ...)
	NOT-FOR-US: PHP Invoice
CVE-2006-5073 (Unspecified vulnerability in Sun Solaris 8, 9 and 10 allows remote ...)
	NOT-FOR-US: Solaris
CVE-2006-5072 (The System.CodeDom.Compiler classes in Novell Mono create temporary ...)
	- mono 1.1.17.1-5
CVE-2006-5071 (Multiple cross-site scripting (XSS) vulnerabilities in eyeOS before ...)
	NOT-FOR-US: eyeOS
CVE-2006-5070 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: faceStones Personal
CVE-2006-5069 (Cross-site scripting (XSS) vulnerability in class.tx_indexedsearch.php ...)
	- typo3-src <not-affected> (only versions 4.0.0+4.0.1 affected)
CVE-2006-5068 (PHP remote file inclusion vulnerability in admin/index.php in ...)
	NOT-FOR-US: BrudaNews
CVE-2006-5067 (** DISPUTED ** ...)
	NOT-FOR-US: PHP System Administration Toolkit (PHPSaTK)
CVE-2006-5066 (Multiple cross-site scripting (XSS) vulnerabilities in DanPHPSupport ...)
	NOT-FOR-US: DanPHPSupport
CVE-2006-5065 (PHP remote file inclusion vulnerability in libs/dbmax/mysql.php in ...)
	NOT-FOR-US: ZoomStats
CVE-2006-5064 (Multiple cross-site scripting (XSS) vulnerabilities in BirdBlog 1.4 ...)
	NOT-FOR-US: BirdBlog
CVE-2006-5063 (Cross-site scripting (XSS) vulnerability in Elog 2.6.1 allows remote ...)
	{DSA-1242-1}
	- elog 2.6.2+r1719-1 (bug #389361)
CVE-2006-5062 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: PBLang (PBL)
CVE-2006-5061 (PHP remote file inclusion vulnerability in mcf.php in ...)
	NOT-FOR-US: Advanced-Clan-Script (AVCX)
CVE-2006-5060 (Cross-site scripting (XSS) vulnerability in login.php in Jamroom ...)
	NOT-FOR-US: Jamroom
CVE-2006-5059 (Multiple cross-site scripting (XSS) vulnerabilities in WWWthreads ...)
	NOT-FOR-US: WWWthreads
CVE-2006-5058 (Buffer overflow in (1) Call of Duty 1.5b and earlier, (2) Call of Duty ...)
	NOT-FOR-US: Call of Duty
CVE-2006-5057 (Multiple cross-site scripting (XSS) vulnerabilities in Ktools.net ...)
	NOT-FOR-US: PhotoStore
CVE-2006-5056 (Cross-site scripting (XSS) vulnerability in index.php in Opial ...)
	NOT-FOR-US: Opial Audio/Video Download Management
CVE-2006-5055 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: syntaxCMS
CVE-2006-5054 (SQL injection vulnerability in uye/uye_ayrinti.asp in iyzi Forum 1 ...)
	NOT-FOR-US: iyzi Forum
CVE-2006-5053 (PHP remote file inclusion vulnerability in webnews/template.php in ...)
	NOT-FOR-US: Web-News
CVE-2006-5052 (Unspecified vulnerability in portable OpenSSH before 4.4, when running ...)
	[etch] - openssh <no-dsa> (Minor issue)
	- openssh 1:4.6p1-1 (low)
CVE-2006-5051 (Signal handler race condition in OpenSSH before 4.4 allows remote ...)
	{DSA-1638-1 DSA-1212 DSA-1189-1}
	- openssh 1:4.6p1-1 (low)
	- openssh-krb5 <removed> (high)
	NOTE: From my analysis only openssh with Kerberos support should be vulnerable
	NOTE: However, we'll fix openssh as well just to make sure
CVE-2006-5050 (Directory traversal vulnerability in httpd in Rob Landley BusyBox ...)
	- busybox <not-affected> (bug #390555; irreproducible)
	[sarge] - busybox <not-affected> (Vulnerable code not present)
CVE-2006-5049 (Unspecified vulnerability in Classifieds (com_classifieds) component ...)
	NOT-FOR-US: Classifieds (com_classifieds) component for Joomla!
CVE-2006-5048 (Multiple PHP remote file inclusion vulnerabilities in Security Images ...)
	NOT-FOR-US: Security Images (com_securityimages) component for Joomla!
CVE-2006-5047 (Unspecified vulnerability in rsgallery2.html.php in RS Gallery2 ...)
	NOT-FOR-US: RS Gallery2 component for Joomla! (com_rsgallery2)
CVE-2006-5046 (Unspecified vulnerability in RS Gallery2 (com_rsgallery2) 1.11.3 and ...)
	NOT-FOR-US: RS Gallery2 component for Joomla! (com_rsgallery2)
CVE-2006-5045 (Unspecified vulnerability in PollXT component (com_pollxt) 1.22.07 and ...)
	NOT-FOR-US: PollXT component (com_pollxt) for Joomla!
CVE-2006-5044 (Unspecified vulnerability in Prince Clan (Princeclan) Chess component ...)
	NOT-FOR-US: Prince Clan (Princeclan) Chess componen (com_pcchess) for Mambo and Joomla!
CVE-2006-5043 (Multiple PHP remote file inclusion vulnerabilities in the Joomlaboard ...)
	NOT-FOR-US: JoomlaBoard (com_joomlaboard) for Joomla!
CVE-2006-5042 (Unspecified vulnerability in mosMedia (com_mosmedia) 1.0.8 and earlier ...)
	NOT-FOR-US: mosMedia (com_mosmedia) for Joomla!
CVE-2006-5041 (Unspecified vulnerability in Hot Properties (possibly ...)
	NOT-FOR-US: Hot Properties (possibly com_hotproperties) for Joomla!
CVE-2006-5040 (Unspecified vulnerability in SEF404x (com_sef) for Joomla! has ...)
	NOT-FOR-US: SEF404x (com_sef) for Joomla!
CVE-2006-5039 (Unspecified vulnerability in Events 1.3 beta module (com_events) for ...)
	NOT-FOR-US: Events 1.3 beta module (com_events) for Joomla!
CVE-2006-5038 (The FiWin SS28S WiFi VoIP SIP/Skype Phone, firmware version 01_02_07, ...)
	NOT-FOR-US: FiWin
CVE-2006-5037 (** DISPUTED ** ...)
	NOT-FOR-US: MySource Matrix
CVE-2006-5036 (** DISPUTED ** ...)
	NOT-FOR-US: MySource Matrix
CVE-2006-5035 (Multiple cross-site scripting (XSS) vulnerabilities in Paul Smith ...)
	NOT-FOR-US: vCAP
CVE-2006-5034 (Directory traversal vulnerability in Paul Smith Computer Services vCAP ...)
	NOT-FOR-US: vCAP
CVE-2006-5033 (Unspecified vulnerability in StoresAndCalendarsList.cgi in Paul Smith ...)
	NOT-FOR-US: vCAP
CVE-2006-5032 (PHP remote file inclusion vulnerability in dix.php3 in PHPartenaire ...)
	NOT-FOR-US: PHPartenaire
CVE-2006-5031 (Directory traversal vulnerability in app/webroot/js/vendors.php in ...)
	NOT-FOR-US: CakePHP
CVE-2006-5030 (SQL injection vulnerability in modules/messages/index.php in exV2 ...)
	NOT-FOR-US: exV2
CVE-2006-5029 (SQL injection vulnerability in thread.php in WoltLab Burning Board ...)
	NOT-FOR-US: WoltLab Burning Board (wBB)
CVE-2006-5028 (Directory traversal vulnerability in filemanager/filemanager.php in ...)
	NOT-FOR-US: Plesk
CVE-2006-5027 (Jeroen Vennegoor JevonCMS, possibly pre alpha, allows remote attackers ...)
	NOT-FOR-US: JevonCMS
CVE-2006-5026 (Multiple unspecified vulnerabilities in Paisterist Simple HTTP Scanner ...)
	NOT-FOR-US: Paisterist Simple HTTP Scanner (sHTTPScanner)
CVE-2006-5025 (Multiple unspecified vulnerabilities in Paisterist Simple HTTP Scanner ...)
	NOT-FOR-US: Paisterist Simple HTTP Scanner (sHTTPScanner)
CVE-2006-5024 (Multiple unspecified vulnerabilities in Paisterist Simple HTTP Scanner ...)
	NOT-FOR-US: Paisterist Simple HTTP Scanner (sHTTPScanner)
CVE-2006-5023 (SQL injection vulnerability in kategori.asp in xweblog 2.1 and earlier ...)
	NOT-FOR-US: xweblog
CVE-2006-5022 (PHP remote file inclusion vulnerability in includes/global.php in ...)
	NOT-FOR-US: pNews System 1.1.0 (aka PowerNews)
CVE-2006-5021 (Multiple PHP remote file inclusion vulnerabilities in redgun RedBLoG ...)
	NOT-FOR-US: RedBLoG
CVE-2006-5020 (Multiple PHP remote file inclusion vulnerabilities in SolidState 0.4 ...)
	NOT-FOR-US: SolidState
CVE-2006-5019 (Google Mini 4.4.102.M.36 and earlier allows remote attackers to obtain ...)
	NOT-FOR-US: Google Mini
CVE-2006-5018 (ContentKeeper 123.25 and earlier places passwords in cleartext in an ...)
	NOT-FOR-US: ContentKeeper
CVE-2006-5017 (SQL injection vulnerability in admin/all_users.php in Szava Gyula and ...)
	NOT-FOR-US: e-Vision CMS
CVE-2006-5016 (Unrestricted file upload vulnerability in admin/x_image.php in Szava ...)
	NOT-FOR-US: e-Vision CMS
CVE-2006-5015 (PHP remote file inclusion vulnerability in hit.php in Kietu 3.2 allows ...)
	NOT-FOR-US: Kietu
CVE-2006-5014 (Unspecified vulnerability in cPanel before 10.9.0 12 Tree allows ...)
	NOT-FOR-US: cPanel
CVE-2006-5013 (Sun Solaris 10 before patch 118855-16 (20060925), when run on x64 ...)
	NOT-FOR-US: Solaris
CVE-2006-5012 (Unspecified vulnerability in Sun Solaris 8, 9, and 10 before 20060925 ...)
	NOT-FOR-US: Solaris
CVE-2006-5011 (Untrusted search path vulnerability in snappd in IBM AIX 5.2.0 and ...)
	NOT-FOR-US: AIX
CVE-2006-5010 (Untrusted search path vulnerability in acctctl in IBM AIX 5.3.0 allows ...)
	NOT-FOR-US: AIX
CVE-2006-5009 (Unspecified vulnerability in xlock in IBM AIX 5.2.0 and 5.3.0 allows ...)
	NOT-FOR-US: AIX
CVE-2006-5008 (Unspecified vulnerability in utape in IBM AIX 5.2.0 and 5.3.0 allows ...)
	NOT-FOR-US: AIX
CVE-2006-5007 (Untrusted search path vulnerability in uucp in IBM AIX 5.2.0 and 5.3.0 ...)
	NOT-FOR-US: AIX
CVE-2006-5006 (Buffer overflow in cfgmgr in IBM AIX 5.2.0 and 5.3.0 allows local ...)
	NOT-FOR-US: AIX
CVE-2006-5005 (Unspecified vulnerability in bos.net.tcp.client in IBM AIX 5.2.0 and ...)
	NOT-FOR-US: AIX
CVE-2006-5004 (Unspecified vulnerability in the rdist command in IBM AIX 5.2.0 and ...)
	NOT-FOR-US: AIX
CVE-2006-5003 (Unspecified vulnerability in the named8 command in IBM AIX 5.2.0 and ...)
	NOT-FOR-US: AIX
CVE-2006-5002 (Unspecified vulnerability in IBM Inventory Scout for AIX 2.2.0.0 ...)
	NOT-FOR-US: AIX
CVE-2006-5001 (Unspecified vulnerability in the log analyzer in WS_FTP Server 5.05 ...)
	NOT-FOR-US: WS_FTP
CVE-2006-5000 (Multiple buffer overflows in WS_FTP Server 5.05 before Hotfix 1, and ...)
	NOT-FOR-US: WS_FTP
CVE-2006-4999
	RESERVED
CVE-2006-4998
	RESERVED
CVE-2006-4997 (The clip_mkip function in net/atm/clip.c of the ATM subsystem in Linux ...)
	{DSA-1237 DSA-1233}
	- linux-2.6 2.6.18-1
CVE-2006-4996 (Unspecified vulnerability in JoomlaLib (com_joomlalib) before 1.2.2 ...)
	NOT-FOR-US: JoomlaLib (com_joomlalib) for Joomla!
CVE-2006-4995 (PHP remote file inclusion vulnerability in BSQ Sitestats ...)
	NOT-FOR-US: BSQ Sitestats for Joomla!
CVE-2006-4994 (Multiple unquoted Windows search path vulnerabilities in Apache ...)
	NOT-FOR-US: XAMPP
CVE-2006-4993 (Multiple PHP remote file inclusion vulnerabilities in AllMyGuests ...)
	NOT-FOR-US: AllMyGuests
CVE-2006-4992 (Multiple PHP remote file inclusion vulnerabilities in JD-WordPress for ...)
	NOT-FOR-US: JD-WordPress for Joomla!
CVE-2006-4991 (RSA Keon Certificate Authority (KeonCA) Manager 6.5.1 and 6.6 allows ...)
	NOT-FOR-US: RSA Keon Certificate Authority (KeonCA) Manager
CVE-2006-4990 (Multiple PHP remote file inclusion vulnerabilities in PhotoPost allow ...)
	NOT-FOR-US: PhotoPost
CVE-2006-4989 (Patrick Michaelis Wili-CMS allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: Wili-CMS
CVE-2006-4988 (Multiple cross-site scripting (XSS) vulnerabilities in Patrick ...)
	NOT-FOR-US: Wili-CMS
CVE-2006-4987 (Multiple PHP remote file inclusion vulnerabilities in Patrick ...)
	NOT-FOR-US: Wili-CMS
CVE-2006-4986 (Grayscale BandSite CMS allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: BandSite CMS
CVE-2006-4985 (Multiple cross-site scripting (XSS) vulnerabilities in Grayscale ...)
	NOT-FOR-US: BandSite CMS
CVE-2006-4984 (Multiple PHP remote file inclusion vulnerabilities in Grayscale ...)
	NOT-FOR-US: BandSite CMS
CVE-2006-4983 (Cisco NAC allows quarantined devices to communicate over the network ...)
	NOT-FOR-US: Cisco
CVE-2006-4982 (Cisco NAC maintains an exception list that does not record device ...)
	NOT-FOR-US: Cisco
CVE-2006-4981 (Symantec Sygate NAC allows physically proximate attackers to bypass ...)
	NOT-FOR-US: Symantec
CVE-2006-4980 (Buffer overflow in the repr function in Python 2.3 through 2.6 before ...)
	{DSA-1198-1 DSA-1197-1}
	- python2.5 2.5-1 (bug #391589)
	- python2.4 2.4.3-9 (bug #391589)
	- python2.3 2.3.5-16 (bug #393053)
	- python2.2 <not-affected> (Compiled without UCS-4 support)
CVE-2006-4979 (Direct static code injection vulnerability in cfgphpquiz/install.php ...)
	NOT-FOR-US: PhpQuiz
CVE-2006-4978 (Multiple SQL injection vulnerabilities in Walter Beschmout PhpQuiz 1.2 ...)
	NOT-FOR-US: PhpQuiz
CVE-2006-4977 (Multiple unrestricted file upload vulnerabilities in (1) ...)
	NOT-FOR-US: PhpQuiz
CVE-2006-4976 (The Date Library in John Lim ADOdb Library for PHP allows remote ...)
	- libphp-adodb <unfixed> (unimportant)
	- gallery2 <unfixed> (unimportant)
	- phppgadmin <unfixed> (unimportant)
	- egroupware <unfixed> (unimportant)
	- phpwiki <unfixed> (unimportant)
	- moodle <unfixed> (unimportant)
	NOTE: full path is known in Debian anyway
CVE-2006-4975 (Yahoo! Messenger for WAP permits saving messages that contain ...)
	NOT-FOR-US: Yahoo! Messenger
CVE-2006-4974 (Buffer overflow in Ipswitch WS_FTP Limited Edition (LE) 5.08 allows ...)
	NOT-FOR-US: WS_FTP
CVE-2006-4973 (Cross-site scripting (XSS) vulnerability in Default.aspx in Perpetual ...)
	NOT-FOR-US: DotNetNuke
CVE-2006-4972 (Cross-site scripting (XSS) vulnerability in ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2006-4971 (MyBB (aka MyBulletinBoard) allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2006-4970 (PHP remote file inclusion vulnerability in enc/content.php in WAHM ...)
	NOT-FOR-US: Pie Cart Pro
CVE-2006-4969 (Multiple PHP remote file inclusion vulnerabilities in WAHM E-Commerce ...)
	NOT-FOR-US: Pie Cart Pro
CVE-2006-4968 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: PNphpBB
	NOTE: code in phpBB is different and not affected
CVE-2006-4967 (Multiple cross-site scripting (XSS) vulnerabilities in NextAge Cart ...)
	NOT-FOR-US: NextAge Cart
CVE-2006-4966 (PHP remote file inclusion vulnerability in inc/ifunctions.php in ...)
	NOT-FOR-US: phpQuestionnaire
CVE-2006-4965 (Apple QuickTime 7.1.3 Player and Plug-In allows remote attackers to ...)
	NOT-FOR-US: Apple
	NOTE: also used for related MFSA-2007-28, but still a QuickTime/Windows only issue
CVE-2006-4964 (Cross-site scripting (XSS) vulnerability in MAXdev MDPro 1.0.76 before ...)
	NOT-FOR-US: MAXdev MDPro
CVE-2006-4963 (Directory traversal vulnerability in index.php in Exponent CMS 0.96.3 ...)
	NOT-FOR-US: Exponent CMS
CVE-2006-4962 (Directory traversal vulnerability in pbd_engine.php in Php Blue Dragon ...)
	NOT-FOR-US: Php Blue Dragon
CVE-2006-4961 (SQL injection vulnerability in the GetModuleConfig function in ...)
	NOT-FOR-US: Php Blue Dragon
CVE-2006-4960 (Cross-site scripting (XSS) vulnerability in index.php Php Blue Dragon ...)
	NOT-FOR-US: Php Blue Dragon
CVE-2006-4959 (Sun Secure Global Desktop (SSGD, aka Tarantella) before 4.3 allows ...)
	NOT-FOR-US: Sun Secure Global Desktop
CVE-2006-4958 (Multiple cross-site scripting (XSS) vulnerabilities in Sun Secure ...)
	NOT-FOR-US: Sun Secure Global Desktop
CVE-2006-4957 (SQL injection vulnerability in the GetMember function in functions.php ...)
	NOT-FOR-US: MyReview
CVE-2006-4956 (Cross-site scripting (XSS) vulnerability in the updateuser servlet in ...)
	NOT-FOR-US: Neon WebMail for Java
CVE-2006-4955 (Directory traversal vulnerability in the downloadfile servlet in Neon ...)
	NOT-FOR-US: Neon WebMail for Java
CVE-2006-4954 (The updateuser servlet in Neon WebMail for Java before 5.08 does not ...)
	NOT-FOR-US: Neon WebMail for Java
CVE-2006-4953 (Multiple SQL injection vulnerabilities in Neon WebMail for Java before ...)
	NOT-FOR-US: Neon WebMail for Java
CVE-2006-4952 (The updatemail servlet in Neon WebMail for Java before 5.08 allows ...)
	NOT-FOR-US: Neon WebMail for Java
CVE-2006-4951 (Neon WebMail for Java before 5.08 allows remote attackers to execute ...)
	NOT-FOR-US: Neon WebMail for Java
CVE-2006-4950 (Cisco IOS 12.2 through 12.4 before 20060920, as used by Cisco IAD2430, ...)
	NOT-FOR-US: Cisco
CVE-2006-4949 (Cross-site scripting (XSS) vulnerability in the Drupal 4.6 Site ...)
	NOT-FOR-US: Profile Directory (profile_pages.module) for Drupal
CVE-2006-4948 (Stack-based buffer overflow in tftpd.exe in ProSysInfo TFTP Server ...)
	NOT-FOR-US: TFTPDWIN
CVE-2006-4947 (Cross-site scripting (XSS) vulnerability in the Drupal 4.7 Search ...)
	NOT-FOR-US: Search Keywords module for Drupal
CVE-2006-4946 (PHP remote file inclusion vulnerability in include/startup.inc.php in ...)
	NOT-FOR-US: CMSDevelopment Business Card Web Builder (BCWB)
CVE-2006-4945 (Multiple PHP remote file inclusion vulnerabilities in Cardway (aka ...)
	NOT-FOR-US: DigitalWebShop
CVE-2006-4944 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: ProgSys
CVE-2006-4943 (course/jumpto.php in Moodle before 1.6.2 does not validate the session ...)
	- moodle 1.6.2-1
	[sarge] - moodle <not-affected> (File not present)
CVE-2006-4942 (Moodle before 1.6.2, when the configuration lacks (1) algebra or (2) ...)
	- moodle 1.6.2-1
CVE-2006-4941 (Multiple cross-site scripting (XSS) vulnerabilities in Moodle before ...)
	- moodle 1.6.2-1
CVE-2006-4940 (login/forgot_password.php in Moodle before 1.6.2 allows remote ...)
	- moodle 1.6.2-1
	[sarge] - moodle <not-affected> (Function not present)
CVE-2006-4939 (backup/backup_scheduled.php in Moodle before 1.6.2 generates trace ...)
	- moodle 1.6.2-1 (unimportant)
	NOTE: Path disclosure
CVE-2006-4938 (help.php in Moodle before 1.6.2 does not check the existence of ...)
	- moodle 1.6.2-1 (unimportant)
	NOTE: Path disclosure
CVE-2006-4937 (lib/setup.php in Moodle before 1.6.2 sets the error reporting level to ...)
	- moodle 1.6.2-1
CVE-2006-4936 (Moodle before 1.6.2 does not properly validate the module instance id ...)
	- moodle 1.6.2-1
CVE-2006-4935 (The Database module in Moodle before 1.6.2 does not properly handle ...)
	- moodle 1.6.2-1
CVE-2006-4934
	RESERVED
CVE-2006-4933
	RESERVED
CVE-2006-4932
	RESERVED
CVE-2006-4931
	RESERVED
CVE-2006-4930
	RESERVED
CVE-2006-4929
	RESERVED
CVE-2006-4928
	RESERVED
CVE-2006-4927 (The (a) NAVENG (NAVENG.SYS) and (b) NAVEX15 (NAVEX15.SYS) device ...)
	NOT-FOR-US: Symantec AntiVirus
CVE-2006-4926 (The NDIS-TDI Hooking Engine, as used in the (1) KLICK (KLICK.SYS) and ...)
	NOT-FOR-US: Kaspersky Labs
CVE-2005-4812 (The SISCO OSI stack for Windows, as used by MMS-EASE 7.10 and earlier, ...)
	NOT-FOR-US: SISCO OSI stack for Windows
CVE-2005-4811 (The hugepage code (hugetlb.c) in Linux kernel 2.6, possibly 2.6.12 and ...)
	{DSA-1304}
	- linux-2.6 2.6.14
CVE-2006-4925 (packet.c in ssh in OpenSSH allows remote attackers to cause a denial ...)
	- openssh <unfixed> (unimportant)
	NOTE: That's a non-issue
CVE-2006-4924 (sshd in OpenSSH before 4.4, when using the version 1 SSH protocol, ...)
	{DSA-1212 DSA-1189-1}
	- openssh 1:4.3p2-4 (low; bug #389995)
	- openssh-krb5 <unfixed> (low)
CVE-2006-4923 (Cross-site scripting (XSS) vulnerability in search.php in eSyndiCat ...)
	NOT-FOR-US: eSyndiCat Portal System
CVE-2006-4922 (Unrestricted file upload vulnerability in ...)
	NOT-FOR-US: Site@School
CVE-2006-4921 (PHP remote file inclusion vulnerability in Site@School (S@S) 2.4.03 ...)
	NOT-FOR-US: Site@School
CVE-2006-4920 (Multiple PHP remote file inclusion vulnerabilities in Site@School ...)
	NOT-FOR-US: Site@School
CVE-2006-4919 (Directory traversal vulnerability in ...)
	NOT-FOR-US: Site@School
CVE-2006-4918 (Multiple PHP remote file inclusion vulnerabilities in Simple ...)
	NOT-FOR-US: Simple Discussion Board
CVE-2006-4917 (Cross-site scripting (XSS) vulnerability in search.php in PT News ...)
	NOT-FOR-US: PT News
CVE-2006-4916 (SQL injection vulnerability in uye_profil.asp in Tekman Portal (TR) ...)
	NOT-FOR-US: Tekman Portal
CVE-2006-4915 (Cross-site scripting (XSS) vulnerability in index.php in Innovate ...)
	NOT-FOR-US: Innovate Portal
CVE-2006-4914 (Directory traversal vulnerability in A.l-Pifou 1.8p2 allows remote ...)
	NOT-FOR-US: A.l-Pifou
CVE-2006-4913 (Directory traversal vulnerability in chat/getStartOptions.php in ...)
	NOT-FOR-US: AlstraSoft E-friends
CVE-2006-4912 (PHP remote file inclusion vulnerability in PHP DocWriter 0.3 and ...)
	NOT-FOR-US: PHP DocWriter
CVE-2006-4911 (Unspecified vulnerability in Cisco IPS 5.0 before 5.0(6p2) and 5.1 ...)
	NOT-FOR-US: Cisco
CVE-2006-4910 (The web administration interface (mainApp) to Cisco IDS before ...)
	NOT-FOR-US: Cisco
CVE-2006-4909 (Cross-site scripting (XSS) vulnerability in Cisco Guard DDoS ...)
	NOT-FOR-US: Cisco
CVE-2006-4908 (OSU 3.11alpha and 3.10a allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: OSU
CVE-2006-4907 (OSU 3.11alpha and 3.10a allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: OSU
CVE-2006-4906 (SQL injection vulnerability in modules/calendar/week.php in ...)
	NOT-FOR-US: More.groupware
CVE-2006-4905 (PHP remote file inclusion vulnerability in index.php in Artmedic Links ...)
	NOT-FOR-US: Artmedic Links
CVE-2006-4904 (Dynamic variable evaluation vulnerability in cmpi.php in Qualiteam ...)
	NOT-FOR-US: X-Cart
CVE-2006-4903
	RESERVED
CVE-2006-4902 (The NetBackup bpcd daemon (bpcd.exe) in Symantec Veritas NetBackup 5.0 ...)
	NOT-FOR-US: Symantec Veritas NetBackup
CVE-2006-4901 (Computer Associates (CA) eTrust Security Command Center 1.0 and r8 up ...)
	NOT-FOR-US: CA eTrust
CVE-2006-4900 (Directory traversal vulnerability in Computer Associates (CA) eTrust ...)
	NOT-FOR-US: CA eTrust
CVE-2006-4899 (The ePPIServlet script in Computer Associates (CA) eTrust Security ...)
	NOT-FOR-US: CA eTrust
CVE-2006-4898 (PHP remote file inclusion vulnerability in include/phpxd/phpXD.php in ...)
	NOT-FOR-US: guanxiCRM
CVE-2006-4897 (CMtextS 1.0 and earlier stores users_logins/admin.txt under the web ...)
	NOT-FOR-US: CMtextS
CVE-2006-4896
	REJECTED
CVE-2006-4895 (IDevSpot NexieAffiliate 1.9 and earlier allows remote attackers to ...)
	NOT-FOR-US: IDevSpot NexieAffiliate
CVE-2006-4894 (Cross-site scripting (XSS) vulnerability in forms/lostpassword.php in ...)
	NOT-FOR-US: IDevSpot NexieAffiliate
CVE-2006-4893 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: phpBB XS
CVE-2006-4892 (SQL injection vulnerability in faqview.asp in Techno Dreams FAQ ...)
	NOT-FOR-US: Techno Dreams FAQ
CVE-2006-4891 (SQL injection vulnerability in ArticlesTableview.asp in Techno Dreams ...)
	NOT-FOR-US: Techno Dreams
CVE-2006-4890 (Multiple PHP remote file inclusion vulnerabilities in UNAK-CMS 1.5 and ...)
	NOT-FOR-US: UNAK-CMS
CVE-2006-4889 (Multiple PHP remote file inclusion vulnerabilities in Telekorn ...)
	NOT-FOR-US: Telekorn SignKorn Guestbook
CVE-2006-4888 (Microsoft Internet Explorer 6 and earlier allows remote attackers to ...)
	NOT-FOR-US: Microsoft
CVE-2006-4887 (Apple Remote Desktop (ARD) for Mac OS X 10.2.8 and later does not drop ...)
	NOT-FOR-US: Apple
CVE-2006-4886 (The VirusScan On-Access Scan component in McAfee VirusScan Enterprise ...)
	NOT-FOR-US: McAfee
CVE-2006-4885 (PHP remote file inclusion vulnerability in Shadowed Portal 5.599 and ...)
	NOT-FOR-US: Shadowed Portal
CVE-2006-4884 (Multiple cross-site scripting (XSS) vulnerabilities in IDevSpot ...)
	NOT-FOR-US: IDevSpot iSupport
CVE-2006-4883 (Multiple cross-site scripting (XSS) vulnerabilities in IDevSpot ...)
	NOT-FOR-US: IDevSpot BizDirectory
CVE-2006-4882 (SQL injection vulnerability in Review.asp in Julian Roberts Charon ...)
	NOT-FOR-US: Cart 3
CVE-2006-4881 (Multiple cross-site scripting (XSS) vulnerabilities in David Bennett ...)
	NOT-FOR-US: PHP-Post (PHPp)
CVE-2006-4880 (David Bennett PHP-Post (PHPp) 1.0 and earlier allows remote attackers ...)
	NOT-FOR-US: PHP-Post (PHPp)
CVE-2006-4879 (SQL injection vulnerability in profile.php in David Bennett PHP-Post ...)
	NOT-FOR-US: PHP-Post (PHPp)
CVE-2006-4878 (Directory traversal vulnerability in footer.php in David Bennett ...)
	NOT-FOR-US: PHP-Post (PHPp)
CVE-2006-4877 (Variable overwrite vulnerability in David Bennett PHP-Post (PHPp) 1.0 ...)
	NOT-FOR-US: PHP-Post (PHPp)
CVE-2006-4876 (Multiple SQL injection vulnerabilities in Jupiter CMS allow remote ...)
	NOT-FOR-US: Jupiter CMS
CVE-2006-4875 (Unrestricted file upload vulnerability in ...)
	NOT-FOR-US: Jupiter CMS
CVE-2006-4874 (Multiple cross-site scripting (XSS) vulnerabilities in Jupiter CMS ...)
	NOT-FOR-US: Jupiter CMS
CVE-2006-4873 (Jupiter CMS allows remote attackers to obtain sensitive information ...)
	NOT-FOR-US: Jupiter CMS
CVE-2006-4872 (SQL injection vulnerability in search.asp in Keyvan1 (aka Keyvan ...)
	NOT-FOR-US: ECardPro
CVE-2006-4871 (SQL injection vulnerability in search_run.asp in Keyvan1 (aka Keyvan ...)
	NOT-FOR-US: EShoppingPro
CVE-2006-4870 (Multiple PHP remote file inclusion vulnerabilities in AEDating 4.1, ...)
	NOT-FOR-US: AEDating
CVE-2006-4869 (PHP remote file inclusion vulnerability in phpunity-postcard.php in ...)
	NOT-FOR-US: phpunity.postcard
CVE-2006-4868 (Stack-based buffer overflow in the Vector Graphics Rendering engine ...)
	NOT-FOR-US: Microsoft
CVE-2006-4867 (SQL injection vulnerability in mods.php in GNUTurk 2G and earlier ...)
	NOT-FOR-US: GNUTurk
CVE-2006-4866 (Buffer overflow in kextload in Apple OS X, as used by TDIXSupport in ...)
	NOT-FOR-US: Apple
CVE-2006-4865 (Walter Beschmout PhpQuiz allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: PhpQuiz
CVE-2006-4864 (PHP remote file inclusion vulnerability in index.php in All Enthusiast ...)
	NOT-FOR-US: ReviewPost
CVE-2006-4863 (** DISPUTED ** ...)
	NOT-FOR-US: mcLinksCounter
CVE-2006-4862 (SQL injection vulnerability in default.aspx in easypage allows remote ...)
	NOT-FOR-US: easypage
CVE-2006-4861 (SQL injection vulnerability in loginprocess.asp in Mohammed Mehdi ...)
	NOT-FOR-US: Complain Center
CVE-2006-4860 (Multiple unspecified vulnerabilities in (1) index.php, (2) ...)
	NOT-FOR-US: Limbo
CVE-2006-4859 (Unrestricted file upload vulnerability in contact.html.php in the ...)
	NOT-FOR-US: Limbo
CVE-2006-4858 (PHP remote file inclusion vulnerability in install.serverstat.php in ...)
	NOT-FOR-US: Serverstat (com_serverstat) component for Mambo
CVE-2006-4857 (SQL injection vulnerability in default.asp (aka the login page) in ...)
	NOT-FOR-US: ClickBlog
CVE-2006-4856 (Multiple cross-site scripting (XSS) vulnerabilities in Roller ...)
	NOT-FOR-US: WebLogger
CVE-2006-4855 (The \Device\SymEvent driver in Symantec Norton Personal Firewall 2006 ...)
	NOT-FOR-US: Symantec
CVE-2006-4854
	REJECTED
CVE-2006-4853 (SQL injection vulnerability in kategorix.asp in Haberx 1.02 through ...)
	NOT-FOR-US: Haberx
CVE-2006-4852 (SQL injection vulnerability in browse.asp in QuadComm Q-Shop 3.5 ...)
	NOT-FOR-US: QuadComm Q-Shop
CVE-2006-4851 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: BolinOS
CVE-2006-4850 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: BolinOS
CVE-2006-4849 (PHP remote file inclusion vulnerability in header.php in ...)
	NOT-FOR-US: MobilePublisherPHP
CVE-2006-4848 (** DISPUTED ** ...)
	NOT-FOR-US: Hitweb
CVE-2006-4847 (Multiple buffer overflows in Ipswitch WS_FTP Server 5.05 before Hotfix ...)
	NOT-FOR-US: WS_FTP
CVE-2006-4846 (Unspecified vulnerability in Citrix Access Gateway with Advanced ...)
	NOT-FOR-US: Citrix
CVE-2006-4845 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: TeamCal
CVE-2006-4844 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: Claroline
CVE-2006-4843 (Cross-site scripting (XSS) vulnerability in the Active Content Filter ...)
	NOT-FOR-US: IBM Lotus Domino
CVE-2006-4842 (The Netscape Portable Runtime (NSPR) API 4.6.1 and 4.6.2, as used in ...)
	- xulrunner 1.8.0.9-1 (low; bug #405062)
	[sarge] - mozilla <unfixed> (low)
	[sarge] - mozilla <no-dsa> (Minor issue)
	NOTE: could not find setuid binary in sid, but evolution-data-server has a setgid mail binary
	NOTE: see https://bugzilla.mozilla.org/show_bug.cgi?id=351470
CVE-2006-4841
	RESERVED
CVE-2006-4840
	REJECTED
CVE-2006-4839 (Sophos Anti-Virus 5.1 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Sophos
CVE-2006-4838 (Multiple cross-site scripting (XSS) vulnerabilities in DCP-Portal SE ...)
	NOT-FOR-US: DCP-Portal
CVE-2006-4837 (Multiple PHP remote file inclusion vulnerabilities in DCP-Portal SE ...)
	NOT-FOR-US: DCP-Portal
CVE-2006-4836 (SQL injection vulnerability in login.php in DCP-Portal SE 6.0 allows ...)
	NOT-FOR-US: DCP-Portal
CVE-2006-4835 (Bluview Blue Magic Board (BMB) (aka BMForum) 5.5 allows remote ...)
	NOT-FOR-US: Blue Magic Board (BMB) (aka BMForum)
CVE-2006-4834 (PHP remote file inclusion vulnerability in index.php in Jule Slootbeek ...)
	NOT-FOR-US: phpQuiz
CVE-2006-4833 (Verso NetPerformer FRAD ACT SDM-95xx 7.xx (R1) and earlier, SDM-93xx ...)
	NOT-FOR-US: NetPerformer
CVE-2006-4832 (Buffer overflow in the telnet service in Verso NetPerformer FRAD ACT ...)
	NOT-FOR-US: NetPerformer
CVE-2006-4831 (Unspecified vulnerability in IP over DNS is now easy (iodine) before ...)
	NOT-FOR-US: IP over DNS is now easy (iodine)
CVE-2006-4830 (Directory traversal vulnerability in EditBlogTemplatesPlugin.java in ...)
	NOT-FOR-US: Blojsom
CVE-2006-4829 (Multiple cross-site scripting (XSS) vulnerabilities in David Czarnecki ...)
	NOT-FOR-US: Blojsom
CVE-2006-4828 (PHP remote file inclusion vulnerability in zipndownload.php in ...)
	NOT-FOR-US: PhotoPost
CVE-2006-4827 (Multiple PHP remote file inclusion vulnerabilities in Vmist Downstat ...)
	NOT-FOR-US: Vmist Downstat
CVE-2006-4826 (PHP remote file inclusion vulnerability in bottom.php in Shadowed ...)
	NOT-FOR-US: Shadowed Portal
CVE-2006-4825 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
	NOT-FOR-US: PHP Event Calendar
CVE-2006-4824 (PHP remote file inclusion vulnerability in lib/activeutil.php in ...)
	NOT-FOR-US: Quicksilver Forums (QSF)
CVE-2006-4823 (PHP remote file inclusion vulnerability in scripts/news_page.php in ...)
	NOT-FOR-US: Magic News
CVE-2006-4822 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...)
	NOT-FOR-US: emuCMS
CVE-2006-4821 (Cross-site scripting (XSS) vulnerability in the Drupal 4.7 Userreview ...)
	NOT-FOR-US: Drupal Userreview module
CVE-2006-4820 (Unspecified vulnerability in X.25 on HP-UX B.11.00, B.11.11, and ...)
	NOT-FOR-US: HP-UX
CVE-2006-4819 (Heap-based buffer overflow in Opera 9.0 and 9.01 allows remote ...)
	NOT-FOR-US: Opera
CVE-2006-4818
	RESERVED
CVE-2006-4817
	RESERVED
CVE-2006-4816
	RESERVED
CVE-2006-4815
	RESERVED
CVE-2006-4814 (The mincore function in the Linux kernel before 2.4.33.6 does not ...)
	{DSA-1503-2 DSA-1503-1 DSA-1304}
	- linux-2.6 2.6.18.dfsg.1-9 (low)
	- kernel-patch-openvz 028.18.1
CVE-2006-4813 (The __block_prepare_write function in fs/buffer.c for Linux kernel ...)
	{DSA-1233}
	- linux-2.6 2.6.13-1
CVE-2006-4812 (Integer overflow in PHP 5 up to 5.1.6 and 4 before 4.3.0 allows remote ...)
	- php4 <not-affected>
	- php5 5.1.6-5 (bug #391586)
CVE-2006-4811 (Integer overflow in Qt 3.3 before 3.3.7, 4.1 before 4.1.5, and 4.2 ...)
	{DSA-1200-1}
	- qt-x11-free 3:3.3.7-1 (bug #394192; bug #394313)
	- qt4-x11 4.2.1-1 (bug #394192)
CVE-2006-4810 (Buffer overflow in the readline function in util/texindex.c, as used ...)
	{DSA-1219}
	- texinfo 4.8.dfsg.1-4
CVE-2006-4809 (Stack-based buffer overflow in loader_pnm.c in imlib2 before 1.2.1, ...)
	- imlib2 1.3.0.0debian1-3 (medium; bug #397371)
CVE-2006-4808 (Heap-based buffer overflow in loader_tga.c in imlib2 before 1.2.1, and ...)
	- imlib2 1.3.0.0debian1-3 (medium; bug #397371)
CVE-2006-4807 (loader_tga.c in imlib2 before 1.2.1, and possibly other versions, ...)
	- imlib2 1.3.0.0debian1-3 (medium; bug #397371)
CVE-2006-4806 (Multiple integer overflows in imlib2 allow user-assisted remote ...)
	- imlib2 1.3.0.0debian1-3 (medium; bug #397371)
CVE-2006-4805 (epan/dissectors/packet-xot.c in the XOT dissector (dissect_xot_pdu) in ...)
	{DSA-1201-1}
	- wireshark 0.99.4-1 (bug #396258; medium)
CVE-2006-4804
	RESERVED
CVE-2006-4803 (The Fan-Out Linux and UNIX receiver scripts in Novell Identity Manager ...)
	NOT-FOR-US: Novell Identity Manager
CVE-2006-4802 (Format string vulnerability in the Real Time Virus Scan service in ...)
	NOT-FOR-US: Symantec
CVE-2006-4801 (Race condition in Deja Vu, as used in Roxio Toast Titanium 7 and ...)
	NOT-FOR-US: Roxio Toast
CVE-2006-4800 (Multiple buffer overflows in libavcodec in ffmpeg before ...)
	{DSA-1215}
	- ffmpeg 0.cvs20060329-1
	- xine-lib 1.1.2-1
	- gst-ffmpeg 0.8.7-7 (medium; bug #401304)
	- gstreamer0.10-ffmpeg 0.10.1-3 (medium; bug #401311)
	- mplayer 1.0~rc1-1
	NOTE: according to the changelog, libxine (starting from 1.1.2-4) links dynamically against ffmpeg
CVE-2006-4799 (Buffer overflow in ffmpeg for xine-lib before 1.1.2 might allow ...)
	{DSA-1215}
	- xine-lib 1.1.2-1 (bug #369876; medium)
	TODO: When was ffmpeg fixed?
	NOTE: according to the changelog, libxine (starting from 1.1.2-4) links dynamically against ffmpeg
CVE-2006-4798 (SQL-Ledger before 2.4.4 stores a password in a query string, which ...)
	- sql-ledger 2.4.5-1
CVE-2006-4797 (Cross-site scripting (XSS) vulnerability in tag.php in CloudNine ...)
	NOT-FOR-US: CJ Tag Board
CVE-2006-4796 (Cross-site scripting (XSS) vulnerability in forum.asp in Snitz Forums ...)
	NOT-FOR-US: Snitz Forums
CVE-2006-4795 (Unspecified vulnerability in the Address and Routing Parameter Area ...)
	NOT-FOR-US: HP-UX
CVE-2006-4794 (Multiple cross-site scripting (XSS) vulnerabilities in e107 0.7.5 ...)
	NOT-FOR-US: e107
CVE-2006-4793 (Multiple SQL injection vulnerabilities in icerik.asp in TualBLOG 1.0 ...)
	NOT-FOR-US: TualBLOG
CVE-2004-2665 (Unspecified vulnerability in the Address and Routing Parameter Area ...)
	NOT-FOR-US: HP-UX
CVE-2006-5778 (ftpd in linux-ftpd 0.17, and possibly other versions, performs a chdir ...)
	{DSA-1217}
	- linux-ftpd 0.17-23 (low; bug #384454)
CVE-2006-XXXX [ejabberd HTML code injection]
	- ejabberd 1.1.1-8
CVE-2006-4792
	RESERVED
CVE-2006-4791
	RESERVED
CVE-2006-4789 (Buffer overflow in Open Movie Editor 0.0.20060901 allows local users ...)
	NOT-FOR-US: Open Movie Editor
CVE-2006-4788 (PHP remote file inclusion vulnerability in includes/log.inc.php in ...)
	NOT-FOR-US: SignKorn Guestbook
CVE-2006-4787 (AlphaMail before 1.0.16 allows local users to obtain sensitive ...)
	NOT-FOR-US: AlphaMail
CVE-2006-4786 (Moodle 1.6.1 and earlier allows remote attackers to obtain sensitive ...)
	- moodle 1.6.2-1 (low)
CVE-2006-4785 (SQL injection vulnerability in blog/edit.php in Moodle 1.6.1 and ...)
	- moodle 1.6.2-1 (medium; bug #387177)
CVE-2006-4784 (Multiple cross-site scripting (XSS) vulnerabilities in Moodle 1.6.1 ...)
	- moodle 1.6.2-1 (low)
CVE-2006-4783 (SQL injection vulnerability in squads.php in WebSPELL 4.01.01 and ...)
	NOT-FOR-US: WebSPELL
CVE-2006-4782 (src/index.php in WebSPELL 4.01.01 and earlier, when register_globals ...)
	NOT-FOR-US: WebSPELL
CVE-2006-4781 (Heap-based buffer overflow in FutureSoft TFTP Server Multithreaded ...)
	NOT-FOR-US: FutureSoft TFTP Server
CVE-2006-4780 (PHP remote file inclusion vulnerability in includes/functions.php in ...)
	NOT-FOR-US: phpBB XS
CVE-2006-4779 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: Vitrax Premodded phpBB
CVE-2006-4778 (SQL injection vulnerability in Creative Commons Tools ccHost before ...)
	NOT-FOR-US: Creative Commons Tools ccHost
CVE-2006-4777 (Heap-based buffer overflow in the DirectAnimation Path Control ...)
	NOT-FOR-US: DirectAnimation.PathControl
CVE-2006-4776 (Heap-based buffer overflow in the VLAN Trunking Protocol (VTP) feature ...)
	NOT-FOR-US: Cisco
CVE-2006-4775 (The VLAN Trunking Protocol (VTP) feature in Cisco IOS 12.1(19) and ...)
	NOT-FOR-US: Cisco
CVE-2006-4774 (The VLAN Trunking Protocol (VTP) feature in Cisco IOS 12.1(19) allows ...)
	NOT-FOR-US: Cisco
CVE-2006-4773 (Sun StorEdge 6130 Array Controllers with firmware 06.12.10.11 and ...)
	NOT-FOR-US: Sun StorEdge
CVE-2006-4772 (HotPlug CMS stores sensitive information under the web root with ...)
	NOT-FOR-US: HotPlug CMS
CVE-2006-4771 (Cross-site scripting (XSS) vulnerability in haut.php in ForumJBC 4 ...)
	NOT-FOR-US: ForumJBC
CVE-2006-4770 (PHP remote file inclusion vulnerability in menu.php in MiniPort@l 2.0 ...)
	NOT-FOR-US: MiniPort@l
CVE-2006-4769 (PHP remote file inclusion vulnerability in abf_js.php in p4CMS 1.05 ...)
	NOT-FOR-US: p4CMS
CVE-2006-4768 (Multiple direct static code injection vulnerabilities in add_go.php in ...)
	NOT-FOR-US: Stefan Ernst Newsscript (aka WM-News)
CVE-2006-4767 (Multiple directory traversal vulnerabilities in Stefan Ernst ...)
	NOT-FOR-US: Stefan Ernst Newsscript (aka WM-News)
CVE-2006-4766 (Directory traversal vulnerability in print.php in Stefan Ernst ...)
	NOT-FOR-US: Stefan Ernst Newsscript (aka WM-News)
CVE-2006-4765 (NETGEAR DG834GT Wireless ADSL router running firmware 1.01.28 allows ...)
	NOT-FOR-US: NETGEAR
CVE-2006-4764 (PHP remote file inclusion vulnerability in common.php in Thomas LETE ...)
	NOT-FOR-US: WTools
CVE-2006-4763 (IBM Lotus Domino Web Access (DWA) 7.0.1 does not expire a client's ...)
	NOT-FOR-US: IBM Lotus Domino Web Access
CVE-2006-4762 (Multiple cross-site scripting (XSS) vulnerabilities in Ykoon RssReader ...)
	NOT-FOR-US: Ykoon RssReader
CVE-2006-4761 (Multiple cross-site scripting (XSS) vulnerabilities in Luke Hutteman ...)
	NOT-FOR-US: SharpReader
CVE-2006-4760 (Multiple cross-site scripting (XSS) vulnerabilities in Benjamin Pasero ...)
	NOT-FOR-US: RSSOwl
CVE-2006-4759 (PunBB 1.2.12 does not properly handle an avatar directory pathname ...)
	NOT-FOR-US: PunBB
CVE-2006-4758 (phpBB 2.0.21 does not properly handle pathnames ending in %00, which ...)
	{DSA-1488-1}
	- phpbb2 2.0.21-4 (bug #388120; unimportant)
	NOTE: Only exploitable by admins, which you'd need to trust
CVE-2006-4757 (Multiple SQL injection vulnerabilities in the admin section in e107 ...)
	NOT-FOR-US: e107
CVE-2006-4756 (SQL injection vulnerability in alpha.php in phpMyDirectory 10.4.6 and ...)
	NOT-FOR-US: phpMyDirectory
CVE-2006-4755 (Cross-site scripting (XSS) vulnerability in alpha.php in ...)
	NOT-FOR-US: phpMyDirectory
CVE-2006-4754 (Cross-site scripting (XSS) vulnerability in index.php in PHProg before ...)
	NOT-FOR-US: PHProg
CVE-2006-4753 (Directory traversal vulnerability in index.php in PHProg before 1.1 ...)
	NOT-FOR-US: PHProg
CVE-2006-4752 (Laurentiu Matei eXpandable Home Page (XHP) CMS 0.5.1 allows remote ...)
	NOT-FOR-US: Laurentiu Matei eXpandable Home Page (XHP) CMS
CVE-2006-4751 (Cross-site scripting (XSS) vulnerability in index.php in Laurentiu ...)
	NOT-FOR-US: Laurentiu Matei eXpandable Home Page (XHP) CMS
CVE-2006-4750 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: OPENi-CMS
CVE-2006-4749 (Multiple PHP remote file inclusion vulnerabilities in PHP Advanced ...)
	NOT-FOR-US: PHP Advanced Transfer Manager (phpATM)
CVE-2006-4748 (Multiple SQL injection vulnerabilities in F-ART BLOG:CMS 4.1 allow ...)
	NOT-FOR-US: F-ART BLOG:CMS
CVE-2006-4747 (Multiple cross-site scripting (XSS) vulnerabilities in IdevSpot ...)
	NOT-FOR-US: IdevSpot TextAds
CVE-2006-4746 (PHP remote file inclusion vulnerability in news/include/customize.php ...)
	NOT-FOR-US: Web Server Creator
CVE-2006-4745 (ScaryBear PocketExpense Pro 3.9.1 uses an internally recorded key to ...)
	NOT-FOR-US: ScaryBear PocketExpense Pro
CVE-2006-4744 (Abidia (1) O-Anywhere and (2) Abidia Wireless transmit authentication ...)
	NOT-FOR-US: Abidia (1) O-Anywhere and (2) Abidia Wireless
CVE-2006-4743 (WordPress 2.0.2 through 2.0.5 allows remote attackers to obtain ...)
	- wordpress <unfixed> (unimportant)
	NOTE: path disclosure only
CVE-2006-4742 (Cross-site scripting (XSS) vulnerability in user_add.php in IDevSpot ...)
	NOT-FOR-US: PhpLinkExchange
CVE-2006-4741 (PHP remote file inclusion vulnerability in bits_listings.php in ...)
	NOT-FOR-US: PhpLinkExchange
CVE-2006-4740 (Jetbox CMS allows remote attackers to obtain sensitive information via ...)
	NOT-FOR-US: Jetbox CMS
CVE-2006-4739 (Multiple cross-site scripting (XSS) vulnerabilities in Jetbox CMS ...)
	NOT-FOR-US: Jetbox CMS
CVE-2006-4738 (PHP remote file inclusion vulnerability in phpthumb.php in Jetbox CMS ...)
	NOT-FOR-US: Jetbox CMS
CVE-2006-4737 (SQL injection vulnerability in index.php in Jetbox CMS allows remote ...)
	NOT-FOR-US: Jetbox CMS
CVE-2006-4736 (Multiple SQL injection vulnerabilities in index.php in CMS.R. 5.5 ...)
	NOT-FOR-US: CMS.R
CVE-2006-4735 (Kellan Elliott-McCrea MagpieRSS allows remote attackers to obtain ...)
	- magpierss <unfixed> (unimportant)
	NOTE: path disclosure only
CVE-2006-4734 (Multiple SQL injection vulnerabilities in tiki-g-admin_processes.php ...)
	- tikiwiki 1.9.5+dfsg1-2 (medium; bug #388122)
CVE-2006-4733 (PHP remote file inclusion vulnerability in sipssys/code/box.inc.php in ...)
	NOT-FOR-US: simple, integrated publishing system (SIPS)
CVE-2006-4732 (Unspecified vulnerability in Microsoft Visual Basic (VB) 6 has an ...)
	NOT-FOR-US: Microsoft
CVE-2002-2218 (CRLF injection vulnerability in the setUserValue function in ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1241 (Unspecified vulnerability in Haakon Nilsen simple, integrated ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2006-4731 (Multiple directory traversal vulnerabilities in (1) login.pl and (2) ...)
	{DSA-1239-1}
	- sql-ledger 2.6.19-1
CVE-2006-4730
	RESERVED
CVE-2006-4729
	RESERVED
CVE-2006-4728
	RESERVED
CVE-2006-4727 (Cross-site scripting (XSS) vulnerability in emfadmin/statusView.do in ...)
	NOT-FOR-US: Tumbleweed EMF Administration Module
CVE-2006-4726 (Cross-site scripting (XSS) vulnerability in Adobe ColdFusion MX 6.1 ...)
	NOT-FOR-US: Adobe
CVE-2006-4725 (Adobe ColdFusion MX 7 and 7.01 allows local users to bypass security ...)
	NOT-FOR-US: Adobe
CVE-2006-4724 (Unspecified vulnerability in the ColdFusion Flash Remoting Gateway in Adobe ...)
	NOT-FOR-US: Adobe
CVE-2006-4723 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: RaidenHTTPD
CVE-2006-4722 (PHP remote file inclusion vulnerability in Open Bulletin Board ...)
	NOT-FOR-US: Open Bulletin Board (OpenBB)
CVE-2006-4721 (Directory traversal vulnerability in admin.php in CCleague Pro Sports ...)
	NOT-FOR-US: CCleague Pro Sports CMS
CVE-2006-4720 (PHP remote file inclusion vulnerability in random2.php in mcGalleryPRO ...)
	NOT-FOR-US: mcGalleryPRO
CVE-2006-4719 (Multiple PHP remote file inclusion vulnerabilities in MyABraCaDaWeb ...)
	NOT-FOR-US: MyABraCaDaWeb
CVE-2006-4718 (Multiple cross-site scripting (XSS) vulnerabilities in livre_or.php in ...)
	NOT-FOR-US: KorviBlog
CVE-2006-4717 (The login redirection mechanism in the Drupal 4.7 Pubcookie module ...)
	NOT-FOR-US: Pubcookie module for Drupal
CVE-2006-4716 (PHP remote file inclusion vulnerability in demarrage.php in Fire Soft ...)
	NOT-FOR-US: Fire Soft Board (FSB)
CVE-2006-4715 (SQL injection vulnerability in pdf_version.php in SpoonLabs Vivvo ...)
	NOT-FOR-US: SpoonLabs Vivvo Article Management CMS
CVE-2006-4714 (PHP remote file inclusion vulnerability in index.php in SpoonLabs ...)
	NOT-FOR-US: SpoonLabs Vivvo Article Management CMS
CVE-2006-4713 (PHP remote file inclusion vulnerability in config.php in PSYWERKS PUMA ...)
	NOT-FOR-US: PSYWERKS PUMA
CVE-2006-4712 (Multiple cross-site scripting (XSS) vulnerabilities in Sage 1.3.6 ...)
	- firefox-sage 1.3.6-3 (bug #388149; medium)
CVE-2006-4711 (Multiple cross-site scripting (XSS) vulnerabilities in Sage allow ...)
	- firefox-sage 1.3.6-3 (bug #388149; medium)
CVE-2006-4710 (Multiple cross-site scripting (XSS) vulnerabilities in NewsGator ...)
	NOT-FOR-US: NewsGator FeedDemon
CVE-2006-4709 (SQL injection vulnerability in topic.php in Vikingboard 0.1b allows ...)
	NOT-FOR-US: Vikingboard
CVE-2006-4708 (Multiple cross-site scripting (XSS) vulnerabilities in Vikingboard ...)
	NOT-FOR-US: Vikingboard
CVE-2006-4707 (Cross-site scripting (XSS) vulnerability in admin/global.php (aka the ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2006-4706 (Cross-site scripting (XSS) vulnerability in inc/functions_post.php in ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2006-4705 (SQL injection vulnerability in login.php in dwayner79 and Dominic ...)
	NOT-FOR-US: Timesheet (aka Timesheet.php)
CVE-2006-4704 (Cross-zone scripting vulnerability in the WMI Object Broker ...)
	NOT-FOR-US: Microsoft
CVE-2006-4703
	RESERVED
CVE-2006-4702 (Buffer overflow in the Windows Media Format Runtime in Microsoft ...)
	NOT-FOR-US: Microsoft
CVE-2006-4701
	RESERVED
CVE-2006-4700
	RESERVED
CVE-2006-4699
	RESERVED
CVE-2006-4698
	RESERVED
CVE-2006-4697 (Microsoft Internet Explorer 5.01, 6, and 7 uses certain COM objects ...)
	NOT-FOR-US: Microsoft
CVE-2006-4696 (Unspecified vulnerability in the Server service in Microsoft Windows ...)
	NOT-FOR-US: Microsoft
CVE-2006-4695 (Unspecified vulnerability in certain COM objects in Microsoft Office ...)
	NOT-FOR-US: Microsoft Office
CVE-2006-4694 (Unspecified vulnerability in PowerPoint in Microsoft Office 2000, ...)
	NOT-FOR-US: Microsoft
CVE-2006-4693 (Unspecified vulnerability in Microsoft Word 2004 for Mac and v.X for ...)
	NOT-FOR-US: Microsoft Word
CVE-2006-4692 (Argument injection vulnerability in the Windows Object Packager ...)
	NOT-FOR-US: Microsoft Word
CVE-2006-4691 (Stack-based buffer overflow in the NetpManageIPCConnect function in ...)
	NOT-FOR-US: Microsoft
CVE-2006-4690
	RESERVED
CVE-2006-4689 (Unspecified vulnerability in the driver for the Client Service for ...)
	NOT-FOR-US: Microsoft
CVE-2006-4688 (Buffer overflow in Client Service for NetWare (CSNW) in Microsoft ...)
	NOT-FOR-US: Microsoft
CVE-2006-4687 (Microsoft Internet Explorer 5.01 through 6 allows remote attackers to ...)
	NOT-FOR-US: Microsoft
CVE-2006-4686 (Buffer overflow in the Extensible Stylesheet Language Transformations ...)
	NOT-FOR-US: Microsoft
CVE-2006-4685 (The XMLHTTP ActiveX control in Microsoft XML Parser 2.6 and XML Core ...)
	NOT-FOR-US: Microsoft
CVE-2006-4684 (The docutils module in Zope (Zope2) 2.7.0 through 2.7.9 and 2.8.0 ...)
	{DSA-1176-1}
	- zope2.7 <removed>
	- zope2.8 2.8.8-2
CVE-2006-4683 (IBM Director before 5.10 allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: IBM Director
CVE-2006-4682 (Multiple unspecified vulnerabilities in IBM Director before 5.10 allow ...)
	NOT-FOR-US: IBM Director
CVE-2006-4681 (Directory traversal vulnerability in Redirect.bat in IBM Director ...)
	NOT-FOR-US: IBM Director
CVE-2006-4680 (The Remote UI in Canon imageRUNNER includes usernames and passwords ...)
	NOT-FOR-US: Canon imageRUNNER
CVE-2006-4679 (DokuWiki before 2006-03-09c enables the debug feature by default, ...)
	- dokuwiki 0.0.20060309-5.1 (low; bug #388082)
CVE-2006-4678 (PHP remote file inclusion vulnerability in News Evolution 3.0.3 allows ...)
	NOT-FOR-US: News Evolution
CVE-2006-4677 (** DISPUTED ** ...)
	NOT-FOR-US: phpopenchat
CVE-2006-4676 (TIBCO RendezVous 7.4.11 and earlier logs base64-encoded usernames and ...)
	NOT-FOR-US: TIBCO RendezVous
CVE-2006-4675 (Unrestricted file upload vulnerability in lib/exe/media.php in ...)
	- dokuwiki 0.0.20060309-5.1 (medium; bug #388082)
CVE-2006-4674 (Direct static code injection vulnerability in doku.php in DokuWiki ...)
	- dokuwiki 0.0.20060309-5.1 (medium; bug #388082)
CVE-2006-4673 (Global variable overwrite vulnerability in maincore.php in PHP-Fusion ...)
	NOT-FOR-US: PHP-Fusion
CVE-2006-4672 (PHP remote file inclusion vulnerability in profitCode ppalCart 2.5 EE, ...)
	NOT-FOR-US: ppalCart
CVE-2006-4671 (PHP remote file inclusion vulnerability in headlines.php in Fantastic ...)
	NOT-FOR-US: Fantastic News
CVE-2006-4670 (Multiple PHP remote file inclusion vulnerabilities in PhotoKorn ...)
	NOT-FOR-US: PhotoKorn Gallery
CVE-2006-4669 (PHP remote file inclusion vulnerability in admin/system/include.php in ...)
	NOT-FOR-US: Somery
CVE-2006-4668 (Cross-site scripting (XSS) vulnerability in index.php in Rob Hensley ...)
	NOT-FOR-US: AckerTodo
CVE-2006-4667 (Multiple SQL injection vulnerabilities in RunCMS 1.4.1 allow remote ...)
	NOT-FOR-US: RunCMS
CVE-2006-4666 (Multiple PHP remote file inclusion vulnerabilities in Stefan Ernst ...)
	NOT-FOR-US: Newsscript (aka WM-News)
CVE-2006-4665 (Cross-site scripting (XSS) vulnerability in index.php in MKPortal M1.1 ...)
	NOT-FOR-US: MKPortal
CVE-2006-4664 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: Premod Shadow
CVE-2006-4663 (** DISPUTED ** ...)
	NOT-FOR-US: User problem
CVE-2006-4662 (Heap-based buffer overflow in the MCRegEx__Search function in AOL ICQ ...)
	NOT-FOR-US: AOL ICQ
CVE-2006-4661 (AOL ICQ Toolbar 1.3 for Internet Explorer (toolbaru.dll) does not ...)
	NOT-FOR-US: AOL ICQ Toolbar
CVE-2006-4660 (Multiple cross-site scripting (XSS) vulnerabilities in the RSS Feed ...)
	NOT-FOR-US: AOL ICQ Toolbar
CVE-2006-4659 (The Panda Platinum Internet Security 2006 10.02.01 and 2007 11.00.00 ...)
	NOT-FOR-US: Panda Platinum Internet Security
CVE-2006-4658 (Panda Platinum Internet Security 2006 10.02.01 and 2007 11.00.00 uses ...)
	NOT-FOR-US: Panda Platinum Internet Security
CVE-2006-4657 (Panda Platinum Internet Security 2006 10.02.01 and 2007 11.00.00 ...)
	NOT-FOR-US: Panda Platinum Internet Security
CVE-2006-4656 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: Web Provence SL_Site
CVE-2006-4655 (Buffer overflow in the Strcmp function in the XKEYBOARD extension in X ...)
	NOT-FOR-US: X11R6.4
CVE-2006-4654 (Format string vulnerability in Easy Address Book Web Server 1.2 allows ...)
	NOT-FOR-US: Address Book Web Server
CVE-2006-4653 ((1) Amazing Little Poll and (2) Amazing Little Picture Poll store ...)
	NOT-FOR-US: Amazing Little Poll
CVE-2006-4652 ((1) Amazing Little Poll and (2) Amazing Little Picture Poll have a ...)
	NOT-FOR-US: Amazing Little Poll
CVE-2006-4651 (Directory traversal vulnerability in download/index.php, and possibly ...)
	NOT-FOR-US: Php download
CVE-2006-4650 (Cisco IOS 12.0, 12.1, and 12.2, when GRE IP tunneling is used and the ...)
	NOT-FOR-US: Cisco
CVE-2006-4649 (PHP remote file inclusion vulnerability in bp_news.php in BinGo News ...)
	NOT-FOR-US: BinGo News
CVE-2006-4648 (PHP remote file inclusion vulnerability in bp_ncom.php in BinGo News ...)
	NOT-FOR-US: BinGo News
CVE-2006-4647 (PHP remote file inclusion vulnerability in news.php in Sponge News 2.2 ...)
	NOT-FOR-US: Sponge News
CVE-2006-4646 (Cross-site scripting (XSS) vulnerability in the Drupal 4.7 Pathauto ...)
	NOT-FOR-US: Drupal Pathauto module
CVE-2006-4645 (PHP remote file inclusion vulnerability in akarru.gui/main_content.php ...)
	NOT-FOR-US: Social BookMarking Engine
CVE-2006-4644 (PHP remote file inclusion vulnerability in modules/home.module.php in ...)
	NOT-FOR-US: phpFullAnnu
CVE-2006-4643 (SQL injection vulnerability in consult/joueurs.php in Uni-Vert ...)
	NOT-FOR-US: PhpLeague
CVE-2006-4642 (AuditWizard 6.3.2, when using &quot;Remote Audit,&quot; logs the administrator ...)
	NOT-FOR-US: AuditWizard
CVE-2006-4641 (SQL injection vulnerability in kategori.asp in Muratsoft Haber Portal ...)
	NOT-FOR-US: Muratsoft Haber Portal
CVE-2006-4640 (Unspecified vulnerability in Adobe Flash Player before 9.0.16.0 allows ...)
	- flashplugin-nonfree 7.0.68.0.1
	[sarge] - flashplugin-nonfree <no-dsa> (Contrib not supported)
CVE-2006-4639 (Multiple PHP remote file inclusion vulnerabilities in C-News.fr C-News ...)
	NOT-FOR-US: C-News.fr C-News
CVE-2006-4638 (PHP remote file inclusion vulnerability in article.php in ACGV News ...)
	NOT-FOR-US: ACGV News
CVE-2006-4637 (Multiple PHP remote file inclusion vulnerabilities in ACGV News 0.9.1 ...)
	NOT-FOR-US: ACGV News
CVE-2006-4636 (Directory traversal vulnerability in SZEWO PhpCommander 3.0 and ...)
	NOT-FOR-US: PhpCommander
CVE-2006-4635 (Unspecified vulnerability in MySource Classic 2.14.6, and possibly ...)
	NOT-FOR-US: MySource Classic
CVE-2006-4634 (Cross-site scripting (XSS) vulnerability in index.php in VBZooM allows ...)
	NOT-FOR-US: VBZooM
CVE-2006-4633 (index.php in SoftBB 0.1, and possibly earlier, allows remote attackers ...)
	NOT-FOR-US: SoftBB
CVE-2006-4632 (Multiple SQL injection vulnerabilities in SoftBB 0.1, and possibly ...)
	NOT-FOR-US: SoftBB
CVE-2006-4631 (Direct static code injection vulnerability in admin/save_opt.php in ...)
	NOT-FOR-US: SoftBB
CVE-2006-4630 (PHP remote file inclusion vulnerability in jscript.php in Sky GUNNING ...)
	NOT-FOR-US: MySpeach
CVE-2006-4629 (PHP remote file inclusion vulnerability in affichage/commentaires.php ...)
	NOT-FOR-US: C-News.fr C-News
CVE-2006-4628 (Cross-site scripting (XSS) vulnerability in VCD-db before 0.983 allows ...)
	NOT-FOR-US: VCD-db
CVE-2006-4627 (System Information ActiveX control (msinfo.dll), when accessed via ...)
	NOT-FOR-US: System Information ActiveX control
CVE-2006-4626 (Heap-based buffer overflow in alwil avast! Anti-virus Engine before ...)
	NOT-FOR-US: avast! Anti-virus Engine
CVE-2006-4625 (PHP 4.x up to 4.4.4 and PHP 5 up to 5.1.6 allows local users to bypass ...)
	- php4 4:4.4.4-1 (bug #391282; unimportant)
	- php5 5.2.0-1 (bug #391281; unimportant)
	NOTE: open_basedir violations not supported in Debian's PHP
CVE-2006-4624 (CRLF injection vulnerability in Utils.py in Mailman before 2.1.9rc1 ...)
	{DSA-1188-1}
	- mailman 1:2.1.8-3
CVE-2006-4623 (The Unidirectional Lightweight Encapsulation (ULE) decapsulation ...)
	{DSA-1304}
	- linux-2.6 2.6.18-1
CVE-2002-2217 (Multiple PHP remote file inclusion vulnerabilities in Web Server ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2006-4790 (verify.c in GnuTLS before 1.4.4, when using an RSA key with exponent ...)
	{DSA-1182-1}
	NOTE: GNUTLS-SA-2006-4
	- gnutls13 1.4.4-1 (high)
	- gnutls12 <unfixed> (high)
	- gnutls11 <unfixed> (high)
CVE-2006-XXXX [gnutls Adaptive Chosen Ciphertext Attack]
	NOTE: GNUTLS-SA-2006-3 (withdrawn)
	- gnutls13 1.4.3-1 (unimportant)
	- gnutls12 <unfixed> (unimportant)
	- gnutls11 <unfixed> (unimportant)
CVE-2006-4622 (PHP remote file inclusion vulnerability in annonce.php in AnnonceV ...)
	NOT-FOR-US: AnnonceV
CVE-2006-4621 (PHP remote file inclusion vulnerability in settings.php in Pheap 1.2, ...)
	NOT-FOR-US: Pheap
CVE-2006-4620 (The useredit_account.wdm module in Alt-N WebAdmin 3.2.5 running with ...)
	NOT-FOR-US: Alt-N WebAdmin
CVE-2006-4619 (The start update window in update.exe in Avira AntiVir PersonalEdition ...)
	NOT-FOR-US: Avira
CVE-2006-4618 (PHP remote file inclusion vulnerability in adodb-postgres7.inc.php in ...)
	- libphp-adodb <not-affected> (vulnerable code seems to be In-link specific)
	- egroupware <not-affected> (vulnerable code seems to be In-link specific)
	- moodle <not-affected> (vulnerable code seems to be In-link specific)
	- phppgadmin <not-affected> (vulnerable code seems to be In-link specific)
	- gallery2 <not-affected> (vulnerable code seems to be In-link specific)
	- phpwiki <not-affected> (vulnerable code seems to be In-link specific)
CVE-2006-4617 (Unrestricted file upload vulnerability in fileupload.html in vtiger ...)
	NOT-FOR-US: vtiger CRM
CVE-2006-4616 (SMTP service in MailEnable Standard, Professional, and Enterprise ...)
	NOT-FOR-US: MailEnable
CVE-2006-4615 (Shape Services IM+ Mobile Instant Messenger for Pocket PC 3.10 stores ...)
	NOT-FOR-US: Shape Services
CVE-2006-4614 (PDAapps Verichat for Pocket PC 1.30bh stores usernames and passwords ...)
	NOT-FOR-US: PDAapps Verichat
CVE-2006-4613 (Multiple unspecified vulnerabilities in SnapGear before 3.1.4u1 allow ...)
	NOT-FOR-US: SnapGear
CVE-2006-4612 (SQL injection vulnerability in ReplyNew.asp in ZIXForum 1.12 allows ...)
	NOT-FOR-US: ZIXForum
CVE-2006-4611 (Buffer overflow in the _tor_resolve function in dsocks.c in dsocks ...)
	NOT-FOR-US: dsocks
CVE-2006-4610 (PHP remote file inclusion vulnerability in index.php in GrapAgenda ...)
	NOT-FOR-US: GrapAgenda
CVE-2006-4609 (** DISPUTED ** ...)
	NOT-FOR-US: PHProjekt
CVE-2006-4608 (Multiple cross-site scripting (XSS) vulnerabilities in Longino Jacome ...)
	NOT-FOR-US: php-Revista
CVE-2006-4607 (admin/index.php in Longino Jacome php-Revista 1.1.2 allows remote ...)
	NOT-FOR-US: php-Revista
CVE-2006-4606 (Multiple SQL injection vulnerabilities in Longino Jacome php-Revista ...)
	NOT-FOR-US: php-Revista
CVE-2006-4605 (PHP remote file inclusion vulnerability in index.php in Longino Jacome ...)
	NOT-FOR-US: php-Revista
CVE-2006-4604 (PHP remote file inclusion vulnerability in LFXlib/access_manager.php ...)
	NOT-FOR-US: Lanifex Database of Managed Objects (DMO)
CVE-2006-4603 (NCH Swift Sound Web Dictate 1.02 allows remote attackers to bypass ...)
	NOT-FOR-US: Swift Sound Web Dictate
CVE-2006-4601 (SQL injection vulnerability in index.php in Annuaire 1Two 2.2 allows ...)
	NOT-FOR-US: 1Two
CVE-2006-4600 (slapd in OpenLDAP before 2.3.25 allows remote authenticated users with ...)
	- openldap2.3 2.3.25-1
	- openldap2.2 <removed> (low)
	- openldap2 <not-affected> (low) (slapd not built from this version)
CVE-2006-4599 (SQL injection vulnerability in aut_verifica.inc.php in Autentificator ...)
	NOT-FOR-US: Autentificator
CVE-2006-4598 (Multiple SQL injection vulnerabilities in links.php in ssLinks 1.22 ...)
	NOT-FOR-US: ssLinks
CVE-2006-4597 (SQL injection vulnerability in devam.asp in ICBlogger 2.0 and earlier ...)
	NOT-FOR-US: ICBlogger
CVE-2006-4596 (PHP remote file inclusion in MyBace Light Skrip, when register_globals ...)
	NOT-FOR-US: MyBace Light Skrip
CVE-2006-4595 (muforum (&#181;forum) 0.4c stores membres/members.dat under the web ...)
	NOT-FOR-US: muforum
CVE-2006-4594 (Multiple PHP remote file inclusion vulnerabilities in PHP Advanced ...)
	NOT-FOR-US: phpAtm
CVE-2006-4593 (Cross-site scripting (XSS) vulnerability in index.php in SoftBB 0.1 ...)
	NOT-FOR-US: SoftBB
CVE-2006-4592 (Incomplete blacklist vulnerability in default.asp in 8pixel.net Simple ...)
	NOT-FOR-US: Simple Blog
CVE-2006-4591 (Multiple PHP remote file inclusion vulnerabilities in AlstraSoft ...)
	NOT-FOR-US: AltraSoft Template Seller
CVE-2006-4590 (SQL injection vulnerability in admin/default.asp in Jetstat.com JS ASP ...)
	NOT-FOR-US: Jetstat.com JS ASP Faq Manager
CVE-2006-4589 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: DynCMS
CVE-2006-4588 (vtiger CRM 4.2.4, and possibly earlier, allows remote attackers to ...)
	NOT-FOR-US: vtiger CRM
CVE-2006-4587 (Multiple cross-site scripting (XSS) vulnerabilities in vtiger CRM ...)
	NOT-FOR-US: vtiger CRM
CVE-2006-4586 (The admin panel in Tr Forum 2.0 accepts a username and password hash ...)
	NOT-FOR-US: Tr Forum
CVE-2006-4585 (SQL injection vulnerability in admin/editer.php in Tr Forum 2.0 allows ...)
	NOT-FOR-US: Tr Forum
CVE-2006-4584 (Tr Forum 2.0 allows remote attackers to bypass authentication and add ...)
	NOT-FOR-US: Tr Forum
CVE-2006-4583 (Multiple PHP remote file inclusion vulnerabilities in FlashChat before ...)
	NOT-FOR-US: FlashChat
CVE-2006-4582 (Cross-site request forgery (CSRF) vulnerability in The Address Book 1.04e ...)
	NOT-FOR-US: The Address Book
CVE-2006-4581 (Unrestricted file upload vulnerability in The Address Book 1.04e validates ...)
	NOT-FOR-US: The Address Book
CVE-2006-4580 (register.php in The Address Book 1.04e allows remote attackers to ...)
	NOT-FOR-US: The Address Book
CVE-2006-4579 (Directory traversal vulnerability in users.php in The Address Book ...)
	NOT-FOR-US: The Address Book
CVE-2006-4578 (export.php in The Address Book 1.04e writes username and password hash ...)
	NOT-FOR-US: The Address Book
CVE-2006-4577 (Multiple cross-site scripting (XSS) vulnerabilities in The Address Book 1.04e ...)
	NOT-FOR-US: The Address Book
CVE-2006-4576 (Cross-site scripting (XSS) vulnerability in The Address Book 1.04e allows ...)
	NOT-FOR-US: The Address Book
CVE-2006-4575 (Multiple SQL injection vulnerabilities in The Address Book 1.04e allow remote ...)
	NOT-FOR-US: The Address Book
CVE-2006-4574 (Off-by-one error in the MIME Multipart dissector in Wireshark ...)
	- wireshark 0.99.4-1 (bug #396258; medium)
CVE-2006-4573 (Multiple unspecified vulnerabilities in the &quot;utf8 combining characters ...)
	{DSA-1202-1}
	- screen 4.0.3-0.1 (bug #395225; bug #395999; medium)
CVE-2006-4572 (ip6_tables in netfilter in the Linux kernel before 2.6.16.31 allows ...)
	- linux-2.6 2.6.18.dfsg.1-9 (medium)
CVE-2006-4571 (Multiple unspecified vulnerabilities in Firefox before 1.5.0.7, ...)
	{DSA-1210 DSA-1192-1 DSA-1191-1}
	NOTE: MFSA-2006-64
	- mozilla <unfixed> (high)
	- firefox 1.5.dfsg+1.5.0.7-1 (high)
	- thunderbird 1.5.0.7-1 (high)
	- xulrunner 1.8.0.7-1 (high)
CVE-2006-4570 (Mozilla Thunderbird before 1.5.0.7 and SeaMonkey before 1.0.5, with ...)
	{DSA-1192-1 DSA-1191-1}
	NOTE: MFSA-2006-63
	- thunderbird 1.5.0.7-1
	- mozilla <unfixed>
CVE-2006-4569 (The popup blocker in Mozilla Firefox before 1.5.0.7 opens the &quot;blocked ...)
	NOTE: MFSA-2006-62
	- firefox 1.5.dfsg+1.5.0.7-1 (low)
	- xulrunner 1.8.0.7-1 (low)
	- thunderbird 1.5.0.7-1
	[sarge] - mozilla-firefox <not-affected> (Regression only affecting 1.5)
CVE-2006-4568 (Mozilla Firefox before 1.5.0.7 and SeaMonkey before 1.0.5 allows ...)
	{DSA-1210 DSA-1192-1 DSA-1191-1}
	NOTE: MFSA-2006-61
	- mozilla <unfixed> (low)
	- firefox 1.5.dfsg+1.5.0.7-1 (low)
	- xulrunner 1.8.0.7-1 (low)
	- thunderbird 1.5.0.7-1
CVE-2006-4567 (Mozilla Firefox before 1.5.0.7 and Thunderbird before 1.5.0.7 makes it ...)
	NOTE: MFSA-2006-58
	- firefox 1.5.dfsg+1.5.0.7-1 (unimportant)
	- thunderbird 1.5.0.7-1 (unimportant)
	[sarge] - mozilla-firefox <unfixed> (unimportant)
	[sarge] - mozilla-thunderbird <unfixed> (unimportant)
	NOTE: The internal update mechanism is disabled in Debian
CVE-2006-4566 (Mozilla Firefox before 1.5.0.7, Thunderbird before 1.5.0.7, and ...)
	{DSA-1210 DSA-1192-1 DSA-1191-1}
	NOTE: MFSA-2006-57
	- mozilla <unfixed> (high)
	- firefox 1.5.dfsg+1.5.0.7-1 (high)
	- thunderbird 1.5.0.7-1 (low)
	- xulrunner 1.8.0.7-1 (high)
CVE-2006-4565 (Heap-based buffer overflow in Mozilla Firefox before 1.5.0.7, ...)
	{DSA-1210 DSA-1192-1 DSA-1191-1}
	NOTE: MFSA-2006-57
	- mozilla <unfixed> (high)
	- firefox 1.5.dfsg+1.5.0.7-1 (high)
	- xulrunner 1.8.0.7-1 (high)
	- thunderbird 1.5.0.7-1 (low)
CVE-2006-4564 (SQL injection vulnerability in Sources/ManageBoards.php in Simple ...)
	NOT-FOR-US: Simple Machines Forum
CVE-2006-4563 (Cross-site scripting (XSS) vulnerability in the MyHeadlines before ...)
	NOT-FOR-US: PHP-Nuke
CVE-2006-4562 (** DISPUTED ** ...)
	NOT-FOR-US: Symantec
CVE-2006-4561 (Mozilla Firefox 1.5.0.6 allows remote attackers to execute arbitrary ...)
	- xulrunner 1.8.0.7-1 (low)
	- firefox 1.5.dfsg+1.5.0.7-1 (low)
	[sarge] - mozilla <no-dsa> (Mozilla products from Sarge no longer supported)
	[sarge] - mozilla-firefox <no-dsa> (Mozilla products from Sarge no longer supported)
CVE-2006-4560 (Internet Explorer 6 on Windows XP SP2 allows remote attackers to ...)
	NOT-FOR-US: Internet Explorer
CVE-2006-4559 (Multiple PHP remote file inclusion vulnerabilities in Yet Another ...)
	NOT-FOR-US: Yet Another Community System (YACS) CMS
CVE-2006-4558 (DeluxeBB 1.06 and earlier, when run on the Apache HTTP Server with the ...)
	NOT-FOR-US: DeluxeBB
CVE-2006-4557 (** DISPUTED ** ...)
	NOT-FOR-US: Discloser
CVE-2006-4556 (** DISPUTED ** ...)
	NOT-FOR-US: JIM component for Mambo and Joomla!
CVE-2006-4555 (Buffer overflow in the Retro64 / Miniclip CR64Loader ActiveX control ...)
	NOT-FOR-US: Miniclip CR64Loader ActiveX control
CVE-2006-4554 (Stack-based buffer overflow in the ReadFile function in the ...)
	NOT-FOR-US: BeCubed Compression Plus
CVE-2006-4553 (PHP remote file inclusion vulnerability in plugin.class.php in the ...)
	NOT-FOR-US: com_comprofiler Components for Mambo and Joomla!
CVE-2006-4552 (Cross-site scripting (XSS) vulnerability in CHXO Feedsplitter ...)
	NOT-FOR-US: CHXO Feedsplitter
CVE-2006-4551 (Eval injection vulnerability in CHXO Feedsplitter 2006-01-21 allows ...)
	NOT-FOR-US: CHXO Feedsplitter
CVE-2006-4550 (Directory traversal vulnerability in CHXO Feedsplitter 2006-01-21 ...)
	NOT-FOR-US: CHXO Feedsplitter
CVE-2006-4549 (CHXO Feedsplitter 2006-01-21 allows remote attackers to read the ...)
	NOT-FOR-US: CHXO Feedsplitter
CVE-2006-4548 (e107 0.75 and earlier does not properly unset variables when the input ...)
	NOTE: this should be fixed in PHP (CVE-2006-3017)
CVE-2006-4547 (Lyris ListManager 8.95 allows remote authenticated users to obtain ...)
	NOT-FOR-US: Lyris ListManager
CVE-2006-4546 (Lyris ListManager 8.95 allows remote authenticated users, who have ...)
	NOT-FOR-US: Lyris ListManager
CVE-2006-4545 (** DISPUTED ** ...)
	NOT-FOR-US: ModuleBased CMS Pre-Alpha
CVE-2006-4544 (Multiple PHP remote file inclusion vulnerabilities in ExBB 1.9.1, when ...)
	NOT-FOR-US: ExBB
CVE-2006-4543 (Cross-site scripting (XSS) vulnerability in index.php in HLStats 1.34 ...)
	NOT-FOR-US: HLStats
CVE-2006-4542 (Webmin before 1.296 and Usermin before 1.226 do not properly handle a ...)
	{DSA-1199-1}
	- webmin <removed> (bug #391284)
	- usermin <removed>
CVE-2006-4541 (RapDrv.sys in BlackICE PC Protection 3.6.cpn, cpj, cpiE, and possibly ...)
	NOT-FOR-US: BlackICE PC Protection
CVE-2006-4540 (Cross-site scripting (XSS) vulnerability in learncenter.asp in ...)
	NOT-FOR-US: Learn.com LearnCenter
CVE-2006-4539 ((1) includes/widgets/module_company_tickets.php and (2) ...)
	NOT-FOR-US: Cerberus Helpdesk
CVE-2006-4538 (Linux kernel 2.6.17 and earlier, when running on IA64 or SPARC ...)
	{DSA-1237 DSA-1233}
	- linux-2.6 2.6.17-9
CVE-2006-4537 (NET$SESSION_CONTROL.EXE in DECnet-Plus in OpenVMS ALPHA 7.3-2 and ...)
	NOT-FOR-US: OpenVMS
CVE-2006-4536 (SQL injection vulnerability in module/rejestracja.php in CMS Frogss ...)
	NOT-FOR-US: CMS Frogss
CVE-2006-4535 (The Linux kernel 2.6.17.10 and 2.6.17.11 and 2.6.18-rc5 allows local ...)
	- linux-2.6 2.6.18-1
CVE-2006-4534 (Unspecified vulnerability in Microsoft Word 2000, 2002, and Office ...)
	NOT-FOR-US: Microsoft
CVE-2006-4533 (Multiple PHP remote file inclusion vulnerabilities in Plume CMS 1.0.6 ...)
	NOT-FOR-US: Plume CMS
CVE-2006-4532 (PHP remote file inclusion vulnerability in articles/article.php in Yet ...)
	NOT-FOR-US: Yet Another Community System (YACS) CMS
CVE-2006-4531 (PHP remote file inclusion vulnerability in lib/config.php in Pheap CMS ...)
	NOT-FOR-US: Pheap CMS
CVE-2006-4530 (Direct static code injection vulnerability in include/change.php in ...)
	NOT-FOR-US: membrepass
CVE-2006-4529 (SQL injection vulnerability in recherchemembre.php in membrepass 1.5. ...)
	NOT-FOR-US: membrepass
CVE-2006-4528 (Multiple cross-site scripting (XSS) vulnerabilities in membrepass 1.5 ...)
	NOT-FOR-US: membrepass
CVE-2006-4527 (includes/content/gateway.inc.php in CubeCart 3.0.12 and earlier, when ...)
	NOT-FOR-US: CubeCart
CVE-2006-4526 (SQL injection vulnerability in includes/content/viewCat.inc.php in ...)
	NOT-FOR-US: CubeCart
CVE-2006-4525 (Cross-site scripting (XSS) vulnerability in CubeCart 3.0.12 and ...)
	NOT-FOR-US: CubeCart
CVE-2006-4524 (Multiple SQL injection vulnerabilities in login_verif.asp in Digiappz ...)
	NOT-FOR-US: Digiappz Freekot
CVE-2006-4523 (The web-based management interface in 2Wire, Inc. HomePortal and ...)
	NOT-FOR-US: 2Wire
CVE-2006-4522 (Unspecified vulnerability in dtterm in IBM AIX 5.2 and 5.3 allows ...)
	NOT-FOR-US: IBM AIX
CVE-2004-2664 (John Lim ADOdb Library for PHP before 4.23 allows remote attackers to ...)
	- libphp-adodb <not-affected>
	- egroupware <not-affected>
	- moodle <not-affected>
	- phppgadmin 4.0.1-2 (unimportant)
	- gallery2 <not-affected>
	- phpwiki <unfixed> (unimportant)
CVE-2006-XXXX [hostapd dos]
	- hostapd 1:0.5.4-1
	[sarge] - hostapd <not-affected> (Vulnerable code not present)
CVE-2006-4521 (The BerDecodeLoginDataRequest function in the libnmasldap.so NMAS ...)
	NOT-FOR-US: Novell eDirectory
CVE-2006-4520 (ncp in Novell eDirectory before 8.7.3 SP9, and 8.8.x before 8.8.1 ...)
	NOT-FOR-US: Novell eDirectory
CVE-2006-4519 (Multiple integer overflows in the image loader plug-ins in GIMP before ...)
	{DSA-1335-1}
	- gimp 2.2.16-1 (medium)
	NOTE: Security problems were fixed in 2.2.16, but only 2.2.17 fixes a PSD regression
CVE-2006-4518 (Qbik WinGate 6.1.4 and earlier allows remote attackers to cause a ...)
	NOT-FOR-US: Qbik WinGate
CVE-2006-4517 (Novell iManager 2.5 and 2.0.2 allows remote attackers to cause a ...)
	NOT-FOR-US: Novell iManager
CVE-2006-4516 (Integer signedness error in FreeBSD 6.0-RELEASE allows local users to ...)
	- kfreebsd-5 <unfixed> (low)
	[etch] - kfreebsd-5 <no-dsa> (no security support for freebsd)
CVE-2006-4515
	RESERVED
CVE-2006-4514 (Heap-based buffer overflow in the ole_info_read_metabat function in ...)
	{DSA-1221-1}
	- libgsf 1.14.2-1
CVE-2006-4513 (Multiple integer overflows in the WV library in wvWare (formerly ...)
	- wv 1.2.4-1 (bug #396256; medium)
	- abiword 2.4.6-1
	[sarge] - abiword 2.4.6-1.1 (bug #396360)
	NOTE: exact abiword fixed version not known, but <= 2.4.6-1
CVE-2006-4512
	RESERVED
CVE-2006-4511 (Messenger Agents (nmma.exe) in Novell GroupWise 2.0.2 and 1.0.6 allows ...)
	NOT-FOR-US: Novell GroupWise
CVE-2006-4510 (The evtFilteredMonitorEventsRequest function in the LDAP service in ...)
	NOT-FOR-US: Novell eDirectory
CVE-2006-4509 (Integer overflow in the evtFilteredMonitorEventsRequest function in ...)
	NOT-FOR-US: Novell eDirectory
CVE-2006-4508 (Unspecified vulnerability in (1) Tor 0.1.0.x before 0.1.0.18 and ...)
	- tor 0.1.1.23-1
CVE-2006-4507 (Unspecified vulnerability in the TIFF viewer (possibly libTIFF) in the ...)
	NOT-FOR-US: Sony
	NOTE: According to the original advisory, this is just CVE-2006-3459
CVE-2006-4506 (idmlib.sh in nxdrv in Novell Identity Manager (IDM) 3.0.1 allows local ...)
	NOT-FOR-US: Novell Identity Manager
CVE-2006-4505 (CRLF injection vulnerability in links.php in NX5Linx 1.0 allows remote ...)
	NOT-FOR-US: NX5Linx
CVE-2006-4504 (SQL injection vulnerability in NX5Linx 1.0 allows remote attackers to ...)
	NOT-FOR-US: NX5Linx
CVE-2006-4503 (Directory traversal vulnerability in link.php in NX5Linx 1.0 allows ...)
	NOT-FOR-US: NX5Linx
CVE-2006-4502 (ezPortal/ztml CMS 1.0 allows remote attackers to bypass authentication ...)
	NOT-FOR-US: ezPortal/ztml CMS
CVE-2006-4501 (SQL injection vulnerability in index.php in ezPortal/ztml CMS 1.0 ...)
	NOT-FOR-US: ezPortal/ztml CMS
CVE-2006-4500 (Cross-site scripting (XSS) vulnerability in index.php in ezPortal/ztml ...)
	NOT-FOR-US: ezPortal/ztml CMS
CVE-2006-4499 (ModernBill 5.0.4 and earlier uses cURL with insecure settings for ...)
	NOT-FOR-US: ModernBill
CVE-2006-4498 (PHP remote file inclusion vulnerability in sommaire_admin.php in ...)
	NOT-FOR-US: PortailPHP
CVE-2006-4497 (SQL injection vulnerability in comments.php in IwebNegar 1.1 allows ...)
	NOT-FOR-US: IwebNegar
CVE-2006-4496 (Cross-site scripting (XSS) vulnerability in comments.php in IwebNegar ...)
	NOT-FOR-US: IwebNegar
CVE-2006-4495 (Microsoft Internet Explorer allows remote attackers to cause a denial ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2006-4494 (Microsoft Visual Studio 6.0 allows remote attackers to cause a denial ...)
	NOT-FOR-US: Microsoft
CVE-2006-4493 (xbiff2 1.9 creates $HOME/.xbiff2rc in a user's home directory with ...)
	NOT-FOR-US: xbiff2
	NOTE: xbase-clients contains xbiff, but it is not affected as it doesn't use a .xbiffrc
CVE-2006-4492 (Unspecified vulnerability in Cybozu Office 6.5 Build 1.2 for Windows ...)
	NOT-FOR-US: Cybozu Office
CVE-2006-4491 (Directory traversal vulnerability in Cybozu Collaborex, AG before ...)
	NOT-FOR-US: Cybozu Collaborex
CVE-2006-4490 (Multiple directory traversal vulnerabilities in Cybozu Office before ...)
	NOT-FOR-US: Cybozu Office
CVE-2006-4489 (Multiple PHP remote file inclusion vulnerabilities in MiniBill ...)
	NOT-FOR-US: MiniBill
CVE-2006-4488 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: ExBB Italia
CVE-2006-4487 (DUware DUpoll 3.0 and 3.1 stores _private/Dupoll.mdb under the web ...)
	NOT-FOR-US: DUpoll
CVE-2006-4486 (Integer overflow in memory allocation routines in PHP before 5.1.6, ...)
	{DSA-1331-1}
	- php5 5.1.6-1
	- php4 4:4.4.4-1
CVE-2006-4485 (The stripos function in PHP before 5.1.5 has unknown impact and attack ...)
	- php5 5.1.6-1
	- php4 <not-affected> (Vulnerable function doesn't exist)
CVE-2006-4484 (Buffer overflow in the LWZReadByte_ function in ...)
	- libgd2 2.0.33-5.1 (medium; bug #384838)
	- xloadimage <unfixed> (unimportant; bug #384841)
	NOTE: xloadimage is a crasher only, not a security problem
CVE-2006-4483 (The cURL extension files (1) ext/curl/interface.c and (2) ...)
	- php5 5.1.6-1 (unimportant)
	- php4 4:4.4.4-1 (unimportant)
	NOTE: Safe mode violations not supported, insufficient measure
CVE-2006-4482 (Multiple heap-based buffer overflows in the (1) str_repeat and (2) ...)
	{DSA-1206-1}
	- php5 5.1.6-1 (medium)
	- php4 4:4.4.4-1 (medium)
CVE-2006-4481 (The (1) file_exists and (2) imap_reopen functions in PHP before 5.1.5 ...)
	- php5 5.1.6-1 (unimportant)
	- php4 4:4.4.4-1 (unimportant)
	NOTE: Basedir violations not supported
CVE-2006-4480 (Incomplete blacklist vulnerability in the nk_CSS function in nuked.php ...)
	NOT-FOR-US: Nuked-Klan
CVE-2006-4479 (Cross-site scripting (XSS) vulnerability in loginreq2.php in Visual ...)
	NOT-FOR-US: ezContents
CVE-2006-4478 (SQL injection vulnerability in headeruserdata.php in Visual Shapers ...)
	NOT-FOR-US: ezContents
CVE-2006-4477 (Multiple PHP remote file inclusion vulnerabilities in Visual Shapers ...)
	NOT-FOR-US: ezContents
CVE-2006-4476 (Multiple unspecified vulnerabilities in Joomla! before 1.0.11, related ...)
	NOT-FOR-US: Joomla
CVE-2006-4475 (Joomla! before 1.0.11 does not limit access to the Admin Popups ...)
	NOT-FOR-US: Joomla
CVE-2006-4474 (Multiple cross-site scripting (XSS) vulnerabilities in Joomla! before ...)
	NOT-FOR-US: Joomla
CVE-2006-4473 (Unspecified vulnerability in com_content in Joomla! before 1.0.11, ...)
	NOT-FOR-US: Joomla
CVE-2006-4472 (Multiple unspecified vulnerabilities in Joomla! before 1.0.11 allow ...)
	NOT-FOR-US: Joomla
CVE-2006-4471 (The Admin Upload Image functionality in Joomla! before 1.0.11 allows ...)
	NOT-FOR-US: Joomla
CVE-2006-4470 (Joomla! before 1.0.11 omits some checks for whether _VALID_MOS is ...)
	NOT-FOR-US: Joomla
CVE-2006-4469 (Unspecified vulnerability in PEAR.php in Joomla! before 1.0.11 allows ...)
	NOT-FOR-US: Joomla
CVE-2006-4468 (Multiple unspecified vulnerabilities in Joomla! before 1.0.11, related ...)
	NOT-FOR-US: Joomla
CVE-2006-4467 (Simple Machines Forum (SMF) 1.1RCx before 1.1RC3, and 1.0.x before ...)
	NOT-FOR-US: Simple Machines Forum
CVE-2006-4466 (Joomla! before 1.0.11 does not properly unset variables when the input ...)
	NOT-FOR-US: Joomla
CVE-2006-4465 (** DISPUTED ** ...)
	NOT-FOR-US: Microsoft
CVE-2006-4464 (The Nokia Browser, possibly Nokia Symbian 60 Browser 3rd edition, ...)
	NOT-FOR-US: Nokia
CVE-2006-4463 (SQL injection vulnerability in the administrator control panel in ...)
	NOT-FOR-US: JS ASP Faq Manager
CVE-2006-4462 (Gonafish.com LinksCaffe 2.0 and 3.0 do not properly restrict access to ...)
	NOT-FOR-US: LinksCaffe
CVE-2006-4461 (Paessler IPCheck Server Monitor before 5.3.3.639/640 does not properly ...)
	NOT-FOR-US: Paessler IPCheck Server Monitor (not related to ipcheck in Debian)
CVE-2006-4460 (Cross-site scripting (XSS) vulnerability in PHP iAddressBook before ...)
	NOT-FOR-US: iAddressBook
CVE-2006-4459 (Integer overflow in AnywhereUSB/5 1.80.00 allows local users to cause ...)
	NOT-FOR-US: AnywhereUSB/5
CVE-2006-4458 (Directory traversal vulnerability in ...)
	- phpgroupware 0.9.16.011-1 (bug #386061; medium)
CVE-2006-4457 (PHP remote file inclusion vulnerability in index.php in phpECard 2.1.4 ...)
	NOT-FOR-US: phpECard
CVE-2006-4456 (PHP remote file inclusion vulnerability in functions.php in phpECard ...)
	NOT-FOR-US: phpECard
CVE-2006-4455 (** DISPUTED ** ...)
	- xchat <not-affected> (not reproducible)
CVE-2006-4454 (Cross-site scripting (XSS) vulnerability in hlstats.php in HLstats ...)
	NOT-FOR-US: HLstats
CVE-2006-4453 (Cross-site scripting (XSS) vulnerability in PmWiki before 2.1.18 ...)
	NOT-FOR-US: PmWiki
CVE-2006-4452 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: Web3news
CVE-2006-4451 (Direct static code injection vulnerability in CJ Tag Board 3.0 allows ...)
	NOT-FOR-US: Tag Board
CVE-2006-4450 (usercp_avatar.php in PHPBB 2.0.20, when avatar uploading is enabled, ...)
	- phpbb2 2.0.21-1 (unimportant)
	NOTE: That's by design and even disabled by default
CVE-2006-4449 (Cross-site scripting (XSS) vulnerability in attachment.php in ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2006-4448 (Multiple PHP remote file inclusion vulnerabilities in interact 2.2, ...)
	NOT-FOR-US: interact
CVE-2006-4447 (X.Org and XFree86, including libX11, xdm, xf86dga, xinit, xload, ...)
	{DSA-1193-1}
	- xbase-clients 1:7.1.ds-2 (unimportant)
	- xtrans 1.0.0-6 (unimportant)
	- xorg-server 1:1.0.2-9 (low)
	- libx11 2:1.0.0-7 (unimportant)
	- xdm 1:1.0.5-1 (unimportant)
	- xterm <unfixed> (unimportant)
CVE-2006-4446 (Heap-based buffer overflow in DirectAnimation.PathControl COM object ...)
	NOT-FOR-US: Microsoft
CVE-2006-4445 (** DISPUTED ** ...)
	NOT-FOR-US: CuteNews
CVE-2006-4444 (Multiple SQL injection vulnerabilities in Cybozu Garoon 2.1.0 for ...)
	NOT-FOR-US: Cybozu Garoon
CVE-2006-4443 (PHP remote file inclusion vulnerability in myajaxphp.php in AlstraSoft ...)
	NOT-FOR-US: AlstraSoft Video Share Enterprise
CVE-2006-4442 (Cross-site scripting (XSS) vulnerability in PHP iAddressBook before ...)
	NOT-FOR-US: iAddressBook
CVE-2006-4441 (Multiple PHP remote file inclusion vulnerabilities in Ay System ...)
	NOT-FOR-US: Ay System Solutions CMS
CVE-2006-4440 (PHP remote file inclusion vulnerability in main.php in Ay System ...)
	NOT-FOR-US: Ay System Solutions CMS
CVE-2006-4439 (pkgadd in Sun Solaris 10 before 20060825 installs files with insecure ...)
	NOT-FOR-US: Solaris
CVE-2006-4438 (Heap-based buffer overflow in SpIDer for Dr.Web Scanner for Linux ...)
	NOT-FOR-US: SpIDer for Dr.Web Scanner
CVE-2006-4437 (Eval injection vulnerability in Tagger LE allows remote attackers to ...)
	NOT-FOR-US: Tagger LE
CVE-2005-4810 (Microsoft Internet Explorer 7.0 Beta3 and earlier allows remote ...)
	NOT-FOR-US: Microsoft
CVE-2005-4809 (Mozilla Firefox 1.0.1 and possibly other versions, including Mozilla ...)
	- mozilla <unfixed> (low)
	- firefox <not-affected> (at least 1.5.0.6 is not vulnerable)
	- xulrunner <not-affected>
	[sarge] - mozilla <no-dsa> (Conceptual problem, not fixable in a backport)
CVE-2003-1305 (Microsoft Internet Explorer allows remote attackers to cause a denial ...)
	NOT-FOR-US: Microsoft
CVE-2006-4602 (Unrestricted file upload vulnerability in jhot.php in TikiWiki 1.9.4 ...)
	- tikiwiki 1.9.4+dfsg2-3
CVE-2006-4436 (isakmpd in OpenBSD 3.8, 3.9, and possibly earlier versions, creates ...)
	{DSA-1175-1}
	- isakmpd 20041012-4 (bug #385894; medium)
CVE-2006-4435 (OpenBSD 3.8, 3.9, and possibly earlier versions allows ...)
	NOT-FOR-US: OpenBSD
CVE-2006-4434 (Use-after-free vulnerability in Sendmail before 8.13.8 allows remote ...)
	{DSA-1164}
	- sendmail 8.13.8-1 (bug #385054; medium)
CVE-2006-4433 (PHP before 4.4.3 and 5.x before 5.1.4 does not limit the character set ...)
	- php4 4:4.4.4-1 (unimportant)
	- php5 5.1.4-0.1 (unimportant)
	NOTE: Sanitising this is an application's job
CVE-2006-4432 (Directory traversal vulnerability in Zend Platform 2.2.1 and earlier ...)
	NOT-FOR-US: Zend Platform
CVE-2006-4431 (Multiple buffer overflows in the (a) Session Clustering Daemon and the ...)
	NOT-FOR-US: Zend Platform
CVE-2006-4430 (The Cisco Network Admission Control (NAC) 3.6.4.1 and earlier allows ...)
	NOT-FOR-US: Cisco
CVE-2006-4429 (** DISPUTED ** ...)
	NOT-FOR-US: PHlyMail Lite
CVE-2006-4428 (** DISPUTED ** ...)
	NOT-FOR-US: Jupiter CMS
CVE-2006-4427 (index.php in eFiction before 2.0.7 allows remote attackers to bypass ...)
	NOT-FOR-US: eFiction
CVE-2006-4426 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: AlberT-EasySite
CVE-2006-4425 (Multiple PHP remote file inclusion vulnerabilities in phpCOIN 1.2.3 ...)
	NOT-FOR-US: phpCOIN
CVE-2006-4424 (PHP remote file inclusion vulnerability in coin_includes/constants.php ...)
	NOT-FOR-US: phpCOIN
CVE-2006-4423 (Multiple PHP remote file inclusion vulnerabilities in Bigace 1.8.2 ...)
	NOT-FOR-US: Bigace
CVE-2006-4422 (** DISPUTED ** ...)
	NOT-FOR-US: Jetbox CMS
CVE-2006-4421 (Cross-site scripting (XSS) vulnerability in ...)
	NOT-FOR-US: Yet Another PHP Image Gallery
CVE-2006-4420 (Directory traversal vulnerability in include_lang.php in Phaos 0.9.2 ...)
	NOT-FOR-US: Phaos
CVE-2006-4419 (SQL injection vulnerability in note.php in ProManager 0.73 allows ...)
	NOT-FOR-US: ProManager
CVE-2006-4418 (Directory traversal vulnerability in index.php for Wikepage 2006.2a ...)
	NOT-FOR-US: Wikepage
CVE-2006-4417 (SQL injection vulnerability in edituser.php in Xoops before 2.0.15 ...)
	NOT-FOR-US: Xoops
CVE-2006-4416 (Untrusted search path vulnerability in the mkvg command in IBM AIX 5.2 ...)
	NOT-FOR-US: IBM AIX
CVE-2006-4415
	RESERVED
CVE-2006-4414
	RESERVED
CVE-2006-4413 (Apple Remote Desktop before 3.1 uses insecure permissions for certain ...)
	NOT-FOR-US: Apple Remote Desktop
CVE-2006-4412 (WebKit in Apple Mac OS X 10.3.x through 10.3.9 and 10.4 through 10.4.8 ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2006-4411 (The VPN service in Apple Mac OS X 10.3.x through 10.3.9 and 10.4.x ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2006-4410 (The Security Framework in Apple Mac OS X 10.3.9, and 10.4.x before ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2006-4409 (The Online Certificate Status Protocol (OCSP) service in the Security ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2006-4408 (The Security Framework in Apple Mac OS X 10.4 through 10.4.8 allows ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2006-4407 (The Security Framework in Apple Mac OS X 10.3.x up to 10.3.9 does not ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2006-4406 (Buffer overflow in PPP on Apple Mac OS X 10.4.x up to 10.4.8 and ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2006-4405
	RESERVED
CVE-2006-4404 (The Installer application in Apple Mac OS X 10.4.8 and earlier, when ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2006-4403 (The FTP server in Apple Mac OS X 10.4.8 and earlier, when FTP Access ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2006-4402 (Heap-based buffer overflow in the Finder in Apple Mac OS X 10.4.8 and ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2006-4401 (Unspecified vulnerability in CFNetwork in Mac OS 10.4.8 and earlier ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2006-4400 (Stack-based buffer overflow in the Apple Type Services (ATS) server in ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2006-4399 (User interface inconsistency in Workgroup Manager in Apple Mac OS X ...)
	NOT-FOR-US: Mac OS
CVE-2006-4398 (Multiple buffer overflows in the Apple Type Services (ATS) server in ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2006-4397 (Unchecked error condition in LoginWindow in Apple Mac OS X 10.4 ...)
	NOT-FOR-US: Mac OS
CVE-2006-4396 (The Apple Type Services (ATS) server in Mac OS X 10.4.8 and earlier ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2006-4395 (Unspecified vulnerability in QuickDraw Manager in Apple Mac OS X ...)
	NOT-FOR-US: Mac OS
CVE-2006-4394 (A logic error in LoginWindow in Apple Mac OS X 10.4 through 10.4.7, ...)
	NOT-FOR-US: Mac OS
CVE-2006-4393 (Unspecified vulnerability in LoginWindow in Apple Mac OS X 10.4 ...)
	NOT-FOR-US: Mac OS
CVE-2006-4392 (The Mach kernel, as used in operating systems including (1) Mac OS X ...)
	NOT-FOR-US: Mac OS
CVE-2006-4391 (Buffer overflow in Apple ImageIO on Apple Mac OS X 10.4 through 10.4.7 ...)
	NOT-FOR-US: Mac OS
CVE-2006-4390 (CFNetwork in Apple Mac OS X 10.4 through 10.4.7 and 10.3.9 allows ...)
	NOT-FOR-US: Mac OS
CVE-2006-4389 (Apple QuickTime before 7.1.3 allows user-assisted remote attackers to ...)
	NOT-FOR-US: Apple QuickTime
CVE-2006-4388 (Integer overflow in Apple QuickTime before 7.1.3 allows user-assisted ...)
	NOT-FOR-US: Apple QuickTime
CVE-2006-4387 (Apple Mac OS X 10.4 through 10.4.7, when the administrator clears the ...)
	NOT-FOR-US: Mac OS
CVE-2006-4386 (Integer overflow in Apple QuickTime before 7.1.3 allows user-assisted ...)
	NOT-FOR-US: Apple QuickTime
CVE-2006-4385 (Buffer overflow in Apple QuickTime before 7.1.3 allows user-assisted ...)
	NOT-FOR-US: Apple QuickTime
CVE-2006-4384 (Heap-based buffer overflow in Apple QuickTime before 7.1.3 allows ...)
	NOT-FOR-US: Apple QuickTime
CVE-2006-4383
	RESERVED
CVE-2006-4382 (Multiple buffer overflows in Apple QuickTime before 7.1.3 allow ...)
	NOT-FOR-US: Apple QuickTime
CVE-2006-4381 (Integer overflow in Apple QuickTime before 7.1.3 allows user-assisted ...)
	NOT-FOR-US: Apple QuickTime
CVE-2006-4380 (MySQL before 4.1.13 allows local users to cause a denial of service ...)
	{DSA-1169}
	- mysql-dfsg-5.0 <not-affected> (only 4.1 affected)
	- mysql-dfsg <not-affected> (only 4.1 affected)
	- mysql-dfsg-4.1 <removed>
CVE-2006-4379 (Stack-based buffer overflow in the SMTP Daemon in Ipswitch ...)
	NOT-FOR-US: Ipswitch Collaboration 2006 Suite
CVE-2006-4378 (** DISPUTED ** ...)
	NOT-FOR-US: Rssxt component for Joomla! (com_rssxt)
CVE-2006-4377 (Multiple SQL injection vulnerabilities in Guder und Koch ...)
	NOT-FOR-US: Eichhorn Portal
CVE-2006-4376 (Multiple cross-site scripting (XSS) vulnerabilities in Guder und Koch ...)
	NOT-FOR-US: Eichhorn Portal
CVE-2006-4375 (** DISPUTED ** ...)
	NOT-FOR-US: Contacts XTD (ContXTD) component for Mambo (com_contxtd)
CVE-2006-4374 (IrfanView 3.98 (with plugins) allows user-assisted attackers to cause ...)
	NOT-FOR-US: IrfanView
CVE-2006-4373 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: pSlash
CVE-2006-4372 (PHP remote file inclusion vulnerability in admin.lurm_constructor.php ...)
	NOT-FOR-US: Lurm Constructor component (com_lurm_constructor) for Mambo
CVE-2006-4371 (Multiple directory traversal vulnerabilities in Alt-N WebAdmin 3.2.3 ...)
	NOT-FOR-US: Alt-N WebAdmin
CVE-2006-4370 (Alt-N WebAdmin 3.2.3 and 3.2.4 running with MDaemon 9.0.5, and ...)
	NOT-FOR-US: Alt-N WebAdmin
CVE-2006-4369 (Absolute path traversal vulnerability in includes/functions_portal.php ...)
	NOT-FOR-US: IntegraMOD Portal
CVE-2006-4368 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: IntegraMOD Portal
CVE-2006-4367 (SQL injection vulnerability in alltopics.php in the All Topics Hack ...)
	NOT-FOR-US: All Topics Hack for phpBB
CVE-2006-4366 (PHP remote file inclusion vulnerability in index.php in RedBLoG 0.5 ...)
	NOT-FOR-US: RedBLoG
CVE-2006-4365 (Multiple PHP remote file inclusion vulnerabilities in VistaBB 2.0.33 ...)
	NOT-FOR-US: VistaBB
CVE-2006-4364 (Multiple heap-based buffer overflows in the POP3 server in Alt-N ...)
	NOT-FOR-US: Alt-N Technologies MDaemon
CVE-2006-4363 (PHP remote file inclusion vulnerability in admin.cropcanvas.php in the ...)
	NOT-FOR-US: CropImage component (com_cropimage) for Mambo
CVE-2006-4362 (Cross-site scripting (XSS) vulnerability in getad.php in Diesel Paid ...)
	NOT-FOR-US: Diesel Paid Mail
CVE-2006-4361 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
	NOT-FOR-US: Diesel Job Site
CVE-2006-4360 (Cross-site scripting (XSS) vulnerability in E-commerce 4.7 for Drupal ...)
	NOT-FOR-US: E-commerce for Drupal
CVE-2006-4359 (Stack-based buffer overflow in Trident Software PowerZip 7.06 Build ...)
	NOT-FOR-US: PowerZip
CVE-2006-4358 (Cross-site scripting (XSS) vulnerability in index.php in Diesel Pay ...)
	NOT-FOR-US: Diesel Pay
CVE-2006-4357 (PHP remote file inclusion vulnerability in clients/index.php in Diesel ...)
	NOT-FOR-US: Diesel Smart Traffic
CVE-2006-4356 (SQL injection vulnerability in Drupal Easylinks Module ...)
	NOT-FOR-US: Easylinks Module for Drupal
CVE-2006-4355 (Cross-site scripting (XSS) vulnerability in Drupal Easylinks Module ...)
	NOT-FOR-US: Easylinks Module for Drupal
CVE-2006-4354 (PHP remote file inclusion vulnerability in e/class/CheckLevel.php in ...)
	NOT-FOR-US: Phome Empire CMS
CVE-2006-4353 (Unspecified vulnerability in Sun Java System Content Delivery Server ...)
	NOT-FOR-US: Sun Java System Content Delivery Server
CVE-2006-4352 (The ArrowPoint cookie functionality for Cisco 11000 series Content ...)
	NOT-FOR-US: Cisco
CVE-2006-4351 (Cross-site scripting (XSS) vulnerability in index.php in OneOrZero ...)
	NOT-FOR-US: OneOrZero
CVE-2006-4350 (SQL injection vulnerability in index.php in OneOrZero 1.6.4.1 allows ...)
	NOT-FOR-US: OneOrZero
CVE-2006-4349 (** DISPUTED ** ...)
	NOT-FOR-US: ToendaCMS
CVE-2006-4348 (PHP remote file inclusion vulnerability in config.kochsuite.php in the ...)
	NOT-FOR-US: Kochsuite (com_kochsuite) component for Mambo and Joomla!
CVE-2006-4347 (SQL injection vulnerability in user logon authentication request ...)
	NOT-FOR-US: Cool Manager
CVE-2006-4346 (Asterisk 1.2.10 supports the use of client-controlled variables to ...)
	- asterisk 1:1.2.11.dfsg-1 (medium; bug #385060)
CVE-2006-4345 (Stack-based buffer overflow in channels/chan_mgcp.c in MGCP in ...)
	- asterisk 1:1.2.11.dfsg-1 (medium; bug #385060)
CVE-2006-4344 (CRLF injection vulnerability in CGI-Rescue Mail F/W System (formd) ...)
	NOT-FOR-US: CGI-Rescue Mail F/W System
CVE-2006-4343 (The get_server_hello function in the SSLv2 client code in OpenSSL ...)
	{DSA-1195-1 DSA-1185-2}
	- openssl 0.9.8c-2 (bug #389940)
	- openssl097 0.9.7k-2
	- openssl096 <removed>
CVE-2006-4342 (The kernel in Red Hat Enterprise Linux 3, when running on SMP systems, ...)
	- linux-2.6 <not-affected> (Flaw specific to Red Hat backport)
CVE-2006-4341
	REJECTED
CVE-2006-4340 (Mozilla Network Security Service (NSS) library before 3.11.3, as used ...)
	{DSA-1210 DSA-1192-1 DSA-1191-1}
	NOTE: MFSA-2006-60, this is the similar to CVE-2006-4339
	- mozilla <unfixed> (high)
	- firefox 1.5.dfsg+1.5.0.7-1 (high)
	- thunderbird 1.5.0.7-1 (high)
	- xulrunner 1.8.0.7-1 (high)
CVE-2006-4339 (OpenSSL before 0.9.7, 0.9.7 before 0.9.7k, and 0.9.8 before 0.9.8c, ...)
	{DSA-1174-1 DSA-1173-1}
	- openssl 0.9.8b-3 (medium)
	- openssl097 0.9.7i-2 (medium)
	- openssl096 <removed>
CVE-2006-4338 (unlzh.c in the LHZ component in gzip 1.3.5 allows context-dependent ...)
	{DSA-1181-1}
	- gzip 1.3.5-15 (medium)
	- lha 1.14i-10.1 (medium; bug #401301)
	[sarge] - lha <no-dsa> (Non-free not supported)
	[etch] - lha <no-dsa> (Non-free not supported)
CVE-2006-4337 (Buffer overflow in the make_table function in the LHZ component in ...)
	{DSA-1181-1}
	- gzip 1.3.5-15 (high)
	- lha 1.14i-10.1 (high; bug #401301)
	[sarge] - lha <no-dsa> (Non-free not supported)
	[etch] - lha <no-dsa> (Non-free not supported)
CVE-2006-4336 (Buffer underflow in the build_tree function in unpack.c in gzip 1.3.5 allows ...)
	{DSA-1181-1}
	- gzip 1.3.5-15 (high)
CVE-2006-4335 (Array index error in the make_table function in unlzh.c in the LZH ...)
	{DSA-1181-1}
	- gzip 1.3.5-15 (high)
	- lha 1.14i-10.1 (high; bug #401301)
	[sarge] - lha <no-dsa> (Non-free not supported)
	[etch] - lha <no-dsa> (Non-free not supported)
CVE-2006-4334 (Unspecified vulnerability in gzip 1.3.5 allows context-dependent ...)
	{DSA-1181-1}
	- gzip 1.3.5-15 (high)
CVE-2006-4333 (The SSCOP dissector in Wireshark (formerly Ethereal) before 0.99.3 allows ...)
	{DSA-1171}
	- wireshark 0.99.2-5.1 (low; bug #384529)
	- ethereal <removed> (low; bug #384528)
CVE-2006-4332 (Unspecified vulnerability in the DHCP dissector in Wireshark (formerly ...)
	- wireshark <not-affected> (windows only)
	- ethereal <not-affected> (windows only)
CVE-2006-4331 (Multiple off-by-one errors in the IPSec ESP preference parser in ...)
	- wireshark 0.99.2-5.1 (medium; bug #384529)
	- ethereal <not-affected> (only wireshark 0.99.2 affected)
CVE-2006-4330 (Unspecified vulnerability in the SCSI dissector in Wireshark (formerly ...)
	- wireshark 0.99.2-5 (medium; bug #384529)
	- ethereal <not-affected> (only wireshark 0.99.2 affected)
CVE-2006-4329 (Multiple PHP remote file inclusion vulnerabilities in Shadows Rising ...)
	NOT-FOR-US: Shadows Rising
CVE-2006-4328 (SQL injection vulnerability in admin.php in CloudNine Interactive ...)
	NOT-FOR-US: CloudNine
CVE-2006-4327 (Multiple cross-site scripting (XSS) vulnerabilities in add_url.php in ...)
	NOT-FOR-US: CloudNine
CVE-2006-4326 (Stack-based buffer overflow in Justsystem Ichitaro 9.x through 13.x, ...)
	NOT-FOR-US: Ichitaro
CVE-2006-4325 (Cross-site scripting (XSS) vulnerability in gbook.php in Doika ...)
	NOT-FOR-US: Doika
CVE-2006-4324 (Cross-site scripting (XSS) vulnerability in add_url2.php in ...)
	NOT-FOR-US: CityForFree
CVE-2006-4323 (SQL injection vulnerability in list.php in CityForFree indexcity 1.0, ...)
	NOT-FOR-US: CityForFree
CVE-2006-4322 (PHP remote file inclusion vulnerability in estateagent.php in the ...)
	NOT-FOR-US: Mambo
CVE-2006-4321 (PHP remote file inclusion vulnerability in cpg.php in the Coppermine ...)
	NOT-FOR-US: Mambo
CVE-2006-4320 (PHP remote file inclusion vulnerability in sef.php in the OpenSEF ...)
	NOT-FOR-US: OpenSEF for Joomla
CVE-2006-4319 (Buffer overflow in the format command in Solaris 8, 9, and 10 allows ...)
	NOT-FOR-US: Solaris
CVE-2006-4318 (Buffer overflow in WFTPD Server 3.23 allows remote attackers to ...)
	NOT-FOR-US: WFTPD
CVE-2006-4317 (Cross-site scripting (XSS) vulnerability in attachment.php in WoltLab ...)
	NOT-FOR-US: WoltLab
CVE-2006-4316 (SSH Tectia Management Agent 2.1.2 allows local users to gain root ...)
	NOT-FOR-US: SSH Tectia Management Agent
CVE-2006-4315 (Unquoted Windows search path vulnerability in multiple SSH Tectia ...)
	NOT-FOR-US: SSH Tectia Management Agent
CVE-2006-4314 (The manager server in Symantec Enterprise Security Manager (ESM) 6 and ...)
	NOT-FOR-US: Symantec
CVE-2006-4313 (Multiple unspecified vulnerabilities in Cisco VPN 3000 series ...)
	NOT-FOR-US: Cisco
CVE-2006-4312 (Cisco PIX 500 Series Security Appliances and ASA 5500 Series Adaptive ...)
	NOT-FOR-US: Cisco
CVE-2006-4311 (PHP remote file inclusion vulnerability in Sonium Enterprise ...)
	NOT-FOR-US: Sonium Enterprise Adressbook
CVE-2006-4310 (Mozilla Firefox 1.5.0.6 allows remote attackers to cause a denial of ...)
	{DSA-1227-1 DSA-1225-1 DSA-1224-1}
	- firefox <removed>
	- iceweasel 2.0+dfsg-1
	- mozilla <unfixed>
	- mozilla-firefox <unfixed>
	- xulrunner 1.8.0.8-1
CVE-2006-4309 (VNC server on the AK-Systems Windows Terminal 1.2.5 ExVLP is not ...)
	NOT-FOR-US: AK-Systems Windows Terminal
CVE-2006-4308 (Multiple cross-site scripting (XSS) vulnerabilities in Blackboard ...)
	NOT-FOR-US: Blackboard Learning System
CVE-2006-4307 (Unspecified vulnerability in the format command in Sun Solaris 8 and 9 ...)
	NOT-FOR-US: Solaris
CVE-2006-4306 (Unspecified vulnerability in Sun Solaris 8 and 9 before 20060821 ...)
	NOT-FOR-US: Solaris
CVE-2006-4305 (Buffer overflow in SAP DB and MaxDB before 7.6.00.30 allows remote ...)
	{DSA-1190-1}
	- maxdb-7.5.00 7.5.00.34-5 (high; bug #386182)
CVE-2006-4304 (Buffer overflow in the sppp driver in FreeBSD 4.11 through 6.1, NetBSD ...)
	- kfreebsd-5 5.4-18 (bug #391289)
	[etch] - kfreebsd-5 <no-dsa> (Etch doesn't have security support for the FreeBSD kernel)
CVE-2006-4303 (Race condition in (1) libnsl and (2) TLI/XTI API routines in Sun ...)
	NOT-FOR-US: Solaris
CVE-2006-4302 (The Java Plug-in J2SE 1.3.0_02 through 5.0 Update 5, and Java Web ...)
	- sun-java5 1.5.0-07-1
CVE-2006-4301 (Microsoft Internet Explorer 6.0 SP1 allows remote attackers to cause a ...)
	NOT-FOR-US: Microsoft
CVE-2006-4300 (SQL injection vulnerability in comments.asp in SimpleBlog 2.0 and ...)
	NOT-FOR-US: SimpleBlog
CVE-2006-4299 (Cross-site scripting (XSS) vulnerability in tiki-searchindex.php in ...)
	- tikiwiki 1.9.4+dfsg2-2 (low; bug #384796)
CVE-2006-4298 (Multiple directory traversal vulnerabilities in cache.php in ...)
	NOT-FOR-US: osCommerce
CVE-2006-4297 (SQL injection vulnerability in shopping_cart.php in osCommerce before ...)
	NOT-FOR-US: osCommerce
CVE-2006-4296 (PHP remote file inclusion vulnerability in classes/Tar.php in ...)
	NOT-FOR-US: bigAPE-Backup component (com_babackup) for Mambo
CVE-2006-4295 (Cross-site scripting (XSS) vulnerability in ascan_6.asp in Panda ...)
	NOT-FOR-US: Panda ActiveScan
CVE-2006-4294 (Directory traversal vulnerability in viewfile in TWiki 4.0.0 through 4.0.4 ...)
	- twiki 1:4.0.4-3 (bug #389267; low)
CVE-2006-4293 (Multiple cross-site scripting (XSS) vulnerabilities in cPanel 10 allow ...)
	NOT-FOR-US: cPanel
CVE-2006-4292 (Unspecified vulnerability in Niels Provos Honeyd before 1.5b allows ...)
	- honeyd 1.5b-1 (low; bug #384806)
	[sarge] - honeyd <no-dsa> (Minor issue)
CVE-2006-4291 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: PHlyMail Lite
CVE-2006-4290 (Directory traversal vulnerability in Sony VAIO Media Server 2.x, 3.x, ...)
	NOT-FOR-US: Sony
CVE-2006-4289 (Buffer overflow in Sony VAIO Media Server 2.x, 3.x, 4.x, and 5.x ...)
	NOT-FOR-US: Sony
CVE-2006-4288 (PHP remote file inclusion vulnerability in admin.a6mambocredits.php in ...)
	NOT-FOR-US: a6mambocredits component (com_a6mambocredits) for Mambo
CVE-2006-4287 (Multiple PHP remote file inclusion vulnerabilities in NES Game and NES ...)
	NOT-FOR-US: NES Game and NES System
CVE-2006-4286 (** DISPUTED ** ...)
	NOT-FOR-US: contentpublisher component (com_contentpublisher) for Mambo
CVE-2006-4285 (PHP remote file inclusion vulnerability in news.php in Fantastic News ...)
	NOT-FOR-US: Fantastic News
CVE-2006-4284 (SQL injection vulnerability in comments.asp in LBlog 1.05 and earlier ...)
	NOT-FOR-US: LBlog
CVE-2006-4283 (Multiple PHP remote file inclusion vulnerabilities in SOLMETRA SPAW ...)
	NOT-FOR-US: SOLMETRA SPAW Editor
CVE-2006-4282 (PHP remote file inclusion vulnerability in MamboLogin.php in the ...)
	NOT-FOR-US: MamboWiki component (com_mambowiki) for Mambo and Joomla!
CVE-2006-4281 (PHP remote file inclusion vulnerability in akocomments.php in ...)
	NOT-FOR-US: AkoComment 1.1 module (com_akocomment) for Mambo
CVE-2006-4280 (** DISPUTED ** ...)
	NOT-FOR-US: ANJEL (formerly MaMML) Component (com_anjel) for Mambo
CVE-2006-4279 (SQL injection vulnerability in topic_post.php in XennoBB 2.2.1 and ...)
	NOT-FOR-US: XennoBB
CVE-2006-4278 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: SportsPHool
CVE-2006-4277 (Multiple PHP remote file inclusion vulnerabilities in Tutti Nova 1.6 ...)
	NOT-FOR-US: Tutti Nova
CVE-2006-4276 (PHP remote file inclusion vulnerability in Tutti Nova 1.6 and earlier ...)
	NOT-FOR-US: Tutti Nova
CVE-2006-4275 (PHP remote file inclusion vulnerability in catalogshop.php in the ...)
	NOT-FOR-US: CatalogShop component for Mambo (com_catalogshop)
CVE-2006-4274
	REJECTED
CVE-2006-4273 (Cross-site scripting (XSS) vulnerability in Jelsoft vBulletin 3.5.4 ...)
	NOT-FOR-US: Jelsoft vBulletin
CVE-2006-4272 (** DISPUTED ** ...)
	NOT-FOR-US: Jelsoft vBulletin
CVE-2006-4271 (** DISPUTED ** ...)
	NOT-FOR-US: Jelsoft vBulletin
CVE-2006-4270 (PHP remote file inclusion vulnerability in mambelfish.class.php in the ...)
	NOT-FOR-US: mambelfish component (com_mambelfish) for Mambo
CVE-2006-4269 (** DISPUTED ** ...)
	NOT-FOR-US: x-shop component (com_x-shop) for Mambo and Joomla!
CVE-2006-4268 (Multiple cross-site scripting (XSS) vulnerabilities in CubeCart 3.0.11 ...)
	NOT-FOR-US: CubeCart
CVE-2006-4267 (Multiple SQL injection vulnerabilities in CubeCart 3.0.11 and earlier ...)
	NOT-FOR-US: CubeCart
CVE-2006-4266 (Symantec Norton Personal Firewall 2006 9.1.0.33, and possibly earlier, ...)
	NOT-FOR-US: Symantec
CVE-2006-4265 (Kaspersky Anti-Hacker 1.8.180, when Stealth Mode is enabled, allows ...)
	NOT-FOR-US: Kaspersky
CVE-2006-4264 (** DISPUTED ** ...)
	NOT-FOR-US: lmtg_myhomepage Component (com_lmtg_myhomepage) for Mambo
CVE-2006-4263 (Multiple PHP remote file inclusion vulnerabilities in the Product ...)
	NOT-FOR-US: mambo-phpshop (com_phpshop) for Mambo and Joomla!
CVE-2006-4262 (Multiple buffer overflows in cscope 15.5 and earlier allow ...)
	{DSA-1186-1}
	- cscope 15.5+cvs20060902-1 (low; bug #385893)
CVE-2006-4261
	REJECTED
CVE-2006-4260 (Directory traversal vulnerability in index.php in Fotopholder 1.8 ...)
	NOT-FOR-US: Fotopholder
CVE-2006-4259 (Cross-site scripting (XSS) vulnerability in index.php in Fotopholder ...)
	NOT-FOR-US: Fotopholder
CVE-2006-4258 (Absolute path traversal vulnerability in the get functionality in ...)
	NOT-FOR-US: Anti-Spam SMTP Proxy
CVE-2006-4257 (IBM DB2 Universal Database (UDB) before 8.1 FixPak 13 allows remote ...)
	NOT-FOR-US: IBM DB2
CVE-2006-4256 (index.php in Horde Application Framework before 3.1.2 allows remote ...)
	{DSA-1406-1}
	- horde3 3.1.3-1 (low; bug #383416)
CVE-2006-4255 (Cross-site scripting (XSS) vulnerability in horde/imp/search.php in ...)
	- imp4 4.1.3-1 (low; bug #383416)
CVE-2006-4254 (Unspecified vulnerability in setlocale in IBM AIX 5.1.0 through 5.3.0 ...)
	NOT-FOR-US: IBM AIX
CVE-2006-4253 (Concurrency vulnerability in Mozilla Firefox 1.5.0.6 and earlier ...)
	NOTE: MFSA-2006-59
	- xulrunner 1.8.0.7-1 (medium)
	- firefox 1.5.dfsg+1.5.0.7-1 (medium)
	- mozilla <unfixed> (medium)
	- thunderbird 1.5.0.7-1 (low)
	- mozilla-firefox <removed> (unimportant)
	[sarge] - mozilla <unfixed> (unimportant)
	[sarge] - mozilla-thunderbird <unfixed> (unimportant)
	NOTE: On Sarge this is only a crasher, code injection is only possible for Firefox 1.5 et al.
CVE-2006-4252 (PowerDNS Recursor 3.1.3 and earlier allows remote attackers to cause a ...)
	- pdns-recursor 3.1.4-1 (bug #398559)
	- pdns <not-affected> (Recursor module has been moved to pdns-recursor)
CVE-2006-4251 (Buffer overflow in PowerDNS Recursor 3.1.3 and earlier might allow ...)
	{DSA-1211}
	- pdns-recursor 3.1.4-1 (bug #398557; high)
	- pdns <not-affected> (Recursor module has been moved to pdns-recursor)
CVE-2006-4250 (Buffer overflow in man and mandb (man-db) 2.4.3 and earlier allows ...)
	{DSA-1278-1}
	- man-db 2.4.3-5
CVE-2006-4249 (Unspecified vulnerability in PlonePAS in Plone 2.5 and 2.5.1, when ...)
	- zope-cmfplone 2.5.1-3 (bug #401796)
	[sarge] - zope-cmfplone <not-affected> (Vulnerable code not present)
CVE-2006-4248 (thttpd on Debian GNU/Linux, and possibly other distributions, allows ...)
	{DSA-1205-1}
	- thttpd 2.23beta1-5 (bug #396277)
CVE-2006-4247 (Unspecified vulnerability in the Password Reset Tool before 0.4.1 on ...)
	[sarge] - zope-cmfplone <not-affected> (Vulnerable code not present)
	- zope-cmfplone 2.5.1-1
CVE-2006-4246 (Usermin before 1.220 (20060629) allows remote attackers to read ...)
	{DSA-1177-1}
	- usermin <removed> (bug #374609)
CVE-2006-4245
	RESERVED
CVE-2006-4244 (SQL-Ledger 2.4.4 through 2.6.17 authenticates users by verifying that ...)
	{DSA-1239-1}
	- sql-ledger 2.6.18-1 (medium; bug #386519)
CVE-2006-4243 [linux vserver priviledge escalation in remount code]
	RESERVED
	- linux-2.6 2.6.17-9
CVE-2006-4242 (PHP remote file inclusion vulnerability in install.jim.php in the JIM ...)
	NOT-FOR-US: JIM component for Joomla or Mambo
CVE-2006-4241 (PHP remote file inclusion vulnerability in processor/reporter.sql.php ...)
	NOT-FOR-US: Reporter Mambo component (com_reporter)
CVE-2006-4240 (PHP remote file inclusion vulnerability in index.php in Fusion News ...)
	NOT-FOR-US: Fusion News
CVE-2006-4239 (PHP remote file inclusion vulnerability in include/urights.php in ...)
	NOT-FOR-US: Outreach Project Tool
CVE-2006-4238 (SQL injection vulnerability in torrents.php in WebTorrent (WTcom) ...)
	NOT-FOR-US: WebTorrent (WTcom)
CVE-2006-4237 (PHP remote file inclusion vulnerability in pageheaderdefault.inc.php ...)
	NOT-FOR-US: Invisionix Roaming System Remote (IRSR)
CVE-2006-4236 (Multiple PHP remote file inclusion vulnerabilities in POWERGAP allow ...)
	NOT-FOR-US: POWERGAP
CVE-2006-4235 (Buffer overflow in the import project functionality in Sony SonicStage ...)
	NOT-FOR-US: Sony
CVE-2006-4234 (PHP remote file inclusion vulnerability in classes/query.class.php in ...)
	NOT-FOR-US: dotProject
CVE-2006-4233 (Globus Toolkit 3.2.x, 4.0.x, and 4.1.0 before 20060815 allow local ...)
	NOT-FOR-US: Globus Toolkit
CVE-2006-4232 (Race condition in the grid-proxy-init tool in Globus Toolkit 3.2.x, ...)
	NOT-FOR-US: Globus Toolkit
CVE-2006-4231 (IrfanView 3.98 (with plugins) allows remote attackers to cause a ...)
	NOT-FOR-US: IrfanView
CVE-2006-4230 (Multiple PHP remote file inclusion vulnerabilities in index.php in ...)
	NOT-FOR-US: Lizge Web Portal
CVE-2006-4229 (PHP remote file inclusion vulnerability in archive.php in the ...)
	NOT-FOR-US: mosListMessenger Component (com_lm) for Mambo and Joomla!
CVE-2006-4228 (Symantec Veritas NetBackup PureDisk Remote Office Edition 6.0 before ...)
	NOT-FOR-US: Symantec
CVE-2006-4227 (MySQL before 5.0.25 and 5.1 before 5.1.12 evaluates arguments of suid ...)
	- mysql-dfsg-5.0 5.0.24-3 (low; bug #384798)
CVE-2006-4226 (MySQL before 4.1.21, 5.0 before 5.0.25, and 5.1 before 5.1.12, when ...)
	{DSA-1169}
	- mysql-dfsg-5.0 5.0.24-3 (low; bug #384798)
	[sarge] - mysql-dfsg <not-affected> (Vulnerable code not present)
CVE-2006-4225
	REJECTED
CVE-2006-4224 (Cross-site scripting (XSS) vulnerability in calendar.php in Virtual ...)
	NOT-FOR-US: Virtual War
CVE-2006-4223 (IBM WebSphere Application Server (WAS) before 6.0.2.13 allows ...)
	NOT-FOR-US: IBM WebSphere Application
CVE-2006-4222 (Multiple unspecified vulnerabilities in IBM WebSphere Application ...)
	NOT-FOR-US: IBM WebSphere Application
CVE-2006-4221 (Stack-based buffer overflow in the IBM Access Support eGatherer ...)
	NOT-FOR-US: IBM
CVE-2006-4220 (Multiple cross-site scripting (XSS) vulnerabilities in webacc in ...)
	NOT-FOR-US: Novell GroupWise WebAccess
CVE-2006-4219 (The Terminal Services COM object (tsuserex.dll) allows remote ...)
	NOT-FOR-US: Terminal Services COM object
CVE-2006-4218 (Directory traversal vulnerability in Zen Cart 1.3.0.2 and earlier ...)
	NOT-FOR-US: Zen Cart
CVE-2006-4217 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: WEBInsta CMS
CVE-2006-4216
	REJECTED
CVE-2006-4215 (PHP remote file inclusion vulnerability in index.php in Zen Cart ...)
	NOT-FOR-US: Zen Cart
CVE-2006-4214 (Multiple SQL injection vulnerabilities in Zen Cart 1.3.0.2 and earlier ...)
	NOT-FOR-US: Zen Cart
CVE-2006-4213 (PHP remote file inclusion vulnerability in config.php in David Kent ...)
	NOT-FOR-US: Thatware
CVE-2006-4212 (SQL injection vulnerability in b0zz and Chris Vincent Owl Intranet ...)
	NOT-FOR-US: Owl Intranet Engine
CVE-2006-4211 (Cross-site scripting (XSS) vulnerability in b0zz and Chris Vincent Owl ...)
	NOT-FOR-US: Owl Intranet Engine
CVE-2006-4210 (nu_mail.inc.php in Andreas Kansok phPay 2.02 and 2.02.1, when ...)
	NOT-FOR-US: phPay
CVE-2006-4209 (PHP remote file inclusion vulnerability in install3.php in WEBInsta ...)
	NOT-FOR-US: WEBInsta Mailing List Manager
CVE-2006-4208 (Directory traversal vulnerability in wp-db-backup.php in Skippy ...)
	- wordpress 2.0.5-0.1 (unimportant; bug #384800)
	NOTE: Only exploitable by admin users, someone with the privilege to backup
	NOTE: your data must be trustworthy
CVE-2006-4207 (Multiple PHP remote file inclusion vulnerabilities in Bob Jewell ...)
	NOT-FOR-US: Discloser
CVE-2006-4206 (Cross-site scripting (XSS) vulnerability in calendar.asp in ...)
	NOT-FOR-US: ASPPlayground.NET Forum Advanced Edition
CVE-2006-4205 (Multiple PHP remote file inclusion vulnerabilities in WebDynamite ...)
	NOT-FOR-US: WebDynamite ProjectButler
CVE-2006-4204 (Multiple PHP remote file inclusion vulnerabilities in PHProjekt 5.1 ...)
	NOT-FOR-US: PHProjekt
CVE-2006-4203 (PHP remote file inclusion vulnerability in help.mmp.php in the MMP ...)
	NOT-FOR-US: MMP Component (com_mmp) for Mambo
CVE-2006-4202 (SQL injection vulnerability in proje_goster.php in Spidey Blog Script ...)
	NOT-FOR-US: Spidey Blog Script
CVE-2006-4201 (Unspecified vulnerability in the backup agent and Cell Manager in HP ...)
	NOT-FOR-US: HP OpenView Storage Data Protector
CVE-2006-4200 (Unspecified vulnerability in 04WebServer 1.83 and earlier allows ...)
	NOT-FOR-US: 04WebServer
CVE-2006-4199 (Cross-site scripting (XSS) vulnerability in Soft3304 04WebServer 1.83 ...)
	NOT-FOR-US: 04WebServer
CVE-2006-4198 (PHP remote file inclusion vulnerability in includes/session.php in ...)
	NOT-FOR-US: Wheatblog
CVE-2006-4197 (Multiple buffer overflows in libmusicbrainz (aka mb_client or ...)
	{DSA-1162}
	- libmusicbrainz-2.1 2.1.4-1 (medium; bug #383030)
	- libmusicbrainz-2.0 <removed> (medium; bug #383031)
CVE-2006-4196 (PHP remote file inclusion vulnerability in index.php in WEBInsta CMS ...)
	NOT-FOR-US: WEBInsta CMS
CVE-2006-4195 (PHP remote file inclusion vulnerability in param.peoplebook.php in the ...)
	NOT-FOR-US: Peoplebook Component for Mambo (com_peoplebook)
CVE-2005-4808 (Buffer overflow in reset_vars in config/tc-crx.c in the GNU as (gas) ...)
	- binutils 2.17-1 (low)
	[sarge] - binutils <no-dsa> (Only a security-problems in far-fetched configurations)
CVE-2005-4807 (Stack-based buffer overflow in the as_bad function in messages.c in ...)
	- binutils 2.17-1 (low)
	[sarge] - binutils <no-dsa> (Only a security-problems in far-fetched configurations)
CVE-2004-2663 (The (1) SetDebugging and (2) RunEgatherer methods in IBM Access ...)
	NOT-FOR-US: IBM
CVE-2004-2662 (Soft3304 04WebServer before 1.41 allows remote attackers to cause a ...)
	NOT-FOR-US: 04WebServer
CVE-2004-2661 (Soft3304 04WebServer before 1.41 does not properly check file names, ...)
	NOT-FOR-US: 04WebServer
CVE-2002-2216 (Soft3304 04WebServer before 1.20 does not properly process URL ...)
	NOT-FOR-US: 04WebServer
CVE-2006-XXXX [gallery2 session ID disclosure]
	- gallery2 2.1.2-1
CVE-2006-XXXX [insecure filehandling in mysql_upgrade]
	- mysql-dfsg-5.0 5.0.24-1
	NOTE: mysql_upgrade not in 4.x
CVE-2006-4194 (** DISPUTED ** ...)
	NOT-FOR-US: Cisco
CVE-2006-4193 (Microsoft Internet Explorer 6.0 SP1 and possibly other versions allows ...)
	NOT-FOR-US: MS IE
CVE-2006-4192 (Multiple buffer overflows in MODPlug Tracker (OpenMPT) 1.17.02.43 and ...)
	- libmodplug 1:0.7-5.2 (medium; bug #383574)
	- gst-plugins-bad0.10 0.10.3-3.1 (medium; bug #407956)
CVE-2006-4191 (Directory traversal vulnerability in memcp.php in XMB (Extreme Message ...)
	NOT-FOR-US: XMB
CVE-2006-4190 (Directory traversal vulnerability in autohtml.php in the AutoHTML ...)
	NOT-FOR-US: PHP-Nuke module AutoHTML
CVE-2006-4189 (Multiple PHP remote file inclusion vulnerabilities in Dolphin 5.1 ...)
	NOT-FOR-US: Dolphin
CVE-2006-4188 (Unspecified vulnerability in the LP subsystem in HP-UX B.11.00, ...)
	NOT-FOR-US: HP-UX
CVE-2006-4187 (Unspecified vulnerability in HP-UX B.11.00, B.11.11 and B.11.23, when ...)
	NOT-FOR-US: HP-UX
CVE-2006-4186 (The iManager in eMBoxClient.jar in Novell eDirectory 8.7.3.8 writes ...)
	NOT-FOR-US: Novell eDirectory
CVE-2006-4185 (Unspecified vulnerability in the NCPENGINE in Novell eDirectory ...)
	NOT-FOR-US: Novell eDirectory
CVE-2006-4184 (SmartLine DeviceLock before 5.73 Build 305 does not properly enforce ...)
	NOT-FOR-US: SmartLine DeviceLock
CVE-2006-4183 (Heap-based buffer overflow in Microsoft DirectX SDK (February 2006) ...)
	NOT-FOR-US: Microsoft
CVE-2006-4182 (Integer overflow in ClamAV 0.88.1 and 0.88.4, and other versions ...)
	{DSA-1196-1}
	- clamav 0.88.5-1 (high; bug #393445)
CVE-2006-4181 (Format string vulnerability in the sqllog function in the SQL ...)
	NOT-FOR-US: GNU Radius
CVE-2006-4180
	REJECTED
CVE-2006-4179
	RESERVED
CVE-2006-4178 (Integer signedness error in the i386_set_ldt call in FreeBSD 5.5, and ...)
	- kfreebsd-5 <unfixed> (bug #391289; low)
	[etch] - kfreebsd-5 <no-dsa> (Etch doesn't have security support for the FreeBSD kernel)
CVE-2006-4177 (Heap-based buffer overflow in the NCP engine in Novell eDirectory ...)
	NOT-FOR-US: Novell eDirectory
CVE-2006-4176
	RESERVED
CVE-2006-4175 (The LDAP server (ns-slapd) in Sun Java System Directory Server 5.2 ...)
	NOT-FOR-US: Sun Java System Directory Server
CVE-2006-4174
	RESERVED
CVE-2006-4173
	RESERVED
CVE-2006-4172 (Integer overflow vulnerability in the i386_set_ldt call in FreeBSD ...)
	- kfreebsd-5 <unfixed> (bug #391289; low)
	[etch] - kfreebsd-5 <no-dsa> (Etch doesn't have security support for the FreeBSD kernel)
CVE-2006-4171
	RESERVED
CVE-2006-4170
	REJECTED
CVE-2006-4169 (Multiple directory traversal vulnerabilities in the G/PGP (GPG) Plugin ...)
	NOT-FOR-US: G/PGP (GPG) plugin for Squirrelmail
CVE-2006-4168 (Integer overflow in the exif_data_load_data_entry function in ...)
	{DSA-1310-1}
	- libexif 0.6.16-1 (bug #430012)
CVE-2006-4167
	RESERVED
CVE-2006-4166 (PHP remote file inclusion vulnerability in TinyWebGallery 1.5 and ...)
	NOT-FOR-US: TinyWebGallery
CVE-2006-4165 (Cross-site scripting (XSS) vulnerability in NetCommons 1.0.8 and ...)
	NOT-FOR-US: NetCommons
CVE-2006-4164 (PHP remote file inclusion vulnerability in inc/header.inc.php in ...)
	NOT-FOR-US: phpPrintAnalyzer
CVE-2006-4163 (** DISPUTED ** ...)
	NOT-FOR-US: miniBloggie
CVE-2006-4162 (Cross-site scripting (XSS) vulnerability in Dragonfly CMS 9.0.6.1 and ...)
	NOT-FOR-US: Dragonfly CMS
CVE-2006-4161 (Directory traversal vulnerability in the avatar_gallery action in ...)
	NOT-FOR-US: XennoBB
CVE-2006-4160 (Multiple PHP remote file inclusion vulnerabilities in Tony Bibbs and ...)
	NOT-FOR-US: MVCnPHP
CVE-2006-4159 (Multiple PHP remote file inclusion vulnerabilities in Chaussette ...)
	NOT-FOR-US: Chaussette
CVE-2006-4158 (PHP remote file inclusion vulnerability in Login.php in Spaminator 1.7 ...)
	NOT-FOR-US: Spaminator
CVE-2006-4157 (Cross-site scripting (XSS) vulnerability in index.php in Yet another ...)
	NOT-FOR-US: Yet another Bulletin Board (YaBB)
CVE-2006-4156 (** DISPUTED ** ...)
	NOT-FOR-US: pearlabs mafia moblog
CVE-2006-4155 (Unspecified vulnerability in func_topic_threaded.php (aka threaded ...)
	NOT-FOR-US: Invision Power Board (IPB)
CVE-2006-4154 (Format string vulnerability in the mod_tcl module 1.0 for Apache 2.x ...)
	NOT-FOR-US: mod_tcl
CVE-2006-4153
	RESERVED
CVE-2006-4152
	RESERVED
CVE-2006-4151
	RESERVED
CVE-2006-4150
	RESERVED
CVE-2006-4149
	RESERVED
CVE-2006-4148
	RESERVED
CVE-2006-4147
	RESERVED
CVE-2006-4146 (Buffer overflow in the (1) DWARF (dwarfread.c) and (2) DWARF2 ...)
	- gdb <unfixed> (unimportant)
	NOTE: Every sensible use of gdb involves executing the debugged binary
CVE-2006-4145 (The Universal Disk Format (UDF) filesystem driver in Linux kernel ...)
	- linux-2.6 2.6.17-7
CVE-2006-4143 (Netgear FVG318 running firmware 1.0.40 allows remote attackers to ...)
	NOT-FOR-US: Netgear
CVE-2006-4142 (SQL injection vulnerability in extra/online.php in Virtual War (VWar) ...)
	NOT-FOR-US: Virtual War (VWar)
CVE-2006-4141 (SQL injection vulnerability in news.php in Virtual War (VWar) 1.5.0 ...)
	NOT-FOR-US: Virtual War (VWar)
CVE-2006-4140 (Directory traversal vulnerability in IPCheck Server Monitor before ...)
	NOT-FOR-US: IPCheck Server Monitor
CVE-2006-4139 (Race condition in Sun Solaris 10 allows attackers to cause a denial of ...)
	NOT-FOR-US: Solaris
CVE-2006-4138 (Multiple unspecified vulnerabilities in Microsoft Windows Help File ...)
	NOT-FOR-US: Microsoft
CVE-2006-4137 (IBM WebSphere Application Server before 6.1.0.1 allows attackers to ...)
	NOT-FOR-US: IBM WebSphere
CVE-2006-4136 (Multiple unspecified vulnerabilities in IBM WebSphere Application ...)
	NOT-FOR-US: IBM WebSphere
CVE-2006-4135 (** DISPUTED ** ...)
	NOT-FOR-US: Calendarix
CVE-2006-4134 (Unspecified vulnerability related to a &quot;design flaw&quot; in SAP Internet ...)
	NOT-FOR-US: SAP
CVE-2006-4133 (Heap-based buffer overflow in SAP Internet Graphics Service (IGS) 6.40 ...)
	NOT-FOR-US: SAP
CVE-2006-4132 (ArcSoft MMS Composer 1.5.5.6 and possibly earlier, and 2.0.0.13 and ...)
	NOT-FOR-US: ArcSoft MMS Composer
CVE-2006-4131 (Multiple buffer overflows in ArcSoft MMS Composer 1.5.5.6, and ...)
	NOT-FOR-US: ArcSoft MMS Composer
CVE-2006-4130 (PHP remote file inclusion vulnerability in admin.remository.php in the ...)
	NOT-FOR-US: Remository Component (com_remository) for Mambo and Joomla!
CVE-2006-4129 (PHP remote file inclusion vulnerability in admin.webring.docs.php in ...)
	NOT-FOR-US: Webring Component (com_webring) for Joomla!
CVE-2006-4128 (Multiple heap-based buffer overflows in Symantec VERITAS Backup Exec ...)
	NOT-FOR-US: Symantec VERITAS
CVE-2006-4127 (Multiple format string vulnerabilities in DConnect Daemon 0.7.0 and ...)
	NOT-FOR-US: DConnect Daemon (dcd)
CVE-2006-4126 (The dc_chat function in cmd.dc.c in DConnect Daemon 0.7.0 and earlier ...)
	NOT-FOR-US: DConnect Daemon (dcd)
CVE-2006-4125 (Stack-based buffer overflow in main.c in DConnect Daemon 0.7.0 and ...)
	NOT-FOR-US: DConnect Daemon (dcd)
CVE-2006-4124 (The libXm library in LessTif 0.95.0 and earlier allows local users to ...)
	- lesstif2 1:0.94.4-1 (bug #382411; medium)
CVE-2006-4123 (PHP remote file inclusion vulnerability in boitenews4/index.php in ...)
	NOT-FOR-US: Boite de News
CVE-2006-4122 (Simple one-file guestbook 1.0 and earlier allows remote attackers to ...)
	NOT-FOR-US: Simple one-file guestbook
CVE-2006-4121 (PHP remote file inclusion vulnerability in owimg.php3 in See-Commerce ...)
	NOT-FOR-US: See-Commerce
CVE-2006-4120 (Cross-site scripting (XSS) vulnerability in the Recipe module ...)
	NOT-FOR-US: Recipe module (recipe.module) for Drupal
CVE-2006-4119 (SQL injection vulnerability in gc.php in GeheimChaos 0.5 and earlier ...)
	NOT-FOR-US: GeheimChaos
CVE-2006-4118 (Multiple SQL injection vulnerabilities in GeheimChaos 0.5 and earlier ...)
	NOT-FOR-US: GeheimChaos
CVE-2006-4117 (The squeue_drain function in Sun Solaris 10, possibly only when run on ...)
	NOT-FOR-US: Solaris
CVE-2006-4116 (Multiple stack-based buffer overflows in Lhaz before 1.32 allow ...)
	NOT-FOR-US: Lhaz
CVE-2006-4115 (PHP remote file inclusion vulnerability in common.inc.php in PgMarket ...)
	NOT-FOR-US: PgMarket
CVE-2006-4114 (SQL injection vulnerability in view_com.php in Nicolas Grandjean ...)
	NOT-FOR-US: PHPMyRing
CVE-2006-4113 (PHP remote file inclusion vulnerability in genpage-cgi.php in Brian ...)
	NOT-FOR-US: hitweb
CVE-2006-4112 (Unspecified vulnerability in the &quot;dependency resolution mechanism&quot; in ...)
	- rails 1.1.6-1 (bug #382255; medium)
CVE-2006-4111 (Ruby on Rails before 1.1.5 allows remote attackers to execute Ruby ...)
	- rails 1.1.5-1 (bug #382255; medium)
CVE-2006-4110 (Apache 2.2.2, when running on Windows, allows remote attackers to read ...)
	- apache2 <not-affected> (Affects Apache on Windows only)
CVE-2006-4109 (Cross-site scripting (XSS) vulnerability in Bibliography ...)
	NOT-FOR-US: Bibliography (biblio.module) for Drupal
CVE-2006-4108 (SQL injection vulnerability in Bibliography (biblio.module) 4.6 before ...)
	NOT-FOR-US: Bibliography (biblio.module) for Drupal
CVE-2006-4107 (SQL injection vulnerability in the Job Search module (job.module) 4.6 ...)
	NOT-FOR-US: Job Search module (job.module) for Drupal
CVE-2006-4106 (Cross-site scripting (XSS) vulnerability in blursoft blur6ex 0.3 ...)
	NOT-FOR-US: blur6ex
CVE-2006-4105 (Cross-site scripting (XSS) vulnerability in Fill Threads Database ...)
	NOT-FOR-US: Fill Threads Database
CVE-2006-4104 (Cross-site scripting (XSS) vulnerability in admin.cgi in ...)
	NOT-FOR-US: mojoGallery
CVE-2006-4103 (PHP remote file inclusion vulnerability in article-raw.php in Jason ...)
	NOT-FOR-US: phNNTP
CVE-2006-4102 (PHP remote file inclusion vulnerability in tpl.inc.php in Falko Timme ...)
	NOT-FOR-US: SQLiteWebAdmin
CVE-2006-4101
	RESERVED
CVE-2006-4100
	RESERVED
CVE-2006-4099 (Business Objects Crystal Enterprise 9 and 10 generates predictable ...)
	NOT-FOR-US: Business Objects
CVE-2006-4098 (Stack-based buffer overflow in the CSRadius service in Cisco Secure Access ...)
	NOT-FOR-US: Cisco
CVE-2006-4097 (Multiple unspecified vulnerabilities in the CSRadius service in Cisco ...)
	NOT-FOR-US: Cisco
CVE-2006-4096 (BIND before 9.2.6-P1 and 9.3.x before 9.3.2-P1 allows remote attackers to ...)
	{DSA-1172-1}
	- bind <not-affected> (Not vulnerable according to CERT advisory)
	- bind9 1:9.3.2-P1-1 (medium; bug #386245; bug #386237)
CVE-2006-4095 (BIND before 9.2.6-P1 and 9.3.x before 9.3.2-P1 allows remote attackers ...)
	{DSA-1172-1}
	- bind <not-affected> (Not vulnerable according to CERT advisory)
	- bind9 1:9.3.2-P1-1 (medium; bug #386245; bug #386237)
CVE-2006-4094
	RESERVED
CVE-2006-4093 (Linux kernel 2.x.6 before 2.6.17.9 and 2.4.x before 2.4.33.1 on ...)
	{DSA-1237}
	- linux-2.6 2.6.17-7
CVE-2006-4092 (Simpliciti Locked Browser does not properly limit a user's actions to ...)
	NOT-FOR-US: Simpliciti Locked Browser
CVE-2006-4091 (Multiple cross-site scripting (XSS) vulnerabilities in Archangel ...)
	NOT-FOR-US: Archangel Weblog
CVE-2006-4090 (Cross-site scripting (XSS) vulnerability in Webligo BlogHoster 2.2 ...)
	NOT-FOR-US: Webligo BlogHoster
CVE-2006-4089 (Multiple buffer overflows in Andy Lo-A-Foe AlsaPlayer 0.99.76 and ...)
	{DSA-1179-1}
	- alsaplayer 0.99.76-9 (medium; bug #382842)
CVE-2006-4088 (Multiple cross-site scripting (XSS) vulnerabilities in CivicSpace ...)
	NOT-FOR-US: CivicSpace
CVE-2006-4087 (Cross-site scripting (XSS) vulnerability in admin.cgi in ...)
	NOT-FOR-US: mojoGallery
CVE-2006-4086 (Cross-site scripting (XSS) vulnerability in index.php in Elaine Aquino ...)
	NOT-FOR-US: Online Zone Journals (OZJournals)
CVE-2006-4085 (PHP remote file inclusion vulnerability in Olaf Noehring The Search ...)
	NOT-FOR-US: The Search Engine Project (TSEP)
CVE-2006-4084 (Unspecified vulnerability in phpAutoMembersArea (phpAMA) before 3.2.4 ...)
	NOT-FOR-US: phpAutoMembersArea (phpAMA)
CVE-2006-4083 (PHP remote file inclusion vulnerability in viewevent.php in myWebland ...)
	NOT-FOR-US: myEvent
CVE-2006-4082 (Barracuda Spam Firewall (BSF), possibly 3.3.03.053, contains a ...)
	NOT-FOR-US: Barracuda Spam Firewall
CVE-2006-4081 (preview_email.cgi in Barracuda Spam Firewall (BSF) 3.3.01.001 through ...)
	NOT-FOR-US: Barracuda Spam Firewall
CVE-2006-4080 (DeluxeBB 1.08, and possibly earlier, uses cookies that include the MD5 ...)
	NOT-FOR-US: DeluxeBB
CVE-2006-4079 (Cross-site scripting (XSS) vulnerability in newpost.php in DeluxeBB ...)
	NOT-FOR-US: DeluxeBB
CVE-2006-4078 (pm.php (aka the PM system) in DeluxeBB 1.08, and possibly earlier, ...)
	NOT-FOR-US: DeluxeBB
CVE-2006-4077 (PHP remote file inclusion vulnerability in CheckUpload.php in Vincenzo ...)
	NOT-FOR-US: Comet WebFileManager
CVE-2006-4076 (Multiple PHP remote file inclusion vulnerabilities in Wim Fleischhauer ...)
	NOT-FOR-US: docpile: wim's edition
CVE-2006-4075 (Multiple PHP remote file inclusion vulnerabilities in Wim Fleischhauer ...)
	NOT-FOR-US: docpile: wim's edition
CVE-2006-4074 (PHP remote file inclusion vulnerability in lib/tpl/default/main.php in ...)
	NOT-FOR-US: JD-Wiki Component (com_jd-wiki) for Joomla!
CVE-2006-4073 (Multiple PHP remote file inclusion vulnerabilities in Fabian Hainz ...)
	NOT-FOR-US: phpCC
CVE-2006-4072 (Multiple SQL injection vulnerabilities in Club-Nuke [XP] 2.0 LCID 2048 ...)
	NOT-FOR-US: Club-Nuke [XP]
CVE-2006-4144 (Integer overflow in the ReadSGIImage function in sgi.c in ImageMagick ...)
	{DSA-1213}
	- imagemagick 7:6.2.4.5.dfsg1-0.10 (medium; bug #383314)
	- graphicsmagick 1.1.7-7 (medium; bug #383333)
CVE-2006-XXXX [crash in the certificate verification logic]
	NOTE: GNUTLS-SA-2006-2
	- gnutls11 <unfixed> (unimportant)
	- gnutls12 1.2.11-3 (unimportant)
	- gnutls13 1.4.2-1 (unimportant)
	NOTE: Normal bug, no reliable denial of service potential
CVE-2006-4071 (Sign extension vulnerability in the createBrushIndirect function in ...)
	NOT-FOR-US: Microsoft
CVE-2006-4070 (Format string vulnerability in Imendio Planner 0.13 allows ...)
	NOT-FOR-US: Imendio Planner
CVE-2006-4069 (Multiple cross-site scripting (XSS) vulnerabilities in Elaine Aquino ...)
	NOT-FOR-US: Online Zone Journals (OZJournals)
CVE-2006-4068 (The pswd.js script relies on the client to calculate whether a ...)
	NOT-FOR-US: pswd.js
CVE-2006-4067 (Cross-site scripting (XSS) vulnerability in cake/libs/error.php in ...)
	NOT-FOR-US: CakePHP
CVE-2006-4066 (The Graphical Device Interface Plus library (gdiplus.dll) in Microsoft ...)
	NOT-FOR-US: Microsoft
CVE-2006-4065 (Multiple PHP remote file inclusion vulnerabilities in Dmitry Sheiko ...)
	NOT-FOR-US: SAPID Gallery
CVE-2006-4064 (SQL injection vulnerability in default.asp in YenerTurk Haber Script ...)
	NOT-FOR-US: YenerTurk Haber Script
CVE-2006-4063 (Multiple PHP remote file inclusion vulnerabilities in Csaba Godor ...)
	NOT-FOR-US: SAPID Blog
CVE-2006-4062 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: SAPID Shop
CVE-2006-4061 (** DISPUTED ** ...)
	NOT-FOR-US: phpPrintAnalyzer
CVE-2006-4060 (PHP remote file inclusion vulnerability in calendar.php in Visual ...)
	NOT-FOR-US: Visual Events Calendar
CVE-2006-4059 (Multiple PHP remote file inclusion vulnerabilities in USOLVED ...)
	NOT-FOR-US: USOLVED NEWSolved Lite
CVE-2006-4058 (Cross-site scripting (XSS) vulnerability in archive.php in Simplog ...)
	NOT-FOR-US: Simplog
CVE-2006-4057 (Buffer overflow in the preview_create function in gui.cpp in Mitch ...)
	NOT-FOR-US: Eremove
CVE-2006-4056 (Multiple SQL injection vulnerabilities in the authentication process ...)
	NOT-FOR-US: katzlbt The Address Book
CVE-2006-4055 (Multiple PHP remote file inclusion vulnerabilities in Olaf Noehring ...)
	NOT-FOR-US: The Search Engine Project (TSEP)
CVE-2006-4054 (Multiple PHP remote file inclusion vulnerabilities in ME Download ...)
	NOT-FOR-US: ME Download System
CVE-2006-4053 (PHP remote file inclusion vulnerability in templates/header.php in ME ...)
	NOT-FOR-US: ME Download System
CVE-2006-4052 (Multiple PHP remote file inclusion vulnerabilities in Turnkey Web ...)
	NOT-FOR-US: Turnkey Web Tools PHP Simple Shop
CVE-2006-4051 (PHP remote file inclusion vulnerability in global.php in Turnkey Web ...)
	NOT-FOR-US: Turnkey Web Tools PHP Live Helper
CVE-2006-4050 (PHP remote file inclusion vulnerability in auto_check_renewals.php in ...)
	NOT-FOR-US: phpAutoMembersArea (phpAMA)
CVE-2006-4049 (Unspecified vulnerability in the utxconfig utility in Sun Ray Server ...)
	NOT-FOR-US: Sun
CVE-2006-4048 (Netious CMS 0.4 initializes session IDs based on the client IP ...)
	NOT-FOR-US: Netious CMS
CVE-2006-4047 (SQL injection vulnerability in index.php in Netious CMS 0.4 and ...)
	NOT-FOR-US: Netious CMS
CVE-2006-4045 (PHP remote file inclusion vulnerability in news.php in Torbstoff News ...)
	NOT-FOR-US: Torbstoff News
CVE-2006-4044 (PHP remote file inclusion vulnerability in Beautifier/Core.php in Brad ...)
	NOT-FOR-US: phpCodeCabinet
CVE-2006-4043 (index.php in myWebland myBloggie 2.1.4 and earlier allows remote ...)
	NOT-FOR-US: myWebland myBloggie
CVE-2006-4042 (Multiple SQL injection vulnerabilities in trackback.php in myWebland ...)
	NOT-FOR-US: myWebland myBloggie
CVE-2006-4041 (SQL injection vulnerability in Pike before 7.6.86, when using a ...)
	- pike7.6 7.6.86-1
	[sarge] - pike7.6 <unfixed> (unimportant; bug #382607; bug #383766)
	[sarge] - pike7.2 <unfixed> (unimportant; bug #382607; bug #383766)
	NOTE: No applications using pike+postgres in Sarge, fix provides
	NOTE: new functions for proper quoting
CVE-2006-4040 (PHP remote file inclusion vulnerability in myevent.php in myWebland ...)
	NOT-FOR-US: myWebland myEvent
CVE-2006-4039 (Multiple SQL injection vulnerabilities in eintragen.php in GaesteChaos ...)
	NOT-FOR-US: GaesteChaos
CVE-2006-4038 (Multiple cross-site scripting (XSS) vulnerabilities in eintragen.php ...)
	NOT-FOR-US: GaesteChaos
CVE-2006-4037 (Unspecified vulnerability in Fenestrae Faxination Server allows remote ...)
	NOT-FOR-US: Fenestrae Faxination Server
CVE-2006-4036 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: ZoneX Publishers
CVE-2006-4035 (SQL injection vulnerability in counterchaos.php in CounterChaos 0.48c ...)
	NOT-FOR-US: CounterChaos
CVE-2006-4034 (PHP remote file inclusion vulnerability in include/html/config.php in ...)
	NOT-FOR-US: ModernGigabyte ModernBill
CVE-2006-4033 (Heap-based buffer overflow in Lhaplus.exe in Lhaplus 1.52, and ...)
	NOT-FOR-US: Lhaplus
CVE-2006-4032 (Unspecified vulnerability in Cisco IOS CallManager Express (CME) ...)
	NOT-FOR-US: Cisco
CVE-2006-4031 (MySQL 4.1 before 4.1.21 and 5.0 before 5.0.24 allows a local user to ...)
	- mysql-dfsg-5.0 5.0.24-1 (bug #382415; low)
	- mysql-dfsg <removed> (bug #380271; low)
	[sarge] - mysql-dfsg-4.1 <no-dsa> (Now documented design error, no real fix feasible)
	[sarge] - mysql-dfsg <no-dsa> (Now documented design error, no real fix feasible)
CVE-2006-4030 (Unspecified vulnerability in the stats module in Gallery 1.5.1-RC2 and ...)
	{DSA-1148-1}
	- gallery 1.5.3-1
	- gallery2 <not-affected> (vulnerable code not present)
CVE-2006-4029 (Stack-based buffer overflow in sipd.dll in AGEphone 1.24 and 1.38.1 ...)
	NOT-FOR-US: AGEphone
CVE-2006-4028 (Multiple unspecified vulnerabilities in WordPress before 2.0.4 have ...)
	- wordpress 2.0.4-1
CVE-2006-4027
	RESERVED
CVE-2006-XXXX [realtime-lsm-source: wrong permissions might lead to local root]
	- realtime-lsm 0.8.7-2 (bug #382161; low)
	[sarge] - realtime-lsm <not-affected>
	NOTE: only to user 1017 or group 1001 and only while root is building the module
CVE-2006-4026 (PHP remote file inclusion vulnerability in SAPID CMS 123 rc3 allows ...)
	NOT-FOR-US: SAPID CMS
CVE-2006-4025 (SQL injection vulnerability in profile.php in XennoBB 2.1.0 and ...)
	NOT-FOR-US: XennoBB
CVE-2006-4024 (The FESTAHES_Load function in pce/hes.c in Festalon 0.5.0 through ...)
	- festalon <not-affected> (vuln. code introduced in 0.5.0)
CVE-2006-4023 (The ip2long function in PHP 5.1.4 and earlier may incorrectly validate ...)
	- php5 <unfixed> (unimportant; bug #382257)
	- php4 <unfixed> (unimportant; bug #382270)
	NOTE: Not every lack of protection of programmer's flaws is a vulnerability
	NOTE: See notes by Sean for details
	NOTE: > the entry states that this is more likely a bug in any
	NOTE: > applications not performing further validation/sanitizing,
	NOTE: > and i tend to agree based on the php.net documentation, which
	NOTE: > states: "ip2long() should not be used as the sole form of IP
	NOTE: > validation. Combine it with long2ip()".
CVE-2006-4022 (Intel 2100 PRO/Wireless Network Connection driver PROSet before ...)
	NOT-FOR-US: Intel Windows driver
CVE-2006-4021 (The cryptographic module in ScatterChat 1.0.x allows attackers to ...)
	NOT-FOR-US: ScatterChat
CVE-2006-4020 (scanf.c in PHP 5.1.4 and earlier, and 4.4.3 and earlier, allows ...)
	- php5 5.1.6-1 (unimportant; bug #382256; bug #382262)
	- php4 4:4.4.4-1 (unimportant; bug #382261)
	NOTE: Only exploitable by malicious, local user
CVE-2006-4019 (Dynamic variable evaluation vulnerability in compose.php in ...)
	{DSA-1154}
	- squirrelmail 2:1.4.8-1 (bug #382621)
CVE-2006-4018 (Heap-based buffer overflow in the pefromupx function in ...)
	{DSA-1153}
	- clamav 0.88.4-1 (high; bug #382004; bug #382007)
CVE-2006-4017 (Cross-site scripting (XSS) vulnerability in the search module in Inter ...)
	NOT-FOR-US: Inter Network Marketing (INM) CMS G3
CVE-2006-4016 (Cross-site scripting (XSS) vulnerability in /toendaCMS in toendaCMS ...)
	NOT-FOR-US: toendaCMS
CVE-2006-4015 (Hewlett-Packard (HP) ProCurve 3500yl, 6200yl, and 5400zl switches with ...)
	NOT-FOR-US: Hewlett-Packard
CVE-2006-4014 (Symantec Brightmail AntiSpam (SBAS) before 6.0.4, when the Control ...)
	NOT-FOR-US: Symantec
CVE-2006-4013 (Multiple directory traversal vulnerabilities in Symantec Brightmail ...)
	NOT-FOR-US: Symantec
CVE-2006-4012 (Multiple PHP remote file inclusion vulnerabilities in circeOS SaveWeb ...)
	NOT-FOR-US: circeOS SaveWeb
CVE-2006-4011 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: Kayako eSupport
CVE-2006-4010 (SQL injection vulnerability in war.php in Virtual War (Vwar) 1.5.0 and ...)
	NOT-FOR-US: Virtual War
CVE-2006-4009 (Cross-site scripting (XSS) vulnerability in war.php in Virtual War ...)
	NOT-FOR-US: Virtual War
CVE-2006-4008 (PHP remote file inclusion vulnerability in index.php in Knusperleicht ...)
	NOT-FOR-US: Knusperleicht Guestbook
CVE-2006-4007 (PHP remote file inclusion vulnerability in index.php in Knusperleicht ...)
	NOT-FOR-US: Knusperleicht Faq
CVE-2006-4006 (The do_gameinfo function in BomberClone 0.11.6 and earlier, and ...)
	{DSA-1180-1}
	- bomberclone 0.11.7-1 (bug #382082; medium)
CVE-2006-4005 (BomberClone 0.11.6 and earlier allows remote attackers to cause a ...)
	{DSA-1180-1}
	- bomberclone 0.11.7-1 (bug #382082; medium)
CVE-2006-4004 (Directory traversal vulnerability in index.php in vbPortal 3.0.2 ...)
	NOT-FOR-US: vbPortal
CVE-2006-4003 (The config method in Henrik Storner Hobbit monitor before 4.1.2p2 ...)
	NOT-FOR-US: Henrik Storner Hobbit monitor
CVE-2006-4002 (Cross-site scripting (XSS) vulnerability in user.module in Drupal 4.6 ...)
	{DSA-1147-1}
	- drupal 4.5.8-2 (bug #382087; medium)
CVE-2006-4001 (Login.pm in Barracuda Spam Firewall (BSF) 3.3.01.001 through ...)
	NOT-FOR-US: Barracuda Spam Firewall
CVE-2006-4000 (Directory traversal vulnerability in cgi-bin/preview_email.cgi in ...)
	NOT-FOR-US: Barracuda Spam Firewall
CVE-2006-3999 (ISS BlackICE PC Protection 3.6.cpj, 3.6.cpiE, and possibly earlier ...)
	NOT-FOR-US: ISS BlackICE
CVE-2006-3998 (PHP remote file inclusion vulnerability in conf.php in WoWRoster (aka ...)
	NOT-FOR-US: WoWRoster
CVE-2006-3997 (PHP remote file inclusion vulnerability in hsList.php in WoWRoster ...)
	NOT-FOR-US: WoWRoster
CVE-2006-3996 (SQL injection vulnerability in links/index.php in ATutor 1.5.3.1 and ...)
	NOT-FOR-US: ATutor
CVE-2006-3995 (Multiple PHP remote file inclusion vulnerabilities in (1) ...)
	NOT-FOR-US: UHP (User Home Pages) 0.5 component (aka com_uhp) for Mambo
CVE-2006-3994 (SQL injection vulnerability in the u2u_send_recp function in ...)
	NOT-FOR-US: XMB (aka extreme message board)
CVE-2006-3993 (PHP remote file inclusion vulnerability in copyright.php in Olaf ...)
	NOT-FOR-US: The Search Engine Project
CVE-2006-3992 (Unspecified vulnerability in the Centrino (1) w22n50.sys, (2) ...)
	NOT-FOR-US: Intel
CVE-2006-3991 (PHP remote file inclusion vulnerability in index.php in Vlad Vostrykh ...)
	NOT-FOR-US: Voodoo chat
CVE-2006-3990 (Multiple PHP remote file inclusion vulnerabilities in Paul M. Jones ...)
	- egroupware <not-affected>
	NOTE: According to upstream egroupware is not affected, see #382207
CVE-2006-3989 (PHP remote file inclusion vulnerability in index.php in Knusperleicht ...)
	NOT-FOR-US: Knusperleicht
CVE-2006-3988 (PHP remote file inclusion vulnerability in index.php in Knusperleicht ...)
	NOT-FOR-US: Knusperleicht
CVE-2006-3987 (Multiple PHP remote file inclusion vulnerabilities in index.php in ...)
	NOT-FOR-US: Knusperleicht
CVE-2006-3986 (PHP remote file inclusion vulnerability in index.php in Knusperleicht ...)
	NOT-FOR-US: Knusperleicht
CVE-2006-3985 (Stack-based buffer overflow in DZIPS32.DLL 6.0.0.4 in ConeXware ...)
	NOT-FOR-US: ConeXware
CVE-2006-3984 (PHP remote file inclusion vulnerability in phpAdsNew/view.inc.php in ...)
	NOT-FOR-US: Phpauction
CVE-2006-3983 (PHP remote file inclusion vulnerability in editprofile.php in ...)
	NOT-FOR-US: php(Reactor)
CVE-2006-3982 (PHP remote file inclusion vulnerability in quickie.php in ...)
	NOT-FOR-US: Knusperleicht
CVE-2006-3981 (PHP remote file inclusion vulnerability in about.mgm.php in Mambo ...)
	NOT-FOR-US: Mambo Gallery Manager for Mambo
CVE-2006-3980 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: Mambo Gallery Manager for Mambo
CVE-2006-3979 (The AdminAPI of ColdFusion MX 7 allows attackers to bypass ...)
	NOT-FOR-US: ColdFusion MX
CVE-2006-3978 (Unspecified vulnerability in a Verity third party library, as used on ...)
	NOT-FOR-US: Adobe ColdFusion MX
CVE-2006-3977 (Unspecified vulnerability in CA eTrust Antivirus WebScan before ...)
	NOT-FOR-US: CA eTrust Antivirus WebScan
CVE-2006-3976 (Unspecified vulnerability in CA eTrust Antivirus WebScan before ...)
	NOT-FOR-US: CA eTrust Antivirus WebScan
CVE-2006-3975 (Unspecified vulnerability in CA eTrust Antivirus WebScan allows remote ...)
	NOT-FOR-US: CA eTrust Antivirus WebScan
CVE-2006-3974 (Cross-site scripting (XSS) vulnerability in cgi-bin/admin in 3Com ...)
	NOT-FOR-US: 3Com
CVE-2006-3973 (My Firewall Plus 5.0 Build 1119 does not verify if explorer.exe is ...)
	NOT-FOR-US: My Firewall Plus
CVE-2006-3972 (Directory traversal vulnerability in ...)
	NOT-FOR-US: Ajax Chat
CVE-2006-3971 (Cross-site scripting (XSS) vulnerability in ...)
	NOT-FOR-US: Ajax Chat
CVE-2006-XXXX [Buffer overflow in XML::Parser::Expat triggered by utf8]
	- libxml-parser-perl 2.34-4.2 (bug #378411; medium)
CVE-2006-XXXX [Buffer overflow in XML::Parser::Expat triggered by deep nesting]
	- libxml-parser-perl 2.34-4.1 (bug #378412; medium)
CVE-2006-3970 (PHP remote file inclusion vulnerability in lmo.php in the LMO ...)
	NOT-FOR-US: LMO for joomla
CVE-2006-3969 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: Colophon for joomla
CVE-2006-3968 (The crypto provider in Sun Solaris 10 3/05 HW2 without patch ...)
	NOT-FOR-US: Solaris
CVE-2006-3967 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: moskool
CVE-2006-3966 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: MyNewsGroups
CVE-2006-3965 (Banex PHP MySQL Banner Exchange 2.21 stores lib.inc under the web ...)
	NOT-FOR-US: Banex PHP MySQL Banner Exchange
CVE-2006-3964 (PHP remote file inclusion vulnerability in members.php in Banex PHP ...)
	NOT-FOR-US: Banex PHP MySQL Banner Exchange
CVE-2006-3963 (Multiple SQL injection vulnerabilities in Banex PHP MySQL Banner ...)
	NOT-FOR-US: Banex PHP MySQL Banner Exchange
CVE-2006-3962 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: com_bayesiannaivefilter for mambo
CVE-2006-3961 (Buffer overflow in McSubMgr ActiveX control (mcsubmgr.dll) in McAfee ...)
	NOT-FOR-US: McAfee
CVE-2006-3960 (SQL injection vulnerability in top.php in X-Scripts X-Poll, probably ...)
	NOT-FOR-US: X-Scripts X-Poll
CVE-2006-3959 (SQL injection vulnerability in protect.php in X-Scripts X-Protection ...)
	NOT-FOR-US: X-Scripts X-Protection
CVE-2006-3958 (Multiple unspecified cross-site scripting (XSS) vulnerabilities in ...)
	NOT-FOR-US: Taskjitsu
CVE-2006-3957 (PHP remote file inclusion vulnerability in payment.php in BosDev ...)
	NOT-FOR-US: BosDates
CVE-2006-3956 (Multiple cross-site scripting (XSS) vulnerabilities in contact.php in ...)
	NOT-FOR-US: Advanced Webhost Billing System
CVE-2006-3955 (Multiple PHP remote file inclusion vulnerabilities in MiniBB Forum ...)
	NOT-FOR-US: MiniBB Forum
CVE-2006-3954 (Directory traversal vulnerability in usercp.php in MyBB (aka ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2006-3953 (Cross-site scripting (XSS) vulnerability in usercp.php in MyBB (aka ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2006-3952 (Stack-based buffer overflow in EFS Software Easy File Sharing FTP ...)
	NOT-FOR-US: EFS Software Easy File Sharing FTP
CVE-2006-3951 (PHP remote file inclusion vulnerability in moodle.php in Mam-moodle ...)
	NOT-FOR-US: Mam-moodle alpha component (com_moodle) for Mambo
CVE-2006-3950 (SQL injection vulnerability in x-statistics.php in X-Scripts ...)
	NOT-FOR-US: X-Statistics
CVE-2006-3949 (PHP remote file inclusion vulnerability in artlinks.dispnew.php in the ...)
	NOT-FOR-US: com_artlinks for Mambo
CVE-2006-3948 (Cross-site scripting (XSS) vulnerability in modules.php in PHP-Nuke ...)
	NOT-FOR-US: php-nuke
CVE-2006-3947 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: Mambatstaff
CVE-2006-3946 (WebCore in Apple Mac OS X 10.3.9 and 10.4 through 10.4.7 allows remote ...)
	NOT-FOR-US: Apple Safari 2.0.4
	NOTE: konqueror 3.5.x is not affected
	NOTE: PoC http://browserfun.blogspot.com/2006/07/mobb-31-safari-khtmlparserpoponeblock.html
CVE-2006-3945 (The CSS functionality in Opera 9 on Windows XP SP2 allows remote ...)
	NOT-FOR-US: Opera
CVE-2006-3944 (Microsoft Internet Explorer 6 on Windows XP SP2 allows remote ...)
	NOT-FOR-US: Microsoft
CVE-2006-3943 (Stack-based buffer overflow in NDFXArtEffects in Microsoft Internet ...)
	NOT-FOR-US: Microsoft
CVE-2006-3942 (The server driver (srv.sys) in Microsoft Windows NT 4.0, 2000, XP, and ...)
	NOT-FOR-US: Microsoft
CVE-2006-3941 (Unspecified vulnerability in the daemons for Sun N1 Grid Engine 5.3 ...)
	NOT-FOR-US: N1 Grid Engine
CVE-2006-3940 (Multiple SQL injection vulnerabilities in phpbb-Auction allow remote ...)
	NOT-FOR-US: phpbb-Auction
CVE-2006-3939 (ScriptsCenter ezUpload Pro 2.2.0 allows remote attackers to perform ...)
	NOT-FOR-US: ScriptsCenter ezUpload Pro
CVE-2006-3938 (DotClear allows remote attackers to obtain sensitive information via a ...)
	NOT-FOR-US: DotClear
CVE-2006-3937 (post.php in x_atrix xGuestBook 1.02 allows remote attackers to obtain ...)
	NOT-FOR-US: x_atrix xGuestBook
CVE-2006-3936 (system/workplace/editors/editor.jsp in Alkacon OpenCms before 6.2.2 ...)
	NOT-FOR-US: Alkacon OpenCms
CVE-2006-3935 (system/workplace/views/admin/admin-main.jsp in Alkacon OpenCms before ...)
	NOT-FOR-US: Alkacon OpenCms
CVE-2006-3934 (Absolute path traversal vulnerability in downloadTrigger.jsp in ...)
	NOT-FOR-US: Alkacon OpenCms
CVE-2006-3933 (Cross-site scripting (XSS) vulnerability in Alkacon OpenCms before ...)
	NOT-FOR-US: OpenCms
CVE-2006-3932 (SQL injection vulnerability in links.php in Gonafish LinksCaffe 3.0 ...)
	NOT-FOR-US: LinksCaffe
CVE-2006-3931 (Buffer overflow in the daemon function in midirecord.cc in Tuomas ...)
	NOT-FOR-US: Midirecord
CVE-2006-3930 (PHP remote file inclusion vulnerability in admin.a6mambohelpdesk.php ...)
	NOT-FOR-US: a6mambohelpdesk Mambo Component 18RC1
CVE-2006-3929 (Cross-site scripting (XSS) vulnerability in the Forms/rpSysAdmin ...)
	NOT-FOR-US: Zyxel
CVE-2006-3928 (PHP remote file inclusion vulnerability in index.php in WMNews 0.2a ...)
	NOT-FOR-US: WMNews
CVE-2006-3927 (Cross-site scripting (XSS) vulnerability in auctionsearch.php in ...)
	NOT-FOR-US: PhpProBid
CVE-2006-3926 (Multiple SQL injection vulnerabilities in PhpProBid 5.24 allow remote ...)
	NOT-FOR-US: PhpProBid
CVE-2006-3925 (Stack-based buffer overflow in ITIRecorder.MicRecorder ActiveX control ...)
	NOT-FOR-US: ITIRecorder.MicRecorder ActiveX control
CVE-2006-3924 (Multiple cross-site scripting (XSS) vulnerabilities in Dokeos before ...)
	NOT-FOR-US: Dokeos
CVE-2006-3923 (Cross-site scripting (XSS) vulnerability in add.php in Fire-Mouse ...)
	NOT-FOR-US: Fire-Mouse Toplist
CVE-2006-3922 (PHP remote file inclusion vulnerability in mod_membre/inscription.php ...)
	NOT-FOR-US: PortailPHP
CVE-2006-3921 (Sun Java System Application Server (SJSAS) 7 through 8.1 and Web ...)
	NOT-FOR-US: Sun Java System Application Server
CVE-2006-3920 (The TCP implementation in Sun Solaris 8, 9, and 10 before 20060726 ...)
	NOT-FOR-US: Sun Solaris
CVE-2006-3919 (SQL injection vulnerability in index.php in SD Studio CMS allows ...)
	NOT-FOR-US: SD Studio CMS
CVE-2006-3918 (http_protocol.c in (1) IBM HTTP Server 6.0 before 6.0.2.13 and 6.1 ...)
	{DSA-1167-1}
	- apache2 2.0.55-4.1 (bug #381376; low)
	[sarge] - apache2 2.0.54-5sarge2
	- apache 1.3.34-3 (bug #381381; medium)
CVE-2006-3917 (PHP remote file inclusion vulnerability in inc/gabarits.php in R. ...)
	NOT-FOR-US: PHP Forge
CVE-2006-3916 (Cross-site scripting (XSS) vulnerability in snews.php in sNews (aka ...)
	NOT-FOR-US: Solucija News
CVE-2006-3915 (Microsoft Internet Explorer 6 on Windows XP SP2 allows remote ...)
	NOT-FOR-US: Microsoft
CVE-2006-3914 (Cross-site scripting (XSS) vulnerability in Blackboard Academic Suite ...)
	NOT-FOR-US: Academic Suite
CVE-2006-3913 (Buffer overflow in Freeciv 2.1.0-beta1 and earlier, and SVN 15 Jul ...)
	{DSA-1142-1}
	- freeciv 2.0.8-3 (bug #381378; medium)
CVE-2006-3912 (Stack-based buffer overflow in the SFX module in WinRAR before 3.60 ...)
	NOT-FOR-US: WinRAR
CVE-2006-3911 (PHP remote file inclusion vulnerability in OSI Codes PHP Live! 3.2.1 ...)
	NOT-FOR-US: PHP Live
CVE-2006-3910 (Internet Explorer 6 on Windows XP SP2, when Outlook is installed, ...)
	NOT-FOR-US: Microsoft
CVE-2006-3909 (Cross-site scripting (XSS) vulnerability in calendar.php in WWWthreads ...)
	NOT-FOR-US: WWWthreads
CVE-2006-3908 (Format string vulnerability in the flush_output function in ...)
	NOT-FOR-US: Game Network Engine (GNE)
CVE-2006-3907 (Siemens SpeedStream 2624 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Siemens
CVE-2006-3906 (Internet Key Exchange (IKE) version 1 protocol, as implemented on ...)
	NOT-FOR-US: Cisco
CVE-2006-3905 (SQL injection vulnerability in Webland MyBloggie 2.1.3 allows remote ...)
	NOT-FOR-US: Webland MyBloggie
CVE-2006-3904 (SQL injection vulnerability in manager/index.php in Etomite CMS 0.6.1 ...)
	NOT-FOR-US: Etomite CMS
CVE-2006-3903 (CRLF injection vulnerability in (1) index.php and (2) admin.php in ...)
	NOT-FOR-US: Webland MyBloggie
CVE-2006-3902 (Cross-site scripting (XSS) vulnerability in index.php in phpFaber ...)
	NOT-FOR-US: phpFaber TopSites
CVE-2006-3901 (Multiple stack-based buffer overflows in Tumbleweed Email Firewall ...)
	NOT-FOR-US: Tumbleweed Email Firewall
CVE-2006-3900 (Cross-site scripting (XSS) vulnerability in guestbook.php in TP-Book ...)
	NOT-FOR-US: TP-Book
CVE-2006-3899 (Microsoft Internet Explorer 6.0 on Windows XP SP2 allows remote ...)
	NOT-FOR-US: Microsoft
CVE-2006-3898 (Microsoft Internet Explorer 6.0 on Windows XP SP2 allows remote ...)
	NOT-FOR-US: Microsoft
CVE-2006-3897 (Stack overflow in Microsoft Internet Explorer 6 on Windows 2000 allows ...)
	NOT-FOR-US: Microsoft
CVE-2006-3896 (The NeoScale Systems CryptoStor 700 series appliance before 2.6 relies ...)
	NOT-FOR-US: NeoScale Systems CryptoStor
CVE-2006-3895
	RESERVED
CVE-2006-3894 (The RSA Crypto-C before 6.3.1 and Cert-C before 2.8 libraries, as used ...)
	NOT-FOR-US: RSA BSAFE
CVE-2006-3893 (Multiple buffer overflows in the ActiveX controls in Newtone ImageKit ...)
	NOT-FOR-US: Newtone ImageKit
CVE-2006-3892 (The Management Console server in EMC NetWorker (formerly Legato ...)
	NOT-FOR-US: EMC NetWorker
CVE-2006-3891
	RESERVED
CVE-2006-3890 (Stack-based buffer overflow in the Sky Software FileView ActiveX ...)
	NOT-FOR-US: Sky Software FileView ActiveX
CVE-2006-3889
	RESERVED
CVE-2006-3888 (Buffer overflow in AOL You've Got Pictures (YGP) Pic Downloader ...)
	NOT-FOR-US: AOL
CVE-2006-3887 (Buffer overflow in AOL You've Got Pictures (YGP) Screensaver ActiveX ...)
	NOT-FOR-US: AOL
CVE-2006-3886 (SQL injection vulnerability in Shalwan MusicBox 2.3.4 and earlier ...)
	NOT-FOR-US: Shalwan MusicBox
CVE-2006-3885 (Directory traversal vulnerability in Check Point Firewall-1 R55W ...)
	NOT-FOR-US: Check Point Firewall-1
CVE-2006-3884 (Multiple SQL injection vulnerabilities in links.php in Gonafish ...)
	NOT-FOR-US: Gonafish LinksCaffe
CVE-2006-3883 (Multiple cross-site scripting (XSS) vulnerabilities in Gonafish ...)
	NOT-FOR-US: Gonafish LinksCaffe
CVE-2006-3882 (Shalwan MusicBox 2.3.4 and earlier allows remote attackers to obtain ...)
	NOT-FOR-US: Shalwan MusicBox
CVE-2006-3881 (Cross-site scripting (XSS) vulnerability in Shalwan MusicBox 2.3.4 and ...)
	NOT-FOR-US: Shalwan MusicBox
CVE-2006-3880 (** DISPUTED ** ...)
	NOT-FOR-US: Zen Cart
CVE-2006-3879 (Integer overflow in the loadChunk function in loaders/load_gt2.c in ...)
	- libmikmod <not-affected> (Debian's 3.1.1 version doesn't have GT2 support)
CVE-2006-3878 (Opsware Network Automation System (NAS) 6.0 installs /etc/init.d/mysql ...)
	NOT-FOR-US: Opsware Network Automation System
CVE-2006-3877 (Unspecified vulnerability in PowerPoint in Microsoft Office 2000, ...)
	NOT-FOR-US: Microsoft
CVE-2006-3876 (Unspecified vulnerability in PowerPoint in Microsoft Office 2000, ...)
	NOT-FOR-US: Microsoft
CVE-2006-3875 (Unspecified vulnerability in Microsoft Excel 2000, 2002, 2003, 2004 ...)
	NOT-FOR-US: Microsoft
CVE-2006-3874
	RESERVED
CVE-2006-3873 (Heap-based buffer overflow in URLMON.DLL in Microsoft Internet ...)
	NOT-FOR-US: Microsoft
CVE-2006-3872
	RESERVED
CVE-2006-3871
	RESERVED
CVE-2006-3870
	RESERVED
CVE-2006-3869 (Heap-based buffer overflow in URLMON.DLL in Microsoft Internet ...)
	NOT-FOR-US: Microsoft
CVE-2006-3868 (Unspecified vulnerability in Microsoft Office XP and 2003 allows ...)
	NOT-FOR-US: Microsoft
CVE-2006-3867 (Unspecified vulnerability in Microsoft Excel 2000, 2002, 2003, 2004 ...)
	NOT-FOR-US: Microsoft
CVE-2006-3866
	REJECTED
CVE-2006-3865
	RESERVED
CVE-2006-3864 (Unspecified vulnerability in mso.dll in Microsoft Office 2000, XP, and ...)
	NOT-FOR-US: Microsoft
CVE-2006-3863
	RESERVED
CVE-2006-3862 (Buffer overflow in IBM Informix Dynamic Server (IDS) 9.40.TC5 through ...)
	NOT-FOR-US: IBM Informix Dynamic Server
CVE-2006-3861 (IBM Informix Dynamic Server (IDS) before 9.40.xC7 and 10.00 before ...)
	NOT-FOR-US: IBM Informix Dynamic Server
CVE-2006-3860 (IBM Informix Dynamic Server (IDS) before 9.40.xC7 and 10.00 before ...)
	NOT-FOR-US: IBM Informix Dynamic Server
CVE-2006-3859 (IBM Informix Dynamic Server (IDS) allows remote authenticated users to ...)
	NOT-FOR-US: IBM Informix Dynamic Server
CVE-2006-3858 (IBM Informix Dynamic Server (IDS) before 9.40.xC8 and 10.00 before ...)
	NOT-FOR-US: IBM Informix Dynamic Server
CVE-2006-3857 (Multiple buffer overflows in IBM Informix Dynamic Server (IDS) before ...)
	NOT-FOR-US: IBM Informix Dynamic Server
CVE-2006-3856 (IBM Informix Dynamic Server (IDS) before 9.40.xC7 and 10.00 before ...)
	NOT-FOR-US: IBM Informix Dynamic Server
CVE-2006-3855 (The ifx_load_internal function in IBM Informix Dynamic Server (IDS) ...)
	NOT-FOR-US: IBM Informix Dynamic Server
CVE-2006-3854 (Buffer overflow in IBM Informix Dynamic Server (IDS) 9.40.TC7, ...)
	NOT-FOR-US: IBM Informix Dynamic Server
CVE-2006-3853 (Buffer overflow in IBM Informix Dynamic Server (IDS) before 9.40.TC7 ...)
	NOT-FOR-US: IBM Informix Dynamic Server
CVE-2006-3852 (Cross-site scripting (XSS) vulnerability in index.php in Micro ...)
	NOT-FOR-US: Micro GuestBook
CVE-2006-3851 (SQL injection vulnerability in upgradev1.php in X7 Chat 2.0.4 and ...)
	NOT-FOR-US: X7 Chat
CVE-2006-3850 (** DISPUTED ** ...)
	NOT-FOR-US: Vanilla CMS
CVE-2006-3849 (Stack-based buffer overflow in Warzone 2100 and Warzone Resurrection ...)
	NOT-FOR-US: Warzone
CVE-2006-3848 (Cross-site scripting (XSS) vulnerability in CGI wrapper for IP ...)
	- ipcalc 0.41-1 (bug #381469; low)
	[sarge] - ipcalc <no-dsa> (No exploit potential)
CVE-2006-3847 (PHP remote file inclusion vulnerability in (1) admin.php, and possibly ...)
	NOT-FOR-US: MoSpray
CVE-2006-3846 (PHP remote file inclusion vulnerability in extadminmenus.class.php in ...)
	NOT-FOR-US: MultiBanners
CVE-2006-3845 (Stack-based buffer overflow in lzh.fmt in WinRAR 3.00 through 3.60 ...)
	NOT-FOR-US: WinRAR
CVE-2006-3844 (Buffer overflow in Quick 'n Easy FTP Server 3.0 allows remote ...)
	NOT-FOR-US: Quick 'n Easy FTP Server
CVE-2006-3843 (PHP remote file inclusion vulnerability in com_calendar.php in ...)
	NOT-FOR-US: Calendar Mambo Module
CVE-2006-3842 (Cross-site scripting (XSS) vulnerability in Zoho Virtual Office 3.2 ...)
	NOT-FOR-US: Zoho Virtual Office
CVE-2006-3841 (Cross-site scripting (XSS) vulnerability in WebScarab before ...)
	NOT-FOR-US: WebScarab
CVE-2006-3840 (The SMB Mailslot parsing functionality in PAM in multiple ISS products ...)
	NOT-FOR-US: various ISS products
CVE-2006-3839
	RESERVED
CVE-2006-3838 (Multiple stack-based buffer overflows in eIQnetworks Enterprise ...)
	NOT-FOR-US: eIQnetworks Enterprise
CVE-2006-XXXX [syslog-ng dos]
	- syslog-ng 2.0rc1-2 (low)
	[sarge] - syslog-ng <not-affected> (Vulnerable code not present)
CVE-2006-XXXX [courier-authdaemon: wrong socket permissions may lead to password disclosure]
	- courier-authlib 0.58-3.1 (bug #378571; medium)
	[sarge] - courier-authlib <not-affected> (bug #378571; medium)
CVE-2006-4046 (Multiple stack-based buffer overflows in Open Cubic Player 2.6.0pre6 ...)
	- ocp 0.1.10rc6-1 (medium; bug #381098)
CVE-2006-XXXX [uqwk buffer overflow]
	- uqwk 2.21-13 (bug #376577; low)
	[sarge] - uqwk <no-dsa> (Minor issue)
CVE-2006-3837 (delcookie.php in Professional Home Page Tools Guestbook changes the ...)
	NOT-FOR-US: Professional Home Page Tools Guestbook
CVE-2006-3836 (Directory traversal vulnerability in index.php in UNIDOmedia Chameleon ...)
	NOT-FOR-US: UNIDOmedia Chameleon
CVE-2006-3835 (Apache Tomcat 5 before 5.5.17 allows remote attackers to list ...)
	- tomcat5 <not-affected> (bug #380361; maintainter can't reproduce)
	- tomcat5.5 <not-affected> (bug #380376; maintainer can't reproduce)
CVE-2006-3834 (EJ3 TOPo 2.2.178 includes the password in cleartext in the ID field to ...)
	NOT-FOR-US: EJ3 TOPo
CVE-2006-3833 (index.php in EJ3 TOPo 2.2.178 allows remote attackers to overwrite ...)
	NOT-FOR-US: EJ3 TOPo
CVE-2006-3832 (SQL injection vulnerability in index.php in Gerrit van Aaken Loudblog ...)
	NOT-FOR-US: Gerrit van Aaken Loudblog
CVE-2006-3831 (The Backup selection in Kailash Nadh boastMachine (formerly bMachine) ...)
	NOT-FOR-US: Kailash Nadh boastMachine (formerly bMachine)
CVE-2006-3830 (The Languages selection in the admin interface in Kailash Nadh ...)
	NOT-FOR-US: Kailash Nadh boastMachine (formerly bMachine)
CVE-2006-3829 (Cross-site request forgery (CSRF) vulnerability in bmc/admin.php in ...)
	NOT-FOR-US: Kailash Nadh boastMachine (formerly bMachine)
CVE-2006-3828 (Incomplete blacklist vulnerability in Kailash Nadh boastMachine ...)
	NOT-FOR-US: Kailash Nadh boastMachine (formerly bMachine)
CVE-2006-3827 (SQL injection vulnerability in bmc/Inc/core/admin/search.inc.php in ...)
	NOT-FOR-US: Kailash Nadh boastMachine (formerly bMachine)
CVE-2006-3826 (Multiple cross-site scripting (XSS) vulnerabilities in Kailash Nadh ...)
	NOT-FOR-US: Kailash Nadh boastMachine (formerly bMachine)
CVE-2006-3825 (The IPv4 implementation in Sun Solaris 10 before 20060721 allows local ...)
	NOT-FOR-US: Solaris
CVE-2006-3824 (systeminfo.c for Sun Solaris allows local users to read kernel memory ...)
	NOT-FOR-US: Solaris
CVE-2006-3823 (SQL injection vulnerability in index.php in GeodesicSolutions (1) ...)
	NOT-FOR-US: GeodesicSolutions GeoAuctions Premier and GeoClassifieds Basic
CVE-2006-3822 (SQL injection vulnerability in index.php in GeodesicSolutions ...)
	NOT-FOR-US: GeodesicSolutions GeoAuctions
CVE-2006-3821 (Multiple cross-site scripting (XSS) vulnerabilities in ATutor 1.5.3 ...)
	NOT-FOR-US: ATutor
CVE-2006-3820 (Cross-site scripting (XSS) vulnerability in loudblog/index.php in ...)
	NOT-FOR-US: Loudblog
CVE-2006-3819 (Eval injection vulnerability in the configure script in TWiki 4.0.0 ...)
	- twiki <not-affected> (only 4.0.x is affected)
CVE-2006-3818 (Cross-site scripting (XSS) vulnerability in the login page in Novell ...)
	NOT-FOR-US: Novell GroupWise WebAccess
CVE-2006-3817 (Cross-site scripting (XSS) vulnerability in Novell GroupWise WebAccess ...)
	NOT-FOR-US: Novell GroupWise WebAccess
CVE-2006-3816 (Krusader 1.50-beta1 up to 1.70.0 stores passwords for remote ...)
	- krusader <not-affected> (bug #380063; file in directory with 0700 permissions)
CVE-2006-3815 (heartbeat.c in heartbeat before 2.0.6 sets insecure permissions in a ...)
	{DSA-1128}
	- heartbeat 1.2.4-13 (bug #379904; bug #380289)
CVE-2006-3814 (Buffer overflow in the Loader_XM::load_instrument_internal function in ...)
	{DSA-1166}
	- cheesetracker 0.9.9-6 (bug #380364; low)
CVE-2006-3813 (A regression error in the Perl package for Red Hat Enterprise Linux 4 ...)
	NOT-FOR-US: Perl in Red Hat Enterprise Linux 4
CVE-2006-3812 (Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and ...)
	NOTE: MFSA-2006-56
	[sarge] - mozilla <not-affected>
	- mozilla <unfixed> (medium)
	- xulrunner 1.8.0.5-1 (medium)
	[sarge] - mozilla-firefox <not-affected> (Only Firefox 1.5 is affected)
	- firefox 1.5.dfsg+1.5.0.5-1 (medium)
	- thunderbird <unfixed> (unimportant)
	[sarge] - mozilla-thunderbird <not-affected> (unimportant)
CVE-2006-3811 (Multiple vulnerabilities in Mozilla Firefox before 1.5.0.5, ...)
	{DSA-1161 DSA-1160 DSA-1159}
	NOTE: MFSA-2006-55
	- mozilla <unfixed> (high)
	- xulrunner 1.8.0.5-1 (high)
	- mozilla-firefox <removed> (high)
	- firefox 1.5.dfsg+1.5.0.5-1 (high)
	- thunderbird 1.5.0.5-1 (medium)
	- mozilla-thunderbird <removed> (medium)
CVE-2006-3810 (Cross-site scripting (XSS) vulnerability in Mozilla Firefox 1.5 before ...)
	{DSA-1159}
	NOTE: MFSA-2006-54
	- mozilla <not-affected> (mozilla 1.7 not affected)
	- xulrunner 1.8.0.5-1 (high)
	- mozilla-firefox <not-affected> (only firefox >= 1.5)
	- firefox 1.5.dfsg+1.5.0.5-1 (high)
	- thunderbird 1.5.0.5-1 (medium)
CVE-2006-3809 (Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and ...)
	{DSA-1161 DSA-1160 DSA-1159}
	NOTE: MFSA-2006-53
	- mozilla <unfixed> (medium)
	- xulrunner 1.8.0.5-1 (medium)
	- mozilla-firefox <removed> (medium)
	- firefox 1.5.dfsg+1.5.0.5-1 (medium)
	- thunderbird 1.5.0.5-1 (medium)
	- mozilla-thunderbird <removed> (medium)
CVE-2006-3808 (Mozilla Firefox before 1.5.0.5 and SeaMonkey before 1.0.3 allows ...)
	{DSA-1161 DSA-1160 DSA-1159}
	NOTE: MFSA-2006-52
	- mozilla <unfixed> (medium)
	- xulrunner 1.8.0.5-1 (medium)
	- mozilla-firefox <removed> (medium)
	- firefox 1.5.dfsg+1.5.0.5-1 (medium)
	- thunderbird 1.5.0.5-1
CVE-2006-3807 (Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and ...)
	{DSA-1161 DSA-1160 DSA-1159}
	NOTE: MFSA-2006-51
	- mozilla <unfixed> (high)
	- xulrunner 1.8.0.5-1 (high)
	- mozilla-firefox <removed> (high)
	- firefox 1.5.dfsg+1.5.0.5-1 (high)
	- thunderbird 1.5.0.5-1 (medium)
	- mozilla-thunderbird <removed> (medium)
CVE-2006-3806 (Multiple integer overflows in the Javascript engine in Mozilla Firefox ...)
	{DSA-1161 DSA-1160 DSA-1159}
	NOTE: MFSA-2006-50
	- mozilla <unfixed> (high)
	- xulrunner 1.8.0.5-1 (high)
	- mozilla-firefox <removed> (high)
	- firefox 1.5.dfsg+1.5.0.5-1 (high)
	- thunderbird 1.5.0.5-1 (medium)
	- mozilla-thunderbird <removed> (medium)
CVE-2006-3805 (The Javascript engine in Mozilla Firefox before 1.5.0.5, Thunderbird ...)
	{DSA-1161 DSA-1160 DSA-1159}
	NOTE: MFSA-2006-50
	- mozilla <unfixed> (high)
	- xulrunner 1.8.0.5-1 (high)
	- mozilla-firefox <removed> (high)
	- firefox 1.5.dfsg+1.5.0.5-1 (high)
	- thunderbird 1.5.0.5-1 (medium)
	- mozilla-thunderbird <removed> (medium)
CVE-2006-3804 (Heap-based buffer overflow in Mozilla Thunderbird before 1.5.0.5 and ...)
	NOTE: MFSA-2006-49
	- mozilla-firefox <not-affected> (only firefox >= 1.5)
	[sarge] - mozilla <not-affected> (mozilla 1.7 not affected)
	- mozilla <unfixed> (high)
	- thunderbird 1.5.0.5-1 (high)
	- mozilla-thunderbird <not-affected> (high)
CVE-2006-3803 (Race condition in the JavaScript garbage collection in Mozilla Firefox ...)
	NOTE: MFSA-2006-48
	- mozilla <not-affected> (mozilla 1.7 not affected)
	- xulrunner 1.8.0.5-1 (high)
	- mozilla-firefox <not-affected> (only firefox >= 1.5)
	- firefox 1.5.dfsg+1.5.0.5-1 (high)
	- thunderbird 1.5.0.5-1 (medium)
	- mozilla-thunderbird <not-affected>
CVE-2006-3802 (Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and ...)
	NOTE: MFSA-2006-47
	- mozilla <not-affected> (mozilla 1.7 not affected)
	- xulrunner 1.8.0.5-1 (medium)
	- mozilla-firefox <not-affected> (only firefox >= 1.5)
	- firefox 1.5.dfsg+1.5.0.5-1 (medium)
	- thunderbird 1.5.0.5-1 (medium)
	- mozilla-thunderbird <not-affected>
CVE-2006-3801 (Mozilla Firefox 1.5 before 1.5.0.5 and SeaMonkey before 1.0.3 does not ...)
	NOTE: MFSA-2006-44
	- mozilla-firefox <not-affected> (only firefox >= 1.5)
	- mozilla-thunderbird <not-affected> (only firefox >= 1.5)
	- mozilla <not-affected> (mozilla 1.7 not affected)
	- firefox 1.5.dfsg+1.5.0.5-1 (high)
	- xulrunner 1.8.0.5-1 (high)
	- thunderbird 1.5.0.5-1 (medium)
CVE-2006-3800 (Cross-site scripting (XSS) vulnerability in Amazing Flash AFCommerce ...)
	NOT-FOR-US: AFCommerce
CVE-2006-3799 (DeluxeBB 1.07 and earlier allows remote attackers to bypass SQL ...)
	NOT-FOR-US: DeluxeBB
CVE-2006-3798 (DeluxeBB 1.07 and earlier allows remote attackers to overwrite the (1) ...)
	NOT-FOR-US: DeluxeBB
CVE-2006-3797 (SQL injection vulnerability in DeluxeBB 1.07 and earlier allows remote ...)
	NOT-FOR-US: DeluxeBB
CVE-2006-3796 (DeluxeBB 1.07 and earlier does not properly handle a username composed ...)
	NOT-FOR-US: DeluxeBB
CVE-2006-3795 (Multiple cross-site scripting (XSS) vulnerabilities in DeluxeBB before ...)
	NOT-FOR-US: DeluxeBB
CVE-2006-3794 (** DISPUTED ** ...)
	NOT-FOR-US: AFCommerce
CVE-2006-3793 (PHP remote file inclusion vulnerability in constants.php in SiteDepth ...)
	NOT-FOR-US: SiteDepth
CVE-2006-3792 (SQL injection vulnerability in ServerClientUfo::recv_packet in ...)
	NOT-FOR-US: UFO2000
CVE-2006-3791 (The decode_stringmap function in server_transport.cpp for UFO2000 svn ...)
	NOT-FOR-US: UFO2000
CVE-2006-3790 (The decode_stringmap function in server_transport.cpp for UFO2000 svn ...)
	NOT-FOR-US: UFO2000
CVE-2006-3789 (Multiple array index errors in the (1) recv_rules, (2) ...)
	NOT-FOR-US: UFO2000
CVE-2006-3788 (Multiple buffer overflows in multiplay.cpp in UFO2000 svn 1057 allow ...)
	NOT-FOR-US: UFO2000
CVE-2006-3787 (kpf4ss.exe in Sunbelt Kerio Personal Firewall 4.3.x before 4.3.268 ...)
	NOT-FOR-US: Sunbelt Kerio Personal Firewall
CVE-2006-3786 (Symantec pcAnywhere 12.5 uses weak integrity protection for .cif (aka ...)
	NOT-FOR-US: Symantec pcAnywhere
CVE-2006-3785 (Symantec pcAnywhere 12.5 obfuscates the passwords in a GUI textbox ...)
	NOT-FOR-US: Symantec pcAnywhere
CVE-2006-3784 (Symantec pcAnywhere 12.5 uses weak default permissions for the ...)
	NOT-FOR-US: Symantec pcAnywhere
CVE-2006-3783 (Sun Solaris 10 allows local users to cause a denial of service (panic) ...)
	NOT-FOR-US: Solaris
CVE-2006-3782 (Unspecified vulnerability in the kernel debugger (kmdb) in Sun Solaris ...)
	NOT-FOR-US: Solaris
CVE-2006-3781 (Unspecified vulnerability in Sun Solaris 10 allows context-dependent ...)
	NOT-FOR-US: Solaris
CVE-2006-3780 (Keyifweb Keyif Portal 2.0 stores sensitive information under the web ...)
	NOT-FOR-US: Keyifweb Keyif Portal
CVE-2006-3779 (Citrix MetaFrame up to XP 1.0 Feature 1, except when running on ...)
	NOT-FOR-US: Citrix
CVE-2006-3778 (IBM Lotus Notes 6.0, 6.5, and 7.0 does not properly handle replies to ...)
	NOT-FOR-US: IBM
CVE-2006-3777 (PHP remote file inclusion vulnerability in index.php in IDevSpot ...)
	NOT-FOR-US: IDevSpot PhpLinkExchange
CVE-2006-3776 (PHP remote file inclusion vulnerability in order/index.php in IDevSpot ...)
	NOT-FOR-US: IDevSpot (1) PhpHostBot 1.0 and (2) AutoHost 3.0
CVE-2006-3775 (SQL injection vulnerability in the init function in class_session.php ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2006-3774 (PHP remote file inclusion vulnerability in performs.php in the ...)
	NOT-FOR-US: perForms component (com_performs) for Joomla!
CVE-2006-3773 (PHP remote file inclusion vulnerability in smf.php in the SMF-Forum ...)
	NOT-FOR-US: MF-Forum Bridge Component (com_smf) For Joomla! and Mambo
CVE-2006-3772 (PHP-Post 0.21 and 1.0, and possibly earlier versions, when auto-login ...)
	NOT-FOR-US: PHP-Post
CVE-2006-3771 (Multiple PHP remote file inclusion vulnerabilities in component.php in ...)
	NOT-FOR-US: iManage CMS
CVE-2006-3770 (Multiple SQL injection vulnerabilities in index.php in phpFaber ...)
	NOT-FOR-US: phpFaber TopSites
CVE-2006-3769 (Multiple cross-site scripting (XSS) vulnerabilities in Top XL 1.1 and ...)
	NOT-FOR-US: Top XL
CVE-2006-3768 (Integer underflow in filecpnt.exe in FileCOPA FTP Server 1.01 before ...)
	NOT-FOR-US: FileCOPA FTP Server
CVE-2006-3767 (Cross-site scripting (XSS) vulnerability in showprofile.php in ...)
	NOT-FOR-US: Darren's $5 Script Archive osDate
CVE-2006-3766 (Darren's $5 Script Archive osDate 1.1.7 and earlier allows users to ...)
	NOT-FOR-US: Darren's $5 Script Archive osDate
CVE-2006-3765 (Multiple cross-site scripting (XSS) vulnerabilities in Huttenlocher ...)
	NOT-FOR-US: uttenlocher Webdesign hwdeGUEST
CVE-2006-3764 (Till Gerken phpPolls 1.0.3 allows remote attackers to create a new ...)
	NOT-FOR-US: phpPolls
CVE-2006-3763 (SQL injection vulnerability in category.php in Diesel Joke Site allows ...)
	NOT-FOR-US: Diesel Joke Site
CVE-2006-3762 (The Touch Control ActiveX control 2.0.0.55 allows remote attackers to ...)
	NOT-FOR-US: Touch Control ActiveX control
CVE-2006-3761 (Cross-site scripting (XSS) vulnerability in inc/functions_post.php in ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2006-3760 (Multiple SQL injection vulnerabilities in MyBB (aka MyBulletinBoard) ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2006-3759 (Unspecified vulnerability in MyBB (aka MyBulletinBoard) 1.1.4, related ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2006-3758 (inc/init.php in Archive Mode (Light) in MyBB (aka MyBulletinBoard) ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2006-3757 (index.php in Zen Cart 1.3.0.2 allows remote attackers to obtain ...)
	NOT-FOR-US: Zen Cart
CVE-2006-3756 (Cross-site scripting (XSS) vulnerability in Geeklog 1.4.0sr4 and ...)
	NOT-FOR-US: Geeklog
CVE-2006-3755 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: FlushCMS
CVE-2006-3754 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: FlushCMS
CVE-2006-3753 (setcookie.php for the administration login in Professional Home Page ...)
	NOT-FOR-US: Professional Home Page Tools Guestbook
CVE-2006-3752 (Multiple SQL injection vulnerabilities in class.php in Professional ...)
	NOT-FOR-US: Professional Home Page Tools Guestbook
CVE-2006-3751 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: HTMLArea3
CVE-2006-3750 (PHP remote file inclusion vulnerability in server.php in the Hashcash ...)
	NOT-FOR-US: Hashcash Component (com_hashcash) for Joomla
CVE-2006-3749 (PHP remote file inclusion vulnerability in sitemap.xml.php in Sitemap ...)
	NOT-FOR-US: Sitemap component (com_sitemap) for Mambo
CVE-2006-3748 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: LoudMouth Component for Mambo
CVE-2006-3747 (Off-by-one error in the ldap scheme handling in the Rewrite module ...)
	{DSA-1132-1 DSA-1131-1}
	- apache 1.3.34-3 (medium; bug #380231)
	- apache2 2.0.55-4.1 (medium; bug #380182)
CVE-2006-3746 (Integer overflow in parse_comment in GnuPG (gpg) 1.4.4 allows remote ...)
	{DSA-1141-1 DSA-1140-1}
	- gnupg 1.4.5-1 (medium; bug #381204)
	- gnupg2 1.9.20-2 (medium)
CVE-2006-3745 (Unspecified vulnerability in the sctp_make_abort_user function in the ...)
	- linux-2.6 2.6.17-7
CVE-2006-3744 (Multiple integer overflows in ImageMagick before 6.2.9 allows ...)
	{DSA-1168-1}
	- imagemagick 7:6.2.4.5.dfsg1-0.10 (bug #385062)
	- graphicsmagick 1.1.7-7
CVE-2006-3743 (Multiple buffer overflows in ImageMagick before 6.2.9 allow ...)
	{DSA-1168-1}
	- imagemagick 7:6.2.4.5.dfsg1-0.10 (bug #385062)
	- graphicsmagick 1.1.7-8
CVE-2006-3742 (The KDE PAM configuration shipped with Fedora Core 5 causes KDM ...)
	- kdebase <not-affected>
	NOTE: only in Fedora
CVE-2006-3741 (The perfmonctl system call (sys_perfmonctl) in Linux kernel 2.4.x and ...)
	{DSA-1233}
	- linux-2.6 2.6.18-1
CVE-2006-3740 (Integer overflow in the scan_cidfont function in X.Org 6.8.2 and ...)
	{DSA-1193-1}
	- libxfont 1:1.2.2-1
CVE-2006-3739 (Integer overflow in the CIDAFM function in X.Org 6.8.2 and XFree86 X ...)
	{DSA-1193-1}
	- libxfont 1:1.2.2-1
CVE-2006-3738 (Buffer overflow in the SSL_get_shared_ciphers function in OpenSSL ...)
	{DSA-1195-1 DSA-1185-2}
	- openssl 0.9.8c-2 (bug #389940)
	- openssl097 0.9.7k-2
	- openssl096 <removed>
CVE-2006-XXXX [htdig: several unspecified security problems]
	- htdig 1:3.2.0b6-1
CVE-2006-XXXX [ldap account manager sets trivial password instead of disabling it]
	- ldap-account-manager 1.0.2-1.1 (bug #368804; medium)
	[sarge] - ldap-account-manager <not-affected>
CVE-2006-XXXX [ldap account manager wrongly unlocks some passwords]
	- ldap-account-manager 1.0.3-1 (bug #375453; medium)
	[sarge] - ldap-account-manager <not-affected>
CVE-2006-3737 (Cross-site scripting (XSS) vulnerability in ...)
	NOT-FOR-US: Plesk
CVE-2006-3736 (PHP remote file inclusion vulnerability in core/videodb.class.xml.php ...)
	NOT-FOR-US: VideoDB for Mambo
CVE-2006-3735 (Multiple PHP remote file inclusion vulnerabilities in Mail2Forum ...)
	NOT-FOR-US: Mail2Forum
CVE-2006-3734 (Multiple unspecified vulnerabilities in the Command Line Interface ...)
	NOT-FOR-US: Cisco
CVE-2006-3733 (jmx-console/HtmlAdaptor in the jmx-console in the JBoss web ...)
	NOT-FOR-US: Cisco
CVE-2006-3732 (Cisco Security Monitoring, Analysis and Response System (CS-MARS) ...)
	NOT-FOR-US: Cisco
CVE-2006-3731 (Mozilla Firefox 1.5.0.4 and earlier allows remote user-assisted ...)
	- firefox 1.5.dfsg+1.5.0.6-1 (bug #379050; low)
	[sarge] - mozilla-firefox <not-affected> (Unreproducible on Sarge)
CVE-2006-3730 (Integer overflow in Microsoft Internet Explorer 6 on Windows XP SP2 ...)
	NOT-FOR-US: MSIE
CVE-2006-3729 (DataSourceControl in Internet Explorer 6 on Windows XP SP2 with Office ...)
	NOT-FOR-US: MSIE
CVE-2006-3728 (Unspecified vulnerability in the kernel in Solaris 10 with patch ...)
	NOT-FOR-US: Solaris
CVE-2006-3727 (Multiple SQL injection vulnerabilities in Eskolar CMS 0.9.0.0 allow ...)
	NOT-FOR-US: Eskolar CMS
CVE-2006-3726 (Buffer overflow in FileCOPA FTP Server before 1.01 released on 18th ...)
	NOT-FOR-US: FileCOPA FTP Server
CVE-2006-3725 (Norton Personal Firewall 2006 9.1.0.33 allows local users to cause a ...)
	NOT-FOR-US: Norton Personal Firewall
CVE-2006-3724 (Unspecified vulnerability in JD Edwards HTML Server for Oracle ...)
	NOT-FOR-US: Oracle
CVE-2006-3723 (Unspecified vulnerability in PeopleSoft Enterprise Portal for Oracle ...)
	NOT-FOR-US: Oracle
CVE-2006-3722 (Unspecified vulnerability in PeopleSoft Enterprise Portal for Oracle ...)
	NOT-FOR-US: Oracle
CVE-2006-3721 (Multiple unspecified vulnerabilities in Oracle Management Service for ...)
	NOT-FOR-US: Oracle
CVE-2006-3720 (Unspecified vulnerability in Enterprise Config Management for Oracle ...)
	NOT-FOR-US: Oracle
CVE-2006-3719 (Unspecified vulnerability in CORE: Repository for Oracle Enterprise ...)
	NOT-FOR-US: Oracle
CVE-2006-3718 (Multiple unspecified vulnerabilities in Oracle Exchange for Oracle ...)
	NOT-FOR-US: Oracle
CVE-2006-3717 (Multiple unspecified vulnerabilities in Oracle E-Business Suite and ...)
	NOT-FOR-US: Oracle
CVE-2006-3716 (Multiple unspecified vulnerabilities in Oracle E-Business Suite and ...)
	NOT-FOR-US: Oracle
CVE-2006-3715 (Unspecified vulnerability in Calendar for Oracle Collaboration Suite ...)
	NOT-FOR-US: Oracle
CVE-2006-3714 (Unspecified vulnerability in OC4J for Oracle Application Server ...)
	NOT-FOR-US: Oracle
CVE-2006-3713 (Unspecified vulnerability in OC4J for Oracle Application Server ...)
	NOT-FOR-US: Oracle
CVE-2006-3712 (Unspecified vulnerability in OC4J for Oracle Application Server ...)
	NOT-FOR-US: Oracle
CVE-2006-3711 (Unspecified vulnerability in OC4J for Oracle Application Server ...)
	NOT-FOR-US: Oracle
CVE-2006-3710 (Unspecified vulnerability in OC4J for Oracle Application Server ...)
	NOT-FOR-US: Oracle
CVE-2006-3709 (Unspecified vulnerability in OC4J for Oracle Application Server ...)
	NOT-FOR-US: Oracle
CVE-2006-3708 (Unspecified vulnerability in OC4J for Oracle Application Server ...)
	NOT-FOR-US: Oracle
CVE-2006-3707 (Unspecified vulnerability in OC4J for Oracle Application Server ...)
	NOT-FOR-US: Oracle
CVE-2006-3706 (Unspecified vulnerability in OC4J for Oracle Application Server ...)
	NOT-FOR-US: Oracle
CVE-2006-3705 (Multiple unspecified vulnerabilities in Oracle Database 10.1.0.5 have ...)
	NOT-FOR-US: Oracle
CVE-2006-3704 (Unspecified vulnerability in the Oracle ODBC Driver for Oracle ...)
	NOT-FOR-US: Oracle
CVE-2006-3703 (Unspecified vulnerability in InterMedia for Oracle Database 9.0.1.5, ...)
	NOT-FOR-US: Oracle
CVE-2006-3702 (Multiple unspecified vulnerabilities in Oracle Database 8.1.7.4, ...)
	NOT-FOR-US: Oracle
CVE-2006-3701 (Unspecified vulnerability in the Dictionary component in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2006-3700 (Multiple unspecified vulnerabilities in Oracle Database 9.2.0.6 and ...)
	NOT-FOR-US: Oracle
CVE-2006-3699 (Unspecified vulnerability in the Core RDBMS component in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2006-3698 (Multiple unspecified vulnerabilities in Oracle Database 10.1.0.5 have ...)
	NOT-FOR-US: Oracle
CVE-2006-3697 (Agnitum Outpost Firewall Pro 3.51.759.6511 (462), as used in (1) ...)
	NOT-FOR-US: Outpost Firewall Pro
CVE-2006-3696 (filtnt.sys in Outpost Firewall Pro before 3.51.759.6511 (462) allows ...)
	NOT-FOR-US: Outpost Firewall Pro
CVE-2006-3694 (Multiple unspecified vulnerabilities in Ruby before 1.8.5 allow remote ...)
	{DSA-1157 DSA-1139-1}
	- ruby1.8 1.8.4-3 (bug #378029; medium)
	- ruby1.9 1.9.0+20060609-1 (medium)
CVE-2006-3693 (Rocks Clusters 4.1 and earlier allows local users to gain privileges ...)
	NOT-FOR-US: Rocks Clusters
CVE-2006-3692 (** DISPUTED ** ...)
	NOT-FOR-US: ListMessenger
CVE-2006-3691 (Multiple SQL injection vulnerabilities in VBZooM 1.11 and earlier ...)
	NOT-FOR-US: VBZooM
CVE-2006-3690 (Multiple PHP remote file inclusion vulnerabilities in MiniBB Forum ...)
	NOT-FOR-US: MiniBB
CVE-2006-3689 (** DISPUTED ** ...)
	NOT-FOR-US: Codeworks Gnomedia SubberZ[Lite]
CVE-2006-3688 (SQL injection vulnerability in Room.php in Francisco Charrua ...)
	NOT-FOR-US: Francisco Charrua Photo-Gallery
CVE-2006-3687 (Stack-based buffer overflow in the Universal Plug and Play (UPnP) ...)
	NOT-FOR-US: D-Link
CVE-2006-3686 (Unspecified vulnerability in [SYSEXE]SMPUTIL.EXE in HP OpenVMS 7.3-2 ...)
	NOT-FOR-US: HP OpenVMS
CVE-2006-3685 (PHP remote file inclusion vulnerability in CzarNews 1.12 through 1.14 ...)
	NOT-FOR-US: CzarNews
CVE-2006-3684 (PHP remote file inclusion vulnerability in calendar.php in SoftComplex ...)
	NOT-FOR-US: SoftComplex PHP Event Calendar
CVE-2006-3683 (PHP remote file inclusion vulnerability in poll.php in Flipper Poll ...)
	NOT-FOR-US: Flipper Poll
CVE-2006-3682 (awstats.pl in AWStats 6.5 build 1.857 and earlier allows remote ...)
	- awstats 6.5-2 (bug #378960; low)
	[sarge] - awstats 6.4-1sarge3
	NOTE: A previous DSA introduced a fix that renders this vulnerability in ineffective
CVE-2006-3681 (Multiple cross-site scripting (XSS) vulnerabilities in awstats.pl in ...)
	- awstats 6.5-2 (bug #378960; unimportant)
	NOTE: Path disclosure is not an issue for Debian
CVE-2006-3680 (Cross-site scripting (XSS) vulnerability in photocycle in Photocycle ...)
	NOT-FOR-US: Photocycle
CVE-2006-3679 (FatWire Content Server 5.5.0 allows remote attackers to bypass access ...)
	NOT-FOR-US: FatWire Content Server
CVE-2006-3678 (TippingPoint IPS running the TippingPoint Operating System (TOS) ...)
	NOT-FOR-US: TippingPoint
CVE-2006-3677 (Mozilla Firefox 1.5 before 1.5.0.5 and SeaMonkey before 1.0.3 allows ...)
	NOTE: MFSA-2006-45
	- mozilla <not-affected> (mozilla 1.7 not affected)
	- xulrunner 1.8.0.5-1 (high)
	- mozilla-firefox <not-affected> (only firefox >= 1.5)
	- firefox 1.5.dfsg+1.5.0.5-1 (high)
	- thunderbird <not-affected>
	- mozilla-thunderbird <not-affected>
CVE-2006-3676 (admin/gallery_admin.php in planetGallery before 14.07.2006 allows remote ...)
	NOT-FOR-US: planetGallery
CVE-2006-3675 (Password Safe 2.11, 2.16 and 3.0BETA1 does not respect the ...)
	NOT-FOR-US: Password Safe
	NOTE: mypasswordsafe and pwsafe might use code from Password Safe,
	NOTE: but the problematic functionality is not present
CVE-2006-3674 (nNetObject.cpp in Armagetron Advanced 2.8.2 and earlier allows remote ...)
	- armagetron 0.2.8.2.1-1 (bug #379062; low)
	[sarge] - armagetron <no-dsa> (Minor game DoS)
	[etch] - armagetron <no-dsa> (Minor game DoS)
CVE-2006-3673 (nNetObject.cpp in Armagetron Advanced 2.8.2 and earlier allows remote ...)
	- armagetron 0.2.8.2.1-1 (bug #379062; low)
	[sarge] - armagetron <no-dsa> (Minor game DoS)
	[etch] - armagetron <no-dsa> (Minor game DoS)
CVE-2006-3672 (KDE Konqueror 3.5.1 and earlier allows remote attackers to cause a ...)
	- kdelibs 4:3.5.4-1 (bug #378962; unimportant)
CVE-2006-3671 (Cross-site request forgery (CSRF) vulnerability in the communicate ...)
	{DTSA-31-1}
	- hyperestraier 1.3.3-1 (bug #379060; low)
CVE-2006-3670 (Stack-based buffer overflow in Winlpd 1.26 allows remote attackers to ...)
	NOT-FOR-US: Winlpd
CVE-2006-3669 (Mercury Messenger, possibly 1.7.1.1 and other versions, when running ...)
	NOT-FOR-US: Mercury Messenger
CVE-2006-3668 (Heap-based buffer overflow in the it_read_envelope function in Dynamic ...)
	{DSA-1123}
	- libdumb 1:0.9.3-5 (bug #379064; medium)
CVE-2006-3667 (Unspecified vulnerability in Sybase/Financial Fusion Consumer Banking ...)
	NOT-FOR-US: Sybase/Financial Fusion Consumer Banking Suite
CVE-2006-3666 (SQL injection vulnerability in AjaxPortal 3.0, with magic_quotes_gpc ...)
	NOT-FOR-US: AjaxPortal
CVE-2006-3665 (SquirrelMail 1.4.6 and earlier, with register_globals enabled, allows ...)
	- squirrelmail 2:1.4.7-1 (unimportant)
	NOTE: Operation with registers_globals not supported
CVE-2006-3664 (Unspecified vulnerability in NIS server on Sun Solaris 8, 9, and 10 ...)
	NOT-FOR-US: Sun Solaris
CVE-2006-3663 (Finjan Vital Security Appliance 5100/8100 NG 8.3.5 stores passwords in ...)
	NOT-FOR-US: Finjan Appliance
CVE-2006-3662 (** DISPUTED ** ...)
	NOT-FOR-US: ATutor
CVE-2006-3661 (Cross-site scripting (XSS) vulnerability in Index.PHP in CuteNews ...)
	NOT-FOR-US: CuteNews
CVE-2006-3660 (Unspecified vulnerability in Microsoft PowerPoint 2003 has unknown ...)
	NOT-FOR-US: Microsoft PowerPoint
CVE-2006-3659 (Microsoft Internet Explorer 6 allows remote attackers to cause a ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2006-3658 (Microsoft Internet Explorer 6 allows remote attackers to cause a ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2006-3657 (Microsoft Internet Explorer 6 allows remote attackers to cause a ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2006-3656 (Unspecified vulnerability in Microsoft PowerPoint 2003 allows ...)
	NOT-FOR-US: Microsoft PowerPoint
CVE-2006-3655 (Unspecified vulnerability in mso.dll in Microsoft PowerPoint 2003 ...)
	NOT-FOR-US: Microsoft PowerPoint
CVE-2006-3654 (Buffer overflow in wksss.exe 8.4.702.0 in Microsoft Works Spreadsheet ...)
	NOT-FOR-US: Microsoft Works Spreadsheet
CVE-2006-3653 (wksss.exe 8.4.702.0 in Microsoft Works Spreadsheet 8.0 allows remote ...)
	NOT-FOR-US: Microsoft Works Spreadsheet
CVE-2006-3652 (Microsoft Internet Security and Acceleration (ISA) Server 2004 allows ...)
	NOT-FOR-US: Microsoft Internet Security and Acceleration Server
CVE-2006-3651 (Unspecified vulnerability in Microsoft Word 2000, 2002, and Office ...)
	NOT-FOR-US: Microsoft
CVE-2006-3650 (Microsoft Office 2000, XP, 2003, 2004 for Mac, and v.X for Mac do not ...)
	NOT-FOR-US: Microsoft
CVE-2006-3649 (Buffer overflow in Microsoft Visual Basic for Applications (VBA) SDK ...)
	NOT-FOR-US: Microsoft
CVE-2006-3648 (Unspecified vulnerability in Microsoft Windows 2000 SP4, XP SP1 and ...)
	NOT-FOR-US: Microsoft
CVE-2006-3647 (Integer overflow in Microsoft Word 2000, 2002, 2003, 2004 for Mac, and ...)
	NOT-FOR-US: Microsoft
CVE-2006-3646
	RESERVED
CVE-2006-3645
	RESERVED
CVE-2006-3644
	RESERVED
CVE-2006-3643 (Cross-site scripting (XSS) vulnerability in Internet Explorer 5.01 and ...)
	NOT-FOR-US: Microsoft
CVE-2006-3642
	RESERVED
CVE-2006-3641
	RESERVED
CVE-2006-3640 (Microsoft Internet Explorer 5.01 and 6 allows certain script to ...)
	NOT-FOR-US: Microsoft
CVE-2006-3639 (Microsoft Internet Explorer 5.01 and 6 does not properly identify the ...)
	NOT-FOR-US: Microsoft
CVE-2006-3638 (Microsoft Internet Explorer 5.01 and 6 does not properly handle ...)
	NOT-FOR-US: Microsoft
CVE-2006-3637 (Microsoft Internet Explorer 5.01 SP4 and 6 does not properly handle ...)
	NOT-FOR-US: Microsoft
CVE-2006-3636 (Multiple cross-site scripting (XSS) vulnerabilities in Mailman before ...)
	{DSA-1188-1}
	- mailman 1:2.1.8-3
CVE-2006-3635
	RESERVED
CVE-2006-3634 (The (1) __futex_atomic_op and (2) futex_atomic_cmpxchg_inatomic ...)
	- linux-2.6 2.6.17-1 (medium)
CVE-2006-3633 (OSSP shiela 1.1.5 and earlier allows remote authenticated users to ...)
	NOT-FOR-US: shiela
CVE-2006-3632 (Buffer overflow in Wireshark (aka Ethereal) 0.8.16 to 0.99.0 ...)
	{DSA-1127}
	- ethereal <removed> (bug #378745; high)
	- wireshark 0.99.2-1 (high)
CVE-2006-3631 (Unspecified vulnerability in the SSH dissector in Wireshark (aka ...)
	{DSA-1127}
	- ethereal <removed> (bug #378745; high)
	- wireshark 0.99.2-1 (high)
CVE-2006-3630 (Multiple off-by-one errors in Wireshark (aka Ethereal) 0.9.7 to ...)
	{DSA-1127}
	- ethereal <removed> (bug #378745; high)
	- wireshark 0.99.2-1 (high)
CVE-2006-3629 (Unspecified vulnerability in the MOUNT dissector in Wireshark ...)
	{DSA-1127}
	- ethereal <removed> (bug #378745; high)
	- wireshark 0.99.2-1 (high)
CVE-2006-3628 (Multiple format string vulnerabilities in Wireshark (aka Ethereal) ...)
	{DSA-1127}
	- ethereal <removed> (bug #378745; high)
	- wireshark 0.99.2-1 (high)
CVE-2006-3627 (Unspecified vulnerability in the GSM BSSMAP dissector in Wireshark ...)
	- ethereal <removed> (bug #378745; high)
	- wireshark 0.99.2-1 (high)
	[sarge] - ethereal <no-dsa> (Vulnerable code not present)
CVE-2006-3625 (FLV Players 8 allows remote attackers to obtain sensitive information ...)
	NOT-FOR-US: FLV Players
CVE-2006-3624 (Multiple cross-site scripting (XSS) vulnerabilities in FLV Players 8 ...)
	NOT-FOR-US: FLV Players
CVE-2006-3623 (Directory traversal vulnerability in Framework Service component in ...)
	NOT-FOR-US: McAfee ePolicy Orchestrator
CVE-2006-3622 (The showtopic module in Koobi Pro CMS 5.6 allows remote attackers to ...)
	NOT-FOR-US: Koobi Pro CMS
CVE-2006-3621 (SQL injection vulnerability in the showtopic module in Koobi Pro CMS ...)
	NOT-FOR-US: Koobi Pro CMS
CVE-2006-3620 (Cross-site scripting (XSS) vulnerability in the showtopic module in ...)
	NOT-FOR-US: Koobi Pro CMS
CVE-2006-3619 (Directory traversal vulnerability in FastJar 0.93, as used in Gnu GCC ...)
	{DSA-1170}
	- gcc-4.1 4.1.1-11 (bug #368397; low)
	- gcc-3.4 3.4.4-0
	NOTE: gcc-3.4 no longer builds the fastjar package
CVE-2006-3618 (SQL injection vulnerability in pblguestbook.php in Pixelated By Lev ...)
	NOT-FOR-US: Pixelated By Lev (PBL) Guestbook
CVE-2006-3617 (Cross-site scripting (XSS) vulnerability in pblguestbook.php in ...)
	NOT-FOR-US: Pixelated By Lev (PBL) Guestbook
CVE-2006-3616 (Multiple cross-site scripting (XSS) vulnerabilities in Carbonize ...)
	NOT-FOR-US: Carbonize Lazarus Guestbook
CVE-2006-3615 (Multiple PHP remote file inclusion vulnerabilities in Phorum 5.1.14, ...)
	NOT-FOR-US: Phorum
CVE-2006-3614 (index.php in Orbitcoders OrbitMATRIX 1.0 allows remote attackers to ...)
	NOT-FOR-US: Orbitcoders OrbitMATRIX
CVE-2006-3613 (Multiple cross-site scripting (XSS) vulnerabilities in Chamberland ...)
	NOT-FOR-US: Chamberland Technology ezWaiter
CVE-2006-3612 (Cross-site scripting (XSS) vulnerability in Phorum 5.1.14 allows ...)
	NOT-FOR-US: Phorum
CVE-2006-3611 (Directory traversal vulnerability in pm.php in Phorum 5 allows remote ...)
	NOT-FOR-US: Phorum
CVE-2006-3610 (index.php in Orbitcoders OrbitMATRIX 1.0 allows remote attackers to ...)
	NOT-FOR-US: Orbitcoders OrbitMATRIX
CVE-2006-3609 (Cross-site scripting (XSS) vulnerability in index.php in Orbitcoders ...)
	NOT-FOR-US: Orbitcoders OrbitMATRIX
CVE-2006-3608 (The Gallery module in Simone Vellei Flatnuke 2.5.7 and earlier, when ...)
	NOT-FOR-US: Simone Vellei Flatnuke
CVE-2006-3607 (Multiple cross-site scripting (XSS) vulnerabilities in Softbiz Banner ...)
	NOT-FOR-US: Softbiz Banner Exchange Script (aka Banner Exchange Network Script)
CVE-2006-3606 (Unspecified vulnerability in Sun Solaris X Inter Client Exchange ...)
	NOTE: Sun Solaris
CVE-2006-3605 (Microsoft Internet Explorer 6 allows remote attackers to cause a ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2006-3604 (Directory traversal vulnerability in FlexWATCH Network Camera 3.0 and ...)
	NOT-FOR-US: FlexWATCH Network Camera
CVE-2006-3603 (Cross-site scripting (XSS) vulnerability in index.php in FlexWATCH ...)
	NOT-FOR-US: FlexWATCH Network Camera
CVE-2006-3602 (Directory traversal vulnerability in ...)
	NOTE: this is CVE-2005-4600
	NOT-FOR-US: Farsinews
CVE-2006-3601 (** UNVERIFIABLE ** ...)
	NOT-FOR-US: DotNetNuke
CVE-2006-3600 (Multiple stack-based buffer overflows in the LookupTRM::lookup ...)
	{DSA-1135-1}
	- libtunepimp 0.4.2-4 (bug #378091; medium)
CVE-2006-3599 (SQL injection vulnerability in the Nuke Advanced Classifieds module ...)
	NOT-FOR-US: Nuke Advanced Classifieds module for PHP-Nuke
CVE-2006-3598 (SQL injection vulnerability in the Sections module for PHP-Nuke allows ...)
	NOT-FOR-US: Sections module for PHP-Nuke
CVE-2006-3597 (passwd before 1:4.0.13 on Ubuntu 6.06 LTS leaves the root password ...)
	- shadow <not-affected> (fix for a mistake in the Ubuntu installer)
CVE-2006-3596 (The device driver for Intel-based gigabit network adapters in Cisco ...)
	NOT-FOR-US: Cisco
CVE-2006-3595 (The default configuration of IOS HTTP server in Cisco Router Web Setup ...)
	NOT-FOR-US: Cisco
CVE-2006-3594 (Buffer overflow in Cisco Unified CallManager (CUCM) 5.0(1) through ...)
	NOT-FOR-US: Cisco
CVE-2006-3593 (The command line interface (CLI) in Cisco Unified CallManager (CUCM) ...)
	NOT-FOR-US: Cisco
CVE-2006-3592 (Unspecified vulnerability in the command line interface (CLI) in Cisco ...)
	NOT-FOR-US: Cisco
CVE-2006-3591 (Microsoft Internet Explorer 6 allows remote attackers to cause a ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2006-3626 (Race condition in Linux kernel 2.6.17.4 and earlier allows local users ...)
	{DSA-1111}
	- linux-2.6 2.6.17-4 (bug #378324; high)
CVE-2006-XXXX [insufficient form variable escaping]
	- webauth 3.5.2-1
CVE-2006-3590 (mso.dll, as used by Microsoft PowerPoint 2000 through 2003, allows ...)
	NOT-FOR-US: Microsoft PowerPoint
CVE-2006-3589 (vmware-config.pl in VMware for Linux, ESX Server 2.x, and Infrastructure ...)
	NOT-FOR-US: VMware
CVE-2006-3588 (Unspecified vulnerability in Adobe (Macromedia) Flash Player 8.0.24.0 ...)
	- flashplugin-nonfree 7.0.68.0.1
	[sarge] - flashplugin-nonfree <no-dsa> (Contrib not supported)
CVE-2006-3587 (Unspecified vulnerability in Adobe (Macromedia) Flash Player 8.0.24.0 ...)
	- flashplugin-nonfree 7.0.68.0.1
	[sarge] - flashplugin-nonfree <no-dsa> (Contrib not supported)
CVE-2006-3586 (SQL injection vulnerability in Jetbox CMS 2.1 SR1 allows remote ...)
	NOT-FOR-US: Jetbox CMS
CVE-2006-3585 (Multiple cross-site scripting (XSS) vulnerabilities in Jetbox CMS 2.1 ...)
	NOT-FOR-US: Jetbox CMS
CVE-2006-3584 (Dynamic variable evaluation vulnerability in index.php in Jetbox CMS ...)
	NOT-FOR-US: Jetbox CMS
CVE-2006-3583 (Session fixation vulnerability in Jetbox CMS 2.1 SR1 allows remote ...)
	NOT-FOR-US: Jetbox CMS
CVE-2006-3582 (Multiple heap-based buffer overflows in Audacious AdPlug 2.0 and ...)
	- adplug 2.0.1-1 (bug #378279; medium)
CVE-2006-3581 (Multiple stack-based buffer overflows in Audacious AdPlug 2.0 and ...)
	- adplug 2.0.1-1 (bug #378279; medium)
CVE-2006-3580 (SQL injection vulnerability in pages.asp in ASP Stats Generator before ...)
	NOT-FOR-US: ASP Stats Generator
CVE-2006-3579 (Cross-site scripting (XSS) vulnerability in Fujitsu ServerView 2.50 up ...)
	NOT-FOR-US: Fujitsu ServerView
CVE-2006-3578 (Directory traversal vulnerability in Fujitsu ServerView 2.50 up to ...)
	NOT-FOR-US: Fujitsu ServerView
CVE-2006-3577 (SQL injection vulnerability in index.php in LifeType 1.0.5 allows ...)
	NOT-FOR-US: LifeType
CVE-2006-3576 (SQL injection vulnerability in search.php in SenseSites CommonSense ...)
	NOT-FOR-US: SenseSites CommonSense
CVE-2006-3575 (Unknown vulnerability in the Buffer Overflow Protection in McAfee ...)
	NOT-FOR-US: McAfee VirusScan Enterprise
CVE-2006-3574 (Multiple cross-site scripting (XSS) vulnerabilities in Hitachi ...)
	NOT-FOR-US: Hitachi Groupmax Collaboration Portal and Web Client and uCosminexus Collaboration Portal and Forum/File Sharing
CVE-2006-3573 (Format string vulnerability in the WriteText function in agl_text.cpp ...)
	NOT-FOR-US: Milan Mimica Sparklet
CVE-2006-3572 (SQL injection vulnerability in forumthread.php in Papoo 3 RC3 and ...)
	NOT-FOR-US: Papoo
CVE-2006-3571 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
	NOT-FOR-US: Papoo
CVE-2006-3570 (Cross-site scripting (XSS) vulnerability in the webform module in ...)
	- drupal <not-affected> (webform module is not in Debian Drupal 4.5 package)
CVE-2006-3569 (Unspecified vulnerability in NetApp Data ONTAP 7.0x through 7.0.4P8D9, ...)
	NOT-FOR-US: IBM Data ONTAP
CVE-2006-3568 (Multiple cross-site scripting (XSS) vulnerabilities in guestbook.php ...)
	NOT-FOR-US: Fantastic Guestbook
CVE-2006-3567 (Cross-site scripting (XSS) vulnerability in the web administration ...)
	NOT-FOR-US: Juniper
CVE-2006-3566 (search.results.php in HiveMail 3.1 and earlier allows remote attackers ...)
	NOT-FOR-US: HiveMail
CVE-2006-3565 (SQL injection vulnerability in search.results.php in HiveMail 1.3 and ...)
	NOT-FOR-US: HiveMail
CVE-2006-3564 (Multiple cross-site scripting (XSS) vulnerabilities in HiveMail 1.3 ...)
	NOT-FOR-US: HiveMail
CVE-2006-3563 (Cross-site scripting (XSS) vulnerability in gallery/thumb.php in ...)
	NOT-FOR-US: Winged Gallery
CVE-2006-3562 (PHP remote file inclusion vulnerabilities in plume cms 1.0.4 allow ...)
	NOT-FOR-US: Plume CMS
CVE-2006-3561 (BT Voyager 2091 Wireless firmware 2.21.05.08m_A2pB018c1.d16d and ...)
	NOT-FOR-US: BT Voyager
CVE-2006-3560 (SQL injection vulnerability in topics.php in Blue Dojo Graffiti Forums ...)
	NOT-FOR-US: Blue Dojo Graffiti Forums
CVE-2006-3559 (Multiple SQL injection vulnerabilities in Arif Supriyanto auraCMS 1.62 ...)
	NOT-FOR-US: auraCMS
CVE-2006-3558 (Multiple cross-site scripting (XSS) vulnerabilities in Arif Supriyanto ...)
	NOT-FOR-US: auraCMS
CVE-2006-3557 (MT Orumcek Toplist 2.2 stores DB/orumcektoplist.mdb under the web root ...)
	NOT-FOR-US: MT Orumcek Toplist
CVE-2006-3556 (PHP remote file inclusion vulnerability in extcalendar.php in Mohamed ...)
	NOT-FOR-US: Mohamed Moujami ExtCalendar
CVE-2006-3555 (Multiple cross-site scripting (XSS) vulnerabilities in submit.php in ...)
	NOT-FOR-US: PHP-Fusion
CVE-2006-3554 (Directory traversal vulnerability in index.php in MKPortal 1.0.1 Final ...)
	NOT-FOR-US: MKPortal
CVE-2006-3553 (PlaNet Concept planetNews allows remote attackers to bypass ...)
	NOT-FOR-US: planetNews
CVE-2006-3552 (Premium Anti-Spam in Ipswitch IMail Secure Server 2006 and ...)
	NOT-FOR-US: Ipswitch IMail Secure Server 2006 and Collaboration Suite 2006 Premium
CVE-2006-3551 (NCP Secure Enterprise Client (aka VPN/PKI client) 8.30 Build 59, and ...)
	NOT-FOR-US: NCP VPN/PKI Client (apparently nothing to do with Novell)
CVE-2006-3550 (Multiple cross-site scripting (XSS) vulnerabilities in F5 Networks ...)
	NOT-FOR-US: F5 Netowrks FirePass
CVE-2006-3549 (services/go.php in Horde Application Framework 3.0.0 through 3.0.10 ...)
	{DSA-1406-1}
	- horde3 3.1.2-1 (bug #378281; low)
CVE-2006-3548 (Multiple cross-site scripting (XSS) vulnerabilities in Horde ...)
	{DSA-1406-1}
	- horde3 3.1.2-1 (bug #378281; low)
CVE-2006-3547 (** DISPUTED ** ...)
	NOT-FOR-US: EMC VMware Player
CVE-2006-3546 (Patrice Freydiere ImgSvr (aka ADA Image Server) allows remote ...)
	NOT-FOR-US: Patrice Freydiere ImgSvr
CVE-2006-3545 (** DISPUTED ** Microsoft Internet Explorer 7.0 Beta allows remote ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2006-3544 (** DISPUTED ** ...)
	NOT-FOR-US: Invision Power Board
CVE-2006-3543 (** DISPUTED ** ...)
	NOT-FOR-US: Invision Power Board
CVE-2006-3542 (Multiple cross-site scripting (XSS) vulnerabilities in Garry Glendown ...)
	NOT-FOR-US: Garry Glendown Shopping Cart
CVE-2006-3541 (SQL injection vulnerability in Meine Links (aka My Links) in Kyberna ...)
	NOT-FOR-US: Meine Links (aka My Links) in Kyberna ky2help
CVE-2006-3540 (Check Point Zone Labs ZoneAlarm Internet Security Suite 6.5.722.000, ...)
	NOT-FOR-US: Check Point Zone Labs ZoneAlarm Internet Security Suite
CVE-2006-3539 (Multiple cross-site scripting (XSS) vulnerabilities in DKScript.com ...)
	NOT-FOR-US: DKScript.com Dragon's Kingdom Script
CVE-2006-3538 (Multiple cross-site scripting (XSS) vulnerabilities in demo.php in ...)
	NOT-FOR-US: BeatificFaith Eprayer
CVE-2006-3537 (PHP remote file inclusion vulnerability in index.php in Randshop ...)
	NOT-FOR-US: Randshop
CVE-2006-3536 (Direct static code injection vulnerability in code/class_db_text.php ...)
	NOT-FOR-US: EJ3 TOPo
CVE-2006-3535 (Directory traversal vulnerability in Nullsoft SHOUTcast DSP before ...)
	NOT-FOR-US: Nullsoft SHOUTcast DSP
CVE-2006-3534 (Directory traversal vulnerability in Nullsoft SHOUTcast DSP before ...)
	NOT-FOR-US: Nullsoft SHOUTcast DSP
CVE-2006-3533 (Multiple cross-site scripting (XSS) vulnerabilities in Pivot 1.30 RC2 ...)
	- pivot <itp> (bug #305786)
CVE-2006-3532 (PHP file inclusion vulnerability in includes/edit_new.php in Pivot ...)
	- pivot <itp> (bug #305786)
CVE-2006-3531 (includes/editor/insert_image.php in Pivot 1.30 RC2 and earlier creates ...)
	- pivot <itp> (bug #305786)
CVE-2006-3530 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: PccookBook Component for Mambo and Joomla
CVE-2003-1304 (EarlyImpact ProductCart 1.0 through 2.0 stores database/EIPC.mdb under ...)
	NOT-FOR-US: EarlyImpact ProductCart
CVE-2006-3529 (Memory leak in Juniper JUNOS 6.4 through 8.0, built before May 10, ...)
	NOT-FOR-US: Juniper JUNOS
CVE-2006-3528 (Multiple PHP remote file inclusion vulnerabilities in Simpleboard ...)
	NOT-FOR-US: Simpleboard Mambo module
CVE-2006-3527 (Multiple PHP remote file inclusion vulnerabilities in BosClassifieds ...)
	NOT-FOR-US: BosClassifieds Classified Ads
CVE-2006-3526 (Multiple cross-site scripting (XSS) vulnerabilities in guestbook.php ...)
	NOT-FOR-US: Sport-slo Advanced Guestbook
CVE-2006-3525 (SQL injection vulnerability in category.php in PHCDownload 1.0.0 Final ...)
	NOT-FOR-US: PHCDownload
CVE-2006-3524 (Buffer overflow in SIPfoundry sipXtapi released before 20060324 allows ...)
	NOT-FOR-US: SIPfoundry sipXtapi
CVE-2006-3523 (Clearswift MIMEsweeper for Web before 5.1.15 Hotfix allows remote ...)
	NOT-FOR-US: Clearswift MIMEsweeper
CVE-2006-3522 (Cross-site scripting (XSS) vulnerability in Clearswift MIMEsweeper for ...)
	NOT-FOR-US: Clearswift MIMEsweeper
CVE-2006-3521 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
	NOT-FOR-US: SiteForge Collaborative Development Platform
CVE-2006-3520 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: Sabdrimer Pro
CVE-2006-3519 (Multiple cross-site scripting (XSS) vulnerabilities in The Banner ...)
	NOT-FOR-US: The Banner Engine
CVE-2006-3518 (SQL injection vulnerability in SayfalaAltList.asp in Webvizyon Portal ...)
	NOT-FOR-US: Webvizyon Portal
CVE-2006-3517 (PHP remote file inclusion vulnerability in stats.php in RW::Download, ...)
	NOT-FOR-US: RW::Download
CVE-2006-3516 (Multiple SQL injection vulnerabilities in FreeHost allow remote ...)
	NOT-FOR-US: FreeHost
CVE-2006-3515 (SQL injection vulnerability in the loginADP function in ajaxp.php in ...)
	NOT-FOR-US: AjaxPortal
CVE-2006-3514 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
	NOT-FOR-US: PHP-Blogger
CVE-2006-3513 (danim.dll in Microsoft Internet Explorer 6 allows remote attackers to ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2006-3512 (Internet Explorer 6 on Windows XP allows remote attackers to cause a ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2006-3511 (Internet Explorer 6 on Windows XP SP2 allows remote attackers to cause ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2006-3510 (The Remote Data Service Object (RDS.DataControl) in Microsoft Internet ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2006-3509 (Integer overflow in the API for the AirPort wireless driver on Apple ...)
	NOT-FOR-US: Apple
CVE-2006-3508 (Heap-based buffer overflow in the AirPort wireless driver on Apple Mac ...)
	NOT-FOR-US: Apple
CVE-2006-3507 (Multiple stack-based buffer overflows in the AirPort wireless driver ...)
	NOT-FOR-US: Apple
CVE-2006-3506 (Buffer overflow in the Xsan Filesystem driver on Mac OS X 10.4.7 and ...)
	NOT-FOR-US: Mac OS X
CVE-2006-3505 (WebKit in Apple Mac OS X 10.3.9 and 10.4.7 allows remote attackers to ...)
	NOT-FOR-US: Apple Mac OS
CVE-2006-3504 (The Download Validation in LaunchServices for Apple Mac OS X 10.4.7 ...)
	NOT-FOR-US: Apple Mac OS
CVE-2006-3503 (Integer overflow in ImageIO in Apple Mac OS X 10.4.7 allows ...)
	NOT-FOR-US: Apple Mac OS
CVE-2006-3502 (Unspecified vulnerability in ImageIO in Apple Mac OS X 10.4.7 allows ...)
	NOT-FOR-US: Apple Mac OS
CVE-2006-3501 (Integer overflow in ImageIO for Apple Mac OS X 10.4.7 allows ...)
	NOT-FOR-US: Apple Mac OS
CVE-2006-3500 (The dynamic linker (dyld) in Apple Mac OS X 10.4.7 allows local users ...)
	NOT-FOR-US: Apple Mac OS
CVE-2006-3499 (The dynamic linker (dyld) in Apple Mac OS X 10.3.9 allows local users ...)
	NOT-FOR-US: Apple Mac OS
CVE-2006-3498 (Stack-based buffer overflow in bootpd in the DHCP component for Apple ...)
	NOT-FOR-US: Apple Mac OS
CVE-2006-3497 (Unspecified vulnerability in the &quot;compression state handling&quot; in Bom ...)
	NOT-FOR-US: Apple Mac OS
CVE-2006-3496 (AFP Server in Apple Mac OS X 10.3.9 and 10.4.7 allows remote attackers ...)
	NOT-FOR-US: Apple Mac OS
CVE-2006-3495 (AFP Server in Apple Mac OS X 10.3.9 and 10.4.7 stores reconnect keys ...)
	NOT-FOR-US: Apple Mac OS
CVE-2006-3494 (Multiple cross-site scripting (XSS) vulnerabilities in Buddy Zone ...)
	NOT-FOR-US: Buddy Zone
CVE-2006-3493 (Buffer overflow in LsCreateLine function (mso_203) in mso.dll and ...)
	NOT-FOR-US: Microsoft Office
CVE-2006-3492 (The CORBA::ORBInvokeRec::set_answer_invoke function in orb.cc in MICO ...)
	NOT-FOR-US: MICO
CVE-2006-3491 (Stack-based buffer overflow in Kaillera Server 0.86 and earlier allows ...)
	NOT-FOR-US: Kaillera Server
CVE-2006-3490 (F-Secure Anti-Virus 2003 through 2006 and other versions, Internet ...)
	NOT-FOR-US: F-Secure Anti-Virus
CVE-2006-3489 (F-Secure Anti-Virus 2003 through 2006 and other versions, Internet ...)
	NOT-FOR-US: F-Secure Anti-Virus
CVE-2006-3488 (Absolute path traversal vulnerability in administrador.asp in ...)
	NOT-FOR-US: VirtuaStore
CVE-2006-3487 (VirtuaStore 2.0 stores sensitive files under the web root with ...)
	NOT-FOR-US: VirtuaStore
CVE-2006-3485 (Multiple SQL injection vulnerabilities in AstroDog Press Some Chess ...)
	NOT-FOR-US: AstroDog Press Some Chess
CVE-2006-3484 (Multiple cross-site scripting (XSS) vulnerabilities in ATutor before ...)
	NOT-FOR-US: ATutor
CVE-2006-3483 (PHPMailList 1.8.0 stores sensitive information under the web document ...)
	NOT-FOR-US: PHPMailList
CVE-2006-3482 (Cross-site scripting (XSS) vulnerability in maillist.php in ...)
	NOT-FOR-US: PHPMailList
CVE-2006-3481 (Multiple SQL injection vulnerabilities in Joomla! before 1.0.10 allow ...)
	NOT-FOR-US: Joomla
CVE-2006-3480 (Multiple cross-site scripting (XSS) vulnerabilities in Joomla! before ...)
	NOT-FOR-US: Joomla
CVE-2006-3479 (Cross-site request forgery (CSRF) vulnerability in the del_block ...)
	NOT-FOR-US: Nuked-Klan
CVE-2006-3478 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: MyPHP CMS
CVE-2006-3477 (Unspecified vulnerability in the POP service in Stalker CommuniGate ...)
	NOT-FOR-US: Stalker CommuniGate Pro
CVE-2006-3476 (Cross-site scripting (XSS) vulnerability in comments.php in ...)
	NOT-FOR-US: PhpWebGallery
CVE-2006-3475 (Multiple PHP remote file inclusion vulnerabilities in free QBoard 1.1 ...)
	NOT-FOR-US: QBoard
CVE-2006-3474 (Multiple SQL injection vulnerabilities in Belchior Foundry vCard PRO ...)
	NOT-FOR-US: Belchior Foundry vCard PRO
CVE-2006-3473 (CRLF injection vulnerability in form_mail Drupal Module before 1.8.2.2 ...)
	- drupal <not-affected> (form_mail Module not in debian)
CVE-2006-3472 (Microsoft Internet Explorer 6.0 and 6.0 SP1 allows remote attackers to ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2006-3471 (Microsoft Internet Explorer 6 on Windows XP allows remote attackers to ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2006-3470 (The Dell Openmanage CD launches X11 and SSH daemons that do not ...)
	NOT-FOR-US: Dell Openmanage CD
CVE-2006-3469 (Format string vulnerability in time.cc in MySQL Server 4.1 before ...)
	{DSA-1112}
	- mysql-dfsg-5.0 5.0.22-1 (bug #375694)
CVE-2006-3468 (Linux kernel 2.6.x, when using both NFS and EXT3, allows remote ...)
	- linux-2.6 2.6.17-6
CVE-2006-3467 (Integer overflow in FreeType before 2.2 allows remote attackers to ...)
	{DSA-1193-1 DSA-1178-1}
	- freetype 2.2.1-5 (bug #379920; medium)
	- libxfont 1:1.2.0-2 (medium; bug #383353)
CVE-2006-3466
	REJECTED
CVE-2006-3465 (Unspecified vulnerability in the custom tag support for the TIFF ...)
	{DSA-1137-1}
	- tiff 3.8.2-6
CVE-2006-3464 (TIFF library (libtiff) before 3.8.2 allows context-dependent attackers ...)
	{DSA-1137-1}
	- tiff 3.8.2-6
CVE-2006-3463 (The EstimateStripByteCounts function in TIFF library (libtiff) before ...)
	{DSA-1137-1}
	- tiff 3.8.2-6
CVE-2006-3462 (Heap-based buffer overflow in the NeXT RLE decoder in the TIFF library ...)
	{DSA-1137-1}
	- tiff 3.8.2-6
CVE-2006-3461 (Heap-based buffer overflow in the PixarLog decoder in the TIFF library ...)
	{DSA-1137-1}
	- tiff 3.8.2-6
CVE-2006-3460 (Heap-based buffer overflow in the JPEG decoder in the TIFF library ...)
	{DSA-1137-1}
	- tiff 3.8.2-6
CVE-2006-3459 (Multiple stack-based buffer overflows in the TIFF library (libtiff) ...)
	{DSA-1137-1}
	- tiff 3.8.2-6
CVE-2006-3486 (** DISPUTED ** ...)
	- mysql-dfsg-5.0 5.0.22-4 (unimportant; bug #378102)
	[sarge] - mysql-dfsg-4.1 <not-affected> (Vulnerable code not present)
	[sarge] - mysql-dfsg <not-affected> (Vulnerable code not present)
	NOTE: Only DoS possible, only root can trigger this -> non-issue
CVE-2006-3457 (Symantec On-Demand Agent (SODA) before 2.5 MR2 Build 2157, and the ...)
	NOT-FOR-US: Symantec
CVE-2006-3456 (The Symantec NAVOPTS.DLL ActiveX control (aka ...)
	NOT-FOR-US: Symantec
CVE-2006-3455 (The SAVRT.SYS device driver, as used in Symantec AntiVirus Corporate ...)
	NOT-FOR-US: Symantec
CVE-2006-3454 (Multiple format string vulnerabilities in Symantec AntiVirus Corporate ...)
	NOT-FOR-US: Symantec
CVE-2006-3453 (Buffer overflow in Adobe Acrobat 6.0 to 6.0.4 allows remote attackers ...)
	NOT-FOR-US: Adobe acrobat
CVE-2006-3452 (Adobe Reader and Acrobat 6.0.4 and earlier, on Mac OSX, has insecure ...)
	NOT-FOR-US: Adobe acrobat
CVE-2006-3451 (Microsoft Internet Explorer 5 SP4 and 6 do not properly garbage ...)
	NOT-FOR-US: Microsoft
CVE-2006-3450 (Microsoft Internet Explorer 6 allows remote attackers to execute ...)
	NOT-FOR-US: Microsoft
CVE-2006-3449 (Unspecified vulnerability in Microsoft PowerPoint 2000 through 2003, ...)
	NOT-FOR-US: Microsoft
CVE-2006-3448 (Buffer overflow in the Step-by-Step Interactive Training in Microsoft ...)
	NOT-FOR-US: Microsoft
CVE-2006-3447
	RESERVED
CVE-2006-3446
	RESERVED
CVE-2006-3445 (Integer overflow in the ReadWideString function in agentdpv.dll in ...)
	NOT-FOR-US: Microsoft
CVE-2006-3444 (Unspecified vulnerability in the kernel in Microsoft Windows 2000 SP4, ...)
	NOT-FOR-US: Microsoft
CVE-2006-3443 (Untrusted search path vulnerability in Winlogon in Microsoft Windows ...)
	NOT-FOR-US: Microsoft
CVE-2006-3442 (Unspecified vulnerability in Pragmatic General Multicast (PGM) in ...)
	NOT-FOR-US: Microsoft
CVE-2006-3441 (Buffer overflow in the DNS Client service in Microsoft Windows 2000 ...)
	NOT-FOR-US: Microsoft
CVE-2006-3440 (Buffer overflow in the Winsock API in Microsoft Windows 2000 SP4, XP ...)
	NOT-FOR-US: Microsoft
CVE-2006-3439 (Buffer overflow in the Server Service in Microsoft Windows 2000 SP4, ...)
	NOT-FOR-US: Microsoft
CVE-2006-3438 (Unspecified vulnerability in Microsoft Hyperlink Object Library ...)
	NOT-FOR-US: Microsoft
CVE-2006-3437
	RESERVED
CVE-2006-3436 (Cross-site scripting (XSS) vulnerability in Microsoft .NET Framework ...)
	NOT-FOR-US: Microsoft
CVE-2006-3435 (PowerPoint in Microsoft Office 2000, XP, 2003, 2004 for Mac, and v.X ...)
	NOT-FOR-US: Microsoft
CVE-2006-3434 (Unspecified vulnerability in Microsoft Office 2000, XP, 2003, 2004 for ...)
	NOT-FOR-US: Microsoft
CVE-2006-3433
	RESERVED
CVE-2006-3432
	REJECTED
	NOTE: duplicate of CVE-2007-0028
CVE-2006-3431 (Buffer overflow in certain Asian language versions of Microsoft Excel ...)
	NOT-FOR-US: Microsoft Excel
CVE-2006-3430 (SQL injection vulnerability in checkprofile.asp in (1) PatchLink ...)
	NOT-FOR-US: Novell PatchLink Update Server
CVE-2006-3429 (Cross-site scripting (XSS) vulnerability in TigerTom TTCalc 1.0 allows ...)
	NOT-FOR-US: TTCalc
CVE-2006-3428 (Cross-site scripting (XSS) vulnerability in TigerTom TTCalc 1.0 allows ...)
	NOT-FOR-US: TTCalc
CVE-2006-3427 (Microsoft Internet Explorer 6 allows remote attackers to cause a ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2006-3426 (Directory traversal vulnerability in (a) PatchLink Update Server ...)
	NOT-FOR-US: Novell PatchLink Update Server
CVE-2006-3425 (FastPatch for (a) PatchLink Update Server (PLUS) before 6.1 P1 and ...)
	NOT-FOR-US: Novell PatchLink Update Server
CVE-2006-3424 (Multiple buffer overflows in WebEx Downloader ActiveX Control, ...)
	NOT-FOR-US: WebEx Downloader ActiveX Control
CVE-2006-3423 (WebEx Downloader ActiveX Control and WebEx Downloader Java before ...)
	NOT-FOR-US: WebEx Downloader ActiveX Control
CVE-2006-3422 (PHP remote file inclusion vulnerability in WonderEdit Pro CMS allows ...)
	NOT-FOR-US: WonderEdit Pro CMS
CVE-2006-3421 (PHP remote file inclusion vulnerability in SmartSiteCMS 1.0 and ...)
	NOT-FOR-US: SmartSiteCMS
CVE-2006-3420 (Cross-site request forgery (CSRF) vulnerability in editpost.php in ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2006-3419 (Tor before 0.1.1.20 uses OpenSSL pseudo-random bytes ...)
	- tor 0.1.1.20-1
CVE-2006-3418 (Tor before 0.1.1.20 does not validate that a server descriptor's ...)
	- tor 0.1.1.20-1
CVE-2006-3417 (Tor client before 0.1.1.20 prefers entry points based on is_fast or ...)
	- tor 0.1.1.20-1
CVE-2006-3416 (** DISPUTED ** ...)
	- tor 0.1.1.20-1
CVE-2006-3415 (Tor before 0.1.1.20 uses improper logic to validate the &quot;OR&quot; ...)
	- tor 0.1.1.20-1
CVE-2006-3414 (Tor before 0.1.1.20 supports server descriptors that contain hostnames ...)
	- tor 0.1.1.20-1
CVE-2006-3413 (The privoxy configuration file in Tor before 0.1.1.20, when run on ...)
	- tor 0.1.1.20-1
CVE-2006-3412 (Tor before 0.1.1.20 does not sufficiently obey certain firewall ...)
	- tor 0.1.1.20-1
CVE-2006-3411 (TLS handshakes in Tor before 0.1.1.20 generate public-private keys ...)
	- tor 0.1.1.20-1
CVE-2006-3410 (Tor before 0.1.1.20 creates &quot;internal circuits&quot; primarily consisting ...)
	- tor 0.1.1.20-1
CVE-2006-3409 (Integer overflow in Tor before 0.1.1.20 allows remote attackers to ...)
	- tor 0.1.1.20-1
CVE-2006-3408 (Unspecified vulnerability in the directory server (dirserver) in Tor ...)
	- tor 0.1.1.20-1
CVE-2006-3407 (Tor before 0.1.1.20 allows remote attackers to spoof log entries or ...)
	- tor 0.1.1.20-1
CVE-2006-3406 (Directory traversal vulnerability in qtofm.php in QTOFileManager 1.0 ...)
	NOT-FOR-US: QTOFileManager
CVE-2006-3405 (Cross-site scripting (XSS) vulnerability in qtofm.php in ...)
	NOT-FOR-US: QTOFileManager
CVE-2006-3403 (The smdb daemon (smbd/service.c) in Samba 3.0.1 through 3.0.22 allows remote ...)
	{DSA-1110}
	- samba 3.0.23a-1 (bug #378070)
CVE-2006-3402 (SQL injection vulnerability in VirtuaStore 2.0 allows remote attackers ...)
	NOT-FOR-US: VirtuaStore
CVE-2006-3401 (Stack-based buffer overflow in Quake 3 Engine as used by Quake 3: ...)
	NOT-FOR-US: Quake 3
CVE-2006-3400 (Stack-based buffer overflow in the CG_ServerCommand function in Quake ...)
	NOT-FOR-US: Soldier of Fortune 2
CVE-2006-3399 (Cross-site scripting (XSS) vulnerability in wiki.php in MoniWiki ...)
	NOT-FOR-US: MoniWiki
CVE-2006-3398 (The &quot;change password forms&quot; in Taskjitsu before 2.0.1 includes ...)
	NOT-FOR-US: Taskjitsu
CVE-2006-3397 (Multiple cross-site scripting (XSS) vulnerabilities in Taskjitsu ...)
	NOT-FOR-US: Taskjitsu
CVE-2006-3396 (PHP remote file inclusion vulnerability in galleria.html.php in ...)
	NOT-FOR-US: Galleria Mambo Module
CVE-2006-3395 (PHP remote file inclusion vulnerability in top.php in SiteBuilder-FX ...)
	NOT-FOR-US: SiteBuilder-FX
CVE-2006-3394 (SQL injection vulnerability in the files mod in index.php in BXCP ...)
	NOT-FOR-US: BXCP
CVE-2006-3393 (Papyrus NASCAR Racing 4 4.1.3.1.6 and earlier, 2002 Season 1.1.0.2 and ...)
	NOT-FOR-US: Papyrus NASCAR Racing
CVE-2006-3392 (Webmin before 1.290 and Usermin before 1.220 calls the simplify_path ...)
	{DSA-1199-1}
	- webmin <removed> (medium; bug #381537)
CVE-2006-3391 (The Execute function in iMBCContents ActiveX Control before 2.0.0.59 ...)
	NOT-FOR-US: iMBCContents
CVE-2006-3390 (WordPress 2.0.3 allows remote attackers to obtain the installation ...)
	- wordpress <unfixed> (unimportant)
CVE-2006-3389 (index.php in WordPress 2.0.3 allows remote attackers to obtain ...)
	- wordpress <unfixed> (unimportant)
CVE-2006-3388 (Cross-site scripting (XSS) vulnerability in phpMyAdmin before 2.8.2 ...)
	- phpmyadmin 4:2.8.2-0.1 (bug #377748; low)
	[sarge] - phpmyadmin <not-affected> (Vulnerable code not present)
CVE-2006-3387 (Directory traversal vulnerability in sources/post.php in Fusion News ...)
	NOT-FOR-US: Fusion News
CVE-2006-3386 (index.php in Vincent Leclercq News 5.2 allows remote attackers to ...)
	NOT-FOR-US: Vincent Leclercq News
CVE-2006-3385 (Cross-site scripting (XSS) vulnerability in divers.php in Vincent ...)
	NOT-FOR-US: Vincent Leclercq News
CVE-2006-3384 (SQL injection vulnerability in divers.php in Vincent Leclercq News 5.2 ...)
	NOT-FOR-US: Vincent Leclercq News
CVE-2006-3383 (Cross-site scripting (XSS) vulnerability in index.php in mAds 1.0 ...)
	NOT-FOR-US: mAds
CVE-2006-3382 (Cross-site scripting (XSS) vulnerability in search.php in mAds 1.0 ...)
	NOT-FOR-US: mAds
CVE-2006-3381 (SturGeoN Upload allows remote attackers to execute arbitrary PHP code ...)
	NOT-FOR-US: SturGeoN
CVE-2006-3380 (Algorithmic complexity vulnerability in FreeStyle Wiki before 3.6.2 ...)
	NOT-FOR-US: FreeStyle Wiki
CVE-2006-3379 (Algorithmic complexity vulnerability in Hiki Wiki 0.6.0 through 0.6.5 ...)
	{DSA-1119}
	- hiki 0.8.6-1 (bug #378059; low)
CVE-2006-3378 (passwd command in shadow in Ubuntu 5.04 through 6.06 LTS, when called ...)
	{DSA-1150-1}
	- shadow 1:4.0.14-1 (bug #379174)
CVE-2006-3377 (Cross-site scripting (XSS) vulnerability in JMB Software AutoRank PHP ...)
	NOT-FOR-US: JMB Software AutoRank PHP
CVE-2006-3376 (Integer overflow in player.c in libwmf 0.2.8.4, as used in multiple ...)
	{DSA-1194-1}
	- libwmf 0.2.8.4-2 (bug #381538; medium)
CVE-2006-3375 (PHP remote file inclusion vulnerability in includes/header.inc.php in ...)
	NOT-FOR-US: Randshop
CVE-2006-3374 (PHP remote file inclusion vulnerability in index.php in Randshop 1.2 ...)
	NOT-FOR-US: Randshop
CVE-2006-3373 (Unspecified vulnerability in the client/bin/logfetch script in Hobbit ...)
	NOT-FOR-US: Hobbit
CVE-2006-3372 (Apple Safari 2.0.4/419.3 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Apple Safari
CVE-2006-3371 (Eupla Foros 1.0 stores the inc/config.inc file under the web document ...)
	NOT-FOR-US: Eupla Foros
CVE-2006-3370 (Blueboy 1.0.3 stores bb_news_config.inc under the web document root ...)
	NOT-FOR-US: Blueboy
CVE-2006-3369 (Kamikaze-QSCM 0.1 stores config.inc under the web document root with ...)
	NOT-FOR-US: Kamikaze-QSCM
CVE-2006-3368 (Efone 20000723 stores config.inc under the web document root with ...)
	NOT-FOR-US: Efone
CVE-2006-3367 (Mp3 JudeBox Server (Mp3NetBox) Beta 1 stores config.inc under the web ...)
	NOT-FOR-US: Mp3NetBox
CVE-2006-3366 (Multiple cross-site scripting (XSS) vulnerabilities in V3 Chat allow ...)
	NOT-FOR-US: V3 Chat
CVE-2006-3365 (V3 Chat allows remote attackers to obtain the installation path via ...)
	NOT-FOR-US: V3 Chat
CVE-2006-3364 (SQL injection vulnerability in index.php in the NP_SEO plugin in ...)
	NOT-FOR-US: BLOG:CMS
CVE-2006-3363 (PHP remote file inclusion vulnerability in index.php in the Glossaire ...)
	NOT-FOR-US: Glossaire for Xoops
CVE-2006-3362 (connectors/php/connector.php in FCKeditor mcpuk file manager, as used ...)
	- knowledgeroot <not-affected> (fixed before first upload; see bug #381912)
CVE-2006-3361 (PHP remote file inclusion vulnerability in Stud.IP 1.3.0-2 and ...)
	NOT-FOR-US: Stud.IP
CVE-2006-3360 (Directory traversal vulnerability in index.php in phpSysInfo 2.5.1 ...)
	- phpsysinfo <unfixed> (unimportant)
	- egroupware <unfixed> (unimportant)
	- phpgroupware <unfixed> (unimportant)
	NOTE: Only the existence of files inside the WWW root is leaked. If this is
	NOTE: a threat to your setup you most probably shouldn't install a script which
	NOTE: exposes all your system data, either.
CVE-2006-3359 (Multiple SQL injection vulnerabilities in index.php in NewsPHP 2006 ...)
	NOT-FOR-US: NewsPHP
CVE-2006-3358 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...)
	NOT-FOR-US: NewsPHP
CVE-2006-3357 (Heap-based buffer overflow in HTML Help ActiveX control (hhctrl.ocx) ...)
	NOT-FOR-US: HTML Help ActiveX control
CVE-2006-3356 (The TIFFFetchAnyArray function in ImageIO in Apple OS X 10.4.7 and ...)
	NOT-FOR-US: Apple
CVE-2006-3355 (Heap-based buffer overflow in httpdget.c in mpg123 before 0.59s-rll ...)
	- mpg123 0.60-1 (bug #377264; medium)
	[sarge] - mpg123 <no-dsa> (Non-free not supported)
CVE-2006-3354 (Microsoft Internet Explorer 6 allows remote attackers to cause a ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2006-3353 (Opera 9 allows remote attackers to cause a denial of service (crash) ...)
	NOT-FOR-US: Opera
CVE-2006-3352 (** DISPUTED ** ...)
	NOTE: firefox, but invalid
CVE-2006-3351 (Buffer overflow in Windows Explorer (explorer.exe) on Windows XP and ...)
	NOT-FOR-US: Windows Explorer
CVE-2006-3695 (Trac before 0.9.6 does not disable the &quot;raw&quot; or &quot;include&quot; commands ...)
	{DSA-1152}
	- trac 0.9.6-1 (medium)
	[sarge] - trac 0.8.1-3sarge5
CVE-2006-3458 (Zope 2.7.0 to 2.7.8, 2.8.0 to 2.8.7, and 2.9.0 to 2.9.3 (Zope2) does ...)
	{DSA-1113}
	- zope2.7 <removed> (bug #377285; medium)
	- zope2.8 2.8.7-2 (bug #377277; medium)
	- zope2.9 2.9.3-3 (bug #377286; medium)
CVE-2006-3404 (Buffer overflow in the xcf_load_vector function in app/xcf/xcf-load.c ...)
	{DSA-1116}
	- gimp 2.2.11-3.1 (bug #377049; medium)
CVE-2006-3350 (Stack-based buffer overflow in AutoVue SolidModel Professional Desktop ...)
	NOT-FOR-US: AutoVue SolidModel Professional Desktop
CVE-2006-3349 (Multiple SQL injection vulnerabilities in SmS Script allow remote ...)
	NOT-FOR-US: SmS Script
CVE-2006-3348 (Multiple SQL injection vulnerabilities in HSPcomplete 3.2.2 and 3.3 ...)
	NOT-FOR-US: HSPcomplete
CVE-2006-3347 (SQL injection vulnerability in index.php in deV!Lz Clanportal DZCP ...)
	NOT-FOR-US: deV!Lz Clanportal DZCP
CVE-2006-3346 (SQL injection vulnerability in tree.php in MyNewsGroups 0.6 allows ...)
	NOT-FOR-US: MyNewsGroups
CVE-2006-3345 (Cross-site scripting (XSS) vulnerability in AliPAGER, possibly 1.5 and ...)
	NOT-FOR-US: AliPAGER
CVE-2006-3344 (Siemens Speedstream Wireless Router 2624 allows local users to bypass ...)
	NOT-FOR-US: Siemens Speedstream Wireless Router
CVE-2006-3343 (PHP remote file inclusion vulnerability in recipe/cookbook.php in ...)
	NOT-FOR-US: CrisoftRicette
CVE-2006-3342 (Cross-site scripting (XSS) vulnerability in index.php in Arctic 1.0.2 ...)
	NOT-FOR-US: Arctic
CVE-2006-3341 (SQL injection vulnerability in annonces-p-f.php in MyAds module 2.04jp ...)
	NOT-FOR-US: MyAds module for Xoops
CVE-2006-3340 (Multiple PHP remote file inclusion vulnerabilities in Pearl For Mambo ...)
	NOT-FOR-US: Pearl For Mambo
CVE-2006-3339 (secure/ConfigureReleaseNote.jspa in Atlassian JIRA 3.6.2-#156 allows ...)
	NOT-FOR-US: Atlassian
CVE-2006-3338 (Cross-site scripting (XSS) vulnerability in Atlassian JIRA 3.6.2-#156 ...)
	NOT-FOR-US: Atlassian
CVE-2006-3337 (Cross-site scripting (XSS) vulnerability in ...)
	NOT-FOR-US: cPanel (not the Chinese language tool in Debian)
CVE-2006-3336 (TWiki 01-Dec-2000 up to 4.0.3 allows remote attackers to bypass the ...)
	- twiki 1:4.0.4-3 (low; bug #381907)
	NOTE: only in some server configurations
CVE-2006-3335 (Unspecified vulnerability in mkdir in HP-UX B.11.00, B.11.04, B.11.11, ...)
	NOT-FOR-US: HP-UX
CVE-2006-3334 (Buffer overflow in the png_decompress_chunk function in pngrutil.c in ...)
	- libpng 1.2.8rel-5.2 (bug #377298; bug #397892; unimportant)
	NOTE: A static 50 char array consumes 13 machine words on 32bit archs, so the overflow
	NOTE: cannot overwrite other memory sections
CVE-2006-3333 (Cross-site scripting (XSS) vulnerability in index.php in Zorum Forum ...)
	NOT-FOR-US: Zorum Forum
CVE-2006-3332 (SQL injection vulnerability in index.php in Zorum Forum 3.5 allows ...)
	NOT-FOR-US: Zorum Forum
CVE-2006-3331 (Opera before 9.0 does not reset the SSL security bar after displaying ...)
	NOT-FOR-US: Opera
CVE-2006-3330 (Cross-site scripting (XSS) vulnerability in AddAsset1.php in PHP/MySQL ...)
	NOT-FOR-US: PHP/MySQL Classifieds
CVE-2006-3329 (SQL injection vulnerability in search.php in PHP/MySQL Classifieds ...)
	NOT-FOR-US: PHP/MySQL Classifieds
CVE-2006-3328 (new_ticket.cgi in Hostflow 2.2.1-15 allows remote attackers to steal ...)
	NOT-FOR-US: Hostflow
CVE-2006-3327 (Cross-site scripting (XSS) vulnerability in Custom dating biz dating ...)
	NOT-FOR-US: Custom dating biz dating script
CVE-2006-3326 (Directory traversal vulnerability in QuickZip 3.06.3 allows remote ...)
	NOT-FOR-US: QuickZip
CVE-2006-3325 (client/cl_parse.c in the id3 Quake 3 Engine 1.32c and the Icculus ...)
	NOT-FOR-US: Quake 3
CVE-2006-3324 (The Automatic Downloading option in the id3 Quake 3 Engine and the ...)
	NOT-FOR-US: Quake 3
CVE-2006-3323 (PHP remote file inclusion vulnerability in admin/admin.php in MF ...)
	NOT-FOR-US: MF Piadas
CVE-2006-3322 (SQL injection vulnerability in includes/functions_logging.php in ...)
	NOT-FOR-US: phpRaid
CVE-2006-3321 (Multiple cross-site scripting (XSS) vulnerabilities in openforum.asp ...)
	NOT-FOR-US: OpenForum
CVE-2006-3320 (Cross-site scripting (XSS) vulnerability in command.php in SiteBar ...)
	{DSA-1130-1}
	- sitebar 3.3.8-1.1 (bug #377299; low)
CVE-2006-3319 (Cross-site scripting (XSS) vulnerability in rss/index.php in PHP ...)
	NOT-FOR-US: PHP iCalendar
CVE-2006-3318 (SQL injection vulnerability in register.php for phpRaid 3.0.6 and ...)
	NOT-FOR-US: phpRaid
CVE-2006-3317 (PHP remote file inclusion vulnerability in phpRaid 3.0.6 allows remote ...)
	NOT-FOR-US: phpRaid
CVE-2006-3316 (Multiple PHP remote file inclusion vulnerabilities in phpRaid 3.0.5 ...)
	NOT-FOR-US: phpRaid
CVE-2006-3315 (PHP remote file inclusion vulnerability in page.php in an unspecified ...)
	NOT-FOR-US: "unspecified RahnemaCo.com product, possibly eShop"
CVE-2006-3314 (PHP remote file inclusion vulnerability in page.php in an unspecified ...)
	NOT-FOR-US: "unspecified RahnemaCo.com product, possibly eShop"
CVE-2006-3313 (Cross-site scripting (XSS) vulnerability in search.jsp in Netsoft ...)
	NOT-FOR-US: Netsoft smartNet
CVE-2006-3312 (Multiple cross-site scripting (XSS) vulnerabilities in ashmans and ...)
	NOT-FOR-US: QaTraq
CVE-2006-3311 (Buffer overflow in Adobe Flash Player 8.0.24.0 and earlier, Flash ...)
	- flashplugin-nonfree 7.0.68.0.1
	[sarge] - flashplugin-nonfree <no-dsa> (Contrib not supported)
CVE-2006-3310
	RESERVED
CVE-2006-3309 (SQL injection vulnerability in SPT--ForumTopics.php in Scout Portal ...)
	NOT-FOR-US: Scout Portal
CVE-2006-3308 (Unspecified vulnerability in the wpprop code for Project EROS ...)
	NOT-FOR-US: bbsengine
CVE-2006-3307 (Multiple SQL injection vulnerabilities in Project EROS bbsengine ...)
	NOT-FOR-US: bbsengine
CVE-2006-3306 (Cross-site scripting (XSS) vulnerability in the preparestring funtion ...)
	NOT-FOR-US: bbsengine
CVE-2006-3305 (Multiple cross-site scripting (XSS) vulnerabilities in UebiMiau ...)
	NOT-FOR-US: UebiMiau
CVE-2006-3304 (SQL injection vulnerability in cp.php in DeluxeBB 1.07 and earlier ...)
	NOT-FOR-US: DeluxeBB
CVE-2006-3303 (Multiple cross-site scripting (XSS) vulnerabilities in pm.php in ...)
	NOT-FOR-US: DeluxeBB
CVE-2006-3302 (PHP remote file inclusion vulnerability in mod_cbsms.php in CBSMS ...)
	NOT-FOR-US: CBSMS Mambo module
CVE-2006-3301 (Multiple cross-site scripting (XSS) vulnerabilities in phpQLAdmin ...)
	- phpqladmin <removed> (bug #376442; low)
CVE-2006-3300 (PHP remote file inclusion vulnerability in sms_config/gateway.php in ...)
	NOT-FOR-US: phpmysms
CVE-2006-3299 (Cross-site scripting (XSS) vulnerability in index.php in Usenet Script ...)
	NOT-FOR-US: Usenet Script
CVE-2006-3298 (Yahoo! Messenger 7.5.0.814 and 7.0.438 allows remote attackers to ...)
	NOT-FOR-US: Offical Yahoo! Messenger client
CVE-2006-3297 (Cross-site scripting (XSS) vulnerability in error.php in UebiMiau ...)
	NOT-FOR-US: UebiMiau
CVE-2006-3296 (SQL injection vulnerability in view.php in Open Guestbook 0.5 allows ...)
	NOT-FOR-US: Open Guestbook
CVE-2006-3295 (Cross-site scripting (XSS) vulnerability in header.php in Open ...)
	NOT-FOR-US: Open Guestbook
CVE-2006-3294 (PHP remote file inclusion vulnerability in mod_cbsms_messages.php in ...)
	NOT-FOR-US: CBSMS Mambo module
CVE-2006-3293 (parse_notice (TiCPU) in EnergyMech (emech) before 3.0.2 allows remote ...)
	NOT-FOR-US: EnergyMech
CVE-2006-3292 (SQL injection vulnerability in the Search gadget in Jaws 0.6.2 allows ...)
	NOT-FOR-US: Jaws
CVE-2006-3291 (The web interface on Cisco IOS 12.3(8)JA and 12.3(8)JA1, as used on ...)
	NOT-FOR-US: Cisco
CVE-2006-3290 (HTTP server in Cisco Wireless Control System (WCS) for Linux and ...)
	NOT-FOR-US: Cisco
CVE-2006-3289 (Cross-site scripting (XSS) vulnerability in the login page of the HTTP ...)
	NOT-FOR-US: Cisco
CVE-2006-3288 (Unspecified vulnerability in the TFTP server in Cisco Wireless Control ...)
	NOT-FOR-US: Cisco
CVE-2006-3287 (Cisco Wireless Control System (WCS) for Linux and Windows 4.0(1) and ...)
	NOT-FOR-US: Cisco
CVE-2006-3286 (The internal database in Cisco Wireless Control System (WCS) for Linux ...)
	NOT-FOR-US: Cisco
CVE-2006-3285 (The internal database in Cisco Wireless Control System (WCS) for Linux ...)
	NOT-FOR-US: Cisco
CVE-2006-3284 (Cross-site scripting (XSS) vulnerability in Dating Agent PRO 4.7.1 ...)
	NOT-FOR-US: Dating Agent PRO
CVE-2006-3283 (SQL injection vulnerability in Dating Agent PRO 4.7.1 allows remote ...)
	NOT-FOR-US: Dating Agent PRO
CVE-2006-3282 (requirements.php in Dating Agent PRO 4.7.1 allows remote attackers to ...)
	NOT-FOR-US: Dating Agent PRO
CVE-2006-3281 (Microsoft Internet Explorer 6.0 does not properly handle Drag and Drop ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2006-3280 (Cross-domain vulnerability in Microsoft Internet Explorer 6.0 allows ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2006-3279 (Cross-site scripting (XSS) vulnerability in aeDating 4.1 allows remote ...)
	NOT-FOR-US: aeDating
CVE-2006-3278 (Cross-site scripting (XSS) vulnerability in H-Sphere 2.5.1 Beta 1 and ...)
	NOT-FOR-US: H-Sphere
CVE-2006-3277 (The SMTP service of MailEnable Standard 1.92 and earlier, Professional ...)
	NOT-FOR-US: MailEnable
CVE-2006-3276 (Heap-based buffer overflow in RealNetworks Helix DNA Server 10.0 and ...)
	NOT-FOR-US: Helix DNA Server
CVE-2006-3275 (SQL injection vulnerability in profile.php in YaBB SE 1.5.5 and ...)
	NOT-FOR-US: YaBB
CVE-2006-3274 (Directory traversal vulnerability in Webmin before 1.280, when run on ...)
	- webmin <not-affected> (only windows)
CVE-2006-3273 (Cross-site scripting (XSS) vulnerability in menu.php in Some Chess 1.5 ...)
	NOT-FOR-US: Some Chess
CVE-2006-3272 (Cross-site request forgery (CSRF) vulnerability in menu.php in Some ...)
	NOT-FOR-US: Some Chess
CVE-2006-3271 (Multiple SQL injection vulnerabilities in Softbiz Dating 1.0 allow ...)
	NOT-FOR-US: Softbiz Dating
CVE-2006-3270 (SQL injection vulnerability in cms_admin.php in THoRCMS 1.3.1 allows ...)
	NOT-FOR-US: THoRCMS
CVE-2006-3269 (PHP remote file inclusion vulnerability in includes/functions_cms.php ...)
	NOT-FOR-US: THoRCMS
CVE-2006-3268 (Unspecified vulnerability in the Windows Client API in Novell ...)
	NOT-FOR-US: Novell GroupWise
CVE-2006-3267 (SQL injection vulnerability in index.php in Infinite Core Technologies ...)
	NOT-FOR-US: Infinite Core Technologies
CVE-2006-3266 (Multiple PHP remote file inclusion vulnerabilities in Bee-hive Lite ...)
	NOT-FOR-US: Bee-hive
CVE-2006-3265 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...)
	NOT-FOR-US: Qdig
CVE-2006-3264 (Cross-site scripting (XSS) vulnerability in mclient.cgi in Namo ...)
	NOT-FOR-US: Namo DeepSearch
CVE-2006-3263 (SQL injection vulnerability in the Weblinks module (weblinks.php) in ...)
	- mambo 4.5.3h-2 (medium)
CVE-2006-3262 (SQL injection vulnerability in the Weblinks module (weblinks.php) in ...)
	- mambo 4.5.3h-2 (medium)
CVE-2006-3261 (Cross-site scripting (XSS) vulnerability in Trend Micro Control ...)
	NOT-FOR-US: Trend Micro Control Manager
CVE-2006-3260 (Cross-site scripting (XSS) vulnerability in index.php in vlbook 1.02 ...)
	NOT-FOR-US: vlbook
CVE-2006-3259 (Multiple cross-site scripting (XSS) vulnerabilities in e107 0.7.5 ...)
	NOT-FOR-US: e107
CVE-2006-3258 (Multiple cross-site scripting (XSS) vulnerabilities in index.html in ...)
	NOT-FOR-US: BNBT TrinEdit and EasyTracker
CVE-2006-3257 (Multiple cross-site scripting (XSS) vulnerabilities in Claroline 1.7.7 ...)
	NOT-FOR-US: Claroline
CVE-2006-3256 (SQL injection vulnerability in report.php in Woltlab Burning Board ...)
	NOT-FOR-US: Woltlab Burning Board
CVE-2006-3255 (SQL injection vulnerability in showmods.php in Woltlab Burning Board ...)
	NOT-FOR-US: Woltlab Burning Board
CVE-2006-3254 (SQL injection vulnerability in newthread.php in Woltlab Burning Board ...)
	NOT-FOR-US: Woltlab Burning Board
CVE-2006-3253 (** DISPUTED ** ...)
	NOT-FOR-US: vBulletin
CVE-2006-3252 (Buffer overflow in the Online Registration Facility for Algorithmic ...)
	NOT-FOR-US: Algorithmic Research PrivateWire VPN
CVE-2006-3251 (Heap-based buffer overflow in the array_push function in hashcash.c ...)
	{DSA-1114}
	- hashcash 1.21 (bug #376444)
CVE-2006-3250 (Heap-based buffer overflow in Windows Live Messenger 8.0 allows ...)
	NOT-FOR-US: Windows Live Messenger
CVE-2006-3249 (** DISPUTED ** ...)
	NOT-FOR-US: Phorum
CVE-2006-3248
	REJECTED
CVE-2006-3247 (Multiple cross-site scripting (XSS) vulnerabilities in show.php in ...)
	NOT-FOR-US: GL-SH Deaf Forum
CVE-2006-3246 (Cross-site scripting (XSS) vulnerability in show.php in GL-SH Deaf ...)
	NOT-FOR-US: GL-SH Deaf Forum
CVE-2006-3245 (Multiple cross-site scripting (XSS) vulnerabilities in activatemember ...)
	NOT-FOR-US: mvnForum
CVE-2006-3244 (Multiple SQL injection vulnerabilities in Anthill 0.2.6 and earlier ...)
	NOT-FOR-US: Anthill
CVE-2006-3243 (SQL injection vulnerability in usercp.php in MyBB (MyBulletinBoard) ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2006-3242 (Stack-based buffer overflow in the browse_get_namespace function in ...)
	{DSA-1108}
	- mutt 1.5.11+cvs20060403-2 (low; bug #375828)
CVE-2006-3241 (Cross-site scripting (XSS) vulnerability in messages.php in XennoBB ...)
	NOT-FOR-US: XennoBB
CVE-2006-3240 (Cross-site scripting (XSS) vulnerability in classes/ui.class.php in ...)
	NOT-FOR-US: dotProject
CVE-2006-3239 (SQL injection vulnerability in message.php in VBZooM 1.11 and earlier ...)
	NOT-FOR-US: VBZooM
CVE-2006-3238 (Multiple SQL injection vulnerabilities in VBZooM 1.00 and earlier ...)
	NOT-FOR-US: VBZooM
CVE-2006-3237 (Cross-site scripting (XSS) vulnerability in index.php in Enterprise ...)
	NOT-FOR-US: Enterprise Groupware System
CVE-2006-3236 (Multiple SQL injection vulnerabilities in thinkWMS 1.0 and earlier ...)
	NOT-FOR-US: thinkWMS
CVE-2006-3235 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...)
	NOT-FOR-US: FineShop
CVE-2006-3234 (Multiple SQL injection vulnerabilities in index.php in FineShop 3.0 ...)
	NOT-FOR-US: FineShop
CVE-2006-3233 (Cross-site scripting (XSS) vulnerability in openwebmail-read.pl in ...)
	NOT-FOR-US: OpenWebMail
CVE-2006-3232 (Unspecified vulnerability in IBM WebSphere Application Server before ...)
	NOT-FOR-US: IBM WebSphere
CVE-2006-3231 (Unspecified vulnerability in IBM WebSphere Application Server (WAS) ...)
	NOT-FOR-US: IBM WebSphere
CVE-2006-3230 (Cross-site scripting (XSS) vulnerability in index.tmpl in Azureus ...)
	NOT-FOR-US: Azureus plugin that isn't distributed by default
CVE-2006-3229 (Cross-site scripting (XSS) vulnerability in Open WebMail (OWM) 2.52, ...)
	NOT-FOR-US: OpenWebMail
CVE-2006-3228 (Buffer overflow in in_midi.dll for WinAmp 2.90 up to 5.23, including ...)
	NOT-FOR-US: WinAmp
CVE-2006-3227 (Interpretation conflict between Internet Explorer and other web ...)
	NOT-FOR-US: Internet Explorer
CVE-2006-3226 (Cisco Secure Access Control Server (ACS) 4.x for Windows uses the ...)
	NOT-FOR-US: Cisco
CVE-2006-3225 (Cross-site scripting (XSS) vulnerability in Sun ONE Application Server ...)
	NOT-FOR-US: Sun ONE Application Server
CVE-2006-3224 (Apple Safari 2.0.3 (417.9.3) on Mac OS X 10.4.6 allows remote ...)
	NOT-FOR-US: Apple Safari
CVE-2006-3223 (Format string vulnerability in CA Integrated Threat Management (ITM), ...)
	NOT-FOR-US: CA Integrated Threat Management (ITM), eTrust Antivirus (eAV), and eTrust PestPatrol (ePP)
CVE-2006-3222 (The FTP proxy module in Fortinet FortiOS (FortiGate) before 2.80 MR12 ...)
	NOT-FOR-US: Fortinet FortiOS
CVE-2006-3221 (SQL injection vulnerability in index.php in DataLife Engine 4.1 and ...)
	NOT-FOR-US: DataLife
CVE-2006-3220 (SQL injection vulnerability in studienplatztausch.php in Woltlab ...)
	NOT-FOR-US: Woltlab Burning Board
CVE-2006-3219 (SQL injection vulnerability in thread.php in Woltlab Burning Board ...)
	NOT-FOR-US: Woltlab Burning Board
CVE-2006-3218 (SQL injection vulnerability in profile.php in Woltlab Burning Board ...)
	NOT-FOR-US: Woltlab Burning Board
CVE-2006-3217 (JaguarEditControl (JEdit) ActiveX Control 1.1.0.20 and earlier allows ...)
	NOT-FOR-US: JaguarEditControl
CVE-2006-3216 (Clearswift MAILsweeper for SMTP before 4.3.20 and MAILsweeper for ...)
	NOT-FOR-US: MAILsweeper
CVE-2006-3215 (Clearswift MAILsweeper for SMTP before 4.3.20 and MAILsweeper for ...)
	NOT-FOR-US: MAILsweeper
CVE-2006-3214 (Unspecified vulnerability in Hitachi Groupmax Address Server 7 and ...)
	NOT-FOR-US: Hitachi Groupmax
CVE-2006-3213 (SQL injection vulnerability in WeBBoA Hosting 1.1 allows remote ...)
	NOT-FOR-US: WeBBoA Hosting
CVE-2006-3212 (Cross-site scripting (XSS) vulnerability in sign.php in cjGuestbook ...)
	NOT-FOR-US: cjGuestbook
CVE-2006-3211 (Cross-site scripting (XSS) vulnerability in sign.php in cjGuestbook ...)
	NOT-FOR-US: cjGuestbook
CVE-2006-3210 (Ralf Image Gallery (RIG) 0.7.4 and other versions before 1.0, when ...)
	NOT-FOR-US: Ralf Image Gallery
CVE-2006-3209 (** DISPUTED ** The Task scheduler (at.exe) on Microsoft Windows XP ...)
	NOT-FOR-US: Microsoft Windows
CVE-2006-3208 (Direct static code injection vulnerability in Ultimate PHP Board (UPB) ...)
	NOT-FOR-US: Ultimate PHP Board
CVE-2006-3207 (Directory traversal vulnerability in newpost.php in Ultimate PHP Board ...)
	NOT-FOR-US: Ultimate PHP Board
CVE-2006-3206 (register.php in Ultimate PHP Board (UPB) 1.9.6 and earlier allows ...)
	NOT-FOR-US: Ultimate PHP Board
CVE-2006-3205 (Ultimate PHP Board (UPB) 1.9.6 and earlier allows remote attackers to ...)
	NOT-FOR-US: Ultimate PHP Board
CVE-2006-3204 (Ultimate PHP Board (UPB) 1.9.6 and earlier uses a cryptographically ...)
	NOT-FOR-US: Ultimate PHP Board
CVE-2006-3203 (The installation of Ultimate PHP Board (UPB) 1.9.6 and earlier ...)
	NOT-FOR-US: Ultimate PHP Board
CVE-2006-3202 (The ip6_savecontrol function in NetBSD 2.0 through 3.0, under certain ...)
	NOT-FOR-US: NetBSD's KAME stack
CVE-2006-3201 (Unspecified vulnerability in the kernel in HP-UX B.11.00, B.11.11, and ...)
	NOT-FOR-US: HP-UX
CVE-2006-3200 (Unspecified versions of Internet Explorer allow remote attackers to ...)
	NOT-FOR-US: Internet Explorer
CVE-2006-3199 (Opera 9 allows remote attackers to cause a denial of service (crash) ...)
	NOT-FOR-US: Opera
CVE-2006-3198 (Integer overflow in Opera 8.54 and earlier allows remote attackers to ...)
	NOT-FOR-US: Opera
CVE-2006-3197 (Cross-site scripting (XSS) vulnerability in Invision Power Board (IPB) ...)
	NOT-FOR-US: Invision Power Board
CVE-2006-3196 (index.php in singapore 0.10.0 and earlier allows remote attackers to ...)
	NOT-FOR-US: singapore
CVE-2006-3195 (Cross-site scripting (XSS) vulnerability in index.php in singapore ...)
	NOT-FOR-US: singapore
CVE-2006-3194 (Directory traversal vulnerability in index.php in singapore 0.10.0 and ...)
	NOT-FOR-US: singapore
CVE-2006-3193 (Multiple PHP remote file inclusion vulnerabilities in Grayscale ...)
	NOT-FOR-US: BandSite
CVE-2006-3192 (PHP remote file inclusion vulnerability in Ad Manager Pro 2.6 allows ...)
	NOT-FOR-US: Ad Manager
CVE-2006-3191 (Cross-site scripting (XSS) vulnerability in comment.php in MPCS 0.2 ...)
	NOT-FOR-US: MPCS
CVE-2006-3190 (SQL injection vulnerability in administration/includes/login/auth.php ...)
	NOT-FOR-US: HotPlug CMS
CVE-2006-3189 (Cross-site scripting (XSS) vulnerability in ...)
	NOT-FOR-US: HotPlug CMS
CVE-2006-3188 (Multiple SQL injection vulnerabilities in Sharky e-shop 3.05 and ...)
	NOT-FOR-US: Sharky e-shop
CVE-2006-3187 (Multiple cross-site scripting (XSS) vulnerabilities in Sharky e-shop ...)
	NOT-FOR-US: Sharky e-shop
CVE-2006-3186 (Multiple cross-site scripting (XSS) vulnerabilities in CMS Faethon ...)
	NOT-FOR-US: CMS Faethon
CVE-2006-3185 (PHP remote file inclusion vulnerability in data/header.php in CMS ...)
	NOT-FOR-US: CMS Faethon
CVE-2006-3184 (Direct static code injection vulnerability in ASP Stats Generator ...)
	NOT-FOR-US: ASP Stats Generator
CVE-2006-3183 (Cross-site scripting (XSS) vulnerability in index.php in MobeScripts ...)
	NOT-FOR-US: Mobile Space Community
CVE-2006-3182 (Directory traversal vulnerability in index.php in MobeScripts Mobile ...)
	NOT-FOR-US: Mobile Space Community
CVE-2006-3181 (SQL injection vulnerability in index.php in MobeScripts Mobile Space ...)
	NOT-FOR-US: Mobile Space Community
CVE-2006-3180 (Cross-site scripting (XSS) vulnerability in ftp_index.php in Confixx ...)
	NOT-FOR-US: Confixx Pro
CVE-2006-3179 (Cross-site scripting (XSS) vulnerability in tools_ftp_pwaendern.php in ...)
	NOT-FOR-US: Confixx Pro
CVE-2006-3178 (Directory traversal vulnerability in extract_chmLib example program in ...)
	{DSA-1144-1}
	- chmlib 0.38-1 (bug #374085; low)
CVE-2006-3177 (PHP remote file inclusion vulnerability in Admin/rtf_parser.php in The ...)
	NOT-FOR-US: The Bible Portal Project
CVE-2006-3176 (SQL injection vulnerability in xarancms_haupt.php in xarancms 2.0 ...)
	NOT-FOR-US: xarancms
CVE-2006-3175 (Multiple PHP remote file inclusion vulnerabilities in mcGuestbook 1.3 ...)
	NOT-FOR-US: mcGuestbook
CVE-2006-3174 (Cross-site scripting (XSS) vulnerability in search.php in SquirrelMail ...)
	- squirrelmail 2:1.4.7-1 (bug #375782; unimportant)
	NOTE: Operation with registers_globals not supported
CVE-2006-3173 (Multiple PHP remote file inclusion vulnerabilities in Content*Builder ...)
	NOT-FOR-US: Content*Builder
CVE-2006-3172 (Multiple PHP remote file inclusion vulnerabilities in Content*Builder ...)
	NOT-FOR-US: Content*Builder
CVE-2006-3171 (CRLF injection vulnerability in CS-Forum before 0.82 allows remote ...)
	NOT-FOR-US: CS-Forum
CVE-2006-3170 (CS-Forum before 0.82 allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: CS-Forum
CVE-2006-3169 (Multiple cross-site scripting (XSS) vulnerabilities in CS-Forum 0.81 ...)
	NOT-FOR-US: CS-Forum
CVE-2006-3168 (SQL injection vulnerability in CS-Forum before 0.82 allows remote ...)
	NOT-FOR-US: CS-Forum
CVE-2006-3167 (Free Realty before 2.9 allows remote attackers to obtain the full path ...)
	NOT-FOR-US: Free Realty
CVE-2006-3166 (Cross-site scripting (XSS) vulnerability in propview.php in Free ...)
	NOT-FOR-US: Free Realty
CVE-2006-3165 (SQL injection vulnerability in propview.php in Free Realty 2.9-0.7 and ...)
	NOT-FOR-US: Free Realty
CVE-2006-3164 (SQL injection vulnerability in category.php in TPL Design tplShop 2.0 ...)
	NOT-FOR-US: tplShop
CVE-2006-3163 (Multiple SQL injection vulnerabilities in galeria.php in IMGallery 2.4 ...)
	NOT-FOR-US: IMGallery
CVE-2006-3162 (PHP remote file inclusion vulnerability in include/inc_foot.php in ...)
	NOT-FOR-US: SmartSiteCMS
CVE-2006-3161 (SQL injection vulnerability in misc.php in SaphpLesson 1.1 and earlier ...)
	NOT-FOR-US: SaphpLesson
CVE-2006-3160 (Cross-site scripting (XSS) vulnerability in fm.php in ONEdotOH Simple ...)
	NOT-FOR-US: Simple File Manager
CVE-2006-3159 (pipe_master in Sun ONE/iPlanet Messaging Server 5.2 HotFix 1.16 (built ...)
	NOT-FOR-US: Sun ONE/iPlanet Messaging Server
CVE-2006-3158 (index.php in Eduha Meeting does not properly restrict file extensions ...)
	NOT-FOR-US: Eduha Meeting
CVE-2006-3157 (Cross-site scripting (XSS) vulnerability in index.php in Thinkfactory ...)
	NOT-FOR-US: UltimateGoogle
CVE-2006-3156 (Cross-site scripting (XSS) vulnerability in index.cgi in Ultimate ...)
	NOT-FOR-US: Ultimate eShop
CVE-2006-3155 (Multiple cross-site scripting (XSS) vulnerabilities in Ultimate ...)
	NOT-FOR-US: Ultimate Auction
CVE-2006-3154 (SQL injection vulnerability in index.pl in Ultimate Estate 1.0 and ...)
	NOT-FOR-US: Ultimate Estate
CVE-2006-3153 (Cross-site scripting (XSS) vulnerability in index.pl in Ultimate ...)
	NOT-FOR-US: Ultimate Estate
CVE-2006-3152 (Multiple SQL injection vulnerabilities in phpTRADER 4.9 SP5 and ...)
	NOT-FOR-US: phpTRADER
CVE-2006-3151 (Cross-site scripting (XSS) vulnerability in index.php in AssoCIateD ...)
	NOT-FOR-US: AssoCIateD
CVE-2006-3150 (SQL injection vulnerability in index.php in CavoxCms 1.0.16 and ...)
	NOT-FOR-US: CavoxCms
CVE-2006-3149 (Cross-site scripting (XSS) vulnerability in topic.php in phpMyForum ...)
	NOT-FOR-US: phpMyForum
CVE-2006-3148 (SQL injection vulnerability, possibly in search.inc.php, in ...)
	NOT-FOR-US: Open-Realty
CVE-2006-3147 (Unspecified vulnerability in Hosting Controller before 6.1 (aka Hotfix ...)
	NOT-FOR-US: Hosting Controller
CVE-2006-3146 (The TOSRFBD.SYS driver for Toshiba Bluetooth Stack 4.00.29 and earlier ...)
	NOT-FOR-US: Toshiba drivers for Windows
CVE-2006-3145 (Buffer overflow in pamtofits of NetPBM 10.30 through 10.33 allows ...)
	- netpbm-free <not-affected> (Debian's version is too old; affects 10.30 to 10.33 only)
CVE-2006-3144 (PHP remote file inclusion vulnerability in microcms-include.php in IBD ...)
	NOT-FOR-US: IBD Micro CMS
CVE-2006-3143 (Cross-site scripting (XSS) vulnerability in icue_login.asp in Maximus ...)
	NOT-FOR-US: Maximus SchoolMAX
CVE-2006-3142 (SQL injection vulnerability in forum.php in VBZooM 1.11 allows remote ...)
	NOT-FOR-US: VBZooM
CVE-2006-3141 (Cross-site scripting (XSS) vulnerability in details.cfm in Tradingeye ...)
	NOT-FOR-US: Tradingeye Shop
CVE-2006-3140 (SQL injection vulnerability in index.php in openCI 1.0 BETA 0.20.1 and ...)
	NOT-FOR-US: openCI
CVE-2006-3139 (Multiple SQL injection vulnerabilities in war.php in Virtual War 1.5.0 ...)
	NOT-FOR-US: Virtual War
CVE-2006-3138 (Multiple cross-site scripting (XSS) vulnerabilities in phpMyDirectory ...)
	NOT-FOR-US: phpMyDirectory
CVE-2006-3137 (Cross-site scripting (XSS) vulnerability in productDetail.asp in Edge ...)
	NOT-FOR-US: Edge eCommerce Shop
CVE-2006-3136 (** DISPUTED ** ...)
	NOT-FOR-US: Nucleus
CVE-2006-3135 (Multiple SQL injection vulnerabilities in CMS Mundo 1.0 build 008, and ...)
	NOT-FOR-US: CMS Mundo
CVE-2006-3134 (Buffer overflow in GraceNote CDDBControl ActiveX Control, as used by ...)
	NOT-FOR-US: GraceNote ActiveX Control
CVE-2006-3133
	RESERVED
CVE-2006-3132 (Cross-site scripting (XSS) vulnerability in qtofm.php4 in ...)
	NOT-FOR-US: QTOFileManager
CVE-2006-3131 (Multiple cross-site scripting (XSS) vulnerabilities in Clubpage allow ...)
	NOT-FOR-US: Clubpage
CVE-2006-3130 (SQL injection vulnerability in index.php in Clubpage allows remote ...)
	NOT-FOR-US: Clubpage
CVE-2006-3129 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in NC ...)
	NOT-FOR-US: LinkList
CVE-2006-3128 (choose_file.php in easy-CMS 0.1.2, when mod_mime is installed, does ...)
	NOT-FOR-US: easy-CMS
CVE-2006-3127 (Memory leak in Network Security Services (NSS) 3.11, as used in Sun ...)
	- mozilla <not-affected> (SunSolve claims it is only in 3.11; latest released is 3.10)
CVE-2006-3126 (c2faxrecv in capi4hylafax 01.02.03 allows remote attackers to execute ...)
	{DSA-1165}
	- capi4hylafax 1:01.03.00.99.svn.300-3
CVE-2006-3125 (Array index error in tetrinet.c in gtetrinet 0.7.8 and earlier allows ...)
	{DSA-1163}
	- gtetrinet 0.7.10-1
CVE-2006-3124 (Buffer overflow in the HTTP header parsing in Streamripper before ...)
	{DSA-1158}
	- streamripper 1.61.25-2
CVE-2006-3123 (Multiple integer overflows in the (1) dodecrypt and (2) doencrypt ...)
	{DSA-1138-1}
	- cfs 1.4.1-17
CVE-2006-3122 (The supersede_lease function in memory.c in ISC DHCP (dhcpd) server ...)
	{DSA-1143-1}
	- dhcp 2.0pl5-19.5 (bug #380273)
CVE-2006-3121 (The peel_netstring function in cl_netstring.c in the heartbeat ...)
	{DSA-1151-1}
	- heartbeat-2 2.0.6-2
	- heartbeat 1.2.4-14
CVE-2006-3120 (Format string vulnerability in Brian Wotring Osiris before 4.2.1 ...)
	{DSA-1129}
	- osiris 4.2.0-2 (medium)
CVE-2006-3119 (The fbgs framebuffer Postscript/PDF viewer in fbi before 2.01 has a ...)
	{DSA-1124}
	- fbi 2.05-1
CVE-2006-3118 (spread uses a temporary file with a static filename based on the port ...)
	- spread 3.17.3-4 (bug #375617; low)
	[sarge] - spread <no-dsa> (Minimal security implications)
CVE-2006-3117 (Heap-based buffer overflow in OpenOffice.org (aka StarOffice) 1.1.x up ...)
	{DSA-1104}
	- openoffice.org 2.0.3-1
CVE-2006-3116 (Multiple PHP remote file inclusion vulnerabilities in phpRaid 3.0.4 ...)
	NOT-FOR-US: phpRaid
CVE-2006-3115 (SQL injection vulnerability in view.php in phpRaid 3.0.4, and possibly ...)
	NOT-FOR-US: phpRaid
CVE-2006-3114 (PC Tools AntiVirus 2.1.0.51 uses insecure default permissions on the ...)
	NOT-FOR-US: PC Tools AntiVirus
CVE-2006-3113 (Mozilla Firefox 1.5 before 1.5.0.5, Thunderbird before 1.5.0.5, and ...)
	NOTE: MFSA-2006-46
	- mozilla <not-affected> (mozilla 1.7 not affected)
	- xulrunner 1.8.0.5-1 (high)
	- mozilla-firefox <not-affected> (only firefox >= 1.5)
	- firefox 1.5.dfsg+1.5.0.5-1 (high)
	- thunderbird 1.5.0.5-1 (medium)
	- mozilla-thunderbird <not-affected>
CVE-2006-3112 (Chipmailer 1.09 allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: Chipmailer
CVE-2006-3111 (Multiple SQL injection vulnerabilities in main.php in Chipmailer 1.09 ...)
	NOT-FOR-US: Chipmailer
CVE-2006-3110 (Cross-site scripting (XSS) vulnerability in main.php in Chipmailer ...)
	NOT-FOR-US: Chipmailer
CVE-2006-3109 (Cross-site scripting (XSS) vulnerability in Cisco CallManager 3.3 ...)
	NOT-FOR-US: Cisco
CVE-2006-3108 (Cross-site scripting (XSS) vulnerability in EmailArchitect Email ...)
	NOT-FOR-US: EmailArchitect
CVE-2006-3107 (Multiple PHP remote file inclusion vulnerabilities in Docebo 3.0.3 and ...)
	NOT-FOR-US: Docebo
CVE-2006-3106 (Cross-site scripting (XSS) vulnerability in index.php in ...)
	NOT-FOR-US: phpMyDesktop
CVE-2006-3105 (CRLF injection vulnerability in Bitweaver 1.3 allows remote attackers ...)
	NOT-FOR-US: Bitweaver
CVE-2006-3104 (users/index.php in Bitweaver 1.3 allows remote attackers to obtain ...)
	NOT-FOR-US: Bitweaver
CVE-2006-3103 (Cross-site scripting (XSS) vulnerability in Bitweaver 1.3 allows ...)
	NOT-FOR-US: Bitweaver
CVE-2006-3102 (Race condition in articles/BitArticle.php in Bitweaver 1.3, when run ...)
	NOT-FOR-US: Bitweaver
CVE-2006-3101 (Cross-site scripting (XSS) vulnerability in LogonProxy.cgi in Cisco ...)
	NOT-FOR-US: Cisco
CVE-2006-3099
	RESERVED
CVE-2006-3098
	RESERVED
CVE-2006-3097 (Unspecified vulnerability in Support Tools Manager (xstm, cstm, and ...)
	NOT-FOR-US: HP-UX Support Tools Manager
CVE-2006-3096 (Multiple SQL injection vulnerabilities in iPostMX 2005 2.0 and earlier ...)
	NOT-FOR-US: iPostMX
CVE-2006-3095 (Multiple cross-site scripting (XSS) vulnerabilities in iPostMX 2005 ...)
	NOT-FOR-US: iPostMX
CVE-2006-3094 (Multiple SQL injection vulnerabilities in Calendarix Basic ...)
	NOT-FOR-US: Calendarix Basic
CVE-2006-3093 (Multiple unspecified vulnerabilities in Adobe Acrobat Reader ...)
	NOT-FOR-US: Adobe Reader
CVE-2006-3092 (PhpMyFactures 1.2 and earlier allows remote attackers to bypass ...)
	NOT-FOR-US: PhpMyFactures
CVE-2006-3091 (PhpMyFactures 1.0, and possibly 1.2 and earlier, allows remote ...)
	NOT-FOR-US: PhpMyFactures
CVE-2006-3090 (Multiple SQL injection vulnerabilities in PhpMyFactures 1.0, and ...)
	NOT-FOR-US: PhpMyFactures
CVE-2006-3089 (Multiple cross-site scripting (XSS) vulnerabilities in PhpMyFactures ...)
	NOT-FOR-US: PhpMyFactures
CVE-2006-3088 (Cross-site scripting (XSS) vulnerability in index.php in Car ...)
	NOT-FOR-US: Car Classifieds
CVE-2006-3087 (Multiple cross-site scripting (XSS) vulnerabilities in EZGallery 1.5 ...)
	NOT-FOR-US: EZGallery
CVE-2006-3086 (Stack-based buffer overflow in the HrShellOpenWithMonikerDisplayName ...)
	NOT-FOR-US: Microsoft
CVE-2006-3084 (The (1) ftpd and (2) ksu programs in (a) MIT Kerberos 5 (krb5) up to ...)
	{DSA-1146-1}
	- krb5 1.4.3-9 (medium)
CVE-2006-3083 (The (1) krshd and (2) v4rcp applications in (a) MIT Kerberos 5 (krb5) ...)
	{DSA-1146-1}
	- krb5 1.4.3-9 (medium)
CVE-2006-3082 (parse-packet.c in GnuPG (gpg) 1.4.3 and 1.9.20, and earlier versions, ...)
	{DSA-1115 DSA-1107}
	- gnupg 1.4.3-2 (bug #375052; bug #375473; low)
	- gnupg2 1.9.20-1.1 (bug #375053; low)
CVE-2006-3081 (mysqld in MySQL 4.1.x before 4.1.18, 5.0.x before 5.0.19, and 5.1.x ...)
	{DSA-1112}
	- mysql-dfsg-5.0 5.0.19-1 (bug #373913; high)
CVE-2006-3100 [termnetd buffer overflow]
	RESERVED
	- termpkg 3.3-7 (bug #358028; medium)
CVE-2006-3085 (xt_sctp in netfilter for Linux kernel before 2.6.17.1 allows attackers ...)
	- linux-2.6 2.6.16-15
CVE-2006-XXXX [webalizer-stonesteps XSS]
	- webalizer-stonesteps 2.4.1.2-1
CVE-2006-3080 (Cross-site scripting (XSS) vulnerability in viewposts.cfm in ...)
	NOT-FOR-US: aXentForum
CVE-2006-3079 (Cross-site scripting (XSS) vulnerability in index.cfm in SSPwiz Plus ...)
	NOT-FOR-US: SSPwiz Plus
CVE-2006-3078 (Multiple SQL injection vulnerabilities in APBoard 2.2-r3 and earlier ...)
	NOT-FOR-US: APBoard
CVE-2006-3077 (Cross-site scripting (XSS) vulnerability in guestbook.cfm in ...)
	NOT-FOR-US: aXentGuestbook
CVE-2006-3076 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: PhpBlueDragon
CVE-2006-3075 (Multiple PHP remote file inclusion vulnerabilities in PictureDis ...)
	NOT-FOR-US: PictureDis Professional
CVE-2006-3074 (klif.sys in Kaspersky Internet Security 6.0 and 7.0, Kaspersky ...)
	NOT-FOR-US: Several Kaspersky products
CVE-2006-3073 (Multiple cross-site scripting (XSS) vulnerabilities in the WebVPN ...)
	NOT-FOR-US: Cisco
CVE-2006-3072 (M4 Macro Library in Symantec Security Information Manager before ...)
	NOT-FOR-US: Symantec Security Information Manager
CVE-2006-3071 (Cross-site scripting (XSS) vulnerability in index.php in MP3 ...)
	NOT-FOR-US: MP3 Search/Archive
CVE-2006-3070 (write_ok.php in Zeroboard 4.1 pl8, when installed on Apache with ...)
	NOT-FOR-US: Zeroboard
CVE-2006-3069 (** DISPUTED ** ...)
	NOT-FOR-US: DoubleSpeak
CVE-2006-3068 (IBM DB2 Universal Database (UDB) before 8.2 FixPak 12 allows remote ...)
	NOT-FOR-US: IBM DB2
CVE-2006-3067 (Multiple unspecified vulnerabilities in IBM DB2 Universal Database ...)
	NOT-FOR-US: IBM DB2
CVE-2006-3066 (Buffer overflow in the TCP/IP listener in IBM DB2 Universal Database ...)
	NOT-FOR-US: IBM DB2
CVE-2006-3065 (SQL injection vulnerability in engine/shards/blog.php in blur6ex ...)
	NOT-FOR-US: blur6ex
CVE-2006-3064 (SQL injection vulnerability in the add_hit function in ...)
	NOT-FOR-US: Coppermine Photo Gallery
CVE-2006-3063 (Multiple cross-site scripting (XSS) vulnerabilities in myPHP Guestbook ...)
	NOT-FOR-US: myPHP Guestbook
CVE-2006-3062 (Cross-site scripting (XSS) vulnerability in index.php in myPHP ...)
	NOT-FOR-US: myPHP Guestbook
CVE-2006-3061 (Multiple cross-site scripting (XSS) vulnerabilities in 5 Star Review ...)
	NOT-FOR-US: 5 Star Review
CVE-2006-3060 (Cross-site scripting (XSS) vulnerability in P.A.I.D 2.2 allows remote ...)
	NOT-FOR-US: P.A.I.D
CVE-2006-3059 (Unspecified vulnerability in Microsoft Excel 2000 through 2004 allows ...)
	NOT-FOR-US: Microsoft Excel
CVE-2006-3058
	RESERVED
CVE-2006-3057 (Unspecified vulnerability in NetworkManager daemon for DHCP (dhcdbd) ...)
	- dhcdbd 1.14-1
CVE-2006-3056 (SQL injection vulnerability in language.php in VBZooM 1.01 allows ...)
	NOT-FOR-US: VBZooM
CVE-2006-3055 (Multiple SQL injection vulnerabilities in VBZooM 1.02 allow remote ...)
	NOT-FOR-US: VBZooM
CVE-2006-3054 (Multiple SQL injection vulnerabilities in VBZooM 1.11 allow remote ...)
	NOT-FOR-US: VBZooM
CVE-2006-3053 (** DISPUTED ** ...)
	NOT-FOR-US: PHORUM
CVE-2006-3052 (Cross-site scripting (XSS) vulnerability in Event Registration allows ...)
	NOT-FOR-US: Event Registration
CVE-2006-3051 (Cross-site scripting (XSS) vulnerability in list.php in SixCMS 6.0, ...)
	NOT-FOR-US: SixCMS
CVE-2006-3050 (Directory traversal vulnerability in detail.php in SixCMS 6.0, and ...)
	NOT-FOR-US: SixCMS
CVE-2006-3049 (Multiple cross-site scripting (XSS) vulnerabilities in booking3.php in ...)
	NOT-FOR-US: Mole Group Ticket Booking Script
CVE-2006-3048 (SQL injection vulnerability in TikiWiki 1.9.3.2 and possibly earlier ...)
	- tikiwiki 1.9.4-1 (medium)
CVE-2006-3047 (Cross-site scripting (XSS) vulnerability in TikiWiki 1.9.3.2 and ...)
	- tikiwiki 1.9.4-1 (medium)
CVE-2006-3046 (Unspecified vulnerability in the admin login feature in Subtext 1.5, ...)
	NOT-FOR-US: Subtext
CVE-2006-3045 (PHP remote file inclusion vulnerability in manage_songs.php in Foing ...)
	NOT-FOR-US: Foing
CVE-2006-3044 (Cross-site scripting (XSS) vulnerability in LogiSphere 1.6.0 allows ...)
	NOT-FOR-US: LogiSphere
CVE-2006-3043 (Cross-site scripting (XSS) vulnerability in search.cfm in CreaFrameXe ...)
	NOT-FOR-US: CFXe-CMS
CVE-2006-3042 (** DISPUTED ** ...)
	NOT-FOR-US: ISPConfig
CVE-2006-3041 (** DISPUTED ** ...)
	NOT-FOR-US: Codewalkers Ltwcalendar
CVE-2006-3040 (** DISPUTED ** ...)
	NOT-FOR-US: Amr Talkbox
CVE-2006-3039 (Cross-site scripting (XSS) vulnerability in index.php in Cescripts ...)
	NOT-FOR-US: Cescripts Realty Home Rent
CVE-2006-3038 (Cross-site scripting (XSS) vulnerability in index.php in Cescripts ...)
	NOT-FOR-US: Cescripts Realty Home Rent
CVE-2006-3037 (Multiple cross-site scripting (XSS) vulnerabilities in publish.php in ...)
	NOT-FOR-US: ST AdManager Lite
CVE-2006-3036 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
	NOT-FOR-US: 35mmslidegallery
CVE-2006-3035 (Multiple cross-site scripting (XSS) vulnerabilities in addwords.php in ...)
	NOT-FOR-US: MyScrapbook
CVE-2006-3034 (MyScrapbook 3.1 allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: MyScrapbook
CVE-2006-3033 (Cross-site scripting (XSS) vulnerability in MyScrapbook 3.1 allows ...)
	NOT-FOR-US: MyScrapbook
CVE-2006-3032 (Multiple cross-site scripting (XSS) vulnerabilities in Xtreme ASP ...)
	NOT-FOR-US: Xtreme ASP Photo Gallery
CVE-2006-3031 (Multiple cross-site scripting (XSS) vulnerabilities in index.asp in ...)
	NOT-FOR-US: fipsCMS
CVE-2006-3030 (Multiple cross-site scripting (XSS) vulnerabilities in DwZone Shopping ...)
	NOT-FOR-US: DwZone Shopping Cart
CVE-2006-3029 (Cross-site scripting (XSS) vulnerability in default.asp in ClickTech ...)
	NOT-FOR-US: ClickTech Clickcart
CVE-2006-3028 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: Minerva
CVE-2006-3027 (Multiple SQL injection vulnerabilities in Enthrallwebe ePhotos 2.2 and ...)
	NOT-FOR-US: Enthrallwebe ePhotos
CVE-2006-3026 (Multiple cross-site scripting (XSS) vulnerabilities in ClickGallery ...)
	NOT-FOR-US: ClickGallery
CVE-2006-3025 (Cross-site scripting (XSS) vulnerability in Cal.PHP3 in Chris Lea ...)
	NOT-FOR-US: Chris Lea Lucid Calendar
CVE-2006-3024 (Multiple cross-site scripting (XSS) vulnerabilities in EvGenius ...)
	NOT-FOR-US: EvGenius Counter
CVE-2006-3023 (Multiple cross-site scripting (XSS) vulnerabilities in thumbnails.asp ...)
	NOT-FOR-US: Uapplication Uphotogallery
CVE-2006-3022 (Cross-site scripting (XSS) vulnerability in zoom.php in fipsGallery ...)
	NOT-FOR-US: fipsGallery
CVE-2006-3021 (Multiple cross-site scripting (XSS) vulnerabilities in BlueCollar ...)
	NOT-FOR-US: BlueCollar i-Gallery
CVE-2006-3020 (Multiple cross-site scripting (XSS) vulnerabilities in FullPhoto.asp ...)
	NOT-FOR-US: WS-Album
CVE-2006-3019 (Multiple PHP remote file inclusion vulnerabilities in phpCMS 1.2.1pl2 ...)
	NOT-FOR-US: phpCMS
CVE-2006-3018 (Unspecified vulnerability in the session extension functionality in ...)
	- php5 5.1.4-0.1 (unimportant)
	- php4 <unfixed> (unimportant)
	NOTE: Sanitising is the application's responsibilitys
CVE-2006-3017 (zend_hash_del_key_or_index in zend_hash.c in PHP before 4.4.3 and 5.x ...)
	{DSA-1206-1}
	- php5 5.1.4-0.1 (medium)
	- php4 4:4.4.4-1 (medium; bug #381998)
CVE-2006-3016 (Unspecified vulnerability in session.c in PHP before 5.1.3 has unknown ...)
	- php5 5.1.4-0.1 (unimportant)
	- php4 4:4.4.4-1 (unimportant; bug #382259)
	NOTE: Sanitising is the application's responsibilitys
CVE-2006-3015 (Argument injection vulnerability in WinSCP 3.8.1 build 328 allows ...)
	NOT-FOR-US: WinSCP
CVE-2006-3014 (Microsoft Excel allows user-assisted attackers to execute arbitrary ...)
	NOT-FOR-US: Microsoft Excel / Flashplayer for Windows
CVE-2006-3013 (Interpretation conflict in resetpw.php in phpBannerExchange before 2.0 ...)
	NOT-FOR-US: phpBannerExchange
CVE-2006-3012 (SQL injection vulnerability in phpBannerExchange before 2.0 Update 6 ...)
	NOT-FOR-US: phpBannerExchange
CVE-2006-3011 (The error_log function in basic_functions.c in PHP before 4.4.4 and ...)
	- php4 4:4.4.4-1 (unimportant)
	- php5 5.1.6-1 (unimportant)
	NOTE: Safe mode violations are not supported
CVE-2003-1303 (Buffer overflow in the imap_fetch_overview function in the IMAP ...)
	NOT-FOR-US: Microsoft Internet Explore
CVE-2003-1302 (The IMAP functionality in PHP before 4.3.1 allows remote attackers to ...)
	- php4 4:4.3.2+rc3-1
CVE-2002-2215 (The imap_header function in the IMAP functionality for PHP before ...)
	- php4 4:4.3.2+rc3-1
CVE-2002-2214 (The php_if_imap_mime_header_decode function in the IMAP functionality ...)
	- php4 4:4.3.2+rc3-1
CVE-1999-1589 (Unspecified vulnerability in crontab in IBM AIX 3.2 allows local users ...)
	NOT-FOR-US: IBM AIX
CVE-2006-3010 (Multiple SQL injection vulnerabilities in Open Business Management ...)
	NOT-FOR-US: not packaged for Debian
CVE-2006-3009 (Multiple cross-site scripting (XSS) vulnerabilities in Open Business ...)
	NOT-FOR-US: not packaged for Debian
CVE-2006-3008
	REJECTED
CVE-2006-3007 (Multiple cross-site scripting (XSS) vulnerabilities in SHOUTcast 1.9.5 ...)
	NOT-FOR-US: not packaged for Debian
CVE-2006-3006 (Cross-site scripting (XSS) vulnerability in iFoto 0.20, and possibly ...)
	NOT-FOR-US: iFoto
CVE-2006-3005 (The JPEG library in media-libs/jpeg before 6b-r7 on Gentoo Linux is ...)
	- libjpeg6b <not-affected> (--maxmem is set during configure)
	- libjpeg-mmx <removed> (bug #373672; low)
	[sarge] - libjpeg-mmx <no-dsa> (If this poses a threat, the admin can apply resource limits)
CVE-2006-3004 (Multiple cross-site scripting (XSS) vulnerabilities in Ez Ringtone ...)
	NOT-FOR-US: Ez Ringtone
CVE-2006-3003 (details.php in Easy Ad-Manager allows remote attackers to obtain the ...)
	NOT-FOR-US: not packaged for Debian
CVE-2006-3002 (Cross-site scripting (XSS) vulnerability in details.php in Easy ...)
	NOT-FOR-US: not packaged for Debian
CVE-2006-3001 (Cross-site scripting (XSS) vulnerability in search.php in OkScripts ...)
	NOT-FOR-US: not packaged for Debian
CVE-2006-3000 (Cross-site scripting (XSS) vulnerability in search.php in OkScripts ...)
	NOT-FOR-US: not packaged for Debian
CVE-2006-2999 (Cross-site scripting (XSS) vulnerability in search.php in OkScripts ...)
	NOT-FOR-US: not packaged for Debian
CVE-2006-2998 (PHP remote file inclusion vulnerability in board/post.php in free ...)
	NOT-FOR-US: not packaged for Debian
CVE-2006-2997 (Cross-site scripting (XSS) vulnerability in ZMS 2.9 and earlier, when ...)
	- zope-zms <unfixed> (bug #373667; unimportant)
	[sarge] - zope-zms <no-dsa> (Only exploitable with register_globals)
	NOTE: register_globals is an unsupported mode of operation in Debian
CVE-2006-2996 (PHP remote file inclusion vulnerability in inc/design.inc.php in ...)
	NOT-FOR-US: aePartner
CVE-2006-2995 (Multiple PHP remote file inclusion vulnerabilities in WebprojectDB ...)
	NOT-FOR-US: WebprojectDB
CVE-2006-2994 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...)
	NOT-FOR-US: phazizGuestbook
CVE-2006-2993 (Multiple SQL injection vulnerabilities in My Photo Scrapbook 1.0 and ...)
	NOT-FOR-US: My Photo Scrapbook
CVE-2006-2992 (Cross-site scripting (XSS) vulnerability in display.asp in My Photo ...)
	NOT-FOR-US: My Photo Scrapbook
CVE-2006-2991 (Multiple cross-site scripting (XSS) vulnerabilities in Ringlink 3.2 ...)
	NOT-FOR-US: Ringlink
CVE-2006-2990 (Cross-site scripting (XSS) vulnerability in default.asp in VanillaSoft ...)
	NOT-FOR-US: VanillaSoft
CVE-2006-2989 (Cross-site scripting (XSS) vulnerability in listpics.asp in ASP ...)
	NOT-FOR-US: ASP ListPics
CVE-2006-2988 (Cross-site scripting (XSS) vulnerability in dictionary.php in Chemical ...)
	NOT-FOR-US: Chemical Dictionary
CVE-2006-2987 (Multiple SQL injection vulnerabilities in Dominios Europa PICRATE (aka ...)
	NOT-FOR-US: PICRATE
CVE-2006-2986 (Multiple cross-site scripting (XSS) vulnerabilities in Baby Katie ...)
	NOT-FOR-US: vSCAL and vsREAL
CVE-2006-2985 (SQL injection vulnerability in index.php in IntegraMOD 1.4.0 and ...)
	NOT-FOR-US: IntegraMOD
CVE-2006-2984 (Cross-site scripting (XSS) vulnerability in index.php in IntegraMOD ...)
	NOT-FOR-US: IntegraMOD
CVE-2006-2983 (PHP remote file inclusion vulnerability in Enterprise Timesheet and ...)
	NOT-FOR-US: Enterprise Timesheet and Payroll Systems (EPS)
CVE-2006-2982 (Multiple PHP remote file inclusion vulnerabilities in Enterprise ...)
	NOT-FOR-US: Enterprise Timesheet and Payroll Systems (EPS)
CVE-2006-2981 (SQL injection vulnerability in vs_search.php in Arantius Vice Stats ...)
	NOT-FOR-US: Arantius Vice Stats
CVE-2006-2980 (SQL injection vulnerability in block_forum_topic_new.php in ViArt Shop ...)
	NOT-FOR-US: ViArt
CVE-2006-2979 (Multiple cross-site scripting (XSS) vulnerabilities in ViArt Shop Free ...)
	NOT-FOR-US: ViArt
CVE-2006-2978 (Mafia Moblog 0.6M1 and earlier allows remote attackers to obtain the ...)
	NOT-FOR-US: Moblog
CVE-2006-2977 (SQL injection vulnerability in big.php in Mafia Moblog 0.6M1 and ...)
	NOT-FOR-US: Moblog
CVE-2006-2976 (Unspecified vulnerability in usermgr.php in Coppermine Photo Gallery ...)
	NOT-FOR-US: Coppermine
CVE-2006-2975 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
	NOT-FOR-US: PBL Guestbook
CVE-2006-2974 (Multiple cross-site scripting (XSS) vulnerabilities in EmailArchitect ...)
	NOT-FOR-US: EmailArchitect
CVE-2006-2973 (Multiple SQL injection vulnerabilities in month.php in PHP Lite ...)
	NOT-FOR-US: PHP Lite Calendar
CVE-2006-2972 (SQL injection vulnerability in vs_resource.php in Arantius Vice Stats ...)
	NOT-FOR-US: Arantius Vice Stats
CVE-2006-2971 (Integer overflow in the recv_packet function in 0verkill 0.16 allows ...)
	- overkill 0.16-9 (bug #373687; low)
	[sarge] - overkill <no-dsa> (Only DoS against an obscure game, no code injection possible)
CVE-2006-2970 (videoPage.php in L0j1k tinyMuw 0.1.0 allows remote attackers to obtain ...)
	NOT-FOR-US: tinyMuw
CVE-2006-2969 (Cross-site scripting (XSS) vulnerability in L0j1k tinyMuw 0.1.0 allow ...)
	NOT-FOR-US: tinyMuw
CVE-2006-2968 (Cross-site scripting (XSS) vulnerability in search.php in PHP Labware ...)
	NOT-FOR-US: LabWiki
CVE-2006-2967 (Syworks SafeNET allows local users to bypass restrictions on network ...)
	NOT-FOR-US: SafeNET
CVE-2006-2966 (Cross-site scripting (XSS) vulnerability in Particle Soft Particle ...)
	NOT-FOR-US: Particle Wiki
CVE-2006-2965 (Multiple cross-site scripting (XSS) vulnerabilities in Particle Soft ...)
	NOT-FOR-US: Particle Whois
CVE-2006-2964 (Multiple PHP remote file inclusion vulnerabilities in Xtreme Scripts ...)
	NOT-FOR-US: Xtreme Downloads
CVE-2006-2963 (Cross-site scripting (XSS) vulnerability in Suchergebnisse.asp in ...)
	NOT-FOR-US: Cabacos Web CMS
CVE-2006-2962 (PHP remote file inclusion vulnerability in sql_fcnsOLD.php in ...)
	NOT-FOR-US: Empris
CVE-2006-2961 (Stack-based buffer overflow in CesarFTP 0.99g and earlier allows ...)
	NOT-FOR-US: CesarFTP
CVE-2006-2960 (PHP remote file inclusion vulnerability in includes/joomla.php in ...)
	NOT-FOR-US: Joomla
CVE-2006-2959 (SQL injection vulnerability in inc_header.asp in Snitz Forum 3.4.05 ...)
	NOT-FOR-US: Snitz Forum
CVE-2006-2958 (Directory traversal vulnerability in FilZip 3.05 allows remote ...)
	NOT-FOR-US: FilZip
CVE-2006-2957 (Cross-site scripting (XSS) vulnerability in i.List 1.5 beta and ...)
	NOT-FOR-US: i.List
CVE-2006-2956 (Multiple cross-site scripting (XSS) vulnerabilities in i.List 1.5 beta ...)
	NOT-FOR-US: i.List
CVE-2006-2955 (Multiple cross-site scripting (XSS) vulnerabilities in KAPhotoservice ...)
	NOT-FOR-US: KAPhotoservice
CVE-2006-2954 (SQL injection vulnerability in files.asp in OfficeFlow 2.6 and earlier ...)
	NOT-FOR-US: OfficeFlow
CVE-2006-2953 (Cross-site scripting (XSS) vulnerability in default.asp in OfficeFlow ...)
	NOT-FOR-US: OfficeFlow
CVE-2006-2952 (Directory traversal vulnerability in Net Portal Dynamic System (NPDS) ...)
	NOT-FOR-US: NPDS
CVE-2006-2951 (Multiple cross-site scripting (XSS) vulnerabilities in Net Portal ...)
	NOT-FOR-US: NPDS
CVE-2006-2950 (Net Portal Dynamic System (NPDS) 5.10 and earlier allows remote ...)
	NOT-FOR-US: NPDS
CVE-2006-2949 (Cross-site scripting (XSS) vulnerability in private.php in MyBB 1.1.2 ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2006-2948 (A-CART 2.0 stores the acart2_0.mdb file under the web document root ...)
	NOT-FOR-US: A-CART
CVE-2006-2947 (Dmx Forum 2.1a allows remote attackers to obtain username and password ...)
	NOT-FOR-US: Dmx Forum
CVE-2006-2946 (Dmx Forum 2.1a stores _includes/bd.inc under the web root with ...)
	NOT-FOR-US: Dmx Forum
CVE-2006-2945 (Unspecified vulnerability in the user profile change functionality in ...)
	- dokuwiki 0.0.20060309-4 (bug #373689; low)
CVE-2006-2944 (Unspecified vulnerability in CGI-RESCUE FORM2MAIL 1.21 and earlier ...)
	NOT-FOR-US: FORM2MAIL
CVE-2006-2943 (Unspecified vulnerability in CGI-RESCUE WebFORM 4.1 and earlier allows ...)
	NOT-FOR-US: WebFORM
CVE-2006-2942 (TWiki 4.0.0, 4.0.1, and 4.0.2 allows remote attackers to gain Twiki ...)
	- twiki <not-affected> (Debian's version is old and does not include affected file)
CVE-2006-2941 (Mailman before 2.1.9rc1 allows remote attackers to cause a denial of ...)
	- mailman <not-affected> (Mailman uses the system version of the affected Python lib)
CVE-2006-2940 (OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions ...)
	{DSA-1195-1 DSA-1185-2}
	- openssl 0.9.8c-2 (bug #389940)
	- openssl097 0.9.7k-2
	- openssl096 <removed>
CVE-2006-2939
	REJECTED
CVE-2006-2938
	REJECTED
CVE-2006-2937 (OpenSSL 0.9.7 before 0.9.7l and 0.9.8 before 0.9.8d allows remote ...)
	{DSA-1185-2}
	- openssl 0.9.8c-2 (bug #389940)
	- openssl097 0.9.7k-2
	- openssl096 <not-affected>
CVE-2006-2936 (The ftdi_sio driver (usb/serial/ftdi_sio.c) in Linux kernel 2.6.x up ...)
	- linux-2.6 2.6.17-5 (low)
CVE-2006-2935 (The dvd_read_bca function in the DVD handling code in ...)
	- linux-2.6 2.6.17-5 (low)
CVE-2006-2934 (SCTP conntrack (ip_conntrack_proto_sctp.c) in netfilter for Linux ...)
	- linux-2.6 2.6.17-3
CVE-2006-2933 (kdesktop_lock in kdebase before 3.1.3-5.11 for KDE in Red Hat ...)
	[sarge] - kdebase <not-affected> (Only KDE < 3.2 vulnerable)
CVE-2006-2932 (A regression error in the restore_all code path of the 4/4GB split ...)
	- linux-2.6 <not-affected> (vulnerable code not present)
CVE-2006-2931 (CMS Mundo before 1.0 build 008 does not properly verify uploaded image files, ...)
	NOT-FOR-US: CMS Mundo
CVE-2006-2930 (Unspecified vulnerability in Sun Grid Engine 5.3 and Sun N1 Grid ...)
	NOT-FOR-US: Sun
CVE-2006-2929 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: OpenEMR
CVE-2006-2928 (Multiple PHP remote file inclusion vulnerabilities in CMS-Bandits 2.5 ...)
	NOT-FOR-US: CMS-Bandits
CVE-2006-2927 (Multiple cross-site scripting (XSS) vulnerabilities in post.asp in ...)
	NOT-FOR-US: CAForum
CVE-2006-2926 (Stack-based buffer overflow in the WWW Proxy Server of Qbik WinGate ...)
	NOT-FOR-US: Qbik
CVE-2006-2925 (Cross-site scripting (XSS) vulnerability in the web interface in ...)
	NOT-FOR-US: Ingate
CVE-2006-2924 (Ingate Firewall in the SIP module before 4.4.1 and SIParator before ...)
	NOT-FOR-US: Ingate
CVE-2006-2923 (The iax_net_read function in the iaxclient open source library, as ...)
	- iaxclient 0.0+svn20060520-2
CVE-2006-2922 (Multiple PHP remote file inclusion vulnerabilities in MiraksGalerie ...)
	NOT-FOR-US: MiraksGalerie
CVE-2006-2921 (PHP remote file inclusion vulnerability in cmpro_header.inc.php in ...)
	NOT-FOR-US: CMPro
CVE-2006-2920 (Sylpheed-Claws before 2.2.2 and Sylpheed before 2.2.6 allow remote ...)
	- sylpheed 2.2.6-1 (low)
	[sarge] - sylpheed <no-dsa> (Minor evasion of phishing protection feature)
	- sylpheed-gtk1 1.0.6-3 (bug #373187; low)
	- sylpheed-claws 1.0.5-3 (bug #372891; low)
	[sarge] - sylpheed-claws <no-dsa> (Minor evasion of phishing protection feature)
	- sylpheed-claws-gtk2 2.3.0-1 (bug #372889; low)
CVE-2006-2919 (Unspecified vulnerability in Microsoft NetMeeting 3.01 allows remote ...)
	NOT-FOR-US: Microsoft
CVE-2006-2918 (The Lanap BotDetect APS.NET CAPTCHA component before 1.5.4.0 stores ...)
	NOT-FOR-US: Lanap BotDetect APS.NET CAPTCHA component
CVE-2006-2917 (Directory traversal vulnerability in the IMAP server in WinGate ...)
	NOT-FOR-US: WinGate
CVE-2006-2916 (artswrapper in aRts, when running setuid root on Linux 2.6.0 or later ...)
	- arts 1.5.3-2 (bug #374003; low)
	[sarge] - arts <not-affected> (Not setuid root in Debian)
	NOTE: artswrapper is not suid root by default, but README.Debian describes it
CVE-2006-2915 (Multiple SQL injection vulnerabilities in DeluxeBB 1.06 allow remote ...)
	NOT-FOR-US: DeluxeBB
CVE-2006-2914 (PHP remote file inclusion vulnerability in DeluxeBB 1.06 allows remote ...)
	NOT-FOR-US: DeluxeBB
CVE-2006-2913 (Cross-site scripting (XSS) vulnerability in SelectaPix 1.31 allows ...)
	NOT-FOR-US: SelectaPix
CVE-2006-2912 (Multiple SQL injection vulnerabilities in SelectaPix 1.31 allow remote ...)
	NOT-FOR-US: SelectaPix
CVE-2006-2911 (SQL injection vulnerability in controlpanel/index.php in CMS Mundo before 1.0 ...)
	NOT-FOR-US: CMS Mundo
CVE-2006-2910 (Buffer overflow in jetAudio 6.2.6.8330 (Basic), and possibly other ...)
	NOT-FOR-US: jetAudio
CVE-2006-2909 (Stack-based buffer overflow in the info tip shell extension ...)
	NOT-FOR-US: PicoZip
CVE-2006-2908 (The domecode function in inc/functions_post.php in MyBulletinBoard ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2006-2907
	RESERVED
CVE-2006-2906 (The LZW decoding in the gdImageCreateFromGifPtr function in the Thomas ...)
	{DSA-1117}
	- libgd2 2.0.33-5 (bug #372912; low)
	- tetex-bin <not-affected> (Links dynamically, see #382506)
CVE-2006-2905 (Partial Links 1.2.2 allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: Partial Links
CVE-2006-2904 (SQL injection vulnerability in index.php in Partial Links 1.2.2 allows ...)
	NOT-FOR-US: Partial Links
CVE-2006-2903 (Cross-site scripting (XSS) vulnerability in admin.php in Particle ...)
	NOT-FOR-US: Partial Links
CVE-2006-2902 (Directory traversal vulnerability in Particle Links 1.2.2 might allow ...)
	NOT-FOR-US: Partial Links
CVE-2006-2901 (The web server for D-Link Wireless Access-Point (DWL-2100ap) firmware ...)
	NOT-FOR-US: D-Link
CVE-2006-2900 (Internet Explorer 6 allows user-assisted remote attackers to read ...)
	NOT-FOR-US: Microsoft
CVE-2006-2899 (Unspecified vulnerability in ESTsoft InternetDISK versions before ...)
	NOT-FOR-US: ESTsoft InternetDISK
CVE-2006-2898 (The IAX2 channel driver (chan_iax2) for Asterisk 1.2.x before 1.2.9 ...)
	{DSA-1126}
	- asterisk 1:1.2.10.dfsg-2 (bug #380054)
	- iax 0.2.2-5
	[sarge] - iax <not-affected> (Vulnerable code not present)
	- iaxmodem 0.1.8.dfsg-2
CVE-2006-2897 (Cross-site scripting (XSS) vulnerability in FunkBoard 0.71 allows ...)
	NOT-FOR-US: Funkboard
CVE-2006-2896 (profile.php in FunkBoard CF0.71 allows remote attackers to change ...)
	NOT-FOR-US: Funkboard
CVE-2006-2895 (Cross-site scripting (XSS) vulnerability in MediaWiki 1.6.0 up to ...)
	- mediawiki <not-affected> (Affects only 1.6.0-1.6.6)
CVE-2006-2894 (Mozilla Firefox 1.5.0.4, 2.0.x before 2.0.0.8, Mozilla Suite 1.7.13, ...)
	{DSA-1401-1 DSA-1392-1 DTSA-69-1 DTSA-80-1}
	- iceweasel 2.0.0.8
	- xulrunner 1.8.1.9-1
	- iceape 1.1.5
CVE-2006-2893 (index.php in GANTTy 1.0.3 allows remote attackers to obtain the full ...)
	NOT-FOR-US: GANTTy
CVE-2006-2892 (Cross-site scripting (XSS) vulnerability in index.php in GANTTy 1.0.3 ...)
	NOT-FOR-US: GANTTy
CVE-2006-2891 (Cross-site scripting (XSS) vulnerability in admin/index.php for ...)
	NOT-FOR-US: Pixelpost
CVE-2006-2890 (Pixelpost 1-5rc1-2 and earlier, when register_globals is enabled, ...)
	NOT-FOR-US: Pixelpost
CVE-2006-2889 (Multiple SQL injection vulnerabilities in index.php in Pixelpost ...)
	NOT-FOR-US: Pixelpost
CVE-2006-2888 (PHP remote file inclusion vulnerability in _wk/wk_lang.php in Wikiwig ...)
	NOT-FOR-US: Wikiwig
CVE-2006-2887 (Multiple SQL injection vulnerabilities in myNewsletter 1.1.2 and ...)
	NOT-FOR-US: myNewsletter
CVE-2006-2886 (view.php in KnowledgeTree Open Source 3.0.3 and earlier allows remote ...)
	- knowledgetree <removed> (bug #373137; low)
CVE-2006-2885 (Multiple cross-site scripting (XSS) vulnerabilities in KnowledgeTree ...)
	- knowledgetree <removed> (bug #373137; low)
CVE-2006-2884 (SQL injection vulnerability in index.php in Kmita FAQ 1.0 allows ...)
	NOT-FOR-US: Kmita
CVE-2006-2883 (Cross-site scripting (XSS) vulnerability in search.php in Kmita FAQ ...)
	NOT-FOR-US: Kmita
CVE-2006-2882 (Multiple cross-site scripting (XSS) vulnerabilities submit.asp in ...)
	NOT-FOR-US: ASPScriptz
CVE-2006-2881 (Multiple PHP remote file inclusion vulnerabilities in DreamAccount 3.1 ...)
	NOT-FOR-US: DreamAccount
CVE-2006-2880 (Cross-site scripting (XSS) vulnerability in the Contributed Packages ...)
	NOT-FOR-US: pyblosxom package doesn't ship plugins
CVE-2006-2879 (SQL injection vulnerability in newscomments.php in Alex News-Engine ...)
	NOT-FOR-US: Alex News-Engine
CVE-2006-2878 (The spellchecker (spellcheck.php) in DokuWiki 2006/06/04 and earlier ...)
	- dokuwiki 0.0.20060309-4 (bug #370369; bug #370785; high)
CVE-2006-2877 (PHP remote file inclusion vulnerability in Bookmark4U 2.0.0 and ...)
	NOT-FOR-US: Bookmark4U
CVE-2006-2876 (Cross-site scripting (XSS) vulnerability in cat.php in PHP Pro Publish ...)
	NOT-FOR-US: PHP Pro Publish
CVE-2006-2875 (Stack-based buffer overflow in the CL_ParseDownload function of Quake ...)
	NOT-FOR-US: Quake 3
CVE-2006-2874 (Unspecified vulnerability in OSADS Alliance Database before 1.4 has ...)
	NOT-FOR-US: OSADS
CVE-2006-2873 (Cross-site scripting (XSS) vulnerability in hava.asp in Enigma Haber ...)
	NOT-FOR-US: Enigma Haber
CVE-2006-2872 (PHP remote file inclusion vulnerability in config.php in Rumble 1.02 ...)
	NOT-FOR-US: Rumble
CVE-2006-2871 (** DISPUTED ** ...)
	NOT-FOR-US: CyBoards
CVE-2006-2870 (Cross-site scripting (XSS) vulnerability in forum_search.asp in ...)
	NOT-FOR-US: Intelligent Solutions Inc.
CVE-2006-2869 (Unspecified vulnerability in the CHM unpacker in avast! before 4.7.844 ...)
	NOT-FOR-US: Avast
CVE-2006-2868 (Multiple PHP remote file inclusion vulnerabilities in Claroline 1.7.6 ...)
	NOT-FOR-US: Claroline
CVE-2006-2867 (SQL injection vulnerability in editpost.php in CoolForum 0.8.3 beta ...)
	NOT-FOR-US: CoolForum
CVE-2006-2866 (PHP remote file inclusion vulnerability in layout/prepend.php in ...)
	NOT-FOR-US: DotClear
CVE-2006-2865 (** DISPUTED ** ...)
	NOTE: phpbb2, but invalid
CVE-2006-2864 (Multiple PHP remote file inclusion vulnerabilities in BlueShoes ...)
	NOT-FOR-US: BlueShoes
CVE-2006-2863 (PHP remote file inclusion vulnerability in class.cs_phpmailer.php in ...)
	NOT-FOR-US: CS-Cart
CVE-2006-2862 (SQL injection vulnerability in viewimage.php in Particle Gallery 1.0.0 ...)
	NOT-FOR-US: Particle Gallery
CVE-2006-2861 (SQL injection vulnerability in index.php in Particle Wiki 1.0.2 and ...)
	NOT-FOR-US: Particle Wiki
CVE-2006-2860 (PHP remote file inclusion vulnerability in Webspotblogging 3.0.1 ...)
	NOT-FOR-US: Webspotblogging
CVE-2006-2859 (** DISPUTED ** ...)
	NOT-FOR-US: MyBloggie
CVE-2006-2858 (SQL injection vulnerability in viewmsg.asp in LocazoList Classifieds ...)
	NOT-FOR-US: LocazoList
CVE-2006-2857 (SQL injection vulnerability in index.php in LifeType 1.0.4 allows ...)
	NOT-FOR-US: LifeType
CVE-2006-2856 (ActiveState ActivePerl 5.8.8.817 for Windows configures the site/lib ...)
	NOT-FOR-US: ActiveState
CVE-2006-2855 (SQL injection vulnerability in index.php in xueBook 1.0 allows remote ...)
	NOT-FOR-US: xueBook
CVE-2006-2854 (SQL injection vulnerability in index.php in iBWd Guestbook 1.0 allows ...)
	NOT-FOR-US: iBWd
CVE-2006-2853 (SQL injection vulnerability in content.php in abarcar Realty Portal ...)
	NOT-FOR-US: abarcar
CVE-2006-2852 (PHP remote file inclusion vulnerability in dotWidget CMS 1.0.6 and ...)
	NOT-FOR-US: dotWidget
CVE-2006-2851 (Cross-site scripting (XSS) vulnerability in index.php in dotProject ...)
	NOT-FOR-US: dotProject
CVE-2006-2850 (Cross-site scripting (XSS) vulnerability in recentchanges.php in PHP ...)
	NOT-FOR-US: LabWiki
CVE-2006-2849 (PHP remote file inclusion vulnerability in includes/webdav/server.php ...)
	NOT-FOR-US: Bytehoard
CVE-2006-2848 (links.asp in aspWebLinks 2.0 allows remote attackers to change the ...)
	NOT-FOR-US: aspWebLinks
CVE-2006-2847 (SQL injection vulnerability in links.asp in aspWebLinks 2.0 allows ...)
	NOT-FOR-US: aspWebLinks
CVE-2006-2846 (Cross-site scripting (XSS) vulnerability in Print.PHP in VisionGate ...)
	NOT-FOR-US: VisionGate
CVE-2006-2845 (PHP remote file inclusion vulnerability in Redaxo 3.0 up to 3.2 allows ...)
	NOT-FOR-US: Redaxo
CVE-2006-2844 (Multiple PHP remote file inclusion vulnerabilities in Redaxo 3.0 allow ...)
	NOT-FOR-US: Redaxo
CVE-2006-2843 (PHP remote file inclusion vulnerability in Redaxo 2.7.4 allows remote ...)
	NOT-FOR-US: Redaxo
CVE-2006-2841 (Multiple PHP remote file inclusion vulnerabilities in AssoCIateD (aka ...)
	NOT-FOR-US: AssoCIateD
CVE-2006-2840 (Cross-site scripting (XSS) vulnerability in (1) uploads.php and (2) ...)
	NOT-FOR-US: PmWiki
CVE-2006-2839 (Directory traversal vulnerability in PG Problem Editor module ...)
	NOT-FOR-US: WeBWorK
CVE-2006-2838 (Buffer overflow in the web console in F-Secure Anti-Virus for ...)
	NOT-FOR-US: F-Secure
CVE-2006-2837 (Cross-site scripting (XSS) vulnerability in Techno Dreams Guest Book ...)
	NOT-FOR-US: Techno Dreams
CVE-2006-2836 (SQL injection vulnerability in comment.php in Pineapple Technologies ...)
	NOT-FOR-US: Pineapple Technologies Lore
CVE-2006-2835 (SQL injection vulnerability in saphplesson 2.0 allows remote attackers ...)
	NOT-FOR-US: saphplesson
CVE-2006-2834 (PHP remote file inclusion vulnerability in includes/common.php in ...)
	NOT-FOR-US: gnopaste
CVE-2006-2833 (Cross-site scripting (XSS) vulnerability in the taxonomy module in ...)
	{DSA-1125}
	- drupal 4.5.8-1.1 (medium)
CVE-2006-2832 (Cross-site scripting (XSS) vulnerability in the upload module ...)
	{DSA-1125}
	- drupal 4.5.8-1.1 (medium)
CVE-2006-2831 (Drupal 4.6.x before 4.6.8 and 4.7.x before 4.7.2, when running under ...)
	{DSA-1125}
	NOTE: Although not in the changelog, sesse@ (responsible for 4.5.8-1.1)
	NOTE: says he pulled in the entire patch for DRUPAL-SA-2006-007, which
	NOTE: fixes CVE-2006-2831.
	- drupal 4.5.8-1.1 (medium)
CVE-2006-2830 (Buffer overflow in TIBCO Rendezvous before 7.5.1, TIBCO Runtime Agent ...)
	NOT-FOR-US: TIBCO
CVE-2006-2829 (Buffer overflow in Hawk Monitoring Agent (HMA) for TIBCO Hawk before ...)
	NOT-FOR-US: TIBCO
CVE-2006-2828 (Global variable overwrite vulnerability in PHP-Nuke allows remote ...)
	NOT-FOR-US: PHP-Nuke
CVE-2006-2827 (** DISPUTED ** ...)
	NOT-FOR-US: X-Cart
CVE-2006-2826 (SQL injection vulnerability in sessions.inc in PHP Base Library ...)
	NOT-FOR-US: PHPLIB
CVE-2006-2825 (cPanel does not automatically synchronize the PHP open_basedir ...)
	NOT-FOR-US: cPanel the vhost manager, not cpanel the Chinese desktop configuration tool
CVE-2006-2824 (Logicalware MailManager before 2.0.10 does not remove 0xc8 0x27 (0xc8 ...)
	NOT-FOR-US: Logicalware
CVE-2006-2823 (Katrien De Graeve a.shopKart 2.0 (aka ashopKart20) stores sensitive ...)
	NOT-FOR-US: ashopKart
CVE-2006-2822 (SQL injection vulnerability in admin/default.asp in Dusan Drobac ...)
	NOT-FOR-US: cforum
CVE-2006-2821 (Multiple cross-site scripting (XSS) vulnerabilities in DeltaScripts ...)
	NOT-FOR-US: DeltaScripts
CVE-2006-2820 (Cross-site scripting (XSS) vulnerability in HotWebScripts.com Weblog ...)
	NOT-FOR-US: HotWebScripts
CVE-2006-2819 (PHP remote file inclusion vulnerability in Wiki.php in Barnraiser ...)
	NOT-FOR-US: Barnraiser Igloo
CVE-2006-2818 (PHP remote file inclusion vulnerability in common-menu.php in Cameron ...)
	NOT-FOR-US: Cameron McKay Informium
CVE-2006-2817 (SQL injection vulnerability in bolum.php in tekno.Portal allows remote ...)
	NOT-FOR-US: tekno.Portal
CVE-2006-2816 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...)
	NOT-FOR-US: CoolPHP
CVE-2006-2815 (Multiple cross-site scripting (XSS) vulnerabilities in Two Shoes ...)
	NOT-FOR-US: SimpleBoard
CVE-2006-2814 (Multiple buffer overflows in the (1) vGetPost and (2) main functions ...)
	NOT-FOR-US: iShopCart
CVE-2006-2813 (Directory traversal vulnerability in easy-scart.cgi in iShopCart ...)
	NOT-FOR-US: iShopCart
CVE-2006-2812 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...)
	NOT-FOR-US: PICRATE
CVE-2006-2811 (Multiple PHP remote file inclusion vulnerabilities in Cantico ...)
	NOT-FOR-US: Ovidentia
CVE-2006-2810 (Multiple cross-site scripting (XSS) vulnerabilities in Belchior ...)
	NOT-FOR-US: Belchior vCard
CVE-2006-2809 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...)
	NOT-FOR-US: ar-blog
CVE-2006-2808 (Cross-site scripting (XSS) vulnerability in Lycos Tripod htmlGEAR ...)
	NOT-FOR-US: Lycos
CVE-2006-2807 (ASPwebSoft Speedy Asp Discussion Forum allows remote attackers to ...)
	NOT-FOR-US: ASPwebSoft
CVE-2006-2806 (The SMTP server in Apache Java Mail Enterprise Server (aka Apache ...)
	NOT-FOR-US: Apache James
CVE-2005-2468 (Multiple SQL injection vulnerabilities in MySQL Eventum 1.5.5 and ...)
	NOT-FOR-US: MySQL Eventum
CVE-2005-2467 (Multiple cross-site scripting (XSS) vulnerabilities in MySQL Eventum ...)
	NOT-FOR-US: MySQL Eventum
CVE-2005-2466 (Multiple SQL injection vulnerabilities in the auth_user function in ...)
	NOT-FOR-US: OpenBook
CVE-2005-2465 (Cross-site scripting (XSS) vulnerability in pm.php in PCXP/TOPPE CMS ...)
	NOT-FOR-US: PC-EXPERIENCE/TOPPE CMS
CVE-2005-2464 (login.php in PCXP/TOPPE CMS allows remote attackers to bypass ...)
	NOT-FOR-US: PC-EXPERIENCE/TOPPE CMS
CVE-2005-2463 (Kayako liveResponse 2.x allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: Kayako liveResponse
CVE-2005-2462 (Kayako liveResponse 2.x, when logging in a user, records the password ...)
	NOT-FOR-US: Kayako liveResponse
CVE-2005-2461 (Multiple SQL injection vulnerabilities in the calendar feature in ...)
	NOT-FOR-US: Kayako liveResponse
CVE-2005-2460 (Multiple cross-site scripting (XSS) vulnerabilities in Kayako ...)
	NOT-FOR-US: Kayako liveResponse
CVE-2006-2842 (** DISPUTED ** ...)
	- squirrelmail 2:1.4.7-1 (unimportant; bug #373731)
	NOTE: Only exploitable with register_globals enabled
CVE-2006-XXXX [webalizer: symlink vulnerability]
	- webalizer 2.01.10-29 (low; bug #359745)
	[sarge] - webalizer <no-dsa> (Minor issue)
	NOTE: Only exploitable in far-fetched scenarios, running it as root is insecure anyway
CVE-2006-2805 (SQL injection vulnerability in VBulletin 3.0.10 allows remote ...)
	NOT-FOR-US: vBulletin
CVE-2006-2804 (Cross-site scripting (XSS) vulnerability in index.cfm in Goss ...)
	NOT-FOR-US: Goss iCM
CVE-2006-2803 (Multiple cross-site scripting (XSS) vulnerabilities in PHP ManualMaker ...)
	NOT-FOR-US: PHP ManualMaker
CVE-2006-2802 (Buffer overflow in the HTTP Plugin (xineplug_inp_http.so) for xine-lib ...)
	{DSA-1105}
	- xine-lib 1.1.1-2 (bug #369876; medium)
CVE-2006-2801 (Multiple SQL injection vulnerabilities in Unak CMS 1.5 RC2 and earlier ...)
	NOT-FOR-US: Unak CMS
CVE-2006-2800 (Multiple cross-site scripting (XSS) vulnerabilities in Unak CMS 1.5 ...)
	NOT-FOR-US: Unak CMS
CVE-2006-2799 (Cross-site scripting (XSS) vulnerability in content_footer.php in ...)
	NOT-FOR-US: toendaCMS
CVE-2006-2798 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
	NOT-FOR-US: phpCommunityCalendar
CVE-2006-2797 (Multiple SQL injection vulnerabilities in phpCommunityCalendar 4.0.3 ...)
	NOT-FOR-US: phpCommunityCalendar
CVE-2006-2796 (Cross-site scripting (XSS) vulnerability in gallery.php in Captivate ...)
	NOT-FOR-US: Captivate gallery.php
CVE-2006-2795 (Multiple cross-site scripting (XSS) vulnerabilities in XiTi Tracking ...)
	NOT-FOR-US: XiTi Tracking Script
CVE-2006-2794 (Hesabim.asp in ASPSitem 2.0 and earlier allows remote attackers to ...)
	NOT-FOR-US: ASPSitem
CVE-2006-2793 (SQL injection vulnerability in Anket.asp in ASPSitem 2.0 and earlier ...)
	NOT-FOR-US: ASPSitem
CVE-2006-2792 (SQL injection vulnerability in misc.php in Woltlab Burning Board (WBB) ...)
	NOT-FOR-US: wbboard
CVE-2006-2791 (Directory traversal vulnerability in index.php in iBoutique.MALL and ...)
	NOT-FOR-US: iBoutique.MALL
CVE-2006-2790 (A package component in Sun Storage Automated Diagnostic Environment ...)
	NOT-FOR-US: Sun StorADE
CVE-2006-2789 (Evolution 2.2.x and 2.3.x in GNOME 2.7 and 2.8, when &quot;load images if ...)
	- evolution 2.4.0-1 (low)
	[sarge] - evolution <not-affected> (Not reproducible on Sarge's evolution)
	NOTE: Verified that the patch has been applied in 2.4.0-1,
	NOTE: may have been fixed earlier.
CVE-2006-2788 (Double free vulnerability in the getRawDER function for nsIX509Cert in ...)
	{DSA-1210 DSA-1192-1 DSA-1191-1}
	- mozilla <unfixed> (high)
	- firefox 1.5.dfsg+1.5.0.4 (high)
	- xulrunner 1.8.0.4-1 (high)
CVE-2006-2787 (EvalInSandbox in Mozilla Firefox and Thunderbird before 1.5.0.4 allows ...)
	{DSA-1134-1 DSA-1120 DSA-1118}
	NOTE: MFSA-2006-31
	- firefox 1.5.dfsg+1.5.0.4-1 (medium)
	- thunderbird 1.5.0.4-1 (medium)
	- mozilla 2:1.7.13-0.3 (medium)
	- xulrunner 1.8.0.4-1 (medium)
CVE-2006-2786 (HTTP response smuggling vulnerability in Mozilla Firefox and ...)
	{DSA-1134-1 DSA-1120 DSA-1118}
	NOTE: MFSA-2006-33
	- firefox 1.5.dfsg+1.5.0.4-1 (medium)
	- thunderbird 1.5.0.4-1 (medium)
	- mozilla 2:1.7.13-0.3 (medium)
	- xulrunner 1.8.0.4-1 (medium)
CVE-2006-2785 (Cross-site scripting (XSS) vulnerability in Mozilla Firefox before ...)
	{DSA-1134-1 DSA-1120 DSA-1118}
	NOTE: MFSA-2006-34
	- firefox 1.5.dfsg+1.5.0.4-1 (medium)
	- mozilla 2:1.7.13-0.3 (medium)
	- xulrunner 1.8.0.4-1 (medium)
CVE-2006-2784 (The PLUGINSPAGE functionality in Mozilla Firefox before 1.5.0.4 allows ...)
	{DSA-1134-1 DSA-1120 DSA-1118}
	NOTE: MFSA-2006-36
	- firefox 1.5.dfsg+1.5.0.4-1 (medium)
	- mozilla <unfixed> (medium)
	- xulrunner 1.8.0.4-1 (medium)
CVE-2006-2783 (Mozilla Firefox and Thunderbird before 1.5.0.4 strips the Unicode ...)
	{DSA-1134-1 DSA-1120 DSA-1118}
	NOTE: MFSA-2006-42
	- firefox 1.5.dfsg+1.5.0.4-1 (medium)
	- thunderbird 1.5.0.4-1 (medium)
	- mozilla 2:1.7.13-0.3 (medium)
	- xulrunner 1.8.0.4-1 (medium)
CVE-2006-2782 (Firefox 1.5.0.2 does not fix all test cases associated with ...)
	{DSA-1134-1 DSA-1120 DSA-1118}
	NOTE: MFSA-2006-41
	- firefox 1.5.dfsg+1.5.0.4-1 (medium)
	- mozilla 2:1.7.13-0.3 (medium)
	- xulrunner 1.8.0.4-1 (medium)
CVE-2006-2781 (Double free vulnerability in nsVCard.cpp in Mozilla Thunderbird before ...)
	{DSA-1134-1 DSA-1118}
	NOTE: MFSA-2006-40
	- thunderbird 1.5.0.4-1 (high)
	- mozilla 2:1.7.13-0.3 (high)
CVE-2006-2780 (Integer overflow in Mozilla Firefox and Thunderbird before 1.5.0.4 ...)
	{DSA-1134-1 DSA-1120 DSA-1118}
	NOTE: MFSA-2006-32
	- firefox 1.5.dfsg+1.5.0.4-1 (high)
	- thunderbird 1.5.0.4-1 (high)
	- mozilla 2:1.7.13-0.3 (high)
	- xulrunner 1.8.0.4-1 (high)
CVE-2006-2779 (Mozilla Firefox and Thunderbird before 1.5.0.4 allow remote attackers ...)
	{DSA-1160 DSA-1159 DSA-1134-1 DSA-1120 DSA-1118}
	NOTE: MFSA-2006-32
	- firefox 1.5.dfsg+1.5.0.4-1 (high)
	- thunderbird 1.5.0.4-1 (high)
	- mozilla 2:1.7.13-0.3 (high)
	- xulrunner 1.8.0.4-1 (high)
CVE-2006-2778 (The crypto.signText function in Mozilla Firefox and Thunderbird before ...)
	{DSA-1134-1 DSA-1120 DSA-1118}
	NOTE: MFSA-2006-38
	- firefox 1.5.dfsg+1.5.0.4-1 (high)
	- thunderbird 1.5.0.4-1 (high)
	- mozilla 2:1.7.13-0.3 (high)
	- xulrunner 1.8.0.4-1 (high)
CVE-2006-2777 (Unspecified vulnerability in Mozilla Firefox before 1.5.0.4 and ...)
	{DSA-1134-1 DSA-1120 DSA-1118}
	NOTE: MFSA-2006-43
	- firefox 1.5.dfsg+1.5.0.4-1 (high)
	- mozilla 2:1.7.13-0.3 (high)
	- xulrunner 1.8.0.4-1 (high)
CVE-2006-2776 (Certain privileged UI code in Mozilla Firefox and Thunderbird before ...)
	{DSA-1134-1 DSA-1120 DSA-1118}
	NOTE: MFSA-2006-37
	- firefox 1.5.dfsg+1.5.0.4-1 (high)
	- thunderbird 1.5.0.4-1 (high)
	- mozilla 2:1.7.13-0.3 (high)
	- xulrunner 1.8.0.4-1 (high)
CVE-2006-2775 (Mozilla Firefox and Thunderbird before 1.5.0.4 associates XUL ...)
	{DSA-1134-1 DSA-1120 DSA-1118}
	NOTE: MFSA-2006-35
	- firefox 1.5.dfsg+1.5.0.4-1 (high)
	- thunderbird 1.5.0.4-1 (high)
	- mozilla 2:1.7.13-0.3 (high)
	- xulrunner 1.8.0.4-1 (high)
CVE-2006-2774 (Cross-site scripting (XSS) vulnerability in search.php in QontentOne ...)
	NOT-FOR-US: QontentOne
CVE-2006-2773 (admin/redigera/redigera2.asp in Hogstorps hogstorp Guestbook 2.0 does ...)
	NOT-FOR-US: Hogstorps
CVE-2006-2772 (Cross-site scripting (XSS) vulnerability in add.asp in Hogstorps ...)
	NOT-FOR-US: Hogstorps
CVE-2006-2771 (admin/radera/tabort.asp in Hogstorps hogstorp guestbook 2.0 does not ...)
	NOT-FOR-US: Hogstorps
CVE-2006-2770 (Directory traversal vulnerability in randompic.php in pppBLOG 0.3.8 ...)
	NOT-FOR-US: pppBLOG
CVE-2006-2769 (The HTTP Inspect preprocessor (http_inspect) in Snort 2.4.0 through ...)
	- snort 2.3.3-8 (low; bug #381726)
	[sarge] - snort <no-dsa> (Minor impact)
CVE-2006-2768 (PHP remote file inclusion vulnerability in METAjour 2.1, when ...)
	NOT-FOR-US: METAjour
CVE-2006-2767 (PHP remote file inclusion vulnerability in Ottoman 1.1.2, when ...)
	NOT-FOR-US: Ottoman
CVE-2006-2766 (Buffer overflow in INETCOMM.DLL, as used in Microsoft Internet ...)
	NOT-FOR-US: Microsoft
CVE-2006-2765 (Cross-site scripting (XSS) vulnerability in news_information.php in ...)
	NOT-FOR-US: Interlink
CVE-2006-2764 (Cross-site scripting (XSS) vulnerability in GuestbookXL 1.3 allows ...)
	NOT-FOR-US: GuestbookXL
CVE-2006-2763 (SQL injection vulnerability in Pre News Manager 1.0 allows remote ...)
	NOT-FOR-US: Pre News Manager
CVE-2006-2762 (PHP remote file inclusion vulnerability in includes/config.php in ...)
	{DSA-1096-1}
	- webcalendar 1.0.4-1 (medium)
CVE-2006-2761 (SQL injection vulnerability in Hitachi HITSENSER3 HITSENSER3/PRP, ...)
	NOT-FOR-US: Hitachi
CVE-2006-2760 (SQL injection vulnerability in modules.php in 4nNukeWare 4nForum 0.91 ...)
	NOT-FOR-US: 4nForum
CVE-2006-2759 (jetty 6.0.x (jetty6) beta16 allows remote attackers to read arbitrary ...)
	- jetty <not-affected> (vulnerable code not in Debian version)
CVE-2006-2758 (Directory traversal vulnerability in jetty 6.0.x (jetty6) beta16 ...)
	- jetty <not-affected> (vulnerable code not in Debian version)
CVE-2006-2757 (Cross-site scripting (XSS) vulnerability in Chipmunk guestbook allows ...)
	NOT-FOR-US: Chipmunk guestbook
CVE-2006-2756 (Eitsop My Web Server 1.0 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Eitsop
CVE-2006-2755 (Cross-site scripting (XSS) vulnerability in index.php in UBBThreads ...)
	NOT-FOR-US: UBBThreads
CVE-2006-2754 (Stack-based buffer overflow in st.c in slurpd for OpenLDAP before ...)
	- openldap2.3 2.3.24-1 (bug #375494; bug #377047; unimportant)
	NOTE: File is only written and read by slurpd, only editable by root
CVE-2006-2752 (The RedCarpet /etc/ximian/rcd.conf configuration file in Novell Linux ...)
	NOT-FOR-US: RedCarpet
CVE-2006-2751 (Cross-site scripting (XSS) vulnerability in Open Searchable Image ...)
	NOT-FOR-US: OSIC
CVE-2006-2750 (Cross-site scripting (XSS) vulnerability in the do_mysql_query ...)
	NOT-FOR-US: OSIC
CVE-2006-2749 (SQL injection vulnerability in search.php in Open Searchable Image ...)
	NOT-FOR-US: OSIC
CVE-2006-2748 (SQL injection vulnerability in the do_mysql_query function in core.php ...)
	NOT-FOR-US: OSIC
CVE-2006-2747 (Directory traversal vulnerability in index.php in PhpMyDesktop|arcade ...)
	NOT-FOR-US: PhpMyDesktop
CVE-2006-2746 (Multiple cross-site scripting (XSS) vulnerabilities in F@cile ...)
	NOT-FOR-US: F@cile
CVE-2006-2745 (Multiple PHP remote file inclusion vulnerabilities in F@cile ...)
	NOT-FOR-US: F@cile
CVE-2006-2744 (PHP remote file inclusion vulnerability in p-popupgallery.php in ...)
	NOT-FOR-US: F@cile
CVE-2006-2743 (Drupal 4.6.x before 4.6.7 and 4.7.0, when running on Apache with ...)
	{DSA-1125}
	- drupal 4.5.8-1.1 (bug #368835; medium)
CVE-2006-2742 (SQL injection vulnerability in Drupal 4.6.x before 4.6.7 and 4.7.0 ...)
	{DSA-1125}
	- drupal 4.5.8-1.1 (medium)
CVE-2006-2741 (Cross-site scripting (XSS) vulnerability in Epicdesigns tinyBB 0.3 ...)
	NOT-FOR-US: tinyBB
CVE-2006-2740 (Multiple SQL injection vulnerabilities in Epicdesigns tinyBB 0.3 allow ...)
	NOT-FOR-US: tinyBB
CVE-2006-2739 (PHP remote file inclusion vulnerability in footers.php in Epicdesigns ...)
	NOT-FOR-US: tinyBB
CVE-2006-2738 (The open source version of Open-Xchange 0.8.2 and earlier uses a ...)
	NOT-FOR-US: Open-Xchange
CVE-2006-2737 (utilities/register.asp in Nukedit 4.9.6 and earlier allows remote ...)
	NOT-FOR-US: Nukedit
CVE-2006-2736 (PHP remote file inclusion vulnerability in blend_data/blend_common.php ...)
	NOT-FOR-US: Blend Portal
CVE-2006-2735 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: Amod
CVE-2006-2734 (enter.asp in Mini-Nuke 2.3 and earlier makes it easier for remote ...)
	NOT-FOR-US: Mini-Nuke
CVE-2006-2733 (membership.asp in Mini-Nuke 2.3 and earlier uses plaintext security ...)
	NOT-FOR-US: Mini-Nuke
CVE-2006-2732 (SQL injection vulnerability in Your_Account.asp in Mini-Nuke 2.3 and ...)
	NOT-FOR-US: Mini-Nuke
CVE-2006-2731 (Multiple SQL injection vulnerabilities in Enigma Haber 4.3 and earlier ...)
	NOT-FOR-US: Enigma Haber
CVE-2006-2730 (PHP remote file inclusion vulnerability in admin/lib_action_step.php ...)
	NOT-FOR-US: Hot Open Tickets
CVE-2006-2729 (Cross-site scripting (XSS) vulnerability in superalbum/index.php in ...)
	NOT-FOR-US: Photoalbum
CVE-2006-2728 (Cross-site scripting (XSS) vulnerability in superalbum/index.php in ...)
	NOT-FOR-US: Photoalbum
CVE-2006-2727 (home/register.php in Eggblog before 3.0 allows remote attackers to ...)
	NOT-FOR-US: Eggblog
CVE-2006-2726 (PHP remote file inclusion vulnerability in Fastpublish CMS 1.6.9.d ...)
	NOT-FOR-US: Fastpublish
CVE-2006-2725 (SQL injection vulnerability in rss/posts.php in Eggblog before 3.07 ...)
	NOT-FOR-US: Eggblog
CVE-2006-2724 (Cross-site scripting (XSS) vulnerability in PunBB 1.2.11 allows remote ...)
	NOT-FOR-US: PunBB
CVE-2006-2723 (Unspecified versions of Mozilla Firefox allow remote attackers to ...)
	- firefox <removed> (unimportant)
	- iceweasel <unfixed> (unimportant)
	- mozilla <unfixed> (unimportant)
	- mozilla-firefox <unfixed> (unimportant)
	- xulrunner <unfixed> (unimportant)
	NOTE: Non-issue
CVE-2006-2722 (SQL injection vulnerability in view_album.php in SelectaPix 1.4 allows ...)
	NOT-FOR-US: SelectaPix
CVE-2006-2721 (Cross-site scripting (XSS) vulnerability in news.php in VARIOMAT ...)
	NOT-FOR-US: VARIOMAT
CVE-2006-2720 (SQL injection vulnerability in news.php in VARIOMAT allows remote ...)
	NOT-FOR-US: VARIOMAT
CVE-2006-2719 (JIWA Financials 6.4.14 stores usernames and passwords for all accounts ...)
	NOT-FOR-US: JIWA
CVE-2006-2718 (JIWA Financials 6.4.14 passes a Microsoft SQL Server account's ...)
	NOT-FOR-US: JIWA
CVE-2006-2717 (Unspecified vulnerability in Secure Elements Class 5 AVR client and ...)
	NOT-FOR-US: C5 EVM
CVE-2006-2716 (Secure Elements Class 5 AVR server (aka C5 EVM) before 2.8.1 uses a ...)
	NOT-FOR-US: C5 EVM
CVE-2006-2715 (The Administration Console in Secure Elements Class 5 AVR (aka C5 EVM) ...)
	NOT-FOR-US: C5 EVM
CVE-2006-2714 (Secure Elements Class 5 AVR client (aka C5 EVM) before 2.8.1 does not ...)
	NOT-FOR-US: C5 EVM
CVE-2006-2713 (Secure Elements Class 5 AVR client (aka C5 EVM) before 2.8.1 generates ...)
	NOT-FOR-US: C5 EVM
CVE-2006-2712 (Secure Elements Class 5 AVR (aka C5 EVM) client and server before ...)
	NOT-FOR-US: C5 EVM
CVE-2006-2711 (Secure Elements Class 5 AVR (aka C5 EVM) 2.8.1 and earlier, and ...)
	NOT-FOR-US: C5 EVM
CVE-2006-2710 (Secure Elements Class 5 AVR (aka C5 EVM) before 2.8.1 uses the same ...)
	NOT-FOR-US: C5 EVM
CVE-2006-2709 (Secure Elements Class 5 AVR (aka C5 EVM) before 2.8.1 do not validate ...)
	NOT-FOR-US: C5 EVM
CVE-2006-2708 (Secure Elements Class 5 AVR client (aka C5 EVM) before 2.8.1 allows ...)
	NOT-FOR-US: C5 EVM
CVE-2006-2707 (Secure Elements Class 5 AVR server (aka C5 EVM) before 2.8.1 does not ...)
	NOT-FOR-US: C5 EVM
CVE-2006-2706 (Secure Elements Class 5 AVR server (aka C5 EVM) before 2.8.1 allows ...)
	NOT-FOR-US: C5 EVM
CVE-2006-2705 (Secure Elements Class 5 AVR server (aka C5 EVM) before 2.8.1 allows ...)
	NOT-FOR-US: C5 EVM
CVE-2006-2704 (Secure Elements Class 5 AVR server and client (aka C5 EVM) before ...)
	NOT-FOR-US: C5 EVM
CVE-2006-2703 (The RedCarpet command-line client (rug) does not verify SSL ...)
	NOT-FOR-US: RedCarpet
CVE-2006-2702 (vars.php in WordPress 2.0.2, possibly when running on Mac OS X, allows ...)
	- wordpress 2.0.3-1 (bug #369014; medium)
CVE-2006-2701 (SQL injection vulnerability in Geeklog 1.4.0sr2 and earlier allows ...)
	NOT-FOR-US: Geeklog
CVE-2006-2700 (SQL injection vulnerability in admin/auth.inc.php in Geeklog 1.4.0sr2 ...)
	NOT-FOR-US: Geeklog
CVE-2006-2699 (Cross-site scripting (XSS) vulnerability in getimage.php in Geeklog ...)
	NOT-FOR-US: Geeklog
CVE-2006-2698 (Geeklog 1.4.0sr2 and earlier allows remote attackers to obtain the ...)
	NOT-FOR-US: Geeklog
CVE-2006-2697 (Multiple SQL injection vulnerabilities in Easy-Content Forums 1.0 ...)
	NOT-FOR-US: Easy-Content
CVE-2006-2696 (Cross-site scripting (XSS) vulnerabilities in Easy-Content Forums 1.0 ...)
	NOT-FOR-US: Easy-Content
CVE-2006-2695 (admin/upprocess.php in DGNews 1.5 and earlier allows remote attackers ...)
	NOT-FOR-US: DGNews
CVE-2006-2694 (Multiple PHP remote file inclusion vulnerabilities in EzUpload Pro ...)
	NOT-FOR-US: EzUpload
CVE-2006-2693 (Directory traversal vulnerability in admin/admin_hacks_list.php in ...)
	NOT-FOR-US: Nivisec
CVE-2006-2692 (Multiple unspecified vulnerabilities in aMuleWeb for AMule before ...)
	- amule 2.1.2-1 (medium)
CVE-2006-2691 (Unspecified &quot;information leakage&quot; vulnerabilities in aMuleWeb for ...)
	- amule 2.1.2-1 (medium)
CVE-2006-2690 (An unspecified script in EVA-Web 2.1.2 and earlier, probably ...)
	NOT-FOR-US: EVA-Web
CVE-2006-2689 (Multiple cross-site scripting (XSS) vulnerabilities in EVA-Web 2.1.2 ...)
	NOT-FOR-US: EVA-Web
CVE-2006-2688 (SQL injection vulnerability in the employees node (class.employee.inc) ...)
	NOT-FOR-US: Achievo
CVE-2006-2687 (Cross-site scripting (XSS) vulnerability in adduser.php in PHP-AGTC ...)
	NOT-FOR-US: AGTC
CVE-2006-2686 (PHP remote file inclusion vulnerabilities in ActionApps 2.8.1 allow ...)
	NOT-FOR-US: ActionApps
CVE-2006-2685 (PHP remote file inclusion vulnerability in Basic Analysis and Security ...)
	- acidbase 1.2.5-1 (bug #370576; low)
CVE-2006-2684 (Cross-site scripting (XSS) vulnerability in the search module in CMS ...)
	NOT-FOR-US: Mundo
CVE-2006-2683 (PHP remote file inclusion vulnerability in 404.php in open-medium.CMS ...)
	NOT-FOR-US: open-medium
CVE-2006-2682 (PHP remote file inclusion vulnerability in BE_config.php in Back-End ...)
	NOT-FOR-US: Back-End
CVE-2006-2681 (PHP remote file inclusion vulnerability in SocketMail Lite and Pro ...)
	NOT-FOR-US: SocketMail
CVE-2006-2680 (Cross-site scripting (XSS) vulnerability in index.php in AZ Photo ...)
	NOT-FOR-US: AZ Photo Album
CVE-2006-2679 (Unspecified vulnerability in the VPN Client for Windows Graphical User ...)
	NOT-FOR-US: Cisco
CVE-2006-2678 (Multiple cross-site scripting (XSS) vulnerabilities in Pre News ...)
	NOT-FOR-US: Pre News Manager
CVE-2006-2677 (SiteScape Forum 7.2 and possibly earlier stores the avf.rc ...)
	NOT-FOR-US: SiteScape Forum
CVE-2006-2676 (Dispatch.cgi/_user/uservCard/ in SiteScape Forum 7.2 and possibly ...)
	NOT-FOR-US: SiteScape Forum
CVE-2006-2675 (PHP remote file inclusion vulnerability in ubbt.inc.php in UBBThreads ...)
	NOT-FOR-US: UBBThreads
CVE-2006-2674 (Multiple SQL injection vulnerabilities in Tamber Forum 1.9.13 and ...)
	NOT-FOR-US: Tamber Forum
CVE-2006-2673 (Cross-site scripting (XSS) vulnerability in search.html in Bulletin ...)
	NOT-FOR-US: Elite-Board
CVE-2006-2672 (Multiple cross-site scripting (XSS) vulnerabilities in Realty Pro One ...)
	NOT-FOR-US: Realty Pro One
CVE-2006-2671 (SQL injection vulnerability in ChatPat 1.0 allows remote attackers to ...)
	NOT-FOR-US: ChatPat
CVE-2006-2670 (Multiple cross-site scripting (XSS) vulnerabilities in ChatPat 1.0 ...)
	NOT-FOR-US: ChatPat
CVE-2006-2669 (Multiple cross-site scripting (XSS) vulnerabilities in Pre Shopping ...)
	NOT-FOR-US: Pre Shopping Mall
CVE-2006-2668 (Multiple PHP remote file inclusion vulnerabilities in Docebo LMS 2.05 ...)
	NOT-FOR-US: Docebo LMS
CVE-2006-2667 (Direct static code injection vulnerability in WordPress 2.0.2 and ...)
	- wordpress 2.0.3-1 (bug #369014; medium)
CVE-2006-2666 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: V-Webmail
CVE-2006-2665 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: V-Webmail
CVE-2006-2664 (Cross-site scripting (XSS) vulnerability in iFdate 1.2 allows remote ...)
	NOT-FOR-US: iFdate
CVE-2006-2663 (Multiple cross-site scripting (XSS) vulnerabilities in iFlance 1.1 ...)
	NOT-FOR-US: iFlance
CVE-2006-2662 (VMware Server before RC1 does not clear user credentials from memory ...)
	NOT-FOR-US: VMware Server
CVE-2006-2661 (ftutil.c in Freetype before 2.2 allows remote attackers to cause a ...)
	{DSA-1095-1}
	- freetype 2.2.1-1 (medium)
CVE-2006-2660 (Buffer consumption vulnerability in the tempnam function in PHP 5.1.4 ...)
	- php4 4:4.4.4-1 (unimportant)
	- php5 5.1.6-1 (unimportant)
	NOTE: using a long enough path (>MAXPATHLEN) allows you to have
	NOTE: tempnam create a file without the temp extension.  sounds like
	NOTE: another shoot yourself in the foot issue, since the local user
	NOTE: could just as easily create the file manually, and if the
	NOTE: tempnam function is taking unsanitized input, it's an
	NOTE: application error
CVE-2006-2658 (Directory traversal vulnerability in the xsp component in mod_mono in ...)
	- xsp 1.1.15-1
CVE-2006-2657
	REJECTED
CVE-2006-2655 (The build process for ypserv in FreeBSD 5.3 up to 6.1 accidentally ...)
	NOT-FOR-US: build process for ypserv in FreeBSD
CVE-2006-2654 (Directory traversal vulnerability in smbfs smbfs on FreeBSD 4.10 up to ...)
	NOT-FOR-US: FreeBSD-specific (see CVE-2006-1864 for Linux-specific CVE)
CVE-2006-2653 (Cross-site scripting (XSS) vulnerability in login_error.shtml for ...)
	NOT-FOR-US: D-Link
CVE-2006-2652 (Cross-site scripting (XSS) vulnerability in WikiNi 0.4.2 and earlier ...)
	NOT-FOR-US: WikiNi
CVE-2006-2651 (Cross-site scripting (XSS) vulnerability in index.php in Vacation ...)
	NOT-FOR-US: Vacation Rental Script
CVE-2006-2650 (SQL injection vulnerability in cosmicshop/search.php in ...)
	NOT-FOR-US: CosmicShoppingCart
CVE-2006-2649 (Multiple cross-site scripting (XSS) vulnerabilities in (a) search.php, ...)
	NOT-FOR-US: CosmicShoppingCart
CVE-2006-2648 (Cross-site scripting (XSS) vulnerability in perform_search.asp for ...)
	NOT-FOR-US: ASPBB
CVE-2006-2647 (Untrusted search path vulnerability in update_flash for IBM AIX 5.1, ...)
	NOT-FOR-US: IBM AIX
CVE-2006-2646 (Buffer overflow in Alt-N MDaemon, possibly 9.0.1 and earlier, allows ...)
	NOT-FOR-US: Alt-N MDaemon
CVE-2006-2645 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: Plume
CVE-2006-2644 (AWStats 6.5, and possibly other versions, allows remote authenticated ...)
	{DSA-1075-1}
	- awstats 6.5-2 (bug #365910)
CVE-2006-XXXX [specialy crafted WAV turns mkvmerge into a malloc bomb]
	- mkvtoolnix 1.7.0-2 (bug #370144; low)
CVE-2006-XXXX ['Cache' shell injection vulnerability]
	- wordpress 2.0.3-1 (high; bug #369014)
CVE-2006-2753 (SQL injection vulnerability in MySQL 4.1.x before 4.1.20 and 5.0.x ...)
	{DSA-1092-1}
	- mysql-dfsg <not-affected> (Vulnerable code was introduced in 4.1, see #369741)
	- mysql <not-affected> (Vulnerable code was introduced in 4.1, see #369754)
	- mysql-dfsg-5.0 5.0.22-1 (bug #369735; medium)
	- mysql-dfsg-4.1 <removed> (bug #369754; medium)
CVE-2006-2659 (libs/comverp.c in Courier MTA before 0.53.2 allows attackers to cause ...)
	{DSA-1101}
	- courier 0.53.2-1 (bug #368834)
CVE-2006-2656 (Stack-based buffer overflow in the tiffsplit command in libtiff 3.8.2 ...)
	{DSA-1091-1}
	- tiff 3.8.2-3 (bug #369819; low)
CVE-2006-2643 (Cross-site scripting (XSS) vulnerability in index.php in Monster Top ...)
	NOT-FOR-US: Monster Top List
CVE-2006-2642 (** UNVERIFIABLE ** ...)
	NOT-FOR-US: Php-residence
CVE-2006-2641 (** UNVERIFIABLE ** ...)
	NOT-FOR-US: John Frank Asset Manager
CVE-2006-2640 (Cross-site scripting (XSS) vulnerability in OmegaMw7a.ASP in OMEGA ...)
	NOT-FOR-US: OMEGA INterneSErvicesLosungen (INSEL)
CVE-2006-2639 (Cross-site scripting (XSS) vulnerability in the input forms in ...)
	NOT-FOR-US: PHPSimpleChoose
CVE-2006-2638 (SQL injection vulnerability in member.asp in qjForum allows remote ...)
	NOT-FOR-US: qjForum
CVE-2006-2637 (Cross-site scripting (XSS) vulnerability in view.php in TuttoPhp (1) ...)
	NOT-FOR-US: TuttoPhp
CVE-2006-2636 (newsadmin.asp in Katy Whitton NewsCMSLite allows remote attackers to ...)
	NOT-FOR-US: Katy Whitton NewsCMSLite
CVE-2006-2635 (Multiple cross-site scripting (XSS) vulnerabilities in Tikiwiki (aka ...)
	- tikiwiki 1.9.4-1 (medium)
CVE-2006-2634 (Cross-site scripting (XSS) vulnerability in Neocrome Land Down Under ...)
	NOT-FOR-US: Neocrome Seditio
CVE-2006-2633 (Absolute path traversal vulnerability in the copy action in index.php ...)
	NOT-FOR-US: Andrew Godwin ByteHoard
CVE-2006-2632 (Cross-site scripting (XSS) vulnerability in Andrew Godwin ByteHoard ...)
	NOT-FOR-US: Andrew Godwin ByteHoard
CVE-2006-2631 (phpFoX allows remote authenticated users to modify arbitrary accounts ...)
	NOT-FOR-US: phpFoX
CVE-2006-2630 (Stack-based buffer overflow in Symantec Antivirus 10.1 and Client ...)
	NOT-FOR-US: Symantec
CVE-2006-2629 (Race condition in Linux kernel 2.6.15 to 2.6.17, when running on SMP ...)
	- linux-2.6 2.6.18-1 (low)
CVE-2006-2628
	RESERVED
CVE-2006-2627
	RESERVED
CVE-2006-2626
	RESERVED
CVE-2006-2625
	RESERVED
CVE-2006-2624
	RESERVED
CVE-2006-2623
	RESERVED
CVE-2006-2622
	RESERVED
CVE-2006-2621
	RESERVED
CVE-2006-2620
	RESERVED
CVE-2006-2619
	RESERVED
CVE-2006-2618 (Cross-site scripting (XSS) vulnerability in (1) AlstraSoft Web Host ...)
	NOT-FOR-US: AlstraSoft Web Host Directory
CVE-2006-2617 ((1) AlstraSoft Web Host Directory 1.2, aka (2) HyperStop WebHost ...)
	NOT-FOR-US: AlstraSoft Web Host Directory
CVE-2006-2616 (SQL injection vulnerability in the search script in (1) AlstraSoft Web ...)
	NOT-FOR-US: AlstraSoft Web Host Directory
CVE-2006-2615 (ping.php in Russcom.Ping allows remote attackers to execute arbitrary ...)
	NOT-FOR-US: Russcom.Ping
CVE-2006-2614 (Sun N1 System Manager 1.1 for Solaris 10 before patch 121161-01 ...)
	NOT-FOR-US: Sun Solaris
CVE-2006-2613 (Mozilla Suite 1.7.13, Mozilla Firefox 1.5.0.3 and possibly other ...)
	NOTE: Installation path disclosure is uninteresting on Debian systems.
	NOTE: The profile path might be more sensitive, but exploit that
	NOTE: requires another, real security bug.
CVE-2006-2612 (Novell Client for Windows 4.8 and 4.9 does not restrict access to the ...)
	NOT-FOR-US: Novell Client for Windows
	NOTE: The Windows clipboard is a public resource anyway.
CVE-2006-2611 (Cross-site scripting (XSS) vulnerability in includes/Sanitizer.php in ...)
	- mediawiki1.7 <not-affected> (Fixed in 1.7 prior to release)
	- mediawiki1.5 <removed>
CVE-2006-2610 (Cross-site scripting (XSS) vulnerability in view.php in phpRaid 2.9.5 ...)
	NOT-FOR-US: phpRaid
CVE-2006-2609 (artmedic newsletter 4.1.2 and possibly other versions, when ...)
	NOT-FOR-US: artmedic newsletter
CVE-2006-2608 (artmedic newsletter 4.1 and possibly other versions, when ...)
	NOT-FOR-US: artmedic newsletter
CVE-2004-2660 (Memory leak in direct-io.c in Linux kernel 2.6.x before 2.6.10 allows ...)
	- linux-2.6 <not-affected> (fixed before the first upload)
CVE-2003-1301 (Sun Java Runtime Environment (JRE) 1.x before 1.4.2_11 and 1.5.x ...)
	- sun-java5 1.5.0-06-1 (low; bug #384734)
CVE-2006-XXXX [mono xsp file disclosure]
	- xsp 1.1.15-1 (medium)
CVE-2006-2607 (do_command.c in Vixie cron (vixie-cron) 4.1 does not check the return ...)
	- cron 3.0pl1-64 (bug #85609; bug #86775; medium)
CVE-2006-2606 (Cross-site scripting (XSS) vulnerability in Chatty, possibly 1.0.2 and ...)
	NOT-FOR-US: Chatty
CVE-2006-2605 (Cross-site scripting (XSS) vulnerability in DSChat 1.0 and earlier ...)
	NOT-FOR-US: DSChat
CVE-2006-2604
	REJECTED
CVE-2006-2603
	REJECTED
CVE-2006-2602
	REJECTED
CVE-2006-2601
	REJECTED
CVE-2006-2600
	REJECTED
CVE-2006-2599
	REJECTED
CVE-2006-2598
	REJECTED
CVE-2006-2597
	REJECTED
CVE-2006-2596
	REJECTED
CVE-2006-2595
	REJECTED
CVE-2006-2594
	REJECTED
CVE-2006-2593
	REJECTED
CVE-2006-2592 (Unspecified vulnerability in DSChat 1.0 allows remote attackers to ...)
	NOT-FOR-US: DSChat
CVE-2006-2591 (Unspecified vulnerability in e107 before 0.7.5 has unknown impact and ...)
	NOT-FOR-US: e107
CVE-2006-2590 (SQL injection vulnerability in e107 before 0.7.5 allows remote ...)
	NOT-FOR-US: e107
CVE-2006-2589 (SQL injection vulnerability in rss.php in MyBB (aka MyBulletinBoard) ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2006-2588 (Russcom PHPImages allows remote attackers to upload files of arbitrary ...)
	NOT-FOR-US: Russcom PHPImages
CVE-2006-2587 (Buffer overflow in the WebTool HTTP server component in (1) PunkBuster ...)
	NOT-FOR-US: WebTool HTTP server
CVE-2006-2586 (Cross-site scripting (XSS) vulnerability in IpLogger 1.7 and earlier ...)
	NOT-FOR-US: IpLogger
CVE-2006-2585 (SQL injection vulnerability in Destiney Links Script 2.1.2 allows ...)
	NOT-FOR-US: Destiney Links Script
CVE-2006-2584 (Multiple cross-site scripting (XSS) vulnerabilities in post.php in ...)
	NOT-FOR-US: SkyeBox
CVE-2006-2583 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: Nucleus
CVE-2006-2582 (The editing form in RWiki 2.1.0pre1 through 2.1.0 allows remote ...)
	NOT-FOR-US: RWiki
CVE-2006-2581 (Cross-site scripting (XSS) vulnerability in Wiki content in RWiki ...)
	NOT-FOR-US: RWiki
CVE-2005-4806 (Multiple unspecified vulnerabilities in Sun Java System Web Proxy ...)
	NOT-FOR-US: Sun Java System Web Proxy Server
CVE-2005-4805 (Unspecified vulnerability in Sun Java System Application Server 7 ...)
	NOT-FOR-US: Sun Java System Application Server
CVE-2005-4804 (Unspecified vulnerability in Sun Java System Application Server ...)
	NOT-FOR-US: Sun Java System Application Server
CVE-2006-2580 (Multiple unspecified vulnerabilities in HP OpenView Network Node ...)
	NOT-FOR-US: HP OpenView Network Node Manager
CVE-2006-2579 (Unspecified vulnerability in HP OpenView Storage Data Protector 5.1 ...)
	NOT-FOR-US: HP OpenView Storage Data Protector
CVE-2006-2578 (admin/cron.php in eSyndicat Directory 1.2, when register_globals is ...)
	NOT-FOR-US: eSyndicat Directory
CVE-2006-2577 (Multiple PHP remote file inclusion vulnerabilities in Docebo 3.0.3 and ...)
	NOT-FOR-US: Docebo
CVE-2006-2576 (Multiple PHP remote file inclusion vulnerabilities in Docebo 3.0.3 and ...)
	NOT-FOR-US: Docebo
CVE-2006-2575 (The setFrame function in Lib/2D/Surface.hpp for NetPanzer 0.8 and ...)
	- netpanzer 0.8+svn20060319-2 (bug #370146; low)
	[sarge] - netpanzer <no-dsa> (Minor DoS against a game)
CVE-2006-2574 (Multiple unspecified vulnerabilities in Software Distributor in HP-UX ...)
	NOT-FOR-US: Software Distributor in HP-UX
CVE-2006-2573 (SQL injection vulnerability in index.php in DGBook 1.0, with ...)
	NOT-FOR-US: DGBook
CVE-2006-2572 (Cross-site scripting (XSS) vulnerability in index.php in DGBook 1.0 ...)
	NOT-FOR-US: DGBook
CVE-2006-2571 (Cross-site scripting (XSS) vulnerability in search.html in Alkacon ...)
	NOT-FOR-US: Alkacon OpenCms
CVE-2006-2570 (PHP remote file inclusion vulnerability in CaLogic Calendars 1.2.2 ...)
	NOT-FOR-US: CaLogic Calendars
CVE-2006-2569 (SQL injection vulnerability in links.php in 4R Linklist 1.0 RC2 and ...)
	NOT-FOR-US: Linklist
CVE-2006-2568 (PHP remote file inclusion vulnerability in addpost_newpoll.php in ...)
	NOT-FOR-US: UBB.threads
CVE-2006-2567 (Cross-site scripting (XSS) vulnerability in submit_article.php in ...)
	NOT-FOR-US: Alstrasoft Article Manager Pro
CVE-2006-2566 (Alstrasoft Article Manager Pro 1.6 allows remote attackers to obtain ...)
	NOT-FOR-US: Alstrasoft Article Manager Pro
CVE-2006-2565 (SQL injection vulnerability in Alstrasoft Article Manager Pro 1.6 ...)
	NOT-FOR-US: Alstrasoft Article Manager Pro
CVE-2006-2564 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...)
	NOT-FOR-US: Alstrasoft Article Manager Pro
CVE-2006-2563 (The cURL library (libcurl) in PHP 4.4.2 and 5.1.4 allows attackers to ...)
	- php4 4:4.4.4-1 (bug #370166; unimportant)
	- php5 5.1.6-1 (bug #370165; unimportant)
	NOTE: Safe mode violations are not supported
CVE-2006-2562 (ZyXEL P-335WT router allows remote attackers to bypass access ...)
	NOT-FOR-US: ZyXEL P-335WT router
CVE-2006-2561 (Edimax BR-6104K router allows remote attackers to bypass access ...)
	NOT-FOR-US: Edimax BR-6104K router
CVE-2006-2560 (Sitecom WL-153 router firmware before 1.38 allows remote attackers to ...)
	NOT-FOR-US: Sitecom WL-153 router
CVE-2006-2559 (Linksys WRT54G Wireless-G Broadband Router allows remote attackers to ...)
	NOT-FOR-US: Linksys WRT54G router
CVE-2006-2558 (Cross-site scripting (XSS) vulnerability in IpLogger 1.7 and earlier ...)
	NOT-FOR-US: IpLogger
CVE-2006-2557 (PHP remote file inclusion vulnerability in extras/poll/poll.php in ...)
	NOT-FOR-US: Newsportal
CVE-2006-2556 (Cross-site scripting (XSS) vulnerability in Florian Amrhein NewsPortal ...)
	NOT-FOR-US: newsportal
	NOTE: RFP #149069 closed after no activity since too long time
CVE-2006-2555 (The parse_command function in Genecys 0.2 and earlier allows remote ...)
	NOT-FOR-US: Genecys
CVE-2006-2554 (Buffer overflow in the tell_player_surr_changes function in Genecys ...)
	NOT-FOR-US: Genecys
CVE-2006-2553 (Cross-site scripting (XSS) vulnerability in Jemscripts DownloadControl ...)
	NOT-FOR-US: DownloadControl
CVE-2006-2552 (Jemscripts DownloadControl 1.0 allows remote attackers to obtain ...)
	NOT-FOR-US: DownloadControl
CVE-2006-2551 (Unspecified vulnerability in the kernel in HP-UX B.11.00 allows local ...)
	NOT-FOR-US: HP-UX
CVE-2002-2213 (The DNS resolver in unspecified versions of Infoblox DNS One, when ...)
	NOT-FOR-US: Infoblox DNS One
CVE-2002-2212 (The DNS resolver in unspecified versions of Fujitsu UXP/V, when ...)
	NOT-FOR-US: Fujitsu UXP/V
CVE-2002-2211 (BIND 4 and BIND 8, when resolving recursive DNS queries for arbitrary ...)
	- bind <removed> (unimportant)
	- bind9 <not-affected> (does not send parallel queries)
	NOTE: Disabling recursion does not close all attack vectors.
	NOTE: Browser reflection attacks will still work.
	NOTE: Bind 8 design limitations that are only addressed in bind 9 are not
	NOTE: treated a security issues, DNS admins need to be aware what they are using
CVE-2006-2550 (perlpodder before 0.5 allows remote attackers to execute arbitrary ...)
	NOT-FOR-US: perlpodder
CVE-2006-2549 (Stack-based buffer overflow in PDF Form Filling and Flattening Tool ...)
	NOT-FOR-US: PDF Form Filling and Flattening Tool
CVE-2006-2548 (Prodder before 0.5, and perlpodder before 0.5, allows remote attackers ...)
	NOT-FOR-US: prodder/perlpodder
CVE-2006-2547 (Unspecified vulnerability in the sapdba command in SAP with Informix ...)
	NOT-FOR-US: Sap
CVE-2006-2546 (A recommended admin password reset mechanism for BEA WebLogic Server ...)
	NOT-FOR-US: BEA
CVE-2006-2545 (Multiple cross-site scripting (XSS) vulnerabilities in Xtreme Topsites ...)
	NOT-FOR-US: Xtreme Topsites
CVE-2006-2544 (Multiple SQL injection vulnerabilities in Xtreme Topsites 1.1, with ...)
	NOT-FOR-US: Xtreme Topsites
CVE-2006-2543 (Xtreme Topsites 1.1 allows remote attackers to trigger MySQL errors ...)
	NOT-FOR-US: Xtreme Topsites
CVE-2006-2542 (xmcdconfig in xmcd for Debian GNU/Linux 2.6-17.1 creates /var/lib/cddb ...)
	{DSA-1086-1}
	- xmcd 2.6-17.2 (bug #366816; medium)
CVE-2006-2541 (SQL injection vulnerability in settings.asp in Zixforum 1.12 allows ...)
	NOT-FOR-US: Zixforum
CVE-2006-2540 (Privacy leak in install.php for Diesel PHP Job Site sends sensitive ...)
	NOT-FOR-US: Diesel
CVE-2006-2539 (Sybase EAServer 5.0 for HP-UX Itanium, 5.2 for IBM AIX, HP-UX PA-RISC, ...)
	NOT-FOR-US: Sybase
CVE-2006-2538 (IE Tab 1.0.9 plugin for Mozilla Firefox 1.5.0.3 allows remote ...)
	NOT-FOR-US: Windows-only Firefox plugin
CVE-2006-2537 (Multiple format string vulnerabilities in (a) OpenBOR 2.0046 and ...)
	NOT-FOR-US: *BOR
CVE-2006-2536 (Cross-site scripting (XSS) vulnerability in Destiney Links Script ...)
	NOT-FOR-US: Destiney
CVE-2006-2535 (index.php in Destiney Links Script 2.1.2 allows remote attackers to ...)
	NOT-FOR-US: Destiney
CVE-2006-2534 (Destiney Links Script 2.1.2 does not protect library and other support ...)
	NOT-FOR-US: Destiney
CVE-2006-2533 (Cross-site scripting (XSS) vulnerability in (1) addWeblog.php and (2) ...)
	NOT-FOR-US: Destiney
CVE-2006-2532 (stats.php in Destiney Rated Images Script 0.5.0 allows remote ...)
	NOT-FOR-US: Destiney
CVE-2006-2531 (Ipswitch WhatsUp Professional 2006 only verifies the users identity ...)
	NOT-FOR-US: Ipswitch
CVE-2006-2530 (avatar_upload.asp in Avatar MOD 1.3 for Snitz Forums 3.4, and possibly ...)
	NOT-FOR-US: Snitz mod
CVE-2006-2529 (editor/filemanager/upload/php/upload.php in FCKeditor before 2.3 Beta, ...)
	- knowledgeroot <not-affected> (fixed before first upload; see bug #381912)
CVE-2006-2528 (PHP remote file inclusion vulnerability in classified_right.php in ...)
	NOT-FOR-US: phpBazar
CVE-2006-2527 (Admin/admin.php in phpBazar 2.1.0 and earlier allows remote attackers ...)
	NOT-FOR-US: phpBazar
CVE-2006-2526 (PHP remote file inclusion vulnerability in index.php in PHP Easy ...)
	NOT-FOR-US: PHP Easy Galerie
CVE-2006-2525 (SQL injection vulnerability in UseBB 1.0 RC1 and earlier allows remote ...)
	NOT-FOR-US: UseBB
CVE-2006-2524 (Cross-site scripting (XSS) vulnerability in UseBB 1.0 RC1 and earlier ...)
	NOT-FOR-US: UseBB
CVE-2006-2523 (PHP remote file inclusion vulnerability in config.php in phpListPro ...)
	NOT-FOR-US: phpListPro
CVE-2006-2522 (Dayfox Blog 2.0 and earlier stores user credentials in ...)
	NOT-FOR-US: Dayfox
CVE-2006-2521 (PHP remote file inclusion vulnerability in cron.php in phpMyDirectory ...)
	NOT-FOR-US: phpMyDirectory
CVE-2006-2520 (Directory traversal vulnerability in BitZipper 4.1.2 SR-1 and earlier ...)
	NOT-FOR-US: BitZipper
CVE-2006-2519 (Directory traversal vulnerability in ...)
	NOT-FOR-US: phpwcms
CVE-2006-2518 (Cross-site scripting (XSS) vulnerability in phpwcms 1.2.5-DEV allows ...)
	NOT-FOR-US: phpwcms
CVE-2006-2517 (SQL injection vulnerability in MyWeb Portal Office, Standard Edition, ...)
	NOT-FOR-US: MyWeb
CVE-2006-2516 (mainfile.php in XOOPS 2.0.13.2 and earlier, when register_globals is ...)
	NOT-FOR-US: XOOPS
CVE-2006-2515 (Cross-site scripting (XSS) vulnerability in index.php in Hiox ...)
	NOT-FOR-US: Hiox
CVE-2006-2514 (Coppermine galleries before 1.4.6, when running on Apache with ...)
	NOT-FOR-US: Coppermine
CVE-2006-2513 (Unspecified vulnerability in the installation process in Sun Java ...)
	NOT-FOR-US: Sun
CVE-2006-2512 (SQL injection vulnerability in Hitachi EUR Professional Edition, EUR ...)
	NOT-FOR-US: Hitachi
CVE-2006-2511 (The ActiveX version of FrontRange iHEAT allows remote authenticated ...)
	NOT-FOR-US: FrontRange
CVE-2006-2510 (Cross-site scripting (XSS) vulnerability in the URL submission form in ...)
	NOT-FOR-US: YourFreeWorld.com
CVE-2006-2509 (SQL injection vulnerability in login.php in YourFreeWorld.com Short ...)
	NOT-FOR-US: YourFreeWorld.com
CVE-2006-2508 (SQL injection vulnerability in tr1.php in YourFreeWorld.com Stylish ...)
	NOT-FOR-US: YourFreeWorld.com
CVE-2006-2507 (Multiple PHP remote file inclusion vulnerabilities in Teake Nutma ...)
	NOT-FOR-US: phpbb2 mod
CVE-2006-2506 (Multiple cross-site scripting (XSS) vulnerabilities in search.php in ...)
	NOT-FOR-US: Sphider
CVE-2006-2505 (Oracle Database Server 10g Release 2 allows local users to execute ...)
	NOT-FOR-US: Oracle
CVE-2006-2504 (Multiple SQL injection vulnerabilities in mono AZBOARD 1.0 and earlier ...)
	NOT-FOR-US: AZBOARD
CVE-2006-2503 (SQL injection vulnerability in misc.php in DeluxeBB 1.06 allows remote ...)
	NOT-FOR-US: DeluxeBB
CVE-2006-2502 (Stack-based buffer overflow in pop3d in Cyrus IMAPD (cyrus-imapd) ...)
	- cyrus-imapd-2.2 <not-affected> (Vulnerable code not present)
CVE-2006-2501 (Cross-site scripting (XSS) vulnerability in Sun ONE Web Server 6.0 SP9 ...)
	NOT-FOR-US: Sun
CVE-2006-2500 (Cross-site scripting (XSS) vulnerability in add_news.asp in ...)
	NOT-FOR-US: CodeAvalanche News
CVE-2006-2499 (SQL injection vulnerability in default.asp in CodeAvalanche News ...)
	NOT-FOR-US: CodeAvalanche News
CVE-2006-2498 (Invision Power Board (IPB) before 2.1.6 allows remote attackers to ...)
	NOT-FOR-US: Invision
CVE-2006-2497 (Multiple cross-site scripting (XSS) vulnerabilities in AspBB 0.5.2 ...)
	NOT-FOR-US: AspBB
CVE-2006-2496 (Buffer overflow in iMonitor 2.4 in Novell eDirectory 8.8 allows remote ...)
	NOT-FOR-US: Novell
CVE-2006-2495 (Cross-site request forgery (CSRF) vulnerability in the Entry Manager ...)
	- serendipity 1.0-1
CVE-2006-2494 (Stack-based buffer overflow in IntelliTamper 2.07 allows remote ...)
	NOT-FOR-US: IntelliTampe
CVE-2006-2493
	REJECTED
CVE-2005-1755 (PHP remote file inclusion vulnerability in poll_vote.php in PHP Poll ...)
	NOT-FOR-US: PHP Poll Creator
CVE-2005-1754 (** DISPUTED ** ...)
	NOT-FOR-US: JavaMail API
	NOTE: vulnerable file not in Debian
CVE-2005-1753 (** DISPUTED ** ...)
	NOT-FOR-US: JavaMail API
	NOTE: vulnerable file not in Debian
CVE-2005-1752 (viewFile.php in the scm component of Gforge before 4.0 allows remote ...)
	- gforge 3.1-30
	NOTE: viewFile.php disabled in 3.1-30
CVE-2006-2492 (Buffer overflow in Microsoft Word in Office 2000 SP3, Office XP SP3, ...)
	NOT-FOR-US: Microsoft
CVE-2006-2491 (Cross-site scripting (XSS) vulnerability in (1) index.php and (2) ...)
	NOT-FOR-US: BoastMachine
CVE-2006-2490 (Multiple cross-site scripting (XSS) vulnerabilities in Mobotix IP ...)
	NOT-FOR-US: Mobotix
CVE-2006-2489 (Integer overflow in CGI scripts in Nagios 1.x before 1.4.1 and 2.x ...)
	{DSA-1072-1}
	- nagios 2:1.4-1 (bug #366682; bug #366803; bug #368193; high)
	- nagios2 2.3-1 (bug #366683; bug #368199; high)
CVE-2006-2488 (Multiple cross-site scripting (XSS) vulnerabilities in Spymac WebOS ...)
	NOT-FOR-US: Spymac
CVE-2006-2487 (Multiple PHP remote file inclusion vulnerabilities in ScozNews 1.2.1 ...)
	NOT-FOR-US: ScozNews
CVE-2006-2486 (SQL injection vulnerability in find.php in YapBB 1.2 Beta2 and earlier ...)
	NOT-FOR-US: YapBB
CVE-2006-2485 (PHP remote file inclusion vulnerability in includes/class_template.php ...)
	NOT-FOR-US: Quezza
CVE-2006-2484 (Cross-site scripting (XSS) vulnerability in index.html in IceWarp ...)
	NOT-FOR-US: IceWarp
CVE-2006-2483 (PHP remote file inclusion vulnerability in cart_content.php in ...)
	NOT-FOR-US: Squirrelcart
CVE-2006-2482 (Heap-based buffer overflow in the TZipTV component in (1) ZipTV for ...)
	NOT-FOR-US: ZipTV
CVE-2006-2481 (VMware ESX Server 2.0.x before 2.0.2 and 2.x before 2.5.2 patch 4 ...)
	NOT-FOR-US: VMware ESX
CVE-2006-2480 (Format string vulnerability in Dia 0.94 allows user-assisted ...)
	- dia 0.95.0-4 (bug #368202; low)
	[sarge] - dia <no-dsa> (Hardly exploitable, would require obviously malformed file names)
CVE-2006-2479 (The Update functionality in Bitrix Site Manager 4.1.x does not verify ...)
	NOT-FOR-US: Bitrix
CVE-2006-2478 (Bitrix Site Manager 4.1.x allows remote attackers to redirect users to ...)
	NOT-FOR-US: Bitrix
CVE-2006-2477 (Cross-site scripting (XSS) vulnerability in the administrative ...)
	NOT-FOR-US: Bitrix
CVE-2006-2476 (Bitrix Site Manager 4.1.x stores updater.log under the web document ...)
	NOT-FOR-US: Bitrix
CVE-2006-2475 (Directory traversal vulnerability in (1) edit_mailtexte.cgi and (2) ...)
	NOT-FOR-US: Cosmoshop
CVE-2006-2474 (SQL injection vulnerability in lshop.cgi in Cosmoshop 8.11.106 and ...)
	NOT-FOR-US: Cosmoshop
CVE-2006-2473 (** DISPUTED ** ...)
	NOT-FOR-US: OpenWiki
CVE-2006-2472 (Unspecified vulnerability in BEA WebLogic Server 9.1 and 9.0, 8.1 ...)
	NOT-FOR-US: BEA
CVE-2006-2471 (Multiple vulnerabilities in BEA WebLogic Server 8.1 through SP4, 7.0 ...)
	NOT-FOR-US: BEA
CVE-2006-2470 (Unspecified vulnerability in the WebLogic Server Administration ...)
	NOT-FOR-US: BEA
CVE-2006-2469 (The HTTP handlers in BEA WebLogic Server 9.0, 8.1 up to SP5, 7.0 up to ...)
	NOT-FOR-US: BEA
CVE-2006-2468 (The WebLogic Server Administration Console in BEA WebLogic Server 8.1 ...)
	NOT-FOR-US: BEA
CVE-2006-2467 (BEA WebLogic Server 8.1 up to SP4, 7.0 up to SP6, and 6.1 up to SP7 ...)
	NOT-FOR-US: BEA
CVE-2006-2466 (BEA WebLogic Server 8.1 up to SP4 and 7.0 up to SP6 allows remote ...)
	NOT-FOR-US: BEA
CVE-2006-2465 (Buffer overflow in MP3Info 0.8.4 allows attackers to execute arbitrary ...)
	- mp3info 0.8.4-9.1 (bug #368207; low)
	[sarge] - mp3info <no-dsa> (Hardly exploitable)
CVE-2006-2464 (stopWebLogic.sh in BEA WebLogic Server 8.1 before Service Pack 4 and ...)
	NOT-FOR-US: BEA
CVE-2006-2463 (view_album.php in SelectaPix 1.31 and earlier allows remote attackers ...)
	NOT-FOR-US: SelectaPix
CVE-2006-2462 (BEA WebLogic Server 8.1 before Service Pack 4 and 7.0 before Service ...)
	NOT-FOR-US: BEA
CVE-2006-2461 (BEA WebLogic Server before 8.1 Service Pack 4 does not properly set ...)
	NOT-FOR-US: BEA
CVE-2006-2460 (Sugar Suite Open Source (SugarCRM) 4.2 and earlier, when ...)
	NOT-FOR-US: SugarCRM
CVE-2006-2459 (SQL injection vulnerability in messages.php in PHP-Fusion 6.00.307 and ...)
	NOT-FOR-US: PHP-Fusion
CVE-2006-2458 (Multiple heap-based buffer overflows in Libextractor 0.5.13 and ...)
	{DSA-1081-1}
	- libextractor 0.5.14-1
CVE-2006-2457
	RESERVED
CVE-2006-2456
	RESERVED
CVE-2006-2455
	RESERVED
CVE-2006-2454
	RESERVED
CVE-2006-2453 (Multiple unspecified format string vulnerabilities in Dia have ...)
	- dia 0.95.0-4 (bug #368202; medium)
	[sarge] - dia <no-dsa> (Hardly exploitable, would require obviously malformed file names)
CVE-2006-2452 (GNOME GDM 2.8, 2.12, 2.14, and 2.15, when the &quot;face browser&quot; feature ...)
	- gdm 2.16.1-1 (bug #375281; medium)
	[sarge] - gdm <not-affected> (Vulnerable code has only been introduced with 2.8)
CVE-2006-2451 (The suid_dumpable support in Linux kernel 2.6.13 up to versions before ...)
	- linux-2.6 2.6.17-3 (high)
CVE-2006-2450 (auth.c in LibVNCServer 0.7.1 allows remote attackers to bypass ...)
	- libvncserver 0.8.2-1 (high; bug #376824)
CVE-2006-2449 (KDE Display Manager (KDM) in KDE 3.2.0 up to 3.5.3 allows local users ...)
	{DSA-1156}
	- kdebase 4:3.5.2-2 (bug #374002; medium)
CVE-2006-2448 (Linux kernel before 2.6.16.21 and 2.6.17, when running on PowerPC, ...)
	- linux-2.6 2.6.16-15
CVE-2006-2447 (SpamAssassin before 3.1.3, when running with vpopmail and the paranoid ...)
	{DSA-1090-1}
	- spamassassin 3.1.3-1 (medium)
CVE-2006-2446 (Race condition between the kfree_skb and __skb_unlink functions in the ...)
	- linux-2.6 2.6.16-1
	NOTE: I'm not sure at which point this was merged, but I checked 2.6.16 and the
	NOTE: patch is included there
CVE-2006-2445 (Race condition in run_posix_cpu_timers in Linux kernel before ...)
	- linux-2.6 2.6.16-15
CVE-2006-2444 (The snmp_trap_decode function in the SNMP NAT helper for Linux kernel ...)
	- linux-2.6 2.6.16-15
CVE-2006-2442 (kphone 4.2 creates .qt/kphonerc with world-readable permissions, which ...)
	{DSA-1062-1}
	- kphone 1:4.2-3 (bug #337830; medium)
CVE-2006-2439 (Stack-based buffer overflow in ZipCentral 4.01 allows remote ...)
	NOT-FOR-US: ZipCentral
CVE-2006-2438 (Directory traversal vulnerability in the viewfile servlet in the ...)
	NOT-FOR-US: Caucho
CVE-2006-2437 (The viewfile servlet in the documentation package (resin-doc) for ...)
	NOT-FOR-US: Caucho
CVE-2006-2436 (WebSphere Application Server 5.0.2 (or any earlier cumulative fix) ...)
	NOT-FOR-US: IBM
CVE-2006-2435 (Unspecified vulnerability in IBM WebSphere Application Server 5.0.2 ...)
	NOT-FOR-US: IBM
CVE-2006-2434 (Unspecified vulnerability in WebSphere 5.1.1 (or any earlier ...)
	NOT-FOR-US: IBM
CVE-2006-2433 (Unspecified vulnerability in IBM WebSphere Application Server 6.0.2, ...)
	NOT-FOR-US: IBM
CVE-2006-2432 (IBM WebSphere Application Server 5.0.2 (or any earlier cumulative fix) ...)
	NOT-FOR-US: IBM
CVE-2006-2431 (Cross-site scripting (XSS) vulnerability in the 500 Internal Server ...)
	NOT-FOR-US: IBM
CVE-2006-2430 (IBM WebSphere Application Server 5.0.2 and earlier, 5.1.1 and earlier, ...)
	NOT-FOR-US: IBM
CVE-2006-2429 (Unspecified vulnerability in IBM WebSphere Application Server 6.0.2, ...)
	NOT-FOR-US: IBM
CVE-2006-2428 (add.asp in DUware DUbanner 3.1 allows remote attackers to execute ...)
	NOT-FOR-US: Duware
CVE-2006-2427 (freshclam in (1) Clam Antivirus (ClamAV) 0.88 and (2) ClamXav 1.0.3h ...)
	- clamav <not-affected> (clamav-freshclam doesn't ship freshclam setuid or setgid)
CVE-2006-2426 (Sun Java Runtime Environment (JRE) 1.5.0_6 and earlier, JDK 1.5.0_6 ...)
	- sun-java5 1.5.0-10-1 (bug #384734)
CVE-2006-2425 (Multiple cross-site scripting (XSS) vulnerabilities in PRV.php in ...)
	NOT-FOR-US: phpRemoteView
CVE-2006-2424 (PHP remote file inclusion vulnerability in ezUserManager 1.6 and ...)
	NOT-FOR-US: ezUserManager
CVE-2006-2423 (Cross-site scripting (XSS) vulnerability in ftplogin/index.php in ...)
	NOT-FOR-US: Confixx
CVE-2006-2422 (phpCOIN 1.2.3 and earlier stores messages based upon e-mail addresses, ...)
	NOT-FOR-US: phpCOIN
CVE-2006-2421 (Stack-based buffer overflow in Pragma FortressSSH 4.0.7.20 allows ...)
	NOT-FOR-US: Pragma
CVE-2006-2420 (Bugzilla 2.20rc1 through 2.20 and 2.21.1, when using RSS 1.0, allows ...)
	NOTE: "this issue normally would not be included in CVE, it is being identified since the Bugzilla developers have addressed it."
	- bugzilla <unfixed> (unimportant)
CVE-2006-2419 (Cross-site scripting (XSS) vulnerability in index.php in Directory ...)
	NOT-FOR-US: Directory Listing Script
CVE-2006-2418 (Cross-site scripting (XSS) vulnerabilities in certain versions of ...)
	{DSA-1207-1}
	- phpmyadmin 4:2.8.1-1 (bug #368082; medium)
CVE-2006-2417 (Cross-site scripting (XSS) vulnerability in phpMyAdmin 2.8.0.x before ...)
	- phpmyadmin 4:2.8.1-1 (bug #368082; medium)
	[sarge] - phpmyadmin <not-affected> (Vulnerable code not present)
CVE-2006-2416 (SQL injection vulnerability in class2.php in e107 0.7.2 and earlier ...)
	NOT-FOR-US: e107
CVE-2006-2415 (Multiple cross-site scripting (XSS) vulnerabilities in FlexChat 2.0 ...)
	NOT-FOR-US: FlexChat
CVE-2006-2414 (Directory traversal vulnerability in Dovecot 1.0 beta and 1.0 allows ...)
	{DSA-1080-1}
	- dovecot 1.0.beta8-1 (low)
	[sarge] - dovecot <not-affected> (vulnerability introduced in 1.0)
CVE-2006-2413 (GNUnet before SVN revision 2781 allows remote attackers to cause a ...)
	- gnunet 0.7.0e-1 (bug #368159; medium)
	[sarge] - gnunet <not-affected> (according to maintainer)
CVE-2006-2412 (The raydium_network_read function in network.c in Raydium SVN revision ...)
	NOT-FOR-US: Raydium
CVE-2006-2411 (Buffer overflow in raydium_network_read function in network.c in ...)
	NOT-FOR-US: Raydium
CVE-2006-2410 (raydium_network_netcall_exec function in network.c in Raydium SVN ...)
	NOT-FOR-US: Raydium
CVE-2006-2409 (Format string vulnerability in the raydium_log function in console.c ...)
	NOT-FOR-US: Raydium
CVE-2006-2408 (Multiple buffer overflows in Raydium before SVN revision 310 allow ...)
	NOT-FOR-US: Raydium
CVE-2006-2407 (Stack-based buffer overflow in (1) WeOnlyDo wodSSHServer ActiveX ...)
	NOT-FOR-US: ActiveX component
CVE-2006-2406 (Directory traversal vulnerability in bb_lib/abbc.css.php in ...)
	NOT-FOR-US: Unclassified NewsBoard
CVE-2006-2405 (Directory traversal vulnerability in unb_lib/abbc.conf.php in ...)
	NOT-FOR-US: Unclassified NewsBoard
CVE-2006-2404 (Directory traversal vulnerability in popup.php in RadScripts RadLance ...)
	NOT-FOR-US: RadScripts
CVE-2006-2403 (Buffer overflow in FileZilla before 2.2.23 allows remote attackers to ...)
	- filezilla <not-affected> (fixed before the first Debian upload)
CVE-2006-2402 (Buffer overflow in the changeRegistration function in servernet.cpp ...)
	NOT-FOR-US: Outgun
CVE-2006-2401 (The leetnet functions (leetnet/rudp.cpp) in Outgun 1.0.3 bot 2 and ...)
	NOT-FOR-US: Outgun
CVE-2006-2400 (The leetnet functions (leetnet/rudp.cpp) in Outgun 1.0.3 bot 2 and ...)
	NOT-FOR-US: Outgun
CVE-2006-2399 (Stack-based buffer overflow in the ...)
	NOT-FOR-US: Outgun
CVE-2006-2398 (Directory traversal vulnerability in index.php in GPhotos 1.5 and ...)
	NOT-FOR-US: GPhotos web gallery
CVE-2006-2397 (Multiple cross-site scripting (XSS) vulnerabilities in GPhotos 1.5 and ...)
	NOT-FOR-US: GPhotos web gallery
CVE-2006-2396 (Cross-site scripting (XSS) vulnerability in phpODP 1.5h allows remote ...)
	NOT-FOR-US: phpODP
CVE-2006-2395 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: PopPhoto
CVE-2006-2394 (Cross-site scripting (XSS) vulnerability in chat.php in PHP Live ...)
	NOT-FOR-US: PHP Live Support
CVE-2006-2393 (The client_cmd function in Empire 4.3.2 and earlier allows remote ...)
	NOT-FOR-US: Debian's 'empire' is a different game
CVE-2006-2392 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: PHP Blue Dragon Platinum
CVE-2006-2391 (Buffer overflow in EMC Retrospect Client 5.1 through 7.5 allows remote ...)
	NOT-FOR-US: EMC Retrospect
CVE-2006-2390 (Cross-site scripting (XSS) vulnerability in OZJournals 1.2 allows ...)
	NOT-FOR-US: OZJournals
CVE-2006-2389 (Unspecified vulnerability in Microsoft Office 2003 SP1 and SP2, Office ...)
	NOT-FOR-US: Microsoft
CVE-2006-2388 (Microsoft Office Excel 2000 through 2004 allows user-assisted ...)
	NOT-FOR-US: Microsoft
CVE-2006-2387 (Unspecified vulnerability in Microsoft Excel 2000, 2002, 2003, 2004 ...)
	NOT-FOR-US: Microsoft
CVE-2006-2386 (Unspecified vulnerability in Microsoft Outlook Express 6 and earlier ...)
	NOT-FOR-US: Microsoft
CVE-2006-2385 (Unspecified vulnerability in Microsoft Internet Explorer 5.01 SP4 and ...)
	NOT-FOR-US: Microsoft
CVE-2006-2384 (Microsoft Internet Explorer 5.01 SP4 and 6 SP1 and earlier allows ...)
	NOT-FOR-US: Microsoft
CVE-2006-2383 (Unspecified vulnerability in Microsoft Internet Explorer 5.01 SP4 and ...)
	NOT-FOR-US: Microsoft
CVE-2006-2382 (Heap-based buffer overflow in Microsoft Internet Explorer 5.01 SP4 and ...)
	NOT-FOR-US: Microsoft
CVE-2006-2381
	RESERVED
CVE-2006-2380 (Microsoft Windows 2000 SP4 does not properly validate an RPC server ...)
	NOT-FOR-US: Microsoft
CVE-2006-2379 (Buffer overflow in the TCP/IP Protocol driver in Microsoft Windows ...)
	NOT-FOR-US: Microsoft
CVE-2006-2378 (Buffer overflow in the ART Image Rendering component (jgdw400.dll) in ...)
	NOT-FOR-US: Microsoft
CVE-2006-2377
	RESERVED
CVE-2006-2376 (Integer overflow in the PolyPolygon function in Graphics Rendering ...)
	NOT-FOR-US: Microsoft
CVE-2006-2375
	RESERVED
CVE-2006-2374 (The Server Message Block (SMB) driver (MRXSMB.SYS) in Microsoft ...)
	NOT-FOR-US: Microsoft
CVE-2006-2373 (The Server Message Block (SMB) driver (MRXSMB.SYS) in Microsoft ...)
	NOT-FOR-US: Microsoft
CVE-2006-2372 (Buffer overflow in the DHCP Client service for Microsoft Windows 2000 ...)
	NOT-FOR-US: Microsoft
CVE-2006-2371 (Buffer overflow in the Remote Access Connection Manager service ...)
	NOT-FOR-US: Microsoft
CVE-2006-2370 (Buffer overflow in the Routing and Remote Access service (RRAS) in ...)
	NOT-FOR-US: Microsoft
CVE-2006-2369 (RealVNC 4.1.1, and other products that use RealVNC such as AdderLink ...)
	- vnc4 4.1.1+X4.3.0-10 (high)
	[sarge] - vnc4 <not-affected> (vuln not in 4.0)
CVE-2006-2368 (Cross-site scripting (XSS) vulnerability in index.php in Clansys (aka ...)
	NOT-FOR-US: Clansys
CVE-2006-2367 (Cross-site scripting (XSS) vulnerability in index.php in Clansys (aka ...)
	NOT-FOR-US: Clansys
CVE-2006-2366 (ircp_io.c in libopenobex for ircp 1.2, when ircp is run with the -r ...)
	- libopenobex 1.2-3 (bug #366484)
CVE-2006-2365 (Cross-site scripting (XSS) vulnerability in a_login.php in Vizra ...)
	NOT-FOR-US: Vizra
CVE-2006-2364 (Cross-site scripting (XSS) vulnerability in the validation feature in ...)
	NOT-FOR-US: Macromedia
CVE-2006-2363 (SQL injection vulnerability in the weblinks option (weblinks.html.php) ...)
	NOT-FOR-US: Limbo
CVE-2006-2362 (Buffer overflow in getsym in tekhex.c in libbfd in Free Software ...)
	- binutils 2.17-1 (low; bug #368237)
	[sarge] - binutils <no-dsa> (Very minor issue)
CVE-2006-2361 (PHP remote file inclusion vulnerability in pafiledb_constants.php in ...)
	NOT-FOR-US: phpbb mod
CVE-2006-2360 (SQL injection vulnerability in charts.php in the Chart mod for phpBB ...)
	NOT-FOR-US: phpbb mod
CVE-2006-2359 (Cross-site scripting (XSS) vulnerability in charts.php in the Chart ...)
	NOT-FOR-US: phpbb mod
CVE-2006-2192
	RESERVED
CVE-2005-4803 (graphviz before 2.2.1 allows local users to overwrite arbitrary files ...)
	{DSA-857-1}
	- graphviz 2.2.1-1sarge1 (bug #336985; low)
CVE-2005-4802 (Flexbackup 1.2.1 and earlier allows local users to overwrite files and ...)
	{DSA-1216}
	- flexbackup 1.2.1-3 (bug #334350; low)
CVE-2005-4801 (Multiple cross-site request forgery (CSRF) vulnerabilities in Yet ...)
	NOT-FOR-US: YaPIG
CVE-2005-4800 (Direct static code injection vulnerability in Yet Another PHP Image ...)
	NOT-FOR-US: YaPIG
CVE-2005-4799 (Multiple cross-site scripting (XSS) vulnerabilities in Yet Another PHP ...)
	NOT-FOR-US: YaPIG
CVE-2006-2358 (Multiple cross-site scripting (XSS) vulnerabilities in various scripts ...)
	NOT-FOR-US: Web Labs CMS
CVE-2006-2357 (Ipswitch WhatsUp Professional 2006 and WhatsUp Professional 2006 ...)
	NOT-FOR-US: Ipswitch WhatsUp
CVE-2006-2356 (NmConsole/utility/RenderMap.asp in Ipswitch WhatsUp Professional 2006 ...)
	NOT-FOR-US: Ipswitch WhatsUp
CVE-2006-2355 (Ipswitch WhatsUp Professional 2006 and Ipswitch WhatsUp Professional ...)
	NOT-FOR-US: Ipswitch WhatsUp
CVE-2006-2354 (NmConsole/Login.asp in Ipswitch WhatsUp Professional 2006 and Ipswitch ...)
	NOT-FOR-US: Ipswitch WhatsUp
CVE-2006-2353 (NmConsole/DeviceSelection.asp in Ipswitch WhatsUp Professional 2006 ...)
	NOT-FOR-US: Ipswitch WhatsUp
CVE-2006-2352 (Multiple cross-site scripting (XSS) vulnerabilities in IPswitch ...)
	NOT-FOR-US: Ipswitch WhatsUp
CVE-2006-2351 (Multiple cross-site scripting (XSS) vulnerabilities in IPswitch ...)
	NOT-FOR-US: Ipswitch WhatsUp
CVE-2006-2350
	REJECTED
CVE-2006-2349 (E-Business Designer (eBD) 3.1.4 and earlier allows remote attackers to ...)
	NOT-FOR-US: E-Business Designer
CVE-2006-2348 (Cross-site scripting (XSS) vulnerability in form_grupo.html in ...)
	NOT-FOR-US: E-Business Designer
CVE-2006-2347 (E-Business Designer (eBD) 3.1.4 and earlier allows remote attackers to ...)
	NOT-FOR-US: E-Business Designer
CVE-2006-2346 (vpopmail 5.4.14 and 5.4.15, with cleartext passwords enabled, allows ...)
	- vpopmail <not-affected> (vulnerability introduced in 5.4.14)
	NOTE: Unable to reach CVS to determine if prior versions are affected
	NOTE: Micah will return to this one
CVE-2006-2345 (Cross-site scripting (XSS) vulnerability in inc/elementz.php in ...)
	NOT-FOR-US: AliPAGER
CVE-2006-2344 (SQL injection vulnerability in inc/elementz.php in AliPAGER 1.5, with ...)
	NOT-FOR-US: AliPAGER
CVE-2006-2343 (Cross-site scripting (XSS) vulnerability in Search.do in ManageEngine ...)
	NOT-FOR-US: ManageEngine OpManager
CVE-2006-2342 (IBM WebSphere Application Server 6.0.2 before FixPack 3 allows remote ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2006-2341 (The HTTP proxy in Symantec Gateway Security 5000 Series 2.0.1 and 3.0, ...)
	NOT-FOR-US: Symantec Gateway Security
CVE-2006-2340 (Cross-site scripting (XSS) vulnerability in PassMasterFlex and ...)
	NOT-FOR-US: PassMasterFlex
CVE-2006-2339 (SQL injection vulnerability in index.php in evoTopsites 2.x and ...)
	NOT-FOR-US: evoTopsites
CVE-2006-2338 (PlaNet Concept plaNetStat 20050127 allows remote attackers to gain ...)
	NOT-FOR-US: PlaNet
CVE-2006-2337 (Directory traversal vulnerability in webcm in the D-Link DSL-G604T ...)
	NOT-FOR-US: D-Link
CVE-2006-2336 (SQL injection vulnerability in showthread.php in MyBB (aka ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2006-2335 (Jelsoft vBulletin accepts uploads of Cascading Style Sheets (CSS) and ...)
	NOT-FOR-US: vBulletin
CVE-2006-2334 (The RtlDosPathNameToNtPathName_U API function in NTDLL.DLL in ...)
	NOT-FOR-US: Windows
CVE-2006-2333 (Multiple SQL injection vulnerabilities in MyBB (aka MyBulletinBoard) ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2006-2332 (Mozilla Firefox 1.5.0.3 allows remote attackers to cause a denial of ...)
	NOTE: 1.5.dfsg+1.5.0.3-2 didn't crash or do anything but stutter on the sample pages, marking it fixed in there
	- firefox 1.5.dfsg+1.5.0.3-2
CVE-2006-2331 (Multiple directory traversal vulnerabilities in PHP-Fusion 6.00.306 ...)
	NOT-FOR-US: PHP-Fusion
CVE-2006-2330 (PHP-Fusion 6.00.306 and earlier, running under Apache HTTP Server ...)
	NOT-FOR-US: PHP-Fusion
CVE-2006-2329 (AngelineCMS 0.6.5 and earlier allow remote attackers to obtain ...)
	NOT-FOR-US: AngelineCMS
CVE-2006-2328 (SQL injection vulnerability in lib/adodb/server.php in AngelineCMS ...)
	NOT-FOR-US: AngelineCMS
CVE-2006-2327 (Multiple integer overflows in the DPRPC library (DPRPCNLM.NLM) ...)
	NOT-FOR-US: Novell
CVE-2006-2326 (Directory traversal vulnerability in index.php in OnlyScript.info ...)
	NOT-FOR-US: OnlyScript.info
CVE-2006-2325 (Cross-site scripting (XSS) vulnerability in index.php in ...)
	NOT-FOR-US: OnlyScript.info
CVE-2006-2324 (180solutions Zango downloads &quot;required Adware components&quot; without ...)
	NOT-FOR-US: 180solutions
CVE-2006-2323 (Multiple PHP remote file inclusion vulnerabilities in SmartISoft ...)
	NOT-FOR-US: SmartISoft
CVE-2006-2322 (The transparent proxy feature of the Cisco Application Velocity System ...)
	NOT-FOR-US: Cisco
CVE-2006-2321 (Multiple cross-site scripting (XSS) vulnerabilities in Ideal Science ...)
	NOT-FOR-US: Ideal Science
CVE-2006-2320 (Multiple SQL injection vulnerabilities in Ideal Science Ideal BB ...)
	NOT-FOR-US: Ideal Science
CVE-2006-2319 (Ideal Science Ideal BB 1.5.4a and earlier does not properly check file ...)
	NOT-FOR-US: Ideal Science
CVE-2006-2318 (Incomplete blacklist vulnerability in Ideal Science Ideal BB 1.5.4a ...)
	NOT-FOR-US: Ideal Science
CVE-2006-2317 (Unspecified vulnerability in Ideal Science Ideal BB 1.5.4a and earlier ...)
	NOT-FOR-US: Ideal Science
CVE-2006-2316 (S24EvMon.exe in the Intel PROset/Wireless software, possibly ...)
	NOT-FOR-US: Intel Windows software
CVE-2006-2315 (** DISPUTED ** ...)
	NOT-FOR-US: ISPConfig
CVE-2006-2314 (PostgreSQL 8.1.x before 8.1.4, 8.0.x before 8.0.8, 7.4.x before ...)
	{DSA-1087-1}
	- postgresql 7.5.4 (medium; bug #368645)
	- postgresql-7.4 1:7.4.13-1 (medium)
	- postgresql-8.1 8.1.4-1 (medium)
	[sarge] - pygresql <not-affected> (Already includes proper quoting)
	NOTE: Beginning with version 7.5.4, postgresql is a transition
	NOTE: package which does not contain actual code.  That's why
	NOTE: it's marked as fixed here.  (Previous versions are vulnerable.)
	NOTE: The following packages needed to adapted to cope with the new system:
	NOTE: psycopg 1.1.21-5 (bug #369230)
	NOTE: python-pgsql 2.4.0-8 (bug #369250)
	NOTE: pygresql 1:3.8-1.1 (bug #369239)
	NOTE: dovecot 1.0.beta8-3 (bug #369359)
	NOTE: postfix 2.2.10-2 (bug #369349)
CVE-2006-2313 (PostgreSQL 8.1.x before 8.1.4, 8.0.x before 8.0.8, 7.4.x before ...)
	{DSA-1087-1}
	- postgresql 7.5.4 (high; bug #368645)
	- postgresql-7.4 1:7.4.13-1 (high)
	- postgresql-8.1 8.1.4-1 (high)
	NOTE: Beginning with version 7.5.4, postgresql is a transition
	NOTE: package which does not contain actual code.  That's why
	NOTE: it's marked as fixed here.  (Previous versions are vulnerable.)
CVE-2006-2312 (Argument injection vulnerability in the URI handler in Skype 2.0.*.104 ...)
	NOT-FOR-US: Skype
CVE-2006-2311 (Cross-site scripting (XSS) vulnerability in BlueDragon Server and ...)
	NOT-FOR-US: BlueDragon Server and Server JX
CVE-2006-2310 (BlueDragon Server and Server JX 6.2.1.286 for Windows allows remote ...)
	NOT-FOR-US: BlueDragon Server and Server JX
CVE-2006-2309 (The HTTP service in EServ/3 3.25 allows remote attackers to obtain ...)
	NOT-FOR-US: EServ
CVE-2006-2308 (Directory traversal vulnerability in the IMAP service in EServ/3 3.25 ...)
	NOT-FOR-US: EServ
CVE-2006-2307 (Cross-site scripting (XSS) vulnerability in Website Baker CMS before ...)
	NOT-FOR-US: Website Baker
CVE-2006-2306 (Cross-site scripting (XSS) vulnerability in moreinfo.asp in ...)
	NOT-FOR-US: EPublisherPro
CVE-2006-2305 (Multiple cross-site scripting (XSS) vulnerabilities in Jadu CMS allow ...)
	NOT-FOR-US: Jadu
CVE-2006-2304 (Multiple integer overflows in the DPRPC library (DPRPCW32.DLL) in ...)
	NOT-FOR-US: Novell software for Windows
CVE-2006-2303 (Cross-Application Scripting (XAS) vulnerability in ICQ Client 5.04 ...)
	NOT-FOR-US: Windows ICQ client
CVE-2006-2302 (SQL injection vulnerability in admin_default.asp in DUGallery 2.x ...)
	NOT-FOR-US: DUGallery
CVE-2006-2301 (SQL injection vulnerability in admin_default.asp in OzzyWork Galeri ...)
	NOT-FOR-US: OzzyWork
CVE-2006-2300 (Multiple SQL injection vulnerabilities in EImagePro allow remote ...)
	NOT-FOR-US: EImagePro
CVE-2006-2299
	RESERVED
CVE-2006-2298 (The Internet Key Exchange version 1 (IKEv1) implementation in the ...)
	NOT-FOR-US: Solaris
CVE-2006-2297 (Heap-based buffer overflow in Microsoft Infotech Storage System ...)
	NOT-FOR-US: Microsoft Infotech Storage System
CVE-2006-2296 (SQL injection vulnerability in search_result.asp in EDirectoryPro 2.0 ...)
	NOT-FOR-US: EDirectoryPro
CVE-2006-2295 (Directory traversal vulnerability in Dynamic Galerie 1.0 allows remote ...)
	NOT-FOR-US: Dynamic Galerie
CVE-2006-2294 (Cross-site scripting (XSS) vulnerability in Dynamic Galerie 1.0 allows ...)
	NOT-FOR-US: Dynamic Galerie
CVE-2006-2293 (SQL injection vulnerability in all_calendars.asp in MultiCalendars 3.0 ...)
	NOT-FOR-US: MultiCalendars
CVE-2006-2292 (Multiple SQL injection vulnerabilities in IA-Calendar allow remote ...)
	NOT-FOR-US: IA-Calendar
CVE-2006-2291 (Cross-site scripting (XSS) vulnerability in calendar_new.asp in ...)
	NOT-FOR-US: IA-Calendar
CVE-2006-2290 (Multiple cross-site scripting (XSS) vulnerabilities in kommentar.php ...)
	NOT-FOR-US: 2005-Comments-Script
CVE-2006-2289 (Buffer overflow in avahi-core in Avahi before 0.6.10 allows local ...)
	- avahi 0.6.10-1 (medium)
CVE-2006-2288 (Avahi before 0.6.10 allows local users to cause a denial of service ...)
	- avahi 0.6.10-1 (low)
CVE-2006-2287 (Multiple cross-site scripting (XSS) vulnerabilities in Vision Source ...)
	NOT-FOR-US: Vision Source
CVE-2006-2286 (Multiple PHP remote file inclusion vulnerabilities in ...)
	NOT-FOR-US: Dokeos
CVE-2006-2285 (PHP remote file inclusion vulnerability in authldap.php in Dokeos ...)
	NOT-FOR-US: Dokeos
CVE-2006-2284 (Multiple PHP remote file inclusion vulnerabilities in Claroline 1.7.5 ...)
	NOT-FOR-US: Claroline
CVE-2006-2283 (Multiple PHP remote file inclusion vulnerabilities in SpiffyJr phpRaid ...)
	NOT-FOR-US: phpRaid
CVE-2006-2282 (Cross-site scripting (XSS) vulnerability in X7 Chat 2.0.2 and earlier ...)
	NOT-FOR-US: X7 Chat
CVE-2006-2281 (X-Scripts X-Poll (xpoll) 2.30 allows remote attackers to execute ...)
	NOT-FOR-US: X-Scripts X-Poll
CVE-2006-2280 (Directory traversal vulnerability in website.php in openEngine 1.8 ...)
	NOT-FOR-US: openEngine
CVE-2006-2279 (Multiple SQL injection vulnerabilities in SaphpLesson 3.0 allow remote ...)
	NOT-FOR-US: SaphpLesson
CVE-2006-2278 (SaphpLesson 3.0 does not initialize array variables, which allows ...)
	NOT-FOR-US: SaphpLesson
CVE-2006-2277 (Multiple Apple Mac OS X 10.4 applications might allow ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2006-2276 (bgpd in Quagga 0.98 and 0.99 before 20060504 allows local users to ...)
	{DSA-1059-1}
	- quagga 0.99.4-1 (bug #366980; low)
CVE-2006-2275 (Linux SCTP (lksctp) before 2.6.17 allows remote attackers to cause a ...)
	- linux-2.6 2.6.16-13
CVE-2006-2274 (Linux SCTP (lksctp) before 2.6.17 allows remote attackers to cause a ...)
	{DSA-1103 DSA-1097-1}
	- linux-2.6 2.6.16-13
CVE-2006-2273 (The InstallProduct routine in the Verisign VUpdater.Install (aka ...)
	NOT-FOR-US: Verisign
CVE-2006-2272 (Linux SCTP (lksctp) before 2.6.17 allows remote attackers to cause a ...)
	{DSA-1103 DSA-1097-1}
	- linux-2.6 2.6.16-13
CVE-2006-2271 (The ECNE chunk handling in Linux SCTP (lksctp) before 2.6.17 allows ...)
	{DSA-1103 DSA-1097-1}
	- linux-2.6 2.6.16-13
CVE-2005-4798 (Buffer overflow in NFS readlink handling in the Linux Kernel 2.4 up to ...)
	- linux-2.6 <not-affected>
CVE-2006-2270 (PHP remote file inclusion vulnerability in includes/config.php in ...)
	NOT-FOR-US: Jetbox CMS
CVE-2006-2269 (Cross-site scripting (XSS) vulnerability in myWebland MyBloggie 2.1.3 ...)
	NOT-FOR-US: myWebland MyBloggie
CVE-2006-2268 (SQL injection vulnerability in FlexCustomer 0.0.4 and earlier allows ...)
	NOT-FOR-US: FlexCustomer
CVE-2006-2267 (Kerio WinRoute Firewall before 6.2.1 allows remote attackers to cause ...)
	NOT-FOR-US: Kerio WinRoute Firewall
CVE-2006-2266 (SQL injection vulnerability in Chirpy! 0.1 allows remote attackers to ...)
	NOT-FOR-US: Chirpy!
CVE-2006-2265 (Cross-site scripting vulnerability in admin/main.asp in Ocean12 ...)
	NOT-FOR-US: Ocean12 Calendar Manager Pro
CVE-2006-2264 (Multiple SQL injection vulnerabilities in Ocean12 Calendar Manager Pro ...)
	NOT-FOR-US: Ocean12 Calendar Manager Pro
CVE-2006-2263 (SQL injection vulnerability in shopcurrency.asp in VP-ASP 6.00 allows ...)
	NOT-FOR-US: VP-ASP
CVE-2006-2262 (Cross-site scripting (XSS) vulnerability in index.php in singapore ...)
	NOT-FOR-US: singapore
CVE-2006-2261 (PHP remote file inclusion vulnerability in day.php in ACal 2.2.6 ...)
	NOT-FOR-US: ACal
CVE-2006-2260 (Cross-site scripting (XSS) vulnerability in the project module ...)
	- drupal <not-affected> (bug #366947)
CVE-2006-2259 (SQL injection vulnerability in Logon.asp in MaxxSchedule 1.0 allows ...)
	NOT-FOR-US: MaxxSchedule
CVE-2006-2258 (Cross-site scripting (XSS) vulnerability in Logon.asp in MaxxSchedule ...)
	NOT-FOR-US: MaxxSchedule
CVE-2006-2257 (Cross-site scripting (XSS) vulnerability in index.php in easyEvent 1.2 ...)
	NOT-FOR-US: easyEvent
CVE-2006-2256 (PHP remote file inclusion vulnerability in includes/dbal.php in EQdkp ...)
	NOT-FOR-US: EQdkp
CVE-2006-2255 (Multiple SQL injection vulnerabilities in Creative Community Portal ...)
	NOT-FOR-US: Creative Community Portal
CVE-2006-2254 (Buffer overflow in filecpnt.exe in FileCOPA 1.01 allows remote ...)
	NOT-FOR-US: FileCOPA
CVE-2006-2253 (PHP remote file inclusion vulnerability in visible_count_inc.php in ...)
	NOT-FOR-US: Statit
CVE-2006-2252 (Cross-site scripting vulnerability in submit.php in OpenFAQ 0.4.0 ...)
	NOT-FOR-US: OpenFAQ
CVE-2006-2251 (SQL injection vulnerability in the do_mmod function in mod.php in ...)
	NOT-FOR-US: Invision Community Blog
CVE-2006-2250 (CuteNews 1.4.1 allows remote attackers to obtain sensitive information ...)
	NOT-FOR-US: CuteNews
CVE-2006-2249 (Multiple cross-site scripting (XSS) vulnerabilities in search.php in ...)
	NOT-FOR-US: CuteNews
CVE-2006-2248 (Xeneo Web Server 2.2.22.0 allows remote attackers to obtain the source ...)
	NOT-FOR-US: Xeneo Web Server
CVE-2006-2247 (WebCalendar 1.0.1 to 1.0.3 generates different error messages ...)
	{DSA-1056-1}
	- webcalendar 1.0.2-2.2 (medium; bug #366927)
CVE-2006-2246 (Cross-site scripting (XSS) vulnerability in UBlog 1.6 Access Edition ...)
	NOT-FOR-US: UBlog
CVE-2006-2245 (PHP remote file inclusion vulnerability in auction\auction_common.php ...)
	NOT-FOR-US: Auction mod 1.3m for phpBB
CVE-2006-2244 (Multiple SQL injection vulnerabilities in Web4Future News Portal allow ...)
	NOT-FOR-US: Web4Future News Portal
CVE-2006-2243 (Multiple cross-site scripting (XSS) vulnerabilities in Web4Future News ...)
	NOT-FOR-US: Web4Future News Portal
CVE-2006-2242 (acFTP 1.4 allows remote attackers to cause a denial of service ...)
	NOT-FOR-US: acFTP
CVE-2006-2241 (PHP remote file inclusion vulnerability in show.php in Fast Click SQL ...)
	NOT-FOR-US: Fast Click SQL Lite
CVE-2006-2240 (Unspecified vulnerability in the (1) web cache or (2) web proxy in ...)
	NOT-FOR-US: Fujitsu NetShelter/FW
CVE-2006-2239 (SQL injection vulnerability in readarticle.php in Newsadmin 1.1 allows ...)
	NOT-FOR-US: Newsadmin
CVE-2006-2238 (Heap-based buffer overflow in Apple QuickTime before 7.1 allows remote ...)
	NOT-FOR-US: Apple
CVE-2006-2237 (The web interface for AWStats 6.4 and 6.5, when statistics updates are ...)
	{DSA-1058-1}
	- awstats 6.5-2 (bug #365909; bug #365910; medium)
CVE-2006-2236 (Buffer overflow in the Quake 3 Engine, as used by (1) ET 2.60, (2) ...)
	NOT-FOR-US: Quake 3
CVE-2006-2235 (CodeMunkyX (aka free-php.net) Simple Poll 1.0, when authentication is ...)
	NOT-FOR-US: Simple Poll
CVE-2006-2234 (Multiple cross-site scripting (XSS) vulnerabilities in TyroCMS beta ...)
	NOT-FOR-US: TyroCMS
CVE-2006-2233 (Buffer overflow in BankTown Client Control (aka BtCxCtl20Com) ...)
	NOT-FOR-US: BankTown Client Control
CVE-2006-2232 (Cross-site scripting (XSS) vulnerability in Scriptsez Cute Guestbook ...)
	NOT-FOR-US: Scriptsez Cute Guestbook
CVE-2006-2231 (Multiple cross-site scripting (XSS) vulnerabilities in addguest.cgi in ...)
	NOT-FOR-US: Big Webmaster Guestbook Script
CVE-2006-2230 (Multiple format string vulnerabilities in xiTK (xitk/main.c) in xine ...)
	{DSA-1093-1}
	- xine-ui 0.99.4-2 (medium; bug #363370; bug #372172)
CVE-2006-2229 (OpenVPN 2.0.7 and earlier, when configured to use the --management ...)
	- openvpn <unfixed> (unimportant)
	NOTE: One needs to explicitly set the IP to something else than 127.0.0.1
	NOTE: in order to be vulnerable. The man page recommends not to do it.
CVE-2006-2228 (Cross-site scripting (XSS) vulnerability in w-Agora (aka Web-Agora) ...)
	NOT-FOR-US: Web-Agora
CVE-2006-2227 (Cross-site scripting (XSS) vulnerability in misc.php in PunBB 1.2.11 ...)
	NOT-FOR-US: PunBB
CVE-2006-2226 (Buffer overflow in XM Easy Personal FTP Server 4.2 and 5.0.1 allows ...)
	NOT-FOR-US: Easy Personal FTP Server
CVE-2006-2225 (Buffer overflow in XM Easy Personal FTP Server 4.3 and earlier allows ...)
	NOT-FOR-US: Easy Personal FTP Server
CVE-2006-2224 (RIPd in Quagga 0.98 and 0.99 before 20060503 does not properly enforce ...)
	{DSA-1059-1}
	- quagga 0.99.3-2 (bug #365940; medium)
CVE-2006-2223 (RIPd in Quagga 0.98 and 0.99 before 20060503 does not properly ...)
	{DSA-1059-1}
	- quagga 0.99.3-2 (bug #365940; medium)
CVE-2006-2222 (Buffer overflow in zawhttpd 0.8.23, and possibly previous versions, ...)
	NOT-FOR-US: zawhttpd
CVE-2006-2221 (A third-party installer generation tool, possibly BitRock ...)
	- ejabberd <not-affected> (only binary distribution is affected)
CVE-2006-2220 (phpBB 2.0.20 does not properly verify user-specified input variables ...)
	- phpbb2 <unfixed> (unimportant)
	NOTE: SQL query disclosure
CVE-2006-2219 (phpBB 2.0.20 does not verify user-specified input variable types ...)
	- phpbb2 <unfixed> (unimportant)
	NOTE: path disclosure
CVE-2006-2218 (Unspecified vulnerability in Internet Explorer 6.0 on Microsoft ...)
	NOT-FOR-US: MS IE
CVE-2006-2217 (SQL injection vulnerability in index.php in Invision Power Board ...)
	NOT-FOR-US: Invision Power Board
CVE-2006-2216 (Open Bulletin Board (OpenBB) 1.0.8 allows remote attackers to obtain ...)
	NOT-FOR-US: OpenBB
CVE-2006-2215
	REJECTED
CVE-2005-4797 (Directory traversal vulnerability in printd line printer daemon (lpd) ...)
	NOT-FOR-US: Solaris
CVE-2005-4796 (Unspecified vulnerability in the XView library (libxview.so) in ...)
	- xview <unfixed> (unimportant)
	NOTE: Is only relevant for suid binaries, but xview is not really suitable for
	NOTE: those anyway. Exact information is not available, but a similar problem
	NOTE: is already fixed in the Debian package.
CVE-2005-4795 (Unspecified vulnerability in the multi-language environment library ...)
	NOT-FOR-US: Solaris
CVE-2006-XXXX [cyrus-imapd allows user probes]
	- cyrus-imapd-2.2 2.2.13-3
CVE-2006-2214 (Multiple SQL injection vulnerabilities in 4images 1.7.1 and earlier ...)
	NOT-FOR-US: 4images
CVE-2006-2213 (Hostapd 0.3.7-2 allows remote attackers to cause a denial of service ...)
	{DSA-1065-1}
	- hostapd 1:0.5.0-1 (bug #365897; high)
CVE-2006-2212 (Buffer overflow in KarjaSoft Sami FTP Server 2.0.2 and earlier allows ...)
	NOT-FOR-US: KarjaSoft Sami FTP Server
CVE-2006-2211 (Absolute path traversal vulnerability in index.php in 321soft ...)
	NOT-FOR-US: 321soft PhP-Gallery
CVE-2006-2210 (Cross-site scripting (XSS) vulnerability in index.php in 321soft ...)
	NOT-FOR-US: 321soft PhP-Gallery
CVE-2006-2209 (Multiple SQL injection vulnerabilities in index.php in PHP Arena ...)
	NOT-FOR-US: paCheckBook
CVE-2006-2208 (Multiple cross-site scripting (XSS) vulnerabilities in mynews.inc.php ...)
	NOT-FOR-US: paCheckBook
CVE-2006-2207
	RESERVED
CVE-2006-2206 (The MS-Logon authentication scheme in UltraVNC (aka Ultr@VNC) 1.0.1 ...)
	NOT-FOR-US: UltraVNC
CVE-2006-2205 (The audio_write function in NetBSD 3.0 allows local users to cause a ...)
	NOT-FOR-US: NetBSD kernel
CVE-2006-2204 (SQL injection vulnerability in the topic deletion functionality ...)
	NOT-FOR-US: Invision Power Board
CVE-2006-2203 (Unspecified vulnerability in Kerio MailServer before 6.1.4 has unknown ...)
	NOT-FOR-US: Kerio MailServer
CVE-2006-2202 (SQL injection vulnerability in post.php in Invision Gallery 2.0.6 ...)
	NOT-FOR-US: Invision Gallery
CVE-2006-2201 (Unspecified vulnerability in CA Resource Initialization Manager ...)
	NOT-FOR-US: CA Resource Initialization Manager
CVE-2006-2200 (Stack-based buffer overflow in libmms, as used by (a) MiMMS 0.0.9 and ...)
	- libmms 0.2-7 (bug #374577; medium)
	- mimms 2.0.0-1 (bug #374577; medium)
	- xine-lib 1.1.2-2 (bug #374577; unimportant)
	NOTE: Not exploitable within xine, as alloced buffer are large enough
CVE-2006-2199 (Unspecified vulnerability in Java Applets in OpenOffice.org 1.1.x (aka ...)
	{DSA-1104}
	- openoffice.org 2.0.3-1
CVE-2006-2198 (OpenOffice.org (aka StarOffice) 1.1.x up to 1.1.5 and 2.0.x before ...)
	{DSA-1104}
	- openoffice.org 2.0.3-1
CVE-2006-2197 (Integer overflow in wv2 before 0.2.3 might allow context-dependent ...)
	{DSA-1100}
	- wv2 0.2.2-6 (medium)
CVE-2006-2196 (Unspecified vulnerability in pinball 0.3.1 allows local users to gain ...)
	{DSA-1102}
	- pinball 0.3.1-6
CVE-2006-2195 (Cross-site scripting (XSS) vulnerability in horde 3 (horde3) before ...)
	{DSA-1099-1 DSA-1098-1}
	- horde3 3.1.1-3
CVE-2006-2194 (The winbind plugin in pppd for ppp 2.4.4 and earlier does not check ...)
	{DSA-1106}
	- ppp 2.4.4rel-1 (medium)
CVE-2006-2193 (Buffer overflow in the t2p_write_pdf_string function in tiff2pdf in libtiff ...)
	{DSA-1091-1}
	- tiff 3.8.2-4 (bug #371064; bug #370355; medium)
CVE-2006-2191 (** DISPUTED ** ...)
	- mailman <unfixed> (unimportant)
	NOTE: not exploitable
CVE-2006-2190 (Cross-site scripting (XSS) vulnerability in ow-shared.pl in ...)
	NOT-FOR-US: OpenWebMail
CVE-2006-2189 (SQL injection vulnerability in search.php in Servous sBLOG 0.7.2 ...)
	NOT-FOR-US: Servous sBLOG
CVE-2006-2188 (Multiple cross-site scripting (XSS) vulnerabilities in CMScout 1.10 ...)
	NOT-FOR-US: CMScout
CVE-2006-2187 (Multiple cross-site scripting (XSS) vulnerabilities in zenphoto 1.0.1 ...)
	NOT-FOR-US: zenphoto
CVE-2006-2186 (zenphoto 1.0.1 beta and earlier allow remote attackers to obtain ...)
	NOT-FOR-US: zenphoto
CVE-2006-2185 (PORTAL.NLM in Novell Netware 6.5 SP5 writes the username and password ...)
	NOT-FOR-US: Novell
CVE-2006-2184 (Cross-site scripting (XSS) vulnerability in search.php in PHPKB ...)
	NOT-FOR-US: PHPKB Knowledge Base
CVE-2006-2183 (Untrusted search path vulnerability in Truecrypt 4.1, when running ...)
	NOT-FOR-US: Truecrypt
CVE-2006-2182 (Multiple PHP remote file inclusion vulnerabilities in (1) eday.php, ...)
	NOT-FOR-US: albinator
CVE-2006-2181 (Multiple cross-site scripting (XSS) vulnerabilities in Albinator 2.0.8 ...)
	NOT-FOR-US: albinator
CVE-2006-2180 (Buffer overflow in Golden FTP Server Pro 2.70 allows remote attackers ...)
	NOT-FOR-US: Golden FTP Server Pro
CVE-2006-2179 (Multiple SQL injection vulnerabilities in CyberBuild allow remote ...)
	NOT-FOR-US: CyberBuild
CVE-2006-2178 (Multiple cross-site scripting (XSS) vulnerabilities in CyberBuild ...)
	NOT-FOR-US: CyberBuild
CVE-2006-2177 (Cross-site scripting (XSS) vulnerability in viewcat.php in geoBlog 1.0 ...)
	NOT-FOR-US: geoBlog
CVE-2006-2176 (Multiple cross-site scripting (XSS) vulnerabilities in links.php in ...)
	NOT-FOR-US: PHP Linkliste
CVE-2006-2175 (PHP remote file inclusion vulnerability in FtrainSoft Fast Click 2.3.8 ...)
	NOT-FOR-US: Fast Click
CVE-2006-2174 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
	NOT-FOR-US: Virtual Hosting Control System (VHCS)
CVE-2006-2173 (Buffer overflow in FileZilla FTP Server 2.2.22 allows remote ...)
	NOT-FOR-US: FileZilla FTP Server
CVE-2006-2172 (Buffer overflow in Gene6 FTP Server 3.1.0 allows remote authenticated ...)
	NOT-FOR-US: Gene6 FTP Server
CVE-2006-2171 (Buffer overflow in WDM.exe in WarFTPD allows remote attackers to ...)
	NOT-FOR-US: WarFTPD
CVE-2006-2170 (Buffer overflow in ArgoSoft FTP Server 1.4.3.6 allows remote attackers ...)
	NOT-FOR-US: ArgoSoft FTP Server
CVE-2006-2169 (RT: Request Tracker 3.5.HEAD allows remote attackers to obtain ...)
	- request-tracker3.4 <not-affected> (file not included in 3.4)
CVE-2006-2168 (FileProtection Express 1.0.1 and earlier allows remote attackers to ...)
	NOT-FOR-US: FileProtection Express
CVE-2006-2167 (Cross-site scripting (XSS) vulnerability in SloughFlash SF-Users 1.0, ...)
	NOT-FOR-US: SloughFlash
CVE-2006-2166 (Unspecified vulnerability in the HTTP management interface in Cisco ...)
	NOT-FOR-US: Cisco
CVE-2006-2165 (Multiple cross-site scripting (XSS) vulnerabilities in Avactis ...)
	NOT-FOR-US: Avactis
CVE-2006-2164 (Multiple SQL injection vulnerabilities in Avactis Shopping Cart 0.1.2 ...)
	NOT-FOR-US: Avactis
CVE-2006-2163 (Cross-site scripting (XSS) vulnerability in index.php in Pinnacle Cart ...)
	NOT-FOR-US: Pinnacle
CVE-2006-2162 (Buffer overflow in CGI scripts in Nagios 1.x before 1.4 and 2.x before ...)
	{DSA-1072-1}
	- nagios 2:1.4-1 (bug #366682; bug #366803; medium)
	- nagios2 2.3-1 (bug #366683; medium)
CVE-2006-2161 (Buffer overflow in (1) TZipBuilder 1.79.03.01, (2) Abakt 0.9.2 and ...)
	NOT-FOR-US: TZipBuilder/Abakt
CVE-2006-2160 (Cross-site scripting (XSS) vulnerability in Russcom Network Loginphp ...)
	NOT-FOR-US: Russcom
CVE-2006-2159 (CRLF injection vulnerability in help.php in Russcom Network Loginphp ...)
	NOT-FOR-US: Russcom
CVE-2006-2158 (Dynamic variable evaluation vulnerability in index.php in Stadtaus ...)
	NOT-FOR-US: Stadtaus
CVE-2006-2157 (SQL injection vulnerability in gallery.php in Plogger Beta 2.1 and ...)
	NOT-FOR-US: Plogger
CVE-2006-2156 (Directory traversal vulnerability in help/index.php in X7 Chat 2.0 and ...)
	NOT-FOR-US: X7 Chat
CVE-2006-2155 (EMC Retrospect for Windows 6.5 before 6.5.382, 7.0 before 7.0.344, and ...)
	NOT-FOR-US: EMC Retrospect
CVE-2006-2154 (EMC Retrospect for Windows 6.5 before 6.5.382, 7.0 before 7.0.344, and ...)
	NOT-FOR-US: EMC Retrospect
CVE-2006-2153 (Cross-site scripting (XSS) vulnerability in HTM_PASSWD in DirectAdmin ...)
	NOT-FOR-US: DirectAdmin
CVE-2006-2152 (PHP remote file inclusion vulnerability in admin/addentry.php in phpBB ...)
	NOT-FOR-US: phpBB Advanced Guestbook
CVE-2006-2151 (PHP remote file inclusion vulnerability in toplist.php in phpBB ...)
	NOT-FOR-US: phpBB TopList
CVE-2006-2150 (PHP remote file inclusion vulnerability in top/list.php in phpBB ...)
	NOT-FOR-US: phpBB TopList
CVE-2006-2149 (PHP remote file inclusion vulnerability in sources/lostpw.php in ...)
	NOT-FOR-US: Aardvark Topsites
CVE-2006-2147 (resmgrd in resmgr for SUSE Linux and other distributions does not ...)
	{DSA-1047-1}
	- resmgr 1.0-4 (low)
CVE-2006-2146 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...)
	NOT-FOR-US: HB-NS
CVE-2006-2145 (Multiple SQL injection vulnerabilities in index.php in HB-NS 1.1.6 ...)
	NOT-FOR-US: HB-NS
CVE-2006-2144 (PHP remote file inclusion vulnerability in kopf.php in DMCounter ...)
	NOT-FOR-US: DMCounter
CVE-2006-2143 (Multiple cross-site scripting (XSS) vulnerabilities in TextFileBB ...)
	NOT-FOR-US: TextFileBB
CVE-2006-2142 (PHP remote file inclusion vulnerability in classes/adodbt/sql.php in ...)
	NOT-FOR-US: Limbo
CVE-2006-2141 (Cross-site scripting (XSS) vulnerability in popup_image in ...)
	NOT-FOR-US: Collaborative Portal Server
CVE-2006-2140 (Multiple cross-site scripting (XSS) vulnerabilities in OrbitHYIP 2.0 ...)
	NOT-FOR-US: OrbitHYIP
CVE-2006-2139 (Multiple SQL injection vulnerabilities in PHP Newsfeed 20040723 allow ...)
	NOT-FOR-US: PHP Newsfeed
CVE-2006-2138 (Cross-site scripting (XSS) vulnerability in neomail.pl in NeoMail 1.29 ...)
	NOT-FOR-US: NeoMail
CVE-2006-2137 (PHP remote file inclusion vulnerability in master.php in OpenPHPNuke ...)
	NOT-FOR-US: OpenPHPNuke
CVE-2006-2136 (SQL injection vulnerability in news.php in AZNEWS allows remote ...)
	NOT-FOR-US: AZNEWS
CVE-2006-2135 (SQL injection vulnerability in login.php in Ruperts News allows remote ...)
	NOT-FOR-US: Ruperts News
CVE-2006-2134 (PHP remote file inclusion vulnerability in /includes/kb_constants.php ...)
	NOT-FOR-US: phpbb2 mod
CVE-2005-4794 (Cisco IP Phones 7902/7905/7912, ATA 186/188, Unity Express, ACNS, and ...)
	NOT-FOR-US: Cisco
CVE-2006-2148 (Multiple buffer overflows in client.c in CGI:IRC (CGIIRC) before 0.5.8 ...)
	{DSA-1052-1}
	- cgiirc 0.5.9-1 (bug #365680; medium)
	[sarge] - cgiirc 0.5.4-6sarge1 (bug #365680; medium)
CVE-2006-2133 (SQL injection vulnerability in index.php in BoonEx Barracuda 1.1 and ...)
	NOT-FOR-US: BoonEx Barracuda
CVE-2006-2132 (SQL injection vulnerability in detail.asp in DUclassified allows ...)
	NOT-FOR-US: DUclassified
CVE-2006-2131 (include/class_poll.php in Advanced Poll 2.0.4 uses the ...)
	NOT-FOR-US: Advanced Poll
CVE-2006-2130 (SQL injection vulnerability in include/class_poll.php in Advanced Poll ...)
	NOT-FOR-US: Advanced Poll
CVE-2006-2129 (Direct static code injection vulnerability in Pro Publish 2.0 allows ...)
	NOT-FOR-US: Pro Publish
CVE-2006-2128 (Multiple SQL injection vulnerabilities in Pro Publish 2.0 allow remote ...)
	NOT-FOR-US: Pro Publish
CVE-2006-2127 (SQL injection vulnerability in weblog_posting.php in Blog Mod 0.2.x ...)
	NOT-FOR-US: Blog Mod
CVE-2006-2126 (SQL injection vulnerability in pocategories.php in MaxTrade 1.0.1 and ...)
	NOT-FOR-US: MaxTrade
CVE-2006-2125
	REJECTED
CVE-2006-2124 (Multiple cross-site scripting (XSS) vulnerabilities in SunShop 3.5 and ...)
	NOT-FOR-US: SunShop
CVE-2006-2123 (Multiple SQL injection vulnerabilities in the report interface in ...)
	NOT-FOR-US: Network Administration Visualiazed
CVE-2006-2122 (PHP remote file inclusion vulnerability in index.php in CoolMenus allows ...)
	NOT-FOR-US: CoolMenus
CVE-2006-2121 (PHP remote file include vulnerability in admin/config_settings.tpl.php ...)
	NOT-FOR-US: I-RATER Platinum
CVE-2006-2120 (The TIFFToRGB function in libtiff before 3.8.1 allows remote attackers ...)
	{DSA-1078-1}
	- tiff 3.8.1 (bug #366588; medium)
CVE-2006-2119 (PHP remote file inclusion vulnerability in event/index.php in Artmedic ...)
	NOT-FOR-US: Artmedic
CVE-2006-2118 (JMK's Picture Gallery allows remote attackers to bypass authentication ...)
	NOT-FOR-US: JMK
CVE-2006-2117 (Cross-site scripting (XSS) vulnerability in Thyme 1.3 allows remote ...)
	NOT-FOR-US: Thyme
CVE-2006-2116 (planetGallery allows remote attackers to gain administrator privileges ...)
	NOT-FOR-US: planetGallery
CVE-2006-2115 (Format string vulnerability in SWS web Server 0.1.7 allows remote ...)
	NOT-FOR-US: SWS
CVE-2006-2114 (Buffer overflow in SWS web Server 0.1.7 allows remote attackers to ...)
	NOT-FOR-US: SWS
CVE-2006-2113 (The embedded HTTP server in Fuji Xerox Printing Systems (FXPS) print ...)
	NOT-FOR-US: Fuji Xerox Printing Systems
CVE-2006-2112 (Fuji Xerox Printing Systems (FXPS) print engine, as used in products ...)
	NOT-FOR-US: Fuji Xerox Printing Systems
CVE-2006-2111 (A component in Microsoft Outlook Express 6 allows remote attackers to ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2006-2110 (Virtual Private Server (Vserver) 2.0.x before 2.0.2-rc18 and 2.1.x ...)
	{DSA-1060-1}
	- kernel-patch-vserver 2:2.0.1-4 (low)
	- linux-2.6 2.6.16-11 (low)
CVE-2006-2109 (Cross-site scripting (XSS) vulnerability in the parse_query_str ...)
	NOTE: #357204: request for removal
	- jsboard 2.0.10-2 (bug #368305; low)
CVE-2006-2108 (parser.exe in Oc&#233; (OCE) 3121/3122 Printer allows remote attackers to ...)
	NOT-FOR-US: OCE
CVE-2006-2107 (Buffer overflow in BL4 SMTP Server 0.1.4 and earlier allows remote ...)
	NOT-FOR-US: BL4
CVE-2006-2106 (Cross-site scripting (XSS) vulnerability in Edgewall Software Trac ...)
	- trac 0.9.5-1 (medium)
	[sarge] - trac <unfixed> (medium)
	NOTE: http://trac.edgewall.org/changeset/3201
	NOTE: http://trac.edgewall.org/changeset/3287
	NOTE: the second reference fixes a regression in the first.  i *believe*
	NOTE: that these correctly solve the problem, though we really ought
	NOTE: to run this by upstream or the reporter.
CVE-2006-2105 (Directory traversal vulnerability in index.php in Jupiter CMS 1.1.4 ...)
	NOT-FOR-US: Jupiter
CVE-2006-2104 (Multiple cross-site scripting (XSS) vulnerabilities in Kamgaing Email ...)
	NOT-FOR-US: Kamgaing
CVE-2006-2103 (SQL injection vulnerability in MyBB (MyBulletinBoard) 1.1.1 allows ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2006-2102 (Directory traversal vulnerability in PowerISO 2.9 allows remote ...)
	NOT-FOR-US: PowerISO
CVE-2006-2101 (Directory traversal vulnerability in WinISO 5.3 allows remote ...)
	NOT-FOR-US: WinISO
CVE-2006-2100 (Directory traversal vulnerability in Magic ISO 5.0 Build 0166 allows ...)
	NOT-FOR-US: Magic ISO
CVE-2006-2099 (Directory traversal vulnerability in UltraISO 8.0.0.1392 allows remote ...)
	NOT-FOR-US: UltraISO
CVE-2006-2098 (PHP remote file inclusion vulnerability in Thumbnail AutoIndex before ...)
	NOT-FOR-US: Thumbnail AutoIndex
CVE-2006-2097 (SQL injection vulnerability in func_msg.php in Invision Power Board ...)
	NOT-FOR-US: Invision
CVE-2006-2096 (plug.php in Land Down Under (LDU) 802 and earlier allows remote ...)
	NOT-FOR-US: LDU
CVE-2006-2095 (Phex before 2.8.6 allows remote attackers to cause a denial of service ...)
	NOT-FOR-US: Phex
CVE-2006-2094 (Microsoft Internet Explorer before Windows XP Service Pack 2 and ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2006-2093 (Nessus before 2.2.8, and 3.x before 3.0.3, allows user-assisted ...)
	- libnasl 2.2.8-1 (bug #365898; low)
	[sarge] - libnasl <no-dsa> (Hardly exploitable, see #365898)
CVE-2006-2092 (Unspecified vulnerability in HP StorageWorks Secure Path for Windows ...)
	NOT-FOR-US: HP
CVE-2006-2091 (admin.php in Virtual War (VWar) 1.5 and versions before 1.2 allows ...)
	NOT-FOR-US: Virtual War
CVE-2006-2090 (Multiple SQL injection vulnerabilities in misc.php in MySmartBB 1.1.x ...)
	NOT-FOR-US: MySmartBB
CVE-2006-2089 (Multiple cross-site scripting (XSS) vulnerabilities in misc.php in ...)
	NOT-FOR-US: OpenBB
CVE-2006-2088 (Multiple cross-site scripting (XSS) vulnerabilities in Devsyn Open ...)
	NOT-FOR-US: OpenBB
CVE-2006-2087 (The Gmax Mail client in Hitachi Groupmax before 20060426 allows remote ...)
	NOT-FOR-US: Hitachi Groupmax
CVE-2006-2086 (Buffer overflow in JuniperSetupDLL.dll, loaded from JuniperSetup.ocx ...)
	NOT-FOR-US: juniper SSL-VPN
CVE-2006-2085 (Multiple buffer overflows in (1) CxAce60.dll and (2) CxAce60u.dll in ...)
	NOT-FOR-US: SpeedProject Squeez
CVE-2006-2084 (Multiple cross-site scripting (XSS) vulnerabilities in FarsiNews 2.5.3 ...)
	NOT-FOR-US: FarsiNews
CVE-2006-2083 (Integer overflow in the receive_xattr function in the extended ...)
	- rsync 2.6.8-1 (bug #365614; high)
	[sarge] - rsync <not-affected> (xattr patch appeared in 2.6.7)
	[woody] - rsync <not-affected> (xattr patch appeared in 2.6.7)
CVE-2006-2082 (Directory traversal vulnerability in Quake 3 engine, as used in ...)
	NOT-FOR-US: Quake 3
CVE-2006-2081 (Oracle Database Server 10g Release 2 allows local users to execute ...)
	NOT-FOR-US: Oracle
CVE-2006-2080 (SQL injection vulnerability in portfolio_photo_popup.php in Verosky ...)
	NOT-FOR-US: Verosky
CVE-2006-2079 (Cross-site scripting (XSS) vulnerability in portfolio.php in Verosky ...)
	NOT-FOR-US: Verosky
CVE-2006-2078 (Multiple unspecified vulnerabilities in multiple FITELnet products, ...)
	NOT-FOR-US: FITELnet
CVE-2006-2077 (Buffer overflow in Paul Rombouts pdnsd before 1.2.4 has unknown impact ...)
	- pdnsd 1.2.4par-0.1 (bug #368268; medium)
CVE-2006-2076 (Memory leak in Paul Rombouts pdnsd before 1.2.4 allows remote ...)
	- pdnsd 1.2.4par-0.1 (bug #368268; medium)
CVE-2006-2075 (Unspecified vulnerability in MyDNS 1.1.0 allows remote attackers to ...)
	[sarge] - mydns 1.0.0-4sarge1
	- mydns 1.1.0+pre-3 (medium; bug #348826)
CVE-2006-2074 (Unspecified vulnerability in Juniper Networks JUNOSe E-series routers ...)
	NOT-FOR-US: Juniper Networks JUNOSe
CVE-2006-2073 (Unspecified vulnerability in ISC BIND allows remote attackers to cause ...)
	- bind9 <unfixed> (unimportant)
	NOTE: Only exploitable by trusted users after TSIG transaction
CVE-2006-2072 (Multiple unspecified vulnerabilities in DeleGate 9.x before 9.0.6 and ...)
	NOT-FOR-US: DeleGate
CVE-2005-4793 (Multiple unspecified vulnerabilities in the web utility function in ...)
	NOT-FOR-US: Hitachi
CVE-2005-4792 (SQL injection vulnerability in index.php in Appalachian State ...)
	NOT-FOR-US: phpWebSite
CVE-2004-2659 (Opera offers an Open button to verify that a user wishes to execute a ...)
	NOT-FOR-US: Opera
CVE-2006-2071 (Linux kernel 2.4.x and 2.6.x up to 2.6.16 allows local users to bypass ...)
	- linux-2.6 2.6.16-8
CVE-2006-2070 (Cross-site scripting (XSS) vulnerability in member.php in DevBB 1.0.0 ...)
	NOT-FOR-US: DevBB
CVE-2006-2069 (The recursor in PowerDNS before 3.0.1 allows remote attackers to cause ...)
	- pdns-recursor 3.0.1-1 (medium)
CVE-2006-2068 (Unspecified vulnerability in Hitachi JP1 products allow remote ...)
	NOT-FOR-US: Hitachi JP1
CVE-2006-2067 (SQL injection vulnerability in vb_board_functions.php in MKPortal 1.1, ...)
	NOT-FOR-US: MKPortal
CVE-2006-2066 (Multiple cross-site scripting (XSS) vulnerabilities pm_popup.php in ...)
	NOT-FOR-US: MKPortal
CVE-2006-2065 (SQL injection vulnerability in save.php in PHPSurveyor 0.995 and ...)
	NOT-FOR-US: PHPSurveyor
CVE-2006-2064 (Unspecified vulnerability in the libpkcs11 library in Sun Solaris 10 ...)
	NOT-FOR-US: Sun
CVE-2006-2063 (Multiple cross-site scripting (XSS) vulnerabilities in Leadhound Full ...)
	NOT-FOR-US: Leadhound
CVE-2006-2062 (Multiple SQL injection vulnerabilities in Leadhound Full and LITE 2.1, ...)
	NOT-FOR-US: Leadhound
CVE-2006-2061 (SQL injection vulnerability in lib/func_taskmanager.php in Invision ...)
	NOT-FOR-US: Invision
CVE-2006-2060 (Directory traversal vulnerability in action_admin/paysubscriptions.php ...)
	NOT-FOR-US: Invision
CVE-2006-2059 (action_public/search.php in Invision Power Board (IPB) 2.1.x and 2.0.x ...)
	NOT-FOR-US: Invision
CVE-2006-2058 (Argument injection vulnerability in Avant Browser 10.1 Build 17 allows ...)
	NOT-FOR-US: Avant
CVE-2006-2057 (Argument injection vulnerability in Mozilla Firefox 1.0.6 allows ...)
	NOT-FOR-US: Only on Windows
CVE-2006-2056 (Argument injection vulnerability in Internet Explorer 6 for Windows XP ...)
	NOT-FOR-US: Microsoft
CVE-2006-2055 (Argument injection vulnerability in Microsoft Outlook 2003 SP1 allows ...)
	NOT-FOR-US: Micrsoft Outlook
CVE-2006-2054 (3Com Baseline Switch 2848-SFP Plus Model #3C16486 with firmware before ...)
	NOT-FOR-US: 3Com
CVE-2006-2053 (Multiple SQL injection vulnerabilities in QuickEStore 7.9 and earlier ...)
	NOT-FOR-US: QuickEStore
CVE-2006-2052 (Cross-site scripting (XSS) vulnerability in Verosky Media Instant ...)
	NOT-FOR-US: Verosky
CVE-2006-2051 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
	NOT-FOR-US: NextAge
CVE-2006-2050 (SQL injection vulnerability in dcboard.cgi in DCScripts DCForumLite ...)
	NOT-FOR-US: DCScripts
CVE-2006-2049 (Cross-site scripting (XSS) vulnerability in dcboard.cgi in DCScripts ...)
	NOT-FOR-US: DCScripts
CVE-2006-2048 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...)
	NOT-FOR-US: phpWebFTP
CVE-2006-2047 (Application Dynamics Cartweaver ColdFusion 2.16.11 and earlier allows ...)
	NOT-FOR-US: ColdFusion
CVE-2006-2046 (Multiple SQL injection vulnerabilities in Application Dynamics ...)
	NOT-FOR-US: ColdFusion
CVE-2006-2045 (The (1) shadow password file in na-img-4.0.34.bin for the IP3 Networks ...)
	NOT-FOR-US: IP3
CVE-2006-2044 (na-img-4.0.34.bin for the IP3 Networks NetAccess NA75 has a default ...)
	NOT-FOR-US: IP3
CVE-2006-2043 (na-img-4.0.34.bin for the IP3 Networks NetAccess NA75 allows local ...)
	NOT-FOR-US: IP3
CVE-2006-2042 (Adobe Dreamweaver 8 before 8.0.2 and MX 2004 can generate code that ...)
	NOT-FOR-US: Adobe
CVE-2006-2041 (PhpWebGallery before 1.6.0RC1 allows remote attackers to obtain ...)
	NOT-FOR-US: PhpWebGallery
CVE-2006-2040 (Multiple SQL injection vulnerabilities in photokorn 1.53 and 1.542 ...)
	NOT-FOR-US: photokorn
CVE-2006-2039 (Multiple SQL injection vulnerabilities in the osTicket module in Help ...)
	NOT-FOR-US: Help Center Live
CVE-2006-2038 (Multiple SQL injection vulnerabilities in ampleShop 2.1 and earlier ...)
	NOT-FOR-US: ampleShop
CVE-2006-2037 (Cross-site scripting (XSS) vulnerability in index.php in Thwboard 3.0 ...)
	NOT-FOR-US: Thwboard
CVE-2006-2036 (iOpus Secure Email Attachments (SEA), probably 1.0, does not properly ...)
	NOT-FOR-US: iOpus
CVE-2006-2035 (Websense, when configured to permit access to the dynamic content ...)
	NOT-FOR-US: Websense
CVE-2006-2034 (SQL injection vulnerability in function/showprofile.php in FlexBB ...)
	NOT-FOR-US: FlexBB
CVE-2006-2033 (PHP remote file inclusion vulnerability in Core CoreNews 2.0.1 and ...)
	NOT-FOR-US: Core
CVE-2006-2032 (Multiple SQL injection vulnerabilities in Core CoreNews 2.0.1 and ...)
	NOT-FOR-US: Core
CVE-2006-2031 (Cross-site scripting (XSS) vulnerability in index.php in phpMyAdmin ...)
	- phpmyadmin 4:2.8.1-1 (bug #363519; low)
	[sarge] - phpmyadmin <not-affected> (Vulnerable code not present)
CVE-2006-2030 (The Allied Telesyn AT-9724TS switch allows remote attackers to cause a ...)
	NOT-FOR-US: Allied Telesyn
CVE-2006-2029 (Multiple SQL injection vulnerabilities in Jeremy Ashcraft Simplog ...)
	NOT-FOR-US: Simplog
CVE-2006-2028 (Cross-site scripting (XSS) vulnerability in imagelist.php in Jeremy ...)
	NOT-FOR-US: Simplog
CVE-2006-2027 (Buffer overflow in Unicode processing in the logging functionality in ...)
	NOT-FOR-US: Pablo Software
CVE-2006-2026 (Double free vulnerability in tif_jpeg.c in libtiff before 3.8.1 allows ...)
	{DSA-1054-1}
	[sarge] - tiff 3.7.2-3sarge1
	[woody] - tiff 3.5.5-7woody1
	- tiff 3.8.1
CVE-2006-2025 (Integer overflow in the TIFFFetchData function in tif_dirread.c for ...)
	{DSA-1054-1}
	[sarge] - tiff 3.7.2-3sarge1
	[woody] - tiff 3.5.5-7woody1
	- tiff 3.8.1
CVE-2006-2024 (Multiple vulnerabilities in libtiff before 3.8.1 allow ...)
	{DSA-1054-1}
	[sarge] - tiff 3.7.2-3sarge1
	[woody] - tiff 3.5.5-7woody1
	- tiff 3.8.1
CVE-2006-2023 (Integer overflow in the RTSP_msg_len function in rtsp/RTSP_msg_len.c ...)
	NOT-FOR-US: Fenice
CVE-2006-2022 (Buffer overflow in the parse_url function in the RTSP module ...)
	NOT-FOR-US: Fenice
CVE-2006-2021 (Absolute path traversal vulnerability in recordings/misc/audio.php in ...)
	NOT-FOR-US: Asterisk@Home
CVE-2006-2020 (Asterisk Recording Interface (ARI) in Asterisk@Home before 2.8 stores ...)
	NOT-FOR-US: Asterisk@Home
CVE-2006-2019 (Apple Mac OS X Safari 2.0.3, 1.3.1, and possibly other versions allows ...)
	NOT-FOR-US: Apple
CVE-2005-4791 (Multiple untrusted search path vulnerabilities in SUSE Linux 10.0 ...)
	{DTSA-107-1}
	- beagle 0.2.13-1 (low)
	[etch] - beagle <no-dsa> (Minor issue)
	- banshee 0.11.2+dfsg-1 (low)
	- liferea 1.4.9-1 (low; bug #451548)
	[etch] - liferea <no-dsa> (Minor issue)
	- blam 1.8.4-1 (low)
	[etch] - blam <no-dsa> (Minor issue)
	TODO: check all packages
	NOTE: lintian bug filed: #451559
CVE-2005-4790 (Multiple untrusted search path vulnerabilities in SUSE Linux 9.3 and ...)
	- tomboy 0.8.1-2 (low)
	[etch] - tomboy <no-dsa> (Minor issue)
CVE-2005-4789 (resmgr in SUSE Linux 9.2 and 9.3, and possibly other distributions, ...)
	- resmgr <not-affected>
CVE-2005-4788 (resmgr in SUSE Linux 9.2 and 9.3, and possibly other distributions, ...)
	- resmgr <not-affected>
CVE-2004-2658 (resmgr in SUSE CORE 9 does not properly identify terminal names, which ...)
	- resmgr <not-affected>
CVE-2006-XXXX [librsvg2 crash on certain svg files]
	- librsvg 2.14.3-2 (bug #361653; bug #361540; medium)
CVE-2006-2018 (SQL injection vulnerability in calendar.php in vBulletin 3.0.x allows ...)
	NOT-FOR-US: vBulletin
CVE-2006-2017 (Dnsmasq 2.29 allows remote attackers to cause a denial of service ...)
	- dnsmasq 2.30-1 (medium)
	[sarge] - dnsmasq <not-affected> (Vulnerability was introduced in 2.28)
CVE-2006-2016 (Multiple cross-site scripting (XSS) vulnerabilities in phpLDAPadmin ...)
	{DSA-1057-1}
	- phpldapadmin 0.9.8.3-1 (bug #365313; low)
	- egroupware 1.2-104.dfsg-1 (bug #365314; low)
	NOTE: egroupware 1.2-1.dfsg-1 dropped phpldapadmin
CVE-2006-2015 (Cross-site scripting (XSS) vulnerability in SL_site 1.0 allows remote ...)
	NOT-FOR-US: SL_site
CVE-2006-2014 (Directory traversal vulnerability in gallerie.php in SL_site 1.0 ...)
	NOT-FOR-US: SL_site
CVE-2006-2013 (SQL injection vulnerability in page.php in SL_site 1.0 allows remote ...)
	NOT-FOR-US: SL_site
CVE-2006-2012 (Format string vulnerability in Skulltag 0.96f and earlier allows ...)
	NOT-FOR-US: Skulltag
CVE-2006-2011 (Cross-site scripting (XSS) vulnerability in member.php in 4images 1.7 ...)
	NOT-FOR-US: 4images
CVE-2006-2010 (Multiple SQL injection vulnerabilities in check_login.asp in Bloggage ...)
	NOT-FOR-US: Bloggage
CVE-2006-2009 (PHP remote file inclusion vulnerability in agenda.php3 in phpMyAgenda ...)
	NOT-FOR-US: phpMyAgenda
CVE-2006-2008 (PHP remote file inclusion vulnerability in movie_cls.php in Built2Go ...)
	NOT-FOR-US: Built2Go
CVE-2006-2007 (Heap-based buffer overflow in Winny 2.0 b7.1 and earlier allows remote ...)
	NOT-FOR-US: Winny
CVE-2006-2006 (Multiple directory traversal vulnerabilities in IZArc Archiver 3.5 ...)
	NOT-FOR-US: IZArc Archiver
CVE-2006-2005 (Eval injection vulnerability in index.php in ClanSys 1.1 allows remote ...)
	NOT-FOR-US: ClanSys
CVE-2006-2004 (Multiple SQL injection vulnerabilities in RI Blog 1.1 allow remote ...)
	NOT-FOR-US: RI Blog
CVE-2006-2003 (Cross-site scripting (XSS) vulnerability in cgi-bin/guest in Community ...)
	NOT-FOR-US: Community Architect Guestbook
CVE-2006-2002 (PHP remote file inclusion vulnerability in stats.php in MyGamingLadder ...)
	NOT-FOR-US: MyGamingLadder
CVE-2006-2001 (Cross-site scripting (XSS) vulnerability in index.php in Scry Gallery ...)
	NOT-FOR-US: Scry Gallery
CVE-2006-2000 (Cross-site scripting (XSS) vulnerability in /lms/a2z.jsp in logMethods ...)
	NOT-FOR-US: logMethods
CVE-2006-1999 (The multiplayer menu in OpenTTD 0.4.7 allows remote attackers to cause ...)
	NOT-FOR-US: OpenTTD
CVE-2006-1998 (OpenTTD 0.4.7 and earlier allows local users to cause a denial of ...)
	NOT-FOR-US: OpenTTD
CVE-2006-1997 (Unspecified vulnerability in Sybase Pylon Anywhere groupware ...)
	NOT-FOR-US: Sybase Pylon Anywhere
CVE-2006-1996 (Scry Gallery 1.1 allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: Scry Gallery
CVE-2006-1995 (Directory traversal vulnerability in index.php in Scry Gallery 1.1 ...)
	NOT-FOR-US: Scry Gallery
CVE-2006-1994 (PHP remote file inclusion vulnerability in dForum 1.5 and earlier ...)
	NOT-FOR-US: dForum
CVE-2006-1992 (mshtml.dll 6.00.2900.2873, as used in Microsoft Internet Explorer, ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2006-1991 (The substr_compare function in string.c in PHP 5.1.2 allows ...)
	- php4 <not-affected> (substr_compare does not exist in PHP 4.4.2)
	- php5 5.1.4-0.1 (bug #365312; medium)
CVE-2006-1990 (Integer overflow in the wordwrap function in string.c in PHP 4.4.2 and ...)
	- php4 4:4.4.2-1.1 (bug #365311; unimportant)
	- php5 5.1.4-0.1 (bug #365312; unimportant)
	NOTE: This could only be exploited by a malicious, local user, which is an
	NOTE: unsupported use case
CVE-2006-1989 (Buffer overflow in the get_database function in the HTTP client in ...)
	{DSA-1050-1}
	- clamav 0.88.2
	[sarge] - clamav 0.84-2.sarge.9
CVE-2006-1988 (The WebTextRenderer(WebInternal) _CG_drawRun:style:geometry: function ...)
	NOT-FOR-US: Apple Safari
	NOTE: PoC exploit does not work with konqueror 4:3.5.2-2
CVE-2006-1987 (Apple Safari 2.0.3 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Apple Safari
	NOTE: PoC exploit does not work with konqueror 4:3.5.2-2
CVE-2006-1986 (Apple Safari 2.0.3 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Apple Safari
	NOTE: PoC exploit does not work with konqueror 4:3.5.2-2
CVE-2006-1985 (Heap-based buffer overflow in BOM BOMArchiveHelper 10.4 (6.3) Build ...)
	NOT-FOR-US: BOMArchiveHelper
CVE-2006-1984 (Unspecified vulnerability in the _cg_TIFFSetField function in Mac OS X ...)
	NOT-FOR-US: Mac OS X
CVE-2006-1983 (Multiple heap-based buffer overflows in Mac OS X 10.4.6 and earlier ...)
	NOT-FOR-US: Mac OS X
CVE-2006-1982 (Heap-based buffer overflow in the LZWDecodeVector function in Mac OS X ...)
	NOT-FOR-US: Mac OS X
CVE-2006-1981 (Unspecified vulnerability in Java InputMethods on Mac OS X 10.4.5 may ...)
	NOT-FOR-US: Mac OS X
CVE-2006-1980 (Cross-site scripting (XSS) vulnerability in W2B Online Banking allows ...)
	NOT-FOR-US: W2B Online Banking
CVE-2006-1979 (Cross-site scripting (XSS) vulnerability in mwguest.php in Manic Web ...)
	NOT-FOR-US: Manic Web MWGuest
CVE-2006-1978 (SQL injection vulnerability in inc/start.php in FlexBB 0.5.5 and ...)
	NOT-FOR-US: FlexBB
CVE-2006-1977 (Cross-site scripting (XSS) vulnerability in FlexBB 0.5.7 BETA and ...)
	NOT-FOR-US: FlexBB
CVE-2006-1993 (Mozilla Firefox 1.5.0.2, when designMode is enabled, allows remote ...)
	{DSA-1055-1 DSA-1053-1}
	- firefox 1.5.dfsg+1.5.0.3-1 (bug #364810; high)
	- mozilla <unfixed> (high)
	[sarge] - mozilla-thunderbird <no-dsa> (Not directly exploitable in Thunderbird)
CVE-2006-XXXX [typo3 mailforms can be abused to send spam]
	- typo3-src 4.0.2-1 (bug #364350)
CVE-2006-XXXX [moinmoin XSS]
	- moin 1.5.3-1
CVE-2006-1976 (Cross-site scripting (XSS) vulnerability in addRequest.php in Prayer ...)
	NOT-FOR-US: Prayer Request Board
CVE-2006-1975 (Cross-site scripting (XSS) vulnerability in guestbook_newentry.php in ...)
	NOT-FOR-US: PHP-Gastebuch
CVE-2006-1974 (SQL injection vulnerability in index.php in MyBB (MyBulletinBoard) ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2006-1973 (Multiple unspecified vulnerabilities in Linksys RT31P2 VoIP router ...)
	NOT-FOR-US: Linksys router
CVE-2006-1972 (Cross-site scripting (XSS) vulnerability in EasyGallery.php in Wingnut ...)
	NOT-FOR-US: EasyGallery
CVE-2006-1971 (Cross-site scripting (XSS) vulnerability in login.php in KRANKIKOM ...)
	NOT-FOR-US: KRANKIKOM ContentBoxX
CVE-2006-1970 (Cross-site scripting (XSS) vulnerability in classifieds/viewcat.cgi in ...)
	NOT-FOR-US: KCScripts Classifieds
CVE-2006-1969 (Cross-site scripting (XSS) vulnerability in search/search.cgi in an ...)
	NOT-FOR-US: KCScripts
CVE-2006-1968 (Cross-site scripting (XSS) vulnerability in news/NsVisitor.cgi in ...)
	NOT-FOR-US: KCScripts
CVE-2006-1967 (Cross-site scripting (XSS) vulnerability in calendar/Visitor.cgi in ...)
	NOT-FOR-US: KCScripts
CVE-2006-1966 (An unspecified Fortinet product, possibly Fortinet28, allows remote ...)
	NOT-FOR-US: Fortinet
CVE-2006-1965 (Multiple cross-site scripting (XSS) vulnerabilities in aasi media Net ...)
	NOT-FOR-US: Net Clubs Pro
CVE-2006-1964 (SQL injection vulnerability in Haberler.asp in ASPSitem 1.83 and ...)
	NOT-FOR-US: ASPSitem
CVE-2006-1963 (Directory traversal vulnerability in main.php in PCPIN Chat 5.0.4 and ...)
	NOT-FOR-US: PCPIN Chat
CVE-2006-1962 (SQL injection vulnerability in PCPIN Chat 5.0.4 and earlier allows ...)
	NOT-FOR-US: PCPIN Chat
CVE-2006-1961 (Cisco CiscoWorks Wireless LAN Solution Engine (WLSE) and WLSE Express ...)
	NOT-FOR-US: Cisco
CVE-2006-1960 (Cross-site scripting (XSS) vulnerability in the appliance web user ...)
	NOT-FOR-US: Cisco
CVE-2006-1959 (PHP remote file inclusion vulnerability in direct.php in ActualScripts ...)
	NOT-FOR-US: ActualScripts ActualAnalyzer Lite
CVE-2006-1958 (Multiple SQL injection vulnerabilities in WWWThreads RC 3 allow remote ...)
	NOT-FOR-US: WWWThreads
CVE-2006-1957 (The com_rss option (rss.php) in (1) Mambo and (2) Joomla! allows ...)
	- mambo 4.6.1-4 (bug #364769; medium)
CVE-2006-1956 (The com_rss option (rss.php) in (1) Mambo and (2) Joomla! allows ...)
	- mambo 4.6.1-4 (bug #364769; medium)
CVE-2006-1955 (PHP remote file inclusion vulnerability in authent.php4 in Nicolas ...)
	NOT-FOR-US: RechnungsZentrale
CVE-2006-1954 (SQL injection vulnerability in authent.php4 in Nicolas Fischer (aka ...)
	NOT-FOR-US: RechnungsZentrale
CVE-2006-1953 (Directory traversal vulnerability in Caucho Resin 3.0.17 and 3.0.18 ...)
	NOT-FOR-US: Caucho
CVE-2006-1952 (Directory traversal vulnerability in WinAgents TFTP Server for Windows ...)
	NOT-FOR-US: WinAgents TFTP Server for Windows
CVE-2006-1951 (Directory traversal vulnerability in SolarWinds TFTP Server 8.1 and ...)
	NOT-FOR-US: SolarWinds TFTP Server
CVE-2006-1950 (Multiple cross-site scripting (XSS) vulnerabilities in banners.cgi in ...)
	NOT-FOR-US: PerlCoders BannerFarm
CVE-2006-1949 (SQL injection vulnerability in plexcart.pl in NicPlex PlexCart X3 and ...)
	NOT-FOR-US: NicPlex PlexCart
CVE-2006-1948 (The &quot;Add Sender to Address Book&quot; operation ...)
	NOT-FOR-US: Lotus Notes
CVE-2006-1947 (Multiple SQL injection vulnerabilities in plexum.php in NicPlex Plexum ...)
	NOT-FOR-US: NicPlex PlexCart
CVE-2006-1946 (Multiple cross-site scripting (XSS) vulnerabilities in Visale 1.0 and ...)
	NOT-FOR-US: Visale
CVE-2006-1945 (Cross-site scripting (XSS) vulnerability in awstats.pl in AWStats 6.5 ...)
	{DSA-1075-1}
	- awstats 6.5-2 (bug #364443; medium)
	NOTE: this might be the same core issue as CVE-2005-2732
CVE-2006-1944 (Multiple cross-site scripting (XSS) vulnerabilities in SibSoft ...)
	NOT-FOR-US: SibSoft CommuniMail
CVE-2006-1943 (Multiple cross-site scripting (XSS) vulnerabilities in Smarter Scripts ...)
	NOT-FOR-US: Smarter Scripts IntelliLink Pro
CVE-2006-1942 (Mozilla Firefox 1.5.0.2 and possibly other versions before 1.5.0.4, ...)
	{DSA-1134-1 DSA-1120 DSA-1118}
	NOTE: MFSA-2006-39
	- firefox 1.5.dfsg+1.5.0.4-1 (low)
	- thunderbird <not-affected> (Windows-specific)
	- mozilla 2:1.7.13-0.3 (low)
	- xulrunner <not-affected> (Windows-specific)
CVE-2006-1941 (Neon Responder 5.4 for LANsurveyor allows remote attackers to cause a ...)
	NOT-FOR-US: Neon Responder
CVE-2006-1940 (Unspecified vulnerability in Ethereal 0.10.4 up to 0.10.14 allows ...)
	{DSA-1049-1}
	- ethereal 0.99.0-1 (bug #364758; medium)
	[sarge] - ethereal 0.10.10-2sarge5 (bug #364758; medium)
	[woody] - ethereal 0.9.4-1woody15 (bug #364758; medium)
CVE-2006-1939 (Multiple unspecified vulnerabilities in Ethereal 0.9.x up to 0.10.14 ...)
	{DSA-1049-1}
	- ethereal 0.99.0-1 (bug #364758; medium)
	[sarge] - ethereal 0.10.10-2sarge5 (bug #364758; medium)
	[woody] - ethereal 0.9.4-1woody15 (bug #364758; medium)
CVE-2006-1938 (Multiple unspecified vulnerabilities in Ethereal 0.8.x up to 0.10.14 ...)
	{DSA-1049-1}
	- ethereal 0.99.0-1 (bug #364758; medium)
	[sarge] - ethereal 0.10.10-2sarge5 (bug #364758; medium)
	[woody] - ethereal 0.9.4-1woody15 (bug #364758; medium)
CVE-2006-1937 (Multiple unspecified vulnerabilities in Ethereal 0.10.x up to 0.10.14 ...)
	{DSA-1049-1}
	- ethereal 0.99.0-1 (bug #364758; medium)
	[sarge] - ethereal 0.10.10-2sarge5 (bug #364758; medium)
	[woody] - ethereal 0.9.4-1woody15 (bug #364758; medium)
CVE-2006-1936 (Buffer overflow in Ethereal 0.8.5 up to 0.10.14 allows remote ...)
	{DSA-1049-1}
	- ethereal 0.99.0-1 (bug #364758; medium)
	[sarge] - ethereal 0.10.10-2sarge5 (bug #364758; medium)
	[woody] - ethereal 0.9.4-1woody15 (bug #364758; medium)
CVE-2006-1935 (Buffer overflow in Ethereal 0.9.15 up to 0.10.14 allows remote ...)
	{DSA-1049-1}
	- ethereal 0.99.0-1 (bug #364758; medium)
	[sarge] - ethereal 0.10.10-2sarge5 (bug #364758; medium)
	[woody] - ethereal 0.9.4-1woody15 (bug #364758; medium)
CVE-2006-1934 (Multiple buffer overflows in Ethereal 0.10.x up to 0.10.14 allow ...)
	{DSA-1049-1}
	- ethereal 0.99.0-1 (bug #364758; medium)
	[sarge] - ethereal 0.10.10-2sarge5 (bug #364758; medium)
	[woody] - ethereal 0.9.4-1woody15 (bug #364758; medium)
CVE-2006-1933 (Multiple unspecified vulnerabilities in Ethereal 0.10.x up to 0.10.14 ...)
	{DSA-1049-1}
	- ethereal 0.99.0-1 (bug #364758; medium)
	[sarge] - ethereal 0.10.10-2sarge5 (bug #364758; medium)
	[woody] - ethereal 0.9.4-1woody15 (bug #364758; medium)
CVE-2006-1932 (Off-by-one error in the OID printing routine in Ethereal 0.10.x up to ...)
	{DSA-1049-1}
	- ethereal 0.99.0-1 (bug #364758; medium)
	[sarge] - ethereal 0.10.10-2sarge5 (bug #364758; medium)
	[woody] - ethereal 0.9.4-1woody15 (bug #364758; medium)
CVE-2006-1931 (The HTTP/XMLRPC server in Ruby before 1.8.2 uses blocking sockets, ...)
	{DSA-1157}
	NOTE: the redhat bugzilla entry says this is fixed in 1.8.3
	- ruby1.8 1.8.3 (bug #365520)
CVE-2006-1930 (** DISPUTED ** ...)
	NOT-FOR-US: Green Minute
CVE-2006-1929 (PHP remote file inclusion vulnerability in include/common.php in ...)
	NOT-FOR-US: I-Rater Platinum
CVE-2006-1928 (Cisco IOS XR, when configured for Multi Protocol Label Switching ...)
	NOT-FOR-US: Cisco
CVE-2006-1927 (Cisco IOS XR, when configured for Multi Protocol Label Switching ...)
	NOT-FOR-US: Cisco
CVE-2006-1926 (SQL injection vulnerability in showtopic.php in ThWboard 2.84 beta 3 ...)
	NOT-FOR-US: ThWboard
CVE-2006-1925 (Directory traversal vulnerability in the editnews module ...)
	NOT-FOR-US: CuteNews
CVE-2006-1924 (SQL injection vulnerability in functions/db_api.php in LinPHA 1.1.1 ...)
	NOT-FOR-US: LinPHA
CVE-2006-1923 (Multiple cross-site scripting (XSS) vulnerabilities in LinPHA before ...)
	NOT-FOR-US: LinPHA
CVE-2006-1922 (PHP remote file inclusion vulnerability in (1) about.php or (2) ...)
	NOT-FOR-US: TotalCalendar
CVE-2006-1921 (nettools.php in PHP Net Tools 2.7.1 allows remote attackers to execute ...)
	NOT-FOR-US: PHP Net Tools
CVE-2006-1920 (SQL injection vulnerability in index.php in PMTool 1.2.2 allows remote ...)
	NOT-FOR-US: PMTool
CVE-2006-1919 (PHP remote file inclusion vulnerability in index.php in Internet ...)
	NOT-FOR-US: Internet Photoshow
CVE-2006-1918 (Multiple cross-site scripting (XSS) vulnerabilities in Papoo 2.1.5 ...)
	NOT-FOR-US: Papoo
CVE-2006-1917 (SQL injection vulnerability in member.php in Blackorpheus ...)
	NOT-FOR-US: Blackorpheus ClanMemberSkript
CVE-2006-1916 (Multiple cross-site scripting (XSS) vulnerabilities in profile.php in ...)
	NOT-FOR-US: DbbS
CVE-2006-1915 (SQL injection vulnerability in topics.php in DbbS 2.0-alpha and ...)
	NOT-FOR-US: DbbS
CVE-2006-1914 (DbbS 2.0-alpha and earlier allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: DbbS
CVE-2006-1913 (Cross-site scripting (XSS) vulnerability in jax_guestbook.php in Jax ...)
	NOT-FOR-US: Jax Guestbook
CVE-2006-1912 (MyBB (MyBulletinBoard) 1.1.0 does not set the constant KILL_GLOBAL ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2006-1911 (Cross-site scripting (XSS) vulnerability in MyBB (MyBulletinBoard) 1.1 ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2006-1910 (config.php in S9Y Serendipity 1.0 beta 2 allows remote attackers to ...)
	- serendipity 1.0-1
CVE-2006-1909 (Directory traversal vulnerability in index.php in Coppermine 1.4.4 ...)
	NOT-FOR-US: Coppermine
CVE-2006-1908 (Cross-site scripting vulnerability in addevent.php in myEvent 1.x ...)
	NOT-FOR-US: myEvent
CVE-2006-1907 (Multiple SQL injection vulnerabilities in myEvent 1.x allow remote ...)
	NOT-FOR-US: myEvent
CVE-2005-4787 (** DISPUTED ** ...)
	NOT-FOR-US: Turnkey Web Tools SunShop Shopping Cart
CVE-2004-2657 (** DISPUTED ** ...)
	- mozilla-firefox <not-affected>
	- firefox <not-affected>
CVE-1999-1588 (Buffer overflow in nlps_server in Sun Solaris x86 2.4, 2.5, and 2.5.1 ...)
	NOT-FOR-US: Sun Solaris
CVE-2006-1906 (Cross-site scripting (XSS) vulnerability in index.php in jjgan852 ...)
	NOT-FOR-US: phpLister
CVE-2006-1905 (Multiple format string vulnerabilities in xiTK (xitk/main.c) in xine ...)
	- xine-ui 0.99.4-1 (bug #363370; unimportant)
	NOTE: This is a non-issue: An attacker would need to trick the user into opening
	NOTE: an MP3 file with a very obviously manipulated filename containing the shellcode
CVE-2006-1904 (Cross-site scripting (XSS) vulnerability in index.php in AnimeGenesis ...)
	NOT-FOR-US: AnimeGenesis Gallery
CVE-2006-1903 (Multiple cross-site scripting (XSS) vulnerabilities in UserLand Manila ...)
	NOT-FOR-US: UserLand Manila
CVE-2006-1902 (fold_binary in fold-const.c in GNU Compiler Collection (gcc) 4.1 ...)
	- gcc-4.1 4.1.0-2 (bug #356896; unimportant)
	NOTE: Turned out to be a non-issue
CVE-2006-1901 (Mozilla Camino 1.0 and earlier allow remote attackers to cause a ...)
	NOT-FOR-US: Mozilla Camino
CVE-2006-1900 (Multiple buffer overflows in World Wide Web Consortium (W3C) Amaya ...)
	- amaya 9.51-1 (bug #362575; medium)
CVE-2006-1899 (Multiple cross-site scripting (XSS) vulnerabilities in dev Neuron Blog ...)
	NOT-FOR-US: Neuron Blog
CVE-2006-1898 (Multiple cross-site scripting (XSS) vulnerabilities in Ralph Capper ...)
	NOT-FOR-US: Tiny PHP Forum
CVE-2006-1897 (Webplus (aka talentsoft) Web+Shop 5.3.6, when Redirect URL for &quot;Script ...)
	NOT-FOR-US: Webplus (aka talentsoft) Web+Shop
CVE-2006-1896 (Unspecified vulnerability in phpBB allows remote authenticated users ...)
	{DSA-1066-1}
	- phpbb2 2.0.18-3 (bug #365533; medium)
CVE-2006-1895 (Direct static code injection vulnerability in includes/template.php in ...)
	- phpbb2 <not-affected> (bug #365535)
CVE-2006-1894 (Cross-site scripting (XSS) vulnerability in RevoBoard 1.8, as derived ...)
	NOT-FOR-US: RevoBoard / PunBB
CVE-2006-1893 (Cross-site scripting (XSS) vulnerability in print.php in ar-blog 5.2 ...)
	NOT-FOR-US: ar-blog
CVE-2006-1892 (avast! 4 Linux Home Edition 1.0.5 allows local users to modify ...)
	NOT-FOR-US: avast! 4 Linux Home Edition
CVE-2006-1891 (Cross-site scripting (XSS) vulnerability in Martin Scheffler betaboard ...)
	NOT-FOR-US: betaboard
CVE-2006-1890 (Multiple PHP remote file inclusion vulnerabilities in myWebland ...)
	NOT-FOR-US: myWebland
CVE-2006-1889 (Cross-site scripting (XSS) vulnerability in the search action handler ...)
	NOT-FOR-US: Boardsolution
CVE-2006-1888 (phpGraphy 0.9.11 and earlier allows remote attackers to bypass ...)
	NOT-FOR-US: phpGraphy
CVE-2006-1887 (Unspecified vulnerability in Oracle JD Edwards EnterpriseOne Security ...)
	NOT-FOR-US: Oracle JD Edwards EnterpriseOne
CVE-2006-1886 (Unspecified vulnerability in the PeopleTools component in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2006-1885 (Multiple unspecified vulnerabilities in the Reporting Framework ...)
	NOT-FOR-US: Oracle
CVE-2006-1884 (Unspecified vulnerability in the Oracle Thesaurus Management System ...)
	NOT-FOR-US: Oracle
CVE-2006-1883 (Unspecified vulnerability in the Oracle Application Object Library ...)
	NOT-FOR-US: Oracle
CVE-2006-1882 (Multiple unspecified vulnerabilities in Oracle E-Business Suite and ...)
	NOT-FOR-US: Oracle
CVE-2006-1881 (Unspecified vulnerability in the Financials for Asia/Pacific component ...)
	NOT-FOR-US: Oracle
CVE-2006-1880 (Multiple unspecified vulnerabilities in Oracle E-Business Suite and ...)
	NOT-FOR-US: Oracle
CVE-2006-1879 (Multiple unspecified vulnerabilities in the Email Server component in ...)
	NOT-FOR-US: Oracle
CVE-2006-1878 (Cross-site scripting (XSS) vulnerability in index.php in phpFaber ...)
	NOT-FOR-US: phpFaber TopSites
CVE-2006-1877 (Unspecified vulnerability in Oracle Database Server 8.1.7.4, 9.0.1.5, ...)
	NOT-FOR-US: Oracle
CVE-2006-1876 (Unspecified vulnerability in Oracle Database Server 9.2.0.7 and ...)
	NOT-FOR-US: Oracle
CVE-2006-1875 (Unspecified vulnerability in Oracle Database Server 9.0.1.5, 9.2.0.7, ...)
	NOT-FOR-US: Oracle
CVE-2006-1874 (Unspecified vulnerability in Oracle Database Server 8.1.7.4, 9.0.1.5, ...)
	NOT-FOR-US: Oracle
CVE-2006-1873 (Unspecified vulnerability in Oracle Database Server 9.2.0.7, 10.1.0.4, ...)
	NOT-FOR-US: Oracle
CVE-2006-1872 (Unspecified vulnerability in Oracle Database Server 9.0.1.5 and ...)
	NOT-FOR-US: Oracle
CVE-2006-1871 (SQL injection vulnerability in Oracle Database Server 9.2.0.7 and ...)
	NOT-FOR-US: Oracle
CVE-2006-1870 (Unspecified vulnerability in Oracle Database Server 8.1.7.4, 9.0.1.5, ...)
	NOT-FOR-US: Oracle
CVE-2006-1869 (Unspecified vulnerability in Oracle Database Server 8.1.7.4 and ...)
	NOT-FOR-US: Oracle
CVE-2006-1868 (Buffer overflow in the Advanced Replication component in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2006-1867 (Unspecified vulnerability in Oracle Database Server 9.2.0.6 has ...)
	NOT-FOR-US: Oracle
CVE-2006-1866 (Multiple unspecified vulnerabilities in Oracle Database Server ...)
	NOT-FOR-US: Oracle
CVE-2006-1865 (Argument injection vulnerability in Beagle before 0.2.5 allows ...)
	- beagle 0.2.6-2 (bug #365371; medium)
CVE-2006-1864 (Directory traversal vulnerability in smbfs in Linux 2.6.16 and earlier ...)
	{DSA-1103 DSA-1097-1}
	- linux-2.6 2.6.16-13
CVE-2006-1863 (Directory traversal vulnerability in CIFS in Linux 2.6.16 and earlier ...)
	{DSA-1103}
	- linux-2.6 2.6.16-10
CVE-2006-1862 (The virtual memory implementation in Linux kernel 2.6.x allows local ...)
	- linux-2.6 <not-affected> (seems to be RedHat-specific)
CVE-2006-1861 (Multiple integer overflows in FreeType before 2.2 allow remote ...)
	{DSA-1095-1}
	- freetype 2.2.1-1
CVE-2006-1860 (lease_init in fs/locks.c in Linux kernel before 2.6.16.16 allows ...)
	- linux-2.6 2.6.16-14
CVE-2006-1859 (Memory leak in __setlease in fs/locks.c in Linux kernel before ...)
	- linux-2.6 2.6.16-14
CVE-2006-1858 (SCTP in Linux kernel before 2.6.16.17 allows remote attackers to cause ...)
	{DSA-1103 DSA-1097-1}
	- linux-2.6 2.6.16-14
CVE-2006-1857 (Buffer overflow in SCTP in Linux kernel before 2.6.16.17 allows remote ...)
	{DSA-1103 DSA-1097-1}
	- linux-2.6 2.6.16-14
CVE-2006-1856 (Certain modifications to the Linux kernel 2.6.16 and earlier do not ...)
	- linux-2.6 2.6.16-12
CVE-2006-1855 (choose_new_parent in Linux kernel before 2.6.11.12 includes certain ...)
	NOTE: probably fixed before, but this is the oldest linux-2.6 in the changelog
	- linux-2.6 2.6.12-1
CVE-2006-1854 (** DISPUTED ** ...)
	NOT-FOR-US: BluePay Manager
CVE-2006-1853 (Multiple SQL injection vulnerabilities in ModernBill 4.3.2 and earlier ...)
	NOT-FOR-US: ModernBill
CVE-2006-1852 (SQL injection vulnerability in category.php in Article Publisher Pro ...)
	NOT-FOR-US: Article Publisher Pro
CVE-2006-1851 (xFlow 5.46.11 and earlier allows remote attackers to determine the ...)
	NOT-FOR-US: xFlow
CVE-2006-1850 (Multiple cross-site scripting (XSS) vulnerabilities in xFlow 5.46.11 ...)
	NOT-FOR-US: xFlow
CVE-2006-1849 (Multiple SQL injection vulnerabilities in members_only/index.cgi in ...)
	NOT-FOR-US: xFlow
CVE-2006-1848 (Multiple cross-site scripting (XSS) vulnerabilities in stats_view.php ...)
	NOT-FOR-US: LinPHA
CVE-2006-1847 (SQL injection vulnerability in the Your_Account module in PHP-Nuke 7.8 ...)
	NOT-FOR-US: PHP-Nuke
CVE-2006-1846 (Cross-site scripting (XSS) vulnerability in the Your_Account module in ...)
	NOT-FOR-US: PHP-Nuke
CVE-2006-1845
	REJECTED
	NOT-FOR-US: Microsoft Exchange
	NOTE: Duplicate of CVE-2006-0537
CVE-2006-1844 (The Debian installer for the (1) shadow 4.0.14 and (2) base-config ...)
	[sarge] - shadow 1:4.0.3-31sarge8
	[sarge] - base-config <not-affected>
	NOTE: The installer is fixed separately, but the postinst of the shadow update
	NOTE: corrects permissions of a faulty install
	NOTE: seems to be a duplicate of CVE-2006-1376
	- shadow 1:4.0.14-9 (bug #358210; bug #356939)
	- base-config 2.68 (bug #254068; low)
CVE-2006-1843 (Cross-site scripting (XSS) vulnerability in global.php in ShoutBOOK ...)
	NOT-FOR-US: ShoutBOOK
CVE-2006-1842 (Cross-site scripting (XSS) vulnerability in global.php in ShoutBOOK ...)
	NOT-FOR-US: ShoutBOOK
CVE-2006-1841 (Cross-site scripting (XSS) vulnerability in search.php in boastMachine ...)
	NOT-FOR-US: boastMachine
CVE-2006-1840 (Multiple format string vulnerabilities in Empire Server before 4.3.1 ...)
	NOT-FOR-US: Wolfpack Empire Server (vms-empire in Debian is a different game)
CVE-2006-1839 (PHP remote file inclusion vulnerability in language.php in PHP Album ...)
	NOT-FOR-US: PHP Album
CVE-2006-1838 (edit_kategorie.php in Fuju News 1.0 allows remote attackers to bypass ...)
	NOT-FOR-US: Fuju News
CVE-2006-1837 (SQL injection vulnerability in archiv2.php in Fuju News 1.0 allows ...)
	NOT-FOR-US: Fuju News
CVE-2006-1836 (Untrusted search path vulnerability in unspecified components in ...)
	NOT-FOR-US: Symantec LiveUpdate
CVE-2006-1835 (Cross-site scripting (XSS) vulnerability in yearcal.php in Calendarix ...)
	NOT-FOR-US: Calendarix
CVE-2006-1834 (Integer signedness error in Opera before 8.54 allows remote attackers ...)
	NOT-FOR-US: Opera
CVE-2006-1833 (Intel RNG Driver in NetBSD 1.6 through 3.0 may incorrectly detect the ...)
	NOT-FOR-US: NetBSD
CVE-2006-1832 (sysinfo.cgi in sysinfo 1.21 allows remote attackers to obtain the ...)
	NOT-FOR-US: sysinfo
CVE-2006-1831 (Direct static code injection vulnerability in sysinfo.cgi in sysinfo ...)
	NOT-FOR-US: sysinfo
CVE-2006-1830 (Sun Java Studio Enterprise 8, when installed as root, creates certain ...)
	NOT-FOR-US: Sun Java Studio Enterprise
CVE-2006-1829 (EAServer Manager in Sybase EAServer 5.2 and 5.3 allows remote ...)
	NOT-FOR-US: EAServer Manager in Sybase EAServer
CVE-2006-1828 (SQL injection vulnerability in php121language.php in PHP121 1.4 allows ...)
	NOT-FOR-US: PHP121
CVE-2006-1827 (Integer signedness error in format_jpeg.c in Asterisk 1.2.6 and ...)
	{DSA-1048-1}
	- asterisk 1:1.2.7.1.dfsg-1 (bug #364195; medium)
	[sarge] - asterisk 1:1.0.7.dfsg.1-2sarge2 (bug #364195; medium)
	[woody] - asterisk 0.1.11-3woody1 (bug #364195; medium)
CVE-2005-4786 (Buffer overflow in the archive decompression library (vrAZMain.dll ...)
	NOT-FOR-US: HAURI anti-virus
CVE-2006-1826 (Multiple cross-site scripting (XSS) vulnerabilities in Snipe Gallery ...)
	NOT-FOR-US: Snipe Gallery
CVE-2006-1825 (Cross-site scripting (XSS) vulnerability in index.php in phpLinks ...)
	NOT-FOR-US: phpLinks
CVE-2006-1824 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
	NOT-FOR-US: PhpGuestbook
CVE-2006-1823 (Directory traversal vulnerability in FarsiNews 2.5.3 Pro and earlier ...)
	NOT-FOR-US: FarsiNews
CVE-2006-1822 (Cross-site scripting (XSS) vulnerability in search.php in FarsiNews ...)
	NOT-FOR-US: FarsiNews
CVE-2006-1821 (Directory traversal vulnerability in index.php in ModX 0.9.1 allows ...)
	NOT-FOR-US: ModX CMS
CVE-2006-1820 (Cross-site scripting (XSS) vulnerability in index.php in ModX 0.9.1 ...)
	NOT-FOR-US: ModX CMS
CVE-2006-1819 (Directory traversal vulnerability in the loadConfig function in ...)
	NOT-FOR-US: phpWebSite
CVE-2006-1818 (Multiple cross-site scripting (XSS) vulnerabilities in warforge.NEWS ...)
	NOT-FOR-US: warforge.NEWS
CVE-2006-1817 (SQL injection vulnerability in authcheck.php in warforge.NEWS 1.0, ...)
	NOT-FOR-US: warforge.NEWS
CVE-2006-1816 (PHP remote file inclusion vulnerability in VBulletin 3.5.1, 3.5.2, and ...)
	NOT-FOR-US: VBulletin
CVE-2006-1815 (Multiple cross-site scripting (XSS) vulnerabilities in register.php in ...)
	NOT-FOR-US: Tritanium Bulletin Board
CVE-2006-1814 (NetBSD 1.6, 2.0, 2.1 and 3.0 allows local users to cause a denial of ...)
	NOT-FOR-US: NetBSD kernel
CVE-2006-1813 (Directory traversal vulnerability in index.php in phpWebFTP 3.2 and ...)
	NOT-FOR-US: phpWebFTP
CVE-2006-1812 (phpWebFTP 3.2 and earlier stores script.js under the web document root ...)
	NOT-FOR-US: phpWebFTP
CVE-2006-1811 (Multiple SQL injection vulnerabilities in FlexBB 0.5.5 BETA allow ...)
	NOT-FOR-US: FlexBB
CVE-2006-1810 (Multiple cross-site scripting (XSS) vulnerabilities in FlexBB 0.5.5 ...)
	NOT-FOR-US: FlexBB
CVE-2006-1809 (index.php in Lifetype 1.0.3 allows remote attackers to obtain ...)
	NOT-FOR-US: Lifetype
CVE-2006-1808 (Cross-site scripting (XSS) vulnerability in index.php in Lifetype ...)
	NOT-FOR-US: Lifetype
CVE-2006-1807 (Multiple SQL injection vulnerabilities in index.php in Musicbox 2.3.3 ...)
	NOT-FOR-US: Musicbox
CVE-2006-1806 (Cross-site scripting (XSS) vulnerability in index.php in Musicbox ...)
	NOT-FOR-US: Musicbox
CVE-2006-1805 (SQL injection vulnerability in member.php in PowerClan 1.14 allows ...)
	NOT-FOR-US: PowerClan
CVE-2006-1804 (SQL injection vulnerability in sql.php in phpMyAdmin 2.7.0-pl1 allows ...)
	- phpmyadmin 4:2.8.1-1 (bug #363519; low)
	[sarge] - phpmyadmin <not-affected>
CVE-2006-1803 (Cross-site scripting (XSS) vulnerability in sql.php in phpMyAdmin ...)
	- phpmyadmin 4:2.8.1-1 (bug #363519; low)
	[sarge] - phpmyadmin <not-affected> (CSRF code not present in Sarge, too intrusive to backport)
	NOTE: maintainer considers this not-affected.
CVE-2006-1802 (Cross-site scripting (XSS) vulnerability in index.php in ...)
	NOT-FOR-US: TinyWebGallery
CVE-2006-1801 (Cross-site scripting (XSS) vulnerability in planetsearchplus.php in ...)
	NOT-FOR-US: planetSearch+
CVE-2006-1800 (Directory traversal vulnerability in posts.php in SimpleBBS 1.0.6 ...)
	NOT-FOR-US: SimpleBBS
CVE-2006-1799 (censtore.cgi in Censtore 7.3.002 and earlier allows remote attackers ...)
	NOT-FOR-US: Censtore
CVE-2006-1798 (SQL injection vulnerability in rateit.php in RateIt 2.2 allows remote ...)
	NOT-FOR-US: RateIt
CVE-2006-1797 (The kernel in NetBSD-current before September 28, 2005 allows local ...)
	NOT-FOR-US: NetBSD kernel
CVE-2006-1796 (Cross-site scripting (XSS) vulnerability in the paging links ...)
	- wordpress 2.0.1 (bug #328909)
CVE-2006-1795 (Cross-site scripting (XSS) vulnerability in tablepublisher.cgi in UPDI ...)
	NOT-FOR-US: UPDI Network Enterprise
CVE-2006-1794 (SQL injection vulnerability in Mambo 4.5.3, 4.5.3h, and possibly ...)
	NOTE: only in experimental
	- mambo 4.5.3h-1 (bug #354468)
CVE-2006-1793 (Directory traversal vulnerability in runCMS 1.2 and earlier allows ...)
	NOT-FOR-US: runCMS
CVE-2006-1792 (Unspecified vulnerability in the POP service in MailEnable Standard ...)
	NOT-FOR-US: MailEnable
CVE-2006-1791 (Directory traversal vulnerability in acc.php in QuickBlogger 1.4 ...)
	NOT-FOR-US: QuickBlogger
CVE-2006-1790 (A regression fix in Mozilla Firefox 1.0.7 allows remote attackers to ...)
	{DSA-1051-1 DSA-1046-1}
	- firefox 1.5
	- mozilla-firefox <not-affected> (problematic fix not backported into 1.0.4-2sarge5)
	[sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8
	- thunderbird 1.5.0.2-1
	- mozilla 2:1.7.13-0.1
CVE-2005-4785 (Cross-site scripting (XSS) vulnerability in QuickBlogger 1.4 and ...)
	NOT-FOR-US: QuickBlogger
CVE-2006-1789 (Directory traversal vulnerability in pajax_call_dispatcher.php in ...)
	NOT-FOR-US: pajax
CVE-2006-1788 (Adobe Document Server for Reader Extensions 6.0, during log on, ...)
	NOT-FOR-US: Adobe
CVE-2006-1787 (Adobe Document Server for Reader Extensions 6.0 includes a user's ...)
	NOT-FOR-US: Adobe
CVE-2006-1786 (Cross-site scripting (XSS) vulnerability in Adobe Document Server for ...)
	NOT-FOR-US: Adobe
CVE-2006-1785 (Adobe Document Server for Reader Extensions 6.0 allows remote ...)
	NOT-FOR-US: Adobe
CVE-2006-1784 (PHP remote file inclusion vulnerability in admin/configset.php in ...)
	NOT-FOR-US: Sphider
CVE-2006-1783 (Cross-site scripting (XSS) vulnerability in PatroNet CMS allows remote ...)
	NOT-FOR-US: PatroNet CMS
CVE-2006-1782 (Unspecified vulnerability in Solaris 8 and 9 allows local users to ...)
	NOT-FOR-US: Sun Solaris
CVE-2006-1781 (PHP remote file inclusion vulnerability in functions.php in Circle R ...)
	NOT-FOR-US: Circle R Monster Top List
CVE-2006-1780 (The Bourne shell (sh) in Solaris 8, 9, and 10 allows local users to ...)
	NOT-FOR-US: Sun Solaris
CVE-2006-1779 (Cross-site scripting (XSS) vulnerability in login.php in Jeremy ...)
	NOT-FOR-US: Simplog
CVE-2006-1778 (Multiple SQL injection vulnerabilities in Jeremy Ashcraft Simplog ...)
	NOT-FOR-US: Simplog
CVE-2006-1777 (Directory traversal vulnerability in doc/index.php in Jeremy Ashcraft ...)
	NOT-FOR-US: Simplog
CVE-2006-1776 (PHP remote file inclusion vulnerability in doc/index.php in Jeremy ...)
	NOT-FOR-US: Simplog
CVE-2006-1775 (Multiple cross-site scripting (XSS) vulnerabilities in phpBB 2.0.19 ...)
	- phpbb2 <unfixed> (unimportant)
	NOTE: Only exploitable by authenticated admin users
CVE-2006-1774 (HP System Management Homepage (SMH) 2.1.3.132, when running on ...)
	NOT-FOR-US: HP System Management Homepage
CVE-2006-1773 (SQL injection vulnerability in include.php in PHPKIT 1.6.1 Release 2 ...)
	NOT-FOR-US: PHPKIT
CVE-2006-1772 (debconf in Debian GNU/Linux, when configuring mnogosearch in the ...)
	- mnogosearch 3.2.37-3.1 (bug #361775)
	[sarge] - mnogosearch <no-dsa> (Minor issue)
CVE-2006-1771 (Directory traversal vulnerability in misc in pbcs.dll in SAXoTECH ...)
	NOT-FOR-US: SAXoPRESS
CVE-2006-1770 (Multiple PHP remote file inclusion vulnerabilities in Azerbaijan ...)
	NOT-FOR-US: AzDGVote
CVE-2006-1769 (Multiple cross-site scripting (XSS) vulnerabilities in UserLand Manila ...)
	NOT-FOR-US: UserLand Manila
CVE-2006-1768 (Multiple cross-site scripting (XSS) vulnerabilities in register.php in ...)
	NOT-FOR-US: Tritanium Bulletin Board
CVE-2006-1767 (Multiple PHP remote file inclusion vulnerabilities in nicecoder.com ...)
	NOT-FOR-US: INDEXU
CVE-2006-1766 (Multiple SQL injection vulnerabilities in Papoo 2.1.5, and 3 beta1 and ...)
	NOT-FOR-US: Papoo
CVE-2006-1765 (Cross-site scripting (XSS) vulnerability in index.php in JBook 1.3 ...)
	NOT-FOR-US: JBook
CVE-2006-1764 (Hosting Controller 6.1 stores forum/db/forum.mdb under the web ...)
	NOT-FOR-US: Hosting Controller
CVE-2006-1763 (Multiple SQL injection vulnerabilities in index.php in blur6ex 0.3.452 ...)
	NOT-FOR-US: blur6ex
CVE-2006-1762 (Directory traversal vulnerability in index.php in blur6ex 0.3.452 ...)
	NOT-FOR-US: blur6ex
CVE-2006-1761 (Cross-site scripting vulnerability in index.php in blur6ex 0.3.452 ...)
	NOT-FOR-US: blur6ex
CVE-2006-1760 (Multiple cross-site scripting (XSS) vulnerabilities in JetPhoto allow ...)
	NOT-FOR-US: JetPhoto
CVE-2006-1759 (Cross-site scripting (XSS) vulnerability in allgemein_transfer.php in ...)
	NOT-FOR-US: SWSoft Confixx
CVE-2006-1758 (SQL injection vulnerability in index.php in Vegadns 0.99 allows remote ...)
	NOT-FOR-US: Vegadns
CVE-2006-1757 (Cross-site scripting (XSS) vulnerability in index.php in Vegadns 0.99 ...)
	NOT-FOR-US: Vegadns
CVE-2006-1756 (MD News 1 allows remote attackers to bypass authentication via a ...)
	NOT-FOR-US: MD News 1
CVE-2006-1755 (SQL injection vulnerability in admin.php in MD News 1 allows remote ...)
	NOT-FOR-US: MD News 1
CVE-2006-1754 (SQL injection vulnerability in index.php in SWSoft Confixx 3.0.6, ...)
	NOT-FOR-US: SWSoft Confixx
CVE-2006-1753 (A cron job in fcheck before 2.7.59 allows local users to overwrite ...)
	{DSA-1035-1}
	- fcheck 2.7.59-8
CVE-2006-1752 (Multiple cross-site scripting (XSS) vulnerabilities in the backend in ...)
	NOT-FOR-US: MvBlog
CVE-2006-1751 (Multiple SQL injection vulnerabilities in MvBlog before 1.6 allow ...)
	NOT-FOR-US: MvBlog
CVE-2006-1750 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...)
	NOT-FOR-US: Autogallery
CVE-2006-1749 (PHP remote file inclusion vulnerability in config.php in phpListPro ...)
	NOT-FOR-US: phpListPro
CVE-2006-1748 (Cross-site scripting (XSS) vulnerability in XMB Forum 1.9.5 allows ...)
	NOT-FOR-US: XMB Forum
CVE-2006-1747 (PHP remote file inclusion vulnerability in Virtual War (VWar) 1.5.0 ...)
	NOT-FOR-US: Virtual War
CVE-2006-1746 (Directory traversal vulnerability in PHPList 2.10.2 and earlier allows ...)
	NOT-FOR-US: PHPList
CVE-2006-1745 (Cross-site scripting (XSS) vulnerability in login.php in Bitweaver 1.3 ...)
	NOT-FOR-US: Bitweaver
CVE-2006-1743 (Multiple SQL injection vulnerabilities in form.php in JBook 1.4 allow ...)
	NOT-FOR-US: JBook
CVE-2006-1742 (The JavaScript engine in Mozilla Firefox and Thunderbird 1.x before ...)
	{DSA-1051-1 DSA-1046-1 DSA-1044-1}
	- firefox 1.5.dfsg+1.5.0.2-2 (medium)
	- mozilla-firefox 1.5.dfsg+1.5.0.2-2 (medium)
	- mozilla 2:1.7.13-0.1 (medium)
	- thunderbird 1.5.0.2-1 (low)
	[sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8 (low)
	- xulrunner 1.8.0.1-9
	NOTE: The Mozilla Foundation labels this as "critical", but it's not
	NOTE: clear if this bug is exploitable.
CVE-2006-1741 (Mozilla Firefox 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite ...)
	{DSA-1051-1 DSA-1046-1 DSA-1044-1}
	- firefox 1.5.dfsg+1.5.0.2-2 (medium)
	- mozilla-firefox 1.5.dfsg+1.5.0.2-2 (medium)
	- mozilla 2:1.7.13-0.1 (medium)
	- thunderbird 1.5.0.2-1 (low)
	[sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8 (low)
CVE-2006-1740 (Mozilla Firefox 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite ...)
	{DSA-1051-1 DSA-1046-1 DSA-1044-1}
	- firefox 1.5.dfsg+1.5.0.2-2 (low)
	- mozilla-firefox 1.5.dfsg+1.5.0.2-2 (low)
	- mozilla 2:1.7.13-0.1 (low)
	- thunderbird 1.5.0.2-1 (low)
	[sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8 (low)
CVE-2006-1739 (The CSS border-rendering code in Mozilla Firefox and Thunderbird 1.x ...)
	{DSA-1051-1 DSA-1046-1 DSA-1044-1}
	- firefox 1.5.dfsg+1.5.0.2-2 (medium)
	- mozilla-firefox 1.5.dfsg+1.5.0.2-2 (medium)
	- mozilla 2:1.7.13-0.1 (medium)
	- thunderbird 1.5.0.2-1 (low)
	[sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8 (low)
CVE-2006-1738 (Unspecified vulnerability in Mozilla Firefox and Thunderbird 1.x ...)
	{DSA-1051-1 DSA-1046-1 DSA-1044-1}
	- firefox 1.5.dfsg+1.5.0.2-2 (medium)
	- mozilla-firefox 1.5.dfsg+1.5.0.2-2 (medium)
	- mozilla 2:1.7.13-0.1 (medium)
	- thunderbird 1.5.0.2-1 (low)
	[sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8 (low)
CVE-2006-1737 (Integer overflow in Mozilla Firefox and Thunderbird 1.x before 1.5 and ...)
	{DSA-1051-1 DSA-1046-1 DSA-1044-1}
	- firefox 1.5.dfsg+1.5.0.2-2 (medium)
	- mozilla-firefox 1.5.dfsg+1.5.0.2-2 (medium)
	- mozilla 2:1.7.13-0.1 (medium)
	- thunderbird 1.5.0.2-1 (low)
	[sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8 (low)
CVE-2006-1736 (Mozilla Firefox 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite ...)
	{DSA-1051-1 DSA-1046-1 DSA-1044-1}
	- firefox 1.5.dfsg+1.5.0.2-2 (low)
	- mozilla-firefox 1.5.dfsg+1.5.0.2-2 (low)
	- mozilla 2:1.7.13-0.1 (low)
	[sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8
CVE-2006-1735 (Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, ...)
	{DSA-1051-1 DSA-1046-1 DSA-1044-1}
	- firefox 1.5.dfsg+1.5.0.2-2 (high)
	- mozilla-firefox 1.5.dfsg+1.5.0.2-2 (high)
	- mozilla 2:1.7.13-0.1 (high)
	- thunderbird 1.5.0.2-1 (medium)
	[sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8 (medium)
CVE-2006-1734 (Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, ...)
	{DSA-1051-1 DSA-1046-1 DSA-1044-1}
	- firefox 1.5.dfsg+1.5.0.2-2 (high)
	- mozilla-firefox 1.5.dfsg+1.5.0.2-2 (high)
	- mozilla 2:1.7.13-0.1 (high)
	- thunderbird 1.5.0.2-1 (medium)
	[sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8 (medium)
CVE-2006-1733 (Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, ...)
	{DSA-1051-1 DSA-1046-1 DSA-1044-1}
	- firefox 1.5.dfsg+1.5.0.2-2 (high)
	- mozilla-firefox 1.5.dfsg+1.5.0.2-2 (high)
	- mozilla 2:1.7.13-0.1 (high)
	- thunderbird 1.5.0.2-1 (medium)
	[sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8 (medium)
CVE-2006-1732 (Unspecified vulnerability in Mozilla Firefox and Thunderbird 1.x ...)
	{DSA-1051-1 DSA-1046-1 DSA-1044-1}
	- firefox 1.5.dfsg+1.5.0.2-2 (medium)
	- mozilla-firefox 1.5.dfsg+1.5.0.2-2 (medium)
	- mozilla 2:1.7.13-0.1 (medium)
	- thunderbird 1.5.0.2-1 (low)
	[sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8 (low)
	- xulrunner 1.8.0.1-9
CVE-2006-1731 (Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, ...)
	{DSA-1051-1 DSA-1046-1 DSA-1044-1}
	- firefox 1.5.dfsg+1.5.0.2-2 (medium)
	- mozilla-firefox 1.5.dfsg+1.5.0.2-2 (medium)
	- mozilla 2:1.7.13-0.1 (medium)
	- thunderbird 1.5.0.2-1 (low)
	[sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8 (low)
CVE-2006-1730 (Integer overflow in Mozilla Firefox and Thunderbird 1.x before 1.5.0.2 ...)
	{DSA-1051-1 DSA-1046-1 DSA-1044-1}
	- firefox 1.5.dfsg+1.5.0.2-1 (high)
	- mozilla-firefox 1.5.dfsg+1.5.0.2-1 (high)
	- mozilla 2:1.7.13-0.1 (high)
	- thunderbird 1.5.0.2-1 (medium)
	[sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8 (medium)
	NOTE: MFSA2006-22 says that it is not clear whether Thunderbird is
	NOTE: exploitable in the default configuration.
	- xulrunner 1.8.0.1-9
CVE-2006-1729 (Mozilla Firefox 1.x before 1.5.0.2 and 1.0.x before 1.0.8, Mozilla ...)
	{DSA-1134-1 DSA-1051-1 DSA-1046-1 DSA-1044-1}
	- firefox 1.5.dfsg+1.5.0.2-1 (medium)
	- mozilla-firefox 1.5.dfsg+1.5.0.2-1 (medium)
	- mozilla 2:1.7.13-0.1 (medium)
	[sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8 (medium)
	- xulrunner 1.8.0.1-9
	NOTE: Can likely be used to steal OpenSSH keys and the like.
CVE-2006-1728 (Unspecified vulnerability in Mozilla Firefox and Thunderbird 1.x ...)
	{DSA-1051-1 DSA-1046-1 DSA-1044-1}
	- firefox 1.5.dfsg+1.5.0.2-1 (high)
	- mozilla-firefox 1.5.dfsg+1.5.0.2-1 (high)
	- mozilla <unfixed> (high)
	- thunderbird 1.5.0.2-1 (medium)
	[sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8 (medium)
	- xulrunner 1.8.0.1-9
CVE-2006-1727 (Unspecified vulnerability in Mozilla Firefox and Thunderbird 1.x ...)
	{DSA-1051-1 DSA-1046-1 DSA-1044-1}
	- firefox 1.5.dfsg+1.5.0.2-1 (medium)
	- mozilla-firefox 1.5.dfsg+1.5.0.2-1 (medium)
	- mozilla 2:1.7.13-0.1 (medium)
	- thunderbird 1.5.0.2-1 (medium)
	[sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8 (medium)
	- xulrunner 1.8.0.1-9
	NOTE: If print preview (and this bug) can be triggered from JavaScript,
	NOTE: the urgency should probably be raised.
CVE-2006-1726 (Unspecified vulnerability in Firefox and Thunderbird 1.5 before ...)
	- firefox 1.5.dfsg+1.5.0.2-1 (high)
	- thunderbird 1.5.0.2-1 (medium)
	- xulrunner 1.8.0.1-9
	NOTE: New bug in Firefox 1.5.
CVE-2006-1725 (Mozilla Firefox 1.5 before 1.5.0.2 and SeaMonkey before 1.0.1 causes ...)
	- firefox 1.5.dfsg+1.5.0.2-1 (low)
	- xulrunner 1.8.0.1-9
	NOTE: New bug in Firefox 1.5.
CVE-2006-1724 (Unspecified vulnerability in Firefox and Thunderbird before 1.5.0.2, ...)
	{DSA-1051-1 DSA-1046-1 DSA-1044-1}
	- firefox 1.5.dfsg+1.5.0.2-1 (medium)
	- mozilla <unfixed> (medium)
	- thunderbird 1.5.0.2-1 (low)
	[sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8 (low)
	- xulrunner 1.8.0.1-9
	NOTE: MFSA2006-20 says exploitability has not been confirmed.
	NOTE: Thunderbird is potentially affected as well, but not in the
	NOTE: default configuration.
CVE-2006-1723 (Unspecified vulnerability in Firefox and Thunderbird before 1.5.0.2, ...)
	{DSA-1051-1 DSA-1046-1}
	- firefox 1.5.dfsg+1.5.0.2 (medium)
	[sarge] - mozilla-firefox <no-dsa> (Mozilla products from Sarge no longer supported)
	- mozilla <unfixed> (medium)
	- thunderbird 1.5.0.2-1 (low)
	- xulrunner 1.8.0.1-9
	NOTE: This is probably: https://bugzilla.mozilla.org/show_bug.cgi?id=320459
CVE-2006-1722 (Cross-site scripting (XSS) vulnerability in suche.htm in ShopXS 4.0 ...)
	NOT-FOR-US: ShopXS
CVE-2006-1721 (digestmd5.c in the CMU Cyrus Simple Authentication and Security Layer ...)
	{DSA-1042-1}
	- cyrus-sasl2 2.1.19.dfsg1-0.2 (bug #361937; low)
	- cyrus-sasl2-mit <not-affected> (does not install digest-md5)
CVE-2006-1720 (Cross-site scripting (XSS) vulnerability in search.php in SaphpLesson ...)
	NOT-FOR-US: SaphpLesson
CVE-2006-1719 (Internet Explorer 6 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Internet Explorer
CVE-2006-1718 (Magus Perde Clever Copy 3.0 and earlier stores sensitive information ...)
	NOT-FOR-US: Clever Copy
CVE-2006-1717 (Cross-site scripting (XSS) vulnerability in newthread.php in MyBB (aka ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2006-1716 (Cross-site scripting (XSS) vulnerability in inc/functions_post.php in ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2006-1715 (Multiple directory traversal vulnerabilities in Christian Kindahl ...)
	NOT-FOR-US: TUGZip
CVE-2006-1714 (CRLF injection vulnerability in index.php in Christoph Roeder ...)
	NOT-FOR-US: phpMyForum
CVE-2006-1713 (Cross-site scripting (XSS) vulnerability in index.php in Christoph ...)
	NOT-FOR-US: phpMyForum
CVE-2006-1710 (SQL injection vulnerability in admin.php in Design Nation DNGuestbook ...)
	NOT-FOR-US: DNGuestbook
CVE-2005-4784 (Multiple buffer overflows in the POSIX readdir_r function, as used in ...)
	NOTE: this does not affect linux
CVE-2005-4783 (kernfs_xread in kernfs_vnops.c in NetBSD before 20050831 does not ...)
	NOT-FOR-US: NetBSD
CVE-2005-4782 (NetBSD 2.0 before 2.0.4, 2.1 before 2.1.1, and 3, when the kernel is ...)
	NOT-FOR-US: NetBSD
CVE-2005-4781 (Multiple SQL injection vulnerabilities in SergiDs Top Music module 3.0 ...)
	NOT-FOR-US: SergiD Top Music module
CVE-2005-4780 (** DISPUTED ** ...)
	NOT-FOR-US: LightHouse CMS
CVE-2005-4779 (verifiedexecioctl in verified_exec.c in NetBSD 2.0.2 calls NDINIT with ...)
	NOT-FOR-US: NetBSD
CVE-2005-4778 (The powersave daemon in SUSE Linux 10.0 before 20051007 has an ...)
	- powersave 0.12.7-1
	NOTE: https://bugzilla.novell.com/show_bug.cgi?id=119628&x=18&y=11&=Find
CVE-2005-4777 (Tashcom ASPEdit 2.9 stores the administration password (aka the FTP ...)
	NOT-FOR-US: Tashcom ASPEdit
CVE-2005-4776 (Integer overflow in the FreeBSD compatibility code (freebsd_misc.c) in ...)
	NOT-FOR-US: NetBSD
CVE-2005-4775 (Michael Scholz and Sebastian Stein Contineo 2.0, when the admin ...)
	NOT-FOR-US: Contineo
CVE-2005-4774 (Cross-site scripting (XSS) vulnerability in Xerver 4.17 allows remote ...)
	NOT-FOR-US: Xerver
CVE-2005-4773 (The configuration of VMware ESX Server 2.x, 2.0.x, 2.1.x, and 2.5.x ...)
	NOT-FOR-US: VMware
CVE-2004-2656 (Multiple cross-site scripting (XSS) vulnerabilities in Slashdot Like ...)
	- slash <not-affected> (Vulnerable code introduced in 2002, while Debian's is older!, see #390469)
CVE-2006-1744 (Buffer overflow in pl_main.c in sail in BSDgames before 2.17-7 allows ...)
	{DSA-1036-1}
	- bsdgames 2.17-7 (bug #360989)
CVE-2006-1712 (Cross-site scripting (XSS) vulnerability in the private archive script ...)
	- mailman 0:2.1.7-2.1.8rc1-1
	[sarge] - mailman <not-affected> (Only affects Mailman 2.1.7)
CVE-2006-1711 (Plone 2.0.5, 2.1.2, and 2.5-beta1 does not restrict access to the (1) ...)
	{DSA-1032-1}
	- zope-cmfplone 2.1.2-2
CVE-2006-1709 (Cross-site scripting (XSS) vulnerability in shop_main.cgi in ...)
	NOT-FOR-US: interaktiv.shop
CVE-2006-1708 (SQL injection vulnerability in member.php in Clansys 1.1 allows remote ...)
	NOT-FOR-US: Clansys
CVE-2006-1707 (index.php in Shopweezle 2.0 allows remote attackers to include ...)
	NOT-FOR-US: Shopweezle
CVE-2006-1706 (Multiple SQL injection vulnerabilities in Shopweezle 2.0 allow remote ...)
	NOT-FOR-US: Shopweezle
CVE-2006-1705 (Oracle Database 9.2.0.0 to 10.2.0.3 allows local users with &quot;SELECT&quot; ...)
	NOT-FOR-US: Oracle
CVE-2006-1704 (Sire 2.0 nws allows remote attackers to upload arbitrary image files ...)
	NOT-FOR-US: Sire 2.0 nws
CVE-2006-1703 (PHP remote file inclusion vulnerability in lire.php in Sire 2.0 nws ...)
	NOT-FOR-US: Sire 2.0 nws
CVE-2006-1702 (PHP remote file inclusion vulnerability in spip_login.php3 in SPIP ...)
	NOT-FOR-US: SPIP
CVE-2006-1701 (Cross-site scripting (XSS) vulnerability in the Pages module in ...)
	NOT-FOR-US: Shadowed Portal
CVE-2006-1700 (Buy.php in Aweb Scripts Seller uses predictable cookies for ...)
	NOT-FOR-US: Aweb Scripts Seller
CVE-2006-1699 (Cross-site scripting (XSS) vulnerability in index.php in Aweb Banner ...)
	NOT-FOR-US: Aweb Banner
CVE-2006-1698 (Cross-site scripting (XSS) vulnerability in Matt Wright Guestbook ...)
	NOT-FOR-US: Matt Wright Guestbook
CVE-2006-1697 (Cross-site scripting (XSS) vulnerability in Matt Wright Guestbook ...)
	NOT-FOR-US: Matt Wright Guestbook
CVE-2006-1696 (Cross-site scripting (XSS) vulnerability in Gallery before 1.5.3 ...)
	- gallery 1.5.3-1 (bug #361758)
CVE-2006-1695 (The fbgs script in the fbi package 2.01-1.4, when the TMPDIR ...)
	{DSA-1068-1}
	- fbi 2.05-1 (bug #361370)
CVE-2006-1694 (SQL injection vulnerability in members.php in XBrite Members 1.1 and ...)
	NOT-FOR-US: XBrite Members
CVE-2006-1693 (Unspecified vulnerability in GlobalSCAPE Secure FTP Server before ...)
	NOT-FOR-US: GlobalSCAPE Secure FTP Server
CVE-2006-1692 (Multiple SQL injection vulnerabilities in MWNewsletter 1.0.0b allow ...)
	NOT-FOR-US: MWNewsletter
CVE-2006-1691 (SQL injection vulnerability in MWNewsletter 1.0.0b allows remote ...)
	NOT-FOR-US: MWNewsletter
CVE-2006-1690 (Cross-site scripting (XSS) vulnerability in subscribe.php in ...)
	NOT-FOR-US: MWNewsletter
CVE-2006-1689 (Unspecified vulnerability in su in HP HP-UX B.11.11, when using the ...)
	NOT-FOR-US: HP-UX
CVE-2006-1688 (Multiple PHP remote file inclusion vulnerabilities in SQuery 4.5 and ...)
	NOT-FOR-US: SQuery / Autonomous LAN party
CVE-2006-1687 (Cross-site scripting (XSS) vulnerability in APT-webshop-system 4.0 ...)
	NOT-FOR-US: APT-webshop-system
CVE-2006-1686 (Unspecified vulnerability in modules.php in APT-webshop-system 4.0 ...)
	NOT-FOR-US: APT-webshop-system
CVE-2006-1685 (Multiple SQL injection vulnerabilities in modules.php in ...)
	NOT-FOR-US: APT-webshop-system
CVE-2006-1684 (Unspecified vulnerability in ecotwo Shopsystem 1.0-192 and earlier ...)
	NOT-FOR-US: ecotwo Shopsystem
CVE-2006-1683 (SQL injection vulnerability in admin/login.php in Chipmunk Guestbook ...)
	NOT-FOR-US: Chipmunk Guestbook
CVE-2006-1682 (Cross-site scripting (XSS) vulnerability in webplus.exe in TalentSoft ...)
	NOT-FOR-US: TalentSoft Web+Shop
CVE-2006-1681 (Cross-site scripting (XSS) vulnerability in Cherokee HTTPD 0.5 and ...)
	- cherokee 0.5.1-1
CVE-2006-1680 (Jupiter CMS 1.1.5, when display_errors is enabled, allows remote ...)
	NOT-FOR-US: Jupiter CMS
CVE-2006-1679 (Cross-site scripting (XSS) vulnerability in modules/online.php in ...)
	NOT-FOR-US: Jupiter CMS
CVE-2006-1678 (Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin ...)
	{DSA-1207-1}
	- phpmyadmin 4:2.8.0.3-1 (bug #362567)
CVE-2006-1677 (MAXdev MDPro 1.0.73 and 1.0.72, and possibly other versions before ...)
	NOT-FOR-US: MAXdev MD-Pro
CVE-2006-1676 (SQL injection vulnerability in the display function in the Topics ...)
	NOT-FOR-US: MAXdev MD-Pro
CVE-2006-1675 (Multiple cross-site scripting (XSS) vulnerabilities in PHPWebGallery ...)
	NOT-FOR-US: PHPWebGallery
CVE-2006-1674 (Cross-site scripting (XSS) vulnerability in search.php in ...)
	NOT-FOR-US: PHPWebGallery
CVE-2006-1673 (Cross-site scripting (XSS) vulnerability in vbugs.php in Dark_Wizard ...)
	NOT-FOR-US: Dark_Wizard vBug Tracker
CVE-2006-1672 (The installation of Cisco Transport Controller (CTC) for Cisco Optical ...)
	NOT-FOR-US: Cisco
CVE-2006-1671 (Control cards for Cisco Optical Networking System (ONS) 15000 series ...)
	NOT-FOR-US: Cisco
CVE-2006-1670 (Control cards for Cisco Optical Networking System (ONS) 15000 series ...)
	NOT-FOR-US: Cisco
CVE-2006-1669 (SQL injection vulnerability in chat/messagesL.php3 in phpHeaven Team ...)
	NOT-FOR-US: PHPMyChat
CVE-2006-1668 (newimage.php in Eric Gerdes Crafty Syntax Image Gallery (CSIG) (aka ...)
	NOT-FOR-US: Crafty Syntax Image Gallery
CVE-2006-1667 (SQL injection vulnerability in slides.php in Eric Gerdes Crafty Syntax ...)
	NOT-FOR-US: Crafty Syntax Image Gallery
CVE-2006-1666 (SQL injection vulnerability in forum.php in Arab Portal 2.0.1 stable ...)
	NOT-FOR-US: Arab Portal
CVE-2006-1665 (Multiple cross-site scripting (XSS) vulnerabilities in Arab Portal ...)
	NOT-FOR-US: Arab Portal
CVE-2006-1664 (Buffer overflow in xine_list_delete_current in libxine 1.14 and ...)
	- xine-lib <not-affected> (Not reproducible with Debian version, see bug #363127)
CVE-2006-1663
	REJECTED
CVE-2006-1662 (The frontpage option in Limbo CMS 1.0.4.2 and 1.0.4.1 allows remote ...)
	NOT-FOR-US: Limbo CMS
CVE-2006-1661 (Multiple cross-site scripting (XSS) vulnerabilities in SKForum 1.5 and ...)
	NOT-FOR-US: SKForum
CVE-2006-1660 (Cross-site scripting (XSS) vulnerability in image_desc.php in Softbiz ...)
	NOT-FOR-US: Softbiz Image Gallery
CVE-2006-1659 (Multiple SQL injection vulnerabilities in Softbiz Image Gallery allow ...)
	NOT-FOR-US: Softbiz Image Gallery
CVE-2006-1658 (Direct static code injection vulnerability in ticker.db.php in Chucky ...)
	NOT-FOR-US: Chucky A. Ivey N.T.
CVE-2006-1657 (Cross-site scripting (XSS) vulnerability in index.php in Chucky ...)
	NOT-FOR-US: Chucky A. Ivey N.T.
CVE-2005-4772 (liby2util in Yet another Setup Tool (YaST) in SUSE Linux before ...)
	NOT-FOR-US: YaST
CVE-2005-4771 (Trusted Mobility Agent PC Policy in Trust Digital Trusted Mobility ...)
	NOT-FOR-US: Trusted Mobility Agent
CVE-2005-4770 (SQL injection vulnerability in an unspecified Accelerated Enterprise ...)
	NOT-FOR-US: Accelerated E Solutions
CVE-2005-4769 (SQL injection vulnerability in addrbook.php in Belchior Foundry vCard ...)
	NOT-FOR-US: Belchior Foundry vCard
CVE-2005-4768 (SQL injection vulnerability in manage_account.php in Tux Racer TuxBank ...)
	NOT-FOR-US: Tux Racer TuxBank
CVE-2004-2655 (rdesktop 1.3.1 with xscreensaver 4.14, and possibly other versions, ...)
	- xscreensaver 4.18-1 (low)
CVE-2006-XXXX [linphone insecure password leakage]
	- linphone 1.3.5-1 (bug #361913)
CVE-2006-1656 (vserver in util-vserver 0.30.209 executes a command as root when the ...)
	- util-vserver 0.30.210-1 (bug #360438; unimportant)
CVE-2006-1655 (Multiple buffer overflows in mpg123 0.59r allow user-assisted ...)
	{DSA-1074-1}
	- mpg123 0.59r-22 (bug #361863; unknown)
CVE-2006-1654 (Directory traversal vulnerability in the HP Color LaserJet 2500 ...)
	NOT-FOR-US: HP Colour LaserJet 2500 and 4600 Toolbox
CVE-2006-1653 (PHP remote file inclusion vulnerability in loadkernel.php in ...)
	NOT-FOR-US: AngelineCMS
CVE-2006-1652 (Multiple buffer overflows in (a) UltraVNC (aka Ultr@VNC) 1.0.1 and ...)
	NOT-FOR-US: UltraVNC
CVE-2006-1651 (** DISPUTED ** ...)
	NOT-FOR-US: MS ISA
CVE-2006-1650 (Firefox 1.5.0.1 allows remote attackers to spoof the address bar and ...)
	NOTE: other reports indicate that Firefox is not vulnerable
CVE-2006-1649 (The &quot;restore to&quot; selection in the &quot;quarantine a file&quot; capability of ...)
	NOT-FOR-US: Eset Software NOD32 Antivirus 2.5
CVE-2006-1648 (SMART SynchronEyes Student and Teacher 6.0, and possibly earlier ...)
	NOT-FOR-US: SMART SynchronEyes
CVE-2006-1647 (An unspecified &quot;logical programming mistake&quot; in SMART SynchronEyes ...)
	NOT-FOR-US: SMART SynchronEyes
CVE-2006-1646 (The Internet Key Exchange version 1 (IKEv1) implementation ...)
	NOT-FOR-US: This is a slightly different racoon version, the Linux fork in Debian was already addressed in CVE-2005-3732
CVE-2006-1645 (Cross-site scripting (XSS) vulnerability in Anton Vlasov and Rostislav ...)
	NOT-FOR-US: ReloadCMS
CVE-2006-1644 (login.php in Interact 2.1.1 generates different responses depending on ...)
	NOT-FOR-US: Interact
CVE-2006-1643 (SQL injection vulnerability in login.php in Interact 2.1.1 allows ...)
	NOT-FOR-US: Interact
CVE-2006-1642 (Cross-site scripting (XSS) vulnerability in Interact 2.1.1 allows ...)
	NOT-FOR-US: Interact
CVE-2006-1641 (Multiple SQL injection vulnerabilities in CzarNews 1.14 allow remote ...)
	NOT-FOR-US: CzarNews
CVE-2006-1640 (Cross-site scripting (XSS) vulnerability in news.php in CzarNews 1.14 ...)
	NOT-FOR-US: CzarNews
CVE-2006-1639 (SQL injection vulnerability in index.php in wpBlog 0.4 allows remote ...)
	NOT-FOR-US: wpBlog
CVE-2006-1638 (Multiple SQL injection vulnerabilities in aWebBB 1.2 allow remote ...)
	NOT-FOR-US: aWebBB
CVE-2006-1637 (Multiple cross-site scripting (XSS) vulnerabilities in aWebBB 1.2 ...)
	NOT-FOR-US: aWebBB
CVE-2006-1636 (PHP remote file inclusion vulnerability in get_header.php in VWar ...)
	NOT-FOR-US: VWar
CVE-2006-1635 (LucidCMS 2.0.0 RC4 allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: LucidCMS
CVE-2006-1634 (Cross-site scripting (XSS) vulnerability in index.php in LucidCMS ...)
	NOT-FOR-US: LucidCMS
CVE-2006-1633
	RESERVED
CVE-2006-1632
	RESERVED
CVE-2006-1631 (Unspecified vulnerability in the HTTP compression functionality in ...)
	NOT-FOR-US: Cisco
CVE-2006-1629 (OpenVPN 2.0 through 2.0.5 allows remote malicious servers to execute ...)
	{DSA-1045-1}
	- openvpn 2.0.6-1 (bug #360559; medium)
CVE-2006-1628 (Adobe LiveCycle Workflow 7.01 and LiveCycle Forum Manager 7.01 allows ...)
	NOT-FOR-US: Adobe LiveCycle
CVE-2006-1627 (Adobe Document Server for Reader Extensions 6.0 does not provide ...)
	NOT-FOR-US: Adobe Document Server
CVE-2006-1626 (Internet Explorer 6 for Windows XP SP2 and earlier allows remote ...)
	NOT-FOR-US: Internet Explorer
CVE-2006-1625 (Cross-site scripting (XSS) vulnerability in inc/functions_post.php in ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2006-1624 (The default configuration of syslogd in the Linux sysklogd package ...)
	- sysklogd <unfixed> (unimportant)
	NOTE: No sane person will open a network socket for syslog without apropriate
	NOTE: firewall rules. The default is not to listen to the network.
CVE-2006-1623 (Unspecified vulnerability in main.php in an unspecified &quot;file created ...)
	NOT-FOR-US: FleXiBle Development
CVE-2006-1622 (Cross-site scripting (XSS) vulnerability in PHPSelect linksubmit ...)
	NOT-FOR-US: PHPSelect
CVE-2006-1621 (Directory traversal vulnerability in admin/folders/saveuploadfiles.asp ...)
	NOT-FOR-US: Hosting Controller
CVE-2006-1620 (admin/accounts/AccountActions.asp in Hosting Controller 2002 RC 1 ...)
	NOT-FOR-US: Hosting Controller
CVE-2006-1619 (IBM WebSphere Application Server 4.0.1 through 4.0.3 allows remote ...)
	NOT-FOR-US: WebSphere
CVE-2006-1618 (Format string vulnerability in the (1) Con_message and (2) conPrintf ...)
	NOT-FOR-US: Doomsday/deng
CVE-2006-1617 (Multiple cross-site scripting (XSS) vulnerabilities in Advanced Poll ...)
	NOT-FOR-US: Advanced Poll
CVE-2006-1616 (Multiple SQL injection vulnerabilities in Advanced Poll 2.02 allow ...)
	NOT-FOR-US: Advanced Poll
CVE-2006-1613 (Multiple SQL injection vulnerabilities in aWebNews 1.0 allow remote ...)
	NOT-FOR-US: aWebNews
CVE-2006-1612 (Multiple cross-site scripting (XSS) vulnerabilities in visview.php in ...)
	NOT-FOR-US: aWebNews
CVE-2006-1611 (Directory traversal vulnerability in KGB Archiver before 1.1.5.22 ...)
	NOT-FOR-US: KGB Archiver
CVE-2006-1610 (PHP remote file inclusion vulnerability in lib/armygame.php in SQuery ...)
	NOT-FOR-US: SQuery / Autonomous LAN party
CVE-2006-1609 (Unspecified vulnerability in Hitachi XFIT/S, XFIT/S/JCA, XFIT/S/ZGN, ...)
	NOT-FOR-US: Hitachi XFIT
CVE-2006-1608 (The copy function in file.c in PHP 4.4.2 and 5.1.2 allows local users ...)
	- php4 4:4.4.4-1 (bug #361856; unimportant)
	- php5 5.1.4-0.1 (bug #361915; unimportant)
	NOTE: Safe mode violations not supported
CVE-2006-1607 (Unspecified vulnerability in the banner module in Exponent CMS before ...)
	NOT-FOR-US: Exponent CMS
CVE-2006-1606 (Unspecified vulnerability in the image module in Exponent CMS before ...)
	NOT-FOR-US: Exponent CMS
CVE-2006-1605 (Unspecified vulnerability in the image module in Exponent CMS before ...)
	NOT-FOR-US: Exponent CMS
CVE-2006-1604 (Unspecified vulnerability in Exponent CMS before 0.96.5 RC 1 has ...)
	NOT-FOR-US: Exponent CMS
CVE-2006-1603 (Cross-site scripting (XSS) vulnerability in profile.php in phpBB ...)
	- phpbb2 <not-affected> (According to Jeroen a non-issue, see notes)
	NOTE: <jvw> jmm: unable to everify, the variable in question is only printed
	NOTE: at one single page, and there it doesn't get taken from GET nor POST in my tests
	NOTE: <jvw> and, shock, the password isn't saved unhashed in the DB, so having
	NOTE: javascript in your password can't be exposed otherwise
	NOTE: <jvw> I'd forget about it unless someone comes with a proof of concept
CVE-2006-1602 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: PHPNuke Clan
CVE-2006-1601 (Unspecified vulnerability in SunPlex Manager in Sun Cluster 3.1 4/04 ...)
	NOT-FOR-US: Sun Cluster
CVE-2006-1600 (SQL injection vulnerability in category.php in PhpWebGallery 1.4.1 ...)
	NOT-FOR-US: PhpWebGallery
CVE-2006-1599 (Unspecified vulnerability in VCEngine.php in v-creator before ...)
	NOT-FOR-US: v-creator
CVE-2006-1598 (AN HTTPD 1.42n, and possibly other versions before 1.42p, allows ...)
	NOT-FOR-US: AN HTTPD
CVE-2006-1597
	RESERVED
CVE-2006-1596 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: Claroline
CVE-2006-1595 (Cross-site scripting (XSS) vulnerability in document/rqmkhtml.php in ...)
	NOT-FOR-US: Claroline
CVE-2006-1594 (Multiple directory traversal vulnerabilities in document/rqmkhtml.php ...)
	NOT-FOR-US: Claroline
CVE-2006-1593 (The (1) ZD_MissingPlayer, (2) ZD_UseItem, and (3) ...)
	NOT-FOR-US: X-Doom, ZDaemon
	NOTE: vulnerable functions don't exist in lxdoom, prboom
CVE-2006-1592 (Buffer overflow in the is_client_wad_ok function in w_wad.cpp for (1) ...)
	NOT-FOR-US: X-Doom, ZDaemon
	NOTE: vulnerable functions don't exist in lxdoom, prboom
CVE-2006-1591 (Heap-based buffer overflow in Microsoft Windows Help winhlp32.exe ...)
	NOT-FOR-US: Microsoft Windows Help
CVE-2006-1590 (Cross-site scripting (XSS) vulnerability in the PrintFreshPage ...)
	- acidbase 1.2.5-1 (bug #363548; unimportant)
	[sarge] - acidbase <no-dsa> (Hardly exploitable)
	- acidlab <removed> (bug #363549; unimportant)
	[sarge] - acidlab <no-dsa> (Hardly exploitable)
	NOTE: Not exploitable with the default configuration anyway.
CVE-2006-1589 (The elf_load_file function in NetBSD 2.0 through 3.0 allows local ...)
	NOT-FOR-US: NetBSD kernel
CVE-2006-1588 (The bridge ioctl (if_bridge code) in NetBSD 1.6 through 3.0 does not ...)
	NOT-FOR-US: NetBSD kernel
CVE-2006-1587 (NetBSD 1.6 up to 3.0, when a user has &quot;set record&quot; in .mailrc with the ...)
	NOT-FOR-US: NetBSD
CVE-2002-2210 (The installation of OpenOffice 1.0.1 allows local users to overwrite ...)
	- openoffice.org 1.0.2
CVE-2006-1614 (Integer overflow in the cli_scanpe function in the PE header parser ...)
	{DSA-1024-1}
	- clamav 0.88.1-1
CVE-2006-1630 (The cli_bitset_set function in libclamav/others.c in Clam AntiVirus ...)
	{DSA-1024-1}
	- clamav 0.88.1-1
CVE-2006-1615 (Multiple format string vulnerabilities in the logging code in Clam ...)
	{DSA-1024-1}
	- clamav 0.88.1-1
CVE-2006-1586 (SQL injection vulnerability in admin_login.asp in ISP of Egypt SiteMan ...)
	NOT-FOR-US: Egypt SiteMan
CVE-2006-1585 (Multiple SQL injection vulnerabilities in MonAlbum 0.8.7 allow remote ...)
	NOT-FOR-US: MonAlbum
CVE-2006-1584 (Unspecified vulnerability in index.php in Warcraft III Replay Parser ...)
	NOT-FOR-US: Warcraft III Replay
CVE-2006-1583 (Cross-site scripting (XSS) vulnerability in index.php in Warcraft III ...)
	NOT-FOR-US: Warcraft III Replay
CVE-2006-1582 (Cross-site scripting (XSS) vulnerability in index.php in Blank'N'Berg ...)
	NOT-FOR-US: Blank'N'Berg
CVE-2006-1581 (Directory traversal vulnerability in index.php in Blank'N'Berg 0.2 ...)
	NOT-FOR-US: Blank'N'Berg
CVE-2006-1580 (Multiple cross-site scripting (XSS) vulnerabilities in Bugzero 4.3.1 ...)
	NOT-FOR-US: Bugzero
CVE-2006-1579 (SQL injection vulnerability in topics.php in Dynamic Bulletin Board ...)
	NOT-FOR-US: Dynamic Bulletin Board System
CVE-2006-1578 (Multiple SQL injection vulnerabilities in Keystone Digital Library ...)
	NOT-FOR-US: Keystone Digital Library Suite
CVE-2006-1577 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
	{DSA-1133-1}
	[woody] - mantis <not-affected> (Vulnerable code not present)
	- mantis 0.19.4-3.1 (bug #361138)
CVE-2006-1576 (Direct static code injection vulnerability in QLnews 1.2 allows remote ...)
	NOT-FOR-US: QLnews
CVE-2006-1575 (Multiple cross-site scripting (XSS) vulnerabilities in news.php in ...)
	NOT-FOR-US: QLnews
CVE-2006-1574 (Cross-site scripting (XSS) vulnerability in Groupmax World Wide Web, ...)
	NOT-FOR-US: Groupmax World Wide Web et. al.
CVE-2006-1573 (PHP remote file inclusion vulnerability in index.php in MediaSlash ...)
	NOT-FOR-US: MediaSlash Gallery
CVE-2006-1572 (SQL injection vulnerability in post.php in Oxygen 1.1.3 allows remote ...)
	NOT-FOR-US: Oxygen
CVE-2006-1571 (Multiple SQL injection vulnerabilities in loginprocess.php in ...)
	NOT-FOR-US: qliteNews
CVE-2006-1570 (Cross-site scripting (XSS) vulnerability in Esqlanelapse 2.0 and 2.2 ...)
	NOT-FOR-US: Esqlanelapse
CVE-2006-1569 (Multiple SQL injection vulnerabilities in RedCMS 0.1 allow remote ...)
	NOT-FOR-US: RedCMS
CVE-2006-1568 (Multiple cross-site scripting (XSS) vulnerabilities in register.php in ...)
	NOT-FOR-US: RedCMS
CVE-2006-1567 (Cross-site scripting (XSS) vulnerability in searchresults.asp in ...)
	NOT-FOR-US: SiteSearch Indexer
CVE-2006-1566 (Untrusted search path vulnerability in libtunepimp-perl 0.4.2-1 in ...)
	- libtunepimp 0.4.2-3 (bug #359241; low)
	[sarge] - libtunepimp <not-affected> (rpath not set to /tmp in Sarge)
CVE-2006-1565 (Untrusted search path vulnerability in libgpib-perl 3.2.06-2 in Debian ...)
	- gpib 3.2.06-3 (bug #359239; low)
	[sarge] - gpib <not-affected> (rpath not set to /tmp in Sarge)
CVE-2006-1564 (Untrusted search path vulnerability in libapache2-svn 1.3.0-4 for ...)
	- subversion 1.3.0-5 (bug #359234; low)
	[sarge] - subversion <not-affected> (No rpaths set in Sarge)
CVE-2006-1563 (Direct static code injection vulnerability in config.php in vscripts ...)
	NOT-FOR-US: VBook
CVE-2006-1562 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...)
	NOT-FOR-US: VBook
CVE-2006-1561 (SQL injection vulnerability in index.php in vscripts (aka Kuba ...)
	NOT-FOR-US: VBook
CVE-2006-1560 (Multiple SQL injection vulnerabilities in SkinTech phpNewsManager 1.48 ...)
	NOT-FOR-US: SkinTech phpNewsManager
CVE-2006-1559 (SQL injection vulnerability in PHP Script Index allows remote ...)
	NOT-FOR-US: PHP Script Index
CVE-2006-1558 (Cross-site scripting (XSS) vulnerability in search.php in PHP Script ...)
	NOT-FOR-US: PHP Script Index
CVE-2006-1557 (Multiple SQL injection vulnerabilities in X-Changer 0.2 allow remote ...)
	NOT-FOR-US: X-Changer
CVE-2006-1556 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
	NOT-FOR-US: AL-Caricatier
CVE-2006-1555 (VSNS Lemon 3.2.0 allows remote attackers to bypass authentication and ...)
	NOT-FOR-US: VSNS Lemon
CVE-2006-1554 (Cross-site scripting (XSS) vulnerability in VSNS Lemon 3.2.0 allows ...)
	NOT-FOR-US: VSNS Lemon
CVE-2006-1553 (SQL injection vulnerability in functions/final_functions.php in VSNS ...)
	NOT-FOR-US: VSNS Lemon
CVE-2006-1552 (Integer overflow in ImageIO in Apple Mac OS X 10.4 up to 10.4.5 allows ...)
	NOT-FOR-US: Apple
CVE-2006-1551 (Eval injection vulnerability in pajax_call_dispatcher.php in PAJAX ...)
	NOT-FOR-US: PAJAX
CVE-2006-1549 (PHP 4.4.2 and 5.1.2 allows local users to cause a crash (segmentation ...)
	- php4 <unfixed> (bug #361854; unimportant)
	- php5 5.1.4-0.1 (bug #361917; unimportant)
	[sarge] - php4 <no-dsa> (there are easier ways to segfault your own program)
CVE-2005-4767 (BEA WebLogic Server and WebLogic Express 8.1 SP5 and earlier, and 7.0 ...)
	NOT-FOR-US: BEA WebLogic
CVE-2005-4766 (BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, and 7.0 ...)
	NOT-FOR-US: BEA WebLogic
CVE-2005-4765 (BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier and 7.0 ...)
	NOT-FOR-US: BEA WebLogic
CVE-2005-4764 (BEA WebLogic Server and WebLogic Express 9.0, 8.1, and 7.0 lock out ...)
	NOT-FOR-US: BEA WebLogic
CVE-2005-4763 (BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, 7.0 SP6 ...)
	NOT-FOR-US: BEA WebLogic
CVE-2005-4762 (BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, 7.0 SP6 ...)
	NOT-FOR-US: BEA WebLogic
CVE-2005-4761 (BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, 7.0 SP5 ...)
	NOT-FOR-US: BEA WebLogic
CVE-2005-4760 (BEA WebLogic Server and WebLogic Express 8.1 SP3 and earlier, and 7.0 ...)
	NOT-FOR-US: BEA WebLogic
CVE-2005-4759 (BEA WebLogic Server and WebLogic Express 8.1 and 7.0, during a ...)
	NOT-FOR-US: BEA WebLogic
CVE-2005-4758 (Unspecified vulnerability in the Administration server in BEA WebLogic ...)
	NOT-FOR-US: BEA WebLogic
CVE-2005-4757 (BEA WebLogic Server and WebLogic Express 8.1 SP3 and earlier, and 7.0 ...)
	NOT-FOR-US: BEA WebLogic
CVE-2005-4756 (BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, and 7.0 ...)
	NOT-FOR-US: BEA WebLogic
CVE-2005-4755 (BEA WebLogic Server and WebLogic Express 8.1 SP3 and earlier (1) ...)
	NOT-FOR-US: BEA WebLogic
CVE-2005-4754 (BEA WebLogic Server and WebLogic Express 8.1 SP3 and earlier allow ...)
	NOT-FOR-US: BEA WebLogic
CVE-2005-4753 (BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, and 7.0 ...)
	NOT-FOR-US: BEA WebLogic
CVE-2005-4752 (BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, and 7.0 ...)
	NOT-FOR-US: BEA WebLogic
CVE-2005-4751 (Multiple cross-site scripting (XSS) vulnerabilities in BEA WebLogic ...)
	NOT-FOR-US: BEA WebLogic
CVE-2005-4750 (BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, 7.0 SP5 ...)
	NOT-FOR-US: BEA WebLogic
CVE-2005-4749 (HTTP request smuggling vulnerability in BEA WebLogic Server and ...)
	NOT-FOR-US: BEA WebLogic
CVE-2006-1548 (Cross-site scripting (XSS) vulnerability in (1) LookupDispatchAction ...)
	- libstruts1.2-java 1.2.9-1 (bug #360551)
	[sarge] - libstruts1.2-java <no-dsa> (Only in contrib, relies on proprietary Java)
CVE-2006-1547 (ActionForm in Apache Software Foundation (ASF) Struts before 1.2.9 ...)
	- libstruts1.2-java 1.2.9-1 (bug #360551)
	[sarge] - libstruts1.2-java <no-dsa> (Only in contrib, relies on proprietary Java)
CVE-2006-1546 (Apache Software Foundation (ASF) Struts before 1.2.9 allows remote ...)
	- libstruts1.2-java 1.2.9-1 (bug #360551)
	[sarge] - libstruts1.2-java <no-dsa> (Only in contrib, relies on proprietary Java)
CVE-2006-1545 (Direct static code injection vulnerability in admin/config.php in ...)
	NOT-FOR-US: VNews
CVE-2006-1544 (Multiple cross-site scripting (XSS) vulnerabilities in news.php in ...)
	NOT-FOR-US: VNews
CVE-2006-1543 (Multiple SQL injection vulnerabilities in vscripts (aka Kuba ...)
	NOT-FOR-US: VNews
CVE-2006-1542 (Stack-based buffer overflow in Python 2.4.2 and earlier, running on ...)
	NOT-FOR-US: Bogus issue, this doesn't trigger any local overflow
	NOTE: Should be rejected
CVE-2006-1541 (SQL injection vulnerability in Default.asp in EzASPSite 2.0 RC3 and ...)
	NOT-FOR-US: EzASPSite
CVE-2006-1540 (MSO.DLL in Microsoft Office 2000, Office XP (2002), and Office 2003 ...)
	NOT-FOR-US: Microsoft
CVE-2006-1539 (Multiple buffer overflows in the checkscores function in scores.c in ...)
	- bsdgames 2.17-6 (bug #361160)
	[sarge] - bsdgames <no-dsa> (Minor impact)
CVE-2006-1538 (The Enova X-Wall ASIC encrypts with a key obtained via Microwire from ...)
	NOT-FOR-US: Enova X-Wall ASIC
CVE-2006-1537 (Craig Knudsen WebCalendar 1.1.0-CVS allows remote attackers to obtain ...)
	- webcalendar <unfixed> (unimportant)
CVE-2006-1536 (Multiple SQL injection vulnerabilities in Phoetux.net PhxContacts ...)
	NOT-FOR-US: Phoetux.net PhxContacts
CVE-2006-1535 (Cross-site scripting (XSS) vulnerability in login.php in Phoetux.net ...)
	NOT-FOR-US: Phoetux.net PhxContacts
CVE-2006-1534 (Multiple SQL injection vulnerabilities in Null news allow remote ...)
	NOT-FOR-US: Null news
CVE-2006-1533 (SQL injection vulnerability in newsletter.php in Sourceworkshop ...)
	NOT-FOR-US: Sourceworkshop newsletter
CVE-2006-1532 (Cross-site scripting (XSS) vulnerability in search.php in PHP ...)
	NOT-FOR-US: PHP Classifieds
CVE-2006-1531 (Unspecified vulnerability in Firefox and Thunderbird before 1.5.0.2, ...)
	{DSA-1046-1}
	- firefox 1.5.0.2 (medium)
	- mozilla-firefox <not-affected> (pre-1.5 version not vulnerable)
	- thunderbird 1.5.0.2-1 (low)
	- mozilla-thunderbird <not-affected> (pre-1.5 version not vulnerable)
	- xulrunner 1.8.0.1-9
	NOTE: MFSA2006-20 says exploitability has not been confirmed.
	NOTE: Thunderbird is potentially affected as well, but not in the
	NOTE: default configuration.
CVE-2006-1530 (Unspecified vulnerability in Firefox and Thunderbird before 1.5.0.2, ...)
	{DSA-1046-1}
	- firefox 1.5.0.2 (medium)
	- mozilla-firefox <not-affected> (pre-1.5 version not vulnerable)
	- thunderbird 1.5.0.2-1 (low)
	- mozilla-thunderbird <not-affected> (pre-1.5 version not vulnerable)
	- xulrunner 1.8.0.1-9
	NOTE: MFSA2006-20 says exploitability has not been confirmed.
	NOTE: Thunderbird is potentially affected as well, but not in the
	NOTE: default configuration.
CVE-2006-1529 (Unspecified vulnerability in Firefox and Thunderbird before 1.5.0.2, ...)
	{DSA-1046-1}
	- firefox 1.5.0.2-1 (medium)
	- mozilla-firefox <not-affected> (pre-1.5 version not vulnerable)
	- thunderbird 1.5.0.2-1 (low)
	- mozilla-thunderbird <not-affected> (pre-1.5 version not vulnerable)
	- xulrunner 1.8.0.1-9
	NOTE: MFSA2006-20 says exploitability has not been confirmed.
	NOTE: Thunderbird is potentially affected as well, but not in the
	NOTE: default configuration.
CVE-2006-1528 (Linux kernel before 2.6.13 allows local users to cause a denial of ...)
	- linux-2.6 2.6.13-1
CVE-2006-1527 (The SCTP-netfilter code in Linux kernel before 2.6.16.13 allows remote ...)
	- linux-2.6 2.6.16-12 (low)
CVE-2006-1526 (Buffer overflow in the X render (Xrender) extension in X.org X server ...)
	- xorg-server 1:1.0.2-8 (bug #378464)
	[sarge] - xfree86 <not-affected> (Vulnerable code not present)
CVE-2006-1525 (ip_route_input in Linux kernel 2.6 before 2.6.16.8 allows local users ...)
	{DSA-1103 DSA-1097-1}
	- linux-2.6 2.6.16-9
CVE-2006-1524 (madvise_remove in Linux kernel 2.6.16 up to 2.6.16.6 does not follow ...)
	{DSA-1103 DSA-1097-1}
	- linux-2.6 2.6.16-8
CVE-2006-1523 (The __group_complete_signal function in the RCU signal handling ...)
	{DSA-1103}
	- linux-2.6 2.6.16-7
CVE-2006-1522 (The sys_add_key function in the keyring code in Linux kernel 2.6.16.1 ...)
	- linux-2.6 2.6.16-7
CVE-2006-1521
	RESERVED
CVE-2006-1520 (Format string vulnerability in ANSI C Sender Policy Framework library ...)
	NOTE: Debian ships debugging disabled (this isn't a problem with a debugging command-line flag)
	- libspf <not-affected> (bug #368780; low)
CVE-2006-1519
	REJECTED
CVE-2006-1518 (Buffer overflow in the open_table function in sql_base.cc in MySQL ...)
	{DSA-1079-1 DSA-1073-1 DSA-1071-1}
	- mysql-dfsg-5.0 5.0.21-1 (bug #365939; medium)
	- mysql-dfsg-4.1 <removed> (bug #365939; medium)
	- mysql-dfsg <removed> (bug #365939; bug #356751; medium)
	- mysql <removed> (bug #365939; medium)
CVE-2006-1517 (sql_parse.cc in MySQL 4.0.x up to 4.0.26, 4.1.x up to 4.1.18, and ...)
	{DSA-1079-1 DSA-1073-1 DSA-1071-1}
	- mysql-dfsg-5.0 5.0.21-1 (bug #365939; low)
	- mysql-dfsg-4.1 <removed> (bug #365939; low)
	- mysql-dfsg <removed> (bug #365939; bug #356751; low)
	- mysql <removed> (bug #365939; low)
CVE-2006-1516 (The check_connection function in sql_parse.cc in MySQL 4.0.x up to ...)
	{DSA-1079-1 DSA-1073-1 DSA-1071-1}
	- mysql-dfsg-5.0 5.0.21-1 (bug #365939; bug #365938; bug #366044; low)
	- mysql-dfsg-4.1 <removed> (bug #365939; bug #366043; low)
	- mysql-dfsg <removed> (bug #365939; bug #356751; low)
	- mysql <removed> (bug #365939; low)
CVE-2006-1515 (Buffer overflow in the addnewword function in typespeed 0.4.4 and ...)
	{DSA-1084-1}
	- typespeed 0.4.4-10
CVE-2006-1514 (Multiple buffer overflows in the abcmidi-yaps translator in abcmidi ...)
	{DSA-1043-1}
	- abcmidi 20060422-1
CVE-2006-1513 (Multiple buffer overflows in abc2ps before 1.3.3 allow user-assisted ...)
	{DSA-1041-1}
	- abc2ps <removed> (bug #373685; low)
CVE-2006-1512
	REJECTED
CVE-2006-1511 (Buffer overflow in the ILASM assembler in the Microsoft .NET 1.0 and ...)
	NOT-FOR-US: Microsoft
CVE-2006-1510 (Buffer overflow in calloc.c in the Microsoft Windows XP SP2 ntdll.dll ...)
	NOT-FOR-US: Microsoft
CVE-2006-1509 (/sbin/passwd in HP-UX B.11.00, B.11.11, and B.11.23 before 20060326 ...)
	NOT-FOR-US: HP-UX
CVE-2006-1508 (Multiple cross-site scripting (XSS) vulnerabilities in MH Software ...)
	NOT-FOR-US: MH Software Connect Daily Web Calendar
CVE-2006-1507 (Cross-site scripting (XSS) vulnerability in PHPKIT 1.6.03 allows ...)
	NOT-FOR-US: PHPKIT
CVE-2006-1506 (Unspecified vulnerability in rsh in Sun Microsystems Sun Grid Engine ...)
	NOT-FOR-US: Sun Microsystems Sun Grid Engine 5.3
CVE-2006-1505 (base_maintenance.php in Basic Analysis and Security Engine (BASE) ...)
	- acidbase 1.2.4-1 (bug #361139)
CVE-2006-1504 (Multiple cross-site scripting (XSS) vulnerabilities in Arab Portal 2.0 ...)
	NOT-FOR-US: Arab Portal
CVE-2006-1503 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: Virtual Wa
CVE-2006-1502 (Multiple integer overflows in MPlayer 1.0pre7try2 allow remote ...)
	NOT-FOR-US: MPlayer
	NOTE: I can't find the vulnerable code in xine-lib
CVE-2006-1501 (SQL injection vulnerability in index.php in OneOrZero 1.6.3.0 allows ...)
	NOT-FOR-US: OneOrZero
CVE-2006-1500 (SQL injection vulnerability in index.php in Tilde CMS 3.0 allows ...)
	NOT-FOR-US: Tilde CMS 3.0
CVE-2006-1499 (SQL injection vulnerability in vCounter.php in vCounter 1.0 allows ...)
	NOT-FOR-US: vCounter
CVE-2006-1497 (Directory traversal vulnerability in index.php in ViHor Design allows ...)
	NOT-FOR-US: ViHor Design
CVE-2006-1496 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...)
	NOT-FOR-US: ViHor Design
CVE-2006-1495 (SQL injection vulnerability in general/sendpassword.php in (1) ...)
	NOT-FOR-US: PHPCollab / NetOffice
CVE-2006-1494 (Directory traversal vulnerability in file.c in PHP 4.4.2 and 5.1.2 ...)
	- php4 4:4.4.4-1 (bug #361855; unimportant)
	- php5 5.1.4-0.1 (bug #361916; unimportant)
	NOTE: open_basedir violations are not supported
CVE-2006-1493 (Cross-site scripting (XSS) vulnerability in dir.php in Explorer XP ...)
	NOT-FOR-US: Explorer XP
CVE-2006-1492 (Directory traversal vulnerability in dir.php in Explorer XP allows ...)
	NOT-FOR-US: Explorer XP
CVE-2006-1489 (Multiple SQL injection vulnerabilities in FusionZONE CouponZONE ...)
	NOT-FOR-US: FusionZONE CouponZONE
CVE-2005-4748 (PHP remote file include vulnerability in functions_admin.php in ...)
	NOT-FOR-US: Virtual War
CVE-2006-XXXX [unixodbc rpath set to /home]
	- unixodbc 2.2.11-11 (bug #358142; low)
	[sarge] - unixodbc <not-affected> (rpath not set to /home in Sarge)
CVE-2006-XXXX [fftw rpath set to user home]
	- fftw 2.1.3-17 (bug #358157; low)
	[sarge] - fftw <not-affected> (No rpath set in Sarge)
CVE-2006-XXXX [gauche-config rpath set to user home]
	- gauche 0.8.7-1 (bug #358139; low)
	[sarge] - gauche <not-affected> (gauche-config is a shell script in Sarge)
CVE-2006-XXXX [tcpquota rpath set to user home]
	- tcpquota 1.6.15-11 (bug #358369; low)
	[sarge] - tcpquota <no-dsa> (Only exploitable with strange AFS cell name)
CVE-2006-XXXX [hamlib3-perl rpath set to user home]
	- hamlib 1.2.5-3 (bug #358166; low)
	[sarge] - hamlib <no-dsa> (Only exploitable with strange user name)
CVE-2006-1550 (Multiple buffer overflows in the xfig import code (xfig-import.c) in ...)
	{DSA-1025-1}
	- dia 0.94.0-18 (bug #360566)
CVE-2006-1498 (Cross-site scripting (XSS) vulnerability in MediaWiki before 1.5.8 and ...)
	- mediawiki 1.4.15-1
	- mediawiki1.5 1.5.8-1
CVE-2006-1491 (Eval injection vulnerability in Horde Application Framework versions ...)
	{DSA-1034-1 DSA-1033-1}
	- horde3 3.1.1-1 (bug #361967)
CVE-2006-1490 (PHP before 5.1.3-RC1 might allow remote attackers to obtain portions ...)
	- php5 5.1.4-0.1 (bug #359907; low)
	- php4 4:4.4.2-1.1 (bug #359904; low)
	[sarge] - php4 <no-dsa> (Application's responsibility to sanitize input)
CVE-2006-1488 (ActiveCampaign SupportTrio 2.5 allows remote attackers to obtain the ...)
	NOT-FOR-US: ActiveCampaign SupportTrio
CVE-2006-1487 (Cross-site scripting (XSS) vulnerability in ActiveCampaign SupportTrio ...)
	NOT-FOR-US: ActiveCampaign SupportTrio
CVE-2006-1486 (Multiple cross-site scripting (XSS) vulnerabilities in index.cfm in ...)
	NOT-FOR-US: realestateZONE
CVE-2006-1485 (gm-upload.cgi in Greymatter 1.3.1 allows remote authenticated users ...)
	NOT-FOR-US: Greymatter
CVE-2006-1484 (Genius VideoCAM NB Driver does not drop privileges when saving files, ...)
	NOT-FOR-US: Genius VideoCAM NB Driver
CVE-2006-1483 (Blazix Web Server before 1.2.6, when running on Windows, allows remote ...)
	NOT-FOR-US: Blazix Web Server
CVE-2006-1482 (Cross-site scripting (XSS) vulnerability in index.php in ConfTool 1.1 ...)
	NOT-FOR-US: ConfTool
CVE-2006-1481 (SQL injection vulnerability in search.php in PHP Ticket 0.71 allows ...)
	NOT-FOR-US: PHP Ticket
CVE-2006-1480 (Directory traversal vulnerability in start.php in WebAlbum 2.02 allows ...)
	NOT-FOR-US: WebAlbum
CVE-2006-1479 (Multiple cross-site scripting (XSS) vulnerabilities in Serge Rey ...)
	NOT-FOR-US: Serge Rey gtd-php
CVE-2006-1478 (Directory traversal vulnerability in (1) initiate.php and (2) possibly ...)
	NOT-FOR-US: Turnkey Web Tools PHP Live Helper
CVE-2006-1477 (Multiple PHP remote file inclusion vulnerabilities in Turnkey Web ...)
	NOT-FOR-US: Turnkey Web Tools PHP Live Helper
CVE-2006-1476 (Windows Firewall in Microsoft Windows XP SP2 produces incorrect ...)
	NOT-FOR-US: Windows Firewall
CVE-2006-1475 (Windows Firewall in Microsoft Windows XP SP2 does not produce ...)
	NOT-FOR-US: Windows Firewall
CVE-2006-1474 (Cross-site scripting (XSS) vulnerability in the &quot;failed&quot; functionality ...)
	NOT-FOR-US: Raindance Web Conferencing Pro
CVE-2006-1473 (Integer overflow in AFP Server for Apple Mac OS X 10.3.9 and 10.4.7 ...)
	NOT-FOR-US: Apple
CVE-2006-1472 (Unspecified vulnerability in AFP Server in Apple Mac OS X 10.3.9 ...)
	NOT-FOR-US: Apple
CVE-2006-1471 (Format string vulnerability in the CF_syslog function launchd in Apple ...)
	NOT-FOR-US: Apple
CVE-2006-1470 (OpenLDAP in Apple Mac OS X 10.4 up to 10.4.6 allows remote attackers ...)
	- openldap2 <not-affected> (Vulnerable code not present)
	- openldap2.2 <removed> (medium)
CVE-2006-1469 (Stack-based buffer overflow in ImageIO in Apple Mac OS X 10.4 up to ...)
	NOT-FOR-US: Apple
CVE-2006-1468 (Unspecified vulnerability in Apple File Protocol (AFP) server in Apple ...)
	NOT-FOR-US: Apple
CVE-2006-1467 (Integer overflow in the AAC file parsing code in Apple iTunes before ...)
	NOT-FOR-US: Apple iTunes
CVE-2006-1466 (Xcode Tools before 2.3 for Mac OS X 10.4, when running the WebObjects ...)
	NOT-FOR-US: Apple
CVE-2006-1465 (Buffer overflow in Apple QuickTime before 7.1 allows remote attackers ...)
	NOT-FOR-US: Apple
CVE-2006-1464 (Buffer overflow in Apple QuickTime before 7.1 allows remote attackers ...)
	NOT-FOR-US: Apple
CVE-2006-1463 (Heap-based buffer overflow in Apple QuickTime before 7.1 allows remote ...)
	NOT-FOR-US: Apple
CVE-2006-1462 (Multiple integer overflows in Apple QuickTime before 7.1 allow remote ...)
	NOT-FOR-US: Apple
CVE-2006-1461 (Multiple buffer overflows in Apple QuickTime before 7.1 allow remote ...)
	NOT-FOR-US: Apple
CVE-2006-1460 (Multiple buffer overflows in Apple QuickTime before 7.1 allow remote ...)
	NOT-FOR-US: Apple
CVE-2006-1459 (Multiple integer overflows in Apple QuickTime before 7.1 allow remote ...)
	NOT-FOR-US: Apple
CVE-2006-1458 (Integer overflow in Apple QuickTime Player before 7.1 allows remote ...)
	NOT-FOR-US: Apple
CVE-2006-1457 (Safari on Apple Mac OS X 10.4.6, when &quot;Open `safe' files after ...)
	NOT-FOR-US: Apple
CVE-2006-1456 (Buffer overflow in QuickTime Streaming Server in Apple Mac OS X 10.3.9 ...)
	NOT-FOR-US: Apple
CVE-2006-1455 (QuickTime Streaming Server in Apple Mac OS X 10.3.9 and 10.4.6 allows ...)
	NOT-FOR-US: Apple
CVE-2006-1454 (Heap-based buffer overflow in Apple QuickTime before 7.1 allows remote ...)
	NOT-FOR-US: Apple
CVE-2006-1453 (Stack-based buffer overflow in Apple QuickTime before 7.1 allows ...)
	NOT-FOR-US: Apple
CVE-2006-1452 (Stack-based buffer overflow in Preview in Apple Mac OS 10.4 up to ...)
	NOT-FOR-US: Apple
CVE-2006-1451 (MySQL Manager in Apple Mac OS X 10.3.9 and 10.4.6, when setting up a ...)
	NOT-FOR-US: MySQL Manager
CVE-2006-1450 (Mail in Apple Mac OS X 10.3.9 and 10.4.6 allows remote attackers to ...)
	NOT-FOR-US: Apple
CVE-2006-1449 (Integer overflow in Mail in Apple Mac OS X 10.3.9 and 10.4.6 allows ...)
	NOT-FOR-US: Apple
CVE-2006-1448 (Finder in Apple Mac OS X 10.3.9 and 10.4.6 allows user-assisted ...)
	NOT-FOR-US: Apple
CVE-2006-1447 (LaunchServices in Apple Mac OS X 10.4.6 allows remote attackers to ...)
	NOT-FOR-US: Apple
CVE-2006-1446 (Keychain in Apple Mac OS X 10.3.9 and 10.4.6 might allow an ...)
	NOT-FOR-US: Apple
CVE-2006-1445 (Buffer overflow in the FTP server (FTPServer) in Apple Mac OS X 10.3.9 ...)
	NOT-FOR-US: Apple
CVE-2006-1444 (CoreGraphics in Apple Mac OS X 10.4.6, when &quot;Enable access for ...)
	NOT-FOR-US: Apple
CVE-2006-1443 (Integer underflow in CoreFoundation in Apple Mac OS X 10.3.9 and ...)
	NOT-FOR-US: Apple
CVE-2006-1442 (The bundle API in CoreFoundation in Apple Mac OS X 10.3.9 and 10.4.6 ...)
	NOT-FOR-US: Apple
CVE-2006-1441 (Integer overflow in CFNetwork in Apple Mac OS X 10.4.6 allows remote ...)
	NOT-FOR-US: Apple
CVE-2006-1440 (BOM in Apple Mac OS X 10.3.9 and 10.4.6 allows attackers to overwrite ...)
	NOT-FOR-US: Apple
CVE-2006-1439 (NSSecureTextField in AppKit in Apple Mac OS X 10.4.6 does not ...)
	NOT-FOR-US: Apple
CVE-2006-1438 (Multiple cross-site scripting (XSS) vulnerabilities in Andy's PHP ...)
	NOT-FOR-US: aphpkb
CVE-2006-1437 (UPOINT @1 Event Publisher stores sensitive information under the web ...)
	NOT-FOR-US: UPOINT
CVE-2006-1436 (Multiple cross-site scripting (XSS) vulnerabilities in UPOINT @1 Event ...)
	NOT-FOR-US: UPOINT
CVE-2006-1435 (Cross-site scripting (XSS) vulnerability in genmessage.php in ...)
	NOT-FOR-US: Accounting Receiving and Inventory Administration (ARIA), different from debian aria
CVE-2006-1434 (Cross-site scripting (XSS) vulnerability in inscription.php in ...)
	NOT-FOR-US: Annuaire (Directory)
CVE-2006-1433 (Annuaire (Directory) 1.0 allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: Annuaire (Directory)
CVE-2006-1432 (fusionZONE couponZONE 4.2 allows remote attackers to obtain the full ...)
	NOT-FOR-US: fusionZONE couponZONE
CVE-2006-1431 (Cross-site scripting (XSS) vulnerability in local.cfm in fusionZONE ...)
	NOT-FOR-US: fusionZONE couponZONE
CVE-2006-1430 (Multiple cross-site scripting (XSS) vulnerabilities in CONTROLzx HMS ...)
	NOT-FOR-US: CONTROLzx HMS
CVE-2006-1429 (Cross-site scripting (XSS) vulnerability in accountlogon.cfm in ...)
	NOT-FOR-US: classifiedZONE
CVE-2006-1428 (Multiple cross-site scripting (XSS) vulnerabilities in phpCOIN 1.2.2 ...)
	NOT-FOR-US: phpCOIN
CVE-2006-1427 (Multiple cross-site scripting (XSS) vulnerabilities in WebAPP ...)
	NOT-FOR-US: WebAPP
CVE-2006-1426 (Multiple SQL injection vulnerabilities in Pixel Motion Blog allow ...)
	NOT-FOR-US: Blog Pixel Motion
CVE-2006-1425 (Cross-site scripting (XSS) vulnerability in track.php in phpmyfamily ...)
	NOT-FOR-US: phpmyfamily
CVE-2006-1424
	REJECTED
CVE-2006-1423 (SQL injection vulnerability in showflat.php in UBB.threads 5.5.1, 6.0 ...)
	NOT-FOR-US: UBB.threads
CVE-2006-1422 (SQL injection vulnerability in details_view.php in PHP Booking Calendar ...)
	NOT-FOR-US: PHP Booking Calendar
CVE-2006-1421 (Multiple SQL injection vulnerabilities in akocomment.php in AkoComment ...)
	NOT-FOR-US: AkoComment
CVE-2006-1420 (SQL injection vulnerability in print.php in SaphpLesson 2.0 allows ...)
	NOT-FOR-US: SaphpLesson
CVE-2006-1419 (SQL injection vulnerability in the Calendar module in nuked-klan 1.7.5 ...)
	NOT-FOR-US: nuked-klan
CVE-2006-1418 (Cross-site scripting (XSS) vulnerability in default.asp in Caloris ...)
	NOT-FOR-US: Caloris Planitia E-School Management
CVE-2006-1417 (Multiple cross-site scripting (XSS) vulnerabilities in Caloris ...)
	NOT-FOR-US: Caloris Planitia Online Quiz System
CVE-2006-1416 (Cross-site scripting (XSS) vulnerability in afmsearch.aspx in Absolute ...)
	NOT-FOR-US: Absolute FAQ Manager .NET
CVE-2006-1415 (Cross-site scripting (XSS) vulnerability in iforget.aspx in dotNetBB ...)
	NOT-FOR-US: dotNetBB
CVE-2006-1414 (Multiple cross-site scripting (XSS) vulnerabilities in toast.asp in ...)
	NOT-FOR-US: Toast Forums
CVE-2006-1413 (Multiple cross-site scripting (XSS) vulnerabilities in EZHomepagePro ...)
	NOT-FOR-US: EZHomepagePro
CVE-2006-1412 (TFT Gallery 0.10 stores sensitive information under the web root with ...)
	NOT-FOR-US: TFT Gallery
CVE-2006-1411 (Cross-site scripting (XSS) vulnerability in Absolute Image Gallery XE ...)
	NOT-FOR-US: Absolute Image Gallery
CVE-2006-1410 (Multiple cross-site scripting (XSS) vulnerabilities in XIGLA Absolute ...)
	NOT-FOR-US: XIGLA Absolute Live Support
CVE-2006-1409 (Buffer overflow in Vavoom 1.19.1 and earlier allows remote attackers ...)
	NOT-FOR-US: Vavoom
	NOTE: code in prboom and lxdoom looks completely different
CVE-2006-1408 (Vavoom 1.19.1 and earlier allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Vavoom
	NOTE: code in prboom and lxdoom looks completely different
CVE-2006-1407 (Multiple cross-site scripting (XSS) vulnerabilities in Helm Web ...)
	NOT-FOR-US: Helm Web Hosting Control Panel
CVE-2006-1406 (Multiple cross-site scripting (XSS) vulnerabilities in wbadmlog.aspx ...)
	NOT-FOR-US: uniForum
CVE-2006-1405 (Cross-site scripting (XSS) vulnerability in search.aspx in ...)
	NOT-FOR-US: SweetSuite.NET Content Management System
CVE-2006-1404 (Multiple cross-site scripting (XSS) vulnerabilities in bol.cgi in ...)
	NOT-FOR-US: BlankOL
CVE-2006-1403 (Format string vulnerability in the PrintString function in ...)
	NOT-FOR-US: csDoom
	NOTE: prboom, lxdoom not affected
CVE-2006-1402 (Buffer overflow in client/server Doom (csDoom) 0.7 and earlier allows ...)
	NOT-FOR-US: csDoom
	NOTE: prboom, lxdoom not affected
CVE-2006-1401 (Multiple cross-site scripting (XSS) vulnerabilities in search.php in ...)
	NOT-FOR-US: Calendar Express
CVE-2006-1400 (Cross-site scripting (XSS) vulnerability in ...)
	NOT-FOR-US: Metisware Instructor
CVE-2006-1399 (Cross-site scripting (XSS) vulnerability in searchresult.php in ...)
	NOT-FOR-US: Meeting Reserve
CVE-2006-1398 (Cross-site scripting (XSS) vulnerability in guestbook.php in G-Book ...)
	NOT-FOR-US: G-Book
CVE-2006-1397 (Multiple cross-site scripting (XSS) vulnerabilities in (a) phpAdsNew ...)
	NOT-FOR-US: phpAdsNew
CVE-2005-4747 (Cross-site scripting (XSS) vulnerability in WebHost Automation Ltd ...)
	NOT-FOR-US: WebHost Automation Ltd Helm
CVE-2005-4746 (Multiple buffer overflows in FreeRADIUS 1.0.3 and 1.0.4 allow remote ...)
	{DSA-1145-1}
	- freeradius 1.0.5-1
CVE-2005-4745 (SQL injection vulnerability in the rlm_sqlcounter module in FreeRADIUS ...)
	{DSA-1145-1}
	- freeradius 1.0.5-1
CVE-2005-4744 (Off-by-one error in the sql_error function in sql_unixodbc.c in ...)
	{DSA-1089-1}
	- freeradius 1.0.5-1
CVE-1999-1587 (/usr/ucb/ps in Sun Microsystems Solaris 8 and 9, and certain earlier ...)
	NOT-FOR-US: Solaris
CVE-2006-1396 (Multiple cross-site scripting (XSS) vulnerabilities in Cholod MySQL ...)
	NOT-FOR-US: Cholod
CVE-2006-1395 (SQL injection vulnerability in mb.cgi in Cholod MySQL Based Message ...)
	NOT-FOR-US: Cholod
CVE-2006-1394 (Multiple cross-site scripting (XSS) vulnerabilities in the Microsoft ...)
	NOT-FOR-US: Pubcookie
CVE-2006-1393 (Multiple cross-site scripting (XSS) vulnerabilities in the ...)
	NOT-FOR-US: Pubcookie
CVE-2006-1392 (Multiple cross-site scripting (XSS) vulnerabilities in index.cgi in ...)
	NOT-FOR-US: Pubcookie
CVE-2006-1391 (The (a) Quick 'n Easy Web Server before 3.1.1 and (b) Baby ASP Web ...)
	NOT-FOR-US: Quick 'n Easy/Baby Web Server
CVE-2006-1390 (The configuration of NetHack 3.4.3-r1 and earlier, Falcon's Eye 1.9.4a ...)
	NOT-FOR-US: Shortcoming of Gentoo-specific games packaging
CVE-2006-1389 (Unspecified vulnerability in swagentd in HP-UX B.11.00, B.11.04, and ...)
	NOT-FOR-US: HP-UX
CVE-2006-1388 (Unspecified vulnerability in Microsoft Internet Explorer 6.0 allows ...)
	NOT-FOR-US: Internet Explorer
CVE-2006-1387 (TWiki 4.0, 4.0.1, and 20010901 through 20040904 allows remote ...)
	- twiki 1:4.0.4-3 (bug #367973)
CVE-2006-1386 (The (1) rdiff and (2) preview scripts in TWiki 4.0 and 4.0.1 ignore ...)
	- twiki <not-affected> (only affects 4.0.0 - 4.1.0, version in Debian too young)
CVE-2006-1385 (Stack-based buffer overflow in the parseTaggedData function in ...)
	NOT-FOR-US: Cisco
CVE-2006-1384 (Cross-site scripting (XSS) vulnerability in apwc_win_main.jsp in the ...)
	NOT-FOR-US: IBM Tivoli Business Systems Manager
CVE-2006-1383 (Directory traversal vulnerability in Baby FTP Server (BabyFTP) 1.24 ...)
	NOT-FOR-US: Baby FTP Server
CVE-2006-1382 (PHP remote file inclusion vulnerability in impex/ImpExData.php in ...)
	NOT-FOR-US: vBulletin
CVE-2006-1381 (Trend Micro OfficeScan 5.5, and probably other versions before 6.5, ...)
	NOT-FOR-US: Trend Micro
CVE-2006-1380 (ISNTSmtp directory in Trend Micro InterScan Messaging Security Suite ...)
	NOT-FOR-US: Trend Micro
CVE-2006-1379 (Trend Micro PC-cillin Internet Security 2006 14.00.1485 and ...)
	NOT-FOR-US: Trend Micro
CVE-2003-1300 (Baby FTP Server (BabyFTP) 1.2, and possibly other versions before May ...)
	NOT-FOR-US: Baby FTP Server
CVE-2003-1299 (Directory traversal vulnerability in Baby FTP Server 1.2, and possibly ...)
	NOT-FOR-US: Baby FTP Server
CVE-2002-2209 (Unspecified &quot;security vulnerability&quot; in Baby FTP Server versions ...)
	NOT-FOR-US: Baby FTP Server
CVE-2006-1378 (PasswordSafe 3.0 beta, when running on Windows before XP, uses a weak ...)
	NOT-FOR-US: PasswordSafe
CVE-2006-1377 (Cross-site scripting (XSS) vulnerability in img.php in (1) EasyMoblog ...)
	NOT-FOR-US: EasyMoblog
CVE-2006-1376 (The installation of Debian GNU/Linux 3.1r1 from the network install CD ...)
	[sarge] - shadow 1:4.0.3-31sarge8
	[sarge] - base-config <not-affected>
	NOTE: The installer is fixed separately, but the postinst of the shadow update
	NOTE: corrects permissions of a faulty install
	- shadow 1:4.0.14-9 (bug #358210; bug #356939)
	- base-config 2.68 (bug #254068; low)
CVE-2006-1375 (AdMan 1.0.20051221 and earlier allows remote attackers to obtain the ...)
	NOT-FOR-US: AdMan
CVE-2006-1374 (SQL injection vulnerability in viewStatement.php in AdMan 1.0.20051221 ...)
	NOT-FOR-US: AdMan
CVE-2006-1373 (Cross-site scripting (XSS) vulnerability in status_image.php in PHP ...)
	NOT-FOR-US: PHP Live!
CVE-2006-1372 (Multiple SQL injection vulnerabilities in 1WebCalendar 4.0 and earlier ...)
	NOT-FOR-US: 1WebCalendar
CVE-2006-1371 (Laurentiu Matei eXpandable Home Page (XHP) CMS 0.5 and earlier allows ...)
	NOT-FOR-US: Laurentiu Matei eXpandable Home Page
CVE-2006-1370 (Buffer overflow in RealNetworks RealPlayer 10.5 6.0.12.1040 through ...)
	NOT-FOR-US: Real Player, according to Real Helix not affected
CVE-2006-1369 (Cross-site scripting (XSS) vulnerability in Invision Power Board (IPB) ...)
	NOT-FOR-US: Invision Power Board
CVE-2006-1368 (Buffer overflow in the USB Gadget RNDIS implementation in the Linux ...)
	{DSA-1103 DSA-1097-1}
	- linux-2.6 2.6.16-1
CVE-2006-1367 (The Motorola PEBL U6 08.83.76R, the Motorola V600, and possibly the ...)
	NOT-FOR-US: Motorola hardware
CVE-2006-1366 (Buffer overflow in the Motorola PEBL U6 08.83.76R, and possibly other ...)
	NOT-FOR-US: Motorola hardware
CVE-2006-1365 (The Motorola PEBL U6, the Motorola V600, and possibly the Motorola ...)
	NOT-FOR-US: Motorola hardware
CVE-2006-1364 (Microsoft w3wp (aka w3wp.exe) does not properly handle when the ...)
	NOT-FOR-US: Microsoft
CVE-2006-1363 (images.php in Justin White (aka YTZ) Free Web Publishing System ...)
	NOT-FOR-US: Justin White (aka YTZ) Free Web Publishing System
CVE-2006-1362 (Multiple SQL injection vulnerabilities in Mini-Nuke CMS System 1.8.2 ...)
	NOT-FOR-US: Mini-Nuke
CVE-2006-1361 (Cross-site scripting (XSS) vulnerability in OSWiki before 0.3.1 allows ...)
	NOT-FOR-US: OSWiki
CVE-2006-1360 (Multiple SQL injection vulnerabilities in MusicBox 2.3 Beta 2 allow ...)
	NOT-FOR-US: MusicBox
CVE-2006-1359 (Microsoft Internet Explorer 6 and 7 Beta 2 allows remote attackers to ...)
	NOT-FOR-US: Microsoft
CVE-2006-1358 (Unspecified vulnerability in BEA WebLogic Portal 8.1 up to SP5 causes ...)
	NOT-FOR-US: BEA WebLogic
CVE-2006-1357 (Cross-site scripting (XSS) vulnerability in my.support.php3 in F5 ...)
	NOT-FOR-US: F5 Firepass 4100 SSL VPN
CVE-2006-1356 (Stack-based buffer overflow in the count_vcards function in LibVC 3, ...)
	- libvc 003-4
CVE-2006-1355 (avast! Antivirus 4.6.763 and earlier sets &quot;BUILTIN\Everyone&quot; ...)
	NOT-FOR-US: avast AV
CVE-2006-1354 (Unspecified vulnerability in FreeRADIUS 1.0.0 up to 1.1.0 allows ...)
	{DSA-1089-1}
	- freeradius 1.1.0-1.2 (bug #359042; high)
CVE-2006-1353 (Multiple SQL injection vulnerabilities in ASPPortal 3.1.1 and earlier ...)
	NOT-FOR-US: ASPPortal
CVE-2006-1352 (BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, 7.0 SP6 ...)
	NOT-FOR-US: BEA WebLogic
CVE-2006-1351 (BEA WebLogic Server 6.1 SP7 and earlier allows remote ...)
	NOT-FOR-US: BEA WebLogic
CVE-2006-1350 (PHP remote file include vulnerability in index.php in 99Articles.com ...)
	NOT-FOR-US: 99Articles.com
CVE-2006-1349 (Multiple cross-site scripting (XSS) vulnerabilities in Musicbox 2.3 ...)
	NOT-FOR-US: MusicBox
CVE-2006-1348 (Cross-site scripting (XSS) vulnerability in index.php in Greg ...)
	NOT-FOR-US: Greg Neustaetter gCards
CVE-2006-1347 (SQL injection vulnerability in loginfunction.php in Greg Neustaetter ...)
	NOT-FOR-US: Greg Neustaetter gCards
CVE-2006-1346 (Directory traversal vulnerability in inc/setLang.php in Greg ...)
	NOT-FOR-US: Greg Neustaetter gCards
CVE-2006-1345 (polls.php in MyBB (aka MyBulletinBoard) 1.10 allows remote attackers ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2006-1344 (Cross-site scripting (XSS) vulnerability in VeriSign haydn.exe, as ...)
	NOT-FOR-US: VeriSign haydn.exe
CVE-2006-1343 (net/ipv4/netfilter/ip_conntrack_core.c in Linux kernel 2.4 and 2.6, ...)
	{DSA-1097-1}
	- linux-2.6 2.6.16-15
CVE-2006-1342 (net/ipv4/af_inet.c in Linux kernel 2.4 does not clear ...)
	- linux-2.6 <not-affected> (Only affects 2.4 kernels)
CVE-2003-1298 (Multiple directory traversal vulnerabilities in siteman.php3 in ...)
	NOT-FOR-US: Veritas Backup
CVE-2000-1240 (Unspecified vulnerability in siteman.php3 in AnyPortal(php) before 22 ...)
	NOT-FOR-US: AnyPortal
CVE-2006-1341 (SQL injection vulnerability in events.php in Maian Events 1.0 allows ...)
	NOT-FOR-US: Maian Events
CVE-2006-1340 (CuteNews 1.4.1 and possibly other versions allows remote attackers to ...)
	NOT-FOR-US: CuteNews
CVE-2006-1339 (Directory traversal vulnerability in inc/functions.inc.php in CuteNews ...)
	NOT-FOR-US: CuteNews
CVE-2006-1338 (Webmail in MailEnable Professional Edition before 1.73 and Enterprise ...)
	NOT-FOR-US: MailEnable
CVE-2006-1337 (Buffer overflow in the POP 3 (POP3) service in MailEnable Standard ...)
	NOT-FOR-US: MailEnable
CVE-2006-1336 (Cross-site scripting vulnerability in calendar.php in ExtCalendar 1.0 ...)
	NOT-FOR-US: ExtCalendar
CVE-2006-1335 (gnome screensaver before 2.14, when running on an X server with ...)
	- gnome-screensaver 2.14.1-1 (bug #357885)
CVE-2006-1334 (Multiple SQL injection vulnerabilities in Maian Weblog 2.0 allow ...)
	NOT-FOR-US: Maian Weblog
CVE-2006-1333 (Multpile SQL injection vulnerabilities in BetaParticle Blog 6.0 and ...)
	NOT-FOR-US: BetaParticle Blog
CVE-2006-1332 (Noah's Classifieds 1.3 and earlier allows remote attackers to obtain ...)
	NOT-FOR-US: Noah's Classifieds
CVE-2006-1331 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...)
	NOT-FOR-US: Noah's Classifieds
CVE-2006-1330 (Multiple SQL injection vulnerabilities in phpWebsite 0.83 and earlier ...)
	NOT-FOR-US: phpWebsite
CVE-2006-1329 (The SASL negotiation in Jabber Studio jabberd before 2.0s11 allows ...)
	- jabberd2 2.0s11-1 (bug #357874)
CVE-2006-1328 (SQL injection vulnerability in count.php in Skull-Splitter PHP ...)
	NOT-FOR-US: Skull-Splitter PHP
CVE-2006-1327 (SQL injection vulnerability in reg.php in SoftBB 0.1 allows remote ...)
	NOT-FOR-US: SoftBB
CVE-2006-1326 (Multiple cross-site scripting (XSS) vulnerabilities in Invision Power ...)
	NOT-FOR-US: Invision Power Board
CVE-2006-1325 (Cross-site scripting (XSS) vulnerability in Streber 0.055 allows ...)
	NOT-FOR-US: Streber
CVE-2006-1324 (Cross-site scripting (XSS) vulnerability in acp/lib/class_db_mysql.php ...)
	NOT-FOR-US: Woltlab Burning Board
CVE-2006-1323 (Directory traversal vulnerability in WinHKI 1.6 and earlier allows ...)
	NOT-FOR-US: WinHKI
CVE-2006-1322 (Novell Netware NWFTPD 5.06.05 allows remote attackers to cause a ...)
	NOT-FOR-US: Netware
CVE-2006-1318
	RESERVED
CVE-2006-1317
	RESERVED
CVE-2006-1316 (Unspecified vulnerability in Microsoft Office 2003 SP1 and SP2, Office ...)
	NOT-FOR-US: Microsoft
CVE-2006-1315 (The Server Service (SRV.SYS driver) in Microsoft Windows 2000 SP4, XP ...)
	NOT-FOR-US: Microsoft
CVE-2006-1314 (Heap-based buffer overflow in the Server Service (SRV.SYS driver) in ...)
	NOT-FOR-US: Microsoft
CVE-2006-1313 (Microsoft JScript 5.1, 5.5, and 5.6 on Windows 2000 SP4, and 5.6 on ...)
	NOT-FOR-US: Microsoft JScript
CVE-2006-1312
	RESERVED
CVE-2006-1311 (The RichEdit component in Microsoft Windows 2000 SP4, XP SP2, and 2003 SP1; ...)
	NOT-FOR-US: Microsoft
CVE-2006-1310
	RESERVED
CVE-2006-1309 (Microsoft Excel 2000 through 2004 allows user-assisted attackers to ...)
	NOT-FOR-US: Microsoft
CVE-2006-1308 (Unspecified vulnerability in Microsoft Excel 2000 through 2004 allows ...)
	NOT-FOR-US: Microsoft
CVE-2006-1307
	RESERVED
CVE-2006-1306 (Microsoft Excel 2000 through 2004 allows user-assisted attackers to ...)
	NOT-FOR-US: Microsoft
CVE-2006-1305 (Microsoft Outlook 2000, 2002, and 2003 allows user-assisted remote ...)
	NOT-FOR-US: Microsoft
CVE-2006-1304 (Buffer overflow in Microsoft Excel 2000 through 2003 allows ...)
	NOT-FOR-US: Microsoft
CVE-2006-1303 (Multiple unspecified vulnerabilities in Microsoft Internet Explorer ...)
	NOT-FOR-US: Microsoft
CVE-2006-1302 (Buffer overflow in Microsoft Excel 2000 through 2003 allows ...)
	NOT-FOR-US: Microsoft
CVE-2006-1301 (Microsoft Excel 2000 through 2004 allows user-assisted attackers to ...)
	NOT-FOR-US: Microsoft
CVE-2006-1300 (Microsoft .NET framework 2.0 (ASP.NET) in Microsoft Windows 2000 SP4, ...)
	NOT-FOR-US: Microsoft
CVE-2006-1299
	RESERVED
CVE-2006-1298 (Format string vulnerability in the Job Engine service (bengine.exe) in ...)
	NOT-FOR-US: Veritas Backup
CVE-2006-1297 (Unspecified vulnerability in Veritas Backup Exec for Windows Server ...)
	NOT-FOR-US: Veritas Backup
CVE-2006-1296 (Untrusted search path vulnerability in Beagle 0.2.2.1 might allow ...)
	- beagle 0.2.3-1 (bug #357392; low)
CVE-2006-1295 (Cross-site scripting (XSS) vulnerability in recherche.php3 in SPIP ...)
	NOT-FOR-US: SPIP
CVE-2006-1294 (PHP remote file include vulnerability in PageController.php in ...)
	NOT-FOR-US: KnowledgebasePublisher
CVE-2006-1293 (Cross-site scripting (XSS) vulnerability in index.php in Contrexx CMS ...)
	NOT-FOR-US: Contrexx
CVE-2006-1292 (Directory traversal vulnerability in Jim Hu and Chad Little PHP ...)
	NOT-FOR-US: Jim Hu and Chad Little PHP iCalendar
CVE-2006-1291 (publish.ical.php in Jim Hu and Chad Little PHP iCalendar 2.21 and ...)
	NOT-FOR-US: Jim Hu and Chad Little PHP iCalendar
CVE-2006-1290 (Multiple cross-site scripting (XSS) vulnerabilities in Milkeyway ...)
	NOT-FOR-US: Milkeyway Captive Portal
CVE-2006-1289 (Multiple SQL injection vulnerabilities in Milkeyway Captive Portal 0.1 ...)
	NOT-FOR-US: Milkeyway Captive Portal
CVE-2006-1288 (Multiple SQL injection vulnerabilities in Invision Power Board (IPB) ...)
	NOT-FOR-US: Invision Power Board
CVE-2006-1287 (Cross-site scripting (XSS) vulnerability in Invision Power Board (IPB) ...)
	NOT-FOR-US: Invision Power Board
CVE-2006-1286 (Buffer overflow in the login dialog in dbisqlc.exe in SQLAnywhere for ...)
	NOT-FOR-US: Symantec Ghost
CVE-2006-1285 (SQLAnywhere in Symantec Ghost 8.0 and 8.2, as used in Symantec Ghost ...)
	NOT-FOR-US: Symantec Ghost
CVE-2006-1284 (The installation of SQLAnywhere in Symantec Ghost 8.0 and 8.2, as used ...)
	NOT-FOR-US: Symantec Ghost
CVE-2006-1283 (opiepasswd in One-Time Passwords in Everything (OPIE) in FreeBSD ...)
	- libpam-opie <not-affected> (FreeBSD specific vulnerability)
CVE-2006-1282 (CRLF injection vulnerability in inc/function.php in MyBulletinBoard ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2006-1281 (Cross-site scripting (XSS) vulnerability in member.php in ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2006-1280 (CGI::Session 4.03-1 does not set proper permissions on temporary files ...)
	- libcgi-session-perl 4.07-1 (low; bug #356555)
	[sarge] - libcgi-session-perl <no-dsa> (Minor issues)
CVE-2006-1279 (CGI::Session 4.03-1 allows local users to overwrite arbitrary files ...)
	- libcgi-session-perl 4.11-1 (low; bug #356555)
	[sarge] - libcgi-session-perl <no-dsa> (Minor issues)
CVE-2006-1278 (SQL injection vulnerability in @1 File Store 2006.03.07 allows remote ...)
	NOT-FOR-US: @1 File Store
CVE-2006-1277 (Cross-site scripting (XSS) vulnerability in signup.php in @1 File ...)
	NOT-FOR-US: @1 File Store
CVE-2006-1276 (admin.php in Himpfen Consulting Company PHP SimpleNEWS 1.0.0 allows ...)
	NOT-FOR-US: PHP SimpleNEWS
CVE-2006-1275 (GGZ Gaming Zone 0.0.12 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: GGZ Gaming Zone
CVE-2006-1274 (Classic Planer in AntiVir PersonalEdition Classic 7 does not drop ...)
	NOT-FOR-US: Antivir
CVE-2006-1273 (** DISPUTED ** ...)
	NOT-FOR-US: Reportedly problem with a firefox addon
CVE-2006-1272 (Multiple cross-site scripting (XSS) vulnerabilities in member.php in ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2006-1271 (SQL injection vulnerability in index.php in OxyNews allows remote ...)
	NOT-FOR-US: OxyNews
CVE-2006-1270 (Multiple cross-site scripting (XSS) vulnerabilities in zones.php in ...)
	NOT-FOR-US: Inprotect
CVE-2006-1269 (Buffer overflow in the parse function in parse.c in zoo 2.10 might ...)
	- zoo 2.10-18 (bug #367858; low)
	[sarge] - zoo <no-dsa> (Attack vector very far-fetched, hardly exploitable)
CVE-2006-1268 (The Internet Key Exchange implementation in Funkwerk X2300 7.2.1 ...)
	NOT-FOR-US: Funkwerk X2300
CVE-2006-1267 (Invision Power Board 2.1.4 allows remote attackers to hijack sessions ...)
	NOT-FOR-US: Invision Power Board
CVE-2006-1266 (Cross-site scripting (XSS) vulnerability in Service_Requests.asp in ...)
	NOT-FOR-US: VPMi Enterprise
CVE-2006-1265 (SQL injection vulnerability in discussion.class.php in xhawk.net ...)
	NOT-FOR-US: xhawk.net discussion
CVE-2006-1264 (Cross-site scripting (XSS) vulnerability in xhawk.net discussion 2.0 ...)
	NOT-FOR-US: xhawk.net discussion
CVE-2006-1263 (Multiple &quot;unannounced&quot; cross-site scripting (XSS) vulnerabilities in ...)
	- wordpress 2.0.2-1
CVE-2006-1262 (Multiple SQL injection vulnerabilities in ASPPortal 3.00 have unknown ...)
	NOT-FOR-US: ASPPortal
CVE-2006-1261 (Multiple cross-site scripting (XSS) vulnerabilities in ASPPortal 3.00 ...)
	NOT-FOR-US: ASPPortal
CVE-2006-1260 (Horde Application Framework 3.0.9 allows remote attackers to read ...)
	{DSA-1034-1 DSA-1033-1}
	- horde3 3.1-1 (bug #358812)
CVE-2006-1259 (Multiple SQL injection vulnerabilities in Maian Support 1.0 allow ...)
	NOT-FOR-US: Maian Support
CVE-2006-1258 (Cross-site scripting (XSS) vulnerability in phpMyAdmin 2.8.0.1 allows ...)
	- phpmyadmin 4:2.8.0.2-2 (bug #382228)
	[sarge] - phpmyadmin <not-affected> (Vulnerable code not present)
CVE-2006-1257 (The sample files in the authfiles directory in Microsoft Commerce ...)
	NOT-FOR-US: Microsoft
CVE-2006-1256 (Cross-site scripting (XSS) vulnerability in guestbook.php in Soren ...)
	NOT-FOR-US: Soren Boysen (SkullSplitter) PHP Guestbook
CVE-2006-1255 (Stack-based buffer overflow in the IMAP service in Mercur Messaging ...)
	NOT-FOR-US: Mercur Messaging
CVE-2006-1254 (Unspecified vulnerability in BorderWare MXtreme 5.0 and 6.0 allows ...)
	NOT-FOR-US: BorderWare MXtreme
CVE-2006-1253 (Unspecified vulnerability in glFTPd before 2.01 RC5 allows remote ...)
	NOT-FOR-US: glFTPd
CVE-2006-1252 (Eval injection vulnerability in cal.php in Light Weight Calendar (LWC) ...)
	NOT-FOR-US: Light Weight Calendar
CVE-2006-1251 (Argument injection vulnerability in greylistclean.cron in sa-exim 4.2 ...)
	- sa-exim 4.2.1-1 (bug #345071; bug #356301)
CVE-2006-1250 (Unspecified vulnerability in the Webmail module in Winmail before 4.3 ...)
	NOT-FOR-US: Winmail
CVE-2006-1249 (Integer overflow in Apple QuickTime Player 7.0.3 and 7.0.4 and iTunes ...)
	NOT-FOR-US: Apple Quicktime
CVE-2006-1248 (Unspecified vulnerability in usermod in HP-UX B.11.00, B.11.11, and ...)
	NOT-FOR-US: HP-UX
CVE-2006-1247 (rm_mlcache_file in bos.rte.install in AIX 5.1.0 through 5.3.0 allows ...)
	NOT-FOR-US: AIX
CVE-2006-1246 (Unspecified vulnerability in mklvcopy in BOS.RTE.LVM in IBM AIX 5.3 ...)
	NOT-FOR-US: AIX
CVE-2006-1245 (Buffer overflow in mshtml.dll in Microsoft Internet Explorer ...)
	NOT-FOR-US: Microsoft
CVE-2005-4743 (Multiple SQL injection vulnerabilities in index.php in NeLogic Nephp ...)
	NOT-FOR-US: NeLogic Nephp Publisher
CVE-2005-4742 (Unspecified vulnerability in Echelog 0.6.2 allows attackers to ...)
	NOT-FOR-US: Echelog
CVE-2005-4741 (NetBSD 1.6, NetBSD 2.0 through 2.1, and NetBSD-current before 20051031 ...)
	NOT-FOR-US: NetBSD
CVE-2005-4740 (IBM DB2 Universal Database (UDB) 810 before version 8 FixPak 10 allows ...)
	NOT-FOR-US: IBM DB2
CVE-2005-4739 (IBM DB2 Universal Database (UDB) 820 before version 8 FixPak 10 ...)
	NOT-FOR-US: IBM DB2
CVE-2005-4738 (IBM DB2 Universal Database (UDB) 810 before ESE AIX 5765F4100 does not ...)
	NOT-FOR-US: IBM DB2
CVE-2005-4737 (IBM DB2 Universal Database (UDB) 820 before ESE AIX 5765F4100 allows ...)
	NOT-FOR-US: IBM DB2
CVE-2005-4736 (IBM DB2 Universal Database (UDB) 820 before 8.2 FP10 allows remote ...)
	NOT-FOR-US: IBM DB2
CVE-2005-4735 (IBM DB2 Universal Database (UDB) 810 before 8.1 FP10 allows remote ...)
	NOT-FOR-US: IBM DB2
CVE-2005-4734 (Stack-based buffer overflow in IISWebAgentIF.dll in RSA Authentication ...)
	NOT-FOR-US: RSA Authentication Agent for Web
CVE-2005-4733 (NetBSD 2.0 before 20050316 and NetBSD-current before 20050112 allow ...)
	NOT-FOR-US: NetBSD
CVE-2005-4732 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...)
	NOT-FOR-US: TuxBank
CVE-2003-1297 (Easy File Sharing (EFS) Web Server 1.2 stores the (1) option.ini (aka ...)
	NOT-FOR-US: Easy File Sharing (EFS) Web Server
CVE-2003-1296 (Easy File Sharing (EFS) Web Server 1.2 allows remote authenticated ...)
	NOT-FOR-US: Easy File Sharing (EFS) Web Server
CVE-2005-XXXX [xsupplicant information leak]
	- xsupplicant 1.0.1-5 (bug #317703; low)
CVE-2006-1244 (Unspecified vulnerability in certain versions of xpdf after 3.00, as ...)
	{DSA-1019-1 DSA-982-1}
	- xpdf <not-affected> (All issues previously fixed)
	NOTE: Discussion has shown that the revamp patch doesn't fix new vulnerabilities
	- gpdf 2.10.0-3
CVE-2006-1243 (Directory traversal vulnerability in install05.php in Simple PHP Blog ...)
	NOT-FOR-US: Simple PHP Blog
CVE-2006-1242 (The ip_push_pending_frames function in Linux 2.4.x and 2.6.x before ...)
	{DSA-1103 DSA-1097-1}
	- linux-2.6 2.6.16-4
CVE-2006-1241 (Firebird 1.5.2.4731 installs (1) fb_lock_mgr, (2) gds_drop, and (3) ...)
	- firebird2 <not-affected> (Not setuid in Debian)
CVE-2006-1240 (Buffer overflow in inet_server.cpp in (1) fb_inet_server and (2) ...)
	- firebird2 <not-affected> (Not setuid in Debian)
CVE-2006-1239 (Cross-site scripting (XSS) vulnerability in issue/createissue.aspx in ...)
	NOT-FOR-US: Gemini
CVE-2006-1238 (SQL injection vulnerability in DSLogin 1.0, with magic_quotes_gpc ...)
	NOT-FOR-US: DSLogin
CVE-2006-1237 (Multiple SQL injection vulnerabilities in DSNewsletter 1.0, with ...)
	NOT-FOR-US: DSNewsletter
CVE-2005-4731 (The Next action in PEAR HTML_QuickForm_Controller 1.0.4 includes the ...)
	NOT-FOR-US: PEAR HTML_QuickForm_Controller
CVE-2000-1239 (The HTTP interface of Tivoli Lightweight Client Framework (LCF) in IBM ...)
	NOT-FOR-US: Tivoli
CVE-2006-1236 (Buffer overflow in the SetUp function in socket/request.c in CrossFire ...)
	{DSA-1010-1 DSA-1009-1}
	- crossfire 1.9.0-2 (medium)
CVE-2006-1235 (Directory traversal vulnerability in admin/deleteuser.php in HitHost ...)
	NOT-FOR-US: HitHost
CVE-2006-1234 (SQL injection vulnerability in index.php in DSCounter 1.2, with ...)
	NOT-FOR-US: DSCounter
CVE-2006-1233 (Multiple cross-site scripting (XSS) vulnerabilities in WMNews allow ...)
	NOT-FOR-US: WMNews
CVE-2006-1232 (Multiple SQL injection vulnerabilities in DSDownload 1.0, with ...)
	NOT-FOR-US: DSDownload
CVE-2006-1231 (CAPI4HylaFAX 1.3, when compiled with GENERATE_DEBUGSFFDATAFILE set, ...)
	- capi4hylafax <not-affected> (Affected DEFINE not defined)
CVE-2006-1230 (Multiple cross-site scripting (XSS) vulnerabilities in create.php in ...)
	NOT-FOR-US: vCard
CVE-2006-1229 (SQL injection vulnerability in search.asp in Hosting Controller 6.1 ...)
	NOT-FOR-US: Hosting Controller
CVE-2006-1228 (Session fixation vulnerability in Drupal 4.5.x before 4.5.8 and 4.6.x ...)
	{DSA-1007-1}
	- drupal 4.5.8-1
CVE-2006-1227 (Drupal 4.5.x before 4.5.8 and 4.6.x before 4.5.8, when menu.module is ...)
	{DSA-1007-1}
	- drupal 4.5.8-1
CVE-2006-1226 (Cross-site scripting (XSS) vulnerability in Drupal 4.5.x before 4.5.8 ...)
	{DSA-1007-1}
	- drupal 4.5.8-1
CVE-2006-1225 (CRLF injection vulnerability in Drupal 4.5.x before 4.5.8 and 4.6.x ...)
	{DSA-1007-1}
	- drupal 4.5.8-1
CVE-2006-1224 (Directory traversal vulnerability in dwnld.php in GuppY 4.5.11 allows ...)
	NOT-FOR-US: GuppY
CVE-2006-1223 (Cross-site scripting (XSS) vulnerability in Jupiter Content Manager ...)
	NOT-FOR-US: Jupiter Content Manager
CVE-2006-1222 (Multiple cross-site scripting (XSS) vulnerabilities in zeroboard 4.1 ...)
	NOT-FOR-US: zeroboard
CVE-2006-1221 (Untrusted search path vulnerability in the TrueVector service ...)
	NOT-FOR-US: TrueVector
CVE-2005-4730 (Unspecified vulnerability in PEAR Text_Password 1.0 has unknown impact ...)
	NOT-FOR-US: Not included in php-pear or php4-pear
CVE-2006-XXXX [Insufficient filename sanitising in darcsweb]
	- darcsweb 0.15-1
CVE-2006-1220 (Integer overflow in the mach_msg_send function in the kernel for Mac ...)
	NOT-FOR-US: MacOS X
CVE-2006-1219 (Directory traversal vulnerability in Gallery 2.0.3 and earlier, and ...)
	- gallery2 2.0.4-1
CVE-2006-1218 (Unspecified vulnerability in the HTTP proxy in Novell BorderManager ...)
	NOT-FOR-US: Novell BorderManager
CVE-2006-1217 (SQL injection vulnerability in DSPoll 1.1 allows remote attackers to ...)
	NOT-FOR-US: DSPoll
CVE-2006-1216 (Cross-site scripting (XSS) vulnerability in bigshow.php in Runcms 1.x ...)
	NOT-FOR-US: Runcms
CVE-2006-1215 (Cross-site scripting (XSS) vulnerability in misc.php in Woltlab ...)
	NOT-FOR-US: Woltlab BB
CVE-2006-1214 (UnrealIRCd 3.2.3 allows remote attackers to cause an unspecified ...)
	NOT-FOR-US: UnrealIRCd
CVE-2006-1213 (JiRo's Banner System Experience and Professional 1.0 and earlier ...)
	NOT-FOR-US: JiRo's Banner System Experience and Professional
CVE-2006-1212 (Unspecified vulnerability in index.php in Core CoreNews 2.0.1 allows ...)
	NOT-FOR-US: CoreNews
CVE-2006-1211 (IBM Tivoli Micromuse Netcool/NeuSecure 3.0.236 configures a MySQL ...)
	NOT-FOR-US: Tivoli
CVE-2006-1210 (The web interface for IBM Tivoli Micromuse Netcool/NeuSecure 3.0.236 ...)
	NOT-FOR-US: Tivoli
CVE-2006-1209 (PHP Advanced Transfer Manager 1.00 through 1.30 stores sensitive ...)
	NOT-FOR-US: PHP Advanced Transfer Manager
CVE-2006-1208 (Sergey Korostel PHP Upload Center allows remote attackers to execute ...)
	NOT-FOR-US: Sergey Korostel PHP Upload Center
CVE-2006-1207 (PHP Upload Center stores password hashes under the web root with ...)
	NOT-FOR-US: PHP Upload Center
CVE-2006-1206 (Matt Johnston Dropbear SSH server 0.47 and earlier, as used in ...)
	- dropbear <unfixed> (unimportant)
	NOTE: By design to protect against DoSing the complete machine, future versions
	NOTE: will mitigate by introducing per-IP limits
CVE-2006-1205 (Multiple cross-site scripting (XSS) vulnerabilities in myWebland ...)
	NOT-FOR-US: myBloggie
CVE-2006-1204 (Multiple cross-site scripting (XSS) vulnerabilities in txtForum ...)
	NOT-FOR-US: txtForum
CVE-2006-1203 (PHP remote file include vulnerability in common.php in txtForum ...)
	NOT-FOR-US: txtForum
CVE-2006-1202 (Multiple cross-site scripting (XSS) vulnerabilities in textfileBB 1.0 ...)
	NOT-FOR-US: textfileBB
CVE-2006-1201 (Directory traversal vulnerability in resetpw.php in eschew.net ...)
	NOT-FOR-US: phpBannerExchange
CVE-2006-1200 (Direct static code injection vulnerability in add_link.txt in daverave ...)
	NOT-FOR-US: daverave Link Bank
CVE-2006-1199 (Cross-site scripting (XSS) vulnerability in iframe.php in daverave ...)
	NOT-FOR-US: daverave Link Bank
CVE-2006-1198 (Comvigo IM Lock 2006 uses a simple substitution cipher to encrypt a ...)
	NOT-FOR-US: Comvigo IM Lock
CVE-2006-1197 (SafeDisc installs the driver service for the secdrv.sys driver with ...)
	NOT-FOR-US: SafeDisc
CVE-2006-1196 (Multiple cross-site scripting (XSS) vulnerabilities in QwikiWiki 1.5 ...)
	NOT-FOR-US: QwikiWiki
CVE-2006-1195 (The enet_protocol_handle_send_fragment function in protocol.c for ENet ...)
	NOT-FOR-US: Enet lib (Cube, Sauerbraten)
CVE-2006-1194 (Integer signedness error in the enet_protocol_handle_incoming_commands ...)
	NOT-FOR-US: Enet lib (Cube, Sauerbraten)
CVE-2006-1193 (Cross-site scripting (XSS) vulnerability in Microsoft Exchange Server ...)
	NOT-FOR-US: Microsoft Exchange Server
CVE-2006-1192 (Microsoft Internet Explorer 5.01 through 6 allows remote attackers to ...)
	NOT-FOR-US: Microsoft
CVE-2006-1191 (Microsoft Internet Explorer 5.01 through 6 does not always correctly ...)
	NOT-FOR-US: Microsoft
CVE-2006-1190 (Microsoft Internet Explorer 5.01 through 6 does not always return the ...)
	NOT-FOR-US: Microsoft
CVE-2006-1189 (Buffer overflow in URLMON.DLL in Microsoft Internet Explorer 5.01 ...)
	NOT-FOR-US: Microsoft
CVE-2006-1188 (Microsoft Internet Explorer 5.01 through 6 allows remote attackers to ...)
	NOT-FOR-US: Microsoft
CVE-2006-1187
	RESERVED
CVE-2006-1186 (Microsoft Internet Explorer 5.01 through 6 allows remote attackers to ...)
	NOT-FOR-US: Microsoft
CVE-2006-1185 (Unspecified vulnerability in Microsoft Internet Explorer 5.01 through ...)
	NOT-FOR-US: Microsoft
CVE-2006-1184 (Microsoft Distributed Transaction Coordinator (MSDTC) for Windows NT ...)
	NOT-FOR-US: Microsoft
CVE-2006-1183 (The Ubuntu 5.10 installer does not properly clear passwords from the ...)
	- base-config <not-affected> (UBuntu specific)
	- shadow <not-affected> (UBuntu specific)
CVE-2006-1182 (Adobe Graphics Server 2.0 and 2.1 (formerly AlterCast) and Adobe ...)
	NOT-FOR-US: Adobe Graphics Server
CVE-2006-1181
	RESERVED
CVE-2006-1180
	RESERVED
CVE-2006-1179
	RESERVED
CVE-2006-1178 (Tamarack MMSd before 7.992 allows remote attackers to cause a denial ...)
	NOT-FOR-US: Tamarack MMSd
CVE-2006-1177
	RESERVED
CVE-2006-1176 (Buffer overflow in eBay Enhanced Picture Services (aka EPUImageControl ...)
	NOT-FOR-US: eBay Enhanced Picture Services
CVE-2006-1175 (The WeOnlyDo! SFTP (wodSFTP) ActiveX control is marked as safe for ...)
	NOT-FOR-US: WeOnlyDo! SFTP
CVE-2006-1174 (useradd in shadow-utils before 4.0.3, and possibly other versions ...)
	- shadow 1:4.0.15-10 (low)
	[sarge] - shadow <not-affected> (Vulnerable code was introduced later)
CVE-2006-1173 (Sendmail before 8.13.7 allows remote attackers to cause a denial of ...)
	{DSA-1155}
	- sendmail 8.13.7-1 (low; bug #373801)
CVE-2006-1172 (Stack-based buffer overflow in the createPKCS10 function in ...)
	NOT-FOR-US: ActiveX control
CVE-2006-1171
	RESERVED
CVE-2006-1170
	RESERVED
CVE-2006-1169
	RESERVED
CVE-2006-1168 (The decompress function in compress42.c in (1) ncompress 4.2.4 and (2) ...)
	{DSA-1149-1}
	- ncompress 4.2.4-16
CVE-2006-1167 (SGI ProPack 3 SP6 kernel displays the frame buffer contents of the ...)
	NOT-FOR-US: SGI
CVE-2006-1165 (Cross-site scripting (XSS) vulnerability in the mediamanager module in ...)
	- dokuwiki 0.0.20060309-3 (bug #357436)
CVE-2006-1164 (Nodez 4.6.1.1 and earlier stores sensitive data in the list.gtdat file ...)
	NOT-FOR-US: Nodez
CVE-2006-1163 (Cross-site scripting (XSS) vulnerability in Nodez 4.6.1.1 allows ...)
	NOT-FOR-US: Nodez
CVE-2006-1162 (Directory traversal vulnerability in Nodez 4.6.1.1 and earlier allows ...)
	NOT-FOR-US: Nodez
CVE-2006-1161 (Absolute path traversal vulnerability in Easy File Sharing (EFS) Web ...)
	NOT-FOR-US: Easy File Sharing (EFS) Web Server
CVE-2006-1160 (Cross-site scripting (XSS) vulnerability in Easy File Sharing (EFS) ...)
	NOT-FOR-US: Easy File Sharing (EFS) Web Server
CVE-2006-1159 (Format string vulnerability in Easy File Sharing (EFS) Web Server 3.2 ...)
	NOT-FOR-US: Easy File Sharing (EFS) Web Server
CVE-2006-1158 (Kerio MailServer before 6.1.3 Patch 1 allows remote attackers to cause ...)
	NOT-FOR-US: Kerio MailServer
CVE-2006-1157 (Cross-site scripting (XSS) vulnerability in Vz Scripts ADP Forum 2.0.3 ...)
	NOT-FOR-US: Vz Scripts ADP Forum
CVE-2006-1156 (SQL injection vulnerability in manas tungare Site Membership Script ...)
	NOT-FOR-US: manas tungare Site Membership Script
CVE-2006-1155 (Cross-site scripting (XSS) vulnerability in manas tungare Site ...)
	NOT-FOR-US: manas tungare Site Membership Script
CVE-2006-1154 (PHP remote file inclusion vulnerability in archive.php in Fantastic ...)
	NOT-FOR-US: Fantastic News
CVE-2006-1153 (SQL injection vulnerability in D2-Shoutbox 4.2 allows remote attackers ...)
	NOT-FOR-US: D2-Shoutbox
CVE-2006-1152 (PHP remote file inclusion vulnerability in index.php in M-Phorum 0.2 ...)
	NOT-FOR-US: M-Phorum
CVE-2006-1151 (Cross-site scripting vulnerability in index.php in M-Phorum 0.2 allows ...)
	NOT-FOR-US: M-Phorum
CVE-2006-1150 (Buffer overflow in Tenes Empanadas Graciela (TEG) 0.11.1, ...)
	- teg 0.11.1-3 (bug #357645; low)
	[sarge] - teg <no-dsa> (Only DoS against exotic, mostly single player game)
CVE-2006-1149 (PHP remote file inclusion vulnerability in lib/OWL_API.php in OWL ...)
	NOT-FOR-US: OWL Intranet Engine
CVE-2006-1148 (Multiple stack-based buffer overflows in the procConnectArgs function ...)
	- peercast 0.1217.toots.20060314-1
CVE-2006-1147 (The Com_sprintf function in q_shared.c in Alien Arena 2006 Gold ...)
	NOT-FOR-US: Alien Arena Gold
CVE-2006-1146 (Stack-based buffer overflow in the Cmd_Say_f function in g_cmds.c in ...)
	NOT-FOR-US: Alien Arena Gold
CVE-2006-1145 (Format string vulnerability in the safe_cprintf function in ...)
	NOT-FOR-US: Alien Arena Gold
CVE-2006-1144 (Cross-site scripting (XSS) vulnerability in HitHost 1.0.0 allows ...)
	NOT-FOR-US: Hit Host
CVE-2006-1143 (Cross-site scripting (XSS) vulnerability in FTPoed Blog Engine 1.1 ...)
	NOT-FOR-US: FTPoed Blog Engine
CVE-2006-1142 (Unspecified vulnerability in Ravenous Web Server before 0.7.1 allows ...)
	NOT-FOR-US: Ravenous Web Server
CVE-2006-1141 (Buffer overflow in qmailadmin.c in QmailAdmin before 1.2.10 allows ...)
	- qmailadmin <removed> (bug #357896; medium)
CVE-2006-1140 (SQL injection vulnerability in rss.php in RedBLoG 0.5 allows remote ...)
	NOT-FOR-US: RedBLoG
CVE-2006-1139 (Unspecified vulnerability in the ESS/ Network Controller in Xerox ...)
	NOT-FOR-US: Xerox CopyCentre
CVE-2006-1138 (Unspecified vulnerability in the web server code in Xerox CopyCentre ...)
	NOT-FOR-US: Xerox CopyCentre
CVE-2006-1137 (Multiple unspecified vulnerabilities in Xerox CopyCentre and Xerox ...)
	NOT-FOR-US: Xerox CopyCentre
CVE-2006-1136 (Buffer overflow in the PostScript file interpreter code for Xerox ...)
	NOT-FOR-US: Xerox CopyCentre
CVE-2006-1135 (Multiple cross-site scripting (XSS) vulnerabilities in sBlog 0.7.2 ...)
	NOT-FOR-US: sBlog
CVE-2006-1134 (SQL injection vulnerability in CyBoards PHP Lite 1.25, when ...)
	NOT-FOR-US: CyBoards
CVE-2006-1133 (Multiple cross-site scripting (XSS) vulnerabilities in vbzoom 1.11 ...)
	NOT-FOR-US: vbzoom
CVE-2006-1132 (SQL injection vulnerability in show.php in vbzoom 1.11 allow remote ...)
	NOT-FOR-US: vbzoom
CVE-2006-1131 (Cross-site scripting (XSS) vulnerability in read.php in bitweaver CMS ...)
	NOT-FOR-US: bitweaver
CVE-2006-1130 (Cross-site scripting (XSS) vulnerability in EKINboard 1.0.3 allows ...)
	NOT-FOR-US: EKINboard
CVE-2006-1129 (SQL injection vulnerability in config.php in EKINboard 1.0.3 allows ...)
	NOT-FOR-US: EKINboard
CVE-2005-4729 (SQL injection vulnerabilitiy in show.php in VBZooM Forum allows remote ...)
	NOT-FOR-US: VBZooM
CVE-2006-XXXX [Directory traversal issue in Namazu2]
	- namazu2 <not-affected> (Windows-specific issue)
CVE-2006-1166 (Monotone 0.25 and earlier, when a user creates a file in a directory ...)
	- monotone 0.26pre1-0.1 (low)
	[sarge] - monotone <no-dsa> (Only exploitable in very far-fetched situation)
	NOTE: Needs a case-insensitive file system (e.g. VFAT or Samba) on the client
	NOTE: and massive social engineering
CVE-2006-1128 (Directory traversal vulnerability in the session handling class ...)
	- gallery2 2.0.3
CVE-2006-1127 (Cross-site scripting (XSS) vulnerability in Gallery 2 up to 2.0.2 ...)
	- gallery2 2.0.3
CVE-2006-1126 (Gallery 2 up to 2.0.2 allows remote attackers to spoof their IP ...)
	- gallery2 2.0.3
CVE-2006-1125 (Grisoft AVG Free 7.1, and other versions including 7.0.308, sets ...)
	NOT-FOR-US: Grisoft AVG
CVE-2006-1124 (Buffer overflow in RevilloC MailServer and Proxy 1.21 allows remote ...)
	NOT-FOR-US: RevilloC MailServer and Proxy
CVE-2006-1123 (SQL injection vulnerability in D2KBlog 1.0.3 and earlier allows remote ...)
	NOT-FOR-US: D2KBlog
CVE-2006-1122 (Cross-site scripting (XSS) vulnerability in Default.asp in D2KBlog ...)
	NOT-FOR-US: D2KBlog
CVE-2006-1121 (Cross-site scripting (XSS) vulnerability in CuteNews 1.4.1 allows ...)
	NOT-FOR-US: CuteNews
CVE-2006-1120 (Multiple cross-site scripting (XSS) vulnerabilities in DCP-Portal ...)
	NOT-FOR-US: DCP-Portal
CVE-2006-1119 (fantastico in Cpanel does not properly handle when it has insufficient ...)
	NOT-FOR-US: Cpanel (PHP)
CVE-2006-1118 (SQL injection vulnerability in bmail before Aardvark PR9.1 allows ...)
	NOT-FOR-US: Aardvark
CVE-2006-1117 (nCipher firmware before V10, as used by (1) nShield, (2) nForce, (3) ...)
	NOT-FOR-US: nCipher
CVE-2006-1116 (The CBC-MAC integrity functions in the nCipher nCore API before 2.18 ...)
	NOT-FOR-US: nCipher
CVE-2006-1115 (nCipher HSM before 2.22.6, when generating a Diffie-Hellman ...)
	NOT-FOR-US: nCipher
CVE-2006-1114 (Multiple directory traversal vulnerabilities in Loudblog before 0.42 ...)
	NOT-FOR-US: Loudblog
CVE-2006-1113 (SQL injection vulnerability in podcast.php in Loudblog before 0.42 ...)
	NOT-FOR-US: Loudblog
CVE-2006-1112 (Aztek Forum 4.0 allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: Aztek Forum
CVE-2006-1111 (Aztek Forum 4.0 allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: Aztek Forum
CVE-2006-1110 (Cross-site scripting (XSS) vulnerability in Aztek Forum 4.0 allows ...)
	NOT-FOR-US: Aztek Forum
CVE-2006-1109 (SQL injection vulnerability in index.asp in Total Ecommerce 1.0 allows ...)
	NOT-FOR-US: Total Ecommerce
CVE-2006-1108 (SQL injection vulnerability in news.php in NMDeluxe before 1.0.1 ...)
	NOT-FOR-US: NMDeluxe
CVE-2006-1107 (Cross-site scripting (XSS) vulnerability in news.php in NMDeluxe ...)
	NOT-FOR-US: NMDeluxe
CVE-2006-1106 (Cross-site scripting (XSS) vulnerability in Pixelpost 1.5 beta 1 and ...)
	NOT-FOR-US: Pixelpost
CVE-2006-1105 (Pixelpost 1.5 beta 1 and earlier allows remote attackers to obtain ...)
	NOT-FOR-US: Pixelpost
CVE-2006-1104 (Multiple SQL injection vulnerabilities in Pixelpost 1.5 beta 1 and ...)
	NOT-FOR-US: Pixelpost
CVE-2006-1103 (engine/server.cpp in Sauerbraten 2006_02_28, as derived from the Cube ...)
	NOT-FOR-US: Sauerbraten / cube engine
CVE-2006-1102 (Sauerbraten 2006_02_28, as derived from the Cube engine, allows remote ...)
	NOT-FOR-US: Sauerbraten / cube engine
CVE-2006-1101 (The (1) sgetstr and (2) getint functions in Sauerbraten 2006_02_28, as ...)
	NOT-FOR-US: Sauerbraten / cube engine
CVE-2006-1100 (Buffer overflow in the sgetstr function in shared/cube.h in ...)
	NOT-FOR-US: Sauerbraten / cube engine
CVE-2006-1099 (PHP remote file include vulnerability in logIT 1.3 and 1.4 allows ...)
	NOT-FOR-US: logIT
CVE-2006-1098 (** DISPUTED ** ...)
	NOT-FOR-US: NZ Ecommerce
CVE-2006-1097 (Multiple cross-site scripting (XSS) vulnerabilities in Datenbank MOD ...)
	NOT-FOR-US: Woltlab Burning Board
CVE-2006-1096 (** DISPUTED ** ...)
	NOT-FOR-US: NZ Ecommerce
CVE-2006-1095 (Directory traversal vulnerability in the FileSession object in ...)
	NOTE: only version 3.2.7 is vulnerable, 3.2.8 is out
	NOTE: currently 3.1.3 is in Debian; very unlikely that 3.2.7 will be packaged
CVE-2006-1094 (SQL injection vulnerability in Datenbank MOD 2.7 and earlier for ...)
	NOT-FOR-US: Woltlab Burning Board
CVE-2006-1093 (Unspecified vulnerability in IBM WebSphere 5.0.2.10 through 5.0.2.15 ...)
	NOT-FOR-US: IBM WebSphere
CVE-2006-1092 (Unspecified vulnerability in the pagedata subsystem of the process ...)
	NOT-FOR-US: Solaris
CVE-2006-1091 (Kaspersky Antivirus 5.0.5 and 5.5.3 allows remote attackers to cause a ...)
	NOT-FOR-US: Kaspersky Antivirus
CVE-2006-1090 (register.php in PunBB 1.2.10 allows remote attackers to cause an ...)
	NOT-FOR-US: PunBB
CVE-2006-1089 (Cross-site scripting (XSS) vulnerability in header.php in PunBB 1.2.10 ...)
	NOT-FOR-US: PunBB
CVE-2006-1088 (PHP-Stats 0.1.9.1 and earlier allows remote attackers to obtain ...)
	NOT-FOR-US: PHP-Stats
CVE-2006-1087 (Direct static code injection vulnerability in the modify_config action ...)
	NOT-FOR-US: PHP-Stats
CVE-2006-1086
	REJECTED
CVE-2006-1085 (admin.php in PHP-Stats 0.1.9.1 and earlier allows remote attackers to ...)
	NOT-FOR-US: PHP-Stats
CVE-2006-1084 (Multiple SQL injection vulnerabilities in PHP-Stats 0.1.9.1 and ...)
	NOT-FOR-US: PHP-Stats
CVE-2006-1083 (Multiple directory traversal vulnerabilities in PHP-Stats 0.1.9.1 and ...)
	NOT-FOR-US: PHP-Stats
CVE-2006-1082 (Multiple cross-site scripting (XSS) vulnerabilities in phpArcadeScript ...)
	NOT-FOR-US: phpArcadeScript
CVE-2006-1081 (SQL injection vulnerability in forgotten_password.php in Jonathan ...)
	NOT-FOR-US: PluggedOut Nexus
CVE-2006-1080 (Cross-site scripting (XSS) vulnerability in login.php in Game-Panel ...)
	NOT-FOR-US: Game-Panel
CVE-2006-1079 (htpasswd, as used in Acme thttpd 2.25b and possibly other products ...)
	- thttpd 2.23beta1-2.4 (bug #253816; low)
	NOTE: apache's htpasswd not vulnerable, but source contains note about
	NOTE: not being safe for sudo
	NOTE: filed whishlist bug to add this to manpage
CVE-2006-1078 (Multiple buffer overflows in htpasswd, as used in Acme thttpd 2.25b, ...)
	- thttpd 2.23beta1-2.4 (bug #253816; low)
	NOTE: apache's htpasswd not vulnerable
CVE-2006-1077 (Multiple cross-site scripting (XSS) vulnerabilities in the commentary ...)
	NOT-FOR-US: Evo-Dev evoBlog
CVE-2006-1076 (SQL injection vulnerability in index.php, possibly during a showtopic ...)
	NOT-FOR-US: checkInvision Power Board
CVE-2006-1075 (Format string vulnerability in the visualization function in Jason ...)
	NOT-FOR-US: Liero Xtreme
CVE-2006-1074 (Jason Boettcher Liero Xtreme 0.62b and earlier allow remote attackers ...)
	NOT-FOR-US: Liero Xtreme
CVE-2006-1073 (Directory traversal vulnerability in index.php in Daverave Simplog ...)
	NOT-FOR-US: Daverave Simplog
CVE-2006-1072 (Cross-site scripting (XSS) vulnerability in Daverave Simplog 1.0.2 and ...)
	NOT-FOR-US: Daverave Simplog
CVE-2006-1071 (Cross-site scripting (XSS) vulnerability in index.php in DVguestbook ...)
	NOT-FOR-US: DVguestbook
CVE-2006-1070 (Cross-site scripting (XSS) vulnerability in dv_gbook.php in ...)
	NOT-FOR-US: DVguestbook
CVE-2006-1069 (Unspecified vulnerability in the session handling for Geeklog 1.4.x ...)
	NOT-FOR-US: Geeklog
CVE-2006-1068 (Netgear 614 and 624 routers, possibly running VXWorks, allow remote ...)
	NOT-FOR-US: VXWorks
CVE-2006-1067 (Linksys WRT54G routers version 5 (running VXWorks) allow remote ...)
	NOT-FOR-US: VXWorks
CVE-2006-1066 (Linux kernel 2.6.16-rc2 and earlier, when running on x86_64 systems ...)
	{DSA-1017-1}
	- linux-2.6 2.6.16-1
CVE-2006-1065 (SQL injection vulnerability in search.php in MyBulletinBoard (MyBB) ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2006-1064 (Multiple cross-site scripting (XSS) vulnerabilities in Lurker 2.0 and ...)
	{DSA-999-1}
	- lurker 2.1-1
CVE-2006-1063 (Unspecified vulnerability in Lurker 2.0 and earlier allows remote ...)
	{DSA-999-1}
	- lurker 2.1-1
CVE-2006-1062 (Unspecified vulnerability in lurker.cgi for Lurker 2.0 and earlier ...)
	{DSA-999-1}
	- lurker 2.1-1
CVE-2006-1061 (Heap-based buffer overflow in cURL and libcURL 7.15.0 through 7.15.2 ...)
	- curl 7.15.3-1
	[woody] - curl <not-affected> (Vulnerable code not present)
	[sarge] - curl <not-affected> (Vulnerable code not present)
CVE-2006-1060 (Heap-based buffer overflow in zgv before 5.8 and xzgv before 0.8 might ...)
	{DSA-1038-1 DSA-1037-1}
	- xzgv 0.8-5.1 (bug #362288; medium)
	- zgv 5.9-2
CVE-2006-1059 (The winbindd daemon in Samba 3.0.21 to 3.0.21c writes the machine ...)
	- samba 3.0.22-1
	[woody] - samba <not-affected>
	[sarge] - samba <not-affected>
CVE-2006-1058 (BusyBox 1.1.1 does not use a salt when generating passwords, which ...)
	- busybox 1:1.1.3-1 (low; bug #360578)
	[woody] - busybox <not-affected>
	[sarge] - busybox <not-affected>
CVE-2006-1057 (Race condition in daemon/slave.c in gdm before 2.14.1 allows local ...)
	{DSA-1040-1}
	- gdm 2.14.4-1
CVE-2006-1056 (The Linux kernel before 2.6.16.9 and the FreeBSD kernel, when running ...)
	{DSA-1103 DSA-1097-1}
	- linux-2.6 2.6.16-9
	- kfreebsd-5 5.4-17
	- xen-3.0 3.0.2+hg9656-1
CVE-2006-1055 (The fill_write_buffer function in sysfs/file.c in Linux kernel 2.6.12 ...)
	- linux-2.6 2.6.16-6
CVE-2006-1054
	REJECTED
CVE-2006-1053
	RESERVED
CVE-2006-1052 (The selinux_ptrace logic in hooks.c in SELinux for Linux 2.6.6 allows ...)
	- linux-2.6 2.6.15+2.6.16-rc5-0experimental.1 (low)
CVE-2006-1051 (SQL injection vulnerability in Akarru Social BookMarking Engine before ...)
	NOT-FOR-US: Akurru Social BookMarking Engine
CVE-2006-1050 (** DISPUTED ** ...)
	NOT-FOR-US: Kwik-Pay Payroll
CVE-2005-4728 (Untrusted search path vulnerability (RPATH) in amaya 9.2.1 on Debian ...)
	- amaya 9.4-1 (bug #341424)
	[sarge] - amaya <not-affected> (The Sarge version doesn't have an rpath set)
CVE-2006-1319 (chpst in runit 1.3.3-1 for Debian GNU/Linux, when compiled on little ...)
	- runit 1.4.1-1 (bug #356016; medium)
	[sarge] - runit <not-affected>
CVE-2006-1049 (Multiple SQL injection vulnerabilities in the Admin functionality in ...)
	NOT-FOR-US: Joomla!
CVE-2006-1048 (Joomla! 1.0.7 and earlier allows attackers to bypass intended access ...)
	NOT-FOR-US: Joomla!
CVE-2006-1047 (Unspecified vulnerability in the &quot;Remember Me login functionality&quot; in ...)
	NOT-FOR-US: Joomla!
CVE-2006-1046 (server.cpp in Monopd 0.9.3 allows remote attackers to cause a denial ...)
	- monopd 0.9.3-2 (bug #355797; low)
	[sarge] - monopd <no-dsa> (Very minor security ramifications)
CVE-2006-1045 (The HTML rendering engine in Mozilla Thunderbird 1.5, when &quot;Block ...)
	{DSA-1051-1 DSA-1046-1}
	- thunderbird 1.5.0.2-1
	[sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8
	- firefox 1.5.dfsg+1.5.0.2-1
	- xulrunner 1.8.0.1-9
CVE-2006-1044 (Multiple buffer overflows in LISTSERV 14.3 and 14.4, including ...)
	NOT-FOR-US: LISTSERV
CVE-2006-1043 (Stack-based buffer overflow in Microsoft Visual Studio 6.0 and ...)
	NOT-FOR-US: Microsoft
CVE-2006-1042 (Multiple SQL injection vulnerabilities in Gregarius 0.5.2 allow remote ...)
	NOT-FOR-US: Gregarius
CVE-2006-1041 (Multiple cross-site scripting (XSS) vulnerabilities in Gregarius 0.5.2 ...)
	NOT-FOR-US: Gregarius
CVE-2006-1040 (Cross-site scripting (XSS) vulnerability in vBulletin 3.0.12 and 3.5.3 ...)
	NOT-FOR-US: vBulletin
CVE-2006-1039 (SAP Web Application Server (WebAS) Kernel before 7.0 allows remote ...)
	NOT-FOR-US: SAP
CVE-2006-1038 (Buffer overflow in SecureCRT 5.0.4 and earlier and SecureFX 3.0.4 and ...)
	NOT-FOR-US: SecureCRT
CVE-2006-1037 (SQL injection vulnerability in the Oracle Diagnostics module 2.2 and ...)
	NOT-FOR-US: Oracle
CVE-2006-1036 (Multiple unspecified vulnerabilities in the Oracle Diagnostics module ...)
	NOT-FOR-US: Oracle
CVE-2006-1035 (Unspecified vulnerability in the Oracle Diagnostics module 2.2 and ...)
	NOT-FOR-US: Oracle
CVE-2006-1034 (Multiple cross-site scripting (XSS) vulnerabilities in Woltlab Burning ...)
	NOT-FOR-US: Woltlab Burning Board
CVE-2006-1033 (Multiple cross-site scripting (XSS) vulnerabilities in Dragonfly CMS ...)
	NOT-FOR-US: Dragonfly CMS
CVE-2006-1032 (Eval injection vulnerability in the decode function in rpc_decoder.php ...)
	NOT-FOR-US: phpRPC
CVE-2006-1031 (config/config_inc.php in iGENUS Webmail 2.02 and earlier allows remote ...)
	NOT-FOR-US: iGENUS Webmail
CVE-2006-1030 (Unspecified vulnerability in mod_templatechooser in Joomla! 1.0.7 ...)
	NOT-FOR-US: Joomla!
CVE-2006-1029 (The cross-site scripting (XSS) countermeasures in ...)
	NOT-FOR-US: Joomla!
CVE-2006-1028 (feedcreator.class.php (aka the syndication component) in Joomla! 1.0.7 ...)
	NOT-FOR-US: Joomla!
CVE-2006-1027 (feedcreator.class.php (aka the syndication component) in Joomla! 1.0.7 ...)
	NOT-FOR-US: Joomla!
CVE-2006-1026 (JFacets before 0.2 allows remote attackers to gain privileges as any ...)
	NOT-FOR-US: JFacets
CVE-2006-1025 (Cross-site scripting (XSS) vulnerability in manage.asp in Addsoft ...)
	NOT-FOR-US: Addsoft StoreBot
CVE-2006-1024 (SQL injection vulnerability in MgrLogin.asp in Addsoft StoreBot 2005 ...)
	NOT-FOR-US: Addsoft StoreBot
CVE-2006-1023 (Directory traversal vulnerability in HP System Management Homepage ...)
	NOT-FOR-US: HP System Management
CVE-2006-1022 (PHP remote file include vulnerability in sol_menu.php in PeHePe Uyelik ...)
	NOT-FOR-US: PeHePe Uyelik Sistemi
CVE-2006-1021 (Cross-site scripting (XSS) vulnerability in sol_menu.php in PeHePe ...)
	NOT-FOR-US: PeHePe Uyelik Sistemi
CVE-2006-1020 (SQL injection vulnerability in forumlib.php in Johnny_Vegas Vegas ...)
	NOT-FOR-US: Johnny_Vegas Vegas Forum
CVE-2006-1019 (Cross-site scripting (XSS) vulnerability in fce.php in UKiBoard 3.0.1 ...)
	NOT-FOR-US: UkiBoard
CVE-2006-1018 (SQL injection vulnerability in poems.php in DCI-Designs Dawaween 1.03 ...)
	NOT-FOR-US: DCI-Design Dawaween
CVE-2006-1017 (The c-client library 2000, 2001, or 2004 for PHP before 4.4.4 and 5.x ...)
	NOT-FOR-US: c-client
CVE-2006-1016 (Buffer overflow in the IsComponentInstalled method in Internet ...)
	NOT-FOR-US: Windows
CVE-2006-1015 (Argument injection vulnerability in certain PHP 3.x, 4.x, and 5.x ...)
	- php5 5.1.4-0.1 (bug #368595; unimportant)
	- php4 <unfixed> (bug #368592; unimportant)
	NOTE: It's the application's job to sanitize input passed to a function
CVE-2006-1014 (Argument injection vulnerability in certain PHP 4.x and 5.x ...)
	- php5 5.1.4-0.1 (bug #368595; unimportant)
	- php4 <unfixed> (bug #368592; unimportant)
	NOTE: It's the application's job to sanitize input passed to a function
CVE-2006-1013 (PHP remote file include vulnerability in index.php in SMartBlog (aka ...)
	NOT-FOR-US: SMartBlog
CVE-2006-1012 (SQL injection vulnerability in WordPress 1.5.2, and possibly other ...)
	- wordpress 2.0.1-1
CVE-2006-1011 (LetterMerger 1.2 stores user information in Access database files with ...)
	NOT-FOR-US: LetterMerger
CVE-2006-1010 (Buffer overflow in socket/request.c in CrossFire before 1.9.0, when ...)
	{DSA-1001-1}
	- crossfire 1.9.0-1
CVE-2006-1009 (M4 Project enigma-suite before 0.73.3 (Windows) has a default password ...)
	NOT-FOR-US: M4 Project enigma-suite
CVE-2006-1008 (Multiple cross-site scripting (XSS) vulnerabilities in N8cms 1.1 and ...)
	NOT-FOR-US: N8cms
CVE-2006-1007 (Multiple SQL injection vulnerabilities in N8cms 1.1 and 1.2 allow ...)
	NOT-FOR-US: N8cms
CVE-2006-1006 (Multiple SQL injection vulnerabilities in sendcard.php in sendcard ...)
	NOT-FOR-US: sendcard
CVE-2006-1005 (agencyprofile.asp in Parodia 6.2 and earlier might allow remote ...)
	NOT-FOR-US: Parodia
CVE-2006-1004 (Cross-site scripting (XSS) vulnerability in agencyprofile.asp in ...)
	NOT-FOR-US: Parodia
CVE-2006-1003 (The backup configuration option in NETGEAR WGT624 Wireless Firewall ...)
	NOT-FOR-US: NETGEAR hardware issue
CVE-2006-1002 (NETGEAR WGT624 Wireless DSL router has a default account of ...)
	NOT-FOR-US: NETGEAR hardware issue
CVE-2006-1001 (SQL injection vulnerability in the board module in LanSuite LanParty ...)
	NOT-FOR-US: LanSuite LanParty Intranet System
CVE-2006-1000 (Multiple SQL injection vulnerabilities in Pentacle In-Out Board 3.0 ...)
	NOT-FOR-US: Pentacle In-Out Board
CVE-2006-0999 (The SSL server implementation in NILE.NLM in Novell NetWare 6.5 and ...)
	NOT-FOR-US: Novell
CVE-2006-0998 (The SSL server implementation in NILE.NLM in Novell NetWare 6.5 and ...)
	NOT-FOR-US: Novell
CVE-2006-0997 (The SSL server implementation in NILE.NLM in Novell NetWare 6.5 and ...)
	NOT-FOR-US: Novell
CVE-2006-0996 (Cross-site scripting (XSS) vulnerability in phpinfo (info.c) in PHP ...)
	- php4 4:4.4.4-1 (bug #361853; unimportant)
	- php5 5.1.4-0.1 (bug #361914; unimportant)
	NOTE: Non-issue, explicit debug feature
CVE-2006-0995 (EMC Dantz Retrospect 7 backup client 7.0.107, and other versions ...)
	NOT-FOR-US: EMC Dantz Retrospect
CVE-2006-0994 (Multiple Sophos Anti-Virus products, including Anti-Virus for Windows ...)
	NOT-FOR-US: Sophos
CVE-2006-0993 (The web management interface in 3Com TippingPoint SMS Server before ...)
	NOT-FOR-US: 3Com
CVE-2006-0992 (Stack-based buffer overflow in Novell GroupWise Messenger before 2.0 ...)
	NOT-FOR-US: Novell GroupWise
CVE-2006-0991 (Buffer overflow in the NetBackup Sharepoint Services server daemon ...)
	NOT-FOR-US: Veritas NetBackup
CVE-2006-0990 (Stack-based buffer overflow in the NetBackup Catalog daemon (bpdbm) in ...)
	NOT-FOR-US: Veritas NetBackup
CVE-2006-0989 (Stack-based buffer overflow in the volume manager daemon (vmd) in ...)
	NOT-FOR-US: Veritas NetBackup
CVE-2006-0988 (The default configuration of the DNS Server service on Windows Server ...)
	NOT-FOR-US: MS Windows issue
CVE-2006-0987 (The default configuration of ISC BIND, when configured as a caching ...)
	- bind <unfixed> (bug #355787; unimportant)
	- bind9 1:9.4.0-1 (bug #356266; unimportant)
	NOTE: This is within the responsibilities of a local admin, especially when
	NOTE: operating a DNS server, affected sites can configure AllowRecursion
CVE-2006-0986 (WordPress 2.0.1 and earlier allows remote attackers to obtain ...)
	- wordpress 2.0.2-1 (bug #355055; unimportant)
CVE-2006-0985 (Multiple cross-site scripting (XSS) vulnerabilities in the &quot;post ...)
	- wordpress 2.0.2-1 (bug #355055; medium)
CVE-2006-0984 (Cross-site scripting (XSS) vulnerability in inc_header.php in EJ3 TOPo ...)
	NOT-FOR-US: EJ3 TOPo not in debian
CVE-2006-0983 (Cross-site scripting (XSS) vulnerability in index.php in QwikiWiki 1.4 ...)
	NOT-FOR-US: QWikiWiki not in debian
CVE-2006-0982 (The on-access scanner for McAfee Virex 7.7 for Macintosh, in some ...)
	NOT-FOR-US: McAfee Virex 7.7 for Macintosh
CVE-2006-0981 (Directory traversal vulnerability in e-merge WinAce 2.6 and earlier ...)
	NOT-FOR-US: WinAce
CVE-2006-0980 (Multiple cross-site scripting (XSS) vulnerabilities in Jay Eckles CGI ...)
	NOT-FOR-US: Jay Eckles CGI Calendar
CVE-2006-0979 (Unspecified vulnerability in the local weblog publisher in Nidelven IT ...)
	NOT-FOR-US: Nidelven IT Issue Dealer
CVE-2006-0978 (Multiple cross-site scripting (XSS) vulnerabilities in the View ...)
	NOT-FOR-US: ArGoSoft Mail Server
CVE-2006-0977 (Craig Morrison Mail Transport System Professional (aka MTS Pro) acts ...)
	NOT-FOR-US: MTS Pro
CVE-2006-0976 (Directory traversal vulnerability in scan_lang_insert.php in Boris ...)
	NOT-FOR-US: SPiD
CVE-2006-0975
	REJECTED
CVE-2006-0974 (Cross-site scripting (XSS) vulnerability in failure.asp in Battleaxe ...)
	NOT-FOR-US: bttlxeForum 2.0
CVE-2006-0973 (SQL injection vulnerability in topics.php in Appalachian State ...)
	NOT-FOR-US: phpWebSite
CVE-2006-0972 (SQL injection vulnerability in news.php in Tony Baird Fantastic News ...)
	NOT-FOR-US: Tony Baird Fantastic News
CVE-2006-0971 (Directory traversal vulnerability in Lionel Reyero DirectContact 0.3b ...)
	NOT-FOR-US: DirectContact
CVE-2006-0970 (PHP remote file inclusion vulnerability in index.php in one or more ...)
	NOT-FOR-US: ActiveCampaign products
CVE-2006-0969 (PHP remote file inclusion vulnerability in index.php in Top sites de ...)
	NOT-FOR-US: PixelArtKingdom TopSites
CVE-2006-0968 (The ncprwsnt service in NCP Network Communication Secure Client 8.11 ...)
	NOT-FOR-US: NCP Network Communication Secure Client
CVE-2006-0967 (NCP Network Communication Secure Client 8.11 Build 146, and possibly ...)
	NOT-FOR-US: NCP Network Communication Secure Client
CVE-2006-0966 (NCP Network Communication Secure Client 8.11 Build 146, and possibly ...)
	NOT-FOR-US: NCP Network Communication Secure Client
CVE-2006-0965 (NCP Network Communication Secure Client 8.11 Build 146, and possibly ...)
	NOT-FOR-US: NCP Network Communication Secure Client
CVE-2006-0964 (Client Firewall in NCP Network Communication Secure Client 8.11 Build ...)
	NOT-FOR-US: NCP Network Communication Secure Client
CVE-2006-0963 (Multiple buffer overflows in STLport 5.0.2 might allow local users to ...)
	- stlport5 5.0.2-1 (bug #358471; medium)
CVE-2006-0962 (SQL injection vulnerability in vuBB 0.2 allows remote attackers to ...)
	NOT-FOR-US: VuBB
CVE-2006-0961 (SQL injection vulnerability in yazdir.asp in Cilem Hiber 1.1 allows ...)
	NOT-FOR-US: Cilem Hiber
CVE-2006-0960 (uConfig agent in Compex NetPassage WPE54G router allows remote ...)
	NOT-FOR-US: Compex NetPassage WPE54G router
CVE-2006-0959 (SQL injection vulnerability in misc.php in MyBulletinBoard (MyBB) ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2006-0958 (Cross-site scripting (XSS) vulnerability in func.inc.php in ZoneO-Soft ...)
	NOT-FOR-US: ZoneO-Soft freeForum
CVE-2006-0957 (Direct static code injection vulnerability in func.inc.php in ...)
	NOT-FOR-US: ZoneO-Soft freeForum
CVE-2006-0956 (nuauth in NuFW before 1.0.21 does not properly handle blocking TLS ...)
	- nufw 1.0.23-1 (bug #358475; low)
CVE-2006-0955
	RESERVED
CVE-2006-0954
	RESERVED
CVE-2006-0953
	RESERVED
CVE-2006-0952
	RESERVED
CVE-2006-0951 (The GUI (nod32.exe) in NOD32 2.5 runs with SYSTEM privileges when the ...)
	NOT-FOR-US: NOD32
CVE-2006-0950 (unalz 0.53 allows user-assisted attackers to overwrite arbitrary ...)
	- unalz 0.55-1 (bug #356832; low)
	[sarge] - unalz <no-dsa> (Minor issue)
CVE-2006-0949 (RaidenHTTPD 1.1.47 allows remote attackers to obtain source code of ...)
	NOT-FOR-US: RaidenHTTPD
CVE-2006-0948 (AOL 9.0 Security Edition revision 4184.2340, and probably other ...)
	NOT-FOR-US: AOL
CVE-2006-0947 (Thomson SpeedTouch modem running firmware 5.3.2.6.0 allows remote ...)
	NOT-FOR-US: Thomson modem firmware
CVE-2006-0946 (Cross-site scripting (XSS) vulnerability in Thomson SpeedTouch modems ...)
	NOT-FOR-US: Thomson modem firmware
CVE-2006-0945 (PHP remote file include vulnerability in admin/index.php in Archangel ...)
	NOT-FOR-US: Archangel Weblog
CVE-2006-0944 (Archangel Weblog 0.90.02 allows remote attackers to bypass ...)
	NOT-FOR-US: Archangel Weblog
CVE-2006-0943 (SQL injection vulnerability in the sondages module in index.php in ...)
	NOT-FOR-US: PwsPHP
CVE-2006-0942 (SQL injection vulnerability in profil.php in PwsPHP 1.2.3, and ...)
	NOT-FOR-US: PwsPHP
CVE-2006-0941 (Multiple cross-site scripting (XSS) vulnerabilities in post.php in ...)
	NOT-FOR-US: ShoutLIVE
CVE-2006-0940 (Multiple direct static code injection vulnerabilities in ...)
	NOT-FOR-US: ShoutLIVE
CVE-2006-0939 (SQL injection vulnerability in DCI-Taskeen 1.03 allows remote ...)
	NOT-FOR-US: DCI-Taskeen
CVE-2006-0938 (Cross-site scripting (XSS) vulnerability in eZ publish 3.7.3 and ...)
	- ezpublish <removed>
CVE-2006-1320 (util.c in rssh 2.3.0 in Debian GNU/Linux does not use braces to make a ...)
	{DSA-1109}
	- rssh 2.3.0-1.1 (bug #346322; bug #363978; low)
CVE-2006-1321 (Cross-site scripting (XSS) vulnerability in webcheck before 1.9.6 ...)
	- webcheck 1.9.6
CVE-2006-0937 (U.N.U. Mailgust 1.9 allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: U.N.U. Mailgust
CVE-2006-0936 (Free Host Shop Website Generator 3.3 allows remote authenticated users ...)
	NOT-FOR-US: Free Host Shop Website Generator
CVE-2006-0935 (Microsoft Word 2003 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Microsoft
CVE-2006-0934 (Cross-site scripting (XSS) vulnerability in webinsta Limbo 1.0.4.2 ...)
	NOT-FOR-US: webinsta Limbo
CVE-2006-0933 (Cross-site scripting (XSS) vulnerability in PHPX 3.5.9 allows remote ...)
	NOT-FOR-US: PHPX
CVE-2006-0932 (Directory traversal vulnerability in zip.lib.php 0.1.1 in ...)
	NOT-FOR-US: zip.lib.php
CVE-2006-0931 (Directory traversal vulnerability in PEAR::Archive_Tar 1.2, and other ...)
	- php5 <unfixed> (bug #368545; unimportant)
	- php4 <unfixed> (bug #368545; unimportant)
	NOTE: is this really a vulnerability in pear?  it seems it should be a bug
	NOTE: in any application not checking for such archives.
	NOTE: Lack of a security feature is not a vulnerability
CVE-2006-0930 (Directory traversal vulnerability in Webmail in ArGoSoft Mail Server ...)
	NOT-FOR-US: ArgoSoft Mail Server
CVE-2006-0929 (Directory traversal vulnerability in the IMAP server in ArGoSoft Mail ...)
	NOT-FOR-US: ArgoSoft Mail Server
CVE-2006-0928 (The POP3 Server in ArGoSoft Mail Server Pro 1.8 allows remote ...)
	NOT-FOR-US: ArgoSoft Mail Server
CVE-2006-0927 (Multiple cross-site scripting (XSS) vulnerabilities in the JGS-XA ...)
	NOT-FOR-US: Woltlab Burning Board
CVE-2006-0926 (Multiple directory traversal vulnerabilities in Allume StuffIt ...)
	NOT-FOR-US: StuffIt
CVE-2006-0925 (Format string vulnerability in the IMAP4rev1 server in Alt-N MDaemon ...)
	NOT-FOR-US: Alt-N MDaemon
CVE-2006-0924 (Cross-site scripting (XSS) vulnerability in Brown Bear iCal 3.10 ...)
	NOT-FOR-US: iCal
CVE-2006-0923 (Multiple cross-site scripting (XSS) vulnerabilities in MyPHPNuke (MPN) ...)
	NOT-FOR-US: MyPHPNuke
CVE-2006-0922 (CubeCart 3.0 through 3.6 does not properly check authorization for an ...)
	NOT-FOR-US: CubeCart
CVE-2006-0921 (Multiple directory traversal vulnerabilities in connector.php in ...)
	- knowledgeroot <not-affected> (fixed before first upload; see bug #381912)
CVE-2006-0920 (Oi! Email Marketing System 3.0 (aka Oi! 3) stores the server's FTP ...)
	NOT-FOR-US: Oi! Email Marketing System
CVE-2006-0919 (SQL injection vulnerability in index.php (aka the login page) in Oi! ...)
	NOT-FOR-US: Oi! Email Marketing System
CVE-2006-0918 (Buffer overflow in RITLabs The Bat! 3.60.07 allows remote attackers to ...)
	NOT-FOR-US: The Bat!
CVE-2006-0917 (Melange Chat Server (aka M-Chat), when accessed via a web browser, ...)
	NOT-FOR-US: Melange Chat Server
CVE-2006-0916 (Bugzilla 2.19.3 through 2.20 does not properly handle &quot;//&quot; sequences ...)
	- bugzilla 2.20.1-1 (bug #354457; high)
	[woody] - bugzilla <not-affected> (Only 2.17 and above are affected)
	[sarge] - bugzilla <not-affected> (Only 2.17 and above are affected)
CVE-2006-0915 (Bugzilla 2.16.10 does not properly handle certain characters in the ...)
	- bugzilla 2.20.1-1 (bug #354457; high)
	[woody] - bugzilla <not-affected> (Only 2.17 and above are affected)
	[sarge] - bugzilla <not-affected> (Only 2.17 and above are affected)
CVE-2006-0914 (Bugzilla 2.16.10, 2.17 through 2.18.4, and 2.20 does not properly ...)
	- bugzilla 2.20.1-1 (bug #354457; high)
	[woody] - bugzilla <not-affected> (Only 2.17 and above are affected)
	[sarge] - bugzilla <not-affected> (Only 2.17 and above are affected)
CVE-2006-0913 (SQL injection vulnerability in whineatnews.pl in Bugzilla 2.17 through ...)
	- bugzilla 2.20.1-1 (bug #354457; high)
	[woody] - bugzilla <not-affected> (Only 2.17 and above are affected)
	[sarge] - bugzilla <not-affected> (Only 2.17 and above are affected)
CVE-2006-0912 (Oreka before 0.5 allows remote attackers to cause a denial of service ...)
	NOT-FOR-US: Oreka
CVE-2006-0911 (NmService.exe in Ipswitch WhatsUp Professional 2006 allows remote ...)
	NOT-FOR-US: WhatsUp Professional
CVE-2006-0910 (Invision Power Board (IPB) 2.1.4 and earlier allows remote attackers ...)
	NOT-FOR-US: Invision Power Board
CVE-2006-0909 (Invision Power Board (IPB) 2.1.4 and earlier allows remote attackers ...)
	NOT-FOR-US: Invision Power Board
CVE-2006-0908 (PHP-Nuke 7.8 Patched 3.2 allows remote attackers to bypass SQL ...)
	NOT-FOR-US: PHP-Nuke
CVE-2006-0907 (SQL injection vulnerability in PHP-Nuke before 7.8 Patched 3.2 allows ...)
	NOT-FOR-US: PHP-Nuke
CVE-2006-0906 (SQL injection vulnerability in D3Jeeb Pro 3 allows remote attackers to ...)
	NOT-FOR-US: D3Jeeb Pro
CVE-2006-0905 (A &quot;programming error&quot; in fast_ipsec in FreeBSD 4.8-RELEASE through ...)
	- kfreebsd-5 5.4-16
CVE-2006-0904
	RESERVED
CVE-2006-0903 (MySQL 5.0.18 and earlier allows local users to bypass logging ...)
	{DSA-1079-1 DSA-1073-1 DSA-1071-1}
	- mysql-dfsg-5.0 5.0.19-3 (bug #359701; bug #366162; bug #366163)
CVE-2006-0902
	RESERVED
CVE-2006-0901 (Unspecified vulnerability in the hsfs filesystem in Solaris 8, 9, and ...)
	NOT-FOR-US: Solaris
CVE-2006-0900 (nfsd in FreeBSD 6.0 kernel allows remote attackers to cause a denial ...)
	- kfreebsd-5 5.4-15
CVE-2006-0899 (Directory traversal vulnerability in index.php in 4Images 1.7.1 and ...)
	NOT-FOR-US: 4Images
CVE-2006-0898 (Crypt::CBC Perl module 2.16 and earlier, when running in RandomIV ...)
	{DSA-996-1}
	- libcrypt-cbc-perl 2.17-1
CVE-2006-0897 (** DISPUTED ** ...)
	NOT-FOR-US: VCS Virtual Program Management Intranet
CVE-2006-0896 (Cross-site scripting (XSS) vulnerability in Sources/Register.php in ...)
	NOT-FOR-US: Simple Machine Forum
CVE-2006-0895 (NOCC Webmail 1.0 allows remote attackers to obtain the installation ...)
	NOT-FOR-US: NOCC Webmail
CVE-2006-0894 (Multiple cross-site scripting (XSS) vulnerabilities in NOCC Webmail ...)
	NOT-FOR-US: NOCC Webmail
CVE-2006-0893 (NOCC Webmail 1.0 allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: NOCC Webmail
CVE-2006-0892 (NOCC Webmail 1.0 stores e-mail attachments in temporary files with ...)
	NOT-FOR-US: NOCC Webmail
CVE-2006-0891 (Multiple directory traversal vulnerabilities in NOCC Webmail 1.0 allow ...)
	NOT-FOR-US: NOCC Webmail
CVE-2006-0890 (Directory traversal vulnerability in SpeedProject Squeez 5.1, as used ...)
	NOT-FOR-US: SpeedProject Squeez
CVE-2006-0889 (Cross-site scripting (XSS) vulnerability in Calcium 3.10.1 allows ...)
	NOT-FOR-US: Calcium
CVE-2006-0888 (index.php in Invision Power Board (IPB) 2.0.1, with Code Confirmation ...)
	NOT-FOR-US: Invision Power Board
CVE-2006-0887 (Eval injection vulnerability in sessions.inc in PHP Base Library ...)
	NOT-FOR-US: PHPLIB
CVE-2006-0886 (Cross-site scripting (XSS) vulnerability in register.php in DEV web ...)
	NOT-FOR-US: DEV web management system
CVE-2006-0885 (Cross-site scripting (XSS) vulnerability in show_news.php in CuteNews ...)
	NOT-FOR-US: CuteNews
CVE-2006-0884 (The WYSIWYG rendering engine (&quot;rich mail&quot; editor) in Mozilla ...)
	{DSA-1051-1 DSA-1046-1}
	[sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8
	- thunderbird 1.5.0.2-1
	- firefox 1.5.dfsg+1.5.0.2-1
	- xulrunner 1.8.0.1-9
	- mozilla 2:1.7.13-0.1
CVE-2003-1295 (Unspecified vulnerability in xscreensaver 4.12, and possibly other ...)
	- xscreensaver 4.21-1
	NOTE: Might be fixed earlier, but I've verified that the SuSE patch is included
	NOTE: in the Sarge version --jmm
CVE-2003-1294 (Xscreensaver before 4.15 creates temporary files insecurely in (1) ...)
	- xscreensaver 4.15-1
CVE-2006-0883 (OpenSSH on FreeBSD 5.3 and 5.4, when used with OpenPAM, does not ...)
	- openssh 1:3.8.1p1-4
	[woody] - openssh <not-affected>
CVE-2006-0882 (Directory traversal vulnerability in include.php in Noah's Classifieds ...)
	NOT-FOR-US: Noah's Classifieds
CVE-2006-0881 (Multiple PHP remote file include vulnerabilities in gorum/gorumlib.php ...)
	NOT-FOR-US: Noah's Classifieds
CVE-2006-0880 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...)
	NOT-FOR-US: Noah's Classifieds
CVE-2006-0879 (SQL injection vulnerability in the search tool in Noah's Classifieds ...)
	NOT-FOR-US: Noah's Classifieds
CVE-2006-0878 (Noah's Classifieds 1.3 allows remote attackers to obtain the ...)
	NOT-FOR-US: Noah's Classifieds
CVE-2006-0877 (Cross-site scripting vulnerability in Easy Forum 2.5 allows remote ...)
	NOT-FOR-US: Easy Forum
CVE-2006-0876 (POPFile before 0.22.4 allows remote attackers to cause a denial of ...)
	{DSA-1061-1}
	- popfile 0.22.4-1 (bug #354464; medium)
CVE-2006-0875 (Cross-site scripting vulnerability in ratefile.php in RunCMS 1.3a5 ...)
	NOT-FOR-US: runCMS
CVE-2006-0874 (Multiple unspecified vulnerabilities in Intensive Point iUser ...)
	NOT-FOR-US: Intensive Point iUser Ecommerce
CVE-2006-0873 (Absolute path traversal vulnerability in docs/showdocs.php in ...)
	NOT-FOR-US: Coppermine Photo Gallery
CVE-2006-0872 (Directory traversal vulnerability in init.inc.php in Coppermine Photo ...)
	NOT-FOR-US: Coppermine Photo Gallery
CVE-2006-0871 (Directory traversal vulnerability in the _setTemplate function in ...)
	- mambo 4.5.3h-1 (bug #354468)
	NOTE: only in experimental
CVE-2006-0870 (SQL injection vulnerability in pages.asp in Mini-Nuke CMS System 1.8.2 ...)
	NOT-FOR-US: Mini-Nuke CMS
CVE-2006-0869 (Directory traversal vulnerability in the &quot;remember me&quot; feature in ...)
	NOT-FOR-US: PHP PEAR LiveUser
CVE-2006-0868 (Multiple unspecified injection vulnerabilities in unspecified Auth ...)
	- php-auth 1.2.4-0.1 (bug #354474)
CVE-2006-0867 (Buffer overflow in certain versions of South River (aka SRT) WebDrive, ...)
	NOT-FOR-US: WebDrive
CVE-2006-0866 (PunBB 1.2.10 and earlier allows remote attackers to conduct brute ...)
	NOT-FOR-US: PunBB
CVE-2006-0865 (PunBB 1.2.10 and earlier allows remote attackers to cause a denial of ...)
	NOT-FOR-US: PunBB
CVE-2006-0864 (filescan in Global Hauri ViRobot 2.0 20050817 does not verify the ...)
	NOT-FOR-US: Global Hauri ViRobot
CVE-2006-0863 (InfoVista PortalSE 2.0 Build 20087 on Solaris 8 allows remote ...)
	NOT-FOR-US: InfoVista PortalSE
CVE-2006-0862 (Unspecified vulnerability in InfoVista PortalSE 2.0 Build 20087 on ...)
	NOT-FOR-US: InfoVista PortalSE
CVE-2006-0861 (Michael Salzer Guestbox 0.6, and other versoins before 0.8, allows ...)
	NOT-FOR-US: Michael Salzer Guestbox
CVE-2006-0860 (Multiple cross-site scripting (XSS) vulnerabilities in Michael Salzer ...)
	NOT-FOR-US: Michael Salzer Guestbox
CVE-2006-0859 (Michael Salzer Guestbox 0.6, and other versions before 0.8, allows ...)
	NOT-FOR-US: Michael Salzer Guestbox
CVE-2006-0858 (Unquoted Windows search path vulnerability in (1) snsmcon.exe, (2) the ...)
	NOT-FOR-US: StarForce Safe'n'Sec Personal
CVE-2006-0857 (Cross-site scripting (XSS) vulnerability in Chatbox Plugin 1.0 in e107 ...)
	NOT-FOR-US: e107 CMS Chatbox plugin
CVE-2006-0856 (SQL injection vulnerability in login.php in Scriptme SmE GB Host 1.21 ...)
	NOT-FOR-US: SmE GB Host
CVE-2006-0855 (Stack-based buffer overflow in the fullpath function in misc.c for zoo ...)
	{DSA-991-1}
	- zoo 2.10-17 (bug #354461)
CVE-2006-0854 (PHP remote file inclusion vulnerability in common.php in Intensive ...)
	NOT-FOR-US: Intensive Point iUser Ecommerce
CVE-2006-0853 (Buffer overflow in the IMAP service of TrueNorth Internet Anywhere ...)
	NOT-FOR-US: TrueNorth Internet Anywhere
CVE-2006-0852 (Direct static code injection vulnerability in write.php in Admbook ...)
	NOT-FOR-US: Admbook
CVE-2006-0851 (SQL injection vulnerability in the forum module of ilchClan 1.05g and ...)
	NOT-FOR-US: ilchClan
CVE-2006-0850 (SQL injection vulnerability in include/includes/user/login.php in ...)
	NOT-FOR-US: ilchClan
CVE-2006-0849
	RESERVED
CVE-2006-0848 (The &quot;Open 'safe' files after downloading&quot; option in Safari on Apple ...)
	NOT-FOR-US: Apple Safari
CVE-2006-0847 (Directory traversal vulnerability in the staticfilter component in ...)
	- cherrypy2.1 2.1.1-1 (bug #353542)
	- python-cherrypy 2.1.1-1 (bug #354479)
CVE-2006-0846 (Multiple cross-site scripting (XSS) vulnerabilities in Leif M. ...)
	NOT-FOR-US: Leif M. Wright's Blog
CVE-2006-0845 (Leif M. Wright's Blog 3.5 allows remote authenticated users with ...)
	NOT-FOR-US: Leif M. Wright's Blog
CVE-2006-0844 (Leif M. Wright's Blog 3.5 does not make a password comparison when ...)
	NOT-FOR-US: Leif M. Wright's Blog
CVE-2006-0843 (Leif M. Wright's Blog 3.5 stores the config file and other txt files ...)
	NOT-FOR-US: Leif M. Wright's Blog
CVE-2006-0842 (Cross-site scripting (XSS) vulnerability in Calacode @Mail 4.3 allows ...)
	NOT-FOR-US: Calacode @Mail
CVE-2006-0841 (Multiple cross-site scripting (XSS) vulnerabilities in Mantis 1.00rc4 ...)
	{DSA-1133-1}
	- mantis 0.19.4-3.1 (bug #378353)
CVE-2006-0840 (manage_user_page.php in Mantis 1.00rc4 and earlier does not properly ...)
	{DSA-944-1}
	- mantis 1.0
	NOTE: This was actually fixed upstream in Mantis 1.0.0rc5,
	NOTE: which was never uploaded.
CVE-2006-0839 (The frag3 preprocessor in Sourcefire Snort 2.4.3 does not properly ...)
	- snort <not-affected> (frag3 is only in 2.4, currently there is 2.3.3 in sid)
CVE-2006-0838 (IBM Tivoli Micromuse Netcool/NeuSecure 3.0.236 stores cleartext ...)
	NOT-FOR-US: Tivoli
CVE-2006-0837 (IBM Tivoli Micromuse Netcool/NeuSecure 3.0.236 has world-readable ...)
	NOT-FOR-US: Tivoli
CVE-2006-0836 (Mozilla Thunderbird 1.5 allows user-assisted attackers to cause an ...)
	- thunderbird <unfixed> (bug #370432; unimportant)
	[sarge] - mozilla-thunderbird <unfixed> (bug #370432; unimportant)
	NOTE: Denial of service by tricking someone into importing a manipulated LDIF file
	NOTE: That's a bug, but calling it a security problem is very far-fetched
CVE-2006-0835 (SQL injection vulnerability in dropbase.php in MitriDAT Web Calendar ...)
	NOT-FOR-US: MitriDAT Web Calendar
CVE-2006-0834 (Uniden UIP1868P VoIP Telephone and Router has a default password of ...)
	NOT-FOR-US: Uniden UIP1868P VoIP Telephone
CVE-2006-0833 (Multiple cross-site scripting (XSS) vulnerabilities in Barracuda ...)
	NOT-FOR-US: Barracuda Directory
CVE-2006-0832 (Multiple SQL injection vulnerabilities in admin.asp in WPC.easy allow ...)
	NOT-FOR-US: WPC.easy
CVE-2006-0831 (PHP remote file include vulnerability in index.php in Tasarim Rehberi ...)
	NOT-FOR-US: Tasarim Rehberi
CVE-2006-0830 (The scripting engine in Internet Explorer allows remote attackers to ...)
	NOT-FOR-US: Microsoft
CVE-2006-0829 (Cross-site scripting vulnerability in E-Blah Platinum 9.7 allows ...)
	NOT-FOR-US: E-Blah Platinum
CVE-2006-0828 (Unspecified vulnerability in ESS/ Network Controller and MicroServer ...)
	NOT-FOR-US: Xerox WorkCentre / ESS/ Network Controller
CVE-2006-0827 (Cross-site scripting vulnerability in ESS/ Network Controller and ...)
	NOT-FOR-US: Xerox WorkCentre / ESS/ Network Controller
CVE-2006-0826 (Unspecified vulnerability in ESS/ Network Controller and MicroServer ...)
	NOT-FOR-US: Xerox WorkCentre / ESS/ Network Controller
CVE-2006-0825 (Multiple unspecified vulnerabilities in ESS/ Network Controller and ...)
	NOT-FOR-US: Xerox WorkCentre / ESS/ Network Controller
CVE-2006-0824 (Multiple unspecified vulnerabilities in lib-common.php in Geeklog ...)
	NOT-FOR-US: Geeklog
CVE-2006-0823 (Multiple SQL injection vulnerabilities in Geeklog 1.4.0 before ...)
	NOT-FOR-US: Geeklog
CVE-2006-0822 (Unspecified vulnerability in EmuLinker Kaillera Server before 0.99.17 ...)
	NOT-FOR-US: EmuLinker Kaillera Server
CVE-2006-0821 (SQL injection vulnerability in index.php in BXCP 0.299 allows remote ...)
	NOT-FOR-US: BXCP
CVE-2006-0820 (Cross-site scripting (XSS) vulnerability in Dwarf HTTP Server 1.3.2 ...)
	NOT-FOR-US: Dwarf HTTP Server
CVE-2006-0819 (Dwarf HTTP Server 1.3.2 allows remote attackers to obtain the source ...)
	NOT-FOR-US: Dwarf HTTP Server
CVE-2006-0818 (Absolute path directory traversal vulnerability in (1) MERAK Mail Server for ...)
	NOT-FOR-US: MERAK Mail Server and VisNetic MailServer
CVE-2006-0817 (Absolute path directory traversal vulnerability in (a) MERAK Mail ...)
	NOT-FOR-US: MERAK Mail Server and VisNetic MailServer
CVE-2006-0816 (Orion Application Server before 2.0.7, when running on Windows, allows ...)
	NOT-FOR-US: Orion Application Server
CVE-2006-0815 (NetworkActiv Web Server 3.5.15 allows remote attackers to read script ...)
	NOT-FOR-US: NetworkActiv Web Server
CVE-2006-0814 (response.c in Lighttpd 1.4.10 and possibly previous versions, when run ...)
	NOT-FOR-US: Lighttpd under windows
CVE-2006-0813 (Heap-based buffer overflow in WinACE 2.60 allows user-assisted ...)
	NOT-FOR-US: WinACE
CVE-2006-0812 (The VisNetic AntiVirus Plug-in (DKAVUpSch.exe) for Mail Server ...)
	NOT-FOR-US: WinACE VisNetic AntiVirus
CVE-2005-4727 (Cross-site scripting (XSS) vulnerability in gbook.cgi in gBook before ...)
	NOT-FOR-US: gBook
CVE-2004-2654 (The clientAbortBody function in client_side.c in Squid Web Proxy Cache ...)
	- squid 2.5.6
CVE-2006-0811 (Cross-site scripting (XSS) vulnerability in reguser.php in Skate Board ...)
	NOT-FOR-US: Skate Board
CVE-2006-0810 (Unspecified vulnerability in config.php in Skate Board 0.9 allows ...)
	NOT-FOR-US: Skate Board
CVE-2006-0809 (Multiple SQL injection vulnerabilities in Skate Board 0.9 allow remote ...)
	NOT-FOR-US: Skate Board
CVE-2006-0808 (MUTE 0.4 allows remote attackers to cause a denial of service ...)
	NOT-FOR-US: MUTE
CVE-2006-0807 (Stack-based buffer overflow in NJStar Chinese and Japanese Word ...)
	NOT-FOR-US: NJStar
CVE-2006-0806 (Multiple cross-site scripting (XSS) vulnerabilities in ADOdb 4.71, as ...)
	{DSA-1031-1 DSA-1030-1 DSA-1029-1}
	- libphp-adodb 4.72-0.1 (bug #358872; medium)
	- moodle 1.6.1+20060825-1 (bug #360396; medium)
	NOTE: according to maintainer, "Moodle neither uses nor plans to use
	NOTE: ADODB_Pager, so it's not affected by #360396, but include patch for
	NOTE: it anyway, just in case somebody decides to use it out of the blue
CVE-2006-0805 (The CAPTCHA functionality in php-Nuke 6.0 through 7.9 uses fixed ...)
	NOT-FOR-US: php-Nuke
CVE-2006-0804 (Off-by-one error in TIN 1.8.0 and earlier might allow attackers to ...)
	- tin 1:1.8.2-1
	[sarge] - tin <not-affected> (Vulnerable code not present)
CVE-2006-0803 (The signature verification functionality in the YaST Online Update ...)
	NOT-FOR-US: YaSt Online Update
CVE-2006-0802 (Cross-site scripting (XSS) vulnerability in the NS-Languages module ...)
	NOT-FOR-US: PostNuke
CVE-2006-0801 (SQL injection vulnerability in the NS-Languages module for PostNuke ...)
	NOT-FOR-US: PostNuke
CVE-2006-0800 (Interpretation conflict in PostNuke 0.761 and earlier allows remote ...)
	NOT-FOR-US: PostNuke
CVE-2006-0799 (Microsoft Internet Explorer allows remote attackers to spoof a ...)
	NOT-FOR-US: Microsoft
CVE-2006-0798 (Multiple directory traversal vulnerabilities in the IMAP service in ...)
	NOT-FOR-US: Macallan Mail Solution
CVE-2006-0797 (Nokia N70 cell phone allows remote attackers to caues a denial of ...)
	NOT-FOR-US: Nokia cell phone
CVE-2006-0796 (Cross-site scripting (XSS) vulnerability in default.php in Clever Copy ...)
	NOT-FOR-US: Clever Copy
CVE-2006-0795 (Absolute path traversal vulnerability in convert.cgi in Quirex 2.0.2 ...)
	NOT-FOR-US: Quirex
CVE-2006-0794 (help.php in V-webmail 1.6.2 allows remote attackers to obtain the ...)
	NOT-FOR-US: V-webmail
CVE-2006-0793 (frameset.php in V-webmail 1.6.2 allows remote attackers to conduct ...)
	NOT-FOR-US: V-webmail
CVE-2006-0792 (Cross-site scripting (XSS) vulnerability in preferences.personal.php ...)
	NOT-FOR-US: V-webmail
CVE-2006-0791 (PHP remote file inclusion vulnerability in index.php in DreamCost ...)
	NOT-FOR-US: DreamCost HostAdmin
CVE-2006-0790 (Rockliffe MailSite 7.0 and earlier allows remote attackers to cause a ...)
	NOT-FOR-US: Rockliffe MailSite
CVE-2006-0789 (Certain unspecified Kyocera printers have a default &quot;admin&quot; account ...)
	NOT-FOR-US: Kyocera printers
CVE-2006-0788 (Kyocera 3830 (aka FS-3830N) printers have a back door that allows ...)
	NOT-FOR-US: Kyocera printers
CVE-2006-0787 (wimpy_trackplays.php in Plaino Wimpy MP3 Player, possibly 5.2 and ...)
	NOT-FOR-US: Plaino Wimpy
CVE-2006-0786 (Incomplete blacklist vulnerability in include.php in PHPKIT 1.6.1 ...)
	NOT-FOR-US: PHPKIT
CVE-2006-0785 (Absolute path traversal vulnerability in include.php in PHPKIT 1.6.1 ...)
	NOT-FOR-US: PHPKIT
CVE-2006-0784 (D-Link DWL-G700AP with firmware 2.00 and 2.01 allows remote attackers ...)
	NOT-FOR-US: D-Link hardware
CVE-2006-0783 (Cross-site scripting (XSS) vulnerability in page.php in in Siteframe ...)
	NOT-FOR-US: Siteframe Beaumont
CVE-2006-0782 (Unspecified vulnerability in weblog.pl in PerlBlog 1.09b and earlier ...)
	NOT-FOR-US: PerlBlog
CVE-2006-0781 (Directory traversal vulnerability in weblog.pl in PerlBlog 1.09b and ...)
	NOT-FOR-US: PerlBlog
CVE-2006-0780 (Multiple cross-site scripting (XSS) vulnerabilities in weblog.pl in ...)
	NOT-FOR-US: PerlBlog
CVE-2006-0779 (Cross-site scripting (XSS) vulnerability in u2u.php in XMB Forums ...)
	NOT-FOR-US: XMB Forums
CVE-2006-0778 (Multiple SQL injection vulnerabilities in XMB Forums 1.9.3 and earlier ...)
	NOT-FOR-US: XMB Forums
CVE-2006-0777 (Unspecified vulnerability in guestex.pl in Teca Scripts Guestex 1.0 ...)
	NOT-FOR-US: Teca Scripts Guestex
CVE-2006-0776 (Cross-site scripting (XSS) vulnerability in guestex.pl in Teca Scripts ...)
	NOT-FOR-US: Teca Scripts Guestex
CVE-2006-0775 (Multiple SQL injection vulnerabilities in show.php in BirthSys 3.1 ...)
	NOT-FOR-US: BirthSys
CVE-2006-0774 (SQL injection vulnerability in deleteSession() in DB_eSession library ...)
	NOT-FOR-US: DB_eSession
CVE-2006-0773 (Cross-site scripting (XSS) vulnerability in Hitachi Business Logic - ...)
	NOT-FOR-US: Hitachi Business Logic
CVE-2006-0772 (SQL injection vulnerability in Hitachi Business Logic - Container ...)
	NOT-FOR-US: Hitachi Business Logic
CVE-2006-0771 (Format string vulnerability in PunkBuster 1.180 and earlier, as used ...)
	NOT-FOR-US: PunkBuster
CVE-2006-0770 (Cross-site scripting (XSS) vulnerability in calendar.php in ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2006-0769 (Unspecified vulnerability in in.rexecd in Solaris 10 allows local ...)
	NOT-FOR-US: Solaris
CVE-2006-0768 (Kadu 0.4.3 allows remote attackers to cause a denial of service ...)
	NOT-FOR-US: Kadu
CVE-2006-0767 (CGIWrap before 3.10 allows remote attackers to obtain sensitive ...)
	- cgiwrap 3.9-3.1
	[sarge] - cgiwrap <no-dsa> (Only leaks information about the existance of users on a system)
CVE-2006-0766 (ICQ Inc. (formerly Mirabilis) ICQ 2003a, 2003b, Lite 4.0, Lite 4.1, ...)
	NOT-FOR-US: ICQ
CVE-2006-0765 (GUI display truncation vulnerability in ICQ Inc. (formerly Mirabilis) ...)
	NOT-FOR-US: ICQ
CVE-2006-0764 (The Authentication, Authorization, and Accounting (AAA) capability in ...)
	NOT-FOR-US: Cisco
CVE-2006-0763 (Cross-site scripting (XSS) vulnerability in dowebmailforward.cgi in ...)
	NOT-FOR-US: cPanel (not the same as in the cpanel package)
CVE-2006-0762 (WinAbility Folder Guard 4.11 allows local users to gain unauthorized ...)
	NOT-FOR-US: WinAbility Folder Guard
CVE-2006-0761 (Buffer overflow in BlackBerry Attachment Service in Research in Motion ...)
	NOT-FOR-US: BlackBerry
CVE-2006-0760 (LightTPD 1.4.8 and earlier, when the web root is on a case-insensitive ...)
	NOT-FOR-US: LightTPD on windows
CVE-2006-0759 (Multiple SQL injection vulnerabilities in HiveMail 1.3 and earlier ...)
	NOT-FOR-US: HiveMail
CVE-2006-0758 (Multiple cross-site scripting (XSS) vulnerabilities in HiveMail 1.3 ...)
	NOT-FOR-US: HiveMail
CVE-2006-0757 (Multiple eval injection vulnerabilities in HiveMail 1.3 and earlier ...)
	NOT-FOR-US: HiveMail
CVE-2006-0756 (** DISPUTED ** ...)
	NOT-FOR-US: dotProject
CVE-2006-0755 (** DISPUTED ** ...)
	NOT-FOR-US: dotProject
CVE-2006-0754 (** DISPUTED ** ...)
	NOT-FOR-US: dotProject
CVE-2006-0753 (Memory leak in Microsoft Internet Explorer 6 for Windows XP Service ...)
	NOT-FOR-US: Microsoft
CVE-2006-0752 (Niels Provos Honeyd before 1.5 replies to certain illegal IP packet ...)
	- honeyd 1.5a-1 (bug #353064; low)
	[sarge] - honeyd <no-dsa> (Too insignificant)
CVE-2006-0751 (Multiple unspecified vulnerabilities in the (1) Filesystem in ...)
	NOT-FOR-US: Network Object Oriented File System (NOOFS)
CVE-2006-0750 (SQL injection vulnerability in army.php in supersmashbrothers (SSB) ...)
	NOT-FOR-US: supersmashbrothers
CVE-2006-0749 (nsHTMLContentSink.cpp in Mozilla Firefox and Thunderbird 1.x before ...)
	{DSA-1051-1 DSA-1046-1 DSA-1044-1}
	- firefox 1.5.dfsg+1.5.0.2 (low)
	- mozilla-firefox 1.5.dfsg+1.5.0.2 (low)
	- mozilla 2:1.7.13-0.1 (low)
	- thunderbird 1.5.0.2-1 (low)
	[sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8 (low)
CVE-2006-0748 (Mozilla Firefox and Thunderbird 1.x before 1.5.0.2 and 1.0.x before ...)
	{DSA-1051-1 DSA-1046-1 DSA-1044-1}
	- firefox 1.5.dfsg+1.5.0.2-1 (high)
	- mozilla-firefox 1.5.dfsg+1.5.0.2-1 (high)
	- mozilla 2:1.7.13-0.1 (high)
	- thunderbird 1.5.0.2-1 (high)
	[sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8 (high)
	- xulrunner 1.8.0.1-9
CVE-2006-0747 (Integer underflow in Freetype before 2.2 allows remote attackers to ...)
	{DSA-1095-1}
	- freetype 2.2.1-1 (medium)
CVE-2006-0746 (Certain patches for kpdf do not include all relevant patches from xpdf ...)
	{DSA-1008-1}
	- kdegraphics 3.5.0-3
	NOTE: Only affected the 3.3.2 KDE backport
CVE-2006-0745 (X.Org server (xorg-server) 1.0.0 and later, X11R6.9.0, and X11R7.0 ...)
	- xorg-x11 6.9.0.dfsg.1-5 (bug #360388; medium)
	- xorg-server 1:1.0.2-1 (bug #378465; medium)
	- xfree86 <not-affected>
CVE-2006-0744 (Linux kernel before 2.6.16.5 does not properly handle uncanonical ...)
	{DSA-1103}
	- linux-2.6 2.6.16-7
CVE-2006-0743 (Format string vulnerability in LocalSyslogAppender in Apache log4net ...)
	NOT-FOR-US: Log4Net
CVE-2006-0742 (The die_if_kernel function in arch/ia64/kernel/unaligned.c in Linux ...)
	{DSA-1103 DSA-1097-1}
	- linux-2.6 2.6.15-8
CVE-2006-0741 (Linux kernel before 2.6.15.5, when running on Intel processors, allows ...)
	{DSA-1103 DSA-1097-1}
	- linux-2.6 2.6.15-8
CVE-2006-0740
	RESERVED
CVE-2006-0739 (eStara SIP softphone allows remote attackers to cause a denial of ...)
	NOT-FOR-US: eStara SIP softphone
CVE-2006-0738 (Multiple format string vulnerabilities in eStara SIP softphone allow ...)
	NOT-FOR-US: eStara SIP softphone
CVE-2006-0737 (eStara SIP softphone allows remote attackers to cause a denial of ...)
	NOT-FOR-US: eStara SIP softphone
CVE-2006-0736 (Stack-based buffer overflow in the pam_micasa PAM authentication ...)
	NOT-FOR-US: pam_micasa / Novell
CVE-2005-4726 (MUTE 0.4 uses improper flood protection algorithms, which allows ...)
	NOT-FOR-US: MUTE
CVE-2005-4725 (Geeklog before 1.3.11sr3 allows remote attackers to bypass intended ...)
	NOT-FOR-US: Geeklog
CVE-2005-4724 (SQL injection vulnerability in post.php in PhpTagCool 1.0.3 allows ...)
	NOT-FOR-US: PhpTagCool
CVE-2006-2440 (Heap-based buffer overflow in the libMagick componet of ImageMagick ...)
	{DSA-1168-1}
	- imagemagick 6:6.2.4.5-0.6 (bug #345595)
CVE-2006-0735 (Cross-site scripting (XSS) vulnerability in BBcode.pm in M. Blom ...)
	NOT-FOR-US: My Blog
CVE-2006-0734 (The SV_CheckForDuplicateNames function in Valve Software Half-Life ...)
	NOT-FOR-US: Half-Life
CVE-2006-0733 (** DISPUTED ** Cross-site scripting (XSS) vulnerability in WordPress ...)
	- wordpress <unfixed> (unimportant)
CVE-2006-0732 (Directory traversal vulnerability in SAP Business Connector (BC) 4.6 ...)
	NOT-FOR-US: SAP Business Connector
CVE-2006-0731 (WmRoot/adapter-index.dsp in SAP Business Connector Core Fix 7 and ...)
	NOT-FOR-US: SAP Business Connector
CVE-2006-0730 (Multiple unspecified vulnerabilities in Dovecot before 1.0beta3 allow ...)
	- dovecot 1.0.beta3-1 (bug #353341; medium)
	[sarge] - dovecot <not-affected> (Vulnerable code was introduced in 1.0beta1)
CVE-2006-0729 (SQL injection vulnerability in functions.php in Teca Diary PE 1.0 ...)
	NOT-FOR-US: Teca Diary
CVE-2006-0728 (SQL injection vulnerability in search.php in webSPELL 4.01.00 and ...)
	NOT-FOR-US: webSPELL
CVE-2006-0727 (SQL injection vulnerability in mstrack.php in MusOX DF MSAnalysis ...)
	NOT-FOR-US: MusOX DF
CVE-2006-0726 (Cross-site scripting (XSS) vulnerability in linking.php in CPG-Nuke ...)
	NOT-FOR-US: CPG-Nuke
CVE-2006-0725 (PHP remote file inclusion vulnerability in prepend.php in Plume CMS ...)
	NOT-FOR-US: Plume CMS
CVE-2006-0724 (profile.php in Reamday Enterprises Magic News Lite 1.2.3, when ...)
	NOT-FOR-US: Reamday Enterprises Magic News Lite
CVE-2006-0723 (PHP remote file inclusion vulnerability in preview.php in Reamday ...)
	NOT-FOR-US: Reamday Enterprises Magic News Lite
CVE-2006-0722 (settings.php in Reamday Enterprises Magic Downloads 1.1.3, when ...)
	NOT-FOR-US: Reamday Enterprises Magic News Lite
CVE-2006-0721 (SQL injection vulnerability in pmlite.php in RunCMS 1.2 and 1.3a ...)
	NOT-FOR-US: RunCMS
CVE-2006-0720 (Stack-based buffer overflow in Nullsoft Winamp 5.12 and 5.13 allows ...)
	NOT-FOR-US: Winamp
CVE-2006-0719 (SQL injection vulnerability in member_login.php in PHP Classifieds ...)
	NOT-FOR-US: PHP Classifieds
CVE-2006-0718 (The Internet Key Exchange version 1 (IKEv1) implementation in Avaya ...)
	NOT-FOR-US: Avaya VSU
CVE-2006-0717 (IBM Tivoli Directory Server 6.0 allows remote attackers to cause a ...)
	NOT-FOR-US: Tivoli
CVE-2006-0716 (SQL injection vulnerability in index.php in sNews 1.3 allows remote ...)
	NOT-FOR-US: sNews
CVE-2006-0715 (Cross-site scripting (XSS) vulnerability in sNews 1.3 allows remote ...)
	NOT-FOR-US: sNews
CVE-2006-0714 (Directory traversal vulnerability in the installation file ...)
	- flyspray <not-affected> (Vulnerable code not included in Debian)
CVE-2006-0713 (Directory traversal vulnerability in LinPHA 1.0 allows remote ...)
	NOT-FOR-US: LinPHA
CVE-2006-0712 (mail_html template in Squishdot 1.5.0 and earlier does not properly ...)
	NOT-FOR-US: Squishdot
CVE-2006-0711 (The (1) addfolder and (2) deletefolder functions in neomail-prefs.pl ...)
	NOT-FOR-US: NeoMail
CVE-2006-0710 (Double free vulnerability in isode.eddy in Isode M-Vault Server 11.3 ...)
	NOT-FOR-US: Isode M-Vault
CVE-2006-0709 (Buffer overflow in Metamail 2.7-50 allows remote attackers to cause a ...)
	{DSA-995-1}
	- metamail 2.7-51 (bug #352482; bug #353539)
CVE-2006-0708 (Multiple buffer overflows in NullSoft Winamp 5.13 and earlier allow ...)
	NOT-FOR-US: Winamp
CVE-2006-0707 (PyBlosxom before 1.3.2, when running on certain webservers, allows ...)
	- pyblosxom 1.3.2-1 (high)
	[sarge] - pyblosxom <not-affected> (Vulnerable path handling code not present)
CVE-2006-0706 (Cross-site scripting vulnerability in eintrag.php in G&#228;stebuch ...)
	NOT-FOR-US: Gaestebuch
CVE-2006-0705 (Format string vulnerability in a logging function as used by various ...)
	NOT-FOR-US: Proprietary SFTP servers
CVE-2006-0704 (iE Integrator 4.4.220114, when configured without a &quot;bespoke error ...)
	NOT-FOR-US: iE Integrator
CVE-2006-0703 (Unspecified vulnerability in index.php in imageVue 16.1 has unknown ...)
	NOT-FOR-US: imageVue
CVE-2006-0702 (admin/upload.php in imageVue 16.1 allows remote attackers to upload ...)
	NOT-FOR-US: imageVue
CVE-2006-0701 (readfolder.php in imageVue 16.1 allows remote attackers to list ...)
	NOT-FOR-US: imageVue
CVE-2006-0700 (imageVue 16.1 allows remote attackers to obtain folder permission ...)
	NOT-FOR-US: imageVue
CVE-2006-0699 (Cross-site scripting (XSS) vulnerability in search.php in QWikiWiki ...)
	NOT-FOR-US: QWikiWiki
CVE-2006-0698 (Unspecified vulnerabilities in Zen Cart before 1.2.7 allow remote ...)
	NOT-FOR-US: Zen Cart
CVE-2006-0697 (Zen Cart before 1.2.7 does not protect the admin/includes directory, ...)
	NOT-FOR-US: Zen Cart
CVE-2006-0696 (SQL injection vulnerability in Zen Cart before 1.2.7 allows remote ...)
	NOT-FOR-US: Zen Cart
CVE-2006-0695 (Ansilove before 1.03 does not filter uploaded file extensions, which ...)
	NOT-FOR-US: Ansilove
CVE-2006-0694 (Unspecified vulnerability in the loaders (load_*.php) in Ansilove ...)
	NOT-FOR-US: Ansilove
CVE-2006-0693 (Multiple SQL injection vulnerabilities in rb_auth.php in Roberto Butti ...)
	NOT-FOR-US: Roberto Butti CALimba
CVE-2006-0692 (Multiple SQL injection vulnerabilities in Carey Briggs PHP/MYSQL ...)
	NOT-FOR-US: Carey Briggs Timesheet
CVE-2006-0691 (edituser.php in TTS Time Tracking Software 3.0 does not verify that ...)
	NOT-FOR-US: TTS Time Tracking Software
CVE-2006-0690 (Multiple SQL injection vulnerabilities in TTS Time Tracking Software ...)
	NOT-FOR-US: TTS Time Tracking Software
CVE-2006-0689 (Cross-site scripting (XSS) vulnerability in the Registration Form in ...)
	NOT-FOR-US: TTS Time Tracking Software
CVE-2006-0688 (PHP remote file include vulnerability in application.php in ...)
	NOT-FOR-US: nicecoder.com indexu
CVE-2006-0687 (process.php in DocMGR 0.54.2 does not initialize the $siteModInfo ...)
	NOT-FOR-US: DocMGR
CVE-2006-0686 (add_user.php in Virtual Hosting Control System (VHCS) 2.4.7.1 and ...)
	NOT-FOR-US: Virtual Hosting Control System
CVE-2006-0685 (The check_login function in login.php in Virtual Hosting Control ...)
	NOT-FOR-US: Virtual Hosting Control System
CVE-2006-0684 (change_password.php in Virtual Hosting Control System (VHCS) 2.4.7.1 ...)
	NOT-FOR-US: Virtual Hosting Control System
CVE-2006-0683 (Cross-site scripting (XSS) vulnerability in Virtual Hosting Control ...)
	NOT-FOR-US: Virtual Hosting Control System
CVE-2006-0682 (Multiple cross-site scripting (XSS) vulnerabilities in bbcodes system ...)
	NOT-FOR-US: e107
CVE-2006-0681 (Format string vulnerability in powerd.c in Power Daemon (powerd) 2.0.2 ...)
	NOT-FOR-US: powerd
	NOTE: powerd supposedly normally comes with sysvinit, but not in debian
CVE-2006-0680 (Unspecified vulnerability in WebGUI before 6.8.6-gamma allows remote ...)
	NOT-FOR-US: WebGUI
CVE-2006-0679 (SQL injection vulnerability in index.php in the Your_Account module in ...)
	NOT-FOR-US: PHP-Nuke
CVE-2006-0678 (PostgreSQL 7.3.x before 7.3.14, 7.4.x before 7.4.12, 8.0.x before ...)
	NOTE: Only vulnerable when compiled with asserts
	- postgresql <unfixed> (unimportant)
	- postgresql-8.0 8.0.7-1 (unimportant)
	- postgresql-8.1 8.1.3-1 (unimportant)
CVE-2005-4723 (D-Link DI-524 Wireless Router, DI-624 Wireless Router, and DI-784 ...)
	NOT-FOR-US: D-Link hardware
CVE-2005-4722 (_Request_Message.cfm in tmsPUBLISHER 3.3 allows remote attackers to ...)
	NOT-FOR-US: tmsPUBLISHER
CVE-2005-4721 (Cross-site scripting (XSS) vulnerability in search.cfm in tmsPUBLISHER ...)
	NOT-FOR-US: tmsPUBLISHER
CVE-2005-4720 (Mozilla Firefox 1.0.7 and earlier on Linux allows remote attackers to ...)
	{DSA-1044-1}
	- mozilla-firefox 1.5.dfsg+1.5.0.2 (low)
	- firefox 1.5.dfsg-1
CVE-2005-4719 (Multiple SQL injection vulnerabilities in Sysbotz Systems Panel 1.0.6 ...)
	NOT-FOR-US: Sysbotz Systems Panel
CVE-2005-4718 (Opera 8.02 and earlier allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Opera
CVE-2005-4717 (Microsoft Internet Explorer 6.0 on Windows NT 4.0 SP6a, Windows 2000 ...)
	NOT-FOR-US: Microsoft
CVE-2005-4716 (Hitachi TP1/Server Base and TP1/NET/Library 2 on IBM AIX allow remote ...)
	NOT-FOR-US: Hitachi TP1
CVE-2006-0677 (telnetd in Heimdal 0.6.x before 0.6.6 and 0.7.x before 0.7.2 allows ...)
	{DSA-977-1}
	- heimdal 0.7.2-1
CVE-2006-0676 (Cross-site scripting (XSS) vulnerability in header.php in PHP-Nuke 6.0 ...)
	NOT-FOR-US: PHP-Nuke
CVE-2006-0675 (Cross-site scripting (XSS) vulnerability in search.php in Siteframe ...)
	NOT-FOR-US: SiteFrame
CVE-2006-0674 (Buffer overflow in the arp command of IBM AIX 5.3 L, 5.3, 5.2.2, 5.2 ...)
	NOT-FOR-US: IBM AIX
CVE-2006-0673 (Multiple SQL injection vulnerabilities in cms/index.php in Magic ...)
	NOT-FOR-US: Magic Calendar Lite
CVE-2006-0672 (Unspecified vulnerability in HP PSC 1210 All-in-One Drivers before ...)
	NOT-FOR-US: HP PSC 1210 All-in-One printer
CVE-2006-0671 (Buffer overflow in Sony Ericsson K600i, V600i, W800i, and T68i cell ...)
	NOT-FOR-US: Sony Ericsson
CVE-2006-0670 (Buffer overflow in l2cap.c in hcidump 1.29 allows remote attackers to ...)
	{DSA-990-1}
	- bluez-hcidump 1.30-1 (bug #351881; medium)
CVE-2006-0669 (** DISPUTED ** ...)
	NOT-FOR-US: Forum Light
CVE-2006-0668 (SQL injection vulnerability in index.php in PwsPHP 1.2.3 allows remote ...)
	NOT-FOR-US: PwsPHP
CVE-2006-0667 (lscfg in IBM AIX 5.2 and 5.3 allows local users to modify arbitrary ...)
	NOT-FOR-US: AIX
CVE-2006-0666 (Unspecified vulnerability in the (1) unix_mp and (2) unix_64 kernels ...)
	NOT-FOR-US: AIX
CVE-2006-0665 (Unspecified vulnerability in (1) query_store.php and (2) ...)
	{DSA-1133-1}
	- mantis 0.19.4-3
	[woody] - mantis <not-affected> (Complete rewrite in 0.19)
CVE-2006-0664 (Cross-site scripting (XSS) vulnerability in config_defaults_inc.php in ...)
	{DSA-1133-1}
	- mantis 0.19.4-3
	[woody] - mantis <not-affected> (Complete rewrite in 0.19)
CVE-2006-0663 (Multiple cross-site scripting (XSS) vulnerabilities in Lotus Domino ...)
	NOT-FOR-US: Lotus Domino
CVE-2006-0662 (Cross-site scripting (XSS) vulnerability in Lotus Domino iNotes Client ...)
	NOT-FOR-US: Lotus Domino
CVE-2006-0661 (Cross-site scripting (XSS) vulnerability in Scriptme SmE GB Host 1.21 ...)
	NOT-FOR-US: SmE GB Host
CVE-2006-0660 (Multiple directory traversal vulnerabilities in FarsiNews 2.5 and ...)
	NOT-FOR-US: FarsiNews
CVE-2006-0659 (Multiple PHP remote file include vulnerabilities in RunCMS 1.2 and ...)
	NOT-FOR-US: Runcms
CVE-2006-0658 (Incomplete blacklist vulnerability in connector.php in FCKeditor 2.0 ...)
	- knowledgeroot <not-affected> (fixed before first upload; see bug #381912)
	- moin 1.5.8-4.1
	[etch] - moin <not-affected> (Vulnerable php code not present)
	- karrigell <not-affected> (Vulnerable php code not present)
CVE-2006-0657 (Cross-site scripting (XSS) vulnerability in Softcomplex PHP Event ...)
	NOT-FOR-US: Softcomplex
CVE-2006-0656 (Directory traversal vulnerability in HP Systems Insight Manager 4.2 ...)
	NOT-FOR-US: HP
CVE-2006-0655 (Multiple cross-site scripting (XSS) vulnerabilities in (1) ...)
	NOT-FOR-US: Hinton Design phpht Topsites
CVE-2006-0654 (check.php in Hinton Design phpht Topsites 1.3 does not validate ...)
	NOT-FOR-US: Hinton Design phpht Topsites
CVE-2006-0653 (Multiple SQL injection vulnerabilities in Hinton Design phpht Topsites ...)
	NOT-FOR-US: Hinton Design phpht Topsites
CVE-2006-0652 (WHMCompleteSolution (WHMCS) before 2.3 assigns incorrect permissions ...)
	NOT-FOR-US: WHMCompleteSolution
CVE-2006-0651 (SQL injection vulnerability in index.php in vwdev allows remote ...)
	NOT-FOR-US: vwdev
CVE-2006-0650 (Cross-site scripting (XSS) vulnerability in cpaint2.inc.php in the ...)
	NOT-FOR-US: CPAINT
CVE-2006-0649 (Cross-site scripting (XSS) vulnerability in DataparkSearch before 4.37 ...)
	NOT-FOR-US: DataparkSearch
CVE-2006-0648 (Multiple directory traversal vulnerabilities in PHP iCalendar 2.0.1, ...)
	NOT-FOR-US: PHP iCalendar
CVE-2006-0647 (LDAP service in Sun Java System Directory Server 5.2, running on Linux ...)
	NOT-FOR-US: Sun Java System Directory Server
CVE-2006-0646 (ld in SUSE Linux 9.1 through 10.0, and SLES 9, in certain ...)
	- binutils <not-affected> (SuSE specific vulnerability)
CVE-2006-0645 (Tiny ASN.1 Library (libtasn1) before 0.2.18, as used by (1) GnuTLS ...)
	{DSA-986-1 DSA-985-1}
	- libtasn1-2 <removed> (bug #352182; bug #365234)
	NOTE: upload of libtasn1-2 0.3.1-1 was reverted in 1:0.2.17-2 because of soname change
	- libtasn1-3 0.3.4-1
	- gnutls13 1.3.5-1
	- gnutls12 1.2.11-1
	- gnutls11 <unfixed>
CVE-2005-4715 (Multiple SQL injection vulnerabilities in modules.php in PHP-Nuke 7.8, ...)
	NOT-FOR-US: PHP-Nuke
CVE-2005-4714 (Format string vulnerability in the vmps_log function in OpenVMPS (VLAN ...)
	NOT-FOR-US: OpenVMPS
CVE-2005-4713 (Unspecified vulnerability in the SQL logging facility in PAM-MySQL ...)
	- pam-mysql 0.6.2-1 (bug #353589; low)
	[sarge] - pam-mysql <not-affected> (Vulnerable code not present)
CVE-2005-4712 (CRLF injection vulnerability in process_signup.php in PHP Handicapper ...)
	NOT-FOR-US: Handicapper
CVE-2006-XXXX [dpkg-sig: insecure temp file bug]
	- dpkg-sig 0.13 (bug #352723; low)
	[sarge] - dpkg-sig <no-dsa> (Only affected in debug mode)
CVE-2006-2441 (Pioneers meta-server before 0.9.55, when the server-console is not ...)
	- pioneers 0.9.55-1 (bug #351986; medium)
	[sarge] - gnocatan <not-affected> (Not exploitable in Sarge per maintainer)
CVE-2006-0644 (Multiple directory traversal vulnerabilities in install.php in ...)
	NOT-FOR-US: CPG-Nuke Dragonfly CMS
CVE-2006-0643 (Cross-site scripting (XSS) vulnerability in WiredRed e/pop Web ...)
	NOT-FOR-US: WiredRed e/pop Web Conferencing
CVE-2006-0642 (Trend Micro ServerProtect 5.58, and possibly InterScan Messaging ...)
	NOT-FOR-US: Trend Micro
CVE-2006-0641 (Orbicule Undercover uses a third-party web server to determine the IP ...)
	NOT-FOR-US: Orbicule Undercover
CVE-2006-0640 (Orbicule Undercover allows attackers with physical or root access to ...)
	NOT-FOR-US: Orbicule Undercover
CVE-2006-0639 (Cross-site scripting (XSS) vulnerability in search.php in MyBB (aka ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2006-0638 (SQL injection vulnerability in moderation.php in MyBB (aka ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2006-0637 (Buffer overflow in cram.dll in QUALCOMM Eudora WorldMail 3.0 allows ...)
	NOT-FOR-US: QUALCOMM Eudora WorldMail
CVE-2006-0636 (desktop.php in eyeOS 0.8.9 and earlier tests for the existence of the ...)
	NOT-FOR-US: eyeOS
CVE-2006-0635 (Tiny C Compiler (TCC) 0.9.23 (aka TinyCC) evaluates the ...)
	- tcc 0.9.24~cvs20070502-1 (bug #352202; low)
	[sarge] - tcc <no-dsa> (Only incorrect code gen, hardly any production use)
	[etch] - tcc <no-dsa> (Documented as insecure; only incorrect code gen, hardly any production use)
CVE-2006-0634 (Borland C++Builder 6 (BCB6) with Update Pack 4 Enterprise edition ...)
	NOT-FOR-US: Borland C++Builder
CVE-2006-0633 (The make_password function in ipsclass.php in Invision Power Board ...)
	NOT-FOR-US: Invision Power Board
CVE-2006-0632 (The gen_rand_string function in phpBB 2.0.19 uses insufficiently ...)
	- phpbb2 2.0.20 (low)
	[sarge] - phpbb2 <no-dsa> (Minor issue)
	NOTE: According to maintainers phpbb2 doesn't have useful countermeasures against
	NOTE: brute-force password guessing and as password seeding is based on milliseconds
	NOTE: NTP-timed attacks may even be in the area of a couple thousands attempts
	NOTE: instead of a million
	NOTE: Fixed in 2.0.20
CVE-2006-0631 (CRLF injection vulnerability in mailback.pl in Erik C. Thauvin ...)
	NOT-FOR-US: Erik C. Thauvin mailback
CVE-2006-0630 (RITLabs The Bat! before 3.0.0.15 displays certain important headers ...)
	NOT-FOR-US: The Bat!
CVE-2006-0629 (Unspecified vulnerability in AOL Instant Messenger (AIM) 5.9.3861 ...)
	NOT-FOR-US: AIM
CVE-2006-0628 (myquiz.pl in Dale Ray MyQuiz 1.01 allows remote attackers to execute ...)
	NOT-FOR-US: Dale Ray MyQuiz
CVE-2006-0627 (Cross-site scripting (XSS) vulnerability in Clever Copy 2.0, 2.0a, and ...)
	NOT-FOR-US: Clever Copy
CVE-2006-0624 (SQL injection vulnerability in check.asp in Whomp Real Estate Manager ...)
	NOT-FOR-US: Whomp Real Estate Manager
CVE-2006-0623 (QNX Neutrino RTOS 6.3.0 ships /etc/rc.d/rc.local with world-writable ...)
	NOT-FOR-US: QNX
CVE-2006-0622 (QNX Neutrino RTOS 6.3.0 allows local users to cause a denial of ...)
	NOT-FOR-US: QNX
CVE-2006-0621 (Multiple buffer overflows in QNX Neutrino RTOS 6.2.0 allow local users ...)
	NOT-FOR-US: QNX
CVE-2006-0620 (Race condition in phfont in QNX Neutrino RTOS 6.2.1 allows local users ...)
	NOT-FOR-US: QNX
CVE-2006-0619 (Multiple stack-based buffer overflows in QNX Neutrino RTOS 6.3.0 allow ...)
	NOT-FOR-US: QNX
CVE-2006-0618 (Format string vulnerability in fontsleuth in QNX Neutrino RTOS 6.3.0 ...)
	NOT-FOR-US: QNX
CVE-2006-0617 (Multiple unspecified vulnerabilities in Sun Java JDK and JRE 5.0 ...)
	NOT-FOR-US: Sun Java
CVE-2006-0616 (Unspecified vulnerability in Sun Java JDK and JRE 5.0 Update 4 and ...)
	NOT-FOR-US: Sun Java
CVE-2006-0615 (Multiple unspecified vulnerabilities in Sun Java JDK and JRE 5.0 ...)
	NOT-FOR-US: Sun Java
CVE-2006-0614 (Unspecified vulnerability in Sun Java JDK and JRE 5.0 Update 3 and ...)
	NOT-FOR-US: Sun Java
CVE-2006-0613 (Unspecified vulnerability in Java Web Start after 1.0.1_02, as used in ...)
	NOT-FOR-US: Sun Java
CVE-2006-0612 (Powersave daemon before 0.10.15.2 allows local users to gain ...)
	- powersave 0.11.2-1
CVE-2006-0611 (Directory traversal vulnerability in compose.pl in @Mail 4.3 and ...)
	NOT-FOR-US: @Mail
CVE-2006-0610 (Multiple SQL injection vulnerabilities in 2200net Calendar system 1.2, ...)
	NOT-FOR-US: 2200net Calender system
CVE-2006-0609 (Cross-site scripting (XSS) vulnerability in add.php in Hinton Design ...)
	NOT-FOR-US: Hinton Design phphd
CVE-2006-0608 (Multiple SQL injection vulnerabilities in Hinton Design phphd 1.0 ...)
	NOT-FOR-US: Hinton Design phphd
CVE-2006-0607 (check.php in Hinton Design phphd 1.0 does not check passwords when ...)
	NOT-FOR-US: Hinton Design phphd
CVE-2006-0606 (SQL injection vulnerability in Unknown Domain Shoutbox 2005.07.21 ...)
	NOT-FOR-US: Unknown Domain Shoutbox
CVE-2006-0605 (Multiple cross-site scripting (XSS) vulnerabilities in Unknown Domain ...)
	NOT-FOR-US: Unknown Domain Shoutbox
CVE-2006-0604 (check.php in Hinton Design phphg Guestbook 1.2 does not check the user ...)
	NOT-FOR-US: Hinton Design phphd
CVE-2006-0603 (Multiple cross-site scripting vulnerabilities in signed.php in Hinton ...)
	NOT-FOR-US: Hinton Design phphd
CVE-2006-0602 (Multiple SQL injection vulnerabilities in Hinton Design phphg ...)
	NOT-FOR-US: Hinton Design phphd
CVE-2006-0601
	RESERVED
CVE-2006-0596
	RESERVED
CVE-2006-0595
	RESERVED
CVE-2006-0594
	RESERVED
CVE-2005-4711 (SQL injection vulnerability in Neocrome Land Down Under (LDU) 801 ...)
	NOT-FOR-US: Land Down Under
CVE-2005-4710 (Unspecified vulnerability in multiple Autodesk and AutoCAD products ...)
	NOT-FOR-US: AutoCAD
CVE-2006-0598 (Buffer overflow in elogd.c in elog before 2.5.7 r1558-4 allows ...)
	{DSA-967-1}
	- elog 2.6.1+r1642-1
CVE-2006-0597 (Multiple stack-based buffer overflows in elogd.c in elog before 2.5.7 ...)
	{DSA-967-1}
	- elog 2.6.1+r1642-1
CVE-2006-0599 (The (1) elog.c and (2) elogd.c components in elog before 2.5.7 r1558-4 ...)
	{DSA-967-1}
	- elog 2.6.1+r1642-1
CVE-2006-0600 (elog before 2.5.7 r1558-4 allows remote attackers to cause a denial of ...)
	{DSA-967-1}
	- elog 2.6.1+r1642-1
CVE-2006-0593 (Cross-site scripting (XSS) vulnerability in PHP-Fusion before 6.00.304 ...)
	NOT-FOR-US: PHP-Fusion
CVE-2006-0592 (Unspecified vulnerability in the Lexmark Printer Sharing LexBce Server ...)
	NOT-FOR-US: Lexmark Printer
CVE-2006-0591 (The crypt_gensalt functions for BSDI-style extended DES-based and ...)
	NOT-FOR-US: crypt_blowfish implementation from OWL, does not seem to be in Debian
CVE-2006-0590 (MyTopix 1.2.3 allows remote attackers to obtain the installation path ...)
	NOT-FOR-US: MyTopix
CVE-2006-0589 (MyTopix 1.2.3 allows remote attackers to obtain the installation path ...)
	NOT-FOR-US: MyTopix
CVE-2006-0588 (SQL injection vulnerability in search.php in MyTopix 1.2.3 allows ...)
	NOT-FOR-US: MyTopix
CVE-2006-0587 (Unspecified vulnerability in util.php in Gallery before 1.5.2-pl2 ...)
	- gallery 1.5.2-pl2-1
CVE-2006-0586 (Multiple SQL injection vulnerabilities in Oracle 10g Release 1 before ...)
	NOT-FOR-US: Oracle
CVE-2006-0585 (jscript.dll in Microsoft Internet Explorer 6.0 SP1 and earlier allows ...)
	NOT-FOR-US: Microsoft
CVE-2006-0584 (The PSCipher function in PeopleSoft People Tools 8.4x uses PKCS #5 ...)
	NOT-FOR-US: PeopleSoft People Tools
CVE-2006-0583 (SQL injection vulnerability in mailarticle.php in Clever Copy 3.0 and ...)
	NOT-FOR-US: Clever Copy
CVE-2006-0582 (Unspecified vulnerability in rshd in Heimdal 0.6.x before 0.6.6 and ...)
	{DSA-977-1}
	- heimdal 0.7.2-1
CVE-2006-0581 (SQL injection vulnerability in Hosting Controller 6.1 Hotfix 2.8 ...)
	NOT-FOR-US: Hosting Controller
CVE-2006-0580 (IBM Lotus Domino Server 7.0 allows remote attackers to cause a denial ...)
	NOT-FOR-US: Lotus Domino
CVE-2006-0579 (Multiple integer overflows in (1) the new_demux_packet function in ...)
	- mplayer <not-affected> (fixed before first upload; 1.0pre7try3)
	NOTE: code not in ffmpeg and xine-lib
CVE-2006-0578 (Blue Coat Proxy Security Gateway OS (SGOS) 4.1.2.1 does not enforce ...)
	NOT-FOR-US: Blue Coat Proxy Security Gateway OS
CVE-2006-0577 (Lexmark X1185 printer allows local users to gain SYSTEM privileges by ...)
	NOT-FOR-US: Lexmark printer
CVE-2006-0576 (Untrusted search path vulnerability in opcontrol in OProfile 0.9.1 and ...)
	- oprofile 0.9.1-9 (bug #352910; low)
	[sarge] - oprofile <no-dsa> (requires sudo access to be vulnerable)
CVE-2006-0575 (convert-fcrontab in Fcron 2.9.5 and 3.0.0 allows remote attackers to ...)
	- fcron <not-affected> (Not included in Debian package)
CVE-2006-0574 (Cross-site scripting (XSS) vulnerability in mime/handle.html in cPanel ...)
	NOT-FOR-US: cPanel
CVE-2006-0573 (Multiple cross-site scripting (XSS) vulnerabilies in cPanel 10 and ...)
	NOT-FOR-US: cPanel
CVE-2006-0572 (phpstatus 1.0 does not require passwords when using cookies to ...)
	NOT-FOR-US: phpstatus
CVE-2006-0571 (Multiple cross-site scripting (XSS) vulnerabilities in phpstatus 1.0 ...)
	NOT-FOR-US: phpstatus
CVE-2006-0570 (Multiple SQL injection vulnerabilities in phpstatus 1.0, when ...)
	NOT-FOR-US: phpstatus
CVE-2006-0569 (Cross-site scripting (XSS) vulnerability in user_class.php in Papoo ...)
	NOT-FOR-US: Papoo
CVE-2006-0568 (Cross-site scripting (XSS) vulnerability in throw.main in Outblaze ...)
	NOT-FOR-US: Outblaze
CVE-2006-0567 (Directory traversal vulnerability in Files Xaraya module before 0.5.1, ...)
	NOT-FOR-US: Xaraya
CVE-2006-0566 (The LDAP component in CommuniGate Pro Core Server 5.0.7 allows remote ...)
	NOT-FOR-US: Communigate Pro
CVE-2006-0565 (PHP remote file include vulnerability in inc/backend_settings.php in ...)
	NOT-FOR-US: LoudBlog
CVE-2006-0564 (Stack-based buffer overflow in Microsoft HTML Help Workshop ...)
	NOT-FOR-US: Microsoft
CVE-2006-0563 (SQL injection vulnerability in exec.php in PluggedOut Blog 1.9.9c ...)
	NOT-FOR-US: PluggedOut Blog
CVE-2006-0562 (Cross-site scripting (XSS) vulnerability in problem.php in PluggedOut ...)
	NOT-FOR-US: PluggedOut Blog
CVE-2006-0561 (Cisco Secure Access Control Server (ACS) 3.x for Windows stores ACS ...)
	NOT-FOR-US: Cisco
CVE-2006-0560
	RESERVED
CVE-2006-0559 (Format string vulnerability in the SMTP server for McAfee WebShield ...)
	NOT-FOR-US: McAfee WebShield
CVE-2006-0558 (perfmon (perfmon.c) in Linux kernel on IA64 architectures allows local ...)
	{DSA-1103}
	- linux-2.6 2.6.16-1 (bug #365375; low)
CVE-2006-0557 (sys_mbind in mempolicy.c in Linux kernel 2.6.16 and earlier does not ...)
	{DSA-1103}
	- linux-2.6 2.6.15-8
CVE-2006-0556
	RESERVED
CVE-2006-0555 (The Linux Kernel before 2.6.15.5 allows local users to cause a denial ...)
	{DSA-1103}
	- linux-2.6 2.6.15-8
CVE-2006-0554 (Linux kernel 2.6 before 2.6.15.5 allows local users to obtain ...)
	{DSA-1103}
	- linux-2.6 2.6.15-8
CVE-2006-0553 (PostgreSQL 8.1.0 through 8.1.2 allows authenticated database users to ...)
	- postgresql-8.1 8.1.3-1
CVE-2006-0552 (Unspecified vulnerability in the Net Listener component of Oracle ...)
	NOT-FOR-US: Oracle
CVE-2006-0551 (SQL injection vulnerability in the Data Pump Metadata API in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2006-0550 (Buffer overflow in an unspecified Oracle Client utility might allow ...)
	NOT-FOR-US: Oracle
CVE-2006-0549 (SQL injection vulnerability in the SYS.DBMS_METADATA_UTIL package in ...)
	NOT-FOR-US: Oracle
CVE-2006-0548 (SQL injection vulnerability in the Oracle Text component of Oracle ...)
	NOT-FOR-US: Oracle
CVE-2006-0547 (Oracle Database 8i, 9i, and 10g allow remote authenticated users to ...)
	NOT-FOR-US: Oracle
CVE-2006-0546 (Unspecified vulnerability in index.php in a certain application ...)
	NOT-FOR-US: Strange app at www.egeinternet.com
CVE-2006-0545 (SQL injection vulnerability in showflat.php in Groupee (formerly known ...)
	NOT-FOR-US: UBB.threads
CVE-2006-0544 (urlmon.dll in Microsoft Internet Explorer 7.0 beta 2 (aka 7.0.5296.0) ...)
	NOT-FOR-US: Microsoft
CVE-2006-0543 (Cerulean Trillian 3.1.0.120 allows remote attackers to cause a denial ...)
	NOT-FOR-US: Cerulean Trillian
CVE-2006-0542 (Multiple SQL injection vulnerabilities in config.php in NukedWeb ...)
	NOT-FOR-US: NukedWeb
CVE-2006-0541 (Multiple cross-site scripting (XSS) vulnerabilities in Tachyon Vanilla ...)
	NOT-FOR-US: Tachyon Vanilla Guestbook
CVE-2006-0540 (Multiple SQL injection vulnerabilities in Tachyon Vanilla Guestbook ...)
	NOT-FOR-US: Tachyon Vanilla Guestbook
CVE-2006-0539 (The convert-fcrontab program in fcron 3.0.0 might allow local users to ...)
	- fcron <not-affected> (Vulnerable app in the Debian package, not setuid anyway)
CVE-2006-0538 (CipherTrust IronMail 5.0.1, when &quot;Denial of Service Protection&quot; is ...)
	NOT-FOR-US: IronMail
CVE-2006-0537 (Buffer overflow in the POP3 server in Kinesphere Corporation eXchange ...)
	NOT-FOR-US: eXchange POP3
CVE-2006-0536 (Cross-site scripting (XSS) vulnerability in neomail.pl in NeoMail 1.27 ...)
	NOT-FOR-US: NeoMail
CVE-2006-0535 (Multiple cross-site scripting (XSS) vulnerabilities in Community ...)
	NOT-FOR-US: Community Server
CVE-2006-0534 (Multiple cross-site scripting (XSS) vulnerabilities in default.asp in ...)
	NOT-FOR-US: CyberShop Ultimate E-commerce
CVE-2006-0533 (Cross-site scripting (XSS) vulnerability in webmailaging.cgi in cPanel ...)
	NOT-FOR-US: cPanel
	NOTE: Not Debian's cpanel
CVE-2006-0532 (Cross-site scripting (XSS) vulnerability in resultat.asp in SoftMaker ...)
	NOT-FOR-US: SoftMaker Shop
CVE-2006-0531 (Unspecified vulnerability in Sun Java System Access Manager 7.0 allows ...)
	NOT-FOR-US: Sun Java System Access Manager
CVE-2003-1293 (Multiple cross-site scripting (XSS) vulnerabilities in NukedWeb ...)
	NOT-FOR-US: NukedWeb
CVE-2006-0530 (Computer Associates (CA) Message Queuing (CAM / CAFT) before 1.07 ...)
	NOT-FOR-US: CA Message Queuing
	NOTE: CA Message Queuing is embeded in a lot of products, but they all seem
	NOTE: to be commercial products (see list in referenced URL)
CVE-2006-0529 (Computer Associates (CA) Message Queuing (CAM / CAFT) before 1.07 ...)
	NOT-FOR-US: CA Message Queuing
	NOTE: CA Message Queuing is embeded in a lot of products, but they all seem
	NOTE: to be commercial products (see list in referenced URL)
CVE-2006-0528 (The cairo library (libcairo), as used in GNOME Evolution and possibly ...)
	- evolution 2.2.3-4 (low)
	[sarge] - evolution <not-affected> (Vulnerability was apparantly introduced in 2.3.1)
	[woody] - evolution <not-affected> (Vulnerability was apparantly introduced in 2.3.1)
CVE-2006-0527 (BIND 4 (BIND4) and BIND 8 (BIND8), if used as a target forwarder, ...)
	- bind 1:8.4.7-1 (low)
	[sarge] - bind <no-dsa> (Architectual limitatiom, upgrade to BIND 9 as a a fix)
	NOTE: BIND 8 is unsuitable for forwarder use because of its
	NOTE: architecture.  Upgrade to BIND 9 as a fix.
	NOTE: This was fixed in sid by documenting it as an unfixable design limitation
CVE-2006-0526 (The default configuration of the America Online (AOL) client software ...)
	NOT-FOR-US: AOL
CVE-2006-0525 (Multiple Adobe products, including (1) Photoshop CS2, (2) Illustrator ...)
	NOT-FOR-US: Windows issue
CVE-2006-0524 (Cross-site scripting (XSS) vulnerability in ashnews.php in Derek ...)
	NOT-FOR-US: Derek Ashauer ashnews
CVE-2006-0523 (SQL injection vulnerability in global.php in MyBB before 1.03 allows ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2006-0522 (SQL injection vulnerability in the Authentication Servlet in Symantec ...)
	NOT-FOR-US: Symantec Sygate Management Server
CVE-2006-0521 (Cross-site scripting (XSS) vulnerability in results.php in BrowserCRM ...)
	NOT-FOR-US: Browser CRM
CVE-2006-0520 (SQL injection vulnerability index.php in Dragoran Portal module 1.3 ...)
	NOT-FOR-US: Invision Power Board
CVE-2006-0519 (SPIP 1.8.2-e and earlier and 1.9 Alpha 2 (5539) and earlier allows ...)
	- spip <removed> (medium; bug #351336)
CVE-2006-0518 (Cross-site scripting (XSS) vulnerability in index.php3 in SPIP 1.8.2-e ...)
	- spip <removed> (medium; bug #351335)
CVE-2006-0517 (Multiple SQL injection vulnerabilities in ...)
	- spip <removed> (medium; bug #351334)
CVE-2006-0625 (Directory traversal vulnerability in Spip_RSS.PHP in SPIP 1.8.2g and ...)
	- spip <removed> (medium; bug #352076)
	NOTE: http://www.securityfocus.com/bid/16556
CVE-2006-0626 (SQL injection vulnerability in spip_acces_doc.php3 in SPIP 1.8.2g and ...)
	- spip <removed> (medium; bug #352077)
	NOTE: http://www.securityfocus.com/bid/16551
CVE-2006-0516 (Unspecified vulnerability in the kernel processing in Solaris 10 64 ...)
	NOT-FOR-US: Solaris
CVE-2006-0515 (Cisco PIX/ASA 7.1.x before 7.1(2) and 7.0.x before 7.0(5), PIX 6.3.x ...)
	NOT-FOR-US: Cisco
CVE-2006-0514
	RESERVED
CVE-2006-0513 (Directory traversal vulnerability in pkmslogout in Tivoli Web Server ...)
	NOT-FOR-US: Tivoli
CVE-2006-0512 (PADL MigrationTools 46 creates temporary files insecurely, which ...)
	{DSA-1187-1}
	- migrationtools 46-2.1 (bug #338920; medium)
CVE-2006-0511 (** DISPUTED ** Blackboard Academic Suite 6.0 and earlier does not ...)
	NOT-FOR-US: Blackboard Academic Suite
CVE-2006-0510 (SQL injection vulnerability in userlogin.jsp in Daffodil CRM 1.5 ...)
	NOT-FOR-US: Daffodil
CVE-2006-0509 (Multiple cross-site scripting (XSS) vulnerabilities in clients.php in ...)
	NOT-FOR-US: Cerberus Helpdesk
CVE-2006-0508 (Easy CMS stores the images directory under the web document root with ...)
	NOT-FOR-US: Easy CMS
CVE-2006-0507 (Multiple cross-site scripting (XSS) vulnerabilities in Easy CMS allow ...)
	NOT-FOR-US: Easy CMS
CVE-2006-0506 (Cross-site scripting (XSS) vulnerability in index.php in Nuked-klaN ...)
	NOT-FOR-US: Nuked-klaN
CVE-2006-0505 (zbattle.net Zbattle client 1.09 SR-1 beta allows remote attackers to ...)
	NOT-FOR-US: Zbattle
CVE-2006-0504 (Unspecified vulnerability in MailEnable Enterprise Edition before 1.2 ...)
	NOT-FOR-US: MailEnable Enterprise Edition
CVE-2006-0503 (IMAP service in MailEnable Professional Edition before 1.72 allows ...)
	NOT-FOR-US: MailEnable Professional Edition
CVE-2006-0502 (PHP remote file inclusion vulnerability in loginout.php in FarsiNews ...)
	NOT-FOR-US: FarsiNews
CVE-2006-0501 (Cross-site scripting (XSS) vulnerability in MyCO Guestbook 1.0 allows ...)
	NOT-FOR-US: MyCo Guestbook
CVE-2006-0500 (MyCO Guestbook 1.0 stores the admin directory under the web document ...)
	NOT-FOR-US: MyCo Guestbook
CVE-2006-0499 (Cross-site scripting (XSS) vulnerability in rlink.php in Rlink 1.0.0 ...)
	NOT-FOR-US: Rlink module add-on for phpbb (not included in Debian package)
CVE-2005-4709 (The popSubjectContext method in the SecurityAssociation class in JBoss ...)
	NOT-FOR-US: JBoss Enterprise Java Beans
CVE-2005-4708 (Adobe Macromedia MX 2004 products, Captivate, Contribute 2, Contribute ...)
	NOT-FOR-US: Adobe Macromedia MX products (Captivate, Contribute and eLicensing client)
CVE-2003-1292 (PHP remote file include vulnerability in Derek Ashauer ashNews 0.83 ...)
	NOT-FOR-US: Derek Ashauer ashNews
CVE-2006-0498 (Multiple cross-site scripting (XSS) vulnerabilities in PHP GEN before ...)
	NOT-FOR-US: PHP GEN
CVE-2006-0497 (Multiple SQL injection vulnerabilities in PHP GEN before 1.4 allow ...)
	NOT-FOR-US: PHP GEN
CVE-2006-0496 (Cross-site scripting (XSS) vulnerability in Mozilla 1.7.12 and ...)
	- iceweasel <unfixed> (unimportant; bug #349339)
	- mozilla-firefox <unfixed> (unimportant; bug #349339)
	- iceape <unfixed> (unimportant)
	- xulrunner <unfixed> (unimportant)
	NOTE: This is not a direct vulnerability, but rather the lack of protection
	NOTE: for shooting into own's own foot, so we should treat it as a security
	NOTE: enhancement bug and not as a vulnerability.
CVE-2006-0495 (Cross-site scripting (XSS) vulnerability in the Add Thread to ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2006-0494 (Directory traversal vulnerability in MyBB (aka MyBulletinBoard) 1.02 ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2006-0493 (Cross-site scripting (XSS) vulnerability in MG2 (formerly known as ...)
	NOT-FOR-US: MG2
CVE-2006-0492 (Multiple SQL injection vulnerabilities in Calendarix allow remote ...)
	NOT-FOR-US: Calendarix
CVE-2006-0491 (SQL injection vulnerability in SZUserMgnt.class.php in SZUserMgnt 1.4 ...)
	NOT-FOR-US: SZUserMgnt
CVE-2006-0490 (SQL injection vulnerability in login.asp in ASPThai.Net ASPThai Forums ...)
	NOT-FOR-US: ASPThai Forums
CVE-2006-0489 (** DISPUTED ** Buffer overflow in the font command of mIRC, probably ...)
	NOT-FOR-US: mIRC
CVE-2006-0488 (The VDM (Virtual DOS Machine) emulation environment for MS-DOS ...)
	NOT-FOR-US: Microsoft
CVE-2006-0487 (Multiple unspecified vulnerabilities in Tumbleweed MailGate Email ...)
	NOT-FOR-US: Tumbleweed MailGate Email Firewall
CVE-2006-0486 (Certain Cisco IOS releases in 12.2S based trains with maintenance ...)
	NOT-FOR-US: IOS
CVE-2006-0485 (The TCL shell in Cisco IOS 12.2(14)S before 12.2(14)S16, 12.2(18)S ...)
	NOT-FOR-US: IOS
CVE-2006-0484 (Directory traversal vulnerability in Vis.pl, as part of the FACE ...)
	NOT-FOR-US: FACE CONTROL product
CVE-2006-0483 (Cisco VPN 3000 series concentrators running software 4.7.0 through ...)
	NOT-FOR-US: Cisco
CVE-2006-0482 (Linux kernel 2.6.15.1 and earlier, when running on SPARC ...)
	{DSA-1017-1}
	- linux-2.6 2.6.15-4
CVE-2006-0481 (Heap-based buffer overflow in the alpha strip capability in libpng ...)
	- libpng 1.2.8rel-3 (bug #352902; bug #352918)
	[sarge] - libpng <not-affected> (Only 1.2.7 affected)
	[woody] - libpng <not-affected> (Only 1.2.7 affected)
	[sarge] - libpng3 1.2.8rel-1
CVE-2006-0480 (Cross-site scripting (XSS) vulnerability in the Articles module in ...)
	NOT-FOR-US: sPaiz-Nuke
CVE-2006-0479 (pmwiki.php in PmWiki 2.1 beta 20, with register_globals enabled, ...)
	NOT-FOR-US: PmWiki
CVE-2006-0478 (CRE Loaded 6.15 allows remote attackers to perform privileged actions, ...)
	NOT-FOR-US: CRE Loaded
CVE-2006-0477 (Buffer overflow in git-checkout-index in GIT before 1.1.5 allows ...)
	- git-core 1.1.5-1 (bug #350274)
CVE-2006-0476 (Buffer overflow in Nullsoft Winamp 5.12 allows remote attackers to ...)
	NOT-FOR-US: Winamp
CVE-2006-0475 (PHP-Ping 1.3 does not properly validate ping counts, which allows ...)
	NOT-FOR-US: PHP-Ping
CVE-2006-0474 (Multiple integer overflows in Shareaza 2.2.1.0 allow remote attackers ...)
	NOT-FOR-US: Shareaza
CVE-2006-0473 (Cross-site scripting (XSS) vulnerability in the bbcode function in ...)
	NOT-FOR-US: My little homepage
CVE-2006-0472 (Cross-site scripting (XSS) vulnerability in guestbook.php in my little ...)
	NOT-FOR-US: My little homepage
CVE-2006-0471 (Cross-site scripting (XSS) vulnerability in the bbcode function in ...)
	NOT-FOR-US: My little homepage
CVE-2006-0470 (Cross-site scripting (XSS) vulnerability in search.php in ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2006-0469 (Cross-site scripting (XSS) vulnerability in UebiMiau 2.7.9, and ...)
	NOT-FOR-US: uebimiau
	NOTE: this had an ITP back in 2002, but it never was done (bug #164116)
CVE-2006-0468 (CommuniGate Pro Core Server before 5.0.7 allows remote attackers to ...)
	NOT-FOR-US: CommuniGate Pro
CVE-2005-4707 (Multiple cross-site scripting (XSS) vulnerabilities in PHP GEN before ...)
	NOT-FOR-US: PHP GEN
CVE-2005-4706 (Unspecified vulnerability in the &quot;privilege management&quot; feature of Sun ...)
	NOT-FOR-US: Solaris 10
CVE-2005-4705 (BEA WebLogic Server and WebLogic Express 8.1 through SP4, 7.0 through ...)
	NOT-FOR-US: BEA WebLogic
CVE-2005-4704 (Unspecified vulnerability in BEA WebLogic Server and WebLogic Express ...)
	NOT-FOR-US: BEA WebLogic
CVE-2005-4703 (Apache Tomcat 4.0.3, when running on Windows, allows remote attackers ...)
	NOT-FOR-US: Windows Tomcat vulnerability
CVE-2005-4702 (SQL injection vulnerability in the favorites module in index.php in ...)
	NOT-FOR-US: IPBProArcade
CVE-2005-4701 (Unspecified vulnerability in Process File System (procfs) in Sun ...)
	NOT-FOR-US: Solaris 10
CVE-2005-4700 (TellMe 1.2 and earlier, when the Server (o_Server) and HEAD (o_Head) ...)
	NOT-FOR-US: TellMe
CVE-2005-4699 (Argument injection vulnerability in TellMe 1.2 and earlier allows ...)
	NOT-FOR-US: TellMe
CVE-2005-4698 (Cross-site scripting (XSS) vulnerability in TellMe 1.2 and earlier ...)
	NOT-FOR-US: TellMe
CVE-2005-4697 (The Microsoft Wireless Zero Configuration system (WZCS) allows local ...)
	NOT-FOR-US: Microsoft
CVE-2005-4696 (The Microsoft Wireless Zero Configuration system (WZCS) stores WEP ...)
	NOT-FOR-US: Microsoft
CVE-2005-4695 (Symantec Brightmail AntiSpam 6.0 build 1 and 2 allows remote attackers ...)
	NOT-FOR-US: Symantec Brightmail AntiSpam
CVE-2005-4694 (Unspecified vulnerability in the www_add method in Asset.pm in Plain ...)
	NOT-FOR-US: WebGUI
CVE-2005-4693 (Gaim-Encryption 2.38-1 on Debian Linux allows remote attackers to ...)
	- gaim-encryption 3.0~beta5-3 (low; bug #337127)
	[sarge] - gaim-encryption <no-dsa> (Minor issue)
CVE-2005-4692 (Unspecified vulnerability in mroovca stats (mroovcastats) before ...)
	NOT-FOR-US: mroovca
CVE-2005-4691 (imake in NetBSD before 2.0.3, NetBSD-current before 12 September 2005, ...)
	NOT-FOR-US: NetBSD
CVE-2005-4690 (Six Apart Movable Type 3.16 allows local users with blog-creation ...)
	NOT-FOR-US: Six Apart Movable Type
CVE-2005-4689 (Six Apart Movable Type 3.16 stores account names and password hashes ...)
	NOT-FOR-US: Six Apart Movable Type
CVE-2005-4688 (PunBB 1.2.9 does not require password entry when changing the e-mail ...)
	NOT-FOR-US: PunBB
CVE-2005-4687 (PunBB 1.2.9, used alone or with F-ART BLOG:CMS, may trust a client's ...)
	NOT-FOR-US: PunBB
CVE-2005-4686 (PunBB 1.2.9, when used alone or with F-ART BLOG:CMS, includes ...)
	NOT-FOR-US: PunBB
CVE-2005-4685 (Firefox and Mozilla can associate a cookie with multiple domains when ...)
	NOTE: see CVE-2005-4684
	- firefox <removed> (unimportant)
	- iceweasel <unfixed> (unimportant)
	- mozilla <unfixed> (unimportant)
	[sarge] - mozilla <no-dsa> (Hardly exploitable)
	- xulrunner <unfixed> (unimportant)
CVE-2005-4684 (Konqueror can associate a cookie with multiple domains when the DNS ...)
	NOTE: http://cvs.fedora.redhat.com/viewcvs/fedora-security/audit/fc5?root=fedora&rev=1.172&view=markup says "ignore (kdebase) not fixed upstream, low, can't fix"
	- kdebase <unfixed> (unimportant)
	[sarge] - kdebase <no-dsa> (Hardly exploitable)
CVE-2005-4683 (PADL MigrationTools 46, when a failure occurs, stores contents of ...)
	- migrationtools 46-2.1 (bug #338920; unimportant)
	NOTE: The temp fix makes use of TMPDIR
CVE-2005-4682 (Cross-site scripting (XSS) vulnerability in error.asp in AudienceView ...)
	NOT-FOR-US: AudienceView
CVE-2005-4681 (** DISPUTED ** Buffer overflow in mIRC 5.91, 6.03, 6.12, and 6.16 ...)
	NOT-FOR-US: mIRC
CVE-2005-4680 (Sophos Anti-Virus before 4.02, 4.5.x before 4.5.9, 4.6.x before 4.6.9, ...)
	NOT-FOR-US: Sophos Anti-Virus
CVE-2005-4679 (Internet Explorer 6 for Windows XP Service Pack 2 allows remote ...)
	NOT-FOR-US: Internet Explorer 6
CVE-2005-4678 (Apple Safari 2.0.2 (aka 416.12) allows remote attackers to spoof the ...)
	NOT-FOR-US: Apple
CVE-2005-4677 (SQL injection vulnerability in additional_images.php (aka the ...)
	NOT-FOR-US: osCommerce
CVE-2005-4676 (Buffer overflow in Andreas Huggel Exiv2 before 0.9 does not null ...)
	- exiv2 0.9
CVE-2003-1291 (VMware ESX Server 1.5.2 before Patch 4 allows local users to execute ...)
	NOT-FOR-US: VMware
CVE-2006-0467 (Unspecified vulnerability in Pioneers (formerly gnocatan) before ...)
	{DSA-964-1}
	[woody] - gnocatan 0.6.1-5woody3
	[sarge] - gnocatan 0.8.1.59-1sarge1
	- pioneers 0.9.49-1 (bug #350237; medium)
CVE-2006-0466 (Cross-site scripting (XSS) vulnerability in search.asp in Goldstag ...)
	NOT-FOR-US: Goldstag Content Management System
CVE-2006-0465 (Cross-site scripting (XSS) vulnerability in risultati_ricerca.php in ...)
	NOT-FOR-US: active121 Site Manager
CVE-2006-0464 (Multiple SQL injection vulnerabilities in index.php in IdeoContent ...)
	NOT-FOR-US: IdeoContent Manager
CVE-2006-0463 (Cross-site scripting (XSS) vulnerability in IdeoContent Manager allows ...)
	NOT-FOR-US: IdeoContent Manager
CVE-2006-0462 (SQL injection vulnerability in comentarios.php in AndoNET Blog ...)
	NOT-FOR-US: AndoNET Blog
CVE-2006-0461 (Cross-site scripting (XSS) vulnerability in core.input.php in ...)
	NOT-FOR-US: ExpressionEngine
CVE-2006-0460 (Multiple buffer overflows in BomberClone before 0.11.6.2 allow remote ...)
	{DSA-997-1}
	- bomberclone 0.11.6.2-1
CVE-2006-0459 (flex.skl in Will Estes and John Millaway Fast Lexical Analyzer ...)
	{DSA-1020-1}
	- flex 2.5.33-1
CVE-2006-0458 (The DCC ACCEPT command handler in irssi before ...)
	- irssi-text <not-affected> (Only 0.8.10rc versions are affected)
CVE-2006-0457 (Race condition in the (1) add_key, (2) request_key, and (3) keyctl ...)
	- linux-2.6 2.6.15-6
CVE-2006-0456 (The strnlen_user function in Linux kernel before 2.6.16 on IBM S/390 ...)
	{DSA-1103}
	- linux-2.6 2.6.16-1
CVE-2006-0455 (gpgv in GnuPG before 1.4.2.1, when using unattended signature ...)
	{DSA-978-1}
	- gnupg 1.4.2.2-1 (bug #353017; bug #353019; bug #354620; medium)
	[sarge] - gnupg2 <not-affected> (Vulnerable code not activated)
	NOTE: http://lists.gnupg.org/pipermail/gnupg-announce/2006q1/000211.html indicates that
	NOTE: *all* versions are affected because gpg --verify is also affected
CVE-2006-0454 (Linux kernel before 2.6.15.3 down to 2.6.12, while constructing an ...)
	- linux-2.6 2.6.15-5
	[sarge] - kernel-source-2.6.8 <not-affected>
	[sarge] - kernel-source-2.4.27 <not-affected>
CVE-2006-0453 (The LDAP component in Fedora Directory Server 1.0 allow remote ...)
	NOT-FOR-US: Fedora Directory Server
CVE-2006-0452 (dn2ancestor in the LDAP component in Fedora Directory Server 1.0 ...)
	NOT-FOR-US: Fedora Directory Server
CVE-2006-0451 (Multiple memory leaks in the LDAP component in Fedora Directory Server ...)
	NOT-FOR-US: Fedora Directory Server
CVE-2006-0450 (phpBB 2.0.19 and earlier allows remote attackers to cause a denial of ...)
	- phpbb2 <unfixed> (unimportant)
	NOTE: As discussed with the phpbb maintainers; this is only a lack of feature
	NOTE: (phpbb2 doesn't allow a kind of rate control for maximum login/searches for
	NOTE: a certain time frame), but not a directly fixable security problem
CVE-2006-0449 (Early termination vulnerability in the IMAP service in E-Post Mail ...)
	NOT-FOR-US: E-Post Mail / SPA-PRO Mail
CVE-2006-0448 (Multiple directory traversal vulnerabilities in (1) EPSTIMAP4S.EXE and ...)
	NOT-FOR-US: E-Post Mail / SPA-PRO Mail
CVE-2006-0447 (Multiple buffer overflows in E-Post Mail Server 4.10 and SPA-PRO Mail ...)
	NOT-FOR-US: E-Post Mail / SPA-PRO Mail
CVE-2006-0446 (Unspecified vulnerability in WeBWorK 2.1.3 and 2.2-pre1 allows remote ...)
	NOT-FOR-US: WeBWorK
CVE-2006-0445 (index.php in Phpclanwebsite 1.23.1 allows remote authenticated users ...)
	NOT-FOR-US: Phpclanwebsite
CVE-2006-0444 (SQL injection vulnerability in index.php in Phpclanwebsite (aka PCW) ...)
	NOT-FOR-US: Phpclanwebsite
CVE-2006-0443 (Cross-site scripting (XSS) vulnerability in archive.php in CheesyBlog ...)
	NOT-FOR-US: CheesyBlog
CVE-2006-0442 (Multiple cross-site scripting (XSS) vulnerabilities in usercp.php in ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2006-0441 (Stack-based buffer overflow in Sami FTP Server 2.0.1 allows remote ...)
	NOT-FOR-US: Sami FTP Server
CVE-2006-0440 (Text Rider 2.4 allows attackers to bypass authentication and upload ...)
	NOT-FOR-US: Text Rider
CVE-2006-0439 (Text Rider 2.4 stores sensitive data in the data directory under the ...)
	NOT-FOR-US: Text Rider
CVE-2006-0438 (Cross-site request forgery (CSRF) vulnerability in phpBB 2.0.19, when ...)
	- phpbb2 <unfixed> (unimportant)
	NOTE: No real world risk according to maintainer
CVE-2006-0437 (Cross-site scripting (XSS) vulnerability in admin_smilies.php in phpBB ...)
	- phpbb2 <unfixed> (unimportant)
	NOTE: Intended behaviour according to maintainer
CVE-2006-0436 (Unspecified vulnerability in HP HP-UX B.11.00, B.11.04, and B.11.11 ...)
	NOT-FOR-US: HP-UX
CVE-2006-0435 (Unspecified vulnerability in Oracle PL/SQL (PLSQL), as used in ...)
	NOT-FOR-US: Oracle
CVE-2006-0434 (Directory traversal vulnerability in action.php in phpXplorer allows ...)
	NOT-FOR-US: phpXplorer
CVE-2005-4675 (Cross-site scripting (XSS) vulnerability in list.php in Complete PHP ...)
	NOT-FOR-US: Complete PHP Counter
CVE-2005-4674 (Multiple SQL injection vulnerabilities in list.php in Complete PHP ...)
	NOT-FOR-US: Complete PHP Counter
CVE-2005-4673 (ioFTPD 0.5.84 u responds with different messages depending on whether ...)
	NOT-FOR-US: ioFTPD
CVE-2005-4672 (Cross-site scripting (XSS) vulnerability in image-editor-52/index.php ...)
	NOT-FOR-US: CityPost Simple Image-Editor
CVE-2005-4671 (Cross-site scripting (XSS) vulnerability in simple-upload-53.php in ...)
	NOT-FOR-US: CityPost Simple PHP Upload
CVE-2005-4670 (Cross-site scripting (XSS) vulnerability in message.php in CityPost ...)
	NOT-FOR-US: CityPost Simple PHP Upload
CVE-2005-4669 (SQL injection vulnerability in RT Internet Solutions (RTIS) WebAdmin ...)
	NOT-FOR-US: RT Internet Solutions (RTIS) WebAdmin
CVE-2005-4668 (The embedded HSQLDB in ParosProxy before 3.2.7, when running with JDK ...)
	NOT-FOR-US: ParoxProxy
CVE-2006-0433 (Selective Acknowledgement (SACK) in FreeBSD 5.3 and 5.4 does not ...)
	- kfreebsd-5 5.4-13
CVE-2006-0432 (Unspecified vulnerability in BEA WebLogic Server and WebLogic Express ...)
	NOT-FOR-US: BEA WebLogic
CVE-2006-0431 (Unspecified vulnerability in BEA WebLogic Server and WebLogic Express ...)
	NOT-FOR-US: BEA WebLogic
CVE-2006-0430 (Certain configurations of BEA WebLogic Server and WebLogic Express ...)
	NOT-FOR-US: BEA WebLogic
CVE-2006-0429 (BEA WebLogic Server and WebLogic Express 9.0 causes new security ...)
	NOT-FOR-US: BEA WebLogic
CVE-2006-0428 (Unspecified vulnerability in BEA WebLogic Portal 8.1 SP3 through SP5, ...)
	NOT-FOR-US: BEA WebLogic
CVE-2006-0427 (Unspecified vulnerability in BEA WebLogic Server and WebLogic Express ...)
	NOT-FOR-US: BEA WebLogic
CVE-2006-0426 (BEA WebLogic Server and WebLogic Express 8.1 through SP4, when ...)
	NOT-FOR-US: BEA WebLogic
CVE-2006-0425 (BEA WebLogic Portal 8.1 through SP4 allows remote attackers to obtain ...)
	NOT-FOR-US: BEA WebLogic
CVE-2006-0424 (BEA WebLogic Server and WebLogic Express 8.1 through SP4, 7.0 through ...)
	NOT-FOR-US: BEA WebLogic
CVE-2006-0423 (BEA WebLogic Portal 8.1 through SP3 stores the password for the RDBMS ...)
	NOT-FOR-US: BEA WebLogic
CVE-2006-0422 (Multiple unspecified vulnerabilities in BEA WebLogic Server and ...)
	NOT-FOR-US: BEA WebLogic
CVE-2006-0421 (By design, BEA WebLogic Server and WebLogic Express 7.0 and 6.1, when ...)
	NOT-FOR-US: BEA WebLogic
CVE-2006-0420 (BEA WebLogic Server and WebLogic Express 8.1 through SP4 and 7.0 ...)
	NOT-FOR-US: BEA WebLogic
CVE-2006-0419 (BEA WebLogic Server and WebLogic Express 9.0, 8.1 through SP5, and 7.0 ...)
	NOT-FOR-US: BEA WebLogic
CVE-2005-4667 (Buffer overflow in UnZip 5.50 and earlier allows user-assisted ...)
	{DSA-1012-1}
	- unzip 5.52-7 (low; bug #349794)
CVE-2006-0418 (Eval injection vulnerability in 123 Flash Chat Server 5.0 and 5.1 ...)
	NOT-FOR-US: 123 Flash Chat Server
CVE-2006-0417 (SQL injection vulnerability in login.php in miniBloggie 1.0 and ...)
	NOT-FOR-US: miniBloggie
CVE-2006-0416 (SleeperChat 0.3f and earlier allows remote attackers to bypass ...)
	NOT-FOR-US: SleeperChat
CVE-2006-0415 (Cross-site scripting (XSS) vulnerability in index.php in SleeperChat ...)
	NOT-FOR-US: SleeperChat
CVE-2006-0414 (Tor before 0.1.1.20 allows remote attackers to identify hidden ...)
	- tor 0.1.1.11-alpha-1 (bug #349283)
CVE-2006-0413 (Multiple SQL injection vulnerabilities in index.php in NewsPHP allow ...)
	NOT-FOR-US: NewsPHP
CVE-2006-0412 (SQL injection vulnerability in CyberShop allows remote attackers to ...)
	NOT-FOR-US: CyberShop
CVE-2006-0411 (claro_init_local.inc.php in Claroline 1.7.2 uses guessable session ...)
	NOT-FOR-US: Claroline
CVE-2006-0410 (SQL injection vulnerability in ADOdb before 4.71, when using ...)
	{DSA-1031-1 DSA-1030-1 DSA-1029-1}
	- libphp-adodb 4.72-0.1 (bug #349985; medium)
	- moodle 1.6-1 (bug #360395; medium)
CVE-2006-0409 (Cross-site scripting (XSS) vulnerability in index.php in Pixelpost ...)
	NOT-FOR-US: Pixelpost Photoblog
CVE-2006-0408 (rsh utility in Sun Grid Engine (SGE) before 6.0u7_1 allows local users ...)
	NOT-FOR-US: Sun Grid Engine
CVE-2006-0407 (Cross-site scripting (XSS) vulnerability in post.php in AZ Bulletin ...)
	NOT-FOR-US: AZ Bulletin Board
CVE-2006-0406 (search.php in MyBB 1.0.2 allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2006-0405 (The TIFFFetchShortPair function in tif_dirread.c in libtiff 3.8.0 ...)
	- tiff 3.8.0-2 (bug #350715)
	[sarge] - tiff <not-affected> (Vulnerability was introduced later)
	[woody] - tiff <not-affected> (Vulnerability was introduced later)
CVE-2006-0404 (Note-A-Day Weblog 2.2 stores sensitive data under the web document ...)
	NOT-FOR-US: Note-A-Day Weblog
CVE-2006-0403 (Multiple SQL injection vulnerabilities in e-moBLOG 1.3 allow remote ...)
	NOT-FOR-US: e-moBLOG
CVE-2006-0402 (SQL injection vulnerability in Zoph before 0.5pre1 allows remote ...)
	{DSA-989-1}
	- zoph 0.5-1 (bug #350717)
CVE-2006-0401 (Unspecified vulnerability in Mac OS X before 10.4.6, when running on ...)
	NOT-FOR-US: Apple
CVE-2006-0400 (CoreTypes in Apple Mac OS X 10.4 up to 10.4.5 allows remote attackers ...)
	NOT-FOR-US: Apple
CVE-2006-0399 (Unspecified vulnerability in Safari, LaunchServices, and/or CoreTypes ...)
	NOT-FOR-US: Apple
CVE-2006-0398 (Unspecified vulnerability in Safari, LaunchServices, and/or CoreTypes ...)
	NOT-FOR-US: Apple
CVE-2006-0397 (Unspecified vulnerability in Safari, LaunchServices, and/or CoreTypes ...)
	NOT-FOR-US: Apple
CVE-2006-0396 (Buffer overflow in Mail in Apple Mac OS X 10.4 up to 10.4.5, when ...)
	NOT-FOR-US: Apple
CVE-2006-0395 (The Download Validation in Mail in Mac OS X 10.4 does not properly ...)
	NOT-FOR-US: Apple
CVE-2006-0394
	REJECTED
CVE-2006-0393 (OpenSSH in Apple Mac OS X 10.4.7 allows remote attackers to cause a ...)
	NOT-FOR-US: Apple
CVE-2006-0392 (Buffer overflow in Apple Mac OS X 10.4.7 allows user-assisted ...)
	NOT-FOR-US: Apple
CVE-2006-0391 (Directory traversal vulnerability in the BOM framework in Mac OS X ...)
	NOT-FOR-US: Apple
CVE-2006-0390
	REJECTED
CVE-2006-0389 (Cross-site scripting (XSS) vulnerability in Syndication (Safari RSS) ...)
	NOT-FOR-US: Apple
CVE-2006-0388 (Safari in Mac OS X 10.3 before 10.3.9 and 10.4 before 10.4.5 allows ...)
	NOT-FOR-US: Apple
CVE-2006-0387 (Stack-based buffer overflow in Safari in Mac OS X 10.4.5 and earlier, ...)
	NOT-FOR-US: Apple
CVE-2006-0386 (FileVault in Mac OS X 10.4.5 and earlier does not properly mount user ...)
	NOT-FOR-US: Apple
CVE-2006-0385
	RESERVED
CVE-2006-0384 (automount in Mac OS X 10.4.5 and earlier allows remote file servers to ...)
	NOT-FOR-US: Apple
CVE-2006-0383 (IPSec when used with VPN networks in Mac OS X 10.4 through 10.4.5 ...)
	NOT-FOR-US: Apple
CVE-2006-0382 (Apple Mac OS X 10.4.5 and allows local users to cause a denial of ...)
	NOT-FOR-US: Apple
CVE-2006-0381 (A logic error in the IP fragment cache functionality in pf in FreeBSD ...)
	- kfreebsd-5 5.4-14
CVE-2006-0380 (A logic error in FreeBSD kernel 5.4-STABLE and 6.0 causes the kernel ...)
	NOT-FOR-US: FreeBSD, possibly affects kfreebsd-5
CVE-2006-0379 (FreeBSD kernel 5.4-STABLE and 6.0 does not completely initialize a ...)
	NOT-FOR-US: FreeBSD, possibly affects kfreebsd-5
CVE-2006-0378 (Cross-site scripting (XSS) vulnerability in Netrix X-Site Manager ...)
	NOT-FOR-US: Netrix X-Site Manager
CVE-2006-0377 (CRLF injection vulnerability in SquirrelMail 1.4.0 to 1.4.5 allows ...)
	{DSA-988-1}
	- squirrelmail 2:1.4.6-1 (bug #354063; bug #355424)
CVE-2006-0376 (The 802.11 wireless client in certain operating systems including ...)
	NOT-FOR-US: Windows
CVE-2006-0375 (Advantage Century Telecommunication (ACT) P202S IP Phone 1.01.21 ...)
	NOT-FOR-US: Advantage Century Telecommunication (ACT) P202S IP Phone
CVE-2006-0374 (Advantage Century Telecommunication (ACT) P202S IP Phone 1.01.21 ...)
	NOT-FOR-US: Advantage Century Telecommunication (ACT) P202S IP Phone
CVE-2006-0373 (Cross-site scripting (XSS) vulnerability in register.aspx in Douran ...)
	NOT-FOR-US: Douran FollowWeb
CVE-2006-0372 (Multiple SQL injection vulnerabilities in config.php in Insane Visions ...)
	NOT-FOR-US: Insane Visions BlogPHP
CVE-2006-0371 (Directory traversal vulnerability in index.php in Noah Medling RCBlog ...)
	NOT-FOR-US: Noah Medling RCBlog
CVE-2006-0370 (Noah Medling RCBlog 1.03 stores the data and config directories under ...)
	NOT-FOR-US: Noah Medling RCBlog
CVE-2006-0369 (** DISPUTED ** ...)
	- mysql-dfsg-4.1 <unfixed> (unimportant)
	NOTE: This isn't a security hole, it's expected behaviour
CVE-2006-0368 (Cisco CallManager 3.2 and earlier, 3.3 before 3.3(5)SR1, 4.0 before ...)
	NOT-FOR-US: Cisco
CVE-2006-0367 (Unspecified vulnerability in Cisco CallManager 3.2 and earlier, 3.3 ...)
	NOT-FOR-US: Cisco
CVE-2006-0366 (Cross-site scripting (XSS) vulnerability in Phpclanwebsite (aka PCW) ...)
	NOT-FOR-US: Phpclanwebsite
CVE-2006-0365 (Cross-site scripting (XSS) vulnerability in XMB (aka extreme message ...)
	NOT-FOR-US: XMB
CVE-2006-0364 (Cross-site scripting (XSS) vulnerability in MyBulletinBoard (MyBB) ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2006-0363 (The &quot;Remember my Password&quot; feature in MSN Messenger 7.5 stores ...)
	NOT-FOR-US: MSN Messenger
CVE-2006-0362 (TippingPoint Intrusion Prevention System (IPS) TOS before 2.1.4.6324, ...)
	NOT-FOR-US: TippingPoint IPS
CVE-2006-0361 (Cross-site scripting (XSS) vulnerability in addcomment.php in Bit 5 ...)
	NOT-FOR-US: Bit 5 Blog
CVE-2006-0360 (MPM SIP HP-180W Wireless IP Phone WE.00.17 allows remote attackers to ...)
	NOT-FOR-US: MPM SIP IP Phone
CVE-2006-0359 (Buffer overflow in CounterPath eyeBeam SIP Softphone allows remote ...)
	NOT-FOR-US: eyeBeam SIP Softphone
CVE-2006-0358 (Multiple SQL injection vulnerabilities in PowerPortal, possibly 1.1 ...)
	NOT-FOR-US: PowerPortal
CVE-2006-0357 (Grant Averett Cerberus FTP Server 2.32, and possibly earlier versions, ...)
	NOT-FOR-US: Grant Averett Cerberus FTP Server
CVE-2006-0356 (Ari Pikivirta Home Ftp Server 1.0.7 allows remote attackers to cause ...)
	NOT-FOR-US: Ari Pikivirta Home Ftp Server
CVE-2006-0355 (Helmsman Research (aka CoolUtils) HomeFtp 1.1 allows remote attackers ...)
	NOT-FOR-US: Helmsman Research (aka CoolUtils) HomeFtp
CVE-2006-0354 (Cisco IOS before 12.3-7-JA2 on Aironet Wireless Access Points (WAP) ...)
	NOT-FOR-US: Cisco
CVE-2006-0352 (The default configuration of Fluffington FLog 1.01 installs ...)
	NOT-FOR-US: Fluffington FLog
CVE-2006-0351 (Unspecified &quot;critical denial-of-service vulnerability&quot; in MyDNS before ...)
	{DSA-963-1}
	[sarge] - mydns 1.0.0-4sarge1
	- mydns 1.1.0+pre-3 (medium; bug #348826)
CVE-2006-0350 (Cross-site scripting (XSS) vulnerability in eggblog 2.0 allow remote ...)
	NOT-FOR-US: eggblog
CVE-2006-0349 (SQL injection vulnerability in eggblog 2.0 allows remote attackers to ...)
	NOT-FOR-US: eggblog
CVE-2006-0348 (Format string vulnerability in the write_logfile function in ELOG ...)
	{DSA-967-1}
	- elog 2.6.1+r1642-1 (bug #349528; medium)
CVE-2006-0347 (Directory traversal vulnerability in ELOG before 2.6.1 allows remote ...)
	{DSA-967-1}
	- elog 2.6.1+r1642-1 (bug #349528; medium)
CVE-2006-0346 (Cross-site scripting (XSS) vulnerability in SaralBlog 1.0 allows ...)
	NOT-FOR-US: SaralBlog
CVE-2006-0345 (Multiple SQL injection vulnerabilities in SaralBlog 1.0 allow remote ...)
	NOT-FOR-US: SaralBlog
CVE-2006-0344 (Directory traversal vulnerability in Intervations FileCOPA FTP Server ...)
	NOT-FOR-US: FileCOPA FTP Server
CVE-2006-0343 (Unspecified vulnerability in the Port Discovery Standard and Advanced ...)
	NOT-FOR-US: Hitachi JP1/NetInsight II
CVE-2006-0342 (RockLiffe MailSite HTTP Mail management agent (httpma) 7.0.3.1 allows ...)
	NOT-FOR-US: RockLiffe MailSite
CVE-2006-0341 (Cross-site scripting (XSS) vulnerability in WCONSOLE.DLL in Rockliffe ...)
	NOT-FOR-US: RockLiffe MailSite
CVE-2006-0340 (Unspecified vulnerability in Stack Group Bidding Protocol (SGBP) ...)
	NOT-FOR-US: Cisco
CVE-2006-0339 (Buffer overflow in BitComet Client 0.60 allows remote attackers to ...)
	NOT-FOR-US: BitComet
CVE-2006-0338 (Multiple F-Secure Anti-Virus products and versions for Windows and ...)
	NOT-FOR-US: F-Secure
CVE-2006-0337 (Buffer overflow in multiple F-Secure Anti-Virus products and versions ...)
	NOT-FOR-US: F-Secure
CVE-2006-0336 (Kerio WinRoute Firewall before 6.1.4 Patch 2 allows attackers to cause ...)
	NOT-FOR-US: Kerio Firewall
CVE-2006-0335 (Multiple unspecified vulnerabilities in Kerio WinRoute Firewall before ...)
	NOT-FOR-US: Kerio Firewall
CVE-2006-0334 (Cross-site scripting (XSS) vulnerability in search.php in My Amazon ...)
	NOT-FOR-US: My Amazon Store Manager
CVE-2006-0333 (Cross-site scripting (XSS) vulnerability in ar-blog 5.2 allows remote ...)
	NOT-FOR-US: ar-blog
CVE-2006-0332 (Pantomime in Ecartis 1.0.0 snapshot 20050909 stores e-mail attachments ...)
	- ecartis 1.0.0+cvs.20030911-11 (low; bug #348824)
	[sarge] - ecartis <no-dsa> (No real fix available, only rare setups affected, minor exploit potential)
CVE-2006-0331 (Buffer overflow in Change passwd 3.1 (chpasswd) SquirrelMail plugin ...)
	NOT-FOR-US: Squirrelmail plugin
CVE-2006-0330 (Cross-site scripting (XSS) vulnerability in Gallery before 1.5.2 ...)
	{DSA-1148-1}
	- gallery 1.5.2-1
CVE-2006-0329 (SQL injection vulnerability in HITSENSER Data Mart Server BS, BS-S, ...)
	NOT-FOR-US: HITSENSER Data Mart Server BS
CVE-2006-0328 (Format string vulnerability in Tftpd32 2.81 allows remote attackers to ...)
	NOT-FOR-US: Tftpd32, different from the tftpd in Debian
CVE-2006-0327 (TYPO3 3.7.1 allows remote attackers to obtain sensitive information ...)
	- typo3-src 4.0.2-1 (bug #364351; unimportant)
	NOTE: Only path disclosure
CVE-2006-0326
	RESERVED
CVE-2006-0325 (Etomite Content Management System 0.6, and possibly earlier versions, ...)
	NOT-FOR-US: Etomite CMS
CVE-2006-0324 (SQL injection vulnerability in WebspotBlogging 3.0 allows remote ...)
	NOT-FOR-US: WebspotBlogging
CVE-2006-0323 (Buffer overflow in swfformat.dll in multiple RealNetworks products and ...)
	NOT-FOR-US: Real Player (initial advisory claimed Helix affected, which is incorrect
CVE-2006-0322 (Unspecified vulnerability the edit comment formatting functionality in ...)
	- mediawiki 1.4.15-1 (low)
CVE-2005-4666 (Cross-site scripting (XSS) vulnerability in PHlyMail before 3.3 Beta1 ...)
	NOT-FOR-US: PHlyMail
CVE-2006-0353 (unix_random.c in lshd for lsh 2.0.1 leaks file descriptors related to ...)
	{DSA-956-1}
	- lsh-utils 2.0.1cdbs-4 (low; bug #349303)
	NOTE: woody seems to be vulnerable as well (looking at the source code).
CVE-2006-0283 (Unspecified vulnerability in Oracle Database Server 10.1.0.4.2, ...)
	NOT-FOR-US: Oracle
CVE-2006-0321 (fetchmail 6.3.0 and other versions before 6.3.2 allows remote ...)
	- fetchmail 6.3.2-1 (bug #348747; low)
	[sarge] - fetchmail <not-affected> (regression in fetchmail 6.3.0 and 6.3.1)
	[woody] - fetchmail <not-affected> (regression in fetchmail 6.3.0 and 6.3.1)
CVE-2006-0320 (SQL injection vulnerability in admin/processlogin.php in Bit 5 Blog ...)
	NOT-FOR-US: Bit 5 Blog
CVE-2006-0319 (Directory traversal vulnerability in the FTP server (port 22003/tcp) ...)
	NOT-FOR-US: Farmers WIFE
CVE-2006-0318 (SQL injection vulnerability in index.php in BlogPHP 1.0, when ...)
	NOT-FOR-US: BlogPHP
CVE-2006-0317 (Cross-site scripting (XSS) vulnerability in rkrt_stats.php in ...)
	NOT-FOR-US: RedKernel Referrer Tracker
CVE-2006-0316 (Buffer overflow in YGPPicFinder.DLL in AOL You've Got Pictures (YGP) ...)
	NOT-FOR-US: AOL You've Got Pictures (YGP) Picture Finder Tool ActiveX Control
CVE-2006-0315 (index.php in EZDatabase before 2.1.2 does not properly cleanse the p ...)
	NOT-FOR-US: EZDatabase
CVE-2006-0314 (PDFdirectory before 1.0 stores sensitive data in plaintext, which ...)
	NOT-FOR-US: PDFdirectory
CVE-2006-0313 (Multiple SQL injection vulnerabilities in PDFdirectory before 1.0 ...)
	NOT-FOR-US: PDFdirectory
CVE-2006-0312 (create.php in aoblogger 2.3 allows remote attackers to bypass ...)
	NOT-FOR-US: aoblogger
CVE-2006-0311 (SQL injection vulnerability in login.php in aoblogger 2.3 allows ...)
	NOT-FOR-US: aoblogger
CVE-2006-0310 (Cross-site scripting (XSS) vulnerability in aoblogger 2.3 allows ...)
	NOT-FOR-US: aoblogger
CVE-2006-0309 (Linksys BEFVP41 VPN Router 2.0 with firmware 1.01.04 allows remote ...)
	NOT-FOR-US: Linksys hardware issue
CVE-2006-0308 (PHP remote file inclusion vulnerability in htmltonuke.php in the ...)
	NOT-FOR-US: HTMLtoNuke
CVE-2006-0307 (The DM Primer in the DM Deployment Common Component in Computer ...)
	NOT-FOR-US: CA BrightStor products
CVE-2006-0306 (The DM Primer (dmprimer.exe) in the DM Deployment Common Component in ...)
	NOT-FOR-US: CA BrightStor products
CVE-2006-0305 (Clipcomm CPW-100E VoIP 802.11b Wireless Handset Phone running firmware ...)
	NOT-FOR-US: Clipcomm hardware
CVE-2006-0304 (Buffer overflow in Dual DHCP DNS Server 1.0 allows remote attackers to ...)
	NOT-FOR-US: dual dns server
CVE-2006-0303 (Multiple unspecified vulnerabilities in the (1) publishing component, ...)
	NOT-FOR-US: Joomla!
CVE-2006-0302 (ZyXel P2000W VoIP 802.11b Wireless Phone running firmware WV.00.02 ...)
	NOT-FOR-US: ZyXel hardware
CVE-2006-0301 (Heap-based buffer overflow in Splash.cc in xpdf, as used in other ...)
	{DSA-1019-1 DSA-998-1 DSA-984-1 DSA-983-1 DSA-982-1 DSA-979-1 DSA-974-1 DSA-972-1 DSA-971-1}
	- poppler 0.4.5-1 (medium)
	- tetex-bin 3.0-12 (medium)
	[sarge] - tetex-bin <not-affected> (tetex2 uses an older version, which is not affected)
	- kdegraphics 4:3.5.1-2 (medium)
	- gpdf 2.10.0-3 (medium)
	- xpdf 3.01-6 (bug #350785; bug #350783; medium)
	- koffice 1.5.0-1 (medium)
	- libextractor 0.5.10-1 (medium)
	- pdfkit.framework 0.8-4 (medium)
CVE-2006-0300 (Buffer overflow in tar 1.14 through 1.15.90 allows user-assisted ...)
	{DSA-987-1}
	- tar 1.15.1-3 (bug #354091; high)
	- dpkg <not-affected> (has completely different tar implementation)
	[woody] - tar <not-affected>
CVE-2006-0299 (The E4X implementation in Mozilla Firefox before 1.5.0.1, Thunderbird ...)
	[sarge] - mozilla-firefox <not-affected> (Only Firefox 1.5 is affected)
	- mozilla <not-affected> (E4X not implemented in Mozilla 1.7)
	- firefox 1.5.dfsg+1.5.0.1-1 (bug #351442)
	[sarge] - mozilla-thunderbird <not-affected> (Only 1.5 is affected)
	- thunderbird 1.5.0.2-1
CVE-2006-0298 (The XML parser in Mozilla Firefox before 1.5.0.1 and SeaMonkey before ...)
	[sarge] - mozilla-firefox <not-affected> (Only Firefox 1.5 is affected)
	- mozilla <not-affected> (Mozilla 1.7 is not affected)
	- firefox 1.5.dfsg+1.5.0.1-1 (bug #351442)
	[sarge] - mozilla-thunderbird <not-affected> (Only 1.5 is affected)
	- thunderbird 1.5.0.2-1
CVE-2006-0297 (Multiple integer overflows in Mozilla Firefox 1.5, Thunderbird 1.5 if ...)
	[sarge] - mozilla-firefox <not-affected> (Only Firefox 1.5 is affected)
	- mozilla <not-affected> (Mozilla 1.7 is not affected)
	- firefox 1.5.dfsg+1.5.0.1-1 (bug #351442)
	[sarge] - mozilla-thunderbird <not-affected> (Only 1.5 is affected)
	- thunderbird 1.5.0.2-1
	- xulrunner 1.8.0.1-9
CVE-2006-0296 (The XULDocument.persist function in Mozilla, Firefox before 1.5.0.1, ...)
	{DSA-1051-1 DSA-1046-1 DSA-1044-1}
	- firefox 1.5.dfsg+1.5.0.1-1 (bug #351442)
	- mozilla 2:1.7.13-0.1
	- thunderbird 1.5.0.2-1
CVE-2006-0295 (Mozilla Firefox 1.5, Thunderbird 1.5 if Javascript is enabled in mail, ...)
	- firefox 1.5.dfsg+1.5.0.1-1 (bug #351442)
	[sarge] - mozilla-firefox <not-affected>
	[sarge] - mozilla-thunderbird <not-affected> (Only 1.5 is affected)
	- thunderbird 1.5.0.2-1
CVE-2006-0294 (Mozilla Firefox before 1.5.0.1, Thunderbird 1.5 if running Javascript ...)
	- firefox 1.5.dfsg+1.5.0.1-1 (bug #351442)
	[sarge] - mozilla-firefox <not-affected> (Only Firefox 1.5 is affected)
	[sarge] - mozilla-thunderbird <not-affected> (Only 1.5 is affected)
	- mozilla-thunderbird <unfixed>
	- thunderbird 1.5.0.2-1
CVE-2006-0293 (The function allocation code (js_NewFunction in jsfun.c) in Firefox ...)
	{DSA-1051-1 DSA-1046-1}
	- firefox 1.5.dfsg+1.5.0.1-1 (bug #351442)
	[sarge] - mozilla-firefox <not-affected> (Only Firefox 1.5 is affected)
	[sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8
	- mozilla 2:1.7.13-0.1
CVE-2006-0292 (The Javascript interpreter (jsinterp.c) in Mozilla and Firefox before ...)
	{DSA-1051-1 DSA-1046-1 DSA-1044-1}
	- firefox 1.5.dfsg+1.5.0.1-1 (bug #351442)
	[sarge] - mozilla-firefox 1.0.4-2sarge6
	[sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8
	- thunderbird 1.5.0.2-1
	- mozilla 2:1.7.13-0.1
CVE-2006-0291 (Multiple unspecified vulnerabilities in Oracle Database Server ...)
	NOT-FOR-US: Oracle
CVE-2006-0290 (Unspecified vulnerability in Oracle Database Server 9.2.0.7, ...)
	NOT-FOR-US: Oracle
CVE-2006-0289 (Multiple unspecified vulnerabilities in Oracle Application Server ...)
	NOT-FOR-US: Oracle
CVE-2006-0288 (Multiple unspecified vulnerabilities in the Oracle Reports Developer ...)
	NOT-FOR-US: Oracle
CVE-2006-0287 (Unspecified vulnerability in the Oracle HTTP Server component of ...)
	NOT-FOR-US: Oracle
CVE-2006-0286 (Unspecified vulnerability in the Oracle HTTP Server component of ...)
	NOT-FOR-US: Oracle
CVE-2006-0285 (Unspecified vulnerability in the Java Net component of Oracle Database ...)
	NOT-FOR-US: Oracle
CVE-2006-0284 (Multiple unspecified vulnerabilities in Oracle Application Server ...)
	NOT-FOR-US: Oracle
CVE-2006-0282 (Unspecified vulnerability in Oracle Database Server 8.1.7.4, 9.0.1.5, ...)
	NOT-FOR-US: Oracle
CVE-2006-0281 (Unspecified vulnerability in Oracle JD Edwards HTML Server 8.95.F1 ...)
	NOT-FOR-US: Oracle
CVE-2006-0280 (Unspecified vulnerability in Oracle PeopleSoft Enterprise Portal 8.4 ...)
	NOT-FOR-US: Oracle
CVE-2006-0279 (Multiple unspecified vulnerabilities in Oracle E-Business Suite and ...)
	NOT-FOR-US: Oracle
CVE-2006-0278 (Multiple unspecified vulnerabilities in Oracle E-Business Suite and ...)
	NOT-FOR-US: Oracle
CVE-2006-0277 (Multiple unspecified vulnerabilities in Oracle E-Business Suite and ...)
	NOT-FOR-US: Oracle
CVE-2006-0276 (Multiple unspecified vulnerabilities in Oracle Collaboration Suite ...)
	NOT-FOR-US: Oracle
CVE-2006-0275 (Unspecified vulnerability in the Oracle Reports Developer component of ...)
	NOT-FOR-US: Oracle
CVE-2006-0274 (Unspecified vulnerability in the Oracle Reports Developer component of ...)
	NOT-FOR-US: Oracle
CVE-2006-0273 (Unspecified vulnerability in the Portal component of Oracle ...)
	NOT-FOR-US: Oracle
CVE-2006-0272 (Unspecified vulnerability in the XML Database component of Oracle ...)
	NOT-FOR-US: Oracle
CVE-2006-0271 (Unspecified vulnerability in the Upgrade &amp; Downgrade component of ...)
	NOT-FOR-US: Oracle
CVE-2006-0270 (Unspecified vulnerability in the Transparent Data Encryption (TDE) ...)
	NOT-FOR-US: Oracle
CVE-2006-0269 (Unspecified vulnerability in the Streams Capture component of Oracle ...)
	NOT-FOR-US: Oracle
CVE-2006-0268 (Unspecified vulnerability in the Security component of Oracle Database ...)
	NOT-FOR-US: Oracle
CVE-2006-0267 (Unspecified vulnerability in the Query Optimizer component of Oracle ...)
	NOT-FOR-US: Oracle
CVE-2006-0266 (Unspecified vulnerability in the Query Optimizer component of Oracle ...)
	NOT-FOR-US: Oracle
CVE-2006-0265 (Multiple unspecified vulnerabilities in Oracle Database server ...)
	NOT-FOR-US: Oracle
CVE-2006-0264
	REJECTED
	NOT-FOR-US: Oracle
CVE-2006-0263 (Multiple unspecified vulnerabilities in Oracle Database server ...)
	NOT-FOR-US: Oracle
CVE-2006-0262 (Unspecified vulnerability in the Net Foundation Layer component of ...)
	NOT-FOR-US: Oracle
CVE-2006-0261 (Multiple unspecified vulnerabilities in Oracle Database server ...)
	NOT-FOR-US: Oracle
CVE-2006-0260 (Multiple unspecified vulnerabilities in Oracle Database server 9.2.0.7 ...)
	NOT-FOR-US: Oracle
CVE-2006-0259 (Multiple unspecified vulnerabilities in Oracle Database server ...)
	NOT-FOR-US: Oracle
CVE-2006-0258 (Unspecified vulnerability in the Connection Manager component of ...)
	NOT-FOR-US: Oracle
CVE-2006-0257 (Unspecified vulnerability in the Change Data Capture component of ...)
	NOT-FOR-US: Oracle
CVE-2006-0256 (Unspecified vulnerability in the Advanced Queuing component of Oracle ...)
	NOT-FOR-US: Oracle
CVE-2006-0255 (Unquoted Windows search path vulnerability in Check Point VPN-1 ...)
	NOT-FOR-US: Check Point VPN
CVE-2006-0254 (Multiple cross-site scripting (XSS) vulnerabilities in Apache Geronimo ...)
	NOT-FOR-US: Apache Geronimo
CVE-2006-0253 (Buffer overflow in the Bluetooth OBEX Object Push service in &quot;Blue ...)
	NOT-FOR-US: AmbiCom Blue Neighbors
CVE-2006-0252 (SQL injection vulnerability in Benders Calendar 1.0 allows remote ...)
	NOT-FOR-US: Benders Calendar
CVE-2006-0251 (Cross-site scripting (XSS) vulnerability in fom.cgi in Faq-O-Matic ...)
	- faqomatic 2.712-3
CVE-2006-0250 (Format string vulnerability in the snmp_input function in snmptrapd in ...)
	NOT-FOR-US: cmu-snmp-linux fork from CMU SNMP
	NOTE: This bug is present in a fork, not in the mainline
	NOTE: CMU-SNMP/UCD-SNMP/NET-SNMP versions.
CVE-2006-0249 (SQL injection vulnerability in viewcat.php in BitDamaged geoBlog ...)
	NOT-FOR-US: geoBlog
CVE-2006-0248 (Virata-EmWeb web server 6_1_0, as used in (1) Intracom JetSpeed 500 ...)
	NOT-FOR-US: Virata-EmWeb web server
CVE-2006-0247 (Cross-site scripting (XSS) vulnerability in anyboard.cgi in Netbula ...)
	NOT-FOR-US: Anyboard
CVE-2006-0246 (Cross-site scripting (XSS) vulnerability in down.pl in Widexl Download ...)
	NOT-FOR-US: Widexl Download Tracker
CVE-2006-0245 (Multiple cross-site scripting (XSS) vulnerabilities in CubeCart ...)
	NOT-FOR-US: CubeCart
CVE-2006-0244 (** DISPUTED ** ...)
	NOT-FOR-US: phpXplorer
CVE-2006-0243 (Cross-site scripting (XSS) vulnerability in SMBCMS 2.1 allows remote ...)
	NOT-FOR-US: SMBCMS
CVE-2006-0242 (Cross-site scripting vulnerability in index.php in PHP Fusebox 4.0.6 ...)
	NOT-FOR-US: PHP Fusebox
CVE-2006-0241 (Cross-site scripting vulnerability in WBNews 1.1.0 and earlier allows ...)
	NOT-FOR-US: WBNews
CVE-2006-0240 (Multiple SQL injection vulnerabilities in Simple Blog 2.1 allow remote ...)
	NOT-FOR-US: Simple Blog
CVE-2006-0239 (Multiple cross-site scripting (XSS) vulnerabilities in Simple Blog 2.1 ...)
	NOT-FOR-US: Simple Blog
CVE-2006-0238 (SQL injection vulnerability in wp-stats.php in GaMerZ WP-Stats 2.0 ...)
	NOT-FOR-US: GaMerZ WP-Stats
CVE-2006-0237 (Cross-site scripting (XSS) vulnerability in index.php in GTP iCommerce ...)
	NOT-FOR-US: GTP iCommerce
CVE-2006-0236 (GUI display truncation vulnerability in Mozilla Thunderbird 1.0.2, ...)
	[sarge] - mozilla-thunderbird <no-dsa> (Mozilla products from Sarge no longer supported)
CVE-2006-0235 (SQL injection vulnerability in WhiteAlbum 2.5 allows remote attackers ...)
	NOT-FOR-US: WhiteAlbum
CVE-2006-0234 (SQL injection vulnerability in index.php in microBlog 2.0 RC-10 allows ...)
	NOT-FOR-US: microBlog
CVE-2006-0233 (Cross-site scripting (XSS) vulnerability in functions.php in microBlog ...)
	NOT-FOR-US: microBlog
CVE-2006-0232 (Symantec Scan Engine 5.0.0.24, and possibly other versions before ...)
	NOT-FOR-US: Symantec Scan Engine
CVE-2006-0231 (Symantec Scan Engine 5.0.0.24, and possibly other versions before ...)
	NOT-FOR-US: Symantec Scan Engine
CVE-2006-0230 (Symantec Scan Engine 5.0.0.24, and possibly other versions before ...)
	NOT-FOR-US: Symantec Scan Engine
CVE-2006-0229 (Unquoted Windows search path vulnerability in Wehntrust might allow ...)
	NOT-FOR-US: Wehntrust
CVE-2006-0228 (The RBAC functionality in grsecurity before 2.1.8 does not properly ...)
	- kernel-patch-grsecurity2 2.1.8-1 (bug #349246; medium)
	- kernel-patch-2.4-grsecurity <removed> (bug #349247; medium)
CVE-2006-0227 (Multiple unspecified vulnerabilities in lpsched in Sun Solaris 8, 9, ...)
	NOT-FOR-US: lpsched in Sun Solaris
CVE-2006-0226 (Integer overflow in IEEE 802.11 network subsystem (ieee80211_ioctl.c) ...)
	NOT-FOR-US: freebsd kernel
CVE-2006-0225 (scp in OpenSSH 4.2p1 allows attackers to execute arbitrary commands ...)
	- openssh 1:4.3p2-1 (low; bug #349645; bug #352254)
	[sarge] - openssh <no-dsa> (Protocol flaws inherited from rcp)
	- dropbear 0.48-1 (unimportant)
	NOTE: dropbear doesn't include scp in binary package
CVE-2006-0224 (Buffer overflow in Library of Assorted Spiffy Things (LibAST) 0.6.1 ...)
	{DSA-976-1}
	- libast 0.7-1
CVE-2005-4665 (Cross-site scripting (XSS) vulnerability in PunBB 1.2.6 and earlier ...)
	NOT-FOR-US: PunBB
CVE-2006-0223 (Directory traversal vulnerability in Shanghai TopCMM 123 Flash Chat ...)
	NOT-FOR-US: TopCMM
CVE-2006-0222 (Cross-site scripting (XSS) vulnerability in fullview.php in AlstraSoft ...)
	NOT-FOR-US: AlstraSoft Template Seller Pro
CVE-2006-0221 (SQL injection vulnerability in index.asp in the Admin Panel in Dragon ...)
	NOT-FOR-US: Dragon Design Services Network (DDSN)
CVE-2006-0220 (Multiple cross-site scripting (XSS) vulnerabilities in DCP-Portal 5.3 ...)
	NOT-FOR-US: DCP-Portal
CVE-2006-0219 (The original distribution of MyBulletinBoard (MyBB) to update from ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2006-0218 (Multiple unspecified vulnerabilities in MyBulletinBoard (MyBB) before ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2006-0217 (Multiple cross-site scripting (XSS) vulnerabilities in Ultimate ...)
	NOT-FOR-US: Ultimate Auction
CVE-2006-0216 (admin.php in QualityEBiz Quality PPC (QPPC) 1.0 build 1644 allows ...)
	NOT-FOR-US: QualityEBiz Quality PPC
CVE-2006-0215 (Cross-site scripting (XSS) vulnerability in admin.php in QualityEBiz ...)
	NOT-FOR-US: QualityEBiz Quality PPC
CVE-2006-0214 (Eval injection vulnerability in ezDatabase 2.0 and earlier allows ...)
	NOT-FOR-US: ezDatabase
CVE-2006-0213 (Kolab Server 2.0.1, 2.0.2 and development versions pre-2.1-20051215 ...)
	NOT-FOR-US: Kolab Server
	NOTE: libkolab-perl are extensions for this server, but server does not seem to be in debian
CVE-2006-0212 (Directory traversal vulnerability in OBEX Push services in Toshiba ...)
	NOT-FOR-US: Toshiba Bluetooth Stack
CVE-2006-0211 (Cross-site scripting (XSS) vulnerability in forgotPassword.asp in Helm ...)
	NOT-FOR-US: Helm Hosting Control Panel
CVE-2006-0210 (Cross-site scripting (XSS) vulnerability in index.php in Interspire ...)
	NOT-FOR-US: Interspire TrackPoint NX
CVE-2006-0209 (SQL injection vulnerability in general_functions.php in TankLogger 2.4 ...)
	NOT-FOR-US: TankLogger
CVE-2006-0208 (Multiple cross-site scripting (XSS) vulnerabilities in PHP 4.4.1 and ...)
	- php5 5.1.2-1
	- php4 4:4.4.2-1 (bug #354682; low)
	[sarge] - php4 <no-dsa> (html_errors shouldn't be used)
CVE-2006-0207 (Multiple HTTP response splitting vulnerabilities in PHP 5.1.1 allow ...)
	{DSA-1331-1}
	- php5 5.1.2-1 (bug #347894)
	- php4 4:4.4.2-1 (bug #354683)
CVE-2006-0206 (Eval injection vulnerability in Light Weight Calendar (LWC) 1.0 ...)
	NOT-FOR-US: Light Weight Calendar
CVE-2006-0205 (Multiple SQL injection vulnerabilities in Wordcircle 2.17 allow remote ...)
	NOT-FOR-US: Wordcircle
CVE-2006-0204 (Multiple cross-site scripting (XSS) vulnerabilities in Wordcircle 2.17 ...)
	NOT-FOR-US: Wordcircle
CVE-2006-0203 (membership.asp in Mini-Nuke CMS System 1.8.2 and earlier does not ...)
	NOT-FOR-US: Mini-Nuke
CVE-2006-0202 (Dave Nielsen and Patrick Breitenbach PayPal Web Services (aka PHP ...)
	NOT-FOR-US: PayPal Web Services
CVE-2006-0201 (Dave Nielsen and Patrick Breitenbach PayPal Web Services (aka PHP ...)
	NOT-FOR-US: PayPal Web Services
CVE-2006-0200 (Format string vulnerability in the error-reporting feature in the ...)
	- php5 5.1.2-1 (bug #347894; unimportant)
	- php4 <not-affected> (vulnerable code was introduced in PHP5)
	NOTE: Not built into the binary packages
CVE-2006-0199 (SQL injection vulnerability in news.asp in Mini-Nuke CMS System 1.8.2 ...)
	NOT-FOR-US: Mini-Nuke
CVE-2006-0198 (Cross-site scripting (XSS) vulnerability in a certain module, possibly ...)
	NOT-FOR-US: XOOPS
CVE-2006-0197 (The XClientMessageEvent struct used in certain components of X.Org ...)
	NOTE: exploitability uncertian
	- xorg-x11 <unfixed> (bug #349251; low)
CVE-2006-0196 (Unspecified vulnerability in Serial line sniffer (aka slsnif) 0.4.4 ...)
	NOT-FOR-US: slsnif
CVE-2006-0195 (Interpretation conflict in the MagicHTML filter in SquirrelMail 1.4.0 ...)
	{DSA-988-1}
	- squirrelmail 2:1.4.6-1 (bug #354062)
CVE-2006-0194 (Cross-site scripting (XSS) vulnerability in default.asp in FogBugz ...)
	NOT-FOR-US: FogBugz
CVE-2006-0193 (Cross-site scripting (XSS) vulnerability in the Hosting Control Panel ...)
	NOT-FOR-US: Positive Software H-Sphere
CVE-2006-0192 (SQL injection vulnerability in Login_Validate.asp in ASPSurvey 1.10 ...)
	NOT-FOR-US: ASPSurvey
CVE-2006-0191 (Unspecified vulnerability in Sun Solaris 10 allows local users to ...)
	NOT-FOR-US: Sun Solaris
CVE-2006-0190 (Unspecified vulnerability in Sun Solaris 9 and 10 for the x86 platform ...)
	NOT-FOR-US: Sun Solaris
CVE-2006-0189 (Buffer overflow in eStara Softphone 3.0.1.14 through 3.0.1.46 allows ...)
	NOT-FOR-US: eStara Softphone
CVE-2006-0188 (webmail.php in SquirrelMail 1.4.0 to 1.4.5 allows remote attackers to ...)
	{DSA-988-1}
	- squirrelmail 2:1.4.6-1 (bug #354064)
CVE-2005-4664 (SQL injection vulnerability in OcoMon 1.21, and possibly other ...)
	NOT-FOR-US: OcoMon
CVE-2005-4663 (Cross-site scripting (XSS) vulnerability in OcoMon 1.20, and possibly ...)
	NOT-FOR-US: OcoMon
CVE-2005-4662 (Multiple SQL injection vulnerabilities in OcoMon 1.20, and possibly ...)
	NOT-FOR-US: OcoMon
CVE-2005-4661 (The notifyendsubs cron job in Campsite before 2.3.3 sends an e-mail ...)
	NOT-FOR-US: Campsite
CVE-2005-4660 (Race condition in IPCop (aka IPCop Firewall) before 1.4.10 might allow ...)
	NOT-FOR-US: IPCop
CVE-2005-4659 (IPCop (aka IPCop Firewall) before 1.4.10 has world-readable ...)
	NOT-FOR-US: IPCop
CVE-2005-4658 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
	NOT-FOR-US: ASP-Programmers.com ASPKnowledgebase
CVE-2005-4657 (Ocean12 Calendar Manager Pro 1.01 allows remote attackers to bypass ...)
	NOT-FOR-US: Ocean12
CVE-2005-4656 (SQL injection vulnerability in index.php in TClanPortal 1.1.3 and ...)
	NOT-FOR-US: TClanPortal
CVE-2005-4655 (Cross-site scripting (XSS) vulnerability in submit.php in PHP-Fusion ...)
	NOT-FOR-US: PHP-Fusion
CVE-2005-4654 (Multiple unspecified vulnerabilities in Oracle for OpenView (OfO) ...)
	NOT-FOR-US: Oracle
CVE-2005-4653 (Unspecified vulnerability in ss.php in AL-Caricatier 2.5 and earlier ...)
	NOT-FOR-US: AL-Caricatier
CVE-2005-4652 (SQL injection vulnerability in PHlyMail 3.02.01 allows remote ...)
	NOT-FOR-US: PHlyMail
CVE-2005-4651 (SQL injection vulnerability in index.php in AlstraSoft EPay Pro 2.0 ...)
	NOT-FOR-US: AlstraSoft EPay Pro
CVE-2005-4650 (Joomla! 1.03 does not restrict the number of &quot;Search&quot; Mambots, which ...)
	NOT-FOR-US: Joomla!
CVE-2005-4649 (Multiple cross-site scripting (XSS) vulnerabilities in Advanced ...)
	NOT-FOR-US: Advanced Guestbook
CVE-2005-4648 (Buffer overflow in Illustrate dBpowerAMP Music Converter 11.5 and ...)
	NOT-FOR-US: Illustrate dBpowerAMP Music Converter
CVE-2003-1290 (BEA WebLogic Server and WebLogic Express 6.1, 7.0, and 8.1, with RMI ...)
	NOT-FOR-US: BEA WebLogic Server
CVE-2006-2443 (The Debian package of knowledgetree 2.0.7 creates environment.php with ...)
	- knowledgetree 2.0.7-2 (bug #348306; medium)
CVE-2006-0187 (By design, Microsoft Visual Studio 2005 automatically executes code in ...)
	NOT-FOR-US: Microsoft
CVE-2006-0186
	REJECTED
CVE-2006-0185 (Multiple cross-site scripting vulnerabilities in the (1) Pool or (2) ...)
	NOT-FOR-US: PHP-Nuke
CVE-2006-0184 (Multiple SQL injection vulnerabilities in AspTopSites allow remote ...)
	NOT-FOR-US: AspTopSites
CVE-2006-0183 (Direct static code injection vulnerability in edit.php in ACal ...)
	NOT-FOR-US: ACal Calendar Project
CVE-2006-0182 (login.php in ACal Calendar Project 2.2.5 allows remote attackers to ...)
	NOT-FOR-US: ACal Calendar Project
CVE-2006-0181 (Cisco Security Monitoring, Analysis and Response System (CS-MARS) ...)
	NOT-FOR-US: Cisco
CVE-2006-0180 (Cross-site scripting (XSS) vulnerability in CaLogic Calendars 1.2.2 ...)
	NOT-FOR-US: CaLogic Calendars
CVE-2006-0179 (The Cisco IP Phone 7940 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Cisco
CVE-2006-0178 (Format string vulnerability in /bin/ftp in UNICOS 9.0.2.2 allows local ...)
	NOT-FOR-US: Cray UNICOS
CVE-2006-0177 (Multiple buffer overflows in Cray UNICOS 9.0.2.2 might allow local ...)
	NOT-FOR-US: Cray UNICOS
CVE-2006-0176 (Buffer overflow in certain functions in src/fileio.c and ...)
	- xmame 0.104-1 (medium; bug #349653)
	NOTE: Only xmame-svgalib is vulnerable, the xmame-x package has a debconf
	NOTE: question, that makes it very clear that setuid root is only for single-user
	NOTE: systems and xmame-sdl and xmess aren't setuid at all
	[sarge] - xmame <no-dsa> (XMame is non-free software)
CVE-2006-0175 (Cross-site scripting (XSS) vulnerability in search_form.asp in Web Wiz ...)
	NOT-FOR-US: Web Wiz Forums
CVE-2006-0174 (Hummingbird Collaboration (aka Hummingbird Enterprise Collaboration) ...)
	NOT-FOR-US: Hummingbird Collaboration
CVE-2006-0173 (Hummingbird Collaboration (aka Hummingbird Enterprise Collaboration) ...)
	NOT-FOR-US: Hummingbird Collaboration
CVE-2006-0172 (Cross-site scripting (XSS) vulnerability in the file manager utility ...)
	NOT-FOR-US: Hummingbird Collaboration
CVE-2006-0171 (PHP remote file include vulnerability in index.php in OrjinWeb ...)
	NOT-FOR-US: OrjinWeb E-commerce
CVE-2006-0170
	REJECTED
CVE-2006-0169 (addresses.php3 in MyPhPim 01.05 does not restrict uploaded files, ...)
	NOT-FOR-US: MyPhPim
CVE-2006-0168 (Cross-site scripting (XSS) vulnerability in MyPhPim 01.05 allows ...)
	NOT-FOR-US: MyPhPim
CVE-2006-0167 (SQL injection vulnerability in MyPhPim 01.05 allows remote attackers ...)
	NOT-FOR-US: MyPhPim
CVE-2006-0166 (Symantec Norton SystemWorks and SystemWorks Premier 2005 and 2006 ...)
	NOT-FOR-US: Symantec SystemWorks
CVE-2006-0165 (Cross-site scripting (XSS) vulnerability in the DataForm Entries ...)
	NOT-FOR-US: WebGUI
CVE-2006-0164 (phgstats.inc.php in phgstats before 0.5.1, if register_globals is ...)
	NOT-FOR-US: phgstats
CVE-2006-0163 (SQL injection vulnerability in the search module ...)
	NOT-FOR-US: PHP-Nuke
CVE-2006-0161 (Unspecified vulnerability in uucp in Sun Solaris 8 and 9 has unknown ...)
	NOT-FOR-US: Solaris
CVE-2005-4647 (Multiple SQL injection vulnerabilities in PEARLINGER Pearl Forums 2.4 ...)
	NOT-FOR-US: PEARLINGER Pearl Forums
CVE-2005-4646 (Unspecified vulnerability in index.php in PEARLINGER Pearl Forums 2.4 ...)
	NOT-FOR-US: PEARLINGER Pearl Forums
CVE-2005-4645 (SQL injection vulnerability in index.php in 3CFR allows remote ...)
	NOT-FOR-US: 3CFR
CVE-2005-4644 (Cross-site scripting (XSS) vulnerability in the HTML WikiProcessor in ...)
	{DSA-951-2}
	- trac 0.9.3-1
	[sarge] - trac 0.8.1-3sarge4 (medium)
CVE-2005-4643 (SQL injection vulnerability in index.php in Antharia OnContent // CMS ...)
	NOT-FOR-US: Antharia OnContent
CVE-2005-4642 (Multiple cross-site scripting (XSS) vulnerabilities in HydroBB 1.0.0 ...)
	NOT-FOR-US: HydroBB
CVE-2006-0160 (SQL injection vulnerability in add_post.php3 in Venom Board 1.22 ...)
	NOT-FOR-US: Venom Board
CVE-2006-0159 (SQL injection vulnerability in escribir.php in Foro Domus 2.10 allows ...)
	NOT-FOR-US: Foro Domus
CVE-2006-0158 (SQL injection vulnerability in index.php in CyberDoc SiteSuite CMS ...)
	NOT-FOR-US: CyberDoc SiteSuite CMS
CVE-2006-0157 (settings.php in Reamday Enterprises Magic News Plus 1.0.3 allows ...)
	NOT-FOR-US: Reamday Enterprises Magic News Plus
CVE-2006-0156 (Cross-site scripting (XSS) vulnerability in Foxrum 4.0.4f allows ...)
	NOT-FOR-US: Foxforum
CVE-2006-0155 (Cross-site scripting (XSS) vulnerability in posts.php in 427BB 2.2 and ...)
	NOT-FOR-US: 427BB
CVE-2006-0154 (SQL injection vulnerability in showthread.php in 427BB 2.2 and 2.2.1 ...)
	NOT-FOR-US: 427BB
CVE-2006-0153 (427BB 2.2 and 2.2.1 verifies authentication credentials based on the ...)
	NOT-FOR-US: 427BB
CVE-2006-0152 (Cross-site scripting (XSS) in search_result.php in phpChamber 1.2 and ...)
	NOT-FOR-US: phpChamber
CVE-2006-0151 (sudo 1.6.8 and other versions does not clear the PYTHONINSPECT ...)
	{DSA-946-2}
	- sudo 1.6.8p12-1 (medium)
	NOTE: The whole black list approach is flawed, for the DSA we'll switch to
	NOTE: a white list approach of known to be safe env vars.
CVE-2006-0150 (Multiple format string vulnerabilities in the auth_ldap_log_reason ...)
	{DSA-952-1}
	- libapache-auth-ldap <removed> (bug #347416)
CVE-2006-0149 (Cross-site scripting (XSS) vulnerability in SimpBook 1.0, with ...)
	NOT-FOR-US: SimpBook
CVE-2006-0148 (NetSarang Xlpd 2.1 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: NetSarang Xlpd
CVE-2006-0147 (Dynamic code evaluation vulnerability in tests/tmssql.php test script ...)
	{DSA-1031-1 DSA-1030-1 DSA-1029-1}
	- libphp-adodb 4.72-0.1 (medium; bug #349985)
	- cacti 0.8.6d-1
CVE-2006-0146 (The server.php test script in ADOdb for PHP before 4.70, as used in ...)
	{DSA-1031-1 DSA-1030-1 DSA-1029-1}
	- libphp-adodb 4.72-0.1 (medium; bug #349985)
	- cacti 0.8.6d-1
	- moodle 1.6.3-2
	NOTE: exact moodle fixed version not known, but at least <= 1.6.3-2
CVE-2006-0145 (The kernfs_xread function in kernfs in NetBSD 1.6 through 2.1, and ...)
	NOT-FOR-US: NetBSD
CVE-2006-0144 (The proxy server feature in go-pear.php in PHP PEAR 0.2.2, as used in ...)
	NOT-FOR-US: Neither php-pear nor php4-pear ship this file
CVE-2006-0143 (Microsoft Windows Graphics Rendering Engine (GRE) allows remote ...)
	NOT-FOR-US: Windows
CVE-2006-0142 (Cross-site scripting (XSS) vulnerability in andromeda.php in Andromeda ...)
	NOT-FOR-US: Andromeda
CVE-2006-0141 (Qualcomm Eudora Internet Mail Server (EIMS) before 3.2.8 allows remote ...)
	NOT-FOR-US: Eudora
CVE-2006-0140 (Cross-site scripting (XSS) vulnerability in post.php in NavBoard V16 ...)
	NOT-FOR-US: Navboard
CVE-2006-0139 (The send-private-message functionality (send-private-message.asp) in ...)
	NOT-FOR-US: PD9 Software MegaBBS
CVE-2005-4641 (SQL injection vulnerability in home.php in eazyCMS 2.0 allows remote ...)
	NOT-FOR-US: eazyCMS
CVE-2005-4640 (SQL injection vulnerability in index.php in class-1 Poll Software 0.4 ...)
	NOT-FOR-US: class-1 Poll
CVE-2005-4639 (Buffer overflow in the CA-driver (dst_ca.c) for TwinHan DST ...)
	- linux-2.6 2.6.15-1 (low)
CVE-2005-4638 (index.php in Kayako SupportSuite 3.00.26 and earlier allow remote ...)
	NOT-FOR-US: Kayako SupportSuite
CVE-2005-4637 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...)
	NOT-FOR-US: Kayako SupportSuite
CVE-2005-4636 (OpenOffice.org 2.0 and earlier, when hyperlinks has been disabled, ...)
	- openoffice.org <unfixed> (unimportant)
	NOTE: This is a non-issue IMO (neilm). OOo just launches a web browser.
	NOTE: If the admin doesn't web browsing, why is one installed/enabled?
CVE-2004-2653 (Unspecified vulnerability in PD9 Software MegaBBS 2.0 and 2.1 allows ...)
	NOT-FOR-US: PD9 Software MegaBBS
CVE-2006-0162 (Heap-based buffer overflow in libclamav/upx.c in Clam Antivirus ...)
	{DSA-947-1}
	- clamav 0.88-1
CVE-2006-0138 (aMSN (aka Alvaro's Messenger) allows remote attackers to cause a ...)
	NOT-FOR-US: Alvaro's Messenger
CVE-2006-0137 (SQL injection vulnerability in linkcategory.php in Phanatic Softwares ...)
	NOT-FOR-US: Phanatic Softwares Chimera Web Portal System
CVE-2006-0136 (Multiple cross-site scripting (XSS) vulnerabilities in the guestbook ...)
	NOT-FOR-US: Phanatic Softwares Chimera Web Portal System
CVE-2006-0135 (SQL injection vulnerability in login.php in TheWebForum (twf) 1.2.1 ...)
	NOT-FOR-US: TheWebForum
CVE-2006-0134 (Cross-site scripting (XSS) vulnerability in register.php in ...)
	NOT-FOR-US: TheWebForum
CVE-2006-0133 (Multiple directory traversal vulnerabilities in AIX 5.3 ML03 allow ...)
	NOT-FOR-US: AIX
CVE-2006-0132 (Directory traversal vulnerability in webftp.php in SysCP WebFTP 1.2.6 ...)
	NOT-FOR-US: SysCP WebFTP
CVE-2006-0131 (boastMachine 3.1 allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: boastMachine
CVE-2006-0130 (Mail Management Agent (MAILMA) (aka Mail Management Server) in ...)
	NOT-FOR-US: Mail Management Agent
CVE-2006-0129 (Mail Management Agent (MAILMA) (aka Mail Management Server) in ...)
	NOT-FOR-US: Mail Management Agent
CVE-2006-0128 (Buffer overflow in the IMAP service of Rockliffe MailSite before ...)
	NOT-FOR-US: Rockliffe MailSite
CVE-2006-0127 (Directory traversal vulnerability in the IMAP service of Rockliffe ...)
	NOT-FOR-US: Rockliffe MailSite
CVE-2006-0126 (rxvt-unicode before 6.3, on certain platforms that use openpty and ...)
	- rxvt-unicode 6.3-1
	[sarge] - rxvt-unicode <not-affected> (rxvt-unicode author disagrees with CVE, GNU/Linux not affected - see 6.3 entry in http://dist.schmorp.de/rxvt-unicode/Changes)
	[woody] - rxvt-unicode <not-affected> (rxvt-unicode author disagrees with CVE, GNU/Linux not affected - see 6.3 entry in http://dist.schmorp.de/rxvt-unicode/Changes)
CVE-2006-0125 (Unspecified vulnerability in appserv/main.php in AppServ 2.4.5 allows ...)
	NOT-FOR-US: AppServ
CVE-2006-0124 (Cross-site scripting (XSS) vulnerability in crear.php in ADN Forum ...)
	NOT-FOR-US: ADN Forum
CVE-2006-0123 (Multiple SQL injection vulnerabilities in ADN Forum 1.0b allow remote ...)
	NOT-FOR-US: ADN Forum
CVE-2006-0122 (Cross-site scripting (XSS) vulnerability in Public/Index.asp in ...)
	NOT-FOR-US: Aquifer CMS
CVE-2006-0121 (Multiple memory leaks in IBM Lotus Notes and Domino Server before ...)
	NOT-FOR-US: Notes/Domino
CVE-2006-0120 (Multiple unspecified vulnerabilities in IBM Lotus Notes and Domino ...)
	NOT-FOR-US: Notes/Domino
CVE-2006-0119 (Multiple unspecified vulnerabilities in IBM Lotus Notes and Domino ...)
	NOT-FOR-US: Notes/Domino
CVE-2006-0118 (Unspecified vulnerability in IBM Lotus Notes and Domino Server before ...)
	NOT-FOR-US: Notes/Domino
CVE-2006-0117 (Buffer overflow in IBM Lotus Notes and Domino Server before 6.5.5 ...)
	NOT-FOR-US: Notes/Domino
CVE-2006-0116 (Cross-site scripting vulnerability search.inetstore in iNETstore ...)
	NOT-FOR-US: iNETstore Ebusiness Software
CVE-2006-0115 (Multiple SQL injection vulnerabilities in OnePlug Solutions OnePlug ...)
	NOT-FOR-US: OnePlug Solutions OnePlug CMS
CVE-2006-0114 (The vCard functions in Joomla! 1.0.5 use predictable sequential IDs ...)
	NOT-FOR-US: Joomla!
CVE-2006-0113 (Enhanced Simple PHP Gallery 1.7 allows remote attackers to obtain the ...)
	NOT-FOR-US: Enhanced Simple PHP Gallery
CVE-2006-0112 (Cross-site scripting (XSS) vulnerability in index.php in Enhanced ...)
	NOT-FOR-US: Enhanced Simple PHP Gallery
CVE-2006-0111 (Cross-site scripting vulnerability in index.php in Boxcar Media ...)
	NOT-FOR-US: Boxcar Media Shopping Cart
CVE-2006-0110 (Cross-site scripting (XSS) vulnerability in escribir.php in Foro Domus ...)
	NOT-FOR-US: Foro Domus
CVE-2006-0109 (Cross-site scripting vulnerability in category.php in Modular Merchant ...)
	NOT-FOR-US: Modular Merchant Shopping Cart
CVE-2006-0108 (SQL injection vulnerability in mcl_login.asp in Timecan CMS allows ...)
	NOT-FOR-US: Timecan CMS
CVE-2006-0107 (SQL injection vulnerability in Timecan CMS allows remote attackers to ...)
	NOT-FOR-US: Timecan CMS
CVE-2006-0105 (PostgreSQL 8.0.x before 8.0.6 and 8.1.x before 8.1.2, when running on ...)
	NOT-FOR-US: PostgreSQL on Windows
CVE-2006-0104 (Directory traversal vulnerability in TinyPHPForum 3.6 and earlier ...)
	NOT-FOR-US: TinyPHPForum
CVE-2006-0103 (TinyPHPForum 3.6 and earlier stores the (1) users/[USERNAME].hash and ...)
	NOT-FOR-US: TinyPHPForum
CVE-2006-0102 (Cross-site scripting (XSS) vulnerability in TinyPHPForum (TPF) 3.6 and ...)
	NOT-FOR-US: TinyPHPForum
CVE-2006-0101 (Multiple cross-site scripting (XSS) vulnerabilities in sBLOG 0.7.1 ...)
	NOT-FOR-US: sBLOG
CVE-2006-0100 (Buffer overflow in NicoFTP 3.0.1.19 and earlier might allow local ...)
	NOT-FOR-US: NicoFTP
CVE-2006-0099 (PHP remote file include vulnerability in (1) ...)
	NOT-FOR-US: Valdersoft Shopping Cart
CVE-2006-0098 (The dupfdopen function in sys/kern/kern_descrip.c in OpenBSD 3.7 and ...)
	NOT-FOR-US: OpenBSD
CVE-2006-0097 (Stack-based buffer overflow in the create_named_pipe function in ...)
	- php4 <not-affected> (Windows specific)
	- php5 <not-affected> (Windows specific)
CVE-2006-0096 (wan/sdla.c in Linux kernel 2.6.x before 2.6.11 and 2.4.x before 2.4.29 ...)
	{DSA-1017-1}
	- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.11)
	- kernel-source-2.4.27 2.4.27-8
CVE-2006-0095 (dm-crypt in Linux kernel 2.6.15 and earlier does not clear a structure ...)
	{DSA-1017-1}
	- linux-2.6 2.6.16-1
	- kernel-source-2.4.27 <not-affected> (2.4 doesn't have dm-crypt)
CVE-2006-0094 (PHP remote file include vulnerability in forum.php in oaBoard 1.0 ...)
	NOT-FOR-US: oaBoard
CVE-2006-0093 (Cross-site scripting (XSS) vulnerability in index.php in @Card ME PHP ...)
	NOT-FOR-US: @Card ME PHP
CVE-2006-0092
	REJECTED
	NOT-FOR-US: SiteSuite CMS
CVE-2006-0091 (Cross-site scripting (XSS) vulnerability in webmail in Open-Xchange ...)
	NOT-FOR-US: Open-Xchange
CVE-2006-0090 (Directory traversal vulnerability in index.php in IDV Directory Viewer ...)
	NOT-FOR-US: IDV Directory Viewer
CVE-2006-0089 (Buffer overflow in ESRI ArcPad 7.0.0.156 allows remote attackers to ...)
	NOT-FOR-US: ESRI ArcPad
CVE-2006-0088 (SQL injection vulnerability in intouch.lib.php in inTouch 0.5.1 Alpha ...)
	NOT-FOR-US: inTouch
CVE-2006-0087 (SQL injection vulnerability in (1) pages.php and (2) detail.php in ...)
	NOT-FOR-US: Lizard Cart
CVE-2006-0086 (Cross-site scripting vulnerability in index.php in Next Generation ...)
	NOT-FOR-US: Next Generation Image Gallery
CVE-2006-0085 (SQL injection vulnerability in Nkads 1.0 alfa 3 allows remote ...)
	NOT-FOR-US: Nkads
CVE-2006-0084 (Cross-site scripting vulnerability in index.php in raSMP 2.0.0 and ...)
	NOT-FOR-US: raSMP
CVE-2005-4635 (The nl_fib_input function in fib_frontend.c in the Linux kernel before ...)
	NOTE: Unclear, whether this is really exploitable, re-pinged Dann and Horms
CVE-2005-4634 (SQL injection vulnerability in index.php in ActiveCampaign SupportTrio ...)
	NOT-FOR-US: ActiveCampaign SupportTrio
CVE-2005-4633
	REJECTED
	NOT-FOR-US: phpoutsourcing Zorum Forum
CVE-2005-4632 (SQL injection vulnerability in poll_frame.php in Vote! Pro 4.0 and ...)
	NOT-FOR-US: Vote!Pro
CVE-2005-4631 (SQL injection vulnerability in index.php in Zina 0.12.07 and earlier ...)
	NOT-FOR-US: Zina
CVE-2005-4630 (SQL injection vulnerability in index.php in ClientExec 2.3 allows ...)
	NOT-FOR-US: ClientExec
CVE-2005-4629 (SQL injection vulnerability in SMBCMS 2.1 allows remote attackers to ...)
	NOT-FOR-US: SMBCMS
CVE-2005-4628 (SQL injection vulnerability in index.php in HelpDeskPoint 2.38 and ...)
	NOT-FOR-US: HelpDeskPoint
CVE-2005-4627 (Cross-site scripting (XSS) vulnerability in index.php in (1) GmailSite ...)
	NOT-FOR-US: GmailSite
CVE-2005-4626 (The default configuration of Recruitment Software installs ...)
	NOT-FOR-US: Recruitment Software
CVE-2005-4625 (Drivers for certain display adapters, including (1) an unspecified ATI ...)
	NOT-FOR-US: Strange Windows drivers
CVE-2005-4624 (The m_join function in channel.c for PTnet ircd 1.5 and 1.6 allows ...)
	NOT-FOR-US: PTnet ircd
CVE-2005-4623 (upload.exe in eFileGo 3.01 allows remote attackers to cause a denial ...)
	NOT-FOR-US: eFileGo
CVE-2005-4622 (Directory traversal vulnerability in eFileGo 3.01 allows remote ...)
	NOT-FOR-US: eFileGo
CVE-2005-4621 (Cross-site scripting (XSS) vulnerability in the editavatar page in ...)
	NOT-FOR-US: vBulletin
CVE-2005-4620 (Buffer overflow in WinRAR 3.50 and earlier allows local users to ...)
	NOT-FOR-US: WinRAR
CVE-2005-4619 (SQL injection vulnerability in index.php in phpoutsourcing Zorum Forum ...)
	NOT-FOR-US: phpoutsourcing Zorum Forum
CVE-2005-4618 (Buffer overflow in sysctl in the Linux Kernel 2.6 before 2.6.15 allows ...)
	{DSA-1018-1 DSA-1017-1}
	- linux-2.6 2.6.15-1
CVE-2006-0083 (Format string vulnerability in the logging code of SMS Server Tools ...)
	{DSA-930-2 DSA-930-1}
	- smstools 1.16-1.1 (bug #347221; medium)
CVE-2006-0106 (gdi/driver.c and gdi/printdrv.c in Wine 20050930, and other versions, ...)
	{DSA-954-1 CVE-2005-4560}
	- wine 0.9.2-1 (bug #346197; medium)
CVE-2006-0082 (Format string vulnerability in the SetImageInfo function in image.c ...)
	{DSA-1213}
	- imagemagick 6:6.2.4.5-0.6 (bug #345876)
CVE-2005-XXXX [World-readable config file with sensitive data in b2evolution]
	- b2evolution 0.9.1b-4 (bug #344000)
CVE-2006-0081 (ialmnt5.sys in the ialmrnt5 display driver in Intel Graphics ...)
	NOT-FOR-US: Intel
CVE-2006-0080 (Cross-site scripting (XSS) vulnerability in vBulletin 3.5.2, and ...)
	NOT-FOR-US: vBulletin
CVE-2006-0079 (SQL injection vulnerability in auth.php in ScozNet ScozBook BETA 1.1 ...)
	NOT-FOR-US: ScozNet
CVE-2006-0078 (Multiple cross-site scripting (XSS) vulnerabilities in B-net Software ...)
	NOT-FOR-US: B-Net Software
CVE-2006-0077 (Off-by-one error in the getfattr function in File::ExtAttr before 0.03 ...)
	NOT-FOR-US: File::ExtAttr
CVE-2006-0076 (PHP remote file include vulnerability in forum.php in oaBoard 1.0 ...)
	NOT-FOR-US: oaBoard
CVE-2006-0075 (Direct static code injection vulnerability in phpBook 1.3.2 and ...)
	NOT-FOR-US: phpBook
CVE-2006-0074 (SQL injection vulnerability in profile.php in PHPenpals allows remote ...)
	NOT-FOR-US: PHPenpals
CVE-2006-0073 (Cross-site scripting (XSS) vulnerability in DiscusWare Discus Freeware ...)
	NOT-FOR-US: DiscusWare Discus
CVE-2006-0072 (Buffer overflow in termsh on SCO OpenServer 5.0.7 allows remote ...)
	NOT-FOR-US: SCO Openserver
CVE-2006-0071 (The ebuild for pinentry before 0.7.2-r2 on Gentoo Linux sets setgid ...)
	- pinentry <not-affected> (Gentoo-specific packaging flaw)
CVE-2006-0070 (** DISPUTED ** ...)
	- drupal <not-affected> (According to upstream advisory is junk, behaviour intentional)
	NOTE: This will probably be REJECTED anyway
CVE-2006-0069 (Cross-site scripting (XSS) vulnerability in addentry.php in Chipmunk ...)
	NOT-FOR-US: Chipmunk Guestbook
CVE-2006-0068 (SQL injection vulnerability in Primo Cart 1.0 and earlier allows ...)
	NOT-FOR-US: Primo Cart
CVE-2006-0067 (SQL injection vulnerability in login.php in VEGO Links Builder 2.00 ...)
	NOT-FOR-US: VEGO Links Builder
CVE-2006-0066 (SQL injection vulnerability in index.php in PHPjournaler 1.0 allows ...)
	NOT-FOR-US: PHPjournaler
CVE-2006-0065 (SQL injection vulnerability in (1) functions.php, (2) ...)
	NOT-FOR-US: VEGO Web Forum
CVE-2006-0064 (PHP remote file include vulnerability in includes/orderSuccess.inc.php ...)
	NOT-FOR-US: CubeCart
CVE-2006-0063 (Cross-site scripting (XSS) vulnerability in phpBB 2.0.19, when ...)
	- phpbb2 2.0.21-1 (unimportant)
	[sarge] - phpbb2 <no-dsa> (Affects only an inherently unsafe option only suitable for trusted users)
	NOTE: According to the maintainer only affects a config option that is strongly
	NOTE: discouraged due to potential security problems
	NOTE: (Upstream fix was in 2.0.20.)
CVE-2005-4617 (SQL injection vulnerability in tickets.php in cSupport 1.0 and earlier ...)
	NOT-FOR-US: cSupport
CVE-2005-4616 (SQL injection vulnerability in index.php in iSupport 1.06 allows ...)
	NOT-FOR-US: iSupport
CVE-2005-4615 (SQL injection vulnerability in news.php in DapperDesk 3.0.1 and ...)
	NOT-FOR-US: DapperDesk
CVE-2005-4614 (Multiple SQL injection vulnerabilities in digiSHOP 3.1.17 and earlier ...)
	NOT-FOR-US: digiSHOP
CVE-2005-4613 (Cross-site scripting (XSS) vulnerability in VUBB alpha rc1 allows ...)
	NOT-FOR-US: VUBB alpha
CVE-2005-4612 (Multiple SQL injection vulnerabilities in VUBB alpha rc1 allow remote ...)
	NOT-FOR-US: VUBB alpha
CVE-2005-4611 (SQL injection vulnerability in search.php in Free ClickBank 1.0 and ...)
	NOT-FOR-US: Free ClickBank
CVE-2005-4610 (Format string vulnerability in the server for Dopewars before 1.5.12, ...)
	- dopewars <not-affected> (According to upstream Windows-specific)
CVE-2005-4609 (index.php in BugPort 1.147 and earlier allows remote attackers to ...)
	NOT-FOR-US: BugPort
CVE-2005-4608 (SQL injection vulnerability in index.php in BugPort 1.147 allows ...)
	NOT-FOR-US: BugPort
CVE-2005-4607 (Cross-site scripting (XSS) vulnerability in index.php in BugPort 1.147 ...)
	NOT-FOR-US: BugPort
CVE-2005-4606 (SQL injection vulnerability in check_user.asp in multiple Web Wiz ...)
	NOT-FOR-US: Web Wiz
CVE-2005-4605 (The procfs code (proc_misc.c) in Linux 2.6.14.3 and other versions ...)
	{DSA-1017-1}
	- linux-2.6 2.6.15-1
	- kernel-source-2.4.27 <not-affected> (2.4's proc_file_lseek contains a sanity check)
CVE-2005-XXXX [xshisen follows symlinks for shared gid games files]
	- xshisen 1.51-1-1.2 (bug #291613)
CVE-2006-0062 [Potential xlockmore bypass]
	RESERVED
	- xlockmore 1:5.13-2.1 (bug #309760)
CVE-2006-0061 [xlock segfaults when using libpam-opensc]
	RESERVED
	- xlockmore 1:5.22-1.2 (bug #318123; bug #399003; low)
	[sarge] - xlockmore <no-dsa> (Minor issue)
CVE-2006-0060
	RESERVED
CVE-2006-0059 (Heap-based buffer overflow in the ISO Transport Service over TCP (RFC ...)
	NOT-FOR-US: LiveData
CVE-2006-0058 (Signal handler race condition in Sendmail 8.13.x before 8.13.6 allows ...)
	{DSA-1015-1}
	- sendmail 8.13.6-1 (bug #358440; high)
CVE-2006-0057 (Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers ...)
	NOT-FOR-US: Windows
CVE-2006-0056 (Double free vulnerability in the authentication and authentication ...)
	- pam-mysql 0.6.2-1 (bug #353589; medium)
	[sarge] - pam-mysql <not-affected> (Vulnerable code not present)
CVE-2006-0055 (The ispell_op function in ee on FreeBSD 4.10 to 6.0 uses predictable ...)
	- ee 1:1.4.2-5 (bug #348322)
CVE-2006-0054 (The ipfw firewall in FreeBSD 6.0-RELEASE allows remote attackers to ...)
	NOT-FOR-US: FreeBSD
CVE-2005-4604 (Buffer overflow in MTink in the printer-filters-utils package allows ...)
	- mtink <not-affected> (mtink not installed SUID root)
CVE-2005-4603 (Cross-site scripting (XSS) vulnerability in printthread.php in MyBB ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2005-4602 (SQL injection vulnerability in inc/function_upload.php in MyBB before ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2005-4600 (Directory traversal vulnerability in tiny_mce_gzip.php in TinyMCE ...)
	- knowledgeroot <not-affected> (fixed before first upload; see bug #381912)
	- moodle <not-affected> (has newer version)
	- wordpress 2.5.1-3
	NOTE: this was possibly fixed before 2.5.1 in wordpress but since 2.5.1-3 wordpress
	NOTE: uses the system copy of tinymce and the exact fixed version is not
	NOTE: really determinably anymore
CVE-2005-4599 (Cross-site scripting (XSS) vulnerability in tiny_mce_gzip.php in ...)
	TODO: check wordpress, moodle
	- knowledgeroot <not-affected> (fixed before first upload; see bug #381912)
CVE-2005-4598 (Cross-site scripting (XSS) vulnerability in home.php in OoApp ...)
	NOT-FOR-US: OoApp Guestbook
CVE-2005-4597 (Cross-site scripting (XSS) vulnerability in index.php in iPei ...)
	NOT-FOR-US: iPei Guestbook
CVE-2005-4596 (Cross-site scripting (XSS) vulnerability in read.php in AdesGuestbook ...)
	NOT-FOR-US: AdesGuestbook
CVE-2005-4595 (Untrusted search path vulnerability (RPATH) in XnView 1.70 and NView ...)
	NOT-FOR-US: NView and XnView, different from nview from nvi
CVE-2005-4594 (Stack-based buffer overflow in TUGZip 3.4.0.0 allows remote attackers ...)
	NOT-FOR-US: TUGZip
CVE-2005-4593 (PHP remote file inclusion vulnerability in phpDocumentor 1.3.0 rc4 and ...)
	NOT-FOR-US: phpDocumentor
CVE-2005-4592 (Heap-based buffer overflow in bogofilter and bogolexer 0.96.2 allows ...)
	- bogofilter 0.96.3
	[sarge] - bogofilter <not-affected> (Only some 0.96 CVS versions were affected)
CVE-2005-4591 (Heap-based buffer overflow in bogofilter 0.96.2, 0.95.2, 0.94.14, ...)
	- bogofilter 0.96.3
	[sarge] - bogofilter <not-affected> (Sarge version doesn't include Unicode)
CVE-2005-4590 (Spb Kiosk Engine 1.0.0.1 allows local users to bypass restrictions on ...)
	NOT-FOR-US: Spb Kiosk Engine
CVE-2005-4589 (Spb Kiosk Engine 1.0.0.1 stores the administrator's passcode in the ...)
	NOT-FOR-US: Spb Kiosk Engine
CVE-2005-4588 (Cross-site scripting (XSS) vulnerability in Koobi 5 allows remote ...)
	NOT-FOR-US: Koobi
CVE-2005-4587 (Juniper NetScreen-Security Manager (NSM) 2004 FP2 and FP3 allow remote ...)
	NOT-FOR-US: Juniper
CVE-2005-4586 (Multiple SQL injection vulnerabilities in PHPSurveyor before 0.991 ...)
	NOT-FOR-US: PHPSurveyor
CVE-2005-XXXX [snort: DoS in verbose mode]
	- snort 2.3.3-2 (bug #328134; low)
	[woody] - snort <no-dsa> (Only exploitable in obscure setups not used in production environments, see #328134)
	[sarge] - snort <no-dsa> (Only exploitable in obscure setups not used in production environments, see #328134)
CVE-2005-4601 (The delegate code in ImageMagick 6.2.4.5-0.3 allows remote attackers ...)
	{DSA-957-2}
	- imagemagick 6:6.2.4.5-0.6 (bug #345238; medium)
	NOTE: Exploitable through Gnus and Thunderbird.
	- graphicsmagick 1.1.7-1
CVE-2006-0053 (Imager (libimager-perl) before 0.50 allows user-assisted attackers to ...)
	{DSA-1028-1}
	- libimager-perl 0.50-1 (bug #359661)
CVE-2006-0052 (The attachment scrubber (Scrubber.py) in Mailman 2.1.5 and earlier, ...)
	{DSA-1027-1}
	- mailman 2.1.6-1 (bug #358892)
CVE-2006-0051 (Buffer overflow in playlistimport.cpp in Kaffeine Player 0.4.2 through ...)
	{DSA-1023-1}
	- kaffeine 0.8-1
CVE-2006-0050 (snmptrapfmt in Debian 3.0 allows local users to overwrite arbitrary ...)
	{DSA-1013-1}
	- snmptrapfmt 1.10
CVE-2006-0049 (gpg in GnuPG before 1.4.2.2 does not properly verify non-detached ...)
	{DSA-993-2}
	- gnupg 1.4.2.2-1 (bug #356125; medium)
	[sarge] - gnupg2 <not-affected> (Vulnerable code not activated)
CVE-2006-0048 (Francesco Stablum tcpick 0.2.1 allows remote attackers to cause a ...)
	- tcpick 0.2.1-3 (bug #360571; low)
	[sarge] - tcpick <no-dsa> (Minor issue)
CVE-2006-0047 (packets.c in Freeciv 2.0 before 2.0.8 allows remote attackers to cause ...)
	{DSA-994-1}
	- freeciv 2.0.8-1 (medium; bug #355211)
CVE-2006-0046 (squid_redirect script in adzapper before 2006-01-29 allows remote ...)
	{DSA-966-1}
	- adzapper 20060115-1
CVE-2006-0045 (crawl before 4.0.0 does not securely call programs when saving and ...)
	{DSA-949-1}
	- crawl 1:4.0.0beta26-7 (medium)
CVE-2006-0044 (Unspecified vulnerability in context.py in Albatross web application ...)
	{DSA-942-1}
	- albatross 1.33-1
CVE-2005-4585 (Unspecified vulnerability in the GTP dissector for Ethereal 0.9.1 to ...)
	- ethereal 0.10.14-1 (bug #345243; low)
	NOTE: This affects Woody and Sarge
CVE-2005-4584 (BZFlag server 2.0.4 and earlier allows remote attackers to cause a ...)
	- bzflag 2.0.6.20060412-1 (bug #345245; low)
	[sarge] - bzflag <no-dsa> (Minor DoS against a game)
CVE-2005-4583 (Unspecified vulnerability in the Management Interface in VMware ESX ...)
	NOT-FOR-US: VMWare
CVE-2005-4582 (Electric Sheep 2.6.3 does not require authentication or integrity ...)
	- electricsheep 2.6.3+cvs20051206-1 (unimportant)
	NOTE: Even an authenticated server might serve unwanted content, so
	NOTE: this can't be considered a real vulnerability.
CVE-2005-4581 (Buffer overflow in Electric Sheep 2.6.3 client allows local users to ...)
	- electricsheep 2.6.3+cvs20051206-1 (unimportant)
	NOTE: This does not seem to be exploitable.
CVE-2005-4580 (Cross-site scripting (XSS) vulnerability in Day Communique 4 allows ...)
	NOT-FOR-US: Day Communique
CVE-2005-4579 (Multiple HTTP response splitting vulnerabilities in Hitachi Business ...)
	NOT-FOR-US: Hitachi Business Logic
CVE-2005-4578 (Multiple SQL injection vulnerabilities in Hitachi Business Logic - ...)
	NOT-FOR-US: Hitachi Business Logic
CVE-2005-4577 (Multiple cross-site scripting (XSS) vulnerabilities in Hitachi ...)
	NOT-FOR-US: Hitachi Business Logic
CVE-2005-4576 (Multiple cross-site scripting (XSS) vulnerabilities in the ...)
	NOT-FOR-US: Fatwire Update Engine
CVE-2005-4575 (PaperThin CommonSpot Content Server 4.5 and earlier allow remote ...)
	NOT-FOR-US: CommonSpot Content Server
CVE-2005-4574 (Cross-site scripting (XSS) vulnerability in loader.cfm in PaperThin ...)
	{DSA-1201-1}
	NOT-FOR-US: CommonSpot Content Server
CVE-2005-4573 (PHP remote file include vulnerability in plog-admin-functions.php in ...)
	NOT-FOR-US: Plogger
CVE-2005-4572 (Multiple SQL injection vulnerabilities in myEZshop Shopping Cart allow ...)
	NOT-FOR-US: myEZshop Shopping Cart
CVE-2005-4571 (Cross-site scripting (XSS) vulnerability in myEZshop Shopping Cart ...)
	NOT-FOR-US: myEZshop Shopping Cart
CVE-2005-4570 (The Internet Key Exchange version 1 (IKEv1) implementations in ...)
	NOT-FOR-US: FortiOS
CVE-2005-4569 (Stack-based buffer overflow in index.fts in FTGate Technology ...)
	NOT-FOR-US: FTGate
CVE-2005-4568 (Multiple format string vulnerabilities in FTGate Technology (formerly ...)
	NOT-FOR-US: FTGate
CVE-2005-4567 (Multiple cross-site scripting (XSS) vulnerabilities in FTGate ...)
	NOT-FOR-US: FTGate
CVE-2005-4566 (Buffer overflow in the Internet Key Exchange version 1 (IKEv1) ...)
	NOT-FOR-US: NetVanta
CVE-2005-4565 (Format string vulnerability in the Internet Key Exchange version 1 ...)
	NOT-FOR-US: NetVanta
CVE-2005-4564 (The Internet Key Exchange version 1 (IKEv1) implementation in ADTRAN ...)
	NOT-FOR-US: NetVanta
CVE-2005-4563 (SQL injection vulnerability in main.php in Enterprise Heart Enterprise ...)
	NOT-FOR-US: Enterprise Heart Enterprise Connector
CVE-2005-4562
	REJECTED
CVE-2005-4561
	REJECTED
CVE-2005-4560 (The Windows Graphical Device Interface library (GDI32.DLL) in ...)
	{CVE-2006-0106}
	NOT-FOR-US: Microsoft
CVE-2005-4559 (mail/include.html in IceWarp Web Mail 5.5.1, as used by Merak Mail ...)
	NOT-FOR-US: IceWarp Web Mail
CVE-2005-4558 (IceWarp Web Mail 5.5.1, as used by Merak Mail Server 8.3.0r and ...)
	NOT-FOR-US: IceWarp Web Mail
CVE-2005-4557 (dir/include.html in IceWarp Web Mail 5.5.1, as used by Merak Mail ...)
	NOT-FOR-US: IceWarp Web Mail
CVE-2005-4556 (PHP remote file include vulnerability in IceWarp Web Mail 5.5.1, as ...)
	NOT-FOR-US: IceWarp Web Mail
CVE-2005-4555 (Cross-site scripting (XSS) vulnerability in add.php in DEV web ...)
	NOT-FOR-US: DEV web management system
CVE-2005-4554 (Multiple SQL injection vulnerabilities in DEV web management system ...)
	NOT-FOR-US: DEV web management system
CVE-2005-4553 (Buffer overflow in Golden FTP Server 1.92 allows remote attackers to ...)
	NOT-FOR-US: Golden FTP Server
CVE-2005-4552 (The (1) slsmgr and (2) slsadmin programs in Sun Solaris PC NetLink 2.0 ...)
	NOT-FOR-US: Sun Solaris PC NetLink
CVE-2005-4551 (Cross-site scripting (XSS) vulnerability in sign.php in codegrrl ...)
	NOT-FOR-US: codegrrl SimpBook
CVE-2005-4550 (The PORTAL schema in Oracle Application Server (OracleAS) Discussion ...)
	NOT-FOR-US: Oracle
CVE-2005-4549 (Cross-site scripting (XSS) vulnerability in Oracle Application Server ...)
	NOT-FOR-US: Oracle
CVE-2005-4548 (SQL injection vulnerability in the &quot;user area&quot; in RWS Statistics ...)
	NOT-FOR-US: RWS Statistics Counter
CVE-2005-4547 (Cross-site scripting (XSS) vulnerability in home/search.php in eggblog ...)
	NOT-FOR-US: eggblog
CVE-2005-4546 (search.php in eggblog 2.0 allows remote attackers to obtain the full ...)
	NOT-FOR-US: eggblog
CVE-2005-4545 (Cross-site scripting (XSS) vulnerability in search.asp in NetDirect ...)
	NOT-FOR-US: NetDirect ShopEngine
CVE-2005-4544
	RESERVED
CVE-2005-4543
	RESERVED
CVE-2005-4542
	RESERVED
CVE-2005-4541
	RESERVED
CVE-2005-4540
	RESERVED
CVE-2005-4539
	RESERVED
CVE-2005-4538
	RESERVED
CVE-2005-4537
	RESERVED
CVE-2005-4536 (Mail::Audit module in libmail-audit-perl 2.1-5, when logging is ...)
	{DSA-960-3}
	- libmail-audit-perl 2.1-5.1 (bug #344029; medium)
CVE-2005-4535
	RESERVED
CVE-2005-4533 (Argument injection vulnerability in scponlyc in scponly 4.1 and ...)
	{DSA-969-1}
	- scponly 4.6-1 (bug #344418)
CVE-2005-4532 (scponlyc in scponly 4.1 and earlier, when the operating system ...)
	{DSA-969-1}
	- scponly 4.6-1 (bug #344418)
CVE-2005-4531
	REJECTED
CVE-2005-4530 (Multiple cross-site scripting (XSS) vulnerabilities in AlstraSoft EPay ...)
	NOT-FOR-US: EPay Enterprise
CVE-2005-4529 (The Chatspot 2.0.0a7 module for phpBB might allow remote attackers to ...)
	NOT-FOR-US: phpBB addon
CVE-2005-4528 (SQL injection vulnerability in the Chatspot 2.0.0a7 module for phpBB ...)
	NOT-FOR-US: phpBB addon
CVE-2005-4527 (Multiple SQL injection vulnerabilities in Direct News 4.9 allow remote ...)
	NOT-FOR-US: Direct News
CVE-2005-4526 (Clearswift MIMEsweeper For Web (a.k.a. WEBsweeper) 4.0 through 5.1 ...)
	NOT-FOR-US: MIMEsweeper For Web
CVE-2005-4525 (SmcGui.exe in Sygate Protection Agent 5.0 build 6144 allows local ...)
	NOT-FOR-US: Sygate
CVE-2005-4524 (Mantis 1.0.0rc3 does not properly handle &quot;Make note private&quot; when a ...)
	{DSA-944-1}
	- mantis 0.19.4-1 (bug #345288)
CVE-2005-4523 (Mantis 1.0.0rc3 and earlier discloses private bugs via public RSS ...)
	{DSA-944-1}
	- mantis 0.19.4-1 (bug #345288)
CVE-2005-4522 (Multiple cross-site scripting (XSS) vulnerabilities in the ...)
	{DSA-944-1}
	- mantis 0.19.4-1 (bug #345288)
CVE-2005-4521 (CRLF injection vulnerability in Mantis 1.0.0rc3 and earlier allows ...)
	{DSA-944-1}
	- mantis 0.19.4-1 (bug #345288)
CVE-2005-4520 (Unspecified &quot;port injection&quot; vulnerabilities in filters in Mantis ...)
	{DSA-944-1}
	- mantis 0.19.4-1 (bug #345288)
CVE-2005-4519 (Multiple SQL injection vulnerabilities in the manage user page ...)
	{DSA-944-1}
	- mantis 0.19.4-1 (bug #345288)
CVE-2005-4518 (Mantis before 0.19.4 allows remote attackers to bypass the file upload ...)
	{DSA-944-1}
	- mantis 0.19.4-1 (bug #345288)
CVE-2005-4517 (SQL injection vulnerability in PHP-Fusion 6.00.200 through 6.00.300 ...)
	NOT-FOR-US: PHP-Fusion
CVE-2005-4516 (Multiple cross-site scripting (XSS) vulnerabilities in PHP-Fusion ...)
	NOT-FOR-US: PHP-Fusion
CVE-2005-4515 (** DISPUTED ** ...)
	NOT-FOR-US: WebDB
CVE-2005-4514 (** DISPUTED ** ...)
	NOT-FOR-US: Webwasher
CVE-2005-4513 (Cross-site scripting (XSS) vulnerability in WANDSOFT e-SEARCH allows ...)
	NOT-FOR-US: WANDSOFT e-SEARCH
CVE-2005-4512 (Cross-site scripting (XSS) vulnerability in WAXTRAPP 3.0.1 and earlier ...)
	NOT-FOR-US: WAXTRAPP
CVE-2005-4511 (Format string vulnerability in TN3270 Resource Gateway 1.1.0 allows ...)
	NOT-FOR-US: TN3270 Resource Gateway
CVE-2005-4510 (Directory traversal vulnerability in server.np in NetPublish Server 7 ...)
	NOT-FOR-US: Netpublish Server
CVE-2005-4509 (SQL injection vulnerability in index.asp in pTools allows remote ...)
	NOT-FOR-US: pTools
CVE-2005-4508 (Nexus Concepts Dev Hound 2.24 and earlier allows remote attackers to ...)
	NOT-FOR-US: Nexus Concepts Dev Hound
CVE-2005-4507 (Multiple cross-site scripting (XSS) vulnerabilities in Nexus Concepts ...)
	NOT-FOR-US: Nexus Concepts Dev Hound
CVE-2005-4506 (Nexus Concepts Dev Hound 2.24 and earlier stores username and password ...)
	NOT-FOR-US: Nexus Concepts Dev Hound
CVE-2005-4505 (Unquoted Windows search path vulnerability in McAfee VirusScan ...)
	NOT-FOR-US: McAfee
CVE-2005-4504 (The khtml::RenderTableSection::ensureRows function in KHTMLParser in ...)
	- kdelibs <not-affected>
	NOTE: Konqueror from sid doesn't crash, will test an older version later
CVE-2005-4503 (httprint v202, and possibly other versions before v301, allows remote ...)
	NOT-FOR-US: httprint
CVE-2005-4502 (Cross-site scripting (XSS) vulnerability in httprint v202, and ...)
	NOT-FOR-US: httprint
CVE-2005-4501 (MediaWiki before 1.5.4 uses a hard-coded &quot;internal placeholder ...)
	- mediawiki 1.4.13-1 (bug #345280)
CVE-2005-4500 (SQL injection vulnerability in MusicBox 2.3 allows remote attackers to ...)
	NOT-FOR-US: MusicBox
CVE-2005-4499 (The Downloadable RADIUS ACLs feature in Cisco PIX and VPN 3000 ...)
	NOT-FOR-US: Cisco
CVE-2005-4498 (Cross-site scripting (XSS) vulnerability in Text-e 1.6.4 and earlier ...)
	NOT-FOR-US: Text-e
CVE-2005-4497 (Cross-site scripting (XSS) vulnerability in Tangora Portal CMS 4.0 and ...)
	NOT-FOR-US: Tangora Portal
CVE-2005-4496 (Cross-site scripting (XSS) vulnerability in search in SyntaxCMS 1.2.1 ...)
	NOT-FOR-US: Syntax CMS
CVE-2005-4495 (** DISPUTED ** ...)
	NOT-FOR-US: SpireMedia
CVE-2005-4494 (Cross-site scripting (XSS) vulnerability in SPIP 1.8.2 and earlier ...)
	- spip <removed> (medium; bug #352078)
CVE-2005-4493 (Cross-site scripting (XSS) vulnerability in SpearTek 6.0 and earlier ...)
	NOT-FOR-US: SpearTek
CVE-2005-4492 (Cross-site scripting (XSS) vulnerability in Starphire SiteSage 5.0.18 ...)
	NOT-FOR-US: Starphire SiteSage
CVE-2005-4491 (Multiple cross-site scripting (XSS) vulnerabilities in Sitekit CMS 6.6 ...)
	NOT-FOR-US: Sitekit CMS
CVE-2005-4490 (Multiple cross-site scripting (XSS) vulnerabilities in SCOOP! 2.3 and ...)
	NOT-FOR-US: SCOOP!
CVE-2005-4489 (Cross-site scripting (XSS) vulnerability in Scoop 1.1 RC1 and earlier ...)
	NOT-FOR-US: Scoop
CVE-2005-4488 (Multiple cross-site scripting (XSS) vulnerabilities in index.tpl in ...)
	NOT-FOR-US: Redakto WCMS
CVE-2005-4487 (Cross-site scripting (XSS) vulnerability in RAMSite R|1 CMS 1.0 and ...)
	NOT-FOR-US: RAMSite
CVE-2005-4486 (** DISPUTED ** ...)
	NOT-FOR-US: Quantum Art
CVE-2005-4485 (Multiple cross-site scripting (XSS) vulnerabilities in ProjectApp 3.3 ...)
	NOT-FOR-US: ProjectApp
CVE-2005-4484 (Multiple cross-site scripting (XSS) vulnerabilities in IntranetApp 3.3 ...)
	NOT-FOR-US: IntranetApp
CVE-2005-4483 (Cross-site scripting (XSS) vulnerability in login.asp in SiteEnable ...)
	NOT-FOR-US: SiteEnable
CVE-2005-4482 (Cross-site scripting (XSS) vulnerability in login.asp in PortalApp 3.3 ...)
	NOT-FOR-US: PortalApp
CVE-2005-4481 (** DISPUTED ** ...)
	NOT-FOR-US: Polypoly
CVE-2005-4480 (Cross-site scripting (XSS) vulnerability in Plexcor CMS 4.0 and ...)
	NOT-FOR-US: Plexcor CMS
CVE-2005-4479 (SQL injection vulnerability in article.php in phpSlash 0.8.1 and ...)
	NOT-FOR-US: phpSlash
CVE-2005-4478 (Multiple SQL injection vulnerabilities in Papoo 2.1.2 and earlier ...)
	NOT-FOR-US: Papoo
CVE-2005-4477 (Cross-site scripting (XSS) vulnerability in papaya CMS 4.0.4 and ...)
	NOT-FOR-US: papaya CMS
CVE-2005-4476 (Cross-site scripting (XSS) vulnerability in store/search/results.html ...)
	NOT-FOR-US: OpenEdit
CVE-2005-4475 (Cross-site scripting (XSS) vulnerability in OpenCms 6.0.3 and earlier ...)
	NOT-FOR-US: OpenCms
CVE-2005-4534 (The shadow database feature (syncshadowdb) in Bugzilla 2.9 through ...)
	{DSA-1208-1}
	- bugzilla 2.18 (bug #329387; low)
	NOTE: The vulnerable script has been removed in the 2.18 upstream release
CVE-2005-XXXX [Insecure tempfile in libjpeg6b's exifautotran]
	- libjpeg6b 6b-11 (bug #340079; low)
	[woody] - libjpeg6b <not-affected> (Does not include exifautotran)
	[sarge] - libjpeg6b <no-dsa> (Creates tempfile in cwd, only very far-fetched attack vectors applicable)
CVE-2006-0043 (Buffer overflow in the realpath function in nfs-server rpc.mountd, as ...)
	{DSA-975-1}
	- nfs-user-server 2.2beta47-22 (high; bug #350020)
	NOTE: nfs-utils (kernel NFS server) is not affected
	NOTE: (it uses PATH_MAX for the buffer passed to realpath).
CVE-2006-0042 (Unspecified vulnerability in (1) apreq_parse_headers and (2) ...)
	{DSA-1000-2}
	- libapreq2 2.07-1
CVE-2006-0041
	RESERVED
CVE-2006-0040 (GNOME Evolution 2.4.2.1 and earlier allows remote attackers to cause a ...)
	- evolution 2.10.1 (bug #398064; low)
	[etch] - evolution <no-dsa> (Minor issue)
	[sarge] - evolution <not-affected> (Not reproducable on Sarge)
CVE-2006-0039 (Race condition in the do_add_counters function in netfilter for Linux ...)
	{DSA-1103 DSA-1097-1}
	- linux-2.6 2.6.16-14
CVE-2006-0038 (Integer overflow in the do_replace function in netfilter for Linux ...)
	{DSA-1103 DSA-1097-1}
	- linux-2.6 2.6.16-1
CVE-2006-0037 (ip_nat_pptp in the PPTP NAT helper (netfilter/ip_nat_helper_pptp.c) in ...)
	- linux-2.6 2.6.15-3
	[sarge] - kernel-source-2.6.8 <not-affected> (Vulnerable code not present)
	[sarge] - kernel-source-2.4.27 <not-affected> (Vulnerable code not present)
CVE-2006-0036 (ip_nat_pptp in the PPTP NAT helper (netfilter/ip_nat_helper_pptp.c) in ...)
	- linux-2.6 2.6.15-3
	[sarge] - kernel-source-2.6.8 <not-affected> (Vulnerable code not present)
	[sarge] - kernel-source-2.4.27 <not-affected> (Vulnerable code not present)
CVE-2006-0035 (The netlink_rcv_skb function in af_netlink.c in Linux kernel 2.6.14 ...)
	- linux-2.6 2.6.15-3
CVE-2006-0019 (Heap-based buffer overflow in the encodeURI and decodeURI functions in ...)
	{DSA-948-1}
	- kdelibs 4:3.5.1-1 (medium)
CVE-2005-4474 (Buffer overflow in the &quot;Add to archive&quot; command in WinRAR 3.51 allows ...)
	NOT-FOR-US: WinRAR
CVE-2005-4473 (Unspecified vulnerability in Macromedia JRun 4 web server (JWS) allows ...)
	NOT-FOR-US: Macromedia JRun 4 web server
CVE-2005-4472 (Stack-based buffer overflow in the Macromedia JRun 4 web server (JWS) ...)
	NOT-FOR-US: Macromedia JRun 4 web server
CVE-2005-4471 (POP3 service in Avaya Modular Messaging Message Storage Server (MSS) ...)
	NOT-FOR-US: Avaya Modular Messaging Message Storage Server
CVE-2005-4470 (Heap-based buffer overflow in the get_bhead function in readfile.c in ...)
	{DSA-1039-1 DTSA-29-1}
	- blender 2.40-1 (bug #344398; medium)
	[woody] - blender <no-dsa> (Woody has it in non-free and it is binary-only)
CVE-2005-4469 (Multiple direct static code injection vulnerabilities in PHPGedView ...)
	NOT-FOR-US: PHPGedView
CVE-2005-4468 (PHP remote file include vulnerability in help_text_vars.php in ...)
	NOT-FOR-US: PHPGedView
CVE-2005-4467 (Directory traversal vulnerability in help_text_vars.php in PHPGedView ...)
	NOT-FOR-US: PHPGedView
CVE-2005-4466 (Heap-based buffer overflow in the SIPParser function in i3sipmsg.dll ...)
	NOT-FOR-US: SIP Proxy
CVE-2005-4465 (The Internet Key Exchange version 1 (IKEv1) implementation in NEC ...)
	NOT-FOR-US: NEC UNIVERGE IX1000, IX2000, and IX3000
CVE-2005-4464 (Ingate Firewall before 4.3.4 and SIParator before 4.3.4 allows remote ...)
	NOT-FOR-US: Ingate Firewall / SIParator
CVE-2005-4463 (WordPress before 1.5.2 allows remote attackers to obtain sensitive ...)
	- wordpress 1.5.2-1 (unimportant)
	NOTE: Only path disclosure
CVE-2005-4462 (PHP remote file include vulnerability in usermods.php in Tolva PHP ...)
	NOT-FOR-US: Tolva PHP website system
CVE-2005-4461 (SQL injection vulnerability in index.php in Beehive Forum 0.6.2 and ...)
	NOT-FOR-US: Beehive Forum
CVE-2005-4460 (Cross-site scripting (XSS) vulnerability in Beehive Forum 0.6.2 and ...)
	NOT-FOR-US: Beehive Forum
CVE-2005-4459 (Heap-based buffer overflow in the NAT networking components vmnat.exe ...)
	NOT-FOR-US: VMWare
CVE-2005-4458 (Group.pm in Metadot Portal Server 6.4.4 and earlier does not properly ...)
	NOT-FOR-US: Metadot Portal Server
CVE-2005-4457 (MailEnable Enterprise 1.1 before patch ME-10009 allows remote ...)
	NOT-FOR-US: MailEnable
CVE-2005-4456 (Multiple buffer overflows in MailEnable Professional 1.71 and ...)
	NOT-FOR-US: MailEnable
CVE-2005-4455 (cleanhtml.pl 1.129 in LiveJournal CVS before Dec 13 2005 allows remote ...)
	NOT-FOR-US: livejournal
	NOTE: liblivejournal-perl doesn't seem to embed any of the affected code
CVE-2005-4454 (Validate-before-filter vulnerability in cleanhtml.pl 1.129 in ...)
	NOT-FOR-US: livejournal
	NOTE: liblivejournal-perl doesn't seem to embed any of the affected code
CVE-2005-4453 (UserProfile.cs in Ultraapps Issue Manager before 2.1 allows remote ...)
	NOT-FOR-US: Ultraapps Issue Manager
CVE-2005-4452 (Information Call Center stores the CallCenterData.mdb database under ...)
	NOT-FOR-US: Information Call Center
CVE-2005-4451 (Unspecified vulnerability in Software Distributor in HP-UX B.11.11 ...)
	NOT-FOR-US: HP-UX
CVE-2005-4450 (Cross-site request forgery (CSRF) vulnerability in phpMyAdmin 2.7.0 ...)
	NOTE: According to the description possibly a dupe of the non-issue CVE-2005-4349
CVE-2005-4449 (verify.php in FlatNuke 2.5.6 allows remote authenticated ...)
	NOT-FOR-US: FlatNuke
CVE-2005-4448 (FlatNuke 2.5.6 verifies authentication credentials based on an MD5 ...)
	NOT-FOR-US: FlatNuke
CVE-2005-4447 (SQL injection vulnerability in articles\articles_funcs.php in phpCOIN ...)
	NOT-FOR-US: phpCOIN
CVE-2005-4446 (Cross-site scripting (XSS) vulnerability in index.asp in ASPBite 8.x ...)
	NOT-FOR-US: ASPBite
CVE-2005-4445 (Off-by-one error in Pegasus Mail 4.21a through 4.21c and 4.30PB1 allows ...)
	NOT-FOR-US: Pegasus Mail
CVE-2005-4444 (Stack-based buffer overflow in the trace message functionality in ...)
	NOT-FOR-US: Pegasus Mail
CVE-2005-4443 (Untrusted search path vulnerability in Gauche before 0.8.6-r1 on ...)
	- gauche <not-affected> (Gentoo-specific packaging flaw)
CVE-2005-4442 (Untrusted search path vulnerability in OpenLDAP before 2.2.28-r3 on ...)
	- openldap2 <not-affected> (Gentoo-specific packaging flaw)
	- openldap2.2 <not-affected> (Gentoo-specific packaging flaw)
CVE-2005-4441 (The PVLAN protocol allows remote attackers to bypass network ...)
	NOT-FOR-US: VLAN protocol flaws, likely fixed in current kernels
CVE-2005-4440 (The 802.1q VLAN protocol allows remote attackers to bypass network ...)
	NOT-FOR-US: VLAN protocol flaws, likely fixed in current kernels
CVE-2005-4439 (Buffer overflow in ELOG elogd 2.6.0-beta4 allows remote attackers to ...)
	{DSA-967-1}
	- elog 2.6.1+r1642-1 (bug #349528; high)
CVE-2005-4438 (Heap-based buffer overflow in Dec2Rar.dll 3.2.14.3, as distributed in ...)
	NOT-FOR-US: Dec2Rar
CVE-2005-4437 (MD5 Neighbor Authentication in Extended Interior Gateway Routing ...)
	NOT-FOR-US: IOS
CVE-2005-4436 (Extended Interior Gateway Routing Protocol (EIGRP) 1.2, as implemented ...)
	NOT-FOR-US: IOS
CVE-2005-4435 (Cross-site scripting (XSS) vulnerability in index.php AbleDesign D-Man ...)
	NOT-FOR-US: AbleDesign D-Man
CVE-2005-4434 (Cross-site scripting (XSS) vulnerability in AbleDesign ReSearch 2.x ...)
	NOT-FOR-US: AbleDesign ReSearch
CVE-2005-4433 (Cross-site scripting (XSS) vulnerability in search.php in Esselbach ...)
	NOT-FOR-US: Esselbach Storyteller CMS
CVE-2005-4432 (Cross-site scripting (XSS) vulnerability in index.php in PlaySMS 0.8 ...)
	NOT-FOR-US: PlaySMS
CVE-2005-4431 (SQL injection vulnerability in WowBB 1.65 allows remote attackers to ...)
	NOT-FOR-US: WowBB
CVE-2005-4430 (SQL injection vulnerability in LogicBill 1.0 and earlier allows remote ...)
	NOT-FOR-US: LogicBill
CVE-2005-4429 (SQL injection vulnerability in CS-Cart 1.3.0 allows remote attackers ...)
	NOT-FOR-US: CS-Cart
CVE-2005-4428 (Cross-site scripting (XSS) vulnerability in index.php in Cerberus ...)
	NOT-FOR-US: Cerberus Helpdesk
CVE-2005-4427 (Multiple SQL injection vulnerabilities in Cerberus Helpdesk allow ...)
	NOT-FOR-US: Cerberus Helpdesk
CVE-2005-4426 (Interpretation conflict in YaBB before 2.1 allows remote authenticated ...)
	NOT-FOR-US: YaBB
CVE-2005-4425 (Unspecified vulnerability in Kerio WinRoute Firewall before 6.1.3 ...)
	NOT-FOR-US: Kerio Firewall
CVE-2005-4424 (Directory traversal vulnerability in PHPKIT 1.6.1 R2 and earlier might ...)
	NOT-FOR-US: PHPKIT
CVE-2005-4423 (Unrestricted file upload vulnerability in PHPFM before 0.2.3 allows ...)
	NOT-FOR-US: PHPFM
CVE-2005-4422 (Unrestricted file upload vulnerability in toendaCMS before 0.6.2 ...)
	NOT-FOR-US: toendaCMS
CVE-2005-4421 (Dev-Editor 3.0 allows remote attackers to access any directory outside ...)
	NOT-FOR-US: Dev-Editor
CVE-2005-4420 (Cross-site scripting (XSS) vulnerability in Honeycomb Archive ...)
	NOT-FOR-US: Honeycomb Archive Enterprise
CVE-2005-4419 (Multiple SQL injection vulnerabilities in CategoryResults.cfm in ...)
	NOT-FOR-US: Honeycomb Archive Enterprise
CVE-2005-4417 (The default configuration of Widcomm Bluetooth for Windows (BTW) ...)
	NOT-FOR-US: Widcomm Bluetooth for Windows
CVE-2005-4416 (SQL injection vulnerability in index.php in TML CMS 0.5 allows remote ...)
	NOT-FOR-US: TML CMS
CVE-2005-4415 (Cross-site scripting (XSS) vulnerability in index.php in TML CMS 0.5 ...)
	NOT-FOR-US: TML CMS
CVE-2005-4414 (Unspecified vulnerability in Teamwork 3 before alpha 1.7 has unknown ...)
	NOT-FOR-US: Teamwork 3
CVE-2005-4413 (Multiple cross-site scripting (XSS) vulnerabilities in sample scripts ...)
	NOT-FOR-US: Websphere
CVE-2005-4412 (Citrix Program Neighborhood client before 9.150 caches the user ...)
	NOT-FOR-US: Citrix
CVE-2005-4411 (Buffer overflow in Mercury Mail Transport System 4.01b allows remote ...)
	NOT-FOR-US: Mercury Mail Transport System
CVE-2005-4410 (Cross-site scripting (XSS) vulnerability in NQcontent 3 allows remote ...)
	NOT-FOR-US: NQcontent
CVE-2005-4409 (Cross-site scripting (XSS) vulnerability in MMBase 1.7.4 and earlier ...)
	NOT-FOR-US: MMBase
CVE-2005-4408 (Multiple SQL injection vulnerabilities in Miraserver 1.0 RC4 and ...)
	NOT-FOR-US: Miraserver
CVE-2005-4407 (Cross-site scripting (XSS) vulnerability in index.cfm in Mercury CMS ...)
	NOT-FOR-US: Mercury CMS
CVE-2005-4406 (SQL injection vulnerability in index.cfm in Mercury CMS 4.0 and ...)
	NOT-FOR-US: Mercury CMS
CVE-2005-4405 (redqueen.cgi in Red Queen 1.02 and earlier allows remote attackers to ...)
	NOT-FOR-US: Red Queen
CVE-2005-4404 (SQL injection vulnerability in default.asp in Media2 CMS Shop 18.x ...)
	NOT-FOR-US: Media2 CMS
CVE-2005-4403 (SQL injection vulnerability in index.php in Marwel 2.7 and earlier ...)
	NOT-FOR-US: Marwel
CVE-2005-4402 (Buffer overflow in MailEnable Professional 1.71 and earlier, and ...)
	NOT-FOR-US: MailEnable Professional
CVE-2005-4401 (Cross-site scripting (XSS) vulnerability in Lutece 1.2.3 and earlier ...)
	NOT-FOR-US: Lutece
CVE-2005-4400 (Cross-site scripting (XSS) vulnerability in downloads/portal_ent in ...)
	NOT-FOR-US: Liferay Portal Professional
CVE-2005-4399 (Cross-site scripting (XSS) vulnerability in search/index.php in ...)
	NOT-FOR-US: Libertas Enterprise CMS
CVE-2005-4398 (** DISPUTED ** ...)
	NOT-FOR-US: lemoon
CVE-2005-4397 (SQL injection vulnerability in RunScript.asp iCMS allows remote ...)
	NOT-FOR-US: iCMS
CVE-2005-4396 (Cross-site scripting (XSS) vulnerability in admin/Default.asp in iCMS ...)
	NOT-FOR-US: iCMS
CVE-2005-4395 (Cross-site scripting (XSS) vulnerability in FarCry 3.0 and earlier ...)
	NOT-FOR-US: FarCry
CVE-2005-4394 (Cross-site scripting (XSS) vulnerability in EPiX 3.1.2 and earlier ...)
	NOT-FOR-US: EPiX
CVE-2005-4393 (Cross-site scripting (XSS) vulnerability in show.cfm in e-publish CMS ...)
	NOT-FOR-US: e-publish CMS
CVE-2005-4392 (SQL injection vulnerability in printer_friendly.cfm in e-publish CMS ...)
	NOT-FOR-US: e-publish CMS
CVE-2005-4391 (Cross-site scripting (XSS) vulnerability in damoon allows remote ...)
	NOT-FOR-US: damoon
CVE-2005-4390 (SQL injection vulnerability in index.php in ContentServ 3.1 and ...)
	NOT-FOR-US: ContentServ
CVE-2005-4389 (search.cfm in CONTENS 3.0 and earlier allows remote attackers to ...)
	NOT-FOR-US: CONTENS
CVE-2005-4388 (Cross-site scripting (XSS) vulnerability in search.cfm in CONTENS 3.0 ...)
	NOT-FOR-US: CONTENS
CVE-2005-4387 (Cross-site scripting (XSS) vulnerability in home.php in contenite 0.11 ...)
	NOT-FOR-US: contenite
CVE-2005-4386 (Cross-site scripting (XSS) vulnerability in Colony CMS 2.75 and ...)
	NOT-FOR-US: Colony CMS
CVE-2005-4385 (Cross-site scripting (XSS) vulnerability in search.htm in Cofax 2.0 ...)
	NOT-FOR-US: Cofax
CVE-2005-4384 (CitySoft Community Enterprise 4.x allows remote attackers to obtain ...)
	NOT-FOR-US: CitySoft Community Enterprise
CVE-2005-4383 (Cross-site scripting (XSS) vulnerability in index.cfm in CitySoft ...)
	NOT-FOR-US: CitySoft Community Enterprise
CVE-2005-4382 (SQL injection vulnerability in CitySoft Community Enterprise 4.x ...)
	NOT-FOR-US: CitySoft Community Enterprise
CVE-2005-4381 (Multiple cross-site scripting (XSS) vulnerabilities in Caravel CMS 3.0 ...)
	NOT-FOR-US: Caravel CMS
CVE-2005-4380 (Multiple SQL injection vulnerabilities in Bitweaver 1.1 and 1.1.1 beta ...)
	NOT-FOR-US: Bitweaver
CVE-2005-4379 (Multiple cross-site scripting (XSS) vulnerabilities in Bitweaver 1.1 ...)
	NOT-FOR-US: Bitweaver
CVE-2005-4378 (SQL injection vulnerability in Page.asp in Baseline CMS 1.95 and ...)
	NOT-FOR-US: Baseline CMS
CVE-2005-4377 (Cross-site scripting (XSS) vulnerability in Page.asp in Baseline CMS ...)
	NOT-FOR-US: Baseline CMS
CVE-2005-4376 (Directory traversal vulnerability in Amaxus 3 and earlier allows ...)
	NOT-FOR-US: Amaxus
CVE-2005-4375 (Cross-site scripting (XSS) vulnerability in Amaxus 3 and earlier ...)
	NOT-FOR-US: Amaxus
CVE-2005-4374 (Multiple cross-site scripting (XSS) vulnerabilities in Allinta 2.3.2 ...)
	NOT-FOR-US: Allinta
CVE-2005-4373 (Adaptive Website Framework (AWF) 2.10 and earlier allows remote ...)
	NOT-FOR-US: Adaptive Website Framework
CVE-2005-4372 (Cross-site scripting (XSS) vulnerability in account.html in Adaptive ...)
	NOT-FOR-US: Adaptive Website Framework
CVE-2005-4371 (Acidcat 2.1.13 and earlier stores the database under the web root with ...)
	NOT-FOR-US: Acidcat
CVE-2005-4370 (SQL injection vulnerability in main_content.asp in Acidcat 2.1.13 and ...)
	NOT-FOR-US: Acidcat
CVE-2005-4369 (Cross-site scripting (XSS) vulnerability in Acuity CMS 2.6.2 allows ...)
	NOT-FOR-US: Acuity CMS
CVE-2005-4368 (roundcube webmail Alpha, with a default high verbose level ...)
	- roundcube <not-affected> (Quotes are stripped now and if the task can't be found there is a default of mail)
CVE-2005-4367 (Cross-site scripting (XSS) vulnerability in register_domain.php in ...)
	NOT-FOR-US: DRZES HMS
CVE-2005-4366 (Multiple SQL injection vulnerabilities in DRZES HMS 3.2 allow remote ...)
	NOT-FOR-US: DRZES HMS
CVE-2005-4365 (Multiple cross-site scripting (XSS) vulnerabilities in FLIP 0.9.0.1029 ...)
	NOT-FOR-US: FLIP
CVE-2005-4364 (Cross-site scripting (XSS) vulnerability in index.cfm in Hot Banana ...)
	NOT-FOR-US: Hot Banana Web Content Management Suite
CVE-2005-4363 (Cross-site scripting (XSS) vulnerability in the search engine in ...)
	NOT-FOR-US: Komodo CMS
CVE-2005-4362 (SQL injection vulnerability in page.php in Komodo CMS 2.1 allows ...)
	NOT-FOR-US: Komodo CMS
CVE-2005-4361 (Cross-site scripting (XSS) vulnerability in search.html in Magnolia ...)
	NOT-FOR-US: Magnolia Content Management Suite
CVE-2005-4360 (The URL parser in Microsoft Internet Information Services (IIS) 5.1 on ...)
	NOT-FOR-US: IIS
CVE-2005-4359 (SQL injection vulnerability in includes/core.inc.php in ODFaq 2.1.0 ...)
	NOT-FOR-US: ODFaq
CVE-2005-4358 (admin/admin_disallow.php in phpBB 2.0.18 allows remote attackers to ...)
	- phpbb2 <unfixed> (unimportant)
CVE-2005-4357 (Cross-site scripting (XSS) vulnerability in phpBB 2.0.18, when ...)
	- phpbb2 2.0.21-1 (bug #344674; low)
	[sarge] - phpbb2 <no-dsa> (Affects only an inherently unsafe option only suitable for trusted users)
	NOTE: According to the maintainer only affects a config option that is strongly
	NOTE: discouraged due to potential security problems
CVE-2005-4356 (SQL injection vulnerability in UStore allows remote attackers to ...)
	NOT-FOR-US: UStore
CVE-2005-4355 (Multiple cross-site scripting (XSS) vulnerabilities in UStore allow ...)
	NOT-FOR-US: UStore
CVE-2005-4354 (Cross-site scripting (XSS) vulnerability in webglimpse.cgi in ...)
	NOT-FOR-US: Webglimpse
CVE-2005-4353 (SQL injection vulnerability in index.php in toendaCMS 0.6.2.1, when ...)
	NOT-FOR-US: toendaCMS
CVE-2005-4352 (The securelevels implementation in NetBSD 2.1 and earlier, and Linux ...)
	- linux-2.6 2.6.18-3
CVE-2005-4351 (The securelevels implementation in FreeBSD 7.0 and earlier, OpenBSD up ...)
	- linux-2.6 2.6.18-3
CVE-2005-4350 (Unspecified vulnerability in WBEM Services A.01.x before A.01.05.12 ...)
	NOT-FOR-US: WBEM Services
CVE-2005-4349 (** DISPUTED ** ...)
	- phpmyadmin <unfixed> (unimportant)
	NOTE: Only for authenticated used, will possibly be rejected
CVE-2002-2208 (Extended Interior Gateway Routing Protocol (EIGRP), as implemented in ...)
	NOT-FOR-US: IOS
CVE-2005-4348 (fetchmail before 6.3.1 and before 6.2.5.5, when configured for ...)
	{DSA-939-1}
	- fetchmail 6.3.1-1 (bug #343836; bug #345944; low)
CVE-2005-4418 (util-vserver before 0.30.208-1 with kernel-patch-vserver before ...)
	{DSA-1011-1}
	- util-vserver 0.30.208-1
CVE-2005-4347 (The Linux 2.4 kernel patch in kernel-patch-vserver before 1.9.5.5 and ...)
	{DSA-1011-1}
	- util-vserver 0.30.208-1 (bug #329090; medium)
	- kernel-patch-vserver 2.3 (bug #329087; medium)
	NOTE: both util-vserver and the kernel-patch-vserver need to be upgraded to fix this vulnerability
CVE-2005-4346 (Invalid SQL syntax error in blog.php in phpBB Blog 2.2.2 and earlier ...)
	NOT-FOR-US: phpBB Blog
CVE-2005-4345 (Adobe (formerly Macromedia) ColdFusion MX 7.0 exposes the password ...)
	NOT-FOR-US: ColdFusion MX
CVE-2005-4344 (Adobe (formerly Macromedia) ColdFusion MX 7.0 does not honor when the ...)
	NOT-FOR-US: ColdFusion MX
CVE-2005-4343 (Adobe (formerly Macromedia) ColdFusion MX 6.0, 6.1, 6.1 with JRun, and ...)
	NOT-FOR-US: ColdFusion MX
CVE-2005-4342 (ColdFusion Sandbox on Adobe (formerly Macromedia) ColdFusion MX 6.0, ...)
	NOT-FOR-US: ColdFusion MX
CVE-2005-4341 (Blackboard Learning and Community Portal System in Academic Suite ...)
	NOT-FOR-US: Academic Suite
CVE-2005-4340
	REJECTED
CVE-2005-4339 (Cross-site scripting (XSS) vulnerability in Blackboard Learning and ...)
	NOT-FOR-US: Academic Suite
CVE-2005-4338 (announcement.pl in Blackboard Learning and Community Portal System in ...)
	NOT-FOR-US: Academic Suite
CVE-2005-4337 (The login page in Blackboard Learning and Community Portal System in ...)
	NOT-FOR-US: Academic Suite
CVE-2005-4336 (Cross-site scripting (XSS) vulnerability in ProjectForum 4.7.0 and ...)
	NOT-FOR-US: ProjectForum
CVE-2005-4335 (ProjectForum 4.7.0 and earlier allows remote attackers to cause a ...)
	NOT-FOR-US: ProjectForum
CVE-2005-4334 (SQL injection vulnerability in ZixForum 1.12 allows remote attackers ...)
	NOT-FOR-US: ZixForum
CVE-2005-4333 (Multiple cross-site scripting (XSS) vulnerabilities in Binary Board ...)
	NOT-FOR-US: Binary Board System
CVE-2005-4332 (Cisco Clean Access 3.5.5 and earlier on the Secure Smart Manager ...)
	NOT-FOR-US: Secure Smart Manager
CVE-2005-4331 (SQL injection vulnerability in merchant.ihtml in iHTML Merchant ...)
	NOT-FOR-US: iHTML Merchant
CVE-2005-4330 (SQL injection vulnerability in browse.ihtml in iHTML Merchant Mall ...)
	NOT-FOR-US: iHTML Merchant
CVE-2005-4329 (SQL injection vulnerability in pafiledb.php in PHP Arena paFileDB ...)
	NOT-FOR-US: paFileDB
CVE-2005-4328 (Cross-site scripting (XSS) vulnerability in webglimpse.cgi in ...)
	NOT-FOR-US: WebGlimpse
CVE-2005-4327 (Multiple cross-site scripting (XSS) vulnerabilities in Michael Arndt ...)
	NOT-FOR-US: Michael Arndt WebCal
CVE-2005-4326 (The web interface for American Power Conversion (APC) PowerChute ...)
	NOT-FOR-US: APC hardware issue
CVE-2005-4325 (Multiple unspecified vulnerabilities in Driverse before 0.56b have ...)
	NOT-FOR-US: Driverse
CVE-2005-4324 (Hitachi Groupmax Mail SMTP 06-50 through 06-52-/A and 07-00 through ...)
	NOT-FOR-US: Hitachi Groupmax Mail SMTP
CVE-2005-4323 (Unspecified vulnerability in Hitachi Cosminexus Collaboration Portal ...)
	NOT-FOR-US: Hitachi Cosminexus Collaboration Portal
CVE-2005-4322 (Multiple cross-site scripting (XSS) vulnerabilities in Hitachi ...)
	NOT-FOR-US: Hitachi Cosminexus Collaboration Portal
CVE-2005-4321 (The Internet Key Exchange version 1 (IKEv1) implementation in Apani ...)
	NOT-FOR-US: Apani Networks EpiForce
CVE-2005-4320 (Limbo CMS 1.0.4.2 and earlier allows remote attackers to obtain the ...)
	NOT-FOR-US: Limbo CMS
CVE-2005-4319 (Directory traversal vulnerability in index2.php in Limbo CMS 1.0.4.2 ...)
	NOT-FOR-US: Limbo CMS
CVE-2005-4318 (SQL injection vulnerability in index.php in Limbo CMS 1.0.4.2 and ...)
	NOT-FOR-US: Limbo CMS
CVE-2005-4317 (Limbo CMS 1.0.4.2 and earlier, with register_globals off, does not ...)
	NOT-FOR-US: Limbo CMS
CVE-2005-4316 (HP-UX B.11.00, B.11.04, B.11.11, and B.11.23 allows remote attackers ...)
	NOT-FOR-US: HP-UX
CVE-2005-4315 (SQL injection vulnerability in the search function in Plexum PLEXCART ...)
	NOT-FOR-US: Plexum PLEXCART
CVE-2005-4314 (Cross-site scripting (XSS) vulnerability in ppcal.cgi in PPCal ...)
	NOT-FOR-US: PPCal Shopping Cart
CVE-2005-4313 (SQL injection vulnerability in index.php in AlmondSoft Almond ...)
	NOT-FOR-US: AlmondSoft Almond Personals
CVE-2005-4312 (SQL injection vulnerability in index.php in AlmondSoft Almond ...)
	NOT-FOR-US: AlmondSoft Almond Personals
CVE-2005-4311 (Cross-site scripting (XSS) vulnerability in DCForum 6.25 and earlier, ...)
	NOT-FOR-US: DCForum
CVE-2005-4310 (SSH Tectia Server 5.0.0 (A, F, and T), when allowing host-based ...)
	NOT-FOR-US: SSH Tectia Server
CVE-2005-4309 (SQL injection vulnerability in ezUpload Pro 2.2 and earlier allows ...)
	NOT-FOR-US: ezUpload Pro
CVE-2005-4308 (index.php in ezUpload Pro 2.2 and earlier allows remote attackers to ...)
	NOT-FOR-US: ezUpload Pro
CVE-2005-4307 (Cross-site scripting (XSS) vulnerability in ScareCrow 2.13 and earlier ...)
	NOT-FOR-US: ScareCrow
CVE-2005-4306 (Multiple cross-site scripting (XSS) vulnerabilities in SiteNet BBS 2.0 ...)
	NOT-FOR-US: SiteNet BBS
CVE-2005-4305 (Cross-site scripting (XSS) vulnerability in Edgewall Trac 0.9, 0.9.1, ...)
	- trac 0.9.3-1 (bug #344006)
	[sarge] - trac <unfixed> (medium)
	NOTE: upstream bts at http://trac.edgewall.org/ticket/2473 claims this is
	NOTE: fixed in http://trac.edgewall.org/changeset/2724 but it's a fairly
	NOTE: invasive set of patches to backport.  basically most instances
	NOTE: of input being escape()'d are no longer done so, and instead a
	NOTE: Markup() function replaces them, and special checks are done
	NOTE: on rendered HTML output to prevent XSS code from being displayed.
CVE-2005-4304 (index.php in ezDatabase 2.1.2 and earlier allows remote attackers to ...)
	NOT-FOR-US: ezDatabase
CVE-2005-4303 (SQL injection vulnerability in index.php for ezDatabase 2.1.2 and ...)
	NOT-FOR-US: ezDatabase
CVE-2005-4302 (Directory traversal vulnerability in index.php in ezDatabase 2.1.2 and ...)
	NOT-FOR-US: ezDatabase
CVE-2005-4301 (Cross-site scripting (XSS) vulnerability in phpXplorer 0.9.12 and ...)
	NOT-FOR-US: pgpXplorer
CVE-2005-4300 (Format string vulnerability in the lire_pop function in pop.c in ...)
	NOT-FOR-US: libremail
CVE-2005-4299 (Cross-site scripting (XSS) vulnerability in atl.cgi in Atlant Pro 4.02 ...)
	NOT-FOR-US: Atlant Pro
CVE-2005-4298 (Cross-site scripting (XSS) vulnerability in atl.cgi in AtlantForum ...)
	NOT-FOR-US: AtlantForum
CVE-2005-4297 (Cross-site scripting (XSS) vulnerability in bbBoard 2.56 and earlier ...)
	NOT-FOR-US: bbBoard
CVE-2005-4296 (AppServ Open Project 2.5.3 allows remote attackers to cause a denial ...)
	NOT-FOR-US: AppServ Open Project
CVE-2005-4295 (Cross-site scripting (XSS) vulnerability in Absolute Image Gallery XE ...)
	NOT-FOR-US: Absolute Image Gallery XE
CVE-2005-4294 (Cross-site scripting (XSS) vulnerability in Alkacon OpenCms before ...)
	NOT-FOR-US: Alkacon OpenCms
CVE-2005-4293 (Cross-site scripting (XSS) vulnerability in cp-app.cgi in ClickCartPro ...)
	NOT-FOR-US: ClickCartPro
CVE-2005-4292 (Cross-site scripting (XSS) vulnerability in CommerceSQL 1.0 and ...)
	NOT-FOR-US: CommerceSQL
CVE-2005-4291 (Cross-site scripting (XSS) vulnerability in cart.cgi in ECTOOLS ...)
	NOT-FOR-US: ECTOOLS Onlineshop
CVE-2005-4290 (Cross-site scripting (XSS) vulnerability in index.cgi in ECW-Cart 2.03 ...)
	NOT-FOR-US: ECW-Cart
CVE-2005-4289 (Cross-site scripting (XSS) vulnerability in EDCstore.pl in eDatCat 0.3 ...)
	NOT-FOR-US: eDatCat
CVE-2005-4288 (Cross-site scripting (XSS) vulnerability in index.php in MarmaraWeb ...)
	NOT-FOR-US: MarmaraWeb E-commerce
CVE-2005-4287 (PHP remote file include vulnerability in MarmaraWeb E-commerce allows ...)
	NOT-FOR-US: MarmaraWeb E-commerce
CVE-2005-4286 (Unspecified vulnerability in PhpLogCon before 1.2.2 allows remote ...)
	NOT-FOR-US: PhpLogCon
CVE-2005-4285 (Cross-site scripting (XSS) vulnerability in pdestore.cgi in Dick ...)
	NOT-FOR-US: Dick Copits PDEstore
CVE-2005-4284 (Cross-site scripting (XSS) vulnerability in StaticStore Search Engine ...)
	NOT-FOR-US: StaticStore Search Engine
CVE-2005-4283 (Cross-site scripting (XSS) vulnerability in The CITY Shop 1.3 and ...)
	NOT-FOR-US: The CITY Shop
CVE-2005-4282 (Cross-site scripting (XSS) vulnerability in Zaygo DomainCart 2.0 and ...)
	NOT-FOR-US: Zaygo DomainCart
CVE-2005-4281 (Cross-site scripting (XSS) vulnerability in Zaygo HostingCart 2.0 and ...)
	NOT-FOR-US: Zaygo HostingCart
CVE-2005-4280 (Untrusted search path vulnerability in CMake before 2.2.0-r1 on Gentoo ...)
	- cmake <not-affected> (Gentoo-specific packaging flaw)
CVE-2005-4279 (Untrusted search path vulnerability in Qt-UnixODBC before 3.3.4-r1 on ...)
	- qt-x11-free <not-affected> (Gentoo-specific packaging flaw)
CVE-2005-4278 (Untrusted search path vulnerability in Perl before 5.8.7-r1 on Gentoo ...)
	- perl <not-affected> (Gentoo-specific packaging flaw)
CVE-2005-4277 (Cross-site scripting (XSS) vulnerability in index.php in toendaCMS ...)
	NOT-FOR-US: toendaCMS
CVE-2005-4276 (Westell Versalink 327W allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Westell Versalink
CVE-2005-4275 (Scientific Atlanta DPX2100 Cable Modem allows remote attackers to ...)
	NOT-FOR-US: Scientific Atlanta DPX2100 Cable Modem
CVE-2005-4274 (Unspecified vulnerability in Business Objects WebIntelligence 6.5x ...)
	NOT-FOR-US: Business Objects WebIntelligence
CVE-2005-4273 (Multiple unspecified vulnerabilities in (1) getShell and (2) ...)
	NOT-FOR-US: AIX
CVE-2005-4272 (Multiple buffer overflows in IBM AIX 5.1, 5.2, and 5.3 allow remote ...)
	NOT-FOR-US: AIX
CVE-2005-4271 (Buffer overflow in the malloc debug system in IBM AIX 5.3 allows local ...)
	NOT-FOR-US: AIX
CVE-2005-4270 (Buffer overflow in Watchfire AppScan QA 5.0.609 and 5.0.134 allows ...)
	NOT-FOR-US: Watchfire AppScan
CVE-2005-4269 (mshtml.dll in Microsoft Windows XP, Server 2003, and Internet Explorer ...)
	NOT-FOR-US: Microsoft Windows
CVE-2005-4268 (Buffer overflow in cpio 2.6-8.FC4 on 64-bit platforms, when creating a ...)
	- cpio 2.6-10 (bug #344134; medium)
	[sarge] - cpio <unfixed> (medium)
	[woody] - cpio <unfixed> (medium)
CVE-2005-4267 (Stack-based buffer overflow in Qualcomm WorldMail 3.0 allows remote ...)
	NOT-FOR-US: Qualcomm WorldMail
CVE-2004-2652 (The DecodeTCPOptions function in decode.c in Snort before 2.3.0, when ...)
	- snort 2.3.0-1
CVE-2004-2651 (Multiple cross-site scripting (XSS) vulnerabilities in YaCy before ...)
	NOT-FOR-US: YaCy
CVE-2003-1289 (The iBCS2 system call translator for statfs in NetBSD 1.5 through ...)
	NOT-FOR-US: NetBSD
CVE-2005-XXXX [rageirc IRC daemon always allows login with empty password]
	NOTE: not reproducible
	- rageircd <not-affected> (bug #343543; medium)
CVE-2005-4266 (WorldClient.dll in Alt-N MDaemon and WorldClient 8.1.3 trusts a ...)
	NOT-FOR-US: Alt-N MDaemon and WorldClient
CVE-2005-4265 (Alt-N MDaemon and WorldClient 8.1.3 allows remote attackers to cause a ...)
	NOT-FOR-US: Alt-N MDaemon and WorldClient
CVE-2005-4264 (Multiple SQL injection vulnerabilities in index.php in PHP Support ...)
	NOT-FOR-US: PHP Support Tickets
CVE-2005-4263 (SQL injection vulnerability in the News module in Envolution allows ...)
	NOT-FOR-US: Envolution
CVE-2005-4262 (Cross-site scripting (XSS) vulnerability in the News module in ...)
	NOT-FOR-US: Envolution
CVE-2005-4261 (Unspecified vulnerability in Positive Software Corporation CP+ ...)
	NOT-FOR-US: CP+
CVE-2005-4260 (Interpretation conflict in includes/mainfile.php in PHP-Nuke 7.9 and ...)
	NOT-FOR-US: PHP-Nuke
CVE-2005-4259 (Multiple SQL injection vulnerabilities in ASPBB 0.4 allow remote ...)
	NOT-FOR-US: ASPBB
CVE-2005-4258 (Unspecified Cisco Catalyst Switches allow remote attackers to cause a ...)
	NOT-FOR-US: Cisco
CVE-2005-4257 (Linksys WRT54GS and BEFW11S4 allows remote attackers to cause a denial ...)
	NOT-FOR-US: Linksys hardware
CVE-2005-4256 (Cross-site scripting (XSS) vulnerability in forum.asp in ASP-DEV XM ...)
	NOT-FOR-US: ASP-DEV XM Forum
CVE-2005-4255 (Cross-site scripting (XSS) vulnerability in TextSearch in WikkaWiki ...)
	NOT-FOR-US: WikkaWiki
CVE-2005-4254 (SQL injection vulnerability in view_Results.php in DreamLevels ...)
	NOT-FOR-US: DreamLevels DreamPoll
CVE-2005-4253 (Cross-site scripting (XSS) vulnerability in getdox.php in Torrential ...)
	NOT-FOR-US: Torrential
CVE-2005-4252 (Cross-site scripting (XSS) vulnerability in mcGallery PRO 2.2 and ...)
	NOT-FOR-US: mcGallery PRO
CVE-2005-4251 (Multiple SQL injection vulnerabilities in mcGallery PRO 2.2 and ...)
	NOT-FOR-US: mcGallery PRO
CVE-2005-4250 (Directory traversal vulnerability in mcGallery PRO 2.2 and earlier ...)
	NOT-FOR-US: mcGallery PRO
CVE-2005-4249 (ADP Forum 2.0 through 2.0.3 stores sensitive information in plaintext ...)
	NOT-FOR-US: ADP Forum
CVE-2005-4248 (Multiple cross-site scripting (XSS) vulnerabilities in QuickPayPro 3.1 ...)
	NOT-FOR-US: QuickPayPro
CVE-2005-4247 (Cross-site scripting (XSS) vulnerability in index.php in Plogger Beta ...)
	NOT-FOR-US: Plogger
CVE-2005-4246 (SQL injection vulnerability in Plogger Beta 2 and earlier allows ...)
	NOT-FOR-US: Plogger
CVE-2005-4245 (Cross-site scripting (XSS) vulnerability in search.php in Snipe ...)
	NOT-FOR-US: Snipe Gallery
CVE-2005-4244 (SQL injection vulnerability in Snipe Gallery 3.1.4 and earlier allows ...)
	NOT-FOR-US: Snipe Gallery
CVE-2005-4243 (Multiple SQL injection vulnerabilities in QuickPayPro 3.1 allow remote ...)
	NOT-FOR-US: QuickPayPro
CVE-2005-4241 (Cross-site scripting (XSS) vulnerability in the category page in ...)
	NOT-FOR-US: VCD-db
CVE-2005-4240 (SQL injection vulnerability in search.php in VCD-db 0.98 and earlier ...)
	NOT-FOR-US: VCD-db
CVE-2005-4239 (Cross-site scripting (XSS) vulnerability in Search/DisplayResults.php ...)
	NOT-FOR-US: PHP JackKnife
CVE-2005-4238 (Cross-site scripting (XSS) vulnerability in view_filters_page.php in ...)
	{DSA-944-1}
	- mantis 0.19.4-1 (bug #345288)
CVE-2005-4237 (Cross-site scripting (XSS) vulnerability in MySQL Auction 3.0 and ...)
	NOT-FOR-US: MySQL Auction
CVE-2005-4236 (Cross-site scripting (XSS) vulnerability in search.php in CKGOLD ...)
	NOT-FOR-US: CKGOLD
CVE-2005-4235 (Cross-site scripting (XSS) vulnerability in knowledgebase.php in ...)
	NOT-FOR-US: WHMCompleteSolution
CVE-2005-4234 (SQL injection vulnerability in gallery.php in EncapsGallery 1.0.0 and ...)
	NOT-FOR-US: EncapsGallery
CVE-2005-4233 (SQL injection vulnerability in advertiser_statistic.php in Ad Manager ...)
	NOT-FOR-US: Ad Manager Pro
CVE-2005-4232 (** DISPUTED ** ...)
	NOT-FOR-US: Jamit Job Board
CVE-2005-4231 (Cross-site scripting (XSS) vulnerability in Link Up Gold 2.5 and ...)
	NOT-FOR-US: Link Up Gold
CVE-2005-4230 (SQL injection vulnerability in poll.php in Link Up Gold 2.5 and ...)
	NOT-FOR-US: Link Up Gold
CVE-2005-4229 (Cross-site scripting (XSS) vulnerability in auction.pl in EveryAuction ...)
	NOT-FOR-US: EveryAuction
CVE-2005-4228 (Multiple SQL injection vulnerabilities in PhpWebGallery 1.5.1 and ...)
	NOT-FOR-US: PhpWebGallery
CVE-2005-4227 (Multiple &quot;potential&quot; SQL injection vulnerabilities in DCP-Portal 6.1.1 ...)
	NOT-FOR-US: DCP-Portal
CVE-2005-4226 (Multiple &quot;potential&quot; SQL injection vulnerabilities in phpWebThings 1.4 ...)
	NOT-FOR-US: pgpWebThings
CVE-2005-4225 (Multiple &quot;potential&quot; SQL injection vulnerabilities in myBloggie 2.1.3 ...)
	NOT-FOR-US: myBloggie
CVE-2005-4224 (Multiple &quot;potential&quot; SQL injection vulnerabilities in e107 0.7 might ...)
	NOT-FOR-US: e107
CVE-2005-4223 (Multiple &quot;potential&quot; SQL injection vulnerabilities in Utopia News Pro ...)
	NOT-FOR-US: Utopia News Pro
CVE-2005-4222 (Multiple cross-site scripting (XSS) vulnerabilities in guestbook.cgi ...)
	NOT-FOR-US: Lars Ellingsen Guestserver
CVE-2005-4221 (SQL injection vulnerability in link.php in Arab Portal System 2 Beta 2 ...)
	NOT-FOR-US: Arab Portal System
CVE-2005-4220 (Netgear RP114, and possibly other versions and devices, allows remote ...)
	NOT-FOR-US: Netgear hardware issue
CVE-2005-4219 (setting.php in Innovative CMS (ICMS, formerly Imoel-CMS) contains ...)
	NOT-FOR-US: Innovative CMS
CVE-2005-4218 (SQL injection vulnerability in forum.php in PHPWebThings 1.4 allows ...)
	NOT-FOR-US: PHPWebThings
CVE-2005-4217 (Perl in Apple Mac OS X Server 10.3.9 does not properly drop privileges ...)
	- perl <not-affected> (MacOS specific vulnerability)
CVE-2005-4216 (The Administration Service (FMSAdmin.exe) in Macromedia Flash Media ...)
	NOT-FOR-US: Macromedia Flash Media Server
CVE-2005-4215 (Motorola SB5100E Cable Modem allows remote attackers to cause a denial ...)
	NOT-FOR-US: Motorola hardware
CVE-2005-4214 (phpCOIN 1.2.2 allows remote attackers to obtain the installation path ...)
	NOT-FOR-US: phpCOIN
CVE-2005-4213 (SQL injection vulnerability in mod.php in phpCOIN 1.2.2 allows remote ...)
	NOT-FOR-US: phpCOIN
CVE-2005-4212 (Directory traversal vulnerability in coin_includes/db.php in phpCOIN ...)
	NOT-FOR-US: phpCOIN
CVE-2005-4211 (PHP remote file inclusion vulnerability in coin_includes/db.php in ...)
	NOT-FOR-US: phpCOIN
CVE-2005-4210 (Opera before 8.51, when running on Windows with Input Method Editor ...)
	NOT-FOR-US: Opera
CVE-2005-4209 (WorldClient webmail in Alt-N MDaemon 8.1.3 allows remote attackers to ...)
	NOT-FOR-US: Alt-N MDaemon
CVE-2005-4208 (Directory traversal vulnerability in Flatnuke 2.5.6 allows remote ...)
	NOT-FOR-US: Flatnuke
CVE-2005-4207 (SQL injection vulnerability in BTGrup Admin WebController Script ...)
	NOT-FOR-US: BTGrup Admin WebController Script
CVE-2005-4206 (Blackboard Learning and Community Portal System in Academic Suite ...)
	NOT-FOR-US: Blackboard Learning and Community Port Systems
CVE-2005-4205 (Cross-site scripting (XSS) vulnerability in searchdb.asp in LocazoList ...)
	NOT-FOR-US: LocazoList
CVE-2005-4204 (Cross-site scripting (XSS) vulnerability in LogiSphere 0.9.9j allows ...)
	NOT-FOR-US: LogiSphere
CVE-2005-4203 (LogiSphere 0.9.9j does not restrict the number of messages that can be ...)
	NOT-FOR-US: LogiSphere
CVE-2005-4202 (Multiple directory traversal vulnerabilities in LogiSphere 0.9.9j ...)
	NOT-FOR-US: LogiSphere
CVE-2005-4201 (Directory traversal vulnerability in My Album Online 1.0 allows remote ...)
	NOT-FOR-US: My Album Online
CVE-2005-4200 (Multiple unspecified vulnerabilities in MyBulletinBoard (MyBB) before ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2005-4199 (Multiple SQL injection vulnerabilities in MyBulletinBoard (MyBB) ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2005-4198 (SQL injection vulnerability in index.php in Netref 3.0 allows remote ...)
	NOT-FOR-US: Netref
CVE-2005-4197 (tunnelform.yaws in Nortel SSL VPN 4.2.1.6 allows remote attackers to ...)
	NOT-FOR-US: Nortel SSL VPN
CVE-2005-4196 (Multiple cross-site scripting (XSS) vulnerabilities in Scout Portal ...)
	NOT-FOR-US: Scout Portal Toolkit
CVE-2005-4195 (Multiple SQL injection vulnerabilities in Scout Portal Toolkit (SPT) ...)
	NOT-FOR-US: Scout Portal Toolkit
CVE-2005-4194 (Buffer overflow in MediaServerList.exe in Sights 'n Sounds Streaming ...)
	NOT-FOR-US: Sights 'n Sounds Streaming Media Server
CVE-2005-4193 (Cross-site scripting (XSS) vulnerability in UseBB before 0.7 allows ...)
	NOT-FOR-US: UseBB
CVE-2005-4242 (Multiple cross-site scripting (XSS) vulnerabilities in Horde Turba H3 ...)
	- turba2 2.0.5-1 (bug #342946; medium)
CVE-2005-4192 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
	- mnemo2 2.0.3-1 (bug #342944; medium)
CVE-2005-4191 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
	- nag2 2.0.4-1 (bug #342945; medium)
CVE-2005-4190 (Multiple cross-site scripting (XSS) vulnerabilities in Horde ...)
	{DSA-1033-1}
	- horde3 3.0.9-1 (bug #342942; bug #354512; medium)
CVE-2005-4189 (Multiple cross-site scripting (XSS) vulnerabilities in Horde Kronolith ...)
	{DSA-970-1}
	- kronolith2 2.0.6-1 (bug #342943; medium)
	- kronolith <removed> (bug #349261; medium)
CVE-2005-4188
	RESERVED
CVE-2005-4187
	RESERVED
CVE-2005-4186
	RESERVED
CVE-2005-4185
	RESERVED
CVE-2005-4184
	RESERVED
CVE-2005-4183
	RESERVED
CVE-2005-4182
	RESERVED
CVE-2005-4181
	RESERVED
CVE-2005-4180
	RESERVED
CVE-2005-4179
	RESERVED
CVE-2005-4177 (Cross-site scripting (XSS) vulnerability in book.cfm in Magic Book ...)
	NOT-FOR-US: Magic Book Personal and Professional
CVE-2005-4176 (AWARD Bios Modular 4.50pg does not clear the keyboard buffer after ...)
	NOT-FOR-US: AWARD BIOS
CVE-2005-4175 (Insyde BIOS V190 does not clear the keyboard buffer after reading the ...)
	NOT-FOR-US: Insyde BIOS
CVE-2005-4174 (eFiction 1.0, 1.1, and 2.0, in unspecified environments, might allow ...)
	NOT-FOR-US: eFiction
CVE-2005-4173 (eFiction 1.0, 1.1, and 2.0 allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: eFiction
CVE-2005-4172 (eFiction 1.0, 1.1, and 2.0 allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: eFiction
CVE-2005-4171 (The &quot;Upload new image&quot; command in the &quot;Manage Images&quot; eFiction 1.1, ...)
	NOT-FOR-US: eFiction
CVE-2005-4170 (SQL injection vulnerability in eFiction 1.1 allows remote attackers to ...)
	NOT-FOR-US: eFiction
CVE-2005-4169 (Multiple SQL injection vulnerabilities in eFiction 1.0 allow remote ...)
	NOT-FOR-US: eFiction
CVE-2005-4168 (Multiple SQL injection vulnerabilities in eFiction 1.0, 1.1, and 2.0 ...)
	NOT-FOR-US: eFiction
CVE-2005-4167 (Cross-site scripting (XSS) vulnerability in eFiction 1.0 and 1.1 ...)
	NOT-FOR-US: eFiction
CVE-2005-4166 (Cross-site scripting (XSS) vulnerability in password.asp in DUWare ...)
	NOT-FOR-US: DUportal
CVE-2005-4165 (Multiple SQL injection vulnerabilities in ASP-DEV ASP Resources Forum ...)
	NOT-FOR-US: ASP-DEV ASP Resources Forum
CVE-2005-4178 (Buffer overflow in Dropbear server before 0.47 allows authenticated ...)
	{DSA-923-1}
	- dropbear 0.47-1 (high)
CVE-2005-4164 (SQL injection vulnerability in view.php in PHP-addressbook 1.2 allows ...)
	NOT-FOR-US: PHP-addressbook
CVE-2005-4163 (Directory traversal vulnerability in captcha.php in Captcha PHP 0.9 ...)
	NOT-FOR-US: Captcha
CVE-2005-4162 (Cross-site scripting (XSS) vulnerability in cal_make.pl in ACME ...)
	NOT-FOR-US: ACME PerlCal
CVE-2005-4161 (** DISPUTED ** ...)
	NOT-FOR-US: MilliScripts
CVE-2005-4160 (Directory traversal vulnerability in getdox.php in Torrential 1.2 ...)
	NOT-FOR-US: Torrential
CVE-2005-4159 (** DISPUTED ** ...)
	NOT-FOR-US: Simple Machines Forum
CVE-2005-4158 (Sudo before 1.6.8 p12, when the Perl taint flag is off, does not clear ...)
	{DSA-946-2}
	- sudo 1.6.8p12-1 (bug #342948; medium)
CVE-2005-4157 (Unspecified vulnerability in Kerio WinRoute Firewall before 6.1.3 ...)
	NOT-FOR-US: Kerio Firewall
CVE-2005-4156 (Unspecified vulnerability in Mambo 4.5 (1.0.0) through 4.5 (1.0.9), ...)
	NOT-FOR-US: Mambo
CVE-2005-4155 (registration.PHP in ATutor 1.5.1 pl2 allows remote attackers to ...)
	NOT-FOR-US: ATutor
CVE-2005-4154 (Unspecified vulnerability in PEAR installer 1.4.2 and earlier allows ...)
	- php5 5.1.1-1
	NOTE: PHP 5 in Debian is vulnerable according to the changelog.
CVE-2005-4153 (Mailman 2.1.4 through 2.1.6 allows remote attackers to cause a denial ...)
	{DSA-955-1}
	- mailman 2.1.5-10
CVE-2005-4152 (Soti Pocket Controller-Professional 5.0 allows remote attackers to ...)
	NOT-FOR-US: Soti Pocket Controller-Professional
CVE-2005-4151 (The Wipe Free Space utility in PGP Desktop Home 8.0 and Desktop ...)
	NOT-FOR-US: PGP Desktop Home
CVE-2005-4150 (Cross-site scripting (XSS) vulnerability in the portal login page in ...)
	NOT-FOR-US: CA Clever Path
CVE-2005-4149 (Lyris ListManager 8.8 through 8.9b allows remote attackers to obtain ...)
	NOT-FOR-US: Lyris ListManager
CVE-2005-4148 (Lyris ListManager 8.5, and possibly other versions before 8.8, ...)
	NOT-FOR-US: Lyris ListManager
CVE-2005-4147 (The TCLHTTPd service in Lyris ListManager before 8.9b allows remote ...)
	NOT-FOR-US: Lyris ListManager
CVE-2005-4146 (Lyris ListManager before 8.9b allows remote attackers to obtain ...)
	NOT-FOR-US: Lyris ListManager
CVE-2005-4145 (The MSDE version of Lyris ListManager 5.0 through 8.9b configures the ...)
	NOT-FOR-US: Lyris ListManager
CVE-2005-4144 (Lyris ListManager 5.0 through 8.9a allows remote attackers to add ...)
	NOT-FOR-US: Lyris ListManager
CVE-2005-4143 (SQL injection vulnerability in Lyris ListManager 5.0 through 8.9a ...)
	NOT-FOR-US: Lyris ListManager
CVE-2005-4142 (The web interface for subscribing new users in Lyris ListManager 5.0 ...)
	NOT-FOR-US: Lyris ListManager
CVE-2005-4141 (Multiple SQL injection vulnerabilities in ASPMForum allow remote ...)
	NOT-FOR-US: ASPMForum
CVE-2005-4140 (SQL injection vulnerability in admin/login/index.php in Website Baker ...)
	NOT-FOR-US: Website Baker
CVE-2005-4139 (Multiple SQL injection vulnerabilities in ThWboard before 3 Beta 2.84 ...)
	NOT-FOR-US: ThWboard
CVE-2005-4138 (Multiple cross-site scripting (XSS) vulnerabilities in ThWboard before ...)
	NOT-FOR-US: ThWboard
CVE-2005-4137 (SQL injection vulnerability in viewinvoice.php in DRZES HMS 3.2 allows ...)
	NOT-FOR-US: DRZES HMS
CVE-2005-4136 (Cross-site scripting (XSS) vulnerability in login.php in DRZES HMS 3.2 ...)
	NOT-FOR-US: DRZES HMS
CVE-2005-4135 (Direct static code injection vulnerability in includes/newtopic.php in ...)
	NOT-FOR-US: SimpleBBS
CVE-2005-4134 (Mozilla Firefox 1.5, Netscape 8.0.4 and 7.2, and K-Meleon before ...)
	{DSA-1051-1 DSA-1046-1 DSA-1044-1}
	- firefox 1.5.dfsg+1.5.0.2-2 (unimportant)
	- mozilla 2:1.7.13-0.1 (unimportant)
	[sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8 (unimportant)
	NOTE: Not exploitable beyond a sluggish browser startup, see
	NOTE: http://www.mozilla.org/security/history-title.html
CVE-2005-4133 (Sun Update Connection in Sun Solaris 10, when configured to use a web ...)
	NOT-FOR-US: Solaris
CVE-2005-4132 (Unspecified &quot;security leak&quot; vulnerability in Contenido before 4.6.4, ...)
	NOT-FOR-US: Contenido
CVE-2005-4131 (Unspecified vulnerability in Microsoft Excel 2000, 2002, and 2003, in ...)
	NOT-FOR-US: Excel
CVE-2005-4130 (** UNVERIFIABLE, PRERELEASE ** ...)
	NOT-FOR-US: Pre-Notification for RealMedia vulnerability, which never appeared
CVE-2005-4129
	REJECTED
CVE-2005-4128
	REJECTED
	NOT-FOR-US: Apple Quicktime
CVE-2005-4127
	REJECTED
	NOT-FOR-US: iTunes
CVE-2005-4126 (** UNVERIFIABLE, PRERELEASE ** ...)
	NOT-FOR-US: Pre-Notification for RealMedia vulnerability, which never appeared
CVE-2005-4125
	RESERVED
CVE-2005-4124
	RESERVED
CVE-2005-4123
	RESERVED
CVE-2005-4122
	RESERVED
CVE-2005-4121
	RESERVED
CVE-2005-4120
	RESERVED
CVE-2005-4119
	RESERVED
CVE-2005-4118
	RESERVED
CVE-2005-4117
	RESERVED
CVE-2005-4116
	RESERVED
CVE-2005-4115
	RESERVED
CVE-2005-4114
	RESERVED
CVE-2005-4113
	RESERVED
CVE-2005-4112
	RESERVED
CVE-2005-4111
	RESERVED
CVE-2005-4110
	RESERVED
CVE-2005-4109
	RESERVED
CVE-2005-4108
	RESERVED
CVE-2005-4107
	RESERVED
CVE-2005-4106
	RESERVED
CVE-2005-4105
	RESERVED
CVE-2005-4104
	RESERVED
CVE-2005-4103
	RESERVED
CVE-2005-4102
	RESERVED
CVE-2005-4101
	RESERVED
CVE-2005-4100
	RESERVED
CVE-2005-4099
	RESERVED
CVE-2005-4098
	RESERVED
CVE-2005-4097
	RESERVED
CVE-2005-4096
	RESERVED
CVE-2004-2650 (Spooler in Apache Foundation James 2.2.0 allows local users to cause a ...)
	NOT-FOR-US: Apache James
CVE-2005-4095 (Directory traversal vulnerability in connector.php in the ...)
	NOT-FOR-US: DoceboLMS
CVE-2005-4094 (connector.php in the fckeditor2rc2 addon in DoceboLMS 2.0.4 allows ...)
	NOT-FOR-US: DoceboLMS
CVE-2005-4093 (Check Point VPN-1 SecureClient NG with Application Intelligence R56, ...)
	NOT-FOR-US: Check Point
CVE-2005-4092 (Multiple heap-based buffer overflows in QuickTime.qts in Apple ...)
	NOT-FOR-US: Apple QuickTime
CVE-2005-4091 (Cross-site scripting (XSS) vulnerability in 1search.cgi in 1-Script ...)
	NOT-FOR-US: 1-Script 1-Search
CVE-2005-4090 (Unspecified vulnerability in HP-UX B.11.00 to B.11.23, when IPSEC is ...)
	NOT-FOR-US: HP-UX
CVE-2005-4089 (Microsoft Internet Explorer allows remote attackers to bypass ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2005-4088 (SQL injection vulnerability in index.php in phpForumPro 2.2 allows ...)
	NOT-FOR-US: phpForumPro
CVE-2005-4087 (PHP remote file include vulnerability in acceptDecline.php in Sugar ...)
	NOT-FOR-US: SugarCRM
CVE-2005-4086 (Directory traversal vulnerability in acceptDecline.php in Sugar Suite ...)
	NOT-FOR-US: SugarCRM
CVE-2005-4085 (Buffer overflow in BlueCoat (a) WinProxy before 6.1a and (b) the web ...)
	NOT-FOR-US: BlueCoat WinProxy
CVE-2005-4084 (xs_edit.php in the phpBB eXtreme Styles module 2.2.1 and earlier ...)
	NOT-FOR-US: phpBB eXtreme Styles module
CVE-2005-4083 (Directory traversal vulnerability in xs_edit.php in the eXtreme Styles ...)
	NOT-FOR-US: phpBB eXtreme Styles module
CVE-2005-4082 (The dhcp.client program for QNX 4.25 vmware is setuid, possibly by ...)
	NOT-FOR-US: QNX
CVE-2005-4081 (Multiple SQL injection vulnerabilities in Alisveristr E-commerce allow ...)
	NOT-FOR-US: Alisveristr E-commerce
CVE-2005-4080 (Horde IMP 4.0.4 and earlier does not sanitize strings containing UTF16 ...)
	- imp4 <unfixed> (bug #342654; unimportant)
	NOTE: Internet Explorer bug, most definitely fixed since long, didn't check though
CVE-2005-4079 (The register_globals emulation in phpMyAdmin 2.7.0 rc1 allows remote ...)
	- phpmyadmin <not-affected> (Affects only 2.7.0)
CVE-2005-4078 (Multiple cross-site scripting (XSS) vulnerabilities in Ideal BB.NET ...)
	NOT-FOR-US: Ideal BB.NET
CVE-2005-4076 (Buffer overflow in Appfluent Technology Database IDS 2.0 allows local ...)
	NOT-FOR-US: Appfluent Technology Database IDS 2.0
CVE-2005-4075 (Multiple cross-site scripting (XSS) vulnerabilities in index.cfm in ...)
	NOT-FOR-US: CF_Nuke
CVE-2005-4074 (Directory traversal vulnerability in index.cfm in CF_Nuke 4.6 and ...)
	NOT-FOR-US: CF_Nuke
CVE-2005-4073 (SQL injection vulnerability in view_archive.cfm in CFMagic Magic List ...)
	NOT-FOR-US: Magic List Pro
CVE-2005-4072 (Cross-site scripting (XSS) vulnerability in CFMagic Magic Forum ...)
	NOT-FOR-US: Magic Personal Forum
CVE-2005-4071 (Multiple SQL injection vulnerabilities in CFMagic Magic Forum Personal ...)
	NOT-FOR-US: Magic Personal Forum
CVE-2005-4070
	REJECTED
CVE-2005-4069 (SunnComm MediaMax DRM 5.0.21.0, as used by Sony BMG, assigns insecure ...)
	NOT-FOR-US: Sony root kit
CVE-2005-4068 (Unspecified &quot;absolute path vulnerability&quot; in umountall in IBM AIX 5.1 ...)
	NOT-FOR-US: AIX
CVE-2005-4067
	REJECTED
CVE-2005-4066 (Total Commander 6.53 uses weak encryption to store FTP usernames and ...)
	NOT-FOR-US: Total Commander
CVE-2005-4065 (SQL injection vulnerability in the search module in Edgewall Trac ...)
	{DSA-951-2}
	- trac 0.9.2-1 (bug #342232; medium)
	[sarge] - trac 0.8.1-3sarge4
CVE-2005-4064 (Multiple SQL injection vulnerabilities in A-FAQ 1.0 allow remote ...)
	NOT-FOR-US: A-FAQ
CVE-2005-4063 (Multiple cross-site scripting (XSS) vulnerabilities in NetAuctionHelp ...)
	NOT-FOR-US: NetAuctionHelp
CVE-2005-4062 (Cross-site scripting (XSS) vulnerability in CPSearch.asp in ...)
	NOT-FOR-US: XcClassified
CVE-2005-4061 (Cross-site scripting (XSS) vulnerability in PASearch.asp in ...)
	NOT-FOR-US: XcPhotoAlbum
CVE-2005-4060 (Cross-site scripting (XSS) vulnerability in search.asp in rwAuction ...)
	NOT-FOR-US: rwAuction
CVE-2005-4059 (SQL injection vulnerability in searchdb.asp in LocazoList 1.03c and ...)
	NOT-FOR-US: LocazoList
CVE-2005-4058 (SQL injection vulnerability in saralblog 1 and earlier allows remote ...)
	NOT-FOR-US: saralblog
CVE-2005-4057 (Cross-site scripting (XSS) vulnerability in search.php in PluggedOut ...)
	NOT-FOR-US: PluggedOut Nexus
CVE-2005-4056 (SQL injection vulnerability in search.php in PluggedOut Nexus 0.1 ...)
	NOT-FOR-US: PluggedOut Nexus
CVE-2005-4055 (SQL injection vulnerability in index.php in Cars Portal 1.1 and ...)
	NOT-FOR-US: Cars Portal
CVE-2005-4054 (SQL injection vulnerability in index.php in PluggedOut Blog 1.9.5 and ...)
	NOT-FOR-US: PluggedOut Bot
CVE-2005-4053 (Cross-site scripting (XSS) vulnerability in coWiki 0.3.4 allows remote ...)
	NOT-FOR-US: coWiki
CVE-2005-4052 (e107 0.6174 allows remote attackers to redirect users to other web ...)
	NOT-FOR-US: e107
CVE-2005-4051 (e107 0.6174 allows remote attackers to vote multiple times for a ...)
	NOT-FOR-US: e107
CVE-2005-4050 (Buffer overflow in multiple Multi-Tech Systems MultiVOIP devices with ...)
	NOT-FOR-US: MultiVOIP hardware
CVE-2005-4049 (Multiple SQL injection vulnerabilities in Blog System 1.2 allow remote ...)
	NOT-FOR-US: Blog System
CVE-2005-4048 (Heap-based buffer overflow in the avcodec_default_get_buffer function ...)
	{DSA-1005-1 DSA-1004-1 DSA-992-1}
	- ffmpeg 0.cvs20050918-5.1 (bug #342207; medium)
	- xine-lib 1.0.1-1.5 (bug #342208; medium)
	- mplayer <not-affected> (Fixed before initial upload)
	- gst-ffmpeg 0.8.7-5 (bug #343503; medium)
	- vlc 0.8.4.debian-2 (medium)
	NOTE: kino, smilutils, motion and vlc link statically against libavcodec, need a recompile once ffmpeg is fixed
	NOTE: smilutils, motion, kino link statically against libavcodec, but don't use the vulnerable function
CVE-2005-4047 (Cross-site scripting (XSS) vulnerability in kb.asp in IISWorks ...)
	NOT-FOR-US: IISWorks ASPKnowledgeBase
CVE-2005-4046 (Unspecified vulnerability in Reverse SSL Proxy Plug-in for Sun Java ...)
	NOT-FOR-US: Sun Java System Application Server
CVE-2005-4045 (Unspecified vulnerability in System Communications Services 6 ...)
	NOT-FOR-US: Sun Java System Messaging Server
CVE-2005-4044 (Cross-site scripting (XSS) vulnerability in search.cgi in Amazon ...)
	NOT-FOR-US: Amazon Search Directory
CVE-2005-4043 (SQL injection vulnerability in view.php in Hobosworld HobSR 1.0 and ...)
	NOT-FOR-US: Hobosworld HobSR
CVE-2005-4042 (Cross-site scripting (XSS) vulnerability in Warm Links 1.0.0 and ...)
	NOT-FOR-US: Warm Links
CVE-2005-4041 (Cross-site scripting (XSS) vulnerability in search.cgi in MR CGI Guy ...)
	NOT-FOR-US: MR CGI Guy Hot Links SQL
CVE-2005-4040 (SQL injection vulnerability in FileLister 0.51 and earlier allows ...)
	NOT-FOR-US: FileLister
CVE-2005-4039 (Directory traversal vulnerability in arhiva.php in Web4Future Portal ...)
	NOT-FOR-US: Web4Future Portal Solutions News Portal
CVE-2005-4038 (SQL injection vulnerability in comentarii.php in Web4Future Portal ...)
	NOT-FOR-US: Web4Future Portal Solutions News Portal
CVE-2005-4037 (SQL injection vulnerability in functions.php in Web4Future Affiliate ...)
	NOT-FOR-US: Web4Future Affiliate Manager
CVE-2005-4036 (Cross-site scripting (XSS) vulnerability in index.cgi in Web4Future ...)
	NOT-FOR-US: Web4Future Keyboard Frequency Counter
CVE-2005-4035 (Multiple SQL injection vulnerabilities in Web4Future eCommerce ...)
	NOT-FOR-US: Web4Future eCommerce Enterprise Edition
CVE-2005-4034 (Multiple SQL injection vulnerabilities in Web4Future eDating ...)
	NOT-FOR-US: Web4Future eDating Professional
CVE-2005-4033 (Nodezilla 0.4.13-corno-fulgure does not properly protect the evl_data ...)
	NOT-FOR-US: Nodezilla
CVE-2005-4032 (Cross-site scripting (XSS) vulnerability in search.cgi in Easy Search ...)
	NOT-FOR-US: Easy Search System
CVE-2005-4031 (Eval injection vulnerability in MediaWiki 1.5.x before 1.5.3 allows ...)
	- mediawiki <not-affected> (Only affects the 1.5 branch)
CVE-2005-4030 (SQL injection vulnerability in Quicksilver Forums before 1.5.1 allows ...)
	NOT-FOR-US: Quicksilver Forums
CVE-2005-4029 (WebEOC before 6.0.2 allows remote attackers to obtain valid usernames ...)
	NOT-FOR-US: WebEOC
CVE-2005-4028 (Multiple cross-site scripting (XSS) vulnerabilities in aMember allow ...)
	NOT-FOR-US: aMember
CVE-2005-4027 (SQL injection vulnerability in SimpleBBS 1.1 allows remote attackers ...)
	NOT-FOR-US: SimpleBBS
CVE-2005-4026 (search.php in Geeklog 1.4.x before 1.4.0rc1, and 1.3.x before ...)
	NOT-FOR-US: Geeklog
CVE-2005-4025 (Help Desk Reloaded Free Help Desk does not remove or protect ...)
	NOT-FOR-US: Help Desk Reloaded Free Help Desk
CVE-2005-4024 (Cross-site scripting (XSS) vulnerability in Interspire FastFind 2004 ...)
	NOT-FOR-US: Interspire FastFind
CVE-2005-4023 (Unspecified vulnerability in the zipcart module in Gallery 2.0 before ...)
	- gallery2 2.0.2-1 (medium)
CVE-2005-4022 (Cross-site scripting (XSS) vulnerability in the &quot;Add Image From Web&quot; ...)
	- gallery2 2.0.2-1 (medium)
CVE-2005-4021 (The installer for Gallery 2.0 before 2.0.2 stores the install log ...)
	- gallery2 2.0.2-1 (low)
CVE-2005-4020 (SQL injection vulnerability in create.php in Widget Imprint 1.0.26 and ...)
	NOT-FOR-US: Widget Imprint
CVE-2005-4019 (SQL injection vulnerability in index.php in Relative Real Estate ...)
	NOT-FOR-US: Relative Real Estate Systems
CVE-2005-4018 (SQL injection vulnerability in ls.php in Landshop Real Estate Commerce ...)
	NOT-FOR-US: Landshop Real Estate Commerce System
CVE-2005-4017 (property.php in Widget Property 1.1.19 allows remote attackers to ...)
	NOT-FOR-US: Widget Property
CVE-2005-4016 (SQL injection vulnerability in Widget Property 1.1.19 allows remote ...)
	NOT-FOR-US: Widget Property
CVE-2005-4015 (PHP Web Statistik 1.4 does not rotate the log database or limit the ...)
	NOT-FOR-US: PHP Web Statistik
CVE-2005-4014 (stat.php in PHP Web Statistik 1.4 allows remote attackers to cause a ...)
	NOT-FOR-US: PHP Web Statistik
CVE-2005-4013 (PHP Web Statistik 1.4 stores the stat.cfg file under the web root with ...)
	NOT-FOR-US: PHP Web Statistik
CVE-2005-4012 (Multiple cross-site scripting (XSS) vulnerabilities in PHP Web ...)
	NOT-FOR-US: PHP Web Statistik
CVE-2005-4011 (SQL injection vulnerability in calendar.php in Codewalkers ltwCalendar ...)
	NOT-FOR-US: Codewalkers ltwCalendar
CVE-2005-4010 (SQL injection vulnerability in KBase Express 1.0.0 and earlier allows ...)
	NOT-FOR-US: Kbase Express
CVE-2005-4009 (Multiple SQL injection vulnerabilities in PHP Lite Calendar Express ...)
	NOT-FOR-US: PHP Lite Calender Express
CVE-2005-4008 (SQL injection vulnerability in jax_calendar.php in Jax Calendar 1.34 ...)
	NOT-FOR-US: Jax Calendar
CVE-2005-4077 (Multiple off-by-one errors in the cURL library (libcurl) 7.11.2 ...)
	{DSA-919-2}
	- curl 7.15.1-1 (bug #342339; bug #342696; medium)
CVE-2005-4007 (Multiple unspecified vulnerabilities in SAPID CMS before 1.2.3.03, ...)
	NOT-FOR-US: SAPID CMS
CVE-2005-4006 (SAPID CMS before 1.2.3.03 allows remote attackers to bypass ...)
	NOT-FOR-US: SAPID CMS
CVE-2005-4005 (SQL injection vulnerability in messages.php in PHP-Fusion 6.00.109 ...)
	NOT-FOR-US: PHP-Fusion
CVE-2005-4004 (Cross-site scripting (XSS) vulnerability in search.asp in ...)
	NOT-FOR-US: MyTemplateSite
CVE-2005-4003 (Multiple SQL injection vulnerabilities in Absolute Shopping Package ...)
	NOT-FOR-US: Absolute Shopping Package Solutions (ASPS) Shopping Cart
CVE-2005-4002 (WebEOC before 6.0.2 uses the same secret key for all installations, ...)
	NOT-FOR-US: WebEOC
CVE-2005-4001 (Multiple SQL injection vulnerabilities in phpYellowTM Pro Edition and ...)
	NOT-FOR-US: phpYellowTM Pro Edition
CVE-2005-4000 (Cross-site scripting (XSS) vulnerability in archive.asp in SiteBeater ...)
	NOT-FOR-US: SiteBeater News System
CVE-2005-3999 (Cross-site scripting (XSS) vulnerability in Search.asp in SiteBeater ...)
	NOT-FOR-US: SiteBeater MP3 Catalog
CVE-2005-3998 (Cross-site scripting (XSS) vulnerability in search.asp in Solupress ...)
	NOT-FOR-US: Solupress News
CVE-2005-3997 (Zen Cart 1.2.6d and earlier, under certain PHP configurations, allows ...)
	NOT-FOR-US: Zen Cart
CVE-2005-3996 (SQL injection vulnerability in admin/password_forgotten.php in ...)
	NOT-FOR-US: Zen Cart
CVE-2005-3995 (Format string vulnerability in the dosyslog function in the OBEX ...)
	NOT-FOR-US: Sobexsrv
	NOTE: Checked obexserver source package, not vulnerable
CVE-2005-3994
	REJECTED
	NOT-FOR-US: Atlassian Confluence
CVE-2005-3993 (Multiple unspecified vulnerabilities in MailEnable Professional 1.6 ...)
	NOT-FOR-US: MailEnable
CVE-2005-3992 (Multiple buffer overflows in WinEggDropShell remote access trojan ...)
	NOT-FOR-US: WinEggDropShell
CVE-2005-3991 (Multiple cross-site scripting (XSS) vulnerabilities in phpMyChat ...)
	NOT-FOR-US: phpMyChat
CVE-2005-3990
	REJECTED
	NOTE: duplicate of CVE-2006-3619
CVE-2005-3989 (Memory leak in Avaya TN2602AP IP Media Resource 320 circuit pack ...)
	NOT-FOR-US: Avaya hardware
CVE-2005-3988 (SQL injection vulnerability in article.php in Pineapple Technologies ...)
	NOT-FOR-US: Pineapple Technologies Lore
CVE-2005-3987 (Multiple SQL injection vulnerabilities in Tradesoft CMS allow remote ...)
	NOT-FOR-US: Tradesoft CMS
CVE-2005-3986 (Multiple SQL injection vulnerabilities in Instant Photo Gallery 1 and ...)
	NOT-FOR-US: Instant Photo Gallery
CVE-2005-3985 (The Internet Key Exchange version 1 (IKEv1) implementation in Astaro ...)
	NOT-FOR-US: Astaro Security Linux
CVE-2005-3984 (SQL injection vulnerability in WebCalendar 1.0.1 allows remote ...)
	{DSA-1002-1}
	- webcalendar 1.0.2-1 (bug #342090)
CVE-2005-3983 (Unknown vulnerability in the login page for HP Systems Insight Manager ...)
	NOT-FOR-US: HP Systems Insight Manager
CVE-2005-3982 (CRLF injection vulnerability in layers_toggle.php in WebCalendar 1.0.1 ...)
	{DSA-1002-1}
	- webcalendar 1.0.2-1 (bug #342090)
CVE-2005-3981 (** DISPUTED ** ...)
	NOT-FOR-US: Windows
CVE-2005-3980 (SQL injection vulnerability in the ticket query module in Edgewall ...)
	- trac 0.9.1-1 (bug #341697; medium)
	[sarge] - trac <not-affected>
CVE-2005-3979 (relocate_server.php in Coppermine Photo Gallery (CPG) 1.4.2 and 1.4 ...)
	NOT-FOR-US: Coppermine Photo Gallery
CVE-2005-3978 (Multiple SQL injection vulnerabilities in NetClassifieds Premium ...)
	NOT-FOR-US: NetClassifieds Premium Edition
CVE-2005-3977 (Cross-site scripting (XSS) vulnerability in QualityEBiz Quality PPC ...)
	NOT-FOR-US: QualityEBiz Quality PPC
CVE-2005-3976 (SQL injection vulnerability in type.asp, as used in multiple DUware ...)
	NOT-FOR-US: Multipke DuWare products
CVE-2005-3975 (Interpretation conflict in file.inc in Drupal 4.5.0 through 4.5.5 and ...)
	{DSA-958-1}
	- drupal 4.5.6-1 (bug #348811; medium)
CVE-2005-3974 (Drupal 4.5.0 through 4.5.5 and 4.6.0 through 4.6.3, when running on ...)
	{DSA-958-1}
	- drupal 4.5.6-1 (low)
CVE-2005-3973 (Multiple cross-site scripting (XSS) vulnerabilities in Drupal 4.5.0 ...)
	{DSA-958-1}
	- drupal 4.5.6-1 (bug #348811; medium)
CVE-2005-3972 (Cross-site scripting (XSS) vulnerability in extremesearch.php in ...)
	NOT-FOR-US: Extreme Search Corporate Edition
CVE-2005-3971 (Cross-site scripting (XSS) vulnerability in the login form in Citrix ...)
	NOT-FOR-US: Citrix
CVE-2005-3970 (Cross-site scripting (XSS) vulnerability in MXChange before ...)
	NOT-FOR-US: MXChange
CVE-2005-3969 (SQL injection vulnerability in MXChange before 0.2.0-pre10 PL492 ...)
	NOT-FOR-US: MXChange
CVE-2005-3968 (SQL injection vulnerability in auth.inc.php in PHPX 3.5.9 and earlier ...)
	NOT-FOR-US: PHPX
CVE-2005-3967 (Cross-site scripting (XSS) vulnerability in the dosearchsite.action ...)
	NOT-FOR-US: Atlassian Confluence
CVE-2005-3966 (Cross-site scripting (XSS) vulnerability in search.jsp in Java Search ...)
	NOT-FOR-US: Java Search Engine
CVE-2005-3965
	REJECTED
CVE-2005-3964 (Multiple buffer overflows in libUil (libUil.so) in OpenMotif 2.2.3, ...)
	- openmotif 2.2.3-1.4 (bug #342092; medium)
	[sarge] - openmotif <no-dsa> (Non-free)
CVE-2005-3963 (SQL injection vulnerability in session.php in DotClear before 1.2.3 ...)
	NOT-FOR-US: DotClear
CVE-2004-2649 (Eudora 6.1.0.6 allows remote attackers to obfuscate URLs displayed in ...)
	NOT-FOR-US: Eudora
CVE-2004-2648 (FreezeX 1.00.100.0666 allows local users with administrator privileges ...)
	NOT-FOR-US: FreezeX
CVE-2004-2647 (Free Web Chat 2.0 allows remote attackers to cause a denial of service ...)
	NOT-FOR-US: Free Web Chat
CVE-2004-2646 (The addUser function in UserManager.java in Free Web Chat 2.0 allows ...)
	NOT-FOR-US: Free Web Chat
CVE-2004-2645 (Unspecified vulnerability in ASN.1 Compiler (asn1c) before 0.9.7 has ...)
	- asn1c <not-affected> (Fixed before upload into archive; 0.9.7)
CVE-2004-2644 (Unspecified vulnerability in ASN.1 Compiler (asn1c) before 0.9.7 has ...)
	- asn1c <not-affected> (Fixed before upload into archive; 0.9.7)
CVE-2004-2643 (Directory traversal vulnerability in Microsoft cabarc allows remote ...)
	NOT-FOR-US: Microsoft cabarc
CVE-2004-2642 (Yeemp 0.9.9 and earlier does properly encrypt inbound files, which ...)
	NOT-FOR-US: Yeemp
CVE-2004-2641 (Unspecified vulnerability in Sun Fire 3800/4800/4810/6800, Sun Fire ...)
	NOT-FOR-US: Sun appliances
CVE-2004-2640 (Directory traversal vulnerability in lstat.cgi in LinuxStat before ...)
	NOT-FOR-US: LinuxStat
CVE-2004-2639 (Unspecified vulnerability in Journalness 3.0.7 and earlier allows ...)
	NOT-FOR-US: Journalness
CVE-2004-2638 (The Admin Access With Levels plugin in osCommerce 1.5.1 allows remote ...)
	NOT-FOR-US: osCommerce
CVE-2004-2637 (The NAT implementation in Zonet ZSR1104WE Wireless Router Runtime Code ...)
	NOT-FOR-US: Zyxel hardware
CVE-2004-2636 (TinyWeb 1.9 allows remote attackers to read source code of scripts via ...)
	NOT-FOR-US: TinyWeb
CVE-2004-2635 (An ActiveX control for McAfee Security Installer Control System ...)
	NOT-FOR-US: McAfee
CVE-2004-2634 (The (1) bos.rte.serv_aid or (2) bos.rte.console filesets in IBM AIX ...)
	NOT-FOR-US: AIX
CVE-2004-2633 (Unspecified vulnerability in Sesamie 1.0 allows remote anonymous ...)
	NOT-FOR-US: Sesamie
CVE-2004-2632 (phpMyAdmin 2.5.1 up to 2.5.7 allows remote attackers to modify ...)
	- phpmyadmin 1:2.5.7-pl1-1
CVE-2004-2631 (Eval injection vulnerability in left.php in phpMyAdmin 2.5.1 up to ...)
	- phpmyadmin 1:2.5.7-pl1-1
CVE-2004-2630 (The MIME transformation system ...)
	- phpmyadmin 2:2.6.0-pl2-1
CVE-2004-2629 (Multiple vulnerabilities in the H.323 protocol implementation for ...)
	NOT-FOR-US: Click to Meet express
CVE-2004-2628 (Multiple directory traversal vulnerabilities in thttpd 2.07 beta 0.4, ...)
	- thttpd <not-affected> (Windows-specific vulnerabilities)
CVE-2004-2627 (Java 2 Micro Edition (J2ME) does not properly validate bytecode, which ...)
	NOT-FOR-US: J2ME
CVE-2004-2626 (GUI overlay vulnerability in the Java API in Siemens S55 cellular ...)
	NOT-FOR-US: Siemens cell phone
CVE-2004-2625 (Cross-site scripting (XSS) vulnerability in Outblaze Email allows ...)
	NOT-FOR-US: Outblaze Email
CVE-2004-2624 (Cross-site scripting (XSS) vulnerability in &quot;TextSearch&quot; in WackoWiki ...)
	NOT-FOR-US: WackoWiki
CVE-2004-2623 (Unknown vulnerability in Rippy the Aggregator before 0.10, when ...)
	NOT-FOR-US: Rippy the Aggregator
CVE-2004-2622 (AClient.exe in Altiris Deployment Solution 6.x and 5.x does not ...)
	NOT-FOR-US: Altiris Deployment Solution
CVE-2004-2621 (Nortel Contivity VPN Client 2.1.7, 3.00, 3.01, 4.91, and 5.01, when ...)
	NOT-FOR-US: Nortel Contivity VPN client
CVE-2004-2620 (The MIMEH_read_headers function in ripMIME 1.3.1.0 does not properly ...)
	NOT-FOR-US: ripMIME
CVE-2004-2619 (ripMIME 1.3.2.3 and earlier allows remote attackers to bypass e-mail ...)
	NOT-FOR-US: ripMIME
CVE-2004-2618 (Cross-site scripting (XSS) vulnerability in Pegasi Web Server (PWS) ...)
	NOT-FOR-US: Pegasi Web Server
CVE-2004-2617 (Directory traversal vulnerability in Pegasi Web Server (PWS) 0.2.2 ...)
	NOT-FOR-US: Pegasi Web Server
CVE-2004-2616 (The file server in ActivePost Standard 3.1 and earlier allows remote ...)
	NOT-FOR-US: ActivePost Standard
CVE-2004-2615 (The documentation for CuteNews 1.3.6 and possibly other versions ...)
	NOT-FOR-US: Cutenews
CVE-2004-2614 (Buffer overflow in MyWeb 3.3 allows remote attackers to cause a denial ...)
	NOT-FOR-US: MyWeb
CVE-2004-2613 (Unspecified vulnerability in procfs in the Linux-VServer stable branch ...)
	- kernel-patch-ctx 1:1.28-1 (bug #262903; medium)
CVE-2004-2612 (BNC 2.9.0 only grants access when an incorrect password is provided, ...)
	NOT-FOR-US: BNC
CVE-2004-2611 (The Change Permissions function in the Sophster suite before 0.9.6 28 ...)
	NOT-FOR-US: Sophster suite
CVE-2004-2610 (mntd_mount.c in mntd before 0.4.2 might allow local users to gain ...)
	NOT-FOR-US: mntd
CVE-2004-2609 (The stuffit.com executable on Symantec PowerQuest DeployCenter 5.5 ...)
	NOT-FOR-US: Symantec PowerQuest DeployCenter
CVE-2004-2608 (SmartWebby Smart Guest Book stores SmartGuestBook.mdb (aka the &quot;news ...)
	NOT-FOR-US: SmartWebby Smart Guest Book
CVE-2003-1288 (Multiple race conditions in Linux-VServer 1.22 with Linux kernel ...)
	- kernel-patch-ctx 1:1.29-1
CVE-2004-2607 (A numeric casting discrepancy in sdla_xfer in Linux kernel 2.6.x up to ...)
	{DSA-1018-1}
	- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.6)
CVE-2005-3962 (Integer overflow in the format string functionality (Perl_sv_vcatpvfn) ...)
	{DSA-943-1}
	- perl 5.8.7-9 (bug #341542; medium)
CVE-2006-0034 (Heap-based buffer overflow in the CRpcIoManagerServer::BuildContext ...)
	NOT-FOR-US: Microsoft
CVE-2006-0033 (Unspecified vulnerability in Microsoft Office 2003 SP1 and SP2, Office ...)
	NOT-FOR-US: Microsoft
CVE-2006-0032 (Cross-site scripting (XSS) vulnerability in the Indexing Service in ...)
	NOT-FOR-US: Microsoft
CVE-2006-0031 (Stack-based buffer overflow in Microsoft Excel 2000, 2002, and 2003, ...)
	NOT-FOR-US: Microsoft
CVE-2006-0030 (Unspecified vulnerability in Microsoft Excel 2000, 2002, and 2003, in ...)
	NOT-FOR-US: Microsoft
CVE-2006-0029 (Unspecified vulnerability in Microsoft Excel 2000, 2002, and 2003, in ...)
	NOT-FOR-US: Microsoft
CVE-2006-0028 (Unspecified vulnerability in Microsoft Excel 2000, 2002, and 2003, in ...)
	NOT-FOR-US: Microsoft
CVE-2006-0027 (Unspecified vulnerability in Microsoft Exchange allows remote ...)
	NOT-FOR-US: Microsoft
CVE-2006-0026 (Buffer overflow in Microsoft Internet Information Services (IIS) 5.0, ...)
	NOT-FOR-US: Microsoft
CVE-2006-0025 (Stack-based buffer overflow in Microsoft Windows Media Player 9 and 10 ...)
	NOT-FOR-US: Microsoft Windows Media Player
CVE-2006-0024 (Multiple unspecified vulnerabilities in Adobe Flash Player 8.0.22.0 ...)
	- flashplugin-nonfree 7.0.61-4 (bug #357038; bug #357105)
	[sarge] - flashplugin-nonfree <no-dsa> (Only affects proprietary Flash plugin)
CVE-2006-0023 (Microsoft Windows XP SP1 and SP2 before August 2004, and possibly ...)
	NOT-FOR-US: Microsoft
CVE-2006-0022 (Unspecified vulnerability in Microsoft PowerPoint in Microsoft Office ...)
	NOT-FOR-US: Microsoft PowerPoint
CVE-2006-0021 (Microsoft Windows XP SP1 and SP2, and Server 2003 up to SP1, allows ...)
	NOT-FOR-US: Microsoft
CVE-2006-0020 (An unspecified Microsoft WMF parsing application, as used in Internet ...)
	NOT-FOR-US: Microsoft
CVE-2006-0018
	REJECTED
CVE-2005-3961 (export_handler.php in WebCalendar 1.0.1 allows remote attackers to ...)
	{DSA-1002-1}
	- webcalendar 1.0.2-1 (bug #341208; medium)
CVE-2005-3960 (Kadu 0.4.2 and 0.5.0pre allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Kadu
CVE-2005-3959 (Multiple cross-site scripting (XSS) vulnerabilities in FreeWebStat 1.0 ...)
	NOT-FOR-US: FreeWebStat
CVE-2005-3958 (SQL injection vulnerability in index.php in Entergal MX 2.0 allows ...)
	NOT-FOR-US: Entergal MX
CVE-2005-3957 (Unspecified vulnerability in the Trackback functionality in DotClear ...)
	NOT-FOR-US: DotClear
CVE-2005-3956 (Multiple SQL injection vulnerabilities in index.php in DMANews 0.904 ...)
	NOT-FOR-US: DMANews
CVE-2005-3955 (Multiple cross-site scripting (XSS) vulnerabilities in MagpieRSS 7.1, ...)
	NOT-FOR-US: MagpieRSS
CVE-2005-3954 (Cross-site scripting (XSS) vulnerability in blogBuddies 0.3 allows ...)
	NOT-FOR-US: blogBuddies
CVE-2005-3953 (SQL injection vulnerability in Bedeng PSP 1.1 allows remote attackers ...)
	NOT-FOR-US: Bedeng PSP
CVE-2005-3952 (SQL injection vulnerability in PHP Labs Top Auction allows remote ...)
	NOT-FOR-US: PHP Labs Top Auction
CVE-2005-3951 (SQL injection vulnerability in survey.php in PHP Labs Survey Wizard ...)
	NOT-FOR-US: PHP Labs Survey Wizard
CVE-2005-3950 (nuauth in NuFW 1.0.x before 1.0.16 and 1.1 allows authenticated users ...)
	- nufw 1.0.16-1 (bug #341544; medium)
CVE-2005-3949 (Multiple SQL injection vulnerabilities in WebCalendar 1.0.1 allow ...)
	{DSA-1002-1}
	- webcalendar 1.0.2-1 (bug #341208; medium)
CVE-2005-3948 (Directory traversal vulnerability in main.php in PHPAlbum 0.2.3 and ...)
	NOT-FOR-US: PHPAlbum
CVE-2005-3947 (Directory traversal vulnerability in index.php in PHP Upload Center ...)
	NOT-FOR-US: PHP Upload Center
CVE-2005-3946 (Opera 8.50 allows remote attackers to cause a denial of service ...)
	NOT-FOR-US: Opera
CVE-2005-3945 (The SynAttackProtect protection in Microsoft Windows 2003 before SP1 ...)
	NOT-FOR-US: Microsoft
CVE-2005-3944 (SQL injection vulnerability in survey.php in ilyav Survey System 1.1 ...)
	NOT-FOR-US: ilyav Survey System
CVE-2005-3943 (Multiple SQL injection vulnerabilities in ilyav FAQ System 1.1 and ...)
	NOT-FOR-US: ilyav Survey System
CVE-2005-3942 (SQL injection vulnerability in knowledgebase-control.php in Orca ...)
	NOT-FOR-US: Orca Knowledgebase
CVE-2005-3941 (SQL injection vulnerability in blog.php in Orca Blog 1.3b and earlier ...)
	NOT-FOR-US: Orca Blog
CVE-2005-3940 (SQL injection vulnerability in ringmaker.php in Orca Ringmaker 2.3c ...)
	NOT-FOR-US: Orca Ringmaker
CVE-2005-3939 (Multiple SQL injection vulnerabilities in WSN Knowledge Base 1.2.0 and ...)
	NOT-FOR-US: WSN Knowledge Base
CVE-2005-3938 (SQL injection vulnerability in Softbiz FAQ Script 1.1 and earler ...)
	NOT-FOR-US: Softbiz FAQ
CVE-2005-3937 (SQL injection vulnerability in Softbiz B2B Trading Marketplace Script ...)
	NOT-FOR-US: Softbiz B2B
CVE-2005-3936 (PHP file include vulnerability in SocketKB 1.1.0 and earlier allows ...)
	NOT-FOR-US: SocketKB
CVE-2005-3935 (SQL injection vulnerability in SocketKB 1.1.0 and earlier allows ...)
	NOT-FOR-US: SocketKB
CVE-2005-3934 (Buffer overflow in Symantec pcAnywhere 11.0.1, 11.5.1, and all other ...)
	NOT-FOR-US: pcAnywhere
CVE-2005-3933 (SQL injection vulnerability in index.php in 88Script's Event Calendar ...)
	NOT-FOR-US: 88Script's Event Calendar
CVE-2005-3932 (SQL injection vulnerability in okiraku.php in O-Kiraku Nikki 1.3 and ...)
	NOT-FOR-US: O-Kiraku Nikki
CVE-2005-3931 (SQL injection vulnerability in default.asp in ASP-Rider 1.6 allows ...)
	NOT-FOR-US: ASP-Rider
CVE-2005-3930 (SQL injection vulnerability in index.php in N-13 News 1.2 allows ...)
	NOT-FOR-US: N-13 News
CVE-2005-3929 (Directory traversal vulnerability in the create function in ...)
	NOT-FOR-US: Xaraya
	NOTE: xarMLSXML2PHPBackend.php, 'nuff said
CVE-2005-3928 (Buffer overflow in phgrafx in QNX 6.2.1 and 6.3.0 allows local users ...)
	NOT-FOR-US: QNX
CVE-2005-3927 (Multiple directory traversal vulnerabilities in GuppY 4.5.9 and ...)
	NOT-FOR-US: GuppY
CVE-2005-3926 (Direct static code injection vulnerability in error.php in GuppY 4.5.9 ...)
	NOT-FOR-US: GuppY
CVE-2005-3925 (Multiple SQL injection vulnerabilities in Central Manchester CLC ...)
	NOT-FOR-US: Central Manchester CLC Helpdesk Issue Manager
CVE-2005-3924 (SQL injection vulnerability in themes/kategorie/index.php in Randshop ...)
	NOT-FOR-US: Randshop
CVE-2005-3923 (NetObjects Fusion 9 (NOF9) allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: NetObjects Fusion
CVE-2005-3922 (Heap-based buffer overflow in pskcmp.dll in Panda Software Antivirus ...)
	NOT-FOR-US: Panda Antivirus
CVE-2005-3921 (Cross-site scripting (XSS) vulnerability in Cisco IOS Web Server for ...)
	NOT-FOR-US: IOS
CVE-2005-3920 (SQL injection vulnerability in Babe Logger 2 allows remote attackers ...)
	NOT-FOR-US: Babe Logger
CVE-2005-3919 (Cross-site scripting (XSS) vulnerability in PBLang 4.65 allows remote ...)
	NOT-FOR-US: PBLang
CVE-2005-3918 (** DISPUTED ** ...)
	NOT-FOR-US: OvBB
CVE-2005-3917 (SQL injection vulnerability in usersession in CommodityRentals 2.0 ...)
	NOT-FOR-US: CommidityRentals
CVE-2005-3916 (SQL injection vulnerability in memberlist.php in WSN Forum 1.21 allows ...)
	NOT-FOR-US: WSN Forum
CVE-2005-3915 (The Internet Key Exchange version 1 (IKEv1) implementation in ...)
	NOT-FOR-US: Clavister Web Client
CVE-2005-3914 (Multiple SQL injection vulnerabilities in AFFcommerce 1.1.4 allow ...)
	NOT-FOR-US: AFFcommerce
CVE-2005-3913 (Unspecified vulnerability in the domain alias management in Virtual ...)
	NOT-FOR-US: Virtual Hosting Control System
CVE-2005-3912 (Format string vulnerability in miniserv.pl Perl web server in Webmin ...)
	{DSA-1199-1}
	- webmin <not-affected> (Fixed through corrected Perl)
	NOTE: No longer exploitable with Perl 5.8.7-9, thus no dedicated Webmin updated
CVE-2005-3911 (Multiple SQL injection vulnerabilities in calendar.php in BosDates 4.0 ...)
	NOT-FOR-US: BosDates
CVE-2005-3910 (merchants/index.php in Post Affiliate Pro 2.0.4 and earlier, with ...)
	NOT-FOR-US: Post Affiliate Pro
CVE-2005-3909 (SQL injection vulnerability in merchants/index.php in Post Affiliate ...)
	NOT-FOR-US: Post Affiliate Pro
CVE-2005-3908 (Cross-site scripting (XSS) vulnerability in search.php in ...)
	NOT-FOR-US: GhostScripter Amazon Shop
CVE-2005-3907 (Unspecified vulnerability in Java Runtime Environment in Java JDK and ...)
	NOT-FOR-US: Sun Java
CVE-2005-3906 (Multiple unspecified vulnerabilities in reflection APIs in Java SDK ...)
	NOT-FOR-US: Sun Java
CVE-2005-3905 (Unspecified vulnerability in reflection APIs in Java SDK and JRE ...)
	NOT-FOR-US: Sun Java
CVE-2005-3904 (Unspecified vulnerability in Java Management Extensions (JMX) in Java ...)
	NOT-FOR-US: Sun Java
CVE-2005-3903 (Buffer overflow in uidadmin in SCO Unixware 7.1.3 and 7.1.4 allows ...)
	NOT-FOR-US: SCO Unixware
CVE-2005-3902 (Cross-site scripting (XSS) vulnerability in gui/errordocs/index.php in ...)
	NOT-FOR-US: Virtual Hosting Control System
CVE-2005-3901 (Macromedia Flash Communication Server MX 1.0 and 1.5 does not ...)
	NOT-FOR-US: Flash MX
CVE-2005-3900 (Macromedia Breeze Communication Server and Breeze Live Server does 5.1 ...)
	NOT-FOR-US: Macromedia Breeze
CVE-2005-3899 (The automatic update feature in Google Talk allows remote attackers to ...)
	NOT-FOR-US: Google Talk
CVE-2005-3898
	REJECTED
CVE-2005-3897 (Apple Safari 2.0.2 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Safari
	NOTE: Not reproducible with konqueror 4:3.4.2-4.
CVE-2005-3896 (Mozilla allows remote attackers to cause a denial of service (CPU ...)
	NOTE: maintainers don't believe it is a security bug and can't reproduce after 1.5.dfsg-1
	- firefox 1.5.dfsg-1 (bug #340283; bug #345469; unimportant)
	- mozilla-firefox 1.4.99+1.5rc3.dfsg-2 (bug #340283; bug #345469; unimportant)
	- mozilla <unfixed> (bug #340282; unimportant)
CVE-2005-3895 (Open Ticket Request System (OTRS) 1.0.0 through 1.3.2 and 2.0.0 ...)
	{DSA-973-1}
	- otrs 2.0.4p01-1 (bug #340352; medium)
CVE-2005-3894 (Multiple cross-site scripting (XSS) vulnerabilities in index.pl in ...)
	{DSA-973-1}
	- otrs 2.0.4p01-1 (bug #340352; medium)
CVE-2005-3893 (Multiple SQL injection vulnerabilities in index.pl in Open Ticket ...)
	{DSA-973-1}
	- otrs 2.0.4p01-1 (bug #340352; medium)
CVE-2005-3892 (Gadu-Gadu 7.20 allows remote attackers to eavesdrop on a user via a ...)
	NOT-FOR-US: Gadu-Gadu
CVE-2005-3891 (Stack-based buffer overflow in Gadu-Gadu 7.20 allows remote attackers ...)
	NOT-FOR-US: Gadu-Gadu
CVE-2005-3890 (Gadu-Gadu 7.20 allows remote attackers to cause a denial of service ...)
	NOT-FOR-US: Gadu-Gadu
CVE-2005-3889 (Gadu-Gadu 7.20 allows remote attackers to cause a denial of service ...)
	NOT-FOR-US: Gadu-Gadu
CVE-2005-3888 (Memory leak in Gadu-Gadu 7.20 allows remote attackers to cause a ...)
	NOT-FOR-US: Gadu-Gadu
CVE-2005-3887 (Gadu-Gadu 7.20 does not properly handle MS-DOS device names in ...)
	NOT-FOR-US: Gadu-Gadu
CVE-2005-3886 (Unspecified vulnerability in Cisco Security Agent (CSA) 4.5.0 and ...)
	NOT-FOR-US: Cisco
CVE-2005-3885 (The ps2epsi extension shell script (ps2epsi.sh) in Inkscape before ...)
	{DSA-916-1}
	- inkscape 0.42-1 (bug #321501; low)
CVE-2005-3884 (Multiple SQL injection vulnerabilities in the search action in Zainu ...)
	NOT-FOR-US: Zaimu
CVE-2005-3883 (CRLF injection vulnerability in the mb_send_mail function in PHP ...)
	- php4 4:4.4.2-1 (bug #341726; medium)
	- php5 5.1.1-1 (bug #341368; medium)
	[sarge] - php4 <no-dsa> (application's job to sanitize input)
CVE-2005-3882 (SQL injection vulnerability in answer.php in FAQSystems FAQRing ...)
	NOT-FOR-US: FAQRing Knowledge Base
CVE-2005-3881 (SQL injection vulnerability in search.php in AtlantisFAQ Knowledge ...)
	NOT-FOR-US: AtlantisFAQ Knowledge Base
CVE-2005-3880 (Multiple SQL injection vulnerabilities in Omnistar KBase 4.0 and ...)
	NOT-FOR-US: Omnistar KBase
CVE-2005-3879 (Multiple SQL injection vulnerabilities in Softbiz Resource Repository ...)
	NOT-FOR-US: Softbiz Resource Repository Script
CVE-2005-3878 (Directory traversal vulnerability in index.php in PHP Doc System 1.5.1 ...)
	NOT-FOR-US: PHP Doc System
CVE-2005-3877 (Multiple SQL injection vulnerabilities in Simple Document Management ...)
	NOT-FOR-US: Simple Document Management System
CVE-2005-3876 (Multiple SQL injection vulnerabilities in adcbrowres.php in AD Center ...)
	NOT-FOR-US: AD Center ADC2000 NG Pro
CVE-2005-3875 (Multiple SQL injection vulnerabilities in Enterprise Connector 1.0.2 ...)
	NOT-FOR-US: Enterprise Connector
CVE-2005-3874 (SQL injection vulnerability in netzbr.php in Netzbrett 1.5.1 and ...)
	NOT-FOR-US: Netzbrett
CVE-2005-3873 (SQL injection vulnerability in topic.php in ShockBoard 3.0 and 4.0 ...)
	NOT-FOR-US: ShockBoard
CVE-2005-3872 (Multiple SQL injection vulnerabilities in Ugroup 2.6.2 and earlier ...)
	NOT-FOR-US: Ugroup
CVE-2005-3871 (Multiple SQL injection vulnerabilities in Joels Bulletin board (JBB) ...)
	NOT-FOR-US: JBB
CVE-2005-3870 (Multiple SQL injection vulnerabilities in edmobbs9r.php in edmoBBS 0.9 ...)
	NOT-FOR-US: edmoBBS
CVE-2005-3869 (Cross-site scripting (XSS) vulnerability in index.php in Google API ...)
	NOT-FOR-US: Google API
CVE-2005-3868 (Multiple SQL injection vulnerabilities in K-Search 1.0 and earlier ...)
	NOT-FOR-US: K-Search
CVE-2005-3867 (Cross-site scripting (XSS) vulnerability in RevenuePilot Search Engine ...)
	NOT-FOR-US: RevenuePilot Search Engine
CVE-2005-3866 (Cross-site scripting (XSS) vulnerability in SearchFeed Search Engine ...)
	NOT-FOR-US: SearchFeed Search Engine
CVE-2005-3865 (SQL injection vulnerability in index.php in AllWeb search 3.0 and ...)
	NOT-FOR-US: AllWeb search
CVE-2005-3864 (SQL injection vulnerability in index.php in SourceWell 1.1.2 and ...)
	NOT-FOR-US: SourceWell
CVE-2005-3863 (Stack-based buffer overflow in kkstrtext.h in ktools library 0.3 and ...)
	{DSA-1088-1 DSA-1083-1 DTSA-23-1}
	- centericq 4.21.0-6 (bug #340959; medium)
	- orpheus 1.5-5 (bug #368402; medium)
	- motor 2:3.4.0-6 (bug #368400; medium)
	NOTE: DTSA is for centericq only
	NOTE: This affects Sarge and Woody centericq
	NOTE: This affects Sarge and Woody motor
CVE-2005-3862 (Buffer overflow in unalz before 0.53 allows remote attackers to ...)
	{DSA-959-1}
	- unalz 0.55-1 (bug #340842; medium)
CVE-2005-3861 (PHP remote file inclusion vulnerability in content.php in phpGreetz ...)
	NOT-FOR-US: phpGreetz
CVE-2005-3860 (PHP remote file inclusion vulnerability in athena.php in Oliver May ...)
	NOT-FOR-US: Oliver May Athena PHP Website Administration
CVE-2005-3859 (PHP remote file inclusion vulnerability in q-news.php in Q-News 2.0 ...)
	NOT-FOR-US: Q-News
CVE-2005-3858 (Memory leak in the ip6_input_finish function in ip6_input.c in Linux ...)
	{DSA-1018-1 DSA-1017-1}
	- linux-2.6 2.6.12-6
CVE-2005-3856 (The Popular URL capability (popularurls.cpp) in Krusader 1.60.0 and ...)
	- krusader 1.70.0-1 (bug #336169; low)
	[sarge] - krusader <not-affected>
	NOTE: This seems to be a dupe of CVE-2006-3816, pinged MITRE
CVE-2005-3855 (SQL injection vulnerability in process.php in 1-2-3 music store allows ...)
	NOT-FOR-US: 1-2-3 music store
CVE-2005-3854 (Cross-site scripting (XSS) vulnerability in index.php in EasyPageCMS ...)
	NOT-FOR-US: EasyPageCMS
CVE-2005-3853 (SQL injection vulnerability in snews.php in sNews 1.3 and earlier ...)
	NOT-FOR-US: sNews
CVE-2005-3852 (SQL injection vulnerability in search.asp in Online Work Order Suite ...)
	NOT-FOR-US: Online Work Order Suite
CVE-2005-3851 (Cross-site scripting (XSS) vulnerability in search.asp in Online ...)
	NOT-FOR-US: Online Attendance System
CVE-2005-3850 (Cross-site scripting (XSS) vulnerability in search.asp in Online ...)
	NOT-FOR-US: Online Knowledge Base System
CVE-2005-3846 (SQL injection vulnerability in news.php in Fantastic News 2.1.1 and ...)
	NOT-FOR-US: Fantastic News
CVE-2005-3845 (SQL injection vulnerability in invoices.php in EZ Invoice Inc 2.0 ...)
	NOT-FOR-US: EZ Invoice Inc
CVE-2005-3844 (SQL injection vulnerability in phpWordPress PHP News and Article ...)
	NOT-FOR-US: phpWordpress, this is not the same as Wordpress
CVE-2005-3843 (SQL injection vulnerability in faq.php in Nicecoder iDesk 1.0 allows ...)
	NOT-FOR-US: Nicecode iDesk
CVE-2005-3842 (SQL injection vulnerability in index.php in pdjk-support suite 1.1a ...)
	NOT-FOR-US: pdjk-support suite
CVE-2005-3841 (Cross-site scripting (XSS) vulnerability in kPlaylist 1.6 (build 400), ...)
	NOT-FOR-US: kPlaylist
CVE-2005-3840 (SQL injection vulnerability in kb.php in Omnistar Live 5.2 and earlier ...)
	NOT-FOR-US: Omnistar Live
CVE-2005-3839 (Cross-site scripting (XSS) vulnerability in SupportPRO Supportdesk ...)
	NOT-FOR-US: SupportPRO Supportdesk
CVE-2005-3838 (Multiple SQL injection vulnerabilities in search.php in IsolSoft ...)
	NOT-FOR-US: IsolSoft Support Center
CVE-2005-3837 (Cross-site scripting (XSS) vulnerability in the search module in ...)
	NOT-FOR-US: sCssBoard
CVE-2005-3836 (SQL injection vulnerability in DeskLance 2.3 and earlier allows remote ...)
	NOT-FOR-US: DeskLance
CVE-2005-3835 (PHP remote file inclusion vulnerability in support/index.php in ...)
	NOT-FOR-US: DeskLance
CVE-2005-3834 (Cross-site scripting (XSS) vulnerability in search.php in Tunez 1.21 ...)
	NOT-FOR-US: Tunez
CVE-2005-3833 (SQL injection vulnerability in songinfo.php in Tunez 1.21 and earlier ...)
	NOT-FOR-US: Tunez
CVE-2005-3832 (Stack-based buffer overflow in (1) CxUux60.dll and (2) CxUux60u.dll, ...)
	NOT-FOR-US: SpeedProject products
CVE-2005-3831 (Stack-based buffer overflow in (1) CxZIP60.dll and (2) CxZIP60u.dll, ...)
	NOT-FOR-US: SpeedProject products
CVE-2005-3830 (index.php in ActiveCampaign SupportTrio 1.4 and earlier allows remote ...)
	NOT-FOR-US: ActiveCampaign SupportTrio
CVE-2005-3829 (index.php in ActiveCampaign KnowledgeBuilder 2.4 and earlier allows ...)
	NOT-FOR-US: ActiveCampaign SupportTrio
CVE-2005-3828 (SQL injection vulnerability in index.php in ActiveCampaign ...)
	NOT-FOR-US: ActiveCampaign SupportTrio
CVE-2005-3827 (SQL injection vulnerability in product_cat in AgileBill 1.4.92 and ...)
	NOT-FOR-US: AgileBill
CVE-2005-3826 (Multiple SQL injection vulnerabilities in Ezyhelpdesk 1.0 allow remote ...)
	NOT-FOR-US: Ezyhelpdesk
CVE-2005-3825 (SQL injection vulnerability in index.php in Comdev Vote Caster 3.1 and ...)
	NOT-FOR-US: Comdev Vote Caster
CVE-2005-3824 (The uploads module in vTiger CRM 4.2 and earlier allows remote ...)
	NOT-FOR-US: vTiger CRM
CVE-2005-3823 (The Users module in vTiger CRM 4.2 and earlier allows remote attackers ...)
	NOT-FOR-US: vTiger CRM
CVE-2005-3822 (Multiple SQL injection vulnerabilities in vTiger CRM 4.2 and earlier ...)
	NOT-FOR-US: vTiger CRM
CVE-2005-3821 (Cross-site scripting (XSS) vulnerability in vTiger CRM 4.2 and earlier ...)
	NOT-FOR-US: vTiger CRM
CVE-2005-3820 (Multiple directory traversal vulnerabilities in index.php in vTiger ...)
	NOT-FOR-US: vTiger CRM
CVE-2005-3819 (Multiple SQL injection vulnerabilities in vTiger CRM 4.2 and earlier ...)
	NOT-FOR-US: vTiger CRM
CVE-2005-3818 (Multiple cross-site scripting (XSS) vulnerabilities in vTiger CRM 4.2 ...)
	NOT-FOR-US: vTiger CRM
CVE-2005-3817 (Multiple SQL injection vulnerabilities in Softbiz Web Host Directory ...)
	NOT-FOR-US: Softbiz Web Host Directory
CVE-2005-3816 (Multiple SQL injection vulnerabilities in forum.php in freeForum 1.1 ...)
	NOT-FOR-US: freeForum
CVE-2005-3815 (SQL injection vulnerability in forum.php in Orca Forum 4.3b and ...)
	NOT-FOR-US: Orca Forum
CVE-2005-3814 (Multiple cross-site scripting (XSS) vulnerabilities in SmartPPC Pro ...)
	NOT-FOR-US: SmartPPC Pro
CVE-2005-3813 (IMAP service (meimaps.exe) of MailEnable Professional 1.7 and ...)
	NOT-FOR-US: MailEnable
CVE-2005-3812 (freeFTPd 1.0.10 allows remote authenticated users to cause a denial of ...)
	NOT-FOR-US: freeFTPd
CVE-2005-3811 (Directory traversal vulnerability in admin/main.php in AMAX Magic ...)
	NOT-FOR-US: AMAX Magic Winmail Server
CVE-2005-3806 (The IPv6 flow label handling code (ip6_flowlabel.c) in Linux kernels ...)
	{DSA-1018-1 DSA-1017-1}
	- linux-2.6 2.6.14-1 (medium)
CVE-2005-3805 (A locking problem in POSIX timer cleanup handling on exit in Linux ...)
	- linux-2.6 2.6.14-1 (medium)
CVE-2005-3804 (Cisco IP Phone (VoIP) 7920 1.0(8) listens to UDP port 17185 to support ...)
	NOT-FOR-US: Cisco
CVE-2005-3803 (Cisco IP Phone (VoIP) 7920 1.0(8) contains certain hard-coded ...)
	NOT-FOR-US: Cisco
CVE-2005-3802 (Belkin F5D7232-4 and F5D7230-4 wireless routers with firmware 4.03.03 ...)
	NOT-FOR-US: Belkin hardware
CVE-2005-3801 (CounterPane PasswordSafe 1.x and 2.x allows local users to test ...)
	NOT-FOR-US: PasswordSafe
CVE-2005-3800 (Macromedia Contribute Publishing Server (CPS) before 1.11 uses a weak ...)
	NOT-FOR-US: Macromedia Contribute Publishing Server
CVE-2005-3799 (phpBB 2.0.18 allows remote attackers to obtain sensitive information ...)
	- phpbb2 <unfixed> (unimportant)
	NOTE: Not a real security problem, error messages might disclose the installation
	NOTE: which is known for the Debian package anyway
CVE-2005-3798 (SQL injection vulnerability in admin/index.php in AlstraSoft Template ...)
	NOT-FOR-US: AlstraSoft Template Seller
CVE-2005-3797 (PHP remote file inclusion vulnerability in payment_paypal.php in ...)
	NOT-FOR-US: AlstraSoft Template Seller
CVE-2005-3796 (Direct static code injection vulnerability in admin_options_manage.php ...)
	NOT-FOR-US: AlstraSoft Affiliate Network
CVE-2005-3795 (Multiple cross-site scripting (XSS) vulnerabilities in AlstraSoft ...)
	NOT-FOR-US: AlstraSoft Affiliate Network
CVE-2005-3794 (AlstraSoft Affiliate Network Pro 7.2 allows remote attackers to obtain ...)
	NOT-FOR-US: AlstraSoft Affiliate Network
CVE-2005-3793 (Multiple SQL injection vulnerabilities in AlstraSoft Affiliate Network ...)
	NOT-FOR-US: AlstraSoft Affiliate Network
CVE-2005-3792 (Multiple SQL injection vulnerabilities in the Search module in ...)
	NOT-FOR-US: PHP-Nuke
CVE-2005-3791 (HTTP response splitting vulnerability in phpAdsNew and phpPgAds 2.0.6 ...)
	NOT-FOR-US: phpAdsNew and phpPgAds
CVE-2005-3790 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
	NOT-FOR-US: phpwcms
CVE-2005-3789 (Multiple directory traversal vulnerabilities in phpwcms 1.2.5 allow ...)
	NOT-FOR-US: phpwcms
CVE-2005-3788 (Race condition in Cisco Adaptive Security Appliance (ASA) 7.0(0), ...)
	NOT-FOR-US: Cisco
CVE-2005-3787 (Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin ...)
	{DSA-880-1}
	- phpmyadmin 4:2.6.4-pl4-1 (bug #360726)
CVE-2005-3786 (Novell ZENworks for Desktops 4.0.1, ZENworks for Servers 3.0.2, and ...)
	NOT-FOR-US: Novell ZENworks
CVE-2005-3785 (Second-order symlink vulnerability in eix-sync.in in Ebuild IndeX ...)
	NOT-FOR-US: Ebuild IndeX
CVE-2005-3784 (The auto-reap of child processes in Linux kernel 2.6 before 2.6.15 ...)
	{DSA-1017-1}
	- linux-2.6 2.6.15-1 (medium)
	- kernel-source-2.4.27 <not-affected>
CVE-2005-3783 (The ptrace functionality (ptrace.c) in Linux kernel 2.6 before ...)
	{DSA-1018-1 DSA-1017-1}
	- linux-2.6 2.6.14-3 (medium)
CVE-2005-3782 (Mac OS X 10.4.3 up to 10.4.6, when loginwindow uses the &quot;Name and ...)
	NOT-FOR-US: Apple
CVE-2004-2606 (The Web interface in Linksys WRT54G 2.02.7 and BEFSR41 version 3, with ...)
	NOT-FOR-US: Linksys hardware
CVE-2004-2605 (aStats 1.6.5 allows local users to overwrite arbitrary files via a ...)
	- astats <removed> (bug #287604)
CVE-2004-2604 (Cross-site scripting (XSS) vulnerability in index.php in PHProxy ...)
	NOT-FOR-US: PHProxy
CVE-2004-2603 (Cross-site scripting (XSS) vulnerability in the Search module in ...)
	NOT-FOR-US: UberTec Help Center Live
CVE-2004-2602 (PHP remote file inclusion vulnerability in UberTec Help Center Live ...)
	NOT-FOR-US: UberTec Help Center Live
CVE-2004-2601 (PHP remote file inclusion vulnerability in UberTec Help Center Live ...)
	NOT-FOR-US: UberTec Help Center Live
CVE-2004-2600 (The firmware for Intelligent Platform Management Interface (IPMI) ...)
	NOT-FOR-US: Intel hardware
CVE-2004-2599 (Multiple buffer overflows in Quake II server before R1Q2, as used in ...)
	- quake2 <removed> (bug #280573; low)
	[sarge] - quake2 <no-dsa> (Documented to be insecure, contrib)
	NOTE: There is a big note in the quake2 package stating that it is not secure.
	NOTE: Otherwise severity would be high.
CVE-2004-2598 (Quake II server before R1Q2, as used in multiple products, allows ...)
	- quake2 <removed> (bug #280573; low)
	[sarge] - quake2 <no-dsa> (Documented to be insecure, contrib)
CVE-2004-2597 (Quake II server before R1Q2, as used in multiple products, allows ...)
	- quake2 <removed> (bug #280573; low)
	[sarge] - quake2 <no-dsa> (Documented to be insecure, contrib)
CVE-2004-2596 (Quake II server before R1Q2, as used in multiple products, allows ...)
	- quake2 <removed> (bug #280573; low)
	[sarge] - quake2 <no-dsa> (Documented to be insecure, contrib)
CVE-2004-2595 (Absolute path traversal vulnerability in Quake II server before R1Q2 ...)
	- quake2 <removed> (bug #280573; low)
	[sarge] - quake2 <no-dsa> (Documented to be insecure, contrib)
CVE-2004-2594 (Absolute path traversal vulnerability in Quake II server before R1Q2 ...)
	- quake2 <removed> (bug #280573; low)
	[sarge] - quake2 <no-dsa> (Documented to be insecure, contrib)
CVE-2004-2593 (Buffer overflow in command-packet processing of Quake II server before ...)
	- quake2 <removed> (bug #280573; low)
	[sarge] - quake2 <no-dsa> (Documented to be insecure, contrib)
CVE-2004-2592 (Quake II server before R1Q2, as used in multiple products, allows ...)
	- quake2 <removed> (bug #280573; low)
	[sarge] - quake2 <no-dsa> (Documented to be insecure, contrib)
CVE-2004-2591 (The data-overwrite capability of ButtUglySoftware CleanCache 2.19 does ...)
	NOT-FOR-US: ButtUglySoftware CleanCache
CVE-2004-2590 (Unspecified vulnerability in meindlSOFT Cute PHP Library (aka cphplib) ...)
	NOT-FOR-US: meindlSOFT Cute PHP Library
CVE-2004-2589 (Gaim before 0.82 allows remote servers to cause a denial of service ...)
	- gaim 0.82-1 (medium)
CVE-2004-2588 (Intentional information leak in phpinfo.php in XMB (aka extreme ...)
	NOT-FOR-US: XMB
CVE-2004-2587 (login.aspx in SmarterTools SmarterMail 1.6.1511 and 1.6.1529 allows ...)
	NOT-FOR-US: SmarterTools SmarterMail
CVE-2004-2586 (Directory traversal vulnerability in frmGetAttachment.aspx in ...)
	NOT-FOR-US: SmarterTools SmarterMail
CVE-2004-2585 (Cross-site scripting (XSS) vulnerability in frmCompose.aspx in ...)
	NOT-FOR-US: SmarterTools SmarterMail
CVE-2004-2584 (frmAddfolder.aspx in SmarterTools SmarterMail 1.6.1511 and 1.6.1529 ...)
	NOT-FOR-US: SmarterTools SmarterMail
CVE-2004-2583 (SMTP service in SmarterTools SmarterMail 1.6.1511 and 1.6.1529 allows ...)
	NOT-FOR-US: SmarterTools SmarterMail
CVE-2004-2582 (Novell iChain 2.3 includes the build number in the VIA line of the ...)
	NOT-FOR-US: iChain
CVE-2004-2581 (Novell iChain 2.3 allows attackers to cause a denial of service via a ...)
	NOT-FOR-US: iChain
CVE-2004-2580 (Cross-site scripting (XSS) vulnerability in Novell iChain 2.3 allows ...)
	NOT-FOR-US: iChain
CVE-2004-2579 (ACLCHECK module in Novell iChain 2.3 allows attackers to bypass access ...)
	NOT-FOR-US: iChain
CVE-2004-2578 (phpGroupWare before 0.9.16.002 transmits the (1) header admin and (2) ...)
	- phpgroupware 0.9.16.002-1
CVE-2004-2577 (The acl_check function in phpGroupWare 0.9.16RC2 always returns True, ...)
	- phpgroupware 0.9.14-0.RC3.1
CVE-2004-2576 (class.vfs_dav.inc.php in phpGroupWare 0.9.16.000 does not create ...)
	- phpgroupware 0.9.16.000.1.cvs.20040620-1
CVE-2004-2575 (phpGroupWare 0.9.14.005 and earlier allow remote attackers to obtain ...)
	- phpgroupware 0.9.14.007
CVE-2004-2574 (Cross-site scripting (XSS) vulnerability in index.php in phpGroupWare ...)
	- phpgroupware 0.9.14.007
CVE-2004-2573 (PHP remote file inclusion vulnerability in tables_update.inc.php in ...)
	- phpgroupware 0.9.14.007
CVE-2005-3848 (Memory leak in the icmp_push_reply function in Linux 2.6 before ...)
	{DSA-1018-1 DSA-1017-1}
	- linux-2.6 2.6.13-1
CVE-2005-3847 (The handle_stop_signal function in signal.c in Linux kernel 2.6.11 up ...)
	{DSA-1017-1}
	- linux-2.6 2.6.13-1
CVE-2005-3849 (Cross-site scripting (XSS) vulnerability in the Search module in ...)
	NOT-FOR-US: PmWiki
CVE-2003-XXXX [Insecure tempfile in x-face-el]
	- x-face-el 1.3.6.23-1
	NOTE: DSA-340
CVE-2005-3781 (Unspecified vulnerability in in.named in Solaris 9 allows attackers to ...)
	NOT-FOR-US: Solaris
CVE-2005-3780 (Multiple buffer overflows in IPUpdate 1.1 might allow attackers to ...)
	NOT-FOR-US: IPUpdate
CVE-2005-3779 (Unspecified vulnerability in xterm for HP-UX 11.00, 11.11, and 11.23 ...)
	NOT-FOR-US: HP-UX
CVE-2005-3778 (Unspecified vulnerability in MyBulletinBoard (MyBB) before 1.0 PR2 Rev ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2005-3777 (MyBulletinBoard (MyBB) 1.0 PR2 Rev 686 allows remote attackers to ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2005-3776 (Multiple cross-site scripting (XSS) vulnerabilities in MyBulletinBoard ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2005-3775 (PHP remote file inclusion vulnerability in pollvote.php in PollVote ...)
	NOT-FOR-US: PollVote
CVE-2005-3774 (Cisco PIX 6.3 and 7.0 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Cisco
CVE-2005-3773 (Unspecified vulnerability in Joomla! before 1.0.4 has unknown impact ...)
	NOT-FOR-US: Joomla
CVE-2005-3772 (Multiple SQL injection vulnerabilities in Joomla! before 1.0.4 allow ...)
	NOT-FOR-US: Joomla
CVE-2005-3771 (Multiple cross-site scripting (XSS) vulnerabilities in Joomla! before ...)
	NOT-FOR-US: Joomla
CVE-2005-3770 (Multiple cross-site scripting (XSS) vulnerabilities in PHP-Post (PHPp) ...)
	NOT-FOR-US: PHP-Post
CVE-2005-3769 (SQL injection vulnerability in files.php in PHP Download Manager 1.1.3 ...)
	NOT-FOR-US: PHP Download Manager
CVE-2005-3768 (Buffer overflow in the Internet Key Exchange version 1 (IKEv1) ...)
	NOT-FOR-US: Symantec appliances
CVE-2005-3767 (Exponent CMS 0.96.3 and later versions does not properly restrict the ...)
	NOT-FOR-US: Exponent CMS
CVE-2005-3766 (Exponent CMS 0.96.3 and later versions stores sensitive user pages ...)
	NOT-FOR-US: Exponent CMS
CVE-2005-3765 (Exponent CMS 0.96.3 and later versions performs a chmod on uploaded ...)
	NOT-FOR-US: Exponent CMS
CVE-2005-3764 (The image gallery (imagegallery) component in Exponent CMS 0.96.3 and ...)
	NOT-FOR-US: Exponent CMS
CVE-2005-3763 (Exponent CMS 0.96.3 and later versions includes the full installation ...)
	NOT-FOR-US: Exponent CMS
CVE-2005-3762 (SQL injection vulnerability in the navigation module ...)
	NOT-FOR-US: Exponent CMS
CVE-2005-3761 (Cross-site scripting (XSS) vulnerability in Exponent CMS 0.96.3 and ...)
	NOT-FOR-US: Exponent CMS
CVE-2005-3760 (Double free vulnerability in the BBOORB module in IBM WebSphere ...)
	NOT-FOR-US: WebSphere
CVE-2005-3758 (Cross-site scripting (XSS) vulnerability in Google Mini Search ...)
	NOT-FOR-US: Google search appliance
CVE-2005-3757 (The Saxon XSLT parser in Google Mini Search Appliance, and possibly ...)
	NOTE: XSLTs can call arbitrary java methods in libsaxon-java. This behaviour
	NOTE: is well documented and can be switched off. Let's hope that all users
	NOTE: of saxon are aware of this. A warning has been added to the readme.
	NOTE: Current rdependencies:
	- ooo2dbk <not-affected> (uses it's own xslt unless overridden by command line arg)
	TODO: check zope-zms (stef-guest: pinged maintainers)
CVE-2005-3756 (Google Mini Search Appliance, and possibly Google Search Appliance, ...)
	NOT-FOR-US: Google search appliance
CVE-2005-3755 (Directory traversal vulnerability in Google Mini Search Appliance, and ...)
	NOT-FOR-US: Google search appliance
CVE-2005-3754 (Cross-site scripting (XSS) vulnerability in Google Mini Search ...)
	NOT-FOR-US: Google search appliance
CVE-2005-3750 (Opera before 8.51 on Linux and Unix systems allows remote attackers to ...)
	NOT-FOR-US: Opera
CVE-2005-3749 (Unspecified &quot;absolute path vulnerabilities&quot; in the diagela command ...)
	NOT-FOR-US: AIX
CVE-2005-3748 (SQL injection vulnerability in the Search module in Tru-Zone Nuke ET ...)
	NOT-FOR-US: Tru-Zone Nuke ET
CVE-2005-3747 (Unspecified vulnerability in Jetty before 5.1.6 allows remote ...)
	- jetty 5.1.8-1 (bug #340582; medium)
CVE-2005-3746 (SQL injection vulnerability in thread.php in APBoard allows remote ...)
	NOT-FOR-US: APBoard
CVE-2005-3745 (Cross-site scripting (XSS) vulnerability in Apache Struts 1.2.7, and ...)
	- libstruts1.2-java 1.2.8-1 (bug #340583; medium)
	[sarge] - libstruts1.2-java <no-dsa> (Only in contrib, relies on proprietary Java)
CVE-2005-3744 (SQL injection vulnerability in index.php in phpComasy 0.7.5 and ...)
	NOT-FOR-US: phpComasy
CVE-2005-3743 (SQL injection vulnerability in results.php in SimplePoll allows remote ...)
	NOT-FOR-US: SimplePoll
CVE-2005-3742 (Cross-site scripting (XSS) vulnerability in popup.php in Advanced Poll ...)
	NOT-FOR-US: Advanced Poll
CVE-2005-3741 (Almond Classifieds does not properly verify the password, which allows ...)
	NOT-FOR-US: Almond Classifieds
CVE-2005-3740 (Multiple SQL injection vulnerabilities in PHP-Fusion 6.00.206 and ...)
	NOT-FOR-US: PHP-Fusion
CVE-2005-3739 (Unspecified vulnerability in subheader.php in PHP-Fusion 6.00.206 and ...)
	NOT-FOR-US: PHP-Fusion
CVE-2005-3738 (globals.php in Mambo Site Server 4.0.14 and earlier, when ...)
	NOT-FOR-US: Mambo
CVE-2005-3737 (Buffer overflow in the SVG importer (style.cpp) of inkscape 0.41 ...)
	{DSA-916-1 DTSA-24-1}
	- inkscape 0.43-1 (bug #330894; medium)
CVE-2005-3736 (Multiple cross-site scripting (XSS) vulnerabilities in e-Quick Cart ...)
	NOT-FOR-US: e-Quick Cart
CVE-2005-3735 (Multiple SQL injection vulnerabilities in e-Quick Cart allow remote ...)
	NOT-FOR-US: e-Quick Cart
CVE-2005-3734 (Cross-site scripting (XSS) vulnerability in the &quot;add content&quot; page in ...)
	NOT-FOR-US: phpMyFAQ
CVE-2005-3733 (The Internet Key Exchange version 1 (IKEv1) implementation in Juniper ...)
	NOT-FOR-US: Juniper products using IKE
CVE-2005-3732 (The Internet Key Exchange version 1 (IKEv1) implementation ...)
	{DSA-965-1}
	- ipsec-tools 1:0.6.3-1 (bug #340584; low)
CVE-2004-2572 (AMAX Magic Winmail Server 3.6 allows remote attackers to obtain ...)
	NOT-FOR-US: AMAX Magic Winmail
CVE-2004-2571 (Multiple buffer overflows in EnderUNIX isoqlog 2.1.1 allow remote ...)
	- isoqlog 2.2-0.1
CVE-2004-2570 (Opera before 7.54 allows remote attackers to modify properties and ...)
	NOT-FOR-US: Opera
CVE-2004-2568 (Multiple cross-site scripting (XSS) vulnerabilities in ReciPants 1.1.1 ...)
	NOT-FOR-US: ReciPants
CVE-2004-2567 (Multiple SQL injection vulnerabilities in ReciPants 1.1.1 allow remote ...)
	NOT-FOR-US: ReciPants
CVE-2004-2566 (Multiple cross-site scripting (XSS) vulnerabilities in LiveWorld ...)
	NOT-FOR-US: LiveWorld
CVE-2004-2565 (Multiple directory traversal vulnerabilities in Sambar Server 6.1 Beta ...)
	NOT-FOR-US: Sambar
CVE-2004-2564 (Multiple cross-site scripting (XSS) vulnerabilities in Sambar Server ...)
	NOT-FOR-US: Sambar
CVE-2004-2563 (Serena TeamTrack 6.1.1 allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: Serena TeamTrack
CVE-2004-2562 (SQL injection vulnerability in jobedit.asp in Leigh Business ...)
	NOT-FOR-US: Leigh Business Enterprises
CVE-2004-2561 (Multiple SQL injection vulnerabilities in Internet Software Sciences ...)
	NOT-FOR-US: ISS Web+Center
CVE-2004-2560 (DokuWiki before 2004-10-19, when used on a web server that permits ...)
	- dokuwiki <not-affected> (Fixed before upload into the archive)
CVE-2004-2559 (DokuWiki before 2004-10-19 allows remote attackers to access ...)
	- dokuwiki <not-affected> (Fixed before upload into the archive)
CVE-2003-1287 (Sambar Server before 6.0 beta 3 allows attackers with physical access ...)
	NOT-FOR-US: Sambar
CVE-2003-1286 (HTTP Proxy in Sambar Server before 6.0 beta 6, when security.ini lacks ...)
	NOT-FOR-US: Sambar
CVE-2003-1285 (Multiple cross-site scripting (XSS) vulnerabilities in Sambar Server ...)
	NOT-FOR-US: Sambar
CVE-2003-1284 (Sambar Server before 6.0 beta 6 allows remote attackers to obtain ...)
	NOT-FOR-US: Sambar
CVE-2005-3808 (Integer overflow in the invalidate_inode_pages2_range function in ...)
	- linux-2.6 2.6.14-4 (medium)
	[sarge] - kernel-source-2.4.27 <not-affected> (Vulnerable code not present)
	[sarge] - kernel-source-2.6.8 <not-affected> (Vulnerable code not present)
CVE-2005-3809 (The nfattr_to_tcp function in ip_conntrack_proto_tcp.c in ctnetlink in ...)
	- linux-2.6 2.6.14-4 (medium)
	[sarge] - kernel-source-2.4.27 <not-affected> (Vulnerable code not present)
	[sarge] - kernel-source-2.6.8 <not-affected> (Vulnerable code not present)
CVE-2005-3810 (ip_conntrack_proto_icmp.c in ctnetlink in Linux kernel 2.6.14 up to ...)
	- linux-2.6 2.6.14-4 (medium)
	[sarge] - kernel-source-2.4.27 <not-affected> (Vulnerable code not present)
	[sarge] - kernel-source-2.6.8 <not-affected> (Vulnerable code not present)
CVE-2005-3759 (Multiple cross-site scripting (XSS) vulnerabilities in Horde before ...)
	{DSA-909-1}
	- horde3 3.0.7-1 (bug #340323; medium)
CVE-2004-2569 (ipmenu 0.0.3 before Debian GNU/Linux ipmenu_0.0.3-5 allows local users ...)
	{DSA-907-1}
	- ipmenu 0.0.3-5
CVE-2005-3731 (Unspecified vulnerability in yaSSL before 1.0.6 has unknown impact and ...)
	NOT-FOR-US: yaSSL
CVE-2005-3730 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
	NOT-FOR-US: Revize CMS
CVE-2005-3729 (Idetix Software Systems Revize CMS allows remote attackers to obtain ...)
	NOT-FOR-US: Revize CMS
CVE-2005-3728 (Idetix Software Systems Revize CMS stores conf/revize.xml under the ...)
	NOT-FOR-US: Revize CMS
CVE-2005-3727 (SQL injection vulnerability in debug/query_results.jsp in Idetix ...)
	NOT-FOR-US: Revize CMS
CVE-2005-3726 (SQL injection vulnerability in Interspire ArticleLive NX 0.3 allows ...)
	NOT-FOR-US: ArticleLive NX
CVE-2005-3725 (Zyxel P2000W Version 1 VOIP WIFI Phone Wj.00.10 uses hardcoded IP ...)
	NOT-FOR-US: Zyxel WIFI Phone
CVE-2005-3724 (Zyxel P2000W Version 1 VOIP WIFI Phone Wj.00.10 allows remote ...)
	NOT-FOR-US: Zyxel WIFI Phone
CVE-2005-3723 (Hitachi IP5000 VOIP WIFI Phone 1.5.6 does not allow the user to ...)
	NOT-FOR-US: Hitachi WIFI Phone
CVE-2005-3722 (The SNMP v1/v2c daemon in Hitachi IP5000 VOIP WIFI Phone 1.5.6 allows ...)
	NOT-FOR-US: Hitachi WIFI Phone
CVE-2005-3721 (The default configuration of the HTTP server in Hitachi IP5000 VOIP ...)
	NOT-FOR-US: Hitachi WIFI Phone
CVE-2005-3720 (The default index page in the HTTP server in Hitachi IP5000 VOIP WIFI ...)
	NOT-FOR-US: Hitachi WIFI Phone
CVE-2005-3719 (Hitachi IP5000 VOIP WIFI Phone 1.5.6 has a hard-coded administrator ...)
	NOT-FOR-US: Hitachi WIFI Phone
CVE-2005-3718 (UTStarcom F1000 VOIP WIFI Phone s2.0 running VxWorks 5.5.1 with kernel ...)
	NOT-FOR-US: UTStarcom WIFI Phone
CVE-2005-3717 (The telnet daemon in UTStarcom F1000 VOIP WIFI Phone s2.0 running ...)
	NOT-FOR-US: UTStarcom WIFI Phone
CVE-2005-3716 (The SNMP daemon in UTStarcom F1000 VOIP WIFI Phone s2.0 running ...)
	NOT-FOR-US: UTStarcom WIFI Phone
CVE-2005-3715 (Senao SI-680H Wireless VoIP Phone Firmware 0.03.0839 leaves the ...)
	NOT-FOR-US: Senao Wireless VoIP Phone
CVE-2005-3699 (Opera Web Browser 8.50 and 8.0 through 8.0.2 allows remote attackers ...)
	NOT-FOR-US: Opera
CVE-2005-3698 (PHP Easy Download allows remote attackers to bypass authentication via ...)
	NOT-FOR-US: PHP Easy Download
CVE-2005-3697 (Unspecified vulnerability in the administration interface in Uresk ...)
	NOT-FOR-US: Uresk Links Lite
CVE-2005-3696 (SQL injection vulnerability in Arki-DB 1.0 and 2.0 allows remote ...)
	NOT-FOR-US: Arki-DB
CVE-2005-3695 (Cross-site scripting (XSS) vulnerability in admin/config/confMgr.php ...)
	NOT-FOR-US: LiteSpeed Webserver
CVE-2005-3694 (centericq 4.20.0-r3 with &quot;Enable peer-to-peer communications&quot; set ...)
	{DSA-912-1}
	- centericq 4.21.0-4 (bug #334089; low)
CVE-2005-3693 (The AxWebRemoveCtrl ActiveX control for uninstalling the SunnComm ...)
	NOT-FOR-US: SunnComm MediaMax DRM
CVE-2005-3692 (Cross-site scripting (XSS) vulnerability in AMAX Magic Winmail Server ...)
	NOT-FOR-US: AMAX Magic Winmail Server
CVE-2005-3691 (Directory traversal vulnerability in the IMAP service (meimaps.exe) of ...)
	NOT-FOR-US: MailEnable Professional
CVE-2005-3690 (Stack-based buffer overflow in the IMAP service (meimaps.exe) of ...)
	NOT-FOR-US: MailEnable Professional
CVE-2005-3689 (post.php in XMB 1.9.2 allows remote attackers to obtain the ...)
	NOT-FOR-US: XMB
CVE-2005-3688 (Cross-site scripting (XSS) vulnerability in members.php in XMB 1.9.3 ...)
	NOT-FOR-US: XMB
CVE-2005-3687 (cancel_account.php in WHM AutoPilot 2.5.30 and earlier allows remote ...)
	NOT-FOR-US: WHM AutoPilot
CVE-2005-3686 (SQL injection vulnerability in search.inc.php in Unclassified ...)
	NOT-FOR-US: Unclassified Newsboard
CVE-2005-3685 (Cross-site scripting (XSS) vulnerability in shopadmin.asp in VP-ASP ...)
	NOT-FOR-US: VP-ASP Shopping Cart
CVE-2005-3684 (Multiple buffer overflows in freeFTPd 1.0.8, without logging enabled, ...)
	NOT-FOR-US: freeFTPd
CVE-2005-3683 (Stack-based buffer overflow in freeFTPd before 1.0.9 with Logging ...)
	NOT-FOR-US: freeFTPd
CVE-2005-3682 (Multiple SQL injection vulnerabilities in Wizz Forum 1.20 allow remote ...)
	NOT-FOR-US: Wizz Forum
CVE-2005-3681 (SQL injection vulnerability in viewcat.php in XOOPS WF-Downloads ...)
	NOT-FOR-US: Xoops
CVE-2005-3680 (Directory traversal vulnerability in editor_registry.php in XOOPS ...)
	NOT-FOR-US: Xoops
CVE-2005-3679 (SQL injection vulnerability in admin/index.php in ActiveCampaign ...)
	NOT-FOR-US: ActiveCampaign 1-2-All Broadcast Email
CVE-2005-3678 (Google Talk before 1.0.0.76, with email notification enabled, allows ...)
	NOT-FOR-US: Google Talk
CVE-2005-3677 (Buffer overflow in RealNetworks RealPlayer 10 and 10.5 allows remote ...)
	- helix-player <not-affected>
CVE-2005-3676 (SQL injection vulnerability in download.php in PhpWebThings 1.4.4 ...)
	NOT-FOR-US: PhpWebThings
CVE-2005-3675 (The Transmission Control Protocol (TCP) allows remote attackers to ...)
	NOTE: Generic protocol weakness, likely hard to fix at the kernel
	NOTE: level without performance impact.
CVE-2005-3674 (The Internet Key Exchange version 1 (IKEv1) implementation in the ...)
	NOT-FOR-US: libike from Solaris
CVE-2005-3673 (The Internet Key Exchange version 1 (IKEv1) implementation in Check ...)
	NOT-FOR-US: Check Point's IKE implementation
CVE-2005-3672 (The Internet Key Exchange version 1 (IKEv1) implementation in ...)
	NOT-FOR-US: StoneGate's IKE implementation
CVE-2005-3671 (The Internet Key Exchange version 1 (IKEv1) implementation in Openswan ...)
	- openswan 1:2.4.4-1 (bug #339082; low)
	[sarge] - openswan <no-dsa> (Only exploitable in inherently insecure mode of operation)
	NOTE: Initial 2.4.3 didn't fix all the issues from the NISCC report
CVE-2005-3670 (Multiple unspecified vulnerabilities in the Internet Key Exchange ...)
	NOT-FOR-US: HP-UX's IKE implementation
CVE-2005-3669 (Multiple unspecified vulnerabilities in the Internet Key Exchange ...)
	NOT-FOR-US: Cisco
CVE-2005-3668 (Multiple buffer overflows in multiple unspecified implementations of ...)
	NOT-FOR-US: Just a "meta CVE" for all the IKE issues, will possibly be rejected
CVE-2005-3667 (Multiple unspecified vulnerabilities in multiple unspecified ...)
	NOT-FOR-US: Just a "meta CVE" for all the IKE issues, will possibly be rejected
CVE-2005-3666 (Multiple unspecified format string vulnerabilities in multiple ...)
	NOT-FOR-US: Just a "meta CVE" for all the IKE issues, will possibly be rejected
CVE-2005-3665 (Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin ...)
	{DSA-1207-1}
	- phpmyadmin 4:2.6.4-pl4-2 (bug #340438; medium)
CVE-2004-2558 (Unspecified vulnerability in IBM Tivoli SecureWay Policy Director 3.8, ...)
	NOT-FOR-US: Tivoli
CVE-2004-2557 (NetGear WG602 (aka WG602v1) Wireless Access Point 1.7.14 has a ...)
	NOT-FOR-US: Netgear hardware
CVE-2004-2556 (NetGear WG602 (aka WG602v1) Wireless Access Point firmware 1.04.0 and ...)
	NOT-FOR-US: Netgear hardware
CVE-2004-2555 (Riverdeep FoolProof Security 3.9.x on Windows 98 and Windows ME uses ...)
	NOT-FOR-US: FoolProof Security
CVE-2004-2554 (Novell Client Firewall (NCF) 2.0, as based on the Agnitum Outpost ...)
	NOT-FOR-US: Novell Client Firewall
CVE-2004-2553 (The Ignition Project ignitionServer 0.1.2 through 0.1.2-R2 allows ...)
	NOT-FOR-US: ignitionServer
CVE-2004-2552 (Buffer overflow in XBoard 4.2.7 and earlier might allow local users to ...)
	- xboard 4.2.7-3 (bug #343560; unimportant)
CVE-2004-2551 (Multiple SQL injection vulnerabilities in Layton HelpBox 3.0.1 allow ...)
	NOT-FOR-US: Layton HelpBox
CVE-2004-2550 (Multiple cross-site scripting (XSS) vulnerabilities in unspecified ...)
	NOT-FOR-US: SandSurfer
CVE-2004-2549 (Nortel Wireless LAN (WLAN) Access Point (AP) 2220, 2221, and 2225 ...)
	NOT-FOR-US: Nortel hardware
CVE-2004-2548 (Multiple cross-site scripting (XSS) vulnerabilities in NetWin (1) ...)
	NOT-FOR-US: SurgeMail
CVE-2004-2547 (NetWin (1) SurgeMail before 2.0c and (2) WebMail allow remote ...)
	NOT-FOR-US: SurgeMail
CVE-2004-2546 (Multiple memory leaks in Samba before 3.0.6 allow attackers to cause a ...)
	- samba 3.0.6-1
CVE-2004-2545 (Secure Computing Corporation Sidewinder G2 6.1.0.01 allows remote ...)
	NOT-FOR-US: Sidewinder G2
CVE-2004-2544 (Admin Console in Secure Computing Corporation Sidewinder G2 6.1.0.01 ...)
	NOT-FOR-US: Sidewinder G2
CVE-2004-2543 (Secure Computing Corporation Sidewinder G2 6.1.0.01 might allow remote ...)
	NOT-FOR-US: Sidewinder G2
CVE-2004-2542 (Multiple SQL injection vulnerabilities in Dynix (formerly known as ...)
	NOT-FOR-US: Dynix WebPac
CVE-2004-2541 (Buffer overflow in Cscope 15.5, and possibly multiple overflows, ...)
	{DSA-1064-1}
	- cscope 15.5+cvs20050816-1.1 (bug #340177; medium)
	NOTE: Sarge and Woody are affected
CVE-2005-XXXX [unsafe file permissions in vpnc]
	- vpnc 0.3.3+SVN20051028-3 (bug #340105; unimportant)
	NOTE: Only an example file
CVE-2006-0017
	RESERVED
CVE-2006-0016
	RESERVED
CVE-2006-0015 (Cross-site scripting (XSS) vulnerability in ...)
	NOT-FOR-US: Microsoft
CVE-2006-0014 (Buffer overflow in Microsoft Outlook Express 5.5 and 6 allows remote ...)
	NOT-FOR-US: Microsoft
CVE-2006-0013 (Buffer overflow in the Web Client service (WebClnt.dll) for Microsoft ...)
	NOT-FOR-US: Microsoft
CVE-2006-0012 (Unspecified vulnerability in Windows Explorer in Microsoft Windows ...)
	NOT-FOR-US: Microsoft
CVE-2006-0011
	RESERVED
CVE-2006-0010 (Heap-based buffer overflow in T2EMBED.DLL in Microsoft Windows 2000 ...)
	NOT-FOR-US: Microsoft
CVE-2006-0009 (Buffer overflow in Microsoft Office 2000 SP3, XP SP3, and other ...)
	NOT-FOR-US: Microsoft
CVE-2006-0008 (The ShellAbout API call in Korean Input Method Editor (IME) in Korean ...)
	NOT-FOR-US: Microsoft
CVE-2006-0007 (Buffer overflow in GIFIMP32.FLT, as used in Microsoft Office 2003 SP1 ...)
	NOT-FOR-US: Microsoft
CVE-2006-0006 (Heap-based buffer overflow in the bitmap processing routine in ...)
	NOT-FOR-US: Microsoft
CVE-2006-0005 (Buffer overflow in the plug-in for Microsoft Windows Media Player ...)
	NOT-FOR-US: Microsoft
CVE-2006-0004 (Microsoft PowerPoint 2000 in Office 2000 SP3 has an interaction with ...)
	NOT-FOR-US: Microsoft
CVE-2006-0003 (Unspecified vulnerability in the RDS.Dataspace ActiveX control, which ...)
	NOT-FOR-US: RDS.Dataspace
CVE-2006-0002 (Unspecified vulnerability in Microsoft Outlook 2000 through 2003, ...)
	NOT-FOR-US: Microsoft
CVE-2006-0001 (Stack-based buffer overflow in Microsoft Publisher 2000 through 2003 ...)
	NOT-FOR-US: Microsoft
CVE-2005-3714 (The network interface for Apple AirPort Express 6.x before Firmware ...)
	NOT-FOR-US: Apple AirPort
CVE-2005-3713 (Heap-based buffer overflow in Apple Quicktime before 7.0.4 allows ...)
	NOT-FOR-US: Apple Quicktime
CVE-2005-3712 (Heap-based buffer overflow in rsync in Mac OS X 10.4 through 10.4.5 ...)
	NOT-FOR-US: Apple
CVE-2005-3711 (Integer overflow in Apple Quicktime before 7.0.4 allows remote ...)
	NOT-FOR-US: Apple Quicktime
CVE-2005-3710 (Integer overflow in Apple Quicktime before 7.0.4 allows remote ...)
	NOT-FOR-US: Apple Quicktime
CVE-2005-3709 (Integer underflow in Apple Quicktime before 7.0.4 allows remote ...)
	NOT-FOR-US: Apple Quicktime
CVE-2005-3708 (Integer overflow in Apple Quicktime before 7.0.4 allows remote ...)
	NOT-FOR-US: Apple Quicktime
CVE-2005-3707 (Buffer overflow in Apple Quicktime before 7.0.4 allows remote ...)
	NOT-FOR-US: Apple Quicktime
CVE-2005-3706 (Heap-based buffer overflow in LibSystem in Mac OS X 10.4 through ...)
	NOT-FOR-US: Mac OS X
CVE-2005-3705 (Heap-based buffer overflow in WebKit in Mac OS X and OS X Server ...)
	NOT-FOR-US: Mac OS X
CVE-2005-3704 (System log server in Mac OS X and OS X Server 10.4 through 10.4.3 ...)
	NOT-FOR-US: Mac OS X
CVE-2005-3703
	REJECTED
CVE-2005-3702 (Safari in Mac OS X and OS X Server 10.3.9 and 10.4.3 allows remote ...)
	NOT-FOR-US: Safari
CVE-2005-3701 (Unspecified vulnerability in passwordserver in Mac OS X Server 10.3.9 ...)
	NOT-FOR-US: Mac OS X
CVE-2005-3700 (Unknown vulnerability in iodbcadmintool in the ODBC Administrator ...)
	NOT-FOR-US: Mac OS X
CVE-2005-3664 (Heap-based buffer overflow in Kaspersky Anti-Virus Engine, as used in ...)
	NOT-FOR-US: Kaspersky AV
CVE-2005-3663 (Unquoted Windows search path vulnerability in Kaspersky Anti-Virus 5.0 ...)
	NOT-FOR-US: Kaspersky AV
CVE-2005-3662 (Off-by-one buffer overflow in pnmtopng before 2.39, when using the ...)
	{DSA-904-1}
	- netpbm-free 2:10.0-10.1 (medium; bug #351639)
CVE-2005-3661 (Dell TrueMobile 2300 Wireless Broadband Router running firmware ...)
	NOT-FOR-US: Dell hardware issue
CVE-2005-3660 (Linux kernel 2.4 and 2.6 allows attackers to cause a denial of service ...)
	- linux-2.6 <unfixed> (unimportant)
	NOTE: Design limitation, for rare corner cases, where this poses a problem advanced
	NOTE: resource management systems can be deployed
CVE-2005-3659 (nsrd.exe in EMC Legato NetWorker 7.1.x before 7.1.4 and 7.2.x before ...)
	NOT-FOR-US: EMC Legato NetWorker
CVE-2005-3658 (Multiple heap-based buffer overflows in EMC Legato NetWorker 7.1.x ...)
	NOT-FOR-US: EMC Legato NetWorker
CVE-2005-3657 (The ActiveX control in MCINSCTL.DLL for McAfee VirusScan Security ...)
	NOT-FOR-US: McAfee
CVE-2005-3656 (Multiple format string vulnerabilities in logging functions in ...)
	{DSA-935-1}
	[sarge] - libapache2-mod-auth-pgsql 2.0.2b1-5sarge0
	- libapache2-mod-auth-pgsql 2.0.2b1-7
	- libapache-mod-auth-pgsql <not-affected> (Does not contain the vulnerable ap_log_rerror() function)
CVE-2005-3655 (Heap-based buffer overflow in Novell Open Enterprise Server Remote ...)
	NOT-FOR-US: Novell Open Enterprise Server
CVE-2005-3654 (Blue Coat Systems Inc. WinProxy before 6.1a allows remote attackers to ...)
	NOT-FOR-US: Blue Coat WinProxy
CVE-2005-3653 (Heap-based buffer overflow in the iGateway service for various ...)
	NOT-FOR-US: IGateway
CVE-2005-3652 (Heap-based buffer overflow in Citrix Program Neighborhood client 9.0 ...)
	NOT-FOR-US: Citrix
CVE-2005-3651 (Stack-based buffer overflow in the dissect_ospf_v3_address_prefix ...)
	{DSA-920-1}
	- ethereal 0.10.13-1.1 (bug #342911; medium)
CVE-2005-3650 (The CodeSupport.ocx ActiveX control, as used by Sony to uninstall the ...)
	NOT-FOR-US: Sony Root Kit Uninstaller
CVE-2005-3649 (jumpto.php in Moodle 1.5.2 allows remote attackers to redirect users ...)
	NOTE: only exploitable in certian configurations (non-default)
	NOTE: warning added..
	- moodle 1.5.3+20060108-1 (bug #338592; low)
	[sarge] - moodle <not-affected> (Isn't explotable in sarge)
CVE-2005-3648 (Multiple SQL injection vulnerabilities in the get_record function in ...)
	- moodle 1.5.3+20060108-1 (bug #338592; low)
	[sarge] - moodle <no-dsa> (Only exploitable in strange PHP setups)
CVE-2005-3647 (Folder Guard allows local users to bypass protections by running from ...)
	NOT-FOR-US: Folder Guard
CVE-2005-3646 (Multiple SQL injection vulnerabilities in lib-sessions.inc.php in ...)
	NOT-FOR-US: phpAdsNews
CVE-2005-3645 (phpAdsNew and phpPgAds 2.0.6 and possibly earlier versions allows ...)
	NOT-FOR-US: phpAdsNews
CVE-2005-3644 (PNP_GetDeviceList (upnp_getdevicelist) in UPnP for Microsoft Windows ...)
	NOT-FOR-US: Windows
CVE-2005-3643 (IBM DB2 Database server running on Windows XP with Simple File Sharing ...)
	NOT-FOR-US: DB2
CVE-2005-3642 (IBM Informix Dynamic Database server running on Windows XP with Simple ...)
	NOT-FOR-US: Informix
CVE-2005-3641 (Oracle Databases running on Windows XP with Simple File Sharing ...)
	NOT-FOR-US: Oracle
CVE-2005-3640 (Multiple buffer overflows in the IMAP Groupware Mail server of ...)
	NOT-FOR-US: FTGate
CVE-2005-3639 (PHP file inclusion vulnerability in the osTicket module in Help Center ...)
	NOT-FOR-US: Help Center Live
CVE-2005-3638 (Cross-site scripting (XSS) vulnerabilities in Ekinboard 1.0.3 allow ...)
	NOT-FOR-US: Ekinboard
CVE-2005-3637
	REJECTED
CVE-2005-3636 (Cross-site scripting (XSS) vulnerability in SAP Web Application Server ...)
	NOT-FOR-US: SAP Web Application Server
CVE-2005-3635 (Multiple cross-site scripting (XSS) vulnerabilities in SAP Web ...)
	NOT-FOR-US: SAP Web Application Server
CVE-2005-3634 (frameset.htm in the BSP runtime in SAP Web Application Server (WAS) ...)
	NOT-FOR-US: SAP Web Application Server
CVE-2005-3633 (HTTP response splitting vulnerability in frameset.htm in SAP Web ...)
	NOT-FOR-US: SAP Web Application Server
CVE-2005-3632 (Multiple buffer overflows in pnmtopng in netpbm 10.0 and earlier allow ...)
	{DSA-904-1}
	- netpbm-free 2:10.0-10.1 (medium; bug #351639)
CVE-2005-3631 (udev does not properly set permissions on certain files in /dev/input, ...)
	- udev <not-affected> (Red Hat specific)
CVE-2005-3630 (Fedora Directory Server before 10 allows remote attackers to obtain ...)
	NOT-FOR-US: Fedora Directory Server
CVE-2005-3629 (initscripts in Red Hat Enterprise Linux 4 does not properly handle ...)
	NOTE: current sudo cleans the environment, so we are not affected
	- sysvconfig <not-affected> (sudo cleans env anyway)
CVE-2005-3628 (Buffer overflow in the JBIG2Bitmap::JBIG2Bitmap function in ...)
	{DSA-962-1 DSA-961-1 DSA-950-1 DSA-940-1 DSA-938-1 DSA-937-1 DSA-936-1 DSA-932-1 DSA-931-1 DTSA-28-1}
	- kdegraphics 4:3.5.0-3
	- gpdf 2.10.0-2 (bug #342286)
	- xpdf 3.01-4
	- koffice 1:1.4.2-6 (bug #342294)
	- libextractor 0.5.9-1
	- pdfkit.framework 0.8-4
	- pdftohtml 0.36-12
	- cupsys 1.1.22-7
	- cups 1.1.22-7
	NOTE: cupsys switched to an external PDF implementation in 1.1.22-7.
	- tetex-bin 3.0-12
	NOTE: tetex-bin switched to poppler in 3.0-12.
CVE-2005-3627 (Stream.cc in Xpdf, as used in products such as gpdf, kpdf, pdftohtml, ...)
	{DSA-962-1 DSA-961-1 DSA-950-1 DSA-940-1 DSA-938-1 DSA-937-1 DSA-936-1 DSA-932-1 DSA-931-1 DTSA-28-1}
	- poppler 0.4.4-1 (bug #346076)
	- kdegraphics 4:3.5.0-3
	- gpdf 2.10.0-2 (bug #342286)
	- xpdf 3.01-4
	- koffice 1:1.4.2-6 (bug #342294)
	- libextractor 0.5.9-1
	- pdfkit.framework 0.8-4
	- pdftohtml 0.36-12
	- cupsys 1.1.22-7
	- cups 1.1.22-7
	NOTE: cupsys switched to an external PDF implementation in 1.1.22-7.
	- tetex-bin 3.0-12
	NOTE: tetex-bin switched to poppler in 3.0-12.
CVE-2005-3626 (Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, ...)
	{DSA-962-1 DSA-961-1 DSA-950-1 DSA-940-1 DSA-938-1 DSA-937-1 DSA-936-1 DSA-932-1 DSA-931-1 DTSA-28-1}
	- poppler 0.4.3-2
	- kdegraphics 4:3.5.0-3
	- xpdf 3.01-4
	- gpdf 2.10.0-2 (bug #342286)
	- koffice 1:1.4.2-6 (bug #342294)
	- libextractor 0.5.9-1
	- pdfkit.framework 0.8-4
	- pdftohtml 0.36-12
	- cupsys 1.1.22-7
	- cups 1.1.22-7
	NOTE: cupsys switched to an external PDF implementation in 1.1.22-7.
	- tetex-bin 3.0-12
	NOTE: tetex-bin switched to poppler in 3.0-12.
CVE-2005-3625 (Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, ...)
	{DSA-962-1 DSA-961-1 DSA-950-1 DSA-940-1 DSA-938-1 DSA-937-1 DSA-936-1 DSA-932-1 DSA-931-1 DTSA-28-1}
	- poppler 0.4.4-1 (bug #346076)
	- tetex-bin 3.0-12
	- kdegraphics 4:3.5.0-3
	- xpdf 3.01-4
	- gpdf 2.10.0-2 (bug #342286)
	- koffice 1:1.4.2-6 (bug #342294)
	- libextractor 0.5.9-1
	- pdfkit.framework 0.8-4
	- pdftohtml 0.36-12
	- cups 1.1.22-7
	- cupsys 1.1.22-7
	NOTE: cupsys switched to an external PDF implementation in 1.1.22-7.
	NOTE: tetex-bin switched to poppler in 3.0-12.
CVE-2005-3624 (The CCITTFaxStream::CCITTFaxStream function in Stream.cc for xpdf, ...)
	{DSA-962-1 DSA-961-1 DSA-950-1 DSA-940-1 DSA-938-1 DSA-937-1 DSA-936-1 DSA-932-1 DSA-931-1 DTSA-28-1}
	- poppler 0.4.4-1 (bug #346076)
	- tetex-bin 3.0-12
	- gpdf 2.10.0-2 (bug #342286)
	- kdegraphics 4:3.5.0-3
	- xpdf 3.01-4
	- koffice 1:1.4.2-6 (bug #342294)
	- libextractor 0.5.9-1
	- pdfkit.framework 0.8-4
	- pdftohtml 0.36-12
	- cups 1.1.22-7
	- cupsys 1.1.22-7
	NOTE: cupsys switched to an external PDF implementation in 1.1.22-7.
	NOTE: tetex-bin switched to poppler in 3.0-12.
CVE-2005-3623 (nfs2acl.c in the Linux kernel 2.6.14.4 does not check for MAY_SATTR ...)
	[sarge] - kernel-source-2.6.8 <not-affected> (Does not contain NFS ACLs)
	- linux-2.6 2.6.14-7
CVE-2005-3622 (phpMyAdmin 2.7.0-beta1 and earlier allows remote attackers to obtain ...)
	- phpmyadmin <unfixed> (unimportant)
CVE-2005-3620 (The management interface for VMware ESX Server 2.0.x before 2.0.2 ...)
	NOT-FOR-US: VMware ESX
CVE-2005-3619 (Cross-site scripting (XSS) vulnerability in the management interface ...)
	NOT-FOR-US: VMware ESX
CVE-2005-3618 (Cross-site request forgery (CSRF) vulnerability in the management ...)
	NOT-FOR-US: VMWare ESX
CVE-2005-3617
	RESERVED
CVE-2005-3616
	RESERVED
CVE-2005-3615
	RESERVED
CVE-2005-3614
	RESERVED
CVE-2005-3613
	RESERVED
CVE-2005-3612
	RESERVED
CVE-2005-3611
	RESERVED
CVE-2005-3610
	RESERVED
CVE-2005-3609
	RESERVED
CVE-2005-3608
	RESERVED
CVE-2005-3607
	RESERVED
CVE-2005-3606
	RESERVED
CVE-2005-3605
	RESERVED
CVE-2005-3604
	RESERVED
CVE-2005-3603
	RESERVED
CVE-2005-3602
	RESERVED
CVE-2005-3601
	RESERVED
CVE-2005-3600
	RESERVED
CVE-2005-3599
	RESERVED
CVE-2005-3598
	RESERVED
CVE-2005-3597
	REJECTED
CVE-2005-3596 (SQL injection vulnerability in ASPKnowledgebase allows remote ...)
	NOT-FOR-US: ASPKnowledgebase
CVE-2005-3595 (By default Microsoft Windows XP Home Edition installs with a blank ...)
	NOT-FOR-US: Windows XP
CVE-2005-3594 (game_score.php in e107 allows remote attackers to insert high scores ...)
	NOT-FOR-US: e107
CVE-2005-3592 (index.php CuteNews 1.4.0 and earlier allows remote attackers to obtain ...)
	NOT-FOR-US: CuteNews
CVE-2005-3591 (Macromedia Flash plugin (1) Flash.ocx 7.0.19.0 (Windows) and earlier ...)
	- flashplugin-nonfree 7.0.61-1 (bug #339290; high)
	[sarge] - flashplugin-nonfree <no-dsa> (Only affects proprietary Flash plugin)
CVE-2005-3589 (Buffer overflow in FileZilla Server Terminal 0.9.4d may allow remote ...)
	NOT-FOR-US: FileZilla
CVE-2005-3588 (SQL injection vulnerability in admin.php in Advanced Guestbook 2.2 ...)
	NOT-FOR-US: Advanced Guestbook
CVE-2005-3587 (Improper boundary checks in petite.c in Clam AntiVirus (ClamAV) before ...)
	{DSA-947-1}
	- clamav 0.87.1-1 (medium)
	NOTE: sarge is affected (not in oldstable)
CVE-2005-3586 (content.php in Mambo 4.5.2 through 4.5.2.3 allows remote attackers to ...)
	NOT-FOR-US: Mambo
CVE-2005-3585 (SQL injection vulnerability in forum.php in PhpWebThings 1.4.4 allows ...)
	NOT-FOR-US: PhpWebThings
CVE-2005-3584 (Cross-site scripting (XSS) vulnerability in forum.php in PhpWebThings ...)
	NOT-FOR-US: PhpWebThings
CVE-2005-3583 ((1) Java Runtime Environment (JRE) and (2) Software Development Kit ...)
	NOT-FOR-US: Sun Java
CVE-2005-3582 (ImageMagick before 6.2.4.2-r1 allows local users in the portage group ...)
	- imagemagick <not-affected> (Gentoo-specific packaging flaw)
CVE-2005-3581 (GDAL before 1.3.0-r1 allows local users in the portage group to ...)
	- gdal <not-affected> (Gentoo-specific packaging flaw)
CVE-2005-3580 (QDBM before 1.8.33-r2 allows local users in the portage group to ...)
	- qdbm <not-affected> (Gentoo-specific packaging flaw)
CVE-2005-3579 (ts.exe (aka ts.cgi) in Walla TeleSite 3.0 and earlier allows remote ...)
	NOT-FOR-US: Walla TeleSite
CVE-2005-3578 (SQL injection vulnerability in ts.exe (aka ts.cgi) in Walla TeleSite ...)
	NOT-FOR-US: Walla TeleSite
CVE-2005-3577 (Cross-site scripting vulnerability (XSS) in ts.exe (aka ts.cgi) in ...)
	NOT-FOR-US: Walla TeleSite
CVE-2005-3576 (ts.exe in Walla TeleSite 3.0 and earlier allows remote attackers to ...)
	NOT-FOR-US: Walla TeleSite
CVE-2005-3575 (SQL injection vulnerability in show.php in Cyphor 0.19 and earlier ...)
	NOT-FOR-US: Cyphor
CVE-2005-3574 (PHP file inclusion vulnerability in index.php of iCMS allows remote ...)
	NOT-FOR-US: iCMS
CVE-2005-3573 (Scrubber.py in Mailman 2.1.5-8 does not properly handle UTF8 character ...)
	{DSA-955-1}
	- mailman 2.1.5-10 (bug #327732; bug #339095; medium)
CVE-2005-3572 (SQL injection vulnerability in index.php in Peel 2.6 through 2.7 ...)
	NOT-FOR-US: Peel
CVE-2005-3571 (PHP file inclusion vulnerability in protection.php in CodeGrrl (a) ...)
	NOT-FOR-US: protection.php from several crappy web apps not in Debian
CVE-2005-3570 (Unspecified cross-site scripting (XSS) vulnerability in Horde before ...)
	{DSA-914-1}
	- horde2 2.2.9-1 (bug #338983; unknown)
CVE-2005-3569 (INSO service in IBM DB2 Content Manager before 8.2 Fix Pack 10 on AIX ...)
	NOT-FOR-US: DB2
CVE-2005-3568 (db2fmp process in IBM DB2 Content Manager before 8.2 Fix Pack 10 ...)
	NOT-FOR-US: DB2
CVE-2005-3567 (slapd daemon in IBM Tivoli Directory Server (ITDS) 5.2.0 and 6.0.0 ...)
	NOT-FOR-US: Tivoli
CVE-2005-3566 (Buffer overflow in various ha commands of VERITAS Cluster Server for ...)
	NOT-FOR-US: VERITAS Cluster Server
CVE-2005-3565 (Unknown vulnerability in remshd daemon in HP-UX B.11.00, B.11.11, and ...)
	NOT-FOR-US: HP-UX
CVE-2005-3564 (envd daemon in HP-UX B.11.00 through B.11.11 allows local users to ...)
	NOT-FOR-US: HP-UX
CVE-2005-3563
	REJECTED
CVE-2005-3562
	REJECTED
CVE-2005-3561
	REJECTED
	NOT-FOR-US: ATutor
CVE-2005-3560 (Zone Labs (1) ZoneAlarm Pro 6.0, (2) ZoneAlarm Internet Security Suite ...)
	NOT-FOR-US: Zone Labs
CVE-2005-3559 (Directory traversal vulnerability in vmail.cgi in Asterisk 1.0.9 ...)
	{DSA-1048-1}
	- asterisk 1:1.2.7.1.dfsg-2 (bug #338116; medium)
CVE-2005-3558 (PHP file inclusion vulnerability in index.php in OSTE 1.0 allows ...)
	NOT-FOR-US: OSTE
CVE-2005-3557 (Directory traversal vulnerability in admin/defaults.php in PHPlist ...)
	NOT-FOR-US: PHPList
CVE-2005-3556 (Multiple cross-site scripting (XSS) vulnerabilities in PHPlist 2.10.1 ...)
	NOT-FOR-US: PHPList
CVE-2005-3555 (Multiple SQL injection vulnerabilities in PHPlist 2.10.1 and earlier ...)
	NOT-FOR-US: PHPList
CVE-2005-3554 (Multiple eval injection vulnerabilities in the help function in PHPKIT ...)
	NOT-FOR-US: PHPKIT
CVE-2005-3553 (Multiple SQL injection vulnerabilities in include.php in PHPKIT 1.6.1 ...)
	NOT-FOR-US: PHPKIT
CVE-2005-3552 (Multiple cross-site scripting (XSS) vulnerabilities in PHPKIT 1.6.1 R2 ...)
	NOT-FOR-US: PHPKIT
CVE-2005-3551 (toendaCMS before 0.6.2 stores user account and session data in the web ...)
	NOT-FOR-US: toendaCMS
CVE-2005-3550 (Directory traversal vulnerability in admin.php in toendaCMS before ...)
	NOT-FOR-US: toendaCMS
CVE-2005-3549 (Direct code injection vulnerability in Task Manager in Invision Power ...)
	NOT-FOR-US: Invision Power Board
CVE-2005-3548 (Directory traversal vulnerability in Task Manager in Invision Power ...)
	NOT-FOR-US: Invision Power Board
CVE-2005-3547 (Cross-site scripting (XSS) vulnerability in Invision Power Board 2.1 ...)
	NOT-FOR-US: Invision Power Board
CVE-2005-3546 (suid.cgi scripts in F-Secure (1) Internet Gatekeeper for Linux before ...)
	NOT-FOR-US: F-Secure Internet Gatekeeper and Antivirus Gateway
CVE-2005-3545 (SQL injection vulnerability in index.php of the report module in ...)
	NOT-FOR-US: ibProArcade
CVE-2005-3544 (Cross-site scripting (XSS) vulnerability in u2u.php in XMB 1.9.3 ...)
	NOT-FOR-US: XMB
CVE-2005-3543 (SQL injection vulnerability in search.php in Phorum 5.0.0alpha through ...)
	NOT-FOR-US: Phorum
CVE-2005-3542
	REJECTED
	NOT-FOR-US: Tonio Gallery
CVE-2005-3541
	RESERVED
CVE-2005-3540 (Buffer overflow in petris before 1.0.1 allows remote attackers to ...)
	{DSA-929-1}
	- petris 1.0.1-5
CVE-2005-3539 (Multiple eval injection vulnerabilities in HylaFAX 4.2.3 and earlier ...)
	{DSA-933-1}
	- hylafax 2:4.2.4-2 (bug #347298)
	NOTE: First patch had regressions
CVE-2005-3538 (hfaxd in HylaFAX 4.2.3, when PAM support is disabled, accepts ...)
	- hylafax 2:4.2.4-1
	[sarge] - hylafax <not-affected> (Affected only 4.2.3)
	[woody] - hylafax <not-affected> (Affected only 4.2.3)
CVE-2005-3537 (A &quot;missing request validation&quot; error in phpBB 2 before 2.0.18 allows ...)
	{DSA-925-1}
	- phpbb2 2.0.18-1 (bug #336582; medium)
CVE-2005-3536 (SQL injection vulnerability in phpBB 2 before 2.0.18 allows remote ...)
	{DSA-925-1}
	- phpbb2 2.0.18-1 (bug #336582; medium)
CVE-2005-3535 (Buffer overflow in KETM 0.0.6 allows local users to execute arbitrary ...)
	{DSA-926-1}
	- ketm 0.0.6-17sarge1 (low)
CVE-2005-3534 (Buffer overflow in the Network Block Device (nbd) server 2.7.5 and ...)
	{DSA-924-1}
	- nbd 1:2.8.3-1
CVE-2005-3533 (Buffer overflow in OSH before 1.7-15 allows local users to execute ...)
	{DSA-918-1}
	- osh 1.7-15
CVE-2005-3532 (authpam.c in courier-authdaemon for Courier Mail Server 0.37.3 through ...)
	{DSA-917-1}
	- courier 0.47-12 (bug #211920; medium)
CVE-2005-3531 (fusermount in FUSE before 2.4.1, if installed setuid root, allows ...)
	{DTSA-27-1}
	- fuse 2.4.1-0.1 (bug #340398; low)
	[sarge] - fuse <no-dsa> (Minor local DoS)
CVE-2005-3530 (Cross-site scripting (XSS) vulnerability in Antville 1.1 allows remote ...)
	NOT-FOR-US: Antville
CVE-2005-3529 (tiki-view_forum_thread.php in TikiWiki 1.9.0 through 1.9.2 allows ...)
	NOT-FOR-US: TikiWiki
CVE-2005-3528 (Cross-site scripting (XSS) vulnerability in tiki-view_forum_thread.php ...)
	NOT-FOR-US: TikiWiki
CVE-2005-3527 (Race condition in do_coredump in signal.c in Linux kernel 2.6 allows ...)
	- linux-2.6 2.6.14-1 (low)
	- kernel-source-2.4.27 <not-affected> (Vulnerable code was introduced later)
	[sarge] - kernel-source-2.6.8 <not-affected> (Vulnerable code was introduced later)
	NOTE: http://svn.debian.org/wsvn/kernel/patch-tracking/CVE-2005-3527?op=file&rev=0&sc=0
CVE-2005-3526 (Buffer overflow in the IMAP daemon in Ipswitch Collaboration Suite ...)
	NOT-FOR-US: Ipswitch Collaboration Suite
CVE-2005-3525 (Stack-based buffer overflow in an ActiveX control for the installer ...)
	NOT-FOR-US: Adobe
CVE-2005-3522 (Cross-site scripting (XSS) vulnerability in index.jsp in ManageEngine ...)
	NOT-FOR-US: ManageEngine NetflowAnalyzer
CVE-2005-3521 (SQL injection vulnerability in resetcore.php in e107 0.617 through ...)
	NOT-FOR-US: e107
CVE-2005-3520 (Multiple cross-site scripting (XSS) vulnerabilities in MySource 2.14.0 ...)
	NOT-FOR-US: MySource
CVE-2005-3519 (Multiple PHP file inclusion vulnerabilities in MySource 2.14.0 allow ...)
	NOT-FOR-US: MySource
CVE-2005-3518 (SQL injection vulnerability in search.php in PunBB 1.2.7 and 1.2.8 ...)
	NOT-FOR-US: PunBB
CVE-2005-3517 (Chipmunk Scripts Guestbook allows remote attackers to obtain the ...)
	NOT-FOR-US: Chipmunk Scripts Guestbook
CVE-2005-3516 (Cross-site scripting (XSS) vulnerability in recommend.php in Chipmunk ...)
	NOT-FOR-US: Chipmunk Directory
CVE-2005-3515 (Cross-site scripting (XSS) vulnerability in recommend.php in Chipmunk ...)
	NOT-FOR-US: Chipmunk Topsites
CVE-2005-3514 (Multiple cross-site scripting (XSS) vulnerabilities in Chipmunk Forum ...)
	NOT-FOR-US: Chipmunk Forum
CVE-2005-3513 (index.php in VUBB alpha rc1 allows remote attackers to obtain the ...)
	NOT-FOR-US: VUBB
CVE-2005-3512 (Cross-site scripting (XSS) vulnerability in index.php in VUBB alpha ...)
	NOT-FOR-US: VUBB
CVE-2005-3511 (Multiple cross-site scripting (XSS) vulnerabilities in Spymac Web OS ...)
	NOT-FOR-US: Spymac Web OS
CVE-2005-3510 (Apache Tomcat 5.5.0 to 5.5.11 allows remote attackers to cause a ...)
	- tomcat5 <not-affected> (Debian's 5.0 version is not vulnerable)
CVE-2005-3509 (Multiple SQL injection vulnerabilities in JPortal allow remote ...)
	NOT-FOR-US: JPortal
CVE-2005-3508 (SQL injection vulnerability in showGallery.php in Gallery (Galerie) ...)
	NOT-FOR-US: Tonio gallery (not the one in the gallery debian package)
CVE-2005-3507 (Directory traversal vulnerability in CuteNews 1.4.1 allows remote ...)
	NOT-FOR-US: CuteNews
CVE-2005-3506 (Cross-site scripting (XSS) vulnerability in proxy.asp in Sambar Server ...)
	NOT-FOR-US: Sambar
CVE-2005-3505 (Cross-site scripting (XSS) vulnerability in the Entropy Chat script in ...)
	NOT-FOR-US: Entropy Chat Script
CVE-2005-3504 (Buffer overflow in swcons in IBM AIX 5.2, when debug malloc is ...)
	NOT-FOR-US: AIX
CVE-2005-3503 (chfn in pwdutils 3.0.4 and earlier on SuSE Linux, and possibly other ...)
	NOT-FOR-US: SuSE fork of passwd
CVE-2005-3502 (attachment_send.php in Cerberus Helpdesk allows remote attackers to ...)
	NOT-FOR-US: Cerberus Helpdesk
CVE-2005-3499 (Frisk F-Prot Antivirus allows remote attackers to bypass protection ...)
	NOT-FOR-US: F-Prot Antivirus
CVE-2005-3498 (IBM WebSphere Application Server 5.0.x before 5.02.15, 5.1.x before ...)
	NOT-FOR-US: WebSphere
CVE-2005-3497 (** DISPUTED ** ...)
	NOT-FOR-US: PHP Handicapper
CVE-2005-3496 (Cross-site scripting (XSS) vulnerability in PHP Handicapper allows ...)
	NOT-FOR-US: PHP Handicapper
CVE-2005-3495 (Ar-blog 5.2 and earlier allows remote attackers to bypass ...)
	NOT-FOR-US: Ar-blog
CVE-2005-3494 (Cross-site scripting (XSS) vulnerability in Ar-blog 5.2 and earlier ...)
	NOT-FOR-US: Ar-blog
CVE-2005-3493 (Battle Carry .005 and earlier allows remote attackers to cause a ...)
	NOT-FOR-US: Battle Carry
CVE-2005-3492 (FlatFrag 0.3 and earlier allows remote attackers to cause a denial of ...)
	NOT-FOR-US: FlatFrag
CVE-2005-3491 (Multiple buffer overflows in the receiver function in loop.c in ...)
	NOT-FOR-US: FlatFrag
CVE-2005-3490 (Directory traversal vulnerability in the web server in Asus Video ...)
	NOT-FOR-US: Asus Video Security
CVE-2005-3489 (Buffer overflow in Asus Video Security 3.5.0.0 and earlier, when using ...)
	NOT-FOR-US: Asus Video Security
CVE-2005-3488 (Scorched 3D 39.1 (bf) and earlier allows remote attackers to cause a ...)
	- scorched3d 39.1+cvs20050929-2 (bug #337403; medium)
CVE-2005-3487 (Multiple buffer overflows in Scorched 3D 39.1 (bf) and earlier allow ...)
	- scorched3d 39.1+cvs20050929-2 (bug #337403; medium)
CVE-2005-3486 (Multiple format string vulnerabilities in Scorched 3D 39.1 (bf) and ...)
	- scorched3d 39.1+cvs20050929-2 (bug #337403; medium)
CVE-2005-3485 (Buffer overflow in Glider Collect'n kill 1.0.0.0 allows remote ...)
	NOT-FOR-US: Glider Collect'n kill
CVE-2005-3484 (Directory traversal vulnerability in NeroNET 1.2.0.2 and earlier ...)
	NOT-FOR-US: NeroNET
CVE-2005-3483 (Buffer overflow in GO-Global for Windows 3.1.0.3270 and earlier allows ...)
	NOT-FOR-US: GO-Global
CVE-2004-2540 (readObject in (1) Java Runtime Environment (JRE) and (2) Software ...)
	NOT-FOR-US: Proprietary Java
CVE-2003-1283 (KaZaA Media Desktop (KMD) 2.0 launches advertisements in the Internet ...)
	NOT-FOR-US: Kazaa
CVE-2003-1282 (IBM Net.Data allows remote attackers to obtain sensitive information ...)
	NOT-FOR-US: IBM Net.Data
CVE-2003-1281 (cgihtml 1.69 allows local users to overwrite arbitrary files via a ...)
	NOT-FOR-US: cgihtml
CVE-2003-1280 (Directory traversal vulnerability in cgihtml 1.69 allows remote ...)
	NOT-FOR-US: cgihtml
CVE-2003-1279 (S-PLUS 6.0 allows local users to overwrite arbitrary files and ...)
	NOT-FOR-US: S-PLUS
CVE-2003-1278 (Cross-site scripting vulnerability (XSS) in OpenTopic 2.3.1 allows ...)
	NOT-FOR-US: OpenTopic
CVE-2003-1277 (Cross-site scripting (XSS) vulnerabilities in Yet Another Bulletin ...)
	NOT-FOR-US: YaBB
CVE-2003-1276 (Netfone.exe of NetTelephone 3.5.6 uses weak encryption for user PIN's ...)
	NOT-FOR-US: NetTelephone
CVE-2003-1275 (Pocket Internet Explorer (PIE) 3.0 allows remote attackers to cause a ...)
	NOT-FOR-US: Pocket Internet Explorer
CVE-2003-1274 (Winamp 3.0 allows remote attackers to cause a denial of service ...)
	NOT-FOR-US: Winamp
CVE-2003-1273 (Winamp 3.0 allows remote attackers to cause a denial of service ...)
	NOT-FOR-US: Winamp
CVE-2003-1272 (Multiple buffer overflows in Winamp 3.0 allow remote attackers to ...)
	NOT-FOR-US: Winamp
CVE-2003-1271 (Cross-site scripting vulnerability (XSS) in AN HTTP 1.41e allows ...)
	NOT-FOR-US: AN HTTP
CVE-2003-1270 (AN HTTP 1.41e allows remote attackers to cause a denial of service ...)
	NOT-FOR-US: AN HTTP
CVE-2003-1269 (AN HTTP 1.41e allows remote attackers to obtain the root web server ...)
	NOT-FOR-US: AN HTTP
CVE-2003-1268 (Multiple SQL injection vulnerabilities in (1) addcustomer.asp, (2) ...)
	NOT-FOR-US: a.shopKart
CVE-2003-1267 (GuildFTPd 0.999 allows remote attackers to cause a denial of service ...)
	NOT-FOR-US: GuildFTPd
CVE-2003-1266 (The (1) FTP, (2) POP3, (3) SMTP, and (4) NNTP servers in EServer 2.92 ...)
	NOT-FOR-US: EServer
CVE-2003-1265 (Netscape 7.0 and Mozilla 5.0 do not immediately delete messages in the ...)
	NOT-FOR-US: Ancient Mozilla issue
CVE-2003-1264 (TFTP server in Longshine Wireless Access Point (WAP) LCS-883R-AC-B, ...)
	NOT-FOR-US: Longshine hardware
CVE-2003-1263 (ICAL.EXE in iCal 3.7 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: iCal
CVE-2003-1262 (Buffer overflow in the http_fetch function of HTTP Fetcher 1.0.0 and ...)
	- libhttpfetcher 1.1.0-1
CVE-2003-1261 (Buffer overflow in CuteFTP 5.0 and 5.0.1 allows local users to cause a ...)
	NOT-FOR-US: CuteFTP
CVE-2003-1260 (Buffer overflow in CuteFTP 5.0 allows remote attackers to execute ...)
	NOT-FOR-US: CuteFTP
CVE-2003-1259 (Buffer overflow in CuteFTP 4.2 and 5.0 allows remote attackers to ...)
	NOT-FOR-US: CuteFTP
CVE-2003-1258 (activate.php in versatileBulletinBoard (vBB) 0.9.5 and 0.9.6 allows ...)
	NOT-FOR-US: versatileBulletinBoard
CVE-2003-1257 (find_theni_home.php in E-theni allows remote attackers to obtain ...)
	NOT-FOR-US: E-theni
CVE-2003-1256 (aff_liste_langue.php in E-theni allows remote attackers to execute ...)
	NOT-FOR-US: E-theni
CVE-2003-1255 (add_bookmark.php in Active PHP Bookmarks (APB) 1.1.01 allows remote ...)
	NOT-FOR-US: Active PHP Bookmarks
CVE-2003-1254 (Active PHP Bookmarks (APB) 1.1.01 allows remote attackers to execute ...)
	NOT-FOR-US: Active PHP Bookmarks
CVE-2003-1253 (PHP remote file inclusion vulnerability in Bookmark4U 1.8.3 allows ...)
	NOT-FOR-US: Bookmark4U
CVE-2003-1252 (register.php in S8Forum 3.0 allows remote attackers to execute ...)
	NOT-FOR-US: S8Forum
CVE-2003-1251 (The (1) menu.inc.php, (2) datasets.php and (3) mass_operations.inc.php ...)
	NOT-FOR-US: N/X 2000
CVE-2003-1250 (Efficient Networks 5861 DSL router, when running firmware 5.3.80 ...)
	NOT-FOR-US: Efficient Networks hardware issue
CVE-2003-1249 (WebIntelligence 2.7.1 uses guessable user session cookies, which ...)
	NOT-FOR-US: WebIntelligence
CVE-2003-1248 (H-Sphere WebShell 2.3 allows remote attackers to execute arbitrary ...)
	NOT-FOR-US: WebShell
CVE-2003-1247 (Multiple buffer overflows in H-Sphere WebShell 2.3 allow remote ...)
	NOT-FOR-US: WebShell
CVE-2003-1246 (NtCreateSymbolicLinkObject in ntdll.dll in Integrity Protection Driver ...)
	NOT-FOR-US: Integrity Protection Driver
CVE-2003-1245 (index2.php in Mambo 4.0.12 allows remote attackers to gain ...)
	NOT-FOR-US: Mambo
CVE-2003-1244 (SQL injection vulnerability in page_header.php in phpBB 2.0, 2.0.1 and ...)
	- phpbb2 <not-affected> (Fixed before upload into archive; 2.0.3)
CVE-2003-1243 (Cross-site scripting vulnerability (XSS) in Sage 1.0 b3 allows remote ...)
	NOT-FOR-US: Sage
CVE-2003-1242 (Sage 1.0 b3 allows remote attackers to obtain the root web server path ...)
	NOT-FOR-US: Sage
CVE-2003-1241 (Cross-site scripting vulnerability (XSS) in (1) admin_index.php, (2) ...)
	NOT-FOR-US: MyGuestbook
CVE-2003-1240 (PHP remote file inclusion vulnerability in CuteNews 0.88 allows remote ...)
	NOT-FOR-US: CuteNews
CVE-2003-1239 (Directory traversal vulnerability in sendphoto.php in WihPhoto 0.86 ...)
	NOT-FOR-US: WihPhoto
CVE-2003-1238 (Cross-site scripting vulnerability (XSS) in Nuked-Klan 1.3 beta and ...)
	NOT-FOR-US: Nuked-Klan
CVE-2003-1237 (Cross-site scripting vulnerability (XSS) in WWWBoard 2.0A2.1 and ...)
	NOT-FOR-US: WWWBoard
CVE-2003-1236 (Multiple format string vulnerabilities in the logger function in ...)
	NOT-FOR-US: Tanne
CVE-2003-1235 (BRW WebWeaver 1.03 allows remote attackers to obtain sensitive server ...)
	NOT-FOR-US: BRW WebWeaver
CVE-2003-1234 (Integer overflow in the f_count counter in FreeBSD before 4.2 through ...)
	NOT-FOR-US: Old FreeBSD bug, should be fixed wrt the KFreeBSD port
CVE-2002-2207 (Buffer overflow in ssldump 0.9b2 and earlier, when running in ...)
	- ssldump 0.9b3
CVE-2002-2206 (The POP3 proxy service (POPROXY.EXE) in Norton AntiVirus 2001 allows ...)
	NOT-FOR-US: Norton AntiVirus
CVE-2002-2205 (Buffer overflow in Webresolve 0.1.0 and earlier allows remote ...)
	NOT-FOR-US: webresolve
CVE-2002-2204 (The default --checksig setting in RPM Package Manager 4.0.4 checks ...)
	NOTE: verified with rpm 4.4.1, but this can hardly affect debian at
	NOTE: all since it requires rpm be configured to trust some key,
	NOTE: which in debian requires a manual and non-documented
	NOTE: initialization of the rpm database which is not configured in
	NOTE: the package
CVE-2002-2203 (Unknown vulnerability in the System Serial Console terminal in Solaris ...)
	NOT-FOR-US: Solaris
CVE-2002-2202 (Outlook Express 6.0 does not delete messages from dbx files, even when ...)
	NOT-FOR-US: Outlook Express
CVE-2002-2201 (The Printer Administration module for Webmin 0.990 and earlier allows ...)
	- webmin 1.000 (high)
CVE-2002-2200 (Benjamin Lefevre Dobermann FORUM 0.5 and earlier allows remote ...)
	NOTE: not-for-us (Benjamin Lefevre Dobermann FORUM)
CVE-2002-2199 (The default aide.conf file in Advanced Intrusion Detection Environment ...)
	NOTE: freebsd misconfiguration
CVE-2002-2198 (Buffer overflow in ZMailer before 2.99.51_1 allows remote attackers to ...)
	- zmailer 2.99.56-1 (high)
	NOTE: May have been fixed earlier, 2.99.51 was never uploaded to Debian.
CVE-2002-2197 (Unknown vulnerability in Sun Solaris 8.0 allows local users to cause a ...)
	NOT-FOR-US: Solaris
CVE-2002-2196 (Samba before 2.2.5 does not properly terminate the ...)
	- samba 2.2.5 (high)
CVE-2002-2195 (Buffer overflow in the version update check for Winamp 2.80 and ...)
	NOT-FOR-US: Winamp
CVE-2002-2194
	REJECTED
	NOT-FOR-US: Solaris
CVE-2002-2193 (Cross-site scripting (XSS) vulnerability in mojo.cgi for Mojo Mail 2.7 ...)
	NOT-FOR-US: Mojo Mail
CVE-2002-2192 (Cross-site scripting (XSS) vulnerability in Perception LiteServe 2.0.1 ...)
	NOT-FOR-US: Perception LiteServe
CVE-2002-2191 (Lotus Domino 5.0.9a and earlier, even when configured with the ...)
	NOT-FOR-US: (Lotus Domino
CVE-2002-2190 (ArtsCore Studios CuteCast Forum 1.2 stores passwords in plaintext ...)
	NOT-FOR-US: ArtsCore Studios CuteCast Forum
CVE-2002-2189 (Cross-site scripting (XSS) vulnerability in ActiveXperts Software ...)
	NOT-FOR-US: ActiveXperts Software ActiveWebserver
CVE-2002-2188 (OpenBSD before 3.2 allows local users to cause a denial of service ...)
	NOT-FOR-US: OpenBSD kernel
CVE-2002-2187 (Unknown &quot;file disclosure&quot; vulnerability in Macromedia JRun 3.0, 3.1, ...)
	NOT-FOR-US: Macromedia JRun
CVE-2002-2186 (Macromedia JRun 3.0, 3.1, and 4.0 allow remote attackers to view the ...)
	NOT-FOR-US: Macromedia JRun
CVE-2002-2185 (The Internet Group Management Protocol (IGMP) allows local users to ...)
	NOTE: fixed in IRIX..
CVE-2002-2184 (Digi-Net Technologies DigiChat 3.5 allows chat users to obtain the IP ...)
	NOT-FOR-US: DigiChat
CVE-2002-2183 (phpShare.php in phpShare before 0.6 beta 3 allows remote attackers to ...)
	NOT-FOR-US: phpShare
CVE-2002-2182 (Buffer overflow in Seunghyun Seo's MSN666 MSN Sniffer 1.0 and 1.0.1 ...)
	NOT-FOR-US: MSN666
CVE-2002-2181 (SonicWall Content Filtering allows local users to access prohibited ...)
	NOT-FOR-US: SonicWall
CVE-2002-2180 (The setitimer(2) system call in OpenBSD 2.0 through 3.1 does not ...)
	NOT-FOR-US: OpenBSD kernel
CVE-2002-2179 (The dynamic initialization feature of the ClearPath MCP environment ...)
	NOT-FOR-US: ClearPath MCP
CVE-2002-2178 (Cross-site scripting (XSS) vulnerability in article.php module for ...)
	NOT-FOR-US: phpWebSite
CVE-2002-2177 (BEA WebLogic Server and Express 6.1 through 7.0.0.1 buffers HTTP ...)
	NOT-FOR-US: BEA
CVE-2002-2176 (SQL injection vulnerability in Gender MOD 1.1.3 allows remote ...)
	NOT-FOR-US: Gender MOD
CVE-2002-2175 (phpSquidPass before 0.2 uses an incomplete regular expression to find ...)
	NOT-FOR-US: phpSquidPass
CVE-2002-2174 (The Telnet proxy of 602Pro LAN SUITE 2002 does not restrict the number ...)
	NOT-FOR-US: 602Pro LAN SUITE
CVE-2002-2173 (Buffer overflow in the IRC module of Trillian 0.725 and 0.73 allowing ...)
	NOT-FOR-US: Cerulean Trillian
CVE-2002-2172 (Informed (1) Designer and (2) Filler 3.05 does not zero out newly ...)
	NOT-FOR-US: Informed Designer, Informed Filler
CVE-2002-2171 (Cross-site scripting (XSS) vulnerability in acWEB 1.8 and 1.14 allows ...)
	NOT-FOR-US: acWEB
CVE-2002-2170 (Working Resources Inc. BadBlue Enterprise Edition 1.7 through 1.74 ...)
	NOT-FOR-US: BadBlue Enterprise Edition
CVE-2002-2169 (Cross-site scripting vulnerability AOL Instant Messenger (AIM) 4.5 and ...)
	NOT-FOR-US: AIM
CVE-2002-2168 (SQL injection vulnerability in Thorsten Korner 123tkShop before 0.3.1 ...)
	NOT-FOR-US: 123tkShop
CVE-2002-2167 (Directory traversal vulnerability in function_foot_1.inc.php for ...)
	NOT-FOR-US: 123tkShop
CVE-2002-2166 (Cross-site scripting (XSS) vulnerability in FuseTalk 2.0 and 3.0 ...)
	NOT-FOR-US: FuseTalk
CVE-2002-2165 (The IMHO Webmail module 0.97.3 and earlier for Roxen leaks the REFERER ...)
	NOT-FOR-US: IMHO Webmail for Roxen
CVE-2002-2164 (Buffer overflow in Microsoft Outlook Express 5.0, 5.5, and 6.0 allows ...)
	NOT-FOR-US: MSIE
CVE-2002-2163 (KvPoll 1.1 allows remote authenticated users to vote more than once by ...)
	NOT-FOR-US: KvPoll
CVE-2002-2162 (Cerulean Studios Trillian 0.73 and earlier use weak encrypttion (XOR) ...)
	NOT-FOR-US: Cerulean Trillian
CVE-2002-2161 (Kerio Personal Firewall (KPF) 2.1.4 and earlier allows remote ...)
	NOT-FOR-US: Kerio Personal Firewall
CVE-2002-2160
	REJECTED
	NOT-FOR-US: MidiCart
CVE-2002-2159 (Linksys EtherFast Cable/DSL BEFSR11, BEFSR41 and BEFSRU31 with the ...)
	NOT-FOR-US: Linksys hardware
CVE-2002-2158 (zenTrack 2.0.3 and earlier allows remote attackers to obtain the full ...)
	NOT-FOR-US: zenTrack
CVE-2002-2157
	REJECTED
	NOT-FOR-US: vBulletin
CVE-2002-2156 (Buffer overflow in Trillian 0.73 allows remote IRC servers to execute ...)
	NOT-FOR-US: Cerulean Trillian
CVE-2002-2155 (Format string vulnerability in the error handling of IRC invite ...)
	NOT-FOR-US: Cerulean Trillian
CVE-2002-2154 (Directory traversal vulnerability in Monkey HTTP Daemon 0.1.4 allows ...)
	NOT-FOR-US: Monkey HTTP Daemon
CVE-2002-2153 (Format string vulnerability in the administrative pages of the PL/SQL ...)
	NOT-FOR-US: Oracle Application Server
CVE-2002-2152 (The Czech edition of Software602's Web Server before 2002.0.02.0916 ...)
	NOT-FOR-US: Software602
CVE-2002-2151
	REJECTED
	NOT-FOR-US: Search97
CVE-2002-2150 (Firewalls from multiple vendors empty state tables more slowly than ...)
	NOTE: SYN floods etc generally filed as issues in linux specifically
	NOTE: if it is affected
CVE-2002-2149 (Buffer overflow in Lucent Access Point 300, 600, and 1500 Service ...)
	NOT-FOR-US: Lucent Access Point
CVE-2002-2148 (Lucent Ascend MAX Router 5.0 and earlier, Lucent Ascend Pipeline ...)
	NOT-FOR-US: Lucent MAX Router
CVE-2002-2147
	REJECTED
	NOT-FOR-US: Savant Web Server
CVE-2002-2146 (cgitest.exe in Savant Web Server 3.1 and earlier allows remote ...)
	NOT-FOR-US: Savant Web Server
CVE-2002-2145 (Savant Web Server 3.1 and earlier allows remote attackers to bypass ...)
	NOT-FOR-US: Savant Web Server
CVE-2002-2144 (Directory traversal vulnerability in BearShare 4.0.5 and 4.0.6 allows ...)
	NOT-FOR-US: BearShare
CVE-2002-2143 (The admin.html file in MySimple News 1.0 stores its administrative ...)
	NOT-FOR-US: MySimple News
CVE-2002-2142 (An undocumented extension for the Servlet mappings in the Servlet 2.3 ...)
	NOT-FOR-US: BEA
CVE-2002-2141 (BEA WebLogic Server and Express 7.0 and 7.0.0.1, when running Servlets ...)
	NOT-FOR-US: BEA
CVE-2002-2140 (Buffer overflow in Cisco PIX Firewall 5.2.x to 5.2.8, 6.0.x to 6.0.3, ...)
	NOT-FOR-US: Cisco
CVE-2002-2139 (Cisco PIX Firewall 6.0.3 and earlier, and 6.1.x to 6.1.3, do not ...)
	NOT-FOR-US: Cisco
CVE-2002-2138 (RFC-NETBIOS in HP Advanced Server/9000 B.04.05 through B.04.09, when ...)
	NOT-FOR-US: HP Advanced Server
CVE-2002-2137 (GlobalSunTech Wireless Access Points (1) WISECOM GL2422AP-0T, and ...)
	NOT-FOR-US: GlobalSunTech Wireless Access Points
CVE-2002-2136
	REJECTED
	NOT-FOR-US: SUNW*
CVE-2002-2135
	REJECTED
	NOT-FOR-US: HP-UX
CVE-2002-2134 (haut.php in PEEL 1.0b allows remote attackers to execute arbitrary PHP ...)
	NOT-FOR-US: PEEL
CVE-2002-2133 (Telindus 1100 ASDL router running firmware 6.0.x uses weak encryption ...)
	NOT-FOR-US: Telindus 1100 ASDL router
CVE-2002-2132 (Windows File Protection (WFP) in Windows 2000 and XP does not remove ...)
	NOT-FOR-US: Windows
CVE-2002-2131 (Directory traversal vulnerability in Perl-HTTPd before 1.0.2 allows ...)
	NOT-FOR-US: Perl-HTTPd
CVE-2002-2130 (publish_xp_docs.php in Gallery 1.3.2 allows remote attackers to ...)
	- gallery 1.3.3 (high)
CVE-2002-2129 (Cross-site scripting vulnerability (XSS) in editform.php for w-Agora ...)
	NOT-FOR-US: w-Agora
CVE-2002-2128 (editform.php in w-Agora 4.1.5 allows local users to execute arbitrary ...)
	NOT-FOR-US: w-Agora
CVE-2002-2127 (Integrity Protection Driver (IPD) 1.2 and earlier blocks access to ...)
	NOT-FOR-US: Integrity Protection Driver (IPD)
CVE-2002-2126 (restrictEnabled in Integrity Protection Driver (IPD) 1.2 delays driver ...)
	NOT-FOR-US: Integrity Protection Driver (IPD)
CVE-2002-2125 (Internet Explorer 6.0 does not warn users when an expired certificate ...)
	NOT-FOR-US: MSIE
CVE-2000-1238 (BEA Systems WebLogic Express and WebLogic Server 5.1 SP1-SP6 allows ...)
	NOT-FOR-US: BEA Weblogic
CVE-2005-3621 (CRLF injection vulnerability in phpMyAdmin before 2.6.4-pl4 allows ...)
	{DSA-1207-1}
	- phpmyadmin 4:2.6.4-pl4-1 (bug #339437; medium)
CVE-2005-3524 (Buffer overflow in the SSL-ready version of linux-ftpd ...)
	{DSA-896-1}
	- linux-ftpd-ssl 0.17.18+0.3-5 (bug #339074; high)
CVE-2005-3807 (Memory leak in the VFS file lease handling in locks.c in Linux kernels ...)
	- linux-2.6 2.6.14-4
CVE-2005-3857 (The time_out_leases function in locks.c for Linux kernel before ...)
	{DSA-1018-1 DSA-1017-1}
	- linux-2.6 2.6.14-4 (low)
CVE-2005-XXXX [user logout in drupal has no effect]
	[sarge] - drupal <not-affected> (bug was introduced after 4.5.3)
	- drupal 4.5.5-3 (bug #336719; medium)
CVE-2005-XXXX [double free() in libungif]
	- libungif4 4.1.4-1 (bug #338542; medium)
CVE-2005-3523 (Format string vulnerability in friendsd2 in GpsDrive allows remote ...)
	{DSA-891-1}
	- gpsdrive 2.09-2sarge1 (bug #337495; medium)
CVE-2005-XXXX [Insecure temp files in note]
	- note 1.3.1-3 (bug #337492; unimportant)
	NOTE: Second issue not shipped in binary, only example, first issue not sufficiently
	NOTE: predictable for a real world attack
CVE-2005-3500 (The tnef_attachment function in tnef.c for Clam AntiVirus (ClamAV) ...)
	{DSA-887-1 DTSA-21-1}
	- clamav 0.87.1-1 (medium)
CVE-2005-3501 (The cabd_find function in cabd.c of the libmspack library (mspack) for ...)
	{DSA-887-1 DTSA-21-1}
	- clamav 0.87.1-1 (medium)
CVE-2005-3482 (Cisco 1200, 1131, and 1240 series Access Points, when operating in ...)
	NOT-FOR-US: Cisco
CVE-2005-3481 (Cisco IOS 12.0 to 12.4 might allow remote attackers to execute ...)
	NOT-FOR-US: IOS
CVE-2005-3480 (login.asp in Ringtail CaseBook 6.1.0 displays different error messages ...)
	NOT-FOR-US: Ringtail CaseBook
CVE-2005-3479 (Cross-site scripting (XSS) vulnerability in login.asp in Ringtail ...)
	NOT-FOR-US: Ringtail CaseBook
CVE-2005-3478 (SQL injection vulnerability in index.php in PHPCafe.net Tutorials ...)
	NOT-FOR-US: PHPCafe Tutorial Manager
CVE-2005-3477 (Multiple interpretation error in the image upload handling code in ...)
	NOT-FOR-US: Invision Gallery
CVE-2005-3476 (Unspecified vulnerability in HP OpenVMS Integrity 8.2-1 and 8.2, and ...)
	NOT-FOR-US: OpenVMS
CVE-2005-3475 (Hasbani Web Server (WindWeb) 2.0 allows remote attackers to cause a ...)
	NOT-FOR-US: Hasbani Web Server
CVE-2005-3474 (The aries.sys driver in Sony First4Internet XCP DRM software hides any ...)
	NOT-FOR-US: XCP DRM
CVE-2005-3473 (Multiple cross-site scripting (XSS) vulnerabilities in Simple PHP Blog ...)
	NOT-FOR-US: Simple PHP Blog
CVE-2005-3472 (Unspecified vulnerability in Sun Java System Communications Express ...)
	NOT-FOR-US: Sun Java System Communications Express
CVE-2005-3471 (Directory traversal vulnerability in the ruleset view for MailWatch ...)
	NOT-FOR-US: MailWatch for MailScanner
CVE-2005-3470 (SQL injection vulnerability in in the authenticate function in ...)
	NOT-FOR-US: MailWatch for MailScanner
CVE-2005-3469 (SQL injection vulnerability in index.php in News2Net 3.0.0.0 allows ...)
	NOT-FOR-US: News2Net
CVE-2005-3468 (Directory traversal vulnerability in F-Secure Anti-Virus for Microsoft ...)
	NOT-FOR-US: F-Secure
CVE-2005-3467 (Serv-U FTP Server before 6.1.0.4 allows attackers to cause a denial of ...)
	NOT-FOR-US: Serv-U FTP Server
CVE-2005-3466 (Unspecified vulnerability in Enterprise CRM Sales in Oracle 8.81 up to ...)
	NOT-FOR-US: Oracle
CVE-2005-3465 (Unspecified vulnerability in JDEdwards HTML Server in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2005-3464 (Unspecified vulnerability in PeopleTools in Oracle PeopleSoft ...)
	NOT-FOR-US: Oracle
CVE-2005-3463 (Unspecified vulnerability in PeopleTools in Oracle PeopleSoft ...)
	NOT-FOR-US: Oracle
CVE-2005-3462 (Unspecified vulnerability in PeopleTools in Oracle PeopleSoft ...)
	NOT-FOR-US: Oracle
CVE-2005-3461 (Unspecified vulnerability in PeopleTools in Oracle PeopleSoft ...)
	NOT-FOR-US: Oracle
CVE-2005-3460 (Unspecified vulnerability in Oracle Agent in Oracle Enterprise Manager ...)
	NOT-FOR-US: Oracle
CVE-2005-3459 (Unspecified vulnerability in Oracle E-Business Suite and Applications ...)
	NOT-FOR-US: Oracle
CVE-2005-3458 (Unspecified vulnerability in Oracle E-Business Suite and Applications ...)
	NOT-FOR-US: Oracle
CVE-2005-3457 (Unspecified vulnerability in Oracle E-Business Suite and Applications ...)
	NOT-FOR-US: Oracle
CVE-2005-3456 (Multiple unspecified vulnerabilities in Oracle E-Business Suite and ...)
	NOT-FOR-US: Oracle
CVE-2005-3455 (Multiple unspecified vulnerabilities in Oracle E-Business Suite and ...)
	NOT-FOR-US: Oracle
CVE-2005-3454 (Multiple unspecified vulnerabilities in Oracle Collaboration Suite 10g ...)
	NOT-FOR-US: Oracle
CVE-2005-3453 (Multiple unspecified vulnerabilities in Web Cache in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2005-3452 (Unspecified vulnerability in Web Cache in Oracle Application Server ...)
	NOT-FOR-US: Oracle
CVE-2005-3451 (Unspecified vulnerability in SQL*ReportWriter in Oracle Application ...)
	NOT-FOR-US: Oracle
CVE-2005-3450 (Unspecified vulnerability in the HTTP Server in Oracle Application ...)
	NOT-FOR-US: Oracle
CVE-2005-3449 (Multiple unspecified vulnerabilities in Oracle Application Server 9.0 ...)
	NOT-FOR-US: Oracle
CVE-2005-3448 (Unspecified vulnerability in the OC4J Module in Oracle Application ...)
	NOT-FOR-US: Oracle
CVE-2005-3447 (Unspecified vulnerability in Single Sign-On in Oracle Database Server ...)
	NOT-FOR-US: Oracle
CVE-2005-3446 (Unspecified vulnerability in Internet Directory in Oracle Database ...)
	NOT-FOR-US: Oracle
CVE-2005-3445 (Multiple unspecified vulnerabilities in HTTP Server in Oracle Database ...)
	NOT-FOR-US: Oracle
CVE-2005-3444 (Multiple unspecified vulnerabilities in the Programmatic Interface in ...)
	NOT-FOR-US: Oracle
CVE-2005-3443 (Unspecified vulnerability in the Spatial component in Oracle Database ...)
	NOT-FOR-US: Oracle
CVE-2005-3442 (Multiple unspecified vulnerabilities in Oracle Database Server 8i up ...)
	NOT-FOR-US: Oracle
CVE-2005-3441 (Unspecified vulnerability in Intelligent Agent in Oracle Database ...)
	NOT-FOR-US: Oracle
CVE-2005-3440 (Unspecified vulnerability in Database Scheduler in Oracle Database ...)
	NOT-FOR-US: Oracle
CVE-2005-3439 (Multiple unspecified vulnerabilities in Oracle Database Server 10g up ...)
	NOT-FOR-US: Oracle
CVE-2005-3438 (Multiple unspecified vulnerabilities in Oracle Database Server 9i up ...)
	NOT-FOR-US: Oracle
CVE-2005-3437 (Unspecified vulnerability in the PL/SQL component in Oracle Database ...)
	NOT-FOR-US: Oracle
CVE-2005-3436 (Cross-site scripting (XSS) vulnerability in Nuked-Klan 1.7 allows ...)
	NOT-FOR-US: Nuked-Klan
CVE-2005-3435 (admin_news.php in Archilles Newsworld up to 1.3.0 allows attackers to ...)
	NOT-FOR-US: Archilles Newsworld
CVE-2005-3434 (Archilles Newsworld before 1.5.0-rc1 stores (1) account.nwd and (2) ...)
	NOT-FOR-US: Archilles Newsworld
CVE-2005-3433 (Buffer overflow in Mirabilis ICQ 2003a allows user-assisted attackers ...)
	NOT-FOR-US: Mirabilis ICQ
CVE-2005-3432 (MiniGal 2 (MG2) 0.5.1 allows remote attackers to list password ...)
	NOT-FOR-US: MiniGal2
CVE-2005-3431 (Absolute path traversal vulnerability in Rockliffe MailSite Express ...)
	NOT-FOR-US: MailSite Express
CVE-2005-3430 (Incomplete blacklist vulnerability in Rockliffe MailSite Express ...)
	NOT-FOR-US: MailSite Express
CVE-2005-3429 (Rockliffe MailSite Express before 6.1.22, with the option to save ...)
	NOT-FOR-US: MailSite Express
CVE-2005-3428 (Cross-site scripting (XSS) vulnerability in Rockliffe MailSite Express ...)
	NOT-FOR-US: MailSite Express
CVE-2005-3427 (The Cisco Management Center (MC) for IPS Sensors (IPS MC) 2.1 can omit ...)
	NOT-FOR-US: IPS Sensors
CVE-2005-3426 (Cisco CSS 11500 Content Services Switch (CSS) with SSL termination ...)
	NOT-FOR-US: Cisco
CVE-2005-3425 (Cross-site scripting (XSS) vulnerability in GNUMP3D before 2.9.6 ...)
	{DSA-877-1}
	- gnump3d 2.9.6-1
CVE-2005-3424 (Cross-site scripting (XSS) vulnerability in GNUMP3D before 2.9.5 ...)
	{DSA-877-1}
	- gnump3d 2.9.5-1 (low)
CVE-2005-3423 (Multiple SQL injection vulnerabilities in Subdreamer 2.2.1 allow ...)
	NOT-FOR-US: Subdreamer
CVE-2005-3422 (Cross-site scripting (XSS) vulnerability in error.asp in ASP Fast ...)
	NOT-FOR-US: ASP Fast Forum
CVE-2005-3421 (estcmd in Hyper Estraier 1.0.1 on Windows systems allows remote ...)
	NOT-FOR-US: Hyper Estraier
CVE-2005-3420 (usercp_register.php in phpBB 2.0.17 allows remote attackers to modify ...)
	{DSA-925-1}
	- phpbb2 2.0.18-1 (bug #336582; bug #336587; unknown)
	NOTE: http://www.hardened-php.net/advisory_172005.75.html
	NOTE: http://www.phpbb.com/phpBB/viewtopic.php?f=14&t=336756
	NOTE: Remote code execution may be possible, especially in conjunction
	NOTE: with PHP bugs.
CVE-2005-3419 (SQL injection vulnerability in usercp_register.php in phpBB 2.0.17 ...)
	{DSA-925-1}
	- phpbb2 2.0.18-1 (bug #336582; bug #336587; unknown)
CVE-2005-3418 (Multiple cross-site scripting (XSS) vulnerabilities in phpBB 2.0.17 ...)
	{DSA-925-1}
	- phpbb2 2.0.18-1 (bug #336582; bug #336587; unknown)
CVE-2005-3417 (phpBB 2.0.17 and earlier, when the register_long_arrays directive is ...)
	{DSA-925-1}
	- phpbb2 2.0.18-1 (bug #336582; bug #336587; unknown)
CVE-2005-3416 (phpBB 2.0.17 and earlier, when register_globals is enabled and the ...)
	{DSA-925-1}
	- phpbb2 2.0.18-1 (bug #336582; bug #336587; unknown)
CVE-2005-3415 (phpBB 2.0.17 and earlier allows remote attackers to bypass protection ...)
	{DSA-925-1}
	- phpbb2 2.0.18-1 (bug #336582; bug #336587; unknown)
CVE-2005-3414 (eyeOS 0.8.4 stores usrinfo.xml under the web document root with ...)
	NOT-FOR-US: eyeOS
CVE-2005-3413 (Cross-site scripting (XSS) vulnerability in desktop.php in eyeOS 0.8.4 ...)
	NOT-FOR-US: eyeOS
CVE-2005-3412 (Cross-site scripting (XSS) vulnerability in Elite Forum 1.0.0.0 allows ...)
	NOT-FOR-US: Elite Forum
CVE-2005-3411 (Cross-site scripting (XSS) vulnerability in post.asp in Snitz Forums ...)
	NOT-FOR-US: Snitz Forums
CVE-2005-3410
	RESERVED
CVE-2005-3409 (OpenVPN 2.x before 2.0.4, when running in TCP mode, allows remote ...)
	{DSA-885-1}
	- openvpn 2.0.5-1 (bug #337334; low)
CVE-2005-3408 (SQL injection vulnerability in news.php in gCards version 1.43 allows ...)
	NOT-FOR-US: gCards
CVE-2005-3407 (SQL injection vulnerability in phpESP 1.7.5 and earlier allows remote ...)
	NOT-FOR-US: phpESP
CVE-2005-3406 (Cross-site scripting (XSS) vulnerability in phpESP 1.7.5 and earlier ...)
	NOT-FOR-US: phpESP
CVE-2005-3405 (ATutor 1.4.1 through 1.5.1-pl1 allows remote attackers to execute ...)
	NOT-FOR-US: ATutor
CVE-2005-3404 (Multiple PHP file inclusion vulnerabilities in ATutor 1.4.1 through ...)
	NOT-FOR-US: ATutor
CVE-2005-3403 (Multiple cross-site scripting (XSS) vulnerabilities in ATutor 1.4.1 ...)
	NOT-FOR-US: ATutor
CVE-2005-3402 (The SMTP client in Mozilla Thunderbird 1.0.5 BETA, 1.0.7, and possibly ...)
	- thunderbird <unfixed> (bug #363714; unimportant)
	[sarge] - mozilla-thunderbird <unfixed> (bug #363714; unimportant)
	NOTE: That's a non-issue; only a feature request for an improvement in a corner case.
	NOTE: If someone wants to use security-sensitive communication a TLS-secured server
	NOTE: should be used.
CVE-2005-3401 (Multiple interpretation error in TheHacker 5.8.4.128 allows remote ...)
	NOT-FOR-US: TheHacker
CVE-2005-3400 (Multiple interpretation error in Fortinet 2.48.0.0 allows remote ...)
	NOT-FOR-US: Fortinet
CVE-2005-3399 (Multiple interpretation error in CAT-QuickHeal 8.0 allows remote ...)
	NOT-FOR-US: CAT-QuickHeal
CVE-2005-3398 (The default configuration of the web server for the Solaris Management ...)
	NOT-FOR-US: Solaris Management Console
CVE-2005-3397 (Cross-site scripting (XSS) vulnerability in Comersus BackOffice allows ...)
	NOT-FOR-US: Comersus BackOffice
CVE-2005-3396 (Buffer overflow in the chcons (chcon) command in IBM AIX 5.2 and 5.3, ...)
	NOT-FOR-US: AIX
CVE-2005-3395 (SQL injection vulnerability in Invision Gallery 2.0.3 allows remote ...)
	NOT-FOR-US: Invision Gallery
CVE-2005-3394 (Multiple SQL injection vulnerabilities in forum.php in oaboard forum ...)
	NOT-FOR-US: oaboard
CVE-2005-3393 (Format string vulnerability in the foreign_option function in ...)
	{DSA-885-1}
	- openvpn 2.0.5-1 (bug #336751; medium)
CVE-2005-3392 (Unspecified vulnerability in PHP before 4.4.1, when using the virtual ...)
	- php4 4:4.4.2-1 (bug #336645; bug #354681; low)
	[sarge] - php4 <no-dsa> (Safe mode violations not supported)
	- php5 5.1.1-1 (bug #336654; low)
	NOTE: According to CVE, this is a safe mode violation,
	NOTE: therefore low impact.  (According to SuSE, it's an
	NOTE: information leak.)
CVE-2005-3391 (Multiple vulnerabilities in PHP before 4.4.1 allow remote attackers to ...)
	- php4 4:4.4.2-1 (bug #336645; bug #354678; low)
	[sarge] - php4 <no-dsa> (Safe mode violations not supported)
	- php5 5.1.1-1 (bug #336654; low)
	NOTE: This is a safe mode violation, therefore low impact.
CVE-2005-3390 (The RFC1867 file upload feature in PHP 4.x up to 4.4.0 and 5.x up to ...)
	- php4 4:4.4.2-1 (bug #336645; bug #354680; low)
	- php5 5.1.1-1 (bug #336654; low)
	[sarge] - php4 <no-dsa> (Operation with register_globals not supported)
	NOTE: http://www.hardened-php.net/advisory_202005.79.html
	NOTE: http://www.hardened-php.net/globals-problem
CVE-2005-3389 (The parse_str function in PHP 4.x up to 4.4.0 and 5.x up to 5.0.5, ...)
	- php4 4:4.4.2-1 (bug #336645; bug #354690; low)
	- php5 5.1.1-1 (bug #336654; low)
	[sarge] - php4 <no-dsa> (application's job to sanitize input)
	NOTE: http://www.hardened-php.net/advisory_192005.78.html
CVE-2005-3388 (Cross-site scripting (XSS) vulnerability in the phpinfo function in ...)
	{CVE-2002-1954}
	- php4 4:4.4.2-1 (bug #336645; low)
	- php5 5.1.1-1 (bug #336654; low)
	[sarge] - php4 <no-dsa> (not worth an update)
	NOTE: http://www.hardened-php.net/advisory_182005.77.html
	NOTE: fixed in CVS, estimated release of PHP5.1 to fix this issue
CVE-2005-3387 (The startup script in packages/RedHat/ntop.init in ntop before 3.2, ...)
	- ntop <not-affected> (Red Hat specific packaging flaw)
CVE-2005-3386 (SQL injection vulnerability in Techno Dreams Web Directory script ...)
	NOT-FOR-US: Techno Dreams scripts
CVE-2005-3385 (SQL injection vulnerability in Techno Dreams Mailing List script ...)
	NOT-FOR-US: Techno Dreams scripts
CVE-2005-3384 (SQL injection vulnerability in Techno Dreams Guest Book script allows ...)
	NOT-FOR-US: Techno Dreams scripts
CVE-2005-3383 (SQL injection vulnerability in Techno Dreams Announcement script ...)
	NOT-FOR-US: Techno Dreams scripts
CVE-2005-3382 (Multiple interpretation error in Sophos 3.91 with the 2.28.4 engine ...)
	NOT-FOR-US: Sophos
CVE-2005-3381 (Multiple interpretation error in Ukrainian National Antivirus (UNA) ...)
	NOT-FOR-US: Ukranian National Antivirus
CVE-2005-3380 (Multiple interpretation error in Panda Titanium 2005 4.02.01 allows ...)
	NOT-FOR-US: Panda Titanium
CVE-2005-3379 (Multiple interpretation error in Trend Micro (1) PC-Cillin 2005 ...)
	NOT-FOR-US: Trend Micro
CVE-2005-3378 (Multiple interpretation error in Norman 5.81 with the 5.83.02 engine ...)
	NOT-FOR-US: Norman
CVE-2005-3377 (Multiple interpretation error in (1) McAfee Internet Security Suite ...)
	NOT-FOR-US: McAfee
CVE-2005-3376 (Multiple interpretation error in Kaspersky 5.0.372 allows remote ...)
	NOT-FOR-US: Kaspersky
CVE-2005-3375 (Multiple interpretation error in Ikarus demo version allows remote ...)
	NOT-FOR-US: Ikarus
CVE-2005-3374 (Multiple interpretation error in F-Prot 3.16c allows remote attackers ...)
	NOT-FOR-US: F-Prot
CVE-2005-3373 (Multiple interpretation error in Dr.Web 4.32b allows remote attackers ...)
	NOT-FOR-US: Dr. Web
CVE-2005-3372 (Multiple interpretation error in eTrust CA 7.0.1.4 with the 11.9.1 ...)
	NOT-FOR-US: eTrust
CVE-2005-3371 (Multiple interpretation error in AVG 7 7.0.323 allows remote attackers ...)
	NOT-FOR-US: AVG
CVE-2005-3370 (Multiple interpretation error in ArcaVir 2005 package 2005-06-21 ...)
	NOT-FOR-US: ArcaVir
CVE-2005-3369 (Multiple SQL injection vulnerabilities in the Info-DB module ...)
	NOT-FOR-US: Woltlab Burning Board
CVE-2005-3368 (Cross-site scripting (XSS) vulnerability in the Search_Enhanced module ...)
	NOT-FOR-US: PHP-Nuke
CVE-2005-3367 (Cross-site scripting (XSS) vulnerability in journal.php in SparkleBlog ...)
	NOT-FOR-US: SparkleBlog
CVE-2005-3366 (PHP file inclusion vulnerability in index.php in PHP iCalendar 2.0a2 ...)
	NOT-FOR-US: PHP iCalendar
CVE-2005-3365 (Multiple SQL injection vulnerabilities in DCP-Portal 6 and earlier ...)
	NOT-FOR-US: DCP-Portal
CVE-2005-3364 (Multiple SQL injection vulnerabilities in DboardGear allow remote ...)
	NOT-FOR-US: DboardGear
CVE-2005-3363 (SQL injection vulnerability in Saphp Lesson, possibly saphp Lesson1.1 ...)
	NOT-FOR-US: saphp Lesson
CVE-2005-3362
	REJECTED
CVE-2005-3361 (Cross-site scripting (XSS) vulnerability in forum/index.php in ...)
	NOT-FOR-US: FlatNuke
CVE-2005-3360 (The installation of Trend Micro PC-Cillin Internet Security 2005 12.00 ...)
	NOT-FOR-US: Trend Micro PC-Cillin Internet Security 2005
CVE-2005-3359 (The atm module in Linux kernel 2.6 before 2.6.14 allows local users to ...)
	{DSA-1103}
	- linux-2.6 2.6.14
CVE-2005-3358 (Linux kernel before 2.6.15 allows local users to cause a denial of ...)
	{DSA-1017-1}
	- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.11)
CVE-2005-3357 (mod_ssl in Apache 2.0 up to 2.0.55, when configured with an SSL vhost ...)
	- apache2 2.0.55-4 (bug #351246; low)
	[sarge] - apache2 2.0.54-5sarge2
CVE-2005-3356 (The mq_open system call in Linux kernel 2.6.9, in certain situations, ...)
	{DSA-1017-1}
	- linux-2.6 2.6.15-4
CVE-2005-3355 (Directory traversal vulnerability in GNU Gnump3d before 2.9.8 has ...)
	{DSA-901-1}
	- gnump3d 2.9.8-1
CVE-2005-3354 (Stack-based buffer overflow in the ldif_get_line function in ldif.c of ...)
	{DSA-908-1 DSA-906-1}
	- sylpheed 2.0.4-1 (bug #338434; medium)
	- sylpheed-gtk1 1.0.6-1 (medium)
	- sylpheed-claws 1.0.5-2 (bug #338436; medium)
	- sylpheed-claws-gtk2 1.9.100-1 (bug #339529; medium)
CVE-2005-3353 (The exif_read_data function in the Exif module in PHP before 4.4.1 ...)
	{DSA-1206-1}
	- php4 4:4.4.2-1 (bug #339577; medium)
	- php5 5.1.1-1 (bug #336654; medium)
CVE-2005-3352 (Cross-site scripting (XSS) vulnerability in the mod_imap module of ...)
	{DSA-1167-1}
	- apache 1.3.34-2 (bug #343466; low)
	- apache2 2.0.55-4 (bug #343467; bug #349793; low)
	[sarge] - apache2 2.0.54-5sarge2
	NOTE: Version(s): prior to 1.3.35-dev, 2.0.56-dev are affected
	NOTE: Means oldstable and stable are affected
CVE-2005-3351 (SpamAssassin 3.0.4 allows attackers to bypass spam detection via an ...)
	- spamassassin 3.1.0a-1 (bug #339526; low)
	[sarge] - spamassassin <no-dsa> (DoS affects only a single message)
	[woody] - spamassassin <no-dsa> (DoS affects only a single message)
CVE-2005-3350 (libungif library before 4.1.0 allows attackers to corrupt memory and ...)
	{DSA-890-1}
	- libungif4 4.1.3-4 (bug #337972; high)
	- giflib 4.1.4-1 (bug #395382)
CVE-2005-3349 (GNU Gnump3d before 2.9.8 allows local users to modify or delete ...)
	{DSA-901-1}
	- gnump3d 2.9.8-1
CVE-2005-3348 (HTTP response splitting vulnerability in index.php in phpSysInfo 2.4 ...)
	{DSA-899-1 DSA-898-1 DSA-897-1}
	- phpsysinfo 2.3-7 (bug #339079)
	- egroupware 1.0.0.009.dfsg-3-3
	- phpgroupware 0.9.16.008-2
CVE-2005-3347 (Multiple directory traversal vulnerabilities in index.php in ...)
	{DSA-899-1 DSA-898-1 DSA-897-1}
	- phpsysinfo 2.3-7 (bug #339079)
	- egroupware 1.0.0.009.dfsg-3-3
	- phpgroupware 0.9.16.008-2
CVE-2005-3346 (Buffer overflow in the environment variable substitution code in ...)
	{DSA-918-1}
	- osh 1.7-15 (bug #338312; bug #323424; bug #323482; bug #311369; medium)
CVE-2005-3345 (rssh 2.0.0 through 2.2.3 allows local users to bypass access ...)
	- rssh 2.3.0-1 (bug #344395; bug #344424)
	[sarge] - rssh 2.2.3-1.sarge.1
	NOTE: Update was introduced through s-p-u, not a DSA
CVE-2005-3344 (The default installation of Horde 3.0.4 contains an administrative ...)
	{DSA-884-1}
	- horde3 3.0.5-2 (bug #332290; bug #332289; medium)
CVE-2005-3343 (tkdiff before 4.1.1 allows local users to overwrite arbitrary files ...)
	{DSA-927-1}
	- tkdiff 1:4.0.2-2 (low)
CVE-2005-3342 (noweb 2.10c and earlier allows local users to overwrite arbitrary ...)
	{DSA-968-1}
	- noweb 2.10c-3.2 (low)
CVE-2005-3340 (The tuxpaint-import.sh script in Tux Paint (tuxpaint) 0.9.14 and ...)
	{DSA-941-1}
	- tuxpaint 1:0.9.15b-1 (low)
CVE-2003-1233 (Pedestal Software Integrity Protection Driver (IPD) 1.3 and earlier ...)
	NOT-FOR-US: Integrity Protection Driver
CVE-2002-2124 (The recvn and sendn functions in nylon 0.2 do not check when the recv ...)
	NOT-FOR-US: nylon
CVE-2005-XXXX [ntop format string vulnerability]
	- ntop <unfixed> (bug #335996; unimportant)
	NOTE: Not exploitable
CVE-2005-3341 (DHIS tools DNS package (dhis-tools-dns) before 5.0 allows local users ...)
	{DSA-928-1}
	- dhis-tools-dns 5.0-5
CVE-2005-3339 (Mantis before 0.19.3 caches the User ID longer than necessary, which ...)
	{DSA-905-1}
	- mantis 0.19.3-0.1 (bug #330682; unknown)
CVE-2005-3338 (Unspecified vulnerability in Mantis before 0.19.3, when using ...)
	{DSA-905-1}
	- mantis 0.19.3-0.1 (bug #330682; low)
CVE-2005-3337 (Multiple cross-site scripting (XSS) vulnerabilities in Mantis before ...)
	NOTE: This is a duplicate of CVE-2005-3091 (first issue) and CVE-2005-2557 (second
	NOTE: issue). This will be rejected.
CVE-2005-3336 (SQL injection vulnerability in Mantis 1.0.0RC2 and 0.19.2 allows ...)
	{DSA-905-1}
	- mantis 0.19.3-0.1 (high)
CVE-2005-3335 (PHP file inclusion vulnerability in bug_sponsorship_list_view_inc.php ...)
	{DSA-905-1}
	- mantis 0.19.3-0.1 (bug #335938; medium)
CVE-2005-3334 (Cross-site scripting (XSS) vulnerability in index.php in Flyspray ...)
	{DSA-953-1}
	- flyspray 0.9.8-4 (bug #335997; low)
	NOTE: Sarge is confirmed vulnerable
CVE-2005-3333 (SQL injection vulnerability in eBASEweb 3.0 allows remote attackers to ...)
	NOT-FOR-US: eBASEweb
CVE-2005-3332 (PHP remote file include vulnerability in admin/define.inc.php in ...)
	NOT-FOR-US: Belchior Foundry vCard
CVE-2005-3331 (viewpatch in mgdiff 1.0 allows local users to overwrite arbitrary ...)
	- mgdiff 1.0-28 (bug #335188; unimportant)
CVE-2005-3330 (The _httpsrequest function in Snoopy 1.2, as used in products such as ...)
	- wordpress <not-affected> (bug #335817; unimportant)
	NOTE: Upstream claims the modified Snoopy class is secure
CVE-2005-3329 (Cross-site scripting (XSS) vulnerability in RSA Authentication Agent ...)
	NOT-FOR-US: RSA Authentication Agent
CVE-2005-3328 (PHP remote file inclusion vulnerability in common.php in PunBB 1.1.2 ...)
	NOT-FOR-US: PunBB
CVE-2005-3327 (Network Appliance Data ONTAP 7.0 and earlier allows iSCSI Initiators ...)
	NOT-FOR-US: Data ONTAP
CVE-2005-3326 (SQL injection vulnerability in usercp.php in MyBulletinBoard (MyBB) ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2005-3325 (Multiple SQL injection vulnerabilities in (1) acid_qry_main.php in ...)
	{DSA-893-1}
	- acidbase 1.2.1-1 (bug #335998; bug #336788; medium)
	NOTE: the fix from 1.2-2 did not address the problem fully
	- acidlab 0.9.6b20-13
CVE-2005-3324 (SQL injection vulnerability in chat.php in MWChat 6.8 allows remote ...)
	NOT-FOR-US: MWChat
CVE-2005-3323 (docutils in Zope 2.6, 2.7 before 2.7.8, and 2.8 before 2.8.2 allows ...)
	{DSA-910-1}
	- zope2.8 2.8.1-7 (bug #334055; bug #334054; high)
	- zope2.7 2.7.8-1 (bug #334055; bug #334054; high)
CVE-2005-3322 (Unspecified vulnerability in Squid on SUSE Linux 9.0 allows remote ...)
	- squid <not-affected>
	NOTE: see bug #334882 for details
CVE-2005-3321 (chkstat in SuSE Linux 9.0 through 10.0 allows local users to modify ...)
	NOT-FOR-US: SuSE-specific tool
CVE-2005-3320 (Cross-site scripting (XSS) vulnerability in SiteTurn Domain Manager ...)
	NOT-FOR-US: SiteTurn Domain Manager
CVE-2005-3319 (The apache2handler SAPI (sapi_apache2.c) in the Apache module ...)
	- php4 4:4.4.2-1 (bug #336004; bug #354684; low)
	- php5 5.1.1-1 (bug #336005; low)
	[sarge] - php4 <not-affected>
	NOTE: can't reproduce, error may not be present in 4.3.
	NOTE: tentatively marking as not-affected in sarge.
CVE-2005-3318 (Buffer overflow in the _chm_decompress_block function in CHM lib ...)
	{DSA-886-1}
	- chmlib 0.37-1 (bug #335931; medium)
CVE-2005-3317 (Multiple stack-based buffer overflows in ZipGenius 5.5.1.468 and ...)
	NOT-FOR-US: ZipGenius
CVE-2005-3316 (The installation of ON Symantec Discovery 4.5.x and Symantec Discovery ...)
	NOT-FOR-US: Symantec Discovery
CVE-2005-3315 (Multiple SQL injection vulnerabilities in Novell ZENworks Patch ...)
	NOT-FOR-US: Novell ZENworks
CVE-2005-3314 (Stack-based buffer overflow in the IMAP daemon in Novell Netmail 3.5.2 ...)
	NOT-FOR-US: Novell Netmail
CVE-2005-3313 (The IRC protocol dissector in Ethereal 0.10.13 allows remote attackers ...)
	[woody] - ethereal <not-affected> (Only affects version 0.10.13)
	[sarge] - ethereal <not-affected> (Only affects version 0.10.13)
	- ethereal 0.10.14-1 (medium)
CVE-2005-3312 (The HTML rendering engine in Microsoft Internet Explorer 6.0 allows ...)
	NOT-FOR-US: Microsoft
CVE-2005-3311 (BMC Software Control-M 6.1.03 for Solaris, and possibly other ...)
	NOT-FOR-US: BMC Software Control-M
CVE-2005-3310 (Interpretation conflict in phpBB 2.0.17, with remote avatars and ...)
	{DSA-925-1}
	- phpbb2 2.0.18-1 (bug #335662; low)
CVE-2005-3309 (Multiple SQL injection vulnerabilities in Zomplog 3.4 allow remote ...)
	NOT-FOR-US: Zomplog
CVE-2005-3308 (Multiple cross-site scripting (XSS) vulnerabilities in Zomplog 3.4 ...)
	NOT-FOR-US: Zomplog
CVE-2005-3307 (Directory traversal vulnerability in index.php for FlatNuke 2.5.6 ...)
	NOT-FOR-US: FlatNuke
CVE-2005-3306 (Cross-site scripting (XSS) vulnerability in index.php for FlatNuke ...)
	NOT-FOR-US: FlatNuke
CVE-2005-3305 (Multiple SQL injection vulnerabilities in Nuked Klan 1.7 allow remote ...)
	NOT-FOR-US: Nuked Klan
CVE-2005-3304 (Multiple SQL injection vulnerabilities in PHP-Nuke 7.8 allow remote ...)
	NOT-FOR-US: PHP-Nuke
CVE-2005-3303 (The FSG unpacker (fsg.c) in Clam AntiVirus (ClamAV) 0.80 through 0.87 ...)
	{DSA-887-1 DTSA-21-1}
	- clamav 0.87.1-1 (high)
CVE-2004-2539 (Unknown vulnerability in Network Appliance NetCache 5.2 and Data ONTAP ...)
	NOT-FOR-US: NetCache
CVE-2004-2538 (Direct static code injection vulnerability in the PCG simple ...)
	NOT-FOR-US: phpCodeGenie
CVE-2004-2537 (Unspecified vulnerability in SurgeMail before 2.2c10 has unknown ...)
	NOT-FOR-US: SurgeMail
CVE-2004-2536 (The exit_thread function (process.c) in Linux kernel 2.6 through 2.6.5 ...)
	- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.6)
	- kernel-source-2.4.27 <not-affected>
	[sarge] - kernel-source-2.6.8 <not-affected> (Fixed before upload into archive; 2.6.6)
CVE-2004-2535 (The person-to-person secure messaging feature in Sticker before 3.1.0 ...)
	NOT-FOR-US: Sticker
CVE-2004-2534 (Fastream NETFile Server 7.1.2 does not properly handle keep-alive ...)
	NOT-FOR-US: NETFile Server
CVE-2004-2533 (Serv-U FTP Server 4.1 (possibly 4.0) allows remote attackers to cause ...)
	NOT-FOR-US: Serv-U FTP Server
CVE-2004-2532 (Serv-U FTP server before 5.1.0.0 has a default account and password ...)
	NOT-FOR-US: Serv-U FTP Server
CVE-2004-2531 (X.509 Certificate Signature Verification in Gnu transport layer ...)
	- gnutls11 1.0.16-8 (bug #336006; low)
	- gnutls12 <not-affected> (fixed before upload)
CVE-2004-2530 (Visual truncation vulnerability in Gadu-Gadu allows remote attackers ...)
	NOT-FOR-US: Gadu-Gadu
CVE-2004-2529 (Gadu-Gadu allows remote attackers to bypass the &quot;image send&quot; option by ...)
	NOT-FOR-US: Gadu-Gadu
CVE-2004-2528 (Cross-site scripting (XSS) vulnerability in sresult.exe in Webcam ...)
	NOT-FOR-US: Webcam Watchdog
CVE-2004-2527 (The local and remote desktop login screens in Microsoft Windows XP ...)
	NOT-FOR-US: Microsoft
CVE-2004-2526 (Directory traversal vulnerability in ldacgi.exe in IBM Tivoli ...)
	NOT-FOR-US: Tivoli
CVE-2004-2525 (Cross-site scripting (XSS) vulnerability in compat.php in Serendipity ...)
	- serendipity 1.0-1
CVE-2004-2524 (clogin.php in Benchmark Designs' WHM AutoPilot 2.4.5 and earlier ...)
	NOT-FOR-US: WHM AutoPilot
CVE-2004-2523 (Format string vulnerability in the msg command (cat_message function ...)
	NOT-FOR-US: OpenFTPD
CVE-2004-2522 (Cross-site scripting (XSS) vulnerability in web.tmpl in Gattaca Server ...)
	NOT-FOR-US: Gattaca
CVE-2004-2521 (Mail server in Gattaca Server 2003 1.1.10.0 allows remote attackers to ...)
	NOT-FOR-US: Gattaca
CVE-2004-2520 (POP3 protocol in Gattaca Server 2003 1.1.10.0 allows remote ...)
	NOT-FOR-US: Gattaca
CVE-2004-2519 (Gattaca Server 2003 1.1.10.0 allows remote attackers to cause a denial ...)
	NOT-FOR-US: Gattaca
CVE-2004-2518 (Gattaca Server 2003 1.1.10.0 allows remote attackers to obtain ...)
	NOT-FOR-US: Gattaca
CVE-2004-2517 (myServer 0.7.1 allows remote attackers to cause a denial of service ...)
	NOT-FOR-US: myServer
CVE-2004-2516 (Directory traversal vulnerability in myServer 0.7 allows remote ...)
	NOT-FOR-US: myServer
CVE-2004-2515 (Format string vulnerability in VMware Workstation 4.5.2 build-8848, if ...)
	NOT-FOR-US: VMWare Workstation
CVE-2004-2514 (Cross-site scripting (XSS) vulnerability in ...)
	NOT-FOR-US: PowerPortal
CVE-2004-2513 (Buffer overflow in the IMAP service of Mercury (Pegasus) Mail 4.01 ...)
	NOT-FOR-US: Mercury Mail
CVE-2004-2512 (CRLF injection vulnerability in calendar.php in DCP-Portal 5.3.2 and ...)
	NOT-FOR-US: DCP-Portal
CVE-2004-2511 (Multiple cross-site scripting (XSS) vulnerabilities in DCP-Portal ...)
	NOT-FOR-US: DCP-Portal
CVE-2004-2510 (Cross-site scripting (XSS) vulnerability in showflat.php in Infopop ...)
	NOT-FOR-US: Infopop UBB.Threads
CVE-2004-2509 (Cross-site scripting (XSS) vulnerabilities in (1) calendar.php, (2) ...)
	NOT-FOR-US: Infopop UBB.Threads
CVE-2004-2508 (Cross-site scripting (XSS) vulnerability in main.cgi in Linksys WVC11B ...)
	NOT-FOR-US: Linksys hardware
CVE-2004-2507 (Absolute path traversal vulnerability in main.cgi in Linksys WVC11B ...)
	NOT-FOR-US: Linksys hardware
CVE-2004-2506 (Unparsed web content delivery vulnerability in WIKINDX before 0.9.9g ...)
	NOT-FOR-US: WIKINDX
CVE-2004-2505 (Macromedia ColdFusion MX before 6.1 does not restrict the size of ...)
	NOT-FOR-US: ColdFusion
CVE-2004-2504 (The GUI in Alt-N Technologies MDaemon 7.2 and earlier, including 6.8, ...)
	NOT-FOR-US: Alt-N Technologies Mdaemon
CVE-2004-2503 (INweb Mail Server 2.40 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Inweb Mail Server
CVE-2004-2502 (im-switch before 11.4-46.1 in Fedora Core 2 allows local users to ...)
	- im-switch <not-affected> (Debian's version is somehow derived from RH, but not affected)
CVE-2004-2501 (Buffer overflow in the IMAP service of MailEnable Professional Edition ...)
	NOT-FOR-US: MailEnable Professional
CVE-2004-2500 (Unknown vulnerability in IlohaMail before 0.8.14-rc1 has unknown ...)
	- ilohamail 0.8.14-0rc1
CVE-2004-2499 (Unspecified vulnerability in Hitachi Web Page Generator and Web Page ...)
	NOT-FOR-US: Hitachi Web Page Generator
CVE-2004-2498 (Unspecified vulnerability in the error handler in Hitachi Web Page ...)
	NOT-FOR-US: Hitachi Web Page Generator
CVE-2004-2497 (Cross-site scripting (XSS) vulnerability in the error handler in ...)
	NOT-FOR-US: Hitachi Web Page Generator
CVE-2004-2496 (The HTTP daemon in OpenText FirstClass 7.1 and 8.0 allows remote ...)
	NOT-FOR-US: OpenText FirstClass
CVE-2004-2495 (The (1) Webmail, (2) admin, and (3) SMTP services in Ability Mail ...)
	NOT-FOR-US: Ability Mail Server
CVE-2004-2494 (Cross-site scripting (XSS) vulnerability in _error in Ability Mail ...)
	NOT-FOR-US: Ability Mail Server
CVE-2004-2493 (Directory traversal vulnerability in Groupmax World Wide Web (GmaxWWW) ...)
	NOT-FOR-US: GmaxWWW
CVE-2004-2492 (Cross-site scripting (XSS) vulnerability in Groupmax World Wide Web ...)
	NOT-FOR-US: GmaxWWW
CVE-2004-2491 (A race condition in Opera web browser 7.53 Build 3850 causes Opera to ...)
	NOT-FOR-US: Opera
CVE-2004-2490 (Buffer overflow in IBM Informix Dynamic Server (IDS) 9.40.xC1 and ...)
	NOT-FOR-US: Informix Dynamic Server
CVE-2004-2489 (Format string vulnerability in IBM Informix Dynamic Server (IDS) ...)
	NOT-FOR-US: Informix Dynamic Server
CVE-2004-2488 (Directory traversal vulnerability in Nexgen FTP Server before 2.2.3.23 ...)
	NOT-FOR-US: Nexgen FTP Server
CVE-2004-2487 (Directory traversal vulnerability in Nexgen FTP Server before 2.2.3.23 ...)
	NOT-FOR-US: Nexgen FTP Server
CVE-2004-2486 (The DSS verification code in Dropbear SSH Server before 0.43 frees ...)
	- dropbear 0.43-2
CVE-2004-2485 (Unspecified vulnerability in PHP Live! before 2.8.2, due to a &quot;major ...)
	NOT-FOR-US: PHP Live!
CVE-2004-2484 (Cross-site scripting (XSS) vulnerability in PHP Gift Registry 1.3.5 ...)
	NOT-FOR-US: PHP Gift Registry
CVE-2005-XXXX [kernel: Signedness problems in net/core/filter]
	- linux-2.6 2.6.12-2
	[sarge] - kernel-source-2.4.27 <not-affected>
	[sarge] - kernel-source-2.6.8 <not-affected>
	NOTE: http://www.kernel.org/git/?p=linux/kernel/git/chrisw/linux-2.6.12.y.git;a=commit;h=4717ecd49ce5c556d38e8c7b6fdc9fac5d35c00e
CVE-2005-XXXX [Insecure temp file usage in thttpd's syslogtocern]
	- thttpd 2.23beta1-4 (low)
	[sarge] - thttpd <no-dsa> (Minor issue in addon package)
CVE-2005-3301 (Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin ...)
	{DSA-880-1}
	- phpmyadmin 4:2.6.4-pl3-1 (bug #335513; medium)
CVE-2005-3300 (The register_globals emulation layer in grab_globals.php for ...)
	{DSA-880-1}
	- phpmyadmin 4:2.6.4-pl3-1 (bug #335306; high)
CVE-2005-3299 (PHP file inclusion vulnerability in grab_globals.lib.php in phpMyAdmin ...)
	[sarge] - phpmyadmin <not-affected> (Not affected according to maintainer; #333433)
	- phpmyadmin 4:2.6.4-pl2-1 (bug #333433; high)
CVE-2005-3298 (Multiple buffer overflows in OpenWBEM on SuSE Linux 9 allow remote ...)
	NOT-FOR-US: OpenWBEM
CVE-2005-3297 (Multiple integer overflows in OpenWBEM on SuSE Linux 9 allow remote ...)
	NOT-FOR-US: OpenWBEM
CVE-2005-3296 (The FTP server in HP-UX 10.20, B.11.00, and B.11.11, allows remote ...)
	NOT-FOR-US: HP-UX
CVE-2005-3295 (Unspecified vulnerability in HP-UX B.11.23 on Itanium platforms allows ...)
	NOT-FOR-US: HP-UX
CVE-2005-3294 (Typsoft FTP Server 1.11, with &quot;Sub Directory Include&quot; enabled, allows ...)
	NOT-FOR-US: Typsoft FTP Server
CVE-2005-3293 (Xerver 4.17 allows remote attackers to (1) obtain source code of ...)
	NOT-FOR-US: Xerver
CVE-2005-3292 (Multiple cross-site scripting (XSS) vulnerabilities in Xeobook 0.93 ...)
	NOT-FOR-US: Xeobook
CVE-2005-3291 (Stani's Python Editor (SPE) 0.7.5 is installed with world-writable ...)
	- spe <not-affected> (Gentoo-specific packaging flaw)
CVE-2005-3290 (SQL injection vulnerability in Accelerated Mortgage Manager allows ...)
	NOT-FOR-US: Accelerated Mortgage manager
CVE-2005-3289 (LSCFG in IBM AIX 5.2 and 5.3 does not create temporary files securely, ...)
	NOT-FOR-US: AIX
CVE-2005-3288 (Mailsite Express allows remote attackers to upload and execute files ...)
	NOT-FOR-US: Mailsite Express
CVE-2005-3287 (Incomplete blacklist vulnerability in Mailsite Express allows remote ...)
	NOT-FOR-US: Mailsite Express
CVE-2005-3286 (The FWDRV driver in Kerio Personal Firewall 4.2 and Server Firewall ...)
	NOT-FOR-US: Kerio Personal Firewall
CVE-2005-3285 (Cross-site scripting (XSS) vulnerability in ...)
	NOT-FOR-US: Comersus Backoffice Plus
CVE-2005-3284 (Multiple buffer overflows in AhnLab V3 AntiVirus V3Pro 2004 before ...)
	NOT-FOR-US: AhnLab
CVE-2005-3283 (Cross-site scripting (XSS) vulnerability in TikiWiki before 1.9.1.1 ...)
	NOT-FOR-US: TikiWiki
CVE-2005-3282 (Splatt Forum 3.0 to 3.2 allows remote attackers to bypass ...)
	NOT-FOR-US: Splatt Forum
CVE-2005-3281 (Directory traversal vulnerability in NukeFixes 3.1 for PHP-Nuke 7.8 ...)
	NOT-FOR-US: PHP-Nuke addon
CVE-2005-3280 (Paros 3.2.5 uses a default password for the &quot;sa&quot; account in the ...)
	NOT-FOR-US: Paros
CVE-2005-3279 (Stack-based buffer overflow in the vgasco_printf function in Jan Kybic ...)
	- bmv 1.2-18 (bug #335497; unimportant)
	NOTE: Vulnerable code not activated in binary package
CVE-2005-3278 (Integer overflow in the openpsfile function in gsinterf.c for Jan ...)
	{DSA-981-1}
	- bmv 1.2-18 (bug #335497; medium)
	NOTE: Sarge and Woody are affected (and the patch applied to fix this in unstable works on both of them, an easy DSA)
CVE-2005-3277 (The LPD service in HP-UX 10.20 11.11 (11i) and earlier allows remote ...)
	NOT-FOR-US: HP-UX
CVE-2005-XXXX [adduser's deluser creates backup files with world readable permissions]
	- adduser 3.77 (bug #331720; low)
	[sarge] - adduser <no-dsa> (Very minimal security ramifications, admin's reponsibility)
CVE-2005-XXXX [Pavuk Digest Authentication Buffer Overflow]
	- pavuk 0.9.33-1 (bug #264684; high)
	NOTE: second hole mentioned in bug report
CVE-2005-3751 (HTTP request smuggling vulnerability in Pound before 1.9.4 allows ...)
	{DSA-934-1}
	- pound 1.9.4-1 (low)
	NOTE: see http://www.apsis.ch/pound/pound_list/archive/2005/2005-10/1129827166000/index_html?fullMode=1#1129827166000
CVE-2005-3276 (The sys_get_thread_area function in process.c in Linux 2.6 before ...)
	{DSA-922-1}
	- linux-2.6 2.6.12-2
	- kernel-source-2.4.27 <not-affected>
CVE-2005-3275 (The NAT code (1) ip_nat_proto_tcp.c and (2) ip_nat_proto_udp.c in ...)
	{DSA-922-1 DSA-921-1}
	- linux-2.6 2.6.13-1 (low)
	- kernel-source-2.4.27 2.4.27-11 (low)
CVE-2005-3274 (Race condition in ip_vs_conn_flush in Linux 2.6 before 2.6.13 and 2.4 ...)
	{DSA-922-1}
	- linux-2.6 2.6.13-1 (low)
CVE-2005-3273 (The rose_rt_ioctl function in rose_route.c for Radionet Open Source ...)
	{DSA-922-1}
	- linux-2.6 2.6.12-1
	- kernel-source-2.4.27 <not-affected>
CVE-2005-3272 (Linux kernel before 2.6.12 allows remote attackers to poison the ...)
	{DSA-922-1}
	- linux-2.6 2.6.12-1
	- kernel-source-2.4.27 <not-affected>
CVE-2005-3271 (Exec in Linux kernel 2.6 does not properly clear posix-timers in ...)
	{DSA-922-1}
	- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.9)
	- kernel-source-2.4.27 <not-affected>
CVE-2005-3270 (Untrusted search path vulnerability in DiskMountNotify for Symantec ...)
	NOT-FOR-US: Symantec Antivirus
CVE-2005-3269 (Stack-based buffer overflow in help.cgi in the HTTP administrative ...)
	NOT-FOR-US: Sun Java System Directory Server
CVE-2005-3268 (yiff server (yiff-server) 2.14.2 on Debian GNU/Linux runs as root and ...)
	- yiff 2.14.2-8 (bug #334616; low)
	[sarge] - yiff <no-dsa> (Only a minor privacy leak)
CVE-2005-3267 (Integer overflow in Skype client before 1.4.x.84 on Windows, before ...)
	NOT-FOR-US: Skype
CVE-2005-3266
	REJECTED
CVE-2005-3265 (Buffer overflow in Skype for Windows 1.1.x.0 through 1.4.x.83 allows ...)
	NOT-FOR-US: Skype
CVE-2005-3264 (Cross-site scripting (XSS) vulnerability in thread.php for Zeroblog ...)
	NOT-FOR-US: Zeroblog
CVE-2005-3263 (Stack-based buffer overflow in UNACEV2.DLL for RARLAB WinRAR 2.90 ...)
	NOT-FOR-US: WinRAR
CVE-2005-3262 (Format string vulnerability in RARLAB WinRAR 2.90 through 3.50 allows ...)
	NOT-FOR-US: WinRAR
CVE-2005-3261 (getversions.php in versatileBulletinBoard (vBB) 1.0.0 RC2 lists the ...)
	NOT-FOR-US: versatileBulletinBoard
CVE-2005-3260 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
	NOT-FOR-US: versatileBulletinBoard
CVE-2005-3259 (Multiple SQL injection vulnerabilities in versatileBulletinBoard (vBB) ...)
	NOT-FOR-US: versatileBulletinBoard
CVE-2005-3258 (The rfc1738_do_escape function in ftp.c for Squid 2.5 STABLE11 and ...)
	- squid <not-affected> (bug #334882; medium)
	NOTE: Bug was introduced in a patch to squid-2.5.STABLE10,
	NOTE: this patch was never applied to the Debian package.
CVE-2005-3256 (The key selection dialogue in Enigmail before 0.92.1 can incorrectly ...)
	{DSA-889-1}
	- enigmail 2:0.93-1 (bug #335731; medium)
CVE-2005-3253 (Wireless Access Points (AP) for (1) Avaya AP-3 through AP-6 2.5 to ...)
	NOT-FOR-US: Avaya Wireless Access Points
CVE-2005-3252 (Stack-based buffer overflow in the Back Orifice (BO) preprocessor for ...)
	- snort <not-affected> (Vulnerable code was introduced later, see bug #334606)
CVE-2005-3251 (Directory traversal vulnerability in the gallery script in Gallery 2.0 ...)
	- gallery2 2.0.1-1 (medium)
CVE-2005-3250 (Unknown vulnerability in Solaris 10 allows local users to cause a ...)
	NOT-FOR-US: Solaris
CVE-2005-3249 (Unspecified vulnerability in the WSP dissector in Ethereal 0.10.1 to ...)
	{DSA-1171}
	[woody] - ethereal <not-affected> (This only affects Ethereal 0.10.1 to 0.10.12)
	- ethereal 0.10.13-1 (bug #334880; medium)
	NOTE: Sarge is vulnerable
CVE-2005-3248 (Unspecified vulnerability in the X11 dissector in Ethereal 0.10.12 and ...)
	{DSA-1171}
	[woody] - ethereal <not-affected> (This only affects Ethereal 0.10.1 to 0.10.12)
	- ethereal 0.10.13-1 (bug #334880; medium)
	NOTE: Sarge is vulnerable
CVE-2005-3247 (The SigComp UDVM in Ethereal 0.10.12 allows remote attackers to cause ...)
	[woody] - ethereal <not-affected> (This only affects Ethereal 0.10.12)
	[sarge] - ethereal <not-affected> (This only affects Ethereal 0.10.12)
	- ethereal 0.10.13-1 (bug #334880; medium)
CVE-2005-3246 (Ethereal 0.10.12 and earlier allows remote attackers to cause a denial ...)
	{DSA-1171}
	[woody] - ethereal <not-affected> (This only affects Ethereal 0.9.14 to 0.10.12)
	- ethereal 0.10.13-1 (bug #334880; medium)
	NOTE: Sarge is vulnerable
CVE-2005-3245 (Unspecified vulnerability in the ONC RPC dissector in Ethereal 0.10.3 ...)
	- ethereal 0.10.13-1 (bug #334880; medium)
CVE-2005-3244 (The BER dissector in Ethereal 0.10.3 to 0.10.12 allows remote ...)
	{DSA-1171}
	[woody] - ethereal <not-affected> (This only affects Ethereal 0.10.3 to 0.10.12)
	- ethereal 0.10.13-1 (bug #334880; medium)
	NOTE: Sarge is vulnerable
CVE-2005-3243 (Multiple buffer overflows in Ethereal 0.10.12 and earlier might allow ...)
	{DSA-1171}
	- ethereal 0.10.13-1 (bug #334880; medium)
	NOTE: The SLIMP3 issue affects Woody/Sarge, the AgentX issue only Sarge
CVE-2005-3242 (Ethereal 0.10.12 and earlier allows remote attackers to cause a denial ...)
	{DSA-1171}
	[woody] - ethereal <not-affected> (This only affects Ethereal 0.9.7 to 0.10.12)
	- ethereal 0.10.13-1 (bug #334880; medium)
	NOTE: Sarge is vulnerable
CVE-2005-3241 (Multiple vulnerabilities in Ethereal 0.10.12 and earlier allow remote ...)
	{DSA-1171}
	- ethereal 0.10.13-1 (bug #334880; medium)
	NOTE: The ISAKMP issue only affects sid, the other three Woody and Sarge
CVE-2005-3240 (Race condition in Microsoft Internet Explorer allows user-assisted ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2005-3238 (Multiple unspecified vulnerabilities in Solaris 10 SCTP Socket Option ...)
	NOT-FOR-US: Solaris
CVE-2005-3257 (The VT implementation (vt_ioctl.c) in Linux kernel 2.6.12, and ...)
	{DSA-1018-1 DSA-1017-1}
	- linux-2.6 2.6.14-4 (bug #334113; medium)
CVE-2005-3237 (Cross-site scripting (XSS) vulnerability in Cyphor 0.19 allows remote ...)
	NOT-FOR-US: Cyphor
CVE-2005-3236 (Multiple SQL injection vulnerabilities in Cyphor 0.19 allow remote ...)
	NOT-FOR-US: Cyphor
CVE-2005-3235 (Multiple interpretation error in unspecified versions of Proland ...)
	NOT-FOR-US: Proland Protector Plus
CVE-2005-3234 (Multiple interpretation error in unspecified versions of Grisoft AVG ...)
	NOT-FOR-US: Grisoft AVG Antivirus
CVE-2005-3233 (Multiple interpretation error in unspecified versions of Trustix ...)
	NOT-FOR-US: Trustix Antivirus
CVE-2005-3232 (Multiple interpretation error in unspecified versions of TheHacker ...)
	NOT-FOR-US: TheHacker
CVE-2005-3231 (Multiple interpretation error in unspecified versions of CAT Quick ...)
	NOT-FOR-US: CAT Quick Heal
CVE-2005-3230 (Multiple interpretation error in unspecified versions of Panda ...)
	NOT-FOR-US: Panda Antivirus
CVE-2005-3229 (Multiple interpretation error in unspecified versions of ClamAV ...)
	- clamav <unfixed> (unimportant)
	NOTE: Should rather be fixed in the buggy (fringe, proprietary) RAR unpackers
CVE-2005-3228 (Multiple interpretation error in unspecified versions of Ikarus ...)
	NOT-FOR-US: Ikarus Antivirus
CVE-2005-3227 (Multiple interpretation error in unspecified versions of UNA Antivirus ...)
	NOT-FOR-US: UNA Antivirus
CVE-2005-3226 (Multiple interpretation error in unspecified versions of ArcaVir ...)
	NOT-FOR-US: ArcaVir
CVE-2005-3225 (Multiple interpretation error in unspecified versions of (1) ...)
	NOT-FOR-US: eTrust Antivirus
CVE-2005-3224 (Multiple interpretation error in unspecified versions of AntiVir ...)
	NOT-FOR-US: AntiVir
CVE-2005-3223 (Multiple interpretation error in unspecified versions of Rising ...)
	NOT-FOR-US: Rising Antivirus
CVE-2005-3222 (Multiple interpretation error in unspecified versions of VBA32 ...)
	NOT-FOR-US: VBA32 Antivirus
CVE-2005-3221 (Multiple interpretation error in unspecified versions of Fortinet ...)
	NOT-FOR-US: Fortinet Antivirus
CVE-2005-3220 (Multiple interpretation error in unspecified versions of Norman Virus ...)
	NOT-FOR-US: Norman Antivirus
CVE-2005-3219 (Multiple interpretation error in unspecified versions of Avira ...)
	NOT-FOR-US: Avira Antivirus
CVE-2005-3218 (Multiple interpretation error in unspecified versions of Dr.Web ...)
	NOT-FOR-US: Dr. Web Antivirus
CVE-2005-3217 (Multiple interpretation error in unspecified versions of Symantec ...)
	NOT-FOR-US: Symantec Antivirus
CVE-2005-3216 (Multiple interpretation error in unspecified versions of Sophos ...)
	NOT-FOR-US: Sophos Antivirus
CVE-2005-3215 (Multiple interpretation error in unspecified versions of McAfee ...)
	NOT-FOR-US: McAfee Antivirus
CVE-2005-3214 (Multiple interpretation error in unspecified versions of Avast ...)
	NOT-FOR-US: Avast Antovirus
CVE-2005-3213 (Multiple interpretation error in unspecified versions of F-Prot ...)
	NOT-FOR-US: F-Prot Antivirus
CVE-2005-3212 (Multiple interpretation error in unspecified versions of NOD32 ...)
	NOT-FOR-US: NOD32 Antivirus
CVE-2005-3211 (Multiple interpretation error in unspecified versions of BitDefender ...)
	NOT-FOR-US: BitDefender Antivirus
CVE-2005-3210 (Multiple interpretation error in unspecified versions of Kaspersky ...)
	NOT-FOR-US: Kaspersky Antivirus
CVE-2005-3209 (Aenovo products (1) aeNovo, (2) aeNovoShop, and (3) aeNovoWYSI store ...)
	NOT-FOR-US: aeNovo apps
CVE-2005-3208 (Multiple SQL injection vulnerabilities in (1) aeNovo, (2) aeNovoShop ...)
	NOT-FOR-US: aeNovo apps
CVE-2005-3207 (The forms servlet (f90servlet) in Oracle Forms 4.5.10.22 allows remote ...)
	NOT-FOR-US: Oracle
CVE-2005-3206 (iSQL*Plus (isqlplus) for Oracle9i Database Server Release 2 9.0.2.4 ...)
	NOT-FOR-US: Oracle
CVE-2005-3205 (Cross-site scripting (XSS) vulnerability in iSQL*Plus (iSQLPlus) in ...)
	NOT-FOR-US: Oracle
CVE-2005-3204 (Cross-site scripting (XSS) vulnerability in Oracle XML DB 9iR2 allows ...)
	NOT-FOR-US: Oracle
CVE-2005-3203 (The manual installation of Oracle HTML DB (HTMLDB) 1.3 through 1.3.6 ...)
	NOT-FOR-US: Oracle
CVE-2005-3202 (Multiple cross-site scripting (XSS) vulnerabilities in Oracle HTML DB ...)
	NOT-FOR-US: Oracle
CVE-2005-3201 (SQL injection vulnerability in news.php for Utopia News Pro (UNP) ...)
	NOT-FOR-US: Utopia News Pro
CVE-2005-3200 (Multiple cross-site scripting (XSS) vulnerabilities in Utopia News Pro ...)
	NOT-FOR-US: Utopia News Pro
CVE-2005-3199 (Multiple SQL injection vulnerabilities in aradmin.asp for aspReady FAQ ...)
	NOT-FOR-US: aspReady
CVE-2005-3198 (Webroot Desktop Firewall before 1.3.0build52 allows local users to ...)
	NOT-FOR-US: Webroot Desktop Firewall
CVE-2005-3197 (Stack-based buffer overflow in PWIWrapper.dll for Webroot Desktop ...)
	NOT-FOR-US: Webroot Desktop Firewall
CVE-2005-3196 (Planet Technology Corp FGSW2402RS switch with firmware 1.2 has a ...)
	NOT-FOR-US: Planet Technology switch
CVE-2005-3195
	REJECTED
CVE-2005-3194 (Multiple buffer overflows in ALZip 6.12 (Korean), 6.1 (International), ...)
	NOT-FOR-US: ALZip
CVE-2005-3193 (Heap-based buffer overflow in the JPXStream::readCodestream function ...)
	{DSA-984-1 DSA-982-1 DSA-979-1 DSA-961-1 DSA-950-1 DSA-937-1 DSA-936-1 DSA-932-1 DSA-931-1 DTSA-28-1}
	- xpdf 3.01-3 (bug #342281; bug #342337; medium)
	- gpdf 2.10.0-1 (bug #342286; medium)
	- pdftohtml <not-affected> (Vulnerable xpdf code not contained)
	- kdegraphics 4:3.4.3-4 (bug #342287; medium)
	NOTE: Previous kdegraphics fix was incomplete
	- poppler 0.4.2-1.1 (bug #342288; medium)
	- tetex-bin 3.0-11 (bug #342292; medium)
	- koffice <not-affected> (Vulnerable xpdf code not contained)
	- libextractor 0.5.8-1 (medium)
	- cupsys 1.1.23-13 (unimportant)
	- cups 1.1.23-13 (unimportant)
	- pdfkit.framework 0.8-4
CVE-2005-3192 (Heap-based buffer overflow in the StreamPredictor function in Xpdf ...)
	{DSA-1019-1 DSA-983-1 DSA-962-1 DSA-961-1 DSA-950-1 DSA-940-1 DSA-937-1 DSA-936-1 DSA-932-1 DSA-931-1}
	- xpdf 3.01-3 (bug #342281; bug #342337; medium)
	- gpdf 2.10.0-1 (bug #342286; medium)
	- pdftohtml 0.36-12 (bug #342289; medium)
	- kdegraphics 4:3.4.3-4 (bug #342287; medium)
	NOTE: Previous kdegraphics fix was incomplete
	- poppler 0.4.3-2 (bug #342288; medium)
	NOTE: Intial poppler patch in 0.4.2-1.1 was incomplete
	- tetex-bin 3.0-11 (bug #342292; medium)
	- koffice 1:1.4.2-5 (bug #342294; medium)
	- libextractor 0.5.8-1 (medium)
	- cupsys 1.1.23-13 (unimportant)
	- cups 1.1.23-13 (unimportant)
	- pdfkit.framework 0.8-4
CVE-2005-3191 (Multiple heap-based buffer overflows in the (1) ...)
	{DSA-984-1 DSA-983-1 DSA-982-1 DSA-979-1 DSA-962-1 DSA-961-1 DSA-950-1 DSA-940-1 DSA-938-1 DSA-937-1 DSA-936-1 DSA-932-1 DSA-931-1}
	- xpdf 3.01-3 (bug #342281; bug #342337; medium)
	- gpdf 2.10.0-1 (bug #342286; medium)
	- pdftohtml 0.36-12 (bug #342289; medium)
	- kdegraphics 4:3.4.3-4 (bug #342287; medium)
	NOTE: Previous kdegraphics fix was incomplete
	- pdfkit.framework 0.8-4
	- poppler 0.4.2-1.1 (bug #342288; medium)
	- tetex-bin 3.0-11 (bug #342292; medium)
	- koffice 1:1.4.2-5 (bug #342294; medium)
	- libextractor 0.5.8-1 (medium)
	- cups 1.1.23-13 (unimportant)
	- cupsys 1.1.23-13 (unimportant)
CVE-2005-3190 (Buffer overflow in Computer Associates (CA) iGateway 3.0 and 4.0 ...)
	NOT-FOR-US: iGateway
CVE-2005-3189 (Directory traversal vulnerability in Qualcomm WorldMail IMAP Server ...)
	NOT-FOR-US: Qualcomm WorldMail IMAP Server
CVE-2005-3188 (Buffer overflow in Nullsoft Winamp 5.094 allows remote attackers to ...)
	NOT-FOR-US: Winamp
CVE-2005-3187 (The listening daemon in Blue Coat Systems Inc. WinProxy before 6.1a ...)
	NOT-FOR-US: WinProxy
CVE-2005-3186 (Integer overflow in the GTK+ gdk-pixbuf XPM image rendering library in ...)
	{DSA-913-1 DSA-911-1}
	- gtk+2.0 2.6.10-2 (bug #339431; medium)
	- gdk-pixbuf 0.22.0-11 (bug #339431; bug #339458; medium)
CVE-2005-3184 (Buffer overflow vulnerability in the unicode_to_bytes in the Service ...)
	[woody] - ethereal <not-affected> (Affects only Ethereal 0.10.10 to 0.10.12)
	- ethereal 0.10.13-1 (bug #334880; medium)
	NOTE: Sarge is vulnerable
CVE-2005-3183 (The HTBoundary_put_block function in HTBound.c for W3C libwww ...)
	- w3c-libwww 5.4.0-11 (bug #334443; low)
	[sarge] - w3c-libwww <no-dsa> (Minor DoS)
CVE-2005-3182 (Buffer overflow in the HTTP management interface for GFI MailSecurity ...)
	NOT-FOR-US: GFI MailSecurity
CVE-2005-XXXX [xscreensaver does not maintain screen locks during upgrade]
	- xscreensaver 4.23-2 (bug #334193; low)
	[sarge] - xscreensaver <no-dsa> (Unproblematic for users running stable)
CVE-2005-3185 (Stack-based buffer overflow in the ntlm_output function in http-ntlm.c ...)
	{DSA-919-2}
	- wget 1.10.2-1 (medium)
	[sarge] - wget <not-affected> (Does not contain NTML authentication code)
	[woody] - wget <not-affected> (Does not contain NTML authentication code)
	- curl 7.15.0-1 (bug #333734; medium)
CVE-2005-3239 (The OLE2 unpacker in clamd in Clam AntiVirus (ClamAV) 0.87-1 allows ...)
	{DSA-887-1 DTSA-21-1}
	- clamav 0.87.1-1 (bug #333566; medium)
CVE-2005-3181 (The audit system in Linux kernel 2.6.6, and other versions before ...)
	{DSA-1017-1}
	- linux-2.6 2.6.13+2.6.14-rc4-0experimental1 (low)
	- kernel-source-2.4.27 <not-affected> (2.4 kernels don't have CONFIG_AUDITSYSCALL)
CVE-2005-XXXX [Missing safemode checks in PHP's _php_image_output functions]
	- php5 5.0.5-2 (unimportant)
	- php4 4:4.4.0-3 (unimportant)
	NOTE: Safe mode violations not supported
CVE-2005-3180 (The Orinoco driver (orinoco.c) in Linux kernel 2.6.13 and earlier does ...)
	{DSA-1017-1}
	- linux-2.6 2.6.13+2.6.14-rc4-0experimental.1 (medium)
CVE-2005-3119 (Memory leak in the request_key_auth_destroy function in ...)
	- linux-2.6 2.6.13-2 (low)
	- kernel-source-2.4.27 <not-affected>
	NOTE: 2.6.12 itself not affected, fixed in SVN
CVE-2005-3179 (drm.c in Linux kernel 2.6.10 to 2.6.13 creates a debug file in sysfs ...)
	- linux-2.6 2.6.13+2.6.14-rc4-0experimental.1 (medium)
	- kernel-source-2.4.27 <not-affected>
CVE-2005-3178 (Buffer overflow in xloadimage 4.1 and earlier, and xli, might allow ...)
	{DSA-859-1 DSA-858-1}
	- xloadimage 4.1-15 (bug #332524; medium)
	- xli 1.17.0-20 (medium)
	NOTE: xli couldn't load the provided test images when I checked?
CVE-2005-3302 (Eval injection vulnerability in bvh_import.py in Blender 2.36 allows ...)
	{DSA-1039-1}
	- blender 2.37a-1 (bug #330895; medium)
	[woody] - blender <not-affected> (Woody's blender does not contain the bvh_import.py script)
CVE-2005-3177 (CHKDSK in Microsoft Windows 2000 before Update Rollup 1 for SP4, ...)
	NOT-FOR-US: Microsoft
CVE-2005-3176 (Microsoft Windows 2000 before Update Rollup 1 for SP4 does not record ...)
	NOT-FOR-US: Microsoft
CVE-2005-3175 (Microsoft Windows 2000 before Update Rollup 1 for SP4 allows a local ...)
	NOT-FOR-US: Microsoft
CVE-2005-3174 (Microsoft Windows 2000 before Update Rollup 1 for SP4 allows users to ...)
	NOT-FOR-US: Microsoft
CVE-2005-3173 (Microsoft Windows 2000 before Update Rollup 1 for SP4 does not apply ...)
	NOT-FOR-US: Microsoft
CVE-2005-3172 (The WideCharToMultiByte function in Microsoft Windows 2000 before ...)
	NOT-FOR-US: Microsoft
CVE-2005-3171 (Microsoft Windows 2000 before Update Rollup 1 for SP4 records Event ID ...)
	NOT-FOR-US: Microsoft
CVE-2005-3170 (The LDAP client on Microsoft Windows 2000 before Update Rollup 1 for ...)
	NOT-FOR-US: Microsoft
CVE-2005-3169 (Microsoft Windows 2000 before Update Rollup 1 for SP4, when the &quot;audit ...)
	NOT-FOR-US: Microsoft
CVE-2005-3168 (The SECEDIT command on Microsoft Windows 2000 before Update Rollup 1 ...)
	NOT-FOR-US: Microsoft
CVE-2005-3167 (Incomplete blacklist vulnerability in MediaWiki before 1.4.11 does not ...)
	- mediawiki 1.4.11-1 (bug #332408; medium)
CVE-2005-3166 (Unspecified vulnerability in &quot;edit submission handling&quot; for MediaWiki ...)
	- mediawiki 1.4.11-1 (bug #332408; unknown)
CVE-2005-3165 (Multiple cross-site scripting (XSS) vulnerabilities in MediaWiki ...)
	- mediawiki 1.4.9
CVE-2005-3164 (The AJP connector in Apache Tomcat 4.0.1 through 4.0.6 and 4.1.0 ...)
	NOT-FOR-US: Hitachi Cosminexus Application Server
CVE-2005-3163 (Unspecified vulnerability in Polipo 0.9.8 and earlier allows attackers ...)
	- polipo 0.9.9-1 (bug #332411; low)
	[sarge] - polipo <no-dsa> (Minor issue)
CVE-2005-3162
	REJECTED
CVE-2005-3161 (Multiple SQL injection vulnerabilities in PHP-Fusion before 6.00.110 ...)
	NOT-FOR-US: PHP-Fusion
CVE-2005-3160 (Multiple SQL injection vulnerabilities in photogallery.php in ...)
	NOT-FOR-US: PHP-Fusion
CVE-2005-3159 (SQL injection vulnerability in messages.php in PHP-Fusion allows ...)
	NOT-FOR-US: PHP-Fusion
CVE-2005-3158 (SQL injection vulnerability in messages.php in PHP-Fusion 6.00.106 and ...)
	NOT-FOR-US: PHP-Fusion
CVE-2005-3157 (SQL injection vulnerability in messages.php in PHP-Fusion 6.00.109 ...)
	NOT-FOR-US: PHP-Fusion
CVE-2005-3156 (Directory traversal vulnerability in printfaq.php in EasyGuppy (Guppy ...)
	NOT-FOR-US: EasyGuppy
CVE-2005-3155 (Buffer overflow in the W3C logging for MailEnable Enterprise 1.1 and ...)
	NOT-FOR-US: MailEnable Enterprise
CVE-2005-3154 (Format string vulnerability in the logging funtionality in BitDefender ...)
	NOT-FOR-US: Bitdefender Antivirus
CVE-2005-3153 (login.php in myBloggie 2.1.3 beta and earlier allows remote attackers ...)
	NOT-FOR-US: MyBloggie
CVE-2005-3152 (Multiple cross-site scripting (XSS) vulnerabilities in CubeCart 3.0.3 ...)
	NOT-FOR-US: CubeCart
CVE-2005-3151 (Buffer overflow in blenderplay in Blender Player 2.37a allows ...)
	- blender <unfixed> (bug #332413; unimportant)
	NOTE: To exploit this an attacker would need to trick a user into opening a file
	NOTE: with a very suspicious file, no automatic processing of Blender files
	NOTE: This might even be fixed in 2.42
CVE-2005-3150 (Format string vulnerability in the Log_Flush function in Weex 2.6.1.5, ...)
	{DSA-855-1}
	- weex 2.6.1-6sarge1 (bug #332424; medium)
CVE-2005-3149 (Uim 0.4.x before 0.4.9.1 and 0.5.0 and earlier does not properly ...)
	{DSA-895-1 DTSA-22-1}
	- uim 1:0.4.7-2 (bug #331620; medium)
CVE-2005-3148 (StoreBackup before 1.19 does not properly set the uid and guid for ...)
	{DSA-1022-1}
	- storebackup 1.19-1 (bug #332434)
CVE-2005-3147 (StoreBackup before 1.19 creates the backup root with world-readable ...)
	{DSA-1022-1}
	- storebackup 1.19-1 (bug #332434; medium)
CVE-2005-3146 (StoreBackup before 1.19 allows local users to perform unauthorized ...)
	{DSA-1022-1}
	- storebackup 1.19-2 (bug #332434; medium)
	NOTE: The upstream fix only mitigated the issue, but didn't fix it
CVE-2005-3145 (httpAdapter.c in sblim-sfcb before 0.9.2 allows remote attackers to ...)
	NOT-FOR-US: Standard Based Linux Instrumentation
CVE-2005-3144 (httpAdapter.c in sblim-sfcb before 0.9.2 allows remote attackers to ...)
	NOT-FOR-US: Standard Based Linux Instrumentation
CVE-2005-3143 (Unspecified vulnerability in the Mailbox Server for 4D WebStar before ...)
	NOT-FOR-US: Mailbox Server for 4D WebStar
CVE-2005-3142 (Heap-based buffer overflow in Kaspersky Antivirus (KAV) 5.0 and ...)
	NOT-FOR-US: Kaspersky Antivirus
CVE-2005-3141 (Cerulean Studios Trillian 3.0 allows remote attackers to cause a ...)
	NOT-FOR-US: Cerulean Trillian
CVE-2005-3140 (Procom NetFORCE 800 4.02 M10 Build 20 and possibly other versions ...)
	NOT-FOR-US: Procom NetFORCE
CVE-2005-3137 (The (1) cfmailfilter and (2) cfcron.in files for cfengine 1.6.5 allow ...)
	{DSA-836-1 DSA-835-1}
	- cfengine <removed> (bug #332433; low)
	- cfengine2 2.1.17-1 (bug #332432; low)
	NOTE: maintainer does not think it's a hole, script is unused/broken
CVE-2005-3136 (Directory traversal vulnerability in Virtools Web Player 3.0.0.100 and ...)
	NOT-FOR-US: Virtools Web Player
CVE-2005-3135 (Buffer overflow in Virtools Web Player 3.0.0.100 and earlier allows ...)
	NOT-FOR-US: Virtools Web Player
CVE-2005-3134 (Citrix Metaframe Presentation Server 3.0 and 4.0 allows remote ...)
	NOT-FOR-US: Citrix
CVE-2005-3133 (Multiple directory traversal vulnerabilities in MERAK Mail Server ...)
	NOT-FOR-US: MERAK Mail Server
CVE-2005-3132 (MERAK Mail Server 8.2.4r with Icewarp Web Mail 5.5.1, and possibly ...)
	NOT-FOR-US: MERAK Mail Server
CVE-2005-3131 (Multiple cross-site scripting (XSS) vulnerabilities in MERAK Mail ...)
	NOT-FOR-US: MERAK Mail Server
CVE-2005-3130 (SQL injection vulnerability in lucidCMS 1.0.11 allows remote attackers ...)
	NOT-FOR-US: lucidCMS
CVE-2005-3129 (Cross-site request forgery (CSRF) vulnerability in Serendipity 0.8.4 ...)
	- serendipity 1.0-1
CVE-2005-3128 (Cross-site scripting (XSS) vulnerability in add.php in Address Add ...)
	NOT-FOR-US: Address Add Plugin for Squirrelmail
CVE-2005-3127 (Cross-site scripting (XSS) vulnerability in index.php in lucidCMS ...)
	NOT-FOR-US: lucidCMS
CVE-2005-3126 (The (1) kantiword (kantiword.sh) and (2) gantiword (gantiword.sh) ...)
	{DSA-945-1}
	- antiword 0.35-2 (low)
CVE-2005-3125
	RESERVED
CVE-2005-3124 (syslogtocern in Acme thttpd before 2.23 allows local users to write ...)
	{DSA-883-1}
	- thttpd 2.23beta1-4
CVE-2005-3123 (Directory traversal vulnerability in GNUMP3D before 2.9.6 allows ...)
	{DSA-877-1}
	- gnump3d 2.9.6-1 (medium)
CVE-2005-3122
	REJECTED
CVE-2005-3121 (A rule file in module-assistant before 0.9.10 causes a temporary file ...)
	{DSA-867-1}
	- module-assistant 0.9.10
CVE-2005-3120 (Stack-based buffer overflow in the HTrjis function in Lynx 2.8.6 and ...)
	{DSA-1085-1 DSA-876-1 DSA-874-1}
	- lynx 2.8.5-2sarge1 (bug #335033; high)
	- lynx-cur 2.8.6-16 (bug #334423; high)
	- lynx-ssl <removed>
CVE-2005-3118 (Mason before 1.0.0 does not install the init script after the user ...)
	{DSA-845-1}
	- mason 1.0.0-3
CVE-2005-3117
	REJECTED
CVE-2005-3116 (Stack-based buffer overflow in a shared library as used by the Volume ...)
	NOT-FOR-US: VERITAS Backup
CVE-2005-3115 (mpeg-tools before 1.5b-r2 creates multiple temporary files insecurely, ...)
	NOT-FOR-US: mpeg-tools
CVE-2005-3114 (Buffer overflow in the ActiveX control for NateOn Messenger ...)
	NOT-FOR-US: NateOn Messenger
CVE-2005-3113 (The ActiveX control for NateOn Messenger (NateonDownloadManager.ocx) ...)
	NOT-FOR-US: NateOn Messenger
CVE-2005-3112 (The &quot;reset password&quot; feature in Macromedia Breeze 5.0 stores passwords ...)
	NOT-FOR-US: Macromedia Breeze
CVE-2005-3110 (Race condition in ebtables netfilter module (ebtables.c) in Linux 2.6, ...)
	{DSA-922-1}
	- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.11.11)
	- kernel-source-2.4.27 <not-affected>
CVE-2005-3109 (The HFS and HFS+ (hfsplus) modules in Linux 2.6 allow attackers to ...)
	{DSA-922-1}
	- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.11.12)
	- kernel-source-2.4.27 <not-affected>
CVE-2005-3108 (mm/ioremap.c in Linux 2.6 on 64-bit x86 systems allows local users to ...)
	{DSA-922-1}
	- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.11.12)
	- kernel-source-2.4.27 <not-affected>
CVE-2005-3107 (fs/exec.c in Linux 2.6, when one thread is tracing another thread that ...)
	{DSA-922-1}
	- linux-2.6 <not-affected> (Fixed before upload into archive; in 2.6.11)
	- kernel-source-2.4.27 <not-affected>
CVE-2005-3106 (Race condition in Linux 2.6, when threads are sharing memory mapping ...)
	{DSA-922-1}
	- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.11)
CVE-2005-3105 (The mprotect code (mprotect.c) in Linux 2.6 on Itanium IA64 Montecito ...)
	{DSA-922-1}
	- kernel-source-2.4.27 <unfixed> (bug #332569; unimportant)
	NOTE: Montecito CPUs are not available on the market yet
	- linux-2.6 2.6.12-1
CVE-2005-XXXX [Minor local DoS as libldap]
	- openldap <unfixed> (bug #253838; low)
CVE-2005-XXXX [Insecure bounds checking in mpack's content parser]
	- mpack 1.6-1 (bug #216566)
CVE-2005-XXXX [coreutils ignores umask when using -m in mkdir, mkfifo and mknod]
	- coreutils 5.93-1 (bug #306076; low)
	[sarge] - coreutils <no-dsa> (Minor issue, hardly exploitable)
	[woody] - coreutils <no-dsa> (Minor issue, hardly exploitable)
CVE-2005-XXXX [tar's rmt command may have undesired side effects]
	- tar <unfixed> (bug #290435; unimportant)
	[sarge] - tar <no-dsa> (Hardly exploitable)
CVE-2004-XXXX [Unspecified buffer overflow in libmng]
	- libmng 1.0.8-1 (bug #250106)
CVE-2004-XXXX [Multiple buffer overflows in isoqlog]
	- isoqlog 2.2-0.1 (bug #254101; bug #202634)
CVE-2002-XXXX [libnss-ldap: DoS through truncated DNS queries]
	- libnss-ldap 199-1 (bug #169793)
CVE-2005-3752 (Unspecified vulnerability in ldapdiff before 1.1.1 has unknown impact ...)
	- ldapdiff <not-affected> (The version in Debian doesn't contain the vulnerable code, see #306878)
CVE-2004-XXXX [asciijump: /var/games/asciijump world writable]
	- asciijump 0.0.6-1.2 (bug #269186)
CVE-2004-XXXX [Barrendero spool world-readable]
	- barrendero 1.1-1 (bug #279163)
CVE-2005-XXXX [hdup inproperly preserves permissions on directories]
	- hdup 2.0.14-2 (bug #302790; low)
	NOTE: Minor issue, workaround and patch documented since version above
	[sarge] - hdup <no-dsa> (Mostly a design limitation, very limited security implications)
CVE-2001-XXXX [crypt++ passes passwords through the command line]
	- crypt++el 2.91-2.1 (bug #105562; low)
CVE-2004-XXXX [Two vulnerabilities in sredird]
	- sredird 2.2.1-1.1 (bug #267098)
CVE-2003-XXXX [fuzz: Insecure temp file usage]
	- fuzz 0.6-7.1 (bug #183047)
CVE-2005-XXXX [DoS triggering endless loops in findutils -follow option]
	- findutils 4.2.22-1 (bug #313081)
	[woody] - findutils <not-affected> (Only code between 4.2.18 and 4.2.22 affected)
	[sarge] - findutils <not-affected> (Only code between 4.2.18 and 4.2.22 affected)
CVE-2005-3138 (Bugzilla 2.18rc1 through 2.18.3, 2.19 through 2.20rc2, and 2.21 allows ...)
	[woody] - bugzilla <not-affected> (Only Bugzilla >= 2.18 is affected)
	[sarge] - bugzilla <not-affected> (Only Bugzilla >= 2.18 is affected)
	- bugzilla 2.18.4-1 (bug #331206; medium)
CVE-2005-3139 (Bugzilla 2.19.1 through 2.20rc2 and 2.21, with user matching turned on ...)
	[woody] - bugzilla <not-affected> (Only Bugzilla >= 2.19 is affected)
	[sarge] - bugzilla <not-affected> (Only Bugzilla >= 2.19 is affected)
	- bugzilla 2.18.4-1 (bug #331206; medium)
CVE-2005-2966 (The Python SVG import plugin (diasvg_import.py) for DIA 0.94 and ...)
	{DSA-847-1}
	- dia 0.94.0-15 (bug #330890; medium)
CVE-2005-XXXX [Insecure temp files in linux-wlan-ng]
	- linux-wlan-ng 0.2.0+0.2.1pre21-1.1 (bug #290047; low)
CVE-2002-XXXX [sanitizer bypassal through quoted file names]
	- sanitizer 1.76-1 (bug #149799; medium)
	[sarge] - sanitizer <not-affected> (Sarge version already fixed)
	NOTE: This was fixed earlier in fact, but it's unknown when
CVE-2005-XXXX [Heap overflow in libosip URI parsing]
	- libosip2 2.0.9-1 (bug #308737)
CVE-2005-XXXX [rkhunter: Insecure temporary file]
	- rkhunter 1.2.7-14 (bug #330627; medium)
CVE-2005-XXXX [fprobe-ng: Insecure default hash]
	- fprobe-ng <unfixed> (bug #322699; low)
	[sarge] - fprobe-ng <no-dsa> (Hardly exploitable)
CVE-2005-3104 (mt-comments.cgi in Movable Type before 3.2 allows attackers to ...)
	NOT-FOR-US: Movable Type
CVE-2005-3103 (Cross-site scripting (XSS) vulnerability in Movable Type before 3.2 ...)
	NOT-FOR-US: Movable Type
CVE-2005-3102 (The administrative interface in Movable Type allows attackers to ...)
	NOT-FOR-US: Movable Type
CVE-2005-3101 (The password reset feature in Movable Type before 3.2 generates ...)
	NOT-FOR-US: Movable Type
CVE-2005-3100 (Unspecified &quot;PPTP Remote DoS Vulnerability&quot; in Astaro Security Linux ...)
	NOT-FOR-US: Astato Security Linux
CVE-2005-3099 (Unspecified vulnerability in the (1) Xsun and (2) Xprt commands in ...)
	NOT-FOR-US: Solaris
CVE-2005-3098 (poppassd in Qualcomm qpopper 4.0.8 allows local users to modify ...)
	- qpopper <not-affected> (bug #330123; Vulnerable code not shipped in binary)
CVE-2005-3097 (Directory traversal vulnerability in Avi Alkalay contribute.cgi (aka ...)
	NOT-FOR-US: Avi Alkalay
CVE-2005-3096 (Avi Alkalay nslookup.cgi program, dated 16 June 2002, allows remote ...)
	NOT-FOR-US: Avi Alkalay
CVE-2005-3095 (Avi Alkalay notify program, dated 19 Aug 2001, allows remote attackers ...)
	NOT-FOR-US: Avi Alkalay
CVE-2005-3094 (Avi Alkalay man-cgi script allows remote attackers to execute ...)
	NOT-FOR-US: Avi Alkalay
CVE-2005-3093 (Nokia 7610 and 3210 phones allows attackers to cause a denial of ...)
	NOT-FOR-US: Nokia cell phones
CVE-2005-3092 (Heap-based buffer overflow in Image-Line Software FL Studio 5.0.1 ...)
	NOT-FOR-US: Image-Line Software FL Studio
CVE-2005-3091 (Cross-site scripting (XSS) vulnerability in Mantis before 1.0.0rc1 ...)
	{DSA-905-1}
	- mantis 0.19.3-0.1 (bug #330682; low)
CVE-2005-3090 (Cross-site scripting (XSS) vulnerability in bug_actiongroup_page.php ...)
	- mantis 0.19.2-4 (bug #330682; medium)
CVE-2005-3089 (Firefox 1.0.6 allows attackers to cause a denial of service (crash) ...)
	- mozilla-firefox 1.0.7-1 (unimportant)
	NOTE: Browser crashes not treated as security problems
CVE-2005-3088 (fetchmailconf before 1.49 in fetchmail 6.2.0, 6.2.5 and 6.2.5.2 ...)
	{DSA-900-3}
	- fetchmail 6.2.5.4-1 (bug #336096; low)
CVE-2005-3111 (The handler code for backupninja 0.8 and earlier creates temporary ...)
	{DSA-827-1}
	- backupninja 0.8-2 (medium)
CVE-2005-XXXX [microcode.ctl downloads microcode w/o user confirmation]
	- microcode.ctl 0.20080131-1 (bug #282583; unimportant)
	NOTE: The validity of the microcode is ensure inside the CPU
CVE-2001-XXXX [gnupg: inproper flagging of signatures as being local]
	- gnupg 1.0.7-1 (bug #107374)
CVE-2005-3087 (The SecureW2 3.0 TLS implementation uses weak random number generators ...)
	NOT-FOR-US: SecureW2 TLS
CVE-2005-3086 (Directory traversal vulnerability in admin/about.php in contentServ ...)
	NOT-FOR-US: contentSrv
CVE-2005-3085 (Multiple cross-site scripting (XSS) vulnerabilities in rss.php in ...)
	NOT-FOR-US: Riverdark Studios RSS Syndicator
CVE-2005-3084 (Buffer overflow in the TIFF library in the Photo Viewer for Sony PSP ...)
	NOT-FOR-US: Sony PSP
CVE-2005-3083 (Cross-site scripting (XSS) vulnerability in index.php in CMS Made ...)
	NOT-FOR-US: CMS Made Simple
CVE-2005-3082 (SQL injection vulnerability in admin.php in SEO-Board 1.0.2 allows ...)
	NOT-FOR-US: SEO-Board
CVE-2005-3081 (wzdftpd 0.5.4 allows remote authenticated users to execute arbitrary ...)
	{DSA-1006-1}
	- wzdftpd 0.5.5-1 (high)
CVE-2005-3080 (contrib/example.php in GeSHi before 1.0.7.3 allows remote attackers to ...)
	NOT-FOR-US: GeSHi
CVE-2005-3079 (PunBB before 1.2.8 allows remote attackers to perform &quot;code inclusion&quot; ...)
	NOT-FOR-US: PunBB
CVE-2005-3078 (Cross-site scripting (XSS) vulnerability in PunBB before 1.2.8 allows ...)
	NOT-FOR-US: PunBB
CVE-2005-3077 (Microsoft Internet Explorer 5.2.3 for Mac OS allows remote attackers ...)
	NOT-FOR-US: Microsoft
CVE-2005-3076 (Simplog 0.9.1 might allow remote attackers to execute arbitrary SQL ...)
	NOT-FOR-US: Simplog
CVE-2005-3075 (SQL injection vulnerability in Zengaia before 0.2 allows remote ...)
	NOT-FOR-US: Zengaia
CVE-2005-3074 (SQL injection vulnerability in rsyslogd in RSyslog before 1.0.1 and ...)
	NOT-FOR-US: RSyslog
CVE-2005-3073 (Unspecified vulnerability in Interchange 5.0.1 allows attackers 4.9.3, ...)
	- interchange 5.2.1-1 (bug #329705; unknown)
CVE-2005-3072 (SQL injection vulnerability in pages/forum/submit.html in Interchange ...)
	- interchange 5.2.1-1 (bug #329705; medium)
CVE-2005-3071 (Unspecified vulnerability in Unix File System (UFS) on Solaris 8 and ...)
	NOT-FOR-US: Solaris
CVE-2005-3070 (HylaFax 4.2.1 and earlier does not create or verify ownership of the ...)
	- hylafax 1:4.2.2+rc1 (bug #329384; unimportant)
	NOTE: This was judged non-exploitable
CVE-2005-3069 (xferfaxstats in HylaFax 4.2.1 and earlier allows local users to ...)
	{DSA-865-1}
	- hylafax 1:4.2.2+rc1 (bug #329384; low)
CVE-2005-3068 (Unspecified vulnerability in Eric Integrated Development Environment ...)
	{DSA-869-1}
	- eric 3.7.2-1 (bug #330608; medium)
CVE-2005-3067 (Cross-site scripting (XSS) vulnerability in perldiver.cgi in PerlDiver ...)
	NOT-FOR-US: PerlDiver
CVE-2005-3066 (Cross-site scripting (XSS) vulnerability in perldiver.pl in PerlDiver ...)
	NOT-FOR-US: PerlDiver
CVE-2005-3065 (MultiTheftAuto 0.5 patch 1 and earlier allows remote attackers cause a ...)
	NOT-FOR-US: MultiTheftAuto
CVE-2005-3064 (MultiTheftAuto 0.5 patch 1 and earlier does not properly verify client ...)
	NOT-FOR-US: MultiTheftAuto
CVE-2005-3063 (SQL injection vulnerability in MailGust 1.9 allows remote attackers to ...)
	NOT-FOR-US: MailGust
CVE-2005-3062 (PHP remote file inclusion vulnerability in index.php in AlstraSoft ...)
	NOT-FOR-US: AlstraSoft E-Friends
CVE-2005-3061 (Multiple stack-based buffer overflows in PowerArchiver 8.10 through ...)
	NOT-FOR-US: PowerArchiver
CVE-2003-XXXX [Insecure temp files in lilo]
	- lilo 1:22.4-1 (bug #173238; bug #292073; low)
CVE-2005-XXXX [Multiple security issues when using distcc without ssh auth]
	- distcc 2.18.3-3 (bug #298929; low)
	[sarge] - distcc <no-dsa> (Only affects distcc in a very non-standard way not recommended for unstrusted environments)
CVE-2004-XXXX [phpwiki shares a cookie for all wikis on a host]
	- phpwiki 1.3.12p2-1 (bug #282565; medium)
CVE-1999-XXXX [Insecure access control on GNU Mach's IO ports]
	- gnumach 1:20050801-3 (bug #46709)
	NOTE: Nearly six years old :-)
CVE-2005-3060 (Buffer overflow in getconf in IBM AIX 5.2 to 5.3 allows local users to ...)
	NOT-FOR-US: AIX
CVE-2005-3059 (Multiple unspecified vulnerabilities in Opera 8.50 on Linux and ...)
	NOT-FOR-US: Opera
CVE-2005-3058 (Interpretation conflict in Fortinet FortiGate 2.8, running FortiOS ...)
	NOT-FOR-US: FortiGate
CVE-2005-3057 (Unspecified vulnerability in the FTP component in FortiGate 2.8, ...)
	NOT-FOR-US: FortiGate
CVE-2005-3056 [TWiki INCLUDE function allows arbitrary shell command execution ]
	RESERVED
	- twiki 20040902-2 (bug #330733; high)
CVE-2005-3055 (Linux kernel 2.6.8 to 2.6.14-rc2 allows local users to cause a denial ...)
	{DSA-1017-1}
	- linux-2.6 2.6.14-1 (bug #330287; bug #332587; medium)
	- kernel-source-2.4.27 <not-affected>
CVE-2005-3054 (fopen_wrappers.c in PHP 4.4.0, and possibly other versions, does not ...)
	- php4 4:4.4.0-3 (bug #353585; bug #354685; medium)
	- php5 5.0.5-2 (bug #353585; medium)
	[sarge] - php4 <no-dsa> (open_basedir violations not supported)
CVE-2005-3053 (The sys_set_mempolicy function in mempolicy.c in Linux kernel 2.6.x ...)
	{DSA-1017-1}
	- linux-2.6 2.6.12-3 (bug #330343; bug #330353; medium)
CVE-2005-3052 (SQL injection vulnerability in module/down.inc.php in jportal 2.3.1 ...)
	NOT-FOR-US: jportal
CVE-2005-3051 (Stack-based buffer overflow in the ARJ plugin (arj.dll) 3.9.2.0 for ...)
	NOT-FOR-US: 7-Zip
CVE-2005-3050 (PhpMyFaq 1.5.1 allows remote attackers to obtain sensitive information ...)
	NOT-FOR-US: PhpMyFaq
CVE-2005-3049 (PhpMyFaq 1.5.1 stores data files under the web document root with ...)
	NOT-FOR-US: PhpMyFaq
CVE-2005-3048 (Directory traversal vulnerability in index.php in PhpMyFaq 1.5.1 ...)
	NOT-FOR-US: PhpMyFaq
CVE-2005-3047 (Multiple cross-site scripting (XSS) vulnerabilities in PhpMyFaq 1.5.1 ...)
	NOT-FOR-US: PhpMyFaq
CVE-2005-3046 (SQL injection vulnerability in password.php in PhpMyFaq 1.5.1 allows ...)
	NOT-FOR-US: PhpMyFaq
CVE-2005-3045 (SQL injection vulnerability in search.php in My Little Forum 1.5 and ...)
	NOT-FOR-US: My Little Forum
CVE-2003-1232 (Emacs 21.2.1 does not prompt or warn the user before executing Lisp ...)
	- emacs21 21.3-1 (bug #286183; medium)
CVE-2005-XXXX [egroupware unsafe use of /tmp for storing a log file]
	- egroupware 1.0.0.009.dfsg-3-1 (bug #329597; low)
	[sarge] - egroupware <no-dsa> (Minor issue)
CVE-2005-XXXX [SQL injection vulnerability in egroupware in account deletion]
	- egroupware 1.0.0.009.dfsg-3-1 (bug #329597; low)
	[sarge] - egroupware <no-dsa> (Minor issue)
CVE-2005-XXXX [Insecure pidfile handling in mailleds]
	- mailleds 0.93-11.1 (bug #329365; low)
	[sarge] - mailleds <no-dsa> (Hardly exploitable)
CVE-2005-XXXX [kdebase uses urandom as an entropy source]
	- kdebase <unfixed> (bug #325369; unimportant)
	NOTE: Only affects the unofficial BSD/Hurd ports or 2.2 kernels
	NOTE: on Linux urandom should provide sufficient entropy
CVE-2005-3753 (Linux kernel before after 2.6.12 and before 2.6.13.1 might allow ...)
	- linux-2.6 2.6.12-7 (low)
CVE-2005-3043 (SQL injection vulnerability in AddItem.asp in Mall23 eCommerce allows ...)
	NOT-FOR-US: Mall23 eCommerce
CVE-2005-3042 (miniserv.pl in Webmin before 1.230 and Usermin before 1.160, when ...)
	- webmin 1.230-1 (high; bug #329741)
	[sarge] - webmin <not-affected> (Vulnerable code not present, see #329741)
	- usermin 1.160-1 (high; bug #329742)
	NOTE: SNS Advisory 83, http://marc.theaimsgroup.com/?m=112733083203821
CVE-2005-3041 (Unspecified &quot;drag-and-drop vulnerability&quot; in Opera Web Browser before ...)
	NOT-FOR-US: Opera
CVE-2005-3040 (Directory traversal vulnerability in the web interface (ISALogin.dll) ...)
	NOT-FOR-US: TAC Vista
CVE-2005-3039 (SQL injection vulnerability in infopage.asp in Mall23 eCommerce allows ...)
	NOT-FOR-US: Mall23 eCommerce
CVE-2005-3038 (Unspecified vulnerability in Hosting Controller 6.1 before Hotfix 2.4 ...)
	NOT-FOR-US: Hosting Controller
CVE-2005-3037 (Cross-site scripting (XSS) vulnerability in Handy Address Book Server ...)
	NOT-FOR-US: Handy Address Book Server
CVE-2005-3036 (File Transfer Anywhere 3.01 stores sensitive password information in ...)
	NOT-FOR-US: File Transfer Anywhere
CVE-2005-3035 (Compuware DriverStudio Remote Control service (DSRsvc.exe) 2.7 and 3.0 ...)
	NOT-FOR-US: Compuware DriverStudio
CVE-2005-3034 (Compuware DriverStudio Remote Control service (DSRsvc.exe) 2.7 and 3.0 ...)
	NOT-FOR-US: Compuware DriverStudio
CVE-2005-3033 (Stack-based buffer overflow in vxWeb 1.1.4 allows remote attackers to ...)
	NOT-FOR-US: vxWeb - WinCE software
CVE-2005-3032 (Buffer overflow in vxTftpSrv 1.7.0 allows remote attackers to cause a ...)
	NOT-FOR-US: vxTfpSrv - WinCE software
CVE-2005-3031 (Buffer overflow in vxFtpSrv 0.9.7 allows remote attackers to execute ...)
	NOT-FOR-US: vxTfpSrv - WinCE software
CVE-2005-3030 (Directory traversal vulnerability in the archive decompression library ...)
	NOT-FOR-US: Ahnlab Anti virus
CVE-2005-3029 (Stack-based buffer overflow in AhnLab V3Pro 2004 build 6.0.0.383, V3 ...)
	NOT-FOR-US: Ahnlab Anti virus
CVE-2005-3028
	REJECTED
CVE-2005-3027 (Sybari Antigen 8.0 SR2 does not properly filter SMTP messages, which ...)
	NOT-FOR-US: Sybari Antigen anti spam solution
CVE-2005-3026 (Directory traversal vulnerability in index.php in Alstrasoft Epay Pro ...)
	NOT-FOR-US: Epay Pro
CVE-2005-3025 (Multiple cross-site scripting (XSS) vulnerabilities in vBulletin 3.0.7 ...)
	NOT-FOR-US: vBulletin
CVE-2005-3024 (Multiple SQL injection vulnerabilities in vBulletin 3.0.7 and earlier ...)
	NOT-FOR-US: vBulletin
CVE-2005-3023 (Multiple cross-site scripting (XSS) vulnerabilities in vBulletin 3.0.9 ...)
	NOT-FOR-US: vBulletin
CVE-2005-3022 (Multiple SQL injection vulnerabilities in vBulletin 3.0.9 and earlier ...)
	NOT-FOR-US: vBulletin
CVE-2005-3021 (image.php in vBulletin 3.0.9 and earlier allows remote attackers with ...)
	NOT-FOR-US: vBulletin
CVE-2005-3020 (Multiple cross-site scripting (XSS) vulnerabilities in vBulletin ...)
	NOT-FOR-US: vBulletin
CVE-2005-3019 (Multiple SQL injection vulnerabilities in vBulletin before 3.0.9 allow ...)
	NOT-FOR-US: vBulletin
CVE-2005-3018 (Apple Safari allows remote attackers to cause a denial of service ...)
	NOT-FOR-US: Safari
CVE-2005-3017 (PHP file inclusion vulnerability in index.php in Content2Web 1.0.1 ...)
	NOT-FOR-US: Content2Web
CVE-2005-3016 (Multiple unspecified vulnerabilities in the WYSIWYG editor in PHP-Nuke ...)
	NOT-FOR-US: PHP-Nuke
CVE-2005-3015 (Cross-site scripting (XSS) vulnerability in IBM Lotus Domino 6.5.2 ...)
	NOT-FOR-US: Lotus Domino
CVE-2005-3014 (Cross-site scripting (XSS) vulnerability in Ensim webplliance allows ...)
	NOT-FOR-US: Ensim webppliance
CVE-2005-3013 (Buffer overflow in liby2util in Yet another Setup Tool (YaST) for SuSE ...)
	NOT-FOR-US: YaST
CVE-2005-3012 (The MasterDataCD::createImage function in masterdatacd.cpp for ...)
	NOT-FOR-US: SimpleCDR-X
CVE-2005-3011 (The sort_offline function for texindex in texinfo 4.8 and earlier ...)
	{DSA-1219}
	- texinfo 4.8-1 (bug #328365; low)
	[sarge] - texinfo <no-dsa> (Minor issue, hardly exploitable)
CVE-2005-3010 (Direct static code injection vulnerability in the flood protection ...)
	NOT-FOR-US: CuteNews
CVE-2005-3009 (Cross-site scripting (XSS) vulnerability in CuteNews allows remote ...)
	NOT-FOR-US: CuteNews
CVE-2005-3008 (Tofu 0.2 allows remote attackers to execute arbitrary Python code via ...)
	NOT-FOR-US: Tofu
CVE-2005-3007 (Opera before 8.50 allows remote attackers to spoof the content type of ...)
	NOT-FOR-US: Opera
CVE-2005-3006 (The mail client in Opera before 8.50 opens attached files from the ...)
	NOT-FOR-US: Opera
CVE-2005-3005 (Helpdesk Software Hesk allows remote attackers to bypass ...)
	NOT-FOR-US: Helpdesk Software Hesk
CVE-2005-3004 (SQL injection vulnerability in Interakt MX Shop 3.2.0 allows remote ...)
	NOT-FOR-US: Interakt MX Shop
CVE-2005-3003 (SQL injection vulnerability in index.php in NooTopList 1.0.0 release ...)
	NOT-FOR-US: NooTopList
CVE-2005-3002 (Multi-Computer Control System (MCCS) 1.0 allows remote attackers to ...)
	NOT-FOR-US: Multi-Computer Control System
CVE-2005-3001 (Unspecified vulnerability in the &quot;tl&quot; driver in Solaris 10 allows ...)
	NOT-FOR-US: Solaris
CVE-2005-3000 (Multiple cross-site scripting (XSS) vulnerabilities in viewers/txt.php ...)
	NOT-FOR-US: PHP Advanced Transfer Manager
CVE-2005-2999 (PHP Advanced Transfer Manager 1.30 allows remote attackers to obtain ...)
	NOT-FOR-US: PHP Advanced Transfer Manager
CVE-2005-2998 (PHP Advanced Transfer Manager 1.30 has a default password for the ...)
	NOT-FOR-US: PHP Advanced Transfer Manager
CVE-2005-2997 (Multiple directory traversal vulnerabilities in PHP Advanced Transfer ...)
	NOT-FOR-US: PHP Advanced Transfer Manager
CVE-2005-2996 (Multiple heap-based and stack-based buffer overflows in certain DCOM ...)
	NOT-FOR-US: VERITAS storage solutions
CVE-2005-2995 (bacula 1.36.3 and earlier allows local users to modify or read ...)
	- bacula 1.38.9-1 (bug #329271; low)
	NOTE: Sarge affected, didn't exist in Woody
CVE-2005-2994 (Unspecified vulnerability in the web client for IBM Rational ...)
	NOT-FOR-US: IBM Rational ClearQuest
CVE-2005-2993 (Unspecified vulnerability in the FTP Daemon (ftpd) for HP Tru64 UNIX ...)
	NOT-FOR-US: HP Tru64
CVE-2005-2991 (ncompress 4.2.4 and earlier allows local users to overwrite arbitrary ...)
	- ncompress <not-affected> (bug #329052; unimportant)
	NOTE: see bug close message,  Debian's ncompress doesn't expose affected scripts
CVE-2005-2992 (arc 5.21j and earlier allows local users to overwrite arbitrary files ...)
	{DSA-843-1}
	- arc 5.21m-1 (low)
CVE-2005-2990 (AuthInfo.java in LineContol Java Client (jlc) before 0.8.1 stores ...)
	NOT-FOR-US: LineControl Java Client
CVE-2005-2989 (Multiple SQL injection vulnerabilities in DeluxeBB 1.0 and 1.0.5 allow ...)
	NOT-FOR-US: DeluxeBB
CVE-2005-2988 (HP LaserJet 2430, and possibly other printers that use Jetdirect ...)
	NOT-FOR-US: HP printers
CVE-2005-2987 (SQL injection vulnerability in login.php in Digital Scribe 1.4 allows ...)
	NOT-FOR-US: Digital Scribe
CVE-2005-2986 (The v3flt2k.sys driver in AhnLab V3Pro 2004 Build 6.0.0.383, V3 ...)
	NOT-FOR-US: AhnLab antivirus and related products
CVE-2005-2985 (SQL injection vulnerability in search_result.php in AEwebworks ...)
	NOT-FOR-US: aeDating script
CVE-2005-2984 (Avocent CCM console server running firmware 2.1 CCM4850 allows remote ...)
	NOT-FOR-US: Avocent hardware issue
CVE-2005-2983 (SQL injection vulnerability in Oracle Reports that use Lexical ...)
	NOT-FOR-US: Oracle
CVE-2005-2982 (Cross-site scripting (XSS) vulnerability in CompaqHTTPServer 2.1 ...)
	NOT-FOR-US: CompaqHTTPServer
CVE-2005-2981 (Cross-site scripting (XSS) vulnerability in Orion 1.3.8 and 1.4.5 ...)
	NOT-FOR-US: Orion
CVE-2005-2980 (Cross-site scripting (XSS) vulnerability in index.php in ...)
	NOT-FOR-US: phpoutsourcing Noah's classifieds
CVE-2005-2979 (SQL injection vulnerability in index.php in phpoutsourcing Noah's ...)
	NOT-FOR-US: phpoutsourcing Noah's classifieds
CVE-2005-2978 (pnmtopng in netpbm before 10.25, when using the -trans option, uses ...)
	{DSA-878-1}
	- netpbm-free 2:10.0-10
CVE-2005-2977 (The SELinux version of PAM before 0.78 r3 allows local users to ...)
	- pam 0.99.7.1-2 (bug #336344; low)
	[etch] - pam 0.79-5
	[sarge] - pam <not-affected> (Does not contain SELinux support)
	[woody] - pam <not-affected> (Does not contain SELinux support)
CVE-2005-2976 (Integer overflow in io-xpm.c in gdk-pixbuf 0.22.0 in GTK+ before 2.8.7 ...)
	{DSA-913-1 DSA-911-1}
	- gdk-pixbuf 0.22.0-11 (bug #339431; medium)
	- gtk+2.0 2.6.10-2
CVE-2005-2975 (io-xpm.c in the gdk-pixbuf XPM image rendering library in GTK+ before ...)
	{DSA-913-1 DSA-911-1}
	- gdk-pixbuf 0.22.0-11 (bug #339431; low)
	- gtk+2.0 2.6.10-2 (bug #339431; low)
CVE-2005-2974 (libungif library before 4.1.0 allows attackers to cause a denial of ...)
	{DSA-890-1}
	- libungif4 4.1.3-4 (bug #337972; unimportant)
	- giflib 4.1.4-1 (bug #395382; unimportant)
	NOTE: Just a bug, hardly security implications
CVE-2005-2973 (The udp_v6_get_port function in udp.c in Linux 2.6 before 2.6.14-rc5, ...)
	{DSA-1018-1 DSA-1017-1}
	- linux-2.6 2.6.13+2.6.14-rc4-0experimental.1 (low)
CVE-2005-2972 (Multiple stack-based buffer overflows in the RTF import feature in ...)
	{DSA-894-1}
	- abiword 2.4.1-1 (bug #333740; medium)
CVE-2005-2971 (Heap-based buffer overflow in the KWord RTF importer for KOffice 1.2.0 ...)
	{DSA-872-1}
	- koffice 1:1.3.5-5 (bug #333497; medium)
CVE-2005-2970 (Memory leak in the worker MPM (worker.c) for Apache 2, in certain ...)
	- apache2 2.0.55-1 (bug #340337; low)
	[sarge] - apache2 2.0.54-5sarge2
	NOTE: this occurs in the binary package apache2-mpm-worker
CVE-2005-2969 (The SSL/TLS server implementation in OpenSSL 0.9.7 before 0.9.7h and ...)
	{DSA-888-1 DSA-882-1 DSA-881-1 DSA-875-1}
	- openssl 0.9.8-3 (bug #333500; low)
	- openssl097 0.9.7g-5 (bug #333500; low)
	- openssl094 <removed>
	- openssl095 <removed>
	- openssl096 <removed>
CVE-2005-2968 (Firefox 1.0.6 and Mozilla 1.7.10 allows attackers to execute arbitrary ...)
	{DSA-868-1}
	- mozilla-firefox <not-affected> (Debian ships a non-vulnerable wrapper script)
	- mozilla <not-affected> (Debian ships a non-vulnerable wrapper script)
	- mozilla-thunderbird 1.0.6-4 (bug #329667; bug #329664; high)
CVE-2005-2967 (Format string vulnerability in input_cdda.c in xine-lib 1-beta through ...)
	{DSA-863-1}
	- xine-lib 1.0.1-1.4 (bug #332919; bug #333682; medium)
CVE-2005-2965
	REJECTED
CVE-2005-2964 (Stack-based buffer overflow in AbiWord before 2.2.10 allows attackers ...)
	{DSA-894-1}
	- abiword 2.2.10-1 (bug #329839; medium)
CVE-2005-2963 (The mod_auth_shadow module 1.0 through 1.5 and 2.0 for Apache with ...)
	{DSA-844-1}
	- mod-auth-shadow 1.4-2 (bug #323789; medium)
CVE-2005-2962 (The post-installation script for ntlmaps before 0.9.9 sets ...)
	{DSA-830-1}
	- ntlmaps 0.9.9-4
CVE-2005-2961 (Buffer overflow in the get_string_ahref function for ProZilla 1.3.7.4 ...)
	{DSA-834-1}
	NOTE: prozilla is not in sarge or etch
CVE-2005-2960 (cfengine 1.6.5 and 2.1.16 allows local users to overwrite arbitrary ...)
	{DSA-836-1 DSA-835-1}
	- cfengine <removed> (bug #332433; low)
	- cfengine2 2.1.17-1 (bug #332432; low)
	NOTE: maintainer does not think it's a hole, script is unused/broken
CVE-2005-2959 (Incomplete blacklist vulnerability in sudo 1.6.8 and earlier allows ...)
	{DSA-870-1}
	- sudo 1.6.8p9-3 (medium)
CVE-2005-2958 (Multiple format string vulnerabilities in the GNOME Data Access ...)
	{DSA-871-1}
	- libgda2 1.2.2-1 (medium)
CVE-2005-2957 (Stack-based buffer overflow in AVIRA Desktop for Windows 1.00.00.68 ...)
	NOT-FOR-US: AVIRA Desktop
CVE-2005-2956 (ATutor 1.5.1, and possibly earlier versions, stores temporary chat ...)
	NOT-FOR-US: ATutor
CVE-2005-2955 (config.inc.php in ATutor 1.5.1, and possibly earlier versions, uses an ...)
	NOT-FOR-US: ATutor
CVE-2005-2954 (SQL injection vulnerability in password_reminder.php in ATutor before ...)
	NOT-FOR-US: ATutor
CVE-2005-2953 (Cross-site scripting (XSS) vulnerability in merchant.mvc in MIVA ...)
	NOT-FOR-US: MIVA Merchant
CVE-2005-2952 (Directory traversal vulnerability in s.pl in Subscribe Me Pro ...)
	NOT-FOR-US: Subscribe Me Pro
CVE-2005-2951 (Directory traversal vulnerability in security.inc.php in ...)
	NOT-FOR-US: AzDGDating lite
CVE-2005-2950 (Cross-site scripting (XSS) vulnerability in Sawmill 7.0.0 through ...)
	NOT-FOR-US: Sawmill
CVE-2005-2949 (pam_per_user before 0.4 does not verify if the user name changes ...)
	NOT-FOR-US: pam_per_user (not in Debian)
CVE-2005-2948 (KillProcess 2.20 and earlier allows local users to bypass kill list ...)
	NOT-FOR-US: KillProcess
CVE-2005-2947 (Buffer overflow in KillProcess 2.20 and earlier allows user-assisted ...)
	NOT-FOR-US: KillProcess
CVE-2005-2946 (The default configuration on OpenSSL before 0.9.8 uses MD5 for ...)
	- openssl 0.9.8-1 (bug #314465; unimportant)
	NOTE: MD5 is still good enough for most applications, second preimage attacks
	NOTE: haven't been presented yet
CVE-2005-2944 (The perform_file_save function in GNOME Workstation Command Center ...)
	NOT-FOR-US: GNOME Workstation Command Center
CVE-2005-2943 (Stack-based buffer overflow in sendmail in XMail before 1.22 allows ...)
	{DSA-902-1}
	- xmail 1.22-1 (bug #333863; medium)
CVE-2005-2942
	REJECTED
CVE-2005-2941
	RESERVED
CVE-2005-2940 (Unquoted Windows search path vulnerability in Microsoft Antispyware ...)
	NOT-FOR-US: Microsoft Antispyware
CVE-2005-2939 (Unquoted Windows search path vulnerability in VMWare Workstation 5.0.0 ...)
	NOT-FOR-US: VMWare
CVE-2005-2938 (Unquoted Windows search path vulnerability in iTunesHelper.exe in ...)
	NOT-FOR-US: iTunes
CVE-2005-2937
	REJECTED
CVE-2005-2936 (Unquoted Windows search path vulnerability in RealNetworks RealPlayer ...)
	NOT-FOR-US: Real Player
CVE-2005-2935 (Unquoted Windows search path vulnerability in Microsoft AntiSpyware ...)
	NOT-FOR-US: Microsoft AntiSpyware
CVE-2005-2934 (Unspecified vulnerability in ptrace in SCO UnixWare 7.1.3 and 7.1.4 ...)
	NOT-FOR-US: SCO
CVE-2005-2933 (Buffer overflow in the mail_valid_net_parse_work function in mail.c ...)
	{DSA-861-1}
	- uw-imap 7:2002edebian1-12 (medium; bug #332215)
	- pine 4.64-1 (medium; bug #348407)
	- alpine <not-affected> (alpine is based on pine 4.64, this bug was in a previous version of pine)
	[sarge] - pine <no-dsa> (pine is non-free; doesn't permit distribution of modified binaries)
CVE-2005-2932 (Multiple Check Point Zone Labs ZoneAlarm products before 7.0.362, ...)
	NOT-FOR-US: Check Point Zone Labs ZoneAlarm
CVE-2005-2931 (Format string vulnerability in the SMTP service in IMail Server 8.20 ...)
	NOT-FOR-US: Ipswitch Collaboration Suite
CVE-2005-2929 (Lynx 2.8.5, and other versions before 2.8.6dev.15, allows remote ...)
	- lynx <not-affected> (Debian's default config is not vulnerable)
CVE-2005-2928
	RESERVED
CVE-2005-2927 (Stack-based buffer overflow in ppp in SCO Unixware 7.1.3 and 7.1.4, ...)
	NOT-FOR-US: SCO Unixware
CVE-2005-2926 (Stack-based buffer overflow in (1) backupsh and (2) authsh in SCO ...)
	NOT-FOR-US: SCO Unixware
CVE-2005-2925 (runpriv in SGI IRIX allows local users to bypass intended restrictions ...)
	NOT-FOR-US: IRIX
CVE-2005-2924
	RESERVED
CVE-2005-2923 (The IMAP server in IMail Server 8.20 in Ipswitch Collaboration Suite ...)
	NOT-FOR-US: Ipswitch Collaboration Suite
CVE-2005-2922 (Heap-based buffer overflow in the embedded player in multiple ...)
	- helix-player 1.0.7-1 (bug #358754; medium)
CVE-2005-2921
	RESERVED
CVE-2005-2916 (Linksys WRT54G 3.01.03, 3.03.6, 4.00.7, and possibly other versions ...)
	NOT-FOR-US: Linksys routers
CVE-2005-2915 (ezconfig.asp in Linksys WRT54G router 3.01.03, 3.03.6, non-default ...)
	NOT-FOR-US: Linksys routers
CVE-2005-2914 (ezconfig.asp in Linksys WRT54G router 3.01.03, 3.03.6, non-default ...)
	NOT-FOR-US: Linksys routers
CVE-2005-2913
	REJECTED
CVE-2005-2912 (Linksys WRT54G router allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Linksys routers
CVE-2005-2911
	RESERVED
CVE-2005-2910
	RESERVED
CVE-2005-2909
	RESERVED
CVE-2005-2908
	RESERVED
CVE-2005-2907
	RESERVED
CVE-2005-2906
	RESERVED
CVE-2005-2905
	RESERVED
CVE-2005-2904 (Zebedee 2.4.1, when &quot;allowed redirection port&quot; is not set, allows ...)
	NOT-FOR-US: Zebedee
CVE-2005-2903 (Heap-based buffer overflow in NOD32 2.5 with nod32.002 1.033 build ...)
	NOT-FOR-US: NOD32 Anti virus
CVE-2005-2902 (SQL injection vulnerability in class-1 Forum Software 0.24.4 allows ...)
	NOT-FOR-US: class-1 Forum
CVE-2005-2901 (Multiple Cross-site scripting (XSS) vulnerabilities in CjWeb2Mail 3.0 ...)
	NOT-FOR-US: CjWeb2Mail
CVE-2005-2900 (Cross-site scripting (XSS) vulnerability in top.php in CjLinkOut 1.0 ...)
	NOT-FOR-US: CjLinkOut
CVE-2005-2899 (Multiple cross-site scripting (XSS) vulnerabilities in details.php in ...)
	NOT-FOR-US: CjTagBoard
CVE-2005-2898 (** DISPUTED ** NOTE: this issue has been disputed by the vendor. ...)
	NOT-FOR-US: Filezilla
CVE-2005-2897 (WEB//NEWS 1.4 allows remote attackers to obtain sensitive information ...)
	NOT-FOR-US: WEB//NEWS
CVE-2005-2896 (SQL injection vulnerability in WEB//NEWS 1.4 allows remote attackers ...)
	NOT-FOR-US: WEB//NEWS
CVE-2005-2895 (setcookie.php in PBLang 4.65, and possibly earlier versions, allows ...)
	NOT-FOR-US: PBLang
CVE-2005-2894 (Cross-site scripting (XSS) vulnerability in the user registration in ...)
	NOT-FOR-US: PBLang
CVE-2005-2893 (Direct static code injection vulnerability in setcookie.php in PBLang ...)
	NOT-FOR-US: PBLang
CVE-2005-2892 (Directory traversal vulnerability in setcookie.php in PBLang 4.65, and ...)
	NOT-FOR-US: PBLang
CVE-2005-2891 (WebArchiveX.dll 5.5.0.76 installed before September 6th, 2005 is ...)
	NOT-FOR-US: WebArchiveX
CVE-2005-2890 (SecureOL VE2 1.05.1008 does not properly restrict public access to ...)
	NOT-FOR-US: SecureOL
CVE-2005-2889 (Check Point NGX R60 does not properly verify packets against the ...)
	NOT-FOR-US: Check Point
CVE-2005-2888 (Multiple SQL injection vulnerabilities in MyBulletinBoard (MyBB) ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2005-2887 (MAXdev MD-Pro 1.0.73, and possibly earlier versions, allows remote ...)
	NOT-FOR-US: MAXDev MD-Pro
CVE-2005-2886 (Multiple cross-site scripting (XSS) vulnerabilities in MAXdev MD-Pro ...)
	NOT-FOR-US: MAXDev MD-Pro
CVE-2005-2885 (The Downloads page in MAXdev MD-Pro 1.0.73, and possibly earlier ...)
	NOT-FOR-US: MAXDev MD-Pro
CVE-2005-2884 (Cross-site scripting (XSS) vulnerability in events.php in Land Down ...)
	NOT-FOR-US: Land Down Under
CVE-2005-2883
	REJECTED
	NOT-FOR-US: Unclassified News Board
CVE-2005-2882 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
	NOT-FOR-US: phpCommunityCalendar
CVE-2005-2881 (phpCommunityCalendar 4.0.3 allows remote attackers to bypass ...)
	NOT-FOR-US: phpCommunityCalendar
CVE-2005-2880 (Multiple SQL injection vulnerabilities in phpCommunityCalendar 4.0.3, ...)
	NOT-FOR-US: phpCommunityCalendar
CVE-2005-2879 (Advansysperu Software USB Lock Auto-Protect (AP) 1.5 uses a weak ...)
	NOT-FOR-US: Advansysperu Software USB Lock Auto-Protect
CVE-2005-2945 (arc 5.21j and earlier create temporary files with world-readable ...)
	{DSA-843-1}
	- arc 5.21m-1 (bug #329053; low)
CVE-2005-2917 (Squid 2.5.STABLE10 and earlier, while performing NTLM authentication, ...)
	{DSA-828-1}
	- squid 2.5.10-7 (unknown)
	NOTE: Patch was added to -6, but not listed in dpatch's list of patches
CVE-2005-XXXX [user password file created by gajim is world-redable]
	- gajim 0.8.2-1 (bug #325080; low)
CVE-2005-XXXX [mkzopeinstance.py creates world-readable inituser file]
	- zope2.7 2.7.8-1 (bug #313644; bug #313621; low)
	[sarge] - zope2.7 <no-dsa> (Inside the responsibility of the admin)
CVE-2005-XXXX [wine-safe does not prompt the user/is registered in mailcap]
	- wine 0.0.20050830-1 (bug #327261; bug #327262; low)
	[sarge] - wine <no-dsa> (Minor issue)
CVE-2005-2920 (Buffer overflow in libclamav/upx.c in Clam AntiVirus (ClamAV) before ...)
	{DSA-824-1 DTSA-19-1}
	- clamav 0.87-1 (bug #328660; bug #329280; medium)
CVE-2005-2919 (libclamav/fsg.c in Clam AntiVirus (ClamAV) before 0.87 allows remote ...)
	{DSA-824-1 DTSA-19-1}
	- clamav 0.87-1 (bug #328660; medium)
CVE-2005-2918 (The open_cmd_tube function in mount.c for gtkdiskfree 1.9.3 and ...)
	{DSA-822-1}
	- gtkdiskfree 1.9.3-4sarge1 (bug #328566; low)
CVE-2005-3044 (Multiple vulnerabilities in Linux kernel before 2.6.13.2 allow local ...)
	{DSA-1017-1}
	- linux-2.6 2.6.12-7 (medium)
	- kernel-source-2.4.27 <not-affected> (code is vulnerable but there is no amd64 for 2.4 in Sarge)
CVE-2005-2877 (The history (revision control) function in TWiki 02-Sep-2004 and ...)
	NOTE: proactively fixed by the robustness patch
	- twiki 20040902-2
CVE-2005-2876 (umount in util-linux 2.8 to 2.12q, 2.13-pre1, and 2.13-pre2, and other ...)
	{DSA-825-1 DSA-823-1}
	- util-linux 2.12p-8 (bug #328141; bug #329063; medium)
	- loop-aes-utils 2.12p-9 (bug #328626; medium)
CVE-2005-2875 (Py2Play allows remote attackers to execute arbitrary Python code via ...)
	{DSA-856-1}
	- py2play 0.1.8-1 (bug #326976; medium)
CVE-2005-2874 (The is_path_absolute function in scheduler/client.c for the daemon in ...)
	- cups 1.1.23-1 (unknown)
	- cupsys 1.1.23-1 (unknown)
CVE-2005-2871 (Buffer overflow in the International Domain Name (IDN) support in ...)
	{DSA-868-1 DSA-866-1 DSA-837-1}
	- mozilla-firefox 1.0.6-5 (bug #327452; bug #327802; bug #327366; medium)
	- mozilla 2:1.7.12-1 (bug #327455; medium)
	- mozilla-thunderbird 1.0.7-1
	NOTE: epiphany-browser is apparently fixed fix the mozilla
	NOTE: upload; see bug #327366
CVE-2005-2930 (Stack-based buffer overflow in the _chm_find_in_PMGL function in ...)
	{DSA-886-1}
	- chmlib 0.36-1 (bug #327431; medium)
CVE-2005-2802
	REJECTED
CVE-2005-2878 (Format string vulnerability in search.c in the imap4d server in GNU ...)
	{DSA-841-1 DTSA-20-1}
	- mailutils 1:0.6.90-3 (bug #327424; high)
CVE-2005-2870 (Unknown vulnerability in the net-svc script on Solaris 10 allows ...)
	NOT-FOR-US: Solaris
CVE-2005-2869 (Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin ...)
	{DSA-880-1}
	- phpmyadmin 4:2.6.4-pl1-1 (bug #327345; bug #328501; medium)
CVE-2005-2868 (ZipTorrent 1.3.7.3 stores sensitive information in plaintext in the ...)
	NOT-FOR-US: ZipTorrent
CVE-2005-2867 (SQL injection vulnerability in BlueWhaleCRM allows remote attackers to ...)
	NOT-FOR-US: BlueWhaleCRM
CVE-2005-2866 (Mercora IMRadio 4.0.0.0 stores usernames and passwords in plaintext in ...)
	NOT-FOR-US: Mercora IMRadio
CVE-2005-2865 (Multiple PHP remote file inclusion vulnerabilities in aMember Pro ...)
	NOT-FOR-US: aMember Pro
CVE-2005-2864 (URBAN 1.5.3_1 allows local users to overwrite arbitrary files via a ...)
	NOT-FOR-US: URBAN
CVE-2005-2863 (Cross-site scripting (XSS) vulnerability in openwebmail-main.pl in ...)
	NOT-FOR-US: OpenWebmail
CVE-2005-2862 (ADSL Road Runner modem in the Annex A family has a service running on ...)
	NOT-FOR-US: ADSL hardware
CVE-2005-2861 (Cross-site scripting (XSS) vulnerability in N-Stealth Commercial ...)
	NOT-FOR-US: N-Stealth
CVE-2005-2860 (Cross-site scripting (XSS) vulnerability in Nikto 1.35 and earlier ...)
	- nikto 1.35-1.1 (bug #327339; medium)
CVE-2005-2859 (Savant Web Server stores user credentials in plaintext in the ...)
	NOT-FOR-US: Savant Web Server
CVE-2005-2858 (The Fetch.FetchContact.1 ActiveX control (Fetch.dll) for Rediff Bol ...)
	NOT-FOR-US: Rediff BOL)
CVE-2005-2857 (Free SMTP Server 2.2 allows remote attackers to use the server as an ...)
	NOT-FOR-US: Free SMTP Server
CVE-2005-2856 (Stack-based buffer overflow in the WinACE UNACEV2.DLL third-party ...)
	NOT-FOR-US: ALZip
CVE-2005-2855 (Cross-site scripting (XSS) vulnerability in Unclassified NewsBoard ...)
	NOT-FOR-US: Unclassified Newsboard
CVE-2005-2854 (CRLF injection vulnerability in thesitewizard.com chfeedback.pl ...)
	NOT-FOR-US: thesitewizard.com chfeedback.pl
CVE-2005-2853 (Multiple cross-site scripting (XSS) vulnerabilities in GuppY 4.5.3a ...)
	NOT-FOR-US: GuppY
CVE-2005-2852 (Unknown vulnerability in CIFS.NLM in Novell Netware 6.5 SP2 and SP3, ...)
	NOT-FOR-US: Novell Netware
CVE-2005-2851 (smb4k 0.4 and other versions before 0.6.3 allows local users to read ...)
	{DTSA-25-1}
	- smb4k 0.6.4-1 (bug #337471; medium)
	NOTE: fix in 0.6.3-1 was incomplete according to maintainer
CVE-2005-2850 (SlimFTPd 3.17 allows remote attackers to cause a denial of service ...)
	NOT-FOR-US: SlimFTPD
CVE-2005-2849 (Argument injection vulnerability in Barracuda Spam Firewall running ...)
	NOT-FOR-US: Barracuda antispam solution
CVE-2005-2848 (Directory traversal vulnerability in img.pl in Barracuda Spam Firewall ...)
	NOT-FOR-US: Barracuda antispam solution
CVE-2005-2847 (img.pl in Barracuda Spam Firewall running firmware 3.1.16 and 3.1.17 ...)
	NOT-FOR-US: Barracuda antispam solution
CVE-2005-2846 (PHP remote file inclusion vulnerability in lang.php in CMS Made Simple ...)
	NOT-FOR-US: CMS Made Simple
CVE-2005-2845 (Ariba Spend Management System sends the username and password to the ...)
	NOT-FOR-US: Ariba Spend Management System
CVE-2005-2844 (Buffer overflow in MMClient.exe in Indiatimes Messenger 6.0 allows ...)
	NOT-FOR-US: Indiatimes Messenger
CVE-2005-2843 (Helpdesk software Hesk 0.92 does not properly verify usernames and ...)
	NOT-FOR-US: Hesk
CVE-2005-2842 (Buffer overflow in dwrcs.exe in DameWare Mini Remote Control before ...)
	NOT-FOR-US: DameWare Mini
CVE-2005-2841 (Buffer overflow in Firewall Authentication Proxy for FTP and/or Telnet ...)
	NOT-FOR-US: IOS
CVE-2005-2840 (Multiple unknown vulnerabilities in MAXdev MD-Pro 1.0.72 and earlier ...)
	NOT-FOR-US: MAXdev
CVE-2005-2839 (Multiple cross-site scripting (XSS) vulnerabilities in MAXdev MD-Pro ...)
	NOT-FOR-US: MAXdev
CVE-2005-2838 (SQL injection vulnerability in login.php in myBloggie 2.1.3-beta and ...)
	NOT-FOR-US: myBloggie
CVE-2005-2837 (Multiple eval injection vulnerabilities in PlainBlack Software WebGUI ...)
	NOT-FOR-US: WebGUI
CVE-2005-2836 (Multiple cross-site scripting (XSS) vulnerabilities in Phorum 5.0.17a ...)
	NOT-FOR-US: Phorum
CVE-2005-2835
	RESERVED
CVE-2005-2834
	RESERVED
CVE-2005-2833
	RESERVED
CVE-2005-2832
	RESERVED
CVE-2005-2831 (Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2005-2830 (Microsoft Internet Explorer 5.01, 5.5, and 6, when using an HTTPS ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2005-2829 (Multiple design errors in Microsoft Internet Explorer 5.01, 5.5, and 6 ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2005-2828
	RESERVED
CVE-2005-2827 (The thread termination routine in the kernel for Windows NT 4.0 and ...)
	NOT-FOR-US: Windows NT
CVE-2005-2826
	RESERVED
CVE-2005-2825
	RESERVED
CVE-2005-2824
	RESERVED
CVE-2005-2823
	RESERVED
CVE-2005-2822
	RESERVED
CVE-2005-2821
	RESERVED
CVE-2005-2820 (Cross-site scripting (XSS) vulnerability in SqWebMail 5.0.4 allows ...)
	{DSA-820-1}
	- courier 0.47-9 (bug #327181; medium)
CVE-2005-2819 (DownFile 1.3 allows remote attackers to gain administrator privileges ...)
	NOT-FOR-US: DownFile
CVE-2005-2818 (Cross-site scripting (XSS) vulnerability in DownFile 1.3 allows remote ...)
	NOT-FOR-US: DownFile
CVE-2005-2817 (Simple Machines Forum (SMF) 1-0-5 and earlier supports the use of URLs ...)
	NOT-FOR-US: Simple Machines Forum
CVE-2005-2816 (Cross-site scripting (XSS) vulnerability in Greymatter allows remote ...)
	NOT-FOR-US: Greymatter
CVE-2005-2815 (print.php in FlatNuke 2.5.6 allows remote attackers to obtain ...)
	NOT-FOR-US: FlatNuke
CVE-2005-2814 (Cross-site scripting (XSS) vulnerability in FlatNuke 2.5.6 allows ...)
	NOT-FOR-US: FlatNuke
CVE-2005-2813 (Directory traversal vulnerability in FlatNuke 2.5.6 and possibly ...)
	NOT-FOR-US: FlatNuke
CVE-2005-2812 (man2web allows remote attackers to execute arbitrary commands via -P ...)
	NOT-FOR-US: man2web
CVE-2005-2811 (Untrusted search path vulnerability in Net-SNMP 5.2.1.2 and earlier, ...)
	- net-snmp <not-affected> (Gentoo Portage specific configuration flaw)
CVE-2005-2810 (Multiple stack-based buffer overflows in urban before 1.5.3 allow ...)
	NOT-FOR-US: urban game
CVE-2005-2809 (silc daemon (silcd.c) in Secure Internet Live Conferencing (SILC) 1.0 ...)
	NOT-FOR-US: silc daemon
CVE-2005-2808 (frox 0.7.16 and 0.7.17 does not properly parse certain Deny ACLs, ...)
	- frox 0.7.18-1 (medium)
CVE-2005-2807 (frox 0.7.18, when running setuid root, does not properly drop ...)
	- frox <not-affected> (does not run setuid root in the Debian package)
CVE-2005-2806 (client.cpp in BNBT EasyTracker 7.7r3.2004.10.27 and earlier allows ...)
	NOT-FOR-US: BNBT EasyTracker
CVE-2005-2805 (forum_post.php in e107 0.6 allows remote attackers to post to ...)
	NOT-FOR-US: e107
CVE-2005-2804 (Integer overflow in the registry parsing code in GroupWise 6.5.3, and ...)
	NOT-FOR-US: GroupWise
CVE-2005-2803 (Cross-site scripting (XSS) vulnerability in Hiki 0.8.1 to 0.8.2 allows ...)
	[sarge] - hiki <not-affected> (code not present in sarge)
	- hiki 0.8.3-1
CVE-2005-2800 (Memory leak in the seq_file implemenetation in the SCSI procfs ...)
	{DSA-1017-1}
	- linux-2.6 2.6.12-6 (low)
	- kernel-source-2.4.27 <not-affected> (seq_file introduced in 2.6)
CVE-2005-2799 (Buffer overflow in apply.cgi in Linksys WRT54G 3.01.03, 3.03.6, and ...)
	NOT-FOR-US: Linksys routers
CVE-2005-2798 (sshd in OpenSSH before 4.2, when GSSAPIDelegateCredentials is enabled, ...)
	- openssh 1:4.2p1-1 (bug #326065; unimportant)
	NOTE: Not enabled in the binary build, see #326065
	- openssh-krb5 <removed> (bug #327233; medium)
	[sarge] - openssh-krb5 <no-dsa> (Intended bahaviour, see #327233)
CVE-2005-2797 (OpenSSH 4.0, and other versions before 4.2, does not properly handle ...)
	- openssh 1:4.2p1-1 (bug #326065; unimportant)
	NOTE: GSSAPI features not activated in binary builds
CVE-2005-2796 (The sslConnectTimeout function in ssl.c for Squid 2.5.STABLE10 and ...)
	{DSA-809-1}
	- squid 2.5.10-5 (medium)
CVE-2005-2795
	RESERVED
CVE-2005-2794 (store.c in Squid 2.5.STABLE10 and earlier allows remote attackers to ...)
	{DSA-809-3 DSA-809-1}
	- squid 2.5.10-5 (medium)
CVE-2005-2793 (PHP remote file inclusion vulnerability in welcome.php in phpLDAPadmin ...)
	[sarge] - phpldapadmin <not-affected> (code not present in sarge)
	- phpldapadmin 0.9.6c-7 (bug #325785; medium)
	- egroupware <not-affected> (copy included is older and not vulnerable; bug #339583)
CVE-2005-2792 (Directory traversal vulnerability in welcome.php in phpLDAPadmin 0.9.6 ...)
	[sarge] - phpldapadmin <not-affected> (code not present in sarge)
	- phpldapadmin 0.9.6c-7 (bug #325785; medium)
	- egroupware <not-affected> (copy included is older and not vulnerable; bug #339583)
CVE-2005-2791 (BFCommand &amp; Control Server Manager BFCC 1.22_A and earlier, and BFVCC ...)
	NOT-FOR-US: BFCC
CVE-2005-2790 (BFCommand &amp; Control Server Manager BFCC 1.22_A and earlier, and BFVCC ...)
	NOT-FOR-US: BFCC
CVE-2005-2789 (BFCommand &amp; Control Server Manager BFCC 1.22_A and earlier, and BFVCC ...)
	NOT-FOR-US: BFCC
CVE-2005-2788 (Multiple SQL injection vulnerabilities in Land Down Under (LDU) 801 ...)
	NOT-FOR-US: Land Down Under
CVE-2005-2787 (comment_delete_cgi.php in Simple PHP Blog allows remote attackers to ...)
	NOT-FOR-US: Simple PHP Blog
CVE-2005-2786 (Directory traversal vulnerability in bestmail_edit.cgi in cosmoshop ...)
	NOT-FOR-US: cosmoshop
CVE-2005-2785 (cosmoshop 8.10.78 and earlier stores passwords in plaintext in the ...)
	NOT-FOR-US: cosmoshop
CVE-2005-2784 (SQL injection vulnerability in the login function for the ...)
	NOT-FOR-US: cosmoshop
CVE-2005-2783 (Cross-site scripting (XSS) vulnerability in PHP-Fusion 6.00.107 and ...)
	NOT-FOR-US: PHP-Fusion
CVE-2005-2782 (PHP remote file inclusion vulnerability in al_initialize.php for ...)
	NOT-FOR-US: AutoLinks Pro
CVE-2005-2781 (The Avatar upload feature in FUD Forum before 2.7.0 does not properly ...)
	{DSA-1063-1}
	- phpgroupware 0.9.16.009-1 (bug #340094; medium)
	- egroupware 1.0.0.009.dfsg-3-4 (bug #340495; medium)
	[woody] - phpgroupware <not-affected> (fudforum not included until 0.9.16)
	NOTE: Sarge affected, woody isn't
CVE-2005-2780 (Cross-site scripting (XSS) vulnerability in Land Down Under (LDU) ...)
	NOT-FOR-US: Land Down Under
CVE-2005-2779 (The iTAN Online-Banking Security System allows remote attackers to ...)
	NOT-FOR-US: iTAN
CVE-2005-2778 (SQL injection vulnerability in member.php in MyBulletinBoard (MyBB) ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2005-2777 (Looking Glass 20040427 allows remote attackers to execute arbitrary ...)
	NOT-FOR-US: Looking Glass
CVE-2005-2776 (Multiple cross-site scripting (XSS) vulnerabilities in Looking Glass ...)
	NOT-FOR-US: Looking Glass
CVE-2005-2775 (php_api.php in phpWebNotes 2.0.0 uses the extract function to modify ...)
	NOT-FOR-US: Looking Glass
CVE-2005-2774 (Format string vulnerability in Lithium II mod 1.24 for Quake 2 allows ...)
	NOT-FOR-US: Litium Quake mod
CVE-2005-2773 (HP OpenView Network Node Manager 6.2 through 7.50 allows remote ...)
	NOT-FOR-US: HP OpenView
CVE-2005-2772 (Multiple stack-based buffer overflows in University of Minnesota ...)
	{DSA-832-1}
	- gopher 3.0.11 (bug #327722; high)
CVE-2005-2771 (WRQ Reflection for Secure IT Windows Server 6.0 (formerly known as ...)
	NOT-FOR-US: Reflection for Secure IT
CVE-2005-2770 (WRQ Reflection for Secure IT Windows Server 6.0 (formerly known as ...)
	NOT-FOR-US: Reflection for Secure IT
CVE-2005-2769 (Cross-site scripting (XSS) vulnerability in SqWebMail 5.0.4 and ...)
	{DSA-820-1}
	- courier 0.47-9 (bug #327727; medium)
CVE-2005-2768 (Heap-based buffer overflow in the Sophos Antivirus Library, as used by ...)
	NOT-FOR-US: Sophos AntiVirus
CVE-2005-2767 (Buffer overflow in LeapFTP allows remote attackers to execute ...)
	NOT-FOR-US: LeapFTP
CVE-2005-XXXX [Four potentially DoS exploitable deadlocks and leaks in kernel 2.6]
	- linux-2.6 2.6.12-6 (low)
CVE-2005-2766 (Symantec AntiVirus Corporate Edition 9.0.1.x and 9.0.4.x, and possibly ...)
	NOT-FOR-US: Symantec AntiVirus
CVE-2005-2765 (The user interface in the Windows Firewall does not properly display ...)
	NOT-FOR-US: Microsoft Windows
CVE-2005-2764 (Multiple buffer overflows in OpenTTD before 0.4.0.1 allow attackers to ...)
	NOT-FOR-US: OpenTTD
CVE-2005-2763 (Multiple format string vulnerabilities in OpenTTD before 0.4.0.1 allow ...)
	NOT-FOR-US: OpenTTD
CVE-2005-2762 (Avaya VPNRemote before 4.2.33 stores credentials in cleartext in ...)
	NOT-FOR-US: VPNRemote
CVE-2005-2760
	RESERVED
CVE-2005-2759 (** SPLIT ** The jlucaller program in LiveUpdate for Symantec Norton ...)
	NOT-FOR-US: Symantec Antivirus
CVE-2005-2758 (Integer signedness error in the administrative interface for Symantec ...)
	NOT-FOR-US: Symantec Antivirus
CVE-2005-2757 (Heap-based buffer overflow in CoreFoundation in Mac OS X and OS X ...)
	NOT-FOR-US: Mac OS X
CVE-2005-2756 (Apple QuickTime before 7.0.3 allows user-assisted attackers to ...)
	NOT-FOR-US: Apple QuickTime
CVE-2005-2755 (Apple QuickTime Player before 7.0.3 allows user-assisted attackers to ...)
	NOT-FOR-US: Apple QuickTime
CVE-2005-2754 (Integer overflow in Apple QuickTime before 7.0.3 allows user-assisted ...)
	NOT-FOR-US: Apple QuickTime
CVE-2005-2753 (Integer overflow in Apple QuickTime before 7.0.3 allows user-assisted ...)
	NOT-FOR-US: Apple QuickTime
CVE-2005-2752 (An unspecified kernel interface in Mac OS X 10.4.2 and earlier does ...)
	NOT-FOR-US: Mac OS X
CVE-2005-2751 (memberd in Mac OS X 10.4 up to 10.4.2, in certain situations, does not ...)
	NOT-FOR-US: Mac OS X
CVE-2005-2750 (Software Update in Mac OS X 10.4.2, when the user marks all updates to ...)
	NOT-FOR-US: Mac OS X
CVE-2005-2749 (Unspecified vulnerability in the Finder Get Info window for Mac OS X ...)
	NOT-FOR-US: Mac OS X
CVE-2005-2748 (The malloc function in the libSystem library in Apple Mac OS X 10.3.9 ...)
	NOT-FOR-US: Mac OS X
CVE-2005-2747 (Buffer overflow in ImageIO for Apple Mac OS X 10.4.2, as used by ...)
	NOT-FOR-US: Mac OS X
CVE-2005-2746 (Mail.app in Mail for Apple Mac OS X 10.3.9 and 10.4.2 includes message ...)
	NOT-FOR-US: Mac OS X
CVE-2005-2745 (Mail.app in Mail for Apple Mac OS X 10.3.9, when using Kerberos 5 for ...)
	NOT-FOR-US: Mac OS X
CVE-2005-2744 (Buffer overflow in QuickDraw Manager for Apple OS X 10.3.9 and 10.4.2, ...)
	NOT-FOR-US: Mac OS X
CVE-2005-2743 (The Java extensions for QuickTime 6.52 and earlier in Apple Mac OS X ...)
	NOT-FOR-US: Mac OS X
CVE-2005-2742 (SecurityAgent in Apple Mac OS X 10.4.2, under certain circumstances, ...)
	NOT-FOR-US: Mac OS X
CVE-2005-2741 (Authorization Services in securityd for Apple Mac OS X 10.3.9 allows ...)
	NOT-FOR-US: Mac OS X
CVE-2005-2740
	RESERVED
CVE-2005-2739 (Keychain Access in Mac OS X 10.4.2 and earlier keeps a password ...)
	NOT-FOR-US: Mac OS X
CVE-2005-2738 (Java 1.4.2 before 1.4.2 Release 2 on Apple Mac OS X does not prevent multiple ...)
	NOT-FOR-US: Java / Apple
CVE-2005-2737 (Cross-site scripting (XSS) vulnerability in PhotoPost PHP Pro 5.1 ...)
	NOT-FOR-US: PhotoPost
CVE-2005-2736 (Cross-site scripting (XSS) vulnerability in YaPig 0.95 and earlier ...)
	NOT-FOR-US: YaPig
CVE-2005-2735 (Cross-site scripting (XSS) vulnerability in phpGraphy 0.9.9a and ...)
	NOT-FOR-US: phpGraphy
CVE-2005-2734 (Cross-site scripting (XSS) vulnerability in Gallery 1.5.1-RC2 and ...)
	{DSA-1148-1}
	- gallery 1.5-2 (bug #325285; medium)
	TODO: check gallery2
CVE-2005-2733 (upload_img_cgi.php in Simple PHP Blog (SPHPBlog) does not properly ...)
	NOT-FOR-US: Simple PHP Blog
CVE-2005-2732 (AWStats 6.4, and possibly earlier versions, allows remote attackers to ...)
	NOTE: path disclosure, so not very important on debian systems
	NOTE: unreproducible according to bug #327729
CVE-2005-2731 (Directory traversal vulnerability in Astaro Security Linux 6.0, when ...)
	NOT-FOR-US: Astato specific
CVE-2005-2730 (The HTTP proxy in Astaro Security Linux 6.0 allows remote attackers to ...)
	NOT-FOR-US: Astato specific
CVE-2005-2729 (The HTTP proxy in Astaro Security Linux 6.0 does not properly filter ...)
	NOT-FOR-US: Astato specific
CVE-2005-2728 (The byte-range filter in Apache 2.0 before 2.0.54 allows remote ...)
	{DSA-805-1}
	NOTE: The CVE description is wrong, this has been merged for 2.0.55
	- apache2 2.0.54-5 (bug #326435; medium)
CVE-2005-2727 (Home Ftp Server 1.0.7 stores sensitive user information and server ...)
	NOT-FOR-US: Home Ftp Server
CVE-2005-2726 (Directory traversal vulnerability in Home Ftp Server 1.0.7 allows ...)
	NOT-FOR-US: Home Ftp Server
CVE-2005-2725 (The inputtrap utility in QNX RTOS 6.1.0, 6.3, and possibly earlier ...)
	NOT-FOR-US: QNX
CVE-2005-2723 (SQL injection vulnerability in auth.php in PaFileDB 3.1, when ...)
	NOT-FOR-US: PaFileDB
CVE-2005-2722 (Foojan PHP Weblog allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: Foojan PHP Weblog
CVE-2005-2721 (Multiple cross-site scripting (XSS) vulnerabilities in (1) index.php ...)
	NOT-FOR-US: Foojan PHP Weblog
CVE-2005-2720 (Stack-based buffer overflow in the ACE archive decompression library ...)
	NOT-FOR-US: HAURI Antivirus
CVE-2005-2719 (Ventrilo 2.1.2 through 2.3.0 allows remote attackers to cause a denial ...)
	NOT-FOR-US: Ventrilo
CVE-2005-2718 (Buffer overflow in ad_pcm.c in MPlayer 1.0pre7 and earlier allows ...)
	NOT-FOR-US: MPlayer
CVE-2005-2717 (PHP remote file inclusion vulnerability in WebCalendar before 1.0.1 ...)
	{DSA-799-1}
	- webcalendar 0.9.45-7 (bug #326223; medium)
CVE-2005-2715 (Format string vulnerability in the Java user interface service ...)
	NOT-FOR-US: VERITAS NetBackup Data and Business Center
CVE-2005-2714 (passwd in Directory Services in Mac OS X 10.3.x before 10.3.9 and ...)
	NOT-FOR-US: Apple
CVE-2005-2713 (passwd in Directory Services in Mac OS X 10.3.x before 10.3.9 and ...)
	NOT-FOR-US: Apple
CVE-2005-2712 (The LDAP server (nldap.exe) in IBM Lotus Domino before 7.0.1, 6.5.5, ...)
	NOT-FOR-US: IBM
CVE-2005-2711 (ISS BlackIce 3.6, as used in multiple products including BlackICE PC ...)
	NOT-FOR-US: ISS
CVE-2005-2710 (Format string vulnerability in Real HelixPlayer and RealPlayer 10 ...)
	{DSA-826-1}
	NOTE: see  http://www.open-security.org/advisories/13
	- helix-player 1.0.6-1 (bug #330364; high)
CVE-2005-2709 (The sysctl functionality (sysctl.c) in Linux kernel before 2.6.14.1 ...)
	{DSA-1018-1 DSA-1017-1}
	- linux-2.6 2.6.14-3
CVE-2005-2708 (The search_binary_handler function in exec.c in Linux 2.4 kernel on ...)
	- kernel-source-2.4.27 <not-affected> (amd64/2.4 not supported)
CVE-2005-2707 (Firefox before 1.0.7 and Mozilla Suite before 1.7.12 allows remote ...)
	{DSA-868-1 DSA-866-1 DSA-838-1}
	- mozilla-firefox 1.0.7-1 (bug #329778; medium)
	- mozilla 2:1.7.12-1 (medium)
	- mozilla-thunderbird 1.0.7-1
CVE-2005-2706 (Firefox before 1.0.7 and Mozilla before Suite 1.7.12 allows remote ...)
	{DSA-868-1 DSA-866-1 DSA-838-1}
	- mozilla-firefox 1.0.7-1 (bug #329778; high)
	- mozilla 2:1.7.12-1 (high)
	- mozilla-thunderbird 1.0.7-1
CVE-2005-2705 (Integer overflow in the JavaScript engine in Firefox before 1.0.7 and ...)
	{DSA-868-1 DSA-866-1 DSA-838-1}
	- mozilla-firefox 1.0.7-1 (bug #329778; high)
	- mozilla 2:1.7.12-1 (high)
	- mozilla-thunderbird 1.0.7-1
CVE-2005-2704 (Firefox before 1.0.7 and Mozilla Suite before 1.7.12 allows remote ...)
	{DSA-868-1 DSA-866-1 DSA-838-1}
	- mozilla-firefox 1.0.7-1 (bug #329778; medium)
	- mozilla 2:1.7.12-1 (medium)
	- mozilla-thunderbird 1.0.7-1
CVE-2005-2703 (Firefox before 1.0.7 and Mozilla Suite before 1.7.12 allows remote ...)
	{DSA-868-1 DSA-866-1 DSA-838-1}
	- mozilla-firefox 1.0.7-1 (bug #329778; medium)
	- mozilla 2:1.7.12-1 (medium)
	- mozilla-thunderbird 1.0.7-1
CVE-2005-2702 (Firefox before 1.0.7 and Mozilla Suite before 1.7.12 allows remote ...)
	{DSA-868-1 DSA-866-1 DSA-838-1}
	- mozilla-firefox 1.0.7-1 (bug #329778; high)
	- mozilla 2:1.7.12-1 (high)
	- mozilla-thunderbird 1.0.7-1
CVE-2005-2701 (Heap-based buffer overflow in Firefox before 1.0.7 and Mozilla Suite ...)
	{DSA-868-1 DSA-866-1 DSA-838-1}
	- mozilla-firefox 1.0.7-1 (bug #329778; medium)
	- mozilla 2:1.7.12-1 (bug #329778; medium)
	- mozilla-thunderbird 1.0.7-1
CVE-2005-2700 (ssl_engine_kernel.c in mod_ssl before 2.8.24, when using ...)
	{DSA-807-1 DSA-805-1}
	- libapache-mod-ssl 2.8.24-1 (medium)
	- apache2 2.0.54-5 (bug #327210; medium)
CVE-2005-2699 (Unrestricted file upload vulnerability in admin/admin.php in PHPKit ...)
	NOT-FOR-US: PHPKit
CVE-2005-2698 (Cross-site scripting (XSS) vulnerability in browse.php in Nephp ...)
	NOT-FOR-US: Nephp Publisher Enterprise
CVE-2005-2697 (SQL injection vulnerability in search.php for MyBulletinBoard (MyBB) ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2005-2696 (IBM Lotus Notes does not properly restrict access to password hashes ...)
	NOT-FOR-US: Notes
CVE-2005-2695 (Unspecified vulnerability in the SSL certificate checking ...)
	NOT-FOR-US: Cisco
CVE-2005-2694 (Buffer overflow in WinAce 2.6.0.5, and possibly earlier versions, ...)
	NOT-FOR-US: WinAce
CVE-1999-1586 (loadmodule in SunOS 4.1.x, as used by xnews, does not properly ...)
	NOT-FOR-US: SunOS
CVE-1999-1585 (The (1) rcS and (2) mountall programs in Sun Solaris 2.x, possibly ...)
	NOT-FOR-US: Solaris
CVE-1999-1584 (Unknown vulnerability in (1) loadmodule, and (2) modload if modload is ...)
	NOT-FOR-US: SunOS
CVE-2005-2724 (Cross-site scripting (XSS) vulnerability in SqWebMail 5.0.4 allows ...)
	{DSA-793-1}
	- courier 0.47-8 (medium; bug #325631)
CVE-2005-2801 (xattr.c in the ext2 and ext3 file system code for Linux kernel 2.6 ...)
	{DSA-922-1 DSA-921-1}
	- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.11)
CVE-2005-2873 (The ipt_recent kernel module (ipt_recent.c) in Linux kernel 2.6.12 and ...)
	[sarge] - kernel-source-2.4.27 <no-dsa> (Unfixable design issues)
	[sarge] - kernel-source-2.6.8 <no-dsa> (Unfixable design issues)
	- kernel-source-2.6.8 <unfixed> (bug #332231; low)
	- linux-2.6 2.6.18-1 (bug #332381; low)
	NOTE: Dave Miller didn't like the proposed fix and considers a complete rewrite
	NOTE: of ipt_recent the best solution, which seems to occur soon
CVE-2005-2872 (The ipt_recent kernel module (ipt_recent.c) in Linux kernel before ...)
	{DSA-922-1 DSA-921-1}
	- kernel-source-2.4.27 2.4.27-11 (bug #322237; medium)
	- linux-2.6 2.6.12-1
CVE-2005-2761 (Cross-site scripting (XSS) vulnerability in phpGroupWare 0.9.16.000 ...)
	{DSA-798-1}
	- phpgroupware 0.9.16.008-1 (unknown)
CVE-2005-2716 (The event_pin_code_request function in the btsrv daemon (btsrv.c) in ...)
	{DSA-796-1}
	- affix 2.1.2-3 (bug #325444; medium)
CVE-2005-XXXX [Insecure tempfile usage in tleds]
	- tleds 1.05beta10-9 (bug #276789; low)
CVE-2005-2693 (cvsbug in CVS 1.12.12 and earlier creates temporary files insecurely, ...)
	{DSA-806-1 DSA-802-1}
	NOTE: cvsbug was removed from the cvs binary package in 1:1.11.5-4.
	NOTE: The copy in the cvs source package was fixed in 1:1.12.9-15.
	- cvs 1:1.11.5-4 (bug #325106; low)
	- gcvs 1.0final-8 (bug #324969; low)
CVE-2005-2692 (Multiple SQL injection vulnerabilities in RunCMS 1.2 and earlier allow ...)
	NOT-FOR-US: RunCMS
CVE-2005-2691 (includes/common.php in RunCMS 1.2 and earlier calls the extract ...)
	NOT-FOR-US: RunCMS
CVE-2005-2690 (SQL injection vulnerability in the Downloads module in PostNuke ...)
	NOT-FOR-US: PostNuke
CVE-2005-2689 (Multiple cross-site scripting (XSS) vulnerabilities in PostNuke ...)
	NOT-FOR-US: PostNuke
CVE-2005-2688 (Multiple cross-site scripting (XSS) vulnerabilities in SaveWebPortal ...)
	NOT-FOR-US: SaveWebPortal
CVE-2005-2687 (PHP remote file inclusion vulnerability in SaveWebPortal 3.4 allows ...)
	NOT-FOR-US: SaveWebPortal
CVE-2005-2686 (Directory traversal vulnerability in SaveWebPortal 3.4 allows remote ...)
	NOT-FOR-US: SaveWebPortal
CVE-2005-2685 (SaveWebPortal 3.4 allows remote attackers to execute arbitrary PHP ...)
	NOT-FOR-US: SaveWebPortal
CVE-2005-XXXX [Insecure temp files in firehol]
	- firehol 1.231-4 (unimportant)
	NOTE: Only exploitable inside modified binary installation
CVE-2005-2684 (nquser.php in Virtual Edge Netquery 3.11 allows remote attackers to ...)
	NOT-FOR-US: Virtual Edge Netquery
CVE-2005-2683 (Multiple SQL injection vulnerabilities in PHPKit 1.6.1 allow remote ...)
	NOT-FOR-US: PHPKit
CVE-2005-2682 (aspell_setup.php in the SpellChecker plugin in DTLink AreaEdit before ...)
	NOT-FOR-US: DTLink AreaEdit
CVE-2005-2681 (Unspecified vulnerability in the command line processing (CLI) logic ...)
	NOT-FOR-US: Cisco
CVE-2005-2680 (Unspecified vulnerability in BEA WebLogic Portal 8.1 through SP4, when ...)
	NOT-FOR-US: BEA WebLogic Portal
CVE-2005-2679 (Buffer overflow in Sysinternals Process Explorer 9.23, and other ...)
	NOT-FOR-US: Sysinternals Process Explorer
CVE-2005-2678 (Microsoft IIS 5.1 and 6 allows remote attackers to spoof the ...)
	NOT-FOR-US: MSIE
CVE-2005-2677 (ACNews stores the database in a file under the web document root with ...)
	NOT-FOR-US: ACNews
CVE-2005-2676 (Cross-site scripting (XSS) vulnerability in displayimage.php in ...)
	NOT-FOR-US: Coppermine
CVE-2005-2675 (** DISPUTED ** Note: the vendor has disputed this issue. ...)
	NOT-FOR-US: Land Down Under
CVE-2005-2674 (** DISPUTED ** Note: the vendor has disputed this issue. ...)
	NOT-FOR-US: Land Down Under
CVE-2005-2673 (SQL injection vulnerability in modcp.php in WoltLab Burning Board ...)
	NOT-FOR-US: Burning Board
CVE-2005-2671
	REJECTED
CVE-2005-2670 (Directory traversal vulnerability in HAURI Anti-Virus products ...)
	NOT-FOR-US: HAURI
CVE-2005-2669 (Computer Associates (CA) Message Queuing (CAM / CAFT) 1.05, 1.07 ...)
	NOT-FOR-US: Computer Associates
CVE-2005-2668 (Multiple buffer overflows in Computer Associates (CA) Message Queuing ...)
	NOT-FOR-US: Computer Associates
CVE-2005-2667 (Unknown vulnerability in Computer Associates (CA) Message Queuing (CAM ...)
	NOT-FOR-US: Computer Associates
CVE-2005-2666 (SSH, as implemented in OpenSSH before 4.0 and possibly other ...)
	- openssh 1:4.0p1-1 (unimportant)
	NOTE: Lack of a security feature, not a vulnerability
CVE-2005-2665 (Stack-based buffer overflow in expires.c in Elm 2.5 PL5 through PL7, ...)
	NOT-FOR-US: elm-me+ is no longer in unstable or testing
CVE-2005-2664 (Whisper 32 1.16, and possibly earlier versions, stores passwords in ...)
	NOT-FOR-US: Whisper
CVE-2005-2663 (masqmail before 0.2.18 allows local users to overwrite arbitrary files ...)
	{DSA-848-1}
	- masqmail 0.2.21-1 (low; bug #329307)
CVE-2005-2662 (masqmail before 0.2.18 allows remote attackers to execute arbitrary ...)
	{DSA-848-1}
	- masqmail 0.2.21-1 (high; bug #329307)
CVE-2005-2661 (Format string vulnerability in the ParseBannerAndCapability function ...)
	{DSA-852-1}
	- up-imapproxy 1.2.4-2 (high)
CVE-2005-2660 (apachetop 0.12.5 and earlier, when running in debug mode, allows local ...)
	{DSA-839-1}
	- apachetop 0.12.5-3 (unknown)
CVE-2005-2659 (Buffer overflow in the LZX decompression in CHM Lib (chmlib) 0.35, as ...)
	{DSA-886-1}
	- chmlib 0.37-2 (medium)
CVE-2005-2658 (Buffer overflow in utility.cpp in Turquoise SuperStat (turqstat) 2.2.4 ...)
	{DSA-812-1}
	- turqstat 2.2.4-1 (medium)
CVE-2005-2657 (Unknown vulnerability in common-lisp-controller 4.18 and earlier ...)
	{DSA-811-2}
	- common-lisp-controller 4.18 (bug #328633; medium)
CVE-2005-2656 (Polygen before 1.0.6 generates precompiled grammar objects with ...)
	{DSA-794-1}
	NOTE: Fix in -8 had problems
	- polygen 1.0.6-9 (bug #325468; low)
CVE-2005-2655 (lockmail in maildrop before 1.5.3 does not drop privileges before ...)
	{DSA-791-1 DTSA-11-1}
	- maildrop 2.0.2-7 (bug #325135; medium)
CVE-2005-2654 (phpldapadmin before 0.9.6c allows remote attackers to gain anonymous ...)
	{DSA-790-1}
	- phpldapadmin 0.9.6c-5 (bug #322423; medium)
	- egroupware <not-affected> (copy included is older and not vulnerable; bug #339583)
CVE-2005-XXXX [cplay - still unsafe temporary file handling vulnerable to symlink attacks]
	- cplay 1.49-8 (bug #324913; low)
	[woody] - cplay <not-affected> (CPLAY_TMP doesn't exist in this version)
	[sarge] - cplay <no-dsa> (Hardly exploitable)
CVE-2005-2672 (pwmconfig in LM_sensors before 2.9.1 creates temporary files ...)
	{DSA-814-1 DTSA-17-1}
	- lm-sensors 1:2.9.1-7 (bug #324193; medium)
CVE-2005-2653 (Cross-site scripting (XSS) vulnerability in BBCaffe 2.0 allows remote ...)
	NOT-FOR-US: BBCaffe
CVE-2005-2652 (Zorum 3.5 allows remote attackers to obtain the full installation path ...)
	NOT-FOR-US: Zorum
CVE-2005-2651 (gorum/prod.php in Zorum 3.5 allows remote attackers to execute ...)
	NOT-FOR-US: Zorum
CVE-2005-2650 (Cross-site scripting (XSS) vulnerability in sign.asp in Emefa ...)
	NOT-FOR-US: Emefa Guestbook
CVE-2005-2649 (Cross-site scripting (XSS) vulnerability in ATutor 1.5.1 allows remote ...)
	NOT-FOR-US: ATutor
CVE-2005-2648 (Directory traversal vulnerability in index.php in W-Agora 4.2.0 and ...)
	NOT-FOR-US: W-Agora
CVE-2005-2647 (Cross-site scripting (XSS) vulnerability in Xerox MicroServer Web ...)
	NOT-FOR-US: Xerox MicroServer Web Server in Document Centre
CVE-2005-2646 (Unknown vulnerability in Xerox MicroServer Web Server in Document ...)
	NOT-FOR-US: Xerox MicroServer Web Server in Document Centre
CVE-2005-2645 (Unknown vulnerability in Xerox MicroServer Web Server in Document ...)
	NOT-FOR-US: Xerox MicroServer Web Server in Document Centre
CVE-2005-2644 (Buffer overflow in JaguarEditControl.dll in Isemarket JaguarControl ...)
	NOT-FOR-US: JaguarControl
CVE-2005-2643 (Tor 0.1.0.13 and earlier, and experimental versions 0.1.1.4-alpha and ...)
	- tor 0.1.0.14-1 (bug #323786; medium)
CVE-2005-2642 (Buffer overflow in the mutt_decode_xbit function in Handler.c for Mutt ...)
	- mutt <not-affected> (bug #323956; high)
	NOTE: Status is not clear; upstream is unresponsive.
	NOTE: this bug was closed as it was unreproducable in Debian
CVE-2005-2641 (Unknown vulnerability in pam_ldap before 180 does not properly handle ...)
	{DSA-785-1}
	- libpam-ldap 178-1sarge1 (bug #324899; unknown)
CVE-2004-2483 (Kerio WinRoute Firewall before 6.0.9 uses information from PTR queries ...)
	NOT-FOR-US: Kerio WinRoute Firewall
CVE-2004-2482 (Microsoft Outlook 2000 and 2003, when configured to use Microsoft Word ...)
	NOT-FOR-US: Outlook
CVE-2004-2481 (MyProxy 6.58 allows remote authenticated users in the Users Tab to ...)
	NOT-FOR-US: MyProxy
CVE-2004-2480 (Squid Web Proxy Cache 2.3.STABLE5 allows remote attackers to bypass ...)
	NOTE: could not reproduce this with squid 2.5, neither could the redhat guys
	NOTE: see https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=166522
	- squid 2.5
CVE-2004-2479 (Squid Web Proxy Cache 2.5 might allow remote attackers to obtain ...)
	- squid 2.5.8
CVE-2004-2478 (Unspecified vulnerability in Jetty HTTP Server, as used in (1) IBM ...)
	NOTE: "the original vendor report is too vague to know whether this issue is already identified by another CVE name."
CVE-2004-2477 (DiamondCS Process Guard Free 2.000 allows local users to disable the ...)
	NOT-FOR-US: DiamondCS
CVE-2005-2640 (Behavioral discrepancy information leak in Juniper Netscreen VPN ...)
	NOT-FOR-US: Juniper
CVE-2005-2639 (Buffer overflow in Chris Moneymaker's World Poker Championship 1.0 ...)
	NOT-FOR-US: World Poker Championship
CVE-2005-2638 (Multiple cross-site scripting (XSS) vulnerabilities in PHPFreeNews ...)
	NOT-FOR-US: PHPFreeNews
CVE-2005-2637 (Multiple SQL injection vulnerabilities in PHPFreeNews 1.40 and earlier ...)
	NOT-FOR-US: PHPFreeNews
CVE-2005-2636 (SQL injection vulnerability in lib-view-direct.inc.php in phpAdsNew ...)
	NOT-FOR-US: phpAdsNew
CVE-2005-2635 (Multiple directory traversal vulnerabilities in phpAdsNew and phpPgAds ...)
	NOT-FOR-US: phpAdsNew
CVE-2005-2634 (Buffer overflow in the Log-SCR function in the &quot;Log to Screen&quot; feature ...)
	NOT-FOR-US: WinFTP Server
CVE-2005-2633 (Multiple PHP file inclusion vulnerabilities in (1) admin_o.php, (2) ...)
	NOT-FOR-US: PHPTB Topic Board
CVE-2005-2632 (SQL injection vulnerability in login_admin_mediabox404.php in ...)
	NOT-FOR-US: Mediabox 404
CVE-2005-2631 (Cisco Clean Access (CCA) 3.3.0 to 3.3.9, 3.4.0 to 3.4.5, and 3.5.0 to ...)
	NOT-FOR-US: Cisco
CVE-2005-2630 (Heap-based buffer overflow in DUNZIP32.DLL for RealPlayer 8, 10, and ...)
	- helix-player <not-affected> (Only Windows version of Real are affected)
CVE-2005-2629 (Integer overflow in RealNetworks RealPlayer 8, 10, and 10.5, RealOne ...)
	{DSA-915-1}
	- helix-player 1.0.6-1 (bug #340270; medium)
CVE-2005-2628 (Macromedia Flash 6 and 7 (Flash.ocx) allows remote attackers to ...)
	- flashplugin-nonfree 7.0.61-1.1 (bug #339290; high)
	[sarge] - flashplugin-nonfree <no-dsa> (Only affects proprietary Flash plugin)
CVE-2005-2627 (Multiple integer underflows in Kismet before 2005-08-R1 allow remote ...)
	{DSA-788-1 DTSA-1-1}
	- kismet 2005.08.R1-1 (bug #323386; high)
CVE-2005-2626 (Unspecified vulnerability in Kismet before 2005-08-R1 allows remote ...)
	{DSA-788-1 DTSA-1-1}
	- kismet 2005.08.R1-1 (bug #323386; high)
CVE-2004-2476 (Microsoft Internet Explorer 6.0 allows remote attackers to cause a ...)
	NOT-FOR-US: MS IE
CVE-2004-2475 (Cross-site scripting (XSS) vulnerability in Google Toolbar 2.0.114.1 ...)
	NOT-FOR-US: Google Toolbar
CVE-2004-2474 (SQL injection vulnerability in PHPNews 1.2.3 allows remote attackers ...)
	NOT-FOR-US: PHPNews
CVE-2004-2473 (wmFrog weather monitor 0.1.6 and other versions before 0.2.0 allows ...)
	NOT-FOR-US: wmFrog
CVE-2004-2472 (Agnitum Outpost Pro Firewall 2.1 allows remote attackers to cause a ...)
	NOT-FOR-US: Outpost Pro
CVE-2004-2471 (SQL injection vulnerability in the sloth TCL script in QuoteEngine ...)
	NOT-FOR-US: QuoteEngine
CVE-2004-2470 (Unspecified vulnerability in MadBMS before 1.1.5 has unknown impact ...)
	NOT-FOR-US: MadBMS
CVE-2004-2469 (Unspecified vulnerability in Reservation.class.php for phpScheduleIt ...)
	NOT-FOR-US: phpScheduleIt
CVE-2004-2468 (Cross-site scripting (XSS) vulnerability in SillySearch 2.3 and ...)
	NOT-FOR-US: SillySearch
CVE-2004-2467 (chat.ghp in Easy Chat Server 1.2 allows remote attackers to add a ...)
	NOT-FOR-US: Easy Chat Server
CVE-2004-2466 (chat.ghp in Easy Chat Server 1.2 allows remote attackers to cause a ...)
	NOT-FOR-US: Easy Chat Server
CVE-2004-2465 (Cross-site scripting (XSS) vulnerability in chat.ghp in Easy Chat ...)
	NOT-FOR-US: Easy Chat Server
CVE-2004-2464 (Directory traversal vulnerability in ADA Image Server (ImgSvr) 0.4 ...)
	NOT-FOR-US: ADA Image Server
CVE-2004-2463 (Buffer overflow in ADA Image Server (ImgSvr) 0.4 allows remote ...)
	NOT-FOR-US: ADA Image Server
CVE-2004-2462 (cplay 1.49 on Linux allows local users to overwrite arbitrary files ...)
	- cplay 1.49-3 (medium)
CVE-2004-2461 (Buffer overflow in pop3.c in gnubiff before 2.0.0 allows attackers to ...)
	- gnubiff 2.0.0 (medium)
CVE-2004-2460 (Unknown vulnerability in POP3 in gnubiff before 2.0.0 allows remote ...)
	- gnubiff 2.0.0 (medium)
CVE-2004-2459 (Unknown vulnerability in gnubiff 1.2.0 and earlier allows local users ...)
	- gnubiff 2.0.0 (medium)
CVE-2004-2458 (Open WebMail 2.30 and earlier, when use_syshomedir is disabled or ...)
	NOT-FOR-US: Open WebMail
CVE-2004-2457 (Unspecified vulnerability in 3Com OfficeConnect ADSL 11g Router allows ...)
	NOT-FOR-US: 3Com OfficeConnect ADSL 11g Router
CVE-2004-2456 (SQL injection vulnerability in index.php in miniBB 1.7f and earlier ...)
	NOT-FOR-US: miniBB
CVE-2004-2455 (Sweex Wireless Broadband Router/Accesspoint 802.11g (LC000060) allows ...)
	NOT-FOR-US: Sweex Wireless Broadband Router/Accesspoint 802.11g
CVE-2004-2454 (aMSN 0.90 for Microsoft Windows allows local users to obtain sensitive ...)
	NOT-FOR-US: aMSN 0.90 for Microsoft Windows
CVE-2004-2453 (Unknown vulnerability in Tutti Nova 0.10 through 0.12 (Beta) and ...)
	NOT-FOR-US: Tutti Nova
CVE-2004-2452 (Unknown vulnerability in Hitachi Cosminexus Portal Framework 01-00, ...)
	NOT-FOR-US: Hitachi Cosminexus Portal Framework
CVE-2004-2451 (Roger Wilco 1.4.1.6 and earlier, or Roger Wilco Base Station 0.30a or ...)
	NOT-FOR-US: Roger Wilco
CVE-2004-2450 (The client and server for Roger Wilco 1.4.1.6 and earlier or Roger ...)
	NOT-FOR-US: Roger Wilco
CVE-2004-2449 (Roger Wilco 1.4.1.6 and earlier or Roger Wilco Base Station 0.30a and ...)
	NOT-FOR-US: Roger Wilco
CVE-2004-2448 (S-Mart Shopping Cart or RediCart 3.9.5b stores smart.cfg under the web ...)
	NOT-FOR-US: S-Mart Shopping Cart or RediCart
CVE-2004-2447 (Cross-site scripting (XSS) vulnerability in 1st Class Mail Server 4.01 ...)
	NOT-FOR-US: *1st Class Mail Server
CVE-2004-2446 (Directory traversal vulnerability in 1st Class Mail Server 4.01 allows ...)
	NOT-FOR-US: *1st Class Mail Server
CVE-2004-2445 (Directory traversal vulnerability in index.php in Jaws 0.3 BETA allows ...)
	NOT-FOR-US: Jaws
CVE-2004-2444 (Cross-site scripting (XSS) vulnerability in index.php in Jaws 0.3 ...)
	NOT-FOR-US: Jaws
CVE-2004-2443 (Jaws 0.3 allows remote attackers to bypass authentication and via an ...)
	NOT-FOR-US: Jaws
CVE-2004-2442 (Multiple interpretation error in various F-Secure Anti-Virus products, ...)
	NOT-FOR-US: F-Secure Anti-Virus
CVE-2004-2441 (Unspecified vulnerability in Kerio MailServer before 6.0.3 has unknown ...)
	NOT-FOR-US: Kerio
CVE-2004-2440 (Unspecified vulnerability in cmdline.c in proxytunnel 1.1.3 and ...)
	NOT-FOR-US: proxytunnel
CVE-2004-2439 (The remote upgrade capability in HP LaserJet 4200 and 4300 printers ...)
	NOT-FOR-US: HP printers
CVE-2004-2438 (Cross-site scripting (XSS) vulnerability in PHP-Fusion 4.01 allows ...)
	NOT-FOR-US: PHP-Fusion
CVE-2004-2437 (SQL injection vulnerability in PHP-Fusion 4.01 allows remote attackers ...)
	NOT-FOR-US: PHP-Fusion
CVE-2004-2436 (Computer Associates Unicenter Common Services 3.0 and earlier stores ...)
	NOT-FOR-US: Computer Associates Unicenter Common Services
CVE-2004-2435 (Cross-site scripting (XSS) vulnerability in PeopleSoft Human Resources ...)
	NOT-FOR-US: PeopleSoft Human Resources Management System (HRMS)
CVE-2005-2625 (Incomplete blacklist vulnerability in the checkBlacklist function in ...)
	NOT-FOR-US: CPAINT ajax toolkit
CVE-2005-2624 (Eval injection vulnerability in CPAINT 1.3-SP allows remote attackers ...)
	NOT-FOR-US: CPAINT ajax toolkit
CVE-2005-2623 (ECW-Shop 6.0.2 allows remote attackers to reduce the total cost of ...)
	NOT-FOR-US: ECW Shop
CVE-2005-2622 (Cross-site scripting (XSS) vulnerability in index.php in ECW-Shop ...)
	NOT-FOR-US: ECW Shop
CVE-2005-2621 (index.php in ECW-Shop 6.0.2 allows remote attackers to obtain ...)
	NOT-FOR-US: ECW Shop
CVE-2005-2620 (grpWise.exe for Novell GroupWise client 5.5 through 6.5.2 stores the ...)
	NOT-FOR-US: Novell GroupWise
CVE-2005-2619 (Directory traversal vulnerability in kvarcve.dll in Autonomy (formerly ...)
	NOT-FOR-US: Autonomy
CVE-2005-2618 (Multiple stack-based buffer overflows in Autonomy (formerly Verity) ...)
	NOT-FOR-US: Autonomy
CVE-2004-2434 (Microsoft Internet Explorer 6.0 SP1 allows remote attackers to cause a ...)
	NOT-FOR-US: MS IE
CVE-2004-2433 (Buffer overflow in the IsValidFile function in the ADM ActiveX control ...)
	NOT-FOR-US: ADM ActiveX control
CVE-2004-2432 (WinAgents TFTP Server 3.0 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: WinAgents TFTP Server
CVE-2004-2431 (Unknown vulnerability in The Ignition Project ignitionServer 0.1.2 ...)
	NOT-FOR-US: ignitionServer
CVE-2004-2430 (Trend OfficeScan Corporate Edition 5.58 and possibly earler does not ...)
	NOT-FOR-US: Trend OfficeScan
CVE-2004-2429 (Multiple stack-based and heap-based buffer overflows in EnderUNIX ...)
	NOT-FOR-US: EnderUNIX spamGuard
CVE-2004-2428 (Abczone.it WWWguestbook 1.1 stores db/dbase.mdb under the web document ...)
	NOT-FOR-US: WWWguestbook
CVE-2004-2427 (Axis Network Camera 2.40 and earlier, and Video Server 3.12 and ...)
	NOT-FOR-US: Axis Network Camera
CVE-2004-2426 (Directory traversal vulnerability in Axis Network Camera 2.40 and ...)
	NOT-FOR-US: Axis Network Camera
CVE-2004-2425 (Axis Network Camera 2.40 and earlier, and Video Server 3.12 and ...)
	NOT-FOR-US: Axis Network Camera
CVE-2004-2424 (BEA WebLogic Server and WebLogic Express 8.1 through 8.1 SP2 allow ...)
	NOT-FOR-US: BEA
CVE-2004-2423 (Unknown vulnerability in the Web calendaring component of Ipswitch ...)
	NOT-FOR-US: Ipswitch IMail Server
CVE-2004-2422 (Multiple features in Ipswitch IMail Server before 8.13 allow remote ...)
	NOT-FOR-US: Ipswitch IMail Server
CVE-2004-2421 (Unknown vulnerability in Hitachi Job Management Partner (JP1) JP1/File ...)
	NOT-FOR-US: Hitachi Job Management Partner
CVE-2004-2420 (Hitachi Job Management Partner (JP1) JP1/File Transmission Server/FTP ...)
	NOT-FOR-US: Hitachi Job Management Partner
CVE-2004-2419 (Keene Digital Media Server 1.0.2 allows local users to obtain ...)
	NOT-FOR-US: Keene Digital Media Server
CVE-2004-2418 (Buffer overflow in SlimFTPd 3.15 and earlier allows local users to ...)
	NOT-FOR-US: slimftpd not in debian
CVE-2004-2417 (Format string vulnerability in smtp.c for smtp.proxy 1.1.3 and earlier ...)
	NOT-FOR-US: smtp.proxy
CVE-2004-2416 (Buffer overflow in the logging component of CCProxy allows remote ...)
	NOT-FOR-US: ccproxy
CVE-2004-2415 (Davenport before 0.9.10 allows attackers to cause a denial of service ...)
	NOT-FOR-US: Davenport
CVE-2004-2414 (Novell NetWare 6.5 SP 1.1, when installing or upgrading using the ...)
	NOT-FOR-US: Novell NetWare
CVE-2004-2413 (SQL injection vulnerability in VP-ASP Shopping Cart 4.0 through 5.0 ...)
	NOT-FOR-US: VP-ASP Shopping Cart
CVE-2004-2412 (Multiple SQL injection vulnerabilities in VP-ASP Shopping Cart 4.0 ...)
	NOT-FOR-US: VP-ASP Shopping Cart
CVE-2004-2411 (The CleanseMessage function in shop$db.asp for VP-ASP Shopping Cart ...)
	NOT-FOR-US: VP-ASP Shopping Cart
CVE-2004-2410 (Unknown vulnerability in sh_hash_compdata for Samhain 1.8.9 through ...)
	- samhain 2.0.2
CVE-2004-2409 (Buffer overflow in the sh_hash_compdata function for Samhain 1.8.9 ...)
	- samhain 2.0.2
CVE-2004-2408 (Linux VServer 1.27 and earlier, 1.3.9 and earlier, and 1.9.1 and ...)
	- kernel-patch-vserver 1.9.2
CVE-2004-2407 (Unknown vulnerability in phpGroupWare before 0.9.14.002 has unknown ...)
	- phpgroupware 0.9.14.002
CVE-2004-2406 (Unknown &quot;overflow&quot; in the phpgw_config table for phpGroupWare before ...)
	- phpgroupware 0.9.14.002
CVE-2004-2405 (Buffer overflow in multiple F-Secure Anti-Virus products, including ...)
	NOT-FOR-US: F-Secure Anti-Virus
CVE-2004-2404
	REJECTED
	NOT-FOR-US: Leif Wright Web Blog
CVE-2004-2403 (Cross-site request forgery (CSRF) vulnerability in YaBB 1 GOLD SP ...)
	NOT-FOR-US: YaBB
CVE-2004-2402 (Cross-site scripting (XSS) vulnerability in YaBB.pl in YaBB 1 GOLD SP ...)
	NOT-FOR-US: YaBB
CVE-2004-2401 (Stack-based buffer overflow in Ipswitch IMail Express Web Messaging ...)
	NOT-FOR-US: Ipswitch IMail
CVE-2004-2400 (WinFTP Server 1.6 stores username and password credentials in ...)
	NOT-FOR-US: WinFTP Server
CVE-2004-2399 (Secure Computing Corporation Sidewinder G2 6.1.0.01 allows remote ...)
	NOT-FOR-US: Sidewinder
CVE-2004-2398 (Netenberg Fantastico De Luxe 2.8 uses database file names that contain ...)
	NOT-FOR-US: Netenberg Fantastico De Luxe
CVE-2004-2397 (The web-based Management Console in Blue Coat Security Gateway OS 3.0 ...)
	NOT-FOR-US: Blue Coat
CVE-2004-2396 (passwd 0.68 does not check the return code for the pam_start function, ...)
	NOTE: shadow is a different code base, and does not have this problem
CVE-2004-2395 (Memory leak in passwd 0.68 allows local users to cause a denial of ...)
	NOTE: shadow is a different code base, and does not have this problem
CVE-2004-2394 (Off-by-one error in passwd 0.68 and earlier, when using the --stdin ...)
	NOTE: shadow is a different code base, and does not have this problem
CVE-2004-2393 (Java Secure Socket Extension (JSSE) 1.0.3 through 1.0.3_2 does not ...)
	NOT-FOR-US: Sun JSSE
CVE-2004-2392 (libuser 0.51.7 allows attackers to cause a denial of service (crash or ...)
	NOT-FOR-US: libuser
CVE-2004-2391 (Jabber Gadu-Gadu Transport (a.k.a. jabber-gg-transport) 2.0.x before ...)
	NOT-FOR-US: jabber-gg-transport
CVE-2004-2390 (The roster import functionality in Jabber Gadu-Gadu Transport ...)
	NOT-FOR-US: jabber-gg-transport
CVE-2004-2389 (Unknown vulnerability in Jabber Gadu-Gadu Transport ...)
	NOT-FOR-US: jabber-gg-transport
CVE-2003-1231 (Cross-site scripting (XSS) vulnerability in index.php in ECW-Shop 5.5 ...)
	NOT-FOR-US: ECW-Shop
CVE-2003-1230 (The implementation of SYN cookies (syncookies) in FreeBSD 4.5 through ...)
	NOT-FOR-US: (FreeBSD)
	NOTE: old freebsd, before it was introduced in Debian
CVE-2003-1229 (X509TrustManager in (1) Java Secure Socket Extension (JSSE) in SDK and ...)
	NOT-FOR-US: Sun JSSE and JRE
CVE-2005-2617 (The syscall32_setup_pages function in syscall32.c for Linux kernel ...)
	{DTSA-16-1}
	NOTE: http://lists.debian.org/debian-kernel/2005/08/msg00991.html, amd64 specific DOS
	- linux-2.6 2.6.12-6
CVE-2005-2616 (Multiple PHP file include vulnerabilities in ezUpload 2.2 allow remote ...)
	NOT-FOR-US: ezUpload
CVE-2005-2615 (Unknown vulnerability in session.php in EQdkp before 1.3.0 has unknown ...)
	NOT-FOR-US: EQdkp
CVE-2005-2614 (Discuz! 4.0 rc4 does not properly restrict types of files that are ...)
	NOT-FOR-US: Discuz
CVE-2005-2613 (Unknown vulnerability in CPAINT Ajax Toolkit before 1.3-SP allows ...)
	NOT-FOR-US: CPAINT Ajax
CVE-2005-2612 (Direct code injection vulnerability in WordPress 1.5.1.3 and earlier ...)
	- wordpress 1.5.2-1 (bug #323040; high)
CVE-2005-2611 (VERITAS Backup Exec for Windows Servers 8.6 through 10.0, Backup Exec ...)
	NOT-FOR-US: VERITAS Backup Exec for Windows Servers
CVE-2005-2610 (Cross-site scripting (XSS) vulnerability in index.php in VegaDNS ...)
	NOT-FOR-US: VegaDNS
CVE-2005-2609 (index.php in VegaDNS 0.8.1, 0.9.8, and possibly other versions, allows ...)
	NOT-FOR-US: VegaDNS
CVE-2005-2608 (SafeHTML before 1.3.5 does not properly filter script in UTF-7 and CSS ...)
	NOT-FOR-US: SafeHTML
CVE-2005-2607 (PHP file include vulnerability in download.php in PHPSimplicity ...)
	NOT-FOR-US: PHPSimplicity
CVE-2005-2606 (Unknown vulnerability in the &quot;frontend authentication&quot; in PHlyMail ...)
	NOT-FOR-US: PHlyMail
CVE-2005-2605 (Unknown vulnerability in Lasso Professional Server8.0.4 and 8.0.5 ...)
	NOT-FOR-US: Lasso Professional Server
CVE-2005-2604 (index.php for My Image Gallery (Mig ) 1.4.1 allows remote attackers to ...)
	NOT-FOR-US: My Image Gallery (Mig)
CVE-2005-2603 (Cross-site scripting (XSS) vulnerability in index.php for My Image ...)
	NOT-FOR-US: My Image Gallery (Mig)
CVE-2005-2602 (Mozilla Thunderbird 1.0 and Firefox 1.0.6 allows remote attackers to ...)
	- mozilla-firefox <not-affected> (According to Bugzilla Windows/Mac only)
CVE-2005-2601 (SQL injection vulnerability in MidiCart allows remote attackers to ...)
	NOT-FOR-US: MidiCart
CVE-2005-2600 (FUDForum 2.6.15 with &quot;Tree View&quot; enabled, as used in other products ...)
	{DSA-899-1 DSA-798-1}
	- egroupware 1.0.0.009.dfsg-3-2 (bug #323928; medium)
	- phpgroupware 0.9.16.008-1 (bug #323929; medium)
CVE-2005-2599 (Hummingbird FTP for Connectivity 10.0 uses weak encryption (trivial ...)
	NOT-FOR-US: Hummingbird FTP for Connectivity
CVE-2005-2598 (Multiple directory traversal vulnerabilities in Dokeos 1.6 and ...)
	NOT-FOR-US: Dokeos
CVE-2005-2597 (AOL Client Software 9.0 uses insecure permissions for its installation ...)
	NOT-FOR-US: AOL Client
CVE-2005-2596 (User.php in Gallery, as used in Postnuke, allows users with any Admin ...)
	{DSA-879-1}
	- gallery 1.5-2 (medium)
CVE-2005-2595 (Cross-site scripting (XSS) vulnerability in Dada Mail before 2.10 ...)
	NOT-FOR-US: Dada Mail
CVE-2005-2594 (Apple Safari 1.3 (132) on Mac OS X 1.3.9 allows remote attackers to ...)
	NOT-FOR-US: Apple Safari
CVE-2005-2593 (Parlano MindAlign 5.0 and later versions uses weak encryption, with ...)
	NOT-FOR-US: MindAlign
CVE-2005-2592 (Unknown vulnerability in Parlano MindAlign 5.0 and later versions ...)
	NOT-FOR-US: MindAlign
CVE-2005-2591 (Parlano MindAlign 5.0 and later versions allows remote attackers to ...)
	NOT-FOR-US: MindAlign
CVE-2005-2590 (Cross-site scripting (XSS) vulnerability in Parlano MindAlign 5.0 and ...)
	NOT-FOR-US: MindAlign
CVE-2005-2589 (Unknown vulnerability in Linksys WRT54GS wireless router with firmware ...)
	NOT-FOR-US: WRT54GS wireless router
CVE-2005-2588 (Multiple cross-site scripting (XSS) vulnerabilities in DVBBS 7.1 SP2 ...)
	NOT-FOR-US: DVBBS
CVE-2005-2587 (SQL injection vulnerability in emailvalidate.php in PHPTB Topic Boards ...)
	NOT-FOR-US: PHPTB Topic Boards
CVE-2005-2586 (Mentor ADSL-FR4II router running firmware 2.00.0111 stores the web ...)
	NOT-FOR-US: Mentor ADSL-FR4II router
CVE-2005-2585 (Mentor ADSL-FR4II router running firmware 2.00.0111 allows remote ...)
	NOT-FOR-US: Mentor ADSL-FR4II router
CVE-2005-2584 (The web administration interface in Mentor ADSL-FR4II router running ...)
	NOT-FOR-US: Mentor ADSL-FR4II router
CVE-2005-2583 (Mentor ADSL-FR4II router running firmware 2.00.0111 has an undocumented ...)
	NOT-FOR-US: Mentor ADSL-FR4II router
CVE-2005-2582 (Kaspersky Anti-Virus for Unix/Linux File Servers 5.0-5 uses ...)
	NOT-FOR-US: Kaspersky
CVE-2005-2581 (Grandstream BudgeTone 101 and 102 running firmware 1.0.6.7 and ...)
	NOT-FOR-US: Grandstream BudgeTone
CVE-2005-2580 (Multiple SQL injection vulnerabilities in MyBulletinBoard (MyBB) 1.00 ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2005-2579 (Nortel Contivity VPN Client V05_01.030, when configuring a certificate ...)
	NOT-FOR-US: Contivity
CVE-2005-2578
	REJECTED
CVE-2005-2577 (Wyse Winterm 1125SE running firmware 4.2.09f or 4.4.061f allows remote ...)
	NOT-FOR-US: Wyse Winterm
CVE-2005-2576 (CaLogic 1.22, and possibly earlier versions, allows remote attackers ...)
	NOT-FOR-US: CaLogic
CVE-2005-2575 (SQL injection vulnerability in u2u.inc.php in XMB Forum 1.9.1 allows ...)
	NOT-FOR-US: XMB Forum
CVE-2005-2574 (xmb.php in XMB Forum 1.9.1 extracts and defines all provided ...)
	NOT-FOR-US: XMB Forum
CVE-2005-2573 (The mysql_create_function function in sql_udf.cc for MySQL 4.0 before ...)
	- mysql <not-affected> (Windows specific mysql holes)
	- mysql-dfsg-4.1 <not-affected> (Windows specific mysql holes)
	- mysql-dfsg-5.0 <not-affected> (Windows specific mysql holes)
CVE-2005-2572 (MySQL, when running on Windows, allows remote authenticated users with ...)
	- mysql <not-affected> (Windows specific mysql holes)
	- mysql-dfsg-4.1 <not-affected> (Windows specific mysql holes)
	- mysql-dfsg-5.0 <not-affected> (Windows specific mysql holes)
CVE-2005-2571 (FunkBoard 0.66CF, and possibly earlier versions, does not properly ...)
	NOT-FOR-US: FunkBoard
CVE-2005-2570 (FunkBoard 0.66CF, and possibly earlier versions, allows remote ...)
	NOT-FOR-US: FunkBoard
CVE-2005-2569 (Multiple cross-site scripting (XSS) vulnerabilities in FunkBoard ...)
	NOT-FOR-US: FunkBoard
CVE-2005-2568 (Eval injection vulnerability in the template engine for SysCP 1.2.10 ...)
	NOT-FOR-US: SysCP
CVE-2005-2567 (PHP remote file inclusion vulnerability in SysCP 1.2.10 and earlier ...)
	NOT-FOR-US: SysCP
CVE-2005-2566 (Multiple SQL injection vulnerabilities in Open Bulletin Board (OpenBB) ...)
	NOT-FOR-US: OpenBB
CVE-2005-2565 (Gravity Board X (GBX) 1.1 allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: Gravity Board X (GBX)
CVE-2005-2564 (Direct static code injection vulnerability in editcss.php in Gravity ...)
	NOT-FOR-US: Gravity Board X (GBX)
CVE-2005-2563 (Multiple cross-site scripting (XSS) vulnerabilities in Gravity Board X ...)
	NOT-FOR-US: Gravity Board X (GBX)
CVE-2005-2562 (SQL injection vulnerability in Gravity Board X (GBX) 1.1 allows remote ...)
	NOT-FOR-US: Gravity Board X (GBX)
CVE-2005-2561 (Multiple SQL injection vulnerabilities in MYFAQ 1.0 allow remote ...)
	NOT-FOR-US: MYFAQ
CVE-2005-2560 (Cross-site scripting (XSS) vulnerability in index.cfm in CFBB 1.1.0 ...)
	NOT-FOR-US: CFBB
CVE-2005-2559 (doping.php in ePing plugin 1.02 and earlier for e107 portal allows ...)
	NOT-FOR-US: e107 portal
CVE-2005-2558 (Stack-based buffer overflow in the init_syms function in MySQL 4.0 ...)
	{DSA-831-1 DSA-829-1}
	- mysql-dfsg-4.1 4.1.13 (medium)
	- mysql-dfsg-5.0 5.0.7beta-1 (medium)
	- mysql-dfsg 4.0.24-10sarge1 (bug #322133; medium)
CVE-2005-2557 (Cross-site scripting (XSS) vulnerability in view_all_set.php in Mantis ...)
	{DSA-778-1}
	- mantis 0.19.2-4 (low)
CVE-2005-2556 (core/database_api.php in Mantis 0.19.0a1 through 1.0.0a3, with ...)
	{DSA-778-1}
	- mantis 0.19.2-4 (medium)
CVE-2005-2555 (Linux kernel 2.6.x does not properly restrict socket policy access to ...)
	{DSA-1018-1 DSA-1017-1 DTSA-16-1}
	- linux-2.6 2.6.12-6 (medium)
CVE-2004-2388 (rexecd for AIX 4.3.3 does not properly use a local copy of the pwd ...)
	NOT-FOR-US: rexecd
CVE-2004-2387 (Buffer overflow in the HandleCPCCommand function of sercd before 2.3.1 ...)
	NOT-FOR-US: sercd
CVE-2004-2386 (Format string vulnerability in the LogMsg function in sercd before ...)
	NOT-FOR-US: sercd
CVE-2004-2385 (EMU Webmail 5.2.7 allows remote attackers to obtain sensitive path ...)
	NOT-FOR-US: EMU Webmail
CVE-2004-2384 (NullSoft Winamp 5.02 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Winamp
CVE-2004-2383 (Microsoft Internet Explorer 5.0 through 6.0 allows remote attackers to ...)
	NOT-FOR-US: Microsoft
CVE-2004-2382 (The PerfectNav plugin for Microsoft Internet Explorer allows remote ...)
	NOT-FOR-US: Microsoft
CVE-2004-2381 (HttpRequest.java in Jetty HTTP Server before 4.2.19 allows remote ...)
	- jetty 4.2.19-1 (medium)
CVE-2004-2380 (Directory traversal vulnerability in postfile.exe for Twilight ...)
	NOT-FOR-US: Twilight Utilities Web Server
CVE-2004-2379 (Multiple cross-site scripting (XSS) vulnerabilities in @Mail 3.64 for ...)
	NOT-FOR-US: @Mail
CVE-2004-2378 (@Mail 3.64 for Windows allows remote attackers to cause a denial of ...)
	NOT-FOR-US: @Mail
CVE-2004-2377 (Alcatel OmniSwitch 7000 and 7800 allows remote attackers to cause a ...)
	NOT-FOR-US: Alcatel OmniSwitch
CVE-2004-2376 (Buffer overflow in postfile.exe for Twilight Utilities Web Server ...)
	NOT-FOR-US: Twilight Utilities Web Server
CVE-2004-2375 (Buffer overflow in the POP3 server in 1st Class Mail Server 4.0 allows ...)
	NOT-FOR-US: 1st Class Mail Server
CVE-2004-2374 (BadBlue 2.4 allows remote attackers to obtain the location of the ...)
	NOT-FOR-US: BadBlue
CVE-2004-2373 (The Buddy icon file for AOL Instant Messenger (AIM) 4.3 through 5.5 is ...)
	NOT-FOR-US: AIM
CVE-2004-2372 (Buffer overflow in Bochs before 2.1.1, if installed setuid, allows ...)
	- bochs 2.1.1-1
CVE-2004-2371 (Multiple Red Storm web-based games, including Ghost Recon 1.4 and ...)
	NOT-FOR-US: Red Storm Games
CVE-2004-2370 (Stack-based buffer overflow in Trillian 0.71 through 0.74f and ...)
	NOT-FOR-US: Cerulean Trillian
CVE-2004-2369 (Directory traversal vulnerability in webadmin.nsf for Lotus Domino R6 ...)
	NOT-FOR-US: Lotus Domino
CVE-2004-2368 (PHP remote file inclusion vulnerability in header.php in Opt-X 0.7.2 ...)
	NOT-FOR-US: Opt-X
CVE-2004-2367 (The Control Panel applet in WFTPD and WFTPD Pro 3.21 R1 and R2 allows ...)
	NOT-FOR-US: WFTPD
CVE-2004-2366 (Buffer overflow in GlobalSCAPE Secure FTP Server 2.0 B03.11.2004.2 ...)
	NOT-FOR-US: GlobalScape Secure FTP Server
CVE-2004-2365 (Memory leak in Microsoft Windows XP and Windows Server 2003 allows ...)
	NOT-FOR-US: Microsoft
CVE-2004-2364 (Cross-site request forgery (CSRF) vulnerability in PHPX 3.0 through ...)
	NOT-FOR-US: PHPX CMS
CVE-2004-2363 (Validate-Before-Canonicalize vulnerability in the checkURI function in ...)
	NOT-FOR-US: PHPX CMS
CVE-2004-2362 (PHPX 3.2.6 and earlier allows remote attackers to obtain the physical ...)
	NOT-FOR-US: PHPX CMS
CVE-2004-2361 (Digital Reality game engine, as used in Haegemonia 1.0 through 1.0.7 ...)
	NOT-FOR-US: Digital Reality game engine, as used in Haegemonia 1.0 through 1.0.7 and Desert Rats vs. Afrika Korps 1.0
CVE-2004-2360 (Targem Battle Mages 1.0 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Targem Battle Mages
CVE-2004-2359 (Dell TrueMobile 1300 WLAN Mini-PCI Card Util TrayApplet 3.10.39.0 does ...)
	NOT-FOR-US: Dell TrueMobile 1300 WLAN Mini-PCI Card Util TrayApplet
CVE-2004-2358 (Cross-site scripting (XSS) vulnerability in admin_words.php for phpBB ...)
	- phpbb2 2.0.6c (low)
CVE-2004-2357 (The embedded MySQL 4.0 server for Proofpoint Protection Server does ...)
	NOT-FOR-US: roofpoint Protection Server
CVE-2004-2356 (Early termination vulnerability in Fizmez Web Server 1.0 allows remote ...)
	NOT-FOR-US: Fizmez
CVE-2004-2355 (Cross-site scripting (XSS) vulnerability in Crafty Syntax Live Help ...)
	NOT-FOR-US: Crafty Syntax Live Help
CVE-2004-2354 (SQL injection vulnerability in 4nGuestbook 0.92 for PHP-Nuke 6.5 ...)
	NOT-FOR-US: 4nGuestbook
CVE-2004-2353 (BugPort before 1.099 stores its configuration file (conf/config.conf) ...)
	NOT-FOR-US: BugPort
CVE-2004-2352 (Cross-site scripting (XSS) vulnerability in GBook for PHP-Nuke 1.0 ...)
	NOT-FOR-US: GBook
CVE-2004-2351 (Cross-site scripting (XSS) vulnerability in GBook for Php-Nuke 1.0 ...)
	NOT-FOR-US: GBook
CVE-2004-2350 (SQL injection vulnerability in search.php for phpBB 1.0 through 2.0.6 ...)
	- phpbb2 2.0.8 (low)
CVE-2004-2349 (Multiple SQL injection vulnerabilities in Tunez before 1.20-pre2 allow ...)
	NOT-FOR-US: Tunez
CVE-2004-2348 (Sybari AntiGen for Domino 7.0 Build 722 SR2 alows remote attackers to ...)
	NOT-FOR-US: Sybari AntiGen for Domino
CVE-2004-2347 (blog.cgi in Leif M. Wright Web Blog 1.1 and 1.1.5 allows remote ...)
	NOT-FOR-US: Leif M. Wright Web Blog
CVE-2004-2346 (Multiple cross-site scripting (XSS) vulnerabilities in Forum Web ...)
	NOT-FOR-US: Forum Web Server
CVE-2004-2345 (Unknown multiple vulnerabilities in Oracle9i Database Server 9.0.1.4, ...)
	NOT-FOR-US: Oracle
CVE-2004-2344 (Unknown vulnerability in the ASN.1/H.323/H.225 stack of VocalTec ...)
	NOT-FOR-US: VocalTec
CVE-2004-2343 (** DISPUTED ** ...)
	NOTE: apache disputes this and I agree -- joeyh
CVE-2004-2342 (ChatterBox 2.0 allows remote attackers to cause a denial of service ...)
	NOT-FOR-US: ChatterBox
CVE-2004-2341 (PHP file include injection vulnerability in isearch.inc.php for ...)
	NOT-FOR-US: iSearch
CVE-2004-2340 (** UNVERIFIABLE ** ...)
	NOT-FOR-US: PunkBuster Screenshot Database
CVE-2004-2339 (** DISPUTED ** ...)
	NOT-FOR-US: Microsoft
CVE-2004-2338 (OpenBSD 3.3 and 3.4 does not properly parse Accept and Deny rules ...)
	NOT-FOR-US: OpenBSD
CVE-2004-2337 (The /.inlook/.crypt file for inlook 0.7.3 and earlier is installed ...)
	NOT-FOR-US: inlook
CVE-2004-2336 (Unknown vulnerability in Novell GroupWise and GroupWise WebAccess 6.0 ...)
	NOT-FOR-US: Novel Groupwise
CVE-2004-2335 (The Macromedia installers and e-licensing client on Mac OS X, as used ...)
	NOT-FOR-US: Macromedia installers and e-licensing client on Mac OS X
CVE-2004-2334 (Multiple cross-site scripting (XSS) vulnerabilities in EMU Webmail ...)
	NOT-FOR-US: EMU Webmail
CVE-2004-2333 (Bodington 2.1.0 RC1 and earlier does not secure the file upload area, ...)
	NOT-FOR-US: Bodington
CVE-2004-2332 (Multiple cross-site scripting (XSS) vulnerabilities in CPAN WWW::Form ...)
	NOT-FOR-US: WWW::Form
CVE-2004-2331 (ColdFusion MX 6.1 and 6.1 J2EE allows local users to bypass sandbox ...)
	NOT-FOR-US: ColdFusion
CVE-2004-2330 (ColdFusion MX 6.1 and 6.1 J2EE allows remote attackers to cause a ...)
	NOT-FOR-US: ColdFusion
CVE-2004-2329 (Kerio Personal Firewall (KPF) 2.1.5 allows local users to execute ...)
	NOT-FOR-US: Kerio Personal Firewal
CVE-2004-2328 (Clearswift MAILsweeper for SMTP before 4.3_13 allows remote attackers ...)
	NOT-FOR-US: Clearswift MAILsweeper
CVE-2004-2327 (Vizer Web Server 1.9.1 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Vizer
CVE-2004-2326 (SQL injection vulnerability in IP3 Networks NetAccess Appliance before ...)
	NOT-FOR-US: IP3 Networks NetAccess
CVE-2004-2325 (Cross-site scripting (XSS) vulnerability in EditModule.aspx for ...)
	NOT-FOR-US: DotNetNuke
CVE-2004-2324 (SQL injection vulnerability in DotNetNuke (formerly IBuySpy Workshop) ...)
	NOT-FOR-US: DotNetNuke
CVE-2004-2323 (DotNetNuke (formerly IBuySpy Workshop) 1.0.6 through 1.0.10d allows ...)
	NOT-FOR-US: DotNetNuke
CVE-2004-2322 (SQL injection vulnerability in the (1) announce and (2) notes modules ...)
	NOT-FOR-US: phpWebSite
CVE-2004-2321 (BEA WebLogic Server and Express 8.1 SP1 and earlier allows local users ...)
	NOT-FOR-US: BEA WebLogic
CVE-2004-2320 (The default configuration of BEA WebLogic Server and Express 8.1 SP2 ...)
	NOT-FOR-US: BEA WebLogic
CVE-2004-2319 (IBM Informix Dynamic Server (IDS) before 9.40.xC3 allows local users ...)
	NOT-FOR-US: IBM Informatik Dynamic Server
CVE-2004-2318 (The administrative interface (surgeftpmgr.cgi) for SurgeFTP Server ...)
	NOT-FOR-US: SurgeFTP Server
CVE-2004-2317 (Information leak in Mbedthis AppWeb HTTP server 1.0 through 1.1.2 ...)
	NOT-FOR-US: AppWeb HTTP server
CVE-2004-2316 (Mbedthis AppWeb HTTP server before 1.0.2 allows remote attackers to ...)
	NOT-FOR-US: AppWeb HTTP server
CVE-2004-2315 (Mbedthis AppWeb HTTP server before 1.0.2 allows remote attackers to ...)
	NOT-FOR-US: AppWeb HTTP server
CVE-2004-2314 (The Telnet listener for Novell iChain Server before 2.2 Field Patch 3b ...)
	NOT-FOR-US: Novell iChain Server
CVE-2004-2313 (Inter7 SqWebMail 3.4.1 through 3.6.1 generates different error ...)
	- courier <unfixed> (unimportant)
	NOTE: This is a lack of a security feature, but not a direct vulnerability
CVE-2004-2312 (Buffer overflow in GNU make for IBM AIX 4.3.3, when installed setgid, ...)
	NOT-FOR-US: AIX only
CVE-2004-2311 (Directory traversal vulnerability in webadmin.nsf in Lotus Domino R6 ...)
	NOT-FOR-US: Lotus Domino
CVE-2004-2310 (Cross-site scripting (XSS) vulnerability in webadmin.nsf in Lotus ...)
	NOT-FOR-US: Lotus Domino
CVE-2004-2309 (Directory traversal vulnerability in Crob FTP Server 3.5.1 allows ...)
	NOT-FOR-US: Crob FTP Server
CVE-2004-2308 (Cross-site scripting (XSS) vulnerability in cPanel 9.1.0 and possibly ...)
	NOT-FOR-US: cPanel; see www.cpanel.net; has nothing to do with Debian package cpanel
CVE-2004-2307 (Microsoft Internet Explorer 6.0.2600 on Windows XP allows remote ...)
	NOT-FOR-US: MS IE
CVE-2004-2306 (Sun Solaris 7 through 9, when Basic Security Module (BSM) is enabled ...)
	NOT-FOR-US: Solaris
CVE-2004-2305 (Computer Associates eTrust Antivirus EE 6.0 through 7.0 allows remote ...)
	NOT-FOR-US: Computer Associates
CVE-2004-2304 (Integer overflow in Trillian 0.74 and earlier, and Trillian Pro 2.01 ...)
	NOT-FOR-US: Cerulean Trillian
CVE-2004-2303 (MTools Mformat before 3.9.9, when installed setuid root, creates files ...)
	- mtools 3.9.9
CVE-2003-1228 (Buffer overflow in the prepare_reply function in request.c for Mathopd ...)
	- mathopd 1.5b14
CVE-2003-1227 (PHP remote file include vulnerability in index.php for Gallery 1.4 and ...)
	- gallery 1.4.1
CVE-2003-1226 (BEA WebLogic Server and Express 7.0 and 7.0.0.1 stores certain secrets ...)
	NOT-FOR-US: BEA
CVE-2003-1225 (The default CredentialMapper for BEA WebLogic Server and Express 7.0 ...)
	NOT-FOR-US: BEA
CVE-2003-1224 (Weblogic.admin for BEA WebLogic Server and Express 7.0 and 7.0.0.1 ...)
	NOT-FOR-US: BEA
CVE-2003-1223 (The Node Manager for BEA WebLogic Express and Server 6.1 through 8.1 ...)
	NOT-FOR-US: BEA
CVE-2003-1222 (BEA Weblogic Express and Server 8.0 through 8.1 SP 1, when using a ...)
	NOT-FOR-US: BEA
CVE-2003-1221 (BEA WebLogic Express and Server 7.0 through 8.1 SP 1, under certain ...)
	NOT-FOR-US: BEA
CVE-2003-1220 (BEA WebLogic Server proxy plugin for BEA Weblogic Express and Server ...)
	NOT-FOR-US: BEA
CVE-2002-2123 (PHP remote file inclusion vulnerability in publish_xp_docs.php for ...)
	- gallery 1.3.3
CVE-2005-XXXX [DoS against clamav through infinite loop in cli_rmdirs]
	- clamav 0.86.2-1 (low)
	[sarge] - clamav 0.84-2.sarge.2
CVE-2005-2554 (The web server for Network Associates ePolicy Orchestrator Agent 3.5.0 ...)
	NOT-FOR-US: Network Associated ePolicy Orchestrator Agent
CVE-2005-2553 (The find_target function in ptrace32.c in the Linux kernel 2.4.x ...)
	{DSA-921-1}
	- kernel-source-2.4.27 2.4.27-12 (bug #323363; medium)
CVE-2005-2552 (Unknown vulnerability in HP ProLiant DL585 servers running Integrated ...)
	NOT-FOR-US: Integrated Light Out in HP servers
CVE-2005-2551 (Buffer overflow in dhost.exe in iMonitor for Novell eDirectory 8.7.3 ...)
	NOT-FOR-US: Novell eDirectory
CVE-2005-2547 (security.c in hcid for BlueZ 2.16, 2.17, and 2.18 allows remote ...)
	{DSA-782-1 DTSA-9-1}
	- bluez-utils 2.19-1 (bug #323365; medium)
CVE-2005-2546 (Arab Portal 2.0 allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: Arab Portal
CVE-2005-2545 (Multiple cross-site scripting (XSS) vulnerabilities in PHPOpenChat ...)
	NOT-FOR-US: PHPOpenChat
CVE-2005-2544 (PHP remote file inclusion vulnerability in config.php in Comdev ...)
	NOT-FOR-US: Comdev eCommerce
CVE-2005-2543 (Directory traversal vulnerability in wce.download.php in Comdev ...)
	NOT-FOR-US: Comdev eCommerce
CVE-2005-2542 (Invision Power Board (IPB) 1.0.3 allows remote attackers to inject ...)
	NOT-FOR-US: Invision Power Board
CVE-2005-2541 (Tar 1.15.1 does not properly warn the user when extracting setuid or ...)
	NOTE: This is intended behaviour, after all tar is an archiving tool and you
	NOTE: need to give -p as a command line flag
	- tar <unfixed> (bug #328228; unimportant)
CVE-2005-2540 (CRLF injection vulnerability in FlatNuke 2.5.5 and possibly earlier ...)
	NOT-FOR-US: FlatNuke
CVE-2005-2539 (Multiple cross-site scripting (XSS) vulnerabilities in FlatNuke 2.5.5 ...)
	NOT-FOR-US: FlatNuke
CVE-2005-2538 (FlatNuke 2.5.5 and possibly earlier versions allows remote attackers ...)
	NOT-FOR-US: FlatNuke
CVE-2005-2537 (FlatNuke 2.5.5 and possibly earlier versions allows remote attackers ...)
	NOT-FOR-US: FlatNuke
CVE-2005-2536 (pstotext before 1.8g does not properly use the &quot;-dSAFER&quot; option when ...)
	{DSA-792-1}
	- pstotext 1.9-2 (bug #319758; medium)
CVE-2005-2535 (Buffer overflow in the Discovery Service in BrightStor ARCserve Backup ...)
	NOT-FOR-US: ARCserve Backup
CVE-2005-2534 (Race condition in OpenVPN before 2.0.1, when --duplicate-cn is not ...)
	{DSA-851-1}
	- openvpn 2.0.2-1 (bug #324167; high)
CVE-2005-2533 (OpenVPN before 2.0.1, when running in &quot;dev tap&quot; Ethernet bridging ...)
	{DSA-851-1}
	- openvpn 2.0.2-1 (bug #324167; high)
CVE-2005-2532 (OpenVPN before 2.0.1 does not properly flush the OpenSSL error queue ...)
	{DSA-851-1}
	- openvpn 2.0.2-1 (bug #324167; high)
CVE-2005-2531 (OpenVPN before 2.0.1, when running with &quot;verb 0&quot; and without TLS ...)
	{DSA-851-1}
	- openvpn 2.0.2-1 (bug #324167; high)
CVE-2005-2530 (Unspecified vulnerability in Java 1.3.1 before 1.3.1_16 on Apple Mac OS X ...)
	NOT-FOR-US: Java / Apple
CVE-2005-2529 (Unspecified vulnerability in Java 1.4.2 before 1.4.2 Release 2 on Apple Mac ...)
	NOT-FOR-US: Java / Apple
CVE-2005-2528
	RESERVED
CVE-2005-2527 (Race condition in Java 1.4.2 before 1.4.2 Release 2 on Apple Mac OS X ...)
	NOT-FOR-US: Java / Apple
CVE-2005-2526 (CUPS in Mac OS X 10.3.9 and 10.4.2 allows remote attackers to cause a ...)
	NOT-FOR-US: MacOS X
CVE-2005-2525 (CUPS in Mac OS X 10.3.9 and 10.4.2 does not properly close file ...)
	NOT-FOR-US: MacOS X
CVE-2005-2524 (Safari after 2.0 in Apple Mac OS X 10.3.9 allows remote attackers to ...)
	NOT-FOR-US: MacOS X
CVE-2005-2523 (Multiple cross-site scripting (XSS) vulnerabilities in Weblog Server ...)
	NOT-FOR-US: Weblog Server in Mac OS X
CVE-2005-2522 (Safari in WebKit in Mac OS X 10.4 to 10.4.2 directly accesses URLs ...)
	NOT-FOR-US: Mac OS X
CVE-2005-2521 (Buffer overflow in traceroute in Mac OS X 10.3.9 allows local users to ...)
	NOT-FOR-US: Mac OS X
CVE-2005-2520 (The password assistant in Mac OS X 10.4 to 10.4.2, when used to create ...)
	NOT-FOR-US: Mac OS X
CVE-2005-2519 (slpd in Directory Services in Mac OS X 10.3.9 creates insecure ...)
	NOT-FOR-US: Mac OS X
CVE-2005-2518 (Buffer overflow in servermgrd in Mac OS X 10.3.9 and 10.4.2 allows ...)
	NOT-FOR-US: Mac OS X
CVE-2005-2517 (Safari in Mac OS X 10.3.9 and 10.4.2 submits forms from an XSL ...)
	NOT-FOR-US: Mac OS X
CVE-2005-2516 (Safari in Mac OS X 10.3.9 and 10.4.2, when rendering Rich Text Format ...)
	NOT-FOR-US: Mac OS X
CVE-2005-2515 (Quartz Composer Screen Saver in Mac OS X 10.4.2 allows local users to ...)
	NOT-FOR-US: Mac OS X
CVE-2005-2514 (Buffer overflow in ping in Mac OS X 10.3.9 allows local users to ...)
	NOT-FOR-US: Mac OS X
CVE-2005-2513 (Unknown vulnerability in HItoolbox for Mac OS X 10.4.2 allows ...)
	NOT-FOR-US: Mac OS X
CVE-2005-2512 (Mail.app in Mac OS 10.4.2 and earlier, when printing or forwarding an ...)
	NOT-FOR-US: Mac OS X
CVE-2005-2511 (Unknown vulnerability in Mac OS X 10.4.2 and earlier, when using ...)
	NOT-FOR-US: Mac OS X
CVE-2005-2510 (The Server Admin tool in servermgr_ipfilter for Mac OS X 10.4 to ...)
	NOT-FOR-US: Mac OS X
CVE-2005-2509 (Unknown vulnerability in loginwindow in Mac OS X 10.4.2 and earlier, ...)
	NOT-FOR-US: Mac OS X
CVE-2005-2508 (dsidentity in Directory Services in Mac OS X 10.4.2 allows local users ...)
	NOT-FOR-US: Mac OS X
CVE-2005-2507 (Buffer overflow in Directory Services in Mac OS X 10.3.9 and 10.4.2 ...)
	NOT-FOR-US: Mac OS X
CVE-2005-2506 (Algorithmic complexity vulnerability in CoreFoundation in Mac OS X ...)
	NOT-FOR-US: Mac OS X
CVE-2005-2505 (Buffer overflow in CoreFoundation in Mac OS X 10.3.9 allows attackers ...)
	NOT-FOR-US: Mac OS X
CVE-2005-2504 (The System Profiler in Mac OS X 10.4.2 labels a Bluetooth device with ...)
	NOT-FOR-US: Mac OS X
CVE-2005-2503 (AppKit for Mac OS X 10.3.9 and 10.4.2 allows attackers with physical ...)
	NOT-FOR-US: Mac OS X
CVE-2005-2502 (Buffer overflow in AppKit for Mac OS X 10.3.9 and 10.4.2, as used in ...)
	NOT-FOR-US: Mac OS X
CVE-2005-2501 (Buffer overflow in AppKit for Mac OS X 10.3.9 and 10.4.2 allows ...)
	NOT-FOR-US: Mac OS X
CVE-2005-2500 (Buffer overflow in the xdr_xcode_array2 function in xdr.c in Linux ...)
	- linux-2.6 2.6.12-1 (medium)
CVE-2005-2499 (slocate before 2.7 does not properly process very long paths, which ...)
	- slocate <not-affected> (Uses secure glibc code, see #324951)
CVE-2005-2498 (Eval injection vulnerability in PHPXMLRPC 1.1.1 and earlier (PEAR ...)
	{DSA-842-1 DSA-840-1 DSA-798-1 DSA-789-1 DTSA-15-1}
	- drupal 4.5.5-1 (bug #323347; high)
	- phpgroupware 0.9.16.008-1 (bug #323349; high)
	- egroupware 1.0.0.009.dfsg-1 (bug #323350; high)
	- phpwiki <unfixed> (unimportant)
	NOTE: phpwiki has disabled the XMLRPC in the last upload, it orphaned as well, should be fixed anyway
	- php4 4:4.3.10-16 (bug #323366; high)
	- php5 5.0.5-1 (high)
CVE-2005-2497
	REJECTED
CVE-2005-2496 (The xntpd ntp (ntpd) daemon before 4.2.0b, when run with the -u option ...)
	{DSA-801-1}
	NOTE: I suspect DSA-801 is fixed by the non-root patches from Ubuntu??
	- ntp 1:4.2.0a+stable-2sarge1 (medium)
	[etch] - ntp 1:4.2.0a+stable-2sarge1 (medium)
CVE-2005-2495 (Multiple integer overflows in XFree86 before 4.3.0 allow ...)
	{DSA-816-1}
	- xorg-x11 6.8.2.dfsg.1-7 (medium)
CVE-2005-2494 (kcheckpass in KDE 3.2.0 up to 3.4.2 allows local users to gain root ...)
	{DSA-815-1}
	- kdebase 4:3.4.2-3 (bug #327039; medium)
CVE-2005-2493
	RESERVED
CVE-2005-2492 (The raw_sendmsg function in the Linux kernel 2.6 before 2.6.13.1 ...)
	- linux-2.6 2.6.12-7 (bug #327416; medium)
CVE-2005-2491 (Integer overflow in pcre_compile.c in Perl Compatible Regular ...)
	{DSA-821-1 DSA-819-1 DSA-817-1 DSA-800-1 DTSA-10-1}
	- pcre3 6.3-1 (bug #324531; medium)
	- gnumeric 1.5.1-1 (bug #326628; bug #326898; unimportant)
	- goffice 0.1.0-3 (bug #326898; unimportant)
	- vfu <not-affected> (does not include the vulnerable part of pcre)
	NOTE: gnumeric/goffice includes one as well; not exploitable as affected code not used
	- python2.1 2.1.3dfsg-3 (medium)
	- python2.2 2.2.3dfsg-4 (medium)
	- python2.3 2.3.5-8 (medium)
CVE-2005-2490 (Stack-based buffer overflow in the sendmsg function call in the Linux ...)
	{DSA-1017-1}
	- linux-2.6 2.6.12-7 (bug #327416; medium)
CVE-2004-2302 (Race condition in the sysfs_read_file and sysfs_write_file functions ...)
	{DSA-922-1 DTSA-16-1}
	- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.10)
	- kernel-source-2.4.27 <not-affected>
CVE-2005-XXXX [Buffer overflow in Description parsing]
	- bidwatcher <removed> (bug #319489; low)
	[sarge] - bidwatcher <no-dsa> (Totally broken due to Ebay changes, no users, no exploits)
CVE-2005-XXXX [Does not do escaping in mysql version - both a worrying flaw and stops adduser working]
	- dbmail 2.2.1-1 (bug #303991; bug #290833; medium)
CVE-2005-XXXX [downloads.ini writable by group users, world-readable]
	- mldonkey 2.5.28.1-1 (bug #300560; low)
CVE-2005-XXXX [Should include "UNRESTRICTED access to your computer" warning somewhere]
	- classpath 2:0.92-1 (bug #267040; bug #301134; high)
	[etch] - classpath <not-affected> (Doesn't build the gcjwebplugin binary package)
CVE-2005-XXXX [Inconsistent escaping of user supplied data in dbauthpgsql.c]
	- dbmail 2.2.1-1 (bug #290833; medium)
CVE-2005-2548 (vlan_dev.c in the VLAN code for Linux kernel 2.6.8 allows remote ...)
	{DSA-922-1 DTSA-16-1}
	NOTE: Will appear in next kernel DSA, fixed in 2.6 since 2.6.9-rc2
	- kernel-source-2.6.8 2.6.8-16sarge1 (bug #309308; low)
	NOTE: 2.6.12-1 contained a partially broken fix
	- linux-2.6 2.6.12-6 (bug #309308; low)
CVE-2005-2489 (Web Content Management News System allows remote attackers to create ...)
	NOT-FOR-US: Web Content Management News System
CVE-2005-2488 (Cross-site scripting (XSS) vulnerability in Web Content Management ...)
	NOT-FOR-US: Web Content Management News System
CVE-2005-2487 (Unknown vulnerability in Sun McData switches and directors 4300, 4500, ...)
	NOT-FOR-US: Sun switches
CVE-2005-2486 (SQL injection vulnerability in mod_forum/read_message.php in ...)
	NOT-FOR-US: PortailPHP
CVE-2005-2485 (Cross-site scripting (XSS) vulnerability in the Helpdesk in Logicampus ...)
	NOT-FOR-US: Logicampus
CVE-2005-2484 (Buffer overflow in the rdb_query function for Denora IRC Stats 1.0 ...)
	NOT-FOR-US: Denora IRC stats
CVE-2005-2483 (Eval injection vulnerability in Karrigell before 2.1.8 allows remote ...)
	NOT-FOR-US: Karrigell
CVE-2005-2482 (The StateToOptions function in msfweb in Metasploit Framework 2.4 and ...)
	NOT-FOR-US: Metasploit Framework
CVE-2005-2481 (ColdFusion Fusebox 4.1.0 allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: Fusebox
CVE-2005-2480 (Cross-site scripting (XSS) vulnerability in ColdFusion Fusebox 4.1.0 ...)
	NOT-FOR-US: Fusebox
CVE-2005-2479 (Quick 'n Easy FTP Server 3.0 allows remote attackers to cause a denial ...)
	NOT-FOR-US: Quick 'n Easy FTP Server
CVE-2005-2478 (SQL injection vulnerability in SilverNews 2.0.3 allows remote ...)
	NOT-FOR-US: Silvernews
CVE-2005-2477 (shop_display_products.php in Naxtor Shopping Cart 1.0 allows remote ...)
	NOT-FOR-US: Naxtor Shopping Cart
CVE-2005-2476 (Cross-site scripting (XSS) vulnerability in lost_passowrd.php in Naxtor ...)
	NOT-FOR-US: Naxtor Shopping Cart
CVE-2005-2475 (Race condition in Unzip 5.52 allows local users to modify permissions ...)
	{DSA-903-1}
	- unzip 5.52-4 (bug #321927; low)
CVE-2005-2474 (ChurchInfo allows remote attackers to execute obtain sensitive ...)
	NOT-FOR-US: ChurchInfo
CVE-2005-2473 (Multiple SQL injection vulnerabilities in ChurchInfo allow remote ...)
	NOT-FOR-US: ChurchInfo
CVE-2005-2472 (Multiple buffer overflows in BusinessMail 4.60.00 allow remote ...)
	NOT-FOR-US: BusinessMail
CVE-2005-2471 (pstopnm in netpbm does not properly use the &quot;-dSAFER&quot; option when ...)
	{DSA-1021-1}
	- netpbm-free 2:10.0-9 (bug #319757; low)
CVE-2005-2470 (Buffer overflow in a &quot;core application plug-in&quot; for Adobe Reader 5.1 ...)
	NOT-FOR-US: Adobe
CVE-2005-2469 (Stack-based buffer overflow in the NMAP Agent for Novell NetMail 3.52C ...)
	NOT-FOR-US: Novell NetMail
CVE-2005-2459 (The huft_build function in inflate.c in the zlib routines in the Linux ...)
	{DSA-922-1 DSA-921-1 DTSA-16-1}
	- linux-2.6 2.6.12-3 (bug #323173)
	- kernel-source-2.4.27 2.4.27-12 (medium)
CVE-2005-2458 (inflate.c in the zlib routines in the Linux kernel before 2.6.12.5 ...)
	{DSA-922-1 DSA-921-1 DTSA-16-1}
	- linux-2.6 2.6.12-3 (bug #323173; medium)
	- kernel-source-2.4.27 2.4.27-12 (medium)
CVE-2004-2301 (Eudora before 6.1.1 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Eudora
CVE-2004-2300 (Buffer overflow in snmpd in ucd-snmp 4.2.6 and earlier, when installed ...)
	- net-snmp <not-affected> (snmpd is neither setuid nor setgid in Debian)
CVE-2004-2299 (Buffer overflow in Omnicron OmniHTTPd 3.0a and earlier allows remote ...)
	NOT-FOR-US: Omnicron
CVE-2004-2298 (Novell Internet Messaging System (NIMS) 2.6 and 3.0, and NetMail 3.1 ...)
	NOT-FOR-US: Novell Internet Messaging System
CVE-2002-2122 (Pointsec before 1.2 for PalmOS stores a user's PIN number in memory in ...)
	NOT-FOR-US: Pointsec
CVE-2002-2121 (SurfControl SuperScout Email filter for SMTP 3.5.1 allows remote ...)
	NOT-FOR-US: SurfControl
CVE-2002-2120 (Multiple buffer overflows in QNX RTOS 4.25 may allow attackers to ...)
	NOT-FOR-US: QNX
CVE-2002-2119 (Novell eDirectory 8.6.2 and 8.7 use case insensitive passwords, which ...)
	NOT-FOR-US: Novell eDirectory
CVE-2002-2118 (Buffer overflow in Blue World Lasso Web Data Engine 3.6.5 allows ...)
	NOT-FOR-US: Blue World Lasso Web Data Engine
CVE-2002-2117 (Microsoft Windows XP allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Microsoft
CVE-2002-2116 (Netgear RM-356 and RT-338 series SOHO routers allow remote attackers ...)
	NOT-FOR-US: Netgear RM-356 and RT-338 series SOHO routers
CVE-2002-2115 (Cross-site scripting (XSS) vulnerability in Hyper NIKKI System (HNS) ...)
	NOT-FOR-US: Hyper NIKKI System (HNS) Lite
CVE-2002-2114 (Artekopia Netjuke before 1.0 b7 allows remote attackers to execute ...)
	- netjuke 1.0b7
CVE-2002-2113 (search.cgi in AGH HTMLsearch 1.0 allows remote attackers to execute ...)
	NOT-FOR-US: HTMLsearch
CVE-2002-2112 (RCA Digital Cable Modem DCM225 and DCM225E, and other modems that must ...)
	NOT-FOR-US: RCA Digital Cable Modem
CVE-2002-2111 (Fwmon before 1.0.10 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Fwmon
CVE-2002-2110 (The RCA Digital Cable Modems DCM225 and DCM225E allow remote attackers ...)
	NOT-FOR-US: RCA Digital Cable Modems DCM225 and DCM225E
CVE-2002-2109 (Matt Wright FormMail 1.9 and earlier allows remote attackers to bypass ...)
	NOTE: debian's nms-formmail is a reimplementation of old formmail
CVE-2002-2108 (Unknown vulnerability in the &quot;VAIO Manual&quot; software in certain Sony ...)
	NOT-FOR-US: Sony VAIO
CVE-2002-2107 (Cross-site scripting (XSS) vulnerability in the lookup script in ...)
	NOT-FOR-US: OpenKeyServer
CVE-2002-2106 (PHP remote file inclusion vulnerability in WikkiTikkiTavi before 0.21 ...)
	NOT-FOR-US: WikkiTikkiTavi
CVE-2002-2105 (Microsoft Windows XP allows local users to prevent the system from ...)
	NOT-FOR-US: Microsoft
CVE-2002-2104 (graph.php in Ganglia PHP RRD Web Client 1.0.2 allows remote attackers ...)
	NOT-FOR-US: Ganglia PHP RRD Web Client
	NOTE: not ganglia-monitor
CVE-2002-2103 (Apache before 1.3.24, when writing to the log file, records a spoofed ...)
	- apache 1.3.24 (low)
CVE-2002-2102 (InfBlocks.java in JCraft JZlib before 0.0.7 allow remote attackers to ...)
	- jzlib 0.0.7 (low)
CVE-2002-2101 (Microsoft Outlook 2002 allows remote attackers to execute arbitrary ...)
	NOT-FOR-US: Microsoft
CVE-2002-2100 (Microsoft Outlook 2002 allows remote attackers to embed bypass the ...)
	NOT-FOR-US: Microsoft
CVE-2002-2099 (Buffer overflow in the GNU DataDisplay Debugger (DDD) 3.3.1 allows ...)
	- ddd <not-affected> (ddd is not setuid/gid so not exploitable)
CVE-2002-2098 (Buffer overflow in axspawn.c in Axspawn-pam before 0.2.1a allows ...)
	NOT-FOR-US: Axspawn-pam
CVE-2002-2097 (The compression code in MaraDNS before 0.9.01 allows remote attackers ...)
	- maradns 0.9.01 (low)
CVE-2002-2096 (Buffer overflow in Novell Remote Manager module, httpstk.nlm, in ...)
	NOT-FOR-US: Netware
CVE-2002-2095 (Joe Testa hellbent 01 webserver allows attackers to read files that ...)
	NOT-FOR-US: Joe Testa hellbent 01 webserver
CVE-2002-2094 (Joe Testa hellbent 01 allows remote attackers to determine the full ...)
	NOT-FOR-US: Joe Testa hellbent 01 webserver
CVE-2002-2093 (The Video Control Panel on SGI O2/IRIX 6.5, when the Default Input is ...)
	NOT-FOR-US: SGI IRIX
CVE-2002-2092 (Race condition in exec in OpenBSD 4.0 and earlier, NetBSD 1.5.2 and ...)
	NOT-FOR-US: OpenBSD/NetBSD/FreeBSD
CVE-2002-2091 (Format string vulnerability in Deception Finger Daemon, decfingerd, ...)
	NOT-FOR-US: decfingerd
CVE-2002-2090 (Caucho Technology Resin server 2.1.1 to 2.1.2 allows remote attackers ...)
	NOT-FOR-US: aucho Technology Resin server
CVE-2002-2089 (Buffer overflow in rcp in Solaris 9.0 allows local users to execute ...)
	NOT-FOR-US: Solaris
CVE-2002-2088 (The MOSIX Project clump/os 5.4 creates a default VNC account without a ...)
	NOT-FOR-US: clump/os
CVE-2002-2087 (Buffer overflow in Borland InterBase 6.0 allows local users to execute ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1580 (Directory traversal vulnerability in ScriptEase viewcode.jse for ...)
	NOT-FOR-US: ScriptEase
CVE-2001-1579 (The timed program (in.timed) in UnixWare 7 and OpenUnix 8.0.0 does not ...)
	NOT-FOR-US: UnixWare/OpenUnix
CVE-2001-1578 (Unknown vulnerability in SCO OpenServer 5.0.6 and earlier allows local ...)
	NOT-FOR-US: SCO
CVE-2001-1577 (Unknown vulnerability in CDE in Caldera OpenUnix 7.1.0, 7.1.1, and 8.0 ...)
	NOT-FOR-US: CDE
CVE-2001-1576 (Buffer overflow in cron in Caldera UnixWare 7 allows local users to ...)
	NOTE: insufficient info to check, but not same code base
CVE-2001-1575 (Apple Personal Web Sharing (PWS) 1.1, 1.5, and 1.5.5, when Web Sharing ...)
	NOT-FOR-US: Apple
CVE-2001-1574 (Buffer overflow in (1) HttpSaveCVP.dll and (2) HttpSaveCSP.dll in ...)
	NOT-FOR-US: Trend Micro InterScan VirusWall
CVE-2001-1573 (Buffer overflow in smtpscan.dll for Trend Micro InterScan VirusWall ...)
	NOT-FOR-US: Trend Micro InterScan VirusWall
CVE-2005-XXXX [wine: Unsafe use of temporary files in winelauncher]
	- wine 0.0.20050830-1 (bug #321470; unimportant)
	NOTE: Not shipped in binary package
CVE-2005-XXXX [DoS to users to prevent usage of showpartial through _hard_ links]
	- metamail 2.7-48 (bug #321473; low)
	[sarge] - metamail <no-dsa> (Hardly exploitable, minor Dos)
CVE-2005-XXXX [Insecure usage of temporary files in x11perfcomp and other security issues]
	- xfree86 <unfixed> (bug #321447; low)
	[woody] - xfree86 <no-dsa> (Hardly exploitable)
	[sarge] - xfree86 <no-dsa> (Hardly exploitable)
	- xorg-x11 <unfixed> (bug #321447; low)
CVE-2005-XXXX [gs-esp: Insecure usage of /tmp in source code]
	- ghostscript 8.61.dfsg.1~svn8187-1 (bug #291452; unimportant)
	NOTE: Not included in the binary package
CVE-2005-XXXX [Format string bug in sysklogd's syslog_tst sources]
	NOTE: binary not shipped
	- sysklogd <unfixed> (bug #281448; unimportant)
CVE-2005-XXXX [fftw3-dev: Insecure tempfile usage in fftw-wisdom-to-conf script]
	- fftw3 3.0.1-12 (low; bug #321566)
	[sarge] - fftw3 <no-dsa> (Minor issue)
CVE-2005-XXXX [clamav-getfile: Insecure use of temporary files]
	- clamav-getfiles 0.5-1 (bug #321446; medium)
	[sarge] - clamav-getfiles <not-affected> (Sarge version uses mktemp)
CVE-2005-3254 (The CGIwrap program before 3.9 on Debian GNU/Linux uses an incorrect ...)
	{DTSA-6-1}
	- cgiwrap 3.9-3.1 (bug #316881; low)
	[sarge] - cgiwrap <no-dsa> (Minor impact)
CVE-2005-3255 (The (1) cgiwrap and (2) php-cgiwrap packages before 3.9 in Debian ...)
	{DTSA-6-1}
	- cgiwrap 3.9-3.1 (bug #316901; low)
	[sarge] - cgiwrap <no-dsa> (Minor information disclosure, only debugging libs)
CVE-2004-2162 (Multiple cross-site scripting (XSS) vulnerabilities in TUTOS 1.1 allow ...)
	{DSA-980-1}
	- tutos 1.1.20031017-2.1 (bug #318633; medium)
CVE-2004-2161 (SQL injection vulnerability in file_overview.php in TUTOS 1.1 allows ...)
	{DSA-980-1}
	- tutos 1.1.20031017-2.1 (bug #318633; medium)
CVE-2005-2550 (Format string vulnerability in Evolution 1.4 through 2.3.6.1 allows ...)
	{DSA-1016-1 DTSA-13-1}
	- evolution 2.2.3-3 (high; bug #322535)
CVE-2005-2549 (Multiple format string vulnerabilities in Evolution 1.5 through ...)
	{DSA-1016-1 DTSA-13-1}
	- evolution 2.2.3-3 (high; bug #322535)
CVE-2005-XXXX [libnet-ssleay-perl: /tmp/entropy insecure]
	- libnet-ssleay-perl 1.25-1.1 (bug #296112; low)
CVE-2005-XXXX [nvi: init.d recover file security bugs]
	- nvi 1.79-22 (bug #298114; medium)
CVE-2005-XXXX [bugzilla: Maintainer's postinst script use temporary files in an unsafe way]
	[woody] - bugzilla <not-affected> (Vulnerable script is not present)
	[sarge] - bugzilla <not-affected> (Vulnerable script is not present)
	- bugzilla 2.18.3-2 (bug #321567; low)
CVE-2005-XXXX [Crypto weakness in Tor's handshaking process]
	- tor 0.1.0.14-1 (medium)
CVE-2005-2457 (The driver for compressed ISO file systems (zisofs) in the Linux ...)
	{DSA-1018-1 DSA-1017-1 DTSA-16-1}
	- linux-2.6 2.6.12-3 (medium)
CVE-2005-2456 (Array index overflow in the xfrm_sk_policy_insert function in ...)
	{DSA-922-1 DSA-921-1 DTSA-16-1}
	- linux-2.6 2.6.12-2 (bug #321401; medium)
	- kernel-source-2.4.27 2.4.27-11 (medium)
CVE-2005-2455 (Greasemonkey before 0.3.5 allows remote web servers to (1) read ...)
	NOT-FOR-US: Greasemonkey
CVE-2005-2454 (IBM Lotus Notes 6.5.4 and 6.5.5, and 7.0.0 and 7.0.1, uses insecure ...)
	NOT-FOR-US: IBM Lotus Notes
CVE-2005-2453 (Cross-site scripting (XSS) vulnerability in NetworkActiv Web Server ...)
	NOT-FOR-US: NetworkActiv Web Server
CVE-2005-2452 (libtiff up to 3.7.0 allows remote attackers to cause a denial of ...)
	NOTE: CVE description is broken, this only affects 3.6, it's been fixed in 3.7
	- tiff 3.7.0-1
CVE-2005-2451 (Cisco IOS 12.0 through 12.4 and IOS XR before 3.2, with IPv6 enabled, ...)
	NOT-FOR-US: IOS
CVE-2005-2450 (Multiple integer overflows in the (1) TNEF, (2) CHM, or (3) FSG file ...)
	{DSA-776-1 DTSA-3-1}
	- clamav 0.86.2-1 (medium)
CVE-2005-2449 (Race condition in sandbox before 1.2.11 allows local users to create ...)
	NOT-FOR-US: sandbox
CVE-2005-2448 (Multiple &quot;endianness errors&quot; in libgadu in ekg before 1.6rc2 allow ...)
	{DSA-1318-1 DSA-813-1 DTSA-2-1 DTSA-4-1}
	- ekg 1:1.5+20050718+1.6rc3-1 (low)
	- centericq 4.20.0-9 (bug #323185; medium)
CVE-2005-2447
	REJECTED
CVE-2005-2446
	REJECTED
CVE-2005-2445 (SQL injection vulnerability in viewPrd.asp in Product Cart 2.6 allows ...)
	NOT-FOR-US: Product Cart
CVE-2005-2444 (Trillian Pro 3.1 build 121, when checking Yahoo e-mail, stores the ...)
	NOT-FOR-US: Cerulean Trillian
CVE-2005-2443 (Kshout 2.x and 3.x stores settings.dat under the web document root ...)
	NOT-FOR-US: KShout
CVE-2005-2442 (Cross-Application Scripting (XAS) vulnerability in SPI Dynamics ...)
	NOT-FOR-US: SPI Dynamics Web Inspect
CVE-2005-2441 (Multiple cross-site scripting (XSS) vulnerabilities in VBzoom allow ...)
	NOT-FOR-US: VBzoom
CVE-2005-2440 (SQL injection vulnerability in login.asp in Thomson Web Skill Vantage ...)
	NOT-FOR-US: Thomson Web Skill Vantage Manager
CVE-2005-2439 (SQL injection vulnerability in UseBB 0.5.1 and earlier, when ...)
	NOT-FOR-US: UseBB
CVE-2005-2438 (Cross-site scripting (XSS) vulnerability in UseBB 0.5.1 and earlier ...)
	NOT-FOR-US: UseBB
CVE-2005-2436 (browse.php in Website Baker Project allows remote attackers to obtain ...)
	NOT-FOR-US: Website Baker
CVE-2005-2435 (Cross-site scripting (XSS) vulnerability in browse.php in Website ...)
	NOT-FOR-US: Website Baker
CVE-2005-2434 (Linksys WRT54G router uses the same private key and certificate for ...)
	NOT-FOR-US: Linksys hardware
CVE-2005-2433 (PhpList allows remote attackers to obtain sensitive information via a ...)
	NOT-FOR-US: PhpList
CVE-2005-2432 (SQL injection vulnerability in PhpList allows remote attackers to ...)
	NOT-FOR-US: PhpList
CVE-2005-2431 (The (1) lost password and (2) account pending features in GForge 4.5 ...)
	- gforge 4.5.14-2 (bug #328224; unimportant)
	NOTE: Direct flooding is possible as well in most circumstances.
	NOTE: (Upstream fix was in gforge 4.5.0.1.)
CVE-2005-2430 (Multiple cross-site scripting (XSS) vulnerabilities in GForge 4.5 ...)
	{DSA-1094-1}
	- gforge 4.5.14-9 (bug #328224; medium)
CVE-2005-2429 (Firefox, when opening Microsoft Word documents, does not properly set ...)
	- mozilla-firefox <not-affected> (Only affects Firefox on Windows platforms)
CVE-2005-2428 (Lotus Domino R5 and R6 WebMail, with &quot;Generate HTML for all fields&quot; ...)
	NOT-FOR-US: Lotus Domino
CVE-2005-2427 (Cross-site scripting (XSS) vulnerability in viewCart.asp in CartWIZ ...)
	NOT-FOR-US: CartWIZ
CVE-2005-2426 (FTPshell Server 3.38 allows remote authenticated users to cause a ...)
	NOT-FOR-US: FTPshell Server
CVE-2005-2425 (Stack-based buffer overflow in Ares FileShare 1.1 allows remote ...)
	NOT-FOR-US: Ares FileShare
CVE-2005-2424 (The management interface for Siemens SANTIS 50 running firmware ...)
	NOT-FOR-US: Siemens hardware
CVE-2005-2423 (Beehive Forum allows remote attackers to obtain sensitive information ...)
	NOT-FOR-US: Beehive
CVE-2005-2422 (Cross-site scripting (XSS) vulnerability in index.php in Beehive Forum ...)
	NOT-FOR-US: Beehive
CVE-2005-2421 (Multiple SQL injection vulnerabilities in index.php and other pages in ...)
	NOT-FOR-US: Beehive
CVE-2005-2420 (flsearch.pl in FtpLocate 2.02 allows remote attackers to execute ...)
	NOT-FOR-US: FtpLocate
CVE-2005-2419 (B-FOCuS Router 312+ allows remote attackers to bypass authentication ...)
	NOT-FOR-US: hardware issue
CVE-2005-2418
	REJECTED
	NOT-FOR-US: Realchat
CVE-2005-2417 (Contrexx before 1.0.5 allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: Contrexx
CVE-2005-2416 (Multiple cross-site scripting (XSS) vulnerabilities in Contrexx before ...)
	NOT-FOR-US: Contrexx
CVE-2005-2415 (Multiple SQL injection vulnerabilities in Contrexx before 1.0.5 allow ...)
	NOT-FOR-US: Contrexx
CVE-2005-2414 (Race condition in the xpcom library, as used by web browsers such as ...)
	- firefox 1.5.dfsg-1 (unimportant)
	- mozilla-firefox 1.5.dfsg-1 (bug #327549; unimportant)
	- mozilla 1.5.dfsg-1 (bug #327550; unimportant)
	- iceweasel <not-affected>
	NOTE: The turned out to be non-exploitable
CVE-2005-2413 (PHP remote file inclusion vulnerability in apa_phpinclude.inc.php in ...)
	NOT-FOR-US: Atomic Photo Album
CVE-2005-2412 (PHP remote file inclusion vulnerability in block.php in PHP FirstPost ...)
	NOT-FOR-US: First Post
CVE-2005-2411 (Cross-Site Request Forgery (CSRF) vulnerability in tDiary 2.1.1, and ...)
	{DSA-808-1}
	- tdiary 2.0.2-1 (bug #319315; medium)
CVE-2005-2410 (Format string vulnerability in the nm_info_handler function in Network ...)
	NOT-FOR-US: Network Manager
CVE-2005-2409 (Format string vulnerability in util.c in nbsmtp 0.99 and earlier, ...)
	NOT-FOR-US: nbsmtp
CVE-2005-2408
	RESERVED
CVE-2005-2407 (A design error in Opera 8.01 and earlier allows user-assisted ...)
	NOT-FOR-US: Opera
CVE-2005-2406 (Opera 8.01 allows remote attackers to conduct cross-site scripting ...)
	NOT-FOR-US: Opera
CVE-2005-2405 (Opera 8.01, when the &quot;Arial Unicode MS&quot; font (ARIALUNI.TTF) is ...)
	NOT-FOR-US: Opera
CVE-2004-2297 (The Reviews module in PHP-Nuke 6.0 to 7.3 allows remote attackers to ...)
	NOT-FOR-US: PHP-Nuke
CVE-2004-2296 (The preview_review function in the Reviews module in PHP-Nuke 6.0 to ...)
	NOT-FOR-US: PHP-Nuke
CVE-2004-2295 (SQL injection vulnerability in the Reviews module in PHP-Nuke 6.0 to ...)
	NOT-FOR-US: PHP-Nuke
CVE-2004-2294 (Canonicalize-before-filter error in the send_review function in the ...)
	NOT-FOR-US: PHP-Nuke
CVE-2004-2293 (Multiple cross-site scripting (XSS) vulnerabilities in PHP-Nuke 6.0 to ...)
	NOT-FOR-US: PHP-Nuke
CVE-2004-2292 (Buffer overflow in Alt-N MDaemon 7.0.1 allows remote attackers to ...)
	NOT-FOR-US: Alt-N Technologies Mdaemon
CVE-2004-2291 (Microsoft Windows Internet Explorer 5.5 and 6.0 allows remote ...)
	NOT-FOR-US: Microsoft
CVE-2004-2290 (Microsoft Windows XP Explorer allows attackers to execute arbitrary ...)
	NOT-FOR-US: Microsoft
CVE-2004-2289 (Microsoft Windows XP Explorer allows local users to execute arbitrary ...)
	NOT-FOR-US: Microsoft
CVE-2004-2288 (Cross-site scripting (XSS) vulnerability in index.php in Jelsoft ...)
	NOT-FOR-US: vBulletin
CVE-2004-2287 (Directory traversal vulnerability in explorer.php in DSM Light Web ...)
	NOT-FOR-US: Light Web File Manager
CVE-2004-2286 (Integer overflow in the duplication operator in ActivePerl allows ...)
	NOT-FOR-US: ActivePerl
CVE-2004-2285
	REJECTED
	NOT-FOR-US: Perl on Windows
CVE-2003-1219 (Cross-site scripting (XSS) vulnerability in the tep_href_link function ...)
	NOT-FOR-US: osCommerce
CVE-2005-2404 (SQL injection vulnerability in sendcard.php in Sendcard 3.2.3 allows ...)
	NOT-FOR-US: Sendcard
CVE-2005-2403 (The login protocol in RealChat 3.5.1b does not use authentication, ...)
	NOT-FOR-US: RealChat
CVE-2005-2402 (Cross-site scripting (XSS) vulnerability in search.php in ...)
	NOT-FOR-US: PHPSiteSearch
CVE-2005-2401 (PHP-Fusion allows remote attackers to inject arbitrary Cascading Style ...)
	NOT-FOR-US: PHP-Fusion
CVE-2005-2400 (The inc.login.php scripts in PHPFinance 0.3 allows remote attackers to ...)
	NOT-FOR-US: PHPFinance
CVE-2005-2399 (PHP Surveyor 0.98 allows remote attackers to trigger SQL errors via ...)
	NOT-FOR-US: PHP Surveyor
CVE-2005-2398 (Multiple SQL injection vulnerabilities in PHP Surveyor 0.98 allows ...)
	NOT-FOR-US: PHP Surveyor
CVE-2005-2397 (Cross-site scripting (XSS) vulnerability in guestbook.php in phpBook ...)
	NOT-FOR-US: phpBook
CVE-2005-2396 (Cross-site scripting (XSS) vulnerability in MediaWiki 1.4.6 and ...)
	- mediawiki 1.4.9 (bug #276057)
CVE-2005-2395 (Mozilla Firefox 1.0.4 and 1.0.5 does not choose the challenge with the ...)
	- firefox <removed> (bug #320539; unimportant)
	- iceweasel <unfixed> (bug #320539; unimportant)
	- mozilla-firefox 1.4.99+1.5rc3.dfsg-2 (bug #320539; unimportant)
	- mozilla <unfixed> (bug #320538; unimportant)
	NOTE: Firefox and Mozilla follow RFC behaviour. This is more a lack of security
	NOTE: feature (client-side preference for stronger methods) and not a vulnerabilit
	NOTE: This also seems like a rare setup.
CVE-2005-2394 (show_news.php in CuteNews 1.3.6 allows remote attackers to obtain the ...)
	NOT-FOR-US: CuteNews
CVE-2005-2393 (Cross-site scripting (XSS) vulnerability in CuteNews 1.3.6 allows ...)
	NOT-FOR-US: CuteNews
CVE-2005-2392 (Cross-site scripting (XSS) vulnerability in index.php for CMSimple 2.4 ...)
	NOT-FOR-US: CMSimple
CVE-2005-2391 (Unknown vulnerability in 3Com OfficeConnect Wireless 11g Access Point ...)
	NOT-FOR-US: 3Com OfficeConnect Wireless 11g AP
CVE-2005-2390 (Multiple format string vulnerabilities in ProFTPD before 1.3.0rc2 ...)
	{DSA-795-2}
	- proftpd 1.2.10-20 (low)
	NOTE: ftpshut fixed in -19, SQLShowInfo in -20
CVE-2005-2389 (NDMP server in Veritas NetBackup 5.1 allows attackers to cause a ...)
	NOT-FOR-US: Veritas NetBackup
CVE-2005-2388 (Buffer overflow in a certain USB driver, as used on Microsoft Windows, ...)
	NOT-FOR-US: some windows USB driver
CVE-2005-2387 (Multiple stack-based buffer overflows in GoodTech SMTP server 5.16 ...)
	NOT-FOR-US: GoodTech SMTP server
CVE-2005-2386 (Cross-site scripting (XSS) vulnerability in viewCart.asp in CartWIZ ...)
	NOT-FOR-US: CartWIZ
CVE-2005-2385 (Buffer overflow in a third-party compression library (UNACEV2.DLL), as ...)
	NOT-FOR-US: UNACEV2.DLL
CVE-2005-2384 (Directory traversal vulnerability in a third-party compression library ...)
	NOT-FOR-US: UNACEV2.DLL
CVE-2005-2383 (SQL injection vulnerability in auth.php in PHPNews 1.2.5 allows remote ...)
	NOT-FOR-US: PHPNews
CVE-2005-2382 (Oray PeanutHull 3.0.1.0 and earlier does not properly drop SYSTEM ...)
	NOT-FOR-US: Oray PeanutHull
CVE-2005-2381 (PHP Surveyor 0.98 allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: PHP Surveyor
CVE-2005-2380 (Multiple cross-site scripting vulnerabilities in PHP Surveyor 0.98 ...)
	NOT-FOR-US: PHP Surveyor
CVE-2005-2379 (Multiple cross-site scripting (XSS) vulnerabilities in Oracle Reports ...)
	NOT-FOR-US: Oracle Reports
CVE-2005-2378 (Directory traversal vulnerability in Oracle Reports allows remote ...)
	NOT-FOR-US: Oracle Reports
CVE-2005-2377 (nss_ldap 181 to versions before 213, as used in Mandrake Corporate ...)
	- libnss-ldap <not-affected> (Mandrake specfic vulnerability)
CVE-2005-2376 (Buffer overflow in Race Driver 1.20 and earlier allows remote ...)
	NOT-FOR-US: Race Driver
CVE-2005-2375 (Format string vulnerability in Race Driver 1.20 and earlier allows ...)
	NOT-FOR-US: Race Driver
CVE-2005-2374 (Belkin 54g wireless routers do not properly set an administrative ...)
	NOT-FOR-US: Belkin 54g wireless routers
CVE-2005-2373 (Buffer overflow in SlimFTPd 3.15 and 3.16 allows remote authenticated ...)
	NOT-FOR-US: SlimFTPd
CVE-2005-2372 (Oracle Forms 4.5 through 10g starts form executables from arbitrary ...)
	NOT-FOR-US: Oracle Forms
CVE-2005-2371 (Directory traversal vulnerability in Oracle Reports 6.0, 6i, 9i, and ...)
	NOT-FOR-US: Oracle Reports
CVE-2005-2370 (Multiple &quot;memory alignment errors&quot; in libgadu, as used in ekg before ...)
	{DSA-1318-1 DSA-813-1 DSA-769-1 DTSA-2-1 DTSA-5-1}
	- gaim 1:1.4.0-5 (low)
	- centericq 4.20.0-9 (bug #323185; low)
	- ekg 1:1.5+20050712+1.6rc2-1 (low)
CVE-2005-2369 (Multiple integer signedness errors in libgadu, as used in ekg before ...)
	{DSA-813-1 DTSA-2-1}
	- centericq 4.20.0-9 (bug #323185; medium)
	- gaim 1:1.5.0-1 (bug #350071; medium)
	[woody] - gaim <not-affected> (affected code libgadu not present in woody)
	[sarge] - gaim <not-affected> (old version of libgadu in gaim is not affected)
	- ekg 1:1.5+20050712+1.6rc2-1 (medium)
	[sarge] - ekg <not-affected>
	NOTE: The fixes from centericq for integer overflows are all present in ekg from stable
CVE-2005-2368 (vim 6.3 before 6.3.082, with modelines enabled, allows external ...)
	{DTSA-12-1}
	- vim 1:6.3-085+1 (bug #320017; medium)
	[sarge] - vim 1:6.3-071+1sarge1
	NOTE: For some reason this was fixed through an upload to s-p-u, not stable-security
CVE-2005-2367 (Format string vulnerability in the proto_item_set_text function in ...)
	{DSA-853-1}
	- ethereal 0.10.12-1 (bug #320183; bug #320192; medium)
CVE-2005-2366 (Unknown vulnerability in the BER dissector in Ethereal 0.10.11 allows ...)
	{DSA-853-1}
	- ethereal 0.10.12-1 (bug #320183; low)
CVE-2005-2365 (Unknown vulnerability in the SMB dissector in Ethereal 0.9.0 through ...)
	{DSA-853-1}
	- ethereal 0.10.12-1 (bug #320183; low)
CVE-2005-2364 (Unknown vulnerability in the (1) GIOP dissector, (2) WBXML, or (3) ...)
	{DSA-853-1}
	- ethereal 0.10.12-1 (bug #320183; low)
CVE-2005-2363 (Unknown vulnerability in the (1) SMPP dissector, (2) 802.3 dissector, ...)
	{DSA-853-1}
	- ethereal 0.10.12-1 (bug #320183; low)
CVE-2005-2362 (Unknown vulnerability several dissectors in Ethereal 0.9.0 through ...)
	- ethereal 0.10.12-1 (bug #320183; low)
	NOTE: This affects partially Woody and Sarge
CVE-2005-2361 (Unknown vulnerability in the (1) AgentX dissector, (2) PER dissector, ...)
	{DSA-853-1}
	- ethereal 0.10.12-1 (bug #320183; low)
CVE-2005-2360 (Unknown vulnerability in the LDAP dissector in Ethereal 0.8.5 through ...)
	{DSA-853-1}
	- ethereal 0.10.12-1 (bug #320183; low)
CVE-2005-2359 (The AES-XCBC-MAC algorithm in IPsec in FreeBSD 5.3 and 5.4, when used ...)
	- kfreebsd-5 5.3-1 (medium)
CVE-2005-2358 (EMC Navisphere Manager 6.4.1.0.0 allows remote attackers to list ...)
	NOT-FOR-US: EMC Navisphere Manager
CVE-2005-2357 (Directory traversal vulnerability in EMC Navisphere Manager 6.4.1.0.0 ...)
	NOT-FOR-US: EMC Navisphere Manager
CVE-2005-2355
	REJECTED
	NOTE: see CVE-2005-2356
CVE-2005-2347
	RESERVED
CVE-2005-2346 (Buffer overflow in Novell GroupWise 6.5 Client allows remote attackers ...)
	NOT-FOR-US: Novell
CVE-2005-2345
	RESERVED
CVE-2005-2344 (The BlackBerry Attachment Service in Research in Motion (RIM) ...)
	NOT-FOR-US: Research in Motion
CVE-2005-2343 (Research in Motion (RIM) BlackBerry Handheld web browser for ...)
	NOT-FOR-US: Research in Motion
CVE-2005-2342 (Research in Motion (RIM) BlackBerry Router allows remote attackers to ...)
	NOT-FOR-US: Research in Motion
CVE-2005-2341 (Heap-based buffer overflow in Research in Motion (RIM) BlackBerry ...)
	NOT-FOR-US: Research in Motion
CVE-2005-2340 (Heap-based buffer overflow in Apple Quicktime before 7.0.4 allows ...)
	NOT-FOR-US: Apple Quicktime
CVE-2005-2339 (Cross-site scripting (XSS) vulnerability in the Unicode version of ...)
	NOT-FOR-US: unicode msearch
CVE-2005-2338 (Multiple cross-site scripting (XSS) vulnerabilities in XOOPS 2.0.12 JP ...)
	NOT-FOR-US: Xoops
CVE-2005-2337 (Ruby 1.6.x up to 1.6.8, 1.8.x up to 1.8.2, and 1.9.0 development up to ...)
	{DSA-864-1 DSA-862-1 DSA-860-1}
	- ruby <removed>
	- ruby1.6 1.6.8-13 (medium)
	- ruby1.8 1.8.3-1 (bug #332742; medium)
	- ruby1.9 1.9.0+20050921-1 (medium)
CVE-2005-2336 (Cross-site scripting (XSS) vulnerability in Hiki 0.8.0 to 0.8.2 allows ...)
	[sarge] - hiki <not-affected> (code not present in sarge)
	- hiki 0.8.2-1
CVE-2005-2334 (Y.SAK allows remote attackers to execute arbitrary commands via shell ...)
	NOT-FOR-US: Y.SAK
CVE-2005-2333 (Cross-site scripting (XSS) vulnerability in smilies_popup.php in ...)
	NOT-FOR-US: smilies_popup.php
CVE-2005-2332 (Cross-site scripting (XSS) vulnerability in PHPPageProtect 1.0.0a ...)
	NOT-FOR-US: PHPPageProtect
CVE-2005-2331 (PHP remote file inclusion vulnerability in display.php in MooseGallery ...)
	NOT-FOR-US: MooseGallery
CVE-2005-2330 (Directory traversal vulnerability in extras/update.php in osCommerce 2.2 ...)
	NOT-FOR-US: osCommerce
CVE-2005-2329 (MRV Communications In-Reach LX-8000S, LX-4000S, and LX-1000S 3.5.0, ...)
	NOT-FOR-US: MRV Communications In-Reach LX-8000S, LX-4000S, and LX-1000S
CVE-2005-2328 (PHP remote file inclusion vulnerability in im.php in Laffer 0.3.2.6 ...)
	NOT-FOR-US: Laffer
CVE-2005-2327 (Cross-site scripting (XSS) vulnerability in e107 0.617 and earlier ...)
	NOT-FOR-US: e107
CVE-2005-2326 (Cross-site scripting (XSS) vulnerability in Clever Copy 2.0 and 2.0a ...)
	NOT-FOR-US: Clever Copy
CVE-2005-2325 (Clever Copy 2.0 and 2.0a allows remote attackers to obtain the full ...)
	NOT-FOR-US: Clever Copy
CVE-2005-2324 (Cross-site scripting (XSS) vulnerability in Clever Copy 2.0 and 2.0a ...)
	NOT-FOR-US: Clever Copy
CVE-2005-2323 (Multiple SQL injection vulnerabilities in Class-1 Forum 0.24.4 and ...)
	NOT-FOR-US: Class-1 Forum
CVE-2005-2322 (Cross-site scripting (XSS) vulnerability in Class-1 Forum 0.24.4 and ...)
	NOT-FOR-US: Class-1 Forum
CVE-2005-2321 (PHP remote file inclusion vulnerability in CaLogic 1.2.2 allows remote ...)
	NOT-FOR-US: CaLogic
CVE-2005-2319 (PHP remote file include vulnerability in Yawp library 1.0.6 and ...)
	NOT-FOR-US: Yawp
CVE-2005-2318 (Cross-site scripting (XSS) vulnerability in showerr.asp in DVBBS 7.1 ...)
	NOT-FOR-US: DVBBS
CVE-2005-2317 (Shorewall 2.4.x before 2.4.1, 2.2.x before 2.2.5, and 2.0.x before ...)
	{DSA-849-1}
	- shorewall 2.4.1-2 (bug #318946; medium)
CVE-2005-2316 (Domain Name Relay Daemon (DNRD) before 2.19.1 allows remote attackers ...)
	NOT-FOR-US: dnrd
CVE-2005-2315 (Buffer overflow in Domain Name Relay Daemon (DNRD) before 2.19.1 ...)
	NOT-FOR-US: dnrd
CVE-2005-2314 (inc.login.php in PHPsFTPd 0.2 through 0.4 allows remote attackers to ...)
	NOT-FOR-US: PHPsFTPd
CVE-2005-2313 (Check Point SecuRemote NG with Application Intelligence R54 allows ...)
	NOT-FOR-US: Check Point SecuRemote NG with Application Intelligence
CVE-2005-2312 (management.php in Realnode Emilda 1.2.2 and earlier allows remote ...)
	NOT-FOR-US: Realnode Emilda
CVE-2005-2311 (SMS 1.9.2m and earlier allows local users to overwrite arbitrary files ...)
	- sms-pl 2.1.0-1 (bug #320540; unimportant)
	NOTE: vulnerable contrib file only in source package
CVE-2005-2310 (Buffer overflow in Winamp 5.03a, 5.09 and 5.091, and other versions ...)
	NOT-FOR-US: Winamp
CVE-2005-2309 (Opera 8.01 allows remote attackers to cause a denial of service (CPU ...)
	NOT-FOR-US: Opera
CVE-2005-2308 (The JPEG decoder in Microsoft Internet Explorer allows remote ...)
	NOT-FOR-US: MSIE
CVE-2005-2307 (netman.dll in Microsoft Windows Connections Manager Library allows ...)
	NOT-FOR-US: Microsoft
CVE-2005-2306 (Race condition in Macromedia JRun 4.0, ColdFusion MX 6.1 and 7.0, when ...)
	NOT-FOR-US: Macromedia JRun 4.0, ColdFusion MX 6.1 and 7.0
CVE-2005-2305 (DG Remote Control Server 1.6.2 allows remote attackers to cause a ...)
	NOT-FOR-US: DG Remote Control Server
CVE-2005-2304 (Microsoft MSN Messenger 9.0 and Internet Explorer 6.0 allows remote ...)
	NOT-FOR-US: Microsoft
CVE-2005-2303
	REJECTED
	NOT-FOR-US: Microsoft
CVE-2005-2302 (PowerDNS before 2.9.18, when allowing recursion to a restricted range ...)
	{DSA-771-1}
	- pdns 2.9.18-1 (medium; bug #318798)
CVE-2005-2301 (PowerDNS before 2.9.18, when running with an LDAP backend, does not ...)
	{DSA-771-1}
	- pdns 2.9.18-1 (medium; bug #318798)
CVE-2005-2300 (Skype 1.1.0.20 and earlier allows local users to overwrite arbitrary ...)
	NOT-FOR-US: Skype
CVE-2005-2299 (Multiple cross-site scripting (XSS) vulnerabilities in Simple Message ...)
	NOT-FOR-US: Simple Message Board
CVE-2005-2298 (BitDefender Engine 1.6.1 and earlier does not properly scan all ...)
	NOT-FOR-US: BitDefender can be used by AMaViS but is not shipped in Debian
CVE-2005-2297 (Stack-based buffer overflow in TreeAction.do in Sybase EAServer 4.2.5 ...)
	NOT-FOR-US: Sybase EAServer
CVE-2005-2296 (YabbSE 1.5.5c allows remote attackers to obtain sensitive information ...)
	NOT-FOR-US: YabbSE
CVE-2005-2295 (NetPanzer 0.8 and earlier allows remote attackers to cause a denial of ...)
	- netpanzer 0.8+svn20060319-1 (bug #318329; low)
	[sarge] - netpanzer <no-dsa> (Minor DoS against a game)
CVE-2005-2294 (Oracle Forms 4.5, 6.0, 6i, and 9i on Unix, when a large number of ...)
	NOT-FOR-US: Oracle
CVE-2005-2293 (Oracle Formsbuilder 9.0.4 stores database usernames and passwords in a ...)
	NOT-FOR-US: Oracle
CVE-2005-2292 (Oracle JDeveloper 9.0.4, 9.0.5, and 10.1.2 stores cleartext passwords ...)
	NOT-FOR-US: Oracle
CVE-2005-2291 (Oracle JDeveloper 9.0.4, 9.0.5, and 10.1.2 passes the cleartext ...)
	NOT-FOR-US: Oracle
CVE-2005-2290 (wps_shop.cgi in WPS Web Portal System 0.7.0 allows remote attackers to ...)
	NOT-FOR-US: WPS
CVE-2005-2289 (PHPCounter 7.2 allows remote attackers to obtain sensitive information ...)
	NOT-FOR-US: PHPCounter
CVE-2005-2288 (Cross-site scripting (XSS) vulnerability in PHPCounter 7.2 allows ...)
	NOT-FOR-US: PHPCounter
CVE-2005-2287 (SoftiaCom wMailServer 1.0 and 2.0 allows remote attackers to cause a ...)
	NOT-FOR-US: SoftiaCom wMailServer
CVE-2005-2286 (WebEOC before 6.0.2 does not properly check user authorization, which ...)
	NOT-FOR-US: WebEOC
CVE-2005-2285 (WebEOC before 6.0.2 stores sensitive information in locations such as ...)
	NOT-FOR-US: WebEOC
CVE-2005-2284 (Multiple SQL injection vulnerabilities in WebEOC before 6.0.2 allow ...)
	NOT-FOR-US: WebEOC
CVE-2005-2283 (WebEOC before 6.0.2 does not properly restrict the size of an uploaded ...)
	NOT-FOR-US: WebEOC
CVE-2005-2282 (Multiple cross-site scripting (XSS) vulnerabilities in WebEOC before ...)
	NOT-FOR-US: WebEOC
CVE-2005-2281 (WebEOC before 6.0.2 uses a weak encryption scheme for passwords, which ...)
	NOT-FOR-US: WebEOC
CVE-2005-2280 (Cisco Security Agent (CSA) 4.5 allows remote attackers to cause a ...)
	NOT-FOR-US: Cisco
CVE-2005-2279 (Cisco ONS 15216 Optical Add/Drop Multiplexer (OADM) running firmware ...)
	NOT-FOR-US: Cisco
CVE-2005-2278 (Stack-based buffer overflow in the IMAP daemon (imapd) in MailEnable ...)
	NOT-FOR-US: MailEnable
CVE-2005-2277 (Bluetooth FTP client (BTFTP) in Nokia Affix 2.1.2 and 3.2.0 allows ...)
	{DSA-762-1}
	- affix 2.1.2-2 (bug #318328; medium)
CVE-2005-2276 (Cross-site scripting (XSS) vulnerability in Novell Groupwise WebAccess ...)
	NOT-FOR-US: Novell Groupwise WebAccess
CVE-2004-2284 (The read_list_from_file function in vacation.pl for OpenWebmail before ...)
	NOT-FOR-US: OpenWebmail
CVE-2004-2283 (Unknown vulnerability in DansGuardian before 2.6.1-13 allows remote ...)
	- dansguardian 2.6.1-13 (medium)
CVE-2004-2282 (DansGuardian before 2.7.7-2 allows remote attackers to bypass URL ...)
	- dansguardian 2.7.7-2
CVE-2004-2281 (Multiple unknown vulnerabilities in IBM Lotus Notes 6.5.x before 6.5.4 ...)
	NOT-FOR-US: IBM Lotus Notes
CVE-2004-2280 (Buffer overflow in IBM Lotus Notes 6.5.x before 6.5.3 and 6.0.x before ...)
	NOT-FOR-US: IBM Lotus Notes
CVE-2004-2279 (Cross-site scripting (XSS) vulnerability in Invision Power Board 1.3 ...)
	NOT-FOR-US: Invision Power Board
CVE-2004-2278 (Unknown cross-site scripting (XSS) vulnerability in the web GUI in ...)
	NOT-FOR-US: vHost
CVE-2004-2277 (Buffer overflow in aGSM Half-Life client allows remote Half-Life ...)
	NOT-FOR-US: aGSM Half-Life
CVE-2004-2276 (F-Secure Anti-Virus 5.41 and 5.42 on Windows, Client Security 5.50 and ...)
	NOT-FOR-US: F-Secure Anti-Virus
CVE-2004-2275 (i-mall.cgi in I-Mall Commerce allows remote attackers to execute ...)
	NOT-FOR-US: I-Mall Commerce
CVE-2004-2274 (Unknown vulnerability in Jigsaw before 2.2.4 has unknown impact and ...)
	NOT-FOR-US: w3m Jigsaw
CVE-2004-2273 (efFingerD 0.2.12 allows remote attackers to cause a denial of service ...)
	NOT-FOR-US: efFingerD
CVE-2004-2272 (Buffer overflow in the sockFinger_DataArrival function in efFingerD ...)
	NOT-FOR-US: efFingerD
CVE-2004-2271 (Buffer overflow in MiniShare 1.4.1 and earlier allows remote attackers ...)
	NOT-FOR-US: MiniShare
CVE-2004-2270 (Unknown vulnerability in IBM Parallel Environment (PE) 3.2 and 4.1 ...)
	NOT-FOR-US: IBM Parallel Environment
CVE-2004-2269 (Stack-based buffer overflow in pads.c in Passive Asset Detection ...)
	- pads 1.1.1 (high)
CVE-2004-2268 (PimenGest2 before 1.1.1 allows remote attackers to obtain the database ...)
	NOT-FOR-US: PimenGest2
CVE-2004-2267 (Cross-site scripting (XSS) vulnerability in Ansel 2.1 and earlier ...)
	NOT-FOR-US: Ansel
CVE-2004-2266 (SQL injection vulnerability in Ansel 2.1 and earlier allows remote ...)
	NOT-FOR-US: Ansel
CVE-2004-2265 (UUDeview 0.5.20 and earlier handles temporary files insecurely during ...)
	- uudeview 0.5.20-2.1 (bug #320541; low)
	[sarge] - uudeview <no-dsa> (Hardly exploitable)
	NOTE: dnprogs apparetly not vulnerable, unsafe code is not called (#358500)
CVE-2004-2264 (** DISPUTED ** ...)
	- less <not-affected> (less is not suid, explotability unlikely)
CVE-2004-2263 (SQL injection vulnerability in the valid function in fr_left.php in ...)
	NOT-FOR-US: PlaySMS
CVE-2004-2262 (ImageManager in e107 before 0.617 does not properly check the types of ...)
	NOT-FOR-US: e107
CVE-2004-2261 (Cross-site scripting (XSS) vulnerability in e107 allows remote ...)
	NOT-FOR-US: e107
CVE-2004-2260 (Opera Browser 7.23, and other versions before 7.50, updates the ...)
	NOT-FOR-US: Opera
CVE-2004-2259 (vsftpd before 1.2.2, when under heavy load, allows attackers to cause ...)
	- vsftpd 2.0.1-1 (low)
CVE-2004-2258 (Xconfig in Hummingbird Exceed before 9.0.0.1, when the Screen ...)
	NOT-FOR-US: Hummingbird Exceed
CVE-2004-2257 (phpMyFAQ 1.4.0 allows remote attackers to access the Image Manager to ...)
	NOT-FOR-US: phpMyFAQ
CVE-2004-2256 (Directory traversal vulnerability in phpMyFAQ 1.4.0 alpha allows ...)
	NOT-FOR-US: phpMyFAQ
CVE-2004-2255 (Directory traversal vulnerability in phpMyFAQ 1.3.12 allows remote ...)
	NOT-FOR-US: phpMyFAQ
CVE-2004-2254 (SurgeLDAP 1.0g (Build 12), and possibly other versions before 1.0h, ...)
	NOT-FOR-US: SurgeLDAP
CVE-2004-2253 (Directory traversal vulnerability in user.cgi in SurgeLDAP 1.0g and ...)
	NOT-FOR-US: SurgeLDAP
CVE-2004-2252 (The firewall in Astaro Security Linux before 4.024 sends responses to ...)
	NOT-FOR-US: Astaro suite
CVE-2004-2251 (The PPTP server in Astaro Security Linux before 4.024 provides ...)
	NOT-FOR-US: Astaro suite
CVE-2004-2250 (Unknown vulnerability in the &quot;access code&quot; in RemoteEditor before ...)
	NOT-FOR-US: RemoteEditor
CVE-2004-2249 (Unknown vulnerability in the &quot;access code&quot; in SecureEditor before ...)
	NOT-FOR-US: SecureEditor
CVE-2004-2248 (Unknown vulnerability in RemoteEditor before 0.1.1 has unknown impact ...)
	NOT-FOR-US: RemoteEditor
CVE-2004-2247 (Unknown vulnerability in the &quot;admin of paypal email addresses&quot; in ...)
	NOT-FOR-US: AudienceConnect
CVE-2004-2246 (Cross-site scripting (XSS) vulnerability in Goollery before 0.04b ...)
	NOT-FOR-US: Goollery
CVE-2004-2245 (Cross-site scripting (XSS) vulnerability in Goollery 0.03 allows ...)
	NOT-FOR-US: Goollery
CVE-2004-2244 (The XML parser in Oracle 9i Application Server Release 2 9.0.3.0 and ...)
	NOT-FOR-US: Oracle
CVE-2004-2243 (Phorum allows remote attackers to hijack sessions of other users by ...)
	NOT-FOR-US: Phorum
CVE-2004-2242 (Cross-site scripting (XSS) vulnerability in search.php in Phorum, ...)
	NOT-FOR-US: Phorum
CVE-2004-2241 (Cross-site scripting (XSS) vulnerability in Phorum 5.0.11 and earlier ...)
	NOT-FOR-US: Phorum
CVE-2004-2240 (Multiple SQL injection vulnerabilities in Phorum 5.0.11 and earlier ...)
	NOT-FOR-US: Phorum
CVE-2004-2239 (Buffer overflow in vsybase.c in vpopmail 5.4.2 and earlier might allow ...)
	- vpopmail <unfixed> (bug #320608; low)
CVE-2005-XXXX [SQL injecton vulnerabilities in vpopmail prior to 5.4.6]
	NOTE: see http://archives.neohapsis.com/archives/bugtraq/2004-08/0286.html
	NOTE: maintainer says does not apply to debian, see #320608
CVE-2004-2238 (** DISPUTED ** ...)
	NOTE: format string vuln in vpopmail doesn't seem to be real
CVE-2004-2237 (Unknown vulnerability in Moodle before 1.3.4 has unknown impact and ...)
	- moodle 1.4-1
CVE-2004-2236 (Unknown vulnerability in Moodle before 1.3.3 has unknown impact and ...)
	- moodle 1.3.3-1
CVE-2004-2235 (Unknown vulnerability in Moodle before 1.2 has unknown impact and ...)
	- moodle 1.2.1-1
CVE-2004-2234 (Unknown vulnerability in Moodle before 1.2 allows teachers to log in ...)
	- moodle 1.2.1-1
CVE-2004-2233 (Unknown &quot;front page vulnerability with Moodle servers&quot; for Moodle ...)
	- moodle 1.3.2-1
CVE-2004-2232 (SQL injection vulnerability in sql.php in the Glossary module in ...)
	- moodle 1.4.2-1
CVE-2004-2231 (Zero G Software InstallAnywhere 5.0.6, 5.0.7, and earlier allows local ...)
	NOT-FOR-US: InstallAnywhere
CVE-2004-2230 (Heap-based buffer overflow in isakmpd on OpenBSD 3.4 through 3.6 ...)
	NOT-FOR-US: OpenBSD
CVE-2004-2229 (Multiple unknown vulnerabilities in Oracle 9i Lite Mobile Server ...)
	NOT-FOR-US: Oracle
CVE-2004-2228 (Mozilla Firefox before 1.0 is installed with world-writable ...)
	- mozilla-firefox <not-affected> (Only affects Firefox on MacOS)
CVE-2004-2227 (Mozilla Firefox before 1.0 truncates long filenames in the file ...)
	- mozilla-firefox 1.0-1
CVE-2004-2226 (Mozilla Mail 1.7.1 and 1.7.3, and Thunderbird before 0.9, when ...)
	- mozilla-thunderbird 1.0-3
CVE-2004-2225 (Mozilla Firefox before 0.10.1 allows remote attackers to delete ...)
	- mozilla-firefox 0.99+1.0RC1-1
CVE-2004-2224 (Appfoundry Message Foundry 2.75 .0003 allows remote attackers to cause ...)
	NOT-FOR-US: Message Foundry
CVE-2004-2223 (FsPHPGallery before 1.2 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: FsPHPGallery
CVE-2004-2222 (Directory traversal vulnerability in index.php in FsPHPGallery before ...)
	NOT-FOR-US: FsPHPGallery
CVE-2004-2221 (Buffer overflow in SoftCart.exe in Mercantec SoftCart 4.00b allows ...)
	NOT-FOR-US: SoftCart
CVE-2004-2220 (F-Secure Anti-Virus for Microsoft Exchange 6.30 and 6.31 does not ...)
	NOT-FOR-US: F-Secure Anti-Virus
CVE-2004-2219 (Microsoft Internet Explorer 6 allows remote attackers to spoof the ...)
	NOT-FOR-US: Microsoft
CVE-2004-2218 (SQL injection vulnerability in pmwh.php in PHPMyWebHosting 0.3.4 and ...)
	NOT-FOR-US: PHPMyWebHosting
CVE-2004-2217 (Multiple unknown vulnerabilities in yhttpd in yChat before 0.7 allow ...)
	NOT-FOR-US: yChat
CVE-2004-2216 (Unknown vulnerability in Sun Java System Web Server 6.0 SP7 and ...)
	NOT-FOR-US: Sun Java
CVE-2004-2215 (RXVT-Unicode 3.4 and 3.5 does not properly close file descriptors, ...)
	- rxvt-unicode 3.8-1
CVE-2004-2214 (Mbedthis AppWeb HTTP server before 1.1.3 allows remote attackers to ...)
	NOT-FOR-US: AppWeb HTTP server
CVE-2004-2213 (Mbedthis AppWeb HTTP server before 1.1.3 allows remote attackers to ...)
	NOT-FOR-US: AppWeb HTTP server
CVE-2005-XXXX [Integer overflow in ffmpeg's MPEG encoding]
	- ffmpeg 0.cvs20050811-1 (bug #320150; medium)
CVE-2005-XXXX [xgalaga score file segfault]
	- xgalaga 2.0.34-31 (bug #319686; low)
	[sarge] - xgalaga <no-dsa> (Minor issue)
CVE-2005-XXXX [xemeraldia games file overwrite]
	- xemeraldia 0.4-1 (bug #319661; low)
	[sarge] - xemeraldia <no-dsa> (Very minor issue)
CVE-2005-2335 (Buffer overflow in the POP3 client in Fetchmail before 6.2.5.2 allows ...)
	{DSA-774-1}
	NOTE: previous fix in -15 was broken
	- fetchmail 6.2.5-16 (bug #320357; bug #212762; medium)
CVE-2005-2320 (WebCalendar before 1.0.0 does not properly restrict access to ...)
	{DSA-766-1}
	- webcalendar 0.9.45-7 (bug #315671; medium)
CVE-2005-2437 (Website Baker Project does not properly verify the file extensions of ...)
	NOT-FOR-US: Website Baker
CVE-2005-2275
	RESERVED
CVE-2005-2274 (Microsoft Internet Explorer 6.0 does not clearly associate a ...)
	NOT-FOR-US: MSIE
CVE-2005-2273 (Opera 7.x and 8 before 8.01 does not clearly associate a Javascript ...)
	NOT-FOR-US: Opera
CVE-2005-2272 (Safari version 2.0 (412) does not clearly associate a Javascript ...)
	NOT-FOR-US: Sfari
CVE-2005-2271 (iCab 2.9.8 does not clearly associate a Javascript dialog box with the ...)
	NOT-FOR-US: iCab
CVE-2005-2270 (Firefox before 1.0.5 and Mozilla before 1.7.9 does not properly clone ...)
	{DSA-810-1 DSA-779-2 DSA-781-1 DSA-779-1 DTSA-8-2 DTSA-14-1}
	- mozilla-firefox 1.0.5-1 (high)
	- mozilla 2:1.7.9-1 (bug #318062; bug #325851; high)
	- mozilla-thunderbird 1.0.6-1 (high)
CVE-2005-2269 (Firefox before 1.0.5, Mozilla before 1.7.9, and Netscape 8.0.2 does ...)
	{DSA-810-1 DSA-779-2 DSA-781-1 DSA-779-1 DTSA-8-2 DTSA-14-1}
	- mozilla-firefox 1.0.5-1 (high)
	- mozilla 2:1.7.9-1 (medium; bug #318062)
	- mozilla-thunderbird 1.0.6-1 (medium; bug #318728)
CVE-2005-2268 (Firefox before 1.0.5 and Mozilla before 1.7.9 does not clearly ...)
	{DSA-810-1 DSA-779-2 DSA-779-1 DTSA-8-2 DTSA-14-1}
	- mozilla-firefox 1.0.5-1 (medium)
	- mozilla 2:1.7.9-1 (medium; bug #318062)
CVE-2005-2267 (Firefox before 1.0.5 allows remote attackers to steal information and ...)
	{DSA-779-2 DSA-779-1 DTSA-8-2}
	- mozilla-firefox 1.0.4-2sarge3 (medium)
CVE-2005-2266 (Firefox before 1.0.5 and Mozilla before 1.7.9 allows a child frame to ...)
	{DSA-810-1 DSA-779-2 DSA-781-1 DSA-779-1 DTSA-8-2 DTSA-14-1}
	- mozilla-firefox 1.0.5-1 (medium)
	- mozilla 2:1.7.9-1 (medium; bug #318062)
	- mozilla-thunderbird 1.0.6-1 (low; bug #318728)
CVE-2005-2265 (Firefox before 1.0.5, Mozilla before 1.7.9, and Netscape 8.0.2 and 7.2 ...)
	{DSA-810-1 DSA-779-2 DSA-781-1 DSA-779-1 DTSA-8-2 DTSA-14-1}
	- mozilla-firefox 1.0.5-1 (high)
	- mozilla 2:1.7.9-1 (medium; bug #318062)
	- mozilla-thunderbird 1.0.6-1 (medium; bug #318728)
CVE-2005-2264 (Firefox before 1.0.5 allows remote attackers to steal sensitive ...)
	{DSA-779-2 DSA-779-1 DTSA-8-2}
	- mozilla-firefox 1.0.4-2sarge3 (medium)
CVE-2005-2263 (The InstallTrigger.install method in Firefox before 1.0.5 and Mozilla ...)
	{DSA-810-1 DSA-779-2 DSA-779-1 DTSA-8-2 DTSA-14-1}
	- mozilla-firefox 1.0.5-1 (medium)
	- mozilla 2:1.7.9-1 (medium; bug #318062)
CVE-2005-2262 (Firefox 1.0.3 and 1.0.4, and Netscape 8.0.2, allows remote attackers ...)
	{DSA-779-2 DSA-779-1 DTSA-8-2}
	- mozilla-firefox 1.0.4-2sarge3 (medium)
CVE-2005-2261 (Firefox before 1.0.5, Thunderbird before 1.0.5, Mozilla before 1.7.9, ...)
	{DSA-810-1 DSA-779-2 DSA-781-1 DSA-779-1 DTSA-8-2 DTSA-14-1}
	- mozilla-firefox 1.0.5-1 (medium)
	- mozilla 2:1.7.9-1 (medium; bug #318062)
	- mozilla-thunderbird 1.0.6-1 (medium; bug #318728)
CVE-2005-2260 (The browser user interface in Firefox before 1.0.5, Mozilla before ...)
	{DSA-810-1 DSA-779-2 DSA-779-1 DTSA-8-2 DTSA-14-1}
	- mozilla-firefox 1.0.5-1 (medium)
	- mozilla 2:1.7.9-1 (medium; bug #318062)
CVE-2002-2086 (Multiple cross-site scripting (XSS) vulnerabilities in magicHTML of ...)
	NOT-FOR-US: magicHTML
CVE-2002-2085 (Directory traversal vulnerability in page.cgi of WWWeBBB Forum 3.82 ...)
	NOT-FOR-US: WWWeBBB forum
CVE-2002-2084 (Directory traversal vulnerability in index.php of Portix 0.4.02 allows ...)
	NOT-FOR-US: Portix
CVE-2002-2083 (The Novell Netware client running on Windows 95 allows local users to ...)
	NOT-FOR-US: Novell Netware
CVE-2002-2082 (FTGate and FTGate Pro 1.05 lock user mailboxes before authentication ...)
	NOT-FOR-US: FTGate
CVE-2002-2081 (cphost.dll in Microsoft Site Server 3.0 allows remote attackers to ...)
	NOT-FOR-US: Microsoft
CVE-2002-2080 (Floositek FTGate PRO 1.05 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: FTGate
CVE-2002-2079 (mosix-protocol-stack in Multicomputer Operating System for UnIX ...)
	- kernel-patch-openmosix <removed> (bug #319621; low)
CVE-2002-2078 (Heap-based buffer overflow in Floositek (1) FTGate Pro 1.05 and (2) ...)
	NOT-FOR-US: FTGate
CVE-2002-2077 (The DCOM client in Windows 2000 before SP3 does not properly clear ...)
	NOT-FOR-US: Microsoft
CVE-2002-2076 (Directory traversal vulnerability in Lil' HTTP server 2.1 and 2.2 ...)
	NOT-FOR-US: Lil' HTTP server
CVE-2002-2075 (ICQ 2001a and 2002b allows remote attackers to cause a denial of ...)
	NOT-FOR-US: ICQ
CVE-2002-2074 (SQL injection vulnerability in Mailidx before 20020105 allows remote ...)
	NOT-FOR-US: Mailidx
CVE-2002-2073 (Cross-site scripting (XSS) vulnerability in the default ASP pages on ...)
	NOT-FOR-US: Microsoft
CVE-2002-2072 (java.security.AccessController in Sun Java Virtual Machine (JVM) in ...)
	NOT-FOR-US: Sun Java
CVE-2002-2071 (Compaq Tru64 4.0 d allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Tru64
CVE-2002-2070 (SecureClean 3 build 2.0 does not clear Windows alternate data streams ...)
	NOT-FOR-US: SecureClean
CVE-2002-2069 (PGP 6.x and 7.x does not clear Windows alternate data streams that are ...)
	NOT-FOR-US: Proprietary PGP
CVE-2002-2068 (Eraser 5.3 does not clear Windows alternate data streams that are ...)
	NOT-FOR-US: Eraser
CVE-2002-2067 (East-Tec Eraser 2002 does not clear Windows alternate data streams ...)
	NOT-FOR-US: Eraser
CVE-2002-2066 (BestCrypt BCWipe 1.0.7 and 2.0 through 2.35.1 does not clear Windows ...)
	NOT-FOR-US: BCWipe
CVE-2002-2065 (WebCalendar 0.9.34 and earlier with 'browsing in includes directory' ...)
	NOT-FOR-US: WebCalender
CVE-2002-2064 (isadmin.php in PhpWebGallery 1.0 allows remote attackers to gain ...)
	NOT-FOR-US: PhpWebGallery
CVE-2002-2063 (AtGuard 3.2 allows remote attackers to bypass firwall filters and ...)
	NOT-FOR-US: AtGuard
CVE-2002-2062 (Cross-site scripting (XSS) vulnerability in ftp.htt in Internet ...)
	NOT-FOR-US: Microsoft
CVE-2002-2061 (Heap-based buffer overflow in Netscape 6.2.3 and Mozilla 1.0 and ...)
	NOTE: fixed in upstream 1.0.1
	NOTE: see http://www.mozilla.org/releases/mozilla1.0.1/security-fixes-1.0.1.html
	- mozilla 2:1.1-1 (low)
CVE-2002-2060 (Buffer overflow in Links 2.0 pre4 allows remote attackers to crash ...)
	- links2 <not-affected> (Fixed before upload into archiv; 2.0pre5)
CVE-2002-2059 (BIOS D845BG, D845HV, D845PT and D845WN on Intel motherboards does not ...)
	NOT-FOR-US: Intel motherboards
CVE-2002-2058 (TeeKai Tracking Online 1.0 uses weak encryption of web usage ...)
	NOT-FOR-US: TeeKai
CVE-2002-2057 (TeeKai Forum 1.2 uses weak encryption of web usage statistics in ...)
	NOT-FOR-US: TeeKai
CVE-2002-2056 (Cross-site scripting (XSS) vulnerability in TeeKai Forum 1.2 allows ...)
	NOT-FOR-US: TeeKai
CVE-2002-2055 (Cross-site scripting (XSS) vulnerability in userlog.php in TeeKai ...)
	NOT-FOR-US: TeeKai
CVE-2002-2054 (TeeKai Forum 1.2 allows remote attackers to authenticate as the ...)
	NOT-FOR-US: TeeKai
CVE-2002-2053 (The design of the Hot Standby Routing Protocol (HSRP), as implemented ...)
	NOT-FOR-US: Cisco
CVE-2002-2052 (Cisco 2611 router running IOS 12.1(6.5), possibly an interim release, ...)
	NOT-FOR-US: Cisco
CVE-2002-2051 (The processor_web plugin for ModLogAn 0.5.0 through 0.7.11, when used ...)
	- modlogan 0.7.12-1 (low)
CVE-2002-2050 (Directory traversal vulnerability in processor_web plugin for ModLogAn ...)
	- modlogan 0.7.12-1 (low)
CVE-2002-2049 (configure for Dsniff 2.3, fragroute 1.2, and fragrouter 1.6, when ...)
	NOTE: one day upstream webserver compromise
CVE-2002-2048 (Buffer overflow in PFinger 0.7.8 client allows remote attackers to ...)
	NOT-FOR-US: PFinger
CVE-2002-2047 (The file preview functionality in Sketch 0.6.12 and earlier allows ...)
	- sketch 0.6.13-1 (low)
CVE-2002-2046 (x_news.php in X-News (x_news) 1.1 and earlier allows remote attackers ...)
	NOT-FOR-US: X-News
CVE-2002-2045 (x_stat_admin.php in x-stat 2.3 and earlier allows remote attackers to ...)
	NOT-FOR-US: x-stat
CVE-2002-2044 (Cross-site scripting (XSS) vulnerability in x_stat_admin.php in x-stat ...)
	NOT-FOR-US: x-stat
CVE-2002-2043 (SQL injection vulnerability in the LDAP and MySQL authentication patch ...)
	NOTE: old patch
CVE-2002-2042 (ptrace in the QNX realtime operating system (RTOS) 4.25 and 6.1.0 ...)
	NOT-FOR-US: QNX
CVE-2002-2041 (Multiple buffer overflows in realtime operating system (RTOS) 6.1.0 ...)
	NOT-FOR-US: QNX
CVE-2002-2040 (The (1) phrafx and (2) phgrafx-startup programs in QNX realtime ...)
	NOT-FOR-US: QNX
CVE-2002-2039 (/bin/su in QNX realtime operating system (RTOS) 4.25 and 6.1.0 allows ...)
	NOT-FOR-US: QNX
CVE-2002-2038 (Next Generation POSIX Threading (NGPT) 1.9.0 uses a filesystem-based ...)
	NOT-FOR-US: NGPT
	NOTE: http://lists.debian.org/debian-user/2003/10/msg03627.html
	NOTE: NPTL does not have this problem.
CVE-2002-2037 (The Cisco Media Gateway Controller (MGC) in (1) SC2200 7.4 and ...)
	NOT-FOR-US: Cisco
CVE-2002-2036 (Sun Ray Server Software (SRSS) 1.3, when Non-Smartcard Mobility (NSCM) ...)
	NOT-FOR-US: Sun
CVE-2002-2035 (SQL injection vulnerability in RealityScape MyLogin 2000 1.0.0 and ...)
	NOT-FOR-US: RealityScape
CVE-2002-2034 (The Email Sanitizer before 1.133 for Procmail allows remote attackers ...)
	NOT-FOR-US: Email Sanitizer
CVE-2002-2033 (faqmanager.cgi in FAQManager 2.2.5 and earlier allows remote attackers ...)
	NOT-FOR-US: FAQManager
CVE-2002-2032 (sql_layer.php in PHP-Nuke 5.4 and earlier does not restrict access to ...)
	NOT-FOR-US: PHPNuke
CVE-2002-2031 (Internet Explorer 5.0, 5.0.1 and 5.5 with JavaScript execution enabled ...)
	NOT-FOR-US: Microsoft
CVE-2002-2030 (Stack-based buffer overflow in SQLData Enterprise Server 3.0 allows ...)
	NOT-FOR-US: Microsoft
CVE-2002-2029 (PHP, when installed on Windows with Apache and ScriptAlias for /php/ ...)
	NOT-FOR-US: PHP, Mircrosoft
CVE-2002-2028 (The screensaver on Windows NT 4.0, 2000, XP, and 2002 does not verify ...)
	NOT-FOR-US: Microsoft
CVE-2002-2027 (Database of Our Owlish Wisdom (DOOW) 0.1 through 0.2.1 does not ...)
	NOT-FOR-US: DOOW
CVE-2002-2026 (Buffer overflow in BrowseFTP 1.62 client allows remote FTP servers to ...)
	NOT-FOR-US: BrowseFTP
CVE-2002-2025 (Lotus Domino server 5.0.9a and earlier allows remote attackers to ...)
	NOT-FOR-US: Lotus Domino
CVE-2002-2024 (Horde IMP 2.2.7 allows remote attackers to obtain the full web root ...)
	- imp 3:2.2.6-5 (high)
CVE-2002-2023 (The get_parameter_from_freqency_source function in beep2 1.0, 1.1 and ...)
	NOT-FOR-US: We use the OTHER beep program :P
CVE-2002-2022 (Format string vulnerability in Kaffe OpenVM 1.0.6 and earlier allows ...)
	NOTE: only affects old-stable
CVE-2002-2021 (Cross-site scripting (XSS) vulnerability in WoltLab Burning Board ...)
	NOT-FOR-US: wbboard
CVE-2002-2020 (Netgear RP114 Cable/DSL Web Safe Router Firmware 3.26 uses a default ...)
	NOT-FOR-US: Netgear hardware
CVE-2002-2019 (PHP remote file inclusion vulnerability in include_once.php in ...)
	NOT-FOR-US: osCommerce
CVE-2002-2018 (sastcpd in SAS/Base 8.0 might allow local users to gain privileges by ...)
	NOT-FOR-US: SAS/Base
CVE-2002-2017 (sastcpd in SAS/Base 8.0 allows local users to execute arbitrary code ...)
	NOT-FOR-US: SAS/Base
CVE-2002-2016 (User-mode Linux (UML) 2.4.17-8 does not restrict access to kernel ...)
	- user-mode-linux 2.4.17-9 (high)
CVE-2002-2015 (PHP file inclusion vulnerability in user.php in PostNuke 0.703 allows ...)
	NOT-FOR-US: PostNuke
CVE-2002-2014 (Lotus Domino 5.0.8 web server returns different error messages when a ...)
	NOT-FOR-US: Lotus Domino
CVE-2002-2013 (Mozilla 0.9.6 and earlier and Netscape 6.2 and earlier allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-2012 (Unknown vulnerability in Apache 1.3.19 running on HP Secure OS for ...)
	NOT-FOR-US: Apache
CVE-2002-2011 (Cross-site scripting (XSS) vulnerability in the fom CGI program ...)
	NOT-FOR-US: faqomatic
CVE-2002-2010 (Cross-site scripting (XSS) vulnerability in htsearch.cgi in htdig ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-2009 (Apache Tomcat 4.0.1 allows remote attackers to obtain the web root ...)
	NOT-FOR-US: Tomcat
CVE-2002-2008 (Apache Tomcat 4.0.3 for Windows allows remote attackers to obtain the ...)
	NOT-FOR-US: Tomcat
CVE-2002-2007 (The default installations of Apache Tomcat 3.2.3 and 3.2.4 allows ...)
	NOT-FOR-US: Tomcat
CVE-2002-2006 (The default installation of Apache Tomcat 4.0 through 4.1 and 3.0 ...)
	NOT-FOR-US: Tomcat
CVE-2002-2005 (Unknown vulnerability in Java web start 1.0.1_01, 1.0.1, 1.0 and ...)
	NOT-FOR-US: Sun
CVE-2002-2004 (portmapper in Compaq Tru64 4.0G and 5.0A allows remote attackers to ...)
	NOT-FOR-US: Compaq
CVE-2002-2003 (ypbind in Compaq Tru64 4.0F, 4.0G, 5.0A, 5.1 and 5.1A allows remote ...)
	NOT-FOR-US: Compaq
CVE-2002-2002 (Buffer overflow in libc in Compaq Tru64 4.0F, 5.0, 5.1 and 5.1A allows ...)
	NOT-FOR-US: Compaq
CVE-2002-2001 (jmcce 1.3.8 in Mandrake 8.1 creates log files in /tmp with predictable ...)
	NOT-FOR-US: jmcce
CVE-2002-2000 (ACMS 4.3 and 4.4 in OpenVMS Alpha 7.2 and 7.3 does not properly use ...)
	NOT-FOR-US: OpenVMS
CVE-2002-1999 (HP Praesidium Webproxy 1.0 running on HP-UX 11.04 VVOS could allow ...)
	NOT-FOR-US: VVOS
CVE-2002-1998 (Buffer overflow in rpc.cmsd in SCO UnixWare 7.1.1 and Open UNIX 8.0.0 ...)
	NOT-FOR-US: UnixWare
CVE-2002-1997 (ZoneAlarm Pro 3.0 MailSafe allows remote attackers to bypass filtering ...)
	NOT-FOR-US: ZoneAlarm
CVE-2002-1996 (Cross-site scripting (XSS) vulnerability in PostNuke 0.71 and earlier ...)
	NOT-FOR-US: Postnuke
CVE-2002-1995 (Cross-site scripting (XSS) vulnerability in phptonuke.php for PHP-Nuke ...)
	NOT-FOR-US: Postnuke
CVE-2002-1994 (advserver.exe in Advanced Web Server (AdvServer) Professional 1.030000 ...)
	NOT-FOR-US: Windows
CVE-2002-1993 (webbbs_post.pl in WebBBS 4 and 5.0 allows remote attackers to execute ...)
	NOT-FOR-US: WebBBS
CVE-2002-1992 (Buffer overflow in jrun.dll in ColdFusion MX, when used with IIS 4 or ...)
	NOT-FOR-US: Windows
CVE-2002-1991 (PHP file inclusion vulnerability in osCommerce 2.1 execute arbitrary ...)
	NOT-FOR-US: osCommerce
CVE-2002-1990 (Resin 2.0.5 through 2.1.2 allows remote attackers to reveal physical ...)
	NOT-FOR-US: Resin
CVE-2002-1989 (Resin 2.1.1 allows remote attackers to cause a denial of service ...)
	NOT-FOR-US: Resin
CVE-2002-1988 (Resin 2.1.1 allows remote attackers to cause a denial of service ...)
	NOT-FOR-US: Resin
CVE-2002-1987 (Directory traversal vulnerability in view_source.jsp in Resin 2.1.2 ...)
	NOT-FOR-US: Resin
CVE-2001-1572 (The MAC module in Netfilter in Linux kernel 2.4.1 through 2.4.11, when ...)
	NOTE: presumably fixed in linux 2.4.12
CVE-2001-1571 (The Remote Desktop client in Windows XP sends the most recent user ...)
	NOT-FOR-US: Microsoft
CVE-2001-1570 (Windows XP with fast user switching and account lockout enabled allows ...)
	NOT-FOR-US: Microsoft
CVE-2001-1569 (Openwave WAP gateway does not verify the fully qualified domain name ...)
	NOT-FOR-US: Openwave WAP gateway
CVE-2001-1568 (CMG WAP gateway does not verify the fully qualified domain name URL ...)
	NOT-FOR-US: CMG WAP gateway
CVE-2001-1567 (Lotus Domino server 5.0.9a and earlier allows remote attackers to ...)
	NOT-FOR-US: Lotus Domino
CVE-2001-1566 (Format string vulnerability in libvanessa_logger 0.0.1 in Perdition ...)
	- vanessa-logger 0.0.2
CVE-2001-1565 (Point to Point Protocol daemon (pppd) in MacOS x 10.0 and 10.1 through ...)
	NOT-FOR-US: MacOS
CVE-2001-1564 (setrlimit in HP-UX 10.01, 10.10, 10.24, 10.20, 11.00, 11.04 and 11.11 ...)
	NOT-FOR-US: HP-UX
CVE-2001-1563 (Unknown vulnerability in Tomcat 3.2.1 running on HP Secure OS for ...)
	NOT-FOR-US: Tomcat 3.2.1 running on HP Secure OS
CVE-2001-1562 (Format string vulnerability in nvi before 1.79 allows local users to ...)
	- nvi 1.79-16a.1
	NOTE: was DSA 085
CVE-2001-1561 (Buffer overflow in Xvt 2.1 in Debian Linux 2.2 allows local users to ...)
	NOTE: DSA 082
	- xvt 2.1-13
CVE-2001-1560 (Win32k.sys (aka Graphics Device Interface (GDI)) in Windows 2000 and ...)
	NOT-FOR-US: Microsoft
CVE-2001-1559 (The uipc system calls (uipc_syscalls.c) in OpenBSD 2.9 and 3.0 provide ...)
	NOT-FOR-US: OpenBSD
CVE-2001-1558 (Unknown vulnerability in IP defragmenter (frag2) in Snort before 1.8.3 ...)
	- snort 1.8.3
CVE-2001-1557 (Buffer overflow in ftpd in IBM AIX 4.3 and 5.1 allows attackers to ...)
	NOT-FOR-US: AIX
CVE-2001-1556 (The log files in Apache web server contain information directly ...)
	NOTE: documented issue in apache, unlikely to be changed
	NOTE: see http://httpd.apache.org/docs/logs.html
CVE-2001-1555 (pt_chmod in Solaris 8 does not call fdetach to reset terminal ...)
	NOT-FOR-US: Solaris
CVE-2001-1554 (IBM AIX 430 does not properly unlock IPPMTU_LOCK, which allows remote ...)
	NOT-FOR-US: AIX
CVE-2001-1553 (Buffer overflow in setiathome for SETI@home 3.03, if installed setuid, ...)
	- setiathome <not-affected> (not suid in debian)
CVE-2001-1552 (ssdpsrv.exe in Windows ME allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Microsoft
CVE-2001-1551 (Linux kernel 2.2.19 enables CAP_SYS_RESOURCE for setuid processes, ...)
	NOTE: no info in CVE db about fix
CVE-2001-1550 (CentraOne 5.2 and Centra ASP with basic authentication enabled creates ...)
	NOT-FOR-US: Centra
CVE-2001-1549 (Tiny Personal Firewall 1.0 and 2.0 allows local users to bypass ...)
	NOT-FOR-US: Tiny Personal Firewall
CVE-2001-1548 (ZoneAlarm 2.1 through 2.6 and ZoneAlarm Pro 2.4 and 2.6 allows local ...)
	NOT-FOR-US: Tiny Personal Firewall
CVE-2001-1547 (Outlook Express 6.0, with &quot;Do not allow attachments to be saved or ...)
	NOT-FOR-US: Outlook
CVE-2001-1546 (Pathways Homecare 6.5 uses weak encryption for user names and ...)
	NOT-FOR-US: Pathways Homecare
CVE-2001-1545 (Macromedia JRun 3.0 and 3.1 appends the jsessionid to URL requests ...)
	NOT-FOR-US: Macromedia JRun
CVE-2001-1544 (Directory traversal vulnerability in Macromedia JRun Web Server (JWS) ...)
	NOT-FOR-US: Macromedia JRun
CVE-2001-1543 (Axis network camera 2120, 2110, 2100, 200+ and 200 contains a default ...)
	NOT-FOR-US: Axis network camera
CVE-2001-1542 (NAI WebShield SMTP 4.5 and possibly 4.5 MR1a does not filter ...)
	NOT-FOR-US: NAI WebShield SMTP
CVE-2001-1541 (Buffer overflow in Unix-to-Unix Copy Protocol (UUCP) in BSDI BSD/OS ...)
	NOT-FOR-US: BSDI UUCP
CVE-2001-1540 (IPRoute 0.973, 0.974 and 1.18 allows remote attackers to cause a ...)
	NOT-FOR-US: IPRoute router software
	NOTE: This is not for iproute/iproute2.
	NOTE: From Chris Gragsone's message on BUGTRAQ:
	NOTE: "IPRoute, by David F. Mischler, is PC-based router software
	NOTE: "for networks running the Internet Protocol (IP)."
CVE-2001-1539 (The JavaScript settimeout function in Internet Explorer allows remote ...)
	NOT-FOR-US: MSIE
CVE-2001-1538 (SpeedXess HA-120 DSL router has a default administrative password of ...)
	NOT-FOR-US: SpeedXess HA-120 DSL router
CVE-2001-1537 (The default &quot;basic&quot; security setting' in config.php for TWIG webmail ...)
	NOTE: current twig package seems to have secure cookies enabled
	NOTE: still uses "basic" security setting.
CVE-2001-1536 (Autogalaxy stores usernames and passwords in cleartext in cookies, ...)
	NOT-FOR-US: Autogalaxy
CVE-2001-1535 (Slashcode 2.0 creates new accounts with an 8-character random ...)
	- slash 2.2.6-8 (bug #328927; low)
	[sarge] - slash <no-dsa> (Lack of a security feature, minor security problem)
CVE-2001-1534 (mod_usertrack in Apache 1.3.11 through 1.3.20 generates session ID's ...)
	- apache <unfixed> (bug #328919; unimportant)
	- apache2 <unfixed> (unimportant)
	NOTE: Cookies are only used for invading user privacy,
	NOTE: not for authentication, so apache and apache2 should be fine.
CVE-2001-1533 (** DISPUTED * ...)
	NOT-FOR-US: Microsoft
CVE-2001-1532 (WebX stores authentication information in the HTTP_REFERER variable, ...)
	NOT-FOR-US: WebX
CVE-2001-1531 (Buffer overflow in Claris Emailer 2.0v2 allows remote attackers to ...)
	NOT-FOR-US: Claris Emailer
CVE-2001-1530 (run.cgi in Webmin 0.80 and 0.88 creates temporary files with ...)
	NOTE: verified current webmin is ok
CVE-2001-1529 (Buffer overflow in rpc.yppasswdd (yppasswd server) in AIX allows ...)
	NOT-FOR-US: AIX
CVE-2001-1528 (AmTote International homebet program returns different error messages ...)
	NOT-FOR-US: AmTote International homebet
CVE-2001-1527 (easyNews 1.5 and earlier stores adminstration passwords in cleartext ...)
	NOT-FOR-US: easynews
CVE-2001-1526 (Cross-site scripting (XSS) vulnerability in the comments action in ...)
	NOT-FOR-US: easynews
CVE-2001-1525 (Directory traversal vulnerability in the comments action in easyNews ...)
	NOT-FOR-US: easynews
CVE-2001-1524 (Cross-site scripting (XSS) vulnerability in PHP-Nuke 5.3.1 and earlier ...)
	NOT-FOR-US: PHP-Nuke
CVE-2001-1523 (Cross-site scripting (XSS) vulnerability in the DMOZGateway module for ...)
	NOT-FOR-US: PHP-Nuke
CVE-2001-1522 (Cross-site scripting (XSS) vulnerability in im.php in IMessenger for ...)
	NOT-FOR-US: PHP-Nuke
CVE-2001-1521 (Cross-site scripting (XSS) vulnerability in user.php in PostNuke 0.64 ...)
	NOT-FOR-US: PHP-Nuke
CVE-2001-1520 (Xircom REX 6000 allows local users to obtain the 10 digit PIN by ...)
	NOT-FOR-US: Xircom REX
CVE-2001-1519 (** DISPUTED ** ...)
	NOT-FOR-US: RunAs
CVE-2001-1518 (RunAs (runas.exe) in Windows 2000 only creates one session instance at ...)
	NOT-FOR-US: RunAs
CVE-2001-1517 (** DISPUTED ** ...)
	NOT-FOR-US: RunAs
CVE-2001-1516 (Cross-site scripting (XSS) vulnerability in phpReview 0.9.0 rc2 and ...)
	NOT-FOR-US: phpReview
CVE-2001-1515 (Macintosh clients, when using NT file system volumes on Windows 2000 ...)
	NOT-FOR-US: Macintosh clients, when using NT file system volumes on Windows
CVE-2001-1514 (ColdFusion 4.5 and 5, when running on Windows with the advanced ...)
	NOT-FOR-US: ColdFusion
CVE-2001-1513 (Macromedia JRun 3.0 and 3.1 allows remote attackers to obtain ...)
	NOT-FOR-US: JRun
CVE-2001-1512 (Unknown vulnerability in Allaire JRun 3.1 allows remote attackers to ...)
	NOT-FOR-US: JRun
CVE-2001-1511 (JRun 3.0 and 3.1 running on JRun Web Server (JWS) and IIS allows ...)
	NOT-FOR-US: JRun
CVE-2001-1510 (Allaire JRun 2.3.3, 3.0 and 3.1 running on IIS 4.0 and 5.0, iPlanet, ...)
	NOT-FOR-US: JRun
CVE-2001-1509 (geteuid in Itanium Architecture (IA) running on HP-UX 11.20 does not ...)
	NOT-FOR-US: HP-UX
CVE-2001-1508 (Buffer overflow in lpstat in SCO OpenServer 5.0 through 5.0.6a allows ...)
	- lprng <not-affected> (Not suid in Debian)
	- cups <not-affected> (Not suid in Debian)
	- cupsys <not-affected> (Not suid in Debian)
CVE-2001-1507 (OpenSSH before 3.0.1 with Kerberos V enabled does not properly ...)
	- openssh 1:3.0.1
CVE-2000-1237 (The POP3 server in FTGate returns an -ERR code after receiving an ...)
	NOT-FOR-US: FTGate
CVE-2000-1236 (SQL injection vulnerability in mod_sql in Oracle Internet Application ...)
	NOT-FOR-US: Oracle
CVE-2000-1235 (The default configurations of (1) the port listener and (2) modplsql ...)
	NOT-FOR-US: Oracle
CVE-2000-1234 (violation.php3 in Phorum 3.0.7 allows remote attackers to send e-mails ...)
	NOT-FOR-US: Phorum
CVE-2000-1233 (SQL injection vulnerability in read.php3 and other scripts in Phorum ...)
	NOT-FOR-US: Phorum
CVE-2000-1232 (upgrade.php3 in Phorum 3.0.7 could allow remote attackers to modify ...)
	NOT-FOR-US: Phorum
CVE-2000-1231 (code.php3 in Phorum 3.0.7 allows remote attackers to read arbitrary ...)
	NOT-FOR-US: Phorum
CVE-2000-1230 (Backdoor in auth.php3 in Phorum 3.0.7 allows remote attackers to ...)
	NOT-FOR-US: Phorum
CVE-2000-1229 (Directory traversal vulnerability in Phorum 3.0.7 allows remote Phorum ...)
	NOT-FOR-US: Phorum
CVE-2000-1228 (Phorum 3.0.7 allows remote attackers to change the administrator ...)
	NOT-FOR-US: Phorum
CVE-2005-2259 (The dispallclosed2 function in dispallclosed.pl for multiple USANet ...)
	NOT-FOR-US: USANet
CVE-2005-2258 (PHP remote file inclusion vulnerability in photolist.inc.php in Squito ...)
	NOT-FOR-US: Squito Gallery
CVE-2005-2257 (The saveProfile function in PhpSlash 0.8.0 allows remote attackers to ...)
	NOT-FOR-US: PhpSlash
CVE-2005-2256 (Encoded directory traversal vulnerability in phpPgAdmin 3.1 to 3.5.3 ...)
	{DSA-759-1}
	- phppgadmin 3.5.4-1 (bug #318284; medium)
CVE-2005-2255 (Directory traversal vulnerability in PhpAuction 2.5 allows remote ...)
	NOT-FOR-US: PhpAuction
CVE-2005-2254 (Multiple cross-site scripting (XSS) vulnerabilities in PhpAuction 2.5 ...)
	NOT-FOR-US: PhpAuction
CVE-2005-2253 (SQL injection vulnerability in PhpAuction 2.5 allow remote attackers ...)
	NOT-FOR-US: PhpAuction
CVE-2005-2252 (PhpAuction 2.5 allows remote attackers to bypass authentication and ...)
	NOT-FOR-US: PhpAuction
CVE-2005-2251 (PHP remote file inclusion vulnerability in secure.php in ...)
	NOT-FOR-US: PHPSecurePages (phpSP)
CVE-2005-2250 (Buffer overflow in Bluetooth FTP client (BTFTP) in Nokia Affix 2.1.2 ...)
	{DSA-762-1}
	- affix 2.1.2-2 (bug #318327; medium)
CVE-2005-2249 (Multiple unknown vulnerabilities in Jinzora 2.0.1 have unknown impact ...)
	NOT-FOR-US: Jinzora
CVE-2005-2248 (Directory traversal vulnerability in DownloadProtect before 1.0.3 ...)
	NOT-FOR-US: DownloadProtect
CVE-2005-2247 (Multiple unknown vulnerabilities in Moodle before 1.5.1 have unknown ...)
	NOTE: no details available
	- moodle 1.5.1-1
CVE-2005-2246 (Multiple PHP remote file inclusion vulnerabilities in iPhotoAlbum 1.1 ...)
	NOT-FOR-US: iPhotoAlbum
CVE-2005-2245 (Unknown vulnerability in F5 BIG-IP 9.0.2 through 9.1 allows attackers ...)
	NOT-FOR-US: BIG-IP
CVE-2005-2244 (The aupair service (aupair.exe) in Cisco CallManager (CCM) 3.2 and ...)
	NOT-FOR-US: Cisco
CVE-2005-2243 (Memory leak in inetinfo.exe in Cisco CallManager (CCM) 3.2 and ...)
	NOT-FOR-US: Cisco
CVE-2005-2242 (Cisco CallManager (CCM) 3.2 and earlier, 3.3 before 3.3(5), 4.0 before ...)
	NOT-FOR-US: Cisco
CVE-2005-2241 (Cisco CallManager (CCM) 3.2 and earlier, 3.3 before 3.3(5), 4.0 before ...)
	NOT-FOR-US: Cisco
CVE-2005-2240 (xpvm.tcl in xpvm 1.2.5 allows local users to overwrite arbitrary files ...)
	{DSA-1003-1}
	- xpvm 1.2.5-8 (bug #318285; medium)
CVE-2005-2239 (oftpd 0.3.7 allows remote attackers to cause a denial of service via a ...)
	- oftpd 20040304-1 (bug #318286; medium)
	NOTE: This was fixed in the patch set maintained by Werner Koch, it's included
CVE-2005-2238 (ftpd in IBM AIX 5.1, 5.2 and 5.3 allows remote authenticated users to ...)
	NOT-FOR-US: AIX
CVE-2005-2237 (Format string vulnerability in the swcons command in IBM AIX 5.3, and ...)
	NOT-FOR-US: AIX
CVE-2005-2236 (Format string vulnerability in the paginit command in IBM AIX 5.3, and ...)
	NOT-FOR-US: AIX
CVE-2005-2235 (Buffer overflow in the diagTasksWebSM command in IBM AIX 5.1, 5.2 and ...)
	NOT-FOR-US: AIX
CVE-2005-2234 (Buffer overflow in the getlvname command in IBM AIX 5.1, 5.2 and 5.3, ...)
	NOT-FOR-US: AIX
CVE-2005-2233 (Buffer overflow in multiple &quot;p&quot; commands in IBM AIX 5.1, 5.2 and 5.3 ...)
	NOT-FOR-US: AIX
CVE-2005-2232 (Buffer overflow in invscout in IBM AIX 5.1.0 through 5.3.0 might allow ...)
	NOT-FOR-US: AIX
CVE-2005-2231 (High Availability Linux Project Heartbeat 1.2.3 allows local users to ...)
	{DSA-761-2}
	- heartbeat 1.2.3-12 (bug #318287; medium)
CVE-2005-2230 (Electronic Mail Operator (elmo) 1.3.2-r1 and earlier creates the ...)
	- elmo 1.3.0-1.1 (bug #318291; low)
	[sarge] - elmo <no-dsa> (Minor issue)
CVE-2005-2229 (Blog Torrent 0.92 and earlier stores sensitive files under the web ...)
	NOT-FOR-US: Blog Torrent
CVE-2005-2228 (Web Wiz Forums 7.9 and 8.0 allows remote attackers to view message ...)
	NOT-FOR-US: Web Wiz Forums
CVE-2005-2227 (Softiacom wMailserver 1.0 stores passwords in plaintext in the ...)
	NOT-FOR-US: Softiacom wMailserver
CVE-2005-2226 (Microsoft Outlook Express 6.0 leaks the default news server account ...)
	NOT-FOR-US: Outlook
CVE-2005-2225 (Microsoft MSN Messenger allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Microsoft
CVE-2005-2224 (aspnet_wp.exe in Microsoft ASP.NET web services allows remote ...)
	NOT-FOR-US: Microsoft
CVE-2005-2223 (Unknown vulnerability in the SMTP service in MailEnable Standard ...)
	NOT-FOR-US: MailEnable
CVE-2005-2222 (Unknown vulnerability in the HTTPMail service in MailEnable Professional ...)
	NOT-FOR-US: MailEnable
CVE-2005-2221 (** DISPUTED ** ...)
	NOT-FOR-US: Dragonfly
CVE-2005-2220 (** DISPUTED ** ...)
	NOT-FOR-US: Dragonfly
CVE-2005-2219 (Hosting Controller 6.1 Hotfix 2.1 allows remote authenticated users to ...)
	NOT-FOR-US: Hosting Controller
CVE-2005-2218 (The device file system (devfs) in FreeBSD 5.x does not properly check ...)
	- kfreebsd5-source 5.3-17 (medium)
CVE-2005-2217 (Dansie Shopping Cart stores the vars.dat file under the web root with ...)
	NOT-FOR-US: Dansie Shopping Cart
CVE-2005-2216 (PHP remote file inclusion vulnerability in gals.php in PhotoGal Photo ...)
	NOT-FOR-US: PhotoGal
CVE-2005-2215 (Cross-site scripting (XSS) vulnerability in MediaWiki before 1.4.x ...)
	- mediawiki 1.4.9
CVE-2005-2214 (apt-setup in Debian GNU/Linux installs the apt.conf file with insecure ...)
	- apt-setup <unfixed> (bug #305142; unimportant)
	NOTE: That's by design. We want to provide non-root users access to the source code,
	NOTE: thus it needs to be world-readable. Also, the password can't be too sensitive
	NOTE: as it'll be sent non-encrypted over the wire.
CVE-2005-2213 (Buffer overflow in the mms_interp_header function in mms.c in MMS ...)
	NOT-FOR-US: MMS Ripper
CVE-2005-2212 (Backup Manager 0.5.8a creates an archive repository with world ...)
	NOTE: duplicate of CVE-2005-1856
	NOTE: Mitre contacted - micah April 20, 2006
	NOTE: Mitre re-contacted - micah June 5, 2006
CVE-2005-2211 (Backup Manager 0.5.8a creates temporary files insecurely, which allows ...)
	NOTE: duplicate of CVE-2005-1855
	NOTE: Mitre contacted - micah April 20, 2006
	NOTE: Mitre re-contacted - micah June 5, 2006
CVE-2005-2210 (Stack-based buffer overflow in Internet Download Manager 4.05 allows ...)
	NOT-FOR-US: Internet Download Manager
CVE-2005-2209 (Capturix ScanShare 1.06 build 50 stores sensitive information such as ...)
	NOT-FOR-US: ScanShare
CVE-2005-2208 (PrivaShare 1.1b allows remote attackers to cause a denial of service ...)
	NOT-FOR-US: PrivaShare
CVE-2005-2207 (Cross-site scripting (XSS) vulnerability in store/login.asp in CartWIZ ...)
	NOT-FOR-US: CartWIZ
CVE-2005-2206 (Multiple SQL injection vulnerabilities in CartWIZ allow remote ...)
	NOT-FOR-US: CartWIZ
CVE-2005-2205 (The ReadLog function in kaiseki.cgi in pngren allows remote attackers ...)
	NOT-FOR-US: kaiseki.cgi
CVE-2005-2204 (Cross-site scripting (XSS) vulnerability in Computer Associates (CA) ...)
	NOT-FOR-US: SiteMinder
CVE-2005-2203 (login.php in phpWishlist before 0.1.15 allows remote attackers to ...)
	NOT-FOR-US: phpWishlist
CVE-2005-2202 (Cross-site scripting (XSS) vulnerability in the MicroServer Web Server ...)
	NOT-FOR-US: Xerox Hardware issue
CVE-2005-2201 (Unknown vulnerability in the MicroServer Web Server for Xerox ...)
	NOT-FOR-US: Xerox hardware
CVE-2005-2200 (Multiple unknown vulnerabilities in the MicroServer Web Server for ...)
	NOT-FOR-US: Xerox hardware
CVE-2005-2199 (PHP remote file inclusion vulnerability in inc/functions.inc.php in ...)
	NOT-FOR-US: PPA web photo gallery
CVE-2005-2198 (PHP remote file inclusion vulnerability in lang.php in SPiD before ...)
	NOT-FOR-US: SPiD
CVE-2005-2197 (SQL injection vulnerability in sql.cls.php in Id Board 1.1.3 allows ...)
	NOT-FOR-US: Id Board
CVE-2005-2196 (The Apple AirPort card uses a default WEP key when not connected to a ...)
	NOT-FOR-US: Apple Airport
CVE-2005-2195 (Apple Darwin Streaming Server 5.5 and earlier allows remote attackers ...)
	NOT-FOR-US: Apple Darwin Streaming Server
CVE-2005-2194 (Unspecified vulnerability in the Apple Mac OS X kernel before 10.4.2 ...)
	NOT-FOR-US: Apple
CVE-2005-2193 (SQL injection vulnerability in the user profile edit module in ...)
	NOT-FOR-US: PunBB
CVE-2005-2192 (SimplePHPBlog 0.4.0 stores password hashes in config/password.txt with ...)
	NOT-FOR-US: SimplePHPBlog
CVE-2005-2191 (Multiple cross-site scripting (XSS) vulnerabilities in Comersus ...)
	NOT-FOR-US: Comersus
CVE-2005-2190 (Multiple SQL injection vulnerabilities in Comersus shopping cart allow ...)
	NOT-FOR-US: Comersus
CVE-2005-2189 (Lantronix SecureLinx console server running firmware 2.0 and 3.0 ...)
	NOT-FOR-US: Lantronix SecureLinx
CVE-2005-2188 (McAfee IntruShield Security Management System obtains the user ID from ...)
	NOT-FOR-US: McAfee IntruShield
CVE-2005-2187 (McAfee IntruShield Security Management System allows remote ...)
	NOT-FOR-US: McAfee IntruShield
CVE-2005-2186 (Multiple cross-site scripting (XSS) vulnerabilities in McAfee ...)
	NOT-FOR-US: McAfee IntruShield
CVE-2005-2185 (eRoom does not set an expiration for Cookies, which allows remote ...)
	NOT-FOR-US: eRoom
CVE-2005-2184 (eRoom 6.x does not properly restrict files that can be attached, which ...)
	NOT-FOR-US: eRoom
CVE-2005-2183 (class.xmail.php in PhpXmail 0.7 through 1.1 does not properly handle ...)
	NOT-FOR-US: PhpXmail
CVE-2005-2182 (Grandstream BudgeTone (BT) 100 Voice over IP (VoIP) phones do not ...)
	NOT-FOR-US: PhpXmail
CVE-2005-2181 (Cisco 7940/7960 Voice over IP (VoIP) phones do not properly check the ...)
	NOT-FOR-US: SIP phone hardware issue
CVE-2005-2180 (gen-index in GNATS 4.0, 4.1.0, and possibly earlier versions, when ...)
	- gnats 4.0 (bug #318481; high)
CVE-2005-2179 (PHP remote file inclusion vulnerability in BlogModel.php in Jaws 0.5.2 ...)
	NOT-FOR-US: Jaws
CVE-2005-2178 (probe.cgi allows remote attackers to execute arbitrary commands via ...)
	NOTE: How bizarre, they assign a CVE Id without knowing which product contains
	NOTE: the affected probe.cgi
CVE-2005-2177 (Net-SNMP 5.0.x before 5.0.10.2, 5.2.x before 5.2.1.2, and 5.1.3, when ...)
	{DSA-873-1}
	- net-snmp 5.2.1.2-1 (bug #318420; low)
	- ucd-snmp 4.2.5-5.1 (bug #337394; low)
	[sarge] - ucd-snmp <no-dsa> (Minor issue)
CVE-2005-2176 (Novell NetMail automatically processes HTML in an attachment without ...)
	NOT-FOR-US: Novell NetMail
CVE-2005-2175 (The web interface for Lotus Notes mail automatically processes HTML in ...)
	NOT-FOR-US: Notes
CVE-2005-2174 (Bugzilla 2.17.x, 2.18 before 2.18.2, 2.19.x, and 2.20 before 2.20rc1 ...)
	[woody] - bugzilla <not-affected> (Only Bugzilla >= 2.17 is affected)
	[sarge] - bugzilla <not-affected> (Only Bugzilla >= 2.17 is affected)
	- bugzilla 2.18.3-1 (low)
CVE-2005-2173 (The Flag::validate and Flag::modify functions in Bugzilla 2.17.1 to ...)
	[woody] - bugzilla <not-affected> (Only Bugzilla >= 2.17 is affected)
	[sarge] - bugzilla <not-affected> (Only Bugzilla >= 2.17 is affected)
	- bugzilla 2.18.3-1 (low)
CVE-2005-2172
	RESERVED
CVE-2005-2171
	RESERVED
CVE-2005-2170 (The LCF component (lcfd) in IBM Tivoli Management Framework Endpoint ...)
	NOT-FOR-US: Tivoli
CVE-2004-2212 (SQL injection vulnerability in forum.asp in AliveSites Forums 2.0 ...)
	NOT-FOR-US: AliveSites
CVE-2004-2211 (Cross-site scripting (XSS) vulnerability in AliveSites Forums 2.0 ...)
	NOT-FOR-US: AliveSites
CVE-2004-2210 (Multiple cross-site scripting (XSS) vulnerabilities in Express-Web ...)
	NOT-FOR-US: Express-Web
CVE-2004-2209 (SQL injection vulnerability in Ideal Science IdealBB 1.4.9 through ...)
	NOT-FOR-US: IdealBB
CVE-2004-2208 (CRLF injection vulnerability in Ideal Science IdealBB 1.4.9 through ...)
	NOT-FOR-US: IdealBB
CVE-2004-2207 (Cross-site scripting (XSS) vulnerability in Ideal Science IdealBB ...)
	NOT-FOR-US: IdealBB
CVE-2004-2206 (SQL injection vulnerability in NatterChat 1.12 allows remote attackers ...)
	NOT-FOR-US: NatterChat
CVE-2004-2205 (Unknown vulnerability in Veritas Cluster Server 1.0.1 through 4.0 ...)
	NOT-FOR-US: Veritas
CVE-2004-2204 (Macromedia ColdFusion MX 6.0 and 6.1 application server, when running ...)
	NOT-FOR-US: Cold Fusion
CVE-2004-2203 (Ansel 1.2 through 2.0 uses insecure default permissions, which allows ...)
	NOT-FOR-US: Ansel
CVE-2004-2202 (Multiple SQL injection vulnerabilities in DUware DUclassified 4.0 ...)
	NOT-FOR-US: DUclassified
CVE-2004-2201 (SQL injection vulnerability in DUware DUforum 3.0 through 3.1 allows ...)
	NOT-FOR-US: DUforum
CVE-2004-2200 (Cross-site scripting (XSS) vulnerability in DUware DUforum 3.0 through ...)
	NOT-FOR-US: DUforum
CVE-2004-2199 (Cross-site scripting (XSS) vulnerability in DUware DUclassified 4.0 ...)
	NOT-FOR-US: DUclassified
CVE-2004-2198 (account.asp in DUware DUclassmate 1.0 through 1.1 allows remote ...)
	NOT-FOR-US: DUclassmate
CVE-2004-2197 (kdocker.cpp in kdocker 0.1 through 0.8 does not properly check the ...)
	NOT-FOR-US: kdocker
CVE-2004-2196 (Zanfi CMS lite 1.1 allows remote attackers to obtain the full path of ...)
	NOT-FOR-US: Zanfi
CVE-2004-2195 (PHP remote file inclusion vulnerability in index.php in Zanfi CMS lite ...)
	NOT-FOR-US: Zanfi
CVE-2004-2194 (MailEnable Professional Edition before 1.53 and Enterprise Edition ...)
	NOT-FOR-US: MailEnable
CVE-2004-2193 (Cross-site scripting (XSS) vulnerability in trade.php for CJOverkill ...)
	NOT-FOR-US: CJOverkill
CVE-2004-2192 (SQL injection vulnerability in tttadmin/settings.php in Turbo Traffic ...)
	NOT-FOR-US: Turbo Traffic Trader
CVE-2004-2191 (Cross-site scripting (XSS) vulnerability in ttt-webmaster.php in Turbo ...)
	NOT-FOR-US: Turbo Traffic Trader
CVE-2004-2190 (Directory traversal vulnerability in Unzoo 4.4-2 has unknown impact ...)
	- unzoo 4.4-3 (bug #306164)
CVE-2004-2189 (SQL injection vulnerability in DMXReady Site Chassis Manager allows ...)
	NOT-FOR-US: DMXReady
CVE-2004-2188 (Cross-site scripting (XSS) vulnerability in DMXReady Site Chassis ...)
	NOT-FOR-US: DMXReady
CVE-2004-2187 (Unknown vulnerability in ImagePage for MediaWiki 1.3.5, related to ...)
	- mediawiki 1.4.9 (bug #276057)
CVE-2004-2186 (SQL injection vulnerability in MediaWiki 1.3.5 allows remote attackers ...)
	- mediawiki 1.4.9 (bug #276057)
CVE-2004-2185 (Multiple cross-site scripting (XSS) vulnerabilities in MediaWiki 1.3.5 ...)
	- mediawiki 1.4.9 (bug #276057)
CVE-2004-2184 (Directory traversal vulnerability in Digicraft Yak! server 2.0 through ...)
	NOT-FOR-US: Digicraft Yak!
CVE-2004-2183 (Unknown vulnerability in WeHelpBUS 0.1 allows remote attackers to ...)
	NOT-FOR-US: WeHelpBUS
CVE-2004-2182 (Session fixation vulnerability in Macromedia JRun 4.0 allows remote ...)
	NOT-FOR-US: Macromedia JRun
CVE-2004-2181 (Multiple SQL injection vulnerabilities in WowBB Forum 1.61 allow ...)
	NOT-FOR-US: WowBB Forum
CVE-2004-2180 (Multiple cross-site scripting (XSS) vulnerabilities in WowBB Forum ...)
	NOT-FOR-US: WowBB Forum
CVE-2004-2179 (asycpict.dll, as used in Microsoft products such as Front Page 97 and ...)
	NOT-FOR-US: Microsoft
CVE-2004-2178 (SQL injection vulnerability in DevoyBB Web Forum 1.0.0 allows remote ...)
	NOT-FOR-US: DevoyBB
CVE-2004-2177 (Cross-site scripting (XSS) vulnerability in DevoyBB Web Forum 1.0.0 ...)
	NOT-FOR-US: DevoyBB
CVE-2004-2176 (The Internet Connection Firewall (ICF) in Microsoft Windows XP SP2 is ...)
	NOT-FOR-US: Microsoft
CVE-2004-2175 (Multiple SQL injection vulnerabilities in ReviewPost PHP Pro allow ...)
	NOT-FOR-US: ReviewPost
CVE-2004-2174 (Cross-site scripting (XSS) vulnerability in Custva.asp in EarlyImpact ...)
	NOT-FOR-US: EarlyImpact
CVE-2004-2173 (SQL injection vulnerability in advSearch_h.asp in EarlyImpact ...)
	NOT-FOR-US: EarlyImpact
CVE-2004-2172 (EarlyImpact ProductCart uses a weak encryption scheme to encrypt ...)
	NOT-FOR-US: EarlyImpact
CVE-2004-2171 (Cross-site scripting (XSS) vulnerability in Cherokee before 0.4.8 ...)
	- cherokee 0.4.8
CVE-2004-2170 (Directory traversal vulnerability in sample_showcode.html in Caravan ...)
	NOT-FOR-US: Caravan
CVE-2004-2169 (Application Access Server (A-A-S) 1.0.37 and earlier allows remote ...)
	NOT-FOR-US: Application Access Server (A-A-S)
CVE-2004-2168 (BaSoMail 1.24 allows remote attackers to cause a denial of service ...)
	NOT-FOR-US: BaSoMail
CVE-2004-2167 (Multiple buffer overflows in LaTeX2rtf 1.9.15, and possibly other ...)
	- latex2rtf 1.9.16
CVE-2004-2166 (The print-from-email feature in the Canon ImageRUNNER (iR) 5000i and ...)
	NOT-FOR-US: Canon ImageRUNNER
CVE-2004-2165 (Lords of the Realm III 1.01 and earlier, when in the lobby stage, ...)
	NOT-FOR-US: Lords of the Realm
CVE-2004-2164 (shoprestoreorder.asp in VP-ASP 5.0 does not close the database ...)
	NOT-FOR-US: VP-ASP
CVE-2004-2163 (login_radius on OpenBSD 3.2, 3.5, and possibly other versions does not ...)
	NOT-FOR-US: OpenBSD
CVE-2004-2160 (Format string vulnerability in xml_elem.c for XMLStarlet Command Line ...)
	- xmlstarlet 1.0.0-1
CVE-2004-2159 (Multiple buffer overflows in XMLStarlet Command Line XML Toolkit 0.9.3 ...)
	- xmlstarlet 1.0.0-1
CVE-2004-2158 (SQL injection vulnerability in Serendipity 0.7-beta1 allows remote ...)
	- serendipity 1.0-1
CVE-2004-2157 (Cross-site scripting (XSS) vulnerability in Comment.php in Serendipity ...)
	- serendipity 1.0-1
CVE-2004-2156 (Multiple unknown vulnerabilities in Online Recruitment Agency 1.0 have ...)
	NOT-FOR-US: Online Recruitment Agency
CVE-2004-2155 (Online-bookmarks before 0.4.6 allows remote attackers to bypass its ...)
	NOT-FOR-US: Online-bookmarks
CVE-2005-2348
	RESERVED
CVE-2005-2169 (Directory traversal vulnerability in source.php in Quick &amp; Dirty ...)
	NOT-FOR-US: PHPSource Printer
CVE-2005-2168 (delete.php in Plague News System 0.6 and earlier allows remote ...)
	NOT-FOR-US: Plague
CVE-2005-2167 (Cross-site scripting (XSS) vulnerability in index.php in Plague News ...)
	NOT-FOR-US: Plague
CVE-2005-2166 (SQL injection vulnerability in index.php in Plague News System 0.6 and ...)
	NOT-FOR-US: Plague
CVE-2005-2165 (read.cgi in GlobalNoteScript allows remote attackers to execute ...)
	NOT-FOR-US: GlobalNoteScript
CVE-2005-2164 (SQL injection vulnerability in Covide Groupware-CRM allows remote ...)
	NOT-FOR-US: Covide
CVE-2005-2163 (Cross-site scripting (XSS) vulnerability in index.php in AutoIndex PHP ...)
	NOT-FOR-US: AutoIndex PHP Script
CVE-2005-2162 (PHP remote file inclusion vulnerability in form.inc.php3 in ...)
	NOT-FOR-US: MyGuestbook
CVE-2005-2161 (Cross-site scripting (XSS) vulnerability in phpBB 2.0.16 allows remote ...)
	{DSA-768-1}
	- phpbb2 2.0.13+1-6sarge1 (bug #317739; high)
CVE-2005-2160 (IMail stores usernames and passwords in cleartext in a cookie, which ...)
	NOT-FOR-US: IMail
CVE-2005-2159 (mshftp.dll in PlanetDNS PlanetFileServer 2.0.1.3 allows remote ...)
	NOT-FOR-US: PlanetDNS
CVE-2005-2158 (A regression error in the embedded HSQLDB in JBoss jBPM 2.0 allows ...)
	NOT-FOR-US: JBoss
CVE-2005-2157 (PHP remote file inclusion vulnerability in survey.inc.php for nabopoll ...)
	NOT-FOR-US: nabopoll
CVE-2005-2156 (SQL injection vulnerability in news.php in PHPNews 1.2.5 allows remote ...)
	NOT-FOR-US: PHPNews
CVE-2005-2155 (PHP remote file inclusion vulnerability in EasyPHPCalendar 6.1.5 and ...)
	NOT-FOR-US: EasyPHPCalender
CVE-2005-2154 (PHP local file inclusion vulnerability in (1) view.php and (2) ...)
	NOT-FOR-US: osTicket
CVE-2005-2153 (SQL injection vulnerability in class.ticket.php in osTicket 1.3.1 beta ...)
	NOT-FOR-US: osTicket
CVE-2005-2152 (SQL injection vulnerability in Geeklog before 1.3.11 allows remote ...)
	NOT-FOR-US: Geeklog
CVE-2005-2151 (spf.c in Courier Mail Server does not properly handle DNS failures ...)
	{DSA-784-1}
	- courier 0.47-6 (bug #320290; low)
CVE-2005-2150 (Windows NT 4.0 and Windows 2000 before URP1 for Windows 2000 SP4 does ...)
	NOT-FOR-US: Microsoft
CVE-2005-2149 (config.php in Cacti 0.8.6e and earlier allows remote attackers to set ...)
	{DSA-764-1}
	- cacti 0.8.6f-1 (bug #316590; high)
CVE-2005-2148 (Cacti 0.8.6e and earlier does not perform proper input validation to ...)
	{DSA-764-1}
	- cacti 0.8.6f-1 (bug #316590; high)
CVE-2005-2147 (Trac before 0.8.4 allows remote attackers to read or upload arbitrary ...)
	{DSA-739-1}
	- trac 0.8.4-1
	[sarge] - trac 0.8.1-3sarge1
CVE-2005-2146 (SSH Tectia Server 4.3.1 and earlier, and SSH Secure Shell for Windows ...)
	NOT-FOR-US: SSH Tectia Server
CVE-2005-2145 (The kernel driver in Prevx Pro 2005 1.0 does not verify the source of ...)
	NOT-FOR-US: Prevx Pro
CVE-2005-2144 (Prevx Pro 2005 1.0 allows local users to bypass file protection and ...)
	NOT-FOR-US: Prevx Pro
CVE-2005-2143 (Microsoft Front Page allows attackers to cause a denial of service ...)
	NOT-FOR-US: Microsoft
CVE-2005-2142 (Directory traversal vulnerability in Golden FTP Server 2.60 allows ...)
	NOT-FOR-US: Golden FTP Server
CVE-2005-2141 (TCP Chat 1.0 allows remote attackers to cause a denial of service ...)
	NOT-FOR-US: TCP Chat
CVE-2005-2140 (Directory traversal vulnerability in default.asp for FSboard 2.0 ...)
	NOT-FOR-US: FSboard
CVE-2005-2139 (PHP remote file inclusion vulnerability in user_check.php for Pavsta ...)
	NOT-FOR-US: Pavsta
CVE-2005-2138 (Cross-site scripting (XSS) vulnerability in index.php in Comdev ...)
	NOT-FOR-US: Comdev eCommerce
CVE-2005-2137 (Unknown vulnerability in NateOn Messenger 3.0 allows remote attackers ...)
	NOT-FOR-US: NateOn Messenger
CVE-2005-2136 (Raritan Dominion SX (DSX) Console Servers DSX16, DSX32, DSX4, DSX8, ...)
	NOT-FOR-US: Raritan Dominion SX
CVE-2005-2135 (SQL injection vulnerability in verify.asp in EtoShop Dynamic Biz ...)
	NOT-FOR-US: EtoShop
CVE-2005-2134 (The (1) clcs and (2) emuxki drivers in NetBSD 1.6 through 2.0.2 allow ...)
	NOT-FOR-US: NetBSD
CVE-2005-2133 (DO NOT USE THIS CANDIDATE NUMBER.  ConsultIDs: CVE-2005-1915.  Reason: ...)
	NOT-FOR-US: log4sh
CVE-2005-2132 (RPC portmapper (rpcbind) in SCO UnixWare 7.1.1 m5, 7.1.3 mp5, and ...)
	NOT-FOR-US: SCO UnixWare
CVE-2005-2131
	RESERVED
CVE-2005-2130
	RESERVED
CVE-2005-2129
	RESERVED
CVE-2005-2128 (QUARTZ.DLL in Microsoft Windows Media Player 9 allows remote attackers ...)
	NOT-FOR-US: Windows
CVE-2005-2127 (Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers ...)
	NOT-FOR-US: Windows
CVE-2005-2126 (The FTP client in Windows XP SP1 and Server 2003, and Internet ...)
	NOT-FOR-US: Windows
CVE-2005-2125
	RESERVED
CVE-2005-2124 (Unspecified vulnerability in the Graphics Rendering Engine (GDI32.DLL) ...)
	NOT-FOR-US: Windows
CVE-2005-2123 (Multiple integer overflows in the Graphics Rendering Engine ...)
	NOT-FOR-US: Windows
CVE-2005-2122 (Windows Shell for Microsoft Windows 2000 SP4, XP SP1 and SP2, and ...)
	NOT-FOR-US: Windows
CVE-2005-2121
	RESERVED
CVE-2005-2120 (Stack-based buffer overflow in the Plug and Play (PnP) service ...)
	NOT-FOR-US: Windows
CVE-2005-2119 (The MIDL_user_allocate function in the Microsoft Distributed ...)
	NOT-FOR-US: Microsoft
CVE-2005-2118 (Windows Shell for Microsoft Windows 2000 SP4, XP SP1 and SP2, and ...)
	NOT-FOR-US: Windows
CVE-2005-2117 (Web View in Windows Explorer on Microsoft Windows 2000 SP4, XP SP1 and ...)
	NOT-FOR-US: Windows
CVE-2004-2154 (CUPS before 1.1.21rc1 treats a Location directive in cupsd.conf as ...)
	- cups 1.1.20final+rc1-1 (low)
	- cupsys 1.1.20final+rc1-1 (low)
CVE-2005-2116
	REJECTED
CVE-2005-2115 (Soldier of Fortune II 1.02x and 1.03 allows remote attackers to cause ...)
	NOT-FOR-US: Soldier of Fortune
CVE-2005-2114 (Mozilla 1.7.8, Firefox 1.0.4, Camino 0.8.4, Netscape 8.0.2, and ...)
	NOTE: cannot reproduce with firefox 1.0.5-1 and Sarge's Mozilla using POC exploits
	[sarge] - mozilla <not-affected> (Unreproducible)
	- mozilla 2:1.7.10-1 (bug #318723; medium)
CVE-2005-2113 (SQL injection vulnerability in the loginUser function in the XMLRPC ...)
	NOT-FOR-US: Xoops
CVE-2005-2112 (Multiple cross-site scripting (XSS) vulnerabilities in XOOPS 2.0.11 ...)
	NOT-FOR-US: Xoops
CVE-2005-2111 (login.cgi in Community Link Pro Web Editor allows remote attackers to ...)
	NOT-FOR-US: Community Link Pro Web Editor
CVE-2005-2110 (WordPress 1.5.1.2 and earlier allows remote attackers to obtain ...)
	- wordpress 1.5.1.3-1 (bug #316402)
CVE-2005-2109 (wp-login.php in WordPress 1.5.1.2 and earlier allows remote attackers ...)
	- wordpress 1.5.1.3-1 (bug #316402)
CVE-2005-2108 (SQL injection vulnerability in XMLRPC server in WordPress 1.5.1.2 and ...)
	- wordpress 1.5.1.3-1 (bug #316402)
CVE-2005-2107 (Multiple cross-site scripting (XSS) vulnerabilities in post.php in ...)
	- wordpress 1.5.1.3-1 (bug #316402)
CVE-2005-2106 (Unknown vulnerability in Drupal 4.5.0 through 4.5.3, 4.6.0, and 4.6.1 ...)
	{DSA-745-1}
	- drupal 4.5.4-1 (bug #316362)
CVE-2005-2105 (Cisco IOS 12.2T through 12.4 allows remote attackers to bypass ...)
	NOT-FOR-US: IOS
CVE-2005-2104 (sysreport before 1.3.7 allows local users to obtain sensitive ...)
	NOT-FOR-US: sysreport
CVE-2005-2103 (Buffer overflow in the AIM and ICQ module in Gaim before 1.5.0 allows ...)
	{DTSA-5-1}
	- gaim 1:1.4.0-5 (high; bug #323706)
CVE-2005-2102 (The AIM/ICQ module in Gaim before 1.5.0 allows remote attackers to ...)
	{DTSA-5-1}
	- gaim 1:1.4.0-5 (medium; bug #323706)
CVE-2005-2101 (langen2kvtml in KDE 3.0 to 3.4.2 creates insecure temporary files in ...)
	{DSA-818-1}
	- kdeedu 4:3.4.2-1 (low)
CVE-2005-2100 (The rw_vm function in usercopy.c in the 4GB split patch for the Linux ...)
	- linux-2.6 <not-affected> (Red Hat specific according to Horms)
	- kernel-source-2.4.27 <not-affected> (Red Hat specific according to Horms)
CVE-2005-2099 (The Linux kernel before 2.6.12.5 does not properly destroy a keyring ...)
	{DTSA-16-1}
	NOTE: 2.6.8 and 2.4.27 not affected
	- linux-2.6 2.6.12-3 (bug #323039; medium)
CVE-2005-2098 (The KEYCTL_JOIN_SESSION_KEYRING operation in the Linux kernel before ...)
	{DTSA-16-1}
	NOTE: 2.6.8 and 2.4.27 not affected
	- linux-2.6 2.6.12-3 (bug #323039; medium)
CVE-2005-2097 (xpdf and kpdf do not properly validate the &quot;loca&quot; table in PDF files, ...)
	{DSA-1136-1 DSA-984-1 DSA-982-1 DSA-936-1 DSA-780-1 DTSA-28-1}
	- kdegraphics 4:3.4.2-1 (bug #322458; low)
	- xpdf 3.00-15 (bug #322462; low)
	[woody] - tetex-bin <not-affected> (pdftex doesn't include or use the vulnerable code)
	- tetex-bin 3.0-12
	NOTE: tetex links to poppler since 3.0-12
	[sarge] - tetex-bin <not-affected> (tetex2 uses an older version, which is not affected)
	- gpdf 2.10.0-4 (bug #334454; low)
	NOTE: Cups switched to xpdf-utils
	- cupsys 1.1.22-7 (bug #324464)
	- cups 1.1.22-7 (bug #324464)
	[woody] - cupsys <not-affected> (Vulnerable code not present)
	- poppler 0.4.0-1 (low)
	- libextractor 0.5.8-1 (medium)
CVE-2005-2096 (zlib 1.2 and later versions allows remote attackers to cause a denial ...)
	{DSA-1026-1 DSA-797-2 DSA-797-1 DSA-740-1}
	NOTE: Several packages ship embedded copies of zlib, there are a lot probably more
	NOTE: Florian Weimer is doing a comprehensive audit using clamav
	NOTE: to search for static zlib signatures in binaries in Debian
	NOTE: Not all of the listed packages have been checked for actual
	NOTE: exploitability using this hole.
	NOTE: oldstable (woody) had zlib 1.1, which is not affected
	[woody] - dpkg <not-affected> (Woody contains zlib 1.1, which is not affected)
	- dpkg 1.13.11 (bug #317967; unimportant)
	NOTE: You need to trust debs anyway, when installing them
	- zsync 0.4.0-2 (bug #317968; medium)
	[woody] - dump <not-affected> (Woody contains zlib 1.1, which is not affected)
	[sarge] - dump <no-dsa> (Backups do not contain untrusted data)
	- dump 0.4b40-1 (bug #317966; low)
	[woody] - aide <not-affected> (Woody contains zlib 1.1, which is not affected)
	- aide 0.10-6.1.1 (bug #317523; unimportant)
	NOTE: aide only uses zlib to compress/decompress internal data
	[woody] - amd64-libs <not-affected> (Woody contains zlib 1.1, which is not affected)
	- amd64-libs 1.3 (bug #317970; medium)
	[woody] - ia32-libs <not-affected> (Woody contains zlib 1.1, which is not affected)
	- ia32-libs 1.6 (bug #317971; medium)
	- dar <not-affected> (zlib not used on unstrusted input, see #317989)
	[woody] - bacula <not-affected> (Woody contains zlib 1.1, which is not affected)
	- bacula 1.36.3-2 (bug #318014; medium)
	[sarge] - bacula <no-dsa> (Backups do not contain untrusted data)
	[woody] - sash <not-affected> (Woody contains zlib 1.1, which is not affected)
	- sash 3.7-6 (bug #318246; bug #318069; medium)
	[woody] - libphysfs <not-affected> (Woody contains zlib 1.1, which is not affected)
	- libphysfs 1.0.0-5 (bug #318091; unimportant)
	- oops 1.5.23.cvs-3 (bug #318097; medium)
	[woody] - rpm <not-affected> (Woody contains zlib 1.1, which is not affected)
	- rpm 4.0.4-31.1 (bug #318099; unimportant)
	NOTE: You need to trust rpms anyway, when installing them
	- rageircd 2.0.0-3sid1 (bug #309196; medium)
	- systemimager-ssh <not-affected> (bug #318101; unimportant)
	NOTE: see dannf's first bug comment; systemimager-ssh doesn't use compression
	[woody] - texmacs <not-affected> (Woody contains zlib 1.1, which is not affected)
	- texmacs 1:1.0.5-3 (bug #318100; medium)
	[sarge] - texmacs <no-dsa> (Hardly exploitable)
	- zlib 1:1.2.2-7 (bug #317133; medium)
	- pvpgn 1.7.8-2 (bug #332236; unknown)
	- mysql-dfsg-4.1 4.1.13-1 (bug #319858; unimportant)
	- mrtg <not-affected> (Only used for internal compression, current versions link dynamically)
	- rsync <not-affected> (Uses zlib 1.1, which is not affected)
	NOTE: rsync upstream updated the internal zlib copy in 2.6.6 without real need,
	NOTE: as the included version was never affected, despite claiming them so.
CVE-2005-2095 (options_identities.php in SquirrelMail 1.4.4 and earlier uses the ...)
	{DSA-756-1}
	- squirrelmail 2:1.4.4-6sarge1 (bug #317094)
CVE-2005-2094 (Sun SunONE web server 6.1 SP1 allows remote attackers to poison the ...)
	NOT-FOR-US: Sun
CVE-2005-2093 (Oracle 9i Application Server (Oracle9iAS) 9.0.2 allows remote ...)
	NOT-FOR-US: Oracle
CVE-2005-2092 (BEA Systems WebLogic 8.1 SP1 allows remote attackers to poison the web ...)
	NOT-FOR-US: BEA WebLogic
CVE-2005-2091 (IBM WebSphere 5.1 and WebSphere 5.0 allows remote attackers to poison ...)
	NOT-FOR-US: Websphere
CVE-2005-2090 (Jakarta Tomcat 5.0.19 (Coyote/1.1) and Tomcat 4.1.24 (Coyote/1.0) ...)
	- tomcat4 4.1.28-1
	NOTE: tomcat5 in experimental has this fix as well
CVE-2005-2089 (Microsoft IIS 5.0 and 6.0 allows remote attackers to poison the web ...)
	NOT-FOR-US: Microsoft
CVE-2005-2088 (The Apache HTTP server before 1.3.34, and 2.0.x before 2.0.55, when ...)
	{DSA-805-1 DSA-803-1}
	- apache 1.3.33-8 (bug #322607; medium)
	- apache2 2.0.54-5 (bug #316173; medium)
CVE-2005-2087 (Internet Explorer 5.01 SP4 up to 6 on various Windows operating ...)
	NOT-FOR-US: Microsoft
CVE-2005-2086 (PHP remote file inclusion vulnerability in viewtopic.php in phpBB ...)
	- phpbb2 <not-affected> (phpbb versions in Debian not affected)
CVE-2005-2085 (Buffer overflow in Inframail Advantage Server Edition 6.0 through 6.7 ...)
	NOT-FOR-US: Inframail
CVE-2005-2084 (Cross-site scripting (XSS) vulnerability in SearchResults.aspx in ...)
	NOT-FOR-US: Community Forum
CVE-2005-2083 (Format string vulnerability in IMAP4 in IA eMailServer Corporate ...)
	NOT-FOR-US: IA eMailServer
CVE-2005-2082 (im_trbbs.cgi in imTRSET 1.02 and earlier allows remote attackers to ...)
	NOT-FOR-US: imTRSET
CVE-2005-2081 (Stack-based buffer overflow in the function that parses commands in ...)
	- asterisk 1:1.0.9.dfsg-1 (bug #315532; unimportant)
	NOTE: Can only be exploited by users who already have the privilege to execute arbitrary commands
CVE-2005-2080 (Unknown vulnerability in Remote Agent for Windows Servers (RAWS) in ...)
	NOT-FOR-US: Veritas Backup
CVE-2005-2079 (Heap-based buffer overflow in the Admin Plus Pack Option for VERITAS ...)
	NOT-FOR-US: Veritas Backup
CVE-2005-1932 (Lpanel 1.59 and earlier, and other versions before 1.597, allows ...)
	NOT-FOR-US: Lpanel
CVE-2005-1931 (GoodTech SMTP Server 5.14 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: GoodTech SMTP Server
CVE-2004-2153 (Multiple unknown vulnerabilities in Real Estate Management Software ...)
	NOT-FOR-US: Real Estate Management Software
CVE-2004-2152 (Cross-site scripting (XSS) vulnerability in 'raw' page output mode for ...)
	- mediawiki 1.4.9 (bug #276057)
CVE-2004-2151 (Chatman 1.1.1 RC1 and earlier allows remote attackers to cause a ...)
	NOT-FOR-US: Chatman
CVE-2004-2150 (Nettica Corporation INTELLIPEER Email Server 1.01 displays different ...)
	NOT-FOR-US: INTELLIPEER Email Server
CVE-2004-2149 (Buffer overflow in the prepared statements API in libmysqlclient for ...)
	- mysql-dfsg-4.1 4.1.5-1
CVE-2004-2148 (Unknown local vulnerability in the &quot;change user&quot; feature of Slava ...)
	- fprobe-ng 1.1-1
	- fprobe 1.1-4
	NOTE: fprobe was fixed in upstrem release 1.0.6 and since 1.1-4 fprobe-ng package
	NOTE: replaced fprobe therefore marking as fixed in 1.1-4
CVE-2004-2147 (Unknown versions of Symantec Norton AntiVirus and Microsoft Outlook ...)
	NOT-FOR-US: Symantec Antivirus
CVE-2004-2146 (CRLF injection vulnerability in PD9 Software MegaBBS 2 and 2.1 allows ...)
	NOT-FOR-US: MegaBBS
CVE-2004-2145 (SQL injection vulnerability in PD9 Software MegaBBS 2 and 2.1 allows ...)
	NOT-FOR-US: MegaBBS
CVE-2004-2144 (Baal Smart Forms before 3.2 allows remote attackers to bypass ...)
	NOT-FOR-US: Baal Smart Forms
CVE-2004-2143 (SQL injection vulnerability in the ReMOSitory Server add-on module to ...)
	NOT-FOR-US: Mambo Portal
CVE-2004-2142 (Unknown vulnerability in the remote tape support (remote.c) in the RMT ...)
	- sdd 1.52-1
CVE-2004-2141
	REJECTED
CVE-2004-2140 (CRLF injection vulnerability in YaBB 1 Gold before 1.3.2 allows remote ...)
	NOT-FOR-US: YaBB
CVE-2004-2139 (Unknown vulnerability in Adminedit.pl YaBB 1 Gold before 1.3.2 allows ...)
	NOT-FOR-US: YaBB
CVE-2004-2138 (Cross-site scripting (XSS) vulnerability in AWSguest.php in ...)
	NOT-FOR-US: MySQLGuest
CVE-2005-2078 (BisonFTP Server V4R1 allows remote authenticated users to cause a ...)
	NOT-FOR-US: BisonFTP Server
CVE-2005-2077 (Cross-site scripting (XSS) vulnerability in error.asp for Hosting ...)
	NOT-FOR-US: Hosting Controller
CVE-2005-2076 (HP Version Control Repository Manager (VCRM) before 2.1.1.730 does not ...)
	NOT-FOR-US: HP Version Control Repository Manager
CVE-2005-2075 (PHP-Fusion 5.0 and 6.0 stores the database file with a predictable ...)
	NOT-FOR-US: PHP-Fusion
CVE-2005-2074 (Cross-site scripting (XSS) vulnerability in PHP-Fusion 6.0.105 allows ...)
	NOT-FOR-US: PHP-Fusion
CVE-2005-2073 (Unknown vulnerability in IBM DB2 8.1.4 through 8.1.9 and 8.2.0 through ...)
	NOT-FOR-US: DB2
CVE-2005-2072 (The runtime linker (ld.so) in Solaris 8, 9, and 10 trusts the LD_AUDIT ...)
	NOT-FOR-US: Solaris
CVE-2005-2071 (traceroute in Sun Solaris 10 on x86 systems allows local users to ...)
	NOT-FOR-US: Solaris
CVE-2005-2070 (The ClamAV Mail fILTER (clamav-milter) 0.84 through 0.85d, when used ...)
	{DSA-737-1 DTSA-3-1}
	- clamav 0.86.1 (bug #318755; medium)
CVE-2005-2069 (pam_ldap and nss_ldap, when used with OpenLDAP and connecting to a ...)
	{DSA-785-1}
	- openldap2.2 2.2.26-3 (bug #316674; medium)
	- openldap2 2.1.30-11 (medium)
	- libpam-ldap 178-1sarge1 (bug #316972; medium)
	- libnss-ldap 238-1.1 (bug #316973; medium)
CVE-2005-2068 (FreeBSD 4.x through 4.11 and 5.x through 5.4 allows remote attackers ...)
	- kfreebsd-source <unfixed>
CVE-2005-2067 (SQL injection vulnerability in article.asp in unknown versions of ...)
	NOT-FOR-US: ASP Nuke
CVE-2005-2066 (SQL injection vulnerability in comment_post.asp in ASP Nuke 0.80 ...)
	NOT-FOR-US: ASP Nuke
CVE-2005-2065 (HTTP response splitting vulnerability in language_select.asp in ASP ...)
	NOT-FOR-US: ASP Nuke
CVE-2005-2064 (Multiple cross-site scripting vulnerabilities in ASP Nuke 0.80 allow ...)
	NOT-FOR-US: ASP Nuke
CVE-2005-2063 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
	NOT-FOR-US: ActiveBuyAndSell
CVE-2005-2062 (Multiple SQL injection vulnerabilities in ActiveBuyAndSell 6.2 allow ...)
	NOT-FOR-US: ActiveBuyAndSell
CVE-2005-2061 (Infopop UBB.Threads before 6.5.2 Beta allows remote attackers to include ...)
	NOT-FOR-US: Infopop UBB.Threads
CVE-2005-2060 (Multiple HTTP Response Splitting vulnerabilities in (1) ...)
	NOT-FOR-US: Infopop UBB.Threads
CVE-2005-2059 (Multiple cross-site request forgery (CSRF) vulnerabilities in (1) ...)
	NOT-FOR-US: Infopop UBB.Threads
CVE-2005-2058 (Multiple SQL injection vulnerabilities in Infopop UBB.Threads before ...)
	NOT-FOR-US: Infopop UBB.Threads
CVE-2005-2057 (Multiple cross-site scripting (XSS) vulnerabilities in Infopop ...)
	NOT-FOR-US: Infopop UBB.Threads
CVE-2005-2056 (The Quantum archive decompressor in Clam AntiVirus (ClamAV) before ...)
	{DSA-737-1 DTSA-3-1}
	- clamav 0.86.1-1 (bug #318756; medium)
CVE-2005-2055 (RealPlayer 8, 10, 10.5 (6.0.12.1040-1069), and Enterprise and RealOne ...)
	NOT-FOR-US: Affected only Real Player, not Helix Player
	NOTE: http://service.real.com/help/faq/security/050623_player/EN/
CVE-2005-2054 (Unknown vulnerability in RealPlayer 10 and 10.5 (6.0.12.1040-1069) and ...)
	NOT-FOR-US: Real Player
	NOTE: This didn't affected Helix, although the changelog claimed so, see
	NOTE: http://service.real.com/help/faq/security/050623_player/EN/
CVE-2002-1986 (Perception LiteServe 2.0 through 2.0.1 allows remote attackers to ...)
	NOT-FOR-US: Perception LiteServe
CVE-2002-1985 (iSMTP 5.0.1 allows remote attackers to cause a denial of service via a ...)
	NOT-FOR-US: iSMTP
CVE-2002-1984 (Microsoft Internet Explorer 5.0.1 through 6.0 on Windows 2000 or ...)
	NOT-FOR-US: Microsoft
CVE-2002-1983 (The timer implementation in QNX RTOS 6.1.0 allows local users to cause ...)
	NOT-FOR-US: QNX
CVE-2002-1982 (Directory traversal vulnerability in the list_directory function in ...)
	NOTE: verified current version is not vulnerable to exploit
CVE-2002-1981 (Microsoft SQL Server 2000 through SQL Server 2000 SP2 allows the ...)
	NOT-FOR-US: Microsoft
CVE-2002-1980 (Buffer overflow in Volume Manager daemon (vold) of Sun Solaris 2.5.1 ...)
	NOT-FOR-US: Solaris
CVE-2002-1979 (WatchGuard SOHO products running firmware 5.1.6 and earlier, and ...)
	NOT-FOR-US: Watchguard SOHO
CVE-2002-1978 (IPFilter 3.1.1 through 3.4.28 allows remote attckers to bypass ...)
	NOT-FOR-US: IPFilter
CVE-2002-1977 (Network Associates PGP 7.0.4 and 7.1 does not time out according to ...)
	NOT-FOR-US: Proprietary PGP
CVE-2002-1976 (ifconfig, when used on the Linux kernel 2.2 and later, does not report ...)
	- net-tools <unfixed> (unimportant)
	NOTE: This seems to be a misunderstanding of what the PROMISC flag
	NOTE: is about.  ifconfig reports properly when it is set using
	NOTE: "ifconfig promisc".
CVE-2002-1975 (Sharp Zaurus PDA SL-5000D and SL-5500 uses a salt of &quot;A0&quot; to encrypt ...)
	NOT-FOR-US: Zaurus hardware
CVE-2002-1974 (The FTP service in Zaurus PDAs SL-5000D and SL-5500 does not require ...)
	NOT-FOR-US: Zaurus hardware
CVE-2002-1973 (Buffer overflow in CHttpServer::OnParseError in the ISAPI extension ...)
	NOT-FOR-US: Microsoft
CVE-2002-1972 (Unknown vulnerability in Parallel port powerSwitch (aka ...)
	NOT-FOR-US: pp_powerSwitch
CVE-2002-1971 (The ping utility in networking_utils.php in Sourcecraft ...)
	NOT-FOR-US: Sourcecraft Networking Utils
CVE-2002-1970 (SnortCenter 0.9.5, when configured to push Snort rules, stores the ...)
	NOT-FOR-US: SnortCenter
CVE-2002-1969 (Magic Notebook 1.0b and 1.1b allows remote attackers to cause a denial ...)
	NOT-FOR-US: Magic Notebook
CVE-2002-1968 (Com21 DOXport 1100 series cable modem running firmware 2.1.1.106, and ...)
	NOT-FOR-US: Com21 hardware
CVE-2002-1967 (Buffer overflow in XiRCON 1.0 Beta 4 allows remote attackers to cause ...)
	NOT-FOR-US: XiRCON
CVE-2002-1966 (Directory traversal vulnerability in magiccard.cgi in My Postcards ...)
	NOT-FOR-US: My Postcards Platinum
CVE-2002-1965 (Cross-site scripting (XSS) vulnerability in Errors.gsl in Imatix ...)
	NOT-FOR-US: Imatix Xitami
CVE-2002-1964 (Unknown vulnerability in WesMo phpEventCalendar 1.1 allows remote ...)
	NOT-FOR-US: phpEventCalender
CVE-2002-1963 (Linux kernel 2.4.1 through 2.4.19 sets root's NR_RESERVED_FILES limit ...)
	NOTE: No kernels in Sarge or sid affected
CVE-2002-1962 (Finjan Software SurfinGate 6.0 and 6.0 1 allows remote attackers to ...)
	NOT-FOR-US: SurfinGate
CVE-2002-1961 (Finjan Software SurfinGate 6.0 and 6.0 1 allows remote attackers to ...)
	NOT-FOR-US: SurfinGate
CVE-2002-1960 (Cross-site scripting (XSS) vulnerability in Cybozu Share360 1.1 allows ...)
	NOT-FOR-US: Cybozu Share
CVE-2002-1959 (Nagios 1.0b1 through 1.0b3 allows remote attackers to execute ...)
	NOTE: Nagios was packaged for Debian after these vulnerable versions have been released
CVE-2002-1958 (Cross-site scripting (XSS) vulnerability in kmMail 1.0, 1.0a, and 1.0b ...)
	NOT-FOR-US: kmMail
CVE-2002-1957 (Buffer overflow in the netlog function in pen.c for Pen 0.9.1 and ...)
	- pen <not-affected> (pen was introduced after this old vulnerability)
CVE-2002-1956 (ROX Filer 1.1.9 and 1.2 is installed with world writable permissions, ...)
	- rox 1.3.0-1
CVE-2002-1955 (Iomega NAS A300U uses cleartext LANMAN authentication when mounting ...)
	NOT-FOR-US: Iomega hardware issue
CVE-2002-1954 (Cross-site scripting (XSS) vulnerability in the phpinfo function in ...)
	NOTE: According to http://bugs.php.net/bug.php?id=19881 this only affects a
	NOTE: php function that displays the PHP logo and version information. In the bug
	NOTE: log the developers seem unwilling to fix this, as it only affects a debug
	NOTE: function.
	NOTE: can not reproduce in any versions of php4 in the archive.
	- php4 <not-affected> (bug #349260; low)
	- php5 5.1.1-1 (bug #336654; low)
CVE-2002-1953 (Heap-based buffer overflow in the goim handler of AOL Instant ...)
	NOT-FOR-US: AIM
CVE-2002-1952 (phpRank 1.8 does not properly check the return codes for MySQL ...)
	NOT-FOR-US: phpRank
CVE-2002-1951 (Buffer overflow in GoAhead WebServer 2.1 allows remote attackers to ...)
	NOT-FOR-US: GoAhead WebServer
CVE-2002-1950 (Cross-site scripting (XSS) vulnerability in phpRank 1.8 allows remote ...)
	NOT-FOR-US: phpRank
CVE-2002-1949 (The Network Attached Storage (NAS) Administration Web Page for Iomega ...)
	NOT-FOR-US: Iomega NAS
CVE-2002-1948 (Multiple buffer overflows in Gringotts 0.5.9 allows local users to ...)
	- gringotts <not-affected> (fixed before Gringotts was in Debian)
CVE-2002-1947 (Webmin 0.21 through 1.0 uses the same built-in SSL key for all ...)
	- webmin 1.000-2
CVE-2002-1946 (Videsh Sanchar Nigam Limited (VSNL) Integrated Dialer Software ...)
	NOT-FOR-US: VNSL
CVE-2002-1945 (Buffer overflow in SmartMail Server 1.0 Beta 10 allows remote ...)
	NOT-FOR-US: SmailMail
CVE-2002-1944 (Motorola Surfboard 4200 cable modem allows remote attackers to cause a ...)
	NOT-FOR-US: Motorola Surfboard
CVE-2002-1943 (SafeTP 1.46, when network address translation (NAT) is being used, ...)
	NOT-FOR-US: SafeTP
CVE-2002-1942 (Imatix Xitami 2.5 b5 does not properly terminate certain Keep-Alive ...)
	NOT-FOR-US: Imatix
CVE-2002-1941 (Buffer overflow in RadioBird WebServer 4 Everyone 1.28 allows remote ...)
	NOT-FOR-US: RadioBird
CVE-2002-1940 (LCC-Win32 3.2 compiler, when running on Windows 95, 98, or ME, writes ...)
	NOT-FOR-US: LCC-Win32
CVE-2002-1939 (FlashFXP 1.4 prints FTP passwords in plaintext when there are ...)
	NOT-FOR-US: FlashFXP
CVE-2002-1938 (Virgil CGI Scanner 0.9 allows remote attackers to execute arbitrary ...)
	NOT-FOR-US: Virgil CGI Scanner
CVE-2002-1937 (Symantec Firewall/VPN Appliance 100 through 200R hardcodes the ...)
	NOT-FOR-US: Symantex Appliance
CVE-2002-1936 (UTStarcom BAS 1000 3.1.10 creates several default or back door ...)
	NOT-FOR-US: UTStarcom
CVE-2002-1935 (Pingtel Xpressa 1.2.5 through 2.0.1 uses predictable (1) Call-ID, (2) ...)
	NOT-FOR-US: Pingtel Xpressa
CVE-2002-1934 (Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 2.0.1 ...)
	NOT-FOR-US: Pingtel Xpressa
CVE-2002-1933 (The terminal services screensaver for Microsoft Windows 2000 does not ...)
	NOT-FOR-US: Microsoft
CVE-2002-1932 (Microsoft Windows XP and Windows 2000, when configured to send ...)
	NOT-FOR-US: Microsoft
CVE-2002-1931 (Cross-site scripting (XSS) vulnerability in PHP Arena paFileDB 1.1.3 ...)
	NOT-FOR-US: PHP Arena
CVE-2002-1930 (Buffer overflow in AN HTTPd 1.38 through 1.4.1c allows remote ...)
	NOT-FOR-US: AN HTTPd
CVE-2002-1929 (Cross-site scripting (XSS) vulnerability in pafiledb.php in PHP Arena ...)
	NOT-FOR-US: PHP Arena
CVE-2002-1928 (602Pro LAN SUITE 2002 allows remote attackers to view the directory ...)
	NOT-FOR-US: 602Pro LAN SUITE
CVE-2002-1927 (Aquonics File Manager 1.5 allows users with edit privileges to modify ...)
	NOT-FOR-US: Aquonics File Manager
CVE-2002-1926 (Directory traversal vulnerability in source.php in Aquonics File ...)
	NOT-FOR-US: Aquonics File Manager
CVE-2002-1925 (Tiny Personal Firewall 3.0 through 3.0.6 allows remote attackers to ...)
	NOT-FOR-US: Tiny Personal Firewall
CVE-2002-1924 (PowerChute plus 5.0.2 creates a &quot;Pwrchute&quot; directory during ...)
	NOT-FOR-US: Powerchute
CVE-2002-1923 (The default configuration in MySQL 3.20.32 through 3.23.52, when ...)
	- mysql <not-affected> (Windows specific)
CVE-2002-1922 (Cross-site scripting (XSS) vulnerability in global.php in Jelsoft ...)
	NOT-FOR-US: vBulletin
CVE-2002-1921 (The default configuration of MySQL 3.20.32 through 3.23.52, when ...)
	- mysql <not-affected> (Windows specific)
CVE-2002-1920 (Buffer overflow in FtpXQ 2.5 allows remote attackers to cause a denial ...)
	NOT-FOR-US: FtpXQ
CVE-2002-1919 (SQL injection vulnerability in shopadmin.asp in VP-ASP 4.0 allows ...)
	NOT-FOR-US: VS-ASP
CVE-2002-1918 (Buffer overflow in Microsoft Active Data Objects (ADO) in Microsoft ...)
	NOT-FOR-US: Microsoft ADO
CVE-2002-1917 (CRLF injection vulnerability in the &quot;User Profile: Send Email&quot; feature ...)
	NOT-FOR-US: Geeklog
CVE-2002-1916 (Pirch and RusPirch, when auto-log is enabled, allows remote attackers ...)
	NOT-FOR-US: Pirch
CVE-2002-1915 (tip on multiple BSD-based operating systems allows local users to ...)
	NOT-FOR-US: tip
CVE-2002-1914 (dump 0.4 b10 through b29 allows local users to cause a denial of ...)
	- dump 0.4b31-1
CVE-2002-1913 (phptonuke.php in myPHPNuke 1.8.8 allows remote attackers to read ...)
	NOT-FOR-US: myPHPNuke
CVE-2002-1912 (SkyStream EMR5000 1.16 through 1.18 does not drop packets or disable ...)
	NOT-FOR-US: SkyStream
CVE-2002-1911 (ZoneAlarm Pro 3.0 and 3.1, when configured to block all traffic, ...)
	NOT-FOR-US: ZoneAlarm
CVE-2002-1910 (Click2Learn Ingenium Learning Management System 5.1 and 6.1 uses weak ...)
	NOT-FOR-US: Ingenium Learning Management System
CVE-2002-1909 (Click2Learn Ingenium Learning Management System 5.1 and 6.1 stores the ...)
	NOT-FOR-US: Ingenium Learning Management System
CVE-2002-1908 (Microsoft IIS 5.0 and 5.1 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Microsoft IIS
CVE-2002-1907 (TelCondex SimpleWebServer 2.06.20817 allows remote attackers to cause ...)
	NOT-FOR-US: TelCondex
CVE-2002-1906 (The web server for Polycom ViaVideo 2.2 and 3.0 allows remote ...)
	NOT-FOR-US: ViaVideo
CVE-2002-1905 (Buffer overflow in the web server of Polycom ViaVideo 2.2 and 3.0 ...)
	NOT-FOR-US: ViaVideo
CVE-2002-1904 (Buffer overflow in the Log function in util.c in GazTek ghttpd 1.4 ...)
	NOT-FOR-US: ghttpd
CVE-2002-1903 (Pine 4.2.1 through 4.4.4 puts Unix usernames and/or uid into Sender: ...)
	- pine 4.62-1 (low)
	- alpine <not-affected> (alpine is based on pine 4.64, this bug was in a previous version of pine)
	NOTE: checked listed version, and it didn't have the problem
	NOTE: pine is non-free (alpine is free)
CVE-2002-1902 (CGIForum 1.0 through 1.05 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: CGIForum
CVE-2002-1901 (Cross-site scripting (XSS) vulnerability in Bodo Bauer BBGallery 1.0 ...)
	NOT-FOR-US: BBGallery
CVE-2002-1900 (Cross-site scripting (XSS) vulnerability in Pinboard 1.0 allows remote ...)
	NOT-FOR-US: Pinboard
CVE-2002-1899 (Cross-site scripting (XSS) vulnerability in IceWarp Web Mail 3.3.3 and ...)
	NOT-FOR-US: IceWarp Web Mail
CVE-2002-1898 (Terminal 1.3 in Apple Mac OS X 10.2 allows remote attackers to execute ...)
	NOT-FOR-US: Mac OS X
CVE-2002-1897 (MyWebServer LLC MyWebServer 1.0.2 allows remote attackers to cause a ...)
	NOT-FOR-US: MyWebserver
CVE-2002-1896 (Buffer overflow in Alsaplayer 0.99.71, when installed setuid root, ...)
	- alsaplayer 0.99.72-1
CVE-2002-1895 (The servlet engine in Jakarta Apache Tomcat 3.3 and 4.0.4, when using ...)
	- tomcat4 <not-affected> (Windows-specific Tomcat problems)
CVE-2002-1894 (Cross-site scripting (XSS) vulnerability in viewtopic.php in phpBB ...)
	- phpbb2 <not-affected> (Debian package not vulnerable, see #316071, 316295)
CVE-2002-1893 (Cross-site scripting (XSS) vulnerability in ArGoSoft Mail Server Pro ...)
	NOT-FOR-US: ArGoSoft Mail Server
CVE-2002-1892 (NETGEAR FVS318 running firmware 1.1 stores the username and password ...)
	NOT-FOR-US: Netgear hardware
CVE-2002-1891 (Buffer overflow in IRCIT 0.3.1 IRC client allows remote attackers to ...)
	NOT-FOR-US: IRCIT
CVE-2002-1890 (rhmask 1.0-9 in Red Hat Linux 7.1 allows local users to overwrite ...)
	NOT-FOR-US: RedHat specific
CVE-2002-1889 (Off-by-one buffer overflow in the context_action function in context.c ...)
	NOT-FOR-US: Logsurfer
CVE-2002-1888 (CommonName Toolbar 3.5.2.0 sends unqualified domain name requests to ...)
	NOT-FOR-US: CommonName Toolbar
CVE-2002-1887 (PHP remote file inclusion vulnerability in customize.php for ...)
	NOT-FOR-US: phpMyNewsletter
CVE-2002-1886 (TightAuction 3.0 stores config.inc under the web document root with ...)
	NOT-FOR-US: TightAuction
CVE-2002-1885 (PHP remote file inclusion vulnerability in showhits.php3 for ...)
	NOT-FOR-US: PPhlogger
CVE-2002-1884 (index.php in Py-Membres 3.1 allows remote attackers to log in as an ...)
	NOT-FOR-US: Py-Membres
CVE-2002-1883 (Trolltech Qt Assistant 1.0 in Trolltech Qt 3.0.3, when loaded from the ...)
	- qt-x11-free 2:3.0.4-1
CVE-2002-1882 (Unknown vulnerability in AolSecurityPrivate.class in Oracle E-Business ...)
	NOT-FOR-US: Oracle
CVE-2002-1881 (Macromedia Flash Player 4.0 r12 through 6.0.47.0 allows remote ...)
	- flashplugin-nonfree 6.0.61.0-1
CVE-2002-1880 (LokwaBB 1.2.2 allows remote attackers to read arbitrary messages by ...)
	NOT-FOR-US: LokwaBB
CVE-2002-1879 (SQL injection vulnerability in LokwaBB 1.2.2 allows remote attackers ...)
	NOT-FOR-US: LokwaBB
CVE-2002-1878 (PHP remote file inclusion vulnerability in w-Agora 4.1.3 allows remote ...)
	NOT-FOR-US: w-Agora
CVE-2002-1877 (NETGEAR FM114P allows remote attackers to bypass access restrictions ...)
	NOT-FOR-US: Netgear hardware
CVE-2002-1876 (Microsoft Exchange 2000 allows remote authenticated attackers to cause ...)
	NOT-FOR-US: Microsoft
CVE-2002-1875 (Entercept Agent 2.5 agent for Windows, released before May 21, 2002, ...)
	NOT-FOR-US: Entercept Agent
CVE-2002-1874 (astrocam.cgi in AstroCam 0.9-1-1 through 1.4.0 allows remote attackers ...)
	NOT-FOR-US: Astrocam
CVE-2002-1873 (Microsoft Exchange 2000, when used with Microsoft Remote Procedure ...)
	NOT-FOR-US: Microsoft
CVE-2002-1872 (Microsoft SQL Server 6.0 through 2000, with SQL Authentication ...)
	NOT-FOR-US: Microsoft
CVE-2002-1871 (pkgadd in Sun Solaris 2.5.1 through 8 installs files setuid/setgid ...)
	NOT-FOR-US: Solaris
CVE-2002-1870 (Simple Web Server (SWS) 0.0.4 through 0.1.0 does not properly handle ...)
	NOT-FOR-US: Simple Web Server
CVE-2002-1869 (Heysoft EventSave 5.1 and 5.2 and Heysoft EventSave+ 5.1 and 5.2 does ...)
	NOT-FOR-US: Heysoft EventSave
CVE-2002-1868 (Dispair 0.1 and 0.2 allows remote attackers to execute arbitrary shell ...)
	NOT-FOR-US: Dispair
CVE-2002-1867 (The default configuration of BizDesign ImageFolio 2.23 through 2.26 ...)
	NOT-FOR-US: ImageFolio
CVE-2002-1866 (Simple Web Server (SWS) 0.0.4 through 0.1.0 does not close file ...)
	NOT-FOR-US: Simple Web Server
CVE-2002-1865 (Buffer overflow in the Embedded HTTP server, as used in (1) D-Link ...)
	NOT-FOR-US: Embedded HTTP server
CVE-2002-1864 (Directory traversal vulnerability in Simple Web Server (SWS) 0.0.4 ...)
	NOT-FOR-US: Simple Web Server
CVE-2002-1863 (Iomega Network Attached Storage (NAS) A300U, and possibly other ...)
	NOT-FOR-US: Iomega NAS
CVE-2002-1862 (SmartMail Server 2.0 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: SmartMail Server
CVE-2002-1861 (Sybase Enterprise Application Server 4.0, when running on Windows, ...)
	NOT-FOR-US: Sybase ASE
CVE-2002-1860 (Pramati Server 3.0, when running on Windows, allows remote attackers ...)
	NOT-FOR-US: Pramati
CVE-2002-1859 (Orion Application Server 1.5.3, when running on Windows, allows remote ...)
	NOT-FOR-US: Orion
CVE-2002-1858 (Oracle Oracle9i Application Server 1.0.2.2 and 9.0.2 through ...)
	NOT-FOR-US: Oracle
CVE-2002-1857 (jo! jo Webserver 1.0, when running on Windows, allows remote attackers ...)
	NOT-FOR-US: jo! jo Webserver
CVE-2002-1856 (HP Application Server 8.0, when running on Windows, allows remote ...)
	NOT-FOR-US: HP Application Server
CVE-2002-1855 (Macromedia JRun 3.0 through 4.0, when running on Windows, allows ...)
	NOT-FOR-US: Macromedia JRun
CVE-2002-1854 (Rlaj whois CGI script (whois.cgi) 1.0 allows remote attackers to ...)
	NOTE: not-for-us
CVE-2002-1853 (Cross-site scripting (XSS) vulnerability in MyNewsGroups 0.4 and 0.4.1 ...)
	NOTE: not-for-us
CVE-2002-1852 (Cross-site scripting (XSS) vulnerability in Monkey 0.5.0 allows remote ...)
	NOTE: not-for-us
CVE-2002-1851 (Buffer overflow in WS_FTP Pro 7.5 allows remote attackers to execute ...)
	NOTE: not-for-us
CVE-2002-1850 (mod_cgi in Apache 2.0.39 and 2.0.40 allows local users and possibly ...)
	- apache2 2.0.42-1
CVE-2002-1849 (ParaChat Server 4.0 does not log users off if the browser's back ...)
	NOTE: not-for-us
CVE-2002-1848 (TightVNC before 1.2.4 running on Windows stores unencrypted passwords ...)
	NOTE: not-for-us
CVE-2002-1847 (Buffer overflow in mplay32.exe of Microsoft Windows Media Player (WMP) ...)
	NOTE: not-for-us
CVE-2002-1846 (Yet Another Bulletin Board (YaBB) 1.40 and 1.41 does not require a ...)
	NOTE: not-for-us
CVE-2002-1845 (Cross-site scripting (XSS) vulnerability in index.php in Yet Another ...)
	NOTE: not-for-us
CVE-2002-1844 (Microsoft Windows Media Player (WMP) 6.3, when installed on Solaris, ...)
	NOTE: not-for-us
CVE-2002-1843 (Perlbot 1.9.2 allows remote attackers to execute arbitrary commands ...)
	NOTE: not-for-us
CVE-2002-1842 (Perlbot 1.0 beta allows remote attackers to execute arbitrary commands ...)
	NOTE: not-for-us
CVE-2002-1841 (The document management module in NOLA 1.1.1 and 1.1.2 does not ...)
	NOTE: not-for-us
CVE-2002-1840 (irssi IRC client 0.8.4, when downloaded after 14-March-2002, could ...)
	NOTE: not-for-us
CVE-2002-1839 (Trend Micro InterScan VirusWall for Windows NT 3.52 does not record ...)
	NOTE: not-for-us
CVE-2002-1838 (Charities.cron 1.0.2 through 1.6.0 allows local users to write to ...)
	NOTE: not-for-us
CVE-2002-1837 (The getAlbumToDisplay function in idsShared.pm for Image Display ...)
	NOTE: not-for-us
CVE-2002-1836 (The default configuration of Xerox DocuTech 6110 and DocuTech 6115 ...)
	NOTE: not-for-us
CVE-2002-1835 (The default configuration of Xerox DocuTech 6110 and DocuTech 6115 ...)
	NOTE: not-for-us
CVE-2002-1834 (The default configuration of Xerox DocuTech 6110 and DocuTech 6115 ...)
	NOTE: not-for-us
CVE-2002-1833 (The default configurations for DocuTech 6110 and DocuTech 6115 have a ...)
	NOTE: not-for-us
CVE-2002-1832 (Unknown vulnerability in the &quot;ipopts decode&quot; functionality in ...)
	NOTE: not-for-us
CVE-2002-1831 (Microsoft MSN Messenger Service 1.0 through 4.6 allows remote ...)
	NOTE: not-for-us
CVE-2002-1830 (Open Bulletin Board (OpenBB) 1.0.0 RC3 allows remote attackers to ...)
	NOTE: not-for-us
CVE-2002-1829 (Cross-site scripting (XSS) vulnerability in codeparse.php in Open ...)
	NOTE: not-for-us
CVE-2002-1828 (Savant Webserver 3.1 allows remote attackers to cause a denial of ...)
	NOTE: not-for-us
CVE-2002-1827 (Sendmail 8.9.0 through 8.12.3 allows local users to cause a denial of ...)
	- sendmail 8.12-4
CVE-2002-1826 (grsecurity 1.9.4 for Linux kernel 2.4.18 allows local users to bypass ...)
	- kernel-patch-2.4-grsecurity 1.9.6-1
CVE-2002-1825 (Format string vulnerability in PerlRTE_example1.pl in WASD 7.1, 7.2.0 ...)
	NOT-FOR-US: WASD
CVE-2002-1824 (Microsoft Internet Explorer 6.0, when handling an expired CA-CERT in a ...)
	NOT-FOR-US: MSIE
CVE-2002-1823 (Buffer overflow in the HttpGetRequest function in Zeroo HTTP server ...)
	NOT-FOR-US: Zeroo
CVE-2002-1822 (IBM HTTP Server 1.0 on AS/400 allows remote attackers to obtain the ...)
	NOT-FOR-US: IBM HTTP Server on AS/400
CVE-2002-1821 (Ultimate PHP Board (UPB) 1.0 and 1.0b allows remote authenticated ...)
	NOT-FOR-US: Ultimate PHP Board
CVE-2002-1820 (register.php in Ultimate PHP Board (UPB) 1.0 and 1.0b uses an ...)
	NOT-FOR-US: Ultimate PHP Board
CVE-2002-1819 (Directory traversal vulnerability in TinyHTTPD 0.1 .0 allows remote ...)
	NOT-FOR-US: TinyHTTPD
CVE-2002-1818 (ezhttpbench.php in eZ httpbench 1.1 allows remote attackers to read ...)
	NOT-FOR-US: httpbench
CVE-2002-1817 (Unknown vulnerability in Veritas Cluster Server (VCS) 1.2 for ...)
	NOT-FOR-US: Veritas
CVE-2002-1816 (Off-by-one buffer overflow in the sock_gets function in sockhelp.c for ...)
	NOT-FOR-US: ATPhttpd
CVE-2002-1815 (Directory traversal vulnerability in source.php and source.cgi in ...)
	NOT-FOR-US: Aquonics
CVE-2002-1814 (Buffer overflow in efstools in Bonobo, when installed setuid, allows ...)
	- bonobo <not-affected> (efstool not suid on Debian)
CVE-2002-1813 (Directory traversal vulnerability in AOL Instant Messenger (AIM) ...)
	NOT-FOR-US: AIM
CVE-2002-1812 (Buffer overflow in gdam123 0.933 and 0.942 allows local users to ...)
	NOT-FOR-US: gdam123
CVE-2002-1811 (Belkin F5D6130 Wireless Network Access Point running firmware AP14G8 ...)
	NOT-FOR-US: Belkin F5D6130 Wireless Network Access Point
CVE-2002-1810 (D-Link DWL-900AP+ Access Point 2.1 and 2.2 allows remote attackers to ...)
	NOT-FOR-US: D-Link DWL-900AP+ Access Point
CVE-2002-1809 (The default configuration of the Windows binary release of MySQL ...)
	NOT-FOR-US: MySQL windows binary
CVE-2002-1808 (Cross-site scripting (XSS) vulnerability in Meunity Community System ...)
	NOT-FOR-US: Meunity
CVE-2002-1807 (Cross-site scripting (XSS) vulnerability in phpWebSite 0.8.3 allows ...)
	NOT-FOR-US: phpWebSite
CVE-2002-1806 (Cross-site scripting (XSS) vulnerability in Drupal 4.0.0 allows remote ...)
	NOT-FOR-US: Drupal
CVE-2002-1805 (Cross-site scripting (XSS) vulnerability in DaCode 1.2.0 allows remote ...)
	- dacode <removed> (bug #322605; low)
	[sarge] - dacode <no-dsa> (Minor issue; attacker would need to bypass moderator review/approval)
	NOTE: Sarge is affected (has same version as testing/unstable)
CVE-2002-1804 (Cross-site scripting (XSS) vulnerability in NPDS 4.8 allows remote ...)
	NOT-FOR-US: NPDS
CVE-2002-1803 (Cross-site scripting (XSS) vulnerability in PHP-Nuke 6.0 allows remote ...)
	NOT-FOR-US: PHP-Nuke
CVE-2002-1802 (Cross-site scripting (XSS) vulnerability in Xoops 1.0 RC3 allows ...)
	NOT-FOR-US: Xoops
CVE-2002-1801 (ImageFolio 2.23 through 2.27 allows remote attackers to obtain ...)
	NOT-FOR-US: ImageFolio
CVE-2002-1800 (phpRank 1.8 stores the administrative password in plaintext on the ...)
	NOT-FOR-US: phpRank
CVE-2002-1799 (Cross-site scripting (XSS) vulnerability in phpRank 1.8 allows remote ...)
	NOT-FOR-US: phpRank
CVE-2002-1798 (MidiCart PHP, PHP Plus, and PHP Maxi allows remote attackers to (1) ...)
	NOT-FOR-US: MidiCart
CVE-2002-1797 (ChaiVM for HP color LaserJet 4500 and 4550 or HP LaserJet 4100 and ...)
	NOT-FOR-US: ChaiVM
CVE-2002-1796 (ChaiVM EZloader for HP color LaserJet 4500 and 4550 and HP LaserJet ...)
	NOT-FOR-US: ChaiVM
CVE-2002-1795 (Cross-site scripting (XSS) vulnerability in connect.asp in Microsoft ...)
	NOT-FOR-US: Microsoft
CVE-2002-1794 (Unknown vulnerability in pam_authz in the LDAP-UX Integration product ...)
	NOT-FOR-US: HP ldapux-pamauthz
CVE-2002-1793 (HTTP Server mod_ssl module running on HP-UX 11.04 with Virtualvault OS ...)
	NOT-FOR-US: HP Virtualvault OS
CVE-2002-1792 (Buffer overflow in Fake Identd 0.9 through 1.4 allows remote attackers ...)
	NOT-FOR-US: Fake Identd
CVE-2002-1791 (SGI IRIX 6.5 through 6.5.17 creates temporary desktop files with ...)
	NOT-FOR-US: SGI IRIX
CVE-2002-1790 (The SMTP service in Microsoft Internet Information Services (IIS) 4.0 ...)
	NOT-FOR-US: microsoft
CVE-2002-1789 (Format string vulnerability in newsx NNTP client before 1.4.8 allows ...)
	- newsx 1.4pl6.0-2
CVE-2002-1788 (Format string vulnerability in the nn_exitmsg function in nn 6.6.0 ...)
	- nn 6.6.4-1
CVE-2002-1787 (Buffer overflow in uux in eoe.sw.uucp package of SGI IRIX 6.5 through ...)
	NOT-FOR-US: SGI IRIX
CVE-2002-1786 (SGI IRIX 6.5 through 6.5.14 applies a umask of 022 to root core dumps, ...)
	NOT-FOR-US: SGI IRIX
CVE-2002-1785 (Cross-site scripting (XSS) vulnerability in Zeus Administration Server ...)
	NOT-FOR-US: Zeus Administration Server
CVE-2002-1784 (Unknown vulnerability in inetd in HP Tru64 Unix 4.0f through 5.1a ...)
	NOT-FOR-US: HP Tru64
CVE-2002-1783 (CRLF injection vulnerability in PHP 4.2.1 through 4.2.3, when ...)
	- php4 4:4.3.10-15
CVE-2000-1227 (Windows NT 4.0 and Windows 2000 hosts allow remote attackers to cause ...)
	NOT-FOR-US: microsoft
CVE-2005-2053 (Just another flat file (JAF) CMS before 3.0 Final allows remote ...)
	NOT-FOR-US: JAF CMS
CVE-2005-2052 (Heap-based buffer overflow in vidplin.dll in RealPlayer 10 and 10.5 ...)
	NOT-FOR-US: Real Player
	NOTE: This didn't affected Helix, although the changelog claimed so, see
	NOTE: http://service.real.com/help/faq/security/050623_player/EN/
CVE-2005-2051 (Buffer overflow in the VERITAS Backup Exec Web Administration Console ...)
	NOT-FOR-US: BEWAC
CVE-2005-2050 (Unknown vulnerability in Tor before 0.1.0.10 allows remote attackers ...)
	- tor 0.0.9.10-1 (medium)
CVE-2005-2049 (Multiple SQL injection vulnerabilities in DUware DUclassmate 1.2 allow ...)
	NOT-FOR-US: Duware
CVE-2005-2048 (Multiple SQL injection vulnerabilities in DUware DUforum 3.1, and ...)
	NOT-FOR-US: Duware
CVE-2005-2047 (Multiple SQL injection vulnerabilities in DUware DUpaypal Pro 3.0 ...)
	NOT-FOR-US: Duware
CVE-2005-2046 (Multiple SQL injection vulnerabilities in DUware DUamazon Pro 3.0 and ...)
	NOT-FOR-US: Duware
CVE-2005-2045 (Multiple SQL injection vulnerabilities in DUware DUportal PRO 3.4.3 ...)
	NOT-FOR-US: Duware
CVE-2005-2044 (Multiple cross-site scripting (XSS) vulnerabilities in ATutor 1.4.3 ...)
	NOT-FOR-US: ATutor
CVE-2005-2043 (Directory traversal vulnerability in XAMPP before 1.4.14 allows remote ...)
	NOT-FOR-US: XAMPP
CVE-2005-2042 (Cross-site scripting (XSS) vulnerability in ajax-spell before 1.8 ...)
	NOT-FOR-US: ajax-spell
CVE-2005-2041 (Buffer overflow in addschup in HAURI ViRobot 2.0, and possibly other ...)
	NOT-FOR-US: ViRobot
CVE-2005-2040 (Multiple buffer overflows in the getterminaltype function in telnetd ...)
	{DSA-758-1}
	- heimdal 0.6.3-11 (bug #315065; bug #315086; high)
CVE-2005-2039 (Unknown vulnerability in &quot;various plugins&quot; for NanoBlogger 3.2.1 and ...)
	- nanoblogger <not-affected> (3.1 version in Debian was not affected by this vulnerability, see #315492)
CVE-2005-2038 (Fortibus CMS 4.0.0 allows remote attackers to modify information of ...)
	NOT-FOR-US: Fortibus CMS
CVE-2005-2037 (Multiple SQL injection vulnerabilities in Fortibus CMS 4.0.0 allow ...)
	NOT-FOR-US: Fortibus CMS
CVE-2005-2036 (modifyUser.asp in Cool Cafe (Cool Caf&#233;) Chat 1.2.1 allows remote ...)
	NOT-FOR-US: Cool Cafe Chat
CVE-2005-2035 (SQL injection vulnerability in login.asp for Cool Cafe (Cool Caf&#233;) ...)
	NOT-FOR-US: Cool Cafe Chat
CVE-2005-2034 (Cross-site scripting (XSS) vulnerability in folderview.asp for ...)
	NOT-FOR-US: iGallery
CVE-2005-2033 (Directory traversal vulnerability in folderview.asp for Blue-Collar ...)
	NOT-FOR-US: iGallery
CVE-2005-2032 (Unknown vulnerability in lpadmin on Sun Solaris 7, 8, and 9 allows ...)
	NOT-FOR-US: Solaris
CVE-2005-2031 (Multiple SQL injection vulnerabilities in socialMPN allow remote ...)
	NOT-FOR-US: socialMPN
CVE-2005-2030 (Ultimate PHP Board (UPB) 1.9.6 GOLD uses weak encryption for passwords ...)
	NOT-FOR-US: Ultimate PHP Board
CVE-2005-2029 (amaroK Web Frontend 1.3 stores the globals.inc file under the web root ...)
	NOT-FOR-US: external script that allow interaction between amarok and a browser
CVE-2005-2028 (SQL injection vulnerability in index.php for MercuryBoard 1.1.4 and ...)
	NOT-FOR-US: MercuryBoard
CVE-2005-2027 (Enterasys Vertical Horizon VH-2402S before firmware 2.05.05.09 does ...)
	NOT-FOR-US: Enterasys hardware issue
CVE-2005-2026 (Enterasys Vertical Horizon VH-2402S before firmware 2.05.05.09 has a ...)
	NOT-FOR-US: Enterasys hardware issue
CVE-2005-2025 (Cisco VPN 3000 Concentrator before 4.1.7.F allows remote attackers to ...)
	NOT-FOR-US: Cisco
CVE-2005-2024 (Vipul Razor Agents (razor-agents) before 2.70 allows remote attackers ...)
	{DSA-738-1}
	NOTE: varying and apparently innacurate info about what versions fix it
	- razor 2.720-1 (low)
CVE-2005-2023 (The send_pinentry_environment function in asshelp.c in gpg2 on SUSE ...)
	- gnupg2 1.9.15-1
CVE-2005-2022 (Unknown vulnerability in Webmail in iPlanet Messaging Server 5.2 Patch ...)
	NOT-FOR-US: iPlanet
CVE-2005-2021 (Cross-site scripting (XSS) vulnerability in cPanel 9.1 and earlier ...)
	NOT-FOR-US: cPanel
CVE-2005-2020 (Directory traversal vulnerability in the web server for 3Com Network ...)
	NOT-FOR-US: 3com Network Supervisor
CVE-2005-2019 (ipfw in FreeBSD 5.4, when running on Symmetric Multi-Processor (SMP) ...)
	NOT-FOR-US: FreeBSD ipfw
CVE-2005-2018
	RESERVED
CVE-2005-2017 (Symantec AntiVirus 9 Corporate Edition allows local users to gain ...)
	NOT-FOR-US: Symantec AntiVirus
CVE-2005-2016
	RESERVED
CVE-2005-2015
	RESERVED
CVE-2005-2014 (The &quot;upload a language pack&quot; feature in paFAQ 1.0 Beta 4 allows remote ...)
	NOT-FOR-US: paFAQ
CVE-2005-2013 (paFAQ 1.0 Beta 4 allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: paFAQ
CVE-2005-2012 (Multiple SQL injection vulnerabilities in login in paFAQ 1.0 Beta 4 ...)
	NOT-FOR-US: paFAQ
CVE-2005-2011 (Multiple cross-site scripting (XSS) vulnerabilities in paFAQ 1.0 Beta ...)
	NOT-FOR-US: paFAQ
CVE-2005-2010 (Cross-site scripting (XSS) vulnerability in trackback.asp in Ublog ...)
	NOT-FOR-US: Ublog Reload
CVE-2005-2009 (Multiple SQL injection vulnerabilities in Ublog Reload 1.0.5 allow ...)
	NOT-FOR-US: Ublog Reload
CVE-2005-2008 (Yaws Webserver 1.55 and earlier allows remote attackers to obtain the ...)
	- yaws 1.56-1 (low)
CVE-2005-2007 (Directory traversal vulnerability in Edgewall Trac 0.8.3 and earlier ...)
	- trac 0.8.4-1 (bug #315145)
	[sarge] - trac 0.8.1-3sarge1
CVE-2005-2006 (JBOSS 3.2.2 through 3.2.7 and 4.0.2 allows remote attackers to obtain ...)
	NOT-FOR-US: JBOSS
CVE-2005-2005 (Ultimate PHP Board (UPB) 1.9.6 GOLD and earlier stores the users.dat ...)
	NOT-FOR-US: Ultimate PHP Board
CVE-2005-2004 (Multiple cross-site scripting vulnerabilities in Ultimate PHP Board ...)
	NOT-FOR-US: Ultimate PHP Board
CVE-2005-2003 (Ultimate PHP Board (UPB) 1.9.6 GOLD allows remote attackers to obtain ...)
	NOT-FOR-US: Ultimate PHP Board
CVE-2005-2002 (SQL injection vulnerability in content.php in Mambo 4.5.2.2 and ...)
	NOT-FOR-US: Mambo
CVE-2005-2001 (Directory traversal vulnerability in pafiledb.php in paFileDB 3.1 and ...)
	NOT-FOR-US: paFileDB
CVE-2005-2000 (Multiple SQL injection vulnerabilities in paFileDB 3.1 and earlier ...)
	NOT-FOR-US: paFileDB
CVE-2005-1999 (Multiple cross-site scripting (XSS) vulnerabilities in pafiledb.php in ...)
	NOT-FOR-US: paFileDB
CVE-2005-1998 (Directory traversal vulnerability in admin.php in McGallery 1.1 allows ...)
	NOT-FOR-US: McGallery
CVE-2005-1997 (show.php in McGallery 1.1 allows remote attackers to connect to ...)
	NOT-FOR-US: McGallery
CVE-2005-1996 (PHP remote file inclusion vulnerability in start.php in Bitrix Site ...)
	NOT-FOR-US: Bitrix Site Manager
CVE-2005-1995 (Bitrix Site Manager 4.0.x allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: Bitrix Site Manager
CVE-2005-1994 (Finjan SurfinGate 7.0SP2 and SP3 allows remote attackers to download ...)
	NOT-FOR-US: Finjan SurfinGate
CVE-2005-1993 (Race condition in sudo 1.3.1 up to 1.6.8p8, when the ALL ...)
	{DSA-735-2 DSA-735-1}
	- sudo 1.6.8p9-1 (bug #315718; bug #315115; medium)
CVE-2005-1992 (The XMLRPC server in utils.rb for the ruby library (libruby) 1.8 sets ...)
	{DSA-748-1}
	- ruby1.8 1.8.2-8 (bug #315064; medium)
	- ruby1.9 1.9.0+20050623-1 (bug #315064; medium)
CVE-2005-1991
	RESERVED
CVE-2005-1990 (Internet Explorer 5.0, 5.5, and 6.0 allows remote attackers to cause a ...)
	NOT-FOR-US: MSIE
CVE-2005-1989 (Unknown vulnerability in Internet Explorer 5.0, 5.5, and 6.0 allows ...)
	NOT-FOR-US: MSIE
CVE-2005-1988 (Unknown vulnerability in Internet Explorer 5.0, 5.5, and 6.0 allows ...)
	NOT-FOR-US: MSIE
CVE-2005-1987 (Buffer overflow in Collaboration Data Objects (CDO), as used in ...)
	NOT-FOR-US: Microsoft
CVE-2005-1986
	RESERVED
CVE-2005-1985 (The Client Service for NetWare (CSNW) on Microsoft Windows 2000 SP4, ...)
	NOT-FOR-US: Microsoft
CVE-2005-1984 (Buffer overflow in the Print Spooler service (Spoolsv.exe) for ...)
	NOT-FOR-US: Spoolsv.exe
CVE-2005-1983 (Stack-based buffer overflow in the Plug and Play (PnP) service for ...)
	NOT-FOR-US: Microsoft
CVE-2005-1982 (Unknown vulnerability in the PKINIT Protocol for Microsoft Windows ...)
	NOT-FOR-US: Microsoft
CVE-2005-1981 (Unknown vulnerability in Microsoft Windows 2000 Server and Windows ...)
	NOT-FOR-US: Microsoft
CVE-2005-1980 (Distributed Transaction Controller in Microsoft Windows allows remote ...)
	NOT-FOR-US: Microsoft
CVE-2005-1979 (Distributed Transaction Controller in Microsoft Windows allows remote ...)
	NOT-FOR-US: Microsoft
CVE-2005-1978 (COM+ in Microsoft Windows does not properly &quot;create and use memory ...)
	NOT-FOR-US: Microsoft
CVE-2005-1977
	RESERVED
CVE-2005-1976 (Novell NetMail 3.5.2a, 3.5.2b, and 3.5.2c, when running on Linux, sets ...)
	NOT-FOR-US: Novell NetMail
CVE-2002-1782 (The default configuration of University of Washington IMAP daemon ...)
	- uw-imap 7:2002ddebian1-2 (bug #315499; unimportant)
	NOTE: This only applies to very exotic setups. It's also documented in the FAQ
	NOTE: and if someone has such a setup she will have to recompile the package with
	NOTE: the security features enabled.
CVE-2002-1781 (Multiple buffer overflows in DeleGate 7.7.0 through 7.8.1 allow remote ...)
	NOT-FOR-US: DeleGate
CVE-2002-1780 (BPM Studio Pro 4.2 by ALCATech GmbH includes a webserver that allows a ...)
	NOT-FOR-US: BPM Studio Pro
CVE-2002-1779 (The &quot;block fragmented IP Packets&quot; option in Symantec Norton Personal ...)
	NOT-FOR-US: Norton
CVE-2002-1778 (Symantec Norton Personal Firewall 2002 allows remote attackers to ...)
	NOT-FOR-US: Norton
CVE-2002-1777 (** DISPUTED ** ...)
	NOT-FOR-US: Symantec
CVE-2002-1776 (** DISPUTED ** ...)
	NOT-FOR-US: Symantec
CVE-2002-1775 (** DISPUTED ** ...)
	NOT-FOR-US: Symantec
CVE-2002-1774 (** DISPUTED ** ...)
	NOT-FOR-US: Symantec
CVE-2002-1773 (Buffer overflow in ICQ 2.6x for MacOS X 10.0 through 10.1.2 allows ...)
	NOT-FOR-US: ICQ for MacOS X
CVE-2002-1772 (Novell Netware 5.0 through 5.1 may allow local users to gain &quot;Domain ...)
	NOT-FOR-US: Novell Netware
CVE-2002-1771 (Matt Wright FormMail 1.9 and earlier allows remote attackers to send ...)
	NOT-FOR-US: FormMail
CVE-2002-1770 (Qualcomm Eudora 5.1 allows remote attackers to execute arbitrary code ...)
	NOT-FOR-US: Eudora
CVE-2002-1769 (Microsoft Site Server 3.0 prior to SP4 installs a default user, ...)
	NOT-FOR-US: Mirosoft
CVE-2002-1768 (Cisco IOS 11.1 through 12.2, when HSRP support is not enabled, allows ...)
	NOT-FOR-US: Cisco
CVE-2002-1767 (Buffer overflow in tnslsnr of Oracle 8i Database Server 8.1.5 for ...)
	NOT-FOR-US: Oracle
CVE-2002-1766 (Buffer overflow in Composer in Netscape 4.77 allows local users to ...)
	NOT-FOR-US: Netscape
	NOTE: didn't check mozilla
CVE-2002-1765 (Evolution 1.0.3 and 1.0.4 allows remote attackers to cause a denial of ...)
	- evolution 1.0.5
CVE-2002-1764 (acroread in Adobe Acrobat Reader 4.05 on Linux allows local users to ...)
	NOT-FOR-US: acrobat
CVE-2002-1763 (The dtscreen Sun Solaris 8 CDE screensaver crashes when the &quot;Shift&quot; ...)
	NOT-FOR-US: dtscreen Sun Solaris 8 CDE screensaver
CVE-2002-1762 (Microsoft Baseline Security Analyzer (MBSA) 1.0 stores security scans ...)
	NOT-FOR-US: Microsoft
CVE-2002-1761 (Directory traversal vulnerability in PHProjekt 2.0 through 3.1 allows ...)
	NOT-FOR-US: PHProjekt
CVE-2002-1760 (Multiple SQL injection vulnerabilities in PHProjekt 2.0 through 3.1 ...)
	NOT-FOR-US: PHProjekt
CVE-2002-1759 (The upload function in PHPProjekt 2.0 through 3.1 does not properly ...)
	NOT-FOR-US: PHProjekt
CVE-2002-1758 (PHProjekt 2.0 through 3.1 allows remote attackers to view or modify ...)
	NOT-FOR-US: PHProjekt
CVE-2002-1757 (PHProjekt 2.0 through 3.1 relies on the $PHP_SELF variable for ...)
	NOT-FOR-US: PHProjekt
CVE-2002-1756 (ACDSee 4.0 allows remote attackers to cause a denial of service ...)
	NOT-FOR-US: ACDSee
CVE-2002-1755 (tinc 1.0pre3 and 1.0pre4 VPN does not authenticate forwarded packets, ...)
	- tinc 1.0pre5
CVE-2002-1754 (Buffer overflow in Novell NetWare Client 4.80 through 4.83 allows ...)
	NOT-FOR-US: Novell NetWare
CVE-2002-1753 (csNewsPro.cgi in CGIScript.net csNews Professional (csNewsPro) allows ...)
	NOT-FOR-US: csNews
CVE-2002-1752 (csChatRBox.cgi in CGIScript.net csChat-R-Box allows remote attackers ...)
	NOT-FOR-US: csChat-R-Box
CVE-2002-1751 (csLiveSupport.cgi in CGIScript.net csLiveSupport allows remote ...)
	NOT-FOR-US: csLiveSupport
CVE-2002-1750 (csGuestbook.cgi in CGISCRIPT.NET csGuestbook 1.0 allows remote ...)
	NOT-FOR-US: csGuestbook
CVE-2002-1749 (Windows 2000 Terminal Services, when using the disconnect feature of ...)
	NOT-FOR-US: Windows 2000 Terminal Services
CVE-2002-1748 (Unknown vulnerability in Slash 2.1.x and 2.2 through 2.2.2, as used in ...)
	- slash 2.2.3
CVE-2002-1747 (Vtun 2.5b1 does not authenticate forwarded packets, which allows ...)
	- vtun 2.5b2
CVE-2002-1746 (Vtun 2.5b1 allows remote attackers to inject data into user sessions ...)
	- vtun 2.5b2
CVE-2002-1745 (Off-by-one error in the CodeBrws.asp sample script in Microsoft IIS ...)
	NOT-FOR-US: Microsoft
CVE-2002-1744 (Directory traversal vulnerability in CodeBrws.asp in Microsoft IIS 5.0 ...)
	NOT-FOR-US: Microsoft
CVE-2002-1743 (AOL ICQ 2002a Build 3722 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: AOL ICQ
CVE-2002-1742 (SOAP::Lite 0.50 through 0.52 allows remote attackers to load arbitrary ...)
	- soap-lite 0.55
CVE-2002-1741 (Directory traversal vulnerability in WorldClient.cgi in WorldClient ...)
	NOT-FOR-US: WorldClient
CVE-2002-1740 (Buffer overflow in WorldClient.cgi in WorldClient in Alt-N ...)
	NOT-FOR-US: WorldClient
CVE-2002-1739 (Alt-N Technologies Mdaemon 5.0 through 5.0.6 uses a weak encryption ...)
	NOT-FOR-US: Alt-N Technologies Mdaemon
CVE-2002-1738 (Alt-N Technologies MDaemon 5.0.5.0 and earlier creates a default ...)
	NOT-FOR-US: Alt-N Technologies Mdaemon
CVE-2002-1737 (Astaro Security Linux 2.016 creates world-writable files and ...)
	NOT-FOR-US: Astaro Security Linux
CVE-2002-1736 (Unknown vulnerability in CGINews before 1.06 allow remote attackers to ...)
	NOT-FOR-US: CGINews
CVE-2002-1735 (Buffer overflow in dlogin 1.0a could allow local users to gain ...)
	NOT-FOR-US: dlogin
CVE-2002-1734 (NewsPro 1.01 allows remote attackers to gain unauthorized ...)
	NOT-FOR-US: NewsPro
CVE-2002-1733 (Cross-site scripting (XSS) vulnerability in the web-based message ...)
	NOT-FOR-US: Prospero MessageBoards
CVE-2002-1732 (Multiple cross-site scripting (XSS) vulnerabilities in Actinic Catalog ...)
	NOT-FOR-US: Actinic Catalog
CVE-2002-1731 (The System Request menu in IBM AS/400 allows local users to list valid ...)
	NOT-FOR-US: IBM AS/400
CVE-2002-1730 (ASPjar Guestbook 1.00 allows remote attackers to delete arbitrary ...)
	NOT-FOR-US: ASPjar Guestbook
CVE-2002-1729 (Cross-site scripting vulnerability (XSS) in ASPjar Guestbook 1.00 ...)
	NOT-FOR-US: ASPjar Guestbook
CVE-2002-1728 (askSam Web Publisher 1.0 and 4.0 allows remote attackers to determine ...)
	NOT-FOR-US: askSam Web Publisher
CVE-2002-1727 (Cross-site scripting vulnerability (XSS) in (1) as_web.exe and (2) ...)
	NOT-FOR-US: askSam Web Publisher
CVE-2002-1726 (secure_inc.php in PhotoDB 1.4 allows remote attackers to bypass ...)
	NOT-FOR-US: PhotoDB
CVE-2002-1725 (phpimageview.php in PHPImageView 1.0 allows remote attackers to obtain ...)
	NOT-FOR-US: PHPImageView
CVE-2002-1724 (Cross-site scripting vulnerability (XSS) in phpimageview.php for ...)
	NOT-FOR-US: PHPImageView
CVE-2002-1723 (Powerboards 2.2b allows remote attackers to view the full path to the ...)
	NOT-FOR-US: Powerboards
CVE-2002-1722 (Logitech iTouch keyboards allows attackers with physical access to the ...)
	NOT-FOR-US: microsoft
CVE-2002-1721 (Off-by-one error in alterMIME 0.1.10 and 0.1.11 allows remote ...)
	- altermime <not-affected> (fixed before the first Debian upload)
CVE-2002-1720 (SQL injection vulnerability in Spooky Login 2.0 through 2.5 allows ...)
	NOT-FOR-US: Spooky Login
CVE-2002-1719 (Unknown vulnerability in Bavo 0.3 allows remote attackers to modify ...)
	NOT-FOR-US: Bavo
CVE-2002-1718 (Microsoft Internet Information Server (IIS) 5.1 may allow remote ...)
	NOT-FOR-US: microsoft
CVE-2002-1717 (Microsoft Internet Information Server (IIS) 5.1 allows remote ...)
	NOT-FOR-US: microsoft
CVE-2002-1716 (The Host() function in the Microsoft spreadsheet component on ...)
	NOT-FOR-US: microsoft
CVE-2002-1715 (SSH 1 through 3, and possibly other versions, allows local users to ...)
	- openssh <not-affected> ("SecurityFocus staff have been unable to reproduce this vulnerability with OpenSSH version 3.1p1.")
CVE-2002-1714 (Microsoft Internet Explorer 5.0 through 6.0 allows remote attackers to ...)
	NOT-FOR-US: microsoft
CVE-2002-1713 (The Standard security setting for Mandrake-Security package (msec) in ...)
	NOT-FOR-US: msec
CVE-2002-1712 (Microsoft Windows 2000 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: microsoft
CVE-2002-1711 (BasiliX 1.1.0 saves attachments in a world readable /tmp/BasiliX ...)
	NOT-FOR-US: BasiliX
CVE-2002-1710 (The attachment capability in Compose Mail in BasiliX Webmail 1.1.0 ...)
	NOT-FOR-US: BasiliX
CVE-2002-1709 (SQL injection vulnerability in BasiliX Webmail 1.10 allows remote ...)
	NOT-FOR-US: BasiliX
CVE-2002-1708 (Cross-site scripting vulnerability (XSS) in BasiliX Webmail 1.10 ...)
	NOT-FOR-US: BasiliX
CVE-2002-1707 (install.php in phpBB 2.0 through 2.0.1, when &quot;allow_url_fopen&quot; and ...)
	- phpbb2 2.0.6c-1
CVE-2002-1706 (Cisco IOS software 11.3 through 12.2 running on Cisco uBR7200 and ...)
	NOT-FOR-US: Cisco
CVE-2002-1705 (Microsoft Internet Explorer 5.5 through 6.0 allows remote attackers to ...)
	NOT-FOR-US: microsoft
CVE-2002-1704 (Zeroboard 4.1, when the &quot;allow_url_fopen&quot; and &quot;register_globals&quot; ...)
	NOT-FOR-US: Zeroboard
CVE-2002-1703 (Cross-site scripting vulnerability (XSS) in auction.cgi for Mewsoft ...)
	NOT-FOR-US: NetAuction
CVE-2002-1702 (Cross-site scripting vulnerability (XSS) in DeltaScripts PHP ...)
	NOT-FOR-US: DeltaScripts PHP Classifieds
CVE-2002-1700 (Cross-site scripting vulnerability (XSS) in the missing template ...)
	NOT-FOR-US: ColdFusion
CVE-2002-1699 (SQL injection vulnerability in ASP Client Check (ASPCC) 1.3 and 1.5 ...)
	NOT-FOR-US: ASP Client Check
CVE-2002-1698 (Buffer overflow in Microsoft MSN Messenger Service 1.0 through 4.6 ...)
	NOT-FOR-US: Microsoft
CVE-2002-1697 (Electronic Code Book (ECB) mode in VTun 2.0 through 2.5 uses a weak ...)
	- vtun 2.6-1
CVE-2002-1696 (Microsoft Outlook plug-in PGP version 7.0, 7.0.3, and 7.0.4 silently ...)
	NOT-FOR-US: Microsoft Outlook plugin
CVE-2002-1695 (Norton Internet Security 2001 opens log files with FILE_SHARE_READ and ...)
	NOT-FOR-US: Norton
CVE-2002-1694 (Microsoft Internet Information Server (IIS) 4.0 opens log files with ...)
	NOT-FOR-US: Microsoft
CVE-2002-1692 (Buffer overflow in backup utility of Microsoft Windows 95 allows ...)
	NOT-FOR-US: Microsoft
CVE-2002-1691 (Alcatel OmniPCX 4400 installs known user accounts and passwords in the ...)
	NOT-FOR-US: Alcatel hardware issue
CVE-2002-1690 (Unknown vulnerability in AIX before 4.0 with unknown attack vectors ...)
	NOT-FOR-US: AIX
CVE-2002-1689 (Unknown vulnerability in the login program on AIX before 4.0 could ...)
	NOT-FOR-US: AIX
CVE-2002-1688 (The browser history feature in Microsoft Internet Explorer 5.5 through ...)
	NOT-FOR-US: Microsoft
CVE-2002-1687 (Buffer overflow in the diagnostics library in AIX allows local users ...)
	NOT-FOR-US: AIX
CVE-2002-1686 (Buffer overflow in lscfg of unknown versions of AIX has unknown ...)
	NOT-FOR-US: AIX
CVE-2002-1685 (Cross-site scripting vulnerability (XSS) in BadBlue Enterprise Edition ...)
	NOT-FOR-US: BadBlue Enterprise Edition
CVE-2002-1684 (Directory traversal vulnerability in (1) Deerfield D2Gfx 1.0.2 or (2) ...)
	NOT-FOR-US: Deerfield D2Gfx
CVE-2002-1683 (Cross-site scripting (XSS) vulnerability in BadBlue Personal Edition ...)
	NOT-FOR-US: BadBlue Personal Edition
CVE-2002-1682 (NewsReactor 1.0 uses a weak encryption scheme, which could allow local ...)
	NOT-FOR-US: NewsReactor
CVE-2002-1681 (Cross-site scripting (XSS) vulnerability in Slashcode CVS releases ...)
	- slash <not-affected> (Only present in intermediate CVS version, not released in Debian)
CVE-2002-1680 (Cross-site scripting (XSS) vulnerability in CGI Online Worldweb ...)
	NOT-FOR-US: COWS
CVE-2002-1679 (Cross-site scripting (XSS) vulnerability in Jelsoft vBulletin 2.2.0 ...)
	NOT-FOR-US: vBulletin
CVE-2002-1678 (Cross-site scripting (XSS) vulnerability in memberlist.php in Jelsoft ...)
	NOT-FOR-US: vBulletin
CVE-2002-1677 (14all.cgi 1.1p15 in mrtgconfig allows remote attackers to determine ...)
	NOT-FOR-US: mrtgconfig
CVE-2002-1676 (BindView NetInventory 1.0, when used with NetRC 1.0, allows local ...)
	NOT-FOR-US: BindView NetInventory
CVE-2002-1675 (Format string vulnerability in the Cio_PrintF function of cio_main.c ...)
	NOT-FOR-US: Unreal IRCd
CVE-2002-1674 (procfs on FreeBSD before 4.5 allows local users to cause a denial of ...)
	- kfreebsd-source <not-affected> (kfreebsd/Debian uses a much more recent kernel)
CVE-2002-1673 (The web interface for Webmin 0.92 does not properly quote or filter ...)
	- webmin 0.93 (medium)
CVE-2002-1672 (Webmin 0.92, when installed from an RPM, creates /var/webmin with ...)
	- webmin <not-affected> (packaging flaw of an unknown RPM based distro)
	NOTE: Permissions of Debian's webmin package look sane and FHS compliant
CVE-2002-1671 (Microsoft Internet Explorer 5.0, 5.01, and 5.5 allows remote attackers ...)
	NOT-FOR-US: Microsoft
CVE-2002-1670 (Microsoft Windows XP Professional upgrade edition overwrites ...)
	NOT-FOR-US: Microsoft
CVE-2002-1669 (pkg_add in FreeBSD 4.2 through 4.4 creates a temporary directory with ...)
	NOT-FOR-US: FreeBSD
CVE-2002-1668 (HP-UX 11.11 and earlier allows local users to cause a denial of ...)
	NOT-FOR-US: HP-UX
CVE-2002-1667 (The virtual memory management system in FreeBSD 4.5-RELEASE and ...)
	- kfreebsd-source <not-affected> (kfreebsd/Debian uses a much more recent kernel)
CVE-2002-1666 (Unknown vulnerability in Oracle E-Business Suite 11i.1 through 11i.6 ...)
	NOT-FOR-US: Oracle
CVE-2001-1506 (Unknown vulnerability in the file system protection subsystem in HP ...)
	NOT-FOR-US: HP Secure OS layer
CVE-2001-1505 (tinc 1.0pre3 and 1.0pre4 allows remote attackers to inject data into ...)
	- tinc 1.0pre5-1
CVE-2001-1504 (Lotus Notes R5 Client 4.6 allows remote attackers to execute arbitrary ...)
	NOT-FOR-US: Lotus Notes
CVE-2001-1503 (The finger daemon (in.fingerd) in Sun Solaris 2.5 through 8 and SunOS ...)
	NOT-FOR-US: Sun
CVE-2001-1502 (webcart.cgi in Mountain Network Systems WebCart 8.4 allows remote ...)
	NOT-FOR-US: WebCart
CVE-2001-1501 (The glob functionality in ProFTPD 1.2.1, and possibly other versions ...)
	NOTE: Fix went into proftpd CVS on 2002-12-12
	- proftpd 1.2.8-1
CVE-2001-1500 (ProFTPD 1.2.2rc2, and possibly other versions, does not properly ...)
	- proftpd 1.2.4-1
CVE-2001-1499 (Check Point VPN-1 4.1SP4 using SecuRemote returns different error ...)
	NOT-FOR-US: Check Point
CVE-2001-1498 (Buffer overflow in mod_bf 0.2 allows local users execute arbitrary ...)
	NOT-FOR-US: mod_bf
CVE-2001-1497 (Microsoft Internet Explorer 4.0 through 6.0 could allow local users to ...)
	NOT-FOR-US: Microsoft
CVE-2001-1496 (Off-by-one buffer overflow in Basic Authentication in Acme Labs thttpd ...)
	- thttpd 2.21
CVE-2001-1495 (network_query.php in Network Query Tool 1.0 allows remote attackers ...)
	NOT-FOR-US: Network Query Tool
CVE-2001-1494 (script command in the util-linux package before 2.11n allows local ...)
	- util-linux 2.11n-1
CVE-2001-1492
	REJECTED
CVE-2001-1491 (Opera 5.11 allows remote attackers to cause a denial of service (CPU ...)
	NOT-FOR-US: Opera
CVE-2001-1490 (Mozilla 0.9.6 allows remote attackers to cause a denial of service ...)
	NOTE: mozilla is quite easily DOSable with all sorts of large html
	NOTE: files, probably not worth following up on.
CVE-2001-1489 (Microsoft Internet Explorer 6 allows remote attackers to cause a ...)
	NOT-FOR-US: Microsoft
CVE-2001-1488 (Open Projects Network Internet Relay Chat (IRC) daemon u2.10.05.18 ...)
	NOT-FOR-US: Open Projects ircd
CVE-2001-1487 (popauth utility in Qualcomm Qpopper 4.0 and earlier allows local users ...)
	- qpopper <not-affected> (Vulnerable code verified not present)
CVE-2001-1484 (Alcatel ADSL modems allow remote attackers to access the Trivial File ...)
	NOT-FOR-US: Alcatel hardware issue
CVE-2001-1483 (One-Time Passwords In Everything (a.k.a OPIE) 2.32 and 2.4 allows ...)
	- libpam-opie <unfixed> (bug #112279; unimportant)
	NOTE: This is documented and not really important. In contrast to passwords
	NOTE: used by humans
	[sarge] - libpam-opie <no-dsa> (Documented shortcoming, minor impact)
CVE-2001-1482 (SQL injection vulnerability in bb_memberlist.php for phpBB 1.4.2 ...)
	NOTE: phpbb was initially uploaded as version 2 or phpbb has been removed now
CVE-2001-1481 (Xitami 2.4 through 2.5 b4 stores the Administrator password in ...)
	NOT-FOR-US: Xitami
CVE-2001-1480 (Java Runtime Environment (JRE) and SDK 1.2 through 1.3.0_04 allows ...)
	NOT-FOR-US: Sun Java
CVE-2001-1479 (smcboot in Sun SMC (Sun Management Center) 2.0 in Solaris 8 allows ...)
	NOT-FOR-US: Sun
CVE-2001-1478 (Buffer overflow in xlock in UnixWare 7.1.0 and 7.1.1 and Open Unix ...)
	NOT-FOR-US: UnixWare
CVE-2000-1226 (Snort 1.6, when running in straight ASCII packet logging mode or IDS ...)
	- snort 1.6.1-1
CVE-2000-1225 (Xitami 2.5b installs the testcgi.exe program by default in the cgi-bin ...)
	NOT-FOR-US: Xitami
CVE-2005-1975 (Multiple cross-site scripting (XSS) vulnerabilities in Annuaire 1Two ...)
	NOT-FOR-US: Annuaire
CVE-2005-1974 (Unspecified vulnerability in Java 2 Platform, Standard Edition (J2SE) ...)
	NOT-FOR-US: Sun Java
CVE-2005-1973 (Java Web Start in Java 2 Platform Standard Edition (J2SE) 5.0 and 5.0 ...)
	NOT-FOR-US: Sun Java
CVE-2005-1972 (Multiple SQL injection vulnerabilities in InteractivePHP FusionBB .11 ...)
	NOT-FOR-US: InteractivePHP FusionBB
CVE-2005-1971 (Directory traversal vulnerability in InteractivePHP FusionBB .11 Beta ...)
	NOT-FOR-US: InteractivePHP FusionBB
CVE-2005-1970 (Symantec pcAnywhere 10.5x and 11.x before 11.5, with &quot;Launch with ...)
	NOT-FOR-US: pcAnywhere
CVE-2005-1969 (Cross-site scripting (XSS) vulnerability in Pragma Systems ...)
	NOT-FOR-US: Pragma Telnetserver
CVE-2005-1968 (Cross-site scripting (XSS) vulnerability in ProductCart Ecommerce ...)
	NOT-FOR-US: ProductCart Ecommerce
CVE-2005-1967 (Multiple SQL injection vulnerabilities in ProductCart Ecommerce before ...)
	NOT-FOR-US: ProductCart Ecommerce
CVE-2005-1966 (The eTrace_validaddr function in eTrace plugin for e107 portal allows ...)
	NOT-FOR-US: e107
CVE-2005-1965 (PHP remote file inclusion vulnerability in siteframe.php for Broadpool ...)
	NOT-FOR-US: Broadpool Siteframe
CVE-2005-1964 (PHP remote file inclusion vulnerability in utilit.php for Ovidentia ...)
	NOT-FOR-US: Ovidentia Portal
CVE-2005-1963 (Cerberus Helpdesk 0.97.3 allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: Cerberus Helpdesk
CVE-2005-1962 (Cross-site scripting (XSS) vulnerability in Cerberus Helpdesk 0.97.3 ...)
	NOT-FOR-US: Cerberus Helpdesk
CVE-2005-1961 (Unknown vulnerability in ObjectWeb Consortium C-JDBC before 1.3.1 ...)
	NOT-FOR-US: C-JDBC
CVE-2005-1960 (The getemails function in C.J. Steele Tattle allows remote attackers ...)
	NOT-FOR-US: C.J. Steele Tattle
CVE-2005-1959 (jammail.pl in jamchen JamMail 1.8 allows remote attackers to execute ...)
	NOT-FOR-US: JamMail
CVE-2005-1958
	REJECTED
	NOTE: see CVE-2005-1855
CVE-2005-1957 (mtnpeak.net File Upload Manager does not properly check user ...)
	NOT-FOR-US: File Upload Manager
CVE-2005-1956 (File Upload Manager allows remote attackers to upload arbitrary files ...)
	NOT-FOR-US: File Upload Manager
CVE-2005-1955 (Cross-site scripting (XSS) vulnerability in index.php in singapore ...)
	NOT-FOR-US: singapore
CVE-2005-1954 (singapore 0.9.11 allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: singapore
CVE-2005-1953 (Heap-based buffer overflow in the CGI extension for Pico Server ...)
	NOT-FOR-US: Pico Server
CVE-2005-1952 (Directory traversal vulnerability in Pico Server (pServ) 3.3 allows ...)
	NOT-FOR-US: Pico Server
CVE-2005-1951 (Multiple HTTP Response Splitting vulnerabilities in osCommerce 2.2 ...)
	NOT-FOR-US: osCommerce
CVE-2005-1950 (hints.pl in Webhints 1.03 allows remote attackers to execute arbitrary ...)
	NOT-FOR-US: Webhints
CVE-2005-1949 (The eping_validaddr function in functions.php for the ePing plugin for ...)
	NOT-FOR-US: e107
CVE-2005-1948 (Multiple SQL injection vulnerabilities in Invision Gallery before ...)
	NOT-FOR-US: Invision Gallery
CVE-2005-1947 (Cross-site request forgery (CSRF) vulnerability in Invision Gallery ...)
	NOT-FOR-US: Invision Gallery
CVE-2005-1946 (Multiple SQL injection vulnerabilities in Invision Blog before 1.1.2 ...)
	NOT-FOR-US: Invision Blog
CVE-2005-1945 (Cross-site scripting (XSS) vulnerability in the convert_highlite_words ...)
	NOT-FOR-US: Invision Blog
CVE-2005-1944 (xmysqladmin 1.0 and earlier allows local users to delete arbitrary ...)
	NOT-FOR-US: xmysqladmin
CVE-2005-1943 (Multiple SQL injection vulnerabilities in Loki download manager 2.0 ...)
	NOT-FOR-US: Loki download manager
CVE-2005-1942 (Cisco switches that support 802.1x security allow remote attackers to ...)
	NOT-FOR-US: Cisco
CVE-2005-1941 (SilverCity before 0.9.5-r1 installs (1) cgi-styler-form.py, (2) ...)
	NOT-FOR-US: SilverCity
CVE-2005-1940
	RESERVED
CVE-2005-1939 (Directory traversal vulnerability in Ipswitch WhatsUp Small Business ...)
	NOT-FOR-US: Ipswitch WhatsUp
CVE-2005-1938
	REJECTED
CVE-2005-1937 (A regression error in Firefox 1.0.3 and Mozilla 1.7.7 allows remote ...)
	{DSA-810-1 DSA-777-1 DSA-775-1 DTSA-7-1 DTSA-8-2 DTSA-14-1}
	- mozilla-firefox 1.0.6-1 (medium)
	- mozilla 2:1.7.10-1 (medium)
	[woody] - mozilla <not-affected> (regression of a previous security fix)
CVE-2004-2137 (Outlook Express 6.0, when sending multipart e-mail messages using the ...)
	NOT-FOR-US: Microsoft
CVE-2005-1936 (Unknown vulnerability in the web server for the ESS/ Network ...)
	NOT-FOR-US: Xerox hardware issue
CVE-2005-1935 (Heap-based buffer overflow in the BERDecBitString function in ...)
	NOT-FOR-US: Microsoft
CVE-2005-1933 (Dashboard in Apple Mac OS X Tiger 10.4 allows attackers to execute ...)
	NOT-FOR-US: Apple
CVE-2005-1934 (Gaim before 1.3.1 allows remote attackers to cause a denial of service ...)
	{DSA-734-1}
	- gaim 1:1.3.1-1 (bug #315356; low)
CVE-2005-1930 (Directory traversal vulnerability in the Crystal Report component ...)
	NOT-FOR-US: Trend Micro ServerProtect
CVE-2005-1929 (Multiple heap-based buffer overflows in (1) isaNVWRequest.dll and (2) ...)
	NOT-FOR-US: Trend Micro ServerProtect
CVE-2005-1928 (Trend Micro ServerProtect EarthAgent for Windows Management Console ...)
	NOT-FOR-US: Trend Micro ServerProtect
CVE-2005-1927
	RESERVED
CVE-2005-1926
	RESERVED
CVE-2005-1925 (Multiple directory traversal vulnerabilities in Tikiwiki before 1.9.1 ...)
	NOT-FOR-US: Tikiwiki
CVE-2005-1924 (The G/PGP (GPG) Plugin 2.1 and earlier for Squirrelmail allow remote ...)
	NOT-FOR-US: External Squirrelmail plugin not packaged in Debian
CVE-2005-1923 (The ENSURE_BITS macro in mszipd.c for Clam AntiVirus (ClamAV) 0.83, ...)
	{DSA-737-1 DTSA-3-1}
	- clamav 0.86.1 (bug #316401; bug #316462; medium)
CVE-2005-1922 (The MS-Expand file handling in Clam AntiVirus (ClamAV) before 0.86 ...)
	{DSA-737-1 DTSA-3-1}
	- clamav 0.86.1-1 (low)
CVE-2005-1921 (Eval injection vulnerability in PEAR XML_RPC 1.3.0 and earlier (aka ...)
	{DSA-789-1 DSA-746-1 DSA-747-1 DSA-745-1 DTSA-15-1}
	- serendipity 1.0-1
	- drupal 4.5.4-1 (high; bug #316362)
	- phpgroupware 0.9.16.006-1 (high)
	- egroupware 1.0.0.007-3.dfsg-1 (bug #317263; high)
	- phpwiki 1.3.7-4 (bug #316714; high)
	- php4 4:4.3.10-16 (high; bug #316447)
	- horde3 <not-affected> (horde3 ships different XMLRPC code)
CVE-2005-1920 (The (1) Kate and (2) Kwrite applications in KDE KDE 3.2.x through ...)
	{DSA-804-2}
	- kdelibs 4:3.4.2-1 (bug #319016; medium)
CVE-2005-1919
	REJECTED
CVE-2005-1918 (The original patch for a GNU tar directory traversal vulnerability ...)
	- tar 1.14-2.2
	NOTE: 1.14-2.2 is ok, maybe Debian was not-affected anyway
CVE-2005-1917 (kpopper 1.0 and earlier allows local users to create and overwrite ...)
	NOT-FOR-US: kpopper, there is a kpopper in kerberos4kth-servers, but this is not the same one
CVE-2005-1916 (linki.py in ekg 2005-06-05 and earlier allows local users to overwrite ...)
	{DSA-760-1 DTSA-4-1}
	- ekg 1:1.5+20050712+1.6rc2-1 (bug #318059; bug #317027; low)
CVE-2005-1915 (The log4sh_readProperties function in log4sh 1.2.5 and earlier allows ...)
	NOT-FOR-US: log4sh
CVE-2005-1914 (CenterICQ 4.20.0 and earlier creates temporary files with predictable ...)
	{DSA-754-1 DTSA-2-1}
	- centericq 4.20.0-7 (medium)
CVE-2005-1913 (The Linux kernel 2.6 before 2.6.12.1 allows local users to cause a ...)
	{DTSA-16-1}
	- linux-2.6 2.6.12-1 (medium)
	- kernel-source-2.6.11 2.6.11-6 (medium)
CVE-2005-1912
	REJECTED
CVE-2005-1911 (The fetchnews NNTP client in leafnode 1.11.2 and earlier can hang ...)
	- leafnode 1.11.3.rel-1 (bug #338886; low)
	[sarge] - leafnode 1.11.2.rel-1.0sarge0
CVE-2005-1910 (SQL injection vulnerability in login.asp for WWWeb Concepts Events ...)
	NOT-FOR-US: WWWeb Concepts Events System
CVE-2005-1909 (The web server control panel in 602LAN SUITE 2004 allows remote ...)
	NOT-FOR-US: 602LAN SUITE
CVE-2005-1908 (Perception LiteWeb allows remote attackers to bypass access controls ...)
	NOT-FOR-US: Perception LiteWeb
CVE-2005-1907 (The ISA Firewall service in Microsoft Internet Security and ...)
	NOT-FOR-US: Microsoft
CVE-2005-1906 (SQL injection vulnerability in login.asp in livingmailing 1.3 allows ...)
	NOT-FOR-US: livingmailing
CVE-2005-1905 (The klif.sys driver in Kaspersky Labs Anti-Virus 5.0.227, 5.0.228, and ...)
	NOT-FOR-US: Kaspersky
CVE-2005-1904 (SQL injection vulnerability in login.asp in JiRo's Upload System (JUS) ...)
	NOT-FOR-US: JiRo's Upload Systems
CVE-2005-1903 (Buffer overflow in the IMAP service for SPA-PRO Mail @Solomon 4.00 ...)
	NOT-FOR-US: SPA-PRO Mail
CVE-2005-1902 (Directory traversal vulnerability in the IMAP service for SPA-PRO Mail ...)
	NOT-FOR-US: SPA-PRO Mail
CVE-2005-1901 (Multiple cross-site scripting (XSS) vulnerabilities in Sawmill before ...)
	NOT-FOR-US: Sawmill
CVE-2005-1900 (Sawmill before 7.1.6 allows remote attackers to bypass authentication ...)
	NOT-FOR-US: Sawmill
CVE-2005-1899 (Rakkarsoft RakNet network library 2.33 and earlier, when released ...)
	NOT-FOR-US: RakNet
CVE-2005-1898 (The passthrough functionality in phpThumb.php in phpThumb() before ...)
	NOT-FOR-US: phpThumb
CVE-2005-1897 (Unknown vulnerability in FlexCast Audio Video Streaming Server before ...)
	NOT-FOR-US: FlexCast
CVE-2005-1896 (Directory traversal vulnerability in thumb.php in FlatNuke 2.5.3 ...)
	NOT-FOR-US: FlatNuke
CVE-2005-1895 (Cross-site scripting (XSS) vulnerability in FlatNuke 2.5.3 allows ...)
	NOT-FOR-US: FlatNuke
CVE-2005-1894 (Direct code injection vulnerability in FlatNuke 2.5.3 allows remote ...)
	NOT-FOR-US: FlatNuke
CVE-2005-1893 (FlatNuke 2.5.3 allows remote attackers to obtain sensitive information ...)
	NOT-FOR-US: FlatNuke
CVE-2005-1892 (FlatNuke 2.5.3 allows remote attackers to cause a denial of service or ...)
	NOT-FOR-US: FlatNuke
CVE-2005-1891 (The GIF parser in ateimg32.dll in AOL Instant Messenger (AIM) 5.9.3797 ...)
	NOT-FOR-US: AOL Instant Messenger
CVE-2005-1890 (Unknown vulnerability in Mortiforo before 0.9.1 allows users to access ...)
	NOT-FOR-US: Mortiforo
CVE-2005-1889 (Unknown vulnerability in Sun ONE Application Server 6.5 SP1 ...)
	NOT-FOR-US: Sun ONE
CVE-2005-1888 (Cross-site scripting (XSS) vulnerability in MediaWiki before 1.4.5 ...)
	- mediawiki 1.4.9 (bug #276057)
CVE-2005-1887 (Unknown vulnerability in the Sun Solaris C library (libc and ...)
	NOT-FOR-US: Solaris
CVE-2005-1886 (Cross-site scripting (XSS) vulnerability in view.php in YaPiG 0.92b, ...)
	NOT-FOR-US: YaPiG
CVE-2005-1885 (view.php in YaPiG 0.92b, 0.93u and 0.94u allows remote attackers to ...)
	NOT-FOR-US: YaPiG
CVE-2005-1884 (Directory traversal vulnerability in the (1) rmdir or (2) mkdir ...)
	NOT-FOR-US: YaPiG
CVE-2005-1883 (global.php in YaPiG 0.92b allows remote attackers to include arbitrary ...)
	NOT-FOR-US: YaPiG
CVE-2005-1882 (PHP remote file inclusion vulnerability in last_gallery.php in YaPiG ...)
	NOT-FOR-US: YaPiG
CVE-2005-1881 (upload.php in YaPiG 0.92b, 0.93u and 0.94u does not properly restrict ...)
	NOT-FOR-US: YaPiG
CVE-2005-1880 (everybuddy 0.4.3 and earlier allows local users to overwrite arbitrary ...)
	NOT-FOR-US: everybuddy
CVE-2005-1879 (LutelWall 0.97 and earlier allows local users to overwrite arbitrary ...)
	NOT-FOR-US: LutelWall
CVE-2005-1878 (GIPTables Firewall 1.1 and earlier allows local users to overwrite ...)
	NOT-FOR-US: GIPTables
CVE-2005-1877 (Cross-site scripting (XSS) vulnerability in view_ticket.php in Lpanel ...)
	NOT-FOR-US: Lpanel
CVE-2005-1876 (Direct code injection vulnerability in CuteNews 1.3.6 and earlier ...)
	NOT-FOR-US: CuteNews
CVE-2005-1875 (Multiple SQL injection vulnerabilities in list.php in Exhibit Engine ...)
	NOT-FOR-US: Exhibit Engine
CVE-2005-1874 (Directory traversal vulnerability in Dzip before 2.9 allows remote ...)
	NOT-FOR-US: Dzip
CVE-2005-1873 (Multiple buffer overflows in Crob FTP 3.6.1, and possibly earlier ...)
	NOT-FOR-US: Crob
CVE-2005-1872 (Buffer overflow in the administrative console in IBM WebSphere ...)
	NOT-FOR-US: WebSphere
CVE-2005-1871 (Unknown vulnerability in the privilege system in Drupal 4.4.0 through ...)
	- drupal 4.5.3-1
CVE-2005-1870 (PHP remote file inclusion vulnerability in childwindow.inc.php in ...)
	NOT-FOR-US: Popper
CVE-2005-1869 (PHP remote file inclusion vulnerability in start_lobby.php in MWChat ...)
	NOT-FOR-US: MWChat
CVE-2005-1868 (I-Man 0.9, and possibly earlier versions, allows remote attackers to ...)
	NOT-FOR-US: I-Man
CVE-2005-1867 (Symantec Brightmail AntiSpam before 6.0.2 has a hard-coded database ...)
	NOT-FOR-US: Symantec
CVE-2005-1866 (Cross-site scripting (XSS) vulnerability in calendar.php in Calendarix ...)
	NOT-FOR-US: Calendarix
CVE-2005-1865 (Multiple SQL injection vulnerabilities in Calendarix Advanced 1.5 ...)
	NOT-FOR-US: Calendarix
CVE-2005-1864 (PHP remote file inclusion vulnerability in cal_admintop.php in ...)
	NOT-FOR-US: Calendarix
CVE-2003-1218
	RESERVED
CVE-2003-1217
	RESERVED
CVE-2005-1863
	RESERVED
CVE-2005-1862
	RESERVED
CVE-2005-1861
	RESERVED
CVE-2005-1860
	RESERVED
CVE-2005-1859 (Unknown vulnerability in arshell in the Array Service (arrayd) for SGI ...)
	NOT-FOR-US: arshell
CVE-2005-1857 (Format string vulnerability in simpleproxy before 3.4 allows remote ...)
	{DSA-786-1}
	- simpleproxy 3.2-4 (medium)
CVE-2005-1856 (The CD-burning feature in backup-manager 0.5.8 and earlier uses a ...)
	{DSA-787-1}
	- backup-manager 0.5.8-2 (bug #315582; low)
	NOTE: maybe a duplicate of CVE-2005-2212, author contacted
CVE-2005-1855 (Backup Manager (backup-manager) before 0.5.8 creates backup files with ...)
	{DSA-787-1}
	- backup-manager 0.5.8-2 (medium)
	NOTE: maybe a duplicate of CVE-2005-2211, author contacted
CVE-2005-1854 (Unknown vulnerability in apt-cacher in Debian 3.1, related to &quot;missing ...)
	{DSA-772-1}
	- apt-cacher 0.9.10 (high)
CVE-2005-1853 (gopher.c in the Gopher client 3.0.5 does not properly create temporary ...)
	{DSA-770-1}
	- gopher 3.0.8 (low)
CVE-2005-1852 (Multiple integer overflows in libgadu, as used in Kopete in KDE 3.2.3 ...)
	{DSA-767-1 DTSA-4-1}
	- kdenetwork 4:3.3.2-5 (bug #319443; unimportant)
	NOTE: Kopete embeds the vulnerable code, but it's only used as a fallback when
	NOTE: no shared lib version is found. As the Debian package has a dependency on
	NOTE: it the maintainer does not intent to fix it, see # 319443
	- ekg 1:1.5+20050712+1.6rc3-1 (bug #318970; medium)
CVE-2005-1851 (A certain contributed script for ekg Gadu Gadu client 1.5 and earlier ...)
	{DSA-760-1 DTSA-4-1}
	- ekg 1:1.5+20050712+1.6rc2-1 (low)
CVE-2005-1850 (Certain contributed scripts for ekg Gadu Gadu client 1.5 and earlier ...)
	{DSA-760-1 DTSA-4-1}
	- ekg 1:1.5+20050712+1.6rc2-1 (low)
CVE-2005-1849 (inftrees.h in zlib 1.2.2 allows remote attackers to cause a denial of ...)
	{DSA-1026-1 DSA-797-2 DSA-797-1 DSA-763-1}
	NOTE: This is only contrib code not built in the binary packages AFAIK
	- zlib 1:1.2.3-1 (low)
	- zsync 0.4.1-1 (low)
	NOTE: zsync 0.4.0-2 (mentioned in DSA-797-1) was never uploaded.
CVE-2005-1848 (The dhcpcd DHCP client before 1.3.22 allows remote attackers to cause ...)
	{DSA-750-1}
	- dhcpcd 1:1.3.22pl4-22 (medium)
CVE-2005-1847 (Multiple buffer overflows in YaMT before 0.5_2 allow attackers to ...)
	NOT-FOR-US: YaMT
CVE-2005-1846 (Multiple directory traversal vulnerabilities in YaMT before 0.5_2 ...)
	NOT-FOR-US: YaMT
CVE-2005-1845
	RESERVED
CVE-2005-1844
	RESERVED
CVE-2005-1843 (VCNative for Adobe Version Cue 1.0 and 1.0.1, as used in Creative ...)
	NOT-FOR-US: Windows
CVE-2005-1842 (VCNative for Adobe Version Cue 1.0 and 1.0.1, as used in Creative ...)
	NOT-FOR-US: Windows
CVE-2005-1841 (The control for Adobe Reader 5.0.9 and 5.0.10 on Linux, Solaris, ...)
	NOT-FOR-US: acroread
CVE-2005-1858 (FUSE 2.x before 2.3.0 does not properly clear previously used memory ...)
	{DSA-744-1}
	- fuse 2.3.0-1
CVE-2005-2349 [Directory traversal in zoo]
	RESERVED
	- zoo 2.10-4 (low; bug #309594)
CVE-2005-2350 [Cross Site Scripting in websieve]
	RESERVED
	- websieve <removed> (bug #311838; low)
CVE-2005-1840 (Directory traversal vulnerability in class.layout_phpcms.php in phpCMS ...)
	NOT-FOR-US: phpCMS
CVE-2005-1839 (Multiple SQL injection vulnerabilities in Doug Luxem Liberum Help Desk ...)
	NOT-FOR-US: Liberum
CVE-2005-1838 (Multiple cross-site scripting vulnerabilities in castnewPost.asp in ...)
	NOT-FOR-US: Liberum
CVE-2005-1837 (Fortinet firewall running FortiOS 2.x contains a hardcoded uername ...)
	NOT-FOR-US: Fortinet firewall
CVE-2005-1836 (NEXTWEB (i)Site allows remote attackers to cause a denial of service ...)
	NOT-FOR-US: NEXTWEB
CVE-2005-1835 (NEXTWEB (i)Site stores databases under the web document root with ...)
	NOT-FOR-US: NEXTWEB
CVE-2005-1834 (SQL injection vulnerability in login.asp in NEXTWEB (i)Site allows ...)
	NOT-FOR-US: NEXTWEB
CVE-2005-1833 (Multiple SQL injection vulnerabilities in MyBulletinBoard (MyBB) 1.00 ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2005-1832 (Multiple cross-site scripting (XSS) vulnerabilities in MyBulletinBoard ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2005-1831 (** DISPUTED ** ...)
	- sudo <not-affected> (Unreproducable, seems like a broken PAM setup on the submitter's side)
CVE-2005-1830 (The DbgMsg.sys driver in Compuware SoftICE DriverStudio 3.1 and 3.2 ...)
	NOT-FOR-US: SoftICE
CVE-2005-1829 (Microsoft Internet Explorer 6 SP2 allows remote attackers to cause a ...)
	NOT-FOR-US: Microsoft
CVE-2005-1828 (D-Link DSL-504T stores usernames and passwords in cleartext in the ...)
	NOT-FOR-US: D-Link hardware issue
CVE-2005-1827 (D-Link DSL-504T allows remote attackers to bypass authentication and ...)
	NOT-FOR-US: D-Link hardware issue
CVE-2005-1826 (Buffer overflow in HP Radia Notify Daemon 3.1.0.0 (formerly by ...)
	NOT-FOR-US: HP Radia
CVE-2005-1825 (Multiple stack-based buffer overflows in the nvd_exec function in HP ...)
	NOT-FOR-US: HP Radia
CVE-2005-1824 (The sql_escape_string function in auth/sql.c for the mailutils SQL ...)
	- mailutils 1:0.6.1-2
CVE-2005-1823 (Multiple cross-site scripting (XSS) vulnerabilities in Qualiteam ...)
	NOT-FOR-US: Qualiteam X-Cart
CVE-2005-1822 (Multiple SQL injection vulnerabilities in Qualiteam X-Cart 4.0.8 allow ...)
	NOT-FOR-US: Qualiteam X-Cart
CVE-2005-1821 (PHP remote file inclusion vulnerability in pdl_header.inc.php in ...)
	NOT-FOR-US: PowerDownload
CVE-2005-1820 (zboard.php in Zeroboard version 4.1pl2 to 4.1pl5 allows remote ...)
	NOT-FOR-US: Zeroboard
CVE-2005-1819 (Cross-site scripting (XSS) vulnerability in NikoSoft WebMail before ...)
	NOT-FOR-US: NikoSoft WebMail
CVE-2005-1818 (Multiple SQL injection vulnerabilities in NewLife Blogger before 3.3.1 ...)
	NOT-FOR-US: NewLife Blogger
CVE-2005-1817 (Invision Power Board (IPB) 1.0 through 1.3 allows remote attackers to ...)
	NOT-FOR-US: Invision Power Board
CVE-2005-1816 (Invision Power Board (IPB) 1.0 through 2.0.4 allows non-root admins to ...)
	NOT-FOR-US: Invision Power Board
CVE-2005-1815 (Multiple buffer overflows in Hummingbird Connectivity inetD 10.0.0.1 ...)
	NOT-FOR-US: Hummingbird Connectivity
CVE-2005-1814 (Stack-based buffer overflow in PicoWebServer 1.0 allows remote ...)
	NOT-FOR-US: PicoWebServer
CVE-2005-1813 (Directory traversal vulnerability in FutureSoft TFTP Server Evaluation ...)
	NOT-FOR-US: FutureSoft TFTP Server
CVE-2005-1812 (Multiple stack-based buffer overflows in FutureSoft TFTP Server ...)
	NOT-FOR-US: FutureSoft TFTP Server
CVE-2005-1811 (Cross-site scripting (XSS) vulnerability in usercp.php for ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2005-1810 (SQL injection vulnerability in template-functions-category.php in ...)
	- wordpress 1.5.1.2-1
CVE-2005-1809 (Sony Ericsson P900 Beamer allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Sony hardware issue
CVE-2005-1808 (Firefly Studios Stronghold 2 1.2 and earlier allows remote attackers ...)
	NOT-FOR-US: Stronghold game
CVE-2005-1807 (The Data function in class.smtp.php in PHPMailer 1.7.2 and earlier ...)
	- libphp-phpmailer 1.73
CVE-2005-1806 (Format string vulnerability in PeerCast 0.1211 and earlier allows ...)
	NOT-FOR-US: PeerCast
CVE-2005-1805 (SQL injection vulnerability in login.asp in an unknown product by ...)
	NOT-FOR-US: Online Solutions for Educators
CVE-2005-1804 (Multiple SQL injection vulnerabilities in Net Portal Dynamic System ...)
	NOT-FOR-US: Net Portal Dynamic System
CVE-2005-1803 (Multiple cross-site scripting (XSS) vulnerabilities in Net Portal ...)
	NOT-FOR-US: Net Portal Dynamic System
CVE-2005-1802 (Nortel VPN Router (aka Contivity) allows remote attackers to cause a ...)
	NOT-FOR-US: Nortel hardware
CVE-2005-1801 (The vCard viewer in Nokia 9500 allows attackers to cause a denial of ...)
	NOT-FOR-US: Nokia hardware
CVE-2005-1800 (Cross-site scripting (XSS) vulnerability in Jaws Glossary gadget 0.4 ...)
	NOT-FOR-US: Jaws glossary gadget
CVE-2005-1799 (Cross-site scripting (XSS) vulnerability in FreeStyle Wiki 3.5.7 and ...)
	NOT-FOR-US: FreeStyle Wiki
CVE-2005-1798 (Directory traversal vulnerability in ServersCheck Monitoring Software ...)
	NOT-FOR-US: ServersCheck
CVE-2005-1797 (The design of Advanced Encryption Standard (AES), aka Rijndael, allows ...)
	NOTE: Cryptographic attack on AES, cannot be fixed
CVE-2005-1796 (Format string vulnerability in the curses_msg function in the Ncurses ...)
	{DSA-749-1}
	- ettercap 1:0.7.1-1.1 (bug #311615)
CVE-2005-1795 (The filecopy function in misc.c in Clam AntiVirus (ClamAV) before ...)
	NOT-FOR-US: ClamAV on Mac OS X
CVE-2005-1794 (Microsoft Terminal Server using Remote Desktop Protocol (RDP) 5.2 ...)
	NOT-FOR-US: Microsoft
CVE-2005-1793 (User32.DLL in Microsoft Windows 98SE, and possibly other operating ...)
	NOT-FOR-US: Microsoft
CVE-2005-1792 (Memory leak in Windows Management Instrumentation (WMI) service allows ...)
	NOT-FOR-US: Microsoft
CVE-2005-1791 (Microsoft Internet Explorer 6 SP2 (6.0.2900.2180) crashes when the ...)
	NOT-FOR-US: Microsoft
CVE-2005-1790 (Microsoft Internet Explorer 6 SP2 6.0.2900.2180 and 6.0.2800.1106, and ...)
	{CVE-2005-3896}
	NOT-FOR-US: Microsoft
	NOTE: The exploit causes Mozilla to crash, see CVE-2005-3896.
CVE-2005-1789 (SQL injection vulnerability in SignIn.asp in India Software Solution ...)
	NOT-FOR-US: India Software Solution shopping cart
CVE-2005-1788 (SQL injection vulnerability in resellerresources.asp in Hosting ...)
	NOT-FOR-US: Hosting Controller
CVE-2005-1787 (setup.php in phpStat 1.5 allows remote attackers to bypass ...)
	NOT-FOR-US: phpStat
CVE-2005-1786 (SQL injection vulnerability in admin.asp in FunkyASP AD System 1.1 ...)
	NOT-FOR-US: FunkyASP
CVE-2005-1785 (SQL injection vulnerability in ad/login.asp in ZonGG 1.2 allows remote ...)
	NOT-FOR-US: ZonGG
CVE-2005-1784 (Hosting Controller 6.1 HotFix 2.0 and earlier allows remote attackers ...)
	NOT-FOR-US: Hosting Controller
CVE-2005-1783 (BookReview beta 1.0 allows remote attackers to obtain the path of the ...)
	NOT-FOR-US: BookReview
CVE-2005-1782 (Multiple cross-site scripting (XSS) vulnerabilities in BookReview beta ...)
	NOT-FOR-US: BookReview
CVE-2005-1781 (Unknown vulnerability in SMTP authentication for MailEnable allows ...)
	NOT-FOR-US: MailEnable
CVE-2005-1780 (SQL injection vulnerability in admin/login.asp in Active News Manager ...)
	NOT-FOR-US: Active News Manager
CVE-2005-1779 (SQL injection vulnerability in password.asp in MaxWebPortal 1.35, ...)
	NOT-FOR-US: MaxWebPortal
CVE-2005-1778 (Cross-site scripting (XSS) vulnerability in readpmsg.php in PostNuke ...)
	NOT-FOR-US: PostNuke
CVE-2005-1777 (SQL injection vulnerability in readpmsg.php in PostNuke 0.750 allows ...)
	NOT-FOR-US: PostNuke
CVE-2005-1776 (Buffer overflow in the READ_TCP_STRING function in ...)
	NOT-FOR-US: C'Nedra
CVE-2005-1775 (Terminator 3: War of the Machines 1.16 and earlier allows remote ...)
	NOT-FOR-US: Terminator game
CVE-2005-1774 (WEB-DAV Linux File System (davfs2) 0.2.3 does not properly enforce ...)
	- davfs2 0.2.4-1 (bug #310757; medium)
CVE-2005-1773 (Multiple unknown vulnerabilities in L-Soft LISTSERV 14.3, 1.8e, and ...)
	NOT-FOR-US: Listserv
CVE-2005-1772 (Buffer overflow in the client cd-key hash in Terminator 3: War of the ...)
	NOT-FOR-US: Terminator game
CVE-2005-1771 (Unknown vulnerability in HP-UX trusted systems B.11.00 through B.11.23 ...)
	NOT-FOR-US: HPUX
CVE-2005-1770 (Buffer overflow in the Aavmker4 device driver in Avast! Antivirus 4.6 ...)
	NOT-FOR-US: Avast
CVE-2005-1769 (Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail ...)
	{DSA-756-1}
	- squirrelmail 2:1.4.4-6sarge1 (bug #314374; medium)
CVE-2005-1768 (Race condition in the ia32 compatibility code for the execve system ...)
	{DSA-921-1}
	- kernel-source-2.4.27 2.4.27-11 (medium; bug #319629)
CVE-2005-1767 (traps.c in the Linux kernel 2.6.x and 2.4.x executes stack segment ...)
	{DSA-922-1 DSA-921-1}
	- linux-2.6 2.6.12-1
	- kernel-source-2.4.27 2.4.27-11
	NOTE: amd64 is not supported for 2.4 (the issue is amd64 speficic)
CVE-2005-1766 (Heap-based buffer overflow in rtffplin.cpp in RealPlayer 10.5 ...)
	{DSA-826-1}
	- helix-player 1.0.5-1 (bug #316276; high)
	NOTE: Helix Player is affected according to:
	NOTE: <http://service.real.com/help/faq/security/050623_player/EN/>
CVE-2005-1765 (syscall in the Linux kernel 2.6.8.1 and 2.6.10 for the AMD64 platform, ...)
	{DSA-922-1 DTSA-16-1}
	- linux-2.6 2.6.12-1 (medium)
	- kernel-source-2.4.27 <not-affected>
CVE-2005-1764 (Linux 2.6.11 on 64-bit x86 (x86_64) platforms does not use a guard ...)
	- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.11)
	- kernel-source-2.4.27 <not-affected>
CVE-2005-1763 (Buffer overflow in ptrace in the Linux Kernel for 64-bit architectures ...)
	{DSA-922-1}
	- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.12-rc5)
CVE-2005-1762 (The ptrace call in the Linux kernel 2.6.8.1 and 2.6.10 for the AMD64 ...)
	{DSA-922-1 DSA-921-1 DTSA-16-1}
	- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.12-rc5)
	- kernel-source-2.4.27 2.4.27-11
CVE-2005-1761 (Linux kernel 2.6 and 2.4 on the IA64 architecture allows local users ...)
	{DSA-1018-1 DSA-922-1 DTSA-16-1}
	- linux-2.6 2.6.12-1 (medium)
CVE-2005-1760 (sysreport 1.3.15 and earlier includes contents of the up2date file in ...)
	NOT-FOR-US: sysreport
CVE-2005-1759 (Race condition in shtool 2.0.1 and earlier allows local users to ...)
	- shtool 2.0.1-2 (low)
	[sarge] - shtool <no-dsa> (Minor issue)
	- mysql-ocaml 1.0.3-6 (unimportant)
	- php4 4:4.4.0-1 (unimportant)
CVE-2005-1758 (Buffer overflow in the IMAP command continuation function in Novell ...)
	NOT-FOR-US: Novell
CVE-2005-1757 (Buffer overflow in the Modweb agent for Novell NetMail 3.52 before ...)
	NOT-FOR-US: Novell
CVE-2005-1756 (Cross-site scripting (XSS) vulnerability in the ModWeb agent for ...)
	NOT-FOR-US: Novell
CVE-2005-1751 (Race condition in shtool 2.0.1 and earlier allows local users to ...)
	{DSA-789-1 DTSA-15-1}
	- shtool 2.0.1-2 (bug #311206; low)
	[sarge] - shtool <no-dsa> (Minor issue)
	- mysql-ocaml 1.0.3-6 (bug #314464; unimportant)
	- php4 4:4.3.10-16 (low)
CVE-2004-2136 (dm-crypt on Linux kernel 2.6.x, when used on certain file systems ...)
	TODO: This looks like a minor issue, the paper is from Feb 2004, check whether this still applies
CVE-2004-2135 (cryptoloop on Linux kernel 2.6.x, when used on certain file systems ...)
	TODO: This looks like a minor issue, the paper is from Feb 2004, check whether this still applies
CVE-2004-2134 (Oracle toplink mapping workBench uses a weak encryption algorithm for ...)
	NOT-FOR-US: Oracle
CVE-2004-2133 (Certain third-party packages for CVSup 16.1h, such as SuSE Linux, ...)
	NOT-FOR-US: CVSup third party modules
CVE-2004-2132 (Directory traversal vulnerability in PJreview_Neo.cgi in PJ CGI Neo ...)
	NOT-FOR-US: PJ CGI Nero
CVE-2004-2131 (Stack-based buffer overflow in ontape for IBM Informix Dynamic Server ...)
	NOT-FOR-US: Informix Dynamic Server
CVE-2004-2130 (Multiple cross-site scripting (XSS) vulnerabilities in privmsg.php in ...)
	- phpbb2 2.0.6d-2
CVE-2004-2129 (SurfNOW 2.2 allows remote attackers to cause a denial of service ...)
	NOT-FOR-US: SurfNOW
CVE-2004-2128 (Cross-site scripting (XSS) vulnerability in BRS WebWeaver 1.07 allows ...)
	NOT-FOR-US: WebWeaver
CVE-2004-2127 (Directory traversal vulnerability in Web Blog 1.1 allows remote ...)
	NOT-FOR-US: Web Blog
CVE-2004-2126 (The upgrade for BlackICE PC Protection 3.6 and earlier sets insecure ...)
	NOT-FOR-US: BlackICE
CVE-2004-2125 (Buffer overflow in blackd.exe for BlackICE PC Protection 3.6 and other ...)
	NOT-FOR-US: BlackICE
CVE-2004-2124 (The register_globals simulation capability in Gallery 1.3.1 through ...)
	- gallery 1.4.4-pl1-1
CVE-2004-2123 (Multiple cross-site scripting (XSS) vulnerabilities in Nextplace.com ...)
	NOT-FOR-US: Nextplace
CVE-2004-2122 (Cross-site scripting (XSS) vulnerability in intraforum_db.cgi in Intra ...)
	NOT-FOR-US: Intra Forum
CVE-2004-2121 (Multiple directory traversal vulnerabilities in Borland Web Server ...)
	NOT-FOR-US: Borland Web Server
CVE-2004-2120 (Reptile Web Server allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Reptile Web Server
CVE-2004-2119 (Cross-site scripting (XSS) vulnerability in Tiny Server 1.1 allows ...)
	NOT-FOR-US: Tiny Server
CVE-2004-2118 (Tiny Server 1.1 allows remote attackers to cause a denial of service ...)
	NOT-FOR-US: Tiny Server
CVE-2004-2117 (Tiny Server 1.1 allows remote attackers to cause a denial of service ...)
	NOT-FOR-US: Tiny Server
CVE-2004-2116 (Directory traversal vulnerability in Tiny Server 1.1 allows remote ...)
	NOT-FOR-US: Tiny Server
CVE-2004-2115 (Multiple cross-site scripting (XSS) vulnerabilities in Oracle HTTP ...)
	NOT-FOR-US: Oracle
CVE-2004-2114 (Stack-based and heap-based buffer overflows in ProxyNow! 2.75 and ...)
	NOT-FOR-US: ProxyNow!
CVE-2004-2113 (Cross-site scripting (XSS) vulnerability in BremsServer 1.2.4 allows ...)
	NOT-FOR-US: BremsServer
CVE-2004-2112 (Directory traversal vulnerability in BremsServer 1.2.4 allows remote ...)
	NOT-FOR-US: BremsServer
CVE-2004-2111 (Stack-based buffer overflow in the site chmod command in Serv-U FTP ...)
	NOT-FOR-US: Serv-U FTP Server
CVE-2004-2110 (SQL injection vulnerability in register.php in Phorum before 3.4.6 ...)
	NOT-FOR-US: Phorum
CVE-2004-2109 (Multiple cross-site scripting (XSS) vulnerabilities in (1) ...)
	NOT-FOR-US: Q-Shop
CVE-2004-2108 (Multiple SQL injection vulnerabilities in QuadComm Q-Shop allow remote ...)
	NOT-FOR-US: Q-Shop
CVE-2004-2107 (Finjan SurfinGate 6.0 and 7.0, when running in proxy mode, does not ...)
	NOT-FOR-US: Finjan SurfinGate
CVE-2004-2106 (Novell NetWare Enterprise Web Server 5.1 and 6.0 allows remote ...)
	NOT-FOR-US: Novell NetWare
CVE-2004-2105 (The webacc servlet in Novell NetWare Enterprise Web Server 5.1 and 6.0 ...)
	NOT-FOR-US: Novell NetWare
CVE-2004-2104 (Novell NetWare Enterprise Web Server 5.1 and 6.0 allows remote ...)
	NOT-FOR-US: Novell NetWare
CVE-2004-2103 (Cross-site scripting (XSS) vulnerability in Novell NetWare Enterprise ...)
	NOT-FOR-US: Novell NetWare
CVE-2004-2102 (Cross-site scripting (XSS) vulnerability in FREESCO 2.05, a modified ...)
	NOT-FOR-US: Freesco
CVE-2004-2101 (The sysinfo script in GeoHttpServer allows remote attackers to cause a ...)
	NOT-FOR-US: GeoHttpServer
CVE-2004-2100 (GeoHttpServer, when configured to authenticate users, allows remote ...)
	NOT-FOR-US: GeoHttpServer
CVE-2004-2099 (Buffer overflow in Need for Speed Hot Pursuit 2.0 client (NFSHP2), ...)
	NOT-FOR-US: Need for Speed game
CVE-2004-2098 (Cross-site scripting (XSS) vulnerability in the banner engine (TBE) ...)
	NOT-FOR-US: Banner engine
CVE-2004-2097 (Multiple scripts on SuSE Linux 9.0 allow local users to overwrite ...)
	- fvwm <not-affected> (Used mktemp)
	- xbase-clients <not-affected> (x11perfcomp uses mkdir atomically)
	- lvm10 <not-affected> (does not contain lvmcreate_initrd)
CVE-2004-2096 (Cross-site scripting (XSS) vulnerability in Mephistoles httpd 0.6.0 ...)
	NOT-FOR-US: Mephistoles
CVE-2004-2095 (Honeyd before 0.8 replies to TCP packets with the SYN and RST flags ...)
	- honeyd 0.8-1
CVE-2004-2094 (Cross-site scripting (XSS) vulnerability in WebcamXP 1.06.945 allows ...)
	NOT-FOR-US: WebcamXP
CVE-2003-1216 (SQL injection vulnerability in search.php for phpBB 2.0.6 and earlier ...)
	- phpbb2 2.0.8a-1
CVE-2003-1215 (SQL injection vulnerability in groupcp.php for phpBB 2.0.6 and earlier ...)
	- phpbb2 2.0.8a-1
CVE-2002-1665 (Buffer overflow in Yahoo! Messenger before February 2002 allows remote ...)
	NOT-FOR-US: Yahoo Messenger
CVE-2002-1664 (Yahoo! Messenger before February 2002 allows remote attackers to add ...)
	NOT-FOR-US: Yahoo Messenger
CVE-2005-XXXX [Unspecified issue in moodle's admin/delete.php]
	- moodle 1.4.4.dfsg.1-3
CVE-2005-2351 [Minor DoS condition in mutt due to preditable tempfiles]
	RESERVED
	- mutt <unfixed> (bug #311296; unimportant)
	[sarge] - mutt <no-dsa> (Minor annoyance, not a real DoS)
	NOTE: An "attacker" could achieve the same by simply filling up /tmp
CVE-2005-XXXX [gforge arbitrary code execution through viewFile.php]
	NOTE: viewFile.php has been removed along with other files in -26, so Debian is
	NOTE: no longer affected.
	- gforge 3.1-26
CVE-2005-XXXX [osh buffer overflow]
	- osh 1.7-13 (bug #311369)
CVE-2005-XXXX [xile buffer overrun in terminal code]
	- zile 2.0.4-2
CVE-2005-1750 (SQL injection vulnerability in login.asp in ezdwc NewsletterEz 3.0 ...)
	NOT-FOR-US: ezwdc NewsletterEz
CVE-2005-1749 (Buffer overflow in BEA WebLogic Server and WebLogic Express 6.1 ...)
	NOT-FOR-US: BEA Weblogic
CVE-2005-1748 (The embedded LDAP server in BEA WebLogic Server and Express 8.1 ...)
	NOT-FOR-US: BEA Weblogic
CVE-2005-1747 (Multiple cross-site scripting (XSS) vulnerabilities in BEA WebLogic ...)
	NOT-FOR-US: BEA Weblogic
CVE-2005-1746 (The cluster cookie parsing code in BEA WebLogic Server 7.0 through ...)
	NOT-FOR-US: BEA Weblogic
CVE-2005-1745 (The UserLogin control in BEA WebLogic Portal 8.1 through Service Pack ...)
	NOT-FOR-US: BEA Weblogic
CVE-2005-1744 (BEA WebLogic Server and WebLogic Express 7.0 through Service Pack 5 ...)
	NOT-FOR-US: BEA Weblogic
CVE-2005-1743 (BEA WebLogic Server and WebLogic Express 8.1 through Service Pack 3 ...)
	NOT-FOR-US: BEA Weblogic
CVE-2005-1742 (BEA WebLogic Server and WebLogic Express 8.1 SP2 and SP3 allows users ...)
	NOT-FOR-US: BEA Weblogic
CVE-2005-1741 (Gearbox Software Halo: Combat Evolved 1.6 allows remote attackers to ...)
	NOT-FOR-US: Halo
CVE-2005-1740 (fixproc in Net-snmp 5.x before 5.2.1-r1 creates temporary files ...)
	- net-snmp <not-affected> (fixproc not installed in Debian package)
CVE-2005-1739 (The XWD Decoder in ImageMagick before 6.2.2.3, and GraphicsMagick ...)
	- imagemagick 6:6.0.6.2-2.4 (bug #310690; bug #310812)
CVE-2005-1738 (Format string vulnerability in the logPrintBadfile function in ...)
	NOT-FOR-US: Iron Bars Shell
CVE-2005-1737 (Multiple unknown vulnerabilities in PROMS 0.11 allow &quot;non-authorized ...)
	NOT-FOR-US: PROMS
CVE-2005-1736 (PROMS 0.11 does not properly handle &quot;certain combinations of rights,&quot; ...)
	NOT-FOR-US: PROMS
CVE-2005-1735 (Multiple cross-site scripting (XSS) vulnerabilities in PROMS before ...)
	NOT-FOR-US: PROMS
CVE-2005-1734 (Multiple SQL injection vulnerabilities in PROMS before 0.11 allow ...)
	NOT-FOR-US: PROMS
CVE-2005-1733 (Cookie Cart stores the password file under the web document root with ...)
	NOT-FOR-US: Cookie Cart
CVE-2005-1732 (Cookie Cart allows remote attackers to read the Order Notification ...)
	NOT-FOR-US: Cookie Cart
CVE-2005-1731
	RESERVED
CVE-2005-1730 (Multiple vulnerabilities in the OpenSSL ASN.1 parser, as used in ...)
	NOT-FOR-US: Novell iManager
CVE-2005-1729 (Novell eDirectory 8.7.3 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Novell
CVE-2005-1728 (MCX Client for Apple Mac OS X 10.4.x up to 10.4.1 insecurely logs ...)
	NOT-FOR-US: Apple
CVE-2005-1727 (Apple Mac OS X 10.4.x up to 10.4.1 sets insecure world- and ...)
	NOT-FOR-US: Apple
CVE-2005-1726 (The CoreGraphics Window Server in Mac OS X 10.4.1 allows local users ...)
	NOT-FOR-US: Apple
CVE-2005-1725 (launchd 106 in Apple Mac OS X 10.4.x up to 10.4.1 allows local users ...)
	NOT-FOR-US: Apple
CVE-2005-1724 (NFS on Apple Mac OS X 10.4.x up to 10.4.1 does not properly obey the ...)
	NOT-FOR-US: Apple
CVE-2005-1723 (LaunchServices in Apple Mac OS X 10.4.x up to 10.4.1 does not properly ...)
	NOT-FOR-US: Apple
CVE-2005-1722 (Unknown vulnerability in the CoreGraphics Window Server for Mac OS X ...)
	NOT-FOR-US: Apple
CVE-2005-1721 (Buffer overflow in the legacy client support for AFP Server for Mac OS ...)
	NOT-FOR-US: Apple
CVE-2005-1720 (AFP Server for Mac OS X 10.4.1, when using an ACL enabled volume, does ...)
	NOT-FOR-US: Apple
CVE-2005-1719 (Unknown vulnerability in ALWIL avast! antivirus 4 (4.6.6230) and ...)
	NOT-FOR-US: avast! antivirus
CVE-2005-1718 (Buffer overflow in LS Games War Times 1.03 and earlier allows remote ...)
	NOT-FOR-US: War Times
CVE-2005-1717 (ZyXEL Prestige 650R-31 router running ZyNOS FW v3.40(KO.1) allows ...)
	NOT-FOR-US: Zyxel hardware
CVE-2005-1716 (TOPo 2.2 (2.2.178) stores data files in the data directory under the ...)
	NOT-FOR-US: TOPo
CVE-2005-1715 (Cross-site scripting (XSS) vulnerability in index.php for TOPo 2.2 ...)
	NOT-FOR-US: TOPo
CVE-2005-1714 (Cross-site scripting (XSS) vulnerability in NetWin SurgeMail 3.0c2 ...)
	NOT-FOR-US: SurgeMail
CVE-2005-1713 (Multiple cross-site scripting (XSS) vulnerabilities in Serendipity 0.8 ...)
	NOT-FOR-US: Serendipity
CVE-2005-1712 (Unknown vulnerability in Serendipity 0.8, when used with multiple ...)
	NOT-FOR-US: Serendipity
CVE-2005-1711 (Gibraltar Firewall 2.2 and earlier, when using the ClamAV update to ...)
	NOT-FOR-US: Gibraltar Firewall
CVE-2005-1710 (Multiple cross-site scripting (XSS) vulnerabilities in Blue Coat ...)
	NOT-FOR-US: Blue Coat
CVE-2005-1709 (Unknown vulnerability in Blue Coat Reporter before 7.1.2 allows remote ...)
	NOT-FOR-US: Blue Coat
CVE-2005-1708 (templates.admin.users.user_form_processing in Blue Coat Reporter ...)
	NOT-FOR-US: Blue Coat
CVE-2005-1707 (The fn_show_postinst function in Gentoo webapp-config before 1.10-r14 ...)
	NOT-FOR-US: Gentoo
CVE-2005-1706 (Unknown vulnerability in MailScanner 4.41.3 and earlier, related to ...)
	- mailscanner 4.42.9 (bug #310774; low)
	[sarge] - mailscanner <no-dsa> (Minor issue)
CVE-2005-1705 (gdb before 6.3 searches the current working directory to load the ...)
	- gdb 6.3-6
CVE-2005-1704 (Integer overflow in the Binary File Descriptor (BFD) library for gdb ...)
	- gdb 6.3-6
CVE-2005-1703 (Warrior Kings: Battles 1.23 and earlier allows remote attackers to ...)
	NOT-FOR-US: Warrior Kings: Battles
CVE-2005-1702 (Format string vulnerability in Warrior Kings: Battles 1.23 and earlier ...)
	NOT-FOR-US: Warrior Kings: Battles
CVE-2005-1701 (SQL injection vulnerability in PortailPHP 1.3 allows remote attackers ...)
	NOT-FOR-US: PortailPHP
CVE-2005-1700 (SQL injection vulnerability in pnadmin.php in the Xanthia module in ...)
	NOT-FOR-US: PostNuke
CVE-2005-1699 (Directory traversal vulnerability in pnadminapi.php in the Xanthia ...)
	NOT-FOR-US: PostNuke
CVE-2005-1698 (PostNuke 0.750 and 0.760RC3 allows remote attackers to obtain ...)
	NOT-FOR-US: PostNuke
CVE-2005-1697 (The RSS module in PostNuke 0.750 and 0.760RC2 and RC3 allows remote ...)
	NOT-FOR-US: PostNuke
CVE-2005-1696 (Multiple cross-site scripting (XSS) vulnerabilities in PostNuke 0.750 ...)
	NOT-FOR-US: PostNuke
CVE-2005-1695 (Multiple cross-site scripting (XSS) vulnerabilities in the RSS module ...)
	NOT-FOR-US: PostNuke
CVE-2005-1694 (Multiple SQL injection vulnerabilities in Xanthia.php in the Xanthia ...)
	NOT-FOR-US: PostNuke
CVE-2005-1693 (Integer overflow in Computer Associates Vet Antivirus library, as used ...)
	NOT-FOR-US: CA Antivirus
CVE-2005-1692 (Format string vulnerability in gxine 0.4.1 through 0.4.4, and other ...)
	- gxine 0.4.7-0.1 (bug #310712; medium)
CVE-2005-1691 (Directory traversal vulnerability in Internet Graphics Server in SAP ...)
	NOT-FOR-US: SAP
CVE-2005-1690
	REJECTED
CVE-2005-1689 (Double free vulnerability in the krb5_recvauth function in MIT ...)
	{DSA-757-1}
	- krb5 1.3.6-4 (medium)
CVE-2005-1688 (Wordpress 1.5 and earlier allows remote attackers to obtain sensitive ...)
	- wordpress 1.5.1-1
CVE-2005-1687 (SQL injection vulnerability in wp-trackback.php in Wordpress 1.5 and ...)
	- wordpress 1.5.1-1
CVE-2005-1686 (Format string vulnerability in gedit 2.10.2 may allow attackers to ...)
	{DSA-753-1}
	NOTE: Only exploitable under rare circumstances
	- gedit 2.10.3-1 (low)
CVE-2005-1685 (episodex guestbook allows remote attackers to bypass authentication ...)
	NOT-FOR-US: episodex
CVE-2005-1684 (Cross-site scripting (XSS) vulnerability in default.asp for episodex ...)
	NOT-FOR-US: episodex
CVE-2005-1683 (Buffer overflow in winword.exe 10.2627.6714 and earlier in Microsoft ...)
	NOT-FOR-US: Microsoft
CVE-2005-1682 (** DISPUTED ** ...)
	NOT-FOR-US: Solstice Internet Mail Server
CVE-2005-1681 (PHP remote file inclusion vulnerability in common.php in phpATM 1.21, ...)
	NOT-FOR-US: phpATM
CVE-2005-1680 (D-Link DSL-502T, DSL-504T, DSL-562T, and DSL-G604T, when ...)
	NOT-FOR-US: D-Link hardware
CVE-2005-1679 (Stack-based buffer overflow in the error directive in picasm 1.12b and ...)
	- picasm 1.12c-1
CVE-2005-1678 (Groove Virtual Office before 3.1 build 2338, before 3.1a build 2364, ...)
	NOT-FOR-US: Groove
CVE-2005-1677 (Unknown vulnerability in Groove Virtual Office before 3.1 build 2338, ...)
	NOT-FOR-US: Groove
CVE-2005-1676 (Multiple cross-site scripting (XSS) vulnerabilities in Groove Mobile ...)
	NOT-FOR-US: Groove
CVE-2005-1675 (Groove Virtual Office before 3.1 build 2338, before 3.1a build 2364, ...)
	NOT-FOR-US: Groove
CVE-2005-1674 (Cross-Site Request Forgery (CSRF) vulnerability in Help Center Live ...)
	NOT-FOR-US: Help Center Live
CVE-2005-1673 (Multiple SQL injection vulnerabilities in Help Center Live allow ...)
	NOT-FOR-US: Help Center Live
CVE-2005-1672 (Multiple cross-site scripting (XSS) vulnerabilities in Help Center ...)
	NOT-FOR-US: Help Center Live
CVE-2005-1671 (The Logfile feature in Yahoo! Messenger 5.x through 6.0 can be ...)
	NOT-FOR-US: Yahoo Messenger
CVE-2005-1670 (Unknown vulnerability in Extreme BlackDiamond 10808 and 8800 switches ...)
	NOT-FOR-US: Extreme BlackDiamond hardware
CVE-2005-1669 (Cross-site scripting (XSS) vulnerability in Opera 8.0 Final Build 1095 ...)
	NOT-FOR-US: Opera
CVE-2005-1668 (YusASP Web Asset Manager 1.0 allows remote attackers to gain ...)
	NOT-FOR-US: YusASP Web Asset Manager
CVE-2005-1667 (DataTrac Activity Console 1.1 allows remote attackers to cause a ...)
	NOT-FOR-US: DataTrac Activity Console
CVE-2005-1666 (Multiple buffer overflows in Orenosv HTTP/FTP Server 0.8.1 allow ...)
	NOT-FOR-US: Orenosv
CVE-2005-1665 (The __VIEWSTATE functionality in Microsoft ASP.NET 1.x, when not ...)
	NOT-FOR-US: Microsoft
CVE-2005-1664 (The __VIEWSTATE functionality in Microsoft ASP.NET 1.x allows remote ...)
	NOT-FOR-US: Microsoft
CVE-2005-1663 (Jeuce Personal Web Server 2.13 allows remote attackers to cause a ...)
	NOT-FOR-US: Jeuce Personal Web Server
CVE-2005-1662 (Directory traversal vulnerability in Jeuce Personal Web Server 2.13 ...)
	NOT-FOR-US: Jeuce Personal Web Server
CVE-2005-1661 (Jeuce Personal Webserver 2.13 allows remote attackers to cause a ...)
	NOT-FOR-US: Jeuce Personal Web Server
CVE-2005-1660 (HTMLJunction EZGuestbook stores the guestbook.mdb file under the web ...)
	NOT-FOR-US: EZGuestbook
CVE-2005-1659 (Cross-site scripting (XSS) vulnerability in filemanager.cpp in ...)
	NOT-FOR-US: MyServer
CVE-2005-1658 (Directory traversal vulnerability in filemanager.cpp in MyServer 0.8 ...)
	NOT-FOR-US: MyServer
CVE-2005-1657 (Multiple directory traversal vulnerabilities in Mercur Messaging 2005 ...)
	NOT-FOR-US: Mercur Messaging
CVE-2005-1656 (Mercur Messaging 2005 SP2 allows remote attackers to read the source ...)
	NOT-FOR-US: Mercur Messaging
CVE-2005-1655 (AOL Instant Messenger 5.5.x and earlier allows remote attackers to ...)
	NOT-FOR-US: AOL Instant Messenger
CVE-2005-1654 (Hosting Controller 6.1 Hotfix 1.9 and earlier allows remote attackers ...)
	NOT-FOR-US: Hosting Controller
CVE-2004-2093 (Buffer overflow in the open_socket_out function in socket.c for rsync ...)
	- rsync 2.6.1-1
CVE-2004-2092 (eTrust InoculateIT for Linux 6.0 uses insecure permissions for ...)
	NOT-FOR-US: InoculateIT
CVE-2004-2091 (Microsoft Baseline Security Analyzer (MBSA) 1.2 does not correctly ...)
	NOT-FOR-US: Microsoft
CVE-2004-2090 (Microsoft Internet Explorer 5.0.1 through 6.0 allows remote attackers ...)
	NOT-FOR-US: Microsoft
CVE-2004-2089 (Matrix FTP Server allows remote attackers to cause a denial of service ...)
	NOT-FOR-US: Matrix FTP Server
CVE-2004-2088 (Sophos Anti-Virus 3.78 allows remote attackers to bypass virus ...)
	NOT-FOR-US: Sophos
CVE-2004-2087 (Unknown vulnerability in SandSurfer before 1.7.0 allows remote ...)
	NOT-FOR-US: SandSurfer
CVE-2004-2086 (Stack-based buffer overflow in results.stm for Sambar Server before ...)
	NOT-FOR-US: Sambar
CVE-2004-2085 (Multiple cross-site scripting (XSS) vulnerabilities in Brad Fears ...)
	NOT-FOR-US: phpcodeCabinet
CVE-2004-2084 (Cross-site scripting (XSS) vulnerability in search.php in JShop ...)
	NOT-FOR-US: JShop
CVE-2004-2083 (Opera Web Browser 7.0 through 7.23 allows remote attackers to trick ...)
	NOT-FOR-US: Opera
CVE-2004-2082 (The samiftp.dll library in Sami FTP Server 1.1.3 allows remote ...)
	NOT-FOR-US: Sami FTP Server
CVE-2004-2081 (The samiftp.dll library in Sami FTP Server 1.1.3 allows local users to ...)
	NOT-FOR-US: Sami FTP Server
CVE-2004-2080 (Red-M Red-Alert 2.7.5 with software 3.1 build 24 converts multiple ...)
	NOT-FOR-US: Red-Alert
CVE-2004-2079 (Red-M Red-Alert 2.7.5 with software 3.1 build 24 binds authentication ...)
	NOT-FOR-US: Red-Alert
CVE-2004-2078 (Red-M Red-Alert 2.7.5 with software 3.1 build 24 allows remote ...)
	NOT-FOR-US: Red-Alert
CVE-2004-2077 (Nadeo Game Engine for Nadeo TrackMania and Nadeo Virtual Skipper 3 ...)
	NOT-FOR-US: Nadeo
CVE-2004-2076 (Cross-site scripting (XSS) vulnerability in search.php for Jelsoft ...)
	NOT-FOR-US: Jelsoft Bulletin
CVE-2004-2075 (Sophos Anti-Virus 3.78 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Sophos
CVE-2004-2074 (Format string vulnerability in Dream FTP 1.02 allows local users to ...)
	NOT-FOR-US: Dream FTP
CVE-2004-2073 (Linux-VServer 1.24 allows local users with root privileges on a ...)
	- kernel-patch-vserver 1.9.4-1
CVE-2004-2072 (Cross-site scripting (XSS) vulnerability in index.php for Mambo Open ...)
	NOT-FOR-US: Mambo
CVE-2004-2071 (Macallan Mail Solution 2.8.4.6 (Build 260), and possibly earlier ...)
	NOT-FOR-US: Macallan
CVE-2003-1214 (Unknown vulnerability in the server login for VisualShapers ezContents ...)
	NOT-FOR-US: VisualShapers
CVE-2003-1213 (The default installation of MaxWebPortal 1.30 stores the portal ...)
	NOT-FOR-US: MaxWebPortal
CVE-2003-1212 (MaxWebPortal 1.30 allows remote attackers to perform unauthorized ...)
	NOT-FOR-US: MaxWebPortal
CVE-2003-1211 (Cross-site scripting (XSS) vulnerability in search.asp for ...)
	NOT-FOR-US: PHP-Nuke
CVE-2003-1210 (Multiple SQL injection vulnerabilities in the Downloads module for ...)
	NOT-FOR-US: MaxWebPortal
CVE-2003-1209 (The Post_Method function in Monkey HTTP Daemon before 0.6.2 allows ...)
	NOT-FOR-US: Monkey
CVE-2003-1208 (Multiple buffer overflows in Oracle 9i 9 before 9.2.0.3 allow local ...)
	NOT-FOR-US: Oracle
CVE-2003-1207 (Crob FTP Server 3.5.1 allows remote authenticated users to cause a ...)
	NOT-FOR-US: Crob
CVE-2003-1206 (Format string vulnerability in Crob FTP Server 2.60.1 allows remote ...)
	NOT-FOR-US: Crob
CVE-2003-1205 (Crob FTP Server 2.60.1 allows remote authenticated users to cause a ...)
	NOT-FOR-US: Crob
CVE-2003-1204 (Multiple cross-site scripting (XSS) vulnerabilities in Mambo Site ...)
	NOT-FOR-US: Mambo
CVE-2003-1203 (Cross-site scripting (XSS) vulnerability in index.php for Mambo Site ...)
	NOT-FOR-US: Mambo
CVE-2002-1663 (The Post_Method function in method.c for Monkey HTTP Daemon before ...)
	NOT-FOR-US: Monkey
CVE-2002-1662 (Multiple cross-site scripting (XSS) vulnerabilities in Mambo Site ...)
	NOT-FOR-US: Mambo
CVE-2000-1224 (Caucho Technology Resin 1.2 and possibly earlier allows remote ...)
	NOT-FOR-US: Caucho Technology Resin
CVE-2005-XXXX [Two DoS condition in ekg]
	- ekg 1:1.5+20050411-3
CVE-2005-XXXX [lcrash affected by libbfd integer overflows]
	- lcrash 7.0.0.pre.cvs.20050322-3
CVE-2005-XXXX [Multiple security problems in lbreakout2]
	- lbreakout2 2.5.2-2
CVE-2005-1653 (Cross-site scripting (XSS) vulnerability in message.htm for Woppoware ...)
	NOT-FOR-US: Woppoware
CVE-2005-1652 (message.htm for Woppoware PostMaster 4.2.2 (build 3.2.5) allows remote ...)
	NOT-FOR-US: Woppoware
CVE-2005-1651 (Directory traversal vulnerability in message.htm for Woppoware ...)
	NOT-FOR-US: Woppoware
CVE-2005-1650 (The web mail service in Woppoware PostMaster 4.2.2 (build 3.2.5) ...)
	NOT-FOR-US: Woppoware
CVE-2005-1649 (The IpV6 support in Windows XP SP2, 2003 Server SP1, and Longhorn, ...)
	NOT-FOR-US: Windows
CVE-2005-1648 (Gurgens (GASoft) Ultimate Forum 1.0 stores the db/Genid.dat database ...)
	NOT-FOR-US: GASoft
CVE-2005-1647 (Gurgens (GASoft) Guest Book 2.1 stores the db/Genid.dat database file ...)
	NOT-FOR-US: GASoft
CVE-2005-1646 (The default installation of Fastream NETFile FTP/Web Server 7.4.6, ...)
	NOT-FOR-US: Fastream NETFile
CVE-2005-1645 (Keyvan1 ImageGallery stores the image.mdb database under the web ...)
	NOT-FOR-US: Keyvan1 Gallery
CVE-2005-1644 (Cross-site scripting (XSS) vulnerability in guestbook.php for 1Two ...)
	NOT-FOR-US: Livre d'Or
CVE-2005-1643 (The ZCom_BitStream::Deserialize function in Zoidcom 1.0 beta 4 and ...)
	NOT-FOR-US: Zoidcom
CVE-2005-1642 (SQL injection vulnerability in the verify_email function in Woltlab ...)
	NOT-FOR-US: Woltlab Burning Board
CVE-2005-1641 (mod_channel in The Ignition Project ignitionServer 0.3.0 to 0.3.6, and ...)
	NOT-FOR-US: Ignition Project
CVE-2005-1640 (mod_channel.bas in The Ignition Project ignitionServer 0.3.0 to 0.3.6, ...)
	NOT-FOR-US: Ignition Project
CVE-2005-1639 (SQL injection vulnerability in Sigmaweb.DLL in Sigma ISP Manager 6.6 ...)
	NOT-FOR-US: Sigma
CVE-2005-1638 (The _writeAttrs function in SafeHTML before 1.3.2 does not properly ...)
	NOT-FOR-US: SafeHTML
CVE-2005-1637 (Multiple SQL injection vulnerabilities in NPDS 4.8 and 5.0 allow ...)
	NOT-FOR-US: NPDS
CVE-2005-1636 (mysql_install_db in MySQL 4.1.x before 4.1.12 and 5.x up to 5.0.4 ...)
	{DSA-783-1}
	- mysql-dfsg 4.0.12-2 (bug #319526; low)
	- mysql-dfsg-4.1 4.1.12 (medium; bug #319526)
	- mysql-dfsg-5.0 5.0.11beta-3 (medium)
CVE-2005-1635 (JGS-XA JGS-Portal 3.0.2 and earlier allows remote attackers to obtain ...)
	NOT-FOR-US: JGS-Portal
CVE-2005-1634 (Multiple cross-site scripting (XSS) vulnerabilities in JGS-XA ...)
	NOT-FOR-US: JGS-Portal
CVE-2005-1633 (Multiple SQL injection vulnerabilities in JGS-XA JGS-Portal 3.0.2 and ...)
	NOT-FOR-US: JGS-Portal
CVE-2005-1632 (Cheetah 0.9.15 and 0.9.16 searches the /tmp directory for modules ...)
	- cheetah 0.9.16-1
CVE-2005-1631 (booby.php in Booby 1.0.0 and earlier allows remote attackers to view ...)
	NOT-FOR-US: Booby
CVE-2005-1630 (Unknown vulnerability in Attachment Mod before 2.3.13, related to a ...)
	NOT-FOR-US: phpbb attachment mod
CVE-2005-1629 (SQL injection vulnerability in member.php for Photopost PHP Pro allows ...)
	NOT-FOR-US: Photopost
CVE-2005-1628 (apage.cgi in WebAPP 0.9.9.2.1, and possibly earlier versions, allows ...)
	NOT-FOR-US: WebAPP
CVE-2005-1627 (Unknown vulnerability in Viewglob before 2.0.1, related to &quot;a ...)
	- viewglob 2.0.1-1
	[sarge] - viewglob <not-affected> (1.x version in Sarge is not vulnerable)
CVE-2005-1626 (Multiple buffer overflows in handlers.c for Pico Server (pServ) before ...)
	NOT-FOR-US: Pico Server
CVE-2005-1625 (Stack-based buffer overflow in the UnixAppOpenFilePerform function in ...)
	NOT-FOR-US: Acrobat Reader
CVE-2005-1624
	RESERVED
CVE-2005-1623
	RESERVED
CVE-2005-1622 (Cross-site scripting (XSS) vulnerability in productsByCategory.asp in ...)
	NOT-FOR-US: MetaCart
CVE-2005-1621 (Directory traversal vulnerability in the pnModFunc function in ...)
	NOT-FOR-US: Postnuke mod
CVE-2005-1620 (Cross-site scripting (XSS) vulnerability in Skull-Splitter Guestbook ...)
	NOT-FOR-US: Skull-Splitter Guestbook
CVE-2005-1619 (Multiple cross-site scripting (XSS) vulnerabilities in (1) ...)
	NOT-FOR-US: PHPMyChat
CVE-2005-1618 (The YMSGR URL handler in Yahoo! Messenger 5.x through 6.0 allows ...)
	NOT-FOR-US: Yahoo Messenger
CVE-2005-1617 (Willings WebCam and WebCam Lite 2.8 and earlier stores the password in ...)
	NOT-FOR-US: Willings WebCAM
CVE-2005-1616 (viewforum.php in Ultimate PHP Board (UPB) 1.8 through 1.9.6 allows ...)
	NOT-FOR-US: Ultimate PHP Board
CVE-2005-1615 (viewforum.php in Ultimate PHP Board (UPB) 1.8 through 1.9.6 may allow ...)
	NOT-FOR-US: Ultimate PHP Board
CVE-2005-1614 (Cross-site scripting (XSS) vulnerability in viewforum.php in Ultimate ...)
	NOT-FOR-US: Ultimate PHP Board
CVE-2005-1613 (Cross-site scripting (XSS) vulnerability in member.php in Open ...)
	NOT-FOR-US: OpenBB
CVE-2005-1612 (SQL injection vulnerability in read.php in Open Bulletin Board ...)
	NOT-FOR-US: OpenBB
CVE-2005-1611 (Cross-site scripting (XSS) vulnerability in WebX in Web Crossing 5.x ...)
	NOT-FOR-US: Web Crossing
CVE-2005-1610 (Cross-site scripting (XSS) vulnerability in security.php for Tru-Zone ...)
	NOT-FOR-US: Tru-Zone NukeET
CVE-2005-1609 (Unknown vulnerability in Sun StorEdge 6130 Arrays (SE6130) with serial ...)
	NOT-FOR-US: Sun StorEdge 6130 Arrays
CVE-2005-1608 (Multiple unknown vulnerabilities in the Blocks module in Spidean ...)
	NOT-FOR-US: Spidean AutoTheme 1.7 and AT-Lite for PostNuke
CVE-2005-1607 (Cross-site scripting (XSS) vulnerability in shop.cgi in Remote Cart ...)
	NOT-FOR-US: Remote Cart
CVE-2005-1606 (H-Sphere Winbox 2.4.2 and 2.4.3 RC1 stores sensitive information such ...)
	NOT-FOR-US: H-Sphere Winbox
CVE-2005-1605 (Cross-site scripting (XSS) vulnerability in the guestbook for ...)
	NOT-FOR-US: guestbook for SiteStudio
CVE-2005-1604 (PHP Advanced Transfer Manager (phpATM) 1.21 allows remote attackers to ...)
	NOT-FOR-US: phpATM
CVE-2005-1603 (NiteEnterprises Remote File Manager 1.0 allows remote attackers to ...)
	NOT-FOR-US: NiteEnterprises Remote File Manager
CVE-2005-1602 (SQL injection vulnerability in login.asp for Net56 Browser Based File ...)
	NOT-FOR-US: Net56 Browser Based File Manager
CVE-2005-1601 (MRO Maximo Self Service 4 and 5 stores certain information under the ...)
	NOT-FOR-US: MRO Maximo Self Service
CVE-2005-1600 (A &quot;mathematical flaw&quot; in the implementation of the El Gamal signature ...)
	NOT-FOR-US: LibTomCrypt
CVE-2005-1599 (Cross-site scripting (XSS) vulnerability in Kryloff Technologies ...)
	NOT-FOR-US: Kryloff Technologies Subject Search Server
CVE-2005-1598 (SQL injection vulnerability in Invision Power Board (IPB) 2.0.3 and ...)
	NOT-FOR-US: Invision Power Board
CVE-2005-1597 (Cross-site scripting (XSS) vulnerability in (1) search.php and (2) ...)
	NOT-FOR-US: Invision Power Board
CVE-2005-1596 (index.php in Fusion SBX 1.2 and earlier does not properly use the ...)
	NOT-FOR-US: Fusion SBX
CVE-2005-1595 (CodeThat ShoppingCart 1.3.1 stores config.ini under the web root, ...)
	NOT-FOR-US: CodeThat ShoppingCart
CVE-2005-1594 (SQL injection vulnerability in catalog.php for CodeThat ShoppingCart ...)
	NOT-FOR-US: CodeThat ShoppingCart
CVE-2005-1593 (Cross-site scripting (XSS) vulnerability in catalog.php for CodeThat ...)
	NOT-FOR-US: CodeThat ShoppingCart
CVE-2005-1592 (Multiple &quot;javascript vulerabilities in BB code&quot; in BirdBlog before ...)
	NOT-FOR-US: BirdBlog
CVE-2005-1591 (Unknown vulnerability in NIS+ on Solaris 7, 8, and 9 allows remote ...)
	NOT-FOR-US: Solaris
CVE-2005-1590 (The Altiris Client Service for Windows (ACLIENT.EXE) 6.0.88 allows ...)
	NOT-FOR-US: Altiris Client Service for Windows
CVE-2004-2070 (The Altiris Client Service for Windows 5.6 SP1 Hotfix E (5.6.181) ...)
	NOT-FOR-US: Altiris Client Service for Windows
CVE-2003-1197 (Cross-site scripting (XSS) vulnerability in index.php for ...)
	NOT-FOR-US: LedForums
CVE-2003-1168 (HTTP Commander 4.0 allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: HTTP Commander
CVE-2005-XXXX [clamav: DoS through multiple empty Content-Disposition header lines]
	- clamav 0.85.1-1 (low)
	[sarge] - clamav 0.84-2.sarge.1
CVE-2005-XXXX [libxpm4: new s_popen() function is insecure garbage]
	- xfree86 4.3.0.dfsg.1-14 (bug #308783)
	- xorg-x11 <not-affected> (Xfree-specific, inspected the Subversion tree)
CVE-2005-1589 (The pkt_ioctl function in the pktcdvd block device ioctl handler ...)
	- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.12-rc5)
	[sarge] - kernel-source-2.6.8 <not-affected>
CVE-2005-1588 (** DISPUTED ** ...)
	NOT-FOR-US: Quick.cart
CVE-2005-1587 (Cross-site scripting (XSS) vulnerability in index.php for Quick.cart ...)
	NOT-FOR-US: Quick.cart
CVE-2005-1586 (Quick.Forum 2.1.6 stores potentially sensitive information such as ...)
	NOT-FOR-US: Quick.Forum
CVE-2005-1585 (Multiple SQL injection vulnerabilities in Quick.Forum 2.1.6 allow ...)
	NOT-FOR-US: Quick.Forum
CVE-2005-1584 (Cross-site scripting (XSS) vulnerability in index.php for Quick.Forum ...)
	NOT-FOR-US: Quick.Forum
CVE-2005-1583 (1Two News 1.0 allows remote attackers to (1) delete images for new ...)
	NOT-FOR-US: 1Two News
CVE-2005-1582 (Cross-site scripting (XSS) vulnerability in index.php for 1Two News ...)
	NOT-FOR-US: 1Two News
CVE-2005-1581 (Cross-site scripting (XSS) vulnerability in Bug Report 1.0 allows ...)
	NOT-FOR-US: bug_list.php
CVE-2005-1580 (users.ini.php in BoastMachine 3.0 does not properly restrict the types ...)
	NOT-FOR-US: BoastMachine
CVE-2005-1579 (Apple QuickTime Player 7.0 on Mac OS X 10.4 allows remote attackers to ...)
	NOT-FOR-US: Apple
CVE-2005-1578 (EnCase Forensic Edition 4.18a does not support Device Configuration ...)
	NOT-FOR-US: EnCase
CVE-2005-1577 (APG Technology ClassMaster does not properly restrict access to ...)
	NOT-FOR-US: APG Classmaster
CVE-2005-1576 (The file download dialog in Mozilla Firefox 0.10.1 and 1.0 for Windows ...)
	NOTE: appears windows specific
CVE-2005-1575 (The file download dialog in Mozilla Firefox 0.10.1 and 1.0 for Windows ...)
	NOTE: appears windows specific
CVE-2005-1574 (Windows Media Player 9 and 10, in certain cases, allows content ...)
	NOT-FOR-US: Windows
CVE-2005-1573 (SQL injection vulnerability in admin_login.asp for ASP Virtual News ...)
	NOT-FOR-US: ASP Virtual News Manager
CVE-2005-1572 (ShowOff! 1.5.4 allows remote attackers to cause a denial of service ...)
	NOT-FOR-US: ShowOff
CVE-2005-1571 (Multiple directory traversal vulnerabilities in ShowOff! 1.5.4 allow ...)
	NOT-FOR-US: ShowOff
CVE-2005-1570 (forum.asp in bttlxeForum 2.0 allows remote attackers to obtain full ...)
	NOTE: for-for-us (bttlxeForum)
CVE-2005-1569 (Cross-site scripting (XSS) vulnerability in DirectTopics 2.1 and 2.2 ...)
	NOT-FOR-US: DirectTopics
CVE-2005-1568 (topic.php in DirectTopics 2.1 and 2.2 allows remote attackers to ...)
	NOT-FOR-US: DirectTopics
CVE-2005-1567 (SQL injection vulnerability in topic.php in DirectTopics 2.1 and 2.2 ...)
	NOT-FOR-US: DirectTopics
CVE-2005-1566 (Acrowave AAP-3100AR wireless router allows remote attackers to bypass ...)
	NOT-FOR-US: Acrowave AAP-3100AR wireless router
CVE-2005-1565 (Bugzilla 2.17.1 through 2.18, 2.19.1, and 2.19.2, when a user is ...)
	[woody] - bugzilla <not-affected> (Only Bugzilla >= 2.17 is affected)
	[sarge] - bugzilla <not-affected> (Only Bugzilla >= 2.17 is affected)
	- bugzilla 2.18-7 (bug #308789; medium)
CVE-2005-1564 (post_bug.cgi in Bugzilla 2.10 through 2.18, 2.19.1, and 2.19.2 allows ...)
	- bugzilla 2.16.7-7sarge1
CVE-2005-1563 (Bugzilla 2.10 through 2.18, 2.19.1, and 2.19.2 displays a different ...)
	- bugzilla 2.16.7-7sarge1
CVE-2005-1562 (Multiple SQL injection vulnerabilities in MaxWebPortal 1.3.5 and ...)
	NOT-FOR-US: MaxWebPortal
CVE-2005-1561 (Multiple cross-site scripting (XSS) vulnerabilities in post.asp in ...)
	NOT-FOR-US: MaxWebPortal
CVE-2005-1560 (The SSH module in Neteyes Nexusway allows remote attackers to execute ...)
	NOT-FOR-US: Nexusway
CVE-2005-1559 (The web module in Neteyes Nexusway allows remote attackers to execute ...)
	NOT-FOR-US: Nexusway
CVE-2005-1558 (The web module in Neteyes Nexusway allows remote attackers to bypass ...)
	NOT-FOR-US: Nexusway
CVE-2005-1557 (Multiple cross-site scripting (XSS) vulnerabilities in WebApp ...)
	NOT-FOR-US: WebApp Guestbook PRO
CVE-2005-1556 (Gamespy cd-key validation system allows remote attackers to cause a ...)
	NOT-FOR-US: Gamespy cd-key validation system
CVE-2005-1555 (Cross-site scripting (XSS) vulnerability in the JRun Web Server in ...)
	NOT-FOR-US: JRun
CVE-2005-1554 (SQL injection vulnerability in view_user.php in WowBB 1.6, 1.61, and ...)
	NOT-FOR-US: WowBB
CVE-2005-1553 (GeoVision Digital Video Surveillance System 6.04, 6.1 and 7.0 uses a ...)
	NOT-FOR-US: GeoVision Digital Video Surveillance System
CVE-2005-1552 (GeoVision Digital Video Surveillance System 6.04, 6.1 and 7.0, when ...)
	NOT-FOR-US: GeoVision Digital Video Surveillance System
CVE-2005-1551 (Sophos Anti-Virus 3.93 does not check downloaded files for viruses ...)
	NOT-FOR-US: Sophos Anti-Virus
CVE-2005-1550 (easymsgb.pl in Easy Message Board allows remote attackers to execute ...)
	NOT-FOR-US: easy message board
CVE-2005-1549 (Directory traversal vulnerability in easymsgb.pl in Easy Message Board ...)
	NOT-FOR-US: easy message board
CVE-2005-1548 (SQL injection vulnerability in index.php in Advanced Guestbook 2.3.1 ...)
	NOT-FOR-US: Advanced Guestbook
CVE-2005-1547 (Heap-based buffer overflow in the demo version of Bakbone Netvault, ...)
	NOT-FOR-US: Bakbone Netvault
CVE-2005-1546 (Buffer overflow in the PE parser in HT Editor before 0.8.0 allows ...)
	{DSA-743-1}
	- ht 0.8.0-3 (bug #308587)
CVE-2005-1545 (Integer overflow in the ELF parser in HT Editor before 0.8.0 allows ...)
	{DSA-743-1}
	- ht 0.8.0-3 (bug #308587)
CVE-2005-1544 (Stack-based buffer overflow in libTIFF before 3.7.2 allows remote ...)
	{DSA-755-1}
	NOTE: CVE info about vulnerable version number is bogus
	- tiff 3.7.2-3 (bug #309739)
CVE-2005-1543 (Multiple stack-based and heap-based buffer overflows in Remote ...)
	NOT-FOR-US: Novell Zenworks
CVE-2005-1542
	RESERVED
CVE-2005-1541
	RESERVED
CVE-2005-1540
	RESERVED
CVE-2005-1539
	RESERVED
CVE-2005-1538
	RESERVED
CVE-2005-1537
	RESERVED
CVE-2005-1536
	RESERVED
CVE-2005-1535
	RESERVED
CVE-2005-1534
	RESERVED
CVE-2005-1533
	RESERVED
CVE-2005-1532 (Firefox before 1.0.4 and Mozilla Suite before 1.7.8 do not properly ...)
	{DSA-781-1}
	- mozilla-firefox 1.0.4
	- mozilla 2:1.7.8
	- mozilla-thunderbird 1.0.6-1 (bug #318728; high)
CVE-2005-1531 (Firefox before 1.0.4 and Mozilla Suite before 1.7.8 does not properly ...)
	- mozilla-firefox 1.0.4
	- mozilla 2:1.7.8
CVE-2005-1530 (Sophos Anti-Virus 5.0.1, with &quot;Scan inside archive files&quot; enabled, ...)
	NOT-FOR-US: Sophos
CVE-2005-1529
	RESERVED
CVE-2005-1528 (Untrusted search path vulnerability in the crttrap command in QNX ...)
	NOT-FOR-US: QNX
CVE-2005-1527 (Eval injection vulnerability in awstats.pl in AWStats 6.4 and earlier, ...)
	{DSA-892-1}
	- awstats 6.4-1.1 (bug #322591; bug #334833; bug #336137; medium)
CVE-2005-1526 (PHP remote file inclusion vulnerability in config_settings.php in ...)
	{DSA-764-1}
	- cacti 0.8.6e-1 (bug #315703; high)
CVE-2005-1525 (SQL injection vulnerability in config_settings.php for Cacti before ...)
	{DSA-764-1}
	- cacti 0.8.6e-1 (bug #315703; high)
CVE-2005-1524 (PHP file inclusion vulnerability in top_graph_header.php in Cacti ...)
	{DSA-764-1}
	- cacti 0.8.6e-1 (bug #315703; high)
CVE-2005-1523 (Format string vulnerability in imap4d server in GNU Mailutils 0.5 and ...)
	{DSA-732-1}
	- mailutils 1:0.6.1-3
CVE-2005-1522 (The imap4d server for GNU Mailutils 0.5 and 0.6, and other versions ...)
	{DSA-732-1}
	- mailutils 1:0.6.1-3
CVE-2005-1521 (Integer overflow in the fetch_io function of the imap4d server in GNU ...)
	{DSA-732-1}
	- mailutils 1:0.6.1-3
CVE-2005-1520 (Buffer overflow in the header_get_field_name function in header.c for ...)
	{DSA-732-1}
	- mailutils 1:0.6.1-3
CVE-2005-1519 (Squid 2.5 STABLE9 and earlier, when the DNS client port is unfiltered ...)
	{DSA-751-1}
	- squid 2.5.9-9 (bug #309504)
CVE-2005-1518 (Unknown vulnerability in Solaris 7 through 9, when using Federated ...)
	NOT-FOR-US: Solaris
CVE-2005-1517 (Unknown vulnerability in Cisco Firewall Services Module (FWSM) 2.3.1 ...)
	NOT-FOR-US: Cisco
CVE-2005-XXXX [Buffer overflow in libotr]
	- libotr 2.0.2-1
CVE-2005-XXXX [vpnc: config file path security hole]
	- vpnc 0.3.2+SVN20050326-2
CVE-2005-XXXX [Several buffer overflows in termpkg]
	- termpkg 3.3-2
CVE-2005-XXXX [Integer overflow in binutils' ELF parsing]
	NOTE: 2.16.1cvs20050902-1 mentions this in the changelog as well, but it's
	NOTE: already fixed since 2.15-6
	- binutils 2.15-6
CVE-2005-XXXX [kmd affected by binutils's ELF parser vulnerability]
	- kmd 0.9.19-1.1
CVE-2005-XXXX [unrar: opens /tmp/debug_unrar.txt]
	NOTE: Source package has been renamed from unrar to unrar-free
	- unrar-free 1:0.0.1-2
CVE-2005-1512 (The Admin panel in PwsPHP 1.2.2 does not properly verify uploaded ...)
	NOT-FOR-US: PwsPHP
CVE-2005-1511 (PwsPHP 1.2.2 allows remote attackers to bypass authentication and post ...)
	NOT-FOR-US: PwsPHP
CVE-2005-1510 (PwsPHP 1.2.2 allows remote attackers to obtain sensitive information ...)
	NOT-FOR-US: PwsPHP
CVE-2005-1509 (SQL injection vulnerability in profil.php in PwsPHP 1.2.2 allows ...)
	NOT-FOR-US: PwsPHP
CVE-2005-1508 (Multiple cross-site scripting (XSS) vulnerabilities in PwsPHP 1.2.2 ...)
	NOT-FOR-US: PwsPHP
CVE-2005-1507 (Buffer overflow in the Tomcat plugin in 4d WebSTAR 5.33 and 5.4 allows ...)
	NOT-FOR-US: WebSTAR
CVE-2005-1506 (SQL injection vulnerability in out.php in CJ Ultra (CJUltra) Plus ...)
	NOT-FOR-US: CJ Ultra Plus
CVE-2005-1505 (The new account wizard in Mail.app 2.0 in Mac OS 10.4, when ...)
	NOT-FOR-US: MacOS
CVE-2005-1504 (GameSpy SDK CD-Key Validation Toolkit, as used by many online games, ...)
	NOT-FOR-US: GameSpy SDK CD-Key Validation Toolkit
CVE-2005-1503 (Multiple SQL injection vulnerabilities in MidiCart PHP Shopping Cart ...)
	NOT-FOR-US: MidiCart
CVE-2005-1502 (Cross-site scripting (XSS) vulnerability in MidiCart PHP Shopping Cart ...)
	NOT-FOR-US: MidiCart
CVE-2005-1501 (MidiCart PHP Shopping Cart allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: MidiCart
CVE-2005-1500 (Multiple SQL injection vulnerabilities in myBloggie 2.1.1 allow remote ...)
	NOT-FOR-US: myBloggie
CVE-2005-1499 (delcomment.php in myBloggie 2.1.1 allows remote attackers to delete ...)
	NOT-FOR-US: myBloggie
CVE-2005-1498 (Multiple cross-site scripting (XSS) vulnerabilities in myBloggie 2.1.1 ...)
	NOT-FOR-US: myBloggie
CVE-2005-1497 (index.php in myBloggie 2.1.1 allows remote attackers to obtain ...)
	NOT-FOR-US: myBloggie
CVE-2005-1496 (The DBMS_Scheduler in Oracle 10g allows remote attackers with CREATE ...)
	NOT-FOR-US: Oracle
CVE-2005-1495 (Oracle Database 9i and 10g disables Fine Grained Audit (FGA) after the ...)
	NOT-FOR-US: Oracle
CVE-2005-1494 (Multiple cross-site scripting (XSS) vulnerabilities in admin.cgi in ...)
	NOT-FOR-US: MegaBook
CVE-2005-1493 (Directory traversal vulnerability in SimpleCam 1.2 allows remote ...)
	NOT-FOR-US: SimpleCam
CVE-2005-1492 (Cross-site scripting (XSS) vulnerability in user.cgi in Gossamer ...)
	NOT-FOR-US: Gossamer Threads Links
CVE-2005-1491 (Merak Mail Server 8.0.3 with Icewarp Web Mail 5.4.2 allows remote ...)
	NOT-FOR-US: Merak Mail Server 8.0.3 with Icewarp Web Mail 5.4.2
CVE-2005-1490 (Merak Mail Server 8.0.3 with Icewarp Web Mail 5.4.2, when the ...)
	NOT-FOR-US: Merak Mail Server 8.0.3 with Icewarp Web Mail 5.4.2
CVE-2005-1489 (Unknown vulnerability in Merak Mail Server 8.0.3 with Icewarp Web Mail ...)
	NOT-FOR-US: Merak Mail Server 8.0.3 with Icewarp Web Mail 5.4.2
CVE-2005-1488 (Multiple cross-site scripting (XSS) vulnerabilities in Merak Mail ...)
	NOT-FOR-US: Merak Mail Server 8.0.3 with Icewarp Web Mail 5.4.2
CVE-2005-1487 (** DISPUTED ** ...)
	NOT-FOR-US: FishCart
CVE-2005-1486 (Multiple cross-site scripting vulnerabilities in FishCart 3.1 allow ...)
	NOT-FOR-US: FishCart
CVE-2005-1485 (Golden FTP Server Pro allows 2.52 allows remote attackers to obtain ...)
	NOT-FOR-US: Golden FTP Server Pro
CVE-2005-1484 (Directory traversal vulnerability in Golden FTP server pro 2.52 allows ...)
	NOT-FOR-US: Golden FTP Server Pro
CVE-2005-1483 (Multiple cross-site scripting (XSS) vulnerabilities in ArticleLive ...)
	NOT-FOR-US: ArticleLive
CVE-2005-1482 (ArticleLive 2005 allows remote attackers to gain privileges by ...)
	NOT-FOR-US: ArticleLive
CVE-2005-1481 (Multiple SQL injection vulnerabilities in Aaron Outpost ASP Inline ...)
	NOT-FOR-US: ASP Inline Corporate Calendar
CVE-2005-1480 (Directory traversal vulnerability in RaidenFTPD before 2.4.2241 allows ...)
	NOT-FOR-US: RaidenFTPD
CVE-2005-1479 (SQL injection vulnerability in jgs_portal.php in JGS-Portal 3.0.1 and ...)
	NOT-FOR-US: JGS-Portal
CVE-2005-1478 (Format string vulnerability in dSMTP (dsmtp.exe) in DMail 3.1a allows ...)
	NOT-FOR-US: DMail
CVE-2005-1516 (DList (dlist.exe) in DMail 3.1a allows remote attackers to bypass ...)
	NOT-FOR-US: DMail
CVE-2005-1515 (Integer signedness error in the qmail_put and substdio_put functions ...)
	- qmail 1.03-38
CVE-2005-1514 (commands.c in qmail, when running on 64 bit platforms with a large ...)
	- qmail 1.03-38
CVE-2005-1513 (Integer overflow in the stralloc_readyplus function in qmail, when ...)
	- qmail 1.03-38
CVE-2004-2067 (SQL injection vulnerability in controlpanel.php in Jaws Framework and ...)
	NOT-FOR-US: JAWS
CVE-2004-2066 (SQL injection vulnerability in session.php in LinPHA 0.9.4 allows ...)
	NOT-FOR-US: LinPHA
CVE-2004-2065 (DansGuardian 2.8 and earlier allows remote attackers to bypass the ...)
	- dansguardian 2.5.2-0-0.1
CVE-2004-2064 (Cross-site scripting (XSS) vulnerability in lostBook 1.1 and earlier ...)
	NOT-FOR-US: lostBook
CVE-2004-2063 (Cross-site scripting (XSS) vulnerability in antiboard.php in AntiBoard ...)
	NOT-FOR-US: AntiBoard
CVE-2004-2062 (SQL injection vulnerability in antiboard.php in AntiBoard 0.7.2 and ...)
	NOT-FOR-US: AntiBoard
CVE-2004-2061 (RiSearch 1.0.01 and RiSearch Pro 3.2.06 allows remote attackers to use ...)
	NOT-FOR-US: RiSearch
CVE-2004-2060 (ASPRunner 2.4 stores the database under the web root in the db ...)
	NOT-FOR-US: ASPRunner
CVE-2004-2059 (Multiple cross-site scripting vulnerabilities in ASPRunner 2.4 allow ...)
	NOT-FOR-US: ASPRunner
CVE-2004-2058 (ASPRunner 2.4 allows remote attackers to gain sensitive information ...)
	NOT-FOR-US: ASPRunner
CVE-2004-2057 (SQL injection vulnerability in ASPRunner 2.4 allows remote attackers ...)
	NOT-FOR-US: ASPRunner
CVE-2004-2056 (SQL injection vulnerability in action.php in Nucleus CMS 3.01 allows ...)
	NOT-FOR-US: ASPRunner
CVE-2004-2055 (Cross-site scripting (XSS) vulnerability in search.php for PhpBB 2.0.4 ...)
	- phpbb2 2.0.10-1
CVE-2004-2054 (CRLF injection vulnerability in PhpBB 2.0.4 and 2.0.9 allows remote ...)
	- phpbb2 2.0.10-1
CVE-2004-2053 (PHP remote file inclusion vulnerability in index.php in EasyIns ...)
	NOT-FOR-US: Easyins Stadtportal
CVE-2004-2052 (eSeSIX Thintune thin clients running firmware 2.4.38 and earlier ...)
	NOT-FOR-US: eSeSIX Thintune
CVE-2004-2051 (The Phoenix browser in eSeSIX Thintune thin clients running firmware ...)
	NOT-FOR-US: eSeSIX Thintune
CVE-2004-2050 (eSeSIX Thintune thin clients running firmware 2.4.38 and earlier allow ...)
	NOT-FOR-US: eSeSIX Thintune
CVE-2004-2049 (eSeSIX Thintune thin clients running firmware 2.4.38 and earlier store ...)
	NOT-FOR-US: eSeSIX Thintune
CVE-2004-2048 (radmin in eSeSIX Thintune thin clients running firmware 2.4.38 and ...)
	NOT-FOR-US: no_package
CVE-2004-2047 (Directory traversal vulnerability in EasyWeb FileManager 1.0 RC-1 for ...)
	NOT-FOR-US: no_package
CVE-2004-2046 (Unknown vulnerability in APC PowerChute Business Edition 6.0 through ...)
	NOT-FOR-US: no_package
CVE-2004-2045 (The HTTP administration interface on Conceptronic CADSLR1 ADSL router ...)
	NOT-FOR-US: no_package
CVE-2004-2044 (PHP-Nuke 7.3, and other products that use the PHP-Nuke codebase such ...)
	NOT-FOR-US: no_package
CVE-2004-2043 (Buffer overflow in ibserver for Firebird Database 1.0 and other ...)
	{DSA-1014-1}
	- firebird2 1.5.3.4870-3 (bug #357580)
CVE-2004-2042 (Multiple SQL injection vulnerabilities in e107 0.615 allow remote ...)
	NOT-FOR-US: no_package
CVE-2004-2041 (PHP remote file inclusion vulnerability in secure_img_render.php in ...)
	NOT-FOR-US: no_package
CVE-2004-2040 (Multiple cross-site scripting (XSS) vulnerabilities in e107 0.615 ...)
	NOT-FOR-US: no_package
CVE-2004-2039 (e107 0.615 allows remote attackers to obtain sensitive information via ...)
	NOT-FOR-US: no_package
CVE-2004-2038 (Cross-site scripting (XSS) vulnerability in Land Down Under (LDU) ...)
	NOT-FOR-US: no_package
CVE-2004-2037 (Buffer overflow in Mollensoft Lightweight FTP Server 3.6 allows remote ...)
	NOT-FOR-US: no_package
CVE-2004-2036 (SQL injection vulnerability in the art_print function in print.inc.php ...)
	NOT-FOR-US: no_package
CVE-2004-2035 (MiniShare 1.3.2 allows remote attackers to cause a denial of service ...)
	NOT-FOR-US: no_package
CVE-2004-2034 (Buffer overflow in the (1) WTHoster and (2) WebDriver modules in ...)
	NOT-FOR-US: no_package
CVE-2004-2033 (Orenosv 0.5.9f allows remote attackers to cause a denial of service ...)
	NOT-FOR-US: no_package
CVE-2004-2032 (Netgear RP114 allows remote attackers to bypass the keyword based URL ...)
	NOT-FOR-US: no_package
CVE-2004-2031 (Cross-site scripting (XSS) vulnerability in user.php in e107 allows ...)
	NOT-FOR-US: no_package
CVE-2004-2030 (Multiple cross-site scripting (XSS) vulnerabilities in index.jsp for ...)
	NOT-FOR-US: no_package
CVE-2004-2029 (The Util_DecodeHTTPAuth function in BNBT BitTorrent Tracker Beta 7.5 ...)
	NOT-FOR-US: no_package
CVE-2004-2028 (Cross-site scripting (XSS) vulnerability in stats.php in e107 allows ...)
	NOT-FOR-US: no_package
CVE-2004-2027 (Buffer overflow in Icecast 2.0.0 and earlier allows remote attackers ...)
	- icecast2 2.0.1.debian-1
CVE-2004-2026 (Format string vulnerability in the logmsg function in svc.c for Pound ...)
	- pound 1.7-1
CVE-2004-2025 (SQL injection vulnerability in application_top.php for Zen Cart 1.1.3 ...)
	NOT-FOR-US: no_package
CVE-2004-2024 (The distribution of Zen Cart 1.1.4 before patch 2 includes certain ...)
	NOT-FOR-US: no_package
CVE-2004-2023 (SQL injection vulnerability in login.php in Zen Cart 1.1.2d, 1.1.4 ...)
	NOT-FOR-US: no_package
CVE-2004-2022 (ActivePerl 5.8.x and others, and Larry Wall's Perl 5.6.1 and others, ...)
	NOT-FOR-US: various perls on Windows
CVE-2004-2021 (Directory traversal vulnerability in file_manager.php in osCommerce ...)
	NOT-FOR-US: osCommerce
CVE-2004-2020 (Multiple cross-site scripting (XSS) vulnerabilities in Php-Nuke 6.x ...)
	NOT-FOR-US: php-nuke
CVE-2004-2019 (The WebLinks module in Php-Nuke 6.x through 7.3 allows remote ...)
	NOT-FOR-US: php-nuke
CVE-2004-2018 (PHP remote file inclusion vulnerability in index.php in Php-Nuke 6.x ...)
	NOT-FOR-US: php-nuke
CVE-2004-2017 (Multiple cross-site scripting (XSS) vulnerabilities in Turbo Traffic ...)
	NOT-FOR-US: Turbo Traffic Trader C (TTT-C)
CVE-2004-2016 (Stack-based buffer overflow in the HTTP server in NetChat 7.3 and ...)
	NOT-FOR-US: netchat
CVE-2004-2015 (Cross-site scripting (XSS) vulnerability in WebCT Campus Edition ...)
	NOT-FOR-US: WebCT
CVE-2004-2014 (Wget 1.9 and 1.9.1 allows local users to overwrite arbitrary files via ...)
	- wget 1.9.1-12
CVE-2004-2013 (Integer overflow in the SCTP_SOCKOPT_DEBUG_NAME SCTP socket option in ...)
	NOTE: kernel 2.4.23-pre5 to 2.4.25; 2.4.26 and 2.6 are reported ok
CVE-2004-2012 (The systrace_exit function in the systrace utility for NetBSD-current ...)
	NOT-FOR-US: NetBSD
CVE-2004-2011 (msxml3.dll in Internet Explorer 6.0.2600.0 allows remote attackers to ...)
	NOT-FOR-US: MSIE
CVE-2004-2010 (PHP remote file inclusion vulnerability in index.php in phpShop 0.7.1 ...)
	NOT-FOR-US: phpShop
CVE-2004-2009 (NukeJokes 1.7 and 2 Beta allows remote attackers to obtain the full ...)
	NOT-FOR-US: NukeJokes
CVE-2004-2008 (SQL injection vulnerability in modules.php in NukeJokes 1.7 and 2 Beta ...)
	NOT-FOR-US: NukeJokes
CVE-2004-2007 (Cross-site scripting (XSS) vulnerability in modules.php in NukeJokes ...)
	NOT-FOR-US: NukeJokes
CVE-2004-2006 (Trend Micro OfficeScan 3.0 - 6.0 has default permissions of &quot;Everyone ...)
	NOT-FOR-US: OfficeScan
CVE-2004-2005 (Buffer overflow in Eudora for Windows 5.2.1, 6.0.3, and 6.1 allows ...)
	NOT-FOR-US: Eudora
CVE-2004-2004 (The Live CD in SUSE LINUX 9.1 Personal edition is configured without a ...)
	NOT-FOR-US: SUSE Live CD
CVE-2004-2003 (Buffer overflow in the ssl_prcert function in the SSLway filter ...)
	NOT-FOR-US: DeleGate
CVE-2004-2002 (Unknown vulnerability in SGI IRIX 6.5 through 6.5.22m allows remote ...)
	NOT-FOR-US: IRIX
CVE-2004-2001 (ifconfig &quot;-arp&quot; in SGI IRIX 6.5 through 6.5.22m does not properly ...)
	NOT-FOR-US: IRIX
CVE-2004-2000 (SQL injection vulnerability in the Downloads module in Php-Nuke 6.x ...)
	NOT-FOR-US: Php-Nuke
CVE-2004-1999 (Cross-site scripting (XSS) vulnerability in the Downloads module in ...)
	NOT-FOR-US: Windows
CVE-2004-1998 (The Downloads module in Php-Nuke 6.x through 7.2 allows remote ...)
	NOT-FOR-US: php-nuke
CVE-2004-1997 (Kolab stores OpenLDAP passwords in plaintext in the slapd.conf file, ...)
	NOT-FOR-US: kolab
CVE-2004-1996 (Cross-site scripting (XSS) vulnerability in Simple Machines Forum ...)
	NOT-FOR-US: Simple Machines Forum
CVE-2004-1995 (Cross-Site Request Forgery (CSRF) vulnerability in FuseTalk 2.0 allows ...)
	NOT-FOR-US: FuseTalk
CVE-2004-1994 (FuseTalk 4.0 allows remote attackers to ban other users via a direct ...)
	NOT-FOR-US: FuseTalk
CVE-2004-1993 (The patch to the checklogin function in omail.pl for omail webmail ...)
	NOT-FOR-US: omail
CVE-2004-1992 (Buffer overflow in Serv-U FTP server before 5.0.0.6 allows remote ...)
	NOT-FOR-US: Serv-U
CVE-2004-1991 (Directory traversal vulnerability in Aldo's Web Server (aweb) 1.5 ...)
	NOT-FOR-US: aweb
CVE-2004-1990 (Aldo's Web Server (aweb) 1.5 allows remote attackers to gain sensitive ...)
	NOT-FOR-US: aweb
CVE-2004-1989 (PHP remote file inclusion vulnerability in theme.php in Coppermine ...)
	NOT-FOR-US: Coppermine
CVE-2004-1988 (PHP remote file inclusion vulnerability in init.inc.php in Coppermine ...)
	NOT-FOR-US: Coppermine
CVE-2004-1987 (picmgmtbatch.inc.php in Coppermine Photo Gallery 1.2.2b and 1.2.0 RC4 ...)
	NOT-FOR-US: Coppermine
CVE-2004-1986 (Directory traversal vulnerability in modules.php in Coppermine Photo ...)
	NOT-FOR-US: Coppermine
CVE-2004-1985 (Cross-site scripting (XSS) vulnerability in menu.inc.php in Coppermine ...)
	NOT-FOR-US: Coppermine
CVE-2004-1984 (Coppermine Photo Gallery 1.2.2b and 1.2.0 RC4 allows remote attackers ...)
	NOT-FOR-US: Coppermine
CVE-2004-1983 (The arch_get_unmapped_area function in mmap.c in the PaX patches for ...)
	- kernel-patch-adamantix <not-affected> (Only affects PaX for kernel 2.6)
CVE-2004-1982 (Post.pl in YaBB 1 Gold SP 1.2 allows remote attackers to modify ...)
	NOT-FOR-US: YaBB
CVE-2004-1981 (The web interface for Crystal Reports allows remote attackers to cause ...)
	NOT-FOR-US: Crystal Reports
CVE-2004-1980 (Directory traversal vulnerability in glossary.php in PROPS 0.6.1 ...)
	NOT-FOR-US: PROPS
CVE-2004-1979 (Cross-site scripting (XSS) vulnerability in do_search.php in PROPS ...)
	NOT-FOR-US: PROPS
CVE-2004-1978 (Cross-site scripting (XSS) vulnerability in help.php in Moodle before ...)
	- moodle 1.3
CVE-2004-1977 (3com NBX IP VOIP NetSet Configuration Manager allows remote attackers ...)
	NOT-FOR-US: 3com NBX IP VOIP NetSet Configuration Manager
CVE-2004-1976 (SMC Barricade broadband router 7008ABR and 7004VBR enable remote ...)
	NOT-FOR-US: SMC Barricade broadband router 7008ABR and 7004VBR
CVE-2004-1975 (Cross-site scripting (XSS) vulnerability in the category module in ...)
	NOT-FOR-US: paFileDB
CVE-2004-1974 (paFileDB 3.1 allows remote attackers to gain sensitive information via ...)
	NOT-FOR-US: paFileDB
CVE-2004-1973 (DiGi Web Server allows remote attackers to cause a denial of service ...)
	NOT-FOR-US: DiGi Web Server
CVE-2004-1972 (SQL injection vulnerability in modules.php in PHP-Nuke Video Gallery ...)
	NOT-FOR-US: PHP-Nuke
CVE-2004-1971 (modules.php in PHP-Nuke Video Gallery Module 0.1 Beta 5 allows remote ...)
	NOT-FOR-US: PHP-Nuke
CVE-2004-1970 (Samsung SmartEther SS6215S switch, and possibly other Samsung ...)
	NOT-FOR-US: Samsung SmartEther SS6215Sswitch
CVE-2004-1969 (The avatar upload capability in Open Bulletin Board (OpenBB) 1.0.6 and ...)
	NOT-FOR-US: OpenBB
CVE-2004-1968 (The readmsg action in myhome.php in Open Bulletin Board (OpenBB) 1.0.6 ...)
	NOT-FOR-US: OpenBB
CVE-2004-1967 (Cross-site request forgery (CSRF) vulnerabilities in (1) ...)
	NOT-FOR-US: OpenBB
CVE-2004-1966 (Multiple SQL injection vulnerabilities in Open Bulletin Board (OpenBB) ...)
	NOT-FOR-US: OpenBB
CVE-2004-1965 (Multiple cross-site scripting (XSS) vulnerabilities in Open Bulletin ...)
	NOT-FOR-US: OpenBB
CVE-2004-1964 (Cross-site scripting (XSS) vulnerability in nqt.php in Network Query ...)
	NOT-FOR-US: Network Query Tool (NQT)
CVE-2004-1963 (nqt.php in Network Query Tool (NQT) 1.6 allows remote attackers to ...)
	NOT-FOR-US: Network Query Tool (NQT)
CVE-2004-1962 (SQL injection vulnerability in index.php in Protector System 1.15b1 ...)
	NOT-FOR-US: Protector System
CVE-2004-1961 (blocker.php in Protector System 1.15b1 allows remote attackers to ...)
	NOT-FOR-US: Protector System
CVE-2004-1960 (Cross-site scripting (XSS) vulnerability in blocker_query.php in ...)
	NOT-FOR-US: Protector System
CVE-2004-1959 (blocker_query.php in Protector System 1.15b1 for PHP-Nuke allows ...)
	NOT-FOR-US: Protector System
CVE-2004-1958 (Directory traversal vulnerability in manifest.ini in Unreal engine ...)
	NOT-FOR-US: Unreal engine
CVE-2004-1957 (Multiple cross-site scripting (XSS) vulnerabilities in PostNuke 0.726 ...)
	NOT-FOR-US: PostNuke
CVE-2004-1956 (PostNuke 0.7.2.6 allows remote attackers to gain information via a ...)
	NOT-FOR-US: PostNuke
CVE-2004-1955 (SQL injection vulnerability in modules.php in phProfession 2.5 allows ...)
	NOT-FOR-US: phProfession
CVE-2004-1954 (Cross-site scripting (XSS) vulnerability in modules.php in ...)
	NOT-FOR-US: phProfession
CVE-2004-1953 (phProfession 2.5 allows remote attackers to gain sensitive information ...)
	NOT-FOR-US: phProfession
CVE-2004-1952 (SQL injection vulnerability in Advanced Guestbook 2.2 allows remote ...)
	NOT-FOR-US: Advanced Guestbook
CVE-2004-1951 (xine 1.x alpha, 1.x beta, and 1.0rc through 1.0rc3a, and xine-ui ...)
	- xine-ui 0.99.1
CVE-2004-1950 (phpBB 2.0.8a and earlier trusts the IP address that is in the ...)
	- phpbb2 2.0.9
CVE-2004-1949 (SQL injection vulnerability in PostNuke 7.2.6 and earlier allows ...)
	NOT-FOR-US: PostNuke
CVE-2004-1948 (NcFTP client 3.1.6 and 3.1.7, when the username and password are ...)
	- ncftp 2:3.1.8-1 (low)
CVE-2004-1947 (The AVXSCANONLINE.AvxScanOnlineCtrl.1 ActiveX control in BitDefender ...)
	NOT-FOR-US: bitdefender
CVE-2004-1946 (Format string vulnerability in the PRINT_ERROR function in common.c ...)
	- cherokee 0.4.21b01-1
CVE-2004-1945 (Buffer overflow in Kinesphere eXchange POP3 allows remote attackers to ...)
	NOT-FOR-US: Kinesphere eXchange POP3
CVE-2004-1944 (Eudora 6.1 and 6.0.3 for Windows allows remote attackers to cause a ...)
	NOT-FOR-US: Eudora
CVE-2004-1943 (PHP remote file inclusion vulnerability in album_portal.php in phpBB ...)
	NOT-FOR-US: phpbb as modified by przemo
CVE-2004-1942 (The Solaris 9 patches 113579-02 through 113579-05, and 114342-02 ...)
	NOT-FOR-US: Solaris
CVE-2004-1941 (Fastream NETFile FTP/Web Server 6.5.1.980 allows remote attackers to ...)
	NOT-FOR-US: Fastream NETFile FTP/Web Server
CVE-2004-1940 (sipclient.cpp in KPhone 4.0.1 and earlier allows remote attackers to ...)
	- kphone 1:4.0.2
CVE-2004-1939 (Cross-site scripting (XSS) vulnerability in Zaep AntiSpam 2.0 allows ...)
	NOT-FOR-US: Zaep
CVE-2004-1938 (SQL injection vulnerability in userlogin.php in Phorum 3.4.7 allows ...)
	NOT-FOR-US: Phorum
CVE-2004-1937 (Multiple directory traversal vulnerabilities in Nuked-KlaN 1.4b and ...)
	NOT-FOR-US: Nuked-KlaN
CVE-2004-1936 (ZoneAlarm Pro 4.5.538.001 and possibly other versions allows remote ...)
	NOT-FOR-US: ZoneAlarm
CVE-2004-1935 (Cross-site scripting (XSS) vulnerability in SCT Campus Pipeline allows ...)
	NOT-FOR-US: SCT Campus Pipeline
CVE-2004-1934 (PHP remote file inclusion vulnerability in affich.php in Gemitel 3.50 ...)
	NOT-FOR-US: Gemitel
CVE-2004-1933 (Citadel/UX 5.00 through 6.14 installs the database directory and files ...)
	NOT-FOR-US: Citadel
CVE-2004-1932 (SQL injection vulnerability in (1) auth.php and (2) admin.php in ...)
	NOT-FOR-US: PhpNuke
CVE-2004-1930 (Cross-site scripting (XSS) vulnerability in the cookiedecode function ...)
	NOT-FOR-US: PhpNuke
CVE-2004-1929 (SQL injection vulnerability in the bblogin function in functions.php ...)
	NOT-FOR-US: PhpNuke
CVE-2004-1928 (The image upload feature in Tiki CMS/Groupware (TikiWiki) 1.8.1 and ...)
	NOT-FOR-US: tikiwiki
CVE-2004-1927 (Directory traversal vulnerability in the map feature (tiki-map.phtml) ...)
	NOT-FOR-US: tikiwiki
CVE-2004-1926 (Tiki CMS/Groupware (TikiWiki) 1.8.1 and earlier allows remote ...)
	NOT-FOR-US: tikiwiki
CVE-2004-1925 (Multiple SQL injection vulnerabilities in Tiki CMS/Groupware ...)
	NOT-FOR-US: tikiwiki
CVE-2004-1924 (Multiple cross-site scripting (XSS) vulnerabilities in Tiki ...)
	NOT-FOR-US: tikiwiki
CVE-2004-1923 (Tiki CMS/Groupware (TikiWiki) 1.8.1 and earlier allows remote ...)
	NOT-FOR-US: tikiwiki
CVE-2004-1922 (Microsoft Internet Explorer 5.5 and 6.0 allocates memory based on the ...)
	NOT-FOR-US: MSIE
CVE-2004-1921 (X-Micro WLAN 11b Broadband Router 1.6.0.1 has a hardcoded &quot;1502&quot; ...)
	NOT-FOR-US: X-Micro WLAN 11b Broadband Router
CVE-2004-1920 (X-Micro WLAN 11b Broadband Router 1.2.2, 1.2.2.3, 1.2.2.4, and 1.6.0.0 ...)
	NOT-FOR-US: X-Micro WLAN 11b Broadband Router
CVE-2004-1919 (The hash_strcmp function in hasch.c in Crackalaka 1.0.8 allows remote ...)
	NOT-FOR-US: Crackalaka
CVE-2004-1918 (RSniff 1.0 allows remote attackers to cause a denial of service ...)
	NOT-FOR-US: rsniff
CVE-2004-1917 (Format string vulnerability in test_func_func in LCDProc 0.4.1 and ...)
	- lcdproc 0.4.5
CVE-2004-1916 (Multiple buffer overflows in LCDProc 0.4.1, and possibly other 0.4.x ...)
	- lcdproc 0.4.5
CVE-2004-1915 (Buffer overflow in the parse_all_client_messages function in LCDproc ...)
	- lcdproc 0.4.5
CVE-2004-1914 (SQL injection vulnerability in modules.php in NukeCalendar 1.1.a, as ...)
	NOT-FOR-US: phpnuke
CVE-2004-1913 (Cross-site scripting (XSS) vulnerability in modules.php in ...)
	NOT-FOR-US: phpnuke
CVE-2004-1912 (The (1) modules.php, (2) block-Calendar.php, (3) block-Calendar1.php, ...)
	NOT-FOR-US: phpnuke
CVE-2004-1911 (Cross-site scripting (XSS) vulnerability in AzDGDatingLite 2.1.1 ...)
	NOT-FOR-US: AzDGDatingLite
CVE-2004-1910 (rufsi.dll in Symantec Virus Detection allows remote attackers to cause ...)
	NOT-FOR-US: Symantec
CVE-2004-1909 (Claim Anti-Virus (ClamAV) 0.68 and earlier allows remote attackers to ...)
	- clamav 0.68.1
CVE-2004-1908 (McFreeScan.CoMcFreeScan.1 ActiveX object in Mcafee FreeScan allows ...)
	NOT-FOR-US: Mcafee FreeScan
CVE-2004-1907 (The Web Filtering functionality in Kerio Personal Firewall (KPF) ...)
	NOT-FOR-US: Kerio Personal Firewall
CVE-2004-1906 (Mcafee FreeScan allows remote attackers to cause a denial of service ...)
	NOT-FOR-US: Mcafee FreeScan
CVE-2004-1905 (ascontrol.dll in Panda ActiveScan 5.0 allows remote attackers to cause ...)
	NOT-FOR-US: Panda ActiveScan
CVE-2004-1904 (Buffer overflow in ascontrol.dll in Panda ActiveScan 5.0 allows remote ...)
	NOT-FOR-US: Panda ActiveScan
CVE-2004-1903 (Buffer overflow in blaxxun 3D 7.0 allows remote attackers to execute ...)
	NOT-FOR-US: blaxxun
CVE-2004-1902 (The Citrix MetaFrame Password Manager 2.0, when a central credential ...)
	NOT-FOR-US: Citrix MetaFrame Password Manager
CVE-2004-1901 (Portage before 2.0.50-r3 allows local users to overwrite arbitrary ...)
	NOT-FOR-US: gentoo portage
CVE-2004-1900 (Format string vulnerability in the logging function in IGI 2 Covert ...)
	NOT-FOR-US: IGI 2 Covert Strike server
CVE-2004-1899 (The administration interface in Monit 1.4 through 4.2 allows remote ...)
	- monit 1:4.2.1
CVE-2004-1898 (Stack-based buffer overflow in the administration interface in Monit ...)
	- monit 1:4.2.1-1
CVE-2004-1897 (Administration interface in Monit 1.4 through 4.2 allows remote ...)
	- monit 1:4.2.1-1
CVE-2004-1896 (Heap-based buffer overflow in in_mod.dll in Nullsoft Winamp 2.91 ...)
	NOT-FOR-US: no_package
CVE-2004-1895 (YaST Online Update (YOU) in SuSE 8.2 and 9.0 allows local users to ...)
	NOT-FOR-US: no_package
CVE-2004-1894 (TEXutil in ConTEXt, when executed with the --silent option, allows ...)
	NOT-FOR-US: no_package
CVE-2004-1893 (Dreamweaver MX, when &quot;Using Driver On Testing Server&quot; or &quot;Using DSN on ...)
	NOT-FOR-US: no_package
CVE-2004-1892 (Stack-based buffer overflow in DecodeBase16 function, as used in the ...)
	NOT-FOR-US: no_package
CVE-2004-1891 (The ftp_syslog function in ftpd in SGI IRIX 6.5.20 &quot;doesn't work with ...)
	NOT-FOR-US: no_package
CVE-2004-1890 (Unknown vulnerability in ftpd in SGI IRIX 6.5.20 through 6.5.23 allows ...)
	NOT-FOR-US: no_package
CVE-2004-1889 (Unknown vulnerability in ftpd in SGI IRIX 6.5.20 through 6.5.23 allows ...)
	NOT-FOR-US: no_package
CVE-2004-1888 (display.cgi in Aborior Encore WebForum allows remote to execute ...)
	NOT-FOR-US: no_package
CVE-2004-1887 (Ada Image Server (ImgSvr) 0.4 allows remote attackers to view ...)
	NOT-FOR-US: no_package
CVE-2004-1886
	REJECTED
	NOT-FOR-US: no_package
CVE-2004-1885 (Ipswitch WS_FTP Server 4.0.2 allows remote authenticated users to ...)
	NOT-FOR-US: no_package
CVE-2004-1884 (Ipswitch WS_FTP Server 4.0.2 has a backdoor XXSESS_MGRYY username with ...)
	NOT-FOR-US: no_package
CVE-2004-1883 (Multiple buffer overflows in Ipswitch WS_FTP Server 4.0.2 (1) allow ...)
	NOT-FOR-US: no_package
CVE-2004-1882 (Cross-site scripting (XSS) vulnerability in popuplargeimage.asp in ...)
	NOT-FOR-US: no_package
CVE-2004-1881 (SQL injection vulnerability in (1) mailorder.asp or (2) payonline.asp ...)
	NOT-FOR-US: no_package
CVE-2004-1880 (Memory leak in the back-bdb backend for OpenLDAP 2.1.12 and earlier ...)
	- openldap2 2.1.17-1
CVE-2004-1879 (Cross-site scripting (XSS) vulnerability in PHPKIT 1.6.03 allows ...)
	NOT-FOR-US: no_package
CVE-2004-1878 (LINBOX LIN:BOX allows remote attackers to bypass authentication, ...)
	NOT-FOR-US: no_package
CVE-2004-1877 (The p_submit_url value in the sample login form in the Oracle 9i ...)
	NOT-FOR-US: no_package
CVE-2004-1876 (The &quot;%f&quot; feature in the VirusEvent directive in Clam AntiVirus daemon ...)
	- clamav 0.70-1
CVE-2004-1875 (Multiple cross-site scripting (XSS) vulnerabilities in cPanel ...)
	NOT-FOR-US: no_package
CVE-2004-1874 (Multiple cross-site scripting (XSS) vulnerabilities in (1) deliver.asp ...)
	NOT-FOR-US: no_package
CVE-2004-1873 (SQL injection vulnerability in category.asp in A-CART Pro and A-CART ...)
	NOT-FOR-US: no_package
CVE-2004-1872 (Cross-site scripting (XSS) vulnerability in WebCT Campus Edition ...)
	NOT-FOR-US: no_package
CVE-2004-1871 (Multiple cross-site scripting (XSS) vulnerabilities in PhotoPost PHP ...)
	NOT-FOR-US: no_package
CVE-2004-1870 (Multiple SQL injection vulnerabilities in PhotoPost PHP Pro 4.6.x and ...)
	NOT-FOR-US: no_package
CVE-2004-1869 (Etherlords I 1.07 and earlier and Etherlords II 1.03 and earlier ...)
	NOT-FOR-US: no_package
CVE-2004-1868 (Stack-based buffer overflow in WinSig.exe in eSignal 7.5 and 7.6 ...)
	NOT-FOR-US: no_package
CVE-2004-1867 (Cross-site scripting (XSS) vulnerability in guest.cgi in Fresh Guest ...)
	NOT-FOR-US: no_package
CVE-2004-1866 (nstxd in Nstx 1.1 beta3 and earlier allows remote attackers to cause a ...)
	- nstx 1.1-beta4-1
CVE-2004-1865 (Cross-site scripting (XSS) vulnerability in the administration panel ...)
	NOT-FOR-US: no_package
CVE-2004-1864 (SQL injection vulnerability in Extreme Messageboard (XMB) 1.9 beta ...)
	NOT-FOR-US: no_package
CVE-2004-1863 (Multiple cross-site scripting (XSS) vulnerabilities in XMB (aka ...)
	NOT-FOR-US: no_package
CVE-2004-1862 (Multiple cross-site scripting (XSS) vulnerabilities in Extreme ...)
	NOT-FOR-US: no_package
CVE-2004-1861 (Invision NetSupport School Pro uses a weak encryption algorithm to ...)
	NOT-FOR-US: no_package
CVE-2004-1860 (Buffer overflow in Check Point SmartDashboard in Check Point NG AI R54 ...)
	NOT-FOR-US: no_package
CVE-2004-1859 (Directory traversal vulnerability in Trend Micro Interscan Web ...)
	NOT-FOR-US: no_package
CVE-2004-1858 (HP Web Jetadmin 7.5.2546 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: no_package
CVE-2004-1857 (Directory traversal vulnerability in setinfo.hts in HP Web Jetadmin ...)
	NOT-FOR-US: no_package
CVE-2004-1856 (devices_update_printer_fw_upload.hts in HP Web JetAdmin 7.5.2546, when ...)
	NOT-FOR-US: no_package
CVE-2004-1855 (Dark Age of Camelot before 1.68 live patch does not sign the RSA ...)
	NOT-FOR-US: no_package
CVE-2004-1854 (Buffer overflow in the logging function in Picophone 1.63 and earlier ...)
	NOT-FOR-US: no_package
CVE-2004-1853 (Buffer overflow in Terminator 3: War of the Machines 1.0 allows remote ...)
	NOT-FOR-US: no_package
CVE-2004-1852 (DameWare Mini Remote Control 3.x before 3.74 and 4.x before 4.2 ...)
	NOT-FOR-US: no_package
CVE-2004-1851 (Dameware Mini Remote Control 4.1.0.0 uses insufficiently random data ...)
	NOT-FOR-US: no_package
CVE-2004-1850 (The Rage 1.01 and earlier allows remote attackers to cause a denial of ...)
	NOT-FOR-US: no_package
CVE-2004-1849 (Multiple cross-site scripting (XSS) vulnerabilities in cPanel 9.1.0 ...)
	NOT-FOR-US: no_package
CVE-2004-1848 (Ipswitch WS_FTP Server 4.0.2 allows remote attackers to cause a denial ...)
	NOT-FOR-US: no_package
CVE-2004-1847 (News Manager Lite 2.5 allows remote attackers to bypass authentication ...)
	NOT-FOR-US: no_package
CVE-2004-1846 (Multiple SQL injection vulnerabilities in News Manager Lite 2.5 allow ...)
	NOT-FOR-US: no_package
CVE-2004-1845 (Multiple cross-site scripting (XSS) vulnerabilities in News Manager ...)
	NOT-FOR-US: no_package
CVE-2004-1844 (Cross-site scripting (XSS) vulnerability in Member Management System ...)
	NOT-FOR-US: no_package
CVE-2004-1843 (SQL injection vulnerability in Member Management System 2.1 allows ...)
	NOT-FOR-US: no_package
CVE-2004-1842 (Cross-site request forgery (CSRF) vulnerability in Php-Nuke 6.x ...)
	NOT-FOR-US: no_package
CVE-2004-1841 (SQL injection vulnerability in MS Analysis module 2.0 for PHP-Nuke ...)
	NOT-FOR-US: no_package
CVE-2004-1840 (Multiple cross-site scripting (XSS) vulnerabilities in MS Analysis ...)
	NOT-FOR-US: no_package
CVE-2004-1839 (MS Analysis module 2.0 for PHP-Nuke allows remote attackers to obtain ...)
	NOT-FOR-US: no_package
CVE-2004-1838 (Directory traversal vulnerability in xweb 1.0 allows remote attackers ...)
	NOT-FOR-US: no_package
CVE-2004-1837 (Cross-site scripting (XSS) vulnerability in Mod_survey 3.0.x before ...)
	NOT-FOR-US: no_package
CVE-2004-1836 (SQL injection vulnerability in index.php in Invision Power Top Site ...)
	NOT-FOR-US: no_package
CVE-2004-1835 (Multiple SQL injection vulnerabilities in index.php in Invision ...)
	NOT-FOR-US: no_package
CVE-2004-1834 (mod_disk_cache in Apache 2.0 through 2.0.49 stores client headers, ...)
	- apache2 2.0.53-1
CVE-2004-1833 (The admin.ib file in Borland Interbase 7.1 for Linux has default world ...)
	NOT-FOR-US: no_package
CVE-2004-1832 (Buffer overflow in the GUI admin service in Mac OS X Server 10.3 ...)
	NOT-FOR-US: no_package
CVE-2004-1831 (Buffer overflow in Chrome 1.2.0.0 and earlier allows remote attackers ...)
	NOT-FOR-US: no_package
CVE-2004-1830 (error.php in Error Manager 2.1 for PHP-Nuke 6.0 allows remote ...)
	NOT-FOR-US: no_package
CVE-2004-1829 (Multiple cross-site scripting (XSS) vulnerabilities in error.php in ...)
	NOT-FOR-US: no_package
CVE-2004-1828 (Vcard 2.9 and possibly other versions does not require authorization ...)
	NOT-FOR-US: no_package
CVE-2004-1827 (Cross-site scripting (XSS) vulnerability in YaBB 1 Gold(SP1.3) and ...)
	NOT-FOR-US: no_package
CVE-2004-1826 (SQL injection vulnerability in index.php in Mambo Open Source 4.5 ...)
	NOT-FOR-US: no_package
CVE-2004-1825 (Cross-site scripting (XSS) vulnerability in index.php in Mambo Open ...)
	NOT-FOR-US: no_package
CVE-2004-1824 (Cross-site scripting (XSS) vulnerability in Jelsoft vBulletin before ...)
	NOT-FOR-US: no_package
CVE-2004-1823 (Multiple cross-site scripting (XSS) vulnerabilities in Jelsoft ...)
	NOT-FOR-US: no_package
CVE-2004-1822 (Multiple cross-site scripting (XSS) vulnerabilities in Phorum 3.1 ...)
	NOT-FOR-US: no_package
CVE-2004-1821 (SQL injection vulnerability in 4nalbum 0.92 for PHP-Nuke 6.5 through ...)
	NOT-FOR-US: no_package
CVE-2004-1820 (PHP remote file inclusion vulnerability in displaycategory.php in ...)
	NOT-FOR-US: no_package
CVE-2004-1819 (4nalbum 0.92 for PHP-Nuke 6.5 through 7.0 allows remote attackers to ...)
	NOT-FOR-US: no_package
CVE-2004-1818 (Cross-site scripting (XSS) vulnerability in nmimage.php in 4nalbum ...)
	NOT-FOR-US: no_package
CVE-2004-1817 (Cross-site scripting (XSS) vulnerability in modules.php in Php-Nuke ...)
	NOT-FOR-US: no_package
CVE-2004-1816 (Unknown vulnerability in Sun Java System Application Server 7.0 Update ...)
	NOT-FOR-US: no_package
CVE-2004-1815 (Unknown vulnerability in ColdFusion MX 6.0 and 6.1, and JRun 4.0, when ...)
	NOT-FOR-US: no_package
CVE-2004-1814 (Directory traversal vulnerability in VocalTec VGW4/8 Gateway 8.0 ...)
	NOT-FOR-US: no_package
CVE-2004-1813 (VocalTec VGW4/8 Gateway 8.0 allows remote attackers to bypass ...)
	NOT-FOR-US: no_package
CVE-2004-1812 (Multiple stack-based buffer overflows in Agent Common Services (1) ...)
	NOT-FOR-US: no_package
CVE-2004-1811 (The SSL HTTP Server in HP Web-enabled Management Software 5.0 through ...)
	NOT-FOR-US: no_package
CVE-2004-1810 (The Javascript engine in Opera 7.23 allows remote attackers to cause a ...)
	NOT-FOR-US: no_package
CVE-2004-1809 (Cross-site scripting (XSS) vulnerability in phpBB 2.0.6d and earlier ...)
	- phpbb2 2.0.10-1
	NOTE: probably fixed in 2.0.6d-3
CVE-2004-1808 (Extcompose in metamail does not verify the output file before writing ...)
	NOTE: according to Jeroen van Wolffelaar this is not a bug in metamail
	NOTE: see bug #308875
CVE-2004-1807 (Cross-site scripting (XSS) vulnerability in index.cfm in CFWebstore ...)
	NOT-FOR-US: no_package
CVE-2004-1806 (SQL injection vulnerability in index.cfm in CFWebstore 5.0 allows ...)
	NOT-FOR-US: no_package
CVE-2004-1805 (Format string vulnerability in games using the Epic Games Unreal ...)
	NOT-FOR-US: no_package
CVE-2004-1804 (wMCam server 2.1.348 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: no_package
CVE-2004-1802 (Chat Anywhere 2.72 and earlier allows remote attackers to hide their ...)
	NOT-FOR-US: no_package
CVE-2004-1801 (Directory traversal vulnerability in PWebServer 0.3.3 allows remote ...)
	NOT-FOR-US: no_package
CVE-2004-1800 (Unknown vulnerability in Sysbotz SimpleData 4.0.1 and possibly earlier ...)
	NOT-FOR-US: no_package
CVE-2004-1799 (PF in certain OpenBSD versions, when stateful filtering is enabled, ...)
	NOT-FOR-US: no_package
CVE-2004-1798 (RealOne player 6.0.11.868 allows remote attackers to execute arbitrary ...)
	NOT-FOR-US: no_package
CVE-2004-1797 (Cross-site scripting (XSS) vulnerability in search.php for FreznoShop ...)
	NOT-FOR-US: no_package
CVE-2004-1796 (PHP remote file inclusion vulnerability in HotNews 0.7.2 and earlier ...)
	NOT-FOR-US: no_package
CVE-2004-1795 (Info Touch Surfnet kiosk allows local users to access the underlying ...)
	NOT-FOR-US: no_package
CVE-2004-1794 (Cross-site scripting (XSS) vulnerability in the VCard4J Toolkit allows ...)
	NOT-FOR-US: no_package
CVE-2004-1793 (Stack-based buffer overflow in swnet.dll in YaSoft Switch Off 2.3 and ...)
	NOT-FOR-US: no_package
CVE-2004-1792 (swnet.dll in YaSoft Switch Off 2.3 and earlier allows remote attackers ...)
	NOT-FOR-US: no_package
CVE-2004-1791 (The web management interface in Edimax AR-6004 ADSL Routers uses a ...)
	NOT-FOR-US: Edimax Router
CVE-2004-1790 (Cross-site scripting (XSS) vulnerability in the web management ...)
	NOT-FOR-US: Edimax Router
CVE-2004-1789 (Cross-site scripting (XSS) vulnerability in the web management ...)
	NOT-FOR-US: ZyWALL
CVE-2004-1788 (ASP-Nuke 1.3 and earlier places user credentials under the web ...)
	NOT-FOR-US: ASP-Nuke
CVE-2004-1787 (SQL injection vulnerability in PostCalendar 4.0.0 allows remote ...)
	NOT-FOR-US: PostCalendar
CVE-2004-1786 (PortalApp places user credentials under the web root with insufficient ...)
	NOT-FOR-US: PortalApp
CVE-2004-1785 (SQL injection vulnerability in calendar.php for Invision Power Board ...)
	NOT-FOR-US: Invision Power Board
CVE-2004-1784 (Buffer overflow in the web server of Webcam Watchdog 3.63 allows ...)
	NOT-FOR-US: web server of Webcam Watchdog
CVE-2004-1783 (Directory traversal vulnerability in Net2Soft Flash FTP Server 1.0 ...)
	NOT-FOR-US: Net2Soft Flash FTP Server
CVE-2004-1782 (athenareg.php in Athena Web Registration allows remote attackers to ...)
	NOT-FOR-US: Athena Web Registration
CVE-2004-1781 (Info Touch Surfnet kiosk allows local users to crash Surfnet and ...)
	NOT-FOR-US: Info Touch Surfnet kiosk
CVE-2004-1780 (Info Touch Surfnet kiosk allows local users to deposit extra time into ...)
	NOT-FOR-US: Info Touch Surfnet kiosk
CVE-2004-1779 (Cross-site scripting (XSS) vulnerability in board.php for ThWboard ...)
	NOT-FOR-US: ThWboard
CVE-2003-1202 (The checklogin function in omail.pl for omail webmail 0.98.4 and ...)
	NOT-FOR-US: omail webmail
CVE-2003-1201 (ldbm_back_exop_passwd in the back-ldbm backend in passwd.c for ...)
	- openldap2 2.1.17-1
CVE-2003-1200 (Stack-based buffer overflow in FORM2RAW.exe in Alt-N MDaemon 6.5.2 ...)
	NOT-FOR-US: MDaemon
CVE-2003-1199 (Cross-site scripting (XSS) vulnerability in MyProxy 20030629 allows ...)
	NOT-FOR-US: MyProxy
CVE-2003-1198 (connection.c in Cherokee web server before 0.4.6 allows remote ...)
	- cherokee 0.4.21b01-1
CVE-2003-1196 (SQL injection vulnerability in viewtopic.asp in VieBoard 2.6 allows ...)
	NOT-FOR-US: VieBoard
CVE-2003-1195 (SQL injection vulnerability in getmember.asp in VieBoard 2.6 Beta 1 ...)
	NOT-FOR-US: VieBoard
CVE-2003-1194 (Cross-site scripting (XSS) vulnerability in Booby .1 through 0.2.3 ...)
	NOT-FOR-US: Booby
CVE-2003-1193 (Multiple SQL injection vulnerabilities in the Portal DB (1) List of ...)
	NOT-FOR-US: Portal DB
CVE-2003-1192 (Stack-based buffer overflow in IA WebMail Server 3.1.0 allows remote ...)
	NOT-FOR-US: IA WebMail Server
CVE-2003-1191 (chatbox.php in e107 0.554 and 0.603 allows remote attackers to cause a ...)
	NOT-FOR-US: e107
CVE-2003-1190 (Cross-site scripting (XSS) vulnerability in PHPRecipeBook 1.24 through ...)
	NOT-FOR-US: PHPRecipeBook
CVE-2003-1189 (Unknown vulnerability in Nokia IPSO 3.7, configured as IP Clusters, ...)
	NOT-FOR-US: Nokia IPSO
CVE-2003-1188 (Unichat allows remote attackers to cause a denial of service (crash) ...)
	NOT-FOR-US: Unichat
CVE-2003-1187 (Cross-site scripting (XSS) vulnerability in include.php in PHPKIT ...)
	NOT-FOR-US: PHPKIT
CVE-2003-1186 (Buffer overflow in TelCondex SimpleWebServer 2.12.30210 Build3285 ...)
	NOT-FOR-US: TelCondex SimpleWebServer
CVE-2003-1185 (Multiple SQL injection vulnerabilities in ThWboard before Beta 2.8.2 ...)
	NOT-FOR-US: ThWboard
CVE-2003-1184 (Multiple cross-site scripting (XSS) vulnerabilities in ThWboard Beta ...)
	NOT-FOR-US: ThWboard
CVE-2003-1183 (The WebCache component in Oracle Files 9.0.3.1.0, 9.0.3.2.0, and ...)
	NOT-FOR-US: Oracle Collaboration Suite
CVE-2003-1182 (Cross-site scripting (XSS) vulnerability in MPM Guestbook 1.2 allows ...)
	NOT-FOR-US: MPM Guestbook
CVE-2003-1181 (Advanced Poll 2.0.2 allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: Advanced Poll
CVE-2003-1180 (Directory traversal vulnerability in Advanced Poll 2.0.2 allows remote ...)
	NOT-FOR-US: Advanced Poll
CVE-2003-1179 (Multiple PHP remote file inclusion vulnerabilities in Advanced Poll ...)
	NOT-FOR-US: Advanced Poll
CVE-2003-1178 (Eval injection vulnerability in comments.php in Advanced Poll 2.0.2 ...)
	NOT-FOR-US: Advanced Poll
CVE-2003-1177 (Buffer overflow in the base64 decoder in MERCUR Mailserver 4.2 before ...)
	NOT-FOR-US: MERCUR Mailserver
CVE-2003-1176 (post_message_form.asp in Web Wiz Forums 6.34 through 7.5, when quote ...)
	NOT-FOR-US: Web Wiz Forums
CVE-2003-1175 (Cross-site scripting (XSS) vulnerability in index.php in Sympoll 1.5 ...)
	NOT-FOR-US: Sympoll
CVE-2003-1174 (Buffer overflow in NullSoft Shoutcast Server 1.9.2 allows local users ...)
	NOT-FOR-US: NullSoft Shoutcast Server
CVE-2003-1173 (Centrinity FirstClass 7.1 allows remote attackers to access sensitive ...)
	NOT-FOR-US: Centrinity FirstClass
CVE-2003-1172 (Directory traversal vulnerability in the view-source sample file in ...)
	NOT-FOR-US: Apache Software Foundation Cocoon
CVE-2003-1171 (Heap-based buffer overflow in the sec_filter_out function in ...)
	- libapache-mod-security 1.8.4-1
CVE-2003-1170 (Format string vulnerability in main.cpp in kpopup 0.9.1 and 0.9.5pre2 ...)
	NOT-FOR-US: kpopup
CVE-2003-1169 (DATEV Nutzungskontrolle 2.1 and 2.2 has insecure write permissions for ...)
	NOT-FOR-US: DATEV Nutzungskontrolle
CVE-2003-1167 (misc.cpp in KPopup 0.9.1 trusts the PATH variable when executing ...)
	NOT-FOR-US: kpopup
CVE-2003-1166 (Directory traversal vulnerability in (1) Openfile.aspx and (2) ...)
	NOT-FOR-US: HTTP Commander
CVE-2003-1165 (Buffer overflow in BRS WebWeaver 1.06 and earlier allows remote ...)
	NOT-FOR-US: BRS WebWeaver
CVE-2003-1164 (Cross-site scripting (XSS) vulnerability in Mldonkey 2.5-4 allows ...)
	- mldonkey 2.5.11-1
CVE-2003-1163 (hash.c in Ganglia gmond 2.5.3 allows remote attackers to cause a ...)
	NOT-FOR-US: Ganglia gmond
CVE-2003-1162 (index.php in Tritanium Bulletin Board 1.2.3 allows remote attackers to ...)
	NOT-FOR-US: Tritanium Bulletin Board
CVE-2003-1161 (exit.c in Linux kernel 2.6-test9-CVS, as stored on kernel.bkbits.net, ...)
	- linux-2.6 <not-affected> (Never released, only temporary in Bitkeeper)
CVE-2003-1160 (FlexWATCH Network video server 132 allows remote attackers to bypass ...)
	NOT-FOR-US: FlexWATCH
CVE-2003-1159 (Plug and Play Web Server Proxy 1.0002c allows remote attackers to ...)
	NOT-FOR-US: Plug and Play Web Server
CVE-2003-1158 (Multiple buffer overflows in the FTP service in Plug and Play Web ...)
	NOT-FOR-US: Plug and Play Web Server
CVE-2003-1157 (Cross-site scripting (XSS) vulnerability in login.asp in Citrix ...)
	NOT-FOR-US: Citrix
CVE-2003-1156 (Java Runtime Environment (JRE) and Software Development Kit (SDK) ...)
	NOT-FOR-US: Sun JRE/SDK
CVE-2003-1155 (X-CD-Roast 0.98 alpha10 through alpha14 allows local users to ...)
	- xcdroast 0.98+0alpha15-1 (bug #310046)
CVE-2003-1154 (MAILsweeper for SMTP 4.3 allows remote attackers to bypass virus ...)
	NOT-FOR-US: MAILsweeper
CVE-2003-1153 (byteHoard 0.7 and 0.71 allows remote attackers to list arbitrary files ...)
	NOT-FOR-US: byteHoard
CVE-2003-1152 (WebTide 7.04 allows remote attackers to list arbitrary directories via ...)
	NOT-FOR-US: WebTide
CVE-2003-1151 (Cross-site scripting (XSS) vulnerability in Fastream NETFile Server ...)
	NOT-FOR-US: Fastream
CVE-2003-1150 (Buffer overflow in the portmapper service (PMAP.NLM) in Novell NetWare ...)
	NOT-FOR-US: Novell portmapper
CVE-2003-1149 (Cross-site scripting (XSS) vulnerability in Symantec Norton Internet ...)
	NOT-FOR-US: Symantec Norton Internet Security
CVE-2003-1148 (Multiple PHP remote file inclusion vulnerabilities in J-Pierre DEZELUS ...)
	NOT-FOR-US: Les Visiteurs
CVE-2003-1147
	REJECTED
CVE-2003-1146 (Cross-site scripting (XSS) vulnerability in John Beatty Easy PHP Photo ...)
	NOT-FOR-US: Easy PHP Photo Album
CVE-2003-1145 (Cross-site scripting (XSS) vulnerability in friendmail.php in ...)
	NOT-FOR-US: OpenAutoClassifieds
CVE-2003-1144 (Buffer overflow in the log viewing interface in Perception LiteServe ...)
	NOT-FOR-US: Perception LiteServe
CVE-2003-1143 (Croteam Serious Sam demo test 2 2.1a, Serious Sam: the First Encounter ...)
	NOT-FOR-US: Croteam Serious Sam demo
CVE-2003-1142 (Help in NIPrint LPD-LPR Print Server 4.10 and earlier executes Windows ...)
	NOT-FOR-US: NIPrint LPD-LPR
CVE-2003-1141 (Buffer overflow in NIPrint 4.10 allows remote attackers to execute ...)
	NOT-FOR-US: NIPrint LPD-LPR
CVE-2003-1140 (Buffer overflow in Musicqueue 1.2.0 allows local users to execute ...)
	NOT-FOR-US: Musicqueue
CVE-2003-1139 (Musicqueue 1.2.0 allows local users to overwrite arbitrary files by ...)
	NOT-FOR-US: Musicqueue
CVE-2003-1138 (The default configuration of Apache 2.0.40, as shipped with Red Hat ...)
	- apache2 <not-affected> (Red Hat specific default config)
CVE-2003-1137 (Charles Steinkuehler sh-httpd 0.3 and 0.4 allows remote attackers to ...)
	NOT-FOR-US: sh-httpd
CVE-2003-1136 (Cross-site scripting (XSS) vulnerability in Chi Kien Uong Guestbook ...)
	NOT-FOR-US: Chi Kien Uong Guestbook
CVE-2003-1135 (Buffer overflow in Yahoo! Messenger 5.6 allows remote attackers to ...)
	NOT-FOR-US: Yahoo! Messenger
CVE-2003-1134 (Sun Java 1.3.1, 1.4.1, and 1.4.2 allows local users to cause a denial ...)
	NOT-FOR-US: Sun JVM
CVE-2003-1133 (Rit Research Labs The Bat! 1.0.11 through 2.0 creates new accounts ...)
	NOT-FOR-US: The Bat!
CVE-2002-1660 (calendar.php in vBulletin before 2.2.0 allows remote attackers to ...)
	NOT-FOR-US: vBulletin
CVE-2002-1659 (user_profile.asp in PortalApp 2.2 allows local users to gain ...)
	NOT-FOR-US: PortalApp
CVE-2001-1477 (The Domain gateway in BEA Tuxedo 7.1 does not perform authorization ...)
	NOT-FOR-US: BEA Tuxedo
CVE-2005-1477 (The install function in Firefox 1.0.3 allows remote web sites on the ...)
	- mozilla-firefox 1.0.4-1
CVE-2005-1476 (Firefox 1.0.3 allows remote attackers to execute arbitrary Javascript ...)
	- mozilla-firefox 1.0.4-1
CVE-2005-1475 (The XMLHttpRequest object in Opera 8.0 Final Build 1095 allows remote ...)
	NOT-FOR-US: Opera
CVE-2005-1474 (Dashboard in Apple Mac OS X 10.4.1 allows remote attackers to install ...)
	NOT-FOR-US: Apple
CVE-2005-1473 (SecurityAgent in Apple Mac OS X 10.4.1 allows attackers with physical ...)
	NOT-FOR-US: Apple
CVE-2005-1472 (Certain system calls in Apple Mac OS X 10.4.1 do not properly enforce ...)
	NOT-FOR-US: Apple
CVE-2005-1471 (Heap-based buffer overflow in RSA SecurID Web Agent 5, 5.2, and 5.3 ...)
	NOT-FOR-US: RSA SecurID Web Agent
CVE-2005-XXXX [race condition with a buffered temp file]
	- pysvn 1.1.2-3
CVE-2005-XXXX [mailutils: sql injection vulnerability in sql authentication module]
	- mailutils 1:0.6.1-2
CVE-2005-XXXX [maradns: More frequent rekeying to mitigate possible AES attacks]
	- maradns 1.0.27-1
CVE-2005-2352 [Temp file races in gs-gpl addons scripts]
	RESERVED
	- gs-gpl 8.56.dfsg.1-1 (bug #291373; unimportant)
CVE-2005-XXXX [Possible SQL injection in freeradius]
	- freeradius 1.0.2-4
CVE-2005-2353 (run-mozilla.sh in Thunderbird, with debugging enabled, allows local ...)
	{DSA-1051-1 DSA-1046-1}
	- mozilla-thunderbird 1.0.6-1 (bug #306893; low)
	[sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8 (low)
	- firefox 1.5.dfsg+1.5.0.2-1
	- thunderbird 1.5.0.2-1
	- xulrunner 1.8.0.1-9
CVE-2005-XXXX [Directory traversal in unzoo]
	- unzoo 4.4-4
CVE-2005-XXXX [Logging bypassing through SIGHUP in syslog-ng]
	- syslog-ng 1.6.5-2.1
CVE-2005-XXXX [trackballs: Follows symlinks as gid games]
	- trackballs 1.1.1-1 (bug #302454; medium)
	[sarge] - trackballs <no-dsa> (Hardly exploitable)
	NOTE: CVE request sent to mitre (who sent this? any response?)
	NOTE: Trackballs doesn't run as gid games anymore, high-score files are
	NOTE: stored in user's home directories instead.
CVE-2005-1470 (Multiple unknown vulnerabilities in the (1) TZSP, (2) MGCP, (3) ISUP, ...)
	- ethereal 0.10.10-2sarge2
CVE-2005-1469 (Unknown vulnerability in the GSM dissector in Ethereal before 0.10.11 ...)
	- ethereal 0.10.10-2sarge2
CVE-2005-1468 (Multiple unknown vulnerabilities in the (1) WSP, (2) Q.931, (3) H.245, ...)
	- ethereal 0.10.10-2sarge2
CVE-2005-1467 (Unknown vulnerability in the NDPS dissector in Ethereal before 0.10.11 ...)
	- ethereal 0.10.10-2sarge2
CVE-2005-1466 (Unknown vulnerability in the DICOM dissector in Ethereal before ...)
	- ethereal 0.10.10-2sarge2
CVE-2005-1465 (Unknown vulnerability in the NCP dissector in Ethereal before 0.10.11 ...)
	- ethereal 0.10.10-2sarge2
CVE-2005-1464 (Multiple unknown vulnerabilities in the (1) KINK, (2) L2TP, (3) MGCP, ...)
	- ethereal 0.10.10-2sarge2
CVE-2005-1463 (Multiple format string vulnerabilities in the (1) DHCP and (2) ANSI A ...)
	- ethereal 0.10.10-2sarge2
CVE-2005-1462 (Double free vulnerability in the ICEP dissector in Ethereal before ...)
	- ethereal 0.10.10-2sarge2
CVE-2005-1461 (Multiple buffer overflows in the (1) SIP, (2) CMIP, (3) CMP, (4) CMS, ...)
	- ethereal 0.10.10-2sarge2
CVE-2005-1460 (Multiple unknown dissectors in Ethereal before 0.10.11 allow remote ...)
	- ethereal 0.10.10-2sarge2
CVE-2005-1459 (Multiple unknown vulnerabilities in the (1) WSP, (2) BER, (3) SMB, (4) ...)
	- ethereal 0.10.10-2sarge2
CVE-2005-1458 (Multiple unknown &quot;other problems&quot; in the KINK dissector in Ethereal ...)
	- ethereal 0.10.10-2sarge2
CVE-2005-1457 (Multiple unknown vulnerabilities in the (1) AIM, (2) LDAP, (3) ...)
	- ethereal 0.10.10-2sarge2
CVE-2005-1456 (Multiple unknown vulnerabilities in the (1) DHCP and (2) Telnet ...)
	- ethereal 0.10.10-2sarge2
CVE-2005-1455 (Buffer overflow in the sql_escape_func function in the SQL module for ...)
	- freeradius 1.0.2-4
CVE-2005-1454 (SQL injection vulnerability in the radius_xlat function in the SQL ...)
	- freeradius 1.0.2-4
CVE-2005-1453 (fetchnews in leafnode 1.9.48 to 1.11.1 allows remote NNTP servers to ...)
	- leafnode 1.11.2.rel-1
CVE-2004-2069 (sshd.c in OpenSSH 3.6.1p2 and 3.7.1p2 and possibly other versions, ...)
	- openssh 1:3.8p1
CVE-2004-2068 (fetchnews in leafnode 1.9.47 and earlier allows remote attackers to ...)
	- leafnode <not-affected> (Leafnode2 development branch)
CVE-2002-1661 (The leafnode server in leafnode 1.9.20 to 1.9.29 allows remote ...)
	- leafnode <not-affected> (Leafnode2 development branch)
CVE-2005-XXXX [Missing input validation in xtradius]
	- xtradius 1.2.1-beta2-2 (bug #307796; unimportant)
CVE-2005-XXXX [fai tempfile vulnerability]
	- fai 2.8.2
CVE-2005-2354 [nvu uses old copy of mozilla xpcom]
	RESERVED
	NOTE: have not checked to see which security holes are in it exactly
	- nvu <unfixed> (bug #306822; medium)
CVE-2005-2356
	RESERVED
	NOTE: This was assigned to an eskuel non-issue before due to Red Hat typos
CVE-2005-XXXX [Buffer overflow in elog's header buffer]
	- elog 2.5.7+r1558-3 (bug #349528; high)
CVE-2005-XXXX [Unspeficied security issue in ipsec-tool's single DES support]
	- ipsec-tools 1:0.5.2-1
CVE-2005-1452 (Serendipity before 0.8 allows Chief users to &quot;hide plugins installed ...)
	- serendipity 1.0-1
CVE-2005-1451 (The media manager in Serendipity before 0.8 allows remote attackers to ...)
	- serendipity 1.0-1
CVE-2005-1450 (Unknown vulnerability in &quot;the function used to validate path-names for ...)
	- serendipity 1.0-1
CVE-2005-1449 (Unknown vulnerability in serendipity_config_local.inc.php for ...)
	- serendipity 1.0-1
CVE-2005-1448 (Cross-site scripting (XSS) vulnerability in the BBCode plugin for ...)
	- serendipity 1.0-1
CVE-2005-1447 (PHP remote file inclusion vulnerability in main.php in SitePanel 2.6.1 ...)
	NOT-FOR-US: SitePanel
CVE-2005-1446 (SitePanel 2.6.1 and earlier (SitePanel2) allows remote attackers to ...)
	NOT-FOR-US: SitePanel
CVE-2005-1445 (Multiple directory traversal vulnerabilities in SitePanel 2.6.1 and ...)
	NOT-FOR-US: SitePanel
CVE-2005-1444 (Multiple cross-site scripting (XSS) vulnerabilities in SitePanel 2.6.1 ...)
	NOT-FOR-US: SitePanel
CVE-2005-1443 (Multiple cross-site scripting (XSS) vulnerabilities in index.php for ...)
	NOT-FOR-US: Invision Power Board
CVE-2005-1442 (Buffer overflow in the Lotus Notes client for Domino 6.5 before 6.5.4 ...)
	NOT-FOR-US: Lotus Domino
CVE-2005-1441 (Format string vulnerability in Lotus Domino 6.0.x before 6.0.5 and ...)
	NOT-FOR-US: Lotus Domino
CVE-2005-1440 (Multiple cross-site scripting (XSS) vulnerabilities in ViArt Shop ...)
	NOT-FOR-US: ViArt Shop
CVE-2005-1439 (Directory traversal vulnerability in attachments.php in osTicket ...)
	NOT-FOR-US: osTicket
CVE-2005-1438 (PHP remote file inclusion vulnerability in main.php in osTicket allows ...)
	NOT-FOR-US: osTicket
CVE-2005-1437 (Multiple SQL injection vulnerabilities in osTicket allow remote ...)
	NOT-FOR-US: osTicket
CVE-2005-1436 (Multiple cross-site scripting (XSS) vulnerabilities in osTicket allow ...)
	NOT-FOR-US: osTicket
CVE-2005-1435 (Open WebMail (OWM) before 2.51 20050430 allows remote authenticated ...)
	- openwebmail <removed>
CVE-2005-1434 (Multiple unknown vulnerabilities in OpenView Network Node Manager (OV ...)
	NOT-FOR-US: HP OpenView
CVE-2005-1433 (Multiple unknown vulnjerabilities HP OpenView Event Correlation ...)
	NOT-FOR-US: HP OpenView
CVE-2005-1432
	RESERVED
CVE-2005-1431 (The &quot;record packet parsing&quot; in GnuTLS 1.2 before 1.2.3 and 1.0 before ...)
	- gnutls11 1.0.16-13.1 (bug #309111; bug #307641)
CVE-2005-1430 (Mac OS X 10.3.x and earlier uses insecure permissions for a pseudo ...)
	NOT-FOR-US: Mac OS X
CVE-2005-1429 (SQL injection vulnerability in login.asp in WWWguestbook 1.1 allows ...)
	NOT-FOR-US: WWWguestbook
CVE-2005-1428 (edit_image.asp in Uapplication Uphotogallery allows remote attackers ...)
	NOT-FOR-US: Uapplication Uphotogallery
CVE-2005-1427 (Uapplication Uphotogallery stores the database under the web document ...)
	NOT-FOR-US: Uapplication Uphotogallery
CVE-2005-1426 (Uapplication Ublog Reload stores the database under the web document ...)
	NOT-FOR-US: Uapplication Ublog
CVE-2005-1425 (Uapplication Uguestbook stores the database under the web document ...)
	NOT-FOR-US: Uapplication Uguestbook
CVE-2005-1424 (StumbleInside GoText 1.01 stores sensitive username, mail address,and ...)
	NOT-FOR-US: GoText
CVE-2005-1423 (Directory traversal vulnerability in the mail program in 602LAN SUITE ...)
	NOT-FOR-US: 602 LAN SUITE
CVE-2005-1422 (Raysoft/Raybase Video Cam Server 1.0.0 beta allows remote attackers to ...)
	NOT-FOR-US: Raysoft Video Cam Server
CVE-2005-1421 (Directory traversal vulnerability in Raysoft/Raybase Video Cam Server ...)
	NOT-FOR-US: Raysoft Video Cam Server
CVE-2005-1420 (Raysoft/Raybase Video Cam Server 1.0.0 beta allows remote attackers to ...)
	NOT-FOR-US: Raysoft Video Cam Server
CVE-2005-1419 (SQL injection vulnerability in the admin login panel for Ocean12 ...)
	NOT-FOR-US: Ocean12 Mailing list manager
CVE-2005-1418 (NetLeaf Limited NotJustBrowsing 1.0.3 stores the View Lock Password in ...)
	NOT-FOR-US: Netleaf
CVE-2005-1417 (Multiple SQL injection vulnerabilities in MaxWebPortal 2.x, 1.35, and ...)
	NOT-FOR-US: MaxWebPortal
CVE-2005-1416 (Directory traversal vulnerability in 04WebServer 1.81 allows remote ...)
	NOT-FOR-US: 04WebServer
CVE-2005-1415 (Buffer overflow in GlobalSCAPE Secure FTP Server 3.0.2 allows remote ...)
	NOT-FOR-US: GlobalSCAPE Secure FTP Server
CVE-2005-1414 (ExoticSoft FilePocket 1.2 stores sensitive proxy information, ...)
	NOT-FOR-US: FilePocket
CVE-2005-1413 (Multiple SQL injection vulnerabilities in enVivo!CMS allow remote ...)
	NOT-FOR-US: enVivo
CVE-2005-1412 (SQL injection vulnerability in verify.asp for Ecomm Professional ...)
	NOT-FOR-US: ECommPro
CVE-2005-1411 (Cybration ICUII 7.0 stores passwords in plaintext in the ...)
	NOT-FOR-US: ICUII
CVE-2005-1410 (The tsearch2 module in PostgreSQL 7.4 through 8.0.x declares the (1) ...)
	- postgresql 7.4.7-6
CVE-2005-1409 (PostgreSQL 7.3.x through 8.0.x gives public EXECUTE access to certain ...)
	- postgresql 7.4.7-6
CVE-2005-1408 (Apple Keynote 2.0 and 2.0.1 allows remote attackers to read arbitrary ...)
	NOT-FOR-US: Apple
CVE-2005-1407 (Skype for Windows 1.2.0.0 to 1.2.0.46 allows local users to bypass the ...)
	NOT-FOR-US: Skype
CVE-2005-1406 (The kernel in FreeBSD 4.x to 4.11 and 5.x to 5.4 does not properly ...)
	- kfreebsd5-source 5.3-10
CVE-2005-1405 (HTTP response splitting vulnerability in the @SetHTTPHeader function ...)
	NOT-FOR-US: Lotus Domino
CVE-2005-1404 (MyPHP Forum 1.0 allows remote attackers to spoof the username by ...)
	NOT-FOR-US: MyPHP Forum
CVE-2005-1403 (Multiple cross-site scripting (XSS) vulnerabilities in JustWilliam's ...)
	NOT-FOR-US: JW Amazon Web Store
CVE-2005-1402 (Integer signedness error in certain older versions of the NeL library, ...)
	NOT-FOR-US: NeL libarary
CVE-2005-1401 (Format string vulnerability in the client for Mtp-Target 1.2.2 and ...)
	NOT-FOR-US: Mtp-Target
CVE-2005-1400 (The i386_get_ldt system call in FreeBSD 4.7 to 4.11 and 5.x to 5.4 ...)
	- kfreebsd5-source 5.3-10
CVE-2005-1399 (FreeBSD 4.6 to 4.11 and 5.x to 5.4 uses insecure default permissions ...)
	- kfreebsd5-source 5.3-10
CVE-2004-1778 (Skype 0.92.0.12 and 1.0.0.1 for Linux, and possibly other versions, ...)
	NOT-FOR-US: Skype
CVE-2004-1777 (A &quot;range check error&quot; in Skype for Windows before 0.98.0.28 allows ...)
	NOT-FOR-US: Skype
CVE-2005-1398 (phpcart.php in PHPCart 3.2 allows remote attackers to change product ...)
	NOT-FOR-US: PHPCart
CVE-2005-1397 (SQL injection vulnerability in search.php for PHP-Calendar before ...)
	NOT-FOR-US: PHPCalender
CVE-2005-1396 (Race condition in Ce/Ceterm (aka ARPUS/Ce) 2.5.4 and earlier allows ...)
	NOT-FOR-US: ARPUS Ceterm
CVE-2005-1395 (Buffer overflow in Ce/Ceterm (aka ARPUS/Ce) 2.5.4 and earlier may ...)
	NOT-FOR-US: ARPUS Ceterm
CVE-2005-1394 (Format string vulnerability in ArcGIS for ESRI ArcInfo Workstation 9.0 ...)
	NOT-FOR-US: ArcGIS
CVE-2005-1393 (Multiple buffer overflows in ArcGIS for ESRI ArcInfo Workstation 9.0 ...)
	NOT-FOR-US: ArcGIS
CVE-2005-1392 (The SQL install script in phpMyAdmin 2.6.2 is created with ...)
	- phpmyadmin <not-affected> (Only part of examples that an admin would need to modify anyway)
CVE-2005-1391 (Buffer overflow in the add_port function in APSIS Pound 1.8.2 and ...)
	{DSA-934-1}
	[sarge] - pound 1.8.2-1sarge1
	- pound 1.8.2-1.1 (bug #307852; bug #311548; medium)
CVE-2005-1390
	REJECTED
CVE-2005-1389
	REJECTED
CVE-2005-1388 (Cross-site scripting (XSS) vulnerability in SURVIVOR before 0.9.6 ...)
	NOT-FOR-US: SURVIVOR
CVE-2005-1387 (Cocktail 3.5.4 and possibly earlier in Mac OS X passes the ...)
	NOT-FOR-US: Mac OS X
CVE-2005-1386 (PHP-Nuke 7.6 and earlier allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: PHP-Nuke
CVE-2005-1385 (Safari 1.3 allows remote attackers to cause a denial of service ...)
	NOT-FOR-US: Safari
CVE-2005-1384 (Multiple SQL injection vulnerabilities in phpCoin 1.2.2 allow remote ...)
	NOT-FOR-US: phpCoin
CVE-2005-1383 (The OHS component 1.0.2 through 10.x, when UseWebcacheIP is disabled, ...)
	NOT-FOR-US: Oracle
CVE-2005-1382 (The webcacheadmin module in Oracle Webcache 9i allows remote attackers ...)
	NOT-FOR-US: Oracle
CVE-2005-1381 (Multiple cross-site scripting (XSS) vulnerabilities in Oracle Webcache ...)
	NOT-FOR-US: Oracle
CVE-2005-1380 (Cross-site scripting (XSS) vulnerability in BEA Admin Console 8.1 ...)
	NOT-FOR-US: BEA Weblogic
CVE-2005-1379 (The LAM runtime environment package (lam-runtime-7.0.6-2mdk) on ...)
	- lam <not-affected> (Mandrake specific packaging flaw)
CVE-2005-1378 (SQL injection vulnerability in posting_notes.php in the notes module ...)
	NOT-FOR-US: phpbb mod
CVE-2005-1377 (Multiple PHP remote file inclusion vulnerabilities in Claroline 1.5.3 ...)
	NOT-FOR-US: Claroline
CVE-2005-1376 (Multiple directory traversal vulnerabilities in (1) document.php or ...)
	NOT-FOR-US: Claroline
CVE-2005-1375 (Multiple SQL injection vulnerabilities in Claroline 1.5.3 through 1.6 ...)
	NOT-FOR-US: Claroline
CVE-2005-1374 (Multiple cross-site scripting (XSS) vulnerabilities in Claroline 1.5.3 ...)
	NOT-FOR-US: Claroline
CVE-2005-1373 (Multiple SQL injection vulnerabilities in index.php in Dream4 Koobi ...)
	NOT-FOR-US: Koobi CMS
CVE-2005-1372 (nvstatsmngr.exe process in BakBone NetVault 7.1 does not properly drop ...)
	NOT-FOR-US: NetVault
CVE-2005-1371 (BPFTPServer service in BulletProof FTP Server 2.4.0.31 does not ...)
	NOT-FOR-US: NetVault
CVE-2005-1370 (Unknown vulnerability in Radia Management Agent (RMA) in HP OpenView ...)
	NOT-FOR-US: HP OpenView
CVE-2005-1369 (The (1) it87 and (2) via686a drivers in I2C for Linux 2.6.x before ...)
	- kernel-source-2.4.27 <not-affected>
	- kernel-source-2.6.8 2.6.8-16
	- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.11.8)
CVE-2005-1368 (The key_user_lookup function in security/keys/key.c in Linux kernel ...)
	[sarge] - kernel-source-2.6.8 <not-affected>
	- kernel-source-2.4.27 <not-affected>
	- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.11.8)
CVE-2005-1367 (Pico Server (pServ) 3.2 and earlier allows local users to read ...)
	NOT-FOR-US: pServ
CVE-2005-1366 (Pico Server (pServ) 3.2 and earlier allows remote attackers to obtain ...)
	NOT-FOR-US: pServ
CVE-2005-1365 (Pico Server (pServ) 3.2 and earlier allows remote attackers to execute ...)
	NOT-FOR-US: pServ
CVE-2005-XXXX [Insecure mailbox generation in passwd's useradd]
	- shadow 4.0.8
	[sarge] - shadow <not-affected> (was introduced after version 4.0.3)
	[woody] - shadow <not-affected> (was introduced after version 4.0.3)
CVE-2005-1364 (Multiple SQL injection vulnerabilities in MetaBid Auctions allow ...)
	NOT-FOR-US: MetaBid Auctions
CVE-2005-1363 (Multiple SQL injection vulnerabilities in MetaCart 2.0 for PayFlow ...)
	NOT-FOR-US: MetaCart
CVE-2005-1362 (Multiple SQL injection vulnerabilities in MetaCart 2.0 for Paypal ...)
	NOT-FOR-US: MetaCart
CVE-2005-1361 (Multiple SQL injection vulnerabilities in MetaCart e-Shop 8.0 allow ...)
	NOT-FOR-US: MetaCart
CVE-2005-1360 (PHP remote file inclusion vulnerability in error.php in GrayCMS 1.1 ...)
	NOT-FOR-US: GrayCMS
CVE-2005-1359 (Cross-site scripting (XSS) vulnerability in text.cgi script allows ...)
	NOT-FOR-US: text.cgi
CVE-2005-1358 (text.cgi script allows remote attackers to execute arbitrary commands ...)
	NOT-FOR-US: text.cgi
CVE-2005-1357 (text.cgi script allows remote attackers to read arbitrary files via a ...)
	NOT-FOR-US: text.cgi
CVE-2005-1356 (Cross-site scripting (XSS) vulnerability in includer.cgi script in The ...)
	NOT-FOR-US: includer.cgi
CVE-2005-1355 (includer.cgi in The Includer allows remote attackers to read arbitrary ...)
	NOT-FOR-US: includer.cgi
CVE-2005-1354 (The forum.pl script allows remote attackers to execute arbitrary ...)
	NOT-FOR-US: forum.pl
CVE-2005-1353 (The forum.pl script allows remote attackers to read arbitrary files ...)
	NOT-FOR-US: forum.pl
CVE-2005-1352 (Cross-site scripting (XSS) vulnerability in the ad.cgi script allows ...)
	NOT-FOR-US: ad.cgi
CVE-2005-1351 (The ad.cgi script allows remote attackers to execute arbitrary ...)
	NOT-FOR-US: ad.cgi
CVE-2005-1350 (The ad.cgi script allows remote attackers to read arbitrary files via ...)
	NOT-FOR-US: ad.cgi
CVE-2005-1349 (Buffer overflow in Convert-UUlib (Convert::UUlib) before 1.051 allows ...)
	{DSA-727-1}
	- libconvert-uulib-perl 1.0.5.1
CVE-2005-1348 (Buffer overflow in HTTPMail in MailEnable Enterprise 1.04 and earlier ...)
	NOT-FOR-US: MailEnable
CVE-2005-1347 (** UNVERIFIABLE ** ...)
	NOT-FOR-US: acrobat
CVE-2005-1346 (Multiple Symantec AntiVirus products, including Norton AntiVirus 2005 ...)
	NOT-FOR-US: Symantec
CVE-2005-1345 (Squid 2.5.STABLE9 and earlier does not trigger a fatal error when it ...)
	{DSA-721-1}
	- squid 2.5.9-7
CVE-2005-1344 (Buffer overflow in htdigest in Apache 2.0.52 may allow attackers to ...)
	- apache2 2.0.54-3 (bug #322604)
CVE-2005-1343 (Stack-based buffer overflow in the VPN daemon (vpnd) for Mac OS X ...)
	NOT-FOR-US: vpnd for Mac OS X
CVE-2005-1342 (The x-man-page: URI handler for Apple Terminal 1.4.4 in Mac OS X ...)
	NOT-FOR-US: Apple Terminal
CVE-2005-1341 (Apple Terminal 1.4.4 allows attackers to execute arbitrary commands ...)
	NOT-FOR-US: Apple Terminal
CVE-2005-1340 (The HTTP proxy service in Server Admin for Mac OS X 10.3.9 does not ...)
	NOT-FOR-US: Mac OS X
CVE-2005-1339 (lukemftpd in Mac OS X 10.3.9 allows remote authenticated users to ...)
	- lukemftpd <not-affected> (our lukemftpd uses pw->pw_name when checking /etc/ftpchroot)
CVE-2005-1338 (Mac OS X 10.3.9, when using an LDAP server that does not use ...)
	NOT-FOR-US: Mac OS X
CVE-2005-1337 (Apple Help Viewer 2.0.7 and 3.0.0 in Mac OS X 10.3.9 allows remote ...)
	NOT-FOR-US: Mac OS X
CVE-2005-1336 (Buffer overflow in the Foundation framework for Mac OS X 10.3.9 allows ...)
	NOT-FOR-US: Mac OS X
CVE-2005-1335 (Unknown vulnerability in Mac OS X 10.3.9 allows local users to gain ...)
	NOT-FOR-US: Mac OS X
CVE-2005-1334
	REJECTED
CVE-2005-1333 (Directory traversal vulnerability in the Bluetooth file and object ...)
	NOT-FOR-US: Mac OS X
CVE-2005-1332 (Bluetooth-enabled systems in Mac OS X 10.3.9 enables the Bluetooth ...)
	NOT-FOR-US: Mac OS X
CVE-2005-1331 (The AppleScript Editor in Mac OS X 10.3.9 does not properly display ...)
	NOT-FOR-US: Mac OS X
CVE-2005-1330 (AppKit in Mac OS X 10.3.9 allows attackers to cause a denial of ...)
	NOT-FOR-US: Mac OS X
CVE-2005-1329 (owOfflineCC.asp in OneWorldStore allows remote attackers to obtain ...)
	NOT-FOR-US: OneWorldStore
CVE-2005-1328 (OneWorldStore allows remote attackers to cause a denial of service ...)
	NOT-FOR-US: OneWorldStore
CVE-2005-1327 (Cross-site scripting (XSS) vulnerability in pms.php for Woltlab ...)
	NOT-FOR-US: Woltlab Burning Board
CVE-2005-1326 (Buffer overflow in VooDoo cIRCle BOTNET before 1.0.33 allows remote ...)
	NOT-FOR-US: VooDoo cIRCle BOTNET
CVE-2005-1325 (set_lang.php in phpMyVisites 1.3 allows remote attackers to read and ...)
	NOT-FOR-US: phpMyVisites
CVE-2005-1324 (Multiple cross-site scripting (XSS) vulnerabilities in index.php for ...)
	NOT-FOR-US: phpMyVisites
CVE-2005-1323 (Buffer overflow in NetFtpd for NetTerm 5.1.1 and earlier allows remote ...)
	NOT-FOR-US: NetTerm
CVE-2005-1322 (Cross-site scripting (XSS) vulnerability in Horde Nag Task List ...)
	- nag 1.1-3.1 (bug #307173)
CVE-2005-1321 (Cross-site scripting (XSS) vulnerability in Horde Vacation module ...)
	- sork-vacation 2.2.2-1
CVE-2005-1320 (Cross-site scripting (XSS) vulnerability in Horde Mnemo Note Manager ...)
	- mnemo 1.1-2.1 (bug #307180)
	- mnemo2 <not-affected> (fixed before 2.1.1)
CVE-2005-1319 (Cross-site scripting (XSS) vulnerability in Horde IMP Webmail client ...)
	- imp4 <not-affected>
	- imp3 3.2.8-1 (bug #328218; low)
CVE-2005-1318 (Cross-site scripting (XSS) vulnerability in Horde Forwards E-Mail ...)
	- sork-forwards 2.2.2-1
CVE-2005-1317 (Cross-site scripting (XSS) vulnerability in Horde Chora module before ...)
	NOT-FOR-US: Hord Chora module
CVE-2005-1316 (Cross-site scripting (XSS) vulnerability in Horde Accounts module ...)
	- sork-accounts 2.1.2-1
CVE-2005-1315 (Cross-site scripting (XSS) vulnerability in Horde Turba module before ...)
	TODO: Maintainer wanted to check whether turba2 needs fixing as well, re-check with him
	- turba 1.2.5-1
CVE-2005-1314 (Cross-site scripting (XSS) vulnerability in Horde Kronolith module ...)
	- kronolith 1.1.4-1
CVE-2005-1313 (Cross-site scripting (XSS) vulnerability in Horde Passwd module before ...)
	- sork-passwd 2.2.2-1
CVE-2005-1312 (PHP remote file inclusion vulnerability in Yappa-NG before 2.3.2 ...)
	NOT-FOR-US: Yappa-NG
CVE-2005-1311 (Cross-site scripting (XSS) vulnerability in Yappa-NG before 2.3.2 ...)
	NOT-FOR-US: Yappa-NG
CVE-2005-1310 (SQL injection vulnerability in bBlog 0.7.4 allows remote attackers to ...)
	NOT-FOR-US: bBlog
CVE-2005-1309 (Cross-site scripting (XSS) vulnerability in bBlog 0.7.4 allows remote ...)
	NOT-FOR-US: bBlog
CVE-2005-1308 (SqWebMail allows remote attackers to inject arbitrary web script or ...)
	- courier <unfixed> (bug #307575; unimportant)
CVE-2005-1307 (The (1) stopserver.sh and (2) startserver.sh scripts in Adobe Version ...)
	NOT-FOR-US: Adobe Version Cue
CVE-2005-1306 (The Adobe Reader control in Adobe Reader and Acrobat 7.0 and 7.0.1 ...)
	NOT-FOR-US: Adobe Reader 7
CVE-2005-1305 (The hyper.cgi script allows remote attackers to read arbitrary files ...)
	NOT-FOR-US: hyper.cgi
CVE-2005-1304 (The citat.pl script allows remote attackers to execute arbitrary files ...)
	NOT-FOR-US: citat.pl
CVE-2005-1303 (The citat.pl script allows remote attackers to read arbitrary files ...)
	NOT-FOR-US: citat.pl
CVE-2005-1302 (SQL injection vulnerability in Confixx 3.08 and earlier allows remote ...)
	NOT-FOR-US: Confixx
CVE-2005-1301 (nProtect:Netizen 2005.3.17.1 does not properly verify that the update ...)
	NOT-FOR-US: nProtect:Netizen
CVE-2005-1300 (Cross-site scripting (XSS) vulnerability in the inserter.cgi script ...)
	NOT-FOR-US: inserter.cgi
CVE-2005-1299 (The inserter.cgi script allows remote attackers to execute arbitrary ...)
	NOT-FOR-US: inserter.cgi
CVE-2005-1298 (The inserter.cgi script allows remote attackers to read arbitrary ...)
	NOT-FOR-US: inserter.cgi
CVE-2005-1297 (Cross-site scripting (XSS) vulnerability in the include.cgi script ...)
	NOT-FOR-US: include.cgi
CVE-2005-1296 (include.cgi script allows remote attackers to execute arbitrary ...)
	NOT-FOR-US: include.cgi
CVE-2005-1295 (include.cgi script allows remote attackers to read arbitrary files via ...)
	NOT-FOR-US: include.cgi
CVE-2005-1294 (The affix_sock_register in the Affix Bluetooth Protocol Stack for ...)
	- affix-kernel 2.1.1-1.1
CVE-2005-1293 (Multiple SQL injection vulnerabilities in default.asp in StorePortal ...)
	NOT-FOR-US: StorePortal
CVE-2005-1292 (Multiple cross-site scripting (XSS) vulnerabilities in CartWIZ ASP ...)
	NOT-FOR-US: CartWIZ ASP Cart
CVE-2005-1291 (Multiple SQL injection vulnerabilities in CartWIZ ASP Cart allow ...)
	NOT-FOR-US: CartWIZ ASP Cart
CVE-2005-1290 (Multiple cross-site scripting (XSS) vulnerabilities in phpBB 2.0.14 ...)
	- phpbb2 2.0.13-6sarge1 (low)
CVE-2005-1289 (index.cgi in E-Cart 2004 1.1 and earlier allows remote attackers to ...)
	NOT-FOR-US: E-Cart
CVE-2005-1288 (inc_login_check.asp ACS Blog 0.8 through 1.1.3 allows remote attackers ...)
	NOT-FOR-US: ACS Blog
CVE-2005-1287 (Multiple SQL injection vulnerabilities in BK Forum 4.0 allow remote ...)
	NOT-FOR-US: BK Forum
CVE-2005-1286 (Unquoted Windows search path vulnerability in BitDefender 8 allows ...)
	NOT-FOR-US: Bitdefender
CVE-2005-1285 (Cross-site scripting (XSS) vulnerability in thread.php in WoltLab ...)
	NOT-FOR-US: Woltlab Burning Board
CVE-2005-1284 (The addnew script in Argosoft Mail Server Pro 1.8.7.6 allows remote ...)
	NOT-FOR-US: Argosoft Mail Server Pro
CVE-2005-1283 (Multiple directory traversal vulnerabilities in Argosoft Mail Server ...)
	NOT-FOR-US: Argosoft Mail Server Pro
CVE-2005-1282 (Multiple cross-site scripting (XSS) vulnerabilities in Argosoft Mail ...)
	NOT-FOR-US: Argosoft Mail Server Pro
CVE-2005-1281 (Ethereal 0.10.10 and earlier allows remote attackers to cause a denial ...)
	- ethereal 0.10.10-2
CVE-2005-1280 (The rsvp_print function in tcpdump 3.9.1 and earlier allows remote ...)
	- ethereal 0.10.10-2
	- tcpdump 3.8.3-4
CVE-2005-1279 (tcpdump 3.8.3 and earlier allows remote attackers to cause a denial of ...)
	{DSA-850-1}
	- tcpdump 3.8.3-4
CVE-2005-1278 (The isis_print function, as called by isoclns_print, in tcpdump 3.9.1 ...)
	- tcpdump 3.8.3-4 (bug #307920)
CVE-2005-1277
	REJECTED
CVE-2005-1276
	RESERVED
CVE-2005-1275 (Heap-based buffer overflow in the ReadPNMImage function in pnm.c for ...)
	- imagemagick 6:6.0.6.2-2.3 (bug #306424)
CVE-2005-1274 (Stack-based buffer overflow in the getIfHeader function in the WebDAV ...)
	- maxdb-7.5.00 7.5.00.24-3
CVE-2005-1273
	RESERVED
CVE-2005-1272 (Stack-based buffer overflow in the Backup Agent for Microsoft SQL ...)
	NOT-FOR-US: Backup Agent for Microsoft SQL
CVE-2005-1271
	REJECTED
CVE-2005-1270 (The (1) check_update.sh and (2) rkhunter script in Rootkit Hunter ...)
	- rkhunter 1.2.7-14 (medium)
CVE-2002-1658 (Buffer overflow in htdigest in Apache 1.3.26 and 1.3.27 may allow ...)
	- apache 1.3.31-1
CVE-2005-XXXX [Unspecified buffer overflow in Convert::UUlib perl module]
	- libconvert-uulib-perl 1.0.5.1-1
CVE-2005-1269 (Gaim before 1.3.1 allows remote attackers to cause a denial of service ...)
	{DSA-734-1}
	- gaim 1:1.3.1-1 (bug #315356; low)
CVE-2005-1268 (Off-by-one error in the mod_ssl Certificate Revocation List (CRL) ...)
	{DSA-805-1}
	- apache2 2.0.54-5 (bug #320048; bug #320063; bug #322613; low)
	- apache <not-affected> (Not affected, see #322613)
CVE-2005-1267 (The bgp_update_print function in tcpdump 3.x does not properly handle ...)
	{DSA-854-1}
	- tcpdump 3.9.0.cvs.20050614-1 (medium)
CVE-2005-1266 (Apache SpamAssassin 3.0.1, 3.0.2, and 3.0.3 allows remote attackers to ...)
	{DSA-736-2 DSA-736-1}
	- spamassassin 3.0.4-1 (bug #314447; medium)
CVE-2005-1265 (The mmap function in the Linux Kernel 2.6.10 can be used to create ...)
	{DSA-922-1}
	- linux-2.6 2.6.12-1
CVE-2005-1264 (Raw character devices (raw.c) in the Linux kernel 2.6.x call the wrong ...)
	- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.11.10)
	[sarge] - kernel-source-2.6.8 2.6.8-16
CVE-2005-1263 (The elf_core_dump function in binfmt_elf.c for Linux kernel 2.x.x to ...)
	- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.12-rc4)
	[sarge] - kernel-source-2.6.8 2.6.8-16
	[sarge] - kernel-source-2.4.27 2.4.27-10
	NOTE: believed not to be exploitable in 2.6 after all, re Greg K-H
CVE-2005-1262 (Gaim 1.2.1 and earlier allows remote attackers to cause a denial of ...)
	- gaim 1:1.2.1-1.1
CVE-2005-1261 (Stack-based buffer overflow in the URL parsing function in Gaim before ...)
	- gaim 1:1.2.1-1.1
CVE-2005-1260 (bzip2 allows remote attackers to cause a denial of service (hard drive ...)
	{DSA-741-1}
	- bzip2 1.0.2-7
CVE-2005-1259
	RESERVED
CVE-2005-1258
	RESERVED
CVE-2005-1257
	RESERVED
CVE-2005-1256 (Stack-based buffer overflow in the IMAP daemon (IMAPD32.EXE) in IMail ...)
	NOT-FOR-US: IMail
CVE-2005-1255 (Multiple stack-based buffer overflows in the IMAP server in IMail 8.12 ...)
	NOT-FOR-US: IMail
CVE-2005-1254 (Stack-based buffer overflow in the IMAP server for Ipswitch IMail 8.12 ...)
	NOT-FOR-US: IMail
CVE-2005-1253
	RESERVED
CVE-2005-1252 (Directory traversal vulnerability in the Web Calendaring server in ...)
	NOT-FOR-US: IMail
CVE-2005-1251
	RESERVED
CVE-2005-1250 (SQL injection vulnerability in the logon screen of the web front end ...)
	NOT-FOR-US: IpSwitch
CVE-2005-1249 (The IMAP daemon (IMAPD32.EXE) in Ipswitch Collaboration Suite (ICS) ...)
	NOT-FOR-US: IMail
CVE-2005-1248 (Buffer overflow in Apple iTunes before 4.8 allows remote attackers to ...)
	NOT-FOR-US: Apple iTunes
CVE-2005-1247 (webadmin.exe in Novell Nsure Audit 1.0.1 allows remote attackers to ...)
	NOT-FOR-US: Novell Nsure Audit
CVE-2005-1246 (Format string vulnerability in the snmppd_log function in ...)
	NOT-FOR-US: snmppd
CVE-2005-XXXX [Multiple security problems in Quake 2]
	NOTE: this release added lots of warnings about the security problems
	- quake2 1:0.3-1.1
CVE-2005-1245 (Cross-site scripting (XSS) vulnerability in MediaWiki before 1.4.2, ...)
	- mediawiki 1.4.9 (bug #276057)
CVE-2005-1244 (** DISPUTED ** ...)
	NOT-FOR-US: AS/400 FTP server addon
CVE-2005-1243 (Directory traversal vulnerability in the third party tool from ...)
	NOT-FOR-US: AS/400 FTP server addon
CVE-2005-1242 (Directory traversal vulnerability in the third party tool from Bsafe, ...)
	NOT-FOR-US: AS/400 FTP server addon
CVE-2005-1241 (Directory traversal vulnerability in the third party tool from ...)
	NOT-FOR-US: AS/400 FTP server addon
CVE-2005-1240 (Directory traversal vulnerability in the third party tool from ...)
	NOT-FOR-US: AS/400 FTP server addon
CVE-2005-1239 (Directory traversal vulnerability in the third party tool from ...)
	NOT-FOR-US: AS/400 FTP server addon
CVE-2005-1238 (By design, the built-in FTP server for iSeries AS/400 systems does not ...)
	NOT-FOR-US: AS/400 FTP server
CVE-2005-1237 (SQL injection vulnerability in news.php in FlexPHPNews 0.0.3 allows ...)
	NOT-FOR-US: FlexPHPNews
CVE-2005-1236 (Multiple SQL injection vulnerabilities in DUware DUportal 3.1.2 and ...)
	NOT-FOR-US: DUPortal
CVE-2005-1235 (auction_my_auctions.php in phpbb-Auction 1.2m and earlier allows ...)
	NOT-FOR-US: phpbb-Auction
CVE-2005-1234 (Multiple SQL injection vulnerabilities in phpbb-Auction allow remote ...)
	NOT-FOR-US: phpbb-Auction
CVE-2005-1233 (Cross-site scripting (XSS) vulnerability in index.php in PHP Labs ...)
	NOT-FOR-US: PHP Labs proFile
CVE-2005-1232 (Buffer overflow in Sun Java System Web Proxy Server (aka Sun ONE Proxy ...)
	NOT-FOR-US: Sun ONE Proxy Server
CVE-2005-1231 (Cross-site scripting (XSS) vulnerability in the NewTerm function in ...)
	NOT-FOR-US: JAWS
CVE-2005-1230 (Directory traversal vulnerability in Yawcam 0.2.5 allows remote ...)
	NOT-FOR-US: Yawcan
CVE-2005-1229 (Directory traversal vulnerability in cpio 2.6 and earlier allows ...)
	{DSA-846-1}
	- cpio 2.6-6 (bug #306693; medium)
CVE-2005-1228 (Directory traversal vulnerability in gunzip -N in gzip 1.2.4 through ...)
	{DSA-752-1}
	- gzip 1.3.5-10
CVE-2005-1227 (Cross-site scripting (XSS) vulnerability in PHProjekt 4.2 and earlier ...)
	NOT-FOR-US: PHPProjekt
CVE-2005-1226 (Coppermine Photo Gallery 1.3.2 stores passwords in plaintext, which ...)
	NOT-FOR-US: Coppermine Photo Gallery
CVE-2005-1225 (SQL injection vulnerability in Coppermine Photo Gallery 1.3.2 allows ...)
	NOT-FOR-US: Coppermine Photo Gallery
CVE-2005-1224 (Multiple SQL injection vulnerabilities in DUware DUportal Pro 3.4 ...)
	NOT-FOR-US: DUPortal
CVE-2005-1223 (Multiple SQL injection vulnerabilities in Ocean12 Calendar manager ...)
	NOT-FOR-US: Ocean12 Calender manager
CVE-2005-1222 (cat_for_gen.php in Annuaire Netref 4.2 allows remote attackers to ...)
	NOT-FOR-US: Annuaire Netref
CVE-2005-1221 (SQL injection vulnerability in login.asp for Ecommerce-Carts EcommPro ...)
	NOT-FOR-US: ECommPro
CVE-2005-1220 (Shoutbox SCRIPT 3.0.2 and earlier allows remote attackers to obtain ...)
	NOT-FOR-US: Shoutbox
CVE-2005-1219 (Buffer overflow in the Microsoft Color Management Module for Windows ...)
	NOT-FOR-US: Microsoft Color Management Module
CVE-2005-1218 (The Microsoft Windows kernel in Microsoft Windows 2000 Server, Windows ...)
	NOT-FOR-US: Microsoft Color Management Module
CVE-2005-1217
	RESERVED
CVE-2005-1216 (Microsoft ISA Server 2000 allows remote attackers to connect to ...)
	NOT-FOR-US: Microsoft
CVE-2005-1215 (Microsoft ISA Server 2000 allows remote attackers to poison the ISA ...)
	NOT-FOR-US: Microsoft
CVE-2005-1214 (Microsoft Agent allows remote attackers to spoof trusted Internet ...)
	NOT-FOR-US: Microsoft
CVE-2005-1213 (Stack-based buffer overflow in the news reader for Microsoft Outlook ...)
	NOT-FOR-US: Microsoft
CVE-2005-1212 (Buffer overflow in Microsoft Step-by-Step Interactive Training ...)
	NOT-FOR-US: Microsoft
CVE-2005-1211 (Buffer overflow in the PNG image rendering component of Microsoft ...)
	NOT-FOR-US: Microsoft
CVE-2005-1210
	RESERVED
CVE-2005-1209
	RESERVED
CVE-2005-1208 (Integer overflow in Microsoft Windows 98, 2000, XP SP2 and earlier, ...)
	NOT-FOR-US: Microsoft
CVE-2005-1207 (Buffer overflow in the Web Client service in Microsoft Windows XP and ...)
	NOT-FOR-US: Microsoft
CVE-2005-1206 (Buffer overflow in the Server Message Block (SMB) functionality for ...)
	NOT-FOR-US: Microsoft
CVE-2005-1205 (The Telnet client for Microsoft Windows XP, Windows Server 2003, and ...)
	NOT-FOR-US: Microsoft
CVE-2002-1657 (PostgreSQL uses the username for a salt when generating passwords, ...)
	- postgresql <unfixed> (unimportant)
	NOTE: This is not a real world problem; it's only applicable in rare circurstances
	NOTE: like someone analysing stolen user database information and even then the gain
	NOTE: is slim. In that case SHA256 hashes would be more appropriate anyway.
CVE-2005-XXXX [libpam-ssh: Inproper caching of pwd data with potential security implications]
	- libpam-ssh 1.91.0-9
CVE-2005-1204 (Desktop Rover 3.0, and possibly earlier versions, allows remote ...)
	NOT-FOR-US: Desktop Rover
CVE-2005-1203 (Multiple SQL injection vulnerabilities in index.php in eGroupware ...)
	- egroupware 1.0.0.007-2.dfsg-1
CVE-2005-1202 (Multiple cross-site scripting (XSS) vulnerabilities in eGroupware ...)
	- egroupware 1.0.0.007-2.dfsg-1
CVE-2005-1201 (Multiple directory traversal vulnerabilities in AZ Bulletin board ...)
	NOT-FOR-US: AZbb
CVE-2005-1200 (PHP remote file inclusion vulnerability in main_index.php in AZ ...)
	NOT-FOR-US: AZbb
CVE-2005-1199 (SQL injection vulnerability in printthread.php in UBB.Threads allows ...)
	NOT-FOR-US: UBB.threads
CVE-2005-1198 (Directory traversal vulnerability in apexec.pl for Anaconda Foundation ...)
	NOT-FOR-US: Anaconda Foundation Directory
CVE-2005-1197 (SQL injection vulnerability in the ...)
	NOT-FOR-US: Oracle
CVE-2005-1196 (SQL injection vulnerability in kb.php in the Knowledge Base module for ...)
	NOT-FOR-US: PHPBB Knowledgebase Mod
CVE-2005-1195 (Multiple heap-based buffer overflows in the code used to handle (1) ...)
	- xine-lib 1.0.1-1
CVE-2005-1194 (Stack-based buffer overflow in the ieee_putascii function for nasm ...)
	- nasm 0.98.38-1.2 (bug #309049)
CVE-2005-1193 (The bbencode_second_pass and make_clickable functions in bbcode.php ...)
	- phpbb2 2.0.13-6sarge1 (medium)
CVE-2005-1192 (Unknown vulnerability in HP-UX B.11.00, B.11.04, B.11.11, B.11.22, and ...)
	NOT-FOR-US: HP-UX
CVE-2004-1776 (Cisco IOS 12.1(3) and 12.1(3)T allows remote attackers to read and ...)
	NOT-FOR-US: Cisco
CVE-2004-1775 (Cisco VACM (View-based Access Control MIB) for Catalyst Operating ...)
	NOT-FOR-US: Cisco
CVE-2003-1132 (The DNS server for Cisco Content Service Switch (CSS) 11000 and 11500, ...)
	NOT-FOR-US: Cisco
CVE-2001-1476 (SSH before 2.0, with RC4 encryption and the &quot;disallow NULL passwords&quot; ...)
	NOT-FOR-US: Commercial SSH
CVE-2001-1475 (SSH before 2.0, when using RC4 and password authentication, allows ...)
	NOT-FOR-US: Commercial SSH
CVE-2001-1474 (SSH before 2.0 disables host key checking when connecting to the ...)
	NOT-FOR-US: Commercial SSH
CVE-2001-1473 (The SSH-1 protocol allows remote servers conduct man-in-the-middle ...)
	NOTE: SSH1 protocol design flaw issue, proper fix is to use the SSH2 protocol.
CVE-2001-1472 (SQL injection vulnerability in prefs.php in phpBB 1.4.0 and 1.4.1 ...)
	- phpbb2 2.0.6c-1
CVE-2001-1471 (prefs.php in phpBB 1.4.0 and earlier allows remote authenticated users ...)
	- phpbb2 2.0.6c-1
CVE-2001-1470 (The IDEA cipher as implemented by SSH1 does not protect the final ...)
	NOT-FOR-US: SSH1 protocol design flaw issue, proper fix is to use the SSH2 protocol
CVE-2001-1469 (The RC4 stream cipher as used by SSH1 allows remote attackers to ...)
	NOT-FOR-US: SSH1 protocol design flaw issue, proper fix is to use the SSH2 protocol
CVE-2001-1468 (PHP remote file inclusion vulnerability in checklogin.php in ...)
	NOT-FOR-US: phpSecurePages
CVE-2001-1467 (mkpasswd in expect 5.2.8, as used by Red Hat Linux 6.2 through 7.0, ...)
	- expect <not-affected> (in expect 5.42.1, mkpasswd does not seed by pid)
	NOTE: doesn't seem to seed at all; my tests indicate it generates no dups in
	NOTE: some 100000 passwords.
CVE-2001-1466 (Buffer overflow in VanDyke SecureCRT before 3.4.2, when using the ...)
	NOT-FOR-US: VanDyke SecureCRT
CVE-2001-1465 (SurfControl SuperScout only filters packets containing both an HTTP ...)
	NOT-FOR-US: SurfControl SuperScout
CVE-2001-1464 (Crystal Reports, when displaying data for a password protected ...)
	NOT-FOR-US: Crystal Reports
CVE-2001-1463 (The remote admimnistration client for RhinoSoft Serv-U 3.0 sends the ...)
	NOT-FOR-US: RhinoSoft Serv-U
CVE-2001-1462 (WebID in RSA Security SecurID 5.0 as used by ACE/Agent for Windows, ...)
	NOT-FOR-US: RSA Security SecurID
CVE-2001-1461 (Directory traversal vulnerability in WebID in RSA Security SecurID 5.0 ...)
	NOT-FOR-US: RSA Security SecurID
CVE-2001-1460 (SQL injection vulnerability in article.php in PostNuke 0.62 through ...)
	NOT-FOR-US: PostNuke
CVE-2001-1459 (OpenSSH 2.9 and earlier does not initiate a Pluggable Authentication ...)
	- openssh 1:3.0.1p1-1
CVE-2001-1458 (Directory traversal vulnerability in Novell GroupWise 5.5 and 6.0 ...)
	NOT-FOR-US: Novell Groupwise
CVE-2001-1457 (Buffer overflow in CrazyWWWBoard 2000p4 and 2000LEp5 allows remote ...)
	NOT-FOR-US: CrazyWWWBoard
CVE-2001-1456 (Buffer overflow in the (1) smap/smapd and (2) CSMAP daemons for ...)
	NOT-FOR-US: Gauntlet Firewall
CVE-2001-1455 (Netegrity SiteMinder 3.6 through 4.5.1 allows remote attackers to ...)
	NOT-FOR-US: Netegrity SiteMinder
CVE-2001-1454 (Buffer overflow in MySQL before 3.23.33 allows remote attackers to ...)
	- mysql-dfsg 3.23.33-1
CVE-2001-1453 (Buffer overflow in libmysqlclient.so in MySQL 3.23.33 and earlier ...)
	- mysql-dfsg 3.23.33-1
CVE-2001-1452 (By default, DNS servers on Windows NT 4.0 and Windows 2000 Server ...)
	NOT-FOR-US: Windows
CVE-2001-1451 (Memory leak in the SNMP LAN Manager (LANMAN) MIB extension for ...)
	NOT-FOR-US: Windows
CVE-2001-1450 (Microsoft Internet Explorer 5.0 through 6.0 allows attackers to cause ...)
	NOT-FOR-US: Windows
CVE-2001-1449 (The default installation of Apache before 1.3.19 on Mandrake Linux 7.1 ...)
	- apache <not-affected> (Mandrake specific packaging flaw)
CVE-2001-1448 (Magic eDeveloper Enterprise Edition 8.30-5 and earlier allows local ...)
	NOT-FOR-US: Magic eDeveloper
CVE-2001-1447 (NetInfo Manager for Mac OS X 10.0 through 10.1 allows local users to ...)
	NOT-FOR-US: Windows
CVE-2001-1446 (Find-By-Content in Mac OS X 10.0 through 10.0.4 creates world-readable ...)
	NOT-FOR-US: MacOS X
CVE-2001-1445 (Unknown vulnerability in the SMTP server in Lotus Domino 5.0 through ...)
	NOT-FOR-US: Lotus Domino
CVE-2001-1444 (The Kerberos Telnet protocol, as implemented by KTH Kerberos IV and ...)
	NOT-FOR-US: Generic protocol flaw
CVE-2001-1443 (KTH Kerberos IV and Kerberos V (Heimdal) for Telnet clients do not ...)
	NOT-FOR-US: Generic protocol flaw
CVE-2001-1442 (Buffer overflow in innfeed for ISC InterNetNews (INN) before 2.3.0 ...)
	- inn2 2.3.3+20020922-1
	- innfeed 0.10.1.7-7
CVE-2001-1441 (Cross-site scripting (XSS) vulnerability in VisualAge for Java 3.5 ...)
	NOT-FOR-US: VisualAge for Java
CVE-2001-1440 (Unknown vulnerability in login for AIX 5.1L, when using loadable ...)
	NOT-FOR-US: AIX
CVE-2001-1439 (Buffer overflow in the text editor functionality in HP-UX 10.01 ...)
	NOT-FOR-US: HP-UX
CVE-2001-1438 (Handspring Visor 1.0 and 1.0.1 with the VisorPhone Springboard module ...)
	NOT-FOR-US: Handspring Visor
CVE-2001-1437 (easyScripts easyNews 1.5 allows remote attackers to obtain the full ...)
	NOT-FOR-US: easyScripts easyNews
CVE-2001-1436 (Dallas Semiconductor iButton DS1991 returns predictable values when ...)
	NOT-FOR-US: Dallas Semiconductor iButton DS1991
CVE-2001-1435 (inetd in Compaq Tru64 UNIX 5.1 allows attackers to cause a denial of ...)
	NOT-FOR-US: Tru64 UNIX
CVE-2001-1434 (Cisco IOS 12.0(5)XU through 12.1(2) allows remote attackers to read ...)
	NOT-FOR-US: IOS
CVE-2000-1223 (quikstore.cgi in Quikstore Shopping Cart allows remote attackers to ...)
	NOT-FOR-US: Quikstore Shopping Cart
CVE-2000-1222 (AIX sysback before 4.2.1.13 uses a relative path to find and execute ...)
	NOT-FOR-US: AIX
CVE-2000-1221 (The line printer daemon (lpd) in the lpr package in multiple Linux ...)
	- lpr 1:0.48-1
CVE-2000-1220 (The line printer daemon (lpd) in the lpr package in multiple Linux ...)
	- lpr 1:0.48-1
CVE-2000-1219 (The -ftrapv compiler option in gcc and g++ 3.3.3 and earlier does not ...)
	- gcc-3.3 1:3.3.4-1
CVE-2000-1218 (The default configuration for the domain name resolver for Microsoft ...)
	NOT-FOR-US: Windows
CVE-2000-1217 (Microsoft Windows 2000 before Service Pack 2 (SP2), when running in a ...)
	NOT-FOR-US: Windows
CVE-2000-1216 (Buffer overflow in portmir for AIX 4.3.0 allows local users to corrupt ...)
	NOT-FOR-US: AIX
CVE-2000-1215 (The default configuration of Lotus Domino server 5.0.8 includes system ...)
	NOT-FOR-US: Lotus Domino
CVE-1999-1583 (Buffer overflow in nslookup for AIX 4.3 allows local users to execute ...)
	NOT-FOR-US: AIX
CVE-1999-1582 (By design, the &quot;established&quot; command on the Cisco PIX firewall allows ...)
	NOT-FOR-US: Cisco
CVE-1999-1581 (Memory leak in Simple Network Management Protocol (SNMP) agent ...)
	NOT-FOR-US: Windows
CVE-1999-1580 (SunOS sendmail 5.59 through 5.65 uses popen to process a forwarding ...)
	- sendmail <not-affected> (Sun-specific)
CVE-1999-1579 (The Cenroll ActiveX control (xenroll.dll) for Terminal Server Editions ...)
	NOT-FOR-US: Windows
CVE-1999-1578 (Buffer overflow in Registration Wizard ActiveX control (regwizc.dll, ...)
	NOT-FOR-US: Windows
CVE-1999-1577 (Buffer overflow in HHOpen ActiveX control (hhopen.ocx) 1.0.0.1 for ...)
	NOT-FOR-US: Windows
CVE-1999-1576 (Buffer overflow in Adobe Acrobat ActiveX control (pdf.ocx, ...)
	NOT-FOR-US: Acrobat Reader
CVE-1999-1575 (The Kodak/Wang (1) Image Edit (imgedit.ocx), (2) Image Annotation ...)
	NOT-FOR-US: Kodak/Wang tools for IE
CVE-1999-1574 (Buffer overflow in the lex routines of nslookup for AIX 4.3 may allow ...)
	NOT-FOR-US: AIX
CVE-1999-1573 (Multiple unknown vulnerabilities in the &quot;r-cmnds&quot; (1) remshd, (2) ...)
	NOT-FOR-US: HP-UX
CVE-2005-1191 (The Web View DLL (webvw.dll), as used in Windows Explorer on Windows ...)
	NOT-FOR-US: Windows
CVE-2005-1190 (WebcamXP PRO v2.16.468 and earlier allows remote attackers to cause a ...)
	NOT-FOR-US: WebcamXP
CVE-2005-1189 (Cross-site scripting (XSS) vulnerability in WebcamXP PRO v2.16.468 and ...)
	NOT-FOR-US: WebcamXP
CVE-2005-1188 (Cross-site scripting (XSS) vulnerability in comersus_searchItem.asp in ...)
	NOT-FOR-US: ComersusCart
CVE-2005-1187 (Heap-based buffer overflow in WinHex 12.05 SR-14, and possibly other ...)
	NOT-FOR-US: WinHex
CVE-2005-1186 (Musicmatch Jukebox 10.00.2047 and earlier adds the musicmatch.com ...)
	NOT-FOR-US: Musicmatch
CVE-2005-1185 (Unquoted Windows search path vulnerability in Musicmatch Jukebox ...)
	NOT-FOR-US: Musicmatch
CVE-2005-1184 (The TCP/IP stack in multiple operating systems allows remote attackers ...)
	NOT-FOR-US: Apparently bogus report. at least on Linux it couldn't be reproduced
CVE-2005-1183 (Cross-site scripting (XSS) vulnerability in mvnForum 1.0 RC4 allows ...)
	NOT-FOR-US: mvnForum
CVE-2005-1182 (Unknown vulnerability in Incoming Remote Command (iSeries Access for ...)
	NOT-FOR-US: iSeries OS
CVE-2005-1181 (** DISPUTED ** ...)
	NOT-FOR-US: Ariadne CMS
CVE-2005-1180 (HTTP Response Splitting vulnerability in the Surveys module in ...)
	NOT-FOR-US: PHP-Nuke
CVE-2005-1179 (Unknown vulnerability in Xerox MicroServer Web Server for various ...)
	NOT-FOR-US: Xerox
CVE-2005-1178 (SQL injection vulnerability in Oracle Forms 10g allows remote ...)
	NOT-FOR-US: Oracle
CVE-2005-1177 (Unknown vulnerability in (1) Webmin and (2) Usermin before 1.200 ...)
	- webmin <not-affected>
	NOTE: I haven't found further information on this, but this appears to only
	NOTE: affect non-Debian setups
CVE-2005-1176 (Race condition in JFS2 on AIX 5.2 and 5.3, when deleting a file while ...)
	NOT-FOR-US: AIX
CVE-2005-1175 (Heap-based buffer overflow in the Key Distribution Center (KDC) in MIT ...)
	{DSA-757-1}
	- krb5 1.3.6-4 (bug #318437; medium)
CVE-2005-1174 (MIT Kerberos 5 (krb5) 1.3 through 1.4.1 Key Distribution Center (KDC) ...)
	{DSA-757-1}
	- krb5 1.3.6-4 (bug #318437; medium)
CVE-2004-1774 (Buffer overflow in the SDO_CODE_SIZE peocedure of the MD2 package ...)
	NOT-FOR-US: Oracle
CVE-2005-1173 (Buffer overflow in PMSoftware Simple Web Server 1.0 allows remote ...)
	NOT-FOR-US: PMSoftware Simple Web Server
CVE-2005-1172 (Cross-site scripting (XSS) vulnerability in init.inc.php in Coppermine ...)
	NOT-FOR-US: Coppermine Photo Gallery
CVE-2005-1171 (Cross-site scripting (XSS) vulnerability in mod.php in the datenbank ...)
	NOT-FOR-US: moddb phpbb2 add-on
CVE-2005-1170 (SQL injection vulnerability in mod.php in the datenbank module for ...)
	NOT-FOR-US: moddb phpbb2 add-on
CVE-2005-1169 (Mafia Blog .4 BETA does not properly protect the admin directory, ...)
	NOT-FOR-US: Mafia Blog
CVE-2005-1168 (DiagCollectionControl.dll in Musicmatch 10.00.2047 and earlier allows ...)
	NOT-FOR-US: Musicmatch
CVE-2005-1167 (Musicmatch 10.00.2047 and earlier store log files in the Program Files ...)
	NOT-FOR-US: Musicmatch
CVE-2005-1166 (The DNTUS26 process in Dameware NT Utilities and the DWRCS process in ...)
	NOT-FOR-US: Dameware
CVE-2005-1165 (Yager 5.24 and earlier allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Yager game
CVE-2005-1164 (Yager 5.24 and earlier allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Yager game
CVE-2005-1163 (Multiple buffer overflows in Yager 5.24 and earlier allow remote ...)
	NOT-FOR-US: Yager game
CVE-2005-1162 (Multiple cross-site scripting (XSS) vulnerabilities in OneWorldStore ...)
	NOT-FOR-US: OneWorldStore
CVE-2005-1161 (Multiple SQL injection vulnerabilities in OneWorldStore allow remote ...)
	NOT-FOR-US: OneWorldStore
CVE-2005-1160 (The privileged &quot;chrome&quot; UI code in Firefox before 1.0.3 and Mozilla ...)
	{DSA-781-1}
	- mozilla-firefox 1.0.3-1
	- mozilla 2:1.7.7-1
	- mozilla-thunderbird 1.0.6-1 (bug #318728; high)
CVE-2005-1159 (The native implementations of InstallTrigger and other functions in ...)
	{DSA-781-1}
	- mozilla-firefox 1.0.3-1
	- mozilla 2:1.7.7-1
	- mozilla-thunderbird 1.0.6-1 (bug #318728; medium)
CVE-2005-1158 (Multiple &quot;missing security checks&quot; in Firefox before 1.0.3 allow ...)
	- mozilla-firefox 1.0.3-1
CVE-2005-1157 (Firefox before 1.0.3, Mozilla Suite before 1.7.7, and Netscape 7.2 ...)
	- mozilla-firefox 1.0.3-1
	- mozilla 2:1.7.7-1
CVE-2005-1156 (Firefox before 1.0.3, Mozilla Suite before 1.7.7, and Netscape 7.2 ...)
	- mozilla-firefox 1.0.3-1
	- mozilla 2:1.7.7-1
CVE-2005-1155 (The favicon functionality in Firefox before 1.0.3 and Mozilla Suite ...)
	- mozilla-firefox 1.0.3-1
	- mozilla 2:1.7.7-1
CVE-2005-1154 (Firefox before 1.0.3 and Mozilla Suite before 1.7.7 allows remote ...)
	- mozilla-firefox 1.0.3-1
	- mozilla 2:1.7.7-1
CVE-2005-1153 (Firefox before 1.0.3 and Mozilla Suite before 1.7.7, when blocking a ...)
	- mozilla-firefox 1.0.3-1
	- mozilla 2:1.7.7-1
CVE-2005-1152 (popauth.c in qpopper 4.0.5 and earlier does not properly set the ...)
	{DSA-728-1}
	- qpopper 4.0.5-4sarge1
CVE-2005-1151 (qpopper 4.0.5 and earlier does not properly drop privileges before ...)
	{DSA-728-1}
	- qpopper 4.0.5-4sarge1
CVE-2005-1150 (Unknown vulnerability in Sun Java System Web Server 6.0 SP7 and ...)
	NOT-FOR-US: Sun Java
CVE-2005-1149 (SQL injection vulnerability in admin/login.asp in aspclick.it ACNews ...)
	NOT-FOR-US: ACNews
CVE-2005-1148 (calendar.pl in CalendarScript 3.21 allows remote attackers to obtain ...)
	NOT-FOR-US: CalenderScript
CVE-2005-1147 (calendar.pl in CalendarScript 3.20 allows remote attackers to obtain ...)
	NOT-FOR-US: CalenderScript
CVE-2005-1146 (** DISPUTED ** ...)
	NOT-FOR-US: CalenderScript
CVE-2005-1145 (** DISPUTED ** ...)
	NOT-FOR-US: CalenderScript
CVE-2005-1144 (popup.php in EasyPHPCalendar before 6.2.8 allows remote attackers to ...)
	NOT-FOR-US: EasyPHPCalender
CVE-2005-1143 (Cross-site scripting (XSS) vulnerability in index.php in ...)
	NOT-FOR-US: EasyPHPCalender
CVE-2005-1142 (Heap-based buffer overflow in the readpgm function in pnm.c for GOCR ...)
	- gocr 0.39-5
CVE-2005-1141 (Integer overflow in the readpgm function in pnm.c for GOCR 0.40, when ...)
	- gocr 0.39-5
CVE-2005-1140 (Cross-site scripting (XSS) vulnerability in myBloggie 2.1.1 allows ...)
	NOT-FOR-US: MyBloggie
CVE-2005-1139 (Opera 8 Beta 3, when using first-generation vetted digital ...)
	NOT-FOR-US: Opera
CVE-2005-1138 (Unknown vulnerability in WebMail in Kerio MailServer before 6.0.9 ...)
	NOT-FOR-US: Kerio
CVE-2005-1137 (Simple PHP Blog (sphpBlog) 0.4.0 allows remote attackers to obtain ...)
	NOT-FOR-US: sphpBlog
CVE-2005-1136 (Simple PHP Blog (sphpBlog) 0.4.0 stores the (1) password.txt and (2) ...)
	NOT-FOR-US: sphpBlog
CVE-2005-1135 (Cross-site scripting (XSS) vulnerability in search.php for Simple PHP ...)
	NOT-FOR-US: sphpBlog
CVE-2005-1134 (SQL injection vulnerability in exit.php for Serendipity 0.8 and ...)
	NOT-FOR-US: Serendipity
CVE-2005-1133 (The POP3 server in IBM iSeries AS/400 returns different error messages ...)
	NOT-FOR-US: AS/400 system software
CVE-2005-1132 (LG U8120 mobile phone allows remote attackers to cause a denial of ...)
	NOT-FOR-US: LG mobile phone
CVE-2005-1131 (Unknown vulnerability in Veritas i3 Focalpoint Server 7.1 and earlier ...)
	NOT-FOR-US: Veritas Focalpoint Server
CVE-2005-1130 (Cross-site scripting (XSS) vulnerability in index.php in Pinnacle Cart ...)
	NOT-FOR-US: PinnacleCart
CVE-2005-1129 (eGroupWare 1.0.6 and earlier, when an e-mail is composed with an ...)
	- egroupware 1.0.0.007-2.dfsg-1
CVE-2005-1128 (Multiple SQL injection vulnerabilities in VHCS 2.4 and earlier allow ...)
	NOT-FOR-US: VHCS
CVE-2005-1127 (Format string vulnerability in the log function in Net::Server 0.87 ...)
	{DSA-1122 DSA-1121}
	- libnet-server-perl 0.89-1 (bug #378640)
	NOTE: Net::Server was already fixed in 0.87-1, although the changelog doesn't mention
	NOTE: the security implication, which was noticed later. I've verified both fixes
	NOTE: are identical
	NOTE: but DSA-1122 thinks it was fixed in 0.89-1, so mark that version to make
	NOTE: scripts happy (at time of writing, 0.90-1 is in testing)
	- postgrey 1.22-1
CVE-2005-1126 (The SIOCGIFCONF ioctl (ifconf function) in FreeBSD 4.x through 4.11 ...)
	NOT-FOR-US: Free BSD
CVE-2005-1125 (Race condition in libsafe 2.0.16 and earlier, when running in ...)
	- libsafe <removed>
CVE-2005-1124 (Unknown vulnerability in the libgss Generic Security Services Library ...)
	NOT-FOR-US: Solaris
CVE-2005-1123 (Monkey daemon (monkeyd) before 0.9.1 allows remote attackers to cause ...)
	NOT-FOR-US: monkeyd
CVE-2005-1122 (Format string vulnerability in cgi.c for Monkey daemon (monkeyd) ...)
	NOT-FOR-US: monkeyd
CVE-2005-1121 (Format string vulnerability in the my_xlog function in lib.c for Oops! ...)
	{DSA-726-1}
	- oops 1.5.23.cvs-2.2 (bug #307360; high)
CVE-2005-1120 (Multiple cross-site scripting (XSS) vulnerabilities in IlohaMail ...)
	- ilohamail 0.8.14-0rc3sarge1 (bug #304525; medium)
CVE-2005-1119 (Sudo VISudo 1.6.8 and earlier allows local users to corrupt arbitrary ...)
	- sudo <unfixed> (bug #283161; unimportant)
	NOTE: That's a policy violation, but not a security problem
CVE-2005-1118 (Cross-site scripting (XSS) vulnerability in IISWebAgentIF.dll in the ...)
	NOT-FOR-US: RSA authentication agent
CVE-2005-1117 (PHP remote file inclusion vulnerability in index.php in ...)
	NOT-FOR-US: All4WWW Homepage creator
CVE-2005-1116 (Cross-site scripting (XSS) vulnerability in the Calendar module for ...)
	NOT-FOR-US: phpbb2 calendar addon
CVE-2005-1115 (Multiple cross-site scripting (XSS) vulnerabilities in Photo Album ...)
	NOT-FOR-US: Photo Album
CVE-2005-1114 (Multiple SQL injection vulnerabilities in album_search.php in Photo ...)
	NOT-FOR-US: Photo Album
CVE-2005-1113 (Multiple cross-site scripting (XSS) vulnerabilities in PhpBB Plus 1.52 ...)
	NOT-FOR-US: PhpBB Plus
CVE-2005-1112 (IBM WebSphere Application Server 6.0 and earlier, when sharing the ...)
	NOT-FOR-US: IBM Websphere
CVE-2005-1111 (Race condition in cpio 2.6 and earlier allows local users to modify ...)
	{DSA-846-1}
	- cpio 2.6-6 (bug #305372; low)
CVE-2005-1110 (Stack-based buffer overflow in the RespondeHTTPPendiente function in ...)
	NOT-FOR-US: Sumus web server
CVE-2005-1109 (The filtering of URLs in JunkBuster before 2.0.2-r3 allows remote ...)
	{DSA-713-1}
	- junkbuster <removed> (bug #304793)
	- privoxy <not-affected>
CVE-2005-1108 (The ij_untrusted_url function in JunkBuster 2.0.2-r2, with ...)
	{DSA-713-1}
	- junkbuster <removed>
	- privoxy <not-affected>
CVE-2005-1107 (McAfee Internet Security Suite 2005 uses insecure default ACLs for ...)
	NOT-FOR-US: McAfee
CVE-2005-XXXX [Remote DoS vulnerabilities in postgrey]
	- postgrey 1.21-1
CVE-2005-1106 (PictureViewer in QuickTime for Windows 6.5.2 allows remote attackers ...)
	NOT-FOR-US: Windows
CVE-2005-1105 (Directory traversal vulnerability in the MimeBodyPart.getFileName ...)
	- libgnumail-java <unfixed> (bug #304712; unimportant)
	NOTE: This just provides an Java API function to receive a file name, sanitising
	NOTE: this file name for further use must be done inside the application calling
	NOTE: the function
CVE-2005-1104 (Multiple cross-site scripting (XSS) vulnerabilities in Centra 7 ...)
	NOT-FOR-US: Centra
CVE-2005-1103 (Sygate Security Agent (SSA) in Sygate Secure Enterprise 3.5 through ...)
	NOT-FOR-US: Sygate Secure Enterprise
CVE-2005-1102 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
	NOTE: Upstream developers don't consider this an issue, see bug #304468
CVE-2005-1101 (Multiple buffer overflows in Lotus Domino Server 6.0.5 and 6.5.4 allow ...)
	NOT-FOR-US: Lotus Domino Server
CVE-2005-1100 (Format string vulnerability in the ErrorLog function in cnf.c in ...)
	- postfix-gld 1.5-1
CVE-2005-1099 (Multiple buffer overflows in the HandleChild function in server.c in ...)
	- postfix-gld 1.5-1
CVE-2005-1098 (GetDataBack for NTFS 2.31 stores the username and license key in ...)
	NOT-FOR-US: GetDataBack for NTFS (Windows)
CVE-2005-1097 (Rebrand P2P Share Spy 2.2 stores the user password in plaintext in the ...)
	NOT-FOR-US: Rebrand P2P Share Spy
CVE-2005-1096 (SQL injection vulnerability in main.asp for Ocean12 Membership Manager ...)
	NOT-FOR-US: Ocean12 Membership Manager Pro
CVE-2005-1095 (Cross-site scripting (XSS) vulnerability in main.asp for Ocean12 ...)
	NOT-FOR-US: Ocean12 Membership Manager Pro
CVE-2005-1094 (FTP Now 2.6.14 stores usernames and passwords in plaintext in ...)
	NOT-FOR-US: FTP Now
CVE-2005-1093 (Buffer overflow in the PopUp Plus 2.0.3.8 plugin for Miranda IM, with ...)
	NOT-FOR-US: Miranda IM
CVE-2005-1092 (Lightspeed DeluxeFTP 6.01 stores usernames and passwords in plaintext ...)
	NOT-FOR-US: DeluxeFTP
CVE-2005-1091 (Maxthon 1.2.0 and 1.2.1 allows remote attackers to bypass the security ...)
	NOT-FOR-US: Maxthon
CVE-2005-1090 (Directory traversal vulnerability in the readFile and writeFile API ...)
	NOT-FOR-US: Maxthon
CVE-2005-1089 (Unknown vulnerability in DC++ before 0.674 allows attackers to append ...)
	NOT-FOR-US: DC++
CVE-2005-1088 (Unknown vulnerability in DameWare NT Utilities 4.8 and earlier, and ...)
	NOT-FOR-US: DameWare NT Utilities and Mini Remote Control
CVE-2005-1087 (CRLF injection vulnerability in the cmdIS.DLL plugin for AN HTTPD ...)
	NOT-FOR-US: AN HTTPD
CVE-2005-1086 (Buffer overflow in the cmdIS.DLL plugin for AN HTTPD Server 1.42n ...)
	NOT-FOR-US: AN HTTPD
CVE-2005-1085 (Cross-site scripting (XSS) vulnerability in the control panel in ...)
	NOT-FOR-US: aeDating
CVE-2005-1084 (SQL injection vulnerability in sdating.php in aeDating 3.2 allows ...)
	NOT-FOR-US: aeDating
CVE-2005-1083 (index.php in aeDating 3.2 allows remote attackers to include arbitrary ...)
	NOT-FOR-US: aeDating
CVE-2005-1082 (Multiple SQL injection vulnerabilities in AzDGDatingPlatinum 1.1.0 ...)
	NOT-FOR-US: AtDGDatingPlatinum
CVE-2005-1081 (Cross-site scripting (XSS) vulnerability in view.php in ...)
	NOT-FOR-US: AtDGDatingPlatinum
CVE-2005-1080 (Directory traversal vulnerability in the Java Archive Tool (Jar) ...)
	NOT-FOR-US: JAR in J2SE SDK
CVE-2005-1079 (SQL injection vulnerability in index.php for zOOm Media Gallery 2.1.2 ...)
	NOT-FOR-US: zOOm Media Gallery
CVE-2005-1078 (XAMPP 1.4.x has multiple default or null passwords, which allows ...)
	NOT-FOR-US: XAMPP Apache distribution specific issue
CVE-2005-1077 (Multiple cross-site scripting (XSS) vulnerabilities in XAMPP 1.4.x ...)
	NOT-FOR-US: XAMPP Apache distribution specific issue
CVE-2005-1076 (Cross-site scripting (XSS) vulnerability in the discussion board ...)
	NOT-FOR-US: WebCT
CVE-2005-1075 (Multiple cross-site scripting (XSS) vulnerabilities in RadScripts ...)
	NOT-FOR-US: RadScripts RadBids Gold
CVE-2005-1074 (SQL injection vulnerability in index.php for RadScripts RadBids Gold 2 ...)
	NOT-FOR-US: RadScripts RadBids Gold
CVE-2005-1073 (Directory traversal vulnerability in index.php for RadScripts RadBids ...)
	NOT-FOR-US: RadScripts RadBids Gold
CVE-2005-1072 (Cross-site scripting (XSS) vulnerability in PunBB before 1.2.5 allows ...)
	NOT-FOR-US: PunBB
CVE-2005-1071 (SQL injection vulnerability in banner.inc.php in JPortal Web Portal ...)
	NOT-FOR-US: JPortal
CVE-2005-1070 (SQL injection vulnerability in index.php in Invision Power Board 1.3.1 ...)
	NOT-FOR-US: Invision Power Board
CVE-2005-1069 (Unknown vulnerability in sCssBoard 1.11 and earlier has unknown ...)
	NOT-FOR-US: sCssBoard
CVE-2005-1068 (Cross-site scripting (XSS) vulnerability in sCssBoard 1.11 and earlier ...)
	NOT-FOR-US: sCssBoard
CVE-2005-1067 (Vulnerability in Access_user Class before 1.75 allows local users to ...)
	NOT-FOR-US: Access_user class
CVE-2005-1066 (Race condition in rpdump in Pine 4.62 and earlier allows local users ...)
	- pine 4.63-1 (unimportant)
	- alpine <not-affected> (alpine is based on pine 4.64, this bug was in a previous version of pine)
	NOTE: Not shipped in the binary package
CVE-2005-1065 (tetex in Novell Linux Desktop 9 allows local users to determine the ...)
	- tetex-base <not-affected> (/var/cache/fonts is not writable by normal users in Debian)
CVE-2005-1064 (The copy_symlink function in rsnapshot 1.2.0 and 1.1.x before 1.1.7 ...)
	- rsnapshot 1.2.1-1
CVE-2005-1063 (The administration protocol for Kerio WinRoute Firewall 6.x up to ...)
	NOT-FOR-US: Kerio
CVE-2005-1062 (The administration protocol for Kerio WinRoute Firewall 6.x up to ...)
	NOT-FOR-US: Kerio
CVE-2005-1061 (The secure script in LogWatch before 2.6-2 allows attackers to prevent ...)
	- logwatch 5.0-1
CVE-2005-1060 (Unknown vulnerability in the TCP/IP functionality (TCPIP.NLM) in ...)
	NOT-FOR-US: Novell Netware
CVE-2005-1059 (Linksys WET11 1.5.4 allows remote attackers to change the password ...)
	NOT-FOR-US: Linksys WET11
CVE-2005-1058 (Cisco IOS 12.2T, 12.3 and 12.3T, when processing an ISAKMP profile ...)
	NOT-FOR-US: Cisco
CVE-2005-1057 (Cisco IOS 12.2T, 12.3 and 12.3T, when using Easy VPN Server XAUTH ...)
	NOT-FOR-US: Cisco
CVE-2005-1056 (Unknown vulnerability in HP OpenView Network Node Manager (NMM) 6.2 ...)
	NOT-FOR-US: HP OpenView Network Node Manager
CVE-2005-1055 (TowerBlog 0.6 and earlier stores the login data file under the web ...)
	NOT-FOR-US: TowerBlog
CVE-2005-1054 (PHP remote file inclusion vulnerability in news.php in ModernBill ...)
	NOT-FOR-US: ModernBill
CVE-2005-1053 (Multiple cross-site scripting (XSS) vulnerabilities in orderwiz.php in ...)
	NOT-FOR-US: ModernBill
CVE-2005-1052 (Microsoft Outlook 2003 and Outlook Web Access (OWA) 2003 do not ...)
	NOT-FOR-US: Microsoft
CVE-2005-1051 (SQL injection vulnerability in profile.php in PunBB 1.2.4 allows ...)
	NOT-FOR-US: PunBB
CVE-2005-1050 (The modload op in the Reviews module for PostNuke 0.760-RC3 allows ...)
	NOT-FOR-US: PostNuke
CVE-2005-1049 (Multiple cross-site scripting vulnerabilities in PostNuke 0.760-RC3 ...)
	NOT-FOR-US: PostNuke
CVE-2005-1048 (SQL injection vulnerability in modules.php in PostNuke 0.760 RC3 ...)
	NOT-FOR-US: PostNuke
CVE-2005-1047 (Meilad File upload script (up.php) mod for phpBB 2.0.x does not ...)
	NOT-FOR-US: PunBB
CVE-2005-1046 (Buffer overflow in the kimgio library for KDE 3.4.0 allows remote ...)
	{DSA-714-1}
	- kdelibs 4:3.3.2-6
CVE-2005-1045 (OpenText FirstClass 8.0 client does not properly sanitize strings ...)
	NOT-FOR-US: OpenText
CVE-2005-1044
	REJECTED
CVE-2005-1043 (exif.c in PHP before 4.3.11 allows remote attackers to cause a denial ...)
	- php4 4:4.3.10-10 (bug #306003)
CVE-2005-1042 (Integer overflow in the exif_process_IFD_TAG function in exif.c in PHP ...)
	- php4 4:4.3.10-10 (bug #306003)
CVE-2005-1041 (The fib_seq_start function in fib_hash.c in Linux kernel allows local ...)
	- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.11.5)
	[sarge] - kernel-source-2.6.8 2.6.8-16
	- kernel-source-2.4.27 <not-affected>
CVE-2005-1040 (Multiple unknown vulnerabilities in netapplet in Novell Linux Desktop ...)
	- netapplet <not-affected> (Not vulerable, see bug #310833)
CVE-2005-1039 (Race condition in Core Utilities (coreutils) 5.2.1, when (1) mkdir, ...)
	- coreutils 6.10-1 (bug #304556; unimportant)
	NOTE: Minor issue, generic UNIX design issue, see discussion in #304556)
CVE-2005-1038 (crontab in Vixie cron 4.1, when running with the -e option, allows ...)
	NOTE: long fixed in Debian's cron
CVE-2005-1037 (Unknown vulnerability in AIX 5.3.0, when configured as an NIS client, ...)
	NOT-FOR-US: AIX
CVE-2005-1036 (FreeBSD 5.x to 5.4 on AMD64 does not properly initialize the IO ...)
	NOT-FOR-US: FreeBSD
CVE-2005-1035 (Multiple buffer overflows in Pavuk before 0.9.32 have unknown attack ...)
	- pavuk 0.9.32-1
CVE-2005-1034 (SurgeFTP 2.2m1 allows remote attackers to cause a denial of service ...)
	NOT-FOR-US: SurgeFTP
CVE-2005-1033 (CubeCart 2.0.6 allows remote attackers to obtain sensitive information ...)
	NOT-FOR-US: CubeCart
CVE-2005-1032
	REJECTED
	NOT-FOR-US: LiteCommerce
CVE-2005-1031 (RUNCMS 1.1A, and possibly other products based on e-Xoops (exoops), ...)
	NOT-FOR-US: exoops
CVE-2005-1030 (Multiple cross-site scripting (XSS) vulnerabilities in Active Auction ...)
	NOT-FOR-US: Active Auction House
CVE-2005-1029 (Multiple SQL injection vulnerabilities in Active Auction House allow ...)
	NOT-FOR-US: Active Auction House
CVE-2005-1028 (PHP-Nuke 6.x through 7.6 allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: PHP-Nuke
CVE-2005-1027 (Multiple cross-site scripting (XSS) vulnerabilities in PHP-Nuke 6.x ...)
	NOT-FOR-US: PHP-Nuke
CVE-2005-1026 (Multiple SQL injection vulnerabilities in SnailSource phpBB 2.0.x mods ...)
	NOT-FOR-US: SnailSource phpBB mod
CVE-2005-1025 (The FTP server in AS/400 4.3, when running in IFS mode, allows remote ...)
	NOT-FOR-US: IBM
CVE-2005-1024 (modules.php in PHP-Nuke 6.x to 7.6 allows remote attackers to obtain ...)
	NOT-FOR-US: PHP-Nuke
CVE-2005-1023 (Multiple cross-site scripting (XSS) vulnerabilities in PHP-Nuke 6.x to ...)
	NOT-FOR-US: PHP-Nuke
CVE-2005-1022 (ColdFusion 6.1 Updater 1 places Java .class files under the web root ...)
	NOT-FOR-US: ColdFusion
CVE-2005-1021 (Memory leak in Secure Shell (SSH) in Cisco IOS 12.0 through 12.3, when ...)
	NOT-FOR-US: IOS
CVE-2005-1020 (Secure Shell (SSH) 2 in Cisco IOS 12.0 through 12.3 allows remote ...)
	NOT-FOR-US: IOS
CVE-2005-1019 (Buffer overflow in the getConfig function in Aeon 0.2a and earlier ...)
	NOT-FOR-US: Aeon
CVE-2005-1018 (Buffer overflow in the UniversalAgent for Computer Associates (CA) ...)
	NOT-FOR-US: CA ArcServe Backup
CVE-2005-XXXX [Some security issues in mod_security]
	NOTE: I don't understand mod_security fully, so I'm not entirely sure which of
	NOTE: the changelog entries matches the security criteria, but the changelog
	NOTE: claims so.
	- libapache-mod-security 1.8.7-1
CVE-2005-XXXX [imms: Arbitrary command execution through inproper filename escaping]
	NOTE: Already fixed in 2.0.1-3.1, but 2.0.3 claims to have a better fix
	- imms 2.0.3-1
CVE-2005-XXXX [Variable function calls in Smarty allow bypassing security settings]
	- smarty 2.6.9-1
CVE-2005-XXXX [Possible problem with insecure usage of sscanf in obexftp client]
	- obexftp 0.10.7-3
CVE-2005-1017 (SQL injection vulnerability in the Update_Events function in ...)
	NOT-FOR-US: MaxWebPortal
CVE-2005-1016 (Cross-site scripting (XSS) vulnerability in links_add_form.asp for ...)
	NOT-FOR-US: MaxWebPortal
CVE-2005-1015 (Buffer overflow in MailEnable Imapd (MEIMAP.exe) allows remote ...)
	NOT-FOR-US: MailEnable
CVE-2005-1014 (Buffer overflow in the IMAP service for MailEnable Enterprise 1.04 and ...)
	NOT-FOR-US: MailEnable
CVE-2005-1013 (The SMTP service in MailEnable Enterprise 1.04 and earlier and ...)
	NOT-FOR-US: MailEnable
CVE-2005-1012 (Cross-site scripting (XSS) vulnerability in Iatek SiteEnable allows ...)
	NOT-FOR-US: SiteEnable
CVE-2005-1011 (SQL injection vulnerability in content.asp in SiteEnable allows remote ...)
	NOT-FOR-US: SiteEnable
CVE-2005-1010 (Cross-site scripting (XSS) vulnerability in Comersus Cart 6 allows ...)
	NOT-FOR-US: ComersusCart
CVE-2005-1009 (Multiple buffer overflows in BakBone NetVault 6.x and 7.x allow (1) ...)
	NOT-FOR-US: NetVault
CVE-2005-1008 (Cross-site scripting (XSS) vulnerability in posts.asp for ASP-DEv XM ...)
	NOT-FOR-US: XM Forum
CVE-2005-1007 (Unknown vulnerability in the LIST functionality in CommuniGate Pro ...)
	NOT-FOR-US: CommuniGate Pro
CVE-2005-1006 (Multiple cross-site scripting (XSS) vulnerabilities in SonicWALL SOHO ...)
	NOT-FOR-US: SonicWALL
CVE-2005-1005 (ProfitCode PayProCart 3.0 allows remote attackers to bypass ...)
	NOT-FOR-US: PayProCart
CVE-2005-1004 (Cross-site scripting (XSS) vulnerability in usrdetails.php in ...)
	NOT-FOR-US: PayProCart
CVE-2005-1003 (Directory traversal vulnerability in index.php for ProfitCode ...)
	NOT-FOR-US: PayProCart
CVE-2005-1002 (logwebftbs2000.exe in Logics Software File Transfer (LOG-FT) allows ...)
	NOT-FOR-US: LOG-FT File Transfer
CVE-2005-1001 (PHP-Nuke 7.6 allows remote attackers to obtain sensitive information ...)
	NOT-FOR-US: PHP-Nuke
CVE-2005-1000 (Multiple cross-site scripting (XSS) vulnerabilities in PHP-Nuke 7.6 ...)
	NOT-FOR-US: PHP-Nuke
CVE-2005-0999 (SQL injection vulnerability in the Top module for PHP-Nuke 6.x through ...)
	NOT-FOR-US: PHP-Nuke
CVE-2005-0998 (The Web_Links module for PHP-Nuke 7.6 allows remote attackers to ...)
	NOT-FOR-US: PHP-Nuke
CVE-2005-0997 (Multiple SQL injection vulnerabilities in the Web_Links module for ...)
	NOT-FOR-US: PHP-Nuke
CVE-2005-0996 (Multiple SQL injection vulnerabilities in the Downloads module for ...)
	NOT-FOR-US: PHP-Nuke
CVE-2005-0995 (Multiple cross-site scripting (XSS) vulnerabilities in ProductCart 2.7 ...)
	NOT-FOR-US: ProductCart
CVE-2005-0994 (Multiple SQL injection vulnerabilities in ProductCart 2.7 allow remote ...)
	NOT-FOR-US: ProductCart
CVE-2005-0993 (Buffer overflow in nwprint in SCO OpenServer 5.0.7 allows local users ...)
	NOT-FOR-US: SCO
CVE-2005-0992 (Cross-site scripting (XSS) vulnerability in index.php in phpMyAdmin ...)
	- phpmyadmin 3:2.6.2-rc1-1
CVE-2005-0991 (RC.BOOT in IBM AIX 5.1, 5.2, and 5.3 does not &quot;use a secure location ...)
	NOT-FOR-US: AIX
CVE-2005-0990 (unshar (unshar.c) in sharutils 4.2.1 allows local users to overwrite ...)
	- sharutils 1:4.2.1-13
CVE-2005-0989 (The find_replen function in jsstr.c in the the Javascript engine for ...)
	{DSA-781-1}
	- mozilla 2:1.7.7-1 (bug #306001)
	- mozilla-firefox 1.0.2-3
	- mozilla-thunderbird 1.0.6-1 (bug #318728; medium)
CVE-2005-0988 (Race condition in gzip 1.2.4, 1.3.3, and earlier, when decompressing a ...)
	{DSA-752-1}
	- gzip 1.3.5-10
CVE-2005-0987 (Unknown vulnerability in IRC Services NickServ LISTLINKS before 5.0.50 ...)
	NOT-FOR-US: IRC Services NickServ
CVE-2005-0986 (NLSCCSTR.DLL in the web service in IBM Lotus Domino Server 6.5.1, ...)
	NOT-FOR-US: Lotus Domino
CVE-2005-0985 (Unspecified vulnerability in the Mac OS X kernel before 10.3.8 allows ...)
	NOT-FOR-US: Apple
CVE-2005-0984 (Buffer overflow in the G_Printf function in Star Wars Jedi Knight: ...)
	NOT-FOR-US: Star Wars game
CVE-2005-0983 (Quake 3 engine, as used in multiple games, allows remote attackers to ...)
	NOT-FOR-US: Quake 3 based games
CVE-2005-0982 (Multiple cross-site scripting (XSS) vulnerabilities in Yet Another ...)
	NOT-FOR-US: Yet Another Forum.net
CVE-2005-0981 (Multiple cross-site scripting (XSS) vulnerabilities in AlstraSoft EPay ...)
	NOT-FOR-US: Alstrasoft EPay
CVE-2005-0980 (PHP remote file inclusion vulnerability in index.php in AlstraSoft ...)
	NOT-FOR-US: Alstrasoft EPay
CVE-2005-0979 (Multiple buffer overflows in RUMBA 7.3 and earlier allow remote ...)
	NOT-FOR-US: Rumba
CVE-2005-0978 (Directory traversal vulnerability in the Object Push service in IVT ...)
	NOT-FOR-US: IVT BlueSoleil
CVE-2005-0977 (The shmem_nopage function in shmem.c for the tmpfs driver in Linux ...)
	[sarge] - kernel-source-2.6.8 2.6.8-16 (bug #303177)
	- linux-2.6 <not-affected> (Fixed before upload into archive)
CVE-2005-0976 (AppleWebKit (WebCore and WebKit), as used in multiple products such as ...)
	NOT-FOR-US: Apple
CVE-2005-0975 (Integer signedness error in the parse_machfile function in the mach-o ...)
	NOT-FOR-US: Apple
CVE-2005-0974 (Unknown vulnerability in the nfs_mount call in Mac OS X 10.3.9 and ...)
	NOT-FOR-US: Apple
CVE-2005-0973 (Unknown vulnerability in the setsockopt system call in Mac OS X 10.3.9 ...)
	NOT-FOR-US: Apple
CVE-2005-0972 (Integer overflow in the searchfs system call in Mac OS X 10.3.9 and ...)
	NOT-FOR-US: Apple
CVE-2005-0971 (Stack-based buffer overflow in the semop system call in Mac OS X ...)
	NOT-FOR-US: Apple
CVE-2005-0970 (Mac OS X 10.3.9 and earlier allows users to install, create, and ...)
	NOT-FOR-US: Apple
CVE-2005-0969 (Heap-based buffer overflow in the syscall emulation functionality in ...)
	NOT-FOR-US: Apple
CVE-2005-0968 (Computer Associates (CA) eTrust Intrusion Detection 3.0 allows remote ...)
	NOT-FOR-US: CA eTrust IDS
CVE-2005-0967 (Gaim 1.2.0 allows remote attackers to cause a denial of service ...)
	- gaim 1:1.2.1-1
CVE-2005-XXXX [Insecure tempfile handling in openwebmail CGI scripts]
	- openwebmail <removed>
CVE-2005-0966 (The IRC protocol plugin in Gaim 1.2.0, and possibly earlier versions, ...)
	- gaim 1:1.2.1-1 (bug #303581)
CVE-2005-0965 (The gaim_markup_strip_html function in Gaim 1.2.0, and possibly ...)
	- gaim 1:1.2.1-1 (bug #303581)
CVE-2005-0964 (Unknown vulnerability in Kerio Personal Firewall 4.1.2 and earlier ...)
	NOT-FOR-US: Kerio firewall
CVE-2005-0963 (An error in the Toshiba ACPI BIOS 1.6 causes the BIOS to only examine ...)
	NOT-FOR-US: ACPI BIOS hardware issue
CVE-2005-0962 (SQL injection vulnerability in index.php for Lighthouse Squirrelcart ...)
	NOT-FOR-US: SquirrelCart
CVE-2005-0961 (Cross-site scripting (XSS) vulnerability in Horde 3.0.4 before ...)
	- horde3 3.0.4-1
	- horde2 2.2.8-1
CVE-2005-0960 (Multiple vulnerabilities in the SACK functionality in (1) tcp_input.c ...)
	NOT-FOR-US: OpenBSD
CVE-2005-0959 (Buffer overflow in the mt_do_dir function in YepYep mtftpd 0.0.3 may ...)
	NOT-FOR-US: YepYep mtftpd
CVE-2005-0958 (Format string vulnerability in the log_do function in log.c for YepYep ...)
	NOT-FOR-US: YepYep mtftpd
CVE-2005-0957 (Bay Technical Associates RPC-3 Telnet Host 3.05 allows remote ...)
	NOT-FOR-US: BayTech RPC
CVE-2005-0956 (Multiple SQL injection vulnerabilities in index.php in InterAKT MX ...)
	NOT-FOR-US: InterAKT MX Kart
CVE-2005-0955 (SQL injection vulnerability in InterAKT MX Shop 1.1.1 allows remote ...)
	NOT-FOR-US: InterAKT MX Shop
CVE-2005-0954 (Windows Explorer and Internet Explorer in Windows 2000 SP1 allows ...)
	NOT-FOR-US: Windows
CVE-2005-0953 (Race condition in bzip2 1.0.2 and earlier allows local users to modify ...)
	{DSA-730-1}
	- bzip2 1.0.2-6
	NOTE: This "vulnerability" is only exploitable under rarest circumstances: A (local)
	NOTE: attacker would have to exploit the minimal time span between uncompressing
	NOTE: the file and chmodding it to delete the file and place a hardlink to another
	NOTE: file of the "attacked" user. Additionally the attacker needs write permissions
	NOTE: to the directory where the file is being uncompressed, ruling out /~ etc.
CVE-2005-0952 (Cross-site scripting vulnerability in pafiledb.php in PaFileDB 3.1 ...)
	NOT-FOR-US: PafileDB
CVE-2005-0951
	REJECTED
CVE-2005-0950 (Directory traversal vulnerability in FastStone 4in1 Browser 1.2 allows ...)
	NOT-FOR-US: FastStone 4in1 Browser
CVE-2005-0949 (Multiple cross-site scripting (XSS) vulnerabilities in content.asp in ...)
	NOT-FOR-US: PortalApp
CVE-2005-0948 (SQL injection vulnerability in ad_click.asp for PortalApp allows ...)
	NOT-FOR-US: PortalApp
CVE-2005-0947 (Directory traversal vulnerability in auxpage.php in phpCoin 1.2.1b and ...)
	NOT-FOR-US: phpCoin
CVE-2005-0946 (SQL injection vulnerability in phpCoin 1.2.1b and earlier allows ...)
	NOT-FOR-US: phpCoin
CVE-2005-0945 (Cross-site scripting (XSS) vulnerability in ACS Blog 1.1.1 allows ...)
	NOT-FOR-US: ACS Blog
CVE-2005-0944 (Unknown vulnerability in Microsoft Jet DB engine (msjet40.dll) ...)
	NOT-FOR-US: Microsoft
CVE-2005-0943 (Cisco VPN 3000 series Concentrator running firmware 4.1.7.A and ...)
	NOT-FOR-US: Cisco
CVE-2005-0942 (The XP Server process (xp_server) in Sybase Adaptive Server Enterprise ...)
	NOT-FOR-US: Sybase ASE
CVE-2005-0941 (The StgCompObjStream::Load function in OpenOffice.org OpenOffice 1.1.4 ...)
	- openoffice.org 1.1.3-9
CVE-2005-0939
	RESERVED
CVE-2005-0938 (Ublog Reload 1.0 through 1.0.4 stores ublogreload.mdb under the web ...)
	NOT-FOR-US: UBlog
CVE-2005-0937 (Some futex functions in futex.c for Linux kernel 2.6.x perform ...)
	- kernel-source-2.6.8 2.6.8-16
CVE-2005-XXXX [Several DoS possibilities of clients against the server in Freeciv]
	- freeciv 2.0.1-1
CVE-2005-XXXX [mailscanner: lock/pid file location symlink attack]
	- mailscanner 4.40.11-1
CVE-2005-XXXX [KDE Kopete ICQ remote DoS]
	- kdenetwork 4:3.3.2-2
CVE-2005-0936 (Cross-site scripting vulnerability in products1h.php in ESMI PayPal ...)
	NOT-FOR-US: ESMI PayPal Storefront
CVE-2005-0935 (Multiple SQL injection vulnerabilities in ESMI PayPal Storefront allow ...)
	NOT-FOR-US: ESMI PayPal Storefront
CVE-2005-0934 (Multiple cross-site scripting (XSS) vulnerabilities in WackoWiki R4 ...)
	NOT-FOR-US: WackoWiki
CVE-2005-0933 (Directory traversal vulnerability in auxpage.php for phpCOIN 1.2.1b ...)
	NOT-FOR-US: phpCOIN
CVE-2005-0932 (Multiple SQL injection vulnerabilities in phpCOIN 1.2.1b and earlier ...)
	NOT-FOR-US: phpCOIN
CVE-2005-0931 (PHP remote file inclusion vulnerability in The Includer 1.0 and 1.1 ...)
	NOT-FOR-US: The Includer
CVE-2005-0930 (Cross-site scripting (XSS) vulnerability in message.php in Chatness ...)
	NOT-FOR-US: Chatness
CVE-2005-0929 (SQL injection vulnerability in PhotoPost PHP Pro 5.x may allow remote ...)
	NOT-FOR-US: PhotoPost PHP Pro
CVE-2005-0928 (Multiple cross-site scripting (XSS) vulnerabilities in PhotoPost PHP ...)
	NOT-FOR-US: PhotoPost PHP Pro
CVE-2005-0927 (Unknown vulnerability in subs.pl for WebAPP 0.9.9 through 0.9.9.2 has ...)
	NOT-FOR-US: WebAPP
CVE-2005-0926 (Buffer overflow in Sylpheed before 1.0.4 allows remote attackers to ...)
	- sylpheed 1.0.4-1
	- sylpheed-claws 1.0.4-1
CVE-2005-0925 (Cross-site scripting (XSS) vulnerability in login.asp for Ublog Reload ...)
	NOT-FOR-US: Uapplication Ublog
CVE-2005-0924 (Cross-site scripting (XSS) vulnerability in Adventia E-Data 2.0 allows ...)
	NOT-FOR-US: Adventia E-Data
CVE-2005-0923 (The SmartScan feature in the Auto-Protect module for Symantec Norton ...)
	NOT-FOR-US: Norton AntiVirus
CVE-2005-0922 (Unknown vulnerability in the Auto-Protect module in Symantec Norton ...)
	NOT-FOR-US: Norton AntiVirus
CVE-2005-0921 (Microsoft Outlook 2002 Connector for IBM Lotus Domino 2.0 allows local ...)
	NOT-FOR-US: Lotus
CVE-2005-0920 (Multiple SQL injection vulnerabilities in Bugtracker.NET 2.0.1 allow ...)
	NOT-FOR-US: Bugtracker.NET
CVE-2005-0919 (Adventia Chat 3.1 and Server Pro 3.0 allows remote attackers to inject ...)
	NOT-FOR-US: Adventia E-Data
CVE-2005-0918 (The NPSVG3.dll ActiveX control for Adobe SVG Viewer 3.02 and earlier, ...)
	NOT-FOR-US: Adobe SVG Viewer
CVE-2005-0917 (PHP remote file inclusion vulnerability in index_header.php for ...)
	NOT-FOR-US: EncapsBB
CVE-2005-0916 (AIO in the Linux kernel 2.6.11 on the PPC64 or IA64 architectures with ...)
	- kernel-source-2.6.8 2.6.8-16
	- kernel-source-2.4.27 <not-affected>
	- linux-2.6 <not-affected> (Fixed before upload into archive)
CVE-2005-0915 (Webmasters-Debutants WD Guestbook 2.8 allows remote attackers to ...)
	NOT-FOR-US: Webmasters-Debutants WD Guestbook
CVE-2005-0914 (Multiple cross-site scripting (XSS) vulnerabilities in CPG Dragonfly ...)
	NOT-FOR-US: CPG Dragonfly
CVE-2005-0913 (Unknown vulnerability in the regex_replace modifier ...)
	- smarty 2.6.8-1
CVE-2005-0912 (Unknown vulnerabilities in deplate before 0.7.2 have unknown impact, ...)
	NOT-FOR-US: deplate
CVE-2005-0911 (Multiple SQL injection vulnerabilities in exoops may allow remote ...)
	NOT-FOR-US: exoops
CVE-2005-0910 (Multiple cross-site scripting (XSS) vulnerabilities in exoops allow ...)
	NOT-FOR-US: exoops
CVE-2005-0909 (PHP remote file inclusion vulnerability in shoutact.php for TKai's ...)
	NOT-FOR-US: THai's Shoutbox
CVE-2005-0908 (Multiple cross-site scripting (XSS) vulnerabilities in Valdersoft ...)
	NOT-FOR-US: Valdersoft Shopping Cart
CVE-2005-0907 (Multiple SQL injection vulnerabilities in Valdersoft Shopping Cart 3.0 ...)
	NOT-FOR-US: Valdersoft Shopping Cart
CVE-2005-0906 (Buffer overflow in a player logging function in the Tincat network ...)
	NOT-FOR-US: Tincat network library
CVE-2005-0905 (Maxthon 1.2.0 allows remote malicious web sites to obtain potentially ...)
	NOT-FOR-US: Maxthon
CVE-2005-0904 (Remote Desktop in Windows XP SP1 does not verify the &quot;Force shutdown ...)
	NOT-FOR-US: Microsoft
CVE-2005-0903 (Buffer overflow in QuickTime PictureViewer 6.5.1 allows remote ...)
	NOT-FOR-US: QuickTime PictureViewer
CVE-2005-0902 (SQL injection vulnerability in marks.php in NukeBookmarks 0.6 for ...)
	NOT-FOR-US: NukeBookmarks for php-nuke
CVE-2005-0901 (Multiple cross-site scripting (XSS) vulnerabilities in NukeBookmarks ...)
	NOT-FOR-US: NukeBookmarks for php-nuke
CVE-2005-0900 (marks.php in NukeBookmarks 0.6 for PHP-Nuke allows remote attackers to ...)
	NOT-FOR-US: NukeBookmarks for php-nuke
CVE-2005-0899 (AS/400 running OS400 5.2 installs and enables LDAP by default, which ...)
	NOT-FOR-US: AS/400 running OS400
CVE-2005-0898 (Cross-site scripting (XSS) vulnerability in downloadform.php in ...)
	NOT-FOR-US: E-Store Kit-2 PayPal Edition
CVE-2005-0897 (PHP remote file inclusion vulnerability in catalog.php in E-Store ...)
	NOT-FOR-US: E-Store Kit-2 PayPal Edition
CVE-2005-0896 (Multiple cross-site scripting (XSS) vulnerabilities in review.php in ...)
	NOT-FOR-US: phpMyDirectory
CVE-2005-0895 (Netcomm 1300NB DSL Modem allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Netcomm 1300NB DSL Modem
CVE-2005-0894 (OpenmosixCollector and OpenMosixView in OpenMosixView 1.5 allow local ...)
	- openmosixview 1.5-7
CVE-2005-0893 (modes.c in smail 3.2.0.120 implements signal handlers with certain ...)
	- smail <removed> (bug #335042; unimportant)
	NOTE: cording to upstream impossible to exploit
CVE-2005-0892 (Buffer overflow in smail 3.2.0.120 allows remote attackers or local ...)
	{DSA-722-1}
	- smail 3.2.0.115-7 (bug #301428; high)
CVE-2005-0891 (Double free vulnerability in gtk 2 (gtk2) before 2.2.4 allows remote ...)
	NOTE: The description is wrong; 2.6 is affected as well
	- gtk+2.0 2.6.4-1
	- gdk-pixbuf 0.22.0-7.1
CVE-2004-1773 (Multiple buffer overflows in sharutils 4.2.1 and earlier may allow ...)
	- sharutils 1:4.2.1-12
CVE-2004-1772 (Stack-based buffer overflow in shar in GNU sharutils 4.2.1 allows ...)
	- sharutils 1:4.2.1-11
CVE-2002-1656 (X-News (x_news) 1.1 and earlier allows attackers to authenticate as ...)
	NOT-FOR-US: X-News
CVE-2002-1655 (The Web Publishing feature in Netscape Enterprise Server 3.x and ...)
	NOT-FOR-US: Netscape Enterprise Server
CVE-2002-1654 (iPlanet Web Server Enterprise Edition and Netscape Enterprise Server ...)
	NOT-FOR-US: iPlanet Web Server Enterprise Edition and Netscape Enterprise Server
CVE-2002-1653 (Farm9 Cryptcat, when started in server mode with the -e option, does ...)
	- cryptcat 20031202-2
	NOTE: don't know when it was fixed, verified above version is ok
CVE-2002-1652 (Buffer overflow in cgicso.c for cgiemail 1.6 allows remote attackers ...)
	- cgiemail 1.6-14
CVE-2002-1651 (Cross-site scripting (XSS) vulnerability in Verity Search97 allows ...)
	NOT-FOR-US: Verity Search97
CVE-2002-1650 (The spell checker plugin (check_me.mod.php) for SquirrelMail before ...)
	- squirrelmail 1:1.2.3
CVE-2002-1649 (Cross-site scripting (XSS) vulnerability in read_body.php in ...)
	- squirrelmail 1:1.2.3
CVE-2002-1648 (Cross-site request forgery (CSRF) vulnerability in compose.php in ...)
	- squirrelmail 1:1.2.3
CVE-2002-1647 (The quick login feature in Slash Slashcode does not redirect the user ...)
	- slash 2.2.6-8 (bug #160579; low)
	[sarge] - slash <no-dsa> (Minor security implications)
CVE-2002-1646 (SSH Secure Shell for Servers 3.0.0 to 3.1.1 allows remote attackers to ...)
	NOT-FOR-US: commercial ssh
CVE-2002-1645 (Buffer overflow in the URL catcher feature for SSH Secure Shell for ...)
	NOT-FOR-US: commercial ssh
CVE-2002-1644 (SSH Secure Shell for Servers and SSH Secure Shell for Workstations ...)
	NOT-FOR-US: commercial ssh
CVE-2002-1643 (Multiple buffer overflows in RealNetworks Helix Universal Server 9.0 ...)
	NOT-FOR-US: RealNetworks Helix Universal Server
CVE-2002-1642 (PostgreSQL 7.2.1 and 7.2.2 allows local users to delete transaction ...)
	- postgresql 7.2.3
CVE-2002-1641 (Multiple buffer overflows in Oracle Web Cache for Oracle 9i ...)
	NOT-FOR-US: Oracle
CVE-2002-1640 (Multiple cross-site scripting (XSS) vulnerabilities in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2002-1639 (Oracle Configurator before 11.5.7.17.32 and 11.5.6.16.53 allows remote ...)
	NOT-FOR-US: Oracle
CVE-2002-1638
	REJECTED
	NOT-FOR-US: Oracle
CVE-2002-1637 (Multiple components in Oracle 9i Application Server (9iAS) are ...)
	NOT-FOR-US: Oracle
CVE-2002-1636 (Cross-site scripting (XSS) vulnerability in the htp PL/SQL package for ...)
	NOT-FOR-US: Oracle
CVE-2002-1635 (The Apache configuration file (httpd.conf) in Oracle 9i Application ...)
	NOT-FOR-US: Oracle
CVE-2002-1634 (Novell NetWare 5.1 installs sample applications that allow remote ...)
	NOT-FOR-US: NetWare
CVE-2002-1633 (Multiple buffer overflows in QNX 4.25 may allow local users to execute ...)
	NOT-FOR-US: QNX
CVE-2002-1632 (Oracle 9i Application Server (9iAS) installs multiple sample pages ...)
	NOT-FOR-US: Oracle
CVE-2002-1631 (SQL injection vulnerability in the query.xsql sample page in Oracle 9i ...)
	NOT-FOR-US: Oracle
CVE-2002-1630 (The sendmail.jsp sample page in Oracle 9i Application Server (9iAS) ...)
	NOT-FOR-US: Oracle
CVE-2002-1629 (Multi-Tech ProxyServer products MTPSR1-100, MTPSR1-120, MTPSR1-202ST, ...)
	NOT-FOR-US: Multi-Tech ProxyServer
CVE-2005-0890 (SQL injection vulnerability in Dream4 Koobi CMS 4.2.3 allows remote ...)
	NOT-FOR-US: Dream4 Koobi CMS
CVE-2005-0889 (Cross-site scripting (XSS) vulnerability in index.php for Dream4 Koobi ...)
	NOT-FOR-US: Dream4 Koobi CMS
CVE-2005-0888 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
	- dcl 1:0.9.4.4-1
CVE-2005-0887 (Eval injection vulnerability in Double Choco Latte before 0.9.4.3 ...)
	- dcl 1:0.9.4.4-1
CVE-2005-0886 (Cross-site scripting (XSS) vulnerability in Invision Power Board 2.0.2 ...)
	NOT-FOR-US: Invision Power Board
CVE-2005-0885 (Multiple cross-site scripting (XSS) vulnerabilities in XMB Forum 1.9.1 ...)
	NOT-FOR-US: XMB Forum
CVE-2005-0884 (DigitalHive 2.0 allows remote attackers to re-install the product by ...)
	NOT-FOR-US: DigitalHive
CVE-2005-0883 (Multiple cross-site scripting (XSS) vulnerabilities in base.php for ...)
	NOT-FOR-US: DigitalHive
CVE-2005-0882 (SQL injection vulnerability in admincore.php in BirdBlog before 1.2.0 ...)
	NOT-FOR-US: BirdBlog
CVE-2005-0881 (Cross-site scripting (XSS) vulnerability in articles.newcomment for ...)
	NOT-FOR-US: Interspire ArticleLive
CVE-2005-0880 (content.php in Vortex Portal allows remote attackers to obtain ...)
	NOT-FOR-US: Vortex Portal
CVE-2005-0879 (PHP remote file include vulnerability in (1) content.php and (2) ...)
	NOT-FOR-US: Vortex Portal
CVE-2005-0878 (Cross-site scripting (XSS) vulnerability in MercuryBoard before 1.1.3 ...)
	NOT-FOR-US: MercuryBoard
CVE-2005-0877 (Dnsmasq before 2.21 allows remote attackers to poison the DNS cache ...)
	- dnsmasq 2.21
CVE-2005-0876 (Off-by-one buffer overflow in Dnsmasq before 2.21 may allow attackers ...)
	- dnsmasq 2.21
CVE-2005-0875 (Multiple buffer overflows in the Yahoo plug-in for Trillian 2.0, 3.0, ...)
	NOT-FOR-US: Cerulean Trillian
CVE-2005-0874 (Multiple buffer overflows in the (1) AIM, (2) MSN, (3) RSS, and other ...)
	NOT-FOR-US: Cerulean Trillian
CVE-2005-0873 (Multiple cross-site scripting (XSS) vulnerabilities in test.jsp in ...)
	NOT-FOR-US: Oracle
CVE-2005-0872 (Cross-site scripting (XSS) vulnerability in calendar_scheduler.php in ...)
	NOT-FOR-US: Topic Calendar phpbb2 plugin
CVE-2005-0871 (calendar_scheduler.php in Topic Calendar 1.0.1 module for phpBB, when ...)
	NOT-FOR-US: Topic Calendar phpbb2 plugin
CVE-2005-0870 (Multiple cross-site scripting (XSS) vulnerabilities in phpSysInfo 2.3, ...)
	{DSA-899-1 DSA-898-1 DSA-897-1 DSA-724-1}
	NOTE: Fix in phpsysinfo 2.3-3 was apparently incomplete.
	- phpsysinfo 2.3-7
	- egroupware 1.0.0.009.dfsg-3-3
	- phpgroupware 0.9.16.008-2
CVE-2005-0869 (phpSysInfo 2.3 allows remote attackers to obtain sensitive information ...)
	- phpsysinfo 2.3-3 (bug #301118; unimportant)
CVE-2005-0868 (AS/400 Telnet 5250 terminal emulation clients, as implemented by (1) ...)
	- tn5250 <not-affected> (cannot find STRPCO or STRPCCMD in tn5250)
CVE-2005-0867 (Integer overflow in Linux kernel 2.6 allows local users to overwrite ...)
	- kernel-source-2.4.27 <not-affected> (kernel 2.4 doesn't have sysfs)
	- linux-2.6 <not-affected> (Fixed before upload into archive)
	[sarge] - kernel-source-2.6.8 <not-affected> (Not vulnerable, see #306137)
CVE-2005-0866 (cdrecord before 4:2.0, when DEBUG is enabled, allows local users to ...)
	- cdrtools 4:2.01+01a01-4 (bug #291376; low)
	[sarge] - cdrtools <no-dsa> (Only exploitable in rare debugging mode)
	[woody] - cdrtools <no-dsa> (Only exploitable in rare debugging mode)
CVE-2004-1771 (Scalable OGo (SOGo) 1.0 allows remote authenticated users to bypass ...)
	NOT-FOR-US: Scalable OGo (SOGo)
CVE-2002-1628 (Directory traversal vulnerability in vote.cgi for Mike Spice Mike's ...)
	NOT-FOR-US: Mike Spice Mike's Vote CGI
CVE-2002-1627 (Directory traversal vulnerability in quiz.cgi for Mike Spice Quiz Me! ...)
	NOT-FOR-US: Mike Spice Quiz CGI
CVE-2002-1626 (Directory traversal vulnerability in Mike Spice My Calendar before 1.5 ...)
	NOT-FOR-US: Mike Spice My Calendar
CVE-2002-1625 (Macromedia Flash Player 6 does not terminate connections when the user ...)
	- flashplugin-nonfree 6.0.61.0-1
CVE-2002-1624 (Buffer overflow in Lotus Domino web server before R5.0.10, when ...)
	NOT-FOR-US: Lotus Domino
CVE-2002-1623 (The design of the Internet Key Exchange (IKE) protocol, when using ...)
	NOT-FOR-US: General protocol flaw, cannot be fixed
CVE-2002-1622 (Buffer overflow in certain RPC routines in IBM AIX 4.3 may allow ...)
	NOT-FOR-US: AIX
CVE-2002-1621 (Buffer overflow in the file_comp function in rcp for IBM AIX 4.3.x and ...)
	NOT-FOR-US: AIX
CVE-2002-1620 (Unknown vulnerability in IBM AIX Parallel Systems Support Programs ...)
	NOT-FOR-US: AIX
CVE-2002-1619 (Buffer overflow in the FC client for IBM AIX 4.3.x allows remote ...)
	NOT-FOR-US: AIX
CVE-2005-0865 (Samsung ADSL Modem SMDK8947v1.2 uses default passwords for the (1) ...)
	NOT-FOR-US: Samsung ADSL modems
CVE-2005-0864 (The Boa web server, as used in Samsung ADSL Modem SMDK8947v1.2 and ...)
	NOT-FOR-US: Samsung ASDL modems, Debian's boa has been fixed years ago
CVE-2005-0863 (Cross-site scripting (XSS) vulnerability in PHPOpenChat v3.x allows ...)
	NOT-FOR-US: PHPOpenChat
CVE-2005-0862 (Multiple PHP remote file inclusion vulnerabilities in PHPOpenChat ...)
	NOT-FOR-US: PHPOpenChat
CVE-2005-0861 (Multiple buffer overflows in DeleGate before 8.11.1 may allow ...)
	NOT-FOR-US: Delegate
CVE-2005-0860 (PHP remote file inclusion vulnerability in TRG News Script 3.0 allows ...)
	NOT-FOR-US: TRG News Script
CVE-2005-0859 (PHP remote file inclusion vulnerability in CzarNews 1.13b allows ...)
	NOT-FOR-US: CzarNews
CVE-2005-0858 (Multiple SQL injection vulnerabilities in CoolForum 0.8 and earlier ...)
	NOT-FOR-US: CoolForum
CVE-2005-0857 (Cross-site scripting (XSS) vulnerability in avatar.php for CoolForum ...)
	NOT-FOR-US: CoolForum
CVE-2005-0856 (CoolForum 0.8.1 beta and earlier allows remote attackers to manipulate ...)
	NOT-FOR-US: CoolForum
CVE-2005-0855 (CoolForum 0.8.1 beta and earlier allows remote attackers to obtain ...)
	NOT-FOR-US: CoolForum
CVE-2005-0854 (betaparticle blog (bp blog), posisbly before version 4, allows remote ...)
	NOT-FOR-US: betaparticle blog
CVE-2005-0853 (betaparticle blog (bp blog) stores the database under the web root, ...)
	NOT-FOR-US: betaparticle blog
CVE-2005-0852 (Microsoft Windows XP SP1 allows local users to cause a denial of ...)
	NOT-FOR-US: Microsoft Windows
CVE-2005-0851 (FileZilla FTP server before 0.9.6, when using MODE Z (zlib ...)
	NOT-FOR-US: FileZilla FTP server
CVE-2005-0850 (FileZilla FTP server before 0.9.6 allows remote attackers to cause a ...)
	NOT-FOR-US: FileZilla FTP server
CVE-2005-0849 (Multiple games developed by FUN labs, including 4X4 Off-road Adventure ...)
	NOT-FOR-US: Multiple commercial games by FUN Labs
CVE-2005-0848 (Multiple games developed by FUN labs, including 4X4 Off-road Adventure ...)
	NOT-FOR-US: Multiple commercial games by FUN Labs
CVE-2005-0847 (Code Ocean FTP server 1.0 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Code Ocean FTP Server
CVE-2002-1618 (JFS (JFS3.1 and OnlineJFS) in HP-UX 10.20, 11.00, and 11.04 does not ...)
	NOT-FOR-US: HP-UX
CVE-2002-1617 (Multiple buffer overflows in HP Tru64 UNIX 5.x allow local users to ...)
	NOT-FOR-US: HP Tru64 UNIX
CVE-2002-1616 (Multiple buffer overflows in HP Tru64 UNIX 5.1a, 5.1, 5.0a, 4.0g, and ...)
	NOT-FOR-US: HP Tru64 UNIX
CVE-2002-1615 (Multiple buffer overflows in HP Tru64 UNIX 5.1a, 5.1, 5.0a, 4.0g, and ...)
	NOT-FOR-US: HP Tru64 UNIX
CVE-2002-1614 (Buffer overflow in HP Tru64 UNIX allows local users to execute ...)
	NOT-FOR-US: HP Tru64 UNIX
CVE-2002-1613 (Buffer overflow in ps in HP Tru64 UNIX 5.1a, 5.1, 5.0a, 4.0g, and 4.0f ...)
	NOT-FOR-US: HP Tru64 UNIX
CVE-2002-1612 (Buffer overflow in mailcv in HP Tru64 UNIX 5.1a, 5.1, 5.0a, 4.0g, and ...)
	NOT-FOR-US: HP Tru64 UNIX
CVE-2002-1611 (Buffer overflow in quot in HP Tru64 UNIX 5.1a, 5.1, 5.0a, 4.0g, and ...)
	NOT-FOR-US: HP Tru64 UNIX
CVE-2002-1610 (Unknown vulnerability in ping in HP Tru64 UNIX 5.1a, 5.1, 5.0a, 4.0g, ...)
	NOT-FOR-US: HP Tru64 UNIX
CVE-2002-1609 (Buffer overflow in binmail in HP Tru64 UNIX 5.1a, 5.1, 5.0a, 4.0g, and ...)
	NOT-FOR-US: HP Tru64 UNIX
CVE-2002-1608 (Buffer overflow in traceroute in HP Tru64 UNIX 5.1a, 5.1, 5.0a, 4.0g, ...)
	NOT-FOR-US: HP Tru64 UNIX
CVE-2002-1607 (Buffer overflow in ypmatch in HP Tru64 UNIX 5.1a, 5.1, 5.0a, 4.0g, and ...)
	NOT-FOR-US: HP Tru64 UNIX
CVE-2002-1606 (Multiple buffer overflows in HP Tru64 UNIX 5.1a, 5.1, 5.0a, 4.0g, and ...)
	NOT-FOR-US: HP Tru64 UNIX
CVE-2002-1605 (Buffer overflow in HP Tru64 UNIX 5.1a, 5.1, 5.0a, 4.0g, and 4.0f ...)
	NOT-FOR-US: HP Tru64 UNIX
CVE-2002-1604 (Multiple buffer overflows in HP Tru64 UNIX allow local and possibly ...)
	NOT-FOR-US: HP Tru64 UNIX
CVE-2002-1603 (GoAhead Web Server 2.1.7 and earlier allows remote attackers to obtain ...)
	NOT-FOR-US: GoAhead Web Server
CVE-2002-1602 (Buffer overflow in the Braille module for GNU screen 3.9.11, when ...)
	- screen <not-affected> (HAVE_BRAILLE not set in binary build)
CVE-2005-0846 (Multiple cross-site scripting (XSS) vulnerabilities in the email ...)
	NOT-FOR-US: SurgeMail
CVE-2005-0845 (Directory traversal vulnerability in the Webmail interface in ...)
	NOT-FOR-US: SurgeMail
CVE-2005-0844 (Nortel VPN client 5.01 stores the cleartext password in the memory or ...)
	NOT-FOR-US: Nortel Contivity
CVE-2005-0843 (CRLF injection vulnerability in search.php in Phorum 5.0.14a allows ...)
	NOT-FOR-US: Phorum
CVE-2005-0842 (Cross-site scripting (XSS) vulnerability in index.php in Kayako ...)
	NOT-FOR-US: Kayako eSupport
CVE-2005-0841 (SQL injection vulnerability in (1) people.php, (2) track.php, (3) ...)
	NOT-FOR-US: phpmyfamily
CVE-2005-0840
	REJECTED
CVE-2005-0839 (Linux kernel 2.6 before 2.6.11 does not restrict access to the N_MOUSE ...)
	- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.11)
	[sarge] - kernel-source-2.6.8 2.6.8-16
CVE-2005-0838 (Multiple buffer overflows in the XSL parser for IceCast 2.20 may allow ...)
	- icecast2 <unfixed> (bug #301368; unimportant)
	NOTE: According to upstream a non-issue
CVE-2005-0837 (IceCast 2.20 allows remote attackers to bypass the XSL parser and ...)
	- icecast2 <unfixed> (bug #301368; unimportant)
	NOTE: According to upstream a non-issue
CVE-2005-0836 (Argument injection vulnerability in Java Web Start for J2SE 1.4.2 up ...)
	NOT-FOR-US: Java Web Start for proprietary Sun Java
CVE-2005-0835 (The SNMP service in the Belkin 54G (F5D7130) wireless router allows ...)
	NOT-FOR-US: Belkin 54G router
CVE-2005-0834 (Belkin 54G (F5D7130) wireless router enables SNMP by default in a ...)
	NOT-FOR-US: Belkin 54G router
CVE-2005-0833 (Belkin 54G (F5D7130) wireless router allows remote attackers to access ...)
	NOT-FOR-US: Belkin 54G router
CVE-2005-0832 (Cross-site scripting (XSS) vulnerability in PHP-Post before 0.33 ...)
	NOT-FOR-US: PHP-Post
CVE-2005-0831 (PHP-Post allows remote attackers to spoof the names of other users by ...)
	NOT-FOR-US: PHP-Post
CVE-2005-0830 (Multiple buffer overflows in Xzabite DYNDNSUpdate 0.6.15 and earlier, ...)
	NOT-FOR-US: Xzabite DynDNS Updater
CVE-2005-0829 (Cross-site scripting (XSS) vulnerability in setuser.php of the ...)
	NOT-FOR-US: PHP-Fusion Addon
CVE-2005-0828 (highlight.php in (1) RUNCMS 1.1A, (2) CIAMOS 0.9.2 RC1, (3) e-Xoops ...)
	NOT-FOR-US: e-Xoops based products
CVE-2005-0827 (Viewcat.php in (1) RUNCMS 1.1A, (2) Ciamos 0.9.2 RC1, e-Xoops 1.05 ...)
	NOT-FOR-US: e-Xoops based products
CVE-2005-0826 (OllyDbg 1.10 and earlier allows remote attackers to cause a denial of ...)
	NOT-FOR-US: OllyDbg MS Windows debugger
CVE-2005-0825 (Buffer overflow in LTris before 1.0.10 allows local users to execute ...)
	- ltris 1.0.6-1.1 (bug #291620)
CVE-2005-0824 (The internal_dump function in Mathopd before 1.5p5, and 1.6x before ...)
	- mathopd 1.5p5-1
CVE-2001-1433 (Cherokee web server before 0.2.7 does not properly drop root ...)
	NOT-FOR-US: Cherokee
CVE-2001-1432 (Directory traversal vulnerability in Cherokee Web Server allows remote ...)
	NOT-FOR-US: Cherokee
CVE-2001-1431 (Nokia Firewall Appliances running IPSO 3.3 and VPN-1/FireWall-1 4.1 ...)
	NOT-FOR-US: Nokia Firewall appliances
CVE-2001-1430 (Cayman 3220-H DSL Router 1.0 ship without a password set, which allows ...)
	NOT-FOR-US: Cayman DSL router
CVE-2001-1429 (Buffer overflow in mcedit in Midnight Commander 4.5.1 allows local ...)
	NOTE: I could track this down to this posting
	NOTE: http://cert.uni-stuttgart.de/archive/vuln-dev/2001/11/msg00104.html
	NOTE: This looks very obscure an does not contain useful information on how this
	NOTE: was triggered and even then it's not a problem, as mcedit usage does not
	NOTE: have a remote impact and is not suid
CVE-2001-1428 (The (1) FTP and (2) Telnet services in Beck GmbH IPC@Chip are shipped ...)
	NOT-FOR-US: IPC@CHIP Embedded web server
CVE-2001-1427 (Unknown vulnerability in ColdFusion Server 2.0 through 4.5.1 SP2 ...)
	NOT-FOR-US: ColdFusion
CVE-2001-1426 (Alcatel Speed Touch running firmware KHDSAA.108 and KHDSAA.132 through ...)
	NOT-FOR-US: Alcatel Speed Touch
CVE-2001-1425 (The challenge-response authentication of the EXPERT user for Alcatel ...)
	NOT-FOR-US: Alcatel Speed Touch
CVE-2001-1424 (Alcatel Speed Touch ADSL modem running firmware KHDSAA.108, ...)
	NOT-FOR-US: Alcatel Speed Touch
CVE-2005-XXXX [Various /tmp related security issues in cernlib]
	- cernlib 2004.11.04-3
CVE-2005-0823 (ThePoolClub (1) iPool and (2) iSnooker 1.6.81 and earlier stores ...)
	NOT-FOR-US: iSnooker
CVE-2005-0822 (Citrix Metaframe Password Manager 2.5 and earlier stores a password in ...)
	NOT-FOR-US: Citrix
CVE-2005-0821 (Unknown vulnerability in Citrix MetaFrame Conferencing Manager 3.0 ...)
	NOT-FOR-US: Citrix
CVE-2005-0820 (Microsoft Office InfoPath 2003 SP1 includes sensitive information in ...)
	NOT-FOR-US: MS Office
CVE-2005-0819 (The xvesa code in Novell Netware 6.5 SP2 and SP3 allows remote ...)
	NOT-FOR-US: Novell Netware
CVE-2005-0818 (Cross-site scripting (XSS) vulnerability in PunBB 1.2.3 allows remote ...)
	NOT-FOR-US: Pun BB
CVE-2005-0817 (Unknown vulnerability in the DNSd proxy, as used in Symantec Gateway ...)
	NOT-FOR-US: Symantec Gateway
CVE-2005-0816 (Buffer overflow in newgrp in Solaris 7 through 9 allows local users to ...)
	NOT-FOR-US: Solaris
CVE-2005-0815 (Multiple &quot;range checking flaws&quot; in the ISO9660 filesystem handler in ...)
	- kernel-source-2.4.27 2.4.27-10 (bug #300783; medium)
	- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.12-rc1)
	[sarge] - kernel-source-2.6.8 2.6.8-16
CVE-2005-0814 (Unknown vulnerability in lshd in Lysator LSH 1.x and 2.x before 2.0.1 ...)
	{DSA-717-1}
	- lsh-utils 2.0.1-1
CVE-2005-0813 (Buffer overflow in Initial Redirect (ir) Squid Proxy Plug-In 0.1 and ...)
	NOT-FOR-US: ir
CVE-2005-0812 (The web interface in NotifyLink 3.0 displays passwords in cleartext on ...)
	NOT-FOR-US: NotifyLink
CVE-2005-0811 (The web interface in NotifyLink 3.0 does not properly restrict access ...)
	NOT-FOR-US: NotifyLink
CVE-2005-0810 (SQL injection vulnerability in NotifyLink before 3.0 allows remote ...)
	NOT-FOR-US: NotifyLink
CVE-2005-0809 (NotifyLink, when configured for client key retrieval, allows remote ...)
	NOT-FOR-US: NotifyLink
CVE-2005-0808 (Apache Tomcat before 5.x allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Does not affect Tomcat 4.x according to http://www.securityfocus.com/bid/12795/info/
CVE-2005-0807 (Multiple buffer overflows in Cain &amp; Abel before 2.67 allow remote ...)
	NOT-FOR-US: Cain &amp; Abel
CVE-2005-0806 (Evolution 2.0.3 allows remote attackers to cause a denial of service ...)
	- evolution 2.0.4-2
CVE-2005-0805 (SQL injection vulnerability in index.php in Subdreamer Light, when ...)
	NOT-FOR-US: Subdreamer
CVE-2005-0804 (Format string vulnerability in MailEnable 1.8 allows remote attackers ...)
	NOT-FOR-US: MailEnable
CVE-2005-0803 (The GetEnhMetaFilePaletteEntries API in GDI32.DLL in Windows 2000 ...)
	NOT-FOR-US: Windows
CVE-2005-0802 (Cross-site scripting (XSS) vulnerability in search.asp in ACS Blog 0.8 ...)
	NOT-FOR-US: ACS Blog
CVE-2005-0801 (Directory traversal vulnerability in includer.cgi in The Includer ...)
	NOT-FOR-US: The Includer
CVE-2005-0800 (PHP remote file inclusion vulnerability in install.php in mcNews 1.3 ...)
	NOT-FOR-US: mcNews
CVE-2005-0799 (MySQL 4.1.9, and possibly earlier versions, allows remote attackers ...)
	NOT-FOR-US: MySQL on Windows
CVE-2005-0798 (Novell iChain Mini FTP Server 2.3, and possibly earlier versions, does ...)
	NOT-FOR-US: Novell iChain
CVE-2005-0797 (Novell iChain Mini FTP Server 2.3 displays different error messages ...)
	NOT-FOR-US: Novell iChain
CVE-2005-0796 (Directory traversal vulnerability in HolaCMS 1.4.9-1 allows remote ...)
	NOT-FOR-US: Hola CMS
CVE-2005-0795 (HolaCMS 1.4.9 does not restrict file access to the holaDB/votes ...)
	NOT-FOR-US: Hola CMS
CVE-2005-0794 (ZPanel 2.0 and 2.5 beta 10 does not remove or protect installation ...)
	NOT-FOR-US: ZPanel
CVE-2005-0793 (PHP remote file inclusion vulnerability in zpanel.php in ZPanel allows ...)
	NOT-FOR-US: ZPanel
CVE-2005-0792 (SQL injection vulnerability in ZPanel 2.0 allows remote attackers to ...)
	NOT-FOR-US: ZPanel
CVE-2005-0791 (Cross-site scripting (XSS) vulnerability in adframe.php in phpAdsNew ...)
	NOT-FOR-US: phpAdsNew
CVE-2005-0790 (phpAdsNew 2.0.4 allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: phpAdsNew
CVE-2005-0786 (SQL injection vulnerability in gb_new.inc in SimpGB allows remote ...)
	NOT-FOR-US: SimpGB
CVE-2005-0785 (Cross-site scripting (XSS) vulnerability in usersrecentposts in YaBB ...)
	NOT-FOR-US: YaBB
CVE-2005-0784 (Multiple cross-site scripting (XSS) vulnerabilities in Phorum before ...)
	NOT-FOR-US: Phorum
CVE-2005-0783 (Cross-site scripting (XSS) vulnerability in Phorum before 5.0.14a ...)
	NOT-FOR-US: Phorum
CVE-2005-0782 (Cross-site scripting (XSS) vulnerability in (1) viewall.php and (2) ...)
	NOT-FOR-US: paFileDB
CVE-2005-0781 (SQL injection vulnerability in (1) viewall.php and (2) category.php in ...)
	NOT-FOR-US: paFileDB
CVE-2005-0780 (paFileDB 3.1 and earlier allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: paFileDB
CVE-2005-0779 (PlatinumFTP 1.0.18, and possibly earlier versions, allows remote ...)
	NOT-FOR-US: PlatinumFTP
CVE-2005-0778 (PhotoPost PHP 5.0 RC3 does not fully verify that an uploaded file is ...)
	NOT-FOR-US: PhotoPost
CVE-2005-0777 (Multiple cross-site scripting (XSS) vulnerabilities in PhotoPost PHP ...)
	NOT-FOR-US: PhotoPost
CVE-2005-0776 (adm-photo.php in PhotoPost PHP 5.0 RC3 does not properly verify ...)
	NOT-FOR-US: PhotoPost
CVE-2005-0775 (The reportpost action in misc.php for PhotoPost PHP 5.0 RC3 does not ...)
	NOT-FOR-US: PhotoPost
CVE-2005-0774 (SQL injection vulnerability in member.php and possibly other scripts ...)
	NOT-FOR-US: PhotoPost
CVE-2005-0773 (Stack-based buffer overflow in VERITAS Backup Exec Remote Agent 9.0 ...)
	NOT-FOR-US: VERITAS Backup Exec
CVE-2005-0772 (VERITAS Backup Exec 9.0 through 10.0 for Windows Servers, and 9.0.4019 ...)
	NOT-FOR-US: VERITAS Backup Exec
CVE-2005-0771 (VERITAS Backup Exec Server (beserver.exe) 9.0 through 10.0 for Windows ...)
	NOT-FOR-US: VERITAS Backup Exec
CVE-2005-0770 (Format string vulnerability in DataRescue Interactive Disassembler and ...)
	NOT-FOR-US: IDA Pro
CVE-2005-0768 (Buffer overflow in the administration web server for GoodTech Telnet ...)
	NOT-FOR-US: GoodTech Telnet Server
CVE-2005-0767 (Race condition in the Radeon DRI driver for Linux kernel 2.6.8.1 ...)
	- kernel-source-2.6.8 2.6.8-15
CVE-2005-0766 (Unknown vulnerability in the sFlow dissector in Ethereal 0.9.14 ...)
	- ethereal 0.10.10-1
CVE-2005-0765 (Unknown vulnerability in the JXTA dissector in Ethereal 0.10.9 allows ...)
	- ethereal 0.10.10-1
CVE-2005-0764 (Buffer overflow in command.C for rxvt-unicode before 5.3 allows remote ...)
	- rxvt-unicode 5.3-1
CVE-2005-0763 (Buffer overflow in Midnight Commander (mc) 4.5.55 and earlier may ...)
	{DSA-698-1}
	- mc 1:4.6.0-4.6.1-pre3-1
	NOTE: Sarge-specific regression correcting a previous DSA.
CVE-2005-0762 (Heap-based buffer overflow in the SGI parser in ImageMagick before 6.0 ...)
	{DSA-702-1}
	- imagemagick 5:6.0.0-1
	NOTE: Does only affect imagemagick releases prior to 6
CVE-2005-0761 (Unknown vulnerability in ImageMagick before 6.1.8 allows remote ...)
	- imagemagick 5:6.0.2.5 (bug #301110)
CVE-2005-0760 (The TIFF decoder in ImageMagick before 6.0 allows remote attackers to ...)
	{DSA-702-1}
	- imagemagick 5:6.0.0-1
	NOTE: Does only affect imagemagick releases prior to 6
CVE-2005-0759 (ImageMagick before 6.0 allows remote attackers to cause a denial of ...)
	{DSA-702-1}
	- imagemagick 5:6.0.0-1
	NOTE: Does only affect imagemagick releases prior to 6
CVE-2005-0758 (zgrep in gzip before 1.3.5 does not properly sanitize arguments, which ...)
	NOTE: see http://bugs.gentoo.org/show_bug.cgi?id=90626
	- gzip 1.3.5-10 (low)
	- bzip2 1.0.2-8.1 (bug #321286; low)
	[sarge] - bzip2 <no-dsa> (Minor issue)
CVE-2005-0757 (The xattr file system code, as backported in Red Hat Enterprise Linux ...)
	{DSA-922-1 DSA-921-1}
	- kernel-source-2.4.27 2.4.27-11 (bug #311164)
	- linux-2.6 <not-affected> (Fixed before upload in archive)
CVE-2005-0756 (ptrace in Linux kernel 2.6.8.1 does not properly verify addresses on ...)
	{DSA-922-1 DSA-921-1}
	- kernel-source-2.4.27 2.4.27-11 (medium)
	- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.12-rc5)
CVE-2005-0755 (Heap-based buffer overflow in RealPlayer 10 and earlier, Helix Player ...)
	- helix-player 1.0.4-1
CVE-2005-0754 (Kommander in KDE 3.2 through KDE 3.4.0 executes data files without ...)
	- kdewebdev 1:3.3.2-6
CVE-2005-0753 (Buffer overflow in CVS before 1.11.20 allows remote attackers to ...)
	{DSA-742-1}
	- cvs 1:1.12.9-13
CVE-2005-0752 (The Plugin Finder Service (PFS) in Firefox before 1.0.3 allows remote ...)
	- mozilla-firefox 1.0.3-1
CVE-2005-0751
	REJECTED
CVE-2005-0750 (The bluez_sock_create function in the Bluetooth stack for Linux kernel ...)
	- kernel-source-2.4.27 2.4.27-10
	[sarge] - kernel-source-2.6.8 2.6.8-16
	- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.11.5)
CVE-2005-0749 (The load_elf_library in the Linux kernel before 2.6.11.6 allows local ...)
	[sarge] - kernel-source-2.6.8 2.6.8-16
	- kernel-source-2.4.27 2.4.27-10
	- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.11.6)
CVE-2003-1131 (PHP remote file inclusion vulnerability in index.php in ...)
	NOT-FOR-US: ActiveCampaign KnowledgeBuilder
CVE-2002-1601 (The Connectables feature in Adobe PhotoDeluxe 3.1 prepends the Adobe ...)
	NOT-FOR-US: Adobe PhotoDeluxe
CVE-2001-1423 (Advanced Poll before 1.61, when using a flat file database, allows ...)
	NOT-FOR-US: Advanced Poll
CVE-2001-1422 (WinVNC 3.3.3 and earlier generates the same challenge string for ...)
	NOT-FOR-US: WinVNC
CVE-2001-1421 (AOL Instant Messenger (AIM) 4.7 and earlier allows remote attackers to ...)
	NOT-FOR-US: AOL Instant Messenger
CVE-2001-1420 (AOL Instant Messenger (AIM) 4.7 allows remote attackers to cause a ...)
	NOT-FOR-US: AOL Instant Messenger
CVE-2001-1419 (AOL Instant Messenger (AIM) 4.7.2480 and earlier allows remote ...)
	NOT-FOR-US: AOL Instant Messenger
CVE-2001-1418 (AOL Instant Messenger (AIM) 4.7 allows remote attackers to cause a ...)
	NOT-FOR-US: AOL Instant Messenger
CVE-2001-1417 (AOL Instant Messenger (AIM) 4.7 allows remote attackers to cause a ...)
	NOT-FOR-US: AOL Instant Messenger
CVE-2001-1416 (Multiple cross-site scripting (XSS) vulnerabilities in the log ...)
	NOT-FOR-US: AOL Instant Messenger
CVE-2001-1415 (vi.recover in OpenBSD before 3.1 allows local users to remove ...)
	NOT-FOR-US: no_package
	NOTE: Debian's nvi recover script is very different
CVE-2005-XXXX [Connection related DoS possibility in OmniORB 4]
	- omniorb4 4.0.5-2
CVE-2005-0789 (Directory traversal vulnerability in LimeWire 3.9.6 through 4.6.0 ...)
	NOT-FOR-US: not part of Woody, has been removed from sarge/sid
CVE-2005-0788 (LimeWire 4.1.2 through 4.5.6 allows remote attackers to read arbitrary ...)
	NOT-FOR-US: Limewire has been removed from Sarge and sid, was never part of stable
CVE-2005-0787 (Wine 20050211 and earlier creates temp files with world readable ...)
	- wine 0.0.20050310-1.1
CVE-2005-0769 (Multiple buffer overflows in OpenSLP before 1.1.5 allow remote ...)
	- openslp 1.0.11a-2
CVE-2005-0748 (PHP remote file inclusion vulnerability in initdb.php for WEBInsta ...)
	NOT-FOR-US: WEBInsta
CVE-2005-0747 (ApplyYourself i-Class allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: ApplyYourself
CVE-2005-0746 (The Mini FTP server in Novell iChain 2.2 and 2.3 SP2 and earlier ...)
	NOT-FOR-US: Novell iChain
CVE-2005-0745 (UTStarcom iAN-02EX VoIP Analog Terminal Adaptor (ATA) allows local ...)
	NOT-FOR-US: UTStarcom iAN-02EX VoIP Analog Terminal Adaptor
CVE-2005-0744 (The web GUI for Novell iChain 2.2 and 2.3 SP2 and SP3 allows attackers ...)
	NOT-FOR-US: Novell iChain
CVE-2005-0743 (The custom avatar uploading feature (uploader.php) for XOOPS 2.0.9.2 ...)
	NOT-FOR-US: Xoops
CVE-2005-0742 (Cross-site scripting (XSS) vulnerability in Sun Java System ...)
	NOT-FOR-US: Sun Java System Application Server
CVE-2005-0741 (Cross-site scripting (XSS) vulnerability in YaBB.pl for YaBB 2.0 RC1 ...)
	NOT-FOR-US: YaBB
CVE-2005-0740 (The TCP stack (tcp_input.c) in OpenBSD 3.5 and 3.6 allows remote ...)
	NOT-FOR-US: OpenBSD
CVE-2005-0739 (The IAPP dissector (packet-iapp.c) for Ethereal 0.9.1 to 0.10.9 does ...)
	{DSA-718-1}
	- ethereal 0.10.10-1
CVE-2005-0738 (Stack consumption vulnerability in Microsoft Exchange Server 2003 SP1 ...)
	NOT-FOR-US: Microsoft
CVE-2005-0737 (Buffer overflow in Yahoo! Messenger allows remote attackers to execute ...)
	NOT-FOR-US: Yahoo Messenger
CVE-2005-0736 (Integer overflow in sys_epoll_wait in eventpoll.c for Linux kernel 2.6 ...)
	- kernel-source-2.4.27 <not-affected> (There is no epoll in kernel 2.4)
	- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.11.1)
	[sarge] - kernel-source-2.6.8 2.6.8-14
CVE-2005-0735 (newsscript.pl for NewsScript allows remote attachers to gain ...)
	NOT-FOR-US: newsscript
CVE-2005-0734 (PY Software Active Webcam WebServer (webcam.exe) 5.5 allows remote ...)
	NOT-FOR-US: PY Software Active Webcam WebServer
CVE-2005-0733 (PY Software Active Webcam WebServer (webcam.exe) 5.5 allows remote ...)
	NOT-FOR-US: PY Software Active Webcam WebServer
CVE-2005-0732 (PY Software Active Webcam WebServer (webcam.exe) 5.5 allows remote ...)
	NOT-FOR-US: PY Software Active Webcam WebServer
CVE-2005-0731 (PY Software Active Webcam WebServer (webcam.exe) 5.5 allows remote ...)
	NOT-FOR-US: PY Software Active Webcam WebServer
CVE-2005-0730 (PY Software Active Webcam WebServer (webcam.exe) 5.5 allows remote ...)
	NOT-FOR-US: PY Software Active Webcam WebServer
CVE-2005-0729 (Format string vulnerability in Xpand Rally 1.1.0.0 and earlier allows ...)
	NOT-FOR-US: Xpand Rally
CVE-2005-0728
	REJECTED
CVE-2005-0727
	REJECTED
CVE-2005-0726 (SQL injection vulnerability in editpost.php in UBB.threads 6.0 allows ...)
	NOT-FOR-US: UBB.threads
CVE-2005-0725 (SQL injection vulnerability in the getAllbyArticle function in ...)
	NOT-FOR-US: wfsections
CVE-2005-0724 (paFileDB 3.1 and earlier allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: paFileDB
CVE-2005-0723 (Cross-site scripting (XSS) vulnerability in the jumpmenu function in ...)
	NOT-FOR-US: paFileDB
CVE-2005-0722 (eXPerience2 allows remote attackers to obtain the full path for the ...)
	NOT-FOR-US: eXPerience2
CVE-2005-0721 (PHP remote file inclusion vulnerability in modules.php in eXPerience2 ...)
	NOT-FOR-US: eXPerience2
CVE-2005-0720 (PHP remote file inclusion vulnerability in admin/header.php in PHP ...)
	NOT-FOR-US: mcNews
CVE-2005-0719 (Unknown vulnerability in the systems message queue in HP Tru64 Unix ...)
	NOT-FOR-US: Tru64
CVE-2005-0718 (Squid 2.5.STABLE7 and earlier allows remote attackers to cause a ...)
	- squid 2.5.8 (bug #305605)
CVE-2005-0717
	RESERVED
CVE-2005-0716 (Stack-based buffer overflow in the Core Foundation Library in Mac OS X ...)
	NOT-FOR-US: Mac OS
CVE-2005-0715 (AFP Server in Mac OS X before 10.3.8 uses insecure permissions for ...)
	NOT-FOR-US: Mac OS
CVE-2005-0714
	REJECTED
CVE-2005-0713 (The Bluetooth Setup Assistant for Mac OS X before 10.3.8 can be ...)
	NOT-FOR-US: Mac OS
CVE-2005-0712 (Mac OS X before 10.3.8 users world-writable permissions for certain ...)
	NOT-FOR-US: Mac OS
CVE-2005-0711 (MySQL 4.0.23 and earlier, and 4.1.x up to 4.1.10, uses predictable ...)
	{DSA-707-1}
	- mysql-dfsg 4.0.24
	- mysql-dfsg-4.1 4.1.10a
CVE-2005-0710 (MySQL 4.0.23 and earlier, and 4.1.x up to 4.1.10, allows remote ...)
	{DSA-707-1}
	- mysql-dfsg 4.0.24
	- mysql-dfsg-4.1 4.1.10a
CVE-2005-0709 (MySQL 4.0.23 and earlier, and 4.1.x up to 4.1.10, allows remote ...)
	{DSA-707-1}
	- mysql-dfsg 4.0.24
	- mysql-dfsg-4.1 4.1.10a
CVE-2005-0708 (The sendfile system call in FreeBSD 4.8 through 4.11 and 5 through 5.4 ...)
	NOT-FOR-US: FreeBSD
CVE-2003-1130
	REJECTED
CVE-2003-1129 (Buffer overflow in the Yahoo! Audio Conferencing (aka Voice Chat) ...)
	NOT-FOR-US: Yahoo Audio Conferencing ActiveX control
CVE-2003-1128 (XMMS.pm in X2 XMMS Remote, as obtained from the vendor server between ...)
	NOT-FOR-US: X2 XMMS Remote
CVE-2003-1127 (Whale Communications e-Gap 2.5 on Windows 2000 allows remote attackers ...)
	NOT-FOR-US: e-Gap
CVE-2003-1126 (Unknown vulnerability in SunOne/iPlanet Web Server SP3 through SP5 on ...)
	NOT-FOR-US: SunOne/iPlanet
CVE-2003-1125 (Unknown vulnerability in ns-ldapd for Sun ONE Directory Server 4.16, ...)
	NOT-FOR-US: SunOne
CVE-2003-1124 (Unknown vulnerability in Sun Management Center (SunMC) 2.1.1, 3.0, and ...)
	NOT-FOR-US: Sun Management Center
CVE-2003-1123 (Sun Java Runtime Environment (JRE) and SDK 1.4.0_01 and earlier allows ...)
	NOT-FOR-US: Sun JRE
CVE-2003-1122 (ScriptLogic 4.01, and possibly other versions before 4.14, uses ...)
	NOT-FOR-US: ScriptLogic
CVE-2003-1121 (Services in ScriptLogic 4.01, and possibly other versions before 4.14, ...)
	NOT-FOR-US: ScriptLogic
CVE-2003-1120 (Race condition in SSH Tectia Server 4.0.3 and 4.0.4 for Unix, when the ...)
	NOT-FOR-US: SSH Tectia Server
CVE-2003-1119 (SSH Secure Shell before 3.2.9 allows remote attackers to cause a ...)
	- openssh <not-affected>
CVE-2003-1118 (Buffer overflow in the SETI@home client 3.03 and other versions allows ...)
	- setiathome 3.04
CVE-2003-1117 (Buffer overflow in RealSystem Server 6.x, 7.x and 8.x, and RealSystem ...)
	NOT-FOR-US: RealSystem Server
CVE-2003-1116 (The communications protocol for the Report Review Agent (RRA), aka FND ...)
	NOT-FOR-US: Oracle E-Business Suite
CVE-2003-1115 (The Session Initiation Protocol (SIP) implementation in Nortel ...)
	NOT-FOR-US: Nortel Networks Succession Communication Server
CVE-2003-1114 (The Session Initiation Protocol (SIP) implementation in Mediatrix ...)
	NOT-FOR-US: Mediatrix Telecom VoIP Access Devices and Gateways
CVE-2003-1113 (The Session Initiation Protocol (SIP) implementation in IPTel SIP ...)
	NOT-FOR-US: IPTel SIP Express Router
CVE-2003-1112 (The Session Initiation Protocol (SIP) implementation in Ingate ...)
	NOT-FOR-US: Ingate Firewall and Ingate SIParator
CVE-2003-1111 (The Session Initiation Protocol (SIP) implementation in multiple ...)
	NOT-FOR-US: dynamicsoft
CVE-2003-1110 (The Session Initiation Protocol (SIP) implementation in Columbia SIP ...)
	NOT-FOR-US: Columbia SIP User Agent
CVE-2003-1109 (The Session Initiation Protocol (SIP) implementation in multiple Cisco ...)
	NOT-FOR-US: Cisco
CVE-2003-1108 (The Session Initiation Protocol (SIP) implementation in Alcatel ...)
	NOT-FOR-US: Alcatel
CVE-2003-1107 (The DHTML capability in Microsoft Windows Media Player (WMP) 6.4, 7.0, ...)
	NOT-FOR-US: Microsoft
CVE-2003-1106 (The SMTP service in Microsoft Windows 2000 before SP4 allows remote ...)
	NOT-FOR-US: Microsoft
CVE-2003-1105 (Unknown vulnerability in Internet Explorer 5.01 SP3 through 6.0 SP1 ...)
	NOT-FOR-US: MSIE
CVE-2003-1104 (Buffer overflow in IBM Tivoli Firewall Toolbox (TFST) 1.2 allows ...)
	NOT-FOR-US: IBM Tivoli Firewall Toolbox
CVE-2003-1103 (SQL injection vulnerability in loginact.asp for Hummingbird CyberDOCS ...)
	NOT-FOR-US: Hummingbird CyberDOCS
CVE-2003-1102 (Hummingbird CyberDOCS 3.5, 3.9, and 4.0, when running on IIS, uses ...)
	NOT-FOR-US: Hummingbird CyberDOCS
CVE-2003-1101 (Hummingbird CyberDOCS 3.5.1, 3.9, and 4.0 allows remote attackers to ...)
	NOT-FOR-US: Hummingbird CyberDOCS
CVE-2003-1100 (Multiple cross-site scripting (XSS) vulnerabilities in Hummingbird ...)
	NOT-FOR-US: Hummingbird CyberDOCS
CVE-2003-1099 (shar on HP-UX B.11.00, B.11.04, and B.11.11 creates temporary files ...)
	NOT-FOR-US: shar on HP-UX
CVE-2003-1098 (The Xserver for HP-UX 11.22 was not properly built, which introduced a ...)
	NOT-FOR-US: HP-UX)
CVE-2003-1097 (Buffer overflow in rexec on HP-UX B.10.20, B.11.00, and B.11.04, when ...)
	NOT-FOR-US: HP-UX)
CVE-2002-1600 (Directory traversal vulnerability in Mike Spice's My Classifieds ...)
	NOT-FOR-US: Mike Spice's My Classifieds
CVE-2002-1599 (DansGuardian before 2.4.5-1 allows remote attackers to bypass content ...)
	- dansguardian 2.4.5-1
CVE-2002-1598 (Buffer overflows in Computer Associates MLink (CA-MLink) 6.5 and ...)
	NOT-FOR-US: Computer Associates MLink
CVE-2002-1597 (Cisco SN 5420 Storage Router 1.1(5) and earlier allows remote ...)
	NOT-FOR-US: Cisco
CVE-2002-1596 (Cisco SN 5420 Storage Router 1.1(5) and earlier allows remote ...)
	NOT-FOR-US: Cisco
CVE-2002-1595 (Cisco SN 5420 Storage Router 1.1(5) and earlier allows attackers to ...)
	NOT-FOR-US: Cisco
CVE-2002-1594 (Buffer overflow in (1) grpck and (2) pwck, if installed setuid on a ...)
	- shadow <not-affected> (Debian's pwck and grpck do not overflow and are not suid)
CVE-2002-1593 (mod_dav in Apache before 2.0.42 does not properly handle versioning ...)
	- apache2 2.0.42
CVE-2002-1592 (The ap_log_rerror function in Apache 2.0 through 2.035, when a CGI ...)
	- apache2 2.0.36
CVE-2002-1591 (AOL Instant Messenger (AIM) 4.7.2480 adds free.aol.com to the Trusted ...)
	NOT-FOR-US: AIM in MSIE
CVE-2005-0707 (Buffer overflow in the IMAP daemon (IMAP4d32.exe) for Ipswitch ...)
	NOT-FOR-US: Ipswitch Collaboration Suite
CVE-2005-0706 (Buffer overflow in discdb.c for grip 3.1.2 allows attackers to cause a ...)
	[sarge] - gnome-vfs2 <not-affected> (does not install the module with the vulnerable code)
	- grip 3.2.0-4 (low)
	- libcdaudio 0.99.9-2.1 (bug #304799; low)
	- gnome-vfs 1.0.5-5.1 (bug #305163; low)
	- gnome-vfs2 2.10.1-3
CVE-2005-0705 (The GPRS-LLC dissector in Ethereal 0.10.7 through 0.10.9, with the ...)
	- ethereal 0.10.10-1
CVE-2005-0704 (Buffer overflow in the Etheric dissector in Ethereal 0.10.7 through ...)
	- ethereal 0.10.10-1
CVE-2004-1770 (The login page for cPanel 9.1.0, and possibly other versions, allows ...)
	NOT-FOR-US: not our cpanel
CVE-2004-1769 (The &quot;Allow cPanel users to reset their password via email&quot; feature in ...)
	NOT-FOR-US: not our cpanel
CVE-2004-1768 (The character converters in the Spamhunter and Language ID modules for ...)
	NOT-FOR-US: Symantec Brightmail AntiSpam
CVE-2004-1767 (The kernel in Solaris 2.6, 7, 8, and 9 allows local users to gain ...)
	NOT-FOR-US: Solaris
CVE-2004-1766 (The default installation of NetScreen-Security Manager before Feature ...)
	NOT-FOR-US: NetScreen-Security Manager
CVE-2004-1765 (Off-by-one buffer overflow in ModSecurity (mod_security) 1.7.4 for ...)
	- libapache-mod-security <not-affected> (only seems to affect 1.7.4, not the newer branch in Debian)
CVE-2004-1764 (Buffer overflow in CDE libDtSvc on HP-UX B.11.00, B.11.04, B.11.11, ...)
	NOT-FOR-US: HP-UX
CVE-2004-1763 (Buffer overflow in hsrun.exe for HAHTsite Scenario Server 5.1 Patch 06 ...)
	NOT-FOR-US: hsrun.exe
CVE-2004-1762 (Unknown vulnerability in F-Secure Anti-Virus (FSAV) 4.52 for Linux ...)
	NOT-FOR-US: F-Secure Anti-Virus
CVE-2004-1761 (Unknown vulnerability in Ethereal 0.8.13 to 0.10.2 allows attackers to ...)
	- ethereal 0.10.3
CVE-2004-1760 (The default installation of Cisco voice products, when running the IBM ...)
	NOT-FOR-US: Cisco
CVE-2004-1759 (Cisco voice products, when running the IBM Director Agent on IBM ...)
	NOT-FOR-US: Cisco
CVE-2004-1758 (BEA WebLogic Server and WebLogic Express version 8.1 up to SP2, 7.0 up ...)
	NOT-FOR-US: BEA WebLogic Server
CVE-2004-1757 (BEA WebLogic Server and Express 8.1, SP1 and earlier, stores the ...)
	NOT-FOR-US: BEA WebLogic Server
CVE-2004-1756 (BEA WebLogic Server and WebLogic Express 8.1 SP2 and earlier, and 7.0 ...)
	NOT-FOR-US: BEA WebLogic Server
CVE-2004-1755 (The Web Services fat client for BEA WebLogic Server and Express 7.0 ...)
	NOT-FOR-US: BEA WebLogic Server
CVE-2003-1096 (The Cisco LEAP challenge/response authentication mechanism uses ...)
	NOT-FOR-US: Cisco
CVE-2003-1095 (BEA WebLogic Server and Express 7.0 and 7.0.0.1, when using &quot;memory&quot; ...)
	NOT-FOR-US: BEA WebLogic Server
CVE-2003-1094 (BEA WebLogic Server and Express version 7.0 SP3 may follow certain ...)
	NOT-FOR-US: BEA WebLogic Server
CVE-2003-1093 (BEA WebLogic Server 6.1, 7.0 and 7.0.0.1, when routing messages to a ...)
	NOT-FOR-US: BEA WebLogic Server
CVE-2003-1092 (Unknown vulnerability in the &quot;Automatic File Content Type Recognition ...)
	- file 3.4.1
CVE-2003-1091 (Integer overflow in MP3Broadcaster for Apple QuickTime/Darwin ...)
	NOT-FOR-US: Apple QuickTime/Darwin Streaming Server
CVE-2003-1090 (Buffer overflow in AbsoluteTelnet before 2.12 RC10 allows remote ...)
	NOT-FOR-US: AbsoluteTelnet
CVE-2005-0703 (Xerox MicroServer Web Server for various WorkCentre products including ...)
	NOT-FOR-US: Xerox MicroServer Web Server
CVE-2005-0702 (SQL injection vulnerability in phpMyFAQ 1.4 and 1.5 allows remote ...)
	NOT-FOR-US: phpMyFAQ
CVE-2005-0701 (Directory traversal vulnerability in Oracle Database Server 8i and 9i ...)
	NOT-FOR-US: Oracle
CVE-2005-0700 (The export_index action in myadmin.php for Aztek Forum 4.0 allows ...)
	NOT-FOR-US: Aztek
CVE-2005-0699 (Multiple buffer overflows in the dissect_a11_radius function in the ...)
	- ethereal 0.10.9-2
CVE-2005-0698 (PHP remote file inclusion vulnerability in PHPWebLog 0.5.3 and earlier ...)
	NOT-FOR-US: PHPWebLog
CVE-2005-0697 (SQL injection vulnerability in the process_picture function ...)
	NOT-FOR-US: CopperExport
CVE-2005-0696 (Buffer overflow in ArGoSoft FTP Server 1.4.2.8 allows remote ...)
	NOT-FOR-US: ArGoSoft
CVE-2005-0695 (The password recovery feature (forgotpassword.asp) in Hosting ...)
	NOT-FOR-US: Hosting Controller
CVE-2005-0694 (Hosting Controller 6.1 Hotfix 1.7 and earlier stores log files under ...)
	NOT-FOR-US: Hosting Controller
CVE-2005-0693 (Buffer overflow in JoWood Chaser 1.50 and earlier allows remote ...)
	NOT-FOR-US: JoWood Chaser (for Windows)
CVE-2005-0692 (Cross-site scripting (XSS) vulnerability in fusion_core.php for ...)
	NOT-FOR-US: PHP-Fusion
CVE-2005-0691 (PHP remote file inclusion vulnerability in article mode for ...)
	NOT-FOR-US: SocialMPN
CVE-2005-0690 (Gene6 FTP Server does not properly restrict access to the control ...)
	NOT-FOR-US: Gene6 FTP Server for Win
CVE-2005-0689 (includer.cgi in The Includer allows remote attackers to execute ...)
	NOT-FOR-US: The Includer
CVE-2005-0688 (Windows Server 2003 and XP SP2, with Windows Firewall turned off, ...)
	NOT-FOR-US: Windows
CVE-2005-0687 (Format string vulnerability in Hashcash 1.16 allows remote attackers ...)
	- hashcash 1.17-1
CVE-2005-0686 (Integer overflow in mlterm 2.5.0 through 2.9.1, with gdk-pixbuf ...)
	- mlterm 2.9.2 (bug #298621)
CVE-2005-0685 (Multiple access validation errors in OutStart Participate Enterprise ...)
	NOT-FOR-US: OutStart Participate Enterprise
CVE-2005-0684 (Multiple buffer overflows in the web tool for MySQL MaxDB before ...)
	- maxdb-7.5.00 7.5.00.24-3
CVE-2005-0683
	REJECTED
CVE-2005-0682 (Cross-site scripting (XSS) vulnerability in common.inc in Drupal ...)
	- drupal 4.5.2
CVE-2005-0681 (Nokia Symbian 60 allows remote attackers to cause a denial of service ...)
	NOT-FOR-US: Nokia
CVE-2005-0680 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: Download Center Lite
CVE-2005-0679 (PHP remote file inclusion vulnerability in tell_a_friend.inc.php for ...)
	NOT-FOR-US: Tell A Friend Script
CVE-2005-0678 (PHP remote file inclusion vulnerability in formmail.inc.php for Form ...)
	NOT-FOR-US: Form Mail Script
CVE-2005-0677 (index.php for Zorum 3.5 allows remote attackers to perform certain ...)
	NOT-FOR-US: Zorum
CVE-2005-0676 (index.php in Zorum 3.5 allows remote attackers to trigger an SQL ...)
	NOT-FOR-US: Zorum
CVE-2005-0675 (Cross-site scripting (XSS) vulnerability in index.php for Zorum 3.5 ...)
	NOT-FOR-US: Zorum
CVE-2005-0674 (Cross-site scripting (XSS) vulnerability in the News module for paBox ...)
	NOT-FOR-US: Pabox for PHPNuke
CVE-2005-0673 (Cross-site scripting (XSS) vulnerability in usercp_register.php for ...)
	- phpbb2 2.0.13-2
CVE-2005-0672 (Carsten's 3D Engine (Ca3DE), March 2004 version and earlier, allows ...)
	NOT-FOR-US: Ca3DE
CVE-2005-0671 (Format string vulnerability in Carsten's 3D Engine (Ca3DE), March 2004 ...)
	NOT-FOR-US: Ca3DE
CVE-2005-0670 (Cross-site scripting (XSS) vulnerability in phpCOIN 1.2.0 through ...)
	NOT-FOR-US: phpCOIN
CVE-2005-0669 (Multiple SQL injection vulnerabilities in mod.php for phpCOIN 1.2.0 ...)
	NOT-FOR-US: phpCOIN
CVE-2005-0668 (Unknown vulnerability in HTTP Anti Virus Proxy (HAVP) before 0.51 ...)
	NOT-FOR-US: HAVP
CVE-2005-0667 (Buffer overflow in Sylpheed before 1.0.3 and other versions before ...)
	- sylpheed 1.0.3-1
	- sylpheed-claws 1.0.3-1
CVE-2005-0666 (Unknown vulnerability in PaX from the September 2003 release to 2.2 ...)
	- kernel-patch-adamantix 1.7
CVE-2005-0665 (Format string vulnerability in xv before 3.10a allows remote attackers ...)
	NOT-FOR-US: XV
CVE-2005-0664 (Buffer overflow in the EXIF library (libexif) 0.6.9 does not properly ...)
	{DSA-709-1}
	- libexif 0.6.9-5
CVE-2005-0663 (SQL injection vulnerability in index.php for MercuryBoard 1.1.2 allows ...)
	NOT-FOR-US: Mercury Board
CVE-2005-0662 (Cross-site scripting (XSS) vulnerability in index.php for MercuryBoard ...)
	NOT-FOR-US: Mercury Board
CVE-2005-0661 (SQL injection vulnerability in the getwbbuserdata function in ...)
	NOT-FOR-US: Woltlab Burning Board
CVE-2005-0660 (Multiple cross-site scripting (XSS) vulnerabilities in D-Forum 1.11 ...)
	NOT-FOR-US: D-Forum
CVE-2005-0659 (phpBB 2.0.13 and earlier allows remote attackers to obtain sensitive ...)
	- phpbb2 <unfixed> (unimportant)
CVE-2005-0658 (SQL injection vulnerability in a third party extension to TYPO3 allows ...)
	NOT-FOR-US: Typo3 extension
CVE-2005-0657 (Directory traversal vulnerability in Computalynx CProxy 3.3.x and ...)
	NOT-FOR-US: Computalynx CProxy
CVE-2005-0656 (Multiple cross-site scripting (XSS) vulnerabilities in auraCMS 1.5 ...)
	NOT-FOR-US: auraCMS
CVE-2005-0655 (auraCMS 1.5 allows remote attackers to obtain sensitive information ...)
	NOT-FOR-US: auraCMS
CVE-2005-0654 (gifload.exe in GIMP 2.0.5, 2.2.3, and possibly 2.2.4 allows remote ...)
	NOTE: this is not a security issue according to maintainer
CVE-2005-0653 (phpMyAdmin 2.6.1 does not properly grant permissions on tables with an ...)
	- phpmyadmin 3:2.6.1-pl3-1
CVE-2005-0652 (Unknown vulnerability in HP OpenVMS VAX 7.x and 6.x and OpenVMS Alpha ...)
	NOT-FOR-US: OpenVMS
CVE-2005-0651 (Multiple SQL injection vulnerabilities in ProjectBB 0.4.5.1 allow ...)
	NOT-FOR-US: ProjectBB
CVE-2005-0650 (Multiple cross-site scripting (XSS) vulnerabilities in ProjectBB ...)
	NOT-FOR-US: ProjectBB
CVE-2005-0649 (Pixel-Apes SafeHTML before 1.2.1 allows remote attackers to bypass ...)
	NOT-FOR-US: Pixel-Apes SafeHTML
CVE-2005-0648 (Multiple vulnerabilities in Pixel-Apes SafeHTML before 1.3.0 allow ...)
	NOT-FOR-US: Pixel-Apes SafeHTML
CVE-2005-0647 (admin_setup.php in paNews 2.0.4b allows remote attackers to inject ...)
	NOT-FOR-US: paNews
CVE-2005-0646 (SQL injection vulnerability in auth.php in paNews 2.0.4b allows remote ...)
	NOT-FOR-US: paNews
CVE-2005-0645 (Cross-site scripting (XSS) vulnerability in show.inc.php in cuteNews ...)
	NOT-FOR-US: CuteNews
CVE-2005-0644 (Buffer overflow in McAfee Scan Engine 4320 with DAT version before ...)
	NOT-FOR-US: McAfee Virus Scanners
CVE-2005-0643 (Buffer overflow in McAfee Scan Engine 4320 with DAT version before ...)
	NOT-FOR-US: McAfee Virus Scanners
CVE-2005-0642 (SQL injection vulnerability in the Query Designer for Computer ...)
	NOT-FOR-US: Computer Associates UAM
CVE-2005-0641 (Cross-site scripting (XSS) vulnerability in the Reporter for Computer ...)
	NOT-FOR-US: Computer Associates UAM
CVE-2005-0640 (Computer Associates (CA) Unicenter Asset Management (UAM) 4.0 does not ...)
	NOT-FOR-US: Computer Associates UAM
CVE-2005-0639 (Multiple vulnerabilities in xli before 1.17 may allow remote attackers ...)
	{DSA-695-1 DSA-694-1}
	- xloadimage 4.1-14.2
	- xli 1.17.0-17
CVE-2005-0638 (xloadimage before 4.1-r2, and xli before 1.17, allows attackers to ...)
	{DSA-695-1 DSA-694-1}
	- xli 1.17.0-18
	- xloadimage 4.1-14.1 (bug #298926)
CVE-2005-0637 (The copy functions in locore.s such as copyout in OpenBSD 3.5 and 3.6, ...)
	NOT-FOR-US: OpenBSD
CVE-2005-0636 (Format string vulnerability in Foxmail Server 2.0 allows remote ...)
	NOT-FOR-US: Foxmail
CVE-2005-0635 (Buffer overflow in Foxmail Server 2.0 allows remote attackers to ...)
	NOT-FOR-US: Foxmail
CVE-2005-0634 (Buffer overflow in Golden FTP Server 1.92 allows ...)
	NOT-FOR-US: Golden FTP Server
CVE-2005-0633 (Buffer overflow in Trillian 3.0 and Pro 3.0 allows remote attackers to ...)
	NOT-FOR-US: Cerulean Trillian
CVE-2005-0632 (PHP remote file inclusion vulnerability in auth.php in PHPNews 1.2.4 ...)
	NOT-FOR-US: PHPNews
CVE-2005-0631 (delpm.php in PBLang 4.63 allows remote authenticated users to delete ...)
	NOT-FOR-US: PBLang
CVE-2005-0630 (sendpm.php in PBLang 4.63 allows remote authenticated users to read ...)
	NOT-FOR-US: PBLang
CVE-2005-0629 (Multiple cross-site scripting (XSS) vulnerabilities in profile.php in ...)
	NOT-FOR-US: 427BB
CVE-2005-0628 (Multiple cross-site scripting (XSS) vulnerabilities in Forumwa 1.0 ...)
	NOT-FOR-US: Forumwa
CVE-2005-0627 (Qt before 3.3.4 searches the BUILD_PREFIX directory, which could be ...)
	- qt-x11-free <not-affected> (RPATH disabled in Debian's build)
CVE-2004-1754 (The DNS proxy (DNSd) for multiple Symantec Gateway Security products ...)
	NOT-FOR-US: Symantec DNSd
CVE-2003-1089 (index.php for Zorum 3.4 allows remote attackers to determine the full ...)
	NOT-FOR-US: Zorum
CVE-2003-1088 (Cross-site scripting (XSS) vulnerability in index.php for Zorum 3.4 ...)
	NOT-FOR-US: Zorum
CVE-2005-0626 (Race condition in Squid 2.5.STABLE7 to 2.5.STABLE9, when using the ...)
	- squid 2.5.9-2
CVE-2005-0940
	REJECTED
CVE-2005-0625 (reportbug 3.2 includes settings from .reportbugrc in bug reports, ...)
	- reportbug 3.8
CVE-2005-0624 (reportbug before 2.62 creates the .reportbugrc configuration file with ...)
	- reportbug 3.8
CVE-2005-0623 (Buffer overflow in RaidenHTTPD 1.1.32, and possibly other versions ...)
	NOT-FOR-US: RaidenHTTPD
CVE-2005-0622 (RaidenHTTPD 1.1.32, and possibly other versions before 1.1.34, allows ...)
	NOT-FOR-US: RaidenHTTPD
CVE-2005-0621 (Scrapland 1.0 and earlier allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Scrapland
CVE-2005-0620 (Einstein 1.0 stores credit card information in plaintext in the ...)
	NOT-FOR-US: Einstein
CVE-2005-0619 (Einstein 1.0.1 stores sensitive information such as usernames and ...)
	NOT-FOR-US: Einstein
CVE-2005-0618 (The SMTP binding function in Symantec Firewall/VPN Appliance 200/200R ...)
	NOT-FOR-US: Symantec Firewall/VPN Appliance 200/200R firmware
CVE-2005-0617 (SQL injection vulnerability in dl-search.php in PostNuke 0.750 and ...)
	NOT-FOR-US: PostNuke
CVE-2005-0616 (Multiple cross-site scripting (XSS) vulnerabilities in the Download ...)
	NOT-FOR-US: PostNuke
CVE-2005-0615 (Multiple SQL injection vulnerabilities in (1) index.php, (2) ...)
	NOT-FOR-US: PostNuke
CVE-2005-0614 (sessions.php in phpBB 2.0.12 and earlier allows remote attackers to ...)
	- phpbb2 2.0.13-1
CVE-2005-0613 (Unknown vulnerability in FCKeditor 2.0 RC2, when used with PHP-Nuke, ...)
	- knowledgeroot <not-affected> (fixed before first upload; see bug #381912)
CVE-2005-0612 (Cisco IP/VC Videoconferencing System 3510, 3520, 3525 and 3530 contain ...)
	NOT-FOR-US: Cisco
CVE-2005-0611 (Heap-based buffer overflow in RealNetworks RealPlayer 10.5 ...)
	NOT-FOR-US: Real
CVE-2005-0610 (Multiple symlink vulnerabilities in portupgrade before 20041226_2 in ...)
	NOT-FOR-US: FreeBSD portupgrade
CVE-2005-0609
	RESERVED
CVE-2005-0608 (Heap-based buffer overflow in server.cpp for WebMod 0.47 allows remote ...)
	NOT-FOR-US: Half Life WebMod
CVE-2005-0607 (CubeCart 2.0.0 through 2.0.5 allows remote attackers to determine the ...)
	NOT-FOR-US: CubeCert
CVE-2005-0606 (Cross-site scripting (XSS) vulnerability in settings.inc.php for ...)
	NOT-FOR-US: CubeCert
CVE-2005-0605 (scan.c for LibXPM may allow attackers to execute arbitrary code via a ...)
	{DSA-723-1}
	NOTE: lesstif2
	- lesstif1-1 1:0.93.94-11.1 (bug #298183; bug #299236)
	NOTE: lesstif1
	- lesstif1-1 1:0.93.94-11.3 (bug #300421)
	NOTE: libxmp4 is the real culprit
	- xfree86 4.3.0.dfsg.1-13
	- xorg-x11 <not-affected> (Fixed before upload into archive)
	- openmotif 2.2.3-1.1 (bug #308819; medium)
	[sarge] - openmotif <no-dsa> (Non-free)
CVE-2005-0604 (lnss.exe in GFI Languard Network Security Scanner 5.0 stores the ...)
	NOT-FOR-US: GFI Languard Network Security Scanner
CVE-2005-0603 (viewtopic.php in phpBB 2.0.12 and earlier allows remote attackers to ...)
	- phpbb2 2.0.13-1
CVE-2005-0602 (Unzip 5.51 and earlier does not properly warn the user when extracting ...)
	- unzip 5.52-1
	NOTE: um, tar does this too, not really considered a security hole
CVE-2005-0601 (Cisco devices running Application and Content Networking System (ACNS) ...)
	NOT-FOR-US: Cisco
CVE-2005-0600 (Cisco devices running Application and Content Networking System (ACNS) ...)
	NOT-FOR-US: Cisco
CVE-2005-0599 (Cisco devices running Application and Content Networking System (ACNS) ...)
	NOT-FOR-US: Cisco
CVE-2005-0598 (The RealServer RealSubscriber on Cisco devices running Application and ...)
	NOT-FOR-US: Real
CVE-2005-0597 (Cisco devices running Application and Content Networking System (ACNS) ...)
	NOT-FOR-US: Cisco
CVE-2005-0596 (PHP 4 (PHP4) allows attackers to cause a denial of service (daemon ...)
	NOTE: Fixed in CVS after 4.3.4 release; see http://bugs.php.net/bug.php?id=27037
	- php4 4:4.3.8-1
CVE-2005-0595 (Buffer overflow in ext.dll in BadBlue 2.55 allows remote attackers ...)
	NOT-FOR-US: BadBlue
CVE-2005-0594 (Buffer overflow in the Netinfo Setup Tool (NeST) allows local users to ...)
	NOT-FOR-US: Apple
CVE-2005-0593 (Firefox before 1.0.1 and Mozilla before 1.7.6 allows remote attackers ...)
	- mozilla-firefox 1.0.1
	- mozilla 2:1.7.6-1
CVE-2005-0592 (Heap-based buffer overflow in the UTF8ToNewUnicode function for ...)
	- mozilla-firefox 1.0.1
	- mozilla 2:1.7.6-1
	- mozilla-thunderbird 1.0.2-1
CVE-2005-0591 (Firefox before 1.0.1 allows remote attackers to spoof the (1) security ...)
	- mozilla-firefox 1.0.1
CVE-2005-0590 (The installation confirmation dialog in Firefox before 1.0.1, ...)
	- mozilla-firefox 1.0.1
	- mozilla-thunderbird 1.0.2-1
CVE-2005-0589 (The Form Fill feature in Firefox before 1.0.1 allows remote attackers ...)
	- mozilla-firefox 1.0.1
CVE-2005-0588 (Firefox before 1.0.1 and Mozilla before 1.7.6 does not restrict ...)
	- mozilla-firefox 1.0.1
	- mozilla 2:1.7.6-1
CVE-2005-0587 (Firefox before 1.0.1 and Mozilla before 1.7.6 allows remote malicious ...)
	NOTE: windows only
CVE-2005-0586 (Firefox before 1.0.1 and Mozilla before 1.7.6 allows remote malicious ...)
	- mozilla-firefox 1.0.1
	- mozilla 2:1.7.6-1
CVE-2005-0585 (Firefox before 1.0.1 and Mozilla before 1.7.6 truncates long ...)
	- mozilla-firefox 1.0.1
	- mozilla 2:1.7.6-1
CVE-2005-0584 (Firefox before 1.0.1 and Mozilla before 1.7.6, when displaying the ...)
	- mozilla-firefox 1.0.1
	- mozilla 2:1.7.6-1
CVE-2005-0583 (Directory traversal vulnerability in Computer Associates (CA) License ...)
	NOT-FOR-US: Computer Associates (CA) License Client
CVE-2005-0582 (Buffer overflow in Computer Associates (CA) License Client 0.1.0.15 ...)
	NOT-FOR-US: Computer Associates (CA) License Client
CVE-2005-0581 (Multiple buffer overflows in Computer Associates (CA) License Client ...)
	NOT-FOR-US: Computer Associates (CA) License Client
CVE-2005-0580 (cmd5checkpw, when running setuid, does not properly drop privileges ...)
	NOT-FOR-US: cmd5checkpw
CVE-2005-0579 (nxagent in FreeNX before 0.2.8 does not properly handle when the ...)
	NOT-FOR-US: FreeNX
CVE-2005-0578 (Firefox before 1.0.1 and Mozilla Suite before 1.7.6 use a predictable ...)
	- mozilla-firefox 1.0.1-1
CVE-2005-0577 (Format string vulnerability in DNA MKBold-MKItalic 0.06_1 and earlier ...)
	NOT-FOR-US: MKBold-MKItalic
CVE-2005-0576 (Unknown vulnerability in Standard Type Services Framework (STSF) Font ...)
	NOT-FOR-US: STSF in Solaris
CVE-2005-0575 (Buffer overflow in Stormy Studios Knet 1.04c and earlier allows remote ...)
	NOT-FOR-US: Stormy Studios Knet
CVE-2005-0574 (Directory traversal vulnerability in CIS WebServer 3.5.13 allows ...)
	NOT-FOR-US: CIS Webserver
CVE-2005-0573 (Gaim 1.1.3 on Windows systems allows remote attackers to cause a ...)
	NOTE: Historic Gaim on Windows
CVE-2005-0572 (index.php in phpWebSite 0.10.0 and earlier allows remote attackers to ...)
	NOT-FOR-US: phpWebSite
CVE-2005-0571 (admin_loader.php in PunBB 1.2.1 allows remote attackers to read ...)
	NOT-FOR-US: PunBB
CVE-2005-0570 (profile.php in PunBB 1.2.1 allows remote attackers to cause a denial ...)
	NOT-FOR-US: PunBB
CVE-2005-0569 (Multiple SQL injection vulnerabilities in PunBB 1.2.1 allow remote ...)
	NOT-FOR-US: PunBB
CVE-2005-0568 (Soldier of Fortune II 1.03 gold allows remote attackers to cause a ...)
	NOT-FOR-US: Soldier of Fortune II
CVE-2005-0567 (Multiple PHP remote file inclusion vulnerabilities in phpMyAdmin 2.6.1 ...)
	- phpmyadmin 3:2.6.1-pl2-1
CVE-2005-0566 (Buffer overflow in Golden FTP Server Pro (goldenftpd) 2.x allows ...)
	NOT-FOR-US: Golden FTP Server
CVE-2005-0565 (The Announce module in phpWebSite 0.10.0 and earlier allows remote ...)
	NOT-FOR-US: phpWebSite
CVE-2005-0564 (Stack-based buffer overflow in Microsoft Word 2000 and Word 2002, and ...)
	NOT-FOR-US: Microsoft Word
CVE-2005-0563 (Cross-site scripting (XSS) vulnerability in Microsoft Outlook Web ...)
	NOT-FOR-US: Microsoft
CVE-2005-0562 (GIF file validation error in MSN Messenger 6.2 allows remote attackers ...)
	NOT-FOR-US: MSN Messenger
CVE-2005-0561
	RESERVED
CVE-2005-0560 (Heap-based buffer overflow in the SvrAppendReceivedChunk function in ...)
	NOT-FOR-US: Exchange server
CVE-2005-0559
	RESERVED
CVE-2005-0558 (Buffer overflow in Microsoft Word 2000, Word 2002, and Word 2003 ...)
	NOT-FOR-US: Microsoft Word
CVE-2005-0557
	RESERVED
CVE-2005-0556
	RESERVED
CVE-2005-0555 (Buffer overflow in the Content Advisor in Microsoft Internet Explorer ...)
	NOT-FOR-US: MSIE
CVE-2005-0554 (Buffer overflow in the URL processor of Microsoft Internet Explorer ...)
	NOT-FOR-US: MSIE
CVE-2005-0553 (Race condition in the memory management routines in the DHTML object ...)
	NOT-FOR-US: MSIE
CVE-2005-0552
	RESERVED
CVE-2005-0551 (Stack-based buffer overflow in WINSRV.DLL in the Client Server Runtime ...)
	NOT-FOR-US: Microsoft
CVE-2005-0550 (Buffer overflow in Microsoft Windows 2000, Windows XP SP1 and SP2, and ...)
	NOT-FOR-US: Microsoft
CVE-2005-0549 (Cross-site scripting (XSS) vulnerability in Solaris AnswerBook2 ...)
	NOT-FOR-US: Solaris
CVE-2005-0548 (Cross-site scripting (XSS) vulnerability in Solaris AnswerBook2 ...)
	NOT-FOR-US: Solaris
CVE-2004-1753 (The Apple Java plugin, as used in Netscape 7.1 and 7.2, Mozilla 1.7.2, ...)
	NOT-FOR-US: Apple Java plugin
CVE-2004-1752 (Stack-based buffer overflow in Gaucho 1.4 Build 145 allows remote ...)
	NOT-FOR-US: Gaucho
CVE-2004-1751 (Ground Control II: Operation Exodus 1.0.0.7 and earlier allows remote ...)
	NOT-FOR-US: Ground Control II
CVE-2004-1750 (RealVNC 4.0 and earlier allows remote attackers to cause a denial of ...)
	NOT-FOR-US: RealVNC
CVE-2004-1749 (Attack Mitigator IPS 5500 3.11.008, and possibly other versions, when ...)
	NOT-FOR-US: Attack Mitigator IPS 5500
CVE-2004-1748 (NtRegmon before 6.12 allows local users to cause a denial of service ...)
	NOT-FOR-US: NtRegmon
CVE-2004-1747 (Cross-site scripting (XSS) vulnerability in NetworkEverywhere NR041 ...)
	NOT-FOR-US: NetworkEverywhere NR041
CVE-2004-1746 (Cross-site scripting (XSS) vulnerability in index.php in PHP Code ...)
	NOT-FOR-US: PHP Code Snippet Library
CVE-2004-1745 (Buffer overflow in Painkiller 1.3.1 and earlier allows remote ...)
	NOT-FOR-US: Painkiller
CVE-2004-1744 (Easy File Sharing (EFS) Webserver 1.25 allows remote attackers to ...)
	NOT-FOR-US: ESF Webserver
CVE-2004-1743 (Easy File Sharing (EFS) Webserver 1.25 allows remote attackers to view ...)
	NOT-FOR-US: ESF Webserver
CVE-2004-1742 (Directory traversal vulnerability in WebAPP 0.9.9 allows remote ...)
	NOT-FOR-US: WebAPP
CVE-2004-1741 (Music daemon (musicd) 0.0.3 and earlier allows remote attackers to ...)
	NOT-FOR-US: musicd
CVE-2004-1740 (Music daemon (musicd) 0.0.3 and earlier allows remote attackers to ...)
	NOT-FOR-US: musicd
CVE-2004-1739 (Bird Chat 1.61 allows remote attackers to cause a denial of service ...)
	NOT-FOR-US: Bird Chat
CVE-2004-1738 (Cross-site scripting (XSS) vulnerability in page.php in JShop allows ...)
	NOT-FOR-US: JShop
CVE-2004-1737 (SQL injection vulnerability in auth_login.php in Cacti 0.8.5a allows ...)
	- cacti 0.8.5a-5
CVE-2004-1736 (Cacti 0.8.5a allows remote attackers to gain sensitive information via ...)
	- cacti 0.8.5a-5
CVE-2004-1735 (Cross-site scripting (XSS) vulnerability in the create list option in ...)
	- sympa 4.1.5-4 (bug #298105; unimportant)
	NOTE: A user with the privilege to create new mailing lists needs to be trustworthy
CVE-2004-1734 (PHP remote file inclusion vulnerability in Mantis 0.19.0a allows ...)
	- mantis 0.19.2-1
CVE-2004-1733 (Directory traversal vulnerability in MyDMS 1.4.2 and other versions ...)
	NOT-FOR-US: MyDMS
CVE-2004-1732 (SQL injection vulnerability in out.ViewFolder.php in MyDMS before ...)
	NOT-FOR-US: MyDMS
CVE-2004-1731 (signup_page.php in Mantis bugtracker allows remote attackers to send ...)
	- mantis 0.19.0-1
CVE-2004-1730 (Cross-site scripting (XSS) vulnerability in Mantis bugtracker allows ...)
	- mantis 0.19.0-1
CVE-2004-1729 (Cross-site scripting (XSS) vulnerability in Nihuo Web Log Analyzer 1.6 ...)
	NOT-FOR-US: Nihuo Web Log Analyzer
CVE-2004-1728 (Buffer overflow in British National Corpus SARA (sarad) allows remote ...)
	NOT-FOR-US: sarad
CVE-2004-1727 (BadBlue 2.5 allows remote attackers to cause a denial of service ...)
	NOT-FOR-US: BadBlue
CVE-2004-1726 (Multiple integer overflows in (1) xviris.c, (2) xvpcx.c, and (3) ...)
	NOT-FOR-US: XV
CVE-2004-1725 (Stack-based buffer overflow in xvbmp.c in XV allows remote attackers ...)
	NOT-FOR-US: XV
CVE-2004-1724 (The ReadMe First.txt file in PHP-Fusion 4.0 instructs users to set the ...)
	NOT-FOR-US: PHP-Fusion
CVE-2004-1723 (The (1) updateuser.php and (2) forums_prune.php scripts in PHP-Fusion ...)
	NOT-FOR-US: PHP-Fusion
CVE-2004-1722 (SQL injection vulnerability in calendar.html in Merak Mail Server ...)
	NOT-FOR-US: Merak Mail Server
CVE-2004-1721 (The (1) function.php or (2) function.view.php scripts in Merak Mail ...)
	NOT-FOR-US: Merak Mail Server
CVE-2004-1720 (The (1) address.html and possibly (2) calendar.html pages in Merak ...)
	NOT-FOR-US: Merak Mail Server
CVE-2004-1719 (Multiple cross-site scripting (XSS) vulnerabilities in Merak Webmail ...)
	NOT-FOR-US: Merak Webmail Server
CVE-2004-1718 (The ZwOpenSection function in Integrity Protection Driver (IPD) 1.4 ...)
	NOT-FOR-US: IPD
CVE-2004-1717 (Multiple buffer overflows in the psscan function in ps.c for gv ...)
	- gv 1:3.6.1-1
CVE-2004-1716 (Cross-site scripting (XSS) vulnerability in PForum before 1.26 allows ...)
	NOT-FOR-US: PForum
CVE-2004-1715 (Directory traversal vulnerability in MIMEsweeper for Web before 5.0.4 ...)
	NOT-FOR-US: MIMEsweeper
CVE-2004-1714 (BlackICE PC Protection and Server Protection installs (1) ...)
	NOT-FOR-US: BlackICE PC Protection
CVE-2004-1713 (Unknown vulnerability in HP Process Resource Manager (PRM) ...)
	NOT-FOR-US: PRM on HP-UX
CVE-2004-1712 (Cross-site scripting (XSS) vulnerability in TypePad allows remote ...)
	NOT-FOR-US: TypePad
CVE-2004-1711 (Cross-site scripting (XSS) vulnerability in post.php in Moodle before ...)
	- moodle 1.4-1
CVE-2004-1710 (page.cgi allows remote attackers to execute arbitrary commands via ...)
	NOT-FOR-US: page.cgi
CVE-2004-1709 (Datakey Rainbow iKey2032 USB token, when using the CIP client package, ...)
	NOT-FOR-US: Datakey Rainbow iKey2032 USB token
CVE-2004-1708 (Webbsyte Chat 0.9.0 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Webbsyte
CVE-2004-1707 (The (1) dbsnmp and (2) nmo programs in Oracle 8i, Oracle 9i, and ...)
	NOT-FOR-US: Oracle
CVE-2004-1706 (The U.S. Robotics USR808054 wireless access point allows remote ...)
	NOT-FOR-US: U.S. Robotics wireless access point
CVE-2004-1705 (Buffer overflow in Citadel/UX 6.23 and earlier allows remote attackers ...)
	NOT-FOR-US: Citadel/UX
CVE-2004-1704 (WpQuiz 2.60b1 through 2.60b8 allows remote attackers to gain ...)
	NOT-FOR-US: WpQuiz
CVE-2004-1703 (Fusion News 3.6.1 allows remote attackers to add user accounts, if the ...)
	NOT-FOR-US: Fusion News
CVE-2004-0838 (Lexar Safe Guard for JumpDrive Secure 1.0 stores the password ...)
	NOT-FOR-US: Lexar Safe Guard
CVE-2003-1087 (Unknown vulnerability in diagmond and possibly other applications in ...)
	NOT-FOR-US: diagmond on HP-UX
CVE-2005-0547 (Unknown vulnerability in ftpd on HP-UX B.11.00, B.11.04, B.11.11, ...)
	NOT-FOR-US: ftpd on HP-UX
CVE-2005-0546 (Multiple buffer overflows in Cyrus IMAPd before 2.2.11 may allow ...)
	- cyrus21-imapd 2.1.18-1
CVE-2005-0545 (Microsoft Windows XP Pro SP2 and Windows 2000 Server SP4 running ...)
	NOT-FOR-US: MS Office
CVE-2005-0544 (phpMyAdmin 2.6.1 allows remote attackers to obtain the full path of ...)
	- phpmyadmin 3:2.6.1-pl2-1
CVE-2005-0543 (Cross-site scripting (XSS) vulnerability in phpMyAdmin 2.6.1 allows ...)
	- phpmyadmin 3:2.6.1-pl2-1
CVE-2005-0542 (saveUser.do in Cyclades AlterPath Manager (APM) Console Server 1.2.1 ...)
	NOT-FOR-US: Cyclades AlterPath Manager
CVE-2005-0541 (consoleConnect.jsp in Cyclades AlterPath Manager (APM) Console Server ...)
	NOT-FOR-US: Cyclades AlterPath Manager
CVE-2005-0540 (Cyclades AlterPath Manager (APM) Console Server 1.2.1 allows remote ...)
	NOT-FOR-US: Cyclades AlterPath Manager
CVE-2005-0539 (Unknown vulnerability in IBM Hardware Management Console (HMC) before ...)
	NOT-FOR-US: IBM
CVE-2005-0538 (Directory traversal vulnerability in (1) GinpPictureServlet.java and ...)
	NOT-FOR-US: ginp
CVE-2005-0537 (Multiple SQL injection vulnerabilities in page.php for iGeneric (iG) ...)
	NOT-FOR-US: iGeneric (iG) Shop
CVE-2005-0536 (Directory traversal vulnerability in MediaWiki 1.3.x before 1.3.11 and ...)
	- mediawiki 1.4.9 (bug #276057)
CVE-2005-0535 (Cross-site request forgery (CSRF) vulnerability in MediaWiki 1.3.x ...)
	- mediawiki 1.4.9 (bug #276057)
CVE-2005-0534 (Multiple cross-site scripting (XSS) vulnerabilities in MediaWiki 1.3.x ...)
	- mediawiki 1.4.9 (bug #276057)
CVE-2005-0533 (Heap-based buffer overflow in Trend Micro AntiVirus Library VSAPI ...)
	NOT-FOR-US: Trend Micro AntiVirus
CVE-2005-0532 (The reiserfs_copy_from_user_to_file_region function in reiserfs/file.c ...)
	- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.11-rc4)
	[sarge] - kernel-source-2.6.8 2.6.8-14
CVE-2005-0531 (The atm_get_addr function in addr.c for Linux kernel 2.6.10 and 2.6.11 ...)
	- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.11-rc4)
	[sarge] - kernel-source-2.6.8 2.6.8-14
	- kernel-source-2.4.27 2.4.27-9
CVE-2005-0530 (Signedness error in the copy_from_read_buf function in n_tty.c for ...)
	- kernel-source-2.6.8 2.6.8-14
	NOTE: affects only 2.6 (see #296906)
CVE-2005-0529 (Linux kernel 2.6.10 and 2.6.11rc1-bk6 uses different size types for ...)
	- linux-2.6 <not-affected> (Fixed before upload into archive)
	[sarge] - kernel-source-2.6.8 2.6.8-14
CVE-2005-0528
	REJECTED
	NOTE: This was a dupe of the mremap kernel issue CVE-2003-0985
CVE-2005-0527 (Firefox 1.0 allows remote attackers to execute arbitrary code via ...)
	- mozilla-firefox 1.0.1
	NOTE: didn't other with YA mozilla-browser bug, it has enough for 1.7.6 already..
	- mozilla 2:1.7.6
CVE-2005-0526 (Multiple cross-site scripting (XSS) vulnerabilities in PBLang 4.65 ...)
	NOT-FOR-US: PBLang
CVE-2005-0525 (The php_next_marker function in image.c for PHP 4.2.2, 4.3.9, 4.3.10 ...)
	{DSA-729-1 DSA-708-1}
	- php4 4:4.3.10-10
	- php3 3:3.0.18-31
CVE-2005-0524 (The php_handle_iff function in image.c for PHP 4.2.2, 4.3.9, 4.3.10 ...)
	- php3 <not-affected>
	- php4 4:4.3.10-10
CVE-2005-0523 (Format string vulnerability in ProZilla 1.3.7.3 and earlier allows ...)
	{DSA-719-1}
	- prozilla 1:1.3.7.4-1
CVE-2005-0522 (Chat Anywhere 2.72a stores sensitive information such as passwords in ...)
	NOT-FOR-US: Chat Anywhere
CVE-2005-0521 (SendLink 1.5 stores sensitive information, possibly including ...)
	NOT-FOR-US: SendLink
CVE-2005-0520 (ArGoSoft FTP Server before 1.4.2.8 allows remote attackers to read ...)
	NOT-FOR-US: ArGoSoft
CVE-2005-0519 (ArGoSoft FTP Server before 1.4.2.7 allows remote attackers to read ...)
	NOT-FOR-US: ArGoSoft
CVE-2005-0518 (eXeem 0.21 stores sensitive information such as passwords in plaintext ...)
	NOT-FOR-US: eXeem
CVE-2005-0517 (PeerFTP_5 stores sensitive information such as passwords in plaintext ...)
	NOT-FOR-US: PeerFTP
CVE-2005-0516 (The ImageGalleryPlugin (ImageGalleryPlugin.pm) in Twiki allows remote ...)
	NOT-FOR-US: ImageGalleryPlugin for Twiki
CVE-2005-0515 (Smc.exe in My Firewall Plus 5.0 build 1117, and possibly other ...)
	NOT-FOR-US: My Firewall Plus
CVE-2005-0514 (Cross-site scripting (XSS) vulnerability in Verity Ultraseek before ...)
	NOT-FOR-US: Verity Ultraseek
CVE-2005-0513 (PHP remote file inclusion vulnerability in mail_autocheck.php in the ...)
	NOT-FOR-US: pMachine
CVE-2005-0512 (PHP remote file inclusion vulnerability in Tar.php in Mambo 4.5.2 ...)
	NOT-FOR-US: Mambo
CVE-2005-0511 (misc.php for vBulletin 3.0.6 and earlier, when &quot;Add Template Name in ...)
	NOT-FOR-US: vBulletin
CVE-2003-1086 (PHP remote file inclusion vulnerability in pm/lib.inc.php in pMachine ...)
	NOT-FOR-US: pMachine
CVE-2005-0510 (The daemon for fallback-reboot before 0.995 allows attackers to cause ...)
	NOT-FOR-US: fallback-reboot
CVE-2005-0509 (Multiple cross-site scripting (XSS) vulnerabilities in the Mono 1.0.5 ...)
	NOTE: default config of Mono not vulnerable
	- mono 1.1.6-4 (medium)
CVE-2005-0508 (Unknown vulnerability in Squiggle for Batik before 1.5.1 allows ...)
	- batik 1.5.1-1
CVE-2005-0507 (Directory traversal vulnerability in SD Server 4.0.70 and earlier ...)
	NOT-FOR-US: SD Server
CVE-2005-0506 (The Avaya IP Office Phone Manager, and other products such as the IP ...)
	NOT-FOR-US: Avaya IP Office Phone Manager
CVE-2005-0505 (Unknown vulnerability in Information Resource Manager (IRM) before ...)
	- irm 1.5.3.1-1
CVE-2005-0504 (Buffer overflow in the MoxaDriverIoctl function for the moxa serial ...)
	{DSA-1082-1 DSA-1070-1 DSA-1069-1 DSA-1067-1}
	- kernel-source-2.6.8 2.6.8-12
	- kernel-source-2.6.9 2.6.9-5
	- kernel-source-2.6.10 2.6.10-2
	- kernel-source-2.4.27 2.4.27-8
CVE-2005-0503 (uim before 0.4.5.1 trusts certain environment variables when libUIM is ...)
	- uim 1:0.4.6beta2-1
CVE-2005-0502 (Directory traversal vulnerability in Xinkaa 1.0.3 and earlier allows ...)
	NOT-FOR-US: Xinkaa
CVE-2005-0501 (Buffer overflow in Bontago 1.1 and earlier allows remote attackers ...)
	NOT-FOR-US: Bontago
CVE-2005-0500 (Internet Explorer 6.0 on Windows XP SP2 allows remote attackers to ...)
	NOT-FOR-US: MSIE6
CVE-2005-0499 (Gigafast router (aka CompUSA router) with the DNS proxy option enabled ...)
	NOT-FOR-US: Gigafast router
CVE-2005-0498 (Gigafast router (aka CompUSA router) allows remote attackers to gain ...)
	NOT-FOR-US: Gigafast router
CVE-2005-0497 (ADP Elite System Max 9000 allows remote authenticated users to gain ...)
	NOT-FOR-US: ADP Elite System
CVE-2005-0496 (Arkeia Network Backup Client 5.x contains hard-coded credentials that ...)
	NOT-FOR-US: Arkeia Network Backup
CVE-2005-0495 (Cross-site scripting (XSS) vulnerability in ZeroBoard allows remote ...)
	NOT-FOR-US: ZeroBoard
CVE-2005-0494 (The RgSecurity form in the HTTP server for the Thomson TCW690 cable ...)
	NOT-FOR-US: Thomson TCW690 cable modem
CVE-2005-0493 (CRLF injection vulnerability in bizmail.cgi in Biz Mail Form before ...)
	NOT-FOR-US: Biz Mail From
CVE-2005-0492 (Adobe Acrobat Reader 6.0.3 and 7.0.0 allows remote attackers to cause ...)
	NOT-FOR-US: Acrobat Reader
CVE-2005-0491 (Stack-based buffer overflow in Knox Arkeia Server Backup 5.3.x allows ...)
	NOT-FOR-US: Arkeia Server Backup
CVE-2005-0490 (Multiple stack-based buffer overflows in libcURL and cURL 7.12.1, and ...)
	- curl 7.13.0-2
CVE-2005-0489 (The /proc handling (proc/base.c) Linux kernel 2.4 before 2.4.17 allows ...)
	{DSA-1082-1 DSA-1070-1 DSA-1069-1 DSA-1067-1}
	- linux-2.6 <not-affected> (Fixed before initial release)
CVE-2004-1702 (The AuthenticationDialogue function in cfservd for Cfengine 2.0.0 to ...)
	- cfengine2 2.1.8-1
CVE-2004-1701 (Heap-based buffer overflow in the AuthenticationDialogue function in ...)
	- cfengine2 2.1.8-1
CVE-2004-1700 (Cross-site scripting (XSS) vulnerability in SettingsBase.php in ...)
	NOT-FOR-US: Pinnacle ShowCenter
CVE-2004-1699 (SettingsBase.php in Pinnacle ShowCenter 1.51 allows remote attackers ...)
	NOT-FOR-US: Pinnacle ShowCenter
CVE-2004-1698 (The Base64 function in PopMessenger 1.60 (before 20 Sep 2004) and ...)
	NOT-FOR-US: PopMessenger
CVE-2004-1697 (The &quot;Forgot your Password&quot; link in Computer Associates (CA) Unicenter ...)
	NOT-FOR-US: Computer Associates Unicenter Management Portal
CVE-2004-1696 (EmuLive Server4 Commerce Edition Build 7560 allows remote attackers to ...)
	NOT-FOR-US: EmuLive Server4
CVE-2004-1695 (EmuLive Server4 Commerce Edition Build 7560 allows remote attackers to ...)
	NOT-FOR-US: EmuLive Server4
CVE-2004-1694 (Symantec ON Command CCM 5.4.x and iCommand 3.0.x has four default ...)
	NOT-FOR-US: Symantec
CVE-2004-1693 (PHP remote file inclusion vulnerability in Function.php in Mambo 4.5 ...)
	NOT-FOR-US: Mambo
CVE-2004-1692 (Cross-site scripting (XSS) vulnerability in index.php in Mambo 4.5 ...)
	NOT-FOR-US: Mambo
CVE-2004-1691 (The Web Server in DNS4Me 3.0.0.4 allows remote attackers to cause a ...)
	NOT-FOR-US: DNS4Me
CVE-2004-1690 (Cross-site scripting (XSS) vulnerability in the Web Server in DNS4Me ...)
	NOT-FOR-US: DNS4Me
CVE-2004-1689 (sudoedit (aka sudo -e) in sudo 1.6.8 opens a temporary file with root ...)
	- sudo 1.6.8p3-1
CVE-2004-1688 (Pigeon Server 3.02.0143 and earlier allows remote attackers to cause a ...)
	NOT-FOR-US: Pigeon Server
CVE-2004-1687 (CRLF injection vulnerability in down.asp for Snitz Forums 2000 3.4.04 ...)
	NOT-FOR-US: Snitz Forums
CVE-2004-1686 (Internet Explorer 6.0 in Windows XP SP2 allows remote attackers to ...)
	NOT-FOR-US: MSIE
CVE-2004-1685 (SMC routers SMC7004VWBR running firmware 1.00.014 and SMC7008ABR EU ...)
	NOT-FOR-US: SMC router
CVE-2004-1684 (Zyxel P681 running ZyNOS Vt020225a contains portions of memory in an ...)
	NOT-FOR-US: Zyxel
CVE-2004-1683 (A race condition in crrtrap for QNX RTP 6.1 allows local users to gain ...)
	NOT-FOR-US: crrtrap
CVE-2004-1682 (Format string vulnerability in QNX 6.1 FTP client allows remote ...)
	NOT-FOR-US: QNX FTP
CVE-2004-1681 (Multiple buffer overflows in (1) phrelay-cfg, (2) phlocale, (3) ...)
	NOT-FOR-US: QNX
CVE-2004-1680 (application.cgi in the Pingtel Xpressa handset running firmware ...)
	NOT-FOR-US: Pingtel Xpressa
CVE-2004-1679 (Directory traversal vulnerability in TwinFTP 1.0.3 R2 allows remote ...)
	NOT-FOR-US: TwinFTP
CVE-2004-1678 (Directory traversal vulnerability in pdesk.cgi in PerlDesk allows ...)
	NOT-FOR-US: PerlDesk
CVE-2004-1677 (pdesk.cgi in PerlDesk allows remote attackers to gain sensitive ...)
	NOT-FOR-US: PerlDesk
CVE-2004-1676 (Heap-based buffer overflow in the image sending feature in Gadu-Gadu ...)
	NOT-FOR-US: Gadu-Gadu
CVE-2004-1675 (Serv-U FTP server 4.x and 5.x allows remote attackers to cause a ...)
	NOT-FOR-US: Serv-U FTP
CVE-2004-1674 (viewaction.html in Merak Mail Server 7.4.5 with Icewarp Web Mail 5.2.7 ...)
	NOT-FOR-US: Merak Mail Server
CVE-2004-1673 (accountsettings_add.html in Merak Mail Server 7.4.5 with Icewarp Web ...)
	NOT-FOR-US: Merak Mail Server
CVE-2004-1672 (attachment.html in Merak Mail Server 7.4.5 with Icewarp Web Mail 5.2.7 ...)
	NOT-FOR-US: Merak Mail Server
CVE-2004-1671 (Merak Mail Server 7.4.5 with Icewarp Web Mail 5.2.7 and possibly other ...)
	NOT-FOR-US: Merak Mail Server
CVE-2004-1670 (Multiple directory traversal vulnerabilities Merak Mail Server 7.4.5 ...)
	NOT-FOR-US: Merak Mail Server
CVE-2004-1669 (Cross-site scripting (XSS) vulnerability in MERAK Mail Server 7.4.5 ...)
	NOT-FOR-US: Merak Mail Server
CVE-2004-1668 (Multiple SQL injection vulnerabilities in index.php in Subjects 2.0 ...)
	NOT-FOR-US: Subjects
CVE-2004-1667 (Off-by-one error in Halo Combat Evolved 1.04 and earlier allows remote ...)
	NOT-FOR-US: Halo Combat Evolved
CVE-2004-1666 (Buffer overflow in the MSN module in Trillian 0.74i allows remote MSN ...)
	NOT-FOR-US: Cerulean Trillian
CVE-2004-1665 (Cross-site scripting (XSS) vulnerability in index.php in PsNews 1.1 ...)
	NOT-FOR-US: PsNews
CVE-2004-1664 (Call of Duty 1.4 and earlier allows remote attackers to cause a denial ...)
	NOT-FOR-US: Call of Duty
CVE-2004-1663 (Engenio/LSI Logic storage controllers, as used in products such as ...)
	NOT-FOR-US: Engenio/LSI Logic storage controllers
CVE-2004-1662 (YaBB SE 1.5.1 allows remote attackers to obtain sensitive information ...)
	NOT-FOR-US: YaBB
CVE-2004-1661 (MailWorks Professional allows remote attackers to bypass ...)
	NOT-FOR-US: MailWorks
CVE-2004-1660 (PHP remote file inclusion vulnerability in CuteNews 1.3.6 and earlier ...)
	NOT-FOR-US: CuteNews
CVE-2004-1659 (Cross-site scripting (XSS) vulnerability in index.php in CuteNews ...)
	NOT-FOR-US: CuteNews
CVE-2004-1658 (Kerio Personal Firewall 4.0 (KPF4) allows local users with ...)
	NOT-FOR-US: Kerio Personal Firewall
CVE-2004-1657 (Cross-site scripting (XSS) vulnerability in the Activity and Events ...)
	NOT-FOR-US: DasBlog
CVE-2004-1656 (CRLF injection vulnerability in Comersus Shopping Cart 5.0991 allows ...)
	NOT-FOR-US: Comersus Shopping Cart
CVE-2004-1655 (Cross-site scripting (XSS) vulnerability in phpWebsite 0.9.3-4 and ...)
	NOT-FOR-US: phpWebsite
CVE-2004-1654 (SQL injection vulnerability in the calendar module in phpWebsite ...)
	NOT-FOR-US: phpWebsite
CVE-2004-1653 (The default configuration for OpenSSH enables AllowTcpForwarding, ...)
	- openssh <not-affected> (Documented SSH protocol behaviour, cannot be "fixed")
	NOTE: See bug #296547 for details
CVE-2004-1652 (phpScheduleIt 1.0.0 RC1 does not clear administrative privileges if ...)
	NOT-FOR-US: phpScheduleIt
CVE-2004-1651 (Multiple cross-site scripting (XSS) vulnerabilities in the ...)
	NOT-FOR-US: phpScheduleIt
CVE-2004-1650 (D-Link DCS-900 Internet Camera listens on UDP port 62976 for an IP ...)
	NOT-FOR-US: D-Link DCS-900
CVE-2004-1649 (Buffer overflow in Microsoft Msinfo32.exe might allow local users to ...)
	NOT-FOR-US: Msinfo32.exe
CVE-2004-1648 (Cross-site scripting (XSS) vulnerability in (1) index.asp, (2) ...)
	NOT-FOR-US: Password Protect
CVE-2004-1647 (SQL injection vulnerability in Password Protect allows remote ...)
	NOT-FOR-US: Password Protect
CVE-2004-1646 (Directory traversal vulnerability in Xedus 1.0 allows remote attackers ...)
	NOT-FOR-US: Xedus
CVE-2004-1645 (Cross-site scripting (XSS) vulnerability in Xedus 1.0 allows remote ...)
	NOT-FOR-US: Xedus
CVE-2004-1644 (Xedus 1.0 allows remote attackers to cause a denial of service (refuse ...)
	NOT-FOR-US: Xedus
CVE-2004-1643 (WS_FTP 5.0.2 allows remote authenticated users to cause a denial of ...)
	NOT-FOR-US: WS_FTP
CVE-2004-1642 (WFTPD Pro Server 3.21 allows remote authenticated users to cause a ...)
	NOT-FOR-US: WS_FTP
CVE-2004-1641 (Heap-based buffer overflow in Titan FTP 3.21 and earlier allows remote ...)
	NOT-FOR-US: Titan
CVE-2004-1640 (Multiple cross-site scripting (XSS) vulnerabilities in XOOPS 0.94 and ...)
	NOT-FOR-US: XOOPS
CVE-2003-1085 (The HTTP server in the Thomson TWC305, TWC315, and TCW690 cable modem ...)
	NOT-FOR-US: Thomson cable modem
CVE-2005-0488 (Certain BSD-based Telnet clients, including those used on Solaris and ...)
	- krb4 <unfixed> (unimportant)
	[woody] - krb4 <no-dsa> (Documented behaviour in MIT Kerberos)
	[sarge] - krb4 <no-dsa> (Documented behaviour in MIT Kerberos)
	- krb5 <unfixed> (unimportant)
	[woody] - krb5 <no-dsa> (Documented behaviour in MIT Kerberos)
	[sarge] - krb5 <no-dsa> (Documented behaviour in MIT Kerberos)
	- netkit-telnet <not-affected> (netkit-telnet is not affected)
CVE-2004-1639 (Mozilla Firefox before 0.10, Mozilla 5.0, and Gecko 20040913 allows ...)
	NOTE: This is not a real security issue; it just describes the fact that the Gecko
	NOTE: engine of the Mozillae may be lead into a crash if you feed it with large chunks
	NOTE: of arbitrary binary data and label it as HTML. As the parsing garbage is displayed
	NOTE: during transfer any user will cancel the transfer and if you load it from the
	NOTE: hard disc, well than you have "DoSed" yourself, congratulations.
	NOTE: It's reproducable with 1.0.2, but I doubt it will ever be "fixed", as HTML parsers
	NOTE: generally try to make sense of anything even remotely resembling HTML.
	- firefox <removed> (unimportant)
	- iceweasel <unfixed> (unimportant)
	- mozilla <unfixed> (unimportant)
CVE-2004-1638 (Buffer overflow in MailCarrier 2.51 allows remote attackers to execute ...)
	NOT-FOR-US: mailcarrier
CVE-2004-1637 (The Hawking Technologies HAR11A modem/router allows remote attackers ...)
	NOT-FOR-US: Hawking Technologies HAR11A modem/router
CVE-2004-1636 (Heap-based buffer overflow in the WvTFTPServer::new_connection ...)
	NOT-FOR-US: WvTftp
CVE-2004-1635 (Bugzilla 2.17.1 through 2.18rc2 and 2.19 from cvs, when using the ...)
	NOTE: does not affect older 2.16.7 in sid.
CVE-2004-1634 (show_bug.cgi in Bugzilla 2.17.1 through 2.18rc2 and 2.19 from CVS, ...)
	NOTE: does not affect older 2.16.7 in sid.
CVE-2004-1633 (process_bug.cgi in Bugzilla 2.9 through 2.18rc2 and 2.19 from CVS does ...)
	- bugzilla 2.16.7
CVE-2004-1632 (Cross-site scripting (XSS) vulnerability in wiki.php in MoniWiki 1.0.8 ...)
	- moniwiki 1.0.9
CVE-2004-1631 (Open WorkFlow Engine (OpenWFE) 1.4.x allows remote attackers to ...)
	NOT-FOR-US: Open WorkFlow Engine
CVE-2004-1630 (Cross-site scripting (XSS) vulnerability in the login form in Open ...)
	NOT-FOR-US: Open WorkFlow Engine
CVE-2004-1629 (Multiple SQL injection vulnerabilities in Dwc_articles 1.6 and earlier ...)
	NOT-FOR-US: Dwc_articles
CVE-2004-1628 (Format string vulnerability in log.c in rssh before 2.2.2 allows ...)
	- rssh 2.2.2
CVE-2004-1627 (Buffer overflow in Ability Server 2.25, 2.32, 2.34, and possibly other ...)
	NOT-FOR-US: ability server
CVE-2004-1626 (Buffer overflow in Ability Server 2.34, and possibly other versions, ...)
	NOT-FOR-US: ability server
CVE-2004-1625 (pGina 1.7.6 and possibly older versions, when the Restart or Shutdown ...)
	NOT-FOR-US: pGina
CVE-2004-1624 (Carbon Copy 6.0.5257 does not drop system privileges when opening ...)
	NOT-FOR-US: Carbon Copy
CVE-2004-1623 (The WAV file property handler in Windows XP SP1 allows remote ...)
	NOT-FOR-US: Microsoft
CVE-2004-1622 (SQL injection vulnerability in dosearch.php in UBB.threads 3.4.x ...)
	NOT-FOR-US: UBB.threads
CVE-2004-1621 (** DISPUTED ** ...)
	NOT-FOR-US: Lotus Notes
CVE-2004-1620 (CRLF injection vulnerability in Serendipity before 0.7rc1 allows ...)
	NOT-FOR-US: Serendipity
CVE-2004-1619 (Buffer overflow in Privateer's Bounty: Age of Sail II allows ...)
	NOT-FOR-US: Privateer's Bounty: Age of Sail II
CVE-2004-1618 (Vypress Tonecast 1.3 and earlier allows remote attackers to cause a ...)
	NOT-FOR-US: Tonecast
CVE-2004-1617 (Lynx, lynx-ssl, and lynx-cur before 2.8.6dev.8 allow remote attackers ...)
	{DSA-1077-1 DSA-1076-1}
	- lynx 2.8.5-2sarge1.2 (bug #296340; bug #384725; low)
	- lynx-cur 2.8.6-6 (low)
	- lynx-ssl <removed>
CVE-2004-1616 (Links allows remote attackers to cause a denial of service (memory ...)
	- links 0.99+1.00pre12-1 (bug #296341; low)
CVE-2004-1615 (Opera allows remote attackers to cause a denial of service (invalid ...)
	NOT-FOR-US: Opera
CVE-2004-1614 (Mozilla allows remote attackers to cause a denial of service ...)
	- mozilla-firefox <not-affected> (assuming this is mozilla_die2.html, does not bother firefox 1.0+dfsg.1-6)
	NOTE: mozilla-browser 1.7.5-1 also ok
CVE-2004-1613 (Mozilla allows remote attackers to cause a denial of service ...)
	NOTE: example page did not bother firefox 1.0+dfsg.1-6
	NOTE: mozilla-browser 1.7.5-1 also ok
CVE-2004-1612 (Directory traversal vulnerability in SalesLogix 6.1 allows remote ...)
	NOT-FOR-US: SalesLogix
CVE-2004-1611 (SalesLogix 6.1 does not verify if a user is authenticated before ...)
	NOT-FOR-US: SalesLogix
CVE-2004-1610 (SalesLogix 6.1 uses client-specified pathnames for writing certain ...)
	NOT-FOR-US: SalesLogix
CVE-2004-1609 (SalesLogix 6.1 includes usernames, passwords, and other sensitive ...)
	NOT-FOR-US: SalesLogix
CVE-2004-1608 (SQL injection vulnerability in SalesLogix 6.1 allows remote attackers ...)
	NOT-FOR-US: SalesLogix
CVE-2004-1607 (slxweb.dll in SalesLogix 6.1 allows remote attackers to obtain ...)
	NOT-FOR-US: SalesLogix
CVE-2004-1606 (slxweb.dll in SalesLogix 6.1 allows remote attackers to cause a denial ...)
	NOT-FOR-US: SalesLogix
CVE-2004-1605 (SalesLogix 6.1 allows remote attackers to bypass authentication by ...)
	NOT-FOR-US: SalesLogix
CVE-2004-1604 (cPanel 9.9.1-RELEASE-3 allows remote authenticated users to chmod ...)
	NOT-FOR-US: not our cpanel
CVE-2004-1603 (cPanel 9.4.1-RELEASE-64 follows hard links, which allows local users ...)
	NOT-FOR-US: not our cpanel
CVE-2004-1602 (ProFTPD 1.2.x, including 1.2.8 and 1.2.10, responds in a different ...)
	- proftpd 1.2.10-4
CVE-2004-1601 (Directory traversal vulnerability in index.php in CoolPHP 1.0-stable ...)
	NOT-FOR-US: coolphp
CVE-2004-1600 (index.php in CoolPHP 1.0-stable allows remote attackers to gain ...)
	NOT-FOR-US: CoolPHP
CVE-2004-1599 (Cross-site scripting (XSS) vulnerability in index.php in CoolPHP ...)
	NOT-FOR-US: CoolPHP
CVE-2004-1598 (Adobe Acrobat and Acrobat Reader 6.0 allow remote attackers to read ...)
	NOT-FOR-US: Acrobat
CVE-2004-1597 (RIM Blackberry 7230 running RIM Blackberry OS 3.7 SP1 allows remote ...)
	NOT-FOR-US: RIM Blackberry
CVE-2004-1596 (The 3COM Wireless router 3CRADSL72 running Boot Code 1.3d allows ...)
	NOT-FOR-US: 3COM router
CVE-2004-1595 (Buffer overflow in ShixxNote 6.net build 117 allows remote attackers ...)
	NOT-FOR-US: ShixxNote
CVE-2004-1594 (Cross-site scripting (XSS) vulnerability in FuseTalk 4.0 allows remote ...)
	NOT-FOR-US: FuseTalk
CVE-2004-1593 (Cross-site scripting (XSS) vulnerability in ...)
	NOT-FOR-US: SCT email client
CVE-2004-1592 (PHP remote file inclusion vulnerability in index.php in ocPortal 1.0.3 ...)
	NOT-FOR-US: ocPortal
CVE-2004-1591 (The web interface for Micronet Wireless Broadband Router SP916BM ...)
	NOT-FOR-US: Micronet Wireless Router
CVE-2004-1590 (Clientexec allows remote attackers to gain sensitive information via ...)
	NOT-FOR-US: clientexec
CVE-2004-1589 (Cross-site scripting (XSS) vulnerability in GoSmart Message Board ...)
	NOT-FOR-US: GoSmart
CVE-2004-1588 (SQL injection vulnerability in GoSmart Message Board allows remote ...)
	NOT-FOR-US: GoSmart
CVE-2004-1587 (Buffer overflow in Monolith games including (1) Alien versus Predator ...)
	NOT-FOR-US: Monolith Games
CVE-2004-1586 (Flash Messaging clients can ignore disconnecting commands such as ...)
	NOT-FOR-US: Flash Messaging
CVE-2004-1585 (Flash Messaging 5.2.0g (rev 1.1.2) and earlier allows remote attackers ...)
	NOT-FOR-US: Flash Messaging
CVE-2004-1584 (CRLF injection vulnerability in wp-login.php in WordPress 1.2 allows ...)
	- wordpress 1.2.1-1.1
CVE-2004-1583 (Directory traversal vulnerability in the FTP server in TriDComm 1.3 ...)
	NOT-FOR-US: FTP server in TriDComm
CVE-2004-1582 (PHP remote file inclusion vulnerability in BlackBoard 1.5.1 allows ...)
	NOT-FOR-US: BlackBoard
CVE-2004-1581 (BlackBoard 1.5.1 allows remote attackers to gains sensitive ...)
	NOT-FOR-US: BlackBoard
CVE-2004-1580 (SQL injection vulnerability in index.php in CubeCart 2.0.1 allows ...)
	NOT-FOR-US: CubeCart
CVE-2004-1579 (index.php in CubeCart 2.0.1 allows remote attackers to gain sensitive ...)
	NOT-FOR-US: CubeCart
CVE-2004-1578 (Cross-site scripting (XSS) vulnerability in index.php in Invision ...)
	NOT-FOR-US: Invision Power Board
CVE-2004-1577 (index.php in PHP Links allows remote attackers to gain sensitive ...)
	NOT-FOR-US: phplinks
CVE-2004-1576 (Format string vulnerability in Judge Dredd: Dredd vs. Death 1.01 and ...)
	NOT-FOR-US: Judge Dredd
CVE-2004-1575 (The XML parser in Xerces-C++ 2.5.0 allows remote attackers to cause a ...)
	- xerces25 2.5.0-4
	- xerces24 2.4.0-4
	- xerces23 <not-affected> (not affected, see bug #296432)
	- xerces21 <not-affected> (not affected, see bug #296466)
CVE-2004-1574 (Buffer overflow in Vypress Messenger 3.5.1 and earlier allows remote ...)
	NOT-FOR-US: Vypress
CVE-2004-1573 (The documentation for AJ-Fork 167 implies that users should set ...)
	NOT-FOR-US: AJ-Fork
CVE-2004-1572 (AJ-Fork 167 does not restrict access to directories such as (1) data, ...)
	NOT-FOR-US: AJ-Fork
CVE-2004-1571 (AJ-Fork 167 allows remote attackers to gain sensitive information via ...)
	NOT-FOR-US: AJ-Fork
CVE-2004-1570 (SQL injection vulnerability in bBlog 0.7.2 and 0.7.3 allows remote ...)
	NOT-FOR-US: bBlog
CVE-2004-1569 (Buffer overflow in (1) MusicConverter.exe, (2) playlist.exe, and (3) ...)
	NOT-FOR-US: dbPowerAmp
CVE-2004-1568 (Directory traversal vulnerability in ParaChat Server 5.5 allows remote ...)
	NOT-FOR-US: Parachat
CVE-2004-1567 (profile.php in Silent Storm Portal 2.1 and 2.2 allows remote attackers ...)
	NOT-FOR-US: Silent Storm Portal
CVE-2004-1566 (Cross-site scripting (XSS) vulnerability in index.php in Silent Storm ...)
	NOT-FOR-US: Silent Storm Portal
CVE-2004-1565 (list.php in w-Agora 4.1.6a allows remote attackers to reveal the full ...)
	NOT-FOR-US: w-Agora
CVE-2004-1564 (CRLF injection vulnerability in subscribe_thread.php in w-Agora 4.1.6a ...)
	NOT-FOR-US: w-Agora
CVE-2004-1563 (Multiple cross-site scripting (XSS) vulnerabilities in w-Agora 4.1.6a allow ...)
	NOT-FOR-US: w-Agora
CVE-2004-1562 (SQL injection vulnerability in redir_url.php in w-Agora 4.1.6a allows ...)
	NOT-FOR-US: w-Agora
CVE-2004-1561 (Buffer overflow in Icecast 2.0.1 and earlier allows remote attackers ...)
	- icecast2 2.0.2.debian-1
CVE-2004-1560 (Microsoft SQL Server 7.0 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Microsoft SQL Server
CVE-2004-1559 (Multiple cross-site scripting (XSS) vulnerabilities in Wordpress 1.2 ...)
	- wordpress 1.2.2-1.1
CVE-2004-1558 (Multiple stack-based buffer overflows in YPOPs! (aka YahooPOPS) 0.4 ...)
	NOT-FOR-US: YahooPOPS
CVE-2004-1557 (MyWebServer 1.0.3 allows remote attackers to bypass authentication, ...)
	NOT-FOR-US: MyWebServer
CVE-2004-1556 (MyWebServer 1.0.3 allows remote attackers to cause a denial of service ...)
	NOT-FOR-US: MyWebServer
CVE-2004-1555 (Multiple SQL injection vulnerabilities in BroadBoard Instant ASP ...)
	NOT-FOR-US: BroadBoard Instant ASP Message Board
CVE-2004-1554 (PHP remote file inclusion vulnerability in livre_include.php in @lex ...)
	NOT-FOR-US: @lex GuestBook
CVE-2004-1553 (SQL injection vulnerability in aspWebAlbum allows remote attackers to ...)
	NOT-FOR-US: aspWebAlbum
CVE-2004-1552 (SQL injection vulnerability in aspWebCalendar allows remote attackers ...)
	NOT-FOR-US: aspWebCalendar
CVE-2004-1551 (Cross-site scripting (XSS) vulnerability in the (1) email or (2) file ...)
	NOT-FOR-US: PafileDB
CVE-2004-1550 (Motorola Wireless Router WR850G running firmware 4.03 allows remote ...)
	NOT-FOR-US: Motorola Router
CVE-2004-1549 (The conference menu in ActivePost Standard 3.1 sends passwords of ...)
	NOT-FOR-US: ActivePost
CVE-2004-1548 (Directory traversal vulnerability in the file server in ActivePost ...)
	NOT-FOR-US: ActivePost
CVE-2004-1547 (The file server in ActivePost Standard 3.1 and earlier allows remote ...)
	NOT-FOR-US: ActivePost
CVE-2004-1546 (Multiple buffer overflows in MDaemon 6.5.1 allow remote attackers to ...)
	NOT-FOR-US: MDaemon
CVE-2004-1545 (UploadFile.php in MoniWiki 1.0.9.2 and earlier, when used with Apache ...)
	- moniwiki 1.0.9-4
CVE-2005-0487 (Cross-site scripting (XSS) vulnerability in index.php for Kayako ...)
	NOT-FOR-US: Kyako ESupport
CVE-2005-0486 (Tarantella Secure Global Desktop Enterprise Edition 4.00 and 3.42, and ...)
	NOT-FOR-US: Tarantella Secure Global Desktop
CVE-2005-0485 (Cross-site scripting (XSS) vulnerability in comment.php for paNews ...)
	NOT-FOR-US: paNews
CVE-2005-0484 (Format string vulnerability in gprostats for GProFTPD before 8.1.9 may ...)
	NOT-FOR-US: GProFTPD
CVE-2005-0483 (Multiple directory traversal vulnerabilities in sitenfo.sh, ...)
	NOT-FOR-US: Glftpd
CVE-2005-0482 (TrackerCam 5.12 and earlier allows remote attackers to cause a denial ...)
	NOT-FOR-US: TrackerCam
CVE-2005-0481 (TrackerCam 5.12 and earlier allows remote attackers to read log files ...)
	NOT-FOR-US: TrackerCam
CVE-2005-0480 (Cross-site scripting (XSS) vulnerability in TrackerCam 5.12 and ...)
	NOT-FOR-US: TrackerCam
CVE-2005-0479 (Directory traversal vulnerability in ComGetLogFile.php3 for TrackerCam ...)
	NOT-FOR-US: TrackerCam
CVE-2005-0478 (Multiple buffer overflows in TrackerCam 5.12 and earlier allow remote ...)
	NOT-FOR-US: TrackerCam
CVE-2005-0477 (Cross-site scripting (XSS) vulnerability in the SML code for Invision ...)
	NOT-FOR-US: Invision Power Board
CVE-2005-0476 (Cross-site scripting (XSS) vulnerability in hpm_guestbook.cgi allows ...)
	NOT-FOR-US: hpm_guestbook.cgi
CVE-2005-0475 (SQL injection vulnerability in paFAQ Beta4, and possibly other ...)
	NOT-FOR-US: paFAQ
CVE-2005-0474 (SQL injection vulnerability in the user_valid_crypt function in ...)
	- webcalendar 0.9.45-3
CVE-2005-0473 (The HTML parsing functions in Gaim before 1.1.3 allow remote attackers ...)
	- gaim 1:1.1.3-1
CVE-2005-0472 (Gaim before 1.1.3 allows remote attackers to cause a denial of service ...)
	{DSA-716-1}
	- gaim 1:1.1.3-1
CVE-2005-0471 (Sun Java JRE 1.1.x through 1.4.x writes temporary files with long ...)
	NOT-FOR-US: SUN JRE
CVE-2005-0470 (Buffer overflow in wpa_supplicant before 0.2.7 allows remote attackers ...)
	- wpasupplicant 0.3.8-1
CVE-2005-0469 (Buffer overflow in the slc_add_reply function in various BSD-based ...)
	{DSA-765-1 DSA-731-1 DSA-703-1 DSA-699-1 DSA-697-1}
	- krb4 1.2.2-11.2 (bug #306141)
	- krb5 1.3.6-2
	- netkit-telnet-ssl 0.17.24+0.1-7.1 (bug #302036)
	- netkit-telnet 0.17-28
	- heimdal 0.6.3-10
CVE-2005-0468 (Heap-based buffer overflow in the env_opt_add function in telnet.c for ...)
	{DSA-731-1 DSA-703-1}
	- krb5 1.3.6-2
	- krb4 1.2.2-11.2 (bug #306141)
CVE-2005-0467 (Multiple integer overflows in the (1) sftp_pkt_getstring and (2) ...)
	- putty 0.57-1
CVE-2005-0466
	RESERVED
CVE-2005-0465 (gr_osview in SGI IRIX does not drop privileges before opening files, ...)
	NOT-FOR-US: SGI IRIX
CVE-2005-0464 (gr_osview in SGI IRIX 6.5.22, and possibly other 6.5 versions, does ...)
	NOT-FOR-US: SGI IRIX
CVE-2004-1544 (Cross-site scripting (XSS) vulnerability in Search.jsp in JSPWiki ...)
	- jspwiki 2.0.52-8
CVE-2004-1543 (Directory traversal vulnerability in viewimg.php in KorWeblog ...)
	NOT-FOR-US: KorWeblog
CVE-2004-1542 (Buffer overflow in Soldier of Fortune II 1.03 Gold and earlier allows ...)
	NOT-FOR-US: Soldier of Fortune
CVE-2004-1541 (SecureCRT 4.0, 4.1, and possibly other versions, allows remote ...)
	NOT-FOR-US: SecureCRT
CVE-2004-1540 (ZyXEL Prestige 623, 650, and 652 HW Routers, and possibly other ...)
	NOT-FOR-US: ZyXEL Routers
CVE-2004-1539 (Halo: Combat Evolved 1.05 and earlier allows remote game servers to ...)
	NOT-FOR-US: Halo: Combat Evolved
CVE-2004-1538 (SQL injection vulnerability in include.php in PHPKIT 1.6.03 through ...)
	NOT-FOR-US: PHPKIT
CVE-2004-1537 (Cross-site scripting (XSS) vulnerability in popup.php in PHPKIT 1.6.03 ...)
	NOT-FOR-US: PHPKIT
CVE-2004-1536 (SQL injection vulnerability in index.php in the ibProArcade module for ...)
	NOT-FOR-US: Invision Power Board
CVE-2004-1535 (PHP remote file inclusion vulnerability in admin_cash.php for the Cash ...)
	NOT-FOR-US: Cash Mod module of phpbb2
CVE-2004-1534 (ZoneAlarm and ZoneAlarm Pro before 5.5.062, with ad-blocking enabled, ...)
	NOT-FOR-US: ZoneAlarm
CVE-2004-1533 (Buffer overflow in pop3svr.exe for DMS POP3 1.5.3.27 and earlier ...)
	NOT-FOR-US: DMS POP3
CVE-2004-1532 (AppServ 2.5.x and earlier installs a default username and password, ...)
	NOT-FOR-US: AppServ
CVE-2004-1531 (SQL injection vulnerability in post.php in Invision Power Board (IPB) ...)
	NOT-FOR-US: Invision Power Board
CVE-2004-1530 (SQL injection vulnerability in the Event Calendar module 2.13 for ...)
	NOT-FOR-US: PHP-Nuke
CVE-2004-1529 (Cross-site scripting (XSS) vulnerability in the Event Calendar module ...)
	NOT-FOR-US: PHP-Nuke
CVE-2004-1528 (The Event Calendar module 2.13 for PHP-Nuke allows remote attackers to ...)
	NOT-FOR-US: PHP-Nuke
CVE-2004-1527 (Microsoft Internet Explorer 6.0 SP1 does not properly handle certain ...)
	NOT-FOR-US: MSIE
CVE-2004-1526 (Hired Team: Trial 2.0 and earlier and 2.200 does not limit how game ...)
	NOT-FOR-US: Hired Team
CVE-2004-1525 (Hired Team: Trial 2.0 and earlier and 2.200 allows remote attackers to cause ...)
	NOT-FOR-US: Hired Team
CVE-2004-1524 (Hired Team: Trial 2.0 and earlier and 2.200 allows remote attackers to ...)
	NOT-FOR-US: Hired Team
CVE-2004-1523 (Format string vulnerability in the game console in Hired Team: Trial ...)
	NOT-FOR-US: Hired Team
CVE-2004-1522 (Format string vulnerability in Army Men RTS 1.0 allows remote ...)
	NOT-FOR-US: Army Men RTS
CVE-2004-1521 (Eudora 6.2.0.14 does not issue a warning when a user forwards an ...)
	NOT-FOR-US: Eudora
CVE-2004-1520 (Stack-based buffer overflow in IPSwitch IMail 8.13 allows remote ...)
	NOT-FOR-US: IPSwitch IMail
CVE-2004-1519 (SQL injection vulnerability in bug.php in phpBugTracker 0.9.1 allows ...)
	NOT-FOR-US: phpBugTracker
CVE-2004-1518 (SQL injection vulnerability in follow.php in Phorum 5.0.12 and earlier ...)
	NOT-FOR-US: Phorum
CVE-2004-1517 (Zone Labs IMsecure and IMsecure Pro before 1.5 allow remote attackers ...)
	NOT-FOR-US: Zone Labs IMsecure
CVE-2004-1516 (CRLF injection vulnerability in index.php in phpWebSite 0.9.3-4 allows ...)
	NOT-FOR-US: phpWebSite
CVE-2004-1515 (SQL injection vulnerability in (1) ttlast.php and (2) last10.php in ...)
	NOT-FOR-US: vBulletin
CVE-2004-1514 (04WebServer 1.42 allows remote attackers to cause a denial of service ...)
	NOT-FOR-US: 04Webserver
CVE-2004-1513 (04WebServer 1.42 does not adequately filter data that is written to ...)
	NOT-FOR-US: 04Webserver
CVE-2004-1512 (Cross-site scripting (XSS) vulnerability in Response_default.html in ...)
	NOT-FOR-US: 04Webserver
CVE-2004-1511 (Hotfoon 4.0 does not notify users before opening links in web ...)
	NOT-FOR-US: Hotfoon
CVE-2004-1510 (WebCalendar allows remote attackers to gain privileges by modifying ...)
	- webcalendar 0.9.45-1
CVE-2004-1509 (validate.php in WebCalendar allows remote attackers to gain sensitive ...)
	- webcalendar 0.9.45-1
CVE-2004-1508 (init.php in WebCalendar allows remote attackers to execute arbitrary ...)
	- webcalendar 0.9.45-1
CVE-2004-1507 (CRLF injection vulnerability in login.php in WebCalendar allows remote ...)
	- webcalendar 0.9.45-1
CVE-2004-1506 (Multiple cross-site scripting (XSS) vulnerabilities in WebCalendar ...)
	- webcalendar 0.9.45-1
CVE-2004-1505 (Directory traversal vulnerability in index.php in Just Another Flat ...)
	NOT-FOR-US: JAF
CVE-2004-1504 (The displaycontent function in config.php for Just Another Flat file ...)
	NOT-FOR-US: JAF
CVE-2004-1503 (Integer overflow in the InitialDirContext in Java Runtime Environment ...)
	NOT-FOR-US: Sun JRE
CVE-2004-1502 (The Telnet proxy in 602 Lan Suite 2004.0.04.0909 and earlier allows ...)
	NOT-FOR-US: 602 Lan Suite
CVE-2004-1501 (The webmail service in 602 Lan Suite 2004.0.04.0909 and earlier allows ...)
	NOT-FOR-US: 602 Lan Suite
CVE-2004-1500 (Format string vulnerability in the Lithtech engine, as used in ...)
	NOT-FOR-US: Lithtech
CVE-2004-1499 (Cross-site scripting (XSS) vulnerability in the compose message form ...)
	NOT-FOR-US: HELM
CVE-2004-1498 (SQL injection vulnerability in the compose message form in HELM 3.1.19 ...)
	NOT-FOR-US: HELM
CVE-2004-1497 (Web Forums Server 1.6 and 2.0 Power Pack stores passwords in plaintext ...)
	NOT-FOR-US: Web Forums Server
CVE-2004-1496 (Directory traversal vulnerability in Web Forums Server 1.6 and 2.0 ...)
	NOT-FOR-US: Web Forums Server
CVE-2004-1495 (The Repair Archive command in WinRAR 3.40 allows remote attackers to ...)
	NOT-FOR-US: WinRAR
CVE-2004-1494 (Buffer overflow in the Screen Fetch option in XDICT 2002 through 2005 ...)
	NOT-FOR-US: XDICT
CVE-2004-1493 (Master of Orion III 1.2.5 and earlier allows remote attackers to cause ...)
	NOT-FOR-US: Master of Orion
CVE-2004-1492 (Master of Orion III 1.2.5 and earlier allows remote attackers to cause ...)
	NOT-FOR-US: Master of Orion
CVE-2005-0463 (Unknown &quot;major security flaws&quot; in Ulog-php before 1.0, related to ...)
	NOT-FOR-US: ulog-php
CVE-2005-0462 (Cross-site scripting (XSS) vulnerability in MercuryBoard 1.0.x and ...)
	NOT-FOR-US: MercuryBoard
CVE-2005-0461 (Unknown vulnerability in NewsBruiser 2.x before 2.6.1 allows remote ...)
	NOT-FOR-US: NewsBruiser
CVE-2005-0460 (index.php in MercuryBoard 1.0.x and 1.1.x allows remote attackers to ...)
	NOT-FOR-US: MercuryBoard
CVE-2005-0459 (phpMyAdmin 2.6.2-dev, and possibly earlier versions, allows remote ...)
	- phpmyadmin 4:2.6.2 (unimportant)
	NOTE: From maintainer Piotr Roszatycki <Piotr_Roszatycki@netia.net.pl> :
	NOTE: I think it is not a problem on Debian as far as everybody knows the full
	NOTE: path of phpMyAdmin is /usr/share/phpmyadmin.
CVE-2005-0458 (Cross-site scripting (XSS) vulnerability in contact_us.php in ...)
	NOT-FOR-US: oscommerce
CVE-2005-0457 (Opera 7.54 and earlier on Gentoo Linux uses an insecure path for ...)
	NOT-FOR-US: Opera
CVE-2005-0456 (Opera 7.54 and earlier does not properly validate base64 encoded ...)
	NOT-FOR-US: Opera
CVE-2004-1491 (Opera 7.54 and earlier uses kfmclient exec to handle unknown MIME ...)
	NOT-FOR-US: Opera
CVE-2004-1490 (Opera 7.54 and earlier allows remote attackers to spoof file types in ...)
	NOT-FOR-US: Opera
CVE-2004-1489 (Opera 7.54 and earlier does not properly limit an applet's access to ...)
	NOT-FOR-US: Opera
CVE-2005-0455 (Stack-based buffer overflow in the CSmil1Parser::testAttributeFailed ...)
	NOT-FOR-US: Real
CVE-2005-0454 (Multiple SQL injection vulnerabilities in DCP-Portal 6.1.1 and earlier ...)
	NOT-FOR-US: DCP-Portal
CVE-2005-0453 (The buffer_urldecode function in Lighttpd 1.3.7 and earlier does not ...)
	NOT-FOR-US: Lighttpd
CVE-2005-0452 (Multiple cross-site scripting (XSS) vulnerabilities in Microsoft ...)
	NOT-FOR-US: Microsoft
CVE-2005-0451 (Sami HTTP Server 1.0.5 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Sami HTTP Server
CVE-2005-0450 (Directory traversal vulnerability in Sami HTTP Server 1.0.5 allows ...)
	NOT-FOR-US: Sami HTTP Server
CVE-2005-0449 (The netfilter/iptables module in Linux before 2.6.8.1 allows remote ...)
	{DSA-1018-1 DSA-1017-1}
	- linux-2.6 <not-affected> (Vulnerable code was removed betwen 2.6.11 and 2.6.12)
CVE-2005-0448 (Race condition in the rmtree function in File::Path.pm in Perl before ...)
	{DSA-1678-1 DSA-696-1}
	- perl 5.8.4-7
CVE-2005-0430 (The Quake 3 engine, as used in multiple game packages, allows remote ...)
	NOT-FOR-US: Quake 3
CVE-2005-0447 (Solaris 7, 8, and 9 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Solaris
CVE-2005-0446 (Squid 2.5.STABLE8 and earlier allows remote attackers to cause a ...)
	{DSA-688-1}
	- squid 2.5.8-3
CVE-2005-0445 (Cross-site scripting (XSS) vulnerability in Open WebMail 2.x allows ...)
	- openwebmail <removed>
CVE-2005-0444 (VMware before 4.5.2.8848-r5 searches for gdk-pixbuf shared libraries ...)
	NOT-FOR-US: VMware
CVE-2005-0443 (index.php in CubeCart 2.0.4 allows remote attackers to (1) obtain the ...)
	NOT-FOR-US: CubeCart
CVE-2005-0442 (Directory traversal vulnerability in index.php for CubeCart 2.0.4 ...)
	NOT-FOR-US: CubeCart
CVE-2005-0441 (Multiple stack-based buffer overflows in Sybase Adaptive Server ...)
	NOT-FOR-US: Sybase
CVE-2005-0440 (ELOG before 2.5.7 allows remote attackers to bypass authentication and ...)
	- elog 2.5.7+r1558-1
CVE-2005-0439 (Buffer overflow in the decode_post function in ELOG before 2.5.7 ...)
	- elog 2.5.7+r1558-1
CVE-2005-0438 (awstats.pl in AWStats 6.3 and 6.4 allows remote attackers to obtain ...)
	- awstats 6.3-1
CVE-2005-0437 (Directory traversal vulnerability in awstats.pl in AWStats 6.3 and 6.4 ...)
	- awstats 6.3-1
CVE-2005-0436 (Direct code injection vulnerability in awstats.pl in AWStats 6.3 and ...)
	- awstats 6.3-1
CVE-2005-0435 (awstats.pl in AWStats 6.3 and 6.4 allows remote attackers to read ...)
	- awstats 6.3-1
CVE-2005-0434 (Multiple cross-site scripting (XSS) vulnerabilities in Php-Nuke 7.5 ...)
	NOT-FOR-US: PHP-Nuke
CVE-2005-0433 (Php-Nuke 7.5 allows remote attackers to determine the full path of the ...)
	NOT-FOR-US: PHP-Nuke
CVE-2005-0432 (BEA WebLogic Server 7.0 Service Pack 5 and earlier, and 8.1 Service ...)
	NOT-FOR-US: BEA WebLogic Server
CVE-2005-0431 (Barracuda Spam Firewall 3.1.10 and earlier does not restrict the ...)
	NOT-FOR-US: Barracuda Spam Firewall
CVE-2005-0429 (Direct code injection vulnerability in forumdisplay.php in vBulletin ...)
	NOT-FOR-US: vBulletin
CVE-2005-0428 (The DNSPacket::expand method in dnspacket.cc in PowerDNS before 2.9.17 ...)
	- pdns 2.9.16-6
CVE-2005-0427 (The ebuild of Webmin before 1.170-r3 on Gentoo Linux includes the ...)
	- webmin <not-affected> (Gentoo specific)
CVE-2005-0426 (Unknown vulnerability in Solaris 8 and 9 allows remote attackers to ...)
	NOT-FOR-US: Solaris
CVE-2005-0425 (Unknown vulnerability in IBM Websphere Application Server 5.0, 5.1, ...)
	NOT-FOR-US: Websphere
CVE-2005-0424 (Unknown vulnerability in the delete.asp program in certain versions of ...)
	NOT-FOR-US: ASPjar Guestbook
CVE-2005-0423 (SQL injection vulnerability in login.asp in ASPjar Guestbook allows ...)
	NOT-FOR-US: ASPjar Guestbook
CVE-2005-0422 (DelphiTurk CodeBank (aka KodBank) 3.1 and earlier stores usernames and ...)
	NOT-FOR-US: DelphiTurk
CVE-2005-0421 (DelphiTurk FTP 1.0 stores usernames and passwords in the profile.dat ...)
	NOT-FOR-US: DelphiTurk
CVE-2005-0420 (Microsoft Outlook Web Access (OWA), when used with Exchange, allows ...)
	NOT-FOR-US: Microsoft
CVE-2005-0419 (Multiple heap-based buffer overflows in 3Com 3CServer allow remote ...)
	NOT-FOR-US: 3com
CVE-2005-0418 (Argument injection vulnerability in Java Web Start for J2SE 1.4.2 up ...)
	NOT-FOR-US: Sun Java
CVE-2005-0417 (Unknown &quot;high risk&quot; vulnerability in DB2 Universal Database 8.1 and ...)
	NOT-FOR-US: IBM DB2
CVE-2005-0416 (The Windows Animated Cursor (ANI) capability in Windows NT, Windows ...)
	NOT-FOR-US: Windows
CVE-2005-0415 (Multiple memory leaks in the MQL parser in Emdros before 1.1.22 allow ...)
	NOT-FOR-US: Emdros
CVE-2005-0414 (SQL injection vulnerability in post.php for MercuryBoard 1.1.1 allows ...)
	NOT-FOR-US: MercuryBoard
CVE-2005-0413 (Multiple SQL injection vulnerabilities in MyPHP Forum 1.0 allow remote ...)
	NOT-FOR-US: MyPHP Forum
CVE-2005-0412 (Cross-site scripting (XSS) vulnerability in Spidean PostWrap allows ...)
	NOT-FOR-US: Spidean PostWrap
CVE-2005-0411 (Directory traversal vulnerability in index.php for CitrusDB 0.3.6 and ...)
	NOT-FOR-US: CitrusDB
CVE-2005-0410 (SQL injection vulnerability in importcc.php for CitrusDB 0.3.6 and ...)
	NOT-FOR-US: CitrusDB
CVE-2005-0409 (CitrusDB 0.3.6 and earlier does not verify authorization for the (1) ...)
	NOT-FOR-US: CitrusDB
CVE-2005-0408 (CitrusDB 0.3.6 and earlier generates easily predictable MD5 hashes of ...)
	NOT-FOR-US: CitrusDB
CVE-2005-0407 (Cross-site scripting (XSS) vulnerability in Openconf 1.04, and ...)
	NOT-FOR-US: Openconf
CVE-2005-0406 (A design flaw in image processing software that modifies JPEG images ...)
	- imagemagick <unfixed> (bug #298051; unimportant)
	NOTE: <Maulkin> The EXIF spec says "if your app can't handle $foo, don't touch $foo"
	NOTE: <Piet> 'convert -strip' will remove exif data according to http://www.imagemagick.org/pipermail/magick-users/2006-May/017538.html
CVE-2005-0405
	RESERVED
CVE-2005-0404 (KMail 1.7.1 in KDE 3.3.2 allows remote attackers to spoof email ...)
	NOTE: see http://bugs.kde.org/show_bug.cgi?id=96020
	- kdepim 3.4-1 (bug #305601; low)
	[sarge] - kdepim <no-dsa> (Hardly exploitable)
	NOTE: According to the KDE bug the URL bar in 3.4 cannot be manipulated. Kmail also
	NOTE: warns that HTML mails introduce the risk of phishing. This could as well
	NOTE: be unimportant
CVE-2005-0403 (init_dev in tty_io.c in the Red Hat backport of NPTL to Red Hat ...)
	- glibc <not-affected> (Specific to the NPTL backport for RHEL 3)
CVE-2005-0402 (Firefox before 1.0.2 allows remote attackers to execute arbitrary code ...)
	- mozilla-firefox 1.0.2-1
CVE-2005-0401 (FireFox 1.0.1 and Mozilla before 1.7.6 do not sufficiently address all ...)
	- mozilla-firefox 1.0.2-1
	- mozilla-thunderbird 1.0.2-1
CVE-2005-0400 (The ext2_make_empty function call in the Linux kernel before 2.6.11.6 ...)
	- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.11.6)
	- kernel-source-2.4.27 2.4.27-10 (bug #303294)
CVE-2005-0399 (Heap-based buffer overflow in GIF2.cpp in Firefox before 1.0.2, ...)
	- mozilla-firefox 1.0.2-1
	- mozilla-thunderbird 1.0.2-1
CVE-2005-0398 (The KAME racoon daemon in ipsec-tools before 0.5 allows remote ...)
	- ipsec-tools 1:0.5-5
CVE-2005-0397 (Format string vulnerability in the SetImageInfo function in image.c ...)
	{DSA-702-1}
	- imagemagick 6:6.0.6.2-2.2 (bug #297990)
	- graphicsmagick 1.1.7-1
CVE-2005-0396 (Desktop Communication Protocol (DCOP) daemon, aka dcopserver, in KDE ...)
	NOTE: fix in -4 was broken
	- kdelibs 4:3.3.2-6
CVE-2005-0395
	REJECTED
CVE-2005-0394
	RESERVED
CVE-2005-0393 (The helper scripts for crip 3.5 do not properly use temporary files, ...)
	{DSA-733-1}
	- crip 3.5-1sarge2 (low)
CVE-2005-0392 (ppxp does not drop root privileges before opening log files, which ...)
	{DSA-725-2 DSA-725-1}
	- ppxp 0.2001080415-11
CVE-2005-0391 (geneweb 4.10 and earlier does not properly check file permissions and ...)
	{DSA-712-1}
	- geneweb 4.10-7 (bug #304405)
CVE-2005-0390 (Buffer overflow in the HTTP redirection capability in conn.c for Axel ...)
	{DSA-706-1}
	- axel 1.0b-1
CVE-2005-0389
	REJECTED
CVE-2005-0388 (Unknown vulnerability in the remoteping service in remstats 1.0.13 and ...)
	{DSA-704-1}
	- remstats 1.0.13a-5
CVE-2005-0387 (remstats 1.0.13 and earlier, when processing uptime data, allows local ...)
	{DSA-704-1}
	- remstats 1.0.13a-5
CVE-2005-0386 (Cross-site scripting (XSS) vulnerability in network.cgi in mailreader ...)
	{DSA-700-1}
	- mailreader 2.3.29-11
CVE-2005-0385 (Buffer overflow in luxman before 0.41, if used with certain insecure ...)
	{DSA-693-1}
	- luxman 0.41-20 (bug #299857)
CVE-2005-0384 (Unknown vulnerability in the PPP driver for the Linux kernel 2.6.8.1 ...)
	{DSA-1082-1 DSA-1070-1 DSA-1069-1 DSA-1067-1}
	- linux-2.6 <not-affected> (Fixed before upload into archive)
	- kernel-source-2.4.27 2.4.27-9
CVE-2004-1488 (wget 1.8.x and 1.9.x does not filter or quote control characters when ...)
	- wget 1.9.1-11
CVE-2004-1487 (wget 1.8.x and 1.9.x allows a remote malicious web server to overwrite ...)
	- wget 1.9.1-11
CVE-2005-0383 (Trend Micro Control Manager 3.0 Enterprise Edition allows remote ...)
	NOT-FOR-US: Trend Micro Control Manager
CVE-2005-0382 (Breed patch 1 and earlier allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Breed game
CVE-2005-0381 (Cross-site scripting (XSS) vulnerability in f.aspx in forumKIT 1.0 ...)
	NOT-FOR-US: forumKIT
CVE-2005-0380 (Multiple PHP remote file inclusion vulnerabilities in (1) ...)
	NOT-FOR-US: ZeroBoard
CVE-2005-0379 (Multiple directory traversal vulnerabilities in ZeroBoard 4.1pl5 and ...)
	NOT-FOR-US: ZeroBoard
CVE-2005-0378 (Multiple cross-site scripting (XSS) vulnerabilities in Horde 3.0 allow ...)
	- horde2 <not-affected>
	- horde3 3.0.1-1
CVE-2005-0377 (SQL injection vulnerability in imageview.php for SGallery 1.01 allows ...)
	NOT-FOR-US: sgallery
CVE-2005-0376 (PHP remote file inclusion vulnerability in SGallery 1.01 allows local ...)
	NOT-FOR-US: sgallery
CVE-2005-0375 (imageview.php in SGallery 1.01 allows remote attackers to obtain ...)
	NOT-FOR-US: sgallery
CVE-2005-0374 (Cross-site scripting (XSS) vulnerability in Bitboard 2.5 and earlier ...)
	NOT-FOR-US: bitboard
CVE-2005-0373 (Buffer overflow in digestmd5.c CVS release 1.170 (also referred to as ...)
	NOTE: had to extract gentoo ebuild from rsync.gentoo.org to get details
	NOTE: see cyrus-sasl-2.1.18-cvs-1.172.patch in there
	NOTE: cyrus-sasl2 already has patch applied
	NOTE: oldstable version not affected, thus marking it as done with the oldstable version
	- cyrus-sasl <not-affected> (cyrus-sasl code seems too old for any of the problems to apply)
	- cyrus-sasl2 2.1.19.dfsg1-0sarge2
CVE-2005-0372 (Directory traversal vulnerability in gftp before 2.0.18 for GTK+ ...)
	{DSA-686-1}
	- gftp 2.0.18-1
	NOTE: CVE entry claims that 2.0.18 is vulnerable, but this is wrong.
CVE-2005-0371 (Armagetron 0.2.6.0 and earlier and Armagetron Advanced 0.2.7.0 and ...)
	- armagetron 0.2.8.2.1-1 (bug #296840; low)
	[sarge] - armagetron <no-dsa> (Remaining vulnerabilities are minor)
	[etch] - armagetron <no-dsa> (Remaining vulnerabilities are minor)
CVE-2005-0370 (Armagetron 0.2.6.0 and earlier and Armagetron Advanced 0.2.7.0 and ...)
	- armagetron 0.2.7.0-1
	NOTE: Sarge has this version number, but oldstable is affected
CVE-2005-0369 (Armagetron 0.2.6.0 and earlier and Armagetron Advanced 0.2.7.0 earlier ...)
	- armagetron 0.2.7.0-1
	NOTE: Sarge has this version number, but olstable is affected
CVE-2005-0368 (Multiple SQL injection vulnerabilities in CMScore allow remote ...)
	NOT-FOR-US: CMScore
CVE-2005-0367 (Multiple directory traversal vulnerabilities in ArGoSoft Mail Server ...)
	NOT-FOR-US: ArGoSoft Mail Server
CVE-2005-0366 (The integrity check feature in OpenPGP, when handling a message that ...)
	- gnupg 1.4.1-1
CVE-2005-0364 (Unknown vulnerability in BIND 9.2.0 in HP-UX B.11.00, B.11.11, and ...)
	- bind9 <not-affected> (Bind on hp-ux)
CVE-2005-0361
	RESERVED
CVE-2005-0360 (The Microsoft Log Sink Class ActiveX control in pkmcore.dll is marked ...)
	NOT-FOR-US: Microsoft
CVE-2005-0359 (The Legato PortMapper in EMC Legato NetWorker, Sun Solstice Backup 6.0 ...)
	NOT-FOR-US: EMC Legato
CVE-2005-0358 (EMC Legato NetWorker, Solstice Backup 6.0 and 6.1, and StorEdge ...)
	NOT-FOR-US: EMC Legato
CVE-2005-0357 (EMC Legato NetWorker, Sun Solstice Backup 6.0 and 6.1, and StorEdge ...)
	NOT-FOR-US: EMC Legato
CVE-2005-0356 (Multiple TCP implementations with Protection Against Wrapped Sequence ...)
	- linux-2.6 <not-affected> (Linux is not vulnerable, see #310804)
	- kernel-source-2.4.27 <not-affected> (Linux is not vulnerable, see #310804)
	- kfreebsd5-source 5.3-15 (medium)
CVE-2005-0355
	RESERVED
CVE-2005-0354
	RESERVED
CVE-2005-0353 (Buffer overflow in the Sentinel LM (Lservnt) service in the Sentinel ...)
	NOT-FOR-US: Sentinel License Manager
CVE-2005-0352 (Servers Alive 4.1 and 5.0, when running as a service, does not drop ...)
	NOT-FOR-US: Servers Alive
CVE-2005-0351 (Buffer overflow in (1) termsh, (2) atcronsh, and (3) auditsh in SCO ...)
	NOT-FOR-US: SCO OpenServer
CVE-2005-0350 (Heap-based buffer overflow in multiple F-Secure Anti-Virus and ...)
	NOT-FOR-US: F-Secure Anti-Virus
CVE-2005-0349 (The production release of the UniversalAgent for UNIX in BrightStor ...)
	NOT-FOR-US: BrightStor ARCserve Backup
CVE-2004-9999
	REJECTED
CVE-2004-9998
	REJECTED
CVE-2004-1486 (Unknown vulnerability in Serviceguard A.11.13 through A.11.16.00 and ...)
	NOT-FOR-US: Serviceguard and Cluster Object Manager on HP-UX, HP Linux
CVE-2004-1485 (Buffer overflow in the TFTP client in InetUtils 1.4.2 allows remote ...)
	- inetutils <not-affected> (inetutils 2:1.4.2+20040207-4; not vulnerable and its tftpd is not shipped)
	- atftp <not-affected> (atftp checks h_length)
	- netkit-tftp <not-affected> (netkit-tftp not vulnerable)
	- tftp-hpa <not-affected> (bug #295297; not exploitable)
	NOTE: The address length comes from libc, not the network.
CVE-2004-1484 (Format string vulnerability in the _msg function in error.c in socat ...)
	- socat 1.4.0.3-1
CVE-2004-1483 (Multiple unknown vulnerabilities in the ActiveX and HTML file browsers ...)
	NOT-FOR-US: Symantec Clientless VPN Gateway 4400 Series
CVE-2004-1482 (The sbuf_getmsg function in BNC incorrectly handles backspace ...)
	NOT-FOR-US: BNC irc proxy
CVE-2004-1481 (Integer overflow in pnen3260.dll in RealPlayer 8 through 10.5 ...)
	NOT-FOR-US: Real
CVE-2004-1480 (Unknown vulnerability in the management station in HP StorageWorks ...)
	NOT-FOR-US: HP StorageWorks Command View XP
CVE-2004-1479
	REJECTED
CVE-2004-1478 (JRun 4.0 does not properly generate and handle the JSESSIONID, which ...)
	NOT-FOR-US: JRun
CVE-2004-1477 (Cross-site scripting (XSS) vulnerability in the Management Console in ...)
	NOT-FOR-US: JRun
CVE-2004-1476 (Stack-based buffer overflow in the VideoCD (VCD) code in xine-lib ...)
	- xine-lib 1-rc6
	- libcdio 0.69
CVE-2004-1475 (Multiple stack-based buffer overflows in xine-lib 1-rc2 through 1-rc5 ...)
	- xine-lib 1-rc6
CVE-2004-1474 (Symantec Enterprise Firewall/VPN Appliances 100, 200, and 200R running ...)
	NOT-FOR-US: Symantec Enterprise Firewall/VPN Appliances
CVE-2004-1473 (Symantec Enterprise Firewall/VPN Appliances 100, 200, and 200R running ...)
	NOT-FOR-US: Symantec Enterprise Firewall/VPN Appliances
CVE-2004-1472 (Symantec Enterprise Firewall/VPN Appliances 100, 200, and 200R running ...)
	NOT-FOR-US: Symantec Enterprise Firewall/VPN Appliances
CVE-2004-1471 (Format string vulnerability in wrapper.c in CVS 1.12.x through 1.12.8, ...)
	- cvs 1:1.12.9
CVE-2004-1470 (CRLF injection vulnerability in SnipSnap 0.5.2a, and other versions ...)
	NOT-FOR-US: snipsnap
CVE-2004-1469 (Format string vulnerability in the log function in SUS 2.0.2, and ...)
	NOT-FOR-US: SUS
CVE-2004-1468 (The web mail functionality in Usermin 1.x and Webmin 1.x allows remote ...)
	- webmin 1.160
	- usermin 1.090
CVE-2004-1467 (Multiple cross-site scripting (XSS) vulnerabilities in eGroupWare ...)
	- egroupware 1.0.00.004
CVE-2004-1466 (The set_time_limit function in Gallery before 1.4.4_p2 deletes ...)
	- gallery 1.4.4-pl2
CVE-2004-1465 (Multiple buffer overflows in WinZip 9.0 and earlier may allow ...)
	NOT-FOR-US: WinZip
CVE-2004-1464 (Cisco IOS 12.2(15) and earlier allows remote attackers to cause a ...)
	NOT-FOR-US: Cisco
CVE-2004-1463 (Unknown vulnerability in the PageEditor in MoinMoin 1.2.2 and earlier, ...)
	- moin 1.2.3-1
CVE-2004-1462 (Unknown vulnerability in MoinMoin 1.2.2 and earlier allows remote ...)
	- moin 1.2.3-1
CVE-2004-1461 (Cisco Secure Access Control Server (ACS) 3.2(3) and earlier spawns a ...)
	NOT-FOR-US: Cisco
CVE-2004-1460 (Cisco Secure Access Control Server (ACS) 3.2(3) and earlier, when ...)
	NOT-FOR-US: Cisco
CVE-2004-1459 (Cisco Secure Access Control Server (ACS) 3.2, when configured as a ...)
	NOT-FOR-US: Cisco
CVE-2004-1458 (The CSAdmin web administration interface for Cisco Secure Access ...)
	NOT-FOR-US: Cisco
CVE-2004-1457 (The Virtual Private Network (VPN) capability in Novell Bordermanager ...)
	NOT-FOR-US: Novell
CVE-2004-1456 (filediff in CVStrac allows remote attackers to execute arbitrary ...)
	- cvstrac 1.1.4-1
CVE-2004-1455 (Stack-based buffer overflow in Xine-lib-rc5 in xine-lib 1_rc5-r2 and ...)
	- xine-lib 1-rc5-1.1
CVE-2004-1454 (Cisco IOS 12.0S, 12.2, and 12.3, with Open Shortest Path First (OSPF) ...)
	NOT-FOR-US: Cisco
CVE-2004-1453 (GNU glibc 2.3.4 before 2.3.4.20040619, 2.3.3 before 2.3.3.20040420, ...)
	- glibc 2.3.5 (bug #272210; unimportant)
	NOTE: according to GOTO Masanori this is not a security problem
	NOTE: Jakub Jelinek confirms http://sources.redhat.com/ml/libc-hacker/2004-08/msg00059.html
	NOTE: Although not a real issue we should play safe with 2.3.5, where the code
	NOTE: was reorganized
CVE-2004-1452 (Tomcat before 5.0.27-r3 in Gentoo Linux sets the default permissions ...)
	NOT-FOR-US: Gentoo specific
CVE-2004-1451 (Mozilla before 1.6 does not display the entire URL in the status bar ...)
	- mozilla 2:1.6-1
CVE-2004-1450 (Unknown vulnerability in LiveConnect in Mozilla 1.7 beta allows remote ...)
	- mozilla 2:1.7.1-1
CVE-2004-1449 (Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7 ...)
	- mozilla 2:1.7-1
CVE-2004-1448 (Jetbox One 2.0.8 and possibly other versions allow remote attackers ...)
	NOT-FOR-US: Jetbox One
CVE-2004-1447 (Jetbox One 2.0.8 and possibly other versions stores passwords in the ...)
	NOT-FOR-US: Jetbox One
CVE-2004-1446 (Unknown vulnerability in ScreenOS in Juniper Networks NetScreen ...)
	NOT-FOR-US: ScreenOS
CVE-2004-1445 (A race condition in nessus-adduser in Nessus 2.0.11 and possibly ...)
	- nessus-core 2.0.12-1
CVE-2004-1444 (Directory traversal vulnerability in Roundup 0.6.4 and earlier allows ...)
	- roundup 0.7.3-1
CVE-2004-1443 (Cross-site scripting (XSS) vulnerability in the inline MIME viewer in ...)
	- imp3 3.2.5-1
CVE-2004-1442 (Cross-site scripting (XSS) vulnerability in db2www CGI interpreter in ...)
	NOT-FOR-US: db2www
CVE-2004-1441 (Cross-site scripting (XSS) vulnerability in icq.cgi in Board Power ...)
	NOT-FOR-US: Board Power
CVE-2004-1440 (Multiple heap-based buffer overflows in the modpow function in PuTTY ...)
	- putty 0.56-1
CVE-2004-1439 (Buffer overflow in BlackJumboDog 3.x allows remote attackers to ...)
	NOT-FOR-US: BlackJumboDog
CVE-2004-1438 (The mod_authz_svn Apache module for Subversion 1.0.4-r1 and earlier ...)
	- subversion 1.0.6-1
CVE-2004-1437 (Multiple buffer overflows in the digest authentication functionality ...)
	- pavuk 0.9pl28-3.1
CVE-2004-1436 (The Transaction Language 1 (TL1) login interface in Cisco ONS 15327 ...)
	NOT-FOR-US: Cisco
CVE-2004-1435 (Multiple versions of Cisco ONS 15327, ONS 15454, and ONS 15454 SDH, ...)
	NOT-FOR-US: Cisco
CVE-2004-1434 (Multiple versions of Cisco ONS 15327, ONS 15454, and ONS 15454 SDH, ...)
	NOT-FOR-US: Cisco
CVE-2004-1433 (Multiple versions of Cisco ONS 15327, ONS 15454, and ONS 15454 SDH, ...)
	NOT-FOR-US: Cisco
CVE-2004-1432 (Multiple versions of Cisco ONS 15327, ONS 15454, and ONS 15454 SDH, ...)
	NOT-FOR-US: Cisco
CVE-2004-1431 (FormMail.php 5.0, and possibly other versions, allows remote attackers ...)
	NOT-FOR-US: FormMail.php != nms-formmail
CVE-2004-1430 (SQL injection vulnerability in the show_stats module in Arcade.php in ...)
	NOT-FOR-US: Arcade.php
CVE-2004-1429 (ArGoSoft FTP 1.4.2.4 and earlier does not limit the number of times ...)
	NOT-FOR-US: ArGoSoft
CVE-2004-1428 (ArGoSoft FTP before 1.4.2.1 generates an error message if the user ...)
	NOT-FOR-US: ArGoSoft
CVE-2004-1427 (PHP remote file inclusion vulnerability in main.inc in KorWeblog ...)
	NOT-FOR-US: KorWeblog
CVE-2004-1426 (Directory traversal vulnerability in index.php in KorWeblog 1.6.2-cvs ...)
	NOT-FOR-US: KorWeblog
CVE-2004-1425 (Directory traversal vulnerability in file.php in Moodle 1.4.2 and ...)
	- moodle 1.4.3-1
CVE-2004-1424 (Cross-site scripting (XSS) vulnerability in view.php in Moodle 1.4.2 ...)
	- moodle 1.4.3-1
CVE-2004-1423 (Multiple PHP remote file inclusion vulnerabilities in Sean Proctor ...)
	NOT-FOR-US: PHP-Calendar
CVE-2004-1422 (WHM AutoPilot 2.4.6.5 and earlier allows remote attackers to gain ...)
	NOT-FOR-US: WHM AutoPilot
CVE-2004-1421 (Multiple PHP remote file inclusion vulnerabilities (1) step_one.php, ...)
	NOT-FOR-US: WHM AutoPilot
CVE-2004-1420 (Multiple cross-site scripting (XSS) vulnerabilities in header.php in ...)
	NOT-FOR-US: WHM AutoPilot
CVE-2004-1419 (PHP remote file inclusion vulnerability in ZeroBoard 4.1pl4 and ...)
	NOT-FOR-US: ZeroBoard
CVE-2004-1418 (Cross-site scripting (XSS) vulnerability in WPKontakt 3.0.1 and ...)
	NOT-FOR-US: WPKontakt
CVE-2004-1417 (Cross-site scripting (XSS) vulnerability in login.php in PsychoStats ...)
	NOT-FOR-US: PsychoStats
CVE-2004-1416 (pnxr3260.dll in the RealOne 2.0 build 6.0.11.868 browser plugin, as ...)
	NOT-FOR-US: RealOne IE plugin
CVE-2004-1415 (SQL injection vulnerability in (1) disp_album.php and possibly (2) ...)
	NOT-FOR-US: 2Bgal
CVE-2004-1414 (Gadu-Gadu 6.1 build 156 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Gadu-Gadu
CVE-2004-1413 (Multiple SQL injection vulnerabilities in Kayako eSupport 2.x allow ...)
	NOT-FOR-US: Kayako
CVE-2004-1412 (Cross-site scripting (XSS) vulnerability in index.php in Kayako ...)
	NOT-FOR-US: Kayako
CVE-2004-1411 (Gadu-Gadu build 155 and earlier allows remote attackers to cause a ...)
	NOT-FOR-US: Gadu-Gadu
CVE-2004-1410 (Cross-site scripting (XSS) vulnerability in Gadu-Gadu build 155 and ...)
	NOT-FOR-US: Gadu-Gadu
CVE-2004-1409 (Multiple cross-site scripting vulnerabilities in Image Gallery Web ...)
	NOT-FOR-US: Image Gallery Web Application
CVE-2004-1408 (The addImage method for admin.class.php in Image Gallery Web ...)
	NOT-FOR-US: Image Gallery Web Application
CVE-2004-1407 (Multiple directory traversal vulnerabilities in singapore Image ...)
	NOT-FOR-US: Image Gallery Web Application
CVE-2004-1406 (SQL injection vulnerability in ikonboard.cgi in Ikonboard 3.1.0 ...)
	NOT-FOR-US: Ikonboard
CVE-2004-1405 (MediaWiki 1.3.8 and earlier, when used with Apache mod_mime, does not ...)
	- mediawiki 1.4.9 (bug #276057)
CVE-2004-1404 (Attachment Mod 2.3.10 module for phpBB, when used with Apache ...)
	NOT-FOR-US: Attachment Mod for phpBB
CVE-2004-1403 (PHP remote file inclusion vulnerability in index.php in GNUBoard 3.39 ...)
	NOT-FOR-US: GNUBoard
CVE-2004-1402 (SQL injection vulnerability in iWebNegar allows remote attackers to ...)
	NOT-FOR-US: iWebNegar
CVE-2004-1401 (SQL injection vulnerability in verify.asp in Asp-rider allows remote ...)
	NOT-FOR-US: Asp-rider
CVE-2004-1400 (The control panel in ASP Calendar does not require authentication to ...)
	NOT-FOR-US: ASP Calendar
CVE-2004-1399 (Directory traversal vulnerability in the Attachment module 2.3.10 and ...)
	NOT-FOR-US: Attachment Mod for phpBB
CVE-2004-1398 (Format string vulnerability in prelink.c in kextload in Apple OS X, as ...)
	NOT-FOR-US: MacOSX
CVE-2004-1397 (Cross-site scripting (XSS) vulnerability in UseModWiki 1.0 allows ...)
	- usemod-wiki 1.0-6
CVE-2004-1396 (Winamp 5.07 and possibly other versions, allows remote attackers to ...)
	NOT-FOR-US: Winamp
CVE-2004-1395 (The Lithtech engine, as used in (1) Contract Jack 1.1 and earlier, (2) ...)
	NOT-FOR-US: Lithtech engine
CVE-2003-1084 (Monit 1.4 to 4.1 allows remote attackers to cause a denial of service ...)
	- monit 1:4.2.1-1
CVE-2003-1083 (Stack-based buffer overflow in Monit 1.4 to 4.1 allows remote ...)
	- monit 1:4.2.1-1
CVE-2005-0365 (The dcopidlng script in KDE 3.2.x and 3.3.x creates temporary files ...)
	- kdelibs 4:3.3.2-2
CVE-2005-0363 (awstats.pl in AWStats 4.0 and 6.2 allows remote attackers to execute ...)
	{DSA-682-1}
	- awstats 6.2-1.2
CVE-2005-0362 (awstats.pl in AWStats 6.2 allows remote attackers to execute arbitrary ...)
	- awstats 6.2-1.2
	NOTE: http://patches.ubuntu.com/patches/awstats.more-CVE-2005-0016.diff
	NOTE: http://packetstormsecurity.nl/0501-exploits/AWStatsVulnAnalysis.pdf
CVE-2005-0284 (SQL injection vulnerability in addentry.php in Woltlab Burning Book ...)
	NOT-FOR-US: Woltlab Burning Book
CVE-2005-0348 (Directory traversal vulnerability in RealArcade 1.2.0.994 allows ...)
	NOT-FOR-US: RealArcade
CVE-2005-0347 (Integer overflow in RealArcade 1.2.0.994 and earlier allows remote ...)
	NOT-FOR-US: RealArcade
CVE-2005-0346 (SafeNet SoftRemote VPN Client stores the VPN password (pre-shared key) ...)
	NOT-FOR-US: SafeNet
CVE-2005-0345 (viewthread.php in php-fusion 4.x does not check the (1) forum_id or ...)
	NOT-FOR-US: php-fusion
CVE-2005-0344 (Directory traversal vulnerability in 602LAN SUITE 2004.0.04.1221 ...)
	NOT-FOR-US: 602LAN SUITE
CVE-2005-0343 (SQL injection vulnerability in PerlDesk 1.x allows remote attackers to ...)
	NOT-FOR-US: PerlDesk
CVE-2005-0342 (The Finder in Mac OS X and earlier allows local users to overwrite ...)
	NOT-FOR-US: Apple
CVE-2005-0341 (Apple Safari 1.2.4 does not obey the Content-type field in the HTTP ...)
	NOT-FOR-US: Apple
CVE-2005-0340 (Integer signedness error in Apple File Service (AFP Server) allows ...)
	NOT-FOR-US: Apple
CVE-2005-0339 (Buffer overflow in Foxmail 2.0 allows remote attackers to cause a ...)
	NOT-FOR-US: Foxmail
CVE-2005-0338 (Buffer overflow in Savant Web Server 3.1 allows remote attackers to ...)
	NOT-FOR-US: Savant Web Server
CVE-2005-0337 (Postfix 2.1.3, when /proc/net/if_inet6 is not available and ...)
	- postfix 2.1.4-5
CVE-2005-0336 (Cross-site scripting (XSS) vulnerability in EMotion MediaPartner Web ...)
	NOT-FOR-US: eMotion MediaPartner
CVE-2005-0335 (Directory traversal vulnerability in EMotion MediaPartner Web Server ...)
	NOT-FOR-US: eMotion MediaPartner
CVE-2005-0334 (Linksys PSUS4 running firmware 6032 allows remote attackers to cause a ...)
	NOT-FOR-US: Linksys
CVE-2005-0333 (LANChat Pro Revival 1.666c allows remote attackers to cause a denial ...)
	NOT-FOR-US: LanChat
CVE-2005-0332 (Directory traversal vulnerability in DeskNow Mail and Collaboration ...)
	NOT-FOR-US: DeskNow Mail server
CVE-2005-0331 (Directory traversal vulnerability in WinRAR 3.42 and earlier, when the ...)
	NOT-FOR-US: Winrar
CVE-2005-0330 (Buffer overflow in Painkiller 1.35 and earlier, and possibly other ...)
	NOT-FOR-US: Painkiller
CVE-2005-0329 (Directory traversal vulnerability in ZipGenius 5.5 and earlier allows ...)
	NOT-FOR-US: ZipGenius
CVE-2005-0328 (Zyxel P310, P314, P324 and Netgear RT311, RT314 running the latest ...)
	NOT-FOR-US: Netgear
CVE-2005-0327 (pafiledb.php in Pafiledb 3.1 may allow remote attackers to execute ...)
	NOT-FOR-US: PafileDB
CVE-2005-0326 (pafiledb.php in PaFileDB 3.1 allows remote attackers to gain sensitive ...)
	NOT-FOR-US: PafileDB
CVE-2005-0325 (Xpand Rally 1.0.0.0 allows remote attackers or remote malicious game ...)
	NOT-FOR-US: Xpand Rally
CVE-2005-0324 (Infinite Mobile Delivery Webmail 2.6 allows remote attackers to gain ...)
	NOT-FOR-US: Infinite Mobile Delivery Webmail
CVE-2005-0323 (Cross-site scripting (XSS) vulnerability in Infinite Mobile Delivery ...)
	NOT-FOR-US: Infinite Mobile Delivery Webmail
CVE-2005-0322 (MERAK Mail Server 7.6.0 with Icewarp Web Mail 5.3.0 and Mail Server ...)
	NOT-FOR-US: Merak Mail server
CVE-2005-0321 (MERAK Mail Server 7.6.0 with Icewarp Web Mail 5.3.0 allows remote ...)
	NOT-FOR-US: Merak Mail server
CVE-2005-0320 (Multiple cross-site scripting vulnerabilities in MERAK Mail Server ...)
	NOT-FOR-US: Merak Mail server
CVE-2005-0319 (Direct remote injection vulnerability in modalfram.wdm in Alt-N ...)
	NOT-FOR-US: Webadmin
CVE-2005-0318 (useredit_account.wdm in Alt-N WebAdmin 3.0.4 does not properly ...)
	NOT-FOR-US: Webadmin
CVE-2005-0317 (Cross-site scripting (XSS) vulnerability in useredit_account.wdm in ...)
	NOT-FOR-US: Webadmin
CVE-2005-0316 (WebWasher Classic 2.2.1 and 3.3, when running in server mode, does not ...)
	NOT-FOR-US: WebWasher
CVE-2005-0315 (The FTP service in Magic Winmail Server 4.0 Build 1112 does not verify ...)
	NOT-FOR-US: Magic Winmail
CVE-2005-0314 (Cross-site scripting (XSS) vulnerability in user.php in Magic Winmail ...)
	NOT-FOR-US: Magic Winmail
CVE-2005-0313 (Multiple directory traversal vulnerabilities in Magic Winmail Server ...)
	NOT-FOR-US: Magic Winmail
CVE-2005-0312 (WarFTPD 1.82 RC9, when running as an NT service, allows remote ...)
	NOT-FOR-US: WarFTPD under NT
CVE-2005-0311 (Ingate Firewall 4.1.3 and earlier does not terminate the PPTP session ...)
	NOT-FOR-US: Ingate
CVE-2005-0310 (Exponent 0.95 allows remote attackers to obtain sensitive information ...)
	NOT-FOR-US: Exponent
CVE-2005-0309 (Multiple cross-site scripting (XSS) vulnerabilities in (1) index.php ...)
	NOT-FOR-US: Exponent
CVE-2005-0308 (Buffer overflow in the wsprintf function in W32Dasm 8.93 and earlier ...)
	NOT-FOR-US: W32Dasm
CVE-2005-0307 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...)
	NOT-FOR-US: MercuryBoard
CVE-2005-0306 (MercuryBoard 1.1.1 allows remote attackers to gain sensitive ...)
	NOT-FOR-US: MercuryBoard
CVE-2005-0305 (CRLF injection vulnerability in users.php in Siteman 1.1.10 and ...)
	NOT-FOR-US: Siteman
CVE-2005-0304 (Directory traversal vulnerability in DivX Player 2.6 and earlier ...)
	NOT-FOR-US: DivX Player
CVE-2005-0303 (Multiple cross-site scripting (XSS) vulnerabilities in (1) ...)
	NOT-FOR-US: BackOffice Lite
CVE-2005-0302 (SQL injection vulnerability in default.asp in BackOffice Lite 6.0 and ...)
	NOT-FOR-US: BackOffice Lite
CVE-2005-0301 (comersus_backoffice_install10.asp in BackOffice Lite 6.0 and 6.01 ...)
	NOT-FOR-US: BackOffice Lite
CVE-2005-0300 (Directory traversal vulnerability in session.php in JSBoard 2.0.9 and ...)
	- jsboard 2.0.10-1
CVE-2005-0299 (Directory traversal vulnerability in GForge 3.3 and earlier allows ...)
	- gforge 3.1-26
CVE-2005-0298 (The DIRECTORY objects in Oracle 8i through Oracle 10g contain the ...)
	NOT-FOR-US: Oracle
CVE-2005-0297 (SQL injection vulnerability in Oracle Database 9i and 10g allows ...)
	NOT-FOR-US: Oracle
CVE-2005-0296 (** DISPUTED ** ...)
	NOT-FOR-US: Novell
CVE-2005-0295 (npptnt2.sys in nProtect Gameguard provides unrestricted I/O to any ...)
	NOT-FOR-US: nProtect
CVE-2005-0294 (minis.php in Minis 0.2.1 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Minis
CVE-2005-0293 (Directory traversal vulnerability in minis.php in Minis 0.2.1 allows ...)
	NOT-FOR-US: Minis
CVE-2005-0292 (Multiple SQL injection vulnerabilities in index.php in PHP Gift ...)
	NOT-FOR-US: phpGiftReg
CVE-2005-0291 (Cross-site scripting (XSS) vulnerability in the log viewer in NETGEAR ...)
	NOT-FOR-US: NetGear
CVE-2005-0290 (NETGEAR FVS318 running firmware 2.4, and possibly other versions, ...)
	NOT-FOR-US: NetGear
CVE-2005-0289 (Apple AirPort Express prior to 6.1.1 and Extreme prior to 5.5.1, ...)
	NOT-FOR-US: Apple
CVE-2005-0288 (The change password functionality in Bottomline Webseries Payment ...)
	NOT-FOR-US: BottomLine WebSeries
CVE-2005-0287 (Bottomline Webseries Payment Application allows remote attackers to ...)
	NOT-FOR-US: BottomLine WebSeries
CVE-2005-0286 (eMotion MediaPartner Web Server 5.0 and 5.1 allows remote attackers to ...)
	NOT-FOR-US: eMotion MediaPartner
CVE-2005-0285 (Webseries Payment Application does not properly restrict privileged ...)
	NOT-FOR-US: BottomLine WebSeries
CVE-2005-0283 (Directory traversal vulnerability in index.php in QwikiWiki allows ...)
	NOT-FOR-US: QwikiWiki
CVE-2005-0282 (SQL injection vulnerability in member.php in MyBulletinBoard (MyBB) ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2005-0281 (Cross-site scripting (XSS) vulnerability in the web interface in ...)
	NOT-FOR-US: Soldner Secret
CVE-2005-0280 (Format string vulnerability in Soldner Secret Wars 30830 and earlier ...)
	NOT-FOR-US: Soldner Secret
CVE-2005-0279 (Soldner Secret Wars 30830 and earlier does not properly handle the ...)
	NOT-FOR-US: Soldner Secret
CVE-2005-0278 (The FTP service in 3Com 3CDaemon 2.0 revision 10 allows remote ...)
	NOT-FOR-US: 3COM 3CDaemon
CVE-2005-0277 (Buffer overflow in the FTP service in 3Com 3CDaemon 2.0 revision 10 ...)
	NOT-FOR-US: 3COM 3CDaemon
CVE-2005-0276 (Multiple format string vulnerabilities in the FTP service in 3Com ...)
	NOT-FOR-US: 3COM 3CDaemon
CVE-2005-0275 (TFTP in 3Com 3CDaemon 2.0 revision 10 allows remote attackers to cause ...)
	NOT-FOR-US: 3COM 3CDaemon
CVE-2005-0274 (Multiple cross-site scripting (XSS) vulnerabilities in showgallery.php ...)
	NOT-FOR-US: PhotoPost
CVE-2005-0273 (Multiple SQL injection vulnerabilities in showgallery.php in PhotoPost ...)
	NOT-FOR-US: PhotoPost
CVE-2005-0272 (ReviewPost PHP Pro before 2.84 allows remote attackers to upload and ...)
	NOT-FOR-US: ReviewPost
CVE-2005-0271 (Multiple SQL injection vulnerabilities in ReviewPost PHP Pro before ...)
	NOT-FOR-US: ReviewPost
CVE-2005-0270 (Multiple cross-site scripting (XSS) vulnerabilities in ReviewPost PHP ...)
	NOT-FOR-US: ReviewPost
CVE-2005-0269 (The file extension check in GNUBoard 3.40 and earlier only verifies ...)
	NOT-FOR-US: GNUBoard
CVE-2005-0268 (Direct code injection vulnerability in FlatNuke 2.5.1 allows remote ...)
	NOT-FOR-US: FlatNuke
CVE-2005-0267 (index.php in FlatNuke 2.5.1 allows remote attackers to create an ...)
	NOT-FOR-US: FlatNuke
CVE-2005-0266 (Cross-site scripting (XSS) vulnerability in index.php in SugarCRM 1.X ...)
	NOT-FOR-US: SugerCRM
CVE-2005-0265 (Multiple SQL injection vulnerabilities in browse.php in OWL 0.7 and ...)
	NOT-FOR-US: OWL intranet
CVE-2005-0264 (Multiple cross-site scripting (XSS) vulnerabilities in browse.php in ...)
	NOT-FOR-US: OWL intranet
CVE-2005-0263 (Buffer overflow in netpmon on AIX 5.1, 5.2, and 5.3 allows local users ...)
	NOT-FOR-US: AIX
CVE-2005-0262 (Buffer overflow in ipl_varyon on AIX 5.1, 5.2, and 5.3 allows local ...)
	NOT-FOR-US: AIX
CVE-2005-0261 (lspath in AIX 5.2, 5.3, and possibly earlier versions, does not drop ...)
	NOT-FOR-US: AIX
CVE-2005-0260 (Stack-based buffer overflow in the Discovery Service for BrightStor ...)
	NOT-FOR-US: ARCserve Backup
CVE-2005-0259 (phpBB 2.0.11, and possibly other versions, with remote avatars and ...)
	- phpbb2 2.0.12-1
CVE-2005-0258 (Directory traversal vulnerability in (1) usercp_register.php and (2) ...)
	- phpbb2 2.0.12-1
CVE-2005-0257
	RESERVED
CVE-2005-0256 (The wu_fnmatch function in wu_fnmatch.c in wu-ftpd 2.6.1 and 2.6.2 ...)
	{DSA-705-1}
	- wu-ftpd 2.6.2-19
CVE-2005-0255 (String handling functions in Mozilla 1.7.3, Firefox 1.0, and ...)
	- mozilla-firefox 1.0.1
	NOTE: didn't other with YA mozilla-browser bug, it has enough for 1.7.6 already..
	- mozilla 2:1.7.6
CVE-2005-0254 (BibORB 1.3.2, and possibly earlier versions, does not properly enforce ...)
	NOT-FOR-US: BibORB
CVE-2005-0253 (Directory traversal vulnerability in index.php for BibORB 1.3.2, and ...)
	NOT-FOR-US: BibORB
CVE-2005-0252 (SQL injection vulnerability in BibORB 1.3.2, and possibly earlier ...)
	NOT-FOR-US: BibORB
CVE-2005-0251 (Cross-site scripting (XSS) vulnerability in bibindex.php for BibORB ...)
	NOT-FOR-US: BibORB
CVE-2005-0250 (Format string vulnerability in auditselect on IBM AIX 5.1, 5.2, and ...)
	NOT-FOR-US: AIX
CVE-2005-0249 (Heap-based buffer overflow in the DEC2EXE module for Symantec ...)
	NOT-FOR-US: Symantec AntiVirus Library
CVE-2005-0248 (The Solaris Management Console (SMC) GUI for Solaris 8 and 9, when ...)
	NOT-FOR-US: Solaris
CVE-2005-0247 (Multiple buffer overflows in gram.y for PostgreSQL 8.0.1 and earlier ...)
	{DSA-683-1}
	- postgresql 7.4.7-2
CVE-2005-0246 (The intagg contrib module for PostgreSQL 8.0.0 and earlier allows ...)
	- postgresql 7.4.7-1
CVE-2005-0245 (Buffer overflow in gram.y for PostgreSQL 8.0.0 and earlier may allow ...)
	{DSA-683-1}
	- postgresql 7.4.7-1
CVE-2005-0244 (PostgreSQL 8.0.0 and earlier allows local users to bypass the EXECUTE ...)
	- postgresql 7.4.7-1
CVE-2005-0243 (Yahoo! Messenger 6.0.0.1750, and possibly other versions before ...)
	NOT-FOR-US: Yahoo! Messenger
CVE-2005-0242 (The Audio Setup Wizard (asw.dll) in Yahoo! Messenger 6.0.0.1750, and ...)
	NOT-FOR-US: Yahoo! Messenger
CVE-2005-0241 (The httpProcessReplyHeader function in http.c for Squid 2.5-STABLE7 ...)
	- squid 2.5.7-7
CVE-2004-1394 (The pfexec function for Sun Solaris 8 and 9 does not properly handle ...)
	NOT-FOR-US: Solaris
CVE-2004-1393 (Unknown vulnerability in the tcsetattr function for Sun Solaris ...)
	NOT-FOR-US: Solaris
CVE-2003-1082 (Buffer overflow in utmp_update for Solaris 2.6 through 9 allows local ...)
	NOT-FOR-US: Solaris
CVE-2003-1081 (Aspppls for Solaris 8 allows local users to overwrite arbitrary files ...)
	NOT-FOR-US: Solaris
CVE-2003-1080 (Unknown vulnerability in mail for Solaris 2.6 through 9 allows local ...)
	NOT-FOR-US: Solaris
CVE-2003-1079 (Unknown vulnerability in UDP RPC for Solaris 2.5.1 through 9 for ...)
	NOT-FOR-US: Solaris
CVE-2003-1078 (The FTP client for Solaris 2.6, 7, and 8 with the debug (-d) flag ...)
	NOT-FOR-US: Solaris
CVE-2003-1077 (Unknown vulnerability in UFS for Solaris 9 for SPARC, with logging ...)
	NOT-FOR-US: Solaris
CVE-2003-1076 (Unknown vulnerability in sendmail for Solaris 7, 8, and 9 allows local ...)
	NOT-FOR-US: Solaris
CVE-2003-1075 (Unknown vulnerability in the FTP server (in.ftpd) for Solaris 2.6 ...)
	NOT-FOR-US: Solaris
CVE-2003-1074 (Unknown vulnerability in newtask for Solaris 9 allows local ...)
	NOT-FOR-US: Solaris
CVE-2003-1073 (A race condition in the at command for Solaris 2.6 through 9 allows ...)
	NOT-FOR-US: Solaris
CVE-2003-1072 (Memory leak in lofiadm in Solaris 8 allows local users to cause a ...)
	NOT-FOR-US: Solaris
CVE-2003-1071 (rpc.walld (wall daemon) for Solaris 2.6 through 9 allows local users ...)
	NOT-FOR-US: Solaris
CVE-2003-1070 (Unknown vulnerability in rpcbind for Solaris 2.6 through 9 allows ...)
	NOT-FOR-US: Solaris
CVE-2003-1069 (The Telnet daemon (in.telnetd) for Solaris 2.6 through 9 allows remote ...)
	NOT-FOR-US: Solaris
CVE-2003-1068 (Buffer overflow in utmp_update for Solaris 2.6 through 9 allows local ...)
	NOT-FOR-US: Solaris
CVE-2003-1067 (Multiple buffer overflows in the (1) dbm_open function, as used in ...)
	NOT-FOR-US: Solaris
CVE-2003-1066 (Buffer overflow in the syslog daemon for Solaris 2.6 through 9 allows ...)
	NOT-FOR-US: Solaris
CVE-2003-1065 (Unknown vulnerability in patches 108993-14 through 108993-19 and ...)
	NOT-FOR-US: Solaris
CVE-2003-1064 (Solaris 8 with IPv6 enabled allows remote attackers to cause a denial ...)
	NOT-FOR-US: Solaris
CVE-2003-1063 (The patches (1) 105693-13, (2) 108800-02, (3) 105694-13, and (4) ...)
	NOT-FOR-US: Solaris
CVE-2003-1062 (Unknown vulnerability in the sysinfo system call for Solaris for SPARC ...)
	NOT-FOR-US: Solaris
CVE-2003-1061 (Race condition in Solaris 2.6 through 9 allows local users to cause a ...)
	NOT-FOR-US: Solaris
CVE-2003-1060 (The NFS Server for Solaris 7, 8, and 9 allows remote attackers to ...)
	NOT-FOR-US: Solaris
CVE-2003-1059 (Unknown vulnerability in the libraries for the PGX32 frame buffer in ...)
	NOT-FOR-US: Solaris
CVE-2003-1058 (The Xsun server for Sun Solaris 2.6 through 9, when running in Direct ...)
	NOT-FOR-US: Solaris
CVE-2003-1057 (Unknown vulnerability in CDE Print Viewer (dtprintinfo) for Sun ...)
	NOT-FOR-US: Solaris
CVE-2003-1056 (The ed editor for Sun Solaris 2.6, 7, and 8 allows local users to ...)
	NOT-FOR-US: Solaris
CVE-2003-1055 (Buffer overflow in the nss_ldap.so.1 library for Sun Solaris 8 and 9 ...)
	NOT-FOR-US: Solaris
CVE-2002-1590 (The Web-Based Enterprise Management (WBEM) packages (1) SUNWwbdoc, (2) ...)
	NOT-FOR-US: Solaris
CVE-2002-1589 (Unknown vulnerability in Solaris 8, when the 0x02 bit (aka TEST, ...)
	NOT-FOR-US: Solaris
CVE-2002-1588 (Mailtool for OpenWindows 3.6, 3.6.1, and 3.6.2 allows remote attackers ...)
	NOT-FOR-US: Mailtool for OpenWindows
CVE-2002-1587 (The libthread library (libthread.so.1) for Solaris 2.5.1 through 8 ...)
	NOT-FOR-US: Solaris
CVE-2002-1586 (Solaris 2.5.1 through 9 allows local users to cause a denial of ...)
	NOT-FOR-US: Solaris
CVE-2002-1585 (Unknown vulnerability in Solaris 8 for Intel and Solaris 8 and 9 ...)
	NOT-FOR-US: Solaris
CVE-2002-1584 (Unknown vulnerability in the AUTH_DES authentication for RPC in ...)
	NOT-FOR-US: Solaris
CVE-2001-1414 (The Basic Security Module (BSM) for Solaris 2.5.1, 2.6, 7, and 8 does ...)
	NOT-FOR-US: Solaris
CVE-2005-0240 (Format string vulnerability in chdev on IBM AIX 5.2 allows local users ...)
	NOT-FOR-US: AIX
CVE-2005-0239 (viewcert.php in the S/MIME plugin 0.4 and 0.5 for Squirrelmail allows ...)
	NOT-FOR-US: S/MIME plugin
CVE-2005-0238 (The International Domain Name (IDN) support in Epiphany allows remote ...)
	NOTE: upstream bug https://bugzilla.mozilla.org/show_bug.cgi?id=281381
	- epiphany-browser 1.4.8-2
CVE-2005-0237 (The International Domain Name (IDN) support in Konqueror 3.2.1 on KDE ...)
	- kdelibs 4:3.3.2-3
CVE-2005-0236 (The International Domain Name (IDN) support in Omniweb 5 allows remote ...)
	NOT-FOR-US: Omniweb
CVE-2005-0235 (The International Domain Name (IDN) support in Opera 7.54 allows ...)
	NOT-FOR-US: Opera
CVE-2005-0234 (The International Domain Name (IDN) support in Safari 1.2.5 allows ...)
	NOT-FOR-US: Safari
CVE-2005-0233 (The International Domain Name (IDN) support in Firefox 1.0, Camino ...)
	NOTE: IDN is now disabled by default in firefox, but there may be a more elegant
	NOTE: solution in the future
	- mozilla-firefox 1.0.1-1
	- mozilla 2:1.7.6-1
CVE-2005-0232 (Firefox 1.0 allows remote attackers to modify Boolean configuration ...)
	- mozilla-firefox 1.0+dfsg.1-6
CVE-2005-0231 (Firefox 1.0 does not invoke the Javascript Security Manager when a ...)
	- mozilla-firefox 1.0+dfsg.1-6
CVE-2005-0230 (Firefox 1.0 does not prevent the user from dragging an executable file ...)
	NOTE: I don't know if this could work under Linux, anything I drag on the Desktop from firefox is convert to a Link
	NOTE: "when it has an image/gif content type but has a dangerous extension such as .bat or .exe, allows remote attackers
	NOTE: to ... execute arbitrary commands via malformed GIF files ... parsed by the Windows batch file parser
	NOTE: any interpretor would require the file to be +x to execute it and then would spit if handed a GIF
	NOTE: < vorlon> hacim: it's specific to Windows, home to the dumbest interpreter on the planet.
	- mozilla-firefox <not-affected> (Affects only Firefox on Windows)
CVE-2005-0229 (CitrusDB 0.3.5 and earlier stores the newfile.txt temporary data file ...)
	NOT-FOR-US: CitrusDB
CVE-2005-0228
	REJECTED
CVE-2005-0227 (PostgreSQL (pgsql) 7.4.x, 7.2.x, and other versions allows local users ...)
	{DSA-668-1}
	- postgresql 7.4.7-1
CVE-2005-0226 (Format string vulnerability in the Log_Resolver function in log.c for ...)
	NOT-FOR-US: ngIRCd
CVE-2005-0225 (firehol.sh in FireHOL before 1.224 creates temporary files with ...)
	- firehol 1.214-4
CVE-2005-0224 (Unknown vulnerability in HP-UX B.11.04 running Virtualvault 4.5 ...)
	NOT-FOR-US: HP-UX
CVE-2005-0223 (The Software Development Kit (SDK) and Run Time Environment (RTE) ...)
	NOT-FOR-US: Java SDK and RTE for Tru64 UNIX
CVE-2005-0222 (main.php in Gallery 2.0 Alpha allows remote attackers to gain ...)
	- gallery 1.4.4-pl5-1
CVE-2005-0221 (Cross-site scripting (XSS) vulnerability in login.php in Gallery 2.0 ...)
	- gallery 1.4.4-pl5-1
CVE-2005-0220 (Cross-site scripting vulnerability in login.php in Gallery 1.4.4-pl2 ...)
	- gallery 1.4.4-pl5-1
CVE-2005-0219 (Multiple cross-site scripting (XSS) vulnerabilities in Gallery ...)
	- gallery 1.4.4-pl5-1
CVE-2005-0217 (SQL injection vulnerability in index.php in Invision Community Blog ...)
	NOT-FOR-US: Invision Community Blog
CVE-2005-0216 (Cross-site scripting (XSS) vulnerability in formmail.php in Woltlab ...)
	NOT-FOR-US: Woltlab Burning Board Lite
CVE-2005-0215 (Mozilla 1.6 and possibly other versions allows remote attackers to ...)
	- mozilla <not-affected> (Mozilla 1.6 for Windows)
CVE-2005-0214 (Directory traversal vulnerability in Simple PHP Blog (SPHPBlog) 0.3.7c ...)
	NOT-FOR-US: SPHPBlog
CVE-2005-0213 (Directory traversal vulnerability in WinHKI 1.4d allows remote ...)
	NOT-FOR-US: WinHKI
CVE-2005-0212 (The Amp II engine as used by Gore: Ultimate Soldier 1.50 and earlier ...)
	NOT-FOR-US: The Amp II engine as used by Gore: Ultimate Soldier
CVE-2005-0211 (Buffer overflow in wccp.c in Squid 2.5 before 2.5.STABLE7 allows ...)
	{DSA-667-1}
	- squid 2.5.7-6
CVE-2005-0210 (Netfilter in the Linux kernel 2.6.8.1 allows local users to cause a ...)
	- linux-2.6 <not-affected> (Fixed before upload into archive)
	[sarge] - kernel-source-2.6.8 2.6.8-15
	- kernel-source-2.4.27 2.4.27-9 (bug #300838)
CVE-2005-0209 (Netfilter in Linux kernel 2.6.8.1 allows remote attackers to cause a ...)
	- linux-2.6 <not-affected> (Fixed before upload into archive)
	- kernel-source-2.4.27 2.4.27-9
CVE-2005-0208 (The HTML parsing functions in Gaim before 1.1.4 allow remote attackers ...)
	- gaim 1:1.1.4
CVE-2005-0207 (Unknown vulnerability in Linux kernel 2.4.x, 2.5.x, and 2.6.x allows ...)
	- linux-2.6 <not-affected> (Fixed before upload into archive)
	[sarge] - kernel-source-2.6.8 2.6.8-14
CVE-2005-0206 (The patch for integer overflow vulnerabilities in Xpdf 2.0 and 3.0 ...)
	- xpdf <not-affected> (Initial Debian fix was already correct)
	- gpdf <not-affected> (Initial Debian fix was already correct)
	- kdegraphics <not-affected> (Initial Debian fix was already correct)
	- tetex-bin <not-affected> (Initial Debian fix was already correct)
	- pdftohtml <not-affected> (Initial Debian fix was already correct)
	- cups 1.1.22-7
	- cupsys 1.1.22-7
	NOTE: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=135393
	NOTE: cupsys uses an external xpdf now.
CVE-2005-0205 (KPPP 2.1.2 in KDE 3.1.5 and earlier, when setuid root without certain ...)
	{DSA-692-1}
	- kdenetwork 4:3.1.6
CVE-2005-0204 (Linux kernel before 2.6.9, when running on the AMD64 and Intel EM64T ...)
	- linux-2.6 <not-affected> (Fixed before upload into archive)
	- kernel-source-2.4.27 2.4.27-9 (bug #296700; high)
CVE-2005-0203
	REJECTED
CVE-2005-0202 (Directory traversal vulnerability in the true_path function in ...)
	{DSA-674-1}
	- mailman 2.1.5-6
CVE-2005-0201 (D-BUS (dbus) before 0.22 does not properly restrict access to a ...)
	- dbus 0.22
CVE-2005-0200 (TikiWiki before 1.8.5 does not properly validate files that have been ...)
	NOT-FOR-US: TikiWiki
CVE-2005-0199 (Integer underflow in the Lists_MakeMask() function in lists.c in ...)
	NOT-FOR-US: ngIRCd
CVE-2005-0197 (Cisco IOS 12.1T, 12.2, 12.2T, 12.3 and 12.3T, with Multi Protocol ...)
	NOT-FOR-US: Cisco
CVE-2005-0196 (Cisco IOS 12.0 through 12.3YL, with BGP enabled and running the bgp ...)
	NOT-FOR-US: Cisco
CVE-2005-0195 (Cisco IOS 12.0S through 12.3YH allows remote attackers to cause a ...)
	NOT-FOR-US: Cisco
CVE-2005-0194 (Squid 2.5, when processing the configuration file, parses empty Access ...)
	{DSA-667-1}
	- squid 2.5.7-7
CVE-2005-0193 (Buffer overflow in the (1) -v and (2) -a switches in mRouter in iSync ...)
	NOT-FOR-US: mRouter in iSync in OS X
CVE-2005-0192 (Directory traversal vulnerability in the parsing of Skin file names in ...)
	NOT-FOR-US: RealPlayer
CVE-2005-0191 (Off-by-one buffer overflow in the processing of tags in Real Metadata ...)
	NOT-FOR-US: RealPlayer
CVE-2005-0190 (Directory traversal vulnerability in RealPlayer 10.5 (6.0.12.1040) and ...)
	NOT-FOR-US: RealPlayer
CVE-2005-0189 (Stack-based buffer overflow in the HandleAction function in RealPlayer ...)
	NOT-FOR-US: RealPlayer
CVE-2005-0188 (Format string vulnerability in the SetBaseURL function in AtHoc ...)
	NOT-FOR-US: AtHoc toolbar
CVE-2005-0187 (Stack-based buffer overflow in the SetSkin function in AtHoc toolbar ...)
	NOT-FOR-US: AtHoc toolbar
CVE-2005-0186 (Cisco IOS 12.1YD, 12.2T, 12.3 and 12.3T, when configured for the IOS ...)
	NOT-FOR-US: Cisco
CVE-2005-0185 (Stack-based buffer overflow in NodeManager Professional 2.00 allows ...)
	NOT-FOR-US: NodeManager Professional
CVE-2005-0184 (Directory traversal vulnerability in ftpfile in the Vacation plugin ...)
	NOT-FOR-US: vacation plugin
CVE-2005-0183 (ftpfile in the Vacation plugin 0.15 and earlier for Squirrelmail ...)
	NOT-FOR-US: vacation plugin
CVE-2005-0182 (The mod_dosevasive module 1.9 and earlier for Apache creates temporary ...)
	NOT-FOR-US: mod_dosevasive module for apache
CVE-2005-0181
	RESERVED
CVE-2005-0180 (Multiple integer signedness errors in the sg_scsi_ioctl function in ...)
	[sarge] - kernel-source-2.6.8 2.6.8-12
	- linux-2.6 <not-affected> (Fixed before upload into archive)
	- kernel-source-2.4.27 <not-affected> (intlen and outlen are unsigned in 2.4)
CVE-2005-0179 (Linux kernel 2.4.x and 2.6.x allows local users to cause a denial of ...)
	[sarge] - kernel-source-2.6.8 <not-affected> (Vulnerable code was only introduced in 2.6.9)
	- linux-2.6 <not-affected> (Fixed before initial release)
CVE-2005-0178 (Race condition in the setsid function in Linux before 2.6.8.1 allows ...)
	- kernel-source-2.4.27 <not-affected> (v2.4 is safe because back there current->signal was not shared.)
	- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.8.1)
	[sarge] - kernel-source-2.6.8 2.6.8-14
CVE-2005-0177 (nls_ascii.c in Linux before 2.6.8.1 uses an incorrect table size, ...)
	- kernel-source-2.4.27 <not-affected> (According to joshk, doesn't apply to 2.4.27)
	- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.8.1)
	[sarge] - kernel-source-2.6.8 2.6.8-14
CVE-2005-0176 (The shmctl function in Linux 2.6.9 and earlier allows local users to ...)
	- linux-2.6 <not-affected> (Fixed before upload into archive)
CVE-2004-1392 (PHP 4.0 with cURL functions allows remote attackers to bypass the ...)
	- php4 4:4.3.10-3
CVE-2004-1391 (Untrusted execution path vulnerability in the PPPoE daemon (PPPoEd) in ...)
	NOT-FOR-US: PPPoE daemon (PPPoEd) in QNX RTP
CVE-2004-1390 (Multiple buffer overflows in the PPPoE daemon (PPPoEd) in QNX RTP 6.1 ...)
	NOT-FOR-US: PPPoE daemon (PPPoEd) in QNX RTP
CVE-2004-1389 (Unknown vulnerability in the Veritas NetBackup Administrative ...)
	NOT-FOR-US: Veritas NetBackup Administrative Assistant
CVE-2004-1388 (Format string vulnerability in the gpsd_report function for BerliOS ...)
	- gpsd 2.7-4
CVE-2004-1387 (The check_forensic script in apache-utils package 1.3.31 allows local ...)
	- apache 1.3.33-3
CVE-2004-1386 (TikiWiki before 1.8.4.1 does not properly verify uploaded images, ...)
	NOT-FOR-US: TikiWiki
CVE-2004-1385 (phpGroupWare 0.9.16.003 and earlier allows remote attackers to gain ...)
	- phpgroupware 0.9.16.005-1 (unimportant)
	NOTE: path disclosure only, path is known on Debian anyway
CVE-2004-1384 (Multiple cross-site scripting (XSS) vulnerabilities in phpGroupWare ...)
	- phpgroupware 0.9.16.005-1
CVE-2004-1383 (Multiple SQL injection vulnerabilities in phpGroupWare 0.9.16.003 and ...)
	- phpgroupware 0.9.16.005-1
CVE-2004-1382 (The glibcbug script in glibc 2.3.4 and earlier allows local users to ...)
	- glibc 2.3.2.ds1-19
CVE-2005-0218 (ClamAV 0.80 and earlier allows remote attackers to bypass virus ...)
	- clamav 0.81
CVE-2005-0198 (A logic error in the CRAM-MD5 code for the University of Washington ...)
	- uw-imap 7:2002edebian1-6
CVE-2005-0175 (Squid 2.5 up to 2.5.STABLE7 allows remote attackers to poison the ...)
	{DSA-667-1}
	- squid 2.5.7-6
CVE-2005-0174 (Squid 2.5 up to 2.5.STABLE7 allows remote attackers to poison the ...)
	- squid 2.5.7-6
CVE-2005-0173 (squid_ldap_auth in Squid 2.5 and earlier allows remote authenticated ...)
	{DSA-667-1}
	- squid 2.5.7-4
CVE-2005-0172
	RESERVED
CVE-2005-0171
	RESERVED
CVE-2005-0170
	RESERVED
CVE-2005-0169
	RESERVED
CVE-2005-0168
	RESERVED
CVE-2005-0167
	RESERVED
CVE-2005-0166
	RESERVED
CVE-2005-0165
	RESERVED
CVE-2005-0164
	RESERVED
CVE-2005-0163
	RESERVED
CVE-2005-0162 (Stack-based buffer overflow in the get_internal_addresses function in ...)
	- openswan 2.3.0-2
	- freeswan <not-affected>
CVE-2005-0161 (Multiple directory traversal vulnerabilities in unace 1.2b allow ...)
	- unace 1.2b-3
CVE-2005-0160 (Multiple buffer overflows in unace 1.2b allow attackers to execute ...)
	- unace 1.2b-3
CVE-2005-0159 (The tpkg-* scripts in the toolchain-source 3.0.4 package on Debian ...)
	{DSA-679-1}
	- toolchain-source 3.4-5
CVE-2005-0158 (Format string vulnerability in bidwatcher before 1.3.17 allows remote ...)
	{DSA-687-1}
	- bidwatcher 1.3.17-1
CVE-2005-0157 (The confirm add-on in SmartList 3.15 and earlier allows attackers to ...)
	{DSA-720-1}
	- smartlist 3.15-18
CVE-2005-0156 (Buffer overflow in the PerlIO implementation in Perl 5.8.0, when ...)
	- perl 5.8.4-6
CVE-2005-0155 (The PerlIO implementation in Perl 5.8.0, when installed with setuid ...)
	- perl 5.8.4-6
	- mooix 1.0rc5.pre4
CVE-2005-0154
	RESERVED
CVE-2005-0153
	RESERVED
CVE-2005-0152 (PHP remote file inclusion vulnerability in Squirrelmail 1.2.6 allows ...)
	{DSA-662-1}
	- squirrelmail 1:1.2.7-1
	NOTE: This bug exists only in version 1.2.6.
CVE-2005-0151 (Unknown vulnerability in the installation of Adobe License Management ...)
	NOT-FOR-US: Adobe License Management Software
CVE-2005-0150 (Firefox before 1.0 allows the user to store a (1) javascript: or (2) ...)
	- mozilla-firefox 1.0
CVE-2005-0149 (Thunderbird 0.6 through 0.9 and Mozilla 1.7 through 1.7.3 does not ...)
	- mozilla-thunderbird 0.7
	- mozilla 2:1.7.4
CVE-2005-0148 (Thunderbird before 0.9, when running on Windows systems, uses the ...)
	- mozilla-thunderbird <not-affected> (Affects only Thunderbird on Windows)
CVE-2005-0147 (Firefox before 1.0 and Mozilla before 1.7.5, when configured to use a ...)
	- mozilla-firefox 1.0
	- mozilla 2:1.7.5
CVE-2005-0146 (Firefox before 1.0 and Mozilla before 1.7.5 allow remote attackers to ...)
	- mozilla-firefox 1.0
	- mozilla 2:1.7.5
CVE-2005-0145 (Firefox before 1.0 does not properly distinguish between ...)
	- mozilla-firefox 1.0
CVE-2005-0144 (Firefox before 1.0 and Mozilla before 1.7.5 display the secure site ...)
	- mozilla-firefox 1.0
	- mozilla 2:1.7.5
CVE-2005-0143 (Firefox before 1.0 and Mozilla before 1.7.5 display the SSL lock icon ...)
	- mozilla-firefox 1.0
	- mozilla 2:1.7.5
CVE-2005-0142 (Firefox 0.9, Thunderbird 0.6 and other versions before 0.9, and ...)
	- mozilla-firefox 1.0
	- mozilla-thunderbird 0.7
	- mozilla 2:1.7.5
CVE-2005-0141 (Firefox before 1.0 and Mozilla before 1.7.5 allow remote attackers to ...)
	- mozilla-firefox 1.0
	- mozilla 2:1.7.5
CVE-2005-0140 (Buffer overflow in PeID allows attackers to execute arbitrary code via ...)
	NOT-FOR-US: PeID
CVE-2005-0139 (Unknown vulnerability in rpc.mountd in SGI IRIX 6.5.25, 6.5.26, and ...)
	NOT-FOR-US: Irix
CVE-2005-0138 (rpc.mountd in SGI IRIX 6.5.25, 6.5.26, and 6.5.27 does not correctly ...)
	NOT-FOR-US: Irix
CVE-2005-0137 (Linux kernel 2.6 on Itanium (ia64) architectures allows local users to ...)
	- linux-2.6 <not-affected>
	- kernel-source-2.4.27 2.4.27-10 (bug #308584)
CVE-2005-0136 (The Linux kernel before 2.6.11 on the Itanium IA64 platform has ...)
	[sarge] - kernel-source-2.6.8 2.6.8-14
	- linux-2.6 2.6.11
CVE-2005-0135 (The unw_unwind_to_user function in unwind.c on Itanium (ia64) ...)
	{DSA-1082-1 DSA-1070-1 DSA-1067-1}
	- linux-2.6 <not-affected>
	[sarge] - kernel-source-2.6.8 2.6.8-14
CVE-2005-0134 (The X server in SCO UnixWare 7.1.1, 7.1.3, and 7.1.4 does not properly ...)
	NOT-FOR-US: SCO UnixWare
CVE-2004-1381 (Firefox before 1.0 and Mozilla before 1.7.5 allow inactive ...)
	- mozilla-firefox 1.0
	- mozilla 2:1.7.5
CVE-2004-1380 (Firefox before 1.0 and Mozilla before 1.7.5 allows inactive ...)
	- mozilla-firefox 1.0
	- mozilla 2:1.7.5
CVE-2005-0133 (ClamAV 0.80 and earlier allows remote attackers to cause a denial of ...)
	- clamav 0.80-0.81rc1-1
CVE-2005-0132
	RESERVED
CVE-2005-0131 (The Quick Connection dialog in Konversation 0.15 inadvertently uses ...)
	- konversation 0.15-3
CVE-2005-0130 (Certain Perl scripts in Konversation 0.15 allow remote attackers to ...)
	- konversation 0.15-3
CVE-2005-0129 (The Quick Buttons feature in Konversation 0.15 allows remote attackers ...)
	- konversation 0.15-3
CVE-2005-0128
	RESERVED
CVE-2005-0127 (Mail in Mac OS X 10.3.7, when generating a Message-ID header, ...)
	NOT-FOR-US: MacOS
CVE-2005-0126 (ColorSync on Mac OS X 10.3.7 and 10.3.8 allows attackers to execute ...)
	NOT-FOR-US: MacOS
CVE-2005-0125 (The &quot;at&quot; commands on Mac OS X 10.3.7 and earlier do not properly drop ...)
	NOT-FOR-US: MacOS
CVE-2005-0124 (The coda_pioctl function in the coda functionality (pioctl.c) for ...)
	{DSA-1082-1 DSA-1070-1 DSA-1069-1 DSA-1067-1 DSA-1017-1}
	- linux-2.6 2.6.12-1
CVE-2005-0123
	RESERVED
CVE-2005-0122
	REJECTED
CVE-2005-0121 (Multiple buffer overflows in golddig 2.0 and earlier allow local users ...)
	NOT-FOR-US: golddig
CVE-2005-0120 (helvis 1.8h2_1 and earlier allows local users to delete arbitrary ...)
	NOT-FOR-US: helvis
CVE-2005-0119 (helvis 1.8h2_1 and earlier allows local users to recover and read the ...)
	NOT-FOR-US: helvis
CVE-2005-0118 (helvis 1.8h2_1 and earlier stores recovery files in world readable ...)
	NOT-FOR-US: helvis
CVE-2005-0117 (Buffer overflow in XShisen before 1.36 allows local users to execute ...)
	- xshisen 1.51-1-1.1 (bug #289784)
CVE-2005-0116 (AWStats 6.1, and other versions before 6.3, allows remote attackers to ...)
	- awstats 6.2-1.1
CVE-2005-0115 (Stack-based buffer overflow in DataRescue Interactive Disassembler ...)
	NOT-FOR-US: DataRescue Interactive Disassembler
CVE-2005-0114 (vsdatant.sys in Zone Lab ZoneAlarm before 5.5.062.011, ZoneAlarm ...)
	NOT-FOR-US: ZoneAlarm
CVE-2005-0113 (inpview in SGI IRIX allows local users to execute arbitrary commands ...)
	NOT-FOR-US: IRIX
CVE-2005-0112 (The web-based administrative interface for 3Com OfficeConnect Wireless ...)
	NOT-FOR-US: 3Com OfficeConnect Wireless 11g Access Point
CVE-2005-0111 (Stack-based buffer overflow in the websql CGI program in MySQL MaxDB ...)
	- maxdb-7.5.00 7.5.00.18
CVE-2005-0110 (Internet Explorer 6 on Windows XP SP2 allows remote attackers to ...)
	NOT-FOR-US: MSIE
CVE-2005-0109 (Hyper-Threading technology, as used in FreeBSD and other operating ...)
	NOTE: According to Linus Torvalds and others on linux-kernel this is a theoretical
	NOTE: attack, paranoid people should disable hyper threading
	- kfreebsd5-source 5.3-11
CVE-2005-0108 (Apache mod_auth_radius 1.5.4 and libpam-radius-auth allow remote ...)
	{DSA-659-1}
	- libapache-mod-auth-radius 1.5.7-6
	- libpam-radius-auth 1.3.16-3
CVE-2005-0107 (bsmtpd 2.3 and earlier does not properly sanitize e-mail addresses, ...)
	{DSA-690-1}
	- bsmtpd 2.3pl8b-16
CVE-2005-0106 (SSLeay.pm in libnet-ssleay-perl before 1.25 uses the /tmp/entropy file ...)
	- libnet-ssleay-perl 1.25-1.1
CVE-2005-0105 (Unknown vulnerability in typespeed 0.4.1 and earlier allows local ...)
	{DSA-684-1}
	- typespeed 0.4.4-8
CVE-2005-0104 (Cross-site scripting (XSS) vulnerability in webmail.php in ...)
	{DSA-662-1}
	- squirrelmail 2:1.4.4
CVE-2005-0103 (PHP remote file inclusion vulnerability in webmail.php in SquirrelMail ...)
	- squirrelmail 2:1.4.4-1
CVE-2005-0102 (Integer overflow in camel-lock-helper in Evolution 2.0.2 and earlier ...)
	{DSA-673-1}
	- evolution 2.0.3-1.2 (bug #295548)
CVE-2005-0101 (Buffer overflow in the socket_getline function in Newspost 2.1.1 and ...)
	- newspost 2.1.1-2
CVE-2005-0100 (Format string vulnerability in the movemail utility in (1) Emacs 20.x, ...)
	{DSA-685-1 DSA-671-1 DSA-670-1}
	- emacs21 21.3+1-9
	- xemacs21 21.4.16-2
CVE-2005-0099 (The SDL port of abuse (abuse-SDL) before 2.00 does not properly drop ...)
	{DSA-691-1}
	- abuse <removed>
CVE-2005-0098 (Multiple buffer overflows in the SDL port of abuse (abuse-SDL) before ...)
	{DSA-691-1}
	- abuse <removed>
CVE-2005-0097 (The NTLM component in Squid 2.5.STABLE7 and earlier allows remote ...)
	- squid 2.5.7-4
CVE-2005-0096 (Memory leak in the NTLM fakeauth_auth helper for Squid 2.5.STABLE7 and ...)
	- squid 2.5.7-4
CVE-2005-0095 (The WCCP message parsing code in Squid 2.5.STABLE7 and earlier allows ...)
	{DSA-651-1}
	- squid 2.5.7-4
CVE-2005-0094 (Buffer overflow in the gopherToHTML function in the Gopher reply ...)
	{DSA-651-1}
	- squid 2.5.7-4
CVE-2005-0093
	REJECTED
CVE-2005-0092 (Unknown vulnerability in the Red Hat Enterprise Linux 4 kernel 4GB/4GB ...)
	- linux-2.6 <not-affected> (Apparently specific to Red hat hugemem kernel)
CVE-2005-0091 (Unknown vulnerability in the Red Hat Enterprise Linux 4 kernel 4GB/4GB ...)
	- linux-2.6 <not-affected> (Apparently specific to Red hat hugemem kernel)
CVE-2005-0090 (A regression error in the Red Hat Enterprise Linux 4 kernel 4GB/4GB ...)
	- linux-2.6 <not-affected> (Apparently specific to Red hat hugemem kernel)
CVE-2005-0089 (The SimpleXMLRPCServer library module in Python 2.2, 2.3 before 2.3.5, ...)
	{DSA-666-1}
	- python2.2 2.2.3-14
	- python2.3 2.3.4+2.3.5c1-2
	- python2.4 2.4-5
CVE-2005-0088 (The publisher handler for mod_python 2.7.8 and earlier allows remote ...)
	{DSA-689-1}
	- libapache2-mod-python 3.1.3-3
	- libapache-mod-python 2:2.7.10-4
CVE-2005-0087 (The alsa-lib package in Red Hat Linux 4 disables stack protection for ...)
	NOTE: debian does not have stack protection, but it's fixed anyway since 1.0.9
	- alsa-lib 1.0.9-1 (unimportant)
CVE-2005-0086 (Heap-based buffer overflow in less in Red Hat Enterprise Linux 3 ...)
	- less <not-affected> (Red Hat specific less bug)
CVE-2005-0085 (Cross-site scripting (XSS) vulnerability in ht://dig (htdig) before ...)
	{DSA-680-1}
	- htdig 1:3.1.6-11 (bug #305996)
CVE-2005-0084 (Buffer overflow in the X11 dissector in Ethereal 0.8.10 through 0.10.8 ...)
	{DSA-653-1}
	- ethereal 0.10.9-1
CVE-2005-0083 (MySQL MaxDB 7.5.00 for Windows, and possibly earlier versions and ...)
	- maxdb-7.5.00 7.5.00.24-1
CVE-2005-0082 (The sapdbwa_GetUserData function in MySQL MaxDB 7.5.0.0, and other ...)
	- maxdb-7.5.00 7.5.00.21-1
CVE-2005-0081 (MySQL MaxDB 7.5.0.0, and other versions before 7.5.0.21, allows remote ...)
	- maxdb-7.5.00 7.5.00.21-1
CVE-2004-1379 (Heap-based buffer overflow in the DVD subpicture decoder in xine ...)
	{DSA-657-1}
	- xine-lib 1-rc6a-1
CVE-2004-1378 (The expat XML parser code, as used in the open source Jabber (jabberd) ...)
	- jabber 1.4.3-3 (unimportant)
	NOTE: We do not ship jadc2s.
CVE-2004-1377 (The (1) fixps (aka fixps.in) and (2) psmandup (aka psmandup.in) ...)
	- a2ps 1:4.13b-4.3 (bug #286387; bug #286385)
CVE-2003-1054 (mod_access_referer 1.0.2 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: mod_access_referer
CVE-2003-1053 (Multiple buffer overflows in XShisen allow attackers to execute ...)
	- xshisen 1.51-1-1 (bug #213957)
CVE-2005-0080 (The 55_options_traceback.dpatch patch for mailman 2.1.5 in Ubuntu 4.10 ...)
	- mailman 2.1.5-5
CVE-2005-0079 (Buffer overflow in xtrlock 2.0 allows local users to cause a denial of ...)
	{DSA-649-1}
	- xtrlock 2.0-9
CVE-2005-0078 (The KDE screen saver in KDE before 3.0.5 does not properly check the ...)
	{DSA-660-1}
	- kdebase 4:3.0.5
CVE-2005-0077 (The DBI library (libdbi-perl) for Perl allows local users to overwrite ...)
	{DSA-658-1}
	- libdbi-perl 1.46-6
CVE-2005-0076 (Multiple buffer overflows in the XView library 3.2 may allow local ...)
	{DSA-672-1}
	- xview 3.2p1.4-19
CVE-2005-0075 (prefs.php in SquirrelMail before 1.4.4, with register_globals enabled, ...)
	- squirrelmail 2:1.4.4-1
CVE-2005-0074 (Buffer overflow in pcdsvgaview in xpcd 2.08 allows local users to ...)
	{DSA-676-1}
	- xpcd 2.08-11.1 (bug #294793)
CVE-2005-0073 (Buffer overflow in queue.c in a support script for sympa 3.3.3, when ...)
	{DSA-677-1}
	- sympa 4.1.2-2.1
CVE-2005-0072 (zhcon before 0.2 does not drop privileges before reading a user ...)
	{DSA-655-1}
	- zhcon 1:0.2.3-8.1 (bug #292210)
CVE-2005-0071 (vdr before 1.2.6 does not securely create files, which allows ...)
	{DSA-656-1}
	- vdr 1.2.6-6
CVE-2005-0070 (Synaesthesia 2.1 and earlier, and possibly other versions, when ...)
	{DSA-681-1}
	- synaesthesia 2.1-3
	NOTE: does not apply for sarge, program is not setuid anymore
CVE-2005-0069 (The (1) tcltags or (2) vimspell.sh scripts in vim 6.3 allow local ...)
	- vim 1:6.3-058+1
CVE-2005-0068 (The original design of ICMP does not require authentication for ...)
	NOTE: general icmp design error
CVE-2005-0067 (The original design of TCP does not require that port numbers be ...)
	NOTE: general tcp design error, no indication it affects linux
CVE-2005-0066 (The original design of TCP does not check that the TCP Acknowledgement ...)
	NOTE: general tcp design error
CVE-2005-0065 (The original design of TCP does not check that the TCP sequence number ...)
	NOTE: general tcp design error
CVE-2005-0064 (Buffer overflow in the Decrypt::makeFileKey2 function in Decrypt.cc ...)
	{DSA-648-1 DSA-645-1}
	- xpdf 3.00-13
	- gpdf 2.8.2-1.2
	- pdftohtml 0.36-11
	- kdegraphics 4:3.3.2-2
	- tetex-bin 2.0.2-26
	- cupsys 1.1.22-6 (bug #324459)
	- cups 1.1.22-6 (bug #324459)
	NOTE: cupsys switched to an xpdf-utils wrapper in version 1.1.22-6.
	NOTE: In version 1.1.23-13, the dormant code in the source
	NOTE: package was fixed.
CVE-2005-0063 (The document processing application used by the Windows Shell in ...)
	NOT-FOR-US: Microsoft
CVE-2005-0062
	RESERVED
CVE-2005-0061 (The kernel of Microsoft Windows 2000, Windows XP SP1 and SP2, and ...)
	NOT-FOR-US: Microsoft
CVE-2005-0060 (Buffer overflow in the font processing component of Microsoft Windows ...)
	NOT-FOR-US: Microsoft
CVE-2005-0059 (Buffer overflow in the Message Queuing component of Microsoft Windows ...)
	NOT-FOR-US: Microsoft
CVE-2005-0058 (Buffer overflow in the Telephony Application Programming Interface ...)
	NOT-FOR-US: TAPI for Windows
CVE-2005-0057 (The Hyperlink Object Library for Windows 98, 2000, XP, and Server 2003 ...)
	NOT-FOR-US: Microsoft
CVE-2005-0056 (Internet Explorer 5.01, 5.5, and 6 does not properly validate certain ...)
	NOT-FOR-US: Microsoft
CVE-2005-0055 (Internet Explorer 5.01, 5.5, and 6 does not properly validate buffers ...)
	NOT-FOR-US: Microsoft
CVE-2005-0054 (Internet Explorer 5.01, 5.5, and 6 allows remote attackers to spoof a ...)
	NOT-FOR-US: Microsoft
CVE-2005-0053 (Internet Explorer 5.01, 5.5, and 6 allows remote attackers to execute ...)
	NOT-FOR-US: Microsoft
CVE-2005-0052
	RESERVED
CVE-2005-0051 (The Server service (srvsvc.dll) in Windows XP SP1 and SP2 allows ...)
	NOT-FOR-US: Microsoft
CVE-2005-0050 (The License Logging service for Windows NT Server, Windows 2000 ...)
	NOT-FOR-US: Microsoft
CVE-2005-0049 (Windows SharePoint Services and SharePoint Team Services for Windows ...)
	NOT-FOR-US: Microsoft
CVE-2005-0048 (Microsoft Windows XP SP2 and earlier, 2000 SP3 and SP4, Server 2003, ...)
	NOT-FOR-US: Microsoft
CVE-2005-0047 (Windows 2000, XP, and Server 2003 does not properly &quot;validate the use ...)
	NOT-FOR-US: Microsoft
CVE-2005-0046
	RESERVED
CVE-2005-0045 (The Server Message Block (SMB) implementation for Windows NT 4.0, ...)
	NOT-FOR-US: Microsoft
CVE-2005-0044 (The OLE component in Windows 98, 2000, XP, and Server 2003, and ...)
	NOT-FOR-US: Microsoft
CVE-2005-0043 (Buffer overflow in Apple iTunes 4.7 allows remote attackers to execute ...)
	NOT-FOR-US: iTunes
CVE-2005-0042
	RESERVED
CVE-2005-0041
	RESERVED
CVE-2005-0040 (Multiple cross-site scripting (XSS) vulnerabilities in DotNetNuke ...)
	NOT-FOR-US: DotNetNuke
CVE-2005-0039 (Certain configurations of IPsec, when using Encapsulating Security ...)
	NOTE: These are known issues of IPSEC and basically every VPN system using
	NOTE: encryption without authentication.
	NOTE: openswan even prevents such configurations
CVE-2005-0038 (The DNS implementation of PowerDNS 2.9.16 and earlier allows remote ...)
	- pdns 2.9.17-1
CVE-2005-0037 (The DNS implementation of DNRD before 2.10 allows remote attackers to ...)
	NOT-FOR-US: dnrd
CVE-2005-0036 (The DNS implementation in DeleGate 8.10.2 and earlier allows remote ...)
	NOT-FOR-US: DeleGate
CVE-2005-0035 (The Acrobat web control in Adobe Acrobat and Acrobat Reader 7.0 and ...)
	NOT-FOR-US: Adobe
CVE-2005-0034 (An &quot;incorrect assumption&quot; in the authvalidated validator function in ...)
	- bind9 1:9.3.1
	[woody] - bind9 <not-affected>
	[sarge] - bind9 <not-affected>
	NOTE: only affects bind9 9.3.0, sarge and woody have an earlier versions
CVE-2005-0033 (Buffer overflow in the code for recursion and glue fetching in BIND ...)
	- bind 1:8.4.6-1
CVE-2004-1376 (Directory traversal vulnerability in Microsoft Internet Explorer 5.01, ...)
	NOT-FOR-US: MSIE
CVE-2004-1375 (Unknown vulnerability in System Administration Manager (SAM) in HP-UX ...)
	NOT-FOR-US: HP-UX
CVE-2004-1374 (Multiple buffer overflows in NetBSD kernel may allow local users to ...)
	NOT-FOR-US: NetBSD
CVE-2004-1373 (Format string vulnerability in SHOUTcast 1.9.4 allows remote attackers ...)
	NOT-FOR-US: Shoutcast
CVE-2004-1372 (Multiple stack-based buffer overflows in IBM DB2 7.x and 8.1 allow ...)
	NOT-FOR-US: IBM DB2
CVE-2004-1371 (Stack-based buffer overflow in Oracle 9i and 10g allows remote ...)
	NOT-FOR-US: Oracle
CVE-2004-1370 (Multiple SQL injection vulnerabilities in PL/SQL procedures that run ...)
	NOT-FOR-US: Oracle
CVE-2004-1369 (The TNS Listener in Oracle 10g allows remote attackers to cause a ...)
	NOT-FOR-US: Oracle
CVE-2004-1368 (ISQL*Plus in Oracle 10g Application Server allows remote attackers to ...)
	NOT-FOR-US: Oracle
CVE-2004-1367 (Oracle 10g Database Server, when installed with a password that ...)
	NOT-FOR-US: Oracle
CVE-2004-1366 (Oracle 10g Database Server stores the password for the SYSMAN account ...)
	NOT-FOR-US: Oracle
CVE-2004-1365 (Extproc in Oracle 9i and 10g does not require authentication to load a ...)
	NOT-FOR-US: Oracle
CVE-2004-1364 (Directory traversal vulnerability in extproc in Oracle 9i and 10g ...)
	NOT-FOR-US: Oracle
CVE-2004-1363 (Buffer overflow in extproc in Oracle 10g allows remote attackers to ...)
	NOT-FOR-US: Oracle
CVE-2004-1362 (The PL/SQL module for the Oracle HTTP Server in Oracle Application ...)
	NOT-FOR-US: Oracle
CVE-2004-1361 (Integer underflow in winhlp32.exe in Windows NT, Windows 2000 through ...)
	NOT-FOR-US: Windows
CVE-2004-1360 (Unknown vulnerability in conv_fix in Sun Solaris 7 through 9, when ...)
	NOT-FOR-US: Solaris
CVE-2004-1359 (Multiple buffer overflows in uucp for Sun Solaris 2.6, 7, 8, and 9 ...)
	NOT-FOR-US: Solaris
CVE-2004-1358 (The patches (1) 114332-08 and (2) 114929-06 for Sun Solaris 9 disable ...)
	NOT-FOR-US: Solaris
CVE-2004-1357 (The Secure Shell (SSH) Daemon (SSHD) in Sun Solaris 9 does not ...)
	NOT-FOR-US: ssh on Solaris
CVE-2004-1356 (Unknown vulnerability in the sendfilev function in Sun Solaris 8 and 9 ...)
	NOT-FOR-US: Solaris
CVE-2004-1355 (Unknown vulnerability in the TCP/IP stack for Sun Solaris 8 and 9 ...)
	NOT-FOR-US: Solaris
CVE-2004-1354 (The Solaris Management Console (SMC) in Sun Solaris 8 and 9 generates ...)
	NOT-FOR-US: Solaris
CVE-2004-1353 (Unknown vulnerability in LDAP on Sun Solaris 8 and 9, when using Role ...)
	NOT-FOR-US: Solaris
CVE-2004-1352 (Buffer overflow in the ping daemon of Sun Solaris 7 through 9 may ...)
	NOT-FOR-US: Solaris
CVE-2004-1351 (Unknown vulnerability in the rwho daemon (in.rwhod) for Solaris 7 ...)
	NOT-FOR-US: Solaris
CVE-2004-1350 (Multiple buffer overflows in Sun Java System Web Proxy Server ...)
	NOT-FOR-US: Sun Java System Web Proxy Server
CVE-2004-1349 (gzip before 1.3 in Solaris 8, when called with the -f or -force flags, ...)
	- gzip <not-affected> (gzip on Solaris)
CVE-2004-1348 (Unknown vulnerability in in.named on Solaris 8 allows remote attackers ...)
	NOT-FOR-US: Solaris
CVE-2004-1347 (X Display Manager (XDM) on Solaris 8 allows remote attackers to cause ...)
	- xfree86 <not-affected> (xdm on Solaris)
	- xorg-x11 <not-affected> (xdm on Solaris)
CVE-2004-1346 (The Sun Solaris Volume Manager (SVM) on Solaris 9 allows local users ...)
	NOT-FOR-US: Solaris
CVE-2004-1345 (Unknown vulnerability in Sun StorEdge Enterprise Storage Manager (ESM) ...)
	NOT-FOR-US: Sun StorEdge Enterprise Storage Manager
CVE-2004-1344
	RESERVED
CVE-2004-1343 (CVS 1.12 and earlier on Debian GNU/Linux does not properly handle when ...)
	{DSA-715-1}
	- cvs 1:1.12.9-12
CVE-2004-1342 (CVS 1.12 and earlier on Debian GNU/Linux, when using the repouid ...)
	{DSA-715-1}
	- cvs 1:1.12.9-12
CVE-2004-1341 (Cross-site scripting (XSS) vulnerability in info2www before 1.2.2.9 ...)
	{DSA-711-1}
	- info2www 1.2.2.9-23 (bug #281655)
CVE-2004-1340 (Debian GNU/Linux 3.0 installs the libpam-radius-auth package with the ...)
	{DSA-659-1}
	- libpam-radius-auth 1.3.16-1.1
CVE-2005-0032
	RESERVED
CVE-2005-0031
	RESERVED
CVE-2005-0030
	RESERVED
CVE-2005-0029
	RESERVED
CVE-2005-0028
	RESERVED
CVE-2005-0027
	RESERVED
CVE-2005-0026
	RESERVED
CVE-2005-0025
	RESERVED
CVE-2005-0024
	RESERVED
CVE-2005-0023 (gnome-pty-helper in GNOME libzvt2 and libvte4 allows local users to ...)
	- gnome-libs <unfixed> (bug #329156; unimportant)
	- vte <unfixed> (bug #330907; unimportant)
	NOTE: Not considered a security problem, see #329156
CVE-2005-0022 (Buffer overflow in the spa_base64_to_bits function in Exim before ...)
	- exim4 4.34-10
CVE-2005-0021 (Multiple buffer overflows in Exim before 4.43 may allow attackers to ...)
	{DSA-637-1 DSA-635-1}
	- exim4 4.34-10
	- exim 3.36-13 (bug #290036)
	- exim-tls <removed>
CVE-2005-0020 (Buffer overflow in playmidi before 2.4 allows local users to execute ...)
	{DSA-641-1}
	- playmidi 2.4debian-3
CVE-2005-0019 (Unknown vulnerability in hztty 2.0 and earlier allows local users to ...)
	{DSA-675-1}
	- hztty 2.0-6.1
CVE-2005-0018 (The f2 shell script in the f2c package 3.1 allows local users to read ...)
	{DSA-661-2}
	- f2c 20020621-3.4 (bug #292792)
CVE-2005-0017 (The f2c translator in the f2c package 3.1 allows local users to read ...)
	{DSA-661-2}
	- f2c 20020621-3.4 (bug #292792)
CVE-2005-0016 (Buffer overflow in the exported_display function in xatitv in gatos ...)
	{DSA-640-1}
	- gatos 0.0.5-15
CVE-2005-0015 (diatheke.pl in Sword 1.5.7a allows remote attackers to execute ...)
	{DSA-650-1}
	- sword 1.5.7-7 (bug #291433)
CVE-2005-0014 (Buffer overflow in ncplogin in ncpfs before 2.2.6 allows remote ...)
	- ncpfs 2.2.6-1
CVE-2005-0013 (nwclient.c in ncpfs before 2.2.6 does not drop root privileges before ...)
	{DSA-665-1}
	- ncpfs 2.2.6-1
CVE-2005-0012 (Format string vulnerability in the a_Interface_msg function in Dillo ...)
	- dillo 0.8.3-1
CVE-2005-0011 (Multiple vulnerabilities in fliccd, when installed setuid root as part ...)
	- kdeedu 4:3.3.2-2
CVE-2005-0010 (Unknown vulnerability in the MMSE dissector in Ethereal 0.10.4 through ...)
	- ethereal 0.10.9-1
CVE-2005-0009 (Unknown vulnerability in the Gnutella dissector in Ethereal 0.10.6 ...)
	- ethereal 0.10.9-1
CVE-2005-0008 (Unknown vulnerability in the DNP dissector in Ethereal 0.10.5 through ...)
	- ethereal 0.10.9-1
CVE-2005-0007 (Unknown vulnerability in the DLSw dissector in Ethereal 0.10.6 through ...)
	- ethereal 0.10.9-1
CVE-2005-0006 (The COPS dissector in Ethereal 0.10.6 through 0.10.8 allows remote ...)
	- ethereal 0.10.9-1
CVE-2005-0005 (Heap-based buffer overflow in psd.c for ImageMagick 6.1.0, 6.1.7, and ...)
	{DSA-646-1}
	- imagemagick 6:6.0.6.2-2.1 (bug #291118; bug #291033)
CVE-2005-0004 (The mysqlaccess script in MySQL 4.0.23 and earlier, 4.1.x before ...)
	{DSA-647-1}
	- mysql-dfsg-4.1 4.1.8a-6
	- mysql-dfsg 4.0.23-3
CVE-2005-0003 (The 64 bit ELF support in Linux kernel 2.6 before 2.6.10, on 64-bit ...)
	{DSA-1082-1 DSA-1070-1 DSA-1069-1 DSA-1067-1}
	- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.10)
	- kernel-source-2.4.27 2.4.27-9
	[sarge] - kernel-source-2.6.8 2.6.8-9
CVE-2005-0002 (poppassd_pam 1.0 and earlier, when changing a user password, does not ...)
	NOT-FOR-US: poppassd_pam
CVE-2005-0001 (Race condition in the page fault handler (fault.c) for Linux kernel ...)
	{DSA-1082-1 DSA-1070-1 DSA-1069-1 DSA-1067-1}
	NOTE: i386 and smp specific
	- linux-2.6 <not-affected> (Fixed before upload into archive)
	- kernel-source-2.4.27 2.4.27-8
	[sarge] - kernel-source-2.6.8 2.6.8-13
CVE-2004-1339 (SQL injection vulnerability in the (1) MDSYS.SDO_GEOM_TRIG_INS1 and ...)
	NOT-FOR-US: oracle
CVE-2004-1338 (The triggers in Oracle 9i and 10g allow local users to gain privileges ...)
	NOT-FOR-US: oracle
CVE-2004-1337 (The POSIX Capability Linux Security Module (LSM) for Linux kernel 2.6 ...)
	- linux-2.6 <not-affected> (Fixed before upload into archive, 2.6.11)
	[sarge] - kernel-source-2.6.8 2.6.8-14
CVE-2004-1336 (The xdvizilla script in tetex-bin 2.0.2 creates temporary files with ...)
	- tetex-bin 2.0.2-25
CVE-2004-1335 (Memory leak in the ip_options_get function in the Linux kernel before ...)
	{DSA-1082-1 DSA-1070-1 DSA-1069-1 DSA-1067-1}
	- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.10)
	[sarge] - kernel-source-2.6.8 2.6.8-11
	- kernel-source-2.4.27 2.4.27-9
CVE-2004-1334 (Integer overflow in the ip_options_get function in the Linux kernel ...)
	- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.10)
	[sarge] - kernel-source-2.6.8 2.6.8-11
	- kernel-source-2.4.27 <not-affected>
CVE-2004-1333 (Integer overflow in the vc_resize function in the Linux kernel 2.4 and ...)
	{DSA-1082-1 DSA-1070-1 DSA-1069-1 DSA-1067-1}
	- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.10)
	[sarge] - kernel-source-2.6.8 2.6.8-11
	- kernel-source-2.4.27 2.4.27-9
CVE-2004-1332 (Stack-based buffer overflow in the FTP daemon in HP-UX 11.11i, with ...)
	NOT-FOR-US: hpux
CVE-2004-1331 (The execCommand method in Microsoft Internet Explorer 6.0 SP2 allows ...)
	NOT-FOR-US: microsoft
CVE-2004-1330 (Buffer overflow in paginit in AIX 5.1 through 5.3 allows local users ...)
	NOT-FOR-US: AIX
CVE-2004-1329 (Untrusted execution path vulnerability in the diag commands (1) ...)
	NOT-FOR-US: AIX
CVE-2004-1328 (Unknown vulnerability in newgrp in HP-UX B.11.00, B.11.04, and B.11.11 ...)
	NOT-FOR-US: hpux
CVE-2004-1327 (Buffer overflow in Crystal FTP Client 2.8 allows remote malicious ...)
	NOT-FOR-US: Crystal FTP client
CVE-2004-1326 (Buffer overflow in dxterm in Ultrix 4.5 allows local users to execute ...)
	NOT-FOR-US: Ultrix
CVE-2004-1325 (The getItemInfoByAtom function in the ActiveX control for Microsoft ...)
	NOT-FOR-US: Microsoft
CVE-2004-1324 (The Microsoft Windows Media Player 9.0 ActiveX control may allow ...)
	NOT-FOR-US: Microsoft
CVE-2004-1323 (Multiple syscalls in the compat subsystem for NetBSD before 2.0 allow ...)
	NOT-FOR-US: Netbsd
CVE-2004-1322 (Cisco Unity 2.x, 3.x, and 4.x, when integrated with Microsoft ...)
	NOT-FOR-US: Cisco
CVE-2004-1321 (The configuration backup in Asante FM2008 running firmware 1.06 stores ...)
	NOT-FOR-US: Asante FM2008
CVE-2004-1320 (Asante FM2008 running firmware 1.06 is shipped with a default username ...)
	NOT-FOR-US: Asante FM2008
CVE-2004-1319 (The DHTML Edit Control (dhtmled.ocx) allows remote attackers to inject ...)
	NOT-FOR-US: MSIE
CVE-2004-1318 (Cross-site scripting (XSS) vulnerability in namazu.cgi for Namazu ...)
	{DSA-627-1}
	- namazu2 2.0.14-1
CVE-2004-1317 (Stack-based buffer overflow in doexec.c in Netcat for Windows 1.1, ...)
	- netcat <not-affected> (only affects netcat in Windows)
CVE-2004-1316 (Heap-based buffer overflow in MSG_UnEscapeSearchUrl in ...)
	- mozilla 2:1.7.5-1 (bug #288047)
CVE-2004-1315 (viewtopic.php in phpBB 2.x before 2.0.11 improperly URL decodes the ...)
	- phpbb2 2.0.10-3
CVE-2004-1314 (Safari 1.x allows remote attackers to spoof arbitrary web sites by ...)
	NOT-FOR-US: MacOS
CVE-2004-1313 (The Smc.exe process in My Firewall Plus 5.0 build 1117, and possibly ...)
	NOT-FOR-US: My Firewall Plus
CVE-2004-1312 (A bug in the HTML parser in a certain Microsoft HTML library, as used ...)
	NOT-FOR-US: Microsoft
CVE-2004-1311 (Integer overflow in the real_setup_and_get_header function in real.c ...)
	- mplayer 1.0~pre6a-1
CVE-2004-1310 (Stack-based buffer overflow in the asf_mmst_streaming.c functionality ...)
	- mplayer 1.0~pre6a-1
CVE-2004-1309 (Heap-based buffer overflow in the demux_open_bmp function in ...)
	- mplayer 1.0~pre6a-1
CVE-2004-1308 (Integer overflow in (1) tif_dirread.c and (2) tif_fax3.c for libtiff ...)
	{DSA-617-1}
	- tiff 3.6.1-4
CVE-2004-1307 (Integer overflow in the TIFFFetchStripThing function in tif_dirread.c ...)
	- tiff 3.7.0 (low)
CVE-2004-1306 (Heap-based buffer overflow in winhlp32.exe in Windows NT, Windows 2000 ...)
	NOT-FOR-US: Windows
CVE-2004-1305 (The Windows Animated Cursor (ANI) capability in Windows NT, Windows ...)
	NOT-FOR-US: Microsoft
CVE-2004-1304 (Stack-based buffer overflow in the ELF header parsing code in file ...)
	- file 4.12
CVE-2004-1303 (Buffer overflow in the get function in get.c for Yanf 0.4 allows ...)
	NOT-FOR-US: Yanf
CVE-2004-1302 (The id3tag_sort function in id3tag.c for YAMT 0.5 allows remote ...)
	NOT-FOR-US: YAMT
CVE-2004-1301 (Buffer overflow in the book_format_sql function in format.c for ...)
	NOT-FOR-US: xlreader
CVE-2004-1300 (Buffer overflow in the open_aiff_file function in demux_aiff.c for ...)
	- xine-lib 1-rc8-1
CVE-2004-1299 (Buffer overflow in the get_attr function in html.c for vilistextum ...)
	NOT-FOR-US: vilistextum
CVE-2004-1298 (Buffer overflow in the parse function in vb2c.c for vb2c 0.02 allows ...)
	NOT-FOR-US: vb2c
CVE-2004-1297 (Buffer overflow in the process_font_table function in convert.c for ...)
	- unrtf 0.19.3-1.1 (bug #287038)
CVE-2004-1296 (The (1) eqn2graph and (2) pic2graph scripts in groff 1.18.1 allow ...)
	- groff 1.18.1.1-5
CVE-2004-1295 (The slip_down function in slip.c for the uml_net program in ...)
	- uml-utilities <not-affected> (uml_net is only executable by users in group uml-net)
CVE-2004-1294 (The mget function in cmds.c for tnftp 20030825 allows remote FTP ...)
	- tnftp 20050625-0.1 (bug #285902; medium)
CVE-2004-1293 (Buffer overflow in the ReadFontTbl function in reader.c for ...)
	NOT-FOR-US: rtf2latex2e
CVE-2004-1292 (Buffer overflow in the parse_emelody function in parse_emelody.c for ...)
	NOT-FOR-US: ringtonetools
CVE-2004-1291 (Buffer overflow in qwik-smtpd allows remote attackers to use the ...)
	NOT-FOR-US: qwik-smtpd
CVE-2004-1290 (Buffer overflow in the process_moves function in pgn2web.c for pgn2web ...)
	NOT-FOR-US: pgn2web
CVE-2004-1289 (Multiple buffer overflows in (1) the getline function in pcalutil.c ...)
	{DSA-625-1}
	- pcal 4.8.0-1
CVE-2004-1288 (Buffer overflow in the parse_html function in o3read.c for o3read ...)
	NOT-FOR-US: o3read
CVE-2004-1287 (Buffer overflow in the error function in preproc.c for NASM 0.98.38 ...)
	{DSA-623-1}
	- nasm 0.98.38-1.1 (bug #285889)
CVE-2004-1286 (Buffer overflow in the auto_filter_extern function in auto.c for ...)
	NOT-FOR-US: NapShare
CVE-2004-1285 (Buffer overflow in the get_header function in asf_mmst_streaming.c for ...)
	NOT-FOR-US: mplayer
CVE-2004-1284 (Buffer overflow in the find_next_file function in playlist.c for ...)
	NOTE: Previous fix 0.59r-18 introduced new integer overflows and caused regressions
	- mpg123 0.59r-20 (bug #287043)
CVE-2004-1283 (Buffer overflow in the Mesh::type method in mesh.c for the mview ...)
	NOT-FOR-US: mview
CVE-2004-1282 (Buffer overflow in the strexpand function in string.c for LinPopUp ...)
	{DSA-632-1}
	- linpopup 1.2.0-7
CVE-2004-1281 (The ftp_retr function in junkie 0.3.1 allows remote malicious FTP ...)
	NOT-FOR-US: junkie
CVE-2004-1280 (The gui_popup_view_fly function in gui_tview_popup.c for junkie 0.3.1 ...)
	NOT-FOR-US: junkie
CVE-2004-1279 (Buffer overflow in the get_file_list_stdin function in jpegtoavi 1.5 ...)
	NOT-FOR-US: jpegtoavi
CVE-2004-1278 (Buffer overflow in the switch_voice function in parse.c for jcabc2ps ...)
	NOT-FOR-US: jcabc2ps
CVE-2004-1277 (The download_selection_recursive() function in ftplist.c for IglooFTP ...)
	NOT-FOR-US: IglooFTP
CVE-2004-1276 (IglooFTP 0.6.1, when recursively uploading a directory, allows local ...)
	NOT-FOR-US: IglooFTP
CVE-2004-1275 (Buffer overflow in the remove_quote function in convert.c for ...)
	NOT-FOR-US: html2hdml
CVE-2004-1274 (The DownloadLoop function in main.c for greed 0.81p allows remote ...)
	NOT-FOR-US: greed
	NOTE: not the game in debian, the file download tool
CVE-2004-1273 (Buffer overflow in the DownloadLoop function in main.c for greed 0.81p ...)
	NOT-FOR-US: greed
	NOTE: not the game in debian, the file download tool
CVE-2004-1272 (Buffer overflow in the save_embedded_address function in filter.c for ...)
	- filter 2.4.2-1.1
CVE-2004-1271 (Buffer overflow in the dxfin function in d.c for dxfscope 0.2 allows ...)
	NOT-FOR-US: dxfscope
CVE-2004-1270 (lppasswd in CUPS 1.1.22, when run in environments that do not ensure ...)
	- cups 1.1.22-2
	- cupsys 1.1.22-2
CVE-2004-1269 (lppasswd in CUPS 1.1.22 does not remove the passwd.new file if it ...)
	- cups 1.1.22-2
	- cupsys 1.1.22-2
CVE-2004-1268 (lppasswd in CUPS 1.1.22 ignores write errors when modifying the CUPS ...)
	- cups 1.1.22-2
	- cupsys 1.1.22-2
CVE-2004-1267 (Buffer overflow in the ParseCommand function in hpgl-input.c in the ...)
	- cups 1.1.22-2
	- cupsys 1.1.22-2
CVE-2004-1266 (Buffer overflow in the get_field_headers function in csv2xml.cpp for ...)
	NOT-FOR-US: csv2xml
CVE-2004-1265 (Buffer overflow in the readObjectChunk function in 3dsimp.cpp for the ...)
	NOT-FOR-US: Convex
CVE-2004-1264 (Buffer overflow in the simplify_path function in config.c for ChBg 1.5 ...)
	{DSA-644-1}
	- chbg 1.5-4
CVE-2004-1263 (changepassword.cgi in ChangePassword 0.8, when installed setuid, ...)
	NOT-FOR-US: ChangePassword
CVE-2004-1262 (Buffer overflow in the bsb_open_header function in libbsb for bsb2ppm ...)
	NOT-FOR-US: bsb2ppm
CVE-2004-1261 (Multiple buffer overflows in the preparse function in asp2php 0.76.23 ...)
	NOT-FOR-US: asp2php
CVE-2004-1260 (Multiple buffer overflows in the (1) write_heading function in ...)
	NOT-FOR-US: abctab2ps
CVE-2004-1259 (Multiple buffer overflows in the handle_directive function in abcpp.c ...)
	NOT-FOR-US: abcpp
CVE-2004-1258 (Buffer overflow in the put_words function in subs.c for abcm2ps 3.7.20 ...)
	- abcm2ps 4.8.5-1
CVE-2004-1257 (Buffer overflow in the process_abc function in abc.c for abc2mtex ...)
	NOT-FOR-US: abc2mtex
CVE-2004-1256 (Multiple buffer overflows in the (1) event_text and (2) event_specific ...)
	- abcmidi 20050101-1
CVE-2004-1255 (Buffer overflow in the expandtabs function in 2fax 3.04 allows remote ...)
	NOT-FOR-US: 2fax
CVE-2004-1254 (WinRAR 3.40, and possibly earlier versions, allows remote attackers to ...)
	NOT-FOR-US: WinRAR
CVE-2004-1253
	RESERVED
CVE-2004-1252
	RESERVED
CVE-2004-1251
	RESERVED
CVE-2004-1250
	RESERVED
CVE-2004-1249
	RESERVED
CVE-2004-1248
	RESERVED
CVE-2004-1247
	RESERVED
CVE-2004-1246
	RESERVED
CVE-2004-1245
	RESERVED
CVE-2004-1244 (Windows Media Player 9 allows remote attackers to execute arbitrary ...)
	NOT-FOR-US: Microsoft
CVE-2004-1243
	REJECTED
CVE-2004-1242
	REJECTED
CVE-2004-1241
	REJECTED
CVE-2004-1240
	REJECTED
CVE-2004-1239
	REJECTED
CVE-2004-1238
	REJECTED
CVE-2004-1237 (Unknown vulnerability in the system call filtering code in the audit ...)
	- linux-2.6 <not-affected> (Apparently Red Hat specific)
CVE-2004-1236 (Buffer overflow in the LDAP component for Netscape Directory Server ...)
	NOT-FOR-US: Netscape Directory Server on HP-UX
CVE-2004-1235 (Race condition in the (1) load_elf_library and (2) binfmt_aout ...)
	{DSA-1082-1 DSA-1070-1 DSA-1069-1 DSA-1067-1}
	- linux-2.6 <not-affected> (Fixed before upload into archive)
	- kernel-source-2.4.27 2.4.27-8 (bug #289202; bug #289708; bug #291053; high)
CVE-2004-1234 (load_elf_binary in Linux before 2.4.26 allows local users to cause a ...)
	{DSA-1082-1 DSA-1070-1 DSA-1069-1 DSA-1067-1}
	- kernel-source-2.4.27 <not-affected> (Fixed before upload into archive; 2.4.26)
CVE-2004-1233 (Integer overflow in Gadu-Gadu allows remote attackers to cause a ...)
	NOT-FOR-US: Gadu-Gadu
CVE-2004-1232 (Stack-based buffer overflow in the code that sends images in Gadu-Gadu ...)
	NOT-FOR-US: Gadu-Gadu
CVE-2004-1231 (Directory traversal vulnerability in Gadu-Gadu allows remote attackers ...)
	NOT-FOR-US: Gadu-Gadu
CVE-2004-1230 (Gadu-Gadu allows remote attackers to gain sensitive information and ...)
	NOT-FOR-US: Gadu-Gadu
CVE-2004-1229 (Cross-site scripting vulnerability in the parser for Gadu-Gadu allows ...)
	NOT-FOR-US: Gadu-Gadu
CVE-2004-1228 (The install scripts in SugarCRM Sugar Sales 2.0.1c and earlier are not ...)
	NOT-FOR-US: SugarCRM Sugar Sales
CVE-2004-1227 (Directory traversal vulnerability in SugarCRM Sugar Sales 2.0.1c and ...)
	NOT-FOR-US: SugarCRM Sugar Sales
CVE-2004-1226 (SugarCRM Sugar Sales 2.0.1c and earlier allows remote attackers to ...)
	NOT-FOR-US: SugarCRM Sugar Sales
CVE-2004-1225 (SQL injection vulnerability in SugarCRM Sugar Sales before 2.0.1a ...)
	NOT-FOR-US: SugarCRM Sugar Sales
CVE-2004-1224 (Off-by-one error in the mtr_curses_keyaction function for mtr 0.55 ...)
	- mtr 0.67-1
CVE-2004-1223 (The Management Agent in F-Secure Policy Manager 5.11.2810 allows ...)
	NOT-FOR-US: F-Secure Policy Manager
CVE-2004-1222 (weblibs.pl in WebLibs 1.0 allows remote attackers to execute arbitrary ...)
	NOT-FOR-US: weblibs.pl
CVE-2004-1221 (Directory traversal vulnerability in weblibs.pl in WebLibs 1.0 allows ...)
	NOT-FOR-US: weblibs.pl
CVE-2004-1220 (Battlefield 1942 1.6.19 and earlier, and Battlefield Vietnam 1.2 and ...)
	NOT-FOR-US: Battlefield 1942, Battlefield Vietnam
CVE-2004-1219 (paFileDB 3.1, when using sessions authentication and while the ...)
	NOT-FOR-US: paFileDB
CVE-2004-1218 (Remote Execute 2.30 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Remote Execute
CVE-2004-1217 (Hosting Controller 6.1 Hotfix 1.4, and possibly other versions, allows ...)
	NOT-FOR-US: Hosting Controller
CVE-2004-1216 (The scripts that handle players in Kreed 1.05 and earlier allow remote ...)
	NOT-FOR-US: Kreed
CVE-2004-1215 (Kreed 1.05 and earlier allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Kreed
CVE-2004-1214 (Format string vulnerability in Kreed 1.05 and earlier allows remote ...)
	NOT-FOR-US: Kreed
CVE-2004-1213 (Cross-site scripting (XSS) vulnerability in index.php in Advanced ...)
	NOT-FOR-US: Advanced Guestbook
CVE-2004-1212 (Directory traversal vulnerability in btdownload.php in Blog Torrent ...)
	NOT-FOR-US: Blog Torrent
CVE-2004-1211 (Multiple buffer overflows in the IMAP service in Mercury/32 4.01a ...)
	NOT-FOR-US: Mercury Mail
CVE-2004-1210 (Cross-site scripting (XSS) vulnerability in proxylog.dat in IPCop ...)
	NOT-FOR-US: IpCop
CVE-2004-1209 (Verisign Payflow Link, when running with empty Accepted URL fields, ...)
	NOT-FOR-US: Verisign Payflow Link
CVE-2004-1208 (Buffer overflow in Orbz 2.10 and earlier allows remote attackers to ...)
	NOT-FOR-US: Orbz
CVE-2004-1207 (The Serious engine, as used in (1) Alpha Black Zero Intrepid Protocol ...)
	NOT-FOR-US: The Serious engine, as used in (1) Alpha Black Zero, (2) Nitro family, and (3) Serious Sam Second Encounter
CVE-2004-1206 (Directory traversal vulnerability in codebrowserpntm.php in ...)
	NOT-FOR-US: pnTresMailer
CVE-2004-1205 (codebrowserpntm.php in PnTresMailer 6.03 allows remote attackers to ...)
	NOT-FOR-US: pnTresMailer
CVE-2004-1204 (FluxBox 0.9.10 and earlier versions allows local users to cause a ...)
	NOTE: at best a local DOS by the user running fluxbox.
	NOTE: Where's the security hole?
	- fluxbox 0.9.11-1
CVE-2004-1203 (parser.php in phpCMS 1.2.1 and earlier, with non-stealth and debug ...)
	NOT-FOR-US: phpCMS
CVE-2004-1202 (Cross-site scripting (XSS) vulnerability in parser.php in phpCMS 1.2.1 ...)
	NOT-FOR-US: phpCMS
CVE-2004-1201 (Opera 7.54 allows remote attackers to cause a denial of service ...)
	NOT-FOR-US: Opera
CVE-2004-1200 (Firefox and Mozilla allow remote attackers to cause a denial of ...)
	NOTE: memory leak, doubt it's usefully exploitable
	NOTE: did not followup
CVE-2004-1199 (Safari 1.2.4 on Mac OS X 10.3.6 allows remote attackers to cause a ...)
	NOT-FOR-US: Safari
CVE-2004-1198 (Microsoft Internet Explorer allows remote attackers to cause a denial ...)
	NOT-FOR-US: MSIE
CVE-2004-1197 (Cross-site scripting (XSS) vulnerability in inshop.pl in Insite inShop ...)
	NOT-FOR-US: inShop
CVE-2004-1196 (Cross-site scripting (XSS) vulnerability in inmail.pl in Insite Inmail ...)
	NOT-FOR-US: Insite Inmail
CVE-2004-1195 (Star Wars Battlefront 1.11 and earlier allows remote attackers to ...)
	NOT-FOR-US: Star Wars Battlefront
CVE-2004-1194 (Buffer overflow in Star Wars Battlefront 1.11 and earlier allows ...)
	NOT-FOR-US: Star Wars Battlefront
CVE-2004-1193 (Prevx Home 1.0 allows local users with adminstrator privileges to ...)
	NOT-FOR-US: Prevex Home
CVE-2004-1192 (Format string vulnerability in the lprintf function in Citadel/UX 6.27 ...)
	NOT-FOR-US: Citadel/UX
CVE-2004-1191 (Race condition in SuSE Linux 8.1 through 9.2, when run on SMP systems ...)
	NOTE: turned out that kernel-source-2.6.8 2.6.8-14 was incompletly fixed
	TODO: Check linux-2.6
	[sarge] - kernel-source-2.6.8 2.6.8-16
	- kernel-source-2.4.27 2.4.27-6
CVE-2004-1190 (SUSE Linux before 9.1 and SUSE Linux Enterprise Server before 9 do not ...)
	NOTE: Response from Suse people reveals that http://linux.bkbits.net:8080/linux-2.6/hist/drivers/block/scsi_ioctl.c
	NOTE: has a misleading entry titled "Fix exploitable hole"
	NOTE: http://www.securityfocus.com/advisories/7579
	NOTE: http://xforce.iss.net/xforce/xfdb/18370
	NOTE: Response from Marcus Meissner <meissner@suse.de> saying the patch was integrated in upstream 2.6.8
	NOTE: on further clarification he said that further fixes to this patch were made after 2.6.8 so only
	NOTE: 2.6.10 is actually fixed, but 2.6.8 is not
	- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.10)
	[sarge] - kernel-source-2.6.8 2.6.8-14
CVE-2004-1189 (The add_to_history function in svr_principal.c in libkadm5srv for MIT ...)
	{DSA-629-1}
	- krb5 1.3.6-1
CVE-2004-1188 (The pnm_get_chunk function in xine 0.99.2 and earlier, and other ...)
	- xine-lib 1-rc8-1
CVE-2004-1187 (Heap-based buffer overflow in the pnm_get_chunk function for xine ...)
	- xine-lib 1-rc8-1
CVE-2004-1186 (Multiple buffer overflows in enscript 1.6.3 allow remote attackers or ...)
	{DSA-654-1}
	- enscript 1.6.4-6
CVE-2004-1185 (Enscript 1.6.3 does not sanitize filenames, which allows remote ...)
	{DSA-654-1}
	- enscript 1.6.4-6
CVE-2004-1184 (The EPSF pipe support in enscript 1.6.3 allows remote attackers or ...)
	{DSA-654-1}
	- enscript 1.6.4-6
CVE-2004-1183 (Integer overflow in the tiffdump utility for libtiff 3.7.1 and earlier ...)
	{DSA-626-1}
	- tiff 3.6.1-5
CVE-2004-1182 (hfaxd in HylaFAX before 4.2.1, when installed with a &quot;weak&quot; ...)
	{DSA-634-1}
	- hylafax 1:4.2.1-1
CVE-2004-1181 (htmlheadline before 21.8 allows local users to overwrite arbitrary ...)
	{DSA-622-1}
	- htmlheadline <removed>
CVE-2004-1180 (Unknown vulnerability in the rwho daemon (rwhod) before 0.17, on ...)
	{DSA-678-1}
	- netkit-rwho 0.17-8
CVE-2004-1179 (The debstd script in debmake 3.6.x before 3.6.10 and 3.7.x before ...)
	{DSA-615-1}
	- debmake 3.7.7
CVE-2004-1178
	RESERVED
CVE-2004-1177 (Cross-site scripting (XSS) vulnerability in the driver script in ...)
	{DSA-674-1}
	- mailman 2.1.5-5
CVE-2004-1176 (Buffer underflow in extfs.c in Midnight Commander (mc) 4.5.55 and ...)
	{DSA-639-1}
	NOTE: unstable not vulnerable according to DSA, DSA was wrong..
	- mc 1:4.6.0-4.6.1-pre3-1
CVE-2004-1175 (fish.c in midnight commander allows remote attackers execute arbitrary ...)
	{DSA-639-1}
	NOTE: unstable not vulnerable according to DSA, DSA was wrong..
	- mc 1:4.6.0-4.6.1-pre3-1
CVE-2004-1174 (direntry.c in Midnight Commander (mc) 4.5.55 and earlier allows ...)
	{DSA-639-1}
	NOTE: unstable not vulnerable according to DSA, DSA was wrong..
	- mc 1:4.6.0-4.6.1-pre3-1
CVE-2004-1173 (Internet Explorer 6 allows remote attackers to bypass the popup ...)
	NOT-FOR-US: MSIE
CVE-2004-1172 (Stack-based buffer overflow in the Agent Browser in Veritas Backup ...)
	NOT-FOR-US: Veritas Backup Exec
CVE-2004-1171 (KDE 3.2.x and 3.3.0 through 3.3.2, when saving credentials that are ...)
	- kdelibs 4:3.3.1-2
	- kdebase 4:3.3.1-3
CVE-2004-1170 (a2ps 4.13 allows remote attackers to execute arbitrary commands via ...)
	{DSA-612-1}
	- a2ps 1:4.13b-4.2 (bug #283134)
CVE-2004-1169 (MaxDB WebTools 7.5.00.18 and earlier allows remote attackers to cause ...)
	- maxdb-7.5.00 7.5.00.19-1
CVE-2004-1168 (Stack-based buffer overflow in the WebDav handler in MaxDB WebTools ...)
	- maxdb-7.5.00 7.5.00.19-1
CVE-2004-1167 (mirrorselect before 0.89 creates temporary files in a world-writable ...)
	NOT-FOR-US: gentoo mirrorselect
CVE-2004-1166 (CRLF injection vulnerability in Microsoft Internet Explorer ...)
	NOT-FOR-US: Microsoft
CVE-2004-1165 (Konqueror 3.3.1 allows remote attackers to execute arbitrary FTP ...)
	{DSA-631-1}
	- kdelibs 4:3.3.2-1
CVE-2004-1164 (The lock manager in Cisco CNS Network Registrar 6.0 through 6.1.1.3 ...)
	NOT-FOR-US: Cisco
CVE-2004-1163 (Cisco CNS Network Registrar Central Configuration Management (CCM) ...)
	NOT-FOR-US: Cisco
CVE-2004-1162 (The unison command in scponly before 4.0 does not properly restrict ...)
	- scponly 4.0-1
CVE-2004-1161 (rssh 2.2.2 and earlier does not properly restrict programs that can be ...)
	- rssh 2.2.3-1
CVE-2004-1160 (Netscape 7.x to 7.2, and possibly other versions, allows remote ...)
	NOT-FOR-US: Netscape
CVE-2004-1159
	REJECTED
CVE-2004-1158 (Konqueror 3.x up to 3.2.2-6, and possibly other versions, allows ...)
	- kdelibs 4:3.3.1-3
	- kdebase 4:3.3.1-4
CVE-2004-1157 (Opera 7.x up to 7.54, and possibly other versions, allows remote ...)
	NOT-FOR-US: Opera
CVE-2004-1156 (Mozilla before 1.7.6, and Firefox before 1.0.1, allows remote ...)
	- mozilla 2:1.7.6-1
	- mozilla-firefox 1.0.1
CVE-2004-1155 (Internet Explorer 5.01 through 6 allows remote attackers to spoof ...)
	NOT-FOR-US: Microsoft MSIE
CVE-2004-1154 (Integer overflow in the Samba daemon (smbd) in Samba 2.x and 3.0.x ...)
	{DSA-701-1}
	- samba 3.0.10-1
CVE-2004-1153 (Format string vulnerability in Adobe Acrobat Reader 6.0.0 through ...)
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2004-1152 (Buffer overflow in the mailListIsPdf function in Adobe Acrobat Reader ...)
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2004-1151 (Multiple buffer overflows in the (1) sys32_ni_syscall and (2) ...)
	- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.10)
	[sarge] - kernel-source-2.6.8 2.6.8-11
CVE-2004-1150 (Stack-based buffer overflow in the in_cdda.dll plugin for Winamp 5.0 ...)
	NOT-FOR-US: Winamp
CVE-2004-1149 (Computer Associates eTrust EZ Antivirus 7.0.0 to 7.0.4, including ...)
	NOT-FOR-US: Computer Associates eTrust EZ Antivirus
CVE-2004-1148 (phpMyAdmin before 2.6.1, when configured with UploadDir functionality, ...)
	- phpmyadmin 2:2.6.1-rc1-1
CVE-2004-1147 (phpMyAdmin 2.6.0-pl2, and other versions before 2.6.1, with external ...)
	- phpmyadmin 2:2.6.1-rc1-1
CVE-2004-1146 (Multiple cross-site scripting (XSS) vulnerabilities in (1) main.c and ...)
	- cvstrac 1.1.5
CVE-2004-1145 (Multiple vulnerabilities in Konqueror in KDE 3.3.1 and earlier (1) ...)
	- kdelibs 4:3.3.2-1
CVE-2004-1144 (Unknown vulnerability in the 32bit emulation code in Linux 2.4 on ...)
	NOTE: amd64 specific
	- kernel-source-2.4.27 2.4.27-9
CVE-2004-1143 (The password generation in mailman before 2.1.5 generates only 5 ...)
	- mailman 2.1.5-5
CVE-2004-1142 (Ethereal 0.9.0 through 0.10.7 allows remote attackers to cause a ...)
	{DSA-613-1}
	- ethereal 0.10.8-1
CVE-2004-1141 (The HTTP dissector in Ethereal 0.10.1 through 0.10.7 allows remote ...)
	- ethereal 0.10.8-1
CVE-2004-1140 (Ethereal 0.9.0 through 0.10.7 allows remote attackers to cause a ...)
	- ethereal 0.10.8-1
CVE-2004-1139 (Unknown vulnerability in the DICOM dissector in Ethereal 0.10.4 ...)
	- ethereal 0.10.8-1
CVE-2004-1138 (VIM before 6.3 and gVim before 6.3 allow local users to execute ...)
	- vim 1:6.3-046+0sarge1
CVE-2004-1137 (Multiple vulnerabilities in the IGMP functionality for Linux kernel ...)
	- linux-2.6 <not-affected> (Fixed before upload into the archive)
	- kernel-source-2.4.27 2.4.27-7
CVE-2004-1136 (Buffer overflow in CuteFTP Professional 6.0, and possibly other ...)
	NOT-FOR-US: CuteFTP
CVE-2004-1135 (Multiple buffer overflows in WS_FTP Server 5.03 2004.10.14 allow ...)
	NOT-FOR-US: WS-Ftpd
CVE-2004-1134 (Buffer overflow in the Microsoft W3Who ISAPI (w3who.dll) allows remote ...)
	NOT-FOR-US: Microsoft
CVE-2004-1133 (Multiple cross-site scripting (XSS) vulnerabilities in Microsoft W3Who ...)
	NOT-FOR-US: Microsoft
CVE-2004-1132
	RESERVED
CVE-2004-1131 (Multiple buffer overflows in the enable command for SCO OpenServer ...)
	NOT-FOR-US: SCO
CVE-2004-1130 (Cross-site scripting (XSS) vulnerability in admin.asp in CMailServer ...)
	NOT-FOR-US: CMailServer
CVE-2004-1129 (SQL injection vulnerability in (1) fdelmail.asp, (2) addressc.asp, and ...)
	NOT-FOR-US: CMailServer
CVE-2004-1128 (Buffer overflow in CMailCOM.dll in CMailServer 5.2 allows remote ...)
	NOT-FOR-US: CMailServer
CVE-2004-1127 (Buffer overflow in Open Dc Hub 0.7.14 allows remote attackers, with ...)
	- opendchub 0.7.14-1.1 (bug #284350; bug #283061)
CVE-2004-1126
	RESERVED
CVE-2004-1125 (Buffer overflow in the Gfx::doImage function in Gfx.cc for xpdf 3.00, ...)
	{DSA-621-1 DSA-619-1}
	- xpdf 3.00-11
	- cupsys 1.1.22-2
	- cups 1.1.22-2
	- tetex-bin 2.0.2-25
	- gpdf 2.8.2-1
	- koffice 1:1.3.5-1
CVE-2004-1124 (Unknown vulnerability in chroot on SCO UnixWare 7.1.1 through 7.1.4 ...)
	NOT-FOR-US: UnixWare
CVE-2004-1123 (Darwin Streaming Server 5.0.1, and possibly earlier versions, allows ...)
	NOT-FOR-US: Darwin Streaming Server
CVE-2004-1122 (Safari 1.x to 1.2.4, and possibly other versions, allows inactive ...)
	NOT-FOR-US: Safari
CVE-2004-1121 (Apple Safari 1.0 through 1.2.3 allows remote attackers to spoof the ...)
	NOT-FOR-US: Safari
CVE-2004-1120 (Mulitple buffer overflows in (1) http.c, (2) http-retr.c, (3) main.c ...)
	{DSA-663-1}
	- prozilla 1:1.3.7.3-1
CVE-2004-1119 (Stack-based buffer overflow in IN_CDDA.dll in Winamp 5.05, and ...)
	NOT-FOR-US: Winamp
CVE-2004-1118 (Buffer overflow in the WodFtpDLX.ocx (WeOnlyDo!) ActiveX component ...)
	NOT-FOR-US: WodFtpDLX.ocx ActiveX component
CVE-2004-1117 (The init scripts in ChessBrain 20407 and earlier execute user-owned ...)
	NOT-FOR-US: ChessBrain
CVE-2004-1116 (The init scripts in Great Internet Mersenne Prime Search (GIMPS) 23.9 ...)
	NOT-FOR-US: GIMPS
CVE-2004-1115 (The init scripts in Search for Extraterrestrial Intelligence (SETI) ...)
	- setiathome <not-affected> (Gentoo-specific vulnerability)
CVE-2004-1114 (Buffer overflow in the handling of command line arguments in Skype ...)
	NOT-FOR-US: Skype
CVE-2004-1113 (SQL injection vulnerability in SQLgrey Postfix greylisting service ...)
	- sqlgrey 1.2.0
CVE-2004-1112 (The buffer overflow trigger in Cisco Security Agent (CSA) before 4.0.3 ...)
	NOT-FOR-US: Cisco
CVE-2004-1111 (Cisco IOS 2.2(18)EW, 12.2(18)EWA, 12.2(14)SZ, 12.2(18)S, 12.2(18)SE, ...)
	NOT-FOR-US: Cisco
CVE-2004-1110 (The mtink status monitor before 1.0.5 for Epson printers allows local ...)
	- mtink 1.0.5
	NOTE: debian not vulnerable except in edge case
CVE-2004-1109 (The FWDRV.SYS driver in Kerio Personal Firewall 4.1.1 and earlier ...)
	NOT-FOR-US: Kerio Personal Firewall
CVE-2004-1108 (qpkg in Gentoolkit 0.2.0_pre10 and earlier allows local users to ...)
	NOT-FOR-US: Gentoolkit
CVE-2004-1107 (dispatch-conf in Portage 2.0.51-r2 and earlier allows local users to ...)
	NOT-FOR-US: Portage
CVE-2004-1106 (Cross-site scripting (XSS) vulnerability in Gallery 1.4.4-pl3 and ...)
	{DSA-642-1}
	- gallery 1.4.4-pl4-1
CVE-2004-1105 (Nortel Networks Contivity VPN Client displays a different error ...)
	NOT-FOR-US: Nortel Networks Contivity VPN Client
CVE-2004-1104 (Microsoft Internet Explorer 6.0 SP2 allows remote attackers to spoof a ...)
	NOT-FOR-US: Microsoft
CVE-2004-1103 (MailPost 5.1.1sv, and possibly earlier versions, when debug mode is ...)
	NOT-FOR-US: MailPost
CVE-2004-1102 (MailPost 5.1.1sv, and possibly earlier versions, displays a different ...)
	NOT-FOR-US: MailPost
CVE-2004-1101 (mailpost.exe in MailPost 5.1.1sv, and possibly earlier versions, ...)
	NOT-FOR-US: MailPost
CVE-2004-1100 (Cross-site scripting (XSS) vulnerability in mailpost.exe in MailPost ...)
	NOT-FOR-US: MailPost
CVE-2004-1099 (Cisco Secure Access Control Server for Windows (ACS Windows) and Cisco ...)
	NOT-FOR-US: Cisco
CVE-2004-1098 (MIMEDefang in MIME-tools 5.414 allows remote attackers to bypass virus ...)
	- mime-tools 5.415-1
CVE-2004-1097 (Format string vulnerability in the cherokee_logger_ncsa_write_string ...)
	- cherokee <not-affected> (Fixed before upload into archive)
CVE-2004-1096 (Archive::Zip Perl module before 1.14, when used by antivirus programs ...)
	- libarchive-zip-perl 1.14-1
CVE-2004-1095 (Multiple integer overflows in (1) readbmp.c, (2) readgif.c, (3) ...)
	{DSA-608-1}
	- zgv 5.7-1.3 (bug #284124)
CVE-2004-1094 (Buffer overflow in InnerMedia DynaZip DUNZIP32.dll file version ...)
	NOT-FOR-US: RealPlayer
CVE-2004-1093 (Midnight commander (mc) 4.5.55 and earlier allows remote attackers to ...)
	{DSA-639-1}
	NOTE: unstable not vulnerable according to DSA, DSA was wrong..
	- mc 1:4.6.0-4.6.1-pre3-1
CVE-2004-1092 (Midnight commander (mc) 4.5.55 and earlier allows remote attackers to ...)
	{DSA-639-1}
	NOTE: unstable not vulnerable according to DSA, DSA was wrong..
	- mc 1:4.6.0-4.6.1-pre3-1
CVE-2004-1091 (Midnight commander (mc) 4.5.55 and earlier allows remote attackers to ...)
	{DSA-639-1}
	NOTE: unstable not vulnerable according to DSA, DSA was wrong..
	- mc 1:4.6.0-4.6.1-pre3-1
CVE-2004-1090 (Midnight commander (mc) 4.5.55 and earlier allows remote attackers to ...)
	{DSA-639-1}
	NOTE: unstable not vulnerable according to DSA, DSA was wrong..
	- mc 1:4.6.0-4.6.1-pre3-1
CVE-2004-1089 (Unknown vulnerability in Apple Mac OS X 10.3.6 server, when using ...)
	NOT-FOR-US: Apple MacOS
CVE-2004-1088 (Postfix server for Apple Mac OS X 10.3.6, when using CRAM-MD5, allows ...)
	NOT-FOR-US: Apple MacOS
CVE-2004-1087 (Terminal for Apple Mac OS X 10.3.6 may indicate that &quot;Secure Keyboard ...)
	NOT-FOR-US: Apple MacOS
CVE-2004-1086 (Buffer overflow in PSNormalizer for Apple Mac OS X 10.3.6 allows ...)
	NOT-FOR-US: Apple MacOS
CVE-2004-1085 (Human Interface Toolbox (HIToolBox) for Apple Mac 0S X 10.3.6 allows ...)
	NOT-FOR-US: Apple MacOS
CVE-2004-1084 (Apache for Apple Mac OS X 10.2.8 and 10.3.6 allows remote attackers to ...)
	NOT-FOR-US: Apple MacOS
CVE-2004-1083 (Apache for Apple Mac OS X 10.2.8 and 10.3.6 restricts access to files ...)
	NOT-FOR-US: Apple MacOS
CVE-2004-1081 (The Application Framework (AppKit) for Apple Mac OS X 10.2.8 and ...)
	NOT-FOR-US: Apple MacOS
CVE-2004-1082 (mod_digest_apple for Apache 1.3.31 and 1.3.32 on Mac OS X Server does ...)
	NOT-FOR-US: Apple MacOS
CVE-2004-1080 (The WINS service (wins.exe) on Microsoft Windows NT Server 4.0, ...)
	NOT-FOR-US: Microsoft
CVE-2004-1079 (Buffer overflow in (1) ncplogin and (2) ncpmap in nwclient.c for ncpfs ...)
	- ncpfs 2.2.5-2
CVE-2004-1078 (Stack-based buffer overflow in the client for Citrix Program ...)
	NOT-FOR-US: Citrix
CVE-2004-1077 (Citrix Program Neighborhood Agent for Win32 8.00.24737 and earlier and ...)
	NOT-FOR-US: Citrix
CVE-2004-1076 (Multiple buffer overflows in the RtConfigLoad function in rt-config.c ...)
	{DSA-609-1}
	- atari800 1.3.2-1
CVE-2004-1075 (Cross-site scripting (XSS) vulnerability in standard_error_message.dtml ...)
	- zope-zwiki 0.37.0-1
CVE-2004-1074 (The binfmt functionality in the Linux kernel, when &quot;memory overcommit&quot; ...)
	{DSA-1082-1 DSA-1070-1 DSA-1069-1 DSA-1067-1}
	- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.10)
	[sarge] - kernel-source-2.6.8 2.6.8-11
	- kernel-source-2.4.27 2.4.27-7
CVE-2004-1073 (The open_exec function in the execve functionality (exec.c) in Linux ...)
	{DSA-1082-1 DSA-1070-1 DSA-1069-1 DSA-1067-1}
	- linux-2.6 <not-affected> (Fixed before upload into archive)
	- kernel-source-2.4.27 2.4.27-6
CVE-2004-1072 (The binfmt_elf loader (binfmt_elf.c) in Linux kernel 2.4.x up to ...)
	{DSA-1082-1 DSA-1070-1 DSA-1069-1 DSA-1067-1}
	- linux-2.6 <not-affected> (Fixed before upload into archive)
	- kernel-source-2.4.27 2.4.27-6
CVE-2004-1071 (The binfmt_elf loader (binfmt_elf.c) in Linux kernel 2.4.x up to ...)
	{DSA-1082-1 DSA-1070-1 DSA-1069-1 DSA-1067-1}
	- linux-2.6 <not-affected> (Fixed before upload into archive)
	- kernel-source-2.4.27 2.4.27-6
CVE-2004-1070 (The load_elf_binary function in the binfmt_elf loader (binfmt_elf.c) ...)
	{DSA-1082-1 DSA-1070-1 DSA-1069-1 DSA-1067-1}
	- linux-2.6 <not-affected> (Fixed before upload into archive)
	- kernel-source-2.4.27 2.4.27-6
CVE-2004-1069 (Race condition in SELinux 2.6.x through 2.6.9 allows local users to ...)
	- linux-2.6 <not-affected> (Fixed before upload into archive)
	- kernel-source-2.4.27 <not-affected> (2.6 only issue)
	[sarge] - kernel-source-2.6.8 2.6.8-11
CVE-2004-1068 (A &quot;missing serialization&quot; error in the unix_dgram_recvmsg function in ...)
	{DSA-1082-1 DSA-1070-1 DSA-1069-1 DSA-1067-1}
	- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.9)
	- kernel-source-2.4.27 2.4.27-7
	[sarge] - kernel-source-2.6.8 2.6.8-11
CVE-2004-1067 (Off-by-one error in the mysasl_canon_user function in Cyrus IMAP ...)
	- cyrus21-imapd <not-affected> (Only affected 2.2 series)
CVE-2004-1066 (The cmdline pseudofiles in (1) procfs on FreeBSD 4.8 through 5.3, and ...)
	NOT-FOR-US: FreeBSD
CVE-2004-1065 (Buffer overflow in the exif_read_data function in PHP before 4.3.10 ...)
	- php4 4:4.3.10-1
CVE-2004-1064 (The safe mode checks in PHP 4.x to 4.3.9 and PHP 5.x to 5.0.2 truncate ...)
	- php4 4:4.3.10-1
CVE-2004-1063 (PHP 4.x to 4.3.9, and PHP 5.x to 5.0.2, when running in safe mode on a ...)
	- php4 4:4.3.10-1
CVE-2004-1062 (Multiple cross-site scripting (XSS) vulnerabilities in ViewCVS 0.9.2 ...)
	- viewcvs 0.9.2+cvs.1.0.dev.2004.07.28-1.3 (bug #287771)
CVE-2004-1061 (Cross-site scripting (XSS) vulnerability in Bugzilla before 2.18, ...)
	- bugzilla 2.16.7-2
CVE-2004-1060 (Multiple TCP/IP and ICMP implementations, when using Path MTU (PMTU) ...)
	NOTE: Linux kernel verifies TCP sequence numbers on ICMP errors
CVE-2004-1059 (Multiple cross-site scripting (XSS) vulnerabilities in mnoGoSearch ...)
	- mnogosearch 3.2.18-2.2
CVE-2004-1058 (Race condition in Linux kernel 2.6 allows local users to read the ...)
	{DSA-1018-1}
	- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.10)
	[sarge] - kernel-source-2.6.8 2.6.8-14
CVE-2004-1057 (Multiple drivers in Linux kernel 2.4.19 and earlier do not properly ...)
	- linux-2.6 <not-affected> (Fixed before upload into archive)
	- kernel-source-2.4.27 2.4.27-10
CVE-2004-1056 (Direct Rendering Manager (DRM) driver in Linux kernel 2.6 does not ...)
	- linux-2.6 <not-affected> (Fixed before upload into archive)
	- kernel-source-2.4.27 2.4.27-8
	[sarge] - kernel-source-2.6.8 2.6.8-11
CVE-2004-1055 (Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin ...)
	- phpmyadmin 2:2.6.0-pl3-1
CVE-2004-1054 (Untrusted execution path vulnerability in invscout in IBM AIX 5.1.0, ...)
	NOT-FOR-US: AIX
CVE-2004-1053 (Integer overflow in fetch on FreeBSD 4.1 through 5.3 allows remote ...)
	NOT-FOR-US: fetch on FreeBSD
CVE-2004-1052 (Buffer overflow in the getnickuserhost function in BNC 2.8.9, and ...)
	{DSA-595-1}
	- bnc <removed>
CVE-2004-1051 (sudo before 1.6.8p2 allows local users to execute arbitrary commands ...)
	{DSA-596-2}
	- sudo 1.6.8p3-1
CVE-2004-1050 (Heap-based buffer overflow in Internet Explorer 6 allows remote ...)
	NOT-FOR-US: Microsoft
CVE-2004-1049 (Integer overflow in the LoadImage API of the USER32 Lib for Microsoft ...)
	NOT-FOR-US: Microsoft
CVE-2004-1048
	RESERVED
CVE-2004-1047
	RESERVED
CVE-2004-1046
	RESERVED
CVE-2004-1045
	RESERVED
CVE-2004-1044
	RESERVED
CVE-2004-1043 (Internet Explorer 6.0 on Windows XP SP2 allows remote attackers to ...)
	NOT-FOR-US: MSIE
CVE-2004-1042
	RESERVED
CVE-2004-1041
	RESERVED
CVE-2004-1040
	RESERVED
CVE-2004-1039 (The NFS mountd service on SCO UnixWare 7.1.1, 7.1.3, 7.1.4, and 7.0.1, ...)
	NOT-FOR-US: SCO UnixWare
CVE-2004-1038 (A design error in the IEEE1394 specification allows attackers with ...)
	NOT-FOR-US: IEEE1394 specification bug, physical security
CVE-2004-1037 (The search function in TWiki 20030201 allows remote attackers to ...)
	- twiki 20030201-6
CVE-2004-1036 (Cross-site scripting (XSS) vulnerability in the decoding of encoded ...)
	- squirrelmail 2:1.4.3a-3
CVE-2004-1035 (Multiple integer signedness errors in (1) imapcommon.c, (2) main.c, ...)
	- up-imapproxy 1.2.2+1.2.3rc2-1
CVE-2004-1034 (Buffer overflow in the http_open function in Kaffeine before 0.5, ...)
	- kaffeine 0.4.3.1-3
	- gxine 0.4-rc1
CVE-2004-1033 (Fcron 2.0.1, 2.9.4, and possibly earlier versions leak file ...)
	- fcron 2.9.5.1-1
CVE-2004-1032 (fcronsighup in Fcron 2.0.1, 2.9.4, and possibly earlier versions ...)
	- fcron 2.9.5.1-1
CVE-2004-1031 (fcronsighup in Fcron 2.0.1, 2.9.4, and possibly earlier versions ...)
	- fcron 2.9.5.1-1
CVE-2004-1030 (fcronsighup in Fcron 2.0.1, 2.9.4, and possibly earlier versions ...)
	- fcron 2.9.5.1-1
CVE-2004-1029 (The Sun Java Plugin capability in Java 2 Runtime Environment (JRE) ...)
	NOT-FOR-US: Sun JRE
CVE-2004-1028 (Untrusted execution path vulnerability in chcod on AIX IBM 5.1.0, ...)
	NOT-FOR-US: AIX
CVE-2004-1027 (Directory traversal vulnerability in the -x (extract) command line ...)
	{DSA-652-1}
	- arj <not-affected> (sarge's unarj is from a different code base, probably not vulnerable)
CVE-2004-1026 (Multiple integer overflows in the image handler for imlib 1.9.14 and ...)
	{DSA-628-1 DSA-618-1}
	- imlib 1.9.14-17.1 (bug #284925)
	- imlib+png2 1.9.14-16.1
	- imlib2 1.1.2-2.1
CVE-2004-1025 (Multiple heap-based buffer overflows in imlib 1.9.14 and earlier, ...)
	{DSA-618-1}
	- imlib 1.9.14-17.1 (bug #284925)
	- imlib+png2 1.9.14-16.1
CVE-2004-1024
	RESERVED
CVE-2004-1023 (Kerio Winroute Firewall before 6.0.9, ServerFirewall before 1.0.1, and ...)
	NOT-FOR-US: Kerio
CVE-2004-1022 (Kerio Winroute Firewall before 6.0.7, ServerFirewall before 1.0.1, and ...)
	NOT-FOR-US: Kerio
CVE-2004-1021 (iCal before 1.5.4 on Mac OS X 10.2.3, and other later versions, does ...)
	NOT-FOR-US: MacOS
CVE-2004-1020 (The addslashes function in PHP 4.3.9 does not properly escape a NULL ...)
	- php4 4:4.3.10-1
CVE-2004-1019 (The deserialization code in PHP before 4.3.10 and PHP 5.x up to 5.0.2 ...)
	- php4 4:4.3.10-1
CVE-2004-1018 (Multiple integer handling errors in PHP before 4.3.10 allow attackers ...)
	- php4 4:4.3.10-1
	- php3 3:3.0.18-29
CVE-2004-1017 (Multiple &quot;overflows&quot; in the io_edgeport driver for Linux kernel 2.4.x ...)
	{DSA-1082-1 DSA-1070-1 DSA-1069-1 DSA-1067-1 DSA-1017-1}
	- linux-2.6 <not-affected> (2.4 specific vulnerability)
CVE-2004-1016 (The scm_send function in the scm layer for Linux kernel 2.4.x up to ...)
	{DSA-1082-1 DSA-1070-1 DSA-1069-1 DSA-1067-1}
	- linux-2.6 <not-affected> (Fixed before upload into archive)
	- kernel-source-2.4.27 2.4.27-7
CVE-2004-1015 (Buffer overflow in proxyd for Cyrus IMAP Server 2.2.9 and earlier, ...)
	- cyrus-imapd <not-affected> (cyrus-imapd not vulnerable)
	- cyrus21-imapd <not-affected> (cyrus21-imapd not vulnerable)
CVE-2004-1014 (statd in nfs-utils 1.257 and earlier does not ignore the SIGPIPE ...)
	{DSA-606-1}
	- nfs-utils 1:1.0.6-3.1
CVE-2004-1013 (The argument parser of the FETCH command in Cyrus IMAP Server 2.2.x ...)
	{DSA-597-1}
	- cyrus-imapd 1.5.19-20
	- cyrus21-imapd 2.1.17-1
CVE-2004-1012 (The argument parser of the PARTIAL command in Cyrus IMAP Server 2.2.6 ...)
	{DSA-597-1}
	- cyrus-imapd 1.5.19-20
	- cyrus21-imapd 2.1.17-1
CVE-2004-1011 (Stack-based buffer overflow in Cyrus IMAP Server 2.2.4 through 2.2.8, ...)
	- cyrus-imapd <not-affected> (cyrus-imapd not vulnerable)
	- cyrus21-imapd <not-affected> (cyrus21-imapd not vulnerable)
CVE-2004-1010 (Buffer overflow in Info-Zip 2.3 and possibly earlier versions, when ...)
	{DSA-624-1}
	- zip 2.30-8
CVE-2004-1009 (Midnight commander (mc) 4.5.55 and earlier allows remote attackers to ...)
	{DSA-639-1}
	NOTE: unstable not vulnerable according to DSA, DSA was wrong..
	- mc 1:4.6.0-4.6.1-pre3-1
CVE-2004-1008 (Integer signedness error in the ssh2_rdpkt function in PuTTY before ...)
	- putty 0.56-1
CVE-2004-1007 (The quoted-printable decoder in bogofilter 0.17.4 to 0.92.7 allows ...)
	- bogofilter 0.92.8-1
CVE-2004-1006 (Format string vulnerability in the log functions in dhcpd for dhcp 2.x ...)
	{DSA-584-1}
	- dhcp 2.0pl5-19.1
CVE-2004-1005 (Multiple buffer overflows in Midnight Commander (mc) 4.5.55 and ...)
	{DSA-639-1}
	NOTE: unstable not vulnerable according to DSA, DSA was wrong..
	- mc 1:4.6.0-4.6.1-pre3-1
CVE-2004-1004 (Multiple format string vulnerabilities in Midnight Commander (mc) ...)
	{DSA-639-1}
	NOTE: unstable not vulnerable according to DSA, DSA was wrong..
	- mc 1:4.6.0-4.6.1-pre3-1
CVE-2004-1003 (Trend ScanMail allows remote attackers to obtain potentially sensitive ...)
	NOT-FOR-US: Trend ScanMail
CVE-2004-1002 (Integer underflow in pppd in cbcp.c for ppp 2.4.1 allows remote ...)
	- ppp 2.4.2+20040428-3
CVE-2004-1001 (Unknown vulnerability in the passwd_check function in Shadow 4.0.4.1, ...)
	{DSA-585-1}
	NOTE: Fixed in 	shadow 1:4.0.3-30.3 for the first time.
	NOTE: Apparently, the fix was lost somehow, see #309587.
	NOTE: It was reapplied to sarge before the release, and to sid in
	NOTE: version 1:4.0.3-35.
	- shadow 1:4.0.3-35
	[sarge] - shadow 1:4.0.3-31sarge5 (bug #309587)
CVE-2004-1000 (lintian 1.23 and earlier removes the working directory even if it was ...)
	{DSA-630-1}
	- lintian 1.23.6 (bug #286379; low)
CVE-2004-0999 (zgv 5.5.3 allows remote attackers to cause a denial of service ...)
	{DSA-608-1}
	- zgv 5.7-1.3 (bug #284124)
	NOTE: changelog says he only patched 1095, but diff comparison
	NOTE: shows 0999 was also fixed.
CVE-2004-0998 (Format string vulnerability in telnetd-ssl 0.17 and earlier allows ...)
	{DSA-616-1}
	- netkit-telnet-ssl 0.17.24+0.1-6
CVE-2004-0997 (Unspecified vulnerability in the ptrace MIPS assembly code in Linux ...)
	{DSA-1082-1 DSA-1070-1 DSA-1069-1 DSA-1067-1}
	- linux-2.6 <not-affected> (fixed before first upload)
CVE-2004-0996 (main.c in cscope 15-4 and 15-5 creates temporary files with ...)
	{DSA-610-1}
	- cscope 15.5-1.1 (bug #282815)
	NOTE: Patch in debian bts from ubuntu is good. All other patches are crap.
CVE-2004-0995
	RESERVED
CVE-2004-0994 (Multiple integer overflows in xzgv 0.8 and earlier allow remote ...)
	{DSA-614-1}
	NOTE: only indication that it's this CVE is in the debian package changelog
	- xzgv 0.8-3
CVE-2004-0993 (Buffer overflow in hpsockd before 0.6 allows remote attackers to cause ...)
	{DSA-604-1}
	- hpsockd 0.14
CVE-2004-0992 (Format string vulnerability in the -a option (daemon mode) in ...)
	NOT-FOR-US: Proxytunnel
CVE-2004-0991 (Buffer overflow in mpg123 before 0.59s-r9 allows remote attackers to ...)
	- mpg123 0.59r-19
CVE-2004-0990 (Integer overflow in GD Graphics Library libgd 2.0.28 (libgd2), and ...)
	{DSA-602-1 DSA-601-1 DSA-591-1 DSA-589-1}
	- libgd2 2.0.30-1
	- libgd 1.8.4-36.1
CVE-2004-0989 (Multiple buffer overflows in libXML 2.6.12 and 2.6.13 (libxml2), and ...)
	{DSA-582-1}
	- libxml 1:1.8.17-9
	- libxml2 2.6.11-5
CVE-2004-0988 (Integer overflow on Apple QuickTime before 6.5.2, when running on ...)
	NOT-FOR-US: Apple
CVE-2004-0987 (Buffer overflow in the process_menu function in yardradius 1.0.20 ...)
	{DSA-598-1}
	- yardradius 1.0.20-15
CVE-2004-0986 (Iptables before 1.2.11, under certain conditions, does not properly ...)
	{DSA-580-1}
	- iptables 1.2.11-4
CVE-2004-0985 (Internet Explorer 6.x on Windows XP SP2 allows remote attackers to ...)
	NOT-FOR-US: windows
CVE-2004-0984 (Unknown vulnerability in the dotlock implementation in mailutils ...)
	- mailutils 1:0.5-4
CVE-2004-0983 (The CGI module in Ruby 1.6 before 1.6.8, and 1.8 before 1.8.2, allows ...)
	{DSA-586-1}
	- ruby1.8 1.8.1+1.8.2pre2-4
	- ruby1.6 1.6.8-12
	- ruby <removed>
CVE-2004-0982 (Buffer overflow in the getauthfromURL function in httpget.c in mpg123 ...)
	{DSA-578-1}
	- mpg123 0.59r-18
	NOTE: Original fix in -17 was incomplete
CVE-2004-0981 (Buffer overflow in the EXIF parsing routine in ImageMagick before ...)
	{DSA-593-1}
	- imagemagick 6:6.0.6.2-1.5 (bug #278401)
	- graphicsmagick 1.1.7-1
CVE-2004-0980 (Format string vulnerability in ez-ipupdate.c for ez-ipupdate 3.0.10 ...)
	{DSA-592-1}
	- ez-ipupdate 3.0.11b8-8
CVE-2004-0979 (Internet Explorer on Windows XP does not properly modify the &quot;Drag and ...)
	NOT-FOR-US: windows
CVE-2004-0978 (Heap-based buffer overflow in the Hrtbeat.ocx (Heartbeat) ActiveX ...)
	NOT-FOR-US: windows
CVE-2004-0977 (The make_oidjoins_check script in PostgreSQL 7.4.5 and earlier allows local ...)
	{DSA-577-1}
	- postgresql 7.4.6-1
CVE-2004-0976 (Multiple scripts in the perl package in Trustix Secure Linux 1.5 ...)
	{DSA-620-1}
	- perl 5.8.4-4
CVE-2004-0975 (The der_chop script in the openssl package in Trustix Secure Linux 1.5 ...)
	{DSA-603-1}
	- openssl 0.9.7e-3
	NOTE: -1 claimed to include it, but it was missing
CVE-2004-0974 (The netatalk package in Trustix Secure Linux 1.5 through 2.1, and ...)
	- netatalk 1.6.4a-1 (low)
CVE-2004-0973
	REJECTED
CVE-2004-0972 (The lvmcreate_initrd script in the lvm package in Trustix Secure Linux ...)
	{DSA-583-1}
	- lvm10 1:1.0.8-8
CVE-2004-0971 (The krb5-send-pr script in the kerberos5 (krb5) package in Trustix ...)
	NOTE: Not shipped in the krb5 binary package
	- krb5 <unfixed> (bug #278271; unimportant)
	- arla 0.36.2-11
CVE-2004-0970 (The (1) gzexe, (2) zdiff, and (3) znew scripts in the gzip package, as ...)
	{DSA-588-1}
	- gzip 1.3.5-8 (bug #259043; bug #257314; medium)
CVE-2004-0969 (The groffer script in the Groff package 1.18 and later versions, as ...)
	- groff 1.18.1.1-2
CVE-2004-0968 (The catchsegv script in glibc 2.3.2 and earlier allows local users to ...)
	{DSA-636-1}
	- glibc 2.3.2.ds1-19
CVE-2004-0967 (The (1) pj-gs.sh, (2) ps2epsi, (3) pv.sh, and (4) sysvlp.sh scripts ...)
	- gs-common 0.3.6-0.1
	- gs-gpl 8.56.dfsg.1-1 (bug #291373; unimportant)
	NOTE: ps2epsi hole present in gs-gpl, but not shipped in binary
CVE-2004-0966 (The (1) autopoint and (2) gettextize scripts in the GNU gettext ...)
	- gettext 0.14.1-6
CVE-2004-0965 (stmkfont in HP-UX B.11.00 through B.11.23 relies on the user-specified ...)
	NOT-FOR-US: HP-UX
CVE-2004-0964 (Buffer overflow in Zinf 2.2.1 on Windows, and other older versions for ...)
	{DSA-587-1}
	- zinf <not-affected> (According to DSA-587 not affected, as module was rewritten)
	- freeamp <removed>
CVE-2004-0963 (Buffer overflow in Microsoft Word 2002 (10.6612.6714) SP3, and ...)
	NOT-FOR-US: windows
CVE-2004-0962 (Apple Remote Desktop Client 1.2.4 executes a GUI application as root ...)
	NOT-FOR-US: Apple Remote Desktop Client
CVE-2004-0961 (Memory leak in FreeRADIUS before 1.0.1 allows remote attackers to ...)
	- freeradius 1.0.1
CVE-2004-0960 (FreeRADIUS before 1.0.1 allows remote attackers to cause a denial of ...)
	- freeradius 1.0.1
CVE-2004-0959 (rfc1867.c in PHP before 5.0.2 allows local users to upload files to ...)
	- php4 4:4.3.9
CVE-2004-0958 (php_variables.c in PHP before 5.0.2 allows remote attackers to read ...)
	- php4 4:4.3.9
CVE-2004-0957 (Unknown vulnerability in MySQL 3.23.58 and earlier, when a local user ...)
	{DSA-707-1}
	- mysql-dfsg-4.1 4.1.10a-6
	- mysql-dfsg 4.0.24-5
CVE-2004-0956 (MySQL before 4.0.20 allows remote attackers to cause a denial of ...)
	- mysql-dfsg <not-affected> (Not vulnerable, http://www.debian.org/security/nonvulns-sarge)
CVE-2004-0955
	REJECTED
CVE-2004-0954
	REJECTED
CVE-2004-0953 (Buffer overflow in the C2S module in the open source Jabber 2.x server ...)
	- jabber <not-affected> (Jabber version 2 is vulnerable, we have an older version that seems not)
CVE-2004-0952 (HP-UX B.11.00 through B.11.23, when running Ignite-UX and using the ...)
	NOT-FOR-US: HP-UX
CVE-2004-0951 (The make_recovery command for the TFTP server in HP Ignite-UX before ...)
	NOT-FOR-US: HP-UX
CVE-2004-0950 (NetOp Host before 7.65 build 2004278 allows remote attackers to obtain ...)
	NOT-FOR-US: NetOp Host
CVE-2004-0949 (The smb_recv_trans2 function call in the samba filesystem (smbfs) in ...)
	{DSA-1082-1 DSA-1070-1 DSA-1069-1 DSA-1067-1}
	- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.9)
CVE-2004-0948
	REJECTED
CVE-2004-0947 (Buffer overflow in unarj before 2.63a-r2 allows remote attackers to ...)
	{DSA-652-1}
	NOTE: see http://lwn.net/Alerts/110733/
	- arj <not-affected> (sarge's unarj is from a different code base, probably not vulnerable)
CVE-2004-0946 (rquotad in nfs-utils (rquota_server.c) before 1.0.6-r6 on 64-bit ...)
	- nfs-utils <not-affected> (does not apply per maintainer)
CVE-2004-0945 (The web management interface for Mitel 3300 Integrated Communications ...)
	NOT-FOR-US: Mitel 3300 Integrated Communications Platform
CVE-2004-0944 (The web management interface for Mitel 3300 Integrated Communications ...)
	NOT-FOR-US: Mitel 3300 Integrated Communications Platform
CVE-2004-0943
	REJECTED
CVE-2004-0942 (Apache webserver 2.0.52 and earlier allows remote attackers to cause a ...)
	- apache2 2.0.52-2
CVE-2004-0941 (Multiple buffer overflows in the gd graphics library (libgd) 2.0.21 ...)
	{DSA-602-1 DSA-601-1}
	- libgd2 2.0.33-1.1
	- libgd 1.8.4-36.1
CVE-2004-0940 (Buffer overflow in the get_tag function in mod_include for Apache ...)
	{DSA-594-1}
	- apache 1.3.33-2
CVE-2004-0939 (changepassword.cgi in Neoteris Instant Virtual Extranet (IVE) 3.x and ...)
	NOT-FOR-US: Neoteris Instant Virtual Extranet
CVE-2004-0938 (FreeRADIUS before 1.0.1 allows remote attackers to cause a denial of ...)
	- freeradius 1.0.1
CVE-2004-0937 (Sophos Anti-Virus before 3.87.0, and Sophos Anti-Virus for Windows 95, ...)
	NOT-FOR-US: Sophos Anti-Virus
CVE-2004-0936 (RAV antivirus allows remote attackers to bypass antivirus protection ...)
	NOT-FOR-US: RAV antivirus
CVE-2004-0935 (Eset Anti-Virus before 1.020 (16th September 2004) allows remote ...)
	NOT-FOR-US: Eset anti-virus
CVE-2004-0934 (Kaspersky 3.x to 4.x allows remote attackers to bypass antivirus ...)
	NOT-FOR-US: Kaspersky antivirus
CVE-2004-0933 (Computer Associates (CA) InoculateIT 6.0, eTrust Antivirus r6.0 ...)
	NOT-FOR-US: Computer Associates (CA) InoculateIT 6.0, eTrust Antivirus
CVE-2004-0932 (McAfee Anti-Virus Engine DATS drivers before 4398 released on Oct 13th ...)
	NOT-FOR-US: McAfee Anti-Virus Engine DATS drivers
CVE-2004-0931 (MySQL MaxDB before 7.5.00.18 allows remote attackers to cause a denial ...)
	- maxdb-7.5.00 7.5.00.18
CVE-2004-0930 (The ms_fnmatch function in Samba 3.0.4 and 3.0.7 and possibly other ...)
	- samba 3.0.8-1
CVE-2004-0929 (Heap-based buffer overflow in the OJPEGVSetField function in ...)
	- tiff3g <removed>
CVE-2004-0928 (The Microsoft IIS Connector in JRun 4.0 and Macromedia ColdFusion MX ...)
	NOT-FOR-US: Macromedia
CVE-2004-0927 (ServerAdmin in Mac OS X 10.2.8 through 10.3.5 uses the same example ...)
	NOT-FOR-US: MacOS
CVE-2004-0926 (Heap-based buffer overflow in Apple QuickTime on Mac OS 10.2.8 through ...)
	NOT-FOR-US: MacOS
CVE-2004-0925 (Postfix on Mac OS X 10.3.x through 10.3.5, with SMTPD AUTH enabled, ...)
	NOT-FOR-US: MacOS
CVE-2004-0924 (NetInfo Manager on Mac OS X 10.3.x through 10.3.5, after an initial ...)
	NOT-FOR-US: MacOS
CVE-2004-0923 (CUPS 1.1.20 and earlier records authentication information for a ...)
	{DSA-566-1}
	- cupsys 1.1.20final+rc1-9
	- cups 1.1.20final+rc1-9
CVE-2004-0922 (AFP Server on Mac OS X 10.3.x to 10.3.5, under certain conditions, ...)
	NOT-FOR-US: MacOS
CVE-2004-0921 (AFP Server on Mac OS X 10.3.x to 10.3.5, when a guest has mounted an ...)
	NOT-FOR-US: MacOS
CVE-2004-0920 (Symantec Norton AntiVirus 2004, and earlier versions, allows a virus ...)
	NOT-FOR-US: norton
CVE-2004-0919 (The syscons CONS_SCRSHOT ioctl in FreeBSD 5.x allows local users to ...)
	NOT-FOR-US: FreeBSD
CVE-2004-0918 (The asn_parse_header function (asn1.c) in the SNMP module for Squid ...)
	{DSA-576-1}
	- squid 2.5.7
CVE-2004-0917 (The default installation of Vignette Application Portal installs the ...)
	NOT-FOR-US: Vignette Application Portal
CVE-2004-0916 (Directory traversal vulnerability in cabextract before 1.1 allows ...)
	{DSA-574-1}
	- cabextract 1.1-1
CVE-2004-0915 (Multiple unknown vulnerabilities in viewcvs before 0.9.2, when ...)
	{DSA-605-1}
	- viewcvs 0.9.2+cvs.1.0.dev.2004.07.28-1.2 (bug #284237)
CVE-2004-0914 (Multiple vulnerabilities in libXpm for 6.8.1 and earlier, as used in ...)
	{DSA-607-1}
	NOTE: Previous -9 fix had some issues of its own
	- xfree86 4.3.0.dfsg.1-14 (bug #309143)
	NOTE: lesstif1 and 2 have to be fixed separately
	- lesstif1-1 1:0.93.94-11.3 (bug #294099)
	NOTE: but lesstif2 did get fixed for this hole..
	- lesstif2 1:0.93.94-11.2
	- openmotif 2.2.3-1.1 (bug #309819; medium)
	[sarge] - openmotif <no-dsa> (Non-free)
CVE-2004-0913 (Unknown vulnerability in ecartis 0.x before ...)
	{DSA-572-1}
	- ecartis 1.0.0+cvs.20030911-8
CVE-2004-0912
	RESERVED
CVE-2004-0911 (telnetd for netkit 0.17 and earlier, and possibly other versions, on ...)
	{DSA-569-1 DSA-556-1}
	- netkit-telnet-ssl 0.17.24+0.1-4
	- netkit-telnet 0.17-26
CVE-2004-0910
	REJECTED
CVE-2004-0909 (Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and ...)
	- mozilla-firefox 0.10.1+1.0PR
	- mozilla 2:1.7.3
	- mozilla-thunderbird 0.8
CVE-2004-0908 (Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and ...)
	- mozilla-firefox 0.10.1+1.0PR
	- mozilla 2:1.7.3
	- mozilla-thunderbird 0.8
CVE-2004-0907 (The Linux install .tar.gz archives for Mozilla Firefox before the ...)
	- mozilla-firefox <not-affected> (non-Debian packaging issue)
CVE-2004-0906 (The XPInstall installer in Mozilla Firefox before the Preview Release, ...)
	- mozilla-firefox 0.10.1+1.0PR
	- mozilla 2:1.7.3
	- mozilla-thunderbird 0.8
CVE-2004-0905 (Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and ...)
	- mozilla-firefox 0.10.1+1.0PR
	- mozilla 2:1.7.3
	- mozilla-thunderbird 0.8
CVE-2004-0904 (Integer overflow in the bitmap (BMP) decoder for Mozilla Firefox ...)
	- mozilla-firefox 0.10.1+1.0PR
	- mozilla 2:1.7.3
	- mozilla-thunderbird 0.8
CVE-2004-0903 (Stack-based buffer overflow in the writeGroup function in ...)
	- mozilla-firefox 0.10.1+1.0PR
	- mozilla 2:1.7.3
	- mozilla-thunderbird 0.8
CVE-2004-0902 (Multiple heap-based buffer overflows in Mozilla Firefox before the ...)
	- mozilla-firefox 0.10.1+1.0PR
	- mozilla 2:1.7.3
	- mozilla-thunderbird 0.8
CVE-2004-0901 (Microsoft Word for Windows 6.0 Converter (MSWRD632.WPC), as used in ...)
	NOT-FOR-US: Microsoft
CVE-2004-0900 (The DHCP Server service for Microsoft Windows NT 4.0 Server and ...)
	NOT-FOR-US: Microsoft
CVE-2004-0899 (The DHCP Server service for Microsoft Windows NT 4.0 Server and ...)
	NOT-FOR-US: Microsoft
CVE-2004-0898
	RESERVED
CVE-2004-0897 (The Indexing Service for Microsoft Windows XP and Server 2003 does not ...)
	NOT-FOR-US: Windows
CVE-2004-0896
	RESERVED
CVE-2004-0895
	RESERVED
CVE-2004-0894 (LSASS (Local Security Authority Subsystem Service) of Windows 2000 ...)
	NOT-FOR-US: Microsoft
CVE-2004-0893 (The Local Procedure Call (LPC) interface of the Windows Kernel for ...)
	NOT-FOR-US: Microsoft
CVE-2004-0892 (Microsoft Proxy Server 2.0 and Microsoft ISA Server 2000 (which is ...)
	NOT-FOR-US: Microsoft
CVE-2004-0891 (Buffer overflow in the MSN protocol handler for gaim 0.79 to 1.0.1 ...)
	- gaim 1:1.0.2
CVE-2004-0890
	REJECTED
CVE-2004-0889 (Multiple integer overflows in xpdf 3.0, and other packages that use ...)
	- xpdf 3.00-10 (medium)
CVE-2004-0888 (Multiple integer overflows in xpdf 2.0 and 3.0, and other packages ...)
	{DSA-599-1 DSA-581-1 DSA-573-1}
	- koffice 1:1.3.4-1
	- tetex-bin 2.0.2-23
	- xpdf 3.00-9
	- gpdf 2.8.0-1
	- kdegraphics 4:3.3.1-1 (bug #280373)
	- cupsys 1.1.22-6 (bug #324460)
	- cups 1.1.22-6 (bug #324460)
	NOTE: cupsys switched to an xpdf-utils wrapper in version 1.1.22-6.
	NOTE: In version 1.1.20final+rc1-10, the dormant code in the source
	NOTE: package was fixed.
CVE-2004-0887 (SUSE Linux Enterprise Server 9 on the S/390 platform does not properly ...)
	{DSA-1018-1}
	- linux-2.6 <not-affected> (Fixed before upload into archive)
	- kernel-source-2.6.8 2.6.8-10
CVE-2004-0886 (Multiple integer overflows in libtiff 3.6.1 and earlier allow remote ...)
	{DSA-567-1}
	- kdegraphics 3.3.2-1
	- tiff 3.6.1-2
CVE-2004-0885 (The mod_ssl module in Apache 2.0.35 through 2.0.52, when using the ...)
	- apache2 2.0.52-2
	- libapache-mod-ssl 2.8.20-1
CVE-2004-0884 (The (1) libsasl and (2) libsasl2 libraries in Cyrus-SASL 2.1.18 and ...)
	{DSA-568-1 DSA-563-3}
	- cyrus-sasl <removed>
	- cyrus-sasl2 2.1.19-1.3 (bug #275431; bug #276865; bug #275432; bug #275553)
CVE-2004-0883 (Multiple vulnerabilities in the samba filesystem (smbfs) in Linux ...)
	{DSA-1082-1 DSA-1070-1 DSA-1069-1 DSA-1067-1}
	- linux-2.6 <not-affected> (Fixed before upload into archive, 2.6.10)
	- kernel-source-2.4.27 2.4.27-6
	[sarge] - kernel-source-2.6.8 2.6.8-13
CVE-2004-0882 (Buffer overflow in the QFILEPATHINFO request handler in Samba 3.0.x ...)
	NOTE: details http://security.e-matters.de/advisories/132004.html
	- samba 3.0.7
CVE-2004-0881 (getmail 4.x before 4.2.0, and other versions before 3.2.5, when run as ...)
	{DSA-553-1}
	- getmail 3.2.5-1
CVE-2004-0880 (getmail 4.x before 4.2.0, when run as root, allows local users to ...)
	{DSA-553-1}
	- getmail 3.2.5-1
CVE-2004-0879
	RESERVED
CVE-2004-0878
	RESERVED
CVE-2004-0877
	RESERVED
CVE-2004-0876
	RESERVED
CVE-2004-0875 (Multiple cross-site scripting (XSS) vulnerabilities in Phpgroupware ...)
	- phpgroupware 0.9.16.002
CVE-2004-0874
	REJECTED
CVE-2004-0873 (Apple iChat AV 2.1, AV 2.0, and 1.0.1 allows remote attackers to ...)
	NOT-FOR-US: apple
CVE-2004-0872 (Opera does not prevent cookies that are sent over an insecure ...)
	NOT-FOR-US: Opera
CVE-2004-0871 (Mozilla does not prevent cookies that are sent over an insecure ...)
	NOTE: upstream knows about the problem, no fix expected
	NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=252342
	NOTE: http://www.securitytracker.com/alerts/2004/Sep/1011331.html
	NOTE: fix doesn't look likely any time soon
CVE-2004-0870 (KDE Konqueror does not prevent cookies that are sent over an insecure ...)
	NOTE: upstream knows about the problem, no fix expected
	NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=252342
	NOTE: http://www.securitytracker.com/alerts/2004/Sep/1011331.html
	NOTE: fix doesn't look likely any time soon
CVE-2004-0869 (Internet Explorer does not prevent cookies that are sent over an ...)
	NOT-FOR-US: MSIE
CVE-2004-0868
	REJECTED
CVE-2004-0867 (Mozilla Firefox 0.9.2 allows web sites to set cookies for ...)
	- mozilla-firefox 0.9.3
CVE-2004-0866 (Internet Explorer 6.0 allows web sites to set cookies for ...)
	NOT-FOR-US: MSIE
CVE-2004-0865
	RESERVED
CVE-2004-0864
	RESERVED
CVE-2004-0863
	RESERVED
CVE-2004-0862
	RESERVED
CVE-2004-0861
	RESERVED
CVE-2004-0860
	RESERVED
CVE-2004-0859
	RESERVED
CVE-2004-0858
	RESERVED
CVE-2004-0857
	RESERVED
CVE-2004-0856
	RESERVED
CVE-2004-0855
	RESERVED
CVE-2004-0854
	RESERVED
CVE-2004-0853
	RESERVED
CVE-2004-0852 (Buffer overflow in htget 0.93 allows remote attackers to execute ...)
	{DSA-611-1}
	- htget <removed>
CVE-2004-0851 (The (1) write_list and (2) dump_curr_list functions in Net-Acct before ...)
	{DSA-559-1}
	- net-acct 0.71-7
CVE-2004-0850 (Star before 1.5_alpha46 does not drop the effective user ID (euid) ...)
	- star 1.5a46
CVE-2004-0849 (Integer overflow in the asn_decode_string() function defined in asn1.c ...)
	NOT-FOR-US: GNU Radius
CVE-2004-0848 (Buffer overflow in Microsoft Office XP allows remote attackers to ...)
	NOT-FOR-US: microsoft
CVE-2004-0847 (The Microsoft .NET forms authentication capability for ASP.NET allows ...)
	NOT-FOR-US: microsoft
CVE-2004-0846 (Unknown vulnerability in Microsoft Excel 2000, 2002, 2001 for Mac, and ...)
	NOT-FOR-US: microsoft
CVE-2004-0845 (Internet Explorer 5.01, 5.5, and 6 does not properly cache SSL ...)
	NOT-FOR-US: microsoft
CVE-2004-0844 (Internet Explorer 6 on Double Byte Character Set (DBCS) systems allows ...)
	NOT-FOR-US: microsoft
CVE-2004-0843 (Internet Explorer 5.5 and 6 does not properly handle plug-in ...)
	NOT-FOR-US: microsoft
CVE-2004-0842 (Internet Explorer 6.0 SP1 and earlier, and possibly other versions, ...)
	NOT-FOR-US: microsoft
CVE-2004-0841 (Internet Explorer 6.x allows remote attackers to install arbitrary ...)
	NOT-FOR-US: microsoft
CVE-2004-0840 (The SMTP (Simple Mail Transfer Protocol) component of Microsoft ...)
	NOT-FOR-US: microsoft
CVE-2004-0839 (Internet Explorer in Windows XP SP2, and other versions including 5.01 ...)
	NOT-FOR-US: microsoft
CVE-2004-0837 (MySQL 4.x before 4.0.21, and 3.x before 3.23.49, allows attackers to ...)
	{DSA-562-2}
	- mysql <removed>
CVE-2004-0836 (Buffer overflow in the mysql_real_connect function in MySQL 4.x before ...)
	{DSA-562-2}
	- mysql <removed>
CVE-2004-0835 (MySQL 3.x before 3.23.59, 4.x before 4.0.19, 4.1.x before 4.1.2, and ...)
	{DSA-562-2}
	- mysql <removed>
CVE-2004-0834 (Format string vulnerability in Speedtouch USB driver before 1.3.1 ...)
	- speedtouch 1.3.1
CVE-2004-0833 (Sendmail before 8.12.3 on Debian GNU/Linux, when using sasl and ...)
	{DSA-554-1}
	- sendmail 8.13.1-13
CVE-2004-0832 (The (1) ntlm_fetch_string and (2) ntlm_get_string functions in Squid ...)
	- squid 2.5.6-8
CVE-2004-0831 (McAfee VirusScan 4.5.1 does not drop SYSTEM privileges before allowing ...)
	NOT-FOR-US: McAfee
CVE-2004-0830 (The Content Scanner Server in F-Secure Anti-Virus for Microsoft ...)
	NOT-FOR-US: Microsoft
CVE-2004-0829 (smbd in Samba before 2.2.11 allows remote attackers to cause a denial ...)
	- samba 2.2.11
CVE-2004-0828 (The ctstrtcasd program in RSCT 2.3.0.0 and earlier on IBM AIX 5.2 and ...)
	NOTE: not-fos-us (AIX)
CVE-2004-0827 (Multiple buffer overflows in the ImageMagick graphics library 5.x ...)
	{DSA-547-1}
	- imagemagick 5:6.0.7.1-1
CVE-2004-0826 (Heap-based buffer overflow in Netscape Network Security Services (NSS) ...)
	NOT-FOR-US: netscape NSS
CVE-2004-0825 (QuickTime Streaming Server in Mac OS X Server 10.2.8, 10.3.4, and ...)
	NOT-FOR-US: Apple
CVE-2004-0824 (PPPDialer for Mac OS X 10.2.8 through 10.3.5 allows local users to ...)
	NOT-FOR-US: Apple
CVE-2004-0823 (OpenLDAP 1.0 through 2.1.19, as used in Apple Mac OS 10.3.4 and 10.3.5 ...)
	NOT-FOR-US: Apple
CVE-2004-0822 (Buffer overflow in The Core Foundation framework ...)
	NOT-FOR-US: Apple
CVE-2004-0821 (The CFPlugIn in Core Foundation framework in Mac OS X allows user ...)
	NOT-FOR-US: Apple
CVE-2004-0820 (Winamp before 5.0.4 allows remote attackers to execute arbitrary ...)
	NOT-FOR-US: winamp
CVE-2004-0819 (The bridge functionality in OpenBSD 3.4 and 3.5, when running a ...)
	NOT-FOR-US: openbsd
CVE-2004-0818
	RESERVED
CVE-2004-0817 (Multiple heap-based buffer overflows in the imlib BMP image handler ...)
	{DSA-548-2}
	- imlib+png2 1.9.14-16.2
	- imlib 1.9.14-17 (bug #285025)
CVE-2004-0816 (Integer underflow in the firewall logging rules for iptables in Linux ...)
	- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.8)
	- kernel-source-2.4.27 <not-affected> (2.6 specific issue)
CVE-2004-0815 (The unix_clean_name function in Samba 2.2.x through 2.2.11, and 3.0.x ...)
	{DSA-600-1}
	- samba 3.0.6-1 (bug #274342)
CVE-2004-0814 (Multiple race conditions in the terminal layer in Linux 2.4.x, and ...)
	- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.9)
	[sarge] - kernel-source-2.6.8 2.6.8-8
	- kernel-source-2.4.27 2.4.27-7
CVE-2004-0813 (Unknown vulnerability in the SG_IO functionality in ide-cd allows ...)
	- linux-2.6 <not-affected> (Fixed before upload into archive, 2.6.10)
	- kernel-source-2.4.27 <not-affected> (Only an issue with botched permissions)
CVE-2004-0812 (Unknown vulnerability in the Linux kernel before 2.4.23, on the AMD ...)
	- linux-2.6 <not-affected> (Fixed before upload into archive, 2.6.0-test10)
	- kernel-source-2.4.27 <not-affected> (2.4 not support for amd64)
CVE-2004-0811 (Unknown vulnerability in Apache 2.0.51 prevents &quot;the merging of the ...)
	- apache2 2.0.52
CVE-2004-0810 (Buffer overflow in Netopia Timbuktu 7.0.3 allows remote attackers to ...)
	NOT-FOR-US: Netopia Timbuktu
CVE-2004-0809 (The mod_dav module in Apache 2.0.50 and earlier allows remote ...)
	{DSA-558-1}
	- apache2 2.0.51-1
	- libapache-mod-dav 1.0.3-10
CVE-2004-0808 (The process_logon_packet function in the nmbd server for Samba 3.0.6 ...)
	- samba 3.0.7
CVE-2004-0807 (Samba 3.0.6 and earlier allows remote attackers to cause a denial of ...)
	- samba 3.0.7
CVE-2004-0806 (cdrecord in the cdrtools package before 2.01, when installed setuid ...)
	- cdrtools 4:2.0+a34-2
CVE-2004-0805 (Buffer overflow in layer2.c in mpg123 0.59r and possibly mpg123 0.59s ...)
	{DSA-564-1}
	- mpg123 0.59r-16
CVE-2004-0804 (Vulnerability in tif_dirread.c for libtiff allows remote attackers to ...)
	{DSA-567-1}
	- kdegraphics 3.3.2-1
	- tiff 3.6.1-2
CVE-2004-0803 (Multiple vulnerabilities in the RLE (run length encoding) decoders for ...)
	{DSA-567-1}
	- kdegraphics 3.3.2-1
	- tiff 3.6.1-2
CVE-2004-0802 (Buffer overflow in the BMP loader in imlib2 before 1.1.2 allows remote ...)
	{DSA-552-1}
	- imlib2 1.1.0-12.4
CVE-2004-0801 (Unknown vulnerability in foomatic-rip in Foomatic before 3.0.2 allows ...)
	- foomatic-filters 3.0.2
CVE-2004-0800 (Format string vulnerability in CDE Mailer (dtmail) on Solaris 8 and 9 ...)
	NOT-FOR-US: Solaris
CVE-2004-0799 (The HTTP daemon in Ipswitch WhatsUp Gold 8.03 and 8.03 Hotfix 1 allows ...)
	NOT-FOR-US: Ipswitch WhatsUp Gold
CVE-2004-0798 (Buffer overflow in the _maincfgret.cgi script for Ipswitch WhatsUp ...)
	NOT-FOR-US: Ipswitch WhatsUp Gold
CVE-2004-0797 (The error handling in the (1) inflate and (2) inflateBack functions in ...)
	- zlib 1:1.2.1.1-6
	[woody] - zlib <not-affected> (zlib 1.1 is not affected)
CVE-2004-0796 (SpamAssassin 2.5x, and 2.6x before 2.64, allows remote attackers to ...)
	- spamassassin 2.64
CVE-2004-0795 (DB2 8.1 remote command server (DB2RCMD.EXE) executes the db2rcmdc.exe ...)
	NOT-FOR-US: IBM DB2 DB2RCMD.EXE
CVE-2004-0794 (Multiple signal handler race conditions in lukemftpd (aka tnftpd ...)
	{DSA-551-1}
	- lukemftpd 1.1-2.2 (bug #266370)
CVE-2004-0793 (The calendar program in bsdmainutils 6.0 through 6.0.14 does not drop ...)
	- bsdmainutils 6.0.15
CVE-2004-0792 (Directory traversal vulnerability in the sanitize_path function in ...)
	{DSA-538}
	- rsync 2.6.2-3
CVE-2004-0791 (Multiple TCP/IP and ICMP implementations allow remote attackers to ...)
	- kernel-source-2.4.27 <not-affected> (Kernel verifies the TCP sequence nr. on errors, will never abort)
	- linux-2.6 <not-affected> (Kernel verifies the TCP sequence nr. on errors, will never abort)
CVE-2004-0790 (Multiple TCP/IP and ICMP implementations allow remote attackers to ...)
	- kernel-source-2.6.8 2.6.8-16 (bug #305664)
	- kernel-source-2.4.27 2.4.27-10 (bug #305664)
CVE-2004-0789 (Multiple implementations of the DNS protocol, including (1) Poslib ...)
	NOT-FOR-US: DNS impleementations not in Debian
CVE-2004-0788 (Integer overflow in the ICO image decoder for (1) gdk-pixbuf before ...)
	{DSA-549-1 DSA-546-1}
	- gtk+2.0 2.4.9-2
	- gdk-pixbuf 0.22.0-7
CVE-2004-0787 (Cross-site scripting (XSS) vulnerability in the web frontend in OpenCA ...)
	NOT-FOR-US: OpenCA
CVE-2004-0786 (The IPv6 URI parsing routines in the apr-util library for Apache ...)
	- apache <not-affected>	(not vulnerable according to http://www.debian.org/security/nonvulns-sarge)
	- apache2 2.0.51
CVE-2004-0785 (Multiple buffer overflows in Gaim before 0.82 allow remote attackers ...)
	- gaim 1:0.82
CVE-2004-0784 (The smiley theme functionality in Gaim before 0.82 allows remote ...)
	- gaim 1:0.82
CVE-2004-0783 (Stack-based buffer overflow in xpm_extract_color (io-xpm.c) in the XPM ...)
	{DSA-549-1}
	- gtk+2.0 2.4.9-2
CVE-2004-0782 (Integer overflow in pixbuf_create_from_xpm (io-xpm.c) in the XPM image ...)
	{DSA-549-1 DSA-546-1}
	- gtk+2.0 2.4.9-2
	- gdk-pixbuf 0.22.0-7
CVE-2004-0781 (Cross-site scripting (XSS) vulnerability in list.cgi in the Icecast ...)
	{DSA-541}
	- icecast-server 1:1.3.12-8
CVE-2004-0780 (Buffer overflow in uustat in Sun Solaris 8 and 9 allows local users to ...)
	NOT-FOR-US: Solaris
CVE-2004-0779 (The (1) Mozilla 1.6, (2) Firebird 0.7 and (3) Firefox 0.8 web browsers ...)
	- mozilla 2:1.7
	- mozilla-firefox 0.9
CVE-2004-0778 (CVS 1.11.x before 1.11.17, and 1.12.x before 1.12.9, allows remote ...)
	- cvs 1:1.12.9
CVE-2004-0777 (Format string vulnerability in the auth_debug function in Courier-IMAP ...)
	- courier 0.45.6-1 (medium; bug #266723)
	NOTE: 0.45.6-1 is the first upload after the debug stuff rewrite
	NOTE: mentioned in the bug report.
CVE-2004-0776
	RESERVED
CVE-2004-0775 (Buffer overflow in WIDCOMM Bluetooth Connectivity Software, as used in ...)
	NOT-FOR-US: Windows
CVE-2004-0774 (RealNetworks Helix Universal Server 9.0.2 for Linux and 9.0.3 for ...)
	NOT-FOR-US: Real Helix server
CVE-2004-0773
	RESERVED
CVE-2004-0772 (Double free vulnerabilities in error handling code in krb524d for MIT ...)
	{DSA-543-1}
	- krb5 1.3.4-3
CVE-2004-0771 (Buffer overflow in the extract_one function from lhext.c in LHA may ...)
	- lha 1.14i-9 (bug #279870)
CVE-2004-0770 (romload.c in DGen Emulator 1.23 and earlier allows local users to ...)
	- dgen 1.23-6
CVE-2004-0769 (Buffer overflow in LHA allows remote attackers to execute arbitrary ...)
	- lha 1.14i-9 (bug #279870)
CVE-2004-0768 (libpng 1.2.5 and earlier does not properly calculate certain buffer ...)
	{DSA-536}
	- libpng 1.0.15-6
	- libpng3 1.2.5.0-7
CVE-2004-0767 (NGSEC StackDefender 1.10 allows attackers to cause a denial of service ...)
	NOT-FOR-US: NGSEC StackDefender
CVE-2004-0766 (NGSEC StackDefender 2.0 allows attackers to cause a denial of service ...)
	NOT-FOR-US: NGSEC StackDefender
CVE-2004-0765 (The cert_TestHostName function in Mozilla before 1.7, Firefox before ...)
	- mozilla 2:1.7
	- mozilla-firefox 0.9
CVE-2004-0764 (Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7, ...)
	- mozilla 2:1.7
	- mozilla-firefox 0.9
CVE-2004-0763 (Mozilla Firefox 0.9.1 and 0.9.2 allows remote web sites to spoof ...)
	- mozilla-firefox 0.9.3
CVE-2004-0762 (Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7, ...)
	- mozilla 2:1.7
	- mozilla-firefox 0.9
CVE-2004-0761 (Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7, ...)
	- mozilla 2:1.7
	- mozilla-firefox 0.9
CVE-2004-0760 (Mozilla allows remote attackers to cause Mozilla to open a URI as a ...)
	- mozilla 2:1.7.2
	- mozilla-firefox 0.9.3
CVE-2004-0759 (Mozilla before 1.7 allows remote web servers to read arbitrary files ...)
	- mozilla 2:1.7
CVE-2004-0758 (Mozilla 1.5 through 1.7 allows a CA certificate to be imported even ...)
	- mozilla 2:1.7.2
	- mozilla-firefox 0.9.3
CVE-2004-0757 (Heap-based buffer overflow in the SendUidl in the POP3 capability for ...)
	- mozilla 2:1.7
	- mozilla-firefox 0.9
CVE-2004-0756
	RESERVED
CVE-2004-0755 (The FileStore capability in CGI::Session for Ruby before 1.8.1, and ...)
	{DSA-537}
	- ruby1.8 1.8.1+1.8.2pre1-4
	- ruby <removed>
CVE-2004-0754 (Integer overflow in Gaim before 0.82 allows remote attackers to cause ...)
	- gaim 1:0.82.1-1
CVE-2004-0753 (The BMP image processor for (1) gdk-pixbuf before 0.22 and (2) gtk2 ...)
	{DSA-546-1}
	- gdk-pixbuf 0.22.0-7
CVE-2004-0752 (OpenOffice (OOo) 1.1.2 creates predictable directory names with ...)
	- openoffice.org 1.1.2-4
CVE-2004-0751 (The char_buffer_read function in the mod_ssl module for Apache 2.x, ...)
	- apache2 2.0.50-11
CVE-2004-0750 (Unknown vulnerability in redhat-config-nfs before 1.0.13, when shares ...)
	NOT-FOR-US: Red Hat specific
CVE-2004-0749 (The mod_authz_svn module in Subversion 1.0.7 and earlier does not ...)
	- subversion 1.0.9-2
CVE-2004-0748 (mod_ssl in Apache 2.0.50 and earlier allows remote attackers to cause ...)
	- apache2 2.0.51
CVE-2004-0747 (Buffer overflow in Apache 2.0.50 and earlier allows local users to ...)
	[sarge] - apache2 <not-affected>
	- apache2 2.0.51
CVE-2004-0746 (Konqueror in KDE 3.2.3 and earlier allows web sites to set cookies for ...)
	[sarge] - kdelibs 4:3.2.3-3.sarge.1
	- kdelibs 4:3.3
CVE-2004-0745 (LHA 1.14 and earlier allows attackers to execute arbitrary commands ...)
	- lha 1.14i-10 (bug #279870)
CVE-2004-0744 (The TCP/IP Networking component in Mac OS X before 10.3.5 allows ...)
	NOT-FOR-US: MacOS
CVE-2004-0743 (Safari in Mac OS X before 10.3.5, after sending form data using the ...)
	NOT-FOR-US: MacOS
CVE-2004-0742 (Sun Java System Portal Server 6.2 (formerly Sun ONE) allows remote ...)
	NOT-FOR-US: Sun Java System Portal Server
CVE-2004-0741 (LionMax Software WWW File Share Pro 2.60 allows remote attackers to ...)
	NOT-FOR-US: LionMax Software WWW File Share Pro
CVE-2004-0740 (The HTTP server in Lexmark T522 and possibly other models allows ...)
	NOT-FOR-US: Lexmark
CVE-2004-0739 (Buffer overflow in Whisper FTP Surfer 1.0.7 allows remote FTP servers ...)
	NOT-FOR-US: Whisper FTP Surfer
CVE-2004-0738 (Multiple SQL injection vulnerabilities in the Search module in ...)
	NOT-FOR-US: phpnuke
CVE-2004-0737 (Multiple cross-site scripting vulnerabilities in index.php in the ...)
	NOT-FOR-US: phpnuke
CVE-2004-0736 (The search module in Php-Nuke allows remote attackers to gain ...)
	NOT-FOR-US: phpnuke
CVE-2004-0735 (Buffer overflow in Medal of Honor (1) Allied Assault 1.11v9 and ...)
	NOT-FOR-US: various windows games
CVE-2004-0734 (Web_Store.cgi allows remote attackers to execute arbitrary commands ...)
	NOT-FOR-US: Web_Store.cgi
CVE-2004-0733 (Format string vulnerability in OllyDbg 1.10 allows remote attackers to ...)
	NOT-FOR-US: OllyDbg
CVE-2004-0732 (SQL injection vulnerability in index.php in the Search module for ...)
	NOT-FOR-US: phpnuke
CVE-2004-0731 (Cross-site scripting (XSS) vulnerability in index.php in the Search ...)
	NOT-FOR-US: phpnuke
CVE-2004-0730 (Multiple cross-site scripting (XSS) vulnerabilities in PhpBB 2.0.8 ...)
	- phpbb2 2.0.10
CVE-2004-0729 (PhpBB 2.0.8 allows remote attackers to gain sensitive information via ...)
	- phpbb2 2.0.10
CVE-2004-0728 (The Remote Control Client service in Microsoft's Systems Management ...)
	NOT-FOR-US: Microsoft
CVE-2004-0727 (Microsoft Internet Explorer 6.0.2800.1106 on Microsoft Windows XP SP2, ...)
	NOT-FOR-US: Microsoft
CVE-2004-0726 (The Windows Media Player control in Microsoft Windows 2000 allows ...)
	NOT-FOR-US: Microsoft
CVE-2004-0725 (Cross-site scripting (XSS) vulnerability in help.php in Moodle 1.3.2 ...)
	- moodle 1.4
CVE-2004-0724 (The Half-Life engine before July 7 2004 allows remote attackers to ...)
	NOT-FOR-US: Half Life
CVE-2004-0723 (Microsoft Java virtual machine (VM) 5.0.0.3810 allows remote attackers ...)
	NOT-FOR-US: Microsoft
CVE-2004-0722 (Integer overflow in the SOAPParameter object constructor in (1) ...)
	- mozilla 2:1.6
CVE-2004-0721 (Konqueror 3.1.3, 3.2.2, and possibly other versions does not properly ...)
	[sarge] - kdebase 4:3.2.3-1.sarge.1
	[sarge] - kdelibs 4:3.2.3-3.sarge.1
	- kdelibs 4:3.3.0-1
	- kdebase 4:3.3.0-1
CVE-2004-0720 (Safari 1.2.2 does not properly prevent a frame in one domain from ...)
	NOT-FOR-US: Safari
CVE-2004-0719 (Internet Explorer for Mac 5.2.3, Internet Explorer 6 on Windows XP, ...)
	NOT-FOR-US: Microsoft
CVE-2004-0718 (The (1) Mozilla 1.6, (2) Firebird 0.7, (3) Firefox 0.8, and (4) ...)
	{DSA-810-1 DSA-777-1 DSA-775-1 DTSA-7-1 DTSA-8-2 DTSA-14-1}
	NOTE: This has been fixed in mozilla-firefox 0.8 and mozilla 1.6, but recent
	NOTE: upstream versions became vulnerable again, see
	NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=296850
	NOTE: and were fixed again, it got CVE-2005-1937 for the reversion
	- mozilla 2:1.7.10-1 (medium)
	- mozilla-firefox 1.0.6-1 (medium)
CVE-2004-0717 (Opera 7.51 for Windows and 7.50 for Linux does not properly prevent a ...)
	NOT-FOR-US: opera 7.50
CVE-2004-0716 (Buffer overflow in the DCE daemon (DCED) for the DCE endpoint mapper ...)
	NOT-FOR-US: HP-UX
CVE-2004-0715 (The WebLogic Authentication provider for BEA WebLogic Server and ...)
	NOT-FOR-US: BEA WebLogic Server and WebLogic Express
CVE-2004-0714 (Cisco Internetwork Operating System (IOS) 12.0S through 12.3T attempts ...)
	NOT-FOR-US: Cisco
CVE-2004-0713 (The remove method in a stateful Enterprise JavaBean (EJB) in BEA ...)
	NOT-FOR-US: BEA WebLogic Server and WebLogic Express
CVE-2004-0712 (The configuration tools (1) config.sh in Unix or (2) config.cmd in ...)
	NOT-FOR-US: BEA WebLogic Server
CVE-2004-0711 (The URL pattern matching feature in BEA WebLogic Server 6.x matches ...)
	NOT-FOR-US: BEA WebLogic Server
CVE-2004-0710 (IP Security VPN Services Module (VPNSM) in Cisco Catalyst 6500 Series ...)
	NOT-FOR-US: Cisco
CVE-2004-0709 (HP OpenView Select Access 5.0 through 6.0 does not correctly decode ...)
	NOT-FOR-US: HP OpenView Select Access
CVE-2004-0708 (MoinMoin 1.2.1 and earlier allows remote attackers to gain privileges ...)
	- moin 1.2.2
CVE-2004-0707 (SQL injection vulnerability in editusers.cgi in Bugzilla 2.16.x before ...)
	- bugzilla 2.16.7-0.1
CVE-2004-0706 (Bugzilla 2.17.5 through 2.17.7 embeds the password in an image URL, ...)
	[woody] - bugzilla <not-affected> (Only 2.17.* versions are vulnerable)
	[sarge] - bugzilla <not-affected> (Only 2.17.* versions are vulnerable)
	- bugzilla 2.18-1
CVE-2004-0705 (Multiple cross-site scripting (XSS) vulnerabilities in (1) ...)
	- bugzilla 2.16.7-0.1
CVE-2004-0704 (Unknown vulnerability in (1) duplicates.cgi and (2) buglist.cgi in ...)
	- bugzilla 2.16.7-0.1
CVE-2004-0703 (Unknown vulnerability in the administrative controls in Bugzilla ...)
	[woody] - bugzilla <not-affected> (Only 2.17.* versions are vulnerable)
	[sarge] - bugzilla <not-affected> (Only 2.17.* versions are vulnerable)
	- bugzilla 2.18-1
CVE-2004-0702 (DBI in Bugzilla 2.17.1 through 2.17.7 displays the database password ...)
	[woody] - bugzilla <not-affected> (Only 2.17.* versions are vulnerable)
	[sarge] - bugzilla <not-affected> (Only 2.17.* versions are vulnerable)
	- bugzilla 2.18-1
CVE-2004-0701 (Sun Ray Server Software (SRSS) 1.3 and 2.0 for Solaris 2.6, 7 and 8 ...)
	NOT-FOR-US: Solaris
CVE-2004-0700 (Format string vulnerability in the mod_proxy hook functions function ...)
	{DSA-532}
	- libapache-mod-ssl 2.8.19-1
CVE-2004-0699 (Heap-based buffer overflow in ASN.1 decoding library in Check Point ...)
	NOT-FOR-US: Check Point VPN
CVE-2004-0698 (4D WebSTAR 5.3.2 and earlier allows local users to read and modify ...)
	NOT-FOR-US: WebSTAR
CVE-2004-0697 (Unknown vulnerability in 4D WebSTAR 5.3.2 and earlier allows remote ...)
	NOT-FOR-US: WebSTAR
CVE-2004-0696 (The ShellExample.cgi script in 4D WebSTAR 5.3.2 and earlier allows ...)
	NOT-FOR-US: WebSTAR
CVE-2004-0695 (Stack-based buffer overflow in the FTP service for 4D WebSTAR 5.3.2 ...)
	NOT-FOR-US: WebSTAR
CVE-2004-0694
	RESERVED
	- lha 1.14i-10 (bug #279870)
CVE-2004-0693 (The GIF parser in the QT library (qt3) before 3.3.3 allows remote ...)
	{DSA-542-1}
	- qt-x11-free 3:3.3.3-4
	- qt-copy <removed>
CVE-2004-0692 (The XPM parser in the QT library (qt3) before 3.3.3 allows remote ...)
	{DSA-542-1}
	- qt-x11-free 3:3.3.3-4
	- qt-copy <removed>
CVE-2004-0691 (Heap-based buffer overflow in the BMP image format parser for the QT ...)
	{DSA-542-1}
	- qt-x11-free 3:3.3.3-4
	- qt-copy <removed>
CVE-2004-0690 (The DCOPServer in KDE 3.2.3 and earlier allows local users to gain ...)
	[sarge] - kdelibs 4:3.2.3-3.sarge.1
	- kdelibs 4:3.3.0-1
CVE-2004-0689 (KDE before 3.3.0 does not properly handle when certain symbolic links ...)
	{DSA-539}
	- kdelibs 4:3.3.0-1
CVE-2004-0688 (Multiple integer overflows in (1) the xpmParseColors function in ...)
	{DSA-561-1 DSA-560-1}
	NOTE: Matej Vela has checked that these are backported to lesstif1 as well
	- lesstif1-1 1:0.93.94-10
	- openmotif 2.2.3-1.1 (bug #308819; low)
	[sarge] - openmotif <no-dsa> (Non-free)
	- xfree86 4.3.0.dfsg.1-8
	- xorg-x11 <not-affected> (Fixed before introduction into archive)
CVE-2004-0687 (Multiple stack-based buffer overflows in (1) xpmParseColors in ...)
	{DSA-561-1 DSA-560-1}
	NOTE: Matej Vela has checked that these are backported to lesstif1 as well
	- lesstif1-1 1:0.93.94-10
	- openmotif 2.2.3-1.1 (bug #308819; low)
	[sarge] - openmotif <no-dsa> (Non-free)
	- xfree86 4.3.0.dfsg.1-8
	- xorg-x11 <not-affected> (Fixed before introduction into archive)
CVE-2004-0686 (Buffer overflow in Samba 2.2.x to 2.2.9, and 3.0.0 to 3.0.4, when the ...)
	- samba 3.0.5 (bug #260839; bug #260838)
CVE-2004-0685 (Certain USB drivers in the Linux 2.4 kernel use the copy_to_user ...)
	{DSA-1082-1 DSA-1070-1 DSA-1069-1 DSA-1067-1}
	- kernel-source-2.4.27 2.4.27-1
CVE-2004-0684 (WebSphere Edge Component Caching Proxy in WebSphere Edge Server 5.02, ...)
	NOT-FOR-US: WebSphere Edge Server
CVE-2004-0683 (Symantec Norton AntiVirus 2002 and 2003 allows remote attackers to ...)
	NOT-FOR-US: Norton
CVE-2004-0682 (comersus_gatewayPayPal.asp in Comersus Cart 5.09, and possibly other ...)
	NOT-FOR-US: Comersus Cart
CVE-2004-0681 (Multiple cross-site scripting (XSS) vulnerabilities in (1) ...)
	NOT-FOR-US: Comersus Cart
CVE-2004-0680 (Zoom X3 ADSL modem has a terminal running on port 254 that can be ...)
	NOT-FOR-US: Zoom DSL modem
CVE-2004-0679 (The IP cloaking feature (cloak.c) in UnrealIRCd 3.2, and possibly ...)
	NOT-FOR-US: UnrealIRCd
CVE-2004-0678 (Cross-site scripting (XSS) in one2planet.infolet.InfoServlet in ...)
	NOT-FOR-US: 12Planet Chat Server
CVE-2004-0677 (Fastream NETFile FTP Server 6.7.2.1085 and earlier allows remote ...)
	NOT-FOR-US: Fastream NETFile FTP Server
CVE-2004-0676 (Directory traversal vulnerability in Fastream NETFile FTP/Web Server ...)
	NOT-FOR-US: Fastream NETFile FTP Server
CVE-2004-0675 (Cross-site scripting (XSS) vulnerability in (1) cart32.exe or (2) ...)
	NOT-FOR-US: c32web.exe
CVE-2004-0674 (Enterasys XSR-1800 series Security Routers, when running firmware ...)
	NOT-FOR-US: Enterasys XSR-1800 series Security Routers
CVE-2004-0673 (Cross-site scripting (XSS) vulnerability in SCI Photo Chat Server ...)
	NOT-FOR-US: SCI Photo Chat Server
CVE-2004-0672 (Multiple cross-site scripting (XSS) vulnerabilities in the primary and ...)
	NOT-FOR-US: Netegrity IdentityMinder Web Edition
CVE-2004-0671 (Brightmail Spamfilter 6.0 and earlier beta releases allows remote ...)
	NOT-FOR-US: Brightmail Spamfilter
CVE-2004-0670 (Prestige 650HW-31 running Rompager 4.7 software allows remote ...)
	NOT-FOR-US: Rompager
CVE-2004-0669 (Lotus Domino 6.5.0 and 6.5.1, with IMAP enabled, allows remote ...)
	NOT-FOR-US: Lotus
CVE-2004-0668 (Web Access in Lotus Domino 6.5.1 allows remote attackers to cause a ...)
	NOT-FOR-US: Lotus
CVE-2004-0667 (Rule Set Based Access Control (RSBAC) 1.2.2 through 1.2.3 allows ...)
	NOTE: kernel-patch-adamantix contain the RSBAC patch v1.2.2 and is vulnerable.
	- kernel-patch-adamantix 1.6
CVE-2004-0666 (Off-by-one error in the POP3_readmsg function in popclient 3.0b6 ...)
	NOT-FOR-US: popclient
CVE-2004-0665 (csFAQ.cgi in csFAQ allows remote attackers to gain sensitive ...)
	NOT-FOR-US: csFAQ
CVE-2004-0664 (Directory traversal vulnerability in modules.php in PowerPortal 1.x ...)
	NOT-FOR-US: PowerPortal
CVE-2004-0663 (Cross-site scripting (XSS) vulnerability in modules.php in PowerPortal ...)
	NOT-FOR-US: PowerPortal
CVE-2004-0662 (PowerPortal 1.x allows remote attackers to gain sensitive information ...)
	NOT-FOR-US: PowerPortal
CVE-2004-0661 (Integer signedness error in D-Link AirPlus DI-614+ running firmware ...)
	NOT-FOR-US: D-Link AirPlus DI-614+
CVE-2004-0660 (Cross-site scripting (XSS) vulnerability in (1) show_archives.php, (2) ...)
	NOT-FOR-US: CuteNews
CVE-2004-0659 (Buffer overflow in TranslateFilename for common.c in MPlayer 1.0pre4 ...)
	- mplayer <not-affected> (fixed before upload in archive; 1.0pre5)
CVE-2004-0658 (Integer overflow in the hpsb_alloc_packet function (incorrectly ...)
	- linux-2.6 <not-affected> (Invalid, according to Ben Collins)
	- kernel-source-2.4.27 <not-affected> (Invalid, according to Ben Collins)
CVE-2004-0657 (Integer overflow in the NTP daemon (NTPd) before 4.0 causes the NTP ...)
	- ntp 4.0
CVE-2004-0656 (The accept_client function in PureFTPd 1.0.18 and earlier allows ...)
	- pure-ftpd 1.0.19-1
CVE-2004-0655 (eupdatedb in esearch 0.6.1 and earlier allows local users to create ...)
	NOT-FOR-US: Gentoo specific
CVE-2004-0654 (Unknown vulnerability in the Basic Security Module (BSM), when ...)
	NOT-FOR-US: Solaris
CVE-2004-0653 (Solaris 9, when configured as a Kerberos client with patch 112908-12 ...)
	NOT-FOR-US: Solaris
CVE-2004-0652 (BEA WebLogic Server and WebLogic Express 7.0 through 7.0 Service Pack ...)
	NOT-FOR-US: BEA WebLogic Server and WebLogic Express
CVE-2004-0651 (Unknown vulnerability in Sun Java Runtime Environment (JRE) 1.4.2 ...)
	NOT-FOR-US: Sun JRE
CVE-2004-0650 (UploadServlet in Cisco Collaboration Server (CCS) running ServletExec ...)
	NOT-FOR-US: Cisco
CVE-2004-0649 (Buffer overflow in write_packet in control.c for l2tpd may allow ...)
	{DSA-530}
	- l2tpd 0.70-pre20031121-2
CVE-2004-0648 (Mozilla (Suite) before 1.7.1, Firefox before 0.9.2, and Thunderbird ...)
	- mozilla 2:1.7.1
	- mozilla-firefox 0.9.2
	- mozilla-thunderbird 0.7.2
CVE-2004-0647 (shorewall 1.4.10c and earlier, and 2.0.x before 2.0.3a, allows local ...)
	- shorewall 2.0.3a
CVE-2004-0646 (Buffer overflow in the WriteToLog function for JRun 3.0 through 4.0 ...)
	NOT-FOR-US: JRun
CVE-2004-0645 (Buffer overflow in the wvHandleDateTimePicture function in wv library ...)
	{DSA-579-1 DSA-550-1}
	- abiword 2.0.8
	- wv 1.0.2-0.1 (bug #264972)
	NOTE: fixed version of abiword based on http://xforce.iss.net/xforce/xfdb/16660
CVE-2004-0644 (The asn1buf_skiptail function in the ASN.1 decoder library for MIT ...)
	{DSA-543-1}
	- krb5 1.3.4-3
CVE-2004-0643 (Double free vulnerability in the krb5_rd_cred function for MIT ...)
	{DSA-543-1}
	- krb5 1.3.4-3
CVE-2004-0642 (Double free vulnerabilities in the error handling code for ASN.1 ...)
	{DSA-543-1}
	- krb5 1.3.4-3
CVE-2004-0641 (Thomson SpeedTouch 510 ADSL Router with firmware GV8BAA3.270, and ...)
	NOT-FOR-US: Thomson hardware ADSL router
CVE-2004-0640 (Format string vulnerability in the SSL_set_verify function in ...)
	{DSA-529}
	- netkit-telnet-ssl 0.17.24+0.1-2
CVE-2004-0639 (Multiple cross-site scripting (XSS) vulnerabilities in Squirrelmail ...)
	{DSA-535}
	- squirrelmail 2:1.4.3a-0.1
CVE-2004-0638 (Buffer overflow in the KSDWRTB function in the dbms_system package ...)
	NOT-FOR-US: Oracle
CVE-2004-0637 (Oracle Database Server 8.1.7.4 through 9.2.0.4 allows local users to ...)
	NOT-FOR-US: Oracle
CVE-2004-0636 (Buffer overflow in the goaway function in the aim:goaway URI handler ...)
	NOT-FOR-US: AOL Instant Messenger
CVE-2004-0635 (The SNMP dissector in Ethereal 0.8.15 through 0.10.4 allows remote ...)
	{DSA-528}
	- ethereal 0.10.5-1
CVE-2004-0634 (The SMB SID snooping capability in Ethereal 0.9.15 to 0.10.4 allows ...)
	- ethereal 0.10.5
	[woody] - ethereal <not-affected> (Not vulnerable according to DSA-528)
CVE-2004-0633 (The iSNS dissector for Ethereal 0.10.3 through 0.10.4 allows remote ...)
	- ethereal 0.10.5
	[woody] - ethereal <not-affected> (Not vulnerable according to DSA-528)
CVE-2004-0632 (Adobe Reader 6.0 does not properly handle null characters when ...)
	NOT-FOR-US: adobe reader
CVE-2004-0631 (Buffer overflow in the uudecoding feature for Adobe Acrobat Reader ...)
	NOT-FOR-US: adobe acrobat
CVE-2004-0630 (The uudecoding feature in Adobe Acrobat Reader 5.0.5 and 5.0.6 for ...)
	NOT-FOR-US: adobe acrobat
CVE-2004-0629 (Buffer overflow in the ActiveX component (pdf.ocx) for Adobe Acrobat ...)
	NOT-FOR-US: adobe acrobat
CVE-2004-0628 (Stack-based buffer overflow in MySQL 4.1.x before 4.1.3, and 5.0, ...)
	- mysql <not-affected> (Apparently 3.2 not exploitable, see #330164)
	- mysql-dfsg <not-affected> (Apparently 4.0 not exploitable, see #330164)
	- mysql-dfsg-4.1 <not-affected> (fixed before first upload; in 4.1.3)
	- mysql-dfsg-5.0 <not-affected> (fixed before first upload; in 5.0.0)
CVE-2004-0627 (The check_scramble_323 function in MySQL 4.1.x before 4.1.3, and 5.0, ...)
	- mysql <not-affected> (Apparently 3.2 not exploitable, see #330164)
	- mysql-dfsg <not-affected> (Apparently 4.0 not exploitable, see #330164)
	- mysql-dfsg-4.1 4.1.11a-1 (bug #330164; bug #380507; medium)
	- mysql-dfsg-5.0 <not-affected> (Was fixed before MySQL 5.0 was uploaded into the archive)
CVE-2004-0626 (The tcp_find_option function of the netfilter subsystem in Linux ...)
	[sarge] - kernel-source-2.6.8 2.6.8-1
	- kernel-source-2.4.27 <not-affected>
	- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.8)
CVE-2004-0625 (SQL injection vulnerability in Infinity WEB 1.0 allows remote ...)
	NOT-FOR-US: Infinity WEB
CVE-2004-0624 (PHP remote file inclusion vulnerability in index.php for Artmedic ...)
	NOT-FOR-US: Artmedic links
CVE-2004-0623 (Format string vulnerability in misc.c in GNU GNATS 4.00 may allow ...)
	{DSA-590-1}
	- gnats 4.0-6.1
CVE-2004-0622 (Apple Mac OS X 10.3.4, 10.4, 10.5, and possibly other versions does ...)
	NOT-FOR-US: MacOS
CVE-2004-0621 (admin.php in Newsletter ZWS allows remote attackers to gain ...)
	NOT-FOR-US: Newsletter ZWS
CVE-2004-0620 (Cross-site scripting (XSS) vulnerability in (1) newreply.php or (2) ...)
	NOT-FOR-US: vBulletin
CVE-2004-0619 (Integer overflow in the ubsec_keysetup function for Linux Broadcom ...)
	NOT-FOR-US: Linux Broadcom 5820 cryptonet driver
	NOTE: does not seem to be part of linux kernel or other package
CVE-2004-0618 (FreeBSD 5.1 for the Alpha processor allows local users to cause a ...)
	NOT-FOR-US: freebsd
CVE-2004-0617 (Cross-site scripting (XSS) vulnerability in ArbitroWeb 0.6 allows ...)
	NOT-FOR-US: ArbitroWeb
CVE-2004-0616 (The BT Voyager 2000 Wireless ADSL Router has a default public SNMP ...)
	NOT-FOR-US: BT Voyager 2000 Wireless ADSL Router
CVE-2004-0615 (Cross-site scripting (XSS) vulnerability in D-Link DI-614+ SOHO router ...)
	NOT-FOR-US: D-Link DI-614+ SOHO router
CVE-2004-0614 (osTicket trusts a hidden form field in the submit form to limit the ...)
	NOT-FOR-US: osTicket
CVE-2004-0613 (osTicket allows remote attackers to view sensitive uploaded files and ...)
	NOT-FOR-US: osTicket
CVE-2004-0612 (The Mobile Code filter in ZoneAlarm Pro 5.0.590.015 does not filter ...)
	NOT-FOR-US: ZoneAlarm Pro
CVE-2004-0611 (Web-Based Administration in Netgear FVS318 VPN Router allows remote ...)
	NOT-FOR-US: Netgear FVS318 VPN Router
CVE-2004-0610 (The Web administration interface in Microsoft MN-500 Wireless Router ...)
	NOT-FOR-US: Microsoft MN-500 Wireless Router
CVE-2004-0609 (rssh 2.0 through 2.1.x expands command line arguments before entering ...)
	- rssh 2.2.1
CVE-2004-0608 (The Unreal Engine, as used in DeusEx 1.112fm and earlier, Devastation ...)
	NOT-FOR-US: Unreal Engine
CVE-2004-0607 (The eay_check_x509cert function in KAME Racoon successfully verifies ...)
	- ipsec-tools 0.3.3-1
CVE-2004-0606 (Cross-site scripting (XSS) vulnerability in Infoblox DNS One running ...)
	NOT-FOR-US: Infoblox DNS One
CVE-2004-0605 (Non-registered IRC users using (1) ircd-hybrid 7.0.1 and earlier, (2) ...)
	NOTE: Dossibly fixed in ircd-hybrid 7.0.2: "fixed flood limit bug".
CVE-2004-0604 (The HTTP client and server in giFT-FastTrack 0.8.6 and earlier allows ...)
	NOT-FOR-US: giFT-FastTrack not in debian
CVE-2004-0603 (gzexe in gzip 1.3.3 and earlier will execute an argument when the ...)
	- gzip <not-affected> (Gentoo-specific bug in gzip introduced by botched security fix)
CVE-2004-0602 (The binary compatibility mode for FreeBSD 4.x and 5.x does not ...)
	NOT-FOR-US: FreeBSD
CVE-2004-0601 (distcc before 2.16, when running on 64-bit platforms, does not ...)
	- distcc 2.18.1-4
CVE-2004-0600 (Buffer overflow in the Samba Web Administration Tool (SWAT) in Samba ...)
	- samba 3.0.5 (bug #260838)
CVE-2004-0599 (Multiple integer overflows in the (1) png_read_png in pngread.c or (2) ...)
	{DSA-571-1 DSA-570-1 DSA-536}
	- libpng 1.0.15-6
	- libpng3 1.2.5.0-7
CVE-2004-0598 (The png_handle_iCCP function in libpng 1.2.5 and earlier allows remote ...)
	{DSA-536}
	- libpng 1.0.15-6
	- libpng3 1.2.5.0-7
CVE-2004-0597 (Multiple buffer overflows in libpng 1.2.5 and earlier, as used in ...)
	{DSA-536}
	- libpng 1.0.15-6
	- libpng3 1.2.5.0-7
CVE-2004-0596 (The Equalizer Load-balancer for serial network interfaces (eql.c) in ...)
	- linux-2.6 <not-affected> (Fixed before upload into archive)
CVE-2004-0595 (The strip_tags function in PHP 4.x up to 4.3.7, and 5.x up to ...)
	{DSA-669-1 DSA-531}
	- php3 3:3.0.18-27
	- php4 4:4.3.8-1
CVE-2004-0594 (The memory_limit functionality in PHP 4.x up to 4.3.7, and 5.x up to ...)
	{DSA-669-1 DSA-531}
	- php4 4:4.3.8-1
CVE-2004-0593 (Sygate Enforcer 3.5MR1 and earlier passes broadcast traffic before ...)
	NOT-FOR-US: Sygate Enforcer
CVE-2004-0592 (The tcp_find_option function of the netfilter subsystem for IPv6 in ...)
	NOT-FOR-US: linux 2.4 with usagi patches
CVE-2004-0591 (Cross-site scripting (XSS) vulnerability in the print_header_uc ...)
	{DSA-533}
	- courier 0.45.4-4
CVE-2004-0590 (FreeS/WAN 1.x and 2.x, and other related products including ...)
	- freeswan 2.04-10
	- openswan 2.2.0
CVE-2004-0589 (Cisco IOS 11.1(x) through 11.3(x) and 12.0(x) through 12.2(x), when ...)
	NOT-FOR-US: Cisco
CVE-2004-0588 (Cross-site scripting (XSS) vulnerability in the web mail module for ...)
	- usermin 1.090-1
CVE-2004-0587 (Insecure permissions for the /proc/scsi/qla2300/HbaApiNode file in ...)
	- qla2x00 7.01.01-1
CVE-2004-0586 (acpRunner ActiveX 1.2.5.0 allows remote attackers to execute arbitrary ...)
	NOT-FOR-US: Windows
CVE-2004-0585
	REJECTED
CVE-2004-0584 (Unknown vulnerability in Horde IMP 3.2.3 and earlier, before a ...)
	- imp3 3.2.4
CVE-2004-0583 (The account lockout functionality in (1) Webmin 1.140 and (2) Usermin ...)
	{DSA-526}
	- usermin 1.090-1
	- webmin 1.150-1
CVE-2004-0582 (Unknown vulnerability in Webmin 1.140 allows remote attackers to ...)
	{DSA-526}
	- usermin 1.090-1
	- webmin 1.150-1
CVE-2004-0581 (ksymoops-gznm script in Mandrake Linux 9.1 through 10.0, and Corporate ...)
	NOT-FOR-US: Mandrake script
CVE-2004-0580 (DHCP on Linksys BEFSR11, BEFSR41, BEFSR81, and BEFSRU31 Cable/DSL ...)
	NOT-FOR-US: Linksys routers
CVE-2004-0579 (Format string vulnerability in super before 3.23 allows local users to ...)
	{DSA-522}
	- super 3.23.0-1
CVE-2004-0578 (WinGate 5.2.3 build 901 and 6.0 beta 2 build 942, and other versions ...)
	NOT-FOR-US: Wingate
CVE-2004-0577 (WinGate 5.2.3 build 901 and 6.0 beta 2 build 942, and other versions ...)
	NOT-FOR-US: Wingate
CVE-2004-0576 (The radius daemon (radiusd) for GNU Radius 1.1, when compiled with the ...)
	NOT-FOR-US: GNU radius
CVE-2004-0575 (Integer overflow in DUNZIP32.DLL for Microsoft Windows XP, Windows XP ...)
	NOT-FOR-US: Windows
CVE-2004-0574 (The Network News Transfer Protocol (NNTP) component of Microsoft ...)
	NOT-FOR-US: Windows
CVE-2004-0573 (Buffer overflow in the converter for Microsoft WordPerfect 5.x on ...)
	NOT-FOR-US: Windows
CVE-2004-0572 (Buffer overflow in the Windows Program Group Converter (grpconv.exe) ...)
	NOT-FOR-US: Windows
CVE-2004-0571 (Microsoft Word for Windows 6.0 Converter does not properly validate ...)
	NOT-FOR-US: Microsoft
CVE-2004-0570
	RESERVED
CVE-2004-0569 (The RPC Runtime Library for Microsoft Windows NT 4.0 allows remote ...)
	NOT-FOR-US: Windows
CVE-2004-0568 (HyperTerminal application for Windows NT 4.0, Windows 2000, Windows ...)
	NOT-FOR-US: HyperTerminal
CVE-2004-0567 (The Windows Internet Naming Service (WINS) in Windows NT Server 4.0 SP ...)
	NOT-FOR-US: Windows
CVE-2004-0566 (Integer overflow in imgbmp.cxx for Windows 2000 allows remote ...)
	NOT-FOR-US: Windows
CVE-2004-0565 (Floating point information leak in the context switch code for Linux ...)
	{DSA-1082-1 DSA-1070-1 DSA-1069-1 DSA-1067-1}
	- kernel-source-2.4.27 2.4.27-1
	- linux-2.6 <not-affected> (fixed before first upload)
CVE-2004-0564 (Roaring Penguin pppoe (rp-ppoe), if installed or configured to run ...)
	{DSA-557-1}
	- rp-pppoe 3.5-4 (bug #343264)
CVE-2004-0563 (The tspc.conf configuration file in freenet6 before 0.9.6 and before ...)
	{DSA-555-1}
	- freenet6 1.0-2.2
CVE-2004-0562
	RESERVED
CVE-2004-0561 (Format string vulnerability in the log routine for gopher daemon ...)
	{DSA-638-1}
	- gopher 3.0.6
	NOTE: removed, deprecated in favor of pygopherd
CVE-2004-0560 (Integer overflow in gopher daemon (gopherd) 3.0.3 allows remote ...)
	{DSA-638-1}
	- gopher 3.0.6
	NOTE: removed, deprecated in favor of pygopherd
CVE-2004-0559 (The maketemp.pl script in Usermin 1.070 and 1.080 allows local users ...)
	{DSA-544-1}
	- webmin 1.160-1
	- usermin 1.090-1
CVE-2004-0558 (The Internet Printing Protocol (IPP) implementation in CUPS before ...)
	{DSA-545-1}
	- cups 1.1.20final+rc1-6
	- cupsys 1.1.20final+rc1-6
CVE-2004-0557 (Multiple buffer overflows in the st_wavstartread function in wav.c for ...)
	{DSA-565-1}
	- sox 12.17.4-9 (bug #262083)
CVE-2004-0556
	RESERVED
CVE-2004-0555 (Buffer overflow in (1) queue.c and (2) queued.c in queue before 1.30.1 ...)
	{DSA-643-1}
	- queue 1.30.1-5
CVE-2004-0554 (Linux kernel 2.4.x and 2.6.x for x86 allows local users to cause a ...)
	{DSA-1082-1 DSA-1070-1 DSA-1069-1 DSA-1067-1}
	- kernel-source-2.4.27 2.4.27-1
	- linux-2.6 2.6.12-1 (bug #261521)
CVE-2004-0553
	RESERVED
CVE-2004-0552 (Sophos Small Business Suite 1.00 on Windows does not properly handle ...)
	NOT-FOR-US: Sophos Small Business Suite
CVE-2004-0551 (Cisco CatOS 5.x before 5.5(20) through 8.x before 8.2(2) and ...)
	NOT-FOR-US: Cisco
CVE-2004-0550 (Buffer overflow in Real Networks RealPlayer 10 allows remote attackers ...)
	NOT-FOR-US: Real Player
CVE-2004-0549 (The WebBrowser ActiveX control, or the Internet Explorer HTML ...)
	NOT-FOR-US: Windows
CVE-2004-0548 (Multiple stack-based buffer overflows in the word-list-compress ...)
	- aspell 0.50.5-3
CVE-2004-0547 (Buffer overflow in the ODBC driver for PostgreSQL before 7.2.1 allows ...)
	{DSA-516}
	- postgresql 07.03.0200-3
CVE-2004-0546
	RESERVED
CVE-2004-0545 (LVM for AIX 5.1 and 5.2 allows local users to overwrite arbitrary ...)
	NOT-FOR-US: AIX
CVE-2004-0544 (Multiple buffer overflows in LVM for AIX 5.1 and 5.2 allow local users ...)
	NOT-FOR-US: AIX
CVE-2004-0543 (Multiple SQL injection vulnerabilities in Oracle Applications 11.0 and ...)
	NOT-FOR-US: Oracle
CVE-2004-0542 (PHP before 4.3.7 on Win32 platforms does not properly filter all shell ...)
	- php4 <not-affected> (Only affects Windows)
CVE-2004-0541 (Buffer overflow in the ntlm_check_auth (NTLM authentication) function ...)
	- squid 2.5.5-5
CVE-2004-0540 (Microsoft Windows 2000, when running in a domain whose Fully Qualified ...)
	NOT-FOR-US: Windows
CVE-2004-0539 (The &quot;Show in Finder&quot; button in the Safari web browser in Mac OS X ...)
	NOT-FOR-US: MacOS
CVE-2004-0538 (LaunchServices in Mac OS X 10.3.4 and 10.2.8 automatically registers ...)
	NOT-FOR-US: MacOS
CVE-2004-0537 (Opera 7.50 and earlier allows remote web sites to provide a &quot;Shortcut ...)
	NOT-FOR-US: Opera
CVE-2004-0536 (Format string vulnerability in Tripwire commercial 4.0.1 and earlier, ...)
	- tripwire 2.3.1.2.0-2.1
CVE-2004-0535 (The e1000 driver for Linux kernel 2.4.26 and earlier does not properly ...)
	- kernel-source-2.4.27 2.4.27-1
	- linux-2.6 <not-affected> (fixed before first upload; 2.6.6)
CVE-2004-0534 (Cross-site scripting (XSS) vulnerability in Business Objects InfoView ...)
	NOT-FOR-US: Business Objects WebIntelligence
CVE-2004-0533 (Business Objects WebIntelligence 2.7.0 through 2.7.4 only enforces ...)
	NOT-FOR-US: Business Objects WebIntelligence
CVE-2004-0532
	RESERVED
CVE-2004-0531
	RESERVED
CVE-2004-0530 (The PHP package in Slackware 8.1, 9.0, and 9.1, when linked against a ...)
	- php4 <not-affected> (Slackware specific rpath issue)
CVE-2004-0529 (The modified suexec program in cPanel, when configured for mod_php and ...)
	NOT-FOR-US: cPanel is not our cpanel
CVE-2004-0528 (Netscape Navigator 7.1 allows remote attackers to spoof a legitimate ...)
	NOT-FOR-US: Netscape Navigator 7.1
CVE-2004-0527 (KDE Konqueror 2.1.1 and 2.2.2 allows remote attackers to spoof a ...)
	- kdebase 2.2.3
CVE-2004-0526 (Unknown versions of Internet Explorer and Outlook allow remote ...)
	NOT-FOR-US: Windows
CVE-2004-0525 (HP Integrated Lights-Out (iLO) 1.10 and other versions before 1.55 ...)
	NOT-FOR-US: iLO
CVE-2004-0524 (Buffer overflow in the chpasswd command in the Change_passwd plugin ...)
	NOT-FOR-US: Change_passwd SquirrelMail plugin not present in debian
CVE-2004-0523 (Multiple buffer overflows in krb5_aname_to_localname for MIT Kerberos ...)
	{DSA-520}
	- krb5 1.3.3-2
CVE-2004-0522 (Gallery 1.4.3 and earlier allows remote attackers to bypass ...)
	{DSA-512}
	- gallery 1.4.3-pl2-1
CVE-2004-0521 (SQL injection vulnerability in SquirrelMail before 1.4.3 RC1 allows ...)
	{DSA-535}
	- squirrelmail 2:1.4.3a-0.1
CVE-2004-0520 (Cross-site scripting (XSS) vulnerability in mime.php for SquirrelMail ...)
	{DSA-535}
	- squirrelmail 2:1.4.3a-0.1
CVE-2004-0519 (Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail ...)
	{DSA-535}
	- squirrelmail 2:1.4.3a-0.1
CVE-2004-0518 (Unknown vulnerability in AppleFileServer for Mac OS X 10.3.4, related ...)
	NOT-FOR-US: MacOS
CVE-2004-0517 (Unknown vulnerability in Mac OS X 10.3.4, related to &quot;handling of ...)
	NOT-FOR-US: MacOS
CVE-2004-0516 (Unknown vulnerability in Mac OS X 10.3.4, related to &quot;package ...)
	NOT-FOR-US: MacOS
CVE-2004-0515 (Unknown vulnerability in LoginWindow for Mac OS X 10.3.4, related to ...)
	NOT-FOR-US: MacOS
CVE-2004-0514 (Unknown vulnerability in LoginWindow for Mac OS X 10.3.4, related to ...)
	NOT-FOR-US: MacOS
CVE-2004-0513 (Unspecified vulnerability in Mac OS X before 10.3.4 has unknown impact ...)
	NOT-FOR-US: MacOS
CVE-2004-0512 (Multiple unknown vulnerabilities in MMDF on OpenServer 5.0.6 and ...)
	NOT-FOR-US: SCO MMDF
CVE-2004-0511 (Multiple unknown vulnerabilities in MMDF on OpenServer 5.0.6 and ...)
	NOT-FOR-US: SCO MMDF
CVE-2004-0510 (Multiple buffer overflows in MMDF on OpenServer 5.0.6 and 5.0.7, and ...)
	NOT-FOR-US: SCO MMDF
CVE-2004-0509
	RESERVED
CVE-2004-0508
	RESERVED
CVE-2004-0507 (Buffer overflow in the MMSE dissector for Ethereal 0.10.1 to 0.10.3 ...)
	- ethereal 0.10.4
CVE-2004-0506 (The SPNEGO dissector in Ethereal 0.9.8 to 0.10.3 allows remote ...)
	- ethereal 0.10.4
CVE-2004-0505 (The AIM dissector in Ethereal 0.10.3 allows remote attackers to cause ...)
	- ethereal 0.10.4
CVE-2004-0504 (Ethereal 0.10.3 allows remote attackers to cause a denial of service ...)
	- ethereal 0.10.4
CVE-2004-0503 (Microsoft Outlook 2003 allows remote attackers to bypass the default ...)
	NOT-FOR-US: Microsoft
CVE-2004-0502 (Outlook 2003, when replying to an e-mail message, stores certain files ...)
	NOT-FOR-US: Microsoft
CVE-2004-0501 (Outlook 2003 allows remote attackers to bypass intended access ...)
	NOT-FOR-US: Microsoft
CVE-2004-0500 (Buffer overflow in the MSN protocol plugins (1) object.c and (2) slp.c ...)
	- gaim 1:0.81-3
CVE-2004-0499
	REJECTED
CVE-2004-0498 (The H.323 protocol agent in StoneSoft firewall engine 2.2.8 and ...)
	NOT-FOR-US: StoneSoft firewall engine
CVE-2004-0497 (Unknown vulnerability in Linux kernel 2.x may allow local users to ...)
	- kernel-source-2.4.27 2.4.27-1
	- linux-2.6 <not-affected> (fixed before first upload; 2.6.8)
CVE-2004-0496 (Multiple unknown vulnerabilities in Linux kernel 2.6 allow local users ...)
	NOTE: fixed in 2.6.7
CVE-2004-0495 (Multiple unknown vulnerabilities in Linux kernel 2.4 and 2.6 allow ...)
	- kernel-source-2.4.27 <not-affected> (Fixed before upload into archive; 2.4.27-rc1)
CVE-2004-0494 (Multiple extfs backend scripts for GNOME virtual file system (VFS) ...)
	- gnome-vfs 1.0.1
CVE-2004-0493 (The ap_get_mime_headers_core function in Apache httpd 2.0.49 allows ...)
	- apache2 2.0.50-1
CVE-2004-0492 (Heap-based buffer overflow in proxy_util.c for mod_proxy in Apache ...)
	{DSA-525}
	- apache 1.3.31-2
CVE-2004-0491 (The linux-2.4.21-mlock.patch in Red Hat Enterprise Linux 3 does not ...)
	NOTE: appears redhat specific
CVE-2004-0490 (cPanel, when compiling Apache 1.3.29 and PHP with the mod_phpsuexec ...)
	NOT-FOR-US: cPanel is not our cpanel
CVE-2004-0489 (Argument injection vulnerability in the SSH URI handler for Safari on ...)
	NOT-FOR-US: MacOS
CVE-2004-0488 (Stack-based buffer overflow in the ssl_util_uuencode_binary function ...)
	{DSA-532}
	- apache2 2.0.50-1
	- libapache-mod-ssl 2.8.19-1
CVE-2004-0487 (A certain ActiveX control in Symantec Norton AntiVirus 2004 allows ...)
	NOT-FOR-US: Norton
CVE-2004-0486 (HelpViewer in Mac OS X 10.3.3 and 10.2.8 processes scripts that it did ...)
	NOT-FOR-US: MacOS
CVE-2004-0485 (The default protocol helper for the disk: URI on Mac OS X 10.3.3 and ...)
	NOT-FOR-US: MacOS
CVE-2004-0484 (mshtml.dll in Microsoft Internet Explorer 6.0.2800 allows remote attackers to ...)
	NOT-FOR-US: Microsoft
CVE-2004-0483 (Unknown vulnerability in rpc.mountd for SGI IRIX 6.5.24 allows remote ...)
	NOT-FOR-US: IRIX
CVE-2004-0482 (Multiple integer overflows in (1) procfs_cmdline.c, (2) ...)
	NOT-FOR-US: OpenBSD
CVE-2004-0481 (The logging feature in kcms_configure in the KCMS package on Solaris 8 ...)
	NOT-FOR-US: the KCMS on Solaris
CVE-2004-0480 (Argument injection vulnerability in IBM Lotus Notes 6.0.3 and 6.5 ...)
	NOT-FOR-US: Lotus Notes
CVE-2004-0479 (Internet Explorer 6 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Microsoft
CVE-2004-0478 (Unknown versions of Mozilla allow remote attackers to cause a denial ...)
	NOTE: only a Mozilla DOS
CVE-2004-0477 (Unknown vulnerability in 3Com OfficeConnect Remote 812 ADSL Router ...)
	NOT-FOR-US: 3Com OfficeConnect Remote 812 ADSL Router
CVE-2004-0476 (Buffer overflow in 3Com OfficeConnect Remote 812 ADSL Router 1.1.9.4 ...)
	NOT-FOR-US: 3Com OfficeConnect Remote 812 ADSL Router
CVE-2004-0475 (The showHelp function in Internet Explorer 6 on Windows XP Pro allows ...)
	NOT-FOR-US: Microsoft
CVE-2004-0474 (Help Center (HelpCtr.exe) may allow remote attackers to read or ...)
	NOT-FOR-US: Help Center (HelpCtr.exe)
CVE-2004-0473 (Argument injection vulnerability in Opera before 7.50 does not ...)
	NOT-FOR-US: opera
CVE-2004-0472
	REJECTED
CVE-2004-0471 (BEA WebLogic Server and WebLogic Express 7.0 through SP5 and 8.1 ...)
	NOT-FOR-US: BEA WebLogic
CVE-2004-0470 (BEA WebLogic Server and WebLogic Express 7.0 through SP5 and 8.1 ...)
	NOT-FOR-US: BEA WebLogic
CVE-2004-0469 (Buffer overflow in the ISAKMP functionality for Check Point VPN-1 and ...)
	NOT-FOR-US: Check Point VPN
CVE-2004-0468 (Memory leak in Juniper JUNOS Packet Forwarding Engine (PFE) allows ...)
	NOT-FOR-US: Juniper JUNOS
CVE-2004-0467 (Juniper JUNOS 5.x through JUNOS 7.x allows remote attackers to cause a ...)
	NOT-FOR-US: Juniper JUNOS
CVE-2004-0466 (WebConnect 6.5, 6.4.4, and possibly earlier versions allows remote ...)
	NOT-FOR-US: WebConnect
CVE-2004-0465 (Directory traversal vulnerability in jretest.html in WebConnect 6.5 ...)
	NOT-FOR-US: WebConnect
CVE-2004-0464
	RESERVED
CVE-2004-0463
	RESERVED
CVE-2004-0462 (The built-in web servers for multiple networking devices do not set ...)
	NOT-FOR-US: Multiple embedded hardware vendors
CVE-2004-0461 (The DHCP daemon (DHCPD) for ISC DHCP 3.0.1rc12 and 3.0.1rc13, when ...)
	- dhcp3 3.0.1
CVE-2004-0460 (Buffer overflow in the logging capability for the DHCP daemon (DHCPD) ...)
	- dhcp3 3.0.1
CVE-2004-0459 (The Clear Channel Assessment (CCA) algorithm in the IEEE 802.11 ...)
	NOT-FOR-US: DOS in 802.11 protocol
CVE-2004-0458 (mah-jong before 1.6.2 allows remote attackers to cause a denial of ...)
	{DSA-503}
	- mah-jong 1.6.2-1
CVE-2004-0457 (The mysqlhotcopy script in mysql 4.0.20 and earlier, when using the ...)
	{DSA-540}
	- mysql-dfsg 4.0.20-11
	- mysql <removed>
CVE-2004-0456 (Stack-based buffer overflow in pavuk 0.9pl28, 0.9pl27, and possibly ...)
	{DSA-527}
	- pavuk 0.9pl28-3 (bug #264684)
CVE-2004-0455 (Buffer overflow in cgi.c in www-sql before 0.5.7 allows local users to ...)
	{DSA-523}
	- www-sql 0.5.7-18
CVE-2004-0454 (Buffer overflow in the msg function for rlpr daemon (rlprd) 2.04 ...)
	{DSA-524}
	- rlpr 2.02-7.1 (bug #255402)
CVE-2004-0453 (Format string vulnerability in the monitor &quot;memory dump&quot; command in ...)
	- vice 1.14-2
CVE-2004-0452 (Race condition in the rmtree function in the File::Path module in Perl ...)
	{DSA-1678-1 DSA-620-1}
	- perl 5.8.4-5
CVE-2004-0451 (Multiple format string vulnerabilities in the (1) logquit, (2) logerr, ...)
	{DSA-521}
	- sup 1.8-11
CVE-2004-0450 (Format string vulnerability in the printlog function in log2mail ...)
	{DSA-513}
	- log2mail 0.2.8-3
CVE-2004-0449
	RESERVED
CVE-2004-0448 (Format string vulnerability in the log function for jftpgw 0.13.4 and ...)
	{DSA-510}
	- jftpgw 0.13.4-1
CVE-2004-0447 (Unknown vulnerability in Linux before 2.4.26 for IA64 allows local ...)
	{DSA-1082-1 DSA-1070-1 DSA-1069-1 DSA-1067-1}
	- kernel-source-2.4.27 <not-affected> (Fixed before upload into archive; 2.4.26)
CVE-2004-0446
	RESERVED
CVE-2004-0445 (The SYMDNS.SYS driver in Symantec Norton Internet Security and ...)
	NOT-FOR-US: Norton
CVE-2004-0444 (Multiple vulnerabilities in SYMDNS.SYS for Symantec Norton Internet ...)
	NOT-FOR-US: Norton
CVE-2004-0443
	RESERVED
CVE-2004-0442
	RESERVED
CVE-2004-0441
	RESERVED
CVE-2004-0440
	RESERVED
CVE-2004-0439
	RESERVED
CVE-2004-0438
	RESERVED
CVE-2004-0437 (Titan FTP Server version 3.01 build 163, and possibly other versions ...)
	NOT-FOR-US: Titan FTP Server
CVE-2004-0436
	RESERVED
CVE-2004-0435 (Certain &quot;programming errors&quot; in the msync system call for FreeBSD ...)
	NOT-FOR-US: FreeBSD
CVE-2004-0434 (k5admind (kadmind) for Heimdal allows remote attackers to execute ...)
	{DSA-504}
	- heimdal 0.6.2-1
CVE-2004-0433 (Multiple buffer overflows in the Real-Time Streaming Protocol (RTSP) ...)
	- mplayer 1.0~pre6a-1
	- xine-lib 1-rc4
CVE-2004-0432 (ProFTPD 1.2.9 treats the Allow and Deny directives for CIDR based ACL ...)
	- proftpd 1.2.9-4
CVE-2004-0431 (Integer overflow in Apple QuickTime (QuickTime.qts) before 6.5.1 ...)
	NOT-FOR-US: Apple QuickTime
CVE-2004-0430 (Stack-based buffer overflow in AppleFileServer for Mac OS X 10.3.3 and ...)
	NOT-FOR-US: MacOS
CVE-2004-0429 (Unknown vulnerability related to &quot;the handling of large requests&quot; in ...)
	NOT-FOR-US: RAdmin for Mac OS X
CVE-2004-0428 (Unknown vulnerability in CoreFoundation in Mac OS X 10.3.3 and Mac OS ...)
	NOT-FOR-US: Mac OS X)
CVE-2004-0427 (The do_fork function in Linux 2.4.x before 2.4.26, and 2.6.x before ...)
	{DSA-1082-1 DSA-1070-1 DSA-1069-1 DSA-1067-1}
	- linux-2.6 <not-affected> (Fixed before upload of linux-2.6 package into the archive; 2.6.6)
	- kernel-source-2.4.27 <not-affected> (Fixed before upload of package into the archive; 2.4.26)
CVE-2004-0426 (rsync before 2.6.1 does not properly sanitize paths when running a ...)
	{DSA-499}
	- rsync 2.6.1-1
CVE-2004-0425 (Heap-based buffer overflow in SiteMinder Affiliate Agent 4.x allows ...)
	NOT-FOR-US: windows
CVE-2004-0424 (Integer overflow in the ip_setsockopt function in Linux kernel 2.4.22 ...)
	NOTE: fixed after 2.6.4/2.4.26 kernel
CVE-2004-0423 (The log_event function in ssmtp 2.50.6 and earlier allows local users ...)
	- ssmtp <unfixed> (unimportant)
	NOTE: bug still exists in the ssmtp source, but is only activated if
	NOTE: --enable-logfile is used in ./configure
	NOTE: The package doesn't enable that flag so it is safe.
CVE-2004-0422 (flim before 1.14.3 creates temporary files insecurely, which allows ...)
	{DSA-500}
	- flim 1:1.14.6+0.20040415-1
CVE-2004-0421 (The Portable Network Graphics library (libpng) 1.0.15 and earlier ...)
	{DSA-498}
	- libpng 1.0.15-5
	- libpng3 1.2.5.0-6
CVE-2004-0420 (The Windows Shell application in Windows 98, Windows ME, Windows NT ...)
	NOT-FOR-US: windows
CVE-2004-0419 (XDM in XFree86 opens a chooserFd TCP socket even when ...)
	[sarge] - xfree86 <not-affected> (vulnerable code not present)
	- xdm <not-affected> (vulnerable code not present)
CVE-2004-0418 (serve_notify in CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, ...)
	{DSA-519}
	- cvs 1:1.12.9-1
CVE-2004-0417 (Integer overflow in the &quot;Max-dotdot&quot; CVS protocol command ...)
	{DSA-519}
	- cvs 1:1.12.9-1
CVE-2004-0416 (Double free vulnerability for the error_prog_name string in CVS 1.12.x ...)
	{DSA-519}
	- cvs 1:1.12.9-1
CVE-2004-0415 (Linux kernel does not properly convert 64-bit file offset pointers to ...)
	- kernel-source-2.4.27 <not-affected> (Fixed before upload into archive; 2.4.27-rc6)
CVE-2004-0414 (CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, does not ...)
	{DSA-517}
	- cvs 1:1.12.9-1
CVE-2004-0413 (libsvn_ra_svn in Subversion 1.0.4 trusts the length field of (1) ...)
	- subversion 1.0.5-1
CVE-2004-0412 (Mailman before 2.1.5 allows remote attackers to obtain user passwords ...)
	- mailman 2.1.4-5
CVE-2004-0411 (The URI handlers in Konqueror for KDE 3.2.2 and earlier do not ...)
	{DSA-518}
	- kdelibs 4:3.2.3
CVE-2004-0410
	REJECTED
CVE-2004-0409 (Stack-based buffer overflow in the Socks-5 proxy code for XChat 1.8.0 ...)
	{DSA-493}
	- xchat 2.0.8-1
CVE-2004-0408 (Buffer overflow in the child_service function in the ident2 ident ...)
	{DSA-494}
	- ident2 1.04-2
CVE-2004-0407 (The HTML form upload capability in ColdFusion MX 6.1 does not reclaim ...)
	NOT-FOR-US: ColdFusion
CVE-2004-0406
	RESERVED
CVE-2004-0405 (CVS before 1.11 allows CVS clients to read arbitrary files via .. (dot ...)
	{DSA-486}
	- cvs 1:1.12.5-4 (medium)
CVE-2004-0404 (logcheck before 1.1.1 allows local users to overwrite arbitrary files ...)
	{DSA-488}
	- logcheck 1.1.1-13.2
CVE-2004-0403 (Racoon before 20040408a allows remote attackers to cause a denial of ...)
	- ipsec-tools 0.3.1-3
CVE-2004-0402 (Buffer overflow in xpcd-svga in xpcd before 2.08, and possibly other ...)
	{DSA-508}
	- xpcd 2.08-10
CVE-2004-0401 (Unknown vulnerability in libtasn1 0.1.x before 0.1.2, and 0.2.x before ...)
	- libtasn1 0.1.2-2
CVE-2004-0400 (Stack-based buffer overflow in Exim 4 before 4.33, when the ...)
	{DSA-502 DSA-501}
	- exim 3.36-11
	- exim4 4.33-1
	- exim-tls <removed>
CVE-2004-0399 (Stack-based buffer overflow in Exim 3.35, and other versions before 4, ...)
	{DSA-502 DSA-501}
	- exim 3.36-11
	- exim4 4.33-1
	- exim-tls <removed>
CVE-2004-0398 (Heap-based buffer overflow in the ne_rfc1036_parse date parsing ...)
	{DSA-507 DSA-506}
	- cadaver 0.22.1-3
	- neon 0.24.6.dfsg-1
CVE-2004-0397 (Stack-based buffer overflow during the apr_time_t data conversion in ...)
	- subversion 1.0.3-1 (bug #249791)
CVE-2004-0396 (Heap-based buffer overflow in CVS 1.11.x up to 1.11.15, and 1.12.x up ...)
	{DSA-505}
	- cvs 1:1.12.5-6
CVE-2004-0395 (The xatitv program in the gatos package does not properly drop root ...)
	{DSA-509}
	- gatos 0.0.5-12
CVE-2004-0394 (A &quot;potential&quot; buffer overflow exists in the panic() function in Linux ...)
	{DSA-1082-1 DSA-1070-1 DSA-1069-1 DSA-1067-1}
	- linux-2.6 <not-affected>
	NOTE: patch: http://www.ultramonkey.org/bugs/cve-patch/CVE-2004-0394.patch
CVE-2004-0393 (Format string vulnerability in the msg function for rlpr daemon ...)
	{DSA-524}
	- rlpr 2.02-7.1 (bug #255402)
CVE-2004-0392 (racoon before 20040407b allows remote attackers to cause a denial of ...)
	- apache 1.3.31-2
CVE-2004-0391 (Cisco Wireless LAN Solution Engine (WLSE) 2.0 through 2.5 and Hosting ...)
	NOT-FOR-US: Cisco
CVE-2004-0390 (SCO OpenServer 5.0.5 through 5.0.7 only supports Xauthority style ...)
	NOT-FOR-US: SCO OpenServer
CVE-2004-0389 (RealNetworks Helix Universal Server 9.0.1 and 9.0.2 allows remote ...)
	NOT-FOR-US: RealNetworks Helix Universal Server
CVE-2004-0388 (The mysqld_multi script in MySQL allows local users to overwrite ...)
	{DSA-483}
	- mysql-dfsg 4.0.18-6
CVE-2004-0387 (Stack-based buffer overflow in the RT3 plugin, as used in RealPlayer ...)
	NOT-FOR-US: RealPlayer plugin
CVE-2004-0386 (Buffer overflow in the HTTP parser for MPlayer 1.0pre3 and earlier, ...)
	- mplayer 1.0~pre6a-1
CVE-2004-0385 (Heap-based buffer overflow in Oracle 9i Application Server Web Cache ...)
	NOT-FOR-US: Oracle 9i Application Server Web Cache
CVE-2004-0384
	RESERVED
CVE-2004-0383 (Unknown vulnerability in Mail for Mac OS X 10.3.3 and 10.2.8, with ...)
	NOT-FOR-US: Mail for Mac OS X
CVE-2004-0382 (Unknown vulnerability in the CUPS printing system in Mac OS X 10.3.3 ...)
	NOT-FOR-US: CUPS printing system in Mac OS X
CVE-2004-0381 (mysqlbug in MySQL allows local users to overwrite arbitrary files via ...)
	{DSA-483}
	- mysql-dfsg 4.0.18-4
CVE-2004-0380 (The MHTML protocol handler in Microsoft Outlook Express 5.5 SP2 ...)
	NOT-FOR-US: Microsoft Outlook Express
CVE-2004-0379 (Multiple cross-site scripting (XSS) vulnerabilities in Microsoft ...)
	NOT-FOR-US: Microsoft SharePoint Portal Server 2001
CVE-2004-0378
	RESERVED
CVE-2004-0377 (Buffer overflow in the win32_stat function for (1) ActiveState's ...)
	- perl <not-affected> (Win32 specific)
CVE-2004-0376 (oftpd 0.3.6 and earlier allows remote attackers to cause a denial of ...)
	{DSA-473}
	- oftpd 20040304-1 (bug #353882)
CVE-2004-0375 (SYMNDIS.SYS in Symantec Norton Internet Security 2003 and 2004, Norton ...)
	NOT-FOR-US: Symantec Norton Internet Security
CVE-2004-0374 (Interchange before 5.0.1 allows remote attackers to &quot;expose the ...)
	{DSA-471}
	- interchange 5.0.1-1
CVE-2004-0373
	RESERVED
CVE-2004-0372 (xine allows local users to overwrite arbitrary files via a symlink ...)
	{DSA-477}
	- xine-ui 0.99.1-1
CVE-2004-0371 (Heimdal 0.6.x before 0.6.1 and 0.5.x before 0.5.3 does not properly ...)
	{DSA-476}
	- heimdal 0.6.1-1
CVE-2004-0370 (The setsockopt call in the KAME Project IPv6 implementation, as used ...)
	NOT-FOR-US: KAME
CVE-2004-0369 (Buffer overflow in Entrust LibKmp ISAKMP library, as used by Symantec ...)
	NOT-FOR-US: Entrust LibKmp ISAKMP library
CVE-2004-0368 (Double free vulnerability in dtlogin in CDE on Solaris, HP-UX, and ...)
	NOT-FOR-US: CDE
CVE-2004-0367 (Ethereal 0.10.1 to 0.10.2 allows remote attackers to cause a denial of ...)
	- ethereal 0.10.3 (bug #239576)
	[woody] - ethereal <not-affected> (Not vulnerable per DSA-511)
CVE-2004-0366 (SQL injection vulnerability in the libpam-pgsql library before 0.5.2 ...)
	{DSA-469}
	- pam-pgsql 0.5.2-7.1
	NOTE: fix was accidentially reverted in a later upload and later re-introduced in 0.5.2-9
CVE-2004-0365 (The dissect_attribute_value_pairs function in packet-radius.c for ...)
	- ethereal 0.10.3 (bug #239576)
	[woody] - ethereal <not-affected> (Not vulnerable per DSA-511)
CVE-2004-0364 (The WrapNISUM ActiveX component (WrapUM.dll) in Norton Internet ...)
	NOT-FOR-US: WrapNISUM ActiveX
CVE-2004-0363 (Stack-based buffer overflow in the SymSpamHelper ActiveX component ...)
	NOT-FOR-US: SymSpamHelper ActiveX
CVE-2004-0362 (Multiple stack-based buffer overflows in the ICQ parsing routines of ...)
	NOT-FOR-US: ISS Protocol Analysis Module
CVE-2004-0361 (The Javascript engine in Safari 1.2 and earlier allows remote ...)
	NOT-FOR-US: safari
CVE-2004-0360 (Unknown vulnerability in passwd(1) in Solaris 8.0 and 9.0 allows local ...)
	NOT-FOR-US: solaris
CVE-2004-0359 (Cross-site scripting (XSS) vulnerability in index.php for Invision ...)
	NOT-FOR-US: Invision Power Board
CVE-2004-0358 (Cross-site scripting (XSS) vulnerability in VirtuaNews Admin Panel Pro ...)
	NOT-FOR-US: VirtuaNews Admin Panel
CVE-2004-0357 (Stack-based buffer overflows in SL Mail Pro 2.0.9 allow remote ...)
	NOT-FOR-US: SL Mail Pro
CVE-2004-0355 (Invision Power Board 1.3 Final allows remote attackers to gain ...)
	NOT-FOR-US: Invision Power Board
CVE-2004-0354 (Multiple format string vulnerabilities in GNU Anubis 3.6.0 through ...)
	NOT-FOR-US: GNU Anubis
CVE-2004-0353 (Multiple buffer overflows in auth_ident() function in auth.c for GNU ...)
	NOT-FOR-US: GNU Anubis
CVE-2004-0352 (Cisco 11000 Series Content Services Switches (CSS) running WebNS ...)
	NOT-FOR-US: Cisco
CVE-2004-0351 (Spider Sales shopping cart stores the private key in the same database ...)
	NOT-FOR-US: Spider Sales
CVE-2004-0350 (SpiderSales shopping cart does not enforce a minimum length for the ...)
	NOT-FOR-US: Spider Sales
CVE-2004-0349 (Directory traversal vulnerability in GWeb HTTP Server 0.6 allows ...)
	NOT-FOR-US: GWeb HTTP Server
CVE-2004-0348 (SQL injection vulnerability in viewCart.asp in SpiderSales shopping ...)
	NOT-FOR-US: SpiderSales
CVE-2004-0346 (Off-by-one buffer overflow in _xlate_ascii_write() in ProFTPD 1.2.7 ...)
	- proftpd 1.2.9
CVE-2004-0345 (Buffer overflow in Red Faction client 1.20 and earlier allows remote ...)
	NOT-FOR-US: Red Faction
CVE-2004-0344 (Directory traversal vulnerability in ModifyMessage.php in YaBB SE ...)
	NOT-FOR-US: YaBB SE
CVE-2004-0343 (Multiple SQL injection vulnerabilities in YaBB SE 1.5.4 through 1.5.5b ...)
	NOT-FOR-US: YaBB SE
CVE-2004-0342 (WFTPD Pro Server 3.21 Release 1, with the XeroxDocutech option ...)
	NOT-FOR-US: WFPTD
CVE-2004-0341 (WFTPD Pro Server 3.21 Release 1 allocates memory for a command until a ...)
	NOT-FOR-US: WFPTD
CVE-2004-0340 (Stack-based buffer overflow in WFTPD Pro Server 3.21 Release 1, Pro ...)
	NOT-FOR-US: WFPTD
CVE-2004-0339 (Cross-site scripting (XSS) vulnerability in ViewTopic.php in phpBB, ...)
	- phpbb2 2.0.6d
CVE-2004-0338 (SQL injection vulnerability in search.php for Invision Board Forum ...)
	NOT-FOR-US: Invision Board Forum
CVE-2004-0337 (Cross-site scripting (XSS) vulnerability in LAN SUITE Web Mail 602Pro ...)
	NOT-FOR-US: 602LAN SUITE
CVE-2004-0335 (LAN SUITE Web Mail 602Pro, when configured to use the &quot;Directory ...)
	NOT-FOR-US: 602LAN SUITE
CVE-2004-0334 (InnoMedia VideoPhone allows remote attackers to bypass Basic ...)
	NOT-FOR-US: AXIS 2100
CVE-2004-0333 (Buffer overflow in the UUDeview package, as used in WinZip 6.2 through ...)
	- uudeview 0.5.20 (medium)
CVE-2004-0332 (Extremail 1.5.9 does not check passwords correctly when they are all ...)
	NOT-FOR-US: extremail
CVE-2004-0331 (Heap-based buffer overflow in Dell OpenManage Web Server 3.4.0 allows ...)
	NOT-FOR-US: Dell OpenManage Web Server
CVE-2004-0330 (Buffer overflow in Serv-U ftp before 5.0.0.4 allows remote ...)
	NOT-FOR-US: Serv-U
CVE-2004-0329 (FreeChat 1.1.1a allows remote attackers to cause a denial of service ...)
	NOT-FOR-US: FreeChat
CVE-2004-0328 (Gigabyte Gn-B46B 2.4Ghz wireless broadband router firmware 1.003.00 ...)
	NOT-FOR-US: Gigabyte Broadband Router
CVE-2004-0327 (Directory traversal vulnerability in functions.php in PhpNewsManager ...)
	NOT-FOR-US: PhpNewsManager
CVE-2004-0326 (Buffer overflow in the web proxy for GateKeeper Pro 4.7 allows remote ...)
	NOT-FOR-US: GateKeeper Pro
CVE-2004-0325 (TYPSoft FTP Server 1.10 allows remote authenticated users to cause a ...)
	NOT-FOR-US: TypSoft
CVE-2004-0324 (Confirm 0.62 and earlier could allow remote attackers to execute ...)
	NOT-FOR-US: confirm 0.70
CVE-2004-0323 (Multiple SQL injection vulnerabilities in XMB 1.8 Final SP2 allow ...)
	NOT-FOR-US: xmb 1.8 final sp2
CVE-2004-0322 (Multiple cross-site scripting (XSS) vulnerabilities in XMB 1.8 Final ...)
	NOT-FOR-US: xmb 1.8 final sp2
CVE-2004-0321 (Team Factor 1.25 and earlier allows remote attackers to cause a denial ...)
	NOT-FOR-US: Team Factor
CVE-2004-0319 (Cross-site scripting (XSS) vulnerability in the font tag in ezBoard ...)
	NOT-FOR-US: ezBoard
CVE-2004-0318 (Load Sharing Facility (LSF) 4.x, 5.x, and 6.x uses the LSF_EAUTH_UID ...)
	NOT-FOR-US: Load Sharing Facility
CVE-2004-0317 (Buffer overflow in eauth in Load Sharing Facility 4.x, 5.x, and 6.x ...)
	NOT-FOR-US: Load Sharing Facility
CVE-2004-0316 (Buffer overflow in Avirt Soho 4.3 allows remote attackers to cause a ...)
	NOT-FOR-US: Avirt
CVE-2004-0315 (Buffer overflow in Avirt Voice 4.0 allows remote attackers to cause a ...)
	NOT-FOR-US: Avirt
CVE-2004-0314 (Cross-site scripting (XSS) vulnerability in done.jsp in WebzEdit 1.9 ...)
	NOT-FOR-US: WebzEdit
CVE-2004-0313 (Buffer overflow in PSOProxy 0.91 allows remote attackers to cause a ...)
	NOT-FOR-US: PSOProxy
CVE-2004-0312 (Linksys WAP55AG 1.07 allows remote attackers with access to an SNMP ...)
	NOT-FOR-US: LINKSYS
CVE-2004-0311 (American Power Conversion (APC) Web/SNMP Management SmartSlot Card 3.0 ...)
	NOT-FOR-US: APC
CVE-2004-0310 (Cross-site scripting (XSS) vulnerability in LiveJournal 1.0 and 1.1 ...)
	NOT-FOR-US: LiveJournal
CVE-2004-0308 (Unknown vulnerability in Cisco ONS 15327 before 4.1(3), ONS 15454 ...)
	NOT-FOR-US: cisco
CVE-2004-0305 (Cross-site scripting (XSS) vulnerability in error.asp in WebCortex ...)
	NOT-FOR-US: WebCortex WebStores
CVE-2004-0304 (SQL injection vulnerability in browse_items.asp in WebCortex WebStores ...)
	NOT-FOR-US: WebCortex WebStores
CVE-2004-0303 (OWLS 1.0 allows remote attackers to retrieve arbitrary files via ...)
	NOT-FOR-US: OWLS 1.0
CVE-2004-0302 (Directory traversal vulnerability in OWLS 1.0 allows remote attackers ...)
	NOT-FOR-US: OWLS 1.0
CVE-2004-0301 (Cross-site scripting (XSS) vulnerability in more.php for Online Store ...)
	NOT-FOR-US: Online Store Kit
CVE-2004-0300 (SQL injection vulnerability in Online Store Kit 3.0 allows remote ...)
	NOT-FOR-US: Online Store Kit
CVE-2004-0299 (Buffer overflow in smallftpd 0.99 allows local users to cause a denial ...)
	NOT-FOR-US: smallftpd;
CVE-2004-0298 (CesarFTP 0.99e allows remote attackers to cause a denial of service ...)
	NOT-FOR-US: CesarFTP; Win32
CVE-2004-0296 (TsFtpSrv.exe in Broker FTP 6.1.0.0 allows remote attackers to cause a ...)
	NOT-FOR-US: Broker FTP 6.1.0.0; Win32
CVE-2004-0295 (TsFtpSrv.exe in Broker FTP 6.1.0.0 allows remote attackers to cause a ...)
	NOT-FOR-US: Broker FTP 6.1.0.0 again; Win32
CVE-2004-0294 (YaBB 1 SP 1.3.1 displays different error messages when a user exists ...)
	NOT-FOR-US: yabb;
CVE-2004-0293 (Directory traversal vulnerability in ShopCartCGI 2.3 allows remote ...)
	NOT-FOR-US: ShopCartCGI 2.3;
CVE-2004-0292 (Buffer overflow in KarjaSoft Sami HTTP Server 1.0.4 allows remote ...)
	NOT-FOR-US: KarjaSoft Sami HTTP Server 1.0.4; Win32
CVE-2004-0291 (SQL injection vulnerability in post.php for YaBB SE 1.5.4 and 1.5.5 ...)
	NOT-FOR-US: YaBB;
CVE-2004-0290 (Buffer overflow in Purge Jihad 2.0.1 and earlier allows remote game ...)
	NOT-FOR-US: Purge Jihad;
CVE-2004-0289 (Buffer overflow in sdbscan in SignatureDB 0.1.1 allows local users to ...)
	NOT-FOR-US: SignatureDB;
CVE-2004-0288 (Buffer overflow in the UdmDocToTextBuf function in mnoGoSearch 3.2.13 ...)
	- mnogosearch 3.2.18
	NOTE: it's not quite clear which version exactly fixes the problem;
	NOTE: I checked the source code of the most recent version and compared
	NOTE: it with the problematic section described in the advisory
	NOTE: (http://marc.theaimsgroup.com/?l=bugtraq&m=107695139930726&w=2)
	NOTE: and I can confirm the buffer overflow is fixed there
CVE-2004-0287 (Xlight FTP server 1.52 allows remote authenticated users to cause a ...)
	NOT-FOR-US: Xlight FTP server 1.52;
CVE-2004-0286 (Buffer overflow in RobotFTP 1.0 and 2.0 beta 1 allows remote ...)
	NOT-FOR-US: RobotFTP;
CVE-2004-0285 (PHP remote file inclusion vulnerabilities in include/footer.inc.php in ...)
	NOT-FOR-US: PHP scripts
CVE-2004-0284 (Microsoft Internet Explorer 6.0, Outlook 2002, and Outlook 2003 allow ...)
	NOT-FOR-US: MSIE bugs
CVE-2004-0283 (Mailmgr 1.2.3 allows local users to overwrite arbitrary files via a ...)
	NOT-FOR-US: mailmgr;
CVE-2004-0282 (Crob FTP daemon 3.5.2 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Crob FTP;
CVE-2004-0281 (Caucho Technology Resin 2.1.12 allows remote attackers to gain ...)
	NOT-FOR-US: Caucho Technology Resin;
CVE-2004-0280 (Caucho Technology Resin 2.1.12 allows remote attackers to view JSP ...)
	NOT-FOR-US: Caucho Technology Resin;
CVE-2004-0279 (AIM Sniff (aimSniff.pl) 0.9b allows local users to overwrite arbitrary ...)
	NOT-FOR-US: AIMSniff;
CVE-2004-0278 (Ratbag game engine, as used in products such as Dirt Track Racing, ...)
	NOT-FOR-US: Ratbag game engine;
CVE-2004-0277 (Format string vulnerability in Dream FTP 1.02 allows remote attackers ...)
	NOT-FOR-US: Dream FTP;
CVE-2004-0275 (SQL injection vulnerability in calendar_download.php in BosDates 3.2 ...)
	NOT-FOR-US: BosDates;
CVE-2004-0272 (SQL injection vulnerability in MaxWebPortal allows remote attackers to ...)
	NOT-FOR-US: MaxWebPortal;
CVE-2004-0271 (Multiple cross-site scripting vulnerabilities (XSS) in MaxWebPortal ...)
	NOT-FOR-US: MaxWebPortal;
CVE-2004-0269 (SQL injection vulnerability in PHP-Nuke 6.9 and earlier, and possibly ...)
	NOT-FOR-US: PHP-Nuke;
CVE-2004-0268 (Multiple buffer overflows in EvolutionX 3921 and 3935 allow remote ...)
	NOT-FOR-US: EvolutionX;
CVE-2004-0267 (The (1) inoregupdate, (2) uniftest, or (3) unimove scripts in eTrust ...)
	NOT-FOR-US: eTrust InoculateIT;
CVE-2004-0266 (SQL injection vulnerability in the &quot;public message&quot; capability ...)
	NOT-FOR-US: PHP-Nuke;
CVE-2004-0265 (Cross-site scripting (XSS) vulnerability in modules.php for Php-Nuke ...)
	NOT-FOR-US: PHP-Nuke;
CVE-2004-0264 (palmhttpd for PalmOS allows remote attackers to cause a denial of ...)
	NOT-FOR-US: PalmOS
CVE-2004-0262 (Stack-based buffer overflow in The Palace 3.5 and earlier client ...)
	NOT-FOR-US: The Palace;
CVE-2004-0260 (The AddToMailingList function in CactuSoft CactuShop 5.0 Lite contains ...)
	NOT-FOR-US: CactuShop;
CVE-2004-0259 (The check_referer() function in Formmail.php 5.0 and earlier allows ...)
	NOT-FOR-US: formmail.php;
CVE-2004-0258 (Multiple buffer overflows in RealOne Player, RealOne Player 2.0, ...)
	NOT-FOR-US: RealPlayer
CVE-2004-0255 (Xlight 1.52, with log to screen enabled, allows remote attackers to ...)
	NOT-FOR-US: Xlight;
CVE-2004-0254 (Cross-site scripting (XSS) vulnerability in Discuz! Board 2.x and 3.x ...)
	NOT-FOR-US: Discuz;
CVE-2004-0253 (IBM Cloudscape 5.1 running jdk 1.4.2_03 allows remote attackers to ...)
	NOT-FOR-US: IBM Cloudscape
CVE-2004-0252 (TYPSoft FTP Server 1.10 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: TYPSoft FTP Server
CVE-2004-0251 (Cross-site scripting (XSS) vulnerability in rxgoogle.cgi allows remote ...)
	NOT-FOR-US: rxgoogle.cgi
CVE-2004-0250 (SQL injection vulnerability in PhotoPost PHP Pro 4.6 and earlier ...)
	NOT-FOR-US: PhotoPost PHP Pro
CVE-2004-0249 (PHPX 2.0 through 3.2.4 allows remote attackers to gain access to other ...)
	NOT-FOR-US: PHPX
CVE-2004-0248 (Cross-site scripting vulnerability (XSS) in PHPX 3.2.3 allows remote ...)
	NOT-FOR-US: PHPX
CVE-2004-0247 (The client and server of Chaser 1.50 and earlier allow remote ...)
	NOT-FOR-US: Chaser
CVE-2004-0246 (Multiple PHP remote file inclusion vulnerabilities in (1) ...)
	NOT-FOR-US: Les Commentaires
CVE-2004-0245 (Web Crossing 4.x and 5.x allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Web Crossing
CVE-2004-0244 (Cisco 6000, 6500, and 7600 series systems with Multilayer Switch ...)
	NOT-FOR-US: Cisco
CVE-2004-0243 (AIX 4.3.3 through AIX 5.1, when direct remote login is disabled, ...)
	NOT-FOR-US: AIX
CVE-2004-0242 (X-Cart 3.4.3 allows remote attackers to gain sensitive information via ...)
	NOT-FOR-US: X-Cart 3.4.3
CVE-2004-0241 (X-Cart 3.4.3 allows remote attackers to execute arbitrary commands via ...)
	NOT-FOR-US: X-Cart 3.4.3
CVE-2004-0240 (Directory traversal vulnerability in X-Cart 3.4.3 allows remote ...)
	NOT-FOR-US: X-Cart 3.4.3
CVE-2004-0239 (SQL injection vulnerability in showphoto.php in PhotoPost PHP Pro 4.6 ...)
	NOT-FOR-US: PhotoPost PHP Pro
CVE-2004-0238 (Multiple buffer overflows in Overkill (0verkill) 0.15pre3 might allow ...)
	- overkill 0.16-7
CVE-2004-0237 (Directory traversal vulnerability in index.php in Aprox PHP Portal ...)
	NOT-FOR-US: Aprox PHP Portal
CVE-2004-0236 (SQL injection vulnerability in login.asp in thePHOTOtool allows remote ...)
	NOT-FOR-US: thePHOTOtool
CVE-2004-0235 (Multiple directory traversal vulnerabilities in LHA 1.14 allow remote ...)
	{DSA-515}
	- lha 1.14i-8
CVE-2004-0234 (Multiple stack-based buffer overflows in the get_header function in ...)
	{DSA-515}
	- lha 1.14i-8
CVE-2004-0233 (Utempter allows device names that contain .. (dot dot) directory ...)
	NOT-FOR-US: utempter
CVE-2004-0232 (Multiple format string vulnerabilities in Midnight Commander (mc) ...)
	{DSA-497}
	- mc 1:4.6.0-4.6.1-pre1-2
CVE-2004-0231 (Multiple vulnerabilities in Midnight Commander (mc) before 4.6.0, with ...)
	{DSA-497}
	- mc 1:4.6.0-4.6.1-pre1-2
CVE-2004-0230 (TCP, when using a large Window Size, makes it easier for remote ...)
	NOT-FOR-US: famous TCP RST bug
CVE-2004-0229 (The framebuffer driver in Linux kernel 2.6.x does not properly use the ...)
	NOT-FOR-US: Kernel 2.6 framebuffer bug
CVE-2004-0228 (Integer signedness error in the cpufreq proc handler (cpufreq_procctl) ...)
	- kernel-source-2.4.27 <not-affected> (2.4 does not have cpufreq)
	- linux-2.6 <not-affected> (fixed before first upload; 2.6.8)
CVE-2004-0227 (Buffer overflow in the zms script in ZoneMinder before 1.19.2 may ...)
	NOT-FOR-US: ZoneMinder
CVE-2004-0226 (Multiple buffer overflows in Midnight Commander (mc) before 4.6.0 may ...)
	{DSA-497}
	- mc 1:4.6.0-4.6.1-pre1-2
CVE-2004-0225
	RESERVED
CVE-2004-0224 (Multiple buffer overflows in (1) iso2022jp.c or (2) shiftjis.c for ...)
	- courier 0.45.1-1
CVE-2004-0223
	RESERVED
CVE-2004-0222 (Multiple memory leaks in isakmpd in OpenBSD 3.4 and earlier allow ...)
	NOT-FOR-US: isakmpd in OpenBSD
CVE-2004-0221 (isakmpd in OpenBSD 3.4 and earlier allows remote attackers to cause a ...)
	NOT-FOR-US: isakmpd in OpenBSD
CVE-2004-0220 (isakmpd in OpenBSD 3.4 and earlier allows remote attackers to cause a ...)
	NOT-FOR-US: isakmpd in OpenBSD
CVE-2004-0219 (isakmpd in OpenBSD 3.4 and earlier allows remote attackers to cause a ...)
	NOT-FOR-US: isakmpd in OpenBSD
CVE-2004-0218 (isakmpd in OpenBSD 3.4 and earlier allows remote attackers to cause a ...)
	NOT-FOR-US: isakmpd in OpenBSD
CVE-2004-0217 (The LiveUpdate capability (liveupdate.sh) in Symantec AntiVirus Scan ...)
	NOT-FOR-US: Symantec AntiVirus Scan Engine for Red Hat
CVE-2004-0216 (Integer overflow in the Install Engine (inseng.dll) for Internet ...)
	NOT-FOR-US: MSIE bug
CVE-2004-0215 (Microsoft Outlook Express 5.5 and 6 allows attackers to cause a denial of ...)
	NOT-FOR-US: MS-Outlook-Express
CVE-2004-0214 (Buffer overflow in Microsoft Internet Explorer and Explorer on Windows ...)
	NOT-FOR-US: MSIE bug
CVE-2004-0213 (Utility Manager in Windows 2000 launches winhlp32.exe while Utility ...)
	NOT-FOR-US: Windows bug
CVE-2004-0212 (Stack-based buffer overflow in the Task Scheduler for Windows 2000 and ...)
	NOT-FOR-US: Windows bug
CVE-2004-0211 (The kernel for Microsoft Windows Server 2003 does not reset certain ...)
	NOT-FOR-US: Windows bug
CVE-2004-0210 (The POSIX component of Microsoft Windows NT and Windows 2000 allows ...)
	NOT-FOR-US: Windows bug
CVE-2004-0209 (Unknown vulnerability in the Graphics Rendering Engine processes of ...)
	NOT-FOR-US: Windows bug
CVE-2004-0208 (The Virtual DOS Machine (VDM) subsystem of Microsoft Windows NT 4.0, ...)
	NOT-FOR-US: Windows bug
CVE-2004-0207 (&quot;Shatter&quot; style vulnerability in the Window Management application ...)
	NOT-FOR-US: Windows bug
CVE-2004-0206 (Network Dynamic Data Exchange (NetDDE) services for Microsoft Windows ...)
	NOT-FOR-US: Windows bug
CVE-2004-0205 (Buffer overflow in Microsoft Internet Information Server (IIS) 4.0 ...)
	NOT-FOR-US: Windows bug
CVE-2004-0204 (Directory traversal vulnerability in the web viewers for Business ...)
	NOT-FOR-US: Visual Studio bug
CVE-2004-0203 (Cross-site scripting (XSS) vulnerability in Outlook Web Access for ...)
	NOT-FOR-US: Exchange bug
CVE-2004-0202 (IDirectPlay4 Application Programming Interface (API) of Microsoft ...)
	NOT-FOR-US: DirectX
CVE-2004-0201 (Heap-based buffer overflow in the HtmlHelp program (hh.exe) in HTML ...)
	NOT-FOR-US: Windows HTML Help
CVE-2004-0200 (Buffer overflow in the JPEG (JPG) parsing engine in the Microsoft ...)
	NOT-FOR-US: famous Windows GDI+ JPEG parsing bug
CVE-2004-0199 (Help and Support Center in Microsoft Windows XP and Windows Server ...)
	NOT-FOR-US: Windows bug
CVE-2004-0198
	RESERVED
CVE-2004-0197 (Buffer overflow in Microsoft Jet Database Engine 4.0 allows remote ...)
	NOT-FOR-US: MSJet bug
CVE-2004-0196
	RESERVED
CVE-2004-0195
	RESERVED
CVE-2004-0192 (Cross-site scripting (XSS) vulnerability in the Management Service for ...)
	NOT-FOR-US: Symantec Gateway Security
CVE-2004-0187
	REJECTED
CVE-2004-0184 (Integer underflow in the isakmp_id_print for TCPDUMP 3.8.1 and earlier ...)
	{DSA-478}
	- tcpdump 3.7.2-4
CVE-2004-0183 (TCPDUMP 3.8.1 and earlier allows remote attackers to cause a denial of ...)
	{DSA-478}
	- tcpdump 3.7.2-4
CVE-2004-0182 (Mailman before 2.0.13 allows remote attackers to cause a denial of ...)
	- mailman <not-affected> (RedHat specific bug)
CVE-2004-0181 (The JFS file system code in Linux 2.4.x has an information leak in ...)
	- kernel-source-2.4.27 <not-affected> (Fixed before upload into archive; 2.4.26-pre5)
CVE-2004-0180 (The client for CVS before 1.11 allows a remote malicious CVS server to ...)
	{DSA-486}
	- cvs 1:1.12.5-4 (medium)
CVE-2004-0179 (Multiple format string vulnerabilities in (1) neon 0.24.4 and earlier, ...)
	{DSA-487}
	- neon 0.24.5-1
CVE-2004-0178 (The OSS code for the Sound Blaster (sb16) driver in Linux 2.4.x before ...)
	{DSA-495 DSA-491 DSA-489 DSA-482 DSA-481 DSA-480 DSA-479}
	- linux-2.6 <not-affected> (fixed before first upload; 2.6.8)
	- kernel-source-2.4.27 <not-affected> (Fixed before upload into archive; 2.4.26-pre3)
CVE-2004-0177 (The ext3 code in Linux 2.4.x before 2.4.26 does not properly ...)
	{DSA-495 DSA-491 DSA-489 DSA-482 DSA-481 DSA-480 DSA-479}
	- linux-2.6 <not-affected> (fixed before first upload; 2.6.8)
	- kernel-source-2.4.27 <not-affected> (Fixed before upload into archive; 2.4.26-pre4)
CVE-2004-0176 (Multiple buffer overflows in Ethereal 0.8.13 to 0.10.2 allow remote ...)
	{DSA-511}
	- ethereal 0.10.3-1 (bug #239576)
CVE-2004-0175 (Directory traversal vulnerability in scp for OpenSSH before 3.4p1 ...)
	{CVE-2000-0992}
	- openssh 1:3.9p1-1 (low; bug #270770)
	[sarge] - openssh <no-dsa> (Minor issue)
	NOTE: The directory traversal part has been fixed in OpenSSH 3.9p1.
	NOTE: The "SUID/SGID across trust boundaries" issue remains, but is
	NOTE: largely theoretic.  This is a rediscovery of CVE-2000-0992.
	NOTE: jmm: 3.9p1 thus marked as fixed version
CVE-2004-0174 (Apache 1.4.x before 1.3.30, and 2.0.x before 2.0.49, when using ...)
	- apache 1.3.29.0.2-5
CVE-2004-0172 (Heap-based buffer overflow in the search_for_command function of ...)
	- ltrace <not-affected> (Not setuid/setgid in Debian)
CVE-2004-0170
	RESERVED
CVE-2004-0168 (Unknown vulnerability in CoreFoundation for Mac OS X 10.3.2, related ...)
	NOT-FOR-US: CoreFoundation for Mac OS X
CVE-2004-0166 (Unknown vulnerability in Safari web browser for Mac OS X 10.2.8 ...)
	NOT-FOR-US: Safari
CVE-2004-0164 (KAME IKE daemon (racoon) does not properly handle hash values, which ...)
	- ipsec-tools 0.3.3-1
	NOTE: not mentioned in the changelog, so I don't know which version exactly fixes
	NOTE: the problem, but the patch that fixes the bug is applied:
	NOTE: http://marc.theaimsgroup.com/?l=bugtraq&m=107411758202662&w=2
CVE-2004-0163 (Sygate Secure Enterprise (SSE) 3.5MR3 and earlier does not change the ...)
	NOT-FOR-US: Sygate Secure Enterprise
CVE-2004-0162 (Multiple content security gateway and antivirus products allow remote ...)
	NOT-FOR-US: general MIME bug with security gateways
CVE-2004-0161 (Multiple content security gateway and antivirus products allow remote ...)
	NOT-FOR-US: general MIME bug with security gateways
CVE-2004-0158 (Buffer overflow in lbreakout2 allows local users to gain 'games' group ...)
	{DSA-445}
	- lbreakout2 2.4
CVE-2004-0157 (x11.c in xonix 1.4 and earlier uses the current working directory to ...)
	{DSA-484}
	- xonix 1.4-21
CVE-2004-0156 (Format string vulnerabilities in the (1) die or (2) log_event ...)
	{DSA-485}
	- ssmtp 2.60.7
CVE-2004-0155 (The KAME IKE Daemon Racoon, when authenticating a peer during Phase 1, ...)
	- ipsec-tools 0.2.5-2
CVE-2004-0154 (rpc.mountd in nfs-utils after 1.0.3 and before 1.0.6 allows attackers ...)
	- nfs-utils 1:1.0.5-3
CVE-2004-0153 (Multiple format string vulnerabilities in emil 2.1.0 and earlier may ...)
	{DSA-468}
	- emil 2.1.0-beta9-14
CVE-2004-0152 (Multiple stack-based buffer overflows in (1) the encode_mime function, ...)
	{DSA-468}
	- emil 2.1.0-beta9-14
CVE-2004-0151 (Unknown vulnerability in xitalk 1.1.11 and earlier allows local users ...)
	{DSA-462}
	- xitalk 1.1.11-11
CVE-2004-0149 (Multiple buffer overflows in xboing before 2.4 allow local users to ...)
	{DSA-451}
	- xboing 2.4-26.1 (bug #174924)
CVE-2004-0147
	RESERVED
CVE-2004-0146
	RESERVED
CVE-2004-0145
	RESERVED
CVE-2004-0144
	RESERVED
CVE-2004-0143 (Multiple vulnerabilities in Nokia 6310(i) Mobile phones allow remote ...)
	NOT-FOR-US: Nokia mobile phones
CVE-2004-0142
	RESERVED
CVE-2004-0141
	RESERVED
CVE-2004-0140
	RESERVED
CVE-2004-0139 (Unknown vulnerability in the bsd.a kernel networking for SGI IRIX ...)
	NOT-FOR-US: SGI IRIX
CVE-2004-0138 (The ELF loader in Linux kernel 2.4 before 2.4.25 allows local users to ...)
	{DSA-1082-1 DSA-1070-1 DSA-1069-1 DSA-1067-1}
	- linux-2.6 <not-affected> (fixed before first upload)
CVE-2004-0137 (Unknown vulnerability in init for IRIX 6.5.20 through 6.5.24 allows ...)
	NOT-FOR-US: IRIX init
CVE-2004-0136 (The mapelf32exec function call in IRIX 6.5.20 through 6.5.24 allows ...)
	NOT-FOR-US: IRIX
CVE-2004-0135 (The syssgi SGI_IOPROBE system call in IRIX 6.5.20 through 6.5.24 ...)
	NOT-FOR-US: IRIX
CVE-2004-0134 (cpr (libcpr) in SGI IRIX before 6.5.25 allows local users to gain ...)
	NOT-FOR-US: IRIX
CVE-2004-0133 (The XFS file system code in Linux 2.4.x has an information leak in ...)
	- kernel-source-2.4.27 <not-affected> (Fixed before upload into archive; 2.4.26-rc2)
	- linux-2.6 <not-affected> (fixed before first upload; 2.6.5)
CVE-2004-0132 (Multiple PHP remote file inclusion vulnerabilities in ezContents 2.0.2 ...)
	NOT-FOR-US: ezContents
CVE-2004-0130 (login.php in phpGedView 2.65 and earlier allows remote attackers to ...)
	NOT-FOR-US: phpGedView
CVE-2004-0127 (Directory traversal vulnerability in editconfig_gedcom.php for ...)
	NOT-FOR-US: phpGedView
CVE-2004-0125 (The jail system call in FreeBSD 4.x before 4.10-RELEASE does not ...)
	NOT-FOR-US: FreeBSD jail
CVE-2004-0124 (The DCOM RPC interface for Microsoft Windows NT 4.0, 2000, XP, and ...)
	NOT-FOR-US: Windows bug
CVE-2004-0123 (Double free vulnerability in the ASN.1 library as used in Windows NT ...)
	NOT-FOR-US: Windows bug
CVE-2004-0120 (The Microsoft Secure Sockets Layer (SSL) library, as used in Windows ...)
	NOT-FOR-US: Windows bug
CVE-2004-0119 (The Negotiate Security Software Provider (SSP) interface in Windows ...)
	NOT-FOR-US: Windows bug
CVE-2004-0118 (The component for the Virtual DOS Machine (VDM) subsystem in Windows ...)
	NOT-FOR-US: Windows bug
CVE-2004-0117 (Unknown vulnerability in the H.323 protocol implementation in Windows ...)
	NOT-FOR-US: Windows bug
CVE-2004-0116 (An Activation function in the RPCSS Service involved with DCOM ...)
	NOT-FOR-US: Windows bug
CVE-2004-0112 (The SSL/TLS handshaking code in OpenSSL 0.9.7a, 0.9.7b, and 0.9.7c, ...)
	- openssl 0.9.7d-1
CVE-2004-0110 (Buffer overflow in the (1) nanohttp or (2) nanoftp modules in XMLSoft ...)
	{DSA-455}
	- libxml 1:1.8.17-5
	- libxml2 2.6.6-1
CVE-2004-0109 (Buffer overflow in the ISO9660 file system component for Linux kernel ...)
	{DSA-495 DSA-491 DSA-489 DSA-482 DSA-481 DSA-480 DSA-479}
	- kernel-source-2.4.27 <not-affected> (Fixed before upload into archive; 2.4.26-rc4)
	- linux-2.6 <not-affected> (fixed before first upload; 2.6.6)
CVE-2004-0107 (The (1) post and (2) trigger scripts in sysstat 4.0.7 and earlier ...)
	- sysstat 5.0.2-1
CVE-2004-0106 (Multiple unknown vulnerabilities in XFree86 4.1.0 to 4.3.0, related to ...)
	{DSA-443}
	- xfree86 4.3.0-2
CVE-2004-0105 (Multiple buffer overflows in Metamail 2.7 and earlier allow remote ...)
	{DSA-449}
	- metamail 2.7-45.2
CVE-2004-0104 (Multiple format string vulnerabilities in Metamail 2.7 and earlier ...)
	{DSA-449}
	- metamail 2.7-45.2
CVE-2004-0103 (crawl before 4.0.0 beta23 does not properly &quot;apply a size check&quot; when ...)
	{DSA-432}
	- crawl 1:4.0.0beta26-4
CVE-2004-0102
	RESERVED
CVE-2004-0101
	RESERVED
CVE-2004-0100
	RESERVED
CVE-2004-0098
	RESERVED
CVE-2004-0097 (Multiple vulnerabilities in PWLib before 1.6.0 allow remote attackers ...)
	{DSA-448}
	- pwlib 1.5.2-4
CVE-2004-0092 (Unknown vulnerability in Safari web browser in Mac OS X 10.2.8 and ...)
	NOT-FOR-US: Safari
CVE-2004-0091 (** DISPUTED ** ...)
	NOT-FOR-US: vBulletin
CVE-2004-0090 (Unknown vulnerability in Windows File Sharing for Mac OS X 10.1.5 ...)
	NOT-FOR-US: MacOS
CVE-2004-0088 (The System Configuration subsystem in Mac OS 10.2.8 allows local users ...)
	NOT-FOR-US: MacOS
CVE-2004-0087 (The System Configuration subsystem in Mac OS 10.2.8 and 10.3.2 allows ...)
	NOT-FOR-US: MacOS
CVE-2004-0086 (Unknown vulnerability in the Mail application for Mac OS X 10.3.2 has ...)
	NOT-FOR-US: MacOS
CVE-2004-0085 (Unknown vulnerability in the Mail application for Mac OS X 10.1.5 and ...)
	NOT-FOR-US: MacOS
CVE-2004-0084 (Buffer overflow in the ReadFontAlias function in XFree86 4.1.0 to ...)
	{DSA-443}
	- xfree86 4.3.0-2
CVE-2004-0083 (Buffer overflow in ReadFontAlias from dirfile.c of XFree86 4.1.0 ...)
	{DSA-443}
	- xfree86 4.3.0-2
CVE-2004-0081 (OpenSSL 0.9.6 before 0.9.6d does not properly handle unknown message ...)
	{DSA-465}
	- openssl 0.9.6d-1
CVE-2004-0079 (The do_change_cipher_spec function in OpenSSL 0.9.6c to 0.9.6k, and ...)
	{DSA-465}
	- openssl 0.9.7d-1
	- openssl096 0.9.6m-1
CVE-2004-0076
	REJECTED
CVE-2004-0074 (Multiple buffer overflows in xsok 1.02 allows local users to gain ...)
	- xsok <not-affected> (Not vulnerable. See bug #278777)
CVE-2004-0073 (PHP remote file inclusion vulnerability in (1) config.php and (2) ...)
	NOT-FOR-US: EasyDynamicPages
CVE-2004-0072 (Directory traversal vulnerability in Accipiter Direct Server 6.0 ...)
	NOT-FOR-US: Accipiter Direct Server 6.0
CVE-2004-0071 (Directory traversal vulnerability in buildManPage in ...)
	NOT-FOR-US: PHP Man Page Lookup 1.2.0
CVE-2004-0069 (Format string vulnerability in HD Soft Windows FTP Server 1.6 and ...)
	NOT-FOR-US: HD Soft Windows FTP Server 1.6
CVE-2004-0067 (Multiple cross-site scripting (XSS) vulnerabilities in phpGedView ...)
	NOT-FOR-US: phpGedView
CVE-2004-0066 (phpGedView before 2.65 allows remote attackers to obtain the absolute ...)
	NOT-FOR-US: phpGedView
CVE-2004-0065 (Multiple SQL injection vulnerabilities in phpGedView before 2.65 allow ...)
	NOT-FOR-US: phpGedView
CVE-2004-0064 (The SuSEconfig.gnome-filesystem script for YaST in SuSE 9.0 allows ...)
	NOT-FOR-US: SuSE YaST
CVE-2004-0062 (Integer overflow in the rnd arithmetic rounding function for various ...)
	NOT-FOR-US: FishCart
CVE-2004-0061 (WWW File Share Pro 2.42 and earlier allows remote attackers to bypass ...)
	NOT-FOR-US: WWW File Share Pro 2.42
CVE-2004-0060 (WWW File Share Pro 2.42 and earlier allows remote attackers to cause a ...)
	NOT-FOR-US: WWW File Share Pro 2.42
CVE-2004-0059 (Directory traversal vulnerability in upload capability of WWW File ...)
	NOT-FOR-US: WWW File Share Pro 2.42
CVE-2004-0058 (Antivir / Linux 2.0.9-9, and possibly earlier versions, allows local ...)
	NOT-FOR-US: Antivir
CVE-2004-0057 (The rawprint function in the ISAKMP decoding routines (print-isakmp.c) ...)
	{DSA-425}
	- tcpdump 3.8.3-1
	NOTE: Upstream version 3.8.3 is fixed; may have been fixed earlier.
CVE-2004-0056 (Multiple vulnerabilities in the H.323 protocol implementation for ...)
	NOT-FOR-US: Nortel Networks products
CVE-2004-0055 (The print_attr_string function in print-radius.c for tcpdump 3.8.1 and ...)
	{DSA-425}
	- tcpdump 3.8.3-1
	NOTE: Upstream version 3.8.3 is fixed; may have been fixed earlier.
CVE-2004-0054 (Multiple vulnerabilities in the H.323 protocol implementation for ...)
	NOT-FOR-US: Cisco
CVE-2004-0053 (Multiple content security gateway and antivirus products allow remote ...)
	NOT-FOR-US: Multiple security gateways MIME parsing stuff
CVE-2004-0052 (Multiple content security gateway and antivirus products allow remote ...)
	NOT-FOR-US: Multiple security gateways MIME parsing stuff
CVE-2004-0051 (Multiple content security gateway and antivirus products allow remote ...)
	NOT-FOR-US: Multiple security gateways MIME parsing stuff
CVE-2004-0050 (Verity Ultraseek before 5.2.2 allows remote attackers to obtain the ...)
	NOT-FOR-US: Verity Ultraseek
CVE-2004-0048
	RESERVED
CVE-2004-0047 (Multiple programs in trr19 1.0 do not properly drop privileges before ...)
	{DSA-430}
	- trr19 1.0beta5-17.1 (bug #264702)
CVE-2004-0046 (Cross-site scripting (XSS) vulnerability in SnapStream PVS LITE allows ...)
	NOT-FOR-US: SnapStream PVS LITE
CVE-2004-0043 (Buffer overflow in Yahoo Instant Messenger 5.6.0.1351 and earlier ...)
	NOT-FOR-US: Yahoo Instant Messenger
CVE-2004-0042 (vsftpd 1.1.3 generates different error messages depending on whether ...)
	- vsftpd 2.0.1-1
	NOTE: can't find any mention of the bug being fixed, but vsftpd doesn't
	NOTE: show the beaviour described in http://www.securitytracker.com/alerts/2004/Jan/1008628.html
CVE-2004-0041 (The mod_auth_shadow module 1.4 and earlier does not properly enforce ...)
	{DSA-421}
	- mod-auth-shadow 1.4-1
CVE-2004-0039 (Multiple format string vulnerabilities in HTTP Application ...)
	NOT-FOR-US: Check Point Firewall
CVE-2004-0038 (McAfee ePolicy Orchestrator (ePO) 2.5.1 Patch 13 and 3.0 SP2a Patch 3 ...)
	NOT-FOR-US: McAfee
CVE-2004-0037 (FirstClass Desktop Client 7.1 allows remote attackers to execute ...)
	NOT-FOR-US: FistClass Desktop Client
CVE-2004-0034 (Multiple cross-site scripting (XSS) vulnerabilities in Phorum 3.4.5 ...)
	NOT-FOR-US: Phorum
CVE-2004-0030 (PHP remote file inclusion vulnerability in (1) functions.php, (2) ...)
	NOT-FOR-US: PHPGEDVIEW
CVE-2004-0029 (Lotus Notes Domino 6.0.2 on Linux installs the notes.ini configuration ...)
	NOT-FOR-US: Lotus Notes Domino
CVE-2004-0027
	RESERVED
CVE-2004-0026
	RESERVED
CVE-2004-0025
	RESERVED
CVE-2004-0024
	RESERVED
CVE-2004-0023
	RESERVED
CVE-2004-0022
	RESERVED
CVE-2004-0021
	RESERVED
CVE-2004-0020
	RESERVED
CVE-2004-0019
	RESERVED
CVE-2004-0018
	RESERVED
CVE-2004-0017 (Multiple SQL injection vulnerabilities in the (1) calendar and (2) ...)
	{DSA-419}
	- phpgroupware 0.9.14.007-4
CVE-2004-0014 (Multiple buffer overflows in the nd WebDAV interface 0.8.2 and earlier ...)
	{DSA-412}
	- nd 0.8.2-1
CVE-2004-0012
	RESERVED
CVE-2004-0010 (Stack-based buffer overflow in the ncp_lookup function for ncpfs in ...)
	{DSA-495 DSA-491 DSA-489 DSA-482 DSA-481 DSA-480 DSA-479}
	- kernel-source-2.4.27 <not-affected> (Fixed before upload into archive; 2.4.25-pre7)
CVE-2004-0008 (Integer overflow in Gaim 0.74 and earlier, and Ultramagnetic before ...)
	{DSA-434}
	- gaim 1:0.75-2
CVE-2004-0007 (Buffer overflow in the Extract Info Field Function for (1) MSN and (2) ...)
	{DSA-434}
	- gaim 1:0.75-2
CVE-2004-0006 (Multiple buffer overflows in Gaim 0.75 and earlier, and Ultramagnetic ...)
	{DSA-434}
	- gaim 1:0.75-2
CVE-2004-0005 (Multiple buffer overflows in Gaim 0.75 allow remote attackers to cause ...)
	{DSA-434}
	- gaim 1:0.75-2
CVE-2004-0003 (Unknown vulnerability in Linux kernel before 2.4.22 allows local users ...)
	{DSA-495 DSA-491 DSA-489 DSA-482 DSA-481 DSA-480 DSA-479}
	- kernel-source-2.4.27 <not-affected> (Fixed before upload into archive; 2.4.26-rc4)
CVE-2004-0002 (The TCP MSS (maximum segment size) functionality in netinet allows ...)
	NOT-FOR-US: FreeBSD netinet
CVE-2003-1565
	REJECTED
CVE-2003-1052 (IBM DB2 7.1 and 8.1 allow the bin user to gain root privileges by ...)
	NOT-FOR-US: IBM DB2
CVE-2003-1051 (Multiple format string vulnerabilities in IBM DB2 Universal Database ...)
	NOT-FOR-US: IBM DB2
CVE-2003-1050 (Multiple buffer overflows in IBM DB2 Universal Database 8.1 may allow ...)
	NOT-FOR-US: IBM DB2
CVE-2003-1049 (IBM DB2 Universal Database 7 before FixPak 12 creates certain DMS ...)
	NOT-FOR-US: IBM DB2
CVE-2003-1048 (Double free vulnerability in mshtml.dll for certain versions of ...)
	NOT-FOR-US: microsoft
CVE-2003-1047
	REJECTED
CVE-2003-1046 (describecomponents.cgi in Bugzilla 2.17.3 and 2.17.4 does not properly ...)
	- bugzilla 2.16.4-1
CVE-2003-1045 (votes.cgi in Bugzilla 2.16.3 and earlier, and 2.17.1 through 2.17.4, ...)
	- bugzilla 2.16.4-1
CVE-2003-1044 (editproducts.cgi in Bugzilla 2.16.3 and earlier, when usebuggroups is ...)
	- bugzilla 2.16.4-1
CVE-2003-1043 (SQL injection vulnerability in Bugzilla 2.16.3 and earlier, and 2.17.1 ...)
	- bugzilla 2.16.4-1
CVE-2003-1042 (SQL injection vulnerability in collectstats.pl for Bugzilla 2.16.3 and ...)
	- bugzilla 2.16.4-1
CVE-2003-1041 (Internet Explorer 5.x and 6.0 allows remote attackers to execute ...)
	NOT-FOR-US: microsoft
CVE-2003-1040 (kmod in the Linux kernel does not set its uid, suid, gid, or sgid to ...)
	NOTE: linux kernel kmod local DoS, fixed in all current kernels
CVE-2003-1039 (Multiple buffer overflows in the mySAP.com architecture for SAP allow ...)
	NOT-FOR-US: SAP
CVE-2003-1038 (The AGate component for SAP Internet Transaction Server (ITS) allows ...)
	NOT-FOR-US: SAP
CVE-2003-1037 (Format string vulnerability in the WGate component for SAP Internet ...)
	NOT-FOR-US: SAP
CVE-2003-1036 (Multiple buffer overflows in the AGate component for SAP Internet ...)
	NOT-FOR-US: SAP
CVE-2003-1035 (The default installation of SAP R/3 46C/D allows remote attackers to ...)
	NOT-FOR-US: SAP
CVE-2003-1034 (The RPM installation of SAP DB 7.x creates the (1) dbmsrv or (2) ...)
	NOT-FOR-US: SAP
CVE-2003-1033 (The (1) instdbmsrv and (2) instlserver programs in SAP DB Development ...)
	NOT-FOR-US: SAP
CVE-2003-1032 (Pi3Web web server 2.0.2 Beta 1, when the Directory Index is configured ...)
	NOT-FOR-US: Pi3Web not in debian
CVE-2003-1031 (Cross-site scripting (XSS) vulnerability in register.php for vBulletin ...)
	NOT-FOR-US: VBulletin
CVE-2003-1030 (Buffer overflow in DameWare Mini Remote Control before 3.73 allows ...)
	NOT-FOR-US: Dameware
CVE-2003-1029 (The L2TP protocol parser in tcpdump 3.8.1 and earlier allows remote ...)
	{DSA-425}
	- tcpdump 3.8.3-1
	NOTE: Upstream version 3.8.3 is fixed; may have been fixed earlier.
CVE-2003-1028 (The download function of Internet Explorer 6 SP1 allows remote ...)
	NOT-FOR-US: microsoft
CVE-2003-1027 (Internet Explorer 5.01 through 6 SP1 allows remote attackers to direct ...)
	NOT-FOR-US: microsoft
CVE-2003-1026 (Internet Explorer 5.01 through 6 SP1 allows remote attackers to bypass ...)
	NOT-FOR-US: microsoft
CVE-2003-1025 (Internet Explorer 5.01 through 6 SP1 allows remote attackers to spoof ...)
	NOT-FOR-US: microsoft
CVE-2003-1024 (Unknown vulnerability in the ls-F builtin function in tcsh on Solaris ...)
	NOT-FOR-US: solaris
CVE-2003-1023 (Stack-based buffer overflow in vfs_s_resolve_symlink of vfs/direntry.c ...)
	{DSA-424}
	- mc 1:4.6.0-4.6.1-pre1-1
CVE-2003-1021 (The scosession program in OpenServer 5.0.6 and 5.0.7 allows local ...)
	NOT-FOR-US: SCO
CVE-2003-1020 (The format_send_to_gui function in formats.c for irssi before 0.8.9 ...)
	- irssi-text 0.8.9-0.1
CVE-2003-1019
	RESERVED
CVE-2003-1018 (Format string vulnerability in enq command in AIX 4.3, 5.1, and 5.2 ...)
	NOT-FOR-US: AIX
CVE-2003-1017 (Macromedia Flash Player before 7,0,19,0 stores a Flash data file in a ...)
	- flashplugin-nonfree 7.0.25-1
CVE-2003-1016 (Multiple content security gateway and antivirus products allow remote ...)
	NOTE: Multiple vendor MIME quote bypass filtering
CVE-2003-1015 (Multiple content security gateway and antivirus products allow remote ...)
	- mime-tools 5.411-2
CVE-2003-1014 (Multiple content security gateway and antivirus products allow remote ...)
	NOTE: Multiple vendor MIME RFC822 comment bypass filtering
CVE-2003-1013 (The Q.931 dissector in Ethereal before 0.10.0, and Tethereal, allows ...)
	{DSA-407}
	- ethereal 0.10.0-1
CVE-2003-1012 (The SMB dissector in Ethereal before 0.10.0 allows remote attackers to ...)
	{DSA-407}
	- ethereal 0.10.0-1
CVE-2003-1011 (Apple Mac OS X 10.0 through 10.2.8 allows local users with a USB ...)
	NOT-FOR-US: Apple
CVE-2003-1010 (Unknown vulnerability in fs_usage in Mac OS X 10.2.8 and 10.3.2 and ...)
	NOT-FOR-US: Apple
CVE-2003-1009 (Directory Services in Apple Mac OS X 10.0.2, 10.0.3, 10.2.8, 10.3.2 ...)
	NOT-FOR-US: Apple
CVE-2003-1008 (Unknown vulnerability in Mac OS X 10.2.8 and 10.3.2 allows local users ...)
	NOT-FOR-US: Apple
CVE-2003-1007 (AppleFileServer (AFS) in Apple Mac OS X 10.2.8 and 10.3.2 does not ...)
	NOT-FOR-US: Apple
CVE-2003-1006 (Buffer overflow in cd9660.util in Apple Mac OS X 10.0 through 10.3.2 ...)
	NOT-FOR-US: Apple
CVE-2003-1005 (The PKI functionality in Mac OS X 10.2.8 and 10.3.2 allows remote ...)
	NOT-FOR-US: Apple
CVE-2003-1004 (Cisco PIX firewall 6.2.x through 6.2.3, when configured as a VPN ...)
	NOT-FOR-US: Cisco
CVE-2003-1003 (Cisco PIX firewall 5.x.x, and 6.3.1 and earlier, allows remote ...)
	NOT-FOR-US: Cisco
CVE-2003-1002 (Cisco Firewall Services Module (FWSM) in Cisco Catalyst 6500 and 7600 ...)
	NOT-FOR-US: Cisco
CVE-2003-1001 (Buffer overflow in the Cisco Firewall Services Module (FWSM) in Cisco ...)
	NOT-FOR-US: Cisco
CVE-2003-1000 (xchat 2.0.6 allows remote attackers to cause a denial of service ...)
	- xchat 2.0.7
CVE-2003-0999 (Unknown multiple vulnerabilities in (1) lpstat and (2) the libprint ...)
	NOT-FOR-US: Solaris
CVE-2003-0998 (Unknown &quot;potential system security vulnerability&quot; in Computer ...)
	NOT-FOR-US: Computer Associates (CA) Unicenter Remote Control
CVE-2003-0997 (Unknown &quot;Denial of Service Attack&quot; vulnerability in Computer ...)
	NOT-FOR-US: Computer Associates (CA) Unicenter Remote Control
CVE-2003-0995 (Buffer overflow in the Microsoft Message Queue Manager (MSQM) allows ...)
	NOT-FOR-US: Microsoft
CVE-2003-0992 (Cross-site scripting (XSS) vulnerability in the create CGI script for ...)
	- mailman 2.1.3
CVE-2003-0990 (The parseAddress code in (1) SquirrelMail 1.4.0 and (2) GPG Plugin 1.1 ...)
	- squirrelmail 1.4.2 (low)
	NOTE: Only potentially exploitable withexternel GPG Plugin, see
	NOTE: http://www.securityfocus.com/archive/1/348366
	NOTE: The potential problems have been fixed as of 1.4.2
CVE-2003-0989 (tcpdump before 3.8.1 allows remote attackers to cause a denial of ...)
	{DSA-425}
	- tcpdump 3.8.1
CVE-2003-0987 (mod_digest for Apache before 1.3.31 does not properly verify the nonce ...)
	- apache 1.3.29.0.2-5
CVE-2003-0986 (Various routines for the ppc64 architecture on Linux kernel 2.6 prior ...)
	- kernel-source-2.4.27 <not-affected> (Fixed before initial upload; 2.4.24)
	- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.2)
CVE-2003-0984 (Real time clock (RTC) routines in Linux kernel 2.4.23 and earlier do ...)
	{DSA-1082-1 DSA-1070-1 DSA-1069-1 DSA-1067-1}
	- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.2)
	- kernel-source-2.4.27 <not-affected> (Fixed before upload into archive; 2.4.24-rc1)
CVE-2003-0983 (Cisco Unity on IBM servers is shipped with default settings that ...)
	NOT-FOR-US: Cisco
CVE-2003-0982 (Buffer overflow in the authentication module for Cisco ACNS 4.x before ...)
	NOT-FOR-US: Cisco
CVE-2003-0981 (FreeScripts VisitorBook LE (visitorbook.pl) logs the reverse DNS name ...)
	NOT-FOR-US: visitorbook.pl
CVE-2003-0980 (Cross-site scripting (XSS) vulnerability in FreeScripts VisitorBook LE ...)
	NOT-FOR-US: visitorbook.pl
CVE-2003-0979 (FreeScripts VisitorBook LE (visitorbook.pl) does not properly escape ...)
	NOT-FOR-US: visitorbook.pl
CVE-2003-0978 (Format string vulnerability in gpgkeys_hkp (experimental HKP ...)
	NOT-FOR-US: gpgkeys_hkp
CVE-2003-0977 (CVS server before 1.11.10 may allow attackers to cause the CVS server ...)
	- cvs 1:1.11.10
CVE-2003-0976 (NFS Server (XNFS.NLM) for Novell NetWare 6.5 does not properly enforce ...)
	NOT-FOR-US: netware
CVE-2003-0975 (Apple Safari 1.0 through 1.1 on Mac OS X 10.3.1 and Mac OS X 10.2.8 ...)
	NOT-FOR-US: MacOS
CVE-2003-0974 (Applied Watch Command Center allows remote attackers to conduct ...)
	NOT-FOR-US: Applied Watch Command Center
CVE-2003-0973 (Unknown vulnerability in mod_python 3.0.x before 3.0.4, and 2.7.x ...)
	{DSA-452}
	- libapache-mod-python 2:2.7.10-1
CVE-2003-0972 (Integer signedness error in ansi.c for GNU screen 4.0.1 and earlier, ...)
	{DSA-408}
	- screen 4.0.2-0.1
CVE-2003-0971 (GnuPG (GPG) 1.0.2, and other versions up to 1.2.3, creates ElGamal ...)
	{DSA-429}
	- gnupg 1.2.4-1
CVE-2003-0970 (The Network Management Port on Sun Fire B1600 systems allows remote ...)
	NOT-FOR-US: Sun Fire B1600
CVE-2003-0968 (Stack-based buffer overflow in SMB_Logon_Server of the rlm_smb ...)
	- freeradius 1.0.1 (unimportant)
	NOTE: freeradius module in question is not built in debian package
CVE-2003-0967 (rad_decode in FreeRADIUS 0.9.2 and earlier allows remote attackers to ...)
	- freeradius 0.9.2-4
CVE-2003-0996 (Unknown &quot;System Security Vulnerability&quot; in Computer Associates (CA) ...)
	NOT-FOR-US: Computer Associates (CA) Unicenter Remote Control
CVE-2003-0965 (Cross-site scripting (XSS) vulnerability in the admin CGI script for ...)
	{DSA-436}
	- mailman 2.1.4-1
CVE-2003-0964
	REJECTED
CVE-2003-0963 (Buffer overflows in (1) try_netscape_proxy and (2) try_squid_eplf for ...)
	{DSA-406}
	- lftp 2.6.10-1
CVE-2003-0962 (Heap-based buffer overflow in rsync before 2.5.7, when running in ...)
	{DSA-404}
	- rsync 2.5.6-1.1
CVE-2003-0961 (Integer overflow in the do_brk function for the brk system call in ...)
	{DSA-475 DSA-470 DSA-450 DSA-442 DSA-440 DSA-439 DSA-433 DSA-423 DSA-417 DSA-403}
	- kernel-source-2.4.27 <not-affected> (Fixed before initial upload; 2.4.23-pre7)
CVE-2003-0960 (OpenCA before 0.9.1.4 does not use the correct certificate in a chain ...)
	NOT-FOR-US: OpenCA
CVE-2003-0959 (Multiple integer overflows in the 32bit emulation for AMD64 ...)
	- kernel-source-2.4.27 <not-affected> (Fixed before initial upload; 2.4.21)
CVE-2003-0958
	RESERVED
CVE-2003-0957
	RESERVED
CVE-2003-0956 (Multiple race conditions in the handling of O_DIRECT in Linux kernel ...)
	- kernel-source-2.4.27 <not-affected> (Fixed before initial upload; 2.4.22)
CVE-2003-0955 (OpenBSD kernel 3.3 and 3.4 allows local users to cause a denial of ...)
	NOT-FOR-US: OpenBSD
CVE-2003-0954 (Buffer overflow in rcp for AIX 4.3.3, 5.1 and 5.2 allows local users ...)
	NOT-FOR-US: rcp
CVE-2003-0953
	RESERVED
CVE-2003-0952
	RESERVED
CVE-2003-0951 (Partition Manager (parmgr) in HP-UX B.11.23 does not properly validate ...)
	NOT-FOR-US: HP-UX
CVE-2003-0950 (PeopleSoft PeopleTools 8.1x, 8.2x, and 8.4x allows remote attackers to ...)
	NOT-FOR-US: PeopleSoft PeopleTools
CVE-2003-0949 (xsok 1.02 does not properly drop privileges before finding and ...)
	{DSA-405}
	- xsok 1.02-11
CVE-2003-0948 (Buffer overflow in iwconfig allows local users to execute arbitrary ...)
	- wireless-tools <not-affected> (iwconfig not setuid/setgid in Debian)
CVE-2003-0947 (Buffer overflow in iwconfig, when installed setuid, allows local users ...)
	- wireless-tools <not-affected> (iwconfig not setuid/setgid in Debian)
CVE-2003-0946 (Format string vulnerability in clamav-milter for Clam AntiVirus 0.60 ...)
	- clamav 0.65
CVE-2003-0945 (The Web Database Manager in web-tools for SAP DB before 7.4.03.30 ...)
	NOT-FOR-US: Web Database Manager in web-tools for SAP DB
CVE-2003-0944 (Buffer overflow in the WAECHO default service in web-tools in SAP DB ...)
	NOT-FOR-US: Web Database Manager in web-tools for SAP DB
CVE-2003-0943 (web-tools in SAP DB before 7.4.03.30 installs several services that ...)
	NOT-FOR-US: Web Database Manager in web-tools for SAP DB
CVE-2003-0942 (Buffer overflow in Web Agent Administration service in web-tools for ...)
	NOT-FOR-US: Web Database Manager in web-tools for SAP DB
CVE-2003-0941 (web-tools in SAP DB before 7.4.03.30 allows remote attackers to access ...)
	NOT-FOR-US: Web Database Manager in web-tools for SAP DB
CVE-2003-0940 (Directory traversal vulnerability in sqlfopenc for web-tools in SAP DB ...)
	NOT-FOR-US: Web Database Manager in web-tools for SAP DB
CVE-2003-0939 (eo420_GetStringFromVarPart in veo420.c for SAP database server (SAP DB) ...)
	NOT-FOR-US: SAP database server (SAP DB)
CVE-2003-0938 (vos24u.c in SAP database server (SAP DB) 7.4.03.27 and earlier allows ...)
	NOT-FOR-US: SAP database server (SAP DB)
CVE-2003-0937 (SCO UnixWare 7.1.1, 7.1.3, and Open UNIX 8.0.0 allows local users to ...)
	NOT-FOR-US: UnixWare
CVE-2003-0936 (Symantec PCAnywhere 10.x and 11, when started as a service, allows ...)
	NOT-FOR-US: PCAnywhere
CVE-2003-0935 (Net-SNMP before 5.0.9 allows a user or community to access data in MIB ...)
	- net-snmp 5.0.9
CVE-2003-0934 (Symbol Access Portable Data Terminal (PDT) 8100 does not hide the ...)
	NOT-FOR-US: Symbol Access Portable Data Terminal
CVE-2003-0933 (Buffer overflow in conquest 7.2 and earlier may allow a local user to ...)
	{DSA-398}
	- conquest 7.2-5
CVE-2003-0932 (Buffer overflow in omega-rpg 0.90 allows local users to execute ...)
	{DSA-400}
	- omega-rpg 1:0.90-pa9-11
CVE-2003-0931 (Sygate Enforcer 4.0 earlier allows remote attackers to cause a denial ...)
	NOT-FOR-US: Sygate Enforcer
CVE-2003-0930 (Clearswift MAILsweeper before 4.3.15 does not properly detect ...)
	NOT-FOR-US: Clearswift MAILsweeper
CVE-2003-0929 (Clearswift MAILsweeper before 4.3.15 does not properly detect and ...)
	NOT-FOR-US: Clearswift MAILsweeper
CVE-2003-0928 (Clearswift MAILsweeper before 4.3.15 does not properly detect and ...)
	NOT-FOR-US: Clearswift MAILsweeper
CVE-2003-0927 (Heap-based buffer overflow in Ethereal 0.9.15 and earlier allows ...)
	{DSA-407}
	- ethereal 0.9.16-0.1
CVE-2003-0926 (Ethereal 0.9.15 and earlier, and Tethereal, allows remote attackers to ...)
	{DSA-407}
	- ethereal 0.9.16-0.1
CVE-2003-0925 (Buffer overflow in Ethereal 0.9.15 and earlier allows remote attackers ...)
	{DSA-407}
	- ethereal 0.9.16-0.1
CVE-2003-0923
	RESERVED
CVE-2003-0922
	RESERVED
CVE-2003-0921
	RESERVED
CVE-2003-0920
	RESERVED
CVE-2003-0919
	RESERVED
CVE-2003-0918
	RESERVED
CVE-2003-0917
	RESERVED
CVE-2003-0916
	RESERVED
CVE-2003-0915
	RESERVED
CVE-2003-0914 (ISC BIND 8.3.x before 8.3.7, and 8.4.x before 8.4.3, allows remote ...)
	{DSA-409}
	- bind 1:8.4.3-1
CVE-2003-0913 (Unknown vulnerability in the Terminal application for Mac OS X 10.3 ...)
	NOT-FOR-US: MacOS
CVE-2003-0912
	RESERVED
CVE-2003-0911
	RESERVED
CVE-2003-0910 (The NtSetLdtEntries function in the programming interface for the ...)
	NOT-FOR-US: Windows
CVE-2003-0909 (Windows XP allows local users to execute arbitrary programs by ...)
	NOT-FOR-US: Windows
CVE-2003-0908 (The Utility Manager in Microsoft Windows 2000 executes winhlp32.exe ...)
	NOT-FOR-US: Windows
CVE-2003-0907 (Help and Support Center in Microsoft Windows XP SP1 does not properly ...)
	NOT-FOR-US: Windows
CVE-2003-0906 (Buffer overflow in the rendering for (1) Windows Metafile (WMF) or (2) ...)
	NOT-FOR-US: Windows
CVE-2003-0904 (Microsoft Exchange 2003 and Outlook Web Access (OWA), when configured ...)
	NOT-FOR-US: Windows
CVE-2003-0902 (Unknown vulnerability in minimalist mailing list manager 2.4, 2.2, and ...)
	{DSA-402}
	- minimalist 2.4-1
CVE-2003-0901 (Buffer overflow in to_ascii for PostgreSQL 7.2.x, and 7.3.x before ...)
	{DSA-397}
	- postgresql 7.3.4-1
	NOTE: 7.3.4-1 was uploaded to unstable in August 2003, well before the
	NOTE: DSA, that's why the DSA says that unstable is not affected.
CVE-2003-0900 (Perl 5.8.1 on Fedora Core does not properly initialize the random ...)
	- perl 5.8.2
CVE-2003-0899 (Buffer overflow in defang in libhttpd.c for thttpd 2.21 to 2.23b1 ...)
	{DSA-396}
	- thttpd 2.23beta1-2.3
CVE-2003-0898 (IBM DB2 7.2 before FixPak 10a, and earlier versions including 7.1, ...)
	NOT-FOR-US: IBM DB2
CVE-2003-0897 (&quot;Shatter&quot; vulnerability in CommCtl32.dll in Windows XP may allow local ...)
	NOT-FOR-US: microsoft
CVE-2003-0896 (The loadClass method of the sun.applet.AppletClassLoader class in the ...)
	NOT-FOR-US: Sun/Java
CVE-2003-0895 (Buffer overflow in the Mac OS X kernel 10.2.8 and earlier allows local ...)
	NOT-FOR-US: Apple
CVE-2003-0894 (Buffer overflow in the (1) oracle and (2) oracleO programs in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2003-0893
	RESERVED
CVE-2003-0892
	RESERVED
CVE-2003-0891
	RESERVED
CVE-2003-0890
	RESERVED
CVE-2003-0889
	RESERVED
CVE-2003-0888
	RESERVED
CVE-2003-0887 (ez-ipupdate 3.0.11b7 and earlier creates insecure temporary cache ...)
	NOTE: verified Debian is not explitable; we don't put the cache in /tmp
CVE-2003-0886 (Format string vulnerability in hfaxd for Hylafax 4.1.7 and earlier ...)
	{DSA-401}
	- hylafax 1:4.1.8-1
CVE-2003-0885 (Xscreensaver 4.14 contains certain debugging code that should have ...)
	- xscreensaver 4.15
CVE-2003-0884
	RESERVED
CVE-2003-0883 (The System Preferences capability in Mac OS X before 10.3 allows local ...)
	NOT-FOR-US: Apple
CVE-2003-0882 (Mac OS X before 10.3 initializes the TCP timestamp with a constant ...)
	NOT-FOR-US: Apple
CVE-2003-0881 (Mail in Mac OS X before 10.3, when configured to use MD5 Challenge ...)
	NOT-FOR-US: Apple
CVE-2003-0880 (Unknown vulnerability in Mac OS X before 10.3 allows local users to ...)
	NOT-FOR-US: Apple
CVE-2003-0879
	REJECTED
CVE-2003-0878 (slpd daemon in Mac OS X before 10.3 allows local users to overwrite ...)
	NOT-FOR-US: Apple
CVE-2003-0877 (Mac OS X before 10.3 with core files enabled allows local users to ...)
	NOT-FOR-US: Apple
CVE-2003-0876 (Finder in Mac OS X 10.2.8 and earlier sets global read/write/execute ...)
	NOT-FOR-US: Apple
CVE-2003-0875 (Symbolic link vulnerability in the slpd script slpd.all_init for ...)
	NOTE: Vulnerable code not shipped in the binary package
	- openslp 1.0.11a-1 (unimportant)
CVE-2003-0874 (Multiple SQL injection vulnerabilities in DeskPRO 1.1.0 and earlier ...)
	NOT-FOR-US: Deskpro
CVE-2003-0873
	RESERVED
CVE-2003-0872 (Certain scripts in OpenServer before 5.0.6 allow local users to ...)
	NOT-FOR-US: SCO
CVE-2003-0871 (Unknown vulnerability in QuickTime Java in Mac OS X v10.3 and Mac OS X ...)
	NOT-FOR-US: Apple
CVE-2003-0870 (Heap-based buffer overflow in Opera 7.11 and 7.20 allows remote ...)
	NOT-FOR-US: Opera
CVE-2003-0869
	RESERVED
CVE-2003-0868
	RESERVED
CVE-2003-0867
	REJECTED
CVE-2003-0866 (The Catalina org.apache.catalina.connector.http package in Tomcat ...)
	{DSA-395}
	- tomcat4 4.1.24-2
CVE-2003-0865 (Heap-based buffer overflow in readstring of httpget.c for mpg123 0.59r ...)
	{DSA-435}
	- mpg123 0.59r-15
CVE-2003-0864 (Buffer overflow in m_join in channel.c for IRCnet IRCD 2.10.x to ...)
	- ircd-irc2 2.10.3p5-1
CVE-2003-0863 (The php_check_safe_mode_include_dir function in fopen_wrappers.c of ...)
	NOTE: php4, this bug appears not to have been fixed.
	NOTE: submitted to BTS on libapache-mod-php4
	NOTE: developer claims there is no problem
CVE-2003-0862
	REJECTED
CVE-2003-0861 (Integer overflows in (1) base64_encode and (2) the GD library for PHP ...)
	- php4 4:4.3.3-1
CVE-2003-0860 (Buffer overflows in PHP before 4.3.3 have unknown impact and unknown ...)
	- php4 4:4.3.3-1
CVE-2003-0859 (The getifaddrs function in GNU libc (glibc) 2.2.4 and earlier allows ...)
	NOTE: affects glibc 2.2.4, Debian uses 2.3.2
CVE-2003-0858 (Zebra 0.93b and earlier, and quagga before 0.95, allows local users to ...)
	{DSA-415}
	- quagga 0.96.4x-4
CVE-2003-0857 (The (1) ipq_read and (2) ipulog_read functions in iptables allow local ...)
	NOT-FOR-US: Data predating security tracker
CVE-2003-0856 (iproute 2.4.7 and earlier allows local users to cause a denial of ...)
	{DSA-492}
	- iproute 20010824-13.1
CVE-2003-0855 (Pan 0.13.3 and earlier allows remote attackers to cause a denial of ...)
	- pan 0.13.4-1
CVE-2003-0854 (ls in the fileutils or coreutils packages allows local users to ...)
	- coreutils 5.2.1-1
CVE-2003-0853 (An integer overflow in ls in the fileutils or coreutils packages may ...)
	- coreutils 5.2.1-1
CVE-2003-0852 (Format string vulnerability in send_message.c for Sylpheed-claws 0.9.4 ...)
	- sylpheed-claws 0.9.8claws-1
CVE-2003-0851 (OpenSSL 0.9.6k allows remote attackers to cause a denial of service ...)
	- openssl096 0.9.6l
CVE-2003-0850 (The TCP reassembly functionality in libnids before 1.18 allows remote ...)
	{DSA-410}
	- libnids 1.18-1
CVE-2003-0849 (Buffer overflow in net.c for cfengine 2.x before 2.0.8 allows remote ...)
	- cfengine2 2.0.9+2.1.0b3-1
CVE-2003-0848 (Heap-based buffer overflow in main.c of slocate 2.6, and possibly ...)
	{DSA-428}
	- slocate 2.7-3
CVE-2003-0847 (SuSEconfig.susewm in the susewm package on SuSE Linux 8.2Pro allows ...)
	NOT-FOR-US: SuSE
CVE-2003-0846 (SuSEconfig.javarunt in the javarunt package on SuSE Linux 7.3Pro ...)
	NOT-FOR-US: SuSE
CVE-2003-0845 (Unknown vulnerability in the HSQLDB component in JBoss 3.2.1 and 3.0.8 ...)
	NOT-FOR-US: JBoss
CVE-2003-0844 (mod_gzip 1.3.26.1a and earlier, and possibly later official versions, ...)
	- libapache-mod-gzip <unfixed> (unimportant)
	NOTE: Debian doesn't enable vulnerable debug mode.
CVE-2003-0843 (Format string vulnerability in mod_gzip_printf for mod_gzip 1.3.26.1a ...)
	- libapache-mod-gzip <unfixed> (unimportant)
	NOTE: Debian doesn't enable vulnerable debug mode.
CVE-2003-0842 (Stack-based buffer overflow in mod_gzip_printf for mod_gzip 1.3.26.1a ...)
	- libapache-mod-gzip <unfixed> (unimportant)
	NOTE: Debian doesn't enable vulnerable debug mode.
CVE-2003-0841 (The grid option in PeopleSoft 8.42 stores temporary .xls files in ...)
	NOT-FOR-US: Peoplesoft
CVE-2003-0840 (Buffer overflow in dtprintinfo on HP-UX 11.00, and possibly other ...)
	NOT-FOR-US: HPUX
CVE-2003-0839 (Directory traversal vulnerability in the &quot;Shell Folders&quot; capability in ...)
	NOT-FOR-US: microsoft
CVE-2003-0838 (Internet Explorer allows remote attackers to bypass zone restrictions ...)
	NOT-FOR-US: microsoft
CVE-2003-0837 (Stack-based buffer overflow in IBM DB2 Universal Data Base 7.2 for ...)
	NOT-FOR-US: IBM DB2
CVE-2003-0836 (Stack-based buffer overflow in IBM DB2 Universal Data Base 7.2 before ...)
	NOT-FOR-US: IBM DB2
CVE-2003-0835 (Multiple buffer overflows in asf_http_request of MPlayer before 0.92 ...)
	NOTE: mplayer fixed before upload
CVE-2003-0834 (Buffer overflow in CDE libDtHelp library allows local users to execute ...)
	NOT-FOR-US: CDE
CVE-2003-0833 (Stack-based buffer overflow in webfs before 1.20 allows attackers to ...)
	{DSA-392}
	- webfs 1.20
CVE-2003-0832 (Directory traversal vulnerability in webfs before 1.20 allows remote ...)
	{DSA-392}
	- webfs 1.20
CVE-2003-0831 (ProFTPD 1.2.7 through 1.2.9rc2 does not properly translate newline ...)
	- proftpd 1.2.9-1
CVE-2003-0830 (Buffer overflow in marbles 1.0.2 and earlier allows local users to ...)
	{DSA-390}
	- marbles <removed>
CVE-2003-0829
	RESERVED
CVE-2003-0828 (Buffer overflow in freesweep in Debian GNU/Linux 3.0 allows local ...)
	{DSA-391}
	- freesweep 0.88-4.1 (bug #242616)
CVE-2003-0827 (The DB2 Discovery Service for IBM DB2 before FixPak 10a allows remote ...)
	NOT-FOR-US: IBM DB2
CVE-2003-0826 (lsh daemon (lshd) does not properly return from certain functions in ...)
	{DSA-717-1}
	- lsh-utils 1.4.2-6
CVE-2003-0824 (Unknown vulnerability in the SmartHTML interpreter (shtml.dll) in ...)
	NOT-FOR-US: microsoft
CVE-2003-0823 (Internet Explorer 6 SP1 and earlier allows remote attackers to direct ...)
	NOT-FOR-US: microsoft
CVE-2003-0822 (Buffer overflow in the debug functionality in fp30reg.dll of Microsoft ...)
	NOT-FOR-US: microsoft
CVE-2003-0821 (Microsoft Excel 97, 2000, and 2002 allows remote attackers to execute ...)
	NOT-FOR-US: microsoft
CVE-2003-0820 (Microsoft Word 97, 98(J), 2000, and 2002, and Microsoft Works Suites ...)
	NOT-FOR-US: microsoft
CVE-2003-0819 (Buffer overflow in the H.323 filter of Microsoft Internet Security and ...)
	NOT-FOR-US: microsoft
CVE-2003-0818 (Multiple integer overflows in Microsoft ASN.1 library (MSASN1.DLL), as ...)
	NOT-FOR-US: microsoft
CVE-2003-0817 (Internet Explorer 5.01 through 6 SP1 allows remote attackers to bypass ...)
	NOT-FOR-US: microsoft
CVE-2003-0816 (Internet Explorer 6 SP1 and earlier allows remote attackers to bypass ...)
	NOT-FOR-US: microsoft
CVE-2003-0815 (Internet Explorer 6 SP1 and earlier allows remote attackers to bypass ...)
	NOT-FOR-US: microsoft
CVE-2003-0814 (Internet Explorer 6 SP1 and earlier allows remote attackers to bypass ...)
	NOT-FOR-US: microsoft
CVE-2003-0813 (A multi-threaded race condition in the Windows RPC DCOM functionality ...)
	NOT-FOR-US: microsoft
CVE-2003-0812 (Stack-based buffer overflow in a logging function for Windows ...)
	NOT-FOR-US: microsoft
CVE-2003-0811
	RESERVED
CVE-2003-0810
	RESERVED
CVE-2003-0809 (Internet Explorer 5.01 through 6.0 does not properly handle object ...)
	NOT-FOR-US: microsoft
CVE-2003-0808
	RESERVED
CVE-2003-0807 (Buffer overflow in the COM Internet Services and in the RPC over HTTP ...)
	NOT-FOR-US: microsoft
CVE-2003-0806 (Buffer overflow in the Windows logon process (winlogon) in Microsoft ...)
	NOT-FOR-US: microsoft
CVE-2003-0805 (Multiple buffer overflows in UMN gopher daemon (gopherd) 2.x and 3.x ...)
	{DSA-387}
	- gopher 3.0.6
	NOTE: gopherd was removed from the gopher package in version 3.0.6.
CVE-2003-0804 (The arplookup function in FreeBSD 5.1 and earlier, Mac OS X before ...)
	NOT-FOR-US: BSD
CVE-2003-0803 (Nokia Electronic Documentation (NED) 5.0 allows remote attackers to ...)
	NOT-FOR-US: Nokia
CVE-2003-0802 (Nokia Electronic Documentation (NED) 5.0 allows remote attackers to ...)
	NOT-FOR-US: Nokia
CVE-2003-0801 (Cross-site scripting (XSS) vulnerability in Nokia Electronic ...)
	NOT-FOR-US: Nokia
CVE-2003-0800
	RESERVED
CVE-2003-0799
	RESERVED
CVE-2003-0798
	RESERVED
CVE-2003-0797 (Unknown vulnerability in rpc.mountd in SGI IRIX 6.5 through 6.5.22 ...)
	NOT-FOR-US: SGI IRIX
CVE-2003-0796 (Unknown vulnerability in rpc.mountd SGI IRIX 6.5.18 through 6.5.22 ...)
	NOT-FOR-US: SGI IRIX
CVE-2003-0795 (The vty layer in Quagga before 0.96.4, and Zebra 0.93b and earlier, ...)
	{DSA-415}
	- quagga 0.96.4x-4
CVE-2003-0794 (GDM 2.4.4.x before 2.4.4.4, and 2.4.1.x before 2.4.1.7, does not limit ...)
	- gdm 2.4.4.4
CVE-2003-0793 (GDM 2.4.4.x before 2.4.4.4, and 2.4.1.x before 2.4.1.7, does not ...)
	- gdm 2.4.4.4
CVE-2003-0792 (Fetchmail 6.2.4 and earlier does not properly allocate memory for long ...)
	- fetchmail 6.2.5
CVE-2003-0791 (The Script.prototype.freeze/thaw functionality in Mozilla 1.4 and ...)
	- mozilla 2:1.5
CVE-2003-0790
	REJECTED
CVE-2003-0789 (mod_cgid in Apache before 2.0.48, when using a threaded MPM, does not ...)
	- apache2 2.0.48
CVE-2003-0788 (Unknown vulnerability in the Internet Printing Protocol (IPP) ...)
	- cups 1.1.19
	- cupsys 1.1.19
CVE-2003-0787 (The PAM conversation function in OpenSSH 3.7.1 and 3.7.1p1 interprets ...)
	- openssh 1:3.7.1p2
CVE-2003-0786 (The SSH1 PAM challenge response authentication in OpenSSH 3.7.1 and ...)
	- openssh 1:3.7.1p2
CVE-2003-0785 (ipmasq before 3.5.12, in certain configurations, may forward packets ...)
	{DSA-389}
	- ipmasq 3.5.12
CVE-2003-0784 (Format string vulnerability in tsm for the bos.rte.security fileset on ...)
	NOT-FOR-US: IBM TSM
CVE-2003-0783 (Multiple buffer overflows in hztty 2.0 allow local users to gain root ...)
	{DSA-385}
	- hztty 2.0-6
CVE-2003-0782 (Multiple buffer overflows in ecartis before 1.0.0 allow attackers to ...)
	{DSA-467}
	- ecartis 1.0.0+cvs.20030911
CVE-2003-0781 (Unknown vulnerability in ecartis before 1.0.0 does not properly ...)
	{DSA-467}
	- ecartis 1.0.0+cvs.20030911
CVE-2003-0780 (Buffer overflow in get_salt_from_password from sql_acl.cc for MySQL ...)
	{DSA-381}
	- mysql-dfsg 4.0.15-1
CVE-2003-0779 (SQL injection vulnerability in the Call Detail Record (CDR) logging ...)
	- asterisk 0.7.0
CVE-2003-0778 (saned in sane-backends 1.0.7 and earlier, and possibly later versions, ...)
	{DSA-379}
	- sane-backends 1.0.11-1
CVE-2003-0777 (saned in sane-backends 1.0.7 and earlier, when debug messages are ...)
	{DSA-379}
	- sane-backends 1.0.11-1
CVE-2003-0776 (saned in sane-backends 1.0.7 and earlier does not properly &quot;check the ...)
	{DSA-379}
	- sane-backends 1.0.11-1
CVE-2003-0775 (saned in sane-backends 1.0.7 and earlier calls malloc with an ...)
	{DSA-379}
	- sane-backends 1.0.11-1
CVE-2003-0774 (saned in sane-backends 1.0.7 and earlier does not quickly handle ...)
	{DSA-379}
	- sane-backends 1.0.11-1
CVE-2003-0773 (saned in sane-backends 1.0.7 and earlier does not check the IP address ...)
	{DSA-379}
	- sane-backends 1.0.11-1
CVE-2003-0772 (Multiple buffer overflows in WS_FTP 3 and 4 allow remote authenticated ...)
	NOT-FOR-US: WS_FTP server
CVE-2003-0771 (Gallery.pm in Apache::Gallery (aka A::G) uses predictable temporary ...)
	- libapache-gallery-perl 0.7
CVE-2003-0770 (FUNC.pm in IkonBoard 3.1.2a and earlier, including 3.1.1, does not ...)
	NOT-FOR-US: IkonBoard
CVE-2003-0769 (Cross-site scripting (XSS) vulnerability in the ICQ Web Front ...)
	NOT-FOR-US: ICQ Web Front
CVE-2003-0768 (Microsoft ASP.Net 1.1 allows remote attackers to bypass the Cross-Site ...)
	NOT-FOR-US: microsoft
CVE-2003-0767 (Buffer overflow in RogerWilco graphical server 1.4.1.6 and earlier, ...)
	NOT-FOR-US: RogerWilco
CVE-2003-0766 (Multiple heap-based buffer overflows in FTP Desktop client 3.5, and ...)
	NOT-FOR-US: ftp desktop (windows)
CVE-2003-0765 (The IN_MIDI.DLL plugin 3.01 and earlier, as used in Winamp 2.91, ...)
	NOT-FOR-US: winamp
CVE-2003-0764 (Escapade Scripting Engine (ESP) allows remote attackers to obtain ...)
	NOT-FOR-US: Escapade Scripting Engine (ESP
CVE-2003-0763 (Cross-site scripting (XSS) vulnerability in Escapade Scripting Engine ...)
	NOT-FOR-US: Escapade Scripting Engine (ESP
CVE-2003-0762 (Buffer overflow in (1) foxweb.dll and (2) foxweb.exe of Foxweb 2.5 ...)
	NOT-FOR-US: foxweb
CVE-2003-0761 (Buffer overflow in the get_msg_text of chan_sip.c in the Session ...)
	- asterisk 0.5.0
CVE-2003-0760 (Blubster 2.5 allows remote attackers to cause a denial of service ...)
	NOT-FOR-US: optisoft blubster
CVE-2003-0759 (Buffer overflow in db2licm in IBM DB2 Universal Data Base 7.2 before ...)
	NOT-FOR-US: IBM DB2
CVE-2003-0758 (Buffer overflow in db2dart in IBM DB2 Universal Data Base 7.2 before ...)
	NOT-FOR-US: IBM DB2
CVE-2003-0757 (Check Point FireWall-1 4.0 and 4.1 before SP5 allows remote attackers ...)
	NOT-FOR-US: check point firewall
CVE-2003-0756 (Directory traversal vulnerability in sitebuilder.cgi in SiteBuilder ...)
	NOT-FOR-US: sitebuilder
CVE-2003-0755 (Buffer overflow in sys_cmd.c for gtkftpd 1.0.4 and earlier allows ...)
	NOT-FOR-US: gtkftpd
CVE-2003-0754 (nphpd.php in newsPHP 216 and earlier allows remote attackers to bypass ...)
	NOT-FOR-US: newsPHP
CVE-2003-0753 (nphpd.php in newsPHP 216 and earlier allows remote attackers to read ...)
	NOT-FOR-US: newsPHP
CVE-2003-0752 (SQL injection vulnerability in global.php3 of AttilaPHP 3.0, and ...)
	NOT-FOR-US: AttilaPHP
CVE-2003-0751 (SQL injection vulnerability in pass_done.php for PY-Membres 4.2 and ...)
	NOT-FOR-US: PY-Membres
CVE-2003-0750 (secure.php in PY-Membres 4.2 and earlier allows remote attackers to ...)
	NOT-FOR-US: PY-Membres
CVE-2003-0749 (Cross-site scripting (XSS) vulnerability in wgate.dll for SAP Internet ...)
	NOT-FOR-US: SAP
CVE-2003-0748 (Directory traversal vulnerability in wgate.dll for SAP Internet ...)
	NOT-FOR-US: SAP
CVE-2003-0747 (wgate.dll in SAP Internet Transaction Server (ITS) 4620.2.0.323011 ...)
	NOT-FOR-US: SAP
CVE-2003-0746 (Various Distributed Computing Environment (DCE) implementations, ...)
	NOT-FOR-US: Distributed Computing Environment (DCE) not in Deb
CVE-2003-0745 (SNMPc 6.0.8 and earlier performs authentication to the server on the ...)
	NOT-FOR-US: castlerock SNMPc
CVE-2003-0744 (The fetchnews NNTP client in leafnode 1.9.3 to 1.9.41 allows remote ...)
	- leafnode 1.9.42
CVE-2003-0743 (Heap-based buffer overflow in smtp_in.c for Exim 3 (exim3) before 3.36 ...)
	{DSA-376}
	- exim 3.36-8
CVE-2003-0742 (SCO Internet Manager (mana) allows local users to execute arbitrary ...)
	NOT-FOR-US: SCO
CVE-2003-0741
	RESERVED
CVE-2003-0740 (Stunnel 4.00, and 3.24 and earlier, leaks a privileged file descriptor ...)
	- stunnel 2:3.26 (bug #278942)
	- stunnel4 2:4.04
CVE-2003-0739 (VMware Workstation 4.0.1 for Linux, build 5289 and earlier, allows ...)
	NOT-FOR-US: VMware
CVE-2003-0738 (The calendar module in phpWebSite 0.9.x and earlier allows remote ...)
	NOT-FOR-US: phpWebSite
CVE-2003-0737 (The calendar module in phpWebSite 0.9.x and earlier allows remote ...)
	NOT-FOR-US: phpWebSite
CVE-2003-0736 (Multiple cross-site scripting (XSS) vulnerabilities in phpWebSite ...)
	NOT-FOR-US: phpWebSite
CVE-2003-0735 (SQL injection vulnerability in the Calendar module of phpWebSite 0.9.x ...)
	NOT-FOR-US: phpWebSite
CVE-2003-0734 (Unknown vulnerability in the pam_filter mechanism in pam_ldap before ...)
	- libpam-ldap 164-1
	- libnss-ldap 207-1
CVE-2003-0733 (Multiple cross-site scripting (XSS) vulnerabilities in WebLogic ...)
	NOT-FOR-US: BEA weblogic
CVE-2003-0732 (CiscoWorks Common Management Foundation (CMF) 2.1 and earlier allows ...)
	NOT-FOR-US: cisco
CVE-2003-0731 (CiscoWorks Common Management Foundation (CMF) 2.1 and earlier allows ...)
	NOT-FOR-US: cisco
CVE-2003-0730 (Multiple integer overflows in the font libraries for XFree86 4.3.0 ...)
	{DSA-380}
	- xfree86 4.2.1-12
CVE-2003-0729 (Buffer overflow in Tellurian TftpdNT 1.8 allows remote attackers to ...)
	NOT-FOR-US: tellurian tftpdNT
CVE-2003-0728 (Horde before 2.2.4 allows remote malicious web sites to steal session ...)
	- horde2 2.2.4
CVE-2003-0727 (Multiple buffer overflows in the XML Database (XDB) functionality for ...)
	NOT-FOR-US: oracle
CVE-2003-0726 (RealOne player allows remote attackers to execute arbitrary script in ...)
	NOT-FOR-US: RealOne player
CVE-2003-0725 (Buffer overflow in the RTSP protocol parser for the View Source ...)
	NOT-FOR-US: Real Networks Server / Helix Server
CVE-2003-0724 (ssh on HP Tru64 UNIX 5.1B and 5.1A does not properly handle RSA ...)
	NOT-FOR-US: HP Tru64
CVE-2003-0723 (Buffer overflow in gkrellmd for gkrellm 2.1.x before 2.1.14 may allow ...)
	- gkrellm 2.1.14
CVE-2003-0722 (The default installation of sadmind on Solaris uses weak ...)
	NOT-FOR-US: solaris
CVE-2003-0721 (Integer signedness error in rfc2231_get_param from strings.c in PINE ...)
	- pine 4.58
	- alpine <not-affected> (alpine is based on pine 4.64, this bug was in a previous version of pine)
CVE-2003-0720 (Buffer overflow in PINE before 4.58 allows remote attackers to execute ...)
	- pine 4.58
	- alpine <not-affected> (alpine is based on pine 4.64, this bug was in a previous version of pine)
CVE-2003-0719 (Buffer overflow in the Private Communications Transport (PCT) protocol ...)
	NOT-FOR-US: microsoft
CVE-2003-0718 (The WebDAV Message Handler for Internet Information Services (IIS) ...)
	NOT-FOR-US: microsoft
CVE-2003-0717 (The Messenger Service for Windows NT through Server 2003 does not ...)
	NOT-FOR-US: microsoft
CVE-2003-0716
	RESERVED
CVE-2003-0715 (Heap-based buffer overflow in the Distributed Component Object Model ...)
	NOT-FOR-US: microsoft
CVE-2003-0714 (The Internet Mail Service in Exchange Server 5.5 and Exchange 2000 ...)
	NOT-FOR-US: microsoft
CVE-2003-0713
	RESERVED
CVE-2003-0712 (Cross-site scripting (XSS) vulnerability in the HTML encoding for the ...)
	NOT-FOR-US: microsoft
CVE-2003-0711 (Stack-based buffer overflow in the PCHealth system in the Help and ...)
	NOT-FOR-US: pchealth for windows
CVE-2003-0710
	RESERVED
CVE-2003-0709 (Buffer overflow in the whois client, which is not setuid but is ...)
	- whois 4.6.7
CVE-2003-0708 (Format string vulnerability in LinuxNode (node) before 0.3.2 may allow ...)
	{DSA-375}
	- node 0.3.2-1
CVE-2003-0707 (Buffer overflow in LinuxNode (node) before 0.3.2 allows remote ...)
	{DSA-375}
	- node 0.3.2-1
CVE-2003-0706 (Unknown vulnerability in mah-jong 1.5.6 and earlier allows remote ...)
	{DSA-378}
	- mah-jong 1.5.6-2
CVE-2003-0705 (Buffer overflow in mah-jong 1.5.6 and earlier allows remote attackers ...)
	{DSA-378}
	- mah-jong 1.5.6-2
CVE-2003-0704 (KisMAC before 0.05d trusts user-supplied variables when chown'ing ...)
	NOT-FOR-US: KisMAC for Mac OS X
CVE-2003-0703 (KisMAC before 0.05d trusts user-supplied variables to load arbitrary ...)
	NOT-FOR-US: KisMAC for Mac OS X
CVE-2003-0702 (Unknown vulnerability in an ISAPI plugin for ISS Server Sensor 7.0 XPU ...)
	NOT-FOR-US: microsoft
CVE-2003-0701 (Buffer overflow in Internet Explorer 6 SP1 for certain languages that ...)
	NOT-FOR-US: microsoft
CVE-2003-0700 (The C-Media PCI sound driver in Linux before 2.4.22 does not use the ...)
	NOTE: fixed in 2.4.22-pre3
CVE-2003-0699 (The C-Media PCI sound driver in Linux before 2.4.21 does not use the ...)
	NOTE: fixed in 2.4.21-rc2
CVE-2003-0698
	REJECTED
CVE-2003-0697 (Format string vulnerability in lpd in the bos.rte.printers fileset for ...)
	NOT-FOR-US: AIX
CVE-2003-0696 (The getipnodebyname() API in AIX 5.1 and 5.2 does not properly close ...)
	NOT-FOR-US: AIX
CVE-2003-0695 (Multiple &quot;buffer management errors&quot; in OpenSSH before 3.7.1 may allow ...)
	{DSA-383 DSA-382}
	- openssh 1:3.7.1
CVE-2003-0694 (The prescan function in Sendmail 8.12.9 allows remote attackers to ...)
	{DSA-384}
	- sendmail 8.12.10-1
CVE-2003-0693 (A &quot;buffer management error&quot; in buffer_append_space of buffer.c for ...)
	{DSA-383 DSA-382}
	- openssh 1:3.6.1p2-6.0
CVE-2003-0692 (KDM in KDE 3.1.3 and earlier uses a weak session cookie generation ...)
	{DSA-388}
	- kdebase 4:3.2
CVE-2003-0691
	REJECTED
CVE-2003-0690 (KDM in KDE 3.1.3 and earlier does not verify whether the pam_setcred ...)
	{DSA-443 DSA-388}
	- xfree86 4.3.0-0pre1v2
	- kdebase 4:3.2
CVE-2003-0689 (The getgrouplist function in GNU libc (glibc) 2.2.4 and earlier allows ...)
	- glibc 2.2.5
CVE-2003-0688 (The DNS map code in Sendmail 8.12.8 and earlier, when using the ...)
	- sendmail 8.12.9
CVE-2003-0687
	REJECTED
CVE-2003-0686 (Buffer overflow in PAM SMB module (pam_smb) 1.1.6 and earlier, when ...)
	{DSA-374}
	- libpam-smb <removed>
CVE-2003-0685 (Buffer overflow in Netris 0.52 and earlier, and possibly other ...)
	{DSA-372}
	- netris 0.52-1
CVE-2003-0684
	RESERVED
CVE-2003-0683 (NFS in SGI 6.5.21m and 6.5.21f does not perform access checks in ...)
	NOT-FOR-US: SGI
CVE-2003-0682 (&quot;Memory bugs&quot; in OpenSSH 3.7.1 and earlier, with unknown impact, a ...)
	{DSA-383 DSA-382}
	- openssh 1:3.6.1p2-9
CVE-2003-0681 (A &quot;potential buffer overflow in ruleset parsing&quot; for Sendmail 8.12.9, ...)
	{DSA-384}
	- sendmail 8.12.10-1
CVE-2003-0680 (Unknown vulnerability in NFS for SGI IRIX 6.5.21 and earlier may allow ...)
	NOT-FOR-US: SGI IRIX
CVE-2003-0679 (Unknown vulnerability in the libcpr library for the Checkpoint/Restart ...)
	NOT-FOR-US: SGI IRIX
CVE-2003-0678
	RESERVED
CVE-2003-0677 (Cisco CSS 11000 routers on the CS800 chassis allow remote attackers to ...)
	NOT-FOR-US: Cisco
CVE-2003-0676 (Directory traversal vulnerability in ViewLog for iPlanet ...)
	NOT-FOR-US: Sun iPlanet
CVE-2003-0672 (Format string vulnerability in pam-pgsql 0.5.2 and earlier allows ...)
	{DSA-370}
	- pam-pgsql 0.5.2-7
CVE-2003-0671 (Format string vulnerability in tcpflow, when used in a setuid context, ...)
	NOT-FOR-US: sustworks IPNetSentryX
CVE-2003-0670 (Sustworks IPNetSentryX and IPNetMonitorX allow local users to sniff ...)
	NOT-FOR-US: sustworks IPNetSentryX
CVE-2003-0669 (Unknown vulnerability in Solaris 2.6 through 9 causes a denial of ...)
	NOT-FOR-US: solaris
CVE-2003-0668
	RESERVED
CVE-2003-0667
	RESERVED
CVE-2003-0666 (Buffer overflow in Microsoft Wordperfect Converter allows remote ...)
	NOT-FOR-US: microsoft
CVE-2003-0665 (Buffer overflow in the ActiveX control for Microsoft Access Snapshot ...)
	NOT-FOR-US: microsoft
CVE-2003-0664 (Microsoft Word 2002, 2000, 97, and 98(J) does not properly check ...)
	NOT-FOR-US: microsoft
CVE-2003-0663 (Unknown vulnerability in the Local Security Authority Subsystem ...)
	NOT-FOR-US: microsoft
CVE-2003-0662 (Buffer overflow in Troubleshooter ActiveX Control (Tshoot.ocx) in ...)
	NOT-FOR-US: microsoft
CVE-2003-0661 (The NetBT Name Service (NBNS) for NetBIOS in Windows NT 4.0, 2000, XP, ...)
	NOT-FOR-US: microsoft
CVE-2003-0660 (The Authenticode capability in Microsoft Windows NT through Server ...)
	NOT-FOR-US: microsoft
CVE-2003-0659 (Buffer overflow in a function in User32.dll on Windows NT through ...)
	NOT-FOR-US: microsoft
CVE-2003-0658 (Docview before 1.1-18 in Caldera OpenLinux 3.1.1, SCO Linux 4.0, ...)
	NOT-FOR-US: docview / caldera
CVE-2003-0657 (Multiple SQL injection vulnerabilities in the infolog module for ...)
	{DSA-365}
	- phpgroupware 0.9.14.007-1
CVE-2003-0656 (eroaster before 2.2.0 allows local users to overwrite arbitrary files ...)
	{DSA-366}
	- eroaster 2.2.0-0.5-1
CVE-2003-0655 (rscsi in cdrtools 2.01 and earlier allows local users to overwrite ...)
	- cdrtools 4:2.0+a18-1
CVE-2003-0654 (Buffer overflow in autorespond may allow remote attackers to execute ...)
	{DSA-373}
	- autorespond 2.0.4-1
CVE-2003-0653 (The OSI networking kernel (sys/netiso) in NetBSD 1.6.1 and earlier ...)
	NOT-FOR-US: NetBSD
CVE-2003-0652 (Buffer overflow in xtokkaetama allows local users to gain privileges ...)
	{DSA-367}
	- xtokkaetama 1.0b-9
CVE-2003-0651 (Buffer overflow in the mylo_log logging function for mod_mylo 0.2.1 ...)
	NOT-FOR-US: mod_mylo for apache
CVE-2003-0650 (Directory traversal vulnerability in GSAPAK.EXE for GameSpy Arcade, ...)
	NOT-FOR-US: gamespy
CVE-2003-0649 (Buffer overflow in xpcd-svga for xpcd 2.08 and earlier allows local ...)
	{DSA-368}
	- xpcd 2.08-9
CVE-2003-0648 (Multiple buffer overflows in vfte, based on FTE, before 0.50, allow ...)
	{DSA-472}
	- fte 0.50.0-1.1 (bug #203871)
CVE-2003-0647 (Buffer overflow in the HTTP server for Cisco IOS 12.2 and earlier ...)
	NOT-FOR-US: Cisco
CVE-2003-0646 (Multiple buffer overflows in ActiveX controls used by Trend Micro ...)
	NOT-FOR-US: ActiveX
CVE-2003-0645 (man-db 2.3.12 and 2.3.18 to 2.4.1 uses certain user-controlled DEFINE ...)
	{DSA-364}
	- man-db 2.4.1-13
CVE-2003-0644 (Kdbg 1.1.0 through 1.2.8 does not check permissions of the .kdbgrc ...)
	- kdbg 1.2.9-1
CVE-2003-0643 (Integer signedness error in the Linux Socket Filter implementation ...)
	{DSA-358}
	- kernel-source-2.4.27 <not-affected> (Fixed before upload in archive; 2.4.22-pre10)
CVE-2003-0642 (WatchGuard ServerLock for Windows 2000 before SL 2.0.4 allows local ...)
	NOT-FOR-US: Watchguard / win
CVE-2003-0641 (WatchGuard ServerLock for Windows 2000 before SL 2.0.3 allows local ...)
	NOT-FOR-US: Watchguard / win
CVE-2003-0640 (BEA WebLogic Server and Express, when using NodeManager to start ...)
	NOT-FOR-US: BEA WebLogic
CVE-2003-0639 (Unknown vulnerability in Novell iChain 2.2 before Support Pack 1 ...)
	NOT-FOR-US: novell ichain
CVE-2003-0638 (Multiple buffer overflows in Novell iChain 2.1 before Field Patch 3, ...)
	NOT-FOR-US: novell ichain
CVE-2003-0637 (Novell iChain 2.2 before Support Pack 1 uses a shorter timeout for a ...)
	NOT-FOR-US: novell ichain
CVE-2003-0636 (Novell iChain 2.2 before Support Pack 1 does not properly verify that ...)
	NOT-FOR-US: novell ichain
CVE-2003-0635 (Unknown vulnerability or vulnerabilities in Novell iChain 2.2 before ...)
	NOT-FOR-US: novell ichain
CVE-2003-0634 (Stack-based buffer overflow in the PL/SQL EXTPROC functionality for ...)
	NOT-FOR-US: oracle
CVE-2003-0633 (Multiple vulnerabilities in aoljtest.jsp of Oracle Applications AOL/J ...)
	NOT-FOR-US: oracle
CVE-2003-0632 (Buffer overflow in the Oracle Applications Web Report Review (FNDWRR) ...)
	NOT-FOR-US: oracle
CVE-2003-0631 (VMware GSX Server 2.5.1 build 4968 and earlier, and Workstation 4.0 ...)
	NOT-FOR-US: VMware
CVE-2003-0630 (Multiple buffer overflows in the atari800.svgalib setuid program of ...)
	{DSA-359}
	- atari800 1.3.1-2
CVE-2003-0629 (Cross-site scripting (XSS) vulnerability in PeopleSoft IScript ...)
	NOT-FOR-US: peoplesoft
CVE-2003-0628 (PeopleSoft Gateway Administration servlet (gateway.administration) in ...)
	NOT-FOR-US: peoplesoft
CVE-2003-0627 (psdoccgi.exe in PeopleSoft PeopleTools 8.4 through 8.43 allows remote ...)
	NOT-FOR-US: peoplesoft
CVE-2003-0626 (psdoccgi.exe in PeopleSoft PeopleTools 8.4 through 8.43 allows remote ...)
	NOT-FOR-US: peoplesoft
CVE-2003-0625 (Off-by-one error in certain versions of xfstt allows remote attackers ...)
	{DSA-360}
	- xfstt 1.5.1-1
CVE-2003-0624 (Cross-site scripting (XSS) vulnerability in InteractiveQuery.jsp for ...)
	NOT-FOR-US: BEA WebLogic
CVE-2003-0623 (Cross-site scripting (XSS) vulnerability in the Administration Console ...)
	NOT-FOR-US: BEA Tuxedo
CVE-2003-0622 (The Administration Console for BEA Tuxedo 8.1 and earlier allows ...)
	NOT-FOR-US: BEA Tuxedo
CVE-2003-0621 (The Administration Console for BEA Tuxedo 8.1 and earlier allows ...)
	NOT-FOR-US: BEA Tuxedo
CVE-2003-0620 (Multiple buffer overflows in man-db 2.4.1 and earlier, when installed ...)
	{DSA-364}
	- man-db 2.4.1-13
CVE-2003-0619 (Integer signedness error in the decode_fh function of nfs3xdr.c in ...)
	{DSA-358}
	- kernel-source-2.4.27 <not-affected> (Fixed before upload in archive; 2.4.21-pre3)
CVE-2003-0618 (Multiple vulnerabilities in suidperl 5.6.1 and earlier allow a local ...)
	{DSA-431}
	- perl 5.8.3-3
CVE-2003-0617 (mindi 0.58 and earlier does not properly create temporary files, which ...)
	{DSA-362}
	- mindi 0.86-1
CVE-2003-0616 (Format string vulnerability in ePO service for McAfee ePolicy ...)
	NOT-FOR-US: McAfee
CVE-2003-0615 (Cross-site scripting (XSS) vulnerability in start_form() of CGI.pm ...)
	{DSA-371}
	- perl 5.8.0-19
CVE-2003-0614 (Cross-site scripting (XSS) vulnerability in search.php of Gallery 1.1 ...)
	{DSA-355}
	- gallery 1.3.4-3
CVE-2003-0613 (Buffer overflow in zblast-svgalib of zblast 1.2.1 and earlier allows ...)
	{DSA-369}
	- zblast 1.2.1-7
CVE-2003-0612 (Multiple buffer overflows in main.c for Crafty 19.3 allow local users ...)
	- crafty 19.3-1
CVE-2003-0611 (Multiple buffer overflows in xtokkaetama 1.0 allow local users to ...)
	{DSA-356}
	- xtokkaetama 1.0b-8
CVE-2003-0610 (Directory traversal vulnerability in ePO agent for McAfee ePolicy ...)
	NOT-FOR-US: McAfee
CVE-2003-0609 (Stack-based buffer overflow in the runtime linker, ld.so.1, on Solaris ...)
	NOT-FOR-US: Solaris
CVE-2003-0608
	RESERVED
CVE-2003-0607 (Buffer overflow in xconq 7.4.1 allows local users to become part of ...)
	{DSA-354}
	- xconq 7.4.1-2.1 (bug #202963)
CVE-2003-0606 (sup 1.8 and earlier does not properly create temporary files, which ...)
	{DSA-353}
	- sup 1.8-9
CVE-2003-0605 (The RPC DCOM interface in Windows 2000 SP3 and SP4 allows remote ...)
	NOT-FOR-US: Microsoft
CVE-2003-0604 (Windows Media Player (WMP) 7 and 8, as running on Internet Explorer ...)
	NOT-FOR-US: Microsoft
CVE-2003-0603 (Bugzilla 2.16.x before 2.16.3, 2.17.x before 2.17.4, and earlier ...)
	- bugzilla 2.16.3
CVE-2003-0602 (Multiple cross-site scripting vulnerabilities (XSS) in Bugzilla 2.16.x ...)
	- bugzilla 2.16.3
CVE-2003-0601 (Workgroup Manager in Apple Mac OS X Server 10.2 through 10.2.6 does ...)
	NOT-FOR-US: Apple
CVE-2003-0600
	RESERVED
CVE-2003-0599 (Unknown vulnerability in the Virtual File System (VFS) capability for ...)
	{DSA-365}
	- phpgroupware 0.9.14.007-1
CVE-2003-0598
	REJECTED
CVE-2003-0597 (Unknown vulnerability in display of Merge before 5.3.23a in UnixWare ...)
	NOT-FOR-US: Unixware
CVE-2003-0596 (FDclone 2.00a, and other versions before 2.02a, creates temporary ...)
	{DSA-352}
	- fdclone 2.04-1
CVE-2003-0595 (Buffer overflow in WiTango Application Server and Tango 2000 allows ...)
	NOT-FOR-US: WiTango Application Server and Tango 2000
CVE-2003-0594 (Mozilla allows remote attackers to bypass intended cookie access ...)
	NOTE: cannot find reference to it being fixed.
CVE-2003-0593 (Opera allows remote attackers to bypass intended cookie access ...)
	NOT-FOR-US: opera
CVE-2003-0592 (Konqueror in KDE 3.1.3 and earlier (kdelibs) allows remote attackers ...)
	{DSA-459}
	- kdelibs 4:3.1.3-1
CVE-2003-0591
	REJECTED
CVE-2003-0590 (Cross-site scripting (XSS) vulnerability in Splatt Forum allows remote ...)
	NOT-FOR-US: Splatt Forum
CVE-2003-0589 (admin.php in Digi-ads 1.1 allows remote attackers to bypass ...)
	NOT-FOR-US: Digi-ads
CVE-2003-0588 (admin.php in Digi-news 1.1 allows remote attackers to bypass ...)
	NOT-FOR-US: Digi-news
CVE-2003-0587 (Cross-site scripting (XSS) vulnerability in Infopop Ultimate Bulletin ...)
	NOT-FOR-US: Infopop Ultimate Bulletin Board (UBB)
CVE-2003-0586 (Brooky eStore 1.0.1 through 1.0.2b allows remote attackers to obtain ...)
	NOT-FOR-US: Brooky eStore
CVE-2003-0585 (SQL injection vulnerability in login.asp of Brooky eStore 1.0.1 ...)
	NOT-FOR-US: Brooky eStore
CVE-2003-0584 (Format string vulnerability in Backup and Restore Utility for Unix ...)
	NOT-FOR-US: BRU
CVE-2003-0583 (Buffer overflow in Backup and Restore Utility for Unix (BRU) 17.0 and ...)
	NOT-FOR-US: BRU
CVE-2003-0582
	REJECTED
CVE-2003-0581 (X Fontserver for Truetype fonts (xfstt) 1.4 allows remote attackers to ...)
	{DSA-360}
	- xfstt 1.5-1
CVE-2003-0580 (Buffer overflow in uvadmsh in IBM U2 UniVerse 10.0.0.9 and earlier ...)
	NOT-FOR-US: IBM U2 UniVerse
CVE-2003-0579 (uvadmsh in IBM U2 UniVerse 10.0.0.9 and earlier trusts the ...)
	NOT-FOR-US: IBM U2 UniVerse
CVE-2003-0578 (cci_dir in IBM U2 UniVerse 10.0.0.9 and earlier creates hard links and ...)
	NOT-FOR-US: IBM U2 UniVerse
CVE-2003-0577 (mpg123 0.59r allows remote attackers to cause a denial of service and ...)
	- mpg123 0.59r-1
CVE-2003-0576 (Unknown vulnerability in the NFS daemon (nfsd) in SGI IRIX 6.5.19f and ...)
	NOT-FOR-US: IRIX
CVE-2003-0575 (Heap-based buffer overflow in the name services daemon (nsd) in SGI ...)
	NOT-FOR-US: IRIX
CVE-2003-0574 (Unknown vulnerability in SGI IRIX 6.5.x through 6.5.20, and possibly ...)
	NOT-FOR-US: IRIX
CVE-2003-0573 (The DNS callbacks in nsd in SGI IRIX 6.5.x through 6.5.20f, and ...)
	NOT-FOR-US: IRIX
CVE-2003-0572 (Unknown vulnerability in nsd in SGI IRIX 6.5.x through 6.5.20f, and ...)
	NOT-FOR-US: IRIX
CVE-2003-0571
	RESERVED
CVE-2003-0570
	RESERVED
CVE-2003-0569
	RESERVED
CVE-2003-0568
	RESERVED
CVE-2003-0567 (Cisco IOS 11.x and 12.0 through 12.2 allows remote attackers to cause ...)
	NOT-FOR-US: Cisco
CVE-2003-0566
	RESERVED
CVE-2003-0565 (Multiple vulnerabilities in multiple vendor implementations of the ...)
	NOTE: affects many implementations of the X.400 protocol
CVE-2003-0564 (Multiple vulnerabilities in multiple vendor implementations of the ...)
	NOTE: affects multiple S/MIME implementations
	NOTE: checked current mozilla, which contains safe NSS 3.9.1
	- mozilla 2:1.7.3
CVE-2003-0563
	RESERVED
CVE-2003-0562 (Buffer overflow in the CGI2PERL.NLM PERL handler in Novell Netware 5.1 ...)
	NOT-FOR-US: Novell Netware
CVE-2003-0561 (Multiple buffer overflows in IglooFTP PRO 3.8 allow remote FTP servers ...)
	NOT-FOR-US: IglooFTP
CVE-2003-0560 (SQL injection vulnerability in shopexd.asp for VP-ASP allows remote ...)
	NOT-FOR-US: VP-ASP
CVE-2003-0559 (mainfile.php in phpforum 2 RC-1, and possibly earlier versions, allows ...)
	NOT-FOR-US: phpforum
CVE-2003-0558 (Buffer overflow in LeapFTP 2.7.3.600 allows remote FTP servers to ...)
	NOT-FOR-US: LeapFTP
CVE-2003-0557 (SQL injection vulnerability in login.asp for StoreFront 6.0, and ...)
	NOT-FOR-US: StoreFront
CVE-2003-0556 (Polycom MGC 25 allows remote attackers to cause a denial of service ...)
	NOT-FOR-US: Polycom MGC
CVE-2003-0555 (ImageMagick 5.4.3.x and earlier allows attackers to cause a denial of ...)
	NOTE: imagemagick %x exploit failed with 6.0.6.2-1.5
CVE-2003-0554 (NeoModus Direct Connect 1.0 build 9, and possibly other versions, ...)
	NOT-FOR-US: NeoModus Direct Connect
CVE-2003-0553 (Buffer overflow in the Client Detection Tool (CDT) plugin (npcdt.dll) ...)
	NOT-FOR-US: Netscape
CVE-2003-0552 (Linux 2.4.x allows remote attackers to spoof the bridge Forwarding ...)
	{DSA-423 DSA-358}
	- kernel-source-2.4.27 <not-affected> (Fixed before upload in the archive; 2.4.22-pre3)
CVE-2003-0551 (The STP protocol implementation in Linux 2.4.x does not properly ...)
	{DSA-423 DSA-358}
	- kernel-source-2.4.27 <not-affected> (Fixed before upload in the archive; 2.4.22-pre3)
CVE-2003-0550 (The STP protocol, as enabled in Linux 2.4.x, does not provide ...)
	{DSA-423 DSA-358}
	- kernel-source-2.4.27 <not-affected> (Fixed before upload in the archive; 2.4.22-pre3)
CVE-2003-0549 (The X Display Manager Control Protocol (XDMCP) support for GDM before ...)
	- gdm 2.4.1.5
CVE-2003-0548 (The X Display Manager Control Protocol (XDMCP) support for GDM before ...)
	- gdm 2.4.1.5
CVE-2003-0547 (GDM before 2.4.1.6, when using the &quot;examine session errors&quot; feature, ...)
	- gdm 2.4.1.5
CVE-2003-0546 (up2date 3.0.7 and 3.1.23 does not properly verify RPM GPG signatures, ...)
	NOT-FOR-US: up2date
CVE-2003-0545 (Double free vulnerability in OpenSSL 0.9.7 allows remote attackers to ...)
	{DSA-394 DSA-393}
	- openssl 0.9.7c
	- openssl096 0.9.6k
CVE-2003-0544 (OpenSSL 0.9.6 and 0.9.7 does not properly track the number of ...)
	{DSA-394 DSA-393}
	- openssl 0.9.7c
	- openssl096 0.9.6k
CVE-2003-0543 (Integer overflow in OpenSSL 0.9.6 and 0.9.7 allows remote attackers to ...)
	{DSA-394 DSA-393}
	- openssl 0.9.7c
	- openssl096 0.9.6k
CVE-2003-0542 (Multiple stack-based buffer overflows in (1) mod_alias and (2) ...)
	- apache2 2.0.48
	- apache 1.3.29
CVE-2003-0541 (gtkhtml before 1.1.10, as used in Evolution, allows remote attackers ...)
	{DSA-710-1}
	- evolution <not-affected> (Does not affect evolution on debian)
	- gtkhtml 1.0.4-6.2
CVE-2003-0540 (The address parser code in Postfix 1.1.12 and earlier allows remote ...)
	{DSA-363}
	- postfix 1.1.12
CVE-2003-0539 (skk (Simple Kana to Kanji conversion program) 12.1 and earlier, and ...)
	{DSA-343}
	- skk 10.62a-6
	- ddskk 12.1.cvs.20030622-1
CVE-2003-0538 (The mailcap file for mozart 1.2.5 and earlier causes Oz applications ...)
	{DSA-342}
	- mozart 1.2.5.20030212-2
CVE-2003-0537 (The liece Emacs IRC client 2.0+0.20030527 and earlier creates ...)
	{DSA-341}
	- liece 2.0+0.20030527cvs-1
CVE-2003-0536 (Directory traversal vulnerability in phpSysInfo 2.1 and earlier allows ...)
	{DSA-346}
	- phpsysinfo 2.1-1
CVE-2003-0535 (Buffer overflow in xbl 1.0k and earlier allows local users to gain ...)
	{DSA-345}
	- xbl 1.0k-6
CVE-2003-0534
	RESERVED
CVE-2003-0533 (Stack-based buffer overflow in certain Active Directory service ...)
	NOT-FOR-US: Microsoft
CVE-2003-0532 (Internet Explorer 5.01 SP3 through 6.0 SP1 does not properly determine ...)
	NOT-FOR-US: Microsoft
CVE-2003-0531 (Internet Explorer 5.01 SP3 through 6.0 SP1 allows remote attackers to ...)
	NOT-FOR-US: Microsoft
CVE-2003-0530 (Buffer overflow in the BR549.DLL ActiveX control for Internet Explorer ...)
	NOT-FOR-US: Microsoft
CVE-2003-0529
	RESERVED
CVE-2003-0528 (Heap-based buffer overflow in the Distributed Component Object Model ...)
	NOT-FOR-US: Microsoft
CVE-2003-0527
	RESERVED
CVE-2003-0526 (Cross-site scripting (XSS) vulnerability in Microsoft Internet ...)
	NOT-FOR-US: Microsoft
CVE-2003-0525 (The getCanonicalPath function in Windows NT 4.0 may free memory that ...)
	NOT-FOR-US: Microsoft
CVE-2003-0524 (Qt in Knoppix 3.1 Live CD allows local users to overwrite arbitrary ...)
	- qt-x11-free <not-affected> (appears specific to the knoppix CD)
CVE-2003-0523 (Cross-site scripting (XSS) vulnerability in msg.asp for certain ...)
	NOT-FOR-US: ProductCart
CVE-2003-0522 (Multiple SQL injection vulnerabilities in ProductCart 1.5 through 2 ...)
	NOT-FOR-US: ProductCart
CVE-2003-0521 (Cross-site scripting (XSS) vulnerability in cPanel 6.4.2 allows remote ...)
	NOT-FOR-US: cPanel is not our cpanel
CVE-2003-0520 (Trillian 1.0 Pro and 0.74 Freeware allows remote attackers to cause a ...)
	NOT-FOR-US: Cerulean Trillian
CVE-2003-0519 (Certain versions of Internet Explorer 5 and 6, in certain Windows ...)
	NOT-FOR-US: Microsoft
CVE-2003-0518 (The screen saver in MacOS X allows users with physical access to cause ...)
	NOT-FOR-US: MacOS
CVE-2003-0517 (faxrunqd.in in mgetty 1.1.28 and earlier allows local users to ...)
	- mgetty 1.1.29 (bug #199351)
CVE-2003-0516 (cnd.c in mgetty 1.1.28 and earlier does not properly filter ...)
	- mgetty 1.1.29 (bug #199351)
CVE-2003-0515 (SQL injection vulnerabilities in the (1) PostgreSQL or (2) MySQL ...)
	{DSA-347}
	- teapop 0.3.5-2
CVE-2003-0514 (Apple Safari allows remote attackers to bypass intended cookie access ...)
	NOT-FOR-US: Safari
CVE-2003-0513 (Microsoft Internet Explorer allows remote attackers to bypass intended ...)
	NOT-FOR-US: MSIE
CVE-2003-0512 (Cisco IOS 12.2 and earlier generates a &quot;% Login invalid&quot; message ...)
	NOT-FOR-US: Cisco
CVE-2003-0511 (The web server for Cisco Aironet AP1x00 Series Wireless devices ...)
	NOT-FOR-US: Cisco
CVE-2003-0510 (Format string vulnerability in ezbounce 1.0 through 1.50 allows remote ...)
	NOT-FOR-US: ezbounce
CVE-2003-0509 (SQL injection vulnerability in Cyberstrong eShop 4.2 and earlier ...)
	NOT-FOR-US: Cyberstrong eShop
CVE-2003-0508 (Buffer overflow in the WWWLaunchNetscape function of Adobe Acrobat ...)
	NOT-FOR-US: acroread
CVE-2003-0507 (Stack-based buffer overflow in Active Directory in Windows 2000 before ...)
	NOT-FOR-US: Microsoft
CVE-2003-0506 (Microsoft NetMeeting 3.01 2000 before SP4 allows remote attackers to ...)
	NOT-FOR-US: Microsoft
CVE-2003-0505 (Directory traversal vulnerability in Microsoft NetMeeting 3.01 2000 ...)
	NOT-FOR-US: Microsoft
CVE-2003-0504 (Multiple cross-site scripting (XSS) vulnerabilities in Phpgroupware ...)
	{DSA-365}
	- phpgroupware 0.9.14.007-1
CVE-2003-0503 (Buffer overflow in the ShellExecute API function of SHELL32.DLL in ...)
	NOT-FOR-US: Microsoft
CVE-2003-0502 (Apple QuickTime / Darwin Streaming Server before 4.1.3g allows remote ...)
	NOT-FOR-US: Apple Quicktime
CVE-2003-0501 (The /proc filesystem in Linux allows local users to obtain sensitive ...)
	{DSA-423 DSA-358}
	- kernel-source-2.4.27 <not-affected> (Fixed before upload in the archive; 2.4.22-pre10)
CVE-2003-0500 (SQL injection vulnerability in the PostgreSQL authentication module ...)
	{DSA-338}
	- proftpd 1.2.8-8
CVE-2003-0499 (Mantis 0.17.5 and earlier stores its database password in cleartext in ...)
	{DSA-335}
	- mantis 0.17.5-6
CVE-2003-0498 (Cach&#129;&#195;&#129;&#169; Database 5.x installs the /cachesys/csp directory with insecure ...)
	NOT-FOR-US: Intersystems Cache database
CVE-2003-0497 (Cach&#129;&#195;&#129;&#169; Database 5.x installs /cachesys/bin/cache with world-writable ...)
	NOT-FOR-US: Intersystems Cache database
CVE-2003-0496 (Microsoft SQL Server before Windows 2000 SP4 allows local users to ...)
	NOT-FOR-US: Microsoft
CVE-2003-0495 (Cross-site scripting (XSS) vulnerability in LedNews 0.7 allows remote ...)
	NOT-FOR-US: lednews; not in debian
CVE-2003-0494 (password.asp in Snitz Forums 3.4.03 and earlier allows remote ...)
	NOT-FOR-US: snitz forums; not in debian
CVE-2003-0493 (Snitz Forums 3.4.03 and earlier allows attackers to gain privileges as ...)
	NOT-FOR-US: snitz forums; not in debian
CVE-2003-0492 (Cross-site scripting (XSS) vulnerability in search.asp for Snitz ...)
	NOT-FOR-US: snitz forums; not in debian
CVE-2003-0491 (The Tutorials 2.0 module in XOOPS and E-XOOPS allows remote attackers ...)
	NOT-FOR-US: Xoops
CVE-2003-0490 (The installation of Dantz Retrospect Client 5.0.540 on MacOS X 10.2.6, ...)
	NOT-FOR-US: Dantz Retrospect
CVE-2003-0489 (tcptraceroute 1.4 and earlier does not fully drop privileges after ...)
	{DSA-330}
	- tcptraceroute 1.4-4
CVE-2003-0488 (Multiple cross-site scripting (XSS) vulnerabilities in Kerio ...)
	NOT-FOR-US: Kerio Mail server
CVE-2003-0487 (Multiple buffer overflows in Kerio MailServer 5.6.3 allow remote ...)
	NOT-FOR-US: Kerio Mail server
CVE-2003-0486 (SQL injection vulnerability in viewtopic.php for phpBB 2.0.5 and ...)
	- phpbb2 2.0.6
CVE-2003-0485 (Buffer overflow in Progress 4GL Compiler 9.1D06 and earlier allows ...)
	NOT-FOR-US: Progress 4GL Compiler
CVE-2003-0484 (Cross-site scripting (XSS) vulnerability in viewtopic.php for phpBB ...)
	- phpbb2 2.0.6d-3
CVE-2003-0483 (Cross-site scripting (XSS) vulnerabilities in XMB Forum 1.8 Partagium ...)
	NOT-FOR-US: XMB Forum
CVE-2003-0482 (TUTOS 1.1 allows remote attackers to execute arbitrary code by ...)
	- tutos 1.1.20030715-1
CVE-2003-0481 (Multiple cross-site scripting (XSS) vulnerabilities in TUTOS 1.1 allow ...)
	- tutos 1.1.20030715-1
CVE-2003-0480 (VMware Workstation 4.0 for Linux allows local users to overwrite ...)
	NOT-FOR-US: VMware
CVE-2003-0479 (Cross-site scripting (XSS) vulnerability in the guestbook for WebBBS ...)
	NOT-FOR-US: WebBBS; not in debian
CVE-2003-0478 (Format string vulnerability in (1) Bahamut IRCd 1.4.35 and earlier, ...)
	NOT-FOR-US: bahamut and other irc daemons; not in debian
CVE-2003-0477 (wzdftpd 0.1rc4 and earlier allows remote attackers to cause a denial ...)
	- wzdftpd 0.2
CVE-2003-0476 (The execve system call in Linux 2.4.x records the file descriptor of ...)
	{DSA-423 DSA-358}
	- kernel-source-2.4.27 <not-affected> (Fixed before upload in the archive; 2.4.22-pre4)
CVE-2003-0475 (Directory traversal vulnerability in iWeb Server 2 allows remote ...)
	NOT-FOR-US: iWeb server
CVE-2003-0474 (Directory traversal vulnerability in iWeb Server allows remote ...)
	NOT-FOR-US: iWeb server
CVE-2003-0473 (Unknown vulnerability in the IPv6 capability in IRIX 6.5.19 causes ...)
	NOT-FOR-US: SGI IRIX
CVE-2003-0472 (The IPv6 capability in IRIX 6.5.19 allows remote attackers to cause a ...)
	NOT-FOR-US: SGI IRIX
CVE-2003-0471 (Buffer overflow in WebAdmin.exe for WebAdmin allows remote attackers ...)
	NOT-FOR-US: webadmin / win
CVE-2003-0470 (Buffer overflow in the &quot;RuFSI Utility Class&quot; ActiveX control (aka ...)
	NOT-FOR-US: symantec activex
CVE-2003-0469 (Buffer overflow in the HTML Converter (HTML32.cnv) on various Windows ...)
	NOT-FOR-US: microsoft
CVE-2003-0468 (Postfix 1.1.11 and earlier allows remote attackers to use Postfix to ...)
	{DSA-363}
	- postfix 1.1.12
CVE-2003-0467 (Unknown vulnerability in ip_nat_sack_adjust of Netfilter in Linux ...)
	NOTE: fixed in linux 2.4.21
CVE-2003-0466 (Off-by-one error in the fb_realpath() function, as derived from the ...)
	{DSA-357}
	- wu-ftpd 2.6.2-12
CVE-2003-0465 (The kernel strncpy function in Linux 2.4 and 2.5 does not %NUL pad the ...)
	- linux-2.6 <not-affected> (Generic C version fixed in 2.6.x)
	NOTE: generic .c version fixed in 2.6.x but not in 2.4.x
	NOTE: arch specific asm versions:
	NOTE: x86 is not affected
	NOTE: ppc32 fixed in 2.4.22-rc4
	NOTE: not an issue on alpha, see bug #280492
	- kernel-source-2.4.27 2.4.27-8
	NOTE: above fixes s390x, ppc64 and s390 and generic C version
CVE-2003-0464 (The RPC code in Linux kernel 2.4 sets the reuse flag when sockets are ...)
	NOTE: fixed in linux 2.4.22-pre8
CVE-2003-0463
	REJECTED
CVE-2003-0462 (A race condition in the way env_start and env_end pointers are ...)
	{DSA-423 DSA-358}
	- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.1)
	- kernel-source-2.4.27 <not-affected> (Fixed before upload in the archive; 2.4.22-pre10)
CVE-2003-0461 (/proc/tty/driver/serial in Linux 2.4.x reveals the exact number of ...)
	{DSA-423 DSA-358}
	[sarge] - kernel-source-2.6.8 <not-affected> (Fixed before upload into archive; 2.6.1)
	- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.1)
	- kernel-source-2.4.27 2.4.27-1
CVE-2003-0460 (The rotatelogs program on Apache before 1.3.28, for Windows and OS/2 ...)
	- apache <not-affected> (Affects only Apache for Windows and OS/2)
CVE-2003-0459 (KDE Konqueror for KDE 3.1.2 and earlier does not remove authentication ...)
	{DSA-361}
	- kdelibs 4:3.1.3-1
CVE-2003-0458 (Unknown vulnerability in HP NonStop Server D40.00 through D48.03, and ...)
	NOT-FOR-US: HP
CVE-2003-0457
	RESERVED
	- mysql-dfsg 4.0.21-4
CVE-2003-0456 (VisNetic WebSite 3.5 allows remote attackers to obtain the full ...)
	NOT-FOR-US: visnetic website
CVE-2003-0455 (The imagemagick libmagick library 5.5 and earlier creates temporary ...)
	{DSA-331}
	- imagemagick 4:5.5.7-1
CVE-2003-0454 (Multiple buffer overflows in xgalaga 2.0.34 and earlier allow local ...)
	{DSA-334}
	- xgalaga 2.0.34-22
CVE-2003-0453 (traceroute-nanog 6.1.1 allows local users to overwrite unauthorized ...)
	{DSA-348}
	- traceroute-nanog 6.3.6-3
CVE-2003-0452 (Buffer overflows in osh before 1.7-11 allow local users to execute ...)
	{DSA-329}
	- osh 1.7-12
CVE-2003-0451 (Multiple buffer overflows in xbl before 1.0k allow local users to gain ...)
	{DSA-327}
	- xbl 1.0k-5
CVE-2003-0450 (Cistron RADIUS daemon (radiusd-cistron) 1.6.6 and earlier allows ...)
	{DSA-321}
	- radiusd-cistron 1.6.6-2
CVE-2003-0449 (Progress Database 9.1 to 9.1D06 trusts user input to find and load ...)
	NOT-FOR-US: progress database
CVE-2003-0448 (Portmon 1.7 and possibly earlier versions allows local users to read ...)
	NOT-FOR-US: portmon; not in debian
CVE-2003-0447 (The Custom HTTP Errors capability in Internet Explorer 5.01, 5.5 and ...)
	NOT-FOR-US: microsoft
CVE-2003-0446 (Cross-site scripting (XSS) in Internet Explorer 5.5 and 6.0, possibly ...)
	NOT-FOR-US: microsoft
CVE-2003-0445 (Buffer overflow in webfs before 1.17.1 allows remote attackers to ...)
	{DSA-328}
	- webfs 1.20
CVE-2003-0444 (Heap-based buffer overflow in GTKSee 0.5 and 0.5.1 allows remote ...)
	{DSA-337}
	- gtksee 0.5.6-1
CVE-2003-0443
	RESERVED
CVE-2003-0442 (Cross-site scripting (XSS) vulnerability in the transparent SID ...)
	{DSA-351}
	- php4 4:4.3.2+rc3-1
CVE-2003-0441 (Multiple buffer overflows in Orville Write (orville-write) 2.53 and ...)
	{DSA-326}
	- orville-write 2.54-1
CVE-2003-0440 (The (1) semi MIME library 1.14.5 and earlier, and (2) wemi 1.14.0 and ...)
	{DSA-339}
	- semi 1.14.5+20030609-1 (bug #223456)
	- wemi <removed>
CVE-2003-0439
	RESERVED
CVE-2003-0438 (eldav WebDAV client for Emacs, version 0.7.2 and earlier, allows local ...)
	{DSA-325}
	- eldav 0.7.2-1
CVE-2003-0437 (Buffer overflow in search.cgi for mnoGoSearch 3.2.10 allows remote ...)
	- mnogosearch 3.2.11
CVE-2003-0436 (Buffer overflow in search.cgi for mnoGoSearch 3.1.20 allows remote ...)
	- mnogosearch 3.2.11
CVE-2003-0435 (Buffer overflow in net_swapscore for typespeed 0.4.1 and earlier ...)
	{DSA-322}
	- typespeed 0.4.4
CVE-2003-0434 (Various PDF viewers including (1) Adobe Acrobat 5.06 and (2) Xpdf 1.01 ...)
	- kdegraphics <not-affected> (kdf does not seem to support hyperlinks; so not vulnerable)
	- gpdf <not-affected> (gpdf 2.8.0 does not seem to be vulnerable)
	- xpdf 2.02pl1-1
CVE-2003-0433 (Multiple buffer overflows in gnocatan 0.6.1 and earlier allow ...)
	{DSA-315}
	- gnocatan 0.8.0-1 (bug #328136)
	- pioneers <not-affected> (bug #328136)
CVE-2003-0432 (Ethereal 0.9.12 and earlier does not handle certain strings properly, ...)
	{DSA-324}
	- ethereal 0.9.13-1
CVE-2003-0431 (The tvb_get_nstringz0 function in Ethereal 0.9.12 and earlier does not ...)
	{DSA-324}
	- ethereal 0.9.13-1
CVE-2003-0430 (The SPNEGO dissector in Ethereal 0.9.12 and earlier allows remote ...)
	- ethereal 0.9.13-1
CVE-2003-0429 (The OSI dissector in Ethereal 0.9.12 and earlier allows remote ...)
	{DSA-324}
	- ethereal 0.9.13-1
CVE-2003-0428 (Unknown vulnerability in the DCERPC (DCE/RPC) dissector in Ethereal ...)
	{DSA-324}
	- ethereal 0.9.13-1
CVE-2003-0427 (Buffer overflow in mikmod 3.1.6 and earlier allows remote attackers to ...)
	{DSA-320}
	- mikmod 3.1.6-6
CVE-2003-0426 (The installation of Apple QuickTime / Darwin Streaming Server before ...)
	NOT-FOR-US: Apple
CVE-2003-0425 (Directory traversal vulnerability in Apple QuickTime / Darwin ...)
	NOT-FOR-US: Apple
CVE-2003-0424 (Apple QuickTime / Darwin Streaming Server before 4.1.3f allows remote ...)
	NOT-FOR-US: Apple
CVE-2003-0423 (parse_xml.cgi in Apple QuickTime / Darwin Streaming Server before ...)
	NOT-FOR-US: Apple
CVE-2003-0422 (Apple QuickTime / Darwin Streaming Server before 4.1.3f allows remote ...)
	NOT-FOR-US: Apple
CVE-2003-0421 (Apple QuickTime / Darwin Streaming Server before 4.1.3f allows remote ...)
	NOT-FOR-US: Apple
CVE-2003-0420 (Information leak in dsimportexport for Apple Macintosh OS X Server ...)
	NOT-FOR-US: Apple
CVE-2003-0419 (SMC Networks Barricade Wireless Cable/DSL Broadband Router SMC7004VWBR ...)
	NOT-FOR-US: SMC
CVE-2003-0418 (The Linux 2.0 kernel IP stack does not properly calculate the size of ...)
	- kernel-source-2.4.27 <not-affected> (Affects only Linux 2.0.x)
	- linux-2.6 <not-affected> (Affects only Linux 2.0.x)
CVE-2003-0417 (Directory traversal vulnerability in Son hServer 0.2 allows remote ...)
	NOT-FOR-US: Son hServer
CVE-2003-0416 (Cross-site scripting (XSS) vulnerability in index.cgi for Bandmin 1.4 ...)
	NOT-FOR-US: bandmin;
CVE-2003-0415 (Remote PC Access Server 2.2 allows remote attackers to cause a denial ...)
	NOT-FOR-US: Remote PC Access
CVE-2003-0414 (The installation of Sun ONE Application Server 7.0 for Windows 2000/XP ...)
	NOT-FOR-US: Sun ONE
CVE-2003-0413 (Cross-site scripting (XSS) vulnerability in the webapps-simple sample ...)
	NOT-FOR-US: Sun ONE
CVE-2003-0412 (Sun ONE Application Server 7.0 for Windows 2000/XP does not log the ...)
	NOT-FOR-US: Sun ONE
CVE-2003-0411 (Sun ONE Application Server 7.0 for Windows 2000/XP allows remote ...)
	NOT-FOR-US: Sun ONE
CVE-2003-0410 (Buffer overflow in AnalogX Proxy 4.13 allows remote attackers to ...)
	NOT-FOR-US: AnalogX proxy
CVE-2003-0409 (Buffer overflow in BRS WebWeaver 1.04 and earlier allows remote ...)
	NOT-FOR-US: BRS WebWeaver
CVE-2003-0408 (Buffer overflow in Uptime Client (UpClient) 5.0b7, and possibly other ...)
	NOT-FOR-US: Uptimes Project upclient;
CVE-2003-0407 (Buffer overflow in gbnserver for Gnome Batalla Naval 1.0.4 allows ...)
	- gbatnav 1.0.4-4
CVE-2003-0406 (PalmVNC 1.40 and earlier stores passwords in plaintext in the ...)
	NOT-FOR-US: PalmVNC
CVE-2003-0405 (Vignette StoryServer 5 and Vignette V/6 allows remote attackers to ...)
	NOT-FOR-US: Vignette
CVE-2003-0404 (Multiple Cross Site Scripting (XSS) vulnerabilities in Vignette ...)
	NOT-FOR-US: Vignette
CVE-2003-0403 (Vignette StoryServer 5 and Vignette V/5 allows remote attackers to ...)
	NOT-FOR-US: Vignette
CVE-2003-0402 (The default login template (/vgn/login) in Vignette StoryServer 5 and ...)
	NOT-FOR-US: Vignette
CVE-2003-0401 (Vignette StoryServer and Vignette V/5 allows remote attackers to ...)
	NOT-FOR-US: Vignette
CVE-2003-0400 (Vignette StoryServer and Vignette V/5 does not properly calculate the ...)
	NOT-FOR-US: Vignette / AIX
CVE-2003-0399 (Vignette StoryServer 4 and 5, Vignette V/5, and possibly other ...)
	NOT-FOR-US: Vignette StoryServer
CVE-2003-0398 (Vignette StoryServer 4 and 5, and Vignette V/5 and V/6, with the SSI ...)
	NOT-FOR-US: Vignette StoryServer
CVE-2003-0397 (Buffer overflow in FastTrack (FT) network code, as used in Kazaa 2.0.2 ...)
	NOT-FOR-US: FastTrack network code (Kazaa)
CVE-2003-0396 (Buffer overflow in les for ATM on Linux (linux-atm) before 2.4.1, if ...)
	- linux-atm 2.4.1
CVE-2003-0395 (Ultimate PHP Board (UPB) 1.9 allows remote attackers to execute ...)
	NOT-FOR-US: Ultimate PHP Board
CVE-2003-0394 (objects.inc.php4 in BLNews 2.1.3 allows remote attackers to execute ...)
	NOT-FOR-US: BLNews
CVE-2003-0393 (Privacyware Privatefirewall 3.0 does not block certain incoming ...)
	NOT-FOR-US: Privacyware Privatefirewall
CVE-2003-0392 (Directory traversal vulnerability in ST FTP Service 3.0 allows remote ...)
	NOT-FOR-US: ST FTP Service (DOS)
CVE-2003-0391 (Format string vulnerability in Magic WinMail Server 2.3, and possibly ...)
	NOT-FOR-US: Magic WinMail Server
CVE-2003-0390 (Multiple buffer overflows in Options Parsing Tool (OPT) shared library ...)
	- opt 3.19
CVE-2003-0389 (Cross-site scripting (XSS) vulnerability in the secure redirect ...)
	NOT-FOR-US: RSA ACE/Agent
CVE-2003-0388 (pam_wheel in Linux-PAM 0.78, with the trust option enabled and the ...)
	- pam <not-affected> (pam is not vulnerable at all in sarge, according to maintainer)
	NOTE: From the libc documentation:
	NOTE: "The user cannot do anything to fool these functions."
	NOTE: This means that this is not a bug in getlogin.
CVE-2003-0387
	RESERVED
CVE-2003-0386 (OpenSSH 3.6.1 and earlier, when restricting host access by numeric IP ...)
	- openssh 1:3.8p1-1
CVE-2003-0385 (Buffer overflow in xaos 3.0-23 and earlier, when running setuid, ...)
	{DSA-310}
	- xaos 3.1r-4
CVE-2003-0384
	RESERVED
CVE-2003-0382 (Buffer overflow in Eterm 0.9.2 allows local users to gain privileges ...)
	{DSA-309}
	- eterm 0.9.2-1
CVE-2003-0381 (Multiple vulnerabilities in noweb 2.9 and earlier creates temporary ...)
	{DSA-323}
	- noweb 2.10c-3.1 (bug #271146)
CVE-2003-0380 (Buffer overflow in atftp daemon (atftpd) 0.6.1 and earlier, and ...)
	{DSA-314}
	- atftp 0.6.2
CVE-2003-0379 (Unknown vulnerability in Apple File Service (AFP Server) for Mac OS X ...)
	NOT-FOR-US: MaxOS
CVE-2003-0378 (The Kerberos login authentication feature in Mac OS X, when used with ...)
	NOT-FOR-US: MaxOS
CVE-2003-0377 (SQL injection vulnerability in the web-based administration interface ...)
	NOT-FOR-US: iisPROTECT
CVE-2003-0376 (Buffer overflow in Eudora 5.2.1 allows remote attackers to cause a ...)
	NOT-FOR-US: Eudora
CVE-2003-0375 (Cross-site scripting (XSS) vulnerability in member.php of XMBforum XMB ...)
	NOT-FOR-US: XMBforum aka Partagium)
CVE-2003-0374 (Multiple unknown vulnerabilities in Nessus before 2.0.6, in libnessus ...)
	- nessus-core 2.0.6
CVE-2003-0373 (Multiple buffer overflows in libnasl in Nessus before 2.0.6 allow ...)
	- nessus-core 2.0.6
CVE-2003-0372 (Signed integer vulnerability in libnasl in Nessus before 2.0.6 allows ...)
	- nessus-core 2.0.6
CVE-2003-0371 (Buffer overflow in Prishtina FTP client 1.x allows remote FTP servers ...)
	NOT-FOR-US: Prishtina FTP client
CVE-2003-0370 (Konqueror Embedded and KDE 2.2.2 and earlier does not validate the ...)
	{DSA-361}
	- kdelibs 4:3.1.3-1
CVE-2003-0369
	RESERVED
CVE-2003-0368 (Nokia Gateway GPRS support node (GGSN) allows remote attackers to ...)
	NOT-FOR-US: Nokia Gateway GPRS
CVE-2003-0367 (znew in the gzip package allows local users to overwrite arbitrary ...)
	{DSA-308}
	- gzip 1.3.5-6
CVE-2003-0366 (lyskom-server 2.0.7 and earlier allows unauthenticated users to cause ...)
	{DSA-318}
	- lyskom-server 2.0.7-2
CVE-2003-0365 (ICQLite 2003a creates the ICQ Lite directory with an ACE for &quot;Full ...)
	NOT-FOR-US: ICQLite
CVE-2003-0364 (The TCP/IP fragment reassembly handling in the Linux kernel 2.4 allows ...)
	{DSA-442 DSA-336 DSA-332 DSA-311}
	- kernel-source-2.4.27 <not-affected> (Fixed before initial upload; 2.4.21-rc6)
CVE-2003-0363 (Format string vulnerability in LICQ 1.2.6, 1.0.3 and possibly other ...)
	- licq 1.2-7-1
CVE-2003-0362 (Buffer overflow in gPS before 0.10.2 may allow local users to cause a ...)
	{DSA-307}
	- gps 1.1.0-1
CVE-2003-0361 (gPS before 1.1.0 does not properly follow the rgpsp connection source ...)
	{DSA-307}
	- gps 1.1.0-1
CVE-2003-0360 (Multiple buffer overflows in gPS before 1.0.0 allow attackers to cause ...)
	{DSA-307}
	- gps 1.1.0-1
CVE-2003-0359 (nethack 3.4.0 and earlier installs certain setgid binaries with ...)
	{DSA-316}
	- nethack 3.4.1-1
	- jnethack 1.1.5-15
	- slashem 0.0.6E4F8-6
CVE-2003-0358 (Buffer overflow in (1) nethack 3.4.0 and earlier, and (2) falconseye ...)
	{DSA-350 DSA-316}
	- falconseye 1.9.3-9
	- nethack 3.4.1-1
	- slashem 0.0.6E4F8-6
	- jnethack 1.1.5-15
CVE-2003-0357 (Multiple integer overflow vulnerabilities in Ethereal 0.9.11 and ...)
	{DSA-313}
	- ethereal 0.9.12-1
CVE-2003-0356 (Multiple off-by-one vulnerabilities in Ethereal 0.9.11 and earlier ...)
	{DSA-313}
	- ethereal 0.9.12-1
CVE-2003-0355 (Safari 1.0 Beta 2 (v73) and earlier does not validate the Common Name ...)
	NOT-FOR-US: Safari
CVE-2003-0354 (Unknown vulnerability in GNU Ghostscript before 7.07 allows attackers ...)
	- gs-gpl 7.07
CVE-2003-0353 (Buffer overflow in a component of SQL-DMO for Microsoft Data Access ...)
	NOT-FOR-US: Microsoft
CVE-2003-0352 (Buffer overflow in a certain DCOM interface for RPC in Microsoft ...)
	NOT-FOR-US: Microsoft
CVE-2003-0351
	REJECTED
CVE-2003-0350 (The control for listing accessibility options in the Accessibility ...)
	NOT-FOR-US: Microsoft
CVE-2003-0349 (Buffer overflow in the streaming media component for logging multicast ...)
	NOT-FOR-US: Microsoft
CVE-2003-0348 (A certain Microsoft Windows Media Player 9 Series ActiveX control ...)
	NOT-FOR-US: Microsoft
CVE-2003-0347 (Heap-based buffer overflow in VBE.DLL and VBE6.DLL of Microsoft Visual ...)
	NOT-FOR-US: Microsoft
CVE-2003-0346 (Multiple integer overflows in a Microsoft Windows DirectX MIDI library ...)
	NOT-FOR-US: Microsoft
CVE-2003-0345 (Buffer overflow in the SMB capability for Microsoft Windows XP, 2000, ...)
	NOT-FOR-US: Microsoft
CVE-2003-0344 (Buffer overflow in Microsoft Internet Explorer 5.01, 5.5, and 6.0 ...)
	NOT-FOR-US: Microsoft
CVE-2003-0343 (BlackMoon FTP Server 2.6 Free Edition, and possibly other ...)
	NOT-FOR-US: BlackMoon FTP Server
CVE-2003-0342 (BlackMoon FTP Server 2.6 Free Edition, and possibly other ...)
	NOT-FOR-US: BlackMoon FTP Server
CVE-2003-0341 (Cross-site scripting (XSS) vulnerability in Owl Intranet Engine 0.71 ...)
	NOT-FOR-US: Owl Intranet Engine
CVE-2003-0340 (Demarc Puresecure 1.6 stores authentication information for the ...)
	NOT-FOR-US: Puresecure
CVE-2003-0339 (Multiple heap-based buffer overflows in WsMp3 daemon (WsMp3d) 0.0.10 ...)
	NOT-FOR-US: WsMp3
CVE-2003-0338 (Directory traversal vulnerability in WsMp3 daemon (WsMp3d) 0.0.10 and ...)
	NOT-FOR-US: WsMp3
CVE-2003-0337 (The ckconfig command in lsadmin for Load Sharing Facility (LSF) 5.1 ...)
	NOT-FOR-US: lsadmin
CVE-2003-0336 (Qualcomm Eudora 5.2.1 allows remote attackers to read arbitrary files ...)
	NOT-FOR-US: Eudora
CVE-2003-0335 (rc.M in Slackware 9.0 calls quotacheck with the -M option, which ...)
	NOT-FOR-US: Slaskware specific
CVE-2003-0334 (BitchX IRC client 1.0c20cvs and earlier allows attackers to cause a ...)
	- ircii-pana 1:1.0-0c19.20030512-1
CVE-2003-0333 (Multiple buffer overflows in kermit in HP-UX 10.20 and 11.00 (C-Kermit ...)
	NOT-FOR-US: C-Kermit on HP-UX
CVE-2003-0332 (The ISAPI extension in BadBlue 1.7 through 2.2, and possibly earlier ...)
	NOT-FOR-US: BadBlue
CVE-2003-0331 (SQL injection vulnerability in ttForum allows remote attackers to ...)
	NOT-FOR-US: ttForum
CVE-2003-0330 (Buffer overflow in unknown versions of Maelstrom allows local users to ...)
	- maelstrom <not-affected> (Melstrom in Sarge tests not vulnerable to exploit. Unsure when fixed.)
CVE-2003-0329 (CesarFTP 0.99g stores user names and passwords in plaintext in the ...)
	NOT-FOR-US: CesarFTP
CVE-2003-0328 (EPIC IRC Client (EPIC4) pre2.002, pre2.003, and possibly later ...)
	{DSA-399 DSA-306}
	- epic4 1:1.1.11.20030409-2
	- ircii-pana 1:1.0-0c19-8
CVE-2003-0327 (Sybase Adaptive Server Enterprise (ASE) 12.5 allows remote attackers ...)
	NOT-FOR-US: Sybase Adaptive Server Enterprise
CVE-2003-0326 (Integer overflow in parse_decode_path() of slocate may allow attackers ...)
	- slocate <not-affected> (Only an issue if kernel has been recompiled to allow 512 MB of command line arguments)
	NOTE: Even if exploited, you get only slocate gid.
CVE-2003-0325 (Buffer overflow in Maelstrom 3.0.6, 3.0.5, and earlier allows local ...)
	- maelstrom <not-affected> (Melstrom in Sarge tests not vulnerable to exploit. Unsure when fixed.)
CVE-2003-0324 (Buffer overflows in EPIC IRC Client (EPIC4) 1.0.1 allows remote ...)
	{DSA-287}
	- epic4 1:1.1.11.20030409-1
	- epic 3.004-19
CVE-2003-0323 (Multiple buffer overflows in ircII 20020912 allows remote malicious ...)
	{DSA-298 DSA-291}
	- epic4 1:1.1.11.20030409-1
	- ircii 20030315-1
CVE-2003-0322 (Integer overflow in BitchX IRC client 1.0-0c19 and earlier allows ...)
	{DSA-306}
	- ircii-pana 1:1.0-0c19-8
CVE-2003-0321 (Multiple buffer overflows in BitchX IRC client 1.0-0c19 and earlier ...)
	{DSA-306}
	- ircii-pana 1:1.0-0c19-8
CVE-2003-0320 (header.php in ttCMS 2.3 and earlier allows remote attackers to inject ...)
	NOT-FOR-US: ttCMS
CVE-2003-0319 (Buffer overflow in the IMAP server (IMAPMax) for SmartMax MailMax ...)
	NOT-FOR-US: SmartMax MailMax
CVE-2003-0318 (Cross-site scripting (XSS) vulnerability in the Statistics module for ...)
	NOT-FOR-US: PHP-Nuke
CVE-2003-0317 (iisPROTECT 2.1 and 2.2 allows remote attackers to bypass ...)
	NOT-FOR-US: iisPROTECT
CVE-2003-0316 (Venturi Client before 2.2, as used in certain Fourelle and Venturi ...)
	NOT-FOR-US: Venturi Client
CVE-2003-0315 (Snowblind Web Server 1.0 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Snowblind Web Server
CVE-2003-0314 (Snowblind Web Server 1.0 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Snowblind Web Server
CVE-2003-0313 (Directory traversal vulnerability in Snowblind Web Server 1.0 allows ...)
	NOT-FOR-US: Snowblind Web Server
CVE-2003-0312 (Directory traversal vulnerability in Snowblind Web Server 1.0 allows ...)
	NOT-FOR-US: Snowblind Web Server
CVE-2003-0311
	RESERVED
CVE-2003-0310 (Cross-site scripting (XSS) vulnerability in articleview.php for eZ ...)
	- ezpublish 2.2.8-1
CVE-2003-0309 (Internet Explorer 5.01, 5.5, and 6.0 allows remote attackers to bypass ...)
	NOT-FOR-US: MSIE
CVE-2003-0308 (The Sendmail 8.12.3 package in Debian GNU/Linux 3.0 does not securely ...)
	{DSA-305}
	- sendmail 8.12.9-2
CVE-2003-0307 (Poster version.two allows remote authenticated users to gain ...)
	NOT-FOR-US: Poster version.two
CVE-2003-0306 (Buffer overflow in EXPLORER.EXE on Windows XP allows attackers to ...)
	NOT-FOR-US: Windows
CVE-2003-0305 (The Service Assurance Agent (SAA) in Cisco IOS 12.0 through 12.2, aka ...)
	NOT-FOR-US: Cisco
CVE-2003-0304 (one||zero (aka One or Zero) Helpdesk 1.4 rc4 allows remote attackers ...)
	NOT-FOR-US: one||zero (aka One or Zero) Helpdesk
CVE-2003-0303 (SQL injection vulnerability in one||zero (aka One or Zero) Helpdesk ...)
	NOT-FOR-US: one||zero (aka One or Zero) Helpdesk
CVE-2003-0302 (The IMAP Client for Eudora 5.2.1 allows remote malicious IMAP servers ...)
	NOT-FOR-US: Eudora
CVE-2003-0301 (The IMAP Client for Outlook Express 6.00.2800.1106 allows remote ...)
	NOT-FOR-US: Microsort
CVE-2003-0300 (The IMAP Client for Sylpheed 0.8.11 allows remote malicious IMAP ...)
	NOT-FOR-US: Historic Sylpheed issues, only a crasher anyway
CVE-2003-0299 (The IMAP Client, as used in mutt 1.4.1 and Balsa 2.0.10, allows remote ...)
	NOT-FOR-US: Historic mutt and Balsa issues, only a crasher anyway
CVE-2003-0298 (The IMAP Client for Mozilla 1.3 and 1.4a allows remote malicious IMAP ...)
	- mozilla 2:1.5-1
	NOTE: May have been fixed in an earlier version.  Not clear how
	NOTE: Mozilla's a/b versions map to the Debian version.
CVE-2003-0297 (c-client IMAP Client, as used in imap-2002b and Pine 4.53, allows ...)
	- uw-imap 7:2002c
	- pine 4.62-1
	- alpine <not-affected> (this was fixed in pine before alpine was released to the public)
	NOTE: pine maybe fixed in earlier uploads, 4.62-1 is the sarge version and not vulnerable
CVE-2003-0296 (The IMAP Client for Evolution 1.2.4 allows remote malicious IMAP ...)
	- evolution 1.3.2
CVE-2003-0295 (Cross-site scripting (XSS) vulnerability in private.php for vBulletin ...)
	NOT-FOR-US: vBulletin
CVE-2003-0294 (autohtml.php in php-proxima 6.0 and earlier allows remote attackers to ...)
	NOT-FOR-US: php-proxima
CVE-2003-0293 (PalmOS allows remote attackers to cause a denial of service (CPU ...)
	NOT-FOR-US: PalmOS
CVE-2003-0292 (Cross-site scripting (XSS) vulnerability in Inktomi Traffic-Server ...)
	NOT-FOR-US: Inktomi
CVE-2003-0291 (3com OfficeConnect Remote 812 ADSL Router 1.1.7 does not properly ...)
	NOT-FOR-US: 3com OfficeConnect Remote 812 ADSL Router
CVE-2003-0290 (Memory leak in eServ 2.9x allows remote attackers to cause a denial of ...)
	NOT-FOR-US: eServ
CVE-2003-0289 (Format string vulnerability in scsiopen.c of the cdrecord program in ...)
	- cdrtools 4:2.0+a14-1
CVE-2003-0288 (Buffer overflow in the file &amp; folder transfer mechanism for IP ...)
	NOT-FOR-US: IP Messenger for Win
CVE-2003-0287 (Cross-site scripting (XSS) vulnerability in Movable Type before 2.6, ...)
	NOT-FOR-US: Movable Type
CVE-2003-0286 (SQL injection vulnerability in Snitz Forums 2000 before 3.3.03 and ...)
	NOT-FOR-US: Snitz Forums
CVE-2003-0285 (IBM AIX 5.2 and earlier distributes Sendmail with a configuration file ...)
	NOT-FOR-US: bad sendmail config on AIX
CVE-2003-0284 (Adobe Acrobat 5 does not properly validate JavaScript in PDF files, ...)
	NOT-FOR-US: Adobe Acrobat
CVE-2003-0283 (Cross-site scripting (XSS) vulnerability in Phorum before 3.4.3 allows ...)
	NOT-FOR-US: Phorum
CVE-2003-0282 (Directory traversal vulnerability in UnZip 5.50 allows attackers to ...)
	{DSA-344}
	- unzip 5.50-3
CVE-2003-0281 (Buffer overflow in Firebird 1.0.2 and other versions before 1.5, and ...)
	- firebird2 1.5.1-1 (bug #251458)
CVE-2003-0280 (Multiple buffer overflows in the SMTP Service for ESMTP CMailServer ...)
	NOT-FOR-US: SMTP Service for ESMTP CMailServer
CVE-2003-0279 (Multiple SQL injection vulnerabilities in the Web_Links module for ...)
	NOT-FOR-US: PHP-Nuke
CVE-2003-0278 (Cross-site scripting (XSS) vulnerability in normal_html.cgi in ...)
	NOT-FOR-US: HappyMail
CVE-2003-0277 (Directory traversal vulnerability in normal_html.cgi in Happycgi.com ...)
	NOT-FOR-US: HappyMail
CVE-2003-0276 (Buffer overflow in Pi3Web 2.0.1 allows remote attackers to cause a ...)
	NOT-FOR-US: Pi3Web
CVE-2003-0275 (SSI.php in YaBB SE 1.5.2 allows remote attackers to execute arbitrary ...)
	NOT-FOR-US: YaBB SE
CVE-2003-0274 (Buffer overflow in catmail for ListProc 8.2.09 and earlier allows ...)
	NOT-FOR-US: ListProc
CVE-2003-0273 (Cross-site scripting (XSS) vulnerability in the web interface for ...)
	- request-tracker3.4 <not-affected> (Affects older versions of Request Tracker not in Debian)
CVE-2003-0272 (admin.php in miniPortail allows remote attackers to gain ...)
	NOT-FOR-US: miniPortail
CVE-2003-0271 (Buffer overflow in Personal FTP Server allows remote attackers to ...)
	NOT-FOR-US: Personal FTP Server
CVE-2003-0270 (The administration capability for Apple AirPort 802.11 wireless access ...)
	NOT-FOR-US: Apple Airport
CVE-2003-0269 (Buffer overflow in youbin allows local users to gain privileges via a ...)
	NOT-FOR-US: youbin
CVE-2003-0268 (SLWebMail 3 on Windows systems allows remote attackers to identify the ...)
	NOT-FOR-US: SLWebMail on Windows
CVE-2003-0267 (ShowGodLog.dll in SLWebMail 3 on Windows systems allows remote ...)
	NOT-FOR-US: SLWebMail on Windows
CVE-2003-0266 (Multiple buffer overflows in SLWebMail 3 on Windows systems allows ...)
	NOT-FOR-US: SLWebMail on Windows
CVE-2003-0265 (Race condition in SDBINST for SAP database 7.3.0.29 creates critical ...)
	NOT-FOR-US: SDBINST for SAP database
CVE-2003-0264 (Multiple buffer overflows in SLMail 5.1.0.4420 allows remote attackers ...)
	NOT-FOR-US: SLMail
CVE-2003-0263 (Multiple buffer overflows in Floosietek FTGate Pro Mail Server ...)
	NOT-FOR-US: FTGatePro
CVE-2003-0262 (leksbot 1.2.3 in Debian GNU/Linux installs the KATAXWR as setuid root, ...)
	{DSA-299}
	- leksbot 1.2-5 (bug #186421)
CVE-2003-0261 (fuzz 0.6 and earlier creates temporary files insecurely, which could ...)
	{DSA-302}
	- fuzz 0.6-7.1
CVE-2003-0260 (Cisco VPN 3000 series concentrators and Cisco VPN 3002 Hardware Client ...)
	NOT-FOR-US: Cisco
CVE-2003-0259 (Cisco VPN 3000 series concentrators and Cisco VPN 3002 Hardware Client ...)
	NOT-FOR-US: Cisco
CVE-2003-0258 (Cisco VPN 3000 series concentrators and Cisco VPN 3002 Hardware Client ...)
	NOT-FOR-US: Cisco
CVE-2003-0257 (Format string vulnerability in the printer capability for IBM AIX .3, ...)
	NOT-FOR-US: AIX
CVE-2003-0256 (The GnuPG plugin in kopete before 0.6.2 does not properly cleanse the ...)
	- kdenetwork 3.2.0
CVE-2003-0255 (The key validation code in GnuPG before 1.2.2 does not properly ...)
	- gnupg 1.2.2
CVE-2003-0254 (Apache 2 before 2.0.47, when running on an IPv6 host, allows attackers ...)
	- apache2 2.0.47
CVE-2003-0253 (The prefork MPM in Apache 2 before 2.0.47 does not properly handle ...)
	- apache2 2.0.47
CVE-2003-0252 (Off-by-one error in the xlog function of mountd in the Linux NFS utils ...)
	{DSA-349}
	- nfs-utils 1:1.0.3-2
CVE-2003-0251 (ypserv NIS server before 2.7 allows remote attackers to cause a denial ...)
	NOTE: actually, we need ypserv 2.7, nis 3.11 has ypserv 2.13
	- nis 3.11
CVE-2003-0250
	RESERVED
CVE-2003-0249 (** DISPUTED ** ...)
	NOTE: unimportant (php)
CVE-2003-0248 (The mxcsr code in Linux kernel 2.4 allows attackers to modify CPU ...)
	{DSA-442 DSA-336 DSA-332 DSA-312 DSA-311}
	- kernel-source-2.4.27 <not-affected> (Fixed before initial upload; 2.4.22-pre10)
	- linux-2.6 <not-affected>
CVE-2003-0247 (Unknown vulnerability in the TTY layer of the Linux kernel 2.4 allows ...)
	{DSA-442 DSA-336 DSA-332 DSA-312 DSA-311}
	- kernel-source-2.4.27 <not-affected> (Fixed before initial upload; 2.4.21-rc4)
	- linux-2.6 <not-affected>
CVE-2003-0246 (The ioperm system call in Linux kernel 2.4.20 and earlier does not ...)
	{DSA-442 DSA-336 DSA-332 DSA-312 DSA-311}
	- kernel-source-2.4.27 <not-affected> (Fixed before initial upload; 2.4.21-rc4)
	- linux-2.6 <not-affected>
CVE-2003-0245 (Vulnerability in the apr_psprintf function in the Apache Portable ...)
	- apache2 2.0.46
CVE-2003-0244 (The route cache implementation in Linux 2.4, and the Netfilter IP ...)
	{DSA-442 DSA-336 DSA-332 DSA-312 DSA-311}
	- kernel-source-2.4.27 <not-affected> (Fixed before initial upload; 2.4.21-rc2)
	- linux-2.6 <not-affected>
CVE-2003-0243 (Happycgi.com Happymall 4.3 and 4.4 allows remote attackers to execute ...)
	NOT-FOR-US: Happycgi.com Happymall
CVE-2003-0242 (IPSec in Mac OS X before 10.2.6 does not properly handle certain ...)
	NOT-FOR-US: MacOS
CVE-2003-0241 (FrontRange GoldMine mail agent 5.70 and 6.00 before 30503 directly ...)
	NOT-FOR-US: FrontRange GoldMine / win
CVE-2003-0240 (The web-based administration capability for various Axis Network ...)
	NOT-FOR-US: Axis Network Camera
CVE-2003-0239 (icqateimg32.dll parsing/rendering library in Mirabilis ICQ Pro 2003a ...)
	NOT-FOR-US: Mirabilis ICQ / windows
CVE-2003-0238 (The Message Session window in Mirabilis ICQ Pro 2003a allows remote ...)
	NOT-FOR-US: Mirabilis ICQ / windows
CVE-2003-0237 (The &quot;ICQ Features on Demand&quot; functionality for Mirabilis ICQ Pro 2003a ...)
	NOT-FOR-US: Mirabilis ICQ / windows
CVE-2003-0236 (Integer signedness errors in the POP3 client for Mirabilis ICQ Pro ...)
	NOT-FOR-US: Mirabilis ICQ / windows
CVE-2003-0235 (Format string vulnerability in POP3 client for Mirabilis ICQ Pro 2003a ...)
	NOT-FOR-US: Mirabilis ICQ / windows
CVE-2003-0234
	RESERVED
CVE-2003-0233 (Heap-based buffer overflow in plugin.ocx for Internet Explorer 5.01, ...)
	NOT-FOR-US: microsoft
CVE-2003-0232 (Microsoft SQL Server 7, 2000, and MSDE allows local users to execute ...)
	NOT-FOR-US: microsoft
CVE-2003-0231 (Microsoft SQL Server 7, 2000, and MSDE allows local or remote ...)
	NOT-FOR-US: microsoft
CVE-2003-0230 (Microsoft SQL Server 7, 2000, and MSDE allows local users to gain ...)
	NOT-FOR-US: microsoft
CVE-2003-0229
	RESERVED
CVE-2003-0228 (Directory traversal vulnerability in Microsoft Windows Media Player ...)
	NOT-FOR-US: microsoft
CVE-2003-0227 (The logging capability for unicast and multicast transmissions in the ...)
	NOT-FOR-US: microsoft
CVE-2003-0226 (Microsoft Internet Information Services (IIS) 5.0 and 5.1 allows ...)
	NOT-FOR-US: microsoft
CVE-2003-0225 (The ASP function Response.AddHeader in Microsoft Internet Information ...)
	NOT-FOR-US: microsoft
CVE-2003-0224 (Buffer overflow in ssinc.dll for Microsoft Internet Information ...)
	NOT-FOR-US: microsoft
CVE-2003-0223 (Cross-site scripting vulnerability (XSS) in the ASP function ...)
	NOT-FOR-US: microsoft
CVE-2003-0222 (Stack-based buffer overflow in Oracle Net Services for Oracle Database ...)
	NOT-FOR-US: oracle
CVE-2003-0221 (The (1) dupatch and (2) setld utilities in HP Tru64 UNIX 5.1B PK1 and ...)
	NOT-FOR-US: HP tru64
CVE-2003-0220 (Buffer overflow in the administrator authentication process for Kerio ...)
	NOT-FOR-US: Kerio Personal Firewall
CVE-2003-0219 (Kerio Personal Firewall (KPF) 2.1.4 and earlier allows remote ...)
	NOT-FOR-US: Kerio Personal Firewall
CVE-2003-0218 (Buffer overflow in PostMethod() function for Monkey HTTP Daemon ...)
	NOT-FOR-US: Monkey http daemon; not in debian
CVE-2003-0217 (Cross-site scripting (XSS) vulnerability in Neoteris Instant Virtual ...)
	NOT-FOR-US: Neoteris Instant Virtual Extranet
CVE-2003-0216 (Unknown vulnerability in Cisco Catalyst 7.5(1) allows local users to ...)
	NOT-FOR-US: cisco
CVE-2003-0215 (SQL injection vulnerability in bttlxeForum 2.0 beta 3 and earlier ...)
	NOT-FOR-US: bttlxeForum / win
CVE-2003-0214 (run-mailcap in mime-support 3.22 and earlier allows local users to ...)
	{DSA-292}
	- mime-support 3.23-1
CVE-2003-0213 (ctrlpacket.c in PoPToP PPTP server before 1.1.4-b3 allows remote ...)
	{DSA-295}
	- pptpd 1.1.4-0.b3.2
CVE-2003-0212 (handleAccept in rinetd before 0.62 does not properly resize the ...)
	{DSA-289}
	- rinetd 0.61-2
CVE-2003-0211 (Memory leak in xinetd 2.3.10 allows remote attackers to cause a denial ...)
	- xinetd 1:2.3.11
CVE-2003-0210 (Buffer overflow in the administration service (CSAdmin) for Cisco ...)
	NOT-FOR-US: cisco
CVE-2003-0209 (Integer overflow in the TCP stream reassembly module (stream4) for ...)
	{DSA-297}
	- snort 2.0.0-1
CVE-2003-0208 (Cross-site scripting (XSS) vulnerability in Macromedia Flash ad user ...)
	NOT-FOR-US: macromedia flash
CVE-2003-0207 (ps2epsi creates insecure temporary files when calling ghostscript, ...)
	{DSA-286}
	- gs-common 0.3.3.1
CVE-2003-0206 (gkrellm-newsticker gkrellm plugin before 0.3-3.1 allows remote ...)
	{DSA-294}
	- gkrellm-newsticker <removed>
CVE-2003-0205 (gkrellm-newsticker gkrellm plugin before 0.3-3.1 allows remote ...)
	{DSA-294}
	- gkrellm-newsticker <removed>
CVE-2003-0204 (KDE 2 and KDE 3.1.1 and earlier 3.x versions allows attackers to ...)
	{DSA-296 DSA-293 DSA-284}
	- kdebase 4:3.1.0-1
	- kdebase 4:3.1.0-1
	- kdegraphics 4:3.1.0-1
CVE-2003-0203 (Buffer overflow in moxftp 2.2 and earlier allows remote malicious FTP ...)
	{DSA-281}
	- moxftp 2.2-18.20
CVE-2003-0202 (The (1) halstead and (2) gather_stats scripts in metrics 1.0 allow ...)
	{DSA-279}
	- metrics <removed>
CVE-2003-0201 (Buffer overflow in the call_trans2open function in trans2.c for Samba ...)
	{DSA-280}
	- samba 3.0
CVE-2003-0200
	RESERVED
CVE-2003-0199
	RESERVED
CVE-2003-0198 (Mac OS X before 10.2.5 allows guest users to modify the permissions of ...)
	NOT-FOR-US: MacOS
CVE-2003-0197 (Buffer overflow gds_lock_mgr of Interbase Database 6.x allows local ...)
	NOT-FOR-US: Interbase Database
CVE-2003-0196 (Multiple buffer overflows in Samba before 2.2.8a may allow remote ...)
	{DSA-280}
	- samba 3.0
CVE-2003-0195 (CUPS before 1.1.19 allows remote attackers to cause a denial of ...)
	{DSA-317}
	- cups 1.1.19final-1
	- cupsys 1.1.19final-1
CVE-2003-0194 (tcpdump does not properly drop privileges to the pcap user when ...)
	- tcpdump <not-affected> (Apparently a Red Hat specific compilation packaging flaw)
CVE-2003-0193 (msxlsview.sh in xlsview for catdoc 0.91 and earlier allows local users ...)
	{DSA-575-1}
	- catdoc 0.91.5-2
CVE-2003-0192 (Apache 2 before 2.0.47, and certain versions of mod_ssl for Apache ...)
	- apache2 2.0.47
CVE-2003-0190 (OpenSSH-portable (OpenSSH) 3.6.1p1 and earlier with PAM support ...)
	- openssh 1:3.8.1p1-8.sarge.4 (bug #196413)
CVE-2003-0189 (The authentication module for Apache 2.0.40 through 2.0.45 on Unix ...)
	- apache2 2.0.46
CVE-2003-0188 (lv reads a .lv file from the current working directory, which allows ...)
	{DSA-304}
	- lv 4.49.5-2
CVE-2003-0187 (The connection tracking core of Netfilter for Linux 2.4.20, with ...)
	- kernel-source-2.4.27 <not-affected> (Fixed before upload into archive; 2.4.21)
CVE-2003-0186
	RESERVED
CVE-2003-0185
	RESERVED
CVE-2003-0184
	RESERVED
CVE-2003-0183
	RESERVED
CVE-2003-0182
	RESERVED
CVE-2003-0181 (Lotus Domino Web Server (nhttp.exe) before 6.0.1 allows remote ...)
	NOT-FOR-US: Lotus Domino Web Server
CVE-2003-0180 (Lotus Domino Web Server (nhttp.exe) before 6.0.1 allows remote ...)
	NOT-FOR-US: Lotus Domino Web Server
CVE-2003-0179 (Buffer overflow in the COM Object Control Handler for Lotus Domino ...)
	NOT-FOR-US: Lotus Domino Web Server
CVE-2003-0178 (Multiple buffer overflows in Lotus Domino Web Server before 6.0.1 ...)
	NOT-FOR-US: Lotus Domino Web Server
CVE-2003-0177 (SGI IRIX 6.5.x through 6.5.20f, and possibly earlier versions, does ...)
	NOT-FOR-US: IRIX
CVE-2003-0176 (The Name Service Daemon (nsd), when running on an NIS master on SGI ...)
	NOT-FOR-US: IRIX
CVE-2003-0175 (SGI IRIX before 6.5.21 allows local users to cause a denial of service ...)
	NOT-FOR-US: IRIX
CVE-2003-0174 (The LDAP name service (nsd) in IRIX 6.5.19 and earlier does not ...)
	NOT-FOR-US: IRIX
CVE-2003-0173 (xfsdq in xfsdump does not create quota information files securely, ...)
	{DSA-283}
	- xfsdump 2.2.8-1
CVE-2003-0172 (Buffer overflow in openlog function for PHP 4.3.1 on Windows operating ...)
	- php4 <not-affected> (Non-issue; see http://marc.theaimsgroup.com/?l=bugtraq&m=104931415307111&w=2)
CVE-2003-0171 (DirectoryServices in MacOS X trusts the PATH environment variable to ...)
	NOT-FOR-US: MacOS
CVE-2003-0170 (Unknown vulnerability in ftpd in IBM AIX 5.2, when configured to use ...)
	NOT-FOR-US: AIX
CVE-2003-0169 (hpnst.exe in the GoAhead-Webs webserver for HP Instant TopTools before ...)
	NOT-FOR-US: HP Instant TopTools
CVE-2003-0168 (Buffer overflow in Apple QuickTime Player 5.x and 6.0 for Windows ...)
	NOT-FOR-US: Apple QuickTime Player
CVE-2003-0167 (Multiple off-by-one buffer overflows in the IMAP capability for Mutt ...)
	{DSA-300 DSA-274}
	- balsa 2.0.10
	- mutt 1.4.0
CVE-2003-0166 (Integer signedness error in emalloc() function for PHP before 4.3.2 ...)
	- php4 <not-affected> (Non-issue; see http://marc.theaimsgroup.com/?l=bugtraq&m=104931415307111&w=2)
CVE-2003-0165 (Format string vulnerability in Eye Of Gnome (EOG) allows attackers to ...)
	- eog 2.2.1
CVE-2003-0164
	RESERVED
CVE-2003-0163 (decrypt_msg for the Gaim-Encryption GAIM plugin 1.15 and earlier does ...)
	- gaim-encryption <not-affected> (fixed before first upload; 1.16)
CVE-2003-0162 (Ecartis 1.0.0 (formerly listar) before snapshot 20030227 allows remote ...)
	{DSA-271}
	- ecartis 1.0.0+cvs.20030321-1
CVE-2003-0161 (The prescan() function in the address parser (parseaddr.c) in Sendmail ...)
	{DSA-290 DSA-278}
	- sendmail-wide 8.12.9+3.5Wbeta-1
	- sendmail 8.12.9-1
CVE-2003-0160 (Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail ...)
	- squirrelmail 1:1.2.11
CVE-2003-0159 (Heap-based buffer overflow in the NTLMSSP code for Ethereal 0.9.9 and ...)
	- ethereal 0.9.10
CVE-2003-0158
	REJECTED
CVE-2003-0157
	REJECTED
CVE-2003-0156 (Directory traversal vulnerability in Cross-Referencing Linux (LXR) ...)
	{DSA-264}
	- lxr 0.3-4
CVE-2003-0155 (bonsai Mozilla CVS query tool allows remote attackers to gain access ...)
	{DSA-265}
	- bonsai 1.3+cvs20030317-1
CVE-2003-0154 (Cross-site scripting vulnerabilities (XSS) in bonsai Mozilla CVS query ...)
	{DSA-265}
	- bonsai 1.3+cvs20030317-1
CVE-2003-0153 (bonsai Mozilla CVS query tool leaks the absolute pathname of the tool ...)
	{DSA-265}
	- bonsai 1.3+cvs20030317-1
CVE-2003-0152 (Unknown vulnerability in bonsai Mozilla CVS query tool allows remote ...)
	{DSA-265}
	- bonsai 1.3+cvs20030317-1
CVE-2003-0151 (BEA WebLogic Server and Express 6.0 through 7.0 does not properly ...)
	NOT-FOR-US: BEA WebLogic Server
CVE-2003-0150 (MySQL 3.23.55 and earlier creates world-writeable files and allows ...)
	NOT-FOR-US: Historic MySQL issue
CVE-2003-0149 (Heap-based buffer overflow in ePO agent for McAfee ePolicy ...)
	NOT-FOR-US: McAfee ePolicy Orchestrator
CVE-2003-0148 (The default installation of MSDE via McAfee ePolicy Orchestrator 2.0 ...)
	NOT-FOR-US: McAfee ePolicy Orchestrator
CVE-2003-0147 (OpenSSL does not use RSA blinding by default, which allows local and ...)
	{DSA-288}
	- openssl 0.9.7b-1
	- openssl096 0.9.6j-1
CVE-2003-0146 (Multiple vulnerabilities in NetPBM 9.20 and earlier, and possibly ...)
	{DSA-263}
	- lpr 1:2000.05.07-4.20
	- netpbm-free 2:9.20-9
CVE-2003-0144 (Buffer overflow in the lprm command in the lprold lpr package on SuSE ...)
	{DSA-275 DSA-267}
	- lpr 1:2000.05.07-4.20
	- lpr-ppd 1:0.72-3
CVE-2003-0142 (Adobe Acrobat Reader (acroread) 6, under certain circumstances when ...)
	NOT-FOR-US: acroread
CVE-2003-0141 (The PNG deflate algorithm in RealOne Player 6.0.11.x and earlier, ...)
	NOT-FOR-US: Real
CVE-2003-0140 (Buffer overflow in Mutt 1.4.0 and possibly earlier versions, 1.5.x up ...)
	{DSA-268}
	- mutt 1.5.4-1
CVE-2003-0139 (Certain weaknesses in the implementation of version 4 of the Kerberos ...)
	{DSA-273 DSA-266}
	- krb4 1.2.2-1
	- krb5 1.2.7-3
CVE-2003-0138 (Version 4 of the Kerberos protocol (krb4), as used in Heimdal and ...)
	{DSA-273 DSA-269 DSA-266}
	- krb4 1.2.2-1
	- heimdal 0.5.2-1
	- krb5 1.2.7-3
CVE-2003-0137 (SNMP daemon in the DX200 based network element for Nokia Serving GPRS ...)
	NOT-FOR-US: Nokia Serving GPRS support node
CVE-2003-0136 (psbanner in the LPRng package allows local users to overwrite ...)
	{DSA-285}
	- lprng 3.8.20-4.
CVE-2003-0135 (vsftpd FTP daemon in Red Hat Linux 9 is not compiled against TCP ...)
	- vsftpd <not-affected> (Red Hat specific packaging flaw)
CVE-2003-0134 (Unknown vulnerability in filestat.c for Apache running on OS2, ...)
	- apache2 2.0.46
CVE-2003-0133 (GtkHTML, as included in Evolution before 1.2.4, allows remote ...)
	- evolution 1.2.4
CVE-2003-0132 (A memory leak in Apache 2.0 through 2.0.44 allows remote attackers to ...)
	- apache2 2.0.45
CVE-2003-0131 (The SSL and TLS components for OpenSSL 0.9.6i and earlier, 0.9.7, and ...)
	{DSA-288}
	- openssl 0.9.7b-1
	- openssl096 0.9.6j-1
CVE-2003-0130 (The handle_image function in mail-format.c for Ximian Evolution Mail ...)
	- evolution 1.2.3
CVE-2003-0129 (Ximian Evolution Mail User Agent 1.2.2 and earlier allows remote ...)
	- evolution 1.2.3
CVE-2003-0128 (The try_uudecoding function in mail-format.c for Ximian Evolution Mail ...)
	- evolution 1.2.3
CVE-2003-0127 (The kernel module loader in Linux kernel 2.2.x before 2.2.25, and ...)
	{DSA-495 DSA-423 DSA-336 DSA-332 DSA-312 DSA-311 DSA-276 DSA-270}
	[sarge] - kernel-source-2.6.8 <not-affected>
	- linux-2.6 <not-affected>
	- kernel-source-2.4.27 <not-affected> (Fixed before upload in the archive, in 2.4.21)
CVE-2003-0126 (The web interface for SOHO Routefinder 550 firmware 4.63 and earlier, ...)
	NOT-FOR-US: SOHO Routefinder 550 firmware
CVE-2003-0121 (Clearswift MAILsweeper 4.x allows remote attackers to bypass ...)
	NOT-FOR-US: Clearswift MAILsweeper
CVE-2003-0119 (The secldapclntd daemon in AIX 4.3, 5.1 and 5.2 uses an Internet ...)
	NOT-FOR-US: AIX
CVE-2003-0118 (SQL injection vulnerability in the Document Tracking and ...)
	NOT-FOR-US: Microsoft
CVE-2003-0117 (Buffer overflow in the HTTP receiver function (BizTalkHTTPReceive.dll ...)
	NOT-FOR-US: Microsoft
CVE-2003-0116 (Microsoft Internet Explorer 5.01, 5.5 and 6.0 does not properly check ...)
	NOT-FOR-US: Microsoft
CVE-2003-0115 (Microsoft Internet Explorer 5.01, 5.5 and 6.0 does not properly check ...)
	NOT-FOR-US: Microsoft
CVE-2003-0114 (The file upload control in Microsoft Internet Explorer 5.01, 5.5, and ...)
	NOT-FOR-US: Microsoft
CVE-2003-0113 (Buffer overflow in URLMON.DLL in Microsoft Internet Explorer 5.01, 5.5 ...)
	NOT-FOR-US: Microsoft
CVE-2003-0112 (Buffer overflow in Windows Kernel allows local users to gain ...)
	NOT-FOR-US: Microsoft
CVE-2003-0111 (The ByteCode Verifier component of Microsoft Virtual Machine (VM) ...)
	NOT-FOR-US: Microsoft
CVE-2003-0110 (The Winsock Proxy service in Microsoft Proxy Server 2.0 and the ...)
	NOT-FOR-US: Microsoft
CVE-2003-0109 (Buffer overflow in ntdll.dll on Microsoft Windows NT 4.0, Windows NT ...)
	NOT-FOR-US: Microsoft
CVE-2003-0106 (The HTTP proxy for Symantec Enterprise Firewall (SEF) 7.0 allows proxy ...)
	NOT-FOR-US: Symantec Enterprise Firewall
CVE-2003-0105 (ServerMask 2.2 and earlier does not obfuscate (1) ETag, (2) HTTP ...)
	NOT-FOR-US: ServerMask
CVE-2003-0101 (miniserv.pl in (1) Webmin before 1.070 and (2) Usermin before 1.000 ...)
	{DSA-319}
	- webmin 1.070-1
CVE-2003-0099 (Multiple buffer overflows in apcupsd before 3.8.6, and 3.10.x before ...)
	{DSA-277}
	- apcupsd 3.8.5-1.2
CVE-2003-0098 (Unknown vulnerability in apcupsd before 3.8.6, and 3.10.x before ...)
	{DSA-277}
	- apcupsd 3.8.5-1.2
CVE-2003-0096 (Multiple buffer overflows in Oracle 9i Database release 2, Release 1, ...)
	NOT-FOR-US: Oracle
CVE-2003-0092 (Heap-based buffer overflow in dtsession for Solaris 2.5.1 through ...)
	NOT-FOR-US: Solaris
CVE-2003-0091 (Stack-based buffer overflow in the bsd_queue() function for lpq on ...)
	NOT-FOR-US: Solaris
CVE-2003-0090
	REJECTED
CVE-2003-0089 (Buffer overflow in the Software Distributor utilities for HP-UX ...)
	NOT-FOR-US: HP-UX
CVE-2003-0086 (The code for writing reg files in Samba before 2.2.8 allows local ...)
	{DSA-262}
	- samba 2.2.8
CVE-2003-0085 (Buffer overflow in the SMB/CIFS packet fragment re-assembly code for ...)
	{DSA-262}
	- samba 2.2.8
CVE-2003-0084 (mod_auth_any package in Red Hat Enterprise Linux 2.1 and other ...)
	NOT-FOR-US: mod_auth_any not in Debian
CVE-2003-0083 (Apache 1.3 before 1.3.25 and Apache 2.0 before version 2.0.46 does not ...)
	- apache2 2.0.46
	- apache 1.3.25
CVE-2003-0082 (The Key Distribution Center (KDC) in Kerberos 5 (krb5) 1.2.7 and ...)
	{DSA-266}
	- krb5 1.3.3-2
CVE-2003-0080 (The iptables ruleset in Gnome-lokkit in Red Hat Linux 8.0 does not ...)
	- gnome-lokkit 0.50.22-4
CVE-2003-0076 (Unknown vulnerability in the directory parser for Direct Connect 4 ...)
	- dcgui 0.2.2
CVE-2003-0074 (Format string vulnerability in mpmain.c for plpnfsd of the plptools ...)
	- plptools 0.12-0
CVE-2003-0072 (The Key Distribution Center (KDC) in Kerberos 5 (krb5) 1.2.7 and ...)
	{DSA-266}
	- krb5 1.2.7-3
	NOTE: changelog does not mention this one, verified patch from upstream was applied to this version.
CVE-2003-0061 (Buffer overflow in passwd for HP UX B.10.20 allows local users to ...)
	NOT-FOR-US: HP UX
CVE-2003-0060 (Format string vulnerabilities in the logging routines for MIT Kerberos ...)
	- krb5 1.2.4
CVE-2003-0057 (Multiple buffer overflows in Hypermail 2 before 2.1.6 allows remote ...)
	{DSA-248}
	- hypermail 2.1.6-1
CVE-2003-0056 (Buffer overflow in secure locate (slocate) before 2.7 allows local ...)
	{DSA-252}
	- slocate 2.7-1
CVE-2003-0049 (Apple File Protocol (AFP) in Mac OS X before 10.2.4 allows ...)
	NOT-FOR-US: MacOS
CVE-2003-0048 (PuTTY 0.53b and earlier does not clear logon credentials from memory, ...)
	- putty 0.53-b-2003-01-04-1
	NOTE: apparently fixed upstream 2002-11-12 changelog
CVE-2003-0047 (SSH2 clients for VanDyke (1) SecureCRT 4.0.2 and 3.4.7, (2) SecureFX ...)
	NOT-FOR-US: commercial ssh clients
CVE-2003-0046 (AbsoluteTelnet SSH2 client does not clear logon credentials from ...)
	NOT-FOR-US: commercial ssh clients
CVE-2003-0044 (Multiple cross-site scripting (XSS) vulnerabilities in the (1) ...)
	{DSA-246}
	- tomcat <removed>
CVE-2003-0042 (Jakarta Tomcat before 3.3.1a, when used with JDK 1.3.1 or earlier, ...)
	{DSA-246}
	- tomcat <removed>
CVE-2003-0041 (Kerberos FTP client allows remote FTP sites to execute arbitrary code ...)
	- krb5 <not-affected> (Verified sarge version of krb5-clients not vulnerable, nothing in changelogs)
CVE-2003-0038 (Cross-site scripting (XSS) vulnerability in options.py for Mailman 2.1 ...)
	{DSA-436}
	- mailman 2.1.1-1
CVE-2003-0037 (Buffer overflows in noffle news server 1.0.1 and earlier allow remote ...)
	{DSA-244}
	- noffle 1.1.2-1
CVE-2003-0036 (ml85p, as included in the printer-drivers package for Mandrake Linux, ...)
	NOT-FOR-US: ml85p, as included in the printer-drivers package for Mandrake Linux
CVE-2003-0035 (Buffer overflow in escputil, as included in the printer-drivers ...)
	NOT-FOR-US: ml85p, as included in the printer-drivers package for Mandrake Linux
CVE-2003-0034 (Buffer overflow in the mtink status monitor, as included in the ...)
	- mtink <not-affected> (Not installed setuid or setgid, so this is not exploitable)
	NOTE: HOME overflow was fixed in mainSrc/rcfile.c, but not in
	NOTE: chooser/mtinkc.c's version, which goes into mtinkc
CVE-2003-0031 (Multiple buffer overflows in libmcrypt before 2.5.5 allow attackers to ...)
	{DSA-228}
	- libmcrypt 2.5.5-1
CVE-2003-0030 (Buffer overflows in protegrity.dll of Protegrity Secure.Data Extension ...)
	NOT-FOR-US: Protegrity Secure.Data Extension Feature
CVE-2003-0029
	RESERVED
CVE-2003-0028 (Integer overflow in the xdrmem_getbytes() function, and possibly other ...)
	{DSA-282 DSA-272 DSA-266}
	- glibc 2.3.1-16
	- dietlibc 0.22-2
	- krb5 1.3.3-2
	NOTE: krb5: changelog does not mention this one, verified patch from Tom Yu was applied to this version.
CVE-2003-0026 (Multiple stack-based buffer overflows in the error handling routines ...)
	{DSA-231}
	- dhcp3 3.0+3.0.1rc11-1
CVE-2003-0025 (Multiple SQL injection vulnerabilities in IMP 2.2.8 and earlier allow ...)
	{DSA-229}
	- imp 2.2.6-7
	- imp3 <not-affected>
CVE-2003-0014 (gsinterf.c in bmv 1.2 and earlier allows local users to overwrite ...)
	{DSA-633-1}
	- bmv 1.2-17
CVE-2003-0011 (Unknown vulnerability in the DNS intrusion detection application ...)
	NOT-FOR-US: Microsoft
CVE-2003-0010 (Integer overflow in JsArrayFunctionHeapSort function used by Windows ...)
	NOT-FOR-US: Windows Script Engine for JScript
CVE-2003-0008
	RESERVED
CVE-2003-0006
	RESERVED
CVE-2003-0005
	RESERVED
CVE-2003-0001 (Multiple ethernet Network Interface Card (NIC) device drivers do not ...)
	{DSA-442 DSA-423 DSA-336 DSA-332 DSA-312 DSA-311}
	- kernel-source-2.4.27 <not-affected> (Fixed before initial upload; 2.4.21-pre5)
CVE-2002-1583 (Buffer overflow in sqllib/security/db2ckpw for IBM DB2 Universal ...)
	NOT-FOR-US: IBM DB2
CVE-2002-1582 (compose.cgi in Mailreader.com 2.3.30 and 2.3.31, when using Sendmail ...)
	[woody] - mailreader <not-affected> (Affects only 2.3.30-2.3.32)
	- mailreader 2.3.33
CVE-2002-1581 (Directory traversal vulnerability in nph-mr.cgi in Mailreader.com ...)
	{DSA-534}
	- mailreader 2.3.29-9
CVE-2002-1580 (Integer overflow in imapparse.c for Cyrus IMAP server 1.4 and 2.1.10 ...)
	{DSA-215}
	- cyrus-imapd 1.5.19-9.10
CVE-2002-1579 (SAP GUI (Sapgui) 4.6D allows remote attackers to cause a denial of ...)
	NOT-FOR-US: SAP
CVE-2002-1578 (The default installation of SAP R/3, when using Oracle and SQL*net V2 ...)
	NOT-FOR-US: SAP
CVE-2002-1577 (SAP R/3 2.0B to 4.6D installs several clients with default users and ...)
	NOT-FOR-US: SAP
CVE-2002-1576 (lserver in SAP DB 7.3 and earlier uses the current working directory ...)
	NOT-FOR-US: SAP
CVE-2002-1575 (cgiemail allows remote attackers to use cgiemail as a spam proxy via ...)
	{DSA-437}
	- cgiemail 1.6-20
CVE-2002-1573 (Unspecified vulnerability in the pcilynx ieee1394 firewire driver ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-1572 (Signed integer overflow in the bttv_read function in the bttv driver ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-1571 (The linux 2.4 kernel before 2.4.19 assumes that the fninit instruction ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-1570 (Heap-based buffer overflow in snmpnetstat for ucd-snmp 4.2.3 and ...)
	- ucd-snmp 4.2.3-2
CVE-2002-1569 (gv 3.5.8, and possibly earlier versions, allows remote attackers to ...)
	- gv 1:3.5.8-27
CVE-2002-1568 (OpenSSL 0.9.6e uses assertions when detecting buffer overflow attacks ...)
	- openssl 0.9.6g-1
CVE-2002-1567 (Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1 allows ...)
	NOTE: tomcat4 cross-site scripting vuln
CVE-2002-1566 (netris 0.5, and possibly other versions before 0.52, when running with ...)
	- netris 0.52-1
CVE-2002-1565 (Buffer overflow in url_filename function for wget 1.8.1 allows ...)
	- wget 1.8.2-8
CVE-2002-1564 (Internet Explorer 5.5 and 6.0 allows remote attackers to steal ...)
	NOT-FOR-US: microsoft
CVE-2002-1563 (stunnel 4.0.3 and earlier allows attackers to cause a denial of ...)
	- stunnel4 4.04-1
	- stunnel 2:3.24-1
CVE-2002-1562 (Directory traversal vulnerability in thttpd, when using virtual ...)
	{DSA-396}
	- thttpd 2.23beta1-2.3 (bug #216677)
CVE-2002-1561 (The RPC component in Windows 2000, Windows NT 4.0, and Windows XP ...)
	NOT-FOR-US: microsoft
CVE-2002-1559 (Directory traversal vulnerability in ion-p.exe (aka ion-p) allows ...)
	NOT-FOR-US: ion-p
CVE-2002-1558 (Cisco ONS15454 and ONS15327 running ONS before 3.4 have an account for ...)
	NOT-FOR-US: cisco
CVE-2002-1557 (Cisco ONS15454 and ONS15327 running ONS before 3.4 allows attackers to ...)
	NOT-FOR-US: cisco
CVE-2002-1556 (Cisco ONS15454 and ONS15327 running ONS before 3.4 allows attackers to ...)
	NOT-FOR-US: cisco
CVE-2002-1555 (Cisco ONS15454 and ONS15327 running ONS before 3.4 uses a &quot;public&quot; ...)
	NOT-FOR-US: cisco
CVE-2002-1554 (Cisco ONS15454 and ONS15327 running ONS before 3.4 stores usernames ...)
	NOT-FOR-US: cisco
CVE-2002-1553 (Cisco ONS15454 and ONS15327 running ONS before 3.4 allows remote ...)
	NOT-FOR-US: cisco
CVE-2002-1551 (Buffer overflow in nslookup in IBM AIX may allow attackers to cause a ...)
	NOT-FOR-US: AIX
CVE-2002-1546 (BRS WebWeaver Web Server 1.01 allows remote attackers to bypass ...)
	NOT-FOR-US: Webweaver
CVE-2002-1545 (CooolSoft Personal FTP Server 2.24 allows remote attackers to obtain ...)
	NOT-FOR-US: Coolsoft
CVE-2002-1544 (Directory traversal vulnerability in CooolSoft Personal FTP Server ...)
	NOT-FOR-US: Coolsoft
CVE-2002-1542 (SolarWinds TFTP server 5.0.55 and earlier allows remote attackers to ...)
	NOT-FOR-US: SolarWinds
CVE-2002-1539 (Buffer overflow in MDaemon POP server 6.0.7 and earlier allows remote ...)
	NOT-FOR-US: MDaemon
CVE-2002-1536 (Molly IRC bot 0.5 allows remote attackers to execute arbitrary ...)
	NOT-FOR-US: Molly
CVE-2002-1535 (Secure Webserver 1.1 in Raptor 6.5 and Symantec Enterprise Firewall ...)
	NOT-FOR-US: Symantec
CVE-2002-1533 (Cross-site scripting (XSS) vulnerability in Jetty JSP servlet engine ...)
	- jetty <not-affected> (Fixed before upload into archive; 4.1 series)
CVE-2002-1527 (emumail.cgi in EMU Webmail 5.0 allows remote attackers to determine ...)
	NOT-FOR-US: EMU Webmail
CVE-2002-1526 (Cross-site scripting (XSS) vulnerability in emumail.cgi for EMU ...)
	NOT-FOR-US: EMU Webmail
CVE-2002-1525 (Directory traversal vulnerability in ASTAware SearchDisk engine for ...)
	NOT-FOR-US: Sun
CVE-2002-1523 (Directory traversal vulnerability in Daniel Arenz Mini Server 2.1.6 ...)
	NOT-FOR-US: Miniserver
CVE-2002-1522 (Buffer overflow in PowerFTP FTP server 2.24, and possibly other ...)
	NOT-FOR-US: PowerFTP
CVE-2002-1515 (Directory traversal vulnerability in avatar.php in CoolForum 0.5 beta ...)
	NOT-FOR-US: Coolforum
CVE-2002-1512 (xbru in BRU Workstation 17.0 allows local users to overwrite arbitrary ...)
	NOT-FOR-US: BRU
CVE-2002-1508 (slapd in OpenLDAP2 (OpenLDAP 2) 2.2.0 and earlier allows local users ...)
	{DSA-227}
	- openldap2 2.0.27-3
CVE-2002-1507 (Unreal Tournament 2003 (ut2003) clients and servers allow remote ...)
	NOT-FOR-US: Unreal
CVE-2002-1506 (Buffer overflow in Linuxconf before 1.28r4 allows local users to ...)
	- linuxconf <removed>
CVE-2002-1504 (Directory traversal vulnerability in WebServer 4 Everyone 1.22 allows ...)
	NOT-FOR-US: webserver-4everyone
CVE-2002-1503 (Buffer overflow in Automatic File Distributor (AFD) 1.2.14 and earlier ...)
	NOT-FOR-US: AFD not in debian
CVE-2002-1500 (Buffer overflow in (1) mrinfo, (2) mtrace, and (3) pppd in NetBSD ...)
	NOT-FOR-US: NetBSD
CVE-2002-1499 (Multiple SQL injection vulnerabilities in FactoSystem CMS allows ...)
	NOT-FOR-US: FactoSystem
CVE-2002-1498 (Directory traversal vulnerability in SWServer 2.2 and earlier allows ...)
	NOT-FOR-US: SWServer
CVE-2002-1495 (Cross-site scripting (XSS) vulnerability in JAWmail 1.0-rc1 allows ...)
	NOT-FOR-US: Jawmail
CVE-2002-1492 (Buffer overflows in the Cisco VPN 5000 Client before 5.2.7 for Linux, ...)
	NOT-FOR-US: Cisco
CVE-2002-1489 (Buffer overflow in PlanetDNS PlanetWeb 1.14 and earlier allows remote ...)
	NOT-FOR-US: PlanetDNS
CVE-2002-1488 (The IRC component of Trillian 0.73 and 0.74 allows remote malicious ...)
	NOT-FOR-US: Cerulean Trillian
CVE-2002-1487 (The IRC component of Trillian 0.73 and 0.74 allows remote malicious ...)
	NOT-FOR-US: Cerulean Trillian
CVE-2002-1486 (Multiple buffer overflows in the IRC component of Trillian 0.73 and ...)
	NOT-FOR-US: Cerulean Trillian
CVE-2002-1485 (The AIM component of Trillian 0.73 and 0.74 allows remote attackers to ...)
	NOT-FOR-US: Cerulean Trillian
CVE-2002-1484 (DB4Web server, when configured to use verbose debug messages, allows ...)
	NOT-FOR-US: db4web
CVE-2002-1483 (db4web_c and db4web_c.exe programs in DB4Web 3.4 and 3.6 allow remote ...)
	NOT-FOR-US: db4web
CVE-2002-1482 (SQL injection vulnerability in login.php for phpGB 1.20 and earlier, ...)
	NOT-FOR-US: phpGB not in Debian
CVE-2002-1481 (savesettings.php in phpGB 1.20 and earlier does not require ...)
	NOT-FOR-US: phpGB not in Debian
CVE-2002-1480 (Cross-site scripting (XSS) vulnerability in phpGB before 1.20 allows ...)
	NOT-FOR-US: phpGB not in Debian
CVE-2002-1475 (Unknown vulnerability in the ARP component for HP Tru64 UNIX 4.0f, ...)
	NOT-FOR-US: HPUX
CVE-2002-1474 (Unknown vulnerability or vulnerabilities in TCP/IP component for HP ...)
	NOT-FOR-US: HPUX
CVE-2002-1473 (Multiple buffer overflows in lp subsystem for HP-UX 10.20 through ...)
	NOT-FOR-US: HPUX
CVE-2002-1470 (SHOUTcast 1.8.9 and earlier allows local users to obtain the cleartext ...)
	NOT-FOR-US: Shoutcase
CVE-2002-1467 (Macromedia Flash Plugin before 6,0,47,0 allows remote attackers to ...)
	- flashplugin-nonfree 6.0.61.0-1
CVE-2002-1466 (CafeLog b2 Weblog Tool 2.06pre4, with allow_fopen_url enabled, allows ...)
	NOT-FOR-US: Cafelog
CVE-2002-1465 (SQL injection vulnerability in CafeLog b2 Weblog Tool allows remote ...)
	NOT-FOR-US: Cafelog
CVE-2002-1464 (Cross-site scripting (XSS) vulnerability in CafeLog b2 Weblog Tool ...)
	NOT-FOR-US: Cafelog
CVE-2002-1462 (details2.php in OrganicPHP PHP-affiliate 1.0, and possibly later ...)
	NOT-FOR-US: Organic PHP
CVE-2002-1461 (Web Shop Manager 1.1 allows remote attackers to execute arbitrary ...)
	NOT-FOR-US: Webshop Manager
CVE-2002-1460 (L-Forum 2.40 and earlier does not properly verify whether a file was ...)
	NOT-FOR-US: L-Forum not in Debian
CVE-2002-1459 (Cross-site scripting vulnerability in L-Forum 2.40 and earlier, when ...)
	NOT-FOR-US: L-Forum not in Debian
CVE-2002-1458 (Cross-site scripting vulnerability in L-Forum 2.40 and earlier, when ...)
	NOT-FOR-US: L-Forum not in Debian
CVE-2002-1457 (SQL injection vulnerability in search.php for L-Forum 2.40 allows ...)
	NOT-FOR-US: L-Forum not in Debian
CVE-2002-1456 (Buffer overflow in mIRC 6.0.2 and earlier allows remote attackers to ...)
	NOT-FOR-US: mIRC
CVE-2002-1455 (Multiple cross-site scripting (XSS) vulnerabilities in OmniHTTPd allow ...)
	NOT-FOR-US: OmniHTTPD
CVE-2002-1454 (MyWebServer 1.0.2 allows remote attackers to determine the absolute ...)
	NOT-FOR-US: MyWebServer
CVE-2002-1453 (Cross-site scripting (XSS) vulnerability in MyWebServer 1.0.2 allows ...)
	NOT-FOR-US: MyWebServer
CVE-2002-1452 (Buffer overflow in the search capability for MyWebServer 1.0.2 allows ...)
	NOT-FOR-US: MyWebServer
CVE-2002-1451 (Blazix before 1.2.2 allows remote attackers to read source code of JSP ...)
	NOT-FOR-US: Blazix not in Debian
CVE-2002-1450 (IBM UniVerse with UV/ODBC allows attackers to cause a denial of ...)
	NOT-FOR-US: IBM UniVerse
CVE-2002-1449 (eUpload 1.0 stores the password.txt password file in plaintext under ...)
	NOT-FOR-US: eUpload not in Debian
CVE-2002-1445 (Cross-site scripting (XSS) vulnerability in CERN Proxy Server allows ...)
	NOT-FOR-US: CERN HTTPD not in Debian
CVE-2002-1444 (The Google toolbar 1.1.60, when running on Internet Explorer 5.5 and ...)
	NOT-FOR-US: Google Toolbar
CVE-2002-1442 (The Google toolbar 1.1.58 and earlier allows remote web sites to ...)
	NOT-FOR-US: Google Toolbar
CVE-2002-1441 (Multiple buffer overflows in Tomahawk SteelArrow before 4.5 allow ...)
	NOT-FOR-US: Tomahawk
CVE-2002-1440 (The Gateway GS-400 server has a default root password of &quot;0001n&quot; that ...)
	NOT-FOR-US: Gateway
CVE-2002-1439 (Unknown vulnerability related to stack corruption in the TGA daemon ...)
	NOT-FOR-US: HPUX
CVE-2002-1434 (Multiple cross-site scripting (XSS) vulnerabilities in the Web mail ...)
	NOT-FOR-US: Kerio
CVE-2002-1433 (Kerio MailServer 5.0 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Kerio
CVE-2002-1432 (MidiCart stores the midicart.mdb database file under the Web document ...)
	NOT-FOR-US: MidiCart
CVE-2002-1431 (Belkin F5D5230-4 4-Port Cable/DSL Gateway Router 1.20.000 modifies the ...)
	NOT-FOR-US: Belkin
CVE-2002-1429 (Cross-site scripting vulnerability in board.php of endity.com ShoutBOX ...)
	NOT-FOR-US: ShoutBox
CVE-2002-1428 (index.php in dotProject 0.2.1.5 allows remote attackers to bypass ...)
	NOT-FOR-US: dotproject
CVE-2002-1427 (The print_html_to_file function in edit.cgi for Easy Homepage Creator ...)
	NOT-FOR-US: Easy Homepage Creator
CVE-2002-1426 (HP ProCurve Switch 4000M C.07.23 allows remote attackers to cause a ...)
	NOT-FOR-US: HP
CVE-2002-1423 (tmp_view.php in FUDforum before 2.2.0 allows remote attackers to read ...)
	- phpgroupware <not-affected> (Issue in fudforum 2.2.0. fudforum in phpgroupware-fudforum is 2.5.x)
CVE-2002-1422 (admbrowse.php in FUDforum before 2.2.0 allows remote attackers to ...)
	- phpgroupware <not-affected> (Issue in fudforum 2.2.0. fudforum in phpgroupware-fudforum is 2.5.x)
CVE-2002-1421 (SQL injection vulnerabilities in FUDforum before 2.2.0 allow remote ...)
	- phpgroupware <not-affected> (Issue in fudforum 2.2.0. fudforum in phpgroupware-fudforum is 2.5.x)
CVE-2002-1416 (The POP3 service for WebEasyMail 3.4.2.2 and earlier generates ...)
	NOT-FOR-US: Webeasymail
CVE-2002-1415 (Format string vulnerability in SMTP service for WebEasyMail 3.4.2.2 ...)
	NOT-FOR-US: Webeasymail
CVE-2002-1411 (Directory traversal vulnerability in update.dpgs in Duma Photo Gallery ...)
	NOT-FOR-US: Duma
CVE-2002-1410 (Easy Guestbook CGI programs do not authenticate the administrator, ...)
	NOT-FOR-US: East Guestbook
CVE-2002-1409 (ptrace on HP-UX 11.00 through 11.11 allows local users to cause a ...)
	NOT-FOR-US: HPUX
CVE-2002-1408 (Unknown vulnerability or vulnerabilities in HP OpenView EMANATE 14.2 ...)
	NOT-FOR-US: HP Openview
CVE-2002-1406 (Unknown vulnerability in passwd for VVOS HP-UX 11.04, with unknown ...)
	NOT-FOR-US: HPUX
CVE-2002-1404
	REJECTED
CVE-2002-1402 (Buffer overflows in the (1) TZ and (2) SET TIME ZONE enivronment ...)
	{DSA-165}
	- postgresql 7.2.2-2
CVE-2002-1401 (Buffer overflows in (1) circle_poly, (2) path_encode and (3) path_add ...)
	{DSA-165}
	- postgresql 7.2.2-2
CVE-2002-1400 (Heap-based buffer overflow in the repeat() function for PostgreSQL ...)
	{DSA-165}
	- postgresql 7.2.2-2
CVE-2002-1399 (Unknown vulnerability in cash_out and possibly other functions in ...)
	- postgresql 7.2.2-2
CVE-2002-1398 (Buffer overflow in the date parser for PostgreSQL before 7.2.2 allows ...)
	{DSA-165}
	- postgresql 7.2.2-2
CVE-2002-1397 (Vulnerability in the cash_words() function for PostgreSQL 7.2 and ...)
	- postgresql 7.2.2-2
CVE-2002-1395 (Internet Message (IM) 141-18 and earlier uses predictable file and ...)
	{DSA-202}
	- im 1:141-20
CVE-2002-1393 (Multiple vulnerabilities in KDE 2 and KDE 3.x through 3.0.5 do not ...)
	{DSA-243 DSA-242 DSA-241 DSA-240 DSA-239 DSA-238 DSA-237 DSA-236 DSA-235 DSA-234}
	- kdemultimedia 4:3.0.5a
	- kdebase 4:3.0.5a
	- kdeutils 4:3.0.5a
	- kdegames 4:3.0.5a
	- kdesdk 4:3.0.5a
	- kdepim 4:3.0.5a
	- kdelibs 4:3.0.5a
	- kdenetwork 4:3.0.5a
	- kdegraphics 4:3.0.5a
	- kdeadmin 4:3.0.5a
CVE-2002-1387 (The spray mode in traceroute-nanog (aka traceroute-ng) may allow local ...)
	{DSA-254}
	- traceroute-nanog 6.3.0-1
CVE-2002-1386 (Buffer overflow in traceroute-nanog (aka traceroute-ng) may allow ...)
	{DSA-254}
	- traceroute-nanog 6.3.0-1
CVE-2002-1383 (Multiple integer overflows in Common Unix Printing System (CUPS) ...)
	{DSA-232}
	- cups 1.1.18-1
	- cupsys 1.1.18-1
CVE-2002-1379 (OpenLDAP2 (OpenLDAP 2) 2.2.0 and earlier allows remote or local ...)
	{DSA-227}
	- openldap2 2.0.27-3
CVE-2002-1378 (Multiple buffer overflows in OpenLDAP2 (OpenLDAP 2) 2.2.0 and earlier ...)
	{DSA-227}
	- openldap2 2.0.27-3
CVE-2002-1376 (libmysqlclient client library in MySQL 3.x to 3.23.54, and 4.x to ...)
	{DSA-212}
	- mysql <removed>
CVE-2002-1370
	REJECTED
CVE-2002-1368 (Common Unix Printing System (CUPS) 1.1.14 through 1.1.17 allows remote ...)
	{DSA-232}
	- cups 1.1.18-1
	- cupsys 1.1.18-1
CVE-2002-1360 (Multiple SSH2 servers and clients do not properly handle strings with ...)
	- openssh <not-affected> (OpenSSH not vulnerable)
CVE-2002-1359 (Multiple SSH2 servers and clients do not properly handle large packets ...)
	- openssh <not-affected> (OpenSSH not vulnerable)
CVE-2002-1358 (Multiple SSH2 servers and clients do not properly handle lists with ...)
	- openssh <not-affected> (OpenSSH not vulnerable)
CVE-2002-1357 (Multiple SSH2 servers and clients do not properly handle packets or ...)
	- openssh <not-affected> (OpenSSH not vulnerable)
CVE-2002-1356 (Ethereal 0.9.7 and earlier allows remote attackers to cause a denial ...)
	- ethereal 0.9.8-1
CVE-2002-1355 (Multiple integer signedness errors in the BGP dissector in Ethereal ...)
	- ethereal 0.9.8-1
CVE-2002-1354 (Directory traversal vulnerability in TYPSoft FTP Server 0.99.8 allows ...)
	NOT-FOR-US: TYPSoft FTP Server
CVE-2002-1353 (LocalWEB2000 HTTP server 2.1.0 stores passwords in plain text under ...)
	NOT-FOR-US: LocalWEB2000 HTTP server
CVE-2002-1352 (Per Magne Knutsen's CartMan shopping cart (cartman.php) 1.04 and ...)
	NOT-FOR-US: CartMan
CVE-2002-1351 (Buffer overflow in Melange Chat System 1.10 allows remote attackers to ...)
	NOT-FOR-US: Melange Chat System
CVE-2002-1347 (Multiple buffer overflows in Cyrus SASL library 2.1.9 and earlier ...)
	- cyrus-sasl2 2.1.10-1
CVE-2002-1346
	RESERVED
CVE-2002-1345 (Directory traversal vulnerabilities in multiple FTP clients on UNIX ...)
	NOTE: multiple ftp client issues
CVE-2002-1344 (Directory traversal vulnerability in wget before 1.8.2-4 allows a ...)
	{DSA-209}
	- wget 1.8.2-8
CVE-2002-1343
	RESERVED
CVE-2002-1342 (Unknown vulnerability in smb2www 980804-16 and earlier allows remote ...)
	{DSA-203}
	- smb2www 980804-17
CVE-2002-1341 (Cross-site scripting (XSS) vulnerability in read_body.php for ...)
	{DSA-220}
	- squirrelmail 1:1.3.2-2
CVE-2002-1340 (The &quot;ConnectionFile&quot; property in the DataSourceControl component in ...)
	NOT-FOR-US: Office Web Components
CVE-2002-1339 (The &quot;XMLURL&quot; property in the Spreadsheet component of Office Web ...)
	NOT-FOR-US: Office Web Components
CVE-2002-1338 (The Load method in the Chart component of Office Web Components (OWC) ...)
	NOT-FOR-US: Office Web Components
CVE-2002-1335 (Cross-site scripting (XSS) vulnerability in w3m 0.3.2 does not escape ...)
	{DSA-251 DSA-250 DSA-249}
	- w3m 0.3.2.2-1
	- w3mmee 0.3.p24.17-3
	- w3m-ssl <removed>
CVE-2002-1334 (Cross-site scripting (XSS) vulnerability in BizDesign ImageFolio 3.01 ...)
	NOT-FOR-US: BizDesign
CVE-2002-1333
	RESERVED
CVE-2002-1332
	RESERVED
CVE-2002-1331
	RESERVED
CVE-2002-1330
	RESERVED
CVE-2002-1329
	RESERVED
CVE-2002-1328
	RESERVED
CVE-2002-1326
	RESERVED
CVE-2002-1324
	RESERVED
CVE-2002-1322 (Rational ClearCase 4.1, 2002.05, and possibly other versions allows ...)
	NOT-FOR-US: ClearCase
CVE-2002-1321 (Multiple buffer overflows in RealOne and RealPlayer allow remote ...)
	NOT-FOR-US: Realplayer
CVE-2002-1316 (importInfo in the Admin Server for iPlanet WebServer 4.x, up to SP11, ...)
	NOT-FOR-US: iPlanet
CVE-2002-1315 (Cross-site scripting (XSS) vulnerability in the Admin Server for ...)
	NOT-FOR-US: iPlanet
CVE-2002-1314
	RESERVED
CVE-2002-1312 (Buffer overflow in the Web management interface in Linksys BEFW11S4 ...)
	NOT-FOR-US: Linksys
CVE-2002-1310 (Heap-based buffer overflow in the error-handling mechanism for the IIS ...)
	NOT-FOR-US: Macromedia
CVE-2002-1309 (Heap-based buffer overflow in the error-handling mechanism for the IIS ...)
	NOT-FOR-US: Macromedia
CVE-2002-1306 (Multiple buffer overflows in LISa on KDE 2.x for 2.1 and later, and ...)
	{DSA-214}
	- kdenetwork 4:2.2.2-14.20
CVE-2002-1305
	RESERVED
CVE-2002-1304
	RESERVED
CVE-2002-1303
	RESERVED
CVE-2002-1302
	RESERVED
CVE-2002-1301
	RESERVED
CVE-2002-1300
	RESERVED
CVE-2002-1299
	RESERVED
CVE-2002-1298
	RESERVED
CVE-2002-1297
	RESERVED
CVE-2002-1295 (The Microsoft Java implementation, as used in Internet Explorer, ...)
	NOT-FOR-US: Microsoft
CVE-2002-1294 (The Microsoft Java implementation, as used in Internet Explorer, can ...)
	NOT-FOR-US: Microsoft
CVE-2002-1293 (The Microsoft Java implementation, as used in Internet Explorer, ...)
	NOT-FOR-US: Microsoft
CVE-2002-1292 (The Microsoft Java virtual machine (VM) build 5.0.3805 and earlier, as ...)
	NOT-FOR-US: Microsoft
CVE-2002-1291 (The Microsoft Java implementation, as used in Internet Explorer, ...)
	NOT-FOR-US: Microsoft
CVE-2002-1290 (The Microsoft Java implementation, as used in Internet Explorer, ...)
	NOT-FOR-US: Microsoft
CVE-2002-1289 (The Microsoft Java implementation, as used in Internet Explorer, ...)
	NOT-FOR-US: Microsoft
CVE-2002-1288 (The Microsoft Java implementation, as used in Internet Explorer, ...)
	NOT-FOR-US: Microsoft
CVE-2002-1287 (Stack-based buffer overflow in the Microsoft Java implementation, as ...)
	NOT-FOR-US: Microsoft
CVE-2002-1286 (The Microsoft Java implementation, as used in Internet Explorer, ...)
	NOT-FOR-US: Microsoft
CVE-2002-1285 (runlpr in the LPRng package allows the local lp user to gain root ...)
	NOT-FOR-US: SuSE-specific lprfilter package
CVE-2002-1283 (Buffer overflow in Novell iManager (eMFrame) before 1.5 allows remote ...)
	NOT-FOR-US: Novell iManager (eMFrame)
CVE-2002-1282 (Unknown vulnerability in the telnet KIO subsystem (telnet.protocol) of ...)
	{DSA-204}
	- kdelibs 4:3.1.0-1
CVE-2002-1281 (Unknown vulnerability in the rlogin KIO subsystem (rlogin.protocol) of ...)
	{DSA-204}
	- kdelibs 4:3.1.0-1
CVE-2002-1280 (Memory leak in RealSecure Event Collector 6.5 allows attackers to ...)
	NOT-FOR-US: RealSecure Event Collector
CVE-2002-1279 (Multiple buffer overflows in conf.c for Masqmail 0.1.x before 0.1.17, ...)
	{DSA-194}
	- masqmail 0.2.15-1
CVE-2002-1276 (An incomplete fix for a cross-site scripting (XSS) vulnerability in ...)
	{DSA-191}
	- squirrelmail 1:1.2.8-1.1
CVE-2002-1275 (Unknown vulnerability in html2ps HTML/PostScript converter 1.0, when ...)
	{DSA-192}
	- html2ps 1.0b3-2
CVE-2002-1274
	RESERVED
CVE-2002-1273
	RESERVED
CVE-2002-1269 (Unknown vulnerability in NetInfo Manager application in Mac OS X ...)
	NOT-FOR-US: MacOS
CVE-2002-1263
	REJECTED
CVE-2002-1262 (Internet Explorer 5.5 and 6.0 does not perform complete security ...)
	NOT-FOR-US: Microsoft
CVE-2002-1261
	REJECTED
CVE-2002-1259
	REJECTED
CVE-2002-1258 (Two vulnerabilities in Microsoft Virtual Machine (VM) up to and ...)
	NOT-FOR-US: Microsoft
CVE-2002-1254 (Internet Explorer 5.5 and 6.0 allows remote attackers to bypass the ...)
	NOT-FOR-US: Microsoft
CVE-2002-1249
	RESERVED
CVE-2002-1247 (Buffer overflow in LISa allows local users to gain access to a raw ...)
	{DSA-193}
	- kdenetwork 4:2.2.2-14.3
CVE-2002-1246
	RESERVED
CVE-2002-1243
	RESERVED
CVE-2002-1241
	RESERVED
CVE-2002-1240
	RESERVED
CVE-2002-1238 (Peter Sandvik's Simple Web Server 0.5.1 and earlier allows remote ...)
	NOT-FOR-US: Peter Sandvik's Simple Web Server
CVE-2002-1237
	RESERVED
CVE-2002-1235 (The kadm_ser_in function in (1) the Kerberos v4compatibility ...)
	{DSA-185 DSA-184 DSA-183}
	- heimdal 0.4e-22
	- krb4 1.1-11-8
	- krb5 1.2.6-2
CVE-2002-1234
	REJECTED
CVE-2002-1233 (A regression error in the Debian distributions of the apache-ssl ...)
	{DSA-195 DSA-188 DSA-187}
	- apache-perl 1.3.26-1.1-1.27-3-1
	- apache 1.3.27-1
CVE-2002-1229 (Avaya Cajun switches P880, P882, P580, and P550R 5.2.14 and earlier ...)
	NOT-FOR-US: Avaya Cajun switches
CVE-2002-1228 (Unknown vulnerability in NFS on Solaris 2.5.1 through Solaris 9 allows ...)
	NOT-FOR-US: Solaris
CVE-2002-1226 (Unknown vulnerabilities in Heimdal before 0.5 with unknown impact, ...)
	{DSA-178}
	- heimdal 0.4e-21
CVE-2002-1225 (Multiple buffer overflows in Heimdal before 0.5, possibly in both the ...)
	{DSA-178}
	- heimdal 0.4e-21
CVE-2002-1218
	RESERVED
CVE-2002-1217 (Cross-Frame scripting vulnerability in the WebBrowser control as used ...)
	NOT-FOR-US: Microsoft
CVE-2002-1216 (GNU tar 1.13.19 and other versions before 1.13.25 allows remote ...)
	- tar 1.13.25
CVE-2002-1215 (Multiple format string vulnerabilities in heartbeat 0.4.9 and earlier ...)
	{DSA-174}
	- heartbeat 0.4.9.2-1
CVE-2002-1213 (Directory traversal vulnerability in RadioBird Software WebServer 4 ...)
	NOT-FOR-US: RadioBird Software WebServer 4 Everyone
CVE-2002-1212 (Buffer overflow in RadioBird Software WebServer 4 Everyone 1.23 and ...)
	NOT-FOR-US: RadioBird Software WebServer 4 Everyone
CVE-2002-1210 (Qualcomm Eudora 5.1.1, 5.2, and possibly other versions stores email ...)
	NOT-FOR-US: Eudora
CVE-2002-1209 (Directory traversal vulnerability in SolarWinds TFTP Server 5.0.55, ...)
	NOT-FOR-US: SolarWinds TFTP Server
CVE-2002-1208
	RESERVED
CVE-2002-1207
	RESERVED
CVE-2002-1206
	RESERVED
CVE-2002-1205
	RESERVED
CVE-2002-1204 (Netscape Communicator 4.x allows attackers to use a link to steal a ...)
	NOT-FOR-US: Netscape Communicator 4.x
CVE-2002-1203 (IBM SecureWay Firewall before 4.2.2 performs extra processing before ...)
	NOT-FOR-US: IBM SecureWay Firewall
CVE-2002-1202 (Unknown vulnerability in routed for HP Tru64 UNIX V4.0F through V5.1A ...)
	NOT-FOR-US: HP Tru64 UNIX
CVE-2002-1201 (IBM AIX 4.3.3 and AIX 5 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: AIX
CVE-2002-1194 (Buffer overflow in talkd on NetBSD 1.6 and earlier, and possibly other ...)
	NOT-FOR-US: NetBSD
CVE-2002-1192 (Multiple buffer overflows in rogue on NetBSD 1.6 and earlier, FreeBSD ...)
	NOT-FOR-US: NetBSD
CVE-2002-1191 (The Sabserv client component in Sabre Desktop Reservation Software 4.2 ...)
	NOT-FOR-US: Sabre Desktop
CVE-2002-1190 (Cisco Unity 2.x and 3.x uses well-known default user accounts, which ...)
	NOT-FOR-US: Cisco
CVE-2002-1181 (Multiple cross-site scripting (XSS) vulnerabilities in the ...)
	NOT-FOR-US: Microsoft IIS
CVE-2002-1177 (Multiple buffer overflows in Winamp 3.0, when displaying an MP3 in the ...)
	NOT-FOR-US: Winamp
CVE-2002-1176 (Buffer overflow in Winamp 2.81 allows remote attackers to execute ...)
	NOT-FOR-US: Winamp
CVE-2002-1175 (The getmxrecord function in Fetchmail 6.0.0 and earlier does not ...)
	{DSA-171}
	- fetchmail 6.1.0-1
CVE-2002-1174 (Buffer overflows in Fetchmail 6.0.0 and earlier allow remote attackers ...)
	{DSA-171}
	- fetchmail 6.1.0-1
CVE-2002-1173
	RESERVED
CVE-2002-1172
	RESERVED
CVE-2002-1171
	RESERVED
CVE-2002-1168 (Cross-site scripting (XSS) vulnerability in IBM Web Traffic Express ...)
	NOT-FOR-US: IBM Websphere
CVE-2002-1167 (Cross-site scripting (XSS) vulnerability in IBM Web Traffic Express ...)
	NOT-FOR-US: IBM Websphere
CVE-2002-1166 (Buffer overflow in John Franks WN Server 1.18.2 through 2.0.0 allows ...)
	- wn <removed>
CVE-2002-1165 (Sendmail Consortium's Restricted Shell (SMRSH) in Sendmail 8.12.6, ...)
	- sendmail 8.12.3-5
CVE-2002-1161
	REJECTED
CVE-2002-1155 (Buffer overflow in KON kon2 0.3.9b and earlier allows local users to ...)
	NOTE: kon2. patched, but I don't know when.
	NOTE: assuming the current unstable/testing version is ok then..
	- kon2 0.3.9b-18
CVE-2002-1150 (The Remote Desktop Sharing (RDS) Screen Saver Protection capability ...)
	NOT-FOR-US: Microsoft Netmeeting
CVE-2002-1149 (The installation procedure for Invision Board suggests that users ...)
	NOT-FOR-US: Invision Board
CVE-2002-1145 (The xp_runwebtask stored procedure in the Web Tasks component of ...)
	NOT-FOR-US: Microsoft SQL
CVE-2002-1144
	RESERVED
CVE-2002-1143 (Microsoft Word and Excel allow remote attackers to steal sensitive ...)
	NOT-FOR-US: Microsoft Word & Excel
CVE-2002-1136
	RESERVED
CVE-2002-1134 (Unknown vulnerability in Compaq WEBES Service Tools 2.0 through WEBES ...)
	NOT-FOR-US: HP Tru64
CVE-2002-1133 (Encoded directory traversal vulnerability in Dino's web server 2.1 ...)
	NOT-FOR-US: Dino's Webserver
CVE-2002-1131 (Cross-site scripting vulnerabilities in SquirrelMail 1.2.7 and ...)
	{DSA-191}
	- squirrelmail 1:1.2.8-1.1
CVE-2002-1130
	RESERVED
CVE-2002-1129 (Buffer overflow in dxterm allows local users to execute arbitrary code ...)
	NOT-FOR-US: HP Tru64
CVE-2002-1128 (Buffer overflow in inc mail utility for Compaq Tru64/OSF1 3.x allows ...)
	NOT-FOR-US: HP Tru64
CVE-2002-1127 (Buffer overflow in uucp in Compaq Tru64/OSF1 3.x allows local users to ...)
	NOT-FOR-US: HP Tru64
CVE-2002-1125 (FreeBSD port programs that use libkvm for FreeBSD 4.6.2-RELEASE and ...)
	NOT-FOR-US: FreeBSD
CVE-2002-1124 (Multiple buffer overflows in purity 1-16 allow local users to gain ...)
	{DSA-166}
	- purity 1-16
CVE-2002-1121 (SMTP content filter engines, including (1) GFI MailSecurity for ...)
	NOTE: Some SMTP mailscanners can be bypassed by fragmenting messages.
CVE-2002-1120 (Buffer overflow in Savant Web Server 3.1 and earlier allows remote ...)
	NOT-FOR-US: Savant Web Server
CVE-2002-1115 (Mantis 0.17.4a and earlier allows remote attackers to view private ...)
	{DSA-161}
	- mantis 0.17.5-2
CVE-2002-1114 (config_inc2.php in Mantis before 0.17.4 allows remote attackers to ...)
	{DSA-153}
	- mantis 0.17.4a-2
CVE-2002-1110 (Multiple SQL injection vulnerabilities in Mantis 0.17.2 and earlier, ...)
	{DSA-153}
	- mantis 0.17.4a-2
CVE-2002-1103 (Cisco VPN 3000 Concentrator 2.2.x, 3.6(Rel), and 3.x before 3.5.5, ...)
	NOT-FOR-US: Cisco
CVE-2002-1101 (Cisco VPN 3000 Concentrator 2.2.x, 3.6(Rel), and 3.x before 3.5.5, ...)
	NOT-FOR-US: Cisco
CVE-2002-1100 (Cisco VPN 3000 Concentrator 2.2.x, and 3.x before 3.5.3, allows remote ...)
	NOT-FOR-US: Cisco
CVE-2002-1094 (Information leaks in Cisco VPN 3000 Concentrator 2.x.x and 3.x.x ...)
	NOT-FOR-US: Cisco
CVE-2002-1090 (Buffer overflow in read_smtp_response of protocol.c in libesmtp before ...)
	- libesmtp 0.8.11-1
CVE-2002-1089 (rwcgi60 CGI program in Oracle Reports Server, by design, provides ...)
	NOT-FOR-US: Oracle
CVE-2002-1087 (The scripts (1) createdir.php, (2) removedir.php and (3) ...)
	NOT-FOR-US: ezContents
CVE-2002-1086 (Multiple SQL injection vulnerabilities in ezContents 1.41 and earlier ...)
	NOT-FOR-US: ezContents
CVE-2002-1085 (Multiple cross-site scripting vulnerabilities in ezContents 1.41 and ...)
	NOT-FOR-US: ezContents
CVE-2002-1084 (The VerifyLogin function in ezContents 1.41 and earlier does not ...)
	NOT-FOR-US: ezContents
CVE-2002-1083 (Directory traversal vulnerabilities in ezContents 1.41 and earlier ...)
	NOT-FOR-US: ezContents
CVE-2002-1082 (The Image Upload capability for ezContents 1.40 and earlier allows ...)
	NOT-FOR-US: ezContents
CVE-2002-1080 (The Administration console for Abyss Web Server 1.0.3 before Patch 2 ...)
	NOT-FOR-US: Abyss
CVE-2002-1078 (Abyss Web Server 1.0.3 allows remote attackers to list directory ...)
	NOT-FOR-US: Abyss
CVE-2002-1077 (IPSwitch IMail Web Calendaring service (iwebcal) allows remote ...)
	NOT-FOR-US: IPSwitch
CVE-2002-1075 (Buffer overflow in Pegasus mail client 4.01 and earlier allows remote ...)
	NOT-FOR-US: Pegasus
CVE-2002-1073 (Buffer overflow in the control service for MERCUR Mailserver 4.2 ...)
	NOT-FOR-US: MERCUR Mailserver
CVE-2002-1072 (ZyXEL Prestige 642R 2.50(FA.1) and Prestige 310 V3.25(M.01), allows ...)
	NOT-FOR-US: ZyXEL
CVE-2002-1071 (ZyXEL Prestige 642R allows remote attackers to cause a denial of ...)
	NOT-FOR-US: ZyXEL
CVE-2002-1070 (Cross-site scripting vulnerability in PHPWiki Postnuke wiki module ...)
	- phpwiki 1.3.4-1
CVE-2002-1069 (The remote administration capability for the D-Link DI-804 router 4.68 ...)
	NOT-FOR-US: D-Link hardware
CVE-2002-1068 (The web server for D-Link DP-300 print server allows remote attackers ...)
	NOT-FOR-US: D-Link hardware
CVE-2002-1067 (Administrative web interface for IC9 Pocket Print Server Firmware ...)
	NOT-FOR-US: IC9 Print Server
CVE-2002-1066 (Thomas Hauck Jana Server 1.4.6 and earlier allows remote attackers to ...)
	NOT-FOR-US: Jana Server
CVE-2002-1065 (Thomas Hauck Jana Server 2.x through 2.2.1, and 1.4.6 and earlier, ...)
	NOT-FOR-US: Jana Server
CVE-2002-1064 (Thomas Hauck Jana Server 2.x through 2.2.1, and 1.4.6 and earlier, ...)
	NOT-FOR-US: Jana Server
CVE-2002-1063 (Thomas Hauck Jana Server 2.x through 2.2.1, and 1.4.6 and earlier, ...)
	NOT-FOR-US: Jana Server
CVE-2002-1062 (Signedness error in Thomas Hauck Jana Server 2.x through 2.2.1, and ...)
	NOT-FOR-US: Jana Server
CVE-2002-1061 (Multiple buffer overflows in Thomas Hauck Jana Server 2.x through ...)
	NOT-FOR-US: Jana Server
CVE-2002-1058 (Directory traversal vulnerability in splashAdmin.php for Cobalt Qube ...)
	NOT-FOR-US: Cobalt Qube
CVE-2002-1055 (Buffer overflow in administrative web server for Brother NC-3100h ...)
	NOT-FOR-US: Brother hardware
CVE-2002-1052 (Jigsaw 2.2.1 on Windows systems allows remote attackers to use MS-DOS ...)
	NOT-FOR-US: Jigsaw
CVE-2002-1048 (HP JetDirect printers allow remote attackers to obtain the ...)
	NOT-FOR-US: HP printers
CVE-2002-1047 (The FTP service in Watchguard Soho Firewall 5.0.35a allows remote ...)
	NOT-FOR-US: Soho Firewall
CVE-2002-1045 (Ultrafunk Popcorn 1.20 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Ultrafunk Popcorn
CVE-2002-1044 (Buffer overflow in Ultrafunk Popcorn 1.20 allows remote attackers to ...)
	NOT-FOR-US: Ultrafunk Popcorn
CVE-2002-1043 (Ultrafunk Popcorn 1.20 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Ultrafunk Popcorn
CVE-2002-1042 (Directory traversal vulnerability in search engine for iPlanet web ...)
	NOT-FOR-US: iPlanet
CVE-2002-1041 (Unknown vulnerability in DCE (1) SMIT panels and (2) configuration ...)
	NOT-FOR-US: SMIT
CVE-2002-1040 (Unknown vulnerability in the WebSecure (DFSWeb) configuration ...)
	NOT-FOR-US: WebSecure
CVE-2002-1038 (Double Choco Latte (DCL) before 20020706 does not properly verify if a ...)
	- dcl 1:0.9.2-1
CVE-2002-1037 (Cross-site scripting vulnerability in Double Choco Latte (DCL) before ...)
	- dcl 1:0.9.2-1
CVE-2002-1036 (Cross-site scripting vulnerability in search.pl for Fluid Dynamics ...)
	NOT-FOR-US: Fluid Dynamics
CVE-2002-1034 (none.php for SunPS iRunbook 2.5.2 allows remote attackers to read ...)
	NOT-FOR-US: iRunBook
CVE-2002-1033 (Directory traversal vulnerability in none.php for SunPS iRunbook 2.5.2 ...)
	NOT-FOR-US: iRunBook
CVE-2002-1032 (Buffer overflow in KeyFocus (KF) web server 1.0.5 and earlier allows ...)
	NOT-FOR-US: KeyFocus Web Server
CVE-2002-1029 (Res Manager in Worldspan for Windows Gateway 4.1 allows remote ...)
	NOT-FOR-US: Worldspam for Windows
CVE-2002-1028 (Multiple buffer overflows in the CGI programs for Oddsock Song ...)
	NOT-FOR-US: Oddsock Winamp plugin
CVE-2002-1027 (Cross-site scripting vulnerability in the default HTTP 500 error ...)
	NOT-FOR-US: Macromedia Sitespring
CVE-2002-1026 (Macromedia Sitespring 1.2.0 (277.1) using Sybase runtime engine ...)
	NOT-FOR-US: Macromedia Sitespring
CVE-2002-1023 (BadBlue server allows remote attackers to cause a denial of service ...)
	NOT-FOR-US: BadBlue
CVE-2002-1022 (BadBlue server stores passwords in plaintext in the ext.ini file, ...)
	NOT-FOR-US: BadBlue
CVE-2002-1021 (BadBlue server allows remote attackers to read restricted files, such ...)
	NOT-FOR-US: BadBlue
CVE-2002-1020 (The library feature for Adobe Content Server 3.0 allows a remote ...)
	NOT-FOR-US: Adobe
CVE-2002-1019 (The library feature for Adobe Content Server 3.0 allows a remote ...)
	NOT-FOR-US: Adobe
CVE-2002-1018 (The library feature for Adobe Content Server 3.0 does not verify if a ...)
	NOT-FOR-US: Adobe
CVE-2002-1017 (Adobe eBook Reader 2.1 and 2.2 allows a user to copy eBooks to other ...)
	NOT-FOR-US: Adobe
CVE-2002-1016 (Adobe eBook Reader allows a user to bypass restrictions for copy, ...)
	NOT-FOR-US: Adobe
CVE-2002-1012 (Buffer overflow in web server for Tivoli Management Framework (TMF) ...)
	NOT-FOR-US: Tivoli
CVE-2002-1011 (Buffer overflow in web server for Tivoli Management Framework (TMF) ...)
	NOT-FOR-US: Tivoli
CVE-2002-1010 (Lotus Domino R4 allows remote attackers to bypass access restrictions ...)
	NOT-FOR-US: Domino
CVE-2002-1009 (Cross-site scripting vulnerability in PowerBASIC pbcgi.cgi, as ...)
	NOT-FOR-US: PowerBASIC
CVE-2002-1008 (Cross-site scripting vulnerability in PowerBASIC urlcount.cgi, as ...)
	NOT-FOR-US: PowerBASIC
CVE-2002-1007 (Cross-site scripting vulnerabilities in Blackboard 5 allow remote ...)
	NOT-FOR-US: Blackboard
CVE-2002-1005 (ArGoSoft Mail Server 1.8.1.7 and earlier allows a webmail user to ...)
	NOT-FOR-US: ArGoSoft
CVE-2002-1003 (Buffer overflow in MyWebServer 1.02 and earlier allows remote ...)
	NOT-FOR-US: MyWebServer
CVE-2002-1001 (Buffer overflows in AnalogX Proxy before 4.12 allows remote attackers ...)
	NOT-FOR-US: AnalogX Proxy
CVE-2002-0999 (Multiple SQL injection vulnerabilities in CARE 2002 before beta 1.0.02 ...)
	NOT-FOR-US: CARE
CVE-2002-0998 (Directory traversal vulnerability in cafenews.php for CARE 2002 before ...)
	NOT-FOR-US: CARE
CVE-2002-0997 (Buffer overflows in IMAP Agent (imapd) for Novell NetMail (NIMS) 3.0.3 ...)
	NOT-FOR-US: Novell
CVE-2002-0996 (Multiple buffer overflows in Novell NetMail (NIMS) 3.0.3 before 3.0.3C ...)
	NOT-FOR-US: Novell
CVE-2002-0994 (SunPCi II VNC uses a weak authentication scheme, which allows remote ...)
	NOT-FOR-US: SunPci II VNC
CVE-2002-0993 (Unknown vulnerability in HP Instant Support Enterprise Edition (ISEE) ...)
	NOT-FOR-US: HP
CVE-2002-0992 (Unknown vulnerability in IPV6 functionality for DCE daemons (1) dced ...)
	NOT-FOR-US: HP
CVE-2002-0991 (Buffer overflows in the cifslogin command for HP CIFS/9000 Client ...)
	NOT-FOR-US: HP
CVE-2002-0983 (IRC client irssi in irssi-text before 0.8.4 allows remote attackers to ...)
	{DSA-157}
	- irssi-text 0.8.5-2
CVE-2002-0982 (Microsoft SQL Server 2000 SP2, when configured as a distributor, ...)
	NOT-FOR-US: Microsoft
CVE-2002-0980 (The Web Folder component for Internet Explorer 5.5 and 6.0 writes an ...)
	NOT-FOR-US: Microsoft
CVE-2002-0979 (The Java logging feature for the Java Virtual Machine in Internet ...)
	NOT-FOR-US: Microsoft
CVE-2002-0978 (Microsoft File Transfer Manager (FTM) ActiveX control before 4.0 ...)
	NOT-FOR-US: Microsoft
CVE-2002-0977 (Buffer overflow in Microsoft File Transfer Manager (FTM) ActiveX ...)
	NOT-FOR-US: Microsoft
CVE-2002-0976 (Internet Explorer 4.0 and later allows remote attackers to read ...)
	NOT-FOR-US: Microsoft
CVE-2002-0975 (Buffer overflow in Microsoft DirectX Files Viewer ActiveX control ...)
	NOT-FOR-US: Microsoft
CVE-2002-0973 (Integer signedness error in several system calls for FreeBSD 4.6.1 ...)
	NOT-FOR-US: FreeBSD
CVE-2002-0972 (Buffer overflows in PostgreSQL 7.2 allow attackers to cause a denial ...)
	{DSA-165}
	- postgresql 7.2.2-1
CVE-2002-0971 (Vulnerability in VNC, TightVNC, and TridiaVNC allows local users to ...)
	NOT-FOR-US: Microsoft Windows specific
CVE-2002-0966 (Buffer overflow in 4D web server 6.7.3 allow remote attackers to cause ...)
	NOT-FOR-US: 4D web server
CVE-2002-0963 (SQL injection vulnerability in comment.php for GeekLog 1.3.5 and ...)
	NOT-FOR-US: GeekLog
CVE-2002-0962 (Cross-site scripting vulnerabilities in GeekLog 1.3.5 and earlier ...)
	NOT-FOR-US: GeekLog
CVE-2002-0961 (Vulnerabilities in Voxel Dot Net CBMS 0.7 and earlier allow remote ...)
	NOT-FOR-US: Voxel Dot Net CBMS
CVE-2002-0960 (Multiple cross-site scripting vulnerabilities in Voxel Dot Net CBMS ...)
	NOT-FOR-US: Voxel Dot Net CBMS
CVE-2002-0959 (Cross-site scripting vulnerability in Splatt Forum 3.0 allows remote ...)
	NOT-FOR-US: Splatt Forum
CVE-2002-0957 (The default configuration of BlackICE Agent 3.1.eal and 3.1.ebh has a ...)
	NOT-FOR-US: BlackICE Agent
CVE-2002-0956 (BlackICE Agent 3.1.eal does not always reactivate after a system ...)
	NOT-FOR-US: BlackICE Agent
CVE-2002-0955 (Cross-site scripting vulnerability in YaBB.cgi for Yet Another ...)
	NOT-FOR-US: YaBB
CVE-2002-0954 (The encryption algorithms for enable and passwd commands on Cisco PIX ...)
	NOT-FOR-US: Cisco
CVE-2002-0951 (SQL injection vulnerability in Ruslan &lt;Body&gt;Builder allows remote ...)
	NOT-FOR-US: Ruslan
CVE-2002-0950 (Cross-site scripting vulnerability in TransWARE Active! mail 1.422 and ...)
	NOT-FOR-US: TransWARE Active!
CVE-2002-0949 (Telindus 1100 series ADSL router allows remote attackers to gain ...)
	NOT-FOR-US: Telindus ADSL router
CVE-2002-0948 (Scripts For Educators MakeBook 2.2 CGI program allows remote attackers ...)
	NOT-FOR-US: MakeBook
CVE-2002-0944 (Cross-site scripting vulnerability in DeepMetrix LiveStats 5.03 ...)
	NOT-FOR-US: DeepMetrix LiveStats
CVE-2002-0943 (MetaCart2.sql stores the user database under the web document root ...)
	NOT-FOR-US: MetaCart
CVE-2002-0942 (Buffer overflows in Lugiment Log Explorer before 3.02 allow attackers ...)
	NOT-FOR-US: Lugiment Log Explorer
CVE-2002-0940 (domesticinstall.exe for nCipher MSCAPI CSP 5.50 and 5.54 does not use ...)
	NOT-FOR-US: nCipher MSCAPI
CVE-2002-0939 (The Install Wizard for nCipher MSCAPI CSP 5.50 does not use Operator ...)
	NOT-FOR-US: nCipher MSCAPI
CVE-2002-0937 (The Java Server Pages (JSP) engine in JRun allows web page owners to ...)
	NOT-FOR-US: JRun
CVE-2002-0936 (The Java Server Pages (JSP) engine in Tomcat allows web page owners to ...)
	- tomcat 3.2.3-1
CVE-2002-0934 (Directory traversal vulnerability in Jon Hedley AlienForm2 (typically ...)
	NOT-FOR-US: Jon Hedley AlienForm2
CVE-2002-0933 (Datalex PLC BookIt! Consumer before 2.2 stores usernames and passwords ...)
	NOT-FOR-US: Datalex PLC BooktIt Consumer
CVE-2002-0932 (SQL injection vulnerability in index.php for MyHelpDesk 20020509, and ...)
	NOT-FOR-US: MyHelpDesk
CVE-2002-0931 (Cross-site scripting vulnerabilities in MyHelpDesk 20020509, and ...)
	NOT-FOR-US: MyHelpDesk
CVE-2002-0930 (Format string vulnerability in the FTP server for Novell Netware 6.0 ...)
	NOT-FOR-US: Netware
CVE-2002-0929 (Buffer overflows in the DHCP server for NetWare 6.0 SP1 allow remote ...)
	NOT-FOR-US: Netware
CVE-2002-0928 (Buffer overflow in the Pirch 98 IRC client allows remote attackers to ...)
	NOT-FOR-US: pirch
CVE-2002-0926 (Directory traversal vulnerability in Wolfram Research webMathematica ...)
	NOT-FOR-US: webMathematica
CVE-2002-0925 (Format string vulnerability in mmsyslog function allows remote ...)
	NOT-FOR-US: mmftpd not in Debian anymore
CVE-2002-0924 (CGIScript.net csNews.cgi allows remote authenticated users to execute ...)
	NOT-FOR-US: CGIScript.net not int Debian
CVE-2002-0923 (CGIScript.net csNews.cgi allows remote authenticated users to read ...)
	NOT-FOR-US: CGIScript.net not int Debian
CVE-2002-0922 (CGIScript.net csNews.cgi allows remote attackers to obtain database ...)
	NOT-FOR-US: CGIScript.net not int Debian
CVE-2002-0921 (CGIScript.net csNews.cgi allows remote attackers to obtain potentially ...)
	NOT-FOR-US: CGIScript.net not int Debian
CVE-2002-0920 (CGIScript.net csPassword.cgi stores usernames and unencrypted ...)
	NOT-FOR-US: CGIScript.net not int Debian
CVE-2002-0919 (CGIScript.net csPassword.cgi allows remote authenticated users to ...)
	NOT-FOR-US: CGIScript.net not int Debian
CVE-2002-0918 (CGIScript.net csPassword.cgi leaks sensitive information such as the ...)
	NOT-FOR-US: CGIScript.net not int Debian
CVE-2002-0917 (CGIScript.net csPassword.cgi stores .htpasswd files under the web ...)
	NOT-FOR-US: CGIScript.net not int Debian
CVE-2002-0915 (autorun in Xandros based Linux distributions allows local users to ...)
	NOT-FOR-US: Xandros specific tool
CVE-2002-0913 (Format string vulnerability in log_doit function of Slurp NNTP client ...)
	NOT-FOR-US: Slurp NNTP
CVE-2002-0912 (in.uucpd UUCP server in Debian GNU/Linux 2.2, and possibly other ...)
	NOTE: DSA-129
CVE-2002-0910 (Buffer overflows in netstd 3.07-17 package allows remote DNS servers ...)
	NOTE: netstd
CVE-2002-0909 (Multiple buffer overflows in mnews 1.22 and earlier allow (1) a remote ...)
	NOT-FOR-US: mnews
CVE-2002-0908 (Directory traversal vulnerability in the web server for Cisco IDS ...)
	NOT-FOR-US: Cisco
CVE-2002-0907 (Buffer overflow in SHOUTcast 1.8.9 and other versions before 1.8.12 ...)
	NOT-FOR-US: SHOUTcast
CVE-2002-0905 (Buffer overflow in sqlexec for Informix SE-7.25 allows local users to ...)
	NOT-FOR-US: Informix
CVE-2002-0903 (register.php for WoltLab Burning Board (wbboard) 1.1.1 uses a small ...)
	NOT-FOR-US: wbboard
CVE-2002-0902 (Cross-site scripting vulnerability in phpBB 2.0.0 (phpBB2) allows ...)
	- phpbb2 2.0.6c-1
CVE-2002-0901 (Multiple buffer overflows in Advanced Maryland Automatic Network Disk ...)
	- amanda 2.4.0b6-1
CVE-2002-0899 (Falcon web server 2.0.0.1021 and earlier allows remote attackers to ...)
	NOT-FOR-US: Falcon
CVE-2002-0896 (The throttle capability in Swatch may fail to report certain events if ...)
	- swatch 3.0.4-1
CVE-2002-0894 (NewAtlanta ServletExec ISAPI 4.1 allows remote attackers to cause a ...)
	NOT-FOR-US: NewAtlanta ServletExec
CVE-2002-0893 (Directory traversal vulnerability in NewAtlanta ServletExec ISAPI 4.1 ...)
	NOT-FOR-US: NewAtlanta ServletExec
CVE-2002-0888 (3Com OfficeConnect Remote 812 ADSL Router, firmware 1.1.9 and 1.1.7, ...)
	NOT-FOR-US: 3com
CVE-2002-0886 (Cisco DSL CPE devices running CBOS 2.4.4 and earlier allows remote ...)
	NOT-FOR-US: Cisco
CVE-2002-0885 (Multiple buffer overflows in in.rarpd (ARP server) on Solaris, and ...)
	NOT-FOR-US: Solaris
CVE-2002-0884 (Multiple format string vulnerabilities in in.rarpd (ARP server) on ...)
	NOT-FOR-US: Solaris
CVE-2002-0883 (Vulnerability in Compaq ProLiant BL e-Class Integrated Administrator ...)
	NOT-FOR-US: Compaq
CVE-2002-0882 (The web server for Cisco IP Phone (VoIP) models 7910, 7940, and 7960 ...)
	NOT-FOR-US: Cisco
CVE-2002-0881 (Cisco IP Phone (VoIP) models 7910, 7940, and 7960 use a default ...)
	NOT-FOR-US: Cisco
CVE-2002-0880 (Cisco IP Phone (VoIP) models 7910, 7940, and 7960 allow remote ...)
	NOT-FOR-US: Cisco
CVE-2002-0879 (showtemp.cfm for Gafware CFXImage 1.6.6 allows remote attackers to ...)
	NOT-FOR-US: CFXImage
CVE-2002-0878 (SQL injection vulnerability in the login form for LogiSense software ...)
	NOT-FOR-US: LogiSense
CVE-2002-0877 (Directory traversal vulnerability in the FTP server for Shambala 4.5 ...)
	NOT-FOR-US: Shambala
CVE-2002-0876 (Web server for Shambala 4.5 allows remote attackers to cause a denial ...)
	NOT-FOR-US: Shambala
CVE-2002-0874 (Vulnerability in Interchange 4.8.6, 4.8.3, and other versions, when ...)
	{DSA-150}
	- interchange 4.8.6-1
CVE-2002-0870 (The original patch for the Cisco Content Service Switch 11000 Series ...)
	NOT-FOR-US: Cisco
CVE-2002-0869 (Unknown vulnerability in the hosting process (dllhost.exe) for ...)
	NOT-FOR-US: IIS
CVE-2002-0868
	RESERVED
CVE-2002-0863 (Remote Data Protocol (RDP) version 5.0 in Microsoft Windows 2000 and ...)
	NOT-FOR-US: Windows
CVE-2002-0862 (The (1) CertGetCertificateChain, (2) CertVerifyCertificateChainPolicy, ...)
	NOT-FOR-US: Microsoft
CVE-2002-0861 (Microsoft Office Web Components (OWC) 2000 and 2002 allows remote ...)
	NOT-FOR-US: Microsoft
CVE-2002-0858 (catsnmp in Oracle 9i and 8i is installed with a dbsnmp user with a ...)
	NOT-FOR-US: Oracle
CVE-2002-0857 (Format string vulnerabilities in Oracle Listener Control utility ...)
	NOT-FOR-US: Oracle
CVE-2002-0855 (Cross-site scripting vulnerability in Mailman before 2.0.12 allows ...)
	{DSA-147}
	- mailman 2.0.12-1
CVE-2002-0854 (Buffer overflows in ISDN Point to Point Protocol (PPP) daemon (ipppd) ...)
	NOT-FOR-US: SuSE specific
CVE-2002-0852 (Buffer overflows in Cisco Virtual Private Network (VPN) Client 3.5.4 ...)
	NOT-FOR-US: Cisco
CVE-2002-0849 (Linux-iSCSI iSCSI implementation installs the iscsi.conf file with ...)
	NOT-FOR-US: iSCSI
CVE-2002-0843 (Buffer overflows in the ApacheBench benchmark support program (ab.c) ...)
	{DSA-195 DSA-188 DSA-187}
	- apache 1.3.27-0.1
	- apache-perl 1.3.26-1.1-1.27-3-1
CVE-2002-0841
	REJECTED
CVE-2002-0839 (The shared memory scoreboard in the HTTP daemon for Apache 1.3.x ...)
	{DSA-195 DSA-188 DSA-187}
	- apache 1.3.27-0.1
	- apache-perl 1.3.26-1.1-1.27-3-1
CVE-2002-0838 (Buffer overflow in (1) gv 3.5.8 and earlier, (2) gvv 1.0.2 and ...)
	{DSA-182 DSA-179 DSA-176}
	- kdegraphics 4:2.2.2-6.9
	- gnome-gv 1.99.7-9
	- gv 1:3.5.8-27
CVE-2002-0837 (wordtrans 1.1pre8 and earlier in the wordtrans-web package allows ...)
	- wordtrans 1.1pre9
CVE-2002-0834 (Buffer overflow in the ISIS dissector for Ethereal 0.9.5 and earlier ...)
	{DSA-162}
	- ethereal 0.9.6-1
CVE-2002-0833 (Buffer overflow in Eudora 5.1.1 and 5.0-J for Windows, and possibly ...)
	NOT-FOR-US: Eudora
CVE-2002-0832 (Internet Explorer 5, 5.6, and 6 allows remote attackers to bypass ...)
	NOT-FOR-US: Internet Explorer
CVE-2002-0828
	REJECTED
CVE-2002-0827 (Vulnerability in pppd on UnixWare 7.1.1 and Open UNIX 8.0.0 allows ...)
	NOT-FOR-US: UnixWare
CVE-2002-0825 (Buffer overflow in the DNS SRV code for nss_ldap before nss_ldap-198 ...)
	- libnss-ldap 199-1
CVE-2002-0822 (Ethereal 0.9.4 and earlier allows remote attackers to cause a denial ...)
	- ethereal 0.9.4-1woody1
CVE-2002-0821 (Buffer overflows in Ethereal 0.9.4 and earlier allow remote attackers ...)
	- ethereal 0.9.4-1woody1
CVE-2002-0820 (FreeBSD kernel 4.6 and earlier closes the file descriptors 0, 1, and 2 ...)
	NOT-FOR-US: FreeBSD
CVE-2002-0819 (Format string vulnerability in artsd, when called by artswrapper, ...)
	- arts <not-affected> (artscontrol not suid root)
CVE-2002-0815 (The Javascript &quot;Same Origin Policy&quot; (SOP), as implemented in (1) ...)
	- mozilla 2:1.0.0-1
CVE-2002-0812 (Information leak in Compaq WL310, and the Orinoco Residential Gateway ...)
	NOT-FOR-US: Compaq hardware
CVE-2002-0811 (Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, may allow remote ...)
	NOTE: bugzilla 2.16.0-2.1
CVE-2002-0807 (Cross-site scripting vulnerabilities in Bugzilla 2.14 before 2.14.2, ...)
	NOTE: bugzilla 2.16.0-2.1
CVE-2002-0803 (Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, allows remote ...)
	NOTE: bugzilla 2.16.0-2.1
CVE-2002-0800 (BadBlue 1.7.0 allows remote attackers to list the contents of ...)
	NOT-FOR-US: BadBlue
CVE-2002-0799 (Buffer overflow in YoungZSoft CMailServer 3.30 allows remote attackers ...)
	NOT-FOR-US: YoungZoft
CVE-2002-0798 (Vulnerability in swinstall for HP-UX 11.00 and 11.11 allows local ...)
	NOT-FOR-US: HP
CVE-2002-0797 (Buffer overflow in the MIB parsing component of mibiisa for Solaris ...)
	NOT-FOR-US: Solaris
CVE-2002-0796 (Format string vulnerability in the logging component of snmpdx for ...)
	NOT-FOR-US: Solaris
CVE-2002-0793 (Hard link and possibly symbolic link following vulnerabilities in QNX ...)
	NOT-FOR-US: QNX
CVE-2002-0792 (The web management interface for Cisco Content Service Switch (CSS) ...)
	NOT-FOR-US: Cisco
CVE-2002-0791 (Novell Netware FTP server NWFTPD before 5.02r allows remote attackers ...)
	NOT-FOR-US: Novell
CVE-2002-0787 (Cross-site scripting vulnerabilities in iCon administrative web server ...)
	NOT-FOR-US: iCon
CVE-2002-0786 (iCon administrative web server for Critical Path inJoin Directory ...)
	NOT-FOR-US: Critical Path inJoin Directory Server
CVE-2002-0784 (Directory traversal vulnerability in Lysias Lidik web server 0.7b ...)
	NOT-FOR-US: Lidik web server
CVE-2002-0783 (Opera 6.01, 6.0, and 5.12 allows remote attackers to execute arbitrary ...)
	NOT-FOR-US: Opera
CVE-2002-0782 (Novell BorderManager 3.5 with PAT (Port-Address Translate) enabled ...)
	NOT-FOR-US: Novell
CVE-2002-0781 (RTSP proxy for Novell BorderManager 3.6 SP 1a allows remote attackers ...)
	NOT-FOR-US: Novell
CVE-2002-0780 (IP/IPX gateway for Novell BorderManager 3.6 SP 1a allows remote ...)
	NOT-FOR-US: Novell
CVE-2002-0779 (FTP proxy server for Novell BorderManager 3.6 SP 1a allows remote ...)
	NOT-FOR-US: Novell
CVE-2002-0775 (browse.asp in Hosting Controller allows remote attackers to view ...)
	NOT-FOR-US: Hosting Controller
CVE-2002-0774 (Hosting Controller creates a default user AdvWebadmin with a default ...)
	NOT-FOR-US: Hosting Controller
CVE-2002-0773 (imp_rootdir.asp for Hosting Controller allows remote attackers to copy ...)
	NOT-FOR-US: Hosting Controller
CVE-2002-0772 (Directory traversal vulnerability in dsnmanager.asp for Hosting ...)
	NOT-FOR-US: Hosting Controller
CVE-2002-0771 (Cross-site scripting vulnerability in viewcvs.cgi for ViewCVS 0.9.2 ...)
	- viewcvs 0.9.2-5
CVE-2002-0770 (Quake 2 (Q2) server 3.20 and 3.21 allows remote attackers to obtain ...)
	NOT-FOR-US: Historic Quake2 issue
CVE-2002-0769 (The web-based configuration interface for the Cisco ATA 186 Analog ...)
	NOT-FOR-US: Cisco
CVE-2002-0767 (simpleinit on Linux systems does not close a read/write FIFO file ...)
	NOT-FOR-US: simpleinit
CVE-2002-0764 (Phorum 3.3.2a allows remote attackers to execute arbitrary commands ...)
	NOT-FOR-US: Phorum
CVE-2002-0763 (Vulnerability in administration server for HP VirtualVault 4.5 on ...)
	NOT-FOR-US: HP
CVE-2002-0757 ((1) Webmin 0.96 and (2) Usermin 0.90 with password timeouts enabled ...)
	- webmin 0.980-1
	- usermin 0.910-1
CVE-2002-0756 (Cross-site scripting vulnerability in the authentication page for (1) ...)
	- webmin 0.980-1
	- usermin 0.910-1
CVE-2002-0753 (Buffer overflow in Talentsoft Web+ 5.0 allows remote attackers to ...)
	NOT-FOR-US: Talentsoft
CVE-2002-0752 (CGIscript.net csMailto.cgi program exports feedback to a file that is ...)
	NOT-FOR-US: CGIscript.net
CVE-2002-0751 (CGIscript.net csMailto.cgi program allows remote attackers to use ...)
	NOT-FOR-US: CGIscript.net
CVE-2002-0750 (CGIscript.net csMailto.cgi program allows remote attackers to read ...)
	NOT-FOR-US: CGIscript.net
CVE-2002-0749 (CGIscript.net csMailto.cgi allows remote attackers to execute ...)
	NOT-FOR-US: CGIscript.net
CVE-2002-0747 (Buffer overflow in lsmcode in AIX 4.3.3. ...)
	NOT-FOR-US: AIX
CVE-2002-0746 (Vulnerability in template.dhcpo in AIX 4.3.3 related to an insecure ...)
	NOT-FOR-US: AIX
CVE-2002-0745 (Buffer overflow in uucp in AIX 4.3.3. ...)
	NOT-FOR-US: AIX
CVE-2002-0744 (namerslv in AIX 4.3.3 core dumps when called with a very long ...)
	NOT-FOR-US: AIX
CVE-2002-0743 (mail and mailx in AIX 4.3.3 core dump when called with a very long ...)
	NOT-FOR-US: AIX
CVE-2002-0742 (Buffer overflow in pioout on AIX 4.3.3. ...)
	NOT-FOR-US: AIX
CVE-2002-0740 (Buffer overflow in slrnpull for the SLRN package, when installed ...)
	- slrn 0.9.6.2-9
CVE-2002-0739 (Cross-site scripting in PostCalendar 3.02 allows remote attackers to ...)
	NOT-FOR-US: PostCalendat
CVE-2002-0735 (Format string vulnerability in the logging() function in C-Note Squid ...)
	- squid <not-affected> (Historic vulnerability, fixed before Woody was released)
CVE-2002-0732 (Cross-site scripting vulnerability in MyGuestbook 1.0 allows remote ...)
	NOT-FOR-US: MyGuestbook
CVE-2002-0731 (Cross-site scripting vulnerability in demonstration scripts for ...)
	NOT-FOR-US: vqServer
CVE-2002-0730 (Cross-site scripting vulnerability in guestbook.pl for Philip ...)
	NOT-FOR-US: guestbook
CVE-2002-0728 (Buffer overflow in the progressive reader for libpng 1.2.x before ...)
	{DSA-140}
	- libpng 1.0.12-4
	- libpng3 1.2.1-2
CVE-2002-0725 (NTFS file system in Windows NT 4.0 and Windows 2000 SP2 allows local ...)
	NOT-FOR-US: windows
CVE-2002-0724 (Buffer overflow in SMB (Server Message Block) protocol in Microsoft ...)
	NOT-FOR-US: windows
CVE-2002-0723 (Microsoft Internet Explorer 5.5 and 6.0 does not properly verify the ...)
	NOT-FOR-US: internet explorer
CVE-2002-0721 (Microsoft SQL Server 7.0 and 2000 installs with weak permissions for ...)
	NOT-FOR-US: Microsoft SQL Server
CVE-2002-0717 (PHP 4.2.0 and 4.2.1 allows remote attackers to cause a denial of ...)
	- php4 4:4.2.2-1
CVE-2002-0715 (Vulnerability in Squid before 2.4.STABLE6 related to proxy ...)
	- squid 2.4.6-2
CVE-2002-0713 (Buffer overflows in Squid before 2.4.STABLE6 allow remote attackers to ...)
	- squid 2.4.6-2
CVE-2002-0712 (Entrust Authority Security Manager (EASM) 6.0 does not properly ...)
	NOT-FOR-US: EASM
CVE-2002-0711 (Unknown vulnerability in Cluster Interconnect for HP TruCluster Server ...)
	NOT-FOR-US: HP
CVE-2002-0709 (SQL injection vulnerabilities in the Web Reports Server for ...)
	NOT-FOR-US: no_package
CVE-2002-0708 (Directory traversal vulnerability in the Web Reports Server for ...)
	NOT-FOR-US: no_package
CVE-2002-0707 (The Web Reports Server for SurfControl SuperScout WebFilter allows ...)
	NOT-FOR-US: no_package
CVE-2002-0706 (UserManager.js in the Web Reports Server for SurfControl SuperScout ...)
	NOT-FOR-US: no_package
CVE-2002-0705 (The Web Reports Server for SurfControl SuperScout WebFilter stores the ...)
	NOT-FOR-US: no_package
CVE-2002-0702 (Format string vulnerabilities in the logging routines for dynamic DNS ...)
	- dhcp3 3.0+3.0.1rc9-1
CVE-2002-0699 (Unknown vulnerability in the Certificate Enrollment ActiveX Control in ...)
	NOT-FOR-US: windows
CVE-2002-0693 (Buffer overflow in the HTML Help ActiveX Control (hhctrl.ocx) in ...)
	NOT-FOR-US: windows
CVE-2002-0690 (Format string vulnerability in McAfee Security ePolicy Orchestrator ...)
	NOT-FOR-US: McAfee
CVE-2002-0689
	RESERVED
CVE-2002-0686 (Buffer overflow in the search component for iPlanet Web Server (iWS) ...)
	NOT-FOR-US: no_package
CVE-2002-0684 (Buffer overflow in DNS resolver functions that perform lookup of ...)
	- glibc 2.2.5-8
CVE-2002-0683 (Directory traversal vulnerability in Carello 1.3 allows remote ...)
	NOT-FOR-US: no_package
CVE-2002-0681 (Cross-site scripting vulnerability in GoAhead Web Server 2.1 allows ...)
	NOT-FOR-US: no_package
CVE-2002-0680 (Directory traversal vulnerability in GoAhead Web Server 2.1 allows ...)
	NOT-FOR-US: no_package
CVE-2002-0677 (CDE ToolTalk database server (ttdbserver) allows remote attackers to ...)
	NOT-FOR-US: no_package
CVE-2002-0675 (Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 ...)
	NOT-FOR-US: no_package
CVE-2002-0670 (The web interface for Pingtel xpressa SIP-based voice-over-IP phone ...)
	NOT-FOR-US: no_package
CVE-2002-0669 (The web interface for Pingtel xpressa SIP-based voice-over-IP phone ...)
	NOT-FOR-US: no_package
CVE-2002-0667 (Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 ...)
	NOT-FOR-US: no_package
CVE-2002-0666 (IPSEC implementations including (1) FreeS/WAN and (2) KAME do not ...)
	{DSA-201}
	- freeswan 1.99-1
CVE-2002-0664 (The default Access Control Lists (ACLs) of the administration database ...)
	NOT-FOR-US: ZMerge
CVE-2002-0661 (Directory traversal vulnerability in Apache 2.0 through 2.0.39 on ...)
	- apache2 2.0.40
CVE-2002-0660 (Buffer overflow in libpng 1.0.12-3.woody.2 and libpng3 ...)
	{DSA-140}
	- libpng 1.0.12-4
	- libpng3 1.2.1-2
CVE-2002-0659 (The ASN1 library in OpenSSL 0.9.6d and earlier, and 0.9.7-beta2 and ...)
	{DSA-136}
	- openssl 0.9.6e-1
CVE-2002-0657 (Buffer overflow in OpenSSL 0.9.7 before 0.9.7-beta3, with Kerberos ...)
	{DSA-136}
	- openssl 0.9.6e-1
CVE-2002-0656 (Buffer overflows in OpenSSL 0.9.6d and earlier, and 0.9.7-beta2 and ...)
	{DSA-136}
	- openssl 0.9.6e-1
CVE-2002-0655 (OpenSSL 0.9.6d and earlier, and 0.9.7-beta2 and earlier, does not ...)
	{DSA-136}
	- openssl 0.9.6e-1
CVE-2002-1412 (Gallery photo album package before 1.3.1 allows local and possibly ...)
	{DSA-138}
	- gallery 1.3-3
CVE-2004-0356 (Stack-based buffer overflow in Supervisor Report Center in SL Mail Pro ...)
	NOT-FOR-US: windows mta
CVE-2004-0347 (Cross-site scripting (XSS) vulnerability in delhomepage.cgi in ...)
	NOT-FOR-US: juniper router
CVE-2004-0336 (LAN SUITE Web Mail 602Pro allows remote attackers to gain sensitive ...)
	NOT-FOR-US: windows mta
CVE-2004-0320 (Unknown vulnerability in nCipher Hardware Security Modules (HSM) ...)
	NOT-FOR-US: ncipher hardware
CVE-2004-0309 (Stack-based buffer overflow in the SMTP service support in vsmon.exe ...)
	NOT-FOR-US: windows firewall
CVE-2004-0307 (Cisco ONS 15327 before 4.1(3), ONS 15454 before 4.6(1), and ONS 15454 ...)
	NOT-FOR-US: cisco
CVE-2004-0306 (Cisco ONS 15327 before 4.1(3), ONS 15454 before 4.6(1), ONS 15454 SD ...)
	NOT-FOR-US: cisco
CVE-2004-0297 (Buffer overflow in the Lightweight Directory Access Protocol (LDAP) ...)
	NOT-FOR-US: windows mta
CVE-2004-0276 (The get_real_string function in Monkey HTTP Daemon (monkeyd) 0.8.1 and ...)
	NOT-FOR-US: monkeyd, not in debian
CVE-2004-0274 (Share.mod in Eggheads Eggdrop IRC bot 1.6.10 through 1.6.15 can ...)
	- eggdrop 1.6.17
CVE-2004-0273 (Directory traversal vulnerability in RealOne Player, RealOne Player ...)
	NOT-FOR-US: realone player
CVE-2004-0270 (libclamav in Clam AntiVirus 0.65 allows remote attackers to cause a ...)
	- clamav 0.80
CVE-2004-0263 (PHP 4.3.4 and earlier in Apache 1.x and 2.x (mod_php) can leak global ...)
	- php4 4.3.9
CVE-2004-0261 (oj.cgi in OpenJournal 2.0 through 2.0.5 allows remote attackers to ...)
	NOT-FOR-US: openjournal, not in debian
CVE-2004-0257 (OpenBSD 3.4 and NetBSD 1.6 and 1.6.1 allow remote attackers to cause a ...)
	NOT-FOR-US: open/netbsd
CVE-2004-0256 (GNU libtool before 1.5.2, during compile time, allows local users to ...)
	- libtool 1.5.6
CVE-2004-0194 (Stack-based buffer overflow in the OutputDebugString function for ...)
	NOT-FOR-US: acroread
CVE-2004-0193 (Heap-based buffer overflow in the ISS Protocol Analysis Module (PAM), ...)
	NOT-FOR-US: realsecure/blackice
CVE-2004-0191 (Mozilla before 1.4.2 executes Javascript events in the context of a ...)
	- mozilla 2:1.7.3
CVE-2004-0190 (Symantec FireWall/VPN Appliance model 200 records a cleartext ...)
	NOT-FOR-US: symantec
CVE-2004-0189 (The &quot;%xx&quot; URL decoding function in Squid 2.5STABLE4 and earlier allows ...)
	{DSA-474}
	- squid 2.5.5-1
CVE-2004-0188 (Heap-based buffer overflow in Calife 2.8.5 and earlier may allow local ...)
	{DSA-461}
	- calife 2.8.6-1 (bug #235157)
CVE-2004-0186 (smbmnt in Samba 2.x and 3.x on Linux 2.6, when installed setuid, ...)
	{DSA-463}
	- samba 3.0.2-2
CVE-2004-0185 (Buffer overflow in the skey_challenge function in ftpd.c for wu-ftp ...)
	{DSA-457}
	- wu-ftpd 2.6.2-17.1
CVE-2004-0173 (Directory traversal vulnerability in Apache 1.3.29 and earlier, and ...)
	NOT-FOR-US: apache/cygwin
CVE-2004-0171 (FreeBSD 5.1 and earlier, and Mac OS X before 10.3.4, allows remote ...)
	NOT-FOR-US: freebsd/os x
CVE-2004-0169 (QuickTime Streaming Server in MacOS X 10.2.8 and 10.3.2 allows remote ...)
	NOT-FOR-US: os x
CVE-2004-0167 (DiskArbitration in Mac OS X 10.2.8 and 10.3.2 does not properly ...)
	NOT-FOR-US: os x
CVE-2004-0165 (Format string vulnerability in Point-to-Point Protocol (PPP) daemon ...)
	NOT-FOR-US: os x
CVE-2004-0160 (Synaesthesia 2.2 and earlier allows local users to execute arbitrary ...)
	{DSA-446}
	- synaesthesia 2.1-3
	NOTE: synaesthesia is no longer setuid in Debian.
CVE-2004-0159 (Format string vulnerability in hsftp 1.11 allows remote authenticated ...)
	{DSA-447}
	- hsftp 1.15-1
CVE-2004-0150 (Buffer overflow in the getaddrinfo function in Python 2.2 before ...)
	{DSA-458-3}
	- python2.2 2.2.2
CVE-2004-0148 (wu-ftpd 2.6.2 and earlier, with the restricted-gid option enabled, ...)
	{DSA-457}
	- wu-ftpd 2.6.2-17.1
CVE-2004-0131 (The rad_print_request function in logger.c for GNU Radius daemon ...)
	NOT-FOR-US: gnu radiusd, not in debian
CVE-2004-0129 (Directory traversal vulnerability in export.php in phpMyAdmin 2.5.5 ...)
	- phpmyadmin 2:2.6.0-pl2
CVE-2004-0128 (PHP remote file inclusion vulnerability in the GEDCOM configuration ...)
	NOT-FOR-US: phpgedview, not in debian
CVE-2004-0126 (The jail_attach system call in FreeBSD 5.1 and 5.2 changes the ...)
	NOT-FOR-US: freebsd
CVE-2004-0122 (Microsoft MSN Messenger 6.0 and 6.1 does not properly handle certain ...)
	NOT-FOR-US: microsoft
CVE-2004-0121 (Argument injection vulnerability in Microsoft Outlook 2002 does not ...)
	NOT-FOR-US: microsoft
CVE-2004-0115 (VirtualPC_Services in Microsoft Virtual PC for Mac 6.0 through 6.1 ...)
	NOT-FOR-US: microsoft
CVE-2004-0114 (The shmat system call in the System V Shared Memory interface for ...)
	NOT-FOR-US: bsd
CVE-2004-0113 (Memory leak in ssl_engine_io.c for mod_ssl in Apache 2 before 2.0.49 ...)
	- apache2 2.0.52
CVE-2004-0111 (gdk-pixbuf before 0.20 allows attackers to cause a denial of service ...)
	{DSA-464}
	- gdk-pixbuf 0.22.0-3
CVE-2004-0108 (The isag utility, which processes sysstat data, allows local users to ...)
	{DSA-460}
	- sysstat 5.0.2-1
CVE-2004-0099 (mksnap_ffs in FreeBSD 5.1 and 5.2 only sets the snapshot flag when ...)
	NOT-FOR-US: freebsd
CVE-2004-0096 (Unknown vulnerability in mod_python 2.7.9 allows remote attackers to ...)
	- libapache-mod-python 2:2.7.10
CVE-2004-0095 (McAfee ePolicy Orchestrator agent allows remote attackers to cause a ...)
	NOT-FOR-US: mcafee
CVE-2004-0094 (Integer signedness errors in XFree86 4.1.0 allow remote attackers to ...)
	{DSA-443}
	- xfree86 4.2.1-6
CVE-2004-0093 (XFree86 4.1.0 allows remote attackers to cause a denial of service and ...)
	{DSA-443}
	- xfree86 4.2.1-6
CVE-2004-0089 (Buffer overflow in TruBlueEnvironment in Mac OS X 10.3.x and 10.2.x ...)
	NOT-FOR-US: os x
CVE-2004-0082 (The mksmbpasswd shell script (mksmbpasswd.sh) in Samba 3.0.0 and ...)
	- samba 3.0.7
CVE-2004-0080 (The login program in util-linux 2.11 and earlier uses a pointer after ...)
	NOT-FOR-US: debian uses different login
CVE-2004-0078 (Buffer overflow in the index menu code (menu_pad_string of menu.c) for ...)
	- mutt 1.5.6-20040722+1
CVE-2004-0077 (The do_mremap function for the mremap system call in Linux 2.2 to ...)
	{DSA-514 DSA-475 DSA-470 DSA-466 DSA-456 DSA-454 DSA-453 DSA-450 DSA-444 DSA-442 DSA-441 DSA-440 DSA-439 DSA-438}
	- kernel-source-2.4.27 <not-affected> (Fixed before initial upload; 2.4.26-pre3)
	- kernel-source-2.2.20 <removed>
CVE-2004-0075 (The Vicam USB driver in Linux before 2.4.25 does not use the ...)
	- kernel-source-2.4.24 2.4.24-3
	NOTE: fixed in 2.4.26-pre3
CVE-2004-0070 (PHP remote file inclusion vulnerability in module.php for ezContents ...)
	NOT-FOR-US: ezcontents, commercial
CVE-2004-0068 (PHP remote file inclusion vulnerability in config.php for PhpDig 1.6.5 ...)
	NOT-FOR-US: phpdig, not in debian
CVE-2004-0063 (The SPP_VerifyPVV function in nCipher payShield SPP library 1.3.12, ...)
	NOT-FOR-US: ncipher hsm
CVE-2004-0049 (Helix Universal Server/Proxy 9 and Mobile Server 10 allow remote ...)
	NOT-FOR-US: real helix
CVE-2004-0045 (Buffer overflow in the ARTpost function in art.c in the control ...)
	- inn2 2.4.1+20040820
	[woody] - inn2 <not-affected>
CVE-2004-0044 (Cisco Personal Assistant 1.4(1) and 1.4(2) disables password ...)
	NOT-FOR-US: cisco
CVE-2004-0040 (Stack-based buffer overflow in Check Point VPN-1 Server 4.1 through ...)
	NOT-FOR-US: checkpoint
CVE-2004-0036 (SQL injection vulnerability in calendar.php for vBulletin Forum 2.3.x ...)
	NOT-FOR-US: vbulletin, commercial
CVE-2004-0035 (SQL injection vulnerability in register.php for Phorum 3.4.5 and ...)
	NOT-FOR-US: phorum, not in debian
CVE-2004-0033 (admin.php in PHPGEDVIEW 2.61 allows remote attackers to obtain ...)
	NOT-FOR-US: phpgedview, not in debian
CVE-2004-0032 (Cross-site scripting (XSS) vulnerability in search.php in PHPGEDVIEW ...)
	NOT-FOR-US: phpgedview, not in debian
CVE-2004-0031 (PHPGEDVIEW 2.61 allows remote attackers to reinstall the software and ...)
	NOT-FOR-US: phpgedview, not in debian
CVE-2004-0028 (jitterbug 1.6.2 does not properly sanitize inputs, which allows remote ...)
	{DSA-420}
	- jitterbug 1.6.2-4.5
CVE-2004-0016 (The calendar module for phpgroupware 0.9.14 does not enforce the &quot;save ...)
	{DSA-419}
	- phpgroupware 0.9.14.007-4
CVE-2004-0015 (vbox3 0.1.8 and earlier does not properly drop privileges before ...)
	{DSA-418}
	- vbox3 0.1.8
CVE-2004-0013 (jabber 1.4.2, 1.4.2a, and possibly earlier versions, does not properly ...)
	{DSA-414}
	- jabber 1.4.3-1
CVE-2004-0011 (Buffer overflow in fsp before 2.81.b18 allows remote users to execute ...)
	{DSA-416}
	- fsp 2.81.b18-1
CVE-2004-0009 (Apache-SSL 1.3.28+1.52 and earlier, with SSLVerifyClient set to 1 or 3 ...)
	- apache-ssl 1.3.31
CVE-2004-0004 (The libCheckSignature function in crypto-utils.lib for OpenCA 0.9.1.6 ...)
	NOT-FOR-US: openca, not in debian
CVE-2004-0001 (Unknown vulnerability in the eflags checking in the 32-bit ptrace ...)
	- kernel-image-2.6.8-9-amd64-generic
CVE-2003-1328 (The showHelp() function in Microsoft Internet Explorer 5.01, 5.5, and ...)
	NOT-FOR-US: windows
CVE-2003-1326 (Microsoft Internet Explorer 5.5 and 6.0 allows remote attackers ...)
	NOT-FOR-US: windows
CVE-2003-1022 (Directory traversal vulnerability in fsp before 2.81.b18 allows remote ...)
	{DSA-416}
	- fsp 2.81.b18-1
CVE-2003-0994 (The GUI functionality for an interactive session in Symantec ...)
	NOT-FOR-US: norton
CVE-2003-0993 (mod_access in Apache 1.3 before 1.3.30, when running big-endian 64-bit ...)
	- apache 1.3.29.0.2-4
CVE-2003-0991 (Unknown vulnerability in the mail command handler in Mailman before ...)
	{DSA-436}
	- mailman 2.1-1
	NOTE: I have mailed Tollef Fog Heen <tfheen@debian.org> about this.
	NOTE: Tollef Fog Heen reply to me that 2.1 versions are not vulnerable
CVE-2003-0988 (Buffer overflow in the VCF file information reader for KDE Personal ...)
	- kdepim 4:3.1.5-1
CVE-2003-0985 (The mremap system call (do_mremap) in Linux kernel 2.4.x before ...)
	{DSA-475 DSA-470 DSA-450 DSA-442 DSA-440 DSA-439 DSA-427 DSA-423 DSA-417 DSA-413}
	- kernel-source-2.4.27 <not-affected> (Fixed before initial upload; 2.4.24-rc1)
CVE-2003-0969 (mpg321 0.2.10 allows remote attackers to overwrite memory and possibly ...)
	{DSA-411}
	- mpg321 0.2.10.3
CVE-2003-0966 (Buffer overflow in the frm command in elm 2.5.6 and earlier, and ...)
	NOT-FOR-US: elm
CVE-2003-0924 (netpbm 9.25 and earlier does not properly create temporary files, ...)
	{DSA-426}
	- netpbm-free 2:9.25-9
CVE-2003-0905 (Unknown vulnerability in Windows Media Station Service and Windows ...)
	NOT-FOR-US: microsoft
CVE-2003-0903 (Buffer overflow in a component of Microsoft Data Access Components ...)
	NOT-FOR-US: microsoft
CVE-2003-0825 (The Windows Internet Naming Service (WINS) for Microsoft Windows ...)
	NOT-FOR-US: microsoft
CVE-2003-0145 (Unknown vulnerability in tcpdump before 3.7.2 related to an inability ...)
	{DSA-261}
	- tcpdump 3.7.2-1
CVE-2003-0143 (The pop_msg function in qpopper 4.0.x before 4.0.5fc2 does not null ...)
	{DSA-259}
	- qpopper 4.0.4-9
CVE-2003-0125 (Buffer overflow in the web interface for SOHO Routefinder 550 before ...)
	NOT-FOR-US: SOHO Routefinder
CVE-2003-0124 (man before 1.5l allows attackers to execute arbitrary code via a ...)
	NOT-FOR-US: man before 1.51
CVE-2003-0123 (Buffer overflow in Web Retriever client for Lotus Notes/Domino R4.5 ...)
	NOT-FOR-US: lotus notes
CVE-2003-0122 (Buffer overflow in Notes server before Lotus Notes R4, R5 before ...)
	NOT-FOR-US: lotus notes
CVE-2003-0120 (adb2mhc in the mhc-utils package before 0.25+20010625-7.1 allows local ...)
	{DSA-256}
	- mhc 0.25+20030224-1
CVE-2003-0108 (isakmp_sub_print in tcpdump 3.6 through 3.7.1 allows remote attackers ...)
	{DSA-255}
	- tcpdump 3.7.1-1.2
CVE-2003-0107 (Buffer overflow in the gzprintf function in zlib 1.1.4, when zlib is ...)
	- zlib 1:1.1.4-10
CVE-2003-0104 (Directory traversal vulnerability in PeopleTools 8.10 through 8.18, ...)
	NOT-FOR-US: peopletools
CVE-2003-0103 (Format string vulnerability in Nokia 6210 handset allows remote ...)
	NOT-FOR-US: nokia handset
CVE-2003-0102 (Buffer overflow in tryelf() in readelf.c of the file command allows ...)
	{DSA-260}
	- file 3.40-1.1
CVE-2003-0100 (Buffer overflow in Cisco IOS 11.2.x to 12.0.x allows remote attackers ...)
	NOT-FOR-US: cisco
CVE-2003-0097 (Unknown vulnerability in CGI module for PHP 4.3.0 allows attackers to ...)
	- php4 4:4.3.2+rc3-1
CVE-2003-0095 (Buffer overflow in ORACLE.EXE for Oracle Database Server 9i, 8i, ...)
	NOT-FOR-US: oracle
CVE-2003-0094 (A patch for mcookie in the util-linux package for Mandrake Linux 8.2 ...)
	NOT-FOR-US: mandrake specific
CVE-2003-0093 (The RADIUS decoder in tcpdump 3.6.2 and earlier allows remote ...)
	{DSA-261}
	- tcpdump 3.7.1-1
CVE-2003-0088 (TruBlueEnvironment for MacOS 10.2.3 and earlier allows local users to ...)
	NOT-FOR-US: macosX
CVE-2003-0087 (Buffer overflow in libIM library (libIM.a) for National Language ...)
	NOT-FOR-US: AIX
CVE-2003-0081 (Format string vulnerability in packet-socks.c of the SOCKS dissector ...)
	{DSA-258}
	- ethereal 0.9.9-2
CVE-2003-0079 (The DEC UDK processing feature in the hanterm (hanterm-xf) terminal ...)
	NOT-FOR-US: hanterm before 2.0.5
CVE-2003-0078 (ssl3_get_record in s3_pkt.c for OpenSSL before 0.9.7a and 0.9.6 before ...)
	{DSA-253}
	- openssl 0.9.7a-1
CVE-2003-0077 (The hanterm (hanterm-xf) terminal emulator 2.0.5 and earlier, and ...)
	NOT-FOR-US: hanterm before 2.0.5
CVE-2003-0075 (Integer signedness error in the myFseek function of samplein.c for ...)
	NOT-FOR-US: blade encoder not in Debian
CVE-2003-0073 (Double-free vulnerability in mysqld for MySQL before 3.23.55 allows ...)
	{DSA-303}
	- mysql-dfsg 4.0.12-2
CVE-2003-0071 (The DEC UDK processing feature in the xterm terminal emulator in ...)
	{DSA-380}
	- xfree86 4.2.1-11
CVE-2003-0070 (VTE, as used by default in gnome-terminal terminal emulator 2.2 and as ...)
	- vte 1:0.11.10-1
CVE-2003-0069 (The PuTTY terminal emulator 0.53 allows attackers to modify the window ...)
	- putty 0.54-1
CVE-2003-0068 (The Eterm terminal emulator 0.9.1 and earlier allows attackers to ...)
	{DSA-496}
	- eterm 0.9.2-6
CVE-2003-0067 (The aterm terminal emulator 0.42 allows attackers to modify the window ...)
	NOTE: I have mailed Goran Weinholt <weinholt@debian.org> about this.
	NOTE: Goran Weinholt <weinholt@debian.org> tell me that aterm 0.4.2 was
	NOTE: never vulnerable to the problem described.
	NOTE: this CVE is bogus.
CVE-2003-0066 (The rxvt terminal emulator 2.7.8 and earlier allows attackers to ...)
	- rxvt 1:2.6.4-6.1 (bug #244810)
	NOTE: woody version is still vulnerable
CVE-2003-0065 (The uxterm terminal emulator allows attackers to modify the window ...)
	NOT-FOR-US: uxterm not in Debian
CVE-2003-0064 (The dtterm terminal emulator allows attackers to modify the window ...)
	NOT-FOR-US: dtterm not in Debian
CVE-2003-0063 (The xterm terminal emulator in XFree86 4.2.0 and earlier allows ...)
	{DSA-380}
	- xfree86 4.2.1-11
CVE-2003-0062 (Buffer overflow in Eset Software NOD32 for UNIX before 1.013 allows ...)
	NOT-FOR-US: NOD32 not in Debian
CVE-2003-0059 (Unknown vulnerability in the chk_trans.c of the libkrb5 library for ...)
	- krb5 1.2.5-1
CVE-2003-0058 (MIT Kerberos V5 Key Distribution Center (KDC) before 1.2.5 allows ...)
	- krb5 1.2.5-1
CVE-2003-0055 (Buffer overflow in the MP3 broadcasting module of Apple Darwin ...)
	NOT-FOR-US: apple
CVE-2003-0054 (Apple Darwin Streaming Administration Server 4.1.2 and QuickTime ...)
	NOT-FOR-US: apple
CVE-2003-0053 (Cross-site scripting (XSS) vulnerability in parse_xml.cgi in Apple ...)
	NOT-FOR-US: apple
CVE-2003-0052 (parse_xml.cgi in Apple Darwin Streaming Administration Server 4.1.2 ...)
	NOT-FOR-US: apple
CVE-2003-0051 (parse_xml.cgi in Apple Darwin Streaming Administration Server 4.1.2 ...)
	NOT-FOR-US: apple
CVE-2003-0050 (parse_xml.cgi in Apple Darwin Streaming Administration Server 4.1.2 ...)
	NOT-FOR-US: apple
CVE-2003-0045 (Jakarta Tomcat before 3.3.1a on certain Windows systems may allow ...)
	NOT-FOR-US: windows
CVE-2003-0043 (Jakarta Tomcat before 3.3.1a, when used with JDK 1.3.1 or earlier, ...)
	{DSA-246}
	- tomcat 3.3.1a-1
CVE-2003-0040 (SQL injection vulnerability in the PostgreSQL auth module for courier ...)
	{DSA-247}
	- courier 0.40.2-3
	- courier-ssl 0.40.2-3
CVE-2003-0039 (ISC dhcrelay (dhcp-relay) 3.0rc9 and earlier, and possibly other ...)
	{DSA-245}
	- dhcp3 3.0+3.0.1rc11-3
	NOTE: Version information in DSA is wrong.
CVE-2003-0033 (Buffer overflow in the RPC preprocessor for Snort 1.8 and 1.9.x before ...)
	{DSA-297}
	- snort 2.0.0-1
CVE-2003-0032 (Memory leak in libmcrypt before 2.5.5 allows attackers to cause a ...)
	{DSA-228}
	- libmcrypt 2.5.5-1
CVE-2003-0027 (Directory traversal vulnerability in Sun Kodak Color Management System ...)
	NOT-FOR-US: sun
CVE-2003-0024 (The menuBar feature in aterm 0.42 allows attackers to modify menu ...)
	NOTE: I have mailed Goran Weinholt <weinholt@debian.org> about this.
	NOTE: Goran Weinholt <weinholt@debian.org> tell me that aterm 0.4.2 was
	NOTE: never vulnerable to the problem described.
	NOTE: this CVE is bogus.
CVE-2003-0023 (The menuBar feature in rxvt 2.7.8 allows attackers to modify menu ...)
	- rxvt 1:2.6.4-6.1
CVE-2003-0022 (The &quot;screen dump&quot; feature in rxvt 2.7.8 allows attackers to overwrite ...)
	- rxvt 1:2.6.4-6.1
CVE-2003-0021 (The &quot;screen dump&quot; feature in Eterm 0.9.1 and earlier allows attackers ...)
	- eterm 0.9.2-1
	NOTE: According to upstream changelog and http://marc.theaimsgroup.com/?l=bugtraq&m=104612710031920&w=2
	NOTE: this is fixed in eterm 0.9.2
CVE-2003-0020 (Apache does not filter terminal escape sequences from its error logs, ...)
	- apache2 2.0.49
	- apache 1.3.29.0.2-4
CVE-2003-0019 (uml_net in the kernel-utils package for Red Hat Linux 8.0 has ...)
	NOT-FOR-US: redhat 8.0 only
CVE-2003-0018 (Linux kernel 2.4.10 through 2.4.21-pre4 does not properly handle the ...)
	{DSA-423 DSA-358}
	- linux-2.6 <not-affected> (Fixed before upload into archive; in 2.5.27)
	- kernel-source-2.4.27 <not-affected> (Fixed before upload into archive; in 2.4.21)
CVE-2003-0017 (Apache 2.0 before 2.0.44 on Windows platforms allows remote attackers ...)
	NOT-FOR-US: apache on windows
CVE-2003-0016 (Apache before 2.0.44, when running on unpatched Windows 9x and Me ...)
	NOT-FOR-US: apache on windows
CVE-2003-0015 (Double-free vulnerability in CVS 1.11.4 and earlier allows remote ...)
	{DSA-233}
	- cvs 1.11.2-5.1
CVE-2003-0013 (The default .htaccess scripts for Bugzilla 2.14.x before 2.14.5, ...)
	{DSA-230}
	- bugzilla 2.16.2-1
CVE-2003-0012 (The data collection script for Bugzilla 2.14.x before 2.14.5, 2.16.x ...)
	{DSA-230}
	- bugzilla 2.16.2-1
CVE-2003-0009 (Cross-site scripting (XSS) vulnerability in Help and Support Center ...)
	NOT-FOR-US: windows
CVE-2003-0007 (Microsoft Outlook 2002 does not properly handle requests to encrypt ...)
	NOT-FOR-US: windows
CVE-2003-0004 (Buffer overflow in the Windows Redirector function in Microsoft ...)
	NOT-FOR-US: windows
CVE-2003-0003 (Buffer overflow in the RPC Locator service for Microsoft Windows NT ...)
	NOT-FOR-US: windows
CVE-2003-0002 (Cross-site scripting vulnerability (XSS) in ManualLogin.asp script for ...)
	NOT-FOR-US: windows
CVE-2002-1574 (Buffer overflow in the ixj telephony card driver in Linux before ...)
	NOTE: fixed after 2.6/2.4.20 kernel
CVE-2002-1560 (index.php in gBook 1.4 allows remote attackers to bypass ...)
	NOT-FOR-US: gbook not in Debian
CVE-2002-1552 (Novell eDirectory (eDir) 8.6.2 and Netware 5.1 eDir 85.x allows users ...)
	NOT-FOR-US: novell
CVE-2002-1550 (dump_smutil.sh in IBM AIX allows local users to overwrite arbitrary ...)
	NOT-FOR-US: AIX
CVE-2002-1549 (Buffer overflow in Light HTTPd (lhttpd) 0.1 allows remote attackers to ...)
	NOT-FOR-US: lhttpd not in Debian
CVE-2002-1548 (Unknown vulnerability in autofs on AIX 4.3.0, when using executable ...)
	NOT-FOR-US: AIX
CVE-2002-1547 (Netscreen running ScreenOS 4.0.0r6 and earlier allows remote attackers ...)
	NOT-FOR-US: Netscreen
CVE-2002-1543 (Buffer overflow in trek on NetBSD 1.5 through 1.5.3 allows local users ...)
	NOT-FOR-US: NetBSD
CVE-2002-1541 (BadBlue 1.7 allows remote attackers to bypass password protections for ...)
	NOT-FOR-US: BadBlue not in Debian
CVE-2002-1540 (The client for Symantec Norton AntiVirus Corporate Edition 7.5.x ...)
	NOT-FOR-US: norton
CVE-2002-1538 (Acuma Acusend 4, and possibly earlier versions, allows remote ...)
	NOT-FOR-US: acusend not in Debian
CVE-2002-1537 (admin_ug_auth.php in phpBB 2.0.0 allows local users to gain ...)
	- phpbb2 2.0.6c-1
	NOTE: according to http://www.securityfocus.com/archive/1/297419
	NOTE: phpBB versions above 2.0.0 are not vulnerable.
CVE-2002-1534 (Macromedia Flash Player allows remote attackers to read arbitrary ...)
	NOTE: only affects flash 6.0 - 6.0.47.0, which is not in Debian
CVE-2002-1532 (The administrative web interface (STEMWADM) for SurfControl SuperScout ...)
	NOT-FOR-US: surfcontrol
CVE-2002-1531 (The administrative web interface (STEMWADM) for SurfControl SuperScout ...)
	NOT-FOR-US: surfcontrol
CVE-2002-1530 (The administrative web interface (STEMWADM) for SurfControl SuperScout ...)
	NOT-FOR-US: surfcontrol
CVE-2002-1529 (Cross-site scripting (XSS) vulnerability in msgError.asp for the ...)
	NOT-FOR-US: surfcontrol
CVE-2002-1528 (MsmMask.exe in MondoSearch 4.4 allows remote attackers to obtain the ...)
	NOT-FOR-US: mondosearch
CVE-2002-1524 (Buffer overflow in XML parser in wsabi.dll of Winamp 3 (1.0.0.488) ...)
	NOT-FOR-US: winamp
CVE-2002-1521 (Web Server 4D (WS4D) 3.6 stores passwords in plaintext in the Ws4d.4DD ...)
	NOT-FOR-US: webserver 4D
CVE-2002-1520 (The CLI interface for WatchGuard Firebox Vclass 3.2 and earlier, and ...)
	NOT-FOR-US: WatchGuard
CVE-2002-1519 (Format string vulnerability in the CLI interface for WatchGuard ...)
	NOT-FOR-US: WatchGuard
CVE-2002-1518 (mv in IRIX 6.5 creates a directory with world-writable permissions ...)
	NOT-FOR-US: IRIX
CVE-2002-1517 (fsr_efs in IRIX 6.5 allows local users to conduct unauthorized file ...)
	NOT-FOR-US: IRIX
CVE-2002-1516 (rpcbind in SGI IRIX, when using the -w command line switch, allows ...)
	NOT-FOR-US: IRIX
CVE-2002-1514 (gds_lock_mgr in Borland InterBase allows local users to overwrite ...)
	NOT-FOR-US: interbase
CVE-2002-1513 (The UCX POP server in HP TCP/IP services for OpenVMS 4.2 through 5.3 ...)
	NOT-FOR-US: OpenVMS
CVE-2002-1511 (The vncserver wrapper for vnc before 3.3.3r2-21 uses the rand() ...)
	- vnc 3.3.3r2-21
CVE-2002-1510 (xdm, with the authComplain variable set to false, allows arbitrary ...)
	- xfree86 4.1.0-7
CVE-2002-1509 (A patch for shadow-utils 20000902 causes the useradd command to create ...)
	NOT-FOR-US: redhat and mandrake only
CVE-2002-1505 (SQL injection vulnerability in board.php for WoltLab Burning Board ...)
	NOT-FOR-US: WoltLab Burning Board not in Debian
CVE-2002-1502 (Symbolic link vulnerability in xbreaky before 0.5.5 allows local users ...)
	NOT-FOR-US: xbreaky not in Debian
CVE-2002-1501 (The MPS functionality in Enterasys SSR8000 (Smart Switch Router) ...)
	NOT-FOR-US: Enterasys
CVE-2002-1497 (Cross-site scripting (XSS) vulnerability in Null HTTP Server 0.5.0 and ...)
	NOT-FOR-US: Null HTTP Server not in Debian
CVE-2002-1496 (Heap-based buffer overflow in Null HTTP Server 0.5.0 and earlier ...)
	NOT-FOR-US: Null HTTP Server not in Debian
CVE-2002-1494 (Cross-site scripting (XSS) vulnerabilities in Aestiva HTML/OS allows ...)
	NOT-FOR-US: Aestiva
CVE-2002-1493 (Cross-site scripting (XSS) vulnerability in Lycos HTMLGear guestbook ...)
	NOT-FOR-US: Lycos
CVE-2002-1491 (The Cisco VPN 5000 Client for MacOS before 5.2.2 records the most ...)
	NOT-FOR-US: Cisco
CVE-2002-1490 (NetBSD 1.4 through 1.6 beta allows local users to cause a denial of ...)
	NOT-FOR-US: NetBSD
CVE-2002-1479 (Cacti before 0.6.8 stores a MySQL username and password in plaintext ...)
	- cacti 0.6.8-1
CVE-2002-1478 (Cacti before 0.6.8 allows attackers to execute arbitrary commands via ...)
	{DSA-164}
	- cacti 0.6.8a-2
CVE-2002-1477 (graphs.php in Cacti before 0.6.8 allows remote authenticated Cacti ...)
	{DSA-164}
	- cacti 0.6.8a-2
CVE-2002-1476 (Buffer overflow in setlocale in libc on NetBSD 1.4.x through 1.6, and ...)
	NOT-FOR-US: NetBSD
CVE-2002-1472 (Untrusted search path vulnerability in libX11.so in xfree86, when used ...)
	- xfree86 4.2.1-1 (bug #280872)
CVE-2002-1471 (The camel component for Ximian Evolution 1.0.x and earlier does not ...)
	- evolution 1.2.0-1 (bug #280883)
CVE-2002-1469 (scponly does not properly verify the path when finding the (1) scp or ...)
	- scponly 3.8-1
	NOTE: according to http://sublimation.org/scponly/ (scponly home page)
	NOTE: only versions of scponly older than scponly-2.4 are affected
CVE-2002-1468 (Buffer overflow in errpt in AIX 4.3.3 allows local users to execute ...)
	NOT-FOR-US: AIX
CVE-2002-1463 (Symantec Raptor Firewall 6.5 and 6.5.3, Enterprise Firewall 6.5.2 and ...)
	NOT-FOR-US: symantec
CVE-2002-1448 (An undocumented SNMP read/write community string ('NoGaH$@!') in Avaya ...)
	NOT-FOR-US: Avaya P330, P130, and M770-ATM Cajun products
CVE-2002-1447 (Buffer overflow in the vpnclient program for UNIX VPN Client before ...)
	NOT-FOR-US: Cisco
CVE-2002-1446 (The error checking routine used for the C_Verify call on a symmetric ...)
	NOT-FOR-US: nCipher PKCS#11 library
CVE-2002-1443 (The Google toolbar 1.1.58 and earlier allows remote web sites to ...)
	NOT-FOR-US: Google toolbar
CVE-2002-1438 (The web handler for Perl 5.003 on Novell NetWare 5.1 and NetWare 6 ...)
	NOT-FOR-US: Perl on Novell
CVE-2002-1437 (Directory traversal vulnerability in the web handler for Perl 5.003 on ...)
	NOT-FOR-US: Perl on Novell
CVE-2002-1436 (The web handler for Perl 5.003 on Novell NetWare 5.1 and NetWare 6 ...)
	NOT-FOR-US: Perl on Novell
CVE-2002-1435 (class.atkdateattribute.js.php in Achievo 0.7.0 through 0.9.1, except ...)
	NOT-FOR-US: Achievo not in Debian
CVE-2002-1430 (Unknown vulnerability in Sympoll 1.2 allows remote attackers to read ...)
	NOT-FOR-US: Sympoll not in Debian
CVE-2002-1425 (Directory traversal vulnerability in munpack in mpack 1.5 and earlier ...)
	{DSA-141}
	- mpack 1.5-9
CVE-2002-1424 (Buffer overflow in munpack in mpack 1.5 and earlier allows remote ...)
	- mpack 1.5-9
CVE-2002-1420 (Integer signedness error in select() on OpenBSD 3.1 and earlier allows ...)
	NOT-FOR-US: OpenBSD
CVE-2002-1419 (The upgrade of IRIX on Origin 3000 to 6.5.13 through 6.5.16 changes ...)
	NOT-FOR-US: IRIX on Origin
CVE-2002-1418 (Buffer overflow in the interpreter for Novell NetBasic Scripting ...)
	NOT-FOR-US: Novell NetBasic Scripting Server
CVE-2002-1417 (Directory traversal vulnerability in Novell NetBasic Scripting Server ...)
	NOT-FOR-US: Novell NetBasic Scripting Server
CVE-2002-1414 (Buffer overflow in qmailadmin allows local users to gain privileges ...)
	- qmailadmin 1.0.6-1
CVE-2002-1413 (RCONAG6 for Novell Netware SP2, while running RconJ in secure mode, ...)
	NOT-FOR-US: RCONAG6 for Novell Netware SP2
CVE-2002-1407 (TinySSL 1.02 and earlier does not verify the Basic Constraints for an ...)
	NOT-FOR-US: TinySSL not in Debian
CVE-2002-1405 (CRLF injection vulnerability in Lynx 2.8.4 and earlier allows remote ...)
	{DSA-210}
	- lynx 2.8.4.1b-4
	- lynx-ssl 1:2.8.4.1b-3.1
CVE-2002-XXXX [Cross-Site-Scripting in Bugzilla]
	- bugzilla 2.16.2-1
CVE-2002-1403 (dhcpcd DHCP client daemon 1.3.22 and earlier allows local users to ...)
	{DSA-219}
	- dhcpcd 1:1.3.22pl2-2
	NOTE: Debian sarge uses dhcp >= 2.0
CVE-2002-1396 (Heap-based buffer overflow in the wordwrap function in PHP after 4.1.2 ...)
	- php4 4:4.3.2+rc3-1
	NOTE: according to http://www.securityfocus.com/bid/6488
	NOTE: woody is not vulnerable
CVE-2002-1394 (Apache Tomcat 4.0.5 and earlier, when using both the invoker servlet ...)
	{DSA-225}
	- tomcat4 4.1.16-1
CVE-2002-1392 (faxspool in mgetty before 1.1.29 uses a world-writable spool directory ...)
	- mgetty 1.1.30-1
	NOTE: woody version seems to be vulnerable see bug #199351
CVE-2002-1391 (Buffer overflow in cnd-program for mgetty before 1.1.29 allows remote ...)
	- mgetty 1.1.30-1
	NOTE: woody version seems to be vulnerable see bug #199351
CVE-2002-1390 (The daemon for GeneWeb before 4.09 does not properly handle requested ...)
	{DSA-223}
	- geneweb 4.09-1
CVE-2002-1389 (Buffer overflow in typespeed 0.4.2 and earlier allows local users to ...)
	{DSA-217}
	- typespeed 0.4.2-2
CVE-2002-1388 (Cross-site scripting (XSS) vulnerability in MHonArc before 2.5.14 ...)
	{DSA-221}
	- mhonarc 2.5.14-1
CVE-2002-1385 (openwebmail_init in Open WebMail 1.81 and earlier allows local users ...)
	- openwebmail 1.90-1
CVE-2002-1384 (Integer overflow in pdftops, as used in Xpdf 2.01 and earlier, xpdf-i, ...)
	{DSA-232 DSA-226 DSA-222}
	- xpdf-i 2.01-2
	- xpdf 2.01-2
	- cups 1.1.18-1
	- cupsys 1.1.18-1
CVE-2002-1382 (Macromedia Flash Player before 6.0.65.0 allows remote attackers to ...)
	- flashplugin-nonfree 6.0.69-1
CVE-2002-1381 (Format string vulnerability in daemon.c for Exim 4.x through 4.10, and ...)
	- exim4 4.11-0.0.1
	- exim 3.36-14
CVE-2002-1380 (Linux kernel 2.2.x allows local users to cause a denial of service ...)
	{DSA-336}
	- kernel-source-2.2.25 2.2.25-2
	- kernel-image-2.2.25-i386 2.2.25-2
CVE-2002-1377 (vim 6.0 and 6.1, and possibly other versions, allows attackers to ...)
	- vim 6.1.263-1
	NOTE: woody seems to be still vulnerable
	NOTE: according to bug #178102 a fixed package was uploaded to the security team in January 2003
	NOTE: but no advisory (nor fixed package) have been published yet.
	NOTE: I've mailed maintainer Luca Filipozzi <lfilipoz@debian.org> about this.
	NOTE: No response from maintainer, I have mailed security team.
	NOTE: Martin Schulze don't consider this as an issue for updating woody.
CVE-2002-1375 (The COM_CHANGE_USER command in MySQL 3.x before 3.23.54, and 4.x to ...)
	{DSA-212}
	- mysql <removed>
CVE-2002-1374 (The COM_CHANGE_USER command in MySQL 3.x before 3.23.54, and 4.x ...)
	{DSA-212}
	- mysql <removed>
CVE-2002-1373 (Signed integer vulnerability in the COM_TABLE_DUMP package for MySQL ...)
	{DSA-212}
	- mysql <removed>
CVE-2002-1372 (Common Unix Printing System (CUPS) 1.1.14 through 1.1.17 does not ...)
	{DSA-232}
	- cups 1.1.18-1
	- cupsys 1.1.18-1
CVE-2002-1371 (filters/image-gif.c in Common Unix Printing System (CUPS) 1.1.14 ...)
	{DSA-232}
	- cups 1.1.18-1
	- cupsys 1.1.18-1
CVE-2002-1369 (jobs.c in Common Unix Printing System (CUPS) 1.1.14 through 1.1.17 ...)
	{DSA-232}
	- cups 1.1.18-1
	- cupsys 1.1.18-1
CVE-2002-1367 (Common Unix Printing System (CUPS) 1.1.14 through 1.1.17 allows remote ...)
	{DSA-232}
	- cups 1.1.18-1
	- cupsys 1.1.18-1
CVE-2002-1366 (Common Unix Printing System (CUPS) 1.1.14 through 1.1.17 allows local ...)
	{DSA-232}
	- cups 1.1.18-1
	- cupsys 1.1.18-1
CVE-2002-1365 (Heap-based buffer overflow in Fetchmail 6.1.3 and earlier does not ...)
	{DSA-216}
	- fetchmail 6.2.0-1
CVE-2002-1364 (Buffer overflow in the get_origin function in traceroute-nanog allows ...)
	{DSA-254}
	- traceroute-nanog 6.3.0-1
CVE-2002-1363 (Portable Network Graphics (PNG) library libpng 1.2.5 and earlier does ...)
	{DSA-213}
	- libpng 1.0.12-7
	- libpng3 1.2.5-8
CVE-2002-1362 (mICQ 0.4.9 and earlier allows remote attackers to cause a denial of ...)
	{DSA-211}
	- micq 0.4.9.4-1
CVE-2002-1361 (overflow.cgi CGI script in Sun Cobalt RaQ 4 with the SHP (Security ...)
	NOT-FOR-US: sun
CVE-2002-1350 (The BGP decoding routines in tcpdump 3.6.x before 3.7 do not properly ...)
	{DSA-206}
	- tcpdump 3.7.2-1
	NOTE: The fix from 3.6.2-2.2 was not upload to unstable.
CVE-2002-XXXX [Multiple buffer overflows in gtetrinet]
	- gtetrinet 0.4.4-1
CVE-2002-1349 (Buffer overflow in pop3trap.exe for PC-cillin 2000, 2002, and 2003 ...)
	NOT-FOR-US: PC-cillin
CVE-2002-1348 (w3m before 0.3.2.2 does not properly escape HTML tags in the ALT ...)
	{DSA-251 DSA-250 DSA-249}
	- w3m 0.3.2.2-1
	- w3mmee 0.3.p24.17-3
CVE-2002-1337 (Buffer overflow in Sendmail 5.79 to 8.12.7 allows remote attackers to ...)
	{DSA-257}
	- sendmail 8.13.0.PreAlpha4-0
	- sendmail-wine <removed>
	NOTE: problem in sendmail 8.12, sarge uses 8.13
CVE-2002-1336 (TightVNC before 1.2.6 generates the same challenge string for multiple ...)
	- tightvnc 1.2.6-1
CVE-2002-1327 (Buffer overflow in the Windows Shell function in Microsoft Windows XP ...)
	NOT-FOR-US: windows
CVE-2002-1325 (Microsoft Virtual Machine (VM) build 5.0.3805 and earlier allows ...)
	NOT-FOR-US: windows
CVE-2002-1323 (Safe.pm 2.0.7 and earlier, when used in Perl 5.8.0 and earlier, may ...)
	{DSA-208}
	- perl 5.8.0-14
CVE-2002-1320 (Pine 4.44 and earlier allows remote attackers to cause a denial of ...)
	NOT-FOR-US: pine not in Debian
CVE-2002-1319 (The Linux kernel 2.4.20 and earlier, and 2.5.x, when running on x86 ...)
	NOTE: fixed after 2.4.20 kernel (2.6 not vulnerable)
CVE-2002-1318 (Buffer overflow in samba 2.2.2 through 2.2.6 allows remote attackers ...)
	{DSA-200}
	- samba 2.2.7
CVE-2002-1317 (Buffer overflow in Dispatch() routine for XFS font server (fs.auto) on ...)
	NOT-FOR-US: solaris
CVE-2002-1313 (nullmailer 1.00RC5 and earlier allows local users to cause a denial of ...)
	{DSA-198}
	- nullmailer 1.00RC5-17
CVE-2002-1311 (Courier sqwebmail before 0.40.0 does not quickly drop privileges after ...)
	{DSA-197}
	- courier 0.40.0-1
CVE-2002-1308 (Heap-based buffer overflow in Netscape and Mozilla allows remote ...)
	- mozilla 2:1.2-1
	NOTE: woody is vulnerable see #237422
CVE-2002-1307 (Cross-site scripting vulnerability (XSS) in MHonArc 2.5.12 and earlier ...)
	{DSA-199}
	- mhonarc 2.5.13-1
CVE-2002-1296 (Directory traversal vulnerability in priocntl system call in Solaris ...)
	NOT-FOR-US: Solaris
CVE-2002-1284 (The wizard in KGPG 0.6 through 0.8.2 does not properly provide the ...)
	- kdeutils 4:3.2.1-1
CVE-2002-1278 (The mailconf module in Linuxconf 1.24, and other versions before 1.28, ...)
	NOTE: Linuxconf not in testing/unstable
CVE-2002-1277 (Buffer overflow in Window Maker (wmaker) 0.80.0 and earlier may allow ...)
	{DSA-190}
	- wmaker 0.80.1-4
CVE-2002-1272 (Alcatel OmniSwitch 7700/7800 switches running AOS 5.1.1 contains a ...)
	NOT-FOR-US: Alcatel
CVE-2002-1271 (The Mail::Mailer Perl module in the perl-MailTools package 1.47 and ...)
	{DSA-386}
	- libmailtools-perl 1.51 (bug #168381)
CVE-2002-1270 (Mac OS X 10.2.2 allows local users to read files that only allow write ...)
	NOT-FOR-US: Mac OS X
CVE-2002-1268 (Mac OS X 10.2.2 allows local users to gain privileges via a mounted ...)
	NOT-FOR-US: Mac OS X
CVE-2002-1267 (Mac OS X 10.2.2 allows remote attackers to cause a denial of service ...)
	NOT-FOR-US: Mac OS X
CVE-2002-1266 (Mac OS X 10.2.2 allows local users to gain privileges by mounting a ...)
	NOT-FOR-US: Mac OS X
CVE-2002-1265 (The Sun RPC functionality in multiple libc implementations does not ...)
	NOTE: don't know which version of glibc fix this
	NOTE: I've mailed maintainers.
CVE-2002-1264 (Buffer overflow in Oracle iSQL*Plus web application of the Oracle 9 ...)
	NOT-FOR-US: oracle
CVE-2002-1260 (The Java Database Connectivity (JDBC) APIs in Microsoft Virtual ...)
	NOT-FOR-US: Microsoft JVM
CVE-2002-1257 (Microsoft Virtual Machine (VM) up to and including build 5.0.3805 ...)
	NOT-FOR-US: Microsoft JVM
CVE-2002-1256 (The SMB signing capability in the Server Message Block (SMB) protocol ...)
	NOT-FOR-US: Microsoft Windows
CVE-2002-1255 (Microsoft Outlook 2002 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Microsoft Outlook
CVE-2002-1253 (Abuse 2.00 and earlier allows local users to gain privileges via ...)
	NOT-FOR-US: Abuse 2.00 not in Debian
CVE-2002-1252 (The Application Messaging Gateway for PeopleTools 8.1x before 8.19, as ...)
	NOT-FOR-US: PeopleSoft
CVE-2002-1251 (Buffer overflow in log2mail before 0.2.5.1 allows remote attackers to ...)
	{DSA-186}
	- log2mail 0.2.6-1
CVE-2002-1250 (Buffer overflow in Abuse 2.00 and earlier allows local users to gain ...)
	NOT-FOR-US: Abuse 2.00 not in Debian
CVE-2002-1248 (Northern Solutions Xeneo Web Server 2.1.0.0, 2.0.759.6, and other ...)
	NOT-FOR-US: Xeneo Web Server
CVE-2002-1245 (Maped in LuxMan 0.41 uses the user-provided search path to find and ...)
	{DSA-189}
	- luxman 0.41-19
CVE-2002-1244 (Format string vulnerability in Pablo FTP Server 1.5, 1.3, and possibly ...)
	NOT-FOR-US: Pablo FTP Server
CVE-2002-1242 (SQL injection vulnerability in PHP-Nuke before 6.0 allows remote ...)
	NOT-FOR-US: PHP-Nuke not in Debian
CVE-2002-1239 (QNX Neutrino RTOS 6.2.0 uses the PATH environment variable to find and ...)
	NOT-FOR-US: QNX
CVE-2002-1236 (The remote management web server for Linksys BEFSR41 EtherFast ...)
	NOT-FOR-US: Linksys
CVE-2002-1232 (Memory leak in ypdb_open in yp_db.c for ypserv before 2.5 in the NIS ...)
	{DSA-180}
	- nis 3.9-6.2
CVE-2002-1231 (SCO UnixWare 7.1.1 and Open UNIX 8.0.0 allows local users to cause a ...)
	NOT-FOR-US: SCO
CVE-2002-1230 (NetDDE Agent on Windows NT 4.0, 4.0 Terminal Server Edition, Windows ...)
	NOT-FOR-US: Windows NT
CVE-2002-1227 (PAM 0.76 treats a disabled password as if it were an empty (null) ...)
	{DSA-177}
	- pam 0.76-6
CVE-2002-1224 (Directory traversal vulnerability in kpf for KDE 3.0.1 through KDE ...)
	- kdenetwork 4:3.1.0-1
CVE-2002-1223 (Buffer overflow in DSC 3.0 parser from GSview, as used in KGhostView ...)
	- kdegraphics 4:3.1.0-1
CVE-2002-1222 (Buffer overflow in the embedded HTTP server for Cisco Catalyst ...)
	NOT-FOR-US: CISCO
CVE-2002-1221 (BIND 8.x through 8.3.3 allows remote attackers to cause a denial of ...)
	{DSA-196}
	- bind 1:8.3.3-3
	- bind9 <not-affected>
CVE-2002-1220 (BIND 8.3.x through 8.3.3 allows remote attackers to cause a denial of ...)
	{DSA-196}
	- bind 1:8.3.3-3
	- bind9 <not-affected>
CVE-2002-1219 (Buffer overflow in named in BIND 4 versions 4.9.10 and earlier, and 8 ...)
	{DSA-196}
	- bind 1:8.3.3-3
	- bind9 <not-affected>
CVE-2002-1214 (Buffer overflow in Microsoft PPTP Service on Windows XP and Windows ...)
	NOT-FOR-US: Microsoft
CVE-2002-1211 (Prometheus 6.0 and earlier allows remote attackers to execute ...)
	NOT-FOR-US: Prometheus not in Debian
CVE-2002-1200 (Balabit Syslog-NG 1.4.x before 1.4.15, and 1.5.x before 1.5.20, when ...)
	{DSA-175}
	- syslog-ng 1.5.21-1
CVE-2002-1199 (The getdbm procedure in ypxfrd allows local users to read arbitrary ...)
	NOT-FOR-US: ypxfrd not in Debian
CVE-2002-1198 (Bugzilla 2.16.x before 2.16.1 does not properly filter apostrophes ...)
	- bugzilla 2.16.1-1
	NOTE: woody seems to be vulnerable, bug #282500
CVE-2002-1197 (bugzilla_email_append.pl in Bugzilla 2.14.x before 2.14.4, and 2.16.x ...)
	- bugzilla 2.16.1-1
	NOTE: woody seems to be vulnerable, bug #282501
CVE-2002-1196 (editproducts.cgi in Bugzilla 2.14.x before 2.14.4, and 2.16.x before ...)
	{DSA-173}
	- bugzilla 2.16.0-2.1
CVE-2002-1195 (Cross-site scripting vulnerability (XSS) in the PHP interface for ...)
	{DSA-169}
	- htcheck 1:1.1-1.2
CVE-2002-1193 (tkmail before 4.0beta9-8.1 allows local users to create or overwrite ...)
	{DSA-172}
	- tkmail <removed>
CVE-2002-1189 (The default configuration of Cisco Unity 2.x and 3.x does not block ...)
	NOT-FOR-US: CISCO
CVE-2002-1188 (Internet Explorer 5.01 through 6.0 allows remote attackers to identify ...)
	NOT-FOR-US: Microsoft
CVE-2002-1187 (Cross-site scripting vulnerability (XSS) in Internet Explorer 5.01 ...)
	NOT-FOR-US: Microsoft
CVE-2002-1186 (Internet Explorer 5.01 through 6.0 does not properly perform security ...)
	NOT-FOR-US: Microsoft
CVE-2002-1185 (Internet Explorer 5.01 through 6.0 does not properly check certain ...)
	NOT-FOR-US: Microsoft
CVE-2002-1184 (The system root folder of Microsoft Windows 2000 has default ...)
	NOT-FOR-US: Microsoft
CVE-2002-1183 (Microsoft Windows 98 and Windows NT 4.0 do not properly verify the ...)
	NOT-FOR-US: Microsoft
CVE-2002-1182 (IIS 5.0 and 5.1 allows remote attackers to cause a denial of service ...)
	NOT-FOR-US: Microsoft
CVE-2002-1180 (A typographical error in the script source access permissions for ...)
	NOT-FOR-US: Microsoft
CVE-2002-1179 (Buffer overflow in the S/MIME Parsing capability in Microsoft Outlook ...)
	NOT-FOR-US: Microsoft
CVE-2002-1178 (Directory traversal vulnerability in the CGIServlet for Jetty HTTP ...)
	- jetty 4.1.0
CVE-2002-1170 (The handle_var_requests function in snmp_agent.c for the SNMP daemon ...)
	- net-snmp 5.0.6
CVE-2002-1169 (IBM Web Traffic Express Caching Proxy Server 3.6 and 4.x before ...)
	NOT-FOR-US: IBM Web Traffic Express Caching Proxy Server
CVE-2002-1160 (The default configuration of the pam_xauth module forwards ...)
	NOT-FOR-US: pam_xauth
CVE-2002-1159 (Canna 3.6 and earlier does not properly validate requests, which ...)
	{DSA-224}
	- canna 3.6p1-1
CVE-2002-1158 (Buffer overflow in the irw_through function for Canna 3.5b2 and ...)
	{DSA-224}
	- canna 3.6p1-1
CVE-2002-1157 (Cross-site scripting vulnerability in the mod_ssl Apache module 2.8.9 ...)
	{DSA-181}
	- libapache-mod-ssl 2.8.9-2.3
CVE-2002-1156 (Apache 2.0.42 allows remote attackers to view the source code of a CGI ...)
	- apache2 2.0.43
CVE-2002-1154 (anlgform.pl in Analog before 5.23 does not restrict access to the ...)
	- analog 2:5.23
CVE-2002-1153 (IBM Websphere 4.0.3 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: IBM Websphere
CVE-2002-1152 (Konqueror in KDE 3.0 through 3.0.2 does not properly detect the ...)
	- kdebase 3.03
CVE-2002-1151 (The cross-site scripting protection for Konqueror in KDE 2.2.2 and 3.0 ...)
	{DSA-167}
	- kdelibs 4:2.2.2-14
CVE-2002-1148 (The default servlet (org.apache.catalina.servlets.DefaultServlet) in ...)
	{DSA-170}
	- tomcat4 4.1.12-1
CVE-2002-1147 (The HTTP administration interface for HP Procurve 4000M Switch ...)
	NOT-FOR-US: HP Procurve 4000M Switch firmware
CVE-2002-1146 (The BIND 4 and BIND 8.2.x stub resolver libraries, and other libraries ...)
	NOTE: see http://www.kb.cert.org/vuls/id/AAMN-5D28K6 (glibc)
	NOTE: see http://www.kb.cert.org/vuls/id/AAMN-5D287U (bind)
	- glibc 2.3
	- bind 1:8.3.3
CVE-2002-1142 (Heap-based buffer overflow in the Remote Data Services (RDS) component ...)
	NOT-FOR-US: Microsoft
CVE-2002-1141 (An input validation error in the Sun Microsystems RPC library Services ...)
	NOT-FOR-US: Sun Microsystems RPC library Services for Unix 3.0 Interix SD, as implemented on Microsoft Windows NT4, 2000, and XP
CVE-2002-1140 (The Sun Microsystems RPC library Services for Unix 3.0 Interix SD, as ...)
	NOT-FOR-US: Sun Microsystems RPC library Services for Unix 3.0 Interix SD, as implemented on Microsoft Windows NT4, 2000, and XP
CVE-2002-1139 (The Compressed Folders feature in Microsoft Windows 98 with Plus! ...)
	NOT-FOR-US: Microsoft
CVE-2002-1138 (Microsoft SQL Server 7.0 and 2000, including Microsoft Data Engine ...)
	NOT-FOR-US: Microsoft
CVE-2002-1137 (Buffer overflow in the Database Console Command (DBCC) that handles ...)
	NOT-FOR-US: Microsoft
CVE-2002-1135 (modsecurity.php 1.10 and earlier, in phpWebSite 0.8.2 and earlier, ...)
	NOT-FOR-US: phpWebSite
CVE-2002-1132 (SquirrelMail 1.2.7 and earlier allows remote attackers to determine ...)
	{DSA-191}
	- squirrelmail 1:1.2.8-1.1
CVE-2002-1126 (Mozilla 1.1 and earlier, and Mozilla-based browsers such as Netscape ...)
	- mozilla 2:1.2
CVE-2002-1123 (Buffer overflow in the authentication function for Microsoft SQL ...)
	NOT-FOR-US: Microsoft
CVE-2002-1122 (Buffer overflow in the parsing mechanism for ISS Internet Scanner ...)
	NOT-FOR-US: Microsoft
CVE-2002-1119 (os._execvpe from os.py in Python 2.2.1 and earlier creates temporary ...)
	{DSA-159}
	- python1.5 1.5.2-24
	- python2.1 2.1.3-6a
	- python2.2 2.2.1-8
	- python2.3 <not-affected>
CVE-2002-1118 (TNS Listener in Oracle Net Services for Oracle 9i 9.2.x and 9.0.x, and ...)
	NOT-FOR-US: Oracle
CVE-2002-1117 (Veritas Backup Exec 8.5 and earlier requires that the ...)
	NOT-FOR-US: Veritas Backup Exec
CVE-2002-1116 (The &quot;View Bugs&quot; page (view_all_bug_page.php) in Mantis 0.17.4a and ...)
	{DSA-161}
	- mantis 0.17.5-2
CVE-2002-1113 (summary_graph_functions.php in Mantis 0.17.3 and earlier allows remote ...)
	{DSA-153}
	- mantis 0.17.4a-2
CVE-2002-1112 (Mantis before 0.17.4 allows remote attackers to list project bugs ...)
	{DSA-153}
	- mantis 0.17.4a-2
CVE-2002-1111 (print_all_bug_page.php in Mantis 0.17.3 and earlier does not verify ...)
	{DSA-153}
	- mantis 0.17.4a-2
CVE-2002-1109 (securetar, as used in AMaViS shell script 0.2.1 and earlier, allows ...)
	NOTE: old amavis shell script
CVE-2002-1108 (Cisco Virtual Private Network (VPN) Client software 2.x.x, and 3.x ...)
	NOT-FOR-US: Cisco
CVE-2002-1107 (Cisco Virtual Private Network (VPN) Client software 2.x.x, and 3.x ...)
	NOT-FOR-US: Cisco
CVE-2002-1106 (Cisco Virtual Private Network (VPN) Client software 2.x.x, and 3.x ...)
	NOT-FOR-US: Cisco
CVE-2002-1105 (Cisco Virtual Private Network (VPN) Client software 2.x.x, and 3.x ...)
	NOT-FOR-US: Cisco
CVE-2002-1104 (Cisco Virtual Private Network (VPN) Client software 2.x.x and 3.x ...)
	NOT-FOR-US: Cisco
CVE-2002-1102 (The LAN-to-LAN IPSEC capability for Cisco VPN 3000 Concentrator 2.2.x, ...)
	NOT-FOR-US: Cisco
CVE-2002-1099 (Cisco VPN 3000 Concentrator 2.2.x, and 3.x before 3.5.3, allows remote ...)
	NOT-FOR-US: Cisco
CVE-2002-1098 (Cisco VPN 3000 Concentrator 2.2.x, and 3.x before 3.5.3, adds an ...)
	NOT-FOR-US: Cisco
CVE-2002-1097 (Cisco VPN 3000 Concentrator 2.2.x, and 3.x before 3.5.2, allows ...)
	NOT-FOR-US: Cisco
CVE-2002-1096 (Cisco VPN 3000 Concentrator 2.2.x, and 3.x before 3.5.1, allows ...)
	NOT-FOR-US: Cisco
CVE-2002-1095 (Cisco VPN 3000 Concentrator before 2.5.2(F), with encryption enabled, ...)
	NOT-FOR-US: Cisco
CVE-2002-1093 (HTML interface for Cisco VPN 3000 Concentrator 2.x.x and 3.x.x before ...)
	NOT-FOR-US: Cisco
CVE-2002-1092 (Cisco VPN 3000 Concentrator 3.6(Rel) and earlier, and 2.x.x, when ...)
	NOT-FOR-US: Cisco
CVE-2002-1091 (Netscape 6.2.3 and earlier, and Mozilla 1.0.1, allow remote attackers ...)
	- mozilla 2:1.0.2
CVE-2002-1088 (Buffer overflow in Novell GroupWise 6.0.1 Support Pack 1 allows remote ...)
	NOT-FOR-US: Novell GroupWise
CVE-2002-1081 (The Administration console for Abyss Web Server 1.0.3 allows remote ...)
	NOT-FOR-US: Abyss Web Server
CVE-2002-1079 (Directory traversal vulnerability in Abyss Web Server 1.0.3 allows ...)
	NOT-FOR-US: Abyss Web Server
CVE-2002-1076 (Buffer overflow in the Web Messaging daemon for Ipswitch IMail before ...)
	NOT-FOR-US: Ipswitch IMail
CVE-2002-1060 (Cross-site scripting (XSS) vulnerability in Blue Coat Systems ...)
	NOT-FOR-US: CacheFlow CacheOS
CVE-2002-1059 (Buffer overflow in Van Dyke SecureCRT SSH client before 3.4.6, and 4.x ...)
	NOT-FOR-US: Van Dyke SecureCRT SSH client
CVE-2002-1057 (Buffer overflow in SmartMax MailMax POP3 daemon (popmax) 4.8 allows ...)
	NOT-FOR-US: SmartMax MailMax POP3 daemon
CVE-2002-1056 (Microsoft Outlook 2000 and 2002, when configured to use Microsoft Word ...)
	NOT-FOR-US: Microsoft
CVE-2002-1054 (Directory traversal vulnerability in Pablo FTP server 1.0 build 9 and ...)
	NOT-FOR-US: Pablo FTP server
CVE-2002-1053 (Cross-site scripting (XSS) vulnerability in W3C Jigsaw Proxy Server ...)
	NOT-FOR-US: W3C Jigsaw Proxy Server
CVE-2002-1051 (Format string vulnerability in TrACESroute 6.0 GOLD (aka NANOG ...)
	{DSA-254}
	- traceroute-nanog 6.3.0-1
CVE-2002-1050 (Buffer overflow in HylaFAX faxgetty before 4.1.3 allows remote ...)
	{DSA-148}
	- hylafax 4.1.2-2.1
CVE-2002-1049 (Format string vulnerability in HylaFAX faxgetty before 4.1.3 allows ...)
	{DSA-148}
	- hylafax 4.1.2-2.1
CVE-2002-1046 (Dynamic VPN Configuration Protocol service (DVCP) in Watchguard ...)
	NOT-FOR-US: Watchguard Firebox firmware
CVE-2002-1039 (Directory traversal vulnerability in Double Choco Latte (DCL) before ...)
	- dcl 20020706
CVE-2002-1035 (Omnicron OmniHTTPd 2.09 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Omnicron OmniHTTPd
CVE-2002-1031 (KeyFocus (KF) web server 1.0.2 allows remote attackers to list ...)
	NOT-FOR-US: KeyFocus (KF) web server
CVE-2002-1030 (Race condition in Performance Pack in BEA WebLogic Server and Express ...)
	NOT-FOR-US: BEA WebLogic Server and Express
CVE-2002-1025 (JRun 3.0 through 4.0 allows remote attackers to read JSP source code ...)
	NOT-FOR-US: JRun
CVE-2002-1024 (Cisco IOS 12.0 through 12.2, when supporting SSH, allows remote ...)
	NOT-FOR-US: Cisco
CVE-2002-1015 (RealJukebox 2 1.0.2.340 and 1.0.2.379, and RealOne Player Gold ...)
	NOT-FOR-US: Real
CVE-2002-1014 (Buffer overflow in RealJukebox 2 1.0.2.340 and 1.0.2.379, and RealOne ...)
	NOT-FOR-US: Real
CVE-2002-1013 (Buffer overflow in traffic_manager for Inktomi Traffic Server 4.0.18 ...)
	NOT-FOR-US: Inktomi
CVE-2002-1006 (Cross-site scripting (XSS) vulnerability in BBC Education Text to ...)
	NOT-FOR-US: Betsie
CVE-2002-1004 (Directory traversal vulnerability in webmail feature of ArGoSoft Mail ...)
	NOT-FOR-US: ArGoSoft Mail Server
CVE-2002-1002 (Buffer overflow in Novell iManager (eMFrame 1.2.1) allows remote ...)
	NOT-FOR-US: Novell
CVE-2002-1000 (Buffer overflow in AnalogX SimpleServer:Shout 1.0 allows remote ...)
	NOT-FOR-US: AnalogX SimpleServer:Shout
CVE-2002-0995 (login.php for PHPAuction allows remote attackers to gain privileges ...)
	NOT-FOR-US: PHPAuction
CVE-2002-0990 (The web proxy component in Symantec Enterprise Firewall (SEF) 6.5.2 ...)
	NOT-FOR-US: Symantec
CVE-2002-0989 (The URL handler in the manual browser option for Gaim before 0.59.1 ...)
	{DSA-158}
	- gaim 1:0.59.1-2
CVE-2002-0988 (Buffer overflow in X server (Xsco) in OpenUNIX 8.0.0 and UnixWare ...)
	NOT-FOR-US: Xsco
CVE-2002-0987 (X server (Xsco) in OpenUNIX 8.0.0 and UnixWare 7.1.1 does not drop ...)
	NOT-FOR-US: Xsco
CVE-2002-0986 (The mail function in PHP 4.x to 4.2.2 does not filter ASCII control ...)
	{DSA-168}
	- php3 3:3.0.18-23.2
	- php4 4:4.2.3-3
CVE-2002-0985 (Argument injection vulnerability in the mail function for PHP 4.x to ...)
	{DSA-168}
	- php3 3:3.0.18-23.2
	- php4 4:4.2.3-3
CVE-2002-0984 (The IRC script included in Light 2.7.x before 2.7.30p5, and 2.8.x ...)
	{DSA-156}
	- epic4-script-light 1:2.7.30p5-2
CVE-2002-0981 (Buffer overflow in ndcfg command for UnixWare 7.1.1 and Open UNIX ...)
	NOT-FOR-US: ndcfg
CVE-2002-0974 (Help and Support Center for Windows XP allows remote attackers to ...)
	NOT-FOR-US: Help and Support Center for Windows XP
CVE-2002-0970 (The SSL capability for Konqueror in KDE 3.0.2 and earlier does not ...)
	{DSA-155}
	- kdelibs 4:2.2.2-14
CVE-2002-0969 (Buffer overflow in MySQL daemon (mysqld) before 3.23.50, and 4.0 beta ...)
	NOTE: mysql problem only affects Windows
CVE-2002-0968 (Buffer overflow in AnalogX SimpleServer:WWW 1.16 and earlier allows ...)
	NOT-FOR-US: AnalogX SimpleServer:WWW
CVE-2002-0967 (Buffer overflow in eDonkey 2000 35.16.60 and earlier allows remote ...)
	NOT-FOR-US: eDonkey
CVE-2002-0965 (Buffer overflow in TNS Listener for Oracle 9i Database Server on ...)
	NOT-FOR-US: Oracle
CVE-2002-0964 (Half-Life Server 1.1.1.0 and earlier allows remote attackers to cause ...)
	NOT-FOR-US: Half Life
CVE-2002-0958 (Cross-site scripting vulnerability in browse.php for PHP(Reactor) ...)
	NOT-FOR-US: PHP Reactor
CVE-2002-0953 (globals.php in PHP Address before 0.2f, with the PHP allow_url_fopen ...)
	NOT-FOR-US: PHP Address
CVE-2002-0952 (Cisco ONS15454 optical transport platform running ONS 3.1.0 to 3.2.0 ...)
	NOT-FOR-US: Cisco
CVE-2002-0947 (Buffer overflow in rwcgi60 CGI program for Oracle Reports Server ...)
	NOT-FOR-US: Oracle
CVE-2002-0946 (Directory traversal vulnerability in SeaNox Devwex before 1.2002.0601 ...)
	NOT-FOR-US: SeaNox Devwex
CVE-2002-0945 (Buffer overflow in SeaNox Devwex allows remote attackers to cause a ...)
	NOT-FOR-US: SeaNox Devwex
CVE-2002-0941 (The ConsoleCallBack class for nCipher running under JRE 1.4.0 and ...)
	NOT-FOR-US: Java on Windows
CVE-2002-0938 (Cross-site scripting vulnerability in CiscoSecure ACS 3.0 allows ...)
	NOT-FOR-US: Cisco
CVE-2002-0935 (Apache Tomcat 4.0.3, and possibly other versions before 4.1.3 beta, ...)
	- tomcat4 4.1.9-1
CVE-2002-0916 (Format string vulnerability in the allowuser code for the Stellar-X ...)
	- squid 2.4.7
CVE-2002-0914 (Double Precision Courier e-mail MTA allows remote attackers to cause a ...)
	- courier 0.46
CVE-2002-0911 (Caldera Volution Manager 1.1 stores the Directory Administrator ...)
	NOT-FOR-US: Caldera Volution Manager
CVE-2002-0906 (Buffer overflow in Sendmail before 8.12.5, when configured to use a ...)
	- sendmail 8.12.5
CVE-2002-0904 (SayText function in Kismet 2.2.1 and earlier allows remote attackers ...)
	- kismet 2.2.2-1
CVE-2002-0900 (Buffer overflow in pks PGP public key web server before 0.9.5 allows ...)
	NOT-FOR-US: pks
CVE-2002-0898 (Opera 6.0.1 and 6.0.2 allows a remote web site to upload arbitrary ...)
	NOT-FOR-US: Opera
CVE-2002-0897 (LocalWEB2000 2.1.0 web server allows remote attackers to bypass access ...)
	NOT-FOR-US: LocalWEB2000
CVE-2002-0895 (Buffer overflow in MatuFtpServer 1.1.3.0 (1.1.3) allows remote ...)
	NOT-FOR-US: MatuFtpServer
CVE-2002-0892 (The default configuration of NewAtlanta ServletExec ISAPI 4.1 allows ...)
	NOT-FOR-US: NewAtlanta ServletExec ISAPI
CVE-2002-0891 (The web interface (WebUI) of NetScreen ScreenOS before 2.6.1r8, and ...)
	NOT-FOR-US: NetScreen ScreenOS
CVE-2002-0889 (Buffer overflow in Qpopper (popper) 4.0.4 and earlier allows local ...)
	- qpopper 4.0.5-1
CVE-2002-0887 (scoadmin for Caldera/SCO OpenServer 5.0.5 and 5.0.6 allows local users ...)
	NOT-FOR-US: scoadmin
CVE-2002-0875 (Vulnerability in FAM 2.6.8, 2.6.6, and other versions allows ...)
	{DSA-154}
	- fam 2.6.8-1
CVE-2002-0873 (Vulnerability in l2tpd 0.67 allows remote attackers to overwrite the ...)
	{DSA-152}
	- l2tpd 0.68-1
CVE-2002-0872 (l2tpd 0.67 does not initialize the random number generator, which ...)
	{DSA-152}
	- l2tpd 0.68-1
CVE-2002-0871 (xinetd 2.3.4 leaks file descriptors for the signal pipe to services ...)
	{DSA-151}
	- xinetd 1:2.3.7-1
CVE-2002-0867 (Microsoft Virtual Machine (VM) up to and including build 5.0.3805 ...)
	NOT-FOR-US: Microsoft
CVE-2002-0866 (Java Database Connectivity (JDBC) classes in Microsoft Virtual Machine ...)
	NOT-FOR-US: Microsoft
CVE-2002-0865 (A certain class that supports XML (Extensible Markup Language) in ...)
	NOT-FOR-US: Microsoft
CVE-2002-0864 (The Remote Data Protocol (RDP) version 5.1 in Microsoft Windows XP ...)
	NOT-FOR-US: Microsoft
CVE-2002-0860 (The LoadText method in the spreadsheet component in Microsoft Office ...)
	NOT-FOR-US: Microsoft
CVE-2002-0859 (Buffer overflow in the OpenDataSource function of the Jet engine on ...)
	NOT-FOR-US: Microsoft
CVE-2002-0856 (SQL*NET listener for Oracle Net Oracle9i 9.0.x and 9.2 allows remote ...)
	NOT-FOR-US: Oracle
CVE-2002-0853 (Cisco Virtual Private Network (VPN) Client 3.5.4 and earlier allows ...)
	NOT-FOR-US: Cisco
CVE-2002-0851 (Format string vulnerability in ISDN Point to Point Protocol (PPP) ...)
	- isdnutils 1:3.2
CVE-2002-0850 (Buffer overflow in PGP Corporate Desktop 7.1.1 allows remote attackers ...)
	NOT-FOR-US: PGP corporate desktop
CVE-2002-0848 (Cisco VPN 5000 series concentrator hardware 6.0.21.0002 and earlier, ...)
	NOT-FOR-US: Cisco
CVE-2002-0847 (tinyproxy HTTP proxy 1.5.0, 1.4.3, and earlier allows remote attackers ...)
	{DSA-145}
	- tinyproxy 1.4.3-3
CVE-2002-0846 (The decoder for Macromedia Shockwave Flash allows remote attackers to ...)
	- flashplugin-nonfree 6.0.47
CVE-2002-0845 (Buffer overflow in Sun ONE / iPlanet Web Server 4.1 and 6.0 allows ...)
	NOT-FOR-US: Sun ONE
CVE-2002-0844 (Off-by-one overflow in the CVS PreservePermissions of rcs.c for CVSD ...)
	- cvs 1:1.11.2
CVE-2002-0842 (Format string vulnerability in certain third party modifications to ...)
	NOTE: mod_dav for apache not vulnerable according to
	NOTE: lists.netsys.com/pipermail/full-disclosure/2003-February/003875.html
CVE-2002-0840 (Cross-site scripting (XSS) vulnerability in the default error page of ...)
	{DSA-195 DSA-188 DSA-187}
	- apache2 2.0.43-1
	- apache 1.3.27-0.1
	- apache-perl 1.3.26-1.1-1.27-3-1
CVE-2002-0836 (dvips converter for Postscript files in the tetex package calls the ...)
	{DSA-207}
	- tetex-bin 1.0.7+20021025-4
CVE-2002-0835 (Preboot eXecution Environment (PXE) server allows remote attackers to ...)
	NOT-FOR-US: RedHat/Intel PXE daemon
	NOTE: this is not the one in Debian
CVE-2002-0831 (The kqueue mechanism in FreeBSD 4.3 through 4.6 STABLE allows local ...)
	NOT-FOR-US: FreeBSD
CVE-2002-0830 (Network File System (NFS) in FreeBSD 4.6.1 RELEASE-p7 and earlier, ...)
	NOT-FOR-US: BSD/NFS
CVE-2002-0829 (Integer overflow in the Berkeley Fast File System (FFS) in FreeBSD ...)
	NOT-FOR-US: FreeBSD
CVE-2002-0826 (Buffer overflow in WS_FTP FTP Server 3.1.1 allows remote authenticated ...)
	NOT-FOR-US: WS FTP server
CVE-2002-0824 (BSD pppd allows local users to change the permissions of arbitrary ...)
	NOT-FOR-US: BSD/pppd
CVE-2002-0823 (Buffer overflow in Winhlp32.exe allows remote attackers to execute ...)
	NOT-FOR-US: Windows
CVE-2002-0818 (wwwoffled in World Wide Web Offline Explorer (WWWOFFLE) allows remote ...)
	{DSA-144}
	- wwwoffle 2.7d-1
CVE-2002-0817 (Format string vulnerability in super for Linux allows local users to ...)
	{DSA-139}
	- super 3.18.0-3
CVE-2002-0816 (Buffer overflow in su in Tru64 Unix 5.x allows local users to gain ...)
	NOT-FOR-US: HP Tru64
CVE-2002-0814 (Buffer overflow in VMware Authorization Service for VMware GSX Server ...)
	NOT-FOR-US: VMware
CVE-2002-0813 (Heap-based buffer overflow in the TFTP server capability in Cisco IOS ...)
	NOT-FOR-US: Cisco
CVE-2002-0810 (Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, directs error ...)
	- bugzilla 2.16.0
CVE-2002-0809 (Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, does not ...)
	- bugzilla 2.16.0
CVE-2002-0808 (Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, when performing ...)
	- bugzilla 2.16.0
CVE-2002-0806 (Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, allows ...)
	- bugzilla 2.16.0
CVE-2002-0805 (Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, (1) creates new ...)
	- bugzilla 2.16.0
CVE-2002-0804 (Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, when configured ...)
	- bugzilla 2.16.0
CVE-2002-0802 (The multibyte support in PostgreSQL 6.5.x with SQL_ASCII encoding ...)
	- postgresql 7.2
CVE-2002-0801 (Buffer overflow in the ISAPI DLL filter for Macromedia JRun 3.1 allows ...)
	NOT-FOR-US: Macromedia / Windows
CVE-2002-0795 (The rc system startup script for FreeBSD 4 through 4.5 allows local ...)
	NOT-FOR-US: FreeBSD
CVE-2002-0794 (The accept_filter mechanism in FreeBSD 4 through 4.5 does not properly ...)
	NOT-FOR-US: FreeBSD
CVE-2002-0790 (clchkspuser and clpasswdremote in AIX expose an encrypted password in ...)
	NOT-FOR-US: AIX
CVE-2002-0789 (Buffer overflow in search.cgi in mnoGoSearch 3.1.19 and earlier allows ...)
	- mnogosearch 3.1.19-3
CVE-2002-0788 (An interaction between PGP 7.0.3 with the &quot;wipe deleted files&quot; option, ...)
	NOT-FOR-US: windows
CVE-2002-0785 (AOL Instant Messenger (AIM) allows remote attackers to cause a denial ...)
	NOT-FOR-US: AOL AIM
CVE-2002-0778 (The default configuration of the proxy for Cisco Cache Engine and ...)
	NOT-FOR-US: CISCO
CVE-2002-0777 (Buffer overflow in the LDAP component of Ipswitch IMail 7.1 and ...)
	NOT-FOR-US: Ipswitch not in Debian
CVE-2002-0776 (getuserdesc.asp in Hosting Controller 2002 allows remote attackers to ...)
	NOT-FOR-US: Hosting Controller 2002
CVE-2002-0768 (Buffer overflow in lukemftp FTP client in SuSE 6.4 through 8.0, and ...)
	- lukemftp 1.5-7
CVE-2002-0766 (OpenBSD 2.9 through 3.1 allows local users to cause a denial of ...)
	NOT-FOR-US: OpenBSD
CVE-2002-0765 (sshd in OpenSSH 3.2.2, when using YP with netgroups and under certain ...)
	- openssh 1:3.3p1-0.0woody1
CVE-2002-0762 (shadow package in SuSE 8.0 allows local users to destroy the ...)
	NOT-FOR-US: SUSE specific
CVE-2002-0761 (bzip2 before 1.0.2 in FreeBSD 4.5 and earlier, OpenLinux 3.1 and ...)
	NOT-FOR-US: FreeBSD and OpenLinux
CVE-2002-0760 (Race condition in bzip2 before 1.0.2 in FreeBSD 4.5 and earlier, ...)
	NOT-FOR-US: FreeBSD and OpenLinux
CVE-2002-0759 (bzip2 before 1.0.2 in FreeBSD 4.5 and earlier, OpenLinux 3.1 and ...)
	NOT-FOR-US: FreeBSD and OpenLinux
CVE-2002-0758 (ifup-dhcp script in the sysconfig package for SuSE 8.0 allows remote ...)
	NOT-FOR-US: SUSE specific
CVE-2002-0755 (Kerberos 5 su (k5su) in FreeBSD 4.5 and earlier does not verify that a ...)
	NOT-FOR-US: FreeBSD
CVE-2002-0754 (Kerberos 5 su (k5su) in FreeBSD 4.4 and earlier relies on the getlogin ...)
	NOT-FOR-US: FreeBSD
CVE-2002-0748 (LabVIEW Web Server 5.1.1 through 6.1 allows remote attackers to cause ...)
	NOT-FOR-US: Labview
CVE-2002-0741 (psyBNC 2.3 allows remote attackers to cause a denial of service (CPU ...)
	NOT-FOR-US: psyBNC
CVE-2002-0738 (MHonArc 2.5.2 and earlier does not properly filter Javascript from ...)
	{DSA-163}
	- mhonarc 2.5.11-1
CVE-2002-0737 (Sambar web server before 5.2 beta 1 allows remote attackers to obtain ...)
	NOT-FOR-US: Sambar web server
CVE-2002-0736 (Microsoft BackOffice 4.0 and 4.5, when configured to be accessible by ...)
	NOT-FOR-US: Microsoft
CVE-2002-0734 (b2edit.showposts.php in B2 2.0.6pre2 and earlier does not properly ...)
	NOT-FOR-US: B2
CVE-2002-0733 (Cross-site scripting vulnerability in thttpd 2.20 and earlier allows ...)
	- thttpd 2.21
CVE-2002-0729 (Microsoft SQL Server 2000 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Microsoft
CVE-2002-0727 (The Host function in Microsoft Office Web Components (OWC) 2000 and ...)
	NOT-FOR-US: Microsoft
CVE-2002-0726 (Buffer overflow in Microsoft Terminal Services Advanced Client (TSAC) ...)
	NOT-FOR-US: Microsoft
CVE-2002-0722 (Microsoft Internet Explorer 5.01, 5.5, and 6.0 allows remote attackers ...)
	NOT-FOR-US: Microsoft
CVE-2002-0720 (A handler routine for the Network Connection Manager (NCM) in Windows ...)
	NOT-FOR-US: Microsoft
CVE-2002-0719 (SQL injection vulnerability in the function that services for ...)
	NOT-FOR-US: Microsoft
CVE-2002-0718 (Web authoring command in Microsoft Content Management Server (MCMS) ...)
	NOT-FOR-US: Microsoft
CVE-2002-0716 (Format string vulnerability in crontab for SCO OpenServer 5.0.5 and ...)
	NOT-FOR-US: SCO OpenServer
CVE-2002-0714 (FTP proxy in Squid before 2.4.STABLE6 does not compare the IP ...)
	- squid 2.4.6
CVE-2002-0710 (Directory traversal vulnerability in sendform.cgi 1.44 and earlier ...)
	NOT-FOR-US: sendform.cgi
CVE-2002-0704 (The Network Address Translation (NAT) capability for Netfilter ...)
	NOTE: kernel netfilter bug, not in user space
	NOTE: this is fixed in kernel 2.4.20
	- kernel-image-2.4.18-i386 <unfixed> (bug #152152; unimportant)
CVE-2002-0703 (An interaction between the Perl MD5 module (perl-Digest-MD5) and Perl ...)
	- perl 5.8.0-7 (bug #282527)
CVE-2002-0701 (ktrace in BSD-based operating systems allows the owner of a process ...)
	NOT-FOR-US: BSD
CVE-2002-0700 (Buffer overflow in a system function that performs user authentication ...)
	NOT-FOR-US: Microsoft
CVE-2002-0698 (Buffer overflow in Internet Mail Connector (IMC) for Microsoft ...)
	NOT-FOR-US: Microsoft
CVE-2002-0697 (Microsoft Metadirectory Services (MMS) 2.2 allows remote attackers to ...)
	NOT-FOR-US: Microsoft
CVE-2002-0696 (Microsoft Visual FoxPro 6.0 does not register its associated files ...)
	NOT-FOR-US: Microsoft
CVE-2002-0695 (Buffer overflow in the Transact-SQL (T-SQL) OpenRowSet component of ...)
	NOT-FOR-US: Microsoft
CVE-2002-0694 (The HTML Help facility in Microsoft Windows 98, 98 Second Edition, ...)
	NOT-FOR-US: Microsoft
CVE-2002-0692 (Buffer overflow in SmartHTML Interpreter (shtml.dll) in Microsoft ...)
	NOT-FOR-US: Microsoft
CVE-2002-0691 (Microsoft Internet Explorer 5.01 and 5.5 allows remote attackers to ...)
	NOT-FOR-US: Microsoft
CVE-2002-0688 (ZCatalog plug-in index support capability for Zope 2.4.0 through 2.5.1 ...)
	{DSA-490}
	- zope 2.6.0-0.1
CVE-2002-0687 (The &quot;through the web code&quot; capability for Zope 2.0 through 2.5.1 b1 ...)
	- zope 2.5.1b2
CVE-2002-0685 (Heap-based buffer overflow in the message decoding functionality for ...)
	NOT-FOR-US: PGP Outlook Encryption Plug-In
CVE-2002-0682 (Cross-site scripting vulnerability in Apache Tomcat 4.0.3 allows ...)
	- tomcat 4.0.4
CVE-2002-0679 (Buffer overflow in Common Desktop Environment (CDE) ToolTalk RPC ...)
	NOT-FOR-US: CDE
CVE-2002-0678 (CDE ToolTalk database server (ttdbserver) allows local users to ...)
	NOT-FOR-US: CDE ToolTalk
CVE-2002-0676 (SoftwareUpdate for MacOS 10.1.x does not use authentication when ...)
	NOT-FOR-US: MacOS
CVE-2002-0674 (Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 ...)
	NOT-FOR-US: Pingtel xpressa SIP-based voice-over-IP phone
CVE-2002-0673 (The enrollment process for Pingtel xpressa SIP-based voice-over-IP ...)
	NOT-FOR-US: Pingtel xpressa SIP-based voice-over-IP phone
CVE-2002-0672 (Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 ...)
	NOT-FOR-US: Pingtel xpressa SIP-based voice-over-IP phone
CVE-2002-0671 (Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 ...)
	NOT-FOR-US: Pingtel xpressa SIP-based voice-over-IP phone
CVE-2002-0668 (The web interface for Pingtel xpressa SIP-based voice-over-IP phone ...)
	NOT-FOR-US: Pingtel xpressa SIP-based voice-over-IP phone
CVE-2002-0665 (Macromedia JRun Administration Server allows remote attackers to ...)
	NOT-FOR-US: Microsoft
CVE-2002-0663 (Buffer overflow in HTTP Proxy for Symantec Norton Personal Internet ...)
	NOT-FOR-US: Norton
CVE-2002-0662 (scrollkeeper-get-cl in ScrollKeeper 0.3 to 0.3.11 allows local users ...)
	{DSA-160}
	- scrollkeeper 0.3.11-2
CVE-2002-0658 (OSSP mm library (libmm) before 1.2.0 allows the local Apache user to ...)
	{DSA-137}
	- mm 1.1.3-7
CVE-2002-0653 (Off-by-one buffer overflow in the ssl_compat_directive function, as ...)
	{DSA-135}
	- libapache-mod-ssl 2.8.9-2
CVE-2002-0651 (Buffer overflow in the DNS resolver code used in libc, glibc, and ...)
	- glibc 2.2.5-8
CVE-2002-0650 (The keep-alive mechanism for Microsoft SQL Server 2000 allows remote ...)
	NOT-FOR-US: microsoft
CVE-2002-0648 (The legacy &lt;script&gt; data-island capability for XML in Microsoft ...)
	NOT-FOR-US: microsoft
CVE-2002-0647 (Buffer overflow in a legacy ActiveX control used to display specially ...)
	NOT-FOR-US: microsoft
CVE-2002-0642 (The registry key containing the SQL Server service account information ...)
	NOT-FOR-US: microsoft
CVE-2002-0640 (Buffer overflow in sshd in OpenSSH 2.3.1 through 3.3 may allow remote ...)
	- openssh 1:3.4 (high)
CVE-2002-0639 (Integer overflow in sshd in OpenSSH 2.9.9 through 3.3 allows remote ...)
	- openssh 1:3.4 (high)
CVE-2002-0638 (setpwnam.c in the util-linux package, as included in Red Hat Linux 7.3 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0631 (Unknown vulnerability in nveventd in NetVisualyzer on SGI IRIX 6.5 ...)
	NOT-FOR-US: SGI
CVE-2002-0630 (The Telnet service for Polycom ViewStation before 7.2.4 allows remote ...)
	NOT-FOR-US: Polycom
CVE-2002-0627 (The Web server for Polycom ViewStation before 7.2.4 allows remote ...)
	NOT-FOR-US: Polycom
CVE-2002-0623 (Buffer overflow in AuthFilter ISAPI filter on Microsoft Commerce ...)
	NOT-FOR-US: Microsoft
CVE-2002-0622 (The Office Web Components (OWC) package installer for Microsoft ...)
	NOT-FOR-US: Microsoft
CVE-2002-0621 (Buffer overflow in the Office Web Components (OWC) package installer ...)
	NOT-FOR-US: Microsoft
CVE-2002-0619 (The Mail Merge Tool in Microsoft Word 2002 for Windows, when Microsoft ...)
	NOT-FOR-US: Microsoft
CVE-2002-0618 (The Macro Security Model in Microsoft Excel 2000 and 2002 for Windows ...)
	NOT-FOR-US: Microsoft
CVE-2002-0617 (The Macro Security Model in Microsoft Excel 2000 and 2002 for Windows ...)
	NOT-FOR-US: Microsoft
CVE-2002-0616 (The Macro Security Model in Microsoft Excel 2000 and 2002 for Windows ...)
	NOT-FOR-US: Microsoft
CVE-2002-0615 (The Windows Media Active Playlist in Microsoft Windows Media Player ...)
	NOT-FOR-US: Microsoft
CVE-2002-0613 (dnstools.php for DNSTools 2.0 beta 4 and earlier allows remote ...)
	NOT-FOR-US: DNSTools
CVE-2002-0605 (Buffer overflow in Flash OCX for Macromedia Flash 6 revision 23 ...)
	NOT-FOR-US: Flash
CVE-2002-0601 (ISS RealSecure Network Sensor 5.x through 6.5 allows remote attackers ...)
	NOT-FOR-US: ISS
CVE-2002-0599 (Blahz-DNS 0.2 and earlier allows remote attackers to bypass ...)
	NOT-FOR-US: Blahz
CVE-2002-0598 (Format string vulnerability in Foundstone FScan 1.12 with banner ...)
	NOT-FOR-US: Foundstone
CVE-2002-0597 (LANMAN service on Microsoft Windows 2000 allows remote attackers to ...)
	NOT-FOR-US: Microsoft
CVE-2002-0594 (Netscape 6 and Mozilla 1.0 RC1 and earlier allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0576 (ColdFusion 5.0 and earlier on Windows systems allows remote attackers ...)
	NOT-FOR-US: ColdFusion
CVE-2002-0575 (Buffer overflow in OpenSSH before 2.9.9, and 3.x before 3.2.1, with ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0574 (Memory leak in FreeBSD 4.5 and earlier allows remote attackers to ...)
	NOT-FOR-US: FreeBSD
CVE-2002-0573 (Format string vulnerability in RPC wall daemon (rpc.rwalld) for ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0571 (Oracle Oracle9i database server 9.0.1.x allows local users to access ...)
	NOT-FOR-US: Oracle
CVE-2002-0569 (Oracle 9i Application Server allows remote attackers to bypass access ...)
	NOT-FOR-US: Oracle
CVE-2002-0567 (Oracle 8i and 9i with PL/SQL package for External Procedures (EXTPROC) ...)
	NOT-FOR-US: Oracle
CVE-2002-0553 (Cross-site scripting vulnerability in SunShop 2.5 and earlier allows ...)
	NOT-FOR-US: SunShop
CVE-2002-0546 (Cross-site scripting vulnerability in the mini-browser for Winamp 2.78 ...)
	NOT-FOR-US: Winamp
CVE-2002-0545 (Cisco Aironet before 11.21 with Telnet enabled allows remote attackers ...)
	NOT-FOR-US: Cisco
CVE-2002-0543 (Directory traversal vulnerability in Aprelium Abyss Web Server ...)
	NOT-FOR-US: Aprelium
CVE-2002-0542 (mail in OpenBSD 2.9 and 3.0 processes a tilde (~) escape character in ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0539 (Demarc PureSecure 1.05 allows remote attackers to gain administrative ...)
	NOT-FOR-US: Demarc
CVE-2002-0538 (FTP proxy in Symantec Raptor Firewall 6.5.3 and Enterprise 7.0 ...)
	NOT-FOR-US: Symantec
CVE-2002-0536 (PHPGroupware 0.9.12 and earlier, when running with the ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0532 (EMU Webmail allows local users to execute arbitrary programs via a .. ...)
	NOT-FOR-US: EMU
CVE-2002-0531 (Directory traversal vulnerability in emumail.cgi in EMU Webmail 4.5.x ...)
	NOT-FOR-US: EMU
CVE-2002-0516 (SquirrelMail 1.2.5 and earlier allows authenticated SquirrelMail users ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0513 (The PHP administration script in popper_mod 1.2.1 and earlier relies ...)
	NOT-FOR-US: popper_mod
CVE-2002-0512 (startkde in KDE for Caldera OpenLinux 2.3 through 3.1.1 sets the ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0511 (The default configuration of Name Service Cache Daemon (nscd) in ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0506 (Buffer overflow in newt.c of newt windowing library (libnewt) 0.50.33 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0505 (Memory leak in the Call Telephony Integration (CTI) Framework ...)
	NOT-FOR-US: Cisco
CVE-2002-0501 (Format string vulnerability in log_print() function of Posadis DNS ...)
	NOT-FOR-US: Posadis
CVE-2002-0497 (Buffer overflow in mtr 0.46 and earlier, when installed setuid root, ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0495 (csSearch.cgi in csSearch 2.3 and earlier allows remote attackers to ...)
	NOT-FOR-US: csSearch
CVE-2002-0494 (Cross-site scripting vulnerability in WebSight Directory System 0.1 ...)
	NOT-FOR-US: WebSight
CVE-2002-0493 (Apache Tomcat may be started without proper security settings if ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0490 (Instant Web Mail before 0.60 does not properly filter CR/LF sequences, ...)
	NOT-FOR-US: Instant Web Mail
CVE-2002-0488 (Linux Directory Penguin traceroute.pl CGI script 1.0 allows remote ...)
	NOT-FOR-US: Linux Directory Penguin
CVE-2002-0484 (move_uploaded_file in PHP does not does not check for the base ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0473 (db.php in phBB 2.0 (aka phBB2) RC-3 and earlier allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0464 (Directory traversal vulnerability in Hosting Controller 1.4.1 and ...)
	NOT-FOR-US: Hosting Controller
CVE-2002-0463 (home.php in ARSC (Really Simple Chat) 1.0.1 and earlier allows remote ...)
	NOT-FOR-US: ARSC
CVE-2002-0462 (bigsam_guestbook.php for Big Sam (Built-In Guestbook Stand-Alone ...)
	NOT-FOR-US: Big Sam
CVE-2002-0454 (Qpopper (aka in.qpopper or popper) 4.0.3 and earlier allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0451 (filemanager_forms.php in PHProjekt 3.1 and 3.1a allows remote ...)
	NOT-FOR-US: PHProjekt
CVE-2002-0445 (article.php in PHP FirstPost 0.1 allows allows remote attackers to ...)
	NOT-FOR-US: PHP FirstPost
CVE-2002-0444 (Microsoft Windows 2000 running the Terminal Server 90-day trial ...)
	NOT-FOR-US: Windows
CVE-2002-0443 (Microsoft Windows 2000 allows local users to bypass the policy that ...)
	NOT-FOR-US: Windows
CVE-2002-0442 (Buffer overflow in dlvr_audit for Caldera OpenServer 5.0.5 and 5.0.6 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0441 (Directory traversal vulnerability in imlist.php for Php Imglist allows ...)
	NOT-FOR-US: PHP Imglist
CVE-2002-0437 (Smsd in SMS Server Tools (SMStools) before 1.4.8 allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0435 (Race condition in the recursive (1) directory deletion and (2) ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0431 (XTux allows remote attackers to cause a denial of service (CPU ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0429 (The iBCS routines in arch/i386/kernel/traps.c for Linux kernels 2.4.18 ...)
	{DSA-442 DSA-336 DSA-332 DSA-312 DSA-311}
	- kernel-source-2.2.20 <removed>
CVE-2002-0425 (mIRC DCC server protocol allows remote attackers to gain sensitive ...)
	NOT-FOR-US: mIRC
CVE-2002-0424 (efingerd 1.61 and earlier, when configured without the -u option, ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0423 (Buffer overflow in efingerd 1.5 and earlier, and possibly up to 1.61, ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0414 (KAME-derived implementations of IPsec on NetBSD 1.5.2, FreeBSD 4.5, ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0412 (Format string vulnerability in TraceEvent function for ntop before 2.1 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0406 (Menasoft SPHERE server 0.99x and 0.5x allows remote attackers to cause ...)
	NOT-FOR-US: SPHERE
CVE-2002-0404 (Vulnerability in GIOP dissector in Ethereal before 0.9.3 allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0403 (DNS dissector in Ethereal before 0.9.3 allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0402 (Buffer overflow in X11 dissector in Ethereal 0.9.3 and earlier allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0401 (SMB dissector in Ethereal 0.9.3 and earlier allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0400 (ISC BIND 9 before 9.2.1 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0398 (Red-M 1050 (Bluetooth Access Point) PPP server allows bonded users to ...)
	NOT-FOR-US: Red-M
CVE-2002-0397 (Red-M 1050 (Bluetooth Access Point) publicizes its name, IP address, ...)
	NOT-FOR-US: Red-M
CVE-2002-0396 (The web management server for Red-M 1050 (Bluetooth Access Point) does ...)
	NOT-FOR-US: Red-M
CVE-2002-0395 (The TFTP server for Red-M 1050 (Bluetooth Access Point) can not be ...)
	NOT-FOR-US: Red-M
CVE-2002-0394 (Red-M 1050 (Bluetooth Access Point) uses case insensitive passwords, ...)
	NOT-FOR-US: Red-M
CVE-2002-0392 (Apache 1.3 through 1.3.24, and Apache 2.0 through 2.0.36, allows remote ...)
	- apache2 2.0.37
CVE-2002-0391 (Integer overflow in xdr_array function in RPC servers for operating ...)
	{DSA-333 DSA-149 DSA-146 DSA-143 DSA-142}
	- acm 5.0-10
	- glibc 2.2.5-13
	- dietlibc 0.20-0cvs20020808
	- krb5 1.2.5-2
	- openafs 1.2.6-1
CVE-2002-0389 (Pipermail in Mailman stores private mail messages with predictable ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0387 (Buffer overflow in gxnsapi6.dll NSAPI plugin of the Connector Module ...)
	NOT-FOR-US: Sun
CVE-2002-0384 (Buffer overflow in Jabber plug-in for Gaim client before 0.58 allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0382 (XChat IRC client allows remote attackers to execute arbitrary commands ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0381 (The TCP implementation in various BSD operating systems (tcp_input.c) ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0380 (Buffer overflow in tcpdump 3.6.2 and earlier allows remote attackers ...)
	{DSA-255}
	- tcpdump 3.7.1-1.2
CVE-2002-0379 (Buffer overflow in University of Washington imap server (uw-imapd) ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0377 (Gaim 0.57 stores sensitive information in world-readable and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0376 (Buffer overflow in Apple QuickTime 5.0 ActiveX component allows remote ...)
	NOT-FOR-US: Apple
CVE-2002-0374 (Format string vulnerability in the logging function for the pam_ldap ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0373 (The Windows Media Device Manager (WMDM) Service in Microsoft Windows ...)
	NOT-FOR-US: Microsoft
CVE-2002-0372 (Microsoft Windows Media Player versions 6.4 and 7.1 and Media Player ...)
	NOT-FOR-US: Microsoft
CVE-2002-0369 (Buffer overflow in ASP.NET Worker Process allows remote attackers to ...)
	NOT-FOR-US: Microsoft
CVE-2002-0368 (The Store Service in Microsoft Exchange 2000 allows remote attackers ...)
	NOT-FOR-US: Microsoft
CVE-2002-0367 (smss.exe debugging subsystem in Windows NT and Windows 2000 does not ...)
	NOT-FOR-US: Microsoft
CVE-2002-0366 (Buffer overflow in Remote Access Service (RAS) phonebook for Windows ...)
	NOT-FOR-US: Microsoft
CVE-2002-0364 (Buffer overflow in the chunked encoding transfer mechanism in IIS 4.0 ...)
	NOT-FOR-US: Microsoft
CVE-2002-0363 (ghostscript before 6.53 allows attackers to execute arbitrary commands ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0362 (Buffer overflow in AOL Instant Messenger (AIM) 4.2 and later allows ...)
	NOT-FOR-US: AOL
CVE-2002-0359 (xfsmd for IRIX 6.5 through 6.5.16 uses weak authentication, which ...)
	NOT-FOR-US: IRIX
CVE-2002-0358 (MediaMail and MediaMail Pro in SGI IRIX 6.5.16 and earlier allows ...)
	NOT-FOR-US: MediaMail
CVE-2002-0357 (Unknown vulnerability in rpc.passwd in the nfs.sw.nis subsystem of SGI ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0356 (Vulnerability in XFS filesystem reorganizer (fsr_xfs) in SGI IRIX ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0355 (netstat in SGI IRIX before 6.5.12 allows local users to determine the ...)
	NOT-FOR-US: SGI
CVE-2002-0339 (Cisco IOS 11.1CC through 12.2 with Cisco Express Forwarding (CEF) ...)
	NOT-FOR-US: Cisco
CVE-2002-0330 (Cross-site scripting vulnerability in codeparse.php of Open Bulletin ...)
	NOT-FOR-US: OpenBB
CVE-2002-0329 (Cross-site scripting vulnerability in Snitz Forums 2000 3.3.03 and ...)
	NOT-FOR-US: Snitz
CVE-2002-0318 (FreeRADIUS RADIUS server allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0313 (Buffer overflow in Essentia Web Server 2.1 allows remote attackers to ...)
	NOT-FOR-US: Essentia
CVE-2002-0309 (SMTP proxy in Symantec Enterprise Firewall (SEF) 6.5.x includes the ...)
	NOT-FOR-US: Symantec
CVE-2002-0302 (The Notify daemon for Symantec Enterprise Firewall (SEF) 6.5.x drops ...)
	NOT-FOR-US: Symantec
CVE-2002-0300 (gnujsp 1.0.0 and 1.0.1 allows remote attackers to list directories, ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0299 (CNet CatchUp before 1.3.1 allows attackers to execute arbitrary code ...)
	NOT-FOR-US: CatchUp
CVE-2002-0292 (Cross-site scripting vulnerability in Slash before 2.2.5, as used in ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0290 (Buffer overflow in Netwin WebNews CGI program 1.1, Webnews.exe, allows ...)
	NOT-FOR-US: WebNews
CVE-2002-0287 (pforum 1.14 and earlier does not explicitly enable PHP magic quotes, ...)
	NOT-FOR-US: pforum
CVE-2002-0276 (Buffer overflow in various decoders in Ettercap 0.6.3.1 and earlier, ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0275 (Falcon web server 2.0.0.1020 and earlier allows remote attackers to ...)
	NOT-FOR-US: Falcon
CVE-2002-0274 (Exim 3.34 and earlier may allow local users to gain privileges via a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0267 (preferences.php in Simple Internet Publishing System (SIPS) before ...)
	NOT-FOR-US: SIPS
CVE-2002-0265 (Sawmill for Solaris 6.2.14 and earlier creates the AdminPassword file ...)
	NOT-FOR-US: Sawmill
CVE-2002-0251 (Buffer overflow in licq 1.0.4 and earlier allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0250 (Web configuration utility in HP AdvanceStack hubs J3200A through ...)
	NOT-FOR-US: HP
CVE-2002-0246 (Format string vulnerability in the message catalog library functions ...)
	NOT-FOR-US: UnixWare
CVE-2002-0241 (NDSAuth.DLL in Cisco Secure Authentication Control Server (ACS) 3.0.1 ...)
	NOT-FOR-US: Cisco
CVE-2002-0237 (Buffer overflow in ISS BlackICE Defender 2.9 and earlier, BlackICE ...)
	NOT-FOR-US: ISS
CVE-2002-0226 (retrieve_password.pl in DCForum 6.x and 2000 generates predictable new ...)
	NOT-FOR-US: DCForum
CVE-2002-0213 (xkas in Xinet K-AShare 0.011.01 for IRIX allows local users to read ...)
	NOT-FOR-US: Xinet
CVE-2002-0211 (Race condition in the installation script for Tarantella Enterprise 3 ...)
	NOT-FOR-US: Tarantella
CVE-2002-0209 (Nortel Alteon ACEdirector WebOS 9.0, with the Server Load Balancing ...)
	NOT-FOR-US: Nortel
CVE-2002-0207 (Buffer overflow in Real Networks RealPlayer 8.0 and earlier allows ...)
	NOT-FOR-US: Real Networks
CVE-2002-0197 (psyBNC 2.3 beta and earlier allows remote attackers to spoof ...)
	NOT-FOR-US: psyBNC
CVE-2002-0196 (GetRelativePath in ACD Incorporated CwpAPI 1.1 only verifies if the ...)
	NOT-FOR-US: ACD
CVE-2002-0193 (Microsoft Internet Explorer 5.01 and 6.0 allow remote attackers to ...)
	NOT-FOR-US: Microsoft
CVE-2002-0191 (Microsoft Internet Explorer 5.01, 5.5 and 6.0 allows remote attackers ...)
	NOT-FOR-US: Microsoft
CVE-2002-0190 (Microsoft Internet Explorer 5.01, 5.5 and 6.0 allows remote attackers ...)
	NOT-FOR-US: Microsoft
CVE-2002-0188 (Microsoft Internet Explorer 5.01 and 6.0 allow remote attackers to ...)
	NOT-FOR-US: Microsoft
CVE-2002-0187 (Cross-site scripting vulnerability in the SQLXML component of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0186 (Buffer overflow in the SQLXML ISAPI extension of Microsoft SQL Server ...)
	NOT-FOR-US: Microsoft
CVE-2002-0185 (mod_python version 2.7.6 and earlier allows a module indirectly ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0184 (Heap-based buffer overflow in sudo before 1.6.6 may allow local users ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0181 (Cross-site scripting vulnerability in status.php3 for IMP 2.2.8 and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0179 (Buffer overflow in xpilot-server for XPilot 4.5.0 and earlier allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0178 (uudecode, as available in the sharutils package before 4.2.1, does not ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0176 (The printf wrappers in libsafe 2.0-11 and earlier do not properly ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0175 (libsafe 2.0-11 and earlier allows attackers to bypass protection ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0174 (nsd on SGI IRIX before 6.5.11 allows local users to overwrite ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0173 (Buffer overflow in cpr for the eoe.sw.cpr SGI Checkpoint-Restart ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0172 (/dev/ipfilter on SGI IRIX 6.5 is installed by /dev/MAKEDEV with ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0171 (IRISconsole 2.0 may allow users to log into the icadmin account with ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0170 (Zope 2.2.0 through 2.5.1 does not properly verify the access for ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0169 (The default stylesheet for DocBook on Red Hat Linux 6.2 through 7.2 is ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0168 (Vulnerability in Imlib before 1.9.13 allows attackers to cause a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0167 (Imlib before 1.9.13 sometimes uses the NetPBM package to load trusted ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0166 (Cross-site scripting vulnerability in analog before 5.22 allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0163 (Heap-based buffer overflow in Squid before 2.4 STABLE4, and Squid 2.5 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0160 (The administration function in Cisco Secure Access Control Server ...)
	NOT-FOR-US: Cisco
CVE-2002-0159 (Format string vulnerability in the administration function in Cisco ...)
	NOT-FOR-US: Cisco
CVE-2002-0158 (Buffer overflow in Xsun on Solaris 2.6 through 8 allows local users to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0157 (Nautilus 1.0.4 and earlier allows local users to overwrite arbitrary ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0155 (Buffer overflow in Microsoft MSN Chat ActiveX Control, as used in MSN ...)
	NOT-FOR-US: Microsoft
CVE-2002-0153 (Internet Explorer 5.1 for Macintosh allows remote attackers to bypass ...)
	NOT-FOR-US: Microsoft
CVE-2002-0152 (Buffer overflow in various Microsoft applications for Macintosh allows ...)
	NOT-FOR-US: Microsoft
CVE-2002-0151 (Buffer overflow in Multiple UNC Provider (MUP) in Microsoft Windows ...)
	NOT-FOR-US: Microsoft
CVE-2002-0150 (Buffer overflow in Internet Information Server (IIS) 4.0, 5.0, and 5.1 ...)
	NOT-FOR-US: Microsoft
CVE-2002-0149 (Buffer overflow in ASP Server-Side Include Function in IIS 4.0, 5.0 ...)
	NOT-FOR-US: Microsoft
CVE-2002-0148 (Cross-site scripting vulnerability in Internet Information Server ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0147 (Buffer overflow in the ASP data transfer mechanism in Internet ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0146 (fetchmail email client before 5.9.10 does not properly limit the ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0143 (Buffer overflow in Eterm of Enlightenment Imlib2 1.0.4 and earlier ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0139 (Pi-Soft SpoonFTP 1.1 and earlier allows remote attackers to redirect ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0128 (cgitest.exe in Sambar Server 5.1 before Beta 4 allows remote attackers ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0123 (MDG Computer Services Web Server 4D WS4D/eCommerce 3.0 and earlier, ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0121 (PHP 4.0 through 4.1.1 stores session IDs in temporary files whose name ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0120 (Apple Palm Desktop 4.0b76 and 4.0b77 creates world-readable backup ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0117 (Cross-site scripting vulnerability in Yet Another Bulletin Board ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0115 (Snort 1.8.3 does not properly define the minimum ICMP header size, ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0111 (Directory traversal vulnerability in Funsoft Dino's Webserver 1.2 and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0107 (Web administration interface in CacheFlow CacheOS 4.0.13 and earlier ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0098 (Buffer overflow in index.cgi administration interface for Boozt! ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0097 (Geeklog 1.3 allows remote attackers to hijack user accounts, including ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0096 (The installation of Geeklog 1.3 creates an extra group_assignments ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0095 (The default configuration of BSCW (Basic Support for Cooperative Work) ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0094 (config_converters.py in BSCW (Basic Support for Cooperative Work) 3.x ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0092 (CVS before 1.10.8 does not properly initialize a global variable, ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0090 (Buffer overflow in Low BandWidth X proxy (lbxproxy) in Solaris 8 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0083 (Off-by-one error in the channel code of OpenSSH 2.0 through 3.0.2 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0082 (The dbm and shm session cache code in mod_ssl before 2.8.7-1.3.23, and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0081 (Buffer overflows in (1) php_mime_split in PHP 4.1.0, 4.1.1, and 4.0.6 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0080 (rsync, when running in daemon mode, does not properly call setgroups ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0079 (Buffer overflow in the chunked encoding transfer mechanism in Internet ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0078 (The zone determination function in Microsoft Internet Explorer 5.5 and ...)
	NOT-FOR-US: Microsoft
CVE-2002-0076 (Java Runtime Environment (JRE) Bytecode Verifier allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0075 (Cross-site scripting vulnerability for Internet Information Server ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0074 (Cross-site scripting vulnerability in Help File search facility for ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0073 (The FTP service in Internet Information Server (IIS) 4.0, 5.0 and 5.1 ...)
	NOT-FOR-US: Microsoft
CVE-2002-0072 (The w3svc.dll ISAPI filter in Front Page Server Extensions and ASP.NET ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0071 (Buffer overflow in the ism.dll ISAPI extension that implements HTR ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0070 (Buffer overflow in Windows Shell (used as the Windows Desktop) allows ...)
	NOT-FOR-US: Microsoft
CVE-2002-0069 (Memory leak in SNMP in Squid 2.4 STABLE3 and earlier allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0068 (Squid 2.4 STABLE3 and earlier allows remote attackers to cause a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0067 (Squid 2.4 STABLE3 and earlier does not properly disable HTCP, even ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0066 (Funk Software Proxy Host 3.x before 3.09A creates a Named Pipe that ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0065 (Funk Software Proxy Host 3.x uses weak encryption for the Proxy Host ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0064 (Funk Software Proxy Host 3.x is installed with insecure permissions ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0063 (Buffer overflow in ippRead function of CUPS before 1.1.14 may allow ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0062 (Buffer overflow in ncurses 5.0, and the ncurses4 compatibility package ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0061 (Apache for Win32 before 1.3.24, and 2.0.x before 2.0.34-beta, allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0060 (IRC connection tracking helper module in the netfilter subsystem for ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0059 (The decompression algorithm in zlib 1.1.3 and earlier, as used in many ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0057 (XMLHTTP control in Microsoft XML Core Services 2.6 and later does not ...)
	NOT-FOR-US: Microsoft
CVE-2002-0055 (SMTP service in Microsoft Windows 2000, Windows XP Professional, and ...)
	NOT-FOR-US: Microsoft
CVE-2002-0054 (SMTP service in (1) Microsoft Windows 2000 and (2) Internet Mail ...)
	NOT-FOR-US: Microsoft
CVE-2002-0052 (Internet Explorer 6.0 and earlier does not properly handle VBScript in ...)
	NOT-FOR-US: Microsoft
CVE-2002-0051 (Windows 2000 allows local users to prevent the application of new ...)
	NOT-FOR-US: Microsoft
CVE-2002-0050 (Buffer overflow in AuthFilter ISAPI filter on Microsoft Commerce ...)
	NOT-FOR-US: Microsoft
CVE-2002-0049 (Microsoft Exchange Server 2000 System Attendant gives &quot;Everyone&quot; group ...)
	NOT-FOR-US: Microsoft
CVE-2002-0047 (CIPE VPN package before 1.3.0-3 allows remote attackers to cause a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0046 (Linux kernel, and possibly other operating systems, allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0045 (slapd in OpenLDAP 2.0 through 2.0.19 allows local users, and anonymous ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0044 (GNU Enscript 1.6.1 and earlier allows local users to overwrite ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0043 (sudo 1.6.0 through 1.6.3p7 does not properly clear the environment ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0042 (Vulnerability in the XFS file system for SGI IRIX before 6.5.12 allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0040 (Vulnerability in SGI IRIX 6.5.11 through 6.5.15f allows local users to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0038 (Vulnerability in the cache-limiting function of the unified name ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0036 (Integer signedness error in MIT Kerberos V5 ASN.1 decoder before krb5 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0033 (Heap-based buffer overflow in cfsd_calloc function of Solaris cachefsd ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0032 (Yahoo! Messenger 5,0,0,1064 and earlier allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0028 (Buffer overflow in ICQ before 2001B Beta v5.18 Build #3659 allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0027 (Internet Explorer 5.5 and 6.0 allows remote attackers to read certain ...)
	NOT-FOR-US: Microsoft
CVE-2002-0026 (Internet Explorer 5.5 and 6.0 allows remote attackers to bypass ...)
	NOT-FOR-US: Microsoft
CVE-2002-0025 (Internet Explorer 5.01, 5.5 and 6.0 does not properly handle the ...)
	NOT-FOR-US: Microsoft
CVE-2002-0024 (File Download box in Internet Explorer 5.01, 5.5 and 6.0 allows an ...)
	NOT-FOR-US: Microsoft
CVE-2002-0023 (Internet Explorer 5.01, 5.5 and 6.0 allows remote attackers to read ...)
	NOT-FOR-US: Microsoft
CVE-2002-0022 (Buffer overflow in the implementation of an HTML directive in ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0021 (Network Product Identification (PID) Checker in Microsoft Office v. X ...)
	NOT-FOR-US: Microsoft
CVE-2002-0020 (Buffer overflow in telnet server in Windows 2000 and Interix 2.2 ...)
	NOT-FOR-US: Microsoft
CVE-2002-0018 (In Microsoft Windows NT and Windows 2000, a trusting domain that ...)
	NOT-FOR-US: Microsoft
CVE-2002-0017 (Buffer overflow in SNMP daemon (snmpd) on SGI IRIX 6.5 through 6.5.15m ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0014 (URL-handling code in Pine 4.43 and earlier allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0011 (Information leak in doeditvotes.cgi in Bugzilla before 2.14.1 may ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0009 (show_bug.cgi in Bugzilla before 2.14.1 allows a user with &quot;Bugs ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0007 (CGI.pl in Bugzilla before 2.14.1, when using LDAP, allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0006 (XChat 1.8.7 and earlier, including default configurations of 1.4.2 and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0005 (Buffer overflow in AOL Instant Messenger (AIM) 4.7.2480, 4.8.2616, and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0004 (Heap corruption vulnerability in the &quot;at&quot; program allows local users ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0003 (Buffer overflow in the preprocessor in groff 1.16 and earlier allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0002 (Format string vulnerability in stunnel before 3.22 when used in client ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1407 (Bugzilla before 2.14 allows Bugzilla users to bypass group security ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1406 (process_bug.cgi in Bugzilla before 2.14 does not set the &quot;groupset&quot; ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1391 (Off-by-one vulnerability in CPIA driver of Linux kernel before 2.2.19 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1386 (WFTPD 3.00 allows remote attackers to read arbitrary files by ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1385 (The Apache module for PHP 4.0.0 through PHP 4.0.4, when disabled with ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1383 (initscript in setserial 2.17-4 and earlier uses predictable temporary ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1382 (The &quot;echo simulation&quot; traffic analysis countermeasure in OpenSSH ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1380 (OpenSSH before 2.9.9, while using keypairs and multiple keys of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1378 (fetchmailconf in fetchmail before 5.7.4 allows local users to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1375 (tcl/tk package (tcltk) 8.3.1 searches for its libraries in the current ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1374 (expect before 5.32 searches for its libraries in /var/tmp before other ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1373 (MailSafe in Zone Labs ZoneAlarm 2.6 and earlier and ZoneAlarm Pro 2.6 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1372 (Oracle 9i Application Server 1.0.2 allows remote attackers to obtain ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1371 (The default configuration of Oracle Application Server 9iAS 1.0.2.2 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1370 (prepend.php3 in PHPLib before 7.2d, when register_globals is enabled ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1369 (Leon J Breedt pam-pgsql before 0.5.2 allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1367 (The checkAccess function in PHPSlice 0.1.4, and all other versions ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1359 (Volution clients 1.0.7 and earlier attempt to contact the computer ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1352 (Cross-site scripting vulnerability in Namazu 2.0.9 and earlier allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1351 (Cross-site scripting vulnerability in Namazu 2.0.8 and earlier allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1350 (Cross-site scripting vulnerability in namazu.cgi for Namazu 2.0.7 and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1349 (Sendmail before 8.11.4, and 8.12.0 before 8.12.0.Beta10, allows local ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1347 (Windows 2000 allows local users to cause a denial of service and ...)
	NOT-FOR-US: Microsoft
CVE-2001-1345 (bctool in Jetico BestCrypt 0.7 and earlier trusts the user-supplied ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1342 (Apache before 1.3.20 on Windows and OS/2 systems allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1334 (Block_render_url.class in PHPSlash 0.6.1 allows remote attackers with ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1328 (Buffer overflow in ypbind daemon in Solaris 5.4 through 8 allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1327 (pmake before 2.1.35 in Turbolinux 6.05 and earlier is installed with ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1322 (xinetd 2.1.8 and earlier runs with a default umask of 0, which could ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1303 (The default configuration of SecuRemote for Check Point Firewall-1 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1302 (The change password option in the Windows Security interface for ...)
	NOT-FOR-US: Microsoft
CVE-2001-1301 (rcs2log, as used in Emacs 20.4, xemacs 21.1.10 and other versions ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1299 (Zorbat Zorbstats PHP script before 0.9 allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1297 (PHP remote file inclusion vulnerability in Actionpoll PHP script ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1296 (More.groupware PHP script allows remote attackers to include arbitrary ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1295 (Directory traversal vulnerability in Cerberus FTP Server 1.5 and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1291 (The telnet server for 3Com hardware such as PS40 SuperStack II does ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1279 (Buffer overflow in print-rx.c of tcpdump 3.x (probably 3.6x) allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1277 (makewhatis in the man package before 1.5i2 allows an attacker in group ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1276 (ispell before 3.1.20 allows local users to overwrite files of other ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1267 (Directory traversal vulnerability in GNU tar 1.13.19 and earlier ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1266 (Directory traversal vulnerability in Doug Neal's HTTPD Daemon ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1252 (Network Associates PGP Keyserver 7.0 allows remote attackers to bypass ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1251 (SmallHTTP 1.204 through 3.00 beta 8 allows remote attackers to cause a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1247 (PHP 4.0.4pl1 and 4.0.5 in safe mode allows remote attackers to read ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1246 (PHP 4.0.5 through 4.1.0 in safe mode does not properly cleanse the 5th ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1240 (The default configuration of sudo in Engarde Secure Linux 1.0.1 allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1237 (Phormation PHP script 0.9.1 and earlier allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1236 (myphpPagetool PHP script 0.4.3-1 and earlier allows remote attackers ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1235 (pSlash PHP script 0.7 and earlier allows remote attackers to execute ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1234 (Bharat Mediratta Gallery PHP script before 1.2.1 allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1231 (GroupWise 5.5 and 6 running in live remote or smart caching mode ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1227 (Zope before 2.2.4 allows partially trusted users to bypass security ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1215 (Format string vulnerability in PFinger 0.7.5 through 0.7.7 allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1203 (Format string vulnerability in gpm-root in gpm 1.17.8 through 1.17.18 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1201 (Buffer overflow in wmcube-gdk for WMCube/GDK 0.98 allows local users ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1200 (Microsoft Windows XP allows local users to bypass a locked screen and ...)
	NOT-FOR-US: Microsoft
CVE-2001-1199 (Cross-site scripting vulnerability in agora.cgi for Agora 3.0a through ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1193 (Directory traversal vulnerability in EFTP 2.0.8.346 allows local users ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1186 (Microsoft IIS 5.0 allows remote attackers to cause a denial of service ...)
	NOT-FOR-US: Microsoft
CVE-2001-1185 (Some AIO operations in FreeBSD 4.4 may be delayed until after a call ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1183 (PPTP implementation in Cisco IOS 12.1 and 12.2 allows remote attackers ...)
	NOT-FOR-US: Cisco
CVE-2001-1180 (FreeBSD 4.3 does not properly clear shared signal handlers when ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1177 (ml85p in Samsung ML-85G GDI printer driver before 0.2.0 allows local ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1176 (Format string vulnerability in Check Point VPN-1/FireWall-1 4.1 allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1175 (vipw in the util-linux package before 2.10 causes /etc/shadow to be ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1174 (Buffer overflow in Elm 2.5.5 and earlier allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1172 (OmniSecure HTTProtect 1.1.1 allows a superuser without omnish ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1166 (linprocfs on FreeBSD 4.3 and earlier does not properly restrict access ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1162 (Directory traversal vulnerability in the %m macro in the smb.conf ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1161 (Cross-site scripting (CSS) vulnerability in Lotus Domino 5.0.6 allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1160 (udirectory.pl in Microburst Technologies uDirectory 2.0 and earlier ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1158 (Check Point VPN-1/FireWall-1 4.1 base.def contains a default macro, ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1155 (TCP Wrappers (tcp_wrappers) in FreeBSD 4.1.1 through 4.3 with the ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1153 (lpsystem in OpenUnix 8.0.0 allows local users to cause a denial of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1149 (Panda Antivirus Platinum before 6.23.00 allows a remore attacker to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1147 (The PAM implementation in /bin/login of the util-linux package before ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1146 (AllCommerce with debugging enabled in EnGarde Secure Linux 1.0.1 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1145 (fts routines in FreeBSD 4.3 and earlier, NetBSD before 1.5.2, and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1144 (Directory traversal vulnerability in McAfee ASaP VirusScan agent 1.0 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1141 (The Pseudo-Random Number Generator (PRNG) in SSLeay and OpenSSL before ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1132 (Mailman 2.0.x before 2.0.6 allows remote attackers to gain access to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1130 (Sdbsearch.cgi in SuSE Linux 6.0-7.2 could allow remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1121 (DEPRECATED.  This entry has been deprecated.  It is a duplicate of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1119 (cda in xmcd 3.0.2 and 2.6 in SuSE Linux allows local users to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1118 (A module in Roxen 2.0 before 2.0.92, and 2.1 before 2.1.264, does not ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1117 (LinkSys EtherFast BEFSR41 Cable/DSL routers running firmware before ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1116 (Identix BioLogon 2.03 and earlier does not lock secondary displays on ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1113 (Buffer overflow in TrollFTPD 1.26 and earlier allows local users to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1108 (Directory traversal vulnerability in SnapStream PVS 1.2a allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1106 (The default configuration of Sambar Server 5 and earlier uses a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1103 (FTP Voyager ActiveX control before 8.0, when it is marked as safe for ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1100 (sendmessage.cgi in W3Mail 1.0.2, and possibly other CGI programs, ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1099 (The default configuration of Norton AntiVirus for Microsoft Exchange ...)
	NOT-FOR-US: Norton
CVE-2001-1098 (Cisco PIX firewall manager (PFM) 4.3(2)g logs the enable password in ...)
	NOT-FOR-US: Cisco
CVE-2001-1096 (Buffer overflows in muxatmd in AIX 4 allows an attacker to cause a ...)
	NOT-FOR-US: AIX
CVE-2001-1095 (Buffer overflow in uuq in AIX 4 could alllow local users to execute ...)
	NOT-FOR-US: AIX
CVE-2001-1089 (libnss-pgsql in nss-pgsql 0.9.0 and earlier allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1088 (Microsoft Outlook 8.5 and earlier, and Outlook Express 5 and earlier, ...)
	NOT-FOR-US: Microsoft
CVE-2001-1085 (Lmail 2.7 and earlier allows local users to overwrite arbitrary files ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1084 (Cross-site scripting vulnerability in Allaire JRun 3.0 and 2.3.3 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1083 (Icecast 1.3.7, and other versions before 1.3.11 with HTTP server file ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1081 (Format string vulnerabilities in Livingston/Lucent RADIUS before ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1080 (diagrpt in AIX 4.3.x and 5.1 uses the DIAGDATADIR environment variable ...)
	NOT-FOR-US: AIX
CVE-2001-1079 (create_keyfiles in PSSP 3.2 with DCE 3.1 authentication on AIX creates ...)
	NOT-FOR-US: AIX
CVE-2001-1075 (poprelayd script before 2.0 in Cobalt RaQ3 servers allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1074 (Webmin 0.84 and earlier does not properly clear the HTTP_AUTHORIZATION ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1072 (Apache with mod_rewrite enabled on most UNIX systems allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1071 (Cisco IOS 12.2 and earlier running Cisco Discovery Protocol (CDP) ...)
	NOT-FOR-US: Cisco
CVE-2001-1069 (libCoolType library as used in Adobe Acrobat (acroread) on Linux ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1067 (Buffer overflow in AOLserver 3.0 allows remote attackers to cause a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1066 (ns6install installation script for Netscape 6.01 on Solaris, and other ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1063 (Buffer overflow in uidadmin in Caldera Open Unix 8.0.0 and UnixWare 7 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1062 (Buffer overflow in mana in OpenServer 5.0.6a and earlier allows local ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1059 (VMWare creates a temporary file vmware-log.USERNAME with insecure ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1056 (IRC DCC helper in the ip_masq_irc IP masquerading module 2.2 allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1055 (The Microsoft Windows network stack allows remote attackers to cause a ...)
	NOT-FOR-US: Microsoft
CVE-2001-1054 (PHPAdsNew PHP script allows remote attackers to include arbitrary ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1053 (AdLogin.pm in AdCycle 1.15 and earlier allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1049 (Phorecast PHP script before 0.40 allows remote attackers to include ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1048 (AWOL PHP script allows remote attackers to include arbitrary files ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1046 (Buffer overflow in qpopper (aka qpop or popper) 4.0 through 4.0.2 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1043 (ArGoSoft FTP Server 1.2.2.2 allows remote attackers to read arbitrary ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1038 (Cisco SN 5420 Storage Router 1.1(3) and earlier allows remote ...)
	NOT-FOR-US: Cisco
CVE-2001-1037 (Cisco SN 5420 Storage Router 1.1(3) and earlier allows local users to ...)
	NOT-FOR-US: Cisco
CVE-2001-1036 (GNU locate in findutils 4.1 on Slackware 7.1 and 8.0 allows local ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1035 (Binary decoding feature of slrn 0.9 and earlier allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1032 (admin.php in PHP-Nuke 5.2 and earlier, except 5.0RC1, does not check ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1030 (Squid before 2.3STABLE5 in HTTP accelerator mode does not enable ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1029 (libutil in OpenSSH on FreeBSD 4.4 and earlier does not drop privileges ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1028 (Buffer overflow in ultimate_source function of man 1.5 and earlier ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1027 (Buffer overflow in WindowMaker (aka wmaker) 0.64 and earlier allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1022 (Format string vulnerability in pic utility in groff 1.16.1 and other ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1020 (edit_image.php in Vibechild Directory Manager before 0.91 allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1017 (rmuser utility in FreeBSD 4.2 and 4.3 creates a copy of the ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1016 (PGP Corporate Desktop before 7.1, Personal Security before 7.0.3, ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1011 (index2.php in Mambo Site Server 3.0.0 through 3.0.5 allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1010 (Directory traversal vulnerability in pagecount CGI script in Sambar ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1008 (Java Plugin 1.4 for JRE 1.3 executes signed applets even if the ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1002 (The default configuration of the DVI print filter (dvips) in Red Hat ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0998 (IBM HACMP 4.4 allows remote attackers to cause a denial of service via ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0995 (PHProjekt before 2.4a allows remote attackers to perform actions as ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0993 (sendmsg function in NetBSD 1.3 through 1.5 allows local users to cause ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0987 (Cross-site scripting vulnerability in CGIWrap before 3.7 allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0982 (Directory traversal vulnerability in IBM Tivoli WebSEAL Policy ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0981 (HP CIFS/9000 Server (SAMBA) A.01.07 and earlier with the &quot;unix ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0980 (docview before 1.0-15 allows remote attackers to execute arbitrary ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0978 (login in HP-UX 10.26 does not record failed login attempts in ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0977 (slapd in OpenLDAP 1.x before 1.2.12, and 2.x before 2.0.8, allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0973 (BSCW groupware system 3.3 through 4.0.2 beta allows remote attackers ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0969 (ipfw in FreeBSD does not properly handle the use of &quot;me&quot; in its rules ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0965 (glFTPD 1.23 allows remote attackers to cause a denial of service (CPU ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0963 (Directory traversal vulnerability in SpoonFTP 1.1 allows local and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0962 (IBM WebSphere Application Server 3.02 through 3.53 uses predictable ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0961 (Buffer overflow in tab expansion capability of the most program allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0960 (Computer Associates ARCserve for NT 6.61 SP2a and ARCserve 2000 7.0 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0959 (Computer Associates ARCserve for NT 6.61 SP2a and ARCserve 2000 7.0 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0954 (Lotus Domino 5.0.5 and 5.0.8, and possibly other versions, allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0951 (Windows 2000 allows remote attackers to cause a denial of service (CPU ...)
	NOT-FOR-US: Microsoft
CVE-2001-0946 (apmscript in Apmd in Red Hat 7.2 &quot;Enigma&quot; allows local users to create ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0940 (Buffer overflow in the GUI authentication code of Check Point ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0939 (Lotus Domino 5.08 and earlier allows remote attackers to cause a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0936 (Buffer overflow in Frox transparent FTP proxy 0.6.6 and earlier, with ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0929 (Cisco IOS Firewall Feature set, aka Context Based Access Control ...)
	NOT-FOR-US: Cisco
CVE-2001-0921 (Netscape 4.79 and earlier for MacOS allows an attacker with access to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0920 (Format string vulnerability in auto nice daemon (AND) 1.0.4 and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0918 (Vulnerabilities in CGI scripts in susehelp in SuSE 7.2 and 7.3 allow ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0917 (Jakarta Tomcat 4.0.1 allows remote attackers to reveal physical path ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0914 (Linux kernel before 2.4.11pre3 in multiple Linux distributions allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0912 (Packaging error for expect 8.3.3 in Mandrake Linux 8.1 causes expect ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0909 (Buffer overflow in helpctr.exe program in Microsoft Help Center for ...)
	NOT-FOR-US: Microsoft
CVE-2001-0907 (Linux kernel 2.2.1 through 2.2.19, and 2.4.1 through 2.4.10, allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0906 (teTeX filter before 1.0.7 allows local users to gain privileges via a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0905 (Race condition in signal handling of procmail 3.20 and earlier, when ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0902 (Microsoft IIS 5.0 allows remote attackers to spoof web log entries via ...)
	NOT-FOR-US: Microsoft
CVE-2001-0901 (Hypermail allows remote attackers to execute arbitrary commands on a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0900 (Directory traversal vulnerability in modules.php in Gallery before ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0899 (Network Tools 0.2 for PHP-Nuke allows remote attackers to execute ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0896 (Inetd in OpenServer 5.0.5 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0895 (Multiple Cisco networking products allow remote attackers to cause a ...)
	NOT-FOR-US: Cisco
CVE-2001-0894 (Vulnerability in Postfix SMTP server before 20010228-pl07, when ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0891 (Format string vulnerability in NQS daemon (nqsdaemon) in NQE 3.3.0.16 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0889 (Exim 3.22 and earlier, in some configurations, does not properly ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0888 (Atmel Firmware 1.3 Wireless Access Point (WAP) allows remote attackers ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0887 (xSANE 0.81 and earlier allows local users to modify files of other ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0886 (Buffer overflow in glob function of glibc allows attackers to cause a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0884 (Cross-site scripting vulnerability in Mailman email archiver before ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0879 (Format string vulnerability in the C runtime functions in SQL Server ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0877 (Universal Plug and Play (UPnP) on Windows 98, 98SE, ME, and XP allows ...)
	NOT-FOR-US: Microsoft
CVE-2001-0876 (Buffer overflow in Universal Plug and Play (UPnP) on Windows 98, 98SE, ...)
	NOT-FOR-US: Microsoft
CVE-2001-0875 (Internet Explorer 5.5 and 6.0 allows remote attackers to cause the ...)
	NOT-FOR-US: Microsoft
CVE-2001-0874 (Internet Explorer 5.5 and 6.0 allow remote attackers to read certain ...)
	NOT-FOR-US: Microsoft
CVE-2001-0873 (uuxqt in Taylor UUCP package does not properly remove dangerous long ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0872 (OpenSSH 3.0.1 and earlier with UseLogin enabled does not properly ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0869 (Format string vulnerability in the default logging callback function ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0867 (Cisco 12000 with IOS 12.0 and line cards based on Engine 2 does not ...)
	NOT-FOR-US: Cisco
CVE-2001-0866 (Cisco 12000 with IOS 12.0 and lines card based on Engine 2 does not ...)
	NOT-FOR-US: Cisco
CVE-2001-0865 (Cisco 12000 with IOS 12.0 and line cards based on Engine 2 does not ...)
	NOT-FOR-US: Cisco
CVE-2001-0864 (Cisco 12000 with IOS 12.0 and line cards based on Engine 2 does not ...)
	NOT-FOR-US: Cisco
CVE-2001-0863 (Cisco 12000 with IOS 12.0 and line cards based on Engine 2 does not ...)
	NOT-FOR-US: Cisco
CVE-2001-0862 (Cisco 12000 with IOS 12.0 and line cards based on Engine 2 does not ...)
	NOT-FOR-US: Cisco
CVE-2001-0861 (Cisco 12000 with IOS 12.0 and line cards based on Engine 2 and earlier ...)
	NOT-FOR-US: Cisco
CVE-2001-0860 (Terminal Services Manager MMC in Windows 2000 and XP trusts the Client ...)
	NOT-FOR-US: Microsoft
CVE-2001-0859 (2.4.3-12 kernel in Red Hat Linux 7.1 Korean installation program sets ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0857 (Cross-site scripting vulnerability in status.php3 in Imp Webmail 2.2.6 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0852 (TUX HTTP server 2.1.0-2 in Red Hat Linux allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0851 (Linux kernel 2.0, 2.2 and 2.4 with syncookies enabled allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0850 (A configuration error in the libdb1 package in OpenLinux 3.1 uses ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0846 (Lotus Domino 5.x allows remote attackers to read files or execute ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0843 (Squid proxy server 2.4 and earlier allows remote attackers to cause a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0837 (DeltaThree Pc-To-Phone 3.0.3 places sensitive data in world-readable ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0836 (Buffer overflow in Oracle9iAS Web Cache 2.0.0.1 allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0834 (htsearch CGI program in htdig (ht://Dig) 3.1.5 and earlier allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0833 (Buffer overflow in otrcrep in Oracle 8.0.x through 9.0.1 allows local ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0830 (6tunnel 0.08 and earlier does not properly close sockets that were ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0828 (A cross-site scripting vulnerability in Caucho Technology Resin before ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0825 (Buffer overflow in internal string handling routines of xinetd before ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0823 (The pmpost program in Performance Co-Pilot (PCP) before 2.2.1-3 allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0822 (FPF kernel module 1.0 allows a remote attacker to cause a denial of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0819 (A buffer overflow in Linux fetchmail before 5.8.6 allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0816 (OpenSSH before 2.9.9, when running sftp using sftp-server and using ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0815 (Buffer overflow in PerlIS.dll in Activestate ActivePerl 5.6.1.629 and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0806 (Apple MacOS X 10.0 and 10.1 allow a local user to read and write to a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0805 (Directory traversal vulnerability in ttawebtop.cgi in Tarantella ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0804 (Directory traversal vulnerability in story.pl in Interactive Story 1.3 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0803 (Buffer overflow in the client connection routine of libDtSvc.so.1 in ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0801 (lpstat in IRIX 6.5.13f and earlier allows local users to gain root ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0797 (Buffer overflow in login in various System V based operating systems ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0796 (SGI IRIX 6.5 through 6.5.12f and possibly earlier versions, and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0792 (Format string vulnerability in XChat 1.2.x allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0787 (LPRng in Red Hat Linux 7.0 and 7.1 does not properly drop memberships ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0784 (Directory traversal vulnerability in Icecast 1.3.10 and earlier allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0779 (Buffer overflow in rpc.yppasswdd (yppasswd server) in Solaris 2.6, 7 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0774 (Tripwire 1.3.1, 2.2.1 and 2.3.0 allows local users to overwrite ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0773 (Cayman 3220-H DSL Router 1.0 allows remote attacker to cause a denial ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0770 (Buffer overflow in GuildFTPd Server 0.97 allows remote attacker to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0769 (Memory leak in GuildFTPd Server 0.97 allows remote attackers to cause ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0765 (BisonFTP V4R1 allows local users to access directories outside of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0764 (Buffer overflow in ntping in scotty 2.1.0 allows local users to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0763 (Buffer overflow in Linux xinetd 2.1.8.9pre11-1 and earlier may allow ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0760 (Citrix Nfuse 1.51 allows remote attackers to obtain the absolute path ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0757 (Cisco 6400 Access Concentrator Node Route Processor 2 (NRP2) 12.1DC ...)
	NOT-FOR-US: Cisco
CVE-2001-0754 (Cisco CBOS 2.3.8 and earlier allows remote attackers to cause a denial ...)
	NOT-FOR-US: Cisco
CVE-2001-0752 (Cisco CBOS 2.3.8 and earlier allows remote attackers to cause a denial ...)
	NOT-FOR-US: Cisco
CVE-2001-0751 (Cisco switches and routers running CBOS 2.3.8 and earlier use ...)
	NOT-FOR-US: Cisco
CVE-2001-0750 (Cisco IOS 12.1(2)T, 12.1(3)T allow remote attackers to cause a denial ...)
	NOT-FOR-US: Cisco
CVE-2001-0749 (Beck IPC GmbH IPC@CHIP Embedded-Webserver allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0748 (Acme.Serve 1.7, as used in Cisco Secure ACS Unix and possibly other ...)
	NOT-FOR-US: Cisco
CVE-2001-0745 (Netscape 4.7x allows remote attackers to obtain sensitive information ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0741 (Cisco Hot Standby Routing Protocol (HSRP) allows local attackers to ...)
	NOT-FOR-US: Cisco
CVE-2001-0740 (3COM OfficeConnect 812 and 840 ADSL Router 4.2, running OCR812 router ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0739 (Guardian Digital WebTool in EnGarde Secure Linux 1.0.1 allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0738 (LogLine function in klogd in sysklogd 1.3 in various Linux ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0733 (The #sinclude directive in Embedded Perl (ePerl) 2.2.14 and earlier ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0731 (Apache 1.3.20 with Multiviews enabled allows remote attackers to view ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0730 (split-logfile in Apache 1.3.20 allows remote attackers to overwrite ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0728 (Buffer overflow in Compaq Management Agents before 5.2, included in ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0727 (Internet Explorer 6.0 allows remote attackers to execute arbitrary ...)
	NOT-FOR-US: Microsoft
CVE-2001-0726 (Outlook Web Access (OWA) in Microsoft Exchange 5.5 Server, when used ...)
	NOT-FOR-US: Microsoft
CVE-2001-0724 (Internet Explorer 5.5 allows remote attackers to bypass security ...)
	NOT-FOR-US: Microsoft
CVE-2001-0723 (Internet Explorer 5.5 and 6.0 allows remote attackers to read and ...)
	NOT-FOR-US: Microsoft
CVE-2001-0722 (Internet Explorer 5.5 and 6.0 allows remote attackers to read and ...)
	NOT-FOR-US: Microsoft
CVE-2001-0720 (Internet Explorer 5.1 for Macintosh on Mac OS X allows remote ...)
	NOT-FOR-US: Microsoft
CVE-2001-0719 (Buffer overflow in Microsoft Windows Media Player 6.4 allows remote ...)
	NOT-FOR-US: Microsoft
CVE-2001-0718 (Vulnerability in (1) Microsoft Excel 2002 and earlier and (2) ...)
	NOT-FOR-US: Microsoft
CVE-2001-0717 (Format string vulnerability in ToolTalk database server ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0716 (Citrix MetaFrame 1.8 Server with Service Pack 3, and XP Server Service ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0710 (NetBSD 1.5 and earlier and FreeBSD 4.3 and earlier allows a remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0706 (Maximum Rumpus FTP Server 2.0.3 dev and before allows an attacker to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0701 (Buffer overflow in ptexec in the Sun Validation Test Suite 4.3 and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0700 (Buffer overflow in w3m 0.2.1 and earlier allows a remote attacker to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0699 (Buffer overflow in cb_reset in the System Service Processor (SSP) ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0698 (Directory traversal vulnerability in NetWin SurgeFTP 2.0a and 1.0b ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0697 (NetWin SurgeFTP prior to 1.1h allows a remote attacker to cause a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0696 (NetWin SurgeFTP 2.0a and 1.0b allows a remote attacker to cause a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0692 (SMTP proxy in WatchGuard Firebox (2500 and 4500) 4.5 and 4.6 allows a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0690 (Format string vulnerability in exim (3.22-10 in Red Hat, 3.12 in ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0686 (Buffer overflow in mail included with SunOS 5.8 for x86 allows a local ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0685 (Thibault Godouet FCron prior to 1.1.1 allows a local user to corrupt ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0682 (ZoneAlarm and ZoneAlarm Pro allows a local attacker to cause a denial ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0680 (Directory traversal vulnerability in ftpd in QPC QVT/Net 4.0 and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0677 (Eudora 5.0.2 allows a remote attacker to read arbitrary files via an ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0676 (Directory traversal vulnerability in Rit Research Labs The Bat! 1.48f ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0675 (Rit Research Labs The Bat! 1.51 for Windows allows a remote attacker ...)
	NOT-FOR-US: Microsoft
CVE-2001-0670 (Buffer overflow in BSD line printer daemon (in.lpd or lpd) in various ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0668 (Buffer overflow in line printer daemon (rlpdaemon) in HP-UX 10.01 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0667 (Internet Explorer 6 and earlier, when used with the Telnet client in ...)
	NOT-FOR-US: Microsoft
CVE-2001-0666 (Outlook Web Access (OWA) in Microsoft Exchange 2000 allows an ...)
	NOT-FOR-US: Microsoft
CVE-2001-0665 (Internet Explorer 6 and earlier allows remote attackers to cause ...)
	NOT-FOR-US: Microsoft
CVE-2001-0664 (Internet Explorer 5.5 and 5.01 allows remote attackers to bypass ...)
	NOT-FOR-US: Microsoft
CVE-2001-0663 (Terminal Server in Windows NT and Windows 2000 allows remote ...)
	NOT-FOR-US: Microsoft
CVE-2001-0662 (RPC endpoint mapper in Windows NT 4.0 allows remote attackers to cause ...)
	NOT-FOR-US: Microsoft
CVE-2001-0660 (Outlook Web Access (OWA) in Microsoft Exchange 5.5, SP4 and earlier, ...)
	NOT-FOR-US: Microsoft
CVE-2001-0659 (Buffer overflow in IrDA driver providing infrared data exchange on ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0658 (Cross-site scripting (CSS) vulnerability in Microsoft Internet ...)
	NOT-FOR-US: Microsoft
CVE-2001-0653 (Sendmail 8.10.0 through 8.11.5, and 8.12.0 beta, allows local users to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0652 (Heap overflow in xlock in Solaris 2.6 through 8 allows local users to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0650 (Cisco devices IOS 12.0 and earlier allow a remote attacker to cause a ...)
	NOT-FOR-US: Cisco
CVE-2001-0648 (Directory traversal vulnerability in PHProjekt 2.1 and earlier allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0646 (Maxum Rumpus FTP Server 1.3.3 and 2.0.3 dev 3 allows a remote attacker ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0644 (Maxum Rumpus FTP Server 1.3.3 and 2.0.3 dev 3 stores passwords in ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0643 (Internet Explorer 5.5 does not display the Class ID (CLSID) when it is ...)
	NOT-FOR-US: Microsoft
CVE-2001-0641 (Buffer overflow in man program in various distributions of Linux ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0635 (Red Hat Linux 7.1 sets insecure permissions on swap files created ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0634 (Sun Chili!Soft ASP has weak permissions on various configuration ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0631 (Centrinity First Class Internet Services 5.50 allows for the ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0630 (Directory traversal vulnerability in MIMAnet viewsrc.cgi 2.0 allows a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0629 (HP Event Correlation Service (ecsd) as included with OpenView Network Node  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0628 (Microsoft Word 2000 does not check AutoRecovery (.asd) files for ...)
	NOT-FOR-US: Microsoft
CVE-2001-0627 (vi as included with SCO OpenServer 5.0 - 5.0.6 allows a local attacker ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0626 (O'Reilly Website Professional 2.5.4 and earlier allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0625 (ftpdownload in Computer Associates InoculateIT 6.0 allows a local ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0622 (The web management service on Cisco Content Service series 11000 ...)
	NOT-FOR-US: Cisco
CVE-2001-0621 (The FTP server on Cisco Content Service 11000 series switches (CSS) ...)
	NOT-FOR-US: Cisco
CVE-2001-0616 (Faust Informatics Freestyle Chat server prior to 4.1 SR3 allows a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0615 (Directory traversal vulnerability in Faust Informatics Freestyle Chat ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0613 (Omnicron Technologies OmniHTTPD Professional 2.08 and earlier allows a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0612 (McAfee Remote Desktop 3.0 and earlier allows remote attackers to cause ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0611 (Becky! 2.00.05 and earlier can allow a remote attacker to gain ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0596 (Netscape Communicator before 4.77 allows remote attackers to execute ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0595 (Buffer overflow in the kcsSUNWIOsolf.so library in Solaris 7 and 8 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0594 (kcms_configure as included with Solaris 7 and 8 allows a local ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0593 (Ananconda Partners Clipper 3.3 and earlier allows a remote attacker to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0591 (Directory traversal vulnerability in Oracle JSP 1.0.x through 1.1.1 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0590 (Apache Software Foundation Tomcat Servlet prior to 3.2.2 allows a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0589 (NetScreen ScreenOS prior to 2.5r6 on the NetScreen-10 and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0586 (TrendMicro ScanMail for Exchange 3.5 Evaluation allows a local ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0585 (Gordano NTMail 6.0.3c allows a remote attacker to create a denial of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0574 (Directory traversal vulnerability in MP3Mystic prior to 1.04b3 allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0573 (lsfs in AIX 4.x allows a local user to gain additional privileges by ...)
	NOT-FOR-US: AIX
CVE-2001-0567 (Digital Creations Zope 2.3.2 and earlier allows a local attacker ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0565 (Buffer overflow in mailx in Solaris 8 and earlier allows a local ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0564 (APC Web/SNMP Management Card prior to Firmware 310 only supports one ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0563 (ElectroSystems Engineering Inc. ElectroComm 2.0 and earlier allows a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0560 (Buffer overflow in Vixie cron 3.0.1-56 and earlier could allow a local ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0559 (crontab in Vixie cron 3.0.1 and earlier does not properly drop ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0558 (T. Hauck Jana Webserver 2.01 beta 1 and earlier allows a remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0554 (Buffer overflow in BSD-based telnetd telnet daemon on various ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0553 (SSH Secure Shell 3.0.0 on Unix systems does not properly perform ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0550 (wu-ftpd 2.6.1 allows remote attackers to execute arbitrary commands ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0549 (Symantec LiveUpdate 1.5 stores proxy passwords in cleartext in a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0548 (Buffer overflow in dtmail in Solaris 2.6 and 7 allows local users to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0547 (Memory leak in the proxy service in Microsoft Internet Security and ...)
	NOT-FOR-US: Microsoft
CVE-2001-0546 (Memory leak in H.323 Gatekeeper Service in Microsoft Internet Security ...)
	NOT-FOR-US: Microsoft
CVE-2001-0545 (IIS 4.0 with URL redirection enabled allows remote attackers to cause ...)
	NOT-FOR-US: Microsoft
CVE-2001-0544 (IIS 5.0 allows local users to cause a denial of service (hang) via by ...)
	NOT-FOR-US: Microsoft
CVE-2001-0543 (Memory leak in NNTP service in Windows NT 4.0 and Windows 2000 allows ...)
	NOT-FOR-US: Microsoft
CVE-2001-0541 (Buffer overflow in Microsoft Windows Media Player 7.1 and earlier ...)
	NOT-FOR-US: Microsoft
CVE-2001-0540 (Memory leak in Terminal servers in Windows NT and Windows 2000 allows ...)
	NOT-FOR-US: Microsoft
CVE-2001-0538 (Microsoft Outlook View ActiveX Control in Microsoft Outlook 2002 and ...)
	NOT-FOR-US: Microsoft
CVE-2001-0537 (HTTP server for Cisco IOS 11.3 to 12.2 allows attackers to bypass ...)
	NOT-FOR-US: Cisco
CVE-2001-0533 (Buffer overflow in libi18n library in IBM AIX 5.1 and 4.3.x allows ...)
	NOT-FOR-US: AIX
CVE-2001-0530 (Spearhead NetGAP 200 and 300 before build 78 allow a remote attacker ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0529 (OpenSSH version 2.9 and earlier, with X forwarding enabled, allows a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0528 (Oracle E-Business Suite Release 11i Applications Desktop Integrator ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0527 (DCScripts DCForum versions 2000 and earlier allow a remote attacker to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0526 (Buffer overflow in the Xview library as used by mailtool in Solaris 8 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0525 (Buffer overflow in dsh in dqs 3.2.7 in SuSE Linux 7.0 and earlier, and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0522 (Format string vulnerability in Gnu Privacy Guard (aka GnuPG or gpg) ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0518 (Oracle listener before Oracle 9i allows attackers to cause a denial of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0517 (Oracle listener in Oracle 8i on Solaris allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0514 (SNMP service in Atmel 802.11b VNET-B Access Point 1.3 and earlier, as ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0513 (Oracle listener process on Windows NT redirects connection requests to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0508 (Vulnerability in IIS 5.0 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Microsoft
CVE-2001-0507 (IIS 5.0 uses relative paths to find system files that will run ...)
	NOT-FOR-US: Microsoft
CVE-2001-0506 (Buffer overflow in ssinc.dll in IIS 5.0 and 4.0 allows local users to ...)
	NOT-FOR-US: Microsoft
CVE-2001-0504 (Vulnerability in authentication process for SMTP service in Microsoft ...)
	NOT-FOR-US: Microsoft
CVE-2001-0503 (Microsoft NetMeeting 3.01 with Remote Desktop Sharing enabled allows ...)
	NOT-FOR-US: Microsoft
CVE-2001-0502 (Running Windows 2000 LDAP Server over SSL, a function does not ...)
	NOT-FOR-US: Microsoft
CVE-2001-0501 (Microsoft Word 2002 and earlier allows attackers to automatically ...)
	NOT-FOR-US: Microsoft
CVE-2001-0500 (Buffer overflow in ISAPI extension (idq.dll) in Index Server 2.0 and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0497 (dnskeygen in BIND 8.2.4 and earlier, and dnssec-keygen in BIND 9.1.2 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0495 (Directory traversal in DataWizard WebXQ server 1.204 allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0494 (Buffer overflow in IPSwitch IMail SMTP server 6.06 and possibly prior ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0493 (Small HTTP server 2.03 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0489 (Format string vulnerability in gftp prior to 2.0.8 allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0488 (pcltotiff in HP-UX 10.x has unnecessary set group id permissions, ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0487 (AIX SNMP server snmpd allows remote attackers to cause a denial of ...)
	NOT-FOR-US: AIX
CVE-2001-0486 (Remote attackers can cause a denial of service in Novell BorderManager ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0485 (Unknown vulnerability in netprint in IRIX 6.2, and possibly other ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0482 (Configuration error in Argus PitBull LX allows root users to bypass ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0481 (Vulnerability in rpmdrake in Mandrake Linux 8.0 related to insecure ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0475 (index.php in Jelsoft vBulletin does not properly initialize a PHP ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0474 (Utah-glx in Mesa before 3.3-14 on Mandrake Linux 7.2 allows local ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0473 (Format string vulnerability in Mutt before 1.2.5 allows a remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0469 (rwho daemon rwhod in FreeBSD 4.2 and earlier, and possibly other ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0467 (Directory traversal vulnerability in RobTex Viking Web server before ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0465 (TurboTax saves passwords in a temporary file when a user imports ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0463 (Directory traversal vulnerability in cal_make.pl in PerlCal allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0462 (Directory traversal vulnerability in Perl web server 0.3 and earlier ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0461 (template.cgi in Free On-Line Dictionary of Computing (FOLDOC) allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0457 (man2html before 1.5-22 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0456 (postinst installation script for Proftpd in Debian 2.2 does not ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0455 (Cisco Aironet 340 Series wireless bridge before 8.55 does not properly ...)
	NOT-FOR-US: Cisco
CVE-2001-0449 (Buffer overflow in WinZip 8.0 allows attackers to execute arbitrary ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0444 (Cisco CBOS 2.3.0.053 sends output of the &quot;sh nat&quot; (aka &quot;show nat&quot;) ...)
	NOT-FOR-US: Cisco
CVE-2001-0442 (Buffer overflow in Mercury MTA POP3 server for NetWare 1.48 and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0440 (Buffer overflow in logging functions of licq before 1.0.3 allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0439 (licq before 1.0.3 allows remote attackers to execute arbitrary ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0434 (The LogDataListToFile ActiveX function used in (1) Knowledge Center ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0430 (Vulnerability in exuberant-ctags before 3.2.4-0.1 insecurely creates ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0429 (Cisco Catalyst 5000 series switches 6.1(2) and earlier will forward an ...)
	NOT-FOR-US: Cisco
CVE-2001-0428 (Cisco VPN 3000 series concentrators before 2.5.2(F) allow remote ...)
	NOT-FOR-US: Cisco
CVE-2001-0427 (Cisco VPN 3000 series concentrators before 2.5.2(F) allow remote ...)
	NOT-FOR-US: Cisco
CVE-2001-0423 (Buffer overflow in ipcs in Solaris 7 x86 allows local users to execute ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0422 (Buffer overflow in Xsun in Solaris 8 and earlier allows local users to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0416 (sgml-tools (aka sgmltools) before 1.0.9-15 creates temporary files ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0414 (Buffer overflow in ntpd ntp daemon 4.0.99k and earlier (aka xntpd and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0413 (BinTec X4000 Access router, and possibly other versions, allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0412 (Cisco Content Services (CSS) switch products 11800 and earlier, aka ...)
	NOT-FOR-US: Cisco
CVE-2001-0409 (vim (aka gvim) allows local users to modify files being edited by ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0408 (vim (aka gvim) processes VIM control codes that are embedded in a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0407 (Directory traversal vulnerability in MySQL before 3.23.36 allows local ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0405 (ip_conntrack_ftp in the IPTables firewall for Linux 2.4 allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0402 (IPFilter 3.4.16 and earlier does not include sufficient session ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0394 (Remote manager service in Website Pro 3.0.37 allows remote attackers ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0388 (time server daemon timed allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0387 (Format string vulnerability in hfaxd in HylaFAX before 4.1.b2_2 allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0386 (AnalogX SimpleServer:WWW 1.08 allows remote attackers to cause a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0383 (banners.php in PHP-Nuke 4.4 and earlier allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0379 (Vulnerability in the newgrp program included with HP9000 servers ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0378 (readline prior to 4.1, in OpenBSD 2.8 and earlier, creates history ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0377 (Infradig Inframail prior to 3.98a allows a remote attacker to create a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0375 (Cisco PIX Firewall 515 and 520 with 5.1.4 OS running aaa ...)
	NOT-FOR-US: Cisco
CVE-2001-0373 (The default configuration of the Dr. Watson program in Windows NT and ...)
	NOT-FOR-US: Microsoft
CVE-2001-0371 (Race condition in the UFS and EXT2FS file systems in FreeBSD 4.2 and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0368 (Directory traversal vulnerability in BearShare 2.2.2 and earlier ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0366 (saposcol in SAP R/3 Web Application Server Demo before 1.5 trusts the ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0365 (Eudora before 5.1 allows a remote attacker to execute arbitrary code, ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0364 (SSH Communications Security sshd 2.4 for Windows allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0361 (Implementations of SSH version 1.5, including (1) OpenSSH up to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0353 (Buffer overflow in the line printer daemon (in.lpd) for Solaris 8 and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0351 (Microsoft Windows 2000 telnet service allows a local user to make a ...)
	NOT-FOR-US: Microsoft
CVE-2001-0348 (Microsoft Windows 2000 telnet service allows attackers to cause a ...)
	NOT-FOR-US: Microsoft
CVE-2001-0347 (Information disclosure vulnerability in Microsoft Windows 2000 telnet ...)
	NOT-FOR-US: Microsoft
CVE-2001-0346 (Handle leak in Microsoft Windows 2000 telnet service allows attackers ...)
	NOT-FOR-US: Microsoft
CVE-2001-0345 (Microsoft Windows 2000 telnet service allows attackers to prevent idle ...)
	NOT-FOR-US: Microsoft
CVE-2001-0344 (An SQL query method in Microsoft SQL Server 2000 Gold and 7.0 using ...)
	NOT-FOR-US: Microsoft
CVE-2001-0341 (Buffer overflow in Microsoft Visual Studio RAD Support sub-component ...)
	NOT-FOR-US: Microsoft
CVE-2001-0340 (An interaction between the Outlook Web Access (OWA) service in ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0339 (Internet Explorer 5.5 and earlier allows remote attackers to display a ...)
	NOT-FOR-US: Microsoft
CVE-2001-0338 (Internet Explorer 5.5 and earlier does not properly validate digital ...)
	NOT-FOR-US: Microsoft
CVE-2001-0336 (The Microsoft MS00-060 patch for IIS 5.0 and earlier introduces an ...)
	NOT-FOR-US: Microsoft
CVE-2001-0335 (FTP service in IIS 5.0 and earlier allows remote attackers to ...)
	NOT-FOR-US: Microsoft
CVE-2001-0334 (FTP service in IIS 5.0 and earlier allows remote attackers to cause a ...)
	NOT-FOR-US: Microsoft
CVE-2001-0333 (Directory traversal vulnerability in IIS 5.0 and earlier allows remote ...)
	NOT-FOR-US: Microsoft
CVE-2001-0331 (Buffer overflow in Embedded Support Partner (ESP) daemon (rpc.espd) in ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0330 (Bugzilla 2.10 allows remote attackers to access sensitive information, ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0327 (iPlanet Web Server Enterprise Edition 4.1 and earlier allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0326 (Oracle Java Virtual Machine (JVM ) for Oracle 8.1.7 and Oracle ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0321 (opendir.php script in PHP-Nuke allows remote attackers to read ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0319 (orderdspc.d2w macro in IBM Net.Commerce 3.x allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0318 (Format string vulnerability in ProFTPD 1.2.0rc2 may allow attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0317 (Race condition in ptrace in Linux kernel 2.4 and 2.2 allows local ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0316 (Linux kernel 2.4 and 2.2 allows local users to read kernel memory and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0311 (Vulnerability in OmniBackII A.03.50 in HP 11.x and earlier allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0310 (sort in FreeBSD 4.1.1 and earlier, and possibly other operating ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0309 (inetd in Red Hat 6.2 does not properly close sockets for internal ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0301 (Buffer overflow in Analog before 4.16 allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0299 (Buffer overflow in Voyager web administration server for Nokia IP440 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0295 (Directory traversal vulnerability in War FTP 1.67.04 allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0290 (Vulnerability in Mailman 2.0.1 and earlier allows list administrators ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0289 (Joe text editor 2.8 searches the current working directory (CWD) for ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0288 (Cisco switches and routers running IOS 12.1 and earlier produce ...)
	NOT-FOR-US: Cisco
CVE-2001-0287 (VERITAS Cluster Server (VCS) 1.3.0 on Solaris allows local users to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0284 (Buffer overflow in IPSEC authentication mechanism for OpenBSD 2.8 and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0280 (Buffer overflow in MERCUR SMTP server 3.30 allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0279 (Buffer overflow in sudo earlier than 1.6.3p6 allows local users to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0278 (Vulnerability in linkeditor in HP MPE/iX 6.5 and earlier allows local ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0276 (ext.dll in BadBlue 1.02.07 Personal Edition web server allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0274 (kicq IRC client 1.0.0, and possibly later versions, allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0269 (pam_ldap authentication module in Solaris 8 allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0268 (The i386_set_ldt system call in NetBSD 1.5 and earlier, and OpenBSD ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0267 (NM debug in HP MPE/iX 6.5 and earlier does not properly handle ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0266 (Vulnerability in Software Distributor SD-UX in HP-UX 11.0 and earlier ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0265 (ASCII Armor parser in Windows PGP 7.0.3 and earlier allows attackers ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0260 (Buffer overflow in Lotus Domino Mail Server 5.0.5 and earlier allows a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0259 (ssh-keygen in ssh 1.2.27 - 1.2.30 with Secure-RPC can allow local ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0252 (iPlanet (formerly Netscape) Enterprise Server 4.1 allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0245 (Microsoft Index Server 2.0 in Windows NT 4.0, and Indexing Service in ...)
	NOT-FOR-US: Microsoft
CVE-2001-0244 (Buffer overflow in Microsoft Index Server 2.0 allows remote attackers ...)
	NOT-FOR-US: Microsoft
CVE-2001-0243 (Windows Media Player 7 and earlier stores Internet shortcuts in a ...)
	NOT-FOR-US: Microsoft
CVE-2001-0241 (Buffer overflow in Internet Printing ISAPI extension in Windows 2000 ...)
	NOT-FOR-US: Microsoft
CVE-2001-0240 (Microsoft Word before Word 2002 allows attackers to automatically ...)
	NOT-FOR-US: Microsoft
CVE-2001-0239 (Microsoft Internet Security and Acceleration (ISA) Server 2000 Web ...)
	NOT-FOR-US: Microsoft
CVE-2001-0238 (Microsoft Data Access Component Internet Publishing Provider ...)
	NOT-FOR-US: Microsoft
CVE-2001-0237 (Memory leak in Microsoft 2000 domain controller allows remote ...)
	NOT-FOR-US: Microsoft
CVE-2001-0236 (Buffer overflow in Solaris snmpXdmid SNMP to DMI mapper daemon allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0235 (Vulnerability in crontab allows local users to read crontab files of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0234 (NewsDaemon before 0.21b allows remote attackers to execute arbitrary ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0233 (Buffer overflow in micq client 0.4.6 and earlier allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0230 (Buffer overflow in dc20ctrl before 0.4_1 in FreeBSD, and possibly ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0222 (webmin 0.84 and earlier allows local users to overwrite and create ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0221 (Buffer overflow in ja-xklock 2.7.1 and earlier allows local users to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0219 (Vulnerability in Support Tools Manager (xstm,cstm,stm) in HP-UX 11.11 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0218 (Format string vulnerability in mars_nwe 0.99.pl19 allows remote attackers to execute arbitrary commands. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0215 (ROADS search.pl program allows remote attackers to read arbitrary ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0207 (Buffer overflow in bing allows remote attackers to execute arbitrary ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0204 (Watchguard Firebox II allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0203 (Watchguard Firebox II firewall allows users with read-only access to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0197 (Format string vulnerability in print_client in icecast 1.3.8beta2 and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0196 (inetd ident server in FreeBSD 4.x and earlier does not properly set ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0195 (sash before 3.4-4 in Debian GNU/Linux does not properly clone ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0194 (Buffer overflow in httpGets function in CUPS 1.1.5 allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0193 (Format string vulnerability in man in some Linux distributions allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0191 (gnuserv before 3.12, as shipped with XEmacs, does not properly check ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0190 (Buffer overflow in /usr/bin/cu in Solaris 2.8 and earlier, and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0189 (Directory traversal vulnerability in LocalWEB2000 HTTP server allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0187 (Format string vulnerability in wu-ftp 2.6.1 and earlier, when running ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0185 (Netopia R9100 router version 4.6 allows authenticated users to cause a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0183 (ipfw and ip6fw in FreeBSD 4.2 and earlier allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0182 (FireWall-1 4.1 with a limited-IP license allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0179 (Allaire JRun 3.0 allows remote attackers to list contents of the ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0178 (kdesu program in KDE2 (KDE before 2.2.0-6) does not properly verify ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0176 (The setuid doroot program in Voyant Sonata 3.x executes arbitrary ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0175 (The caching module in Netscape Fasttrack Server 4.1 allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0174 (Buffer overflow in Trend Micro Virus Buster 2001 8.00 allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0170 (glibc 2.1.9x and earlier does not properly clear the RESOLV_HOST_CONF, ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0169 (When using the LD_PRELOAD environmental variable in SUID or SGID ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0166 (Macromedia Shockwave Flash plugin version 8 and earlier allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0165 (Buffer overflow in ximp40 shared library in Solaris 7 and Solaris 8 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0164 (Buffer overflow in Netscape Directory Server 4.12 and earlier allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0157 (Debugging utility in the backdoor mode of Palm OS 3.5.2 and earlier ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0156 (VShell SSH gateway 1.0.1 and earlier has a default port forwarding ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0155 (Format string vulnerability in VShell SSH gateway 1.0.1 and earlier ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0154 (HTML e-mail feature in Internet Explorer 5.5 and earlier allows ...)
	NOT-FOR-US: Microsoft
CVE-2001-0153 (Buffer overflow in VB-TSQL debugger object (vbsdicli.exe) in Visual ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0152 (The password protection option for the Compressed Folders feature in ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0151 (IIS 5.0 allows remote attackers to cause a denial of service via a ...)
	NOT-FOR-US: Microsoft
CVE-2001-0150 (Internet Explorer 5.5 and earlier executes Telnet sessions using ...)
	NOT-FOR-US: Microsoft
CVE-2001-0149 (Windows Scripting Host in Internet Explorer 5.5 and earlier allows ...)
	NOT-FOR-US: Microsoft
CVE-2001-0148 (The WMP ActiveX Control in Windows Media Player 7 allows remote ...)
	NOT-FOR-US: Microsoft
CVE-2001-0147 (Buffer overflow in Windows 2000 event viewer snap-in allows attackers ...)
	NOT-FOR-US: Microsoft
CVE-2001-0144 (CORE SDI SSH1 CRC-32 compensation attack detector allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0143 (vpop3d program in linuxconf 1.23r and earlier allows local users to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0142 (squid 2.3 and earlier allows local users to overwrite arbitrary files ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0141 (mgetty 1.1.22 allows local users to overwrite arbitrary files via a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0140 (arpwatch 2.1a4 allows local users to overwrite arbitrary files via a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0139 (inn 2.2.3 allows local users to overwrite arbitrary files via a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0138 (privatepw program in wu-ftpd before 2.6.1-6 allows local users to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0137 (Windows Media Player 7 allows remote attackers to execute malicious ...)
	NOT-FOR-US: Microsoft
CVE-2001-0136 (Memory leak in ProFTPd 1.2.0rc2 allows remote attackers to cause a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0130 (Buffer overflow in HTML parser of the Lotus R5 Domino Server before ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0129 (Buffer overflow in Tinyproxy HTTP proxy 1.3.3 and earlier allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0128 (Zope before 2.2.4 does not properly compute local roles, which could ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0126 (Oracle XSQL servlet 1.0.3.0 and earlier allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0125 (exmh 2.2 and earlier allows local users to overwrite arbitrary files ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0124 (Buffer overflow in exrecover in Solaris 2.6 and earlier possibly ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0123 (Directory traversal vulnerability in eXtropia bbs_forum.cgi 1.0 allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0122 (Kernel leak in AfpaCache module of the Fast Response Cache Accelerator ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0121 (ImageCast Control Center 4.1.0 allows remote attackers to cause a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0120 (useradd program in shadow-utils program may allow local users to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0119 (getty_ps 2.0.7j allows local users to overwrite arbitrary files via a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0118 (rdist 6.1.5 allows local users to overwrite arbitrary files via a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0117 (sdiff 2.7 in the diffutils package allows local users to overwrite ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0116 (gpm 1.19.3 allows local users to overwrite arbitrary files via a symlink ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0115 (Buffer overflow in arp command in Solaris 7 and earlier allows local users ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0111 (Format string vulnerability in splitvt before 1.6.5 allows local users ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0110 (Buffer overflow in jaZip Zip/Jaz drive manager allows local users to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0109 (rctab in SuSE 7.0 and earlier allows local users to create or overwrite ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0108 (PHP Apache module 4.0.4 and earlier allows remote attackers to bypass ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0106 (Vulnerability in inetd server in HP-UX 11.04 and earlier allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0105 (Vulnerability in top in HP-UX 11.04 and earlier allows local users to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0100 (bslist.cgi mailing list script allows remote attackers to execute ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0099 (bsguest.cgi guestbook script allows remote attackers to execute ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0096 (FrontPage Server Extensions (FPSE) in IIS 4.0 and 5.0 allows remote ...)
	NOT-FOR-US: Microsoft
CVE-2001-0095 (catman in Solaris 2.7 and 2.8 allows local users to overwrite ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0094 (Buffer overflow in kdc_reply_cipher of libkrb (Kerberos 4 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0092 (A function in Internet Explorer 5.0 through 5.5 does not properly ...)
	NOT-FOR-US: Microsoft
CVE-2001-0091 (The ActiveX control for invoking a scriptlet in Internet Explorer 5.0 ...)
	NOT-FOR-US: Microsoft
CVE-2001-0090 (The Print Templates feature in Internet Explorer 5.5 executes ...)
	NOT-FOR-US: Microsoft
CVE-2001-0089 (Internet Explorer 5.0 through 5.5 allows remote attackers to read ...)
	NOT-FOR-US: Microsoft
CVE-2001-0085 (Buffer overflow in Kermit communications software in HP-UX 11.0 and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0083 (Windows Media Unicast Service in Windows Media Services 4.0 and 4.1 ...)
	NOT-FOR-US: Microsoft
CVE-2001-0081 (swinit in nCipher does not properly disable the Operator Card Set ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0080 (Cisco Catalyst 6000, 5000, or 4000 switches allow remote attackers to ...)
	NOT-FOR-US: Cisco
CVE-2001-0078 (in.mond in Sun Cluster 2.x allows local users to read arbitrary files ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0077 (The clustmon service in Sun Cluster 2.x does not require ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0072 (gpg (aka GnuPG) 1.0.4 and other versions imports both public and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0071 (gpg (aka GnuPG) 1.0.4 and other versions does not properly verify detached ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0069 (dialog before 0.9a-20000118-3bis in Debian GNU/Linux allows local ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0066 (Secure Locate (slocate) allows local users to corrupt memory via a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0063 (procfs in FreeBSD and possibly other operating systems allows local ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0062 (procfs in FreeBSD and possibly other operating systems allows local ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0061 (procfs in FreeBSD and possibly other operating systems does not ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0060 (Format string vulnerability in stunnel 3.8 and earlier allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0059 (patchadd in Solaris allows local users to overwrite arbitrary files ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0058 (The Web interface to Cisco 600 routers running CBOS 2.4.1 and earlier ...)
	NOT-FOR-US: Cisco
CVE-2001-0057 (Cisco 600 routers running CBOS 2.4.1 and earlier allow remote ...)
	NOT-FOR-US: Cisco
CVE-2001-0056 (The Cisco Web Management interface in routers running CBOS 2.4.1 and ...)
	NOT-FOR-US: Cisco
CVE-2001-0055 (CBOS 2.4.1 and earlier in Cisco 600 routers allows remote attackers to ...)
	NOT-FOR-US: Cisco
CVE-2001-0054 (Directory traversal vulnerability in FTP Serv-U before 2.5i allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0053 (One-byte buffer overflow in replydirname function in BSD-based ftpd ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0050 (Buffer overflow in BitchX IRC client allows remote attackers to cause ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0043 (phpGroupWare before 0.9.7 allows remote attackers to execute arbitrary ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0042 (PHP 3.x (PHP3) on Apache 1.3.6 allows remote attackers to read ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0041 (Memory leak in Cisco Catalyst 4000, 5000, and 6000 series switches ...)
	NOT-FOR-US: Cisco
CVE-2001-0040 (APC UPS daemon, apcupsd, saves its process ID in a world-writable ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0039 (IPSwitch IMail 6.0.5 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0036 (KTH Kerberos IV allows local users to overwrite arbitrary files via a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0035 (Buffer overflow in the kdc_reply_cipher function in KTH Kerberos IV ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0034 (KTH Kerberos IV allows local users to specify an alternate proxy using ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0033 (KTH Kerberos IV allows local users to change the configuration of a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0028 (Buffer overflow in the HTML parsing code in oops WWW proxy server 1.5.2 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0026 (rp-pppoe PPPoE client allows remote attackers to cause a denial of service ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0021 (MailMan Webmail 3.0.25 and earlier allows remote attackers to execute ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0020 (Directory traversal vulnerability in Arrowpoint (aka Cisco Content ...)
	NOT-FOR-US: Cisco
CVE-2001-0018 (Windows 2000 domain controller in Windows 2000 Server, Advanced ...)
	NOT-FOR-US: Microsoft
CVE-2001-0017 (Memory leak in PPTP server in Windows NT 4.0 allows remote attackers ...)
	NOT-FOR-US: Microsoft
CVE-2001-0016 (NTLM Security Support Provider (NTLMSSP) service does not properly ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0015 (Network Dynamic Data Exchange (DDE) in Windows 2000 allows local users ...)
	NOT-FOR-US: Microsoft
CVE-2001-0014 (Remote Data Protocol (RDP) in Windows 2000 Terminal Service does not ...)
	NOT-FOR-US: Microsoft
CVE-2001-0013 (Format string vulnerability in nslookupComplain function in BIND 4 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0012 (BIND 4 and BIND 8 allow remote attackers to access sensitive ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0011 (Buffer overflow in nslookupComplain function in BIND 4 allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0010 (Buffer overflow in transaction signature (TSIG) handling code in BIND ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0009 (Directory traversal vulnerability in Lotus Domino 5.0.5 web server ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0008 (Backdoor account in Interbase database server allows remote attackers ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0007 (Buffer overflow in NetScreen Firewall WebUI allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0006 (The Winsock2ProtocolCatalogMutex mutex in Windows NT 4.0 has ...)
	NOT-FOR-US: Microsoft
CVE-2001-0005 (Buffer overflow in the parsing mechanism of the file loader in ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0004 (IIS 5.0 and 4.0 allows remote attackers to read the source code for ...)
	NOT-FOR-US: Microsoft
CVE-2001-0003 (Web Extender Client (WEC) in Microsoft Office 2000, Windows 2000, and ...)
	NOT-FOR-US: Microsoft
CVE-2001-0002 (Internet Explorer 5.5 and earlier allows remote attackers to obtain ...)
	NOT-FOR-US: Microsoft
CVE-2001-0001 (cookiedecode function in PHP-Nuke 4.4 allows users to bypass ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1212 (Zope 2.2.0 through 2.2.4 does not properly protect a data updating ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1211 (Zope 2.2.0 through 2.2.4 does not properly perform security ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1210 (Directory traversal vulnerability in source.jsp of Apache Tomcat ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1203 (Lotus Domino SMTP server 4.63 through 5.08 allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1200 (Windows NT allows remote attackers to list all users in a domain by ...)
	NOT-FOR-US: Microsoft
CVE-2000-1196 (PSCOErrPage.htm in Netscape PublishingXpert 2.5 before SP2 allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1195 (telnet daemon (telnetd) from the Linux netkit package before ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1193 (Performance Metrics Collector Daemon (PMCD) in Performance Copilot in ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1190 (imwheel-solo in imwheel package allows local users to modify arbitrary ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1189 (Buffer overflow in pam_localuser PAM module in Red Hat Linux 7.x and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1187 (Buffer overflow in the HTML parser for Netscape 4.75 and earlier allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1184 (telnetd in FreeBSD 4.2 and earlier, and possibly other operating ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1182 (WatchGuard Firebox II allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1181 (Real Networks RealServer 7 and earlier allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1180 (Buffer overflow in cmctl program in Oracle 8.1.5 Connection Manager Control ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1179 (Netopia ISDN Router 650-ST before 4.3.5 allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1178 (Joe text editor follows symbolic links when creating a rescue copy ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1174 (Multiple buffer overflows in AFS ACL parser for Ethereal 0.8.13 and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1171 (Directory traversal vulnerability in cgiforum.pl script in CGIForum 1.0 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1170 (Buffer overflow in Netsnap webcam HTTP server before 1.2.9 allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1169 (OpenSSH SSH client before 2.3.0 does not properly disable X11 or agent ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1167 (ppp utility in FreeBSD 4.1.1 and earlier does not properly restrict ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1166 (Twig webmail system does not properly set the &quot;vhosts&quot; variable if it ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1165 (Balabit syslog-ng allows remote attackers to cause a denial of service ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1164 (WinVNC installs the WinVNC3 registry key with permissions that give ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1163 (ghostscript before 5.10-16 uses an empty LD_RUN_PATH environmental ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1162 (ghostscript before 5.10-16 allows local users to overwrite files of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1149 (Buffer overflow in RegAPI.DLL used by Windows NT 4.0 Terminal Server ...)
	NOT-FOR-US: Microsoft
CVE-2000-1148 (The installation of VolanoChatPro chat server sets world-readable ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1146 (Recourse ManTrap 1.6 allows attackers to cause a denial of service via ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1145 (Recourse ManTrap 1.6 allows attackers who have gained root access to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1144 (Recourse ManTrap 1.6 sets up a chroot environment to hide the fact ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1143 (Recourse ManTrap 1.6 hides the first 4 processes that run on a Solaris ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1142 (Recourse ManTrap 1.6 generates an error when an attacker cd's to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1141 (Recourse ManTrap 1.6 modifies the kernel so that &quot;..&quot; does not appear ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1140 (Recourse ManTrap 1.6 does not properly hide processes from attackers, ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1139 (The installation of Microsoft Exchange 2000 before Rev. A creates a ...)
	NOT-FOR-US: Microsoft
CVE-2000-1137 (GNU ed before 0.2-18.1 allows local users to overwrite the files of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1136 (elvis-tiny before 1.4-10 in Debian GNU/Linux, and possibly other Linux ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1135 (fshd (fsh daemon) in Debian GNU/Linux allows local users to overwrite ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1132 (DCForum cgforum.cgi CGI script allows remote attackers to read ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1131 (Bill Kendrick web site guestbook (GBook) allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1124 (Buffer overflow in piobe command in IBM AIX 4.3.x allows local users ...)
	NOT-FOR-US: AIX
CVE-2000-1123 (Buffer overflow in pioout command in IBM AIX 4.3.x and earlier may ...)
	NOT-FOR-US: AIX
CVE-2000-1122 (Buffer overflow in setclock command in IBM AIX 4.3.x and earlier may ...)
	NOT-FOR-US: AIX
CVE-2000-1121 (Buffer overflow in enq command in IBM AIX 4.3.x and earlier may allow ...)
	NOT-FOR-US: AIX
CVE-2000-1120 (Buffer overflow in digest command in IBM AIX 4.3.x and earlier ...)
	NOT-FOR-US: AIX
CVE-2000-1119 (Buffer overflow in setsenv command in IBM AIX 4.3.x and earlier allows ...)
	NOT-FOR-US: AIX
CVE-2000-1115 (Buffer overflow in remote web administration component (webprox.dll) ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1113 (Buffer overflow in Microsoft Windows Media Player allows remote ...)
	NOT-FOR-US: Microsoft
CVE-2000-1112 (Microsoft Windows Media Player 7 executes scripts in custom skin ...)
	NOT-FOR-US: Microsoft
CVE-2000-1111 (Telnet Service for Windows 2000 Professional does not properly ...)
	NOT-FOR-US: Microsoft
CVE-2000-1109 (Midnight Commander (mc) 4.5.51 and earlier does not properly process ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1108 (cons.saver in Midnight Commander (mc) 4.5.42 and earlier does not ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1107 (in.identd ident server in SuSE Linux 6.x and 7.0 allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1106 (Trend Micro InterScan VirusWall creates an &quot;Intscan&quot; share to the ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1101 (Directory traversal vulnerability in Winsock FTPd (WFTPD) 3.00 and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1099 (Java Runtime Environment in Java Development Kit (JDK) 1.2.2_05 and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1097 (The web server for the SonicWALL SOHO firewall allows remote attackers ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1096 (crontab by Paul Vixie uses predictable file names for a temporary file ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1095 (modprobe in the modutils 2.3.x package on Linux systems allows a local ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1094 (Buffer overflow in AOL Instant Messenger (AIM) before 4.3.2229 allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1089 (Buffer overflow in Microsoft Phone Book Service allows local users to ...)
	NOT-FOR-US: Microsoft
CVE-2000-1080 (Quake 1 (quake1) and ProQuake 1.01 and earlier allow remote attackers ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1077 (Buffer overflow in the SHTML logging functionality of iPlanet Web ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1075 (Directory traversal vulnerability in iPlanet Certificate Management ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1074 (csstart program in iCal 2.1 Patch 2 uses relative pathnames to install ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1073 (csstart program in iCal 2.1 Patch 2 searches for the cshttpd program ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1072 (iCal 2.1 Patch 2 installs many files with world-writeable permissions, ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1071 (The GUI installation for iCal 2.1 Patch 2 disables access control for ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1070 (pollit.cgi in Poll It 2.01 and earlier uses data files that are ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1069 (pollit.cgi in Poll It 2.01 and earlier allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1068 (pollit.cgi in Poll It 2.0 allows remote attackers to execute arbitrary ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1061 (Microsoft Virtual Machine (VM) in Internet Explorer 4.x and 5.x allows ...)
	NOT-FOR-US: Microsoft
CVE-2000-1060 (The default configuration of XFCE 3.5.1 bypasses the Xauthority access ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1059 (The default configuration of the Xsession file in Mandrake Linux 7.1 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1058 (Buffer overflow in OverView5 CGI program in HP OpenView Network Node ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1057 (Vulnerabilities in database configuration scripts in HP OpenView ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1056 (CiscoSecure ACS Server 2.4(2) and earlier allows remote attackers to ...)
	NOT-FOR-US: Cisco
CVE-2000-1055 (Buffer overflow in CiscoSecure ACS Server 2.4(2) and earlier allows ...)
	NOT-FOR-US: Cisco
CVE-2000-1054 (Buffer overflow in CSAdmin module in CiscoSecure ACS Server 2.4(2) and ...)
	NOT-FOR-US: Cisco
CVE-2000-1051 (Directory traversal vulnerability in Allaire JRun 2.3 server allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1050 (Allaire JRun 3.0 http servlet server allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1049 (Allaire JRun 3.0 http servlet server allows remote attackers to cause ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1047 (Buffer overflow in SMTP service of Lotus Domino 5.0.4 and earlier ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1045 (nss_ldap earlier than 121, when run with nscd (name service caching ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1044 (Format string vulnerability in ypbind-mt in SuSE SuSE-6.2, and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1043 (Format string vulnerability in ypserv in Mandrake Linux 7.1 and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1042 (Buffer overflow in ypserv in Mandrake Linux 7.1 and earlier, and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1041 (Buffer overflow in ypbind 3.3 possibly allows an attacker to gain root ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1040 (Format string vulnerability in logging function of ypbind 3.3, while ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1038 (The web administration interface for IBM AS/400 Firewall allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1036 (Directory traversal vulnerability in Extent RBS ISP web server allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1034 (Buffer overflow in the System Monitor ActiveX control in Windows 2000 ...)
	NOT-FOR-US: Microsoft
CVE-2000-1032 (The client authentication interface for Check Point Firewall-1 4.0 and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1031 (Buffer overflow in dtterm in HP-UX 11.0 and HP Tru64 UNIX 4.0f through ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1027 (Cisco Secure PIX Firewall 5.2(2) allows remote attackers to determine ...)
	NOT-FOR-US: Cisco
CVE-2000-1026 (Multiple buffer overflows in LBNL tcpdump allow remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1024 (eWave ServletExec 3.0C and earlier does not restrict access to the ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1022 (The mailguard feature in Cisco Secure PIX Firewall 5.2(2) and earlier ...)
	NOT-FOR-US: Cisco
CVE-2000-1019 (Search engine in Ultraseek 3.1 and 3.1.10 (aka Inktomi Search) allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1018 (shred 1.0 file wiping utility does not properly open a file for ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1016 (The default configuration of Apache (httpd.conf) on SuSE 6.4 includes ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1014 (Format string vulnerability in the search97.cgi CGI script in SCO help ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1011 (Buffer overflow in catopen() function in FreeBSD 5.0 and earlier, and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1010 (Format string vulnerability in talkd in OpenBSD and possibly other ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1007 (I-gear 3.5.7 and earlier does not properly process log entries in ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1006 (Microsoft Exchange Server 5.5 does not properly handle a MIME header ...)
	NOT-FOR-US: Microsoft
CVE-2000-1005 (Directory traversal vulnerability in html_web_store.cgi and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1004 (Format string vulnerability in OpenBSD photurisd allows local users to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1003 (NETBIOS client in Windows 95 and Windows 98 allows a remote attacker ...)
	NOT-FOR-US: Microsoft
CVE-2000-1002 (POP3 daemon in Stalker CommuniGate Pro 3.3.2 generates different error ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1001 (add_2_basket.asp in Element InstantShop allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1000 (Format string vulnerability in AOL Instant Messenger (AIM) 4.1.2010 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0996 (Format string vulnerability in OpenBSD su program (and possibly other ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0995 (Format string vulnerability in OpenBSD yp_passwd program (and possibly ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0994 (Format string vulnerability in OpenBSD fstat program (and possibly ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0993 (Format string vulnerability in pw_error function in BSD libutil ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0992 (Directory traversal vulnerability in scp in sshd 1.2.xx allows a ...)
	{CVE-2004-0175}
	- openssh 1:3.9p1-1 (low; bug #270770)
	[sarge] - openssh <no-dsa> (Minor issue)
	NOTE: Rediscoved as CVE-2004-0175, see there.
CVE-2000-0991 (Buffer overflow in Hilgraeve, Inc. HyperTerminal client on Windows 98, ...)
	NOT-FOR-US: Microsoft
CVE-2000-0990 (cmd5checkpw 0.21 and earlier allows remote attackers to cause a denial ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0989 (Buffer overflow in Intel InBusiness eMail Station 1.04.87 POP service ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0984 (The HTTP server in Cisco IOS 12.0 through 12.1 allows local users to ...)
	NOT-FOR-US: Cisco
CVE-2000-0983 (Microsoft NetMeeting with Remote Desktop Sharing enabled allows remote ...)
	NOT-FOR-US: Microsoft
CVE-2000-0982 (Internet Explorer before 5.5 forwards cached user credentials for a ...)
	NOT-FOR-US: Microsoft
CVE-2000-0981 (MySQL Database Engine uses a weak authentication method which leaks ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0980 (NMPI (Name Management Protocol on IPX) listener in Microsoft NWLink ...)
	NOT-FOR-US: Microsoft
CVE-2000-0979 (File and Print Sharing service in Windows 95, Windows 98, and Windows ...)
	NOT-FOR-US: Microsoft
CVE-2000-0978 (bbd server in Big Brother System and Network Monitor before 1.5c2 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0977 (mailfile.cgi CGI program in MailFile 1.10 allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0976 (Buffer overflow in xlib in XFree 3.3.x possibly allows local users to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0975 (Directory traversal vulnerability in apexec.pl in Anaconda Foundation ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0974 (GnuPG (gpg) 1.0.3 does not properly check all signatures of a file ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0973 (Buffer overflow in curl earlier than 6.0-1.1, and curl-ssl earlier ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0972 (HP-UX 11.00 crontab allows local users to read arbitrary files via the ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0970 (IIS 4.0 and 5.0 .ASP pages send the same Session ID cookie for secure ...)
	NOT-FOR-US: Microsoft
CVE-2000-0969 (Format string vulnerability in Half Life dedicated server build 3104 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0968 (Buffer overflow in Half Life dedicated server before build 3104 allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0967 (PHP 3 and 4 do not properly cleanse user-injected format strings, ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0966 (Buffer overflows in lpspooler in the fileset PrinterMgmt.LP-SPOOL of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0965 (The NSAPI plugins for TGA and the Java Servlet proxy in HP-UX VVOS ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0964 (Buffer overflow in the web administration service for the HiNet LP5100 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0962 (The IPSEC implementation in OpenBSD 2.7 does not properly handle empty ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0961 (Buffer overflow in IMAP server in Netscape Messaging Server 4.15 Patch ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0960 (The POP3 server in Netscape Messaging Server 4.15p1 generates ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0959 (glibc2 does not properly clear the LD_DEBUG_OUTPUT and LD_DEBUG ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0958 (HotJava Browser 3.0 allows remote attackers to access the DOM of a web ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0957 (The pluggable authentication module for mysql (pam_mysql) before 0.4.7 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0956 (cyrus-sasl before 1.5.24 in Red Hat Linux 7.0 does not properly verify ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0953 (Shambala Server 4.5 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0952 (global.cgi CGI program in Global 3.55 and earlier on NetBSD allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0951 (A misconfiguration in IIS 5.0 with Index Server enabled and the Index ...)
	NOT-FOR-US: Microsoft
CVE-2000-0949 (Heap overflow in savestr function in LBNL traceroute 1.4a5 and earlier ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0948 (GnoRPM before 0.95 allows local users to modify arbitrary files via a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0947 (Format string vulnerability in cfd daemon in GNU CFEngine before ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0946 (Compaq Easy Access Keyboard software 1.3 does not properly disable ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0945 (The web configuration interface for Catalyst 3500 XL switches allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0944 (CGI Script Center News Update 1.1 does not properly validate the ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0943 (Buffer overflow in bftp daemon (bftpd) 1.0.11 allows remote attackers ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0942 (The CiWebHitsFile component in Microsoft Indexing Services for Windows ...)
	NOT-FOR-US: Microsoft
CVE-2000-0941 (Kootenay Web KW Whois 1.0 CGI program allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0938 (Samba Web Administration Tool (SWAT) in Samba 2.0.7 supplies a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0937 (Samba Web Administration Tool (SWAT) in Samba 2.0.7 does not log login ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0936 (Samba Web Administration Tool (SWAT) in Samba 2.0.7 installs the ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0935 (Samba Web Administration Tool (SWAT) in Samba 2.0.7 allows local users ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0934 (Glint in Red Hat Linux 5.2 allows local users to overwrite arbitrary ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0933 (The Input Method Editor (IME) in the Simplified Chinese version of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0932 (MAILsweeper for SMTP 3.x does not properly handle corrupt CDA ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0930 (Pegasus Mail 3.12 allows remote attackers to read arbitrary files via ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0929 (Microsoft Windows Media Player 7 allows attackers to cause a denial of ...)
	NOT-FOR-US: Microsoft
CVE-2000-0928 (WQuinn QuotaAdvisor 4.1 allows users to list directories and files by ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0927 (WQuinn QuotaAdvisor 4.1 does not properly record file sizes if they ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0926 (SmartWin CyberOffice Shopping Cart 2 (aka CyberShop) allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0925 (The default installation of SmartWin CyberOffice Shopping Cart 2 (aka ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0924 (Directory traversal vulnerability in search.cgi CGI script in Armada ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0923 (authenticate.cgi CGI program in Aplio PRO allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0922 (Directory traversal vulnerability in Bytes Interactive Web Shopper ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0921 (Directory traversal vulnerability in Hassan Consulting shop.cgi ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0920 (Directory traversal vulnerability in BOA web server 0.94.8.2 and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0919 (Directory traversal vulnerability in PHPix Photo Album 1.0.2 and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0917 (Format string vulnerability in use_syslog() function in LPRng 3.6.24 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0915 (fingerd in FreeBSD 4.1.1 allows remote attackers to read arbitrary ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0914 (OpenBSD 2.6 and earlier allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0913 (mod_rewrite in Apache 1.3.12 and earlier allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0912 (MultiHTML CGI script allows remote attackers to read arbitrary files ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0911 (IMP 2.2 and earlier allows attackers to read and delete arbitrary ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0910 (Horde library 1.02 allows attackers to execute arbitrary commands via ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0909 (Buffer overflow in the automatic mail checking component of Pine 4.21 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0908 (BrowseGate 2.80 allows remote attackers to cause a denial of service ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0901 (Format string vulnerability in screen 3.9.5 and earlier allows local ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0900 (Directory traversal vulnerability in ssi CGI program in thttpd 2.19 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0897 (Small HTTP Server 2.03 and earlier allows remote attackers to cause a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0896 (WatchGuard SOHO firewall allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0895 (Buffer overflow in HTTP server on the WatchGuard SOHO firewall allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0894 (HTTP server on the WatchGuard SOHO firewall does not properly restrict ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0892 (Some telnet clients allow remote telnet servers to request environment ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0891 (A default ECL in Lotus Notes before 5.02 allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0890 (periodic in FreeBSD 4.1.1 and earlier, and possibly other operating ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0888 (named in BIND 8.2 through 8.2.2-P6 allows remote attackers to cause a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0887 (named in BIND 8.2 through 8.2.2-P6 allows remote attackers to cause a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0886 (IIS 5.0 allows remote attackers to execute arbitrary commands via a ...)
	NOT-FOR-US: Microsoft
CVE-2000-0884 (IIS 4.0 and 5.0 allows remote attackers to read documents outside of ...)
	NOT-FOR-US: Microsoft
CVE-2000-0883 (The default configuration of mod_perl for Apache as installed on ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0878 (The mailto CGI script allows remote attacker to execute arbitrary ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0877 (mailform.pl CGI script in MailForm 2.0 allows remote attackers to read ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0876 (WFTPD and WFTPD Pro 2.41 RC12 allows remote attackers to obtain the  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0875 (WFTPD and WFTPD Pro 2.41 RC12 allows remote attackers to cause a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0874 (Eudora mail client includes the absolute path of the sender's host ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0873 (netstat in AIX 4.x.x does not properly restrict access to the -Zi ...)
	NOT-FOR-US: AIX
CVE-2000-0871 (Buffer overflow in EFTP allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0870 (Buffer overflow in EFTP allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0869 (The default configuration of Apache 1.3.12 in SuSE Linux 6.4 enables ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0868 (The default configuration of Apache 1.3.12 in SuSE Linux 6.4 allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0867 (Kernel logging daemon (klogd) in Linux does not properly cleanse ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0865 (Buffer overflow in dvtermtype in Tridia Double Vision 3.07.00 allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0864 (Race condition in the creation of a Unix domain socket in GNOME esound ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0863 (Buffer overflow in listmanager earlier than 2.105.1 allows local users ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0862 (Vulnerability in an administrative interface utility for Allaire ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0861 (Mailman 1.1 allows list administrators to execute arbitrary commands ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0860 (The file upload capability in PHP versions 3 and 4 allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0859 (The web configuration server for NTMail V5 and V6 allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0858 (Vulnerability in Microsoft Windows NT 4.0 allows remote attackers to ...)
	NOT-FOR-US: Microsoft
CVE-2000-0856 (Buffer overflow in SunFTP build 9(1) allows remote attackers to cause ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0854 (When a Microsoft Office 2000 document is launched, the directory of ...)
	NOT-FOR-US: Microsoft
CVE-2000-0853 (YaBB Bulletin Board 9.1.2000 allows remote attackers to read arbitrary ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0852 (Multiple buffer overflows in eject on FreeBSD and possibly other OSes ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0851 (Buffer overflow in the Still Image Service in Windows 2000 allows local ...)
	NOT-FOR-US: Microsoft
CVE-2000-0850 (Netegrity SiteMinder before 4.11 allows remote attackers to bypass ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0849 (Race condition in Microsoft Windows Media server allows remote attackers ...)
	NOT-FOR-US: Microsoft
CVE-2000-0848 (Buffer overflow in IBM WebSphere web application server (WAS) allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0847 (Buffer overflow in University of Washington c-client library (used by ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0846 (Buffer overflow in Darxite 0.4 and earlier allows a remote attacker to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0844 (Some functions that implement the locale subsystem on Unix do not  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0839 (WinCOM LPD 1.00.90 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0838 (Fastream FUR HTTP server 1.0b allows remote attackers to cause a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0837 (FTP Serv-U 2.5e allows remote attackers to cause a denial of service ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0834 (The Windows 2000 telnet client attempts to perform NTLM authentication ...)
	NOT-FOR-US: Microsoft
CVE-2000-0830 (annclist.exe in webTV for Windows allows remote attackers to cause a ...)
	NOT-FOR-US: Microsoft
CVE-2000-0829 (The tmpwatch utility in Red Hat Linux forks a new process for each ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0825 (Ipswitch Imail 6.0 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0824 (The unsetenv function in glibc 2.1.1 does not properly unset an ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0818 (The default installation for the Oracle listener program 7.3.4, 8.0.6, ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0816 (Linux tmpwatch --fuser option allows local users to execute arbitrary ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0813 (Check Point VPN-1/FireWall-1 4.1 and earlier allows remote attackers ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0811 (Auction Weaver 1.0 through 1.04 allows remote attackers to read ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0810 (Auction Weaver 1.0 through 1.04 does not properly validate the names ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0809 (Buffer overflow in Getkey in the protocol checker in the inter-module ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0808 (The seed generation mechanism in the inter-module S/Key authentication ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0807 (The OPSEC communications authentication mechanism (fwn1) in Check ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0806 (The inter-module authentication mechanism (fwa1) in Check Point ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0805 (Check Point VPN-1/FireWall-1 4.1 and earlier improperly retransmits ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0804 (Check Point VPN-1/FireWall-1 4.1 and earlier allows remote attackers ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0803 (GNU Groff uses the current working directory to find a device ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0799 (inpview in InPerson in SGI IRIX 5.3 through IRIX 6.5.10 allows local ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0797 (Buffer overflow in gr_osview in IRIX 6.2 and 6.3 allows local users to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0796 (Buffer overflow in dmplay in IRIX 6.2 and 6.3 allows local users to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0795 (Buffer overflow in lpstat in IRIX 6.2 and 6.3 allows local users to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0792 (Gnome Lokkit firewall package before 0.41 does not properly restrict ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0790 (The web-based folder display capability in Microsoft Internet Explorer ...)
	NOT-FOR-US: Microsoft
CVE-2000-0788 (The Mail Merge tool in Microsoft Word does not prompt the user before ...)
	NOT-FOR-US: Microsoft
CVE-2000-0787 (IRC Xchat client versions 1.4.2 and earlier allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0786 (GNU userv 1.0.0 and earlier does not properly perform file descriptor ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0783 (Watchguard Firebox II allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0782 (netauth.cgi program in Netwin Netauth 4.2e and earlier allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0781 (uagentsetup in ARCServeIT Client Agent 6.62 does not properly check ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0780 (The web server in IPSWITCH IMail 6.04 and earlier allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0779 (Checkpoint Firewall-1 with the RSH/REXEC setting enabled allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0778 (IIS 5.0 allows remote attackers to obtain source code for .ASP files ...)
	NOT-FOR-US: Microsoft
CVE-2000-0777 (The password protection feature of Microsoft Money can store the ...)
	NOT-FOR-US: Microsoft
CVE-2000-0776 (Mediahouse Statistics Server 5.02x allows remote attackers to execute ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0773 (Bajie HTTP web server 0.30a allows remote attackers to read arbitrary ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0771 (Microsoft Windows 2000 allows local users to cause a denial of service ...)
	NOT-FOR-US: Microsoft
CVE-2000-0770 (IIS 4.0 and 5.0 does not properly restrict access to certain types of ...)
	NOT-FOR-US: Microsoft
CVE-2000-0768 (A function in Internet Explorer 4.x and 5.x does not properly verify ...)
	NOT-FOR-US: Microsoft
CVE-2000-0767 (The ActiveX control for invoking a scriptlet in Internet Explorer 4.x ...)
	NOT-FOR-US: Microsoft
CVE-2000-0766 (Buffer overflow in vqSoft vqServer 1.4.49 allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0765 (Buffer overflow in the HTML interpreter in Microsoft Office 2000 ...)
	NOT-FOR-US: Microsoft
CVE-2000-0764 (Intel Express 500 series switches allow a remote attacker to cause a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0763 (xlockmore and xlockf do not properly cleanse user-injected format ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0762 (The default installation of eTrust Access Control (formerly SeOS) uses ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0761 (OS2/Warp 4.5 FTP server allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0758 (The web interface for Lyris List Manager 3 and 4 allows list ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0754 (Vulnerability in HP OpenView Network Node Manager (NMM) version 6.1 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0753 (The Microsoft Outlook mail client identifies the physical path of the ...)
	NOT-FOR-US: Microsoft
CVE-2000-0751 (mopd (Maintenance Operations Protocol loader daemon) does not properly ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0750 (Buffer overflow in mopd (Maintenance Operations Protocol loader ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0749 (Buffer overflow in the Linux binary compatibility module in FreeBSD ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0747 (The logrotate script for OpenLDAP before 1.2.11 in Conectiva ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0745 (admin.php3 in PHP-Nuke does not properly verify the PHP-Nuke ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0744 (DEPRECATED.  This entry has been deprecated.  It is a duplicate of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0743 (Buffer overflow in University of Minnesota (UMN) gopherd 2.x allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0742 (The IPX protocol implementation in Microsoft Windows 95 and 98 allows ...)
	NOT-FOR-US: Microsoft
CVE-2000-0741 (Format string vulnerability in strong.exe program in NAI Net Tools PKI ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0740 (Buffer overflow in strong.exe program in NAI Net Tools PKI server 1.0 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0739 (Directory traversal vulnerability in strong.exe program in NAI Net ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0738 (WebShield SMTP 4.5 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0737 (The Service Control Manager (SCM) in Windows 2000 creates predictable ...)
	NOT-FOR-US: Microsoft
CVE-2000-0733 (Telnetd telnet server in IRIX 5.2 through 6.1 does not properly cleans ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0732 (Worm HTTP server allows remote attackers to cause a denial of service ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0731 (Directory traversal vulnerability in Worm HTTP server allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0730 (Vulnerability in newgrp command in HP-UX 11.0 allows local users to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0729 (FreeBSD 5.x, 4.x, and 3.x allows local users to cause a denial of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0728 (xpdf PDF viewer client earlier than 0.91 allows local users to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0727 (xpdf PDF viewer client earlier than 0.91 does not properly launch a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0726 (CGIMail.exe CGI program in Stalkerlab Mailers 1.1.2 allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0725 (Zope before 2.2.1 does not properly restrict access to the getRoles ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0720 (news.cgi in GWScripts News Publisher does not properly authenticate ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0718 (A race condition in MandrakeUpdate allows local users to modify RPM ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0717 (GoodTech FTP server allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0716 (WorldClient email client in MDaemon 2.8 includes the session ID in the ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0712 (Linux Intrusion Detection System (LIDS) 0.9.7 allows local users to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0711 (Netscape Communicator does not properly prevent a ServerSocket object ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0708 (Buffer overflow in Pragma Systems TelnetServer 2000 version 4.0 allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0707 (PCCS MySQLDatabase Admin Tool Manager 1.2.4 and earlier installs the ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0706 (Buffer overflows in ntop running in web mode allows remote attackers ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0705 (ntop running in web mode allows remote attackers to read arbitrary ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0703 (suidperl (aka sperl) does not properly cleanse the escape sequence ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0702 (The net.init rc script in HP-UX 11.00 (S008net.init) allows local ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0700 (Cisco Gigabit Switch Routers (GSR) with Fast Ethernet / Gigabit ...)
	NOT-FOR-US: Cisco
CVE-2000-0699 (Format string vulnerability in ftpd in HP-UX 10.20 allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0698 (Minicom 1.82.1 and earlier on some Linux systems allows local users to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0694 (pgxconfig in the Raptor GFX configuration tool allows local users to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0693 (pgxconfig in the Raptor GFX configuration tool uses a relative path ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0685 (BEA WebLogic 5.1.x does not properly restrict access to the ...)
	NOT-FOR-US: BEA WebLogic
CVE-2000-0684 (BEA WebLogic 5.1.x does not properly restrict access to the ...)
	NOT-FOR-US: BEA WebLogic
CVE-2000-0683 (BEA WebLogic 5.1.x allows remote attackers to read source code for ...)
	NOT-FOR-US: BEA WebLogic
CVE-2000-0682 (BEA WebLogic 5.1.x allows remote attackers to read source code for ...)
	NOT-FOR-US: BEA WebLogic
CVE-2000-0681 (Buffer overflow in BEA WebLogic server proxy plugin allows remote ...)
	NOT-FOR-US: BEA WebLogic
CVE-2000-0679 (The CVS 1.10.8 client trusts pathnames that are provided by the CVS ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0678 (PGP 5.5.x through 6.5.3 does not properly check if an Additional ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0677 (Buffer overflow in IBM Net.Data db2www CGI program allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0676 (Netscape Communicator and Navigator 4.04 through 4.74 allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0675 (Buffer overflow in Infopulse Gatekeeper 3.5 and earlier allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0674 (ftp.pl CGI program for Virtual Visions FTP browser allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0673 (The NetBIOS Name Server (NBNS) protocol does not perform ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0672 (The default configuration of Jakarta Tomcat does not restrict access ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0671 (Roxen web server earlier than 2.0.69 allows allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0670 (The cvsweb CGI script in CVSWeb 1.80 allows remote attackers with ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0669 (Novell NetWare 5.0 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0668 (pam_console PAM module in Linux systems allows a user to access the ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0666 (rpc.statd in the nfs-utils package in various Linux distributions does ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0665 (GAMSoft TelSrv telnet server 1.5 and earlier allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0664 (AnalogX SimpleServer:WWW 1.06 and earlier allows remote attackers to read ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0663 (The registry entry for the Windows Shell executable (Explorer.exe) in ...)
	NOT-FOR-US: Microsoft
CVE-2000-0662 (Internet Explorer 5.x and Microsoft Outlook allows remote attackers to ...)
	NOT-FOR-US: Microsoft
CVE-2000-0661 (WircSrv IRC Server 5.07s allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0660 (The WDaemon web server for WorldClient 2.1 allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0655 (Netscape Communicator 4.73 and earlier allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0654 (Microsoft Enterprise Manager allows local users to obtain database ...)
	NOT-FOR-US: Microsoft
CVE-2000-0652 (IBM WebSphere allows remote attackers to read source code for ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0651 (The ClientTrust program in Novell BorderManager does not properly ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0650 (The default installation of VirusScan 4.5 and NetShield 4.5 has ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0644 (WFTPD and WFTPD Pro 2.41 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0643 (Buffer overflow in WebActive HTTP Server 1.00 allows remote attackers ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0642 (The default configuration of WebActive HTTP Server 1.00 stores the web ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0641 (Savant web server allows remote attackers to execute arbitrary ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0640 (Guild FTPd allows remote attackers to determine the existence of files ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0639 (The default configuration of Big Brother 1.4h2 and earlier does not ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0638 (bb-hostsvc.sh in Big Brother 1.4h1 and earlier allows remote attackers ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0637 (Microsoft Excel 97 and 2000 allows an attacker to execute arbitrary ...)
	NOT-FOR-US: Microsoft
CVE-2000-0636 (HP JetDirect printers versions G.08.20 and H.08.20 and earlier allow ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0635 (The view_page.html sample page in the MiniVend shopping cart program ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0634 (The web administration interface for CommuniGate Pro 3.2.5 and earlier ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0633 (Vulnerability in Mandrake Linux usermode package allows local users to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0632 (Buffer overflow in the web archive component of L-Soft Listserv 1.8d ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0631 (An administrative script from IIS 3.0, later included in IIS 4.0 and ...)
	NOT-FOR-US: Microsoft
CVE-2000-0630 (IIS 4.0 and 5.0 allows remote attackers to obtain fragments of source ...)
	NOT-FOR-US: Microsoft
CVE-2000-0628 (The source.asp example script in the Apache ASP module Apache::ASP ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0627 (BlackBoard CourseInfo 4.0 does not properly authenticate users, which ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0624 (Buffer overflow in Winamp 2.64 and earlier allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0622 (Buffer overflow in Webfind CGI program in O'Reilly WebSite ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0621 (Microsoft Outlook 98 and 2000, and Outlook Express 4.0x and 5.0x, ...)
	NOT-FOR-US: Microsoft
CVE-2000-0620 (libX11 X library allows remote attackers to cause a denial of service ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0619 (Top Layer AppSwitch 2500 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0616 (Vulnerability in HP TurboIMAGE DBUTIL allows local users to gain ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0615 (LPRng 3.6.x improperly installs lpd as setuid root, which can allow ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0613 (Cisco Secure PIX Firewall does not properly identify forged TCP Reset ...)
	NOT-FOR-US: Cisco
CVE-2000-0611 (The default configuration of NetWin dMailWeb and cwMail trusts all POP ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0610 (NetWin dMailWeb and cwMail 2.6g and earlier allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0604 (gkermit in Red Hat Linux is improperly installed with setgid uucp, ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0603 (Microsoft SQL Server 7.0 allows a local user to bypass permissions for ...)
	NOT-FOR-US: Microsoft
CVE-2000-0602 (Secure Locate (slocate) in Red Hat Linux allows local users to gain ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0601 (LeafChat 1.7 IRC client allows a remote IRC server to cause a denial ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0600 (Netscape Enterprise Server in NetWare 5.1 allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0599 (Buffer overflow in iMesh 1.02 allows remote attackers to execute ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0598 (Fortech Proxy+ allows remote attackers to bypass access restrictions ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0597 (Microsoft Office 2000 (Excel and PowerPoint) and PowerPoint 97 are ...)
	NOT-FOR-US: Microsoft
CVE-2000-0596 (Internet Explorer 5.x does not warn a user before opening a Microsoft ...)
	NOT-FOR-US: Microsoft
CVE-2000-0595 (libedit searches for the .editrc file in the current directory instead ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0594 (BitchX IRC client does not properly cleanse an untrusted format ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0593 (WinProxy 2.0 and 2.0.1 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0591 (Novell BorderManager 3.0 and 3.5 allows remote attackers to bypass URL ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0590 (Poll It 2.0 CGI script allows remote attackers to read arbitrary files ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0588 (SawMill 5.0.21 CGI program allows remote attackers to read the first ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0587 (The privpath directive in glftpd 1.18 allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0586 (Buffer overflow in Dalnet IRC server 4.6.5 allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0585 (ISC DHCP client program dhclient allows remote attackers to execute ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0584 (Buffer overflow in Canna input system allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0583 (vchkpw program in vpopmail before version 4.8 does not properly cleanse ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0582 (Check Point FireWall-1 4.0 and 4.1 allows remote attackers to cause a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0581 (Windows 2000 Telnet Server allows remote attackers to cause a denial ...)
	NOT-FOR-US: Microsoft
CVE-2000-0579 (IRIX crontab creates temporary files with predictable file names and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0577 (Netscape Professional Services FTP Server 1.3.6 allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0576 (Oracle Web Listener for AIX versions 4.0.7.0.0 and 4.0.8.1.0 allows ...)
	NOT-FOR-US: AIX
CVE-2000-0575 (SSH 1.2.27 with Kerberos authentication support stores Kerberos ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0573 (The lreply function in wu-ftpd 2.6.0 and earlier does not properly ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0571 (LocalWEB HTTP server 1.2.0 allows remote attackers to cause a denial ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0570 (FirstClass Internet Services server 5.770, and other versions before ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0569 (Sybergen Sygate allows remote attackers to cause a denial of service ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0568 (Sybergen Secure Desktop 2.1 does not properly protect against false ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0567 (Buffer overflow in Microsoft Outlook and Outlook Express allows remote ...)
	NOT-FOR-US: Microsoft
CVE-2000-0566 (makewhatis in Linux man package allows local users to overwrite files ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0565 (SmartFTP Daemon 0.2 allows a local user to access arbitrary files by ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0561 (Buffer overflow in WebBBS 1.15 allows remote attackers to execute ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0558 (Buffer overflow in HP Openview Network Node Manager 6.1 allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0557 (Buffer overflow in the web interface for Cmail 2.4.7 allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0556 (Buffer overflow in the web interface for Cmail 2.4.7 allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0555 (Ceilidh allows remote attackers to cause a denial of service via a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0553 (Race condition in IPFilter firewall 3.4.3 and earlier, when configured ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0552 (ICQwebmail client for ICQ 2000A creates a world readable temporary ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0551 (The file transfer mechanism in Danware NetOp 6.0 does not provide ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0550 (Kerberos 4 KDC program improperly frees memory twice (aka ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0549 (Kerberos 4 KDC program does not properly check for null termination of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0548 (Buffer overflow in Kerberos 4 KDC program allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0542 (Tigris remote access server before 11.5.4.22 does not properly record ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0541 (The Panda Antivirus console on port 2001 allows local users to execute ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0540 (JSP sample files in Allaire JRun 2.3.x allow remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0539 (Servlet examples in Allaire JRun 2.3.x allow remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0538 (ColdFusion Administrator for ColdFusion 4.5.1 and earlier allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0537 (BRU backup software allows local users to append data to arbitrary ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0536 (xinetd 2.1.8.x does not properly restrict connections if hostnames are ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0534 (The apsfilter software in the FreeBSD ports package does not properly ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0533 (Vulnerability in cvconnect in SGI IRIX WorkShop allows local users to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0532 (A FreeBSD patch for SSH on 2000-01-14 configures ssh to listen on port ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0530 (The KApplication class in the KDE 1.1.2 configuration file management ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0529 (Net Tools PKI Server allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0528 (Net Tools PKI Server does not properly restrict access to remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0525 (OpenSSH does not properly drop privileges when the UseLogin option is ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0523 (Buffer overflow in the logging feature of EServ 2.9.2 and earlier ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0522 (RSA ACE/Server allows remote attackers to cause a denial of service by ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0521 (Savant web server allows remote attackers to read source code of CGI ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0519 (Internet Explorer 4.x and 5.x does not properly re-validate an SSL ...)
	NOT-FOR-US: Microsoft
CVE-2000-0518 (Internet Explorer 4.x and 5.x does not properly verify all contents of ...)
	NOT-FOR-US: Microsoft
CVE-2000-0517 (Netscape 4.73 and earlier does not properly warn users about a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0516 (When configured to store configuration information in an LDAP ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0515 (The snmpd.conf configuration file for the SNMP daemon (snmpd) in HP-UX ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0514 (GSSFTP FTP daemon in Kerberos 5 1.1.x does not properly restrict ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0513 (CUPS (Common Unix Printing System) 1.04 and earlier allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0512 (CUPS (Common Unix Printing System) 1.04 and earlier does not properly ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0511 (CUPS (Common Unix Printing System) 1.04 and earlier allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0510 (CUPS (Common Unix Printing System) 1.04 and earlier allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0508 (rpc.lockd in Red Hat Linux 6.1 and 6.2 allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0507 (Imate Webmail Server 2.5 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0506 (The &quot;capabilities&quot; feature in Linux before 2.2.16 allows local users ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0505 (The Apache 1.3.x HTTP server for Windows platforms allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0504 (libICE in XFree86 allows remote attackers to cause a denial of service ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0502 (Mcafee VirusScan 4.03 does not properly restrict access to the alert ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0501 (Race condition in MDaemon 2.8.5.0 POP server allows local users to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0500 (The default configuration of BEA WebLogic 5.1.0 allows a remote ...)
	NOT-FOR-US: BEA WebLogic
CVE-2000-0499 (The default configuration of BEA WebLogic 3.1.8 through 4.5.1 allows a ...)
	NOT-FOR-US: BEA WebLogic
CVE-2000-0498 (Unify eWave ServletExec allows a remote attacker to view source code ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0497 (IBM WebSphere server 3.0.2 allows a remote attacker to view source ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0495 (Microsoft Windows Media Encoder allows remote attackers to cause a ...)
	NOT-FOR-US: Microsoft
CVE-2000-0494 (Veritas Volume Manager creates a world writable .server_pids file, ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0493 (Buffer overflow in Simple Network Time Sync (SMTS) daemon allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0490 (Buffer overflow in the NetWin DSMTP 2.7q in the NetWin dmail package ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0489 (FreeBSD, NetBSD, and OpenBSD allow an attacker to cause a denial of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0488 (Buffer overflow in ITHouse mail server 1.04 allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0486 (Buffer overflow in Cisco TACACS+ tac_plus server allows remote ...)
	NOT-FOR-US: Cisco
CVE-2000-0485 (Microsoft SQL Server allows local users to obtain database passwords ...)
	NOT-FOR-US: Microsoft
CVE-2000-0484 (Buffer overflow in Small HTTP Server allows remote attackers to cause ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0483 (The DocumentTemplate package in Zope 2.2 and earlier allows a remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0482 (Check Point Firewall-1 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0481 (Buffer overflow in KDE Kmail allows a remote attacker to cause a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0478 (In some cases, Norton Antivirus for Exchange (NavExchange) enters a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0477 (Buffer overflow in Norton Antivirus for Exchange (NavExchange) allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0475 (Windows 2000 allows a local user process to access another user's ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0474 (Real Networks RealServer 7.x allows remote attackers to cause a denial ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0472 (Buffer overflow in innd 2.2.2 allows remote attackers to execute ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0471 (Buffer overflow in ufsrestore in Solaris 8 and earlier allows local ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0470 (Allegro RomPager HTTP server allows remote attackers to cause a denial ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0469 (Selena Sol WebBanner 4.0 allows remote attackers to read arbitrary ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0468 (man in HP-UX 10.20 and 11 allows local attackers to overwrite files ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0467 (Buffer overflow in Linux splitvt 1.6.3 and earlier allows local users ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0466 (AIX cdmount allows local users to gain root privileges via shell ...)
	NOT-FOR-US: AIX
CVE-2000-0465 (Internet Explorer 4.x and 5.x does properly verify the domain of a ...)
	NOT-FOR-US: Microsoft
CVE-2000-0464 (Internet Explorer 4.x and 5.x allows remote attackers to execute ...)
	NOT-FOR-US: Microsoft
CVE-2000-0463 (BeOS 5.0 allows remote attackers to cause a denial of service via ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0462 (ftpd in NetBSD 1.4.2 does not properly parse entries in /etc/ftpchroot ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0461 (The undocumented semconfig system call in BSD freezes the state of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0460 (Buffer overflow in KDE kdesud on Linux allows local uses to gain ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0459 (IMP does not remove files properly if the MSWordView application ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0458 (The MSWordView application in IMP creates world-readable files in the ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0457 (ISM.DLL in IIS 4.0 and 5.0 allows remote attackers to read file ...)
	NOT-FOR-US: Microsoft
CVE-2000-0456 (NetBSD 1.4.2 and earlier allows local users to cause a denial of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0455 (Buffer overflow in xlockmore xlock program version 4.16 and earlier ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0454 (Buffer overflow in Linux cdrecord allows local users to gain ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0453 (XFree86 3.3.x and 4.0 allows a user to cause a denial of service via a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0452 (Buffer overflow in the ESMTP service of Lotus Domino Server 5.0.1 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0451 (The Intel express 8100 ISDN router allows remote attackers to cause a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0448 (The WebShield SMTP Management Tool version 4.5.44 does not properly ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0447 (Buffer overflow in WebShield SMTP 4.5.44 allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0446 (Buffer overflow in MDBMS database server allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0445 (The pgpk command in PGP 5.x on Unix systems uses an insufficiently ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0443 (The web interface server in HP Web JetAdmin 5.6 allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0442 (Qpopper 2.53 and earlier allows local users to gain privileges via a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0441 (Vulnerability in AIX 3.2.x and 4.x allows local users to gain write ...)
	NOT-FOR-US: AIX
CVE-2000-0440 (NetBSD 1.4.2 and earlier allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0439 (Internet Explorer 4.0 and 5.0 allows a malicious web site to obtain ...)
	NOT-FOR-US: Microsoft
CVE-2000-0438 (Buffer overflow in fdmount on Linux systems allows local users in the ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0437 (Buffer overflow in the CyberPatrol daemon &quot;cyberdaemon&quot; used in ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0436 (MetaProducts Offline Explorer 1.2 and earlier allows remote attackers ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0435 (The allmanageup.pl file upload CGI script in the Allmanage Website ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0432 (The calender.pl and the calendar_admin.pl calendar scripts by Matt ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0431 (Cobalt RaQ2 and RaQ3 does not properly set the access permissions and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0430 (Cart32 allows remote attackers to access sensitive debugging ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0428 (Buffer overflow in the SMTP gateway for InterScan Virus Wall 3.32 and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0427 (The Aladdin Knowledge Systems eToken device allows attackers with ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0426 (UltraBoard 1.6 and other versions allow remote attackers to cause a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0425 (Buffer overflow in the Web Archives component of L-Soft LISTSERV 1.8 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0424 (The CGI counter 4.0.7 by George Burgyan allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0421 (The process_bug.cgi script in Bugzilla allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0419 (The Office 2000 UA ActiveX Control is marked as &quot;safe for scripting,&quot; ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0418 (The Cayman 3220-H DSL router allows remote attackers to cause a denial ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0417 (The HTTP administration interface to the Cayman 3220-H DSL router ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0416 (NTMail 5.x allows network users to bypass the NTMail proxy ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0414 (Vulnerability in shutdown command for HP-UX 11.X and 10.X allows allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0411 (Matt Wright's FormMail CGI script allows remote attackers to obtain ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0410 (ColdFusion Server 4.5.1 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0409 (Netscape 4.73 and earlier follows symlinks when it imports a new ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0408 (IIS 4.05 and 5.0 allow remote attackers to cause a denial of service ...)
	NOT-FOR-US: Microsoft
CVE-2000-0407 (Buffer overflow in Solaris netpr program allows local users to execute ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0406 (Netscape Communicator before version 4.73 and Navigator 4.07 do not ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0405 (Buffer overflow in L0pht AntiSniff allows remote attackers to execute ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0404 (The CIFS Computer Browser service allows remote attackers to cause a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0403 (The CIFS Computer Browser service on Windows NT 4.0 allows a remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0402 (The Mixed Mode authentication capability in Microsoft SQL Server 7.0 ...)
	NOT-FOR-US: Microsoft
CVE-2000-0399 (Buffer overflow in MDaemon POP server allows remote attackers to cause ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0398 (Buffer overflow in wconsole.dll in Rockliffe MailSite Management Agent ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0397 (The EMURL web-based email account software encodes predictable ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0396 (The add.exe program in the Carello shopping cart software allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0395 (Buffer overflow in CProxy 3.3 allows remote users to cause a denial of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0394 (NetProwler 3.0 allows remote attackers to cause a denial of service by ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0393 (The KDE kscd program does not drop privileges when executing a program ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0392 (Buffer overflow in ksu in Kerberos 5 allows local users to gain root ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0391 (Buffer overflow in krshd in Kerberos 5 allows remote attackers to gain ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0390 (Buffer overflow in krb425_conv_principal function in Kerberos 5 allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0389 (Buffer overflow in krb_rd_req function in Kerberos 4 and 5 allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0388 (Buffer overflow in FreeBSD libmytinfo library allows local users to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0387 (The makelev program in the golddig game from the FreeBSD ports ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0382 (ColdFusion ClusterCATS appends stale query string arguments to a URL ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0381 (The Gossamer Threads DBMan db.cgi CGI script allows remote attackers ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0380 (The IOS HTTP service in Cisco routers and switches running IOS 11.1 ...)
	NOT-FOR-US: Cisco
CVE-2000-0379 (The Netopia R9100 router does not prevent authenticated users from ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0378 (The pam_console PAM module in Linux systems performs a chown on ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0377 (The Remote Registry server in Windows NT 4.0 allows local ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0376 (Buffer overflow in the HTTP proxy server for the i-drive Filo software ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0375 (The kernel in FreeBSD 3.2 follows symbolic links when it creates core ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0374 (The default configuration of kdm in Caldera and Mandrake Linux, and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0373 (Vulnerabilities in the KDE kvt terminal program allow local users to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0372 (Vulnerability in Caldera rmt command in the dump package 0.4b4 allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0371 (The libmediatool library used for the KDE mediatool allows local users ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0370 (The debug option in Caldera Linux smail allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0369 (The IDENT server in Caldera Linux 2.3 creates multiple threads for ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0368 (Classic Cisco IOS 9.1 and later allows attackers with access to the ...)
	NOT-FOR-US: Cisco
CVE-2000-0367 (Vulnerability in eterm 0.8.8 in Debian GNU/Linux allows an attacker to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0366 (dump in Debian GNU/Linux 2.1 does not properly restore symlinks, which ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0363 (Linux cdwtools 093 and earlier allows local users to gain root ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0362 (Buffer overflows in Linux cdwtools 093 and earlier allows local users ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0361 (The PPP wvdial.lxdialog script in wvdial 1.4 and earlier creates a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0360 (Buffer overflow in INN 2.2.1 and earlier allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0359 (Buffer overflow in Trivial HTTP (THTTPd) allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0356 (Pluggable Authentication Modules (PAM) in Red Hat Linux 6.1 does not ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0354 (mirror 2.8.x in Linux systems allows remote attackers to create files ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0353 (Pine 4.x allows a remote attacker to execute arbitrary commands via an ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0352 (Pine before version 4.21 does not properly filter shell metacharacters ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0351 (Some packaging commands in SCO UnixWare 7.1.0 have insecure ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0350 (A debugging feature in NetworkICE ICEcap 2.0.23 and earlier is ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0349 (Vulnerability in the passthru driver in SCO UnixWare 7.1.0 allows an ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0348 (A vulnerability in the Sendmail configuration file sendmail.cf as ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0347 (Windows 95 and Windows 98 allow a remote attacker to cause a denial of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0346 (AppleShare IP 6.1 and later allows a remote attacker to read ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0344 (The knfsd NFS server in Linux kernel 2.2.x allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0342 (Eudora 4.x allows remote attackers to bypass the user warning for ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0341 (ATRIUM Cassandra NNTP Server 1.10 allows remote attackers to cause a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0340 (Buffer overflow in Gnomelib in SuSE Linux 6.3 allows local users to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0339 (ZoneAlarm 2.1.10 and earlier does not filter UDP packets with a source ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0338 (Concurrent Versions Software (CVS) uses predictable temporary file ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0337 (Buffer overflow in Xsun X server in Solaris 7 allows local users to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0336 (Linux OpenLDAP server allows local users to modify arbitrary files via ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0335 (The resolver in glibc 2.1.3 uses predictable IDs, which allows a local ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0334 (The Allaire Spectra container editor preview tool does not properly ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0332 (UltraBoard.pl or UltraBoard.cgi CGI scripts in UltraBoard 1.6 allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0331 (Buffer overflow in Microsoft command processor (CMD.EXE) for Windows ...)
	NOT-FOR-US: Microsoft
CVE-2000-0330 (The networking software in Windows 95 and Windows 98 allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0329 (A Microsoft ActiveX control allows a remote attacker to execute a ...)
	NOT-FOR-US: Microsoft
CVE-2000-0328 (Windows NT 4.0 generates predictable random TCP initial sequence ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0327 (Microsoft Virtual Machine (VM) allows remote attackers to escape the ...)
	NOT-FOR-US: Microsoft
CVE-2000-0324 (pcAnywhere 8.x and 9.0 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0323 (The Microsoft Jet database engine allows an attacker to modify text ...)
	NOT-FOR-US: Microsoft
CVE-2000-0322 (The passwd.php3 CGI script in the Red Hat Piranha Virtual Server ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0320 (Qpopper 2.53 and 3.0 does not properly identify the \n string which ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0319 (mail.local in Sendmail 8.10.x does not properly identify the .\n ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0318 (Atrium Mercur Mail Server 3.2 allows local attackers to read other ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0316 (Buffer overflow in Solaris 7 lp allows local users to gain root ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0315 (traceroute in NetBSD 1.3.3 and Linux systems allows local unprivileged ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0314 (traceroute in NetBSD 1.3.3 and Linux systems allows local users to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0313 (Vulnerability in OpenBSD 2.6 allows a local user to change interface ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0311 (The Windows 2000 domain controller allows a malicious user to modify ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0310 (IP fragment assembly in OpenBSD 2.4 allows a remote attacker to cause ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0309 (The i386 trace-trap handling in OpenBSD 2.4 with DDB enabled allows a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0308 (Insecure file permissions for Netscape FastTrack Server 2.x, ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0307 (Vulnerability in xserver in SCO UnixWare 2.1.x and OpenServer 5.05 and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0306 (Buffer overflow in calserver in SCO OpenServer allows remote attackers ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0305 (Windows 95, Windows 98, Windows 2000, Windows NT 4.0, and Terminal ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0304 (Microsoft IIS 4.0 and 5.0 with the IISADMPWD virtual directory ...)
	NOT-FOR-US: Microsoft
CVE-2000-0303 (Quake3 Arena allows malicious server operators to read or modify ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0302 (Microsoft Index Server allows remote attackers to view the source code ...)
	NOT-FOR-US: Microsoft
CVE-2000-0301 (Ipswitch IMAIL server 6.02 and earlier allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0298 (The unattended installation of Windows 2000 with the OEMPreinstall ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0297 (Allaire Forums 2.0.5 allows remote attackers to bypass access ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0296 (fcheck allows local users to gain privileges by embedding shell ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0294 (Buffer overflow in healthd for FreeBSD allows local users to gain root ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0292 (The Adtran MX2800 M13 Multiplexer allows remote attackers to cause a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0290 (Buffer overflow in Webstar HTTP server allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0289 (IP masquerading in Linux 2.2.x allows remote attackers to route UDP ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0287 (The BizDB CGI script bizdb-search.cgi allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0285 (Buffer overflow in XFree86 3.3.x allows local users to execute ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0283 (The default installation of IRIX Performance Copilot allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0282 (TalentSoft webpsvr daemon in the Web+ shopping cart application allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0279 (BeOS allows remote attackers to cause a denial of service via ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0278 (The SalesLogix Eviewer allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0277 (Microsoft Excel 97 and 2000 does not warn the user when executing ...)
	NOT-FOR-US: Microsoft
CVE-2000-0276 (BeOS 4.5 and 5.0 allow local users to cause a denial of service via ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0274 (The Linux trustees kernel patch allows attackers to cause a denial of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0273 (PCAnywhere allows remote attackers to cause a denial of service by ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0272 (RealNetworks RealServer allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0268 (Cisco IOS 11.x and 12.x allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Cisco
CVE-2000-0267 (Cisco Catalyst 5.4.x allows a user to gain access to the &quot;enable&quot; mode ...)
	NOT-FOR-US: Cisco
CVE-2000-0265 (Panda Security 3.0 allows users to uninstall the Panda software via ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0264 (Panda Security 3.0 with registry editing disabled allows users to edit ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0263 (The X font server xfs in Red Hat Linux 6.x allows an attacker to cause ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0262 (The AVM KEN! ISDN Proxy server allows remote attackers to cause a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0261 (The AVM KEN! web server allows remote attackers to read arbitrary ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0260 (Buffer overflow in the dvwssr.dll DLL in Microsoft Visual Interdev 1.0 ...)
	NOT-FOR-US: Microsoft
CVE-2000-0258 (IIS 4.0 and 5.0 allows remote attackers to cause a denial of service ...)
	NOT-FOR-US: Microsoft
CVE-2000-0257 (Buffer overflow in the NetWare remote web administration utility ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0255 (The Nbase-Xyplex EdgeBlaster router allows remote attackers to cause a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0254 (The dansie shopping cart application cart.pl allows remote attackers ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0253 (The dansie shopping cart application cart.pl allows remote attackers ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0252 (The dansie shopping cart application cart.pl allows remote attackers ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0251 (HP-UX 11.04 VirtualVault (VVOS) sends data to unprivileged processes ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0249 (The AIX Fast Response Cache Accelerator (FRCA) allows local users to ...)
	NOT-FOR-US: AIX
CVE-2000-0247 (Unknown vulnerability in Generic-NQS (GNQS) allows local users to gain ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0246 (IIS 4.0 and 5.0 does not properly perform ISAPI extension processing ...)
	NOT-FOR-US: Microsoft
CVE-2000-0245 (Vulnerability in SGI IRIX objectserver daemon allows remote attackers ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0243 (AnalogX SimpleServer:WWW HTTP server 1.03 allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0240 (vqSoft vqServer program allows remote attackers to read arbitrary ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0238 (Buffer overflow in the web server for Norton AntiVirus for Internet ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0237 (Netscape Enterprise Server with Web Publishing enabled allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0236 (Netscape Enterprise Server with Directory Indexing enabled allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0235 (Buffer overflow in the huh program in the orville-write package allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0234 (The default configuration of Cobalt RaQ2 and RaQ3 as specified in ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0233 (SuSE Linux IMAP server allows remote attackers to bypass IMAP ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0232 (Microsoft TCP/IP Printing Services, aka Print Services for Unix, ...)
	NOT-FOR-US: Microsoft
CVE-2000-0231 (Linux kreatecd trusts a user-supplied path that is used to find the ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0230 (Buffer overflow in imwheel allows local users to gain root privileges ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0229 (gpm-root in the gpm package does not properly drop privileges, which ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0228 (Microsoft Windows Media License Manager allows remote attackers to ...)
	NOT-FOR-US: Microsoft
CVE-2000-0226 (IIS 4.0 allows attackers to cause a denial of service by requesting a ...)
	NOT-FOR-US: Microsoft
CVE-2000-0225 (The Pocsag POC32 program does not properly prevent remote users from ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0224 (ARCserve agent in SCO UnixWare 7.x allows local attackers to gain root ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0223 (Buffer overflow in the wmcdplay CD player program for the WindowMaker ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0222 (The installation for Windows 2000 does not activate the Administrator ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0221 (The Nautica Marlin bridge allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0218 (Buffer overflow in Linux mount and umount allows local users to gain ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0217 (The default configuration of SSH allows X forwarding, which could ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0215 (Vulnerability in SCO cu program in UnixWare 7.x allows local users to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0212 (InterAccess TelnetID Server 4.0 allows remote attackers to conduct a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0211 (The Windows Media server allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0210 (The lit program in Sun Flex License Manager (FlexLM) follows symlinks, ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0209 (Buffer overflow in Lynx 2.x allows remote attackers to crash Lynx and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0208 (The htdig (ht://Dig) CGI program htsearch allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0207 (SGI InfoSearch CGI program infosrch.cgi allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0206 (The installation of Oracle 8.1.5.x on Linux follows symlinks and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0202 (Microsoft SQL Server 7.0 and Microsoft Data Engine (MSDE) 1.0 allow ...)
	NOT-FOR-US: Microsoft
CVE-2000-0201 (The window.showHelp() method in Internet Explorer 5.x does not ...)
	NOT-FOR-US: Microsoft
CVE-2000-0200 (Buffer overflow in Microsoft Clip Art Gallery allows remote attackers ...)
	NOT-FOR-US: Microsoft
CVE-2000-0196 (Buffer overflow in mhshow in the Linux nmh package allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0195 (setxconf in Corel Linux allows local users to gain root access via the ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0194 (buildxconf in Corel Linux allows local users to modify or create ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0193 (The default configuration of Dosemu in Corel Linux 1.0 allows local ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0192 (The default installation of Caldera OpenLinux 2.3 includes the CGI ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0191 (Axis StorPoint CD allows remote attackers to access administrator URLs ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0189 (ColdFusion Server 4.x allows remote attackers to determine the real ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0186 (Buffer overflow in the dump utility in the Linux ext2fs backup package ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0185 (RealMedia RealServer reveals the real IP address of a Real Server, ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0184 (Linux printtool sets the permissions of printer configuration files to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0183 (Buffer overflow in ircII 4.4 IRC client allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0182 (iPlanet Web Server 4.1 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0181 (Firewall-1 3.0 and 4.0 leaks packets with private IP address ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0180 (Sojourn search engine allows remote attackers to read arbitrary files ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0179 (HP OpenView OmniBack 2.55 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0178 (ServerIron switches by Foundry Networks have predictable TCP/IP ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0175 (Buffer overflow in StarOffice StarScheduler web server allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0174 (StarOffice StarScheduler web server allows remote attackers to read ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0172 (The mtr program only uses a seteuid call when attempting to drop ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0171 (atsadc in the atsar package for Linux does not properly check the ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0170 (Buffer overflow in the man program in Linux allows local users to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0169 (Batch files in the Oracle web listener ows-bin directory allow remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0168 (Microsoft Windows 9x operating systems allow an attacker to cause a ...)
	NOT-FOR-US: Microsoft
CVE-2000-0166 (Buffer overflow in the InterAccess telnet server TelnetD allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0165 (The Delegate application proxy has several buffer overflows which ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0164 (The installation of Sun Internet Mail Server (SIMS) creates a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0162 (The Microsoft virtual machine (VM) in Internet Explorer 4.x and 5.x ...)
	NOT-FOR-US: Microsoft
CVE-2000-0161 (Sample web sites on Microsoft Site Server 3.0 Commerce Edition do not ...)
	NOT-FOR-US: Microsoft
CVE-2000-0159 (HP Ignite-UX does not save /etc/passwd when it creates an image of a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0157 (NetBSD ptrace call on VAX allows local users to gain privileges by ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0156 (Internet Explorer 4.x and 5.x allows remote web servers to access ...)
	NOT-FOR-US: Microsoft
CVE-2000-0152 (Remote attackers can cause a denial of service in Novell BorderManager ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0150 (Check Point Firewall-1 allows remote attackers to bypass port access ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0149 (Zeus web server allows remote attackers to view the source code for ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0148 (MySQL 3.22 allows remote attackers to bypass password authentication ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0146 (The Java Server in the Novell GroupWise Web Access Enhancement Pack ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0145 (The libguile.so library file used by gnucash in Debian GNU/Linux is ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0144 (Axis 700 Network Scanner does not properly restrict access to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0141 (Infopop Ultimate Bulletin Board (UBB) allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0140 (Internet Anywhere POP3 Mail Server allows remote attackers to cause a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0139 (Internet Anywhere POP3 Mail Server allows local users to cause a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0131 (Buffer overflow in War FTPd 1.6x allows users to cause a denial of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0130 (Buffer overflow in SCO scohelp program allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0128 (The Finger Server 0.82 allows remote attackers to execute commands via ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0127 (The Webspeed configuration program does not properly disable access to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0121 (The Recycle Bin utility in Windows NT and Windows 2000 allows local ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0120 (The Remote Access Service invoke.cfm template in Allaire Spectra 1.0 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0117 (The siteUserMod.cgi program in Cobalt RaQ2 servers allows any Site ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0116 (Firewall-1 does not properly filter script tags, which allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0113 (The SyGate Remote Management program does not properly restrict access ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0112 (The default installation of Debian GNU/Linux uses an insecure Master ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0111 (The RightFax web client uses predictable session numbers, which allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0107 (Linux apcd program allows local attackers to modify arbitrary files ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0100 (The SMS Remote Control program is installed with insecure permissions, ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0099 (Buffer overflow in UnixWare ppptalk command allows local users to gain ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0098 (Microsoft Index Server allows remote attackers to determine the real ...)
	NOT-FOR-US: Microsoft
CVE-2000-0097 (The WebHits ISAPI filter in Microsoft Index Server allows remote ...)
	NOT-FOR-US: Microsoft
CVE-2000-0095 (The PMTU discovery procedure used by HP-UX 10.30 and 11.00 for ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0094 (procfs in BSD systems allows local users to gain root privileges by ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0092 (The BSD make program allows local users to modify files via a symlink ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0091 (Buffer overflow in vchkpw/vpopmail POP authentication package allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0090 (VMWare 1.1.2 allows local users to cause a denial of service via a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0089 (The rdisk utility in Microsoft Terminal Server Edition and Windows NT ...)
	NOT-FOR-US: Microsoft
CVE-2000-0088 (Buffer overflow in the conversion utilities for Japanese, Korean and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0087 (Netscape Mail Notification (nsnotify) utility in Netscape Communicator ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0083 (HP asecure creates the Audio Security File audio.sec with insecure ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0080 (AIX techlibss allows local users to overwrite files via a symlink ...)
	NOT-FOR-US: AIX
CVE-2000-0076 (nviboot boot script in the Debian nvi package allows local users to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0075 (Super Mail Transfer Package (SMTP), later called MsgCore, has a memory ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0073 (Buffer overflow in Microsoft Rich Text Format (RTF) reader allows ...)
	NOT-FOR-US: Microsoft
CVE-2000-0072 (Visual Casel (Vcasel) does not properly prevent users from executing ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0070 (NtImpersonateClientOfPort local procedure call in Windows NT 4.0 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0065 (Buffer overflow in InetServ 3.0 allows remote attackers to execute ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0064 (cgiproc CGI script in Nortel Contivity HTTP server allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0063 (cgiproc CGI script in Nortel Contivity HTTP server allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0062 (The DTML implementation in the Z Object Publishing Environment (Zope) ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0060 (Buffer overflow in aVirt Rover POP3 server 1.1 allows remote attackers ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0057 (Cold Fusion CFCACHE tag places temporary cache files within the web ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0056 (IMail IMONITOR status.cgi CGI script allows remote attackers to cause ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0053 (Microsoft Commercial Internet System (MCIS) IMAP server allows remote ...)
	NOT-FOR-US: Microsoft
CVE-2000-0052 (Red Hat userhelper program in the usermode package allows local users ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0051 (The Allaire Spectra Configuration Wizard allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0050 (The Allaire Spectra Webtop allows authenticated users to access other ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0048 (get_it program in Corel Linux Update allows local users to gain root ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0045 (MySQL allows local users to modify passwords for arbitrary MySQL users ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0044 (Macros in War FTP 1.70 and 1.67b2 allow local or remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0043 (Buffer overflow in CamShot WebCam HTTP server allows remote attackers ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0042 (Buffer overflow in CSM mail server allows remote attackers to cause a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0041 (Macintosh systems generate large ICMP datagrams in response to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0040 (glFtpD allows local users to gain privileges via metacharacters in the ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0039 (AltaVista search engine allows remote attackers to read files above ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0037 (Majordomo wrapper allows local users to gain privileges by specifying ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0036 (Outlook Express 5 for Macintosh downloads attachments to HTML mail ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0034 (Netscape 4.7 records user passwords in the preferences.js file during ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0033 (InterScan VirusWall SMTP scanner does not properly scan messages with ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0032 (Solaris dmi_cmd allows local users to crash the dmispd daemon by ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0031 (The initscripts package in Red Hat Linux allows local users to gain ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0030 (Solaris dmispd dmi_cmd allows local users to fill up restricted disk ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0029 (UnixWare pis and mkpis commands allow local users to gain privileges ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0027 (IBM Network Station Manager NetStation allows local users to gain ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0026 (Buffer overflow in UnixWare i2odialogd daemon allows remote attackers ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0025 (IIS 4.0 and Site Server 3.0 allow remote attackers to read source code ...)
	NOT-FOR-US: Microsoft
CVE-2000-0024 (IIS does not properly canonicalize URLs, potentially allowing remote ...)
	NOT-FOR-US: Microsoft
CVE-2000-0023 (Buffer overflow in Lotus Domino HTTP server allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0022 (Lotus Domino HTTP server does not properly disable anonymous access ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0020 (DNS PRO allows remote attackers to conduct a denial of service via a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0018 (wmmon in FreeBSD allows local users to gain privileges via the ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0015 (CascadeView TFTP server allows local users to gain privileges via a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0014 (Denial of service in Savant web server via a null character in the ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0013 (IRIX soundplayer program allows local users to gain privileges by ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0012 (Buffer overflow in w3-msql CGI program in miniSQL package allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0011 (Buffer overflow in AnalogX SimpleServer:WWW HTTP server allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0010 (WebWho+ whois.cgi program allows remote attackers to execute commands ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0009 (The bna_pass program in Optivity NETarchitect uses the PATH ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0007 (Trend Micro PC-Cillin does not restrict access to its internal proxy ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0006 (strace allows local users to read arbitrary files via memory mapped ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0004 (ZBServer Pro allows remote attackers to read source code for ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0003 (Buffer overflow in UnixWare rtpm program allows local users to gain ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0002 (Buffer overflow in ZBServer Pro 1.50 allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0001 (RealMedia server allows remote attackers to cause a denial of service ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1568 (Off-by-one error in NcFTPd FTP server before 2.4.1 allows a remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1565 (Man2html 2.1 and earlier allows local users to overwrite arbitrary ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1556 (Microsoft SQL Server 6.5 uses weak encryption for the password for the ...)
	NOT-FOR-US: Microsoft
CVE-1999-1550 (bigconf.conf in F5 BIG/ip 2.1.2 and earlier allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1542 (RPMMail before 1.4 allows remote attackers to execute commands via an ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1537 (IIS 3.x and 4.x does not distinguish between pages requiring ...)
	NOT-FOR-US: Microsoft
CVE-1999-1535 (Buffer overflow in AspUpload.dll in Persits Software AspUpload before ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1531 (Buffer overflow in IBM HomePagePrint 1.0.7 for Windows98J allows a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1530 (cgiwrap as used on Cobalt RaQ 2.0 and RaQ 3i does not properly ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1520 (A configuration problem in the Ad Server Sample directory (AdSamples) ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1512 (The AMaViS virus scanner 0.2.0-pre4 and earlier allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1507 (Sun SunOS 4.1 through 4.1.3 allows local attackers to gain root access ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1494 (colorview in Silicon Graphics IRIX 5.1, 5.2, and 6.0 allows local ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1490 (xosview 1.5.1 in Red Hat 5.1 allows local users to gain root access ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1488 (sdrd daemon in IBM SP2 System Data Repository (SDR) allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1486 (sadc in IBM AIX 4.1 through 4.3, when called from programs such as ...)
	NOT-FOR-US: AIX
CVE-1999-1481 (Squid 2.2.STABLE5 and below, when using external authentication, ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1478 (The Sun HotSpot Performance Engine VM allows a remote attacker to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1476 (A bug in Intel Pentium processor (MMX and Overdrive) allows local ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1473 (When a Web site redirects the browser to another site, Internet ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1472 (Internet Explorer 4.0 allows remote attackers to read arbitrary text ...)
	NOT-FOR-US: Microsoft
CVE-1999-1468 (rdist in various UNIX systems uses popen to execute sendmail, which ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1456 (thttpd HTTP server 2.03 and earlier allows remote attackers to read ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1455 (RSH service utility RSHSVC in Windows NT 3.5 through 4.0 does not ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1452 (GINA in Windows NT 4.0 allows attackers with physical access to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1437 (ePerl 2.2.12 allows remote attackers to read arbitrary files and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1433 (HP JetAdmin D.01.09 on Solaris allows local users to change the ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1432 (Power management (Powermanagement) on Solaris 2.4 through 2.6 does not ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1423 (ping in Solaris 2.3 through 2.6 allows local users to cause a denial ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1419 (Buffer overflow in nss_nisplus.so.1 library in NIS+ in Solaris 2.3 and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1414 (IBM Netfinity Remote Control allows local users to gain administrator ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1411 (The installation of the fsp package 2.71-10 in Debian GNU/Linux 2.0 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1409 (The at program in IRIX 6.2 and NetBSD 1.3.2 and earlier allows local ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1407 (ifdhcpc-done script for configuring DHCP on Red Hat Linux 5 allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1402 (The access permissions for a UNIX domain socket are ignored in Solaris ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1397 (Index Server 2.0 on IIS 4.0 stores physical path information in the ...)
	NOT-FOR-US: Microsoft
CVE-1999-1386 (Perl 5.004_04 and earlier follows symbolic links when running with the ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1385 (Buffer overflow in ppp program in FreeBSD 2.1 and earlier allows local ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1384 (Indigo Magic System Tour in the SGI system tour package (systour) for ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1382 (NetWare NFS mode 1 and 2 implements the &quot;Read Only&quot; flag in Unix by ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1380 (Symantec Norton Utilities 2.0 for Windows 95 marks the TUNEOCX.OCX ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1379 (DNS allows remote attackers to use DNS name servers as traffic ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1365 (Windows NT searches a user's home directory (%systemroot% by default) ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1363 (Windows NT 3.51 and 4.0 allow local users to cause a denial of service ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1362 (Win32k.sys in Windows NT 4.0 before SP2 allows local users to cause a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1360 (Windows NT 4.0 allows local users to cause a denial of service via a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1359 (When the Ntconfig.pol file is used on a server whose name is longer ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1358 (When an administrator in Windows NT or Windows 2000 changes a user ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1356 (Compaq Integration Maintenance Utility as used in Compaq Insight ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1351 (Directory traversal vulnerability in KVIrc IRC client 0.9.0 with the ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1341 (Linux kernel before 2.3.18 or 2.2.13pre15, with SLIP and PPP options, ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1339 (Vulnerability when Network Address Translation (NAT) is enabled in ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1337 (FTP client in Midnight Commander (mc) before 4.5.11 stores usernames ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1336 (3Com HiPer Access Router Card (HiperARC) 4.0 through 4.2.29 allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1335 (snmpd server in cmu-snmp SNMP package before 3.3-1 in Red Hat Linux ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1333 (automatic download option in ncftp 2.4.2 FTP client in Red Hat Linux ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1332 (gzexe in the gzip package on Red Hat Linux 5.0 and earlier allows ...)
	{DSA-308}
	- gzip 1.3.5-6
CVE-1999-1331 (netcfg 2.16-1 in Red Hat Linux 4.2 allows the Ethernet interface to be ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1330 (The snprintf function in the db library 1.85.4 ignores the size ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1329 (Buffer overflow in SysVInit in Red Hat Linux 5.1 and earlier allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1328 (linuxconf before 1.11.r11-rh3 on Red Hat Linux 5.1 allows local users ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1327 (Buffer overflow in linuxconf 1.11r11-rh2 on Red Hat Linux 5.1 allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1326 (wu-ftpd 2.4 FTP server does not properly drop privileges when an ABOR ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1325 (SAS System 5.18 on VAX/VMS is installed with insecure permissions for ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1324 (VAXstations running Open VMS 5.3 through 5.5-2 with VMS DECwindows or ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1321 (Buffer overflow in ssh 1.2.26 client with Kerberos V enabled could ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1320 (Vulnerability in Novell NetWare 3.x and earlier allows local users to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1318 (/usr/5bin/su in SunOS 4.1.3 and earlier uses a search path that ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1317 (Windows NT 4.0 SP4 and earlier allows local users to gain privileges ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1316 (Passfilt.dll in Windows NT SP2 allows users to create a password that ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1309 (Sendmail before 8.6.7 allows local users to gain root access via a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1301 (A design flaw in the Z-Modem protocol allows the remote sender of a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1298 (Sysinstall in FreeBSD 2.2.1 and earlier, when configuring anonymous ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1297 (cmdtool in OpenWindows 3.0 and XView 3.0 in SunOS 4.1.4 and earlier ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1294 (Office Shortcut Bar (OSB) in Windows 3.51 enables backup and restore ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1290 (Buffer overflow in nftp FTP client version 1.40 allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1288 (Samba 1.9.18 inadvertently includes a prototype application, wsmbconf, ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1284 (NukeNabber allows remote attackers to cause a denial of service by ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1279 (An interaction between the AS/400 shared folders feature and Microsoft ...)
	NOT-FOR-US: Microsoft
CVE-1999-1276 (fte-console in the fte package before 0.46b-4.1 does not drop root ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1263 (Metamail before 2.7-7.2 allows remote attackers to overwrite arbitrary ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1262 (Java in Netscape 4.5 does not properly restrict applets from ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1259 (Microsoft Office 98, Macintosh Edition, does not properly initialize ...)
	NOT-FOR-US: Microsoft
CVE-1999-1258 (rpc.pwdauthd in SunOS 4.1.1 and earlier does not properly prevent ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1249 (movemail in HP-UX 10.20 has insecure permissions, which allows local ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1246 (Direct Mailer feature in Microsoft Site Server 3.0 saves user domain ...)
	NOT-FOR-US: Microsoft
CVE-1999-1243 (SGI Desktop Permissions Tool in IRIX 6.0.1 and earlier allows local ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1233 (IIS 4.0 does not properly restrict access for the initial session ...)
	NOT-FOR-US: Microsoft
CVE-1999-1226 (Netscape Communicator 4.7 and earlier allows remote attackers to cause ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1223 (IIS 3.0 allows remote attackers to cause a denial of service via a ...)
	NOT-FOR-US: Microsoft
CVE-1999-1222 (Netbt.sys in Windows NT 4.0 allows remote malicious DNS servers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1217 (The PATH in Windows NT includes the current working directory (.), ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1215 (LOGIN.EXE program in Novell Netware 4.0 and 4.01 temporarily writes ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1214 (The asynchronous I/O facility in 4.4 BSD kernel does not check user ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1209 (Vulnerability in scoterm in SCO OpenServer 5.0 and SCO Open ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1208 (Buffer overflow in ping in AIX 4.2 and earlier allows local users to ...)
	NOT-FOR-US: AIX
CVE-1999-1205 (nettune in HP-UX 10.01 and 10.00 is installed setuid root, which ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1204 (Check Point Firewall-1 does not properly handle certain restricted ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1203 (Multilink PPP for ISDN dialup users in Ascend before 4.6 allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1201 (Windows 95 and Windows 98 systems, when configured with multiple ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1199 (Apache WWW server 1.3.1 and earlier allows remote attackers to cause a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1198 (BuildDisk program on NeXT systems before 2.0 does not prompt users for ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1197 (TIOCCONS in SunOS 4.1.1 does not properly check the permissions of a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1194 (chroot in Digital Ultrix 4.1 and 4.0 is insecurely installed, which ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1193 (The &quot;me&quot; user in NeXT NeXTstep 2.1 and earlier has wheel group ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1192 (Buffer overflow in eeprom in Solaris 2.5.1 and earlier allows local ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1191 (Buffer overflow in chkey in Solaris 2.5.1 and earlier allows local ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1189 (Buffer overflow in Netscape Navigator/Communicator 4.7 for Windows 95 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1188 (mysqld in MySQL 3.21 creates log files with world-readable ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1181 (Vulnerability in On-Line Customer Registration software for IRIX 6.2 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1177 (Directory traversal vulnerability in nph-publish before 1.2 allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1175 (Web Cache Control Protocol (WCCP) in Cisco Cache Engine for Cisco IOS ...)
	NOT-FOR-US: Cisco
CVE-1999-1167 (Cross-site scripting vulnerability in Third Voice Web annotation ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1163 (Vulnerability in HP Series 800 S/X/V Class servers allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1162 (Vulnerability in passwd in SCO UNIX 4.0 and earlier allows attackers ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1161 (Vulnerability in ppl in HP-UX 10.x and earlier allows local users to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1160 (Vulnerability in ftpd/kftpd in HP-UX 10.x and 9.x allows local and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1159 (SSH 2.0.11 and earlier allows local users to request remote forwarding ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1157 (Tcpip.sys in Windows NT 4.0 before SP4 allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1156 (BisonWare FTP Server 4.1 and earlier allows remote attackers to cause ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1148 (FTP service in IIS 4.0 and earlier allows remote attackers to cause a ...)
	NOT-FOR-US: Microsoft
CVE-1999-1147 (Buffer overflow in Platinum Policy Compliance Manager (PCM) 7.0 allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1146 (Vulnerability in Glance and gpm programs in GlancePlus for HP-UX 9.x ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1145 (Vulnerability in Glance programs in GlancePlus for HP-UX 10.20 and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1144 (Certain files in MPower in HP-UX 10.x are installed with insecure ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1143 (Vulnerability in runtime linker program rld in SGI IRIX 6.x and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1142 (SunOS 4.1.2 and earlier allows local users to gain privileges via ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1140 (Buffer overflow in CrackLib 2.5 may allow local users to gain root ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1139 (Character-Terminal User Environment (CUE) in HP-UX 11.0 and earlier ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1138 (SCO UNIX System V/386 Release 3.2, and other SCO products, installs ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1137 (The permissions for the /dev/audio device on Solaris 2.2 and earlier, ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1136 (Vulnerability in Predictive on HP-UX 11.0 and earlier, and MPE/iX 5.5 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1132 (Windows NT 4.0 allows remote attackers to cause a denial of service ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1131 (Buffer overflow in OSF Distributed Computing Environment (DCE) ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1127 (Windows NT 4.0 does not properly shut down invalid named pipe RPC ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1122 (Vulnerability in restore in SunOS 4.0.3 and earlier allows local users ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1121 (The default configuration for UUCP in AIX before 3.2 allows local ...)
	NOT-FOR-US: AIX
CVE-1999-1120 (netprint in SGI IRIX 6.4 and earlier trusts the PATH environmental ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1119 (FTP installation script anon.ftp in AIX insecurely configures ...)
	NOT-FOR-US: AIX
CVE-1999-1118 (ndd in Solaris 2.6 allows local users to cause a denial of service by ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1117 (lquerypv in AIX 4.1 and 4.2 allows local users to read arbitrary files ...)
	NOT-FOR-US: AIX
CVE-1999-1116 (Vulnerability in runpriv in Indigo Magic System Administration ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1115 (Vulnerability in the /etc/suid_exec program in HP Apollo Domain/OS ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1114 (Buffer overflow in Korn Shell (ksh) suid_exec program on IRIX 6.x and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1111 (Vulnerability in StackGuard before 1.21 allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1109 (Sendmail before 8.10.0 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1105 (Windows 95, when Remote Administration and File Sharing for NetWare ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1104 (Windows 95 uses weak encryption for the password list (.pwl) file used ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1103 (dxconsole in DEC OSF/1 3.2C and earlier allows local users to read ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1102 (lpr on SunOS 4.1.1, BSD 4.3, A/UX 2.0.1, and other BSD-based operating ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1100 (Cisco PIX Private Link 4.1.6 and earlier does not properly process ...)
	NOT-FOR-US: Cisco
CVE-1999-1099 (Kerberos 4 allows remote attackers to obtain sensitive information via ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1098 (Vulnerability in BSD Telnet client with encryption and Kerberos 4 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1094 (Buffer overflow in Internet Explorer 4.01 and earlier allows remote ...)
	NOT-FOR-US: Microsoft
CVE-1999-1093 (Buffer overflow in the Window.External function in the JScript ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1090 (The default configuration of NCSA Telnet package for Macintosh and PC ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1087 (Internet Explorer 4 treats a 32-bit number (&quot;dotless IP address&quot;) in ...)
	NOT-FOR-US: Microsoft
CVE-1999-1085 (SSH 1.2.25, 1.2.23, and other versions, when used in in CBC (Cipher ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1080 (rmmount in SunOS 5.7 may mount file systems without the nosuid flag ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1074 (Webmin before 0.5 does not restrict the number of invalid passwords ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1059 (Vulnerability in rexec daemon (rexecd) in AT&amp;T TCP/IP 4.0 for various ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1057 (VMS 4.0 through 5.3 allows local users to gain privileges via the ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1055 (Microsoft Excel 97 does not warn the user before executing worksheet ...)
	NOT-FOR-US: Microsoft
CVE-1999-1048 (Buffer overflow in bash 2.0.0, 1.4.17, and other versions allows local ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1047 (When BSDI patches for Gauntlet 5.0 BSDI are installed in a particular ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1045 (pnserver in RealServer 5.0 and earlier allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1044 (Vulnerability in Advanced File System Utility (advfs) in Digital UNIX ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1037 (rex.satan in SATAN 1.1.1 allows local users to overwrite arbitrary ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1035 (IIS 3.0 and 4.0 on x86 and Alpha allows remote attackers to cause a ...)
	NOT-FOR-US: Microsoft
CVE-1999-1034 (Vulnerability in login in AT&amp;T System V Release 4 allows local users ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1032 (Vulnerability in LAT/Telnet Gateway (lattelnet) on Ultrix 4.1 and 4.2 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1028 (Symantec pcAnywhere 8.0 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1027 (Solaris 2.6 HW3/98 installs admintool with world-writable permissions, ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1021 (NFS on SunOS 4.1 through 4.1.2 ignores the high order 16 bits in a 32 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1019 (SpectroSERVER in Cabletron Spectrum Enterprise Manager 5.0 installs a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1014 (Buffer overflow in mail command in Solaris 2.7 and 2.7 allows local ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1011 (The Remote Data Service (RDS) DataFactory component of Microsoft Data ...)
	NOT-FOR-US: Microsoft
CVE-1999-1010 (An SSH 1.2.27 server allows a client to use the &quot;none&quot; cipher, even if ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1008 (xsoldier program allows local users to gain root access via a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1007 (Buffer overflow in VDO Live Player allows remote attackers to execute ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1005 (Groupwise web server GWWEB.EXE allows remote attackers to read ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1004 (Buffer overflow in the POP server POProxy for the Norton Anti-Virus ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1001 (Cisco Cache Engine allows a remote attacker to gain access via a null ...)
	NOT-FOR-US: Cisco
CVE-1999-1000 (The web administration interface for Cisco Cache Engine allows remote ...)
	NOT-FOR-US: Cisco
CVE-1999-0999 (Microsoft SQL 7.0 server allows a remote attacker to cause a denial of ...)
	NOT-FOR-US: Microsoft
CVE-1999-0998 (Cisco Cache Engine allows an attacker to replace content in the cache. ...)
	NOT-FOR-US: Cisco
CVE-1999-0997 (wu-ftp with FTP conversion enabled allows an attacker to execute ...)
	{DSA-377}
	- wu-ftpd 2.6.2-15
CVE-1999-0996 (Buffer overflow in Infoseek Ultraseek search engine allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0995 (Windows NT Local Security Authority (LSA) allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0994 (Windows NT with SYSKEY reuses the keystream that is used for ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0992 (HP VirtualVault with the PHSS_17692 patch allows unprivileged ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0991 (Buffer overflow in GoodTech Telnet Server NT allows remote users to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0989 (Buffer overflow in Internet Explorer 5 directshow filter (MSDXM.OCX) ...)
	NOT-FOR-US: Microsoft
CVE-1999-0987 (Windows NT does not properly download a system policy if the domain ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0986 (The ping command in Linux 2.0.3x allows local users to cause a denial ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0982 (The Sun Web-Based Enterprise Management (WBEM) installation script ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0981 (Internet Explorer 5.01 and earlier allows a remote attacker to create ...)
	NOT-FOR-US: Microsoft
CVE-1999-0980 (Windows NT Service Control Manager (SCM) allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0979 (The SCO UnixWare privileged process system allows local users to gain ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0978 (htdig allows remote attackers to execute commands via filenames with ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0977 (Buffer overflow in Solaris sadmind allows remote attackers to gain ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0976 (Sendmail allows local users to reinitialize the aliases database via ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0975 (The Windows help system can allow a local user to execute commands as ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0974 (Buffer overflow in Solaris snoop allows remote attackers to gain root ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0973 (Buffer overflow in Solaris snoop program allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0972 (Buffer overflow in Xshipwars xsw program. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0971 (Buffer overflow in Exim allows local users to gain root privileges via ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0969 (The Windows NT RPC service allows remote attackers to conduct a denial ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0968 (Buffer overflow in BNC IRC proxy allows remote attackers to gain ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0967 (Buffer overflow in the HTML library used by Internet Explorer, Outlook ...)
	NOT-FOR-US: Microsoft
CVE-1999-0966 (Buffer overflow in Solaris getopt in libc allows local users to gain ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0965 (Race condition in xterm allows local users to modify arbitrary files ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0964 (Buffer overflow in FreeBSD setlocale in the libc module allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0963 (FreeBSD mount_union command allows local users to gain root privileges ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0962 (Buffer overflow in HPUX passwd command allows local users to gain root ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0961 (HPUX sysdiag allows local users to gain root privileges via a symlink ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0960 (IRIX cdplayer allows local users to create directories in arbitrary ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0959 (IRIX startmidi program allows local users to modify arbitrary files ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0958 (sudo 1.5.x allows local users to execute arbitrary commands via a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0957 (MajorCool mj_key_cache program allows local users to modify files via ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0956 (The NeXT NetInfo _writers property allows local users to gain root ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0955 (Race condition in wu-ftpd and BSDI ftpd allows remote attackers gain ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0954 (WWWBoard has a default username and default password. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0953 (WWWBoard stores encrypted passwords in a password file that is ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0951 (Buffer overflow in OmniHTTPd CGI program imagemap.exe allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0950 (Buffer overflow in WFTPD FTP server allows remote attackers to gain ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0947 (AN-HTTPd provides example CGI scripts test.bat, input.bat, input2.bat, ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0946 (Buffer overflow in Yamaha MidiPlug via a Text variable in an EMBED ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0945 (Buffer overflow in Internet Mail Service (IMS) for Microsoft Exchange ...)
	NOT-FOR-US: Microsoft
CVE-1999-0943 (Buffer overflow in OpenLink 3.2 allows remote attackers to gain ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0942 (UnixWare dos7utils allows a local user to gain root privileges by ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0940 (Buffer overflow in mutt mail client allows remote attackers to execute ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0939 (Denial of service in Debian IRC Epic/epic4 client via a long string. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0938 (MBone SDR Package allows remote attackers to execute commands via ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0937 (BNBForm allows remote attackers to read arbitrary files via the ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0936 (BNBSurvey survey.cgi program allows remote attackers to execute ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0935 (classifieds.cgi allows remote attackers to execute arbitrary commands ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0934 (classifieds.cgi allows remote attackers to read arbitrary files via ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0933 (TeamTrack web server allows remote attackers to read arbitrary files ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0932 (Mediahouse Statistics Server allows remote attackers to read the ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0931 (Buffer overflow in Mediahouse Statistics Server allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0930 (wwwboard allows a remote attacker to delete message board articles via ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0928 (Buffer overflow in SmartDesk WebSuite allows remote attackers to cause ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0927 (NTMail allows remote attackers to read arbitrary files via a .. (dot ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0924 (The Syntax Checker in ColdFusion Server 4.0 allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0922 (An example application in ColdFusion Server 4.0 allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0921 (BMC Patrol allows any remote attacker to flood its UDP port, causing a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0920 (Buffer overflow in the pop-2d POP daemon in the IMAP package allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0918 (Denial of service in various Windows systems via malformed, fragmented ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0917 (The Preloader ActiveX control used by Internet Explorer allows remote ...)
	NOT-FOR-US: Microsoft
CVE-1999-0916 (WebTrends software stores account names and passwords in a file which ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0915 (URL Live! web server allows remote attackers to read arbitrary files ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0914 (Buffer overflow in the FTP client in the Debian GNU/Linux netstd ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0912 (FreeBSD VFS cache (vfs_cache) allows local users to cause a denial of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0909 (Multihomed Windows systems allow a remote attacker to bypass IP ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0908 (Denial of service in Solaris TCP streams driver via a malicious ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0907 (sccw allows local users to read arbitrary files. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0906 (Buffer overflow in sccw allows local users to gain root access via the ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0905 (Denial of service in Axent Raptor firewall via malformed zero-length ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0904 (Buffer overflow in BFTelnet allows remote attackers to cause a denial ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0903 (genfilt in the AIX Packet Filtering Module does not properly filter ...)
	NOT-FOR-US: AIX
CVE-1999-0902 (ypserv allows local administrators to modify password tables. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0901 (ypserv allows a local user to modify the GECOS and login shells ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0900 (Buffer overflow in rpc.yppasswdd allows a local user to gain ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0899 (The Windows NT 4.0 print spooler allows a local user to execute ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0898 (Buffer overflows in Windows NT 4.0 print spooler allow remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0897 (iChat ROOMS Webserver allows remote attackers to read arbitrary files ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0896 (Buffer overflow in RealNetworks RealServer administration utility ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0895 (Firewall-1 does not properly restrict access to LDAP attributes. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0894 (Red Hat Linux screen program does not use Unix98 ptys, allowing ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0893 (userOsa in SCO OpenServer allows local users to corrupt files via a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0892 (Buffer overflow in Netscape Communicator before 4.7 via a dynamic font ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0891 (The &quot;download behavior&quot; in Internet Explorer 5 allows remote attackers ...)
	NOT-FOR-US: Microsoft
CVE-1999-0890 (iHTML Merchant allows remote attackers to obtain sensitive information ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0889 (Cisco 675 routers running CBOS allow remote attackers to establish ...)
	NOT-FOR-US: Cisco
CVE-1999-0888 (dbsnmp in Oracle Intelligent Agent allows local users to gain ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0887 (FTGate web interface server allows remote attackers to read files via ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0886 (The security descriptor for RASMAN allows users to point to an ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0884 (The Zeus web server administrative interface uses weak encryption for ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0883 (Zeus web server allows remote attackers to read arbitrary files by ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0881 (Falcon web server allows remote attackers to read arbitrary files via ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0880 (Denial of service in WU-FTPD via the SITE NEWER command, which does ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0879 (Buffer overflow in WU-FTPD and related FTP servers allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0878 (Buffer overflow in WU-FTPD and related FTP servers allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0877 (Internet Explorer 5 allows remote attackers to read files via an ...)
	NOT-FOR-US: Microsoft
CVE-1999-0876 (Buffer overflow in Internet Explorer 4.0 via EMBED tag. ...)
	NOT-FOR-US: Microsoft
CVE-1999-0875 (DHCP clients with ICMP Router Discovery Protocol (IRDP) enabled allow ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0874 (Buffer overflow in IIS 4.0 allows remote attackers to cause a denial ...)
	NOT-FOR-US: Microsoft
CVE-1999-0873 (Buffer overflow in Skyfull mail server via MAIL FROM command. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0871 (Internet Explorer 4.0 and 4.01 allow a remote attacker to read files ...)
	NOT-FOR-US: Microsoft
CVE-1999-0870 (Internet Explorer 4.01 allows remote attackers to read arbitrary files ...)
	NOT-FOR-US: Microsoft
CVE-1999-0869 (Internet Explorer 3.x to 4.01 allows a remote attacker to insert ...)
	NOT-FOR-US: Microsoft
CVE-1999-0868 (ucbmail allows remote attackers to execute commands via shell ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0867 (Denial of service in IIS 4.0 via a flood of HTTP requests with ...)
	NOT-FOR-US: Microsoft
CVE-1999-0866 (Buffer overflow in UnixWare xauto program allows local users to gain ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0865 (Buffer overflow in CommuniGatePro via a long string to the HTTP ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0864 (UnixWare programs that dump core allow a local user to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0861 (Race condition in the SSL ISAPI filter in IIS and other servers may ...)
	NOT-FOR-US: Microsoft
CVE-1999-0859 (Solaris arp allows local users to read files via the -f parameter, ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0858 (Internet Explorer 5 allows a remote attacker to modify the IE client's ...)
	NOT-FOR-US: Microsoft
CVE-1999-0856 (login in Slackware 7.0 allows remote attackers to identify valid users ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0854 (Ultimate Bulletin Board stores data files in the cgi-bin directory, ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0853 (Buffer overflow in Netscape Enterprise Server and Netscape ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0851 (Denial of service in BIND named via naptr. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0849 (Denial of service in BIND named via maxdname. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0848 (Denial of service in BIND named via consuming more than &quot;fdmax&quot; file ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0847 (Buffer overflow in free internet chess server (FICS) program, xboard. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0842 (Symantec Mail-Gear 1.0 web interface server allows remote users to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0839 (Windows NT Task Scheduler installed with Internet Explorer 5 allows a ...)
	NOT-FOR-US: Microsoft
CVE-1999-0838 (Buffer overflow in Serv-U FTP 2.5 allows remote users to conduct a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0837 (Denial of service in BIND by improperly closing TCP sessions via ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0836 (UnixWare uidadmin allows local users to modify arbitrary files via ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0835 (Denial of service in BIND named via malformed SIG records. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0834 (Buffer overflow in RSAREF2 via the encryption and decryption functions ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0833 (Buffer overflow in BIND 8.2 via NXT records. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0832 (Buffer overflow in NFS server on Linux allows attackers to execute ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0831 (Denial of service in Linux syslogd via a large number of connections. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0826 (Buffer overflow in FreeBSD angband allows local users to gain ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0824 (A Windows NT user can use SUBST to map a drive letter to a folder, ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0823 (Buffer overflow in FreeBSD xmindpath allows local users to gain ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0820 (FreeBSD seyon allows users to gain privileges via a modified PATH ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0819 (NTMail does not disable the VRFY command, even if the administrator ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0817 (Lynx WWW client allows a remote attacker to specify command-line ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0815 (Memory leak in SNMP agent in Windows NT 4.0 before SP5 allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0814 (Red Hat pump DHCP client allows remote attackers to gain root access ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0813 (Cfingerd with ALLOW_EXECUTION enabled does not properly drop ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0812 (Race condition in Samba smbmnt allows local users to mount file ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0811 (Buffer overflow in Samba smbd program via a malformed message ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0810 (Denial of service in Samba NETBIOS name service daemon (nmbd). ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0809 (Netscape Communicator 4.x with Javascript enabled does not warn a user ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0807 (The Netscape Directory Server installation procedure leaves sensitive ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0806 (Buffer overflow in Solaris dtprintinfo program. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0804 (Denial of service in Linux 2.2.x kernels via malformed ICMP packets ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0803 (The fwluser script in AIX eNetwork Firewall allows local users to ...)
	NOT-FOR-US: AIX
CVE-1999-0802 (Buffer overflow in Internet Explorer 5 allows remote attackers to ...)
	NOT-FOR-US: Microsoft
CVE-1999-0801 (BMC Patrol allows remote attackers to gain access to an agent by ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0800 (The GetFile.cfm file in Allaire Forums allows remote attackers to read ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0799 (Buffer overflow in bootpd 2.4.3 and earlier via a long boot file ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0797 (NIS finger allows an attacker to conduct a denial of service via a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0796 (FreeBSD T/TCP Extensions for Transactions can be subjected to spoofing ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0794 (Microsoft Excel does not warn a user when a macro is present in a ...)
	NOT-FOR-US: Microsoft
CVE-1999-0793 (Internet Explorer allows remote attackers to read files by redirecting ...)
	NOT-FOR-US: Microsoft
CVE-1999-0791 (Hybrid Network cable modems do not include an authentication mechanism ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0790 (A remote attacker can read information from a Netscape user's cache ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0789 (Buffer overflow in AIX ftpd in the libc library. ...)
	NOT-FOR-US: AIX
CVE-1999-0788 (Arkiea nlservd allows remote attackers to conduct a denial of service. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0787 (The SSH authentication agent follows symlinks via a UNIX domain ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0786 (The dynamic linker in Solaris allows a local user to create arbitrary ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0785 (The INN inndstart program allows local users to gain root privileges ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0783 (FreeBSD allows local users to conduct a denial of service by creating ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0782 (KDE kppp allows local users to create a directory in an arbitrary ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0781 (KDE allows local users to execute arbitrary commands by setting the ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0780 (KDE klock allows local users to kill arbitrary processes by specifying ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0779 (Denial of service in HP-UX SharedX recserv program. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0778 (Buffer overflow in Xi Graphics Accelerated-X server allows local ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0777 (IIS FTP servers may allow a remote attacker to read or delete files on ...)
	NOT-FOR-US: Microsoft
CVE-1999-0775 (Cisco Gigabit Switch routers running IOS allow remote attackers to ...)
	NOT-FOR-US: Cisco
CVE-1999-0774 (Buffer overflows in Mars NetWare Emulation (NWE, mars_nwe) package via ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0773 (Buffer overflow in Solaris lpset program allows local users to gain ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0772 (Denial of service in Compaq Management Agents and the Compaq Survey ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0771 (The web components of Compaq Management Agents and the Compaq Survey ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0770 (Firewall-1 sets a long timeout for connections that begin with ACK or ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0769 (Vixie Cron on Linux systems allows local users to set parameters of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0768 (Buffer overflow in Vixie Cron on Red Hat systems via the MAILTO ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0766 (The Microsoft Java Virtual Machine allows a malicious Java applet to ...)
	NOT-FOR-US: Microsoft
CVE-1999-0765 (SGI IRIX midikeys program allows local users to modify arbitrary files ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0764 (NetBSD allows ARP packets to overwrite static ARP entries. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0763 (NetBSD on a multi-homed host allows ARP packets on one network to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0762 (When Javascript is embedded within the TITLE tag, Netscape ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0761 (Buffer overflow in FreeBSD fts library routines allows local user to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0760 (Undocumented ColdFusion Markup Language (CFML) tags and functions in ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0759 (Buffer overflow in FuseMAIL POP service via long USER and PASS ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0758 (Netscape Enterprise 3.5.1 and FastTrack 3.01 servers allow a remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0756 (ColdFusion Administrator with Advanced Security enabled allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0755 (Windows NT RRAS and RAS clients cache a user's password even if the ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0754 (The INN inndstart program allows local users to gain privileges by ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0753 (The w3-msql CGI script provided with Mini SQL allows remote attackers ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0752 (Denial of service in Netscape Enterprise Server via a buffer overflow ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0751 (Buffer overflow in Accept command in Netscape Enterprise Server 3.6 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0749 (Buffer overflow in Microsoft Telnet client in Windows 95 and Windows ...)
	NOT-FOR-US: Microsoft
CVE-1999-0747 (Denial of service in BSDi Symmetric Multiprocessing (SMP) when an ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0746 (A default configuration of in.identd in SuSE Linux waits 120 seconds ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0745 (Buffer overflow in Source Code Browser Program Database Name Server ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0744 (Buffer overflow in Netscape Enterprise Server and FastTrask Server ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0743 (Trn allows local users to overwrite other users' files via symlinks. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0742 (The Debian mailman package uses weak authentication, which allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0740 (Remote attackers can cause a denial of service on Linux in.telnetd ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0735 (KDE K-Mail allows local users to gain privileges via a symlink attack ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0734 (A default configuration of CiscoSecure Access Control Server (ACS) ...)
	NOT-FOR-US: Cisco
CVE-1999-0733 (Buffer overflow in VMWare 1.0.1 for Linux via a long HOME ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0732 (The logging facilitity of the Debian smtp-refuser package allows local ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0731 (The KDE klock program allows local users to unlock a session using ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0730 (The zsoelim program in the Debian man-db package allows local users to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0729 (Buffer overflow in Lotus Notes LDAP (NLDAP) allows an attacker to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0728 (A Windows NT user can disable the keyboard or mouse by directly ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0727 (A kernel leak in the OpenBSD kernel allows IPsec packets to be sent ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0726 (An attacker can conduct a denial of service in Windows NT by executing ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0725 (When IIS is run with a default language of Chinese, Korean, or ...)
	NOT-FOR-US: Microsoft
CVE-1999-0724 (Buffer overflow in OpenBSD procfs and fdescfs file systems via ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0723 (The Windows NT Client Server Runtime Subsystem (CSRSS) can be ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0722 (The default configuration of Cobalt RaQ2 servers allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0721 (Denial of service in Windows NT Local Security Authority (LSA) through ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0720 (The pt_chown command in Linux allows local users to modify TTY ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0719 (The Guile plugin for the Gnumeric spreadsheet package allows attackers ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0718 (IBM GINA, when used for OS/2 domain authentication of Windows NT ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0717 (A remote attacker can disable the virus warning mechanism in Microsoft ...)
	NOT-FOR-US: Microsoft
CVE-1999-0716 (Buffer overflow in Windows NT 4.0 help file utility via a malformed ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0715 (Buffer overflow in Remote Access Service (RAS) client allows an ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0714 (Vulnerability in Compaq Tru64 UNIX edauth command. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0713 (The dtlogin program in Compaq Tru64 UNIX allows local users to gain ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0711 (The oratclsh interpreter in Oracle 8.x Intelligent Agent for Unix ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0710 (The Squid package in Red Hat Linux 5.2 and 6.0, and other ...)
	{DSA-576-1}
	- squid 2.5.7-1
CVE-1999-0708 (Buffer overflow in cfingerd allows local users to gain root privileges ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0707 (The default FTP configuration in HP Visualize Conference allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0706 (Linux xmonisdn package allows local users to gain root privileges by ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0705 (Buffer overflow in INN inews program. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0704 (Buffer overflow in Berkeley automounter daemon (amd) logging facility ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0703 (OpenBSD, BSDI, and other Unix operating systems allow users to set ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0702 (Internet Explorer 5.0 and 5.01 allows remote attackers to modify or ...)
	NOT-FOR-US: Microsoft
CVE-1999-0701 (After an unattended installation of Windows NT 4.0, an installation ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0700 (Buffer overflow in Microsoft Phone Dialer (dialer.exe), via a malformed ...)
	NOT-FOR-US: Microsoft
CVE-1999-0699 (The Bluestone Sapphire web server allows session hijacking via easily ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0697 (SCO Doctor allows local users to gain root privileges through a Tools ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0696 (Buffer overflow in CDE Calendar Manager Service Daemon (rpc.cmsd). ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0695 (The Sybase PowerDynamo personal web server allows attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0694 (Denial of service in AIX ptrace system call allows local users to ...)
	NOT-FOR-US: AIX
CVE-1999-0693 (Buffer overflow in TT_SESSION environment variable in ToolTalk shared ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0692 (The default configuration of the Array Services daemon (arrayd) ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0691 (Buffer overflow in the AddSuLog function of the CDE dtaction utility ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0690 (HP CDE program includes the current directory in root's PATH variable. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0689 (The CDE dtspcd daemon allows local users to execute arbitrary commands ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0688 (Buffer overflows in HP Software Distributor (SD) for HPUX 10.x and 11.x. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0687 (The ToolTalk ttsession daemon uses weak RPC authentication, which ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0686 (Denial of service in Netscape Enterprise Server (NES) in HP Virtual ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0685 (Buffer overflow in Netscape Communicator via EMBED tags in the ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0683 (Denial of service in Gauntlet Firewall via a malformed ICMP packet. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0682 (Microsoft Exchange 5.5 allows a remote attacker to relay email ...)
	NOT-FOR-US: Microsoft
CVE-1999-0681 (Buffer overflow in Microsoft FrontPage Server Extensions (PWS) ...)
	NOT-FOR-US: Microsoft
CVE-1999-0680 (Windows NT Terminal Server performs extra work when a client opens a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0679 (Buffer overflow in hybrid-6 IRC server commonly used on EFnet allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0678 (A default configuration of Apache on Debian GNU/Linux sets the ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0676 (sdtcm_convert in Solaris 2.6 allows a local user to overwrite ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0675 (Check Point FireWall-1 can be subjected to a denial of service via UDP ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0674 (The BSD profil system call allows a local user to modify the internal ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0672 (Buffer overflow in Fujitsu Chocoa IRC client via IRC channel topics. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0671 (Buffer overflow in ToxSoft NextFTP client through CWD command. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0668 (The scriptlet.typelib ActiveX control is marked as &quot;safe for ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0628 (The rwho/rwhod service is running, which exposes machine status ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0627 (The rexd service is running, which uses weak authentication that can ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0626 (A version of rusers is running that exposes valid user information ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0612 (A version of finger is running that exposes valid user information ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0608 (An incorrect configuration of the PDG Shopping Cart CGI program ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0566 (An attacker can write to syslog files from any location, causing a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0551 (HP OpenMail can be misconfigured to allow users to run arbitrary ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0526 (An X server's access control is disabled (e.g. through an &quot;xhost +&quot; ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0514 (UDP messages to broadcast addresses are allowed, allowing for a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0513 (ICMP messages to broadcast addresses are allowed, allowing for a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0496 (A Windows NT 4.0 user can gain administrative rights by forcing ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0494 (Denial of service in WinGate proxy through a buffer overflow in ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0493 (rpc.statd allows remote attackers to forward RPC calls to the local ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0491 (The prompt parsing in bash allows a local user to execute commands as ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0487 (The DHTML Edit ActiveX control in Internet Explorer allows remote ...)
	NOT-FOR-US: Microsoft
CVE-1999-0485 (Remote attackers can cause a system crash through ipintr() in ipq in ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0484 (Buffer overflow in OpenBSD ping. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0483 (OpenBSD crash using nlink value in FFS and EXT2FS filesystems. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0482 (OpenBSD kernel crash through TSS handling, as caused by the crashme ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0481 (Denial of service in &quot;poll&quot; in OpenBSD. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0479 (Denial of service Netscape Enterprise Server with VirtualVault on ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0478 (Denial of service in HP-UX sendmail 8.8.6 related to accepting ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0475 (A race condition in how procmail handles .procmailrc files allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0474 (The ICQ Webserver allows remote attackers to use .. to access ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0473 (The rsync command before rsync 2.3.1 may inadvertently change the ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0472 (The SNMP default community name &quot;public&quot; is not properly removed in ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0471 (The remote proxy server in Winroute allows a remote attacker to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0470 (A weak encryption algorithm is used for passwords in Novell ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0468 (Internet Explorer 5.0 allows a remote server to read arbitrary files ...)
	NOT-FOR-US: Microsoft
CVE-1999-0466 (The SVR4 /dev/wabi special device file in NetBSD 1.3.3 and earlier ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0464 (Local users can perform a denial of service in Tripwire 1.2 and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0463 (Remote attackers can perform a denial of service using IRIX fcagent. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0458 (L0phtcrack 2.5 used temporary files in the system TEMP directory which ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0457 (Linux ftpwatch program allows local users to gain root privileges. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0449 (The ExAir sample site in IIS 4 allows remote attackers to cause a ...)
	NOT-FOR-US: Microsoft
CVE-1999-0448 (IIS 4.0 and Apache log HTTP request methods, regardless of how long ...)
	NOT-FOR-US: Microsoft
CVE-1999-0447 (Local users can gain privileges using the debug utility in the MPE/iX ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0446 (Local users can perform a denial of service in NetBSD 1.3.3 and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0445 (In Cisco routers under some versions of IOS 12.0 running NAT, some ...)
	NOT-FOR-US: Cisco
CVE-1999-0442 (Solaris ff.core allows local users to modify files. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0441 (Remote attackers can perform a denial of service in WinGate machines ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0440 (The byte code verifier component of the Java Virtual Machine (JVM) ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0439 (Buffer overflow in procmail before version 3.12 allows remote or local ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0438 (Remote attackers can perform a denial of service in WebRamp systems by ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0437 (Remote attackers can perform a denial of service in WebRamp systems by ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0436 (Domain Enterprise Server Management System (DESMS) in HP-UX allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0433 (XFree86 startx command is vulnerable to a symlink attack, allowing local ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0432 (ftp on HP-UX 11.00 allows local users to gain privileges. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0430 (Cisco Catalyst LAN switches running Catalyst 5000 supervisor software ...)
	NOT-FOR-US: Cisco
CVE-1999-0429 (The Lotus Notes 4.5 client may send a copy of encrypted mail in the ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0428 (OpenSSL and SSLeay allow remote attackers to reuse SSL sessions and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0425 (talkback in Netscape 4.5 allows a local user to kill an arbitrary ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0424 (talkback in Netscape 4.5 allows a local user to overwrite ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0423 (Vulnerability in hpterm on HP-UX 10.20 allows local users to gain ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0422 (In some cases, NetBSD 1.3.3 mount allows local users to execute ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0421 (During a reboot after an installation of Linux Slackware 3.6, a remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0420 (umapfs allows local users to gain root privileges by changing their ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0417 (64 bit Solaris 7 procfs allows local users to perform a denial of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0416 (Vulnerability in Cisco 7xx series routers allows a remote attacker to ...)
	NOT-FOR-US: Cisco
CVE-1999-0415 (The HTTP server in Cisco 7xx series routers 3.2 through 4.2 is enabled ...)
	NOT-FOR-US: Cisco
CVE-1999-0414 (In Linux before version 2.0.36, remote attackers can spoof a TCP ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0413 (A buffer overflow in the SGI X server allows local users to gain root ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0412 (In IIS and other web servers, an attacker can attack commands as ...)
	NOT-FOR-US: Microsoft
CVE-1999-0410 (The cancel command in Solaris 2.6 (i386) has a buffer overflow that ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0409 (Buffer overflow in gnuplot in Linux version 3.5 allows local users to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0408 (Files created from interactive shell sessions in Cobalt RaQ ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0407 (By default, IIS 4.0 has a virtual directory /IISADMPWD which contains ...)
	NOT-FOR-US: Microsoft
CVE-1999-0405 (A buffer overflow in lsof allows local users to obtain root ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0404 (Buffer overflow in the Mail-Max SMTP server for Windows systems allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0403 (A bug in Cyrix CPUs on Linux allows local users to perform a denial ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0402 (wget 1.5.3 follows symlinks to change permissions of the target file ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0396 (A race condition between the select() and accept() calls in NetBSD TCP ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0395 (A race condition in the BackWeb Polite Agent Protocol allows an ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0393 (Remote attackers can cause a denial of service in Sendmail 8.8.x and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0392 (Buffer overflow in Thomas Boutell's cgic library version up to 1.05. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0391 (The cryptographic challenge of SMB authentication in Windows 95 and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0390 (Buffer overflow in Dosemu Slang library in Linux. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0388 (DataLynx suGuard trusts the PATH environment variable to execute the ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0387 (A legacy credential caching mechanism used in Windows 95 and Windows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0386 (Microsoft Personal Web Server and FrontPage Personal Web Server in ...)
	NOT-FOR-US: Microsoft
CVE-1999-0385 (The LDAP bind function in Exchange 5.5 has a buffer overflow that ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0384 (The Forms 2.0 ActiveX control (included with Visual Basic for ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0383 (ACC Tigris allows public access without a login. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0382 (The screen saver in Windows NT does not verify that its security ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0380 (SLMail 3.1 and 3.2 allows local users to access any file in the NTFS ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0379 (Microsoft Taskpads allows remote web sites to execute commands on the ...)
	NOT-FOR-US: Microsoft
CVE-1999-0378 (InterScan VirusWall for Solaris doesn't scan files for viruses when ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0377 (Process table attack in Unix systems allows a remote attacker to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0376 (Local users in Windows NT can obtain administrator privileges by ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0375 (Buffer overflow in webd in Network Flight Recorder (NFR) ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0374 (Debian GNU/Linux cfengine package is susceptible to a symlink attack. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0373 (Buffer overflow in the &quot;Super&quot; utility in Debian GNU/Linux, and other ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0372 (The installer for BackOffice Server includes account names and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0371 (Lynx allows a local user to overwrite sensitive files through /tmp ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0369 (The Sun sdtcm_convert calendar utility for OpenWindows has a buffer ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0368 (Buffer overflows in wuarchive ftpd (wu-ftpd) and ProFTPD lead to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0367 (NetBSD netstat command allows local users to access kernel memory. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0366 (In some cases, Service Pack 4 for Windows NT 4.0 can allow access to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0365 (The metamail package allows remote command execution using shell ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0363 (SuSE 5.2 PLP lpc program has a buffer overflow that leads to root ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0362 (WS_FTP server remote denial of service through cwd command. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0358 (Digital Unix 4.0 has a buffer overflow in the inc program of the mh ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0357 (Windows 98 and other operating systems allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0355 (Local or remote users can force ControlIT 4.5 to reboot or force a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0353 (rpc.pcnfsd in HP gives remote root access by changing the permissions ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0351 (FTP PASV &quot;Pizza Thief&quot; denial of service and unauthorized data ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0350 (Race condition in the db_loader program in ClearCase gives local ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0349 (A buffer overflow in the FTP list (ls) command in IIS allows remote ...)
	NOT-FOR-US: Microsoft
CVE-1999-0348 (IIS ASP caching problem releases sensitive information when two ...)
	NOT-FOR-US: Microsoft
CVE-1999-0346 (CGI PHP mlog script allows an attacker to read any file on the target ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0344 (NT users can gain debug-level access on a system process using the ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0343 (A malicious Palace server can force a client to execute arbitrary ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0342 (Linux PAM modules allow local users to gain root access using ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0341 (Buffer overflow in the Linux mail program &quot;deliver&quot; allows local users ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0340 (Buffer overflow in Linux Slackware crond program allows local users ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0339 (Buffer overflow in the libauth library in Solaris allows local users ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0338 (AIX Licensed Program Product performance tools allow local users to ...)
	NOT-FOR-US: AIX
CVE-1999-0337 (AIX batch queue (bsh) allows local and remote users to gain additional ...)
	NOT-FOR-US: AIX
CVE-1999-0335 (DEPRECATED.  This entry has been deprecated.  It is a duplicate of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0334 (In Solaris 2.2 and 2.3, when fsck fails on startup, it allows a local ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0332 (Buffer overflow in NetMeeting allows denial of service and remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0329 (SGI mediad program allows local users to gain root access. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0328 (SGI permissions program allows local users to gain root privileges. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0327 (SGI syserr program allows local users to corrupt files. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0326 (Vulnerability in HP-UX mediainit program. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0325 (vhe_u_mnt program in HP-UX allows local users to create root files through ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0324 (ppl program in HP-UX allows local users to create root files through ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0323 (FreeBSD mmap function allows users to modify append-only or immutable ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0322 (The open() function in FreeBSD allows local attackers to write ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0321 (Buffer overflow in Solaris kcms_configure command allows local users ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0320 (SunOS rpc.cmsd allows attackers to obtain root access by overwriting ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0318 (Buffer overflow in xmcd 2.0p12 allows local users to gain access ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0316 (Buffer overflow in Linux splitvt command gives root access to local ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0315 (Buffer overflow in Solaris fdformat command gives root access to local ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0314 (ioconfig on SGI IRIX 6.4 S2MP for Origin/Onyx2 allows local users to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0313 (disk_bandwidth on SGI IRIX 6.4 S2MP for Origin/Onyx2 allows local ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0312 (HP ypbind allows attackers with root privileges to modify NIS data. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0311 (fpkg2swpk in HP-UX allows local users to gain root access. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0310 (SSH 1.2.25 on HP-UX allows access to new user accounts. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0309 (HP-UX vgdisplay program gives root access to local users. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0308 (HP-UX gwind program allows users to modify arbitrary files. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0305 (The system configuration control (sysctl) facility in BSD based ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0304 (mmap function in BSD allows local attackers in the kmem group to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0303 (Buffer overflow in BNU UUCP daemon (uucpd) through long hostnames. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0302 (SunOS/Solaris FTP clients can be forced to execute arbitrary commands ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0301 (Buffer overflow in SunOS/Solaris ps command. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0300 (nis_cachemgr for Solaris NIS+ allows attackers to add malicious ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0299 (Buffer overflow in FreeBSD lpd through long DNS hostnames. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0297 (Buffer overflow in Vixie Cron library up to version 3.0 allows local ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0296 (Solaris volrmmount program allows attackers to read any file. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0295 (Solaris sysdef command allows local users to read kernel memory, ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0294 (All records in a WINS database can be deleted through SNMP for ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0293 (AAA authentication on Cisco systems allows attackers to execute ...)
	NOT-FOR-US: Cisco
CVE-1999-0292 (Denial of service through Winpopup using large user names. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0291 (The WinGate proxy is installed without a password, which allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0290 (The WinGate telnet proxy allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0289 (The Apache web server for Win32 may provide access to restricted ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0288 (The WINS server in Microsoft Windows NT 4.0 before SP4 allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0281 (Denial of service in IIS using long URLs. ...)
	NOT-FOR-US: Microsoft
CVE-1999-0280 (Remote command execution in Microsoft Internet Explorer using .lnk and ...)
	NOT-FOR-US: Microsoft
CVE-1999-0279 (Excite for Web Servers (EWS) allows remote command execution via ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0278 (In IIS, remote attackers can obtain source code for ASP files by appending ...)
	NOT-FOR-US: Microsoft
CVE-1999-0277 (The WorkMan program can be used to overwrite any file to get root access. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0276 (mSQL v2.0.1 and below allows remote execution through a buffer overflow. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0275 (Denial of service in Windows NT DNS servers by flooding port 53 with ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0274 (Denial of service in Windows NT DNS servers through malicious packet ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0273 (Denial of service through Solaris 2.5.1 telnet by sending ^D characters. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0272 (Denial of service in Slmail v2.5 through the POP3 port. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0270 (Directory traversal vulnerability in pfdispaly.cgi program (sometimes ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0269 (Netscape Enterprise servers may list files through the PageServices query. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0268 (MetaInfo MetaWeb web server allows users to upload, execute, and read ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0267 (Buffer overflow in NCSA HTTP daemon v1.3 allows remote command execution. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0266 (The info2www CGI script allows remote file access or remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0265 (ICMP redirect messages may crash or lock up a host. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0264 (htmlscript CGI program allows remote read access to files. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0263 (Solaris SUNWadmap can be exploited to obtain root access. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0262 (Hylafax faxsurvey CGI script on Linux allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0260 (The jj CGI program allows command execution via shell metacharacters. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0259 (cfingerd lists all users on a system via search.**@target. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0256 (Buffer overflow in War FTP allows remote execution of commands. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0252 (Buffer overflow in listserv allows arbitrary command execution. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0251 (Denial of service in talk program allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0248 (A race condition in the authentication agent mechanism of sshd 1.2.17 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0247 (Buffer overflow in nnrpd program in INN up to version 1.6 allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0245 (Some configurations of NIS+ in Linux allowed attackers ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0244 (Livingston RADIUS code has a buffer overflow which can allow remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0239 (Netscape FastTrack Web server lists files when a lowercase &quot;get&quot; ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0237 (Remote execution of arbitrary commands through Guestbook CGI program. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0236 (ScriptAlias directory in NCSA and Apache httpd allowed attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0234 (Bash treats any character with a value of 255 as a command separator. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0233 (IIS 1.0 allows users to execute arbitrary commands using .bat or .cmd ...)
	NOT-FOR-US: Microsoft
CVE-1999-0230 (Buffer overflow in Cisco 7xx routers through the telnet service. ...)
	NOT-FOR-US: Cisco
CVE-1999-0228 (Denial of service in RPCSS.EXE program (RPC Locator) in Windows NT. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0227 (Access violation in LSASS.EXE (LSA/LSARPC) program in Windows NT ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0225 (Windows NT 4.0 allows remote attackers to cause a denial of service ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0224 (Denial of service in Windows NT messenger service through a long ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0223 (Solaris syslogd crashes when receiving a message from a host that ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0221 (Denial of service of Ascend routers through port 150 (remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0219 (Buffer overflow in FTP Serv-U 2.5 allows remote authenticated users to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0218 (Livingston portmaster machines could be rebooted via a series ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0217 (Malicious option settings in UDP packets could force a reboot in SunOS ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0215 (Routed allows attackers to append data to files. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0214 (Denial of service by sending forged ICMP unreachable packets. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0212 (Solaris rpc.mountd generates error messages that allow a remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0211 (Extra long export lists over 256 characters in some mount daemons ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0210 (Automount daemon automountd allows local or remote users to gain ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0209 (The SunView (SunTools) selection_svc facility allows remote users to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0208 (rpc.ypupdated (NIS) allows remote users to execute arbitrary commands. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0207 (Remote attacker can execute commands through Majordomo using the ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0206 (MIME buffer overflow in Sendmail 8.8.0 and 8.8.1 gives root access. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0204 (Sendmail 8.6.9 allows remote attackers to execute root commands, using ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0203 (In Sendmail, attackers can gain root privileges via SMTP by specifying ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0202 (The GNU tar command, when used in FTP sessions, may allow an attacker ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0201 (A quote cwd command on FTP servers can reveal the full path of the ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0196 (websendmail in Webgais 1.0 allows a remote user to access arbitrary ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0194 (Denial of service in in.comsat allows attackers to generate messages. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0192 (Buffer overflow in telnet daemon tgetent routing allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0191 (IIS newdsn.exe CGI script allows remote users to overwrite files. ...)
	NOT-FOR-US: Microsoft
CVE-1999-0190 (Solaris rpcbind can be exploited to overwrite arbitrary files and gain ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0189 (Solaris rpcbind listens on a high numbered UDP port, which may not be ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0188 (The passwd command in Solaris can be subjected to a denial of service. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0185 (In SunOS or Solaris, a remote user could connect from an FTP server's ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0184 (When compiled with the -DALLOW_UPDATES option, bind allows dynamic ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0183 (Linux implementations of TFTP would allow access to files outside the ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0182 (Samba has a buffer overflow which allows a remote attacker to obtain ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0181 (The wall daemon can be used for denial of service, social engineering ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0180 (in.rshd allows users to login with a NULL username and execute commands. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0179 (Windows NT crashes or locks up when a Samba client executes a &quot;cd ..&quot; ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0178 (Buffer overflow in the win-c-sample program (win-c-sample.exe) in the ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0177 (The uploader program in the WebSite web server allows a remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0176 (The Webgais program allows a remote user to execute arbitrary ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0175 (The convert.bas program in the Novell web server allows a remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0174 (The view-source CGI program allows remote attackers to read arbitrary ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0173 (FormMail CGI program can be used by web servers other than the ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0172 (FormMail CGI program allows remote execution of commands. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0170 (Remote attackers can mount an NFS file system in Ultrix or OSF, even ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0168 (The portmapper may act as a proxy and redirect service requests from ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0167 (In SunOS, NFS file handles could be guessed, giving unauthorized ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0166 (NFS allows users to use a &quot;cd ..&quot; command to access other directories ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0164 (A race condition in the Solaris ps command allows an attacker to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0162 (The &quot;established&quot; keyword in some Cisco IOS software allowed ...)
	NOT-FOR-US: Cisco
CVE-1999-0161 (In Cisco IOS 10.3, with the tacacs-ds or tacacs keyword, an extended ...)
	NOT-FOR-US: Cisco
CVE-1999-0160 (Some classic Cisco IOS devices have a vulnerability in the PPP CHAP ...)
	NOT-FOR-US: Cisco
CVE-1999-0159 (Attackers can crash a Cisco IOS router or device, provided they can ...)
	NOT-FOR-US: Cisco
CVE-1999-0158 (Cisco PIX firewall manager (PFM) on Windows NT allows attackers to ...)
	NOT-FOR-US: Cisco
CVE-1999-0157 (Cisco PIX firewall and CBAC IP fragmentation attack results in a ...)
	NOT-FOR-US: Cisco
CVE-1999-0155 (The ghostscript command with the -dSAFER option allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0153 (Windows 95/NT out of band (OOB) data denial of service through NETBIOS ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0152 (The DG/UX finger daemon allows remote command execution through shell ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0151 (The SATAN session key may be disclosed if the user points the web ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0150 (The Perl fingerd program allows arbitrary command execution from ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0149 (The wrap CGI program in IRIX allows remote attackers to view ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0148 (The handler CGI program in IRIX allows arbitrary command execution. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0147 (The aglimpse CGI program of the Glimpse package allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0146 (The campas CGI program provided with some NCSA web servers allows an ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0145 (Sendmail WIZ command enabled, allowing root access. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0143 (Kerberos 4 key servers allow a user to masquerade as another by ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0142 (The Java Applet Security Manager implementation in Netscape Navigator ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0141 (Java Bytecode Verifier allows malicious applets to execute ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0139 (Buffer overflow in Solaris x86 mkcookie allows local users to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0138 (The suidperl and sperl program do not give up root privileges when ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0137 (The dip program on many Linux systems allows local users to gain root ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0136 (Kodak Color Management System (KCMS) on Solaris allows a local user to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0135 (admintool in Solaris allows a local user to write to arbitrary files ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0134 (vold in Solaris 2.x allows local users to gain root access. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0133 (fm_fls license server for Adobe Framemaker allows local users to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0132 (Expreserve, as used in vi and ex, allows local users to overwrite ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0131 (Buffer overflow and denial of service in Sendmail 8.7.5 and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0130 (Local users can start Sendmail in daemon mode and gain root privileges. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0129 (Sendmail allows local users to write to a file and gain group ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0128 (Oversized ICMP ping packets can result in a denial of service, ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0126 (SGI IRIX buffer overflow in xterm and Xaw allows root access. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0125 (Buffer overflow in SGI IRIX mailx program. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0124 (Vulnerabilities in UMN gopher and gopher+ versions 1.12 and 2.0x allow ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0122 (Buffer overflow in AIX lchangelv gives root access. ...)
	NOT-FOR-US: AIX
CVE-1999-0120 (Sun/Solaris utmp file allows local users to gain root access if it ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0118 (AIX infod allows local users to gain root access through an X display. ...)
	NOT-FOR-US: AIX
CVE-1999-0117 (AIX passwd allows local users to gain root access. ...)
	NOT-FOR-US: AIX
CVE-1999-0116 (Denial of service when an attacker sends many SYN packets to create ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0115 (AIX bugfiler program allows local users to gain root access. ...)
	NOT-FOR-US: AIX
CVE-1999-0113 (Some implementations of rlogin allow root access if given a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0112 (Buffer overflow in AIX dtterm program for the CDE. ...)
	NOT-FOR-US: AIX
CVE-1999-0111 (RIP v1 is susceptible to spoofing. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0109 (Buffer overflow in ffbconfig in Solaris 2.5.1. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0108 (The printers program in IRIX has a buffer overflow that gives root ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0103 (Echo and chargen, or other combinations of UDP services, can be used ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0102 (Buffer overflow in SLmail 3.x allows attackers to execute commands ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0101 (Buffer overflow in AIX and Solaris &quot;gethostbyname&quot; library call allows ...)
	NOT-FOR-US: AIX
CVE-1999-0100 (Remote access in AIX innd 1.5.1, using control messages. ...)
	NOT-FOR-US: AIX
CVE-1999-0099 (Buffer overflow in syslog utility allows local or remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0097 (The AIX FTP client can be forced to execute commands from a malicious ...)
	NOT-FOR-US: AIX
CVE-1999-0096 (Sendmail decode alias can be used to overwrite sensitive files. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0095 (The debug command in Sendmail is enabled, allowing attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0094 (AIX piodmgrsu command allows local users to gain additional ...)
	NOT-FOR-US: AIX
CVE-1999-0093 (AIX nslookup command allows local users to obtain root access by not ...)
	NOT-FOR-US: AIX
CVE-1999-0091 (Buffer overflow in AIX writesrv command allows local users to obtain ...)
	NOT-FOR-US: AIX
CVE-1999-0090 (Buffer overflow in AIX rcp command allows local users to obtain ...)
	NOT-FOR-US: AIX
CVE-1999-0087 (Denial of service in AIX telnet can freeze a system and prevent ...)
	NOT-FOR-US: AIX
CVE-1999-0085 (Buffer overflow in rwhod on AIX and other operating systems allows ...)
	NOT-FOR-US: AIX
CVE-1999-0084 (Certain NFS servers allow users to use mknod to gain privileges by ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0083 (getcwd() file descriptor leak in FTP. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0082 (CWD ~root command in ftpd allows root access. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0081 (wu-ftp allows files to be overwritten via the rnfr command. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0080 (Certain configurations of wu-ftp FTP server 2.4 use a _PATH_EXECPATH ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0079 (Remote attackers can cause a denial of service in FTP by issuing ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0077 (Predictable TCP sequence numbers allow spoofing. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0075 (PASV core dump in wu-ftpd daemon when attacker uses a QUOTE PASV ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0074 (Listening TCP ports are sequentially allocated, allowing spoofing ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0073 (Telnet allows a remote client to specify environment variables including ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0072 (Buffer overflow in AIX xdat gives root access to local users. ...)
	NOT-FOR-US: AIX
CVE-1999-0071 (Apache httpd cookie buffer overflow for versions 1.1.1 and earlier. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0070 (test-cgi program allows an attacker to list files on the server. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0069 (Solaris ufsrestore buffer overflow. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0068 (CGI PHP mylog script allows an attacker to read any file on the ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0067 (phf CGI program allows remote command execution through shell ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0066 (AnyForm CGI remote execution. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0065 (Multiple buffer overflows in how dtmail handles attachments allows a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0064 (Buffer overflow in AIX lquerylv program gives root access to local users. ...)
	NOT-FOR-US: AIX
CVE-1999-0063 (Cisco IOS 12.0 and other versions can be crashed by malicious UDP ...)
	NOT-FOR-US: Cisco
CVE-1999-0062 (The chpass command in OpenBSD allows a local user to gain root access ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0060 (Attackers can cause a denial of service in Ascend MAX and Pipeline ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0059 (IRIX fam service allows an attacker to obtain a list of all files ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0058 (Buffer overflow in PHP cgi program, php.cgi allows shell access. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0057 (Vacation program allows command execution by remote users through ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0056 (Buffer overflow in Sun's ping program can give root access to local users. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0055 (Buffer overflows in Sun libnsl allow root access. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0054 (Sun's ftpd daemon can be subjected to a denial of service. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0053 (TCP RST denial of service in FreeBSD. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0052 (IP fragmentation denial of service in FreeBSD allows a remote attacker ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0051 (Arbitrary file creation and program execution using FLEXlm ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0050 (Buffer overflow in HP-UX newgrp program. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0049 (Csetup under IRIX allows arbitrary file creation or overwriting. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0048 (Talkd, when given corrupt DNS information, can be used to execute ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0047 (MIME conversion buffer overflow in sendmail versions 8.8.3 and 8.8.4. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0046 (Buffer overflow of rlogin program using TERM environmental variable. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0045 (List of arbitrary files on Web host via nph-test-cgi script. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0044 (fsdump command in IRIX allows local users to obtain root access ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0043 (Command execution via shell metachars in INN daemon (innd) 1.5 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0042 (Buffer overflow in University of Washington's implementation of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0041 (Buffer overflow in NLS (Natural Language Service). ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0040 (Buffer overflow in Xt library of X Windowing System allows local ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0039 (webdist CGI program (webdist.cgi) in SGI IRIX allows remote attackers ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0038 (Buffer overflow in xlock program allows local users to execute ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0037 (Arbitrary command execution via metamail package using message ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0036 (IRIX login program with a nonzero LOCKOUT parameter allows creation or ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0035 (Race condition in signal handling routine in ftpd, allowing read/write ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0034 (Buffer overflow in suidperl (sperl), Perl 4.x and 5.x. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0032 (Buffer overflow in lpr, as used in BSD-based systems including Linux, ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0031 (JavaScript in Internet Explorer 3.x and 4.x, and Netscape 2.x, 3.x and ...)
	NOT-FOR-US: Microsoft
CVE-1999-0029 (root privileges via buffer overflow in ordist command on SGI IRIX ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0028 (root privileges via buffer overflow in login/scheme command on SGI ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0027 (root privileges via buffer overflow in eject command on SGI IRIX ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0026 (root privileges via buffer overflow in pset command on SGI IRIX ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0025 (root privileges via buffer overflow in df command on SGI IRIX ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0024 (DNS cache poisoning via BIND, by predictable query IDs. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0023 (Local user gains root privileges via buffer overflow in rdist, via ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0022 (Local user gains root privileges via buffer overflow in rdist, via ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0021 (Arbitrary command execution via buffer overflow in Count.cgi ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0019 (Delete or create a file via rpc.statd, due to invalid information. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0018 (Buffer overflow in statd allows root privileges. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0017 (FTP servers can allow an attacker to connect to arbitrary ports on ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0016 (Land IP denial of service. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0014 (Unauthorized privileged access or denial of service via dtappgather ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0013 (Stolen credentials from SSH clients via ssh-agent program, allowing ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0012 (Some web servers under Microsoft Windows allow remote attackers ...)
	NOT-FOR-US: Microsoft
CVE-1999-0011 (Denial of Service vulnerabilities in BIND 4.9 and BIND 8 Releases ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0010 (Denial of Service vulnerability in BIND 8 Releases via maliciously ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0009 (Inverse query buffer overflow in BIND 4.9 and BIND 8 Releases. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0008 (Buffer overflow in NIS+, in Sun's rpc.nisd program. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0007 (Information from SSL-encrypted sessions via PKCS #1. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0006 (Buffer overflow in POP servers based on BSD/Qualcomm's qpopper allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0005 (Arbitrary command execution via IMAP buffer overflow in authenticate ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0003 (Execute commands as root via buffer overflow in Tooltalk database ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0002 (Buffer overflow in NFS mountd gives root access to remote attackers, ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0654 (Apache 2.0 through 2.0.39 on Windows, OS2, and Netware allows remote ...)
	- apache2 2.0.40
CVE-2002-0652 (xfsmd for IRIX 6.5 through 6.5.16 allows remote attackers to execute ...)
	NOT-FOR-US: IRIX
CVE-2002-0649 (Multiple buffer overflows in the Resolution Service for Microsoft SQL ...)
	NOT-FOR-US: Microsoft
CVE-2002-0646
	REJECTED
CVE-2002-0645 (SQL injection vulnerability in stored procedures for Microsoft SQL ...)
	NOT-FOR-US: Microsoft
CVE-2002-0644 (Buffer overflow in several Database Consistency Checkers (DBCCs) for ...)
	NOT-FOR-US: Microsoft
CVE-2002-0643 (The installation of Microsoft Data Engine 1.0 (MSDE 1.0), and ...)
	NOT-FOR-US: Microsoft
CVE-2002-0641 (Buffer overflow in bulk insert procedure of Microsoft SQL Server 2000, ...)
	NOT-FOR-US: Microsoft
CVE-2002-0637 (InterScan VirusWall 3.52 build 1462 allows remote attackers to bypass ...)
	NOT-FOR-US: InterScan
CVE-2002-0636
	RESERVED
CVE-2002-0635
	RESERVED
CVE-2002-0634
	RESERVED
CVE-2002-0633
	RESERVED
CVE-2002-0632 (Vulnerability in SGI BDS (Bulk Data Service) BDSPro 2.4 and earlier ...)
	NOT-FOR-US: SGI
CVE-2002-0629 (The Telnet service for Polycom ViewStation before 7.2.4 allows remote ...)
	NOT-FOR-US: Polycom
CVE-2002-0628 (The Telnet service for Polycom ViewStation before 7.2.4 does not ...)
	NOT-FOR-US: Polycom
CVE-2002-0626 (Polycom ViewStation before 7.2.4 has a default null password for the ...)
	NOT-FOR-US: Polycom
CVE-2002-0624 (Buffer overflow in the password encryption function of Microsoft SQL ...)
	NOT-FOR-US: Microsoft
CVE-2002-0620 (Buffer overflow in the Profile Service of Microsoft Commerce Server ...)
	NOT-FOR-US: Microsoft
CVE-2002-0614 (PHP-Survey 20000615 and earlier stores the global.inc file under the ...)
	NOT-FOR-US: PHP-Survey
CVE-2002-0612 (FileSeek.cgi allows remote attackers to execute arbitrary commands via ...)
	NOT-FOR-US: FileSeek
CVE-2002-0611 (Directory traversal vulnerability in FileSeek.cgi allows remote ...)
	NOT-FOR-US: FileSeek
CVE-2002-0610 (Vulnerability in FTPSRVR in HP MPE/iX 6.0 through 7.0 does not ...)
	NOT-FOR-US: HP
CVE-2002-0609 (Vulnerability in HP MPE/iX 6.0 through 7.0 allows attackers to cause a ...)
	NOT-FOR-US: HP
CVE-2002-0608 (Buffer overflow in Matu FTP client 1.74 allows remote FTP servers to ...)
	NOT-FOR-US: Matu
CVE-2002-0607 (members.asp in Snitz Forums 2000 version 3.3.03 and earlier allows ...)
	NOT-FOR-US: Snitz
CVE-2002-0606 (Buffer overflow in 3Cdaemon 2.0 FTP server allows remote attackers to ...)
	NOT-FOR-US: 3Cdaemon
CVE-2002-0604 (Snapgear Lite+ firewall 1.5.3 and 1.5.4 allows remote attackers to ...)
	NOT-FOR-US: Snapgear
CVE-2002-0603 (Snapgear Lite+ firewall 1.5.3 allows remote attackers to cause a ...)
	NOT-FOR-US: Snapgear
CVE-2002-0602 (Snapgear Lite+ firewall 1.5.4 and 1.5.3 allows remote attackers to ...)
	NOT-FOR-US: Snapgear
CVE-2002-0600 (Heap overflow in the KTH Kerberos 4 FTP client 4-1.1.1 allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0596 (WebTrends Reporting Center 4.0d allows remote attackers to determine ...)
	NOT-FOR-US: WebTrends
CVE-2002-0595 (Buffer overflow in WTRS_UI.EXE (WTX_REMOTE.DLL) for WebTrends ...)
	NOT-FOR-US: WebTrends
CVE-2002-0593 (Buffer overflow in Netscape 6 and Mozilla 1.0 RC1 and earlier allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0592 (AOL Instant Messenger (AIM) allows remote attackers to steal files ...)
	NOT-FOR-US: AOL
CVE-2002-0591 (Directory traversal vulnerability in AOL Instant Messenger (AIM) 4.8 ...)
	NOT-FOR-US: AOL
CVE-2002-0590 (Cross-site scripting (CSS) vulnerability in IcrediBB 1.1 Beta allows ...)
	NOT-FOR-US: IncrediBB
CVE-2002-0589 (PVote before 1.9 allows remote attackers to change the administrative ...)
	NOT-FOR-US: PVote
CVE-2002-0588 (PVote before 1.9 does not authenticate users for restricted ...)
	NOT-FOR-US: PVote
CVE-2002-0587 (Buffer overflow in Ns_PdLog function for the external database driver ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0586 (Format string vulnerability in Ns_PdLog function for the external ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0585 (Unknown vulnerability in ndd for HP-UX 11.11 with certain TRANSPORT patches ...)
	NOT-FOR-US: HP-UX
CVE-2002-0584 (WorkforceROI Xpede 4.1 allows remote attackers to read user timesheets ...)
	NOT-FOR-US: WorkforceROI
CVE-2002-0583 (WorkforceROI Xpede 4.1 uses a small random namespace (5 alphanumeric ...)
	NOT-FOR-US: WorkforceROI
CVE-2002-0582 (WorkforceROI Xpede 4.1 stores temporary expense claim reports in a ...)
	NOT-FOR-US: WorkforceROI
CVE-2002-0581 (WorkforceROI Xpede 4.1 allows remote attackers to execute arbitrary ...)
	NOT-FOR-US: WorkforceROI
CVE-2002-0580 (WorkforceROI Xpede 4.1 allows remote attackers to obtain the database ...)
	NOT-FOR-US: WorkforceROI
CVE-2002-0579 (WorkforceROI Xpede 4.1 allows remote attackers to gain privileges as ...)
	NOT-FOR-US: WorkforceROI
CVE-2002-0578 (Buffer overflow in 4D WebServer 6.7.3 allows remote attackers to cause ...)
	NOT-FOR-US: 4D WebServer
CVE-2002-0577 (Vulnerability in passwd for HP-UX 11.00 and 11.11 allows local users ...)
	NOT-FOR-US: HP-UX
CVE-2002-0572 (FreeBSD 4.5 and earlier, and possibly other BSD-based operating ...)
	NOT-FOR-US: FreeBSD
CVE-2002-0570 (The encrypted loop device in Linux kernel 2.4.10 and earlier does not ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0568 (Oracle 9i Application Server stores XSQL and SOAP configuration files ...)
	NOT-FOR-US: Oracle
CVE-2002-0566 (PL/SQL module 3.0.9.8.2 in Oracle 9i Application Server 1.0.2.x allows ...)
	NOT-FOR-US: Oracle
CVE-2002-0565 (Oracle 9iAS 1.0.2.x compiles JSP files in the _pages directory with ...)
	NOT-FOR-US: Oracle
CVE-2002-0564 (PL/SQL module 3.0.9.8.2 in Oracle 9i Application Server 1.0.2.x allows ...)
	NOT-FOR-US: Oracle
CVE-2002-0563 (The default configuration of Oracle 9i Application Server 1.0.2.x ...)
	NOT-FOR-US: Oracle
CVE-2002-0562 (The default configuration of Oracle 9i Application Server 1.0.2.x ...)
	NOT-FOR-US: Oracle
CVE-2002-0561 (The default configuration of the PL/SQL Gateway web administration ...)
	NOT-FOR-US: Oracle
CVE-2002-0560 (PL/SQL module 3.0.9.8.2 in Oracle 9i Application Server 1.0.2.x allows ...)
	NOT-FOR-US: Oracle
CVE-2002-0559 (Buffer overflows in PL/SQL module 3.0.9.8.2 in Oracle 9i Application ...)
	NOT-FOR-US: Oracle
CVE-2002-0558 (Directory traversal vulnerability in TYPSoft FTP server 0.97.1 and ...)
	NOT-FOR-US: TYPSoft
CVE-2002-0557 (Vulnerability in OpenBSD 3.0, when using YP with netgroups in the ...)
	NOT-FOR-US: OpenBSD
CVE-2002-0556 (Directory traversal vulnerability in Quik-Serv HTTP server 1.1B allows ...)
	NOT-FOR-US: Quik-Serv
CVE-2002-0555 (IBM Informix Web DataBlade 4.12 unescapes user input even if an ...)
	NOT-FOR-US: IBM
CVE-2002-0554 (webdriver in IBM Informix Web DataBlade 4.12 allows remote attackers ...)
	NOT-FOR-US: IBM
CVE-2002-0552 (Multiple buffer overflows in Melange Chat server 2.02 allow remote or ...)
	NOT-FOR-US: Melange
CVE-2002-0551 (Cross-site scripting vulnerability in Dynamic Guestbook 3.0 allows ...)
	NOT-FOR-US: Dynamic Guestbook
CVE-2002-0550 (Dynamic Guestbook 3.0 allows remote attackers to execute arbitrary ...)
	NOT-FOR-US: Dynamic Guestbook
CVE-2002-0549 (Cross-site scripting vulnerabilities in Anthill allow remote attackers ...)
	NOT-FOR-US: Anthill
CVE-2002-0548 (Anthill allows remote attackers to bypass authentication and file bug ...)
	NOT-FOR-US: Anthill
CVE-2002-0547 (Buffer overflow in the mini-browser for Winamp 2.79 and earlier allows ...)
	NOT-FOR-US: Winamp
CVE-2002-0544 (Aprelium Abyss Web Server (abyssws) before 1.0.3 stores the ...)
	NOT-FOR-US: Aprelium
CVE-2002-0541 (Buffer overflow in Tivoli Storage Manager TSM (1) Server or Storage ...)
	NOT-FOR-US: Tivoli
CVE-2002-0540 (Nortel CVX 1800 is installed with a default &quot;public&quot; community string, ...)
	NOT-FOR-US: Nortel
CVE-2002-0537 (The admin.html file in StepWeb Search Engine (SWS) 2.5 stores ...)
	NOT-FOR-US: SWS
CVE-2002-0535 (Cross-site scripting vulnerabilities in PostBoard 2.0.1 and earlier ...)
	NOT-FOR-US: PostBoard
CVE-2002-0534 (PostBoard 2.0.1 and earlier with BBcode allows remote attackers to ...)
	NOT-FOR-US: PostBoard
CVE-2002-0533 (phpBB 1.4.4 and earlier with BBcode allows remote attackers to cause a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0530 (Cross-site scripting vulnerability in Novell Web Search 2.0.1 allows ...)
	NOT-FOR-US: Novell
CVE-2002-0529 (HP Photosmart printer driver for Mac OS X installs the ...)
	NOT-FOR-US: HP/Apple
CVE-2002-0528 (Watchguard SOHO firewall 5.0.35 unpredictably disables certain IP ...)
	NOT-FOR-US: Watchguard
CVE-2002-0527 (Watchguard SOHO firewall before 5.0.35 allows remote attackers to ...)
	NOT-FOR-US: Watchguard
CVE-2002-0526 (Vulnerability in (1) inews or (2) rnews for INN 2.2.3 and earlier, ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0525 (Format string vulnerabilities in (1) inews or (2) rnews for INN 2.2.3 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0524 (ASP-Nuke RC2 and earlier allows remote attackers to determine the ...)
	NOT-FOR-US: ASP-Nuke
CVE-2002-0523 (ASP-Nuke RC2 and earlier allows remote attackers to list all logged-in ...)
	NOT-FOR-US: ASP-Nuke
CVE-2002-0522 (ASP-Nuke RC2 and earlier allows remote attackers to bypass ...)
	NOT-FOR-US: ASP-Nuke
CVE-2002-0521 (Cross-site scripting vulnerabilities in ASP-Nuke RC2 and earlier allow ...)
	NOT-FOR-US: ASP-Nuke
CVE-2002-0520 (Cross-site scripting vulnerability in functions-inc.asp for ASP-Nuke ...)
	NOT-FOR-US: ASP-Nuke
CVE-2002-0518 (The SYN cache (syncache) and SYN cookie (syncookie) mechanism in ...)
	NOT-FOR-US: FreeBSD
CVE-2002-0517 (Buffer overflow in X11 library (libX11) on Caldera Open UNIX 8.0.0, ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0515 (IPFilter 3.4.25 and earlier sets a different TTL when a port is being ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0514 (PF in OpenBSD 3.0 with the return-rst rule sets the TTL to 128 in the ...)
	NOT-FOR-US: OpenBSD
CVE-2002-0510 (The UDP implementation in Linux 2.4.x kernels keeps the IP ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0509 (Transparent Network Substrate (TNS) Listener in Oracle 9i 9.0.1.1 ...)
	NOT-FOR-US: Oracle
CVE-2002-0508 (wwwisis 3.45 and earlier allows remote attackers to execute arbitrary ...)
	NOT-FOR-US: wwwisis
CVE-2002-0507 (An interaction between Microsoft Outlook Web Access (OWA) with RSA ...)
	NOT-FOR-US: Microsoft
CVE-2002-0504 (Cross-site scripting vulnerability in Citrix NFuse 1.6 and earlier ...)
	NOT-FOR-US: Citrix
CVE-2002-0503 (Directory traversal vulnerability in boilerplate.asp for Citrix NFuse ...)
	NOT-FOR-US: Citrix
CVE-2002-0502 (Citrix NFuse 1.6 may allow remote attackers to list applications ...)
	NOT-FOR-US: Citrix
CVE-2002-0500 (Internet Explorer 5.0 through 6.0 allows remote attackers to determine ...)
	NOT-FOR-US: Microsoft
CVE-2002-0499 (The d_path function in Linux kernel 2.2.20 and earlier, and 2.4.18 and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0498 (Etnus TotalView 5.0.0-4 installs certain files with UID 5039 and GID ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0496 (The HTTP server for SouthWest Talker server 1.0.0 allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0492 (dcshop.cgi in DCShop 1.002 Beta allows remote attackers to delete ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0491 (admin.php in AlGuest 1.0 guestbook checks for the existence of the ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0489 (Linux Directory Penguin NsLookup CGI script (nslookup.pl) 1.0 allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0487 (Intellisol Xpede 4.1 stores passwords in plaintext in a Javascript ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0486 (Intellisol Xpede 4.1 uses weak encryption to store authentication ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0485 (Norton Anti-Virus (NAV) allows remote attackers to bypass content ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0483 (index.php for PHP-Nuke 5.4 and earlier allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0482 (Directory traversal vulnerability in PCI Netsupport Manager before ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0481 (An interaction between Windows Media Player (WMP) and Outlook 2002 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0480 (ISS RealSecure for Nokia devices before IPSO build 6.0.2001.141d is ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0479 (Gravity Storm Service Pack Manager 2000 creates a hidden share ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0478 (The default configuration of Foundry Networks EdgeIron 4802F allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0477 (Standalone Macromedia Flash Player 5.0 before 5,0,30,2 allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0476 (Standalone Macromedia Flash Player 5.0 allows remote attackers to save ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0475 (Cross-site scripting vulnerability in phpBB 1.4.4 and earlier allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0474 (Cross-site scripting vulnerability in ZeroForum allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0472 (MSN Messenger Service 3.6, and possibly other versions, uses weak ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0471 (PHPNetToolpack 0.1 allows remote attackers to execute arbitrary code ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0470 (PHPNetToolpack 0.1 relies on its environment's PATH to find and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0469 (Ecartis (formerly Listar) 1.0.0 in snapshot 20020125 and earlier does ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0468 (Buffer overflows in Ecartis (formerly Listar) 1.0.0 in snapshot ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0467 (Buffer overflows in Ecartis (formerly Listar) 1.0.0 before snapshot ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0466 (Hosting Controller 1.4.1 and earlier allows remote attackers to browse ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0465 (Directory traversal vulnerability in filemanager.asp for Hosting ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0461 (Internet Explorer 5.01 through 6 allows remote attackers to cause a ...)
	NOT-FOR-US: Microsoft
CVE-2002-0460 (Bitvise WinSSHD before 2002-03-16 allows remote attackers to cause a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0459 (Cross-site scripting vulnerability in Board-TNK 1.3.1 and earlier ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0458 (Cross-site scripting vulnerability in News-TNK 1.2.1 and earlier ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0457 (Cross-site scripting vulnerability in signgbook.php for BG GuestBook ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0456 (Eudora 5.1 and earlier versions stores attachments in a directory with ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0455 (IncrediMail stores attachments in a directory with a fixed name, which ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0453 (The account lockout capability in Oblix NetPoint 5.2 and earlier only ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0452 (Foundry Networks ServerIron switches do not decode URIs when applying ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0450 (Buffer overflow in Talentsoft Web+ 5.0 and earlier allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0449 (Buffer overflow in webpsvc.exe for Talentsoft Web+ 5.0 and earlier ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0448 (Xerver Free Web Server 2.10 and earlier allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0447 (Directory traversal vulnerability in Xerver Free Web Server 2.10 and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0446 (categorie.php3 in Black Tie Project (BTP) 0.4b through 0.5b allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0440 (Trend Micro InterScan VirusWall HTTP proxy 3.6 with the &quot;Skip scanning ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0439 (Cross-site scripting vulnerability in CaupoShop 1.30a and earlier, and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0438 (ZyXEL ZyWALL 10 before 3.50 allows remote attackers to cause a denial ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0436 (sscd_suncourier.pl CGI script in the Sun Sunsolve CD pack allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0434 (Marcus S. Xenakis directory.php script allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0433 (Pi3Web 2.0.0 allows remote attackers to view restricted files via an ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0432 (Buffer overflow in (1) lprintf and (2) cprintf in sysdep.c of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0430 (MultiFileUploadHandler.php in the Sun Cobalt RaQ XTR administration ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0428 (Check Point FireWall-1 SecuRemote/SecuClient 4.0 and 4.1 allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0427 (Buffer overflows in fpexec in mod_frontpage before 1.6.1 may allow ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0426 (VPN Server module in Linksys EtherFast BEFVP41 Cable/DSL VPN Router ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0422 (IIS 5 and 5.1 supporting WebDAV methods allows remote attackers to ...)
	NOT-FOR-US: Microsoft
CVE-2002-0421 (IIS 4.0 allows local users to bypass the &quot;User cannot change password&quot; ...)
	NOT-FOR-US: Microsoft
CVE-2002-0420 (Vulnerability in PureTLS before 0.9b2 related to injection attacks, ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0419 (Information leaks in IIS 4 through 5.1 allow remote attackers to ...)
	NOT-FOR-US: Microsoft
CVE-2002-0418 (Directory traversal vulnerability in the ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0417 (Directory traversal vulnerability in Endymion MailMan before 3.1 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0416 (Buffer overflow in SH39 MailServer 1.21 and earlier allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0415 (Directory traversal vulnerability in the web server used in RealPlayer ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0413 (Cross-site scripting vulnerability in ReBB allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0411 (Cross-site scripting vulnerability in message.php for AeroMail before ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0410 (send_message.php in AeroMail before 1.45 allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0409 (orderdetails.aspx, as made available to Microsoft .NET developers as ...)
	NOT-FOR-US: Microsoft
CVE-2002-0408 (htcgibin.exe in Lotus Domino server 5.0.9a and earlier, when ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0407 (htcgibin.exe in Lotus Domino server 5.0.9a and earlier allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0405 (Buffer overflow in Transsoft Broker FTP Server 5.0 evaluation allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0399 (Directory traversal vulnerability in GNU tar 1.13.19 through 1.13.25, ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0393 (Buffer overflow in Red-M 1050 (Bluetooth Access Point) management web ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0390
	RESERVED
CVE-2002-0388 (Cross-site scripting vulnerabilities in Mailman before 2.0.11 allow ...)
	{DSA-147}
	- mailman 2.0.12-1
CVE-2002-0386 (The administration module for Oracle Web Cache in Oracle9iAS (9i ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0385 (Vignette Story Server 4.1 and 6.0 allows remote attackers to obtain ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0383
	RESERVED
CVE-2002-0378 (The default configuration of LPRng print spooler in Red Hat Linux 7.0 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0375 (Cross-site scripting vulnerability in sgdynamo.exe for Sgdynamo allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0371 (Buffer overflow in gopher client for Microsoft Internet Explorer 5.1 ...)
	NOT-FOR-US: Microsoft
CVE-2002-0370 (Buffer overflow in the ZIP capability for multiple products allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0365
	RESERVED
CVE-2002-0361
	RESERVED
CVE-2002-0360 (Buffer overflow in Sun AnswerBook2 1.4 through 1.4.3 allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0354 (The XMLHttpRequest object (XMLHTTP) in Netscape 6.1 and Mozilla 0.9.7 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0353 (The ASN.1 parser in Ethereal 0.9.2 and earlier allows remote attackers ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0352 (Phorum 3.3.2 allows remote attackers to determine the email addresses ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0351 (Buffer overflows in CFS daemon (cfsd) before 1.3.3-8.1, and 1.4x ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0350 (HP Procurve Switch 4000M running firmware C.08.22 and C.09.09 allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0349 (Tiny Personal Firewall (TPF) 2.0.15, under certain configurations, ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0348 (service.cgi in Cobalt RAQ 4 allows remote attackers to cause a denial ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0347 (Directory traversal vulnerability in Cobalt RAQ 4 allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0346 (Cross-site scripting vulnerability in Cobalt RAQ 4 allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0345 (Symantec Ghost 7.0 stores usernames and passwords in plaintext in the ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0344 (Symantec LiveUpdate 1.5 and earlier in Norton Antivirus stores ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0343 (Hotline Client 1.8.5 stores sensitive user information, including ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0342 (Kmail 1.2 on KDE 2.1.1 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0341 (GWWEB.EXE in GroupWise Web Access 5.5, and possibly other versions, ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0340 (Windows Media Player (WMP) 8.00.00.4477, and possibly other versions, ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0338 (The Bat! 1.53d and 1.54beta, and possibly other versions, allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0337 (RealPlayer 8 allows remote attackers to cause a denial of service (CPU ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0336 (Buffer overflow in Galacticomm Worldgroup FTP server 3.20 and earlier ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0335 (Buffer overflow in Galacticomm Worldgroup web server 3.20 and earlier ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0334 (xtell (xtelld) 1.91.1 and earlier, and 2.x before 2.7, allows local ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0333 (Directory traversal vulnerability in xtell (xtelld) 1.91.1 and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0332 (Buffer overflows in xtell (xtelld) 1.91.1 and earlier, and 2.x before ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0331 (Directory traversal vulnerability in the HTTP server for BPM Studio ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0328 (Cross-site scripting vulnerability in Ikonboard 3.0.1 allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0327 (Buffer overflow in Century Software TERM allows local users to gain ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0326 (Cross-site scripting vulnerability in BadBlue before 1.6.1 beta allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0325 (Directory traversal vulnerability in BadBlue before 1.6.1 allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0324 (Greymatter 1.21c and earlier with the Bookmarklet feature enabled ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0323 (comment2.jse in ScriptEase:WebServer allows remote attackers to read ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0322 (Yahoo! Messenger 4.0 sends user passwords in cleartext, which could ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0321 (Yahoo! Messenger 5.0 allows remote attackers to spoof other users by ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0320 (Buffer overflow in Yahoo! Messenger 5.0 allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0319 (Cross-site scripting vulnerability in edituser.php for pforum 1.14 and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0317 (Gator ActiveX component (IEGator.dll) 3.0.6.1 allows remote web sites ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0316 (Cross-site scripting vulnerability in eXtreme message board (XMB) 1.6x ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0315 (fasttrack p2p, as used in (1) KaZaA, (2) grokster, and (3) morpheus ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0314 (fasttrack p2p, as used in (1) KaZaA before 1.5, (2) grokster, and (3) ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0312 (Directory traversal vulnerability in Essentia Web Server 2.1 allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0311 (Vulnerability in webtop in UnixWare 7.1.1 and Open UNIX 8.0.0 allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0310 (Netwin WebNews 1.1k CGI program includes several default usernames and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0308 (admin.asp in AdMentor 2.11 allows remote attackers to bypass ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0307 (Directory traversal vulnerability in ans.pl in Avenger's News System ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0306 (ans.pl in Avenger's News System (ANS) 2.11 and earlier allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0305 (Zero One Tech (ZOT) P100s print server does not properly disable the ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0304 (Lil HTTP Server 2.1 allows remote attackers to read password-protected ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0303 (GroupWise 6, when using LDAP authentication and when Post Office has a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0301 (Citrix NFuse 1.6 allows remote attackers to bypass authentication and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0298 (ScriptEase MiniWeb Server 0.95 allows remote attackers to cause a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0297 (Buffer overflow in ScriptEase MiniWeb Server 0.95 allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0296 (The installation of Tarantella Enterprise 3 allows local users to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0295 (Alcatel OmniPCX 4400 installs files with world-writable permissions, ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0294 (Alcatel 4400 installs the /chetc/shutdown command with setgid ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0293 (FTP service in Alcatel OmniPCX 4400 allows the &quot;halt&quot; user to gain ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0291 (Dino's Webserver 1.2 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0289 (Buffer overflow in Phusion web server 1.0 allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0288 (Directory traversal vulnerability in Phusion web server 1.0 allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0286 (The GetPassword function in function.php of SiteNews 0.10 and 0.11 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0285 (Outlook Express 5.5 and 6.0 on Windows treats a carriage return (&quot;CR&quot;) ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0284 (Winamp 2.78 and 2.77, when opening a wma file that requires a license, ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0283 (Windows XP with port 445 open allows remote attackers to cause a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0282 (DCP-Portal 3.7 through 4.5 allows remote attackers to obtain the ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0281 (Cross-site scripting vulnerability in DCP-Portal 4.2 and earlier ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0280 (Buffer overflow in CodeBlue 4 and earlier, and possibly other ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0279 (The kernel in HP-UX 11.11 does not properly provide arguments for ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0278 (Directory traversal vulnerability in Add2it Mailman Free 1.73 and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0277 (Add2it Mailman Free 1.73 and earlier allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0273 (Buffer overflow in CWMail.exe in NetWin before 2.8a allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0272 (Buffer overflows in mpg321 before 0.2.9 allows local and possibly ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0271 (Runtime library in GNU Ada compiler (GNAT) 3.12p through 3.14p allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0270 (Opera, when configured with the &quot;Determine action by MIME type&quot; option ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0269 (Internet Explorer 5.x and 6 interprets an object as an HTML document ...)
	NOT-FOR-US: Microsoft
CVE-2002-0268 (Identix BioLogon 3 allows users with physical access to the system to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0266 (Thunderstone Texis CGI script allows remote attackers to obtain the ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0264 (PowerFTP Personal FTP Server 2.03 through 2.10 stores sensitive ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0263 (Buffer overflow in EasyBoard 2000 1.27 (aka EZboard) allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0262 (Directory traversal vulnerability in netget for Sybex E-Trainer web ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0261 (Directory traversal vulnerability in InstantServers MiniPortal 1.1.5 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0260 (Buffer overflow in InstantServers MiniPortal 1.1.5 and earlier allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0259 (InstantServers MiniPortal 1.1.5 and earlier stores sensitive login and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0258 (Merak Mail IceWarp Web Mail uses a static identifier as a user session ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0257 (Cross-site scripting vulnerability in auction.pl of MakeBid Auction ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0256 (The telnet port in Arescom NetDSL 1000 router allows remote attackers ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0255 (The default configuration of Arescom NetDSL 800 does not require ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0254 (ICQ 2001b Build 3659 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0253 (PHP, when not configured with the &quot;display_errors = Off&quot; setting in ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0252 (Buffer overflow in Apple QuickTime Player 5.01 and 5.02 allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0249 (PHP for Windows, when installed on Apache 2.0.28 beta as a standalone ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0248 (wmtv 0.6.5 and earlier allows local users to modify arbitrary files ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0247 (Buffer overflows in wmtv 0.6.5 and earlier may allow local users to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0245 (Lotus Domino server 5.0.8 with NoBanner enabled allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0244 (Directory traversal vulnerability in chroot function in AtheOS 0.3.7 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0243 (Cross-site scripting vulnerability in Opera 6.0 and earlier allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0242 (Cross-site scripting vulnerability in Internet Explorer 6 earlier ...)
	NOT-FOR-US: Microsoft
CVE-2002-0240 (PHP, when installed with Apache and configured to search for index.php ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0239 (Buffer overflow in hanterm 3.3.1 and earlier allows local users to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0238 (Cross-site scripting vulnerability in web administration interface for ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0236 (Lucent VitalSuite 8.0 through 8.2, including VitalNet, VitalEvent, and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0235 (Castelle FaxPress, possibly 6.3 and other versions, when configured to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0234 (NetScreen ScreenOS before 2.6.1 does not support a maximum number of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0233 (Directory traversal vulnerability in eshare Expressions 4 Web server ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0232 (Directory traversal vulnerability in Multi Router Traffic Grapher ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0231 (Buffer overflow in mIRC 5.91 and earlier allows a remote server to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0230 (Cross-site scripting vulnerability in fom.cgi of Faq-O-Matic 2.712 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0229 (Safe Mode feature (safe_mode) in PHP 3.0 through 4.1.0 allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0228 (Microsoft MSN Messenger allows remote attackers to use Javascript that ...)
	NOT-FOR-US: Microsoft
CVE-2002-0227 (KICQ 2.0.0b1 allows remote attackers to cause a denial of service ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0225 (tac_plus Tacacs+ daemon F4.0.4.alpha, originally maintained by Cisco, ...)
	NOT-FOR-US: Cisco
CVE-2002-0224 (The MSDTC (Microsoft Distributed Transaction Service Coordinator) for ...)
	NOT-FOR-US: Microsoft
CVE-2002-0223 (Infopop UBB.Threads 5.4 and Wired Community Software WWWThreads 5.0 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0222 (Etype Eserv 2.97 allows remote attackers to redirect traffic to other ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0221 (Etype Eserv 2.97 allows remote attackers to cause a denial of service ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0220 (phpsmssend.php in PhpSmsSend 1.0 allows remote attackers to execute ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0219 (Buffer overflow in (1) sastcpd in SAS/Base 8.0 and 8.1 or (2) objspawn ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0218 (Format string vulnerability in (1) sastcpd in SAS/Base 8.0 and 8.1 or ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0217 (Cross-site scripting (CSS) vulnerabilities in the Private Message ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0216 (userinfo.php in XOOPS 1.0 RC1 allows remote attackers to obtain ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0215 (Agora.cgi 3.2r through 4.0 while in debug mode allows remote attackers ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0214 (Compaq Intel PRO/Wireless 2011B LAN USB Device Driver 1.5.16.0 through ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0212 (The login for Hosting Controller 1.1 through 1.4.1 returns different ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0210 (setlicense for TOLIS Group Backup and Restore Utility (BRU) 17.0 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0208 (PGP Security PGPfire 7.1 for Windows alters the system's TCP/IP stack ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0206 (index.php in Francisco Burzi PHP-Nuke 5.3.1 and earlier, and possibly ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0205 (Cross-site scripting (CSS) vulnerability in error.asp for Plumtree ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0204 (Buffer overflow in GNU Chess (gnuchess) 5.02 and earlier, if modified ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0203 (ttawebtop.cgi in Tarantella Enterprise 3.20 on SPARC Solaris and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0202 (PaintBBS 1.2 installs certain files and directories with insecure ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0201 (Cyberstop Web Server for Windows 0.1 allows remote attackers to cause ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0200 (Cyberstop Web Server for Windows 0.1 allows remote attackers to cause ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0199 (Buffer overflow in admin.cgi for Nullsoft Shoutcast Server 1.8.3 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0198 (Buffer overflow in plDaniels ripMime 1.2.6 and earlier, as used in ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0195
	RESERVED
CVE-2002-0194
	RESERVED
CVE-2002-0192
	REJECTED
CVE-2002-0189 (Cross-site scripting vulnerability in Internet Explorer 6.0 allows ...)
	NOT-FOR-US: Microsoft
CVE-2002-0182
	RESERVED
CVE-2002-0180 (Buffer overflow in Webalizer 2.01-06, when configured to use reverse ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0177 (Buffer overflows in icecast 1.3.11 and earlier allows remote attackers ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0165 (LogWatch 2.5 allows local users to gain root privileges via a symlink ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0164 (Vulnerability in the MIT-SHM extension of the X server on Linux ...)
	{DSA-380}
	- xfree86 4.2.1-11
CVE-2002-0162 (LogWatch before 2.5 allows local users to execute arbitrary code via a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0161
	RESERVED
CVE-2002-0154 (Buffer overflows in extended stored procedures for Microsoft SQL ...)
	NOT-FOR-US: Microsoft
CVE-2002-0145 (chuid 1.2 and earlier does not properly verify the ownership of files ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0144 (Directory traversal vulnerability in chuid 1.2 and earlier allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0142 (CGI handler in John Roy Pi3Web for Windows 2.0 beta 1 and 2 allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0141 (Maelstrom GPL 3.0.1 allows local users to overwrite arbitrary files of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0140 (Domain Name Relay Daemon (dnrd) 2.10 and earlier allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0138 (CDRDAO 1.1.4 and 1.1.5 allows local users to read arbitrary files via ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0137 (CDRDAO 1.1.4 and 1.1.5 allows local users to overwrite arbitrary files ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0136 (Microsoft Internet Explorer 5.5 on Windows 98 allows remote web pages ...)
	NOT-FOR-US: Microsoft
CVE-2002-0135 (Netopia Timbuktu Pro 6.0.1 and earlier allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0134 (Telnet proxy in Avirt Gateway Suite 4.2 does not require ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0133 (Buffer overflows in Avirt Gateway Suite 4.2 allow remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0132 (Buffer overflow in Chinput 3.0 allows local users to execute arbitrary ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0131 (ActivePython ActiveX control for Python in the AXScript package, when ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0130 (Buffer overflow in efax 0.9 and earlier, when installed setuid root, ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0129 (efax 0.9 and earlier, when installed setuid root, allows local users ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0127 (Netgear RP114 Cable/DSL Web Safe Router Firmware 3.26, when configured ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0126 (Buffer overflow in BlackMoon FTP Server 1.0 through 1.5 allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0125 (Buffer overflow in ClanLib library 0.5 may allow local users to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0124 (MDG Computer Services Web Server 4D/eCommerce 3.5.3 allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0122 (Siemens 3568i WAP mobile phones allows remote attackers to cause a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0119 (Alcatel Speed Touch Home ADSL Modem allows remote attackers to cause a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0118 (Cross-site scripting vulnerability in Infopop Ultimate Bulletin Board ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0116 (Palm OS 3.5h and possibly other versions, as used in Handspring Visor ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0114 (Legato NetWorker 6.1 stores passwords in plaintext in the daemon.log ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0113 (Legato NetWorker 6.1 stores log files in the /nsr/logs/ directory with ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0112 (Etype Eserv 2.97 allows remote attackers to view password protected ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0110 (Nevrona Designs MiraMail 1.04 and earlier stores authentication ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0109 (Linksys EtherFast BEFN2PS4, BEFSR41, and BEFSR81 Routers, and possibly ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0108 (Allaire Forums 2.0.4 and 2.0.5 and Forums! 3.0 and 3.1 allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0106 (BEA Systems Weblogic Server 6.1 allows remote attackers to cause a ...)
	NOT-FOR-US: BEA WebLogic
CVE-2002-0105 (CDE dtlogin in Caldera UnixWare 7.1.0, and possibly other operating ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0104 (AFTPD 5.4.4 allows remote attackers to gain sensitive information via ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0103 (An installer program for Oracle9iAS Web Cache 2.0.0.x creates ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0102 (Oracle9iAS Web Cache 2.0.0.x allows remote attackers to cause a denial ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0101 (Microsoft Internet Explorer 6.0 and earlier allows local users to ...)
	NOT-FOR-US: Microsoft
CVE-2002-0100 (AOL AOLserver 3.4.2 Win32 allows remote attackers to bypass ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0099 (Buffer overflow in Michael Lamont Savant Web Server 3.0 allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0093 (Buffer overflow in ipcs for HP Tru64 UNIX 4.0f through 5.1a may allow ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0091 (Multiple CGI scripts in CIDER SHADOW 1.5 and 1.6 allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0089 (Buffer overflow in admintool in Solaris 2.5 through 8 allows local ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0088 (Buffer overflow in admintool in Solaris 2.6, 7, and 8 allows local ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0087 (bindsock in Lotus Domino 5.07 on Solaris allows local users to create ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0086 (Buffer overflow in bindsock in Lotus Domino 5.0.4 and 5.0.7 on Linux ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0085 (cachefsd in Solaris 2.6, 7, and 8 allows remote attackers to cause a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0084 (Buffer overflow in the fscache_setup function of cachefsd in Solaris ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0077 (Microsoft Internet Explorer 5.01, 5.5 and 6.0 treats objects invoked ...)
	NOT-FOR-US: Microsoft
CVE-2002-0058 (Vulnerability in Java Runtime Environment (JRE) allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0056 (Buffer overflow in SQL Server 7.0 and 2000 allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0053 (Buffer overflow in SNMP agent service in Windows 95/98/98SE, Windows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0048 (Multiple signedness errors (mixed signed and unsigned numbers) in the ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0041 (Unknown vulnerability in Mail for SGI IRIX 6.5 through 6.5.15f, and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0039 (rpcbind in SGI IRIX 6.5 through 6.5.15f, and possibly earlier ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0037 (Lotus Domino Servers 5.x, 4.6x, and 4.5x allows attackers to bypass ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0035
	RESERVED
CVE-2002-0034 (The Microsoft CONVERT.EXE program, when used on Windows 2000 and ...)
	NOT-FOR-US: Microsoft
CVE-2002-0031 (Buffer overflows in Yahoo! Messenger 5,0,0,1064 and earlier allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0030 (The digital signature mechanism for the Adobe Acrobat PDF viewer only ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0029 (Buffer overflows in the DNS stub resolver library in ISC BIND 4.9.2 ...)
	{DSA-196}
	- bind9 <not-affected>
	- bind 1:8.3.3-3
CVE-2002-0019
	RESERVED
CVE-2002-0016
	RESERVED
CVE-2002-0015
	RESERVED
CVE-2002-0013 (Vulnerabilities in the SNMPv1 request handling of a large number of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0012 (Vulnerabilities in a large number of SNMP implementations allow ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0010 (Bugzilla before 2.14.1 allows remote attackers to inject arbitrary SQL ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0008 (Bugzilla before 2.14.1 allows remote attackers to (1) spoof a user ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0001 (Vulnerability in RFC822 address parser in mutt before 1.2.5.1 and mutt ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1413 (Stack-based buffer overflow in the comprexx function for ncompress ...)
	NOTE: not vulnerable according to http://www.debian.org/security/nonvulns-sarge
	NOTE: discussion at:
	NOTE: http://archives.neohapsis.com/archives/linux/lsap/2001-q2/0081.html
	NOTE: listed sarge version contains a fix like the patch from Gentoo
	- ncompress 4.2.4-15
CVE-2001-1412 (nidump on MacOS X before 10.3 allows local users to read the encrypted ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1411 (Format string vulnerability in gm4 (aka m4) on Mac OS X may allow ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1410 (Internet Explorer 6 and earlier allows remote attackers to create ...)
	NOT-FOR-US: Microsoft
CVE-2001-1409 (dexconf in XFree86 Xserver 4.1.0-2 creates the /dev/dri directory with ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1408 (Directory traversal vulnerability in readmsg.php in WebMail 2.0.1 in ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1405 (Bugzilla before 2.14 does not restrict access to sanitycheck.cgi, ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1404 (Bugzilla before 2.14 stores user passwords in plaintext and sends ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1403 (Bugzilla before 2.14 includes the username and password in URLs, which ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1402 (Bugzilla before 2.14 does not properly escape untrusted parameters, ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1401 (Bugzilla before 2.14 does not properly restrict access to confidential ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1400 (Unknown vulnerabilities in the UDP port allocation for Linux kernel ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1399 (Certain operations in Linux kernel before 2.2.19 on the x86 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1398 (Masquerading code for Linux kernel before 2.2.19 does not fully check ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1397 (The System V (SYS5) shared memory implementation for Linux kernel ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1396 (Unknown vulnerabilities in strnlen_user for Linux kernel before ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1395 (Unknown vulnerability in sockfilter for Linux kernel before 2.2.19 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1394 (Signedness error in (1) getsockopt and (2) setsockopt for Linux kernel ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1393 (Unknown vulnerability in classifier code for Linux kernel before ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1392 (The Linux kernel before 2.2.19 does not have unregister calls for (1) ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1390 (Unknown vulnerability in binfmt_misc in the Linux kernel before ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1389 (Multiple vulnerabilities in xinetd 2.3.0 and earlier, and additional ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1388 (iptables before 1.2.4 does not accurately convert rate limits that are ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1387 (iptables-save in iptables before 1.2.4 records the &quot;--reject-with ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1384 (ptrace in Linux 2.2.x through 2.2.19, and 2.4.x through 2.4.9, allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1379 (The PostgreSQL authentication modules (1) mod_auth_pgsql 0.9.5, and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1377 (Multiple RADIUS implementations do not properly validate the ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1376 (Buffer overflow in digest calculation function of multiple RADIUS ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1368 (Vulnerability in iPlanet Web Server 4 included in Virtualvault ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1366 (netscript before 1.6.3 parses dynamic variables, which could allow ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1365 (Vulnerability in IntraGnat before 1.4. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1364 (Vulnerability in autodns.pl for AutoDNS before 0.0.4 related to domain ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1363 (Vulnerability in phpWebSite before 0.7.9 related to running multiple ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1362 (Vulnerability in the server for nPULSE before 0.53p4. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1361 (Vulnerability in The Web Information Gateway (TWIG) 2.7.1, possibly ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1360 (Vulnerability in Scanner Access Now Easy (SANE) before 1.0.5, related ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1358 (Vulnerabilities in phpMyChat before 0.14.4 allow local and possibly ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1357 (Multiple vulnerabilities in phpMyChat before 0.14.5 exist in (1) ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1356 (NetWin SurgeFTP 2.0f and earlier encrypts passwords using weak ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1355 (Buffer overflows in NetWin Authentication Module (NWAuth) 3.0b and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1354 (NetWin Authentication module (NWAuth) 2.0 and 3.0b, as implemented in ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1353 (ghostscript before 6.51 allows local users to read and write arbitrary ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1348 (TWIG 2.6.2 and earlier allows remote attackers to perform unauthorized ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1346 (Computer Associates ARCserveIT 6.61 and 6.63 (also called ARCservIT) ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1344 (WSSecurity.pl in WebStore allows remote attackers to bypass ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1343 (ws_mail.cgi in WebStore 400/400CS 4.14 allows remote authenticated ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1341 (The Beck GmbH IPC@Chip embedded web server installs the chipcfg.cgi ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1340 (Beck GmbH IPC@Chip TelnetD service supports only one connection and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1339 (Beck IPC GmbH IPC@CHIP telnet service does not delay or disconnect ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1338 (Beck IPC GmbH IPC@CHIP TelnetD server generates different responses ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1337 (Beck IPC GmbH IPC@CHIP Embedded-Webserver allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1336 (CesarFTP 0.98b and earlier stores usernames and passwords in plaintext ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1335 (Directory traversal vulnerability in CesarFTP 0.98b and earlier allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1333 (Linux CUPS before 1.1.6 does not securely handle temporary files, ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1332 (Buffer overflows in Linux CUPS before 1.1.6 may allow remote attackers ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1331 (mandb in the man-db package before 2.3.16-3 allows local users to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1330 (Buffer overflow in rsh on AIX 4.2.0.0 may allow local users to gain ...)
	NOT-FOR-US: AIX
CVE-2001-1329 (Buffer overflow in rsh on AIX 4.2.0.0 may allow local users to gain ...)
	NOT-FOR-US: AIX
CVE-2001-1326 (Eudora 5.1 allows remote attackers to execute arbitrary code when the ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1325 (Internet Explorer 5.0 and 5.5, and Outlook Express 5.0 and 5.5, allow ...)
	NOT-FOR-US: Microsoft
CVE-2001-1324 (cvmlogin and statfile in Paul Jarc idtools before 2001.06.27 do not ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1323 (Buffer overflow in MIT Kerberos 5 (krb5) 1.2.2 and earlier allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1321 (Oracle Internet Directory Server 2.1.1.x and 3.0.1 allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1320 (Network Associates PGP Keyserver 7.0 allows remote attackers to cause ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1319 (Microsoft Exchange 5.5 2000 allows remote attackers to cause a denial ...)
	NOT-FOR-US: Microsoft
CVE-2001-1318 (Vulnerabilities in Qualcomm Eudora WorldMail Server may allow remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1317 (Teamware Office Enterprise Directory allows remote attackers to cause ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1316 (Buffer overflows in Teamware Office Enterprise Directory allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1315 (Critical Path (1) InJoin Directory Server or (2) LiveContent Directory ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1314 (Buffer overflows in Critical Path (1) InJoin Directory Server or (2) ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1313 (Lotus Domino R5 before R5.0.7a allows remote attackers to cause a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1312 (Format string vulnerabilities in Lotus Domino R5 before R5.0.7a allow ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1311 (Buffer overflows in Lotus Domino R5 before R5.0.7a allow remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1310 (IBM SecureWay 3.2.1 allow remote attackers to cause a denial of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1309 (Buffer overflows in IBM SecureWay 3.2.1 allow remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1308 (Format string vulnerabilities in iPlanet Directory Server 4.1.4 and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1307 (Buffer overflows in iPlanet Directory Server 4.1.4 and earlier (LDAP) ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1306 (iPlanet Directory Server 4.1.4 and earlier (LDAP) allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1305 (ICQ 2001a Alpha and earlier allows remote attackers to automatically ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1304 (Buffer overflow in SHOUTcast Server 1.8.2 allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1300 (Directory traversal vulnerability in Dynu FTP server 1.05 and earlier ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1298 (Webodex PHP script 1.0 and earlier allows remote attackers to include ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1294 (Buffer overflow in A-V Tronics Inetserv 3.2.1 and earlier allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1293 (Buffer overflow in web server of 3com HomeConnect Cable Modem External ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1292 (Sambar Telnet Proxy/Server allows remote attackers to cause a denial ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1290 (admin.cgi in Active Classifieds Free Edition 1.0, and possibly ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1289 (Quake 3 arena 1.29f and 1.29g allows remote attackers to cause a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1288 (Windows 2000 and Windows NT allows local users to cause a denial of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1287 (Buffer overflow in Web Calendar in Ipswitch IMail 7.04 and earlier ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1286 (Ipswitch IMail 7.04 and earlier stores a user's session ID in a URL, ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1285 (Directory traversal vulnerability in readmail.cgi for Ipswitch IMail ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1284 (Ipswitch IMail 7.04 and earlier uses predictable session IDs for ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1283 (The webmail interface for Ipswitch IMail 7.04 and earlier allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1282 (Ipswitch IMail 7.04 and earlier records the physical path of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1281 (Web Messaging Server for Ipswitch IMail 7.04 and earlier allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1280 (POP3 Server for Ipswitch IMail 7.04 and earlier generates different ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1278 (Zope before 2.2.4 allows partially trusted users to bypass security ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1275 (MySQL before 3.23.31 allows users with a MySQL account to use the SHOW ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1274 (Buffer overflow in MySQL before 3.23.31 allows attackers to cause a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1273 (The &quot;mxcsr P4&quot; vulnerability in the Linux kernel before 2.2.17-14, ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1272 (wmtv 0.6.5 and earlier does not properly drop privileges, which allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1271 (Directory traversal vulnerability in rar 2.02 and earlier allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1270 (Directory traversal vulnerability in the console version of PKZip ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1269 (Info-ZIP UnZip 5.42 and earlier allows attackers to overwrite ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1268 (Directory traversal vulnerability in Info-ZIP UnZip 5.42 and earlier ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1265 (Directory traversal vulnerability in IBM alphaWorks Java TFTP server ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1264 (Vulnerability in mkacct in HP-UX 11.04 running Virtualvault Operating ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1263 (telnet95.exe in Pragma InterAccess 4.0 build 5 allows remote attackers ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1262 (Avaya Argent Office 2.1 compares a user-provided SNMP community string ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1261 (Avaya Argent Office 2.1 may allow remote attackers to change hold ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1260 (Avaya Argent Office uses weak encryption (trivial encoding) for ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1259 (Avaya Argent Office allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1258 (Horde Internet Messaging Program (IMP) before 2.2.6 allows local users ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1257 (Cross-site scripting vulnerability in Horde Internet Messaging Program ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1256 (kmmodreg in HP-UX 11.11, 11.04 and 11.00 allows local users to create ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1255 (WinMySQLadmin 1.1 stores the MySQL password in plain text in the ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1254 (Web Access component for COM2001 Alexis 2.0 and 2.1 in InternetPBX ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1253 (Alexis 2.0 and 2.1 in COM2001 InternetPBX stores voicemail passwords ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1250 (vWebServer 1.2.0 allows remote attackers to cause a denial of service ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1249 (vWebServer 1.2.0 allows remote attackers to cause a denial of service ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1248 (vWebServer 1.2.0 allows remote attackers to view arbitrary ASP scripts ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1245 (Opera 5.0 for Linux does not properly handle malformed HTTP headers, ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1244 (Multiple TCP implementations could allow remote attackers to cause a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1243 (Scripting.FileSystemObject in asp.dll for Microsoft IIS 4.0 and 5.0 ...)
	NOT-FOR-US: Microsoft
CVE-2001-1242 (Directory traversal vulnerability in Un-CGI 1.9 and earlier allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1241 (Un-CGI 1.9 and earlier does not verify that a CGI script has the ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1239 (PowerNet IX allows remote attackers to cause a denial of service via a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1238 (Task Manager in Windows 2000 does not allow local users to end ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1233 (Netware Enterprise Web Server 5.1 running GroupWise WebAccess 5.5 with ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1232 (GroupWise WebAccess 5.5 with directory indexing enabled allows a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1230 (Buffer overflows in Icecast before 1.3.10 allow remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1229 (Buffer overflows in (1) Icecast before 1.3.9 and (2) libshout before ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1228 (Buffer overflows in gzip 1.3x, 1.2.4, and other versions might allow ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1226 (AdCycle 1.17 and earlier allow remote attackers to modify SQL queries, ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1225 (Hughes Technology Mini SQL 2.0.10 through 2.0.12 allows local users to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1224 (get_input in adrotate.pm for Les VanBrunt AdRotate Pro 2.0 allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1223 (The web administration server for ELSA Lancom 1100 Office does not ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1222 (Plesk Server Administrator (PSA) 1.0 allows remote attackers to obtain ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1221 (D-Link DWL-1000AP Firmware 3.2.28 #483 Wireless LAN Access Point uses ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1220 (D-Link DWL-1000AP Firmware 3.2.28 #483 Wireless LAN Access Point ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1219 (Microsoft Internet Explorer 6.0 and earlier allows malicious website ...)
	NOT-FOR-US: Microsoft
CVE-2001-1218 (Microsoft Internet Explorer for Unix 5.0SP1 allows local users to ...)
	NOT-FOR-US: Microsoft
CVE-2001-1217 (Directory traversal vulnerability in PL/SQL Apache module in Oracle ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1216 (Buffer overflow in PL/SQL Apache module in Oracle 9i Application ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1214 (manual.php in Marcus S. Xenakis Unix Manual 1.0 allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1213 (The default configuration of DataWizard FtpXQ 2.0 and 2.1 includes a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1212 (Cross-site scripting vulnerability in catgy.cgi for Aktivate 1.03 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1211 (Ipswitch IMail 7.0.4 and earlier allows attackers with administrator ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1210 (Cisco ubr900 series routers that conform to the Data-over-Cable ...)
	NOT-FOR-US: Cisco
CVE-2001-1209 (Directory traversal vulnerability in zml.cgi allows remote attackers ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1208 (Format string vulnerability in DayDream BBS allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1207 (Buffer overflows in DayDream BBS 2.9 through 2.13 allow remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1206 (Matrix CGI vault Last Lines 2.0 allows remote attackers to execute ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1205 (Directory traversal vulnerability in lastlines.cgi for Last Lines 2.0 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1204 (Directory traversal vulnerability in phprocketaddin in Total PC ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1202 (Cross-site scripting vulnerability in DeleGate 7.7.0 and 7.7.1 does ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1198 (RLPDaemon in HP-UX 10.20 and 11.0 allows local users to overwrite ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1197 (klprfax_filter in KDE2 KDEUtils allows local users to overwrite ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1196 (Directory traversal vulnerability in edit_action.cgi of Webmin ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1195 (Novell Groupwise 5.5 and 6.0 Servlet Gateway is installed with a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1194 (Zyxel Prestige 681 and 1600 SDSL Routers allow remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1192 (Citrix Independent Computing Architecture (ICA) Client for Windows 6.1 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1191 (WebSeal in IBM Tivoli SecureWay Policy Director 3.8 allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1190 (The default PAM files included with passwd in Mandrake Linux 8.1 do ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1189 (IBM Websphere Application Server 3.5.3 and earlier stores a password ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1188 (mailto.exe in Brian Dorricott MAILTO 1.0.9 and earlier allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1187 (csvform.pl 0.1 allows remote attackers to execute arbitrary commands ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1184 (wrshdsp.exe in Denicomp Winsock RSHD/NT 2.21.00 and earlier allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1182 (Vulnerability in login in HP-UX 11.00, 11.11, and 10.20 allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1181 (Dynamically Loadable Kernel Module (dlkm) static kernel symbol table ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1179 (xman allows local users to gain privileges by modifying the MANPATH to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1178 (Buffer overflow in xman allows local users to gain privileges via a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1173 (Vulnerability in MasqMail before 0.1.15 allows local users to gain ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1171 (Check Point Firewall-1 3.0b through 4.0 SP1 follows symlinks and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1170 (AmTote International homebet program stores the homebet.log file in ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1169 (keyinit in S/Key does not require authentication to initialize a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1168 (Directory traversal vulnerability in index.php in PhpMyExplorer before ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1167
	REJECTED
CVE-2001-1165 (Intego FileGuard 4.0 uses weak encryption to store user information ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1164 (Buffer overflow in uucp utilities in UnixWare 7 allows local users to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1163 (Buffer overflow in Munica Corporation NetSQL 1.0 allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1159 (load_prefs.php and supporting include files in SquirrelMail 1.0.4 and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1157 (Baltimore Technologies WEBsweeper 4.0 and 4.02 does not properly ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1156 (TYPSoft FTP 0.95 allows remote attackers to cause a denial of service ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1154 (Cyrus 2.0.15, 2.0.16, and 1.6.24 on BSDi 4.2, with IMAP enabled, ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1152 (Baltimore Technologies WEBsweeper 4.02, when used to manage URL ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1151 (Trend Micro OfficeScan Corporate Edition (aka Virus Buster) 3.53 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1150 (Vulnerability in cgiWebupdate.exe in Trend Micro OfficeScan Corporate ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1148 (Multiple buffer overflows in programs used by scoadmin and sysadmsh in ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1143 (IBM DB2 7.0 allows a remote attacker to cause a denial of service ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1142 (ArGoSoft FTP Server 1.2.2.2 uses weak encryption for user passwords, ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1140 (BadBlue Personal Edition v1.02 beta allows remote attackers to read ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1139 (Directory traversal vulnerability in ASCII NT WinWrapper Professional ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1138 (Directory traversal vulnerability in r.pl (aka r.cgi) of Randy Parker ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1137 (D-Link DI-704 Internet Gateway firmware earlier than V2.56b6 allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1136 (The libsecurity library in HP-UX 11.04 (VVOS) allows attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1135 (ZyXEL Prestige 642R and 642R-I routers do not filter the routers' ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1134 (Xerox DocuPrint N40 Printers allow remote attackers to cause a denial ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1133 (Vulnerability in a system call in BSDI 3.0 and 3.1 allows local users ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1131 (Directory traversal vulnerability in WhitSoft Development SlimFTPd 2.2 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1129 (Format string vulnerabilities in (1) _probuild, (2) _dbutil, (3) ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1128 (Buffer overflow in Progress database 8.3D and 9.1C allows local users ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1127 (Buffer overflow in Progress database 8.3D and 9.1C could allow a local ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1126 (Symantec LiveUpdate 1.4 through 1.6, and possibly later versions, ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1125 (Symantec LiveUpdate before 1.6 does not use cryptography to ensure the ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1124 (rpcbind in HP-UX 11.00, 11.04 and 11.11 allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1123 (Vulnerability in Network Node Manager (NNM) 6.2 and earlier in HP ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1122 (Windows NT 4.0 SP 6a allows a local user with write access to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1120 (Vulnerabilities in ColdFusion 2.0 through 4.5.1 SP 2 allow remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1115 (generate.cgi in SIX-webboard 2.01 and before allows remote attackers ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1114 (book.cgi in NetCode NC Book 0.2b allows remote attackers to execute ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1112 (Buffer overflow in EFTP 2.0.7.337 allows remote attackers to execute ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1111 (EFTP 2.0.7.337 stores user passwords in plaintext in the ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1110 (EFTP 2.0.7.337 allows remote attackers to obtain NETBIOS credentials ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1109 (Directory traversal vulnerability in EFTP 2.0.7.337 allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1107 (SnapStream PVS 1.2a stores its passwords in plaintext in the file ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1105 (RSA BSAFE SSL-J 3.0, 3.0.1 and 3.1, as used in Cisco iCND 2.0, caches ...)
	NOT-FOR-US: Cisco
CVE-2001-1104 (SonicWALL SOHO uses easily predictable TCP sequence numbers, which ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1102 (Check Point FireWall-1 3.0b through 4.1 for Solaris allows local users ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1101 (The Log Viewer function in the Check Point FireWall-1 GUI for Solaris ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1097 (Cisco routers and switches running IOS 12.0 through 12.2.1 allows a ...)
	NOT-FOR-US: Cisco
CVE-2001-1094 (NetOp School 1.5 allows local users to bypass access restrictions on ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1093 (Buffer overflow in msgchk in Digital UNIX 4.0G and earlier allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1092 (msgchk in Digital UNIX 4.0G and earlier allows a local user to read ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1091 (The (1) dump and (2) dump_lfs commands in NetBSD 1.4.x through 1.5.1 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1090 (nss_postgresql 0.6.1 and before allows a remote attacker to execute ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1087 (The default configuration of the config.http.tunnel.allow_ports option ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1086 (XDM in XFree86 3.3 and 3.3.3 generates easily guessable cookies using ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1082 (Directory traversal vulnerability in Livingston/Lucent RADIUS before ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1078 (Format string vulnerability in flog function of eXtremail 1.1.9 and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1077 (Buffer overflow in tt_printf function of rxvt 2.6.2 allows local users ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1076 (Buffer overflow in whodo in Solaris SunOS 5.5.1 through 5.8 allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1073 (Webridge PX Application Suite allows remote attackers to obtain ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1070 (Sage Software MAS 200 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1068 (qpopper 4.01 with PAM based authentication on Red Hat systems ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1065 (Web-based configuration utility in Cisco 600 series routers running ...)
	NOT-FOR-US: Cisco
CVE-2001-1064 (Cisco 600 series routers running CBOS 2.0.1 through 2.4.2ap allows ...)
	NOT-FOR-US: Cisco
CVE-2001-1061 (Vulnerability in lsmcode in unknown versions of AIX, possibly related ...)
	NOT-FOR-US: AIX
CVE-2001-1060 (phpMyAdmin 2.2.0rc3 and earlier allows remote attackers to execute ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1058 (The License Manager (mathlm) for Mathematica 4.0 and 4.1 allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1057 (The License Manager (mathlm) for Mathematica 4.0 and 4.1 allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1052 (Empris PHP script allows remote attackers to include arbitrary files ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1051 (Dark Hart Portal (darkportal) PHP script allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1050 (CCCSoftware CCC PHP script allows remote attackers to include ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1047 (Race condition in OpenBSD VFS allows local users to cause a denial of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1045 (Directory traversal vulnerability in basilix.php3 in Basilix Webmail ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1044 (Basilix Webmail 0.9.7beta, and possibly other versions, stores *.class ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1042 (Transsoft Broker 5.9.5.0 allows remote attackers to read arbitrary ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1041 (oracle program in Oracle 8.0.x, 8.1.x and 9.0.1 allows local users to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1040 (HP LaserJet, and possibly other JetDirect devices, resets the admin ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1039 (The JetAdmin web interface for HP JetDirect does not set a password ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1034 (Format string vulnerability in Hylafax on FreeBSD allows local users ...)
	{DSA-148}
	- hylafax 4.1.2-2.1
CVE-2001-1033 (Compaq TruCluster 1.5 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1031 (Directory traversal vulnerability in Meteor FTP 1.0 allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1026 (Trend Micro InterScan AppletTrap 2.0 does not properly filter URLs ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1025 (PHP-Nuke 5.x allows remote attackers to perform arbitrary SQL ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1024 (login.gas.bat and other CGI scripts in Entrust getAccess allow remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1023 (Xcache 2.1 allows remote attackers to determine the absolute path of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1021 (Buffer overflows in WS_FTP 2.02 allow remote attackers to execute ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1019 (Directory traversal vulnerability in view_item CGI program in ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1018 (Lotus Domino web server 5.08 allows remote attackers to determine the ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1015 (Buffer overflow in Snes9x 1.37, when installed setuid root, allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1014 (eshop.pl in WebDiscount(e)shop allows remote attackers to execute ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1013 (Apache on Red Hat Linux with with the UserDir directive enabled ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1012 (Vulnerability in screen before 3.9.10, related to a multi-attach error, ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1009 (Fetchmail (aka fetchmail-ssl) before 5.8.17 allows a remote malicious ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1007 (Starfish Truesync Desktop 2.0b as used on the REX 5000 PDA uses a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1006 (Starfish Truesync Desktop 2.0b as used on the REX 5000 PDA does not ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1005 (Starfish Truesync Desktop 2.0b as used on the REX 5000 PDA uses weak ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1004 (Cross-site scripting (CSS) vulnerability in gnut Gnutella client ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1003 (Respondus 1.1.2 for WebCT uses weak encryption to remember usernames ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1000 (rlmadmin RADIUS management utility in Merit AAA Server 3.8M, 5.01, and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0999 (Outlook Express 6.00 allows remote attackers to execute arbitrary ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0997 (Textor Webmasters Ltd listrec.pl CGI program allows remote attackers ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0996 (POP3Lite before 0.2.4 does not properly quote a . (dot) in an email ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0994 (Marconi ForeThought 7.1 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0992 (shopplus.cgi in ShopPlus shopping cart allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0991 (Cross-site scripting vulnerability in Proxomitron Naoko-4 BetaFour and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0990 (Inter7 vpopmail 4.10.35 and earlier, when using the MySQL module, ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0989 (Buffer overflows in Pileup before 1.2 allows local users to gain root ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0988 (Arkeia backup server 4.2.8-2 and earlier creates its database files ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0986 (SQLQHit.asp sample file in Microsoft Index Server 2.0 allows remote ...)
	NOT-FOR-US: Microsoft
CVE-2001-0985 (shop.pl in Hassan Consulting Shopping Cart 1.23 allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0984 (Password Safe 1.7(1) leaves cleartext passwords in memory when a user ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0983 (UltraEdit uses weak encryption to record FTP passwords in the ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0979 (Buffer overflow in swverify in HP-UX 11.0, and possibly other ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0976 (Vulnerability in HP Process Resource Manager (PRM) C.01.08.2 and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0975 (Buffer overflow vulnerabilities in Oracle Internet Directory Server ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0974 (Format string vulnerabilities in Oracle Internet Directory Server ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0972 (Surf-Net ASP Forum before 2.30 uses easily guessable cookies based on ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0971 (Directory traversal vulnerability in ACI 4d webserver allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0970 (Cross-site scripting vulnerability in TDForum 1.2 CGI script ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0968 (Knox Arkeia server 4.2, and possibly other versions, installs its root ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0967 (Knox Arkeia server 4.2, and possibly other versions, uses a constant ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0966 (Directory traversal vulnerability in Nudester 1.10 and earlier allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0964 (Buffer overflow in client for Half-Life 1.1.0.8 and earlier allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0958 (Buffer overflows in eManager plugin for Trend Micro InterScan ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0956 (speechd 0.54 and earlier, with the Festival or rsynth speech synthesis ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0955 (Buffer overflow in fbglyph.c in XFree86 before 4.2.0, related to glyph ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0953 (Kebi WebMail allows remote attackers to access the administrator menu ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0952 (THQ Volition Red Faction Game allows remote attackers to cause a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0950 (ValiCert Enterprise Validation Authority (EVA) Administration Server ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0949 (Buffer overflows in forms.exe CGI program in ValiCert Enterprise ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0948 (Cross-site scripting (CSS) vulnerability in ValiCert Enterprise ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0947 (Forms.exe CGI program in ValiCert Enterprise Validation Authority ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0945 (Buffer overflow in Outlook Express 5.0 through 5.02 for Macintosh ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0944 (DDE in mIRC allows local users to launch applications under another ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0943 (dbsnmp in Oracle 8.0.5 and 8.1.5, under certain conditions, trusts the ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0942 (dbsnmp in Oracle 8.1.6 and 8.1.7 uses the ORACLE_HOME environment ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0941 (Buffer overflow in dbsnmp in Oracle 8.0.6 through 9.0.1 allows local ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0938 (Directory traversal vulnerability in AspUpload 2.1, in certain ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0937 (PGPMail.pl 1.31 allows remote attackers to execute arbitrary commands ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0935 (Vulnerability in wu-ftpd 2.6.0, and possibly earlier versions, which ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0934 (Cooolsoft PowerFTP Server 2.03 allows remote attackers to obtain the ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0933 (Cooolsoft PowerFTP Server 2.03 allows remote attackers to list the ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0932 (Buffer overflow in Cooolsoft PowerFTP Server 2.03 allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0931 (Directory traversal vulnerability in Cooolsoft PowerFTP Server 2.03 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0930 (Sendpage.pl allows remote attackers to execute arbitrary commands via ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0928 (Buffer overflow in the permitted function of GNOME gtop daemon ...)
	{DSA-301}
	- libgtop 1.0.13-4
CVE-2001-0927 (Format string vulnerability in the permitted function of GNOME ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0926 (SSIFilter in Allaire JRun 3.1, 3.0 and 2.3.3 allows remote attackers ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0925 (The default installation of Apache before 1.3.19 allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0924 (Directory traversal vulnerability in ifx CGI program in Informix Web ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0923 (RPM Package Manager 4.0.x through 4.0.2.x allows an attacker to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0922 (ndcgi.exe in Netdynamics 4.x through 5.x, and possibly earlier ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0919 (Internet Explorer 5.50.4134.0100 on Windows ME with &quot;Prompt to allow ...)
	NOT-FOR-US: Microsoft
CVE-2001-0916 (Buffer overflow in Berkeley parallel make (pmake) 2.1.33 and earlier ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0915 (Format string vulnerability in Berkeley parallel make (pmake) 2.1.33 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0913 (Format string vulnerability in Network Solutions Rwhoisd 1.5.7.2 and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0911 (PHP-Nuke 5.1 stores user and administrator passwords in a base-64 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0910 (Legato Networker before 6.1 allows remote attackers to bypass access ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0908 (CITRIX Metaframe 1.8 logs the Client Address (IP address) that is ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0904 (Internet Explorer 5.5 and 6 with the Q312461 (MS01-055) patch modifies ...)
	NOT-FOR-US: Microsoft
CVE-2001-0903 (Linear key exchange process in High-bandwidth Digital Content ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0898 (Opera 6.0 and earlier allows remote attackers to access sensitive ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0897 (Cross-site scripting vulnerability in Infopop Ultimate Bulletin Board ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0893 (Acme mini_httpd before 1.16 allows remote attackers to view sensitive ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0892 (Acme Thttpd Secure Webserver before 2.22, with the chroot option ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0890 (Certain backend drivers in the SANE library 1.0.3 and earlier, as used ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0885
	RESERVED
CVE-2001-0883
	RESERVED
CVE-2001-0882
	RESERVED
CVE-2001-0881
	RESERVED
CVE-2001-0880
	RESERVED
CVE-2001-0878
	RESERVED
CVE-2001-0871 (Directory traversal vulnerability in HTTP server for Alchemy Eye and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0870 (HTTP server in Alchemy Eye and Alchemy Network Monitor 1.9x through ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0868 (Red Hat Stronghold 2.3 to 3.0 allows remote attackers to retrieve ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0858 (Buffer overflow in pppattach and other linked PPP utilities in Caldera ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0856 (Common Cryptographic Architecture (CCA) in IBM 4758 allows an attacker ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0855 (Buffer overflow in db_loader in ClearCase 4.2 and earlier allows local ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0854 (PHP-Nuke 5.2 allows remote attackers to copy and delete arbitrary ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0853 (Directory traversal vulnerability in Entrust GetAccess allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0849 (viralator CGI script in Viralator 0.9pre1 and earlier allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0848 (join.cfm in e-Zone Media Fuse Talk allows a local user to execute ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0847 (Lotus Domino Web Server 5.x allows remote attackers to gain sensitive ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0845 (Vulnerability in DECwindows Motif Server on OpenVMS VAX or Alpha 6.2 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0844 (Vulnerability in (1) Book of guests and (2) Post it! allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0842 (Directory traversal vulnerability in Search.cgi in Leoboard LB5000 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0841 (Directory traversal vulnerability in Search.cgi in Ikonboard ib219 and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0840 (Buffer overflow in Compaq Insight Manager XE 2.1b and earlier allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0839 (ibillpm.pl in iBill password management system generates weak ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0838 (Format string vulnerability in Network Solutions Rwhoisd 1.5.x allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0835 (Cross-site scripting vulnerability in Webalizer 2.01-06, and possibly ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0832 (Vulnerability in Oracle 8.0.x through 9.0.1 on Unix allows local users ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0831 (Unknown vulnerability in Oracle Label Security in Oracle 8.1.7 and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0829 (A cross-site scripting vulnerability in Apache Tomcat 3.2.1 allows a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0827 (Cerberus FTP server 1.0 - 1.5 allows remote attackers to cause a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0826 (Buffer overflows in CesarFTPD 0.98b allows remote attackers to execute ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0824 (Cross-site scripting vulnerability in IBM WebSphere 3.02 and 3.5 FP2 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0821 (The default configuration of DCShop 1.002 beta places sensitive files ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0820 (Buffer overflows in GazTek ghttpd 1.4 allows a remote attacker to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0818 (A buffer overflow the '\s' console command in MDBMS 0.99b9 and earlier ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0817 (Vulnerability in HP-UX line printer daemon (rlpdaemon) in HP-UX 10.01 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0814
	RESERVED
CVE-2001-0813
	RESERVED
CVE-2001-0812
	RESERVED
CVE-2001-0811
	RESERVED
CVE-2001-0810
	RESERVED
CVE-2001-0809 (Vulnerability in CIFS/9000 Server (SAMBA) A.01.06 and earlier in HP-UX ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0808 (gnatsweb.pl in GNATS GnatsWeb 2.7 through 3.95 allows remote attackers ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0807 (Internet Explorer 5.0, and possibly other versions, may allow remote ...)
	NOT-FOR-US: Microsoft
CVE-2001-0802
	RESERVED
CVE-2001-0800 (lpsched in IRIX 6.5.13f and earlier allows remote attackers to execute ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0799 (Buffer overflows in lpsched in IRIX 6.5.13f and earlier allow remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0798
	RESERVED
CVE-2001-0795 (Perception LiteServe 1.25 allows remote attackers to obtain source ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0794 (Buffer overflow in A-FTP Anonymous FTP Server allows remote attackers ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0791 (Trend Micro InterScan VirusWall for Windows NT allows remote attackers ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0790 (Specter IDS version 4.5 and 5.0 allows a remote attacker to cause a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0789 (Format string vulnerability in avpkeeper in Kaspersky KAV 3.5.135.2 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0788 (Internet Software Solutions Air Messenger LAN Server (AMLServer) 3.4.2 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0786 (Internet Software Solutions Air Messenger LAN Server (AMLServer) 3.4.2 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0785 (Directory traversal in Webpaging interface in Internet Software ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0783 (Cisco TFTP server 1.1 allows remote attackers to read arbitrary files ...)
	NOT-FOR-US: Cisco
CVE-2001-0782 (KDE ktvision 0.1.1-271 and earlier allows local attackers to gain root ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0781 (Buffer overflow in SpoonFTP 1.0.0.12 allows remote attacker to execute ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0780 (Directory traversal vulnerability in cosmicpro.cgi in Cosmicperl ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0778 (OmniHTTPd 2.0.8 and earlier allow remote attackers to obtain source ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0777 (Omnicron OmniHTTPd 2.0.8 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0776 (Buffer overflow in DynFX MailServer version 2.10 allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0775 (Buffer overflow in xloadimage 4.1 (aka xli 1.16 and 1.17) in Linux ...)
	{DSA-695-1}
	- xli 1.17.0-17
CVE-2001-0772 (Buffer overflows and other vulnerabilities in multiple Common Desktop ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0771 (Spytech SpyAnywhere 1.50 allows remote attackers to gain administrator ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0768 (GuildFTPd 0.9.7 stores user names and passwords in plaintext in the ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0767 (Directory traversal vulnerability in GuildFTPd 0.9.7 allows attackers ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0766 (Apache on MacOS X Client 10.0.3 with the HFS+ file system allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0762 (Buffer overflow in su-wrapper 1.1.1 allows local users to execute ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0761 (Buffer overflow in HttpSave.dll in Trend Micro InterScan WebManager ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0759 (Buffer overflow in bctool in Jetico BestCrypt 0.8.1 and earlier allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0758 (Directory traversal vulnerability in Shambala 4.5 allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0756 (CatalogMgr.pl in VirtualCatalog (incorrectly claimed to be in ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0755 (Buffer overflow in ftp daemon (ftpd) 6.2 in Debian GNU/Linux allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0753 (Cisco CBOS 2.3.8 and earlier stores the passwords for (1) exec and (2) ...)
	NOT-FOR-US: Cisco
CVE-2001-0747 (Buffer overflow in iPlanet Web Server (iWS) Enterprise Edition 4.1, ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0746 (Buffer overflow in Web Publisher in iPlanet Web Server Enterprise ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0744 (Horde IMP 2.2.4 and earlier allows local users to overwrite files via ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0743 (Paging function in O'Reilly WebBoard Pager 4.10 allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0742 (Buffer overflow in Computalynx CMail POP3 mail server 2.4.9 allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0737 (A long 'synch' delay in Logitech wireless mice and keyboard receivers ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0736 (Vulnerability in (1) pine before 4.33 and (2) the pico editor, ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0735 (Buffer overflow in cfingerd 1.4.3 and earlier with the ...)
	- cfingerd 1.4.3-1.1 (bug #104394)
	NOTE: 1.4.3-1.2 is not in the PTS, but 1.4.3-1.2 incorporates
	NOTE: its changes.
CVE-2001-0734 (Hitachi Super-H architecture in NetBSD 1.5 and 1.4.1 allows a local ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0729 (Apache 1.3.20 on Windows servers allows remote attackers to bypass the ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0725
	RESERVED
CVE-2001-0721 (Universal Plug and Play (UPnP) in Windows 98, 98SE, ME, and XP allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0715 (Sendmail before 8.12.1, without the RestrictQueueRun option enabled, ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0714 (Sendmail before 8.12.1, without the RestrictQueueRun option enabled, ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0713 (Sendmail before 8.12.1 does not properly drop privileges when the -C ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0712 (The rendering engine in Internet Explorer determines the MIME type ...)
	NOT-FOR-US: Microsoft
CVE-2001-0711 (Cisco IOS 11.x and 12.0 with ATM support allows attackers to cause a ...)
	NOT-FOR-US: Cisco
CVE-2001-0709 (Microsoft IIS 4.0 and before, when installed on a FAT partition, ...)
	NOT-FOR-US: Microsoft
CVE-2001-0708 (Denicomp REXECD 1.05 and earlier allows a remote attacker to cause a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0707 (Denicomp RSHD 2.18 and earlier allows a remote attacker to cause a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0705 (Directory traversal vulnerability in tradecli.dll in Arcadia Internet ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0704 (tradecli.dll in Arcadia Internet Store 1.0 allows a remote attacker to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0703 (tradecli.dll in Arcadia Internet Store 1.0 allows a remote attacker to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0702 (Cerberus FTP 1.5 and earlier allows remote attackers to cause a denial ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0695 (WFTPD 3.00 R5 allows a remote attacker to cause a denial of service by ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0694 (Directory traversal vulnerability in WFTPD 3.00 R5 allows a remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0693 (WebTrends HTTP Server 3.1c and 3.5 allows a remote attacker to view ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0691 (Buffer overflows in Washington University imapd 2000a through 2000c ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0689 (Vulnerability in TrendMicro Virus Control System 1.8 allows a remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0688 (Broker FTP Server 5.9.5.0 allows a remote attacker to cause a denial ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0687 (Broker FTP server 5.9.5 for Windows NT and 9x allows a remote attacker ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0684 (Netscape Collabra Server 3.5.4 and earlier allows a remote attacker to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0683 (Memory leak in Netscape Collabra Server 3.5.4 and earlier allows a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0681 (Buffer overflow in ftpd in QPC QVT/Net 5.0 and QVT/Term 5.0 allows a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0679 (A buffer overflow in InterScan VirusWall 3.23 and 3.3 allows a remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0678 (A buffer overflow in reggo.dll file used by Trend Micro InterScan ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0674 (Directory traversal vulnerability in RobTex Viking Web server before ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0673
	RESERVED
CVE-2001-0672
	RESERVED
CVE-2001-0671 (Buffer overflows in (1) send_status, (2) kill_print, and (3) chk_fhost ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0669 (Various Intrusion Detection Systems (IDS) including (1) Cisco Secure ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0661
	RESERVED
CVE-2001-0657
	RESERVED
CVE-2001-0656
	RESERVED
CVE-2001-0655
	RESERVED
CVE-2001-0654
	RESERVED
CVE-2001-0649 (Personal Web Sharing 1.5.5 allows a remote attacker to cause a denial ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0647 (Orange Web Server 2.1, based on GoAhead, allows a remote attacker to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0645 (Symantec/AXENT NetProwler 3.5.x contains several default passwords, ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0642 (Directory traversal vulnerability in IncrediMail version 1400185 and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0636 (Buffer overflows in Raytheon SilentRunner allow remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0633 (Directory traversal vulnerability in Sun Chili!Soft ASP on multiple ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0632 (Sun Chili!Soft 3.5.2 on Linux and 3.6 on AIX creates a default admin ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0624 (QNX 2.4 allows a local user to read arbitrary files by directly ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0623 (sendfiled, as included with Simple Asynchronous File Transfer (SAFT), ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0620 (iPlanet Calendar Server 5.0p2 and earlier allows a local attacker to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0619 (The Lucent Closed Network protocol can allow remote attackers to join ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0618 (Orinoco RG-1000 wireless Residential Gateway uses the last 5 digits of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0617 (Allied Telesyn AT-AR220e cable/DSL router firmware 1.08a RC14 with the ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0614 (Carello E-Commerce 1.2.1 and earlier allows a remote attacker to gain ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0610 (kfm as included with KDE 1.x can allow a local attacker to gain ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0609 (Format string vulnerability in Infodrom cfingerd 1.4.3 and earlier ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0608 (HP architected interface facility (AIF) as includes with MPE/iX 5.5 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0607 (asecure as included with HP-UX 10.01 through 11.00 can allow a local ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0606 (Vulnerability in iPlanet Web Server 4.X in HP-UX 11.04 (VVOS) with ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0605 (Headlight Software MyGetright prior to 1.0b allows a remote attacker ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0604 (Lotus Domino R5 prior to 5.0.7 allows a remote attacker to create a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0603 (Lotus Domino R5 prior to 5.0.7 allows a remote attacker to create a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0602 (Lotus Domino R5 prior to 5.0.7 allows a remote attacker to create a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0601 (Lotus Domino R5 prior to 5.0.7 allows a remote attacker to create a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0600 (Lotus Domino R5 prior to 5.0.7 allows a remote attacker to create a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0599 (Sybase Adaptive Server Anywhere Database Engine 6.0.3.2747 and earlier ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0598 (Symantec Ghost 6.5 and earlier allows a remote attacker to create a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0597 (Zetetic Secure Tool for Recalling Important Passwords (STRIP) 0.5 and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0592 (Watchguard Firebox II prior to 4.6 allows a remote attacker to create ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0588 (sendmail 8.9.3, as included with the MMDF 2.43.3b package in SCO ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0587 (deliver program in MMDF 2.43.3b in SCO OpenServer 5.0.6 can allow a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0584 (IMAP server in Alt-N Technologies MDaemon 3.5.6 allows a local user to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0583 (Alt-N Technologies MDaemon 3.5.4 allows a remote attacker to create a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0582 (Ben Spink CrushFTP FTP Server 2.1.6 and earlier allows a local ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0581 (Spytech Spynet Chat Server 6.5 allows a remote attacker to create a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0580 (Hughes Technologies Virtual DNS (VDNS) Server 1.0 allows a remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0579 (lpadmin in SCO OpenServer 5.0.6 can allow a local attacker to gain ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0578 (Buffer overflow in lpforms in SCO OpenServer 5.0-5.0.6 can allow a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0577 (recon in SCO OpenServer 5.0 through 5.0.6 can allow a local attacker ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0576 (lpusers as included with SCO OpenServer 5.0 through 5.0.6 allows a  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0575 (Buffer overflow in lpshut in SCO OpenServer 5.0.6 can allow a local ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0572 (The SSH protocols 1 and 2 (aka SSH-2) as implemented in OpenSSH and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0571 (Directory traversal vulnerability in the web server for (1) Elron ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0570 (minicom 1.83.1 and earlier allows a local attacker to gain additional ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0569 (Digital Creations Zope 2.3.1 b1 and earlier contains a problem in the ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0568 (Digital Creations Zope 2.3.1 b1 and earlier allows a local attacker ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0566 (Cisco Catalyst 2900XL switch allows a remote attacker to create a denial ...)
	NOT-FOR-US: Cisco
CVE-2001-0562 (a1disp.cgi program in Drummond Miles A1Stats prior to 1.6 allows a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0561 (Directory traversal vulnerability in Drummond Miles A1Stats prior to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0557 (T. Hauck Jana Webserver 1.46 and earlier allows a remote attacker to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0556 (The Nirvana Editor (NEdit) 5.1.1 and earlier allows a local attacker ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0555 (ScreamingMedia SITEWare versions 2.5 through 3.1 allows a remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0552 (ovactiond in HP OpenView Network Node Manager (NNM) 6.1 and Tivoli ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0551 (Buffer overflow in CDE Print Viewer (dtprintinfo) allows local users ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0542 (Buffer overflows in Microsoft SQL Server 7.0 and 2000 allow attackers ...)
	NOT-FOR-US: Microsoft
CVE-2001-0539
	RESERVED
CVE-2001-0535 (Example applications (Exampleapps) in ColdFusion Server 4.x do not ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0534 (Multiple buffer overflows in RADIUS daemon radiusd in (1) Merit 3.6b ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0532
	RESERVED
CVE-2001-0531
	RESERVED
CVE-2001-0524 (eEye SecureIIS versions 1.0.3 and earlier does not perform length ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0523 (eEye SecureIIS versions 1.0.3 and earlier allows a remote attacker to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0521 (Aladdin eSafe Gateway versions 3.0 and earlier allows a remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0520 (Aladdin eSafe Gateway versions 3.0 and earlier allows a remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0519 (Aladdin eSafe Gateway versions 2.x allows a remote attacker to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0516 (Oracle listener between Oracle 9i and Oracle 8.0 allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0515 (Oracle Listener in Oracle 7.3 and 8i allows remote attackers to cause ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0509 (Vulnerabilities in RPC servers in (1) Microsoft Exchange Server 2000 ...)
	NOT-FOR-US: Microsoft
CVE-2001-0505 (Multiple memory leaks in Microsoft Services for Unix 2.0 allow remote ...)
	NOT-FOR-US: Microsoft
CVE-2001-0499 (Buffer overflow in Transparent Network Substrate (TNS) Listener in ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0498 (Transparent Network Substrate (TNS) over Net8 (SQLNet) in Oracle 8i ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0496 (kdesu in kdelibs package creates world readable temporary files ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0492 (Netcruiser Web server version 0.1.2.8 and earlier allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0491 (Directory traversal vulnerability in RaidenFTPD Server 2.1 before ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0490 (Buffer overflow in WINAMP 2.6x and 2.7x allows attackers to execute ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0484 (Tektronix PhaserLink 850 does not require authentication for access to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0483 (Configuration error in Axent Raptor Firewall 6.5 allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0480 (Directory traversal vulnerability in Alex's FTP Server 0.7 allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0479 (Directory traversal vulnerability in phpPgAdmin 2.2.1 and earlier ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0478 (Directory traversal vulnerability in phpMyAdmin 2.2.0 and earlier ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0477 (Vulnerability in WebCalendar 0.9.26 allows remote command execution. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0476 (Multiple buffer overflows in s.cgi program in Aspseek search engine ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0472 (Hursley Software Laboratories Consumer Transaction Framework (HSLCTF) ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0471 (SSH daemon version 1 (aka SSHD-1 or SSH-1) 1.2.30 and earlier does not ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0470 (Buffer overflow in SNMP proxy agent snmpd in Solaris 8 may allow local ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0468 (Buffer overflow in FTPFS allows local users to gain root privileges ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0466 (Directory traversal vulnerability in ustorekeeper 1.61 allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0464 (Buffer overflow in websync.exe in Cyberscheduler allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0460 (Websweeper 4.0 does not limit the length of certain HTTP headers, ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0459 (Buffer overflows in ascdc Afterstep while running setuid allows local ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0458 (Multiple buffer overflows in ePerl before 2.2.14-0.7 allow local and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0454 (Directory traversal vulnerability in SlimServe HTTPd 1.1a allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0453 (Directory traversal vulnerability in BRS WebWeaver HTTP server ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0452 (BRS WebWeaver FTP server before 0.64 Beta allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0451 (INDEXU 2.0 beta and earlier allows remote attackers to bypass ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0450 (Directory traversal vulnerability in Transsoft FTP Broker before 5.5 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0448 (Web configuration server in 602Pro LAN SUITE allows remote attackers ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0447 (Web configuration server in 602Pro LAN SUITE allows remote attackers ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0446 (IBM WCS (WebSphere Commerce Suite) 4.0.1 with Application Server 3.0.2 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0443 (Buffer overflow in QPC QVT/Net Popd 4.20 in QVT/Net 5.0 allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0441 (Buffer overflow in (1) wrapping and (2) unwrapping functions of slrn ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0438 (Preview version of Timbuktu for Mac OS X allows local users to modify ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0437 (upload_file.pl in DCForum 2000 1.0 allows remote attackers to upload ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0436 (dcboard.cgi in DCForum 2000 1.0 allows remote attackers to execute ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0435 (The split key mechanism used by PGP 7.0 allows a key share holder to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0433 (Buffer overflow in Savant 3.0 web server allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0432 (Buffer overflows in various CGI programs in the remote administration ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0431 (Vulnerability in iPlanet Web Server Enterprise Edition 4.x. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0426 (Buffer overflow in dtsession on Solaris, and possibly other operating ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0425 (AdLibrary.pm in AdCycle 0.78b allows remote attackers to gain ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0424 (BubbleMon 1.31 does not properly drop group privileges before ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0421 (FTP server in Solaris 8 and earlier allows local and remote attackers ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0420 (Directory traversal vulnerability in talkback.cgi program allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0419 (Buffer overflow in shared library ndwfn4.so for iPlanet Web Server ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0418 (content.pl script in NCM Content Management System allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0417 (Kerberos 4 (aka krb4) allows local users to overwrite arbitrary files ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0415 (REDIPlus program, REDI.exe, stores passwords and user names in ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0411 (Reliant Unix 5.44 and earlier allows remote attackers to cause a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0410 (Buffer overflow in Trend Micro Virus Buster 2001 8.02 allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0406 (Samba before 2.2.0 allows local attackers to overwrite arbitrary files ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0404 (Directory traversal vulnerability in JavaServer Web Dev Kit (JSWDK) ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0403 (/opt/JSparm/bin/perfmon program in Solaris allows local users to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0401 (Buffer overflow in tip in Solaris 8 and earlier allows local users to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0400 (nph-maillist.pl allows remote attackers to execute arbitrary commands ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0399 (Caucho Resin 1.3b1 and earlier allows remote attackers to read source ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0398 (The BAT! mail client allows remote attackers to bypass user warnings ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0397 (Buffer overflow in Silent Runner Collector (SRC) 1.6.1 allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0396 (The pre-login mode in the System Administrator interface of Lightwave ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0395 (Lightwave ConsoleServer 3200 does not disconnect users after ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0393 (Navision Financials Server 2.0 allows remote attackers to cause a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0392 (Navision Financials Server 2.60 and earlier allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0391 (Xitami 2.5d4 and earlier allows remote attackers to crash the server ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0390 (IBM Websphere/NetCommerce3 3.1.2 allows remote attackers to cause a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0389 (IBM Websphere/NetCommerce3 3.1.2 allows remote attackers to determine ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0385 (GoAhead webserver 2.1 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0384 (ppd in Reliant Sinix allows local users to corrupt arbitrary files via ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0382 (Computer Associates CCC\Harvest 5.0 for Windows NT/2000 uses weak ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0381 (The OpenPGP PGP standard allows an attacker to determine the private ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0380 (Crosscom/Olicom XLT-F running XL 80 IM Version 5.5 Build Level 2 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0376 (SonicWALL Tele2 and SOHO firewalls with 6.0.0.0 firmware using IPSEC ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0374 (The HTTP server in Compaq web-enabled management software for (1) ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0372 (Akopia Interchange 4.5.3 through 4.6.3 installs demo stores with a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0370 (fcheck prior to 2.57.59 calls the file signature checking program ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0369 (Buffer overflow in lpsched on DGUX version R4.20MU06 and MU02 allows a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0367 (Mirabilis ICQ WebFront Plug-in ICQ2000b Build 3278 allows a remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0360 (Directory traversal vulnerability in help.cgi in Ikonboard 2.1.7b and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0359 (Format string vulnerability in Sierra Half-Life build 1573 and earlier ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0358 (Buffer overflows in Sierra Half-Life build 1573 and earlier allow ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0357 (FormMail.pl in FormMail 1.6 and earlier allows a remote attacker to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0355 (Novell Groupwise 5.5 (sp1 and sp2) allows a remote user to access ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0354 (TheNet CheckBO 1.56 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0352 (SNMP agents in 3Com AirConnect AP-4111 and Symbol 41X1 Access Point ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0350 (Microsoft Windows 2000 telnet service creates named pipes with ...)
	NOT-FOR-US: Microsoft
CVE-2001-0349 (Microsoft Windows 2000 telnet service creates named pipes with ...)
	NOT-FOR-US: Microsoft
CVE-2001-0343
	RESERVED
CVE-2001-0342
	RESERVED
CVE-2001-0337 (The Microsoft MS01-014 and MS01-016 patches for IIS 5.0 and earlier ...)
	NOT-FOR-US: Microsoft
CVE-2001-0332 (Internet Explorer 5.5 and earlier does not properly verify the domain ...)
	NOT-FOR-US: Microsoft
CVE-2001-0329 (Bugzilla 2.10 allows remote attackers to execute arbitrary commands ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0328 (TCP implementations that use random increments for initial sequence ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0325 (Buffer overflow in QNX RTP 5.60 allows remote attackers to cause a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0324 (Windows 98 and Windows 2000 Java clients allow remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0323 (The ICMP path MTU (PMTU) discovery feature in various UNIX systems ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0322 (MSHTML.DLL HTML parser in Internet Explorer 4.0, and other versions, ...)
	NOT-FOR-US: Microsoft
CVE-2001-0320 (bb_smilies.php and bbcode_ref.php in PHP-Nuke 4.4 allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0315 (The locking feature in mIRC 5.7 allows local users to bypass the ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0314 (Buffer overflow in www.tol module in America Online (AOL) 5.0 may ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0313 (Borderware Firewall Server 6.1.2 allows remote attackers to cause a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0312 (IBM WebSphere plugin for Netscape Enterprise server allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0308 (UploadServlet in Bajie HTTP JServer 0.78, and possibly other versions ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0307 (Bajie HTTP JServer 0.78, and other versions before 0.80, allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0306 (Directory traversal vulnerability in ITAfrica WEBactive HTTP Server ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0305 (Directory traversal vulnerability in store.cgi in Thinking Arts ES.One ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0304 (Directory traversal vulnerability in Caucho Resin 1.2.2 allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0303 (tstisapi.dll in Pi3Web 1.0.1 web server allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0302 (Buffer overflow in tstisapi.dll in Pi3Web 1.0.1 web server allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0300 (oidldapd 2.1.1.1 in Oracle 8.1.7 records log files in a directory ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0298 (Buffer overflow in WebReflex 1.55 HTTPd allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0297 (Directory traversal vulnerability in Simple Server HTTPd 1.0 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0296 (Buffer overflow in WFTPD Pro 3.00 allows remote attackers to execute ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0294 (Directory traversal vulnerability in TYPSoft FTP Server 0.85 allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0293 (Directory traversal vulnerability in FtpXQ FTP server 2.0.93 allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0292 (PHP-Nuke 4.4.1a allows remote attackers to modify a user's email ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0291 (Buffer overflow in post-query sample CGI program allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0286 (Directory traversal vulnerability in A1 HTTP server 1.0a allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0285 (Buffer overflow in A1 HTTP server 1.0a allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0283 (Directory traversal vulnerability in SunFTP build 9 allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0282 (SEDUM 2.1 HTTP server allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0281 (Format string vulnerability in DbgPrint function, used in debug ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0277 (Buffer overflow in ext.dll in BadBlue 1.02.07 Personal Edition allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0275 (Moby Netsuite Web Server 1.02 allows remote attackers to cause a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0273 (pgp4pine Pine/PGP interface version 1.75-6 does not properly check to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0272 (Directory traversal vulnerability in sendtemp.pl in W3.org Anaya Web ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0271 (mailnews.cgi 1.3 and earlier allows remote attackers to execute ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0270 (Marconi ASX-1000 ASX switches allow remote attackers to cause a denial ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0264 (Gene6 G6 FTP Server 2.0 (aka BPFTP Server 2.10) allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0263 (Gene6 G6 FTP Server 2.0 (aka BPFTP Server 2.10) allows attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0262 (Buffer overflow in Netscape SmartDownload 1.3 allows remote attackers ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0261 (Microsoft Windows 2000 Encrypted File System does not properly destroy ...)
	NOT-FOR-US: Microsoft
CVE-2001-0258 (The Easycom/Safecom Print Server (firmware 404.590) PrintGuide server ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0257 (Buffer overflow in Easycom/Safecom Print Server Web service, version ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0256 (FaSTream FTP++ Server 2.0 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0255 (FaSTream FTP++ Server 2.0 allows remote attackers to list arbitrary ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0254 (FaSTream FTP++ Server 2.0 allows remote attackers to obtain the real ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0253 (Directory traversal vulnerability in hsx.cgi program in iWeb Hyperseek ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0251 (The Web Publishing feature in Netscape Enterprise Server 3.x allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0250 (The Web Publishing feature in Netscape Enterprise Server 4.x and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0249 (Heap overflow in FTP daemon in Solaris 8 allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0248 (Buffer overflow in FTP server in HPUX 11 allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0247 (Buffer overflows in BSD-based FTP servers allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0246 (Internet Explorer 5.5 and earlier does not properly verify the domain ...)
	NOT-FOR-US: Microsoft
CVE-2001-0242 (Buffer overflows in Microsoft Windows Media Player 7 and earlier allow ...)
	NOT-FOR-US: Microsoft
CVE-2001-0232 (newsdesk.cgi in News Desk 1.2 allows remote attackers to read ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0231 (Directory traversal vulnerability in newsdesk.cgi in News Desk 1.2 allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0229 (Chili!Soft ASP for Linux before 3.6 does not properly set group ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0228 (Directory traversal vulnerability in GoAhead web server 2.1 and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0227 (Buffer overflow in BiblioWeb web server 2.0 allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0226 (Directory traversal vulnerability in BiblioWeb web server 2.0 allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0225 (fortran math component in Infobot 0.44.5.3 and earlier allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0224 (Muscat Empower CGI program allows remote attackers to obtain the ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0223 (Buffer overflow in wwwwais allows remote attackers to execute ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0220 (Buffer overflow in ja-elvis and ko-helvis ports of elvis allow local ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0217 (Directory traversal vulnerability in PALS Library System pals-cgi ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0216 (PALS Library System pals-cgi program allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0214 (Way-board CGI program allows remote attackers to read arbitrary files ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0213 (Buffer overflow in pi program in PlanetIntra 2.5 allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0212 (Directory traversal vulnerability in HIS Auktion 1.62 allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0211 (Directory traversal vulnerability in WebSPIRS 3.1 allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0210 (Directory traversal vulnerability in commerce.cgi CGI program allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0209 (Buffer overflow in Shoutcast Distributed Network Audio Server (DNAS) ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0208 (MicroFocus Cobol 4.1, with the AppTrack feature enabled, installs the ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0206 (Directory traversal vulnerability in Soft Lite ServerWorx 3.00 allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0205 (Directory traversal vulnerability in AOLserver 3.2 and earlier allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0202 (Picserver web server allows remote attackers to read arbitrary files ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0201 (The Postaci frontend for PostgreSQL does not properly filter ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0200 (HSWeb 2.0 HTTP server allows remote attackers to obtain the physical ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0199 (Directory traversal vulnerability in SEDUM HTTP Server 2.0 allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0198 (Buffer overflow in QuickTime Player plugin 4.1.2 (Japanese) allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0192 (Buffer overflows in CTRLServer in XMail allows attackers to execute ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0188 (GoodTech FTP server 3.0.1.2.1.0 and earlier allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0186 (Directory traversal vulnerability in Free Java Web Server 1.0 allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0184 (eEye Iris 1.01 beta allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0181 (Format string vulnerability in the error logging code of DHCP server ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0180 (Lars Ellingsen guestserver.cgi allows remote attackers to execute ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0177 (WebMaster ConferenceRoom 1.8.1 allows remote attackers to cause a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0173 (Buffer overflow in qDecoder library 5.08 and earlier, as used in ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0172 (Buffer overflow in ReiserFS 3.5.28 in SuSE Linux allows local users to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0171 (Buffer overflow in SlimServe HTTPd 1.0 allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0168 (Buffer overflow in AT&amp;T WinVNC (Virtual Network Computing) server ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0167 (Buffer overflow in AT&amp;T WinVNC (Virtual Network Computing) client ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0163 (Cisco AP340 base station produces predictable TCP Initial Sequence ...)
	NOT-FOR-US: Cisco
CVE-2001-0162 (WinCE 3.0.9348 generates predictable TCP Initial Sequence Numbers ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0161 (Cisco 340-series Aironet access point using firmware 11.01 does not ...)
	NOT-FOR-US: Cisco
CVE-2001-0160 (Lucent/ORiNOCO WaveLAN cards generate predictable Initialization ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0159
	RESERVED
CVE-2001-0158
	RESERVED
CVE-2001-0146 (IIS 5.0 and Microsoft Exchange 2000 allow remote attackers to cause a ...)
	NOT-FOR-US: Microsoft
CVE-2001-0145 (Buffer overflow in VCard handler in Outlook 2000 and 98, and Outlook ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0135 (The default installation of Ultraboard 2000 2.11 creates the Skins, ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0134 (Buffer overflow in cpqlogin.htm in web-enabled agents for various ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0133 (The web administration interface for Interscan VirusWall 3.6.x and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0132 (Interscan VirusWall 3.6.x and earlier follows symbolic links when ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0131 (htpasswd and htdigest in Apache 2.0a9, 1.3.14, and others allows local ...)
	{DSA-195 DSA-188 DSA-187}
	- apache-perl 1.3.26-1.1-1.27-3-1
	- apache 1.3.27-1
CVE-2001-0127 (Buffer overflow in Olivier Debon Flash plugin (not the Macromedia ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0114 (statsconfig.pl in OmniHTTPd 2.07 allows remote attackers to overwrite ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0113 (statsconfig.pl in OmniHTTPd 2.07 allows remote attackers to execute ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0112 (Multiple buffer overflows in splitvt before 1.6.5 allow local users ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0107 (Veritas Backup agent on Linux allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0104 (MDaemon Pro 3.5.1 and earlier allows local users to bypass the &quot;lock ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0103 (CoffeeCup Direct and Free FTP clients uses weak encryption to store ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0102 (&quot;Multiple Users&quot; Control Panel in Mac OS 9 allows Normal users to gain ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0101 (Vulnerability in fetchmail 5.5.0-2 and earlier in the AUTHENTICATE ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0098 (Buffer overflow in Bea WebLogic Server before 5.1.0 allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0097 (The Web interface for Infinite Interchange 3.6.1 allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0093 (Vulnerability in telnetd in FreeBSD 1.5 allows local users to gain ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0088 (common.inc.php in phpWebLog 0.4.2 does not properly initialize the ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0087 (itetris/xitetris 1.6.2 and earlier trusts the PATH environmental ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0086 (CGI Script Center Subscribe Me LITE 2.0 and earlier allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0084 (GTK+ library allows local users to specify arbitrary modules via the ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0082 (Check Point VPN-1/FireWall-1 4.1 SP2 with Fastmode enabled allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0079 (Support Tools Manager (STM) A.22.00 for HP-UX allows local users to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0076 (register.cgi in Ikonboard 2.1.7b and earlier allows remote attackers ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0075 (Directory traversal vulnerability in main.cgi in Technote allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0074 (Directory traversal vulnerability in print.cgi in Technote allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0073 (Buffer overflow in the find_default_type function in libsecure in NSA ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0070 (Buffer overflow in 1st Up Mail Server 4.1 allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0068 (Mac OS Runtime for Java (MRJ) 2.2.3 allows remote attackers to use ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0067 (The installation of J-Pilot creates the .jpilot directory with the ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0065 (Buffer overflow in bftpd 1.0.13 allows remote attackers to cause a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0064 (Webconfig, IMAP, and other services in MDaemon 3.5.0 and earlier ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0052 (IBM DB2 Universal Database version 6.1 allows users to cause a denial ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0051 (IBM DB2 Universal Database version 6.1 creates an account with a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0049 (WatchGuard SOHO FireWall 2.2.1 and earlier allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0048 (The &quot;Configure Your Server&quot; tool in Microsoft 2000 domain controllers ...)
	NOT-FOR-US: Microsoft
CVE-2001-0047 (The default permissions for the MTS Package Administration registry ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0046 (The default permissions for the SNMP Parameters registry key in ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0045 (The default permissions for the RAS Administration key in Windows NT ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0044 (Multiple buffer overflows in Lexmark MarkVision printer driver ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0038 (Offline Explorer 1.4 before Service Release 2 allows remote attackers ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0037 (Directory traversal vulnerability in HomeSeer before 1.4.29 allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0032 (Format string vulnerability in ssldump possibly allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0031 (BroadVision One-To-One Enterprise allows remote attackers to determine ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0030 (FoolProof 3.9 allows local users to bypass program execution ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0029 (Buffer overflow in oops WWW proxy server 1.4.6 (and possibly other ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0027 (mod_sqlpw module in ProFTPD does not reset a cached password when a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0025 (ad.cgi CGI program by Leif Wright allows remote attackers to execute ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0024 (simplestmail.cgi CGI program by Leif Wright allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0023 (everythingform.cgi CGI program by Leif Wright allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0022 (simplestguest.cgi CGI program by Leif Wright allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0019 (Arrowpoint (aka Cisco Content Services, or CSS) allows local users to ...)
	NOT-FOR-US: Cisco
CVE-2000-1214 (Buffer overflows in the (1) outpack or (2) buf variables of ping in ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1213 (ping in iputils before 20001010, as distributed on Red Hat Linux 6.2 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1209 (The &quot;sa&quot; account is installed with a default null password on (1) ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1208 (Format string vulnerability in startprinting() function of printjob.c ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1207 (userhelper in the usermode package on Red Hat Linux executes ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1206 (Vulnerability in Apache httpd before 1.3.11, when configured for mass ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1205 (Cross site scripting vulnerabilities in Apache 1.3.0 through 1.3.11 ...)
	- apache 1.3.11 (unimportant)
	NOTE: only an example script /usr/share/doc/apache-common/examples/
CVE-2000-1204 (Vulnerability in the mod_vhost_alias virtual hosting module for Apache ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1202 (ikeyman in IBM IBMHSSSB 1.0 sets the CLASSPATH environmental variable ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1201 (Check Point FireWall-1 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1199 (PostgreSQL stores usernames and passwords in plaintext in (1) ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1198 (qpopper POP server creates lock files with predictable names, which ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1197 (POP2 or POP3 server (pop3d) in imap-uw IMAP package on FreeBSD and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1194 (Argosoft FRP server 1.0 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1192 (Buffer overflow in BTT Software SNMP Trap Watcher 1.16 allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1191 (htsearch program in htDig 3.2 beta, 3.1.6, 3.1.5, and earlier allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1188 (Directory traversal vulnerability in Quikstore shopping cart program ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1186 (Buffer overflow in phf CGI program allows remote attackers to execute ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1185 (The telnet proxy in RideWay PN proxy server allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1183 (Buffer overflow in socks5 server on Linux allows attackers to execute ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1177 (bb-hist.sh, bb-histlog.sh, bb-hostsvc.sh, bb-rep.sh, bb-replog.sh, and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1176 (Directory traversal vulnerability in YaBB search.pl CGI script allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1175 (Buffer overflow in Koules 1.4 allows local users to execute arbitrary ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1173 (Microsys CyberPatrol uses weak encryption (trivial encoding) for ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1172 (Buffer overflow in Gaim 0.10.3 and earlier using the OSCAR protocol ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1168 (IBM HTTP Server 1.3.6 (based on Apache) allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1161 (The installation of AdCycle banner management system leaves the ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1160 (NAI Sniffer Agent allows remote attackers to cause a denial of service ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1159 (NAI Sniffer Agent allows remote attackers to gain privileges on the agent ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1158 (NAI Sniffer Agent uses base64 encoding for authentication, which ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1157 (Buffer overflow in NAI Sniffer Agent allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1156 (StarOffice 5.2 follows symlinks and sets world-readable permissions ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1155 (RHDaemon in RobinHood 1.1 web server in BeOS r5 pro and earlier allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1154 (RHConsole in RobinHood 1.1 web server in BeOS r5 pro and earlier allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1153 (PostMaster 1.0 in BeOS r5 pro and earlier allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1152 (Browser IRC client in BeOS r5 pro and earlier allows remote attackers ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1151 (Baxter IRC client in BeOS r5 pro and earlier allows remote attackers ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1150 (Felix IRC client in BeOS r5 pro and earlier allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1147 (Buffer overflow in IIS ISAPI .ASP parsing mechanism allows attackers ...)
	NOT-FOR-US: Microsoft
CVE-2000-1138 (Lotus Notes R5 client R5.0.5 and earlier does not properly warn users ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1134 (Multiple shell programs on various Unix systems, including (1) tcsh, ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1133 (Authentix Authentix100 allows remote attackers to bypass ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1130 (McAfee WebShield SMTP 4.5 allows remote attackers to bypass email ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1129 (McAfee WebShield SMTP 4.5 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1128 (The default configuration of McAfee VirusScan 4.5 does not quote the ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1127 (registrar in the HP resource monitor service allows local users to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1126 (Vulnerability in auto_parms and set_parms in HP-UX 11.00 and earlier ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1125 (restore 0.4b15 and earlier in Red Hat Linux 6.2 trusts the pathname ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1118 (24Link 1.06 web server allows remote attackers to bypass access ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1117 (The Extended Control List (ECL) feature of the Java Virtual Machine ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1116 (Buffer overflow in TransSoft Broker FTP Server before 4.3.0.1 allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1114 (Unify ServletExec AS v3.0C allows remote attackers to read source code ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1110 (document.d2w CGI program in the IBM Net.Data db2www package allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1105 (The ixsso.query ActiveX Object is marked as safe for scripting, which ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1104 (Variant of the &quot;IIS Cross-Site Scripting&quot; vulnerability as originally ...)
	NOT-FOR-US: Microsoft
CVE-2000-1103 (rcvtty in BSD 3.0 and 4.0 does not properly drop privileges before ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1102 (PTlink IRCD 3.5.3 and PTlink Services 1.8.1 allow remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1100 (The default configuration for PostACI webmail system installs the ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1098 (The web server for the SonicWALL SOHO firewall allows remote attackers ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1093 (Buffer overflow in AOL Instant Messenger before 4.3.2229 allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1092 (loadpage.cgi CGI program in EZshopper 3.0 and 2.0 allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1090 (Microsoft IIS for Far East editions 4.0 and 5.0 allows remote attackers ...)
	NOT-FOR-US: Microsoft
CVE-2000-1088 (The xp_SetSQLSecurity function in Microsoft SQL Server 2000 and SQL ...)
	NOT-FOR-US: Microsoft
CVE-2000-1087 (The xp_proxiedmetadata function in Microsoft SQL Server 2000 and SQL ...)
	NOT-FOR-US: Microsoft
CVE-2000-1086 (The xp_printstatements function in Microsoft SQL Server 2000 and SQL ...)
	NOT-FOR-US: Microsoft
CVE-2000-1085 (The xp_peekqueue function in Microsoft SQL Server 2000 and SQL Server ...)
	NOT-FOR-US: Microsoft
CVE-2000-1084 (The xp_updatecolvbm function in SQL Server and Microsoft SQL Server ...)
	NOT-FOR-US: Microsoft
CVE-2000-1083 (The xp_showcolv function in SQL Server and Microsoft SQL Server ...)
	NOT-FOR-US: Microsoft
CVE-2000-1082 (The xp_enumresultset function in SQL Server and Microsoft SQL Server ...)
	NOT-FOR-US: Microsoft
CVE-2000-1081 (The xp_displayparamstmt function in SQL Server and Microsoft SQL ...)
	NOT-FOR-US: Microsoft
CVE-2000-1079 (Interactions between the CIFS Browser Protocol and NetBIOS as ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1078 (ICQ Web Front HTTPd allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1076 (Netscape (iPlanet) Certificate Management System 4.2 and Directory ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1066 (The getnameinfo function in FreeBSD 4.1.1 and earlier, and possibly ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1065 (Vulnerability in IP implementation of HP JetDirect printer card ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1064 (Buffer overflow in the LPD service in HP JetDirect printer card ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1063 (Buffer overflow in the Telnet service in HP JetDirect printer card ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1062 (Buffer overflow in the FTP service in HP JetDirect printer card ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1053 (Allaire JRun 2.3.3 server allows remote attackers to compile and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1052 (Allaire JRun 2.3 server allows remote attackers to obtain source code ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1048 (Directory traversal vulnerability in the logfile service of Wingate ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1046 (Multiple buffer overflows in the ESMTP service of Lotus Domino 5.0.2c ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1039 (Various TCP/IP stacks and network applications allow remote attackers ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1037 (Check Point Firewall-1 session agent 3.0 through 4.1 generates ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1035 (Buffer overflows in TYPSoft FTP Server 0.78 and earlier allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1033 (Serv-U FTP Server allows remote attackers to bypass its anti-hammering ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1030 (CS&amp;T CorporateTime for the Web returns different error messages for ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1029 (Buffer overflow in host command allows a remote attacker to execute ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1028 (Buffer overflow in cu program in HP-UX 11.0 may allow local users to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1025 (eWave ServletExec JSP/Java servlet engine, versions 3.0C and earlier, ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1023 (The Alabanza Control Panel does not require passwords to access ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1021 (Heap overflow in WebConfig in Mdaemon 3.1.1 and earlier allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1020 (Heap overflow in Worldclient in Mdaemon 3.1.1 and earlier allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1017 (Webteachers Webdata allows remote attackers with valid Webdata ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1015 (The default configuration of Slashcode before version 2.0 Alpha has a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1013 (The setlocale function in FreeBSD 5.0 and earlier, and possibly other ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1012 (The catopen function in FreeBSD 5.0 and earlier, and possibly other ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1009 (dump in Red Hat Linux 6.2 trusts the pathname specified by the RSH ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1008 (PalmOS 3.5.2 and earlier uses weak encryption to store the user ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0999 (Format string vulnerabilities in OpenBSD ssh program (and possibly ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0998 (Format string vulnerability in top program allows local attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0997 (Format string vulnerabilities in eeprom program in OpenBSD, NetBSD, ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0988 (WinU 1.0 through 5.1 has a backdoor password that allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0987 (Buffer overflow in oidldapd in Oracle 8.1.6 allow local users to gain ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0986 (Buffer overflow in Oracle 8.1.5 applications such as names, namesctl, ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0985 (Buffer overflow in All-Mail 1.1 allows remote attackers to execute ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0971 (Avirt Mail 4.0 and 4.2 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0963 (Buffer overflow in ncurses library allows local users to execute ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0955 (Cisco Virtual Central Office 4000 (VCO/4K) uses weak encryption to ...)
	NOT-FOR-US: Cisco
CVE-2000-0954 (Shambala Server 4.5 stores passwords in plaintext, which could allow ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0950 (Format string vulnerability in x-gw in TIS Firewall Toolkit (FWTK) ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0940 (Directory traversal vulnerability in Metertek pagelog.cgi allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0939 (Samba Web Administration Tool (SWAT) in Samba 2.0.7 allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0931 (Buffer overflow in Pegasus Mail 3.11 allows remote attackers to cause ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0918 (Format string vulnerability in kvt in KDE 1.1.2 may allow local users ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0916 (FreeBSD 4.1.1 and earlier, and possibly other BSD-based OSes, uses an ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0907 (EServ 2.92 Build 2982 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0906 (Directory traversal vulnerability in Moreover.com cached_feed.cgi ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0905 (QNX Embedded Resource Manager in Voyager web server 2.01B in the demo ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0904 (Voyager web server 2.01B in the demo disks for QNX 405 stores ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0903 (Directory traversal vulnerability in Voyager web server 2.01B in the ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0902 (getalbum.php in PhotoAlbum before 0.9.9 allows remote attackers to read ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0899 (Small HTTP Server 2.01 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0898 (Small HTTP Server 2.01 does not properly process Server Side Includes ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0893 (The presence of the Distributed GL Daemon (dgld) service on port 5232 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0889 (Two Sun security certificates have been compromised, which could allow ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0885 (Buffer overflows in Microsoft Network Monitor (Netmon) allow remote ...)
	NOT-FOR-US: Microsoft
CVE-2000-0882 (Intel Express 500 series switches allow a remote attacker to cause a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0881 (The dccscan setuid program in LPPlus does not properly check if the ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0880 (LPPlus creates the lpdprocess file with world-writeable permissions, ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0879 (LPPlus programs dccsched, dcclpdser, dccbkst, dccshut, dcclpdshut, and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0872 (explorer.php in PhotoAlbum 0.9.9 allows remote attackers to read ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0866 (Interbase 6 SuperServer for Linux allows an attacker to cause a denial ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0857 (The logging capability in muh 2.05d IRC server does not properly ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0855 (SunFTP build 9(1) allows remote attackers to cause a denial of service ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0845 (kdebug daemon (kdebugd) in Digital Unix 4.0F allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0843 (Buffer overflow in pam_smb and pam_ntdom pluggable authentication modules ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0842 (The search97cgi/vtopic&quot; in the UnixWare 7 scohelphttp webserver allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0841 (Buffer overflow in XMail POP3 server before version 0.59 allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0840 (Buffer overflow in XMail POP3 server before version 0.59 allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0836 (Buffer overflow in CamShot WebCam Trial2.6 allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0835 (search.dll Sambar ISAPI Search utility in Sambar Server 4.4 Beta 3 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0833 (Buffer overflow in WinSMTP 1.06f and 2.X allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0832 (Htgrep CGI program allows remote attackers to read arbitrary files by ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0831 (Buffer overflow in Fastream FTP++ 2.0 allows remote attackers to cause ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0828 (Buffer overflow in ddicgi.exe in Mobius DocumentDirect for the ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0827 (Buffer overflow in the web authorization form of Mobius DocumentDirect ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0826 (Buffer overflow in ddicgi.exe program in Mobius DocumentDirect for the ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0817 (Buffer overflow in the HTTP protocol parser for Microsoft Network ...)
	NOT-FOR-US: Microsoft
CVE-2000-0812 (The administration module in Sun Java web server allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0802 (The BAIR program does not properly restrict access to the Internet ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0801 (Buffer overflow in bdf program in HP-UX 11.00 may allow local users to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0800 (String parsing error in rpc.kstatd in the linuxnfs or knfsd packages ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0798 (The truncate function in IRIX 6.x does not properly check for ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0794 (Buffer overflow in IRIX libgl.so library allows local users to gain ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0793 (Norton AntiVirus 5.00.01C with the Novell Netware client does not ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0791 (Trustix installs the httpsd program for Apache-SSL with ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0789 (WinU 5.x and earlier uses weak encryption to store its configuration ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0785 (WircSrv IRC Server 5.07s allows IRC operators to read arbitrary files ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0784 (sshd program in the Rapidstream 2.1 Beta VPN appliance has a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0775 (Buffer overflow in RobTex Viking server earlier than 1.06-370 allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0774 (The sample Java servlet &quot;test&quot; in Bajie HTTP web server 0.30a reveals ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0772 (The installation of Tumbleweed Messaging Management System (MMS) 4.6 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0769 (O'Reilly WebSite Pro 2.3.7 installs the uploader.exe program with ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0760 (The Snoop servlet in Jakarta Tomcat 3.1 and 3.0 under Apache reveals ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0759 (Jakarta Tomcat 3.1 under Apache reveals physical path information when ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0757 (The sysgen service in Aptis Totalbill does not perform authentication, ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0756 (Microsoft Outlook 2000 does not properly process long or malformed ...)
	NOT-FOR-US: Microsoft
CVE-2000-0755 (Vulnerability in the newgrp command in HP-UX 11.00 allows local users ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0752 (Buffer overflows in brouted in FreeBSD and possibly other OSes allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0748 (OpenLDAP 1.2.11 and earlier improperly installs the ud binary with ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0746 (Vulnerabilities in IIS 4.0 and 5.0 do not properly protect against ...)
	NOT-FOR-US: Microsoft
CVE-2000-0736 (Buffer overflow in Becky! Internet Mail client 1.26.04 and earlier ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0735 (Buffer overflow in Becky! Internet Mail client 1.26.03 and earlier ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0734 (eEye IRIS 1.01 beta allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0724 (The go-gnome Helix GNOME pre-installer allows local users to overwrite ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0723 (Helix GNOME Updater helix-update 0.5 and earlier does not properly ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0722 (Helix GNOME Updater helix-update 0.5 and earlier allows local users to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0721 (The FSserial, FlagShip_c, and FlagShip_p programs in the FlagShip ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0719 (VariCAD 7.0 is installed with world-writeable files, which allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0715 (DiskCheck script diskcheck.pl in Red Hat Linux 6.2 allows local users to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0714 (umb-scheme 3.2-11 for Red Hat Linux is installed with world-writeable ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0713 (Buffer overflow in Adobe Acrobat 4.05, Reader, Business Tools, and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0710 (The shtml.exe component of Microsoft FrontPage 2000 Server Extensions ...)
	NOT-FOR-US: Microsoft
CVE-2000-0709 (The shtml.exe component of Microsoft FrontPage 2000 Server Extensions ...)
	NOT-FOR-US: Microsoft
CVE-2000-0704 (Buffer overflow in SGI Omron WorldView Wnn allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0701 (The wrapper program in mailman 2.0beta3 and 2.0beta4 does not properly ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0697 (The administration interface for the dwhttpd web server in Solaris ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0696 (The administration interface for the dwhttpd web server in Solaris ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0695 (Buffer overflows in pgxconfig in the Raptor GFX configuration tool ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0692 (ISS RealSecure 3.2.1 and 3.2.2 allows remote attackers to cause a ...)
	- kdebase 4:2.2.2-14.6
CVE-2000-0691 (The faxrunq and faxrunqd in the mgetty package allows local users to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0690 (Auction Weaver CGI script 1.02 and earlier allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0689 (Account Manager LITE does not properly authenticate attempts to change ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0688 (Subscribe Me LITE does not properly authenticate attempts to change ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0687 (Auction Weaver CGI script 1.03 and earlier allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0686 (Auction Weaver CGI script 1.03 and earlier allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0680 (The CVS 1.10.8 server does not properly restrict users from creating ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0667 (Vulnerability in gpm in Caldera Linux allows local users to delete ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0659 (Buffer overflow in AnalogX proxy server 4.04 and earlier allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0658 (Buffer overflow in AnalogX proxy server 4.04 and earlier allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0657 (Buffer overflow in AnalogX proxy server 4.04 and earlier allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0656 (Buffer overflow in AnalogX proxy server 4.04 and earlier allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0653 (Microsoft Outlook Express allows remote attackers to monitor a user's ...)
	NOT-FOR-US: Microsoft
CVE-2000-0649 (IIS 4.0 allows remote attackers to obtain the internal IP address of ...)
	NOT-FOR-US: Microsoft
CVE-2000-0648 (WFTPD and WFTPD Pro 2.41 allows local users to cause a denial of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0647 (WFTPD and WFTPD Pro 2.41 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0646 (WFTPD and WFTPD Pro 2.41 allows remote attackers to obtain the real ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0645 (WFTPD and WFTPD Pro 2.41 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0629 (The default configuration of the Sun Java web server 2.0 and earlier ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0626 (Buffer overflow in Alibaba web server allows remote attackers to cause ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0625 (NetZero 3.0 and earlier uses weak encryption for storing a user's ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0623 (Buffer overflow in O'Reilly WebSite Professional web server 2.4 and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0618 (Buffer overflow in xconq and cconq game programs on Red Hat Linux ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0617 (Buffer overflow in xconq and cconq game programs on Red Hat Linux ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0614 (Tnef program in Linux systems allows remote attackers to overwrite ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0612 (Windows 95 and Windows 98 do not properly process spoofed ARP packets, ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0609 (NetWin dMailWeb and cwMail 2.6g and earlier allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0608 (NetWin dMailWeb and cwMail 2.6i and earlier allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0607 (Buffer overflow in fld program in Kanji on Console (KON) package on ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0606 (Buffer overflow in kon program in Kanji on Console (KON) package on ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0605 (Blackboard CourseInfo 4.0 stores the local and SQL administrator user ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0592 (Buffer overflows in POP3 service in WinProxy 2.0 and 2.0.1 allow ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0589 (SawMill 5.0.21 uses weak encryption to store passwords, which allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0580 (Windows 2000 Server allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0578 (SGI MIPSPro compilers C, C++, F77 and F90 generate temporary files in ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0574 (FTP servers such as OpenBSD ftpd, NetBSD ftpd, ProFTPd and Opieftpd do ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0572 (The Razor configuration management tool uses weak encryption for its ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0564 (The guestbook CGI program in ICQ Web Front service for ICQ 2000a, 99b, ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0563 (The URLConnection function in MacOS Runtime Java (MRJ) 2.1 and earlier ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0562 (BlackIce Defender 2.1 and earlier, and BlackIce Pro 2.0.23 and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0559 (eTrust Intrusion Detection System (formerly SessionWall-3) uses weak ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0554 (Ceilidh allows remote attackers to obtain the real path of the Ceilidh ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0547 (Buffer overflow in Kerberos 4 KDC program allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0546 (Buffer overflow in Kerberos 4 KDC program allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0545 (Buffer overflow in mailx mail command (aka Mail) on Linux systems ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0544 (Windows NT and Windows 2000 hosts allow a remote attacker to cause a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0543 (The command port for PGP Certificate Server 2.5.0 and 2.5.1 allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0535 (OpenSSL 0.9.4 and OpenSSH for FreeBSD do not properly check for the ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0531 (Linux gpm program allows local users to cause a denial of service by ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0527 (userreg.cgi CGI program in MailStudio 2000 2.0 and earlier allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0526 (mailview.cgi CGI program in MailStudio 2000 2.0 and earlier allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0524 (Microsoft Outlook and Outlook Express allow remote attackers to cause ...)
	NOT-FOR-US: Microsoft
CVE-2000-0520 (Buffer overflow in restore program 0.4b17 and earlier in dump package ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0509 (Buffer overflows in the finger and whois demonstration scripts in ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0503 (The IFRAME of the WebBrowser control in Internet Explorer 5.01 allows ...)
	NOT-FOR-US: Microsoft
CVE-2000-0492 (PassWD 1.2 uses weak encryption (trivial encoding) to store passwords, ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0491 (Buffer overflow in the XDMCP parsing code of GNOME gdm, KDE kdm, and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0487 (The Protected Store in Windows 2000 does not properly select the ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0480 (Dragon telnet server allows remote attackers to cause a denial of service ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0479 (Dragon FTP server allows remote attackers to cause a denial of service ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0476 (xterm, Eterm, and rxvt allow an attacker to cause a denial of service ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0473 (Buffer overflow in AnalogX SimpleServer 1.05 allows a remote attacker ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0450 (Vulnerability in bbd server in Big Brother System and Network Monitor ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0449 (Omnis Studio 2.4 uses weak encryption (trivial encoding) for ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0444 (HP Web JetAdmin 6.0 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0434 (The administrative password for the Allmanage web site administration ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0433 (The SuSE aaa_base package installs some system accounts with home ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0429 (A backdoor password in Cart32 3.0 and earlier allows remote attackers ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0423 (Buffer overflow in Netwin DNEWSWEB CGI program allows remote attackers ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0422 (Buffer overflow in Netwin DMailWeb CGI program allows remote attackers ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0420 (The default configuration of SYSKEY in Windows 2000 stores the startup ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0415 (Buffer overflow in Outlook Express 4.x allows attackers to cause a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0413 (The shtml.exe program in the FrontPage extensions package of IIS 4.0 ...)
	NOT-FOR-US: Microsoft
CVE-2000-0412 (The gnapster and knapster clients for Napster do not properly restrict ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0401 (Buffer overflows in redirect.exe and changepw.exe in PDGSoft shopping ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0400 (The Microsoft Active Movie ActiveX Control in Internet Explorer 5 does ...)
	NOT-FOR-US: Microsoft
CVE-2000-0386 (FileMaker Pro 5 Web Companion allows remote attackers to send ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0385 (FileMaker Pro 5 Web Companion allows remote attackers to bypass ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0384 (NetStructure 7110 and 7180 have undocumented accounts (servnow, root, ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0383 (The file transfer component of AOL Instant Messenger (AIM) reveals the ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0365 (Red Hat Linux 6.0 installs the /dev/pts file system with insecure ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0364 (screen and rxvt in Red Hat Linux 6.0 do not properly set the modes of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0358 (ORBit and gnome-session in Red Hat Linux 6.1 allows remote attackers ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0357 (ORBit and esound in Red Hat Linux 6.1 do not use sufficiently random ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0355 (pg and pb in SuSE pbpg 1.x package allows an attacker to read ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0345 (The on-line help system options in Cisco routers allows non-privileged ...)
	NOT-FOR-US: Cisco
CVE-2000-0343 (Buffer overflow in Sniffit 0.3.x with the -L logging option enabled ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0333 (tcpdump, Ethereal, and other sniffer packages allow remote attackers ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0326 (Meeting Maker uses weak encryption (a polyalphabetic substitution ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0325 (The Microsoft Jet database engine allows an attacker to execute ...)
	NOT-FOR-US: Microsoft
CVE-2000-0321 (Buffer overflow in IC Radius package allows a remote attacker to cause ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0317 (Buffer overflow in Solaris 7 lpset allows local users to gain root ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0312 (cron in OpenBSD 2.5 allows local users to gain root privileges via an ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0300 (The default encryption method of PcAnywhere 9.x uses weak encryption, ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0299 (Buffer overflow in WebObjects.exe in the WebObjects Developer 4.5 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0295 (Buffer overflow in LCDproc allows remote attackers to gain root ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0293 (aaa_base in SuSE Linux 6.3, and cron.daily in earlier versions, allow ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0291 (Buffer overflow in Star Office 5.1 allows attackers to cause a denial ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0288 (Infonautics getdoc.cgi allows remote attackers to bypass the payment ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0286 (X fontserver xfs allows local users to cause a denial of service via ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0284 (Buffer overflow in University of Washington imapd version 4.7 allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0281 (Buffer overflow in the Napster client beta 5 allows remote attackers ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0280 (Buffer overflow in the RealNetworks RealPlayer client versions 6 and 7 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0275 (CRYPTOCard CryptoAdmin for PalmOS uses weak encryption to store a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0271 (read-passwd and other Lisp functions in Emacs 20 do not properly clear ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0270 (The make-temp-name Lisp function in Emacs 20 creates temporary files ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0269 (Emacs 20 does not properly set permissions for a slave PTY device when ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0266 (Internet Explorer 5.01 allows remote attackers to bypass the cross ...)
	NOT-FOR-US: Microsoft
CVE-2000-0259 (The default permissions for the Cryptography\Offload registry key used ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0256 (Buffer overflows in htimage.exe and Imagemap.exe in FrontPage 97 and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0250 (The crypt function in QNX uses weak encryption, which allows local ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0248 (The web GUI for the Linux Virtual Server (LVS) software in the Red Hat ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0244 (The Citrix ICA (Independent Computing Architecture) protocol uses weak ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0242 (WindMail allows remote attackers to read arbitrary files or execute ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0241 (vqSoft vqServer stores sensitive information such as passwords in ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0239 (Buffer overflow in the MERCUR WebView WebMail server allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0227 (The Linux 2.2.x kernel does not restrict the number of Unix domain ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0220 (ZoneAlarm sends sensitive system and network information in cleartext ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0219 (Red Hat 6.0 allows local users to gain root access by booting single ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0216 (Microsoft email clients in Outlook, Exchange, and Windows Messaging ...)
	NOT-FOR-US: Microsoft
CVE-2000-0214 (FTP Explorer uses weak encryption for storing the username, password, ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0213 (The Sambar server includes batch files ECHO.BAT and HELLO.BAT in the ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0205 (Trend Micro OfficeScan allows remote attackers to replay ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0204 (The Trend Micro OfficeScan client allows remote attackers to cause a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0203 (The Trend Micro OfficeScan client tmlisten.exe allows remote attackers ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0199 (When a new SQL Server is registered in Enterprise Manager for ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0198 (Buffer overflow in POP3 and IMAP servers in the MERCUR mail server ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0197 (The Windows NT scheduler uses the drive mapping of the interactive ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0190 (AOL Instant Messenger (AIM) client allows remote attackers to cause a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0188 (EZShopper 3.0 search.cgi CGI script allows remote attackers to read ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0187 (EZShopper 3.0 loadpage.cgi CGI script allows remote attackers to read ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0177 (DNSTools CGI applications allow remote attackers to execute arbitrary ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0176 (The default configuration of Serv-U 2.5d and earlier allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0173 (Vulnerability in the EELS system in SCO UnixWare 7.1.x allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0167 (IIS Inetinfo.exe allows local users to cause a denial of service by ...)
	NOT-FOR-US: Microsoft
CVE-2000-0163 (asmon and ascpu in FreeBSD allow local users to gain root privileges ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0160 (The Microsoft Active Setup ActiveX component in Internet Explorer 4.x ...)
	NOT-FOR-US: Microsoft
CVE-2000-0158 (Buffer overflow in MMDF server allows remote attackers to gain ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0155 (Windows NT Autorun executes the autorun.inf file on non-removable ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0154 (The ARCserve agent in UnixWare allows local attackers to modify ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0153 (FrontPage Personal Web Server (PWS) allows remote attackers to read ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0151 (GNU make follows symlinks when it reads a Makefile from stdin, which ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0147 (snmpd in SCO OpenServer has an SNMP community string that is writable ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0143 (The SSH protocol server sshd allows local users without shell access ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0142 (The authentication protocol in Timbuktu Pro 2.0b650 allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0138 (A system has a distributed denial of service (DDOS) attack master, ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0137 (The CartIt shopping cart application allows remote users to modify ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0136 (The Cart32 shopping cart application allows remote users to modify ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0135 (The @Retail shopping cart application allows remote users to modify ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0134 (The Check It Out shopping cart application allows remote users to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0133 (Buffer overflows in Tiny FTPd 0.52 beta3 FTP server allows users to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0132 (Microsoft Java Virtual Machine allows remote attackers to read ...)
	NOT-FOR-US: Microsoft
CVE-2000-0129 (Buffer overflow in the SHGetPathFromIDList function of the Serv-U FTP ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0126 (Sample Internet Data Query (IDQ) scripts in IIS 3 and 4 allow remote ...)
	NOT-FOR-US: Microsoft
CVE-2000-0125 (wwwthreads does not properly cleanse numeric data or table names that ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0124 (surfCONTROL SuperScout does not properly asign a category to web sites ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0123 (The shopping cart application provided with Filemaker allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0122 (Frontpage Server Extensions allows remote attackers to determine the ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0119 (The default configurations for McAfee Virus Scan and Norton Anti-Virus ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0118 (The Red Hat Linux su program does not log failed password guesses if ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0115 (IIS allows local users to cause a denial of service via invalid ...)
	NOT-FOR-US: Microsoft
CVE-2000-0114 (Frontpage Server Extensions allows remote attackers to determine the ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0110 (The WebSiteTool shopping cart application allows remote users to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0109 (The mcsp Client Site Processor system (MultiCSP) in Standard and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0108 (The Intellivend shopping cart application allows remote users to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0106 (The EasyCart shopping cart application allows remote users to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0105 (Outlook Express 5.01 and Internet Explorer 5.01 allow remote attackers ...)
	NOT-FOR-US: Microsoft
CVE-2000-0104 (The Shoptron shopping cart application allows remote users to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0103 (The SmartCart shopping cart application allows remote users to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0102 (The SalesCart shopping cart application allows remote users to modify ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0101 (The Make-a-Store OrderPage shopping cart application allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0096 (Buffer overflow in qpopper 3.0 beta versions allows local users to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0093 (An installation of Red Hat uses DES password encryption with crypt() ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0086 (Netopia Timbuktu Pro sends user IDs and passwords in cleartext, which ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0085 (Hotmail does not properly filter JavaScript code from a user's ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0084 (CuteFTP uses weak encryption to store password information in its ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0082 (WebTV email client allows remote attackers to force the client to send ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0081 (Hotmail does not properly filter JavaScript code from a user's ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0079 (The W3C CERN httpd HTTP server allows remote attackers to determine ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0078 (The June 1999 version of the HP-UX aserver program allows local users ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0077 (The October 1998 version of the HP-UX aserver program allows local ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0074 (PowerScripts PlusMail CGI program allows remote attackers to execute ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0071 (IIS 4.0 allows a remote attacker to obtain the real pathname of the ...)
	NOT-FOR-US: Microsoft
CVE-2000-0069 (The recover program in Solstice Backup allows local users to restore ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0068 (daynad program in Intel InBusiness E-mail Station does not require ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0067 (CyberCash Merchant Connection Kit (MCK) allows local users to modify ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0066 (WebSite Pro allows remote attackers to determine the real pathname of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0061 (Internet Explorer 5 does not modify the security zone for a document ...)
	NOT-FOR-US: Microsoft
CVE-2000-0059 (PHP3 with safe_mode enabled does not properly filter shell ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0058 (Network HotSync program in Handspring Visor does not have ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0055 (Buffer overflow in Solaris chkperm command allows local users to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0054 (search.cgi in the SolutionScripts Home Free package allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0049 (Buffer overflow in Winamp client allows remote attackers to execute ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0047 (Buffer overflow in Yahoo Pager/Messenger client allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0046 (Buffer overflow in ICQ 99b 1.1.1.1 client allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0038 (glFtpD includes a default glftpd user account with a default password ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0035 (resend command in Majordomo allows local users to gain privileges via ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0028 (Internet Explorer 5.0 and 5.01 allows remote attackers to bypass the ...)
	NOT-FOR-US: Microsoft
CVE-2000-0021 (Lotus Domino HTTP server allows remote attackers to determine the real ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0019 (IMail POP3 daemon uses weak encryption, which allows local users to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0017 (Buffer overflow in Linux linuxconf package allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0016 (Buffer overflow in Internet Anywhere POP3 Mail Server allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0008 (FTPPro allows local users to read sensitive information, which is ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0005 (HP-UX aserver program allows local users to gain privileges via a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1572 (cpio on FreeBSD 2.1.0, Debian GNU/Linux 3.0, and possibly other ...)
	{DSA-664-1}
	- cpio 2.5-1.2 (bug #293379)
CVE-1999-1571 (Buffer overflow in sar for SCO OpenServer 5.0.0 through 5.0.5 may ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1570 (Buffer overflow in sar for OpenServer 5.0.5 allows local users to gain ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1569 (Quake 1 and NetQuake servers allow remote attackers to cause a denial ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1567 (Seapine Software TestTrack server allows a remote attacker to cause a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1566 (Buffer overflow in iParty server 1.2 and earlier allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1564 (FreeBSD 3.2 and possibly other versions allows a local user to cause a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1563 (Nachuatec D435 and D445 printer allows remote attackers to cause a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1562 (gFTP FTP client 1.13, and other versions before 2.0.0, records a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1561 (Nullsoft SHOUTcast server stores the administrative password in ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1560 (Vulnerability in a script in Texas A&amp;M University (TAMU) Tiger allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1559 (Xylan OmniSwitch before 3.2.6 allows remote attackers to bypass the ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1558 (Vulnerability in loginout in Digital OpenVMS 7.1 and earlier allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1557 (Buffer overflow in the login functions in IMAP server (imapd) in ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1555 (Cheyenne InocuLAN Anti-Virus Server in Inoculan 4.0 before Service ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1554 (/usr/sbin/Mail on SGI IRIX 3.3 and 3.3.1 does not properly set the ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1553 (Buffer overflow in XCmail 0.99.6 with autoquote enabled allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1552 (dpsexec (DPS Server) when running under XDM in IBM AIX 3.2.5 and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1551 (Buffer overflow in Ipswitch IMail Service 5.0 allows an attacker to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1549 (Lynx 2.x does not properly distinguish between internal and external ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1548 (Cabletron SmartSwitch Router (SSR) 8000 firmware 2.x can only handle ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1547 (Oracle Web Listener 2.1 allows remote attackers to bypass access ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1546 (netstation.navio-com.rte 1.1.0.1 configuration script for Navio NC on ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1545 (Joe's Own Editor (joe) 2.8 sets the world-readable permission on its ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1544 (Buffer overflow in FTP server in Microsoft IIS 3.0 and 4.0 allows ...)
	NOT-FOR-US: Microsoft
CVE-1999-1543 (MacOS uses weak encryption for passwords that are stored in the Users ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1541 (shell-lock in Cactus Software Shell Lock allows local users to read or ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1540 (shell-lock in Cactus Software Shell Lock uses weak encryption (trivial ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1539 (Buffer overflow in FTP server in QPC Software's QVT/Term Plus versions ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1538 (When IIS 2 or 3 is upgraded to IIS 4, ism.dll is inadvertently left in ...)
	NOT-FOR-US: Microsoft
CVE-1999-1536 (.sbstart startup script in AcuShop Salesbuilder is world writable, ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1534 (Buffer overflow in (1) nlservd and (2) rnavc in Knox Software Arkeia ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1533 (Eicon Technology Diva LAN ISDN modem allows a remote attacker to cause ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1532 (Netscape Messaging Server 3.54, 3.55, and 3.6 allows a remote attacker ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1529 (A buffer overflow exists in the HELO command in Trend Micro ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1528 (ProSoft Netware Client 5.12 on Macintosh MacOS 9 does not ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1527 (Internal HTTP server in Sun Netbeans Java IDE in Netbeans Developer ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1526 (Auto-update feature of Macromedia Shockwave 7 transmits a user's ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1525 (Macromedia Shockwave before 6.0 allows a malicious webmaster to read a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1524 (FlowPoint DSL router firmware versions prior to 3.0.8 allows a remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1523 (Buffer overflow in Sambar Web Server 4.2.1 allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1522 (Vulnerability in htmlparse.pike in Roxen Web Server 1.3.11 and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1521 (Computalynx CMail 2.4 and CMail 2.3 SP2 SMTP servers are vulnerable to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1519 (Gene6 G6 FTP Server 2.0 allows a remote attacker to cause a denial of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1518 (Operating systems with shared memory implementations based on BSD 4.4 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1517 (runtar in the Amanda backup system used in various UNIX operating ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1516 (A buffer overflow in TenFour TFS Gateway SMTP mail server 3.2 allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1515 (A non-default configuration in TenFour TFS Gateway 4.0 allows an ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1514 (Buffer overflow in Celtech ExpressFS FTP server 2.x allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1513 (Management information base (MIB) for a 3Com SuperStack II hub running ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1511 (Buffer overflows in Xtramail 1.11 allow attackers to cause a denial of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1510 (Buffer overflows in Bisonware FTP server prior to 4.1 allow remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1509 (Directory traversal vulnerability in Etype Eserv 2.50 web server ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1508 (Web server in Tektronix PhaserLink Printer 840.0 and earlier allows a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1506 (Vulnerability in SMI Sendmail 4.0 and earlier, on SunOS up to 4.0.3, ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1505 (Buffer overflow in QuakeWorld 2.10 allows remote attackers to cause a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1504 (Stalker Internet Mail Server 1.6 allows a remote attacker to cause a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1503 (Network Flight Recorder (NFR) 1.5 and 1.6 allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1502 (Buffer overflows in Quake 1.9 client allows remote malicious servers ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1501 ((1) ipxchk and (2) ipxlink in SGI OS2 IRIX 6.3 does not properly clear ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1500 (Internet Anywhere POP3 Mail Server 2.3.1 allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1499 (named in ISC BIND 4.9 and 8.1 allows local users to destroy files via ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1498 (Slackware Linux 3.4 pkgtool allows local attacker to read and write to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1497 (Ipswitch IMail 5.0 and 6.0 uses weak encryption to store passwords in ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1496 (Sudo 1.5 in Debian Linux 2.1 and Red Hat 6.0 allows local users to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1495 (xtvscreen in SuSE Linux 6.0 allows local users to overwrite arbitrary ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1493 (Vulnerability in crp in Hewlett Packard Apollo Domain OS SR10 through ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1492 (Vulnerability in (1) diskperf and (2) diskalign in IRIX 6.4 allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1491 (abuse.console in Red Hat 2.1 uses relative pathnames to find and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1489 (Buffer overflow in TestChip function in XFree86 SuperProbe in ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1487 (Vulnerability in digest in AIX 4.3 allows printq users to gain root ...)
	NOT-FOR-US: AIX
CVE-1999-1485 (nsd in IRIX 6.5 through 6.5.2 exports a virtual filesystem on a UDP ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1484 (Buffer overflow in MSN Setup BBS 4.71.0.10 ActiveX control ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1483 (Buffer overflow in zgv in svgalib 1.2.10 and earlier allows local ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1482 (SVGAlib zgv 3.0-7 and earlier allows local users to gain root access ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1480 ((1) acledit and (2) aclput in AIX 4.3 allow local users to create or ...)
	NOT-FOR-US: AIX
CVE-1999-1479 (The textcounter.pl by Matt Wright allows remote attackers to execute ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1477 (Buffer overflow in GNOME libraries 1.0.8 allows local user to gain ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1475 (ProFTPd 1.2 compiled with the mod_sqlpw module records user passwords ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1474 (PowerPoint 95 and 97 allows remote attackers to cause an application ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1471 (Buffer overflow in passwd in BSD based operating systems 4.3 and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1470 (Eastman Work Management 3.21 stores passwords in cleartext in the ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1469 (Buffer overflow in w3-auth CGI program in miniSQL package allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1467 (Vulnerability in rcp on SunOS 4.0.x allows remote attackers from ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1466 (Vulnerability in Cisco routers versions 8.2 through 9.1 allows remote ...)
	NOT-FOR-US: Cisco
CVE-1999-1465 (Vulnerability in Cisco IOS 11.1 through 11.3 with distributed fast ...)
	NOT-FOR-US: Cisco
CVE-1999-1464 (Vulnerability in Cisco IOS 11.1CC and 11.1CT with distributed fast ...)
	NOT-FOR-US: Cisco
CVE-1999-1463 (Windows NT 4.0 before SP3 allows remote attackers to bypass firewall ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1462 (Vulnerability in bb-hist.sh CGI History module in Big Brother 1.09b ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1461 (inpview in InPerson on IRIX 5.3 through IRIX 6.5.10 trusts the PATH ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1460 (BMC PATROL SNMP Agent before 3.2.07 allows local users to create ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1459 (BMC PATROL Agent before 3.2.07 allows local users to gain root ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1458 (Buffer overflow in at program in Digital UNIX 4.0 allows local users ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1457 (Buffer overflow in thttpd HTTP server before 2.04-31 allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1454 (Macromedia &quot;The Matrix&quot; screen saver on Windows 95 with the &quot;Password ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1453 (Internet Explorer 4 allows remote attackers (malicious web site ...)
	NOT-FOR-US: Microsoft
CVE-1999-1451 (The Winmsdp.exe sample file in IIS 4.0 and Site Server 3.0 allows ...)
	NOT-FOR-US: Microsoft
CVE-1999-1450 (Vulnerability in (1) rlogin daemon rshd and (2) scheme on SCO UNIX ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1449 (SunOS 4.1.4 on a Sparc 20 machine allows local users to cause a denial ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1448 (Eudora and Eudora Light before 3.05 allows remote attackers to cause a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1447 (Internet Explorer 4.0 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Microsoft
CVE-1999-1446 (Internet Explorer 3 records a history of all URL's that are visited by ...)
	NOT-FOR-US: Microsoft
CVE-1999-1445 (Vulnerability in imapd and ipop3d in Slackware 3.4 and 3.3 with ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1444 (genkey utility in Alibaba 2.0 generates RSA key pairs with an exponent ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1443 (Micah Software Full Armor Network Configurator and Zero Administration ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1442 (Bug in AMD K6 processor on Linux 2.0.x and 2.1.x kernels allows local ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1441 (Linux 2.0.34 does not properly prevent users from sending SIGIO ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1440 (Win32 ICQ 98a 1.30, and possibly other versions, does not display the ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1439 (gcc 2.7.2 allows local users to overwrite arbitrary files via a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1438 (Vulnerability in /bin/mail in SunOS 4.1.1 and earlier allows local ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1436 (Ray Chan WWW Authorization Gateway 0.1 CGI program allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1435 (Buffer overflow in libsocks5 library of Socks 5 (socks5) 1.0r5 allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1434 (login in Slackware Linux 3.2 through 3.5 does not properly check for ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1431 (ZAK in Appstation mode allows users to bypass the &quot;Run only allowed ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1430 (PIM software for Royal daVinci does not properly password-protext ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1429 (DIT TransferPro installs devices with world-readable and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1428 (Solaris Solstice AdminSuite (AdminSuite) 2.1 and 2.2 allows local ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1427 (Solaris Solstice AdminSuite (AdminSuite) 2.1 and 2.2 create lock files ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1426 (Solaris Solstice AdminSuite (AdminSuite) 2.1 follows symbolic links ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1425 (Solaris Solstice AdminSuite (AdminSuite) 2.1 incorrectly sets write ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1424 (Solaris Solstice AdminSuite (AdminSuite) 2.1 uses unsafe permissions ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1422 (The default configuration of Slackware 3.4, and possibly other ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1421 (NBase switches NH208 and NH215 run a TFTP server which allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1420 (NBase switches NH2012, NH2012R, NH2015, and NH2048 have a back door ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1418 (ICQ99 ICQ web server build 1701 with &quot;Active Homepage&quot; enabled ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1417 (Format string vulnerability in AnswerBook2 (AB2) web server dwhttpd ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1416 (AnswerBook2 (AB2) web server dwhttpd 3.1a4 allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1415 (Vulnerability in /usr/bin/mail in DEC ULTRIX before 4.2 allows local ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1413 (Solaris 2.4 before kernel jumbo patch -35 allows set-gid programs to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1412 (A possible interaction between Apple MacOS X release 1.0 and Apache ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1410 (addnetpr in IRIX 5.3 and 6.2 allows local users to overwrite arbitrary ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1408 (Vulnerability in AIX 4.1.4 and HP-UX 10.01 and 9.05 allows local users ...)
	NOT-FOR-US: AIX
CVE-1999-1406 (dumpreg in Red Hat Linux 5.1 opens /dev/mem with O_RDWR access, which ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1405 (snap command in AIX before 4.3.2 creates the /tmp/ibmsupt directory ...)
	NOT-FOR-US: AIX
CVE-1999-1404 (IBM/Tivoli OPC Tracker Agent version 2 release 1 allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1403 (IBM/Tivoli OPC Tracker Agent version 2 release 1 creates files, ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1401 (Vulnerability in Desktop searchbook program in IRIX 5.0.x through 6.2 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1400 (The Economist screen saver 1999 with the &quot;Password Protected&quot; option ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1399 (spaceball program in SpaceWare 7.3 v1.0 in IRIX 6.2 allows local users ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1398 (Vulnerability in xfsdump in SGI IRIX may allow local users to obtain ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1396 (Vulnerability in integer multiplication emulation code on SPARC ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1395 (Vulnerability in Monitor utility (SYS$SHARE:SPISHR.EXE) in VMS 5.0 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1394 (BSD 4.4 based operating systems, when running at security level 1, ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1393 (Control Panel &quot;Password Security&quot; option for Apple Powerbooks allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1392 (Vulnerability in restore0.9 installation script in NeXT 1.0a and 1.0 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1391 (Vulnerability in NeXT 1.0a and 1.0 with publicly accessible printers ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1390 (suidexec in suidmanager 0.18 on Debian 2.0 allows local users to gain ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1389 (US Robotics/3Com Total Control Chassis with Frame Relay between 3.6.22 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1388 (passwd in SunOS 4.1.x allows local users to overwrite arbitrary files ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1387 (Windows NT 4.0 SP2 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1383 ((1) bash before 1.14.7, and (2) tcsh 6.05 allow local users to gain ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1381 (Buffer overflow in dbadmin CGI program 1.0.1 on Linux allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1378 (dbmlparser.exe CGI guestbook program does not perform a chroot ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1377 (Matt Wright's download.cgi 1.0 allows remote attackers to read ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1376 (Buffer overflow in fpcount.exe in IIS 4.0 with FrontPage Server ...)
	NOT-FOR-US: Microsoft
CVE-1999-1375 (FileSystemObject (FSO) in the showfile.asp Active Server Page (ASP) ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1374 (perlshop.cgi shopping cart program stores sensitive customer ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1373 (FORE PowerHub before 5.0.1 allows remote attackers to cause a denial ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1372 (Triactive Remote Manager with Basic authentication enabled stores the ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1371 (Buffer overflow in /usr/bin/write in Solaris 2.6 and 7 allows local ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1370 (The setup wizard (ie5setup.exe) for Internet Explorer 5.0 disables (1) ...)
	NOT-FOR-US: Microsoft
CVE-1999-1369 (Real Media RealServer (rmserver) 6.0.3.353 stores a password in ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1368 (AV Option for MS Exchange Server option for InoculateIT 4.53, and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1367 (Internet Explorer 5.0 does not properly reset the username/password ...)
	NOT-FOR-US: Microsoft
CVE-1999-1366 (Pegasus e-mail client 3.0 and earlier uses weak encryption to store ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1364 (Windows NT 4.0 allows local users to cause a denial of service (crash) ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1361 (Windows NT 3.51 and 4.0 running WINS (Windows Internet Name Service) ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1357 (Netscape Communicator 4.04 through 4.7 (and possibly other versions) ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1355 (BMC Patrol component, when installed with Compaq Insight Management ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1354 (E-mail client in Softarc FirstClass Internet Server 5.506 and earlier ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1353 (Nosque MsgCore 2.14 stores passwords in cleartext: (1) the ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1352 (mknod in Linux 2.2 follows symbolic links, which could allow local ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1350 (ARCAD Systemhaus 0.078-5 installs critical programs and files with ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1349 (NFS daemon (nfsd.exe) for Omni-NFS/X 6.1 allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1348 (Linuxconf on Red Hat Linux 6.0 and earlier does not properly disable ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1347 (Xsession in Red Hat Linux 6.1 and earlier can allow local users with ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1346 (PAM configuration file for rlogin in Red Hat Linux 6.1 and earlier ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1345 (Auto_FTP.pl script in Auto_FTP 0.2 uses the /tmp/ftp_tmp as a shared ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1344 (Auto_FTP.pl script in Auto_FTP 0.2 stores usernames and passwords in ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1343 (HTTP server for Xerox DocuColor 4 LP allows remote attackers to cause ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1342 (ICQ ActiveList Server allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1340 (Buffer overflow in faxalter in hylafax 4.0.2 allows local users to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1338 (Delegate proxy 5.9.3 and earlier creates files and directories in the ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1334 (Multiple buffer overflows in filter command in Elm 2.4 allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1323 (Norton AntiVirus for Internet Email Gateways (NAVIEG) 1.0.1.7 and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1322 (The installation of 1ArcServe Backup and Inoculan AV client modules ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1319 (Vulnerability in object server program in SGI IRIX 5.2 through 6.1 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1315 (Vulnerabilities in DECnet/OSI for OpenVMS before 5.8 on DEC Alpha AXP ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1314 (Vulnerability in union file system in FreeBSD 2.2 and earlier, and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1313 (Manual page reader (man) in FreeBSD 2.2 and earlier allows local users ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1312 (Vulnerability in DEC OpenVMS VAX 5.5-2 through 5.0, and OpenVMS AXP ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1311 (Vulnerability in dtlogin and dtsession in HP-UX 10.20 and 10.10 allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1310
	REJECTED
CVE-1999-1308 (Certain programs in HP-UX 10.20 do not properly handle large user IDs ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1307 (Vulnerability in urestore in Novell UnixWare 1.1 allows local users to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1306 (Cisco IOS 9.1 and earlier does not properly handle extended IP access ...)
	NOT-FOR-US: Cisco
CVE-1999-1305 (Vulnerability in &quot;at&quot; program in SCO UNIX 4.2 and earlier allows local ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1304 (Vulnerability in login in SCO UNIX 4.2 and earlier allows local users ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1303 (Vulnerability in prwarn in SCO UNIX 4.2 and earlier allows local users ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1302 (Unspecified vulnerability in pt_chmod in SCO UNIX 4.2 and earlier ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1300 (Vulnerability in accton in Cray UNICOS 6.1 and 6.0 allows local users ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1299 (rcp on various Linux systems including Red Hat 4.0 allows a &quot;nobody&quot; ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1296 (Buffer overflow in Kerberos IV compatibility libraries as used in ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1295 (Transarc DCE Distributed File System (DFS) 1.1 for Solaris 2.4 and 2.5 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1293 (mod_proxy in Apache 1.2.5 and earlier allows remote attackers to cause ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1292 (Buffer overflow in web administration feature of Kolban Webcam32 4.8.3 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1291 (TCP/IP implementation in Microsoft Windows 95, Windows NT 4.0, and ...)
	NOT-FOR-US: Microsoft
CVE-1999-1289 (ICQ 98 beta on Windows NT leaks the internal IP address of a client in ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1287 (Vulnerability in Analog 3.0 and earlier allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1286 (addnetpr in SGI IRIX 6.2 and earlier allows local users to modify ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1285 (Linux 2.1.132 and earlier allows local users to cause a denial of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1283 (Opera 3.2.1 allows remote attackers to cause a denial of service ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1282 (RealSystem G2 server stores the administrator password in cleartext in ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1281 (Development version of Breeze Network Server allows remote attackers ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1280 (Hummingbird Exceed 6.0.1.0 inadvertently includes a DLL that was meant ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1278 (nlog CGI scripts do not properly filter shell metacharacters from the ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1277 (BackWeb client stores the username and password in cleartext for proxy ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1275 (Lotus cc:Mail release 8 stores the postoffice password in plaintext in ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1274 (iPass RoamServer 3.1 creates temporary files with world-writable ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1273 (Squid Internet Object Cache 1.1.20 allows users to bypass access ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1272 (Buffer overflows in CDROM Confidence Test program (cdrom) allow local ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1271 (Macromedia Dreamweaver uses weak encryption to store FTP passwords, ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1270 (KMail in KDE 1.0 provides a PGP passphrase as a command line argument ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1269 (Screen savers in KDE beta 3 allows local users to overwrite arbitrary ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1268 (Vulnerability in KDE konsole allows local users to hijack or observe ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1267 (KDE file manager (kfm) uses a TCP server for certain file operations, ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1266 (rsh daemon (rshd) generates different error messages when a valid ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1265 (SMTP server in SLmail 3.1 and earlier allows remote attackers to cause ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1264 (WebRamp M3 router does not disable remote telnet or HTTP access to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1261 (Buffer overflow in Rainbow Six Multiplayer allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1260 (mSQL (Mini SQL) 2.0.6 allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1257 (Xyplex terminal server 6.0.1S1, and possibly other versions, allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1256 (Oracle Database Assistant 1.0 in Oracle 8.0.3 Enterprise Edition ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1255 (Hyperseek allows remote attackers to modify the hyperseek ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1254 (Windows 95, 98, and NT 4.0 allow remote attackers to cause a denial of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1253 (Vulnerability in a kernel error handling routine in SCO OpenServer ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1252 (Vulnerability in a certain system call in SCO UnixWare 2.0.x and 2.1.0 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1251 (Vulnerability in direct audio user space code on HP-UX 10.20 and 10.10 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1250 (Vulnerability in CGI program in the Lasso application by Blue World, ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1248 (Vulnerability in Support Watch (aka SupportWatch) in HP-UX 8.0 through ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1247 (Vulnerability in HP Camera component of HP DCE/9000 in HP-UX 9.x ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1245 (vacm ucd-snmp SNMP server, version 3.52, does not properly disable ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1244 (IPFilter 3.2.3 through 3.2.10 allows local users to modify arbitrary ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1242 (Vulnerability in subnetconfig in HP-UX 9.01 and 9.0 allows local users ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1241 (Internet Explorer, with a security setting below Medium, allows remote ...)
	NOT-FOR-US: Microsoft
CVE-1999-1240 (Buffer overflow in cddbd CD database server allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1239 (HP-UX 9.x does not properly enable the Xauthority mechanism in certain ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1238 (Vulnerability in CORE-DIAG fileset in HP message catalog in HP-UX 9.05 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1237 (Multiple buffer overflows in smbvalid/smbval SMB authentication ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1236 (Internet Anywhere Mail Server 2.3.1 stores passwords in plaintext in ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1235 (Internet Explorer 5.0 records the username and password for FTP ...)
	NOT-FOR-US: Microsoft
CVE-1999-1234 (LSA (LSASS.EXE) in Windows NT 4.0 allows remote attackers to cause a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1232 (Untrusted search path vulnerability in day5datacopier in SGI IRIX 6.2 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1231 (ssh 2.0.12, and possibly other versions, allows valid user names to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1230 (Quake 2 server allows remote attackers to cause a denial of service ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1229 (Quake 2 server 3.13 on Linux does not properly check file permissions ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1228 (Various modems that do not implement a guard time, or are configured ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1227 (Ethereal allows local users to overwrite arbitrary files via a symlink ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1225 (rpc.mountd on Linux, Ultrix, and possibly other operating systems, ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1224 (IMAP 4.1 BETA, and possibly other versions, does not properly handle ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1221 (dxchpwd in Digital Unix (OSF/1) 3.x allows local users to modify ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1220 (Majordomo 1.94.3 and earlier allows remote attackers to execute ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1219 (Vulnerability in sgihelp in the SGI help system and print manager in ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1218 (Vulnerability in finger in Commodore Amiga UNIX 2.1p2a and earlier ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1216 (Cisco routers 9.17 and earlier allow remote attackers to bypass ...)
	NOT-FOR-US: Cisco
CVE-1999-1213 (Vulnerability in telnet service in HP-UX 10.30 allows attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1212 (Vulnerability in in.rlogind in SunOS 4.0.3 and 4.0.3c allows local ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1211 (Vulnerability in in.telnetd in SunOS 4.1.1 and earlier allows local ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1210 (xterm in Digital UNIX 4.0B *with* patch kit 5 allows local users to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1207 (Buffer overflow in web-admin tool in NetXRay 2.6 allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1206 (SystemSoft SystemWizard package in HP Pavilion PC with Windows 98, and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1202 (StarTech (1) POP3 proxy server and (2) telnet server allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1200 (Vintra SMTP MailServer allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1196 (Hummingbird Exceed X version 5 allows remote attackers to cause a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1195 (NAI VirusScan NT 4.0.2 does not properly modify the scan.dat virus ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1190 (Buffer overflow in POP3 server of Admiral Systems EmailClub 1.05 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1187 (Pine before version 3.94 allows local users to gain privileges via a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1186 (rxvt, when compiled with the PRINT_PIPE option in various Linux ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1185 (Buffer overflow in SCO mscreen allows local users to gain root ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1184 (Buffer overflow in Elm 2.4 and earlier allows local users to gain ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1183 (System Manager sysmgr GUI in SGI IRIX 6.4 and 6.3 allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1182 (Buffer overflow in run-time linkers (1) ld.so or (2) ld-linux.so for ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1180 (O'Reilly WebSite 1.1e and Website Pro 2.0 allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1179 (Vulnerability in man.sh CGI script, included in May 1998 issue of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1178 (Sambar Server 4.1 beta allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1176 (Buffer overflow in cidentd ident daemon allows local users to gain ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1174 (ZIP drive for Iomega ZIP-100 disks allows attackers with physical ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1173 (Corel Word Perfect 8 for Linux creates a temporary working directory ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1172 (By design, Maximizer Enterprise 4 calendar and address book program ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1171 (IPswitch WS_FTP allows local users to gain additional privileges and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1170 (IPswitch IMail allows local users to gain additional privileges and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1169 (nobo 1.2 allows remote attackers to cause a denial of service (crash) ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1168 (install.iss installation script for Internet Security Scanner (ISS) ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1166 (Linux 2.0.37 does not properly encode the Custom segment limit, which ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1165 (GNU fingerd 1.37 does not properly drop privileges before accessing ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1164 (Microsoft Outlook client allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Microsoft
CVE-1999-1158 (Buffer overflow in (1) pluggable authentication module (PAM) on ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1155 (LakeWeb Mail List CGI script allows remote attackers to execute ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1154 (LakeWeb Filemail CGI script allows remote attackers to execute ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1153 (HAMcards Postcard CGI script 1.0 allows remote attackers to execute ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1152 (Compaq/Microcom 6000 Access Integrator does not disconnect a client ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1151 (Compaq/Microcom 6000 Access Integrator does not cause a session ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1150 (Livingston Portmaster routers running ComOS use the same initial ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1149 (Buffer overflow in CSM Proxy 4.1 allows remote attackers to cause a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1141 (Ascom Timeplex router allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1135 (Vulnerability in VUE 3.0 in HP 9.x allows local users to gain root ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1134 (Vulnerability in Vue 3.0 in HP 9.x allows local users to gain root ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1133 (HP-UX 9.x and 10.x running X windows may allow local attackers to gain ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1130 (Default configuration of the search engine in Netscape Enterprise ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1129 (Cisco Catalyst 2900 Virtual LAN (VLAN) switches allow remote attackers ...)
	NOT-FOR-US: Cisco
CVE-1999-1128 (Internet Explorer 3.01 on Windows 95 allows remote malicious web sites ...)
	NOT-FOR-US: Microsoft
CVE-1999-1126 (Cisco Resource Manager (CRM) 1.1 and earlier creates certain files ...)
	NOT-FOR-US: Cisco
CVE-1999-1125 (Oracle Webserver 2.1 and earlier runs setuid root, but the ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1124 (HTTP Client application in ColdFusion allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1123 (The installation of Sun Source (sunsrc) tapes allows local users to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1113 (Buffer overflow in Eudora Internet Mail Server (EIMS) 2.01 and earlier ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1112 (Buffer overflow in IrfanView32 3.07 and earlier allows attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1110 (Windows Media Player ActiveX object as used in Internet Explorer 5.0 ...)
	NOT-FOR-US: Microsoft
CVE-1999-1108
	REJECTED
CVE-1999-1107 (Buffer overflow in kppp in KDE allows local users to gain root access ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1106 (Buffer overflow in kppp in KDE allows local users to gain root access ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1101 (Kabsoftware Lydia utility uses weak encryption to store user passwords ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1097 (Microsoft NetMeeting 2.1 allows one client to read the contents of ...)
	NOT-FOR-US: Microsoft
CVE-1999-1096 (Buffer overflow in kscreensaver in KDE klock allows local users to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1095 (sort creates temporary files and follows symbolic links, which allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1092 (tin 1.40 creates the .tin directory with insecure permissions, which ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1091 (UNIX news readers tin and rtin create the /tmp/.tin_log file with ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1089 (Buffer overflow in chfn command in HP-UX 9.X through 10.20 allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1088 (Vulnerability in chsh command in HP-UX 9.X through 10.20 allows local ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1086 (Novell 5 and earlier, when running over IPX with a packet signature ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1084 (The &quot;AEDebug&quot; registry key is installed with insecure permissions, ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1083 (Directory traversal vulnerability in Jana proxy web server 1.45 allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1082 (Directory traversal vulnerability in Jana proxy web server 1.40 allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1081 (Vulnerability in files.pl script in Novell WebServer Examples Toolkit ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1079 (Vulnerability in ptrace in AIX 4.3 allows local users to gain ...)
	NOT-FOR-US: AIX
CVE-1999-1078 (WS_FTP Pro 6.0 uses weak encryption for passwords in its ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1077 (Idle locking function in MacOS 9 allows local attackers to bypass the ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1076 (Idle locking function in MacOS 9 allows local users to bypass the ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1075 (inetd in AIX 4.1.5 dynamically assigns a port N when starting ...)
	NOT-FOR-US: AIX
CVE-1999-1073 (Excite for Web Servers (EWS) 1.1 records the first two characters of a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1072 (Excite for Web Servers (EWS) 1.1 allows local users to gain privileges ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1071 (Excite for Web Servers (EWS) 1.1 installs the Architext.conf ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1070 (Buffer overflow in ping CGI program in Xylogics Annex terminal service ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1069 (Directory traversal vulnerability in carbo.dll in iCat Carbo Server ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1068 (Oracle Webserver 2.1, when serving PL/SQL stored procedures, allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1067 (SGI MachineInfo CGI program, installed by default on some web servers, ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1066 (Quake 1 server responds to an initial UDP game connection request with ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1065 (Palm Pilot HotSync Manager 3.0.4 in Windows 98 allows remote attackers ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1064 (Multiple buffer overflows in WindowMaker 0.52 through 0.60.0 allow ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1063 (CDomain whois_raw.cgi whois CGI script allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1062 (HP Laserjet printers with JetDirect cards, when configured with ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1061 (HP Laserjet printers with JetDirect cards, when configured with ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1060 (Buffer overflow in Tetrix TetriNet daemon 1.13.16 allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1058 (Buffer overflow in Vermillion FTP Daemon VFTPD 1.23 allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1056
	REJECTED
CVE-1999-1054 (The default configuration of FLEXlm license manager 6.0d, and possibly ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1053 (guestbook.pl cleanses user-inserted SSI commands by removing text ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1052 (Microsoft FrontPage stores form results in a default location in ...)
	NOT-FOR-US: Microsoft
CVE-1999-1051 (Default configuration in Matt Wright FormHandler.cgi script allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1050 (Directory traversal vulnerability in Matt Wright FormHandler.cgi ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1049 (ARCserve NT agents use weak encryption (XOR) for passwords, which ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1046 (Buffer overflow in IMonitor in IMail 5.0 allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1043 (Microsoft Exchange Server 5.5 and 5.0 does not properly handle (1) ...)
	NOT-FOR-US: Microsoft
CVE-1999-1042 (Cisco Resource Manager (CRM) 1.0 and 1.1 creates world-readable log ...)
	NOT-FOR-US: Cisco
CVE-1999-1041 (Buffer overflow in mscreen on SCO OpenServer 5.0 and SCO UNIX 3.2v4 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1040 (Vulnerabilities in (1) ipxchk and (2) ipxlink in NetWare Client 1.0 on ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1039 (Vulnerability in (1) diskalign and (2) diskperf in IRIX 6.4 patches ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1038 (Tiger 2.2.3 allows local users to overwrite arbitrary files via a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1036 (COPS 1.04 allows local users to overwrite or create arbitrary files ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1033 (Microsoft Outlook Express before 4.72.3612.1700 allows a malicious ...)
	NOT-FOR-US: Microsoft
CVE-1999-1031 (counter.exe 2.70 allows a remote attacker to cause a denial of service ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1030 (counter.exe 2.70 allows a remote attacker to cause a denial of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1029 (SSH server (sshd2) before 2.0.12 does not properly record login ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1026 (aspppd on Solaris 2.5 x86 allows local users to modify arbitrary files ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1025 (CDE screen lock program (screenlock) on Solaris 2.6 does not properly ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1024 (ip_print procedure in Tcpdump 3.4a allows remote attackers to cause a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1023 (useradd in Solaris 7.0 does not properly interpret certain date ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1022 (serial_ports administrative program in IRIX 4.x and 5.x trusts the ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1020 (The installation of Novell Netware NDS 5.99 provides an ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1018 (IPChains in Linux kernels 2.2.10 and earlier does not reassemble IP ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1017 (Seattle Labs Emurl 2.0, and possibly earlier versions, stores e-mail ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1016 (Microsoft HTML control as used in (1) Internet Explorer 5.0, (2) ...)
	NOT-FOR-US: Microsoft
CVE-1999-1015 (Buffer overflow in Apple AppleShare Mail Server 5.0.3 on MacOS 8.1 and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1013 (named-xfer in AIX 4.1.5 and 4.2.1 allows members of the system group ...)
	NOT-FOR-US: AIX
CVE-1999-1012 (SMTP component of Lotus Domino 4.6.1 on AS/400, and possibly other ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1009 (The Disney Go Express Search allows remote attackers to access and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1006 (Groupwise web server GWWEB.EXE allows remote attackers to determine ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1003 (War FTP Daemon 1.70 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1002 (Netscape Navigator uses weak encryption for storing a user's Netscape ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0993 (Modifications to ACLs (Access Control Lists) in Microsoft Exchange  ...)
	NOT-FOR-US: Microsoft
CVE-1999-0990 (Error messages generated by gdm with the VerboseAuth setting allows an ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0988 (UnixWare pkgtrans allows local users to read arbitrary files via a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0985 (CC Whois program whois.cgi allows remote attackers to execute commands ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0984 (Matt's Whois program whois.cgi allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0983 (Whois Internic Lookup program whois.cgi allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0970 (The OmniHTTPD visadmin.exe program allows a remote attacker to conduct ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0952 (Buffer overflow in Solaris lpstat via class argument allows local ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0949 (Buffer overflow in canuum program for Canna input system allows local ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0948 (Buffer overflow in uum program for Canna input system allows local ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0944 (IBM WebSphere ikeyman tool uses weak encryption to store ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0941 (Mutt mail client allows a remote attacker to execute commands via ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0929 (Novell NetWare with Novell-HTTP-Server or YAWN web servers allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0926 (Apache allows remote attackers to conduct a denial of service via a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0925 (UnityMail allows remote attackers to conduct a denial of service via a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0923 (Sample runnable code snippets in ColdFusion Server 4.0 allow remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0919 (A memory leak in a Motorola CableRouter allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0913 (dfire.cgi script in Dragon-Fire IDS allows remote users to execute ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0911 (Buffer overflow in ProFTPD, wu-ftpd, and beroftpd allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0910 (Microsoft Site Server and Commercial Internet System (MCIS) do not set ...)
	NOT-FOR-US: Microsoft
CVE-1999-0885 (Alibaba web server allows remote attackers to execute commands via a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0882 (Falcon web server allows remote attackers to determine the absolute ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0872 (Buffer overflow in Vixie cron allows local users to gain root access ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0863 (Buffer overflow in FreeBSD seyon via HOME environmental variable, ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0862 (Insecure directory permissions in RPM distribution for PostgreSQL ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0860 (Solaris chkperm allows local users to read files owned by bin via ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0857 (FreeBSD gdc program allows local users to modify files via a symlink ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0855 (Buffer overflow in FreeBSD gdc program. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0852 (IBM WebSphere sets permissions that allow a local user to modify a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0850 (The default permissions for Endymion MailMan allow local users to read ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0846 (Denial of service in MDaemon 2.7 via a large number of connection ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0845 (Buffer overflow in SCO su program allows local users to gain root ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0844 (Denial of service in MDaemon WorldClient and WebConfig services via ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0843 (Denial of service in Cisco routers running NAT via a PORT command from ...)
	NOT-FOR-US: Cisco
CVE-1999-0841 (Buffer overflow in CDE mailtool allows local users to gain root ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0840 (Buffer overflow in CDE dtmail and dtmailpr programs allows local users ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0830 (Buffer overflow in SCO UnixWare Xsco command via a long argument. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0829 (HP Secure Web Console uses weak encryption. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0828 (UnixWare pkg commands such as pkginfo, pkgcat, and pkgparam ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0827 (By default, Internet Explorer 5.0 and other versions enables the ...)
	NOT-FOR-US: Microsoft
CVE-1999-0825 (The default permissions for UnixWare /var/mail allow local users to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0822 (Buffer overflow in Qpopper (qpop) 3.0 allows remote root access via ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0821 (FreeBSD seyon allows local users to gain privileges by providing a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0818 (Buffer overflow in Solaris kcms_configure via a long NETPATH ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0816 (The Motorola CableRouter allows any remote user to connect to and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0808 (Multiple buffer overflows in ISC DHCP Distribution server (dhcpd) 1.0 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0805 (Novell NetWare Transaction Tracking System (TTS) in Novell 4.11 and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0798 (Buffer overflow in bootpd on OpenBSD, FreeBSD, and Linux systems via ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0795 (The NIS+ rpc.nisd server allows remote attackers to execute certain ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0792 (ROUTERmate has a default SNMP community name which allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0784 (Denial of service in Oracle TNSLSNR SQL*Net Listener via a malformed ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0776 (Alibaba HTTP server allows remote attackers to read files via a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0767 (Buffer overflow in Solaris libc, ufsrestore, and rcp via LC_MESSAGES ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0757 (The ColdFusion CFCRYPT program for encrypting CFML templates has weak ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0750 (Hotmail allows Javascript to be executed via the HTML STYLE tag, ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0748 (Buffer overflows in Red Hat net-tools package. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0741 (QMS CrownNet Unix Utilities for 2060 allows root to log on without a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0739 (The codebrws.asp sample file in IIS and Site Server allows remote ...)
	NOT-FOR-US: Microsoft
CVE-1999-0738 (The code.asp sample file in IIS and Site Server allows remote ...)
	NOT-FOR-US: Microsoft
CVE-1999-0737 (The viewcode.asp sample file in IIS and Site Server allows remote ...)
	NOT-FOR-US: Microsoft
CVE-1999-0736 (The showcode.asp sample file in IIS and Site Server allows remote ...)
	NOT-FOR-US: Microsoft
CVE-1999-0712 (A vulnerability in Caldera Open Administration System (COAS) allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0698 (Denial of service in IP protocol logger (ippl) on Red Hat and Debian ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0684 (Denial of service in Sendmail 8.8.6 in HPUX. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0677 (The WebRamp web administration utility has a default password. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0673 (Buffer overflow in ALMail32 POP3 client via From: or To: headers. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0670 (Buffer overflow in the Eyedog ActiveX control allows a remote attacker ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0669 (The Eyedog ActiveX control is marked as &quot;safe for scripting&quot; for ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0667 (The ARP protocol allows any host to spoof ARP replies and poison the ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0665 (An application-critical Windows NT registry key has an inappropriate ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0664 (An application-critical Windows NT registry key has inappropriate ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0663 (A system-critical program, library, or file has a checksum or other ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0662 (A system-critical program or library does not have the appropriate ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0661 (A system is running a version of software that was replaced with a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0660
	REJECTED
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0659
	REJECTED
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0658
	REJECTED
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0657 (WinGate is being used. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0656 (The ugidd RPC interface, by design, allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0655
	REJECTED
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0654 (The OS/2 or POSIX subsystem in NT is enabled. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0653 (A component service related to NIS+ is running. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0652
	REJECTED
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0651 (The rsh/rlogin service is running. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0650 (The netstat service is running, which provides sensitive information ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0649
	REJECTED
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0648
	REJECTED
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0647
	REJECTED
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0646
	REJECTED
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0645
	REJECTED
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0644
	REJECTED
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0643
	REJECTED
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0642
	REJECTED
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0641 (The UUCP service is running. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0640 (The Gopher service is running. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0639 (The chargen service is running. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0638 (The daytime service is running. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0637 (The systat service is running. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0636 (The discard service is running. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0635 (The echo service is running. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0634
	REJECTED
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0633
	REJECTED
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0632 (The RPC portmapper service is running. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0631
	REJECTED
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0630 (The NT Alerter and Messenger services are running. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0629 (The ident/identd service is running. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0625 (The rpc.rquotad service is running. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0624 (The rstat/rstatd service is running. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0623
	REJECTED
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0622
	REJECTED
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0621
	REJECTED
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0620
	REJECTED
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0619
	REJECTED
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0618 (The rexec service is running. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0617
	REJECTED
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0616
	REJECTED
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0615
	REJECTED
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0614
	REJECTED
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0613 (The rpc.sprayd service is running. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0611 (A system-critical Windows NT registry key has an inappropriate value. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0610 (An incorrect configuration of the Webcart CGI program ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0609 (An incorrect configuration of the SoftCart CGI program ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0607 (quikstore.cgi in QuikStore shopping cart stores quikstore.cfg under ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0606 (An incorrect configuration of the EZMall 2000 shopping cart  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0605 (An incorrect configuration of the Order Form 1.0 shopping cart  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0604 (An incorrect configuration of the WebStore 1.0 shopping cart ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0603 (In Windows NT, an inappropriate user is a member of a group, ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0602 (A network intrusion detection system (IDS) does not properly ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0601 (A network intrusion detection system (IDS) does not properly handle ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0600 (A network intrusion detection system (IDS) does not verify the ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0599 (A network intrusion detection system (IDS) does not properly handle ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0598 (A network intrusion detection system (IDS) does not properly handle ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0597 (A Windows NT account policy does not forcibly disconnect remote users ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0596 (A Windows NT log file has an inappropriate maximum size or retention ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0595 (A Windows NT system does not clear the system page file during ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0594 (A Windows NT system does not restrict access to removable media drives ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0593 (The default setting for the Winlogon key entry ShutdownWithoutLogon in ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0592 (The Logon box of a Windows NT system displays the name of the last ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0591 (An event log in Windows NT has inappropriate access permissions. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0590 (A system does not present an appropriate legal message or warning to a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0589 (A system-critical Windows NT registry key has inappropriate ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0588 (A filter in a router or firewall allows unusual fragmented packets. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0587 (A WWW server is not running in a restricted file system, e.g. through ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0586 (A network service is running on a nonstandard port. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0585 (A Windows NT administrator account has the default name of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0584 (A Windows NT file system is not NTFS. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0583 (There is a one-way or two-way trust relationship between Windows NT ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0582 (A Windows NT account policy has inappropriate, security-critical ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0581 (The HKEY_CLASSES_ROOT key in a Windows NT system has inappropriate, ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0580 (The HKEY_LOCAL_MACHINE key in a Windows NT system has inappropriate, ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0579 (A Windows NT system's registry audit policy does not log an event ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0578 (A Windows NT system's registry audit policy does not log an event ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0577 (A Windows NT system's file audit policy does not log an event success ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0576 (A Windows NT system's file audit policy does not log an event success ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0575 (A Windows NT system's user audit policy does not log an event success ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0572 (.reg files are associated with the Windows NT registry editor ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0571 (A router's configuration service or management interface (such as a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0570 (Windows NT is not using a password filter utility, e.g. PASSFILT.DLL. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0569 (A URL for a WWW directory allows auto-indexing, which provides a list ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0568 (rpc.admind in Solaris is not running in a secure mode. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0565 (A Sendmail alias allows input to be piped to a program. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0564 (An attacker can force a printer to print arbitrary documents (e.g. if ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0562 (The registry in Windows NT can be accessed remotely by users who are ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0561 (IIS has the #exec function enabled for Server Side Include (SSI) files. ...)
	NOT-FOR-US: Microsoft
CVE-1999-0560 (A system-critical Windows NT file or directory has inappropriate ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0559 (A system-critical Unix file or directory has inappropriate ...)
	- webmin 1.160-1
CVE-1999-0556 (Two or more Unix accounts have the same UID. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0555 (A Unix account with a name other than &quot;root&quot; has UID 0, i.e. root ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0554 (NFS exports system-critical data to the world, e.g. / or a password ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0550 (A router's routing tables can be obtained from arbitrary hosts. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0549 (Windows NT automatically logs in an administrator upon rebooting. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0548 (A superfluous NFS server is running, but it is not importing or exporting ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0547 (An SSH server allows authentication through the .rhosts file. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0546 (The Windows NT guest account is enabled. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0541 (A password for accessing a WWW URL is guessable. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0539 (A trust relationship exists between two Unix hosts. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0537 (A configuration in a web browser such as Internet Explorer or Netscape ...)
	NOT-FOR-US: Microsoft
CVE-1999-0535 (A Windows NT account policy for passwords has inappropriate, ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0534 (A Windows NT user has inappropriate rights or privileges, e.g. Act as ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0533 (A DNS server allows inverse queries. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0532 (A DNS server allows zone transfers. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0531
	REJECTED
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0530 (A system is operating in &quot;promiscuous&quot; mode which allows it to perform ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0529 (A router or firewall forwards packets that claim to come from IANA ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0528 (A router or firewall forwards external packets that claim to come from ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0527 (The permissions for system-critical data in an anonymous FTP account ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0525 (IP traceroute is allowed from arbitrary hosts. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0524 (ICMP information such as (1) netmask and (2) timestamp is allowed from ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0523 (ICMP echo (ping) is allowed from arbitrary hosts. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0522 (The permissions for a system-critical NIS+ table (e.g. passwd) are ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0521 (An NIS domain name is easily guessable. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0520 (A system-critical NETBIOS/SMB share has inappropriate access control. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0519 (A NETBIOS/SMB share password is the default, null, or missing. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0518 (A NETBIOS/SMB share password is guessable. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0517 (An SNMP community name is the default (e.g. public), null, or ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0516 (An SNMP community name is guessable. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0515 (An unrestricted remote trust relationship for Unix systems has been ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0512 (A mail server is explicitly configured to allow SMTP mail relay, which ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0511 (IP forwarding is enabled on a machine which is not a router or ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0510 (A router or firewall allows source routed packets from arbitrary ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0509 (Perl, sh, csh, or other shell interpreters are installed in the ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0508 (An account on a router, firewall, or other network device has a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0507 (An account on a router, firewall, or other network device has a guessable ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0506 (A Windows NT domain user or administrator account has a default, null, ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0505 (A Windows NT domain user or administrator account has a guessable ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0504 (A Windows NT local user or administrator account has a default, null, ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0503 (A Windows NT local user or administrator account has a guessable ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0502 (A Unix account has a default, null, blank, or missing password. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0501 (A Unix account has a guessable password. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0499 (NETBIOS share information may be published through SNMP registry keys ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0498 (TFTP is not running in a restricted directory, allowing a remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0497 (Anonymous FTP is enabled. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0495 (A remote attacker can gain access to a file system using ..  (dot dot) ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0492 (The ffingerd 1.19 allows remote attackers to identify users on the ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0490 (MSHTML.DLL in Internet Explorer 5.0 allows a remote attacker to learn ...)
	NOT-FOR-US: Microsoft
CVE-1999-0489 (MSHTML.DLL in Internet Explorer 5.0 allows a remote attacker to paste ...)
	NOT-FOR-US: Microsoft
CVE-1999-0488 (Internet Explorer 4.0 and 5.0 allows a remote attacker to execute ...)
	NOT-FOR-US: Microsoft
CVE-1999-0486 (Denial of service in AOL Instant Messenger when a remote attacker ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0480 (Local attackers can conduct a denial of service in Midnight Commander ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0477 (The Expression Evaluator in the ColdFusion Application Server allows a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0476 (A weak encryption algorithm is used for passwords in SCO TermVision, ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0469 (Internet Explorer 5.0 allows window spoofing, allowing a remote ...)
	NOT-FOR-US: Microsoft
CVE-1999-0467 (The Webcom CGI Guestbook programs wguest.exe and rguest.exe allow a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0465 (Remote attackers can crash Lynx and Internet Explorer using an IMG tag ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0462 (suidperl in Linux Perl does not check the nosuid mount option on file ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0461 (Versions of rpcbind including Linux, IRIX, and Wietse Venema's rpcbind ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0460 (Buffer overflow in Linux autofs module through long directory names ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0459 (Local users can perform a denial of service in Alpha Linux, using MILO ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0455 (The Expression Evaluator sample application in ColdFusion allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0454 (A remote attacker can sometimes identify the operating system of a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0453 (An attacker can identify a CISCO device by sending a SYN packet to ...)
	NOT-FOR-US: Cisco
CVE-1999-0452 (A service or application has a backdoor password that was placed there ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0451 (Denial of service in Linux 2.0.36 allows local users to prevent ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0450 (In IIS, an attacker could determine a real path using a request for a ...)
	NOT-FOR-US: Microsoft
CVE-1999-0444 (Remote attackers can perform a denial of service in Windows machines ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0443 (Patrol management software allows a remote attacker to conduct a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0435 (MC/ServiceGuard and MC/LockManager in HP-UX allows local users to gain ...)
	NOT-FOR-US: HP-UX
CVE-1999-0434 (XFree86 xfs command is vulnerable to a symlink attack, allowing ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0431 (Linux 2.2.3 and earlier allow a remote attacker to perform an IP ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0427 (Eudora 4.1 allows remote attackers to perform a denial of service by ...)
	NOT-FOR-US: Eudora
CVE-1999-0426 (The default permissions of /dev/kmem in Linux versions before 2.0.36 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0419 (When the Microsoft SMTP service attempts to send a message to a server ...)
	NOT-FOR-US: Microsoft
CVE-1999-0418 (Denial of service in SMTP applications such as Sendmail, when a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0411 (Several startup scripts in SCO OpenServer Enterprise System v 5.0.4p, ...)
	NOT-FOR-US: SCO
CVE-1999-0406 (Digital Unix Networker program nsralist has a buffer overflow which ...)
	NOT-FOR-US: DEC UNIX
CVE-1999-0401 (A race condition in Linux 2.2.1 allows local users to read arbitrary ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0400 (Denial of service in Linux 2.2.0 running the ldd command on a core ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0399 (The DCC server command in the Mirc 5.5 client doesn't filter ...)
	NOT-FOR-US: Mirc
CVE-1999-0398 (In some instances of SSH 1.2.27 and 2.0.11 on Linux systems, SSH will ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0397 (The demo version of the Quakenbush NT Password Appraiser sends ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0394 (DPEC Online Courseware allows an attacker to change another user's ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0389 (Buffer overflow in the bootp server in the Debian Linux netstd ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0381 (super 3.11.6 and other versions have a buffer overflow in the syslog ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0370 (In Sun Solaris and SunOS, man and catman contain vulnerabilities ...)
	NOT-FOR-US: Sun
CVE-1999-0364 (Microsoft Access 97 stores a database password as plaintext in a ...)
	NOT-FOR-US: Microsoft
CVE-1999-0361 (NetWare version of LaserFiche stores usernames and passwords ...)
	NOT-FOR-US: NetWare
CVE-1999-0360 (MS Site Server 2.0 with IIS 4 can allow users to upload content, ...)
	NOT-FOR-US: Windows
CVE-1999-0359 (ptylogin in Unix systems allows users to perform a denial of service ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0356 (ControlIT v4.5 and earlier uses weak encryption to store ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0354 (Internet Explorer 4.x or 5.x with Word 97 allows arbitrary execution ...)
	NOT-FOR-US: Windows
CVE-1999-0352 (ControlIT 4.5 and earlier (aka Remotely Possible) has weak password ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0347 (Internet Explorer 4.01 allows remote attackers to read local files and ...)
	NOT-FOR-US: Windows
CVE-1999-0345 (Jolt ICMP attack causes a denial of service in Windows 95 and Windows ...)
	NOT-FOR-US: Windows
CVE-1999-0336 (Buffer overflow in mstm in HP-UX allows local users to gain root ...)
	NOT-FOR-US: HP
CVE-1999-0333 (HP OpenView Omniback allows remote execution of commands as root via ...)
	NOT-FOR-US: HP
CVE-1999-0331 (Buffer overflow in Internet Explorer 4.0(1). ...)
	NOT-FOR-US: Windows
CVE-1999-0330 (Linux bdash game has a buffer overflow that allows local users to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0319 (Buffer overflow in xmcd 2.1 allows local users to gain access ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0317 (Buffer overflow in Linux su command gives root access to local ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0307 (Buffer overflow in HP-UX cstm program allows local users to gain ...)
	NOT-FOR-US: HP
CVE-1999-0306 (buffer overflow in HP xlock program. ...)
	NOT-FOR-US: HP
CVE-1999-0298 (ypbind with -ypset and -ypsetme options activated in Linux Slackware ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0287 (Vulnerability in the Wguest CGI program. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0286 (In some NT web servers, appending a space at the end of a URL may ...)
	NOT-FOR-US: Windows
CVE-1999-0285 (Denial of service in telnet from the Windows NT Resource Kit, by ...)
	NOT-FOR-US: Windows
CVE-1999-0284 (Denial of service to NT mail servers including Ipswitch, Mdaemon, and ...)
	NOT-FOR-US: Windows
CVE-1999-0283 (The Java Web Server would allow remote users to obtain the source ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0282
	REJECTED
CVE-1999-0271 (Progressive Networks Real Video server (pnserver) can be crashed remotely. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0261 (Netmanager Chameleon SMTPd has several buffer overflows that cause a crash. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0258 (Bonk variation of teardrop IP fragmentation denial of service. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0257 (Nestea variation of teardrop IP fragmentation denial of service. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0255 (Buffer overflow in ircd allows arbitrary command execution. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0254 (A hidden SNMP community string in HP OpenView allows remote attackers ...)
	NOT-FOR-US: HP
CVE-1999-0253 (IIS 3.0 with the iis-fix hotfix installed allows remote intruders to ...)
	NOT-FOR-US: Windows
CVE-1999-0250 (Denial of service in Qmail through long SMTP commands. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0249 (Windows NT RSHSVC program allows remote users to execute arbitrary ...)
	NOT-FOR-US: Windows
CVE-1999-0246 (HP Remote Watch allows a remote user to gain root access. ...)
	NOT-FOR-US: HP
CVE-1999-0243 (Linux cfingerd could be exploited to gain root access. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0242 (Remote attackers can access mail files via POP3 in some Linux systems ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0241 (Guessable magic cookies in X Windows allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0240 (Some filters or firewalls allow fragmented SYN packets with IP ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0238 (php.cgi allows attackers to read any file on the system. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0235 (Buffer overflow in NCSA WebServer (1.4.1 and below) gives remote access. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0232 (Buffer overflow in NCSA WebServer (version 1.5c) gives remote access. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0231 (Buffer overflow in IP-Switch IMail and Seattle Labs Slmail 2.6 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0229 (Denial of service in Windows NT IIS server using ..\.. ...)
	NOT-FOR-US: Windows
CVE-1999-0226 (Windows NT TCP/IP processes fragmented IP packets improperly, causing ...)
	NOT-FOR-US: Windows
CVE-1999-0222 (Denial of service in Cisco IOS web server allows attackers to reboot ...)
	NOT-FOR-US: Cisco
CVE-1999-0220 (Attackers can do a denial of service of IRC by crashing the server. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0216 (Denial of service of inetd on Linux through SYN and RST packets. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0213 (libnsl in Solaris allowed an attacker to perform a denial of service ...)
	NOT-FOR-US: Solaris
CVE-1999-0205 (Denial of service in Sendmail 8.6.11 and 8.6.12. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0200 (Windows NT FTP server (WFTP) with the guest account enabled without a ...)
	NOT-FOR-US: Windows
CVE-1999-0198 (finger .@host on some systems may print information on some user accounts. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0197 (finger 0@host on some systems may print information on some user accounts. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0195 (Denial of service in RPC portmapper allows attackers to register or ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0193 (Denial of service in Ascend and 3com routers, which can be rebooted by ...)
	NOT-FOR-US: Ascend/3com
CVE-1999-0187
	REJECTED
CVE-1999-0186 (In Solaris, an SNMP subagent has a default community string that allows remote ...)
	NOT-FOR-US: Solaris
CVE-1999-0171 (Denial of service in syslog by sending it a large number of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0169 (NFS allows attackers to read and write any file on the system by ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0165 (NFS cache poisoning. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0163 (In older versions of Sendmail, an attacker could use a pipe character ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0156 (wu-ftpd FTP daemon allows any user and password combination. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0154 (IIS 2.0 and 3.0 allows remote attackers to read the source code for ...)
	NOT-FOR-US: Windows
CVE-1999-0144 (Denial of service in Qmail by specifying a large number of recipients ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0140 (Denial of service in RAS/PPTP on NT systems. ...)
	NOT-FOR-US: Windows
CVE-1999-0127 (swinstall and swmodify commands in SD-UX package in HP-UX systems ...)
	NOT-FOR-US: HP-UX
CVE-1999-0123 (Race condition in Linux mailx command allows local users to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0121 (Buffer overflow in dtaction command gives root access. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0119 (Windows NT 4.0 beta allows users to read and delete shares. ...)
	NOT-FOR-US: Windows
CVE-1999-0114 (Local users can execute commands as other users, and read other users' ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0110
	REJECTED
CVE-1999-0107 (Buffer overflow in Apache 1.2.5 and earlier allows a remote attacker ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0106 (Finger redirection allows finger bombs. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0105 (finger allows recursive searches by using a long string of @ symbols. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0104 (A later variation on the Teardrop IP denial of service attack, ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0098 (Buffer overflow in SMTP HELO command in Sendmail allows a remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0092 (Various vulnerabilities in the AIX portmir command allows ...)
	NOT-FOR-US: AIX
CVE-1999-0089 (Buffer overflow in AIX libDtSvc library can allow local users ...)
	NOT-FOR-US: AIX
CVE-1999-0088 (IRIX and AIX automountd services (autofsd) allow remote users to ...)
	NOT-FOR-US: AIX
CVE-1999-0086 (AIX routed allows remote users to modify sensitive files. ...)
	NOT-FOR-US: AIX
CVE-1999-0078 (pcnfsd (aka rpc.pcnfsd) allows local users to change file permissions, ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0076 (Buffer overflow in wu-ftp from PASV command causes a core dump. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0061 (File creation and deletion, and remote execution, in the BSD ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0033 (Command execution in Sun systems via buffer overflow in the at ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0030 (root privileges via buffer overflow in xlock command on SGI IRIX ...)
	NOT-FOR-US: SGI
CVE-1999-0020
	REJECTED
CVE-1999-0015 (Teardrop IP denial of service. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0004 (MIME buffer overflow in email clients, e.g. Solaris mailtool ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0001 (ip_input.c in BSD-derived TCP/IP implementations allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker