CVE-2008-7321 (The tubepress plugin before 1.6.5 for WordPress has XSS. ...) NOT-FOR-US: tubepress plugin for WordPress CVE-2008-7320 (** DISPUTED ** GNOME Seahorse through 3.30 allows physically proximate ...) - seahorse (unimportant) NOTE: https://bugs.launchpad.net/ubuntu/+source/seahorse/+bug/189774 NOTE: https://bugs.launchpad.net/ubuntu/+source/seahorse/+bug/189774/comments/13 NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=551036 NOTE: Explicitly a design decision by upstream and not considered a security issue CVE-2008-7319 (The Net::Ping::External extension through 0.15 for Perl does not prope ...) - libnet-ping-external-perl (bug #881097) [wheezy] - libnet-ping-external-perl (Package may be removed from Wheezy, see #881102) NOTE: https://rt.cpan.org/Public/Bug/Display.html?id=33230 NOTE: Proposed patch: http://matthias.sdfeu.org/devel/net-ping-external-cmd-injection.patch CVE-2008-7318 RESERVED CVE-2008-7317 RESERVED CVE-2008-7316 (mm/filemap.c in the Linux kernel before 2.6.25 allows local users to c ...) - linux (Issue fixed before the src:linux-2.6 rename) - linux-2.6 2.6.25-1 NOTE: https://git.kernel.org/linus/124d3b7041f9a0ca7c43a6293e1cae4576c32fd5 (v2.6.25-rc1) CVE-2008-7315 (UI-Dialog 1.09 and earlier allows remote attackers to execute arbitrar ...) - libui-dialog-perl 1.21-0.1 (bug #496448) [jessie] - libui-dialog-perl (Minor issue) [wheezy] - libui-dialog-perl (Minor issue) [squeeze] - libui-dialog-perl (Minor issue) NOTE: https://rt.cpan.org/Public/Bug/Display.html?id=107364 NOTE: https://www.openwall.com/lists/oss-security/2015/10/08/2 CVE-2008-7314 (mIRC before 6.35 allows attackers to cause a denial of service (crash) ...) NOT-FOR-US: mIRC CVE-2008-7313 (The _httpsrequest function in Snoopy allows remote attackers to execut ...) {DSA-3248-1 DLA-357-1} - libphp-snoopy 2.0.0-1 (bug #778634) NOTE: additional commit missing, so fix for CVE-2008-4796 was incomplete NOTE: http://snoopy.cvs.sourceforge.net/viewvc/snoopy/Snoopy/Snoopy.class.php?view=log#rev1.27 CVE-2008-7312 (The Filtering Service in Websense Enterprise 5.2 through 6.3 does not ...) NOT-FOR-US: Websense CVE-2008-7311 (The session cookie store implementation in Spree 0.2.0 uses a hardcode ...) NOT-FOR-US: Spree CVE-2008-7310 (Spree 0.2.0 does not properly restrict the use of a hash to provide va ...) NOT-FOR-US: Spree CVE-2008-7309 (Insoshi before 20080920 does not properly restrict the use of a hash t ...) NOT-FOR-US: Insoshi CVE-2008-7308 REJECTED CVE-2008-7307 REJECTED CVE-2008-7306 REJECTED CVE-2008-7305 REJECTED CVE-2008-7304 REJECTED CVE-2008-7303 (The nonet and nointernet sandbox profiles in Apple Mac OS X 10.5.x do ...) NOT-FOR-US: Apple Mac OS X CVE-2008-7302 (SQL injection vulnerability in netinvoice.php in the nBill (com_netinv ...) NOT-FOR-US: Joomla extension CVE-2008-7301 (SQL injection vulnerability in admin/login.php in jSite 1.0 OE allows ...) NOT-FOR-US: jSite CVE-2008-7300 (The labeled networking implementation in Solaris Trusted Extensions in ...) NOT-FOR-US: Oracle Solaris CVE-2008-7299 (IBM Tivoli Federated Identity Manager (TFIM) 6.2.0 before 6.2.0.2 uses ...) NOT-FOR-US: Tivoli CVE-2008-7298 (The Android browser in Android cannot properly restrict modifications ...) NOT-FOR-US: Android browser CVE-2008-7297 (Opera cannot properly restrict modifications to cookies established in ...) NOT-FOR-US: Opera CVE-2008-7296 (Apple Safari cannot properly restrict modifications to cookies establi ...) NOT-FOR-US: Safari, see CVE-2008-7294 for potential webkit ramifications CVE-2008-7295 (Microsoft Internet Explorer cannot properly restrict modifications to ...) NOT-FOR-US: Internet Explorer CVE-2008-7294 (Google Chrome before 4.0.211.0 cannot properly restrict modifications ...) - chromium-browser 4.0.211.0 - webkit CVE-2008-7293 (Mozilla Firefox before 4 cannot properly restrict modifications to coo ...) - iceweasel 4.0-1 (unimportant) NOTE: This is about the lack of HTTP Strict Transport Security, which is ultimately NOTE: a security feature enhancement CVE-2008-7292 (Bugzilla 2.20.x before 2.20.5, 2.22.x before 2.22.3, and 3.0.x before ...) - bugzilla 3.0.4-1 CVE-2008-7290 (Memory leak in the ldap_explode_rdn API function in IBM Tivoli Directo ...) NOT-FOR-US: Tivoli CVE-2008-7289 (IBM Tivoli Directory Server (TDS) 5.2 before 5.2.0.5-TIV-ITDS-LA0007 d ...) NOT-FOR-US: Tivoli CVE-2008-7288 (IBM Tivoli Directory Server (TDS) 5.2 before 5.2.0.5-TIV-ITDS-LA0007 o ...) NOT-FOR-US: Tivoli CVE-2008-7287 (Multiple memory leaks in the (1) ldap_init and (2) ldap_url_search_dir ...) NOT-FOR-US: Tivoli CVE-2008-7286 (IBM Lotus Quickr 8.1 before 8.1.0.2 services for Lotus Domino does not ...) NOT-FOR-US: IBM Lotus Quickr CVE-2008-7285 (Unspecified vulnerability in the docnote string handling implementatio ...) NOT-FOR-US: IBM Lotus Quickr CVE-2008-7284 (IBM Lotus Quickr 8.1 before 8100.003 services for Lotus Domino allows ...) NOT-FOR-US: IBM Lotus Quickr CVE-2008-7283 (Open Ticket Request System (OTRS) before 2.2.6, when customer group su ...) - otrs2 2.2.6-1 CVE-2008-7282 (Kernel/Output/HTML/CustomerNewTicketQueueSelectionGeneric.pm in Open T ...) - otrs2 2.2.6-1 CVE-2008-7281 (Open Ticket Request System (OTRS) before 2.2.7 sends e-mail containing ...) - otrs2 2.2.7-1 CVE-2008-7280 (Kernel/System/EmailParser.pm in PostmasterPOP3.pl in Open Ticket Reque ...) - otrs2 2.2.7-1 CVE-2008-7279 (The CustomerInterface component in Open Ticket Request System (OTRS) b ...) - otrs2 2.3.2-1 CVE-2008-7278 (The S/MIME feature in Open Ticket Request System (OTRS) before 2.2.5, ...) - otrs2 2.3.2-1 (low) CVE-2008-7277 (Open Ticket Request System (OTRS) before 2.3.0-beta4 checks for the rw ...) - otrs2 2.3.2-1 (low) CVE-2008-7276 (Kernel/System/Web/Request.pm in Open Ticket Request System (OTRS) befo ...) - otrs2 2.3.2-1 (low) CVE-2008-7275 (Multiple cross-site scripting (XSS) vulnerabilities in Open Ticket Req ...) - otrs2 2.3.3-1 CVE-2008-7274 (IBM WebSphere Application Server (WAS) 6.1.0.9, when the JAAS Login fu ...) NOT-FOR-US: IBM WebSphere Application Server CVE-2008-7271 (Multiple cross-site scripting (XSS) vulnerabilities in the Help Conten ...) - eclipse (Fixed before the version now in Squeeze) CVE-2008-7270 (OpenSSL before 0.9.8j, when SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG is ...) - openssl 0.9.8k-1 [lenny] - openssl 0.9.8g-15+lenny11 NOTE: lenny was fixed as a side effect of the fix of CVE-2010-4180 NOTE: which disabled the bug compatibility code CVE-2008-7269 (Open redirect vulnerability in api.php in SiteEngine 5.x allows user-a ...) NOT-FOR-US: SiteEngine CVE-2008-7268 (The phpinfo function in SiteEngine 5.x allows remote attackers to obta ...) NOT-FOR-US: SiteEngine CVE-2008-7267 (SQL injection vulnerability in announcements.php in SiteEngine 5.x all ...) NOT-FOR-US: SiteEngine CVE-2008-7266 (Cross-site scripting (XSS) vulnerability in an unspecified Shockwave F ...) NOT-FOR-US: RSA Adaptive Authentication CVE-2008-7265 (The pr_data_xfer function in ProFTPD before 1.3.2rc3 allows remote aut ...) {DSA-2191-1} - proftpd-dfsg 1.3.2-1 (low) CVE-2008-7264 (The ftp_QUIT function in ftpserver.py in pyftpdlib before 0.5.0 allows ...) - python-pyftpdlib (Fixed before initial upload to the archive) CVE-2008-7263 (ftpserver.py in pyftpdlib before 0.5.0 does not delay its response aft ...) - python-pyftpdlib (Fixed before initial upload to the archive) CVE-2008-7262 (Multiple directory traversal vulnerabilities in FTPServer.py in pyftpd ...) - python-pyftpdlib (Fixed before initial upload to the archive) CVE-2008-7261 (The Workplace (aka WP) component in IBM FileNet P8 Application Engine ...) NOT-FOR-US: IBM FileNet P8 Application Engine CVE-2008-XXXX [greylistd bypass] - greylistd 0.8.7+nmu2 (low; bug #464084) [lenny] - greylistd (Minor issue) CVE-2008-7260 RESERVED CVE-2008-7259 RESERVED CVE-2008-7258 - ssmtp (unimportant; bug #591515) CVE-2008-7257 (CRLF injection vulnerability in +webvpn+/index.html in WebVPN on Cisco ...) NOT-FOR-US: Cisco Adaptive Security Appliances CVE-2008-7256 (mm/shmem.c in the Linux kernel before 2.6.28-rc8, when strict overcomm ...) - linux-2.6 2.6.28-1 (low) [lenny] - linux-2.6 2.6.26-23 CVE-2008-7255 (login_screen.tcl in aMSN (aka Alvaro's Messenger) before 0.97.1 saves ...) - amsn 0.97.1~debian-1 (low) CVE-2008-7254 (Directory traversal vulnerability in includes/template-loader.php in I ...) NOT-FOR-US: Pepsi CMS CVE-2008-7253 (The default configuration of the web server in IBM Lotus Domino Server ...) NOT-FOR-US: IBM Lotus Domino Server CVE-2008-7252 (libraries/File.class.php in phpMyAdmin 2.11.x before 2.11.10 uses pred ...) {DSA-2034-1} - phpmyadmin 4:3.0.0-1 NOTE: http://phpmyadmin.svn.sourceforge.net/viewvc/phpmyadmin?view=rev&revision=11528 CVE-2008-7251 (libraries/File.class.php in phpMyAdmin 2.11.x before 2.11.10 creates a ...) {DSA-2034-1} - phpmyadmin 4:3.0.0-1 NOTE: http://phpmyadmin.svn.sourceforge.net/viewvc/phpmyadmin?view=rev&revision=11536 CVE-2008-7250 (Cross-site scripting (XSS) vulnerability in Squid Analysis Report Gene ...) - sarg 2.2.5-1 (low) CVE-2008-7249 (Buffer overflow in Squid Analysis Report Generator (Sarg) 2.2.3.1, and ...) - sarg 2.2.4-1 (medium) CVE-2008-7247 (sql/sql_table.cc in MySQL 5.0.x through 5.0.88, 5.1.x through 5.1.41, ...) - mysql-5.1 5.1.49-3 (low; bug #569484) - mysql-dfsg-5.0 (Vulnerable code not present) CVE-2008-7248 (Ruby on Rails 2.1 before 2.1.3 and 2.2.x before 2.2.2 does not verify ...) - rails 2.2.3-1 (medium; bug #558685) [lenny] - rails (Vulnerable code not present) NOTE: http://weblog.rubyonrails.org/2008/11/18/potential-circumvention-of-csrf-protection-in-rails-2-1 CVE-2008-7246 (Google Chrome 0.2.149.29 and earlier allows remote attackers to cause ...) - chromium-browser (unimportant) NOTE: browser denial of services aren't considered security-relevant CVE-2008-7245 (Opera 9.52 and earlier allows remote attackers to cause a denial of se ...) NOT-FOR-US: Opera CVE-2008-7244 (Mozilla Firefox 3.0.1 and earlier allows remote attackers to cause a d ...) - xulrunner (unimportant) NOTE: browser denial-of-services are unimportant CVE-2008-7243 (Cross-site request forgery (CSRF) vulnerability in page 34 in MODx CMS ...) NOT-FOR-US: MODx CMS CVE-2008-7242 (Multiple cross-site scripting (XSS) vulnerabilities in MODx CMS 0.9.6. ...) NOT-FOR-US: MODx CMS CVE-2008-7241 (Cross-site request forgery (CSRF) vulnerability in PunBB before 1.2.17 ...) NOT-FOR-US: PunBB CVE-2008-7240 (Directory traversal vulnerability in include/unverified.inc.php in Lin ...) NOT-FOR-US: Linux Web Shop (LWS) php User Base CVE-2008-7228 (Multiple format string vulnerabilities in White_Dune before 0.29beta85 ...) - whitedune (bug #546903) NOTE: The debian binary versions are not compiled with the --with-aflockdebug option CVE-2008-7224 (Buffer overflow in entity_cache in ELinks before 0.11.4rc0 allows remo ...) {DSA-1902-1} - elinks 0.11.3-1 (low; bug #380347) CVE-2008-7239 (Multiple unspecified vulnerabilities in Oracle E-Business Suite 11.5.1 ...) NOT-FOR-US: Oracle E-Business Suite CVE-2008-7238 (Multiple unspecified vulnerabilities in Oracle E-Business Suite 12.0.3 ...) NOT-FOR-US: Oracle E-Business Suite CVE-2008-7237 (Unspecified vulnerability in the Oracle Internet Directory component i ...) NOT-FOR-US: Oracle Application Server CVE-2008-7236 (Unspecified vulnerability in the Oracle JDeveloper component in Oracle ...) NOT-FOR-US: Oracle Application Server CVE-2008-7235 (Unspecified vulnerability in the Oracle Forms component in Oracle Appl ...) NOT-FOR-US: Oracle Application Server CVE-2008-7234 (Unspecified vulnerability in the Oracle BPEL Worklist Application comp ...) NOT-FOR-US: Oracle Application Server CVE-2008-7233 (Unspecified vulnerability in the E-Business Application client, as use ...) NOT-FOR-US: E-Business Application client CVE-2008-7232 (Buffer overflow in the report function in xtacacsd 4.1.2 and earlier a ...) NOT-FOR-US: xtacacsd CVE-2008-7231 (Cross-site scripting (XSS) vulnerability in Meridio Document and Recor ...) NOT-FOR-US: Meridio Document and Records Management CVE-2008-7230 (Unspecified vulnerability in Small Footprint CIM Broker (SFCB) before ...) NOT-FOR-US: Small Footprint CIM Broker CVE-2008-7229 (GreenSQL Firewall (greensql-fw) before 0.9.2 allows remote attackers t ...) NOT-FOR-US: GreenSQL Firewall CVE-2008-7227 (PartialBufferOutputStream2 in GeoServer before 1.6.1 and 1.7.0-beta1 a ...) NOT-FOR-US: GeoServer CVE-2008-7226 (SQL injection vulnerability in index.php in the Recipes module 1.3, 1. ...) NOT-FOR-US: Recipes module for PHP-Nuke CVE-2008-7225 (Heap-based buffer overflow in Foxit Remote Access Server (aka WAC Serv ...) NOT-FOR-US: Foxit Remote Access Server CVE-2008-7223 (Multiple cross-site scripting (XSS) vulnerabilities in LinPHA before 1 ...) NOT-FOR-US: LinPHA CVE-2008-7222 (Cross-site scripting (XSS) vulnerability in system/admin.php in RunCMS ...) NOT-FOR-US: RunCMS CVE-2008-7221 (Cross-site request forgery (CSRF) vulnerability in RunCMS 1.6.1 allows ...) NOT-FOR-US: RunCMS CVE-2008-7220 (Unspecified vulnerability in Prototype JavaScript framework (prototype ...) {DSA-1952-1} - prototypejs 1.6.0.2-1 - asterisk 1:1.6.2.0~rc3-1 (low; bug #555220) [etch] - asterisk (Etch Packages no longer covered by security support) [lenny] - asterisk (Minor issue) - auth2db 0.2.5-2+dfsg-1 (low; bug #555217) - libaws 2.7-1 (low; bug #555221) [etch] - libaws (minor issue) [lenny] - libaws (minor issue) - libjson-ruby 1.1.4-1 (low; bug #555223) [lenny] - libjson-ruby 1.1.2-1+lenny1 - lucene2 2.9.1+ds1-2 (unimportant; bug #555225) [etch] - lucene2 (prototype.js not present) NOTE: prototype.js copy unused per #555225 - glpi 0.72.3-1 (low; bug #555228) [etch] - glpi (minor issue) [lenny] - glpi (minor issue) - knowledgeroot 0.9.9.5-1 (low; bug #555229) [etch] - knowledgeroot (minor issue) [lenny] - knowledgeroot (Vulnerable code not present) - mt-daapd 0.9~r1696.dfsg-6 (low; bug #555231) [etch] - mt-daapd 0.2.4+r1376-1.1+etch3 - mediatomb 0.12.0~svn2018-5 (low; bug #555232) [lenny] - mediatomb (minor issue) - op-panel 0.30~dfsg-1 (low; bug #555234) - ebug-http 0.31-2.1 (low; bug #555235) [lenny] - ebug-http (Minor issue) - poker-network 1.7.6-1 (low; bug #555237) [etch] - poker-network (minor issue) - webhelpers 0.3.4-2 (low; bug #555239) - qwik (low; bug #555240) [etch] - qwik (minor issue) [lenny] - qwik (minor issue) - wordpress 2.5.0-2 (low; bug #555242) [etch] - wordpress (prototype.js not present) - exaile 0.2.14+debian-2.2 (low; bug #555244) [lenny] - exaile (minor issue) - hobix 0.5~svn20070319-4 (low; bug #555246) [lenny] - hobix (minor issue) - pixelpost 1.7.1-6 (low; bug #555248) [lenny] - pixelpost (minor issue) - symfony 1.0.21-1.1 (low; bug #555250) [lenny] - symfony (minor issue) - jscropperui 1.2.1-1 (low; bug #555255) [lenny] - jscropperui (minor issue) - rt-extension-emailcompletion (prototype.js not included in the binary package; bug #555258) - scriptaculous 1.8.3-1 (low; bug #555259) [lenny] - scriptaculous (Minor issue) - activeldap 1.0.9-1 (unimportant; bug #555263) NOTE: Only shipped in an example - otrs2 2.3.4-6 (low; bug #555266) [etch] - otrs2 (prototype.js not present) [lenny] - otrs2 (prototype.js not present) - webcalendar 1.2~b1-2 (low; bug #555268) [lenny] - webcalendar (prototype.js not present) - libhtml-prototype-perl 1.48-3 (low; bug #558977) [etch] - libhtml-prototype-perl (minor issue) [lenny] - libhtml-prototype-perl (minor issue) - plone3 (low; bug #555274) - wesnoth (prototype.js not included in any of the binary packages; bug #555266) - webcit (fixed since initial inclusion) - zabbix (fixed since initial inclusion) - chora2 (fixed since initial inclusion) - gollem (fixed since initial inclusion) - ingo1 (fixed since initial inclusion) - kronolith2 (fixed since initial inclusion) - jifty (fixed since initial inclusion) - jquery (fixed since initial inclusion) - passenger (fixed since initial inclusion) CVE-2008-7219 (Horde Kronolith H3 2.1 before 2.1.7 and 2.2 before 2.2-RC2; Nag H3 2.1 ...) - kronolith2 2.1.7-1 - nag2 2.1.4-1 - mnemo2 2.1.2-1 CVE-2008-7218 (Unspecified vulnerability in the Horde API in Horde 3.1 before 3.1.6 a ...) {DSA-1897-1} - horde3 3.1.6-1 - turba2 2.1.7-1 - kronolith2 2.1.7-1 - nag2 2.1.4-1 - mnemo2 2.1.2-1 CVE-2008-7217 (Microsoft Office 2008 for Mac, when running on Macintosh systems that ...) NOT-FOR-US: Microsoft Office CVE-2008-7216 (Peter's Math Anti-Spam Spinoff plugin for WordPress generates audio CA ...) NOT-FOR-US: Math Anti-Spam Spinoff plugin for WordPress CVE-2008-7215 (The Image Manager in MOStlyCE before 2.4, as used in Mambo 4.6.3 and e ...) NOT-FOR-US: MOStlyCE CVE-2008-7214 (Cross-site request forgery (CSRF) vulnerability in administrator/index ...) NOT-FOR-US: MOStlyCE CVE-2008-7213 (Cross-site scripting (XSS) vulnerability in mambots/editors/mostlyce/j ...) NOT-FOR-US: MOStlyCE CVE-2008-7212 (MOStlyCE before 2.4, as used in Mambo 4.6.3 and earlier, allows remote ...) NOT-FOR-US: MOStlyCE CVE-2008-7211 (CreativeLabs es1371mp.sys 5.1.3612.0 WDM audio driver, as used in Enso ...) NOT-FOR-US: CreativeLabs WDM audio driver CVE-2008-7210 (directory.php in AJchat 0.10 allows remote attackers to bypass input v ...) NOT-FOR-US: AJchat CVE-2008-7209 (Unrestricted file upload vulnerability in the add2 action in a_upload. ...) NOT-FOR-US: OneCMS CVE-2008-7208 (Multiple SQL injection vulnerabilities in OneCMS 2.4, and possibly ear ...) NOT-FOR-US: OneCMS CVE-2008-7207 (RivetTracker before 1.0 stores passwords in cleartext in config.php, w ...) NOT-FOR-US: RivetTracker CVE-2008-7206 (Unspecified vulnerability in Electronic Logbook (ELOG) before 2.7.2 ha ...) NOT-FOR-US: Electronic Logbook CVE-2008-7205 (Unspecified vulnerability in the product view functionality in VirtueM ...) NOT-FOR-US: VirtueMart CVE-2008-7204 (Cross-site request forgery (CSRF) vulnerability in VirtueMart 1.0.13a ...) NOT-FOR-US: VirtueMart CVE-2008-7203 (Valve Software Half-Life Counter-Strike 1.6 allows remote attackers to ...) NOT-FOR-US: Valve Software Half-Life Counter-Strike CVE-2008-7202 (Multiple cross-site scripting (XSS) vulnerabilities in OpenWebMail bef ...) NOT-FOR-US: OpenWebMail CVE-2008-7201 (Lantronix MSS485-T allows remote attackers to cause a denial of servic ...) NOT-FOR-US: Lantronix MSS485-T CVE-2008-7200 (Double free vulnerability in Deliantra server engine before 2.4 has un ...) NOT-FOR-US: Deliantra server engine CVE-2008-7199 (Phoenix Contact FL IL 24 BK-PAC allows remote attackers to cause a den ...) NOT-FOR-US: Phoenix Contact FL IL 24 BK-PAC CVE-2008-7198 (Multiple unspecified vulnerabilities in phpns before 2.1.1beta1 have u ...) NOT-FOR-US: phpns CVE-2008-7197 (Multiple unspecified vulnerabilities in G15Daemon before 1.9.4 have un ...) NOT-FOR-US: G15Daemon CVE-2008-7196 (Unspecified vulnerability in metashell before 0.03 has unknown impact ...) NOT-FOR-US: metashell CVE-2008-7195 (Unspecified vulnerability in Fujitsu Interstage HTTP Server, as used i ...) NOT-FOR-US: Fujitsu Interstage HTTP Server CVE-2008-7194 (Unspecified vulnerability in Fujitsu Interstage HTTP Server, as used i ...) NOT-FOR-US: Fujitsu Interstage HTTP Server CVE-2008-7193 (PHPKIT 1.6.4 PL1 includes the session ID in the URL, which allows remo ...) NOT-FOR-US: PHPKIT CVE-2008-7192 (Cross-site request forgery (CSRF) vulnerability in index.php in WoltLa ...) NOT-FOR-US: WoltLab Burning Board CVE-2008-7191 (Unspecified vulnerability in Polipo before 1.0.4 allows remote attacke ...) - polipo 1.0.4-1 (low) CVE-2008-7190 (Unspecified vulnerability in Adium before 1.2 has unknown impact and a ...) NOT-FOR-US: Adium CVE-2008-7189 (Multiple unspecified vulnerabilities in Local Media Browser before 0.1 ...) NOT-FOR-US: Local Media Browser CVE-2008-7188 (ClipShare 2.6 does not properly restrict access to certain functionali ...) NOT-FOR-US: ClipShare CVE-2008-7187 (Coppermine Photo Gallery (CPG) 1.4.14 allows remote attackers to obtai ...) NOT-FOR-US: Coppermine Photo Gallery CVE-2008-7186 (Coppermine Photo Gallery (CPG) 1.4.14 does not restrict access to upda ...) NOT-FOR-US: Coppermine Photo Gallery CVE-2008-7185 (GNOME Rhythmbox 0.11.5 allows remote attackers to cause a denial of se ...) - rhythmbox (unimportant) NOTE: No practical security impact CVE-2008-7184 (Cross-site scripting (XSS) vulnerability in Diigo Toolbar and Diigolet ...) NOT-FOR-US: Diigo Toolbar and Diigolet CVE-2008-7183 (PHP remote file inclusion vulnerability in eva/index.php in EVA CMS 2. ...) NOT-FOR-US: EVA CMS CVE-2008-7182 (Buffer overflow in the IMAP service in NetWin Surgemail 3.9e, and poss ...) NOT-FOR-US: Surgemail CVE-2008-7181 (Butterfly Organizer 2.0.0 allows remote attackers to (1) delete arbitr ...) NOT-FOR-US: Butterfly Organizer CVE-2008-7180 (del_query1.php in Telephone Directory 2008 allows remote attackers to ...) NOT-FOR-US: Telephone Directory CVE-2008-7179 (OTManager CMS 2.4 allows remote attackers to bypass authentication and ...) NOT-FOR-US: OTManager CVE-2008-7178 (Directory traversal vulnerability in Uploader module 1.1 for XOOPS all ...) NOT-FOR-US: XOOPS CVE-2008-7177 (Buffer overflow in the listing module in Netwide Assembler (NASM) befo ...) - nasm 2.03.01-1 (low) CVE-2008-7176 (Multiple directory traversal vulnerabilities in Facil CMS 0.1RC allow ...) NOT-FOR-US: Facil CMS CVE-2008-7175 (Cross-site scripting (XSS) vulnerability in wp-admin/admin.php in Next ...) NOT-FOR-US: NextGEN Gallery third party plugin for wordpress CVE-2008-7174 (Multiple buffer overflows in the Jura Internet Connection Kit for the ...) NOT-FOR-US: Jura Impressa CVE-2008-7173 (The Jura Internet Connection Kit for the Jura Impressa F90 coffee make ...) NOT-FOR-US: Jura Impressa CVE-2008-7172 (Lightweight news portal (LNP) 1.0b does not properly restrict access t ...) NOT-FOR-US: Lightweight news portal CVE-2008-7171 (Multiple cross-site scripting (XSS) vulnerabilities in Lightweight new ...) NOT-FOR-US: Lightweight news portal CVE-2008-7170 (GSC build 2067 and earlier relies on the client to enforce administrat ...) NOT-FOR-US: GSC build CVE-2008-7169 (SQL injection vulnerability in Jabode horoscope extension (com_jabode) ...) NOT-FOR-US: Joomla! CVE-2008-7168 (Insecure method vulnerability in the UUSee UUUpgrade ActiveX control ( ...) NOT-FOR-US: ActiveX CVE-2008-7167 (Unrestricted file upload vulnerability in upload.php in Page Manager 2 ...) NOT-FOR-US: Page Manager CVE-2008-7166 (Buffer overflow in the web interface in BitTorrent 6.0.1 (build 7859) ...) NOT-FOR-US: web interface in BitTorrent 6.0.1 (build 7859) CVE-2008-7165 (Cross-site request forgery in cp06_wifi_m_nocifr.cgi in the administra ...) NOT-FOR-US: TELECOM ITALIA Alice Gate2 Plus Wi-Fi CVE-2008-7164 (Multiple unspecified vulnerabilities in Shareaza before 2.3.1.0 have u ...) NOT-FOR-US: Shareaza CVE-2008-7163 (Directory traversal vulnerability in mods/Integrated/index.php in Sine ...) NOT-FOR-US: SineCMS CVE-2008-7162 (Buffer overflow in Hero Super Player 3000 allows remote attackers to c ...) NOT-FOR-US: Hero Super Player CVE-2008-7161 (Fortinet FortiGuard Fortinet FortiGate-1000 3.00 build 040075,070111 a ...) NOT-FOR-US: Fortinet FortiGuard Fortinet CVE-2008-7159 (The silc_asn1_encoder function in lib/silcasn1/silcasn1_encode.c in Se ...) {DSA-1879-1} [lenny] - silc-toolkit 1.1.7-2+lenny1 - silc-toolkit 1.1.10-1 (low) - silc-client 1.1-2 (low) - silc-server (Vulnerable code not present) NOTE: silc-client uses libsilc from silc-toolkit since 1.1-2 CVE-2008-7160 (The silc_http_server_parse function in lib/silchttp/silchttpserver.c i ...) {DSA-1879-1} - silc-toolkit 1.1.10-1 (low) - silc-client 1.1-2 (low) - silc-server 1.1.2-1 (low) NOTE: silc-client/silc-server use libsilc from silc-toolkit since 1.1-2 CVE-2008-7158 (Numara FootPrints 7.5a through 7.5a1 and 8.0 through 8.0a allows remot ...) NOT-FOR-US: Numara FootPrints CVE-2008-7157 (Unrestricted file upload vulnerability in EkinBoard 1.1.0 and earlier ...) NOT-FOR-US: EkinBoard CVE-2008-7156 (EkinBoard 1.1.0 and earlier, when register_globals is enabled, allows ...) NOT-FOR-US: EkinBoard CVE-2008-7155 (NetRisk 1.9.7 does not properly restrict access to admin/change_submit ...) NOT-FOR-US: NetRisk CVE-2008-7154 (Docebo 3.5.0.3 and earlier allows remote attackers to obtain sensitive ...) NOT-FOR-US: Docebo CVE-2008-7153 (SQL injection vulnerability in the autoDetectRegion function in docebo ...) NOT-FOR-US: Docebo CVE-2008-7152 (Multiple PHP remote file inclusion vulnerabilities in Specimen Image D ...) NOT-FOR-US: Specimen Image Database CVE-2008-7151 (Cross-site request forgery (CSRF) vulnerability in Live 5.x before 5.x ...) NOT-FOR-US: Live third-party Drupal module CVE-2008-7150 (Cross-site scripting (XSS) vulnerability in Refine by Taxonomy 5.x bef ...) NOT-FOR-US: Refine by Taxonomy CVE-2008-7149 (Unspecified vulnerability in AgileWiki before 0.10.1 has unknown impac ...) NOT-FOR-US: AgileWiki CVE-2008-7148 (Unspecified vulnerability in Synfig Animation Studio before 0.61.08 al ...) - synfig 0.61.08-1 CVE-2008-7147 (Multiple cross-site scripting (XSS) vulnerabilities in IntraLearn Soft ...) NOT-FOR-US: IntraLearn Software IntraLearn CVE-2008-7146 (IntraLearn Software IntraLearn 2.1, and possibly other versions before ...) NOT-FOR-US: IntraLearn Software IntraLearn CVE-2008-7145 (Multiple SQL injection vulnerabilities in index.php in CoronaMatrix ph ...) NOT-FOR-US: CoronaMatrix phpAddressBook CVE-2008-7144 (Multiple unspecified vulnerabilities in RARLAB WinRAR before 3.71 have ...) NOT-FOR-US: RARLAB WinRAR CVE-2008-7143 (phpBB 2.0.23 includes the session ID in a request to modcp.php when th ...) - phpbb2 CVE-2008-7142 (Absolute path traversal vulnerability in the Disk Usage module (fronte ...) NOT-FOR-US: cPanel CVE-2008-7141 (Cross-site scripting (XSS) vulnerability in setup.php in @lex Poll 2.1 ...) NOT-FOR-US: @lex Poll CVE-2008-7140 (Multiple cross-site scripting (XSS) vulnerabilities in @lex Guestbook ...) NOT-FOR-US: @lex Guestbook CVE-2008-7139 (Multiple cross-site request forgery (CSRF) vulnerabilities in WS-Proxy ...) NOT-FOR-US: Eye-Fi CVE-2008-7138 (The Manager in Eye-Fi 1.1.2 generates predictable snonce values based ...) NOT-FOR-US: Eye-Fi CVE-2008-7137 (WS-Proxy in Eye-Fi 1.1.2 allows remote attackers to cause a denial of ...) NOT-FOR-US: Eye-Fi CVE-2008-7136 (toolbaru.dll in ICQ Toolbar (ICQToolbar) 2.3 allows remote attackers t ...) NOT-FOR-US: ICQ Toolbar CVE-2008-7135 (toolbaru.dll in ICQ Toolbar (ICQToolbar) 2.3 allows remote attackers t ...) NOT-FOR-US: ICQ Toolbar CVE-2008-7134 (Multiple cross-site scripting (XSS) vulnerabilities in the default URI ...) NOT-FOR-US: Chris LaPointe RedGalaxy Download Center CVE-2008-7133 (Multiple cross-site scripting (XSS) vulnerabilities in onlinetools.org ...) NOT-FOR-US: onlinetools.org EasyImageCatalogue CVE-2008-7132 (Cross-site scripting (XSS) vulnerability in index.php in Nuked-Klan 1. ...) NOT-FOR-US: Nuked-Klan CVE-2008-7131 (Unspecified vulnerability in DB2 Monitoring Console 2.2.4 and earlier ...) NOT-FOR-US: DB2 Monitoring Console CVE-2008-7130 (Unspecified vulnerability in DB2 Monitoring Console 2.2.4 and earlier ...) NOT-FOR-US: DB2 Monitoring Console CVE-2008-7129 (XySSL before 0.9 allows remote attackers to cause a denial of service ...) - xyssl 0.9-1 - polarssl (fixed in xyssl before polarssl was forked from it) - pdkim (bug #543150) NOTE: check pdkim if/when it enters unstable (contains polarssl code copy) CVE-2008-7128 (The ssl_parse_client_key_exchange function in XySSL before 0.9 does no ...) - xyssl 0.9-1 - polarssl (fixed in xyssl before polarssl was forked from it) - pdkim (bug #543150) NOTE: check pdkim if/when it enters unstable (contains polarssl code copy) CVE-2008-7127 (osagent.exe in Borland VisiBroker Smart Agent 08.00.00.C1.03 and earli ...) NOT-FOR-US: Borland VisiBroker Smart Agent CVE-2008-7126 (Integer overflow in osagent.exe in Borland VisiBroker Smart Agent 08.0 ...) NOT-FOR-US: Borland VisiBroker Smart Agent CVE-2008-7125 (pphoto in Ariadne before 2.6 allows remote authenticated users with ce ...) NOT-FOR-US: Ariadne CVE-2008-7124 (zKup CMS 2.0 through 2.3 does not require administrative authenticatio ...) NOT-FOR-US: zKup CMS CVE-2008-7123 (Static code injection vulnerability in admin/configuration/modifier.ph ...) NOT-FOR-US: zKup CMS CVE-2008-7122 (Multiple insecure method vulnerabilities in an ActiveX control in (epR ...) NOT-FOR-US: ActiveX CVE-2008-7121 (Cross-site scripting (XSS) vulnerability in Mr. CGI Guy Hot Links SQL- ...) NOT-FOR-US: Mr. CGI Guy Hot Links SQL-PHP CVE-2008-7120 (SQL injection vulnerability in Mr. CGI Guy Hot Links SQL-PHP 3 and ear ...) NOT-FOR-US: Mr. CGI Guy Hot Links SQL-PHP CVE-2008-7119 (SQL injection vulnerability in item.php in WeBid auction script 0.5.4 ...) NOT-FOR-US: WeBid auction script CVE-2008-7118 (WeBid auction script 0.5.4 stores sensitive information under the web ...) NOT-FOR-US: WeBid auction script CVE-2008-7117 (eledicss.php in WeBid auction script 0.5.4 allows remote attackers to ...) NOT-FOR-US: WeBid auction script CVE-2008-7116 (SQL injection vulnerability in the admin panel (admin/) in WeBid aucti ...) NOT-FOR-US: WeBid auction script CVE-2008-7115 (The web interface to the Belkin Wireless G router and ADSL2 modem F5D7 ...) NOT-FOR-US: Belkin Wireless G CVE-2008-7114 (SQL injection vulnerability in members_search.php in iFusion Services ...) NOT-FOR-US: iFusion Services CVE-2008-7113 (The Scanner File Utility (aka listener) in Kyocera Mita (KM) 3.3.0.1 u ...) NOT-FOR-US: Kyocera Mita CVE-2008-7112 (The Scanner File Utility (aka listener) in Kyocera Mita (KM) 3.3.0.1 a ...) NOT-FOR-US: Kyocera Mita CVE-2008-7111 (The Scanner File Utility (aka listener) in Kyocera Mita (KM) 3.3.0.1 d ...) NOT-FOR-US: Kyocera Mita CVE-2008-7110 (Directory traversal vulnerability in the Scanner File Utility (aka lis ...) NOT-FOR-US: Kyocera Mita CVE-2008-7109 (The Scanner File Utility (aka listener) in Kyocera Mita (KM) 3.3.0.1 a ...) NOT-FOR-US: Kyocera Mita CVE-2008-7108 (Multiple cross-site scripting (XSS) vulnerabilities in Carmosa phpCart ...) NOT-FOR-US: Carmosa phpCart CVE-2008-7107 (easdrv.sys in ESET Smart Security 3.0.667.0 allows local users to caus ...) NOT-FOR-US: ESET Smart Security CVE-2008-7106 (The installation of Sophos PureMessage for Microsoft Exchange 3.0 befo ...) NOT-FOR-US: Microsoft Exchange CVE-2008-7105 (Sophos PureMessage for Microsoft Exchange 3.0 before 3.0.2 allows remo ...) NOT-FOR-US: Sophos PureMessage for Microsoft Exchange CVE-2008-7104 (Sophos PureMessage Scanner service (PMScanner.exe) in PureMessage for ...) NOT-FOR-US: Sophos PureMessage Scanner service CVE-2008-7103 (Stack-based buffer overflow in an ActiveX control in najdisitoolbar.dl ...) NOT-FOR-US: Toolbar 2.0.4.1 CVE-2008-7102 (DotNetNuke 2.0 through 4.8.4 allows remote attackers to load .ascx fil ...) NOT-FOR-US: DotNetNuke CVE-2008-7101 (Unspecified vulnerability in DotNetNuke 4.0 through 4.8.4 and 5.0 allo ...) NOT-FOR-US: DotNetNuke CVE-2008-7100 (Unspecified vulnerability in DotNetNuke 4.4.1 through 4.8.4 allows rem ...) NOT-FOR-US: DotNetNuke CVE-2008-7099 (Unspecified vulnerability in the Manage Templates feature in Qsoft K-R ...) NOT-FOR-US: Qsoft K-Rate Premium CVE-2008-7098 (Multiple cross-site scripting (XSS) vulnerabilities in Qsoft K-Rate Pr ...) NOT-FOR-US: Qsoft K-Rate Premium CVE-2008-7097 (Multiple SQL injection vulnerabilities in Qsoft K-Rate Premium allow r ...) NOT-FOR-US: Qsoft K-Rate Premium CVE-2008-7096 (Intel Desktop and Intel Mobile Boards with BIOS firmware DQ35JO, DQ35M ...) NOT-FOR-US: Intel Desktop and Intel Mobile Boards CVE-2008-7095 (The SNMP daemon in ArubaOS 3.3.2.6 in Aruba Mobility Controller does n ...) NOT-FOR-US: ArubaOS CVE-2008-7094 (Campaign/CampaignListener in the listener server in Unica Affinium Cam ...) NOT-FOR-US: Affinium Campaign CVE-2008-7093 (Multiple directory traversal vulnerabilities in Unica Affinium Campaig ...) NOT-FOR-US: Affinium Campaign CVE-2008-7092 (Multiple cross-site scripting (XSS) vulnerabilities in Unica Affinium ...) NOT-FOR-US: Affinium Campaign CVE-2008-7091 (Multiple SQL injection vulnerabilities in Pligg 9.9 and earlier allow ...) NOT-FOR-US: Pligg CVE-2008-7090 (Multiple directory traversal vulnerabilities in Pligg 9.9 and earlier ...) NOT-FOR-US: Pligg CVE-2008-7089 (Cross-site scripting (XSS) vulnerability in Pligg 9.9 and earlier allo ...) NOT-FOR-US: Pligg CVE-2008-7088 (Unrestricted file upload vulnerability in upload.php in PhotoPost vBGa ...) NOT-FOR-US: PhotoPost vBGallery CVE-2008-7087 (PHP remote file inclusion vulnerability in search_wA.php in OpenPro 1. ...) NOT-FOR-US: OpenPro CVE-2008-7086 (Maian Greetings 2.1 allows remote attackers to bypass authentication a ...) NOT-FOR-US: Maian Greetings CVE-2008-7085 (Multiple SQL injection vulnerabilities in TheHockeyStop HockeySTATS On ...) NOT-FOR-US: TheHockeyStop HockeySTATS Online CVE-2008-7084 (Directory traversal vulnerability in the web server 1.0 in Velocity Se ...) NOT-FOR-US: Velocity Security Management System CVE-2008-7083 (Multiple SQL injection vulnerabilities in ReVou Micro Blogging Twitter ...) NOT-FOR-US: ReVou Micro Blogging Twitter clone CVE-2008-7082 (MyBB (aka MyBulletinBoard) 1.4.3 includes the sensitive my_post_key pa ...) NOT-FOR-US: MyBB (aka MyBulletinBoard) CVE-2008-7081 (userHandler.cgi in RaidSonic ICY BOX NAS firmware 2.3.2.IB.2.RS.1 allo ...) NOT-FOR-US: RaidSonic ICY BOX NAS firmware CVE-2008-7080 (Team PHP PHP Classifieds Script stores sensitive information under the ...) NOT-FOR-US: Team PHP PHP Classifieds Script CVE-2008-7079 (Buffer overflow in Nero ShowTime 5.0.15.0 allows remote attackers to c ...) NOT-FOR-US: Nero ShowTime CVE-2008-7078 (Multiple buffer overflows in Rumpus before 6.0.1 allow remote attacker ...) NOT-FOR-US: Rumpus CVE-2008-7077 (Multiple SQL injection vulnerabilities in SailPlanner 0.3a allow remot ...) NOT-FOR-US: SailPlanner CVE-2008-7076 (Unrestricted file upload vulnerability in user.modify.profile.php in K ...) NOT-FOR-US: Kalptaru Infotech Ltd. Star Articles CVE-2008-7075 (Multiple SQL injection vulnerabilities in Kalptaru Infotech Ltd. Star ...) NOT-FOR-US: Kalptaru Infotech Ltd. Star Articles CVE-2008-7074 (Format string vulnerability in MemeCode Software i.Scribe 1.88 through ...) NOT-FOR-US: MemeCode Software i.Scribe CVE-2008-7073 (PHP remote file inclusion vulnerability in lib/action/rss.php in RSS m ...) NOT-FOR-US: RSS module 0.1 for Pie Web M{a,e}sher CVE-2008-7072 (Cross-site scripting (XSS) vulnerability in index.php in Chipmunk Tops ...) NOT-FOR-US: Chipmunk Topsites CVE-2008-7071 (SQL injection vulnerability in authenticate.php in Chipmunk Topsites a ...) NOT-FOR-US: Chipmunk Topsites CVE-2008-7070 (Argument injection vulnerability in the URI handler in KVIrc 3.4.2 Shi ...) - kvirc (Only affects Windows builds) NOTE: https://svn.kvirc.de/kvirc/ticket/274#comment:8 CVE-2008-7069 (All Club CMS (ACCMS) 0.0.2 and earlier stores sensitive information un ...) NOT-FOR-US: All Club CMS (ACCMS) CVE-2008-7067 (PHP remote file inclusion vulnerability in admin/plugins/Online_Users/ ...) NOT-FOR-US: PageTree CMS CVE-2008-7066 (OpenForum 0.66 Beta allows remote attackers to bypass authentication a ...) NOT-FOR-US: OpenForum CVE-2008-7065 (Siemens C450 IP and C475 IP VoIP devices allow remote attackers to cau ...) NOT-FOR-US: Siemens C450 IP and C475 IP VoIP devices CVE-2008-7064 (Directory traversal vulnerability in the get_lang function in global.p ...) NOT-FOR-US: Quicksilver Forums CVE-2008-7063 (Ocean12 FAQ Manager Pro stores sensitive data under the web root with ...) NOT-FOR-US: Ocean12 FAQ Manager Pro CVE-2008-7062 (Unrestricted file upload vulnerability in admin/index.php in Download ...) NOT-FOR-US: Download Manager module 1.0 for LoveCMS CVE-2008-7061 (The tooltip manager (chrome/views/tooltip_manager.cc) in Google Chrome ...) - chromium-browser (Only 0.x is affected) - webkit (chrome-specific issue) CVE-2008-7060 (Multiple cross-site scripting (XSS) vulnerabilities in One-News Beta 2 ...) NOT-FOR-US: One-News CVE-2008-7059 (SQL injection vulnerability in index.php in One-News Beta 2 allows rem ...) NOT-FOR-US: One-News CVE-2008-7058 (Cross-site request forgery (CSRF) vulnerability in BandSite CMS 1.1.4 ...) NOT-FOR-US: BandSite CMS CVE-2008-7057 (Cross-site scripting (XSS) vulnerability in merchandise.php in BandSit ...) NOT-FOR-US: BandSite CMS CVE-2008-7056 (BandSite CMS 1.1.4 does not perform access control for adminpanel/phpm ...) NOT-FOR-US: BandSite CMS CVE-2008-7055 (module.php in ezContents 2.0.3 allows remote attackers to bypass the d ...) NOT-FOR-US: ezContents CVE-2008-7054 (Multiple directory traversal vulnerabilities in ezContents 2.0.3 allow ...) NOT-FOR-US: ezContents CVE-2008-7053 (LogMeIn Remote Access Utility ActiveX control (RACtrl.dll) allows remo ...) NOT-FOR-US: LogMeIn CVE-2008-7052 (Unrestricted file upload vulnerability in profile.php in Pre Projects ...) NOT-FOR-US: Pre Projects Pre Real Estate Listings CVE-2008-7051 (AJ Square AJ Article allows remote attackers to bypass authentication ...) NOT-FOR-US: AJ Square AJ Article CVE-2008-7050 (The password_check function in auth/auth_phpbb3.php in WoW Raid Manage ...) NOT-FOR-US: WoW Raid Manager CVE-2008-7049 (Multiple SQL injection vulnerabilities in login.asp in NatterChat 1.1 ...) NOT-FOR-US: NatterChat CVE-2008-7048 (Multiple cross-site scripting (XSS) vulnerabilities in NatterChat 1.12 ...) NOT-FOR-US: NatterChat CVE-2008-7047 (NatterChat 1.1 allows remote attackers to bypass authentication and ga ...) NOT-FOR-US: NatterChat CVE-2008-7046 (AJ Square Free Polling Script (AJPoll) allows remote attackers to bypa ...) NOT-FOR-US: AJ Square Free Polling Script CVE-2008-7045 (AJ Square Free Polling Script (AJPoll) Database version allows remote ...) NOT-FOR-US: AJ Square Free Polling Script CVE-2008-7044 (SQL injection vulnerability in admin/include/newpoll.php in AJ Square ...) NOT-FOR-US: AJ Square Free Polling Script CVE-2008-7043 (Cross-site scripting (XSS) vulnerability in register.php in FreshScrip ...) NOT-FOR-US: FreshScripts Fresh Email Script CVE-2008-7042 (PHP remote file inclusion vulnerability in url.php in FreshScripts Fre ...) NOT-FOR-US: FreshScripts Fresh Email Script CVE-2008-7041 (AJ Classifieds allows remote attackers to bypass authentication and ga ...) NOT-FOR-US: AJ Classifieds CVE-2008-7040 (SQL injection vulnerability in ahah/sf-profile.php in the Yellow Sword ...) NOT-FOR-US: Yellow Swordfish Simple Forum module for Wordpress CVE-2008-7039 (Cross-site scripting (XSS) vulnerability in admin/comments.php in Gela ...) NOT-FOR-US: Gelato CMS CVE-2008-7038 (SQL injection vulnerability in the My_eGallery module for PHP-Nuke all ...) NOT-FOR-US: My_eGallery module for PHP-Nuke CVE-2008-7037 (The Sidebar gadget in ITN News Gadget (aka ITN Hub Gadget) 1.06 for Wi ...) NOT-FOR-US: ITN News Gadget CVE-2008-7036 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in De ...) NOT-FOR-US: DevTracker module 3.0 for bcoos CVE-2008-7035 (Cross-site scripting (XSS) vulnerability in an unspecified component i ...) NOT-FOR-US: Simple Machines phpRaider CVE-2008-7034 (PHP remote file inclusion vulnerability in kernel/smarty/Smarty.class. ...) NOT-FOR-US: PHPEcho CMS CVE-2008-7033 (SQL injection vulnerability in the Simple Shop Galore (com_simpleshop) ...) NOT-FOR-US: component for Joomla! CVE-2008-7032 (Web Management Console Cross-site request forgery (CSRF) vulnerability ...) NOT-FOR-US: web management console in F5 BIG-IP CVE-2008-7031 (Heap-based buffer overflow in Foxit Remote Access Server (aka WAC Serv ...) NOT-FOR-US: Foxit Remote Access Server (aka WAC Server) CVE-2008-7030 (Multiple SQL injection vulnerabilities in Site2Nite Real Estate Web al ...) NOT-FOR-US: Site2Nite Real Estate Web CVE-2008-7029 (Unrestricted file upload vulnerability in usercp.php in AlilG Applicat ...) NOT-FOR-US: AlilG Application AliBoard CVE-2008-7028 (RPG.Board 0.8 Beta2 and earlier allows remote attackers to bypass auth ...) NOT-FOR-US: RPG.Board CVE-2008-7027 (Libra File Manager 1.18 and earlier allows remote attackers to bypass ...) NOT-FOR-US: Libra File Manager CVE-2008-7026 (Unrestricted file upload vulnerability in filesystem3.class.php in eFr ...) NOT-FOR-US: eFront CVE-2008-7025 (TrueVector in Check Point ZoneAlarm 8.0.020.000, with vsmon.exe runnin ...) NOT-FOR-US: Check Point ZoneAlarm CVE-2008-7024 (admin.php in Arz Development The Gemini Portal 4.7 and earlier allows ...) NOT-FOR-US: Arz Development The Gemini Portal CVE-2008-7023 (Aruba Mobility Controller running ArubaOS 3.3.1.16, and possibly other ...) NOT-FOR-US: ArubaOS CVE-2008-7022 (Insecure method vulnerability in ChilkatMail_v7_9.dll in the Chilkat S ...) NOT-FOR-US: Chilkat Software IMAP ActiveX control CVE-2008-7021 (Unrestricted file upload vulnerability in editlogo.php in AvailScript ...) NOT-FOR-US: AvailScript Jobs Portal Script CVE-2008-7020 (McAfee SafeBoot Device Encryption 4 build 4750 and earlier stores pre- ...) NOT-FOR-US: McAfee SafeBoot Device Encryption CVE-2008-7019 (Esqlanelapse 2.6.1 and 2.6.2 allows remote attackers to bypass authent ...) NOT-FOR-US: Esqlanelapse CVE-2008-7018 (Cross-site scripting (XSS) vulnerability in NashTech Easy PHP Calendar ...) NOT-FOR-US: NashTech Easy PHP Calendar CVE-2008-7017 (Cross-site scripting (XSS) vulnerability in analyse.php in CAcert 2008 ...) NOT-FOR-US: CAcert CVE-2008-7016 (tnftpd before 20080929 splits large command strings into multiple comm ...) NOT-FOR-US: tnftpd CVE-2008-7015 (Unreal engine 3, as used in Unreal Tournament 3 1.3, Frontlines: Fuel ...) NOT-FOR-US: Unreal Tournament CVE-2008-7014 (fhttpd 0.4.2 allows remote attackers to cause a denial of service (cra ...) NOT-FOR-US: fhttpd CVE-2008-7013 (NetService.dll in Baidu Hi IM allows remote servers to cause a denial ...) NOT-FOR-US: Baidu Hi IM CVE-2008-7012 (courier/1000@/api_error_email.html (aka "error reporting page") in Acc ...) NOT-FOR-US: Accellion File Transfer Appliance CVE-2008-7011 (The Unreal engine, as used in Unreal Tournament 3 1.3, Unreal Tourname ...) NOT-FOR-US: Unreal Tournament CVE-2008-7010 (Skalfa Software SkaLinks Exchange Script 1.5 allows remote attackers t ...) NOT-FOR-US: Skalfa Software SkaLinks Exchange Script CVE-2008-7009 (Buffer overflow in multiscan.exe in Check Point ZoneAlarm Security Sui ...) NOT-FOR-US: Check Point ZoneAlarm Security Suite CVE-2008-7008 (HyperStop Web Host Directory 1.2 allows remote attackers to bypass aut ...) NOT-FOR-US: HyperStop Web Host Directory CVE-2008-7007 (Free PHP VX Guestbook 1.06 allows remote attackers to bypass authentic ...) NOT-FOR-US: Free PHP VX Guestbook CVE-2008-7006 (Free PHP VX Guestbook 1.06 allows remote attackers to bypass authentic ...) NOT-FOR-US: Free PHP VX Guestbook CVE-2008-7005 (include/modules/top/1-random_quote.php in Minb Is Not a Blog (minb) 0. ...) NOT-FOR-US: Minb Is Not a Blog CVE-2008-7004 (Buffer overflow in Electronic Logbook (ELOG) before 2.7.1 has unknown ...) NOT-FOR-US: Electronic Logbook CVE-2008-7003 (Multiple SQL injection vulnerabilities in login.php in The Rat CMS Alp ...) NOT-FOR-US: The Rat CMS CVE-2008-7002 (PHP 5.2.5 does not enforce (a) open_basedir and (b) safe_mode_exec_dir ...) - php5 (unimportant) NOTE: safe-mode and basedir violations not treated as security issues CVE-2008-7001 (Unrestricted file upload vulnerability in the file manager in Creative ...) NOT-FOR-US: Creative Mind Creator CMS CVE-2008-7000 (PHP remote file inclusion vulnerability in index.php in PHPAuction 3.2 ...) NOT-FOR-US: phpAuction CVE-2008-6999 (phpAuction 3.2, and possibly 3.3.0 GPL Basic edition, allows remote at ...) NOT-FOR-US: phpAuction CVE-2008-6998 (Stack-based buffer overflow in chrome/common/gfx/url_elider.cc in Goog ...) - chromium-browser (Only 0.x is affected) - webkit (chrome-specific issue) CVE-2008-6997 (Google Chrome 0.2.149.27 allows user-assisted remote attackers to caus ...) - chromium-browser (Only 0.x is affected) - webkit (chrome-specific issue) CVE-2008-6996 (Google Chrome BETA (0.2.149.27) does not prompt the user before saving ...) - chromium-browser (Only 0.x is affected) - webkit (chrome-specific issue) CVE-2008-6995 (Integer underflow in net/base/escape.cc in chrome.dll in Google Chrome ...) - chromium-browser (Only 0.x is affected) - webkit (chrome-specific issue) CVE-2008-6994 (Stack-based buffer overflow in the SaveAs feature (SaveFileAsWithFilte ...) - chromium-browser (Only 0.x is affected) - webkit (chrome-specific issue) CVE-2008-6993 (Siemens Gigaset WLAN Camera 1.27 has an insecure default password, whi ...) NOT-FOR-US: Siemens Gigaset WLAN Camera CVE-2008-6992 (GreenSQL Firewall (greensql-fw), possibly before 0.9.2 or 0.9.4, allow ...) NOT-FOR-US: GreenSQL Firewall CVE-2008-6991 (SQL injection vulnerability in public/page.php in Websens CMSbright al ...) NOT-FOR-US: CMSbright CVE-2008-6990 (SQL injection vulnerability in gallery.php in Easy Photo Gallery (aka ...) NOT-FOR-US: Easy Photo Gallery CVE-2008-6989 (SQL injection vulnerability in gallery.php in Easy Photo Gallery (aka ...) NOT-FOR-US: Easy Photo Gallery CVE-2008-6988 (Multiple cross-site scripting (XSS) vulnerabilities in Easy Photo Gall ...) NOT-FOR-US: Easy Photo Gallery CVE-2008-6987 (Unrestricted file upload vulnerability in eZoneScripts Dating Website ...) NOT-FOR-US: eZoneScripts Dating Website script CVE-2008-6986 (SQL injection vulnerability in the actionMultipleAddProduct function i ...) NOT-FOR-US: Zen Cart CVE-2008-6985 (Multiple SQL injection vulnerabilities in includes/classes/shopping_ca ...) NOT-FOR-US: Zen Cart CVE-2008-6984 (Plesk 8.6.0, when short mail login names (SHORTNAMES) are enabled, all ...) NOT-FOR-US: Plesk CVE-2008-6983 (modules/tool/hitcounter.php in devalcms 1.4a allows remote attackers t ...) NOT-FOR-US: devalcms CVE-2008-6982 (Cross-site scripting (XSS) vulnerability in index.php in devalcms 1.4a ...) NOT-FOR-US: devalcms CVE-2008-6981 (index.php in phpAdultSite CMS, possibly 2.3.2, allows remote attackers ...) NOT-FOR-US: phpAdultSite CMS CVE-2008-6980 (SQL injection vulnerability in as_archives.php in phpAdultSite CMS, po ...) NOT-FOR-US: phpAdultSite CMS CVE-2008-6979 (Cross-site scripting (XSS) vulnerability in as_archives.php in phpAdul ...) NOT-FOR-US: phpAdultSite CMS CVE-2008-6978 (Unrestricted file upload vulnerability in Full Revolution aspWebAlbum ...) NOT-FOR-US: aspWebAlbum CVE-2008-6977 (Cross-site scripting (XSS) vulnerability in album.asp in Full Revoluti ...) NOT-FOR-US: aspWebAlbum CVE-2008-6976 (MikroTik RouterOS 3.x through 3.13 and 2.x through 2.9.51 allows remot ...) NOT-FOR-US: MicroTik RouterOS CVE-2008-6975 (Multiple cross-site request forgery (CSRF) vulnerabilities in apply.cg ...) NOT-FOR-US: DD-WRT CVE-2008-6974 (Multiple cross-site request forgery (CSRF) vulnerabilities in apply.cg ...) NOT-FOR-US: DD-WRT CVE-2008-6973 (Multiple unspecified vulnerabilities in IBM WebSphere Commerce 6.0 bef ...) NOT-FOR-US: IBM WebSphere CVE-2008-6961 (mailnews in Mozilla Thunderbird before 2.0.0.18 and SeaMonkey before 1 ...) - icedove 2.0.0.19-1 - iceape 1.1.14-1 [etch] - iceape (Etch Packages no longer covered by security support) CVE-2008-6972 (Multiple cross-site scripting (XSS) vulnerabilities in Drupal Content ...) NOT-FOR-US: Drupal Content Construction Kit (third-party module) CVE-2008-6971 (The password reset functionality in Simple Machines Forum (SMF) 1.0.x ...) NOT-FOR-US: Simple Machines Forum CVE-2008-6970 (SQL injection vulnerability in dosearch.inc.php in UBB.threads 7.3.1 a ...) NOT-FOR-US: UBB.threads CVE-2008-6969 (Multiple cross-site scripting (XSS) vulnerabilities in checkout.php in ...) NOT-FOR-US: Avactis Shopping Cart CVE-2008-6968 (Multiple SQL injection vulnerabilities in submit.php in Pligg CMS 9.9. ...) NOT-FOR-US: Pligg CMS CVE-2008-6967 (Multiple unspecified vulnerabilities in WorldClient in Alt-N MDaemon b ...) NOT-FOR-US: Alt-N MDaemon CVE-2008-6966 (AJ Square AJ Auction Pro Platinum Skin #1 sends a redirect but does no ...) NOT-FOR-US: AJ Square AJ Auction Pro Platinum Skin #1 CVE-2008-6965 (AJ Square AJ Auction OOPD, Pro Platinum Skin #1, Pro Platinum Skin #2, ...) NOT-FOR-US: AJ Square AJ Auction OOPD CVE-2008-6964 (SQL injection vulnerability in the login page in X7 Chat 2.0.5 allows ...) NOT-FOR-US: X7 Chat CVE-2008-6963 (admin.php in TurnkeyForms Text Link Sales allows remote attackers to b ...) NOT-FOR-US: TurnkeyForms Text Link Sales CVE-2008-6962 (Avira AntiVir Premium, Premium Security Suite, AntiVir Professional, a ...) NOT-FOR-US: Avira AntiVir Premium CVE-2008-6960 (download.php in X10media x10 Automatic Mp3 Search Engine Script 1.5.5 ...) NOT-FOR-US: X10media CVE-2008-6959 (Insecure method vulnerability in the Chilkat Socket ActiveX control (C ...) NOT-FOR-US: ActiveX CVE-2008-6958 (wap/index.php in Crossday Discuz! Board 6.x and 7.x allows remote auth ...) NOT-FOR-US: Crossday Discuz! Board CVE-2008-6957 (member.php in Crossday Discuz! Board allows remote attackers to reset ...) NOT-FOR-US: Crossday Discuz! Board CVE-2008-6956 (Static code injection vulnerability in admin/admin.php in mxCamArchive ...) NOT-FOR-US: mxCamArchive CVE-2008-6955 (mxCamArchive 2.2 stores sensitive information under the web root with ...) NOT-FOR-US: mxCamArchive CVE-2008-6954 (The web interface (CobblerWeb) in Cobbler before 1.2.9 allows remote a ...) - cobbler (Fixed before initial upload) CVE-2008-6953 (Buffer overflow in oovoo.exe in ooVoo 1.7.1.35, and possibly other ver ...) NOT-FOR-US: ooVoo CVE-2008-6952 (SQL injection vulnerability in Rss.php in MauryCMS 0.53.2 and earlier ...) NOT-FOR-US: MauryCMS CVE-2008-6951 (MauryCMS 0.53.2 and earlier does not require administrative authentica ...) NOT-FOR-US: MauryCMS CVE-2008-6950 (Multiple SQL injection vulnerabilities in login.asp in Bankoi WebHosti ...) NOT-FOR-US: Bankoi WebHosting Control Panel CVE-2008-6949 (Multiple cross-site request forgery (CSRF) vulnerabilities in Collabti ...) NOT-FOR-US: Collabtive CVE-2008-6948 (Unrestricted file upload vulnerability in Collabtive 0.4.8 allows remo ...) NOT-FOR-US: Collabtive CVE-2008-6947 (Collabtive 0.4.8 allows remote attackers to bypass authentication and ...) NOT-FOR-US: Collabtive CVE-2008-6946 (Cross-site scripting (XSS) vulnerability in manageproject.php in Colla ...) NOT-FOR-US: Collabtive CVE-2008-6945 (Multiple cross-site scripting (XSS) vulnerabilities in Interchange 5.7 ...) - interchange 5.6.1-1 (low; bug #505732) CVE-2008-6944 (Unrestricted file upload vulnerability in ScriptsFeed Auto Classifieds ...) NOT-FOR-US: ScriptsFeed Auto Classifieds CVE-2008-6943 (Unrestricted file upload vulnerability in ScriptsFeed Recipes Listing ...) NOT-FOR-US: ScriptsFeed Recipes Listing Portal CVE-2008-6942 (Unrestricted file upload vulnerability in ScriptsFeed Realtor Classifi ...) NOT-FOR-US: ScriptsFeed Realtor Classifieds System CVE-2008-6941 (SQL injection vulnerability in the login functionality in TurnkeyForms ...) NOT-FOR-US: TurnkeyForms Web Hosting Directory CVE-2008-6940 (TurnkeyForms Web Hosting Directory stores sensitive information under ...) NOT-FOR-US: TurnkeyForms Web Hosting Directory CVE-2008-6939 (TurnkeyForms Web Hosting Directory allows remote attackers to bypass a ...) NOT-FOR-US: TurnkeyForms Web Hosting Directory CVE-2008-6938 (Pi3Web 2.0.3 before PL2, when installed on Windows as a desktop applic ...) NOT-FOR-US: Pi3Web CVE-2008-6937 (Argument injection vulnerability in Exodus 0.10 allows remote attacker ...) NOT-FOR-US: Exodus CVE-2008-6936 (Argument injection vulnerability in Exodus 0.10 allows remote attacker ...) NOT-FOR-US: Exodus CVE-2008-6935 (Argument injection vulnerability in Exodus 0.10 allows remote attacker ...) NOT-FOR-US: Exodus CVE-2008-6934 (Static code injection vulnerability in Sanus|artificium (aka Sanusart) ...) NOT-FOR-US: Sanus|artificium (aka Sanusart) CVE-2008-6933 (Directory traversal vulnerability in index.php in MiniGal b13 (aka MG2 ...) NOT-FOR-US: MiniGal CVE-2008-6932 (Unrestricted file upload vulnerability in submit_file.php in AlstraSof ...) NOT-FOR-US: AlstraSoft SendIt Pro CVE-2008-6931 (Unrestricted file upload vulnerability in PHPStore Job Search (aka PHP ...) NOT-FOR-US: PHPStore Job Search (aka PHPCareers) CVE-2008-6930 (Unrestricted file upload vulnerability in PHPStore Real Estate allows ...) NOT-FOR-US: PHPStore Real Estate CVE-2008-6929 (Unrestricted file upload vulnerability in PHPStore Auto Classifieds al ...) NOT-FOR-US: PHPStore Auto Classifieds CVE-2008-6928 (Unrestricted file upload vulnerability in PHPStore Complete Classified ...) NOT-FOR-US: PHPStore Complete Classifieds CVE-2008-6927 (Multiple cross-site scripting (XSS) vulnerabilities in autoinstall4ima ...) NOT-FOR-US: cPanel CVE-2008-6926 (Directory traversal vulnerability in autoinstall4imagesgalleryupgrade. ...) NOT-FOR-US: cPanel CVE-2008-6925 (Cross-site scripting (XSS) vulnerability in function.php in Zenphoto 1 ...) NOT-FOR-US: Zenphoto CVE-2008-6924 (Multiple cross-site scripting (XSS) vulnerabilities in register.php in ...) NOT-FOR-US: eSyndiCat Directory CVE-2008-6923 (SQL injection vulnerability in the content component (com_content) 1.0 ...) NOT-FOR-US: Joomla! CVE-2008-6922 (Multiple stack-based buffer overflows in CMailCOM.dll in CMailServer 5 ...) NOT-FOR-US: CMailServer CVE-2008-6921 (Unrestricted file upload vulnerability in index.php in phpAdBoard 1.8 ...) NOT-FOR-US: phpAdBoard CVE-2008-6920 (Unrestricted file upload vulnerability in auth.php in phpEmployment 1. ...) NOT-FOR-US: phpEmployment CVE-2008-6919 (profileedit.php TaskDriver 1.3 and earlier allows remote attackers to ...) NOT-FOR-US: TaskDriver 1.3 CVE-2008-6918 (Unrestricted file upload vulnerability in admin/galeria.php in ThePort ...) NOT-FOR-US: ThePortal2 CVE-2008-7291 (gri before 2.12.18 generates temporary files in an insecure way. ...) - gri 2.12.18-1 (low) [etch] - gri (Minor issue) [lenny] - gri (Minor issue) CVE-2008-6917 (SQL injection vulnerability in admin.php in Exocrew ExoPHPDesk 1.2 Fin ...) NOT-FOR-US: ExoPHPDesk CVE-2008-6916 (Siemens SpeedStream 5200 with NetPort Software 1.1 allows remote attac ...) NOT-FOR-US: Siemens SpeedStream 5200 CVE-2008-6915 (Cross-site scripting (XSS) vulnerability in view_prop_details.php in Z ...) NOT-FOR-US: Zeeways ZEEPROPERTY CVE-2008-6914 (Unrestricted file upload vulnerability in viewprofile.php in Zeeways Z ...) NOT-FOR-US: Zeeways ZEEPROPERTY CVE-2008-6913 (Unrestricted file upload vulnerability in editresume_next.php in Zeewa ...) NOT-FOR-US: Zeeways ZEEPROPERTY CVE-2008-6912 (Zeeways SHAADICLONE 2.0 allows remote attackers to bypass authenticati ...) NOT-FOR-US: Zeeways SHAADICLONE CVE-2008-6911 (SQL injection vulnerability in the authenticateUser function in includ ...) NOT-FOR-US: BrewBlogger CVE-2008-6910 (Services 5.x before 5.x-0.92 and 6.x before 6.x-0.13, a module for Dru ...) NOT-FOR-US: module for Drupal CVE-2008-6909 (Services 5.x before 5.x-0.92 and 6.x before 6.x-0.13, a module for Dru ...) NOT-FOR-US: module for Drupal CVE-2008-6908 (Services 5.x before 5.x-0.92 and 6.x before 6.x-0.13, a module for Dru ...) NOT-FOR-US: module for Drupal CVE-2008-6907 (Multiple SQL injection vulnerabilities in checkuser.php in 2532designs ...) NOT-FOR-US: 2532designs 2532|Gigs CVE-2008-6906 (Cross-site scripting (XSS) vulnerability in index.php in BabbleBoard 1 ...) NOT-FOR-US: BabbleBoard CVE-2008-6905 (Cross-site request forgery (CSRF) vulnerability in index.php in Babble ...) NOT-FOR-US: BabbleBoard CVE-2008-6904 (Multiple unspecified vulnerabilities in Sophos SAVScan 4.33.0 for Linu ...) NOT-FOR-US: Sophos SAVScan CVE-2008-6903 (Sophos Anti-Virus for Windows before 7.6.3, Anti-Virus for Windows NT/ ...) NOT-FOR-US: Sophos SAVScan CVE-2008-6902 (Unrestricted file upload vulnerability in upload_flyer.php in 2532desi ...) NOT-FOR-US: 2532designs CVE-2008-6901 (Multiple directory traversal vulnerabilities in 2532designs 2532|Gigs ...) NOT-FOR-US: 2532designs CVE-2008-6900 (Unrestricted file upload vulnerability in "Add Pen/Author Name" featur ...) NOT-FOR-US: AvailScript Article Script CVE-2008-6899 (Multiple buffer overflows in freeSSHd 1.2.1 allow remote authenticated ...) NOT-FOR-US: freeSSHd CVE-2008-6898 (Buffer overflow in the XHTTP Module 4.1.0.0 in the ActiveX control for ...) NOT-FOR-US: ActiveX control CVE-2008-6897 (Multiple buffer overflows in Getleft.exe in Andres Garcia Getleft 1.2 ...) NOT-FOR-US: Andres Garcia Getleft CVE-2008-6896 (login.php in 3CX Phone System 6.0.806.0, when 100% disk capacity is re ...) NOT-FOR-US: 3CX Phone System CVE-2008-6895 (3CX Phone System 6.0.806.0 allows remote attackers to cause a denial o ...) NOT-FOR-US: 3CX Phone System CVE-2008-6894 (Multiple cross-site scripting (XSS) vulnerabilities in login.php in 3C ...) NOT-FOR-US: 3CX Phone System CVE-2008-6893 (Cross-site scripting (XSS) vulnerability in Alt-N MDaemon WorldClient ...) NOT-FOR-US: MDaemon WorldClient CVE-2008-6892 (SQL injection vulnerability in lire/index.php in Peel 3.1 allows remot ...) NOT-FOR-US: Peel CVE-2008-6891 (Multiple cross-site scripting (XSS) vulnerabilities in ASP Forum Scrip ...) NOT-FOR-US: ASP Forum Script CVE-2008-6890 (SQL injection vulnerability in messages.asp in ASP Forum Script allows ...) NOT-FOR-US: ASP Forum Script CVE-2008-6889 (SQL injection vulnerability in Merchantsadd.asp in ASPReferral 5.3 all ...) NOT-FOR-US: ASPReferral CVE-2008-6888 (Cross-site scripting (XSS) vulnerability in signup.asp in Pre Classifi ...) NOT-FOR-US: Pre Classified Listings CVE-2008-6887 (SQL injection vulnerability in detailad.asp in Pre Classified Listings ...) NOT-FOR-US: Pre Classified Listings CVE-2008-6886 (RSA EnVision 3.5.0, 3.5.1, 3.5.2, and 3.7.0 does not properly restrict ...) NOT-FOR-US: RSA EnVision CVE-2008-6885 (Cross-site scripting (XSS) vulnerability in pmlite.php in XOOPS 2.3.1 ...) NOT-FOR-US: XOOPS CVE-2008-6884 (Multiple directory traversal vulnerabilities in XOOPS 2.3.1, when regi ...) NOT-FOR-US: XOOPS CVE-2008-6883 (SQL injection vulnerability in the Live Chat (com_livechat) component ...) NOT-FOR-US: Joomla! CVE-2008-6882 (Live Chat (com_livechat) component 1.0 for Joomla! allows remote attac ...) NOT-FOR-US: Joomla! CVE-2008-6881 (Multiple SQL injection vulnerabilities in the Live Chat (com_livechat) ...) NOT-FOR-US: Joomla! CVE-2008-6880 (SQL injection vulnerability in joke.php in EasySiteNetwork Free Jokes ...) NOT-FOR-US: EasySiteNetwork Free Jokes Website CVE-2008-6879 (Cross-site scripting (XSS) vulnerability in Apache Roller 2.3, 3.0, 3. ...) NOT-FOR-US: Apache Roller CVE-2008-6878 (** DISPUTED ** Directory traversal vulnerability in admin/includes/lan ...) NOT-FOR-US: Zen Cart CVE-2008-6877 NOT-FOR-US: Zen Cart CVE-2008-6876 (Cross-site scripting (XSS) vulnerability in login.php in EsPartenaires ...) NOT-FOR-US: EsPartenaires CVE-2008-6875 (SQL injection vulnerability in default.asp in ASP Product Catalog allo ...) NOT-FOR-US: ASP Product Catalog CVE-2008-6874 (Multiple SQL injection vulnerabilities in ASP SiteWare autoDealer 1 an ...) NOT-FOR-US: ASP SiteWare autoDealer CVE-2008-6873 (SQL injection vulnerability in Active Web Mail 4.0 allows remote attac ...) NOT-FOR-US: Active Web Mail 4.0 CVE-2008-6872 (ASPThai.NET ASPThai Forums 8.5 stores sensitive information under the ...) NOT-FOR-US: ASPThai.NET ASPThai Forums CVE-2008-6871 (Merlix Educate Server stores db.mdb under the web root with insufficie ...) NOT-FOR-US: Merlix Educate Server CVE-2008-6870 (Merlix Educate Server allows remote attackers to bypass intended secur ...) NOT-FOR-US: Merlix Educate Server CVE-2008-6869 (Oramon Oracle Database Monitoring Tool 2.0.1 stores sensitive informat ...) NOT-FOR-US: Oramon Oracle Database Monitoring Tool CVE-2008-6868 (Cross-site scripting (XSS) vulnerability in default/login.php in Edite ...) NOT-FOR-US: EsBaseAdmin CVE-2008-6867 (SQL injection vulnerability in content.php in Scripts For Sites (SFS) ...) NOT-FOR-US: Scripts For Sites CVE-2008-6866 (SQL injection vulnerability in modules.php in the Current_Issue module ...) NOT-FOR-US: PHP-Nuke CVE-2008-6865 (SQL injection vulnerability in modules.php in the Sectionsnew module f ...) NOT-FOR-US: PHP-Nuke CVE-2008-6864 (Xigla Software Absolute Live Support .NET 5.1 allows remote attackers ...) NOT-FOR-US: Xigla Software Absolute Live Support .NET CVE-2008-6863 (Xigla Software Absolute Form Processor .NET 4.0 allows remote attacker ...) NOT-FOR-US: Xigla Software CVE-2008-6862 (Absolute Content Rotator 6.0 allows remote attackers to bypass authent ...) NOT-FOR-US: Absolute Content Rotator CVE-2008-6861 (Xigla Software Absolute Newsletter 6.0 and 6.1 allows remote attackers ...) NOT-FOR-US: Xigla Software Absolute Newsletter CVE-2008-6860 (Xigla Software Absolute Poll Manager XE 4.1 allows remote attackers to ...) NOT-FOR-US: Xigla Software Absolute Poll Manager CVE-2008-6859 (Xigla Software Absolute Control Panel XE 1.5 allows remote attackers t ...) NOT-FOR-US: Xigla Software Absolute Control Panel CVE-2008-6858 (Absolute Banner Manager .NET 4.0 allows remote attackers to bypass aut ...) NOT-FOR-US: Absolute Banner Manager .NET CVE-2008-6857 (Absolute Podcast .NET 1.0 allows remote attackers to bypass authentica ...) NOT-FOR-US: Absolute Podcast .NET CVE-2008-6856 (Xigla Software Absolute News Manager.NET 5.1 allows remote attackers t ...) NOT-FOR-US: Xigla Software Absolute News Manager.NET CVE-2008-6855 (Xigla Software Absolute News Feed 1.0 and possibly 1.5 allows remote a ...) NOT-FOR-US: Xigla Software Absolute News Feed CVE-2008-6854 (Xigla Software Absolute FAQ Manager.NET 6.0 allows remote attackers to ...) NOT-FOR-US: Xigla Software Absolute FAQ Manager.NET CVE-2008-6853 (SQL injection vulnerability in modules/poll/index.php in AIST NetCat 3 ...) NOT-FOR-US: AIST NetCat CVE-2008-6852 (SQL injection vulnerability in the Ice Gallery (com_ice) component 0.5 ...) NOT-FOR-US: Joomla! component CVE-2008-6851 (SQL injection vulnerability in page.php in PHP Link Directory (phpLD) ...) NOT-FOR-US: PHP Link Directory CVE-2008-6850 (Cross-site scripting (XSS) vulnerability in messages.php in PHP-Fusion ...) NOT-FOR-US: PHP-Fusion CVE-2008-6849 (Unrestricted file upload vulnerability in index.php in phpGreetCards 3 ...) NOT-FOR-US: phpGreetCards CVE-2008-6848 (Cross-site scripting (XSS) vulnerability in index.php in phpGreetCards ...) NOT-FOR-US: phpGreetCards CVE-2008-6847 (Cross-site scripting (XSS) vulnerability in Employee/emp_login.asp in ...) NOT-FOR-US: Pre ASP Job Board CVE-2008-6846 (Multiple stack-based buffer overflows in avast! Linux Home Edition 1.0 ...) NOT-FOR-US: avast! Linux Home Edition CVE-2008-6845 (The unpack feature in ClamAV 0.93.3 and earlier allows remote attacker ...) - clamav 0.94.dfsg-1 [etch] - clamav (Support was discontinued) CVE-2008-6844 (The registration view (/user/register) in eZ Publish 3.5.6 and earlier ...) NOT-FOR-US: eZ Publish CVE-2008-6843 (Directory traversal vulnerability in index.php in Fantastico, as used ...) NOT-FOR-US: Fantastico CVE-2008-6842 (Directory traversal vulnerability in data/modules/blog/module_pages_si ...) NOT-FOR-US: Pluck CVE-2008-6841 (PHP remote file inclusion vulnerability in the Green Mountain Informat ...) NOT-FOR-US: component for Joomla! CVE-2008-6840 (Multiple PHP remote file inclusion vulnerabilities in V-webmail 1.6.4 ...) NOT-FOR-US: V-webmail CVE-2008-6839 (Multiple cross-site scripting (XSS) vulnerabilities in TGS Content Man ...) NOT-FOR-US: TGS Content Management CVE-2008-6838 (Cross-site scripting (XSS) vulnerability in search.php in Zoph 0.7.2.1 ...) - zoph 0.8.0.1-1 (low; bug #535188) [lenny] - zoph (Minor issue, fringe package) NOTE: it seems a duplicate of CVE-2008-3258 CVE-2008-6837 (SQL injection vulnerability in Zoph 0.7.2.1 allows remote attackers to ...) - zoph 0.8.0.1-1 (bug #535188) [lenny] - zoph (Minor issue, fringe package) NOTE: the details are unknown CVE-2008-6836 (Cross-site request forgery (CSRF) vulnerability in OpenID 5.x before 5 ...) NOT-FOR-US: OpenID module for Drupal CVE-2008-6835 (Cross-site scripting (XSS) vulnerability in OpenID 5.x before 5.x-1.2, ...) NOT-FOR-US: OpenID module for Drupal CVE-2008-6834 (Multiple directory traversal vulnerabilities in fuzzylime (cms) 3.01 a ...) NOT-FOR-US: fuzzylime CVE-2008-6833 (Directory traversal vulnerability in commsrss.php in fuzzylime (cms) b ...) NOT-FOR-US: fuzzylime CVE-2008-6832 (Cross-site request forgery (CSRF) vulnerability in Atlassian JIRA Ente ...) NOT-FOR-US: Atlassian JIRA Enterprise Edition CVE-2008-6831 (Multiple cross-site scripting (XSS) vulnerabilities in Atlassian JIRA ...) NOT-FOR-US: Atlassian JIRA Enterprise Edition CVE-2008-6830 (The disconnection feature in Citrix Web Interface 5.0 and 5.0.1 for Ja ...) NOT-FOR-US: Java Application Servers CVE-2008-6829 (VicFTPS 5.0 allows remote attackers to cause a denial of service (cras ...) NOT-FOR-US: VicFTPS CVE-2008-6828 (Symantec Altiris Deployment Solution 6.x before 6.9.355 SP1 stores the ...) NOT-FOR-US: Symantec Altiris Deployment Solution CVE-2008-6827 (The ListView control in the Client GUI (AClient.exe) in Symantec Altir ...) NOT-FOR-US: Symantec Altiris Deployment Solution CVE-2008-6826 (dhtml.pl in MHF Media Pro allows remote attackers to execute arbitrary ...) NOT-FOR-US: MHF Media Pro CVE-2008-6825 (Directory traversal vulnerability in user/index.php in Fonality trixbo ...) NOT-FOR-US: trixbox CVE-2008-6824 (The management interface on the A-LINK WL54AP3 and WL54AP2 access poin ...) NOT-FOR-US: A-LINK WL54AP3 and WL54AP2 access points CVE-2008-6823 (Multiple cross-site request forgery (CSRF) vulnerabilities in the mana ...) NOT-FOR-US: A-LINK WL54AP3 and WL54AP2 access points CVE-2008-6822 (Unrestricted file upload vulnerability in uploadp.php in New Earth Pro ...) NOT-FOR-US: NEPT Image Uploader CVE-2008-6821 (Buffer overflow in the DAS server in IBM DB2 8 before FP17, 9.1 before ...) NOT-FOR-US: IBM DB2 CVE-2008-6820 (The db2fmp process in IBM DB2 8 before FP17, 9.1 before FP5, and 9.5 b ...) NOT-FOR-US: IBM DB2 CVE-2008-6819 (win32k.sys in Microsoft Windows Server 2003 and Vista allows local use ...) NOT-FOR-US: Microsoft Windows Server 2003 and Vista CVE-2008-6818 (Mole Group Real Estate Script 1.1 and earlier stores passwords in clea ...) NOT-FOR-US: Mole Group Real Estate Script CVE-2008-6817 (Mole Group Lastminute Script 4.0 and earlier stores passwords in clear ...) NOT-FOR-US: Mole Group Lastminute Script CVE-2008-6816 (Eaton MGEOPS Network Shutdown Module before 3.10 Build 13 allows remot ...) NOT-FOR-US: Eaton CVE-2008-6815 (mykdownload.php in MyKtools 2.4 does not require administrative authen ...) NOT-FOR-US: MyKtools CVE-2008-6814 (Unrestricted file upload vulnerability in image_upload.php in the Simp ...) NOT-FOR-US: SimpleBoard for Mambo CVE-2008-6813 (SQL injection vulnerability in index.php in phpWebNews 0.2 MySQL Editi ...) NOT-FOR-US: phpWebNews CVE-2008-6812 (SQL injection vulnerability in bukutamu.php in phpWebNews 0.2 MySQL Ed ...) NOT-FOR-US: phpWebNews CVE-2008-6811 (Unrestricted file upload vulnerability in image_processing.php in the ...) NOT-FOR-US: e-Commerce Plugin for Wordpress CVE-2008-6810 (Multiple SQL injection vulnerabilities in admin/checklogin.php in Vena ...) NOT-FOR-US: Venalsur Booking center Booking System CVE-2008-6809 (SQL injection vulnerability in hotel_habitaciones.php in Venalsur Book ...) NOT-FOR-US: Venalsur Booking center Booking System CVE-2008-6808 (SQL injection vulnerability in links.php in Scripts for Sites (SFS) EZ ...) NOT-FOR-US: SFS Link Directory CVE-2008-6807 (PHP remote file inclusion vulnerability in ListRecords.php in osprey 1 ...) NOT-FOR-US: osprey CVE-2008-6806 (Unrestricted file upload vulnerability in includes/imageupload.php in ...) NOT-FOR-US: 7Shop CVE-2008-6805 (Multiple SQL injection vulnerabilities in Mic_Blog 0.0.3, when magic_q ...) NOT-FOR-US: Mic_Blog CVE-2008-6804 (** DISPUTED ** Tribiq CMS 5.0.9a beta allows remote attackers to bypas ...) NOT-FOR-US: Tribiq CMS Community CVE-2008-6803 (SQL injection vulnerability in diziler.asp in Yigit Aybuga Dizi Portal ...) NOT-FOR-US: Yigit Aybuga Dizi Portali CVE-2008-6802 (Multiple SQL injection vulnerabilities in index.php in phPhotoGallery ...) NOT-FOR-US: phPhotoGallery CVE-2008-6801 (Cross-site request forgery (CSRF) vulnerability in Vivvo CMS before 4. ...) NOT-FOR-US: Vivvo CMS CVE-2008-6800 REJECTED CVE-2008-6799 (connection.php in FlashChat 5.0.8 allows remote attackers to bypass th ...) NOT-FOR-US: FlashChat CVE-2008-6798 (Multiple SQL injection vulnerabilities in login.php in Pre Projects Pr ...) NOT-FOR-US: Pre Real Estate Listings CVE-2008-6797 (The server in Mitel NuPoint Messenger R11 and R3 sends usernames and p ...) NOT-FOR-US: Mitel NuPoint Messenger CVE-2008-6796 (SQL injection vulnerability in manager/login.php in Pre Projects Pre R ...) NOT-FOR-US: Pre Real Estate Listings CVE-2008-6795 (SQL injection vulnerability in view_news.php in nicLOR Vibro-School-CM ...) NOT-FOR-US: nicLOR Vibro-School-CMS CVE-2008-6794 (SQL injection vulnerability in directory.php in Scripts For Sites (SFS ...) NOT-FOR-US: Scripts For Sites (SFS) CVE-2008-6793 (The get_file_type function in lib/file_content.php in DFLabs PTK 0.1, ...) NOT-FOR-US: DFLabs CVE-2008-6792 (system-tools-backends before 2.6.0-1ubuntu1.1 in Ubuntu 8.10, as used ...) - system-tools-backends 2.6.0-6.1 (low; bug #527952) [lenny] - system-tools-backends 2.6.0-2lenny3 [etch] - system-tools-backends (SHA was added to crypt(3) post-etch) CVE-2008-6791 (PumpKIN TFTP Server 2.7.2.0 allows remote attackers to cause a denial ...) NOT-FOR-US: PumpKIN TFTP Server CVE-2008-6790 (The admin module in MindDezign Photo Gallery 2.2 allows remote attacke ...) NOT-FOR-US: MindDezign Photo Gallery CVE-2008-6789 (SQL injection vulnerability in MindDezign Photo Gallery 2.2 allows rem ...) NOT-FOR-US: MindDezign Photo Gallery CVE-2008-6788 (SQL injection vulnerability in MindDezign Photo Gallery 2.2, when magi ...) NOT-FOR-US: MindDezign Photo Gallery CVE-2008-6787 (SQL injection vulnerability in administrator/index.php in Lizardware C ...) NOT-FOR-US: Lizardware CMS CVE-2008-6786 (Multiple directory traversal vulnerabilities in geekigeeki.py in Geeki ...) NOT-FOR-US: GeekiGeeki CVE-2008-6785 (Unrestricted file upload vulnerability in Mini File Host 1.5 allows re ...) NOT-FOR-US: Mini File Host CVE-2008-6784 (SQL injection vulnerability in directory.php in Scripts For Sites (SFS ...) NOT-FOR-US: EZ Adult Directory CVE-2008-6783 (SQL injection vulnerability in directory.php in Sites for Scripts (SFS ...) NOT-FOR-US: EZ Home Business Directory CVE-2008-6782 (SQL injection vulnerability in directory.php in Sites for Scripts (SFS ...) NOT-FOR-US: EZ Hosting Directory CVE-2008-6781 (SQL injection vulnerability in directory.php in Sites for Scripts (SFS ...) NOT-FOR-US: Gaming Directory CVE-2008-6780 (SQL injection vulnerability in directory.php in Scripts for Sites (SFS ...) NOT-FOR-US: EZ Affiliate CVE-2008-6779 (SQL injection vulnerability in the Sarkilar module for PHP-Nuke allows ...) NOT-FOR-US: PHP-Nuke CVE-2008-6778 (SQL injection vulnerability in viewfaqs.php in Scripts for Sites (SFS) ...) NOT-FOR-US: EZ Auction CVE-2008-6777 (Multiple SQL injection vulnerabilities in MyPHP Forum 3.0 and earlier ...) NOT-FOR-US: MyPHP Forum CVE-2008-6776 (SQL injection vulnerability in viewcomments.php in Scripts For Sites ( ...) NOT-FOR-US: EZ Hot or Not CVE-2008-6775 (HTC Touch Pro and HTC Touch Cruise vCard allows remote attackers to ca ...) NOT-FOR-US: HTC Touch CVE-2008-6774 (internettoolbar/edit.php in YourPlace 1.0.2 and earlier does not end e ...) NOT-FOR-US: YourPlace CVE-2008-6773 (Static code injection vulnerability in user/internettoolbar/edit.php i ...) NOT-FOR-US: YourPlace CVE-2008-6772 (login/register_form.php in YourPlace 1.0.2 and earlier does not check ...) NOT-FOR-US: YourPlace CVE-2008-6771 (YourPlace 1.0.2 and earlier allows remote attackers to obtain sensitiv ...) NOT-FOR-US: YourPlace CVE-2008-6770 (YourPlace 1.0.2 and earlier stores sensitive information under the web ...) NOT-FOR-US: YourPlace CVE-2008-6769 (Unrestricted file upload vulnerability in upload.php in YourPlace 1.0. ...) NOT-FOR-US: YourPlace CVE-2008-6768 (Unrestricted file upload vulnerability in admin/editor/images.php in K ...) NOT-FOR-US: K&S Shopsoftware CVE-2008-6767 (wp-admin/upgrade.php in WordPress, probably 2.6.x, allows remote attac ...) {DSA-1871-2 DSA-1871-1} - wordpress 2.8.3-1 (low; bug #531736) NOTE: low impact, probably no-dsa CVE-2008-6766 (cart_save.php in ViArt Shop (aka Shopping Cart) 3.5 allows remote atta ...) NOT-FOR-US: ViArt Shop (aka Shopping Cart) CVE-2008-6765 (ViArt Shop (aka Shopping Cart) 3.5 allows remote attackers to access t ...) NOT-FOR-US: ViArt Shop (aka Shopping Cart) CVE-2008-6764 (Cross-site scripting (XSS) vulnerability in login.php in Silentum Logi ...) NOT-FOR-US: Silentum LoginSys CVE-2008-6763 (login2.php in Silentum LoginSys 1.0.0 allows remote attackers to bypas ...) NOT-FOR-US: Silentum LoginSys CVE-2008-6762 (Open redirect vulnerability in wp-admin/upgrade.php in WordPress, prob ...) {DSA-1871-2 DSA-1871-1} - wordpress 2.8.3-1 (low; bug #531736) NOTE: low impact, probably no-dsa CVE-2008-6761 (Static code injection vulnerability in admin/install.php in Flexcustom ...) NOT-FOR-US: Flexcustomer CVE-2008-6760 (ViArt Shop (aka Shopping Cart) 3.5 allows remote attackers to obtain s ...) NOT-FOR-US: ViArt Shop (aka Shopping Cart) CVE-2008-6759 (ViArt Shop (aka Shopping Cart) 3.5 allows remote attackers to obtain s ...) NOT-FOR-US: ViArt Shop (aka Shopping Cart) CVE-2008-6758 (Cross-site request forgery (CSRF) vulnerability in cart_save.php in Vi ...) NOT-FOR-US: ViArt Shop (aka Shopping Cart) CVE-2008-6757 (Cross-site scripting (XSS) vulnerability in manuals_search.php in ViAr ...) NOT-FOR-US: ViArt Shop (aka Shopping Cart) CVE-2008-6756 (ZoneMinder 1.23.3 on Gentoo Linux uses 0644 permissions for /etc/zm.co ...) - zoneminder 1.22.3-5 CVE-2008-6755 (ZoneMinder 1.23.3 on Fedora 10 sets the ownership of /etc/zm.conf to t ...) - zoneminder 1.24.1-1 (unimportant; bug #528252) NOTE: we are also affected but this is not a security issue by itself even if it's ugly CVE-2008-6754 (The Personal Sticky Threads addon 1.0.3c for vBulletin allows remote a ...) NOT-FOR-US: vBullerin addon CVE-2008-6753 (SQL injection vulnerability in SilverStripe before 2.2.2 allows remote ...) NOT-FOR-US: SilverStripe CVE-2008-6752 (adminlogin/password.php in the Twitter Clone (TClone) plugin for ReVou ...) NOT-FOR-US: Twitter Clone (TClone) plugin for ReVou Micro Blogging CVE-2008-6751 (Unrestricted file upload vulnerability in index.php in the Twitter Clo ...) NOT-FOR-US: Twitter Clone (TClone) plugin for ReVou Micro Blogging CVE-2008-6750 (Unrestricted file upload vulnerability in add.php in FlexPHPDirectory ...) NOT-FOR-US: FlexPHPDirectory CVE-2008-6749 (Multiple SQL injection vulnerabilities in admin/usercheck.php in FlexP ...) NOT-FOR-US: FlexPHPDirectory CVE-2008-6748 (Eval injection vulnerability in Megacubo 5.0.7 allows remote attackers ...) NOT-FOR-US: Megacubo CVE-2008-6747 (dotProject before 2.1.2 does not properly restrict access to administr ...) NOT-FOR-US: dotProject CVE-2008-6746 (Cross-site scripting (XSS) vulnerability in the contact display view i ...) NOT-FOR-US: Turba Contact Manager CVE-2008-6745 (index.php in BlogPHP 2.0 allows remote attackers to gain administrator ...) NOT-FOR-US: BlogPHP CVE-2008-6744 (Cross-site request forgery (CSRF) vulnerability in Cybozu Office 6, Cy ...) NOT-FOR-US: Cybozu Office CVE-2008-6743 (RSMScript 1.21 allows remote attackers to bypass authentication and ga ...) NOT-FOR-US: RSMScript CVE-2008-6742 (Foxy P2P software allows remote attackers to cause a denial of service ...) NOT-FOR-US: Foxy P2P CVE-2008-6741 (SQL injection vulnerability in Load.php in Simple Machines Forum (SMF) ...) NOT-FOR-US: Simple Machines Forum CVE-2008-6740 (PHP remote file inclusion vulnerability in html/admin/modules/plugin_a ...) NOT-FOR-US: HoMaP-CMS CVE-2008-6739 (Todd Woolums ASP Download management script 1.03 does not require auth ...) NOT-FOR-US: Todd Woolums ASP Download management script CVE-2008-6738 (MyShoutPro 1.2 allows remote attackers to bypass authentication and ga ...) NOT-FOR-US: MyShoutPro CVE-2008-6737 (Crysis 1.21 and earlier allows remote attackers to obtain sensitive pl ...) NOT-FOR-US: Crysis CVE-2008-6736 (Flat Calendar 1.1 does not properly restrict access to administrative ...) NOT-FOR-US: Flat Calendar CVE-2008-6735 (Directory traversal vulnerability in qc/index.php in ThaiQuickCart 3 a ...) NOT-FOR-US: ThaiQuickCart CVE-2008-6734 (Directory traversal vulnerability in Public/index.php in Keller Web Ad ...) NOT-FOR-US: Keller Web Admin CMS CVE-2008-6733 (Cross-site scripting (XSS) vulnerability in the error handling page in ...) NOT-FOR-US: DotNetNuke CVE-2008-6732 (Cross-site scripting (XSS) vulnerability in the Language skin object i ...) NOT-FOR-US: DotNetNuke CVE-2008-6731 (Unrestricted file upload vulnerability in submitlink.php in FlexPHPLin ...) NOT-FOR-US: FlexPHPLink Pro CVE-2008-6730 (Multiple SQL injection vulnerabilities in admin/usercheck.php in FlexP ...) NOT-FOR-US: FlexPHPLink Pro CVE-2008-6729 (Multiple cross-site request forgery (CSRF) vulnerabilities in password ...) NOT-FOR-US: PHPmotion CVE-2008-6728 (SQL injection vulnerability in the Sections module in PHP-Nuke, probab ...) NOT-FOR-US: PHP-Nuke CVE-2008-6727 (Cross-site scripting (XSS) vulnerability in Ultimate PHP Board (UPB) 2 ...) NOT-FOR-US: Ultimate PHP Board CVE-2008-6726 (Multiple directory traversal vulnerabilities in CMScout 2.06, when reg ...) NOT-FOR-US: CMScout CVE-2008-6725 (Multiple SQL injection vulnerabilities in CMScout 2.06 allow remote au ...) NOT-FOR-US: CMScout CVE-2008-6724 (Cross-site scripting (XSS) vulnerability in index.pl in Perl Nopaste 1 ...) NOT-FOR-US: Perl Nopaste CVE-2008-6723 (TurnkeyForms Entertainment Portal 2.0 allows remote attackers to bypas ...) NOT-FOR-US: TurnkeyForms CVE-2008-6722 (Novell Access Manager 3 SP4 does not properly expire X.509 certificate ...) NOT-FOR-US: Novell Access Manager CVE-2008-6721 (SQL injection vulnerability in index.php in AJ Square AJ Article allow ...) NOT-FOR-US: AJ Square AJ Article CVE-2008-6720 (SQL injection vulnerability in admin/adm_login.php in DeltaScripts PHP ...) NOT-FOR-US: DeltaScripts PHP Links CVE-2008-6719 (U&M Software Event Lister (aka JustListIt) 1.0 does not require ad ...) NOT-FOR-US: Software Event Lister CVE-2008-6718 (U&M Software JustBookIt 1.0 does not require administrative authen ...) NOT-FOR-US: JustBookIt CVE-2008-6717 (U&M Software Signup 1.0 and 1.1 does not require administrative au ...) NOT-FOR-US: Software Signup CVE-2008-6716 (homeadmin/adminhome.php in Pre ADS Portal 2.0 and earlier does not req ...) NOT-FOR-US: Pre ADS Portal CVE-2008-6715 (Multiple cross-site scripting (XSS) vulnerabilities in Pre ADS Portal ...) NOT-FOR-US: Pre ADS Portal CVE-2008-6714 (admin.php in xeCMS 1.0.0 RC2 and earlier allows remote attackers to by ...) NOT-FOR-US: xeCMS CVE-2008-6713 (World in Conflict (WIC) 1.008 and earlier allows remote attackers to c ...) NOT-FOR-US: World in Conflict CVE-2008-6712 (The HTTP/XML-RPC service in Crysis 1.21 (game version 1.1.1.6156) and ...) NOT-FOR-US: Crysis CVE-2008-6711 (Unspecified vulnerability in the Web administration interface in Avaya ...) NOT-FOR-US: Avaya Communication Manager CVE-2008-6710 (Unspecified vulnerability in the Web administration interface in Avaya ...) NOT-FOR-US: Avaya Communication Manager CVE-2008-6709 (Unspecified vulnerability in the Web management interface in Avaya SIP ...) NOT-FOR-US: Avaya SIP Enablement Services CVE-2008-6708 (Unspecified vulnerability in the Web management interface in Avaya SIP ...) NOT-FOR-US: Avaya SIP Enablement Services CVE-2008-6707 (The Web management interface in Avaya SIP Enablement Services (SES) 3. ...) NOT-FOR-US: Avaya SIP Enablement Services CVE-2008-6706 (Multiple unspecified vulnerabilities in the Web management interface i ...) NOT-FOR-US: Avaya SIP Enablement Services CVE-2008-6705 (The MultipacketReciever::RecievePacket function in S.T.A.L.K.E.R.: Sha ...) NOT-FOR-US: S.T.A.L.K.E.R.: Shadow of Chernobyl CVE-2008-6704 (Integer overflow in the NET_Compressor::Decompress function in S.T.A.L ...) NOT-FOR-US: S.T.A.L.K.E.R.: Shadow of Chernobyl CVE-2008-6703 (Stack-based buffer overflow in the IPureServer::_Recieve function in S ...) NOT-FOR-US: S.T.A.L.K.E.R.: Shadow of Chernobyl CVE-2008-6702 (S.T.A.L.K.E.R.: Shadow of Chernobyl 1.0006 and earlier allows remote a ...) NOT-FOR-US: S.T.A.L.K.E.R.: Shadow of Chernobyl CVE-2008-6701 (NetScout (formerly Network General) Visualizer V2100 and InfiniStream ...) NOT-FOR-US: NetScout Visualizer CVE-2008-6700 (Multiple cross-site scripting (XSS) vulnerabilities in Butterfly Organ ...) NOT-FOR-US: Butterfly Organizer CVE-2008-6699 (Cross-site scripting (XSS) vulnerability in Resource Library (tjs_resl ...) NOT-FOR-US: Resource Library extension for TYPO3 CVE-2008-6698 (Cross-site scripting (XSS) vulnerability in TARGET-E WorldCup Bets (wo ...) NOT-FOR-US: WorldCup Bets extension for TYPO3 CVE-2008-6697 (SQL injection vulnerability in TARGET-E WorldCup Bets (worldcup) 2.0.0 ...) NOT-FOR-US: WorldCup Bets extension for TYPO3 CVE-2008-6696 (SQL injection vulnerability in Fussballtippspiel (toto) 0.1.1 and earl ...) NOT-FOR-US: Fussballtippspiel extension for TYPO3 CVE-2008-6695 (SQL injection vulnerability in TIMTAB social bookmark icons (timtab_so ...) NOT-FOR-US: TIMTAB social bookmark icons extension for TYPO3 CVE-2008-6694 (SQL injection vulnerability in Random Prayer (ste_prayer) 0.0.1 for TY ...) NOT-FOR-US: Random Prayer extension for TYPO3 CVE-2008-6693 (SQL injection vulnerability in Download system (sb_downloader) extensi ...) NOT-FOR-US: Download system extension for TYPO3 CVE-2008-6692 (SQL injection vulnerability in Diocese of Portsmouth Training Courses ...) NOT-FOR-US: Training Courses extension for TYPO3 CVE-2008-6691 (SQL injection vulnerability in Diocese of Portsmouth Calendar Today (p ...) NOT-FOR-US: Calendar Today extension for TYPO3 CVE-2008-6690 (Unspecified vulnerability in nepa-design.de Spam Protection (nd_antisp ...) NOT-FOR-US: Spam Protection extension for TYPO3 CVE-2008-6689 (SQL injection vulnerability in JobControl (dmmjobcontrol) 1.15.0 and e ...) NOT-FOR-US: JobControl extension for TYPO3 CVE-2008-6688 (Cross-site scripting (XSS) vulnerability in JobControl (dmmjobcontrol) ...) NOT-FOR-US: JobControl extension for TYPO3 CVE-2008-6687 (Cross-site scripting (XSS) vulnerability in DCD GoogleMap (dcdgooglema ...) NOT-FOR-US: DCD GoogleMap extension for TYPO3 CVE-2008-6686 (SQL injection vulnerability in CoolURI (cooluri) 1.0.11 and earlier ex ...) NOT-FOR-US: CoolURI extension for TYPO3 CVE-2008-6685 (Unspecified vulnerability in Frontend Filemanager (air_filemanager) 0. ...) NOT-FOR-US: Frontend Filemanager extension for TYPO3 CVE-2008-6684 (Unrestricted file upload vulnerability in editimage.php in Apartment S ...) NOT-FOR-US: Apartment Search Script CVE-2008-6683 (Cross-site scripting (XSS) vulnerability in listtest.php in Apartment ...) NOT-FOR-US: Apartment Search Script CVE-2008-6682 (Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 2 ...) - libstruts1.2-java (Only affects Struts 2) CVE-2008-6681 (Cross-site scripting (XSS) vulnerability in dijit.Editor in Dojo befor ...) NOT-FOR-US: Dojo CVE-2008-6679 (Buffer overflow in the BaseFont writer module in Ghostscript 8.62, and ...) {DSA-2080-1} - ghostscript 8.64~dfsg-1 (medium; bug #524803) - gs-gpl (medium; bug #561717) CVE-2008-6678 (SQL injection vulnerability in asp/includes/contact.asp in QuickerSite ...) NOT-FOR-US: QuickerSite CVE-2008-6677 (Unrestricted file upload vulnerability in fckeditor251/editor/filemana ...) NOT-FOR-US: QuickerSite CVE-2008-6676 (QuickerSite 1.8.5 allows remote attackers to obtain sensitive informat ...) NOT-FOR-US: QuickerSite CVE-2008-6675 (Multiple cross-site scripting (XSS) vulnerabilities in QuickerSite 1.8 ...) NOT-FOR-US: QuickerSite CVE-2008-6674 (mailPage.asp in QuickerSite 1.8.5 allows remote attackers to flood e-m ...) NOT-FOR-US: QuickerSite CVE-2008-6673 (asp/bs_login.asp in QuickerSite 1.8.5 does not properly restrict acces ...) NOT-FOR-US: QuickerSite CVE-2008-6672 (Vertex4 SunAge 1.08.1 and earlier allows remote attackers to cause a d ...) NOT-FOR-US: Vertex4 SunAge CVE-2008-6671 (Vertex4 SunAge 1.08.1 and earlier allows remote attackers to cause a d ...) NOT-FOR-US: Vertex4 SunAge CVE-2008-6670 (Integer overflow in Vertex4 SunAge 1.08.1 and earlier allows remote at ...) NOT-FOR-US: Vertex4 SunAge CVE-2008-6669 (viewrq.php in nweb2fax 0.2.7 and earlier allows remote attackers to ex ...) NOT-FOR-US: nweb2fax CVE-2008-6668 (Multiple directory traversal vulnerabilities in nweb2fax 0.2.7 and ear ...) NOT-FOR-US: nweb2fax CVE-2008-6667 (A+ PHP Scripts News Management System (NMS) allows remote attackers to ...) NOT-FOR-US: A+ PHP Scripts News Management System (NMS) CVE-2008-6666 (Multiple cross-site scripting (XSS) vulnerabilities in Kronos webTA al ...) NOT-FOR-US: Kronos webTA CVE-2008-6665 (change.php in Ananta CMS 1.0b5, with magic_quotes_gpc disabled, allows ...) NOT-FOR-US: Ananta CMS CVE-2008-6664 (action.php in SH-News 3.0 allows remote attackers to bypass authentica ...) NOT-FOR-US: SH-News CVE-2008-6663 (SQL injection vulnerability in profile.php in PHPAuctions.info PHPAuct ...) NOT-FOR-US: PHPAuctions CVE-2008-6662 (AVG Anti-Virus for Linux 7.5.51, and possibly earlier, allows remote a ...) NOT-FOR-US: AVG Anti-Virus CVE-2008-6661 (Multiple integer overflows in the scanning engine in Bitdefender for L ...) NOT-FOR-US: Bitdefender CVE-2008-6660 (Unrestricted file upload vulnerability in bigdump.php in Alexey Ozerov ...) NOT-FOR-US: Alexey Ozerov BigDump CVE-2008-6659 (Directory traversal vulnerability in index.php in Simple Machines Foru ...) NOT-FOR-US: Simple Machines Forum CVE-2008-6658 (Directory traversal vulnerability in index.php in Simple Machines Foru ...) NOT-FOR-US: Simple Machines Forum CVE-2008-6657 (Cross-site request forgery (CSRF) vulnerability in index.php in Simple ...) NOT-FOR-US: Simple Machines Forum CVE-2008-6680 (libclamav/pe.c in ClamAV before 0.95 allows remote attackers to cause ...) {DSA-1771-1} - clamav 0.95.1+dfsg-1 (medium; bug #523016) CVE-2008-6656 (Multiple SQL injection vulnerabilities in Open Auto Classifieds 1.4.3b ...) NOT-FOR-US: Open Auto Classifieds CVE-2008-6655 (Multiple cross-site scripting (XSS) vulnerabilities in GEDCOM_TO_MYSQL ...) NOT-FOR-US: GEDCOM_TO_MYSQL CVE-2008-6654 (Cross-site scripting (XSS) vulnerability in search_results.php in Info ...) NOT-FOR-US: InfoBiz Server CVE-2008-6653 (SQL injection vulnerability in webhosting.php in the Webhosting Compon ...) NOT-FOR-US: Joomla! CVE-2008-6652 (SQL injection vulnerability in asd.php in OneCMS 2.5 allows remote att ...) NOT-FOR-US: OneCMS CVE-2008-6651 (Static code injection vulnerability in edithistory.php in OxYProject O ...) NOT-FOR-US: OxYProject OxYBox CVE-2008-6650 (del.php in miniBloggie 1.0 allows remote attackers to delete arbitrary ...) NOT-FOR-US: miniBloggie CVE-2008-6649 (SQL injection vulnerability in manager/image_details_editor.php in Kto ...) NOT-FOR-US: Ktools PhotoStore CVE-2008-6648 (SQL injection vulnerability in crumbs.php in Ktools PhotoStore 3.4.3 a ...) NOT-FOR-US: Ktools PhotoStore CVE-2008-6647 (SQL injection vulnerability in gallery.php in Ktools PhotoStore 3.4.3 ...) NOT-FOR-US: Ktools PhotoStore CVE-2008-6646 (Cross-site scripting (XSS) vulnerability in index.php in CoronaMatrix ...) NOT-FOR-US: CoronaMatrix phpAddressBook CVE-2008-6645 (Cross-site scripting (XSS) vulnerability in Opencosmo VisualSentinel 0 ...) NOT-FOR-US: Opencosmo VisualSentinel CVE-2008-6644 (Cross-site scripting (XSS) vulnerability in Default.aspx in DotNetNuke ...) NOT-FOR-US: DotNetNuke CVE-2008-6643 (LokiCMS 0.3.4 and possibly earlier versions does not properly restrict ...) NOT-FOR-US: LokiCMS CVE-2008-6642 (SQL injection vulnerability in view.php in DotContent FluentCMS 4.x al ...) NOT-FOR-US: DotContent FluentCMS CVE-2008-6641 (Multiple SQL injection vulnerabilities in Shader TV (Beta) allow remot ...) NOT-FOR-US: Shader TV CVE-2008-6640 (Multiple SQL injection vulnerabilities in BatmanPorTaL allow remote at ...) NOT-FOR-US: BatmanPorTaL CVE-2008-6639 (Cross-site request forgery (CSRF) vulnerability in admin.php in AjaXpl ...) - ajaxplorer (bug #668381) CVE-2008-6638 (Insecure method vulnerability in the Versalsoft HTTP Image Uploader Ac ...) NOT-FOR-US: Versalsoft HTTP Image Uploader ActiveX CVE-2008-6637 (Multiple cross-site scripting (XSS) vulnerabilities in forgotPW.php in ...) NOT-FOR-US: Library Video Company SAFARI Montage CVE-2008-6636 (PHP remote file inclusion vulnerability in skins/default.php in Geody ...) NOT-FOR-US: Geody Labs Dagger CVE-2008-6635 (PHP remote file inclusion vulnerability in skins/default.php in Geody ...) NOT-FOR-US: Geody Labs Dagger CVE-2008-6634 (SQL injection vulnerability in RoomPHPlanning 1.5 allows remote attack ...) NOT-FOR-US: RoomPHPlanning CVE-2008-6633 (SQL injection vulnerability in RoomPHPlanning 1.5 allows remote attack ...) NOT-FOR-US: RoomPHPlanning CVE-2008-6632 (SQL injection vulnerability in func/login.php in MercuryBoard 1.1.5 an ...) NOT-FOR-US: MercuryBoard CVE-2008-6631 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in Bl ...) NOT-FOR-US: BlogPHP CVE-2008-6630 (Directory traversal vulnerability in the wt_gallery extension 2.5.0 an ...) NOT-FOR-US: wt_gallery extension for TYPO3 CVE-2008-6629 (Cross-site scripting (XSS) vulnerability in detail.php in WEBBDOMAIN M ...) NOT-FOR-US: WEBBDOMAIN Multi Languages WebShop Online CVE-2008-6628 REJECTED CVE-2008-6627 (SQL injection vulnerability in getin.php in WEBBDOMAIN WebShop 1.2, 1. ...) NOT-FOR-US: WEBBDOMAIN Multi Languages WebShop Online CVE-2008-6626 (SQL injection vulnerability in getin.php in WEBBDOMAIN Quiz 1.02 and e ...) NOT-FOR-US: WEBBDOMAIN Multi Languages WebShop Online CVE-2008-6625 (SQL injection vulnerability in getin.php in WEBBDOMAIN Polls (aka Poll ...) NOT-FOR-US: WEBBDOMAIN Multi Languages WebShop Online CVE-2008-6624 (SQL injection vulnerability in getin.php in WEBBDOMAIN Petition 1.02, ...) NOT-FOR-US: WEBBDOMAIN Multi Languages WebShop Online CVE-2008-6623 (SQL injection vulnerability in getin.php in WEBBDOMAIN Post Card (aka ...) NOT-FOR-US: WEBBDOMAIN Multi Languages WebShop Online CVE-2008-6622 (SQL injection vulnerability in choosecard.php in WEBBDOMAIN Post Card ...) NOT-FOR-US: WEBBDOMAIN Multi Languages WebShop Online CVE-2008-6621 (Unspecified vulnerability in GraphicsMagick before 1.2.3 allows remote ...) {DSA-1903-1} - graphicsmagick 1.2.3-1 CVE-2008-6620 (Multiple cross-site scripting (XSS) vulnerabilities in javascript/edit ...) NOT-FOR-US: GraFX miniCWB CVE-2008-6619 (Unrestricted file upload vulnerability in class/ApplyDB.php in ClassSy ...) NOT-FOR-US: ClassSystem CVE-2008-6618 (Multiple SQL injection vulnerabilities in ClassSystem 2.3 allow remote ...) NOT-FOR-US: ClassSystem CVE-2008-6617 (Unrestricted file upload vulnerability in adm/visual/upload.php in Sit ...) NOT-FOR-US: SiteXS CMS CVE-2008-6616 (Cross-site scripting (XSS) vulnerability in index.php in Zen Software ...) NOT-FOR-US: Zen Software Zen Cart CVE-2008-6615 (SQL injection vulnerability in index.php in Zen Software Zen Cart 2008 ...) NOT-FOR-US: Zen Software Zen Cart CVE-2008-6614 (Multiple SQL injection vulnerabilities in microcms-admin-login.php in ...) NOT-FOR-US: Micro CMS CVE-2008-6613 (uploader.php in minimal-ablog 0.4 does not properly restrict access, w ...) NOT-FOR-US: minimal-ablog CVE-2008-6612 (Unrestricted file upload vulnerability in admin/uploader.php in Minima ...) NOT-FOR-US: minimal-ablog CVE-2008-6611 (SQL injection vulnerability in index.php in Minimal ABlog 0.4 allows r ...) NOT-FOR-US: minimal-ablog CVE-2008-6610 (Absolute path traversal vulnerability in phpcksec.php in Stefan Ott ph ...) NOT-FOR-US: phpcksec CVE-2008-6609 (Cross-site scripting (XSS) vulnerability in phpcksec.php in Stefan Ott ...) NOT-FOR-US: phpcksec CVE-2008-6608 (Multiple SQL injection vulnerabilities in DevelopItEasy Events Calenda ...) NOT-FOR-US: DevelopItEasy Events Calendar CVE-2008-6607 (Cross-site scripting (XSS) vulnerability in view.php in MatPo Link 1.2 ...) NOT-FOR-US: MatPo Link CVE-2008-6606 (SQL injection vulnerability in view.php in MatPo Link 1.2 Beta allows ...) NOT-FOR-US: MatPo Link CVE-2008-6605 (Cross-site request forgery (CSRF) vulnerability in the xslt script in ...) NOT-FOR-US: 2wire CVE-2008-6604 (Directory traversal vulnerability in index.php in PicoFlat CMS 0.5.9 a ...) NOT-FOR-US: PicoFlat CMS CVE-2008-6603 (MoinMoin 1.6.2 and 1.7 does not properly enforce ACL checks when acl_h ...) - moin 1.7.1-1 (low) [etch] - moin (Vulnerable code not present) CVE-2008-6602 (Unspecified vulnerability in Download Center Lite before 2.1 has unkno ...) NOT-FOR-US: Download Center Lite CVE-2008-6601 (Unspecified vulnerability in Epona 1.5rc3 allows remote attackers to o ...) NOT-FOR-US: Epona CVE-2008-6600 (Cross-site scripting (XSS) vulnerability in the search feature in XMLP ...) NOT-FOR-US: XMLPortal CVE-2008-6599 (cookiecheck.php in CookieCheck 1.0 stores tmp/cc_sessions under the we ...) NOT-FOR-US: CookieCheck CVE-2008-6598 (Multiple race conditions in WANPIPE before 3.3.6 have unknown impact a ...) NOT-FOR-US: WANPIPE CVE-2008-6597 (Cross-site scripting (XSS) vulnerability in upload/install/index.php i ...) NOT-FOR-US: PHCDownload CVE-2008-6596 (SQL injection vulnerability in admin/index.php in PHCDownload 1.1 allo ...) NOT-FOR-US: PHCDownload CVE-2008-6595 (SQL injection vulnerability in the pmk_rssnewsexport extension for TYP ...) NOT-FOR-US: pmk_rssnewsexport extension for TYPO3 CVE-2008-6594 (SQL injection vulnerability in the cm_rdfexport extension for TYPO3 al ...) NOT-FOR-US: 3dparty typo3 extension CVE-2008-6593 (SQL injection vulnerability in LightNEasy/lightneasy.php in LightNEasy ...) NOT-FOR-US: LightNEasy SQLite CVE-2008-6592 (thumbsup.php in Thumbs-Up 1.12, as used in LightNEasy "no database" (a ...) NOT-FOR-US: LightNEasy SQLite CVE-2008-6591 (LightNEasy "no database" (aka flat) version 1.2.2, and possibly SQLite ...) NOT-FOR-US: LightNEasy SQLite CVE-2008-6590 (Multiple directory traversal vulnerabilities in LightNEasy "no databas ...) NOT-FOR-US: LightNEasy SQLite CVE-2008-6589 (Multiple cross-site scripting (XSS) vulnerabilities in LightNEasy "no ...) NOT-FOR-US: LightNEasy SQLite CVE-2008-6588 (Aztech ADSL2/2+ 4-port router has a default "isp" account with a defau ...) NOT-FOR-US: Aztech port router CVE-2008-6587 (Cross-site request forgery (CSRF) vulnerability in index.tmpl in Vuze ...) NOT-FOR-US: Azureus HTML WebUI CVE-2008-6586 (Cross-site request forgery (CSRF) vulnerability in gui/index.php in &# ...) NOT-FOR-US: ?Torrent (uTorrent) WebUI CVE-2008-6585 (Cross-site request forgery (CSRF) vulnerability in html/admin.php in T ...) - torrentflux (Debian packaging uses a different directory layout, see bug #531614) CVE-2008-6584 (html/index.php in TorrentFlux 2.3 allows remote authenticated users to ...) - torrentflux (Debian packaging uses a different directory layout, see bug #531614) CVE-2008-6583 (Buffer overflow in BS.player 2.27 build 959 allows remote attackers to ...) NOT-FOR-US: BS.player CVE-2008-6582 (SQL injection vulnerability in index.php in Miniweb 2.0 allows remote ...) NOT-FOR-US: Miniweb CVE-2008-6581 (login.php in PhpAddEdit 1.3 allows remote attackers to bypass authenti ...) NOT-FOR-US: PhpAddEdit CVE-2008-6580 (The Red_Reservations script for ColdFusion stores sensitive informatio ...) NOT-FOR-US: ColdFusion CVE-2008-6579 (Nortel Communication Server 1000 4.50.x allows remote attackers to obt ...) NOT-FOR-US: Nortel Communication Server CVE-2008-6578 (Multiple unspecified vulnerabilities in Nortel Communication Server 10 ...) NOT-FOR-US: Nortel Communication Server CVE-2008-6577 (Nortel MG1000S, Signaling Server, and Call Server on the Communication ...) NOT-FOR-US: Nortel appliances CVE-2008-6576 (Unspecified vulnerability in the "session limitation technique" in the ...) NOT-FOR-US: Nortel Communication Server CVE-2008-6575 (Unspecified vulnerability in the SIP server in SIP Enablement Services ...) NOT-FOR-US: Avaya Communication Manager CVE-2008-6574 (Unspecified vulnerability in SIP Enablement Services (SES) in Avaya Co ...) NOT-FOR-US: Avaya Communication Manager CVE-2008-6573 (Multiple SQL injection vulnerabilities in Avaya SIP Enablement Service ...) NOT-FOR-US: Avaya Communication Manager CVE-2008-6572 (SQL injection vulnerability in search_results.php in ABK-Soft AbleDati ...) NOT-FOR-US: ABK-Soft AbleDating CVE-2008-6571 (Multiple cross-site scripting (XSS) vulnerabilities in LinPHA before 1 ...) NOT-FOR-US: LinPHA CVE-2008-6570 (Cross-site scripting (XSS) vulnerability in the RSS reader in Cybozu G ...) NOT-FOR-US: Cybozu Garoon CVE-2008-6569 (Session fixation vulnerability in Cybozu Garoon 2.0.0 through 2.1.3 al ...) NOT-FOR-US: Cybozu Garoon CVE-2008-6568 (Unrestricted file upload vulnerability in Yehe 2.0 allows remote attac ...) NOT-FOR-US: Yehe CVE-2008-6567 (Multiple cross-site scripting (XSS) vulnerabilities in Gallarific Free ...) NOT-FOR-US: Gallarific Free Edition CVE-2008-6566 (Unspecified vulnerability in Octopussy before 0.9.5.8 has unknown impa ...) NOT-FOR-US: Octopussy CVE-2008-6565 (Cross-site scripting (XSS) vulnerability in Invision Power Board 2.3.1 ...) NOT-FOR-US: Invision Power Board CVE-2008-6564 (Nortel UNIStim protocol, as used in Communication Server 1000 and othe ...) NOT-FOR-US: Nortel Communication Server CVE-2008-6563 (Buffer overflow in the XML parser in Trillian 3.1.9.0, and possibly ea ...) NOT-FOR-US: Trillian CVE-2008-6562 (Cross-site scripting (XSS) vulnerability in jax_linklists.php in Jack ...) NOT-FOR-US: Jack (tR) Jax LinkLists CVE-2008-6561 (Citrix Presentation Server Client for Windows before 10.200 does not c ...) NOT-FOR-US: Citrix CVE-2008-6560 (Buffer overflow in CMAN - The Cluster Manager before 2.03.09-1 on Fedo ...) - redhat-cluster 2.20081102-1 NOTE: This seems like a non-issue, since the config file should be under control NOTE: of the admin? NOTE: Fixed in 2.03.09 upstream version. CVE-2008-6559 (Merge mcd in ReliantHA 1.1.4 in SCO UnixWare 7.1.4 allows local users ...) NOT-FOR-US: SCO UnixWare CVE-2008-6558 (Untrusted search path vulnerability in (1) hvdisp and (2) rcvm in Reli ...) NOT-FOR-US: SCO UnixWare CVE-2008-6557 (cgi-bin/webutil.pl in The Puppet Master WebUtil 2.7 allows remote atta ...) NOT-FOR-US: Puppet Master WebUtit, different than puppetmaster from puppet CVE-2008-6556 (cgi-bin/webutil.pl in The Puppet Master WebUtil 2.3 allows remote atta ...) NOT-FOR-US: Puppet Master WebUtit, different than puppetmaster from puppet CVE-2008-6555 (cgi-bin/webutil.pl in The Puppet Master WebUtil allows remote attacker ...) NOT-FOR-US: Puppet Master WebUtit, different than puppetmaster from puppet CVE-2008-6554 (cgi-bin/script in Aztech ADSL2/2+ 4-port router 3.7.0 build 070426 all ...) NOT-FOR-US: Aztech router CVE-2008-6553 (microcms-admin-home.php in Implied by Design Micro CMS (Micro-CMS) 3.5 ...) NOT-FOR-US: Micro CMS CVE-2008-6552 (Red Hat Cluster Project 2.x allows local users to modify or overwrite ...) - redhat-cluster 2.20081102-1 NOTE: Fixed in 2.03.09 upstream version. NOTE: Similar to CVE-2008-4192 and CVE-2008-4579 CVE-2008-6551 (Multiple directory traversal vulnerabilities in e-Vision CMS 2.0.2 and ...) NOT-FOR-US: e-vision CMS CVE-2008-6550 (Cross-site scripting (XSS) vulnerability in glossaire.php in Glossaire ...) NOT-FOR-US: Glossaire CVE-2008-6549 (The password_checker function in config/multiconfig.py in MoinMoin 1.6 ...) - moin 1.6.2-1 (low) CVE-2008-6548 (The rst parser (parser/text_rst.py) in MoinMoin 1.6.1 does not check t ...) - moin 1.6.2-1 (low) CVE-2008-6547 (schema.py in FormEncode for Python (python-formencode) 1.0 does not ap ...) - python-formencode 1.0.1-1 [etch] - python-formencode (Vulnerable code was introduced in 1.0) CVE-2008-6546 (Unspecified vulnerability in phpns before 2.1.3 has unknown impact and ...) NOT-FOR-US: phpns CVE-2008-6545 (PHP remote file inclusion vulnerability in news/include/createdb.php i ...) NOT-FOR-US: Web Server Creator Web Portal CVE-2008-6544 NOT-FOR-US: Simple Machines Forum CVE-2008-6543 (Multiple PHP remote file inclusion vulnerabilities in ComScripts TEAM ...) NOT-FOR-US: ComScripts TEAM Quick Classifieds CVE-2008-6542 (Unspecified vulnerability in the Skin Manager in DotNetNuke before 4.8 ...) NOT-FOR-US: DotNetNuke CVE-2008-6541 (Unrestricted file upload vulnerability in the file manager module in D ...) NOT-FOR-US: DotNetNuke CVE-2008-6540 (DotNetNuke before 4.8.2, during installation or upgrade, does not warn ...) NOT-FOR-US: DotNetNuke CVE-2008-6539 (Static code injection vulnerability in user/settings/ in DeStar 0.2.2- ...) - destar (bug #522123) CVE-2008-6538 (DeStar 0.2.2-5 allows remote attackers to add arbitrary users via a di ...) - destar (bug #522123) NOTE: we include a default configuration user which can be changed with instructions in README.Debian CVE-2008-6537 (LightNEasy/lightneasy.php in LightNEasy No database version 1.2 allows ...) NOT-FOR-US: LightNEasy No database CVE-2008-6536 (Unspecified vulnerability in 7-zip before 4.5.7 has unknown impact and ...) - p7zip 4.57~dfsg.1-1 CVE-2008-6535 (admin/settings.php in PayPal eStores allows remote attackers to bypass ...) NOT-FOR-US: PayPal eStores CVE-2008-6534 (Incomplete blacklist vulnerability in NULL FTP Server Free and Pro 1.1 ...) NOT-FOR-US: NULL FTP Server CVE-2008-6533 (Drupal 5.x before 5.13 and 6.x before 6.7 does not delete all related ...) - drupal5 5.14-1 (low) - drupal6 6.9-1 (low) [lenny] - drupal6 6.6-1.1 CVE-2008-6532 (Multiple cross-site request forgery (CSRF) vulnerabilities in the upda ...) - drupal5 5.14-1 (low) - drupal6 6.9-1 (low) [lenny] - drupal6 6.6-1.1 CVE-2008-6531 (The WebWork 1 web application framework in Atlassian JIRA before 3.13. ...) NOT-FOR-US: Atlassian JIRA CVE-2008-6530 (Unrestricted file upload vulnerability in editimage.php in eZoneScript ...) NOT-FOR-US: eZoneScripts Living Local CVE-2008-6529 (Cross-site scripting (XSS) vulnerability in listtest.php in eZoneScrip ...) NOT-FOR-US: eZoneScripts Living Local CVE-2008-6528 (NTFS TmaxSoft JEUS 5 before Fix 26 allows remote attackers to read the ...) NOT-FOR-US: NTFS TmaxSoft JEUS 5 CVE-2008-6527 (SQL injection vulnerability in forum.asp in GO4I.NET ASP Forum 1.0 all ...) NOT-FOR-US: GO4I.NET ASP Forum CVE-2008-6526 (SQL injection vulnerability in index.php in BosDev BosClassifieds allo ...) NOT-FOR-US: BosClassifieds CVE-2008-6525 (SQL injection vulnerability in the Admin Panel in Nice PHP FAQ Script ...) NOT-FOR-US: Nice PHP FAQ Script CVE-2008-6524 (resetpass.php in openInvoice 0.90 beta and earlier allows remote authe ...) NOT-FOR-US: openInvoice CVE-2008-6523 (auth.php in openInvoice 0.90 beta and earlier allows remote attackers ...) NOT-FOR-US: openInvoice CVE-2008-6522 (Multiple directory traversal vulnerabilities in the RenderFile functio ...) NOT-FOR-US: OpenTerracotta CVE-2008-6521 (index.php in Terracotta (aka OpenTerracotta) 0.6.1 allows remote attac ...) NOT-FOR-US: OpenTerracotta CVE-2008-6520 (Multiple format string vulnerabilities in the SSI filter in Xitami Web ...) NOT-FOR-US: Xitami Web Server CVE-2008-6519 (Format string vulnerability in Xitami Web Server 2.2a through 2.5c2, a ...) NOT-FOR-US: Xitami Web Server CVE-2008-6518 (Unrestricted file upload vulnerability in the profile feature in VidiS ...) NOT-FOR-US: VidiScript CVE-2008-6517 (SQL injection vulnerability in NewsHOWLER 1.03 Beta allows remote atta ...) NOT-FOR-US: NewsHOWLER CVE-2008-6516 (Multiple directory traversal vulnerabilities in phpKF-Portal 1.10 allo ...) NOT-FOR-US: phpKF-Portal CVE-2008-6515 (Cross-site scripting (XSS) vulnerability in Fritz Berger yet another p ...) NOT-FOR-US: yappa-ng CVE-2008-6514 (The Expo plugin in Compiz Fusion 0.7.8 allows local users with physica ...) - compiz-fusion-plugins-main 0.8.2-1 (low) [lenny] - compiz-fusion-plugins-main (Minor issue) CVE-2008-6513 (Unrestricted file upload vulnerability in saa.php in Andy's PHP Knowle ...) NOT-FOR-US: Andy's PHP Knowledgebase CVE-2008-6512 (Cross-domain vulnerability in the WorkerPool API in Google Gears befor ...) NOT-FOR-US: Google Gears CVE-2008-6511 (Open redirect vulnerability in login.jsp in Openfire 3.6.0a and earlie ...) NOT-FOR-US: Openfire CVE-2008-6510 (Cross-site scripting (XSS) vulnerability in login.jsp in the Admin Con ...) NOT-FOR-US: Openfire CVE-2008-6509 (SQL injection vulnerability in CallLogDAO in SIP Plugin in Openfire 3. ...) NOT-FOR-US: Openfire CVE-2008-6508 (Directory traversal vulnerability in the AuthCheck filter in the Admin ...) NOT-FOR-US: Openfire CVE-2008-6507 (Unspecified vulnerability in phpBB before 3.0.4 allows attackers to ob ...) - phpbb3 3.0.2-4 CVE-2008-6505 (Multiple directory traversal vulnerabilities in Apache Struts 2.0.x be ...) - libstruts1.2-java (Vulnerable code not present) NOTE: looks like this was introduced in 2.x, see upstream trunk r688095 CVE-2008-6504 (ParametersInterceptor in OpenSymphony XWork 2.0.x before 2.0.6 and 2.1 ...) NOT-FOR-US: OpenSymphony XWork CVE-2008-6503 (Multiple cross-site scripting (XSS) vulnerabilities in PrestaShop 1.1. ...) NOT-FOR-US: PrestaShop CVE-2008-6502 (Directory traversal vulnerability in Pro Chat Rooms 3.0.2 allows remot ...) NOT-FOR-US: Pro Chat Rooms CVE-2008-6501 (Cross-site scripting (XSS) vulnerability in profiles/index.php in Pro ...) NOT-FOR-US: Pro Chat Rooms CVE-2008-6500 (Cross-site scripting (XSS) vulnerability in CodeToad ASP Shopping Cart ...) NOT-FOR-US: CodeToad ASP Shopping Cart Script CVE-2008-6499 (security/xamppsecurity.php in XAMPP 1.6.8 performs an extract operatio ...) NOT-FOR-US: XAMPP CVE-2008-6498 (Cross-site request forgery (CSRF) vulnerability in security/xamppsecur ...) NOT-FOR-US: XAMPP CVE-2008-6497 (The Neostrada Livebox ADSL Router allows remote attackers to cause a d ...) NOT-FOR-US: Neostrada Livebox ADSL Router CVE-2008-6496 (Insecure method vulnerability in the VSPDFEditorX.VSPDFEdit ActiveX co ...) NOT-FOR-US: VSPDFEditorX.ocx CVE-2008-6495 (Cross-site scripting (XSS) vulnerability in index.php in Fritz Berger ...) NOT-FOR-US: Fritz Berger yet another php photo album - next generation CVE-2008-6494 (ASP User Engine.NET stores sensitive information under the web root wi ...) NOT-FOR-US: ASP User Engine.NET CVE-2008-6493 (Easy Content Management Publishing stores sensitive information under ...) NOT-FOR-US: Easy Content Management Publishing CVE-2008-6492 (Unrestricted file upload vulnerability in process.php in Tizag Countdo ...) NOT-FOR-US: Tizag Countdown Creator CVE-2008-6491 (PHP remote file inclusion vulnerability in connexion.php in PHPGKit 0. ...) NOT-FOR-US: PHPGKit CVE-2008-6490 (function/update_xml.php in FLABER 1.1 and earlier allows remote attack ...) NOT-FOR-US: FLABER CVE-2008-6489 (SQL injection vulnerability in MyAlbum component (com_myalbum) 1.0 for ...) NOT-FOR-US: MyAlbum component (com_myalbum) for Joomla! CVE-2008-6488 (SQL injection vulnerability in index.php in SoftComplex PHP Image Gall ...) NOT-FOR-US: SoftComplex PHP Image Gallery CVE-2008-6487 (Multiple SQL injection vulnerabilities in login.asp in Digiappz DigiAf ...) NOT-FOR-US: Digiappz DigiAffiliate CVE-2008-6486 (PHP remote file inclusion vulnerability in slideshow_uploadvideo.conte ...) NOT-FOR-US: sharedlog CMS CVE-2008-6485 (SQL injection vulnerability in index.php in SoftComplex PHP Image Gall ...) NOT-FOR-US: SoftComplex PHP Image Gallery CVE-2008-6484 (SQL injection vulnerability in login.php in Mole Group Taxi Map Script ...) NOT-FOR-US: Mole Group Taxi Map Script CVE-2008-6483 (PHP remote file inclusion vulnerability in admin.googlebase.php in the ...) NOT-FOR-US: Ecom Solutions VirtueMart Google Base (aka com_googlebase or Froogle) component for Joomla! CVE-2008-6482 (PHP remote file inclusion vulnerability in admin.treeg.php in the Flas ...) NOT-FOR-US: Flash Tree Gallery (com_treeg) component for Joomla! CVE-2008-6481 (SQL injection vulnerability in the Versioning component (com_versionin ...) NOT-FOR-US: Versioning component (com_versioning) in Joomla! and Mambo CVE-2008-6480 (Cross-site request forgery (CSRF) vulnerability in engine/modules/imag ...) NOT-FOR-US: Datalife Engine CVE-2008-6479 (Cross-site request forgery (CSRF) vulnerability in the "change passwor ...) NOT-FOR-US: swsoft CVE-2008-6478 (Cross-site request forgery (CSRF) vulnerability in the file manager in ...) NOT-FOR-US: swsoft CVE-2008-6477 (SQL injection vulnerability in Mumbo Jumbo Media OP4 allows remote att ...) NOT-FOR-US: Mumbo Jumbo Media CVE-2008-6476 (Cross-site scripting (XSS) vulnerability in blog/search.aspx in BlogEn ...) NOT-FOR-US: BlogEngine.NET CVE-2008-6475 (SQL injection vulnerability in the guestbook component (components/gue ...) NOT-FOR-US: Drake CMS CVE-2008-6474 (The management interface in F5 BIG-IP 9.4.3 allows remote authenticate ...) NOT-FOR-US: F5 BIG-IP CVE-2008-6473 (_blogadata/include/init_pass2.php in Blogator-script 0.95 allows remot ...) NOT-FOR-US: Blogator-script CVE-2008-6472 (The WLCCP dissector in Wireshark 0.99.7 through 1.0.4 allows remote at ...) [etch] - wireshark (vulnerable code not present) [lenny] - wireshark 1.0.2-3+lenny3 - wireshark 1.0.5-1 (low; bug #506741) CVE-2008-6471 (SQL injection vulnerability in detail.php in MountainGrafix easyLink 1 ...) NOT-FOR-US: MountainGrafix easyLink CVE-2008-6470 (Multiple unspecified vulnerabilities in ClanSphere before 2008.2.1 all ...) NOT-FOR-US: ClanSphere CVE-2008-6469 (SQL injection vulnerability in index.php in PlainCart 1.1.2 allows rem ...) NOT-FOR-US: PlainCart CVE-2008-6468 (SQL injection vulnerability in index.php in Diesel Pay allows remote a ...) NOT-FOR-US: Diesel Pay CVE-2008-6467 (SQL injection vulnerability in jobs/jobseekers/job-info.php in Diesel ...) NOT-FOR-US: Diesel Pay CVE-2008-6466 (SQL injection vulnerability in image_gallery.php in the Akira Powered ...) NOT-FOR-US: e107 CVE-2008-6465 (Multiple cross-site scripting (XSS) vulnerabilities in login.php in we ...) NOT-FOR-US: Parallels H-Sphere CVE-2008-6464 (SQL injection vulnerability in event.php in Mevin Productions Basic PH ...) NOT-FOR-US: Mevin Productions Basic PHP Events Lister CVE-2008-6463 (SQL injection vulnerability in the Diocese of Portsmouth Church Search ...) NOT-FOR-US: Diocese of Portsmouth Church Search extension for TYPO3 CVE-2008-6462 (SQL injection vulnerability in the My quiz and poll (myquizpoll) exten ...) NOT-FOR-US: My quiz and poll CVE-2008-6461 (SQL injection vulnerability in the Random Prayer 2 (ste_prayer2) exten ...) NOT-FOR-US: TYPO3 addon Random Prayer CVE-2008-6460 (SQL injection vulnerability in the Simple Random Objects (mw_random_ob ...) NOT-FOR-US: TYPO3 addon Simple Random Objects CVE-2008-6459 (SQL injection vulnerability in the auto BE User Registration (autobeus ...) NOT-FOR-US: TYPO3 addon auto BE User Registration CVE-2008-6458 (SQL injection vulnerability in the FE address edit for tt_address & ...) NOT-FOR-US: TYPO3 addon CVE-2008-6457 (SQL injection vulnerability in the Swigmore institute (cgswigmore) ext ...) NOT-FOR-US: TYPO3 addon CVE-2008-6456 (SQL injection vulnerability in the HBook (h_book) extension 2.3.0 and ...) NOT-FOR-US: TYPO3 addon CVE-2008-6455 (Session fixation vulnerability in Edikon phpShop 0.8.1 allows remote a ...) NOT-FOR-US: Edikon phpShop CVE-2008-6454 (SQL injection vulnerability in section.php in 6rbScript 3.3 allows rem ...) NOT-FOR-US: 6rbScript CVE-2008-6453 (Directory traversal vulnerability in section.php in 6rbScript 3.3, whe ...) NOT-FOR-US: 6rbScript CVE-2008-6452 (SQL injection vulnerability in show_vote.php in Oceandir 2.9 and earli ...) NOT-FOR-US: Oceandir CVE-2008-6451 (SQL injection vulnerability in humor.php in jPORTAL 2 allows remote at ...) NOT-FOR-US: jPORTAL CVE-2008-6450 (Cross-site scripting (XSS) vulnerability in Under Construction, Baby ( ...) NOT-FOR-US: Under Construction, Baby CVE-2008-6449 (Cross-site request forgery (CSRF) vulnerability in multiple Century Sy ...) NOT-FOR-US: Century Systems routers CVE-2008-6448 (Cross-site scripting (XSS) vulnerability in install.cgi in SKYARC Syst ...) NOT-FOR-US: SKYARC System MTCMS WYSIWYG Editor CVE-2008-6447 (Buffer overflow in emmailstore.dll 6.5.0.3 in the QuikSoft EasyMail Ma ...) NOT-FOR-US: QuikSoft EasyMail CVE-2008-6446 (Static code injection vulnerability in the Guestbook component in CMS ...) NOT-FOR-US: CMS MAXSITE CVE-2008-6445 (Unspecified vulnerability in YourPlace before 1.0.1 has unknown impact ...) NOT-FOR-US: YourPlace CVE-2008-6444 (Stack-based buffer overflow in CSTransfer.dll in Baidu Hi IM might all ...) NOT-FOR-US: Baidu Hi IM CVE-2008-6443 (SQL injection vulnerability in forum_duzen.php in phpKF allows remote ...) NOT-FOR-US: phpKF CVE-2008-6442 (Insecure method vulnerability in Sina Inc. DLoader Class ActiveX Contr ...) NOT-FOR-US: Sina Inc. DLoader Class ActiveX CVE-2008-6441 (Format string vulnerability in the Epic Games Unreal engine client, as ...) NOT-FOR-US: Epic Games Unreal engine client CVE-2008-6440 (Cerberus Helpdesk before 4.0 (Build 600) allows remote attackers to ob ...) NOT-FOR-US: Cerberus Helpdesk CVE-2008-6439 (Cross-site scripting (XSS) vulnerability in search_results.php in ABK- ...) NOT-FOR-US: ABK-Soft AbleDating CVE-2008-6438 (SQL injection vulnerability in macgurublog_menu/macgurublog.php in the ...) NOT-FOR-US: MacGuru BLOG Engine CVE-2008-6437 (Multiple cross-site scripting (XSS) vulnerabilities in PHPFreeForum 1. ...) NOT-FOR-US: PHPFreeForum CVE-2008-6436 (Cross-site scripting (XSS) vulnerability in the Web Server in Xerox Wo ...) NOT-FOR-US: Xerox WorkCentre CVE-2008-6435 (Multiple cross-site scripting (XSS) vulnerabilities in phpSQLiteCMS 1 ...) NOT-FOR-US: phpSQLiteCMS CVE-2008-6434 (SQL injection vulnerability in index.cfm in Blue River Interactive Gro ...) NOT-FOR-US: Blue River Interactive Group Sava CMS CVE-2008-6433 (Cross-site scripting (XSS) vulnerability in index.cfm in Blue River In ...) NOT-FOR-US: Blue River Interactive Group Sava CMS CVE-2008-6431 (Multiple cross-site scripting (XSS) vulnerabilities in BMForum 5.6 all ...) NOT-FOR-US: BMForum CVE-2008-6430 (SQL injection vulnerability in the MyContent (com_mycontent) component ...) NOT-FOR-US: Joomla! CVE-2008-6429 (SQL injection vulnerability in the PrayerCenter (com_prayercenter) com ...) NOT-FOR-US: Joomla! CVE-2008-6428 (The CGI framework in Kaya 0.4.0 allows remote attackers to inject arbi ...) - kaya 0.4.2-1 (low) [etch] - kaya (Minor issue) NOTE: the fix checks with a regex for malicious characters in the HTTP header, see CGI.k changes CVE-2008-6427 (SQL injection vulnerability in index.php in Hivemaker Professional 1.0 ...) NOT-FOR-US: Hivemaker Professional CVE-2008-6425 (SQL injection vulnerability in news.php in ComicShout 2.8 allows remot ...) NOT-FOR-US: ComicShout CVE-2008-6424 (Directory traversal vulnerability in FFFTP 1.96b allows remote FTP ser ...) NOT-FOR-US: FFFTP CVE-2008-6423 (Directory traversal vulnerability in passwiki.php in PassWiki 0.9.16 R ...) NOT-FOR-US: PassWiki CVE-2008-6422 (Multiple SQL injection vulnerabilities in PsychoStats 2.3, 2.3.1, and ...) NOT-FOR-US: PsychoStats CVE-2008-6421 (PHP remote file inclusion vulnerability in social_game_play.php in Soc ...) NOT-FOR-US: Social Site Generator CVE-2008-6420 (Social Site Generator (SSG) 2.0 allows remote attackers to read arbitr ...) NOT-FOR-US: Social Site Generator CVE-2008-6419 (Multiple SQL injection vulnerabilities in Social Site Generator (SSG) ...) NOT-FOR-US: Social Site Generator CVE-2008-6418 (SQL injection vulnerability in scrape.php in TorrentTrader before 2008 ...) NOT-FOR-US: TorrentTrader CVE-2008-6417 (Unspecified vulnerability in GreenSQL-Console before 0.3.5 allows atta ...) NOT-FOR-US: GreenSQL-Console CVE-2008-6416 (Multiple cross-site scripting (XSS) vulnerabilities in GreenSQL-Consol ...) NOT-FOR-US: GreenSQL-Console CVE-2008-6415 (Buffer overflow in YoungZSoft CCProxy 6.5 might allow remote attackers ...) NOT-FOR-US: CCProxy CVE-2008-6414 (SQL injection vulnerability in detail.php in AJ Auction Pro Platinum S ...) NOT-FOR-US: AJ Auction Pro Platinum CVE-2008-6413 (Cross-site scripting (XSS) vulnerability in the Answers module 5.x-1.x ...) NOT-FOR-US: Answers module for Drupal CVE-2008-6412 (Unspecified vulnerability in Vignette Content Management 7.3.0.5, 7.3. ...) NOT-FOR-US: Vignette Content Management CVE-2008-6411 (Explay CMS 2.1 and earlier allows remote attackers to bypass authentic ...) NOT-FOR-US: Explay CMS CVE-2008-6410 (Directory traversal vulnerability in show.php in ol'bookmarks manager ...) NOT-FOR-US: ol'bookmarks manager CVE-2008-6409 (SQL injection vulnerability in index.php in ol'bookmarks manager 0.7.5 ...) NOT-FOR-US: ol'bookmarks manager CVE-2008-6408 (PHP remote file inclusion vulnerability in frame.php in ol'bookmarks m ...) NOT-FOR-US: ol'bookmarks manager CVE-2008-6407 (Directory traversal vulnerability in frame.php in ol'bookmarks manager ...) NOT-FOR-US: ol'bookmarks manager CVE-2008-6406 (Cross-site scripting (XSS) vulnerability in admin.php in DataLife Engi ...) NOT-FOR-US: DataLife Engine CVE-2008-6405 (SQL injection vulnerability in showcategory.php in Hotscripts Clone al ...) NOT-FOR-US: Hotscripts Clone CVE-2008-6404 (Cross-site scripting (XSS) vulnerability in add_calendars.php in eXtro ...) NOT-FOR-US: eXtrovert Software Thyme CVE-2008-6403 (PHP remote file inclusion vulnerability in themes/default/include/html ...) NOT-FOR-US: OpenRat CVE-2008-6402 (PHP remote file inclusion vulnerability in hu/modules/reg-new/modstart ...) NOT-FOR-US: Sofi WebGui CVE-2008-6401 (SQL injection vulnerability in sayfa.php in JETIK-WEB allows remote at ...) NOT-FOR-US: JETIK-WEB CVE-2008-6400 (Cross-site scripting (XSS) vulnerability in refbase before 0.9.5 allow ...) NOT-FOR-US: refbase CVE-2008-6399 (Unspecified vulnerability in DotNetNuke 4.5.2 through 4.9 allows remot ...) NOT-FOR-US: DotNetNuke CVE-2008-6398 (sng_regress in SNG 1.0.2 allows local users to overwrite arbitrary fil ...) - sng 1.0.2-6 (bug #496407; unimportant) CVE-2008-6397 (rlatex in AlcoveBook sgml2x 1.0.0 allows local users to overwrite arbi ...) - sgml2x 1.0.0-11.2 (bug #496368; low) [etch] - sgml2x (Minor issue) CVE-2008-6396 (Cross-site scripting (XSS) vulnerability in account.php in Celerondude ...) NOT-FOR-US: Celerondude Uploader CVE-2008-6395 (The web management interface in 3Com Wireless 8760 Dual Radio 11a/b/g ...) NOT-FOR-US: web management interface in 3Com Wireless CVE-2008-6394 (SQL injection vulnerability in core/user.php in CS-Cart 1.3.5 and earl ...) NOT-FOR-US: CS-Cart CVE-2008-6393 (PSI Jabber client before 0.12.1 allows remote attackers to cause a den ...) {DSA-1741-1} - psi 0.12.1-1 (low; bug #518468) [etch] - psi (Vulnerable code not present) CVE-2008-6392 (SQL injection vulnerability in showads.php in Z1Exchange allows remote ...) NOT-FOR-US: Z1Exchange CVE-2008-6391 (SQL injection vulnerability in main.asp in Jbook allows remote attacke ...) NOT-FOR-US: Jbook CVE-2008-6390 (SQL injection vulnerability in login.asp in Ocean12 Membership Manager ...) NOT-FOR-US: Ocean12 Membership Manager Pro CVE-2008-6389 (SQL injection vulnerability in asadmin/default.asp in Rae Media Contac ...) NOT-FOR-US: Rae Media Contact Management Software CVE-2008-6388 (Rapid Classified 3.1 and 3.15 stores sensitive information under the w ...) NOT-FOR-US: Rapid Classified CVE-2008-6387 (Quick Tree View .NET 3.1 stores sensitive information under the web ro ...) NOT-FOR-US: Quick Tree View .NET CVE-2008-6386 (Cross-site scripting (XSS) vulnerability in showads.php in Z1Exchange ...) NOT-FOR-US: Z1Exchange CVE-2008-6385 (Cross-site scripting (XSS) vulnerability in index.php in W3matter RevS ...) NOT-FOR-US: W3matter RevSense CVE-2008-6384 (Multiple cross-site request forgery (CSRF) vulnerabilities in Comment ...) NOT-FOR-US: Comment Mail CVE-2008-6383 (SQL injection vulnerability in SpeedTech Organization and Resource Man ...) NOT-FOR-US: SpeedTech Organization and Resource Manager CVE-2008-6382 (ASP Portal 3.2.5 stores sensitive information under the web root with ...) NOT-FOR-US: ASP Portal CVE-2008-6381 (SQL injection vulnerability in modules/adresses/viewcat.php in bcoos 1 ...) NOT-FOR-US: bcoos CVE-2008-6380 (SQL injection vulnerability in default.aspx in Active Web Helpdesk 2.0 ...) NOT-FOR-US: Active Web Helpdesk CVE-2008-6379 (SQL injection vulnerability in pics_pre.asp in Gallery MX 2.0.0 allows ...) NOT-FOR-US: Gallery MX CVE-2008-6378 (SQL injection vulnerability in calendar_Eventupdate.asp in Calendar Mx ...) NOT-FOR-US: Calendar Mx Professional CVE-2008-6377 (PHP remote file inclusion vulnerability in include/global.php in Multi ...) NOT-FOR-US: Multi SEO phpBB CVE-2008-6376 (SQL injection vulnerability in main.asp in Jbook allows remote attacke ...) NOT-FOR-US: Jbook CVE-2008-6375 (JBook stores sensitive information under the web root with insufficien ...) NOT-FOR-US: JBook CVE-2008-6374 (CodefixerSoftware MailingListPro Free Edition stores sensitive informa ...) NOT-FOR-US: MailingListPro Free Edition CVE-2008-6373 (Unspecified vulnerability in Nagios before 3.0.6 has unspecified impac ...) - nagios3 3.0.6-3 [etch] - nagios2 (Related to CVE-2008-5028, which has minimal attack vector) CVE-2008-6372 (SQL injection vulnerability in default.asp in Ocean12 FAQ Manager Pro ...) NOT-FOR-US: Ocean12 FAQ Manager Pro CVE-2008-6371 (SQL injection vulnerability in login.asp in Ocean12 Membership Manager ...) NOT-FOR-US: Ocean12 Membership Manager Pro CVE-2008-6370 (Cross-site scripting (XSS) vulnerability in default.asp in Ocean12 Con ...) NOT-FOR-US: Ocean12 Contact Manager Pro CVE-2008-6369 (SQL injection vulnerability in default.asp in Ocean12 Contact Manager ...) NOT-FOR-US: Ocean12 Contact Manager Pro CVE-2008-6368 (SQL injection vulnerability in index.php in Chipmunk Guestbook 1.4m al ...) NOT-FOR-US: Chipmunk Guestbook CVE-2008-6367 (Unrestricted file upload vulnerability in Photos/create_album.php in S ...) NOT-FOR-US: Social Groupie CVE-2008-6366 (SQL injection vulnerability in logon.jsp in Ad Server Solutions Affili ...) NOT-FOR-US: Ad Server Solutions Affiliate Software Java CVE-2008-6365 (SQL injection vulnerability in logon.jsp in Ad Server Solutions Ad Man ...) NOT-FOR-US: Ad Server Solutions Ad Management Software Java CVE-2008-6364 (SQL injection vulnerability in logon_process.jsp in Ad Server Solution ...) NOT-FOR-US: Ad Server Solutions Banner Exchange Solution Java CVE-2008-6363 (Stack-based buffer overflow in DesignWorks Professional 4.3.1 and 5.0. ...) NOT-FOR-US: DesignWorks Professional CVE-2008-6362 (SQL injection vulnerability in sitepage.php in Multiple Membership Scr ...) NOT-FOR-US: Multiple Membership Script CVE-2008-6361 (Directory traversal vulnerability in index.php in InSun Feed CMS 1.7.3 ...) NOT-FOR-US: InSun Feed CMS CVE-2008-6360 (Cross-site scripting (XSS) vulnerability in the userranks feature in m ...) NOT-FOR-US: ImpressCMS CVE-2008-6359 (Cross-site scripting (XSS) vulnerability in index.php in Max's Guestbo ...) NOT-FOR-US: Max's Guestbook CVE-2008-6358 (SQL injection vulnerability in group_index.php in Social Groupie allow ...) NOT-FOR-US: Social Groupie CVE-2008-6357 (MyCal Personal Events Calendar stores sensitive information under the ...) NOT-FOR-US: MyCal Personal Events Calendar CVE-2008-6356 (evCal Events Calendar stores sensitive information under the web root ...) NOT-FOR-US: evCal Events Calendar CVE-2008-6355 (The Net Guys ASPired2Protect stores sensitive information under the we ...) NOT-FOR-US: ASPired2poll CVE-2008-6354 (The Net Guys ASPired2poll stores sensitive information under the web r ...) NOT-FOR-US: ASPired2poll CVE-2008-6353 (SQL injection vulnerability in index.asp in ASP-CMS 1.0 allows remote ...) NOT-FOR-US: ASP-CMS CVE-2008-6352 (SQL injection vulnerability in home.html in Xpoze Pro 4.10 allows remo ...) NOT-FOR-US: Xpoze Pro CVE-2008-6351 (Cross-site scripting (XSS) vulnerability in listtest.php in TurnkeyFor ...) NOT-FOR-US: TurnkeyForms Local Classifieds CVE-2008-6350 (SQL injection vulnerability in listtest.php in TurnkeyForms Local Clas ...) NOT-FOR-US: TurnkeyForms Local Classifieds CVE-2008-6349 (SQL injection vulnerability in survey_results_text.php in TurnkeyForms ...) NOT-FOR-US: TurnkeyForms Business Survey Pro CVE-2008-6348 (Multiple SQL injection vulnerabilities in DevelopItEasy Photo Gallery ...) NOT-FOR-US: DevelopItEasy Photo Gallery CVE-2008-6347 (PHP remote file inclusion vulnerability in lib/onguma.class.php in the ...) NOT-FOR-US: Onguma Time Sheet component for Joomla! CVE-2008-6346 (Cross-site scripting (XSS) vulnerability in the DR Wiki (dr_wiki) exte ...) NOT-FOR-US: DR Wiki extension for TYPO3 CVE-2008-6345 (SQL injection vulnerability in Forum.php in SolarCMS 0.53.8 and 1.0 al ...) NOT-FOR-US: SolarCMS CVE-2008-6344 (SQL injection vulnerability in the TU-Clausthal Staff (tuc_staff) 0.3. ...) NOT-FOR-US: TU-Clausthal Staff extension for TYPO3 CVE-2008-6343 (Cross-site scripting (XSS) vulnerability in the TU-Clausthal ODIN (tuc ...) NOT-FOR-US: TU-Clausthal ODIN extension for TYPO3 CVE-2008-6342 (Unspecified vulnerability in the TYPO3 Simple File Browser (simplefile ...) NOT-FOR-US: Simple File Browser extension for TYPO3 CVE-2008-6341 (Cross-site scripting (XSS) vulnerability in the SB Universal Plugin (S ...) NOT-FOR-US: SB Universal Plugin extension for TYPO3 CVE-2008-6340 (Cross-site scripting (XSS) vulnerability in the Vox populi (mv_vox_pop ...) NOT-FOR-US: Vox populi extension for TYPO3 CVE-2008-6338 (SQL injection vulnerability in the WEBERkommunal Facilities (wes_facil ...) NOT-FOR-US: WEBERkommunal Facilities extension for TYPO3 CVE-2008-6337 (SQL injection vulnerability in the Volunteer Management System (com_vo ...) NOT-FOR-US: Volunteer Management System module for Joomla! CVE-2008-6336 (Directory traversal vulnerability in download.php in Text Lines Rearra ...) NOT-FOR-US: Text Lines Rearrange Script CVE-2008-6335 (Directory traversal vulnerability in download.php in eMetrix Online Ke ...) NOT-FOR-US: eMetrix Online Keyword Research Tool CVE-2008-6334 (Directory traversal vulnerability in download.php in eMetrix Extract W ...) NOT-FOR-US: eMetrix Extract Website CVE-2008-6333 (SQL injection vulnerability in news.php in RSS Simple News (RSSSN), wh ...) NOT-FOR-US: RSS Simple News CVE-2008-6332 (SQL injection vulnerability in login.php in Simple Customer 1.2 allows ...) NOT-FOR-US: Simple Customer CVE-2008-6331 (Multiple cross-site request forgery (CSRF) vulnerabilities in Streber ...) NOT-FOR-US: Streber CVE-2008-6330 (SQL injection vulnerability in index.php in MyTopix 1.3.0 and earlier ...) NOT-FOR-US: MyTopix CVE-2008-6329 (SQL injection vulnerability in Employee/login.asp in Pre ASP Job Board ...) NOT-FOR-US: Pre ASP Job Board CVE-2008-6328 (SQL injection vulnerability in view.php in Butterfly Organizer 2.0.0 a ...) NOT-FOR-US: Butterfly Organizer CVE-2008-6327 (SQL injection vulnerability in index.php in ProQuiz 1.0 allows remote ...) NOT-FOR-US: ProQuiz CVE-2008-6326 (SQL injection vulnerability in login.php in Simple Customer as downloa ...) NOT-FOR-US: Simple Customer CVE-2008-6325 (Multiple cross-site scripting (XSS) vulnerabilities in Softbiz Classif ...) NOT-FOR-US: Softbiz Classifieds Script CVE-2008-6324 (SQL injection vulnerability in forummessages.cfm in CF_Forum allows re ...) NOT-FOR-US: CF_Forum CVE-2008-6323 (SQL injection vulnerability in forummessages.cfm in CFMSource CF_Aucti ...) NOT-FOR-US: CFMSource CF_Auction CVE-2008-6322 (SQL injection vulnerability in index.cfm in CFMSource CFMBlog allows r ...) NOT-FOR-US: CFMSource CFMBlog CVE-2008-6321 (CF Shopkart 5.2.2 stores cfshopkart52.mdb under the web root with insu ...) NOT-FOR-US: CF Shopkart CVE-2008-6320 (SQL injection vulnerability in index.cfm in CF Shopkart 5.2.2 allows r ...) NOT-FOR-US: CF Shopkart CVE-2008-6319 (SQL injection vulnerability in calendarevent.cfm in CF_Calendar allows ...) NOT-FOR-US: CF_Calendar CVE-2008-6318 (PHP remote file inclusion vulnerability in _conf/_php-core/common-tpl- ...) NOT-FOR-US: PHPmyGallery CVE-2008-6317 (Directory traversal vulnerability in _conf/_php-core/common-tpl-vars.p ...) NOT-FOR-US: PHPmyGallery CVE-2008-6316 (Directory traversal vulnerability in _conf/core/common-tpl-vars.php in ...) NOT-FOR-US: PHPmyGallery CVE-2008-6315 (PHP remote file inclusion vulnerability in _conf/core/common-tpl-vars. ...) NOT-FOR-US: PHPmyGallery CVE-2008-6314 (SQL injection vulnerability in tag_board.php in the Tag Board module 4 ...) NOT-FOR-US: Tag Board module CVE-2008-6313 (Directory traversal vulnerability in addedit-render.php in phpAddEdit ...) NOT-FOR-US: phpAddEdit CVE-2008-6312 (SQL injection vulnerability in index.php in ProQuiz 1.0 allows remote ...) NOT-FOR-US: ProQuiz CVE-2008-6311 (SQL injection vulnerability in view.php in Butterfly Organizer 2.0.1 a ...) NOT-FOR-US: Butterfly Organizer CVE-2008-6310 (SQL injection vulnerability in index.php in W3matter RevSense 1.0 allo ...) NOT-FOR-US: W3matter RevSense CVE-2008-6309 (SQL injection vulnerability in index.php in W3matter AskPert allows re ...) NOT-FOR-US: W3matter AskPert CVE-2008-6308 (Multiple directory traversal vulnerabilities in Private Messaging Syst ...) NOT-FOR-US: Private Messaging System CVE-2008-6307 (E-topbiz Link Back Checker 1 allows remote attackers to bypass authent ...) NOT-FOR-US: E-topbiz Link Back Checker CVE-2008-6306 (Cross-site scripting (XSS) vulnerability in signinform.php in Softbiz ...) NOT-FOR-US: Softbiz Classifieds Script CVE-2008-6305 (PHP remote file inclusion vulnerability in init.php in Free Directory ...) NOT-FOR-US: Free Directory Script CVE-2008-6304 (SQL injection vulnerability in xt:Commerce before 3.0.4 Sp2.1, when ma ...) NOT-FOR-US: xt:Commerce CVE-2008-6303 (SQL injection vulnerability in tourview.php in ToursManager allows rem ...) NOT-FOR-US: ToursManager CVE-2008-6302 (TurnkeyForms Local Classifieds allows remote attackers to bypass authe ...) NOT-FOR-US: TurnkeyForms Local Classifieds CVE-2008-6301 (SQL injection vulnerability in shoutbox_view.php in the Small ShoutBox ...) NOT-FOR-US: Small ShoutBox module CVE-2008-6300 (Galatolo WebManager 1.3a allows remote attackers to bypass authenticat ...) NOT-FOR-US: Galatolo WebManager CVE-2008-6299 (Multiple cross-site scripting (XSS) vulnerabilities in Joomla! 1.5.7 a ...) NOT-FOR-US: Joomla! CVE-2008-6298 (Unspecified vulnerability in sISAPILocation before 1.0.2.2 allows remo ...) NOT-FOR-US: sISAPILocation CVE-2008-6297 (Cross-site scripting (XSS) vulnerability in order.php in DHCart allows ...) NOT-FOR-US: DHCart CVE-2008-6296 (admin.php in Maran PHP Shop allows remote attackers to bypass authenti ...) NOT-FOR-US: Maran PHP Shop CVE-2008-6295 (Multiple cross-site scripting (XSS) vulnerabilities in Camera Life 2.6 ...) NOT-FOR-US: Camera Life CVE-2008-6294 (admin/Index.php in Acc Statistics 1.1 allows remote attackers to bypas ...) NOT-FOR-US: Acc Statistics CVE-2008-6293 (admin/Index.php in Acc Real Estate 4.0 allows remote attackers to bypa ...) NOT-FOR-US: Acc Real Estate CVE-2008-6292 (Acc Autos 4.0 allows remote attackers to bypass authentication and gai ...) NOT-FOR-US: Acc Autos CVE-2008-6291 (Acc PHP eMail 1.1 allows remote attackers to bypass authentication and ...) NOT-FOR-US: Acc PHP eMail CVE-2008-6290 (Directory traversal vulnerability in includefile.php in nicLOR Sito, w ...) NOT-FOR-US: nicLOR Sito CVE-2008-6289 (SQL injection vulnerability in cityview.php in Tours Manager 1.0 allow ...) NOT-FOR-US: Tours Manager CVE-2008-6288 (Directory traversal vulnerability in download.php in Interface Medien ...) NOT-FOR-US: Interface Medien ibase CVE-2008-6287 (Multiple PHP remote file inclusion vulnerabilities in Broadcast Machin ...) NOT-FOR-US: Broadcast Machine CVE-2008-6286 (Multiple SQL injection vulnerabilities in SubscriberStart.asp in Activ ...) NOT-FOR-US: Active Newsletter CVE-2008-6285 (SQL injection vulnerability in index.php in PHP TV Portal 2.0 and earl ...) NOT-FOR-US: PHP TV Portal CVE-2008-6284 (SQL injection vulnerability in edit.php in Z1Exchange 1.0 allows remot ...) NOT-FOR-US: Z1Exchange CVE-2008-6283 (Cross-site scripting (XSS) vulnerability in Subtext 2.0 allows remote ...) NOT-FOR-US: Subtext CVE-2008-6282 (SQL injection vulnerability in engine/users/users_edit_pub.inc in CMS ...) NOT-FOR-US: CMS Ortus CVE-2008-6281 (SQL injection vulnerability in index.php in Bluo CMS 1.2 allows remote ...) NOT-FOR-US: Bluo CMS CVE-2008-6280 (Cross-site scripting (XSS) vulnerability in apply.cgi on the Linksys W ...) NOT-FOR-US: Linksys WRT160N CVE-2008-6279 (RakhiSoftware Price Comparison Script (aka Shopping Cart) allows remot ...) NOT-FOR-US: RakhiSoftware Price Comparison Script CVE-2008-6278 (Multiple cross-site scripting (XSS) vulnerabilities in product.php in ...) NOT-FOR-US: RakhiSoftware Price Comparison Script CVE-2008-6277 (SQL injection vulnerability in product.php in RakhiSoftware Price Comp ...) NOT-FOR-US: RakhiSoftware Price Comparison Script CVE-2008-6276 (Multiple SQL injection vulnerabilities in the User Karma module 5.x be ...) NOT-FOR-US: User Karma module for Drupal CVE-2008-6275 (Cross-site scripting (XSS) vulnerability in the User Karma module 5.x ...) NOT-FOR-US: User Karma module for Drupal CVE-2008-6274 (Multiple SQL injection vulnerabilities in index.php in FamilyProject 2 ...) NOT-FOR-US: FamilyProject CVE-2008-6273 (Directory traversal vulnerability in configuration_script.php in MyKto ...) NOT-FOR-US: MyKtools CVE-2008-6272 (SQL injection vulnerability in admin/index.php in Dragan Mitic Apoll 0 ...) NOT-FOR-US: Dragan Mitic Apoll CVE-2008-6271 (Directory traversal vulnerability in index.php in TBmnetCMS 1.0, when ...) NOT-FOR-US: TBmnetCMS CVE-2008-6270 (SQL injection vulnerability in admin/index.php in Dragan Mitic Apoll 0 ...) NOT-FOR-US: Dragan Mitic Apoll CVE-2008-6269 (Joovili 3.1.4 allows remote attackers to bypass authentication and gai ...) NOT-FOR-US: Joovili CVE-2008-6268 (SQL injection vulnerability in detail.php in WEBBDOMAIN Multi Language ...) NOT-FOR-US: Multi Languages WebShop Online CVE-2008-6267 (Cross-site scripting (XSS) vulnerability in detail.php in Multi Langua ...) NOT-FOR-US: Multi Languages WebShop Online CVE-2008-6266 (SQL injection vulnerability in links.php in Appalachian State Universi ...) NOT-FOR-US: phpWebSite CVE-2008-6265 (Directory traversal vulnerability in portfolio/css.php in Cyberfolio 7 ...) NOT-FOR-US: Cyberfolio CVE-2008-6264 (SQL injection vulnerability in admin/admin.php in E-topbiz Slide Popup ...) NOT-FOR-US: E-topbiz Slide Popups CVE-2008-6263 (SQL injection vulnerability in lib/user/t_user.php in SaturnCMS allows ...) NOT-FOR-US: SaturnCMS CVE-2008-6262 (SQL injection vulnerability in lib/url/meta_url.php in SaturnCMS allow ...) NOT-FOR-US: SaturnCMS CVE-2008-6261 (SQL injection vulnerability in view.php in E-topbiz AdManager 4 allows ...) NOT-FOR-US: E-topbiz AdManager CVE-2008-6260 (SQL injection vulnerability in index.php in Ultrastats 0.2.144 and 0.3 ...) NOT-FOR-US: Ultrastats CVE-2008-6259 (Cross-site scripting (XSS) vulnerability in search.asp in QuadComm Q-S ...) NOT-FOR-US: QuadComm Q-Shop CVE-2008-6258 (SQL injection vulnerability in users.asp in QuadComm Q-Shop 3.0, and p ...) NOT-FOR-US: QuadComm Q-Shop CVE-2008-6257 (SQL injection vulnerability in default.asp in Openasp 3.0 and earlier ...) NOT-FOR-US: Openasp CVE-2008-6256 (SQL injection vulnerability in admincp/admincalendar.php in vBulletin ...) NOT-FOR-US: vBulletin CVE-2008-6255 (Multiple SQL injection vulnerabilities in vBulletin 3.7.4 allow remote ...) NOT-FOR-US: vBulletin CVE-2008-6254 (SQL injection vulnerability in scripts/documents.php in Jadu Galaxies ...) NOT-FOR-US: Jadu Galaxies CVE-2008-6253 (Directory traversal vulnerability in data/inc/lib/pcltar.lib.php in Pl ...) NOT-FOR-US: Pluck CMS CVE-2008-6252 (Stack-based buffer overflow in the smc program in smcFanControl 2.1.2 ...) NOT-FOR-US: smcFanControl CVE-2008-6251 (PHP remote file inclusion vulnerability in includes/init.php in phpFan ...) NOT-FOR-US: phpFan CVE-2008-6250 (SQL injection vulnerability in Comdev Web Blogger 4.1.3 and earlier al ...) NOT-FOR-US: Comdev Web Blogger CVE-2008-6249 (SQL injection vulnerability in plugins/users/index.php in Galatolo Web ...) NOT-FOR-US: Galatolo WebManager CVE-2008-6248 (Cross-site scripting (XSS) vulnerability in all.php in Galatolo WebMan ...) NOT-FOR-US: Galatolo WebManager CVE-2008-6247 (SQL injection vulnerability in topsite.php in Scripts For Sites (SFS) ...) NOT-FOR-US: Scripts For Sites CVE-2008-6246 (SQL injection vulnerability in category.php in Scripts For Sites (SFS) ...) NOT-FOR-US: Scripts For Sites CVE-2008-6245 (SQL injection vulnerability in track.php in Scripts For Sites (SFS) EZ ...) NOT-FOR-US: Scripts For Sites CVE-2008-6244 (SQL injection vulnerability in view_reviews.php in Scripts for Sites ( ...) NOT-FOR-US: Scripts For Sites CVE-2008-6243 (SQL injection vulnerability in showcategory.php in Scripts For Sites ( ...) NOT-FOR-US: Scripts For Sites CVE-2008-6242 (SQL injection vulnerability in SearchResults.php in Scripts For Sites ...) NOT-FOR-US: Scripts For Sites CVE-2008-6241 (Multiple SQL injection vulnerabilities in admin/usercheck.php in FlexP ...) NOT-FOR-US: FlexPHPSite CVE-2008-6240 (Cross-site scripting (XSS) vulnerability in data/views/index.html in O ...) NOT-FOR-US: OpenEdit Digital Asset Management CVE-2008-6239 (Cross-site request forgery (CSRF) vulnerability in OpenEdit Digital As ...) NOT-FOR-US: OpenEdit Digital Asset Management CVE-2008-6238 (Cross-site scripting (XSS) vulnerability in archive/savedqueries/saveq ...) NOT-FOR-US: OpenEdit Digital Asset Management CVE-2008-6237 (SQL injection vulnerability in software-description.php in Scripts For ...) NOT-FOR-US: Scripts For Sites CVE-2008-6236 (SQL injection vulnerability in login.php in Simple Document Management ...) NOT-FOR-US: Simple Document Management System CVE-2008-6235 (The Netrw plugin (netrw.vim) in Vim 7.0 and 7.1 allows user-assisted a ...) - vim 2:7.2.148-1 (low) [lenny] - vim (proof-of-concept does not work) [etch] - vim (Minor issue) CVE-2008-6234 (SQL injection vulnerability in the com_musica module in Joomla! and Ma ...) NOT-FOR-US: Joomla! CVE-2008-6233 (SQL injection vulnerability in index.php in Five Dollar Scripts Drinks ...) NOT-FOR-US: Five Dollar Scripts Drinks script CVE-2008-6232 (Pre Shopping Mall allows remote attackers to bypass authentication and ...) NOT-FOR-US: Pre Shopping Mall CVE-2008-6231 (Pre Classified Listing PHP allows remote attackers to bypass authentic ...) NOT-FOR-US: Pre Classified Listing PHP CVE-2008-6230 (SQL injection vulnerability in Tour.php in Pre Projects Pre Podcast Po ...) NOT-FOR-US: Pre Projects Pre Podcast Portal CVE-2008-6229 (Cross-site scripting (XSS) vulnerability in the administrative interfa ...) NOT-FOR-US: CCK module for Drupal CVE-2008-6228 (Pre Multi-Vendor Shopping Malls allows remote attackers to bypass auth ...) NOT-FOR-US: Pre Multi-Vendor Shopping Malls CVE-2008-6227 (SQL injection vulnerability in buyer_detail.php in Pre Multi-Vendor Sh ...) NOT-FOR-US: Pre Multi-Vendor Shopping Malls CVE-2008-6226 (SQL injection vulnerability in moreinfo.php in Pre Projects PHP Auto L ...) NOT-FOR-US: Pre Projects PHP Auto Listings Script CVE-2008-6225 NOT-FOR-US: Mole Group Airline Ticket Sale Script CVE-2008-6224 (Directory traversal vulnerability in visualizza.php in Way Of The Warr ...) NOT-FOR-US: Way Of The Warrior CVE-2008-6223 (PHP remote file inclusion vulnerability in visualizza.php in Way Of Th ...) NOT-FOR-US: Way Of The Warrior CVE-2008-6222 (Directory traversal vulnerability in the Pro Desk Support Center (com_ ...) NOT-FOR-US: Joomla! CVE-2008-6221 (PHP remote file inclusion vulnerability in config.dadamail.php in the ...) NOT-FOR-US: Joomla! CVE-2008-6220 (SQL injection vulnerability in login.php in Simple Document Management ...) NOT-FOR-US: Simple Document Management System CVE-2008-6219 (nsrexecd.exe in multiple EMC Networker products including EMC NetWorke ...) NOT-FOR-US: EMC Networker products CVE-2008-6218 (Memory leak in the png_handle_tEXt function in pngrutil.c in libpng be ...) {DSA-1750-1} - libpng 1.2.33-1 CVE-2008-6217 (Cross-site scripting (XSS) vulnerability in index.php in Extrakt Frame ...) NOT-FOR-US: Extrakt Framework CVE-2008-6216 (SQL injection vulnerability in cadena_ofertas_ext.php in Venalsur Book ...) NOT-FOR-US: Venalsur Booking center Booking System CVE-2008-6215 (Cross-site scripting (XSS) vulnerability in cadena_ofertas_ext.php in ...) NOT-FOR-US: Venalsur Booking center Booking System CVE-2008-6214 (SQL injection vulnerability in poll_results.php in Harlandscripts Pro ...) NOT-FOR-US: Harlandscripts Pro Traffic One CVE-2008-6213 (SQL injection vulnerability in mypage.php in Harlandscripts Pro Traffi ...) NOT-FOR-US: Harlandscripts Pro Traffic One CVE-2008-6212 (Cross-site scripting (XSS) vulnerability in admin.php in Php-Stats 0.1 ...) NOT-FOR-US: Php-Stats CVE-2008-6211 (Multiple cross-site scripting (XSS) vulnerabilities in PhpForums.net m ...) NOT-FOR-US: PhpForums.net mcGallery CVE-2008-6210 (SQL injection vulnerability in index.php in dream4 Koobi 4.4 and 5.4 a ...) NOT-FOR-US: dream4 Koobi CVE-2008-6209 (SQL injection vulnerability in view_product.php in Vastal I-Tech Softw ...) NOT-FOR-US: Vastal I-Tech Software Zone CVE-2008-6208 (Cross-site scripting (XSS) vulnerability in submitnews.php in e107 CMS ...) NOT-FOR-US: e107 CMS CVE-2008-6207 (Unrestricted file upload vulnerability in form_upload.php in PHPG Uplo ...) NOT-FOR-US: PHPG Upload CVE-2008-6206 (Multiple PHP remote file inclusion vulnerabilities in RobotStats 0.1 a ...) NOT-FOR-US: RobotStats CVE-2008-6205 (Cross-site scripting (XSS) vulnerability in seeurl.php in Xavier Flaha ...) NOT-FOR-US: Xavier Flahaut URLStreet CVE-2008-6204 (Multiple SQL injection vulnerabilities in SuperNET Shop 1.0 and earlie ...) NOT-FOR-US: SuperNET Shop CVE-2008-6203 (SQL injection vulnerability in adminler.asp in CoBaLT 2.0 allows remot ...) NOT-FOR-US: CoBaLT CVE-2008-6202 (SQL injection vulnerability in CoBaLT 1.0 allows remote attackers to e ...) NOT-FOR-US: CoBaLT CVE-2008-6201 (Directory traversal vulnerability in help.php in the eskuel module in ...) NOT-FOR-US: KwsPHP CVE-2008-6200 (Multiple cross-site scripting (XSS) vulnerabilities in Swiki 1.5 allow ...) NOT-FOR-US: Swiki CVE-2008-6199 (2532designs 2532|Gigs 1.2.2 and earlier allows remote attackers to tri ...) NOT-FOR-US: 2532designs 2532|Gigs CVE-2008-6198 (SQL injection vulnerability in pages.php in Custom Pages 1.0 plugin fo ...) NOT-FOR-US: Custom Pages 1.0 plugin for MyBulletinBoard CVE-2008-6197 (SQL injection vulnerability in index.php in the galerie module for Kws ...) NOT-FOR-US: KwsPHP CVE-2008-6196 (Multiple PHP remote file inclusion vulnerabilities in Philippe CROCHAT ...) NOT-FOR-US: Philippe CROCHAT EasySite CVE-2008-6195 (Directory traversal vulnerability in the PXE TFTP Service (PXEMTFTP.ex ...) NOT-FOR-US: LANDesk Management Suite CVE-2008-6194 (Memory leak in the DNS server in Microsoft Windows allows remote attac ...) NOT-FOR-US: Microsoft Windows CVE-2008-6193 (Sam Crew MyBlog stores passwords in cleartext in a MySQL database, whi ...) NOT-FOR-US: Sam Crew MyBlog CVE-2008-6192 (Multiple cross-site scripting (XSS) vulnerabilities in unspecified Por ...) NOT-FOR-US: Sun Java System Portal Server CVE-2008-6191 (Conductor.exe in Intrinsic Swimage Encore before 5.0.1.21 contains a h ...) NOT-FOR-US: Intrinsic Swimage Encore CVE-2008-6190 (Cross-site scripting (XSS) vulnerability in index.php in EEBCMS 0.95 a ...) NOT-FOR-US: EEBCMS CVE-2008-6189 (SQL injection vulnerability in GForge 4.5.19 allows remote attackers t ...) {DSA-1698-1} - gforge 4.7~rc2-5 CVE-2008-6188 (SQL injection vulnerability in people/editprofile.php in Gforge 4.6 rc ...) {DSA-1698-1} - gforge 4.7~rc2-5 CVE-2008-6187 (SQL injection vulnerability in frs/shownotes.php in Gforge 4.5.19 and ...) {DSA-1698-1} - gforge 4.7~rc2-5 CVE-2008-6186 (Stack-based buffer overflow in RaidenFTPD 2.4 build 3620 allows remote ...) NOT-FOR-US: RaidenFTPD CVE-2008-6185 (NoticeWare Email Server NG 5.1.2.2 allows remote attackers to cause a ...) NOT-FOR-US: NoticeWare Email Server NG CVE-2008-6184 (SQL injection vulnerability in the OwnBiblio (com_ownbiblio) component ...) NOT-FOR-US: Joomla! CVE-2008-6183 (Multiple directory traversal vulnerabilities in index.php in My PHP In ...) NOT-FOR-US: My PHP Indexer CVE-2008-6182 (SQL injection vulnerability in the Ignite Gallery (com_ignitegallery) ...) NOT-FOR-US: Joomla! CVE-2008-6181 (SQL injection vulnerability in the Mad4Joomla Mailforms (com_mad4jooml ...) NOT-FOR-US: Joomla! CVE-2008-6180 (SQL injection vulnerability in system/nlb_user.class.php in NewLife Bl ...) NOT-FOR-US: NewLife Blogger CVE-2008-6179 (SQL injection vulnerability in sug_cat.php in IndexScript 3.0 allows r ...) NOT-FOR-US: IndexScript CVE-2008-6178 (Unrestricted file upload vulnerability in editor/filemanager/browser/d ...) NOTE: Alleged exploit does not work. CVE-2008-6177 (Multiple directory traversal vulnerabilities in LightBlog 9.8, when ma ...) NOT-FOR-US: LightBlog CVE-2008-6176 REJECTED CVE-2008-6175 (SilverSHielD 1.0.2.34 allows remote attackers to cause a denial of ser ...) NOT-FOR-US: SilverSHielD CVE-2008-6174 (Cross-site scripting (XSS) vulnerability in admin/postlister/index.php ...) NOT-FOR-US: Jetbox CMS CVE-2008-6173 (Cross-site scripting (XSS) vulnerability in fullscreen.php in ClipShar ...) NOT-FOR-US: ClipShare Pro CVE-2008-6172 (Directory traversal vulnerability in captcha/captcha_image.php in the ...) NOT-FOR-US: Joomla! CVE-2008-6171 (includes/bootstrap.inc in Drupal 5.x before 5.12 and 6.x before 6.6, w ...) - drupal5 5.12-1 (low; bug #519114) - drupal6 6.6-1 (low; bug #519115) CVE-2008-6170 (Cross-site scripting (XSS) vulnerability in Drupal 5.x before 5.12 and ...) - drupal6 6.9-1 (low) [lenny] - drupal6 6.6-1.1 CVE-2008-6169 (Cross-site request forgery (CSRF) vulnerability in the Localization cl ...) NOT-FOR-US: Localization modules for Drupal CVE-2008-6168 (Cross-site scripting (XSS) vulnerability in search.php in miniPortail ...) NOT-FOR-US: miniPortail CVE-2008-6167 (Directory traversal vulnerability in search.php in miniPortail 2.2 and ...) NOT-FOR-US: miniPortail CVE-2008-6166 (SQL injection vulnerability in the KBase (com_kbase) 1.2 component for ...) NOT-FOR-US: Joomla! CVE-2008-6165 (SQL injection vulnerability in gestion.php in CSPartner 0.1, when magi ...) NOT-FOR-US: CSPartner CVE-2008-6164 (Cross-site scripting (XSS) vulnerability in index.php in DreamCost Hos ...) NOT-FOR-US: DreamCost HostAdmin CVE-2008-6163 (SQL injection vulnerability in www/delivery/ac.php in OpenX 2.6.1 allo ...) - openx (bug #513771) CVE-2008-6162 (Bux.to Clone script allows remote attackers to bypass authentication a ...) NOT-FOR-US: Bux.to Clone script CVE-2008-6161 (Cross-site scripting (XSS) vulnerability in WOW Raid Manager (WRM) bef ...) NOT-FOR-US: WOW Raid Manager CVE-2008-6160 (Semantically-Interconnected Online Communities (SIOC) 5.x before 5.x-1 ...) NOT-FOR-US: Semantically-Interconnected Online Communities CVE-2008-6159 (Content Management Made Easy (CMME) 1.19 allows remote attackers to ob ...) NOT-FOR-US: Content Management Made Easy CVE-2008-6158 (Multiple unspecified vulnerabilities in the admin backend in w3b>cm ...) NOT-FOR-US: w3blabor CMS CVE-2008-6157 (SepCity Classified Ads stores the admin password in cleartext in data/ ...) NOT-FOR-US: SepCity Classified Ads CVE-2008-6156 (SQL injection vulnerability in editCampaign.php in AdMan 1.1.20070907 ...) NOT-FOR-US: AdMan CVE-2008-6155 (SQL injection vulnerability in index.php in Hispah Text Links Ads 1.1 ...) NOT-FOR-US: Hispah Text Links Ads CVE-2008-6154 (SQL injection vulnerability in index.php in Hispah Text Links Ads 1.1 ...) NOT-FOR-US: Hispah Text Links Ads CVE-2008-6153 (SQL injection vulnerability in Photo.asp in Jay Patel Pixel8 Web Photo ...) NOT-FOR-US: Jay Patel Pixel8 Web Photo CVE-2008-6152 (SQL injection vulnerability in deptdisplay.asp in SepCity Faculty Port ...) NOT-FOR-US: SepCity Faculty Portal CVE-2008-6151 (SQL injection vulnerability in shpdetails.asp in SepCity Shopping Mall ...) NOT-FOR-US: SepCity Faculty Portal CVE-2008-6150 (SQL injection vulnerability in classdis.asp in SepCity Classified Ads ...) NOT-FOR-US: SepCity Faculty Portal CVE-2008-6149 (SQL injection vulnerability in the mDigg (com_mdigg) component 2.2.8 f ...) NOT-FOR-US: Joomla! CVE-2008-6148 (SQL injection vulnerability in the Live Ticker (com_liveticker) module ...) NOT-FOR-US: Joomla! CVE-2008-6147 (ForumApp 3.3 stores sensitive information under the web root with insu ...) NOT-FOR-US: ForumApp CVE-2008-6146 (SQL injection vulnerability in pm.php in DeluxeBB 1.2 and earlier, whe ...) NOT-FOR-US: DeluxeBB CVE-2008-6145 (Multiple SQL injection vulnerabilities in the WEC Discussion Forum (we ...) NOT-FOR-US: WEC Discussion Forum (wec_discussion) extension TYPO3 CVE-2008-6144 (Multiple cross-site scripting (XSS) vulnerabilities in the WEC Discuss ...) NOT-FOR-US: WEC Discussion Forum (wec_discussion) extension TYPO3 CVE-2008-6143 (OwenPoll 1.0 allows remote attackers to bypass authentication and obta ...) NOT-FOR-US: OwenPoll CVE-2008-6142 (Multiple SQL injection vulnerabilities in admin/usercheck.php in FlexP ...) NOT-FOR-US: FlexPHPic CVE-2008-6141 (Unspecified vulnerability in Avaya IP Softphone 6.0 SP4 and 6.01.85 al ...) NOT-FOR-US: Avaya IP Softphone CVE-2008-6140 (Unspecified vulnerability in the Session Initiation Protocol (SIP) imp ...) NOT-FOR-US: Avaya one-X Desktop Edition CVE-2008-6139 (Directory traversal vulnerability in faqsupport/wce.download.php in We ...) NOT-FOR-US: WebBiscuits Modules Controller CVE-2008-6138 (PHP remote file inclusion vulnerability in adminhead.php in WebBiscuit ...) NOT-FOR-US: WebBiscuits Modules Controller CVE-2008-6137 (EveryBlog 5.x and 6.x, a module for Drupal, allows remote attackers to ...) NOT-FOR-US: EveryBlog CVE-2008-6136 (Unspecified vulnerability in EveryBlog 5.x and 6.x, a module for Drupa ...) NOT-FOR-US: EveryBlog CVE-2008-6135 (Cross-site scripting (XSS) vulnerability in EveryBlog 5.x and 6.x, a m ...) NOT-FOR-US: EveryBlog CVE-2008-6134 (SQL injection vulnerability in EveryBlog 5.x and 6.x, a module for Dru ...) NOT-FOR-US: EveryBlog CVE-2008-6133 (SQL injection vulnerability in arsaprint.php in Full PHP Emlak Script ...) NOT-FOR-US: Full PHP Emlak Script CVE-2008-6132 (Eval injection vulnerability in reserve.php in phpScheduleIt 1.2.10 an ...) NOT-FOR-US: phpScheduleIt CVE-2008-6131 (Session fixation vulnerability in moziloWiki 1.0.1 and earlier allows ...) NOT-FOR-US: moziloWiki CVE-2008-6130 (Cross-site scripting (XSS) vulnerability in index.php in moziloWiki 1. ...) NOT-FOR-US: moziloWiki CVE-2008-6129 (Directory traversal vulnerability in print.php in moziloWiki 1.0.1 and ...) NOT-FOR-US: moziloWiki CVE-2008-6128 (Session fixation vulnerability in moziloCMS 1.10.2 and earlier allows ...) NOT-FOR-US: moziloCMS CVE-2008-6127 (Multiple cross-site scripting (XSS) vulnerabilities in moziloCMS 1.10. ...) NOT-FOR-US: moziloCMS CVE-2008-6126 (Multiple directory traversal vulnerabilities in moziloCMS 1.10.2 and e ...) NOT-FOR-US: moziloCMS CVE-2008-6125 (Unspecified vulnerability in the user editing interface in Moodle 1.5. ...) {DSA-1724-1} - moodle 1.8.2.dfsg-2 CVE-2008-6124 (SQL injection vulnerability in the hotpot_delete_selected_attempts fun ...) {DSA-1691-1} - moodle 1.8.2.dfsg-2 CVE-2008-6123 (The netsnmp_udp_fmtaddr function (snmplib/snmpUDPDomain.c) in net-snmp ...) - net-snmp 5.4.3~dfsg-1 (low; bug #516801) [etch] - net-snmp (Minor issue) [lenny] - net-snmp (Minor issue) CVE-2008-6122 (The web management interface in Netgear WGR614v9 allows remote attacke ...) NOT-FOR-US: Netgear WGR614v9 CVE-2008-6121 (CRLF injection vulnerability in SocialEngine (SE) 2.7 and earlier allo ...) NOT-FOR-US: SocialEngine CVE-2008-6120 (SQL injection vulnerability in profile_comments.php in SocialEngine (S ...) NOT-FOR-US: SocialEngine CVE-2008-6119 (Static code injection vulnerability in gooplecms/admin/account/action/ ...) NOT-FOR-US: Goople CMS CVE-2008-6118 (win/content/upload.php in Goople CMS 1.7 allows remote attackers to by ...) NOT-FOR-US: Goople CMS CVE-2008-6117 (SQL injection vulnerability in homepage.php in PG Job Site Pro allows ...) NOT-FOR-US: PG Job Site Pro CVE-2008-6116 (SQL injection vulnerability in the EXtrovert Software Thyme (com_thyme ...) NOT-FOR-US: Joomla! CVE-2008-6115 (SQL injection vulnerability in directory.php in Prozilla Hosting Index ...) NOT-FOR-US: Prozilla Hosting Index CVE-2008-6114 (SQL injection vulnerability in product_details.php in the Mytipper Zog ...) NOT-FOR-US: Mytipper Zogo-shop CVE-2008-6113 (Cross-site scripting (XSS) vulnerability in SemanticScuttle before 0.9 ...) NOT-FOR-US: SemanticScuttle CVE-2008-6112 (Multiple directory traversal vulnerabilities in Ez Ringtone Manager al ...) NOT-FOR-US: Ez Ringtone Manager CVE-2008-6111 (SQL injection vulnerability in blog.php in NetArt Media Vlog System 1. ...) NOT-FOR-US: NetArt Media Vlog System CVE-2008-6110 (Unspecified vulnerability in SemanticScuttle before 0.90 has unknown i ...) NOT-FOR-US: SemanticScuttle CVE-2008-6109 (Robin Rawson-Tetley Animal Shelter Manager (ASM) before 2.2.2 does not ...) NOT-FOR-US: Robin Rawson-Tetley Animal Shelter Manager CVE-2008-6108 (Cross-site scripting (XSS) vulnerability in result.php in Galatolo Web ...) NOT-FOR-US: Galatolo WebManager CVE-2008-6107 (The (1) sys32_mremap function in arch/sparc64/kernel/sys_sparc32.c, th ...) - linux-2.6 2.6.25-4 (low) - linux-2.6.24 CVE-2008-6106 (Cross-site request forgery (CSRF) vulnerability in IBM Workplace for B ...) NOT-FOR-US: IBM Workplace for Business Controls CVE-2008-6105 (Cross-site scripting (XSS) vulnerability in IBM Workplace for Business ...) NOT-FOR-US: IBM Workplace for Business Controls CVE-2008-6104 (SQL injection vulnerability in A4Desk PHP Event Calendar allows remote ...) NOT-FOR-US: A4Desk PHP Event Calendar CVE-2008-6103 (PHP remote file inclusion vulnerability in index.php in A4Desk Event C ...) NOT-FOR-US: A4Desk PHP Event Calendar CVE-2008-6102 (SQL injection vulnerability in ratelink.php in Link Trader Script allo ...) NOT-FOR-US: Link Trader Script CVE-2008-6101 (SQL injection vulnerability in click.php in Adult Banner Exchange Webs ...) NOT-FOR-US: Adult Banner Exchange Website CVE-2008-6100 (Multiple SQL injection vulnerabilities in Discussion Forums 2k 3.3, wh ...) NOT-FOR-US: Discussion Forums CVE-2008-6099 (PHP remote file inclusion vulnerability in index.php in RPortal 1.1 an ...) NOT-FOR-US: RPortal CVE-2008-6098 (Bugzilla 3.2 before 3.2 RC2, 3.0 before 3.0.6, 2.22 before 2.22.6, 2.2 ...) - bugzilla (unimportant) CVE-2008-6097 (Multiple cross-site scripting (XSS) vulnerabilities in WikyBlog before ...) NOT-FOR-US: WikyBlog CVE-2008-6096 (Cross-site scripting (XSS) vulnerability in Juniper NetScreen ScreenOS ...) NOT-FOR-US: Juniper NetScreen ScreenOS CVE-2008-6095 (Cross-site scripting (XSS) vulnerability in surveillanceView.htm in Op ...) NOT-FOR-US: OpenNMS CVE-2008-6094 (Cross-site scripting (XSS) vulnerability in user.do in Celoxis Technol ...) NOT-FOR-US: Celoxis Technologies Celoxis CVE-2008-6093 (SQL injection vulnerability in index.php in Noname CMS 1.0, when magic ...) NOT-FOR-US: Noname CMS CVE-2008-6092 (phpscripts Ranking Script allows remote attackers to bypass authentica ...) NOT-FOR-US: phpscripts Ranking Script CVE-2008-6091 (SQL injection vulnerability in plugins.php in BMForum 5.6, when magic_ ...) NOT-FOR-US: BMForum CVE-2008-6090 (Directory traversal vulnerability in members.php in ScriptsEz Mini Hos ...) NOT-FOR-US: ScriptsEz Mini Hosting Panel CVE-2008-6089 (Directory traversal vulnerability in main.php in ScriptsEz Easy Image ...) NOT-FOR-US: ScriptsEz CVE-2008-6088 (SQL injection vulnerability in the Joomtracker (com_joomtracker) 1.01 ...) NOT-FOR-US: Joomla! CVE-2008-6087 (Cross-site scripting (XSS) vulnerability in topic.php in Camera Life 2 ...) NOT-FOR-US: Camera Life CVE-2008-6086 (SQL injection vulnerability in album.php in Camera Life 2.6.2b4 allows ...) NOT-FOR-US: Camera Life CVE-2008-6085 (Integer overflow in multiple F-Secure anti-virus products, including I ...) NOT-FOR-US: F-Secure CVE-2008-6084 (Unrestricted file upload vulnerability in pages/download.php in Iamma ...) NOT-FOR-US: Iamma Simple Gallery CVE-2008-6083 (Directory traversal vulnerability in header.php in TXTshop beta 1.0 al ...) NOT-FOR-US: TXTshop CVE-2008-6082 (Titan FTP Server 6.26 build 630 allows remote attackers to cause a den ...) NOT-FOR-US: Titan FTP Server CVE-2008-6081 (SQL injection vulnerability in contact.php in Simple Customer 1.2 allo ...) NOT-FOR-US: Simple Customer CVE-2008-6080 (Directory traversal vulnerability in download.php in the ionFiles (com ...) NOT-FOR-US: Joomla! CVE-2008-6079 (imlib2 before 1.4.2 allows context-dependent attackers to have an unsp ...) {DSA-2029-1} - imlib2 1.4.2-1 (bug #576469) NOTE: poked upstream for more details CVE-2008-6078 (SQL injection vulnerability in open.php in the Private Messaging (com_ ...) NOT-FOR-US: Limbo CMS CVE-2008-6077 (SQL injection vulnerability in loudblog/ajax.php in LoudBlog 0.8.0a an ...) NOT-FOR-US: LoudBlog CVE-2008-6076 (SQL injection vulnerability in the Daily Message (com_dailymessage) 1. ...) NOT-FOR-US: Joomla! CVE-2008-6075 (SQL injection vulnerability in aspkat.asp in Bahar Download Script 2.0 ...) NOT-FOR-US: Bahar Download Script CVE-2008-6074 (Directory traversal vulnerability in frame.php in phpcrs 2.06 and earl ...) NOT-FOR-US: phpcrs CVE-2008-6073 (StorageCrypt 2.0.1 does not properly encrypt disks, which allows local ...) NOT-FOR-US: StorageCrypt CVE-2008-6072 (Multiple unspecified vulnerabilities in GraphicsMagick before 1.1.14, ...) {DSA-1903-1} - graphicsmagick 1.2.3-1 CVE-2008-6071 (Heap-based buffer overflow in the DecodeImage function in coders/pict. ...) {DSA-1903-1} - graphicsmagick 1.2.3-1 CVE-2008-6070 (Multiple heap-based buffer underflows in the ReadPALMImage function in ...) {DSA-1903-1} - graphicsmagick 1.2.3-1 CVE-2008-6069 (SQL injection vulnerability in e107chat.php in the eChat plugin 4.2 fo ...) NOT-FOR-US: eChat plugin CVE-2008-6068 (SQL injection vulnerability in the JoomlaDate (com_joomladate) compone ...) NOT-FOR-US: Joomla! CVE-2008-7272 (FireGPG before 0.6 handle user’s passphrase and decrypted cleart ...) - iceweasel-firegpg (bug #514386) CVE-2008-7273 (A symlink issue exists in Iceweasel-firegpg before 0.6 due to insecure ...) - iceweasel-firegpg (bug #514386) CVE-2008-6067 REJECTED CVE-2008-6066 (Multiple PHP remote file inclusion vulnerabilities in Meet#Web 0.8 all ...) NOT-FOR-US: Meet#Web CVE-2008-6065 (Oracle Database Server 10.1, 10.2, and 11g grants directory WRITE perm ...) NOT-FOR-US: Oracle Database Server CVE-2008-6064 (Multiple SQL injection vulnerabilities in DomPHP 0.81 allow remote att ...) NOT-FOR-US: DomPHP CVE-2008-6063 (Microsoft Word 2007, when the "Save as PDF" add-on is enabled, places ...) NOT-FOR-US: Microsoft CVE-2008-6062 (Cross-site scripting (XSS) vulnerability in ActionScript in arbitrary ...) NOT-FOR-US: Adobe Dreamweaver CVE-2008-6061 (Cross-site scripting (XSS) vulnerability in ActionScript in arbitrary ...) NOT-FOR-US: Techsmith Camtasia Studio CVE-2008-6060 (Cross-site scripting (XSS) vulnerability in ActionScript in arbitrary ...) NOT-FOR-US: InfoSoft FusionCharts CVE-2008-6059 (xml/XMLHttpRequest.cpp in WebCore in WebKit before r38566 does not pro ...) - webkit (bug #516555; low) NOTE: webkit in linux needs libsoup for cookie support CVE-2008-6058 (Syslserve 1.058 and earlier, and probably 1.059, allows remote attacke ...) NOT-FOR-US: Syslserve CVE-2008-6057 (Doug Luxem Liberum Help Desk 0.97.3 stores db/helpdesk2000.mdb under t ...) NOT-FOR-US: Doug Luxem Liberum Help Desk CVE-2008-6056 (Multiple cross-site scripting (XSS) vulnerabilities in World Recipe 2. ...) NOT-FOR-US: World Recipe CVE-2008-6055 (PreProjects Pre Classified Listings stores pclasp.mdb under the web ro ...) NOT-FOR-US: PreProjects Pre Classified Listings CVE-2008-6054 (PreProjects Pre Courier and Cargo Business stores dbcourior.mdb under ...) NOT-FOR-US: PreProjects Pre Classified Listings CVE-2008-6053 (PreProjects Pre Resume Submitter stores onlineresume.mdb under the web ...) NOT-FOR-US: PreProjects Pre Classified Listings CVE-2008-6052 (PreProjects Pre E-Learning Portal stores db_elearning.mdb under the we ...) NOT-FOR-US: PreProjects Pre Classified Listings CVE-2008-6051 (MetaCart Free stores metacart.mdb under the web root with insufficient ...) NOT-FOR-US: MetaCart Free CVE-2008-6050 (SQL injection vulnerability in the Tech Articles (com_tech_article) 1. ...) NOT-FOR-US: Tech Articles CVE-2008-6049 REJECTED CVE-2008-6048 (Multiple cross-site request forgery (CSRF) vulnerabilities in TangoCMS ...) NOT-FOR-US: TangoCMS CVE-2008-6047 (Cross-site scripting (XSS) vulnerability in ADbNewsSender before 1.5.2 ...) NOT-FOR-US: ADbNewsSender CVE-2008-6046 (SQL injection vulnerability in ADbNewsSender before 1.5.2 allows remot ...) NOT-FOR-US: ADbNewsSender CVE-2008-6045 (Session fixation vulnerability in shopping_cart.php in xt:Commerce 3.0 ...) NOT-FOR-US: xt:Commerce CVE-2008-6044 (Cross-site scripting (XSS) vulnerability in advanced_search_result.php ...) NOT-FOR-US: xt:Commerce CVE-2008-6043 (Multiple SQL injection vulnerabilities in PHP Pro Bid (PPB) 6.04 allow ...) NOT-FOR-US: PHP Pro Bid CVE-2008-6042 (SQL injection vulnerability in the re_search module in NetArtMedia Rea ...) NOT-FOR-US: NetArtMedia Real Estate Portal CVE-2008-6041 (Multiple cross-site scripting (XSS) vulnerabilities in Index.asp in Da ...) NOT-FOR-US: Dataspade CVE-2008-6040 (SQL injection vulnerability in index.php in Arcadem Pro 2.700 through ...) NOT-FOR-US: Arcadem Pro CVE-2008-6039 (Session fixation vulnerability in BLUEPAGE CMS 2.5 and earlier allows ...) NOT-FOR-US: BLUEPAGE CMS CVE-2008-6038 (SQL injection vulnerability in index.php in MapCal 0.1 allows remote a ...) NOT-FOR-US: MapCal CVE-2008-6037 (SQL injection vulnerability in view.php in AvailScript Article Script ...) NOT-FOR-US: AvailScript Article Script CVE-2008-6036 (PHP remote file inclusion vulnerability in main.inc.php in BaseBuilder ...) NOT-FOR-US: BaseBuilder CVE-2008-6035 (Cross-site scripting (XSS) vulnerability in dispatch.php in Achievo 1. ...) NOT-FOR-US: Achievo CVE-2008-6034 (Cross-site scripting (XSS) vulnerability in dispatch.php in Achievo 1. ...) NOT-FOR-US: Achievo CVE-2008-6033 (SQL injection vulnerability in comments.php in WSN Links 2.20 allows r ...) NOT-FOR-US: WSN Links CVE-2008-6032 (SQL injection vulnerability in comments.php in WSN Links Free 4.0.34P ...) NOT-FOR-US: WSN Links CVE-2008-6031 (SQL injection vulnerability in vote.php in WSN Links 2.22 and 2.23 all ...) NOT-FOR-US: WSN Links CVE-2008-6030 (Multiple SQL injection vulnerabilities in NetArtMedia Jobs Portal 1.3 ...) NOT-FOR-US: NetArtMedia Jobs Portal CVE-2008-6029 (SQL injection vulnerability in search.php in BuzzyWall 1.3.1 and earli ...) NOT-FOR-US: BuzzyWall CVE-2008-6028 (SQL injection vulnerability in list.php in University of Queensland Li ...) NOT-FOR-US: Library Fez CVE-2008-6027 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in BL ...) NOT-FOR-US: BLUEPAGE CMS CVE-2008-6026 (SQL injection vulnerability in tienda.php in BlueCUBE CMS allows remot ...) NOT-FOR-US: BlueCUBE CMS CVE-2008-6025 (Directory traversal vulnerability in scr/form.php in openElec 3.01 and ...) NOT-FOR-US: openElec CVE-2008-6024 (Unspecified vulnerability in the NFSv4 client module in the kernel on ...) NOT-FOR-US: Sun Solaris CVE-2008-6023 (PHP remote file inclusion vulnerability in includes/todofleetcontrol.p ...) NOT-FOR-US: Xnova CVE-2008-6022 (PHP remote file inclusion vulnerability in includes/todofleetcontrol.p ...) NOT-FOR-US: Xnova CVE-2008-6021 (Multiple unspecified vulnerabilities in Attachmate Reflection for Secu ...) NOT-FOR-US: Attachmate Reflection CVE-2008-6020 (SQL injection vulnerability in the Views module 6.x before 6.x-2.2 for ...) NOT-FOR-US: View module (drupal module) CVE-2008-6019 (SQL injection vulnerability in index.php in EACOMM DO-CMS 3.0 allows r ...) NOT-FOR-US: EACOMM DO-CMS CVE-2008-6018 (Directory traversal vulnerability in index.php in MyPHPSite, when magi ...) NOT-FOR-US: MyPHPSite CVE-2008-6017 (SQL injection vulnerability in messages.php in I-Rater Basic allows re ...) NOT-FOR-US: I-Rater Basic CVE-2008-6016 (SQL injection vulnerability in questions.php in EsFaq 2.0 allows remot ...) NOT-FOR-US: EsFaq CVE-2008-6015 (Multiple SQL injection vulnerabilities in search.php in EsFaq 2.0 allo ...) NOT-FOR-US: EsFaq CVE-2008-6014 (SQL injection vulnerability in scripts/links.php in Rianxosencabos CMS ...) NOT-FOR-US: Rianxosencabos CMS CVE-2008-6013 (Multiple SQL injection vulnerabilities in Freeway before 1.4.3.210 all ...) NOT-FOR-US: Freeway CVE-2008-6012 (Directory traversal vulnerability in index.php in Pritlog 0.4 and earl ...) NOT-FOR-US: Pritlog CVE-2008-6011 (SQL injection vulnerability in index.php in SG Real Estate Portal 2.0 ...) NOT-FOR-US: SG Real Estate Portal CVE-2008-6010 (Multiple directory traversal vulnerabilities in SG Real Estate Portal ...) NOT-FOR-US: SG Real Estate Portal CVE-2008-6009 (SG Real Estate Portal 2.0 allows remote attackers to bypass authentica ...) NOT-FOR-US: SG Real Estate Portal CVE-2008-6008 (hyBook Guestbook Script stores sensitive information under the web roo ...) NOT-FOR-US: hyBook Guestbook Script CVE-2008-6007 (SQL injection vulnerability in view_group.php in QuidaScript BookMarks ...) NOT-FOR-US: QuidaScript BookMarks Favourites Script CVE-2008-6006 (Multiple PHP remote file inclusion vulnerabilities in Micronation Bank ...) NOT-FOR-US: Micronation Banking System CVE-2008-6004 (Cross-site scripting (XSS) vulnerability in search.php in AJ Auction P ...) NOT-FOR-US: AJ Auction Pro Platinum CVE-2008-6003 (SQL injection vulnerability in sellers_othersitem.php in AJ Auction Pr ...) NOT-FOR-US: AJ Auction Pro Platinum CVE-2008-6002 (Absolute path traversal vulnerability in sendfile.php in web-cp 0.5.7, ...) NOT-FOR-US: web-cp CVE-2008-6001 (index.php in ADN Forum 1.0b and earlier allows remote attackers to byp ...) NOT-FOR-US: ADN Forum CVE-2008-6000 (The GDTdiIcpt.sys driver in G DATA AntiVirus 2008, InternetSecurity 20 ...) NOT-FOR-US: G DATA AntiVirus CVE-2008-5999 (Cross-site scripting (XSS) vulnerability in the Ajax Checklist module ...) NOT-FOR-US: Ajax Checklist module for Drupal CVE-2008-5998 (Multiple SQL injection vulnerabilities in the ajax_checklist_save func ...) NOT-FOR-US: Ajax Checklist module for Drupal CVE-2008-5997 (Absolute path traversal vulnerability in admin/fileKontrola/browser.as ...) NOT-FOR-US: Omnicom Content Platform CVE-2008-5996 (Cross-site scripting (XSS) vulnerability in the Simplenews module 5.x ...) NOT-FOR-US: Simplenews module for Drupal CVE-2008-5995 (Cross-site scripting (XSS) vulnerability in the freeCap CAPTCHA (sr_fr ...) NOT-FOR-US: freeCap CAPTCHA extension for TYPO3 CVE-2008-5994 (Cross-site scripting (XSS) vulnerability in index.php in Check Point C ...) NOT-FOR-US: Check Point Connectra CVE-2008-5993 (Directory traversal vulnerability in image.php in Barcode Generator 1D ...) NOT-FOR-US: Barcode Generator 1D CVE-2008-5992 (Multiple SQL injection vulnerabilities in Jetik Emlak Sistem A (ESA) 2 ...) NOT-FOR-US: Jetik Emlak Sistem CVE-2008-5991 (Directory traversal vulnerability in docs.php in MailWatch for MailSca ...) NOT-FOR-US: MailWatch for MailScanner CVE-2008-5990 (Directory traversal vulnerability in connect/init.inc in emergecolab 1 ...) NOT-FOR-US: emergecolab CVE-2008-5989 (Directory traversal vulnerability in defs.php in PHPcounter 1.3.2 and ...) NOT-FOR-US: PHPcounterJadu CMS CVE-2008-5988 (SQL injection vulnerability in scripts/recruit_details.php in Jadu CMS ...) NOT-FOR-US: Jadu CMS CVE-2008-XXXX [minor cyrus sasl DoS] - cyrus-sasl2 2.1.22.dfsg1-18 (bug #465561) [etch] - cyrus-sasl2 (Minor issue) CVE-2008-5987 (Untrusted search path vulnerability in the Python interface in Eye of ...) - eog 2.22.3-2 (bug #504352; low) [etch] - eog (Vulnerable code not present) CVE-2008-5986 (Untrusted search path vulnerability in the (1) "VST plugin with Python ...) - csound 5.08.2~dfsg-1.1 (bug #504359; low) [lenny] - csound 1:5.08.0.dfsg2-8+lenny2 (bug #504359; low) [etch] - csound (Vulnerable code not present) CVE-2008-5985 (Untrusted search path vulnerability in the Python interface in Epiphan ...) - epiphany-browser 2.22.3-7 (bug #504363; low) [etch] - epiphany-browser (Minor issue, only vulnerable when called from certain dir) CVE-2008-5984 (Untrusted search path vulnerability in the Python plugin in Dia 0.96.1 ...) - dia 0.96.1-7.1 (low; bug #504251) [etch] - dia (Minor issue, only vulnerable when called from certain dir) CVE-2008-5983 (Untrusted search path vulnerability in the PySys_SetArgv API function ...) - python3.1 3.1.2+20100703-1 (low; bug #575780) - python2.6 2.6.5+20100529-1 (low; bug #572010) - python2.5 (low) [etch] - python2.5 (Minor issue) [lenny] - python2.5 (Minor issue) [squeeze] - python2.5 (Minor issue, patch only introduces a new, more secure API) - python2.4 (low) [etch] - python2.4 (Minor issue) [lenny] - python2.4 (Minor issue) NOTE: I suppose the behaviour will be changed in a future Python release, but NOTE: a backport has a significant risk of breakage for little gain. If a NOTE: proper upstream patch should be available, this can be re-evaluated NOTE: http://bugs.python.org/issue5753 CVE-2008-5982 (Format string vulnerability in BMC PATROL Agent before 3.7.30 allows r ...) NOT-FOR-US: BMC PATROL Agent CVE-2008-5968 (Directory traversal vulnerability in print.php in PHP iCalendar 2.24 a ...) - phpicalendar (bug #513517) CVE-2008-5967 (admin/index.php in PHP iCalendar 2.3.4, 2.24, and earlier does not req ...) - phpicalendar (bug #513517) CVE-2008-5981 (PacPoll 4.0 stores sensitive information under the web root with insuf ...) NOT-FOR-US: PacPoll CVE-2008-5980 (Ocean12 Mailing List Manager Gold stores sensitive data under the web ...) NOT-FOR-US: Ocean12 Mailing List Manager Gold CVE-2008-5979 (Cross-site scripting (XSS) vulnerability in default.asp in Ocean12 Mai ...) NOT-FOR-US: Ocean12 Mailing List Manager Gold CVE-2008-5978 (Multiple SQL injection vulnerabilities in Ocean12 Mailing List Manager ...) NOT-FOR-US: Ocean12 Mailing List Manager Gold CVE-2008-5977 (SQL injection vulnerability in siteadmin/forgot.php in PHP JOBWEBSITE ...) NOT-FOR-US: PHP JOBWEBSITE PRO CVE-2008-5976 (Multiple cross-site scripting (XSS) vulnerabilities in siteadmin/forgo ...) NOT-FOR-US: PHP JOBWEBSITE PRO CVE-2008-5975 (SQL injection vulnerability in links.asp in Active Price Comparison 4. ...) NOT-FOR-US: Active Price Comparison CVE-2008-5974 (Multiple SQL injection vulnerabilities in login.aspx in Active Price C ...) NOT-FOR-US: Active Price Comparison CVE-2008-5973 (SQL injection vulnerability in login.aspx in Active Web Mail 4.0 allow ...) NOT-FOR-US: Active Web Mail CVE-2008-5972 (SQL injection vulnerability in default.asp in Active Business Director ...) NOT-FOR-US: Active Business Directory CVE-2008-5971 (Cross-site scripting (XSS) vulnerability in profile_social.php in i-Ne ...) NOT-FOR-US: i-Net Solution Orkut Clone CVE-2008-5970 (SQL injection vulnerability in profile_social.php in i-Net Solution Or ...) NOT-FOR-US: i-Net Solution Orkut Clone CVE-2008-5969 (SQL injection vulnerability in popupproduct.php in Sunbyte e-Flower al ...) NOT-FOR-US: Sunbyte e-Flower CVE-2008-5966 (globsy_edit.php in Globsy 1.0 and earlier allows remote attackers to c ...) NOT-FOR-US: Globsy CVE-2008-5965 (Directory traversal vulnerability in index.php in LokiCMS 0.3.4 and ea ...) NOT-FOR-US: LokiCMS CVE-2008-5964 (Session fixation vulnerability in Social ImpressCMS before 1.1.1 RC1 a ...) NOT-FOR-US: Social ImpressCMS CVE-2008-5963 (Eval injection vulnerability in library/setup/rpc.php in Gravity Getti ...) NOT-FOR-US: Gravity Getting Things Done CVE-2008-5962 (Directory traversal vulnerability in library/setup/rpc.php in Gravity ...) NOT-FOR-US: Gravity Getting Things Done CVE-2008-5961 (Cross-site scripting (XSS) vulnerability in index.php in Tribiq CMS Co ...) NOT-FOR-US: Tribiq CMS Community CVE-2008-5960 (SQL injection vulnerability in index.php in Tribiq CMS Community 5.0.1 ...) NOT-FOR-US: Tribiq CMS Community CVE-2008-5959 (Multiple SQL injection vulnerabilities in start.asp in Active Test 2.1 ...) NOT-FOR-US: Active Test CVE-2008-5958 (Multiple SQL injection vulnerabilities in Active Test 2.1 allow remote ...) NOT-FOR-US: Active Test CVE-2008-5957 (SQL injection vulnerability in the Mydyngallery (com_mydyngallery) com ...) NOT-FOR-US: Joomla! CVE-2008-5956 (Wbstreet (aka PHPSTREET Webboard) 1.0 stores sensitive information und ...) NOT-FOR-US: Wbstreet CVE-2008-5955 (SQL injection vulnerability in show.php in Wbstreet (aka PHPSTREET Web ...) NOT-FOR-US: Wbstreet CVE-2008-5954 (SQL injection vulnerability in KTP Computer Customer Database (KTPCCD) ...) NOT-FOR-US: KTP Computer Customer Database (KTPCCD) CMS CVE-2008-5953 (Directory traversal vulnerability in KTP Computer Customer Database (K ...) NOT-FOR-US: KTP Computer Customer Database (KTPCCD) CMS CVE-2008-5952 (SQL injection vulnerability in KTP Computer Customer Database (KTPCCD) ...) NOT-FOR-US: KTP Computer Customer Database (KTPCCD) CMS CVE-2008-5951 (ASP Template Creature stores sensitive information under the web root ...) NOT-FOR-US: ASP Template Creature CVE-2008-5950 (SQL injection vulnerability in media/media_level.asp in ASP Template C ...) NOT-FOR-US: ASP Template Creature CVE-2008-5949 (Multiple PHP remote file inclusion vulnerabilities in ccTiddly 1.7.4 a ...) NOT-FOR-US: ccTiddly CVE-2008-5948 (Directory traversal vulnerability in index.php in BNCwi 1.04 and earli ...) NOT-FOR-US: BNCwi CVE-2008-5947 (PHP remote file inclusion vulnerability in include/class_yapbbcooker.p ...) NOT-FOR-US: YapBB CVE-2008-5946 (SQL injection vulnerability in readmore.php in PHP-Fusion 4.01 allows ...) NOT-FOR-US: PHP-Fusion CVE-2008-5945 (Nukeviet 2.0 Beta allows remote attackers to bypass authentication and ...) NOT-FOR-US: Nukeviet CVE-2008-5944 (Cross-site scripting (XSS) vulnerability in modules.php in NavBoard 16 ...) NOT-FOR-US: NavBoard CVE-2008-5943 (Multiple directory traversal vulnerabilities in NavBoard 16 (2.6.0) al ...) NOT-FOR-US: NavBoard CVE-2008-5942 (Multiple cross-site scripting (XSS) vulnerabilities in MODx before 0.9 ...) NOT-FOR-US: MODx CMS CVE-2008-5941 (Cross-site request forgery (CSRF) vulnerability in MODx 0.9.6.1p2 and ...) NOT-FOR-US: MODx CMS CVE-2008-5940 (SQL injection vulnerability in index.php in MODx 0.9.6.2 and earlier, ...) NOT-FOR-US: MODx CMS CVE-2008-5939 (Cross-site scripting (XSS) vulnerability in index.php in MODx CMS 0.9. ...) NOT-FOR-US: MODx CMS CVE-2008-5938 (PHP remote file inclusion vulnerability in assets/snippets/reflect/sni ...) NOT-FOR-US: MODx CMS CVE-2008-5937 (AyeView 2.20 allows user-assisted attackers to cause a denial of servi ...) NOT-FOR-US: AyeView CVE-2008-5936 (front-end/edit.php in mini-pub 0.3 and earlier allows remote attackers ...) NOT-FOR-US: mini-pub CVE-2008-5935 (Facto stores sensitive information under the web root with insufficien ...) NOT-FOR-US: Facto CVE-2008-5934 (SQL injection vulnerability in index.php in CMS ISWEB 3.0 allows remot ...) NOT-FOR-US: CMS ISWEB CVE-2008-5933 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in CM ...) NOT-FOR-US: CMS ISWEB CVE-2008-5932 (CodeAvalanche FreeForum stores sensitive information under the web roo ...) NOT-FOR-US: CodeAvalanche FreeForum CVE-2008-5931 (The Net Guys ASPired2Blog stores sensitive information under the web r ...) NOT-FOR-US: ASPired2Blog CVE-2008-5930 (SQL injection vulnerability in admin/blog_comments.asp in The Net Guys ...) NOT-FOR-US: ASPired2Blog CVE-2008-5929 (VP-ASP Shopping Cart 6.50 stores sensitive information under the web r ...) NOT-FOR-US: VP-ASP Shopping Cart CVE-2008-5928 (SQL injection vulnerability in redir.php in Free Links Directory Scrip ...) NOT-FOR-US: Free Links Directory Script CVE-2008-5927 (Multiple SQL injection vulnerabilities in admin/usercheck.php in FlexP ...) NOT-FOR-US: FlexPHPNews CVE-2008-5926 (Multiple SQL injection vulnerabilities in login.asp in ASP-DEv Interna ...) NOT-FOR-US: ASP-DEv CVE-2008-5925 (ASP-DEv XM Events Diary stores sensitive information under the web roo ...) NOT-FOR-US: ASP-DEv CVE-2008-5924 (SQL injection vulnerability in diary_viewC.asp in ASP-DEv XM Events Di ...) NOT-FOR-US: ASP-DEv CVE-2008-5923 (SQL injection vulnerability in default.asp in ASP-DEv XM Events Diary ...) NOT-FOR-US: ASP-DEv CVE-2008-5922 (Multiple PHP remote file inclusion vulnerabilities in themes/default/i ...) NOT-FOR-US: Cant Find A Gaming CMS CVE-2008-5921 (SQL injection vulnerability in albums.php in Umer Inc Songs Portal all ...) NOT-FOR-US: Umer Inc Songs Portal CVE-2008-5920 (The create_anchors function in utils.inc in WebSVN 1.x allows remote a ...) - websvn 1.61-21 (bug #503330) CVE-2008-5917 (Cross-site scripting (XSS) vulnerability in the XSS filter (framework/ ...) {DSA-1765-1} - horde3 3.2.2+debian0-2 (bug #512592) CVE-2008-5916 (gitweb/gitweb.perl in gitweb in Git 1.6.x before 1.6.0.6, 1.5.6.x befo ...) {DSA-1708-1} - git-core 1:1.5.6.5-2 (low) CVE-2008-5915 (An unspecified function in the JavaScript implementation in Google Chr ...) NOT-FOR-US: Google CVE-2008-5914 (An unspecified function in the JavaScript implementation in Apple Safa ...) NOT-FOR-US: Apple CVE-2008-5913 (The Math.random function in the JavaScript implementation in Mozilla F ...) - xulrunner 1.9.1.10-1 (unimportant; bug #559792; bug #532516) - iceape 2.0.5-1 (unimportant) [lenny] - iceape (Just a stub package) NOTE: Limited to browser life time CVE-2008-5912 (An unspecified function in the JavaScript implementation in Microsoft ...) NOT-FOR-US: Microsoft CVE-2008-5911 (Multiple buffer overflows in RealNetworks Helix Server and Helix Mobil ...) NOT-FOR-US: RealNetworks Helix CVE-2008-5910 (Unspecified vulnerability in txzonemgr in Sun OpenSolaris has unknown ...) NOT-FOR-US: txzonemgr in Sun OpenSolaris CVE-2008-5909 (Unspecified vulnerability in conv_lpd in Sun OpenSolaris has unknown i ...) NOT-FOR-US: conv_lpd in Sun OpenSolaris CVE-2008-5908 (Unspecified vulnerability in the root/boot archive tool in Sun OpenSol ...) NOT-FOR-US: root/boot archive tool in Sun OpenSolaris CVE-2008-5907 (The png_check_keyword function in pngwutil.c in libpng before 1.0.42, ...) {DSA-1750-1} - libpng 1.2.35-1 (bug #512665) NOTE: Only an issues when using libpng to create out-of-spec images CVE-2008-5906 (Eval injection vulnerability in the web interface plugin in KTorrent b ...) - ktorrent2.2 2.2.8.dfsg.1-1 (bug #504178) - ktorrent 3.1.4+dfsg.1-1 [etch] - ktorrent (Doesn't include the web interface) CVE-2008-5905 (The web interface plugin in KTorrent before 3.1.4 allows remote attack ...) - ktorrent2.2 2.2.8.dfsg.1-1 (bug #504178) - ktorrent 3.1.4+dfsg.1-1 [etch] - ktorrent (Doesn't include the web interface) CVE-2008-5901 (iyzi Forum 1.0 beta 3 stores sensitive information under the web root ...) NOT-FOR-US: iyzi Forum CVE-2008-5900 (CodeAvalanche Articles stores sensitive information under the web root ...) NOT-FOR-US: CodeAvalanche Articles CVE-2008-5899 (CodeAvalanche FreeForAll stores sensitive information under the web ro ...) NOT-FOR-US: CodeAvalanche FreeForAll CVE-2008-5898 (CodeAvalanche Directory stores sensitive information under the web roo ...) NOT-FOR-US: CodeAvalanche Directory CVE-2008-5897 (CodeAvalanche FreeWallpaper stores sensitive information under the web ...) NOT-FOR-US: CodeAvalanche FreeWallpaper CVE-2008-5896 (CodeAvalanche RateMySite stores sensitive information under the web ro ...) NOT-FOR-US: CodeAvalanche RateMySite CVE-2008-5895 (SQL injection vulnerability in connection.php in Mediatheka 4.2 and ea ...) NOT-FOR-US: Mediatheka CVE-2008-5894 (Directory traversal vulnerability in index.php in Mediatheka 4.2 allow ...) NOT-FOR-US: Mediatheka CVE-2008-5893 (Cross-site scripting (XSS) vulnerability in admin_dblayers.asp in Clic ...) NOT-FOR-US: ClickAndEmail CVE-2008-5892 (Multiple SQL injection vulnerabilities in ClickAndEmail allow remote a ...) NOT-FOR-US: ClickAndEmail CVE-2008-5891 (Cross-site scripting (XSS) vulnerability in the profile editing functi ...) NOT-FOR-US: Injader CVE-2008-5890 (SQL injection vulnerability in feeds.php in Injader before 2.1.2 allow ...) NOT-FOR-US: Injader CVE-2008-5889 (Cross-site scripting (XSS) vulnerability in user.asp in Click&Rank ...) NOT-FOR-US: Click&Rank CVE-2008-5888 (Multiple SQL injection vulnerabilities in Click&Rank allow remote ...) NOT-FOR-US: Click&Rank CVE-2008-5887 (phplist before 2.10.8 allows remote attackers to include files via unk ...) - phplist (bug #612288) CVE-2008-5886 (TAKempis Discussion Web 4.0 stores sensitive information under the web ...) NOT-FOR-US: TAKempis Discussion Web CVE-2008-5885 (The Net Guys ASPired2Quote stores sensitive information under the web ...) NOT-FOR-US: Net Guys ASPired2Quote CVE-2008-5884 (AyeView 2.20 allows user-assisted attackers to cause a denial of servi ...) NOT-FOR-US: AyeView CVE-2008-5883 (Absolute path traversal vulnerability in front-end/dir.php in mini-pub ...) NOT-FOR-US: mini-pub CVE-2008-5904 (The rdp_rdp_process_color_pointer_pdu function in rdp/rdp_rdp.c in xrd ...) - xrdp 0.4.0~dfsg-9 (bug #511641) CVE-2008-5903 (Array index error in the xrdp_bitmap_def_proc function in xrdp/funcs.c ...) - xrdp 0.4.0~dfsg-9 (bug #511641) CVE-2008-5902 (Buffer overflow in the xrdp_bitmap_invalidate function in xrdp/xrdp_bi ...) - xrdp 0.4.0~dfsg-9 (bug #511641) CVE-2008-6005 (Multiple buffer overflows in the CheckUniqueName function in W3C Amaya ...) - amaya (medium; bug #507587) NOTE: different vector than described in CVE-2008-5282, see 507587#15 CVE-2008-5882 (SQL injection vulnerability in login.asp in Citrix Application Gateway ...) NOT-FOR-US: Citrix CVE-2008-5881 (Multiple directory traversal vulnerabilities in playSMS 0.9.3 allow re ...) NOT-FOR-US: playSMS CVE-2008-5880 (admin/auth.php in Gobbl CMS 1.0 allows remote attackers to bypass auth ...) NOT-FOR-US: Gobbl CMS CVE-2008-5879 (Cross-site scripting (XSS) vulnerability in index.php in Phpclanwebsit ...) NOT-FOR-US: Phpclanwebsite CVE-2008-5878 (Multiple directory traversal vulnerabilities in Phpclanwebsite (aka PC ...) NOT-FOR-US: Phpclanwebsite CVE-2008-5877 (Multiple SQL injection vulnerabilities in Phpclanwebsite (aka PCW) 1.2 ...) NOT-FOR-US: Phpclanwebsite CVE-2008-5876 (Buffer overflow in Irrlicht before 1.5 allows remote attackers to caus ...) - irrlicht (package was first introduced in version 1.5) CVE-2008-5875 (SQL injection vulnerability in the com_lowcosthotels component in the ...) NOT-FOR-US: Hotel Booking Reservation System for Joomla CVE-2008-5874 (Multiple SQL injection vulnerabilities in the Hotel Booking Reservatio ...) NOT-FOR-US: Hotel Booking Reservation System for Joomla CVE-2008-5873 (Yerba SACphp 6.3 and earlier allows remote attackers to bypass authent ...) NOT-FOR-US: Yerba CVE-2008-5872 (Multiple unspecified vulnerabilities in the UNIStim File Transfer Prot ...) NOT-FOR-US: Nortel Multimedia Communication Server CVE-2008-5871 (Nortel Multimedia Communication Server (MSC) 5100 3.0.13 does not veri ...) NOT-FOR-US: Nortel Multimedia Communication Server CVE-2008-5870 (FastStone Image Viewer 3.6 allows user-assisted attackers to cause a d ...) NOT-FOR-US: FastStone Image Viewer CVE-2008-5869 (Cross-site scripting (XSS) vulnerability in the Proxim Wireless Tsunam ...) NOT-FOR-US: Proxim Wireless Tsunami CVE-2008-5868 (Stack-based buffer overflow in IntelliTamper 2.07 and 2.08 allows user ...) NOT-FOR-US: IntelliTamper CVE-2008-5867 (Directory traversal vulnerability in Yerba SACphp 6.3 allows remote at ...) NOT-FOR-US: Yerba CVE-2008-5866 (The Proxim Wireless Tsunami MP.11 2411 with firmware 3.0.3 has public ...) NOT-FOR-US: Proxim Wireless Tsunami CVE-2008-5865 (SQL injection vulnerability in the com_hbssearch component 1.0 in the ...) NOT-FOR-US: Hotel Booking Reservation System for Joomla CVE-2008-5864 (SQL injection vulnerability in the Top Hotel (com_tophotelmodule) comp ...) NOT-FOR-US: Hotel Booking Reservation System for Joomla CVE-2008-5863 (SQL injection vulnerability in locator.php in the Userlocator module 3 ...) NOT-FOR-US: Module for Woltlab Burning Board CVE-2008-5862 (Directory traversal vulnerability in webcamXP 5.3.2.375 and 5.3.2.410 ...) NOT-FOR-US: webcamXP CVE-2008-5861 (Directory traversal vulnerability in source.php in FreeLyrics 1.0 allo ...) NOT-FOR-US: FreeLyrics CVE-2008-5860 (Directory traversal vulnerability in backend/template.php in Construct ...) NOT-FOR-US: Constructr CMS CVE-2008-5859 (SQL injection vulnerability in index.php in Constructr CMS 3.02.5 and ...) NOT-FOR-US: Constructr CMS CVE-2008-5858 (Multiple cross-site scripting (XSS) vulnerabilities in KnowledgeTree b ...) NOT-FOR-US: KnowledgeTree CVE-2008-5857 (The DropDocuments plugin in KnowledgeTree before 3.5.4a allows remote ...) NOT-FOR-US: KnowledgeTree CVE-2008-5856 (Directory traversal vulnerability in scripts/export.php in ClaSS befor ...) NOT-FOR-US: ClaSS CVE-2008-5855 (myPHPscripts Login Session 2.0 stores sensitive information under the ...) NOT-FOR-US: myPHPscripts Login Session CVE-2008-5854 (Multiple cross-site scripting (XSS) vulnerabilities in login.php in my ...) NOT-FOR-US: myPHPscripts Login Session CVE-2008-5853 (Chilek Content Management System (aka ChiCoMaS) 2.0.4 and earlier stor ...) NOT-FOR-US: ChoCoMaS CVE-2008-5852 (Emefa Guestbook 3.0 stores sensitive information under the web root wi ...) NOT-FOR-US: Emefa Guestbook CVE-2008-5851 (SQL injection vulnerability in index.php in My PHP Baseball Stats (MyP ...) NOT-FOR-US: My PHP Baseball Stats CVE-2008-5850 REJECTED CVE-2008-5849 (Check Point VPN-1 R55, R65, and other versions, when Port Address Tran ...) NOT-FOR-US: Check Point CVE-2008-5848 (The Advantech ADAM-6000 module has 00000000 as its default password, w ...) NOT-FOR-US: Advantech ADAM-6000 module CVE-2008-5847 (Constructr CMS 3.02.5 and earlier stores passwords in cleartext in a M ...) NOT-FOR-US: Constructr CMS CVE-2008-5846 (Six Apart Movable Type (MT) before 4.23 allows remote authenticated us ...) - movabletype-opensource 4.2.3-1 (low) CVE-2008-5845 (Multiple cross-site scripting (XSS) vulnerabilities in Six Apart Movab ...) - movabletype-opensource 4.2.3-1 (low) CVE-2008-5844 (PHP 5.2.7 contains an incorrect change to the FILTER_UNSAFE_RAW functi ...) - php5 (vulnerable code introduced in 5.2.7, we have 5.2.6 and 5.2.8 was released in the meantime) [etch] - php4 (vulnerable code introduced in php5 5.2.7) CVE-2008-5843 (Multiple untrusted search path vulnerabilities in pdfjam allow local u ...) - pdfjam (the debian package sets pdflatex and thus dirname can't result in returning .) NOTE: it is also not possible to include a crafted sed or pdflatex executable in the pdflatex call NOTE: as our version uses random names, see #510584 CVE-2008-5842 (Multiple cross-site scripting (XSS) vulnerabilities in Fujitsu-Siemens ...) NOT-FOR-US: Fujitsu-Siemens WebTransactions CVE-2008-XXXX [auctex insecure temp file] - auctex 11.83-7.3 (low; bug #506961) [etch] - auctex (Minor issue) CVE-2008-5841 (Multiple SQL injection vulnerabilities in iGaming 1.5 and earlier allo ...) NOT-FOR-US: iGaming CVE-2008-5840 (PHP iCalendar 2.24 and earlier allows remote attackers to bypass authe ...) - phpicalendar (bug #513517) CVE-2008-5839 (Buffer overflow in Foxmail 6.5 allows remote attackers to execute arbi ...) NOT-FOR-US: Foxmail CVE-2008-5838 (SQL injection vulnerability in search_results.php in E-Php Scripts E-S ...) NOT-FOR-US: E-Php Scripts E-Shop Shopping Cart CVE-2008-5837 RESERVED CVE-2008-5836 RESERVED CVE-2008-5835 RESERVED CVE-2008-5834 RESERVED CVE-2008-5833 RESERVED CVE-2008-5832 RESERVED CVE-2008-5831 RESERVED CVE-2008-5830 RESERVED CVE-2008-5829 RESERVED CVE-2008-5828 (Microsoft Windows Live Messenger Client 8.5.1 and earlier, when MSN Pr ...) NOT-FOR-US: Microsoft CVE-2008-5827 (The Nokia 6131 Near Field Communication (NFC) phone with 05.12 firmwar ...) NOT-FOR-US: Nokia Firmware CVE-2008-5826 (The Nokia 6131 Near Field Communication (NFC) phone with 05.12 firmwar ...) NOT-FOR-US: Nokia Firmware CVE-2008-5825 (The SmartPoster implementation on the Nokia 6131 Near Field Communicat ...) NOT-FOR-US: Nokia Firmware CVE-2008-5823 (An ActiveX control in prtstb06.dll in Microsoft Money 2006, when used ...) NOT-FOR-US: Microsoft Money CVE-2008-5822 (Memory leak in Libxul, as used in Mozilla Firefox 3.0.5 and other prod ...) - xulrunner (unimportant) NOTE: Just a crash, no security impact CVE-2008-5821 (Memory leak in WebKit.dll in WebKit, as used by Apple Safari 3.2 on Wi ...) NOT-FOR-US: Webkit on Windows CVE-2008-5820 (SQL injection vulnerability in eDNews_view.php in eDreamers eDNews 2 a ...) NOT-FOR-US: eDreamers eDNews CVE-2008-5819 (Directory traversal vulnerability in eDNews_archive.php in eDreamers e ...) NOT-FOR-US: eDreamers eDNews CVE-2008-5818 (Directory traversal vulnerability in index.php in eDreamers eDContaine ...) NOT-FOR-US: eDreamers eDNews CVE-2008-5817 (Multiple SQL injection vulnerabilities in index.php in Web Scribble So ...) NOT-FOR-US: Web Scribble Solutions webClassifieds CVE-2008-5816 (SQL injection vulnerability in repository.php in ILIAS 3.7.4 and earli ...) NOT-FOR-US: ILIAS CVE-2008-5815 (SQL injection vulnerability in Acomment.php in phpAlumni allows remote ...) NOT-FOR-US: phpAlumni CVE-2008-5814 (Cross-site scripting (XSS) vulnerability in PHP, possibly 5.2.7 and ea ...) {DSA-1789-1} - php5 5.2.11.dfsg.1-1 (low; bug #523028) NOTE: I don't know in which version this was fixed specifically, but NOTE: I've checked that the patch is present in this version - php4 (low; bug #523028) CVE-2008-5813 (SQL injection vulnerability in inc/rubriques.php in SPIP 1.8 before 1. ...) - spip 2.0.6-1 CVE-2008-5812 (Multiple unspecified vulnerabilities in SPIP 1.8 before 1.8.3b, 1.9 be ...) - spip 2.0.6-1 CVE-2008-5811 (SQL injection vulnerability in the PaxGallery (com_paxgallery) compone ...) NOT-FOR-US: joomla CVE-2008-5810 (WBPublish (aka WBPublish.exe) in Fujitsu-Siemens WebTransactions 7.0, ...) NOT-FOR-US: Fujitsu-Siemens WebTransactions CVE-2008-5809 (futomi CGI Cafe Access Analyzer CGI Standard 4.0.1 and earlier and Acc ...) NOT-FOR-US: futomi CGI Cafe Access Analyzer CGI Standard CVE-2008-5808 (Cross-site scripting (XSS) vulnerability in Six Apart Movable Type Ent ...) NOT-FOR-US: Six Apart Movable Type Enterprise CVE-2008-5807 (Multiple cross-site scripting (XSS) vulnerabilities in TestLink before ...) NOT-FOR-US: TestLink CVE-2008-5806 (SQL injection vulnerability in login.php in DeltaScripts PHP Classifie ...) NOT-FOR-US: DeltaScripts PHP Classifieds CVE-2008-5805 (SQL injection vulnerability in detail.php in DeltaScripts PHP Classifi ...) NOT-FOR-US: DeltaScripts PHP Classifieds CVE-2008-5804 (SQL injection vulnerability in admin/admin_catalog.php in e-topbiz Num ...) NOT-FOR-US: e-topbiz Number Links 1 Php Script CVE-2008-5803 (SQL injection vulnerability in admin/login.php in E-topbiz Online Stor ...) NOT-FOR-US: E-topbiz CVE-2008-5802 (SQL injection vulnerability in index.php in E-topbiz Online Store 1.0 ...) NOT-FOR-US: E-topbiz CVE-2008-5801 (Unspecified vulnerability in the Dictionary (rtgdictionary) extension ...) NOT-FOR-US: Dictionary (rtgdictionary) extension for TYPO3 CVE-2008-5800 (SQL injection vulnerability in the Wir ber uns [sic] (fsmi_people) ext ...) NOT-FOR-US: fsmi_people extension for TYPO3 CVE-2008-5799 (Cross-site scripting (XSS) vulnerability in the Wir ber uns (fsmi_peop ...) NOT-FOR-US: fsmi_people extension for TYPO3 CVE-2008-5798 (SQL injection vulnerability in the CMS Poll system (cms_poll) extensio ...) NOT-FOR-US: CMS Poll system for TYPO3 CVE-2008-5797 (SQL injection vulnerability in the advCalendar extension 0.3.1 and ear ...) NOT-FOR-US: advCalendar extension for TYPO3 CVE-2008-5796 (SQL injection vulnerability in the eluna Page Comments (eluna_pagecomm ...) NOT-FOR-US: Page Comments extension for TYPO3 CVE-2008-5795 (Cross-site scripting (XSS) vulnerability in the eluna Page Comments (e ...) NOT-FOR-US: Page Comments extension for TYPO3 CVE-2008-5794 (Directory traversal vulnerability in system/admin/images.php in LoveCM ...) NOT-FOR-US: LoveCMS CVE-2008-5793 (Multiple PHP remote file inclusion vulnerabilities in the Clickheat - ...) NOT-FOR-US: Clickheat - Heatmap stats (com_clickheat) component 1.0.1 for Joomla! CVE-2008-5792 (PHP remote file inclusion vulnerability in show_joined.php in Indiscri ...) NOT-FOR-US: Indiscripts Enthusiast CVE-2008-5791 (Multiple unspecified vulnerabilities in PrestaShop e-Commerce Solution ...) NOT-FOR-US: PrestaShop e-Commerce Solution CVE-2008-5790 (Multiple PHP remote file inclusion vulnerabilities in the Recly!Compet ...) NOT-FOR-US: Recly!Competitions (com_competitions) component 1.0 for Joomla! CVE-2008-5789 (Multiple PHP remote file inclusion vulnerabilities in the Recly Intera ...) NOT-FOR-US: Recly Interactive Feederator (com_feederator) component 1.0.5 for Joomla! CVE-2008-5788 (SQL injection vulnerability in index.php in Domain Seller Pro 1.5 allo ...) NOT-FOR-US: Domain Seller CVE-2008-5787 (Directory traversal vulnerability in mod.php in Arab Portal 2.1 on Win ...) NOT-FOR-US: Arab Portal CVE-2008-5786 (Cross-site scripting (XSS) vulnerability in the Silva Find extension 1 ...) NOT-FOR-US: Silva Find CVE-2008-5785 (SQL injection vulnerability in V3 Chat - Profiles/Dating Script 3.0.2 ...) NOT-FOR-US: V3 Chat - Profiles/Dating Script CVE-2008-5784 (V3 Chat - Profiles/Dating Script 3.0.2 allows remote attackers to bypa ...) NOT-FOR-US: V3 Chat - Profiles/Dating Script CVE-2008-5783 (admin/index.php in V3 Chat Live Support 3.0.4 allows remote attackers ...) NOT-FOR-US: V3 Chat CVE-2008-5782 (SQL injection vulnerability in bannerclick.php in ZeeMatri 3.0 allows ...) NOT-FOR-US: ZeeMatri CVE-2008-5781 (SQL injection vulnerability in right.php in Cant Find A Gaming CMS (CF ...) NOT-FOR-US: Cant Find A Gaming CMS (CFAGCMS) CVE-2008-5780 (Forest Blog 1.3.2 stores sensitive information under the web root with ...) NOT-FOR-US: Forest Blog CVE-2008-5779 (SQL injection vulnerability in lpro.php in Free Links Directory Script ...) NOT-FOR-US: Free Links Directory Script CVE-2008-5778 (SQL injection vulnerability in report.php in Free Links Directory Scri ...) NOT-FOR-US: Free Links Directory Script CVE-2008-5777 (SQL injection vulnerability in index.php in CadeNix allows remote atta ...) NOT-FOR-US: CadeNix CVE-2008-5776 (Multiple directory traversal vulnerabilities in Aperto Blog 0.1.1 allo ...) NOT-FOR-US: Aperto Blog CVE-2008-5775 (SQL injection vulnerability in categories.php in Aperto Blog 0.1.1 all ...) NOT-FOR-US: Aperto Blog CVE-2008-5774 (Multiple SQL injection vulnerabilities in ASPSiteWare HomeBuilder 1.0 ...) NOT-FOR-US: ASPSiteWare HomeBuilder CVE-2008-5773 (Nukedit 4.9.8 stores sensitive information under the web root with ins ...) NOT-FOR-US: Nukedit CVE-2008-5772 (Multiple SQL injection vulnerabilities in ASPSiteWare RealtyListings 1 ...) NOT-FOR-US: ASPSiteWare RealtyListings CVE-2008-5771 (Directory traversal vulnerability in test.php in PHP Weather 2.2.2 all ...) NOT-FOR-US: PHP Weather CVE-2008-5770 (Cross-site scripting (XSS) vulnerability in config/make_config.php in ...) NOT-FOR-US: PHP Weather CVE-2008-5769 (Multiple cross-site scripting (XSS) vulnerabilities in Kerio MailServe ...) NOT-FOR-US: Kerio MailServer CVE-2008-5768 (SQL injection vulnerability in print.php in the AM Events (aka Amevent ...) NOT-FOR-US: AM Events CVE-2008-5767 (SQL injection vulnerability in authors.asp in gNews Publisher allows r ...) NOT-FOR-US: gNews Publisher CVE-2008-5766 (SQL injection vulnerability in download.php in Farsi Script Faupload a ...) NOT-FOR-US: Farsi Script Faupload CVE-2008-5765 (WorkSimple 1.2.1 stores sensitive information under the web root with ...) NOT-FOR-US: WorkSimple CVE-2008-5764 (PHP remote file inclusion vulnerability in calendar.php in WorkSimple ...) NOT-FOR-US: WorkSimple CVE-2008-5763 (PHP remote file inclusion vulnerability in slogin_lib.inc.php in Simpl ...) NOT-FOR-US: Simple Text-File Login Script (SiTeFiLo) CVE-2008-5762 (Simple Text-File Login Script (SiTeFiLo) 1.0.6 stores sensitive inform ...) NOT-FOR-US: Simple Text-File Login Script (SiTeFiLo) CVE-2008-5761 (Multiple cross-site scripting (XSS) vulnerabilities in FlatnuX CMS (ak ...) NOT-FOR-US: FlatnuX CMS CVE-2008-5760 (Cross-site scripting (XSS) vulnerability in error413.php in Kerio Mail ...) NOT-FOR-US: Kerio MailServer CVE-2008-5759 (Cross-site scripting (XSS) vulnerability in FlatnuX CMS (aka Flatnuke3 ...) NOT-FOR-US: FlatnuX CMS CVE-2008-5758 (Cross-site request forgery (CSRF) vulnerability in PHParanoid before 0 ...) NOT-FOR-US: PHParanoid CVE-2008-5757 (Cross-site scripting (XSS) vulnerability in textarea/index.php in Text ...) - textpattern 4.0.6-1 CVE-2008-5756 (Buffer overflow in BreakPoint Software Hex Workshop 5.1.4 allows user- ...) NOT-FOR-US: BreakPoint Software Hex Workshop CVE-2008-5755 (Stack-based buffer overflow in IntelliTamper 2.07 and 2.08 allows remo ...) NOT-FOR-US: IntelliTamper CVE-2008-5754 (Stack-based buffer overflow in BulletProof FTP Client allows user-assi ...) NOT-FOR-US: BulletProof FTP Client CVE-2008-5753 (Stack-based buffer overflow in BulletProof FTP Client 2.63 and 2010 al ...) NOT-FOR-US: BulletProof FTP Client CVE-2008-5752 (Directory traversal vulnerability in getConfig.php in the Page Flip Im ...) NOT-FOR-US: Page Flip Image Gallery plugin for WordPress CVE-2008-5751 (SQL injection vulnerability in index.php in AlstraSoft Web Email Scrip ...) NOT-FOR-US: AlstraSoft Web Email Script Enterprise CVE-2008-5750 (Argument injection vulnerability in Microsoft Internet Explorer 8 beta ...) NOT-FOR-US: Microsoft CVE-2008-5749 NOT-FOR-US: Unclear, historic Chrome issue CVE-2008-5748 (Directory traversal vulnerability in plugins/spaw2/dialogs/dialog.php ...) NOT-FOR-US: BloofoxCMS CVE-2008-5747 (F-Prot 4.6.8 for GNU/Linux allows remote attackers to bypass anti-viru ...) NOT-FOR-US: F-Prot CVE-2008-5746 (Sun SNMP Management Agent (SUNWmasf) 1.4u2 through 1.5.4 allows local ...) NOT-FOR-US: Sun SNMP Management Agent CVE-2008-5745 (Integer overflow in quartz.dll in the DirectShow framework in Microsof ...) NOT-FOR-US: Microsoft CVE-2008-5824 (Heap-based buffer overflow in msadpcm.c in libaudiofile in audiofile 0 ...) {DSA-1972-1} - audiofile 0.2.6-7.1 (medium; bug #510205) CVE-2008-5744 (Array index error in the dahdi/tor2.c driver in Zaptel (aka DAHDI) 1.4 ...) {DSA-1699-1} - zaptel 1:1.4.11~dfsg-3 (bug #510583) CVE-2008-5743 (pdfjam creates the (1) pdf90, (2) pdfjoin, and (3) pdfnup files with a ...) - pdfjam 1.10-1 (low; bug #510584) CVE-2008-5742 (Multiple open redirect vulnerabilities in AIST NetCat 3.12 and earlier ...) NOT-FOR-US: AIST NetCat CVE-2008-5741 RESERVED CVE-2008-5740 RESERVED CVE-2008-5739 (SQL injection vulnerability in evb/check_url.php in Pligg CMS 9.9.5 Be ...) NOT-FOR-US: Pligg CMS CVE-2008-5738 (Nodstrum MySQL Calendar 1.1 and 1.2 allows remote attackers to bypass ...) NOT-FOR-US: Nodstrum MySQL Calendar CVE-2008-5737 (SQL injection vulnerability in index.php in Nodstrum MySQL Calendar 1. ...) NOT-FOR-US: Nodstrum MySQL Calendar CVE-2008-5736 (Multiple unspecified vulnerabilities in FreeBSD 6 before 6.4-STABLE, 6 ...) - kfreebsd-6 [lenny] - kfreebsd-6 (KFreebsd not supported) - kfreebsd-7 7.1-1 [lenny] - kfreebsd-7 (KFreebsd not supported) CVE-2008-5735 (Stack-based buffer overflow in skin.c in CoolPlayer 2.17 through 2.19 ...) NOT-FOR-US: CoolPlayer CVE-2008-5734 (Cross-site scripting (XSS) vulnerability in WebMail Pro in IceWarp Sof ...) NOT-FOR-US: IceWarp Software Merak Mail Server CVE-2008-5733 (SQL injection vulnerability in blog.php in the Team Impact TI Blog Sys ...) NOT-FOR-US: Team Impact TI Blog System mod for PHP-Fusion CVE-2008-5732 (Unrestricted file upload vulnerability in lib/image_upload.php in Kafo ...) NOT-FOR-US: KafooeyBlog CVE-2008-5731 (The PGPwded device driver (aka PGPwded.sys) in PGP Corporation PGP Des ...) NOT-FOR-US: PGP Desktop CVE-2008-5730 (Multiple CRLF injection vulnerabilities in AIST NetCat 3.12 and earlie ...) NOT-FOR-US: AIST NetCat CVE-2008-5729 (Multiple cross-site scripting (XSS) vulnerabilities in AIST NetCat 3.1 ...) NOT-FOR-US: AIST NetCat CVE-2008-5728 (Multiple directory traversal vulnerabilities in AIST NetCat 3.12 and e ...) NOT-FOR-US: AIST NetCat CVE-2008-5727 (SQL injection vulnerability in modules/auth/password_recovery.php in A ...) NOT-FOR-US: AIST NetCat CVE-2008-5726 (SQL injection vulnerability in thread.php in stormBoards 1.0.1 allows ...) NOT-FOR-US: stormBoards CVE-2008-5725 (The NT kernel-mode driver (aka pstrip.sys) 5.0.1.1 and earlier in EnTe ...) NOT-FOR-US: EnTech Taiwan PowerStrip CVE-2008-5724 (The Personal Firewall driver (aka epfw.sys) 3.0.672.0 and earlier in E ...) NOT-FOR-US: ESET Smart Security CVE-2008-5723 (Directory traversal vulnerability in CGI RESCUE KanniBBS2000 (aka Kann ...) NOT-FOR-US: CGI RESCUE KanniBBS2000 CVE-2008-5722 (Buffer overflow in SAWStudio 3.9i allows user-assisted remote attacker ...) NOT-FOR-US: SAWStudio CVE-2008-5721 (SapporoWorks BlackJumboDog (BJD) before 4.2.3 allows remote attackers ...) NOT-FOR-US: BlackJumboDog CVE-2008-5720 (Cross-site scripting (XSS) vulnerability in Mayaa before 1.1.23 allows ...) NOT-FOR-US: Mayaa CVE-2008-5719 (Cross-site scripting (XSS) vulnerability in Hitachi Groupmax Web Workf ...) NOT-FOR-US: Hitachi CVE-2008-5718 (The papd daemon in Netatalk before 2.0.4-beta2, when using certain var ...) {DSA-1705-1 DTSA-183-1} - netatalk 2.0.4~beta2-1 (medium; bug #510585) CVE-2008-5717 (Cross-site scripting (XSS) vulnerability in Hitachi JP1/Integrated Man ...) NOT-FOR-US: Hitachi CVE-2008-5716 (xend in Xen 3.3.0 does not properly restrict a guest VM's write access ...) - xen-3 (Vulnerable code never entered Debian) - xen-unstable (Vulnerable code never entered Debian) NOTE: this issue was introduced as a fix to CVE-2008-4405, which has not NOTE: yet been fixed in Debian CVE-2008-5715 (Mozilla Firefox 3.0.5 on Windows Vista allows remote attackers to caus ...) - iceweasel (unimportant) NOTE: Browser crashes not treated as security issues CVE-2008-5714 (Off-by-one error in monitor.c in Qemu 0.9.1 might make it easier for r ...) {DSA-1907-1 DTSA-203-1} - qemu 0.9.1-10 (low; bug #509882) [etch] - qemu (Vulnerable code not present) - kvm 82-1 (low; bug #509997) [lenny] - kvm (Minor issue) CVE-2008-5713 (The __qdisc_run function in net/sched/sch_generic.c in the Linux kerne ...) {DSA-1794-1} - linux-2.6 2.6.25-1 - linux-2.6.24 CVE-2008-5712 (The HTML parser in KDE Konqueror 3.5.9 allows remote attackers to caus ...) - kdebase (unimportant) NOTE: Browser crashes not treated as security issues CVE-2008-5711 (Heap-based buffer overflow in the Facebook PhotoUploader ActiveX contr ...) NOT-FOR-US: Facebook PhotoUploader ActiveX CVE-2008-5710 (Multiple unspecified vulnerabilities in the web management interface i ...) NOT-FOR-US: Avaya Communication Manager CVE-2008-5709 (Multiple unspecified vulnerabilities in the web management interface i ...) NOT-FOR-US: Avaya Communication Manager CVE-2008-5708 (redirect.php in SlimCMS 1.0.0 does not require authentication, which a ...) NOT-FOR-US: SlimCMS CVE-2008-5707 (SQL injection vulnerability in urunler.asp in Iltaweb Alisveris Sistem ...) NOT-FOR-US: Iltaweb Alisveris Sistemi CVE-2008-5704 (src/unit_test.c in gpsdrive (aka gpsdrive-scripts) 2.10~pre4 might all ...) - gpsdrive 2.10~pre4-6.dfsg-2 (low; bug #508597) [etch] - gpsdrive (Minor issue) [lenny] - gpsdrive 2.10~pre4-6.dfsg-1+lenny1 CVE-2008-5703 (gpsdrive (aka gpsdrive-scripts) 2.10~pre4 allows local users to overwr ...) - gpsdrive 2.10~pre4-6.dfsg-2 (low; bug #508597) [etch] - gpsdrive (Minor issue) [lenny] - gpsdrive 2.10~pre4-6.dfsg-1+lenny1 CVE-2008-5702 (Buffer underflow in the ibwdt_ioctl function in drivers/watchdog/ib700 ...) {DSA-1794-1 DSA-1787-1} - linux-2.6 2.6.26-13 - linux-2.6.24 CVE-2008-5701 (Array index error in arch/mips/kernel/scall64-o32.S in the Linux kerne ...) {DSA-1794-1 DSA-1787-1} - linux-2.6 2.6.26-13 - linux-2.6.24 CVE-2008-5700 (libata in the Linux kernel before 2.6.27.9 does not set minimum timeou ...) {DSA-1787-1} - linux-2.6 2.6.26-13 [etch] - linux-2.6 (Vulnerable code not present, was introduced later) - linux-2.6.24 CVE-2008-5699 (The name service cache daemon (nscd) in Sun Solaris 10 and OpenSolaris ...) NOT-FOR-US: Solaris CVE-2008-5698 (HTMLTokenizer::scriptHandler in Konqueror in KDE 3.5.9 and 3.5.10 allo ...) - kdebase (unimportant) NOTE: browser crashes not treated as security issues CVE-2008-5697 (The skype_tool.copy_num method in the Skype extension BETA 2.2.0.95 fo ...) NOT-FOR-US: Skype extension CVE-2008-5696 (Novell NetWare 6.5 before Support Pack 8, when an OES2 Linux server is ...) NOT-FOR-US: Novell NetWare CVE-2008-5695 (wp-admin/options.php in WordPress MU before 1.3.2, and WordPress 2.3.2 ...) - wordpress 2.3.2 (low; bug #510786; bug #513959) [etch] - wordpress (Minor issue) NOTE: only the admin has manage_options capabilities by default and only editors NOTE: have upload_files capabilities NOTE: Only versions prior to 2.3.2 are affected according to the Debian maintainer CVE-2008-5694 (PHP remote file inclusion vulnerability in lib/jpgraph/jpgraph_errhand ...) NOT-FOR-US: Sandbox CVE-2008-5693 (Ipswitch WS_FTP Server Manager 6.1.0.0 and earlier, and possibly other ...) NOT-FOR-US: Ipswitch WS_FTP Server Manager CVE-2008-5692 (Ipswitch WS_FTP Server Manager before 6.1.1, and possibly other Ipswit ...) NOT-FOR-US: Ipswitch WS_FTP Server Manager CVE-2008-5691 (Heap-based buffer overflow in the Phoenician Casino FlashAX ActiveX co ...) NOT-FOR-US: Phoenician Casino FlashAX ActiveX CVE-2008-5690 (The Kerberos credential renewal feature in Sun Solaris 8, 9, and 10, a ...) NOT-FOR-US: Solaris CVE-2008-5689 (tun in IP Tunnel in Solaris 10 and OpenSolaris snv_01 through snv_76 a ...) NOT-FOR-US: Solaris CVE-2008-5688 (MediaWiki 1.8.1, and other versions before 1.13.3, when the wgShowExce ...) - mediawiki 1:1.13.3-1 (unimportant) - mediawiki1.7 (unimportant) NOTE: Installation path disclosure not treated as a security issue CVE-2008-5687 (MediaWiki 1.11, and other versions before 1.13.3, does not properly pr ...) {DTSA-186-1} - mediawiki 1:1.13.3-1 (low) - mediawiki1.7 [etch] - mediawiki1.7 (The backup feature was introduced in 1.11) [etch] - mediawiki (metapackage) CVE-2008-5686 (IBM Tivoli Provisioning Manager (TPM) before 5.1.1.1 IF0006, when its ...) NOT-FOR-US: IBM Tivoli Provisioning Manager CVE-2008-5685 (Sun ScApp firmware 5.18.x, 5.19.x, and 5.20.0 through 5.20.10 on Sun F ...) NOT-FOR-US: Sun ScApp firmware CVE-2008-5684 (Unspecified vulnerability in the X Inter Client Exchange library (aka ...) NOT-FOR-US: Solaris CVE-2008-5683 (Unspecified vulnerability in Opera before 9.63 allows remote attackers ...) NOT-FOR-US: Opera CVE-2008-5682 (Cross-site scripting (XSS) vulnerability in Opera before 9.63 allows r ...) NOT-FOR-US: Opera CVE-2008-5681 (Opera before 9.63 does not block unspecified "scripted URLs" during th ...) NOT-FOR-US: Opera CVE-2008-5680 (Multiple buffer overflows in Opera before 9.63 might allow (1) remote ...) NOT-FOR-US: Opera CVE-2008-5679 (The HTML parsing engine in Opera before 9.63 allows remote attackers t ...) NOT-FOR-US: Opera CVE-2008-5678 (Fretwell-Downing Informatics (FDI) OLIB7 WebView 2.5.1.1 allows remote ...) NOT-FOR-US: OLIB7 WebView CVE-2008-5677 (Unrestricted file upload vulnerability in Kwalbum 2.0.4, 2.0.2, and ea ...) NOT-FOR-US: Kwalbum CVE-2008-5676 (Multiple unspecified vulnerabilities in the ModSecurity (aka mod_secur ...) - libapache-mod-security 2.5.6-1 CVE-2008-5675 (Unspecified vulnerability in IBM WebSphere Portal 6.0 before 6.0.1.5 h ...) NOT-FOR-US: IBM WebSphere Portal CVE-2008-5674 (Multiple array index errors in the HTTP server in Darkwet Network webc ...) NOT-FOR-US: Darkwet Network webcamXP CVE-2008-5673 (PHParanoid before 0.4 does not properly restrict access to the members ...) NOT-FOR-US: PHParanoid CVE-2008-5672 (Multiple cross-site request forgery (CSRF) vulnerabilities in PHParano ...) NOT-FOR-US: PHParanoid CVE-2008-5671 (PHP remote file inclusion vulnerability in index.php in Joomla! 1.0.11 ...) NOT-FOR-US: Joomla! CVE-2008-5670 (Textpattern (aka Txp CMS) 4.0.5 does not ask for the old password duri ...) - textpattern 4.0.6-1 (low) CVE-2008-5669 (index.php in the comments preview section in Textpattern (aka Txp CMS) ...) - textpattern 4.0.6-1 (low) CVE-2008-5668 (Multiple cross-site scripting (XSS) vulnerabilities in Textpattern (ak ...) - textpattern 4.0.6-1 (low) CVE-2008-5667 (The scanning engine in VirusBlokAda VBA32 Personal Antivirus 3.12.8.x ...) NOT-FOR-US: VBA32 Personal Antivirus CVE-2008-5666 (WinFTP FTP Server 2.3.0, when passive (aka PASV) mode is used, allows ...) NOT-FOR-US: WinFTP CVE-2008-5665 (SQL injection vulnerability in index.php in the xhresim module in XOOP ...) NOT-FOR-US: XOOPS CVE-2008-5664 (Stack-based buffer overflow in Realtek Media Player (aka Realtek Sound ...) NOT-FOR-US: Realtek Media Player CVE-2008-5663 (Multiple unrestricted file upload vulnerabilities in Kusaba 1.0.4 and ...) NOT-FOR-US: Kusaba CVE-2008-5662 (Multiple buffer overflows in Sun Java Wireless Toolkit (WTK) for CLDC ...) NOT-FOR-US: Sun Java Wireless Toolkit CVE-2008-5661 (The IPv4 Forwarding feature in Sun Solaris 10 and OpenSolaris snv_47 t ...) NOT-FOR-US: Sun Solaris CVE-2008-5659 (The gnu.java.security.util.PRNG class in GNU Classpath 0.97.2 and earl ...) - classpath 2:0.98-1 (bug #512532; low) [lenny] - classpath (Minor issue) - libgnucrypto-java (low; bug #559789) [lenny] - libgnucrypto-java (Minor issue) CVE-2008-5657 (CRLF injection vulnerability in Quassel Core before 0.3.0.3 allows rem ...) - quassel 0.2~rc1-1.1 (bug #506550) CVE-2008-5656 (Cross-site scripting (XSS) vulnerability in the frontend plugin for th ...) - typo3-src 4.2.3-1 (bug #505325) [etch] - typo3-src (TYPO3 versions below 4.2.x are not affected) CVE-2008-5655 (Multiple SQL injection vulnerabilities in MyioSoft EasyBookMarker 4.0 ...) NOT-FOR-US: MyioSoft EasyBookMarker CVE-2008-5654 (SQL injection vulnerability in the loginADP function in ajaxp.php in M ...) NOT-FOR-US: MyioSoft EasyBookMarker CVE-2008-5653 (SQL injection vulnerability in the loginADP function in ajaxp.php in M ...) NOT-FOR-US: MyioSoft EasyBookMarker CVE-2008-5652 (SQL injection vulnerability in the loginADP function in ajaxp.php in M ...) NOT-FOR-US: MyioSoft EasyBookMarker CVE-2008-5651 (SQL injection vulnerability in plugins/bookmarker/bookmarker_backend.p ...) NOT-FOR-US: MyioSoft EasyBookMarker CVE-2008-5650 (SQL injection vulnerability in the login directory in AlstraSoft Web H ...) NOT-FOR-US: AlstraSoft Web Host Directory CVE-2008-5649 (SQL injection vulnerability in admin/admin.php in AlstraSoft Article M ...) NOT-FOR-US: AlstraSoft Web Host Directory CVE-2008-5648 (SQL injection vulnerability in admin/login.php in DeltaScripts PHP Sho ...) NOT-FOR-US: DeltaScripts PHP Shop CVE-2008-5647 (Unspecified vulnerability in the HTML sanitizer filter in Trac before ...) - trac 0.11.1-2.1 (low; bug #509342; bug #505197) [etch] - trac (Minor issue) CVE-2008-5646 (Unspecified vulnerability in Trac before 0.11.2 allows attackers to ca ...) - trac 0.11.1-2.1 (low; bug #509342; bug #505197) [etch] - trac (Minor issue) CVE-2008-5645 (Directory traversal vulnerability in the media server in Orb Networks ...) NOT-FOR-US: Orb Networks Orb CVE-2008-5644 (Cross-site scripting (XSS) vulnerability in the file backend module in ...) - typo3-src 4.2.3-1 (bug #505324) [etch] - typo3-src (Only TYPO3 4.2.2 is affected) CVE-2008-5643 (SQL injection vulnerability in the Books (com_books) component for Joo ...) NOT-FOR-US: Joomla! CVE-2008-5642 (Directory traversal vulnerability in admin/login.php in CMS Made Simpl ...) NOT-FOR-US: CMS Made Simple CVE-2008-5641 (SQL injection vulnerability in account.asp in Active Photo Gallery 6.2 ...) NOT-FOR-US: Active Photo Gallery CVE-2008-5640 (SQL injection vulnerability in bidhistory.asp in Active Bids 3.5 allow ...) NOT-FOR-US: Active Bids CVE-2008-5639 (Directory traversal vulnerability in index.php in TxtBlog 1.0 Alpha al ...) NOT-FOR-US: TxtBlog CVE-2008-5638 (Multiple SQL injection vulnerabilities in Active Price Comparison 4 al ...) NOT-FOR-US: Active Price Comparison CVE-2008-5637 (SQL injection vulnerability in blog.asp in ParsBlogger (Pb) allows rem ...) NOT-FOR-US: ParsBlogger CVE-2008-5636 (SQL injection vulnerability in cate.php in Lito Lite CMS, when magic_q ...) NOT-FOR-US: Lito Lite CMS CVE-2008-5635 (SQL injection vulnerability in account.asp in Active Membership 2.0 al ...) NOT-FOR-US: Active Membership CVE-2008-5634 (SQL injection vulnerability in account.asp in Active Force Matrix 2.0 ...) NOT-FOR-US: Active Force Matrix CVE-2008-5633 (SQL injection vulnerability in register.asp in ActiveVotes 2.2 allows ...) NOT-FOR-US: ActiveVotes CVE-2008-5632 (SQL injection vulnerability in Account.asp in Active Time Billing 3.2 ...) NOT-FOR-US: Active Time Billing CVE-2008-5631 (SQL injection vulnerability in start.asp in Active eWebquiz 8.0 allows ...) NOT-FOR-US: Active eWebquiz CVE-2008-5630 (SQL injection vulnerability in merchants/index.php in Post Affiliate P ...) NOT-FOR-US: Post Affiliate CVE-2008-5629 (SQL injection vulnerability in index.php in Turnkey Arcade Script allo ...) NOT-FOR-US: Turnkey Arcade Script CVE-2008-5628 (SQL injection vulnerability in index.php in CMS little 0.0.1 allows re ...) NOT-FOR-US: CMS little CVE-2008-5627 (SQL injection vulnerability in account.asp in Active Trade 2 allows re ...) NOT-FOR-US: Active Trade CVE-2008-5626 (XM Easy Personal FTP Server 5.6.0 allows remote authenticated users to ...) NOT-FOR-US: XM Easy Personal FTP Server CVE-2008-5623 RESERVED CVE-2008-5620 (RoundCube Webmail (roundcubemail) before 0.2-beta allows remote attack ...) - roundcube 0.1.1-10 (low; bug #509596) CVE-2008-5618 (imudp in rsyslog 4.x before 4.1.2, 3.21 before 3.21.9 beta, and 3.20 b ...) - rsyslog 3.18.6-1 (low; bug #510906) CVE-2008-5615 RESERVED CVE-2008-5614 RESERVED CVE-2008-5613 RESERVED CVE-2008-5612 RESERVED CVE-2008-5611 RESERVED CVE-2008-5610 RESERVED CVE-2008-5609 (SQL injection vulnerability in the Commerce extension 0.9.6 and earlie ...) NOT-FOR-US: Commerce extension CVE-2008-5608 (ASP AutoDealer stores sensitive information under the web root with in ...) NOT-FOR-US: AutoDealer CVE-2008-5607 (SQL injection vulnerability in the JMovies (aka JM or com_jmovies) com ...) NOT-FOR-US: joomla CVE-2008-5606 (Gazatem QMail Mailing List Manager 1.2 stores sensitive information un ...) NOT-FOR-US: Gazatem QMail Mailing List Manager CVE-2008-5605 (Multiple SQL injection vulnerabilities in ASP Portal allow remote atta ...) NOT-FOR-US: ASP Portal CVE-2008-5604 (Directory traversal vulnerability in index.php in My Simple Forum 3.0 ...) NOT-FOR-US: My Simple Forum CVE-2008-5603 (ASPTicker 1.0 stores sensitive information under the web root with ins ...) NOT-FOR-US: ASPTicker CVE-2008-5602 (Natterchat 1.12 stores sensitive information under the web root with i ...) NOT-FOR-US: Natterchat CVE-2008-5601 (User Engine Lite ASP stores sensitive information under the web root w ...) NOT-FOR-US: User Engine Lite ASP CVE-2008-5600 (Merlix Teamworx Server stores sensitive information under the web root ...) NOT-FOR-US: Merlix Teamworx Server CVE-2008-5599 (SQL injection vulnerability in default.asp in Merlix Teamworx Server a ...) NOT-FOR-US: Merlix Teamworx Server CVE-2008-5598 (Directory traversal vulnerability in index.php in PHPmyGallery 1.51 go ...) NOT-FOR-US: PHPmyGallery CVE-2008-5597 (Cold BBS stores sensitive information under the web root with insuffic ...) NOT-FOR-US: Cold BBS CVE-2008-5596 (Ikon AdManager 2.1 and earlier stores sensitive information under the ...) NOT-FOR-US: Ikon AdManager CVE-2008-5595 (SQL injection vulnerability in detail.asp in ASP AutoDealer allows rem ...) NOT-FOR-US: ASP AutoDealer CVE-2008-5594 (Multiple directory traversal vulnerabilities in index.php in Mini Blog ...) NOT-FOR-US: Mini Blog CVE-2008-5593 (Multiple directory traversal vulnerabilities in index.php in Mini CMS ...) NOT-FOR-US: Mini CMS CVE-2008-5592 (Nightfall Personal Diary 1.0 stores sensitive information under the we ...) NOT-FOR-US: Nightfall Personal Diary CVE-2008-5591 (Cross-site scripting (XSS) vulnerability in login.asp in Nightfall Per ...) NOT-FOR-US: Nightfall Personal Diary CVE-2008-5590 (SQL injection vulnerability in customer.forumtopic.php in Kalptaru Inf ...) NOT-FOR-US: Kalptaru Infotech Product Sale Framework CVE-2008-5589 (SQL injection vulnerability in processlogin.asp in Katy Whitton RankEm ...) NOT-FOR-US: Katy Whitton RankEm CVE-2008-5588 (SQL injection vulnerability in rankup.asp in Katy Whitton RankEm allow ...) NOT-FOR-US: Katy Whitton RankEm CVE-2008-5587 (Directory traversal vulnerability in libraries/lib.inc.php in phpPgAdm ...) {DSA-1693-1} - phppgadmin 4.2.1-1.1 (low; bug #508026) NOTE: register_globals=on is required NOTE: http://www.milw0rm.com/exploits/7363 CVE-2008-5586 (SQL injection vulnerability in findoffice.php in Check Up New Generati ...) NOT-FOR-US: Check Up New Generation CVE-2008-5585 (Multiple PHP remote file inclusion vulnerabilities in lcxBBportal 0.1 ...) NOT-FOR-US: lcxBBportal CVE-2008-5622 REJECTED CVE-2008-5621 (Cross-site request forgery (CSRF) vulnerability in phpMyAdmin 2.11.x b ...) {DSA-1723-1} - phpmyadmin 4:2.11.8.1-5 NOTE: https://www.phpmyadmin.net/security/PMASA-2008-10/ NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/0d4adbfc1996c7d715b0ac9fa39a2ac14d8b28ad (2.11 branch) NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/01685c90aaba943511de0496e7ecb7fe49fa765b CVE-2008-5584 (Multiple cross-site scripting (XSS) vulnerabilities in ProjectPier 0.8 ...) NOT-FOR-US: ProjectPier CVE-2008-5583 (Cross-site request forgery (CSRF) vulnerability in index.php in Projec ...) NOT-FOR-US: ProjectPier CVE-2008-5582 (SQL injection vulnerability in utilities/login.asp in Nukedit 4.9.x, a ...) NOT-FOR-US: Nukedit CVE-2008-5581 (PHP remote file inclusion vulnerability in mini-pub.php/front-end/img. ...) NOT-FOR-US: mini-pub CVE-2008-5580 (mini-pub.php/front-end/cat.php in mini-pub 0.3 allows remote attackers ...) NOT-FOR-US: mini-pub CVE-2008-5579 (Absolute path traversal vulnerability in mini-pub.php/front-end/cat.ph ...) NOT-FOR-US: mini-pub CVE-2008-5578 (Multiple SQL injection vulnerabilities in index.php in sCssBoard 1.0, ...) NOT-FOR-US: sCssBoard CVE-2008-5577 (PHP remote file inclusion vulnerability in index.php in sCssBoard 1.0, ...) NOT-FOR-US: sCssBoard CVE-2008-5576 (admin/forums.php in sCssBoard 1.0, 1.1, 1.11, and 1.12 allows remote a ...) NOT-FOR-US: sCssBoard CVE-2008-5575 (Session fixation vulnerability in Pro Clan Manager 0.4.2 and earlier a ...) NOT-FOR-US: Pro Clan Manager CVE-2008-5574 (SQL injection vulnerability in member.php in Webmaster Marketplace all ...) NOT-FOR-US: Webmaster Marketplace CVE-2008-5573 (SQL injection vulnerability in the login feature in Poll Pro 2.0 allow ...) NOT-FOR-US: Poll Pro CVE-2008-5572 (Professional Download Assistant 0.1 stores sensitive information under ...) NOT-FOR-US: Professional Download Assistant CVE-2008-5571 (SQL injection vulnerability in admin/login.asp in Professional Downloa ...) NOT-FOR-US: Professional Download Assistant CVE-2008-5570 (Directory traversal vulnerability in index.php in PHP Multiple Newslet ...) NOT-FOR-US: Multiple Newsletters CVE-2008-5569 (Multiple cross-site scripting (XSS) vulnerabilities in PHPepperShop 1. ...) NOT-FOR-US: PHPepperShop CVE-2008-5568 (Cross-site request forgery (CSRF) vulnerability in admin/settings.php ...) NOT-FOR-US: IPN Pro CVE-2008-5567 (Cross-site request forgery (CSRF) vulnerability in admin/ad_settings.p ...) NOT-FOR-US: Bonza Cart CVE-2008-5566 (Cross-site scripting (XSS) vulnerability in index.php in Triangle Solu ...) NOT-FOR-US: Multiple Newsletters CVE-2008-5565 (Cross-site request forgery (CSRF) vulnerability in admin/settings.php ...) NOT-FOR-US: DL PayCart CVE-2008-5564 (Unspecified vulnerability in the media server in Orb Networks Orb befo ...) NOT-FOR-US: Orb Networks Orb CVE-2008-5563 (Aruba Mobility Controller 2.4.8.x-FIPS, 2.5.x, 3.1.x, 3.2.x, 3.3.1.x, ...) NOT-FOR-US: Aruba Mobility Controller CVE-2008-5562 (ASPPortal stores sensitive information under the web root with insuffi ...) NOT-FOR-US: ASPPortal CVE-2008-5561 (SQL injection vulnerability in Netref 4.0 allows remote attackers to e ...) NOT-FOR-US: Netref CVE-2008-5560 (PostEcards stores sensitive information under the web root with insuff ...) NOT-FOR-US: PostEcards CVE-2008-5559 (SQL injection vulnerability in sendcard.cfm in PostEcards allows remot ...) NOT-FOR-US: PostEcards CVE-2008-5558 (Asterisk Open Source 1.2.26 through 1.2.30.3 and Business Edition B.2. ...) - asterisk 1:1.4.0~dfsg-1 (bug #509686) [etch] - asterisk (Etch Packages no longer covered by security support) CVE-2008-5557 (Heap-based buffer overflow in ext/mbstring/libmbfl/filters/mbfilter_ht ...) {DSA-1789-1 DTSA-188-1} - php5 5.2.6.dfsg.1-1 (bug #511493) [lenny] - php5 5.2.6.dfsg.1-1+lenny1 NOTE: according to bug report, this was fixed in lenny prior to the release, but was not marked as such at the time CVE-2008-6506 (Unspecified vulnerability in phpBB before 3.0.4 allows attackers to by ...) - phpbb3 3.0.2-4 (low; bug #508872) CVE-2008-5556 NOT-FOR-US: Microsoft Internet Explorer CVE-2008-5555 (Microsoft Internet Explorer 8.0 Beta 2 relies on the XDomainRequestAll ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2008-5554 (The XSS Filter in Microsoft Internet Explorer 8.0 Beta 2 does not prop ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2008-5553 (The XSS Filter in Microsoft Internet Explorer 8.0 Beta 2 disables itse ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2008-5552 (The XSS Filter in Microsoft Internet Explorer 8.0 Beta 2 allows remote ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2008-5551 (The XSS Filter in Microsoft Internet Explorer 8.0 Beta 2 allows remote ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2008-5550 (Open redirect vulnerability in console/faces/jsp/login/BeginLogin.jsp ...) NOT-FOR-US: Sun Java Web Console CVE-2008-5549 (Unspecified vulnerability in the Sun Java Web Console components in Su ...) NOT-FOR-US: Sun Java Web Console CVE-2008-5548 (VirusBuster 4.5.11.0, when Internet Explorer 6 or 7 is used, allows re ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2008-5547 (HAURI ViRobot 2008.12.4.1499 and possibly 2008.9.12.1375, when Interne ...) NOT-FOR-US: HAURI ViRobot CVE-2008-5546 (VirusBlokAda VBA32 3.12.8.5, when Internet Explorer 6 or 7 is used, al ...) NOT-FOR-US: VirusBlokAda VBA32 CVE-2008-5545 (Trend Micro VSAPI 8.700.0.1004 in Trend Micro AntiVirus, when Internet ...) NOT-FOR-US: Trend Micro VSAPI CVE-2008-5544 (Hacksoft The Hacker 6.3.1.2.174 and possibly 6.3.0.9.081, when Interne ...) NOT-FOR-US: Hacksoft The Hacker CVE-2008-5543 (Symantec AntiVirus (SAV) 10, when Internet Explorer 6 or 7 is used, al ...) NOT-FOR-US: Symantec AntiVirus CVE-2008-5542 (Sunbelt VIPRE 3.1.1832.2 and possibly 3.1.1633.1, when Internet Explor ...) NOT-FOR-US: Sunbelt VIPRE CVE-2008-5541 (Sophos Anti-Virus 4.33.0, when Internet Explorer 6 or 7 is used, allow ...) NOT-FOR-US: Sophos Anti-Virus CVE-2008-5540 (Secure Computing Secure Web Gateway (aka Webwasher), when Internet Exp ...) NOT-FOR-US: Webwasher CVE-2008-5539 (RISING Antivirus 21.06.31.00 and possibly 20.61.42.00, when Internet E ...) NOT-FOR-US: RISING Antivirus CVE-2008-5538 (Prevx Prevx1 2, when Internet Explorer 6 or 7 is used, allows remote a ...) NOT-FOR-US: Prevx Prevx1 2 CVE-2008-5537 (PC Tools AntiVirus 4.4.2.0, when Internet Explorer 6 or 7 is used, all ...) NOT-FOR-US: PC Tools AntiVirus CVE-2008-5536 (Panda Antivirus 9.0.0.4, when Internet Explorer 6 or 7 is used, allows ...) NOT-FOR-US: Panda Antivirus CVE-2008-5535 (Norman Antivirus 5.80.02, when Internet Explorer 6 or 7 is used, allow ...) NOT-FOR-US: Norman Antivirus CVE-2008-5534 (ESET NOD32 Antivirus 3662 and possibly 3440, when Internet Explorer 6 ...) NOT-FOR-US: ESET NOD32 Antivirus CVE-2008-5533 (K7AntiVirus 7.10.541 and possibly 7.10.454, when Internet Explorer 6 o ...) NOT-FOR-US: K7AntiVirus CVE-2008-5532 (Ikarus Virus Utilities T3.1.1.45.0 and possibly T3.1.1.34.0, when Inte ...) NOT-FOR-US: Ikarus Virus Utilities CVE-2008-5531 (Fortinet Antivirus 3.113.0.0, when Internet Explorer 6 or 7 is used, a ...) NOT-FOR-US: Fortinet Antivirus CVE-2008-5530 (Ewido Security Suite 4.0, when Internet Explorer 6 or 7 is used, allow ...) NOT-FOR-US: Ewido Security Suite CVE-2008-5529 (CA eTrust Antivirus 31.6.6086, when Internet Explorer 6 or 7 is used, ...) NOT-FOR-US: CA eTrust Antivirus CVE-2008-5528 (Aladdin eSafe 7.0.17.0, when Internet Explorer 6 or 7 is used, allows ...) NOT-FOR-US: Aladdin eSafe CVE-2008-5527 (ESET Smart Security, when Internet Explorer 6 or 7 is used, allows rem ...) NOT-FOR-US: ESET Smart Security CVE-2008-5526 (DrWeb Anti-virus 4.44.0.09170, when Internet Explorer 6 or 7 is used, ...) NOT-FOR-US: DrWeb Anti-virus CVE-2008-5525 (ClamAV 0.94.1 and possibly 0.93.1, when Internet Explorer 6 or 7 is us ...) - clamav (medium; bug #526041) NOTE: this issue refers to a clamav antivirus bypass that occurs when the user NOTE: is using IE6 or IE7 to open a malicious page with an MZ header NOTE: - all other browsers are not vulnerable NOTE: - see http://xforce.iss.net/xforce/xfdb/47435 and bug report for details CVE-2008-5524 (CAT-QuickHeal 10.00 and possibly 9.50, when Internet Explorer 6 or 7 i ...) NOT-FOR-US: CAT-QuickHeal CVE-2008-5523 (avast! antivirus 4.8.1281.0, when Internet Explorer 6 or 7 is used, al ...) NOT-FOR-US: avast! antivirus CVE-2008-5522 (AVG Anti-Virus 8.0.0.161, when Internet Explorer 6 or 7 is used, allow ...) NOT-FOR-US: AVG Anti-Virus CVE-2008-5521 (Avira AntiVir 7.9.0.36 and possibly 7.8.1.28, when Internet Explorer 6 ...) NOT-FOR-US: Avira AntiVir CVE-2008-5520 (AhnLab V3 2008.12.4.1 and possibly 2008.9.13.0, when Internet Explorer ...) NOT-FOR-US: AhnLab V3 CVE-2008-5519 (The JK Connector (aka mod_jk) 1.2.0 through 1.2.26 in Apache Tomcat al ...) {DSA-1810-1} - libapache-mod-jk 1:1.2.26-2.1 (bug #523054) CVE-2008-5518 (Multiple directory traversal vulnerabilities in the web administration ...) - geronimo (bug #481869) CVE-2008-5517 (The web interface in git (gitweb) 1.5.x before 1.5.6 allows remote att ...) {DSA-1708-1} - git-core 1:1.5.6.5-2 (low; bug #512330) CVE-2008-5516 (The web interface in git (gitweb) 1.5.x before 1.5.5 allows remote att ...) {DSA-1708-1} - git-core 1:1.5.6-1 CVE-2008-5515 (Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, 6.0.0 throug ...) {DSA-2207-1} - tomcat5 (bug #532363) - tomcat5.5 (bug #532366) - tomcat6 6.0.20-1 (bug #532362) [lenny] - tomcat6 (Only ships the servlet package) CVE-2008-5514 (Off-by-one error in the rfc822_output_char function in the RFC822BUFFE ...) {DTSA-174-2} - uw-imap 2007b~dfsg-1.1 (medium; bug #510918) [etch] - uw-imap (Vulnerable code not present) - alpine 2.02-3.1 (low) [lenny] - alpine (Minor issue) [squeeze] - alpine 2.00+dfsg-6+squeeze1 CVE-2008-5513 (Unspecified vulnerability in the session-restore feature in Mozilla Fi ...) {DSA-1707-1} - iceweasel 3.0.5-1 CVE-2008-5512 (Multiple unspecified vulnerabilities in Mozilla Firefox 3.x before 3.0 ...) {DSA-1707-1 DSA-1704-1 DSA-1697-1 DSA-1696-1} - iceweasel 3.0.5-1 - icedove 2.0.0.19-1 - iceape 1.1.14-1 - xulrunner 1.9.0.5-1 CVE-2008-5511 (Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird ...) {DSA-1707-1 DSA-1704-1 DSA-1697-1 DSA-1696-1} - iceweasel 3.0.5-1 - icedove 2.0.0.19-1 - iceape 1.1.14-1 - xulrunner 1.9.0.5-1 CVE-2008-5510 (The CSS parser in Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0. ...) {DSA-1707-1} - iceweasel 3.0.5-1 - icedove 2.0.0.19-1 - iceape 1.1.14-1 [etch] - iceape (Etch Packages no longer covered by security support) - xulrunner 1.9.0.5-1 [etch] - xulrunner (Etch Packages no longer covered by security support) NOTE: patch will be checked for icedove/iceape/xulrunner by Alexander for next round CVE-2008-5509 REJECTED CVE-2008-5508 (Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird ...) {DSA-1707-1 DSA-1704-1 DSA-1697-1 DSA-1696-1} - iceweasel 3.0.5-1 - icedove 2.0.0.19-1 - iceape 1.1.14-1 - xulrunner 1.9.0.5-1 CVE-2008-5507 (Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird ...) {DSA-1707-1 DSA-1704-1 DSA-1697-1 DSA-1696-1} - iceweasel 3.0.5-1 - icedove 2.0.0.19-1 - iceape 1.1.14-1 - xulrunner 1.9.0.5-1 CVE-2008-5506 (Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird ...) {DSA-1707-1 DSA-1704-1 DSA-1697-1 DSA-1696-1} - iceweasel 3.0.5-1 - icedove 2.0.0.19-1 - iceape 1.1.14-1 - xulrunner 1.9.0.5-1 CVE-2008-5505 (Mozilla Firefox 3.x before 3.0.5 allows remote attackers to bypass int ...) - iceweasel 3.0.5-1 [etch] - iceweasel (Etch Packages no longer covered by security support) NOTE: patch now available and will be checked for next patch round CVE-2008-5504 (Mozilla Firefox 2.x before 2.0.0.19 allows remote attackers to run arb ...) {DSA-1707-1} - iceweasel 3.0.1-1 - xulrunner 1.9.0.1-1 [etch] - xulrunner (The vulnerable feature is only included in 1.8.1 branch) NOTE: Original fix for CVE-2008-3836 was incomplete CVE-2008-5503 (The loadBindingDocument function in Mozilla Firefox 2.x before 2.0.0.1 ...) {DSA-1707-1 DSA-1704-1 DSA-1697-1 DSA-1696-1} - iceape 1.1.13-1 - iceweasel 3.0.1-1 - xulrunner 1.9.0.1-1 - icedove 2.0.0.19-1 (low) NOTE: JavaScript for mails is disabled by default and if users enable it ... CVE-2008-5502 (The layout engine in Mozilla Firefox 3.x before 3.0.5, Thunderbird 2.x ...) - iceweasel 3.0.5-1 [etch] - iceweasel (Firefox 2.x not affected) - xulrunner 1.9.0.5-1 [etch] - xulrunner (Xulrunner 1.8 not affected) - icedove (This issue was FF3 only, CVE-2008-5500 affects icedove) CVE-2008-5501 (The layout engine in Mozilla Firefox 3.x before 3.0.5, Thunderbird 2.x ...) - iceweasel 3.0.5-1 [etch] - iceweasel (Firefox 2.x not affected) - xulrunner 1.9.0.5-1 [etch] - xulrunner (Xulrunner 1.8 not affected) - icedove (This issue was FF3 only, CVE-2008-5500 affects icedove) CVE-2008-5500 (The layout engine in Mozilla Firefox 3.x before 3.0.5 and 2.x before 2 ...) {DSA-1707-1 DSA-1704-1 DSA-1697-1 DSA-1696-1} - iceweasel 3.0.5-1 - icedove 2.0.0.19-1 - iceape 1.1.14-1 - xulrunner 1.9.0.5-1 CVE-2008-5499 (Unspecified vulnerability in Adobe Flash Player for Linux 10.0.12.36, ...) NOT-FOR-US: Adobe Flash Player CVE-2008-5498 (Array index error in the imageRotate function in PHP 5.2.8 and earlier ...) - php5 (php5 links to the shared lib) - libgd2 (code is specific to php's libgd) NOTE: http://cvs.php.net/viewvc.cgi/php-src/NEWS?r1=1.2027.2.547.2.1360&r2=1.2027.2.547.2.1361 CVE-2008-5497 (BandSite CMS 1.1.4 allows remote attackers to bypass authentication an ...) NOT-FOR-US: BandSite CMS CVE-2008-5496 (SQL injection vulnerability in showcategory.php in PozScripts Business ...) NOT-FOR-US: PozScripts Business Directory Script CVE-2008-5495 (Unspecified vulnerability in the GungHo LoadPrgAx ActiveX control 1.0. ...) NOT-FOR-US: GungHo LoadPrgAx CVE-2008-5494 (SQL injection vulnerability in the Contact Information Module (com_con ...) NOT-FOR-US: Contact Information Module (com_contactinfo) component for Joomla! CVE-2008-5493 (SQL injection vulnerability in track.php in PHPStore Wholesales (aka W ...) NOT-FOR-US: PHPStore Wholesales CVE-2008-5492 (Heap-based buffer overflow in the PDFVIEW.PdfviewCtrl.1 ActiveX contro ...) NOT-FOR-US: PDFVIEW.PdfviewCtrl.1 CVE-2008-5491 (SQL injection vulnerability in edit.php in SlimCMS 1.0.0 and earlier a ...) NOT-FOR-US: SlimCMS CVE-2008-5490 (SQL injection vulnerability in index.php in PHPStore Yahoo Answers all ...) NOT-FOR-US: PHPStore Yahoo Answers CVE-2008-5489 (SQL injection vulnerability in channel_detail.php in ClipShare Pro 4, ...) NOT-FOR-US: ClipShare CVE-2008-5488 (SQL injection vulnerability in admin.php in E-topbiz Domain Shop 2 all ...) NOT-FOR-US: E-topbiz Domain Shop CVE-2008-5487 (Cross-site scripting (XSS) vulnerability in admin.php in TurnkeyForms ...) NOT-FOR-US: TurnkeyForms Text Link Sales CVE-2008-5486 (SQL injection vulnerability in admin.php in TurnkeyForms Text Link Sal ...) NOT-FOR-US: TurnkeyForms Text Link Sales CVE-2008-5616 (Stack-based buffer overflow in the demux_open_vqf function in libmpdem ...) {DSA-1782-1 DTSA-181-1} - mplayer 1.0~rc2-19 (low; bug #508803) CVE-2008-XXXX [axel URL parser buffer overflow] - axel 2.2 (unimportant) [etch] - axel (Minor issue) NOTE: http://alioth.debian.org/forum/forum.php?forum_id=2846 NOTE: this only work for non-interactive sessions which is a quite exotic usecase CVE-2008-5619 (html2text.php in Chuggnutt HTML to Text Converter, as used in PHPMaile ...) - roundcube 0.1.1-9 (high; bug #508628; bug #536498) NOTE: According to the bug report, this is being exploited. - moodle 1.8.2.dfsg-2 (bug #508909) [etch] - moodle (Vulnerable code not present) NOTE: moodle recently copied roundcube's html2text due to their copy being non-free - mahara 1.1.3-1 (high; bug #524778) [lenny] - mahara (html2text.php wasn't yet included) - atmailopen CVE-2008-5485 REJECTED CVE-2008-5484 REJECTED CVE-2008-5483 REJECTED CVE-2008-5482 REJECTED CVE-2008-5481 REJECTED CVE-2008-5480 REJECTED CVE-2008-5479 REJECTED CVE-2008-5478 REJECTED CVE-2008-5477 REJECTED CVE-2008-5476 REJECTED CVE-2008-5475 REJECTED CVE-2008-5474 REJECTED CVE-2008-5473 REJECTED CVE-2008-5472 REJECTED CVE-2008-5471 REJECTED CVE-2008-5470 REJECTED CVE-2008-5469 REJECTED CVE-2008-5468 REJECTED CVE-2008-5467 REJECTED CVE-2008-5466 REJECTED CVE-2008-5465 REJECTED CVE-2008-5464 REJECTED CVE-2008-5463 (Unspecified vulnerability in the PeopleSoft Enterprise Campus Solution ...) NOT-FOR-US: BEA WebLogic CVE-2008-5462 (Unspecified vulnerability in the WebLogic Portal component in BEA Prod ...) NOT-FOR-US: BEA WebLogic CVE-2008-5461 (Unspecified vulnerability in the WebLogic Server component in BEA Prod ...) NOT-FOR-US: BEA WebLogic CVE-2008-5460 (Unspecified vulnerability in the WebLogic Server component in BEA Prod ...) NOT-FOR-US: BEA WebLogic CVE-2008-5459 (Unspecified vulnerability in the WebLogic Server component in BEA Prod ...) NOT-FOR-US: BEA WebLogic CVE-2008-5458 (Unspecified vulnerability in the Oracle Application Object Library com ...) NOT-FOR-US: Oracle CVE-2008-5457 (Unspecified vulnerability in the Oracle BEA WebLogic Server Plugins fo ...) NOT-FOR-US: Oracle CVE-2008-5456 (Unspecified vulnerability in the PeopleSoft Enterprise HRMS component ...) NOT-FOR-US: Oracle CVE-2008-5455 (Unspecified vulnerability in the PeopleSoft Enterprise HRMS - ePerform ...) NOT-FOR-US: Oracle CVE-2008-5454 (Unspecified vulnerability in the iProcurement component in Oracle E-Bu ...) NOT-FOR-US: Oracle CVE-2008-5453 REJECTED CVE-2008-5452 (Unspecified vulnerability in the PeopleSoft Enterprise HRMS component ...) NOT-FOR-US: Oracle CVE-2008-5451 (Unspecified vulnerability in the JD Edwards Tools component in Oracle ...) NOT-FOR-US: Oracle CVE-2008-5450 (Unspecified vulnerability in the Oracle Applications Platform Engineer ...) NOT-FOR-US: Oracle CVE-2008-5449 (Unspecified vulnerability in the Oracle Secure Backup component in Ora ...) NOT-FOR-US: Oracle CVE-2008-5448 (Unspecified vulnerability in the Oracle Secure Backup component in Ora ...) NOT-FOR-US: Oracle CVE-2008-5447 (Unspecified vulnerability in the Oracle Enterprise Manager component i ...) NOT-FOR-US: Oracle CVE-2008-5446 (Unspecified vulnerability in the Oracle Applications Framework compone ...) NOT-FOR-US: Oracle CVE-2008-5445 (Unspecified vulnerability in the Oracle Secure Backup component in Ora ...) NOT-FOR-US: Oracle CVE-2008-5444 (Unspecified vulnerability in the Oracle Secure Backup component in Ora ...) NOT-FOR-US: Oracle CVE-2008-5443 (Unspecified vulnerability in the Oracle Secure Backup component in Ora ...) NOT-FOR-US: Oracle CVE-2008-5442 (Unspecified vulnerability in the Oracle Secure Backup component in Ora ...) NOT-FOR-US: Oracle CVE-2008-5441 (Unspecified vulnerability in the Oracle Secure Backup component in Ora ...) NOT-FOR-US: Oracle CVE-2008-5440 (Unspecified vulnerability in the TimesTen Data Server component in Ora ...) NOT-FOR-US: Oracle CVE-2008-5439 (Unspecified vulnerability in the SQL*Plus Windows GUI component in Ora ...) NOT-FOR-US: Oracle CVE-2008-5438 (Unspecified vulnerability in the Oracle Portal component in Oracle App ...) NOT-FOR-US: Oracle CVE-2008-5437 (Unspecified vulnerability in the Job Queue component in Oracle Databas ...) NOT-FOR-US: Oracle CVE-2008-5436 (Unspecified vulnerability in the Oracle OLAP component in Oracle Datab ...) NOT-FOR-US: Oracle CVE-2008-5435 (Cross-site scripting (XSS) vulnerability in moderate.php in PunBB befo ...) NOT-FOR-US: PunBB CVE-2008-5434 (Multiple SQL injection vulnerabilities in PunBB 1.3 and 1.3.1 allow re ...) NOT-FOR-US: PunBB CVE-2008-5433 (Cross-site scripting (XSS) vulnerability in login.php in PunBB 1.3 and ...) NOT-FOR-US: PunBB CVE-2008-5432 (Cross-site scripting (XSS) vulnerability in Moodle before 1.6.8, 1.7 b ...) {DSA-1691-1} - moodle 1.8.2.dfsg-1 (bug #508593) CVE-2008-5431 (Teamtek Universal FTP Server 1.0.44 allows remote attackers to cause a ...) NOT-FOR-US: Teamtek Universal FTP Server CVE-2008-5430 (Mozilla Thunderbird 2.0.14 does not properly handle (1) multipart/mixe ...) - icedove (unimportant) NOTE: crashes icedove, but no security impact CVE-2008-5429 (Incredimail build 5853710 does not properly handle (1) multipart/mixed ...) NOT-FOR-US: Incredimail CVE-2008-5428 (Opera 9.51 on Windows XP does not properly handle (1) multipart/mixed ...) NOT-FOR-US: Opera CVE-2008-5427 (Norton Antivirus in Norton Internet Security 15.5.0.23 does not proper ...) NOT-FOR-US: Norton Internet Security CVE-2008-5426 (Kaspersky Internet Security Suite 2009 does not properly handle (1) mu ...) NOT-FOR-US: Kaspersky Internet Security Suite CVE-2008-5425 (ESet NOD32 2.70.0039.0000 does not properly handle (1) multipart/mixed ...) NOT-FOR-US: NOD32 CVE-2008-5424 (The MimeOleClearDirtyTree function in InetComm.dll in Microsoft Outloo ...) NOT-FOR-US: Microsoft Outlook Express CVE-2008-5423 (Sun Sun Ray Server Software 3.x and 4.0 and Sun Ray Windows Connector ...) NOT-FOR-US: Sun Ray Software CVE-2008-5422 (Sun Sun Ray Server Software 3.1 through 4.0 does not properly restrict ...) NOT-FOR-US: Sun Sun Ray Server Software CVE-2008-5421 (The SSL web administration service in NetWin SmsGate 1.1n and earlier ...) NOT-FOR-US: NetWin SmsGate CVE-2008-5420 (The SAN Manager Master Agent service (aka msragent.exe) in EMC Control ...) NOT-FOR-US: SAN Manager Master Agent CVE-2008-5419 (Stack-based buffer overflow in SAN Manager Master Agent service (aka m ...) NOT-FOR-US: SAN Manager Master Agent CVE-2008-5418 (Directory traversal vulnerability in login.php in the PunPortal module ...) NOT-FOR-US: PunBB CVE-2008-5417 (HP DECnet-Plus 8.3 before ECO03 for OpenVMS on the Alpha platform uses ...) NOT-FOR-US: HP DECnet-Plus CVE-2008-5416 (Heap-based buffer overflow in Microsoft SQL Server 2000 SP4, 8.00.2050 ...) NOT-FOR-US: Microsoft SQL Server CVE-2008-5415 (The LDBserver service in the server in CA ARCserve Backup 11.1 through ...) NOT-FOR-US: CA ARCserve Backup CVE-2008-5414 (Unspecified vulnerability in the Feature Pack for Web Services in the ...) NOT-FOR-US: IBM WebSphere CVE-2008-5413 (PerfServlet in the PMI/Performance Tools component in IBM WebSphere Ap ...) NOT-FOR-US: IBM WebSphere CVE-2008-5412 (Unspecified vulnerability in IBM WebSphere Application Server (WAS) 7 ...) NOT-FOR-US: IBM WebSphere CVE-2008-5411 (IBM WebSphere Application Server (WAS) 7 before 7.0.0.1 sends SSL traf ...) NOT-FOR-US: IBM WebSphere CVE-2008-5410 (The PK11_SESSION cache in the OpenSSL PKCS#11 engine in Sun Solaris 10 ...) NOT-FOR-US: Solaris CVE-2008-5409 (Unspecified vulnerability in the pdf.xmd module in (1) BitDefender Fre ...) NOT-FOR-US: itDefender Free Edition and Antivirus Standard, BullGuard Internet Security and Software602 Groupware Server CVE-2008-5408 (Buffer overflow in the data management protocol in Symantec Backup Exe ...) NOT-FOR-US: Symantec Backup Exec CVE-2008-5407 (Multiple unspecified vulnerabilities in the Backup Exec remote-agent l ...) NOT-FOR-US: Symantec Backup Exec CVE-2008-5406 (Stack-based buffer overflow in Apple QuickTime Player 7.5.5 and iTunes ...) NOT-FOR-US: Apple QuickTime Player and iTunes CVE-2008-5405 (Stack-based buffer overflow in the RDP protocol password decoder in Ca ...) NOT-FOR-US: Cain & Abel CVE-2008-5404 (Insecure method vulnerability in the FlexCell.Grid ActiveX control in ...) NOT-FOR-US: FlexCell CVE-2008-5403 (Heap-based buffer overflow in the XML parser in the AIM plugin in Tril ...) NOT-FOR-US: Trillian CVE-2008-5402 (Double free vulnerability in the XML parser in Trillian before 3.1.12. ...) NOT-FOR-US: Trillian CVE-2008-5401 (Stack-based buffer overflow in the image tooltip implementation in Tri ...) NOT-FOR-US: Trillian CVE-2008-5400 (Multiple cross-site request forgery (CSRF) vulnerabilities in mvnForum ...) NOT-FOR-US: mvnForum CVE-2008-5399 (Cross-site scripting (XSS) vulnerability in the listonlineusers (aka " ...) NOT-FOR-US: mvnForum CVE-2008-5398 (Tor before 0.2.0.32 does not properly process the ClientDNSRejectInter ...) - tor 0.2.0.32-1 CVE-2008-5397 (Tor before 0.2.0.32 does not properly process the (1) User and (2) Gro ...) - tor 0.2.0.32-1 (bug #505178) CVE-2008-5396 (Array index error in the (1) torisa.c and (2) dahdi/tor2.c drivers in ...) {DSA-1699-1} - zaptel 1:1.4.11~dfsg-3 CVE-2008-5395 (The parisc_show_stack function in arch/parisc/kernel/traps.c in the Li ...) {DSA-1794-1 DSA-1787-1} - linux-2.6 2.6.26-13 - linux-2.6.24 CVE-2008-5393 (UPR-Kernel in Ubuntu Privacy Remix (UPR) before 8.04_r1 includes kerne ...) NOT-FOR-US: Ubuntu Privacy Remix CVE-2008-5392 REJECTED CVE-2008-5391 REJECTED CVE-2008-5390 REJECTED CVE-2008-5389 REJECTED CVE-2008-5388 REJECTED CVE-2008-5387 (Buffer overflow in autoconf6 in IBM AIX 6.1.0 through 6.1.2, when Role ...) NOT-FOR-US: IBM AIX CVE-2008-5386 (Buffer overflow in ndp in IBM AIX 6.1.0 through 6.1.2, when the netcd ...) NOT-FOR-US: IBM AIX CVE-2008-5385 (enq in bos.rte.printers in IBM AIX 6.1.0 through 6.1.2, when a print q ...) NOT-FOR-US: IBM AIX CVE-2008-5384 (crontab in bos.rte.cron in IBM AIX 6.1.0 through 6.1.2 allows local us ...) NOT-FOR-US: IBM AIX CVE-2008-5383 (Stack-based buffer overflow in National Instruments Electronics Workbe ...) NOT-FOR-US: National Instruments Electronics Workbench CVE-2008-5382 (Cross-site request forgery (CSRF) vulnerability in I-O DATA DEVICE HDL ...) NOT-FOR-US: I-O firmware CVE-2008-5381 (Buffer overflow in the URL processing in ffdshow (aka ffdshow-tryout) ...) NOT-FOR-US: ffdshow CVE-2008-5380 (gpsdrive (aka gpsdrive-scripts) 2.09 allows local users to overwrite a ...) - gpsdrive 2.10~pre4-6.dfsg-2 (low; bug #508595) [etch] - gpsdrive (Minor issue) [lenny] - gpsdrive 2.10~pre4-6.dfsg-1+lenny1 CVE-2008-5379 (netdisco-mibs-installer 1.0 allows local users to overwrite arbitrary ...) - netdisco-mibs-installer 1.4 (low; bug #508940) [lenny] - netdisco-mibs-installer (Contrib not supported) CVE-2008-5378 (arb-kill in arb 0.0.20071207.1 allows local users to overwrite arbitra ...) - arb 0.0.20071207.1-6 (low; bug #508942) CVE-2008-5377 (pstopdf in CUPS 1.3.8 allows local users to overwrite arbitrary files ...) - cups 1.3.8-1lenny1 (low) - cupsys [etch] - cupsys (Example script) CVE-2008-5376 (editcomment in crip 3.7 allows local users to overwrite arbitrary file ...) - crip 3.7-5 (low; bug #509275) [etch] - crip 3.7-3+etch1 CVE-2008-5375 (cmus-status-display in cmus 2.2.0 allows local users to overwrite arbi ...) - cmus 2.2.0-1.1 (unimportant; bug #509277) NOTE: Just an example script CVE-2008-5374 (bash-doc 3.2 allows local users to overwrite arbitrary files via a sym ...) - bash 4.0-2 (unimportant; bug #509279) NOTE: scripts are examples CVE-2008-5373 (mtx-changer.Adic-Scalar-24 in bacula-common 2.4.2 allows local users t ...) - bacula 2.4.0-1 (unimportant; bug #509301) NOTE: script is an example CVE-2008-5372 (sdm-login in sdm-terminal 0.4.0b allows local users to overwrite arbit ...) - sdm 0.4.1-1 (unimportant; bug #509331) NOTE: Not really a bug since only "touch" is used on the temp file CVE-2008-5371 (screenie in screenie 1.30.0 allows local users to overwrite arbitrary ...) - screenie 1.30.0-5.1 (low; bug #509332) CVE-2008-5370 (pvpgn-support-installer in pvpgn 1.8.1 allows local users to overwrite ...) - pvpgn 1.8.1-2 (low; bug #509336) [etch] - pvpgn (Contrib not supported) CVE-2008-5369 (noip2 in noip2 2.1.7 allows local users to overwrite arbitrary files v ...) - no-ip 2.1.9-1 (unimportant; bug #509348) NOTE: original issue doesn't seem to be present, however there is a tmprace in the init NOTE: script if it is used to debug with strace and a missing check for mkstemp failing NOTE: but these situations are really corner cases CVE-2008-5368 (muttprint in muttprint 0.72d allows local users to overwrite arbitrary ...) - muttprint 0.72d-10 (low; bug #509487) [etch] - muttprint 0.72d-8etch1 CVE-2008-5367 (ip-up in ppp-udeb 2.4.4rel on Debian GNU/Linux allows local users to o ...) - ppp (unimportant) NOTE: insecure temp file handling in udeb is not an issue, since it is during the installation CVE-2008-5366 (The postinst script in ppp 2.4.4rel on Debian GNU/Linux allows local u ...) - ppp (unimportant; bug #509488) NOTE: Package postinst isn't vulnerable, only .tmp files in /etc CVE-2008-5365 (SQL injection vulnerability in VoteHistory.asp in ActiveWebSoftwares A ...) NOT-FOR-US: ActiveWebSoftwares CVE-2008-5364 (Stack-based buffer overflow in the getPlus ActiveX control in gp.ocx 1 ...) NOT-FOR-US: getPlus CVE-2008-5363 (The ActionScript 2 virtual machine in Adobe Flash Player 10.x before 1 ...) NOT-FOR-US: Adobe Flash Player CVE-2008-5362 (The DefineConstantPool action in the ActionScript 2 virtual machine in ...) NOT-FOR-US: Adobe Flash Player CVE-2008-5361 (The ActionScript 2 virtual machine in Adobe Flash Player 10.x before 1 ...) NOT-FOR-US: Adobe Flash Player CVE-2008-5617 (The ACL handling in rsyslog 3.12.1 to 3.20.0, 4.1.0, and 4.1.1 does no ...) - rsyslog 3.18.6-1 (bug #508027) CVE-2008-5624 (PHP 5 before 5.2.7 does not properly initialize the page_uid and page_ ...) {DSA-1789-1 DTSA-188-1} - php5 5.2.6.dfsg.1-1 (medium; bug #508021) - php4 (medium; bug #559787) CVE-2008-5660 (Format string vulnerability in the vinagre_utils_show_error function ( ...) - vinagre 0.5.1-2 CVE-2008-5360 (Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and ear ...) - sun-java5 1.5.0-17-0.1 (low; bug #508194) [etch] - sun-java5 (Non-free not supported) [lenny] - sun-java5 1.5.0-22-0lenny1 - sun-java6 6-12-1 (low; bug #508195) [lenny] - sun-java6 6-20-0lenny1 - openjdk-6 6b11-9.1 (bug #510972) CVE-2008-5359 (Buffer overflow in Java Runtime Environment (JRE) for Sun JDK and JRE ...) - sun-java5 1.5.0-17-0.1 (bug #508194) [etch] - sun-java5 (Non-free not supported) [lenny] - sun-java5 1.5.0-22-0lenny1 - sun-java6 6-12-1 (bug #508195) [lenny] - sun-java6 6-20-0lenny1 - openjdk-6 6b11-9.1 (bug #510972) CVE-2008-5358 (Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and ear ...) - sun-java5 1.5.0-17-0.1 (bug #508194) [etch] - sun-java5 (Non-free not supported) [lenny] - sun-java5 1.5.0-22-0lenny1 - sun-java6 6-12-1 (bug #508195) [lenny] - sun-java6 6-20-0lenny1 - openjdk-6 6b11-9.1 (bug #510972) CVE-2008-5357 (Integer overflow in Java Runtime Environment (JRE) for Sun JDK and JRE ...) - sun-java5 1.5.0-17-0.1 (bug #508194) [etch] - sun-java5 (Non-free not supported) [lenny] - sun-java5 1.5.0-22-0lenny1 - sun-java6 6-12-1 (bug #508195) [lenny] - sun-java6 6-20-0lenny1 - openjdk-6 (uses system's freetype library) CVE-2008-5356 (Heap-based buffer overflow in Java Runtime Environment (JRE) for Sun J ...) - sun-java5 1.5.0-17-0.1 (bug #508194) [etch] - sun-java5 (Non-free not supported) [lenny] - sun-java5 1.5.0-22-0lenny1 - sun-java6 6-12-1 (bug #508195) [lenny] - sun-java6 6-20-0lenny1 - openjdk-6 (uses system's freetype library) CVE-2008-5355 (The "Java Update" feature for Java Runtime Environment (JRE) for Sun J ...) - sun-java5 (Java update not used in Debian) - sun-java6 (Java update not used in Debian) - openjdk-6 (Java update not used in Debian) CVE-2008-5354 (Stack-based buffer overflow in Java Runtime Environment (JRE) for Sun ...) - sun-java5 1.5.0-17-0.1 (bug #508194) [etch] - sun-java5 (Non-free not supported) [lenny] - sun-java5 1.5.0-22-0lenny1 - sun-java6 6-12-1 (bug #508195) [lenny] - sun-java6 6-20-0lenny1 - openjdk-6 6b11-9.1 (bug #510972) CVE-2008-5353 (The Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and ...) - sun-java5 1.5.0-17-0.1 (bug #508194) [etch] - sun-java5 (Non-free not supported) [lenny] - sun-java5 1.5.0-22-0lenny1 - sun-java6 6-12-1 (bug #508195) [lenny] - sun-java6 6-20-0lenny1 - openjdk-6 6b11-9.1 (bug #510972) CVE-2008-5352 (Integer overflow in the JAR unpacking utility (unpack200) in the unpac ...) - sun-java5 1.5.0-17-0.1 (bug #508194) [etch] - sun-java5 (Non-free not supported) [lenny] - sun-java5 1.5.0-22-0lenny1 - sun-java6 6-12-1 (bug #508195) [lenny] - sun-java6 6-20-0lenny1 - openjdk-6 6b11-9.1 (bug #510972) CVE-2008-5351 (Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and ear ...) - sun-java5 1.5.0-17-0.1 (bug #508194) [etch] - sun-java5 (Non-free not supported) [lenny] - sun-java5 1.5.0-22-0lenny1 - sun-java6 6-12-1 (bug #508195) [lenny] - sun-java6 6-20-0lenny1 - openjdk-6 6b11-9.1 (bug #510972) CVE-2008-5350 (Unspecified vulnerability in Java Runtime Environment (JRE) for Sun JD ...) - sun-java5 1.5.0-17-0.1 (bug #508194) [etch] - sun-java5 (Non-free not supported) [lenny] - sun-java5 1.5.0-22-0lenny1 - sun-java6 6-12-1 (bug #508195) [lenny] - sun-java6 6-20-0lenny1 - openjdk-6 6b11-9.1 (bug #510972) CVE-2008-5349 (Unspecified vulnerability in Java Runtime Environment (JRE) for Sun JD ...) - sun-java5 1.5.0-17-0.1 (bug #508194) [etch] - sun-java5 (Non-free not supported) [lenny] - sun-java5 1.5.0-22-0lenny1 - sun-java6 6-12-1 (bug #508195) [lenny] - sun-java6 6-20-0lenny1 - openjdk-6 6b11-9.1 (bug #510972) CVE-2008-5348 (Unspecified vulnerability in Java Runtime Environment (JRE) for Sun JD ...) - sun-java5 1.5.0-17-0.1 (bug #508194) [etch] - sun-java5 (Non-free not supported) [lenny] - sun-java5 1.5.0-22-0lenny1 - sun-java6 6-12-1 (bug #508195) [lenny] - sun-java6 6-20-0lenny1 - openjdk-6 6b11-9.1 (bug #510972) CVE-2008-5347 (Multiple unspecified vulnerabilities in Java Runtime Environment (JRE) ...) - sun-java5 1.5.0-17-0.1 (bug #508194) [etch] - sun-java5 (Non-free not supported) [lenny] - sun-java5 1.5.0-22-0lenny1 - sun-java6 6-12-1 (bug #508195) [lenny] - sun-java6 6-20-0lenny1 - openjdk-6 6b11-9.1 (bug #510972) CVE-2008-5346 (Unspecified vulnerability in Java Runtime Environment (JRE) for Sun JD ...) - sun-java5 1.5.0-17-0.1 (bug #508194) [etch] - sun-java5 (Non-free not supported) [lenny] - sun-java5 1.5.0-22-0lenny1 CVE-2008-5345 (Unspecified vulnerability in Java Runtime Environment (JRE) with Sun J ...) - sun-java5 1.5.0-17-0.1 (bug #508194) [etch] - sun-java5 (Non-free not supported) [lenny] - sun-java5 1.5.0-22-0lenny1 - sun-java6 6-12-1 (bug #508195) [lenny] - sun-java6 6-20-0lenny1 - openjdk-6 (bug in plugin code) NOTE: For OpenJDK, see: http://mail.openjdk.java.net/pipermail/core-libs-dev/2009-June/001784.html CVE-2008-5344 (Unspecified vulnerability in Java Web Start (JWS) and Java Plug-in wit ...) - sun-java5 1.5.0-17-0.1 (bug #508194) [etch] - sun-java5 (Non-free not supported) [lenny] - sun-java5 1.5.0-22-0lenny1 - sun-java6 6-12-1 (bug #508195) [lenny] - sun-java6 6-20-0lenny1 - openjdk-6 (browser plugin is different code base) CVE-2008-5343 (Java Web Start (JWS) and Java Plug-in with Sun JDK and JRE 6 Update 10 ...) - sun-java5 1.5.0-17-0.1 (bug #508194) [etch] - sun-java5 (Non-free not supported) [lenny] - sun-java5 1.5.0-22-0lenny1 - sun-java6 6-12-1 (bug #508195) [lenny] - sun-java6 6-20-0lenny1 - openjdk-6 (browser plugin is different code base) CVE-2008-5342 (Unspecified vulnerability in the BasicService for Java Web Start (JWS) ...) - sun-java5 1.5.0-17-0.1 (bug #508194) [etch] - sun-java5 (Non-free not supported) [lenny] - sun-java5 1.5.0-22-0lenny1 - sun-java6 6-12-1 (bug #508195) [lenny] - sun-java6 6-20-0lenny1 - openjdk-6 (browser plugin is different code base) CVE-2008-5341 (Unspecified vulnerability in Java Web Start (JWS) and Java Plug-in wit ...) - sun-java5 1.5.0-17-0.1 (bug #508194) [etch] - sun-java5 (Non-free not supported) [lenny] - sun-java5 1.5.0-22-0lenny1 - sun-java6 6-12-1 (bug #508195) [lenny] - sun-java6 6-20-0lenny1 - openjdk-6 (browser plugin is different code base) CVE-2008-5340 (Unspecified vulnerability in Java Web Start (JWS) and Java Plug-in wit ...) - sun-java5 1.5.0-17-0.1 (bug #508194) [etch] - sun-java5 (Non-free not supported) [lenny] - sun-java5 1.5.0-22-0lenny1 - sun-java6 6-12-1 (bug #508195) [lenny] - sun-java6 6-20-0lenny1 - openjdk-6 (browser plugin is different code base) CVE-2008-5339 (Unspecified vulnerability in Java Web Start (JWS) and Java Plug-in wit ...) - sun-java5 1.5.0-17-0.1 (bug #508194) [etch] - sun-java5 (Non-free not supported) [lenny] - sun-java5 1.5.0-22-0lenny1 - sun-java6 6-12-1 (bug #508195) [lenny] - sun-java6 6-20-0lenny1 - openjdk-6 (browser plugin is different code base) CVE-2008-5338 (Cross-site scripting (XSS) vulnerability in info.php in Bandwebsite (a ...) NOT-FOR-US: Bandwebsite CVE-2008-5337 (SQL injection vulnerability in lyrics.php in Bandwebsite (aka Bandsite ...) NOT-FOR-US: Bandwebsite CVE-2008-5336 (SQL injection vulnerability in index.php in WebStudio CMS allows remot ...) NOT-FOR-US: WebStudio CMS CVE-2008-5335 (SQL injection vulnerability in messages.php in PHP-Fusion 6.01.15 and ...) NOT-FOR-US: PHP-Fusion CVE-2008-5334 (PHP remote file inclusion vulnerability in includes/common.php in Nitr ...) NOT-FOR-US: NitroTech CVE-2008-5333 (SQL injection vulnerability in members.php in NitroTech 0.0.3a allows ...) NOT-FOR-US: NitroTech CVE-2008-5332 (Multiple PHP remote file inclusion vulnerabilities in Pie 0.5.3 allow ...) NOT-FOR-US: Pie Web M{a,e}sher CVE-2008-5331 (Adobe Acrobat 9 uses more efficient encryption than previous versions, ...) NOT-FOR-US: Adobe Acrobat Reader CVE-2008-5330 (Multiple cross-site scripting (XSS) vulnerabilities in the web interfa ...) NOT-FOR-US: ClearCase RWP IBM CVE-2008-5329 (ClearQuest Web in IBM Rational ClearQuest MultiSite before 7.1 allows ...) NOT-FOR-US: IBM CVE-2008-5328 (The ClearQuest Maintenance Tool in IBM Rational ClearQuest before 7 st ...) NOT-FOR-US: IBM CVE-2008-5327 (The ClearQuest Maintenance Tool in IBM Rational ClearQuest 7 before 7. ...) NOT-FOR-US: IBM CVE-2008-5326 (The ClearQuest Maintenance Tool in IBM Rational ClearQuest 7.0.0 befor ...) NOT-FOR-US: IBM CVE-2008-5325 (Multiple cross-site scripting (XSS) vulnerabilities in CQ Web in IBM R ...) NOT-FOR-US: IBM CVE-2008-5324 (Multiple cross-site scripting (XSS) vulnerabilities in CQ Web in IBM R ...) NOT-FOR-US: IBM CVE-2008-5658 (Directory traversal vulnerability in the ZipArchive::extractTo functio ...) {DSA-1789-1 DTSA-188-1} - php5 5.2.6.dfsg.1-3 (bug #507857) - php4 CVE-2008-5323 (Cross-site scripting (XSS) vulnerability in index.php in Wysi Wiki Wyg ...) NOT-FOR-US: Wysi Wiki Wyg CVE-2008-5322 (Wysi Wiki Wyg 1.0 allows remote attackers to obtain system information ...) NOT-FOR-US: Wysi Wiki Wyg CVE-2008-5321 (SQL injection vulnerability in index.php in GesGaleri, a module for XO ...) NOT-FOR-US: XOOPS module CVE-2008-5320 (SQL injection vulnerability in usersettings.php in e107 0.7.13 and ear ...) NOT-FOR-US: e107 CVE-2008-5319 (Unspecified vulnerability in Tikiwiki before 2.2 has unknown impact an ...) - tikiwiki CVE-2008-5318 (Unspecified vulnerability in Tikiwiki before 2.2 has unknown impact an ...) - tikiwiki CVE-2008-5317 (Integer signedness error in the cmsAllocGamma function in src/cmsgamma ...) {DSA-1684-1} - lcms 1.17-1 - openjdk-6 6b16-1 (medium; bug #542210) CVE-2008-5316 (Buffer overflow in the ReadEmbeddedTextTag function in src/cmsio1.c in ...) {DSA-1684-1} - lcms 1.16-1 CVE-2008-5315 (Directory traversal vulnerability in the web interface in Apple iPhone ...) NOT-FOR-US: Apple iPhone Configuration Web Utility CVE-2008-XXXX [Insecure tmpdir creation] [lenny] - devscripts 2.10.35lenny1 (low) - devscripts 2.10.42 (low; bug #507482) [etch] - devscripts 2.9.26etch2 CVE-2008-XXXX [Insecure tempfile creation] - devscripts 2.10.42 (low; bug #508111) [etch] - devscripts (vulnerable code not present) [lenny] - devscripts 2.10.35lenny1 (low) CVE-2008-5314 (Stack consumption vulnerability in libclamav/special.c in ClamAV befor ...) {DSA-1680-1} - clamav 0.94.dfsg.2-1 (medium; bug #507624) CVE-2008-5311 (SQL injection vulnerability in image.php in NetArt Media Blog System 1 ...) NOT-FOR-US: NetArt Media Blog System CVE-2008-5310 (SQL injection vulnerability in image.php in NetArt Media Car Portal 2. ...) NOT-FOR-US: NetArt Media Car Portal CVE-2008-5309 (SQL injection vulnerability in NetArt Media Real Estate Portal 1.2 all ...) NOT-FOR-US: NetArt Media Real Estate Portal CVE-2008-5308 (The Simple Forum 3.1d module for LoveCMS 1.6.2 Final does not properly ...) NOT-FOR-US: LoveCMS CVE-2008-5307 (SQL injection vulnerability in admin/index.php in PG Roommate Finder S ...) NOT-FOR-US: PG Roommate Finder Solution CVE-2008-5306 (SQL injection vulnerability in admin/index.php in PG Real Estate Solut ...) NOT-FOR-US: PG Real Estate Solution CVE-2008-5305 (Eval injection vulnerability in TWiki before 4.2.4 allows remote attac ...) - twiki (medium; bug #508257) CVE-2008-5304 (Cross-site scripting (XSS) vulnerability in TWiki before 4.2.4 allows ...) - twiki (low; bug #508256) CVE-2008-5303 (Race condition in the rmtree function in File::Path 1.08 (lib/File/Pat ...) {DSA-1678-1} - perl 5.10.0-18 CVE-2008-5302 (Race condition in the rmtree function in File::Path 1.08 and 2.07 (lib ...) {DSA-1678-1} - perl 5.10.0-18 CVE-2008-5301 (Directory traversal vulnerability in the ManageSieve implementation in ...) - dovecot 1:1.0.15-2.3 (bug #506031) CVE-2008-5300 (Linux kernel 2.6.28 allows local users to cause a denial of service (" ...) {DSA-1687-1 DSA-1681-1} - linux-2.6 2.6.26-12 - linux-2.6.24 2.6.24-6~etchnhalf.7 CVE-2008-5296 (Gallery 1.5.x before 1.5.10 and 1.6 before 1.6-RC3, when register_glob ...) - gallery 1.5.9-1.2 (low; bug #506824) [etch] - gallery (vulnerable code introduced in 1.5.8-svn-b34) CVE-2008-5295 (SQL injection vulnerability in index.php in Jamit Job Board 3.4.10 all ...) NOT-FOR-US: Jamit Job Board CVE-2008-5294 (SQL injection vulnerability in index.php in WebStudio eCatalogue allow ...) NOT-FOR-US: WebStudio eCatalogue CVE-2008-5293 (SQL injection vulnerability in index.php in WebStudio eHotel allows re ...) NOT-FOR-US: WebStudio eHotel CVE-2008-5292 (SQL injection vulnerability in view_snaps.php in VideoGirls BiZ allows ...) NOT-FOR-US: VideoGirls CVE-2008-5291 (Directory traversal vulnerability in code/track.php in FuzzyLime 3.03 ...) NOT-FOR-US: FuzzyLime CVE-2008-5290 (Cross-site scripting (XSS) vulnerability in full_txt.php in Werner Hil ...) NOT-FOR-US: Werner Hilversum Clean CMS CVE-2008-5289 (SQL injection vulnerability in full_txt.php in Werner Hilversum Clean ...) NOT-FOR-US: Werner Hilversum Clean CMS CVE-2008-5288 (PHP remote file inclusion vulnerability in include/header.php in Werne ...) NOT-FOR-US: Werner Hilversum Clean CMS CVE-2008-5287 (SQL injection vulnerability in catagorie.php in Werner Hilversum FAQ M ...) NOT-FOR-US: Werner Hilversum Clean CMS CVE-2008-5284 (The web server in IEA Software RadiusNT and RadiusX 5.1.38 and other v ...) NOT-FOR-US: IEA Software RadiusNT and RadiusX CVE-2008-5283 (Google Hack Honeypot (GHH) File Upload Manager 1.3 allows remote attac ...) NOT-FOR-US: File Upload Manager CVE-2008-5282 (Multiple stack-based buffer overflows in W3C Amaya Web Browser 10.0.1 ...) NOTE: neither in Etch nor Lenny, removal has been proposed - amaya (bug #507587) CVE-2008-5281 (Heap-based buffer overflow in Titan FTP Server 6.05 build 550 allows r ...) NOT-FOR-US: Titan FTP Server CVE-2008-5280 (The Local ZIM Server in Zilab Chat and Instant Messaging (ZIM) Server ...) NOT-FOR-US: Zilab Chat and Instant Messaging CVE-2008-5279 (The Local ZIM Server (zcs.exe) in Zilab Chat and Instant Messaging (ZI ...) NOT-FOR-US: Zilab Chat and Instant Messaging CVE-2008-5277 (PowerDNS before 2.9.21.2 allows remote attackers to cause a denial of ...) - pdns 2.9.21.2-1 (low) [etch] - pdns (old version of HINFO parser) CVE-2008-5275 (Multiple directory traversal vulnerabilities in the (a) "Unzip archive ...) NOT-FOR-US: net2ftp CVE-2008-5274 (Todd Woolums ASP News Management 2.2 allows remote attackers to obtain ...) NOT-FOR-US: Todd Woolums ASP News Management CVE-2008-5273 (SQL injection vulnerability in viewnews.asp in Todd Woolums ASP News M ...) NOT-FOR-US: Todd Woolums ASP News Management CVE-2008-5272 (Multiple directory traversal vulnerabilities in Fred Stuurman SyndeoCM ...) NOT-FOR-US: SyndeoCMS CVE-2008-5271 (Cross-site scripting (XSS) vulnerability in index.php in Fred Stuurman ...) NOT-FOR-US: SyndeoCMS CVE-2008-5270 (SQL injection vulnerability in view.topics.php in Yuhhu Superstar 2008 ...) NOT-FOR-US: Yuhhu Superstar CVE-2008-5269 (SQL injection vulnerability in index.php in pSys 0.7.0 alpha allows re ...) NOT-FOR-US: pSys CVE-2008-5268 (SQL injection vulnerability in content/forums/reply.asp in ASPPortal a ...) NOT-FOR-US: ASPPortal CVE-2008-5267 (SQL injection vulnerability in answer.php in Experts 1.0.0, when magic ...) NOT-FOR-US: Experts CVE-2008-5266 (Cross-site scripting (XSS) vulnerability in configuration/httpListener ...) NOT-FOR-US: Sun Java System Application Server CVE-2008-5265 (Directory traversal vulnerability in index.php in TNT Forum 0.9.4, whe ...) NOT-FOR-US: TNT Forum CVE-2008-5264 (Cross-site scripting (XSS) vulnerability in searcher.exe in Tornado Kn ...) NOT-FOR-US: Tornado Knowledge Retrieval System CVE-2008-5263 (Multiple stack-based buffer overflows in the mt_codec::getHdrHead func ...) NOT-FOR-US: ksquirrel CVE-2008-5262 (Multiple stack-based buffer overflows in the iGetHdrHeader function in ...) {DSA-1717-1 DTSA-184-1} - devil 1.7.5-4 (low; bug #511844; bug #512122) NOTE: fix for 1.7.5-3 incomplete, see #512122 CVE-2008-5261 RESERVED CVE-2008-5260 (Heap-based buffer overflow in the CamImage.CamImage.1 ActiveX control ...) NOT-FOR-US: ActiveX CVE-2008-5259 (Integer signedness error in DivX Web Player 1.4.2.7, and possibly earl ...) NOT-FOR-US: DivX Web Player CVE-2008-5258 RESERVED CVE-2008-5257 (webseald in WebSEAL 6.0.0.17 in IBM Tivoli Access Manager for e-busine ...) NOT-FOR-US: WebSEAL CVE-2008-5255 RESERVED CVE-2008-5254 RESERVED CVE-2008-5253 RESERVED CVE-2008-5252 (Cross-site request forgery (CSRF) vulnerability in the Special:Import ...) {DSA-1901-1 DTSA-186-1} - mediawiki 1:1.13.3-1 (bug #508870) - mediawiki1.7 [etch] - mediawiki (metapackage) CVE-2008-5251 RESERVED CVE-2008-5250 (Cross-site scripting (XSS) vulnerability in MediaWiki before 1.6.11, 1 ...) {DSA-1901-1 DTSA-186-1} - mediawiki 1:1.13.3-1 (bug #508869) - mediawiki1.7 [etch] - mediawiki (metapackage) CVE-2008-5249 (Cross-site scripting (XSS) vulnerability in MediaWiki 1.13.0 through 1 ...) {DSA-1901-1 DTSA-186-1} - mediawiki 1:1.13.3-1 (bug #508868) - mediawiki1.7 [etch] - mediawiki (metapackage) CVE-2008-5276 (Integer overflow in the ReadRealIndex function in real.c in the Real d ...) - vlc 0.9.8a-1 (low) [etch] - vlc (vulnerable code not present) [lenny] - vlc (vulnerable code not present) CVE-2008-7068 (The dba_replace function in PHP 5.2.6 and 4.x allows context-dependent ...) {DTSA-188-1} - php5 5.2.6.dfsg.1-3 (bug #507101) [lenny] - php5 5.2.6.dfsg.1-1+lenny2 - php4 NOTE: if a user has write access to a file he simply can use fopen() CVE-2008-5278 (Cross-site scripting (XSS) vulnerability in the self_link function in ...) - wordpress 2.5.1-11 (low; bug #507193) [etch] - wordpress (Vulnerable code not present) NOTE: introduced in 2.5 CVE-2008-5286 (Integer overflow in the _cupsImageReadPNG function in CUPS 1.1.17 thro ...) {DSA-1677-1} - cups 1.3.8-1lenny4 (bug #507183; medium) CVE-2008-XXXX [geda-gnetlist: sch2eaglepos.sh has insecure temp file handling ] - geda-gnetlist 1:1.4.0-3 (bug #506625; unimportant) NOTE: sch2eaglepos.sh only used as example script CVE-2008-5248 (xine-lib before 1.1.15 allows remote attackers to cause a denial of se ...) - xine-lib 1.1.14-3 - vlc (affected part of xine-lib code copy not present) CVE-2008-5247 (The real_parse_audio_specific_data function in demux_real.c in xine-li ...) - xine-lib (unimportant; bug #508715) NOTE: a devide by 0 because of a crafted media file is hardly a security issue, NOTE: the integer overflows covered by the ocert advisory in the same code snippet NOTE: got an own identifier CVE-2008-5246 (Multiple heap-based buffer overflows in xine-lib before 1.1.15 allow r ...) - xine-lib 1.1.14-3 (low; bug #507184; bug #498243) - vlc (affected part of xine-lib code copy not present) CVE-2008-5245 (xine-lib before 1.1.15 performs V4L video frame preallocation before a ...) - xine-lib 1.1.14-3 (low) [etch] - xine-lib (The version from Etch doesn't yet perform pre-allocation) CVE-2008-5244 (Unspecified vulnerability in xine-lib before 1.1.15 has unknown impact ...) - xine-lib 1.1.14-3 (unimportant) - faad2 2.6.1-1 (unimportant) - mplayer 1.0~rc2-20 (unimportant; bug #407010) NOTE: overlaps with CVE-2008-4610, same aac issue NOTE: just a crasher, no security implications known so far CVE-2008-5243 (The real_parse_headers function in demux_real.c in xine-lib 1.1.12, an ...) - xine-lib 1.1.16-1 (bug #508716) [lenny] - xine-lib 1.1.14-4 [squeeze] - xine-lib 1.1.14-4 NOTE: these are just invalid reads that result in segfaults, denial of service doesnt NOTE: apply here as xine reading a file is no service -> application bug CVE-2008-5242 (demux_qt.c in xine-lib 1.1.12, and other 1.1.15 and earlier versions, ...) - xine-lib 1.1.16-1 (medium; bug #507165; bug #498243) [lenny] - xine-lib 1.1.14-4 [squeeze] - xine-lib 1.1.14-4 CVE-2008-5241 (Integer underflow in demux_qt.c in xine-lib 1.1.12, and other 1.1.15 a ...) - xine-lib 1.1.16-1 (low; bug #509008) [lenny] - xine-lib 1.1.14-4 [squeeze] - xine-lib 1.1.14-4 CVE-2008-5240 (xine-lib 1.1.12, and other 1.1.15 and earlier versions, relies on an u ...) - xine-lib 1.1.16-2 (low; bug #509352) [lenny] - xine-lib 1.1.14-5 [squeeze] - xine-lib 1.1.14-5 CVE-2008-5239 (xine-lib 1.1.12, and other 1.1.15 and earlier versions, does not prope ...) - xine-lib 1.1.16-2 (medium; bug #509353) [lenny] - xine-lib 1.1.14-5 [squeeze] - xine-lib 1.1.14-5 CVE-2008-5238 (Integer overflow in the real_parse_mdpr function in demux_real.c in xi ...) - xine-lib 1.1.14-3 (low) NOTE: code execution shouldn't work here as if 0xff will be extended to 0xffffffff NOTE: memcpy fails for copying from the complete addressable address space long before any code is executed NOTE: the malloc check for type_specific_data is missing, minor issue filed as #508065 CVE-2008-5237 (Multiple integer overflows in xine-lib 1.1.12, and other 1.1.15 and ea ...) - xine-lib 1.1.16-1 (bug #509265; low) [lenny] - xine-lib 1.1.14-4 [squeeze] - xine-lib 1.1.14-4 CVE-2008-5236 (Multiple heap-based buffer overflows in xine-lib 1.1.12, and other 1.1 ...) - xine-lib 1.1.16-1 (bug #509521) [lenny] - xine-lib 1.1.14-4 [squeeze] - xine-lib 1.1.14-4 CVE-2008-5235 (Heap-based buffer overflow in the demux_real_send_chunk function in sr ...) - xine-lib 1.1.14-3 - vlc (affected part of xine-lib code copy not present) CVE-2008-5234 (Multiple heap-based buffer overflows in xine-lib 1.1.12, and other ver ...) - xine-lib 1.1.16-1 (medium; bug #508313; bug #498243) [lenny] - xine-lib 1.1.14-4 [squeeze] - xine-lib 1.1.14-4 CVE-2008-5233 (xine-lib 1.1.12, and other versions before 1.1.15, does not check for ...) - xine-lib 1.1.14-3 (low) - vlc (affected part of xine-lib code copy not present) CVE-2008-5232 (Buffer overflow in the CallHTMLHelp method in the Microsoft Windows Me ...) NOT-FOR-US: Microsoft Windows Media Services CVE-2008-5231 (Stack-based buffer overflow in the ExecuteRequest method in the Novell ...) NOT-FOR-US: Novell iPrint CVE-2008-5230 (The Temporal Key Integrity Protocol (TKIP) implementation in unspecifi ...) NOT-FOR-US: WPA weakness CVE-2008-5229 (Stack-based buffer overflow in Microsoft Device IO Control in iphlpapi ...) NOT-FOR-US: Microsoft Device IO Control CVE-2008-5228 (Cross-site scripting (XSS) vulnerability in IBM Workplace Content Mana ...) NOT-FOR-US: IBM Workplace Content Management CVE-2008-5227 (Unspecified vulnerability in PHPCow allows remote attackers to execute ...) NOT-FOR-US: PHPCow CVE-2008-5226 (SQL injection vulnerability in the MambAds (com_mambads) component 1.0 ...) NOT-FOR-US: com_mambads component for Mambo CVE-2008-5225 (Multiple cross-site scripting (XSS) vulnerabilities in Xerox DocuShare ...) NOT-FOR-US: Xerox DocuShare CVE-2008-5224 (Cross-site scripting (XSS) vulnerability in Kent Web Mart 1.61 and ear ...) NOT-FOR-US: Kent Web Mart CVE-2008-5223 (SQL injection vulnerability in index.php in Airvae Commerce 3.0 allows ...) NOT-FOR-US: Airvae Commerce CVE-2008-5222 (SQL injection vulnerability in login.asp in Dvbbs 8.2.0 allows remote ...) NOT-FOR-US: Dvbbs CVE-2008-5221 (The account_save action in admin/userinfo.php in wPortfolio 0.3 and ea ...) NOT-FOR-US: wPortfolio CVE-2008-5220 (Unrestricted file upload vulnerability in admin/upload_form.php in wPo ...) NOT-FOR-US: wPortfolio CVE-2008-5219 (The password change feature (admin/cp.php) in VideoScript 4.0.1.50 and ...) NOT-FOR-US: VideoScript CVE-2008-5218 (ScriptsEz FREEze Greetings 1.0 stores pwd.txt under the web root with ...) NOT-FOR-US: ScriptsEz FREEze Greetings CVE-2008-5217 (Directory traversal vulnerability in index.php in txtCMS 0.3, when reg ...) NOT-FOR-US: textCMS CVE-2008-5216 (SQL injection vulnerability in category_list.php in AJ Square ZeusCart ...) NOT-FOR-US: AJ Square ZeusCart CVE-2008-5215 (SQL injection vulnerability in service/profil.php in ClanLite 2.2006.0 ...) NOT-FOR-US: ClanLite CVE-2008-5214 (Cross-site scripting (XSS) vulnerability in service/calendrier.php in ...) NOT-FOR-US: ClanLite CVE-2008-5213 (SQL injection vulnerability in featured_article.php in AJ Article 1.0 ...) NOT-FOR-US: AJ Article CVE-2008-5212 (SQL injection vulnerability in classifide_ad.php in AJ Auction 6.2.1 a ...) NOT-FOR-US: AJ Auction CVE-2008-5211 (Cross-site scripting (XSS) vulnerability in search.php in Sphider 1.3. ...) NOT-FOR-US: Sphider CVE-2008-5210 (Multiple PHP remote file inclusion vulnerabilities in PhpBlock A8.5 al ...) NOT-FOR-US: PhpBlock CVE-2008-5209 (Directory traversal vulnerability in modules/download/get_file.php in ...) NOT-FOR-US: Admidio CVE-2008-5208 (SQL injection vulnerability in sub_votepic.php in the Datsogallery (co ...) NOT-FOR-US: Datsogallery joomla module CVE-2008-5207 (Multiple directory traversal vulnerabilities in Jonascms 1.2 allow rem ...) NOT-FOR-US: Jonascms CVE-2008-5206 (PHP remote file inclusion vulnerability in modules/mod_mainmenu.php in ...) NOT-FOR-US: MosXML CVE-2008-5205 (Cross-site scripting (XSS) vulnerability in edit.php in wellyblog allo ...) NOT-FOR-US: wellyblog CVE-2008-5204 (Multiple directory traversal vulnerabilities in PowerAward 1.1.0 RC1, ...) NOT-FOR-US: PowerAward CVE-2008-5203 (Cross-site scripting (XSS) vulnerability in external_vote.php in Power ...) NOT-FOR-US: PowerAward CVE-2008-5202 (Cross-site scripting (XSS) vulnerability in index.php in OTManager CMS ...) NOT-FOR-US: OTManager CMS CVE-2008-5201 (Directory traversal vulnerability in index.php in OTManager CMS 24a al ...) NOT-FOR-US: OTManager CMS CVE-2008-5200 (SQL injection vulnerability in the Xe webtv (com_xewebtv) component fo ...) NOT-FOR-US: Xe webtv CVE-2008-5199 (PHP remote file inclusion vulnerability in include.php in PHPOutsourci ...) NOT-FOR-US: PHPOutsourcing IdeaBox CVE-2008-5198 (SQL injection vulnerability in memberlist.php in Acmlmboard 1.A2 allow ...) NOT-FOR-US: Acmlmboard CVE-2008-5197 (SQL injection vulnerability in classifieds.php in PHP-Fusion allows re ...) NOT-FOR-US: PHP-Fusion CVE-2008-5196 (SQL injection vulnerability in kroax.php in the Kroax (the_kroax) 4.42 ...) NOT-FOR-US: Kroax CVE-2008-5195 (Multiple SQL injection vulnerabilities in SebracCMS (sbcms) 0.4 allow ...) NOT-FOR-US: SebracCMS CVE-2008-5194 (SQL injection vulnerability in checkavail.php in SoftVisions Software ...) NOT-FOR-US: SoftVisions Software Online Booking Manager CVE-2008-5193 (Cross-site scripting (XSS) vulnerability in search.asp in W1L3D4 Philb ...) NOT-FOR-US: W1L3D4 Philboard CVE-2008-5192 (SQL injection vulnerability in forum.asp in W1L3D4 Philboard 1.14 and ...) NOT-FOR-US: W1L3D4 Philboard CVE-2008-5191 (Multiple SQL injection vulnerabilities in SePortal 2.4 allow remote at ...) NOT-FOR-US: SePortal CVE-2008-5190 (SQL injection vulnerability in index.php in eSHOP100 allows remote att ...) NOT-FOR-US: eSHOP100 CVE-2008-5285 (Wireshark 1.0.4 and earlier allows remote attackers to cause a denial ...) [lenny] - wireshark 1.0.2-3+lenny3 - wireshark 1.0.5-1 (low; bug #506741) CVE-2008-5394 (/bin/login in shadow 4.0.18.1 in Debian GNU/Linux, and probably other ...) {DSA-1709-1} - shadow 1:4.1.1-6 (bug #505271) CVE-2008-5706 (The cTrigger::DoIt function in src/ctrigger.cpp in the trigger mechani ...) - verlihub (low; bug #506530) CVE-2008-5705 (The cTrigger::DoIt function in src/ctrigger.cpp in the trigger mechani ...) - verlihub (low; bug #506530) CVE-2008-5189 (CRLF injection vulnerability in Ruby on Rails before 2.0.5 allows remo ...) - rails 2.1.0-6 (low) CVE-2008-5188 (The (1) ecryptfs-setup-private, (2) ecryptfs-setup-confidential, and ( ...) - ecryptfs-utils 66-1 (low) [lenny] - ecryptfs-utils (Minor issue) CVE-2008-5184 (The web interface (cgi-bin/admin.c) in CUPS before 1.3.8 uses the gues ...) - cups 1.3.8-1 [etch] - cupsys (cupsys doesn't crash, code base changed, guest username not submitted) CVE-2008-5182 (The inotify functionality in Linux kernel 2.6 before 2.6.28-rc5 might ...) {DSA-1687-1 DSA-1681-1} - linux-2.6 2.6.26-12 - linux-2.6.24 2.6.24-6~etchnhalf.7 CVE-2008-5181 (Microsoft Communicator allows remote attackers to cause a denial of se ...) NOT-FOR-US: Microsoft Communicator CVE-2008-5180 (Microsoft Communicator, and Communicator in Microsoft Office 2010 beta ...) NOT-FOR-US: Microsoft Communicator CVE-2008-5179 (Unspecified vulnerability in Microsoft Office Communications Server (O ...) NOT-FOR-US: Microsoft Office Communications Server CVE-2008-5178 (Heap-based buffer overflow in Opera 9.62 on Windows allows remote atta ...) NOT-FOR-US: Opera on Windows CVE-2008-5177 (Stack-based buffer overflow in the DtbClsLogin function in Yosemite Ba ...) NOT-FOR-US: Yosemite Backup CVE-2008-5176 (Multiple buffer overflows in Client Software WinCom LPD Total 3.0.2.62 ...) NOT-FOR-US: WinCom LPD CVE-2008-5187 (The load function in the XPM loader for imlib2 1.4.2, and possibly oth ...) {DSA-1672-1} - imlib2 1.4.0-1.2 (bug #505714) CVE-2008-5625 (PHP 5 before 5.2.7 does not enforce the error_log safe_mode restrictio ...) - php5 (unimportant) NOTE: http://securityreason.com/achievement_securityalert/57 CVE-2008-5312 (mailscanner 4.55.10 and other versions before 4.74.16-1 might allow lo ...) - mailscanner 4.74.16-1 (bug #506353) [etch] - mailscanner (Minor issue) NOTE: there is no difference apart from the versions to CVE-2008-5313 CVE-2008-5313 (mailscanner 4.68.8 and other versions before 4.74.16-1 might allow loc ...) - mailscanner 4.74.16-1 (bug #506353) [etch] - mailscanner (Minor issue) NOTE: there is no difference apart from the versions to CVE-2008-5312 CVE-2008-5175 (Directory traversal vulnerability in the FTP client in AceFTP Freeware ...) NOT-FOR-US: AceFTP CVE-2008-5174 (SQL injection vulnerability in joke.php in Jokes Complete Website 2.1. ...) NOT-FOR-US: Jokes Complete Website CVE-2008-5173 (Unspecified vulnerability in testMaker before 3.0p16 allows remote aut ...) NOT-FOR-US: testMaker CVE-2008-5172 (Multiple cross-site scripting (XSS) vulnerabilities in Yazd Forum Soft ...) NOT-FOR-US: Yazd Forum Software CVE-2008-5171 (Multiple directory traversal vulnerabilities in admin/minibb/index.php ...) NOT-FOR-US: phpBLASTER CMS CVE-2008-5170 (SQL injection vulnerability in item.php in Cheats Complete Website 1.1 ...) NOT-FOR-US: Cheats Complete Website CVE-2008-5169 (SQL injection vulnerability in drinks/drink.php in Drinks Complete Web ...) NOT-FOR-US: Drinks Complete Website CVE-2008-5168 (SQL injection vulnerability in tip.php in Tips Complete Website 1.2.0 ...) NOT-FOR-US: Tips Complete Website CVE-2008-5167 (PHP remote file inclusion vulnerability in layout/default/params.php i ...) NOT-FOR-US: Orca Interactive Forum Script CVE-2008-5166 (SQL injection vulnerability in riddle.php in Riddles Website 1.2.1 all ...) NOT-FOR-US: Riddles Website CVE-2008-5165 (Multiple SQL injection vulnerabilities in eTicket 1.5.7 allow remote a ...) NOT-FOR-US: eTicket CVE-2008-5164 (Multiple cross-site scripting (XSS) vulnerabilities in The Rat CMS Pre ...) NOT-FOR-US: The Rat CMS CVE-2008-5163 (Multiple SQL injection vulnerabilities in The Rat CMS Pre-Alpha 2 allo ...) NOT-FOR-US: The Rat CMS CVE-2008-5162 (The arc4random function in the kernel in FreeBSD 6.3 through 7.1 does ...) - kfreebsd-6 [lenny] - kfreebsd-6 (KFreebsd not supported) - kfreebsd-7 7.1-1 [lenny] - kfreebsd-7 7.0-7lenny1 CVE-2008-5161 (Error handling in the SSH protocol in (1) SSH Tectia Client and Server ...) - openssh 1:5.1p1-5 (low; bug #506115) [etch] - openssh (Minor issue, see http://www.openssh.org/txt/cbc.adv) CVE-2008-5185 (The highlighting functionality in geshi.php in GeSHi before 1.0.8 allo ...) {DTSA-179-1} - geshi 1.0.8.1-1 (medium) CVE-2008-5160 (Unspecified vulnerability in MyServer 0.8.11 allows remote attackers t ...) - msp-webserver (bug #506268) CVE-2008-5159 (Integer overflow in the remote administration protocol processing in C ...) NOT-FOR-US: WinCom LPD CVE-2008-5158 (Client Software WinCom LPD Total 3.0.2.623 and earlier allows remote a ...) NOT-FOR-US: WinCom LPD CVE-2008-5157 (tau 2.16.4 allows local users to overwrite arbitrary files via a symli ...) - tau 2.16.4-1.3 (bug #506348) [etch] - tau (Minor issue) CVE-2008-5156 (si_mkbootserver in systemimager-server 3.6.3 allows local users to ove ...) - systemimager (bug #506269) [etch] - systemimager (Minor issue) CVE-2008-5155 (mail2sms.sh in smsclient 2.0.8z allows local users to overwrite arbitr ...) - smsclient (unimportant; bug #498901) CVE-2008-5154 (bluetooth.rc in p3nfs 5.19 allows local users to overwrite arbitrary f ...) - p3nfs 5.19-1.2 (low; bug #506270) [etch] - p3nfs (Minor issue) CVE-2008-5153 (spell-check-logic.cgi in Moodle 1.8.2 allows local users to overwrite ...) {DSA-1724-1} - moodle 1.8.2.2dfsg-4 [lenny] - moodle 1.8.2.dfsg-3+lenny1 NOTE: manual editing of file is required to run the unsafe code CVE-2008-5152 (inmail-show in mh-book 200605 allows local users to overwrite arbitrar ...) - mh-book (unimportant) NOTE: unsafe code is in example script CVE-2008-5151 (test_parser.py in mayavi 1.5 allows local users to overwrite arbitrary ...) - mayavi (unimportant) NOTE: just a comment, not code CVE-2008-5150 (sample.sh in maildirsync 1.1 allows local users to append data to arbi ...) - maildirsync (unimportant) NOTE: unsafe code is in example script CVE-2008-5149 (fwd_check.sh in libncbi6 6.1.20080302 allows local users to overwrite ...) - ncbi-tools6 6.1.20080302-4 (unimportant) NOTE: unsafe code is in example script CVE-2008-5148 (sch2eaglepos.sh in geda-gnetlist 1.4.0 allows local users to overwrite ...) - geda-gnetlist (unimportant) NOTE: unsafe code is an example script CVE-2008-5147 (test-pipe-to-pyodconverter.org.sh in docvert 2.4 allows local users to ...) - docvert 3.4-7 (unimportant) NOTE: unsafe code is in test script with multiple hardcoded files CVE-2008-5146 (add-accession-numbers in ctn 3.0.6 allows local users to overwrite arb ...) - ctn (unimportant) NOTE: unsafe code is in example script CVE-2008-5145 (ltpmenu in ltp 20060918 allows local users to overwrite arbitrary file ...) - ltp 20060918-3 (low; bug #506272) [etch] - ltp (Minor issue) NOTE: this is not the same as CVE-2008-4969 CVE-2008-5144 (nvidia-cg-toolkit-installer in nvidia-cg-toolkit 2.0.0015 allows local ...) - nvidia-cg-toolkit (unimportant) NOTE: -installer can be run from postinst but unsafe code is only executed when a special option is used when manually running the installer CVE-2008-5143 (mgt-helper in multi-gnome-terminal 1.6.2 allows local users to overwri ...) [etch] - multi-gnome-terminal (Symlink issue not run as root) - multi-gnome-terminal CVE-2008-5142 (sendbug in freebsd-sendpr 3.113+5.3 on Debian GNU/Linux allows local u ...) - freebsd-sendpr (unimportant) NOTE: code is only executed when the script to send bug reports fails CVE-2008-5141 (flamethrower in flamethrower 0.1.8 allows local users to overwrite arb ...) {DSA-1676-1} - flamethrower 0.1.8-2 (low; bug #506350) CVE-2008-5140 (trend-autoupdate.new in mailscanner 4.55.10 and other versions before ...) - mailscanner 4.57.6-1 (unimportant) NOTE: script should only be used when the private Trend Micro antivirus is installed CVE-2008-5139 (updatejail in jailer 0.4 allows local users to overwrite arbitrary fil ...) {DSA-1674-1} - jailer 0.4-10 (bug #410548; low) CVE-2008-5138 (passwdehd in libpam-mount 0.43 allows local users to overwrite arbitra ...) - libpam-mount 1.2+gitaa4791f-1 (low) [lenny] - libpam-mount 0.44-1+lenny2 CVE-2008-5137 (tkman in tkman 2.2 allows local users to overwrite arbitrary files via ...) - tkman 2.2-4 (low; bug #506496) [etch] - tkman 2.2-2etch1 CVE-2008-5136 (tkusr in tkusr 0.82 allows local users to overwrite arbitrary files vi ...) [etch] - tkusr (Minor issue) - tkusr (low) CVE-2008-5135 - os-prober (unimportant) CVE-2008-5134 (Buffer overflow in the lbs_process_bss function in drivers/net/wireles ...) {DSA-1681-1} [etch] - linux-2.6 (Vulnerable code not present) - linux-2.6 2.6.26-11 - linux-2.6.24 2.6.24-6~etchnhalf.7 CVE-2008-5133 (ipnat in IP Filter in Sun Solaris 10 and OpenSolaris before snv_96, wh ...) NOT-FOR-US: ipnat CVE-2008-5183 (cupsd in CUPS 1.3.9 and earlier allows local users, and possibly remot ...) {DSA-2176-1} - cups 1.3.9-13 (low; bug #506180) [lenny] - cups (Minor issue) [etch] - cupsys (RSS subscription code not yet present) CVE-2008-5297 (Buffer overflow in No-IP DUC 2.1.7 and earlier allows remote HTTP serv ...) {DSA-1686-1} - no-ip 2.1.7-11 (bug #506179) CVE-2008-5132 (SQL injection vulnerability in inc/ajax/ajax_rating.php in MemHT Porta ...) NOT-FOR-US: MemHT Portal CVE-2008-5131 (Multiple SQL injection vulnerabilities in Develop It Easy News And Art ...) NOT-FOR-US: Develop It Easy News And Article System CVE-2008-5130 (Ocean12 Calendar Manager Gold 2.04 stores sensitive information under ...) NOT-FOR-US: Ocean12 software CVE-2008-5129 (Ocean12 Poll Manager Pro 1.00 stores sensitive information under the w ...) NOT-FOR-US: Ocean12 software CVE-2008-5128 (Ocean12 Membership Manager Pro stores sensitive information under the ...) NOT-FOR-US: Ocean12 software CVE-2008-5127 (Ocean12 Contact Manager Pro 1.02 stores sensitive information under th ...) NOT-FOR-US: Ocean12 software CVE-2008-5126 (Cross-site scripting (XSS) vulnerability in search.php in BoutikOne CM ...) NOT-FOR-US: BoutikOne CVE-2008-5125 (admin.php in CCleague Pro 1.2 allows remote attackers to bypass authen ...) NOT-FOR-US: CCleague Pro CVE-2008-5124 (JSCAPE Secure FTP Applet 4.8.0 and earlier does not ask the user to ve ...) NOT-FOR-US: JSCAPE Secure FTP Applet CVE-2008-5123 (SQL injection vulnerability in admin.php in CCleague Pro 1.2 allows re ...) NOT-FOR-US: CCleague Pro CVE-2008-5122 (SQL injection vulnerability in WorkArea/ContentRatingGraph.aspx in Ekt ...) NOT-FOR-US: Ektron CMS400.NET CVE-2008-5121 (dne2000.sys in Citrix Deterministic Network Enhancer (DNE) 2.21.7.233 ...) NOT-FOR-US: Citrix Deterministic Network Enhancer CVE-2008-5120 (Stack-based buffer overflow in the Process Software MultiNet finger se ...) NOT-FOR-US: MultiNet finger service CVE-2008-5119 (Cross-site scripting (XSS) vulnerability in search.php in Scripts4Prof ...) NOT-FOR-US: Scripts4Profit DXShopCart CVE-2008-5118 (Sun Java System Identity Manager 6.0 through 6.0 SP4, 7.0, and 7.1 all ...) NOT-FOR-US: Sun Java System Identity Manager CVE-2008-5117 (Open redirect vulnerability in Sun Java System Identity Manager 6.0 th ...) NOT-FOR-US: Sun Java System Identity Manager CVE-2008-5116 (Directory traversal vulnerability in idm/includes/helpServer.jsp in Su ...) NOT-FOR-US: Sun Java System Identity Manager CVE-2008-5115 (Cross-site request forgery (CSRF) vulnerability in Sun Java System Ide ...) NOT-FOR-US: Sun Java System Identity Manager CVE-2008-5114 (Multiple cross-site scripting (XSS) vulnerabilities in Sun Java System ...) NOT-FOR-US: Sun Java System Identity Manager CVE-2008-5112 (The LDAP server in Active Directory in Microsoft Windows 2000 SP4 and ...) NOT-FOR-US: Microsoft CVE-2008-5111 (Unspecified vulnerability in the socket function in Sun Solaris 10 and ...) NOT-FOR-US: Solaris CVE-2008-5109 (The default configuration of Adobe Flash Media Server (FMS) 3.0 does n ...) NOT-FOR-US: Adobe Flash Media Server CVE-2008-5108 (Unspecified vulnerability in Adobe AIR 1.1 and earlier allows context- ...) NOT-FOR-US: Adobe AIR CVE-2008-5107 (The installation process for Citrix Presentation Server 4.5 and Deskto ...) NOT-FOR-US: Citrix PS CVE-2008-5106 (Buffer overflow in KarjaSoft Sami FTP Server 2.0.x allows remote attac ...) NOT-FOR-US: KarjaSoft Sami FTP Server CVE-2008-5105 (KarjaSoft Sami FTP Server 2.0.x allows remote attackers to cause a den ...) NOT-FOR-US: KarjaSoft Sami FTP Server CVE-2008-5104 (Ubuntu 6.06 LTS, 7.10, 8.04 LTS, and 8.10, when installed as a virtual ...) NOT-FOR-US: VMBuilder CVE-2008-5103 (The (1) python-vm-builder and (2) ubuntu-vm-builder implementations in ...) NOT-FOR-US: VMBuilder CVE-2008-5102 (PythonScripts in Zope 2 2.11.2 and earlier, as used in Conga and other ...) - zope2.10 (unimportant) NOTE: this only affects installations in which users have unrestricted access to the management NOTE: interface. On Debian there one admin user is added for this at installation time and NOTE: non-trustworthy users shouldn't have access to the interface. - zope3 (Vulnerable code not present) CVE-2008-5100 (The strong name (SN) implementation in Microsoft .NET Framework 2.0.50 ...) NOT-FOR-US: Microsoft .NET Framework CVE-2008-5099 (Sun Logical Domain Manager (aka LDoms Manager or ldm) 1.0 through 1.0. ...) NOT-FOR-US: Sun Logical Domain Manager CVE-2008-5098 (Cross-site scripting (XSS) vulnerability in Sun Java System Messaging ...) NOT-FOR-US: Sun Java System Messaging Serve CVE-2008-5110 (syslog-ng does not call chdir when it calls chroot, which might allow ...) - syslog-ng 2.0.9-4.1 (unimportant; bug #505791) NOTE: no security flaw by itself, still it should be fixed CVE-2008-5097 (SQL injection vulnerability in index.php in MyFWB 1.0 allows remote at ...) NOT-FOR-US: MyFWB CVE-2008-5096 (Unspecified vulnerability in the TYPO3 File List (file_list) extension ...) NOT-FOR-US: TYPO3 third party extension "file_list" CVE-2008-5095 (Cross-site scripting (XSS) vulnerability in the Novell User Applicatio ...) NOT-FOR-US: Novell User Application CVE-2008-5094 (Heap-based buffer overflow in the NDS Service in Novell eDirectory bef ...) NOT-FOR-US: eDirectory CVE-2008-5093 (Cross-site scripting (XSS) vulnerability in the HTTP Protocol Stack (H ...) NOT-FOR-US: eDirectory CVE-2008-5092 (Heap-based buffer overflows in Novell eDirectory HTTP protocol stack ( ...) NOT-FOR-US: eDirectory CVE-2008-5091 (Buffer overflow in the LDAP Service in Novell eDirectory 8.7.3 before ...) NOT-FOR-US: eDirectory CVE-2008-5090 (Electron Inc. Advanced Electron Forum before 1.0.7 allows remote attac ...) NOT-FOR-US: Advanced Electron Forum CVE-2008-5089 (Multiple insecure method vulnerabilities in the DDActiveReportsViewer2 ...) NOT-FOR-US: Data Dynamics ActiveReports ActiveX control CVE-2008-5088 (Multiple SQL injection vulnerabilities in PHPKB Knowledge Base Softwar ...) NOT-FOR-US: PHPKB CVE-2008-5087 (SQL injection vulnerability in TYPO3 Another Backend Login (wrg_anothe ...) NOT-FOR-US: wrg_anotherbelogin extension for typo3 CVE-2008-5086 (Multiple methods in libvirt 0.3.2 through 0.5.1 do not check if a conn ...) - libvirt 0.4.6-10 CVE-2008-5085 REJECTED CVE-2008-5084 REJECTED CVE-2008-5083 (In JON 2.1.x before 2.1.2 SP1, users can obtain unauthorized security ...) NOT-FOR-US: Red Hat JBoss Operations Network CVE-2008-5082 (The verifyProof function in the Token Processing System (TPS) componen ...) NOT-FOR-US: Red Hat Certificate System CVE-2008-5081 (The originates_from_local_legacy_unicast_socket function (avahi-core/s ...) {DSA-1690-1 DTSA-189-1} - avahi 0.6.23-3 (bug #508700; low) CVE-2008-5080 (awstats.pl in AWStats 6.8 and earlier does not properly remove quote c ...) {DSA-1679-1} - awstats 6.7.dfsg-5.1 (bug #495432; low) CVE-2008-5079 (net/atm/svc.c in the ATM subsystem in the Linux kernel 2.6.27.8 and ea ...) {DSA-1787-1 DSA-1687-1} - linux-2.6 2.6.26-12 - linux-2.6.24 NOTE: http://marc.info/?l=linux-netdev&m=122841256115780&w=2 CVE-2008-5078 (Multiple buffer overflows in the (1) recognize_eps_file function (src/ ...) {DSA-1670-1} - enscript 1.6.4-13 (bug #506261) CVE-2008-5077 (OpenSSL 0.9.8i and earlier does not properly check the return value fr ...) {DSA-1701-1} - openssl 0.9.8g-15 CVE-2008-5075 (Multiple SQL injection vulnerabilities in E-Uploader Pro 1.0 (aka Uplo ...) NOT-FOR-US: E-Uploader Pro CVE-2008-5074 (SQL injection vulnerability in index.php in the Freshlinks 1.0 RC1 mod ...) NOT-FOR-US: Freshlinks module for PHP-Fusion CVE-2008-5073 (Heap-based buffer overflow in an ActiveX control in Novell ZENworks De ...) NOT-FOR-US: Novell ZENworks ActiveX control CVE-2008-5072 (vsfilter.dll in K-Lite Mega Codec Pack 3.5.7.0 allows remote attackers ...) NOT-FOR-US: K-Lite Mega Codec Pack CVE-2008-5071 (Multiple eval injection vulnerabilities in itpm_estimate.php in Yoxel ...) NOT-FOR-US: Yoxel CVE-2008-5070 (SQL injection vulnerability in Pro Chat Rooms 3.0.3, when magic_quotes ...) NOT-FOR-US: Pro Chat Rooms CVE-2008-5069 (SQL injection vulnerability in go.php in Panuwat PromoteWeb MySQL, whe ...) NOT-FOR-US: Panuwat PromoteWeb MySQL CVE-2008-5068 (Multiple cross-site scripting (XSS) vulnerabilities in Kmita Gallery a ...) NOT-FOR-US: Kmita Gallery CVE-2008-5067 (Cross-site scripting (XSS) vulnerability in search.php in Kmita Catalo ...) NOT-FOR-US: Kmita Catalogue CVE-2008-5066 (PHP remote file inclusion vulnerability in upload/admin/frontpage_righ ...) NOT-FOR-US: Agares Media ThemeSiteScript CVE-2008-5065 (TlGuestBook 1.2 allows remote attackers to bypass authentication and g ...) NOT-FOR-US: TlGuestBook CVE-2008-5064 (SQL injection vulnerability in liga.php in H&H WebSoccer 2.80 allo ...) NOT-FOR-US: H&H WebSoccer CVE-2008-5063 (PHP remote file inclusion vulnerability in Admin/ADM_Pagina.php in OTM ...) NOT-FOR-US: OTManager CVE-2008-5062 (Directory traversal vulnerability in php/cal_pdf.php in Mini Web Calen ...) NOT-FOR-US: Mini Web Calendar CVE-2008-5061 (Cross-site scripting (XSS) vulnerability in php/cal_default.php in Min ...) NOT-FOR-US: Mini Web Calendar CVE-2008-5060 (Multiple PHP remote file inclusion vulnerabilities in ModernBill 4.4 a ...) NOT-FOR-US: ModernBill CVE-2008-5059 (Cross-site scripting (XSS) vulnerability in index.php in ModernBill 4. ...) NOT-FOR-US: ModernBill CVE-2008-5058 (SQL injection vulnerability in siteadmin/loginsucess.php in Pre Simple ...) NOT-FOR-US: Pre Simple CMS CVE-2008-5057 (SQL injection vulnerability in film.asp in Yigit Aybuga Dizi Portali a ...) NOT-FOR-US: Yigit Aybuga Dizi Portali CVE-2008-5056 (Cross-site scripting (XSS) vulnerability in department_offline_context ...) NOT-FOR-US: ActiveCampaign TrioLive CVE-2008-5055 (SQL injection vulnerability in department_offline_context.php in Activ ...) NOT-FOR-US: ActiveCampaign TrioLive CVE-2008-5054 (Multiple SQL injection vulnerabilities in Develop It Easy Membership S ...) NOT-FOR-US: Develop It Easy Membership System CVE-2008-5053 (PHP remote file inclusion vulnerability in admin.rssreader.php in the ...) NOT-FOR-US: com_rssreader component for Joomla! CVE-2008-5052 (The AppendAttributeValue function in the JavaScript engine in Mozilla ...) {DSA-1697-1 DSA-1696-1 DSA-1671-1 DSA-1669-1} - iceweasel 3.0.4-1 - xulrunner 1.9.0.4-1 - icedove 2.0.0.19-1 - iceape 1.1.13-1 CVE-2008-5051 (SQL injection vulnerability in the JooBlog (com_jb2) component 0.1.1 f ...) NOT-FOR-US: joomla CVE-2008-5049 (Buffer overflow in AKEProtect.sys 3.3.3.0 in ISecSoft Anti-Keylogger E ...) NOT-FOR-US: ISecSoft Anti-Keylogger CVE-2008-5048 (Buffer overflow in Atepmon.sys in ISecSoft Anti-Trojan Elite 4.2.1 and ...) NOT-FOR-US: ISecSoft Anti-Trojan CVE-2008-5047 (SQL injection vulnerability in admin/index.php in Mole Group Rental Sc ...) NOT-FOR-US: Mole Group Rental Script CVE-2008-5046 (SQL injection vulnerability in index.php in Mole Group Pizza Script al ...) NOT-FOR-US: Mole Group Pizza Script CVE-2008-5045 (Heap-based buffer overflow in Network-Client FTP Now 2.6, and possibly ...) NOT-FOR-US: Network-Client FTP Now CVE-2008-5044 (Race condition in Microsoft Windows Server 2003 and Vista allows local ...) NOT-FOR-US: Microsoft Windows CVE-2008-5043 (Multiple cross-site scripting (XSS) vulnerabilities in the web-based i ...) NOT-FOR-US: IBM Metrica Service Assurance Framework CVE-2008-5042 (Zeeways PhotoVideoTube 1.1 and earlier allows remote attackers to bypa ...) NOT-FOR-US: Zeeways PhotoVideoTube CVE-2008-5041 (Sweex RO002 Router with firmware Ts03-072 has "rdc123" as its default ...) NOT-FOR-US: Sweex RO002 Router CVE-2008-5040 (Graphiks MyForum 1.3 allows remote attackers to bypass authentication ...) NOT-FOR-US: Graphiks MyForum CVE-2008-5039 (Cross-site scripting (XSS) vulnerability in the League module for PHP- ...) NOT-FOR-US: PHP-Nuke CVE-2008-5038 (Use-after-free vulnerability in the NetWare Core Protocol (NCP) featur ...) NOT-FOR-US: Novell eDirectory CVE-2008-5037 (SQL injection vulnerability in view.php in ElkaGroup Image Gallery 1.0 ...) NOT-FOR-US: ElkaGroup Image Gallery CVE-2008-XXXX [typo3: passwords are not changeable bug in the backend] - typo3-src 4.2.3-1 (bug #505326) [etch] - typo3-src (TYPO3 versions below 4.2.x are not affected) CVE-2008-5919 (Directory traversal vulnerability in rss.php in WebSVN 2.0 and earlier ...) - websvn 2.0-4 (bug #503330) [etch] - websvn (vulnerable code not present) CVE-2008-5918 (Cross-site scripting (XSS) vulnerability in the getParameterisedSelfUr ...) - websvn 2.0-4 (bug #503330) [etch] - websvn (vulnerable code not present) CVE-2008-5033 (The chip_command function in drivers/media/video/tvaudio.c in the Linu ...) - linux-2.6 2.6.26-11 - linux-2.6.24 (Vulnerable code not present; different ioctls3B) [etch] - linux-2.6 (Vulnerable code not present; different ioctls) CVE-2008-5031 (Multiple integer overflows in Python 2.2.3 through 2.5.1, and 2.6, all ...) - python2.5 2.5.2-11.1 [etch] - python2.5 (Minor issue) [etch] - python2.4 (Minor issue) - python2.4 2.4.5-6 (low; bug #507317; bug #504620) NOTE: definitely fixed in 2.5.2-11.1 for lenny/unstable (svn-updates.dpatch) NOTE: maybe fixed earlier, doko is not able to tell the exact version atm CVE-2008-5030 (Heap-based buffer overflow in the cddb_read_disc_data function in cddb ...) {DSA-1665-1} - libcdaudio 0.99.12p2-7 (bug #505478) CVE-2008-5024 (Mozilla Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunder ...) {DSA-1697-1 DSA-1696-1 DSA-1671-1 DSA-1669-1} - iceweasel 3.0.4-1 - xulrunner 1.9.0.4-1 - icedove 2.0.0.19-1 - iceape 1.1.13-1 CVE-2008-5023 (Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, and SeaMonkey 1 ...) {DSA-1671-1 DSA-1669-1} - iceweasel 3.0.4-1 - xulrunner 1.9.0.4-1 - iceape 1.1.13-1 [etch] - iceape (Etch Packages no longer covered by security support) CVE-2008-5022 (The nsXMLHttpRequest::NotifyEventListeners method in Firefox 3.x befor ...) {DSA-1697-1 DSA-1696-1 DSA-1671-1 DSA-1669-1} - xulrunner 1.9.0.4-1 - iceweasel 3.0.4-1 - icedove 2.0.0.19-1 - iceape 1.1.13-1 CVE-2008-5021 (nsFrameManager in Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.1 ...) {DSA-1697-1 DSA-1696-1 DSA-1671-1 DSA-1669-1} - iceweasel 3.0.4-1 - xulrunner 1.9.0.4-1 - icedove 2.0.0.19-1 - iceape 1.1.13-1 CVE-2008-5020 REJECTED CVE-2008-5019 (The session restore feature in Mozilla Firefox 3.x before 3.0.4 and 2. ...) {DSA-1671-1} - iceweasel 3.0.4-1 - xulrunner 1.9.0.4-1 [etch] - xulrunner (Etch Packages no longer covered by security support) NOTE: patch for xulrunner currently not suitable, Alexander will check this further CVE-2008-5018 (The JavaScript engine in Mozilla Firefox 3.x before 3.0.4, Firefox 2.x ...) {DSA-1697-1 DSA-1696-1 DSA-1671-1 DSA-1669-1} - iceweasel 3.0.4-1 - xulrunner 1.9.0.4-1 - icedove 2.0.0.19-1 - iceape 1.1.13-1 CVE-2008-5017 (Integer overflow in xpcom/io/nsEscape.cpp in the browser engine in Moz ...) {DSA-1697-1 DSA-1696-1 DSA-1671-1 DSA-1669-1} - iceweasel 3.0.4-1 - xulrunner 1.9.0.4-1 - icedove 2.0.0.19-1 - iceape 1.1.13-1 CVE-2008-5016 (The layout engine in Mozilla Firefox 3.x before 3.0.4, Thunderbird 2.x ...) - iceweasel 3.0.4-1 - xulrunner 1.9.0.4-1 - icedove 2.0.0.19-1 - iceape 1.1.13-1 [etch] - iceweasel (Doesn't affect Firefox 2.x et al) [etch] - xulrunner (Doesn't affect Firefox 2.x et al) [etch] - iceape (Doesn't affect Firefox 2.x et al) [etch] - icedove (Doesn't affect Firefox 2.x et al) CVE-2008-5015 (Mozilla Firefox 3.x before 3.0.4 assigns chrome privileges to a file: ...) - iceweasel 3.0.4-1 - xulrunner 1.9.0.4-1 [etch] - iceweasel (Doesn't affect Firefox 2.x) [etch] - xulrunner (Doesn't affect Firefox 2.x) CVE-2008-5014 (jslock.cpp in Mozilla Firefox 3.x before 3.0.2, Firefox 2.x before 2.0 ...) {DSA-1697-1 DSA-1696-1 DSA-1671-1 DSA-1669-1} - iceweasel 3.0.4-1 - xulrunner 1.9.0.4-1 - icedove 2.0.0.19-1 - iceape 1.1.13-1 CVE-2008-5013 (Mozilla Firefox 2.x before 2.0.0.18 and SeaMonkey 1.x before 1.1.13 do ...) {DSA-1697-1 DSA-1671-1 DSA-1669-1} - iceape 1.1.13-1 - iceweasel 3.0.1-1 - xulrunner 1.9.0.1-1 CVE-2008-5012 (Mozilla Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, ...) {DSA-1697-1 DSA-1696-1 DSA-1671-1 DSA-1669-1} - iceape 1.1.13-1 - iceweasel 3.0.1-1 - xulrunner 1.9.0.1-1 - icedove 2.0.0.19-1 CVE-2008-5010 (in.dhcpd in the DHCP implementation in Sun Solaris 8 through 10, and O ...) NOT-FOR-US: in.dhcpd CVE-2008-5101 (Buffer overflow in the BMP reader in OptiPNG 0.6 and 0.6.1 allows user ...) - optipng 0.6.1.1-1 (bug #505399) [etch] - optipng (Vulnerable code not present referring to upstream) CVE-2008-5035 (The Resource Monitoring and Control (RMC) daemon in IBM Hardware Manag ...) NOT-FOR-US: IBM Hardware Management Console CVE-2008-5026 (Microsoft SharePoint uses URLs with the same hostname and port number ...) NOT-FOR-US: Microsoft CVE-2008-5011 (Multiple cross-site scripting (XSS) vulnerabilities in IBM Lotus Quick ...) NOT-FOR-US: IBM Lotus Quickr CVE-2008-5009 (Race condition in the s_xout kernel module in Sun Solstice X.25 9.2, w ...) NOT-FOR-US: Sun Solstice X.25 CVE-2008-5025 (Stack-based buffer overflow in the hfs_cat_find_brec function in fs/hf ...) {DSA-1687-1 DSA-1681-1} - linux-2.6 2.6.26-11 - linux-2.6.24 2.6.24-6~etchnhalf.7 CVE-2008-5029 (The __scm_destroy function in net/core/scm.c in the Linux kernel 2.6.2 ...) {DSA-1687-1 DSA-1681-1} - linux-2.6 2.6.26-11 - linux-2.6.24 2.6.24-6~etchnhalf.7 CVE-2008-5008 (Buffer overflow in src/src_sinc.c in Secret Rabbit Code (aka SRC or li ...) - libsamplerate 0.1.4-1 (low) [etch] - libsamplerate (Minor issue) CVE-2008-5006 (smtp.c in the c-client library in University of Washington IMAP Toolki ...) {DSA-1685-1 DTSA-174-1 DTSA-174-2} - uw-imap 7:2007d~dfsg-1 CVE-2008-5005 (Multiple stack-based buffer overflows in (1) University of Washington ...) {DSA-1685-1 DTSA-174-1 DTSA-174-2} [lenny] - uw-imap 2007b~dfsg-4+lenny1 - uw-imap 7:2007d~dfsg-1 - alpine (vulnerable code present but tmail/dmail wont be installed) CVE-2008-5004 (SQL injection vulnerability in genscode.php in myWebland Bloggie Lite ...) NOT-FOR-US: myWebland Bloggie Lite CVE-2008-5003 (SQL injection vulnerability in ndetail.php in Shahrood allows remote a ...) NOT-FOR-US: Shahrood CVE-2008-5002 (Insecure method vulnerability in the ChilkatCrypt2.ChilkatCrypt2.1 Act ...) NOT-FOR-US: ActiveX CVE-2008-5001 (Multiple stack-based buffer overflows in multiple functions in vncview ...) NOT-FOR-US: UltraVNC CVE-2008-5000 (SQL injection vulnerability in admin/includes/news.inc.php in PHPX 3.5 ...) NOT-FOR-US: PHPX CVE-2008-4999 (Nortel Networks UNIStim IP Phone 0604DAS allows remote attackers to ca ...) NOT-FOR-US: Nortel Networks UNIStim IP Phone CVE-2008-4997 - pilot-qof (unimportant; bug #496429) CVE-2008-4996 - initramfs-tools (unimportant; bug #496386) CVE-2008-4992 (The SPARC hypervisor in Sun System Firmware 6.6.3 through 6.6.5 and 7. ...) NOT-FOR-US: Sun System Firmware CVE-2008-5050 (Off-by-one error in the get_unicode_name function (libclamav/vba_extra ...) {DSA-1680-1} - clamav 0.94.dfsg.1-1 (bug #505134) CVE-2008-4991 (SQL injection vulnerability in LOCKON CO.,LTD. EC-CUBE 2.3.0 and earli ...) NOT-FOR-US: LOCKON CO.,LTD. EC-CUBE CVE-2008-XXXX [yzis insecure temp file] - yzis 1.0~alpha1-2 (bug #504680) CVE-2008-5113 (WordPress 2.6.3 relies on the REQUEST superglobal array in certain dan ...) {DSA-1871-2 DSA-1871-1} - wordpress 2.5.1-10 (bug #504771) CVE-2008-4990 (Enomaly Elastic Computing Platform (ECP), formerly Enomalism, before 2 ...) NOT-FOR-US: Enomalism CVE-2008-4989 (The _gnutls_x509_verify_certificate function in lib/x509/verify.c in l ...) {DSA-1719-1} - gnutls26 2.4.2-3 (bug #505360) - gnutls13 CVE-2008-4963 (Unspecified vulnerability in the VLAN Trunking Protocol (VTP) implemen ...) NOT-FOR-US: Cisco IOS and CatOS CVE-2008-4962 RESERVED CVE-2008-4961 RESERVED CVE-2008-4953 - firehol (unimportant; bug #496424) NOTE: attack unfeasible because of $$-${RANDOM}-${RANDOM} CVE-2008-4950 (** DISPUTED ** gccross in dpkg-cross 2.3.0 allows local users to overw ...) - dpkg-cross (unimportant; bug #496413) NOTE: executed under a chroot when a package failed to cross-build CVE-2008-4938 (aegis 4.24 and aegis-web 4.24 allow local users to overwrite arbitrary ...) - aegis 4.24-3.1 (low; bug #496400) [etch] - aegis (Minor issue) CVE-2008-4934 (The hfsplus_block_allocate function in fs/hfsplus/bitmap.c in the Linu ...) {DSA-1687-1 DSA-1681-1} - linux-2.6 2.6.26-11 - linux-2.6.24 2.6.24-6~etchnhalf.7 CVE-2008-4933 (Buffer overflow in the hfsplus_find_cat function in fs/hfsplus/catalog ...) {DSA-1687-1 DSA-1681-1} - linux-2.6 2.6.26-11 - linux-2.6.24 2.6.24-6~etchnhalf.7 CVE-2008-4932 (webmail/modules/filesystem/edit.php in U-Mail Webmail server 4.91 allo ...) NOT-FOR-US: U-Mail Webmail server CVE-2008-XXXX [universalindentgui insecure usage of temp files] - universalindentgui 0.8.1-1.2 (low; bug #504726) CVE-2008-5032 (Stack-based buffer overflow in VideoLAN VLC media player 0.5.0 through ...) {DSA-1819-1 DTSA-176-1} - vlc 0.8.6.h-5 (medium; bug #504639) CVE-2008-5036 (Stack-based buffer overflow in VideoLAN VLC media player 0.9.x before ...) - vlc 1.0.3-1 (low) [etch] - vlc (Vulnerable code not present in 0.8.x) [lenny] - vlc (Vulnerable code not present in 0.8.x) CVE-2008-4931 (Cross-site scripting (XSS) vulnerability in the account module in firm ...) NOT-FOR-US: firmCHANNEL Digital Signage CVE-2008-4930 (MyBB (aka MyBulletinBoard) 1.4.2 does not properly handle an uploaded ...) NOT-FOR-US: MyBB CVE-2008-4929 (MyBB (aka MyBulletinBoard) 1.4.2 uses insufficient randomness to compo ...) NOT-FOR-US: MyBB CVE-2008-4928 (Cross-site scripting (XSS) vulnerability in the redirect function in f ...) NOT-FOR-US: MyBB CVE-2008-4927 (Microsoft Windows Media Player (WMP) 9.0 through 11 allows user-assist ...) NOT-FOR-US: Microsoft Windows Media Player CVE-2008-4926 (Multiple insecure method vulnerabilities in MW6 Technologies PDF417 Ac ...) NOT-FOR-US: MW6 Technologies PDF417 ActiveX CVE-2008-4925 (Multiple insecure method vulnerabilities in MW6 Technologies DataMatri ...) NOT-FOR-US: MW6 Technologies DataMatrix ActiveX CVE-2008-4924 (Multiple insecure method vulnerabilities in MW6 Technologies 1D Barcod ...) NOT-FOR-US: MW6 Technologies 1D Barcode ActiveX CVE-2008-4923 (Multiple insecure method vulnerabilities in MW6 Technologies Aztec Act ...) NOT-FOR-US: MW6 Technologies Aztec ActiveX CVE-2008-4922 (Buffer overflow in the DjVu ActiveX Control 3.0 for Microsoft Office ( ...) NOT-FOR-US: DjVu ActiveX CVE-2008-4921 (board/admin/reguser.php in Chipmunk CMS 1.3 allows remote attackers to ...) NOT-FOR-US: Chipmunk CMS CVE-2008-4920 REJECTED CVE-2008-4919 (Insecure method vulnerability in VISAGESOFT eXPert PDF Viewer X Active ...) NOT-FOR-US: eXPert PDF Viewer X ActiveX CVE-2008-4918 (Cross-site scripting (XSS) vulnerability in SonicWALL SonicOS Enhanced ...) NOT-FOR-US: SonicOS Enhanced CVE-2008-5027 (The Nagios process in (1) Nagios before 3.0.5 and (2) op5 Monitor befo ...) - nagios3 (unimportant) NOTE: the nagios process shouldnt have rights to execute important commands and non-trusted NOTE: users shouldn't have access to nagios anyway CVE-2008-5028 (Cross-site request forgery (CSRF) vulnerability in cmd.cgi in (1) Nagi ...) - nagios3 3.0.6-1 (low; bug #504894) [etch] - nagios2 (CSRF can only cause DoS and needs admin's browser) CVE-2008-4917 (Unspecified vulnerability in VMware Workstation 5.5.8 and earlier, and ...) NOT-FOR-US: VMware Workstation CVE-2008-4916 (Unspecified vulnerability in a guest virtual device driver in VMware W ...) NOT-FOR-US: VMware CVE-2008-4915 (The CPU hardware emulation in VMware Workstation 6.0.5 and earlier and ...) NOT-FOR-US: VMware Workstation CVE-2008-4914 (Unspecified vulnerability in VMware ESXi 3.5 before ESXe350-200901401- ...) NOT-FOR-US: VMware CVE-2008-4913 (Directory traversal vulnerability in admin.php in LokiCMS 0.3.3 and ea ...) NOT-FOR-US: LokiCMS CVE-2008-4912 (SQL injection vulnerability in popup_img.php in the fotogalerie module ...) NOT-FOR-US: RS MAXSOFT CVE-2008-4911 (PHP remote file inclusion vulnerability in read.php in Chattaitaliano ...) NOT-FOR-US: Chattaitaliano Istant-Replay CVE-2008-4910 (The BasicService in Sun Java Web Start allows remote attackers to exec ...) NOT-FOR-US: Sun Java Web Start CVE-2008-4909 (Cross-site request forgery (CSRF) vulnerability in CompactCMS 1.1 and ...) NOT-FOR-US: CompactCMS CVE-2008-4908 (maps/Info/combine.pl in CrossFire crossfire-maps 1.11.0 allows local u ...) - crossfire-maps 1.11.0-2 (low; bug #496358; bug #504561) [etch] - crossfire-maps (Minor issue) CVE-2008-4906 (SQL injection vulnerability in lyrics_song.php in the Lyrics (lyrics_m ...) NOT-FOR-US: Lyrics (lyrics_menu) plugin for e107 CVE-2008-4905 (Typo 5.1.3 and earlier uses a hard-coded salt for calculating password ...) - typo (bug #379399) CVE-2008-4904 (SQL injection vulnerability in the "Manage pages" feature (admin/pages ...) - typo (bug #379399) CVE-2008-4903 (Cross-site scripting (XSS) vulnerability in the leave comment (feedbac ...) - typo (bug #379399) CVE-2008-4902 (SQL injection vulnerability in contact_author.php in Article Publisher ...) NOT-FOR-US: Article Publisher CVE-2008-4901 (SQL injection vulnerability in admin/admin.php in Article Publisher Pr ...) NOT-FOR-US: Article Publisher CVE-2008-4900 (SQL injection vulnerability in tr.php in YourFreeWorld Classifieds Bla ...) NOT-FOR-US: YourFreeWorld Classifieds CVE-2008-4899 (Cross-site request forgery (CSRF) vulnerability in Planetluc RateMe 1. ...) NOT-FOR-US: Planetluc RateMe CVE-2008-4898 (Cross-site scripting (XSS) vulnerability in planetluc RateMe 1.3.3 all ...) NOT-FOR-US: Planetluc RateMe CVE-2008-4897 (SQL injection vulnerability in fichiers/add_url.php in Logz podcast CM ...) NOT-FOR-US: Logz podcast CMS CVE-2008-4896 (Cross-site scripting (XSS) vulnerability in fichiers/add_url.php in Lo ...) NOT-FOR-US: Logz CMS CVE-2008-4895 (SQL injection vulnerability in tr.php in YourFreeWorld Downline Builde ...) NOT-FOR-US: YourFreeWorld Downline CVE-2008-4894 (Directory traversal vulnerability in templates/mytribiqsite/tribal-GPL ...) NOT-FOR-US: Tribiq CMS CVE-2008-4893 (Cross-site scripting (XSS) vulnerability in templates/mytribiqsite/tri ...) NOT-FOR-US: Tribiq CMS CVE-2008-4892 (Cross-site scripting (XSS) vulnerability in gallery.inc.php in Planetl ...) NOT-FOR-US: Planetluc MyGallery CVE-2008-4891 (Cross-site scripting (XSS) vulnerability in signme.inc.php in Planetlu ...) NOT-FOR-US: SignMe CVE-2008-4890 (SQL injection vulnerability in products.php in 1st News 4 Professional ...) NOT-FOR-US: 1st News 4 Professional CVE-2008-4889 (SQL injection vulnerability in index.php in deV!L'z Clanportal (DZCP) ...) NOT-FOR-US: deV!L'z Clanportal CVE-2008-4888 (Cross-site scripting (XSS) vulnerability in error.php in NetRisk 2.0 a ...) NOT-FOR-US: NetRisk 2.0 CVE-2008-4887 (SQL injection vulnerability in index.php in NetRisk 2.0 and earlier al ...) NOT-FOR-US: NetRisk 2.0 CVE-2008-4886 (SQL injection vulnerability in index.php in YourFreeWorld Shopping Car ...) NOT-FOR-US: YourFreeWorld Shopping CVE-2008-4885 (SQL injection vulnerability in tr1.php in YourFreeWorld Scrolling Text ...) NOT-FOR-US: YourFreeWorld Scrolling Text CVE-2008-4884 (SQL injection vulnerability in tr.php in YourFreeWorld Classifieds Hos ...) NOT-FOR-US: YourFreeWorld Classifieds CVE-2008-4883 (SQL injection vulnerability in tr.php in YourFreeWorld Blog Blaster Sc ...) NOT-FOR-US: YourFreeWorld Blog Blaster CVE-2008-4882 (SQL injection vulnerability in tr.php in YourFreeWorld Autoresponder H ...) NOT-FOR-US: YourFreeWorld Autoresponder CVE-2008-4881 (SQL injection vulnerability in tr.php in YourFreeWorld Reminder Servic ...) NOT-FOR-US: YourFreeWorld Reminder CVE-2008-4880 (SQL injection vulnerability in prodshow.php in Maran PHP Shop allows r ...) NOT-FOR-US: Maran PHP Shop CVE-2008-4879 (SQL injection vulnerability in prod.php in Maran PHP Shop allows remot ...) NOT-FOR-US: Maran PHP Shop CVE-2008-4907 (The message parsing feature in Dovecot 1.1.4 and 1.1.5, when using the ...) - dovecot 1:1.1.7-1 (low) [etch] - dovecot (Vulnerable code not present prior to 1.1.4) [lenny] - dovecot (Vulnerable code not present prior to 1.1.4) CVE-2008-5186 {DTSA-179-1} - geshi 1.0.8.1-1 (bug #504445) NOTE: its rather an application bug if the input to set_language_path is unfiltered user input NOTE: http://comments.gmane.org/gmane.comp.security.oss.general/1152 - dokuwiki 0.0.20080505-3.1 (unimportant; bug #504682) NOTE: DokuWiki passes a static string to $path parameter - pgfouine 1.0-1.1 (unimportant; bug #504681) NOTE: pgfouine too does not override default language files path CVE-2008-6432 REJECTED CVE-2008-4878 (Unrestricted file upload vulnerability in the "Add Image Macro" featur ...) NOT-FOR-US: WebCards CVE-2008-4877 (SQL injection vulnerability in admin.php in WebCards 1.3, when magic_q ...) NOT-FOR-US: WebCards CVE-2008-4876 (Cross-site scripting (XSS) vulnerability in the web server component i ...) NOT-FOR-US: Philips Electronics VOIP841 DECT Phone CVE-2008-4875 (Directory traversal vulnerability in the web server in Philips Electro ...) NOT-FOR-US: Philips Electronics VOIP841 DECT Phone CVE-2008-4874 (The web component in Philips Electronics VOIP841 DECT Phone with firmw ...) NOT-FOR-US: Philips Electronics VOIP841 DECT Phone CVE-2008-4873 (board.cgi in Sepal SPBOARD 4.5 allows remote attackers to execute arbi ...) NOT-FOR-US: Sepal SPBOARD CVE-2008-4872 (Cross-site scripting (XSS) vulnerability in bidhistory.php in iTechBid ...) NOT-FOR-US: iTechBids Gold CVE-2008-4871 (Cross-site scripting (XSS) vulnerability in My Little Forum 1.75 and 2 ...) NOT-FOR-US: My Little Forum CVE-2008-4870 (dovecot 1.0.7 in Red Hat Enterprise Linux (RHEL) 5, and possibly Fedor ...) - dovecot (unimportant) NOTE: by default this file doesnt containt sensitive information and administrator NOTE: changing this should ensure on its own that the mode is secure CVE-2008-4869 (FFmpeg 0.4.9, as used by MPlayer, allows context-dependent attackers t ...) - ffmpeg-debian 0.svn20080206-15 (unimportant; bug #504977) NOTE: A regular bug, but hardly a security issue - kino 1.0.0-1 [etch] - kino (Does not ship ffmpeg) - gstreamer0.10-ffmpeg 0.10.3-2 CVE-2008-4868 (Unspecified vulnerability in the avcodec_close function in libavcodec/ ...) - ffmpeg (Vulnerable code not present) - ffmpeg-debian (Vulnerable code not present) [etch] - ffmpeg (Vulnerable code not present) - mplayer 1.0~rc2-14 [etch] - mplayer (Vulnerable code not present) - kino 1.0.0-1 [etch] - kino (Does not ship ffmpeg) - gstreamer0.10-ffmpeg 0.10.3-2 [etch] - gstreamer0.10-ffmpeg (Vulnerable code not present) CVE-2008-4867 (Buffer overflow in libavcodec/dca.c in FFmpeg 0.4.9 before r14917, as ...) - ffmpeg 0.svn20080206-14 - ffmpeg-debian 0.svn20080206-14 (bug #504977) [etch] - ffmpeg (Vulnerable code not present) - mplayer 1.0~rc2-14 [etch] - mplayer (Vulnerable code not present) - kino 1.0.0-1 [etch] - kino (Does not ship ffmpeg) - gstreamer0.10-ffmpeg 0.10.3-2 [etch] - gstreamer0.10-ffmpeg (Vulnerable code not present) CVE-2008-4866 (Multiple buffer overflows in libavformat/utils.c in FFmpeg 0.4.9 befor ...) {DSA-1782-1} - ffmpeg 0.svn20080206-14 - ffmpeg-debian 0.svn20080206-14 (bug #504977) [etch] - ffmpeg (Vulnerable code not present) - mplayer 1.0~rc2-14 - kino 1.0.0-1 [etch] - kino (Does not ship ffmpeg) - gstreamer0.10-ffmpeg 0.10.3-2 [etch] - gstreamer0.10-ffmpeg (Vulnerable code not present) CVE-2008-4865 (Untrusted search path vulnerability in valgrind before 3.4.0 allows lo ...) - valgrind 1:3.3.1-3 (unimportant; bug #507312) NOTE: That's hardly an issue CVE-2008-4864 (Multiple integer overflows in imageop.c in the imageop module in Pytho ...) - python2.5 2.5.2-12 (low; bug #504619) [etch] - python2.5 (Minor issue) - python2.4 2.4.5-6 (low; bug #504620) [etch] - python2.4 (Minor issue) CVE-2008-4863 (Untrusted search path vulnerability in BPY_interface in Blender 2.46 a ...) - blender 2.46+dfsg-5 (bug #503632; low) [etch] - blender 2.42a-8 NOTE: minor issue fixed in etch r6 point update CVE-2008-4862 REJECTED CVE-2008-4861 REJECTED CVE-2008-4860 REJECTED CVE-2008-4859 REJECTED CVE-2008-4858 REJECTED CVE-2008-4857 REJECTED CVE-2008-4856 REJECTED CVE-2008-4855 REJECTED CVE-2008-4854 REJECTED CVE-2008-4853 REJECTED CVE-2008-4852 REJECTED CVE-2008-4851 REJECTED CVE-2008-4850 REJECTED CVE-2008-4849 REJECTED CVE-2008-4848 REJECTED CVE-2008-4847 REJECTED CVE-2008-4846 REJECTED CVE-2008-4845 REJECTED CVE-2008-4844 (Use-after-free vulnerability in the CRecordInstance::TransferToDestina ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2008-4843 REJECTED CVE-2008-4842 REJECTED CVE-2008-4841 (The WordPad Text Converter for Word 97 files in Microsoft Windows 2000 ...) NOT-FOR-US: Microsoft Windows CVE-2008-4840 REJECTED CVE-2008-4839 REJECTED CVE-2008-4838 REJECTED CVE-2008-4837 (Stack-based buffer overflow in Microsoft Office Word 2000 SP3, 2002 SP ...) NOT-FOR-US: Microsoft Office Word CVE-2008-4836 REJECTED CVE-2008-4835 (SMB in the Server service in Microsoft Windows 2000 SP4, XP SP2 and SP ...) NOT-FOR-US: Windows CVE-2008-4834 (Buffer overflow in SMB in the Server service in Microsoft Windows 2000 ...) NOT-FOR-US: Windows CVE-2008-4833 REJECTED CVE-2008-4832 (rc.sysinit in initscripts 8.12-8.21 and 8.56.15-0.1 on rPath allows lo ...) NOT-FOR-US: rPath CVE-2008-4831 (Unspecified vulnerability in Adobe ColdFusion 8 and 8.0.1 and ColdFusi ...) NOT-FOR-US: Adobe ColdFusion CVE-2008-4830 (Insecure method vulnerability in the KWEdit ActiveX control in SAP GUI ...) NOT-FOR-US: KWEdit ActiveX control CVE-2008-4829 (Multiple buffer overflows in lib/http.c in Streamripper 1.63.5 allow r ...) {DSA-1683-1} - streamripper 1.63.5-2 (bug #506377) CVE-2008-4828 (Multiple stack-based buffer overflows in dsmagent.exe in the Remote Ag ...) NOT-FOR-US: IBM Tivoli Storage Manager CVE-2008-4827 (Multiple heap-based buffer overflows in the AddTab method in the (1) T ...) NOT-FOR-US: ComponentOne SizerOne CVE-2008-4826 REJECTED CVE-2008-4825 (Multiple buffer overflows in UltraISO 9.3.1.2633, and possibly other v ...) NOT-FOR-US: UltraISO CVE-2008-4824 (Multiple unspecified vulnerabilities in Adobe Flash Player 10.x before ...) NOT-FOR-US: Adobe Flash Player CVE-2008-4823 (Cross-site scripting (XSS) vulnerability in Adobe Flash Player 9.0.124 ...) NOT-FOR-US: Adobe Flash Player CVE-2008-4822 (Adobe Flash Player 9.0.124.0 and earlier does not properly interpret p ...) NOT-FOR-US: Adobe Flash Player CVE-2008-4821 (Adobe Flash Player 9.0.124.0 and earlier, when a Mozilla browser is us ...) NOT-FOR-US: Adobe Flash Player CVE-2008-4820 (Unspecified vulnerability in the Flash Player ActiveX control in Adobe ...) NOT-FOR-US: Adobe Flash Player CVE-2008-4819 (Unspecified vulnerability in Adobe Flash Player 9.0.124.0 and earlier ...) NOT-FOR-US: Adobe Flash Player CVE-2008-4818 (Cross-site scripting (XSS) vulnerability in Adobe Flash Player 9.0.124 ...) NOT-FOR-US: Adobe Flash Player CVE-2008-4817 (The Download Manager in Adobe Acrobat Professional and Reader 8.1.2 an ...) NOT-FOR-US: Adobe Acrobat CVE-2008-4816 (Unspecified vulnerability in the Download Manager in Adobe Reader 8.1. ...) NOT-FOR-US: Adobe Reader on Windows CVE-2008-4815 (Untrusted search path vulnerability in Adobe Reader and Acrobat 8.1.2 ...) NOT-FOR-US: Adobe Acrobat CVE-2008-4814 (Unspecified vulnerability in a JavaScript method in Adobe Reader and A ...) NOT-FOR-US: Adobe Acrobat CVE-2008-4813 (Adobe Reader and Acrobat 8.1.2 and earlier, and before 7.1.1, allow re ...) NOT-FOR-US: Adobe Acrobat CVE-2008-4812 (Array index error in Adobe Reader and Acrobat, and the Explorer extens ...) NOT-FOR-US: Adobe Reader Explorer extension CVE-2008-4811 (The _expand_quoted_text function in libs/Smarty_Compiler.class.php in ...) {DSA-1691-1} - smarty 2.6.26-0.1 (bug #504328) [lenny] - smarty (Minor issue, fix will change behaviour) [etch] - smarty (Minor issue, fix will change behaviour) - moodle 1.8.2-2 (bug #504345) - gallery2 2.2.5-2 NOTE: This attack vector is *not* fixed in r2797 CVE-2008-4810 (The _expand_quoted_text function in libs/Smarty_Compiler.class.php in ...) {DSA-1919-1 DSA-1691-1} - smarty 2.6.26-0.1 (bug #504328) - moodle 1.8.2-2 (bug #504345) - gallery2 2.2.5-2 NOTE: This attack vector is fixed in r2797 CVE-2008-4809 (Multiple unspecified vulnerabilities in the Profiles search pages in I ...) NOT-FOR-US: IBM Lotus Connections CVE-2008-4808 (IBM Lotus Connections 2.x before 2.0.1 allows attackers to discover pa ...) NOT-FOR-US: IBM Lotus Connections CVE-2008-4807 (IBM Lotus Connections 2.x before 2.0.1 stores the password for the adm ...) NOT-FOR-US: IBM Lotus Connections CVE-2008-4806 (Multiple SQL injection vulnerabilities in IBM Lotus Connections 2.x be ...) NOT-FOR-US: IBM Lotus Connections CVE-2008-4805 (Multiple cross-site scripting (XSS) vulnerabilities in IBM Lotus Conne ...) NOT-FOR-US: IBM Lotus Connections CVE-2008-4804 (SQL injection vulnerability in the Gallery module 1.3 for PHP-Nuke all ...) NOT-FOR-US: NFU Gallery module 1.3 for PHP-Nuke CVE-2008-4803 (Cross-site scripting (XSS) vulnerability in index.php in Simple PHP Sc ...) NOT-FOR-US: Simple PHP Scripts gallery CVE-2008-4802 (Cross-site scripting (XSS) vulnerability in complete.php in Simple PHP ...) NOT-FOR-US: Simple PHP Scripts blog CVE-2008-5076 (htop 0.7 writes process names to a terminal without sanitizing non-pri ...) - htop 0.8.1-2 (unimportant; bug #504144) NOTE: That scenario is too constructed to call it a security issue, especially NOTE: given that the standard top will display the maliciously hidden processes NOTE: just fine. CVE-2008-5256 (The AcquireDaemonLock function in ipcdUnix.cpp in Sun Innotek VirtualB ...) - virtualbox-ose 1.6.6-dfsg-3 (low; bug #504149) CVE-2008-4801 (Heap-based buffer overflow in the Data Protection for SQL CAD service ...) NOT-FOR-US: SQL CAD service CVE-2008-4800 (The DebugDiag ActiveX control in CrashHangExt.dll, possibly 1.0, in Mi ...) NOT-FOR-US: ActiveX control CVE-2008-4799 (pamperspective in Netpbm before 10.35.48 does not properly calculate a ...) - netpbm-free (Vulnerable code not present) CVE-2008-4798 (The loadModule function in lib/WebGUI/Asset.pm in WebGUI before 7.5.30 ...) NOT-FOR-US: WebGUI CVE-2008-4797 (Directory traversal vulnerability in Arihiro Kurata Kantan WEB Server ...) NOT-FOR-US: Arihiro Kurata Kantan WEB Server CVE-2008-4796 (The _httpsrequest function (Snoopy/Snoopy.class.php) in Snoopy 1.2.3 a ...) {DSA-1871-2 DSA-1871-1 DSA-1691-1} - libphp-snoopy 1.2.4-1 (bug #504168; medium) - ampache 3.4.1-2 (bug #504169) - mahara 1.0.5-2 (bug #504170) [lenny] - mahara 1.0.4-3 - pixelpost 1.7.1-5 (bug #504171) - mediamate 0.9.3.6-5 (bug #504172; unimportant) NOTE: mediamate does not use snoopy in https requests - opendb (unimportant; bug #504173) - wordpress 2.5.1-9 (bug #504234) - moodle 1.8.2-2 (bug #504235) - gforge-plugin-scmcvs [etch] - gforge-plugin-scmcvs (Snoopy function not used on URLs that come from user input) - magpierss (Fixed in all supported distributions) CVE-2008-4795 (The links panel in Opera before 9.62 processes Javascript within the c ...) NOT-FOR-US: Opera CVE-2008-4794 (Opera before 9.62 allows remote attackers to execute arbitrary command ...) NOT-FOR-US: Opera CVE-2008-4793 (The node module API in Drupal 5.x before 5.11 allows remote attackers ...) - drupal5 5.10-3 (low) - drupal6 (Vulnerable code not present) CVE-2008-4792 (The core BlogAPI module in Drupal 5.x before 5.11 and 6.x before 6.5 d ...) - drupal5 5.10-3 (low) - drupal6 6.4-2 (low) CVE-2008-4791 (The user module in Drupal 5.x before 5.11 and 6.x before 6.5 might all ...) - drupal5 5.10-3 (low) - drupal6 6.4-2 (low) CVE-2008-4790 (The core upload module in Drupal 5.x before 5.11 allows remote authent ...) - drupal5 5.10-3 (low) CVE-2008-4789 (The validation functionality in the core upload module in Drupal 6.x b ...) - drupal6 6.4-2 (low) CVE-2008-4788 (Microsoft Internet Explorer 6 omits high-bit URL-encoded characters wh ...) NOT-FOR-US: Microsoft Internet Explorer 6 CVE-2008-4787 (Visual truncation vulnerability in Microsoft Internet Explorer 6 allow ...) NOT-FOR-US: Microsoft Internet Explorer 6 CVE-2008-4786 (SQL injection vulnerability in easyshop.php in the EasyShop plugin for ...) NOT-FOR-US: EasyShop plugin for e107 CVE-2008-4785 (SQL injection vulnerability in newuser.php in the alternate_profiles p ...) NOT-FOR-US: e107 CVE-2008-4784 (aflog 1.01 allows remote attackers to bypass authentication and gain a ...) NOT-FOR-US: aflog CVE-2008-4783 (tlAds 1.0 allows remote attackers to bypass authentication and gain ad ...) NOT-FOR-US: tlAds CVE-2008-4782 (SQL injection vulnerability in public/code/cp_polls_results.php in All ...) NOT-FOR-US: AIOCP CVE-2008-4781 (Directory traversal vulnerability in update.php in MyKtools 2.4 allows ...) NOT-FOR-US: MyKtools CVE-2008-4780 (Directory traversal vulnerability in admin/centre.php in MyForum 1.3, ...) NOT-FOR-US: MyForum CVE-2008-4779 (Stack-based buffer overflow in TUGzip 3.5.0.0 allows remote attackers ...) NOT-FOR-US: TUGzip CVE-2008-4778 (SQL injection vulnerability in the gallery module in Koobi CMS 4.3.0 a ...) NOT-FOR-US: Koobi CMS CVE-2008-4777 (SQL injection vulnerability in the Showroom Joomlearn LMS (com_lms) co ...) NOT-FOR-US: Showroom Joomlearn LMS CVE-2008-4774 (Cross-site scripting (XSS) vulnerability in main/main.php in QuestCMS ...) NOT-FOR-US: QuestCMS CVE-2008-4773 (Directory traversal vulnerability in main/main.php in QuestCMS allows ...) NOT-FOR-US: QuestCMS CVE-2008-4772 (SQL injection vulnerability in main/main.php in QuestCMS allows remote ...) NOT-FOR-US: QuestCMS CVE-2008-4771 (Stack-based buffer overflow in VATDecoder.VatCtrl.1 ActiveX control in ...) NOT-FOR-US: ActiveX CVE-2008-4770 (The CMsgReader::readRect function in the VNC Viewer component in RealV ...) {DSA-1716-1} - vnc4 4.1.1+X4.3.0-31 (medium; bug #513531) CVE-2008-4776 (libgadu before 1.8.2 allows remote servers to cause a denial of servic ...) {DSA-1664-1} - libgadu 1:1.8.0+r592-3 (low; bug #503916) - kadu 0.6.0.2-3 (low; bug #504429) - ekg 1:1.8~rc0-1 (low) - centerim 4.22.9-1 (low; bug #559782) [lenny] - centerim (Minor issue) NOTE: claimed to be fixed in point update but is not: [lenny] - centerim 4.22.5-1+lenny1 - qutecom (does not use libgadu embed; bug #559784) CVE-2008-4769 (Directory traversal vulnerability in the get_category_template functio ...) {DSA-1871-2 DSA-1871-1} - wordpress 2.5.1-1 CVE-2008-4768 (SQL injection vulnerability in TLM CMS 3.1 allows remote attackers to ...) NOT-FOR-US: TLM CMS CVE-2008-4767 (Unrestricted file upload vulnerability in the DownloadsPlus module in ...) NOT-FOR-US: PHP-Nuke CVE-2008-4766 (SQL injection vulnerability in member.php in Oxygen Bulletin Board 1.1 ...) NOT-FOR-US: Oxygen Bulletin Board CVE-2008-4765 (SQL injection vulnerability in pollBooth.php in osCommerce Poll Booth ...) NOT-FOR-US: osCommerce Poll Booth Add-On CVE-2008-4764 (Directory traversal vulnerability in the eXtplorer module (com_extplor ...) NOT-FOR-US: eXtplorer module in Joomla! CVE-2008-4763 (Multiple cross-site scripting (XSS) vulnerabilities in sample.php in W ...) NOT-FOR-US: WiKID wClient-PHP CVE-2008-4762 (Stack-based buffer overflow in freeSSHd 1.2.1 allows remote authentica ...) NOT-FOR-US: freeSSHd CVE-2008-4761 (Cross-site scripting (XSS) vulnerability in includes/htmlArea/plugins/ ...) NOT-FOR-US: Kayako eSupport CVE-2008-4760 (SQL injection vulnerability in lecture.php in Graphiks MyForum 1.3, wh ...) NOT-FOR-US: Graphiks MyForum CVE-2008-4759 (Directory traversal vulnerability in download.php in BuzzyWall 1.3.1 a ...) NOT-FOR-US: BuzzyWall CVE-2008-4758 (Directory traversal vulnerability in download_file.php in PHP-Daily al ...) NOT-FOR-US: PHPdaily CVE-2008-4757 (Multiple SQL injection vulnerabilities in PHP-Daily allow remote attac ...) NOT-FOR-US: PHPdaily CVE-2008-4756 (Cross-site scripting (XSS) vulnerability in add_prest_date.php in PHP- ...) NOT-FOR-US: PHPdaily CVE-2008-4755 (SQL injection vulnerability in gotourl.php in PozScripts Classified Au ...) NOT-FOR-US: PozScripts Classified Auctions Script CVE-2008-4754 (SQL injection vulnerability in forum.php in Scripts for Sites (SFS) Ez ...) NOT-FOR-US: Scripts for Sites Ez Forum CVE-2008-4753 (SQL injection vulnerability in EditUrl.php in AJ Square RSS Reader all ...) NOT-FOR-US: AJ Square RSS Reader CVE-2008-4752 (TlNews 2.2 allows remote attackers to bypass authentication and gain a ...) NOT-FOR-US: TlNews CVE-2008-4751 (Cross-site scripting (XSS) vulnerability in index.php in iPei Guestboo ...) NOT-FOR-US: iPei Guestbook CVE-2008-4750 (Stack-based buffer overflow in the VImpX.VImpAX ActiveX control (VImpX ...) NOT-FOR-US: ActiveX CVE-2008-4749 (Multiple insecure method vulnerabilities in the VImpX.VImpAX ActiveX c ...) NOT-FOR-US: ActiveX CVE-2008-4747 (Unspecified vulnerability in the search feature in Sun Java System LDA ...) NOT-FOR-US: Sun Java System LDAP JDK CVE-2008-4746 (Multiple SQL injection vulnerabilities in Uniwin eCart Professional 2. ...) NOT-FOR-US: Uniwin eCart Professional CVE-2008-4745 (Cross-site scripting (XSS) vulnerability in emailFriend.asp in Uniwin ...) NOT-FOR-US: Uniwin eCart Professional CVE-2008-4744 (SQL injection vulnerability in product_detail.php in DXShopCart 4.30mc ...) NOT-FOR-US: DXShopCart CVE-2008-4743 (SQL injection vulnerability in index.php in QuidaScript FAQ Management ...) NOT-FOR-US: QuidaScript FAQ Management Script CVE-2008-4742 (Multiple cross-site scripting (XSS) vulnerabilities in interface/Login ...) NOT-FOR-US: TimeTrex CVE-2008-4741 (Directory traversal vulnerability in index.php in FAR-PHP 1.00, when m ...) NOT-FOR-US: FAR-PHP CVE-2008-4740 (Directory traversal vulnerability in templater.php in the ZZ_Templater ...) NOT-FOR-US: ZZ_Templater module in TinyCMS CVE-2008-4748 (Format string vulnerability in the URI handler in KVirc 3.4.0, when se ...) - kvirc (Windows-specific vulnerability) CVE-2008-XXXX [balazar3: insecure temp file handling] - balazar3 0.1-2 (bug #503750) CVE-2008-4775 (Cross-site scripting (XSS) vulnerability in pmd_pdf.php in phpMyAdmin ...) - phpmyadmin 4:2.11.8.1-4 (low) [etch] - phpmyadmin (Vulnerable code not present) NOTE: https://www.securityfocus.com/archive/1/497815 NOTE: https://www.phpmyadmin.net/security/PMASA-2008-9/ NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/625e9f2e93671f9e4a9086b8d6c8111f70ffcc3d (2.11 branch) NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/600a2ca21bc8b40742fd0a919a6b06a477548647 CVE-2008-4739 (Directory traversal vulnerability in index.php in PlugSpace 0.1, when ...) NOT-FOR-US: PlugSpace CVE-2008-4738 (SQL injection vulnerability in gallery.php in MyCard 1.0.2 allows remo ...) NOT-FOR-US: MyCard CVE-2008-4737 (Cross-site scripting (XSS) vulnerability in wholite.cgi in WhoDomLite ...) NOT-FOR-US: WhoDomLite CVE-2008-4736 (SQL injection vulnerability in index.php in RPG.Board 0.8 Beta2 and ea ...) NOT-FOR-US: RPG.Board CVE-2008-4735 (PHP remote file inclusion vulnerability in header.php in Concord Asset ...) NOT-FOR-US: Concord software CVE-2008-4734 (Cross-site request forgery (CSRF) vulnerability in the wpcr_do_options ...) NOT-FOR-US: WP Comment Remix plugin CVE-2008-4733 (Cross-site scripting (XSS) vulnerability in wpcommentremix.php in WP C ...) NOT-FOR-US: WP Comment Remix plugin CVE-2008-4732 (SQL injection vulnerability in ajax_comments.php in the WP Comment Rem ...) NOT-FOR-US: WP Comment Remix plugin CVE-2008-4731 (Multiple unspecified vulnerabilities in YaCy before 0.61 have unknown ...) - yacy (bug #452422) CVE-2008-4730 (Cross-site scripting (XSS) vulnerability in MyID.php in phpMyID 0.9 al ...) - phpmyid (bug #492325) CVE-2008-4729 (Stack-based buffer overflow in Hummingbird.XWebHostCtrl.1 ActiveX cont ...) NOT-FOR-US: Hummingbird Xweb CVE-2008-4728 (Multiple insecure method vulnerabilities in the DeployRun.DeploymentSe ...) NOT-FOR-US: Hummingbird Deployment Wizard CVE-2008-4727 (Cross-site scripting (XSS) vulnerability in the contact update page (s ...) NOT-FOR-US: SunGard Banner Student CVE-2008-4726 (Stack-based buffer overflow in the SFTP subsystem in GoodTech SSH 6.4 ...) NOT-FOR-US: GoodTech SSH CVE-2008-4725 (Cross-site scripting (XSS) vulnerability in Opera.dll in Opera 9.52 al ...) NOT-FOR-US: Opera CVE-2008-4724 (Multiple cross-site scripting (XSS) vulnerabilities in Google Chrome 0 ...) - webkit 1.1.7-1 (low; bug #520052) [lenny] - webkit (Minor issue) - kdelibs - kde4libs CVE-2008-4723 (Multiple cross-site scripting (XSS) vulnerabilities in Mozilla Firefox ...) - iceweasel NOTE: firefox not affected, see https://bugzilla.redhat.com/468397 CVE-2008-4722 (Unspecified vulnerability in Sun Integrated Lights-Out Manager (ILOM) ...) NOT-FOR-US: Sun ILOM CVE-2008-4721 (PHP Jabbers Post Comment 3.0 allows remote attackers to bypass authent ...) NOT-FOR-US: PHP Jabbers CVE-2008-4720 (Multiple PHP remote file inclusion vulnerabilities in The Gemini Porta ...) NOT-FOR-US: The Gemini Portal CVE-2008-4719 (PHP remote file inclusion vulnerability in cms/classes/openengine/file ...) NOT-FOR-US: openEngine CVE-2008-4718 (Directory traversal vulnerability in help/mini.php in X7 Chat 2.0.1 A1 ...) NOT-FOR-US: X7 Chat CVE-2008-4717 (SQL injection vulnerability in bannerclick.php in ZEELYRICS 2.0 allows ...) NOT-FOR-US: ZEELYRICS CVE-2008-4716 (SQL injection vulnerability in show.php in BitmixSoft PHP-Lance 1.52 a ...) NOT-FOR-US: PHP-Lance CVE-2008-4715 (SQL injection vulnerability in the Jpad (com_jpad) 1.0 component for J ...) NOT-FOR-US: com_jpad for Joomla! CVE-2008-4714 (Atomic Photo Album 1.1.0 pre4 does not properly handle the apa_cookie_ ...) NOT-FOR-US: Atomic Photo Album CVE-2008-4713 (SQL injection vulnerability in view.php in 212cafe Board 0.07 allows r ...) NOT-FOR-US: 212cafe Board CVE-2008-4712 (Directory traversal vulnerability in pages/showblog.php in LnBlog 0.9. ...) NOT-FOR-US: LnBlog CVE-2008-4711 (SQL injection vulnerability in Joovili 3.0 and earlier, when magic_quo ...) NOT-FOR-US: Joovili CVE-2008-4710 (Cross-site scripting (XSS) vulnerability in the stock quotes page in S ...) NOT-FOR-US: Stock module for Drupal CVE-2008-4709 (SQL injection vulnerability in news_read.php in Pilot Group (PG) eTrai ...) NOT-FOR-US: PG eTraining CVE-2008-4708 (BbZL.PhP 0.92 allows remote attackers to bypass authentication and gai ...) NOT-FOR-US: BbZL.PhP CVE-2008-4707 (Directory traversal vulnerability in index.php in BbZL.PhP 0.92 allows ...) NOT-FOR-US: BbZL.PhP CVE-2008-4706 (SQL injection vulnerability in VBGooglemap Hotspot Edition 1.0.3, a vB ...) NOT-FOR-US: VBGooglemap Hotspot Edition CVE-2008-4705 (SQL injection vulnerability in success_story.php in php Online Dating ...) NOT-FOR-US: MyPHPDating CVE-2008-4704 (PHP remote file inclusion vulnerability in SezHooTabsAndActions.php in ...) NOT-FOR-US: SezHoo CVE-2008-4703 (SQL injection vulnerability in news.php in BosDev BosNews 4.0 allows r ...) NOT-FOR-US: BosDev BosNews CVE-2008-4702 (Multiple directory traversal vulnerabilities in PhpWebGallery 1.3.4 al ...) NOT-FOR-US: PhpWebGallery CVE-2008-4701 (SQL injection vulnerability in admin.php in Libera CMS 1.12, when magi ...) NOT-FOR-US: Libera CMS CVE-2008-4700 (SQL injection vulnerability in admin.php in Libera CMS 1.12 and earlie ...) NOT-FOR-US: Libera CMS CVE-2008-4699 (Insecure method vulnerability in the ActiveX control (PAWWeb11.ocx) in ...) NOT-FOR-US: Peachtree Accounting CVE-2008-4698 (Opera before 9.61 does not properly block scripts during preview of a ...) NOT-FOR-US: Opera CVE-2008-4697 (The Fast Forward feature in Opera before 9.61, when a page is located ...) NOT-FOR-US: Opera CVE-2008-4696 (Cross-site scripting (XSS) vulnerability in Opera.dll in Opera before ...) NOT-FOR-US: Opera CVE-2008-4695 (Opera before 9.60 allows remote attackers to obtain sensitive informat ...) NOT-FOR-US: Opera CVE-2008-4694 (Unspecified vulnerability in Opera before 9.60 allows remote attackers ...) NOT-FOR-US: Opera CVE-2008-4693 (The SORT/LIST SERVICES component in IBM DB2 9.1 before FP6 and 9.5 bef ...) NOT-FOR-US: IBM DB2 CVE-2008-4692 (The Native Managed Provider for .NET component in IBM DB2 8 before FP1 ...) NOT-FOR-US: IBM DB2 CVE-2008-4691 (Unspecified vulnerability in the SQLNLS_UNPADDEDCHARLEN function in th ...) NOT-FOR-US: IBM DB2 CVE-2008-4690 (lynx 2.8.6dev.15 and earlier, when advanced mode is enabled and lynx i ...) - lynx (advanced mode is not switched on in Debian configurations and lynxcgi handlers are really unlikely) CVE-2008-4689 (Mantis before 1.1.3 does not unset the session cookie during logout, w ...) - mantis 1.1.2+dfsg-9 (low; bug #503588) CVE-2008-4688 (core/string_api.php in Mantis before 1.1.3 does not check the privileg ...) - mantis 1.1.2+dfsg-9 (low; bug #503588) CVE-2008-4685 (Use-after-free vulnerability in the dissect_q931_cause_ie function in ...) {DSA-1673-1} - wireshark 1.0.4-1 (low; bug #503589) [lenny] - wireshark 1.0.2-3+lenny2 CVE-2008-4684 (packet-frame in Wireshark 0.99.2 through 1.0.3 does not properly handl ...) {DSA-1673-1} - wireshark 1.0.4-1 (low; bug #503589) [lenny] - wireshark 1.0.2-3+lenny2 CVE-2008-4683 (The dissect_btacl function in packet-bthci_acl.c in the Bluetooth ACL ...) {DSA-1673-1} - wireshark 1.0.4-1 (low; bug #503589) [lenny] - wireshark 1.0.2-3+lenny2 CVE-2008-4682 (wtap.c in Wireshark 0.99.7 through 1.0.3 allows remote attackers to ca ...) - wireshark 1.0.4-1 (low; bug #503589) [etch] - wireshark (Vulnerable code not present, introduced in 0.99.7) [lenny] - wireshark 1.0.2-3+lenny2 CVE-2008-4681 (Unspecified vulnerability in the Bluetooth RFCOMM dissector in Wiresha ...) - wireshark 1.0.4-1 (low; bug #503589) [etch] - wireshark (Vulnerable code not present, introduced in 0.99.7) [lenny] - wireshark 1.0.2-3+lenny2 CVE-2008-4680 (packet-usb.c in the USB dissector in Wireshark 0.99.7 through 1.0.3 al ...) - wireshark 1.0.4-1 (low; bug #503589) [etch] - wireshark (Vulnerable code not present, introduced in 0.99.7) [lenny] - wireshark 1.0.2-3+lenny2 CVE-2008-4679 (The Web Services Security component in IBM WebSphere Application Serve ...) NOT-FOR-US: IBM Websphere CVE-2008-4678 (The HTTP_Request_Parser method in the HTTP Transport component in IBM ...) NOT-FOR-US: IBM Websphere CVE-2008-4677 (autoload/netrw.vim (aka the Netrw Plugin) 109, 131, and other versions ...) - vim (unimportant) NOTE: documented in netrw documentation CVE-2008-XXXX [local file inclusion in drupal] - drupal6 6.6-1 (low; bug #503222) - drupal5 5.10-3 (low; bug #503217) CVE-2008-XXXX [XSS in book module in drupal] - drupal6 6.6-1 (low; bug #503222) - drupal5 (vulnerable code not present) CVE-2008-4676 (Unspecified vulnerability in Citrix XenApp (formerly Presentation Serv ...) NOT-FOR-US: Citrix XenApp CVE-2008-4675 (SQL injection vulnerability in index.php in PHPcounter 1.3.2 and earli ...) NOT-FOR-US: PHPcounter CVE-2008-4674 (SQL injection vulnerability in realestate-index.php in Conkurent Real ...) NOT-FOR-US: Conkurent Real Estate Manager CVE-2008-4673 (PHP remote file inclusion vulnerability in panel/common/theme/default/ ...) NOT-FOR-US: WebBiscuits Software Events Calendar CVE-2008-4672 (Cross-site scripting (XSS) vulnerability in search_results.php in buym ...) NOT-FOR-US: buymyscripts Lyrics Script CVE-2008-4671 (Cross-site scripting (XSS) vulnerability in wp-admin/wp-blogs.php in W ...) - wordpress (Vulnerable code only in mulitiuser wordpress) CVE-2008-4670 (Cross-site scripting (XSS) vulnerability in search.php in Ed Pudol Cli ...) NOT-FOR-US: Ed Pudol Clickbank Portal CVE-2008-4669 (Cross-site scripting (XSS) vulnerability in search.php in Dan Fletcher ...) NOT-FOR-US: Dan Fletcher Recipe Script CVE-2008-4668 (Directory traversal vulnerability in the Image Browser (com_imagebrows ...) NOT-FOR-US: com_imagebrowser for Joomla! CVE-2008-4667 (Directory traversal vulnerability in rss.php in ArabCMS 2.0 beta 1 all ...) NOT-FOR-US: ArabCMS CVE-2008-4666 (SQL injection vulnerability in webboard.php in Ultimate Webboard 3.00 ...) NOT-FOR-US: Ultimate Webboard CVE-2008-4665 (SQL injection vulnerability in PG Matchmaking allows remote attackers ...) NOT-FOR-US: PG Matchmaking CVE-2008-4664 (Heap-based buffer overflow in QvodInsert.QvodCtrl.1 ActiveX control (Q ...) NOT-FOR-US: QvodInsert CVE-2008-4663 (Cross-site scripting (XSS) vulnerability in analysis.cgi 1.44, as used ...) NOT-FOR-US: K's CGI Access Log Kaiseki CVE-2008-4662 (Directory traversal vulnerability in admin.php in LokiCMS 0.3.4, when ...) NOT-FOR-US: LokiCMS CVE-2008-4661 (Cross-site scripting (XSS) vulnerability in the Page Improvements (sm_ ...) NOT-FOR-US: sm_pageimprovements for TYPO3 CVE-2008-4660 (SQL injection vulnerability in the M1 Intern (m1_intern) 1.0.0 extensi ...) NOT-FOR-US: m1_intern for TYPO3 CVE-2008-4659 (SQL injection vulnerability in the Mannschaftsliste (kiddog_playerlist ...) NOT-FOR-US: kiddog_playerlist for TYPO3 CVE-2008-4658 (SQL injection vulnerability in the JobControl (dmmjobcontrol) 1.15.4 a ...) NOT-FOR-US: dmmjobcontrol for TYPO3 CVE-2008-4657 (SQL injection vulnerability in the Econda Plugin (econda) 0.0.2 and ea ...) NOT-FOR-US: econda for TYPO3 CVE-2008-4656 (SQL injection vulnerability in the Frontend Users View (feusersview) 0 ...) NOT-FOR-US: fersview for TYPO3 CVE-2008-4655 (SQL injection vulnerability in the Simple survey (simplesurvey) 1.7.0 ...) NOT-FOR-US: simplesurvey for TYPO3 CVE-2008-4653 (SQL injection vulnerability in makale.php in Makale 0.26 and possibly ...) NOT-FOR-US: Makale module for XOOPS CVE-2008-4652 (Buffer overflow in the ActiveX control (DartFtp.dll) in Dart Communica ...) NOT-FOR-US: Dart Communications PowerTCP FTP CVE-2008-4651 (Multiple SQL injection vulnerabilities in Jetbox CMS 2.1 allow remote ...) NOT-FOR-US: Jetbox CMS CVE-2008-4650 (SQL injection vulnerability in viewevent.php in myEvent 1.6 allows rem ...) NOT-FOR-US: myEvent CVE-2008-4649 (Session fixation vulnerability in Elxis CMS 2008.1 revision 2204 allow ...) NOT-FOR-US: Elxis CVE-2008-4648 (Cross-site scripting (XSS) vulnerability in index.php in Elxis CMS 200 ...) NOT-FOR-US: Elxis CVE-2008-4647 (SQL injection vulnerability in index.php in sweetCMS 1.5.2 allows remo ...) NOT-FOR-US: sweetCMS CVE-2008-4646 (The Websense Reporter Module in Websense Enterprise 6.3.2 stores the S ...) NOT-FOR-US: Websense Enterprise CVE-2008-4645 (plugins/event_tracer/event_list.php in PhpWebGallery 1.7.2 and earlier ...) NOT-FOR-US: PhpWebGallery CVE-2008-4644 (hits.php in myWebland myStats allows remote attackers to bypass IP add ...) NOT-FOR-US: myWebland myStats CVE-2008-4643 (SQL injection vulnerability in hits.php in myWebland myStats allows re ...) NOT-FOR-US: myWebland myStats CVE-2008-4642 (SQL injection vulnerability in profile.php in AstroSPACES 1.1.1 allows ...) NOT-FOR-US: AstroSPACES CVE-2008-4641 (The DoCommand function in jhead.c in Matthias Wandel jhead 2.84 and ea ...) - jhead 2.84-2 (low; bug #503645) CVE-2008-4640 (The DoCommand function in jhead.c in Matthias Wandel jhead 2.84 and ea ...) - jhead 2.85-1 (unimportant; bug #504194) NOTE: no issue, jhead is just unlinking the output file if it already exists, this is not following symlinks CVE-2008-4639 (jhead.c in Matthias Wandel jhead 2.84 and earlier allows local users t ...) - jhead 2.84-1 (low) CVE-2008-4638 (qioadmin in the Quick I/O for Database feature in Symantec Veritas Fil ...) NOT-FOR-US: Symantec VxFS CVE-2008-4637 (Cross-site scripting (XSS) vulnerability in cpCommerce before 1.2.4 al ...) NOT-FOR-US: cpCommerce CVE-2008-4636 (yast2-backup 2.14.2 through 2.16.6 on SUSE Linux and Novell Linux allo ...) NOT-FOR-US: SUSE Linux and Novell Linux (yast2-backup) CVE-2008-4635 (Unspecified vulnerability in Hisanaga Electric Co, Ltd. hisa_cart 1.29 ...) NOT-FOR-US: XOOPS module CVE-2008-4634 (Cross-site scripting (XSS) vulnerability in Movable Type 4 through 4.2 ...) - movabletype-opensource 4.2.1-3 (low; bug #503114) CVE-2008-4633 (SQL injection vulnerability in Node Vote 5.x before 5.x-1.1 and 6.x be ...) NOT-FOR-US: Node Vote CVE-2008-4632 (Multiple directory traversal vulnerabilities in index.php in Kure 0.6. ...) NOT-FOR-US: Kure CVE-2008-4631 (Stack-based buffer overflow in the Message::AddToString function in me ...) NOT-FOR-US: MUSCLE, NOTE this is not the multiple alignment program for protein sequences in Debian CVE-2008-4630 (Multiple unspecified vulnerabilities in Midgard Components (MidCOM) Fr ...) NOT-FOR-US: Midgard Components Framework CVE-2008-4629 (Cross-site scripting (XSS) vulnerability in Usagi Project MyNETS 1.2.0 ...) NOT-FOR-US: Usagi Project MyNETS CVE-2008-4628 (SQL injection vulnerability in del.php in myWebland miniBloggie 1.0 al ...) NOT-FOR-US: myWebland miniBloggie CVE-2008-4627 (SQL injection vulnerability in the rGallery plugin 1.09 for WoltLab Bu ...) NOT-FOR-US: WoltLab Burning Board CVE-2008-4626 (Directory traversal vulnerability in index.php in Fritz Berger yet ano ...) NOT-FOR-US: yappa-ng CVE-2008-4625 (SQL injection vulnerability in stnl_iframe.php in the ShiftThis Newsle ...) NOT-FOR-US: st_newsletter plugin for WordPress CVE-2008-4624 (PHP remote file inclusion vulnerability in init.php in Fast Click SQL ...) NOT-FOR-US: Fast Click SQL Lite CVE-2008-4623 (SQL injection vulnerability in the DS-Syndicate (com_ds-syndicate) com ...) NOT-FOR-US: DS-Syndicate CVE-2008-4622 (The isLoggedIn function in fastnews-code.php in phpFastNews 1.0.0 allo ...) NOT-FOR-US: phpFastNews CVE-2008-4621 (SQL injection vulnerability in bannerclick.php in ZeeScripts Zeeproper ...) NOT-FOR-US: ZeeScripts Zeeproperty CVE-2008-4620 (SQL injection vulnerability in Meeting Room Booking System (MRBS) befo ...) NOT-FOR-US: Meeting Room Booking System CVE-2008-4619 (The RPC subsystem in Sun Solaris 9 allows remote attackers to cause a ...) NOT-FOR-US: Sun Solaris CVE-2008-4618 (The Stream Control Transmission Protocol (sctp) implementation in the ...) {DSA-1681-1} - linux-2.6 2.6.26-10 [etch] - linux-2.6 - linux-2.6.24 2.6.24-6~etchnhalf.7 NOTE: ba0166708ef4da7eeb61dd92bbba4d5a749d6561 CVE-2008-4617 (SQL injection vulnerability in the actualite module 1.0 for Joomla! al ...) NOT-FOR-US: actualite module for Joomla! CVE-2008-4616 (The SpamBam plugin for WordPress allows remote attackers to bypass res ...) NOT-FOR-US: SpamBam plugin for WordPress CVE-2008-4615 (Unspecified vulnerability in i_utils.asp in PortalApp before 4.01a has ...) NOT-FOR-US: PortalApp CVE-2008-4614 (PortalApp 4.0 does not require authentication for (1) forums.asp and ( ...) NOT-FOR-US: PortalApp CVE-2008-4613 (SQL injection vulnerability in forums.asp in PortalApp 4.0 allows remo ...) NOT-FOR-US: PortalApp CVE-2008-4612 (Cross-site scripting (XSS) vulnerability in PortalApp 4.0 allows remot ...) NOT-FOR-US: PortalApp CVE-2008-4611 (SQL injection vulnerability in index.php in PHP Arsivimiz Php Ziyaretc ...) NOT-FOR-US: PHP Arsivimiz Php Ziyaretci Defteri CVE-2008-4610 (MPlayer allows remote attackers to cause a denial of service (applicat ...) {DTSA-181-1} - mplayer 1.0~rc2-20 (bug #407010) NOTE: only the aac issue affected mplayer because it built against a copy of faad NOTE: the ogm issue is a problem in ffmpeg - ffmpeg-debian (unimportant; bug #509616) - ffmpeg 7:2.4.1-1 (unimportant) - xmovie (unimportant) NOTE: just a crasher, no security implications known so far NOTE: http://sam.zoy.org/blog/2007-01-16-exposing-file-parsing-vulnerabilities CVE-2008-4609 (The TCP implementation in (1) Linux, (2) platforms based on BSD Unix, ...) - linux (unimportant) - linux-2.6 (unimportant) - linux-2.6.24 (unimportant) NOTE: this is a design flaw in TCP itself; maximum impact is a denial-of-service NOTE: there is no upstream solution NOTE: see http://kbase.redhat.com/faq/docs/DOC-18730 for possible mitigation via iptables NOTE: also see usage of ipt_connlimit as a mitigation strategy CVE-2008-4608 REJECTED CVE-2008-4607 REJECTED CVE-2008-4606 (Multiple SQL injection vulnerabilities in IP Reg 0.4 and earlier allow ...) NOT-FOR-US: IP Reg CVE-2008-4605 (SQL injection vulnerability in CafeEngine allows remote attackers to e ...) NOT-FOR-US: CafeEngine CVE-2008-4604 (SQL injection vulnerability in index.php in Easy CafeEngine 1.1 allows ...) NOT-FOR-US: CafeEngine CVE-2008-4603 (SQL injection vulnerability in search.php in iGaming CMS 2.0 Alpha 1 a ...) NOT-FOR-US: iGaming CM CVE-2008-4602 (Directory traversal vulnerability in index.php in Post Affiliate Pro 2 ...) NOT-FOR-US: Post Affiliate Pro CVE-2008-4601 (Cross-site scripting (XSS) vulnerability in the login feature in Habar ...) NOT-FOR-US: Habari CMS CVE-2008-4600 (configure.php in PokerMax Poker League Tournament Script 0.13 allows r ...) NOT-FOR-US: PokerMax Poker League Tournament Script CVE-2008-4599 (SQL injection vulnerability in category.php in Mosaic Commerce allows ...) NOT-FOR-US: Mosaic Commerce CVE-2008-4598 (Unspecified vulnerability in Shindig-Integrator 5.x, a module for Drup ...) NOT-FOR-US: Shindig-Integrator module for Drupal CVE-2008-4597 (Shindig-Integrator 5.x, a module for Drupal, does not properly restric ...) NOT-FOR-US: Shindig-Integrator module for Drupal CVE-2008-4596 (Cross-site scripting (XSS) vulnerability in Shindig-Integrator 5.x, a ...) NOT-FOR-US: Shindig-Integrator module for Drupal CVE-2008-4595 (Multiple unspecified vulnerabilities in Slaytanic Scripts Content Plus ...) NOT-FOR-US: Slaytanic Scripts Content Plus CVE-2008-4594 (Unspecified vulnerability in the SNMPv3 component in Linksys WAP4400N ...) NOT-FOR-US: Linksys WAP4400N firmware CVE-2008-4593 (Apple iPhone 2.1 with firmware 5F136, when Require Passcode is enabled ...) NOT-FOR-US: Apple iPhone 2.1 with firmware 5F136 CVE-2008-4654 (Stack-based buffer overflow in the parse_master function in the Ty dem ...) - vlc 1.0.3-1 (low; bug #502726) [etch] - vlc (introduced in 0.9.0) [lenny] - vlc (introduced in 0.9.0) CVE-2008-4686 (Multiple integer overflows in ty.c in the TY demux plugin (aka the TiV ...) {DSA-1819-1 DTSA-175-1} - vlc 0.8.6.h-4.1 (medium; bug #503118) CVE-2008-4687 (manage_proj_page.php in Mantis before 1.1.4 allows remote authenticate ...) - mantis 1.1.2+dfsg-7 (medium; bug #502728) NOTE: only registered users can perform this CVE-2008-4592 (Directory traversal vulnerability in index.php in Sports Clubs Web Pan ...) NOT-FOR-US: Sports Clubs Web Panel CVE-2008-4591 (Multiple cross-site scripting (XSS) vulnerabilities in admin/include/i ...) NOT-FOR-US: PhpWebGallery CVE-2008-4590 (Multiple SQL injection vulnerabilities in Stash 1.0.3 allow remote att ...) NOT-FOR-US: Stash CVE-2008-4589 (Heap-based buffer overflow in the tvtumin.sys kernel driver in Lenovo ...) NOT-FOR-US: Lenovo Rescue and Recovery CVE-2008-4588 (Stack-based buffer overflow in the FTP server in Etype Eserv 3.x, poss ...) NOT-FOR-US: Etype Eserv CVE-2008-4587 (Insecure method vulnerability in the MSVNClientDownloadManager61Lib.Do ...) NOT-FOR-US: Macrovision FLEXnet Connect CVE-2008-4586 (Insecure method vulnerability in the MVSNCLientWebAgent61.WebAgent.1 A ...) NOT-FOR-US: Macrovision FLEXnet Connect CVE-2008-4585 (Belong Software Site Builder 0.1 beta allows remote attackers to bypas ...) NOT-FOR-US: Software Site Builder CVE-2008-4584 (Insecure method vulnerability in Chilkat Mail 7.8 ActiveX control (Chi ...) NOT-FOR-US: Chilkat Mail CVE-2008-4583 (Insecure method vulnerability in the Chilkat FTP 2.0 ActiveX component ...) NOT-FOR-US: Chilkat FTP CVE-2008-4582 (Mozilla Firefox 3.0.1 through 3.0.3, Firefox 2.x before 2.0.0.18, and ...) {DSA-1697-1 DSA-1696-1 DSA-1671-1 DSA-1669-1} - xulrunner 1.9.0.4-1 - iceweasel 3.0.4-1 - iceape 1.1.13-1 - icedove 2.0.0.19-1 CVE-2008-4581 (The Editor in IBM ENOVIA SmarTeam 5 before release 18 SP5, and release ...) NOT-FOR-US: IBM ENOVIA SmarTeam CVE-2008-4580 (fence_manual, as used in fence 2.02.00-r1 and possibly cman, allows lo ...) - redhat-cluster 2.20080801-1 (low; bug #496410) [etch] - redhat-cluster (Minor issue) NOTE: already fixed in lenny CVE-2008-4579 (The (1) fence_apc and (2) fence_apc_snmp programs, as used in (a) fenc ...) - redhat-cluster 2.20081102-1 (low; bug #496410) [lenny] - redhat-cluster 2.20080801-4+lenny1 [etch] - redhat-cluster (Minor issue) CVE-2008-4578 (The ACL plugin in Dovecot before 1.1.4 allows attackers to bypass inte ...) - dovecot 1:1.1.9-1 (low; bug #502967) [etch] - dovecot (Minor issue) [lenny] - dovecot (Minor issue) CVE-2008-4577 (The ACL plugin in Dovecot before 1.1.4 treats negative access rights a ...) - dovecot 1:1.0.15-2.2 (low; bug #502967) [etch] - dovecot (Minor issue) CVE-2008-4576 (sctp in Linux kernel before 2.6.25.18 allows remote attackers to cause ...) {DSA-1687-1 DSA-1681-1} - linux-2.6 2.6.26-9 - linux-2.6.24 2.6.24-6~etchnhalf.7 CVE-2008-4575 (Buffer overflow in the DoCommand function in jhead before 2.84 might a ...) - jhead 2.84-1 (bug #502353; low) CVE-2008-4571 (Cross-site scripting (XSS) vulnerability in the LiveSearch module in P ...) - plone3 3.0.4-1 (low) CVE-2008-4569 (SQL injection vulnerability in xlacomments.asp in XIGLA Software Absol ...) NOT-FOR-US: XIGLA Software Absolute Poll Manager CVE-2008-4574 (SQL injection vulnerability in default.asp in Ayco Okul Portali allows ...) NOT-FOR-US: Ayco Okul Portali CVE-2008-4573 (SQL injection vulnerability in kategori.asp in MunzurSoft Wep Portal W ...) NOT-FOR-US: MunzurSoft Wep Portal W3 CVE-2008-4572 (GuildFTPd 0.999.14, and possibly other versions, allows remote attacke ...) NOT-FOR-US: GuildFTPd CVE-2008-4570 (SQL injection vulnerability in index.php in Real Estate Classifieds al ...) NOT-FOR-US: Real Estate Classifieds CVE-2008-4568 RESERVED CVE-2008-4567 RESERVED CVE-2008-4566 RESERVED CVE-2008-4565 RESERVED CVE-2008-4564 (Stack-based buffer overflow in wp6sr.dll in the Autonomy KeyView SDK 1 ...) NOT-FOR-US: Autonomy KeyView SDK CVE-2008-4563 (Heap-based buffer overflow in adsmdll.dll 5.3.7.7296, as used by the d ...) NOT-FOR-US: IBM Tivoli Storage Manager CVE-2008-4562 (Buffer overflow in the ovlaunch CGI program in HP OpenView Network Nod ...) NOT-FOR-US: HP OpenView Network Node Manager CVE-2008-4561 RESERVED CVE-2008-4560 (HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows ...) NOT-FOR-US: HP OpenView Network Node Manager CVE-2008-4559 (HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows ...) NOT-FOR-US: HP OpenView Network Node Manager CVE-2008-4557 (plugins/wacko/highlight/html.php in Strawberry in CuteNews.ru 1.1.1 (a ...) NOT-FOR-US: CuteNews.ru CVE-2008-4556 (Stack-based buffer overflow in the adm_build_path function in sadmind ...) NOT-FOR-US: Sun Solstice AdminSuite CVE-2008-4555 (Stack-based buffer overflow in the push_subg function in parser.y (lib ...) - graphviz 2.20.2-3 (low) [etch] - graphviz 2.8-3+etch1 NOTE: minor issue fixed in etch r6 point update CVE-2008-4554 (The do_splice_from function in fs/splice.c in the Linux kernel before ...) {DSA-1687-1 DSA-1681-1} - linux-2.6 2.6.26-9 - linux-2.6.24 2.6.24-6~etchnhalf.7 CVE-2008-4553 (qemu-make-debian-root in qemu 0.9.1-5 on Debian GNU/Linux allows local ...) {DSA-1657-1} - qemu 0.9.1-6 (low; bug #496394) CVE-2008-4552 (The good_client function in nfs-utils 1.0.9, and possibly other versio ...) - nfs-utils 1:1.1.3-1 [lenny] - nfs-utils 1:1.1.2-6lenny1 [etch] - nfs-utils (Minor issue) CVE-2008-4551 (strongSwan 4.2.6 and earlier allows remote attackers to cause a denial ...) - strongswan 4.2.4-5 (bug #502676) [etch] - strongswan (Vulnerable code not present) CVE-2008-4550 RESERVED CVE-2008-4549 (The ImageShack Toolbar ActiveX control (ImageShackToolbar.dll) in Imag ...) NOT-FOR-US: ImageShack Toolbar ActiveX control CVE-2008-4548 (Stack-based buffer overflow in the PTZCamPanelCtrl ActiveX control (Ca ...) NOT-FOR-US: PTZCamPanelCtrl ActiveX control CVE-2008-4547 (Heap-based buffer overflow in the PdvrAtl.PdvrOcx.1 ActiveX control (p ...) NOT-FOR-US: DVRHOST Web CMS CVE-2008-4546 (Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Ad ...) NOT-FOR-US: Adobe Flash Player CVE-2008-4558 (Array index error in VLC media player 0.9.2 allows remote attackers to ...) - vlc 0.9.3-1 (medium; bug #502314) [etch] - vlc (introduced in 0.9.0) [lenny] - vlc (introduced in 0.9.0) CVE-2008-4545 (Cisco Unity 4.x before 4.2(1)ES161, 5.x before 5.0(1)ES53, and 7.x bef ...) NOT-FOR-US: Cisco CVE-2008-4544 (Unspecified vulnerability in an unspecified Microsoft API, as used by ...) NOT-FOR-US: Microsoft CVE-2008-4543 (Cisco Unity 4.x before 4.2(1)ES161, 5.x before 5.0(1)ES53, and 7.x bef ...) NOT-FOR-US: Cisco CVE-2008-4542 (Cross-site scripting (XSS) vulnerability in Cisco Unity 4.x before 4.2 ...) NOT-FOR-US: Cisco CVE-2008-4541 (Heap-based buffer overflow in the FTP subsystem in Sun Java System Web ...) NOT-FOR-US: Sun Java System Web Proxy Server CVE-2008-4540 (Windows Mobile 6 on the HTC Hermes device makes WLAN passwords availab ...) NOT-FOR-US: Windows Mobile CVE-2008-4539 (Heap-based buffer overflow in the Cirrus VGA implementation in (1) KVM ...) {DSA-1799-1} - qemu 0.9.1+svn20081101-1 (low; bug #526040) [etch] - qemu (Vulnerable code not present) CVE-2008-4538 RESERVED CVE-2008-4537 (Cross-site scripting (XSS) vulnerability in EC-CUBE Ver1 1.4.6 and ear ...) NOT-FOR-US: EC-CUBE CVE-2008-4536 (Cross-site scripting (XSS) vulnerability in EC-CUBE Ver1 1.4.6 and ear ...) NOT-FOR-US: EC-CUBE CVE-2008-4535 (Cross-site scripting (XSS) vulnerability in EC-CUBE Ver2 2.1.2a and ea ...) NOT-FOR-US: EC-CUBE CVE-2008-4534 (SQL injection vulnerability in EC-CUBE Ver2 2.1.2a and earlier, and Ve ...) NOT-FOR-US: EC-CUBE CVE-2008-5299 (chm2pdf 0.9 allows user-assisted local users to delete arbitrary files ...) - chm2pdf 0.9.1-1.1 (low; bug #501959) CVE-2008-5298 (chm2pdf 0.9 uses temporary files in directories with fixed names, whic ...) - chm2pdf 0.9.1-1.1 (low; bug #501959) CVE-2008-4533 (Cross-site scripting (XSS) vulnerability in Kantan WEB Server 1.8 and ...) NOT-FOR-US: Kantan WEB Server CVE-2008-4532 (Cross-site scripting (XSS) vulnerability in index.php in MaxiScript We ...) NOT-FOR-US: MaxiScript Website Directory CVE-2008-4531 (SQL injection vulnerability in Brilliant Gallery 5.x before 5.x-4.2, a ...) NOT-FOR-US: Brilliant Gallery (drupal module) CVE-2008-4530 (Cross-site scripting (XSS) vulnerability in Brilliant Gallery 5.x befo ...) NOT-FOR-US: Brilliant Gallery (drupal module) CVE-2008-4529 (Multiple PHP remote file inclusion vulnerabilities in asiCMS alpha 0.2 ...) NOT-FOR-US: asiCMS CVE-2008-4528 (Directory traversal vulnerability in notes.php in Phlatline's Personal ...) NOT-FOR-US: Phlatline's Personal Information Manager CVE-2008-4527 (SQL injection vulnerability in recept.php in the Recepies (Recept) mod ...) NOT-FOR-US: PHP-Fusion CVE-2008-4526 (Multiple directory traversal vulnerabilities in CCMS 3.1 allow remote ...) NOT-FOR-US: CCMS CVE-2008-4525 (SQL injection vulnerability in index.php in AmpJuke 0.7.5 allows remot ...) NOT-FOR-US: AmpJuke CVE-2008-4524 (SQL injection vulnerability in the "Check User" feature (includes/chec ...) NOT-FOR-US: AdaptCMS CVE-2008-4523 (SQL injection vulnerability in login.php in IP Reg 0.4 and earlier all ...) NOT-FOR-US: IP Reg CVE-2008-4522 (Multiple directory traversal vulnerabilities in JMweb MP3 Music Audio ...) NOT-FOR-US: JMweb MP3 Music Audio Search and Download Script CVE-2008-4521 (SQL injection vulnerability in thisraidprogress.php in the World of Wa ...) NOT-FOR-US: World of Warcraft tracker CVE-2008-4520 (Cross-site scripting (XSS) vulnerability in bulk_update.pl in AutoNess ...) NOT-FOR-US: AutoNessus CVE-2008-4519 (Multiple directory traversal vulnerabilities in Fastpublish CMS 1.9999 ...) NOT-FOR-US: Fastpublish CMS CVE-2008-4518 (Multiple SQL injection vulnerabilities in Fastpublish CMS 1.9.9.9.9 d ...) NOT-FOR-US: Fastpublish CMS CVE-2008-4517 (SQL injection vulnerability in leggi.php in geccBBlite 2.0 allows remo ...) NOT-FOR-US: geccBBlite CVE-2008-4516 (SQL injection vulnerability in galerie.php in Galerie 3.2 allows remot ...) NOT-FOR-US: Galerie CVE-2008-4515 (Blue Coat K9 Web Protection 4.0.230 Beta relies on client-side JavaScr ...) NOT-FOR-US: Blue Coat K9 Web Protection CVE-2008-4514 (The HTML parser in KDE Konqueror 3.5.9 allows remote attackers to caus ...) - kdebase (unimportant) NOTE: browser crash is a non-issue CVE-2008-4513 (Cross-site scripting (XSS) vulnerability in BBcode API module in Phoru ...) NOT-FOR-US: Phorum CVE-2008-4512 (ASP/MS Access Shoutbox, probably 1.1 beta, stores db/shoutdb.mdb under ...) NOT-FOR-US: ASP/MS Access Shoutbox CVE-2008-4511 (Todd Woolums ASP News Management, possibly 2.21, stores db/news.mdb un ...) NOT-FOR-US: Todd Woolums ASP News Management CVE-2008-4510 (Microsoft Windows Vista Home and Ultimate Edition SP1 and earlier allo ...) NOT-FOR-US: Microsoft CVE-2008-4509 (Unrestricted file upload vulnerability in processFiles.php in FOSS Gal ...) NOT-FOR-US: FOSS Gallery CVE-2008-4508 (Stack-based buffer overflow in the file parsing function in Tonec Inte ...) NOT-FOR-US: Tonec Internet Download Manager CVE-2008-4507 (Unspecified vulnerability in IBM Lotus Quickr 8.1 before Fix pack 1 (8 ...) NOT-FOR-US: IBM Lotus Quickr CVE-2008-4506 (Unspecified vulnerability in IBM Lotus Quickr 8.1 before Fix pack 1 (8 ...) NOT-FOR-US: IBM Lotus Quickr CVE-2008-4505 (Unspecified vulnerability in IBM Lotus Quickr 8.1 before Fix pack 1 (8 ...) NOT-FOR-US: IBM Lotus Quickr CVE-2008-4504 (Heap-based buffer overflow in Mplayer.exe in Herosoft Inc. Hero DVD Pl ...) NOT-FOR-US: Herosoft Inc. Hero DVD Player CVE-2008-4503 (The Settings Manager in Adobe Flash Player 9.0.124.0 and earlier allow ...) NOT-FOR-US: Adobe Flash Player CVE-2008-4482 (The XML parser in Xerces-C++ before 3.0.0 allows context-dependent att ...) - xerces-c2 (unimportant; bug #502102) NOTE: Hardly a security issue, anyone who's concerned about this should use Xerces 3 CVE-2008-4480 (Heap-based buffer overflow in dhost.exe in Novell eDirectory 8.x befor ...) NOT-FOR-US: Novell eDirectory CVE-2008-4479 (Heap-based buffer overflow in dhost.exe in Novell eDirectory 8.8 befor ...) NOT-FOR-US: Novell eDirectory CVE-2008-4478 (Multiple integer overflows in dhost.exe in Novell eDirectory 8.8 befor ...) NOT-FOR-US: Novell eDirectory CVE-2008-4473 (Multiple heap-based buffer overflows in Adobe Flash CS3 Professional o ...) NOT-FOR-US: Flash CS3 Professional CVE-2008-4502 (Multiple PHP remote file inclusion vulnerabilities in DataFeedFile (DF ...) NOT-FOR-US: DataFeedFile PHP Framework API CVE-2008-4501 (Directory traversal vulnerability in the FTP server in Serv-U 7.0.0.1 ...) NOT-FOR-US: Serv-U CVE-2008-4500 (Serv-U 7.0.0.1 through 7.3, including 7.2.0.1, allows remote authentic ...) NOT-FOR-US: Serv-U CVE-2008-4499 (Multiple directory traversal vulnerabilities in PHP Web Explorer 0.99b ...) NOT-FOR-US: PHP Web Explorer CVE-2008-4498 (SQL injection vulnerability in searchresults.php in PHP Autos 2.9.1 al ...) NOT-FOR-US: PHP Autos CVE-2008-4497 (SQL injection vulnerability in event_detail.php in Built2Go Real Estat ...) NOT-FOR-US: Built2Go Real Estate Listings CVE-2008-4496 (SQL injection vulnerability in view_cat.php in PHP Realtor 1.5 allows ...) NOT-FOR-US: PHP Realtor CVE-2008-4495 (SQL injection vulnerability in view_cat.php in PHP Auto Dealer 2.7 all ...) NOT-FOR-US: PHP Auto Dealer CVE-2008-4494 (SQL injection vulnerability in completed-advance.php in TorrentTrader ...) NOT-FOR-US: TorrentTrader Classic CVE-2008-4493 (Microsoft PicturePusher ActiveX control (PipPPush.DLL 7.00.0709), as u ...) NOT-FOR-US: PicturePusher ActiveX CVE-2008-4492 (SQL injection vulnerability in referrals.php in YourOwnBux 4.0 allows ...) NOT-FOR-US: YourOwnBux CVE-2008-4491 (Apple Mail.app 3.5 on Mac OS X, when "Store draft messages on the serv ...) NOT-FOR-US: Mac OS CVE-2008-4490 (Directory traversal vulnerability in config.inc.php in phpAbook 0.8.8b ...) NOT-FOR-US: phpAbook CVE-2008-4489 (Directory traversal vulnerability in ap-save.php in Atarone CMS 1.2.0 ...) NOT-FOR-US: Atarone CMS CVE-2008-4488 (Cross-site scripting (XSS) vulnerability in ap-pages.php in Atarone CM ...) NOT-FOR-US: Atarone CMS CVE-2008-4487 (SQL injection vulnerability in ap-save.php in Atarone CMS 1.2.0 allows ...) NOT-FOR-US: Atarone CMS CVE-2008-4486 (Directory traversal vulnerability in index.php in SAC.php (SACphp), as ...) NOT-FOR-US: SACphp CVE-2008-4485 (Cross-site scripting (XSS) vulnerability in the ICAP patience page in ...) NOT-FOR-US: Blue Coat Security Gateway OS CVE-2008-4484 (main.php in Crux Gallery 1.32 and earlier allows remote attackers to g ...) NOT-FOR-US: Crux Gallery CVE-2008-4483 (Directory traversal vulnerability in index.php in Crux Gallery 1.32 an ...) NOT-FOR-US: Crux Gallery CVE-2008-4481 (Cross-site scripting (XSS) vulnerability in Redmine 0.7.2 and earlier ...) NOT-FOR-US: Redmine CVE-2008-4472 (The UpdateEngine class in the LiveUpdate ActiveX control (LiveUpdate16 ...) NOT-FOR-US: LiveUpdate ActiveX CVE-2008-4471 (Directory traversal vulnerability in the CExpressViewerControl class i ...) NOT-FOR-US: DWF Viewer ActiveX CVE-2008-4470 (Stack-based buffer overflow in Numark CUE 5.0 rev2 allows user-assiste ...) NOT-FOR-US: Numark CVE-2008-4469 (SQL injection vulnerability in view_cresume.php in Vastal I-Tech Freel ...) NOT-FOR-US: Vastal I-Tech Freelance Zone CVE-2008-4468 (SQL injection vulnerability in view_news.php in Vastal I-Tech Share Zo ...) NOT-FOR-US: Vastal I-Tech Freelance Zone CVE-2008-4467 (SQL injection vulnerability in show_series_ink.php in Vastal I-Tech To ...) NOT-FOR-US: Vastal I-Tech Freelance Zone CVE-2008-4466 (SQL injection vulnerability in view_products_cat.php in Vastal I-Tech ...) NOT-FOR-US: Vastal I-Tech Freelance Zone CVE-2008-4465 (SQL injection vulnerability in view_mags.php in Vastal I-Tech DVD Zone ...) NOT-FOR-US: Vastal I-Tech Freelance Zone CVE-2008-4464 (SQL injection vulnerability in view_mags.php in Vastal I-Tech Mag Zone ...) NOT-FOR-US: Vastal I-Tech Freelance Zone CVE-2008-4463 (SQL injection vulnerability in view_news.php in Vastal I-Tech Jobs Zon ...) NOT-FOR-US: Vastal I-Tech Freelance Zone CVE-2008-4462 (SQL injection vulnerability in view_news.php in Vastal I-Tech Visa Zon ...) NOT-FOR-US: Vastal I-Tech Freelance Zone CVE-2008-4461 (SQL injection vulnerability in advanced_search_results.php in Vastal I ...) NOT-FOR-US: Vastal I-Tech Freelance Zone CVE-2008-4460 (SQL injection vulnerability in game.php in Vastal I-Tech MMORPG Zone a ...) NOT-FOR-US: Vastal I-Tech Freelance Zone CVE-2008-4459 (SQL injection vulnerability in pick_users.php in the groups module in ...) NOT-FOR-US: eXtrovert Thyme CVE-2008-4458 (SQL injection vulnerability in listings.php in E-Php B2B Trading Marke ...) NOT-FOR-US: E-Php B2B Trading Marketplace Script CVE-2008-4457 (SQL injection vulnerability in inc/inc_statistics.php in MemHT Portal ...) NOT-FOR-US: MemHT Portal CVE-2008-4456 (Cross-site scripting (XSS) vulnerability in the command-line client in ...) {DSA-1783-1} - mysql-dfsg-5.0 5.0.51-1 (low; bug #526254) CVE-2008-4455 (Directory traversal vulnerability in index.php in EKINdesigns MySQL Qu ...) NOT-FOR-US: EKINdesigns MySQL Quick Admin CVE-2008-4454 (Directory traversal vulnerability in EKINdesigns MySQL Quick Admin 1.5 ...) NOT-FOR-US: EKINdesigns MySQL Quick Admin CVE-2008-4453 (The GdPicture (1) Light Imaging Toolkit 4.7.1 GdPicture4S.Imaging Acti ...) NOT-FOR-US: ActiveX control CVE-2008-4452 (Buffer overflow in Cambridge Computer Corporation vxFtpSrv 2.0.3 allow ...) NOT-FOR-US: Cambridge Computer Corporation vxFtpSrv CVE-2008-4451 (The SysInspector AntiStealth driver (esiasdrv.sys) 3.0.65535.0 in ESET ...) NOT-FOR-US: ESET System Analyzer Tool CVE-2008-4450 (Cross-site scripting (XSS) vulnerability in adodb.php in XAMPP for Win ...) NOT-FOR-US: XAMPP CVE-2008-4449 (Stack-based buffer overflow in mIRC 6.34 allows remote attackers to ex ...) NOT-FOR-US: mIRC CVE-2008-4448 (Cross-site request forgery (CSRF) vulnerability in actions.php in Posi ...) NOT-FOR-US: Positive Software H-Sphere WebShell CVE-2008-4447 (Cross-site scripting (XSS) vulnerability in actions.php in Positive So ...) NOT-FOR-US: Positive Software H-Sphere WebShell CVE-2008-4446 (Cross-site scripting (XSS) vulnerability in Nucleus EUC-JP 3.31 SP1 an ...) NOT-FOR-US: Nucleus EUC-JP CVE-2008-4445 (The sctp_auth_ep_set_hmacs function in net/sctp/auth.c in the Stream C ...) {DSA-1655-1} - linux-2.6 2.6.26-5 - linux-2.6.24 2.6.24-6~etchnhalf.6 [etch] - linux-2.6 (vulnerable code not present) CVE-2008-4444 (Cisco Unified IP Phone (aka SIP phone) 7960G and 7940G with firmware P ...) NOT-FOR-US: Cisco Unified IP Phone CVE-2008-4443 RESERVED CVE-2008-4442 RESERVED CVE-2008-4441 (The Marvell driver for the Linksys WAP4400N Wi-Fi access point with fi ...) NOT-FOR-US: Linksys CVE-2008-4439 (PHP remote file inclusion vulnerability in admin/bin/patch.php in Mart ...) NOT-FOR-US: MartinWood Datafeed Studio CVE-2008-4438 (Cross-site scripting (XSS) vulnerability in search.php in Datafeed Stu ...) NOT-FOR-US: Datafeed Studio CVE-2008-4437 (Directory traversal vulnerability in importxml.pl in Bugzilla before 2 ...) {DTSA-170-1} - bugzilla 3.0.5.0-1 (low; bug #502019) [etch] - bugzilla (Minor issue) CVE-2008-4436 (SQL injection vulnerability in bblog_plugins/builtin.help.php in bBlog ...) NOT-FOR-US: bBlog CVE-2008-4435 (Multiple cross-site scripting (XSS) vulnerabilities in the RMSOFT Down ...) NOT-FOR-US: RMSOFT Downloads Plus CVE-2008-4434 (Stack-based buffer overflow in (1) uTorrent 1.7.7 build 8179 and earli ...) NOT-FOR-US: uTorrent/Bittorrent CVE-2008-4433 (SQL injection vulnerability in search.php in the RMSOFT MiniShop modul ...) NOT-FOR-US: RMSOFT MiniShop (xoops) CVE-2008-4432 (Cross-site scripting (XSS) vulnerability in search.php in the RMSOFT M ...) NOT-FOR-US: RMSOFT MiniShop (xoops) CVE-2008-4431 (SQL injection vulnerability in index.php in IceBB 1.0-rc9.3 and earlie ...) NOT-FOR-US: IceBB CVE-2008-4430 REJECTED CVE-2008-4429 (Unspecified vulnerability in SOURCENEXT Virus Security ZERO 9.5.0173 a ...) NOT-FOR-US: SOURCENEXT Virus Security ZERO CVE-2008-4428 (Unrestricted file upload vulnerability in upload.php in Phlatline's Pe ...) NOT-FOR-US: Phlatline's Personal Information Manager CVE-2008-4427 (changepassword.php in Phlatline's Personal Information Manager (pPIM) ...) NOT-FOR-US: Phlatline's Personal Information Manager CVE-2008-4426 (Cross-site scripting (XSS) vulnerability in events.php in Phlatline's ...) NOT-FOR-US: Phlatline's Personal Information Manager CVE-2008-4425 (Directory traversal vulnerability in upload.php in Phlatline's Persona ...) NOT-FOR-US: Phlatline's Personal Information Manager CVE-2008-4424 (Cross-site scripting (XSS) vulnerability in index.php in Domain Group ...) NOT-FOR-US: Domain Group Network GooCMS CVE-2008-4423 (SQL injection vulnerability in index.php in Ovidentia 6.6.5 allows rem ...) NOT-FOR-US: Ovidentia CVE-2008-4422 REJECTED CVE-2008-4421 (Directory traversal vulnerability in MetaGauge 1.0.0.17, and probably ...) NOT-FOR-US: MetaGauge CVE-2008-4420 (Multiple stack-based buffer overflows in DZIP32.DLL before 5.0.0.8 in ...) NOT-FOR-US: DynaZip Max CVE-2008-4419 (Directory traversal vulnerability in the HP JetDirect web administrati ...) NOT-FOR-US: HP-ChaiSOE CVE-2008-4418 (Unspecified vulnerability in DCE in HP HP-UX B.11.11, B.11.23, and B.1 ...) NOT-FOR-US: HP-UX CVE-2008-4417 REJECTED CVE-2008-4416 (Unspecified vulnerability in the kernel in HP HP-UX B.11.31 allows loc ...) NOT-FOR-US: HP-UX CVE-2008-4415 (Unspecified vulnerability in HP Service Manager (HPSM) before 7.01.71 ...) NOT-FOR-US: HP Service Manager (HPSM) CVE-2008-4414 (Unspecified vulnerability in the AdvFS showfile command in HP Tru64 UN ...) NOT-FOR-US: HP Tru64 UNIX CVE-2008-4413 (Unspecified vulnerability in HP System Management Homepage (SMH) 2.2.6 ...) NOT-FOR-US: HP System Management Homepage CVE-2008-4412 (Unspecified vulnerability in HP Systems Insight Manager (SIM) before 5 ...) NOT-FOR-US: HP Systems Insight Manager CVE-2008-4411 (Cross-site scripting (XSS) vulnerability in HP System Management Homep ...) NOT-FOR-US: HP System Management Homepage CVE-2008-4410 (The vmi_write_ldt_entry function in arch/x86/kernel/vmi_32.c in the Vi ...) - linux-2.6 2.6.26-8 - linux-2.6.24 (Vulnerable code not present) [etch] - linux-2.6 (Vulnerable code not present) CVE-2008-4409 (libxml2 2.7.0 and 2.7.1 does not properly handle "predefined entities ...) - libxml2 [lenny] - libxml2 (Vulnerable code not present) [etch] - libxml2 (Vulnerable code not present) NOTE: The bug affects only to 2.7.0 and 2.7.1 CVE-2008-4406 (A certain Debian patch to the run scripts for sabre (aka xsabre) 0.2.4 ...) - sabre 0.2.4b-25 (low; bug #433996) [etch] - sabre (Game not qualified as multi-user system, thus minor issue) CVE-2008-4405 (xend in Xen 3.0.3 does not properly limit the contents of the /local/d ...) - xen-3 3.4.0-1 (bug #503811) - xen-unstable NOTE: a proposed patch leads to new problems, see CVE-2008-5716 CVE-2008-4404 (The IPv6 Neighbor Discovery Protocol (NDP) implementation on IBM zSeri ...) NOT-FOR-US: IPv6 NDP on IBM zSeries CVE-2008-4403 (The CGI modules in the server in Trend Micro OfficeScan 8.0 SP1 before ...) NOT-FOR-US: Trend Micro OfficeScan CVE-2008-4402 (Multiple buffer overflows in CGI modules in the server in Trend Micro ...) NOT-FOR-US: Trend Micro OfficeScan CVE-2008-4408 (Cross-site scripting (XSS) vulnerability in MediaWiki 1.13.1, 1.12.0, ...) {DTSA-171-1} - mediawiki 1:1.13.2-1 (low; bug #501115) [etch] - mediawiki (Vulnerable code not present) CVE-2008-4475 (ibackup 2.27 allows local users to overwrite arbitrary files via a sym ...) - ibackup (low; bug #496432) [etch] - ibackup (Minor issues) CVE-2008-4401 (ActionScript in Adobe Flash Player 9.0.124.0 and earlier does not requ ...) NOT-FOR-US: Adobe Flash Player CVE-2008-4400 (Unspecified vulnerability in asdbapi.dll in CA ARCserve Backup (former ...) NOT-FOR-US: CA ARCserve Backup CVE-2008-4399 (Unspecified vulnerability in the database engine service in asdbapi.dl ...) NOT-FOR-US: CA ARCserve Backup CVE-2008-4398 (Unspecified vulnerability in the tape engine service in asdbapi.dll in ...) NOT-FOR-US: CA ARCserve Backup CVE-2008-4397 (Directory traversal vulnerability in the RPC interface (asdbapi.dll) i ...) NOT-FOR-US: CA ARCserve Backup CVE-2008-4396 (Stack-based buffer overflow in Safer Networking FileAlyzer 1.6.0.0 and ...) NOT-FOR-US: Safer Networking FileAlyzer CVE-2008-4969 (ltp-network-test 20060918 allows local users to overwrite arbitrary fi ...) - ltp 20060918-3 (low; bug #496411) [etch] - ltp (Documented to be only suitable for single user setups currently) CVE-2008-4954 (mead.pl in fml 4.0.3 allows local users to overwrite arbitrary files v ...) - fml (low; bug #496370) [etch] - fml (Minor issue) CVE-2008-4957 (find_flags in Kitware GCC-XML (gccxml) 0.9.0 allows local users to ove ...) - gccxml 0.9.0+cvs20100501-1 (unimportant; bug #496391) NOTE: Only applies to a script used for an obscure SGI compiler CVE-2008-4943 (bulmages-servers 0.11.1 allows local users to overwrite arbitrary file ...) - bulmages (unimportant; bug #496382) NOTE: Only present in example scripts CVE-2008-5034 - printfilters-ppd (unimportant; bug #496417) NOTE: Only exploitable when modifying master-filter by hand CVE-2008-4955 (freevo.real in freevo 1.8.1 allows local users to overwrite arbitrary ...) - freevo (unimportant; bug #496373) NOTE: Only exploitable when modifying script by hand CVE-2008-4974 (rrdedit in netmrg 0.20 allows local users to overwrite arbitrary files ...) - netmrg 0.20-2 (low; bug #496384) [etch] - netmrg (Minor issue) CVE-2008-4960 (impose in impose+ 0.2 allows local users to overwrite arbitrary files ...) - impose+ 0.2-11.1 (low; bug #496435) [etch] - impose+ (Minor issue) CVE-2008-4964 (filters/any-UTF8 in konwert 1.8 allows local users to delete arbitrary ...) - konwert 1.8-11.2 (low; bug #496379) [etch] - konwert (Minor issue) CVE-2008-4986 (wims 3.62 allows local users to overwrite arbitrary files via a symlin ...) - wims 3.62-13.1 (low; bug #496387) [etch] - wims (Minor issue) CVE-2008-4474 (freeradius-dialupadmin in freeradius 2.0.4 allows local users to overw ...) - freeradius 2.0.4+dfsg-6 (low; bug #496389) [etch] - freeradius (Minor issue) CVE-2008-4995 (redirect.pl in bk2site 1.1.9 allows local users to overwrite arbitrary ...) - bk2site (unimportant; bug #496430) NOTE: Only debug code, script needs to be edited to exploit this CVE-2008-4983 (scilab-bin 4.1.2 allows local users to overwrite arbitrary files via a ...) - scilab 4.1.2-6 (low; bug #496414) [etch] - scilab (Non-free not supported) CVE-2008-4395 (Multiple buffer overflows in the ndiswrapper module 1.53 for the Linux ...) {DSA-1731-1} - ndiswrapper 1.53-2 (medium; bug #504696) CVE-2008-4394 (Multiple untrusted search path vulnerabilities in Portage before 2.1.4 ...) NOT-FOR-US: Gentoo package manager Portage CVE-2008-4393 (Cross-site scripting (XSS) vulnerability in VeriSign Kontiki Delivery ...) NOT-FOR-US: VeriSign Kontiki CVE-2008-4392 (dnscache in Daniel J. Bernstein djbdns 1.05 does not prevent simultane ...) - djbdns 1:1.05-10 (high; bug #516394) CVE-2008-4391 (Stack-based buffer overflow in the SetSource method in the NetCamPlaye ...) NOT-FOR-US: Cisco Linksys WVC54GC CVE-2008-4390 (The Cisco Linksys WVC54GC wireless video camera before firmware 1.25 s ...) NOT-FOR-US: Cisco Linksys WVC54GC CVE-2008-4389 (Symantec AppStream 5.2.x and Symantec Workspace Streaming (SWS) 6.1.x ...) NOT-FOR-US: Symantec AppStream CVE-2008-4388 (The LaunchObj ActiveX control before 5.2.2.865 in launcher.dll in Syma ...) NOT-FOR-US: LaunchObj ActiveX CVE-2008-4387 (Unspecified vulnerability in the Simba MDrmSap ActiveX control in mdrm ...) NOT-FOR-US: ActiveX CVE-2008-4386 RESERVED CVE-2008-4385 (Husdawg, LLC Systems Requirements Lab 3, as used by Instant Expert Ana ...) NOT-FOR-US: LLC Systems Requirements Lab CVE-2008-4384 (Multiple stack-based buffer overflows in MGI Software LPViewer ActiveX ...) NOT-FOR-US: LPViewer ActiveX CVE-2008-4383 (Stack-based buffer overflow in the Agranet-Emweb embedded management w ...) NOT-FOR-US: Agranet-Emweb CVE-2008-4382 (Konqueror in KDE 3.5.9 allows remote attackers to cause a denial of se ...) - kdebase (unimportant) NOTE: browser dos not treated as security issue. This is the same like CVE-2008-4381 NOTE: which will work in every JS browser as the PoC just creates a large string passing NOTE: it to alert and thus eating memory, no security issue. CVE-2008-4381 (Microsoft Internet Explorer 7 allows remote attackers to cause a denia ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2008-4380 (The web interface in Samsung DVR SHR2040 allows remote attackers to ca ...) NOT-FOR-US: Samsung DVR SHR2040 CVE-2008-4379 (Cross-site scripting (XSS) vulnerability in report.php in Mr. CGI Guy ...) NOT-FOR-US: Mr. CGI Guy Hot Links SQL-PHP CVE-2008-4378 (SQL injection vulnerability in report.php in Mr. CGI Guy Hot Links SQL ...) NOT-FOR-US: Mr. CGI Guy Hot Links SQL-PHP CVE-2008-4377 (SQL injection vulnerability in index.asp in Creative Mind Creator CMS ...) NOT-FOR-US: Creative Mind Creator CMS CVE-2008-4376 (SQL injection vulnerability in index.php in Live TV Script allows remo ...) NOT-FOR-US: Live TV Script CVE-2008-4375 (SQL injection vulnerability in viewprofile.php in Availscript Classmat ...) NOT-FOR-US: Availscript CVE-2008-4374 (SQL injection vulnerability in index.php in CMS Buzz allows remote att ...) NOT-FOR-US: CMS Buzz CVE-2008-4373 (SQL injection vulnerability in job_seeker/applynow.php in AvailScript ...) NOT-FOR-US: Availscript CVE-2008-4372 (Cross-site scripting (XSS) vulnerability in articles.php in AvailScrip ...) NOT-FOR-US: Availscript CVE-2008-4371 (SQL injection vulnerability in articles.php in AvailScript Article Scr ...) NOT-FOR-US: Availscript CVE-2008-4370 (Multiple cross-site scripting (XSS) vulnerabilities in Availscript Pho ...) NOT-FOR-US: Availscript CVE-2008-4369 (SQL injection vulnerability in pics.php in Availscript Photo Album all ...) NOT-FOR-US: Availscript CVE-2008-4368 (The default configuration of Java 1.5 on Apple Mac OS X 10.5.4 and 10. ...) NOT-FOR-US: Java on OSX CVE-2008-4367 RESERVED CVE-2008-4965 (liguidsoap.py in liguidsoap 0.3.8.1+2 allows local users to overwrite ...) {DTSA-177-1 DTSA-178-1} - liquidsoap 0.3.8.1+2-2 (low; bug #496360) [lenny] - liquidsoap 0.3.6-4+lenny1 CVE-2008-4966 (linux-patch-openswan 2.4.12 allows local users to overwrite arbitrary ...) - openswan 1:2.6.21+dfsg-2 (unimportant; bug #496376) NOTE: Only unused packaging bits CVE-2008-4941 (arb-common 0.0.20071207.1 allows local users to overwrite arbitrary fi ...) - arb 0.0.20071207.1-5 (low; bug #496396) CVE-2008-4940 (xmlfile.py in aptoncd 0.1 allows local users to overwrite arbitrary fi ...) - aptoncd 0.1-1.2 (bug #496390; low) CVE-2008-4947 (dhis-dummy-log-engine in dhis-server 5.3 allows local users to overwri ...) - dhis-server 5.3-1.2 (bug #496388; unimportant) CVE-2008-4967 (linuxtrade 3.65 allows local users to overwrite arbitrary files via a ...) - linuxtrade (unimportant; bug #496372) NOTE: unimportant since the program is dysfunctional with the current NOTE: trading website and thus not exploitable for practical purposes CVE-2008-4980 (delqueueask in rccp 0.9 allows local users to overwrite arbitrary file ...) - rccp 0.9-2.1 (low; bug #496364) [etch] - rccp (Minor issue) CVE-2008-4948 (fest.pl in digitaldj 0.7.5 allows local users to overwrite arbitrary f ...) - digitaldj 0.7.5-6.1 (low; bug #496399) [etch] - digitaldj (Minor issue) CVE-2008-4945 (amlabel-cdrw in cdrw-taper 0.4 might allow local users to overwrite ar ...) - cdrw-taper 0.4-2.1 (low; bug #496380) [etch] - cdrw-taper (Minor issue) CVE-2008-4958 (gdrae in gdrae 0.1 allows local users to overwrite arbitrary files via ...) - gdrae 0.1-1.1 (low; bug #496378) [etch] - gdrae (Minor issue) CVE-2008-4407 (XRunSabre in sabre (aka xsabre) 0.2.4b relies on the ability to create ...) - sabre 0.2.4b-25 (low; bug #433996) [etch] - sabre (Game not qualified as multi-user system, thus minor issue) CVE-2008-4366 (Unrestricted file upload vulnerability in the image upload component i ...) NOT-FOR-US: Camera Life CVE-2008-4365 (Cross-site scripting (XSS) vulnerability in search.php in Siteman 1.1. ...) NOT-FOR-US: Siteman CVE-2008-4364 (SQL injection vulnerability in default.aspx in ParsaGostar ParsaWeb CM ...) NOT-FOR-US: ParsaGostar ParsaWeb CMS CVE-2008-4363 (DLMFENC.sys 1.0.0.28 in DESlock+ 3.2.7 allows local users to cause a d ...) NOT-FOR-US: DESlock CVE-2008-4362 (The Virtual Token driver (vdlptokn.sys) 1.0.2.43 in DESlock+ 3.2.7 all ...) NOT-FOR-US: DESlock CVE-2008-4361 (Directory traversal vulnerability in PowerPortal 2.0.13 allows remote ...) NOT-FOR-US: PowerPortal CVE-2008-4360 (mod_userdir in lighttpd before 1.4.20, when a case-insensitive operati ...) {DSA-1645-1} - lighttpd 1.4.19-5 (low) NOTE: http://www.lighttpd.net/security/lighttpd_sa_2008_06.txt CVE-2008-4359 (lighttpd before 1.4.20 compares URIs to patterns in the (1) url.redire ...) {DSA-1645-1} - lighttpd 1.4.19-5 (low) NOTE: http://www.lighttpd.net/security/lighttpd_sa_2008_05.txt CVE-2008-4358 (Unspecified vulnerability in class/theme.class.php in SPAW Editor PHP ...) NOT-FOR-US: SPAW Editor PHP CVE-2008-4357 (SQL injection vulnerability in linkto.php in Powie pLink 2.07 allows r ...) NOT-FOR-US: Powie pLink CVE-2008-4356 (Multiple SQL injection vulnerabilities in Kasseler CMS 1.1.0 and 1.2.0 ...) NOT-FOR-US: Kasseler CMS CVE-2008-4355 (SQL injection vulnerability in showprofil.php in Powie PSCRIPT Forum ( ...) NOT-FOR-US: Powie PSCRIPT Forum CVE-2008-4354 (SQL injection vulnerability in the products module in NetArt Media iBo ...) NOT-FOR-US: NetArt Media iBoutique CVE-2008-4353 (SQL injection vulnerability in link.php in Linkarity allows remote att ...) NOT-FOR-US: Linkarity CVE-2008-4352 (SQL injection vulnerability in inc/pages/viewprofile.php in phpSmartCo ...) NOT-FOR-US: phpSmartCom CVE-2008-4351 (Directory traversal vulnerability in index.php in phpSmartCom 0.2 allo ...) NOT-FOR-US: phpSmartCom CVE-2008-4350 (SQL injection vulnerability in main.php in vbLOGIX Tutorial Script 1.0 ...) NOT-FOR-US: vbLOGIX Tutorial Script CVE-2008-4349 (Multiple cross-site scripting (XSS) vulnerabilities in news.php in s0n ...) NOT-FOR-US: s0nic Paranews CVE-2008-4348 (SQL injection vulnerability in photo.php in PHPortfolio, possibly 1.3, ...) NOT-FOR-US: PHPortfolio CVE-2008-4347 (SQL injection vulnerability in newskom.php in Powie pNews 2.03 allows ...) NOT-FOR-US: Powie pNews CVE-2008-4346 (Directory traversal vulnerability in TalkBack 2.3.6 and 2.3.6.4 allows ...) NOT-FOR-US: TalkBack CVE-2008-4345 (SQL injection vulnerability in download.php in WebPortal CMS 0.7.4 and ...) NOT-FOR-US: WebPortal CMS CVE-2008-4344 (SQL injection vulnerability in cat.php in 6rbScript allows remote atta ...) NOT-FOR-US: 6rbScript CVE-2008-4343 (The Chilkat XML ChilkatUtil.CkData.1 ActiveX control (ChilkatUtil.dll) ...) NOT-FOR-US: Chilkat XML ChilkatUtil.CkData.1 ActiveX control CVE-2008-4342 (NuMedia Soft NMS DVD Burning SDK Activex NMSDVDX.DVDEngineX.1 ActiveX ...) NOT-FOR-US: ActiveX CVE-2008-4341 (add.php in MyBlog 0.9.8 and earlier allows remote attackers to bypass ...) NOT-FOR-US: MyBlog CVE-2008-4340 (Google Chrome 0.2.149.29 and 0.2.149.30 allows remote attackers to cau ...) - chromium-browser (only 0.x is affected) - webkit (poc not effective) CVE-2008-4339 (Unspecified vulnerability in the Java Administration GUI (jnbSA) in Sy ...) NOT-FOR-US: Symantec Veritas NetBackup Server CVE-2008-4338 (SQL injection vulnerability in the brilliant_gallery_checklist_save fu ...) NOT-FOR-US: drupal brilliant gallery 3rd party module CVE-2008-4337 (Cross-site scripting (XSS) vulnerability in Bitweaver 2.0.2 allows rem ...) NOT-FOR-US: Bitweaver CVE-2008-4336 (Cross-site scripting (XSS) vulnerability in album.php in Atomic Photo ...) NOT-FOR-US: Atomic Photo Album CVE-2008-4335 (SQL injection vulnerability in album.php in Atomic Photo Album (APA) 1 ...) NOT-FOR-US: Atomic Photo Album CVE-2008-4334 (PHP infoBoard V.7 Plus allows remote attackers to bypass authenticatio ...) NOT-FOR-US: PHP infoBoard CVE-2008-4333 (Cross-site scripting (XSS) vulnerability in PHP infoBoard V.7 Plus all ...) NOT-FOR-US: PHP infoBoard CVE-2008-4332 (SQL injection vulnerability in the showjavatopic function in func.php ...) NOT-FOR-US: PHP infoBoard CVE-2008-4331 (Directory traversal vulnerability in library/pagefunctions.inc.php in ...) NOT-FOR-US: phpOCS CVE-2008-4330 (Directory traversal vulnerability in index.php in LanSuite 3.3.2 allow ...) NOT-FOR-US: LanSuite CVE-2008-4329 (PHP remote file inclusion vulnerability in cms/system/openengine.php i ...) NOT-FOR-US: openEngine CVE-2008-4328 (SQL injection vulnerability in site_search.php in EasyRealtorPRO 2008 ...) NOT-FOR-US: EasyRealtorPRO CVE-2008-4327 (gdiplus.dll in GDI+ in Microsoft Windows XP SP3 does not properly hand ...) NOT-FOR-US: Microsoft CVE-2008-4326 (The PMA_escapeJsString function in libraries/js_escape.lib.php in phpM ...) {DSA-1675-1} - phpmyadmin 4:2.11.8.1-3 NOTE: https://www.phpmyadmin.net/security/PMASA-2008-8/ NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/44f9f2f8b7475c2d48c529d9bfd0ff473cd328b1 (2.11 branch) NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/0d219abdcd55c11f7f629a58a2279f0839bd2acc CVE-2008-4325 (lib/viewvc.py in ViewVC 1.0.5 uses the content-type parameter in the H ...) - viewvc 1.0.9-1 (bug #500779; unimportant) CVE-2008-4324 (The user interface event dispatcher in Mozilla Firefox 3.0.3 on Window ...) - iceweasel (unimportant) NOTE: reproducible but browser DoS not treated as security issue CVE-2008-4323 (Windows Explorer in Microsoft Windows XP SP3 allows user-assisted atta ...) NOT-FOR-US: Windows Explorer CVE-2008-4322 (Stack-based buffer overflow in RealFlex Technologies Ltd. RealWin Serv ...) NOT-FOR-US: Microsoft CVE-2008-4321 (Buffer overflow in FlashGet (formerly JetCar) FTP 1.9 allows remote FT ...) NOT-FOR-US: FlashGet FTP CVE-2008-4320 (Multiple cross-site scripting (XSS) vulnerabilities in OpenNMS before ...) NOT-FOR-US: OpenNMS CVE-2008-4319 (fileadmin.php in Libra File Manager (aka Libra PHP File Manager) 1.18 ...) NOT-FOR-US: Libra File Manager CVE-2008-4318 (Observer 0.3.2.1 and earlier allows remote attackers to execute arbitr ...) NOT-FOR-US: Observer CVE-2008-4317 REJECTED CVE-2008-4316 (Multiple integer overflows in glib/gbase64.c in GLib before 2.20 allow ...) {DSA-1747-1} - glib2.0 2.20.0-1 (medium; bug #520046) CVE-2008-4315 (tog-pegasus in OpenGroup Pegasus 2.7.0 on Red Hat Enterprise Linux (RH ...) NOT-FOR-US: OpenPegasus CVE-2008-4314 (smbd in Samba 3.0.29 through 3.2.4 might allow remote attackers to rea ...) - samba 2:3.2.5-1 [etch] - samba (Vulnerable code not present) CVE-2008-4313 (A certain Red Hat patch for tog-pegasus in OpenGroup Pegasus 2.7.0 doe ...) NOT-FOR-US: OpenPegasus CVE-2008-4312 REJECTED CVE-2008-4311 (The default configuration of system.conf in D-Bus (aka DBus) before 1. ...) - dbus 1.2.1-5 (low; bug #508032) [etch] - dbus (Backport for Etch too risky for regressions for too little gain) CVE-2008-4310 (httputils.rb in WEBrick in Ruby 1.8.1 and 1.8.5, as used in Red Hat En ...) - ruby (bug #508030) NOTE: Red Hat-specific CVE-2008-4309 (Integer overflow in the netsnmp_create_subtree_cache function in agent ...) {DSA-1663-1} - net-snmp 5.4.1~dfsg-11 (bug #504150) CVE-2008-4308 (The doRead method in Apache Tomcat 4.1.32 through 4.1.34 and 5.5.10 th ...) - tomcat5.5 5.5.23-1 (low) CVE-2008-4307 (Race condition in the do_setlk function in fs/nfs/file.c in the Linux ...) {DSA-1794-1 DSA-1787-1} - linux-2.6 2.6.26-1 - linux-2.6.24 CVE-2008-4306 (Buffer overflow in enscript before 1.6.4 has unknown impact and attack ...) {DSA-1670-1} - enscript 1.6.4-13 (bug #506261) CVE-2008-4305 (Static code injection vulnerability in installation/setup.php in phpCo ...) NOT-FOR-US: phpCollab CVE-2008-4304 (general/login.php in phpCollab 2.5 rc3 and earlier allows remote attac ...) NOT-FOR-US: phpCollab CVE-2008-4303 (Multiple SQL injection vulnerabilities in phpCollab 2.5 rc3, 2.4, and ...) NOT-FOR-US: phpCollab CVE-2008-4302 (fs/splice.c in the splice subsystem in the Linux kernel before 2.6.22. ...) {DSA-1653-1} - linux-2.6 2.6.22-4 (low) - linux-2.6.24 (Vulnerable code not present) CVE-2008-4301 NOT-FOR-US: Microsoft CVE-2008-4300 (A certain ActiveX control in adsiis.dll in Microsoft Internet Informat ...) NOT-FOR-US: Microsoft CVE-2008-4299 (A certain ActiveX control in the Microsoft Internet Authentication Ser ...) NOT-FOR-US: Microsoft CVE-2008-4297 (Mercurial before 1.0.2 does not enforce the allowpull permission setti ...) - mercurial 1.0.1-5.1 (low; bug #500781) NOTE: the package doesnt install this script by default but ships it with the examples [etch] - mercurial (Only shipped in examples) CVE-2008-4296 (The Cisco Linksys WRT350N with firmware 1.0.3.7 has "admin" as its def ...) NOT-FOR-US: Cisco Linksys WRT350N CVE-2008-4295 (Microsoft Windows Mobile 6.0 on HTC Wiza 200 and HTC MDA 8125 devices ...) NOT-FOR-US: Microsoft CVE-2008-4294 (IBM Tivoli Netcool/Webtop 2.1 before 2.1.0.5 preserves cached user pri ...) NOT-FOR-US: IBM Tivoli Netcool/Webtop CVE-2008-4293 (Unspecified vulnerability in Opera before 9.52 on Windows, when regist ...) NOT-FOR-US: Opera CVE-2008-4292 (Opera before 9.52 does not check the CRL override upon encountering a ...) NOT-FOR-US: Opera CVE-2008-4291 RESERVED CVE-2008-4290 RESERVED CVE-2008-4289 RESERVED CVE-2008-4288 RESERVED CVE-2008-4287 RESERVED CVE-2008-4286 RESERVED CVE-2008-4285 (Unspecified vulnerability in the Performance Monitoring Infrastructure ...) NOT-FOR-US: IBM WebSphere Application Server CVE-2008-4284 (Open redirect vulnerability in the ibm_security_logout servlet in IBM ...) NOT-FOR-US: IBM WebSphere Application Server CVE-2008-4283 (CRLF injection vulnerability in the WebContainer component in IBM WebS ...) NOT-FOR-US: IBM WebSphere Application Server CVE-2008-4282 RESERVED CVE-2008-4281 (Directory traversal vulnerability in VMWare ESXi 3.5 before ESXe350-20 ...) NOT-FOR-US: VMware ESXi CVE-2008-4280 RESERVED CVE-2008-4279 (The CPU hardware emulation for 64-bit guest operating systems in VMwar ...) NOT-FOR-US: VMware Workstation CVE-2008-4278 (VMware VirtualCenter 2.5 before Update 3 build 119838 on Windows displ ...) NOT-FOR-US: VMware VirtualCenter CVE-2008-4277 REJECTED CVE-2008-4276 REJECTED CVE-2008-4275 REJECTED CVE-2008-4274 REJECTED CVE-2008-4273 REJECTED CVE-2008-4272 REJECTED CVE-2008-4271 REJECTED CVE-2008-4270 REJECTED CVE-2008-4269 (The search-ms protocol handler in Windows Explorer in Microsoft Window ...) NOT-FOR-US: Microsoft Windows Explorer CVE-2008-4268 (The Windows Search component in Microsoft Windows Vista Gold and SP1 a ...) NOT-FOR-US: Microsoft Office Excel CVE-2008-4267 REJECTED CVE-2008-4266 (Array index vulnerability in Microsoft Office Excel 2000 SP3, 2002 SP3 ...) NOT-FOR-US: Microsoft Office Excel CVE-2008-4265 (Microsoft Office Excel 2000 SP3 allows remote attackers to execute arb ...) NOT-FOR-US: Microsoft Office Excel CVE-2008-4264 (Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and ...) NOT-FOR-US: Microsoft Office Excel CVE-2008-4263 REJECTED CVE-2008-4262 REJECTED CVE-2008-4261 (Stack-based buffer overflow in Microsoft Internet Explorer 5.01 SP4, 6 ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2008-4260 (Microsoft Internet Explorer 7 sometimes attempts to access a deleted o ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2008-4259 (Microsoft Internet Explorer 7 sometimes attempts to access uninitializ ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2008-4258 (Microsoft Internet Explorer 5.01 SP4 and 6 SP1 does not properly valid ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2008-4257 REJECTED CVE-2008-4256 (The Charts ActiveX control in Microsoft Visual Basic 6.0, Visual Studi ...) NOT-FOR-US: Microsoft Visual Basic CVE-2008-4255 (Heap-based buffer overflow in mscomct2.ocx (aka Windows Common ActiveX ...) NOT-FOR-US: Microsoft Visual Basic CVE-2008-4254 (Multiple integer overflows in the Hierarchical FlexGrid ActiveX contro ...) NOT-FOR-US: Microsoft Visual Basic CVE-2008-4253 (The FlexGrid ActiveX control in Microsoft Visual Basic 6.0, Visual Fox ...) NOT-FOR-US: Microsoft Visual Basic CVE-2008-4252 (The DataGrid ActiveX control in Microsoft Visual Basic 6.0 and Visual ...) NOT-FOR-US: Microsoft Visual Basic CVE-2008-4251 REJECTED CVE-2008-4250 (The Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Serv ...) NOT-FOR-US: Microsoft Windows CVE-2008-4249 REJECTED CVE-2008-4248 REJECTED CVE-2008-4246 (Unspecified vulnerability in Denora IRC Stats Server before 1.4.1 allo ...) NOT-FOR-US: Denora IRC Stats Server CVE-2008-4245 (The Admin Control Panel in Rianxosencabos CMS 0.9 does not require adm ...) NOT-FOR-US: Rianxosencabos CMS CVE-2008-4244 (Rianxosencabos CMS 0.9 allows remote attackers to bypass authenticatio ...) NOT-FOR-US: Rianxosencabos CMS CVE-2008-4243 (Directory traversal vulnerability in ImageServer (aka UTImageServer) i ...) NOT-FOR-US: Epic Games Unreal Tournament CVE-2008-4242 (ProFTPD 1.3.1 interprets long commands from an FTP client as multiple ...) {DSA-1689-1} - proftpd-dfsg 1.3.1-15 (low; bug #502674) CVE-2008-4241 (SQL injection vulnerability in CJ Ultra Plus 1.0.4 and earlier allows ...) NOT-FOR-US: CJ Ultra Plus CVE-2008-4240 RESERVED CVE-2008-4239 RESERVED CVE-2008-4238 RESERVED CVE-2008-4237 (Managed Client in Apple Mac OS X before 10.5.6 sometimes misidentifies ...) NOT-FOR-US: Managed Client Mac OS X CVE-2008-4236 (Apple Type Services (ATS) in Apple Mac OS X 10.5 before 10.5.6 allows ...) NOT-FOR-US: Apple Type Services CVE-2008-4235 RESERVED CVE-2008-4234 (Incomplete blacklist vulnerability in the Quarantine feature in CoreTy ...) NOT-FOR-US: CoreTypes Apple Mac OS X CVE-2008-4233 (Safari in Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch ...) NOT-FOR-US: Apple CVE-2008-4232 (Safari in Apple iPhone OS 2.0 through 2.1 and iPhone OS for iPod touch ...) NOT-FOR-US: Safari CVE-2008-4231 (Safari in Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch ...) NOT-FOR-US: Apple CVE-2008-4230 (The Passcode Lock feature in Apple iPhone OS 1.0 through 2.1 and iPhon ...) NOT-FOR-US: Apple CVE-2008-4229 (Race condition in the Passcode Lock feature in Apple iPhone OS 2.0 thr ...) NOT-FOR-US: Apple CVE-2008-4228 (The Passcode Lock feature in Apple iPhone OS 1.0 through 2.1 and iPhon ...) NOT-FOR-US: Apple CVE-2008-4227 (Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch 1.1 throu ...) NOT-FOR-US: Apple CVE-2008-4226 (Integer overflow in the xmlSAX2Characters function in libxml2 2.7.2 al ...) {DSA-1666-1} - libxml2 2.6.32.dfsg-5 - chromium-browser 5.0.375.29~r46008-1 CVE-2008-4225 (Integer overflow in the xmlBufferResize function in libxml2 2.7.2 allo ...) {DSA-1666-1} - libxml2 2.6.32.dfsg-5 - chromium-browser 5.0.375.29~r46008-1 CVE-2008-4224 (UDF in Apple Mac OS X before 10.5.6 allows user-assisted attackers to ...) NOT-FOR-US: UDF Mac OS X CVE-2008-4223 (Podcast Producer in Apple Mac OS X 10.5 before 10.5.6 allows remote at ...) NOT-FOR-US: Podcast Producer Mac OS X CVE-2008-4222 (natd in network_cmds in Apple Mac OS X before 10.5.6, when Internet Sh ...) NOT-FOR-US: natd Mac OS X CVE-2008-4221 (The strptime API in Libsystem in Apple Mac OS X before 10.5.6 allows c ...) NOT-FOR-US: Libsystem Mac OS X CVE-2008-4220 (Integer overflow in the inet_net_pton API in Libsystem in Apple Mac OS ...) NOT-FOR-US: Libsystem Mac OS X CVE-2008-4219 (The kernel in Apple Mac OS X before 10.5.6 allows local users to cause ...) NOT-FOR-US: kernel Mac OS X CVE-2008-4218 (Multiple integer overflows in the kernel in Apple Mac OS X before 10.5 ...) NOT-FOR-US: kernel Mac OS X CVE-2008-4217 (Integer signedness error in BOM in Apple Mac OS X before 10.5.6 allows ...) NOT-FOR-US: BOM Apple Mac OS X CVE-2008-4216 (The plug-in interface in WebKit in Apple Safari before 3.2 does not pr ...) NOT-FOR-US: Safari CVE-2008-4215 (Weblog in Mac OS X Server 10.4.11 does not properly check an error con ...) NOT-FOR-US: Weblog Mac OS X CVE-2008-4214 (Unspecified vulnerability in Script Editor in Mac OS X 10.4.11 and 10. ...) NOT-FOR-US: Script Editor in Mac OS X CVE-2008-4213 RESERVED CVE-2008-4212 (Unspecified vulnerability in rlogind in the rlogin component in Mac OS ...) NOT-FOR-US: MacOS-only issue CVE-2008-4211 (Integer signedness error in (1) QuickLook in Apple Mac OS X 10.5.5 and ...) NOT-FOR-US: QuickLook Mac OS X CVE-2008-4210 (fs/open.c in the Linux kernel before 2.6.22 does not properly strip se ...) {DSA-1653-1} - linux-2.6 2.6.22-1 - linux-2.6.24 (Vulnerable code not prsent) NOTE: easily exploitable but of limited use as the attacker already needs access to a NOTE: directory that is setgid to the group he wants to get privileges for CVE-2008-4209 RESERVED CVE-2008-4208 (Unspecified vulnerability in OSADS Alliance Database before 2.1 has un ...) NOT-FOR-US: OSADS Alliance Database CVE-2008-4207 (Attachmax Dolphin 2.1.0 and earlier does not properly protect info.php ...) NOT-FOR-US: Attachmax Dolphin CVE-2008-4206 (PHP remote file inclusion vulnerability in config.php in Attachmax Dol ...) NOT-FOR-US: Attachmax Dolphin CVE-2008-4205 (SQL injection vulnerability in search.php Attachmax Dolphin 2.1.0 and ...) NOT-FOR-US: Attachmax Dolphin CVE-2008-4204 (SQL injection vulnerability in city.asp in SoftAcid Hotel Reservation ...) NOT-FOR-US: SoftAcid Hotel Reservation System CVE-2008-4203 (SQL injection vulnerability in cn_users.php in CzarNews 1.20 and earli ...) NOT-FOR-US: CzarNews CVE-2008-4202 (SQL injection vulnerability in index.php in Gonafish LinksCaffePRO 4.5 ...) NOT-FOR-US: Gonafish LinksCaffePRO CVE-2008-4200 (Opera before 9.52 does not ensure that the address field of a news fee ...) NOT-FOR-US: Opera CVE-2008-4199 (Opera before 9.52 does not prevent use of links from web pages to feed ...) NOT-FOR-US: Opera CVE-2008-4198 (Opera before 9.52, when rendering an http page that has loaded an http ...) NOT-FOR-US: Opera CVE-2008-4197 (Opera before 9.52 on Windows, Linux, FreeBSD, and Solaris, when proces ...) NOT-FOR-US: Opera CVE-2008-4196 (Cross-site scripting (XSS) vulnerability in Opera before 9.52 allows r ...) NOT-FOR-US: Opera CVE-2008-4195 (Opera before 9.52 does not properly restrict the ability of a framed w ...) NOT-FOR-US: Opera CVE-2008-4194 (The p_exec_query function in src/dns_query.c in pdnsd before 1.2.7-par ...) - pdnsd 1.2.6-par-10 (bug #500910) CVE-2008-4193 (Stack-based buffer overflow in SecurityGateway.dll in Alt-N Technologi ...) NOT-FOR-US: Alt-N Technologies SecurityGateway CVE-2008-4192 (The pserver_shutdown function in fence_egenera in cman 2.20080629 and ...) - redhat-cluster 2.20081102-1 (bug #496410; low) [lenny] - redhat-cluster 2.20080801-4+lenny1 CVE-2008-4191 (extract-table.pl in Emacspeak 26 and 28 allows local users to overwrit ...) - emacspeak 28.0-2 (bug #496431; low) [lenny] - emacspeak 26.0-3+lenny1 [etch] - emacspeak (Minor issue) CVE-2008-4190 (The IPSEC livetest tool in Openswan 2.4.12 and earlier, and 2.6.x thro ...) {DSA-1760-1} - openswan 1:2.4.12+dfsg-1.3 (bug #496374; low) [etch] - openswan (Vulnerable code only in example script) CVE-2008-XXXX [jumpnbump: insecure temp file] - jumpnbump 1.50+dfsg1-1 (low; bug #500611) [etch] - jumpnbump 1.50-6+etch1 CVE-2008-4959 (geo-code in gpsdrive-scripts 2.10~pre4 allows local users to overwrite ...) - gpsdrive 2.10~pre4-6.dfsg-1 (low; bug #496436) [etch] - gpsdrive (Minor issue) CVE-2008-4949 (dist 3.5 allows local users to overwrite arbitrary files via a symlink ...) - dist 1:3.5-17-2 (low; bug #496412) [etch] - dist 3.70-31etch1 CVE-2008-4970 (runiozone in lustre 1.6.5 allows local users to overwrite arbitrary fi ...) - lustre 1.6.5.1-1 (low; bug #496371) CVE-2008-4247 (ftpd in OpenBSD 4.3, FreeBSD 7.0, NetBSD 4.0, Solaris, and possibly ot ...) - linux-ftpd-ssl 0.17.27+0.3-3 (bug #500518) [etch] - linux-ftpd-ssl 0.17.18+0.3-6etch1 - linux-ftpd 0.17-29 (bug #500278) [etch] - linux-ftpd (Minor issue) CVE-2008-XXXX [possible script injection via /etc/wordpress/wp-config.php] - wordpress 2.8.4-1 (bug #500295; unimportant) NOTE: bigger problems, if attacker has access to /etc/wordpress/* CVE-2008-4298 (Memory leak in the http_request_parse function in request.c in lighttp ...) {DSA-1645-1} - lighttpd 1.4.19-5 (medium) NOTE: http://www.lighttpd.net/security/lighttpd_sa_2008_07.txt CVE-2008-XXXX [unsafe usage of temp file] - chillispot 1.0-10 (low; bug #500181) NOTE: the changelog doesn't mention the fix but its included in -10 [etch] - chillispot (minor issue) CVE-2008-XXXX [unsafe usage of temp file] - debtorrent 0.1.10 (unimportant; bug #500180) NOTE: Only exploitable when upgrading from an ancient version, package also not in Etch CVE-2008-4189 REJECTED CVE-2008-4188 (Unspecified vulnerability in the TYPO3 Secure Directory (kw_secdir) ex ...) NOT-FOR-US: kw_secdir extension for TYPO3 CVE-2008-4187 (Directory traversal vulnerability in index.php in ProActive CMS allows ...) NOT-FOR-US: ProActive CMS CVE-2008-4186 (SQL injection vulnerability in index.php in webCMS Portal Edition allo ...) NOT-FOR-US: webCMS Portal Edition CVE-2008-4185 (SQL injection vulnerability in index.php in webCMS Portal Edition allo ...) NOT-FOR-US: webCMS Portal Edition CVE-2008-4184 (Cross-site scripting (XSS) vulnerability in index.php in webCMS Portal ...) NOT-FOR-US: webCMS Portal Edition CVE-2008-4183 (IntegraMOD 1.4.x stores sensitive information under the web root with ...) NOT-FOR-US: IntegraMOD CVE-2008-4182 (Cross-site scripting (XSS) vulnerability in imp/test.php in Horde Turb ...) {DSA-1770-1} - turba2 2.2.1-2 (bug #500114; low) [etch] - turba2 (Minor issue) - imp4 4.2-3 (bug #500553; low) CVE-2008-4181 (Directory traversal vulnerability in includes/xml.php in the Netenberg ...) NOT-FOR-US: Netenberg Fantastico De Luxe module for cPanel CVE-2008-4180 (Unspecified vulnerability in db.php in NooMS 1.1 allows remote attacke ...) NOT-FOR-US: NooMS CVE-2008-4179 (Multiple cross-site scripting (XSS) vulnerabilities in NooMS 1.1 allow ...) NOT-FOR-US: NooMS CVE-2008-4178 (SQL injection vulnerability in tr.php in DownlineGoldmine Special Cate ...) NOT-FOR-US: DownlineGoldmine, etc. CVE-2008-4177 (SQL injection vulnerability in search.php in Pre Real Estate Listings ...) NOT-FOR-US: Pre Real Estate Listings CVE-2008-4176 (SQL injection vulnerability in izle.asp in FoT Video scripti 1.1 beta ...) NOT-FOR-US: FoT Video scripti CVE-2008-4175 (Multiple SQL injection vulnerabilities in Link Bid Script 1.5 allow re ...) NOT-FOR-US: Link Bid Script CVE-2008-4174 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in Dy ...) NOT-FOR-US: Dynamic MP3 Lister CVE-2008-4173 (SQL injection vulnerability in ProArcadeScript 1.3 allows remote attac ...) NOT-FOR-US: ProArcadeScript CVE-2008-4172 (SQL injection vulnerability in page.php in Cars & Vehicle (aka Car ...) NOT-FOR-US: Cars & Vehicle CVE-2008-4171 (SQL injection vulnerability in xmlout.php in Invision Power Board (IP. ...) NOT-FOR-US: Invision Power Board CVE-2008-4170 (create_account.php in osCommerce 2.2 RC 2a allows remote attackers to ...) NOT-FOR-US: osCommerce CVE-2008-4169 (SQL injection vulnerability in detaillist.php in iScripts EasyIndex, p ...) NOT-FOR-US: iScripts EasyIndex CVE-2008-4168 (Cross-site scripting (XSS) vulnerability in verify_login.jsp in Pro2co ...) NOT-FOR-US: Pro2col Stingray FTS CVE-2008-4167 (useradmin.php in Easy Photo Gallery (aka Ezphotogallery) 2.1 does not ...) NOT-FOR-US: Easy Photo Gallery CVE-2008-4166 (Integer overflow in the JavaScript engine in Avant Browser 11.7 Build ...) NOT-FOR-US: Avant Browser CVE-2008-4165 (admin/user/create_user.php in Kolab Groupware Server 1.0.0 places a us ...) NOT-FOR-US: Kolab Groupware Server 1.0.0 NOTE: Debian has kolabd and kolab-webadmin, but neither has the file create_user.php. NOTE: But we have only 0.4 (in etch) and 2.1 (in lenny+sid), maybe 1.0 is different. CVE-2008-4164 (cron.php in MemHT Portal 3.9.0 and earlier allows remote attackers to ...) NOT-FOR-US: MemHT Portal CVE-2008-4163 (Unspecified vulnerability in ISC BIND 9.3.5-P2-W1, 9.4.2-P2-W1, and 9. ...) - bind9 (windows specific issue) CVE-2008-4162 (Open redirect vulnerability in admin/auth.php in NooMS 1.1 allows remo ...) NOT-FOR-US: NooMS CVE-2008-4161 (SQL injection vulnerability in search_inv.php in Assetman 2.5b allows ...) NOT-FOR-US: Assetman CVE-2008-4160 (Unspecified vulnerability in the UFS module in Sun Solaris 8 through 1 ...) NOT-FOR-US: Sun Solaris CVE-2008-4159 (SQL injection vulnerability in index.php in Jaw Portal and Zanfi CMS l ...) NOT-FOR-US: Jaw Portal and Zanfi CMS CVE-2008-4158 (Multiple directory traversal vulnerabilities in index.php in Zanfi CMS ...) NOT-FOR-US: Zanfi CMS CVE-2008-4157 (SQL injection vulnerability in groups.php in Vastal I-Tech phpVID 1.1 ...) NOT-FOR-US: Vastal I-Tech phpVID CVE-2008-4156 (SQL injection vulnerability in print.php in CustomCms (CCMS) Gaming Po ...) NOT-FOR-US: CustomCms (CCMS) Gaming Portal CVE-2008-4155 (Multiple directory traversal vulnerabilities in EasySite 2.3 allow rem ...) NOT-FOR-US: EasySite CVE-2008-4154 (SQL injection vulnerability in living-e webEdition CMS allows remote a ...) NOT-FOR-US: living-e webEdition CMS CVE-2008-4153 (The Talk module 5.x before 5.x-1.3 and 6.x before 6.x-1.5, a module fo ...) NOT-FOR-US: Talk module for Drupal CVE-2008-4152 (Cross-site scripting (XSS) vulnerability in the Talk module 5.x before ...) NOT-FOR-US: Talk module for Drupal CVE-2008-4151 (Directory traversal vulnerability in collect.php in CYASK 3.x allows r ...) NOT-FOR-US: CYASK CVE-2008-4150 (SQL injection vulnerability in picture_category.php in Diesel Joke Sit ...) NOT-FOR-US: Diesel Joke Site CVE-2008-4149 (Cross-site scripting (XSS) vulnerability in the Greg Holsclaw Link to ...) NOT-FOR-US: Greg Holsclaw Link to Us module for Drupal CVE-2008-4148 (SQL injection vulnerability in the Mailhandler module 5.x before 5.x-1 ...) NOT-FOR-US: Mailhandler module for Drupal CVE-2008-4147 (Cross-site scripting (XSS) vulnerability in the Mailsave module 5.x be ...) NOT-FOR-US: Mailsave module for Drupal CVE-2008-4146 (Addalink 1.0 beta 4 and earlier allows remote attackers to (1) approve ...) NOT-FOR-US: Addalink CVE-2008-4145 (SQL injection vulnerability in user_read_links.php in Addalink 1.0 bet ...) NOT-FOR-US: Addalink CVE-2008-4144 (SQL injection vulnerability in index.php in ACG-ScriptShop E-Gold Scri ...) NOT-FOR-US: ACG-ScriptShop E-Gold Script Shop CVE-2008-4143 (SQL injection vulnerability in category_search.php in RazorCommerce Sh ...) NOT-FOR-US: RazorCommerce Shopping Cart CVE-2008-4142 (SQL injection vulnerability in article.php in E-Php CMS allows remote ...) NOT-FOR-US: E-Php CMS CVE-2008-4141 (Multiple PHP remote file inclusion vulnerabilities in x10Media x10 Aut ...) NOT-FOR-US: x10Media x10 Automatic MP3 Script CVE-2008-4140 (Cross-site scripting (XSS) vulnerability in admin.php in Quick.Cart 3. ...) NOT-FOR-US: Quick.Cart CVE-2008-4139 (Cross-site scripting (XSS) vulnerability in admin.php in OpenSolution ...) NOT-FOR-US: OpenSolution Quick.Cms.Lite CVE-2008-4138 (PHP remote file inclusion vulnerability in skin_shop/standard/3_plugin ...) NOT-FOR-US: Technote CVE-2008-4137 (PHP remote file inclusion vulnerability in footer.php in PHP-Crawler 0 ...) NOT-FOR-US: PHP-Crawler CVE-2008-4136 (Michael Roth Software Personal FTP Server (PFT) 6.0f allows remote att ...) NOT-FOR-US: Michael Roth Software Personal FTP Server (PFT) CVE-2008-4135 (Symbian OS S60 3rd edition on the Nokia E90 Communicator 07.40.1.2 Ra- ...) NOT-FOR-US: Symbian CVE-2008-4134 (PHP remote file inclusion vulnerability in manager/static/view.php in ...) NOT-FOR-US: phpRealty CVE-2008-4133 (The web proxy service on the D-Link DIR-100 with firmware 1.12 and ear ...) NOT-FOR-US: D-Link CVE-2008-4132 (Stack-based buffer overflow in the VSFlexGrid.VSFlexGridL ActiveX cont ...) NOT-FOR-US: SFlexGrid.VSFlexGridL ActiveX CVE-2008-4131 (Multiple unspecified vulnerabilities in Sun Solaris 8 through 10 allow ...) NOT-FOR-US: Sun Solaris CVE-2008-4130 (Cross-site scripting (XSS) vulnerability in Gallery 2.x before 2.2.6 a ...) - gallery2 2.2.6-1 CVE-2008-4129 (Gallery before 1.5.9, and 2.x before 2.2.6, does not properly handle Z ...) - gallery 1.5.9-1 (medium) - gallery2 2.2.6-1 (medium) CVE-2008-4128 (Multiple cross-site request forgery (CSRF) vulnerabilities in the HTTP ...) NOT-FOR-US: Cisco CVE-2008-4127 (Mshtml.dll in Microsoft Internet Explorer 7 Gold 7.0.5730 and 8 Beta 8 ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2008-4126 (PyDNS (aka python-dns) before 2.3.1-5 in Debian GNU/Linux does not use ...) {DSA-1619-1} - python-dns 2.3.1-5 (bug #490217) CVE-2008-4125 (The search function in phpBB 2.x provides a search_id value that leaks ...) - phpbb2 2.0.23+repack-3 (low; bug #500086) [etch] - phpbb2 (Minor issue) - phpbb3 (vulnerable code not present) NOTE: this is actually a bug in the seeding by PHP, not phpBB per se, but NOTE: fixing it nonetheless as a workaround. CVE-2008-4124 RESERVED CVE-2008-4123 RESERVED CVE-2008-4122 (Joomla! 1.5.8 does not set the secure flag for the session cookie in a ...) NOT-FOR-US: Joomla! CVE-2008-4121 (Multiple cross-site scripting (XSS) vulnerabilities in cpCommerce befo ...) NOT-FOR-US: cpCommerce CVE-2008-4120 (Multiple cross-site scripting (XSS) vulnerabilities in FlatPress 0.804 ...) NOT-FOR-US: FlatPress CVE-2008-4119 (Multiple cross-site scripting (XSS) vulnerabilities in CA Service Desk ...) NOT-FOR-US: CA Service Desk CVE-2008-4118 (Cross-site scripting (XSS) vulnerability in High Norm Sound Master 2nd ...) NOT-FOR-US: High Norm Sound Master CVE-2008-4117 (Unspecified vulnerability in a web page in the PRM module in Sun Manag ...) NOT-FOR-US: Sun Management Center (SunMC) CVE-2008-4116 (Buffer overflow in Apple QuickTime 7.5.5 and iTunes 8.0 allows remote ...) NOT-FOR-US: Apple CVE-2008-4201 (Heap-based buffer overflow in the decodeMP4file function (frontend/mai ...) - faad2 2.6.1-3.1 (bug #499899) NOTE: http://bugs.gentoo.org/show_bug.cgi?id=238445 NOTE: http://www.audiocoding.com/ NOTE: http://www.audiocoding.com/patch/main_overflow.diff CVE-2008-4115 (TalkBack 2.3.6 allows remote attackers to obtain configuration informa ...) NOT-FOR-US: TalkBack CVE-2008-4114 (srv.sys in the Server service in Microsoft Windows 2000 SP4, XP SP2 an ...) NOT-FOR-US: Microsoft Windows CVE-2008-4113 (The sctp_getsockopt_hmac_ident function in net/sctp/socket.c in the St ...) {DSA-1655-1} - linux-2.6 2.6.26-5 [etch] - linux-2.6 (Vulnerable code not present) - linux-2.6.24 2.6.24-6~etchnhalf.6 CVE-2008-4112 REJECTED CVE-2008-4111 (Unspecified vulnerability in Servlet Engine/Web Container in IBM WebSp ...) NOT-FOR-US: IBM WebSphere Application Server CVE-2008-4110 (Buffer overflow in the SQLVDIRLib.SQLVDirControl ActiveX control in To ...) NOT-FOR-US: Microsoft CVE-2008-4107 (The (1) rand and (2) mt_rand functions in PHP 5.2.6 do not produce cry ...) - php5 (unimportant; bug #500087) NOTE: the rand() and mt_rand() functions were never said to be cryptographically strong NOTE: http://www.math.sci.hiroshima-u.ac.jp/~m-mat/MT/efaq.html CVE-2008-4106 (WordPress before 2.6.2 does not properly handle MySQL warnings about i ...) {DSA-1871-2 DSA-1871-1} - wordpress 2.5.1-8 (bug #500115) CVE-2008-4105 (JRequest in Joomla! 1.5 before 1.5.7 does not sanitize variables that ...) NOT-FOR-US: Joomla! CVE-2008-4104 (Multiple open redirect vulnerabilities in Joomla! 1.5 before 1.5.7 all ...) NOT-FOR-US: Joomla! CVE-2008-4103 (The mailto (aka com_mailto) component in Joomla! 1.5 before 1.5.7 send ...) NOT-FOR-US: Joomla! CVE-2008-4102 (Joomla! 1.5 before 1.5.7 initializes PHP's PRNG with a weak seed, whic ...) NOT-FOR-US: Joomla! CVE-2008-4101 (Vim 3.0 through 7.x before 7.2.010 does not properly escape characters ...) {DSA-1733-1} - vim 2:7.2.010-1 (low; bug #500381) [lenny] - vim 1:7.1.314-3+lenny1 [squeeze] - vim 1:7.1.314-3+lenny1 CVE-2008-4098 (MySQL before 5.0.67 allows local users to bypass certain privilege che ...) {DSA-1662-1} - mysql-dfsg-5.0 5.0.67-1 [lenny] - mysql-dfsg-5.0 5.0.51a-18 [squeeze] - mysql-dfsg-5.0 5.0.51a-18 CVE-2008-4097 (MySQL 5.0.51a allows local users to bypass certain privilege checks by ...) {DSA-1608-1} - mysql-dfsg-5.0 5.0.51a-10 CVE-2008-4095 (Multiple unspecified vulnerabilities in the Importer in Flip4Mac WMV b ...) NOT-FOR-US: Flip4Mac WMV CVE-2008-4094 (Multiple SQL injection vulnerabilities in Ruby on Rails before 2.1.1 a ...) - rails 2.1.0-1 (medium; bug #500791) NOTE: in mysql this only allows information disclosure as multiline statements are NOTE: not allowed by default CVE-2008-4093 (SQL injection vulnerability in memberstats.php in YourOwnBux 3.1 and 3 ...) NOT-FOR-US: YourOwnBux CVE-2008-4092 (SQL injection vulnerability in printfeature.php in myPHPNuke (MPN) bef ...) NOT-FOR-US: myPHPNuke CVE-2008-4091 (SQL injection vulnerability in index.php in Web Directory Script 1.5.3 ...) NOT-FOR-US: Web Directory Script CVE-2008-4090 (SQL injection vulnerability in index.php in PHP Coupon Script 4.0 allo ...) NOT-FOR-US: PHP Coupon Script CVE-2008-4089 (Cross-site scripting (XSS) vulnerability in print.php in myPHPNuke (MP ...) NOT-FOR-US: myPHPNuke CVE-2008-4088 (SQL injection vulnerability in print.php in myPHPNuke (MPN) before 1.8 ...) NOT-FOR-US: myPHPNuke CVE-2008-4087 (Stack-based buffer overflow in Acoustica Beatcraft 1.02 Build 19 allow ...) NOT-FOR-US: Acoustica Beatcraft CVE-2008-4086 (SQL injection vulnerability in index.php in Reciprocal Links Manager 1 ...) NOT-FOR-US: Reciprocal Links Manager CVE-2008-4085 (plaiter in Plait before 1.6 allows local users to overwrite arbitrary ...) - plait 1.5.2-2 (low; bug #496381) CVE-2008-4084 (SQL injection vulnerability in staticpages/easyclassifields/index.php ...) NOT-FOR-US: MyioSoft EasyClassifields CVE-2008-4083 (Cross-site scripting (XSS) vulnerability in the Bookmarks plugin in Br ...) NOT-FOR-US: Brim CVE-2008-4082 (SQL injection vulnerability in the Tasks plugin in Brim 2.0.0, when ma ...) NOT-FOR-US: Brim CVE-2008-4081 (admin/login.php in Stash 1.0.3 allows remote attackers to bypass authe ...) NOT-FOR-US: Stash CVE-2008-4080 (SQL injection vulnerability in Stash 1.0.3, when magic_quotes_gpc is d ...) NOT-FOR-US: Stash CVE-2008-4079 (Cross-site scripting (XSS) vulnerability in Movable Type (MT) 4.x thro ...) - movabletype-opensource 4.2~rc5-1 (low; bug #499252) CVE-2008-4078 (SQL injection vulnerability in the AR/AP transaction report in (1) Led ...) - sql-ledger (unimportant) NOTE: Only supported behind an authenticated HTTP zone, see README.Debian CVE-2008-4077 (The CGI scripts in (1) LedgerSMB (LSMB) before 1.2.15 and (2) SQL-Ledg ...) - sql-ledger (unimportant) NOTE: Only supported behind an authenticated HTTP zone CVE-2008-4076 (Cross-site scripting (XSS) vulnerability in (1) Tor World Tor Board 1. ...) NOT-FOR-US: Tor World Software CVE-2008-4075 (Directory traversal vulnerability in index.php in D-iscussion Board 3. ...) NOT-FOR-US: D-iscussion Board CVE-2008-4074 (SQL injection vulnerability in index.php in Zanfi Autodealers CMS AutO ...) NOT-FOR-US: Zanfi Autodealers CMS CVE-2008-4073 (SQL injection vulnerability in index.php in Zanfi Autodealers CMS AutO ...) NOT-FOR-US: Zanfi Autodealers CMS CVE-2008-4072 (Multiple SQL injection vulnerabilities in index.php in phsBlog 0.2 all ...) NOT-FOR-US: phsBlog CVE-2008-4071 (A certain ActiveX control in Adobe Acrobat 9, when used with Microsoft ...) NOT-FOR-US: Microsoft CVE-2008-4070 (Heap-based buffer overflow in Mozilla Thunderbird before 2.0.0.17 and ...) {DSA-1697-1 DSA-1696-1} - iceape 1.1.12-1 - icedove 2.0.0.17-1 CVE-2008-4069 (The XBM decoder in Mozilla Firefox before 2.0.0.17 and SeaMonkey befor ...) {DSA-1697-1 DSA-1669-1 DSA-1649-1} - iceweasel 3.0.1-1 - xulrunner 1.9.0.1-1 - iceape 1.1.12-1 CVE-2008-4068 (Directory traversal vulnerability in Mozilla Firefox before 2.0.0.17 a ...) {DSA-1697-1 DSA-1696-1 DSA-1669-1 DSA-1649-1} - xulrunner 1.9.0.3-1 - iceape 1.1.12-1 - iceweasel 3.0.3-1 - icedove 2.0.0.17-1 CVE-2008-4067 (Directory traversal vulnerability in Mozilla Firefox before 2.0.0.17 a ...) {DSA-1697-1 DSA-1696-1 DSA-1669-1 DSA-1649-1} - xulrunner 1.9.0.3-1 - iceape 1.1.12-1 - iceweasel 3.0.3-1 - icedove 2.0.0.17-1 CVE-2008-4066 (Mozilla Firefox 2.0.0.14, and other versions before 2.0.0.17, allows r ...) {DSA-1669-1 DSA-1649-1} - iceweasel 3.0.1-1 - xulrunner 1.9.0.1-1 - iceape 1.1.12-1 [etch] - iceape (Etch Packages no longer covered by security support) - icedove 2.0.0.17-1 CVE-2008-4065 (Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird befo ...) {DSA-1697-1 DSA-1696-1 DSA-1669-1 DSA-1649-1} - xulrunner 1.9.0.3-1 - iceape 1.1.12-1 - iceweasel 3.0.3-1 - icedove 2.0.0.17-1 CVE-2008-4064 (Multiple unspecified vulnerabilities in Mozilla Firefox 3.x before 3.0 ...) {DSA-1669-1} - xulrunner 1.9.0.3-1 - iceweasel 3.0.3-1 [etch] - iceweasel (Vulnerable code not present) CVE-2008-4063 (Multiple unspecified vulnerabilities in Mozilla Firefox 3.x before 3.0 ...) {DSA-1669-1} - xulrunner 1.9.0.3-1 - iceweasel 3.0.3-1 [etch] - iceweasel (Vulnerable code not present) CVE-2008-4062 (Multiple unspecified vulnerabilities in Mozilla Firefox before 2.0.0.1 ...) {DSA-1697-1 DSA-1696-1 DSA-1669-1 DSA-1649-1} - xulrunner 1.9.0.3-1 - iceape 1.1.12-1 - iceweasel 3.0.3-1 - icedove 2.0.0.17-1 CVE-2008-4061 (Integer overflow in the MathML component in Mozilla Firefox before 2.0 ...) {DSA-1697-1 DSA-1696-1 DSA-1669-1 DSA-1649-1} - xulrunner 1.9.0.3-1 - iceape 1.1.12-1 - iceweasel 3.0.3-1 - icedove 2.0.0.17-1 CVE-2008-4060 (Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird befo ...) {DSA-1697-1 DSA-1696-1 DSA-1669-1 DSA-1649-1} - xulrunner 1.9.0.3-1 - iceape 1.1.12-1 - iceweasel 3.0.3-1 - icedove 2.0.0.17-1 CVE-2008-4059 (The XPConnect component in Mozilla Firefox before 2.0.0.17 allows remo ...) {DSA-1697-1 DSA-1696-1 DSA-1669-1 DSA-1649-1} - xulrunner 1.9.0.3-1 - iceape 1.1.12-1 - iceweasel 3.0.3-1 - icedove 2.0.0.17-1 CVE-2008-4058 (The XPConnect component in Mozilla Firefox before 2.0.0.17 and 3.x bef ...) {DSA-1697-1 DSA-1696-1 DSA-1669-1 DSA-1649-1} - xulrunner 1.9.0.3-1 - iceape 1.1.12-1 - iceweasel 3.0.3-1 - icedove 2.0.0.17-1 CVE-2008-4057 (Unspecified vulnerability in Objective Development Sharity 3 before 3. ...) NOT-FOR-US: Objective Development Sharity CVE-2008-4056 (Cross-site scripting (XSS) vulnerability in admin/login.php in Matterd ...) NOT-FOR-US: Matterdaddy Market CVE-2008-4055 (SQL injection vulnerability in tops_top.php in Million Pixel Ad Script ...) NOT-FOR-US: Million Pixel Ad Script CVE-2008-4054 (SQL injection vulnerability in indir.php in Kolifa.net Download Script ...) NOT-FOR-US: Kolifa.net Download Script CVE-2008-4053 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in th ...) NOT-FOR-US: Bluemoon PopnupBLOG CVE-2008-4052 (Stack-based buffer overflow in SMGSHR.EXE in OpenVMS for Integrity Ser ...) NOT-FOR-US: OpenVMS for Integrity Servers CVE-2008-4051 (Cross-site scripting (XSS) vulnerability in surveyresults.asp in Smart ...) NOT-FOR-US: Smart Survey CVE-2008-4050 (A certain ActiveX control in fwRemoteCfg.dll 3.3.3.1 in Friendly Techn ...) NOT-FOR-US: Friendly Technologies FriendlyPPPoE Client CVE-2008-4049 (A certain ActiveX control in fwRemoteCfg.dll 3.3.3.1 in Friendly Techn ...) NOT-FOR-US: Friendly Technologies FriendlyPPPoE Client CVE-2008-4048 (Heap-based buffer overflow in a certain ActiveX control in fwRemoteCfg ...) NOT-FOR-US: Friendly Technologies FriendlyPPPoE Client CVE-2008-4047 (Unspecified vulnerability in Novell Forum (formerly SiteScape Forum) 7 ...) NOT-FOR-US: Novell Forum CVE-2008-4046 (SQL injection vulnerability in index.php in eliteCMS 1.0 allows remote ...) NOT-FOR-US: eliteCMS CVE-2008-4045 (Multiple cross-site scripting (XSS) vulnerabilities in @Mail 5.42 allo ...) NOT-FOR-US: @Mail CVE-2008-4044 (SQL injection vulnerability in article/readarticle.php in AJ Square aj ...) NOT-FOR-US: AJ Square aj-hyip CVE-2008-4043 (Multiple SQL injection vulnerabilities in AJ Square AJ HYIP Acme allow ...) NOT-FOR-US: AJ Square aj-hyip CVE-2008-4042 REJECTED CVE-2008-4041 (The IMAP server in Softalk Mail Server (formerly WorkgroupMail) 8.5.1. ...) NOT-FOR-US: Softalk Mail Server CVE-2008-4040 (Directory traversal vulnerability in the Kyocera Command Center in Kyo ...) NOT-FOR-US: Kyocera FS-118MFP CVE-2008-4039 (SQL injection vulnerability in index.php in Spice Classifieds allows r ...) NOT-FOR-US: Spice Classifieds CVE-2008-4038 (Buffer underflow in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server ...) NOT-FOR-US: Microsoft Windows CVE-2008-4037 (Microsoft Windows 2000 Gold through SP4, XP Gold through SP3, Server 2 ...) NOT-FOR-US: Microsoft Windows CVE-2008-4036 (Integer overflow in Memory Manager in Microsoft Windows XP SP2 and SP3 ...) NOT-FOR-US: Microsoft Windows CVE-2008-4035 REJECTED CVE-2008-4034 REJECTED CVE-2008-4033 (Cross-domain vulnerability in Microsoft XML Core Services 3.0 through ...) NOT-FOR-US: Microsoft XML Core CVE-2008-4032 (Microsoft Office SharePoint Server 2007 Gold and SP1 and Microsoft Sea ...) NOT-FOR-US: Microsoft Office Word CVE-2008-4031 (Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and ...) NOT-FOR-US: Microsoft Office Word CVE-2008-4030 (Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and ...) NOT-FOR-US: Microsoft Office Word CVE-2008-4029 (Cross-domain vulnerability in Microsoft XML Core Services 3.0 and 4.0, ...) NOT-FOR-US: Microsoft XML Core CVE-2008-4028 (Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and ...) NOT-FOR-US: Microsoft Office Word CVE-2008-4027 (Double free vulnerability in Microsoft Office Word 2000 SP3, 2002 SP3, ...) NOT-FOR-US: Microsoft Office Word CVE-2008-4026 (Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and ...) NOT-FOR-US: Microsoft Office Word CVE-2008-4025 (Integer overflow in Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3 ...) NOT-FOR-US: Microsoft Office Word CVE-2008-4024 (Microsoft Office Word 2000 SP3 and 2002 SP3 and Office 2004 for Mac al ...) NOT-FOR-US: Microsoft Office Word CVE-2008-4023 (Active Directory in Microsoft Windows 2000 SP4 does not properly alloc ...) NOT-FOR-US: Microsoft Windows CVE-2008-4022 REJECTED CVE-2008-4021 REJECTED CVE-2008-4020 (Cross-site scripting (XSS) vulnerability in Microsoft Office XP SP3 al ...) NOT-FOR-US: Microsoft Office CVE-2008-4019 (Integer overflow in the REPT function in Microsoft Excel 2000 SP3, 200 ...) NOT-FOR-US: Microsoft Office CVE-2008-4109 (A certain Debian patch for OpenSSH before 4.3p2-9etch3 on etch; before ...) {DSA-1638-1 CVE-2006-5051} - openssh 1:4.6p1-1 (low) NOTE: The patch backported for CVE-2006-5051 was incorrect and did not NOTE: fully address the issue. The upstream fix in 4.4p1 was NOTE: right, and it the next unstable upload after that was 4.6p1. CVE-2008-4100 (GNU adns 1.4 and earlier uses a fixed source port and sequential trans ...) - adns 1.4-2 (unimportant; bug #492698) NOTE: adns is not supported in untrusted contexts, fix documents this in README.Debian CVE-2008-4099 (PyDNS (aka python-dns) before 2.3.1-4 in Debian GNU/Linux does not use ...) {DSA-1619-1} - python-dns 2.3.1-5 (low; bug #490217) CVE-2008-4096 (libraries/database_interface.lib.php in phpMyAdmin before 2.11.9.1 all ...) {DSA-1641-1} - phpmyadmin 4:2.11.8.1-2 (medium) NOTE: https://www.phpmyadmin.net/security/PMASA-2008-7/ NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/f8d65ec564ada5c839be8f3f07f483cd82ce6a11 (2.11 branch) NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/64623fe9dbccff3f1ad9a54f844f91cefd07569c CVE-2008-XXXX [unsafe use of tempfile in ssmclient] - smsclient (unimportant; bug #498901) NOTE: script is not in use and only a suggestion for users CVE-2008-4108 (Tools/faqwiz/move-faqwiz.sh (aka the generic FAQ wizard moving tool) i ...) - python-defaults (unimportant; bug #498899) NOTE: script is an example, which can be used by users CVE-2008-4018 (swcons in bos.rte.console in IBM AIX 5.2.0 through 6.1.1 allows local ...) NOT-FOR-US: IBM AIX CVE-2008-4017 (Unspecified vulnerability in the OC4J component in Oracle Application ...) NOT-FOR-US: Oracle CVE-2008-4016 (Unspecified vulnerability in the Collaborative Workspaces component in ...) NOT-FOR-US: Oracle CVE-2008-4015 (Unspecified vulnerability in the Oracle Streams component in Oracle Da ...) NOT-FOR-US: Oracle CVE-2008-4014 (Unspecified vulnerability in the Oracle BPEL Process Manager component ...) NOT-FOR-US: Oracle CVE-2008-4013 (Unspecified vulnerability in the WebLogic Server component in BEA Prod ...) NOT-FOR-US: BEA WebLogic CVE-2008-4012 (Unspecified vulnerability in the WebLogic Workshop component in BEA Pr ...) NOT-FOR-US: BEA WebLogic CVE-2008-4011 (Unspecified vulnerability in the WebLogic Server component in BEA Prod ...) NOT-FOR-US: BEA WebLogic CVE-2008-4010 (Unspecified vulnerability in the WebLogic Workshop component in BEA Pr ...) NOT-FOR-US: BEA WebLogic CVE-2008-4009 (Unspecified vulnerability in the WebLogic Server component in BEA Prod ...) NOT-FOR-US: BEA WebLogic CVE-2008-4008 (Unspecified vulnerability in the WebLogic Server Plugins for Apache co ...) NOT-FOR-US: BEA WebLogic CVE-2008-4007 (Unspecified vulnerability in the PeopleSoft Enterprise Components comp ...) NOT-FOR-US: Oracle CVE-2008-4006 (Unspecified vulnerability in the Oracle Secure Backup component in Ora ...) NOT-FOR-US: Oracle CVE-2008-4005 (Unspecified vulnerability in the Oracle Application Express component ...) NOT-FOR-US: Oracle CVE-2008-4004 (Unspecified vulnerability in the JDE EnterpriseOne Business Service Se ...) NOT-FOR-US: Oracle CVE-2008-4003 (Unspecified vulnerability in the PeopleTools component in Oracle Peopl ...) NOT-FOR-US: Oracle CVE-2008-4002 (Unspecified vulnerability in the PeopleTools component in Oracle Peopl ...) NOT-FOR-US: Oracle CVE-2008-4001 (Unspecified vulnerability in the PeopleSoft Enterprise Portal componen ...) NOT-FOR-US: Oracle CVE-2008-4000 (Unspecified vulnerability in the PeopleTools component in Oracle Peopl ...) NOT-FOR-US: Oracle CVE-2008-3999 (Unspecified vulnerability in the Oracle OLAP component in Oracle Datab ...) NOT-FOR-US: Oracle CVE-2008-3998 (Unspecified vulnerability in the Oracle iStore component in Oracle E-B ...) NOT-FOR-US: Oracle CVE-2008-3997 (Unspecified vulnerability in the Oracle OLAP component in Oracle Datab ...) NOT-FOR-US: Oracle CVE-2008-3996 (Unspecified vulnerability in the Change Data Capture component in Orac ...) NOT-FOR-US: Oracle CVE-2008-3995 (Unspecified vulnerability in the Change Data Capture component in Orac ...) NOT-FOR-US: Oracle CVE-2008-3994 (Unspecified vulnerability in the Workspace Manager component in Oracle ...) NOT-FOR-US: Oracle CVE-2008-3993 (Unspecified vulnerability in the Oracle Applications Framework compone ...) NOT-FOR-US: Oracle CVE-2008-3992 (Unspecified vulnerability in the Oracle Data Mining component in Oracl ...) NOT-FOR-US: Oracle CVE-2008-3991 (Unspecified vulnerability in the Oracle OLAP component in Oracle Datab ...) NOT-FOR-US: Oracle CVE-2008-3990 (Unspecified vulnerability in the Oracle OLAP component in Oracle Datab ...) NOT-FOR-US: Oracle CVE-2008-3989 (Unspecified vulnerability in the Oracle Data Mining component in Oracl ...) NOT-FOR-US: Oracle CVE-2008-3988 (Unspecified vulnerability in the iSupplier Portal component in Oracle ...) NOT-FOR-US: Oracle CVE-2008-3987 (Unspecified vulnerability in the Oracle Discoverer Desktop component i ...) NOT-FOR-US: Oracle CVE-2008-3986 (Unspecified vulnerability in the Oracle Discoverer Administrator compo ...) NOT-FOR-US: Oracle CVE-2008-3985 (Unspecified vulnerability in the Oracle Applications Technology Stack ...) NOT-FOR-US: Oracle CVE-2008-3984 (Unspecified vulnerability in the Workspace Manager component in Oracle ...) NOT-FOR-US: Oracle CVE-2008-3983 (Unspecified vulnerability in the Workspace Manager component in Oracle ...) NOT-FOR-US: Oracle CVE-2008-3982 (Unspecified vulnerability in the Workspace Manager component in Oracle ...) NOT-FOR-US: Oracle CVE-2008-3981 (Unspecified vulnerability in the Oracle Secure Backup component in Ora ...) NOT-FOR-US: Oracle CVE-2008-3980 (Unspecified vulnerability in the Upgrade component in Oracle Database ...) NOT-FOR-US: Oracle CVE-2008-3979 (Unspecified vulnerability in the Oracle Spatial component in Oracle Da ...) NOT-FOR-US: Oracle CVE-2008-3978 (Unspecified vulnerability in the Oracle Spatial component in Oracle Da ...) NOT-FOR-US: Oracle CVE-2008-3977 (Unspecified vulnerability in the Oracle Portal component in Oracle App ...) NOT-FOR-US: Oracle CVE-2008-3976 (Unspecified vulnerability in the Oracle Spatial component in Oracle Da ...) NOT-FOR-US: Oracle CVE-2008-3975 (Unspecified vulnerability in the Oracle Portal component in Oracle App ...) NOT-FOR-US: Oracle CVE-2008-3974 (Unspecified vulnerability in the Oracle OLAP component in Oracle Datab ...) NOT-FOR-US: Oracle CVE-2008-3973 (Unspecified vulnerability in the SQL*Plus Windows GUI component in Ora ...) NOT-FOR-US: Oracle CVE-2008-3972 (pkcs15-tool in OpenSC before 0.11.6 does not apply security updates to ...) {DSA-1627-2} - opensc 0.11.4-5 CVE-2008-3971 (Heap-based buffer overflow in the open_man_file function in callbacks. ...) - gmanedit 0.4.1-1.1 (low; bug #497835) [etch] - gmanedit (Minor issue) CVE-2008-3970 (pam_mount 0.10 through 0.45, when luserconf is enabled, does not verif ...) {DTSA-169-1} - libpam-mount 0.48-1 (low; bug #499841) CVE-2008-3969 (Multiple unspecified vulnerabilities in BitlBee before 1.2.3 allow rem ...) - bitlbee 1.2.3-1 (bug #498159) [etch] - bitlbee (1.0.x not affected) CVE-2008-3968 (Cross-site scripting (XSS) vulnerability in userlist.php in PunBB befo ...) NOT-FOR-US: PunBB CVE-2008-3967 (moderation.php in MyBB (aka MyBulletinBoard) before 1.4.1 does not pro ...) NOT-FOR-US: MyBB CVE-2008-3966 (Multiple cross-site scripting (XSS) vulnerabilities in MyBB (aka MyBul ...) NOT-FOR-US: MyBB CVE-2008-3965 (SQL injection vulnerability in misc.php in MyBB (aka MyBulletinBoard) ...) NOT-FOR-US: MyBB CVE-2008-3961 (Multiple unspecified vulnerabilities in Adobe Illustrator CS2 on Macin ...) NOT-FOR-US: Adobe Illustrator CVE-2008-3960 (Unspecified vulnerability in the JDBC Applet Server Service (aka db2jd ...) NOT-FOR-US: IBM DB2 UDB CVE-2008-3959 (IBM DB2 UDB 8.1 before FixPak 16, 8.2 before FixPak 9, and 9.1 before ...) NOT-FOR-US: IBM DB2 UDB CVE-2008-3958 (IBM DB2 UDB 8 before Fixpak 17 allows remote attackers to cause a deni ...) NOT-FOR-US: IBM DB2 UDB CVE-2008-3957 (The Microsoft Windows Image Acquisition Logger ActiveX control allows ...) NOT-FOR-US: Microsoft CVE-2008-3956 (orgchart.exe in Microsoft Organization Chart 2.00 allows user-assisted ...) NOT-FOR-US: Microsoft CVE-2008-3955 (SQL injection vulnerability in index.php in Masir Camp E-Shop Module 3 ...) NOT-FOR-US: Masir Camp E-Shop Module CVE-2008-3954 (SQL injection vulnerability in index.php in AlstraSoft Forum Pay Per P ...) NOT-FOR-US: AlstraSoft Forum Pay Per Post Exchange CVE-2008-3953 (SQL injection vulnerability in keyword_search_action.php in Vastal I-T ...) NOT-FOR-US: Vastal I-Tech Shaadi Zone CVE-2008-3952 (SQL injection vulnerability in questions.php in EsFaq 2.0 allows remot ...) NOT-FOR-US: EsFaq CVE-2008-3951 (SQL injection vulnerability in view_ann.php in Vastal I-Tech Agent Zon ...) NOT-FOR-US: The Real Estate Script CVE-2008-3950 (Off-by-one error in the _web_drawInRect:withFont:ellipsis:alignment:me ...) - webkit (Vulnerable code not present) NOTE: bug #500306 CVE-2008-3949 (emacs/lisp/progmodes/python.el in Emacs 22.1 and 22.2 imports Python s ...) - emacs22 22.2+2-4 (low; bug #499568) - emacs21 (doesn't provide the python functionality) - xemacs21 (doesn't provide the python functionality) NOTE: This can happen with any Python script, just because Emacs autoloads one NOTE: doesn't make it much worse CVE-2008-3948 (SQL injection vulnerability in admin/users/self-2.php in XRMS allows r ...) NOT-FOR-US: XRMS CRM CVE-2008-3947 (DCL (aka the CLI) in OpenVMS Alpha 8.3 allows local users to gain priv ...) NOT-FOR-US: OpenVMS CVE-2008-3946 (The finger client in HP TCP/IP Services for OpenVMS 5.x allows local u ...) NOT-FOR-US: OpenVMS CVE-2008-3945 (SQL injection vulnerability in index.php in Words tag 1.2 allows remot ...) NOT-FOR-US: Words tag CVE-2008-3944 (SQL injection vulnerability in index.php in ACG-PTP 1.0.6 allows remot ...) NOT-FOR-US: ACG-PTP CVE-2008-3943 (SQL injection vulnerability in listtest.php in eZoneScripts Living Loc ...) NOT-FOR-US: eZoneScripts Living Local CVE-2008-3942 (SQL injection vulnerability in landsee.php in Full PHP Emlak Script al ...) NOT-FOR-US: Full PHP Emlak Script CVE-2008-3941 (Cross-site scripting (XSS) vulnerability in BizDirectory 2.04 and earl ...) NOT-FOR-US: BizDirectory CVE-2008-3940 (Format string vulnerability in the finger client in HP TCP/IP Services ...) NOT-FOR-US: OpenVMS CVE-2008-3939 (Directory traversal vulnerability in the web interface in AVTECH PageR ...) NOT-FOR-US: AVTECH PageR Enterprise CVE-2008-3938 (Cross-site request forgery (CSRF) vulnerability in user_admin.php in O ...) NOT-FOR-US: Open Media Collectors Database CVE-2008-3937 (Multiple cross-site scripting (XSS) vulnerabilities in Open Media Coll ...) NOT-FOR-US: Open Media Collectors Database CVE-2008-3936 (The web interface in Dreambox DM500C allows remote attackers to cause ...) NOT-FOR-US: Dreambox DM500C CVE-2008-3935 (Cross-site scripting (XSS) vulnerability in DIC shop_v50 3.0 and earli ...) NOT-FOR-US: DIC shop_v50 CVE-2008-3931 (javareconf in R 2.7.2 allows local users to overwrite arbitrary files ...) - r-base-core-ra 1.1.1-2 (low; bug #496363) - r-base 2.7.2-1 (low; bug #496418) [etch] - r-base (Minor issue) [lenny] - r-base 2.7.1-1+lenny1 CVE-2008-3930 (migrate_aliases.sh in Citadel Server 7.37 allows local users to overwr ...) - citadel 7.37-3 (low; bug #496359) CVE-2008-3929 (gather-messages.sh in Ampache 3.4.1 allows local users to overwrite ar ...) - ampache 3.4.1-2 (unimportant; bug #496369) NOTE: Tracking as unimportant, since the script is only used NOTE: when translating ampache to a new language CVE-2008-3928 (test.sh in Honeyd 1.5c might allow local users to overwrite arbitrary ...) - honeyd 1.5c-5 (unimportant; bug #496365) NOTE: Script not used by package, only a manual test script CVE-2008-3927 (genmsgidx in Tiger 3.2.2 allows local users to overwrite or delete arb ...) - tiger 1:3.2.2-4 (unimportant; bug #496415) NOTE: Tracking as unimportant, since the script is only used NOTE: during build time CVE-2008-3926 (Multiple directory traversal vulnerabilities in Content Management Mad ...) NOT-FOR-US: Content Management Made Easy CVE-2008-3925 (Cross-site request forgery (CSRF) vulnerability in admin.php in Conten ...) NOT-FOR-US: Content Management Made Easy CVE-2008-3924 (The "Make a backup" functionality in Content Management Made Easy (CMM ...) NOT-FOR-US: Content Management Made Easy CVE-2008-3923 (Multiple cross-site scripting (XSS) vulnerabilities in statistics.php ...) NOT-FOR-US: Content Management Made Easy CVE-2008-3922 (awstatstotals.php in AWStats Totals 1.0 through 1.14 allows remote att ...) NOT-FOR-US: AWStats Totals CVE-2008-3921 (Multiple cross-site scripting (XSS) vulnerabilities in AWStats Totals ...) NOT-FOR-US: AWStats Totals CVE-2008-3919 (Unspecified vulnerability in multiple JustSystems Ichitaro products al ...) NOT-FOR-US: JustSystems Ichitaro CVE-2008-3918 (SQL injection vulnerability in index.php in Ovidentia 6.6.5 allows rem ...) NOT-FOR-US: Ovidentia CVE-2008-3917 (Cross-site scripting (XSS) vulnerability in index.php in Ovidentia 6.6 ...) NOT-FOR-US: Ovidentia CVE-2008-3916 (Heap-based buffer overflow in the strip_escapes function in signal.c i ...) - ed 0.7-2 (low) [etch] - ed (Minor issue) CVE-2008-3915 (Buffer overflow in nfsd in the Linux kernel before 2.6.26.4, when NFSv ...) {DSA-1636-1} - linux-2.6 2.6.26-5 - linux-2.6.24 2.6.24-6~etchnhalf.5 [etch] - linux-2.6 (Vulnerable code was introduced in 2.6.19) NOTE: 91b80969ba466ba4b915a4a1d03add8c297add3f CVE-2008-3911 (The proc_do_xprt function in net/sunrpc/sysctl.c in the Linux kernel 2 ...) - linux-2.6 2.6.26-5 [etch] - linux-2.6 (Vulnerable code not present) - linux-2.6.24 (Vulnerable code not present) CVE-2008-3906 (CRLF injection vulnerability in Sys.Web in Mono 2.0 and earlier allows ...) - mono 1.9.1+dfsg-4 (low; bug #498894) CVE-2008-3905 (resolv.rb in Ruby 1.8.5 and earlier, 1.8.6 before 1.8.6-p287, 1.8.7 be ...) {DSA-1652-1 DSA-1651-1} - ruby1.8 1.8.7.72-1 (bug #498978) - ruby1.9 1.9.0.2-6 (bug #498977) CVE-2008-3903 (Asterisk Open Source 1.2.x before 1.2.32, 1.4.x before 1.4.24.1, and 1 ...) {DSA-1952-1} - asterisk 1:1.6.1.0~dfsg-1 (low; bug #522528) [etch] - asterisk (Etch Packages no longer covered by security support) [lenny] - asterisk (Minor issue) NOTE: http://downloads.asterisk.org/pub/security/AST-2009-003.html CVE-2008-3902 (HP firmware 68DTT F.0D stores pre-boot authentication passwords in the ...) NOT-FOR-US: HP firmware 68DTT CVE-2008-3962 (The from_format function in ssmtp.c in ssmtp 2.61 and 2.62, in certain ...) - ssmtp 2.62-1.1 (low; bug #498366) [etch] - ssmtp (Minor issue, only affects rare corner cases) CVE-2008-3963 (MySQL 5.0 before 5.0.66, 5.1 before 5.1.26, and 6.0 before 6.0.6 does ...) {DSA-1783-1} - mysql-dfsg-5.0 5.0.51a-15 (low; bug #498362) CVE-2008-3964 (Multiple off-by-one errors in libpng before 1.2.32beta01, and 1.4 befo ...) - libpng 1.2.27-2 (low; bug #501109) [etch] - libpng (Vulnerable code not present) NOTE: off-by-one error in pngpread.c is not present, must have NOTE: been introduced later, but pngtest.c is affected. However, there NOTE: is no known exploit. CVE-2008-3912 (libclamav in ClamAV before 0.94 allows attackers to cause a denial of ...) {DSA-1660-1} - clamav 0.94.dfsg-1 CVE-2008-3913 (Multiple memory leaks in freshclam/manager.c in ClamAV before 0.94 mig ...) {DSA-1660-1} - clamav 0.94.dfsg-1 CVE-2008-3914 (Multiple unspecified vulnerabilities in ClamAV before 0.94 have unknow ...) {DSA-1660-1} - clamav 0.94.dfsg-1 CVE-2008-3934 (Unspecified vulnerability in Wireshark (formerly Ethereal) 0.99.6 thro ...) {DTSA-167-1} - wireshark 1.0.3-1 (bug #497878) [etch] - wireshark (Only >= 0.99.6) CVE-2008-3933 (Wireshark (formerly Ethereal) 0.10.14 through 1.0.2 allows attackers t ...) {DSA-1673-1 DTSA-167-1} - wireshark 1.0.3-1 (low; bug #497878) CVE-2008-3932 (Wireshark (formerly Ethereal) 0.9.7 through 1.0.2 allows attackers to ...) {DTSA-167-1} - wireshark 1.0.3-1 (low; bug #497878) CVE-2008-3904 (src/main-win.c in GPicView 0.1.9 in Lightweight X11 Desktop Environmen ...) - gpicview 0.1.9-2 (low; bug #498022) CVE-2008-3909 (The administration application in Django 0.91, 0.95, and 0.96 stores u ...) {DSA-1640-1} - python-django 1.0-1 NOTE: http://www.djangoproject.com/weblog/2008/sep/02/security/ CVE-2008-3910 (dns2tcp before 0.4.1 does not properly handle negative values in a cer ...) - dns2tcp 0.4.dfsg-2 (medium; bug #497730) CVE-2008-3901 (Software suspend 2 2-2.2.1, when used with the Linux kernel 2.6.16, st ...) - linux-patch-tuxonice (Fixed before initial upload) CVE-2008-3900 (Intel firmware PE94510M.86A.0050.2007.0710.1559 stores pre-boot authen ...) NOT-FOR-US: Intel firmware CVE-2008-3899 (TrueCrypt 5.0 stores pre-boot authentication passwords in the BIOS Key ...) NOT-FOR-US: TrueCrypt CVE-2008-3898 (Secu Star DriveCrypt Plus Pack 3.9 stores pre-boot authentication pass ...) NOT-FOR-US: Secu Star DriveCrypt CVE-2008-3897 (DiskCryptor 0.2.6 on Windows stores pre-boot authentication passwords ...) NOT-FOR-US: DiskCryptor CVE-2008-3896 (Grub Legacy 0.97 and earlier stores pre-boot authentication passwords ...) - grub (unimportant) NOTE: you need to be root on linux to do this, root can easily edit menu.lst anyway CVE-2008-3895 (LILO 22.6.1 and earlier stores pre-boot authentication passwords in th ...) - lilo (unimportant) NOTE: you need to be root on linux to do this, root can edit the configuration anyway CVE-2008-3894 (IBM Lenovo firmware 7CETB5WW 2.05 stores pre-boot authentication passw ...) NOT-FOR-US: IBM Lenovo firmware CVE-2008-3893 (Microsoft Bitlocker in Windows Vista before SP1 stores pre-boot authen ...) NOT-FOR-US: Bitlocker CVE-2008-3892 (Buffer overflow in a certain ActiveX control in the COM API in VMware ...) NOT-FOR-US: VMware COM API CVE-2008-3891 (The SAML Single Sign-On (SSO) Service for Google Apps allows remote se ...) NOT-FOR-US: SAML Service for Google Apps CVE-2008-3890 (The kernel in FreeBSD 6.3 through 7.0 on amd64 platforms can make an e ...) - kfreebsd-6 6.3-7 - kfreebsd-7 7.0-5 CVE-2008-3888 (SQL injection vulnerability in members.asp in Mini-NUKE Freehost 2.3 a ...) NOT-FOR-US: Mini-NUKE Freehost CVE-2008-3887 (Multiple SQL injection vulnerabilities in index.php in dotProject 2.1. ...) NOT-FOR-US: dotProject CVE-2008-3886 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in do ...) NOT-FOR-US: dotProject CVE-2008-3885 (Cross-site request forgery (CSRF) vulnerability in Blogn (BURO GUN) 1. ...) NOT-FOR-US: Blogn CVE-2008-3884 (Cross-site scripting (XSS) vulnerability in Blogn (BURO GUN) 1.9.7 and ...) NOT-FOR-US: Blogn CVE-2008-3883 (configvar in Caudium 1.4.12 allows local users to overwrite arbitrary ...) - caudium 1.4.12-11.1 (low; bug #496404) CVE-2008-3882 (Unspecified "Command Injection" vulnerability in ZoneMinder 1.23.3 and ...) - zoneminder 1.24.1-1 (bug #497640) CVE-2008-3881 (Multiple cross-site scripting (XSS) vulnerabilities in ZoneMinder 1.23 ...) - zoneminder 1.24.1-1 (low; bug #497640) CVE-2008-3880 (SQL injection vulnerability in zm_html_view_event.php in ZoneMinder 1. ...) - zoneminder 1.24.1-1 (bug #497640) CVE-2008-3879 (The Ultra.OfficeControl ActiveX control in OfficeCtrl.ocx 2.0.2008.801 ...) NOT-FOR-US: ActiveX control in OfficeCtrl.ocx CVE-2008-3878 (Stack-based buffer overflow in the Ultra.OfficeControl ActiveX control ...) NOT-FOR-US: ActiveX control in OfficeCtrl.ocx CVE-2008-3877 (Stack-based buffer overflow in Acoustica Mixcraft 4.1 Build 96 and 4.2 ...) NOT-FOR-US: Acoustica Mixcraft CVE-2008-3876 (Apple iPhone 2.0.2, in some configurations, allows physically proximat ...) NOT-FOR-US: Apple iPhone CVE-2008-3875 (The kernel in Sun Solaris 8 through 10 and OpenSolaris before snv_90 a ...) NOT-FOR-US: Sun Solaris 8 CVE-2008-3874 (Cross-site scripting (XSS) vulnerability in account.php in Lussumo Van ...) NOT-FOR-US: Lussumo Vanilla CVE-2008-3873 (The System.setClipboard method in ActionScript in Adobe Flash Player 9 ...) NOT-FOR-US: Adobe Flash Player CVE-2008-3872 (Adobe Flash Player 8.0.39.0 and earlier, and 9.x up to 9.0.115.0, allo ...) NOT-FOR-US: Adobe Flash Player CVE-2008-3871 (Multiple format string vulnerabilities in UltraISO 9.3.1.2633, and pos ...) NOT-FOR-US: UltraISO CVE-2008-3870 (Integer overflow in sadmind in Sun Solaris 8 and 9 allows remote attac ...) NOT-FOR-US: Sun Solaris CVE-2008-3869 (Heap-based buffer overflow in sadmind in Sun Solaris 8 and 9 allows re ...) NOT-FOR-US: Sun Solaris CVE-2008-3868 (Cross-site request forgery (CSRF) vulnerability in Interact 2.4.1 allo ...) NOT-FOR-US: Interact CVE-2008-3867 (SQL injection vulnerability in spaces/emailuser.php in Interact 2.4.1 ...) NOT-FOR-US: Interact CVE-2008-3866 (The Trend Micro Personal Firewall service (aka TmPfw.exe) in Trend Mic ...) NOT-FOR-US: Trend Micro Personal Firewall CVE-2008-3865 (Multiple heap-based buffer overflows in the ApiThread function in the ...) NOT-FOR-US: Trend Micro Network Security Component CVE-2008-3864 (The ApiThread function in the firewall service (aka TmPfw.exe) in Tren ...) NOT-FOR-US: Trend Micro Network Security Component CVE-2008-3863 (Stack-based buffer overflow in the read_special_escape function in src ...) {DSA-1670-1} - enscript 1.6.4-13 (bug #506261) CVE-2008-3862 (Stack-based buffer overflow in CGI programs in the server in Trend Mic ...) NOT-FOR-US: Trend Micro OfficeScan CVE-2008-3861 (Multiple SQL injection vulnerabilities in phpMyRealty (PMR) 1.0.9 and ...) NOT-FOR-US: phpMyRealty CVE-2008-3860 (Multiple cross-site scripting (XSS) vulnerabilities (1) in the WYSIWYG ...) NOT-FOR-US: IBM, Lotus Quickr 8.1 CVE-2008-3859 (Davlin Thickbox Gallery 2 allows remote attackers to obtain the admini ...) NOT-FOR-US: Davlin Thickbox Gallery CVE-2008-3858 (The Downlevel DB2RA Support component in IBM DB2 9.1 before Fixpak 4a ...) NOT-FOR-US: IBM DB2 CVE-2008-3857 (The Base Service Utilities component in IBM DB2 9.1 before Fixpak 5 re ...) NOT-FOR-US: IBM DB2 CVE-2008-3856 (The routine infrastructure component in IBM DB2 8 before FP17, 9.1 bef ...) NOT-FOR-US: IBM DB2 CVE-2008-3855 (Unspecified vulnerability in the DB2 Administration Server (DAS) in th ...) NOT-FOR-US: IBM DB2 CVE-2008-3854 (Multiple stack-based buffer overflows in IBM DB2 9.1 before Fixpak 5 a ...) NOT-FOR-US: IBM DB2 CVE-2008-3853 (Buffer overflow in the DAS server program in the Core DAS function com ...) NOT-FOR-US: IBM DB2 CVE-2008-3852 (Unspecified vulnerability in the CLR stored procedure deployment from ...) NOT-FOR-US: IBM DB2 CVE-2008-3851 (Multiple directory traversal vulnerabilities in Pluck CMS 4.5.2 on Win ...) NOT-FOR-US: Pluck CMS CVE-2008-3850 (Cross-site scripting (XSS) vulnerability in Accellion File Transfer FT ...) NOT-FOR-US: Accellion File Transfer CVE-2008-3849 (Cross-site scripting (XSS) vulnerability in the calendar controller in ...) NOT-FOR-US: Civic Website Manager CVE-2008-3848 (SQL injection vulnerability in single.php in Z-Breaknews 2.0 allows re ...) NOT-FOR-US: Z-Breaknews CVE-2008-3847 (Multiple cross-site scripting (XSS) vulnerabilities in AN Guestbook (A ...) NOT-FOR-US: AN Guestbook CVE-2008-3846 (Cross-site scripting (XSS) vulnerability in mysql-lists 1.2 and earlie ...) NOT-FOR-US: mysql-lists CVE-2008-3845 (Multiple SQL injection vulnerabilities in Crafty Syntax Live Help (CSL ...) NOT-FOR-US: Crafty Syntax Live Help CVE-2008-XXXX [nfdump vulnerable to symlink attacks] - nfdump 1.5.7-5 (bug #497452) CVE-2008-3889 (Postfix 2.4 before 2.4.9, 2.5 before 2.5.5, and 2.6 before 2.6-2008090 ...) - postfix 2.5.5-1 (low) [etch] - postfix (Vulnerable code not present) NOTE: http://www.postfix.org/announcements/20080902.html CVE-2008-3908 (Multiple buffer overflows in Princeton WordNet (wn) 3.0 allow context- ...) {DSA-1634-1 DTSA-163-1} - wordnet 1:3.0-12 (medium; bug #497441) [lenny] - wordnet 3.0-11+lenny1 [etch] - wordnet 1:2.1-4+etch1 NOTE: 1:3.0-12 had a regression and the patch was slightly updated NOTE: by 1:3.0-13 to fix this bug CVE-2008-3907 (The open-in-browser command in newsbeuter before 1.1 allows remote att ...) {DTSA-164-1 DTSA-164-2} [lenny] - newsbeuter 0.9.1-1+lenny3 - newsbeuter 1.2-1 (medium) NOTE: medium as versions < 1.0-1 didn't include a patch to wrap long article URLs so the NOTE: crafted part of the URL can be hidden. This of course only affects people not reading NOTE: articles in the built-in reader. CVE-2008-3920 (Unspecified vulnerability in BitlBee before 1.2.2 allows remote attack ...) - bitlbee 1.2.2-1 [etch] - bitlbee (1.0.x not affected) CVE-2008-4978 (radiance 3R9+20080530 allows local users to overwrite arbitrary files ...) - radiance 3R9+20080530-4 (low; bug #496423) CVE-2008-3844 (Certain Red Hat Enterprise Linux (RHEL) 4 and 5 packages for OpenSSH, ...) NOT-FOR-US: Red Hat services issue CVE-2008-3843 (Request Validation (aka the ValidateRequest filters) in ASP.NET in Mic ...) NOT-FOR-US: Microsoft .NET Framework CVE-2008-3842 (Request Validation (aka the ValidateRequest filters) in ASP.NET in Mic ...) NOT-FOR-US: Microsoft .NET Framework CVE-2008-3841 (Cross-site scripting (XSS) vulnerability in admin/search_links.php in ...) NOT-FOR-US: Freeway eCommerce CVE-2008-3840 (Crafty Syntax Live Help (CSLH) 2.14.6 and earlier stores passwords in ...) NOT-FOR-US: Crafty Syntax Live Help (CSLH) CVE-2008-3839 (Unspecified vulnerability in the NFS module in the kernel in Sun Solar ...) NOT-FOR-US: Solaris CVE-2008-3838 (Unspecified vulnerability in the NFS Remote Procedure Calls (RPC) zone ...) NOT-FOR-US: Solaris CVE-2008-3837 (Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, and SeaMonkey be ...) {DSA-1697-1 DSA-1669-1 DSA-1649-1} - iceweasel 3.0.3-1 (low) - xulrunner 1.9.0.3-1 (low) - iceape 1.1.12-1 (low) CVE-2008-3836 (feedWriter in Mozilla Firefox before 2.0.0.17 allows remote attackers ...) {DSA-1697-1 DSA-1669-1 DSA-1649-1} - iceweasel 3.0.1-1 - xulrunner 1.9.0.1-1 - iceape 1.1.12-1 CVE-2008-3835 (The nsXMLDocument::OnChannelRedirect function in Mozilla Firefox befor ...) {DSA-1697-1 DSA-1696-1 DSA-1669-1 DSA-1649-1} - xulrunner 1.9.0.1-1 - iceweasel 3.0.1-1 - iceape 1.1.12-1 - icedove 2.0.0.17-1 CVE-2008-3834 (The dbus_signature_validate function in the D-bus library (libdbus) be ...) {DSA-1658-1} - dbus 1.2.1-4 (bug #501443) CVE-2008-3833 (The generic_file_splice_write function in fs/splice.c in the Linux ker ...) {DSA-1653-1} - linux-2.6 2.6.19-1 - linux-2.6.24 (Fixed in upstream before 2.6.24) CVE-2008-3832 (A certain Fedora patch for the utrace subsystem in the Linux kernel be ...) - linux-2.6 (Fedora-specific patch) - linux-2.6.24 (Fedora-specific patch) CVE-2008-3831 (The i915 driver in (1) drivers/char/drm/i915_dma.c in the Linux kernel ...) {DSA-1655-1} [etch] - linux-2.6 (Vulnerable code not present) - linux-2.6 2.6.26-9 CVE-2008-3830 (Condor before 7.0.5 does not properly handle when the configuration sp ...) - condor (Fixed before initial upload to archive) CVE-2008-3829 (Unspecified vulnerability in the condor_ schedd daemon in Condor befor ...) - condor (Fixed before initial upload to archive) CVE-2008-3828 (Stack-based buffer overflow in the condor_ schedd daemon in Condor bef ...) - condor (Fixed before initial upload to archive) CVE-2008-3827 (Multiple integer underflows in the Real demuxer (demux_real.c) in MPla ...) {DSA-1644-1 DTSA-168-1} - mplayer 1.0~rc2-18 (medium; bug #500683) NOTE: http://www.ocert.org/advisories/ocert-2008-013.html CVE-2008-3826 (Unspecified vulnerability in Condor before 7.0.5 allows attackers to e ...) - condor (Fixed before initial upload to archive) CVE-2008-3825 (pam_krb5 2.2.14 in Red Hat Enterprise Linux (RHEL) 5 and earlier, when ...) NOT-FOR-US: Different code base than Debian's libpam-krb5 CVE-2008-3824 (Cross-site scripting (XSS) vulnerability in (1) Text_Filter/Filter/xss ...) {DSA-1642-1 DTSA-165-1} - horde3 3.2.2+debian0-1 (low; bug #499579) CVE-2008-3823 (Cross-site scripting (XSS) vulnerability in MIME/MIME/Contents.php in ...) {DSA-1642-1 DTSA-165-1} - horde3 3.2.2+debian0-1 (low; bug #499579) CVE-2008-3822 REJECTED CVE-2008-3821 (Multiple cross-site scripting (XSS) vulnerabilities in the HTTP server ...) NOT-FOR-US: Cisco IOS CVE-2008-3820 (Cisco Security Manager 3.1 and 3.2 before 3.2.2, when Cisco IPS Event ...) NOT-FOR-US: Cisco Security Manager CVE-2008-3819 (dnsserver in Cisco Application Control Engine Global Site Selector (GS ...) NOT-FOR-US: Cisco Application Control Engine Global Site Selector (GSS) CVE-2008-3818 (Cisco ONS 15310-CL, 15310-MA, 15327, 15454, 15454 SDH, and 15600 with ...) NOT-FOR-US: Cisco ONS CVE-2008-3817 (Memory leak in Cisco Adaptive Security Appliances (ASA) 5500 Series an ...) NOT-FOR-US: Cisco CVE-2008-3816 (Unspecified vulnerability in Cisco Adaptive Security Appliances (ASA) ...) NOT-FOR-US: Cisco CVE-2008-3815 (Unspecified vulnerability in Cisco Adaptive Security Appliances (ASA) ...) NOT-FOR-US: Cisco CVE-2008-3814 (Unspecified vulnerability in Cisco Unity 4.x before 4.2(1)ES161, 5.x b ...) NOT-FOR-US: Cisco CVE-2008-3813 (Unspecified vulnerability in Cisco IOS 12.2 and 12.4, when the L2TP mg ...) NOT-FOR-US: Cisco IOS CVE-2008-3812 (Cisco IOS 12.4, when IOS firewall Application Inspection Control (AIC) ...) NOT-FOR-US: Cisco IOS CVE-2008-3811 (Cisco IOS 12.2 and 12.4, when NAT Skinny Call Control Protocol (SCCP) ...) NOT-FOR-US: Cisco IOS CVE-2008-3810 (Cisco IOS 12.2 and 12.4, when NAT Skinny Call Control Protocol (SCCP) ...) NOT-FOR-US: Cisco IOS CVE-2008-3809 (Cisco IOS 12.0 through 12.4 on Gigabit Switch Router (GSR) devices (ak ...) NOT-FOR-US: Cisco IOS CVE-2008-3808 (Unspecified vulnerability in Cisco IOS 12.0 through 12.4 allows remote ...) NOT-FOR-US: Cisco IOS CVE-2008-3807 (Cisco IOS 12.2 and 12.3 on Cisco uBR10012 series devices, when linecar ...) NOT-FOR-US: Cisco IOS CVE-2008-3806 (Cisco IOS 12.0 through 12.4 on Cisco 10000, uBR10012 and uBR7200 serie ...) NOT-FOR-US: Cisco IOS CVE-2008-3805 (Cisco IOS 12.0 through 12.4 on Cisco 10000, uBR10012 and uBR7200 serie ...) NOT-FOR-US: Cisco IOS CVE-2008-3804 (Unspecified vulnerability in the Multi Protocol Label Switching (MPLS) ...) NOT-FOR-US: Cisco IOS CVE-2008-3803 (A "logic error" in Cisco IOS 12.0 through 12.4, when a Multiprotocol L ...) NOT-FOR-US: Cisco IOS CVE-2008-3802 (Unspecified vulnerability in the Session Initiation Protocol (SIP) imp ...) NOT-FOR-US: Cisco IOS CVE-2008-3801 (Unspecified vulnerability in the Session Initiation Protocol (SIP) imp ...) NOT-FOR-US: Cisco IOS CVE-2008-3800 (Unspecified vulnerability in the Session Initiation Protocol (SIP) imp ...) NOT-FOR-US: Cisco IOS CVE-2008-3799 (Memory leak in the Session Initiation Protocol (SIP) implementation in ...) NOT-FOR-US: Cisco IOS CVE-2008-3798 (Cisco IOS 12.4 allows remote attackers to cause a denial of service (d ...) NOT-FOR-US: Cisco IOS CVE-2008-3797 RESERVED CVE-2008-3796 (Swfdec 0.6 before 0.6.8 allows remote attackers to cause a denial of s ...) - swfdec0.6 0.6.8-1 CVE-2008-3795 (Buffer overflow in Ipswitch WS_FTP Home client allows remote FTP serve ...) NOT-FOR-US: WS_FTP Home CVE-2008-3793 REJECTED CVE-2008-3792 (net/sctp/socket.c in the Stream Control Transmission Protocol (sctp) i ...) {DSA-1636-1} - linux-2.6.24 2.6.24-6~etchnhalf.5 - linux-2.6 2.6.26-4 [etch] - linux-2.6 CVE-2008-3788 (Multiple SQL injection vulnerabilities in PICTURESPRO Photo Cart 3.9, ...) NOT-FOR-US: PICTURESPRO Photo Cart 3.9 CVE-2008-3787 (SQL injection vulnerability in listing_view.php in Web Directory Scrip ...) NOT-FOR-US: Web Directory Script CVE-2008-3786 (Cross-site scripting (XSS) vulnerability in index.php in PICTURESPRO P ...) NOT-FOR-US: PICTURESPRO Photo Cart 3.9 CVE-2008-3785 (Multiple SQL injection vulnerabilities in the com_content component in ...) NOT-FOR-US: MiaCMS CVE-2008-3784 (SQL injection vulnerability in scrape.php in BtiTracker 1.4.7 and earl ...) NOT-FOR-US: BtiTracker CVE-2008-3783 (Multiple SQL injection vulnerabilities in index.php in Matterdaddy Mar ...) NOT-FOR-US: Matterdaddy Market CVE-2008-3782 (Multiple cross-site scripting (XSS) vulnerabilities in admin/index.php ...) NOT-FOR-US: ACG-PTP CVE-2008-3781 (Cross-site scripting (XSS) vulnerability in GMOD GBrowse before 1.69 a ...) NOT-FOR-US: GMOD GBrowse CVE-2008-3780 (SQL injection vulnerability in recommend.php in Five Star Review Scrip ...) NOT-FOR-US: Five Star Review Script CVE-2008-3779 (Cross-site scripting (XSS) vulnerability in search/index.php in Five S ...) NOT-FOR-US: Five Star Review Script CVE-2008-3778 (The remote management interface in SIP Enablement Services (SES) Serve ...) NOT-FOR-US: Avaya SIP Enablement Services CVE-2008-3777 (The SIP Enablement Services (SES) Server in Avaya SIP Enablement Servi ...) NOT-FOR-US: Avaya SIP Enablement Services CVE-2008-3776 (Directory traversal vulnerability in Fujitsu Web-Based Admin View 2.1. ...) NOT-FOR-US: Fujitsu Web-Based Admin View CVE-2008-3775 (Folder Lock 5.9.5 and earlier uses weak encryption (ROT-25) for the pa ...) NOT-FOR-US: Folder Lock CVE-2008-3774 (SQL injection vulnerability in index.php in Simasy CMS allows remote a ...) NOT-FOR-US: Simasy CMS CVE-2008-3773 (Cross-site scripting (XSS) vulnerability in vBulletin 3.7.2 PL1 and 3. ...) NOT-FOR-US: vBulletin CVE-2008-3772 (SQL injection vulnerability in categories_portal.php in Pars4u Videosh ...) NOT-FOR-US: Pars4u Videosharing CVE-2008-3771 (Cross-site scripting (XSS) vulnerability in members.php in Pars4u Vide ...) NOT-FOR-US: Pars4u Videosharing CVE-2008-3770 (Multiple directory traversal vulnerabilities in Freeway 1.4.1.171, whe ...) NOT-FOR-US: Freeway CVE-2008-3769 (PHP remote file inclusion vulnerability in admin/create_order_new.php ...) NOT-FOR-US: Freeway CVE-2008-3768 (Multiple SQL injection vulnerabilities in class.ajax.php in Turnkey We ...) NOT-FOR-US: Turnkey Web Tools SunShop Shopping Cart CVE-2008-3767 (SQL injection vulnerability in classified.php in phpBazar 2.0.2 allows ...) NOT-FOR-US: phpBazar CVE-2008-3766 (Realtime Internet Band Rehearsal Low-Latency (Internet) Connection too ...) NOT-FOR-US: Realtime Internet Band Rehearsal Low-Latency (Internet) Connection tool (llcon) CVE-2008-3765 (SQL injection vulnerability in code.php in Quick Poll Script allows re ...) NOT-FOR-US: Quick Poll Script CVE-2008-3764 (Eval injection vulnerability in globalsoff.php in Turnkey PHP Live Hel ...) NOT-FOR-US: Turnkey PHP Live Helper CVE-2008-3763 (Variable overwrite vulnerability in libsecure.php in Turnkey PHP Live ...) NOT-FOR-US: Turnkey PHP Live Helper CVE-2008-3762 (SQL injection vulnerability in onlinestatus_html.php in Turnkey PHP Li ...) NOT-FOR-US: Turnkey PHP Live Helper CVE-2008-3761 (hcmon.sys in VMware Workstation 6.5.1 and earlier, VMware Player 2.5.1 ...) NOT-FOR-US: VMware Workstation NOTE: we only share a package to build VMware CVE-2008-3760 (Cross-site request forgery (CSRF) vulnerability in the sign-out page i ...) NOT-FOR-US: Vanilla CVE-2008-3759 (Cross-site request forgery (CSRF) vulnerability in ajax/UpdateCheck.ph ...) NOT-FOR-US: Vanilla CVE-2008-3758 (Multiple cross-site scripting (XSS) vulnerabilities in Lussumo Vanilla ...) NOT-FOR-US: Vanilla CVE-2008-3757 (SQL injection vulnerability in tr1.php in YourFreeWorld Forced Matrix ...) NOT-FOR-US: YourFreeWorld CVE-2008-3756 (SQL injection vulnerability in tr.php in YourFreeWorld Viral Marketing ...) NOT-FOR-US: YourFreeWorld CVE-2008-3755 (SQL injection vulnerability in view.php in YourFreeWorld Classifieds S ...) NOT-FOR-US: YourFreeWorld CVE-2008-3754 (SQL injection vulnerability in trl.php in YourFreeWorld Stylish Text A ...) NOT-FOR-US: YourFreeWorld CVE-2008-3753 (SQL injection vulnerability in details.php in YourFreeWorld Programs R ...) NOT-FOR-US: YourFreeWorld CVE-2008-3752 (SQL injection vulnerability in tr.php in YourFreeWorld Ad-Exchange Scr ...) NOT-FOR-US: YourFreeWorld CVE-2008-3751 (SQL injection vulnerability in tr.php in YourFreeWorld Short Url & ...) NOT-FOR-US: YourFreeWorld CVE-2008-3750 (SQL injection vulnerability in tr.php in YourFreeWorld URL Rotator Scr ...) NOT-FOR-US: YourFreeWorld CVE-2008-3749 (SQL injection vulnerability in tr.php in YourFreeWorld Banner Manageme ...) NOT-FOR-US: Banner Management Script CVE-2008-3748 (SQL injection vulnerability in view_group.php in Active PHP Bookmarks ...) NOT-FOR-US: Active PHP Bookmarks CVE-2008-4952 (emacs-jabber in emacs-jabber 0.7.91 allows local users to overwrite ar ...) - emacs-jabber 0.7.91-2 (low; bug #496428) [etch] - emacs-jabber (Minor issue) CVE-2008-4987 (xastir 1.9.2 allows local users to overwrite arbitrary files via a sym ...) - xastir 1.9.2-1.1 (low; bug #496383) [etch] - xastir (Minor issue) CVE-2008-4477 (alert.d/test.alert in mon 0.99.2 allows local users to overwrite arbit ...) {DSA-1648-1} - mon 0.99.2-13 (medium; bug #496398) CVE-2008-3790 (The REXML module in Ruby 1.8.6 through 1.8.6-p287, 1.8.7 through 1.8.7 ...) {DSA-1652-1 DSA-1651-1} - ruby1.8 1.8.7.72-1 (bug #496808) - ruby1.9 1.9.0.2-6 (bug #497610) CVE-2008-4939 (apertium 3.0.7 allows local users to overwrite arbitrary files via a s ...) - apertium 3.0.7+1-1.1 (low; bug #496395) [etch] - apertium (Minor issue) CVE-2008-4946 (convirt 0.8.2 allows local users to overwrite arbitrary files via a sy ...) - convirt 0.9.6-1 (medium; bug #496419) CVE-2008-4942 (audiolink in audiolink 0.05 allows local users to overwrite arbitrary ...) - audiolink 0.05-1.1 (low; bug #496433) [etch] - audiolink (Minor issue) CVE-2008-4968 (The (1) rccs and (2) STUFF scripts in lmbench 3.0-a7 allow local users ...) - lmbench 3.0-a9-1 (low; bug #496427) [etch] - lmbench (Non-free not supported) CVE-2008-4975 (mkmailpost in newsgate 1.6 allows local users to overwrite arbitrary f ...) - newsgate (low; bug #496437) [etch] - newsgate (Non-free not supported) CVE-2008-4973 (i2myspell in myspell 3.1 allows local users to overwrite arbitrary fil ...) - myspell 1:3.0+pre3.1-21 (low; bug #496392) [etch] - myspell (Minor issue) CVE-2008-4976 (ogle 0.9.2 and ogle-mmx 0.9.2 allow local users to overwrite arbitrary ...) - ogle (unimportant; bug #496420; bug #496425) NOTE: This only affects debugging scripts not present in standard path CVE-2008-3789 (Samba 3.2.0 uses weak permissions (0666) for the (1) group_mapping.tdb ...) {DTSA-161-1} - samba 2:3.2.3-1 (bug #496073; medium) [etch] - samba (Only affects Samba 3.2.x) CVE-2008-XXXX [insecure temp file in nvi] - nvi 1.81.6-4 (low; bug #496462) [etch] - nvi (Minor issue, only exploitable in postinst) CVE-2008-4982 (rkhunter in rkhunter 1.3.2 allows local users to overwrite arbitrary f ...) - rkhunter 1.3.2-6 (low; bug #496375) [etch] - rkhunter (Minor issue, only in debug mode) CVE-2008-4984 (scratchbox2 1.99.0.24 allows local users to overwrite arbitrary files ...) - scratchbox2 1.99.0.24-2 (low; bug #496409) CVE-2008-4981 (perl.robot in realtimebattle 1.0.8 allows local users to overwrite arb ...) - realtimebattle 1.0.8-8 (low; bug #496385) [etch] - realtimebattle (Minor issue) CVE-2008-4972 (mailgo in mgt 2.31 allows local users to overwrite arbitrary files via ...) - mgt 2.31-6 (low; bug #496434) [etch] - mgt (Minor issue) CVE-2008-4998 - twiki 1:4.1.2-4 (low; bug #494648) CVE-2008-4971 (mafft-homologs in mafft 6.240 allows local users to overwrite arbitrar ...) - mafft 6.240-2 (low; bug #496366) CVE-2008-4993 (qemu-dm.debug in Xen 3.2.1 allows local users to overwrite arbitrary f ...) - xen-3 3.4.0-1 (low; bug #496367) [etch] - xen-3 (Minor issue) CVE-2008-4936 (faxspool in mgetty 1.1.36 allows local users to overwrite arbitrary fi ...) - mgetty 1.1.36-1.3 (low; bug #496403) [etch] - mgetty (Minor issue) CVE-2008-4476 (sympa.pl in sympa 5.3.4 allows local users to overwrite arbitrary file ...) - sympa 5.3.4-5.1 (low; bug #496405; bug #494969) [etch] - sympa (Minor issues) CVE-2008-4935 (asciiview in aview 1.3.0 allows local users to overwrite arbitrary fil ...) - aview 1.3.0rc1-8.1 (low; bug #496422) [etch] - aview (Minor issue) CVE-2008-4956 (fwb_install in fwbuilder 2.1.19 allows local users to overwrite arbitr ...) - fwbuilder 2.1.19-5 (low; bug #496406) [etch] - fwbuilder (Minor issue) CVE-2008-4440 (The to-upgrade plugin in feta 1.4.16 allows local users to overwrite a ...) {DSA-1643-1} - feta 1.4.16+nmu1 (low; bug #496397) CVE-2008-4977 NOTE: Historic Postfix non issue, #496401 CVE-2008-4944 (writtercontrol in cdcontrol 1.90 allows local users to overwrite arbit ...) - cdcontrol (low; bug #496438) [etch] - cdcontrol (Minor issue) CVE-2008-4951 (dtc 0.29.6 allows local users to overwrite arbitrary files via a symli ...) - dtc 0.29.10-1 (low; bug #496362) CVE-2008-4994 (The (1) ncsarmt and (2) ncsawrap scripts in xmcd 2.6 allows local user ...) - xmcd 2.6-21 (low; bug #496416) [etch] - xmcd (Minor issue) CVE-2008-4988 (pscal in xcal 4.1 allows local users to overwrite arbitrary files via ...) - xcal 4.1-19 (low; bug #496393) [etch] - xcal (Minor issue) CVE-2008-3791 (src/main-win.c in GPicView 0.1.9 in Lightweight X11 Desktop Environmen ...) - gpicview 0.1.9-2 (low; bug #495968) NOTE: http://sourceforge.net/tracker/index.php?func=detail&aid=2019481&group_id=180858&atid=894869 CVE-2008-XXXX [Overwrite symlink without check] - gpicview 0.1.10-1 (unimportant; bug #497005) NOTE: http://sourceforge.net/tracker/index.php?func=detail&aid=2019485&group_id=180858&atid=894869 NOTE: CVE id requested NOTE: non-issue, not exploitable by other users CVE-2008-XXXX [Overwrite certain images without notice] - gpicview 0.1.10-1 (unimportant; bug #497005) NOTE: http://sourceforge.net/tracker/index.php?func=detail&aid=2019492&group_id=180858&atid=894869 NOTE: non-issue, not exploitable by other users NOTE: CVE id requested CVE-2008-4937 (senddoc in OpenOffice.org (OOo) 2.4.1 allows local users to overwrite ...) - openoffice.org 1:2.4.1-8 (low; bug #496361) [etch] - openoffice.org (Vulnerable code not present) NOTE: also not present in 3.0.0, only in 2.4.1. Fix pending upload. CVE-2008-4979 (getipacctg in rancid 2.3.2~a8 allows local users to overwrite arbitrar ...) - rancid 2.3.2~a8-2 (low; bug #496426) [etch] - rancid (Minor issue) CVE-2008-4985 (vdrleaktest in Video Disk Recorder (aka vdr-dbg or vdr) 1.6.0 allows l ...) - vdr 1.6.0-6 (low; bug #496421) [etch] - vdr (Vulnerable code not present) CVE-2008-5007 (create_lazarus_export_tgz.sh in lazarus 0.9.24 allows local users to o ...) - lazarus 0.9.24-0-11 (unimportant; bug #496377) NOTE: vulnerable script only called when updating the source NOTE: thus neither actively used nor invoked automatically CVE-2008-3794 (Integer signedness error in the mms_ReceiveCommand function in modules ...) {DSA-1819-1 DTSA-166-1} - vlc 0.8.6.h-4 (medium; bug #496265) CVE-2008-3747 (The (1) get_edit_post_link and (2) get_edit_comment_link functions in ...) - wordpress 2.5.1-6 (low; bug #497216) [etch] - wordpress (Does not have force-sll mechanism) CVE-2008-3746 (neon 0.28.0 through 0.28.2 allows remote servers to cause a denial of ...) - neon27 0.28.2-4 - neon26 (Issue was introduced in 0.28) CVE-2008-3739 (Cross-site scripting (XSS) vulnerability in (1) System Consultants La! ...) NOT-FOR-US: La!Cooda WIZ CVE-2008-3738 (Session fixation vulnerability in SpaceTag LacoodaST 2.1.3 and earlier ...) NOT-FOR-US: SpaceTag LacoodaST CVE-2008-3737 (Unspecified vulnerability in (1) System Consultants La!Cooda WIZ 1.4.0 ...) NOT-FOR-US: La!Cooda WIZ CVE-2008-3736 (Multiple cross-site request forgery (CSRF) vulnerabilities in (1) Syst ...) NOT-FOR-US: La!Cooda WIZ CVE-2008-3735 (Cross-site scripting (XSS) vulnerability in index.php in PHPizabi befo ...) NOT-FOR-US: PHPizabi CVE-2008-3734 (Format string vulnerability in Ipswitch WS_FTP Home 2007.0.0.2 and WS_ ...) NOT-FOR-US: WS_FTP Home CVE-2008-3733 (Stack-based buffer overflow in EO Video (eo-video) 1.36 allows remote ...) NOT-FOR-US: EO Video CVE-2008-3732 (Integer overflow in the Open function in modules/demux/tta.c in VLC Me ...) {DTSA-166-1} - vlc 0.8.6.h-2 [etch] - vlc (TTA module not present) CVE-2008-3731 (Unspecified vulnerability in Serv-U File Server 7.0.0.1, and other ver ...) NOT-FOR-US: Serv-U File CVE-2008-3730 (Cross-site scripting (XSS) vulnerability in Nordicwind Document Manage ...) NOT-FOR-US: NOAH CVE-2008-3729 (Web Based Administration in MicroWorld Technologies MailScan 5.6.a esp ...) NOT-FOR-US: MicroWorld Technologies MailScan CVE-2008-3728 (Web Based Administration in MicroWorld Technologies MailScan 5.6.a esp ...) NOT-FOR-US: MicroWorld Technologies MailScan CVE-2008-3727 (Directory traversal vulnerability in Web Based Administration in Micro ...) NOT-FOR-US: MicroWorld Technologies MailScan CVE-2008-3726 (Cross-site scripting (XSS) vulnerability in Web Based Administration i ...) NOT-FOR-US: MicroWorld Technologies MailScan CVE-2008-3725 (SQL injection vulnerability in trr.php in YourFreeWorld Ad Board Scrip ...) NOT-FOR-US: YourFreeWorld Ad Board Script CVE-2008-3724 (SQL injection vulnerability in index.php in Papoo before 3.7.2 allows ...) NOT-FOR-US: Papoo CVE-2008-3723 (Directory traversal vulnerability in index.php in PHPizabi 0.848b C1 H ...) NOT-FOR-US: PHPizabi CVE-2008-3722 (SQL injection vulnerability in forum/neu.asp in fipsCMS 2.1 allows rem ...) NOT-FOR-US: fipsCMS CVE-2008-3721 (PHP remote file inclusion vulnerability in user_language.php in DeeEmm ...) NOT-FOR-US: DeeEmm CMS CVE-2008-3720 (SQL injection vulnerability in index.php in DeeEmm CMS (DMCMS) 0.7.4 a ...) NOT-FOR-US: DeeEmm CMS CVE-2008-3719 (SQL injection vulnerability in directory.php in SFS Affiliate Director ...) NOT-FOR-US: SFS Affiliate Directory CVE-2008-3718 (Multiple SQL injection vulnerabilities in cyberBB 0.6 allow remote aut ...) NOT-FOR-US: cyberBB CVE-2008-3717 (Harmoni before 1.6.0 does not require administrative privileges to lis ...) NOT-FOR-US: Harmoni CVE-2008-3716 (Cross-site request forgery (CSRF) vulnerability in Harmoni before 1.6. ...) NOT-FOR-US: Harmoni CVE-2008-3715 (Cross-site scripting (XSS) vulnerability in inc-core-admin-editor-prev ...) NOT-FOR-US: FlexCMS CVE-2008-3714 (Cross-site scripting (XSS) vulnerability in awstats.pl in AWStats 6.8 ...) {DSA-1679-1} - awstats 6.7.dfsg-5.1 (bug #495432; low) NOTE: upstream bug 2001151 CVE-2008-3713 (SQL injection vulnerability in product.php in PHPBasket allows remote ...) NOT-FOR-US: PHPBasket CVE-2008-3712 (Multiple cross-site scripting (XSS) vulnerabilities in Mambo 4.6.2 and ...) NOT-FOR-US: Mambo CVE-2008-3711 (SQL injection vulnerability in index.php in PHPArcadeScript (PHP Arcad ...) NOT-FOR-US: PHPArcadeScript CVE-2008-3710 (Multiple directory traversal vulnerabilities in CyBoards PHP Lite 1.21 ...) NOT-FOR-US: CyBoards PHP Lite CVE-2008-3709 (Multiple cross-site scripting (XSS) vulnerabilities in CyBoards PHP Li ...) NOT-FOR-US: CyBoards PHP Lite CVE-2008-3708 (Multiple directory traversal vulnerabilities in dotCMS 1.6.0.9 allow r ...) NOT-FOR-US: dotCMS CVE-2008-3707 (Multiple PHP remote file inclusion vulnerabilities in CyBoards PHP Lit ...) NOT-FOR-US: CyBoards PHP Lite CVE-2008-3706 (SQL injection vulnerability in bannerclick.php in ZEEJOBSITE 2.0 allow ...) NOT-FOR-US: ZEEJOBSITE CVE-2008-3705 (Stack-based buffer overflow in the CLogger::WriteFormated function in ...) NOT-FOR-US: EchoVNC Linux CVE-2008-3704 (Heap-based buffer overflow in the MaskedEdit ActiveX control in Msmask ...) NOT-FOR-US: Msmask32.ocx CVE-2008-3703 (The management console in the Volume Manager Scheduler Service (aka Vx ...) NOT-FOR-US: Symantec Veritas Storage Foundation CVE-2008-3702 (Multiple stack-based buffer overflows in the Animation GIF ActiveX con ...) NOT-FOR-US: SpeedBit Download Accelerator Plus CVE-2008-3701 (SQL injection vulnerability in staff/index.php in Kayako SupportSuite ...) NOT-FOR-US: Kayako SupportSuite CVE-2008-3700 (Multiple cross-site scripting (XSS) vulnerabilities in Kayako SupportS ...) NOT-FOR-US: Kayako SupportSuite CVE-2008-3698 (Unspecified vulnerability in the OpenProcess function in VMware Workst ...) - vmware-package (Only vulnerable on windows hosted systems) CVE-2008-3697 (An unspecified ISAPI extension in VMware Server before 1.0.7 build 108 ...) NOT-FOR-US: VMware Server on Windows CVE-2008-3696 (Unspecified vulnerability in a certain ActiveX control in VMware Works ...) - vmware-package (Only vulnerable on windows hosted systems) CVE-2008-3695 (Unspecified vulnerability in a certain ActiveX control in VMware Works ...) - vmware-package (Only vulnerable on windows hosted systems) CVE-2008-3694 (Unspecified vulnerability in a certain ActiveX control in VMware Works ...) - vmware-package (Only vulnerable on windows hosted systems) CVE-2008-3693 (Unspecified vulnerability in a certain ActiveX control in VMware Works ...) - vmware-package (Only vulnerable on windows hosted systems) CVE-2008-3692 (Unspecified vulnerability in a certain ActiveX control in VMware Works ...) - vmware-package (Only vulnerable on windows hosted systems) CVE-2008-3691 (Unspecified vulnerability in a certain ActiveX control in VMware Works ...) - vmware-package (Only vulnerable on windows hosted systems) CVE-2008-3690 RESERVED CVE-2008-3689 RESERVED CVE-2008-3688 (sockethandler.cpp in HTTP Antivirus Proxy (HAVP) 0.88 allows remote at ...) {DTSA-159-1} - havp 0.88-1.1 (bug #496034) CVE-2008-3687 (Heap-based buffer overflow in the flask_security_label function in Xen ...) - xen-3 (Not compiled with XSM:FLASK) CVE-2008-3686 (The rt6_fill_node function in net/ipv6/route.c in Linux kernel 2.6.26- ...) - linux-2.6.24 (Vulnerable code was introduced in 2.6.26) - linux-2.6 2.6.26-5 [etch] - linux-2.6 (Vulnerable code was introduced in 2.6.26) CVE-2008-3685 (Directory traversal vulnerability in aws_tmxn.exe in the Admin Agent s ...) NOT-FOR-US: EMC Documentum ApplicationXtender Workflow CVE-2008-3684 (Heap-based buffer overflow in aws_tmxn.exe in the Admin Agent service ...) NOT-FOR-US: EMC Documentum ApplicationXtender Workflow CVE-2008-3683 (Unspecified vulnerability in the FTP subsystem in Sun Java System Web ...) NOT-FOR-US: Sun Java System Web Proxy Server CVE-2008-3682 (SQL injection vulnerability in dpage.php in YPN PHP Realty allows remo ...) NOT-FOR-US: YPN PHP Realty CVE-2008-3681 (components/com_user/models/reset.php in Joomla! 1.5 through 1.5.5 does ...) NOT-FOR-US: Joomla! CVE-2008-3680 (The decryption function in Flagship Industries Ventrilo 3.0.2 and earl ...) NOT-FOR-US: Flagship Industries Ventrilo CVE-2008-3679 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ID ...) NOT-FOR-US: IDevSpot PhpLinkExchange CVE-2008-3678 (Cross-site scripting (XSS) vulnerability in admin/search_links.php in ...) NOT-FOR-US: Freeway CVE-2008-3677 (Directory traversal vulnerability in includes/events_application_top.p ...) NOT-FOR-US: Freeway CVE-2008-3676 (Unspecified vulnerability in the IMAP server in hMailServer 4.4.1 allo ...) NOT-FOR-US: hMailServer CVE-2008-3675 (Directory traversal vulnerability in classes/imgsize.php in Gelato 0.9 ...) NOT-FOR-US: Gelato CVE-2008-3674 (SQL injection vulnerability in ugroups.php in PozScripts TubeGuru Vide ...) NOT-FOR-US: PozScripts TubeGuru Video Sharing Script CVE-2008-3673 (SQL injection vulnerability in browsecats.php in PozScripts Classified ...) NOT-FOR-US: PozScripts Classified Ads CVE-2008-3672 (SQL injection vulnerability in showcategory.php in PozScripts Classifi ...) NOT-FOR-US: PozScripts Classified Ads CVE-2008-3671 (Acronis True Image Echo Server 9.x build 8072 on Linux does not proper ...) NOT-FOR-US: Echo Server CVE-2008-3670 (SQL injection vulnerability in authordetail.php in Article Friendly Pr ...) NOT-FOR-US: Article Friendly Pro CVE-2008-3669 (SQL injection vulnerability in comments.php in ZeeScripts Reviews Opin ...) NOT-FOR-US: ZeeScripts Reviews Opinions Rating Posting Engine Web-Site PHP CVE-2008-3668 (Multiple cross-site scripting (XSS) vulnerabilities in the Yogurt Soci ...) NOT-FOR-US: XOOPS CVE-2008-3667 (Stack-based buffer overflow in Maxthon Browser 2.0 and earlier allows ...) NOT-FOR-US: Maxthon Browser CVE-2008-3699 (The MagnatuneBrowser::listDownloadComplete function in magnatunebrowse ...) - amarok 1.4.10-1 (unimportant; bug #494765) [etch] - amarok NOTE: The code in question doesn't dereference the symlink, tested with Etch NOTE: and Lenny. Given that it only takes a minute to test this, it's surprising NOTE: that at least one vendor issued an advisory and upstream pushed a new release... CVE-2008-3740 (Cross-site scripting (XSS) vulnerability in the output filter in Drupa ...) {DTSA-156-1} - drupal5 5.10-1 (low; bug #495122) - drupal-4.7 CVE-2008-3741 (The private filesystem in Drupal 5.x before 5.10 and 6.x before 6.4 tr ...) {DTSA-156-1} - drupal5 5.10-1 (low; bug #495122) - drupal-4.7 CVE-2008-3742 (Unrestricted file upload vulnerability in the BlogAPI module in Drupal ...) {DTSA-156-1} - drupal5 5.10-1 (medium; bug #495122) - drupal-4.7 CVE-2008-3743 (Multiple cross-site request forgery (CSRF) vulnerabilities in forms in ...) {DTSA-156-1} - drupal5 (Vulnerable code not present) - drupal-4.7 CVE-2008-3744 (Multiple cross-site request forgery (CSRF) vulnerabilities in Drupal 5 ...) {DTSA-156-1} - drupal5 5.10-1 (low; bug #495122) - drupal-4.7 CVE-2008-3745 (The Upload module in Drupal 6.x before 6.4 allows remote authenticated ...) {DTSA-156-1} - drupal5 (Vulnerable code only present in 6.x) - drupal-4.7 CVE-2008-3666 (Unspecified vulnerability in Sun Solaris 10 and OpenSolaris before snv ...) NOT-FOR-US: Sun Solaris 10 CVE-2008-3665 RESERVED CVE-2008-3664 (Multiple cross-site scripting (XSS) vulnerabilities in XRMS allow remo ...) NOT-FOR-US: XRMS CRM CVE-2008-3663 (Squirrelmail 1.4.15 does not set the secure flag for the session cooki ...) - squirrelmail 2:1.4.15-3 (low; bug #499942) [etch] - squirrelmail (less important and fix changes behaviour) NOTE: only relevant for installations that are also offered over http NOTE: which isn't normally a good idea anyway. Fixing in stable will NOTE: change behaviour so not really suited for DSA. CVE-2008-3662 (Gallery before 1.5.9, and 2.x before 2.2.6, does not set the secure fl ...) - gallery 1.5.9-1 - gallery2 2.2.6-1 CVE-2008-3661 (Drupal, probably 5.10 and 6.4, does not set the secure flag for the se ...) - drupal5 5.10-2 (low; bug #501063) - drupal6 6.4-2 (low; bug #501058) NOTE: drupal upstreams advise the users to set session.cookie_secure in the php configuration NOTE: to fix this has been documented in README.Debian CVE-2008-3660 (PHP 4.4.x before 4.4.9, and 5.x through 5.2.6, when used as a FastCGI ...) {DSA-1647-1} - php5 5.2.6-4 (medium) - php4 NOTE: *not* duplicate after all, needs review NOTE: http://cvs.php.net/viewvc.cgi/php-src/sapi/cgi/cgi_main.c?r1=1.267.2.15.2.57&r2=1.267.2.15.2.58&view=patch CVE-2008-3659 (Buffer overflow in the memnstr function in PHP 4.4.x before 4.4.9 and ...) {DSA-1647-1} - php4 - php5 5.2.6-4 (medium) NOTE: php5 -d memory_limit=256M -r '$res = explode(str_repeat("A",145999999),1);' NOTE: (From upstream's ext/standard/tests/strings/explode_bug.phpt) NOTE: could not reproduce locally NOTE: fix in pkg-php svn for both etch and sid CVE-2008-3658 (Buffer overflow in the imageloadfont function in ext/gd/gd.c in PHP 4. ...) {DSA-1647-1} - php4 - php5 5.2.6-4 (medium) NOTE: fix in pkg-php svn for both etch and sid CVE-2008-3657 (The dl module in Ruby 1.8.5 and earlier, 1.8.6 through 1.8.6-p286, 1.8 ...) {DSA-1652-1 DSA-1651-1} - ruby1.8 1.8.7.72-1 (bug #494401) - ruby1.9 1.9.0.2-6 (bug #494402) NOTE: http://www.ruby-lang.org/en/news/2008/08/08/multiple-vulnerabilities-in-ruby/ CVE-2008-3656 (Algorithmic complexity vulnerability in the WEBrick::HTTPUtils.split_h ...) {DSA-1652-1 DSA-1651-1} - ruby1.8 1.8.7.72-1 (bug #494401) - ruby1.9 1.9.0.2-6 (bug #494402) NOTE: http://www.ruby-lang.org/en/news/2008/08/08/multiple-vulnerabilities-in-ruby/ CVE-2008-3655 (Ruby 1.8.5 and earlier, 1.8.6 through 1.8.6-p286, 1.8.7 through 1.8.7- ...) {DSA-1652-1 DSA-1651-1} - ruby1.8 1.8.7.72-1 (bug #494401) - ruby1.9 1.9.0.2-6 (bug #494402) NOTE: http://www.ruby-lang.org/en/news/2008/08/08/multiple-vulnerabilities-in-ruby/ CVE-2008-3654 (Unspecified vulnerability in TikiWiki CMS/Groupware before 2.0 allows ...) - tikiwiki CVE-2008-3653 (Multiple unspecified vulnerabilities in TikiWiki CMS/Groupware before ...) - tikiwiki CVE-2008-3652 (src/racoon/handler.c in racoon in ipsec-tools does not remove an "orph ...) - ipsec-tools 0.7.1-1.2 (low; bug #501026) [etch] - ipsec-tools (Minor issue) NOTE: attacker needs to be authenticated, see https://bugzilla.redhat.com/show_bug.cgi?id=456660 CVE-2008-3651 (Memory leak in racoon/proposal.c in the racoon daemon in ipsec-tools b ...) - ipsec-tools 1:0.7.1-1 (low; bug #495214) [etch] - ipsec-tools (Minor issue) CVE-2008-3650 (Multiple unspecified vulnerabilities in Horde Groupware Webmail before ...) - horde3 3.2.1+debian0-1 (low; bug #495332) - turba2 2.2.1-1 [etch] - turba2 (Vulnerable code not present) [etch] - horde3 (dup of CVE-2008-3330) NOTE: this is actually two issues: NOTE: - one a dup of CVE-2008-3330 in horde3 NOTE: - another an issue in turba2 CVE-2008-3649 (SQL injection vulnerability in categorydetail.php in Article Friendly ...) NOT-FOR-US: Article Friendly Standard CVE-2008-3648 (nslookup.exe in Microsoft Windows XP SP2 allows user-assisted remote a ...) NOT-FOR-US: Microsoft Windows CVE-2008-3647 (Buffer overflow in PSNormalizer in Mac OS X 10.4.11 and 10.5.5 allows ...) NOT-FOR-US: Mac OS CVE-2008-3646 (The Postfix configuration file in Mac OS X 10.5.5 causes Postfix to be ...) NOT-FOR-US: MacOS-only problem CVE-2008-3645 (Heap-based buffer overflow in the local IPC component in the EAPOLCont ...) NOT-FOR-US: Mac OS CVE-2008-3644 (Apple Safari before 3.2 does not properly prevent caching of form data ...) NOT-FOR-US: Apple Safari CVE-2008-3643 (Unspecified vulnerability in Finder in Mac OS X 10.5.5 allows user-ass ...) NOT-FOR-US: Mac OS CVE-2008-3642 (Buffer overflow in ColorSync in Mac OS X 10.4.11 and 10.5.5 allows rem ...) NOT-FOR-US: Mac OS CVE-2008-3641 (The Hewlett-Packard Graphics Language (HPGL) filter in CUPS before 1.3 ...) {DSA-1656-1} - cupsys - cups 1.3.8-1lenny2 (medium) CVE-2008-3640 (Integer overflow in the WriteProlog function in texttops in CUPS befor ...) {DSA-1656-1} - cupsys - cups 1.3.8-1lenny2 (medium) CVE-2008-3639 (Heap-based buffer overflow in the read_rle16 function in imagetops in ...) {DSA-1656-1} - cupsys - cups 1.3.8-1lenny2 (medium) CVE-2008-3638 (Java on Apple Mac OS X 10.5.4 and 10.5.5 does not prevent applets from ...) NOT-FOR-US: Mac OSX CVE-2008-3637 (The Hash-based Message Authentication Code (HMAC) provider in Java on ...) NOT-FOR-US: Mac OSX CVE-2008-3636 (Integer overflow in the IopfCompleteRequest API in the kernel in Micro ...) NOT-FOR-US: Apple iTunes CVE-2008-3635 (Stack-based buffer overflow in QuickTimeInternetExtras.qtx in an unspe ...) NOT-FOR-US: Apple Quick Times CVE-2008-3634 (Apple iTunes before 8.0 on Mac OS X 10.4.11, when iTunes Music Sharing ...) NOT-FOR-US: Apple iTunes CVE-2008-3633 RESERVED CVE-2008-3632 (Use-after-free vulnerability in WebKit in Apple iPod touch 1.1 through ...) - webkit 1.0.1-4 (bug #499771) - qt4-x11 4:4.6.2-4 (bug #561760) [lenny] - qt4-x11 (Minor impact, no apps in Lenny which use qtwebkit ) NOTE: QT4 might be fixed earlier, but only 4.6.2 was checked against, Lenny is affected NOTE: http://trac.webkit.org/changeset/34815 CVE-2008-3631 (Application Sandbox in Apple iPod touch 2.0 through 2.0.2, and iPhone ...) NOT-FOR-US: Apple iPod CVE-2008-3630 (mDNSResponder in Apple Bonjour for Windows before 1.0.5, when an appli ...) NOT-FOR-US: Apple Bonjour CVE-2008-3629 (Apple QuickTime before 7.5.5 allows remote attackers to cause a denial ...) NOT-FOR-US: Apple QuickTime CVE-2008-3628 (Apple QuickTime before 7.5.5 on Windows allows remote attackers to exe ...) NOT-FOR-US: Apple QuickTime CVE-2008-3627 (Apple QuickTime before 7.5.5 does not properly handle (1) MDAT atoms i ...) NOT-FOR-US: Apple QuickTime CVE-2008-3626 (The CallComponentFunctionWithStorage function in Apple QuickTime befor ...) NOT-FOR-US: Apple QuickTime CVE-2008-3625 (Stack-based buffer overflow in Apple QuickTime before 7.5.5 allows rem ...) NOT-FOR-US: Apple QuickTime CVE-2008-3624 (Heap-based buffer overflow in Apple QuickTime before 7.5.5 allows remo ...) NOT-FOR-US: Apple QuickTime CVE-2008-3623 (Heap-based buffer overflow in CoreGraphics in Apple Safari before 3.2 ...) NOT-FOR-US: Apple Safari on Windows CVE-2008-3622 (Cross-site scripting (XSS) vulnerability in Wiki Server in Apple Mac O ...) NOT-FOR-US: Mac OS X CVE-2008-3621 (VideoConference in Apple Mac OS X 10.4.11 and 10.5 through 10.5.4 allo ...) NOT-FOR-US: Apple Mac OS X CVE-2008-3620 RESERVED CVE-2008-3619 (Time Machine in Apple Mac OS X 10.5 through 10.5.4 uses weak permissio ...) NOT-FOR-US: Apple Mac OS X CVE-2008-3618 (The File Sharing pane in the Sharing preference pane in Apple Mac OS X ...) NOT-FOR-US: Apple Mac OS X CVE-2008-3617 (Remote Management and Screen Sharing in Apple Mac OS X 10.5 through 10 ...) NOT-FOR-US: Apple Mac OS X CVE-2008-3616 (Multiple integer overflows in the SearchKit API in Apple Mac OS X 10.4 ...) NOT-FOR-US: Apple Mac OS X CVE-2008-3615 (ir50_32.qtx in an unspecified third-party Indeo v5 codec for QuickTime ...) NOT-FOR-US: Apple QuickTime CVE-2008-3614 (Integer overflow in Apple QuickTime before 7.5.5 on Windows allows rem ...) NOT-FOR-US: Apple QuickTime CVE-2008-3613 (Finder in Apple Mac OS X 10.5.2 through 10.5.4 allows remote attackers ...) NOT-FOR-US: Apple Mac OS X CVE-2008-3612 (The Networking subsystem in Apple iPod touch 2.0 through 2.0.2, and iP ...) NOT-FOR-US: Apple iPod CVE-2008-3611 (Login Window in Apple Mac OS X 10.4.11 does not clear the current pass ...) NOT-FOR-US: Apple Mac OS X CVE-2008-3610 (Race condition in Login Window in Apple Mac OS X 10.5 through 10.5.4, ...) NOT-FOR-US: Apple Mac OS X CVE-2008-3609 (The kernel in Apple Mac OS X 10.5 through 10.5.4 does not properly flu ...) NOT-FOR-US: Apple Mac OS X CVE-2008-3608 (ImageIO in Apple Mac OS X 10.4.11 and 10.5 through 10.5.4 allows conte ...) NOT-FOR-US: Apple Mac OS X CVE-2008-3607 (The IMAP server in NoticeWare Email Server NG 4.6.3 and earlier allows ...) NOT-FOR-US: NoticeWare Email Server NG CVE-2008-3606 (Heap-based buffer overflow in the IMAP service in Qbik WinGate 6.2.2.1 ...) NOT-FOR-US: Qbik WinGate CVE-2008-3605 (Unspecified vulnerability in McAfee Encrypted USB Manager 3.1.0.0, whe ...) NOT-FOR-US: McAfee Encrypted USB Manager CVE-2008-3604 (SQL injection vulnerability in bannerclick.php in ZeeBuddy 2.1 allows ...) NOT-FOR-US: ZeeBuddy CVE-2008-3603 (SQL injection vulnerability in index.php in Vacation Rental Script 3.0 ...) NOT-FOR-US: Vacation Rental Script CVE-2008-3602 (admin/wr_admin.php in PHP-Ring Webring System (aka uPHP_ring_website) ...) NOT-FOR-US: PHP-Ring Webring System CVE-2008-3601 (SQL injection vulnerability in index.php in Quicksilver Forums 1.4.1 a ...) NOT-FOR-US: Quicksilver Forums CVE-2008-3600 (Directory traversal vulnerability in contrib/phpBB2/modules.php in Gal ...) - gallery (unimportant) - gallery2 (Vulnerable code not present) NOTE: We haven't supported installations with register_globals enabled since a long time CVE-2008-3599 (SQL injection vulnerability in image.php in OpenImpro 1.1 allows remot ...) NOT-FOR-US: OpenImpro CVE-2008-3598 (Multiple SQL injection vulnerabilities in psipuss 1.0 allow remote att ...) NOT-FOR-US: psipuss CVE-2008-3597 (Skulltag before 0.97d2-RC6 allows remote attackers to cause a denial o ...) NOT-FOR-US: Skulltag CVE-2008-3596 (Cross-site scripting (XSS) vulnerability in Harmoni before 1.4.7 allow ...) NOT-FOR-US: Harmoni CVE-2008-3595 (PHP remote file inclusion vulnerability in examples/txtSQLAdmin/startu ...) NOT-FOR-US: txtSQL CVE-2008-3594 (SQL injection vulnerability in viewdetails.php in MagicScripts E-Store ...) NOT-FOR-US: MagicScripts E-Store CVE-2008-3593 (Directory traversal vulnerability in index.php in SyzygyCMS 0.3 allows ...) NOT-FOR-US: SyzygyCMS CVE-2008-3592 (Unrestricted file upload vulnerability in the File Manager in the admi ...) NOT-FOR-US: Twentyone Degrees Symphony 1.7.01 CVE-2008-3591 (SQL injection vulnerability in lib/class.admin.php in Twentyone Degree ...) NOT-FOR-US: Twentyone Degrees Symphony 1.7.01 CVE-2008-3590 (Multiple SQL injection vulnerabilities in admin/login.asp in E. Z. Pol ...) NOT-FOR-US: E. Z. Poll 2 CVE-2008-3589 (Directory traversal vulnerability in download.php in moziloCMS 1.10.1, ...) NOT-FOR-US: mozilo CMS 1.10.1 CVE-2008-3588 (Multiple SQL injection vulnerabilities in phsBlog 0.1.1 allow remote a ...) NOT-FOR-US: phsBlog 0.1.1 CVE-2008-3587 (Cross-site scripting (XSS) vulnerability in result.php in Chris Buntin ...) NOT-FOR-US: Homes 4 Sale CVE-2008-3586 (SQL injection vulnerability in the EZ Store (com_ezstore) component fo ...) NOT-FOR-US: EZ Store (com_ezstore) component for Joomla! CVE-2008-3585 (Multiple SQL injection vulnerabilities in PozScripts GreenCart PHP Sho ...) NOT-FOR-US: PozScripts GreenCart PHP Shopping Cart CVE-2008-3584 (NetBSD 3.0, 3.1, and 4.0, when a pppoe instance exists, does not prope ...) NOT-FOR-US: NetBSD CVE-2008-3583 (Buffer overflow in the HTML parser in IntelliTamper 2.07 allows remote ...) NOT-FOR-US: IntelliTamper 2.07 CVE-2008-3582 (SQL injection vulnerability in login.php in Keld PHP-MySQL News Script ...) NOT-FOR-US: Keld PHP-MySQL News Script 0.7.1 CVE-2008-3581 (Cross-site scripting (XSS) vulnerability in index.php in Qsoft K-Links ...) NOT-FOR-US: Qsoft K-Links CVE-2008-3580 (Multiple SQL injection vulnerabilities in Qsoft K-Links allow remote a ...) NOT-FOR-US: Qsoft K-Links CVE-2008-3579 (Calacode @Mail 5.41 on Linux does not require administrative authentic ...) NOT-FOR-US: Calacode Atmail CVE-2008-3578 (HydraIRC 0.3.164 and earlier allows remote attackers to cause a denial ...) NOT-FOR-US: HydraIRC CVE-2008-3577 (Buffer overflow in src/openttd.cpp in OpenTTD before 0.6.2 allows loca ...) - openttd 0.6.2-1 (unimportant) NOTE: no vulnerability at all, not exploitable remote or local, openttd CVE-2008-3576 (Buffer overflow in the TruncateString function in src/gfx.cpp in OpenT ...) - openttd 0.6.2-1 CVE-2008-3575 (PHP remote file inclusion vulnerability in modules/calendar/minicalend ...) NOT-FOR-US: ezContents CMS CVE-2008-3574 (Multiple cross-site scripting (XSS) vulnerabilities in Pluck 4.5.2, wh ...) NOT-FOR-US: Pluck CMS CVE-2008-3573 (The CAPTCHA implementation in (1) Pligg 9.9.5 and possibly (2) Francis ...) NOT-FOR-US: Pligg CVE-2008-3572 (Cross-site scripting (XSS) vulnerability in index.php in Pligg 9.9.5 a ...) NOT-FOR-US: Pligg CVE-2008-3571 (The Xerox Phaser 8400 allows remote attackers to cause a denial of ser ...) NOT-FOR-US: Xerox Phaser 8400 CVE-2008-3570 (PHP remote file inclusion vulnerability in index.php in Africa Be Gone ...) NOT-FOR-US: Africa Be Gone CVE-2008-3569 (Multiple cross-site scripting (XSS) vulnerabilities in XAMPP 1.6.7, wh ...) NOT-FOR-US: XAMPP CVE-2008-3568 (Absolute path traversal vulnerability in fckeditor/editor/filemanager/ ...) - fckeditor (Vulnerable code not present) NOTE: unak specific change, see fckeditor/unak_changes.txt in source CVE-2008-3567 (Cross-zone scripting vulnerability in the NowPlaying functionality in ...) NOT-FOR-US: NullSoft Winamp CVE-2008-3566 (Cross-site scripting (XSS) vulnerability in ZoneO-soft freeForum 1.7 a ...) NOT-FOR-US: ZoneO-soft freeForum CVE-2008-3565 (Multiple cross-site scripting (XSS) vulnerabilities in Meeting Room Bo ...) NOT-FOR-US: Meeting Room Booking System (MRBS) CVE-2008-3564 (Multiple directory traversal vulnerabilities in index.php in Dayfox Bl ...) NOT-FOR-US: Dayfox Blog CVE-2008-3563 (Multiple SQL injection vulnerabilities in Plogger 3.0 and earlier allo ...) NOT-FOR-US: Plogger CVE-2008-3562 (Directory traversal vulnerability in index.php in the Contact module i ...) NOT-FOR-US: Chupix CMS CVE-2008-3561 (SQL injection vulnerability in s03.php in Powergap Shopsystem, when ma ...) NOT-FOR-US: Powergap Shopsystem CVE-2008-3560 (Cross-site scripting (XSS) vulnerability in kshop_search.php in the Ks ...) NOT-FOR-US: Kshop module for Xoops CVE-2008-3559 (Multiple cross-site scripting (XSS) vulnerabilities in KAPhotoservice ...) NOT-FOR-US: KAPhotoservice CVE-2008-3558 (Stack-based buffer overflow in the WebexUCFObject ActiveX control in a ...) NOT-FOR-US: Webex Meeting Manager (Windows) CVE-2008-3557 (Free Hosting Manager 1.2 and 2.0 allows remote attackers to bypass aut ...) NOT-FOR-US: Free Hosting Manager CVE-2008-3556 (Multiple SQL injection vulnerabilities in index.php in Battle.net Clan ...) NOT-FOR-US: Battle.net Clan Script CVE-2008-3555 (Directory traversal vulnerability in index.php in (1) WSN Forum 4.1.43 ...) NOT-FOR-US: Wsn Knowledge Base CVE-2008-3554 (SQL injection vulnerability in index.php in Discuz! 6.0.1 allows remot ...) NOT-FOR-US: Discuz! CVE-2008-3553 (Multiple unspecified vulnerabilities in Nokia Series 40 3rd edition de ...) NOT-FOR-US: Nokia Series 40 3rd edition devices CVE-2008-3552 (Multiple unspecified vulnerabilities in Nokia Series 40 3rd edition FP ...) NOT-FOR-US: Nokia Series 40 3rd edition devices CVE-2008-3551 (Multiple unspecified vulnerabilities in Sun Java Platform Micro Editio ...) NOT-FOR-US: Sun Java Platform Micro Edition CVE-2008-3550 (The CQWeb login page in IBM Rational ClearQuest 7.0.1 allows remote at ...) NOT-FOR-US: IBM Rational ClearQuest CVE-2008-3549 (Unspecified vulnerability in the pthread_mutex_reltimedlock_np API in ...) NOT-FOR-US: Sun Solaris 10 and OpenSolaris CVE-2008-3548 (Unspecified vulnerability in the Sun Netra T5220 Server with firmware ...) NOT-FOR-US: Sun Netra T5220 Server CVE-2008-3545 (Unspecified vulnerability in ovtopmd in HP OpenView Network Node Manag ...) NOT-FOR-US: HP OpenView CVE-2008-3544 (Multiple stack-based buffer overflows in ovalarmsrv in HP OpenView Net ...) NOT-FOR-US: HP OpenView CVE-2008-3543 (Unspecified vulnerability in NFS / ONCplus B.11.31_04 and earlier on H ...) NOT-FOR-US: HP-UX CVE-2008-3542 (Unspecified vulnerability in HP Insight Diagnostics before 7.9.1.2402 ...) NOT-FOR-US: HP Insight Diagnostics CVE-2008-3541 REJECTED CVE-2008-3540 RESERVED CVE-2008-3539 (Unspecified vulnerability in HP OpenView Select Identity (HPSI) Connec ...) NOT-FOR-US: HP OpenView Select Identity (HPSI) CVE-2008-3538 (Unspecified vulnerability in HP Enterprise Discovery 2.0 through 2.52 ...) NOT-FOR-US: HP Enterprise Discovery CVE-2008-3537 (Unspecified vulnerability in ovalarmsrv in HP OpenView Network Node Ma ...) NOT-FOR-US: HP OpenView Network Node Manager CVE-2008-3536 (Unspecified vulnerability in ovalarmsrv in HP OpenView Network Node Ma ...) NOT-FOR-US: HP OpenView Network Node Manager CVE-2008-3535 (Off-by-one error in the iov_iter_advance function in mm/filemap.c in t ...) {DSA-1636-1} - linux-2.6 2.6.26-2 [etch] - linux-2.6 (Vulnerable code not present) - linux-2.6.24 2.6.24-6~etchnhalf.5 NOTE: 94ad374a0751f40d25e22e036c37f7263569d24c NOTE: Fixed in 2.6.25.14 and 2.6.26.1 CVE-2008-3534 (The shmem_delete_inode function in mm/shmem.c in the tmpfs implementat ...) {DSA-1636-1} - linux-2.6.24 2.6.24-6~etchnhalf.5 - linux-2.6 2.6.26-2 [etch] - linux-2.6 (Vulnerable code not present) NOTE: 14fcc23fdc78e9d32372553ccf21758a9bd56fa1 NOTE: Fixed in 2.6.25.14 and 2.6.26.1 CVE-2008-3533 (Format string vulnerability in the window_error function in yelp-windo ...) {DTSA-154-1} - yelp 2.22.1-4 (low) [etch] - yelp (Vulnerable code not present) CVE-2008-3531 (Stack-based buffer overflow in sys/kern/vfs_mount.c in the kernel in F ...) - kfreebsd-7 7.0-5 CVE-2008-3530 (sys/netinet6/icmp6.c in the kernel in FreeBSD 6.3 through 7.1, NetBSD ...) - kfreebsd-6 6.3-7 - kfreebsd-7 7.0-5 CVE-2008-3529 (Heap-based buffer overflow in the xmlParseAttValueComplex function in ...) {DSA-1654-1} - libxml2 2.6.32.dfsg-4 (bug #498768) CVE-2008-3528 (The error-reporting functionality in (1) fs/ext2/dir.c, (2) fs/ext3/di ...) {DSA-1687-1 DSA-1681-1} - linux-2.6 2.6.26-11 - linux-2.6.24 2.6.24-6~etchnhalf.7 NOTE: cdbf6dba28e8e6268c8420857696309470009fd9 (ext3) NOTE: bd39597cbd42a784105a04010100e27267481c67 (ext2) NOTE: 9d9f177572d9e4eba0f2e18523b44f90dd51fe74 (ext4) NOTE: Comment from tytso: NOTE: Note: some people thinks this represents a security bug, since it NOTE: might make the system go away while it is printing a large number of NOTE: console messages, especially if a serial console is involved. Hence, NOTE: it has been assigned CVE-2008-3528, but it requires that the attacker NOTE: either has physical access to your machine to insert a USB disk with a NOTE: corrupted filesystem image (at which point why not just hit the power NOTE: button), or is otherwise able to convince the system administrator to NOTE: mount an arbitrary filesystem image (at which point why not just NOTE: include a setuid shell or world-writable hard disk device file or some NOTE: such). Me, I think they're just being silly. CVE-2008-3527 (arch/i386/kernel/sysenter.c in the Virtual Dynamic Shared Objects (vDS ...) {DSA-1687-1} - linux-2.6 2.6.21-1 CVE-2008-3526 (Integer overflow in the sctp_setsockopt_auth_key function in net/sctp/ ...) {DSA-1636-1} - linux-2.6 2.6.26-4 - linux-2.6.24 2.6.24-6~etchnhalf.5 [etch] - linux-2.6 CVE-2008-3525 (The sbni_ioctl function in drivers/net/wan/sbni.c in the wan subsystem ...) {DSA-1655-1 DSA-1653-1} - linux-2.6 2.6.26-7 - linux-2.6.24 2.6.24-6~etchnhalf.6 CVE-2008-3524 (rc.sysinit in initscripts before 8.76.3-1 on Fedora 9 and other Linux ...) NOT-FOR-US: rc.sysinit on Fedora CVE-2008-3523 REJECTED CVE-2008-3522 (Buffer overflow in the jas_stream_printf function in libjasper/base/ja ...) {DSA-2080-1} - jasper 1.900.1-5.1 (medium; bug #501021) - ghostscript 8.64~dfsg-2 (medium; bug #559778) - gs-gpl (medium; bug #561717) - netpbm-free (dynamically links to ghostscript if available) CVE-2008-3521 (Race condition in the jas_stream_tmpfile function in libjasper/base/ja ...) - jasper 1.900.1-5.1 (unimportant; bug #501021) NOTE: file is opened with O_EXCL even if tmpnam is used in this case CVE-2008-3520 (Multiple integer overflows in JasPer 1.900.1 might allow context-depen ...) - jasper 1.900.1-5.1 (medium; bug #501021) - ghostscript 8.64~dfsg-2 (low; bug #559778) [lenny] - ghostscript (Too intrusive to backport) - gs-gpl (low; bug #561717) - netpbm-free (dynamically links to ghostscript if available) CVE-2008-3519 (The default configuration of the JBossAs component in Red Hat JBoss En ...) - jbossas4 (configuration not yet included in Debian package) CVE-2008-3518 REJECTED CVE-2008-3517 REJECTED CVE-2008-3516 (Multiple cross-site scripting (XSS) vulnerabilities in files generated ...) NOT-FOR-US: Adobe Presenter CVE-2008-3515 (Multiple cross-site scripting (XSS) vulnerabilities in files generated ...) NOT-FOR-US: Adobe Presenter CVE-2008-3514 (VMware VirtualCenter 2.5 before Update 2 and 2.0.2 before Update 5 rel ...) NOT-FOR-US: VMware VirtualCenter CVE-2008-3513 (SQL injection vulnerability in the Book Catalog module 1.0 for PHP-Nuk ...) NOT-FOR-US: PHP-Nuke CVE-2008-3512 (SQL injection vulnerability in the Kleinanzeigen module for PHP-Nuke a ...) NOT-FOR-US: PHP-Nuke CVE-2008-3511 (Multiple cross-site scripting (XSS) vulnerabilities in Softbiz Image G ...) NOT-FOR-US: Softbiz Image Gallery CVE-2008-3510 (Cross-site scripting (XSS) vulnerability in livehelp_js.php in Crafty ...) NOT-FOR-US: Crafty Syntax Live Help (CSLH) CVE-2008-3509 (LoveCMS 1.6.2 does not require administrative authentication for (1) a ...) NOT-FOR-US: LoveCMS CVE-2008-3508 (LiteNews 0.1 (aka 01), and possibly 1.2 and earlier, allows remote att ...) NOT-FOR-US: LiteNews CVE-2008-3507 (SQL injection vulnerability in index.php in LiteNews 0.1 (aka 01), and ...) NOT-FOR-US: LiteNews CVE-2008-3506 (SQL injection vulnerability in PolyPager 1.0 rc2 and earlier allows re ...) NOT-FOR-US: PolyPager CVE-2008-3505 (Cross-site scripting (XSS) vulnerability in PolyPager 1.0 rc2 and earl ...) NOT-FOR-US: PolyPager CVE-2008-3504 (Unspecified vulnerability in mask PHP File Manager (mPFM) before 2.3 h ...) NOT-FOR-US: mask PHP File Manager (mPFM) CVE-2008-3503 (RSSFromParent in Plain Black WebGUI before 7.5.13 does not restrict vi ...) NOT-FOR-US: Plain Black WebGUI CVE-2008-3502 (Unspecified vulnerability in Best Practical Solutions RT 3.0.0 through ...) NOT-FOR-US: Best Practical Solutions RT CVE-2008-3501 (Cross-site scripting (XSS) vulnerability in the WebAccess simple inter ...) NOT-FOR-US: Novell Groupwise CVE-2008-3500 (Cross-site scripting (XSS) vulnerability in the Suggested Terms module ...) NOT-FOR-US: suggested terms, additional drupal module CVE-2008-3499 (Unspecified vulnerability in "a page in the workarea folder" in Ektron ...) NOT-FOR-US: Ektron CMS400.NET CVE-2008-3498 (SQL injection vulnerability in the nBill (com_netinvoice) component 1. ...) NOT-FOR-US: nBill, joomla component CVE-2008-3497 (SQL injection vulnerability in pages.php in MyPHP CMS 0.3.1 allows rem ...) NOT-FOR-US: MyPHP CMS CVE-2008-3496 (Buffer overflow in format descriptor parsing in the uvc_parse_format f ...) - linux-2.6 2.6.26-2 [etch] - linux-2.6 (code not present) - linux-2.6.24 (code not present) CVE-2008-3495 (SQL injection vulnerability in kategori.asp in Pcshey Portal allows re ...) NOT-FOR-US: Pcshey Portal CVE-2008-3494 (8e6 R3000 Internet Filter 2.0.12.10 allows remote attackers to bypass ...) NOT-FOR-US: 8e6 R3000 Internet Filter CVE-2008-3493 (vncviewer.exe in RealVNC Windows Client 4.1.2.0 allows remote VNC serv ...) NOT-FOR-US: RealVNC Windows Client CVE-2008-3492 (America's Army (aka AA or Army Game Project) 2.8.3.1 and earlier allow ...) NOT-FOR-US: America's Army (aka AA or Army Game Project) CVE-2008-3491 (SQL injection vulnerability in go.php in Scripts24 iPost 1.0.1 and iTG ...) NOT-FOR-US: Scripts24 iPost CVE-2008-3490 (SQL injection vulnerability in members/mail.php in E-topbiz Online Dat ...) NOT-FOR-US: E-topbiz Online Dating 3 CVE-2008-3489 (SQL injection vulnerability in checkCookie function in includes/functi ...) NOT-FOR-US: PHPX CVE-2008-3488 (Unspecified vulnerability in Novell iManager before 2.7 SP1 (2.7.1) al ...) NOT-FOR-US: Novell iManager CVE-2008-3487 (SQL injection vulnerability in profile.php in PHPAuction GPL Enhanced ...) NOT-FOR-US: PHPAuction GPL Enhanced CVE-2008-3486 (Directory traversal vulnerability in the user_get_profile function in ...) NOT-FOR-US: Coppermine Photo Gallery CVE-2008-3485 (Untrusted search path vulnerability in Citrix MetaFrame Presentation S ...) NOT-FOR-US: Citrix MetaFrame Presentation Server CVE-2008-3532 (The NSS plugin in libpurple in Pidgin 2.4.3 does not verify SSL certif ...) - pidgin 2.4.3-2 (bug #492434) - gaim [lenny] - gaim (gaim is now a transitional package depending on pidgin with its own source package) NOTE: http://developer.pidgin.im/ticket/6500 CVE-2008-3546 (Stack-based buffer overflow in the (1) diff_addremove and (2) diff_cha ...) {DSA-1637-1 DTSA-153-1 DTSA-153-2} - git-core 1:1.5.6.5 (medium; bug #494097) CVE-2008-3484 (SQL injection vulnerability in eStoreAff 0.1 allows remote attackers t ...) NOT-FOR-US: eStoreAff CVE-2008-3483 (Cross-site scripting (XSS) vulnerability in ScrewTurn Wiki 2.0.29 and ...) NOT-FOR-US: ScrewTurn Wiki CVE-2008-3482 (Cross-site scripting (XSS) vulnerability in the error page feature in ...) NOT-FOR-US: Panasonic Network Camera CVE-2008-3481 (themes/sample/theme.php in Coppermine Photo Gallery (CPG) 1.4.18 and e ...) NOT-FOR-US: Coppermine Photo Gallery CVE-2008-3480 (Stack-based buffer overflow in the Anzio Web Print Object (WePO) Activ ...) NOT-FOR-US: Anzio Web Print Object CVE-2008-3479 (Heap-based buffer overflow in the Microsoft Message Queuing (MSMQ) ser ...) NOT-FOR-US: Microsoft Windows CVE-2008-3478 REJECTED CVE-2008-3477 (Microsoft Excel 2000 SP3, 2002 SP3, and 2003 SP2 and SP3 does not prop ...) NOT-FOR-US: Microsoft Excel CVE-2008-3476 (Microsoft Internet Explorer 5.01 SP4 and 6 does not properly handle er ...) NOT-FOR-US: Microsoft CVE-2008-3475 (Microsoft Internet Explorer 6 does not properly handle errors related ...) NOT-FOR-US: Microsoft CVE-2008-3474 (Microsoft Internet Explorer 6 and 7 does not properly determine the do ...) NOT-FOR-US: Microsoft CVE-2008-3473 (Microsoft Internet Explorer 6 and 7 does not properly determine the do ...) NOT-FOR-US: Microsoft CVE-2008-3472 (Microsoft Internet Explorer 6 and 7 does not properly determine the do ...) NOT-FOR-US: Microsoft CVE-2008-3471 (Stack-based buffer overflow in Microsoft Excel 2000 SP3, 2002 SP3, 200 ...) NOT-FOR-US: Microsoft CVE-2008-3470 REJECTED CVE-2008-3469 REJECTED CVE-2008-3468 REJECTED CVE-2008-3467 REJECTED CVE-2008-3466 (Microsoft Host Integration Server (HIS) 2000, 2004, and 2006 does not ...) NOT-FOR-US: Microsoft CVE-2008-3465 (Heap-based buffer overflow in an API in GDI in Microsoft Windows 2000 ...) NOT-FOR-US: Microsoft Windows CVE-2008-3464 (afd.sys in the Ancillary Function Driver (AFD) component in Microsoft ...) NOT-FOR-US: Microsoft CVE-2008-3463 REJECTED CVE-2008-3462 REJECTED CVE-2008-3461 REJECTED CVE-2008-3460 (WPGIMP32.FLT in Microsoft Office 2000 SP3, XP SP3, and 2003 SP2; Offic ...) NOT-FOR-US: Microsoft Office 2000 CVE-2008-3459 (Unspecified vulnerability in OpenVPN 2.1-beta14 through 2.1-rc8, when ...) - openvpn 2.1~rc9-1 (low; bug #493488) NOTE: pull/push needs to be allowed, successful authentication, compromised or malicious server [etch] - openvpn (Upstream states that the 2.0.x versions are unaffected) CVE-2008-3458 (Vtiger CRM before 5.0.4 stores sensitive information under the web roo ...) NOT-FOR-US: Vtiger CRM CVE-2008-3457 (Cross-site scripting (XSS) vulnerability in setup.php in phpMyAdmin be ...) {DSA-1641-1} - phpmyadmin 4:2.11.8~rc1-1 NOTE: if an attacker can write arbitrary content to config/config.php you have way more problems than this XSS NOTE: https://www.phpmyadmin.net/security/PMASA-2008-6/ NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/6a5e53c31bcbcadcb5d16cffaa3b9af181b26296 (2.11 branch) NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/0bfb27fb0538f43e9c49b6a183b767c2bed1524d CVE-2008-3455 (PHP remote file inclusion vulnerability in include/admin.php in JnSHos ...) NOT-FOR-US: JnSHosts PHP Hosting Directory CVE-2008-3454 (JnSHosts PHP Hosting Directory 2.0 allows remote attackers to bypass a ...) NOT-FOR-US: JnSHosts PHP Hosting Directory CVE-2008-3453 (Multiple unspecified vulnerabilities in ImpressCMS 1.0 have unknown im ...) NOT-FOR-US: ImpressCMS CVE-2008-3452 (SQL injection vulnerability in the Calendar module in eNdonesia 8.4 al ...) NOT-FOR-US: eNdonesia CVE-2008-3451 (PhpWebGallery 1.7.0 and 1.7.1 allows remote authenticated users with a ...) NOT-FOR-US: PhpWebGallery CVE-2008-3450 (Unspecified vulnerability in the namefs kernel module in Sun Solaris 8 ...) NOT-FOR-US: Solaris CVE-2008-3449 (MailEnable Professional 3.5.2 and Enterprise 3.52 allow remote attacke ...) NOT-FOR-US: MailEnable CVE-2008-3448 (Cross-site scripting (XSS) vulnerability in index.php in common soluti ...) NOT-FOR-US: csphonebook CVE-2008-3447 (The scanning engine in F-Prot Antivirus 6.2.1 4252 allows remote attac ...) NOT-FOR-US: F-Prot Antivirus CVE-2008-3446 (Directory traversal vulnerability in inc/wysiwyg.php in LetterIt 2 all ...) NOT-FOR-US: LetterIt CVE-2008-3445 (SQL injection vulnerability in index.php in phpMyRealty (PMR) 2.0.0 al ...) NOT-FOR-US: phpMyRealty CVE-2008-3444 (The content layout component in Mozilla Firefox 3.0 and 3.0.1 allows r ...) - iceweasel (unimportant) NOTE: browser dos not treated as security issues CVE-2008-3443 (The regular expression engine (regex.c) in Ruby 1.8.5 and earlier, 1.8 ...) {DSA-1695-1} - ruby1.8 1.8.7.72-1 (low; bug #494401) - ruby1.9 1.9.0.2-9 (low) NOTE: Upstream commits 18212 (for 1.8) and 18213 (for 1.9). NOTE: this specific problem does not exist in ruby1.9 but a very similar problem NOTE: that has been fixed in this version (308_regexp_segv.dpatch) CVE-2008-3442 (WinZip before 11.0 does not properly verify the authenticity of update ...) NOT-FOR-US: WinZip CVE-2008-3441 (Nullsoft Winamp before 5.24 does not properly verify the authenticity ...) NOT-FOR-US: Nullsoft Winamp CVE-2008-3440 (Sun Java 1.6.0_03 and earlier versions, and possibly later versions, d ...) - sun-java5 (only java updater for windows affected) - sun-java6 (only java updater for windows affected) CVE-2008-3439 (SpeedBit Video Acceleration before 2.2.1.8 does not properly verify th ...) NOT-FOR-US: SpeedBit Video Acceleration CVE-2008-3438 (Apple Mac OS X does not properly verify the authenticity of updates, w ...) NOT-FOR-US: Apple Mac OS X CVE-2008-3437 (OpenOffice.org (OOo) before 2.1.0 does not properly verify the authent ...) - openoffice.org (update feature disabled) CVE-2008-3436 (The GUP generic update process in Notepad++ before 4.8.1 does not prop ...) NOT-FOR-US: Notepad++ CVE-2008-3435 (LinkedIn Browser Toolbar 3.0.3.1100 and earlier does not properly veri ...) NOT-FOR-US: LinkedIn CVE-2008-3434 (Apple iTunes before 10.5.1 does not properly verify the authenticity o ...) NOT-FOR-US: Apple iTunes CVE-2008-3433 (SpeedBit Download Accelerator Plus (DAP) before 8.6.3.9 does not prope ...) NOT-FOR-US: SpeedBit Download Accelerator Plus CVE-2008-3432 (Heap-based buffer overflow in the mch_expand_wildcards function in os_ ...) - vim (Vulnerable code only present in 6.2 and 6.3, none of them in the archive anymore) CVE-2008-3430 (Buffer overflow in the CoVideoWindow.ocx ActiveX control 5.0.907.1 in ...) NOT-FOR-US: Eyeball MessengerSDK CVE-2008-3428 (Session fixation vulnerability in phpFreeChat 1.1 allows remote authen ...) NOT-FOR-US: phpFreeChat CVE-2008-3427 REJECTED CVE-2008-3426 (Unspecified vulnerability in the Solaris Platform Information and Cont ...) NOT-FOR-US: Solaris CVE-2008-3425 (Unspecified vulnerability in the Sun Java System Web Server 7.0 plugin ...) NOT-FOR-US: Sun Java System Web Server CVE-2008-3424 (Condor before 7.0.4 does not properly handle wildcards in the ALLOW_WR ...) - condor (Fixed before initial upload to archive) CVE-2008-3423 (IBM WebSphere Portal 5.1 through 6.1.0.0 allows remote attackers to by ...) NOT-FOR-US: IBM WebSphere Portal CVE-2008-3422 (Multiple cross-site scripting (XSS) vulnerabilities in the ASP.net cla ...) - mono 1.9.1+dfsg-4 (low; bug #494406) NOTE: https://bugzilla.suse.com/show_bug.cgi?id=413534 NOTE: http://n2.nabble.com/-PATCH--HTML-encode-attributes-that-might-need-encoding-td584193.html CVE-2008-3431 (The VBoxDrvNtDeviceControl function in VBoxDrv.sys in Sun xVM VirtualB ...) - virtualbox-ose (affects only windows host systems) NOTE: CORE-2008-0716 CVE-2008-3456 (phpMyAdmin before 2.11.8 does not sufficiently prevent its pages from ...) {DSA-1641-1} - phpmyadmin 4:2.11.8~rc1-1 (low) NOTE: exploitation circumstances are rare or require other vulnerabilities to be present already. may fix combined with another issue but doesn't warrant DSA on its own CVE-2008-3547 (Buffer overflow in the server in OpenTTD 0.6.1 and earlier allows remo ...) - openttd 0.6.2-1 (medium; bug #493714) CVE-2008-3421 (Multiple cross-site request forgery (CSRF) vulnerabilities in Blackboa ...) NOT-FOR-US: Blackboard Academic Suite CVE-2008-3420 (Multiple SQL injection vulnerabilities in Mobius for Mimsy XG 1 1.4.4. ...) NOT-FOR-US: Mobius Web Publishing Software CVE-2008-3419 (SQL injection vulnerability in ugroups.php in Youtuber Clone allows re ...) NOT-FOR-US: Youtuber Clone CVE-2008-3418 (SQL injection vulnerability in browse.php in TriO 2.1 and earlier allo ...) NOT-FOR-US: TriO CVE-2008-3417 (SQL injection vulnerability in home/index.asp in fipsCMS light 2.1 and ...) NOT-FOR-US: fipsCMS CVE-2008-3416 (SQL injection vulnerability in modules/members.php in IceBB before 1.0 ...) NOT-FOR-US: IceBB CVE-2008-3415 (Directory traversal vulnerability in common.php in CMScout 2.05, when ...) NOT-FOR-US: CMScout CVE-2008-3414 (SQL injection vulnerability in line2.php in SiteAdmin allows remote at ...) NOT-FOR-US: SiteAdmin CVE-2008-3413 (SQL injection vulnerability in category.php in Greatclone GC Auction P ...) NOT-FOR-US: Greatclone GC Auction Platinum CVE-2008-3412 (SQL injection vulnerability in Comsenz EPShop (aka ECShop) before 3.0 ...) NOT-FOR-US: Comsenz EPShop CVE-2008-3411 (The Axesstel AXW-D800 modem with D2_ETH_109_01_VEBR Jun-14-2006 softwa ...) NOT-FOR-US: The Axesstel AXW-D800 modem CVE-2008-3410 (Unreal Tournament 3 1.3beta4 and earlier allows remote attackers to ca ...) NOT-FOR-US: Unreal Tournament CVE-2008-3409 (Buffer overflow in Unreal Tournament 3 1.3beta4 and earlier allows rem ...) NOT-FOR-US: Unreal Tournament CVE-2008-3408 (Stack-based buffer overflow in CoolPlayer 2.18, and possibly other ver ...) NOT-FOR-US: CoolPlayer CVE-2008-3407 (phpLinkat 0.1 allows remote attackers to bypass authentication and acc ...) NOT-FOR-US: phpLinkat CVE-2008-3406 (SQL injection vulnerability in showcat.php in phpLinkat 0.1 allows rem ...) NOT-FOR-US: phpLinkat CVE-2008-3405 (Directory traversal vulnerability in index.php in Ricardo Amaral nzFot ...) NOT-FOR-US: Ricardo Amaral nzFotolog CVE-2008-3404 (Cross-site scripting (XSS) vulnerability in guestbook.js.php in MJGues ...) NOT-FOR-US: MJGuest CVE-2008-3403 (SQL injection vulnerability in mojoClassified.cgi in MojoPersonals all ...) NOT-FOR-US: MojoPersonals CVE-2008-3402 (Multiple PHP remote file inclusion vulnerabilities in HIOX Browser Sta ...) NOT-FOR-US: HIOX Browser Statistics CVE-2008-3401 (PHP remote file inclusion vulnerability in hioxRandomAd.php in HIOX Ra ...) NOT-FOR-US: HIOX Random Ad CVE-2008-3400 (XRMS CRM 1.99.2 allows remote attackers to obtain configuration inform ...) NOT-FOR-US: XRMS CRM CVE-2008-3399 (PHP remote file inclusion vulnerability in activities/workflow-activit ...) NOT-FOR-US: XRMS CRM CVE-2008-3398 (Multiple cross-site scripting (XSS) vulnerabilities in XRMS CRM 1.99.2 ...) NOT-FOR-US: XRMS CRM CVE-2008-3397 (Cross-site scripting (XSS) vulnerability in Runesoft Cerberus CMS befo ...) NOT-FOR-US: Runesoft Cerberus CMS CVE-2008-3396 (Unreal Tournament 2004 (UT2004) 3369 and earlier allows remote attacke ...) NOT-FOR-US: Unreal Tournament CVE-2008-3395 (Calacode @Mail 5.41 on Linux uses weak world-readable permissions for ...) NOT-FOR-US: Calacode CVE-2008-3394 (Multiple cross-site scripting (XSS) vulnerabilities in search.cfm in B ...) NOT-FOR-US: BookMine CVE-2008-3393 (SQL injection vulnerability in events.cfm in BookMine allows remote at ...) NOT-FOR-US: BookMine CVE-2008-3392 (Cross-site request forgery (CSRF) vulnerability in Web Wiz Forum 9.5 a ...) NOT-FOR-US: Web Wiz Forum CVE-2008-3391 (Multiple cross-site scripting (XSS) vulnerabilities in Web Wiz Forum 9 ...) NOT-FOR-US: Web Wiz Forum CVE-2008-3390 (Directory traversal vulnerability in libraries/general.init.php in Min ...) NOT-FOR-US: Minishowcase Image Gallery CVE-2008-3389 (Stack-based buffer overflow in the libbecompat library in Ingres 2.6, ...) NOT-FOR-US: Ingres CVE-2008-3388 (Multiple SQL injection vulnerabilities in Def-Blog 1.0.3 allow remote ...) NOT-FOR-US: Def-Blog CVE-2008-3387 (SQL injection vulnerability in show.php in PHPFootball 1.6 allows remo ...) NOT-FOR-US: PHPFootball CVE-2008-3386 (SQL injection vulnerability in album.php in AlstraSoft Video Share Ent ...) NOT-FOR-US: AlstraSoft Video Share Enterprise CVE-2008-3385 (Directory traversal vulnerability in include/head_chat.inc.php in php ...) NOT-FOR-US: Help Agent CVE-2008-3384 (Multiple directory traversal vulnerabilities in help/help.php in Inter ...) NOT-FOR-US: Interact Learning Community Environment Interact CVE-2008-3383 (SQL injection vulnerability in mojoAuto.cgi in MojoAuto allows remote ...) NOT-FOR-US: MojoAuto CVE-2008-3382 (SQL injection vulnerability in mojoClassified.cgi in MojoClassifieds 2 ...) NOT-FOR-US: MojoClassifieds CVE-2008-3381 (Multiple cross-site scripting (XSS) vulnerabilities in macro/AdvancedS ...) - moin 1.7.1-1 (low) [etch] - moin (Vulnerable macro not present) CVE-2008-3380 (Cross-site scripting (XSS) vulnerability in ajaxp_backend.php in MyioS ...) NOT-FOR-US: MyioSoft EasyBookMarker CVE-2008-3379 (Cross-site scripting (XSS) vulnerability in Snark VisualPic 0.3.1 allo ...) NOT-FOR-US: Snark VisualPic CVE-2008-3378 (SQL injection vulnerability in comment.php in Fizzmedia 1.51.2 allows ...) NOT-FOR-US: Fizzmedia CVE-2008-3377 (SQL injection vulnerability in picture.php in phpTest 0.6.3 allows rem ...) NOT-FOR-US: phpTest CVE-2008-3376 (Multiple unspecified vulnerabilities in JamRoom before 3.4.0 have unkn ...) NOT-FOR-US: JamRoom CVE-2008-3375 (The jrCookie function in includes/jamroom-misc.inc.php in JamRoom befo ...) NOT-FOR-US: JamRoom CVE-2008-3374 (SQL injection vulnerability in ajax.php in Gregarius 0.5.4 and earlier ...) NOT-FOR-US: Gregarius CVE-2008-3373 (The files parsing engine in Grisoft AVG Anti-Virus before 8.0.156 allo ...) NOT-FOR-US: Grisoft AVG Anti-Virus CVE-2008-3372 (SQL injection vulnerability in search_form.php in Getacoder Clone allo ...) NOT-FOR-US: Getacoder Clone CVE-2008-3371 (Directory traversal vulnerability in install/help.php in TalkBack 2.3. ...) NOT-FOR-US: TalkBack CVE-2008-3370 (SQL injection vulnerability in the CUA Login Module in EMC Centera Uni ...) NOT-FOR-US: CUA Login Module in EMC Centera Universal Access CVE-2008-3369 (SQL injection vulnerability in products_rss.php in ViArt Shop 3.5 and ...) NOT-FOR-US: ViArt Shop CVE-2008-3368 (PHP remote file inclusion vulnerability in tools/packages/import.php i ...) NOT-FOR-US: ATutor CVE-2008-3367 (Cross-site scripting (XSS) vulnerability in RTE_popup_link.asp in Web ...) NOT-FOR-US: Web Wiz Rich Text Editor CVE-2008-3366 (SQL injection vulnerability in story.php in Pligg CMS Beta 9.9.0 allow ...) NOT-FOR-US: Pligg CMS CVE-2008-3365 (Directory traversal vulnerability in index.php in Pixelpost 1.7.1 on W ...) - pixelpost (Exploit relies on register_globals to be on) CVE-2008-3364 (Buffer overflow in the ObjRemoveCtrl Class ActiveX control in OfficeSc ...) NOT-FOR-US: Trend Micro OfficeScan Corp Edition Web-Deployment CVE-2008-3363 (Directory traversal vulnerability in user_portal.php in the Dokeos E-L ...) NOT-FOR-US: Dokeos E-Learning System CVE-2008-3362 (Unrestricted file upload vulnerability in upload.php in the Giulio Gan ...) NOT-FOR-US: Giulio Ganci Wp Downloads Manager module CVE-2008-3361 (Stack-based buffer overflow in IntelliTamper 2.07 allows remote web si ...) NOT-FOR-US: IntelliTamper CVE-2008-3360 (Stack-based buffer overflow in the HTML parser in IntelliTamper 2.0.7 ...) NOT-FOR-US: IntelliTamper CVE-2008-3359 (SQL injection vulnerability in register.php in Steve Bourgeois and Chr ...) - owl-dms 0.95-1.1 (bug #493372) CVE-2008-3358 (Cross-site scripting (XSS) vulnerability in Web Dynpro (WD) in the SAP ...) NOT-FOR-US: SAP NetWeaver portal CVE-2008-3357 (Untrusted search path vulnerability in ingvalidpw in Ingres 2.6, Ingre ...) NOT-FOR-US: Ingres CVE-2008-3356 (verifydb in Ingres 2.6, Ingres 2006 release 1 (aka 9.0.4), and Ingres ...) NOT-FOR-US: Ingres CVE-2008-3355 (SQL injection vulnerability in sitemap.xml.php in Camera Life 2.6.2 al ...) NOT-FOR-US: Camera Life CVE-2008-3354 (Multiple PHP remote file inclusion vulnerabilities in the Newbb Plus ( ...) NOT-FOR-US: Newbb Plus CVE-2008-3353 (Multiple cross-site scripting (XSS) vulnerabilities in Pure Software L ...) NOT-FOR-US: Pure Software Lore CVE-2008-3352 (SQL injection vulnerability in index.php in Live Music Plus 1.1.0 allo ...) NOT-FOR-US: Live Music Plus CVE-2008-3351 (SQL injection vulnerability in atomPhotoBlog.php in Atom PhotoBlog 1.0 ...) NOT-FOR-US: Atom PhotoBlog CVE-2008-3350 (dnsmasq 2.43 allows remote attackers to cause a denial of service (dae ...) - dnsmasq 2.44-1 (low) [etch] - dnsmasq (Issue was introduced in 2.43) CVE-2008-3349 (Multiple unspecified vulnerabilities in NetApp Data ONTAP, as used on ...) NOT-FOR-US: NetApp Data ONTAP CVE-2008-3348 (Cross-site scripting (XSS) vulnerability in staticpages/easycalendar/i ...) NOT-FOR-US: MyioSoft EasyDynamicPages CVE-2008-3347 (SQL injection vulnerability in staticpages/easycalendar/index.php in M ...) NOT-FOR-US: MyioSoft EasyDynamicPages CVE-2008-3346 (SQL injection vulnerability in product_detail.php in ShopCart DX allow ...) NOT-FOR-US: ShopCart DX CVE-2008-3345 (SQL injection vulnerability in staticpages/easyecards/index.php in Myi ...) NOT-FOR-US: MyioSoft EasyE-Cards CVE-2008-3344 (Multiple cross-site scripting (XSS) vulnerabilities in staticpages/eas ...) NOT-FOR-US: MyioSoft EasyE-Cards CVE-2008-3343 (SQL injection vulnerability in staticpages/easypublish/index.php in My ...) NOT-FOR-US: MyioSoft EasyPublish CVE-2008-3342 (Cross-site scripting (XSS) vulnerability in staticpages/easypublish/in ...) NOT-FOR-US: MyioSoft EasyPublish CVE-2008-3341 (Multiple SQL injection vulnerabilities in search_result.cfm in Jobbex ...) NOT-FOR-US: Jobbex JobSite CVE-2008-3340 (Cross-site scripting (XSS) vulnerability in search_result.cfm in Jobbe ...) NOT-FOR-US: Jobbex JobSite CVE-2008-3339 (search_result.cfm in Jobbex JobSite allows remote attackers to obtain ...) NOT-FOR-US: Jobbex JobSite CVE-2008-3429 (Buffer overflow in URI processing in HTTrack and WinHTTrack before 3.4 ...) {DSA-1626-1} - httrack 3.42.3-1 (low) CVE-2008-3338 (Multiple buffer overflows in TIBCO Hawk (1) AMI C library (libtibhawka ...) NOT-FOR-US: TIBCO Hawk CVE-2008-3337 (PowerDNS Authoritative Server before 2.9.21.1 drops malformed queries, ...) {DSA-1628-1} - pdns 2.9.21.1-1 (low) CVE-2008-3336 (Multiple cross-site scripting (XSS) vulnerabilities in PunBB before 1. ...) NOT-FOR-US: PunBB CVE-2008-3335 (Unspecified vulnerability in PunBB before 1.2.19 allows remote attacke ...) NOT-FOR-US: PunBB CVE-2008-3334 (Cross-site scripting (XSS) vulnerability in MyBB 1.2.x before 1.2.14 a ...) NOT-FOR-US: MyBB CVE-2008-3333 (Directory traversal vulnerability in core/lang_api.php in Mantis befor ...) - mantis 1.1.2+dfsg-2 NOTE: I've marked the above version as fixed, however I am not sure if it wasn't fixed NOTE: earlier. However, lenny is fixed and it is not in etch and sarge is not supported anymore. CVE-2008-3332 (Eval injection vulnerability in adm_config_set.php in Mantis before 1. ...) - mantis 1.1.2+dfsg-2 CVE-2008-3331 (Cross-site scripting (XSS) vulnerability in return_dynamic_filters.php ...) - mantis 1.1.2+dfsg-2 CVE-2008-3329 (Unspecified vulnerability in Links before 2.1, when "only proxies" is ...) - links2 2.1pre37-1.1 (low; bug #492744) [etch] - links2 (Minor information leak) CVE-2008-3328 (Cross-site scripting (XSS) vulnerability in the wiki engine in Trac be ...) - trac 0.11-1 [etch] - trac 0.10.3-1etch4 CVE-2008-3324 (The PartyGaming PartyPoker client program 121/120 does not properly ve ...) NOT-FOR-US: PartyGaming PartyPoker CVE-2008-3323 (setup.exe before 2.573.2.3 in Cygwin does not properly verify the auth ...) NOT-FOR-US: Cygwin CVE-2008-3322 (admin/index.php in Maian Recipe 1.2 and earlier allows remote attacker ...) NOT-FOR-US: Maian * CVE-2008-3321 (admin/index.php in Maian Uploader 4.0 and earlier allows remote attack ...) NOT-FOR-US: Maian * CVE-2008-3320 (admin/index.php in Maian Guestbook 3.2 and earlier allows remote attac ...) NOT-FOR-US: Maian * CVE-2008-3319 (admin/index.php in Maian Links 3.1 and earlier allows remote attackers ...) NOT-FOR-US: Maian * CVE-2008-3318 (admin/index.php in Maian Weblog 4.0 and earlier allows remote attacker ...) NOT-FOR-US: Maian * CVE-2008-3317 (admin/index.php in Maian Search 1.1 and earlier allows remote attacker ...) NOT-FOR-US: Maian * CVE-2008-3316 (Cross-site scripting (XSS) vulnerability in the search feature in the ...) NOT-FOR-US: Geeklog CVE-2008-3315 (Multiple cross-site scripting (XSS) vulnerabilities in Claroline 1.8.1 ...) NOT-FOR-US: Claroline CVE-2008-3314 (ZDaemon 1.08.07 and earlier allows remote attackers to cause a denial ...) NOT-FOR-US: ZDaemon CVE-2008-3313 (Multiple PHP remote file inclusion vulnerabilities in CreaCMS 1.0 allo ...) NOT-FOR-US: CreaCMS CVE-2008-3312 (Directory traversal vulnerability in lemon_includes/FCKeditor/editor/f ...) - fckeditor (Vulnerable code not present) NOTE: lemon cms patched sources, vulnerable code not present in plain fckeditor in no version. NOTE: if in doubt contact the fsckeditor people. CVE-2008-3311 (PHP remote file inclusion vulnerability in config.php in Adam Scheinbe ...) NOT-FOR-US: Adam Scheinberg Flip CVE-2008-3310 (SQL injection vulnerability in default.asp in Pre Survey Poll allows r ...) NOT-FOR-US: Pre Survey Poll CVE-2008-3309 (SQL injection vulnerability in info_book.asp in DigiLeave 1.2 and earl ...) NOT-FOR-US: DigiLeave CVE-2008-3308 (PHP remote file inclusion vulnerability in cuenta/cuerpo.php in C. Des ...) NOT-FOR-US: C. Desseno YouTube Blog CVE-2008-3307 (SQL injection vulnerability in todos.php in C. Desseno YouTube Blog (y ...) NOT-FOR-US: C. Desseno YouTube Blog CVE-2008-3306 (SQL injection vulnerability in info.php in C. Desseno YouTube Blog (yt ...) NOT-FOR-US: C. Desseno YouTube Blog CVE-2008-3305 (Cross-site scripting (XSS) vulnerability in mensaje.php in C. Desseno ...) NOT-FOR-US: C. Desseno YouTube Blog CVE-2008-3304 (BilboBlog 0.2.1 allows remote attackers to obtain sensitive informatio ...) NOT-FOR-US: BilboBlog CVE-2008-3303 (admin/login.php in BilboBlog 0.2.1, when register_globals is enabled, ...) NOT-FOR-US: BilboBlog CVE-2008-3302 (SQL injection vulnerability in admin/delete.php in BilboBlog 0.2.1, wh ...) NOT-FOR-US: BilboBlog CVE-2008-3301 (Multiple cross-site scripting (XSS) vulnerabilities in BilboBlog 0.2.1 ...) NOT-FOR-US: BilboBlog CVE-2008-3300 (AlphAdmin CMS 1.0.5/03 allows remote attackers to bypass authenticatio ...) NOT-FOR-US: AlphAdmin CMS CVE-2008-3299 (eSyndiCat 1.6 allows remote attackers to bypass authentication and gai ...) NOT-FOR-US: eSyndiCat CVE-2008-3298 (SocialEngine (SE) before 2.83 grants certain write privileges for temp ...) NOT-FOR-US: SocialEngine CVE-2008-3297 (Multiple SQL injection vulnerabilities in SocialEngine (SE) before 2.8 ...) NOT-FOR-US: SocialEngine CVE-2008-3296 (Directory traversal vulnerability in modules/system/admin.php in XOOPS ...) NOT-FOR-US: XOOPS CVE-2008-3295 (Cross-site scripting (XSS) vulnerability in modules/system/admin.php i ...) NOT-FOR-US: XOOPS CVE-2008-3294 (src/configure.in in Vim 5.0 through 7.1, when used for a build with Py ...) - vim (Build issue) NOTE: It looks like the vulnerability only occurs during build, so it shouldn't be an issue for Debian CVE-2008-3293 (Directory traversal vulnerability in download.php in EZWebAlbum allows ...) NOT-FOR-US: EZWebAlbum CVE-2008-3292 (constants.inc in EZWebAlbum 1.0 allows remote attackers to bypass auth ...) NOT-FOR-US: EZWebAlbum CVE-2008-3291 (SQL injection vulnerability in index.php in AproxEngine (aka Aprox CMS ...) NOT-FOR-US: AproxEngine CVE-2008-3290 (retroclient.exe in EMC Dantz Retrospect Backup Client 7.5.116 allows r ...) NOT-FOR-US: EMC Dantz Retrospect Backup Client CVE-2008-3289 (EMC Dantz Retrospect Backup Client 7.5.116 sends the password hash in ...) NOT-FOR-US: EMC Dantz Retrospect Backup Client CVE-2008-3288 (The Server Authentication Module in EMC Dantz Retrospect Backup Server ...) NOT-FOR-US: EMC Dantz Retrospect Backup Server CVE-2008-3287 (retroclient.exe in EMC Dantz Retrospect Backup Client 7.5.116 allows r ...) NOT-FOR-US: EMC Dantz Retrospect Backup Client CVE-2008-3286 (SWAT 4 1.1 and earlier allows remote attackers to cause a denial of se ...) NOT-FOR-US: SWAT 4 CVE-2008-3285 (The Filesys::SmbClientParser module 2.7 and earlier for Perl allows re ...) NOT-FOR-US: Filesys::SmbClientParser CVE-2008-3284 REJECTED CVE-2008-3283 (Multiple memory leaks in Red Hat Directory Server 7.1 before SP7, Red ...) NOT-FOR-US: Red Hat Directory Server CVE-2008-3282 (Integer overflow in the rtl_allocateMemory function in sal/rtl/source/ ...) - openoffice.org (openoffice in Debian does not use the custom allocations but g/malloc) NOTE: see ooo-build/distro-configs/CommonLinux.conf.in, openoffice builds on Debian using NOTE: --with-alloc=system which causes the build scripts to use the system allocators instead of the NOTE: custom ones CVE-2008-3281 (libxml2 2.6.32 and earlier does not properly detect recursion during e ...) {DSA-1631-1 DTSA-158-1} - libxml2 2.6.32.dfsg-3 (medium) - chromium-browser 5.0.375.29~r46008-1 CVE-2008-3280 (It was found that various OpenID Providers (OPs) had TLS Server Certif ...) NOT-FOR-US: Historic OpenID issues CVE-2008-3279 (Untrusted search path vulnerability in libbrlttybba.so in brltty 3.7.2 ...) - brltty (RedHat-specific) CVE-2008-3278 (frysk packages through 2008-08-05 as shipped in Red Hat Enterprise Lin ...) - frysk CVE-2008-3277 (Untrusted search path vulnerability in a certain Red Hat build script ...) - ibutils (RedHat-specific) CVE-2008-3276 (Integer overflow in the dccp_setsockopt_change function in net/dccp/pr ...) {DSA-1653-1 DSA-1636-1} - linux-2.6 2.6.26-4 - linux-2.6.24 2.6.24-6~etchnhalf.5 CVE-2008-3275 (The (1) real_lookup and (2) __lookup_hash functions in fs/namei.c in t ...) {DSA-1636-1 DSA-1630-1} - linux-2.6.24 2.6.24-6~etchnhalf.5 - linux-2.6 2.6.26-2 NOTE: d70b67c8bc72ee23b55381bd6a884f4796692f77 CVE-2008-3274 (The default configuration of Red Hat Enterprise IPA 1.0.0 and FreeIPA ...) NOT-FOR-US: FreeIPA CVE-2008-3273 (JBoss Enterprise Application Platform (aka JBossEAP or EAP) before 4.2 ...) - jbossas4 (Only provides a few class libs) CVE-2008-3272 (The snd_seq_oss_synth_make_info function in sound/core/seq/oss/seq_oss ...) {DSA-1636-1 DSA-1630-1} - linux-2.6.24 2.6.24-6~etchnhalf.5 - linux-2.6 2.6.26-2 NOTE: 82e68f7ffec3800425f2391c8c86277606860442 CVE-2008-3271 (Apache Tomcat 5.5.0 and 4.1.0 through 4.1.31 allows remote attackers t ...) - tomcat5 (unimportant) - tomcat5.5 5.5.1 - tomcat6 NOTE: It is unlikely that this is exploitable in real world scenarios. CVE-2008-3270 (yum-rhn-plugin in Red Hat Enterprise Linux (RHEL) 5 does not verify th ...) NOT-FOR-US: Red Hat CVE-2008-3269 (WRPCServer.exe in WinSoftMagic WinRemotePC (WRPC) Lite 2008 and Full 2 ...) NOT-FOR-US: WinRemotePC CVE-2008-3268 (Unspecified vulnerability in phpScheduleIt 1.2.0 through 1.2.9, when u ...) NOT-FOR-US: phpScheduleIt CVE-2008-3267 (SQL injection vulnerability in mojoJobs.cgi in MojoJobs allows remote ...) NOT-FOR-US: MojoJobs CVE-2008-3266 (SQL injection vulnerability in picture_pic_bv.asp in SoftAcid Hotel Re ...) NOT-FOR-US: SoftAcid Hotel Reservation System CVE-2008-3265 (SQL injection vulnerability in the DT Register (com_dtregister) 2.2.3 ...) NOT-FOR-US: DT Register CVE-2008-3264 (The FWDOWNL firmware-download implementation in Asterisk Open Source 1 ...) - asterisk 1:1.4.21.2~dfsg-1 [etch] - asterisk (Etch Packages no longer covered by security support) NOTE: http://downloads.digium.com/pub/security/AST-2008-011.html CVE-2008-3263 (The IAX2 protocol implementation in Asterisk Open Source 1.0.x, 1.2.x ...) - asterisk 1:1.4.21.2~dfsg-1 [etch] - asterisk (Etch Packages no longer covered by security support) NOTE: http://downloads.digium.com/pub/security/AST-2008-010.html CVE-2008-3262 (Cross-site request forgery (CSRF) vulnerability in Claroline before 1. ...) NOT-FOR-US: Claroline CVE-2008-3261 (Open redirect vulnerability in claroline/redirector.php in Claroline b ...) NOT-FOR-US: Claroline CVE-2008-3260 (Multiple cross-site scripting (XSS) vulnerabilities in Claroline befor ...) NOT-FOR-US: Claroline CVE-2008-3259 (OpenSSH before 5.1 sets the SO_REUSEADDR socket option when the X11Use ...) - openssh (linux check that the effective userid matches or that bind addresses dont overlap on rebind) CVE-2008-3258 (Multiple SQL injection vulnerabilities in Zoph before 0.7.0.5 allow re ...) - zoph 0.7.1-1 NOTE: http://sourceforge.net/project/shownotes.php?group_id=69353&release_id=614672 CVE-2008-3257 (Stack-based buffer overflow in the Apache Connector (mod_wl) in Oracle ...) NOT-FOR-US: Oracle CVE-2008-3256 (SQL injection vulnerability in folder.php in Siteframe CMS 3.2.3 and e ...) NOT-FOR-US: Siteframe CMS CVE-2008-3255 (Cross-site scripting (XSS) vulnerability in LunarNight Laboratory WebP ...) NOT-FOR-US: LunarNight Laboratory WebProxy CVE-2008-3254 (SQL injection vulnerability in index.php in preCMS 1 allows remote att ...) NOT-FOR-US: preCMS CVE-2008-3253 (Cross-site scripting (XSS) vulnerability in the XenAPI HTTP interfaces ...) NOT-FOR-US: Citrix XenServer Express CVE-2008-3252 (Stack-based buffer overflow in the read_article function in getarticle ...) {DSA-1622-1} - newsx 1.6-3 (bug #492742) CVE-2008-3251 (Multiple SQL injection vulnerabilities in tplSoccerSite 1.0 allow remo ...) NOT-FOR-US: tplSoccerSite CVE-2008-3250 (SQL injection vulnerability in index.php in Arctic Issue Tracker 2.0.0 ...) NOT-FOR-US: Arctic Issue Tracker CVE-2008-3249 (The client in Lenovo System Update before 3.14 does not properly valid ...) NOT-FOR-US: Lenovo System Update CVE-2008-3248 (qiomkfile in the Quick I/O for Database feature in Symantec Veritas Fi ...) NOT-FOR-US: Symantec Veritas File System on HP-UX CVE-2008-3247 (The LDT implementation in the Linux kernel 2.6.25.x before 2.6.25.11 o ...) - linux-2.6 2.6.25-7 [etch] - linux-2.6 (2.6.25-only issue) - linux-2.6.24 (2.6.25-only issue) CVE-2008-3246 (Unspecified vulnerability in the PDF distiller component in the BlackB ...) NOT-FOR-US: BlackBerry Attachment Service CVE-2008-3245 (SQL injection vulnerability in phpHoo3.php in phpHoo3 4.3.9, 4.3.10, 4 ...) NOT-FOR-US: phpHoo3 CVE-2008-3244 (The scanning engine before 4.4.4 in F-Prot Antivirus before 6.0.9.0 al ...) NOT-FOR-US: F-Prot Antivirus CVE-2008-3243 (Multiple unspecified vulnerabilities in the scanning engine before 4.4 ...) NOT-FOR-US: F-Prot Antivirus CVE-2008-3242 (Heap-based buffer overflow in the PPMedia Class ActiveX control in PPM ...) NOT-FOR-US: PPMate CVE-2008-3241 (SQL injection vulnerability in players-detail.php in UltraStats 0.2.13 ...) NOT-FOR-US: UltraStats CVE-2008-3240 (SQL injection vulnerability in index.php in AlstraSoft Affiliate Netwo ...) NOT-FOR-US: AlstraSoft Affiliate Network Pro CVE-2008-3239 (Unrestricted file upload vulnerability in the writeLogEntry function i ...) NOT-FOR-US: PHPizabi CVE-2008-3238 (Multiple SQL injection vulnerabilities in ITechBids 7.0 Gold allow rem ...) NOT-FOR-US: ITechBids CVE-2008-3237 (Cross-site scripting (XSS) vulnerability in forward_to_friend.php in I ...) NOT-FOR-US: ITechBids CVE-2008-3236 (Unspecified vulnerability in Wsadmin in the System Management/Reposito ...) NOT-FOR-US: Wsadmin CVE-2008-3235 (Unspecified vulnerability in the PropFilePasswordEncoder utility in th ...) NOT-FOR-US: IBM WebSphere Application Server CVE-2008-3234 (sshd in OpenSSH 4 on Debian GNU/Linux, and the 20070303 OpenSSH snapsh ...) - openssh (unimportant) NOTE: this is by design CVE-2008-3233 (Cross-site scripting (XSS) vulnerability in WordPress before 2.6, SVN ...) - wordpress (Code was only present in svn versions) CVE-2008-3232 (Unrestricted file upload vulnerability in ecrire/images.php in Dotclea ...) NOT-FOR-US: dotclear CVE-2008-3231 (xine-lib before 1.1.15 allows remote attackers to cause a denial of se ...) - xine-lib 1.1.14-2 (bug #492870; unimportant) NOTE: Only a NULL pointer deference, hardly security relevant CVE-2008-3230 (The ffmpeg lavf demuxer allows user-assisted attackers to cause a deni ...) - ffmpeg-debian 0.svn20080206-16 (unimportant; bug #498764; bug #498766) - ffmpeg 0.svn20080206-16 (unimportant) - xmovie (unimportant) NOTE: Only a NULL pointer deference, hardly security relevant CVE-2008-3228 (Joomla! before 1.5.4 does not configure .htaccess to apply certain sec ...) NOT-FOR-US: Joomla! CVE-2008-3227 (Unspecified vulnerability in Joomla! before 1.5.4 has unknown impact a ...) NOT-FOR-US: Joomla! CVE-2008-3226 (The file caching implementation in Joomla! before 1.5.4 allows attacke ...) NOT-FOR-US: Joomla! CVE-2008-3225 (Joomla! before 1.5.4 allows attackers to access administration functio ...) NOT-FOR-US: Joomla! CVE-2008-3217 (PowerDNS Recursor before 3.1.6 does not always use the strongest rando ...) {DSA-1544-2} - pdns-recursor 3.1.7-1 (low; bug #493576) CVE-2008-3215 (libclamav/petite.c in ClamAV before 0.93.3 allows remote attackers to ...) {DSA-1616-2} - clamav 0.93.1.dfsg-1.1 (medium) CVE-2008-3214 (dnsmasq 2.25 allows remote attackers to cause a denial of service (dae ...) - dnsmasq 2.26-1 (medium) CVE-2008-3213 (SQL injection vulnerability in secciones/tablon/tablon.php in WebCMS P ...) NOT-FOR-US: WebCMS CVE-2008-3212 (Multiple SQL injection vulnerabilities in Scripteen Free Image Hosting ...) NOT-FOR-US: Scripteen Free Image Hosting CVE-2008-3211 (Scripteen Free Image Hosting Script 1.2 and 1.2.1 allows remote attack ...) NOT-FOR-US: Scripteen Free Image Hosting CVE-2008-3210 (rutil/dns/DnsStub.cxx in ReSIProcate 1.3.2, as used by repro, allows r ...) NOT-FOR-US: ReSIProcate CVE-2008-3209 (Heap-based buffer overflow in the OpenGifFile function in BiGif.dll in ...) NOT-FOR-US: Black Ice Document Imaging SDK CVE-2008-3208 (Simple DNS Plus 4.1, 5.0, and possibly other versions before 5.1.101 a ...) NOT-FOR-US: Simple DNS Plus CVE-2008-3207 (PHP remote file inclusion vulnerability in cms/modules/form.lib.php in ...) NOT-FOR-US: Pragyan CMS CVE-2008-3206 (SQL injection vulnerability in browse.groups.php in Yuhhu Pubs Black C ...) NOT-FOR-US: Yuhhu Pubs Black Cat CVE-2008-3205 (Directory traversal vulnerability in index.php in Easy-Script Wysi Wik ...) NOT-FOR-US: Easy-Script Wysi Wiki Wyg CVE-2008-3204 (SQL injection vulnerability in tops_top.php in E-topbiz Million Pixels ...) NOT-FOR-US: E-topbiz Million Pixels CVE-2008-3203 (js/pages/pages_data.php in AuraCMS 2.2 through 2.2.2 does not perform ...) NOT-FOR-US: AuraCMS CVE-2008-3202 (Cross-site scripting (XSS) vulnerability in index.php in Xomol CMS 1.2 ...) NOT-FOR-US: Xomol CVE-2008-3201 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in Pa ...) NOT-FOR-US: Pagefusion CVE-2008-3200 (SQL injection vulnerability in vlc_forum.php in Avlc Forum as of 20080 ...) NOT-FOR-US: Avlc Forum CVE-2008-3199 (Multiple unspecified vulnerabilities in ReSIProcate before 1.3.4 allow ...) NOT-FOR-US: ReSIProcate CVE-2008-3198 (Mozilla Firefox 3.x before 3.0.1 allows remote attackers to inject arb ...) {DSA-1614-1} - iceweasel 3.0.1-1 (low) NOTE: http://www.mozilla.org/security/announce/2008/mfsa2008-35.html CVE-2008-3195 (Directory traversal vulnerability in bin/configure in TWiki before 4.2 ...) {DSA-1639-1} - twiki 1:4.1.2-5 (low; bug #499534) NOTE: access to configure script is restricted to localhost on Debian CVE-2008-3194 (Multiple directory traversal vulnerabilities in data/inc/themes/predef ...) NOT-FOR-US: pluck CMS CVE-2008-3193 (SQL injection vulnerability in jSite 1.0 OE allows remote attackers to ...) NOT-FOR-US: jSite CVE-2008-3192 (Directory traversal vulnerability in index.php in jSite 1.0 OE allows ...) NOT-FOR-US: jSite CVE-2008-3191 (Multiple SQL injection vulnerabilities in usercp.php in mForum 0.1a, w ...) NOT-FOR-US: mForum CVE-2008-3190 (Directory traversal vulnerability in list.php in 1Scripts CodeDB 1.1.1 ...) NOT-FOR-US: CodeDB CVE-2008-3189 (SQL injection vulnerability in dreamnews-rss.php in DreamNews Manager ...) NOT-FOR-US: DreamNews Manager CVE-2008-3188 (libxcrypt in SUSE openSUSE 11.0 uses the DES algorithm when the config ...) - libxcrypt (Suse issue) CVE-2008-3187 (zypp-refresh-patches in zypper in SUSE openSUSE 10.2, 10.3, and 11.0 d ...) NOT-FOR-US: SUSE Zypper CVE-2008-3330 (Cross-site scripting (XSS) vulnerability in services/obrowser/index.ph ...) {DSA-1765-1} - horde3 3.2.1+debian0-1 (low; bug #492578) - turba2 2.2.1-1 (low) [etch] - turba2 (only version 2.2 contains vulnerable code, etch has 2.1) CVE-2008-3325 (Cross-site request forgery (CSRF) vulnerability in Moodle 1.6.x before ...) {DSA-1691-1} - moodle 1.8.1-1 (low) NOTE: http://moodle.org/mod/forum/discuss.php?d=101405 CVE-2008-3326 (Cross-site scripting (XSS) vulnerability in blog/edit.php in Moodle 1. ...) {DSA-1691-1} - moodle 1.8.2-2 (low; bug #492492) NOTE: http://moodle.org/mod/forum/discuss.php?d=101401 CVE-2008-3327 (Moodle 1.6.5, when display_errors is enabled, allows remote attackers ...) - moodle (unimportant) NOTE: http://moodle.org/mod/forum/discuss.php?d=101403 NOTE: Does not allow any attack vectors, apart from gaining non-sensible information CVE-2008-XXXX [mantis multiple issues] - mantis 1.1.2+dfsg-1 (low) NOTE: http://www.mantisbt.org/bugs/changelog_page.php NOTE: CVE id requested by redhat NOTE: 0008975 (CSRF) covered by CVE-2008-2276 NOTE: 0008976 remote code execution only possible with valid administrator account CVE-2008-3196 (skeleton.c in yacc does not properly handle reduction of a rule with a ...) - byacc 20070509-1.1 (low; bug #491182) [etch] - byacc (Minor issue) CVE-2008-XXXX [libetpan NULL deref] - libetpan 0.54-3 (low) [etch] - libetpan (Minor issue) NOTE: http://lwn.net/Alerts/287640/ NOTE: http://libetpan.cvs.sourceforge.net/libetpan/libetpan/src/low-level/imf/mailimf.c?view=diff&r1=1.46&r2=1.47 CVE-2008-XXXX [XSS in press-this of wordpress] - wordpress (Vulnerable code not present) NOTE: this code was never present in a released wordpress version NOTE: https://www.openwall.com/lists/oss-security/2008/07/15/5 CVE-2008-3224 (Unspecified vulnerability in phpBB before 3.0.1 has unknown impact and ...) - phpbb3 3.0.2-1 (low) - phpbb2 (Vulnerable code not present) CVE-2008-3197 (Cross-site request forgery (CSRF) vulnerability in phpMyAdmin before 2 ...) {DSA-1641-1} - phpmyadmin 4:2.11.7.1-1 (low) NOTE: this only allows via csrf to create an empty database. NOTE: this would take a lot of work to get it only to the 'annoying' level, let alone a DoS NOTE: https://www.phpmyadmin.net/security/PMASA-2008-5/ NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/13fbcf4107476dc2d53a8dde707667172f807641 NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/084fd3ed16290339ee98a14d067932f638974044 (useless?) CVE-2008-3186 (Multiple cross-site scripting (XSS) vulnerabilities in Chipmunk Blog ( ...) NOT-FOR-US: Chipmunk Blog CVE-2008-3185 (SQL injection vulnerability in index.php in Relative Real Estate Syste ...) NOT-FOR-US: Relative Real Estate Systems CVE-2008-3184 (Multiple cross-site scripting (XSS) vulnerabilities in vBulletin 3.6.1 ...) NOT-FOR-US: vBulletin CVE-2008-3183 (PHP remote file inclusion vulnerability in ktmlpro/includes/ktedit/too ...) NOT-FOR-US: gapicms CVE-2008-3182 (Stack-based buffer overflow in DAP.exe in Download Accelerator Plus (D ...) NOT-FOR-US: Download Accelerator Plus CVE-2008-3181 (Unrestricted file upload vulnerability in upload.php in ContentNow CMS ...) NOT-FOR-US: ContentNow CMS CVE-2008-3180 (Multiple cross-site scripting (XSS) vulnerabilities in upload/file/lan ...) NOT-FOR-US: ContentNow CMS CVE-2008-3179 (Directory traversal vulnerability in website.php in Web 2 Business (W2 ...) NOT-FOR-US: phpDatingClub CVE-2008-3178 (Unrestricted file upload vulnerability in upload_pictures.php in WebXe ...) NOT-FOR-US: WebXell Editor CVE-2008-3177 (Sophos virus detection engine 2.75 on Linux and Unix, as used in Sopho ...) NOT-FOR-US: Sophos virus detection engine CVE-2008-3176 RESERVED CVE-2008-3175 (Integer underflow in rxRPC.dll in the LGServer service in the server i ...) NOT-FOR-US: CA ARCserve Backup CVE-2008-3174 (Unspecified vulnerability in the kmxfw.sys driver in CA Host-Based Int ...) NOT-FOR-US: r8 (Host-Based Intrusion Prevention System (HIPS)) CVE-2008-3173 (Microsoft Internet Explorer allows web sites to set cookies for domain ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2008-3172 (Opera allows web sites to set cookies for country-specific top-level d ...) NOT-FOR-US: Opera CVE-2008-3171 (Apple Safari sends Referer headers containing https URLs to different ...) NOT-FOR-US: Apple Safari CVE-2008-3170 (Apple Safari allows web sites to set cookies for country-specific top- ...) NOT-FOR-US: Apple Safari CVE-2008-3169 (Multiple heap-based buffer overflows in Empire Server before 4.3.15 al ...) NOT-FOR-US: Empire Server CVE-2008-3168 (The files utility in Empire Server before 4.3.15 discloses the world c ...) NOT-FOR-US: Empire Server CVE-2008-3167 (Multiple PHP remote file inclusion vulnerabilities in BoonEx Dolphin 6 ...) NOT-FOR-US: BoonEx Dolphin CVE-2008-3166 (PHP remote file inclusion vulnerability in modules/global/inc/content. ...) NOT-FOR-US: BoonEx Ray CVE-2008-3165 (Directory traversal vulnerability in rss.php in fuzzylime (cms) 3.01a ...) NOT-FOR-US: fuzzylime CVE-2008-3164 (Directory traversal vulnerability in blog.php in fuzzylime (cms) 3.01, ...) NOT-FOR-US: fuzzylime CVE-2008-3163 (Directory traversal vulnerability in dodosmail.php in DodosMail 2.5 al ...) NOT-FOR-US: DodosMail CVE-2008-3162 (Stack-based buffer overflow in the str_read_packet function in libavfo ...) {DSA-1781-1} - ffmpeg-debian 0.svn20080206-10 (bug #489965; low) - ffmpeg 0.svn20080206-10 - xmovie CVE-2008-3161 (Multiple cross-site scripting (XSS) vulnerabilities in jsp/common/syst ...) NOT-FOR-US: IBM Maximo CVE-2008-3160 (Multiple unspecified vulnerabilities in IBM Data ONTAP 7.1 before 7.1. ...) NOT-FOR-US: IBM Data ONTAP CVE-2008-3159 (Integer overflow in ds.dlm, as used by dhost.exe, in Novell eDirectory ...) NOT-FOR-US: eDirectory CVE-2008-3158 (Unspecified vulnerability in NWFS.SYS in Novell Client for Windows 4.9 ...) NOT-FOR-US: Novell Client for Windows CVE-2008-3157 (Nortel SIP Multimedia PC Client 4.x MCS5100 and MCS5200 does not limit ...) NOT-FOR-US: Nortel SIP Multimedia PC Client CVE-2008-3156 (The ActiveScan ActiveX Control (as2guiie.dll) in Panda ActiveScan befo ...) NOT-FOR-US: Panda ActiveScan CVE-2008-3155 (Stack-based buffer overflow in the ActiveX control (as2guiie.dll) in P ...) NOT-FOR-US: Panda ActiveScan CVE-2008-3154 (SQL injection vulnerability in index.php in WebBlizzard CMS allows rem ...) NOT-FOR-US: WebBlizzard CMS CVE-2008-3153 (SQL injection vulnerability in Triton CMS Pro allows remote attackers ...) NOT-FOR-US: Triton CMS Pro CVE-2008-3152 (SQL injection vulnerability in directory.php in SmartPPC and SmartPPC ...) NOT-FOR-US: SmartPPC CVE-2008-3151 (SQL injection vulnerability in the 4ndvddb 0.91 module for PHP-Nuke al ...) NOT-FOR-US: PHP-NUke CVE-2008-3150 (Directory traversal vulnerability in index.php in Neutrino Atomic Edit ...) NOT-FOR-US: Neutrino Atomic Edition CVE-2008-3149 (The SNMP daemon in the F5 FirePass 1200 6.0.2 hotfix 3 allows remote a ...) NOT-FOR-US: F5 FirePass CVE-2008-3148 (Stack-based buffer overflow in (1) OllyDBG 1.10 and (2) ImpREC 1.7f al ...) NOT-FOR-US: OllyDBG/ImpREC CVE-2008-3147 (WeFi 3.2.1.4.1, when diagnostic mode is enabled, stores (1) WEP, (2) W ...) NOT-FOR-US: WeFi CVE-2008-3146 (Multiple buffer overflows in packet_ncp2222.inc in Wireshark (formerly ...) {DTSA-167-1} - wireshark 1.0.3-1 (medium; bug #497878) CVE-2008-3144 (Multiple integer overflows in the PyOS_vsnprintf function in Python/my ...) {DSA-1667-1 DTSA-157-1} - python2.4 2.4.5-5 - python2.5 2.5.2-7 [etch] - python2.5 (Minor issue, not the default Python runtime) CVE-2008-3143 (Multiple integer overflows in Python before 2.5.2 might allow context- ...) {DSA-1667-1} - python2.4 2.4.5-1 [etch] - python2.5 (Minor issue, not the default Python runtime) - python2.5 2.5.2-1 CVE-2008-3142 (Multiple buffer overflows in Python 2.5.2 and earlier on 32bit platfor ...) {DSA-1667-1 DTSA-157-1} - python2.5 2.5.2-10 [etch] - python2.5 (Minor issue, not the default Python runtime) - python2.4 2.4.5-5 CVE-2008-3136 (SQL injection vulnerability in catalogue.php in AShop Deluxe 4.x allow ...) NOT-FOR-US: AShop Delux CVE-2008-3135 (Soldner Secret Wars 33724 and earlier allows remote attackers to cause ...) NOT-FOR-US: Soldner Secret Wars CVE-2008-3134 (Multiple unspecified vulnerabilities in GraphicsMagick before 1.2.4 al ...) {DSA-1903-1} - graphicsmagick 1.2.4-1 (bug #491439) - imagemagick (unimportant; bug #559775) NOTE: several DoS fixed in 1.2.4 according to upstream NOTE: http://sourceforge.net/project/shownotes.php?release_id=610253 CVE-2008-3133 (SQL injection vulnerability in admin/index.php in BareNuked CMS 1.1.0, ...) NOT-FOR-US: BareNuked CMS CVE-2008-3132 (SQL injection vulnerability in the beamospetition (com_beamospetition) ...) NOT-FOR-US: Joomla component CVE-2008-3131 (SQL injection vulnerability in chatbox.php in pSys 0.7.0 Alpha, when m ...) NOT-FOR-US: PSys CVE-2008-3130 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in Op ...) NOT-FOR-US: OpenCart CVE-2008-3129 (Multiple SQL injection vulnerabilities in index.php in Catviz 0.4 beta ...) NOT-FOR-US: Catviz CVE-2008-3128 (Directory traversal vulnerability in search.php in Pivot 1.40.5 allows ...) NOT-FOR-US: Pivot CVE-2008-3127 (PHP remote file inclusion vulnerability in hioxBannerRotate.php in HIO ...) NOT-FOR-US: HIOX Banner Rotator CVE-2008-3126 (Multiple stack-based buffer overflows in the ServerView web interface ...) NOT-FOR-US: Fujitsu Siemens Computers ServerView CVE-2008-3125 (SQL injection vulnerability in index.php in Mole Group Lastminute Scri ...) NOT-FOR-US: Mole Group Lastminute Script CVE-2008-3124 (SQL injection vulnerability in index.php in Mole Group Hotel Script 1. ...) NOT-FOR-US: Mole Group CVE-2008-3123 (SQL injection vulnerability in index.php in Mole Group Real Estate Scr ...) NOT-FOR-US: Mole Group CVE-2008-3122 (Multiple SQL injection vulnerabilities in Xerox CentreWare Web (CWW) b ...) NOT-FOR-US: Xerox CentreWare Web CVE-2008-3121 (Multiple cross-site scripting (XSS) vulnerabilities in Xerox CentreWar ...) NOT-FOR-US: Xerox CentreWare Web CVE-2008-3120 REJECTED CVE-2008-3119 (SQL injection vulnerability in index.php in DreamPics Builder allows r ...) NOT-FOR-US: DreamPics Builder CVE-2008-3118 (SQL injection vulnerability in play.php in PHPmotion 2.0 and earlier a ...) NOT-FOR-US: PHPmotion CVE-2008-3117 (Unrestricted file upload vulnerability in update_profile.php in PHPmot ...) NOT-FOR-US: PHPmotion CVE-2008-3116 (Format string vulnerability in dx8render.dll in Snail Game (aka Suzhou ...) NOT-FOR-US: Snail Game CVE-2008-3229 (Stack-based buffer overflow in op before Changeset 563, when xauth sup ...) - op (not configured with xauth support) CVE-2008-3218 (Multiple cross-site scripting (XSS) vulnerabilities in Drupal 6.x befo ...) - drupal5 (Vulnerable code not present, feature introduced in 6.0) - drupal-4.7 (Vulnerable code not present, feature introduced in 6.0) CVE-2008-3219 (The Drupal filter_xss_admin function in 5.x before 5.8 and 6.x before ...) - drupal5 5.8-1 (low; bug #490559) - drupal-4.7 CVE-2008-3220 (Cross-site request forgery (CSRF) vulnerability in Drupal 5.x before 5 ...) - drupal5 5.8-1 (low; bug #490559) - drupal-4.7 (Vulnerable code not present) NOTE: drupal-4.7 uses the locale_admin_string_delete callback which returns a confirmation dialog CVE-2008-3221 (Cross-site request forgery (CSRF) vulnerability in Drupal 6.x before 6 ...) - drupal5 (Vulnerable code not present, openids introduced in 6.0) - drupal-4.7 (Vulnerable code not present, openids introduced in 6.0) CVE-2008-3222 (Session fixation vulnerability in Drupal 5.x before 5.9 and 6.x before ...) - drupal5 5.9-1 (low; bug #490559) - drupal-4.7 CVE-2008-3223 (SQL injection vulnerability in the Schema API in Drupal 6.x before 6.3 ...) - drupal5 (Vulnerable code not present, introduced in 6.0) - drupal-4.7 (Vulnerable code not present, introduced in 6.0) CVE-2008-3145 (The fragment_add_work function in epan/reassemble.c in Wireshark 0.8.1 ...) {DSA-1673-1} - wireshark 1.0.2-1 (low) NOTE: http://www.wireshark.org/security/wnpa-sec-2008-04.html CVE-2008-3115 (Secure Static Versioning in Sun Java JDK and JRE 6 Update 6 and earlie ...) - sun-java5 1.5.0-16-1 (bug #490260) [etch] - sun-java5 (Non-free not supported) - sun-java6 6-07-1 (bug #490260) CVE-2008-3114 (Unspecified vulnerability in Sun Java Web Start in JDK and JRE 6 befor ...) - sun-java5 1.5.0-16-1 (bug #490260) [etch] - sun-java5 (Non-free not supported) - sun-java6 6-07-1 (bug #490260) CVE-2008-3113 (Unspecified vulnerability in Sun Java Web Start in JDK and JRE 5.0 bef ...) - sun-java5 1.5.0-16-1 (bug #490260) [etch] - sun-java5 (Non-free not supported) - sun-java6 (Only for sun-java5) CVE-2008-3112 (Directory traversal vulnerability in Sun Java Web Start in JDK and JRE ...) - sun-java5 1.5.0-16-1 (bug #490260) [etch] - sun-java5 (Non-free not supported) - sun-java6 6-07-1 (bug #490260) - openjdk-6 (bug #566770) [wheezy] - openjdk-6 CVE-2008-3111 (Multiple buffer overflows in Sun Java Web Start in JDK and JRE 6 befor ...) - sun-java5 1.5.0-16-1 (bug #490260) [etch] - sun-java5 (Non-free not supported) - sun-java6 6-04-1 (bug #490260) CVE-2008-3110 (Unspecified vulnerability in scripting language support in Sun Java Ru ...) - sun-java5 (Only for sun-java6) [etch] - sun-java5 (Non-free not supported) - sun-java6 6-07-1 (bug #490260) CVE-2008-3109 (Unspecified vulnerability in scripting language support in Sun Java Ru ...) - sun-java5 (Only for sun-java6) [etch] - sun-java5 (Non-free not supported) - sun-java6 6-07-1 (bug #490260) CVE-2008-3108 (Buffer overflow in Sun Java Runtime Environment (JRE) in JDK and JRE 5 ...) - sun-java5 1.5.0-10-1 (bug #490260) [etch] - sun-java5 (Non-free not supported) - sun-java6 (Only for sun-java5) CVE-2008-3107 (Unspecified vulnerability in the Virtual Machine in Sun Java Runtime E ...) - sun-java5 1.5.0-16-1 (bug #490260) [etch] - sun-java5 (Non-free not supported) - sun-java6 6-07-1 (bug #490260) CVE-2008-3106 (Unspecified vulnerability in Sun Java Runtime Environment (JRE) in JDK ...) - sun-java5 1.5.0-16-1 (bug #490260) [etch] - sun-java5 (Non-free not supported) - sun-java6 6-07-1 (bug #490260) CVE-2008-3105 (Unspecified vulnerability in the JAX-WS client and service in Sun Java ...) - sun-java5 (Only for sun-java6) - sun-java6 6-07-1 (bug #490260) CVE-2008-3104 (Multiple unspecified vulnerabilities in Sun Java Runtime Environment ( ...) [etch] - sun-java5 (Non-free not supported) - sun-java5 1.5.0-16-1 (bug #490260) - sun-java6 6-07-1 (bug #490260) CVE-2008-3103 (Unspecified vulnerability in the Java Management Extensions (JMX) mana ...) [etch] - sun-java5 (Non-free not supported) - sun-java5 1.5.0-16-1 (bug #490260) - sun-java6 6-07-1 (bug #490260) CVE-2008-3102 (Mantis 1.1.x through 1.1.2 and 1.2.x through 1.2.0a2 does not set the ...) - mantis 1.1.2+dfsg-6 (low; bug #501179) CVE-2008-3101 (Multiple cross-site scripting (XSS) vulnerabilities in vtiger CRM 5.0. ...) NOT-FOR-US: vtiger CRM CVE-2008-3100 (Cross-site scripting (XSS) vulnerability in lib/owl.lib.php in Steve B ...) - owl-dms 0.95-1.1 (low; bug #493579) CVE-2008-3099 RESERVED CVE-2008-3098 (Cross-site scripting (XSS) vulnerability in admin/usercheck.php in fuz ...) NOT-FOR-US: fuzzylime CVE-2008-3097 (Cross-site scripting (XSS) vulnerability in the Tinytax module (aka Ti ...) NOT-FOR-US: additional drupal module Tinytax CVE-2008-3096 (The Outline Designer module 5.x before 5.x-1.4 for Drupal changes each ...) NOT-FOR-US: additional drupal module Outline Designer CVE-2008-3095 (Cross-site scripting (XSS) vulnerability in the Organic Groups (OG) mo ...) NOT-FOR-US: additional drupal module Organic Groups CVE-2008-3094 (The Organic Groups (OG) module 5.x before 5.x-7.3 and 6.x before 6.x-1 ...) NOT-FOR-US: additional drupal module Organic Groups CVE-2008-3093 (Unrestricted file upload vulnerability in ImperialBB 2.3.5 and earlier ...) NOT-FOR-US: ImperialBB CVE-2008-3092 (SQL injection vulnerability in the Taxonomy Autotagger module 5.x befo ...) NOT-FOR-US: additional drupal module Taxonomy Autotagger CVE-2008-3091 (Cross-site scripting (XSS) vulnerability in the Taxonomy Autotagger mo ...) NOT-FOR-US: additional drupal module Taxonomy Autotagger CVE-2008-3090 (Multiple SQL injection vulnerabilities in index.php in BlognPlus (BURO ...) NOT-FOR-US: BlognPlus CVE-2008-3089 (SQL injection vulnerability in user.html in Xpoze Pro 3.06 (aka Xpoze ...) NOT-FOR-US: ImperialBB CVE-2008-3088 (Cross-site scripting (XSS) vulnerability in the Files module in Kassel ...) NOT-FOR-US: Kasseler CMS CVE-2008-3087 (Directory traversal vulnerability in Kasseler CMS 1.3.0 allows remote ...) NOT-FOR-US: Kasseler CMS CVE-2008-3086 REJECTED CVE-2008-3085 REJECTED CVE-2008-3084 REJECTED CVE-2008-3216 (The save function in br/prefmanager.d in projectl 1.001 creates a proj ...) - projectl 1.001.dfsg1-2 (low; bug #489988) [etch] - projectl (Minor issue) CVE-2008-3083 (SQL injection vulnerability in Brightcode Weblinks (com_brightweblinks ...) NOT-FOR-US: com_brightweblinks omponent for Joomla! CVE-2008-3082 (Cross-site scripting (XSS) vulnerability in UPM/English/login/login.as ...) NOT-FOR-US: Commtouch Enterprise Anti-Spam Gateway CVE-2008-3081 (Multiple unspecified "input validation" vulnerabilities in the Web man ...) NOT-FOR-US: Avaya Message Storage Server CVE-2008-3080 (Cross-site request forgery (CSRF) vulnerability in admin.php in myWebl ...) NOT-FOR-US: myBloggie CVE-2008-3079 (Unspecified vulnerability in Opera before 9.51 on Windows allows attac ...) NOT-FOR-US: Opera CVE-2008-3078 (Opera before 9.51 does not properly manage memory within functions sup ...) NOT-FOR-US: Opera CVE-2008-3077 (arch/x86/kernel/ptrace.c in the Linux kernel before 2.6.25.10 on the x ...) - linux-2.6 2.6.25-7 - linux-2.6.24 (Vulnerable code added later) [etch] - linux-2.6 (Vulnerable code added later) NOTE: 1e9a615bfce7996ea4d815d45d364b47ac6a74e8 CVE-2008-3076 (The Netrw plugin 125 in netrw.vim in Vim 7.2a.10 allows user-assisted ...) {DSA-1733-1} - vim 2:7.2.010-1 (bug #506919) [lenny] - vim 1:7.1.314-3+lenny1 (bug #506919) [squeeze] - vim 1:7.1.314-3+lenny1 (bug #506919) CVE-2008-3075 (The shellescape function in Vim 7.0 through 7.2, including 7.2a.10, al ...) {DSA-1733-1} - vim 2:7.2.010-1 (bug #506919) [lenny] - vim 1:7.1.314-3+lenny1 (bug #506919) [squeeze] - vim 1:7.1.314-3+lenny1 (bug #506919) CVE-2008-3074 (The shellescape function in Vim 7.0 through 7.2, including 7.2a.10, al ...) {DSA-1733-1} - vim 2:7.2.010-1 (bug #506919) [lenny] - vim 1:7.1.314-3+lenny1 (bug #506919) [squeeze] - vim 1:7.1.314-3+lenny1 (bug #506919) CVE-2008-3073 (Unspecified vulnerability in Simple Machines Forum (SMF) 1.1.x before ...) NOT-FOR-US: Simple Machines Forum CVE-2008-3072 (Simple Machines Forum (SMF) 1.1.x before 1.1.5 and 1.0.x before 1.0.13 ...) NOT-FOR-US: Simple Machines Forum CVE-2008-3071 (Directory traversal vulnerability in inc/class_language.php in MyBB be ...) NOT-FOR-US: MyBB CVE-2008-3070 (Unspecified vulnerability in inc/datahandler/user.php in MyBB before 1 ...) NOT-FOR-US: MyBB CVE-2008-3069 (Multiple cross-site scripting (XSS) vulnerabilities in MyBB before 1.2 ...) NOT-FOR-US: MyBB CVE-2008-3068 (Microsoft Crypto API 5.131.2600.2180 through 6.0, as used in Outlook, ...) NOT-FOR-US: Microsoft Crypto API CVE-2008-3067 (sudo in SUSE openSUSE 10.3 does not clear the stdin buffer when passwo ...) - sudo 1.6.9p12-1 [etch] - sudo (Issue was introduced in 1.6.9) CVE-2008-3066 (Stack-based buffer overflow in a certain ActiveX control in rjbdll.dll ...) NOT-FOR-US: RealNetworks RealPlayer Enterprise CVE-2008-3065 RESERVED CVE-2008-3064 (Unspecified vulnerability in RealNetworks RealPlayer Enterprise, RealP ...) NOT-FOR-US: RealNetworks RealPlayer Enterprise CVE-2008-3063 (SQL injection vulnerability in login.php in V-webmail 1.5.0 might allo ...) NOT-FOR-US: V-webmail CVE-2008-3062 RESERVED CVE-2008-3061 (Open redirect vulnerability in redirect.php in V-webmail 1.5.0 allows ...) NOT-FOR-US: V-webmail CVE-2008-3060 (V-webmail 1.5.0 allows remote attackers to obtain sensitive informatio ...) NOT-FOR-US: V-webmail CVE-2008-3059 (member/settings_account.php in Octeth Oempro 3.5.5.1, and possibly oth ...) NOT-FOR-US: Octeth Oempro CVE-2008-3058 (Multiple SQL injection vulnerabilities in Octeth Oempro 3.5.5.1, and p ...) NOT-FOR-US: Octeth Oempro CVE-2008-3057 (Octeth Oempro 3.5.5.1, and possibly other versions before 4, does not ...) NOT-FOR-US: Octeth Oempro CVE-2008-3056 (SQL injection vulnerability in the Codeon Petition (cd_petition) exten ...) NOT-FOR-US: cd_petition extension for TYPO3 CVE-2008-3055 (SQL injection vulnerability in the Support view (ext_tbl) extension 0. ...) NOT-FOR-US: ext_tbl extension for TYPO3 CVE-2008-3054 (SQL injection vulnerability in the Branchenbuch (aka Yellow Pages o (m ...) NOT-FOR-US: mh_branchenbuch extension for TYPO3 CVE-2008-3053 (SQL injection vulnerability in the SQL Frontend (mh_omsqlio) extension ...) NOT-FOR-US: mh_omsqlio extension for TYPO3 CVE-2008-3052 (Unspecified vulnerability in the SQL Frontend (mh_omsqlio) extension 1 ...) NOT-FOR-US: mh_omsqlio extension for TYPO3 CVE-2008-3051 (SQL injection vulnerability in the Pinboard extension 0.0.6 and earlie ...) NOT-FOR-US: Pinboard extension for TYPO3 CVE-2008-3050 (Unspecified vulnerability in the PDF Generator 2 (pdf_generator2) exte ...) NOT-FOR-US: pdfcreator extension for TYPO3 CVE-2008-3049 (The PDF Generator 2 (pdf_generator2) extension 0.5.0 and earlier for T ...) NOT-FOR-US: pdfcreator extension for TYPO3 CVE-2008-3048 (Unspecified vulnerability in the PDF Generator 2 (pdf_generator2) exte ...) NOT-FOR-US: pdfcreator extension for TYPO3 CVE-2008-3047 (Incomplete blacklist vulnerability in the KB Unpack (kb_unpack) extens ...) NOT-FOR-US: kb_unpack extension for TYPO3 CVE-2008-3046 (Incomplete blacklist vulnerability in the Packman (kb_packman) extensi ...) NOT-FOR-US: kb_packman extension for TYPO3 CVE-2008-3045 (Unspecified vulnerability in the Industry Database (aka Branchendatenb ...) NOT-FOR-US: pro_industrydb extension for TYPO3 CVE-2008-3044 (SQL injection vulnerability in the News Calendar (newscalendar) extens ...) NOT-FOR-US: newscalendar extension for TYPO3 CVE-2008-3043 (Unspecified vulnerability in the WEC Discussion Forum (wec_discussion) ...) NOT-FOR-US: wec_discussion extension for TYPO3 CVE-2008-3042 (Unspecified vulnerability in the DAM Frontend (dam_frontend) extension ...) NOT-FOR-US: dam_frontend extension for TYPO3 CVE-2008-3041 (Unspecified vulnerability in the DAM Frontend (dam_frontend) extension ...) NOT-FOR-US: dam_frontend extension for TYPO3 CVE-2008-3040 (Unspecified vulnerability in the DAM Frontend (dam_frontend) extension ...) NOT-FOR-US: dam_frontend extension for TYPO3 CVE-2008-3039 (SQL injection vulnerability in the DAM Frontend (dam_frontend) extensi ...) NOT-FOR-US: dam_frontend extension for TYPO3 CVE-2008-3038 (SQL injection vulnerability in the Address Directory (sp_directory) ex ...) NOT-FOR-US: sp_directory extension for TYPO3 CVE-2008-3037 (Cross-site scripting (XSS) vulnerability in the Address Directory (sp_ ...) NOT-FOR-US: sp_directory extension for TYPO3 CVE-2008-3036 (Directory traversal vulnerability in index.php in CMS little 0.0.1 all ...) NOT-FOR-US: CMS little CVE-2008-3035 (SQL injection vulnerability in newThread.php in XchangeBoard 1.70 Fina ...) NOT-FOR-US: XchangeBoard CVE-2008-3034 (Multiple SQL injection vulnerabilities in RSS-aggregator 1.0 allow rem ...) NOT-FOR-US: RSS-aggregator CVE-2008-3033 (RSS-aggregator 1.0 does not require administrative authentication for ...) NOT-FOR-US: RSS-aggregator CVE-2008-3032 (Cross-site scripting (XSS) vulnerability in the phpMyAdmin (phpmyadmin ...) NOT-FOR-US: phpmyadmin extension for TYPO3 CVE-2008-3031 (Directory traversal vulnerability in index.php in Simple PHP Agenda 2. ...) NOT-FOR-US: Simple PHP Agenda CVE-2008-3030 (SQL injection vulnerability in default.asp in EfesTECH Shop 2.0 allows ...) NOT-FOR-US: EfesTECH Shop CVE-2008-3029 (Cross-site scripting (XSS) vulnerability in the WEC Discussion Forum ( ...) NOT-FOR-US: WEC Discussion Forum CVE-2008-3028 (Multiple cross-site scripting (XSS) vulnerabilities in the Send-A-Card ...) NOT-FOR-US: sr_sendcard extension for TYPO3 CVE-2008-3027 (SQL injection vulnerability in get_article.php in VanGogh Web CMS 0.9 ...) NOT-FOR-US: VanGogh Web CMS CVE-2008-3026 (SQL injection vulnerability in index.php in OneClick CMS (aka Sisplet ...) NOT-FOR-US: OneClick CMS CVE-2008-3025 (SQL injection vulnerability in ad.php in plx Ad Trader 3.2 allows remo ...) NOT-FOR-US: plx Ad Trader CVE-2008-3024 (Stack-based buffer overflow in phgrafx in QNX Momentics (aka RTOS) 6.3 ...) NOT-FOR-US: phgrafx in QNX Momentics CVE-2008-3023 (Cross-site scripting (XSS) vulnerability in FreeStyle Wiki 3.6.2 and e ...) NOT-FOR-US: FreeStyle Wiki CVE-2008-3022 (Multiple PHP remote file inclusion vulnerabilities in sablonlar/gunays ...) NOT-FOR-US: PHPortal CVE-2008-3021 (Microsoft Office 2000 SP3, XP SP3, and 2003 SP2; Office Converter Pack ...) NOT-FOR-US: Microsoft Office 2000 CVE-2008-3020 (Microsoft Office 2000 SP3 and XP SP3; Office Converter Pack; and Works ...) NOT-FOR-US: Microsoft Office 2000 CVE-2008-3019 (Microsoft Office 2000 SP3, XP SP3, and 2003 SP2; Office Converter Pack ...) NOT-FOR-US: Microsoft Office 2000 CVE-2008-3018 (Microsoft Office 2000 SP3, XP SP3, and 2003 SP2; Office Converter Pack ...) NOT-FOR-US: Microsoft Office 2000 CVE-2008-3017 REJECTED CVE-2008-3016 REJECTED CVE-2008-3015 (Integer overflow in gdiplus.dll in GDI+ in Microsoft Office XP SP3, Of ...) NOT-FOR-US: Microsoft Office XP CVE-2008-3014 (Buffer overflow in gdiplus.dll in GDI+ in Microsoft Internet Explorer ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2008-3013 (gdiplus.dll in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP S ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2008-3012 (gdiplus.dll in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP S ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2008-3011 REJECTED CVE-2008-3010 (Microsoft Windows Media Player 6.4, Windows Media Format Runtime 7.1 t ...) NOT-FOR-US: Microsoft Windows Media Player CVE-2008-3009 (Microsoft Windows Media Player 6.4, Windows Media Format Runtime 7.1 t ...) NOT-FOR-US: Microsoft Windows Media Player CVE-2008-3008 (Stack-based buffer overflow in the WMEncProfileManager ActiveX control ...) NOT-FOR-US: Microsoft Windows Media Encoder CVE-2008-3007 (Argument injection vulnerability in a URI handler in Microsoft Office ...) NOT-FOR-US: Microsoft Office XP CVE-2008-3006 (Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP2 and SP3, and 2007 ...) NOT-FOR-US: Microsoft Office Excel CVE-2008-3005 (Array index vulnerability in Microsoft Office Excel 2000 SP3 and 2002 ...) NOT-FOR-US: Microsoft Office Excel CVE-2008-3004 (Microsoft Office Excel 2000 SP3, 2002 SP3, and 2003 SP2 and SP3; Offic ...) NOT-FOR-US: Microsoft Office Excel CVE-2008-3003 (Microsoft Office Excel 2007 Gold and SP1 does not properly delete the ...) NOT-FOR-US: Microsoft Office Excel CVE-2008-3002 REJECTED CVE-2008-3001 (The Aggregation module 5.x before 5.x-4.4 for Drupal allows remote att ...) NOT-FOR-US: additional drupal module Aggregation module CVE-2008-3000 (The Aggregation module 5.x before 5.x-4.4 for Drupal, when node access ...) NOT-FOR-US: additional drupal module Aggregation module CVE-2008-2999 (Multiple SQL injection vulnerabilities in the Aggregation module 5.x b ...) NOT-FOR-US: additional drupal module Aggregation module CVE-2008-2998 (Multiple cross-site scripting (XSS) vulnerabilities in the Aggregation ...) NOT-FOR-US: additional drupal module Aggregation module CVE-2008-2997 (Cross-site scripting (XSS) vulnerability in index.php in Gravity Board ...) NOT-FOR-US: Gravity Board CVE-2008-2996 (Multiple SQL injection vulnerabilities in index.php in Gravity Board X ...) NOT-FOR-US: Gravity Board CVE-2008-2995 (Multiple SQL injection vulnerabilities in PHPEasyData 1.5.4 allow remo ...) NOT-FOR-US: PHPEasyData CVE-2008-2994 (Multiple cross-site scripting (XSS) vulnerabilities in PHPEasyData 1.5 ...) NOT-FOR-US: PHPEasyData CVE-2008-2993 (Multiple directory traversal vulnerabilities in index.php in FOG Forum ...) NOT-FOR-US: FOG Forum CVE-2008-2992 (Stack-based buffer overflow in Adobe Acrobat and Reader 8.1.2 and earl ...) NOT-FOR-US: Adobe Acrobat CVE-2008-2991 (Cross-site scripting (XSS) vulnerability in Adobe RoboHelp Server 6 an ...) NOT-FOR-US: Adobe RoboHelp Server 7 CVE-2008-2990 (PHP remote file inclusion vulnerability in facileforms.frame.php in th ...) NOT-FOR-US: FacileForms CVE-2008-2989 (SQL injection vulnerability in index.php in HoMaP-CMS 0.1 allows remot ...) NOT-FOR-US: HoMaP-CMS CVE-2008-2988 (Unrestricted file upload vulnerability in admin/upload.php in Benja CM ...) NOT-FOR-US: Benja CMS CVE-2008-2987 (Multiple cross-site scripting (XSS) vulnerabilities in Benja CMS 0.1 a ...) NOT-FOR-US: Benja CMS CVE-2008-2986 (Multiple PHP remote file inclusion vulnerabilities in phpDMCA 1.0.0 al ...) NOT-FOR-US: phpDMCA CVE-2008-2985 (Directory traversal vulnerability in load_language.php in CMReams CMS ...) NOT-FOR-US: CMReams CMS CVE-2008-2984 (Cross-site scripting (XSS) vulnerability in backend/umleitung.php in C ...) NOT-FOR-US: CMReams CMS CVE-2008-2983 (SQL injection vulnerability in index.php in Demo4 CMS 01 Beta allows r ...) NOT-FOR-US: Demo4 CMS CVE-2008-2982 (Multiple directory traversal vulnerabilities in HomePH Design 2.10 RC2 ...) NOT-FOR-US: HomePH CVE-2008-2981 (PHP remote file inclusion vulnerability in admin/templates/template_th ...) NOT-FOR-US: HomePH CVE-2008-2980 (Multiple cross-site scripting (XSS) vulnerabilities in HomePH Design 2 ...) NOT-FOR-US: HomePH CVE-2008-2979 (Multiple cross-site scripting (XSS) vulnerabilities in phpi/login.php ...) NOT-FOR-US: Ourvideo CMS CVE-2008-2978 (Directory traversal vulnerability in phpi/rss.php in Ourvideo CMS 9.5, ...) NOT-FOR-US: Ourvideo CMS CVE-2008-2977 (Multiple PHP remote file inclusion vulnerabilities in Ourvideo CMS 9.5 ...) NOT-FOR-US: Ourvideo CMS CVE-2008-2976 (Multiple directory traversal vulnerabilities in TinX/cms 1.1, when reg ...) NOT-FOR-US: TinX/cms CVE-2008-2975 (Cross-site scripting (XSS) vulnerability in admin/objects/obj_image.ph ...) NOT-FOR-US: TinX/cms CVE-2008-2974 (Directory traversal vulnerability in chatconfig.php in MM Chat 1.5, wh ...) NOT-FOR-US: MM Chat CVE-2008-2973 (Multiple cross-site scripting (XSS) vulnerabilities in chathead.php in ...) NOT-FOR-US: MM Chat CVE-2008-2972 (SQL injection vulnerability in index.php in KbLance allows remote atta ...) NOT-FOR-US: KbLance CVE-2008-2971 (SQL injection vulnerability in links-extern.php in CiBlog 3.1 allows r ...) NOT-FOR-US: CiBlog CVE-2008-2970 (Multiple session fixation vulnerabilities in Academic Web Tools (AWT Y ...) NOT-FOR-US: Academic Web Tools CVE-2008-2969 (Directory traversal vulnerability in download.php in Academic Web Tool ...) NOT-FOR-US: Academic Web Tools CVE-2008-2968 (SQL injection vulnerability in rating.php in Academic Web Tools (AWT Y ...) NOT-FOR-US: Academic Web Tools CVE-2008-2967 (Multiple cross-site scripting (XSS) vulnerabilities in Academic Web To ...) NOT-FOR-US: Academic Web Tools CVE-2008-2966 (Directory traversal vulnerability in viewprofile.php in JaxUltraBB 2.0 ...) NOT-FOR-US: JaxUltraBB CVE-2008-2965 (Cross-site scripting (XSS) vulnerability in viewforum.php in JaxUltraB ...) NOT-FOR-US: JaxUltraBB CVE-2008-2964 (SQL injection vulnerability in guide.php in ResearchGuide 0.5 allows r ...) NOT-FOR-US: ResearchGuide CVE-2008-2963 (Multiple SQL injection vulnerabilities in MyBlog allow remote attacker ...) NOT-FOR-US: MyBlog CVE-2008-2962 (Multiple cross-site scripting (XSS) vulnerabilities in MyBlog allow re ...) NOT-FOR-US: MyBlog CVE-2008-2961 (Multiple directory traversal vulnerabilities in view/index.php in CMS ...) NOT-FOR-US: CMS Mini CVE-2008-2959 (Buffer overflow in a certain ActiveX control (vb6skit.dll) in Microsof ...) NOT-FOR-US: ActiveX control CVE-2008-2951 (Open redirect vulnerability in the search script in Trac before 0.10.5 ...) - trac 0.11-1 [etch] - trac 0.10.3-1etch4 CVE-2008-2949 (Cross-domain vulnerability in Microsoft Internet Explorer 6 and 7 allo ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2008-2948 (Cross-domain vulnerability in Microsoft Internet Explorer 7 and 8 allo ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2008-2947 (Cross-domain vulnerability in Microsoft Internet Explorer 5.01 SP4, 6, ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2008-2946 (The SNMP-DMI mapper subagent daemon (aka snmpXdmid) in Solstice Enterp ...) NOT-FOR-US: Solstice Enterprise Agents in Sun Solaris CVE-2008-2945 (Sun Java System Access Manager 6.3 through 7.1 and Sun Java System Ide ...) NOT-FOR-US: Sun Java System Access Manager CVE-2008-2944 (Double free vulnerability in the utrace support in the Linux kernel, p ...) - linux-2.6 [etch] - linux-2.6 - linux-2.6.24 CVE-2008-2943 (Double free vulnerability in IBM Tivoli Directory Server (TDS) 6.1.0.0 ...) NOT-FOR-US: IBM Tivoli Directory Server CVE-2008-2941 (The hpssd message parser in hpssd.py in HP Linux Imaging and Printing ...) - hplip 2.8.6-1 (low; bug #499842) [etch] - hplip (Minor issue) NOTE: Does not affect current version in lenny, marking as fixed in current upstream release CVE-2008-2940 (The alert-mailing implementation in HP Linux Imaging and Printing (HPL ...) - hplip 2.8.6-1 (low; bug #499842) [etch] - hplip (Minor issue) NOTE: Does not affect current version in lenny, marking as fixed in current upstream release CVE-2008-2939 (Cross-site scripting (XSS) vulnerability in proxy_ftp.c in the mod_pro ...) - apache2 2.2.9-7 (low) [etch] - apache2 2.2.3-4+etch6 - apache (vulnerable code not present) CVE-2008-2938 (Directory traversal vulnerability in Apache Tomcat 4.1.0 through 4.1.3 ...) NOTE: This is an issue in the respective JVMs, Tomcat only includes a workaround NOTE: Check status of free JVMs - tomcat5.5 5.5.26-5 (unimportant; bug #496309) CVE-2008-2937 (Postfix 2.5 before 2.5.4 and 2.6 before 2.6-20080814 delivers to a mai ...) - postfix 2.5.4-1 (low) [etch] - postfix (minor issue) CVE-2008-2936 (Postfix before 2.3.15, 2.4 before 2.4.8, 2.5 before 2.5.4, and 2.6 bef ...) {DSA-1629-2 DSA-1629-1 DTSA-155-1} - postfix 2.5.4-1 CVE-2008-2935 (Multiple heap-based buffer overflows in the rc4 (1) encryption (aka ex ...) {DSA-1624-1 DTSA-152-1} - libxslt 1.1.24-2 (bug #493162) NOTE: http://www.ocert.org/advisories/ocert-2008-009.html CVE-2008-2934 (Mozilla Firefox 3 before 3.0.1 on Mac OS X allows remote attackers to ...) - iceweasel (MacOS-specific) CVE-2008-2933 (Mozilla Firefox before 2.0.0.16, and 3.x before 3.0.1, interprets '|' ...) {DSA-1697-1 DSA-1615-1 DSA-1614-1} - iceweasel 3.0.1-1 (low) - xulrunner 1.9.0.1-1 - iceape 1.1.12-1 CVE-2008-2932 (Heap-based buffer overflow in Red Hat adminutil 1.1.6 allows remote at ...) NOT-FOR-US: Red Hat adminutil CVE-2008-2931 (The do_change_type function in fs/namespace.c in the Linux kernel befo ...) {DSA-1630-1} - linux-2.6 2.6.22 NOTE: ee6f958291e2a768fd727e7a67badfff0b67711a CVE-2008-2930 (Red Hat Directory Server 7.1 before SP7, Red Hat Directory Server 8, a ...) NOT-FOR-US: Red Hat Directory Server / Fedora Directory Server CVE-2008-2929 (Multiple cross-site scripting (XSS) vulnerabilities in the adminutil l ...) NOT-FOR-US: Red Hat Directory Server / Fedora Directory Server CVE-2008-2928 (Multiple buffer overflows in the adminutil library in CGI applications ...) NOT-FOR-US: Red Hat Directory Server / Fedora Directory Server CVE-2008-2926 (The kmxfw.sys driver in CA Host-Based Intrusion Prevention System (HIP ...) NOT-FOR-US: r8 (Host-Based Intrusion Prevention System) CVE-2008-2925 (SQL injection vulnerability in Webmatic before 2.8 allows remote attac ...) NOT-FOR-US: Webmatic CVE-2008-2924 (Cross-site scripting (XSS) vulnerability in Webmatic before 2.8 allows ...) NOT-FOR-US: Webmatic CVE-2008-2923 (Cross-site scripting (XSS) vulnerability in read/search/results in Lyr ...) NOT-FOR-US: Lyris ListManager CVE-2008-2922 (Stack-based buffer overflow in artegic Dana IRC client 1.3 and earlier ...) NOT-FOR-US: Dana IRC client CVE-2008-2921 (SQL injection vulnerability in index.php in EZTechhelp EZCMS 1.2 and e ...) NOT-FOR-US: EZTechhelp CVE-2008-2920 (admin/filemanager/ (aka the File Manager) in EZTechhelp EZCMS 1.2 and ...) NOT-FOR-US: EZTechhelp CVE-2008-2919 (SQL injection vulnerability in listing.php in Gryphon gllcTS2 4.2.4 al ...) NOT-FOR-US: Gryphon CVE-2008-2918 (SQL injection vulnerability in details.php in Application Dynamics Car ...) NOT-FOR-US: Application Dynamics Cartweaver CVE-2008-2917 (SQL injection vulnerability in productsofcat.asp in E-SMART CART allow ...) NOT-FOR-US: E-SMART CART CVE-2008-2916 (Multiple SQL injection vulnerabilities in Pre ADS Portal 2.0 and earli ...) NOT-FOR-US: Pre ADS Portal CVE-2008-2915 (Multiple SQL injection vulnerabilities in jobseekers/JobSearch.php (ak ...) NOT-FOR-US: Pre Job Board CVE-2008-2914 (SQL injection vulnerability in jobseekers/JobSearch3.php (aka the sear ...) NOT-FOR-US: Pre Job Board CVE-2008-2913 (Directory traversal vulnerability in func.php in Devalcms 1.4a, when m ...) NOT-FOR-US: Devalcms CVE-2008-2912 (Multiple PHP remote file inclusion vulnerabilities in Contenido CMS 4. ...) NOT-FOR-US: Contenido CMS CVE-2008-2911 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in Co ...) NOT-FOR-US: Contenido CMS CVE-2008-2910 (Buffer overflow in the DXTTextOutEffect ActiveX control (aka the Text- ...) NOT-FOR-US: ActiveX control CVE-2008-2909 (SQL injection vulnerability in results.php in Clever Copy 3.0 allows r ...) NOT-FOR-US: Clever Copy CVE-2008-2908 (Multiple stack-based buffer overflows in a certain ActiveX control in ...) NOT-FOR-US: ActiveX control CVE-2008-2907 (SQL injection vulnerability in admin/index.php in WebChamado 1.1, when ...) NOT-FOR-US: WebChamado CVE-2008-2906 (SQL injection vulnerability in lista_anexos.php in WebChamado 1.1 allo ...) NOT-FOR-US: WebChamado CVE-2008-2905 (PHP remote file inclusion vulnerability in includes/Cache/Lite/Output. ...) NOT-FOR-US: Mambo NOTE: Mambo is only in experimental NOTE: filed removal bug for Mambo from experimental #490291 CVE-2008-2904 (SQL injection vulnerability in shop.php in Conkurent PHPMyCart allows ...) NOT-FOR-US: Conkurent PHPMyCart CVE-2008-2903 (SQL injection vulnerability in news.php in Advanced Webhost Billing Sy ...) NOT-FOR-US: Advanced Webhost Billing System CVE-2008-2902 (SQL injection vulnerability in profile.php in AlstraSoft AskMe Pro 2.1 ...) NOT-FOR-US: AlstraSoft AskMe Pro CVE-2008-2901 (Multiple SQL injection vulnerabilities in Haudenschilt Family Connecti ...) NOT-FOR-US: Haudenschilt Family Connections CMS CVE-2008-2900 (SQL injection vulnerability in item.php in PHPAuction 3.2 allows remot ...) NOT-FOR-US: PHPAuction CVE-2008-2899 (Unspecified vulnerability in includes/classes/page.php in j00lean-CMS ...) NOT-FOR-US: j00lean-CMS CVE-2008-2898 (Directory traversal vulnerability in includes/header.php in Hedgehog-C ...) NOT-FOR-US: Hedgehog-CMS CVE-2008-2897 (SQL injection vulnerability in index.php in PageSquid CMS 0.3 Beta all ...) NOT-FOR-US: PageSquid CVE-2008-2896 (Directory traversal vulnerability in index.php in FireAnt 1.3 allows r ...) NOT-FOR-US: FireAnt CVE-2008-2895 (Directory traversal vulnerability in index.php in AproxEngine 5.1.0.4 ...) NOT-FOR-US: AproxEngine CVE-2008-2894 (Directory traversal vulnerability in the FTP client in NCH Software Cl ...) NOT-FOR-US: NCH Software Classic FTP Windows CVE-2008-2893 (SQL injection vulnerability in news.php in AJ Square aj-hyip (aka AJ H ...) NOT-FOR-US: AJ Square aj-hyip CVE-2008-2892 (SQL injection vulnerability in the EXP Shop (com_expshop) component 1. ...) NOT-FOR-US: Joomla! CVE-2008-2891 (SQL injection vulnerability in index.php in eMuSOFT emuCMS 0.3 allows ...) NOT-FOR-US: emuCMS CVE-2008-2890 (Multiple SQL injection vulnerabilities in Online Fantasy Football Leag ...) NOT-FOR-US: Online Fantasy Football League CVE-2008-2889 (Directory traversal vulnerability in the FTP client in AceBIT WISE-FTP ...) NOT-FOR-US: AceBIT WISE-FTP CVE-2008-2888 (Multiple PHP remote file inclusion vulnerabilities in MiGCMS 2.0.5, wh ...) NOT-FOR-US: MiGCMS CVE-2008-2887 (Directory traversal vulnerability in index.php in chaozz@work FubarFor ...) NOT-FOR-US: FubarForum CVE-2008-2886 (PHP remote file inclusion vulnerability in include/plugins/jrBrowser/p ...) NOT-FOR-US: Jamroom CVE-2008-2885 (PHP remote file inclusion vulnerability in src/browser/resource/catego ...) NOT-FOR-US: Open Digital Assets Repository System CVE-2008-2884 (PHP remote file inclusion vulnerability in display.php in RSS-aggregat ...) NOT-FOR-US: RSS-aggregator CVE-2008-2883 (PHP remote file inclusion vulnerability in include/plugins/jrBrowser/p ...) NOT-FOR-US: Jamroom CVE-2008-2882 (upgrade.asp in sHibby sHop 2.2 and earlier does not require administra ...) NOT-FOR-US: sHibby sHop CVE-2008-2881 (Relative Real Estate Systems 3.0 and earlier stores passwords in clear ...) NOT-FOR-US: Relative Real Estate Systems CVE-2008-2880 (Heap-based buffer overflow in the IBM AFP Viewer Plug-in 2.0.7.1 and 3 ...) NOT-FOR-US: IBM AFP Viewer Plug-in CVE-2008-2879 (Benja CMS 0.1 does not require authentication for access to admin/, wh ...) NOT-FOR-US: Benja CMS CVE-2008-2878 (Open redirect vulnerability in rss_getfile.php in Academic Web Tools ( ...) NOT-FOR-US: Academic Web Tools CVE-2008-2877 (PHP remote file inclusion vulnerability in admin/include/lib.module.ph ...) NOT-FOR-US: cmsWorks CVE-2008-2876 (Directory traversal vulnerability in index.php in mUnky 0.0.1 allows r ...) NOT-FOR-US: mUnky CVE-2008-2875 (SQL injection vulnerability in index.php in Webdevindo-CMS 1.0.0 allow ...) NOT-FOR-US: Webdevindo-CMS CVE-2008-2874 (SQL injection vulnerability in index.php in Softbiz Jokes & Funny ...) NOT-FOR-US: Softbiz Jokes & Funny Pics CVE-2008-2873 (sHibby sHop 2.2 and earlier stores sensitive information under the web ...) NOT-FOR-US: sHibby sHop CVE-2008-2872 (SQL injection vulnerability in default.asp in sHibby sHop 2.2 and earl ...) NOT-FOR-US: sHibby sHop CVE-2008-2871 (Multiple cross-site scripting (XSS) vulnerabilities in template2.php i ...) NOT-FOR-US: PEGames CVE-2008-2870 (Multiple SQL injection vulnerabilities in ShareCMS 0.1 Beta allow remo ...) NOT-FOR-US: ShareCMS CVE-2008-2869 (SQL injection vulnerability in out.php in E-topbiz Link ADS 1 allows r ...) NOT-FOR-US: E-topbiz Link ADS CVE-2008-2868 (SQL injection vulnerability in detail.asp in DUware DUcalendar 1.0 and ...) NOT-FOR-US: ware DUcalendar CVE-2008-2867 (SQL injection vulnerability in adclick.php in E-topbiz Viral DX 1 2.07 ...) NOT-FOR-US: E-topbiz Viral CVE-2008-2866 (SQL injection vulnerability in csc_article_details.php in Caupo.net Ca ...) NOT-FOR-US: CaupoShop Classic CVE-2008-2865 (SQL injection vulnerability in index.php in Kalptaru Infotech PHP Site ...) NOT-FOR-US: Kalptaru Infotech PHP Site CVE-2008-2864 (eLineStudio Site Composer (ESC) 2.6 and earlier allows remote attacker ...) NOT-FOR-US: eLineStudio Site Composer CVE-2008-2863 (Multiple absolute path traversal vulnerabilities in eLineStudio Site C ...) NOT-FOR-US: eLineStudio Site Composer CVE-2008-2862 (Multiple SQL injection vulnerabilities in eLineStudio Site Composer (E ...) NOT-FOR-US: eLineStudio Site Composer CVE-2008-2861 (Multiple cross-site scripting (XSS) vulnerabilities in eLineStudio Sit ...) NOT-FOR-US: eLineStudio Site Composer CVE-2008-2860 (SQL injection vulnerability in category.php in AJSquare AJ Auction Pro ...) NOT-FOR-US: AJSquare AJ Auction Pro Web CVE-2008-2859 (Unspecified vulnerability in the IMAP service in NetWin SurgeMail befo ...) NOT-FOR-US: NetWin SurgeMail CVE-2008-2858 (SQL injection vulnerability in index.php in WebChamado 1.1 allows remo ...) NOT-FOR-US: WebChamado CVE-2008-2857 (AlstraSoft AskMe Pro 2.1 and earlier stores passwords in cleartext in ...) NOT-FOR-US: AlstraSoft AskMe Pro CVE-2008-2856 (SQL injection vulnerability in clanek.php in OwnRS Beta 3 allows remot ...) NOT-FOR-US: OwnRS CVE-2008-2855 (Cross-site scripting (XSS) vulnerability in clanek.php in OwnRS Beta 3 ...) NOT-FOR-US: OwnRS CVE-2008-2854 (Multiple PHP remote file inclusion vulnerabilities in Orlando CMS 0.6 ...) NOT-FOR-US: Orlando CMS CVE-2008-2853 (SQL injection vulnerability in index.php in Easy Webstore 1.2 allows r ...) NOT-FOR-US: Easy Webstore CVE-2008-2852 (Cross-site scripting (XSS) vulnerability in CGIWrap before 4.1, when a ...) - cgiwrap (low; bug #497761) [etch] - cgiwrap (Minor issue) NOTE: only applies to certain character sets and only works with NOTE: browsers. There isn't a good solution available, the patch uses NOTE: a compile-time charset specification. All in all not a real NOTE: priority to fix in etch. CVE-2008-2851 (Multiple buffer overflows in OFF System before 0.19.14 allow remote at ...) NOT-FOR-US: OFF System CVE-2008-2850 (SQL injection vulnerability in the TrailScout module 5.x before 5.x-1. ...) NOT-FOR-US: additional drupal module TrailScout CVE-2008-2849 (Cross-site scripting (XSS) vulnerability in the TrailScout module 5.x ...) NOT-FOR-US: additional drupal module TrailScout CVE-2008-2848 (Cross-site scripting (XSS) vulnerability in the search functionality i ...) NOT-FOR-US: MindTouch DekiWiki CVE-2008-2847 (SQL injection vulnerability in the Trade module in Maxtrade AIO 1.3.23 ...) NOT-FOR-US: Maxtrade CVE-2008-2846 (SQL injection vulnerability in index.php in BoatScripts Classifieds al ...) NOT-FOR-US: BoatScripts Classifieds CVE-2008-2845 (SQL injection vulnerability in index.php in MyBizz-Classifieds allows ...) NOT-FOR-US: MyBizz-Classifieds CVE-2008-2844 (SQL injection vulnerability in index.php in Carscripts Classifieds all ...) NOT-FOR-US: Carscripts Classifieds CVE-2008-2843 (Multiple SQL injection vulnerabilities in doITLive CMS 2.50 and earlie ...) NOT-FOR-US: doITLive CMS CVE-2008-2842 (Cross-site scripting (XSS) vulnerability in edit/showmedia.asp in doIT ...) NOT-FOR-US: doITLive CMS CVE-2008-2950 (The Page destructor in Page.cc in libpoppler in Poppler 0.8.4 and earl ...) {DTSA-146-1} - poppler 0.8.4-1.1 (medium; bug #489756) [etch] - poppler (Vulnerable code not present) - xpdf (Page.cc is not allocating the widget and therefore not vulnerable in the destructor, attrs initialized) CVE-2008-2927 (Multiple integer overflows in the msn_slplink_process_msg functions in ...) {DSA-1805-1 DSA-1610-1} - pidgin 2.4.3-1 - gaim [lenny] - gaim (gaim is now a transitional package depending on pidgin with its own source package) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=453764 CVE-2008-3137 (The GSM SMS dissector in Wireshark (formerly Ethereal) 0.99.2 through ...) {DSA-1673-1} - wireshark 1.0.1-1 (low; bug #488834) NOTE: http://www.wireshark.org/security/wnpa-sec-2008-03.html CVE-2008-3138 (The (1) PANA and (2) KISMET dissectors in Wireshark (formerly Ethereal ...) {DSA-1673-1} - wireshark 1.0.1-1 (low; bug #488834) NOTE: http://www.wireshark.org/security/wnpa-sec-2008-03.html CVE-2008-3139 (The RTMPT dissector in Wireshark (formerly Ethereal) 0.99.8 through 1. ...) - wireshark 1.0.1-1 (low; bug #488834) [etch] - wireshark (Only affects 0.99.8 to 1.0.0) NOTE: http://www.wireshark.org/security/wnpa-sec-2008-03.html CVE-2008-3140 (The syslog dissector in Wireshark (formerly Ethereal) 1.0.0 allows rem ...) - wireshark 1.0.1-1 (low; bug #488834) [etch] - wireshark (Only affects 1.0.0) NOTE: http://www.wireshark.org/security/wnpa-sec-2008-03.html CVE-2008-3141 (Unspecified vulnerability in the RMI dissector in Wireshark (formerly ...) {DSA-1673-1} - wireshark 1.0.1-1 (low; bug #488834) NOTE: http://www.wireshark.org/security/wnpa-sec-2008-03.html CVE-2008-2952 (liblber/io.c in OpenLDAP 2.2.4 to 2.4.10 allows remote attackers to ca ...) {DSA-1650-1 DTSA-151-1} - openldap2.3 (low; bug #488710) - openldap 2.4.10-3 (low; bug #488710) CVE-2008-2955 (Pidgin 2.4.1 allows remote attackers to cause a denial of service (cra ...) - pidgin 2.4.3-1 (low; bug #488632) - gaim [lenny] - gaim (gaim is now a transitional package depending on pidgin with its own source package) CVE-2008-2956 - pidgin (unimportant; bug #488632) NOTE: Non-issue per analysis of Pidgin upstream developers, should be rejected CVE-2008-2957 (The UPnP functionality in Pidgin 2.0.0, and possibly other versions, a ...) - pidgin 2.4.3-4 (low; bug #488632) - gaim [lenny] - gaim (gaim is now a transitional package depending on pidgin with its own source package) NOTE: probably only a bandwidth issue CVE-2008-2942 (Directory traversal vulnerability in patch.py in Mercurial 1.0.1 allow ...) - mercurial 1.0.1-2 (low; bug #488628) [etch] - mercurial (Vulnerable functionality not present) CVE-2008-2953 (Linux DC++ (linuxdcpp) before 0.707 allows remote attackers to cause a ...) - linuxdcpp 1.0.1-2 (low; bug #488630) [etch] - linuxdcpp (Minor issue) CVE-2008-2954 (client/NmdcHub.cpp in Linux DC++ (linuxdcpp) before 0.707 allows remot ...) - linuxdcpp 1.0.1-2 (low; bug #488630) [etch] - linuxdcpp (Minor issue) CVE-2008-2958 (Race condition in (1) checkinstall 1.6.1 and (2) installwatch allows l ...) - checkinstall 1.6.1-7 (low; bug #488140) CVE-2008-XXXX [werkzeug hashes its secret instead of using hmac] - python-werkzeug 0.3.1-1 NOTE: http://web.archive.org/web/20081229140824/http://lucumr.pocoo.org:80/cogitations/2008/06/24/werkzeug-031-released/ CVE-2008-2841 (Argument injection vulnerability in XChat 2.8.7b and earlier on Window ...) - xchat (Windows specific problem) CVE-2008-2840 (Multiple directory traversal vulnerabilities in Exero CMS 1.0.0 and 1. ...) NOT-FOR-US: Exero CMS CVE-2008-2839 (Cross-site scripting (XSS) vulnerability in the search module in Train ...) NOT-FOR-US: Traindepot CVE-2008-2838 (Directory traversal vulnerability in index.php in Traindepot 0.1 allow ...) NOT-FOR-US: Traindepot CVE-2008-2837 (SQL injection vulnerability in index.php in CMS-BRD allows remote atta ...) NOT-FOR-US: CMS-BRD CVE-2008-2836 (PHP remote file inclusion vulnerability in send_reminders.php in WebCa ...) - webcalendar 1.0.5-1 (low) - gforge (code in lenny internally sets its own path) CVE-2008-2835 (SQL injection vulnerability in cgi-bin/igsuite in IGSuite 3.2.4 allows ...) NOT-FOR-US: IGSuite CVE-2008-2834 (SQL injection vulnerability in projects.php in Scientific Image DataBa ...) NOT-FOR-US: Scientific Image DataBase CVE-2008-2833 (admin/upload.php in le.cms 1.4 and earlier allows remote attackers to ...) NOT-FOR-US: le.cms CVE-2008-2832 (Unrestricted file upload vulnerability in calendar_admin.asp in Full R ...) NOT-FOR-US: aspWebCalendar 2008 CVE-2008-2831 (Multiple cross-site scripting (XSS) vulnerabilities in the delegated s ...) NOT-FOR-US: MailMarshal CVE-2008-2830 (Open Scripting Architecture in Apple Mac OS X 10.4.11 and 10.5.4, and ...) NOT-FOR-US: Apple Mac OS CVE-2008-2829 (php_imap.c in PHP 5.2.5, 5.2.6, 4.x, and other versions, uses obsolete ...) {DTSA-144-1} - php5 5.2.6-2 (low) [etch] - php5 (Fix not feasible for etch, low priority issue) NOTE: the fix sent to t-s and unstable does not seem possible in etch due to NOTE: missing api features from the version of libc-client in etch. CVE-2008-2826 (Integer overflow in the sctp_getsockopt_local_addrs_old function in ne ...) {DSA-1630-1} - linux-2.6 2.6.25-6 (low) - linux-2.6.24 2.6.24-6~etchnhalf.4 (low) NOTE: 735ce972fbc8a65fb17788debd7bbe7b4383cc62, present in 2.6.25.9 CVE-2008-2825 (Cross-site scripting (XSS) vulnerability in the embedded Web Server in ...) NOT-FOR-US: Xerox WorkCentre CVE-2008-2824 (Unspecified vulnerability in the Extensible Interface Platform in Web ...) NOT-FOR-US: Xerox WorkCentre CVE-2008-2823 (SQL injection vulnerability in newsarchive.php in PHPeasyblog (formerl ...) NOT-FOR-US: PHPeasyblog CVE-2008-2822 (Multiple directory traversal vulnerabilities in the FTP client in 3D-F ...) NOT-FOR-US: 3D-FTP Client CVE-2008-2821 (Directory traversal vulnerability in the FTP client in Glub Tech Secur ...) NOT-FOR-US: Glub Tech Secure FTP CVE-2008-2820 (Directory traversal vulnerability in lang/lang-system.php in Open Azim ...) NOT-FOR-US: Open Azimyt CMS CVE-2008-2819 (SQL injection vulnerability in BlognPlus (BURO GUN +) 2.5.4 and earlie ...) NOT-FOR-US: BlognPlus CVE-2008-2818 (Directory traversal vulnerability in Easy-Clanpage 3.0 b1 allows remot ...) NOT-FOR-US: Easy-Clanpage CVE-2008-2817 (SQL injection vulnerability in albums.php in NiTrO Web Gallery 1.4.3 a ...) NOT-FOR-US: NiTrO Web Gallery CVE-2008-2816 (SQL injection vulnerability in post.php in Oxygen (aka O2PHP Bulletin ...) NOT-FOR-US: Oxygen CVE-2008-2815 (SQL injection vulnerability in shopping/index.php in MyMarket 1.72 all ...) NOT-FOR-US: MyMarket CVE-2008-2814 (Cross-site scripting (XSS) vulnerability in WallCity-Server Shoutcast ...) NOT-FOR-US: WallCity-Server CVE-2008-2813 (Directory traversal vulnerability in index.php in WallCity-Server Shou ...) NOT-FOR-US: WallCity-Server CVE-2008-2812 (The Linux kernel before 2.6.25.10 does not properly perform tty operat ...) {DSA-1630-1} - linux-2.6 2.6.25-7 - linux-2.6.24 2.6.24-6~etchnhalf.4 CVE-2008-2811 (The block reflow implementation in Mozilla Firefox before 2.0.0.15, Th ...) {DSA-1697-1 DSA-1621-1 DSA-1615-1 DSA-1607-1} - iceweasel 3.0 NOTE: Firefox 3 not affected - iceape 1.1.10-1 - xulrunner 1.9.0.1-1 - icedove 2.0.0.16-1 CVE-2008-2810 (Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 do not pro ...) - iceweasel (Windows-specific) - iceape (Windows-specific) CVE-2008-2809 (Mozilla 1.9 M8 and earlier, Mozilla Firefox 2 before 2.0.0.15, SeaMonk ...) {DSA-1697-1 DSA-1621-1 DSA-1615-1 DSA-1607-1} - iceweasel 3.0 NOTE: Firefox 3 not affected - iceape 1.1.10-1 - xulrunner 1.9.0.1-1 - icedove 2.0.0.16-1 CVE-2008-2808 (Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 do not pro ...) {DSA-1697-1 DSA-1615-1 DSA-1607-1} - iceweasel 3.0 - iceape 1.1.10-1 - xulrunner 1.9.0.1-1 CVE-2008-2807 (Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 do not pro ...) {DSA-1697-1 DSA-1621-1 DSA-1615-1 DSA-1607-1} - iceweasel 3.0 - iceape 1.1.10-1 - xulrunner 1.9.0.1-1 - icedove 2.0.0.16-1 CVE-2008-2806 (Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 on Mac OS ...) - iceweasel (MacOS-specific) - iceape (MacOS-specific) CVE-2008-2805 (Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 allow remo ...) {DSA-1697-1 DSA-1615-1 DSA-1607-1} - iceweasel 3.0 NOTE: Firefox 3 not affected - iceape 1.1.10 - xulrunner 1.9.0.1-1 CVE-2008-2804 REJECTED CVE-2008-2803 (The mozIJSSubScriptLoader.LoadScript function in Mozilla Firefox befor ...) {DSA-1697-1 DSA-1621-1 DSA-1615-1 DSA-1607-1} - iceweasel 3.0~b2-1 - iceape 1.1.10-1 - xulrunner 1.9.0.1-1 - icedove 2.0.0.16-1 CVE-2008-2802 (Mozilla Firefox before 2.0.0.15, Thunderbird 2.0.0.14 and earlier, and ...) {DSA-1697-1 DSA-1621-1 DSA-1615-1 DSA-1607-1} - iceweasel 3.0~b2-1 - iceape 1.1.10-1 - icedove 2.0.0.16-1 - xulrunner 1.9.0.1-1 CVE-2008-2801 (Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 do not pro ...) {DSA-1697-1 DSA-1615-1 DSA-1607-1} - iceweasel 3.0~b2-1 - iceape 1.1.10-1 - xulrunner 1.9.0.1-1 CVE-2008-2800 (Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 allow remo ...) {DSA-1697-1 DSA-1615-1 DSA-1607-1} - iceweasel 3.0~b2-1 - iceape 1.1.10-1 - xulrunner 1.9.0.1-1 CVE-2008-2799 (Multiple unspecified vulnerabilities in Mozilla Firefox before 2.0.0.1 ...) {DSA-1697-1 DSA-1621-1 DSA-1615-1 DSA-1607-1} - iceweasel 3.0~b2-1 - iceape 1.1.10-1 - xulrunner 1.9.0.1-1 - icedove 2.0.0.16-1 CVE-2008-2798 (Multiple unspecified vulnerabilities in Mozilla Firefox before 2.0.0.1 ...) {DSA-1697-1 DSA-1621-1 DSA-1615-1 DSA-1607-1} - iceweasel 3.0~b2-1 - iceape 1.1.10-1 - xulrunner 1.9.0.1-1 - icedove 2.0.0.16-1 CVE-2008-2797 (Cross-site scripting (XSS) vulnerability in MainLayout.do in ManageEng ...) NOT-FOR-US: ManageEngine OpUtils CVE-2008-2796 (SQL injection vulnerability in index.php in FreeCMS 0.2 allows remote ...) NOT-FOR-US: FreeCMS CVE-2008-2795 (Directory traversal vulnerability in the FTP and SFTP clients in IDM C ...) NOT-FOR-US: IDM Computer Solutions Inc UltraEdit CVE-2008-2794 (Unspecified vulnerability in the GUI in Symantec Altiris Notification ...) NOT-FOR-US: Symantec Altiris Notification CVE-2008-2793 (SQL injection vulnerability in group_posts.php in ClipShare before 3.0 ...) NOT-FOR-US: ClipShare CVE-2008-2792 (SQL injection vulnerability in index.php in eroCMS 1.4 and earlier all ...) NOT-FOR-US: eroCMS CVE-2008-2791 (SQL injection vulnerability in product.detail.php in Kalptaru Infotech ...) NOT-FOR-US: Kalptaru Infotech CVE-2008-2790 (SQL injection vulnerability in detail.php in MountainGrafix easyTrade ...) NOT-FOR-US: MountainGrafix easyTrade CVE-2008-2789 (SQL injection vulnerability in pages/index.php in BASIC-CMS allows rem ...) NOT-FOR-US: BASIC-CMS CVE-2008-2788 (Cross-site scripting (XSS) vulnerability in index.php in OpenDocMan 1. ...) NOT-FOR-US: OpenDocMan CVE-2008-2787 (Cross-site scripting (XSS) vulnerability in out.php in OpenDocMan 1.2. ...) NOT-FOR-US: OpenDocMan CVE-2008-2960 (Cross-site scripting (XSS) vulnerability in phpMyAdmin before 2.11.7, ...) - phpmyadmin 4:2.11.7~rc2-1 (unimportant) NOTE: We haven't supported installations with register_globals enabled since a long time NOTE: https://www.phpmyadmin.net/security/PMASA-2008-4/ NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/aa2076eedc7e3664b09681d6fe9dd019eca98647 CVE-2008-2827 (The rmtree function in lib/File/Path.pm in Perl 5.10 does not properly ...) {DTSA-142-1} - perl 5.10.0-11 (bug #487319; medium) [etch] - perl (doesn't change link target permissions) NOTE: affects other packages like debsums, see bugreport CVE-2008-2828 (Stack-based buffer overflow in tmsnc allows remote attackers to cause ...) - tmsnc 0.3.2-1.1 (low; bug #487222) CVE-2008-2786 (Buffer overflow in Firefox 3.0 and 2.0.x has unknown impact and attack ...) NOT-FOR-US: Just hashes posted to full-disclosure, no specific information NOTE: Unless more specific information pops up, this can be considered covered by NOTE: CVE-2008-2785 CVE-2008-2785 (Mozilla Firefox before 2.0.0.16 and 3.x before 3.0.1, Thunderbird befo ...) {DSA-1697-1 DSA-1621-1 DSA-1615-1 DSA-1614-1} - iceweasel 3.0 (medium; bug #488358) - icedove 2.0.0.16-1 - iceape 1.1.11-1 (bug #491163) - xulrunner 1.9.0.1-1 (bug #491161) NOTE: Since 3.0 iceweasel links against xulrunner, marking it as fixed, since also need to track etch NOTE: http://www.mozilla.org/security/announce/2008/mfsa2008-34.html CVE-2008-2784 (The smtp_filter function in spamdyke before 3.1.8 does not filter RCPT ...) NOT-FOR-US: spamdyke CVE-2008-2783 (Multiple cross-site scripting (XSS) vulnerabilities in Horde Groupware ...) - kronolith2 (unimportant; Nonreproducable 'issue') - horde3 (unimportant; Nonreproducable 'issue') NOTE: not reproducible, redhat also seems to have problems reproducing this https://bugzilla.redhat.com/show_bug.cgi?id=452209 CVE-2008-2782 (Multiple directory traversal vulnerabilities in OtomiGenX 2.2 allow re ...) NOT-FOR-US: OtomiGenX CVE-2008-2781 (SQL injection vulnerability in index.php in DZOIC Handshakes 3.5 allow ...) NOT-FOR-US: DZOIC Handshakes CVE-2008-2780 (The Anubis (aka Anubis+Ripe160) plugin before 1.3 for encrypt stores t ...) NOT-FOR-US: Anubis CVE-2008-2779 (Directory traversal vulnerability in GlobalSCAPE CuteFTP Home 8.2.0 Bu ...) NOT-FOR-US: GlobalSCAPE CuteFTP Home CVE-2008-2778 (SQL injection vulnerability in inc/class_search.php in the Search Syst ...) NOT-FOR-US: RevokeBB CVE-2008-2777 (Cross-site scripting (XSS) vulnerability in Ortro before 1.3.1 allows ...) NOT-FOR-US: Ortro CVE-2008-2776 (Cross-site scripting (XSS) vulnerability in search.asp in DT Centrepie ...) NOT-FOR-US: DT Centrepiece CVE-2008-2775 (SQL injection vulnerability in search.asp in DT Centrepiece 4.0 allows ...) NOT-FOR-US: DT Centrepiece CVE-2008-2774 (SQL injection vulnerability in item.php in CartKeeper CKGold Shopping ...) NOT-FOR-US: CartKeeper CKGold Shopping Cart CVE-2008-2773 (Cross-site scripting (XSS) vulnerability in the Taxonomy Image module ...) NOT-FOR-US: Taxonomy Image module for Drupal CVE-2008-2772 (The Magic Tabs module 5.x before 5.x-1.1 for Drupal allows remote atta ...) NOT-FOR-US: Magic Tabs module for Drupal CVE-2008-2771 (The Node Hierarchy module 5.x before 5.x-1.1 and 6.x before 6.x-1.0 fo ...) NOT-FOR-US: Node Hierarchy module for Drupal CVE-2008-2770 (SQL injection vulnerability in index.php in MycroCMS 0.5, when magic_q ...) NOT-FOR-US: MycroCMS CVE-2008-2769 (PHP remote file inclusion vulnerability in authentication/smf/smf.func ...) NOT-FOR-US: phpRaider CVE-2008-2768 (Cross-site scripting (XSS) vulnerability in admin/search.asp in Xigla ...) NOT-FOR-US: Xigla Poll Manager XE CVE-2008-2767 (SQL injection vulnerability in search.asp in Xigla Poll Manager XE all ...) NOT-FOR-US: Xigla Poll Manager XE CVE-2008-2766 (Cross-site scripting (XSS) vulnerability in Xigla Absolute Image Galle ...) NOT-FOR-US: Xigla Absolute Image Gallery XE CVE-2008-2765 (SQL injection vulnerability in gallery.asp in Xigla Absolute Image Gal ...) NOT-FOR-US: Xigla Absolute Image Gallery XE CVE-2008-2764 (Cross-site scripting (XSS) vulnerability in admin/search.asp in Xigla ...) NOT-FOR-US: Xigla Absolute Live Support XE CVE-2008-2763 (SQL injection vulnerability in search.asp in Xigla Absolute Live Suppo ...) NOT-FOR-US: Xigla Absolute Live Support XE CVE-2008-2762 (SQL injection vulnerability in search.asp in Xigla Absolute Form Proce ...) NOT-FOR-US: Xigla Absolute Form Processor XE CVE-2008-2761 (Multiple cross-site scripting (XSS) vulnerabilities in Xigla Absolute ...) NOT-FOR-US: Xigla Absolute Banner Manager XE CVE-2008-2760 (SQL injection vulnerability in searchbanners.asp in Xigla Absolute Ban ...) NOT-FOR-US: Xigla Absolute Banner Manager XE CVE-2008-2759 (Multiple cross-site scripting (XSS) vulnerabilities in Xigla Absolute ...) NOT-FOR-US: Xigla Absolute Form Processor XE CVE-2008-2758 (Multiple cross-site scripting (XSS) vulnerabilities in Xigla Absolute ...) NOT-FOR-US: Xigla Absolute News Manager XE CVE-2008-2757 (SQL injection vulnerability in search.asp in Xigla Absolute News Manag ...) NOT-FOR-US: Xigla Absolute News Manager XE CVE-2008-2756 (Cross-site scripting (XSS) vulnerability in admin/users.asp in Xigla A ...) NOT-FOR-US: Xigla Absolute Control Panel XE CVE-2008-2755 (SQL injection vulnerability in index.php in JAMM CMS allows remote att ...) NOT-FOR-US: JAMM CMS CVE-2008-2754 (SQL injection vulnerability in toplists.php in eFiction 3.0 and 3.4.3, ...) NOT-FOR-US: eFiction CVE-2008-2753 (Multiple SQL injection vulnerabilities in Pooya Site Builder (PSB) 6.0 ...) NOT-FOR-US: Pooya Site Builder CVE-2008-2752 (Microsoft Word 2000 9.0.2812 and 2003 11.8106.8172 does not properly h ...) NOT-FOR-US: Microsoft Word CVE-2008-2751 (Multiple cross-site scripting (XSS) vulnerabilities in the Glassfish w ...) NOT-FOR-US: Sun Java System Application Server CVE-2008-2750 (The pppol2tp_recvmsg function in drivers/net/pppol2tp.c in the Linux k ...) - linux-2.6 2.6.26 [etch] - linux-2.6 (Vulnerable code was introduced in 2.6.23) - linux-2.6.24 2.6.24-6~etchnhalf.4 NOTE: 6b6707a50c7598a83820077393f8823ab791abf8 CVE-2008-2749 (Unspecified vulnerability in cshttpd in Sun Java System Calendar Serve ...) NOT-FOR-US: Sun Java System Application Server CVE-2008-2748 (Skulltag 0.97d2-RC2 and earlier allows remote attackers to cause a den ...) NOT-FOR-US: Skulltag CVE-2008-2747 (No-IP Dynamic Update Client (DUC) 2.2.1 on Windows uses weak permissio ...) NOT-FOR-US: Windows CVE-2008-2746 (SQL injection vulnerability in login.php in Gryphon gllcTS2 4.2.4 allo ...) NOT-FOR-US: Gryphon gllcTS2 CVE-2008-2745 (Stack-based buffer overflow in BiAnno ActiveX Control (BiAnno.ocx) in ...) NOT-FOR-US: BiAnno ActiveX Control CVE-2008-2744 (Cross-site scripting (XSS) vulnerability in vBulletin 3.6.10 and 3.7.1 ...) NOT-FOR-US: vBulletin CVE-2008-2743 (Cross-site scripting (XSS) vulnerability in the embedded web server in ...) NOT-FOR-US: web server Xerox CVE-2008-2742 (Unrestricted file upload in the mcpuk file editor (atk/attributes/fck/ ...) NOT-FOR-US: Achievo CVE-2008-2741 RESERVED CVE-2008-2740 RESERVED CVE-2008-2739 (The SERVICE.DNS signature engine in the Intrusion Prevention System (I ...) NOT-FOR-US: Cisco IOS CVE-2008-2738 RESERVED CVE-2008-2737 REJECTED CVE-2008-2736 (Unspecified vulnerability in Cisco Adaptive Security Appliance (ASA) 5 ...) NOT-FOR-US: Cisco Adaptive Security Appliance (ASA) CVE-2008-2735 (The HTTP server in Cisco Adaptive Security Appliance (ASA) 5500 device ...) NOT-FOR-US: Cisco Adaptive Security Appliance (ASA) CVE-2008-2734 (Memory leak in the crypto functionality in Cisco Adaptive Security App ...) NOT-FOR-US: Cisco Adaptive Security Appliance (ASA) CVE-2008-2733 (Cisco PIX and Adaptive Security Appliance (ASA) 5500 devices 7.2 befor ...) NOT-FOR-US: Cisco Adaptive Security Appliance (ASA) CVE-2008-2732 (Multiple unspecified vulnerabilities in the SIP inspection functionali ...) NOT-FOR-US: Cisco Adaptive Security Appliance (ASA) CVE-2008-2731 RESERVED CVE-2008-2730 (The Real-Time Information Server (RIS) Data Collector service in Cisco ...) NOT-FOR-US: cisco CVE-2008-2729 (arch/x86_64/lib/copy_user.S in the Linux kernel before 2.6.19 on some ...) {DSA-1630-1} - linux-2.6 2.6.19-1 NOTE: 3022d734a54cbd2b65eea9a024564821101b4a9a CVE-2008-2728 REJECTED CVE-2008-2727 REJECTED CVE-2008-2726 (Integer overflow in the (1) rb_ary_splice function in Ruby 1.8.4 and e ...) {DSA-1618-1 DSA-1612-1} - ruby1.9 1.9.0.2-1 - ruby1.8 1.8.7.22-1 CVE-2008-2725 (Integer overflow in the (1) rb_ary_splice function in Ruby 1.8.4 and e ...) {DSA-1618-1 DSA-1612-1} - ruby1.9 1.9.0.2-1 - ruby1.8 1.8.7.22-1 CVE-2008-2718 (Cross-site scripting (XSS) vulnerability in fe_adminlib.inc in TYPO3 4 ...) {DSA-1596-1} - typo3-src 4.1.7-1 (bug #485814) CVE-2008-2716 (Unspecified vulnerability in Opera before 9.5 allows remote attackers ...) NOT-FOR-US: Opera CVE-2008-2715 (Unspecified vulnerability in Opera before 9.5 allows remote attackers ...) NOT-FOR-US: Opera CVE-2008-2714 (Opera before 9.26 allows remote attackers to misrepresent web page add ...) NOT-FOR-US: Opera CVE-2008-2710 (Integer signedness error in the ip_set_srcfilter function in the IP Mu ...) NOT-FOR-US: Solaris CVE-2008-2709 (Buffer overflow in the BrSmRcvAndCheck function in the RCHMGR module o ...) NOT-FOR-US: Solaris CVE-2008-2708 (Unspecified vulnerability in the Sun (1) UltraSPARC T2 and (2) UltraSP ...) NOT-FOR-US: Solaris CVE-2008-2707 (Unspecified vulnerability in the e1000g driver in Sun Solaris 10 and O ...) NOT-FOR-US: Solaris CVE-2008-2706 (Unspecified vulnerability in the event port implementation in Sun Sola ...) NOT-FOR-US: Sun Solaris CVE-2008-2705 (Unspecified vulnerability in Sun Java System Access Manager (AM) 7.1, ...) NOT-FOR-US: Sun Java System Access Manager CVE-2008-2704 (Novell GroupWise Messenger (GWIM) before 2.0.3 Hot Patch 1 allows remo ...) NOT-FOR-US: Novell GroupWise CVE-2008-2703 (Multiple stack-based buffer overflows in Novell GroupWise Messenger (G ...) NOT-FOR-US: Novell GroupWise CVE-2008-2702 (Directory traversal vulnerability in the FTP client in ALTools ESTsoft ...) NOT-FOR-US: ALTools ESTsoft ALFTP CVE-2008-2701 (SQL injection vulnerability in the GameQ (com_gameq) component 4.0 and ...) NOT-FOR-US: joomla extension CVE-2008-2700 (SQL injection vulnerability in view.php in Galatolo WebManager 1.0 and ...) NOT-FOR-US: Galatolo WebManager CVE-2008-2699 (Multiple directory traversal vulnerabilities in Galatolo WebManager (G ...) NOT-FOR-US: Galatolo WebManager CVE-2008-2698 (Multiple cross-site scripting (XSS) vulnerabilities in photo_add-c.php ...) NOT-FOR-US: WEBalbum CVE-2008-2697 (SQL injection vulnerability in the Rapid Recipe (com_rapidrecipe) comp ...) NOT-FOR-US: joomla extension CVE-2008-2695 (Directory traversal vulnerability in entry.php in phpInv 0.8.0 allows ...) NOT-FOR-US: phpInv CVE-2008-2694 (Cross-site scripting (XSS) vulnerability in search.php in phpInv 0.8.0 ...) NOT-FOR-US: phpInv CVE-2008-2693 (Stack-based buffer overflow in the BITIFF.BITiffCtrl.1 ActiveX control ...) NOT-FOR-US: ActiveX control CVE-2008-2692 (SQL injection vulnerability in the yvComment (com_yvcomment) component ...) NOT-FOR-US: Joomla! CVE-2008-2691 (SQL injection vulnerability in read.asp in JiRo's FAQ Manager eXperien ...) NOT-FOR-US: JiRo's FAQ Manager eXperience CVE-2008-2690 (Multiple PHP remote file inclusion vulnerabilities in BrowserCRM 5.002 ...) NOT-FOR-US: BrowserCRM CVE-2008-2689 (PHP remote file inclusion vulnerability in pub/clients.php in BrowserC ...) NOT-FOR-US: BrowserCRM CVE-2008-2688 (SQL injection vulnerability in pilot.asp in ASPilot Pilot Cart 7.3 all ...) NOT-FOR-US: ASPilot Pilot Cart CVE-2008-2687 (Directory traversal vulnerability in inc/config.php in ProManager 0.73 ...) NOT-FOR-US: ProManager CVE-2008-2686 (webinc/bxe/scripts/loadsave.php in Flux CMS 1.5.0 and earlier allows r ...) NOT-FOR-US: Flux CMS CVE-2008-XXXX [insecure tempfile in wdiff] - wdiff 0.5-18 (low; bug #425254) [etch] - wdiff (Minor issue) CVE-2008-2719 (Off-by-one error in the ppscan function (preproc.c) in Netwide Assembl ...) - nasm 2.03.01-1 (low; bug #486715) [etch] - nasm (vulnerable code not present) CVE-2008-2712 (Vim 7.1.314, 6.4, and other versions allows user-assisted remote attac ...) {DSA-1733-1 DTSA-143-1} - vim 1:7.1.314-3 (low; bug #486502) CVE-2008-2696 (Exiv2 0.16 allows user-assisted remote attackers to cause a denial of ...) - exiv2 0.17-1 (low; bug #486328) [etch] - exiv2 (Minor issue) NOTE: http://dev.robotbattle.com/cgi-bin/viewvc.cgi/exiv2/trunk/src/nikonmn.cpp?r1=1473&r2=1499 CVE-2008-2713 (libclamav/petite.c in ClamAV before 0.93.1 allows remote attackers to ...) {DSA-1616-2 DTSA-138-1} - clamav 0.93.1.dfsg-1.1 (low; bug #490925) CVE-2008-2711 (fetchmail 6.3.8 and earlier, when running in -v -v (aka verbose) mode, ...) - fetchmail 6.3.9~rc2-1 (unimportant) [etch] - fetchmail 6.3.6-1etch3 NOTE: https://www.openwall.com/lists/oss-security/2008/06/13/1 NOTE: -vv is only used for debugging purposes so this does not NOTE: prevent a victim from getting mails. -vv is not used in non-interactive NOTE: use. CVE-2008-2720 (Cross-site scripting (XSS) vulnerability in Menalto Gallery before 2.2 ...) - gallery2 2.2.5-1 (low; bug #485947) - gallery (Vulnerable code not present, different codebase) CVE-2008-2721 (Unspecified vulnerability in the album-select module in Menalto Galler ...) - gallery2 2.2.5-1 (low; bug #485947) - gallery (Vulnerable code not present, different codebase) CVE-2008-2722 (Menalto Gallery before 2.2.5 allows remote attackers to bypass permiss ...) - gallery2 2.2.5-1 (low; bug #485947) - gallery (Vulnerable code not present, different codebase) CVE-2008-2723 (embed.php in Menalto Gallery before 2.2.5 allows remote attackers to o ...) - gallery2 2.2.5-1 (low; bug #485947) - gallery (Vulnerable code not present, different codebase) CVE-2008-2724 (Menalto Gallery before 2.2.5 does not enforce permissions for non-albu ...) - gallery2 2.2.5-1 (low; bug #485947) - gallery (Vulnerable code not present, different codebase) CVE-2008-2717 (TYPO3 4.0.x before 4.0.9, 4.1.x before 4.1.7, and 4.2.x before 4.2.1, ...) {DSA-1596-1} - typo3-src 4.1.7-1 (bug #485814) CVE-2008-2685 (SQL injection vulnerability in article.asp in Battle Blog 1.25 Build 4 ...) NOT-FOR-US: Battle Blog CVE-2008-2684 (The BIDIB.BIDIBCtrl.1 ActiveX control in BIDIB.ocx 10.9.3.0 in Black I ...) NOT-FOR-US: Black Ice Barcode CVE-2008-2683 (The BIDIB.BIDIBCtrl.1 ActiveX control in BIDIB.ocx 10.9.3.0 in Black I ...) NOT-FOR-US: Black Ice Barcode CVE-2008-2682 (_RealmAdmin/login.asp in Realm CMS 2.3 and earlier allows remote attac ...) NOT-FOR-US: Realm CMS CVE-2008-2681 (Realm CMS 2.3 and earlier allows remote attackers to obtain sensitive ...) NOT-FOR-US: Realm CMS CVE-2008-2680 (Multiple cross-site scripting (XSS) vulnerabilities in _db/compact.asp ...) NOT-FOR-US: Realm CMS CVE-2008-2679 (SQL injection vulnerability in the KeyWordsList function in _includes/ ...) NOT-FOR-US: Realm CMS CVE-2008-2678 (Multiple SQL injection vulnerabilities in Telephone Directory 2008, wh ...) NOT-FOR-US: Telephone Directory 2008 CVE-2008-2677 (Cross-site scripting (XSS) vulnerability in edit1.php in Telephone Dir ...) NOT-FOR-US: Telephone Directory 2008 CVE-2008-2676 (SQL injection vulnerability in the iJoomla News Portal (com_news_porta ...) NOT-FOR-US: com_news_portal component for Joomla! CVE-2008-2675 (Cross-site scripting (XSS) vulnerability in index.php in PHP Image Gal ...) NOT-FOR-US: PHP Image Gallery CVE-2008-2674 (Unspecified vulnerability in the Interstage Management Console, as use ...) NOT-FOR-US: Interstage Management Console CVE-2008-2673 (SQL injection vulnerability in index.php in Powie pNews 2.08 and 2.10, ...) NOT-FOR-US: pNews CVE-2008-2672 (Multiple directory traversal vulnerabilities in ErfurtWiki R1.02b and ...) - ewiki (unimportant) NOTE: register_globals is not supported CVE-2008-2671 (SQL injection vulnerability in comments.php in DCFM Blog 0.9.4 allows ...) NOT-FOR-US: DCFM Blog CVE-2008-2670 (Multiple SQL injection vulnerabilities in index.php in Insanely Simple ...) NOT-FOR-US: Insanely Simple Blog CVE-2008-2669 (Multiple SQL injection vulnerabilities in yBlog 0.2.2.2 allow remote a ...) NOT-FOR-US: yBlog CVE-2008-2668 (Multiple cross-site scripting (XSS) vulnerabilities in yBlog 0.2.2.2 a ...) NOT-FOR-US: yBlog CVE-2008-2666 (Multiple directory traversal vulnerabilities in PHP 5.2.6 and earlier ...) - php5 (unimportant) NOTE: safe mode not supported CVE-2008-2665 (Directory traversal vulnerability in the posix_access function in PHP ...) - php5 5.2.6.dfsg.1-3 (unimportant) NOTE: safe mode not supported CVE-2008-2664 (The rb_str_format function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8 ...) {DSA-1618-1 DSA-1612-1} - ruby1.9 1.9.0.2-1 - ruby1.8 1.8.7.22-1 CVE-2008-2663 (Multiple integer overflows in the rb_ary_store function in Ruby 1.8.4 ...) {DSA-1618-1 DSA-1612-1} - ruby1.9 1.9.0.2-1 - ruby1.8 1.8.7.22-1 CVE-2008-2662 (Multiple integer overflows in the rb_str_buf_append function in Ruby 1 ...) {DSA-1618-1 DSA-1612-1} - ruby1.9 1.9.0.2-1 - ruby1.8 1.8.7.22-1 CVE-2008-2661 RESERVED CVE-2008-2660 REJECTED CVE-2008-2659 RESERVED CVE-2008-2658 RESERVED CVE-2008-2657 RESERVED CVE-2008-2656 RESERVED CVE-2008-2655 RESERVED CVE-2008-2653 RESERVED CVE-2008-2652 (Multiple SQL injection vulnerabilities in catalog.php in SMEWeb 1.4b a ...) NOT-FOR-US: SMEWeb CVE-2008-2651 (SQL injection vulnerability in the Joomla! Bulletin Board (aka Joo!BB ...) NOT-FOR-US: com_joobb component for Joomla! CVE-2008-2650 (Directory traversal vulnerability in cmsimple/cms.php in CMSimple 3.1, ...) NOT-FOR-US: CMSimple CVE-2008-2649 (Multiple PHP remote file inclusion vulnerabilities in DesktopOnNet 3 B ...) NOT-FOR-US: DesktopOnNet CVE-2008-2648 (Unrestricted file upload vulnerability in upload/uploader.html in meBi ...) NOT-FOR-US: meBiblio CVE-2008-2647 (SQL injection vulnerability in admin/journal_change_mask.inc.php in me ...) NOT-FOR-US: meBiblio CVE-2008-2646 (Multiple cross-site scripting (XSS) vulnerabilities in meBiblio 0.4.7 ...) NOT-FOR-US: meBiblio CVE-2008-2645 (Multiple PHP remote file inclusion vulnerabilities in Brim (formerly B ...) NOT-FOR-US: Brim CVE-2008-2644 (Multiple cross-site scripting (XSS) vulnerabilities in SMEWeb 1.4b and ...) NOT-FOR-US: SMEWeb CVE-2008-2643 (SQL injection vulnerability in the Bible Study (com_biblestudy) compon ...) NOT-FOR-US: com_biblestudy component for Joomla! CVE-2008-2642 (SQL injection vulnerability in login.php in OtomiGenX 2.2 allows remot ...) NOT-FOR-US: OtomiGenX CVE-2008-2641 (Unspecified vulnerability in Adobe Reader and Acrobat 7.0.9 and earlie ...) NOT-FOR-US: Adobe Reader and Acrobat CVE-2008-2640 (Multiple cross-site scripting (XSS) vulnerabilities in the Flex 3 Hist ...) NOT-FOR-US: Adobe Flex CVE-2008-2639 (Stack-based buffer overflow in the ODBC server service in Citect Citec ...) NOT-FOR-US: Citect CitectSCADA CVE-2008-2638 (Static code injection vulnerability in guestbook.php in 1Book 1.0.1 an ...) NOT-FOR-US: 1Book CVE-2008-2637 (Multiple cross-site scripting (XSS) vulnerabilities in F5 FirePass SSL ...) NOT-FOR-US: F5 FirePass SSL VPN CVE-2008-2636 (The HTTP service on the Cisco Linksys WRH54G with firmware 1.01.03 all ...) NOT-FOR-US: Cisco firmware CVE-2008-2635 (Multiple directory traversal vulnerabilities in BitKinex 2.9.3 allow r ...) NOT-FOR-US: BitKinex CVE-2008-2634 (SQL injection vulnerability in index.asp in I-Pos Internet Pay Online ...) NOT-FOR-US: I-Pos Internet Pay Online Store CVE-2008-2633 (Multiple SQL injection vulnerabilities in the EXP JoomRadio (com_joomr ...) NOT-FOR-US: com_joomradio component for Joomla! CVE-2008-2632 (SQL injection vulnerability in the acctexp (com_acctexp) component 0.1 ...) NOT-FOR-US: com_acctexp component for Joomla! CVE-2008-2631 (The WordClient interface in Alt-N Technologies MDaemon 9.6.5 allows re ...) NOT-FOR-US: MDaemon CVE-2008-2630 (SQL injection vulnerability in the JooBlog (com_jb2) component 0.1.1 f ...) NOT-FOR-US: com_jb2 component for Joomla! CVE-2008-2629 (SQL injection vulnerability in the LifeType (formerly pLog) module for ...) NOT-FOR-US: LifeType module for Drupal CVE-2008-2628 (SQL injection vulnerability in the eQuotes (com_equotes) component 0.9 ...) NOT-FOR-US: com_equotes component for Joomla! CVE-2008-2627 (SQL injection vulnerability in the IDoBlog (com_idoblog) component b24 ...) NOT-FOR-US: com_idoblog for Joomla! CVE-2008-2626 (SQL injection vulnerability in comment.asp in Battle Blog 1.25 and ear ...) NOT-FOR-US: Battle Blog CVE-2008-2625 (Unspecified vulnerability in the Core RDBMS component in Oracle Databa ...) NOT-FOR-US: Oracle CVE-2008-2624 (Unspecified vulnerability in the Oracle OLAP component in Oracle Datab ...) NOT-FOR-US: Oracle CVE-2008-2623 (Unspecified vulnerability in the Oracle JDeveloper component in Oracle ...) NOT-FOR-US: Oracle Application Server CVE-2008-2622 (Unspecified vulnerability in the PeopleSoft PeopleTools component in O ...) NOT-FOR-US: Oracle PeopleSoft Enterprise CVE-2008-2621 (Unspecified vulnerability in the PeopleSoft PeopleTools component in O ...) NOT-FOR-US: Oracle PeopleSoft Enterprise CVE-2008-2620 (Unspecified vulnerability in the PeopleSoft PeopleTools component in O ...) NOT-FOR-US: Oracle PeopleSoft Enterprise CVE-2008-2619 (Unspecified vulnerability in the Oracle Reports Developer component in ...) NOT-FOR-US: Oracle CVE-2008-2618 (Unspecified vulnerability in the PeopleSoft PeopleTools component in O ...) NOT-FOR-US: Oracle PeopleSoft Enterprise CVE-2008-2617 (Unspecified vulnerability in the PeopleSoft PeopleTools component in O ...) NOT-FOR-US: Oracle PeopleSoft Enterprise CVE-2008-2616 (Unspecified vulnerability in the PeopleSoft PeopleTools component in O ...) NOT-FOR-US: Oracle PeopleSoft Enterprise CVE-2008-2615 (Unspecified vulnerability in the PeopleSoft PeopleTools component in O ...) NOT-FOR-US: Oracle PeopleSoft Enterprise CVE-2008-2614 (Unspecified vulnerability in the Oracle HTTP Server component in Oracl ...) NOT-FOR-US: Oracle PeopleSoft Enterprise CVE-2008-2613 (Unspecified vulnerability in the Database Scheduler component in Oracl ...) NOT-FOR-US: Oracle database CVE-2008-2612 (Unspecified vulnerability in the Hyperion BI Plus component in Oracle ...) NOT-FOR-US: Oracle database CVE-2008-2611 (Unspecified vulnerability in the Core RDBMS component in Oracle Databa ...) NOT-FOR-US: Oracle database CVE-2008-2610 (Unspecified vulnerability in the Oracle Applications Technology Stack ...) NOT-FOR-US: Oracle database CVE-2008-2609 (Unspecified vulnerability in the Oracle Portal component in Oracle App ...) NOT-FOR-US: Oracle database CVE-2008-2608 (Unspecified vulnerability in the Data Pump component in Oracle Databas ...) NOT-FOR-US: Oracle database CVE-2008-2607 (Unspecified vulnerability in the Advanced Queuing component in Oracle ...) NOT-FOR-US: Oracle database CVE-2008-2606 (Unspecified vulnerability in the Oracle Application Object Library com ...) NOT-FOR-US: Oracle database CVE-2008-2605 (Unspecified vulnerability in the Authentication component in Oracle Da ...) NOT-FOR-US: Oracle database CVE-2008-2604 (Unspecified vulnerability in the Authentication component in Oracle Da ...) NOT-FOR-US: Oracle database CVE-2008-2603 (Unspecified vulnerability in the Resource Manager component in Oracle ...) NOT-FOR-US: Oracle database CVE-2008-2602 (Unspecified vulnerability in the Data Pump component in Oracle Databas ...) NOT-FOR-US: Oracle database CVE-2008-2601 (Unspecified vulnerability in the Oracle iStore component in Oracle E-B ...) NOT-FOR-US: Oracle database CVE-2008-2600 (Unspecified vulnerability in the Oracle Spatial component in Oracle Da ...) NOT-FOR-US: Oracle database CVE-2008-2599 (Unspecified vulnerability in the TimesTen Client/Server component in O ...) NOT-FOR-US: Oracle database CVE-2008-2598 (Unspecified vulnerability in the TimesTen Client/Server component in O ...) NOT-FOR-US: Oracle database CVE-2008-2597 (Unspecified vulnerability in the TimesTen Client/Server component in O ...) NOT-FOR-US: Oracle database CVE-2008-2596 (Unspecified vulnerability in the Mobile Application Server component i ...) NOT-FOR-US: Oracle database CVE-2008-2595 (Unspecified vulnerability in the Oracle Internet Directory component i ...) NOT-FOR-US: Oracle database CVE-2008-2594 (Unspecified vulnerability in the Oracle Portal component in Oracle App ...) NOT-FOR-US: Oracle database CVE-2008-2593 (Unspecified vulnerability in the Oracle Portal component in Oracle App ...) NOT-FOR-US: Oracle database CVE-2008-2592 (Unspecified vulnerability in the Advanced Replication component in Ora ...) NOT-FOR-US: Oracle database CVE-2008-2591 (Unspecified vulnerability in the Oracle Database Vault component in Or ...) NOT-FOR-US: Oracle database CVE-2008-2590 (Unspecified vulnerability in the Instance Management component in Orac ...) NOT-FOR-US: Oracle database CVE-2008-2589 (Unspecified vulnerability in the Oracle Portal component in Oracle App ...) NOT-FOR-US: Oracle database CVE-2008-2588 (Unspecified vulnerability in the Oracle JDeveloper component in Oracle ...) NOT-FOR-US: Oracle CVE-2008-2587 (Unspecified vulnerability in the Advanced Replication component in Ora ...) NOT-FOR-US: Oracle database CVE-2008-2586 (Unspecified vulnerability in the Oracle Application Object Library com ...) NOT-FOR-US: Oracle database CVE-2008-2585 (Unspecified vulnerability in the Oracle Report Manager component in Or ...) NOT-FOR-US: Oracle database CVE-2008-2584 REJECTED CVE-2008-2583 (Unspecified vulnerability in the sample Discussion Forum Portlet for t ...) NOT-FOR-US: Oracle database CVE-2008-2582 (Unspecified vulnerability in the WebLogic Server component in Oracle B ...) NOT-FOR-US: BEA Product Suite CVE-2008-2581 (Unspecified vulnerability in the WebLogic Server component in Oracle B ...) NOT-FOR-US: BEA Product Suite CVE-2008-2580 (Unspecified vulnerability in the WebLogic Server component in Oracle B ...) NOT-FOR-US: BEA Product Suite CVE-2008-2579 (Unspecified vulnerability in the WebLogic Server Plugins for Apache, S ...) NOT-FOR-US: BEA Product Suite CVE-2008-2578 (Unspecified vulnerability in the WebLogic Server component in Oracle B ...) NOT-FOR-US: BEA Product Suite CVE-2008-2577 (Unspecified vulnerability in the WebLogic Server component in Oracle B ...) NOT-FOR-US: BEA Product Suite CVE-2008-2576 (Unspecified vulnerability in the WebLogic Server component in Oracle B ...) NOT-FOR-US: BEA Product Suite CVE-2008-2574 (Unrestricted file upload vulnerability in admin/Editor/imgupload.php i ...) NOT-FOR-US: FlashBlog CVE-2008-2573 (Stack-based buffer overflow in SFTP in freeSSHd 1.2.1 allows remote au ...) NOT-FOR-US: freeSSHd CVE-2008-2572 (SQL injection vulnerability in php/leer_comentarios.php in FlashBlog a ...) NOT-FOR-US: FlashBlog CVE-2008-2571 (Cross-site request forgery (CSRF) vulnerability in LimeSurvey (formerl ...) - limesurvey (bug #472802) CVE-2008-2570 (Multiple unspecified vulnerabilities in LimeSurvey (formerly PHPSurvey ...) - limesurvey (bug #472802) CVE-2008-2569 (SQL injection vulnerability in the EasyBook (com_easybook) component 1 ...) NOT-FOR-US: com_easybook component for Joomla! CVE-2008-2568 (SQL injection vulnerability in the Simple Shop Galore (com_simpleshop) ...) NOT-FOR-US: com_simpleshop component for Joomla! CVE-2008-2567 (Cross-site scripting (XSS) vulnerability in Fenriru Sleipnir 2.7.1 Rel ...) NOT-FOR-US: Fenriru Sleipnir CVE-2008-2566 (Multiple cross-site scripting (XSS) vulnerabilities in PHP Address Boo ...) NOT-FOR-US: PHP Address Book CVE-2008-2565 (Multiple SQL injection vulnerabilities in PHP Address Book 3.1.5 and e ...) NOT-FOR-US: PHP Address Book CVE-2008-2564 (SQL injection vulnerability in the JotLoader (com_jotloader) component ...) NOT-FOR-US: com_jotloader component for Joomla! CVE-2008-2563 (Multiple cross-site scripting (XSS) vulnerabilities in (1) dsp_main.ph ...) NOT-FOR-US: SamTodo CVE-2008-2562 (SQL injection vulnerability in edCss.php in PowerPhlogger 2.2.5 and ea ...) NOT-FOR-US: PowerPhlogger CVE-2008-2561 (Multiple cross-site scripting (XSS) vulnerabilities in 427BB 2.3.1 all ...) NOT-FOR-US: 427BB CVE-2008-2560 (SQL injection vulnerability in showpost.php in 427BB 2.3.1 allows remo ...) NOT-FOR-US: 427BB CVE-2008-2654 (Off-by-one error in the read_client function in webhttpd.c in Motion 3 ...) - motion 3.2.9-3 (low; bug #484572) [etch] - motion (minor issue) CVE-2008-2667 (SQL injection vulnerability in the Courier Authentication Library (aka ...) {DSA-1688-1} - courier-authlib 0.60.1-2.1 (bug #485424) CVE-2008-XXXX [missing sanity checks allow DoS via mis-formated timestamp] - evolution 2.22.2-1.1 (low; bug #484639) [etch] - evolution (Minor issue) CVE-2008-2559 (Integer overflow in Borland Interbase 2007 SP2 (8.1.0.256) allows remo ...) NOT-FOR-US: Borland Interbase CVE-2008-2558 (CRE Loaded 6.2.13.1 and earlier does not set the "Secure" attribute fo ...) NOT-FOR-US: CRE Loaded CVE-2008-2557 (Cross-site scripting (XSS) vulnerability in CRE Loaded 6.2.13.1 and ea ...) NOT-FOR-US: CRE Loaded CVE-2008-2556 (SQL injection vulnerability in read.php in PHP Visit Counter 0.4 and e ...) NOT-FOR-US: PHP Visit Counter CVE-2008-2555 (SQL injection vulnerability in index.php in EasyWay CMS allows remote ...) NOT-FOR-US: EasyWay CMS CVE-2008-2554 (Multiple SQL injection vulnerabilities in BP Blog 6.0 allow remote att ...) NOT-FOR-US: BP Blog CVE-2008-2553 (Cross-site scripting (XSS) vulnerability in Slashdot Like Automated St ...) {DSA-1633-1} - slash 2.2.6-8etch1 (low; bug #484499) NOTE: See CVE-2008-2231 NOTE: maintainer wants to remove package from unstable and move to experimental CVE-2008-2552 (Unspecified vulnerability in the Service Tag Registry on Sun Solaris 1 ...) NOT-FOR-US: Sun Solaris CVE-2008-2551 (The DownloaderActiveX Control (DownloaderActiveX.ocx) in Icona SpA C6 ...) NOT-FOR-US: DownloaderActiveX Control CVE-2008-2550 (Unspecified vulnerability in the Web Services Security component in IB ...) NOT-FOR-US: IBM WebSphere Application Server CVE-2008-2549 (Adobe Acrobat Reader 8.1.2 and earlier, and before 7.1.1, allows remot ...) NOT-FOR-US: Acrobat Reader CVE-2008-2548 (Stack-based buffer overflow in the JPEG thumbprint component in the EX ...) NOT-FOR-US: JPEG thumbprint component in the EXIF parser on Motorola cell phones CVE-2008-2547 (Stack-based buffer overflow in msiexec.exe 3.1.4000.1823 and 4.5.6001. ...) NOT-FOR-US: Microsoft Windows Installer CVE-2008-2546 REJECTED CVE-2008-2545 (Skype 3.6.0.248, and other versions before 3.8.0.139, uses a case-sens ...) NOT-FOR-US: Skype CVE-2008-2544 (Mounting /proc filesystem via chroot command silently mounts it in rea ...) - linux (unimportant) NOTE: non-issue, cf. https://bugzilla.redhat.com/show_bug.cgi?id=449089#c22 CVE-2008-2543 (The ooh323 channel driver in Asterisk Addons 1.2.x before 1.2.9 and As ...) - asterisk-addons 1.4.7-1 (bug #484796) CVE-2008-2542 (Stack-based buffer overflow in the getline function in Ppm/ppm.C in NA ...) NOT-FOR-US: NASA Ames Research Center BigView CVE-2008-2541 (Multiple stack-based buffer overflows in the HTTP Gateway Service (ici ...) NOT-FOR-US: CA eTrust CVE-2008-2540 (Apple Safari on Mac OS X, and before 3.1.2 on Windows, does not prompt ...) NOT-FOR-US: Apple Safari CVE-2008-2539 (The Sun Cluster Global File System in Sun Cluster 3.1 on Sun Solaris 8 ...) NOT-FOR-US: Sun Solaris 8 CVE-2008-2538 (Unspecified vulnerability in crontab on Sun Solaris 8 through 10, and ...) NOT-FOR-US: Sun Solaris 8 CVE-2008-2537 (SQL injection vulnerability in cat.php in HispaH Model Search allows r ...) NOT-FOR-US: HispaH Model Search CVE-2008-2536 (SQL injection vulnerability in out.php in YABSoft Advanced Image Hosti ...) NOT-FOR-US: YABSoft Advanced Image CVE-2008-2535 (Multiple SQL injection vulnerabilities in Phoenix View CMS Pre Alpha2 ...) NOT-FOR-US: Phoenix View CMS Pre Alpha2 CVE-2008-2534 (Directory traversal vulnerability in admin/admin_frame.php in Phoenix ...) NOT-FOR-US: Phoenix View CMS Pre Alpha2 CVE-2008-2533 (Multiple cross-site scripting (XSS) vulnerabilities in Phoenix View CM ...) NOT-FOR-US: Phoenix View CMS Pre Alpha2 CVE-2008-2532 (SQL injection vulnerability in forum/topic_detail.php in AJ Square aj- ...) NOT-FOR-US: AJ Square aj-hyip CVE-2008-2531 (Cross-site scripting (XSS) vulnerability in the search script in Build ...) NOT-FOR-US: Build A Niche Store CVE-2008-2530 (Multiple SQL injection vulnerabilities in Concepts & Solutions Qui ...) NOT-FOR-US: Concepts & Solutions QuickUpCMS CVE-2008-2529 (SQL injection vulnerability in read.php in Advanced Links Management ( ...) NOT-FOR-US: Advanced Links Management CVE-2008-2528 (Unspecified vulnerability in Citrix Access Gateway Standard Edition 4. ...) NOT-FOR-US: Citrix Access Gateway Standard Edition CVE-2008-2527 (Cross-site scripting (XSS) vulnerability in view.php in ActualScripts ...) NOT-FOR-US: ActualScripts ActualAnalyzer Server CVE-2008-2526 (Cross-site scripting (XSS) vulnerability in the WT Gallery (aka wt_gal ...) NOT-FOR-US: WT Gallery CVE-2008-2525 (Cross-site scripting (XSS) vulnerability in the Event Database (aka rl ...) NOT-FOR-US: typo3 extension Event Database CVE-2008-2524 (BlogPHP 2.0 allows remote attackers to bypass authentication, and post ...) NOT-FOR-US: BlogPHP CVE-2008-2523 (SQL injection vulnerability in the Autopatcher server plugin in RakNet ...) NOT-FOR-US: RakNet CVE-2008-2522 (SQL injection vulnerability in members.php in Battle.net Clan Script f ...) NOT-FOR-US: Battle.net Clan Script CVE-2008-2521 (SQL injection vulnerability in members.php in YABSoft Mega File Hostin ...) NOT-FOR-US: YABSoft Mega File CVE-2008-2520 (Multiple PHP remote file inclusion vulnerabilities in BigACE 2.4, when ...) NOT-FOR-US: BigACE CVE-2008-2519 (Directory traversal vulnerability in Core FTP client 2.1 Build 1565 al ...) NOT-FOR-US: Core FTP client CVE-2008-2518 (Cross-site scripting (XSS) vulnerability in the advanced search mechan ...) NOT-FOR-US: Sun Java System Web Server CVE-2008-2517 (The sarab.sh script in SaraB before 0.2.4 places the dar program's enc ...) NOT-FOR-US: SaraB CVE-2008-2515 (Unspecified vulnerability in iostat in IBM AIX 5.2, 5.3, and 6.1 allow ...) NOT-FOR-US: IBM AIX CVE-2008-2514 (Buffer overflow in errpt in IBM AIX 5.2, 5.3, and 6.1 allows local use ...) NOT-FOR-US: IBM AIX CVE-2008-2513 (Buffer overflow in the kernel in IBM AIX 5.2, 5.3, and 6.1 allows loca ...) NOT-FOR-US: IBM AIX CVE-2008-2512 (Directory traversal vulnerability in Symantec Backup Exec System Recov ...) NOT-FOR-US: Symantec Backup Exec System Recovery Manager CVE-2008-2511 (Directory traversal vulnerability in the UmxEventCli.CachedAuditDataLi ...) NOT-FOR-US: CA Internet Security Suite CVE-2008-2510 (SQL injection vulnerability in wp-uploadfile.php in the Upload File pl ...) NOT-FOR-US: Upload File plugin for WordPress CVE-2008-2509 (SQL injection vulnerability in pwd.asp in Excuse Online allows remote ...) NOT-FOR-US: Excuse Online CVE-2008-2508 (Cross-site scripting (XSS) vulnerability in news.php in Tr Script News ...) NOT-FOR-US: Tr Script News CVE-2008-2507 (Cross-site scripting (XSS) vulnerability in Calcium40.pl in Brown Bear ...) NOT-FOR-US: Brown Bear Software Calcium CVE-2008-2506 (Multiple SQL injection vulnerabilities in Simpel Side Weblosning 1 thr ...) NOT-FOR-US: Simpel Side Weblosning CVE-2008-2505 (Cross-site scripting (XSS) vulnerability in result.php in Simpel Side ...) NOT-FOR-US: Simpel Side Weblosning CVE-2008-2504 (Multiple SQL injection vulnerabilities in Simpel Side Netbutik 1 throu ...) NOT-FOR-US: Simpel Side Netbutik CVE-2008-2503 (Buffer overflow in Uploadlist in eMule X-Ray before 1.4 has unknown im ...) NOT-FOR-US: eMule X-Ray CVE-2008-2502 (Unspecified vulnerability in the web server in eMule X-Ray before 1.4 ...) NOT-FOR-US: eMule X-Ray CVE-2008-2501 (Multiple SQL injection vulnerabilities in PHPhotoalbum 0.5 allow remot ...) NOT-FOR-US: PHPhotoalbum CVE-2008-2500 (Cross-site scripting (XSS) vulnerability in the MOStlyContent Editor ( ...) NOT-FOR-US: MOStlyContent Editor CVE-2008-2499 (Stack-based buffer overflow in the Community Services Multiplexer (aka ...) NOT-FOR-US: Community Services Multiplexer CVE-2008-2498 (Multiple SQL injection vulnerabilities in index.php in Mambo before 4. ...) NOT-FOR-US: Mambo CVE-2008-2497 (CRLF injection vulnerability in Mambo before 4.6.4 allows remote attac ...) NOT-FOR-US: Mambo CVE-2008-2496 (Multiple cross-site scripting (XSS) vulnerabilities in Quate CMS 0.3.4 ...) NOT-FOR-US: Quate CMS CVE-2008-2495 (Directory traversal vulnerability in index.php in Zina 1.0 RC3 allows ...) NOT-FOR-US: Zina CVE-2008-2494 (Cross-site scripting (XSS) vulnerability in index.php in Zina 1.0 RC3 ...) NOT-FOR-US: Zina CVE-2008-2493 (Cross-site scripting (XSS) vulnerability in post3/Book.asp in Campus B ...) NOT-FOR-US: Campus Bulletin Board CVE-2008-2492 (Multiple SQL injection vulnerabilities in Campus Bulletin Board 3.4 al ...) NOT-FOR-US: Campus Bulletin Board CVE-2008-2491 (SQL injection vulnerability in adv_cat.php in AbleSpace 1.0 allows rem ...) NOT-FOR-US: AbleSpace CVE-2008-2490 (Cross-site scripting (XSS) vulnerability in the KJ Image Lightbox 2 (a ...) NOT-FOR-US: KJ Image Lightbox 2 CVE-2008-2489 (SQL injection vulnerability in the Library for Frontend Plugins (aka s ...) NOT-FOR-US: Library for Frontend Plugins sg_zfelib CVE-2008-2488 (admin/userform.php in RoomPHPlanning 1.5 does not require administrati ...) NOT-FOR-US: RoomPHPlanning CVE-2008-2487 (SQL injection vulnerability in index.php in MAXSITE 1.10 and earlier a ...) NOT-FOR-US: MAXSITE CVE-2008-2486 (Unspecified vulnerability in eMule Plus before 1.2d has unknown impact ...) - amule (Different code) CVE-2008-2485 (Cross-site scripting (XSS) vulnerability in the URL redirection script ...) NOT-FOR-US: PCPIN chat CVE-2008-2484 (SQL injection vulnerability in index.php in Xomol CMS 1.20071213, when ...) NOT-FOR-US: Xomol CMS CVE-2008-2483 (Directory traversal vulnerability in index.php in Xomol CMS 1.20071213 ...) NOT-FOR-US: Xomol CMS CVE-2008-2482 (Directory traversal vulnerability in install_mod.php in insanevisions ...) NOT-FOR-US: OneCMS CVE-2008-2481 (PHP remote file inclusion vulnerability in authentication/phpbb3/phpbb ...) NOT-FOR-US: phpRaider CVE-2008-2480 (PHP remote file inclusion vulnerability in plus.php in plusPHP Short U ...) NOT-FOR-US: plusPHP CVE-2008-2479 (Multiple SQL injection vulnerabilities in phpFix 2.0 allow remote atta ...) NOT-FOR-US: phpFix CVE-2008-2478 NOT-FOR-US: cPanel CVE-2008-2477 (SQL injection vulnerability in index.php in MxBB (aka MX-System) Porta ...) NOT-FOR-US: MxBB (MX-System) CVE-2008-2476 (The IPv6 Neighbor Discovery Protocol (NDP) implementation in (1) FreeB ...) - kfreebsd-7 7.0-6 NOTE: IPv6 NDP flaw not affecting Linux CVE-2008-2475 (eBay Enhanced Picture Uploader ActiveX control (EPUWALcontrol.dll) bef ...) NOT-FOR-US: eBay Enhanced Picture Uploader ActiveX control CVE-2008-2474 (Buffer overflow in x87 before 3.5.5 in ABB Process Communication Unit ...) NOT-FOR-US: ABB Process Communication Unit CVE-2008-2473 RESERVED CVE-2008-2472 RESERVED CVE-2008-2471 RESERVED CVE-2008-2470 (The InstallShield Update Service Agent ActiveX control in isusweb.dll ...) NOT-FOR-US: InstallShield CVE-2008-2469 (Heap-based buffer overflow in the SPF_dns_resolv_lookup function in Sp ...) {DSA-1659-1 DTSA-172-1} - libspf2 1.2.9-1 (high) CVE-2008-2468 (Multiple buffer overflows in the QIP Server Service (aka qipsrvr.exe) ...) NOT-FOR-US: LANDesk Management Suite CVE-2008-2467 RESERVED CVE-2008-2466 RESERVED CVE-2008-2465 RESERVED CVE-2008-2464 (The mld_input function in sys/netinet6/mld6.c in the kernel in NetBSD ...) NOT-FOR-US: NetBSD CVE-2008-2463 (The Microsoft Office Snapshot Viewer ActiveX control in snapview.ocx 1 ...) NOT-FOR-US: Microsoft Office Snapshot Viewer ActiveX CVE-2008-2462 (Cross-site scripting (XSS) vulnerability in the viewfile documentation ...) NOT-FOR-US: Caucho Resin CVE-2008-2461 (SQL injection vulnerability in index.php in Netious CMS 0.4 allows rem ...) NOT-FOR-US: Netious CVE-2008-2460 (SQL injection vulnerability in faq.php in vBulletin 3.7.0 Gold allows ...) NOT-FOR-US: vBulletin CVE-2008-2459 (Directory traversal vulnerability in page.php in EntertainmentScript 1 ...) NOT-FOR-US: EntertainmentScript CVE-2008-2458 (Cross-site scripting (XSS) vulnerability in index.php in Starsgames Co ...) NOT-FOR-US: Starsgames CVE-2008-2457 (SQL injection vulnerability in jokes_category.php in PHP-Jokesite 2.0 ...) NOT-FOR-US: PHP-Jokesite CVE-2008-2456 (SQL injection vulnerability in index.php in ComicShout 2.5 and earlier ...) NOT-FOR-US: ComicShout CVE-2008-2455 (SQL injection vulnerability in comment.php in the MacGuru BLOG Engine ...) NOT-FOR-US: MacGuru BLOG Engine CVE-2008-2454 (SQL injection vulnerability in the xsstream-dm (com_xsstream-dm) compo ...) NOT-FOR-US: xsstream-dm CVE-2008-2453 (Multiple SQL injection vulnerabilities in PHP Classifieds Script allow ...) NOT-FOR-US: PHP Classifieds Script CVE-2008-2452 (Cross-site scripting (XSS) vulnerability in the Questionaire (aka pbsu ...) NOT-FOR-US: Questionaire pbsurvey CVE-2008-2451 (Multiple SQL injection vulnerabilities in the Statistics (aka ke_stats ...) NOT-FOR-US: Statistics ke_stats CVE-2008-2450 (Multiple cross-site scripting (XSS) vulnerabilities in the Statistics ...) NOT-FOR-US: Statistics ke_stats CVE-2008-2449 (Multiple cross-site scripting (XSS) vulnerabilities in Isaac McGowan p ...) NOT-FOR-US: phpInstantGallery CVE-2008-2448 (Multiple SQL injection vulnerabilities in Meto Forum 1.1 allow remote ...) NOT-FOR-US: Meto Forum CVE-2008-2447 (SQL injection vulnerability in products.php in the Mytipper ZoGo-shop ...) NOT-FOR-US: Mytipper ZoGo-shop CVE-2008-2446 (Multiple SQL injection vulnerabilities in Web Group Communication Cent ...) NOT-FOR-US: Web Group Communication Center CVE-2008-2445 (Cross-site scripting (XSS) vulnerability in profile.php in Web Group C ...) NOT-FOR-US: Web Group Communication Center CVE-2008-2444 (SQL injection vulnerability in userreg.php in CaLogic Calendars 1.2.2 ...) NOT-FOR-US: CaLogic Calendars CVE-2008-2443 (SQL injection vulnerability in dpage.php in The Real Estate Script all ...) NOT-FOR-US: Real Estate Script CVE-2008-2442 RESERVED CVE-2008-2441 (Cisco Secure ACS 3.x before 3.3(4) Build 12 patch 7, 4.0.x, 4.1.x befo ...) NOT-FOR-US: Cisco Secure ACS CVE-2008-2440 RESERVED CVE-2008-2439 (Directory traversal vulnerability in the UpdateAgent function in TmLis ...) NOT-FOR-US: Trend Micro OfficeScan CVE-2008-2438 (Integer overflow in ovalarmsrv.exe in HP OpenView Network Node Manager ...) NOT-FOR-US: HP OpenView CVE-2008-2437 (Stack-based buffer overflow in cgiRecvFile.exe in Trend Micro OfficeSc ...) NOT-FOR-US: Trend Micro OfficeScan CVE-2008-2436 (Multiple heap-based buffer overflows in the IppCreateServerRef functio ...) NOT-FOR-US: Novell iPrint Client CVE-2008-2435 (Use-after-free vulnerability in the Trend Micro HouseCall ActiveX cont ...) NOT-FOR-US: ActiveX CVE-2008-2434 (The Trend Micro HouseCall ActiveX control 6.51.0.1028 and 6.6.0.1278 i ...) NOT-FOR-US: ActiveX CVE-2008-2433 (The web management console in Trend Micro OfficeScan 7.0 through 8.0, ...) NOT-FOR-US: Trend Micro OfficeScan CVE-2008-2432 (Insecure method vulnerability in the GetFileList method in an unspecif ...) NOT-FOR-US: Novell iPrint CVE-2008-2431 (Multiple buffer overflows in Novell iPrint Client before 5.06 allow re ...) NOT-FOR-US: Novell iPrint CVE-2008-2430 (Integer overflow in the Open function in modules/demux/wav.c in VLC Me ...) {DSA-1819-1 DTSA-148-1} - vlc 0.8.6.h-1 (medium; bug #489004) CVE-2008-2429 (Multiple SQL injection vulnerabilities in Calendarix Basic 0.8.2007111 ...) NOT-FOR-US: Calendarix CVE-2008-2428 (Multiple SQL injection vulnerabilities in TorrentTrader 1.08 Classic a ...) NOT-FOR-US: TorrentTrader CVE-2008-2427 (Stack-based buffer overflow in NConvert 4.92, GFL SDK 2.82, and XnView ...) NOT-FOR-US: NConvert, GFL SDK, XnView CVE-2008-2426 (Multiple stack-based buffer overflows in Imlib 2 (aka imlib2) 1.4.0 al ...) {DSA-1594-1} - imlib2 1.4.0-1.1 (medium; bug #483816) - imlib (Partly not present / partly fixed) CVE-2008-2425 (SQL injection vulnerability in index.php in FicHive 1.0 allows remote ...) NOT-FOR-US: FicHive CVE-2008-2422 (SQL injection vulnerability in index.php in Web Slider 0.6 allows remo ...) NOT-FOR-US: Web Slider CVE-2008-2421 (Cross-site scripting (XSS) vulnerability in the Web GUI in SAP Web App ...) NOT-FOR-US: Web GUI in SAP Web Application Server (WAS) CVE-2008-2419 (Mozilla Firefox 2.0.0.14 allows remote attackers to cause a denial of ...) NOTE: Mozilla bug 435130, not reproducible by upstream, Debian bug #484484 CVE-2008-2418 (Race condition in the STREAMS Administrative Driver (sad) in Sun Solar ...) NOT-FOR-US: STREAMS Administrative Driver SUN CVE-2008-2417 (SQL injection vulnerability in showQAnswer.asp in How2ASP.net Webboard ...) NOT-FOR-US: Webboard CVE-2008-2416 (SQL injection vulnerability in index.php in FicHive 1.0 allows remote ...) NOT-FOR-US: FicHive CVE-2008-2415 (Directory traversal vulnerability in template/purpletech/base_include. ...) NOT-FOR-US: DigitalHive CVE-2008-2414 (Cross-site scripting (XSS) vulnerability in send_email.php in AN Guest ...) NOT-FOR-US: AN Guestbook CVE-2008-2413 (Cross-site scripting (XSS) vulnerability in glossaire.php in ACGV News ...) NOT-FOR-US: ACGV News CVE-2008-2412 (SQL injection vulnerability in glossaire.php in ACGV News 0.9.1 allows ...) NOT-FOR-US: ACGV News CVE-2008-2411 (SQL injection vulnerability in index.php in SazCart 1.5.1 and earlier, ...) NOT-FOR-US: SazCart CVE-2008-2410 (Cross-site scripting (XSS) vulnerability in the servlet engine and Web ...) NOT-FOR-US: Web Server service in IBM Lotus Domino CVE-2008-2409 (Stack-based buffer overflow in Cerulean Studios Trillian before 3.1.10 ...) NOT-FOR-US: Cerulean Studios Trillian CVE-2008-2408 (Heap-based buffer overflow in the XML parsing functionality in talk.dl ...) NOT-FOR-US: Cerulean Studios Trillian CVE-2008-2407 (Stack-based buffer overflow in AIM.DLL in Cerulean Studios Trillian be ...) NOT-FOR-US: Cerulean Studios Trillian CVE-2008-2406 (The administration application server in Sun Java Active Server Pages ...) NOT-FOR-US: Sun Java System Active Server Pages CVE-2008-2405 (Sun Java Active Server Pages (ASP) Server before 4.0.3 allows remote a ...) NOT-FOR-US: Sun Java System Active Server Pages CVE-2008-2404 (Stack-based buffer overflow in the request handling implementation in ...) NOT-FOR-US: Sun Java System Active Server Pages CVE-2008-2403 (Multiple directory traversal vulnerabilities in unspecified ASP applic ...) NOT-FOR-US: Sun Java System Active Server Pages CVE-2008-2402 (The Admin Server in Sun Java Active Server Pages (ASP) Server before 4 ...) NOT-FOR-US: Sun Java System Active Server Pages CVE-2008-2401 (The Admin Server in Sun Java Active Server Pages (ASP) Server before 4 ...) NOT-FOR-US: Sun Java System Active Server Pages CVE-2008-2400 (Unspecified vulnerability in stunnel before 4.23, when running as a se ...) - stunnel4 (Windows specific issue) CVE-2008-2399 (Directory traversal vulnerability in the FireFTP add-on before 0.98.20 ...) NOT-FOR-US: FireFTP CVE-2008-2575 (cbrPager before 0.9.17 allows user-assisted remote attackers to execut ...) - cbrpager 0.9.17-1 (low; bug #482853) [etch] - cbrpager 0.9.14-3+etch1 NOTE: Minor issue fixed in 4.0r4 point release CVE-2008-XXXX [resizing the monitor with xrandr can crash xscreensaver] - xscreensaver 5.05-3 (unimportant; bug #482385) CVE-2008-2516 (pam_sm_authenticate in pam_pgsql.c in libpam-pgsql 0.6.3 does not prop ...) - pam-pgsql 0.6.3-2 (medium; bug #481970) [etch] - pam-pgsql (Vulnerable code not present) NOTE: pam_pgsql is not configured as "sufficient" in Debian default configuration CVE-2008-2424 (Unspecified vulnerability in the 404 error page for the "Standard demo ...) - interchange 5.5.1 (low; bug #482636) CVE-2008-2423 (Unspecified vulnerability in Interchange before 5.6.0 and before 5.5.2 ...) - interchange 5.5.1 (low; bug #482636) CVE-2008-2420 (The OCSP functionality in stunnel before 4.24 does not properly search ...) - stunnel4 3:4.22-1.1 (low; bug #482644) CVE-2008-2398 (Cross-site scripting (XSS) vulnerability in index.php in AppServ Open ...) NOT-FOR-US: AppServ Open Project CVE-2008-2397 (Cross-site scripting (XSS) vulnerability in search-results.dot in dotC ...) NOT-FOR-US: dotCMS CVE-2008-2396 (PHP remote file inclusion vulnerability in index.php in Wajox Software ...) NOT-FOR-US: microSSys CVE-2008-2395 (SQL injection vulnerability in thread.php in AlkalinePHP 0.80.00 beta ...) NOT-FOR-US: AlkalinePHP CVE-2008-2394 (Multiple SQL injection vulnerabilities in TAGWORX.CMS 3.00.02 allow re ...) NOT-FOR-US: TAGWORX.CMS CVE-2008-2393 (SQL injection vulnerability in play.php in EntertainmentScript 1.4.0 a ...) NOT-FOR-US: EntertainmentScript CVE-2008-2392 (Unrestricted file upload vulnerability in WordPress 2.5.1 and earlier ...) - wordpress 2.5.1-4 (low; bug #485807) [etch] - wordpress (Vulnerable code not present) NOTE: Unrestricted file upload vulnerability was introduced in 2.3.0 CVE-2008-2391 (SubSonic allows remote attackers to bypass pagesize limits and cause a ...) NOT-FOR-US: SubSonic CVE-2008-2390 (Hpufunction.dll 4.0.0.1 in HP Software Update exposes the unsafe (1) E ...) NOT-FOR-US: HP Software Update CVE-2008-2389 (opensuse-updater in openSUSE 10.2 allows local users to access arbitra ...) NOT-FOR-US: opensuse-updater CVE-2008-2388 (Multiple off-by-one errors in opensuse-updater in openSUSE 10.2 have u ...) NOT-FOR-US: opensuse-updater CVE-2008-2387 RESERVED CVE-2008-2386 RESERVED CVE-2008-2385 RESERVED CVE-2008-2384 (SQL injection vulnerability in mod_auth_mysql.c in the mod-auth-mysql ...) - mod-auth-mysql 4.3.9-11 (medium) CVE-2008-2383 (CRLF injection vulnerability in xterm allows user-assisted attackers t ...) {DSA-1694-1 DTSA-182-1} - xterm 238-2 (medium; bug #510030) CVE-2008-2382 (The protocol_client_msg function in vnc.c in the VNC server in (1) Qem ...) - qemu 0.9.1-9 [etch] - qemu (Tested by maintainer) - kvm 72+dfsg-4 - xen-unstable (Vulnerable code not present) - xen-3 (Vulnerable code not present) CVE-2008-2381 (SQL injection vulnerability in the create function in common/include/G ...) {DSA-1698-1} - gforge 4.7~rc2-7 CVE-2008-2380 (SQL injection vulnerability in authpgsqllib.c in Courier-Authlib befor ...) {DSA-1688-1 DTSA-180-1} - courier-authlib 0.61.0-1+lenny1 CVE-2008-2379 (Cross-site scripting (XSS) vulnerability in SquirrelMail before 1.4.17 ...) {DSA-1682-1} - squirrelmail 2:1.4.15-4 CVE-2008-2378 (Untrusted search path vulnerability in hfkernel in hf 0.7.3 and 0.8 al ...) {DSA-1668-1} - hf 0.8-8.1 (medium; bug #504182) CVE-2008-2377 (Use-after-free vulnerability in the _gnutls_handshake_hash_buffers_cle ...) - gnutls26 2.4.1-1 (medium) - gnutls13 (Problem was introduced in 2.3.5) CVE-2008-2376 (Integer overflow in the rb_ary_fill function in array.c in Ruby before ...) {DSA-1618-1 DSA-1612-1} - ruby1.9 1.9.0.2-2 - ruby1.8 1.8.7.22-2 NOTE: https://www.openwall.com/lists/oss-security/2008/07/02/3 CVE-2008-2375 (Memory leak in a certain Red Hat deployment of vsftpd before 2.0.5 on ...) - vsftpd (debian versions all include the fix) CVE-2008-2374 (src/sdp.c in bluez-libs 3.30 in BlueZ, and other bluez-libs before 3.3 ...) - bluez-libs 3.34 (low) [etch] - bluez-libs (Minor issue) - bluez-utils 3.34 (low) [etch] - bluez-utils (Minor issue) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2008-2374 CVE-2008-2373 REJECTED CVE-2008-2372 (The Linux kernel 2.6.24 and 2.6.25 before 2.6.25.9 allows local users ...) - linux-2.6 2.6.26-1 [etch] - linux-2.6 (Introduced between 2.6.23 and 2.6.24) - linux-2.6.24 2.6.24-6~etchnhalf.4 NOTE: IMO this is a lack of optimisation, not a security issue? - jmm NOTE: 89f5b7da2a6bad2e84670422ab8192382a5aeb9f CVE-2008-2371 (Heap-based buffer overflow in pcre_compile.c in the Perl-Compatible Re ...) {DSA-1602-1 DTSA-145-1} - pcre3 7.6-2.1 (medium; bug #488919) CVE-2008-2370 (Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 th ...) - tomcat5.5 5.5.26-4 (bug #494504) CVE-2008-2369 (manzier.pxt in Red Hat Network Satellite Server before 5.1.1 has a har ...) NOT-FOR-US: Red Hat Network Satellite Server CVE-2008-2368 (Red Hat Certificate System 7.2 stores passwords in cleartext in the Us ...) NOT-FOR-US: Red Hat Certificate System CVE-2008-2367 (Red Hat Certificate System 7.2 uses world-readable permissions for pas ...) NOT-FOR-US: Red Hat Certificate System CVE-2008-2366 (Untrusted search path vulnerability in a certain Red Hat build script ...) - openoffice.org (RedHat-specific packaging flaw) CVE-2008-2365 (Race condition in the ptrace and utrace support in the Linux kernel 2. ...) - linux-2.6 2.6.17 NOTE: 5ecfbae093f0c37311e89b29bfc0c9d586eace87 f5b40e363ad6041a96e3da32281d8faa191597b9 NOTE: f358166a9405e4f1d8e50d8f415c26d95505b6de CVE-2008-2364 (The ap_proxy_http_process_response function in mod_proxy_http.c in the ...) - apache2 2.2.9-1 (low) [etch] - apache2 2.2.3-4+etch6 - apache (vulnerable code not present) CVE-2008-2363 (The PartsBatch class in Pan 0.132 and earlier does not properly manage ...) - pan 0.132-3.1 (bug #483562) [etch] - pan (Vulnerable code not added until 0.130) NOTE: see http://svn.gnome.org/viewvc/pan2/trunk/pan/data/parts.cc?view=log&pathrev=286 CVE-2008-2362 (Multiple integer overflows in the Render extension in the X server 1.4 ...) {DSA-1595-1 DTSA-141-1} - xorg-server 2:1.4.1~git20080517-2 CVE-2008-2361 (Integer overflow in the ProcRenderCreateCursor function in the Render ...) {DSA-1595-1 DTSA-141-1} - xorg-server 2:1.4.1~git20080517-2 CVE-2008-2360 (Integer overflow in the AllocateGlyph function in the Render extension ...) {DSA-1595-1 DTSA-141-1} - xorg-server 2:1.4.1~git20080517-2 CVE-2008-2359 (The default configuration of consolehelper in system-config-network be ...) NOT-FOR-US: system-config-network Fedora CVE-2008-2358 (Integer overflow in the dccp_feat_change function in net/dccp/feat.c i ...) {DSA-1592-1} - linux-2.6 2.6.20-1 NOTE: DCCP feature sanitising was introduced in 2.6.20 NOTE: this version casts sizeof to int. This is a module, not a compiled in feature in Debian CVE-2008-2357 (Stack-based buffer overflow in the split_redraw function in split.c in ...) {DSA-1587-1} - mtr 0.73-1 CVE-2008-2356 (SQL injection vulnerability in index.php in Archangel Weblog 0.90.02 a ...) NOT-FOR-US: Archangel Weblog CVE-2008-2355 (Directory traversal vulnerability in index.php in WR-Meeting 1.0, when ...) NOT-FOR-US: WR-Meeting CVE-2008-2354 (Unspecified vulnerability in the data export function in testMaker bef ...) NOT-FOR-US: testMaker CVE-2008-2353 (Directory traversal vulnerability in admin.php in GNU/Gallery 1.1.1.0 ...) NOT-FOR-US: GNU/Gallery CVE-2008-2352 (Directory traversal vulnerability in index.php in Smeego 1.0, when mag ...) NOT-FOR-US: Smeego CVE-2008-2351 (Multiple SQL injection vulnerabilities in index.php in CMS WebManager- ...) NOT-FOR-US: WebManager-Pro CVE-2008-2350 (Directory traversal vulnerability in highlight.php in bcoos 1.0.9 thro ...) NOT-FOR-US: bcoos CVE-2008-2349 (Zomplog 3.8.2 and earlier allows remote attackers to gain administrati ...) NOT-FOR-US: Zomplog CVE-2008-2348 (MeltingIce File System 1.0 allows remote attackers to bypass applicati ...) NOT-FOR-US: MeltingIce File System CVE-2008-2347 (MyPicGallery 1.0 allows remote attackers to bypass application authent ...) NOT-FOR-US: MyPicGallery CVE-2008-2346 (AlkalinePHP 0.77.35 and earlier allows remote attackers to bypass auth ...) NOT-FOR-US: AlkalinePHP CVE-2008-2345 (Unspecified vulnerability in the air_filemanager 0.6.0 and earlier ext ...) NOT-FOR-US: air_filemanager extension for typo3 CVE-2008-2344 (Cross-site scripting (XSS) vulnerability in the air_filemanager 0.6.0 ...) NOT-FOR-US: air_filemanager extension for typo3 CVE-2008-2343 (News Manager 2.0 allows remote attackers to bypass restrictions and ob ...) NOT-FOR-US: News Manager CVE-2008-2342 (Directory traversal vulnerability in attachments.php in News Manager 2 ...) NOT-FOR-US: News Manager CVE-2008-2341 (PHP remote file inclusion vulnerability in ch_readalso.php in News Man ...) NOT-FOR-US: News Manager CVE-2008-2340 (Multiple SQL injection vulnerabilities in News Manager 2.0 allow remot ...) NOT-FOR-US: News Manager CVE-2008-2339 (SQL injection vulnerability in index.php in Turnkey Web Tools SunShop ...) NOT-FOR-US: Turnkey Web Tools SunShop Shopping Cart CVE-2008-2338 (Interspire ActiveKB 1.5 and earlier allows remote attackers to gain pr ...) NOT-FOR-US: Interspire ActiveKB CVE-2008-2337 (Multiple SQL injection vulnerabilities in IMGallery 2.5, when magic_qu ...) NOT-FOR-US: IMGallery CVE-2008-2336 (SQL injection vulnerability in category.php in 68 Classifieds 4.0.1 al ...) NOT-FOR-US: 68 Classifieds CVE-2008-2335 (Cross-site scripting (XSS) vulnerability in search_results.php in Vast ...) NOT-FOR-US: Vastal I-Tech phpVID CVE-2008-2334 (Multiple SQL injection vulnerabilities in W1L3D4 Philboard 0.5 allow r ...) NOT-FOR-US: W1L3D4 Philboard CVE-2008-2333 (Cross-site scripting (XSS) vulnerability in ldap_test.cgi in Barracuda ...) NOT-FOR-US: Barracuda CVE-2008-2332 (ImageIO in Apple Mac OS X 10.4.11 and 10.5 through 10.5.4 allows conte ...) NOT-FOR-US: Apple Mac OS X CVE-2008-2331 (Finder in Apple Mac OS X 10.5 through 10.5.4 does not properly update ...) NOT-FOR-US: Apple Mac OS X CVE-2008-2330 (slapconfig in Directory Services in Apple Mac OS X 10.5 through 10.5.4 ...) NOT-FOR-US: Apple Mac OS X CVE-2008-2329 (Directory Services in Apple Mac OS X 10.5 through 10.5.4, when Active ...) NOT-FOR-US: Apple Mac OS X CVE-2008-2328 RESERVED CVE-2008-2327 (Multiple buffer underflows in the (1) LZWDecode, (2) LZWDecodeCompat, ...) {DSA-1632-1 DTSA-160-1} - tiff 3.8.2-11 (medium) - tiff3 (fixed prior to initial upload) CVE-2008-2326 (mDNSResponder in the Bonjour Namespace Provider in Apple Bonjour for W ...) NOT-FOR-US: Apple Bonjour for Windows CVE-2008-2325 (QuickLook in Apple Mac OS X 10.4.11 and 10.5.4 allows remote attackers ...) NOT-FOR-US: Apple Mac OS X CVE-2008-2324 (The Repair Permissions tool in Disk Utility in Apple Mac OS X 10.4.11 ...) NOT-FOR-US: Apple Mac OS X CVE-2008-2323 (Unspecified vulnerability in Data Detectors Engine in Apple Mac OS X 1 ...) NOT-FOR-US: Apple Mac OS X CVE-2008-2322 (Integer overflow in CoreGraphics in Apple Mac OS X 10.4.11, 10.5.2, an ...) NOT-FOR-US: Apple Mac OS X CVE-2008-2321 (Unspecified vulnerability in CoreGraphics in Apple Mac OS X 10.4.11 an ...) NOT-FOR-US: Apple Mac OS X CVE-2008-2320 (Stack-based buffer overflow in CarbonCore in Apple Mac OS X 10.4.11 an ...) NOT-FOR-US: Apple Mac OS X NOTE: the original apple advisory (HT3613) is completely different from the current CVE NOTE: description. it claims that this is a webkit issue, which is completely wrong CVE-2008-2319 RESERVED CVE-2008-2318 (The WOHyperlink implementation in WebObjects in Apple Xcode tools befo ...) NOT-FOR-US: Apple Xcode CVE-2008-2317 (WebCore in Apple Safari does not properly perform garbage collection o ...) NOT-FOR-US: Safari CVE-2008-2316 (Integer overflow in _hashopenssl.c in the hashlib module in Python 2.5 ...) {DSA-1977-1 DTSA-157-1} - python2.5 2.5.2-11 (low; bug #493797) - python2.4 (hashlib module introduced in python2.5) CVE-2008-2315 (Multiple integer overflows in Python 2.5.2 and earlier allow context-d ...) {DSA-1667-1 DTSA-157-1} - python2.5 2.5.2-10 [etch] - python2.5 (Minor issue, not the default Python runtime) - python2.4 2.4.5-5 CVE-2008-2314 (Dock in Apple Mac OS X 10.5 before 10.5.4, when Exposé hot corner ...) NOT-FOR-US: Mac OS X CVE-2008-2313 (Apple Mac OS X before 10.5 uses weak permissions for the User Template ...) NOT-FOR-US: Mac OS X CVE-2008-2312 (Network Preferences in Apple Mac OS X 10.4.11 stores PPP passwords in ...) NOT-FOR-US: Apple Mac OS X CVE-2008-2311 (Launch Services in Apple Mac OS X before 10.5, when Open Safe Files is ...) NOT-FOR-US: Mac OS X CVE-2008-2310 (Format string vulnerability in c++filt in Apple Mac OS X 10.5 before 1 ...) - binutils 2.18.1~cvs20080103-1 (low) [etch] - binutils (Minor issue) CVE-2008-2309 (Incomplete blacklist vulnerability in CoreTypes in Apple Mac OS X befo ...) NOT-FOR-US: CoreTypes in Apple Mac OS X CVE-2008-2308 (Unspecified vulnerability in Alias Manager in Apple Mac OS X 10.5.1 an ...) NOT-FOR-US: Alias Manager in Apple Mac OS X CVE-2008-2307 (Unspecified vulnerability in WebKit in Apple Safari before 3.1.2, as d ...) - webkit 1.0.1-1 - qt4-x11 4:4.6.2-4 [lenny] - qt4-x11 (Minor impact, no apps in Lenny which use qtwebkit ) NOTE: QT4 might be fixed earlier, but only 4.6.2 was checked against NOTE: http://trac.webkit.org/changeset/34204 CVE-2008-2306 (Apple Safari before 3.1.2 on Windows does not properly interpret the U ...) NOT-FOR-US: Windows issue CVE-2008-2305 (Heap-based buffer overflow in Apple Type Services (ATS) in Apple Mac O ...) NOT-FOR-US: Apple Type Services (ATS) CVE-2008-2304 (Buffer overflow in Apple Core Image Fun House 2.0 and earlier in CoreI ...) NOT-FOR-US: Apple Core Image Fun House CVE-2008-2303 (Integer signedness error in Safari on Apple iPhone before 2.0 and iPod ...) NOT-FOR-US: Safari CVE-2008-2301 (SQL injection vulnerability in Kostenloses Linkmanagementscript allows ...) NOT-FOR-US: Kostenloses Linkmanagementscript CVE-2008-2300 (Unspecified vulnerability in Citrix Presentation Server 4.5 and earlie ...) NOT-FOR-US: Citrix Software CVE-2008-2299 (Unspecified vulnerability in SecureICA and ICA Basic encryption of Cit ...) NOT-FOR-US: Citrix Software CVE-2008-2298 (Admin.php in Web Slider 0.6 allows remote attackers to bypass authenti ...) NOT-FOR-US: Web Slider CVE-2008-2297 (The admin.php file in Rantx allows remote attackers to bypass authenti ...) NOT-FOR-US: Rantx CVE-2008-2296 (PHP remote file inclusion vulnerability in include/bbs.lib.inc.php in ...) NOT-FOR-US: Rgboard CVE-2008-2295 (Cross-site scripting (XSS) vulnerability in rg_search.php in Rgboard 3 ...) NOT-FOR-US: Rgboard CVE-2008-2294 (Pet Grooming Management System 2.0 allows remote attackers to gain pri ...) NOT-FOR-US: Pet Grooming Management System CVE-2008-2293 (admin.php in Multi-Page Comment System (MPCS) 1.0 and 1.1 allows remot ...) NOT-FOR-US: Multi-Page Comment System CVE-2008-2292 (Buffer overflow in the __snprint_value function in snmp_get in Net-SNM ...) {DSA-1663-1 DTSA-134-1} - net-snmp 5.4.1~dfsg-8 (medium; bug #482333) CVE-2008-2291 (axengine.exe in Symantec Altiris Deployment Solution 6.8.x and 6.9.x b ...) NOT-FOR-US: Symantec Altiris Deployment Solution CVE-2008-2290 (Unspecified vulnerability in the Agent user interface in Symantec Alti ...) NOT-FOR-US: Symantec Altiris Deployment Solution CVE-2008-2289 (Unspecified vulnerability in a tooltip element in Symantec Altiris Dep ...) NOT-FOR-US: Symantec Altiris Deployment Solution CVE-2008-2288 (Symantec Altiris Deployment Solution 6.8.x and 6.9.x before 6.9.176 ha ...) NOT-FOR-US: Symantec Altiris Deployment Solution CVE-2008-2287 (Symantec Altiris Deployment Solution 6.8.x and 6.9.x before 6.9.176 do ...) NOT-FOR-US: Symantec Altiris Deployment Solution CVE-2008-2286 (SQL injection vulnerability in axengine.exe in Symantec Altiris Deploy ...) NOT-FOR-US: Symantec Altiris Deployment Solution CVE-2008-2285 (The ssh-vulnkey tool on Ubuntu Linux 7.04, 7.10, and 8.04 LTS does not ...) {DSA-1576-1} - openssh 1:4.7p1-10 CVE-2008-2284 (PHP remote file inclusion vulnerability in fusebox5.php in Fusebox 5.5 ...) NOT-FOR-US: Fusebox CVE-2008-2283 (IDAutomation allows remote attackers to overwrite arbitrary files via ...) NOT-FOR-US: IDAutomation CVE-2008-2282 (admin.php in Internet Photoshow and Internet Photoshow Special Edition ...) NOT-FOR-US: Internet Photoshow CVE-2008-2281 (Cross-zone scripting vulnerability in the Print Table of Links feature ...) NOT-FOR-US: Internet Explorer CVE-2008-2280 (Cross-site scripting (XSS) vulnerability in admin/index.php in Script ...) NOT-FOR-US: PHP PicEngine CVE-2008-2279 (Freelance Auction Script 1.0 stores user passwords in plaintext in the ...) NOT-FOR-US: Freelance Auction Script CVE-2008-2278 (SQL injection vulnerability in browseproject.php in Freelance Auction ...) NOT-FOR-US: Freelance Auction Script CVE-2008-2277 (SQL injection vulnerability in detail.php in Feedback and Rating Scrip ...) NOT-FOR-US: Feedback and Rating Script CVE-2008-2275 (Unspecified vulnerability in sr_feuser_register 1.4.0, 1.6.0, 2.2.1 to ...) NOT-FOR-US: sr_feuser_register extension for TYPO3 CVE-2008-2274 (Cross-site scripting (XSS) vulnerability in the sr_feuser_register 1.4 ...) NOT-FOR-US: sr_feuser_register extension for TYPO3 CVE-2008-2273 (Unspecified vulnerability in the TACACS authentication component in Ar ...) NOT-FOR-US: TACACS authentication component in Aruba Mobility Controller CVE-2008-2272 (Multiple cross-site scripting (XSS) vulnerabilities in the web interfa ...) NOT-FOR-US: Aruba Mobility Controller CVE-2008-2271 (The Site Documentation Drupal module 5.x before 5.x-1.8 and 6.x before ...) NOT-FOR-US: Site Documentation Drupal module CVE-2008-2270 (Multiple PHP remote file inclusion vulnerabilities in PHPWAY Kostenlos ...) NOT-FOR-US: PHPWAY Linkmanagementscript CVE-2008-2269 (AustinSmoke GasTracker (AS-GasTracker) 1.0.0 allows remote attackers t ...) NOT-FOR-US: GasTracker CVE-2008-2268 (Open redirect vulnerability in interface/redirect.htm.php in Mjguest 6 ...) NOT-FOR-US: Mjguest CVE-2008-2267 (Incomplete blacklist vulnerability in javaUpload.php in Postlet in the ...) NOT-FOR-US: Postlet CVE-2008-2265 (SQL injection vulnerability in news.php in EMO Realty Manager allows r ...) NOT-FOR-US: EMO Realty Manager CVE-2008-2264 (Cross-site scripting (XSS) vulnerability in index.php in CyrixMED 1.4 ...) NOT-FOR-US: CyrixMED CVE-2008-2263 (SQL injection vulnerability in linking.page.php in Automated Link Exch ...) NOT-FOR-US: Automated Link Exchange Portal CVE-2008-2262 REJECTED CVE-2008-2261 REJECTED CVE-2008-2260 REJECTED CVE-2008-2259 (Microsoft Internet Explorer 6 and 7 does not perform proper "argument ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2008-2258 (Microsoft Internet Explorer 5.01, 6, and 7 accesses uninitialized memo ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2008-2257 (Microsoft Internet Explorer 5.01, 6, and 7 accesses uninitialized memo ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2008-2256 (Microsoft Internet Explorer 5.01, 6, and 7 does not properly handle ob ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2008-2255 (Microsoft Internet Explorer 5.01, 6, and 7 accesses uninitialized memo ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2008-2254 (Microsoft Internet Explorer 6 and 7 accesses uninitialized memory, whi ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2008-2253 (Unspecified vulnerability in Microsoft Windows Media Player 11 allows ...) NOT-FOR-US: Microsoft Windows Media Player CVE-2008-2252 (The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 ...) NOT-FOR-US: Microsoft CVE-2008-2251 (Double free vulnerability in the kernel in Microsoft Windows 2000 SP4, ...) NOT-FOR-US: Microsoft CVE-2008-2250 (The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 ...) NOT-FOR-US: Microsoft CVE-2008-2249 (Integer overflow in GDI in Microsoft Windows 2000 SP4, XP SP2 and SP3, ...) NOT-FOR-US: Microsoft Windows CVE-2008-2248 (Cross-site scripting (XSS) vulnerability in Outlook Web Access (OWA) f ...) NOT-FOR-US: Exchange Server CVE-2008-2247 (Cross-site scripting (XSS) vulnerability in Outlook Web Access (OWA) f ...) NOT-FOR-US: Exchange Server CVE-2008-2246 (Microsoft Windows Vista through SP1 and Server 2008 do not properly im ...) NOT-FOR-US: Microsoft Windows Vista CVE-2008-2245 (Heap-based buffer overflow in the InternalOpenColorProfile function in ...) NOT-FOR-US: Microsoft Windows Image Color Management System (MSCMS) CVE-2008-2244 (Microsoft Office Word 2002 SP3 allows remote attackers to execute arbi ...) NOT-FOR-US: Microsoft Office Word CVE-2008-2243 REJECTED CVE-2008-2242 (Multiple buffer overflows in xdr functions in the server in CA BrightS ...) NOT-FOR-US: CA BrightStor ARCServe Backup CVE-2008-2241 (Directory traversal vulnerability in caloggerd in CA BrightStor ARCSer ...) NOT-FOR-US: CA BrightStor ARCServe Backup CVE-2008-2240 (Stack-based buffer overflow in the Web Server service in IBM Lotus Dom ...) NOT-FOR-US: IBM Lotus Domino CVE-2008-2239 RESERVED CVE-2008-2238 (Multiple integer overflows in OpenOffice.org (OOo) 2.x before 2.4.2 al ...) {DSA-1661-1} - openoffice.org 1:2.4.1-12 CVE-2008-2237 (Heap-based buffer overflow in OpenOffice.org (OOo) 2.x before 2.4.2 al ...) {DSA-1661-1} - openoffice.org 1:2.4.1-12 CVE-2008-2236 (Cross-site scripting (XSS) vulnerability in blosxom.cgi in Blosxom bef ...) - blosxom 2.1.2-1 (low; bug #500873) [etch] - blosxom 2.0-14+etch1 (low; bug #500873) CVE-2008-2235 (OpenSC before 0.11.5 uses weak permissions (ADMIN file control informa ...) {DSA-1627-2} - opensc 0.11.4-4 NOTE: https://web.archive.org/web/20081222095654/http://www.opensc-project.org/security.html CVE-2008-2234 (Multiple buffer overflows in Openwsman 1.2.0 and 2.0.0 allow remote at ...) - openwsman (bug #754501) CVE-2008-2233 (The client in Openwsman 1.2.0 and 2.0.0, in unknown configurations, al ...) - openwsman (bug #754501) CVE-2008-2232 (The expand_template function in afuse.c in afuse 0.2 allows local user ...) {DSA-1611-1 DTSA-149-1} - afuse 0.2-3 (bug #490921; medium) CVE-2008-2231 (SQL injection vulnerability in Slashdot Like Automated Storytelling Ho ...) {DSA-1633-1} - slash (medium; bug #484499) NOTE: See CVE-2008-2553 NOTE: maintainer wants to remove package from unstable and move to experimental CVE-2008-2230 (Untrusted search path vulnerability in (1) reportbug 3.8 and 3.31, and ...) - reportbug 3.41 (low; bug #484311) - reportbug-ng 0.2008.03.28 (low; bug #484474) [etch] - reportbug (Unlikely attack scenario) CVE-2008-2229 RESERVED CVE-2008-2228 (PHP remote file inclusion vulnerability in portfolio/commentaires/dern ...) NOT-FOR-US: Cyberfolio CVE-2008-2227 (Multiple directory traversal vulnerabilities in PHP-Fusion Forum Rank ...) NOT-FOR-US: PHP-Fusion CVE-2008-2226 (Unspecified vulnerability in the export feature in OpenKM before 2.0 a ...) NOT-FOR-US: OpenKM CVE-2008-2225 (SQL injection vulnerability in index.php in gameCMS Lite 1.0 allows re ...) NOT-FOR-US: gameCMS CVE-2008-2224 (Multiple PHP remote file inclusion vulnerabilities in SazCart 1.5.1, w ...) NOT-FOR-US: SazCart CVE-2008-2223 (SQL injection vulnerability in group_posts.php in vShare YouTube Clone ...) NOT-FOR-US: vShare YouTube Clone CVE-2008-2222 (SQL injection vulnerability in login.php in EQdkp 1.3.2f allows remote ...) NOT-FOR-US: EQdkp CVE-2008-2221 (Unspecified vulnerability in the Java plugin in IBM WebSphere Applicat ...) NOT-FOR-US: IBM WebSphere CVE-2008-2220 (Multiple PHP remote file inclusion vulnerabilities in Interact Learnin ...) NOT-FOR-US: Interact Learning Community Environment CVE-2008-2219 (Cross-site scripting (XSS) vulnerability in install.php in C-News.fr C ...) NOT-FOR-US: C-News.fr CVE-2008-2218 (Buffer overflow in the Multimedia PC Client in Nortel Multimedia Commu ...) NOT-FOR-US: Nortel Multimedia CVE-2008-2217 (Directory traversal vulnerability in cm/graphie.php in Content Managem ...) NOT-FOR-US: CMS Phprojekt CVE-2008-2216 (Unrestricted file upload vulnerability in src/yopy_upload.php in Proje ...) NOT-FOR-US: PBCS CVE-2008-2215 (Multiple directory traversal vulnerabilities in Project-Based Calendar ...) NOT-FOR-US: PBCS CVE-2008-2214 (Stack-based buffer overflow in the Network Manager in Castle Rock Comp ...) NOT-FOR-US: Castle Rock Computing SNMPc CVE-2008-2213 (Multiple cross-site scripting (XSS) vulnerabilities in admin/inc/foote ...) NOT-FOR-US: Maian Links CVE-2008-2212 (Multiple cross-site scripting (XSS) vulnerabilities in Maian Cart 1.1 ...) NOT-FOR-US: Maian Cart CVE-2008-2211 (Multiple cross-site scripting (XSS) vulnerabilities in admin/inc/foote ...) NOT-FOR-US: Maian Guestbook CVE-2008-2210 (Multiple cross-site scripting (XSS) vulnerabilities in Maian Support 1 ...) NOT-FOR-US: Maian Support CVE-2008-2209 (Multiple cross-site scripting (XSS) vulnerabilities in admin/inc/heade ...) NOT-FOR-US: Maian Greeting CVE-2008-2208 (SQL injection vulnerability in index.php in Maian Greeting 2.1 allows ...) NOT-FOR-US: Maian Greeting CVE-2008-2207 (Cross-site scripting (XSS) vulnerability in admin/index.php in Maian G ...) NOT-FOR-US: Maian Gallery CVE-2008-2206 (Multiple cross-site scripting (XSS) vulnerabilities in Maian Music 1.1 ...) NOT-FOR-US: Maian Music CVE-2008-2205 (SQL injection vulnerability in index.php in Maian Music 1.1 allows rem ...) NOT-FOR-US: Maian Music CVE-2008-2204 (Multiple cross-site scripting (XSS) vulnerabilities in admin/inc/heade ...) NOT-FOR-US: Maian Search CVE-2008-2203 (SQL injection vulnerability in search.php in Maian Search 1.1 allows r ...) NOT-FOR-US: Maian Search CVE-2008-2202 (Multiple cross-site scripting (XSS) vulnerabilities in Maian Uploader ...) NOT-FOR-US: Maian Uploader CVE-2008-2201 (Multiple cross-site scripting (XSS) vulnerabilities in admin/inc/heade ...) NOT-FOR-US: Maian Recipe CVE-2008-2200 (Multiple cross-site scripting (XSS) vulnerabilities in Maian Weblog 4. ...) NOT-FOR-US: Maian Weblog CVE-2008-2199 (PHP remote file inclusion vulnerability in kmitaadmin/kmitam/htmlcode. ...) NOT-FOR-US: Kmita Mail CVE-2008-2198 (PHP remote file inclusion vulnerability in kmitaadmin/kmitat/htmlcode. ...) NOT-FOR-US: Kmita Tellfriend CVE-2008-2197 (SQL injection vulnerability in the blogwriter module 2.0 for Miniweb a ...) NOT-FOR-US: Miniweb CVE-2008-2196 (Cross-site scripting (XSS) vulnerability in admin.php in LifeType 1.2. ...) NOT-FOR-US: LifeType CVE-2008-2195 (Static code injection vulnerability in admincp.php in DeluxeBB 1.2 and ...) NOT-FOR-US: DeluxeBB CVE-2008-2194 (SQL injection vulnerability in forums.php in DeluxeBB 1.2 and earlier ...) NOT-FOR-US: DeluxeBB CVE-2008-2193 (PHP remote file inclusion vulnerability in example.php in Thomas Gossm ...) NOT-FOR-US: ScorpNews CVE-2008-2192 (Static code injection vulnerability in box/minichat/boxpop.php in IT!C ...) NOT-FOR-US: itcms CVE-2008-2191 (SQL injection vulnerability in the pnEncyclopedia module 0.2.0 and ear ...) NOT-FOR-US: pnEncyclopedia CVE-2008-2190 (SQL injection vulnerability in index.php in Online Rent (aka Online Re ...) NOT-FOR-US: Online Rental Property Script CVE-2008-2189 (SQL injection vulnerability in viewfaqs.php in AnServ Auction XL allow ...) NOT-FOR-US: Online AnServ Auction XL CVE-2008-2188 (Multiple cross-site scripting (XSS) vulnerabilities in EJ3 BlackBook 1 ...) NOT-FOR-US: EJ3 BlackBook CVE-2008-2187 (Cross-site scripting (XSS) vulnerability in mjguest.php in Mjguest 6.7 ...) NOT-FOR-US: Mjguest CVE-2008-2186 (Cross-site scripting (XSS) vulnerability in index.php in Chilek Conten ...) NOT-FOR-US: Chilek CMS CVE-2008-2185 (Directory traversal vulnerability in index.php in SMartBlog (aka SMBlo ...) NOT-FOR-US: SMartBlog (SMBlog) CVE-2008-2184 (Multiple SQL injection vulnerabilities in SMartBlog (aka SMBlog) 1.3 a ...) NOT-FOR-US: SMartBlog (SMBlog) CVE-2008-2183 (SQL injection vulnerability in index.php in SMartBlog (aka SMBlog) 1.3 ...) NOT-FOR-US: SMartBlog (SMBlog) CVE-2008-2182 (Cross-site scripting (XSS) vulnerability in the powermail extension be ...) NOT-FOR-US: powermail extension for TYPO3 CVE-2008-2181 (Multiple cross-site scripting (XSS) vulnerabilities in search.php in c ...) NOT-FOR-US: cpLinks CVE-2008-2180 (Multiple SQL injection vulnerabilities in cpLinks 1.03, when magic_quo ...) NOT-FOR-US: cpLinks CVE-2008-2179 (Cross-site scripting (XSS) vulnerability in SystemList.jsp in SysAid 5 ...) NOT-FOR-US: SysAid CVE-2008-2178 (Cross-site scripting (XSS) vulnerability in admin.php in LifeType 1.2. ...) NOT-FOR-US: LifeType CVE-2008-2177 (Multiple SQL injection vulnerabilities in phpDirectorySource 1.1.06, w ...) NOT-FOR-US: phpDirectorySource CVE-2008-2176 (Cross-site scripting (XSS) vulnerability in admin/category.php in Zomp ...) NOT-FOR-US: Zomplog CVE-2008-2175 (SQL injection vulnerability in comments.php in Gamma Scripts BlogMe PH ...) NOT-FOR-US: Gamma Scripts BlogMe PHP CVE-2008-2174 (Multiple unspecified vulnerabilities in Robin Rawson-Tetley Animal She ...) NOT-FOR-US: Animal Shelter Manager CVE-2008-2173 (Unspecified vulnerability in Yamaha routers allows remote attackers to ...) NOT-FOR-US: Yamaha routers CVE-2008-2172 (Unspecified vulnerability in Hitachi GR routers allows remote attacker ...) NOT-FOR-US: Hitachi GR routers CVE-2008-2171 (Unspecified vulnerability in AlaxalA AX routers allows remote attacker ...) NOT-FOR-US: AlaxalA AX routers CVE-2008-2170 (Unspecified vulnerability in Century routers allows remote attackers t ...) NOT-FOR-US: Century routers CVE-2008-2169 (Unspecified vulnerability in Avici routers allows remote attackers to ...) NOT-FOR-US: Avici routers CVE-2008-2168 (Cross-site scripting (XSS) vulnerability in Apache 2.2.6 and earlier a ...) - apache2 2.2.8-1 (low) [etch] - apache2 2.2.3-4+etch4 (low) NOTE: This is really a browser issue. Recent apache versions add a workaround. CVE-2008-2167 (Cross-site scripting (XSS) vulnerability in ZyXEL ZyWALL 100 allows re ...) NOT-FOR-US: ZyXEL ZyWALL CVE-2008-2166 (Cross-site scripting (XSS) vulnerability in the search module in Sun J ...) NOT-FOR-US: Sun Java System CVE-2008-2165 (Cross-site scripting (XSS) vulnerability in AccessCodeStart.asp in Cis ...) NOT-FOR-US: Cisco Building Broadband Service Manager (BBSM) Captive Portal CVE-2008-2164 RESERVED CVE-2008-2163 (Cross-site scripting (XSS) vulnerability in IBM Lotus Quickr 8.1 befor ...) NOT-FOR-US: IBM Lotus Quickr CVE-2008-2276 (Cross-site request forgery (CSRF) vulnerability in manage_user_create. ...) - mantis 1.0.8-4.1 (bug #481504) CVE-2008-2266 (uulib/uunconc.c in UUDeview 0.5.20, as used in nzbget before 0.3.0 and ...) - uudeview 0.5.20-3.1 (low; bug #480972) [etch] - uudeview (Minor issue) - libconvert-uulib-perl (Code patched by libconver-uulib upstream to use mkstemp) - pan (Code patched to use g_mkstemp) NOTE: See CVE-2004-2265, where the problem occured as well CVE-2008-2302 (Cross-site scripting (XSS) vulnerability in the login form in the admi ...) - python-django 0.96.2-1 (bug #481164; low) [etch] - python-django 0.95.1-1etch1 NOTE: Minor issue fixed in 4.0r4 point release CVE-2008-2162 (Cross-site scripting (XSS) vulnerability in SonicWall Email Security 6 ...) NOT-FOR-US: SonicWall Email Security CVE-2008-2161 (Buffer overflow in TFTP Server SP 1.4 and 1.5 on Windows, and possibly ...) NOT-FOR-US: TFTP Server SP 1.4 and 1.5 on Windows CVE-2008-2160 (Multiple unspecified vulnerabilities in the JPEG (GDI+) and GIF image ...) NOT-FOR-US: Microsoft Windows CE 5.0 CVE-2008-2159 (Microsoft Internet Explorer 7 can save encrypted pages in the cache ev ...) NOT-FOR-US: Microsoft Internet Explorer 7 CVE-2008-2158 (Multiple stack-based buffer overflows in the Command Line Interface pr ...) NOT-FOR-US: AlphaStor CVE-2008-2157 (robotd in the Library Manager in EMC AlphaStor 3.1 SP1 for Windows all ...) NOT-FOR-US: AlphaStor CVE-2008-2156 RESERVED CVE-2008-2155 RESERVED CVE-2008-2154 (IBM DB2 8 before FP17, 9.1 before FP5, and 9.5 before FP2 provides an ...) NOT-FOR-US: IBM DB2 CVE-2008-2153 RESERVED CVE-2008-2152 (Integer overflow in the rtl_allocateMemory function in sal/rtl/source/ ...) - openoffice.org (openoffice in Debian does not use the custom allocations but g/malloc) NOTE: see ooo-build/distro-configs/CommonLinux.conf.in, openoffice builds on Debian using NOTE: --with-alloc=system which causes the build scripts to use the system allocators instead of the NOTE: custom ones CVE-2008-2151 RESERVED CVE-2008-2150 RESERVED CVE-2008-2149 (Stack-based buffer overflow in the searchwn function in Wordnet 2.0, 2 ...) {DSA-1634-1} - wordnet 1:3.0-10 (bug #481186) NOTE: wordnet can be used as a backend to web applications CVE-2008-2148 (The utimensat system call (sys_utimensat) in Linux kernel 2.6.22 and o ...) - linux-2.6 2.6.25-3 (bug #481195) [etch] - linux-2.6 (vulnerable code not present) - linux-2.6.24 2.6.24-6~etchnhalf.3 NOTE: utimensat() was introduced in 2.6.22 and sched_slice() in 2.6.24 CVE-2008-2145 (Stack-based buffer overflow in Novell Client 4.91 SP4 and earlier allo ...) NOT-FOR-US: Novell Client 4.91 SP4 CVE-2008-2144 (Multiple unspecified vulnerabilities in Solaris print service for Sun ...) NOT-FOR-US: Solaris print service CVE-2008-2143 (Unspecified versions of Microsoft Outlook Web Access (OWA) use the Cac ...) NOT-FOR-US: Microsoft Outlook Web Access (OWA) CVE-2008-2141 RESERVED CVE-2008-2140 (Cross-site request forgery (CSRF) vulnerability in the rootpw plugin i ...) NOT-FOR-US: rpath Appliance Platform Agent CVE-2008-2139 (The rootpw plugin in rPath Appliance Platform Agent 2 and 3 does not r ...) NOT-FOR-US: rpath Appliance Platform Agent CVE-2008-2138 (Oracle Application Server (OracleAS) Portal 10g allows remote attacker ...) NOT-FOR-US: Oracle Application Server (OracleAS) Portal 10g CVE-2008-2137 (The (1) sparc_mmap_check function in arch/sparc/kernel/sys_sparc.c and ...) {DSA-1588-1} - linux-2.6 2.6.25-3 - linux-2.6.24 2.6.24-6~etchnhalf.3 NOTE: Upstream commit: 5816339310b2d9623cf413d33e538b45e815da5d, part of 2.6.25.3 CVE-2008-2136 (Memory leak in the ipip6_rcv function in net/ipv6/sit.c in the Linux k ...) {DSA-1588-1} - linux-2.6 2.6.25-3 - linux-2.6.24 2.6.24-6~etchnhalf.3 NOTE: Upstream commit: 36ca34cc3b8335eb1fe8bd9a1d0a2592980c3f02, part of 2.6.25.3 CVE-2008-2135 (Multiple SQL injection vulnerabilities in VisualShapers ezContents 2.0 ...) NOT-FOR-US: VisualShapers ezContents CVE-2008-2134 (The Journal module in Tru-Zone Nuke ET 3.x allows remote attackers to ...) NOT-FOR-US: Tru-Zone Nuke ET CVE-2008-2133 (Cross-site scripting (XSS) vulnerability in the Journal module in Tru- ...) NOT-FOR-US: Tru-Zone Nuke ET CVE-2008-2132 (SQL injection vulnerability in step1.asp in Systementor PostcardMentor ...) NOT-FOR-US: Systementor PostcardMentor CVE-2008-2131 (Cross-site scripting (XSS) vulnerability in mvnForum 1.1 GA allows rem ...) NOT-FOR-US: mvnForum CVE-2008-2130 (SQL injection vulnerability in poll_vote.php in iGaming CMS 1.5 allows ...) NOT-FOR-US: iGaming CVE-2008-2129 (SQL injection vulnerability in index.php in Galleristic 1.0, when magi ...) NOT-FOR-US: Galleristic CVE-2008-2128 (PHP remote file inclusion vulnerability in templates/header.php in CMS ...) NOT-FOR-US: Faethon CVE-2008-2127 (Cross-site scripting (XSS) vulnerability in search.php in CMS Faethon ...) NOT-FOR-US: Faethon CVE-2008-2126 (Multiple cross-site scripting (XSS) vulnerabilities in Tux CMS 0.1 all ...) NOT-FOR-US: Tux CMS CVE-2008-2125 (SQL injection vulnerability in viewalbums.php in Musicbox 2.3.6 and 2. ...) NOT-FOR-US: Musicbox CVE-2008-2124 (SQL injection vulnerability in modules/print.asp in fipsASP fipsCMS al ...) NOT-FOR-US: fipsASP CVE-2008-2123 (Cross-site scripting (XSS) vulnerability in WGate in SAP Internet Tran ...) NOT-FOR-US: WGate CVE-2008-2122 (IBM Rational Build Forge 7.0.2 allows remote attackers to cause a deni ...) NOT-FOR-US: IBM Rational Build Forge CVE-2008-2121 (The TCP implementation in Sun Solaris 8, 9, and 10 allows remote attac ...) NOT-FOR-US: Sun Solaris CVE-2008-2120 (Unspecified vulnerability in Sun Java System Application Server 7 2004 ...) NOT-FOR-US: Sun Java System Application Server CVE-2008-2119 (Asterisk Open Source 1.0.x and 1.2.x before 1.2.29 and Business Editio ...) - asterisk 1.4 NOTE: http://downloads.digium.com/pub/security/AST-2008-008.html CVE-2008-2118 (SQL injection vulnerability in info.php in Project Alumni 1.0.9 allows ...) NOT-FOR-US: Project Alumni CVE-2008-2117 (Cross-site scripting (XSS) vulnerability in pages/news.page.inc in Pro ...) NOT-FOR-US: Project Alumni CVE-2008-2116 (Multiple directory traversal vulnerabilities in editor.php in ScriptsE ...) NOT-FOR-US: ScriptsEZ.net Power Editor CVE-2008-2115 (Multiple cross-site scripting (XSS) vulnerabilities in editor.php in S ...) NOT-FOR-US: ScriptsEZ.net Power Editor CVE-2008-2114 (SQL injection vulnerability in emall/search.php in Pre Shopping Mall 1 ...) NOT-FOR-US: Pre Shopping Mall CVE-2008-2113 (SQL injection vulnerability in annuaire.php in PHPEasyData 1.5.4 allow ...) NOT-FOR-US: PHPEasyData CVE-2008-2142 (Emacs 21 and XEmacs automatically load and execute .flc (fast lock) fi ...) - emacs22 22.2+2-3 (low; bug #480885) - xemacs21-packages 2009.02.17-1 (low; bug #480886) [etch] - xemacs21-packages (Minor issue) [lenny] - xemacs21-packages (Minor issue) [etch] - xemacs21 (Minor issue) [lenny] - xemacs21 (Minor issue) - emacs21 21.4a+1-5.5 (low; bug #480877) [etch] - emacs21 (Minor issue) CVE-2008-2147 (Untrusted search path vulnerability in VideoLAN VLC before 0.9.0 allow ...) {DSA-1819-1 DTSA-132-1} - vlc 0.8.6.e-2.2 (low; bug #480724) NOTE: https://trac.videolan.org/vlc/ticket/1578 NOTE: https://git.videolan.org/?p=vlc.git;a=commit;h=c7cef4fdd8dd72ce0a45be3cda8ba98df5e83181 CVE-2008-6339 REJECTED CVE-2008-2112 (Unspecified vulnerability in Sun Ray Kiosk Mode 4.0 allows local and r ...) NOT-FOR-US: Sun Ray Kiosk Mode CVE-2008-2111 (The ActiveX Control (yNotifier.dll) in Yahoo! Assistant 3.6 and earlie ...) NOT-FOR-US: Yahoo Assistant CVE-2008-2110 (Unrestricted file upload vulnerability in qtofm.php in QTOFileManager ...) NOT-FOR-US: QTOFileManager CVE-2008-2109 (field.c in the libid3tag 0.15.0b library allows context-dependent atta ...) - libid3tag 0.15.1b-8 (low; bug #480187) [etch] - libid3tag (Minor issue) NOTE: totally different approach to fix the bug, see Kurts comments in the bug report CVE-2008-2108 (The GENERATE_SEED macro in PHP 4.x before 4.4.8 and 5.x before 5.2.5, ...) {DSA-1789-1} - php5 5.2.2-1 (low) NOTE: http://web.archive.org/web/20120118120046/http://www.sektioneins.de/advisories/SE-2008-02.txt CVE-2008-2107 (The GENERATE_SEED macro in PHP 4.x before 4.4.8 and 5.x before 5.2.5, ...) {DSA-1789-1} - php5 5.2.2-1 (low) NOTE: closely related to CVE-2008-2108 CVE-2008-2106 (Call of Duty 4 (CoD4) 1.5 and earlier allows remote authenticated user ...) NOT-FOR-US: Call of Duty CVE-2008-2105 (email_in.pl in Bugzilla 2.23.4, 3.0.x before 3.0.4, and 3.1.x before 3 ...) - bugzilla 3.0.4-1 (low) [etch] - bugzilla (vulnerable code introduced in 2.23.4) CVE-2008-2104 (The WebService in Bugzilla 3.1.3 allows remote authenticated users wit ...) - bugzilla (regression introduced in 3.1.3 referring to upstream) CVE-2008-2103 (Cross-site scripting (XSS) vulnerability in Bugzilla 2.17.2 and later ...) - bugzilla 3.0.4-1 (low; bug #480190) [etch] - bugzilla (Minor issue) CVE-2008-2102 RESERVED CVE-2008-2101 (The VMware Consolidated Backup (VCB) command-line utilities in VMware ...) NOT-FOR-US: VMware ESX CVE-2008-2100 (Multiple buffer overflows in VIX API 1.1.x before 1.1.4 build 93057 on ...) - vmware-package (low; bug #485919) [etch] - vmware-package (Contrib not supported) NOTE: vmware-package just builds vmware from downloaded tarballs, the package itself NOTE: does not download them, however it needs to update its hashes for upstream tarballs CVE-2008-2099 (Unspecified vulnerability in VMCI in VMware Workstation 6 before 6.0.4 ...) - vmware-package (Windows issue according to CVE) [etch] - vmware-package (Contrib not supported) CVE-2008-2098 (Heap-based buffer overflow in the VMware Host Guest File System (HGFS) ...) - vmware-package (low; bug #484491) [etch] - vmware-package (Contrib not supported) NOTE: vmware-package just builds vmware from downloaded tarballs, the package itself NOTE: does not download them, however it needs to update its hashes for upstream tarballs CVE-2008-2097 (Buffer overflow in the openwsman management service in VMware ESXi 3.5 ...) NOT-FOR-US: VMware ESX/i CVE-2008-2096 (SQL injection vulnerability in BackLinkSpider allows remote attackers ...) NOT-FOR-US: BackLinkSpider CVE-2008-2095 (SQL injection vulnerability in index.php in the FlippingBook (com_flip ...) NOT-FOR-US: FlippingBook CVE-2008-2094 (SQL injection vulnerability in article.php in the Article module for X ...) NOT-FOR-US: XOOPS CVE-2008-2093 (SQL injection vulnerability in the Profiler (com_comprofiler) componen ...) NOT-FOR-US: JOOMLA extra component CVE-2008-2092 (Linksys SPA-2102 Phone Adapter 3.3.6 allows remote attackers to cause ...) NOT-FOR-US: Linksys SPA-2102 Phone Adapter CVE-2008-2091 (Directory traversal vulnerability in ipn.php in KubeLabs Kubelance 1.6 ...) NOT-FOR-US: Kubelance CVE-2008-2090 (Unspecified vulnerability in the SCTP protocol implementation in Sun S ...) NOT-FOR-US: Sun Solaris CVE-2008-2089 (Unspecified vulnerability in the SCTP protocol implementation in Sun S ...) NOT-FOR-US: Sun Solaris CVE-2008-2088 (SQL injection vulnerability in admin/news.php in PHP Forge 3.0 beta 2 ...) NOT-FOR-US: PHP Forge CVE-2008-2087 (SQL injection vulnerability in search_result.php in Softbiz Web Host D ...) NOT-FOR-US: Softbiz Web Host Directory Script CVE-2008-2086 (Sun Java Web Start and Java Plug-in for JDK and JRE 6 Update 10 and ea ...) - openjdk-6 (browser plugin is different code base) - sun-java5 [etch] - sun-java5 (Non-free not supported) [lenny] - sun-java5 (Non-free not supported) - sun-java6 6-10-1 [lenny] - sun-java6 (Non-free not supported) CVE-2008-2084 (SQL injection vulnerability in topics.php in the MyArticles 0.6 beta-1 ...) NOT-FOR-US: MyArticles CVE-2008-2083 (SQL injection vulnerability in directory.php in Prozilla Hosting Index ...) NOT-FOR-US: Prozilla Hosting CVE-2008-2082 (Cross-site scripting (XSS) vulnerability in index.php in Siteman 2.0.x ...) NOT-FOR-US: Siteman CVE-2008-2081 (Directory traversal vulnerability in index.php in Siteman 2.0.x2 allow ...) NOT-FOR-US: Siteman CVE-2008-2080 (Stack-based buffer overflow in the Read32s_64 function in src/lib/cdfr ...) NOT-FOR-US: NASA Goddard Space Flight Center Common Data Format (CDF) library CVE-2008-2079 (MySQL 4.1.x before 4.1.24, 5.0.x before 5.0.60, 5.1.x before 5.1.24, a ...) {DSA-1608-1 DTSA-150-1} - mysql-dfsg-5.0 5.0.51a-10 (low; bug #480292) CVE-2008-2078 (Robocode before 1.6.0 allows user-assisted remote attackers to "access ...) - robocode 1.6.0~beta2-1 (low) CVE-2008-2077 (Unspecified vulnerability in Plain Black WebGUI 7.4.34 has unknown imp ...) NOT-FOR-US: Plain Black WebGUI CVE-2008-2076 (Directory traversal vulnerability in admin.php in ActualScripts Actual ...) NOT-FOR-US: ActualScripts CVE-2008-2075 (Cross-site scripting (XSS) vulnerability in pic.php in AstroCam 2.5.0 ...) NOT-FOR-US: AstroCam CVE-2008-2074 (Multiple PHP remote file inclusion vulnerabilities Harris Yusuf Arifin ...) NOT-FOR-US: Harris Yusuf Arifin Harris Wap Chat 1.0 CVE-2008-2073 (Directory traversal vulnerability in include/global.inc.php in Virtual ...) NOT-FOR-US: vlbook CVE-2008-2072 (Cross-site scripting (XSS) vulnerability in index.php in Virtual Desig ...) NOT-FOR-US: vlbook CVE-2008-2071 (Multiple cross-site request forgery (CSRF) vulnerabilities in the WHM ...) NOT-FOR-US: cPanel CVE-2008-2070 (The WHM interface 11.15.0 for cPanel 11.18 before 11.18.4 and 11.22 be ...) NOT-FOR-US: cPanel CVE-2008-2069 (Buffer overflow in Novell GroupWise 7 allows remote attackers to cause ...) NOT-FOR-US: Novell GroupWise CVE-2008-2068 (Cross-site scripting (XSS) vulnerability in WordPress 2.5 allows remot ...) - wordpress 2.5.1-1 [etch] - wordpress (Vulnerable code not present) CVE-2008-2067 (SQL injection vulnerability in bb_admin.php in miniBB 2.2a allows remo ...) NOT-FOR-US: miniBB CVE-2008-2066 (Cross-site scripting (XSS) vulnerability in bb_admin.php in miniBB 2.2 ...) NOT-FOR-US: miniBB CVE-2008-2065 (SQL injection vulnerability in jokes.php in YourFreeWorld Jokes Site S ...) NOT-FOR-US: YourFreeWorld CVE-2008-2064 (Multiple unspecified vulnerabilities in PhpGedView before 4.1.5 have u ...) {DSA-1580-1} - phpgedview 4.1.e+4.1.5-1 CVE-2008-2063 (SQL injection vulnerability in browse.videos.php in Joovili 3.1 allows ...) NOT-FOR-US: Joovili CVE-2008-2062 (The Real-Time Information Server (RIS) Data Collector service in Cisco ...) NOT-FOR-US: Cisco Real-Time Information Server (RIS) Data Collector service CVE-2008-2061 (The Computer Telephony Integration (CTI) Manager service in Cisco Unif ...) NOT-FOR-US: Cisco Computer Telephony Integration (CTI) Manager service CVE-2008-2060 (Unspecified vulnerability in Cisco Intrusion Prevention System (IPS) 5 ...) NOT-FOR-US: Cisco CVE-2008-2059 (Cisco Adaptive Security Appliance (ASA) and Cisco PIX security applian ...) NOT-FOR-US: Cisco CVE-2008-2058 (Cisco Adaptive Security Appliance (ASA) and Cisco PIX security applian ...) NOT-FOR-US: Cisco CVE-2008-2057 (The Instant Messenger (IM) inspection engine in Cisco Adaptive Securit ...) NOT-FOR-US: Cisco CVE-2008-2056 (Cisco Adaptive Security Appliance (ASA) and Cisco PIX security applian ...) NOT-FOR-US: Cisco CVE-2008-2055 (Cisco Adaptive Security Appliance (ASA) and Cisco PIX security applian ...) NOT-FOR-US: Cisco CVE-2008-2054 (Unspecified vulnerability in Cisco CiscoWorks Common Services 3.0.3 th ...) NOT-FOR-US: Cisco CiscoWorks Common Services CVE-2008-2053 (Unspecified vulnerability in Cisco Unified Customer Voice Portal (CVP) ...) NOT-FOR-US: Cisco Unified Customer Voice Portal CVE-2008-2052 (Open redirect vulnerability in redirect.php in Bitrix Site Manager 6.5 ...) NOT-FOR-US: Bitrix Site Manager CVE-2008-2049 (The POP3 server (EPSTPOP3S.EXE) 4.22 in E-Post Mail Server 4.10 allows ...) NOT-FOR-US: E-Post Mail Server CVE-2008-2048 (Cross-site scripting (XSS) vulnerability in hpz/admin/Default.asp in A ...) NOT-FOR-US: Angelo-Emlak CVE-2008-2047 (Multiple SQL injection vulnerabilities in Angelo-Emlak 1.0 allow remot ...) NOT-FOR-US: Angelo-Emlak CVE-2008-2046 (Cross-site scripting (XSS) vulnerability in index.php in Softpedia Sit ...) NOT-FOR-US: Softpedia CVE-2008-2045 (Absolute path traversal vulnerability in SugarCRM Sugar Community Edit ...) - sugarcrm-ce-5.0 (bug #457876) CVE-2008-2044 (includes/library.php in netOffice Dwins 1.3 p2 compares the demoSessio ...) NOT-FOR-US: netOffice Dwins CVE-2008-2043 (Multiple cross-site request forgery (CSRF) vulnerabilities in cPanel, ...) NOT-FOR-US: cPanel CVE-2008-2085 (Multiple stack-based buffer overflows in the (1) get_remote_ip_media a ...) - sip-tester 2.0.1-1.2 (low; bug #479039) [etch] - sip-tester (Minor issue) CVE-2008-2051 (The escapeshellcmd API function in PHP before 5.2.6 has unknown impact ...) {DSA-1578-1 DSA-1572-1 DTSA-135-1} - php5 5.2.6-1 NOTE: http://www.php.net/ChangeLog-5.php NOTE: http://web.archive.org/web/20120524033327/http://www.sektioneins.de/advisories/SE-2008-03.txt CVE-2008-2050 (Stack-based buffer overflow in the FastCGI SAPI (fastcgi.c) in PHP bef ...) {DSA-1572-1 DTSA-135-1} - php5 5.2.6-1 NOTE: php4 not affected, the vulnerable code isn't present NOTE: http://www.php.net/ChangeLog-5.php CVE-2008-2042 (The Javascript API in Adobe Acrobat Professional 7.0.9 and possibly 8. ...) NOT-FOR-US: Adobe Acrobat Reader CVE-2008-2039 REJECTED CVE-2008-2038 (Multiple SQL injection vulnerabilities in admin/adminindex.php in Turn ...) NOT-FOR-US: Tunkey WebTools CVE-2008-2037 (Multiple cross-site scripting (XSS) vulnerabilities in EditeurScripts ...) NOT-FOR-US: EidteurScripts CVE-2008-2036 (SQL injection vulnerability in index.php in dream4 Koobi Pro 6.25 allo ...) NOT-FOR-US: Koobi Pro CVE-2008-2035 (Cross-site scripting (XSS) vulnerability in the Bluemoon, Inc. (1) Bac ...) NOT-FOR-US: Bluemoon CVE-2008-2034 (SQL injection vulnerability in wp-download_monitor/download.php in the ...) NOT-FOR-US: wordpress Download Monitor 2.0.6 plugin CVE-2008-2033 REJECTED CVE-2008-2032 (The FTP service in Acritum Femitter Server 1.03 allows remote attacker ...) NOT-FOR-US: Acritum Femitter Server CVE-2008-2031 (VicFTPS 5.0 allows remote attackers to cause a denial of service (cras ...) NOT-FOR-US: VicFTPS CVE-2008-2030 (Cross-site scripting (XSS) vulnerability in installControl.php3 in F5 ...) NOT-FOR-US: FirePass CVE-2008-2029 (Multiple SQL injection vulnerabilities in (1) setup_mysql.php and (2) ...) NOT-FOR-US: miniBB CVE-2008-2028 (miniBB 2.2, and possibly earlier, when register_globals is enabled, al ...) NOT-FOR-US: miniBB CVE-2008-2027 (Open redirect vulnerability in WebID/IISWebAgentIF.dll in RSA Authenti ...) NOT-FOR-US: RSA Authentication Agent CVE-2008-2026 (Cross-site scripting (XSS) vulnerability in WebID/IISWebAgentIF.dll in ...) NOT-FOR-US: RSA Authentication Agent CVE-2008-2025 (Cross-site scripting (XSS) vulnerability in Apache Struts before 1.2.9 ...) - libstruts1.2-java 1.2.9-3.1 (low; bug #528352) [lenny] - libstruts1.2-java (Minor issue) CVE-2008-2024 (Cross-site scripting (XSS) vulnerability in index.php in miniBB 2.2, a ...) NOT-FOR-US: miniBB CVE-2008-2023 (Multiple SQL injection vulnerabilities in PD9 Software MegaBBS 2.2 all ...) NOT-FOR-US: MegaBBS CVE-2008-2022 (Mulatiple cross-site scripting (XSS) vulnerabilities in PD9 Software M ...) NOT-FOR-US: MegaBBS CVE-2008-2021 (Heap-based buffer overflow in Lhaplus before 1.57 allows remote attack ...) NOT-FOR-US: Lhaplus CVE-2008-2020 (The CAPTCHA implementation as used in (1) Francisco Burzi PHP-Nuke 7.0 ...) NOT-FOR-US: PHP-Nuke CVE-2008-2019 (Simple Machines Forum (SMF), probably 1.1.4, relies on "randomly gener ...) NOT-FOR-US: Simple Machines Forum CVE-2008-2018 (The AssignUser function in template.class.php in PHPizabi 0.848b C1 HF ...) NOT-FOR-US: PHPizabi CVE-2008-2017 (Directory traversal vulnerability in Chilek Content Management System ...) NOT-FOR-US: Chilek Content Management System CVE-2008-2016 (PHP remote file inclusion vulnerability in Chilek Content Management S ...) NOT-FOR-US: Chilek Content Management System CVE-2008-2015 (Multiple absolute path traversal vulnerabilities in certain ActiveX co ...) NOT-FOR-US: WatchFire CVE-2008-2014 (Mozilla Firefox 3.0 beta 5 allows remote attackers to cause a denial o ...) - iceweasel (unimportant) NOTE: Browser crashes / hangs not treated as security issues CVE-2008-2013 (SQL injection vulnerability in index.php in the pnFlashGames 1.5 throu ...) NOT-FOR-US: pnFlashGames CVE-2008-2012 (SQL injection vulnerability in index.php in the PostSchedule 1.0 modul ...) NOT-FOR-US: PostSchedule CVE-2008-2011 (Cross-site scripting (XSS) vulnerability in the National Rail Enquirie ...) NOT-FOR-US: National Rail Enquiries Live Departure Boards gadget CVE-2008-2010 (Unspecified vulnerability in Apple QuickTime Player on Windows XP SP2 ...) NOT-FOR-US: Windows CVE-2008-2009 (Xiph.org libvorbis before 1.0 does not properly check for underpopulat ...) - libvorbisidec 1.0.2+svn18153-0.1 (bug #669196) [squeeze] - libvorbisidec (Minor issue, no dev-deps) - libvorbis 1.2.0.dfsg-4 (bug #482039) [etch] - libvorbis (actual vulnerability fixed pre-1.0) [lenny] - libvorbis (actual vulnerability fixed pre-1.0) NOTE: additional hardening features have already been added to the unstable NOTE: packages that would be useful to have in stable, so proposing as spu/ospu CVE-2008-2008 (Buffer overflow in the Display Names message feature in Cerulean Studi ...) NOT-FOR-US: Cerulean Studios Trillian Basic CVE-2008-2007 REJECTED CVE-2008-2006 (Apple iCal 3.0.1 on Mac OS X allows remote CalDAV servers, and user-as ...) NOT-FOR-US: Apple iCal CVE-2008-2005 (The SuiteLink Service (aka slssvc.exe) in WonderWare SuiteLink before ...) NOT-FOR-US: SuiteLink CVE-2008-2004 (The drive_init function in QEMU 0.9.1 determines the format of a raw d ...) {DTSA-133-1} - qemu 0.9.1-5 - kvm 66+dfsg-1.1 (bug #481204) - xen-3 3.4.0-1 (bug #490409) - xen-unstable (bug #490411) - xen-3.0 CVE-2008-2003 (BadBlue 2.72 Personal Edition stores multiple programs in the web docu ...) NOT-FOR-US: BadBlue CVE-2008-2002 (Multiple cross-site request forgery (CSRF) vulnerabilities on Motorola ...) NOT-FOR-US: Motorola software CVE-2008-2001 (Apple Safari 3.1.1 allows remote attackers to cause a denial of servic ...) NOT-FOR-US: Apple Safari CVE-2008-2000 (Unspecified vulnerability in Apple Safari 3.1.1 allows remote attacker ...) NOT-FOR-US: Apple Safari CVE-2008-1999 (Apple Safari 3.1.1 allows remote attackers to spoof the address bar by ...) NOT-FOR-US: Apple Safari CVE-2008-1998 (The NNSTAT (aka SYSPROC.NNSTAT) procedure in IBM DB2 8 before FP16, 9. ...) NOT-FOR-US: Windows specific CVE-2008-1997 (Unspecified vulnerability in the ADMIN_SP_C2 procedure in IBM DB2 8 be ...) NOT-FOR-US: IBM DB2 CVE-2008-1996 (licq before 1.3.6 allows remote attackers to cause a denial of service ...) - licq 1.3.5-6 (low; bug #479036) [etch] - licq (Minor issue) CVE-2008-1995 (Sun Java System Directory Proxy Server 6.0, 6.1, and 6.2 classifies a ...) NOT-FOR-US: Sun Java System Directory Proxy Server CVE-2008-1994 (Multiple stack-based buffer overflows in (a) acon.c, (b) menu.c, and ( ...) - acon 1.0.5-6.1 (low; bug #475733) CVE-2008-1993 (Acidcat CMS 3.4.1 does not restrict access to the FCKEditor component, ...) NOT-FOR-US: Acidcat CVE-2008-1992 (Acidcat CMS 3.4.1 does not properly restrict access to (1) default_mai ...) NOT-FOR-US: Acidcat CVE-2008-1991 (Cross-site scripting (XSS) vulnerability in admin_colors_swatch.asp in ...) NOT-FOR-US: Acidcat CVE-2008-1990 (Multiple SQL injection vulnerabilities in Acidcat CMS 3.4.1 allow remo ...) NOT-FOR-US: Acidcat CVE-2008-1989 (PHP remote file inclusion vulnerability in 123flashchat.php in the 123 ...) NOT-FOR-US: Flash Chat CVE-2008-1988 (Unrestricted file upload vulnerability in the file_upload function in ...) NOT-FOR-US: EncapsGallery CVE-2008-1987 (Cross-site scripting (XSS) vulnerability in search.php in EncapsGaller ...) NOT-FOR-US: EncapsGallery CVE-2008-1986 (Cross-site scripting (XSS) vulnerability in liste_article.php in Blog ...) NOT-FOR-US: PixelMotion CVE-2008-1985 (Cross-site scripting (XSS) vulnerability in base.php in DigitalHive 2. ...) NOT-FOR-US: DigitalHive CVE-2008-1984 (The eTrust Common Services (Transport) Daemon (eCSqdmn) in CA Secure C ...) NOT-FOR-US: eTrust CVE-2008-1983 (Cross-site scripting (XSS) vulnerability in Advanced Electron Forum (A ...) NOT-FOR-US: Advanced Electron Forum (AEF) CVE-2008-1982 (SQL injection vulnerability in ss_load.php in the Spreadsheet (wpSS) 0 ...) NOT-FOR-US: Wordpress Spreadsheet plugin CVE-2008-1981 (Cross-site request forgery (CSRF) vulnerability in E-Publish 5.x befor ...) NOT-FOR-US: e-publish CVE-2008-1980 (Cross-site scripting (XSS) vulnerability in E-Publish 5.x before 5.x-1 ...) NOT-FOR-US: e-publish CVE-2008-1979 (The Discovery Service (casdscvc) in CA ARCserve Backup 12.0.5454.0 and ...) NOT-FOR-US: CA ARCserve Backup CVE-2008-1978 (Cross-site scripting (XSS) vulnerability in the Ubercart 5.x before 5. ...) NOT-FOR-US: Ubercart CVE-2008-1977 (Cross-site request forgery (CSRF) vulnerability in the Internationaliz ...) NOT-FOR-US: Drupal internationalization and localizer module CVE-2008-1976 (Multiple cross-site scripting (XSS) vulnerabilities in the Drupal modu ...) NOT-FOR-US: Drupal internationalization and localizer module CVE-2008-1975 (SQL injection vulnerability in index.php in E-RESERV 2.1 allows remote ...) NOT-FOR-US: E-RESERV CVE-2008-1973 (Heap-based buffer overflow in SubEdit Player build 4056 and 4066 allow ...) NOT-FOR-US: SubEdit Player CVE-2008-1972 (Multiple cross-site scripting (XSS) vulnerabilities in the user accoun ...) NOT-FOR-US: Exponent CMS CVE-2008-1971 (phShoutBox Final 1.5 and earlier only checks passwords when specified ...) NOT-FOR-US: phShoutBox CVE-2008-1970 (muCommander before 0.8.2 stores credentials.xml with insecure permissi ...) NOT-FOR-US: muCommander CVE-2008-1969 (Multiple cross-site scripting (XSS) vulnerabilities in Cezanne 6.5.1 a ...) NOT-FOR-US: Cezanne CVE-2008-1968 (Multiple SQL injection vulnerabilities in Cezanne 7 allow remote authe ...) NOT-FOR-US: Cezanne CVE-2008-1967 (Cross-site scripting (XSS) vulnerability in CFLogon/CFLogon.asp in Cez ...) NOT-FOR-US: Cezanne CVE-2008-1966 (Multiple buffer overflows in the JAR file administration routines in t ...) NOT-FOR-US: Windows specific CVE-2008-1965 (Argument injection vulnerability in the cai: URI handler in rcplaunche ...) NOT-FOR-US: Lotus Expeditor CVE-2008-1964 - xine-lib (nsf support disabled by maintainer) NOTE: xine-lib (1.1.12) uses strndup to allocate the needed memory and limits it to 32 bytes NOTE: while copyright is 100 bytes long (+ padding for chunks) CVE-2008-1963 (PHP remote file inclusion vulnerability in includes/functions.php in Q ...) NOT-FOR-US: Quate Grape Web Statistics CVE-2008-1962 (Multiple directory traversal vulnerabilities in Aterr 0.9.1 allow remo ...) NOT-FOR-US: Aterr CVE-2008-1961 (SQL injection vulnerability in index.php in Voice Of Web AllMyGuests 0 ...) NOT-FOR-US: Voice Of Web AllMyGuests CVE-2008-1960 (Cross-site scripting (XSS) vulnerability in cgi-bin/contray/search.cgi ...) NOT-FOR-US: ContRay CVE-2008-1959 (Stack-based buffer overflow in the get_remote_video_port_media functio ...) - sip-tester 2.0.1-1.2 (low; bug #479039) [etch] - sip-tester (Minor issue) CVE-2008-1958 (Unrestricted file upload vulnerability in the ajout_cat mode in admin/ ...) NOT-FOR-US: Tr Script News CVE-2008-1957 (SQL injection vulnerability in news.php in Tr Script News 2.1 allows r ...) NOT-FOR-US: Tr Script News CVE-2008-2146 (wp-includes/vars.php in Wordpress before 2.2.3 does not properly extra ...) {DSA-1564-1} - wordpress 2.2.3-1 NOTE: http://trac.wordpress.org/ticket/4748 NOTE: fixed in DSA-1564-1 CVE-2008-2040 (Stack-based buffer overflow in the HTTP::getAuthUserPass function (cor ...) {DSA-1583-1 DSA-1582-1} - peercast 0.1218+svn20080104-1.1 (medium; bug #478573) - gnome-peercast NOTE: etch version tested with PoC, affected CVE-2008-1974 (Cross-site scripting (XSS) vulnerability in addevent.php in Horde Kron ...) {DSA-1560-1} - kronolith2 2.1.8-1 CVE-2008-1956 (Cross-site scripting (XSS) vulnerability in index.php in Wikepage Opus ...) NOT-FOR-US: Wikepage Opus CVE-2008-1955 (Cross-site scripting (XSS) vulnerability in rep.php in Martin BOUCHER ...) NOT-FOR-US: Martin BOUCHER MyBoard CVE-2008-1954 (SQL injection vulnerability in one_day.php in Web Calendar Pro 4.1 and ...) NOT-FOR-US: Web Calendar Pro CVE-2008-1953 (Cross-site scripting (XSS) vulnerability in the Sitedesigner before 1. ...) NOT-FOR-US: Sitedesigner CVE-2008-1952 (The backend for XenSource Xen Para Virtualized Frame Buffer (PVFB) in ...) - xen-3 3.2.1-2 (medium; bug #487095) - xen-unstable (Vulnerable code not present, introduced in changeset 17630) NOTE: vulnerable code no longer present as of xen 3.4 (xenfb.c has been removed) CVE-2008-1951 (Untrusted search path vulnerability in a certain Red Hat build script ...) NOT-FOR-US: Red Hat issue CVE-2008-1950 (Integer signedness error in the _gnutls_ciphertext2compressed function ...) {DSA-1581-1} - gnutls13 2.0.4-4 (low) - gnutls26 2.2.5-1 (low) CVE-2008-1949 (The _gnutls_recv_client_kx_message function in lib/gnutls_kx.c in libg ...) {DSA-1581-1} - gnutls13 2.0.4-4 (low) - gnutls26 2.2.5-1 (low) CVE-2008-1948 (The _gnutls_server_name_recv_params function in lib/ext_server_name.c ...) {DSA-1581-1} - gnutls13 2.0.4-4 (medium) - gnutls26 2.2.5-1 (medium) CVE-2008-1947 (Cross-site scripting (XSS) vulnerability in Apache Tomcat 5.5.9 throug ...) {DSA-1593-1} - tomcat5.5 5.5.26-3 (low; bug #484643) - tomcat5 CVE-2008-1946 (The default configuration of su in /etc/pam.d/su in GNU coreutils 5.2. ...) - coreutils 5.93-1 CVE-2008-1945 (QEMU 0.9.0 does not properly handle changes to removable media, which ...) {DSA-1799-1} - qemu 0.9.1-5 (low; bug #526013) CVE-2008-1944 (Buffer overflow in the backend framebuffer of XenSource Xen Para-Virtu ...) - xen-3 3.2.1-2 (medium; bug #487095) - xen-unstable 3.3-unstable+hg17602-1 (medium; bug #487097) CVE-2008-1943 (Buffer overflow in the backend of XenSource Xen Para Virtualized Frame ...) - xen-3 3.2.1-2 (medium; bug #487095) - xen-unstable 3.3-unstable+hg17602-1 (medium; bug #487097) CVE-2008-1942 (Foxit Reader 2.2 allows remote attackers to cause a denial of service ...) NOT-FOR-US: Foxit Reader CVE-2008-1941 (Cross-site scripting (XSS) vulnerability in the profile update feature ...) NOT-FOR-US: Akiva WebBoard CVE-2008-1940 (The RBAC functionality in grsecurity before 2.1.11-2.6.24.5 and 2.1.11 ...) - linux-patch-grsecurity2 2.1.11+2.6.24.5+200804211829-1 (bug #478133) CVE-2008-1939 (Multiple SQL injection vulnerabilities in W1L3D4 Philboard 1.0 allow r ...) NOT-FOR-US: W1L3D4 Philboard CVE-2008-1938 (Sony Mylo COM-2 Japanese model firmware before 1.002 does not properly ...) NOT-FOR-US: Sony firmware CVE-2008-1937 (The user form processing (userform.py) in MoinMoin before 1.6.3, when ...) - moin 1.6.3-1 [etch] - moin (1.5.x is not affected) NOTE: acl_hierarchic was introduced in 1.6.0 NOTE: userform processing issue was introduced in 1.6.1 CVE-2008-1936 (SQL injection vulnerability in index.php in Classifieds Caffe allows r ...) NOT-FOR-US: Classifieds Caffe CVE-2008-1935 (SQL injection vulnerability in the Filiale 1.0.4 component for Joomla! ...) NOT-FOR-US: Filiale CVE-2008-1934 (SQL injection vulnerability in commentaires.php in Crazy Goomba 1.2.1 ...) NOT-FOR-US: Crazy Goomba CVE-2008-1933 (Absolute path traversal vulnerability in a certain ActiveX control in ...) NOT-FOR-US: Zune CVE-2008-1932 (Integer overflow in Realtek HD Audio Codec Drivers RTKVHDA.sys and RTK ...) NOT-FOR-US: Realtek HD Audio Codec CVE-2008-1931 (Realtek HD Audio Codec Drivers RTKVHDA.sys and RTKVHDA64.sys before 6. ...) NOT-FOR-US: Realtek HD Audio Codec CVE-2008-1929 RESERVED CVE-2008-1928 (Buffer overflow in Imager 0.42 through 0.63 allows attackers to cause ...) - libimager-perl 0.64-1 CVE-2008-1926 (Argument injection vulnerability in login (login-utils/login.c) in uti ...) {DTSA-126-1} - util-linux 2.13.1.1-1 (low; bug #478135) [etch] - util-linux (Audit support not available in Etch's version) CVE-2008-1923 (The IAX2 channel driver (chan_iax2) in Asterisk 1.2 before revision 72 ...) - asterisk 1:1.4.19.1~dfsg-1 (medium) [etch] - asterisk (Etch Packages no longer covered by security support) CVE-2008-1922 (Multiple stack-based buffer overflows in Sarg might allow attackers to ...) - sarg 2.2.4-1 CVE-2008-1921 (SQL injection vulnerability in store_pages/category_list.php in 5th Av ...) NOT-FOR-US: 5th Avenue Shopping Cart CVE-2008-1920 (Heap-based buffer overflow in the boxelyRenderer module in the Persona ...) NOT-FOR-US: ICQ CVE-2008-1919 (SQL injection vulnerability in listtest.php in YourFreeWorld Apartment ...) NOT-FOR-US: YourFreeWorld Apartment Search Script CVE-2008-1918 (SQL injection vulnerability in submit.php in PHP-Fusion 6.01.14 and 6. ...) NOT-FOR-US: PHP-Fusion CVE-2008-1917 (Multiple cross-site scripting (XSS) vulnerabilities in AMFPHP 1.2 allo ...) NOT-FOR-US: AMFPHP CVE-2008-1916 (Multiple cross-site scripting (XSS) vulnerabilities in the Ubercart 5. ...) NOT-FOR-US: Ubercart (drupal module) CVE-2008-1915 (SQL injection vulnerability in view.asp in DevWorx BlogWorx 1.0 allows ...) NOT-FOR-US: BlogWorx CVE-2008-1930 (The cookie authentication method in WordPress 2.5 relies on a hash of ...) - wordpress 2.5.1-1 (medium; bug #477910) NOTE: only exploitable in blogs that allow user registering [etch] - wordpress (Vulnerable code was introduced in 2.5) CVE-2008-1927 (Double free vulnerability in Perl 5.8.8 allows context-dependent attac ...) {DSA-1556-2} - perl 5.10.0-1 (bug #454792) CVE-2008-1925 (Buffer overflow in InspIRCd before 1.1.18, when using the namesx and u ...) - inspircd 1.1.18+dfsg-1 (low) CVE-2008-1924 (Unspecified vulnerability in phpMyAdmin before 2.11.5.2, when running ...) {DSA-1557-1} - phpmyadmin 4:2.11.5.2-1 NOTE: https://www.phpmyadmin.net/security/PMASA-2008-3/ NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/79fe2890d28076d9406f7032198109ecd22866a6 CVE-2008-1914 (Stack-based buffer overflow in the AntServer module (AntServer.exe) in ...) NOT-FOR-US: BigAnt Messenger CVE-2008-1913 (SQL injection vulnerability in index.php in Lasernet CMS 1.5 and 1.11, ...) NOT-FOR-US: Lasernet CMS CVE-2008-1912 (Stack-based buffer overflow in DivX Player 6.7 build 6.7.0.22 and earl ...) NOT-FOR-US: DivX Player CVE-2008-1911 (SQL injection vulnerability in includes/system.php in 1024 CMS 1.4.2 b ...) NOT-FOR-US: 1024 CMS CVE-2008-1910 (Stack-based buffer overflow in the database service (ibserver.exe) in ...) NOT-FOR-US: Borland InterBase CVE-2008-1909 (SQL injection vulnerability in comment.php in PHP Knowledge Base (PHPK ...) NOT-FOR-US: PHPKB CVE-2008-1908 (Multiple directory traversal vulnerabilities in cpCommerce 1.1.0 allow ...) NOT-FOR-US: cpCommerce CVE-2008-1907 (Multiple SQL injection vulnerabilities in functions/display_page.func. ...) NOT-FOR-US: cpCommerce CVE-2008-1906 (Cross-site scripting (XSS) vulnerability in calendar.php in cpCommerce ...) NOT-FOR-US: cpCommerce CVE-2008-1905 (NMMediaServer.exe in Nero MediaHome 3.3.3.0 and earlier, as used in Ne ...) NOT-FOR-US: Nero MediaHome CVE-2008-1904 (Cicoandcico CcMail 1.0.1 and earlier does not verify that the this_coo ...) NOT-FOR-US: CcMail CVE-2008-1903 (PHP remote file inclusion vulnerability in news_show.php in Newanz New ...) NOT-FOR-US: Newanz NewsOffice CVE-2008-1902 (The GUI for aptlinex before 0.91 does not sufficiently warn the user o ...) - aptlinex 0.91-1 (low; bug #476572) NOTE: the user gets a confirmation dialog CVE-2008-1901 (aptlinex before 0.91 allows local users to overwrite arbitrary files v ...) - aptlinex 0.91-1 (medium; bug #476588) NOTE: code execution via /tmp/gambas-apt-exec is also possible, maintainer confirmed this CVE-2008-1900 (option_Update.asp in Carbon Communities 2.4 and earlier allows remote ...) NOT-FOR-US: Carbon Communities CVE-2008-1899 RESERVED CVE-2008-1898 (A certain ActiveX control in WkImgSrv.dll 7.03.0616.0, as distributed ...) NOT-FOR-US: Microsoft Works CVE-2008-1897 (The IAX2 channel driver (chan_iax2) in Asterisk Open Source 1.0.x, 1.2 ...) {DSA-1563-1} - asterisk 1:1.4.19.1~dfsg-1 (medium) CVE-2008-1896 (Multiple cross-site scripting (XSS) vulnerabilities in Carbon Communit ...) NOT-FOR-US: Carbon Communities CVE-2008-1895 (Multiple SQL injection vulnerabilities in Carbon Communities 2.4 and e ...) NOT-FOR-US: Carbon Communities CVE-2008-1894 (Cross-site scripting (XSS) vulnerability in desktoplaunch/InfoView/log ...) NOT-FOR-US: BusinessObjects InfoView CVE-2008-1893 (PHP remote file inclusion vulnerability in index.php in W2B Online Ban ...) NOT-FOR-US: W2B Online Banking CVE-2008-1892 (Cross-site scripting (XSS) vulnerability in bs_auth.php in Blogator-sc ...) NOT-FOR-US: Blogator-script CVE-2008-1891 (Directory traversal vulnerability in WEBrick in Ruby 1.8.4 and earlier ...) - ruby1.8 1.8.7.22-1 (unimportant) - ruby1.9 1.9.0.2-1 (unimportant) NOTE: corner-case only exploitable if web application is run on windows fs CVE-2008-1890 (SQL injection vulnerability in the Jom Comment 2.0 build 345 component ...) NOT-FOR-US: Jom Comment for Joomla! CVE-2008-1889 (SQL injection vulnerability in viewcat.php in XplodPHP AutoTutorials 2 ...) NOT-FOR-US: XplodPHP AutoTutorials CVE-2008-1888 (Cross-site scripting (XSS) vulnerability in Microsoft Windows SharePoi ...) NOT-FOR-US: Windows CVE-2008-1886 (The NeffyLauncher 1.0.5 ActiveX control (NeffyLauncher.dll) in CDNetwo ...) NOT-FOR-US: CDNetworks Nefficient Download CVE-2008-1885 (Directory traversal vulnerability in the NeffyLauncher 1.0.5 ActiveX c ...) NOT-FOR-US: NeffyLauncher CVE-2008-1884 (Directory traversal vulnerability in index.php in Wikepage Opus 13 200 ...) NOT-FOR-US: Wikepage CVE-2008-1883 (The server in Blackboard Academic Suite 7.x stores MD5 password hashes ...) NOT-FOR-US: Blackboard Academic Suite CVE-2008-1882 RESERVED CVE-2008-1881 (Stack-based buffer overflow in the ParseSSA function (modules/demux/su ...) {DSA-1819-1 DTSA-125-1} - vlc 0.8.6.e-2.1 (medium; bug #477805) CVE-2008-1880 (The default configuration of Firebird before 2.0.3.12981.0-r6 on Gento ...) - firebird2 [etch] - firebird2 (Firebird 1.5 no longer supported, see last DSA) - firebird2.0 2.0.3.12981.ds1-14 (bug #481389) NOTE: on debian after the installation firebird2.0-super is disabled, to enable it NOTE: you need to call dpkg-reconfigure CVE-2008-1879 REJECTED CVE-2008-2041 (Multiple unspecified vulnerabilities in eGroupWare before 1.4.004 have ...) - egroupware 1.4.004-2.dfsg-1 (bug #476977) CVE-2008-1876 (PHP remote file inclusion vulnerability in index.php in VisualPic 0.3. ...) NOT-FOR-US: VisualPic CVE-2008-1875 (SQL injection vulnerability in index.php in Terong PHP Photo Gallery ( ...) NOT-FOR-US: Terong PHP Photo Gallery CVE-2008-1874 (SQL injection vulnerability in account/user/mail.html in Xpoze Pro 3.0 ...) NOT-FOR-US: Xpoze Pro CVE-2008-1873 (Cross-site scripting (XSS) vulnerability in the private message featur ...) NOT-FOR-US: Nuke ET CVE-2008-1872 (SQL injection vulnerability in home.news.php in Comdev News Publisher ...) NOT-FOR-US: Comdev News Publisher CVE-2008-1871 (SQL injection vulnerability in links.php in Scriptsagent.com Links Dir ...) NOT-FOR-US: Scriptsagent.com CVE-2008-1870 (SQL injection vulnerability in getdata.php in PIGMy-SQL 1.4.1 and earl ...) NOT-FOR-US: PIGMy-SQL CVE-2008-1869 (SQL injection vulnerability in Site Sift Listings allows remote attack ...) NOT-FOR-US: Site Sift Listings CVE-2008-1868 (admin/sauvBase.php in Blog Pixel Motion (aka Blog PixelMotion) does no ...) NOT-FOR-US: Blog Pixel Motion CVE-2008-1867 (SQL injection vulnerability in Blog Pixel Motion (aka Blog PixelMotion ...) NOT-FOR-US: Blog Pixel Motion CVE-2008-1866 (admin/modif_config.php in Blog Pixel Motion (aka PixelMotion) does not ...) NOT-FOR-US: Blog Pixel Motion CVE-2008-1865 (Stack-based buffer overflow in the msx_readnode function in libmosix.c ...) NOT-FOR-US: openmosix-tools CVE-2008-1864 (SQL injection vulnerability in project.php in Prozilla Freelancers all ...) NOT-FOR-US: Prozilla Freelancers CVE-2008-1863 (SQL injection vulnerability in view_reviews.php in Prozilla Cheat Scri ...) NOT-FOR-US: Prozilla Cheat Script CVE-2008-1862 (ExBB Italia 0.22 and earlier only checks GET requests that use the QUE ...) NOT-FOR-US: ExBB Italia CVE-2008-1861 (Directory traversal vulnerability in modules/threadstop/threadstop.php ...) NOT-FOR-US: ExBB Italia CVE-2008-1860 (Static code injection vulnerability in admin.php in LokiCMS 0.3.3 and ...) NOT-FOR-US: LokiCMS CVE-2008-1859 (SQL injection vulnerability in events.php in iScripts SocialWare allow ...) NOT-FOR-US: iScripts SocialWare CVE-2008-1858 (SQL injection vulnerability in index.php in 724Networks 724CMS 4.01 an ...) NOT-FOR-US: 724Networks 724CMS CVE-2008-1857 (Multiple directory traversal vulnerabilities in viewsource.php in Make ...) NOT-FOR-US: Mole CVE-2008-1856 (plugins/maps/db_handler.php in LinPHA 1.3.3 and earlier does not requi ...) NOT-FOR-US: LinPHA CVE-2008-1855 (FrameworkService.exe in McAfee Common Management Agent (CMA) 3.6.0.574 ...) NOT-FOR-US: McAfee CVE-2008-1854 (Unspecified vulnerability in SmarterMail Web Server (SMWebSvr.exe) in ...) NOT-FOR-US: SmarterMail Web Server CVE-2008-1853 (The ovtopmd service in HP OpenView Network Node Manager (OV NNM) 7.51, ...) NOT-FOR-US: HP OpenView CVE-2008-1852 (ovalarmsrv in HP OpenView Network Node Manager (OV NNM) 7.51, 7.53, an ...) NOT-FOR-US: HP OpenView CVE-2008-1851 (ovalarmsrv in HP OpenView Network Node Manager (OV NNM) 7.51, 7.53, an ...) NOT-FOR-US: HP OpenView CVE-2008-1850 (Multiple cross-site scripting (XSS) vulnerabilities in login.php in Om ...) NOT-FOR-US: Omnistar Interactive OSI Affiliate CVE-2008-1849 (Directory traversal vulnerability in index.php in the joomlaXplorer (c ...) NOT-FOR-US: com_joomlaxplorer Mambo/Joomla! component CVE-2008-1848 (Cross-site scripting (XSS) vulnerability in the joomlaXplorer (com_joo ...) NOT-FOR-US: com_joomlaxplorer Mambo/Joomla! CVE-2008-1847 (SQL injection vulnerability in view.php in CoronaMatrix phpAddressBook ...) NOT-FOR-US: phpAddressBook CVE-2008-1846 (The default configuration of SAP NetWeaver before 7.0 SP15 does not en ...) NOT-FOR-US: SAP CVE-2008-1845 (The Korn shell (aka mksh) before R33d on MirOS (aka MirBSD) does not f ...) - mksh 33.4-1 (low) [etch] - mksh 28.0-3 CVE-2008-1844 (SQL injection vulnerability in cat.php in W2B phpHotResources allows r ...) NOT-FOR-US: W2B phpHotResources CVE-2008-1843 (SQL injection vulnerability in browse.php in W2B DatingClub (aka Datin ...) NOT-FOR-US: W2B DatingClub CVE-2008-1842 (Integer signedness error in ovspmd.exe in HP OpenView Network Node Man ...) NOT-FOR-US: HP OpenView CVE-2008-1841 (SQL injection vulnerability in the session handling functionality in b ...) NOT-FOR-US: Coppermine CVE-2008-1840 (SQL injection vulnerability in upload.php in Coppermine Photo Gallery ...) NOT-FOR-US: Coppermine CVE-2008-1839 (Multgiple cross-site scripting (XSS) vulnerabilities in module/main.ph ...) NOT-FOR-US: WORK system e-commerce CVE-2008-1838 (SQL injection vulnerability in BosClassifieds Classified Ads System 3. ...) NOT-FOR-US: BosClassifieds Classified Ads System CVE-2008-1836 (The rfc2231 function in message.c in libclamav in ClamAV before 0.93 a ...) - clamav (Vulnerable code introduced later, checked back with upstream) CVE-2008-1834 (swfdec_load_object.c in Swfdec before 0.6.4 does not properly restrict ...) - swfdec0.6 0.6.4-1 (low) - swfdec0.5 (low; bug #477037) CVE-2008-1833 (Heap-based buffer overflow in pe.c in libclamav in ClamAV 0.92.1 allow ...) {DSA-1549-1} - clamav 0.92.1~dfsg2-1.1 (medium; bug #476694) CVE-2008-1878 (Stack-based buffer overflow in the demux_nsf_send_chunk function in sr ...) {DSA-1586-1 DTSA-128-1} - xine-lib 1.1.12-2 (medium; bug #476990) NOTE: not patched but disabled in testing/unstable CVE-2008-1831 (Multiple unspecified vulnerabilities in the Siebel SimBuilder componen ...) NOT-FOR-US: Oracle Siebel Enterprise CVE-2008-1830 (Unspecified vulnerability in the PeopleSoft HCM ePerformance component ...) NOT-FOR-US: Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne CVE-2008-1829 (Unspecified vulnerability in the PeopleSoft HCM Recruiting component i ...) NOT-FOR-US: Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne CVE-2008-1828 (Unspecified vulnerability in the PeopleSoft PeopleTools component in O ...) NOT-FOR-US: Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne CVE-2008-1827 (Multiple unspecified vulnerabilities in Oracle E-Business Suite 11.5.1 ...) NOT-FOR-US: Oracle E-Business Suite CVE-2008-1826 (Multiple unspecified vulnerabilities in Oracle E-Business Suite 11.5.1 ...) NOT-FOR-US: Oracle E-Business Suite CVE-2008-1825 (Unspecified vulnerability in the Oracle Portal component in Oracle App ...) NOT-FOR-US: Oracle CVE-2008-1824 (Unspecified vulnerability in the Oracle Dynamic Monitoring Service com ...) NOT-FOR-US: Oracle CVE-2008-1823 (Unspecified vulnerability in the Oracle Jinitiator component in Oracle ...) NOT-FOR-US: Oracle CVE-2008-1822 (Unspecified vulnerability in the Oracle Application Express component ...) NOT-FOR-US: Oracle CVE-2008-1821 (Unspecified vulnerability in the Advanced Queuing component in Oracle ...) NOT-FOR-US: Oracle CVE-2008-1820 (Unspecified vulnerability in the Data Pump component in Oracle Databas ...) NOT-FOR-US: Oracle CVE-2008-1819 (Unspecified vulnerability in the Oracle Net Services component in Orac ...) NOT-FOR-US: Oracle CVE-2008-1818 (Unspecified vulnerability in the Authentication component in Oracle Da ...) NOT-FOR-US: Oracle CVE-2008-1817 (Multiple unspecified vulnerabilities in Oracle Database 9.0.1.5 FIPS+, ...) NOT-FOR-US: Oracle CVE-2008-1816 (Multiple unspecified vulnerabilities in Oracle Database 10.1.0.5 and 1 ...) NOT-FOR-US: Oracle CVE-2008-1815 (Unspecified vulnerability in the Change Data Capture component in Orac ...) NOT-FOR-US: Oracle CVE-2008-1814 (Unspecified vulnerability in the Oracle Secure Enterprise Search or Ul ...) NOT-FOR-US: Oracle CVE-2008-1813 (Multiple unspecified vulnerabilities in Oracle Database 9.0.1.5 FIPS+, ...) NOT-FOR-US: Oracle CVE-2008-1812 (Unspecified vulnerability in the Oracle Enterprise Manager component i ...) NOT-FOR-US: Oracle CVE-2008-1811 (Unspecified vulnerability in Oracle Application Express 3.0.1 has unsp ...) NOT-FOR-US: Oracle CVE-2008-1810 (Untrusted search path vulnerability in dbmsrv in SAP MaxDB 7.6.03.15 o ...) NOT-FOR-US: SAP MaxDB CVE-2008-1809 (Heap-based buffer overflow in Novell eDirectory 8.7.3 before 8.7.3.10b ...) NOT-FOR-US: Novell eDirectory CVE-2008-1808 (Multiple off-by-one errors in FreeType2 before 2.3.6 allow context-dep ...) {DSA-1635-1 DTSA-139-1} - freetype 2.3.6-1 (low; bug #485841) CVE-2008-1807 (FreeType2 before 2.3.6 allow context-dependent attackers to execute ar ...) {DSA-1635-1 DTSA-139-1} - freetype 2.3.6-1 (medium; bug #485841) CVE-2008-1806 (Integer overflow in FreeType2 before 2.3.6 allows context-dependent at ...) {DSA-1635-1 DTSA-139-1} - freetype 2.3.6-1 (medium; bug #485841) CVE-2008-1805 (Incomplete blacklist vulnerability in Skype 3.6.0.248, and other versi ...) NOT-FOR-US: Skype CVE-2008-1804 (preprocessors/spp_frag3.c in Sourcefire Snort before 2.8.1 does not pr ...) {DTSA-173-1} - snort 2.7.0-20 (low; bug #483160) [lenny] - snort 2.7.0-20.2 (low; bug #483160) [etch] - snort (Only 2.6 and 2.8 are affected) CVE-2008-1803 (Integer signedness error in the xrealloc function (rdesktop.c) in RDes ...) {DSA-1573-1} - rdesktop 1.5.0-4+cvs20071006 (bug #480135) CVE-2008-1802 (Buffer overflow in the process_redirect_pdu (rdp.c) function in rdeskt ...) {DSA-1573-1} - rdesktop 1.5.0-4+cvs20071006 (bug #480134) CVE-2008-1801 (Integer underflow in the iso_recv_msg function (iso.c) in rdesktop 1.5 ...) {DSA-1573-1} - rdesktop 1.5.0-4+cvs20071006 (bug #480133) CVE-2008-1800 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in Di ...) NOT-FOR-US: DivXDB CVE-2008-1799 (Directory traversal vulnerability in thumbnails.php in sabros.us 1.75 ...) NOT-FOR-US: sabros.us CVE-2008-1798 (Directory traversal vulnerability in forum/kietu/libs/calendrier.php i ...) NOT-FOR-US: Dragoon CVE-2008-1797 (Unspecified vulnerability in Secure Computing Webwasher 5.30 before bu ...) NOT-FOR-US: Secure Computing Webwasher CVE-2008-1796 (Comix 3.6.4 creates temporary directories with predictable names, whic ...) - comix 3.6.4-1.1 (unimportant) NOTE: only exploitable with insecure umask settings CVE-2008-1795 (Multiple cross-site scripting (XSS) vulnerabilities in Blackboard Acad ...) NOT-FOR-US: Blackboard Academic Suite CVE-2008-1794 (Multiple cross-site scripting (XSS) vulnerabilities in the Webform Dru ...) NOT-FOR-US: Webform Drupal module CVE-2008-1793 (Multiple cross-site scripting (XSS) vulnerabilities in view.cgi in Sma ...) NOT-FOR-US: Smart CVE-2008-1792 (Cross-site scripting (XSS) vulnerability in the insertion filter in th ...) NOT-FOR-US: Flickr Drupal module CVE-2008-1791 (SQL injection vulnerability in ladder.php in My Gaming Ladder 7.5 and ...) NOT-FOR-US: My Gaming Ladder CVE-2008-1790 (Unrestricted file upload vulnerability in iScripts SocialWare allows r ...) NOT-FOR-US: iScripts CVE-2008-1789 (SQL injection vulnerability in forum.php in Prozilla Forum allows remo ...) NOT-FOR-US: Prozilla Forum CVE-2008-1788 (SQL injection vulnerability in directory.php in Prozilla Entertainers ...) NOT-FOR-US: Prozilla Entertainers CVE-2008-1787 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in Po ...) NOT-FOR-US: Poplar Gedcom Viewer CVE-2008-1786 (The DSM gui_cm_ctrls ActiveX control (gui_cm_ctrls.ocx), as used in mu ...) NOT-FOR-US: CA products CVE-2008-1785 (delete.php in Prozilla Top 100 1.2 allows remote authenticated users t ...) NOT-FOR-US: Prozilla Top 100 CVE-2008-1784 (Prozilla Topsites 1.0 allows remote attackers to perform administrativ ...) NOT-FOR-US: Prozilla Topsites CVE-2008-1783 (Prozilla Reviews 1.0 allows remote attackers to delete arbitrary users ...) NOT-FOR-US: Prozilla Reviews CVE-2008-1782 (phpdemo/viewsource.php in Advanced Software Engineering ChartDirector ...) NOT-FOR-US: Advanced Software Engineering ChartDirector CVE-2008-1837 (libclamunrar in ClamAV before 0.93 allows remote attackers to cause a ...) - clamav (Debian doesn't include libunrar since it's non-free) CVE-2008-1835 (ClamAV before 0.93 allows remote attackers to bypass the scanning engi ...) - clamav (Debian doesn't include libunrar since it's non-free) CVE-2008-1832 (lib/prefs.tcl in Cecilia 2.0.5 allows local users to overwrite arbitra ...) - cecilia 2.0.5-2.1 (low; bug #476321) [etch] - cecilia (Minor issue) CVE-2008-1781 REJECTED CVE-2008-1780 (Unspecified vulnerability in the labeled networking functionality in S ...) NOT-FOR-US: Solaris CVE-2008-1779 (Sun Solaris 8, 9, and 10 allows "remote privileged" users to cause a d ...) NOT-FOR-US: Solaris CVE-2008-1778 (Unspecified vulnerability in the floating point context switch impleme ...) NOT-FOR-US: Solaris CVE-2008-1777 (The eDirectory Host Environment service (dhost.exe) in Novell eDirecto ...) NOT-FOR-US: Novell eDirectory CVE-2008-1776 (PHP remote file inclusion vulnerability in modules/basicfog/basicfogfa ...) NOT-FOR-US: PhpBlock CVE-2008-1775 (Cross-site scripting (XSS) vulnerability in mindex.do in ManageEngine ...) NOT-FOR-US: ManageEngine Firewall Analyzer CVE-2008-1774 (SQL injection vulnerability in editlink.php in Pligg 9.9.0 allows remo ...) NOT-FOR-US: Pligg CVE-2008-1773 (PHP remote file inclusion vulnerability in includes/header.inc.php in ...) NOT-FOR-US: Dragoon CVE-2008-1772 (iScripts SocialWare stores passwords in cleartext in a database, which ...) NOT-FOR-US: iScripts SocialWare CVE-2008-1771 (Integer overflow in the ws_getpostvars function in Firefly Media Serve ...) {DSA-1597-1} - mt-daapd 0.9~r1696-1.3 (medium; bug #476241) CVE-2008-1770 (CRLF injection vulnerability in Akamai Download Manager ActiveX contro ...) NOT-FOR-US: Akamai Download Manager CVE-2008-1769 (VLC before 0.8.6f allow remote attackers to cause a denial of service ...) {DSA-1819-1 DTSA-125-1} - vlc 0.8.6.e-2.1 (low; bug #478140) CVE-2008-1768 (Multiple integer overflows in VLC before 0.8.6f allow remote attackers ...) {DSA-1819-1 DTSA-125-1} - vlc 0.8.6.e-2.1 (medium; bug #478140) CVE-2008-1767 (Buffer overflow in pattern.c in libxslt before 1.1.24 allows context-d ...) {DSA-1589-1} - libxslt 1.1.24-1 (bug #482664) CVE-2008-1766 (Multiple unspecified vulnerabilities in phpBB before 3.0.1 have unknow ...) - phpbb3 3.0.1-1 (low) - phpbb2 (Vulnerable code not present) CVE-2008-1765 (Buffer overflow in Adobe Photoshop Album Starter Edition 3.2, and poss ...) NOT-FOR-US: Adobe CVE-2008-1764 (Unspecified vulnerability in Opera before 9.27 has unknown impact and ...) NOT-FOR-US: Opera CVE-2008-1763 (SQL injection vulnerability in _blogadata/include/sond_result.php in B ...) NOT-FOR-US: Blogator-script CVE-2008-1762 (Opera before 9.27 allows remote attackers to cause a denial of service ...) NOT-FOR-US: Opera CVE-2008-1761 (Opera before 9.27 allows remote attackers to cause a denial of service ...) NOT-FOR-US: Opera CVE-2008-1760 (Multiple PHP remote file inclusion vulnerabilities in Blogator-script ...) NOT-FOR-US: Blogator-script CVE-2008-1759 (SQL injection vulnerability in the jeuxflash module for KwsPHP allows ...) NOT-FOR-US: KwsPHP CVE-2008-1758 (SQL injection vulnerability in the ConcoursPhoto module for KwsPHP all ...) NOT-FOR-US: KwsPHP CVE-2008-1757 (Cross-site scripting (XSS) vulnerability in index.php in the ConcoursP ...) NOT-FOR-US: KwsPHP CVE-2008-1756 (Unspecified vulnerability in the Qmaster daemon in Sun N1 Grid Engine ...) NOT-FOR-US: Sun CVE-2008-1755 (Directory traversal vulnerability in the showSource function in showSo ...) NOT-FOR-US: World of Phaos CVE-2008-1754 (Symantec Altiris Deployment Solution before 6.9.164 stores the Deploym ...) NOT-FOR-US: Symantec CVE-2008-1753 (Cross-site scripting (XSS) vulnerability in system/workplace/admin/wor ...) NOT-FOR-US: Alkacon OpenCMS CVE-2008-1752 (ezRADIUS 0.1 stores sensitive information under the web root with insu ...) NOT-FOR-US: ezRADIUS CVE-2008-1751 (Multiple directory traversal vulnerabilities in index.php in Ksemail a ...) NOT-FOR-US: Ksemail CVE-2008-1750 (SQL injection vulnerability in Integry Systems LiveCart 1.1.1 and earl ...) NOT-FOR-US: LiveCart CVE-2008-1749 (Memory leak in Cisco Content Switching Module (CSM) 4.2(3) up to 4.2(8 ...) NOT-FOR-US: Cisco firmware CVE-2008-1748 (Cisco Unified Communications Manager 4.1 before 4.1(3)SR7, 4.2 before ...) NOT-FOR-US: Cisco firmware CVE-2008-1747 (Unspecified vulnerability in Cisco Unified Communications Manager 4.1 ...) NOT-FOR-US: Cisco firmware CVE-2008-1746 (The SNMP Trap Agent service in Cisco Unified Communications Manager (C ...) NOT-FOR-US: Cisco firmware CVE-2008-1745 (Cisco Unified Communications Manager (CUCM) 5.x before 5.1(2) and 6.x ...) NOT-FOR-US: Cisco firmware CVE-2008-1744 (The Certificate Authority Proxy Function (CAPF) service in Cisco Unifi ...) NOT-FOR-US: Cisco firmware CVE-2008-1743 (Memory leak in the Certificate Trust List (CTL) Provider service in Ci ...) NOT-FOR-US: Cisco firmware CVE-2008-1742 (Memory leak in the Certificate Trust List (CTL) Provider service in Ci ...) NOT-FOR-US: Cisco firmware CVE-2008-1741 (The SIP Proxy (SIPD) service in Cisco Unified Presence before 6.0(3) a ...) NOT-FOR-US: Cisco firmware CVE-2008-1740 (The Presence Engine (PE) service in Cisco Unified Presence before 6.0( ...) NOT-FOR-US: Cisco firmware CVE-2008-1739 (Apple QuickTime before 7.4.5 allows remote attackers to cause a denial ...) NOT-FOR-US: Apple QuickTime CVE-2008-1738 (Rising Antivirus 2008 before 20.38.20 allows local users to cause a de ...) NOT-FOR-US: Rising Antivirus CVE-2008-1737 (Sophos Anti-Virus 7.0.5, and other 7.x versions, when Runtime Behaviou ...) NOT-FOR-US: Sophos Anti-Virus CVE-2008-1736 (Comodo Firewall Pro before 3.0 does not properly validate certain para ...) NOT-FOR-US: Comodo Firewall CVE-2008-1735 (BitDefender Antivirus 2008 20080118 and earlier allows local users to ...) NOT-FOR-US: BitDefender Antivirus CVE-2008-1734 (Interpretation conflict in PHP Toolkit before 1.0.1 on Gentoo Linux mi ...) NOT-FOR-US: PHP Toolkit (Gentoo specific) CVE-2008-1733 (SQL injection vulnerability in puarcade.class.php 2.2 and earlier in t ...) NOT-FOR-US: Joomla component Pragmatic Utopia PU Arcade CVE-2008-1732 (SQL injection vulnerability in showpredictionsformatch.php in Predicti ...) NOT-FOR-US: Prediction Football CVE-2008-1731 (The Simple Access module for Drupal 5.x through 5.x-1.2-2 does not pro ...) NOT-FOR-US: Drupal module Simple Access CVE-2008-1730 (Directory traversal vulnerability in download.html in ARWScripts Galle ...) NOT-FOR-US: ARWScripts Gallery Script Lite CVE-2008-1729 (The menu system in Drupal 6 before 6.2 has incorrect menu settings, wh ...) NOT-FOR-US: Drupal 6 (not packaged yet) CVE-2008-1728 (ConnectionManagerImpl.java in Ignite Realtime Openfire 3.4.5 allows re ...) NOT-FOR-US: Ignite Realtime Openfire CVE-2008-1727 (KnowledgeQuest 2.5 and 2.6 does not require authentication for access ...) NOT-FOR-US: KnowledgeQuest CVE-2008-1726 (Multiple SQL injection vulnerabilities in KnowledgeQuest 2.6, when mag ...) NOT-FOR-US: KnowledgeQuest CVE-2008-1725 (The IBizEBank.FIProfile.1 ActiveX control in fiprofile20.ocx in IBiz E ...) NOT-FOR-US: ActiveX CVE-2008-1724 (Stack-based buffer overflow in the IActiveXTransfer.FileTransfer metho ...) NOT-FOR-US: ActiveX CVE-2008-1723 RESERVED CVE-2008-1722 (Multiple integer overflows in (1) filter/image-png.c and (2) filter/im ...) {DSA-1625-1} - cups 1.3.7-2 (medium; bug #476305) - cupsys 1.3.7-2 (medium; bug #476305) CVE-2008-1721 (Integer signedness error in the zlib extension module in Python 2.5.2 ...) {DSA-1620-1 DSA-1551-1} - python2.4 2.4.5-2 - python2.5 2.5.2-3 CVE-2008-1719 (Multiple cross-site request forgery (CSRF) vulnerabilities in Nuke ET ...) NOT-FOR-US: Nuke ET CVE-2008-1718 (Buffer overflow in mimesr.dll in Autonomy (formerly Verity) KeyView, a ...) NOT-FOR-US: IBM Lotus Notes CVE-2008-1717 (WoltLab Community Framework (WCF) 1.0.6 in WoltLab Burning Board 3.0.5 ...) NOT-FOR-US: WoltLab Community Framework CVE-2008-1716 (Cross-site scripting (XSS) vulnerability in WoltLab Community Framewor ...) NOT-FOR-US: WoltLab Community Framework CVE-2008-1715 (SQL injection vulnerability in content/user.php in AuraCMS 2.2.1 and e ...) NOT-FOR-US: AuraCMS CVE-2008-1714 (SQL injection vulnerability in show.php in FaScript FaPhoto 1.0, when ...) NOT-FOR-US: FaScript FaPhoto CVE-2008-1713 (MailServer.exe in NoticeWare Email Server 4.6.1.0 allows remote attack ...) NOT-FOR-US: NoticeWare Email Server CVE-2008-1712 (PHP remote file inclusion vulnerability in includes/functions_weblog.p ...) NOT-FOR-US: mx_blogs CVE-2008-1711 (Terong PHP Photo Gallery (aka Advanced Web Photo Gallery) 1.0 stores p ...) NOT-FOR-US: Terong PHP Photo Gallery CVE-2008-1710 (Untrusted search path vulnerability in chnfsmnt in IBM AIX 6.1 allows ...) NOT-FOR-US: IBM AIX CVE-2008-1709 (Buffer overflow in Microsoft Visual InterDev 6.0 (SP6) allows user-ass ...) NOT-FOR-US: Microsoft Visual InterDev CVE-2008-1708 (IBM solidDB 06.00.1018 and earlier does not validate a certain field t ...) NOT-FOR-US: IBM solidDB CVE-2008-1707 (IBM solidDB 06.00.1018 and earlier allows remote attackers to cause a ...) NOT-FOR-US: IBM solidDB CVE-2008-1706 (Uncontrolled array index in IBM solidDB 06.00.1018 and earlier allows ...) NOT-FOR-US: IBM solidDB CVE-2008-1705 (Format string vulnerability in the logging function in IBM solidDB 06. ...) NOT-FOR-US: IBM solidDB CVE-2008-1887 (Python 2.5.2 and earlier allows context-dependent attackers to execute ...) {DSA-1620-1 DSA-1551-1} - python2.4 2.4.5-2 - python2.5 2.5.2-3 CVE-2008-1877 (tss 0.8.1 allows local users to read arbitrary files via the -a parame ...) - tss (medium; bug #475747; bug #475736) CVE-2008-1720 (Buffer overflow in rsync 2.6.9 to 3.0.1, with extended attribute (xatt ...) {DSA-1545-1} - rsync 3.0.2-1 NOTE: Etch is affected (it enables the acl upstream patch) NOTE: http://samba.anu.edu.au/rsync/security.html#s3_0_2 CVE-2008-1704 (Multiple buffer overflows in TIBCO Software Enterprise Message Service ...) NOT-FOR-US: TIBCO CVE-2008-1703 (Multiple buffer overflows in TIBCO Software Rendezvous before 8.1.0, a ...) NOT-FOR-US: TIBCO CVE-2008-1702 (Absolute path traversal vulnerability in dload.php in the my_gallery 2 ...) NOT-FOR-US: my_gallery plugin for e107 CVE-2008-1701 (Novell NetWare 6.5 allows attackers to cause a denial of service (ABEN ...) NOT-FOR-US: Novell NetWare CVE-2008-1700 (The Web TransferCtrl Class 8,2,1,4 (iManFile.cab), as used in WorkSite ...) NOT-FOR-US: WorkSite Web CVE-2008-1699 (SQL injection vulnerability in permalink.php in Desi Quintans Writer's ...) NOT-FOR-US: Desi Quintans Writer's Block CMS CVE-2008-1698 (Cross-site scripting (XSS) vulnerability in gallery.php in Simple Gall ...) NOT-FOR-US: Simple Gallery CVE-2008-1697 (Stack-based buffer overflow in ovwparser.dll in HP OpenView Network No ...) NOT-FOR-US: HP OpenView Network Node Manager CVE-2008-1696 (Directory traversal vulnerability in makepost.php in DaZPHPNews 0.1-1, ...) NOT-FOR-US: DaZPHPNews CVE-2008-1695 RESERVED CVE-2008-1694 (vcdiff in Emacs 20.7 to 22.1.50, when used with SCCS, allows local use ...) - emacs21 21.4a+1-5.6 (low; bug #476612) [etch] - emacs21 (Minor issue) - emacs22 22.2+2-2 (low; bug #476611) - xemacs21 21.4.21-4 (low; bug #476613) [etch] - xemacs21 (Minor issue) CVE-2008-1693 (The CairoFont::create function in CairoFontEngine.cc in Poppler, possi ...) {DSA-1606-1 DSA-1548-1} - xpdf 3.02 - poppler 0.6.4-1 (bug #476842) - kdegraphics (Vulnerable code not present) - texlive-bin (code already has the needed fix) NOTE: see GfxFont.cc GfxFont::readEmbFontFile, line 362 checks if the font file is NOTE: a stream or not. Anyone knows a fixed version? - texlive-base (Vulnerable code not present) - swftools (Vulnerable file/code not present) CVE-2008-1692 (Eterm 0.9.4 opens a terminal window on :0 if -display is not specified ...) - eterm 0.9.4.0debian1-2.1 (unimportant; bug #473127) CVE-2008-1691 (Unspecified vulnerability in SLMail.exe in SLMail Pro 6.3.1.0 and earl ...) NOT-FOR-US: SLMail Pro CVE-2008-1690 (WebContainer.exe 1.0.0.336 and earlier in SLMail Pro 6.3.1.0 and earli ...) NOT-FOR-US: SLMail Pro CVE-2008-1689 (Stack consumption vulnerability in WebContainer.exe 1.0.0.336 and earl ...) NOT-FOR-US: SLMail Pro CVE-2008-1688 (Unspecified vulnerability in GNU m4 before 1.4.11 might allow context- ...) - m4 (unimportant) NOTE: The file name is passed through a cmdline argument and m4 doesn't run with NOTE: elevated privileges. CVE-2008-1687 (The (1) maketemp and (2) mkstemp builtin functions in GNU m4 before 1. ...) - m4 (unimportant) NOTE: This is more a generic bug and not a security issue: the random output would NOTE: need to match the name of an existing macro CVE-2008-1686 (Array index vulnerability in Speex 1.1.12 and earlier, as used in libf ...) {DSA-1586-1 DSA-1585-1 DSA-1584-1 DTSA-127-1 DTSA-128-1 DTSA-129-1} - speex 1.2~beta2-1 (medium) - libfishsound 0.7.0-2.2 (medium; bug #475152) - xine-lib 1.1.12-1 (medium) CVE-2008-1685 - gcc-4.3 4.3.1-1 (bug #482698; unimportant) NOTE: dup of CVE-2006-1902 which is fixed in Debian? CVE-2008-1684 (inetd on Sun Solaris 10, when debug logging is enabled, allows local u ...) NOT-FOR-US: Sun Solaris CVE-2008-1683 REJECTED CVE-2008-1682 (PHP remote file inclusion vulnerability in quiz/common/db_config.inc.p ...) NOT-FOR-US: com_onlineflashquiz component for Joomla! CVE-2008-1681 (Unspecified vulnerability in IBM DB2 Content Manager before 8.3 FP8 ha ...) NOT-FOR-US: IBM DB2IBM DB2 CVE-2008-1680 (PHP-Nuke Platinum 7.6.b.5 allows remote attackers to obtain configurat ...) NOT-FOR-US: PHP-Nuke Platinum CVE-2008-1679 (Multiple integer overflows in imageop.c in Python before 2.5.3 allow c ...) {DSA-1620-1 DSA-1551-1} - python2.4 2.4.5-2 - python2.5 2.5.2-3 CVE-2008-1678 (Memory leak in the zlib_stateful_init function in crypto/comp/c_zlib.c ...) {DTSA-131-1} - apache2 2.2.8-4 [etch] - apache2 (only a problem with openssl 0.9.8f or later) NOTE: https://issues.apache.org/bugzilla/show_bug.cgi?id=44975 CVE-2008-1677 (Buffer overflow in the regular expression handler in Red Hat Directory ...) NOT-FOR-US: Red Hat Directory Server CVE-2008-1676 (Red Hat PKI Common Framework (rhpki-common) in Red Hat Certificate Sys ...) NOT-FOR-US: Red Hat Issue CVE-2008-1675 (The bdx_ioctl_priv function in the tehuti driver (tehuti.c) in Linux k ...) - linux-2.6 2.6.25-2 (low) [etch] - linux-2.6 (Tehuti driver not in 2.6.18) - linux-2.6.24 2.6.24-6~etchnhalf.2 NOTE: Fixed in 2.6.24.6 and 2.6.25.1 CVE-2008-1674 REJECTED CVE-2008-1673 (The asn1 implementation in (a) the Linux kernel 2.4 before 2.4.36.6 an ...) {DSA-1592-1} - linux-2.6 2.6.25-5 (bug #485944) - linux-2.6.24 2.6.24-6~etchnhalf.3 CVE-2008-1672 (OpenSSL 0.9.8f and 0.9.8g allows remote attackers to cause a denial of ...) {DTSA-136-1} - openssl 0.9.8g-10.1 (bug #483379) [etch] - openssl (Vulnerable code (TLS extensions) not present) CVE-2008-1671 (start_kdeinit in KDE 3.5.5 through 3.5.9, when installed setuid root, ...) {DSA-1867-1} - kdelibs 4:3.5.9.dfsg.1-4 (low; bug #478024) [etch] - kdelibs (Minor issue) CVE-2008-1670 (Heap-based buffer overflow in the progressive PNG Image loader (decode ...) - kdelibs (Vulnerable code introduce in kde 4.0) - kde4libs 4:4.0.72-1 (bug #478283) CVE-2008-1669 (Linux kernel before 2.6.25.2 does not apply a certain protection mecha ...) {DSA-1575-1} - linux-2.6 2.6.25-2 (low) - linux-2.6.24 2.6.24-6~etchnhalf.2 NOTE: 0b2bac2f1ea0d33a3621b27ca68b9ae760fca2e9, fixed in 2.6.24.7 and 2.6.25.2 CVE-2008-1668 (ftpd.c in (1) wu-ftpd 2.4.2 and (2) ftpd in HP HP-UX B.11.11 assigns u ...) NOT-FOR-US: wu-ftpd in HP-UX CVE-2008-1667 (The Probe Builder Service (aka PBOVISServer.exe) in European Performan ...) NOT-FOR-US: Probe Builder 2.2 CVE-2008-1666 (Unspecified vulnerability in HP Oracle for OpenView (OfO) 8.1.7, 9.1.0 ...) NOT-FOR-US: HP Oracle for OpenView CVE-2008-1665 (Multiple unspecified vulnerabilities in HP Select Identity (HPSI) Acti ...) NOT-FOR-US: HP Select Identity CVE-2008-1664 (Unspecified vulnerability in libc on HP HP-UX B.11.23 and B.11.31 allo ...) NOT-FOR-US: HP HP-UX CVE-2008-1663 (Cross-site scripting (XSS) vulnerability in HP System Management Homep ...) NOT-FOR-US: HP System Management Homepage CVE-2008-1662 (Unspecified vulnerability in the HP System Administration Manager (SAM ...) NOT-FOR-US: HP System Administration Manager CVE-2008-1661 (Stack-based buffer overflow in DoubleTake.exe in HP StorageWorks Stora ...) NOT-FOR-US: HP StorageWorks CVE-2008-1660 (Unspecified vulnerability in useradd on HP-UX B.11.11, B.11.23, and B. ...) NOT-FOR-US: HP-UX CVE-2008-1659 (Unspecified vulnerability in HP LDAP-UX vB.04.10 through vB.04.15 allo ...) NOT-FOR-US: HP LDAP-UX CVE-2008-1658 (Format string vulnerability in the grant helper (polkit-grant-helper.c ...) - policykit-1 0.8-1 (medium; bug #476615; bug #476616) CVE-2008-1657 (OpenSSH 4.4 up to versions before 4.9 allows remote authenticated user ...) - openssh 1:4.7p1-8 (low; bug #475156) [etch] - openssh (Vulnerable functionality was introduced in 4.4) CVE-2008-1656 (Adobe ColdFusion 8 and 8.0.1 does not properly implement the public ac ...) NOT-FOR-US: Adobe ColdFusion CVE-2008-1655 (Unspecified vulnerability in Adobe Flash Player 9.0.115.0 and earlier, ...) - flashplugin-nonfree 1:1.4 [etch] - flashplugin-nonfree (Contrib not supported) NOTE: Fix came from Adobe via new Adobe Flash Player, debian package didn't change CVE-2008-1654 (Interaction error between Adobe Flash and multiple Universal Plug and ...) - flashplugin-nonfree 1:1.4 [etch] - flashplugin-nonfree (Contrib not supported) CVE-2008-1653 (Directory traversal vulnerability in index.php in Sava's Link Manager ...) NOT-FOR-US: Sava's Link Manager CVE-2008-1652 (Directory traversal vulnerability in the _serve_request_multiple funct ...) - perlbal (Fixed before initial upload to archive) CVE-2008-1651 (Directory traversal vulnerability in admin/login.php in EasyNews 4.0 a ...) NOT-FOR-US: EasyNews CVE-2008-1650 (SQL injection vulnerability in dynamicpages/index.php in EasyNews 4.0 ...) NOT-FOR-US: EasyNews CVE-2008-1649 (Cross-site scripting (XSS) vulnerability in staticpages/easypublish/in ...) NOT-FOR-US: EasyNews CVE-2008-1648 (Sympa before 5.4 allows remote attackers to cause a denial of service ...) {DSA-1600-1} - sympa 5.3.4-4 (medium; bug #475163) CVE-2008-1647 (The ChilkatHttp.ChilkatHttp.1 and ChilkatHttp.ChilkatHttpRequest.1 Act ...) NOT-FOR-US: ChilkatHttp CVE-2008-1646 (SQL injection vulnerability in wp-download.php in the WP-Download 1.2 ...) NOT-FOR-US: WP-Download plugin for WordPress CVE-2008-1645 (Directory traversal vulnerability in body.php in phpSpamManager (phpSM ...) NOT-FOR-US: phpSpamManager CVE-2008-1644 (SQL injection vulnerability in viewlinks.php in Sava's Link Manager 2. ...) NOT-FOR-US: Sava's Link Manager CVE-2008-1643 (Directory traversal vulnerability in the PXE TFTP Service (PXEMTFTP.ex ...) NOT-FOR-US: LANDesk Management Suite CVE-2008-1642 (Directory traversal vulnerability in index.php in Sava's GuestBook 2.0 ...) NOT-FOR-US: Sava's GuestBook CVE-2008-1641 (SQL injection vulnerability in default.asp in EfesTECH Video 5.0 allow ...) NOT-FOR-US: EfesTECH Video CVE-2008-1640 (SQL injection vulnerability in jgs_treffen.php in the JGS-XA JGS-Treff ...) NOT-FOR-US: JGS-Treffen CVE-2008-1639 (SQL injection vulnerability in index.php in Neat weblog 0.2 allows rem ...) NOT-FOR-US: Neat weblog CVE-2008-1638 (Nik Sharpener Pro, possibly 2.0, uses world-writable permissions for p ...) NOT-FOR-US: Nik Sharpener Pro CVE-2008-1637 (PowerDNS Recursor before 3.1.5 uses insufficient randomness to calcula ...) {DSA-1544-2 DSA-1544-1} - pdns-recursor 3.1.7-1 NOTE: Fix in 3.1.5 was incomplete, see CVE-2008-3217 CVE-2008-1636 (Cross-site scripting (XSS) vulnerability in index.php in JV2 Quick Gal ...) NOT-FOR-US: JV2 Quick Gallery CVE-2008-1635 (Directory traversal vulnerability in view_private.php in Keep It Simpl ...) NOT-FOR-US: Keep It Simple Guest Book CVE-2008-1634 (Cross-site scripting (XSS) vulnerability in index.php in JV2 Folder Ga ...) NOT-FOR-US: JV2 Folder Gallery CVE-2008-1633 (Unspecified vulnerability in Mondo Rescue before 2.2.5 has unknown imp ...) - mondo 1:2.2.7-1 (bug #475221) CVE-2008-1632 (Multiple SQL injection vulnerabilities in CuteFlow 2.10.0 allow remote ...) - cuteflow (bug #465372) CVE-2008-1631 (SQL injection vulnerability in login.php in CuteFlow 1.5.0 and 2.10.0 ...) - cuteflow (bug #465372) CVE-2008-1630 (Multiple cross-site scripting (XSS) vulnerabilities in CuteFlow 1.5.0 ...) - cuteflow (bug #465372) CVE-2008-1629 (Cross-site scripting (XSS) vulnerability in PHPkrm before 1.5.0 allows ...) NOT-FOR-US: PHPkrm CVE-2008-1628 (Stack-based buffer overflow in the audit_log_user_command function in ...) {DTSA-123-1} - audit 1.5.3-2.1 (medium; bug #475227) NOTE: auditd runs as root CVE-2008-1627 (CDS Invenio 0.92.1 and earlier allows remote authenticated users to de ...) NOT-FOR-US: CDS Invenio CVE-2008-1626 (SQL injection vulnerability in eggBlog before 4.0.1 allows remote atta ...) NOT-FOR-US: eggBlog CVE-2008-1625 (aavmker4.sys in avast! Home and Professional 4.7 for Windows does not ...) NOT-FOR-US: avast! Home and Professional CVE-2008-1624 (Directory traversal vulnerability in v2demo/page.php in Jshop Server 1 ...) NOT-FOR-US: Jshop Server CVE-2008-1623 (SQL injection vulnerability in admin_view_image.php in Smoothflash all ...) NOT-FOR-US: Smoothflash CVE-2008-1622 (Multiple PHP remote file inclusion vulnerabilities in GeeCarts allow r ...) NOT-FOR-US: GeeCarts CVE-2008-1621 (Multiple cross-site scripting (XSS) vulnerabilities in GeeCarts allow ...) NOT-FOR-US: GeeCarts CVE-2008-1620 (Directory traversal vulnerability in 2X TFTP service (TFTPd.exe) 3.2.0 ...) NOT-FOR-US: ThinClientServer CVE-2008-1619 (The ssm_i emulation in Xen 5.1 on IA64 architectures allows attackers ...) - xen-3 (Debian Xen does not support ia64) - xen-unstable (Debian Xen does not support ia64) - xen-3.0 (Debian Xen does not support ia64) CVE-2008-1618 (The PPTP VPN service in Watchguard Firebox before 10, when performing ...) NOT-FOR-US: Watchguard Firebox CVE-2008-1617 (Double free vulnerability in Web TransferCtrl Class 8,2,1,4 (iManFile. ...) NOT-FOR-US: WorkSite Web CVE-2008-1616 RESERVED CVE-2008-1615 (Linux kernel 2.6.18, and possibly other versions, when running on AMD6 ...) {DSA-1588-1} - linux-2.6 2.6.25-1 (medium; bug #480390) - linux-2.6.24 2.6.24-6~etchnhalf.3 CVE-2008-1614 (suPHP before 0.6.3 allows local users to gain privileges via (1) a rac ...) {DSA-1550-1 DTSA-124-1} - suphp 0.6.2-2.1 (low; bug #475431) CVE-2008-1613 (SQL injection vulnerability in ioRD.asp in RedDot CMS 7.5 Build 7.5.0. ...) NOT-FOR-US: RedDot CMS CVE-2008-1612 (The arrayShrink function (lib/Array.c) in Squid 2.6.STABLE17 allows at ...) {DSA-1646-2} - squid 2.6.18-1 (medium) CVE-2008-1611 (Stack-based buffer overflow in TFTP Server SP 1.4 for Windows allows r ...) NOT-FOR-US: TFTP Server for Windows CVE-2008-1610 (Stack-based buffer overflow in TallSoft Quick TFTP Server Pro 2.1 allo ...) NOT-FOR-US: TFTP Server Pro CVE-2008-1609 (Multiple PHP remote file inclusion vulnerabilities in just another fla ...) NOT-FOR-US: JAF CMS CVE-2008-1608 (SQL injection vulnerability in postview.php in Clever Copy 3.0 allows ...) NOT-FOR-US: Clever Copy CVE-2008-1607 (SQL injection vulnerability in haberoku.php in Serbay Arslanhan Bomba ...) NOT-FOR-US: Serbay Arslanhan Bomba Haber CVE-2008-1606 (Multiple directory traversal vulnerabilities in Elastic Path (EP) 4.1 ...) NOT-FOR-US: Elastic Path CVE-2008-1605 (The (1) ltmmCaptureCtrl Class, (2) ltmmConvertCtrl Class, and (3) ltmm ...) NOT-FOR-US: LEADTOOLS CVE-2008-1604 (Cross-site scripting (XSS) vulnerability in PerlMailer before 3.02 all ...) NOT-FOR-US: PerlMailer CVE-2008-1603 (Cross-site scripting (XSS) vulnerability in GNB DesignForm before 3.9 ...) NOT-FOR-US: GNB DesignForm CVE-2008-1602 (Stack-based buffer overflow in Orbit downloader 2.6.3 and 2.6.4 allows ...) NOT-FOR-US: Orbit downloader CVE-2008-1601 (Stack-based buffer overflow in the reboot program on IBM AIX 5.2 and 5 ...) NOT-FOR-US: IBM AIX CVE-2008-1600 (The lsmcode program on IBM AIX 5.2, 5.3, and 6.1 does not properly han ...) NOT-FOR-US: IBM AIX CVE-2008-1599 (The nddstat programs on IBM AIX 5.2, 5.3, and 6.1 do not properly hand ...) NOT-FOR-US: IBM AIX CVE-2008-1598 (The kernel in IBM AIX 6.1 allows local users with ProbeVue privileges ...) NOT-FOR-US: IBM AIX CVE-2008-1597 (The WPAR system call implementation in the kernel in IBM AIX 6.1 allow ...) NOT-FOR-US: IBM AIX CVE-2008-1596 (Trusted Execution in IBM AIX 6.1 uses an incorrect pathname argument i ...) NOT-FOR-US: IBM AIX CVE-2008-1595 (The proc filesystem in the kernel in IBM AIX 5.2 and 5.3 does not prop ...) NOT-FOR-US: IBM AIX CVE-2008-1594 (The kernel in IBM AIX 5.2 and 5.3 does not properly handle resizing JF ...) NOT-FOR-US: IBM AIX CVE-2008-1593 (The checkpoint and restart feature in the kernel in IBM AIX 5.2, 5.3, ...) NOT-FOR-US: IBM AIX CVE-2008-1592 (MQSeries 5.1 in IBM WebSphere MQ 5.1 through 5.3.1 on the HP NonStop a ...) NOT-FOR-US: IBM WebSphere CVE-2008-1591 (The pnVarPrepForStore function in PostNuke 0.764 and earlier skips inp ...) NOT-FOR-US: PostNuke CVE-2008-1590 (JavaScriptCore in WebKit on Apple iPhone before 2.0 and iPod touch bef ...) NOT-FOR-US: iPhone CVE-2008-1589 (Safari on Apple iPhone before 2.0 and iPod touch before 2.0 misinterpr ...) NOT-FOR-US: iPhone CVE-2008-1588 (Safari on Apple iPhone before 2.0 and iPod touch before 2.0 allows rem ...) - webkit (mac-specific issue) NOTE: http://trac.webkit.org/changeset/23963 NOTE: as of 1.1.21, all mac-specific code is no longer even present CVE-2008-1587 RESERVED CVE-2008-1586 (ImageIO in Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touc ...) NOT-FOR-US: Apple ImageIO CVE-2008-1585 (Apple QuickTime before 7.5 uses the url.dll!FileProtocolHandler handle ...) NOT-FOR-US: Apple QuickTime CVE-2008-1584 (Stack-based buffer overflow in Indeo.qtx in Apple QuickTime before 7.5 ...) NOT-FOR-US: Apple QuickTime CVE-2008-1583 (Heap-based buffer overflow in Apple QuickTime before 7.5 allows remote ...) NOT-FOR-US: Apple QuickTime CVE-2008-1582 (Unspecified vulnerability in Apple QuickTime before 7.5 allows remote ...) NOT-FOR-US: Apple QuickTime CVE-2008-1581 (Heap-based buffer overflow in Apple QuickTime before 7.5 on Windows al ...) NOT-FOR-US: Apple QuickTime CVE-2008-1580 (CFNetwork in Safari in Apple Mac OS X before 10.5.3 automatically send ...) NOT-FOR-US: CFNetwork Safari Apple Mac OS CVE-2008-1579 (Wiki Server in Apple Mac OS X 10.5 before 10.5.3 allows remote attacke ...) NOT-FOR-US: Wiki Server Apple Mac OS CVE-2008-1578 (The sso_util program in Single Sign-On in Apple Mac OS X before 10.5.3 ...) NOT-FOR-US: Apple Mac OS X CVE-2008-1577 (Unspecified vulnerability in the Pixlet codec in Apple Pixlet Video in ...) NOT-FOR-US: Apple Mac OS X CVE-2008-1576 (Mail in Apple Mac OS X before 10.5, when an IPv6 SMTP server is used, ...) NOT-FOR-US: Apple Mac OS X CVE-2008-1575 (Unspecified vulnerability in the Apple Type Services (ATS) server in A ...) NOT-FOR-US: Apple Mac OS X CVE-2008-1574 (Integer overflow in ImageIO in Apple Mac OS X before 10.5.3 allows rem ...) NOT-FOR-US: Apple Mac OS X CVE-2008-1573 (The BMP and GIF image decoding engine in ImageIO in Apple Mac OS X bef ...) NOT-FOR-US: Apple Mac OS X CVE-2008-1572 (Image Capture in Apple Mac OS X before 10.5 does not properly use temp ...) NOT-FOR-US: Apple Mac OS X CVE-2008-1571 (Directory traversal vulnerability in the embedded web server in Image ...) NOT-FOR-US: Apple Mac OS X CVE-2008-1566 (Cross-site scripting (XSS) vulnerability in Search.do in ManageEngine ...) NOT-FOR-US: ManageEngine Applications Manager CVE-2008-1565 (Directory traversal vulnerability in forum/irc/irc.php in the PJIRC 0. ...) NOT-FOR-US: PJIRC module for phpBB CVE-2008-1564 (Directory traversal vulnerability in Dan Costin File Transfer before 1 ...) NOT-FOR-US: Dan Costin File Transfer CVE-2008-1563 (The "decode as" feature in packet-bssap.c in the SCCP dissector in Wir ...) - wireshark 1.0.0-1 (low) [etch] - wireshark (Only 0.99.6 to 0.99.8 are affected) CVE-2008-1562 (The LDAP dissector in Wireshark (formerly Ethereal) 0.99.2 through 0.9 ...) - wireshark (Only Windows builds are affected according to #1613) CVE-2008-1561 (Multiple unspecified vulnerabilities in Wireshark (formerly Ethereal) ...) - wireshark 1.0.0-1 (low) [etch] - wireshark (Only 0.99.5 to 0.99.8 are affected) CVE-2008-1560 (Multiple cross-site scripting (XSS) vulnerabilities in Digiappz DigiDo ...) NOT-FOR-US: Digiappz DigiDomain CVE-2008-1559 (SQL injection vulnerability in the Bernard Gilly AlphaContent (com_alp ...) NOT-FOR-US: com_alphacontent component for Joomla! CVE-2008-1558 (Uncontrolled array index in the sdpplin_parse function in stream/realr ...) {DSA-1552-1 DTSA-121-1} - mplayer 1.0~rc2-10 (medium; bug #473056) CVE-2008-1557 (BolinOS 4.6.1 allows remote attackers to obtain sensitive information ...) NOT-FOR-US: BolinOS CVE-2008-1556 (Multiple cross-site scripting (XSS) vulnerabilities in BolinOS 4.6.1 a ...) NOT-FOR-US: BolinOS CVE-2008-1555 (Directory traversal vulnerability in system/_b/contentFiles/gbincluder ...) NOT-FOR-US: BolinOS CVE-2008-1554 (SQL injection vulnerability in account/index.php in TopperMod 2.0, whe ...) NOT-FOR-US: TopperMod CVE-2008-1553 (Directory traversal vulnerability in mod.php in TopperMod 1.0 allows r ...) NOT-FOR-US: TopperMod CVE-2008-1552 (The silc_pkcs1_decode function in the silccrypt library (silcpkcs1.c) ...) - silc-toolkit 1.1.7-1 (low) - silc-client (links against libsilc) NOTE: this can't result code execution but only in a crash as data_len - i always results NOTE: in -1 and malloc will never succeed and thus not reaching any free CVE-2008-1551 (SQL injection vulnerability in viewcat.php in the Photo 3.02 module fo ...) NOT-FOR-US: RunCMS CVE-2008-1550 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in Cu ...) NOT-FOR-US: CubeCart CVE-2008-1549 (Multiple SQL injection vulnerabilities in Aeries Browser Interface (AB ...) NOT-FOR-US: Eagle Software Aries Student Information System CVE-2008-1548 (Multiple cross-site scripting (XSS) vulnerabilities in Aeries Browser ...) NOT-FOR-US: Eagle Software Aries Student Information System CVE-2008-1547 (Open redirect vulnerability in exchweb/bin/redir.asp in Microsoft Outl ...) NOT-FOR-US: Outlook CVE-2008-1546 (servlet/MIMEReceiveServlet in the web controller for Mitsubishi Electr ...) NOT-FOR-US: Mitsubishi Electric GB-50 and GB-50A air-conditioning control systems CVE-2008-1545 (The setRequestHeader method of the XMLHttpRequest object in Microsoft ...) NOT-FOR-US: Microsoft IE7 CVE-2008-1544 (The setRequestHeader method of the XMLHttpRequest object in Microsoft ...) NOT-FOR-US: Microsoft IE7 CVE-2008-1543 (The Advanced User Interface Pages in the ProST Web Management componen ...) NOT-FOR-US: Airspan WiMAX ProST CVE-2008-1542 (Airspan Base Station Distribution Unit (BSDU) has "topsecret" as its p ...) NOT-FOR-US: BSDU CVE-2008-1541 (Directory traversal vulnerability in cgi-bin/his-webshop.pl in HIS Web ...) NOT-FOR-US: HIS Webshop CVE-2008-1540 (SQL injection vulnerability in the Datsogallery (com_datsogallery) 1.3 ...) NOT-FOR-US: com_datsogallery module for Joomla! CVE-2008-1539 (SQL injection vulnerability in includes/dynamic_titles.php in PHP-Nuke ...) NOT-FOR-US: PHP-Nuke Platinum CVE-2008-1538 (Cross-site scripting (XSS) vulnerability in searchAction.do in ManageE ...) NOT-FOR-US: ManageEngine EventLog Analyzer CVE-2008-1537 (Directory traversal vulnerability in pb_inc/admincenter/index.php in P ...) NOT-FOR-US: PowerScripts PowerBook CVE-2008-1536 (Cross-site scripting (XSS) vulnerability in index.php in Pictures Pro ...) NOT-FOR-US: Photo Cart CVE-2008-1535 (SQL injection vulnerability in the Matti Kiviharju rekry (aka com_rekr ...) NOT-FOR-US: com_rekry component for Joomla! CVE-2008-1534 (Multiple directory traversal vulnerabilities in PowerPHPBoard 1.00b al ...) NOT-FOR-US: PowerPHPBoard CVE-2008-1533 (Unspecified vulnerability in the XML-RPC Blogger API plugin in Joomla! ...) NOT-FOR-US: Joomla! CVE-2008-1532 (Perlbal before 1.70, when buffered upload is enabled, allows remote at ...) - perlbal (Fixed before initial upload to archive) CVE-2008-1531 (The connection_state_machine function (connections.c) in lighttpd 1.4. ...) {DSA-1540-1} - lighttpd 1.4.19-2 (low; bug #475438) CVE-2008-1570 (Race condition in the create_lockpath function in policyd-weight 0.1.1 ...) {DSA-1531-2} - policyd-weight 0.1.14.17-1 (low) NOTE: http://www.mail-archive.com/policyd-weight-list%40ek-muc.de/msg00798.html CVE-2008-1569 (policyd-weight 0.1.14 beta-16 and earlier allows local users to modify ...) {DSA-1531-2} - policyd-weight 0.1.14.17-1 (low) CVE-2008-1568 (comix 3.6.4 allows attackers to execute arbitrary commands via a filen ...) - comix 3.6.4-1.1 (low; bug #462840) [etch] - comix (Minor issue) NOTE: comix can't be used in a non-interactive setup thus the impact level CVE-2008-1567 (phpMyAdmin before 2.11.5.1 stores the MySQL (1) username and (2) passw ...) {DSA-1557-1} - phpmyadmin 2.11.5.1 NOTE: https://www.phpmyadmin.net/security/PMASA-2008-2/ NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/533bb88e32aafc17e754e5ea5e26e9b02b306993 NOTE: It is a workaround for the limited security that PHP has for NOTE: session files on a shared host. This limitation is documented with NOTE: PHP, warned against and not a specific vulnerability in phpMyAdmin. NOTE: I hence consider it a security enhancement/feature, not a vulnerability. CVE-2008-1530 (GnuPG (gpg) 1.4.8 and 2.0.8 allows remote attackers to cause a denial ...) - gnupg (Only 1.4.8 is affected) NOTE: The next upload was 1.4.9-1, so no vulnerable version was ever in the NOTE: archive [etch] - gnupg (Only 1.4.8 is affected) [sarge] - gnupg (Only 1.4.8 is affected) - gnupg2 2.0.9-1 (bug #472928) [etch] - gnupg2 (Only 2.0.8 is affected) [sarge] - gnupg2 (Only 2.0.8 is affected) CVE-2008-1529 (ZyXEL Prestige routers have a minimum password length for the admin ac ...) NOT-FOR-US: ZyXEL Prestige router firmware CVE-2008-1528 (ZyXEL Prestige routers, including P-660, P-661, and P-662 models with ...) NOT-FOR-US: ZyXEL Prestige router firmware CVE-2008-1527 (ZyXEL Prestige routers, including P-660, P-661, and P-662 models with ...) NOT-FOR-US: ZyXEL Prestige router firmware CVE-2008-1526 (ZyXEL Prestige routers, including P-660, P-661, and P-662 models with ...) NOT-FOR-US: ZyXEL Prestige router firmware CVE-2008-1525 (The default SNMP configuration on ZyXEL Prestige routers, including P- ...) NOT-FOR-US: ZyXEL Prestige router firmware CVE-2008-1524 (The SNMP service on ZyXEL Prestige routers, including P-660 and P-661 ...) NOT-FOR-US: ZyXEL Prestige router firmware CVE-2008-1523 (ZyXEL Prestige routers, including P-660, P-661, and P-662 models with ...) NOT-FOR-US: ZyXEL Prestige router firmware CVE-2008-1522 (ZyXEL Prestige routers, including P-660 and P-661 models with firmware ...) NOT-FOR-US: ZyXEL Prestige router firmware CVE-2008-1521 (ZyXEL Prestige routers, including P-660 and P-661 models with firmware ...) NOT-FOR-US: ZyXEL Prestige router firmware CVE-2008-1520 RESERVED CVE-2008-1519 RESERVED CVE-2008-1518 (Stack-based buffer overflow in kl1.sys in Kaspersky Anti-Virus 6.0 and ...) NOT-FOR-US: Kaspersky Anti-Virus CVE-2008-1517 (Array index error in the xnu (Mach) kernel in Apple Mac OS X 10.5 befo ...) NOT-FOR-US: Apple Mac OS X xnu Kernel CVE-2008-1516 RESERVED CVE-2008-1515 (The SOAP interface in OTRS 2.1.x before 2.1.8 and 2.2.x before 2.2.6 a ...) - otrs2 2.2.5-2 [etch] - otrs2 (Vulnerable code not present) [etch] - otrs (Vulnerable code not present) [sarge] - otrs (Vulnerable code not present) NOTE: http://packages.qa.debian.org/o/otrs2/news/20080320T211729Z.html CVE-2008-1514 (arch/s390/kernel/ptrace.c in Linux kernel 2.6.9, and other versions be ...) {DSA-1655-1 DSA-1653-1} - linux-2.6 2.6.26-8 NOTE: s390 specific issue, counterpart for x86 not reproducible with 2.6.24 here CVE-2008-1513 (SQL injection vulnerability in index.php in Danneo CMS 0.5.1 and earli ...) NOT-FOR-US: Danneo CMS CVE-2008-1512 (Directory traversal vulnerability in admin/admin_xs.php in eXtreme Sty ...) NOT-FOR-US: XS module for phpBB CVE-2008-1511 (Multiple PHP remote file inclusion vulnerabilities in ooComments 1.0 a ...) NOT-FOR-US: ooComments CVE-2008-1510 (Cross-site scripting (XSS) vulnerability in system/workplace/admin/acc ...) NOT-FOR-US: Alkacon OpenCMS CVE-2008-1509 (SQL injection vulnerability in index.php in XLPortal 2.2.4 and earlier ...) NOT-FOR-US: XLPortal CVE-2008-1508 (SQL injection vulnerability in EfesTech E-Kontör and earlier allo ...) NOT-FOR-US: EfesTech E-Kontoer CVE-2008-1507 (PEEL, possibly 3.x and earlier, has (1) a default info@peel.fr account ...) NOT-FOR-US: Peel CVE-2008-1506 (PEEL, possibly 3.x and earlier, allows remote attackers to obtain conf ...) NOT-FOR-US: Peel CVE-2008-1505 (PHP remote file inclusion vulnerability in the SSTREAMTV custompages ( ...) NOT-FOR-US: com_custompages component for Joomla! CVE-2008-1504 (Cross-site scripting (XSS) vulnerability in setup.php3 in phpHeaven ph ...) NOT-FOR-US: phpMyChat CVE-2008-1503 (Cross-site scripting (XSS) vulnerability in the web management interfa ...) NOT-FOR-US: F5 BIG-IP CVE-2008-1501 (The send_user_mode function in s_user.c in (1) Undernet ircu 2.10.12.1 ...) - ircd-ircu (Vulnerable code not present) NOTE: vulnerable code introduced later than 2.0.12.10, see: http://hg.quakenet.org/snircd/rev/1ee48bee2f20 NOTE: no other possible NULL ptr dereferences of p found and PoC not reproducible CVE-2008-1500 (Cross-site scripting (XSS) vulnerability in index.php in TinyPortal 0. ...) NOT-FOR-US: TinyPortal CVE-2008-1499 (Cross-site scripting (XSS) vulnerability in frontend/x/manpage.html in ...) NOT-FOR-US: cPanel CVE-2008-1498 (Stack-based buffer overflow in the IMAP service in NetWin Surgemail 3. ...) NOT-FOR-US: Surgemail CVE-2008-1497 (Stack-based buffer overflow in the IMAP service in NetWin SurgeMail 38 ...) NOT-FOR-US: Surgemail CVE-2008-1496 (Multiple SQL injection vulnerabilities in PEEL, possibly 3.x and earli ...) NOT-FOR-US: PEEL CVE-2008-1495 (Unrestricted file upload vulnerability in administrer/produits.php in ...) NOT-FOR-US: PEEL CVE-2008-1494 (SQL injection vulnerability in inc/module/online.php in Easy-Clanpage ...) NOT-FOR-US: Easy-Clanpage CVE-2008-1493 (Directory traversal vulnerability in login.php in Cuteflow Bin 1.5.0 a ...) - cuteflow (bug #465372) CVE-2008-1492 (Multiple directory traversal vulnerabilities in CoronaMatrix phpAddres ...) NOT-FOR-US: CoronaMatrix CVE-2008-1491 (Stack-based buffer overflow in the DPC Proxy server (DpcProxy.exe) in ...) NOT-FOR-US: ASUS Remote Console CVE-2008-1490 (Buffer overflow in a certain Aurigma ActiveX control in ImageUploader4 ...) NOT-FOR-US: ImageUploader4 CVE-2008-1489 (Integer overflow in the MP4_ReadBox_rdrf function in libmp4.c for VLC ...) {DSA-1543-1 DTSA-119-1} - vlc 0.8.6.e-1.1 (medium; bug #472635) CVE-2008-1488 (Stack-based buffer overflow in apc.c in Alternative PHP Cache (APC) 3. ...) - php-apc (Fixed before initial upload) CVE-2008-1487 (Multiple cross-site scripting (XSS) vulnerabilities in LinPHA before 1 ...) NOT-FOR-US: LinPHA CVE-2008-1486 (SQL injection vulnerability in Phorum before 5.2.6, when mysql_use_ft ...) NOT-FOR-US: Phorum CVE-2008-1485 (Cross-site scripting (XSS) vulnerability in PunBB 1.2.16 and earlier a ...) NOT-FOR-US: PunBB CVE-2008-1484 (The password reset feature in PunBB 1.2.16 and earlier uses predictabl ...) NOT-FOR-US: PunBB CVE-2008-1483 (OpenSSH 4.3p2, and probably other versions, allows local users to hija ...) {DSA-1576-1} - openssh 1:4.7p1-5 (bug #463011) CVE-2008-1482 (Multiple integer overflows in xine-lib 1.1.11 and earlier allow remote ...) {DSA-1586-1 DTSA-120-1} - xine-lib 1.1.11.1-1 (medium; bug #472639) CVE-2008-1481 (Cross-site scripting (XSS) vulnerability in index.php in webSPELL 4.1. ...) NOT-FOR-US: webSPELL CVE-2008-1480 (rpc.metad in Sun Solaris 10 allows remote attackers to cause a denial ...) NOT-FOR-US: Sun Solaris CVE-2008-1479 (Cross-site scripting (XSS) vulnerability in index.php in cyberfrogs.ne ...) NOT-FOR-US: cfnetgs CVE-2008-1478 (Home FTP Server 1.4.5.89 allows remote attackers to cause a denial of ...) NOT-FOR-US: Home FTP Server CVE-2008-1477 (Multiple cross-site scripting (XSS) vulnerabilities in busca.php in eF ...) NOT-FOR-US: eForum CVE-2008-1475 (The xml-rpc server in Roundup 1.4.4 does not check property permission ...) - roundup 1.4.4-1.1 (medium; bug #484728) [etch] - roundup (xml-rpc code introduced in 1.4.0) CVE-2008-1474 (Multiple unspecified vulnerabilities in Roundup before 1.4.4 have unkn ...) {DSA-1554-1} - roundup 1.3.3-3.1 (low; bug #472643) CVE-2008-1473 (The Altiris Client Service (AClient.exe) in Symantec Altiris Deploymen ...) NOT-FOR-US: Symantec Altiris CVE-2008-1472 (Stack-based buffer overflow in the ListCtrl ActiveX Control (ListCtrl. ...) NOT-FOR-US: ARCserve Backup CVE-2008-1471 (The cpoint.sys driver in Panda Internet Security 2008 and Antivirus+ F ...) NOT-FOR-US: Panda Internet Security/Antivirus+ Firewall CVE-2008-1470 (Incomplete blacklist vulnerability in IISWebAgentIF.dll in the WebID R ...) NOT-FOR-US: WebID RSA Authentication Agent CVE-2008-1469 (Gallarific Free Edition 1.1 does not require authentication for (1) ph ...) NOT-FOR-US: Gallarific CVE-2008-1468 (Cross-site scripting (XSS) vulnerability in namazu.cgi in Namazu befor ...) - namazu2 2.0.18-0.1 (low; bug #472644) CVE-2008-1467 - centerim 4.22.3-1 (unimportant; bug #472649) NOTE: the victim needs to list the URLs in the message with F2 and press enter on it NOTE: the victim can see the complete URL including the commands however so the impact is really low CVE-2008-1466 (Multiple PHP remote file inclusion vulnerabilities in W-Agora 4.0 allo ...) NOT-FOR-US: W-Agora CVE-2008-1465 (SQL injection vulnerability in the Detodas Restaurante (com_restaurant ...) NOT-FOR-US: com_restaurante component for Mambo and Joomla! CVE-2008-1464 (Multiple SQL injection vulnerabilities in Gallarific Free Edition 1.1 ...) NOT-FOR-US: Gallarific CVE-2008-1463 (Cross-site scripting (XSS) vulnerability in the management GUI in Impe ...) NOT-FOR-US: Imperva SecureSphere MX Management Server CVE-2008-1462 (SQL injection vulnerability in the sections (Section) module in RunCMS ...) NOT-FOR-US: RunCMS CVE-2008-1461 (Buffer overflow in XnView 1.92.1 allows user-assisted remote attackers ...) NOT-FOR-US: XnView CVE-2008-1460 (SQL injection vulnerability in the Joovideo (com_joovideo) 1.0 and 1.2 ...) NOT-FOR-US: com_joovideo component for Mambo and Joomla! CVE-2008-1459 (SQL injection vulnerability in the Alberghi (com_alberghi) 2.1.3 and e ...) NOT-FOR-US: com_alberghi component for Mambo and Joomla! CVE-2008-1458 (Cross-site scripting (XSS) vulnerability in index.php in CS-Cart 1.3.2 ...) NOT-FOR-US: CS-Cart CVE-2008-1457 (The Event System in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server ...) NOT-FOR-US: Microsoft Windows 2000 CVE-2008-1456 (Array index vulnerability in the Event System in Microsoft Windows 200 ...) NOT-FOR-US: Microsoft Windows 2000 CVE-2008-1455 (A "memory calculation error" in Microsoft Office PowerPoint 2000 SP3, ...) NOT-FOR-US: Microsoft Office PowerPoint CVE-2008-1454 (Unspecified vulnerability in Microsoft DNS in Windows 2000 SP4, Server ...) NOT-FOR-US: Windows issue CVE-2008-1453 (The Bluetooth stack in Microsoft Windows XP SP2 and SP3, and Vista Gol ...) NOT-FOR-US: Windows Xp CVE-2008-1452 REJECTED CVE-2008-1451 (The WINS service on Microsoft Windows 2000 SP4, and Server 2003 SP1 an ...) NOT-FOR-US: Microsoft Windows CVE-2008-1450 REJECTED CVE-2008-1449 REJECTED CVE-2008-1448 (The MHTML protocol handler in a component of Microsoft Outlook Express ...) NOT-FOR-US: Microsoft Outlook Express CVE-2008-1447 (The DNS protocol, as implemented in (1) BIND 8 and 9 before 9.5.0-P1, ...) {DSA-1605-1 DSA-1604-1 DSA-1623-1 DSA-1619-1 DSA-1617-1 DSA-1603-1 DTSA-147-1} - bind9 1:9.5.0.dfsg-5 (high) NOTE: glibc stub resolver relies on source port randomisation in kernel - dnsmasq 2.43-1 (medium; bug #490123) - refpolicy 2:0.0.20080702-1 - pdnsd 1.2.6-par-11 (bug #502275) - python-dns 2.3.1-5 (low; bug #490217) - dnspython (unimportant; bug #492465) NOTE: Just a stub resolver Linux kernel provides source port randomisation - adns 1.4-2 (unimportant; bug #492698) NOTE: adns is not suitable to use with untrusted responses, documented in README.Debian - udns 0.2-1 (bug #493599) - libnet-dns-perl 0.63-2 (low; bug #492700) NOTE: Source port randomization from Lenny kernel should provide sufficient protection NOTE: since this is just a Perl nodule for DNS queries and not a high-profile server app like NOTE: Bind, it's unlikely that a home-grown fix will provide an implementation of higher NOTE: cryptographical quality. Marking the version from Lenny as fixed, since Lenny includes NOTE: a kernel which provides source port randomization - ruby1.9 1.9.0.2-6 (low) NOTE: Unbound, djbdns, pdnsd and PowerDNS are affected by the underlying protocol issue, but NOTE: already use source port randomization. NOTE: Marking non-caching stub resolvers as low since these really should be fixed, NOTE: but are much less vulnerable than a caching server. CVE-2008-1446 (Integer overflow in the Internet Printing Protocol (IPP) ISAPI extensi ...) NOT-FOR-US: Microsoft CVE-2008-1445 (Active Directory on Microsoft Windows 2000 Server SP4, XP Professional ...) NOT-FOR-US: Microsoft Windows CVE-2008-1444 (Stack-based buffer overflow in Microsoft DirectX 7.0 and 8.1 on Window ...) NOT-FOR-US: Microsoft Windows CVE-2008-1443 REJECTED CVE-2008-1442 (Heap-based buffer overflow in the substringData method in Microsoft In ...) NOT-FOR-US: Microsoft Windows CVE-2008-1441 (Microsoft Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold ...) NOT-FOR-US: Microsoft Windows CVE-2008-1440 (Microsoft Windows XP SP2 and SP3, and Server 2003 SP1 and SP2, does no ...) NOT-FOR-US: Microsoft Windows CVE-2008-1439 REJECTED CVE-2008-1438 (Unspecified vulnerability in Microsoft Malware Protection Engine (mpen ...) NOT-FOR-US: Microsoft Malware Protection Engine CVE-2008-1437 (Unspecified vulnerability in Microsoft Malware Protection Engine (mpen ...) NOT-FOR-US: Microsoft Malware Protection Engine CVE-2008-1436 (Microsoft Windows XP Professional SP2, Vista, and Server 2003 and 2008 ...) NOT-FOR-US: Windows CVE-2008-1435 (Windows Explorer in Microsoft Windows Vista up to SP1, and Server 2008 ...) NOT-FOR-US: Windows issue CVE-2008-1434 (Use-after-free vulnerability in Microsoft Word in Office 2000 and XP S ...) NOT-FOR-US: Microsoft Word CVE-2008-1433 REJECTED CVE-2008-1432 (Cross-site scripting (XSS) vulnerability in SolutionSearch.do in Manag ...) NOT-FOR-US: ManageEngine SupportCenter Plus CVE-2008-1431 (RaidSonic NAS-4220-B with 2.6.0-n(2007-10-11) firmware stores a partit ...) NOT-FOR-US: RaidSonic NAS-4220-B firmware CVE-2008-1430 (SQL injection vulnerability in links.asp in ASPapp allows remote attac ...) NOT-FOR-US: ASPapp CVE-2008-1429 (Secure Internet Live Conferencing (SILC) Server before 1.1.1 allows re ...) - silc-server 1.1.1-1 (medium) CVE-2008-1428 (Multiple cross-site scripting (XSS) vulnerabilities in the Ubercart 5. ...) NOT-FOR-US: Ubercart CVE-2008-1427 (SQL injection vulnerability in the Joobi Acajoom (com_acajoom) 1.1.5 a ...) NOT-FOR-US: com_acajoom component for Joomla! CVE-2008-1426 (SQL injection vulnerability in album.asp in KAPhotoservice allows remo ...) NOT-FOR-US: KAPhotoservice CVE-2008-1425 (SQL injection vulnerability in index.php in the gallery module in Easy ...) NOT-FOR-US: Easy-Clanpage CVE-2008-1424 RESERVED CVE-2008-1423 (Integer overflow in a certain quantvals and quantlist calculation in X ...) {DSA-1591-1} - libvorbisidec 1.0.2+svn18153-0.1 (bug #669196) [squeeze] - libvorbisidec (Minor issue, no dev-deps) - libvorbis 1.2.0.dfsg-3.1 (bug #482518) CVE-2008-1422 REJECTED CVE-2008-1421 REJECTED CVE-2008-1420 (Integer overflow in residue partition value (aka partvals) evaluation ...) {DSA-1591-1} - libvorbisidec (Vulnerable code not present) - libvorbis 1.2.0.dfsg-3.1 (bug #482518) CVE-2008-1419 (Xiph.org libvorbis 1.2.0 and earlier does not properly handle a zero v ...) {DSA-1591-1} - libvorbisidec 1.0.2+svn18153-0.1 (bug #669196) [squeeze] - libvorbisidec (Minor issue, no dev-deps) - libvorbis 1.2.0.dfsg-3.1 (bug #482518) CVE-2008-1418 RESERVED CVE-2008-1416 (Multiple PHP remote file inclusion vulnerabilities in PHPauction GPL 2 ...) NOT-FOR-US: PHPauction GPL CVE-2008-1415 (Directory traversal vulnerability in index.php in Multiple Time Sheets ...) NOT-FOR-US: Multiple Time Sheets CVE-2008-1414 (Cross-site scripting (XSS) vulnerability in Multiple Time Sheets (MTS) ...) NOT-FOR-US: Multiple Time Sheets CVE-2008-1413 (Cross-site scripting (XSS) vulnerability in search.php in SNewsCMS Rus ...) NOT-FOR-US: SNewsCMS Rus CVE-2008-1412 (Unspecified vulnerability in multiple F-Secure anti-virus products, in ...) NOT-FOR-US: F-Secure anti-virus CVE-2008-1411 (The PXE Server (pxesrv.exe) in Acronis Snap Deploy 2.0.0.1076 and earl ...) NOT-FOR-US: Acronis Snap Deploy CVE-2008-1410 (Directory traversal vulnerability in the PXE Server (pxesrv.exe) in Ac ...) NOT-FOR-US: Acronis Snap Deploy CVE-2008-1409 (Multiple directory traversal vulnerabilities in the Default theme in E ...) NOT-FOR-US: Exero CMS CVE-2008-1408 (SQL injection vulnerability in includes/functions/banners-external.php ...) NOT-FOR-US: phpBP CVE-2008-1407 (SQL injection vulnerability in index.php in the WebChat 1.60 module fo ...) NOT-FOR-US: WebChat module for eXV2 CVE-2008-1406 (SQL injection vulnerability in annonces-p-f.php in the MyAnnonces 1.8 ...) NOT-FOR-US: MyAnnonces CVE-2008-1405 (PHP remote file inclusion vulnerability in code/display.php in fuzzyli ...) NOT-FOR-US: fuzzylime CVE-2008-1404 (SQL injection vulnerability in index.php in the Viso (Industry Book) 2 ...) NOT-FOR-US: Viso module for eXV2 CVE-2008-1403 (Stack-based buffer overflow in the TFTP server in BootManage TFTPD 1.9 ...) NOT-FOR-US: BootManage TFTPD CVE-2008-1402 (MG-SOFT Net Inspector 6.5.0.828 and earlier for Windows allows remote ...) NOT-FOR-US: MG-SOFT Net Inspector CVE-2008-1401 (Format string vulnerability in the Net Inspector HTTP server (mghttpd) ...) NOT-FOR-US: MG-SOFT Net Inspector CVE-2008-1400 (Directory traversal vulnerability in the Net Inspector HTTP Server (mg ...) NOT-FOR-US: MG-SOFT Net Inspector CVE-2008-1399 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in Cl ...) NOT-FOR-US: Clansphere CVE-2008-1398 (SQL injection vulnerability in online.php in AuraCMS 2.0 through 2.2.1 ...) NOT-FOR-US: AuraCMS CVE-2008-1397 (Check Point VPN-1 Power/UTM, with NGX R60 through R65 and NG AI R55 so ...) NOT-FOR-US: Check Point VPN CVE-2008-1396 (Plone CMS 3.x uses invariant data (a client username and a server secr ...) - plone3 (low; bug #473571) [lenny] - plone3 (Only an issue if not following best practices, see bug #473571) CVE-2008-1395 (Plone CMS does not record users' authentication states, and implements ...) - plone3 (low; bug #473571) [lenny] - plone3 (Only an issue if not following best practices, see bug #473571) CVE-2008-1394 (Plone CMS before 3 places a base64 encoded form of the username and pa ...) - zope-cmfplone [etch] - zope-cmfplone (low) NOTE: doesn't apply to v3 NOTE: more a security enhancement CVE-2008-1393 (Plone CMS 3.0.5, and probably other 3.x versions, places a base64 enco ...) - plone3 (low; bug #473571; bug #486333) [lenny] - plone3 (Only an issue if not following best practices, see bug #473571) CVE-2008-1392 (The default configuration of VMware Workstation 6.0.2, VMware Player 2 ...) - vmware-package (low; bug #486177) [etch] - vmware-package (Contrib not supported) NOTE: vmware-package just builds vmware from downloaded tarballs, the package itself NOTE: does not download them, however it needs to update its hashes for upstream tarballs CVE-2008-1476 (Cross-site scripting (XSS) vulnerability in Serendipity (S9Y) before 1 ...) {DSA-1528-1} - serendipity 1.3-1 NOTE: http://blog.s9y.org/archives/192-Serendipity-1.3-released-addresses-security.html CVE-2008-1502 (The _bad_protocol_once function in phpgwapi/inc/class.kses.inc.php in ...) {DSA-1871-2 DSA-1871-1 DSA-1691-1} - egroupware 1.4.002.dfsg-2.1 (bug #471839) - wordpress 2.5.0-1 (bug #504243) - moodle 1.8.2-1.3 (bug #489533) CVE-2008-1391 (Multiple integer overflows in libc in NetBSD 4.x, FreeBSD 6.x and 7.x, ...) {DSA-2058-1} - kfreebsd-6 (see bug #483152) - kfreebsd-7 (see bug #483152) - glibc 2.11-1 (low) - eglibc 2.11-1 (low) [lenny] - glibc (minor issue) NOTE: not sure if it is a security bug, an attacker should not be able to change the format string NOTE: http://sourceware.org/git/?p=glibc.git;a=commitdiff;h=199eb0de8d NOTE: http://sourceware.org/bugzilla/show_bug.cgi?id=10600 NOTE: PoC php -r 'money_format("%.1073741821i",1);' I can reproduce on 32bit, not 64bit CVE-2008-1390 (The AsteriskGUI HTTP server in Asterisk Open Source 1.4.x before 1.4.1 ...) - asterisk 1:1.4.19.1~dfsg-1 (low) [etch] - asterisk (Only 1.4.x affected) [sarge] - asterisk (Only 1.4.x affected) CVE-2008-1389 (libclamav/chmunpack.c in the chm-parser in ClamAV before 0.94 allows r ...) - clamav 0.94.dfsg-1 [etch] - clamav (parsing does not continue on error) NOTE: see <20081203184852.GB30968@l03.local> CVE-2008-1388 RESERVED CVE-2008-1387 (ClamAV before 0.93 allows remote attackers to cause a denial of servic ...) - clamav 0.92.1~dfsg2-1 [etch] - clamav (Vulnerable code not present) CVE-2008-1386 (Multiple cross-site scripting (XSS) vulnerabilities in the installer i ...) - serendipity (Vulnerable code not present) NOTE: we do not ship the serendipity installer CVE-2008-1385 (Cross-site scripting (XSS) vulnerability in the Top Referrers (aka ref ...) - serendipity 1.3.1-1 (low) NOTE: etch affected, but only in specific plugin. CVE-2008-1384 (Integer overflow in PHP 5.2.5 and earlier allows context-dependent att ...) {DSA-1572-1 DTSA-135-1} - php5 5.2.6-1 NOTE: http://securityreason.com/achievement_securityalert/52 NOTE: Only exploitable through malicious script NOTE: http://cvs.php.net/viewvc.cgi/php-src/ext/standard/formatted_print.c?r1=1.104&r2=1.105&diff_format=u CVE-2008-1383 (The docert function in ssl-cert.eclass, when used by src_compile or sr ...) NOT-FOR-US: Gentoo Linux Ebuilds CVE-2008-1382 (libpng 1.0.6 through 1.0.32, 1.2.0 through 1.2.26, and 1.4.0beta01 thr ...) - libpng 1.2.26-1 (low; bug #476669) NOTE: 1.2.26-1 contains a patch to fix that [etch] - libpng 1.2.15~beta5-1+etch2 CVE-2008-1381 (ZoneMinder before 1.23.3 allows remote authenticated users, and possib ...) {DTSA-130-1} - zoneminder 1.23.3-1 (medium; bug #479034) NOTE: http://www.awe.com/mark/blog/200804272230.html CVE-2008-1380 (The JavaScript engine in Mozilla Firefox before 2.0.0.14, Thunderbird ...) {DSA-1696-1 DSA-1562-1 DSA-1558-1 DSA-1555-1} - iceweasel 2.0.0.14-1 - icedove 2.0.0.14-1 - iceape 1.1.9-2 - xulrunner 1.8.1.14-1 CVE-2008-1379 (Integer overflow in the fbShmPutImage function in the MIT-SHM extensio ...) {DSA-1595-1 DTSA-141-1} - xorg-server 2:1.4.1~git20080517-2 CVE-2008-1378 REJECTED CVE-2008-1377 (The (1) SProcRecordCreateContext and (2) SProcRecordRegisterClients fu ...) {DSA-1595-1 DTSA-141-1} - xorg-server 2:1.4.1~git20080517-2 CVE-2008-1376 (A certain Red Hat build script for nfs-utils before 1.0.9-35z.el5_2 on ...) NOT-FOR-US: Red Hat build script CVE-2008-1375 (Race condition in the directory notification subsystem (dnotify) in Li ...) {DSA-1565-1} - linux-2.6 2.6.25-2 (low) - linux-2.6.24 2.6.24-6~etchnhalf.2 CVE-2008-1374 (Integer overflow in pdftops filter in CUPS in Red Hat Enterprise Linux ...) - cupsys (Redhat-specific incomplete patch, upstream patch is complete) - cups (Redhat-specific incomplete patch, upstream patch is complete) CVE-2008-1373 (Buffer overflow in the gif_read_lzw function in CUPS 1.3.6 allows remo ...) {DSA-1625-1 DTSA-122-1} - cupsys 1.3.7-1 (medium) - cups 1.3.7-1 (medium) CVE-2008-1372 (bzlib.c in bzip2 before 1.0.5 allows user-assisted remote attackers to ...) - bzip2 1.0.5-0.1 (low; bug #471670) [etch] - bzip2 (Pure crasher, no code injection, mostly a regular bug) CVE-2008-1371 (Absolute path traversal vulnerability in install/index.php in Drake CM ...) NOT-FOR-US: Drake CMS CVE-2008-1370 (PHP remote file inclusion vulnerability in index.php in wildmary Yap B ...) NOT-FOR-US: wildmary Yap Blog CVE-2008-1369 (A certain incorrect Sun Solaris 10 image on SPARC Enterprise T5120 and ...) NOT-FOR-US: Sun Solaris CVE-2008-1368 (CRLF injection vulnerability in Microsoft Internet Explorer 5 and 6 al ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2008-1367 (gcc 4.3.x does not generate a cld instruction while compiling function ...) - linux-2.6 2.6.24-5 (bug #469058) [etch] - linux-2.6 (Only exposed with GCC 4.3) - kfreebsd-6 6.3-4 (bug #469564) - kfreebsd-7 7.0-2 (bug #469565) - gcc-4.3 4.3.0-2 (bug #469567) - glibc 2.7-8 (bug #465583) [etch] - glibc (Problem only exposed with GCC 4.3) CVE-2008-1366 (Trend Micro OfficeScan Corporate Edition 8.0 Patch 2 build 1189 and ea ...) NOT-FOR-US: Trend Micro OfficeScan Corporate Edition CVE-2008-1365 (Stack-based buffer overflow in Trend Micro OfficeScan Corporate Editio ...) NOT-FOR-US: Trend Micro OfficeScan Corporate Edition CVE-2008-1364 (Unspecified vulnerability in the DHCP service in VMware Workstation 5. ...) - vmware-package (low; bug #486177) [etch] - vmware-package (Contrib not supported) NOTE: vmware-package just builds vmware from downloaded tarballs, the package itself NOTE: does not download them, however it needs to update its hashes for upstream tarballs CVE-2008-1363 (VMware Workstation 6.0.x before 6.0.3 and 5.5.x before 5.5.6, VMware P ...) - vmware-package (Only vulnerable on windows hosted systems) CVE-2008-1362 (VMware Workstation 6.0.x before 6.0.3 and 5.5.x before 5.5.6, VMware P ...) - vmware-package (Only vulnerable on windows hosted systems) CVE-2008-1361 (VMware Workstation 6.0.x before 6.0.3 and 5.5.x before 5.5.6, VMware P ...) - vmware-package (Only vulnerable on windows hosted systems) CVE-2008-1359 (Cross-site scripting (XSS) vulnerability in Invision Power Board (IPB ...) NOT-FOR-US: Invision Power Board CVE-2008-1358 (Stack-based buffer overflow in the IMAP server in Alt-N Technologies M ...) NOT-FOR-US: MDaemon CVE-2008-1357 (Format string vulnerability in the logDetail function of applib.dll in ...) NOT-FOR-US: McAfee Common Management Agent CVE-2008-1356 (Unspecified vulnerability in xscreensaver in Sun Solaris 10 Java Deskt ...) NOT-FOR-US: Sun Solaris CVE-2008-1355 (Cross-site scripting (XSS) vulnerability in index.php in Jeebles Techn ...) NOT-FOR-US: Jeebles Directory CVE-2008-1354 (SQL injection vulnerability in MyIssuesView.asp in Advanced Data Solut ...) NOT-FOR-US: VSO-XP CVE-2008-1353 (zabbix_agentd in ZABBIX 1.4.4 allows remote attackers to cause a denia ...) - zabbix 1:1.4.5-1 (low; bug #471678) [etch] - zabbix (Minor issue) CVE-2008-1352 (Directory traversal vulnerability in search.php in EdiorCMS (ecms) 3.0 ...) NOT-FOR-US: EdiorCMS CVE-2008-1351 (SQL injection vulnerability in the Tutorials 2.1b module for XOOPS all ...) NOT-FOR-US: Tutorials module for XOOPS CVE-2008-1350 (SQL injection vulnerability in kb.php in Fully Modded phpBB (phpbbfm) ...) NOT-FOR-US: Fully Modded phpBB CVE-2008-1349 (SQL injection vulnerability in viewcat.php in the bamaGalerie (Bama Ga ...) NOT-FOR-US: bamaGalerie CVE-2008-1348 (Cross-site scripting (XSS) vulnerability in index.php in the eWebsite ...) NOT-FOR-US: eWeather module for PHP-Nuke CVE-2008-1347 (Multiple cross-site scripting (XSS) vulnerabilities in staticpages/eas ...) NOT-FOR-US: MyioSoft EasyGallery CVE-2008-1346 (SQL injection vulnerability in staticpages/easygallery/index.php in My ...) NOT-FOR-US: MyioSoft EasyGallery CVE-2008-1345 (Cross-site scripting (XSS) vulnerability in plugins/calendar/calendar_ ...) NOT-FOR-US: MyioSoft EasyCalendar CVE-2008-1344 (Multiple SQL injection vulnerabilities in MyioSoft EasyCalendar 4.0tr ...) NOT-FOR-US: MyioSoft EasyCalendar CVE-2008-1343 (Directory traversal vulnerability in (1) pkgadd and (2) pkgrm in SCO U ...) NOT-FOR-US: SCO Unixware CVE-2008-1342 (Multiple cross-site scripting (XSS) vulnerabilities in the search feat ...) NOT-FOR-US: Polymita BPM-Suite and CollagePortal CVE-2008-1341 (SQL injection vulnerability in SearchResults.aspx in LaGarde StoreFron ...) NOT-FOR-US: LaGarde StoreFront CVE-2008-1340 (Virtual Machine Communication Interface (VMCI) in VMware Workstation 6 ...) - vmware-package (low; bug #486177) [etch] - vmware-package (Contrib not supported) NOTE: vmware-package just builds vmware from downloaded tarballs, the package itself NOTE: does not download them, however it needs to update its hashes for upstream tarballs CVE-2008-1339 RESERVED CVE-2008-1338 (The Perforce service (p4s.exe) in Perforce Server 2007.3/143793 and ea ...) NOT-FOR-US: Perforce Server CVE-2008-1337 (The instant message service in Timbuktu Pro 8.6.5 RC 229 and earlier f ...) NOT-FOR-US: Timbuktu Pro for Windows CVE-2008-1336 (SQL injection vulnerability in Koobi CMS 4.2.3 through 4.3.0 allows re ...) NOT-FOR-US: Koobi CMS CVE-2008-1335 (The ipsec4_get_ulp function in the kernel in NetBSD 2.0 through 3.1 an ...) NOT-FOR-US: NetBSD CVE-2008-1334 (cgi/b on the BT Home Hub router allows remote attackers to bypass auth ...) NOT-FOR-US: BT Home Hub router CVE-2008-1333 (Format string vulnerability in Asterisk Open Source 1.6.x before 1.6.0 ...) {DSA-1525-1} - asterisk 1:1.4.18.1~dfsg-1 (medium) NOTE: Etch's release is unimportant, since not exploitable, but was fixed anyway [sarge] - asterisk (Only 1.6.x affected) CVE-2008-1332 (Unspecified vulnerability in Asterisk Open Source 1.2.x before 1.2.27, ...) {DSA-1525-1} - asterisk 1:1.4.18.1~dfsg-1 (medium) CVE-2008-1331 (cgi-data/FastJSData.cgi in OmniPCX Office with Internet Access service ...) NOT-FOR-US: OmniPCX Office CVE-2008-1330 (Unspecified vulnerability in the Windows client API in Novell GroupWis ...) NOT-FOR-US: Novell Groupwise CVE-2008-1329 (Unspecified vulnerability in the NetBackup service in CA ARCserve Back ...) NOT-FOR-US: CA ARCserve CVE-2008-1328 (Buffer overflow in the LGServer service in CA ARCserve Backup for Lapt ...) NOT-FOR-US: CA ARCserve CVE-2008-1327 (Gallarific does not require authentication for (1) users.php and (2) i ...) NOT-FOR-US: Gallarific CVE-2008-1326 (Cross-site scripting (XSS) vulnerability in search.php in Gallarific a ...) NOT-FOR-US: Gallarific CVE-2008-1325 (Multiple directory traversal vulnerabilities in index.php in Uberghey ...) NOT-FOR-US: Uberghey CMS CVE-2008-1324 (Multiple directory traversal vulnerabilities in index.php in Travelsiz ...) NOT-FOR-US: Travelsized CMS CVE-2008-1323 (Cross-site request forgery (CSRF) vulnerability in index.php in WoltLa ...) NOT-FOR-US: WoltLab Burning Board CVE-2008-1322 (The File Check Utility (fcheck.exe) in ASG-Sentry Network Manager 7.0. ...) NOT-FOR-US: ASG-Sentry Network Manager CVE-2008-1321 (The FxIAList service in ASG-Sentry Network Manager 7.0.0 and earlier d ...) NOT-FOR-US: ASG-Sentry Network Manager CVE-2008-1320 (Multiple buffer overflows in ASG-Sentry Network Manager 7.0.0 and earl ...) NOT-FOR-US: ASG-Sentry Network Manager CVE-2008-1319 (Untrusted search path and argument injection vulnerability in the Vers ...) NOT-FOR-US: Versant Object Database CVE-2008-1317 (Unspecified vulnerability in the Inter-Process Communication (IPC) mes ...) NOT-FOR-US: Sun Solaris CVE-2008-1316 (SQL injection vulnerability in qtf_ind_search_ov.php in QT-cute QuickT ...) NOT-FOR-US: QuickTalk Forum CVE-2008-1315 (SQL injection vulnerability in the ZClassifieds module for PHP-Nuke al ...) NOT-FOR-US: ZClassifieds module for PHP-Nuke CVE-2008-1314 (SQL injection vulnerability in the Johannes Hass gaestebuch 2.2 module ...) NOT-FOR-US: Johannes Hass gaestebuch CVE-2008-1313 (Multiple SQL injection vulnerabilities in index.php in Bloo 1.00 and e ...) NOT-FOR-US: Bloo CVE-2008-1312 (Unspecified vulnerability in the TFTP server in PacketTrap Networks pt ...) NOT-FOR-US: PacketTrap Networks Tool Suite CVE-2008-1311 (The TFTP server in PacketTrap pt360 Tool Suite PRO 2.0.3901.0 and earl ...) NOT-FOR-US: PacketTrap Networks Tool Suite CVE-2008-1310 (Directory traversal vulnerability in the TFTP server in PacketTrap Net ...) NOT-FOR-US: PacketTrap Networks Tool Suite CVE-2008-1309 (The RealAudioObjects.RealAudio ActiveX control in rmoc3260.dll in Real ...) NOT-FOR-US: RealPlayer CVE-2008-1308 (SQL injection vulnerability in the Sudirman Angriawan NukeC30 3.0 modu ...) NOT-FOR-US: NukeC30 module for PHP-Nuke CVE-2008-1307 (Heap-based buffer overflow in the KUpdateObj2 Class ActiveX control in ...) NOT-FOR-US: KingSoft Antivirus CVE-2008-1306 (Multiple cross-site scripting (XSS) vulnerabilities in Savvy Content M ...) NOT-FOR-US: Savvy Content Manager CVE-2008-1305 (SQL injection vulnerability in filebase.php in the Filebase mod for ph ...) NOT-FOR-US: Filebase mod for phpBb CVE-2008-1304 (Multiple cross-site scripting (XSS) vulnerabilities in WordPress 2.3.2 ...) - wordpress (Vulnerable code not present) NOTE: referring to upstream this only affected wordpress.com and not the regular wordpress code CVE-2008-1303 (The Perforce service (p4s.exe) in Perforce Server 2007.3/143793 and ea ...) NOT-FOR-US: Perforce Server CVE-2008-1302 (The Perforce service (p4s.exe) in Perforce Server 2007.3/143793 and ea ...) NOT-FOR-US: Perforce Server CVE-2008-1301 (Absolute path traversal vulnerability in system/workplace/admin/workpl ...) NOT-FOR-US: Alkacon OpenCms CVE-2008-1300 (Cross-site scripting (XSS) vulnerability in the Logfile Viewer Setting ...) NOT-FOR-US: Alkacon OpenCms CVE-2008-1299 (Cross-site scripting (XSS) vulnerability in SolutionSearch.do in Manag ...) NOT-FOR-US: ManageEngine ServiceDesk Plus CVE-2008-1298 (SQL injection vulnerability in Hadith module for PHP-Nuke allows remot ...) NOT-FOR-US: Hadith module for PHP-Nuke CVE-2008-1297 (SQL injection vulnerability in index.php in the eWriting (com_ewriting ...) NOT-FOR-US: com_ewriting module for Mambo and Joomla! CVE-2008-1296 (Multiple cross-site scripting (XSS) vulnerabilities in EncapsGallery 1 ...) NOT-FOR-US: EncapsGallery CVE-2008-1295 (SQL injection vulnerability in archives.php in Gregory Kokanosky (aka ...) NOT-FOR-US: phpMyNewsletter CVE-2008-1292 (ViewVC before 1.0.5 provides revision metadata without properly checki ...) - viewvc 1.0.5-0.1 (bug #471380) CVE-2008-1291 (ViewVC before 1.0.5 stores sensitive information under the web root wi ...) - viewvc 1.0.5-0.1 (bug #471380) CVE-2008-1290 (ViewVC before 1.0.5 includes "all-forbidden" files within search resul ...) - viewvc 1.0.5-0.1 (bug #471380) CVE-2008-1289 (Multiple buffer overflows in Asterisk Open Source 1.4.x before 1.4.18. ...) - asterisk 1:1.4.18.1~dfsg-1 (medium) [etch] - asterisk (Only 1.4.x and above affected) [sarge] - asterisk (Only 1.4.x and above affected) CVE-2008-1360 (Cross-site scripting (XSS) vulnerability in Nagios before 2.11 allows ...) {DSA-1883-2 DSA-1883-1} - nagios2 2.11-1 (low) CVE-2008-1417 (The prerm script in axyl 2.1.7 allows local users to overwrite arbitra ...) - axyl 2.2.0 (low; bug #471227) [sarge] - axyl (Vulnerable code not present) [etch] - axyl (Vulnerable code not present) CVE-2008-1294 (Linux kernel 2.6.17, and other versions before 2.6.22, does not check ...) {DSA-1565-1} - linux-2.6 2.6.22-1 (low) CVE-2008-1318 (Unspecified vulnerability in MediaWiki 1.11 before 1.11.2 allows remot ...) - mediawiki 1:1.11.2-1 [etch] - mediawiki (Versions prior to 1.11 do not include callback feature) NOTE: http://lists.wikimedia.org/pipermail/mediawiki-announce/2008-March/000070.html CVE-2008-1288 (IBM Rational ClearQuest 7.0.1.1 and 7.0.0.2 might allow local or remot ...) NOT-FOR-US: IBM Rational ClearQuest CVE-2008-1287 (IBM Rational ClearQuest 7.0.1.1 and 7.0.0.2 generates different error ...) NOT-FOR-US: IBM Rational ClearQuest CVE-2008-1286 (Unspecified vulnerability in Sun Java Web Console 3.0.2, 3.0.3, and 3. ...) NOT-FOR-US: Sun Javav Web Console CVE-2008-1285 (Cross-site scripting (XSS) vulnerability in Sun Java Server Faces (JSF ...) NOT-FOR-US: Sun Java Server Faces CVE-2008-1284 (Directory traversal vulnerability in Horde 3.1.6, Groupware before 1.0 ...) {DSA-1519-1} - horde3 3.1.7-1 (medium; bug #470640) CVE-2008-1283 (Cross-site scripting (XSS) vulnerability in Neptune Web Server 3.0 all ...) NOT-FOR-US: Neptune Web Server CVE-2008-1282 (Buffer overflow in the BFup ActiveX control (BFup.dll) in B21Soft BFup ...) NOT-FOR-US: B21Soft BFup CVE-2008-1281 (Directory traversal vulnerability in TFTPsrvs.exe 2.5.3.1 and earlier, ...) NOT-FOR-US: Argon Technology Client Management Services CVE-2008-1280 (Acronis True Image Windows Agent 1.0.0.54 and earlier, included in Acr ...) NOT-FOR-US: Acronis True Image CVE-2008-1279 (Acronis True Image Group Server 1.5.19.191 and earlier, included in Ac ...) NOT-FOR-US: Acronis True Image CVE-2008-1278 (The RemotelyAnywhere.exe service in the Remotely Anywhere Server and W ...) NOT-FOR-US: Remotely Anywhere CVE-2008-1277 (The IMAP service (MEIMAPS.exe) in MailEnable Professional Edition and ...) NOT-FOR-US: MailEnable CVE-2008-1276 (Multiple buffer overflows in the IMAP service (MEIMAPS.EXE) in MailEna ...) NOT-FOR-US: MailEnable CVE-2008-1275 (Multiple unspecified vulnerabilities in the SMTP service in MailEnable ...) NOT-FOR-US: MailEnable CVE-2008-1274 (Untrusted search path vulnerability in man in IBM AIX 6.1.0 allows loc ...) NOT-FOR-US: IBM AIX CVE-2008-1273 (Multiple cross-site scripting (XSS) vulnerabilities in imageVue 1.7 al ...) NOT-FOR-US: imageVue CVE-2008-1272 (Multiple SQL injection vulnerabilities in BM Classifieds 20080309 and ...) NOT-FOR-US: BM Classifieds CVE-2008-1271 REJECTED CVE-2008-1270 (mod_userdir in lighttpd 1.4.18 and earlier, when userdir.path is not s ...) {DSA-1521-1} - lighttpd 1.4.19-1 NOTE: user configuration error, default documented in moduserdir documentation CVE-2008-1269 (cp06_wifi_m_nocifr.cgi in the admin panel on the Alice Gate 2 Plus Wi- ...) NOT-FOR-US: Alice Gate 2 Plus router firmware CVE-2008-1268 (The FTP server on the Linksys WRT54G 7 router with 7.00.1 firmware doe ...) NOT-FOR-US: Linksys WRT54G CVE-2008-1267 (The Siemens SpeedStream 6520 router allows remote attackers to cause a ...) NOT-FOR-US: Siemens SpeedStream CVE-2008-1266 (Multiple buffer overflows in the web interface on the D-Link DI-524 ro ...) NOT-FOR-US: D-Link router CVE-2008-1265 (The Linksys WRT54G router allows remote attackers to cause a denial of ...) NOT-FOR-US: Linksys WRT54G CVE-2008-1264 (The Linksys WRT54G router has "admin" as its default FTP password, whi ...) NOT-FOR-US: Linksys WRT54G CVE-2008-1263 (The Linksys WRT54G router stores passwords and keys in cleartext in th ...) NOT-FOR-US: Linksys WRT54G CVE-2008-1262 (The administration panel on the Airspan WiMax ProST 4.1 antenna with 6 ...) NOT-FOR-US: Airspan WiMax ProST antenna CVE-2008-1261 (The Zyxel P-2602HW-D1A router with 3.40(AJZ.1) firmware provides diffe ...) NOT-FOR-US: Zyxel router CVE-2008-1260 (Multiple cross-site request forgery (CSRF) vulnerabilities on the Zyxe ...) NOT-FOR-US: Zyxel router CVE-2008-1259 (The Zyxel P-2602HW-D1A router with 3.40(AJZ.1) firmware maintains auth ...) NOT-FOR-US: Zyxel router CVE-2008-1258 (Cross-site scripting (XSS) vulnerability in prim.htm on the D-Link DI- ...) NOT-FOR-US: D-Link router CVE-2008-1257 (Cross-site scripting (XSS) vulnerability in Forms/DiagGeneral_2 on the ...) NOT-FOR-US: Zyxel router CVE-2008-1256 (The ZyXEL P-660HW series router has "admin" as its default password, w ...) NOT-FOR-US: Zyxel router CVE-2008-1255 (The ZyXEL P-660HW series router maintains authentication state by IP a ...) NOT-FOR-US: Zyxel router CVE-2008-1254 (Multiple cross-site request forgery (CSRF) vulnerabilities on the ZyXE ...) NOT-FOR-US: Zyxel router CVE-2008-1253 (Cross-site scripting (XSS) vulnerability in cgi-bin/webcm on the D-Lin ...) NOT-FOR-US: D-Link router CVE-2008-1252 (b_banner.stm (aka the login page) on the Deutsche Telekom Speedport W5 ...) NOT-FOR-US: Telekom Speedport W500 DSL router CVE-2008-1251 (Cross-site scripting (XSS) vulnerability in the web interface on the c ...) NOT-FOR-US: Snom 320 SIP Phone CVE-2008-1250 (Multiple cross-site request forgery (CSRF) vulnerabilities in the web ...) NOT-FOR-US: Snom 320 SIP Phone CVE-2008-1249 (snomControl.swf in the central phone server for the Snom 320 SIP Phone ...) NOT-FOR-US: Snom 320 SIP Phone CVE-2008-1248 (The web interface on the central phone server for the Snom 320 SIP Pho ...) NOT-FOR-US: Snom 320 SIP Phone CVE-2008-1247 (The web interface on the Linksys WRT54g router with firmware 1.00.9 do ...) NOT-FOR-US: Linksys WRT54g router CVE-2008-1246 NOT-FOR-US: Cisco PIX/ASA Finesse Operation System CVE-2008-1245 (cgi-bin/setup_virtualserver.exe on the Belkin F5D7230-4 router with fi ...) NOT-FOR-US: Belkin router CVE-2008-1244 (cgi-bin/setup_dns.exe on the Belkin F5D7230-4 router with firmware 9.0 ...) NOT-FOR-US: Belkin router CVE-2008-1243 (Cross-site scripting (XSS) vulnerability on the Linksys WRT300N router ...) NOT-FOR-US: Linksys WRT300N router CVE-2008-1242 (The control panel on the Belkin F5D7230-4 router with firmware 9.01.10 ...) NOT-FOR-US: Belkin router CVE-2008-1241 (GUI overlay vulnerability in Mozilla Firefox before 2.0.0.13 and SeaMo ...) {DSA-1534-2 DSA-1535-1 DSA-1534-1 DSA-1532-1} - iceweasel 2.0.0.13-1 - xulrunner 1.8.1.13-1 - iceape 1.1.9-1 CVE-2008-1240 (LiveConnect in Mozilla Firefox before 2.0.0.13 and SeaMonkey before 1. ...) {DSA-1534-2 DSA-1535-1 DSA-1534-1 DSA-1532-1} - iceweasel 2.0.0.13-1 - xulrunner 1.8.1.13-1 - iceape 1.1.9-1 CVE-2008-1239 REJECTED CVE-2008-1238 (Mozilla Firefox before 2.0.0.13 and SeaMonkey before 1.1.9, when gener ...) {DSA-1534-2 DSA-1535-1 DSA-1534-1 DSA-1532-1} - iceweasel 2.0.0.13-1 - xulrunner 1.8.1.13-1 - iceape 1.1.9-1 CVE-2008-1237 (Multiple unspecified vulnerabilities in Mozilla Firefox before 2.0.0.1 ...) {DSA-1574-1 DSA-1534-2 DSA-1535-1 DSA-1534-1 DSA-1532-1} - iceweasel 2.0.0.13-1 - xulrunner 1.8.1.13-1 - iceape 1.1.9-1 - icedove 2.0.0.14-1 CVE-2008-1236 (Multiple unspecified vulnerabilities in Mozilla Firefox before 2.0.0.1 ...) {DSA-1574-1 DSA-1534-2 DSA-1535-1 DSA-1534-1 DSA-1532-1} - iceweasel 2.0.0.13-1 - xulrunner 1.8.1.13-1 - iceape 1.1.9-1 - icedove 2.0.0.14-1 CVE-2008-1235 (Unspecified vulnerability in Mozilla Firefox before 2.0.0.13, Thunderb ...) {DSA-1574-1 DSA-1534-2 DSA-1535-1 DSA-1534-1 DSA-1532-1} - iceweasel 2.0.0.13-1 - xulrunner 1.8.1.13-1 - iceape 1.1.9-1 - icedove 2.0.0.14-1 CVE-2008-1234 (Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 2.0 ...) {DSA-1574-1 DSA-1534-2 DSA-1535-1 DSA-1534-1 DSA-1532-1} - iceweasel 2.0.0.13-1 - xulrunner 1.8.1.13-1 - iceape 1.1.9-1 - icedove 2.0.0.14-1 CVE-2008-1233 (Unspecified vulnerability in Mozilla Firefox before 2.0.0.13, Thunderb ...) {DSA-1574-1 DSA-1534-2 DSA-1535-1 DSA-1534-1 DSA-1532-1} - iceweasel 2.0.0.13-1 - xulrunner 1.8.1.13-1 - iceape 1.1.9-1 - icedove 2.0.0.14-1 CVE-2008-1232 (Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1.0 throug ...) - tomcat5.5 5.5.26-4 (low; bug #494504) CVE-2008-1231 (Directory traversal vulnerability in Edit.jsp in JSPWiki 2.4.104 and 2 ...) - jspwiki 2.8.0-1 (bug #470477) CVE-2008-1230 (Unrestricted file upload vulnerability in JSPWiki 2.4.104 and 2.5.139 ...) - jspwiki 2.8.0-1 (bug #470477) CVE-2008-1229 (Cross-site scripting (XSS) vulnerability in Edit.jsp in JSPWiki 2.4.10 ...) - jspwiki 2.8.0-1 (bug #470477) CVE-2008-1228 (Cross-site scripting (XSS) vulnerability in admin.php in MG2 (formerly ...) NOT-FOR-US: MG2 CVE-2008-1227 (Stack-based buffer overflow in the silc_fingerprint function in lib/si ...) - silc-toolkit 1.1.6-1 CVE-2008-1226 (Multiple cross-site scripting (XSS) vulnerabilities in Zimbra Collabor ...) NOT-FOR-US: Zimbra Collaboration Suite CVE-2008-1225 (Multiple cross-site scripting (XSS) vulnerabilities in WebCT Campus Ed ...) NOT-FOR-US: WebCT Campus Edition CVE-2008-1224 (Cross-site scripting (XSS) vulnerability in account.php in BosClassifi ...) NOT-FOR-US: BosClassifieds Classified Ads System CVE-2008-1223 (Unspecified vulnerability in Dokeos 1.8.4 before SP3 allows attackers ...) NOT-FOR-US: Dokeos CVE-2008-1222 (Cross-site scripting (XSS) vulnerability in Dokeos 1.8.4 before SP3 al ...) NOT-FOR-US: Dokeos CVE-2008-1221 (Absolute path traversal vulnerability in the FTP server in MicroWorld ...) NOT-FOR-US: MicroWorld eScan CVE-2008-1220 (SQL injection vulnerability in the 4nChat 0.91 module for PHP-Nuke all ...) NOT-FOR-US: 4nChat for PHP-Nuke CVE-2008-1219 (SQL injection vulnerability in the Kutub-i Sitte (KutubiSitte) 1.1 mod ...) NOT-FOR-US: Kutub-i Sitte for PHP-Nuke CVE-2008-1217 (Unspecified vulnerability in nlnotes.dll in the client in IBM Lotus No ...) NOT-FOR-US: IBM Lotus Notes CVE-2008-1216 (IBM Lotus Quickr 8.0 server, and possibly QuickPlace 7.x, does not pro ...) NOT-FOR-US: IBM Lotus Notes CVE-2008-1215 (Stack-based buffer overflow in the command_Expand_Interpret function i ...) NOT-FOR-US: BSD net/userppp CVE-2008-1214 (MRcgi/MRProcessIncomingForms.pl in Numara FootPrints 8.1 on Linux allo ...) NOT-FOR-US: Numara FootPrints CVE-2008-1213 (Cross-site scripting (XSS) vulnerability in Numara FootPrints for Linu ...) NOT-FOR-US: Numara FootPrints CVE-2008-1212 (Cross-site scripting (XSS) vulnerability in set_permissions.php in Pod ...) NOT-FOR-US: Podcast Generator CVE-2008-1211 (Cross-site scripting (XSS) vulnerability in BosDates 3.x and 4.x allow ...) NOT-FOR-US: BosDates CVE-2008-1210 (Stack-based buffer overflow in the ctags parsing code in Programmer's ...) NOT-FOR-US: Programmer's Notepad CVE-2008-1209 (Cross-site scripting (XSS) vulnerability in redirect.do in Xitex WebCo ...) NOT-FOR-US: Xitex WebContent M1 CVE-2008-1208 (Cross-site scripting (XSS) vulnerability in the login page in Check Po ...) NOT-FOR-US: CheckPoint VPN-1 CVE-2008-1207 (Multiple unspecified vulnerabilities in Fujitsu Interstage Smart Repos ...) NOT-FOR-US: Fujitsu Interstage CVE-2008-1206 (Format string vulnerability in the log_message function in lks.c in Li ...) NOT-FOR-US: Linux Kiss Server CVE-2008-1205 (Unspecified vulnerability in the ipsecah kernel module in Sun Solaris ...) NOT-FOR-US: Sun Solaris CVE-2008-1204 (Multiple cross-site scripting (XSS) vulnerabilities in the Administrat ...) NOT-FOR-US: Sun Java System CVE-2008-1203 (The administrator interface for Adobe ColdFusion 8 and ColdFusion MX7 ...) NOT-FOR-US: Adobe ColdFusion CVE-2008-1202 (Cross-site scripting (XSS) vulnerability in the web management interfa ...) NOT-FOR-US: Adobe LiveCycle Workflow CVE-2008-1201 (Multiple unspecified vulnerabilities in FLA file parsing in Adobe Flas ...) NOT-FOR-US: Adobe Flash CS3 Professional CVE-2008-1200 (Unspecified vulnerability in Microsoft Access allows remote user-assis ...) NOT-FOR-US: Microsoft Access CVE-2008-1198 (The default IPSec ifup script in Red Hat Enterprise Linux 3 through 5 ...) NOT-FOR-US: Red Hat specific CVE-2008-1197 (The Marvell driver for the Netgear WN802T Wi-Fi access point with firm ...) NOT-FOR-US: Marvell driver for the Netgear WN802T Wi-Fi access point CVE-2008-1196 (Stack-based buffer overflow in Java Web Start (javaws.exe) in Sun JDK ...) - sun-java6 6-05-1 (medium) - sun-java5 1.5.0-15-1 (medium) [etch] - sun-java5 (Non-free not supported) CVE-2008-1195 (Unspecified vulnerability in Sun JDK and Java Runtime Environment (JRE ...) - sun-java6 6-05-1 (low) - sun-java5 1.5.0-15-1 (low) [etch] - sun-java5 (Non-free not supported) CVE-2008-1194 (Multiple unspecified vulnerabilities in the color management library i ...) - sun-java6 6-05-1 (unimportant) - sun-java5 1.5.0-15-1 (unimportant) [etch] - sun-java5 (Non-free not supported) CVE-2008-1193 (Unspecified vulnerability in Java Runtime Environment Image Parsing Li ...) - sun-java6 6-05-1 (low) - sun-java5 1.5.0-15-1 (low) [etch] - sun-java5 (Non-free not supported) CVE-2008-1192 (Unspecified vulnerability in the Java Plug-in for Sun JDK and JRE 6 Up ...) - sun-java6 6-05-1 (medium) - sun-java5 1.5.0-15-1 (medium) [etch] - sun-java5 (Non-free not supported) CVE-2008-1191 (Unspecified vulnerability in Java Web Start in Sun JDK and JRE 6 Updat ...) - sun-java6 6-05-1 (medium) - sun-java5 1.5.0-15-1 (medium) [etch] - sun-java5 (Non-free not supported) CVE-2008-1190 (Unspecified vulnerability in Java Web Start in Sun JDK and JRE 6 Updat ...) - sun-java6 6-05-1 (medium) - sun-java5 (No more information by sun) CVE-2008-1189 (Buffer overflow in Java Web Start in Sun JDK and JRE 6 Update 4 and ea ...) - sun-java6 6-05-1 (medium) - sun-java5 1.5.0-15-1 (medium) [etch] - sun-java5 (Non-free not supported) CVE-2008-1188 (Multiple buffer overflows in the useEncodingDecl function in Java Web ...) - sun-java6 6-05-1 (medium) - sun-java5 1.5.0-15-1 (medium) [etch] - sun-java5 (Non-free not supported) CVE-2008-1187 (Unspecified vulnerability in Sun Java Runtime Environment (JRE) and JD ...) - sun-java6 6-05-1 (low) - sun-java5 1.5.0-15-1 (low) [etch] - sun-java5 (Non-free not supported) CVE-2008-1186 (Unspecified vulnerability in the Virtual Machine for Sun Java Runtime ...) - sun-java6 6-05-1 - sun-java5 1.5.0-15-1 [etch] - sun-java5 (Non-free not supported) CVE-2008-1185 (Unspecified vulnerability in the Virtual Machine for Sun Java Runtime ...) - sun-java6 6-05-1 - sun-java5 1.5.0-15-1 [etch] - sun-java5 (Non-free not supported) CVE-2008-1184 (The DNSSEC validation library (libval) library in dnssec-tools before ...) - dnssec-tools (first version in Debian was 1.4.1) CVE-2008-1183 (Multiple cross-site scripting (XSS) vulnerabilities in Crafty Syntax L ...) NOT-FOR-US: Crafty Syntax Live Help CVE-2008-1182 (Cross-site scripting (XSS) vulnerability in BSD Perimeter pfSense befo ...) NOT-FOR-US: BSD Perimeter pfSense CVE-2008-1181 (Juniper Networks Secure Access 2000 5.5 R1 (build 11711) allows remote ...) NOT-FOR-US: Juniper CVE-2008-1180 (Cross-site scripting (XSS) vulnerability in dana-na/auth/rdremediate.c ...) NOT-FOR-US: Juniper CVE-2008-1179 (Multiple cross-site scripting (XSS) vulnerabilities in include/common/ ...) - centreon-web (bug #913903) CVE-2008-1178 (Directory traversal vulnerability in include/doc/index.php in Centreon ...) - centreon-web (bug #913903) CVE-2008-1177 (SQL injection vulnerability in shop/detail.php in Affiliate Market (af ...) NOT-FOR-US: Affiliate Market CVE-2008-1176 (Cross-site scripting (XSS) vulnerability in function/sideblock.php in ...) NOT-FOR-US: Affiliate Market CVE-2008-1175 (Cross-site scripting (XSS) vulnerability in AuthentiX 6.3b1 Trial allo ...) NOT-FOR-US: AuthentiX CVE-2008-1174 (Cross-site scripting (XSS) vulnerability in editUser.asp in AuthentiX ...) NOT-FOR-US: AuthentiX CVE-2008-1173 (Cross-site scripting (XSS) vulnerability in account-inbox.php in Torre ...) NOT-FOR-US: TorrentTrader CVE-2008-1172 (Cross-site request forgery (CSRF) vulnerabilities in account-inbox.php ...) NOT-FOR-US: TorrentTrader CVE-2008-1171 NOT-FOR-US: 123 Flash Chat Module for phpBB CVE-2008-1170 (Multiple PHP remote file inclusion vulnerabilities in KCWiki 1.0 allow ...) NOT-FOR-US: KCWiki CVE-2008-1169 (Directory traversal vulnerability in the embedded HTTP server in SCI P ...) NOT-FOR-US: SCI Photo Chat Server CVE-2008-1168 (Cross-site scripting (XSS) vulnerability in Squid Analysis Report Gene ...) - sarg 2.2.5-1 CVE-2008-1167 (Stack-based buffer overflow in the useragent function in useragent.c i ...) - sarg 2.2.4-1 CVE-2008-1166 (Flyspray 0.9.9.4 generates different error messages depending on wheth ...) - flyspray CVE-2008-1165 (Multiple cross-site scripting (XSS) vulnerabilities in Flyspray 0.9.9 ...) - flyspray CVE-2008-1164 (SQL injection vulnerability in index.php in phpComasy 0.8 allows remot ...) NOT-FOR-US: phpComasy CMS CVE-2008-1163 (SQL injection vulnerability in index.php in phpArcadeScript 1.0 throug ...) NOT-FOR-US: phpArcadeScript CVE-2008-1162 (SQL injection vulnerability in album.php in PHP WEB SCRIPT Dynamic Pho ...) NOT-FOR-US: phpwebscript CVE-2008-1161 (Buffer overflow in the Matroska demuxer (demuxers/demux_matroska.c) in ...) {DSA-1536-1} - xine-lib 1.1.10.1-1 (medium) CVE-2008-1160 (ZyXEL ZyWALL 1050 has a hard-coded password for the Quagga and Zebra p ...) NOT-FOR-US: ZyXEL ZyWALL 1050 CVE-2008-1159 (Multiple unspecified vulnerabilities in the SSH server in Cisco IOS 12 ...) NOT-FOR-US: Cisco ssh server CVE-2008-1158 (The Presence Engine (PE) service in Cisco Unified Presence before 6.0( ...) NOT-FOR-US: Presence Engine (PE) Cisco Unified Presence CVE-2008-1157 (Cisco CiscoWorks Internetwork Performance Monitor (IPM) 2.6 creates a ...) NOT-FOR-US: Cisco IPM CVE-2008-1156 (Unspecified vulnerability in the Multicast Virtual Private Network (MV ...) NOT-FOR-US: Cisco IOS CVE-2008-1155 (Cisco Network Admission Control (NAC) Appliance 3.5.x, 3.6.x before 3. ...) NOT-FOR-US: Cisco CVE-2008-1154 (The Disaster Recovery Framework (DRF) master server in Cisco Unified C ...) NOT-FOR-US: Cisco IOS CVE-2008-1153 (Cisco IOS 12.1, 12.2, 12.3, and 12.4, with IPv4 UDP services and the I ...) NOT-FOR-US: Cisco IOS CVE-2008-1152 (The data-link switching (DLSw) component in Cisco IOS 12.0 through 12. ...) NOT-FOR-US: Cisco IOS CVE-2008-1151 (Memory leak in the virtual private dial-up network (VPDN) component in ...) NOT-FOR-US: Cisco IOS CVE-2008-1150 (The virtual private dial-up network (VPDN) component in Cisco IOS befo ...) NOT-FOR-US: Cisco IOS CVE-2008-1149 (phpMyAdmin before 2.11.5 accesses $_REQUEST to obtain some parameters ...) {DSA-1557-1} - phpmyadmin 4:2.11.5-1 (low) [etch] - phpmyadmin (Minor issue) [sarge] - phpmyadmin (Vulnerable code not present) NOTE: https://www.phpmyadmin.net/security/PMASA-2008-1/ NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/c57b39bed91f06d574a95d8a5a091e5e59492d69 NOTE: SQL injection if you can set local cookies, which means NOTE: you must be able to create pages in the same cookie domain, which seems NOTE: rare and unwise. low priority. CVE-2008-1148 (A certain pseudo-random number generator (PRNG) algorithm that uses AD ...) NOT-FOR-US: OpenBSD / NetBSD CVE-2008-1147 (A certain pseudo-random number generator (PRNG) algorithm that uses XO ...) - kfreebsd-5 [etch] - kfreebsd-5 (KFreebsd not supported) - kfreebsd-6 [lenny] - kfreebsd-6 (KFreebsd not supported) - kfreebsd-7 (bug #559107) [lenny] - kfreebsd-7 (KFreebsd not supported) CVE-2008-1146 (A certain pseudo-random number generator (PRNG) algorithm that uses XO ...) NOT-FOR-US: OpenBSD CVE-2008-1144 (The Marvell driver for the Netgear WN802T Wi-Fi access point with firm ...) NOT-FOR-US: Marvell driver for the Netgear WN802T Wi-Fi access point CVE-2008-1143 RESERVED CVE-2008-1141 (Memory leak in DLMFENC.sys 1.0.0.26 in DESlock+ 3.2.6 and earlier allo ...) NOT-FOR-US: DESlock+ CVE-2008-1140 (DLMFDISK.sys 1.2.0.27 in DESlock+ 3.2.6 and earlier allows local users ...) NOT-FOR-US: DESlock+ CVE-2008-1139 (DESlock+ 3.2.6 and earlier, when DLMFENC.sys 1.0.0.26 and DLMFDISK.sys ...) NOT-FOR-US: DESlock+ CVE-2008-1138 (DLMFENC.sys 1.0.0.26 in DESlock+ 3.2.6 and earlier allows local users ...) NOT-FOR-US: DESlock+ CVE-2008-1137 (SQL injection vulnerability in the Garys Cookbook (com_garyscookbook) ...) NOT-FOR-US: com_garyscookbook component for Mambo and Joomla! CVE-2008-1136 (The Utils::runScripts function in src/utils.cpp in vdccm 0.92 through ...) - vdccm CVE-2008-1135 (OMEGA (aka Omegasoft) INterneSErvicesLosungen (INSEL) 7 generates diff ...) NOT-FOR-US: OMEGA CVE-2008-1134 (OMEGA (aka Omegasoft) INterneSErvicesLosungen (INSEL) 7 supports authe ...) NOT-FOR-US: OMEGA CVE-2008-1133 (The Drupal.checkPlain function in Drupal 6.0 only escapes the first in ...) - drupal5 (Vulnerable code introduced in 6.x) CVE-2008-1218 (Argument injection vulnerability in Dovecot 1.0.x before 1.0.13, and 1 ...) {DSA-1516-1} - dovecot 1:1.0.13-1 [etch] - dovecot (Vulnerable code not present) [sarge] - dovecot (Vulnerable code not present) NOTE: exploitable through code introduced in 1.0.11 NOTE: http://www.dovecot.org/list/dovecot-news/2008-March/000064.html CVE-2008-1293 (ldm in Linux Terminal Server Project (LTSP) 0.99 and 2 passes the -ac ...) {DSA-1561-1 DTSA-118-1} - ldm 2:0.1~bzr20080308-1 (bug #469462) - ltsp 5.0.40~bzr20071229-1 NOTE: In revision 5.0.40~bzr20071229-1 ldm has been split into a separate source package CVE-2008-1145 (Directory traversal vulnerability in WEBrick in Ruby 1.8 before 1.8.5- ...) - ruby1.8 1.8.6.114-1 (unimportant; bug #469475) - ruby1.9 1.9.0.1-1 (unimportant; bug #469482) [sarge] - ruby1.8 (case insensitive FS, corner case) [etch] - ruby1.8 (case insensitive FS, corner case) [etch] - ruby1.9 (case insensitive FS, corner case) NOTE: http://www.ruby-lang.org/en/news/2008/03/03/webrick-file-access-vulnerability/ CVE-2008-1199 (Dovecot before 1.0.11, when configured to use mail_extra_groups to all ...) {DSA-1516-1} - dovecot 1:1.0.12-1 (medium; bug #469457) CVE-2008-1132 (Untrusted search path vulnerability in src/mainwindow.c in Net Activit ...) NOT-FOR-US: Net Activity Viewer CVE-2008-1131 (Cross-site scripting (XSS) vulnerability in Drupal 6.0 allows remote a ...) - drupal (Vulnerable code not present, affects only 6.x branch) - drupal5 (Vulnerable code not present, affects only 6.x branch) CVE-2008-1130 (Unspecified vulnerability in IBM WebSphere MQ 6.0.x before 6.0.2.2 and ...) NOT-FOR-US: WebSphere CVE-2008-1129 (Cross-site scripting (XSS) vulnerability in admin/users/self.php in XR ...) NOT-FOR-US: XRMS CVE-2008-1128 (PHP remote file inclusion vulnerability in tourney/index.php in phpMyT ...) NOT-FOR-US: phpMyTourney CVE-2008-1127 (Format string vulnerability in the cryactio function in Crysis 1.1.1.5 ...) NOT-FOR-US: Crysis CVE-2008-1126 (PHP remote file inclusion vulnerability in main.php in Barryvan Compo ...) NOT-FOR-US: Barryvan Compo Manager CVE-2008-1125 (Multiple directory traversal vulnerabilities in Podcast Generator 1.0 ...) NOT-FOR-US: Podcast Generator CVE-2008-1124 (Multiple PHP remote file inclusion vulnerabilities in Podcast Generato ...) NOT-FOR-US: Podcast Generator CVE-2008-1123 (Multiple PHP remote file inclusion vulnerabilities in SiteBuilder Elit ...) NOT-FOR-US: SiteBuilder CVE-2008-1122 (SQL injection vulnerability in the downloads module in Koobi Pro 5.7 a ...) NOT-FOR-US: Koobi CVE-2008-1121 (SQL injection vulnerability in index.php in eazyPortal 1.0 and earlier ...) NOT-FOR-US: eazyPortal CVE-2008-1120 (Format string vulnerability in the embedded Internet Explorer componen ...) NOT-FOR-US: ICQ CVE-2008-1119 (Directory traversal vulnerability in include/doc/get_image.php in Cent ...) - centreon-web (bug #913903) CVE-2008-1118 (Timbuktu Pro 8.6.5 for Windows, and possibly 8.7 for Mac OS X, does no ...) NOT-FOR-US: Timbuktu Pro CVE-2008-1117 (Directory traversal vulnerability in the Notes (aka Flash Notes or ins ...) NOT-FOR-US: Timbuktu Pro CVE-2008-1116 (Insecure method vulnerability in the Web Scan Object ActiveX control ( ...) NOT-FOR-US: Rising Antivirus CVE-2008-1115 (Unspecified vulnerability in Sun Solaris 8 directory functions allows ...) NOT-FOR-US: Sun Solaris CVE-2008-1114 (Vocera Communications wireless handsets, when using Protected Extensib ...) NOT-FOR-US: Vocera CVE-2008-1113 (Cisco Unified Wireless IP Phone 7921, when using Protected Extensible ...) NOT-FOR-US: Cisco CVE-2008-1112 REJECTED CVE-2008-1110 (Buffer overflow in demuxers/demux_asf.c (aka the ASF demuxer) in the x ...) - xine-lib 1.1.10-1 [etch] - xine-lib (Not affected per assessment of maintainer) [sarge] - xine-lib (Not affected per assessment of maintainer) CVE-2008-1109 (Heap-based buffer overflow in Evolution 2.22.1 allows user-assisted re ...) - evolution 2.22.2-1.1 (low; bug #484639) [etch] - evolution (Minor issue) NOTE: Requires that the user accepts the iCalendar request and replies NOTE: to it from the "Calendars" window. CVE-2008-1108 (Buffer overflow in Evolution 2.22.1, when the ITip Formatter plugin is ...) - evolution 2.22.2-1.1 (low; bug #484639) [etch] - evolution (Minor issue) NOTE: Requires that the ITip Formatter plugin is disabled, which is enabled by default. CVE-2008-1107 (Multiple stack-based buffer overflows in the Danske Bank e-Sec Control ...) NOT-FOR-US: Danske Bank e-Sec Control Module CVE-2008-1106 (The management interface in Akamai Client (formerly Red Swoosh) 3322 a ...) NOT-FOR-US: Akamai Client CVE-2008-1105 (Heap-based buffer overflow in the receive_smb_raw function in util/soc ...) {DSA-1590-1} - samba 1:3.0.30-1 (medium; bug #483410) CVE-2008-1104 (Stack-based buffer overflow in Foxit Reader before 2.3 build 2912 allo ...) NOT-FOR-US: Foxit Reader CVE-2008-1103 (Multiple unspecified vulnerabilities in Blender have unknown impact an ...) - blender 2.40-1 (low) CVE-2008-1102 (Stack-based buffer overflow in the imb_loadhdr function in Blender 2.4 ...) {DSA-1567-1} - blender 2.45-5 (medium; bug #477808) CVE-2008-1101 (Buffer overflow in kvdocve.dll in the KeyView document viewing engine ...) NOT-FOR-US: KeyView CVE-2008-1100 (Buffer overflow in the cli_scanpe function in libclamav (libclamav/pe. ...) {DSA-1549-1} - clamav 0.92.1~dfsg2-1 CVE-2008-1099 (_macro_Getval in wikimacro.py in MoinMoin 1.5.8 and earlier does not p ...) {DSA-1514-1} - moin 1.5.8-5.1 CVE-2008-1098 (Multiple cross-site scripting (XSS) vulnerabilities in MoinMoin 1.5.8 ...) {DSA-1514-1} - moin 1.5.8-5.1 CVE-2008-1097 (Heap-based buffer overflow in the ReadPCXImage function in the PCX cod ...) {DSA-1858-1} - graphicsmagick 1.1.7-13 - imagemagick 7:6.2.4.5.dfsg1-1 CVE-2008-1096 (The load_tile function in the XCF coder in coders/xcf.c in (1) ImageMa ...) {DSA-1903-1 DSA-1858-1} - imagemagick 7:6.3.7.9.dfsg1-2.1 (medium; bug #414370) [lenny] - imagemagick 7:6.3.7.9.dfsg1-2.1+lenny1 - graphicsmagick 1.1.11-3.2 (medium; bug #414370) CVE-2008-1095 (Unspecified vulnerability in the Internet Protocol (IP) implementation ...) NOT-FOR-US: Sun Solaris CVE-2008-1094 (SQL injection vulnerability in index.cgi in the Account View page in B ...) NOT-FOR-US: Barracuda Spam Firewall CVE-2008-1093 (Acresso InstallShield Update Agent does not properly verify the authen ...) NOT-FOR-US: FLEXnet Connect CVE-2008-1092 (Buffer overflow in msjet40.dll before 4.0.9505.0 in Microsoft Jet Data ...) NOT-FOR-US: Microsoft Jet Database Engine CVE-2008-1091 (Unspecified vulnerability in Microsoft Word in Office 2000 and XP SP3, ...) NOT-FOR-US: Microsoft Word CVE-2008-1090 (Unspecified vulnerability in Microsoft Visio 2002 SP2, 2003 SP2 and SP ...) NOT-FOR-US: Microsoft CVE-2008-1089 (Unspecified vulnerability in Microsoft Visio 2002 SP2, 2003 SP2 and SP ...) NOT-FOR-US: Microsoft CVE-2008-1088 (Microsoft Project 2000 Service Release 1, 2002 SP1, and 2003 SP2 allow ...) NOT-FOR-US: Microsoft CVE-2008-1087 (Stack-based buffer overflow in GDI in Microsoft Windows 2000 SP4, XP S ...) NOT-FOR-US: Microsoft CVE-2008-1086 (The HxTocCtrl ActiveX control (hxvz.dll), as used in Microsoft Interne ...) NOT-FOR-US: Microsoft CVE-2008-1085 (Use-after-free vulnerability in Microsoft Internet Explorer 5.01 SP4, ...) NOT-FOR-US: Microsoft CVE-2008-1084 (Unspecified vulnerability in the kernel in Microsoft Windows 2000 SP4, ...) NOT-FOR-US: Microsoft CVE-2008-1083 (Heap-based buffer overflow in the CreateDIBPatternBrushPt function in ...) NOT-FOR-US: Microsoft CVE-2008-1082 (Opera before 9.26 allows remote attackers to "bypass sanitization filt ...) NOT-FOR-US: Opera CVE-2008-1081 (Opera before 9.26 allows user-assisted remote attackers to execute arb ...) NOT-FOR-US: Opera CVE-2008-1080 (Opera before 9.26 allows user-assisted remote attackers to read arbitr ...) NOT-FOR-US: Opera CVE-2008-1079 (The outboxWriteUnsent function in FTPThread.class in SendFile.jar for ...) NOT-FOR-US: Beehive Software SendFile.NET CVE-2008-1078 (expn in the am-utils and net-fs packages for Gentoo, rPath Linux, and ...) - am-utils (Affected code not present in the binary package) NOTE: sendmail includes a copy of the script, which has been fixed since NOTE: several years CVE-2008-1077 (SQL injection vulnerability in index.php in the Simpleboard (com_simpl ...) NOT-FOR-US: com_simpleboard component for Mambo and Joomla! CVE-2008-1076 (Cross-site scripting (XSS) vulnerability in search.php in Interspire S ...) NOT-FOR-US: Interspire Shopping Cart CVE-2008-1075 (Cross-site scripting (XSS) vulnerability in index.php in Maian Cart 1. ...) NOT-FOR-US: Maian Cart CVE-2008-1074 (PHP remote file inclusion vulnerability in lib/head_auth.php in GROUP- ...) NOT-FOR-US: GROUP-E CVE-2008-1073 (Cross-site scripting (XSS) vulnerability in the report interface in In ...) NOT-FOR-US: Internet Security Systems CVE-2008-1072 (The TFTP dissector in Wireshark (formerly Ethereal) 0.6.0 through 0.99 ...) - wireshark 0.99.8-1 (low; bug #469488) [etch] - wireshark (Only affected in conjunction with later libcairo) [sarge] - ethereal (Only affected in conjunction with later libcairo) CVE-2008-1071 (The SNMP dissector in Wireshark (formerly Ethereal) 0.99.6 through 0.9 ...) - wireshark 0.99.8-1 (low; bug #469488) [etch] - wireshark (Only affects 0.99.6 onwards) [sarge] - ethereal (Only affects 0.99.6 onwards) CVE-2008-1070 (The SCTP dissector in Wireshark (formerly Ethereal) 0.99.5 through 0.9 ...) - wireshark 0.99.8-1 (low; bug #469488) [etch] - wireshark (Only affects 0.99.5 onwards) [sarge] - ethereal (Only affects 0.99.5 onwards) CVE-2008-1069 (Multiple PHP remote file inclusion vulnerabilities in Quantum Game Lib ...) NOT-FOR-US: Quantum Game Library CVE-2008-1068 (Multiple PHP remote file inclusion vulnerabilities in Portail Web Php ...) NOT-FOR-US: Portail Web Php CVE-2008-1067 (Multiple PHP remote file inclusion vulnerabilities in phpQLAdmin 2.2.7 ...) - phpqladmin CVE-2008-1066 (The modifier.regex_replace.php plugin in Smarty before 2.6.19, as used ...) {DSA-1520-1} - smarty 2.6.18-1.1 (low; bug #469492) - moodle (low; bug #471158) - gallery2 2.2.5-2 (low; bug #471160) - mahara 0.9.2-2 (low; bug #471201) NOTE: Moodle ships Smarty but uses it in only one file, which doesn't use regex_replace CVE-2008-1065 (Multiple SQL injection vulnerabilities in index.php in the XM-Memberst ...) NOT-FOR-US: xmmemberstats module for XOOPS CVE-2008-1064 (Cross-site scripting (XSS) vulnerability in images.php in the Red Mexi ...) NOT-FOR-US: rmgs module for XOOPs CVE-2008-1063 (Cross-site scripting (XSS) vulnerability index.php in the XM-Membersta ...) NOT-FOR-US: xmmemberstats module for XOOPS CVE-2008-1062 (InterVideo IMC Server (aka IMCSvr.exe) and InterVideo Home Theater (ak ...) NOT-FOR-US: InterVideo IMC Server/InterVideo Home Theater CVE-2008-1061 (Multiple cross-site scripting (XSS) vulnerabilities in the Sniplets 1. ...) NOT-FOR-US: Sniplets plugin for WordPress CVE-2008-1060 (Eval injection vulnerability in modules/execute.php in the Sniplets 1. ...) NOT-FOR-US: Sniplets plugin for WordPress CVE-2008-1059 (PHP remote file inclusion vulnerability in modules/syntax_highlight.ph ...) NOT-FOR-US: Sniplets plugin for WordPress CVE-2008-1058 (The tcp_respond function in netinet/tcp_subr.c in OpenBSD 4.1 and 4.2 ...) NOT-FOR-US: OpenBSD CVE-2008-1057 (The ip6_check_rh0hdr function in netinet6/ip6_input.c in OpenBSD 4.2 a ...) NOT-FOR-US: OpenBSD CVE-2008-1056 (Multiple stack-based buffer overflows in Symark PowerBroker 2.8 throug ...) NOT-FOR-US: Symark PowerBroker CVE-2008-1111 (mod_cgi in lighttpd 1.4.18 sends the source code of CGI scripts instea ...) {DSA-1513-1} - lighttpd 1.4.18-4 (low; bug #469307) CVE-2008-1142 (rxvt 2.6.4 opens a terminal window on :0 if the DISPLAY environment va ...) - rxvt 1:2.6.4-13 (unimportant; bug #469296) CVE-2008-1055 (Format string vulnerability in webmail.exe in NetWin SurgeMail 38k4 an ...) NOT-FOR-US: SurgeMail CVE-2008-1054 (Stack-based buffer overflow in the _lib_spawn_user_getpid function in ...) NOT-FOR-US: SurgeMail CVE-2008-1053 (Multiple SQL injection vulnerabilities in the Kose_Yazilari module for ...) NOT-FOR-US: Kose_Yazilari module for PHP-Nuke CVE-2008-1052 (The administration web interface in NetWin SurgeFTP 2.3a2 and earlier ...) NOT-FOR-US: SurgeFTP CVE-2008-1051 (PHP remote file inclusion vulnerability in include/body_comm.inc.php i ...) NOT-FOR-US: phpProfiles CVE-2008-1050 (SQL injection vulnerability in index.php in Softbiz Jokes & Funny ...) NOT-FOR-US: Softbiz Jokes & Funny Pics Script CVE-2008-1049 (Unspecified vulnerability in Parallels SiteStudio before 1.7.2, and 1. ...) NOT-FOR-US: Parallels SiteStudio CVE-2008-1048 (Cross-site scripting (XSS) vulnerability in manager/xmedia.php in Plum ...) NOT-FOR-US: Plume CMS CVE-2008-1047 (Cross-site scripting (XSS) vulnerability in tiki-edit_article.php in T ...) - tikiwiki CVE-2008-1046 (PHP remote file inclusion vulnerability in footer.php in Quinsonnas Ma ...) NOT-FOR-US: Quinsonnas Mail Checker CVE-2008-1045 (Cross-site scripting (XSS) vulnerability in the file tree navigation f ...) NOT-FOR-US: OpenCMS CVE-2008-1044 (Stack-based buffer overflow in the Quantum Streaming Player (Quantum S ...) NOT-FOR-US: Quantum Streaming Player CVE-2008-1043 (PHP remote file inclusion vulnerability in templates/default/header.in ...) NOT-FOR-US: Linux Web Shop CVE-2008-1042 (Directory traversal vulnerability in include/body.inc.php in Linux Web ...) NOT-FOR-US: Linux Web Shop CVE-2008-1041 (Cross-site scripting (XSS) vulnerability in mwhois.php in Matt Wilson ...) NOT-FOR-US: MWhois CVE-2008-1040 (Buffer overflow in the Single Sign-On function in Fujitsu Interstage A ...) NOT-FOR-US: Fujitsu Interstage Application Server CVE-2008-1039 (SQL injection vulnerability in question.asp in PORAR WEBBOARD allows r ...) NOT-FOR-US: PORAR WEBBOARD CVE-2008-1038 (PHP remote file inclusion vulnerability in mod/mod.extmanager.php in D ...) NOT-FOR-US: DBHcms CVE-2008-1037 (Cross-site scripting (XSS) vulnerability in the file listing function ...) NOT-FOR-US: Packeteer PacketShaper CVE-2008-1036 (The International Components for Unicode (ICU) library in Apple Mac OS ...) {DSA-1762-1} - icu 4.0.1-1 CVE-2008-1035 (Use-after-free vulnerability in Apple iCal 3.0.1 on Mac OS X allows re ...) NOT-FOR-US: Apple iCal CVE-2008-1034 (Integer underflow in Help Viewer in Apple Mac OS X before 10.5 allows ...) NOT-FOR-US: Apple Mac OS CVE-2008-1033 (The scheduler in CUPS in Apple Mac OS X 10.5 before 10.5.3, when debug ...) - cups 1.3.7-1 CVE-2008-1032 (Incomplete blacklist vulnerability in CoreTypes in Apple Mac OS X befo ...) NOT-FOR-US: Apple Mac OS CVE-2008-1031 (CoreGraphics in Apple Mac OS X before 10.5.3 allows remote attackers t ...) NOT-FOR-US: Apple Mac OS CVE-2008-1030 (Integer overflow in the CFDataReplaceBytes function in the CFData API ...) NOT-FOR-US: Apple Mac OS CVE-2008-1029 RESERVED CVE-2008-1028 (Unspecified vulnerability in AppKit in Apple Mac OS X before 10.5 allo ...) NOT-FOR-US: Apple Mac OS CVE-2008-1027 (Apple Filing Protocol (AFP) Server in Apple Mac OS X before 10.5.3 doe ...) NOT-FOR-US: Apple Mac OS CVE-2008-1026 (Integer overflow in the PCRE regular expression compiler (JavaScriptCo ...) - webkit 0~svn31841-1 - qt4-x11 (vulnerable code not present referring to upstream) NOTE: for qt, referring to upstream this only applies to optimized code in safari 3.1 NOTE: branch and qt 4.4 is based on safari 3.0 CVE-2008-1025 (Cross-site scripting (XSS) vulnerability in Apple WebKit, as used in S ...) - qt4-x11 (QUrl handles URLs and is not vulnerable to this CVE, see bug #479644) - webkit 0~svn31841-1 (medium) CVE-2008-1024 (Apple Safari before 3.1.1, when running on Windows XP or Vista, allows ...) NOT-FOR-US: Apple Safari CVE-2008-1023 (Heap-based buffer overflow in Clip opcode parsing in Apple QuickTime b ...) NOT-FOR-US: Apple QuickTime CVE-2008-1022 (Stack-based buffer overflow in Apple QuickTime before 7.4.5 allows rem ...) NOT-FOR-US: Apple QuickTime CVE-2008-1021 (Heap-based buffer overflow in Animation codec content handling in Appl ...) NOT-FOR-US: Apple QuickTime CVE-2008-1020 (Heap-based buffer overflow in quickTime.qts in Apple QuickTime before ...) NOT-FOR-US: Apple QuickTime CVE-2008-1019 (Heap-based buffer overflow in quickTime.qts in Apple QuickTime before ...) NOT-FOR-US: Apple QuickTime CVE-2008-1018 (Heap-based buffer overflow in Apple QuickTime before 7.4.5 allows remo ...) NOT-FOR-US: Apple QuickTime CVE-2008-1017 (Heap-based buffer overflow in clipping region (aka crgn) atom handling ...) NOT-FOR-US: Apple QuickTime CVE-2008-1016 (Apple QuickTime before 7.4.5 does not properly handle movie media trac ...) NOT-FOR-US: Apple QuickTime CVE-2008-1015 (Buffer overflow in the data reference atom handling in Apple QuickTime ...) NOT-FOR-US: Apple QuickTime CVE-2008-1014 (Apple QuickTime before 7.4.5 does not properly handle external URLs in ...) NOT-FOR-US: Apple QuickTime CVE-2008-1013 (Apple QuickTime before 7.4.5 enables deserialization of QTJava objects ...) NOT-FOR-US: Apple QuickTime CVE-2008-1012 (Unspecified vulnerability in Apple AirPort Extreme Base Station Firmwa ...) NOT-FOR-US: Apple AirPort CVE-2008-1011 (Cross-site scripting (XSS) vulnerability in WebKit, as used in Apple S ...) NOTE: As far as I can see this has been addressed in revision 30871. NOTE: Please doublecheck. CVE-2008-1010 (Buffer overflow in WebKit, as used in Apple Safari before 3.1, allows ...) NOTE: As far as I can see this has been addressed in revision 31388. NOTE: Please doublecheck. CVE-2008-1009 (Cross-site scripting (XSS) vulnerability in WebCore, as used in Apple ...) NOT-FOR-US: WebCore (Apple Safari) CVE-2008-1008 (Cross-site scripting (XSS) vulnerability in WebCore, as used in Apple ...) NOT-FOR-US: WebCore (Apple Safari) CVE-2008-1007 (WebCore, as used in Apple Safari before 3.1, does not enforce the fram ...) NOT-FOR-US: WebCore (Apple Safari) CVE-2008-1006 (Cross-site scripting (XSS) vulnerability in WebCore, as used in Apple ...) NOT-FOR-US: WebCore (Apple Safari) CVE-2008-1005 (WebCore, as used in Apple Safari before 3.1, does not properly mask th ...) NOT-FOR-US: WebCore (Apple Safari) CVE-2008-1004 (Cross-site scripting (XSS) vulnerability in WebCore, as used in Apple ...) NOT-FOR-US: WebCore (Apple Safari) CVE-2008-1003 (Cross-site scripting (XSS) vulnerability in WebCore, as used in Apple ...) NOT-FOR-US: WebCore (Apple Safari) CVE-2008-1002 (Cross-site scripting (XSS) vulnerability in Apple Safari before 3.1 al ...) NOT-FOR-US: Apple Safari CVE-2008-1001 (Cross-site scripting (XSS) vulnerability in Apple Safari before 3.1, w ...) NOT-FOR-US: Apple Safari CVE-2008-1000 (Directory traversal vulnerability in ContentServer.py in the Wiki Serv ...) NOT-FOR-US: Apple Mac OS X CVE-2008-0999 (Apple Mac OS X 10.5.2 allows user-assisted attackers to cause a denial ...) NOT-FOR-US: Apple Mac OS X CVE-2008-0998 (Unspecified vulnerability in NetCfgTool in the System Configuration co ...) NOT-FOR-US: Apple Mac OS X CVE-2008-0997 (Stack-based buffer overflow in AppKit in Apple Mac OS X 10.4.11 allows ...) NOT-FOR-US: Apple Mac OS X CVE-2008-0996 (The Printing component in Apple Mac OS X 10.5.2 might save authenticat ...) NOT-FOR-US: Apple Mac OS X CVE-2008-0995 (The Printing component in Apple Mac OS X 10.5.2 uses 40-bit RC4 when p ...) NOT-FOR-US: Apple Mac OS X CVE-2008-0994 (Preview in Apple Mac OS X 10.5.2 uses 40-bit RC4 when saving a PDF fil ...) NOT-FOR-US: Apple Mac OS X CVE-2008-0993 (Podcast Capture in Podcast Producer for Apple Mac OS X 10.5.2 invokes ...) NOT-FOR-US: Apple Mac OS X CVE-2008-0992 (Array index error in pax in Apple Mac OS X 10.5.2 allows context-depen ...) - pax (issue specific to Apple's version of pax) CVE-2008-0991 RESERVED CVE-2008-0990 (notifyd in Apple Mac OS X 10.4.11 does not verify that Mach port death ...) NOT-FOR-US: Apple Mac OS X CVE-2008-0989 (Format string vulnerability in mDNSResponderHelper in Apple Mac OS X 1 ...) NOT-FOR-US: Apple Mac OS X CVE-2008-0988 (Off-by-one error in the Libsystem strnstr API in libc on Apple Mac OS ...) NOT-FOR-US: Apple Mac OS X CVE-2008-0987 (Stack-based buffer overflow in Image Raw in Apple Mac OS X 10.5.2, and ...) NOT-FOR-US: Apple Mac OS X CVE-2008-0986 (Integer overflow in the BMP::readFromStream method in the libsgl.so li ...) NOT-FOR-US: Google Android CVE-2008-0985 (Heap-based buffer overflow in the GIF library in the WebKit framework ...) NOT-FOR-US: Google Android CVE-2008-0984 (The MP4 demuxer (mp4.c) for VLC media player 0.8.6d and earlier, as us ...) {DSA-1543-1 DTSA-116-1} - vlc 0.8.6.e-1 (medium; bug #467652) CVE-2008-6426 REJECTED CVE-2008-0982 (Spyce - Python Server Pages (PSP) 2.1.3 allows remote attackers to obt ...) NOT-FOR-US: Spyce CVE-2008-0981 (Open redirect vulnerability in spyce/examples/redirect.spy in Spyce - ...) NOT-FOR-US: Spyce CVE-2008-0980 (Multiple cross-site scripting (XSS) vulnerabilities in Spyce - Python ...) NOT-FOR-US: Spyce CVE-2008-0979 (Stack consumption vulnerability in Double-Take 5.0.0.2865 and earlier, ...) NOT-FOR-US: Double-Take CVE-2008-0978 (Double-Take 5.0.0.2865 and earlier, distributed under the HP StorageWo ...) NOT-FOR-US: Double-Take CVE-2008-0977 (Double-Take 5.0.0.2865 and earlier, distributed under the HP StorageWo ...) NOT-FOR-US: Double-Take CVE-2008-0976 (Double-Take 5.0.0.2865 and earlier, distributed under the HP StorageWo ...) NOT-FOR-US: Double-Take CVE-2008-0975 (Double-Take 5.0.0.2865 and earlier, distributed under the HP StorageWo ...) NOT-FOR-US: Double-Take CVE-2008-0974 (Double-Take 5.0.0.2865 and earlier, distributed under the HP StorageWo ...) NOT-FOR-US: Double-Take CVE-2008-0973 (Buffer overflow in Double-Take (aka HP StorageWorks Storage Mirroring) ...) NOT-FOR-US: Double-Take CVE-2008-0972 RESERVED CVE-2008-0971 (Multiple cross-site scripting (XSS) vulnerabilities in index.cgi in Ba ...) NOT-FOR-US: Barracuda Networks products CVE-2008-0970 RESERVED CVE-2008-0969 RESERVED CVE-2008-0968 RESERVED CVE-2008-0967 (Untrusted search path vulnerability in vmware-authd in VMware Workstat ...) - vmware-package (low; bug #486110) [etch] - vmware-package (Contrib not supported) NOTE: vmware-package just builds vmware from downloaded tarballs, the package itself NOTE: does not download them, however it needs to update its hashes for upstream tarballs CVE-2008-0966 RESERVED CVE-2008-0965 (Multiple format string vulnerabilities in snoop on Sun Solaris 8 throu ...) NOT-FOR-US: Sun Solaris and OpenSolaris CVE-2008-0964 (Multiple stack-based buffer overflows in snoop on Sun Solaris 8 throug ...) NOT-FOR-US: Sun Solaris and OpenSolaris CVE-2008-0963 (Format string vulnerability in EMC DiskXtender MediaStor 6.20.060 allo ...) NOT-FOR-US: EMC DiskXtender CVE-2008-0962 (Stack-based buffer overflow in the File System Manager for EMC DiskXte ...) NOT-FOR-US: EMC DiskXtender CVE-2008-0961 (EMV DiskXtender 6.20.060 has a hard-coded login and password, which al ...) NOT-FOR-US: EMC DiskXtender CVE-2008-0960 (SNMPv3 HMAC verification in (1) Net-SNMP 5.2.x before 5.2.4.1, 5.3.x b ...) {DSA-1663-1 DTSA-137-1} - net-snmp 5.4.1~dfsg-8.1 (medium; bug #485945) CVE-2008-0959 (Multiple stack-based buffer overflows in the Online Media Technologies ...) NOT-FOR-US: Online Media Technologies NCTSoft NCTAudioInformation2 CVE-2008-0958 (Multiple stack-based buffer overflows in the Online Media Technologies ...) NOT-FOR-US: Online Media Technologies NCTSoft NCTAudioInformation2 CVE-2008-0957 (Multiple stack-based buffer overflows in the PhotoStockPlus Uploader T ...) NOT-FOR-US: PhotoStockPlus Uploader Tool ActiveX control CVE-2008-0956 (Multiple stack-based buffer overflows in the BackWeb Lite Install Runn ...) NOT-FOR-US: BackWeb Lite Install CVE-2008-0955 (Stack-based buffer overflow in the Creative Software AutoUpdate Engine ...) NOT-FOR-US: CTSUEng.ocx CVE-2008-0954 RESERVED CVE-2008-0953 (The StartApp function in the HPISDataManagerLib.Datamgr ActiveX contro ...) NOT-FOR-US: ActiveX control CVE-2008-0952 (The AppendStringToFile function in the HPISDataManagerLib.Datamgr Acti ...) NOT-FOR-US: ActiveX control CVE-2008-0951 (Microsoft Windows Vista does not properly enforce the NoDriveTypeAutoR ...) NOT-FOR-US: Windows Vista CVE-2008-0950 RESERVED CVE-2008-0949 (Unspecified vulnerability in IBM Informix Dynamic Server (IDS) 7.x thr ...) NOT-FOR-US: IBM Informix Dynamic Server CVE-2008-0948 (Buffer overflow in the RPC library (lib/rpc/rpc_dtablesize.c) used by ...) - krb5 1.3-1 (unimportant) NOTE: glibc properly defines FD_SETSIZE CVE-2008-0947 (Buffer overflow in the RPC library used by libgssrpc and kadmind in MI ...) {DSA-1524-1} - krb5 1.6.dfsg.3~beta1-4 (medium) CVE-2008-0946 (Directory traversal vulnerability in the IM Server (aka IMserve or IMs ...) NOT-FOR-US: Ipswitch Instant Messaging CVE-2008-0945 (Format string vulnerability in the logging function in the IM Server ( ...) NOT-FOR-US: Ipswitch Instant Messaging CVE-2008-0944 (Ipswitch Instant Messaging (IM) 2.0.8.1 and earlier allows remote atta ...) NOT-FOR-US: Ipswitch Instant Messaging CVE-2008-0943 (Multiple SQL injection vulnerabilities in Eagle Software Aeries Browse ...) NOT-FOR-US: Eagle Software Aeries CVE-2008-0942 (SQL injection vulnerability in GradebookStuScores.asp in Eagle Softwar ...) NOT-FOR-US: Eagle Software Aeries Browser Interface CVE-2008-0941 (Cross-site scripting (XSS) vulnerability in Eagle Software Aeries Brow ...) NOT-FOR-US: Eagle Software Aeries Browser Interface CVE-2008-0940 (Cross-site scripting (XSS) vulnerability in Plain Black WebGUI before ...) NOT-FOR-US: Plain Black WebGUI CVE-2008-0939 (Multiple SQL injection vulnerabilities in wppa.php in the WP Photo Alb ...) NOT-FOR-US: WP Photo Album plugin for WordPress CVE-2008-0938 (Unspecified vulnerability in the dynamic tracing framework (DTrace) in ...) NOT-FOR-US: Sun Solaris CVE-2008-0937 (SQL injection vulnerability in index.php in the Tiny Event (tinyevent) ...) NOT-FOR-US: XOOPS module CVE-2008-0936 (SQL injection vulnerability in index.php in the Prayer List (prayerlis ...) NOT-FOR-US: XOOPS module CVE-2008-0935 (Stack-based buffer overflow in the Novell iPrint Control ActiveX contr ...) NOT-FOR-US: Novell iPrint Client CVE-2008-0934 (SQL injection vulnerability in modules.php in the NukeC 2.1 module for ...) NOT-FOR-US: NukeC phpnuke module CVE-2008-0933 (Multiple race conditions in the CPU Performance Counters (cpc) subsyst ...) NOT-FOR-US: Sun Solaris CVE-2008-0931 (w_export.c in XWine 1.0.1 on Debian GNU/Linux sets insecure permission ...) {DSA-1526-1} - xwine (low; bug #468050) CVE-2008-0930 (w_editeur.c in XWine 1.0.1 for Debian GNU/Linux allows local users to ...) {DSA-1526-1} - xwine (low; bug #468050) CVE-2008-0929 REJECTED CVE-2008-0928 (Qemu 0.9.1 and earlier does not perform range checks for block device ...) {DSA-1799-1 DTSA-133-1} - qemu 0.9.1+svn20081207-1 (low; bug #469649) - xen-unstable 3.2.0-4 (bug #469654) - xen-3 3.2.0-4 (bug #469662) - xen-3.0 - kvm 63+dfsg-1 (bug #469666) CVE-2008-0927 (dhost.exe in Novell eDirectory 8.7.3 before sp10 and 8.8.2 allows remo ...) NOT-FOR-US: Novell eDirectory CVE-2008-0926 (The SOAP interface to the eMBox module in Novell eDirectory 8.7.3.9 an ...) NOT-FOR-US: Novell eDirectory CVE-2008-0925 (Cross-site scripting (XSS) vulnerability in the iMonitor interface in ...) NOT-FOR-US: Novell eDirectory CVE-2008-0924 (Stack-based buffer overflow in the DoLBURPRequest function in libnldap ...) NOT-FOR-US: Novell eDirectory CVE-2008-0923 (Directory traversal vulnerability in the Shared Folders feature for VM ...) - vmware-package (Only vulnerable on windows hosted systems) CVE-2008-0922 (SQL injection vulnerability in the Manuales 0.1 module for PHP-Nuke al ...) NOT-FOR-US: Manuales module for PHP-Nuke CVE-2008-0921 (SQL injection vulnerability in news.php in beContent 0.3.1 allows remo ...) NOT-FOR-US: beContent CVE-2008-0920 (SQL injection vulnerability in port/modifyportform.php in Open Source ...) NOT-FOR-US: OSSIM CVE-2008-0919 (Cross-site scripting (XSS) vulnerability in session/login.php in Open ...) NOT-FOR-US: OSSIM CVE-2008-0918 (SQL injection vulnerability in includes/count_dl_or_link.inc.php in th ...) NOT-FOR-US: astatsPRO component for Joomla! CVE-2008-0917 (Cross-site scripting (XSS) vulnerability in Tor World Tor Search 1.1 a ...) NOT-FOR-US: TorWorld software CVE-2008-0916 (SQL injection vulnerability in the Highwood Design hwdVideoShare (com_ ...) NOT-FOR-US: com_hwdvideoshare component for Joomla! CVE-2008-0915 (The Mediation server in IPdiva SSL VPN Server 2.2 before 2.2.8.84 and ...) NOT-FOR-US: IPdiva SSL VPN Server CVE-2008-0914 (Multiple cross-site scripting (XSS) vulnerabilities in the Mediation s ...) NOT-FOR-US: IPdiva SSL VPN Server CVE-2008-0913 (Cross-site scripting (XSS) vulnerability in Invision Power Board (IPB ...) NOT-FOR-US: Invision Power Board CVE-2008-0912 (Multiple heap-based buffer overflows in mlsrv10.exe in Sybase MobiLink ...) NOT-FOR-US: Sybase MobiLink CVE-2008-0911 (SQL injection vulnerability in productdetails.php in iScripts MultiCar ...) NOT-FOR-US: iScripts MultiCart CVE-2008-0910 (Multiple F-Secure anti-virus products, including Internet Security 200 ...) NOT-FOR-US: Internet Security, Anti-Virus, F-Secure Protection Service CVE-2008-0909 (Cross-site scripting (XSS) vulnerability in browse.asp in Schoolwires ...) NOT-FOR-US: Schoolwires Academic Portal CVE-2008-0908 (SQL injection vulnerability in browse.asp in Schoolwires Academic Port ...) NOT-FOR-US: Schoolwires Academic Portal CVE-2008-0907 (SQL injection vulnerability in the Inhalt module for PHP-Nuke allows r ...) NOT-FOR-US: Inhalt module for PHP-Nuke CVE-2008-0906 (SQL injection vulnerability in the Docum module in PHP-Nuke allows rem ...) NOT-FOR-US: Docum module for PHP-Nuke CVE-2008-0905 (Directory traversal vulnerability in globsy_edit.php in Globsy 1.0 all ...) NOT-FOR-US: Globsy CVE-2008-0904 (Unspecified vulnerability in the download servlet in BEA Plumtree Coll ...) NOT-FOR-US: BEA Plumtree Collaboration and AquaLogic Interaction CVE-2008-0903 (Unspecified vulnerability in the BEA WebLogic Server and Express proxy ...) NOT-FOR-US: BEA WebLogic Server and Express proxy plugin CVE-2008-0902 (Multiple cross-site scripting (XSS) vulnerabilities in BEA WebLogic Se ...) NOT-FOR-US: BEA WebLogic Server and Express CVE-2008-0901 (BEA WebLogic Server and Express 7.0 through 10.0 allows remote attacke ...) NOT-FOR-US: BEA WebLogic Server and Express CVE-2008-0900 (Session fixation vulnerability in BEA WebLogic Server and Express 8.1 ...) NOT-FOR-US: BEA WebLogic Server and Express CVE-2008-0899 (Cross-site scripting (XSS) vulnerability in the Administration Console ...) NOT-FOR-US: BEA WebLogic Server and Express CVE-2008-0898 (The distributed queue feature in JMS in BEA WebLogic Server 9.0 throug ...) NOT-FOR-US: BEA WebLogic Server CVE-2008-0897 (Unspecified vulnerability in BEA WebLogic Server 9.0 through 10.0 allo ...) NOT-FOR-US: BEA WebLogic Server CVE-2008-0896 (BEA WebLogic Portal 10.0 and 9.2 through MP1, when an administrator de ...) NOT-FOR-US: BEA WebLogic Portal CVE-2008-0895 (BEA WebLogic Server and WebLogic Express 6.1 through 10.0 allows remot ...) NOT-FOR-US: BEA WebLogic Server and Express CVE-2008-0894 (Apple Safari might allow remote attackers to obtain potentially sensit ...) NOT-FOR-US: Apple Safari CVE-2008-0893 (Red Hat Administration Server, as used by Red Hat Directory Server 8.0 ...) NOT-FOR-US: Red Hat Administration Server CVE-2008-0892 (The replication monitor CGI script (repl-monitor-cgi.pl) in Red Hat Ad ...) NOT-FOR-US: Red Hat Administration Server CVE-2008-0891 (Double free vulnerability in OpenSSL 0.9.8f and 0.9.8g, when the TLS s ...) {DTSA-136-1} - openssl 0.9.8g-10.1 (bug #483379) [etch] - openssl (Vulnerable code (TLS extensions) not present) CVE-2008-0890 (Red Hat Directory Server 7.1 before SP4 uses insecure permissions for ...) NOT-FOR-US: Red Hat Directory Server CVE-2008-0889 (Red Hat Directory Server 8.0, when running on Red Hat Enterprise Linux ...) NOT-FOR-US: Red Hat Directory Server CVE-2008-0888 (The NEEDBITS macro in the inflate_dynamic function in inflate.c for un ...) {DSA-1522-1} - unzip 5.52-11 CVE-2008-0887 (gnome-screensaver before 2.22.1, when a remote authentication server i ...) - gnome-screensaver 2.22.2-1 (low; bug #475154) [etch] - gnome-screensaver (Minor issue, requires attacker with high level of control, see #433964) CVE-2008-0886 REJECTED CVE-2008-0885 REJECTED CVE-2008-0884 (The Replace function in the capp-lspp-config script in the (1) lspp-ea ...) NOT-FOR-US: Red Hat Enterprise Linux NOTE: Seems Redhat specific CVE-2008-0882 (Double free vulnerability in the process_browse_data function in CUPS ...) {DSA-1530-1 DTSA-117-1} - cupsys 1.3.6-1 (medium; bug #467653) - cups 1.3.6-1 (medium; bug #467653) [sarge] - cupsys (Remote DoS is minor issue) CVE-2008-0881 (SQL injection vulnerability in modules.php in the Okul 1.0 module for ...) NOT-FOR-US: Okul module for PHP-Nuke CVE-2008-0880 (SQL injection vulnerability in modules.php in the EasyContent module f ...) NOT-FOR-US: EasyContent module for PHP-Nuke CVE-2008-0879 (SQL injection vulnerability in modules.php in the Web_Links module for ...) NOT-FOR-US: Web_Links module for PHP-Nuke CVE-2008-0878 (SQL injection vulnerability in index.php in the MyAnnonces 1.7 and ear ...) NOT-FOR-US: MyAnnonces module for RunCMS CVE-2008-0877 (Multiple cross-site scripting (XSS) vulnerabilities in Jinzora Media J ...) NOT-FOR-US: Jinzora Media Jukebox CVE-2008-0876 (Unspecified vulnerability in the SEWB3 messaging service in Hitachi SE ...) NOT-FOR-US: Hitachi SEWB3 CVE-2008-0875 (Unspecified vulnerability in Hitachi EUR Print Manager, and related Cl ...) NOT-FOR-US: Hitachi EUR Print Manager CVE-2008-0874 (SQL injection vulnerability in index.php in the eEmpregos module for X ...) NOT-FOR-US: eEmpregos module for XOOPS CVE-2008-0873 (SQL injection vulnerability in index.php in the jlmZone Classifieds mo ...) NOT-FOR-US: jlmZone Classifieds module for XOOPS CVE-2008-0872 (Cross-site scripting (XSS) vulnerability in SmarterTools SmarterMail E ...) NOT-FOR-US: SmarterTools SmarterMail Enterprise CVE-2008-0871 (Multiple stack-based buffer overflows in Now SMS/MMS Gateway 2007.06.2 ...) NOT-FOR-US: Now SMS/MMS Gateway CVE-2008-0870 (BEA WebLogic Portal 10.0 and 9.2 through Maintenance Pack 2, under cer ...) NOT-FOR-US: BEA WebLogic CVE-2008-0869 (Cross-site scripting (XSS) vulnerability in BEA WebLogic Workshop 8.1 ...) NOT-FOR-US: BEA WebLogic CVE-2008-0868 (Cross-site scripting (XSS) vulnerability in Groupspace in BEA WebLogic ...) NOT-FOR-US: BEA WebLogic CVE-2008-0867 (Cross-site scripting (XSS) vulnerability in portal/server.pt in BEA Aq ...) NOT-FOR-US: BEA WebLogic CVE-2008-0866 (Multiple cross-site scripting (XSS) vulnerabilities in BEA WebLogic Wo ...) NOT-FOR-US: BEA WebLogic CVE-2008-0865 (Unspecified vulnerability in BEA WebLogic Portal 8.1 through SP6 allow ...) NOT-FOR-US: BEA WebLogic CVE-2008-0864 (Admin Tools in BEA WebLogic Portal 8.1 SP3 through SP6 can inadvertent ...) NOT-FOR-US: BEA WebLogic CVE-2008-0863 (BEA WebLogic Server and WebLogic Express 9.0 and 9.1 exposes the web s ...) NOT-FOR-US: BEA WebLogic CVE-2008-0862 (IBM Lotus Notes 6.0, 6.5, 7.0, and 8.0 signs an unsigned applet when a ...) NOT-FOR-US: IBM Lotus Notes CVE-2008-0861 (Cross-site scripting (XSS) vulnerability in leg/Main.nsf in IBM Lotus ...) NOT-FOR-US: IBM Lotus Quickplace CVE-2008-0860 (Unspecified vulnerability in the AVG plugin in Kerio MailServer before ...) NOT-FOR-US: Kerio MailServer CVE-2008-0859 (Unspecified vulnerability in Kerio MailServer before 6.5.0 allows remo ...) NOT-FOR-US: Kerio MailServer CVE-2008-0858 (Buffer overflow in the Visnetic anti-virus plugin in Kerio MailServer ...) NOT-FOR-US: Kerio MailServer CVE-2008-0857 (SQL injection vulnerability in index.php in WoltLab Burning Board 3.0. ...) NOT-FOR-US: WoltLab Burning Board CVE-2008-0856 (Multiple SQL injection vulnerabilities in e-Vision CMS 2.02 allow remo ...) NOT-FOR-US: e-Vision CMS CVE-2008-0855 (SQL injection vulnerability in the Facile Forms (com_facileforms) comp ...) NOT-FOR-US: com_facileforms component for Joomla! and Mambo CVE-2008-0854 (SQL injection vulnerability in the com_salesrep component for Joomla! ...) NOT-FOR-US: com_salesrep component for Joomla! and Mambo CVE-2008-0853 (SQL injection vulnerability in the com_detail component for Joomla! an ...) NOT-FOR-US: com_detail component for Joomla! and Mambo CVE-2008-0852 (freeSSHd 1.2 and earlier allows remote attackers to cause a denial of ...) NOT-FOR-US: freeSSHd CVE-2008-0851 (Multiple cross-site scripting (XSS) vulnerabilities in Dokeos 1.8.4 al ...) - dokeos (bug #433352) CVE-2008-0850 (Multiple SQL injection vulnerabilities in Dokeos 1.8.4 allow remote at ...) - dokeos (bug #433352) CVE-2008-0849 (SQL injection vulnerability in index.php in the Downloads (com_downloa ...) NOT-FOR-US: com_downloads component for Mambo and Joomla! CVE-2008-0848 (Cross-site scripting (XSS) vulnerability in lostsheep.php in Crafty Sy ...) NOT-FOR-US: Crafty Syntax Live Help CVE-2008-0847 (SQL injection vulnerability in print.php in the myTopics module for XO ...) NOT-FOR-US: myTopics module for XOOPS CVE-2008-0846 (SQL injection vulnerability in index.php in the com_profile component ...) NOT-FOR-US: com_profile component for Mambo and Joomla! CVE-2008-0845 (SQL injection vulnerability in wp-people-popup.php in Dean Logan WP-Pe ...) NOT-FOR-US: WP-People plugin for WordPress CVE-2008-0844 (SQL injection vulnerability in index.php in the PccookBook (com_pccook ...) NOT-FOR-US: com_pccookbook component for Joomla! CVE-2008-0843 (StatCounteX 3.0 and 3.1 allows remote attackers to obtain sensitive in ...) NOT-FOR-US: StatCounteX CVE-2008-0842 (SQL injection vulnerability in index.php in the Classifier (com_clasif ...) NOT-FOR-US: com_clasifier component for Joomla! CVE-2008-0841 (SQL injection vulnerability in index.php in the Giorgio Nordo Ricette ...) NOT-FOR-US: com_ricette component for Joomla! CVE-2008-0840 (Directory traversal vulnerability in view_member.php in Public Warehou ...) NOT-FOR-US: LightBlog CVE-2008-0839 (SQL injection vulnerability in refer.php in the astatsPRO (com_astatsp ...) NOT-FOR-US: com_astatspro component for Joomla! CVE-2008-0838 (Multiple cross-site scripting (XSS) vulnerabilities in the web adminis ...) NOT-FOR-US: Sophos, Email Security Appliance CVE-2008-0837 (Cross-site scripting (XSS) vulnerability in the log feature in the Joh ...) NOT-FOR-US: John Godley Search Unleashed plugin for WordPress CVE-2008-0836 (Unspecified vulnerability in the vuidmice STREAMS modules in Sun Solar ...) NOT-FOR-US: Sun Solaris CVE-2008-0835 (SQL injection vulnerability in indexen.php in Simple CMS 1.0.3 and ear ...) NOT-FOR-US: Simple CMS CVE-2008-0834 (Cross-site scripting (XSS) vulnerability in Lotus Quickr for i5/OS bef ...) NOT-FOR-US: Lotus Quickr CVE-2008-0833 (SQL injection vulnerability in index.php in the com_galeria component ...) NOT-FOR-US: com_galeria component for Joomla! CVE-2008-0832 (SQL injection vulnerability in index.php in the Kemas Antonius com_qur ...) NOT-FOR-US: com_quran component for Mambo and Joomla! CVE-2008-0831 (Multiple SQL injection vulnerabilities in the Rapid Recipe (com_rapidr ...) NOT-FOR-US: com_rapidrecipe component for Joomla! CVE-2008-0830 (The Digital Photo Access Protocol (DPAP) server for iPhoto 4.0.3 allow ...) NOT-FOR-US: DPAP server for iPhoto CVE-2008-0829 (SQL injection vulnerability in jooget.php in the Joomlapixel Jooget! ( ...) NOT-FOR-US: com_jooget component for Joomla! and Mambo CVE-2008-0828 (Multiple cross-site scripting (XSS) vulnerabilities in ATutor 1.5.5 an ...) NOT-FOR-US: ATutor CVE-2008-0827 (SQL injection vulnerability in the Books module of PHP-Nuke allows rem ...) NOT-FOR-US: Books module of PHP-Nuke CVE-2008-0826 (Cross-site scripting (XSS) vulnerability in Claroline before 1.8.9 all ...) NOT-FOR-US: Claroline CVE-2008-0825 (SQL injection vulnerability in Claroline before 1.8.9 allows remote at ...) NOT-FOR-US: Claroline CVE-2008-0824 (Unspecified vulnerability in the php2phps function in Claroline before ...) NOT-FOR-US: Claroline CVE-2008-0823 (Unspecified vulnerability in the Header Image Module before 5.x-1.1 fo ...) NOT-FOR-US: Header Image Module for Drupal CVE-2008-0822 (Directory traversal vulnerability in index.php in Scribe 0.2 allows re ...) NOT-FOR-US: Scribe CVE-2008-0821 (SQL injection vulnerability in admin/traffic/knowledge_searchm.php in ...) NOT-FOR-US: PHP Live! CVE-2008-0820 NOT-FOR-US: Etomite CMS CVE-2008-0819 (Directory traversal vulnerability in index.php in PlutoStatus Locator ...) NOT-FOR-US: PlutoStatus Locator CVE-2008-0818 (Multiple directory traversal vulnerabilities in freePHPgallery 0.6 all ...) NOT-FOR-US: freePHPgallery CVE-2008-0817 (SQL injection vulnerability in the com_filebase component for Joomla! ...) NOT-FOR-US: com_filebase component for Joomla! and Mambo CVE-2008-0816 (SQL injection vulnerability in the com_sg component for Joomla! and Ma ...) NOT-FOR-US: com_sg component for Joomla! and Mambo CVE-2008-0815 (SQL injection vulnerability in the com_mezun component for Joomla! all ...) NOT-FOR-US: com_mezun component for Joomla! CVE-2008-0814 (Directory traversal vulnerability in download.php in Tracking Requirem ...) NOT-FOR-US: TRUC CVE-2008-0813 (Directory traversal vulnerability in Download.php in XPWeb 3.0.1, 3.3. ...) NOT-FOR-US: XPWeb CVE-2008-0812 (Directory traversal vulnerability in DMS/index.php in BanPro DMS 1.0 a ...) NOT-FOR-US: BanPro DMS CVE-2008-0811 (Multiple SQL injection vulnerabilities in AuraCMS 1.62 allow remote at ...) NOT-FOR-US: AuraCMS CVE-2008-0810 (SQL injection vulnerability in the com_scheduling module for Joomla! a ...) NOT-FOR-US: com_scheduling module for Joomla! and Mambo CVE-2008-0805 (Unrestricted file upload vulnerability in image.php in PHPizabi 0.848b ...) NOT-FOR-US: PHPizabi CVE-2008-0804 (PHP remote file inclusion vulnerability in usrgetform.html in Thecus N ...) NOT-FOR-US: Thecus N5200Pro NAS Server CVE-2008-0983 (lighttpd 1.4.18, and possibly other versions before 1.5.0, does not pr ...) {DSA-1609-1} - lighttpd 1.4.18-2 (medium; bug #466663) CVE-2008-0883 (acroread in Adobe Acrobat Reader 8.1.2 allows local users to overwrite ...) NOT-FOR-US: Adobe Acrobat Reader NOTE: https://www.openwall.com/lists/oss-security/2008/02/21/5 CVE-2008-0803 (Multiple PHP remote file inclusion vulnerabilities in LookStrike Lan M ...) NOT-FOR-US: LookStrike Lan Manager CVE-2008-0802 (SQL injection vulnerability in index.php in the MediaSlide (com_medias ...) NOT-FOR-US: Joomla component CVE-2008-0801 (SQL injection vulnerability in index.php in the PAXXGallery (com_paxxg ...) NOT-FOR-US: Joomla component CVE-2008-0800 (SQL injection vulnerability in index.php in the McQuiz (com_mcquiz) 0. ...) NOT-FOR-US: Joomla component CVE-2008-0799 (SQL injection vulnerability in index.php in the Quiz (com_quiz) 0.81 a ...) NOT-FOR-US: Joomla component CVE-2008-0798 (Multiple directory traversal vulnerabilities in artmedic webdesign web ...) NOT-FOR-US: artmedic webdesign CVE-2008-0797 (Directory traversal vulnerability in lib/download.php in iTheora 1.0 r ...) NOT-FOR-US: iTheora CVE-2008-0796 (SQL injection vulnerability in threads.php in Nuboard 0.5 allows remot ...) NOT-FOR-US: Nuboard CVE-2008-0795 (SQL injection vulnerability in index.php in the MGFi XfaQ (com_xfaq) 1 ...) NOT-FOR-US: Joomla component CVE-2008-0794 (Directory traversal vulnerability in user/header.php in Affiliate Mark ...) NOT-FOR-US: Affiliate Market CVE-2008-0793 (Multiple cross-site scripting (XSS) vulnerabilities in search.asp in T ...) NOT-FOR-US: Tendenci CMS CVE-2008-0792 (Multiple F-Secure anti-virus products, including Internet Security 200 ...) NOT-FOR-US: F-Secure CVE-2008-0791 (ipdsserver.exe in Intermate WinIPDS 3.3 G52-33-021 allows remote attac ...) NOT-FOR-US: Intermate WinIPDS CVE-2008-0790 (Directory traversal vulnerability in ipdsserver.exe in Intermate WinIP ...) NOT-FOR-US: Intermate WinIPDS CVE-2008-0789 (SQL injection vulnerability in countdown.php in LI-Scripts LI-Countdow ...) NOT-FOR-US: LI Countdown CVE-2008-0788 (Multiple cross-site request forgery (CSRF) vulnerabilities in MyBB 1.2 ...) NOT-FOR-US: MyBB CVE-2008-0787 (SQL injection vulnerability in inc/datahandlers/pm.php in MyBB before ...) NOT-FOR-US: MyBB CVE-2008-0786 (CRLF injection vulnerability in Cacti 0.8.7 before 0.8.7b and 0.8.6 be ...) - cacti 0.8.7b-1 [etch] - cacti (Not exploitable with Etch PHP version) NOTE: this is prevented by PHP since 4.4.2/5.1.2. CVE-2008-0785 (Multiple SQL injection vulnerabilities in Cacti 0.8.7 before 0.8.7b an ...) {DSA-1569-1} - cacti 0.8.7b-1 (low; bug #530919) CVE-2008-0784 (graph.php in Cacti 0.8.7 before 0.8.7b and 0.8.6 before 0.8.6k allows ...) - cacti 0.8.7b-1 (unimportant) NOTE: paths on Debian already known CVE-2008-0783 (Multiple cross-site scripting (XSS) vulnerabilities in Cacti 0.8.7 bef ...) {DSA-1569-1} - cacti 0.8.7b-1 (low; bug #530919) [etch] - cacti 0.8.6i-3.3 CVE-2008-0782 (Directory traversal vulnerability in MoinMoin 1.5.8 and earlier allows ...) {DSA-1514-1} - moin 1.5.8-5.1 CVE-2008-0781 (Multiple cross-site scripting (XSS) vulnerabilities in action/AttachFi ...) {DSA-1514-1} - moin 1.5.8-5.1 CVE-2008-0780 (Cross-site scripting (XSS) vulnerability in MoinMoin 1.5.x through 1.5 ...) {DSA-1514-1} - moin 1.5.8-5.1 CVE-2008-0932 (diatheke.pl in The SWORD Project Diatheke 1.5.9 and earlier allows rem ...) {DSA-1508-1} - sword 1.5.9-8 (high; bug #466449) NOTE: source package named sword, binary package named diatheke CVE-2008-0806 (wyrd 1.4.3b allows local users to overwrite arbitrary files via a syml ...) - wyrd 1.4.3b-4 (low; bug #466382) [etch] - wyrd (Minor issue) CVE-2008-0807 (lib/Driver/sql.php in Turba 2 (turba2) Contact Manager H3 2.1.x before ...) {DSA-1507-1} - turba2 2.1.7-1 (bug #464058) CVE-2008-0779 (The fortimon.sys device driver in Fortinet FortiClient Host Security 3 ...) NOT-FOR-US: Fortinet FortiClient 3.0 CVE-2008-0778 (Multiple stack-based buffer overflows in an ActiveX control in QTPlugi ...) NOT-FOR-US: QuickTime CVE-2008-0777 (The sendfile system call in FreeBSD 5.5 through 7.0 does not check the ...) - kfreebsd-5 [etch] - kfreebsd-5 (FreeBSD not supported) - kfreebsd-6 6.3-3 (bug #483152) - kfreebsd-7 7.0-1 (bug #483152) CVE-2008-0776 (SQL injection vulnerability in detail.php in iTechBids Gold 6.0 allows ...) NOT-FOR-US: iTechBids CVE-2008-0775 (Cross-site scripting (XSS) vulnerability in sboxDB.php in Simple Machi ...) NOT-FOR-US: Simple Machines Forum CVE-2008-0774 (Cross-site scripting (XSS) vulnerability in search.cgi in Loris Hotel ...) NOT-FOR-US: Loris Hotel Reservations CVE-2008-0773 (SQL injection vulnerability in Phil Taylor Comments (com_comments, aka ...) NOT-FOR-US: Mambo plugin CVE-2008-0772 (SQL injection vulnerability in index.php in the com_doc component for ...) NOT-FOR-US: Mambo plugin CVE-2008-0771 (Multiple SQL injection vulnerabilities in default.asp in Site2Nite all ...) NOT-FOR-US: Site2Nite CVE-2008-0770 (SQL injection vulnerability in arcade.php in ibProArcade 3.3.0 and ear ...) NOT-FOR-US: ibProArcade CVE-2008-0769 (Cross-site scripting (XSS) vulnerability in Livelink ECM 9.0.0 through ...) NOT-FOR-US: Livelink CVE-2008-0768 (Multiple stack-based and heap-based buffer overflows in the Windows RP ...) NOT-FOR-US: IBM Informix CVE-2008-0767 (ExtremeZ-IP.exe in ExtremeZ-IP File and Print Server 5.1.2x15 and earl ...) NOT-FOR-US: ExtremeZ-IP CVE-2008-0766 (Stack-based buffer overflow in RpmSrvc.exe in Brooks Remote Print Mana ...) NOT-FOR-US: Brooks Remote Print Manager CVE-2008-0765 (Multiple cross-site scripting (XSS) vulnerabilities in artmedic webdes ...) NOT-FOR-US: artmedic CVE-2008-0764 (Format string vulnerability in the logging function in Larson Network ...) NOT-FOR-US: Larson Network Print Server CVE-2008-0763 (Stack-based buffer overflow in NPSpcSVR.exe in Larson Network Print Se ...) NOT-FOR-US: Larson Network Print Server CVE-2008-0762 (SQL injection vulnerability in index.php in the com_iomezun component ...) NOT-FOR-US: com_iomezun component for Joomla! CVE-2008-0761 (SQL injection vulnerability in index.php in the Prince Clan Chess Club ...) NOT-FOR-US: Prince Clan Chess Club component for Joomla! CVE-2008-0760 (Directory traversal vulnerability in SafeNet Sentinel Protection Serve ...) NOT-FOR-US: SafeNet Sentinel Protection Server CVE-2008-0759 (ExtremeZ-IP.exe in ExtremeZ-IP File and Print Server 5.1.2x15 and earl ...) NOT-FOR-US: ExtremeZ-IP CVE-2008-0758 (Multiple directory traversal vulnerabilities in the Zidget/HTTP embedd ...) NOT-FOR-US: ExtremeZ-IP CVE-2008-0757 (Cross-site scripting (XSS) vulnerability in index.php in MercuryBoard ...) NOT-FOR-US: MercuryBoard CVE-2008-0756 (The LPD server in cyan soft Opium OPI Server 4.10.1028 and earlier; cy ...) NOT-FOR-US: cyan soft Opium OPI software CVE-2008-0755 (Format string vulnerability in the ReportSysLogEvent function in the L ...) NOT-FOR-US: cyan soft Opium OPI software CVE-2008-0754 (Multiple SQL injection vulnerabilities in index.php in the Rapid Recip ...) NOT-FOR-US: Rapid Recipe component for Joomla! CVE-2008-0753 (SQL injection vulnerability in calendar.php in Virtual War (VWar) 1.5 ...) NOT-FOR-US: Virtual War CVE-2008-0752 (SQL injection vulnerability in index.php in the Neogallery (com_neogal ...) NOT-FOR-US: Neogallery component for Joomla! CVE-2008-0751 (Cross-site scripting (XSS) vulnerability in the Freetag before 2.96 pl ...) NOT-FOR-US: Spartacus plugin (freetag) for serendipity CVE-2008-0750 (SQL injection vulnerability in philboard_forum.asp in Husrev BlackBoar ...) NOT-FOR-US: Husrev BlackBoard CVE-2008-0749 (Cross-site scripting (XSS) vulnerability in index.php in Calimero.CMS ...) NOT-FOR-US: Calimero.CMS CVE-2008-0748 (Buffer overflow in the Sony AxRUploadServer.AxRUploadControl.1 ActiveX ...) NOT-FOR-US: Sony ImageStation CVE-2008-0747 (Stack-based buffer overflow in COWON America jetAudio 7.0.5 and earlie ...) NOT-FOR-US: COWON America jetAudio CVE-2008-0746 (SQL injection vulnerability in index.php in the Gallery (com_gallery) ...) NOT-FOR-US: Gallery component for Mambo and Joomla! CVE-2008-0745 (Directory traversal vulnerability in aides/index.php in DomPHP 0.82 al ...) NOT-FOR-US: DomPHP CVE-2008-0744 (SQL injection vulnerability in user_login.asp in PreProjects.com Pre H ...) NOT-FOR-US: Pre Hotels & Resorts Management System CVE-2008-0743 (PHP remote file inclusion vulnerability in members_help.php in Joovili ...) NOT-FOR-US: Joovili CVE-2008-0742 (Multiple directory traversal vulnerabilities in PowerScripts PowerNews ...) NOT-FOR-US: PowerNews CVE-2008-0741 (Unspecified vulnerability in the PropFilePasswordEncoder utility in IB ...) NOT-FOR-US: IBM WebSphere Application Server CVE-2008-0740 (IBM WebSphere Application Server (WAS) before 6.0.2 Fix Pack 25 (6.0.2 ...) NOT-FOR-US: IBM WebSphere Application Server CVE-2008-0739 (SQL injection vulnerability in admin/SA_shipFedExMeter.asp in CandyPre ...) NOT-FOR-US: CandyPress CVE-2008-0738 (Multiple SQL injection vulnerabilities in CandyPress (CP) 4.1.1.26, an ...) NOT-FOR-US: CandyPress CVE-2008-0737 (SQL injection vulnerability in admin/utilities_ConfigHelp.asp in Candy ...) NOT-FOR-US: CandyPress CVE-2008-0736 (admin/SA_shipFedExMeter.asp in CandyPress (CP) 4.1.1.26, and possibly ...) NOT-FOR-US: CandyPress CVE-2008-0735 (SQL injection vulnerability in mod/gallery/ajax/gallery_data.php in Au ...) NOT-FOR-US: AuraCMS CVE-2008-0734 (SQL injection vulnerability in class_auth.php in Limbo CMS 1.0.4.2, an ...) NOT-FOR-US: Limbo CMS CVE-2008-0733 (SQL injection vulnerability in index.php in CS Team Counter Strike Por ...) NOT-FOR-US: CS Team Counter Strike Portals CVE-2008-0732 (The init script for Apache Geronimo on SUSE Linux follows symlinks whe ...) NOT-FOR-US: Apache Geronimo CVE-2008-0731 (The Linux kernel before 2.6.18.8-0.8 in SUSE openSUSE 10.2 does not pr ...) NOT-FOR-US: SuSE kernel/apparmor CVE-2008-0730 (The (1) Simplified Chinese, (2) Traditional Chinese, (3) Korean, and ( ...) NOT-FOR-US: Sun Solaris CVE-2008-0729 (Mobile Safari on Apple iPhone 1.1.2 and 1.1.3 allows remote attackers ...) NOT-FOR-US: Apple iPhone CVE-2008-0728 (The unmew11 function in libclamav/mew.c in libclamav in ClamAV before ...) - clamav 0.92.1~dfsg-1 [etch] - clamav (Vulnerable code not present) CVE-2008-0727 (Multiple buffer overflows in oninit.exe in IBM Informix Dynamic Server ...) NOT-FOR-US: IBM Informix Dynamic Server CVE-2008-0726 (Integer overflow in Adobe Reader and Acrobat 8.1.1 and earlier allows ...) NOT-FOR-US: Adobe Acrobat Reader CVE-2008-0725 (Multiple heap-based buffer overflows in the (1) FTP service and (2) ad ...) NOT-FOR-US: Titan FTP Server CVE-2008-0724 (The Everything Development Engine in The Everything Development System ...) NOT-FOR-US: The Everything Development System CVE-2008-0723 (Cross-site scripting (XSS) vulnerability in mynews.inc.php in MyNews 1 ...) NOT-FOR-US: MyNews CVE-2008-0722 (Cross-site scripting (XSS) vulnerability in index.php in Pagetool 1.0. ...) NOT-FOR-US: Pagetool CVE-2008-0721 (SQL injection vulnerability in index.php in the Sermon (com_sermon) 0. ...) NOT-FOR-US: Sermon component for Mambo CVE-2008-0720 (Cross-site scripting (XSS) vulnerability in Webmin 1.370 and 1.390 and ...) - webmin CVE-2008-0719 (SQL injection vulnerability in customer_testimonials.php in the Custom ...) NOT-FOR-US: osCommerce Online Merchant CVE-2008-0718 (Unspecified vulnerability in the USB Mouse STREAMS module (usbms) in S ...) NOT-FOR-US: Sun Solaris CVE-2008-0717 (Cross-site scripting (XSS) vulnerability in Caching Proxy (CP) 5.1 thr ...) NOT-FOR-US: IBM WebSphere Edge Server CVE-2008-0716 (The agent in Symantec Altiris Notification Server before 6.0 SP3 R7 al ...) NOT-FOR-US: Symantec Altiris Notification Server CVE-2008-0715 (Buffer overflow in ACDSee Photo Manager 8.1, 9.0, and 10.0 allows user ...) NOT-FOR-US: ACDSee CVE-2008-0714 (SQL injection vulnerability in users.php in Mihalism Multi Host allows ...) NOT-FOR-US: Mihalism Multi Host CVE-2008-0713 (Unspecified vulnerability in the FTP server for HP-UX B.11.11, B.11.23 ...) NOT-FOR-US: HP-UX B CVE-2008-0712 (Unspecified vulnerability in the HP HPeDiag (aka eSupportDiagnostics) ...) NOT-FOR-US: HP HPeDiag CVE-2008-0711 (Unspecified vulnerability in the embedded management console in HP iLO ...) NOT-FOR-US: HP iLO-2 management processors CVE-2008-0710 REJECTED CVE-2008-0709 (Multiple unspecified vulnerabilities in HP Select Identity 4.00, 4.01, ...) NOT-FOR-US: HP Select Identity CVE-2008-0708 (HP USB 2.0 Floppy Drive Key product options (1) 442084-B21 and (2) 442 ...) NOT-FOR-US: HP USB 2.0 Floppy Drive Key CVE-2008-0707 (HP StorageWorks Library and Tape Tools (LTT) before 4.5 SR1 on HP-UX B ...) NOT-FOR-US: HP-UX CVE-2008-0706 (Unspecified vulnerability in the BIOS F.26 and earlier for the HP Comp ...) NOT-FOR-US: BIOS F.26 CVE-2008-0705 REJECTED CVE-2008-0704 (Unspecified vulnerability in the SSH server in HP OpenVMS TCP/IP Servi ...) NOT-FOR-US: HP OpenVMS CVE-2008-0703 (Multiple directory traversal vulnerabilities in sflog! 0.96 allow remo ...) NOT-FOR-US: sflog! CVE-2008-0702 (Multiple heap-based buffer overflows in Titan FTP Server 6.03 and 6.0. ...) NOT-FOR-US: Titan FTP Server CVE-2008-0701 (ActivationHandler in Magnolia CE 3.5.x before 3.5.4 does not check per ...) NOT-FOR-US: Magnolia CE CVE-2008-0700 (Cross-site scripting (XSS) vulnerability in search.php in Crux Softwar ...) NOT-FOR-US: CruxCMS CVE-2008-0699 (Unspecified vulnerability in the ADMIN_SP_C procedure (SYSPROC.ADMIN_S ...) NOT-FOR-US: IBM DB2 CVE-2008-0698 (Buffer overflow in the DAS server in IBM DB2 UDB before 8.2 Fixpak 16 ...) NOT-FOR-US: IBM DB2 CVE-2008-0697 (Unspecified vulnerability in DB2PD in IBM DB2 UDB before 8.2 Fixpak 16 ...) NOT-FOR-US: IBM DB2 CVE-2008-0696 (IBM DB2 UDB before 8.2 Fixpak 16 does not properly check authorization ...) NOT-FOR-US: IBM DB2 CVE-2008-0695 (SQL injection vulnerability in index.php in BookmarkX script 2007 allo ...) NOT-FOR-US: BookmarkX CVE-2008-0694 (Cross-site scripting (XSS) vulnerability in the HTTP Server in IBM OS/ ...) NOT-FOR-US: IBM OS/400 V5R3M0 and V5R4M0 CVE-2008-0693 (Stack-based buffer overflow in PQCore.exe in Print Manager Plus 2008 C ...) NOT-FOR-US: Print Manager Plus CVE-2008-0692 (SQL injection vulnerability in bidhistory.php in iTechBids 3 Gold and ...) NOT-FOR-US: iTechBids CVE-2008-0691 (Multiple cross-site scripting (XSS) vulnerabilities in admin_panel.php ...) NOT-FOR-US: WP-Footnotes plugin for WordPress CVE-2008-0690 (SQL injection vulnerability in index.php in the mosDirectory (com_dire ...) NOT-FOR-US: mosDirectory component for Joomla! CVE-2008-0689 (SQL injection vulnerability in index.php in the Marketplace (com_marke ...) NOT-FOR-US: Marketplace component for Joomla! CVE-2008-0688 (Cross-site scripting (XSS) vulnerability in catalog.php in Smartscript ...) NOT-FOR-US: Smartscript Domain Trader CVE-2008-0687 (Cross-site scripting (XSS) vulnerability in siteadmin/editor_files/inc ...) NOT-FOR-US: Youtube Clone Script CVE-2008-0686 (SQL injection vulnerability in index.php in the NeoReferences (com_neo ...) NOT-FOR-US: NeoReferences component for Joomla! CVE-2008-0685 (SQL injection vulnerability in ViewCat.php in iTechClassifieds 3.0 all ...) NOT-FOR-US: iTechClassifieds CVE-2008-0684 (Cross-site scripting (XSS) vulnerability in ViewCat.php in iTechClassi ...) NOT-FOR-US: iTechClassifieds CVE-2008-0683 (SQL injection vulnerability in shiftthis-preview.php in the ShiftThis ...) NOT-FOR-US: st_newsletter plugin for WordPress CVE-2008-0682 (SQL injection vulnerability in wordspew-rss.php in the Wordspew plugin ...) NOT-FOR-US: Wordspew plugin for Wordpress CVE-2008-0681 (SQL injection vulnerability in index.php in PHPShop 0.8.1 allows remot ...) NOT-FOR-US: PHPShop CVE-2008-0680 (SNMPd in MikroTik RouterOS 3.2 and earlier allows remote attackers to ...) NOT-FOR-US: MicroTik RouterOS CVE-2008-0679 (Cross-site scripting (XSS) vulnerability in index.php in BlogPHP 2.0 a ...) NOT-FOR-US: BlogPHP CVE-2008-0678 (SQL injection vulnerability in index.php in BlogPHP 2.0 allows remote ...) NOT-FOR-US: BlogPHP CVE-2008-0677 (SQL injection vulnerability in blog.php in A-Blog 2 allows remote atta ...) NOT-FOR-US: A-Blog CVE-2008-0676 (Cross-site scripting (XSS) vulnerability in search.php in A-Blog 2 all ...) NOT-FOR-US: A-Blog CVE-2008-0675 (SQL injection vulnerability in cms/index.pl in The Everything Developm ...) NOT-FOR-US: Everything Development System CVE-2008-0674 (Buffer overflow in PCRE before 7.6 allows remote attackers to execute ...) {DSA-1499-1 DTSA-115-1} - pcre3 7.6-1 (medium) - php5 (Uses sytem copy) CVE-2008-0673 (TinTin++ 1.97.9 and WinTin++ 1.97.9 open files on the basis of an inbo ...) - tintin++ 1.97.9-2 (low; bug #465643) [etch] - tintin++ (Minor issue) CVE-2008-0672 (The process_chat_input function in TinTin++ 1.97.9 and WinTin++ 1.97.9 ...) - tintin++ 1.97.9-2 (low; bug #465643) [etch] - tintin++ (Minor issue) CVE-2008-0671 (Stack-based buffer overflow in the add_line_buffer function in TinTin+ ...) - tintin++ 1.97.9-2 (medium; bug #465643) [etch] - tintin++ (Minor issue) CVE-2008-0670 (SQL injection vulnerability in index.php in the Noticias (com_noticias ...) NOT-FOR-US: Noticias component for Joomla! CVE-2008-0669 (Cross-site scripting (XSS) vulnerability in search.cgi in Sift Unity a ...) NOT-FOR-US: Sift Unity CVE-2008-0668 (The excel_read_HLINK function in plugins/excel/ms-excel-read.c in Gnom ...) {DSA-1546-1} - gnumeric 1.8.1-1 (medium) CVE-2008-0667 (The DOC.print function in the Adobe JavaScript API, as used by Adobe A ...) NOT-FOR-US: Adobe Acrobat Reader CVE-2008-0663 (Novell Challenge Response Client (LCM) 2.7.5 and earlier, as used with ...) NOT-FOR-US: Novell Challenge Response Client CVE-2008-0662 (The Auto Local Logon feature in Check Point VPN-1 SecuRemote/SecureCli ...) NOT-FOR-US: SecuRemote/SecureClient NGX R60 and R56 CVE-2008-0661 (Buffer overflow in dBpowerAMP Audio Player Release 2 allows remote att ...) NOT-FOR-US: dBpowerAMP Audio Player CVE-2008-0660 (Multiple stack-based buffer overflows in Aurigma Image Uploader Active ...) NOT-FOR-US: Aurigma Image Uploader CVE-2008-0659 (Stack-based buffer overflow in Aurigma Image Uploader ActiveX control ...) NOT-FOR-US: Aurigma Image Uploader CVE-2008-0658 (slapd/back-bdb/modrdn.c in the BDB backend for slapd in OpenLDAP 2.3.3 ...) {DSA-1541-1} - openldap2.3 2.4.7-6.1 (low; bug #465875) - openldap2.2 - openldap2 (slapd not built from this version) NOTE: only authenticated users can exploit this CVE-2008-0657 (Multiple unspecified vulnerabilities in the Java Runtime Environment i ...) - sun-java6 6-02-1 - sun-java5 1.5.0-14-1 [etch] - sun-java5 1.5.0-14-1etch1 CVE-2008-0656 (Unrestricted file upload vulnerability in dmclTrace.jsp in EMC Documen ...) NOT-FOR-US: Documentum Administrator and Webtop CVE-2008-0655 (Multiple unspecified vulnerabilities in Adobe Reader and Acrobat befor ...) NOT-FOR-US: Adobe Reader CVE-2008-0654 (Multiple directory traversal vulnerabilities in Azucar CMS 1.3 allow r ...) NOT-FOR-US: Azucar CMS CVE-2008-0653 (SQL injection vulnerability in index.php in the Ynews (com_ynews) 1.0. ...) NOT-FOR-US: Ynews component for Joomla! CVE-2008-0652 (SQL injection vulnerability in index.php in the Downloads (com_downloa ...) NOT-FOR-US: Downloads for Mambo and Joomla! CVE-2008-0651 (SQL injection vulnerability in login.php in Pedro Santana Codice CMS a ...) NOT-FOR-US: Pedro Santana Codice CMS CVE-2008-0650 (SQL injection vulnerability in login.php in Simple OS CMS 0.1c beta al ...) NOT-FOR-US: Simple OS CMS CVE-2008-0649 (SQL injection vulnerability in detail.php in Astanda Directory Project ...) NOT-FOR-US: Astanda Directory Project CVE-2008-0648 (Multiple PHP remote file inclusion vulnerabilities in OpenSiteAdmin 0. ...) NOT-FOR-US: OpenSiteAdmin CVE-2008-0647 (Multiple stack-based buffer overflows in the HanGamePluginCn18.HanGame ...) NOT-FOR-US: Ourgame GLWorld CVE-2008-0646 (The bdecode_recursive function in include/libtorrent/bencode.hpp in Ra ...) - deluge-torrent 0.5.8.3-1 (bug #463357) CVE-2008-0645 (Multiple PHP remote file inclusion vulnerabilities in Portail Web Php ...) NOT-FOR-US: Portail Web Php CVE-2008-0644 (Adobe ColdFusion MX 7 and ColdFusion 8 allows remote attackers to bypa ...) NOT-FOR-US: Adobe ColdFusion CVE-2008-0643 (Cross-site scripting (XSS) vulnerability in Adobe ColdFusion MX 7 and ...) NOT-FOR-US: Adobe ColdFusion CVE-2008-0642 (Cross-site scripting (XSS) vulnerability in files created by Adobe Rob ...) NOT-FOR-US: Adobe CVE-2008-0808 (Cross-site scripting (XSS) vulnerability in the meta plugin in Ikiwiki ...) {DSA-1523-1} - ikiwiki 2.31.1 (low; bug #465110) CVE-2008-0809 (Cross-site scripting (XSS) vulnerability in the htmlscrubber in Ikiwik ...) {DSA-1523-1} - ikiwiki 2.31.1 (low; bug #465110) CVE-2008-0641 RESERVED CVE-2008-0640 (Symantec Ghost Solution Suite 1.1 before 1.1 patch 2, 2.0.0, and 2.0.1 ...) NOT-FOR-US: Symantec Ghost Solution Suite CVE-2008-0639 (Stack-based buffer overflow in the EnumPrinters function in the Spoole ...) NOT-FOR-US: Novell Client CVE-2008-0638 (Heap-based buffer overflow in the Veritas Enterprise Administrator (VE ...) NOT-FOR-US: Veritas Enterprise Administrator service CVE-2008-0637 RESERVED CVE-2008-0636 (Level Platforms, Inc. (LPI) Managed Workplace Service Center 4.x, 5.x ...) NOT-FOR-US: Managed Workplace Service Center CVE-2008-0635 (Unspecified vulnerability in the delivery engine in Openads 2.4.0 thro ...) NOT-FOR-US: Openads CVE-2008-0634 (Buffer overflow in the NamoInstaller.NamoInstall.1 ActiveX control in ...) NOT-FOR-US: NamoInstaller CVE-2008-0633 (Buffer overflow in Anon Proxy Server 0.102 and earlier, when user auth ...) NOT-FOR-US: Anon Proxy Server NOTE: this is not anon-proxy CVE-2008-0632 (Unrestricted file upload vulnerability in cp_upload_image.php in Light ...) NOT-FOR-US: LightBlog CVE-2008-0631 (Multiple ActiveX controls in MailBee.dll in MailBee Objects 5.5 allow ...) NOT-FOR-US: MailBee Objects CVE-2008-0630 (Buffer overflow in url.c in MPlayer 1.0rc2 and SVN before r25823 allow ...) {DSA-1496-1 DTSA-114-1} - mplayer 1.0~rc2-8 (medium; bug #464532) CVE-2008-0629 (Buffer overflow in stream_cddb.c in MPlayer 1.0rc2 and SVN before r258 ...) {DSA-1496-1 DTSA-114-1} - mplayer 1.0~rc2-8 (medium; bug #464533) CVE-2008-0628 (The XML parsing code in Sun Java Runtime Environment JDK and JRE 6 Upd ...) - sun-java6 6-04-1 - sun-java5 (referring to sun this vulnerability is not present in java5) CVE-2008-0627 REJECTED CVE-2008-0626 REJECTED CVE-2008-0625 (Buffer overflow in the MediaGrid ActiveX control (mediagrid.dll) in Ya ...) NOT-FOR-US: Yahoo! Music Jukebox CVE-2008-0624 (Buffer overflow in the YMP Datagrid ActiveX control (datagrid.dll) in ...) NOT-FOR-US: Yahoo! JukeBox CVE-2008-0623 (Stack-based buffer overflow in the YMP Datagrid ActiveX control (datag ...) NOT-FOR-US: Yahoo! JukeBox CVE-2008-0622 (Cross-site scripting (XSS) vulnerability in RaidenHTTPD 2.0.19 and ear ...) NOT-FOR-US: RaidenHTTPD CVE-2008-0621 (Buffer overflow in SAPLPD 6.28 and earlier included in SAP GUI 7.10 an ...) NOT-FOR-US: SAP GUI CVE-2008-0620 (SAPLPD 6.28 and earlier included in SAP GUI 7.10 and SAPSprint before ...) NOT-FOR-US: SAPSprint CVE-2008-0619 (Buffer overflow in NeroMediaPlayer.exe in Nero Media Player 1.4.0.35 a ...) NOT-FOR-US: Nero Media Player CVE-2008-0618 (Multiple cross-site scripting (XSS) vulnerabilities in the DMSGuestboo ...) NOT-FOR-US: DMSGuestbook for wordpress CVE-2008-0617 (Multiple cross-site scripting (XSS) vulnerabilities in the DMSGuestboo ...) NOT-FOR-US: DMSGuestbook for wordpress CVE-2008-0616 (SQL injection vulnerability in the administration panel in the DMSGues ...) NOT-FOR-US: DMSGuestbook for wordpress CVE-2008-0615 (Directory traversal vulnerability in wp-admin/admin.php in the DMSGues ...) NOT-FOR-US: DMSGuestbook for wordpress CVE-2008-0614 (SQL injection vulnerability in index.php in Photokorn Gallery 1.543 al ...) NOT-FOR-US: Photokorn Gallery CVE-2008-0613 (Open redirect vulnerability in htdocs/user.php in XOOPS 2.0.18 allows ...) NOT-FOR-US: XOOPS CVE-2008-0612 (Directory traversal vulnerability in htdocs/install/index.php in XOOPS ...) NOT-FOR-US: XOOPS CVE-2008-0611 (SQL injection vulnerability in rmgs/images.php in the RMSOFT Gallery S ...) NOT-FOR-US: RMSOFT Gallery module for XOOPS CVE-2008-0610 (Stack-based buffer overflow in the ClientConnection::NegotiateProtocol ...) NOT-FOR-US: UltraVNC CVE-2008-0609 (Directory traversal vulnerability in index.php in DivideConcept VHD We ...) NOT-FOR-US: Web Pack 2.0 CVE-2008-0608 (The Logging Server (ftplogsrv.exe) 7.9.14.0 and earlier in IPSwitch WS ...) NOT-FOR-US: IPSwitch WS_FTP CVE-2008-0607 (SQL injection vulnerability in index.php in the Sigsiu Online Business ...) NOT-FOR-US: Sigsiu Online Business Index 2 component for Joomla! and Mambo CVE-2008-0606 (SQL injection vulnerability in index.php in the Shambo2 (com_shambo2) ...) NOT-FOR-US: Shambo2 component for Mambo and Joomla! CVE-2008-0605 (Multiple cross-site scripting (XSS) vulnerabilities in AstroSoft HelpD ...) NOT-FOR-US: AstroSoft HelpDesk CVE-2008-0604 (The LDAP authentication feature in XLight FTP Server before 2.83, when ...) NOT-FOR-US: XLight FTP Server CVE-2008-0603 (SQL injection vulnerability in index.php in the amazOOP Awesom! (com_a ...) NOT-FOR-US: amazOOP Awesom! component for Mambo and Joomla! CVE-2008-0602 (Directory traversal vulnerability in index.php in All Club CMS (ACCMS) ...) NOT-FOR-US: All Club CMS (ACCMS) CVE-2008-0601 (SQL injection vulnerability in index.php in All Club CMS (ACCMS) 0.0.1 ...) NOT-FOR-US: All Club CMS (ACCMS) CVE-2008-0600 (The vmsplice_to_pipe function in Linux kernel 2.6.17 through 2.6.24.1 ...) {DSA-1494-1 DTSA-113-1} - linux-2.6 2.6.24-4 (high) - linux-2.6.24 (Fixed before initial upload, in 2.6.24-4 of linux-2.6) CVE-2008-0599 (The init_request_info function in sapi/cgi/cgi_main.c in PHP before 5. ...) {DTSA-135-1} - php5 5.2.6-1 [etch] - php5 (Vulnerable code not yet present, introduced in 5.2.3) [etch] - php4 (Vulnerable code not yet present, introduced in 5.2.3) CVE-2008-0598 (Unspecified vulnerability in the 32-bit and 64-bit emulation in the Li ...) {DSA-1630-1} - linux-2.6 2.6.26-4 (bug #490910) - linux-2.6.24 2.6.24-6~etchnhalf.4 CVE-2008-0597 (Use-after-free vulnerability in CUPS before 1.1.22, and possibly other ...) - cupsys 1.2.1-1 - cups (Vulnerable code not present) NOTE: (mimeDeleteType included since 1.2.x NOTE: according to maintainer, applies to 1.1.x series only. exact fixed NOTE: version in 1.1 unknown but irrelevant. cups package never had 1.1 NOTE: versions in Debian. CVE-2008-0596 (Memory leak in CUPS before 1.1.22, and possibly other versions, allows ...) - cupsys 1.2.1-1 - cups (Vulnerable code not present) NOTE: see CVE-2008-0597 CVE-2008-0595 (dbus-daemon in D-Bus before 1.0.3, and 1.1.x before 1.1.20, recognizes ...) {DSA-1599-1} - dbus 1.1.20-1 CVE-2008-0594 (Mozilla Firefox before 2.0.0.12 does not always display a web forgery ...) {DSA-1506-1 DSA-1489-1 DSA-1485-2 DSA-1484-1} - iceweasel 2.0.0.12-1 - xulrunner 1.8.1.12-1 - iceape 1.1.9-1 - icedove 2.0.0.12-1 CVE-2008-0593 (Gecko-based browsers, including Mozilla Firefox before 2.0.0.12 and Se ...) {DSA-1506-1 DSA-1489-1 DSA-1485-2 DSA-1484-1} - iceweasel 2.0.0.12-1 - xulrunner 1.8.1.12-1 - iceape 1.1.8-1 - icedove 2.0.0.12-1 CVE-2008-0592 (Mozilla Firefox before 2.0.0.12 and SeaMonkey before 1.1.8 allows user ...) {DSA-1506-1 DSA-1489-1 DSA-1485-2 DSA-1484-1} - iceweasel 2.0.0.12-1 - xulrunner 1.8.1.12-1 - iceape 1.1.8-1 - icedove 2.0.0.12-1 CVE-2008-0591 (Mozilla Firefox before 2.0.0.12 and Thunderbird before 2.0.0.12 does n ...) {DSA-1506-1 DSA-1489-1 DSA-1485-2 DSA-1484-1} - iceweasel 2.0.0.12-1 - xulrunner 1.8.1.12-1 - iceape 1.1.9-1 - icedove 2.0.0.12-1 CVE-2008-0590 (Buffer overflow in Ipswitch WS_FTP Server with SSH 6.1.0.0 allows remo ...) NOT-FOR-US: WS_FTP Server with SSH CVE-2008-0589 (The ps program in bos.rte.control in IBM AIX 5.2, 5.3, and 6.1 allows ...) NOT-FOR-US: IBM AIX CVE-2008-0588 (Buffer overflow in the utape program in devices.scsi.tape.diag in IBM ...) NOT-FOR-US: IBM AIX CVE-2008-0587 (Buffer overflow in the uspchrp program in devices.chrp.base.diag in IB ...) NOT-FOR-US: IBM AIX CVE-2008-0586 (Multiple buffer overflows in IBM AIX 5.2 and 5.3 allow local users to ...) NOT-FOR-US: IBM AIX CVE-2008-0585 (sysmgt.websm.webaccess in IBM AIX 5.2 and 5.3 has world writable permi ...) NOT-FOR-US: IBM AIX CVE-2008-0584 (Multiple buffer overflows in bos.rte.control in IBM AIX 5.2 and 5.3 al ...) NOT-FOR-US: IBM AIX CVE-2008-0583 (Cross-zone scripting vulnerability in the Internet Explorer web contro ...) NOT-FOR-US: Skype CVE-2008-0582 (Cross-zone scripting vulnerability in the Internet Explorer web contro ...) NOT-FOR-US: Skype CVE-2008-0581 (Geert Moernaut LSrunasE allows local users to gain privileges by obtai ...) NOT-FOR-US: LSrunasE CVE-2008-0580 (Geert Moernaut LSrunasE and Supercrypt use an encryption key composed ...) NOT-FOR-US: LSrunasE and Supercrypt CVE-2008-0579 (SQL injection vulnerability in index.php in the buslicense (com_buslic ...) NOT-FOR-US: buslicense component for Joomla! CVE-2008-0578 (Cross-site scripting (XSS) vulnerability in the web management login p ...) NOT-FOR-US: Tripwire Enterprise/Server Management Web Interface CVE-2008-0577 (The Project Issue Tracking module 5.x-2.x-dev before 20080130 in the 5 ...) NOT-FOR-US: Project Issue Tracking module for Drupal CVE-2008-0576 (Cross-site scripting (XSS) vulnerability in the Project Issue Tracking ...) NOT-FOR-US: Project Issue Tracking module for Drupal CVE-2008-0575 (Cross-site request forgery (CSRF) vulnerability in admin/admincenter.p ...) NOT-FOR-US: webSPELL CVE-2008-0574 (Cross-site scripting (XSS) vulnerability in index.php in webSPELL 4.01 ...) NOT-FOR-US: webSPELL CVE-2008-0573 (IPSecDrv.sys 10.4.0.12 in SafeNET HighAssurance Remote and SoftRemote ...) NOT-FOR-US: SafeNET HighAssurance Remote and SoftRemote CVE-2008-0572 (Multiple PHP remote file inclusion vulnerabilities in Mindmeld 1.2.0.1 ...) NOT-FOR-US: Mindmeld CVE-2008-0571 (The point moderation form in the Userpoints 4.7.x before 4.7.x-2.3, 5. ...) NOT-FOR-US: Userpoints module for Drupal CVE-2008-0570 (The OpenID 5.x-1.0 and earlier module for Drupal does not properly ver ...) NOT-FOR-US: OpenID module for Drupal CVE-2008-0569 (The Comment Upload 4.7.x before 4.7.x-0.1 and 5.x before 5.x-0.1 modul ...) NOT-FOR-US: Comment upload module for Drupal CVE-2008-0568 (Unspecified vulnerability in the IP-authentication feature in the Secu ...) NOT-FOR-US: Secure Site module for Drupal CVE-2008-0567 (Multiple PHP remote file inclusion vulnerabilities in ChronoEngine Chr ...) NOT-FOR-US: ChronoEngine ChronoForms component for Joomla! CVE-2008-0566 (PHP remote file inclusion vulnerability in includes/smarty.php in Delt ...) NOT-FOR-US: DeltaScripts PHP Links CVE-2008-0565 (SQL injection vulnerability in vote.php in DeltaScripts PHP Links 1.3 ...) NOT-FOR-US: DeltaScripts PHP Links CVE-2008-0563 (Cross-site request forgery (CSRF) vulnerability in service/impl/UserLo ...) - liferay-portal (bug #569819) CVE-2008-0562 (SQL injection vulnerability in index.php in the Restaurant (com_restau ...) NOT-FOR-US: Restaurant component for Mambo and Joomla! CVE-2008-0561 (SQL injection vulnerability in index.php in the Arthur Konze AkoGaller ...) NOT-FOR-US: AkoGallery component for Mambo and Joomla! CVE-2008-0560 NOT-FOR-US: cforms wordpress plugin CVE-2008-0559 (Multiple directory traversal vulnerabilities in Nilson's Blogger 0.11 ...) NOT-FOR-US: cforms wordpress plugin CVE-2008-0558 (Cross-site scripting (XSS) vulnerability in Uniwin eCart Professional ...) NOT-FOR-US: Uniwin eCart Professiona CVE-2008-0557 (SQL injection vulnerability in index.php in the CatalogShop (com_catal ...) NOT-FOR-US: CatalogShop componenent for Mambo and Joomla! CVE-2008-0556 (Cross-site request forgery (CSRF) vulnerability in OpenCA PKI 0.9.2.5, ...) NOT-FOR-US: OpenCA PKI Project CVE-2008-0555 (The ExpandCert function in Apache-SSL before apache_1.3.41+ssl_1.59 do ...) - apache [etch] - apache (only exploitable in very specific setups) NOTE: Only affects the apache-ssl package, not apache or apache-perl. NOTE: Only relevant if the attacker can get a CA that is trusted by the server NOTE: to sign client certs with arbitrary CN, but cannot influence the contents NOTE: of the other DN fields. NOTE: OTOH, the configuration used in Debian's apache-ssl 1.55 (per-dir NOTE: ssl-renegotiation switched off), has obviously not been tested by upstream NOTE: with 1.59 (it doesn't even compile). NOTE: Also, upstream's fix breaks API/ABI compatibility in some corner cases. NOTE: While these cases are not really supported by Debian, all in all the low NOTE: severity of the issue is not in proportion to the risk of breaking something NOTE: with the fix. CVE-2008-0552 (Cross-site scripting (XSS) vulnerability in index.php in eTicket 1.5.6 ...) NOT-FOR-US: eTicket CVE-2008-0551 (The NamoInstaller.NamoInstall.1 ActiveX control in NamoInstaller.dll 3 ...) NOT-FOR-US: Namo Web Editor CVE-2008-0550 (Off-by-one error in Steamcast 0.9.75 and earlier allows remote attacke ...) NOT-FOR-US: Steamcast CVE-2008-0549 (Integer overflow in the OggHeaderParse function in Steamcast 0.9.75 an ...) NOT-FOR-US: Steamcast CVE-2008-0548 (Steamcast 0.9.75 and earlier allows remote attackers to cause a denial ...) NOT-FOR-US: Steamcast CVE-2008-0547 (Cross-site scripting (XSS) vulnerability in admin/utilities_ConfigHelp ...) NOT-FOR-US: CandyPress CVE-2008-0546 (Multiple SQL injection vulnerabilities in CandyPress (CP) 4.1.1.26, an ...) NOT-FOR-US: CandyPress CVE-2008-0545 (Multiple directory traversal vulnerabilities in Bubbling Library 1.32 ...) NOT-FOR-US: Bubbling Library CVE-2008-0543 (Multiple SQL injection vulnerabilities in Pre Dynamic Institution allo ...) NOT-FOR-US: Pre Dynamic Institution CVE-2008-0542 (Directory traversal vulnerability in thumbnail.php in Gerd Tentler Sim ...) NOT-FOR-US: Simple Forum CVE-2008-0541 (Multiple cross-site scripting (XSS) vulnerabilities in forum.php in Ge ...) NOT-FOR-US: Simple Forum CVE-2008-0540 (Multiple cross-site scripting (XSS) vulnerabilities in trixbox 2.4.2.0 ...) NOT-FOR-US: trixbox CVE-2008-0539 (Cross-site scripting (XSS) vulnerability in dms/policy/rep_request.php ...) NOT-FOR-US: F5 BIG-IP Application Security Manager CVE-2008-0538 (Multiple SQL injection vulnerabilities in phpIP Management 4.3.2 allow ...) NOT-FOR-US: phpIP Management CVE-2008-0537 (Unspecified vulnerability in the Supervisor Engine 32 (Sup32), Supervi ...) NOT-FOR-US: Cisco CVE-2008-0536 (Unspecified vulnerability in the SSH server in (1) Cisco Service Contr ...) NOT-FOR-US: Cisco CVE-2008-0535 (Unspecified vulnerability in the SSH server in (1) Cisco Service Contr ...) NOT-FOR-US: Cisco CVE-2008-0534 (The SSH server in (1) Cisco Service Control Engine (SCE) before 3.1.6, ...) NOT-FOR-US: Cisco CVE-2008-0533 (Multiple cross-site scripting (XSS) vulnerabilities in securecgi-bin/C ...) NOT-FOR-US: Cisco ACS CVE-2008-0532 (Multiple buffer overflows in securecgi-bin/CSuserCGI.exe in User-Chang ...) NOT-FOR-US: Cisco ACS CVE-2008-0531 (Heap-based buffer overflow in Cisco Unified IP Phone 7940, 7940G, 7960 ...) NOT-FOR-US: Cisco CVE-2008-0530 (Buffer overflow in Cisco Unified IP Phone 7940, 7940G, 7960, and 7960G ...) NOT-FOR-US: Cisco CVE-2008-0529 (Buffer overflow in the telnet server in Cisco Unified IP Phone 7906G, ...) NOT-FOR-US: Cisco CVE-2008-0528 (Buffer overflow in Cisco Unified IP Phone 7940, 7940G, 7960, and 7960G ...) NOT-FOR-US: Cisco CVE-2008-0527 (The HTTP server in Cisco Unified IP Phone 7935 and 7936 running SCCP f ...) NOT-FOR-US: Cisco CVE-2008-0526 (Cisco Unified IP Phone 7940, 7940G, 7960, and 7960G running SCCP firmw ...) NOT-FOR-US: Cisco CVE-2008-0525 (PatchLink Update client for Unix, as used by Novell ZENworks Patch Man ...) NOT-FOR-US: PatchLink Update client for Unix CVE-2008-0524 (Cross-site request forgery (CSRF) vulnerability in the management inte ...) NOT-FOR-US: Yamaha router firmware CVE-2008-0523 (Multiple cross-site scripting (XSS) vulnerabilities in SoftCart.exe in ...) NOT-FOR-US: SoftCart CVE-2008-0522 (Cross-site scripting (XSS) vulnerability in multiple Hal Networks shop ...) NOT-FOR-US: Hal Networks shopping-cart products CVE-2008-0521 (Multiple directory traversal vulnerabilities in Bubbling Library 1.32 ...) NOT-FOR-US: Bubbling Library CVE-2008-0520 (Multiple SQL injection vulnerabilities in main.php in the WassUp plugi ...) NOT-FOR-US: WassUp plugin for WordPress CVE-2008-0519 (SQL injection vulnerability in index.php in the Atapin Jokes (com_joke ...) NOT-FOR-US: Atapin Jokes component for Mambo and Joomla! CVE-2008-0518 (SQL injection vulnerability in index.php in the Recipes (com_recipes) ...) NOT-FOR-US: Recipes component for Mambo and Joomla! CVE-2008-0517 (SQL injection vulnerability in index.php in the Darko Selesi EstateAge ...) NOT-FOR-US: EstateAgent component for Mambo and Joomla! CVE-2008-0516 (PHP remote file inclusion vulnerability in spaw/dialogs/confirm.php in ...) NOT-FOR-US: SQLiteManager CVE-2008-0515 (SQL injection vulnerability in index.php in the musepoes (com_musepoes ...) NOT-FOR-US: musepoes component for Mambo and Joomla! CVE-2008-0514 (SQL injection vulnerability in index.php in the Glossary (com_glossary ...) NOT-FOR-US: Glossary component for Mambo and Joomla! CVE-2008-0513 (Directory traversal vulnerability in parser/include/class.cache_phpcms ...) NOT-FOR-US: phpCMS CVE-2008-0512 (SQL injection vulnerability in index.php in the fq (com_fq) component ...) NOT-FOR-US: fq component for Mambo and Joomla! CVE-2008-0511 (SQL injection vulnerability in index.php in the MaMML (com_mamml) comp ...) NOT-FOR-US: MaMML component for Mambo and Joomla! CVE-2008-0510 (SQL injection vulnerability in index.php in the Newsletter (com_newsle ...) NOT-FOR-US: Newsletter component for Mambo and Joomla! CVE-2008-0509 (Multiple buffer overflows in IBM AIX 4.3 allow remote attackers to cau ...) NOT-FOR-US: IBM AIX CVE-2008-0508 (Cross-site request forgery (CSRF) vulnerability in deans_permalinks_mi ...) NOT-FOR-US: Dean's Permalinks Migration plugin for WordPress CVE-2008-0507 (SQL injection vulnerability in adclick.php in the AdServe 0.2 plugin f ...) NOT-FOR-US: AdServe plugin for WordPress CVE-2008-0506 (include/imageObjectIM.class.php in Coppermine Photo Gallery (CPG) befo ...) NOT-FOR-US: Coppermine Photo Gallery CVE-2008-0505 (Multiple cross-site scripting (XSS) vulnerabilities in docs/showdoc.ph ...) NOT-FOR-US: Coppermine Photo Gallery CVE-2008-0504 (Multiple SQL injection vulnerabilities in Coppermine Photo Gallery (CP ...) NOT-FOR-US: Coppermine Photo Gallery CVE-2008-0503 (Eval injection vulnerability in admin/op/disp.php in Netwerk Smart Pub ...) NOT-FOR-US: Netwerk Smart Publisher CVE-2008-0502 (PHP remote file inclusion vulnerability in templates/Official/part_use ...) NOT-FOR-US: Connectix Boards CVE-2008-0664 (The XML-RPC implementation (xmlrpc.php) in WordPress before 2.3.3, whe ...) {DSA-1601-1} - wordpress 2.3.3-1 (medium; bug #464170) [etch] - wordpress (vulnerable code not present) NOTE: The blog has to provide user accounts NOTE: A crafted XML-RPC request referring to a valid user can exploit this NOTE: This is specific to wordpress' implementation of xmlrpc.php, which is NOTE: not included in any other packages. - libwordpress-xmlrpc-perl CVE-2008-0553 (Stack-based buffer overflow in the ReadImage function in tkImgGIF.c in ...) {DSA-1598-1 DSA-1491-1 DSA-1490-1 DTSA-140-1} - tk8.5 8.5.0-3 - tk8.4 8.4.17-2 - tk8.3 8.3.5-12 - libtk-img 1:1.3-release-7 (bug #485785) CVE-2008-0554 (Buffer overflow in the readImageData function in giftopnm.c in netpbm ...) {DSA-1579-1} - netpbm-free 10.0-11.1 (medium; bug #464056) CVE-2008-0564 (Multiple cross-site scripting (XSS) vulnerabilities in Mailman before ...) - mailman 1:2.1.10~b3-1 (low) [etch] - mailman (Minor issue) [sarge] - mailman (Minor issue) NOTE: Someone authenticated as list admin can insert malicious script NOTE: into list templates. This already consists of a high degree of NOTE: control over the mailinglist, so not a very important issue. NOTE: This enhances the fix for CVE-2006-3636. NOTE: http://mail.python.org/pipermail/mailman-announce/2008-February/000095.html CVE-2008-0665 (wml_backend/p1_ipp/ipp.src in Website META Language (WML) 2.0.11 allow ...) {DSA-1492-1} - wml 2.0.11-3.1 (low; bug #463907) [sarge] - wml (Vulnerable code is patched to use mkdtemp) CVE-2008-0666 (Website META Language (WML) 2.0.11 allows local users to overwrite arb ...) {DSA-1492-1} - wml 2.0.11-3.1 (low; bug #463907) [sarge] - wml (Vulnerable code is patched to use mkdtemp) CVE-2008-0501 (Directory traversal vulnerability in phpMyClub 0.0.1 allows remote att ...) NOT-FOR-US: phpMyClub CVE-2008-0500 (Multiple unspecified vulnerabilities in Mambo LaiThai 4.5.5 have unkno ...) NOT-FOR-US: MamboXChange LaiThai CVE-2008-0499 (SQL injection vulnerability in Mambo LaiThai 4.5.5 allows remote attac ...) NOT-FOR-US: MamboXChange LaiThai CVE-2008-0498 (SQL injection vulnerability in main_bigware_53.tpl.php in Bigware Shop ...) NOT-FOR-US: Bigware Shop CVE-2008-0497 (Cross-site scripting (XSS) vulnerability in action.php in Nucleus CMS ...) NOT-FOR-US: Nucleus CMS CVE-2008-0496 (Cross-site scripting (XSS) vulnerability in index.php in AmpJuke 0.7.0 ...) NOT-FOR-US: AmpJuke CVE-2008-0495 (Unspecified vulnerability in the Pegasus CIM Server in IBM Hardware Ma ...) NOT-FOR-US: Pegasus CIM Server CVE-2008-0494 (Cross-site scripting (XSS) vulnerability in vpnum/userslist.php in End ...) NOT-FOR-US: Endian Firewall CVE-2008-0493 (fpx.dll 3.9.8.0 in the FlashPix plugin for IrfanView 4.10 allows remot ...) NOT-FOR-US: FlashPix plugin for IrfanView CVE-2008-0492 (Stack-based buffer overflow in the Persits.XUpload.2 ActiveX control i ...) NOT-FOR-US: Persits XUpload CVE-2008-0491 (SQL injection vulnerability in fim_rss.php in the fGallery 2.4.1 plugi ...) NOT-FOR-US: fGallery for WordPress CVE-2008-0490 (SQL injection vulnerability in functions/editevent.php in the WP-Cal 0 ...) NOT-FOR-US: WP-Cal plugin for WordPress CVE-2008-0489 (Directory traversal vulnerability in install.php in Clansphere 2007.4. ...) NOT-FOR-US: Clansphere CVE-2008-0488 (Directory traversal vulnerability in tseekdir.cgi in VB Marketing allo ...) NOT-FOR-US: VB Marketing CVE-2008-0487 (Multiple SQL injection vulnerabilities in login.asp in ASPired2Protect ...) NOT-FOR-US: ASPired2Protect CVE-2008-0486 (Array index vulnerability in libmpdemux/demux_audio.c in MPlayer 1.0rc ...) {DSA-1536-1 DSA-1496-1 DTSA-114-1} - mplayer 1.0~rc2-8 (bug #464060) - xine-lib 1.1.10.1-1 (bug #464696) [sarge] - xine-lib (Vulnerable code not present) CVE-2008-0485 (Array index error in libmpdemux/demux_mov.c in MPlayer 1.0 rc2 and ear ...) {DSA-1496-1 DTSA-114-1} - mplayer 1.0~rc2-8 (bug #464060) CVE-2008-0484 RESERVED CVE-2008-0483 RESERVED CVE-2008-0482 RESERVED CVE-2008-0481 (Directory traversal vulnerability in RTE_file_browser.asp in Web Wiz R ...) NOT-FOR-US: Web Wiz Rich Text Editor CVE-2008-0480 (Multiple directory traversal vulnerabilities in Web Wiz Forums 9.07 an ...) NOT-FOR-US: Web Wiz Forums CVE-2008-0479 (Directory traversal vulnerability in RTE_file_browser.asp in Web Wiz N ...) NOT-FOR-US: Web Wiz NewsPad CVE-2008-0478 (Directory traversal vulnerability in index.php in SetCMS 3.6.5 allows ...) NOT-FOR-US: SetCMS CVE-2008-0477 (Stack-based buffer overflow in the QMPUpgrade.Upgrade.1 ActiveX contro ...) NOT-FOR-US: Move Networks Upgrade Manager CVE-2008-0476 (ManageEngine Applications Manager 8.1 build 8100 does not check authen ...) NOT-FOR-US: ManageEngine Applications Manager CVE-2008-0475 (ManageEngine Applications Manager 8.1 build 8100 allows remote attacke ...) NOT-FOR-US: ManageEngine Applications Manager CVE-2008-0474 (Multiple cross-site scripting (XSS) vulnerabilities in ManageEngine Ap ...) NOT-FOR-US: ManageEngine Applications Manager CVE-2008-0473 (RTE_popup_save_file.asp in Web Wiz Rich Text Editor 4.0 allows remote ...) NOT-FOR-US: Web Wiz Rich Text Editor CVE-2008-0472 (Cross-site request forgery (CSRF) vulnerability in modcp.php in Woltla ...) NOT-FOR-US: Woltlab Burning Board CVE-2008-0471 (Cross-site request forgery (CSRF) vulnerability in privmsg.php in phpB ...) {DSA-1488-1} - phpbb2 2.0.22-3 (low; bug #463589) CVE-2008-0470 (A certain ActiveX control in Comodo AntiVirus 2.0 allows remote attack ...) NOT-FOR-US: Comodo AntiVirus CVE-2008-0469 (SQL injection vulnerability in index.php in Tiger Php News System (TPN ...) NOT-FOR-US: Tiger Php News System CVE-2008-0468 (SQL injection vulnerability in category.php in Flinx 1.3 and earlier a ...) NOT-FOR-US: Flinx CVE-2008-0467 (Stack-based buffer overflow in Firebird before 2.0.4, and 2.1.x before ...) {DSA-1529-1} - firebird2 [etch] - firebird2 (Fixed packages have been released through backports.org, see #1529) - firebird2.0 2.0.3.12981.ds1-5 (medium; bug #463596) CVE-2008-0466 (Web Wiz RTE_file_browser.asp in, as used in Web Wiz Rich Text Editor 4 ...) NOT-FOR-US: Web Wiz Rich Text Editor CVE-2008-0465 (Directory traversal vulnerability in optimizer.php in Seagull 0.6.3 al ...) NOT-FOR-US: Seagull CVE-2008-0464 (Directory traversal vulnerability in archiv.cgi in absofort aconon Mai ...) NOT-FOR-US: aconon Mail Enterprise SQL CVE-2008-0463 (Cross-site scripting (XSS) vulnerability in the Workflow 4.7.x before ...) NOT-FOR-US: Workflow module for Drupal CVE-2008-0462 (Cross-site scripting (XSS) vulnerability in the Archive 5.x before 5.x ...) NOT-FOR-US: Archive module for Drupal CVE-2008-0461 (SQL injection vulnerability in index.php in the Search module in PHP-N ...) NOT-FOR-US: PHP-Nuke CVE-2008-0460 (Cross-site scripting (XSS) vulnerability in api.php in (1) MediaWiki 1 ...) - mediawiki 1:1.11.1-1 (low) [etch] - mediawiki (Doesn't include API functionality) CVE-2008-0459 (Directory traversal vulnerability in update/index.php in Liquid-Silver ...) NOT-FOR-US: Liquit-Silver CMS CVE-2008-0458 (Directory traversal vulnerability in function/sources.php in SLAED CMS ...) NOT-FOR-US: SLAED CMS CVE-2008-0457 (Unrestricted file upload vulnerability in the FileUpload class running ...) NOT-FOR-US: Symantec LiveState Apache Tomcat server CVE-2008-0456 (CRLF injection vulnerability in the mod_negotiation module in the Apac ...) - apache (unimportant) - apache2 (unimportant) NOTE: This is only relevant if an attacker can upload files with arbitrary names NOTE: but not with arbitrary contents. CVE-2008-0455 (Cross-site scripting (XSS) vulnerability in the mod_negotiation module ...) - apache (unimportant) - apache2 2.2.22-8 (unimportant) NOTE: This is only relevant if an attacker can upload files with arbitrary names NOTE: but not with arbitrary contents. NOTE: https://httpd.apache.org/security/vulnerabilities_22.html#CVE-2012-2687 CVE-2008-0454 (Cross-zone scripting vulnerability in the Internet Explorer web contro ...) NOT-FOR-US: Skype CVE-2008-0453 (SQL injection vulnerability in list.php in Easysitenetwork Recipe allo ...) NOT-FOR-US: Easysitenetwork Recipe CVE-2008-0452 (Directory traversal vulnerability in articles.php in Siteman 1.1.9 all ...) NOT-FOR-US: Siteman CVE-2008-0451 (Multiple SQL injection vulnerabilities in PacerCMS 0.6 allow remote au ...) NOT-FOR-US: PacerCMS CVE-2008-0450 (Multiple PHP remote file inclusion vulnerabilities in BLOG:CMS 4.2.1.c ...) NOT-FOR-US: BLOG:CMS CVE-2008-0449 (SQL injection vulnerability in paypalresult.asp in VP-ASP Shopping Car ...) NOT-FOR-US: VP-ASP Shopping Cart CVE-2008-0448 (PHP remote file inclusion vulnerability in utils/class_HTTPRetriever.p ...) NOT-FOR-US: phpSearch CVE-2008-0447 (SQL injection vulnerability in index.php in Foojan WMS PHP Weblog 1.0 ...) NOT-FOR-US: Foojan WMS PHP Weblog CVE-2008-0446 (SQL injection vulnerability in voircom.php in LulieBlog 1.02 allows re ...) NOT-FOR-US: Foojan WMS PHP Weblog CVE-2008-0445 (The replace_inline_img function in elogd in Electronic Logbook (ELOG) ...) - elog 2.9.2+2014.05.11git44800a7-1 (low; bug #463600) CVE-2008-0444 (Cross-site scripting (XSS) vulnerability in Electronic Logbook (ELOG) ...) - elog 2.9.2+2014.05.11git44800a7-1 (low; bug #463600) CVE-2008-0443 (Heap-based buffer overflow in the FileUploader.FUploadCtl.1 ActiveX co ...) NOT-FOR-US: Lycos FileUploader Module CVE-2008-0442 (PHP remote file inclusion vulnerability in inc/linkbar.php in Small Ax ...) NOT-FOR-US: Small Axe Weblog CVE-2008-0441 (IBM Tivoli Business Service Manager (TBSM) 4.1.1 stores passwords in c ...) NOT-FOR-US: IBM Tivoli Business Service Manager CVE-2008-0440 (AlstraSoft Forum Pay Per Post Exchange 2.0 stores passwords in clearte ...) NOT-FOR-US: AlstraSoft Forum Pay Per Post Exchange CVE-2008-0439 (Cross-site scripting (XSS) vulnerability in templates/default/admincp/ ...) NOT-FOR-US: DeluxeBB CVE-2008-0438 (Cross-site scripting (XSS) vulnerability in the font rendering functio ...) NOT-FOR-US: Novemberborn sIFR CVE-2008-0437 (Multiple buffer overflows in the WebHPVCInstall.HPVirtualRooms14 Activ ...) NOT-FOR-US: HP Virtual Rooms CVE-2008-0436 (Cross-site scripting (XSS) vulnerability in profile-upload/upload.asp ...) NOT-FOR-US: PD9 Software MegaBBS CVE-2008-0435 (Directory traversal vulnerability in index.php in OZJournals 2.1.1 all ...) NOT-FOR-US: OZJournals CVE-2008-0434 (Format string vulnerability in the AXIMilter module in AXIGEN Mail Ser ...) NOT-FOR-US: AXIGEN Mail Server CVE-2008-0433 (PHP remote file inclusion vulnerability in theme/phpAutoVideo/LightTwo ...) NOT-FOR-US: Agares Media phpAutoVideo CVE-2008-0432 (Cross-site scripting (XSS) vulnerability in index.php in phpAutoVideo ...) NOT-FOR-US: Agares Media phpAutoVideo CVE-2008-0431 (Directory traversal vulnerability in administrator/download.php in IDM ...) NOT-FOR-US: IDMOS CVE-2008-0430 (SQL injection vulnerability in form.php in 360 Web Manager 3.0 allows ...) NOT-FOR-US: 360 Web Manager CVE-2008-0429 (SQL injection vulnerability in index.php in AlstraSoft Forum Pay Per P ...) NOT-FOR-US: AlstraSoft Forum Pay Per Post Exchange CVE-2008-0428 (Multiple SQL injection vulnerabilities in the login function in system ...) NOT-FOR-US: bloofoxCMS CVE-2008-0427 (Directory traversal vulnerability in file.php in bloofoxCMS 0.3 allows ...) NOT-FOR-US: bloofoxCMS CVE-2008-0426 (Multiple cross-site scripting (XSS) vulnerabilities in submit.php in P ...) NOT-FOR-US: PacerCMS CVE-2008-0425 (Absolute path traversal vulnerability in explorerdir.php in Frimousse ...) NOT-FOR-US: Frimousse CVE-2008-0424 (SQL injection vulnerability in blog.php in Mooseguy Blog System (MGBS) ...) NOT-FOR-US: Mooseguy Blog System CVE-2008-0423 (Multiple PHP remote file inclusion vulnerabilities in Lama Software al ...) NOT-FOR-US: Lama Software CVE-2008-0422 (SQL injection vulnerability in mail.php in boastMachine (aka bMachine) ...) NOT-FOR-US: bMachine CVE-2008-0421 (SQL injection vulnerability in Invision Gallery 2.0.7 and earlier allo ...) NOT-FOR-US: Invision Gallery CVE-2008-0420 (modules/libpr0n/decoders/bmp/nsBMPDecoder.cpp in Mozilla Firefox befor ...) {DSA-1534-1 DSA-1484-1} - iceape 1.1.8-1 - iceweasel 2.0.0.12-1 - xulrunner 1.8.1.12-1 NOTE: The initial advisory claimed Thunderbird/Icedove were vulnerable, but clarified NOTE: later, see http://www.mozilla.org/security/announce/2008/mfsa2008-07.html CVE-2008-0419 (Mozilla Firefox before 2.0.0.12 and SeaMonkey before 1.1.8 allows remo ...) {DSA-1506-1 DSA-1489-1 DSA-1485-2 DSA-1484-1} - iceweasel 2.0.0.12-1 - xulrunner 1.8.1.12-1 - iceape 1.1.8-1 - icedove 2.0.0.12-1 CVE-2008-0418 (Directory traversal vulnerability in Mozilla Firefox before 2.0.0.12, ...) {DSA-1506-1 DSA-1489-1 DSA-1485-2 DSA-1484-1} - iceweasel 2.0.0.12-1 - xulrunner 1.8.1.12-1 - iceape 1.1.8-1 - icedove 2.0.0.12-1 CVE-2008-0417 (CRLF injection vulnerability in Mozilla Firefox before 2.0.0.12 allows ...) {DSA-1506-1 DSA-1489-1 DSA-1485-2 DSA-1484-1} - iceweasel 2.0.0.12-1 - xulrunner 1.8.1.12-1 - iceape 1.1.8-1 - icedove 2.0.0.12-1 CVE-2008-0416 (Multiple cross-site scripting (XSS) vulnerabilities in Mozilla Firefox ...) {DSA-1506-1 DSA-1489-1 DSA-1485-2 DSA-1484-1} - iceweasel 2.0.0.12-1 - icedove 2.0.0.12-1 - xulrunner 1.8.1.13-1 - iceape 1.1.9-1 CVE-2008-0415 (Mozilla Firefox before 2.0.0.12, Thunderbird before 2.0.0.12, and SeaM ...) {DSA-1506-1 DSA-1489-1 DSA-1485-2 DSA-1484-1} - iceweasel 2.0.0.12-1 - iceape 1.1.8-1 - icedove 2.0.0.12-1 - xulrunner 1.8.1.12-1 CVE-2008-0414 (Mozilla Firefox before 2.0.0.12 and SeaMonkey before 1.1.8 allows user ...) {DSA-1506-1 DSA-1489-1 DSA-1485-2 DSA-1484-1} - iceweasel 2.0.0.12-1 - xulrunner 1.8.1.12-1 - iceape 1.1.8-1 - icedove 2.0.0.12-1 CVE-2008-0413 (The JavaScript engine in Mozilla Firefox before 2.0.0.12, Thunderbird ...) {DSA-1506-1 DSA-1489-1 DSA-1485-2 DSA-1484-1} - iceweasel 2.0.0.12-1 - xulrunner 1.8.1.12-1 - iceape 1.1.8-1 - icedove 2.0.0.12-1 CVE-2008-0412 (The browser engine in Mozilla Firefox before 2.0.0.12, Thunderbird bef ...) {DSA-1506-1 DSA-1489-1 DSA-1485-2 DSA-1484-1} - iceweasel 2.0.0.12-1 - xulrunner 1.8.1.12-1 - iceape 1.1.8-1 - icedove 2.0.0.12-1 CVE-2008-0411 (Stack-based buffer overflow in the zseticcspace function in zicc.c in ...) {DSA-1510-1} - ghostscript 8.61.dfsg.1-1.1 (medium; bug #468190) - gs-gpl (medium) CVE-2008-XXXX [exempi buffer overflow in GIF ReadHeader() function] - exempi 1.99.7-1 (bug #454297) CVE-2008-0544 (Heap-based buffer overflow in the IMG_LoadLBM_RW function in IMG_lbm.c ...) {DSA-1493-2 DSA-1493-1} - sdl-image1.2 1.2.6-3 (medium) CVE-2008-0410 (HTTP File Server (HFS) before 2.2c allows remote attackers to obtain c ...) NOT-FOR-US: HTTP File Server CVE-2008-0409 (Cross-site scripting (XSS) vulnerability in HTTP File Server (HFS) bef ...) NOT-FOR-US: HTTP File Server CVE-2008-0408 (HTTP File Server (HFS) before 2.2c allows remote attackers to append a ...) NOT-FOR-US: HTTP File Server CVE-2008-0407 (HTTP File Server (HFS) before 2.2c tags HTTP request log entries with ...) NOT-FOR-US: HTTP File Server CVE-2008-0406 (HTTP File Server (HFS) before 2.2c, when account names are used as log ...) NOT-FOR-US: HTTP File Server CVE-2008-0405 (Multiple directory traversal vulnerabilities in HTTP File Server (HFS) ...) NOT-FOR-US: HTTP File Server CVE-2008-0404 (Cross-site scripting (XSS) vulnerability in Mantis before 1.1.1 allows ...) - mantis (Vulnerable code not present) NOTE: code was introduced in the 1.1.x series, which are not shipped by us yet CVE-2008-0403 (The web server in Belkin Wireless G Plus MIMO Router F5D9230-4 does no ...) NOT-FOR-US: Belkin Wireless firmware CVE-2008-0402 (Unspecified vulnerability in IBM WebSphere Business Modeler Basic and ...) NOT-FOR-US: IBM WebSphere Business Modeler CVE-2008-0401 (Buffer overflow in the logging functionality of the HTTP server in IBM ...) NOT-FOR-US: IBM Tivoli Provisioning Manager for OS Deployment before CVE-2008-0400 (Cross-site scripting (XSS) vulnerability in header.tpl.php in the mode ...) NOT-FOR-US: Singapore CVE-2008-0399 (Multiple buffer overflows in Toshiba Surveillance (Surveillix) RecordS ...) NOT-FOR-US: Toshiba Surveillance CVE-2008-0398 (Cross-site scripting (XSS) vulnerability in aflog 1.01, and possibly e ...) NOT-FOR-US: aflog CVE-2008-0397 (Multiple SQL injection vulnerabilities in aflog 1.01, and possibly ear ...) NOT-FOR-US: aflog CVE-2008-0396 (Directory traversal vulnerability in BitDefender Update Server (http.e ...) NOT-FOR-US: BitDefender Update Server CVE-2008-0395 (Kayako SupportSuite 3.11.01 allows remote attackers to obtain server c ...) NOT-FOR-US: Kayako SupportSuite CVE-2008-0394 (Buffer overflow in Citadel SMTP server 7.10 and earlier allows remote ...) NOT-FOR-US: Citadel SMTP server CVE-2008-0393 (Directory traversal vulnerability in info.php in GradMan 0.1.3 and ear ...) NOT-FOR-US: GradMan CVE-2008-0392 (Multiple buffer overflows in Microsoft Visual Basic Enterprise Edition ...) NOT-FOR-US: Microsoft Visual Basic CVE-2008-0391 (inc/elementz.php in aliTalk 1.9.1.1 does not properly verify authentic ...) NOT-FOR-US: aliTalk CVE-2008-0390 (stat.php in AuraCMS 1.62, and Mod Block Statistik for AuraCMS, allows ...) NOT-FOR-US: AuraCMS CVE-2008-0389 (Unspecified vulnerability in the serveServletsByClassnameEnabled featu ...) NOT-FOR-US: IBM WebSphere Application Server CVE-2008-0388 (SQL injection vulnerability in the WP-Forum 1.7.4 plugin for WordPress ...) NOT-FOR-US: WP-Forum plugin for WordPress CVE-2008-0387 (Integer overflow in Firebird SQL 1.0.3 and earlier, 1.5.x before 1.5.6 ...) {DSA-1529-1} - firebird2.0 2.0.3.12981.ds1-4 (bug #460048) [lenny] - firebird2.0 2.0.3.12981.ds1-1+lenny1 - firebird2 [etch] - firebird2 (Fixed packages have been released through backports.org, see #1529) CVE-2008-0386 (Xdg-utils 1.0.2 and earlier allows user-assisted remote attackers to e ...) - xdg-utils (Ships a patch that modifies the vulnerable code and uses sed secure) NOTE: xdg-open-generic replaces the vulnerable code and runs view-mailcap or sensible-browser CVE-2008-0385 (SQL injection vulnerability in server/widgetallocator.php in Urulu 2.1 ...) NOT-FOR-US: Urulu CVE-2008-0384 (OpenBSD 4.2 allows local users to cause a denial of service (kernel pa ...) NOT-FOR-US: OpenBSD CVE-2008-0383 (Multiple SQL injection vulnerabilities in MyBB 1.2.10 and earlier allo ...) NOT-FOR-US: MyBB CVE-2008-0382 (Multiple eval injection vulnerabilities in MyBB 1.2.10 and earlier all ...) NOT-FOR-US: MyBB CVE-2008-0381 (Unspecified vulnerability in Mahara before 0.9.1 has unknown impact an ...) - mahara 0.9.1-1 (low) CVE-2008-0380 (Buffer overflow in the Digital Data Communications RtspVaPgCtrl Active ...) NOT-FOR-US: Digital Data Communications CVE-2008-0379 (Race condition in the Enterprise Tree ActiveX control (EnterpriseContr ...) NOT-FOR-US: Crystal Reports CVE-2008-0378 (Stack-based buffer overflow in SocksCap 2.40-051231 and earlier, when ...) NOT-FOR-US: SocksCap CVE-2008-0377 (MicroNews allows remote attackers to bypass authentication and gain ad ...) NOT-FOR-US: MicroNews CVE-2008-0376 (PHP remote file inclusion vulnerability in inc/linkbar.php in Small Ax ...) NOT-FOR-US: Small Axe Weblog CVE-2008-0375 (Unspecified vulnerability in OKI C5510MFP Printer CU H2.15, PU 01.03.0 ...) NOT-FOR-US: OKI C5510MFP Printer firmware CVE-2008-0374 (OKI C5510MFP Printer CU H2.15, PU 01.03.01, System F/W 1.01, and Web P ...) NOT-FOR-US: OKI C5510MFP Printer firmware CVE-2008-0373 (Unrestricted file upload vulnerability in PHP F1 Max's File Uploader a ...) NOT-FOR-US: PHP F1 Max's File Uploader CVE-2008-0372 (8e6 R3000 Internet Filter 2.0.05.33, and other versions before 2.0.11, ...) NOT-FOR-US: 8e6 R3000 Internet Filter CVE-2008-0371 (Multiple SQL injection vulnerabilities in aliTalk 1.9.1.1, when magic_ ...) NOT-FOR-US: aliTalk CVE-2008-0370 (Cross-site scripting (XSS) vulnerability in dohtaccess.html in cPanel ...) NOT-FOR-US: cPanel CVE-2008-0369 (Multiple unspecified programs in IBM Informix Dynamic Server (IDS) 10. ...) NOT-FOR-US: IBM Informix Dynamic Server CVE-2008-0368 (onedcu in IBM Informix Dynamic Server (IDS) 10.x before 10.00.xC8 allo ...) NOT-FOR-US: IBM Informix Dynamic Server CVE-2008-0367 (Mozilla Firefox 2.0.0.11, 3.0b2, and possibly earlier versions, when p ...) - iceweasel 3.0 (low) [etch] - iceweasel (Etch Packages no longer covered by security support) NOTE: Mozilla #244273 CVE-2008-0366 (CORE FORCE before 0.95.172 does not properly validate arguments to SSD ...) NOT-FOR-US: CORE FORCE CVE-2008-0365 (Multiple buffer overflows in CORE FORCE before 0.95.172 allow local us ...) NOT-FOR-US: CORE FORCE CVE-2008-0364 (Buffer overflow in (1) BitTorrent 6.0 and earlier; and (2) uTorrent 1. ...) NOT-FOR-US: BitTorrent/uTorrent CVE-2008-0363 (Multiple SQL injection vulnerabilities in Clever Copy 3.0 and earlier ...) NOT-FOR-US: Clever Copy CVE-2008-0362 (Cross-site scripting (XSS) vulnerability in gallery.php in Clever Copy ...) NOT-FOR-US: Clever Copy CVE-2008-0361 (Directory traversal vulnerability in agregar_info.php in GradMan 0.1.3 ...) NOT-FOR-US: GradMan CVE-2008-0360 (Multiple SQL injection vulnerabilities in BLOG:CMS 4.2.1b allow remote ...) NOT-FOR-US: BLOG:CMS CVE-2008-0359 (Multiple cross-site scripting (XSS) vulnerabilities in BLOG:CMS 4.2.1b ...) NOT-FOR-US: BLOG:CMS CVE-2008-0358 (SQL injection vulnerability in index.php in Pixelpost 1.7 allows remot ...) NOT-FOR-US: Pixelpost CVE-2008-0357 (Directory traversal vulnerability in pages/upload.php in Galaxyscripts ...) NOT-FOR-US: Galaxyscripts CVE-2008-0356 (Buffer overflow in the Independent Management Architecture (IMA) servi ...) NOT-FOR-US: Citrix Presentation Server CVE-2008-0355 (SQL injection vulnerability in index.php in the forum module in PHPEch ...) NOT-FOR-US: PHPEcho CMS CVE-2008-0354 (Cross-site scripting (XSS) vulnerability in the chat client in IBM Lot ...) NOT-FOR-US: IBM Lotus Sametime CVE-2008-0353 (SQL injection vulnerability in visualizza_tabelle.php in php-residence ...) NOT-FOR-US: php-residence CVE-2008-XXXX [apt-cacher arbitrary command execution] - apt-cacher 1.6.1 [etch] - apt-cacher (vulnerable code introduced in 1.6.0) [sarge] - apt-cacher (vulnerable code introduced in 1.6.0) CVE-2008-0352 (The Linux kernel 2.6.20 through 2.6.21.1 allows remote attackers to ca ...) - linux-2.6 2.6.22-1 [etch] - linux-2.6 (Vulnerable code was introduced after 2.6.19 release) CVE-2008-0351 (admin/config.php in Evilsentinel 1.0.9 and earlier allows remote attac ...) NOT-FOR-US: EvilSentinel CVE-2008-0350 (admin/index.php in Evilsentinel 1.0.9 and earlier sends a redirect to ...) NOT-FOR-US: EvilSentinel CVE-2008-0349 (Unspecified vulnerability in the PeopleTools component in Oracle Peopl ...) NOT-FOR-US: Oracle CVE-2008-0348 (Multiple unspecified vulnerabilities in the PeopleTools component in O ...) NOT-FOR-US: Oracle CVE-2008-0347 (Unspecified vulnerability in the Oracle Ultra Search component in Orac ...) NOT-FOR-US: Oracle CVE-2008-0346 (Unspecified vulnerability in the Oracle Jinitiator component in Oracle ...) NOT-FOR-US: Oracle CVE-2008-0345 (Unspecified vulnerability in the Core RDBMS component in Oracle Databa ...) NOT-FOR-US: Oracle CVE-2008-0344 (Unspecified vulnerability in the Oracle Spatial component in Oracle Da ...) NOT-FOR-US: Oracle CVE-2008-0343 (Unspecified vulnerability in the Oracle Spatial component in Oracle Da ...) NOT-FOR-US: Oracle CVE-2008-0342 (Unspecified vulnerability in the Upgrade/Downgrade component in Oracle ...) NOT-FOR-US: Oracle CVE-2008-0341 (Unspecified vulnerability in the Advanced Queuing component in Oracle ...) NOT-FOR-US: Oracle CVE-2008-0340 (Multiple unspecified vulnerabilities in Oracle Database 9.0.1.5 FIPS+, ...) NOT-FOR-US: Oracle CVE-2008-0339 (Unspecified vulnerability in the XML DB component in Oracle Database 9 ...) NOT-FOR-US: Oracle CVE-2008-0338 (Directory traversal vulnerability in the mwGetLocalFileName function i ...) NOT-FOR-US: miniweb CVE-2008-0337 (Heap-based buffer overflow in the _mwProcessReadSocket function in htt ...) NOT-FOR-US: miniweb CVE-2008-0336 (Multiple cross-site request forgery (CSRF) vulnerabilities in BugTrack ...) NOT-FOR-US: BugTracker.NET CVE-2008-0335 (Cross-site scripting (XSS) vulnerability in BugTracker.NET before 2.7. ...) NOT-FOR-US: BugTracker.NET CVE-2008-0334 (Cross-site scripting (XSS) vulnerability in pm/language/spanish/prefer ...) NOT-FOR-US: pMachine CVE-2008-0333 (Directory traversal vulnerability in download_view_attachment.aspx in ...) NOT-FOR-US: AfterLogic MailBee WebMail Pro 4.1 for ASP.NET CVE-2008-0332 (Directory traversal vulnerability in arias/help/effect.php in aria 0.9 ...) NOT-FOR-US: Aria ERP (not the aria we ship) CVE-2008-0331 (Unspecified vulnerability in Funkwerk System Software before 7.4.1 PAT ...) NOT-FOR-US: Funkwerk CVE-2008-0330 (Open System Consultants (OSC) Radiator before 4.0 allows remote attack ...) NOT-FOR-US: Radiator CVE-2008-0329 (LulieBlog 1.0.1 and 1.0.2 does not restrict access to (1) article_supp ...) NOT-FOR-US: LulieBlog CVE-2008-0328 (SQL injection vulnerability in page.php in FaScript FaName 1.0 allows ...) NOT-FOR-US: FaScript CVE-2008-0327 (SQL injection vulnerability in show.php in FaScript FaMp3 1.0 allows r ...) NOT-FOR-US: FaScript CVE-2008-0326 (SQL injection vulnerability in class/show.php in FaScript FaPersianHac ...) NOT-FOR-US: FaScript CVE-2008-0325 (SQL injection vulnerability in show.php in FaScript FaPersian Petition ...) NOT-FOR-US: FaScript CVE-2008-0324 (Cisco Systems VPN Client IPSec Driver (CVPNDRVA.sys) 5.0.02.0090 allow ...) NOT-FOR-US: Cisco CVE-2008-0323 RESERVED CVE-2008-0322 (The I2O Utility Filter driver (i2omgmt.sys) 5.1.2600.2180 for Microsof ...) NOT-FOR-US: Microsoft Windows XP driver CVE-2008-0321 RESERVED CVE-2008-0320 (Heap-based buffer overflow in the OLE importer in OpenOffice.org befor ...) {DSA-1547-1} - openoffice.org 2.4.0~ooh680m5-1 CVE-2008-0319 RESERVED CVE-2008-0318 (Integer overflow in the cli_scanpe function in libclamav in ClamAV bef ...) {DSA-1497-1} - clamav 0.92.1~dfsg-1 (medium) CVE-2008-0317 RESERVED CVE-2008-0316 RESERVED CVE-2008-0315 RESERVED CVE-2008-0314 (Heap-based buffer overflow in spin.c in libclamav in ClamAV 0.92.1 all ...) {DSA-1549-1} - clamav 0.92.1~dfsg2-1 (medium) CVE-2008-0313 (The ActiveDataInfo.LaunchProcess method in the SymAData.ActiveDataInfo ...) NOT-FOR-US: Symantec Norton products CVE-2008-0312 (Stack-based buffer overflow in the AutoFix Support Tool ActiveX contro ...) NOT-FOR-US: Symantec Norton products CVE-2008-0311 (Stack-based buffer overflow in the PGMWebHandler::parse_request functi ...) NOT-FOR-US: Borland CaliberRM CVE-2008-0310 (Directory traversal vulnerability in pkgadd in SCO UnixWare 7.1.4 befo ...) NOT-FOR-US: SCO UnixWare CVE-2008-0309 (Stack-based buffer overflow in Symantec Decomposer, as used in certain ...) NOT-FOR-US: Symantec Decomposer CVE-2008-0308 (Symantec Decomposer, as used in certain Symantec antivirus products in ...) NOT-FOR-US: Symantec Decomposer CVE-2008-0307 (Integer signedness error in vserver in SAP MaxDB 7.6.0.37, and possibl ...) - maxdb-7.5.00 CVE-2008-0306 (sdbstarter in SAP MaxDB 7.6.0.37, and possibly other versions, allows ...) - maxdb-7.5.00 CVE-2008-0305 RESERVED CVE-2008-0304 (Heap-based buffer overflow in Mozilla Thunderbird before 2.0.0.12 and ...) {DSA-1697-1 DSA-1621-1} - icedove 2.0.0.12-1 (medium) - iceape 1.1.8-1 (medium) CVE-2008-0303 (The FTP print feature in multiple Canon printers, including imageRUNNE ...) NOT-FOR-US: Canon printer firmware CVE-2008-0301 (Multiple SQL injection vulnerabilities in Mapbender 2.4.4 allow remote ...) NOT-FOR-US: Mapbender CVE-2008-0300 (mapFiler.php in Mapbender 2.4 to 2.4.4 allows remote attackers to exec ...) NOT-FOR-US: Mapbender CVE-2008-0298 (KHTML WebKit as used in Apple Safari 2.x allows remote attackers to ca ...) - webkit (Not reproducible, browser crashes not treated as security issues) - qt4-x11 (Not reproducible, browser crashes not treated as security issues) - kdelibs (Not reproducible, browser crashes not treated as security issues) - kde4libs (Not reproducible, browser crashes not treated as security issues) NOTE: Not reproducible, might be fixed before all the forks went off CVE-2008-0297 (PhotoKorn allows remote attackers to obtain database credentials via a ...) NOT-FOR-US: PhotoKorn CVE-2008-0296 (Heap-based buffer overflow in the libaccess_realrtsp plugin in VideoLA ...) {DSA-1543-1 DTSA-111-1} - vlc 0.8.6.c-6 (bug #461544; medium) CVE-2008-0295 (Heap-based buffer overflow in modules/access/rtsp/real_sdpplin.c in th ...) {DSA-1543-1 DTSA-111-1} - vlc 0.8.6.c-6 (bug #461544; medium) NOTE: this does not affect xine-lib itself, its just vlc that ships a really old version of it CVE-2008-0294 (Unspecified vulnerability in the seat-locking implementation in FreeSe ...) NOT-FOR-US: FreeSeat CVE-2008-0293 (Unspecified vulnerability in cron.php in FreeSeat before 1.1.5d, when ...) NOT-FOR-US: FreeSeat CVE-2008-0292 (Cross-site scripting (XSS) vulnerability in photo_album.pl in Dansie P ...) NOT-FOR-US: Dansie Photo Album CVE-2008-0291 (SQL injection vulnerability in showproduct.asp in RichStrong CMS allow ...) NOT-FOR-US: RichStrong CMS CVE-2008-0161 RESERVED CVE-2008-0290 (Multiple SQL injection vulnerabilities in Digital Hive 2.0 RC2 and ear ...) NOT-FOR-US: Digital Hive CVE-2008-0289 (PHP remote file inclusion vulnerability in view_func.php in Member Are ...) NOT-FOR-US: Member Area System CVE-2008-0288 (Multiple SQL injection vulnerabilities in ImageAlbum 2.0.0b2 allow rem ...) NOT-FOR-US: ImageAlbum CVE-2008-0287 (PHP remote file inclusion vulnerability in VisionBurst vcart 3.3.2 all ...) NOT-FOR-US: VisionBurst vcart CVE-2008-0286 (SQL injection vulnerability in admin/login.php in Article Dashboard al ...) NOT-FOR-US: Article Dashboard CVE-2008-0285 (ngIRCd 0.10.x before 0.10.4 and 0.11.0 before 0.11.0-pre2 allows remot ...) - ngircd 0.10.3-2 (bug #461067; low) [etch] - ngircd (Minor issue) CVE-2008-0284 (Cross-site scripting (XSS) vulnerability in Simple Machines Forum (SMF ...) NOT-FOR-US: Simple Machines Forum CVE-2008-0283 (PHP remote file inclusion vulnerability in /aides/index.php in DomPHP ...) NOT-FOR-US: DomPHP CVE-2008-0282 (SQL injection vulnerability in welcome/inscription.php in DomPHP 0.81 ...) NOT-FOR-US: DomPHP CVE-2008-0281 (SQL injection vulnerability in liste.php in ID-Commerce 2.0 and earlie ...) NOT-FOR-US: ID-Commerce CVE-2008-0280 (SQL injection vulnerability in index.php in MTCMS 2.0 and possibly ear ...) NOT-FOR-US: MTCMS CVE-2008-0279 (SQL injection vulnerability in liretopic.php in Xforum 1.4 and possibl ...) NOT-FOR-US: Xforum CVE-2008-0278 (SQL injection vulnerability in index.php in X7 Chat 2.0.5 and possibly ...) NOT-FOR-US: X7 Chat CVE-2008-0277 (Unspecified vulnerability in the Fileshare module for Drupal allows re ...) NOT-FOR-US: Fileshare module for Drupal CVE-2008-0276 (Cross-site scripting (XSS) vulnerability in the Devel module before 5. ...) NOT-FOR-US: Devel module for Drupal CVE-2008-0275 (The Atom 4.7 before 4.7.x-1.0 and 5.x before 5.x-1.0 module for Drupal ...) NOT-FOR-US: Atom module for Drupal CVE-2008-0274 (Cross-site scripting (XSS) vulnerability in Drupal 4.7.x and 5.x, when ...) - drupal5 5.6-1 (unimportant) NOTE: needs register_globals on CVE-2008-0273 (Interpretation conflict in Drupal 4.7.x before 4.7.11 and 5.x before 5 ...) - drupal5 5.6-1 (low) CVE-2008-0272 (Cross-site request forgery (CSRF) vulnerability in the aggregator modu ...) - drupal5 5.6-1 (low) CVE-2008-0271 (The editor deletion form in BUEditor 4.7.x before 4.7.x-1.0 and 5.x be ...) NOT-FOR-US: BUEditor CVE-2008-0270 (SQL injection vulnerability in index.php in TaskFreak! 0.6.1 and earli ...) NOT-FOR-US: TaskFreak! CVE-2008-0269 (Unspecified vulnerability in the dotoprocs function in Sun Solaris 10 ...) NOT-FOR-US: Sun Solaris CVE-2008-0268 (Cross-site scripting (XSS) vulnerability in view.php in eTicket 1.5.5. ...) NOT-FOR-US: eTicket CVE-2008-0267 (Multiple SQL injection vulnerabilities in eTicket 1.5.5.2 allow remote ...) NOT-FOR-US: eTicket CVE-2008-0266 (Cross-site request forgery (CSRF) vulnerability in admin.php in eTicke ...) NOT-FOR-US: eTicket CVE-2008-0265 (Multiple cross-site scripting (XSS) vulnerabilities in the Search func ...) NOT-FOR-US: F5 BIG-IP CVE-2008-0264 (Unspecified vulnerability in the Meta Tags (aka Nodewords) 5.x-1.6 mod ...) NOT-FOR-US: Meta Tags module for Drupal CVE-2008-0263 (The SIP module in Ingate Firewall before 4.6.1 and SIParator before 4. ...) NOT-FOR-US: Ingate Firewall CVE-2008-0262 (SQL injection vulnerability in includes/articleblock.php in Agares Php ...) NOT-FOR-US: Agares PhpAutoVideo CVE-2008-0261 (Unspecified vulnerability in the search component and module in Mambo ...) NOT-FOR-US: Mambo NOTE: Mambo is in experimental CVE-2008-0260 (minimal Gallery 0.8 allows remote attackers to obtain configuration in ...) NOT-FOR-US: minimal Gallery CVE-2008-0259 (Multiple directory traversal vulnerabilities in _mg/php/mg_thumbs.php ...) NOT-FOR-US: minimal Gallery CVE-2008-0258 (Cross-site scripting (XSS) vulnerability in index.php in PHP Running M ...) NOT-FOR-US: PHP Running Management CVE-2008-0257 (Cross-site scripting (XSS) vulnerability in search.pl in Dansie Search ...) NOT-FOR-US: Dansie Search CVE-2008-0256 (Multiple SQL injection vulnerabilities in Matteo Binda ASP Photo Galle ...) NOT-FOR-US: Matteo Binda ASP Photo Gallery CVE-2008-0255 (SQL injection vulnerability in archive.php in iGaming 1.5, and 1.3.1 a ...) NOT-FOR-US: iGaming CVE-2008-0254 (SQL injection vulnerability in activate.php in TutorialCMS (aka Photos ...) NOT-FOR-US: TutorialCMS CVE-2008-0253 (SQL injection vulnerability in full_text.php in Binn SBuilder allows r ...) NOT-FOR-US: Binn SBuilder CVE-2008-0252 (Directory traversal vulnerability in the _get_file_path function in (1 ...) {DSA-1481-1} - python-cherrypy 2.2.1-3.1 (low; bug #461069) - cherrypy3 3.0.2-2 CVE-2008-0251 (Unrestricted file upload vulnerability in PhotoPost vBGallery before 2 ...) NOT-FOR-US: PhotoPost vBGallery CVE-2008-0250 (Buffer overflow in Microsoft Visual InterDev 6.0 (SP6) allows user-ass ...) NOT-FOR-US: Microsoft Visual InterDev CVE-2008-0249 (PHP Webquest 2.6 allows remote attackers to retrieve database credenti ...) NOT-FOR-US: PHP Webquest CVE-2008-0248 (Buffer overflow in an ActiveX control in ccpm_0237.dll for StreamAudio ...) NOT-FOR-US: StreamAudio ChainCast ProxyManager CVE-2008-0247 (Heap-based buffer overflow in the Express Backup Server service (dsmsv ...) NOT-FOR-US: IBM Tivoli Storage Manager CVE-2008-0246 (admin.php in UploadScript 1.0 does not check for the original password ...) NOT-FOR-US: UploadScript CVE-2008-0245 (admin.php in UploadImage 1.0 does not check for the original password ...) NOT-FOR-US: UploadImage CVE-2008-0244 (SAP MaxDB 7.6.03 build 007 and earlier allows remote attackers to exec ...) - maxdb-7.5.00 (medium; bug #461444) NOTE: see #461456 for removal explanation CVE-2008-0243 (Unspecified vulnerability in Lotus Domino 7.0.2 before Fix Pack 3 allo ...) NOT-FOR-US: Lotus Domino CVE-2008-0242 (Unspecified vulnerability in libdevinfo in Sun Solaris 10 allows local ...) NOT-FOR-US: Sun Solari CVE-2008-0241 (Open redirect vulnerability in /idm/user/login.jsp in Sun Java System ...) NOT-FOR-US: Sun Java System Identity Manager CVE-2008-0240 (/idm/help/index.jsp in Sun Java System Identity Manager 6.0 SP1 throug ...) NOT-FOR-US: Sun Java System Identity Manager CVE-2008-0239 (Multiple cross-site scripting (XSS) vulnerabilities in Sun Java System ...) NOT-FOR-US: Sun Java System Identity Manager CVE-2008-0238 (Multiple heap-based buffer overflows in the rmff_dump_cont function in ...) NOTE: Dupe of CVE-2008-0225 CVE-2008-0299 (common.py in Paramiko 1.7.1 and earlier, when using threads or forked ...) - paramiko 1.6.4-1.1 (low; bug #460706) [etch] - paramiko (Minor issue) NOTE: http://web.archive.org/web/20100715101310/http://www.lag.net/pipermail/paramiko/2008-January/000599.html CVE-2008-0237 (The Microsoft Rich Textbox ActiveX Control (RICHTX32.OCX) 6.1.97.82 al ...) NOT-FOR-US: Microsoft Rich Textbox ActiveX Control CVE-2008-0236 (An ActiveX control for Microsoft Visual FoxPro (vfp6r.dll 6.0.8862.0) ...) NOT-FOR-US: Microsoft Visual FoxPro CVE-2008-0235 (The Microsoft VFP_OLE_Server ActiveX control allows remote attackers t ...) NOT-FOR-US: Microsoft VFP_OLE_Server ActiveX control CVE-2008-0234 (Buffer overflow in Apple Quicktime Player 7.3.1.70 and other versions ...) NOT-FOR-US: Apple Quicktime Player CVE-2008-0233 (Unrestricted file upload vulnerability in Zero CMS 1.0 Alpha and earli ...) NOT-FOR-US: Zero CMS CVE-2008-0232 (Multiple SQL injection vulnerabilities in Zero CMS 1.0 Alpha allow rem ...) NOT-FOR-US: Zero CMS CVE-2008-0231 (Multiple directory traversal vulnerabilities in index.php in Tuned Stu ...) NOT-FOR-US: Tune Studio CVE-2008-0230 (PHP remote file inclusion vulnerability in php121db.php in osDate 2.0. ...) NOT-FOR-US: osDate CVE-2008-0229 (The telnet service in LevelOne WBR-3460 4-Port ADSL 2/2+ Wireless Mode ...) NOT-FOR-US: LevelOne router firmware CVE-2008-0228 (Cross-site request forgery (CSRF) vulnerability in apply.cgi in the Li ...) NOT-FOR-US: Linksys WRT54GL firmware CVE-2008-0227 (yaSSL 1.7.5 and earlier, as used in MySQL and possibly other products, ...) {DSA-1478-1} - mysql-dfsg-4.1 - mysql-dfsg-5.0 5.0.51-3 (low; bug #460873) - cyassl (Fixed before initial upload to archive) CVE-2008-0226 (Multiple buffer overflows in yaSSL 1.7.5 and earlier, as used in MySQL ...) {DSA-1478-1} - mysql-dfsg-4.1 - mysql-dfsg-5.0 5.0.51-3 (medium; bug #460873) - cyassl (Fixed before initial upload to archive) CVE-2008-0225 (Heap-based buffer overflow in the rmff_dump_cont function in input/lib ...) {DSA-1472-1 DTSA-109-1} - xine-lib 1.1.10-1 (medium; bug #460551) CVE-2008-0224 (SQL injection vulnerability in index.php in the Newbb_plus 0.92 and ea ...) NOT-FOR-US: RunCMS CVE-2008-0223 (Buffer overflow in JustSystems JSFC.DLL, as used in multiple JustSyste ...) NOT-FOR-US: JustSystem CVE-2008-0222 (Unrestricted file upload vulnerability in ajaxfilemanager.php in the W ...) NOT-FOR-US: Wp-FileManager plugin for WordPress CVE-2008-0221 (Directory traversal vulnerability in the WebLaunch.WeblaunchCtl.1 (aka ...) NOT-FOR-US: Gateway Weblaunch CVE-2008-0220 (Multiple stack-based buffer overflows in the WebLaunch.WeblaunchCtl.1 ...) NOT-FOR-US: Gateway Weblaunch CVE-2008-0219 (SQL injection vulnerability in soporte_horizontal_w.php in PHP Webques ...) NOT-FOR-US: Webquest CVE-2008-0218 (Cross-site scripting (XSS) vulnerability in admin/index.html in Merak ...) NOT-FOR-US: Merak IceWarp Mail Server CVE-2008-0217 (The script program in FreeBSD 5.0 through 7.0-PRERELEASE invokes openp ...) - kfreebsd-5 [etch] - kfreebsd-5 (FreeBSD not supported) - kfreebsd-6 (see bug #483152) - kfreebsd-7 (see bug #483152) CVE-2008-0216 (The ptsname function in FreeBSD 6.0 through 7.0-PRERELEASE does not pr ...) - kfreebsd-5 (see bug #483152) - kfreebsd-6 (see bug #483152) - kfreebsd-7 (see bug #483152) CVE-2008-0215 (Multiple unspecified vulnerabilities in HP Storage Essentials Storage ...) NOT-FOR-US: HP SRM CVE-2008-0214 (Multiple unspecified vulnerabilities in HP Select Identity 4.00, 4.01, ...) NOT-FOR-US: HP Select Identity CVE-2008-0213 (Unspecified vulnerability in a certain ActiveX control for HP Virtual ...) NOT-FOR-US: HP Virtual Rooms CVE-2008-0212 (ovtopmd in HP OpenView Network Node Manager (OV NNM) 6.41, 7.01, and 7 ...) NOT-FOR-US: HP OpenView Network Node Manager CVE-2008-0211 (Unspecified vulnerability in the BIOS F.04 through F.11 for the HP Com ...) NOT-FOR-US: BIOS F.04 CVE-2008-0210 (Uebimiau Webmail 2.7.10 and 2.7.2 does not protect authentication stat ...) NOT-FOR-US: Uebimiau Webmail CVE-2008-0209 (Open redirect vulnerability in Forums/login.asp in Snitz Forums 2000 3 ...) NOT-FOR-US: Snitz Forums 2000 CVE-2008-0208 (Cross-site scripting (XSS) vulnerability in login.asp in Snitz Forums ...) NOT-FOR-US: Snitz Forums 2000 CVE-2008-0207 (Multiple cross-site scripting (XSS) vulnerabilities in PRO-Search 0.17 ...) NOT-FOR-US: PRO-Search CVE-2008-0206 (Multiple cross-site scripting (XSS) vulnerabilities in captcha\captcha ...) NOT-FOR-US: Captcha! CVE-2008-0205 (Multiple cross-site request forgery (CSRF) vulnerabilities in math-com ...) NOT-FOR-US: Math Comment Spam Protection plugin for WordPress CVE-2008-0204 (Multiple cross-site scripting (XSS) vulnerabilities in math-comment-sp ...) NOT-FOR-US: Math Comment Spam Protection plugin for WordPress CVE-2008-0203 (Multiple cross-site scripting (XSS) vulnerabilities in cryptographp/ad ...) NOT-FOR-US: Cryptographp plugin for WordPress CVE-2008-0202 (CRLF injection vulnerability in index.php in ExpressionEngine 1.2.1 an ...) NOT-FOR-US: ExpressionEngine CVE-2008-0201 (Cross-site scripting (XSS) vulnerability in index.php in ExpressionEng ...) NOT-FOR-US: ExpressionEngine CVE-2008-0200 (Multiple cross-site scripting (XSS) vulnerabilities in account/index.h ...) NOT-FOR-US: RotaBanner CVE-2008-0199 (PRO-Search 0.17 and earlier allows remote attackers to cause a denial ...) NOT-FOR-US: PRO-Search CVE-2008-0198 (Multiple cross-site request forgery (CSRF) vulnerabilities in wp-conta ...) NOT-FOR-US: WP-ContactForm plugin for WordPress CVE-2008-0197 (Multiple cross-site scripting (XSS) vulnerabilities in wp-contact-form ...) NOT-FOR-US: WP-ContactForm plugin for WordPress CVE-2008-0196 (Multiple directory traversal vulnerabilities in WordPress 2.0.11 and e ...) - wordpress 2.3.3-1 [etch] - wordpress (Auth is needed and attacker should have permissions to edit files) CVE-2008-0195 (WordPress 2.0.11 and earlier allows remote attackers to obtain sensiti ...) - wordpress 2.1.0-1 (unimportant) NOTE: full path and DB structure already known on Debian NOTE: poked hendry CVE-2008-0194 (Directory traversal vulnerability in wp-db-backup.php in WordPress 2.0 ...) {DSA-1502-1} - wordpress 2.1.0-1 NOTE: Vulnerable code removed since 2.1 release CVE-2008-0193 (Cross-site scripting (XSS) vulnerability in wp-db-backup.php in WordPr ...) {DSA-1502-1} - wordpress 2.1.0-1 NOTE: Vulnerable code removed since 2.1 release CVE-2008-0192 (Multiple cross-site scripting (XSS) vulnerabilities in WordPress 2.0.9 ...) - wordpress 2.0.10-1 NOTE: poked hendry CVE-2008-0191 (WordPress 2.2.x and 2.3.x allows remote attackers to obtain sensitive ...) - wordpress (unimportant) NOTE: full path and DB structure already known on Debian NOTE: poked hendry CVE-2008-0190 (Multiple cross-site scripting (XSS) vulnerabilities in templates/examp ...) NOT-FOR-US: AwesomeTemplateEngine CVE-2008-0189 REJECTED CVE-2008-0188 REJECTED CVE-2008-0187 (SQL injection vulnerability in songinfo.php in SAM Broadcaster samPHPw ...) NOT-FOR-US: SAM Broadcaster samPHPweb CVE-2008-0186 (Cross-site scripting (XSS) vulnerability in index.php in NetRisk 1.9.7 ...) NOT-FOR-US: NetRisk CVE-2008-0185 (SQL injection vulnerability in index.php in NetRisk 1.9.7 and possibly ...) NOT-FOR-US: NetRisk CVE-2008-0184 (Absolute path traversal vulnerability in index.php in Sys-Hotel on Lin ...) NOT-FOR-US: Sys-Hotel CVE-2008-0183 RESERVED CVE-2008-0182 (Cross-site request forgery (CSRF) vulnerability in the Admin portlet i ...) - liferay-portal (bug #569819) CVE-2008-0181 (Cross-site scripting (XSS) vulnerability in the Admin portlet in Lifer ...) - liferay-portal (bug #569819) CVE-2008-0180 (Cross-site scripting (XSS) vulnerability in themes/_unstyled/templates ...) - liferay-portal (bug #569819) CVE-2008-0179 (Cross-site scripting (XSS) vulnerability in service/impl/UserLocalServ ...) - liferay-portal (bug #569819) CVE-2008-0178 (Cross-site scripting (XSS) vulnerability in the Enterprise Admin Sessi ...) - liferay-portal (bug #569819) CVE-2008-0177 (The ipcomp6_input function in sys/netinet6/ipcomp_input.c in the KAME ...) - kfreebsd-7 (see bug #483152) - kfreebsd-6 (see bug #483152) - kfreebsd-5 [etch] - kfreebsd-5 (FreeBSD not supported) NOTE: Linux kernel code is not affected, the proper check is there NOTE: (somewhat difficult to spot, it happens in the caller). CVE-2008-0176 (Heap-based buffer overflow in w32rtr.exe in GE Fanuc CIMPLICITY HMI SC ...) NOT-FOR-US: GE Fanuc CIMPLICITY CVE-2008-0175 (Unrestricted file upload vulnerability in GE Fanuc Proficy Real-Time I ...) NOT-FOR-US: GE Fanuc Proficy Real-Time Information Portal CVE-2008-0174 (GE Fanuc Proficy Real-Time Information Portal 2.6 and earlier uses HTT ...) NOT-FOR-US: GE Fanuc Proficy Real-Time Information Portal CVE-2008-0172 (The get_repeat_type function in basic_regex_creator.hpp in the Boost r ...) - boost 1.34.1-5 (low; bug #461236) [etch] - boost (Minor issue) CVE-2008-0171 (regex/v4/perl_matcher_non_recursive.hpp in the Boost regex library (ak ...) - boost 1.34.1-5 (low; bug #461236) [etch] - boost (Minor issue) CVE-2008-0170 RESERVED CVE-2008-0169 (Plugin/passwordauth.pm (aka the passwordauth plugin) in ikiwiki 1.34 t ...) - ikiwiki 2.48 (medium; bug #483770) [etch] - ikiwiki (Vulnerable code introduced in 1.34) CVE-2008-0168 RESERVED CVE-2008-0167 (The write_array_file function in utils/include.pl in GForge 4.5.14 upd ...) {DSA-1577-1} - gforge 4.6.99+svn6496-1 (low) NOTE: https://rt.debian.org/Ticket/Display.html?id=672 CVE-2008-0166 (OpenSSL 0.9.8c-1 up to versions before 0.9.8g-9 on Debian-based operat ...) {DSA-1576-1 DSA-1571-1} - openssl 0.9.8g-9 (high) [sarge] - openssl (Vulnerable code not present) - openssh 4.7p1-9 (high) NOTE: http://www.debian.org/security/key-rollover/ CVE-2008-0165 (Cross-site request forgery (CSRF) vulnerability in Ikiwiki before 2.42 ...) {DSA-1553-1} - ikiwiki 2.42 CVE-2008-0164 (Multiple cross-site request forgery (CSRF) vulnerabilities in Plone CM ...) - plone3 3.1.1-1 (bug #473571) CVE-2008-0163 (Linux kernel 2.6, when using vservers, allows local users to access re ...) {DSA-1494-1} - linux-2.6 2.6.25-1 (high) CVE-2008-0162 (misc.c in splitvt 1.6.6 and earlier does not drop group privileges bef ...) {DSA-1500-1} - splitvt 1.6.6-4 CVE-2008-0302 (Untrusted search path vulnerability in apt-listchanges.py in apt-listc ...) {DSA-1465-2} - apt-listchanges 2.82 (medium) [sarge] - apt-listchanges (Vulnerable code not present) NOTE: see http://web.archive.org/web/20080206193307/http://git.madism.org:80/?p=apt-listchanges.git;a=commitdiff;h=1bcfbf3dc55413bb83a1782dc9a54515a963fb32 CVE-2008-0160 RESERVED CVE-2008-0173 (SQL injection vulnerability in Gforge 4.6.99 and earlier allows remote ...) {DSA-1459-1} - gforge 4.6.99+svn6330-1 (medium) NOTE: this is exploitable by unauthenticated users NOTE: Requires register_globals to be On, unsupported in lenny+sid. NOTE: In lenny+sid these scripts just don't work, so no security issue. NOTE: In etch+sarge we support gforge with rg On, unfortunately. CVE-2008-0159 (SQL injection vulnerability in index.php in eggBlog 3.1.0 and earlier ...) NOT-FOR-US: eggBlog CVE-2008-0158 (Directory traversal vulnerability in index.php in Shop-Script 2.0 and ...) NOT-FOR-US: Shop-Script CVE-2008-0157 (SQL injection vulnerability in FlexBB 0.6.3 and earlier allows remote ...) NOT-FOR-US: FlexBB CVE-2008-0156 (Absolute path traversal vulnerability in index.php in Million Dollar S ...) NOT-FOR-US: Million Dollar Script CVE-2008-0155 (Cross-site scripting (XSS) vulnerability in index.php in EvilBoard 0.1 ...) NOT-FOR-US: EvilBoard CVE-2008-0154 (SQL injection vulnerability in index.php in EvilBoard 0.1a (Alpha) all ...) NOT-FOR-US: EvilBoard CVE-2008-0153 (telnetd.exe in Pragma TelnetServer 7.0.4.589 allows remote attackers t ...) NOT-FOR-US: Pragma TelnetServer CVE-2008-0152 (SLnet.exe in SeattleLab SLNet RF Telnet Server 4.1.1.3758 and earlier ...) NOT-FOR-US: SeattleLab SLNet RF Telnet Server CVE-2008-0151 (Heap-based buffer overflow in Foxit WAC Server 2.1.0.910, 2.0 Build 35 ...) NOT-FOR-US: Foxit WAC Server CVE-2008-0150 (Unspecified vulnerability in the LDAP authentication feature in Aruba ...) NOT-FOR-US: Aruba Mobility Controller CVE-2008-0149 (TUTOS 1.3 allows remote attackers to read system information via a dir ...) - tutos - tutos2 (vulnerable code not present) CVE-2008-0148 (TUTOS 1.3 does not restrict access to php/admin/cmd.php, which allows ...) - tutos - tutos2 (vulnerable code not present) CVE-2008-0147 (SQL injection vulnerability in index.php in SmallNuke 2.0.4 and earlie ...) NOT-FOR-US: SmallNuke CVE-2008-0146 (Cross-site scripting (XSS) vulnerability in the error page in W3-mSQL ...) NOT-FOR-US: W3-mSQL CVE-2008-0145 (Unspecified vulnerability in glob in PHP before 4.4.8, when open_based ...) - php4 (unimportant) NOTE: open_basedir bypasses not supported CVE-2008-0144 (PHP remote file inclusion vulnerability in index.php in NetRisk 1.9.7 ...) NOT-FOR-US: NetRisk CVE-2008-0143 (PHP remote file inclusion vulnerability in common/db.php in samPHPweb, ...) NOT-FOR-US: samPHPweb CVE-2008-0142 (Multiple SQL injection vulnerabilities in WebPortal CMS 0.6-beta allow ...) NOT-FOR-US: WebPortal CMS CVE-2008-0141 (actions.php in WebPortal CMS 0.6-beta generates predictable passwords ...) NOT-FOR-US: WebPortal CMS CVE-2008-0140 (Directory traversal vulnerability in error.php in Uebimiau Webmail 2.7 ...) NOT-FOR-US: Uebimiau Webmail CVE-2008-0139 (Eval injection vulnerability in loudblog/inc/parse_old.php in Loudblog ...) NOT-FOR-US: Loudblog CVE-2008-0138 (PHP remote file inclusion vulnerability in xoopsgallery/init_basic.php ...) NOT-FOR-US: XOOPS CVE-2008-0137 (PHP remote file inclusion vulnerability in config.inc.php in SNETWORKS ...) NOT-FOR-US: SNETWORKS CVE-2008-0136 (Snitz Forums 2000 3.4.05 allows remote attackers to obtain sensitive i ...) NOT-FOR-US: Snitz Forums 2000 CVE-2008-0135 (Snitz Forums 2000 3.4.06 and earlier stores sensitive information unde ...) NOT-FOR-US: Snitz Forums 2000 CVE-2008-0134 (Cross-site scripting (XSS) vulnerability in Forums/setup.asp in Snitz ...) NOT-FOR-US: Snitz Forums 2000 CVE-2008-0133 (Multiple SQL injection vulnerabilities in Tribisur 2.1 and earlier all ...) NOT-FOR-US: Tribisur CVE-2008-0132 (Pragma FortressSSH 5.0 Build 4 Revision 293 and earlier handles long i ...) NOT-FOR-US: Pragma FortressSSH CVE-2008-0131 (Cross-site scripting (XSS) vulnerability in login_form.asp in Instant ...) NOT-FOR-US: Instant Softwares Dating Site CVE-2008-0130 (SQL injection vulnerability in login_form.asp in Instant Softwares Dat ...) NOT-FOR-US: Instant Softwares Dating Site CVE-2008-0129 (SQL injection vulnerability in starnet/addons/slideshow_full.php in Si ...) NOT-FOR-US: Site@School CVE-2008-0128 (The SingleSignOn Valve (org.apache.catalina.authenticator.SingleSignOn ...) {DSA-1468-1} - tomcat5 (unimportant) NOTE: SSO cookies not working in 5.0, have only been fixed in 5.5.13, see #34724 - tomcat5.5 5.5.23-1 (low) NOTE: SSO cookies sent over secure connections do not require NOTE: secure connections, possibly defeating HTTPS encryption. NOTE: See: http://issues.apache.org/bugzilla/show_bug.cgi?id=41217 CVE-2008-0127 (The administration interface in McAfee E-Business Server 8.5.2 and ear ...) NOT-FOR-US: McAfee E-Business Server CVE-2008-0126 RESERVED CVE-2008-0125 (Cross-site scripting (XSS) vulnerability in phpstats.php in Michael Wa ...) NOT-FOR-US: Michael Wagner phpstats CVE-2008-0124 (Cross-site scripting (XSS) vulnerability in Serendipity (S9Y) before 1 ...) {DSA-1528-1} - serendipity 1.3~b1-1 (low; bug #469667) CVE-2008-0123 (Cross-site scripting (XSS) vulnerability in install.php for Moodle 1.8 ...) - moodle 1.9.8-1 (unimportant) NOTE: the issue itself has a quite small attack vector NOTE: and considering that the apache configuration that comes NOTE: with moodle limits connections to localhost this is no issue CVE-2008-0122 (Off-by-one error in the inet_network function in libbind in ISC BIND 9 ...) - bind [sarge] - bind (applications will use inet_network in libc) [etch] - bind (applications will use inet_network in libc) - bind9 (does not build libbind) - glibc 2.2-1 NOTE: The fix for the BIND-based resolver in GNU libc was made in 2000. NOTE: libbind9 is distinct code, not related to the old libbind. CVE-2008-0121 (A "memory calculation error" in Microsoft PowerPoint Viewer 2003 allow ...) NOT-FOR-US: Microsoft PowerPoint Viewer CVE-2008-0120 (Integer overflow in Microsoft PowerPoint Viewer 2003 allows remote att ...) NOT-FOR-US: Microsoft PowerPoint Viewer CVE-2008-0119 (Unspecified vulnerability in Microsoft Publisher in Office 2000 and XP ...) NOT-FOR-US: Microsoft Publisher CVE-2008-0118 (Unspecified vulnerability in Microsoft Office 2000 SP3, XP SP3, 2003 S ...) NOT-FOR-US: Microsoft Office CVE-2008-0117 (Unspecified vulnerability in Microsoft Excel 2000 SP3 and 2002 SP2, an ...) NOT-FOR-US: Microsoft Excel CVE-2008-0116 (Microsoft Excel 2000 SP3 through 2003 SP2, Viewer 2003, Compatibility ...) NOT-FOR-US: Microsoft Excel CVE-2008-0115 (Unspecified vulnerability in Microsoft Excel 2000 SP3 through 2007, Vi ...) NOT-FOR-US: Microsoft Excel CVE-2008-0114 (Unspecified vulnerability in Microsoft Excel 2000 SP3 through 2003 SP2 ...) NOT-FOR-US: Microsoft Excel CVE-2008-0113 (Unspecified vulnerability in Microsoft Office Excel Viewer 2003 up to ...) NOT-FOR-US: Microsoft Excel CVE-2008-0112 (Unspecified vulnerability in Microsoft Excel 2000 SP3, and Office for ...) NOT-FOR-US: Microsoft Excel CVE-2008-0111 (Unspecified vulnerability in Microsoft Excel 2000 SP3 through 2007, Vi ...) NOT-FOR-US: Microsoft Excel CVE-2008-0110 (Unspecified vulnerability in Microsoft Outlook in Office 2000 SP3, XP ...) NOT-FOR-US: Microsoft Outlook CVE-2008-0109 (Word in Microsoft Office 2000 SP3, XP SP3, Office 2003 SP2, and Office ...) NOT-FOR-US: Microsoft Office CVE-2008-0108 (Stack-based buffer overflow in wkcvqd01.dll in Microsoft Works 6 File ...) NOT-FOR-US: Microsoft Office CVE-2008-0107 (Integer underflow in SQL Server 7.0 SP4, 2000 SP4, 2005 SP1 and SP2, 2 ...) NOT-FOR-US: Microsoft SQL Server CVE-2008-0106 (Buffer overflow in Microsoft SQL Server 2005 SP1 and SP2, and 2005 Exp ...) NOT-FOR-US: Microsoft SQL Server CVE-2008-0105 (Microsoft Works 6 File Converter, as used in Office 2003 SP2 and SP3, ...) NOT-FOR-US: Microsoft Office CVE-2008-0104 (Unspecified vulnerability in Microsoft Office Publisher 2000, 2002, an ...) NOT-FOR-US: Microsoft Office CVE-2008-0103 (Unspecified vulnerability in Microsoft Office 2000 SP3, Office XP SP3, ...) NOT-FOR-US: Microsoft Office CVE-2008-0102 (Unspecified vulnerability in Microsoft Office Publisher 2000, 2002, an ...) NOT-FOR-US: Microsoft Office CVE-2008-0101 (Format string vulnerability in the swDebugf function in DuneApp.cpp in ...) - whitedune 0.28.13-1 (medium) CVE-2008-0100 (Stack-based buffer overflow in the Scene::errorf function in Scene.cpp ...) - whitedune 0.28.13-1 (medium) CVE-2008-0099 (Multiple SQL injection vulnerabilities in MyPHP Forum 3.0 and earlier ...) NOT-FOR-US: MyPHP Forum CVE-2008-0098 (Buffer overflow in RealPlayer 11 build 6.0.14.748 allows remote attack ...) NOT-FOR-US: RealPlayer CVE-2008-0097 (Format string vulnerability in the log function in Georgia SoftWorks S ...) NOT-FOR-US: Georgia SoftWorks SSH2 Server CVE-2008-0096 (Multiple buffer overflows in Georgia SoftWorks SSH2 Server (GSW_SSHD) ...) NOT-FOR-US: Georgia SoftWorks SSH2 Server CVE-2008-0095 (The SIP channel driver in Asterisk Open Source 1.4.x before 1.4.17, Bu ...) - asterisk 1:1.4.17~dfsg-1 (medium; bug #458952) [etch] - asterisk (Only Asterisk 1.4.x affected) [sarge] - asterisk (Only Asterisk 1.4.x affected) CVE-2008-0094 (Multiple directory traversal vulnerabilities in MODx Content Managemen ...) NOT-FOR-US: MODx Content Management System CVE-2008-0093 (Multiple cross-site scripting (XSS) vulnerabilities in newticket.php i ...) NOT-FOR-US: eTicket CVE-2008-0092 (Cross-site scripting (XSS) vulnerability in index.php in the search mo ...) NOT-FOR-US: Appalachian State University phpWebSite CVE-2008-0091 (Directory traversal vulnerability in download2.php in AGENCY4NET WEBFT ...) NOT-FOR-US: AGENCY4NET WEBFTP CVE-2008-0090 (A certain ActiveX control in npUpload.dll in DivX Player 6.6.0 allows ...) NOT-FOR-US: DivX Player CVE-2008-0089 (SQL injection vulnerability in uprofile.php in ClipShare allows remote ...) NOT-FOR-US: ClipShare CVE-2008-0088 (Unspecified vulnerability in Active Directory on Microsoft Windows 200 ...) NOT-FOR-US: Windows CVE-2008-0087 (The DNS client in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 ...) NOT-FOR-US: Microsoft Windows CVE-2008-0086 (Buffer overflow in the convert function in Microsoft SQL Server 2000 S ...) NOT-FOR-US: Microsoft SQL Server CVE-2008-0085 (SQL Server 7.0 SP4, 2000 SP4, 2005 SP1 and SP2, 2000 Desktop Engine (M ...) NOT-FOR-US: Microsoft SQL Server CVE-2008-0084 (Unspecified vulnerability in the TCP/IP support in Microsoft Windows V ...) NOT-FOR-US: Windows CVE-2008-0083 (The (1) VBScript (VBScript.dll) and (2) JScript (JScript.dll) scriptin ...) NOT-FOR-US: Microsoft Windows CVE-2008-0082 (An ActiveX control (Messenger.UIAutomation.1) in Windows Messenger 4.7 ...) NOT-FOR-US: Windows Messenger CVE-2008-0081 (Unspecified vulnerability in Microsoft Excel 2000 SP3 through 2003 SP2 ...) NOT-FOR-US: Microsoft CVE-2008-0080 (Heap-based buffer overflow in the WebDAV Mini-Redirector in Microsoft ...) NOT-FOR-US: Windows CVE-2008-0079 REJECTED CVE-2008-0078 (Unspecified vulnerability in an ActiveX control (dxtmsft.dll) in Micro ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2008-0077 (Use-after-free vulnerability in Microsoft Internet Explorer 6 SP1, 6 S ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2008-0076 (Unspecified vulnerability in Microsoft Internet Explorer 5.01, 6 SP1 a ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2008-0075 (Unspecified vulnerability in Microsoft Internet Information Services ( ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2008-0074 (Unspecified vulnerability in Microsoft Internet Information Services ( ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2008-0073 (Array index error in the sdpplin_parse function in input/libreal/sdppl ...) {DSA-1543-1 DSA-1536-1 DTSA-119-1 DTSA-128-1} - xine-lib 1.1.11-1 (medium) - vlc 0.8.6.e-2 (medium; bug #473057) NOTE: http://bugs.xine-project.org/show_bug.cgi?id=58 CVE-2008-0072 (Format string vulnerability in the emf_multipart_encrypted function in ...) {DSA-1512-1} - evolution 2.12.3-1.1 NOTE: SA29057 CVE-2008-0071 (The Web UI interface in (1) BitTorrent before 6.0.3 build 8642 and (2) ...) NOT-FOR-US: uTorrent 1.7.7 (build 8179) / BitTorrent 6.0.1 (build 7859) CVE-2008-0070 (Integer overflow in Orb Networks Orb 2.00.1014 and Winamp Remote BETA ...) NOT-FOR-US: Orb Networks Orb and Winamp Remote BETA CVE-2008-0069 (Stack-based buffer overflow in XnView 1.92 and 1.92.1 allows user-assi ...) NOT-FOR-US: XnView CVE-2008-0068 (Directory traversal vulnerability in OpenView5.exe in HP OpenView Netw ...) NOT-FOR-US: HP OpenView CVE-2008-0067 (Multiple stack-based buffer overflows in HP OpenView Network Node Mana ...) NOT-FOR-US: HP OpenView Network Node Manager (OV NNM) CVE-2008-0066 (Multiple buffer overflows in htmsr.dll in the HTML speed reader in Aut ...) NOT-FOR-US: KeyView CVE-2008-0065 (Multiple stack-based buffer overflows in in_mp3.dll in Winamp 5.21, 5. ...) NOT-FOR-US: Winamp CVE-2008-0064 (Stack-based buffer overflow in Pierre-emmanuel Gougelet (1) XnView 1.9 ...) NOT-FOR-US: XnView, nconvert GFL SDK for Windows CVE-2008-0063 (The Kerberos 4 support in KDC in MIT Kerberos 5 (krb5kdc) does not pro ...) {DSA-1524-1} - krb5 1.6.dfsg.3~beta1-4 (medium) CVE-2008-0062 (KDC in MIT Kerberos 5 (krb5kdc) does not set a global variable for som ...) {DSA-1524-1} - krb5 1.6.dfsg.3~beta1-4 (high) CVE-2008-0060 (Help Viewer in Apple Mac OS X 10.4.11 and 10.5.2 allows remote attacke ...) NOT-FOR-US: Apple Mac OS X CVE-2008-0059 (Race condition in NSXML in Foundation for Apple Mac OS X 10.4.11 allow ...) NOT-FOR-US: Apple Mac OS X CVE-2008-0058 (Race condition in the NSURLConnection cache management functionality i ...) NOT-FOR-US: Apple Mac OS X CVE-2008-0057 (Multiple integer overflows in a "legacy serialization format" parser i ...) NOT-FOR-US: Apple Mac OS X CVE-2008-0056 (Stack-based buffer overflow in Foundation in Apple Mac OS X 10.4.11 al ...) NOT-FOR-US: Apple Mac OS X CVE-2008-0055 (Foundation in Apple Mac OS X 10.4.11 creates world-writable directorie ...) NOT-FOR-US: Apple Mac OS X CVE-2008-0054 (Foundation in Apple Mac OS X 10.4.11 might allow context-dependent att ...) NOT-FOR-US: Apple Mac OS X CVE-2008-0053 (Multiple buffer overflows in the HP-GL/2-to-PostScript filter in CUPS ...) {DSA-1625-1} - cupsys 1.3.6-1 - cups 1.3.6-1 NOTE: https://bugzilla.redhat.com/attachment.cgi?id=298651 CVE-2008-0052 (CoreServices in Apple Mac OS X 10.4.11 treats .ief as a safe file type ...) NOT-FOR-US: Apple Mac OS X CVE-2008-0051 (Integer overflow in CoreFoundation in Apple Mac OS X 10.4.11 might all ...) NOT-FOR-US: Apple Mac OS X CVE-2008-0050 (CFNetwork in Apple Mac OS X 10.4.11 allows remote HTTPS proxy servers ...) NOT-FOR-US: Apple Mac OS X CVE-2008-0049 (AppKit in Apple Mac OS X 10.4.11 inadvertently makes an NSApplication ...) NOT-FOR-US: Apple Mac OS X CVE-2008-0048 (Stack-based buffer overflow in AppKit in Apple Mac OS X 10.4.11 allows ...) NOT-FOR-US: Apple Mac OS X CVE-2008-0047 (Heap-based buffer overflow in the cgiCompileSearch function in CUPS 1. ...) {DSA-1530-1} - cupsys 1.3.6-3 (medium; bug #472105) - cups 1.3.6-3 (medium; bug #472105) [sarge] - cupsys (Vulnerable code not present) CVE-2008-0046 (The Application Firewall in Apple Mac OS X 10.5.2 has an incorrect Ger ...) NOT-FOR-US: Apple Mac OS X CVE-2008-0045 (Unspecified vulnerability in AFP Server in Apple Mac OS X 10.4.11 allo ...) NOT-FOR-US: Apple Mac OS X CVE-2008-0044 (Multiple buffer overflows in AFP Client in Apple Mac OS X 10.4.11 and ...) NOT-FOR-US: Apple Mac OS X CVE-2008-0043 (Format string vulnerability in Apple iPhoto before 7.1.2 allows remote ...) NOT-FOR-US: Apple iPhoto CVE-2008-0042 (Argument injection vulnerability in Terminal.app in Terminal in Apple ...) NOT-FOR-US: Apple Mac OSX CVE-2008-0041 (Parental Controls in Apple Mac OS X 10.5 through 10.5.1 contacts www.a ...) NOT-FOR-US: Apple Mac OSX CVE-2008-0040 (Unspecified vulnerability in NFS in Apple Mac OS X 10.5 through 10.5.1 ...) NOT-FOR-US: Apple Mac OSX CVE-2008-0039 (Unspecified vulnerability in Mail in Apple Mac OS X 10.4.11 allows rem ...) NOT-FOR-US: Apple Mac OSX CVE-2008-0038 (Launch Services in Apple Mac OS X 10.5 through 10.5.1 allows an uninst ...) NOT-FOR-US: Apple Mac OSX CVE-2008-0037 (X11 in Apple Mac OS X 10.5 through 10.5.1 does not properly handle whe ...) NOT-FOR-US: Apple Mac OSX CVE-2008-0036 (Buffer overflow in Apple QuickTime before 7.4 allows remote attackers ...) NOT-FOR-US: Apple QuickTime CVE-2008-0035 (Unspecified vulnerability in Foundation, as used in Apple iPhone 1.0 t ...) NOT-FOR-US: Apple cocoa Foundation NOTE: AFAICS this is not the same as libfoundation in Debian CVE-2008-0034 (Unspecified vulnerability in Passcode Lock in Apple iPhone 1.0 through ...) NOT-FOR-US: Apple iPhone CVE-2008-0033 (Unspecified vulnerability in Apple QuickTime before 7.4 allows remote ...) NOT-FOR-US: Apple QuickTime CVE-2008-0032 (Apple QuickTime before 7.4 allows remote attackers to execute arbitrar ...) NOT-FOR-US: Apple QuickTime CVE-2008-0031 (Unspecified vulnerability in Apple QuickTime before 7.4 allows remote ...) NOT-FOR-US: Apple QuickTime CVE-2008-0030 REJECTED CVE-2008-0029 (Cisco Application Velocity System (AVS) before 5.1.0 is installed with ...) NOT-FOR-US: Cisco CVE-2008-0028 (Unspecified vulnerability in Cisco PIX 500 Series Security Appliance a ...) NOT-FOR-US: Cisco CVE-2008-0027 (Heap-based buffer overflow in the Certificate Trust List (CTL) Provide ...) NOT-FOR-US: Cisco CVE-2008-0026 (SQL injection vulnerability in Cisco Unified CallManager/Communication ...) NOT-FOR-US: Cisco CVE-2008-0025 RESERVED CVE-2008-0024 RESERVED CVE-2008-0023 RESERVED CVE-2008-0022 RESERVED CVE-2008-0021 RESERVED CVE-2008-0020 (Unspecified vulnerability in the Load method in the IPersistStreamInit ...) NOT-FOR-US: Microsoft CVE-2008-0019 RESERVED CVE-2008-0018 RESERVED CVE-2008-0017 (The http-index-format MIME type parser (nsDirIndexParser) in Firefox 3 ...) {DSA-1697-1 DSA-1671-1 DSA-1669-1} - iceweasel 3.0.4-1 - xulrunner 1.9.0.4-1 - iceape 1.1.13-1 CVE-2008-0016 (Stack-based buffer overflow in the URL parsing implementation in Mozil ...) {DSA-1697-1 DSA-1696-1 DSA-1669-1 DSA-1649-1} - xulrunner 1.9.0.1-1 - iceweasel 3.0.1-1 - iceape 1.1.12-1 - icedove 2.0.0.17-1 CVE-2008-0015 (Stack-based buffer overflow in the CComVariant::ReadFromStream functio ...) NOT-FOR-US: Microsoft CVE-2008-0014 (Heap-based buffer overflow in an unspecified procedure in Trend Micro ...) NOT-FOR-US: Trend Micro CVE-2008-0013 (Heap-based buffer overflow in an unspecified procedure in Trend Micro ...) NOT-FOR-US: Trend Micro CVE-2008-0012 (Heap-based buffer overflow in an unspecified procedure in Trend Micro ...) NOT-FOR-US: Trend Micro CVE-2008-0011 (Microsoft DirectX 8.1 through 9.0c, and DirectX on Microsoft XP SP2 an ...) NOT-FOR-US: Microsoft DirectX CVE-2008-0010 (The copy_from_user_mmap_sem function in fs/splice.c in the Linux kerne ...) - linux-2.6 2.6.24-4 - linux-2.6.24 (Fixed before initial upload, in 2.6.24-4 of linux-2.6) [etch] - linux-2.6 (vulnerable code not present) CVE-2008-0009 (The vmsplice_to_user function in fs/splice.c in the Linux kernel 2.6.2 ...) - linux-2.6 2.6.24-4 - linux-2.6.24 (Fixed before initial upload, in 2.6.24-4 of linux-2.6) [etch] - linux-2.6 (vulnerable code not present) CVE-2008-0008 (The pa_drop_root function in PulseAudio 0.9.8, and a certain 0.9.9 bui ...) {DSA-1476-1} - pulseaudio 0.9.9-1 CVE-2008-0007 (Linux kernel before 2.6.22.17, when using certain drivers that registe ...) {DSA-1565-1 DSA-1503-2 DSA-1504-1 DSA-1503-1} - linux-2.6.24 (Fixed before initial upload, in 2.6.24-4 of linux-2.6) - linux-2.6 2.6.24-4 CVE-2008-0006 (Buffer overflow in (1) X.Org Xserver before 1.4.1, and (2) the libfont ...) {DSA-1466-2 DTSA-110-1} - xorg-server 2:1.4.1~git20080105-2 - libxfont 1:1.3.1-2 [etch] - libxfont 1:1.2.2-2.etch1 CVE-2008-0005 (mod_proxy_ftp in Apache 2.2.x before 2.2.7-dev, 2.0.x before 2.0.62-de ...) - apache2 2.2.8-1 (low) - apache (low) [etch] - apache (browser issue; low impact) [sarge] - apache (browser issue; low impact) [sarge] - apache2 (browser issue; low impact) [etch] - apache2 2.2.3-4+etch4 (low) CVE-2008-0004 REJECTED CVE-2008-0003 (Stack-based buffer overflow in the PAMBasicAuthenticator::PAMCallback ...) NOT-FOR-US: OpenPegasus CIM management server CVE-2008-0002 (Apache Tomcat 6.0.0 through 6.0.15 processes parameters in the context ...) - tomcat5.5 (Only Tomcat 6 is affected, according to upstream) CVE-2008-0001 (VFS in the Linux kernel before 2.6.22.16, and 2.6.23.x before 2.6.23.1 ...) {DSA-1479-1} - linux-2.6 2.6.24-1 - linux-2.6.24 (Fixed before initial upload, upstream in 2.6.24) CVE-2008-0061 (MaraDNS 1.0 before 1.0.41, 1.2 before 1.2.12.08, and 1.3 before 1.3.07 ...) {DSA-1445-1} - maradns 1.2.12.08-1 NOTE: http://marc.info/?l=maradns-list&m=118842373527534&w=2