path: root/data/CVE/list.2006

CVE-2006-7254 (The nscd daemon in the GNU C Library (glibc) before version 2.5 does n ...)
	- glibc 2.5-1
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=2498
CVE-2006-7253 (GE Healthcare Infinia II has a default password of (1) infinia for the ...)
	NOT-FOR-US: GE Healthcare Infinia II
CVE-2006-7252 (Integer overflow in the calloc function in libc/stdlib/malloc.c in jem ...)
	NOT-FOR-US: NetBSD/FreeBSD libc
CVE-2006-7251
	REJECTED
CVE-2006-7250 (The mime_hdr_cmp function in crypto/asn1/asn_mime.c in OpenSSL 0.9.8t  ...)
	{DSA-2454-1}
	- openssl 1.0.0h-1
	NOTE: DSA addressed it in patch for CVE-2012-1165
CVE-2006-7249
	REJECTED
CVE-2006-7248
	REJECTED
CVE-2006-7247 (SQL injection vulnerability in the Weblinks (com_weblinks) component f ...)
	NOT-FOR-US: Joomla!
CVE-2006-7246 (NetworkManager 0.9.x does not pin a certificate's subject to an ESSID  ...)
	- wpasupplicant 0.7.3-1
	[squeeze] - wpasupplicant <no-dsa> (Minor issue)
	- network-manager 0.9.4.0-1
	[squeeze] - network-manager <no-dsa> (Minor issue)
	NOTE: might be fixed earlier; I checked the source versions in Wheezy
CVE-2006-7245 (Monkey's Audio before 4.01b2 allows remote attackers to cause a denial ...)
	NOT-FOR-US: Monkey's Audio
CVE-2006-7244 (Memory leak in pngwutil.c in libpng 1.2.13beta1, and other versions be ...)
	- libpng 1.2.39-1 (unimportant)
CVE-2006-7243 (PHP before 5.3.4 accepts the \0 character in a pathname, which might a ...)
	- php5 5.3.3-6 (low)
	NOTE: old, known, issue -- partial protection by the suhosin extension
	NOTE: http://svn.php.net/viewvc?view=revision&revision=305507
CVE-2006-7242 (The Workplace (aka WP) component in IBM FileNet P8 Application Engine  ...)
	NOT-FOR-US: IBM FileNet P8 Application Engine
CVE-2006-7241 (The Image Viewer component in IBM FileNet P8 Application Engine (P8AE) ...)
	NOT-FOR-US: IBM FileNet P8 Application Engine
CVE-2006-7240 (gnome-power-manager 2.14.0 does not properly implement the lock_on_sus ...)
	- gnome-power-manager 2.28.0-1 (unimportant)
CVE-2006-7239 (The _gnutls_x509_oid2mac_algorithm function in lib/gnutls_algorithms.c ...)
	- gnutls26 <not-affected> (fix is present in lenny/sid; fixed originally in upstream 1.4.2, which precedes 26)
CVE-2006-7238 (Cross-site scripting (XSS) vulnerability in MyShoutPro before 1.2 allo ...)
	NOT-FOR-US: MyShoutPro
CVE-2006-7237 (PHP remote file inclusion vulnerability in mod/nc_phpmyadmin/core/libr ...)
	NOT-FOR-US: Ixprim
CVE-2006-7236 (The default configuration of xterm on Debian GNU/Linux sid and possibl ...)
	{DTSA-182-1}
	- xterm 238-1 (medium; bug #510030)
	[etch] - xterm <not-affected> (allowWindowOps disabled in configuration)
	NOTE: Somewhat mitigated by a filter for control characters in
	NOTE: post-etch versions.
CVE-2006-7235 (Teamtek Universal FTP Server 1.0.50 allows remote attackers to cause a ...)
	NOT-FOR-US: Teamtek Universal FTP Server
CVE-2006-7234 (Untrusted search path vulnerability in Lynx before 2.8.6rel.4 allows l ...)
	- lynx-cur 2.8.7dev4-1 (low)
	- lynx <not-affected> (Doesn't include the current directory in the search path)
CVE-2006-7233 (Cross-site scripting (XSS) vulnerability in the login form (login.jsp) ...)
	NOT-FOR-US: Openfire
CVE-2006-7232 (sql_select.cc in MySQL 5.0.x before 5.0.32 and 5.1.x before 5.1.14 all ...)
	- mysql-dfsg-4.1 <removed>
	- mysql-dfsg-5.0 5.0.32-1
CVE-2006-7231 (SQL injection vulnerability in display.asp in Civica Software Civica a ...)
	NOT-FOR-US: Civica Software Civica
CVE-2006-7230 (Perl-Compatible Regular Expression (PCRE) library before 7.0 does not  ...)
	{DSA-1570-1}
	- pcre3 7.0-1
	- kazehakase 0.5.2-1
	[sarge] - pcre3 4.5+7.4-1
	[etch] - pcre3 6.7+7.4-2
CVE-2006-7229 (The skge driver 1.5 in Linux kernel 2.6.15 on Ubuntu does not properly ...)
	- linux-2.6 2.6.20-1
	[etch] - linux-2.6 <not-affected> (Ubuntu-specific regression)
CVE-2006-7228 (Integer overflow in Perl-Compatible Regular Expression (PCRE) library  ...)
	{DSA-1570-1}
	- pcre3 6.2-1
	- kazehakase 0.5.2-1
	[sarge] - pcre3 4.5+7.4-1
	NOTE: http://www.pcre.org/changelog.txt states fixed in 6.2
CVE-2006-7227 (Integer overflow in Perl-Compatible Regular Expression (PCRE) library  ...)
	{DSA-1570-1}
	- pcre3 6.2-1
	- kazehakase 0.5.2-1
	[sarge] - pcre3 4.5+7.4-1
	NOTE: http://www.pcre.org/changelog.txt states fixed in 6.2
CVE-2006-7226 (Perl-Compatible Regular Expression (PCRE) library before 6.7 does not  ...)
	- pcre3 6.7-1
	- glib2.0 2.14.3-1 (unimportant)
	NOTE: glib only embeds pcre in the udeb, no attack vector
	[sarge] - pcre3 4.5+7.4-1
	[etch] - pcre3 6.7+7.4-2
CVE-2006-7225 (Perl-Compatible Regular Expression (PCRE) library before 6.7 allows co ...)
	- pcre3 6.7-1
	- glib2.0 2.14.3-1 (unimportant)
	NOTE: glib only embeds pcre in the udeb, no attack vector
	[sarge] - pcre3 4.5+7.4-1
	[etch] - pcre3 6.7+7.4-2
CVE-2006-7224
	REJECTED
CVE-2006-7223 (PreviewAction in XWiki 0.9.543 through 0.9.1252 does not set the Autho ...)
	NOT-FOR-US: Xwiki
CVE-2006-7222 (Buffer overflow in the CFLICStream::_deltachunk function in FLICSource ...)
	NOT-FOR-US: Media Player Classic
CVE-2006-7221 (Multiple off-by-one errors in fsplib.c in fsplib before 0.8 allow atta ...)
	- gftp 2.0.18-17 (unimportant; bug #437710)
CVE-2006-7220 (Unspecified vulnerability in SAP SAPLPD and SAPSPRINT allows remote at ...)
	NOT-FOR-US: SAP SAPLPD
CVE-2006-7219 (eZ publish before 3.8.5 does not properly enforce permissions for edit ...)
	- ezpublish <not-affected> (Debian's version is too old)
CVE-2006-7218 (eZ publish before 3.8.1 does not properly enforce permissions for "con ...)
	- ezpublish <not-affected> (Debian's version is too old)
CVE-2006-7217 (Apache Derby before 10.2.1.6 does not determine schema privilege requi ...)
	- derby <not-affected> (Fixed before initial upload to Debian)
	NOTE: http://issues.apache.org/jira/browse/DERBY-1858
CVE-2006-7216 (Apache Derby before 10.2.1.6 does not determine privilege requirements ...)
	- derby <not-affected> (Fixed before initial upload to Debian)
	NOTE: http://issues.apache.org/jira/browse/DERBY-1708
CVE-2006-7215 (The Intel Core 2 Extreme processor X6800 and Core 2 Duo desktop proces ...)
	NOT-FOR-US: Intel processor
CVE-2006-7214 (Multiple unspecified vulnerabilities in Firebird 1.5 allow remote atta ...)
	{DSA-1529-1}
	- firebird1.5 <removed> (bug #432753)
	- firebird2 <removed>
	[etch] - firebird2 <no-dsa> (Fixed packages have been released through backports.org, see #1529)
	- firebird2.0 <not-affected> (fixed in 2.0)
CVE-2006-7213 (Firebird 1.5 allows remote authenticated users without SYSDBA and owne ...)
	{DSA-1529-1}
	- firebird1.5 <removed> (bug #432753)
	- firebird2 <removed>
	[etch] - firebird2 <no-dsa> (Fixed packages have been released through backports.org, see #1529)
	- firebird2.0 <not-affected> (fixed in 2.0)
CVE-2006-7212 (Multiple buffer overflows in Firebird 1.5, one of which affects WNET,  ...)
	{DSA-1529-1}
	- firebird1.5 <removed> (bug #432753)
	- firebird2 <removed>
	[etch] - firebird2 <no-dsa> (Fixed packages have been released through backports.org, see #1529)
	- firebird2.0 <not-affected> (fixed in 2.0)
CVE-2006-7211 (fb_lock_mgr in Firebird 1.5 uses weak permissions (0666) for the semap ...)
	{DSA-1529-1}
	- firebird1.5 <not-affected> (fixed before rename to firebird1.5)
	- firebird2 1.5.3.4870-4 (low; bug #362001)
	[etch] - firebird2 <no-dsa> (Fixed packages have been released through backports.org, see #1529)
	- firebird2.0 <not-affected> (fixed in 2.0)
	[sarge] - firebird2 <no-dsa> (Minor issue)
CVE-2006-7210 (Microsoft Windows 2000, XP, and Server 2003 allows remote attackers to ...)
	NOT-FOR-US: Windows
CVE-2006-7209 (Multiple cross-site scripting (XSS) vulnerabilities in phpTrafficA bef ...)
	NOT-FOR-US: phpTrafficA
CVE-2006-7208 (PHP remote file inclusion vulnerability in download.php in the Adam va ...)
	NOT-FOR-US: phpBB component com_forum
CVE-2006-7207 (Buffer overflow in ageet AGEphone before 1.4.0 might allow remote atta ...)
	NOT-FOR-US: AGEphone
CVE-2006-7206 (Microsoft Internet Explorer 6 on Windows XP SP2 allows remote attacker ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2006-XXXX [Owl Intranet Engine multiple cross-site scripting, SQL-injection]
	- owl-dms 0.94-1 (medium; bug #416296)
CVE-2006-7205 (The array_fill function in ext/standard/array.c in PHP 4.4.2 and 5.1.2 ...)
	- php4 <removed> (unimportant)
	- php5 <removed> (unimportant)
	NOTE: local DoS when Apache memory limit is set high
CVE-2006-7204 (The imap_body function in PHP before 4.4.4 does not implement safemode ...)
	- php4 <removed> (unimportant)
	NOTE: open_basedir bypasses not supported
CVE-2006-7203 (The compat_sys_mount function in fs/compat.c in Linux kernel 2.6.20 an ...)
	{DSA-1504-1}
	- linux-2.6 2.6.18.dfsg.1-9 (low)
CVE-2006-7202 (The dofreePDF function in includes/pdf.php in Mambo 4.6.1 does not pro ...)
	NOT-FOR-US: Mambo
CVE-2006-7201 (EMC RSA Security SiteKey does not set the secure qualifier on the Site ...)
	NOT-FOR-US: EMC RSA Security SiteKey
CVE-2006-7200 (EMC RSA Security SiteKey issues challenge-bypass tokens that persist f ...)
	NOT-FOR-US: EMC RSA Security SiteKey
CVE-2006-7199 (EMC RSA Security SiteKey allows remote attackers to display the correc ...)
	NOT-FOR-US: EMC RSA Security SiteKey
CVE-2006-7198 (Unspecified vulnerability in IBM WebSphere Application Server (WAS) be ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2006-7197 (The AJP connector in Apache Tomcat 5.5.15 uses an incorrect length for ...)
	- tomcat5.5 5.5.17-1 (low)
CVE-2006-7196 (Cross-site scripting (XSS) vulnerability in the calendar application e ...)
	- tomcat5.5 5.5.16-1 (unimportant)
	- tomcat5 <removed> (unimportant)
	- tomcat4 <removed> (unimportant)
	NOTE: Only present in an example, not in production code
CVE-2006-7195 (Cross-site scripting (XSS) vulnerability in implicit-objects.jsp in Ap ...)
	- tomcat5.5 5.5.20-1 (unimportant)
	- tomcat5 <removed> (unimportant)
	- tomcat4 <removed> (unimportant)
	NOTE: Only present in an example, not in production code
CVE-2006-7194 (PHP remote file inclusion vulnerability in modules/Mysqlfinder/Mysqlfi ...)
	NOT-FOR-US: Agora
CVE-2006-7193
	NOT-FOR-US: disputed (SMARTY_DIR is a constant)
CVE-2006-7192 (Microsoft ASP .NET Framework 2.0.50727.42 does not properly handle com ...)
	NOT-FOR-US: Microsoft ASP .NET Framework
CVE-2006-7191 (Untrusted search path vulnerability in lamdaemon.pl in LDAP Account Ma ...)
	{DSA-1287-1}
	- ldap-account-manager 1.0.0-1 (medium)
CVE-2006-7190 (Cross-site scripting (XSS) vulnerability in cgi-bin/user-lib/topics.pl ...)
	NOT-FOR-US: WebAPP
CVE-2006-7189 (Cross-site scripting (XSS) vulnerability in cgi-bin/admin/logs.cgi in  ...)
	NOT-FOR-US: WebAPP
CVE-2006-7188 (The search function in cgi-lib/user-lib/search.pl in web-app.net WebAP ...)
	NOT-FOR-US: WebAPP
CVE-2006-7187 (Cross-site scripting (XSS) vulnerability in the show_recent_searches f ...)
	NOT-FOR-US: WebAPP
CVE-2006-7186 (cgi-lib/subs.pl in web-app.net WebAPP before 0.9.9.3.5 allows attacker ...)
	NOT-FOR-US: WebAPP
CVE-2006-7185 (PHP remote file inclusion vulnerability in includes/user_standard.php  ...)
	NOT-FOR-US: CMSmelborp
CVE-2006-7184 (Multiple PHP remote file inclusion vulnerabilities in Exhibit Engine ( ...)
	NOT-FOR-US: Exhibit Engine
CVE-2006-7183 (PHP remote file inclusion vulnerability in styles.php in Exhibit Engin ...)
	NOT-FOR-US: Exhibit Engine
CVE-2006-7182 (PHP remote file inclusion vulnerability in noticias.php in MNews 2.0 a ...)
	NOT-FOR-US: MNews
CVE-2006-7181
	NOT-FOR-US: Morcego CMS
CVE-2006-7180 (ieee80211_output.c in MadWifi before 0.9.3 sends unencrypted packets b ...)
	- madwifi 1:0.9.2+r1842.20061207-2 (low)
	[etch] - madwifi <no-dsa> (Non-free not supported)
CVE-2006-7179 (ieee80211_input.c in MadWifi before 0.9.3 does not properly process Ch ...)
	- madwifi 1:0.9.2+r1842.20061207-2 (low)
	[etch] - madwifi <no-dsa> (Non-free not supported)
CVE-2006-7178 (MadWifi before 0.9.3 does not properly handle reception of an AUTH fra ...)
	- madwifi 1:0.9.2+r1842.20061207-2 (low)
	[etch] - madwifi <no-dsa> (Non-free not supported)
CVE-2006-7177 (MadWifi, when Ad-Hoc mode is used, allows remote attackers to cause a  ...)
	- madwifi 1:0.9.2+r1842.20061207-2 (low)
	[etch] - madwifi <no-dsa> (Non-free not supported)
CVE-2006-7176 (The version of Sendmail 8.13.1-2 on Red Hat Enterprise Linux 4 Update  ...)
	- sendmail <not-affected> (Not a program flaw, a DNS error)
CVE-2006-7175 (The version of Sendmail 8.13.1-2 on Red Hat Enterprise Linux 4 Update  ...)
	- sendmail <not-affected> (Debian compiles with FFR_TLS correctly)
CVE-2006-7174 (PHP remote file inclusion vulnerability in includes/functions.php in t ...)
	NOT-FOR-US: Dimension module of phpBB
CVE-2006-7173 (Direct static code injection vulnerability in admin.php in PHP-Stats 0 ...)
	NOT-FOR-US: PHP-Stats
CVE-2006-7172 (Multiple SQL injection vulnerabilities in php-stats.recphp.php in PHP- ...)
	NOT-FOR-US: PHP-Stats
CVE-2006-7171 (product_review.php in Koan Software Mega Mall allows remote attackers  ...)
	NOT-FOR-US: Mega Mall
CVE-2006-7170 (Multiple SQL injection vulnerabilities in Koan Software Mega Mall allo ...)
	NOT-FOR-US: Mega Mall
CVE-2006-7169 (PHP remote file inclusion vulnerability in includes/header_simple.php  ...)
	NOT-FOR-US: Ultimate PHP Board
CVE-2006-7168 (PHP remote file inclusion vulnerability in includes/not_mem.php in the ...)
	NOT-FOR-US: phpBB module Add Name
CVE-2006-7167 (Unspecified vulnerability in ProRat Server 1.9 Fix2 allows remote atta ...)
	NOT-FOR-US: ProRat Server
CVE-2006-7166 (IBM WebSphere Application Server (WAS) 5.1.1.9 and earlier allows remo ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2006-7165 (IBM WebSphere Application Server (WAS) 5.0 through 5.1.1.0 allows remo ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2006-7164 (SimpleFileServlet in IBM WebSphere Application Server 5.0.1 through 5. ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2006-7163 (DreameeSoft Password Master 1.0 stores the database in an unencrypted  ...)
	NOT-FOR-US: DreameeSoft Password Master
CVE-2006-7162 (PuTTY 0.59 and earlier uses weak file permissions for (1) ppk files co ...)
	- putty 0.59-1 (bug #400804; unimportant)
	NOTE: Unsafe default, but not a vulnerability
	NOTE: Sensitive operations like key generation should only be done in private home
CVE-2006-7161 (SQL injection vulnerability in giris_yap.asp in Hazir Site 2.0 allows  ...)
	NOT-FOR-US: Hazir Site
CVE-2006-7160 (The Sandbox.sys driver in Outpost Firewall PRO 4.0, and possibly earli ...)
	NOT-FOR-US: Outpost Firewall PRO
CVE-2006-7159 (Directory traversal vulnerability in include/prune_torrents.php in BTI ...)
	NOT-FOR-US: BTI-Tracker
CVE-2006-7158 (Cross-site scripting (XSS) vulnerability in Oracle Application Express ...)
	NOT-FOR-US: Oracle Application Express
CVE-2006-7157 (Buffer overflow in Google Earth v4.0.2091 (beta) allows remote user-as ...)
	NOT-FOR-US: Google Earth
CVE-2006-7156 (PHP remote file inclusion vulnerability in addon_keywords.php in Keywo ...)
	NOT-FOR-US: miniBB module Keyword Replacer
CVE-2006-7155 (Novell BorderManager 3.8 SP4 generates the same ISAKMP cookies for the ...)
	NOT-FOR-US: Novell BorderManager
CVE-2006-7154 (Iono allows remote attackers to obtain the full server path via certai ...)
	NOT-FOR-US: Iono
CVE-2006-7153 (PHP remote file inclusion vulnerability in index.php in MiniBB Forum 2 ...)
	NOT-FOR-US: MiniBB Forum
CVE-2006-7152 (default.asp in ASP-Nuke Community 1.5 and earlier allows remote attack ...)
	NOT-FOR-US: ASP-Nuke Community
CVE-2006-7151 (Untrusted search path vulnerability in the libtool-ltdl library (liblt ...)
	- libtool <not-affected> (Specific to Fedora build)
CVE-2006-7150 (Multiple SQL injection vulnerabilities in Mambo 4.6.x allow remote att ...)
	NOT-FOR-US: Mambo
CVE-2006-7149 (Multiple cross-site scripting (XSS) vulnerabilities in Mambo 4.6.x all ...)
	NOT-FOR-US: Mambo
CVE-2006-7148 (PHP remote file inclusion vulnerability in includes/bb_usage_stats.php ...)
	NOT-FOR-US: phpBB module maluinfo
CVE-2006-7147 (PHP remote file inclusion vulnerability in includes/functions_mod_user ...)
	NOT-FOR-US: phpBB module Import Tools
CVE-2006-7146
	NOT-FOR-US: communityPortals
CVE-2006-7145 (edit_user.php in Call Center Software 0.93 and earlier allows remote a ...)
	NOT-FOR-US: Call Center Software
CVE-2006-7144 (SQL injection vulnerability in Call Center Software 0.93 and earlier a ...)
	NOT-FOR-US: Call Center Software
CVE-2006-7143 (Cross-site scripting (XSS) vulnerability in Call Center Software 0.93  ...)
	NOT-FOR-US: Call Center Software
CVE-2006-7142 (The centralized management feature for Utimaco Safeguard stores hard-c ...)
	NOT-FOR-US: Utimaco Safeguard
CVE-2006-7141
	NOT-FOR-US: Oracle Database
CVE-2006-7140 (The libike library, as used by in.iked, elfsign, and kcfd in Sun Solar ...)
	NOT-FOR-US: Sun Solaris
CVE-2006-7139 (Kmail 1.9.1 on KDE 3.5.2, with "Prefer HTML to Plain Text" enabled, al ...)
	- kdepim <unfixed> (unimportant)
	NOTE: Annoying bug, but neglectable "security implications"
CVE-2006-7138 (SQL injection vulnerability in wwv_flow_utilities.gen_popup_list in th ...)
	NOT-FOR-US: Oracle APEX
CVE-2006-7137 (Cross-site scripting (XSS) vulnerability in TinyPortal before 0.8.6 al ...)
	NOT-FOR-US: TinyPortal
CVE-2006-7136 (Multiple PHP remote file inclusion vulnerabilities in PHP Poll Creator ...)
	NOT-FOR-US: PHP Poll Creator
CVE-2006-7135 (PHP remote file inclusion vulnerability in lib/functions.inc.php in PH ...)
	NOT-FOR-US: PHP Poll Creator
CVE-2006-7134 (Unrestricted file upload vulnerability in main_user.php in Upload Tool ...)
	NOT-FOR-US: Upload Tool for PHP
CVE-2006-7133 (Directory traversal vulnerability in upload/bin/download.php in Upload ...)
	NOT-FOR-US: Upload Tool for PHP
CVE-2006-7132 (Directory traversal vulnerability in pmd-config.php in PHPMyDesk 1.0be ...)
	NOT-FOR-US: PHPMyDesk
CVE-2006-7131 (PHP remote file inclusion vulnerability in extras/mt.php in Jinzora 2. ...)
	NOT-FOR-US: Jinzora
CVE-2006-7130 (PHP remote file inclusion vulnerability in backend/primitives/cache/me ...)
	NOT-FOR-US: Jinzora
CVE-2006-7129 (ISS BlackICE PC Protection 3.6 cpj and cpu, and possibly earlier versi ...)
	NOT-FOR-US: ISS BlackICE
CVE-2006-7128 (PHP remote file inclusion vulnerability in forum/forum.php JAF CMS 4.0 ...)
	NOT-FOR-US: JAF CMS
CVE-2006-7127 (Multiple PHP remote file inclusion vulnerabilities in JAF CMS 4.0 and  ...)
	NOT-FOR-US: JAF CMS
CVE-2006-7126 (SQL injection vulnerability in Joomla BSQ Sitestats 1.8.0 and 2.2.1 al ...)
	NOT-FOR-US: Joomla component BSQ Sitestats
CVE-2006-7125 (Cross-site scripting (XSS) vulnerability in Joomla BSQ Sitestats 1.8.0 ...)
	NOT-FOR-US: Joomla component BSQ Sitestats
CVE-2006-7124 (PHP remote file inclusion vulnerability in external/rssfeeds.php in BS ...)
	NOT-FOR-US: Joomla component BSQ Sitestats
CVE-2006-7123 (Multiple SQL injection vulnerabilities in BSQ Sitestats (component for ...)
	NOT-FOR-US: Joomla component BSQ Sitestats
CVE-2006-7122 (Cross-site scripting (XSS) vulnerability in the IP Address Lookup func ...)
	NOT-FOR-US: Joomla component BSQ Sitestats
CVE-2006-7121 (The HTTP server in Linksys SPA-921 VoIP Desktop Phone allows remote at ...)
	NOT-FOR-US: Linksys SPA-921
CVE-2006-7120
	NOT-FOR-US: OSL maintain
CVE-2006-7119 (PHP remote file inclusion vulnerability in kernel/system/startup.php i ...)
	NOT-FOR-US: PHPGiggle
CVE-2006-7118 (SQL injection vulnerability in index.asp in DMXReady Site Engine Manag ...)
	NOT-FOR-US: DMXReady Site Engine Manager
CVE-2006-7117 (Multiple directory traversal vulnerabilities in Kubix 0.7 and earlier  ...)
	NOT-FOR-US: Kubix
CVE-2006-7116 (SQL injection vulnerability in includes/functions.php in Kubix 0.7 and ...)
	NOT-FOR-US: Kubix
CVE-2006-7115 (SQL injection vulnerability in PHPKit 1.6.1 RC2 allows remote attacker ...)
	NOT-FOR-US: PHPKit
CVE-2006-7114 (P-News 2.0 stores db/user.txt under the web document root with insuffi ...)
	NOT-FOR-US: P-News
CVE-2006-7113 (Unrestricted file upload vulnerability in P-News 2.0 allows remote att ...)
	NOT-FOR-US: P-News
CVE-2006-7112 (Directory traversal vulnerability in error.php in MD-Pro 1.0.76 and ea ...)
	NOT-FOR-US: MD-Pro
CVE-2006-7111 (Unspecified vulnerability in Futomi's CGI Cafe KMail CGI 1.0.3 and ear ...)
	NOT-FOR-US: KMail CGI
CVE-2006-7110 (Directory traversal vulnerability in the delete function in IMCE befor ...)
	NOT-FOR-US: Drupal module IMCE
CVE-2006-7109 (Unrestricted file upload vulnerability in IMCE before 1.6, a Drupal mo ...)
	NOT-FOR-US: Drupal module IMCE
CVE-2006-7108 (login in util-linux-2.12a skips pam_acct_mgmt and chauth_tok when auth ...)
	- util-linux 2.17.2-9 (unimportant)
	NOTE: likely fixed far before this, which is the version in squeeze that was checked
CVE-2006-7107 (PHP remote file inclusion vulnerability in upgrade.php in Coalescent S ...)
	NOT-FOR-US: freePBX
CVE-2006-7106 (PHP remote file inclusion vulnerability in config.inc.php3 in Power Ph ...)
	NOT-FOR-US: Power Phlogger
CVE-2006-7105
	- smarty <not-affected> (described vulnerability never existed)
CVE-2006-7104 (PHP remote file inclusion vulnerability in htmltemplate.php in the Cha ...)
	NOT-FOR-US: MOStlyContent Editor
CVE-2006-7103 (Multiple directory traversal vulnerabilities in EZOnlineGallery 1.3 an ...)
	NOT-FOR-US: EZOnlineGallery
CVE-2006-7102 (Multiple PHP remote file inclusion vulnerabilities in phpBurningPortal ...)
	NOT-FOR-US: phpBurningPortal quiz-modul
CVE-2006-7101 (SQL injection vulnerability in admin.php in PHPWind 5.0.1 and earlier  ...)
	NOT-FOR-US: PHPWind
CVE-2006-7100 (PHP remote file inclusion vulnerability in includes/functions_mod_user ...)
	NOT-FOR-US: phpBB Insert User
CVE-2006-7099 (Directory traversal vulnerability in index.php in SolarPay allows remo ...)
	NOT-FOR-US: SolarPay
CVE-2006-7098 (The Debian GNU/Linux 033_-F_NO_SETSID patch for the Apache HTTP Server ...)
	- apache 1.3.34-4.1 (low; bug #357561)
CVE-2006-7097 (Multiple unspecified vulnerabilities in TaskFreak! before 0.1.4 have u ...)
	NOT-FOR-US: TaskFreak!
CVE-2006-7096 (Buffer overflow in the network_host_handle_join function in host.c in  ...)
	NOT-FOR-US: dimension 3 engine
CVE-2006-7095 (Integer signedness error in the network_receive_packet function in soc ...)
	NOT-FOR-US: dimension 3 engine
CVE-2006-7094 (ftpd, as used by Gentoo and Debian Linux, sets the gid to the effectiv ...)
	- linux-ftpd 0.17-23 (bug #384454; low)
CVE-2006-7093 (Cross-site scripting (XSS) vulnerability in Mambo LaiThai 4.5.4 Securi ...)
	NOT-FOR-US: Mambo LaiThai
CVE-2006-7092 (SQL injection vulnerability in includes/mambo.php in Mambo LaiThai 4.5 ...)
	NOT-FOR-US: Mambo LaiThai
CVE-2006-7091 (PHP remote file inclusion vulnerability in config.php in phpht Topsite ...)
	NOT-FOR-US: Topsites FREE
CVE-2006-7090 (PHP remote file inclusion vulnerability in phpbb_security.php in phpBB ...)
	NOT-FOR-US: phpBB Security
CVE-2006-7089 (SQL injection vulnerability in connexion.php in Ban 0.1 allows remote  ...)
	NOT-FOR-US: Ban
CVE-2006-7088 (Multiple SQL injection vulnerabilities in Simple PHP Forum before 0.4  ...)
	NOT-FOR-US: Simple PHP Forum
CVE-2006-7087 (CRLF injection vulnerability in the mail function in Dotdeb PHP before ...)
	NOT-FOR-US: Dotdeb PHP
CVE-2006-7086 (The (1) dlback.php and (2) dlback.cgi scripts in Hot Links allow remot ...)
	NOT-FOR-US: Hot Links
CVE-2006-7085 (Rigter Portal System (RPS) 1.0, 2.0, and 3.0 allows remote attackers t ...)
	NOT-FOR-US: Rigter Portal System
CVE-2006-7084
	REJECTED
CVE-2006-7083 (Directory traversal vulnerability in index.php in Rigter Portal System ...)
	NOT-FOR-US: Rigter Portal System
CVE-2006-7082 (Rigter Portal System (RPS) 1.0, 2.0, and 3.0 allows remote attackers t ...)
	NOT-FOR-US: Rigter Portal System
CVE-2006-7081 (Multiple PHP remote file inclusion vulnerabilities in PhpNews 1.0 allo ...)
	NOT-FOR-US: PhpNews
CVE-2006-7080 (Directory traversal vulnerability in the avatar upload feature in exV2 ...)
	NOT-FOR-US: exV2
CVE-2006-7079 (Variable extraction vulnerability in include/common.php in exV2 2.0.4. ...)
	NOT-FOR-US: exV2
CVE-2006-7078 (Multiple cross-site scripting (XSS) vulnerabilities in Professional Ho ...)
	NOT-FOR-US: Professional Home Page Tools Login Script
CVE-2006-7077 (SQL injection vulnerability in guestbook.php in Advanced Guestbook 2.4 ...)
	NOT-FOR-US: Advanced Guestbook
CVE-2006-7076 (Cross-site scripting (XSS) vulnerability in guestbook.php in Advanced  ...)
	NOT-FOR-US: Advanced Guestbook
CVE-2006-7075 (Buffer overflow in the meta_read_flac function in meta_decoder.c for A ...)
	- aqualung 0.9~beta6-1 (medium)
CVE-2006-7074 (admin.php in SmartSiteCMS 1.0 allows remote attackers to bypass authen ...)
	NOT-FOR-US: SmartSiteCMS
CVE-2006-7073 (Cross-site scripting (XSS) vulnerability in Opentools Attachment Mod b ...)
	NOT-FOR-US: Opentools Attachment Mod
CVE-2006-7072 (Cross-site scripting (XSS) vulnerability in GeoClassifieds Enterprise  ...)
	NOT-FOR-US: GeoClassifieds Enterprise
CVE-2006-7071 (SQL injection vulnerability in classes/class_session.php in Invision P ...)
	NOT-FOR-US: Invision Power Board
CVE-2006-7070 (Unrestricted file upload vulnerability in manager/media/ibrowser/scrip ...)
	NOT-FOR-US: Etomite CMS
CVE-2006-7069 (PHP remote file inclusion vulnerability in smarty_config.php in Socket ...)
	NOT-FOR-US: Socketwiz Bookmarks
CVE-2006-7068 (PHP remote file inclusion vulnerability in CliServ Web Community 0.65  ...)
	NOT-FOR-US: CliServ Web Community
CVE-2006-7067 (Oracle 10g R2 and possibly other versions allows remote attackers to t ...)
	NOT-FOR-US: Oracle
CVE-2006-7066 (Microsoft Internet Explorer 6 on Windows XP SP2 allows remote attacker ...)
	NOT-FOR-US: Microsoft IE
CVE-2006-7065 (Microsoft Internet Explorer allows remote attackers to cause a denial  ...)
	NOT-FOR-US: Microsoft IE
CVE-2006-7064 (Cross-site scripting (XSS) vulnerability in forum/admin.php for Invisi ...)
	NOT-FOR-US: Invision Power Board
CVE-2006-7063 (Directory traversal vulnerability in profile.php in TinyPHPforum 3.6 a ...)
	NOT-FOR-US: TinyPHPforum
CVE-2006-7062 (calendar.php in Kamgaing Email System (kmail) 2.3 and earlier allows r ...)
	NOT-FOR-US: Kamgaing Email System
CVE-2006-7061 (Scriptsez.net E-Dating System stores data files with predictable names ...)
	NOT-FOR-US: E-Dating System
CVE-2006-7060 (cindex.php in Scriptsez.net E-Dating System allows remote attackers to ...)
	NOT-FOR-US: E-Dating System
CVE-2006-7059 (Multiple cross-site scripting (XSS) vulnerabilities in Scriptsez.net E ...)
	NOT-FOR-US: E-Dating System
CVE-2006-7058 (Multiple cross-site scripting (XSS) vulnerabilities in Sphider before  ...)
	NOT-FOR-US: Sphider
CVE-2006-7057 (SQL injection vulnerability in search.php in Sphider before 1.3.1c all ...)
	NOT-FOR-US: Sphider
CVE-2006-7056 (Multiple PHP remote file inclusion vulnerabilities in DreamCost HostAd ...)
	NOT-FOR-US: HostAdmin
CVE-2006-7055 (PHP remote file inclusion vulnerability in index.php in TotalCalendar  ...)
	NOT-FOR-US: TotalCalendar
CVE-2006-7054 (The DNS module in Arkoon FAST360 UTM appliances 3.0 up to 3.0/29, 3.1  ...)
	NOT-FOR-US: FAST360 UTM
CVE-2006-7053 (Unspecified vulnerability in Arkoon FAST360 UTM appliances 3.0 through ...)
	NOT-FOR-US: FAST360 UTM
CVE-2006-7052 (Multiple PHP remote file inclusion vulnerabilities in DotWidget For Ar ...)
	NOT-FOR-US: DotWidget
CVE-2006-7051 (The sys_timer_create function in posix-timers.c for Linux kernel 2.6.x ...)
	- linux-2.6 2.6.23-1 (low)
	[etch] - linux-2.6 <no-dsa> (Design limitation, use resource limits if it poses a problem)
CVE-2006-7050 (Cross-site scripting (XSS) vulnerability in WikkaWiki (Wikka Wiki) bef ...)
	NOT-FOR-US: WikkaWiki
CVE-2006-7049 (The Method method in WikkaWiki (Wikka Wiki) before 1.1.6.2 calls the s ...)
	NOT-FOR-US: WikkaWiki
CVE-2006-7048 (Multiple PHP remote file inclusion vulnerabilities in Claroline 1.7.5  ...)
	NOT-FOR-US: Claroline
CVE-2006-7047 (include.php in Shoutpro 1.0 might allow remote attackers to bypass IP  ...)
	NOT-FOR-US: Shoutpro
CVE-2006-7046 (PHP remote file inclusion vulnerability in cmpro.intern/login.inc.php  ...)
	NOT-FOR-US: Clan Manager Pro
CVE-2006-7045 (PHP remote file inclusion vulnerability in Clan Manager Pro (CMPRO) 1. ...)
	NOT-FOR-US: Clan Manager Pro
CVE-2006-7044 (PHP remote file inclusion vulnerability in comment.core.inc.php in Cla ...)
	NOT-FOR-US: Clan Manager Pro
CVE-2006-7043 (Multiple cross-site scripting (XSS) vulnerabilities in Chipmunk Blogge ...)
	NOT-FOR-US: Chipmunk
CVE-2006-7042 (Cross-site scripting (XSS) vulnerability in directory/index.php in Chi ...)
	NOT-FOR-US: Chipmunk
CVE-2006-7041 (The SMTP service in MERCUR Messaging 2005 before Service Pack 4 allows ...)
	NOT-FOR-US: MERCUR Messaging
CVE-2006-7040 (Unspecified vulnerability in MERCUR Messaging 2005 before Service Pack ...)
	NOT-FOR-US: MERCUR Messaging
CVE-2006-7039 (The IMAP4 service in MERCUR Messaging 2005 before Service Pack 4 allow ...)
	NOT-FOR-US: MERCUR Messaging
CVE-2006-7038 (Multiple buffer overflows in MERCUR Messaging 2005 before Service Pack ...)
	NOT-FOR-US: MERCUR Messaging
CVE-2006-7037 (Mathcad 12 through 13.1 allows local users to bypass the security feat ...)
	NOT-FOR-US: MathCAD
CVE-2006-7036 (PHP remote file inclusion vulnerability in register.php for Andys Chat ...)
	NOT-FOR-US: Andy's Chat
CVE-2006-7035 (Directory traversal vulnerability in make_thumbnail.php in Super Link  ...)
	NOT-FOR-US: Super Link Exchange Script
CVE-2006-7034 (SQL injection vulnerability in directory.php in Super Link Exchange Sc ...)
	NOT-FOR-US: Super Link Exchange Script
CVE-2006-7033 (Cross-site scripting (XSS) vulnerability in Super Link Exchange Script ...)
	NOT-FOR-US: Super Link Exchange Script
CVE-2006-7032 (PHP remote file inclusion vulnerability in phpbb/getmsg.php in FlashBB ...)
	NOT-FOR-US: FlashBB
CVE-2006-7031 (Microsoft Internet Explorer 6.0.2900 SP2 and earlier allows remote att ...)
	NOT-FOR-US: Microsoft IE
CVE-2006-7030 (Microsoft Internet Explorer 6 SP2 and earlier allows remote attackers  ...)
	NOT-FOR-US: Microsoft IE
CVE-2006-7029 (Microsoft Internet Explorer 6 SP2 and earlier allows remote attackers  ...)
	NOT-FOR-US: Microsoft IE
CVE-2006-7028 (Single CPU Sun systems running Solaris 7, 8, or 9, such as Netra, allo ...)
	NOT-FOR-US: Sun Solaris
CVE-2006-7027 (Microsoft Internet Security and Acceleration (ISA) Server 2004 logs un ...)
	NOT-FOR-US: Microsoft ISA
CVE-2006-7026 (PHP remote file inclusion vulnerability in sources/join.php in Aardvar ...)
	NOT-FOR-US: Topsites PHP
CVE-2006-7025 (SQL injection vulnerability in admin/config.php in Bookmark4U 2.0 and  ...)
	NOT-FOR-US: Bookmark4U
CVE-2006-XXXX [pure-ftpd-mysql: any problems with a home dir will allow rw to the entire filesystem]
	- pure-ftpd 1.0.21-1 (low)
	NOTE: oldstable is affected
CVE-2006-7024 (Multiple PHP remote file inclusion vulnerabilities in Harpia CMS 1.0.5 ...)
	NOT-FOR-US: Harpia CMS
CVE-2006-7023 (Multiple cross-site scripting (XSS) vulnerabilities in fx-APP 0.0.8.1  ...)
	NOT-FOR-US: fx-APP
CVE-2006-7022 (The Tools module in fx-APP 0.0.8.1 allows remote attackers to misrepre ...)
	NOT-FOR-US: fx-APP
CVE-2006-7021 (PHP remote file inclusion vulnerability in manager/tools/link/dbinstal ...)
	NOT-FOR-US: Plume CMS
CVE-2006-7020 (CRLF injection vulnerability in (1) include/inc_act/act_formmailer.php ...)
	NOT-FOR-US: phpwcms
CVE-2006-7019 (phpwcms 1.2.5-DEV and earlier, and 1.1 before RC4, allows remote attac ...)
	NOT-FOR-US: phpwcms
CVE-2006-7018 (phpwcms 1.2.5-DEV and earlier, and 1.1 before RC4, allows remote attac ...)
	NOT-FOR-US: phpwcms
CVE-2006-7017 (Multiple PHP remote file inclusion vulnerabilities in Indexu 5.0.1 all ...)
	NOT-FOR-US: Indexu
CVE-2006-7016 (phpjobboard allows remote attackers to bypass authentication and gain  ...)
	NOT-FOR-US: Jobline
CVE-2006-7015
	NOT-FOR-US: Jobline
CVE-2006-7014 (admin.php in BloggIT 1.01 and earlier does not properly establish a us ...)
	NOT-FOR-US: BloggIT
CVE-2006-7013
	NOT-FOR-US: Simple Machine Forum
CVE-2006-7012 (scart.cgi in SCart 2.0 allows remote attackers to execute arbitrary co ...)
	NOT-FOR-US: SCart
CVE-2006-7011
	NOT-FOR-US: FlashChat
CVE-2006-7010 (The mosgetparam implementation in Joomla! before 1.0.10, does not set  ...)
	NOT-FOR-US: Joomla!
CVE-2006-7009 (Joomla! before 1.0.10 allows remote attackers to spoof the frontend su ...)
	NOT-FOR-US: Joomla!
CVE-2006-7008 (Unspecified vulnerability in Joomla! before 1.0.10 has unknown impact  ...)
	NOT-FOR-US: Joomla!
CVE-2006-7007 (Buffer overflow in Tiny FTPd 1.4 and earlier allows remote attackers t ...)
	NOT-FOR-US: Tiny FTPd
CVE-2006-7006
	NOT-FOR-US: Somery
CVE-2006-7005 (SQL injection vulnerability in item.php in PSY Auction allows remote a ...)
	NOT-FOR-US: PSY Auction
CVE-2006-7004 (Cross-site scripting (XSS) vulnerability in email_request.php in PSY A ...)
	NOT-FOR-US: PSY Auction
CVE-2006-7003 (PHP remote file inclusion vulnerability in admin/index.php in Fusion P ...)
	NOT-FOR-US: Fusion Polls
CVE-2006-7002 (Cross-site scripting (XSS) vulnerability in add_comment.php in Wheatbl ...)
	NOT-FOR-US: Wheatblog
CVE-2006-7001 (Directory traversal vulnerability in avatar.php in PhpMyChat Plus 1.9  ...)
	NOT-FOR-US: PhpMyChat Plus
CVE-2006-7000 (Headstart Solutions DeskPRO allows remote attackers to obtain the full ...)
	NOT-FOR-US: DeskPRO
CVE-2006-6999 (attachment.php in Headstart Solutions DeskPRO allows remote attackers  ...)
	NOT-FOR-US: DeskPRO
CVE-2006-6998 (install/loader_help.php in Headstart Solutions DeskPRO allows remote a ...)
	NOT-FOR-US: DeskPRO
CVE-2006-6997 (Unspecified vulnerability in a cryptographic feature in MailEnable Sta ...)
	NOT-FOR-US: MailEnable
CVE-2006-6996 (Multiple cross-site scripting (XSS) vulnerabilities in warforge.NEWS 1 ...)
	NOT-FOR-US: warforge.NEWS
CVE-2006-6995 (mycontacts.php in V3 Chat allows remote authenticated users to gain pr ...)
	NOT-FOR-US: V3 Chat
CVE-2006-6994 (Unrestricted file upload vulnerability in add.asp in OzzyWork Gallery, ...)
	NOT-FOR-US: OzzyWork Gallery
CVE-2006-6993 (Multiple SQL injection vulnerabilities in pages/addcomment2.php in Neu ...)
	NOT-FOR-US: Neuron Blog
CVE-2006-6992 (Cross-domain vulnerability in GoSuRF Browser 2.62 allows remote attack ...)
	NOT-FOR-US: GoSuRF Browser
CVE-2006-6991 (Cross-domain vulnerability in Fast Browser Pro 8.1 allows remote attac ...)
	NOT-FOR-US: Fast Browser Pro
CVE-2006-6990 (Cross-domain vulnerability in Enigma Browser 3.8.8 allows remote attac ...)
	NOT-FOR-US: Enigma Browser
CVE-2006-6989 (Cross-domain vulnerability in NetCaptor 4.5.7 Personal Edition allows  ...)
	NOT-FOR-US: NetCaptor
CVE-2006-6988 (Cross-domain vulnerability in Slim Browser 4.07 build 100 allows remot ...)
	NOT-FOR-US: Slim Browser
CVE-2006-6987 (Cross-domain vulnerability in FineBrowser Freeware 3.2.2 allows remote ...)
	NOT-FOR-US: FineBrowser Freeware
CVE-2006-6986 (Cross-domain vulnerability in PhaseOut 5.4.4 allows remote attackers t ...)
	NOT-FOR-US: PhaseOut
CVE-2006-6985 (Cross-domain vulnerability in Maxthon 1.5.6 build 42 allows remote att ...)
	NOT-FOR-US: Maxthon
CVE-2006-6984 (Cross-domain vulnerability in GreenBrowser 3.4.0622 allows remote atta ...)
	NOT-FOR-US: GreenBrowser
CVE-2006-6983 (Cross-domain vulnerability in MYweb4net Browser 3.8.8.0 allows remote  ...)
	NOT-FOR-US: MYweb4net Browser
CVE-2006-6982 (3proxy 0.5 to 0.5.2 does not offer NTLM authentication before basic au ...)
	- 3proxy <itp> (bug #718219)
CVE-2006-6981 (3proxy 0.5 to 0.5.2, when NT-encoded passwords are being used, allows  ...)
	- 3proxy <itp> (bug #718219)
CVE-2006-6980 (The magnatune.com album browser in Amarok allows attackers to cause a  ...)
	- amarok 1.4.4-4 (bug #410850; unimportant)
	NOTE: This could only be exploited through the Magnatune shop
CVE-2006-6979 (The ruby handlers in the Magnatune component in Amarok do not properly ...)
	- amarok 1.4.4-1 (bug #410850; low)
	[sarge] - amarok <not-affected> (Vulnerable code not present)
CVE-2006-6978 (Cross-site scripting (XSS) vulnerability in the "Basic Toolbar Selecti ...)
	NOT-FOR-US: FCKEditor
CVE-2006-6977 (Cross-site scripting (XSS) vulnerability in the "Basic Toolbar Selecti ...)
	NOT-FOR-US: FreeTextBox
CVE-2006-6976 (PHP remote file inclusion vulnerability in centipaid_class.php in Cent ...)
	NOT-FOR-US: CentiPaid
CVE-2006-6975
	NOT-FOR-US: CentiPaid
CVE-2006-6974 (Headstart Solutions DeskPRO stores sensitive information under the web ...)
	NOT-FOR-US: DeskPRO
CVE-2006-6973 (Headstart Solutions DeskPRO does not require authentication for certai ...)
	NOT-FOR-US: DeskPRO
CVE-2006-6972 (SQL injection in torrents.php in BtitTracker 1.3.2 and earlier allows  ...)
	NOT-FOR-US: BtitTracker
CVE-2006-6971 (Mozilla Firefox 2.0, possibly only when running on Windows, allows rem ...)
	- iceweasel <not-affected> (Windows only)
CVE-2006-6970 (Opera 9.10 Final allows remote attackers to bypass the Fraud Protectio ...)
	NOT-FOR-US: Opera
CVE-2006-6969 (Jetty before 4.2.27, 5.1 before 5.1.12, 6.0 before 6.0.2, and 6.1 befo ...)
	- jetty 5.1.10-4 (medium; bug #445283)
	NOTE: http://jetty.cvs.sourceforge.net/jetty/Jetty/src/org/mortbay/jetty/servlet/AbstractSessionManager.java?r1=1.52&r2=1.53&view=patch
CVE-2006-6968 (Cross-site scripting (XSS) vulnerability in the group moderation contr ...)
	NOT-FOR-US: Phorum
CVE-2006-6967
	REJECTED
CVE-2006-6966 (phpGraphy before 0.9.13a does not properly unset variables when the in ...)
	NOT-FOR-US: phpGraphy
CVE-2006-6965 (CRLF injection vulnerability in lib/exe/fetch.php in DokuWiki 2006-03- ...)
	- dokuwiki 0.0.20061106-1 (low)
CVE-2006-6964 (MailEnable Professional before 1.78 provides a cleartext user password ...)
	NOT-FOR-US: MailEnable
CVE-2006-6963 (Multiple PHP remote file inclusion vulnerabilities in Docebo LMS 3.0.3 ...)
	NOT-FOR-US: Docebo
CVE-2006-6962 (PHP remote file inclusion vulnerability in rsgallery2.html.php in the  ...)
	NOT-FOR-US: RS Gallery2
CVE-2006-6961 (WebRoot Spy Sweeper 4.5.9 and earlier does not detect malware based on ...)
	NOT-FOR-US: WebRoot Spy Sweeper
CVE-2006-6960 (The Compression Sweep feature in WebRoot Spy Sweeper 4.5.9 and earlier ...)
	NOT-FOR-US: WebRoot Spy Sweeper
CVE-2006-6959 (WebRoot Spy Sweeper 4.5.9 and earlier allows local users to bypass the ...)
	NOT-FOR-US: WebRoot Spy Sweeper
CVE-2006-6958 (Multiple PHP remote file inclusion vulnerabilities in phpBlueDragon 2. ...)
	NOT-FOR-US: phpBlueDragon CMS
CVE-2006-6957 (PHP remote file inclusion vulnerability in addons/mod_media/body.php i ...)
	NOT-FOR-US: Docebo
CVE-2006-6956 (Microsoft Internet Explorer allows remote attackers to cause a denial  ...)
	NOT-FOR-US: Microsoft
CVE-2006-6955 (Opera allows remote attackers to cause a denial of service (applicatio ...)
	NOT-FOR-US: Opera
CVE-2006-6954 (Flock beta 1 0.7 allows remote attackers to cause a denial of service  ...)
	- iceweasel <removed> (unimportant)
	NOTE: Browser crashes not treated as security problems
	NOTE: Tested the proof of concept in iceweasel 2.0.0.1 and it crash.
	NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=239840
CVE-2006-6953 (The virtual keyboard implementation in GlobeTrotter Mobility Manager c ...)
	NOT-FOR-US: GlobeTrotter Mobility Manager
CVE-2006-6952 (Computer Associates Host Intrusion Prevention System (HIPS) drivers (1 ...)
	NOT-FOR-US: Computer Associates (CA)
CVE-2006-6951 (Cross-site scripting (XSS) vulnerability in blog.php in OdysseusBlog a ...)
	NOT-FOR-US: Odysseus Blog
CVE-2006-6950 (Directory traversal vulnerability in Conti FTPServer 1.0 Build 2.8 all ...)
	NOT-FOR-US: Conti FtpServer
CVE-2006-6949 (Conti FTPServer 1.0 Build 2.8 stores user passwords in cleartext in My ...)
	NOT-FOR-US: Conti FtpServer
CVE-2006-6948 (MyODBC Japanese conversion edition 3.51.06, 2.50.29, and 2.50.25 allow ...)
	NOT-FOR-US: JVN
CVE-2006-6947 (The FTP server in the NEC MultiWriter 1700C allows remote attackers to ...)
	NOT-FOR-US: NEC
CVE-2006-6946 (The web server in the NEC MultiWriter 1700C allows remote attackers to ...)
	NOT-FOR-US: NEC
CVE-2006-6945 (SQL injection vulnerability in Virtuemart 1.0.7 allows remote attacker ...)
	NOT-FOR-US: VirtueMart
CVE-2006-6944 (phpMyAdmin before 2.9.1.1 allows remote attackers to bypass Allow/Deny ...)
	{DSA-1370-2 DSA-1370-1}
	- phpmyadmin 4:2.9.1.1-2 (medium)
	NOTE: https://www.phpmyadmin.net/security/PMASA-2006-9/
	NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/663eb2b85ed30c1226c5d617bb06c5afe1d3caf5
CVE-2006-6943 (PhpMyAdmin before 2.9.1.1 allows remote attackers to obtain the full s ...)
	- phpmyadmin 4:2.9.1.1-2 (unimportant)
	NOTE: Only path disclosure
CVE-2006-6942 (Multiple cross-site scripting (XSS) vulnerabilities in PhpMyAdmin befo ...)
	{DSA-1370-2 DSA-1370-1}
	- phpmyadmin 4:2.9.1.1-2 (medium)
	NOTE: All versions 2.9.1 is vulnerable, solution is 2.9.1.1 or newer.
	NOTE: https://www.phpmyadmin.net/security/PMASA-2006-7/
	NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/59d245f36ab4e0b8a49c44b1f9045fc9aef939b2
CVE-2006-6941 (index.php in FreeWebshop 2.2.2 and earlier allows remote attackers to  ...)
	NOT-FOR-US: FreeWebshop
CVE-2006-6940 (Buffer overflow in the ParseHeader function in clsOWA.cls in POP3/SMTP ...)
	NOT-FOR-US: OWA
CVE-2006-6939 (GNU ed before 0.3 allows local users to overwrite arbitrary files via  ...)
	- ed 0.2-19
CVE-2006-6938 (Directory traversal vulnerability in includes/common.php in NitroTech  ...)
	NOT-FOR-US: NitroTech CMS
CVE-2006-6937 (SQL injection vulnerability in displaypic.asp in Xtreme ASP Photo Gall ...)
	NOT-FOR-US: ASP Photo Gallery
CVE-2006-6936 (Cross-site scripting (XSS) vulnerability in Xtreme ASP Photo Gallery a ...)
	NOT-FOR-US: ASP Photo Gallery
CVE-2006-6935 (SQL injection vulnerability in the login component in Portix-PHP 0.4.2 ...)
	NOT-FOR-US: Portix
CVE-2006-6934 (Multiple cross-site scripting (XSS) vulnerabilities in Portix-PHP 0.4. ...)
	NOT-FOR-US: Portix
CVE-2006-6933 (Easy Chat Server 2.1 stores sensitive information under the web root w ...)
	NOT-FOR-US: Easy Chat Server
CVE-2006-6932 (Multiple SQL injection vulnerabilities in Image Gallery with Access Da ...)
	NOT-FOR-US: Image Gallery
CVE-2006-6931 (Algorithmic complexity vulnerability in Snort before 2.6.1, during pre ...)
	- snort 2.7.0-1 (low; bug #407421)
	[sarge] - snort <no-dsa> (Minor issue)
	[etch] - snort <no-dsa> (Minor issue)
CVE-2006-6930 (SQL injection vulnerability in viewad.asp in Rapid Classified 3.1 allo ...)
	NOT-FOR-US: Rapid Classified
CVE-2006-6929 (Multiple cross-site scripting (XSS) vulnerabilities in Rapid Classifie ...)
	NOT-FOR-US: Rapid Classified
CVE-2006-6928 (Multiple cross-site scripting (XSS) vulnerabilities in Rialto 1.6 allo ...)
	NOT-FOR-US: Rialto
CVE-2006-6927 (Multiple SQL injection vulnerabilities in Rialto 1.6 allow remote atta ...)
	NOT-FOR-US: Rialto
CVE-2006-6926 (Buffer overflow in eXtremail 2.1 has unknown impact and attack vectors ...)
	NOT-FOR-US: eXtremail
CVE-2006-6925 (Multiple cross-site scripting (XSS) vulnerabilities in bitweaver 1.3.1 ...)
	NOT-FOR-US: bitweaver
CVE-2006-6924 (bitweaver 1.3.1 and earlier allows remote attackers to obtain sensitiv ...)
	NOT-FOR-US: bitweaver
CVE-2006-6923 (SQL injection vulnerability in newsletters/edition.php in bitweaver 1. ...)
	NOT-FOR-US: bitweaver
CVE-2006-6922 (SQL injection vulnerability in Deadlock User Management System (phpdea ...)
	NOT-FOR-US: Deadlock
CVE-2006-6921 (Unspecified versions of the Linux kernel allow local users to cause a  ...)
	- linux-2.6 2.6.18-1 (low)
CVE-2006-6920 (Cross-site scripting (XSS) vulnerability in Nucleus before 3.24 allows ...)
	NOT-FOR-US: Nucleus
CVE-2006-6919 (Firefox Sage extension 1.3.8 and earlier allows remote attackers to ex ...)
	- firefox-sage 1.3.6-3
	NOTE: 1.3.6-3 disabled HTML mode entirely
CVE-2006-6918 (Unspecified vulnerability in the Admin login for Georgian discussion b ...)
	NOT-FOR-US: GeoBB
CVE-2006-6917 (Multiple buffer overflows in Computer Associates (CA) BrightStor ARCse ...)
	NOT-FOR-US: Computer Associates (CA)
CVE-2006-6916 (Getahead Direct Web Remoting (DWR) before 1.1.3 allows attackers to ca ...)
	NOT-FOR-US: Getahead
CVE-2006-6915 (ftpd in IBM AIX 5.2.0 and 5.3.0 allows remote authenticated users to c ...)
	NOT-FOR-US: IBM
CVE-2006-6914 (Unspecified vulnerability in ftpd in IBM AIX 5.2.0 and 5.3.0 allows re ...)
	NOT-FOR-US: IBM
CVE-2006-6913 (Unspecified vulnerability in phpMyFAQ 1.6.7 and earlier allows remote  ...)
	NOT-FOR-US: phpMyFAQ
CVE-2006-6912 (SQL injection vulnerability in phpMyFAQ 1.6.7 and earlier allows remot ...)
	NOT-FOR-US: phpMyFAQ
CVE-2006-6911 (SQL injection vulnerability in search.asp in Digitizing Quote And Orde ...)
	NOT-FOR-US: DIGITIZING QUOTE AND ORDERING SYSTEM
CVE-2006-6910 (formbankcgi.exe in Fersch Formbankserver 1.9, when the PATH_INFO begin ...)
	NOT-FOR-US: Fersch Formbankserver
CVE-2006-6909 (Stack-based buffer overflow in http.c in Karl Dahlke Edbrowse (aka Com ...)
	NOT-FOR-US: Karl Dahlke Edbrowse
CVE-2006-6908 (Buffer overflow in the Bluetooth Stack COM Server in the Widcomm Bluet ...)
	NOT-FOR-US: Bluetooth Stack COM Server (Windows)
CVE-2006-6907 (Unspecified vulnerability in the Bluesoil Bluetooth stack has unknown  ...)
	NOT-FOR-US: Bluesoil Bluetooth
CVE-2006-6906 (Unspecified vulnerability in the Bluetooth stack on Mac OS 10.4.7 and  ...)
	NOT-FOR-US: Bluetooth stack on Mac OS
CVE-2006-6905 (Unspecified vulnerability in the Widcomm Bluetooth stack allows remote ...)
	NOT-FOR-US: Widcomm Bluetooth
CVE-2006-6904 (Unspecified vulnerability in the Broadcom Bluetooth stack allows remot ...)
	NOT-FOR-US: Broadcom
CVE-2006-6903 (Unspecified vulnerability in the Toshiba Bluetooth stack allows remote ...)
	NOT-FOR-US: Toshiba Bluetooth stack
CVE-2006-6902 (Unspecified vulnerability in the Bluetooth stack in Microsoft Windows  ...)
	NOT-FOR-US: Windows Mobile
CVE-2006-6901 (Unspecified vulnerability in the Bluetooth stack in Microsoft Windows  ...)
	NOT-FOR-US: Microsoft Windows
CVE-2006-6900 (Unspecified vulnerability in the Bluetooth stack in Apple Mac OS 10.4  ...)
	NOT-FOR-US: Mac OS
CVE-2006-6899 (hidd in BlueZ (bluez-utils) before 2.25 allows remote attackers to obt ...)
	- bluez-utils 3.7-1 (bug #408889; medium)
CVE-2006-6898 (Widcomm Bluetooth for Windows (BTW) before 4.0.1.1500 allows remote at ...)
	NOT-FOR-US: Widcomm Bluetooth
CVE-2006-6897 (Directory traversal vulnerability in Widcomm Bluetooth for Windows (BT ...)
	NOT-FOR-US: Widcomm Bluetooth
CVE-2006-6896 (The Bluetooth stack in the Plantronic Headset does not properly implem ...)
	NOT-FOR-US: Plantronic Headset
CVE-2006-6895 (The Bluetooth stack in the Sony Ericsson T60 does not properly impleme ...)
	NOT-FOR-US: Sony Ericsson T60
CVE-2006-6894 (Multiple unspecified vulnerabilities in SPINE before 1.2 have unknown  ...)
	NOT-FOR-US: SPINE
CVE-2006-6893 (Tor allows remote attackers to discover the IP address of a hidden ser ...)
	- tor <unfixed> (unimportant)
	NOTE: It could be argued that this is a laws-of-physics vulnerability
	NOTE: that is a fundamental design limitation of certain hardware
	NOTE: implementations.
CVE-2006-6892 (Cross-site scripting (XSS) vulnerability in the GetLocation function i ...)
	NOT-FOR-US: Jonathon J. Freeman OvBB
CVE-2006-6891 (Vz (Adp) Forum 2.0.3 stores sensitive information under the web root w ...)
	NOT-FOR-US: Vz Scripts ADP Forum
CVE-2006-6890 (Voodoo chat 1.0RC1b stores sensitive information under the web root wi ...)
	NOT-FOR-US: Voodoo chat
CVE-2006-6889 (FreeStyle Wiki (fswiki) 3.6.2 and earlier stores sensitive information ...)
	NOT-FOR-US: FreeStyle Wiki
CVE-2006-6888 (P-News 1.16 and 1.17 store sensitive information under the web root wi ...)
	NOT-FOR-US: P-News
CVE-2006-6887 (Unrestricted file upload vulnerability in logahead UNU 1.0 allows remo ...)
	NOT-FOR-US: logahead UNU
CVE-2006-6886 (phpwcms 1.2.5-DEV allows remote attackers to obtain sensitive informat ...)
	NOT-FOR-US: phpwcms
CVE-2006-6885 (An ActiveX control in SwDir.dll in Macromedia Shockwave 10 allows remo ...)
	- flashplugin-nonfree <not-affected> (Windows-specific)
CVE-2006-6884 (Buffer overflow in the WZFILEVIEW.FileViewCtrl.61 ActiveX control (aka ...)
	NOT-FOR-US: Sky Software
CVE-2006-6883
	NOT-FOR-US: PHPIrc_bot
CVE-2006-6882 (Cross-site scripting (XSS) vulnerability in golden book allows remote  ...)
	NOT-FOR-US: Golden Book
CVE-2006-6881 (Buffer overflow in the Get_Wep function in cofvnet.c for ATMEL Linux P ...)
	NOT-FOR-US: ATMEL WLAN drivers
CVE-2006-6880 (Multiple SQL injection vulnerabilities in code/guestadd.php in PHP-Upd ...)
	NOT-FOR-US: PHP-Update
CVE-2006-6879 (Unrestricted file upload vulnerability in admin/uploads.php in PHP-Upd ...)
	NOT-FOR-US: PHP-Update
CVE-2006-6878 (admin/uploads.php in PHP-Update 2.7 and earlier allows remote attacker ...)
	NOT-FOR-US: PHP-Update
CVE-2006-6877 (Directory traversal vulnerability in index.php in Matteo Lucarelli 3ed ...)
	NOT-FOR-US: Matteo Lucarelli 3editor
CVE-2006-6876 (Buffer overflow in the fetchsms function in the SMS handling module (l ...)
	- openser 1.1.1-1 (medium)
	[etch] - openser 1.1.0-9etch1
	NOTE: http://web.archive.org/web/20151126200215/http://www.openser.org/pub/openser/1.1.1/ChangeLog
CVE-2006-6875 (Buffer overflow in the validateospheader function in the Open Settleme ...)
	- openser 1.1.1-1 (medium)
	[etch] - openser 1.1.0-9etch1
	NOTE: http://web.archive.org/web/20151126200215/http://www.openser.org/pub/openser/1.1.1/ChangeLog
CVE-2006-6874 (Multiple cross-site scripting (XSS) vulnerabilities in friend.php in e ...)
	NOT-FOR-US: eNdonesia CMS
CVE-2006-6873 (Multiple SQL injection vulnerabilities in mod.php in eNdonesia 8.4 all ...)
	NOT-FOR-US: eNdonesia CMS
CVE-2006-6872 (Directory traversal vulnerability in mod.php in eNdonesia 8.4 allows r ...)
	NOT-FOR-US: eNdonesia CMS
CVE-2006-6871 (Multiple cross-site scripting (XSS) vulnerabilities in eNdonesia 8.4 a ...)
	NOT-FOR-US: eNdonesia CMS
CVE-2006-6869 (Directory traversal vulnerability in includes/search/search_mdforum.ph ...)
	NOT-FOR-US: MAXdev
CVE-2006-6868 (Multiple cross-site scripting (XSS) vulnerabilities in Zen Cart Web Sh ...)
	NOT-FOR-US: Zen Cart
CVE-2006-6867 (Multiple PHP remote file inclusion vulnerabilities in Vladimir Menshak ...)
	NOT-FOR-US: buratinable templator (aka bubla)
CVE-2006-6866 (STphp EasyNews PRO 4.0 stores sensitive information under the web root ...)
	NOT-FOR-US: Ahead4
CVE-2006-6865 (Directory traversal vulnerability in SAFileUpSamples/util/viewsrc.asp  ...)
	NOT-FOR-US: Softartisans
CVE-2006-6864 (PHP remote file inclusion vulnerability in E2_header.inc.php in Enigma ...)
	NOT-FOR-US: Enigma2
CVE-2006-6863
	NOT-FOR-US: Enigma2
CVE-2006-6862 (Multiple cross-site scripting (XSS) vulnerabilities in Outfront Spooky ...)
	NOT-FOR-US: Outfront Spooky Login
CVE-2006-6861 (Multiple SQL injection vulnerabilities in Outfront Spooky Login 2.7 al ...)
	NOT-FOR-US: Outfront Spooky Login
CVE-2006-6860 (Buffer overflow in the sendToMythTV function in MythControlServer.c in ...)
	NOT-FOR-US: MythControl
CVE-2006-6859 (SQL injection vulnerability in coupon_detail.asp in Website Designs Fo ...)
	NOT-FOR-US: Website Designs for Less
CVE-2006-XXXX [ssmtp password leak]
	- ssmtp 2.61-10.1 (bug #369542; low)
CVE-2006-6870 (The consume_labels function in avahi-core/dns.c in Avahi before 0.6.16 ...)
	- avahi 0.6.16-1 (low)
CVE-2006-6858 (Miredo 0.9.8 through 1.0.5 does not properly authenticate a Teredo bub ...)
	- miredo 1.0.4-2 (bug #405412; bug #405111; medium)
CVE-2006-6857 (Cross-site scripting (XSS) vulnerability in modules/credits/credits.ph ...)
	NOT-FOR-US: Docebo LMS
CVE-2006-6856 (Direct static code injection vulnerability in WebText CMS 0.4.5.2 and  ...)
	NOT-FOR-US: WebText CMS
CVE-2006-6855 (AIDeX Mini-WebServer 1.1 early release 3 allows remote attackers to ca ...)
	NOT-FOR-US: AIDeX Mini-WebServer
CVE-2006-6854 (The qcamvc_video_init function in qcamvc.c in De Marchi Daniele QuickC ...)
	NOT-FOR-US: QuickCam VC (linux-uvc and qc-usb in Debian are not related)
CVE-2006-6853 (Buffer overflow in Durian Web Application Server 3.02 freeware on Wind ...)
	NOT-FOR-US: Durian Web Application Server
CVE-2006-6852 (Eval injection vulnerability in tDiary 2.0.3 and 2.1.4.200 61127 allow ...)
	- tdiary 2.0.2+20060303-5 (bug #403345; bug #404940; medium)
CVE-2006-6851 (Multiple cross-site scripting (XSS) vulnerabilities in contact_us.php  ...)
	NOT-FOR-US: ac4p Mobilelib gold
CVE-2006-6850 (PHP remote file inclusion vulnerability in include.php in the Roster M ...)
	NOT-FOR-US: Shadowed Portal / Roster Module
CVE-2006-6849 (administration/index.php in Cahier de texte (CDT) 2.2 does not properl ...)
	NOT-FOR-US: Cahier de texte (CDT)
CVE-2006-6848 (SQL injection vulnerability in admin.asp in ASPTicker 1.0 allows remot ...)
	NOT-FOR-US: ASPTicker
CVE-2006-6847 (An ActiveX control in ierpplug.dll for RealNetworks RealPlayer 10.5 al ...)
	NOT-FOR-US: RealPlayer for Windows
CVE-2006-6846 (Multiple SQL injection vulnerabilities in While You Were Out (WYWO) In ...)
	NOT-FOR-US: WYWO - InOut Board
CVE-2006-6845 (Cross-site scripting (XSS) vulnerability in index.php in CMS Made Simp ...)
	NOT-FOR-US: CMS Made Simple
CVE-2006-6844 (Cross-site scripting (XSS) vulnerability in the optional user comment  ...)
	NOT-FOR-US: CMS Made Simple
CVE-2006-6843 (PHP remote file inclusion vulnerability in the BE IT EasyPartner 0.0.9 ...)
	NOT-FOR-US: EasyPartner component for Joomla!
CVE-2006-6842 (SQL injection vulnerability in admin/admin_acronyms.php in the Acronym ...)
	NOT-FOR-US: Acronym Mod for phpBB2
CVE-2006-6841 (Certain forms in phpBB before 2.0.22 lack session checks, which has un ...)
	{DSA-1488-1}
	- phpbb2 2.0.21-6 (bug #405980)
CVE-2006-6840 (Unspecified vulnerability in phpBB before 2.0.22 has unknown impact an ...)
	{DSA-1488-1}
	- phpbb2 2.0.21-6 (bug #405980)
CVE-2006-6839 (Unspecified vulnerability in phpBB before 2.0.22 has unknown impact an ...)
	{DSA-1488-1}
	- phpbb2 2.0.21-6 (bug #405980)
CVE-2006-6838 (Rediff Bol Downloader ActiveX (OCX) control allows remote attackers to ...)
	NOT-FOR-US: Rediff Bol Downloader ActiveX (OCX) control
CVE-2006-6837 (Multiple stack-based buffer overflows in the (1) LoadTree, (2) ReadHea ...)
	NOT-FOR-US: Total Commander
CVE-2006-6836 (Multiple unspecified vulnerabilities in osp-cert in IBM OS/400 V5R3M0  ...)
	NOT-FOR-US: IBM
CVE-2006-6835 (SQL injection vulnerability in Journal.inc.php in Neocrome Land Down U ...)
	NOT-FOR-US: Land Down Under
CVE-2006-6834 (Multiple unspecified vulnerabilities in Joomla! before 1.0.12 have unk ...)
	NOT-FOR-US: Joomla!
CVE-2006-6833 (com_categories in Joomla! before 1.0.12 does not validate input, which ...)
	NOT-FOR-US: Joomla!
CVE-2006-6832 (Cross-site scripting (XSS) vulnerability in Joomla! before 1.0.12 allo ...)
	NOT-FOR-US: Joomla!
CVE-2006-6831 (SQL injection vulnerability in faqDsp.asp in aFAQ 1.0 allows remote at ...)
	NOT-FOR-US: aFAQ
CVE-2006-6830 (PHP remote file inclusion vulnerability in b2verifauth.php in b2 Blog  ...)
	NOT-FOR-US: b2 Blog
CVE-2006-6829 (Efkan Forum 1.0 and earlier store sensitive information under the web  ...)
	NOT-FOR-US: Efkan Forum
CVE-2006-6828 (Multiple SQL injection vulnerabilities in Efkan Forum 1.0 and earlier  ...)
	NOT-FOR-US: Efkan Forum
CVE-2006-6827 (Flash8b.ocx in Macromedia Flash 8 allows remote attackers to cause a d ...)
	- flashplugin-nonfree <not-affected> (Windows-specific)
CVE-2006-6826 (Unspecified vulnerability in the tab editor for Personal .NET Portal b ...)
	NOT-FOR-US: Personal .NET Portal
CVE-2006-6825 (Calendar MX BASIC 1.0.2 and earlier store sensitive information under  ...)
	NOT-FOR-US: Calendar MX
CVE-2006-6824 (Multiple cross-site scripting (XSS) vulnerabilities in Jim Hu and Chad ...)
	NOT-FOR-US: iCalendar
CVE-2006-6823 (PHP remote file inclusion vulnerability in plugins/metasearch/plug.inc ...)
	NOT-FOR-US: Yrch!
CVE-2006-6822 (myprofile.asp in Enthrallweb eClassifieds does not properly validate t ...)
	NOT-FOR-US: Enthrallweb eClassifieds
CVE-2006-6821 (myprofile.asp in Enthrallweb eNews does not properly validate the MM_r ...)
	NOT-FOR-US: Enthrallweb eNews
CVE-2006-6820 (myprofile.asp in Enthrallweb eCoupons does not properly validate the M ...)
	NOT-FOR-US: Enthrallweb eCoupons
CVE-2006-6819 (AlstraSoft Web Host Directory stores sensitive information under the w ...)
	NOT-FOR-US: AlstraSoft Web Host Directory
CVE-2006-6818 (AlstraSoft Web Host Directory allows remote attackers to bypass authen ...)
	NOT-FOR-US: AlstraSoft Web Host Directory
CVE-2006-6817 (AlstraSoft Web Host Directory allows remote attackers to obtain sensit ...)
	NOT-FOR-US: AlstraSoft Web Host Directory
CVE-2006-6816 (Multiple SQL injection vulnerabilities in DMXReady Secure Login Manage ...)
	NOT-FOR-US: DMXReady Secure Login Manager
CVE-2006-6815 (Multiple cross-site scripting (XSS) vulnerabilities in DMXReady Secure ...)
	NOT-FOR-US: DMXReady Secure Login Manager
CVE-2006-6814 (Directory traversal vulnerability in FolderManager/FolderManager.aspx  ...)
	NOT-FOR-US: Hosting Controller
CVE-2006-6813 (SQL injection vulnerability in detail.asp in Mxmania File Upload Manag ...)
	NOT-FOR-US: Mxmania File Upload Manager
CVE-2006-6812 (Multiple PHP remote file inclusion vulnerabilities in myPHPCalendar 10 ...)
	NOT-FOR-US: myPHPCalendar
CVE-2006-6811 (KsIRC 1.3.12 allows remote attackers to cause a denial of service (cra ...)
	- kdenetwork 4:3.5.5-4 (low; bug #405828)
	[sarge] - kdenetwork <no-dsa> (Minor issue)
CVE-2006-6810 (Unspecified vulnerability in the clear_user_list function in src/main. ...)
	NOT-FOR-US: DB Hub
CVE-2006-6809 (Multiple PHP remote file inclusion vulnerabilities in process.php in V ...)
	NOT-FOR-US: buratinable templator (aka bubla)
CVE-2006-6808 (Cross-site scripting (XSS) vulnerability in wp-admin/templates.php in  ...)
	- wordpress 2.0.6-1 (bug #405299)
CVE-2006-6807 (SQL injection vulnerability in list.asp in Softwebs Nepal (aka Ananda  ...)
	NOT-FOR-US: Ananda Real Estate
CVE-2006-6806 (SQL injection vulnerability in newsdetail.asp in Enthrallweb eMates 1. ...)
	NOT-FOR-US: Enthrallweb eMates
CVE-2006-6805 (SQL injection vulnerability in newsdetail.asp in Enthrallweb eJobs all ...)
	NOT-FOR-US: Enthrallweb eJobs
CVE-2006-6804 (SQL injection vulnerability in bus_details.asp in Dragon Business Dire ...)
	NOT-FOR-US: Dragon Business Directory - Pro
CVE-2006-6803 (SQL injection vulnerability in Types.asp in Enthrallweb eCars 1.0 allo ...)
	NOT-FOR-US: Enthrallweb eCars
CVE-2006-6802 (SQL injection vulnerability in actualpic.asp in Enthrallweb ePages all ...)
	NOT-FOR-US: Enthrallweb ePages
CVE-2006-6801 (PHP remote file inclusion vulnerability in misc.php in SH-News 0.93, w ...)
	NOT-FOR-US: SH-News
CVE-2006-6800 (PHP remote file inclusion in eventcal/mod_eventcal.php in the event mo ...)
	NOT-FOR-US: Limbo CMS
CVE-2006-6799 (SQL injection vulnerability in Cacti 0.8.6i and earlier, when register ...)
	{DSA-1250-1}
	- cacti 0.8.6i-3 (bug #404818; high)
CVE-2006-6798
	RESERVED
CVE-2006-6797 (The Client Server Run-Time Subsystem (CSRSS) in Microsoft Windows allo ...)
	NOT-FOR-US: Microsoft
CVE-2006-6796 (PHP remote file inclusion vulnerability in admin/admin_settings.php in ...)
	NOT-FOR-US: MTCMS
CVE-2006-6795 (PHP remote file inclusion vulnerability in gallery/displayCategory.php ...)
	NOT-FOR-US: myPHPNuke
CVE-2006-6794 (SQL injection vulnerability in default.asp in Efkan Forum 1.0 allows r ...)
	NOT-FOR-US: Efkan Forum
CVE-2006-6793 (PHP remote file inclusion vulnerability in ataturk.php in Okul Merkezi ...)
	NOT-FOR-US: Okul Merkezi Portal
CVE-2006-6792 (SQL injection vulnerability in calendar_detail.asp in Calendar MX BASI ...)
	NOT-FOR-US: Calendar MX
CVE-2006-6791 (SQL injection vulnerability in SelGruFra.asp in chatwm 1.0 allows remo ...)
	NOT-FOR-US: chatwm
CVE-2006-6790 (Direct static code injection vulnerability in chat/login.php in Ultima ...)
	NOT-FOR-US: Ultimate PHP Board
CVE-2006-6789 (PHP remote file inclusion vulnerability in includes/archive/archive_to ...)
	NOT-FOR-US: Phpbbxtra
CVE-2006-6788 (Multiple PHP remote file inclusion vulnerabilities in LuckyBot 3 allow ...)
	NOT-FOR-US: LuckyBot
CVE-2006-6787 (SQL injection vulnerability in admin/admin_mail_adressee.asp in Newsle ...)
	NOT-FOR-US: Newsletter MX
CVE-2006-6786 (Open Newsletter 2.5 and earlier allows remote authenticated administra ...)
	NOT-FOR-US: Open Newsletter
CVE-2006-6785 (The (1) settings.php and (2) subscribers.php scripts in Open Newslette ...)
	NOT-FOR-US: Open Newsletter
CVE-2006-6784 (SQL injection vulnerability in Netbula Anyboard allows remote attacker ...)
	NOT-FOR-US: Netbula Anyboard
CVE-2006-6783 (logahead UNU 1.0 before 20061226 allows remote attackers to upload arb ...)
	NOT-FOR-US: logahead UNU
CVE-2006-6782 (Cross-site scripting (XSS) vulnerability in pnamazu 2006.02.28 and ear ...)
	NOT-FOR-US: pnamazu
CVE-2006-6781 (HLstats 1.20 through 1.34 allows remote attackers to obtain sensitive  ...)
	NOT-FOR-US: HLstats
CVE-2006-6780 (SQL injection vulnerability in the login form in HLstats 1.20 through  ...)
	NOT-FOR-US: HLstats
CVE-2006-6779 (Cross-site scripting (XSS) vulnerability in Jelsoft vBulletin allows r ...)
	NOT-FOR-US: vBulletin
CVE-2006-6778 (Cross-site scripting (XSS) vulnerability in shownews.php in TimberWolf ...)
	NOT-FOR-US: TimberWolf
CVE-2006-6777 (Cross-site scripting (XSS) vulnerability in index.cfm in Future Intern ...)
	NOT-FOR-US: Future Internet
CVE-2006-6776 (Multiple SQL injection vulnerabilities in Future Internet allow remote ...)
	NOT-FOR-US: Future Internet
CVE-2006-6775 (acFTP 1.5 allows remote authenticated users to cause a denial of servi ...)
	NOT-FOR-US: acFTP
CVE-2006-6774 (PHP remote file inclusion vulnerability in socios/maquetacion_socio.ph ...)
	NOT-FOR-US: Content Federator
CVE-2006-6773 (pages/register/register.php in Fishyshoop 0.930 beta allows remote att ...)
	NOT-FOR-US: Fishyshoop
CVE-2006-6772 (Format string vulnerability in the inputAnswer function in file.c in w ...)
	- w3m 0.5.1-5.1 (bug #404564; low)
	- w3mmee <not-affected> (Does not include this format string vuln in the code)
	[sarge] - w3m <no-dsa> (Minor issue, only exploitable in dump mode)
CVE-2006-6771 (Multiple PHP remote file inclusion vulnerabilities in Irokez CMS 0.7.1 ...)
	NOT-FOR-US: Irokez CMS
CVE-2006-6770 (Multiple PHP remote file inclusion vulnerabilities in Jinzora Media Ju ...)
	NOT-FOR-US: Jinzora Media Jukebox
CVE-2006-6769 (Multiple cross-site scripting (XSS) vulnerabilities in PHP Live! 3.2.2 ...)
	NOT-FOR-US: PHP Live!
CVE-2006-6768 (Multiple cross-site scripting (XSS) vulnerabilities in default.asp in  ...)
	NOT-FOR-US: PWP Technologies The Classified Ad System
CVE-2006-6767 (oftpd before 0.3.7 allows remote attackers to cause a denial of servic ...)
	- oftpd <removed>
CVE-2006-6766 (Multiple SQL injection vulnerabilities in cwmExplorer 1.1.0 and earlie ...)
	NOT-FOR-US: cwmExplorer
CVE-2006-6765 (Multiple PHP file inclusion vulnerabilities in src/admin/pt_upload.php ...)
	NOT-FOR-US: Pagetool
CVE-2006-6764 (PHP remote file inclusion vulnerability in authenticate.php in Keep It ...)
	NOT-FOR-US: Keep It Simple Guest Book (KISGB)
CVE-2006-6763 (Multiple PHP remote file inclusion vulnerabilities in the Keep It Simp ...)
	NOT-FOR-US: Keep It Simple Guest Book (KISGB)
CVE-2006-6762 (The IMAP daemon (IMAPD) in Novell NetMail before 3.52e FTF2 allows rem ...)
	NOT-FOR-US: Novell NetMail
CVE-2006-6761 (Stack-based buffer overflow in the IMAP daemon (IMAPD) in Novell NetMa ...)
	NOT-FOR-US: Novell NetMail
CVE-2006-6760 (Multiple PHP remote file inclusion vulnerabilities in template.php in  ...)
	NOT-FOR-US: phpMyAnime (aka phpmymanga)
CVE-2006-6759 (A certain ActiveX control in rpau3260.dll in RealNetworks RealPlayer 1 ...)
	NOT-FOR-US: RealNetworks RealPlayer
CVE-2006-6758 (Directory traversal vulnerability in Http explorer 1.02 allows remote  ...)
	NOT-FOR-US: Http explorer
CVE-2006-6757 (Directory traversal vulnerability in index.php in cwmExplorer 1.0 allo ...)
	NOT-FOR-US: cwmExplorer
CVE-2006-6756 (The code function in install.fct.php in Ixprim 1.2 produces a guessabl ...)
	NOT-FOR-US: Ixprim
CVE-2006-6755 (Ixprim 1.2 allows remote attackers to obtain sensitive information via ...)
	NOT-FOR-US: Ixprim
CVE-2006-6754 (Multiple SQL injection vulnerabilities in Ixprim 1.2 allow remote atta ...)
	NOT-FOR-US: Ixprim
CVE-2006-6753 (Event Viewer (eventvwr.exe) in Microsoft Windows does not properly dis ...)
	NOT-FOR-US: Microsoft
CVE-2006-6752 (Buffer overflow in FTPRush 1.0.0.610 might allow attackers to gain pri ...)
	NOT-FOR-US: FTPRush
CVE-2006-6751 (Format string vulnerability in XM Easy Personal FTP Server 5.2.1 allow ...)
	NOT-FOR-US: XM Easy Personal FTP Server
CVE-2006-6750 (Format string vulnerability in XM Easy Personal FTP Server 5.0.1 allow ...)
	NOT-FOR-US: XM Easy Personal FTP Server
CVE-2006-6748 (PHP remote file inclusion vulnerability in i-accueil.php in Newxooper  ...)
	NOT-FOR-US: Newxooper
CVE-2006-6747 (SQL injection vulnerability in show_news.php in Xt-News 0.1 allows rem ...)
	NOT-FOR-US: Xt-News
CVE-2006-6746 (Multiple cross-site scripting (XSS) vulnerabilities in Xt-News 0.1 all ...)
	NOT-FOR-US: Xt-News
CVE-2006-6745 (Multiple unspecified vulnerabilities in Sun Java Development Kit (JDK) ...)
	- sun-java5 1.5.0-08-1
CVE-2006-6744 (phpProfiles before 2.1.1 does not have an index.php or other index fil ...)
	NOT-FOR-US: phpProfiles
CVE-2006-6743 (phpProfiles before 2.1.1 uses world writable permissions for certain p ...)
	NOT-FOR-US: phpProfiles
CVE-2006-6742 (Multiple buffer overflows in FTP Print Server 2.4 and 2.4.5 in HP Lase ...)
	NOT-FOR-US: HP
CVE-2006-6741 (Cross-site request forgery (CSRF) vulnerability in urlobox in MKPortal ...)
	NOT-FOR-US: MKPortal
CVE-2006-6740 (Multiple PHP remote file inclusion vulnerabilities in phpProfiles 3.1. ...)
	NOT-FOR-US: phpProfiles
CVE-2006-6739 (PHP remote file inclusion vulnerability in buycd.php in Paristemi 0.8. ...)
	NOT-FOR-US: Paristemi
CVE-2006-6738 (PHP remote file inclusion vulnerability in statistic.php in cwmCounter ...)
	NOT-FOR-US: cwmCounter
CVE-2006-6737 (Unspecified vulnerability in Sun Java Development Kit (JDK) and Java R ...)
	- sun-java5 1.5.0-07-1
CVE-2006-6736 (Unspecified vulnerability in Sun Java Development Kit (JDK) and Java R ...)
	- sun-java5 1.5.0-07-1
CVE-2006-6735 (modules/viewcategory.php in Minh Nguyen Duong Obie Website Mini Web Sh ...)
	NOT-FOR-US: Website Mini Web Shop
CVE-2006-6734 (Cross-site scripting (XSS) vulnerability in modules/viewcategory.php i ...)
	NOT-FOR-US: Website Mini Web Shop
CVE-2006-6733 (Cross-site scripting (XSS) vulnerability in support/view.php in Suppor ...)
	NOT-FOR-US: Support Cards 1 (osTicket)
CVE-2006-6732 (PHP remote file inclusion vulnerability in archive.php in cwmVote 1.0  ...)
	NOT-FOR-US: cwmVote
CVE-2006-6731 (Multiple buffer overflows in Sun Java Development Kit (JDK) and Java R ...)
	- sun-java5 1.5.0-08-1
CVE-2006-6730 (OpenBSD and NetBSD permit usermode code to kill the display server and ...)
	NOTE: Access to DMA-capable hardware such as graphics cards can,
	NOTE: by design, bypass security restrictions. Not a real issue.
CVE-2006-6729 (Cross-site scripting (XSS) vulnerability in a-blog 1.51 and earlier al ...)
	NOT-FOR-US: a-blog
CVE-2006-6728 (Unspecified vulnerability in the info request mechanism in LAN Messeng ...)
	NOT-FOR-US: LAN Messenger
CVE-2006-6727 (PHP remote file inclusion vulnerability in inertianews_class.php in in ...)
	NOT-FOR-US: inertianews
CVE-2006-6726 (PHP remote file inclusion vulnerability in inertianews_main.php in ine ...)
	NOT-FOR-US: inertianews
CVE-2006-6725 (Multiple directory traversal vulnerabilities in PHPBuilder 0.0.2 and e ...)
	NOT-FOR-US: PHPBuilder
CVE-2006-6724 (BolinTech Dream FTP Server 1.02 allows remote authenticated users, inc ...)
	NOT-FOR-US: BolinTech Dream FTP Server
CVE-2006-6723 (The Workstation service in Microsoft Windows 2000 SP4 and XP SP2 allow ...)
	NOT-FOR-US: Microsoft
CVE-2006-6722 (Bandwebsite (aka Bandsite portal system) 1.5 allows remote attackers t ...)
	NOT-FOR-US: Bandwebsite (aka Bandsite portal system)
CVE-2006-6721 (Multiple cross-site scripting (XSS) vulnerabilities in shout.php in Kn ...)
	NOT-FOR-US: Knusperleicht ShoutBox
CVE-2006-6720 (PHP remote file inclusion vulnerability in admin/index_sitios.php in A ...)
	NOT-FOR-US: Azucar CMS
CVE-2006-6719 (The ftp_syst function in ftp-basic.c in Free Software Foundation (FSF) ...)
	- wget 1.13-1 (unimportant)
	NOTE: An FTP server crashing a download utility is a bug, but not a DoS security issue
	NOTE: http://git.savannah.gnu.org/cgit/wget.git/commit/?id=bd7f4ef701ce5db64659db496d3f47aeedfadac2 (v1.13)
CVE-2006-6718 (The Allied Telesis AT-9000/24 Ethernet switch has a default password f ...)
	NOT-FOR-US: Allied Telesis
CVE-2006-6717 (The Allied Telesis AT-9000/24 Ethernet switch accepts management packe ...)
	NOT-FOR-US: Allied Telesis
CVE-2006-6716 (SQL injection vulnerability in administration/administre2.php in Eric  ...)
	NOT-FOR-US: uploader&downloader
CVE-2006-6715 (PHP remote file inclusion vulnerability in footer.inc.php in PowerClan ...)
	NOT-FOR-US: PowerClan
CVE-2006-6714 (Multiple memory leaks in Hitachi Directory Server 2 P-2444-A124 before ...)
	NOT-FOR-US: Hitachi Directory Server
CVE-2006-6713 (Buffer overflow in Hitachi Directory Server 2 P-2444-A124 before 02-11 ...)
	NOT-FOR-US: Hitachi Directory Server
CVE-2006-6712 (Cross-site scripting (XSS) vulnerability in SugarCRM Open Source 4.5.0 ...)
	- sugarcrm-ce-5.0 <itp> (bug #457876)
CVE-2006-6711 (PHP remote file inclusion vulnerability in compteur/mapage.php in Newx ...)
	NOT-FOR-US: Newxooper
CVE-2006-6710 (Multiple PHP remote file inclusion vulnerabilities in PgmReloaded 0.8. ...)
	NOT-FOR-US: PgmReloaded
CVE-2006-6709 (Multiple SQL injection vulnerabilities in MGinternet Property Site Man ...)
	NOT-FOR-US: MGinternet Property Site Manager
CVE-2006-6708 (Cross-site scripting (XSS) vulnerability in listings.asp in MGinternet ...)
	NOT-FOR-US: MGinternet Property Site Manager
CVE-2006-6707 (Stack-based buffer overflow in the NeoTraceExplorer.NeoTraceLoader Act ...)
	NOT-FOR-US: NeoTraceExplorer.NeoTraceLoader ActiveX control
CVE-2006-6706 (SQL injection vulnerability in Soumu Workflow for Groupmax 01-00 throu ...)
	NOT-FOR-US: Soumu Workflow
CVE-2006-6705 (Multiple unspecified vulnerabilities in the template files in Soumu Wo ...)
	NOT-FOR-US: Soumu Workflow
CVE-2006-6704 (Cross-site scripting (XSS) vulnerability in the Webadmin in @Mail befo ...)
	NOT-FOR-US: @Mail
CVE-2006-6703 (Multiple cross-site scripting (XSS) vulnerabilities in Oracle Portal 9 ...)
	NOT-FOR-US: Oracle Portal
CVE-2006-6702 (Cross-site scripting (XSS) vulnerability in Global.pm in @Mail before  ...)
	NOT-FOR-US: @Mail
CVE-2006-6701 (Cross-site request forgery (CSRF) vulnerability in util.pl in @Mail We ...)
	NOT-FOR-US: @Mail
CVE-2006-6700 (Cross-site scripting (XSS) vulnerability in @Mail WebMail allows remot ...)
	NOT-FOR-US: @Mail
CVE-2006-6699 (Multiple CRLF injection vulnerabilities in Oracle Portal 9.0.2 and pos ...)
	NOT-FOR-US: Oracle Portal
CVE-2006-6698 (The GConf daemon (gconfd) in GConf 2.14.0 creates temporary files unde ...)
	- gconf2 2.24.0-1 (unimportant; bug #404743)
	NOTE: Minor nuisance, not much of a security problem
CVE-2006-6749 (Buffer overflow in the parse_expression function in parse_config in Op ...)
	- openser 1.1.0-8 (medium; bug #404591)
CVE-2006-XXXX [insecure rpath in libflash-mozplugin]
	- libflash 0.4.13-9 (low; bug #399508)
	[etch] - libflash <no-dsa> (Not exploitable through directory writable by an unprivileged user)
CVE-2006-6697 (CRLF injection vulnerability in webapp/jsp/calendar.jsp in Oracle Port ...)
	NOT-FOR-US: Oracle
CVE-2006-6696 (Double free vulnerability in Microsoft Windows 2000, XP, 2003, and Vis ...)
	NOT-FOR-US: Microsoft
CVE-2006-6695 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in Ca ...)
	NOT-FOR-US: Carsen Klock TextSend
CVE-2006-6694 (Directory traversal vulnerability in include/config.php in E-Uploader  ...)
	NOT-FOR-US: E-Uploader
CVE-2006-6693 (Multiple buffer overflows in zabbix before 20061006 allow attackers to ...)
	- zabbix 1:1.1.2-4 (medium; bug #391388)
CVE-2006-6692 (Multiple format string vulnerabilities in zabbix before 20061006 allow ...)
	- zabbix 1:1.1.2-4 (medium; bug #391388)
CVE-2006-6691 (Multiple PHP remote file inclusion vulnerabilities in Valdersoft Shopp ...)
	NOT-FOR-US: Valdersoft Shopping Cart
CVE-2006-6690 (rtehtmlarea/pi1/class.tx_rtehtmlarea_pi1.php in Typo3 4.0.0 through 4. ...)
	- typo3-src 4.0.2+debian-2 (high; bug #403906)
	NOTE: http://typo3.org/news-single-view/?tx_newsimporter_pi1%5BshowItem%5D=0&cHash=e4a40a11a9
CVE-2006-6689 (Multiple PHP remote file inclusion vulnerabilities in Paristemi 0.8.3  ...)
	NOT-FOR-US: Paristemi
CVE-2006-6688 (Web Automated Perl Portal (WebAPP) 0.9.9.4, and 0.9.9.3.4 Network Edit ...)
	NOT-FOR-US: Web Automated Perl Portal (WebAPP)
CVE-2006-6687 (Cross-site scripting (XSS) vulnerability in Web Automated Perl Portal  ...)
	NOT-FOR-US: Web Automated Perl Portal (WebAPP)
CVE-2006-6686 (PHP remote file inclusion vulnerability in sender.php in Carsen Klock  ...)
	NOT-FOR-US: Carsen Klock TextSend
CVE-2006-6685 (Heap-based buffer overflow in Pedro Lineu Orso chetcpasswd 2.3.3 allow ...)
	- chetcpasswd <removed> (medium)
CVE-2006-6684 (Heap-based buffer overflow in Pedro Lineu Orso chetcpasswd before 2.4  ...)
	- chetcpasswd <removed> (medium)
CVE-2006-6683 (Pedro Lineu Orso chetcpasswd 2.4.1 and earlier verifies and updates us ...)
	- chetcpasswd <removed> (medium)
CVE-2006-6682 (Pedro Lineu Orso chetcpasswd 2.3.3 provides a different error message  ...)
	- chetcpasswd <removed> (medium)
CVE-2006-6681 (Pedro Lineu Orso chetcpasswd 2.3.3 does not have a rate limit for clie ...)
	- chetcpasswd <removed> (medium)
CVE-2006-6680 (Pedro Lineu Orso chetcpasswd before 2.3.1 does not document the need f ...)
	- chetcpasswd <removed> (low)
CVE-2006-6679 (Pedro Lineu Orso chetcpasswd before 2.4 relies on the X-Forwarded-For  ...)
	- chetcpasswd <removed> (medium)
CVE-2006-6678 (The edit_textarea function in form-file.c in Netrik 1.15.4 and earlier ...)
	{DSA-1251-1}
	- netrik 1.15.3-1.1 (medium; bug #404233)
CVE-2006-6677 (ESET NOD32 Antivirus before 1.1743 allows remote attackers to cause a  ...)
	NOT-FOR-US: ESET NOD32 Antivirus
CVE-2006-6676 (Integer overflow in the (a) OLE2 and (b) CHM parsers for ESET NOD32 An ...)
	NOT-FOR-US: ESET NOD32 Antivirus
CVE-2006-6675 (Cross-site scripting (XSS) vulnerability in Novell NetWare 6.5 Support ...)
	NOT-FOR-US: Novell
CVE-2006-6674 (Ozeki HTTP-SMS Gateway 1.0, and possibly earlier, stores usernames and ...)
	NOT-FOR-US: Ozeki HTTP-SMS Gateway
CVE-2006-6673 (WinFtp Server 2.0.2 allows remote attackers to cause a denial of servi ...)
	NOT-FOR-US: WinFtp Server
CVE-2006-6672 (Multiple SQL injection vulnerabilities in Burak Yylmaz Download Portal ...)
	NOT-FOR-US: Download Portal
CVE-2006-6671 (SQL injection vulnerability in down.asp in Burak Yylmaz Download Porta ...)
	NOT-FOR-US: Download Portal
CVE-2006-6670 (Unspecified vulnerability in Nortel CallPilot 4.x Server has unknown i ...)
	NOT-FOR-US: Nortel CallPilot
CVE-2006-6669 (Cross-site scripting (XSS) vulnerability in export_handler.php in WebC ...)
	{DSA-1279-1}
	- webcalendar 1.0.5-2 (low; bug #404234)
CVE-2006-6668 (Cross-site scripting (XSS) vulnerability in VerliAdmin 0.3 and earlier ...)
	NOT-FOR-US: VerliAdmin
CVE-2006-6667 (Multiple SQL injection vulnerabilities in VerliAdmin 0.3 and earlier a ...)
	NOT-FOR-US: VerliAdmin
CVE-2006-6666 (PHP remote file inclusion vulnerability in index.php in VerliAdmin 0.3 ...)
	NOT-FOR-US: VerliAdmin
CVE-2006-6665 (Buffer overflow in Astonsoft DeepBurner Pro and Free 1.8.0 and earlier ...)
	NOT-FOR-US: DeepBurner
CVE-2006-6664 (Format string vulnerability in Marathon Aleph One before 0.17.1 and 20 ...)
	NOT-FOR-US: Aleph One
CVE-2006-6663 (The server component in Marathon Aleph One before 0.17.1 and 2006-12-1 ...)
	NOT-FOR-US: Aleph One
CVE-2006-6662 (Unspecified vulnerability in Linux User Management (novell-lum) on SUS ...)
	NOT-FOR-US: Linux User Management (novell-lum)
CVE-2006-6661 (Variable overwrite vulnerability in blog.php in PHP-Update 2.7 and ear ...)
	NOT-FOR-US: PHP-Update
CVE-2006-6660 (The nodeType function in KDE libkhtml 4.2.0 and earlier, as used by Ko ...)
	- kdelibs <not-affected> (at least it is fixed in 4:3.5.5a.dfsg.1-5)
	NOTE: is DoS only, anyway
CVE-2006-6659 (The Microsoft Office Outlook Recipient ActiveX control (ole32.dll) in  ...)
	NOT-FOR-US: Microsoft
CVE-2006-6658 (Inktomi Search 4.1.4 allows remote attackers to obtain sensitive infor ...)
	NOT-FOR-US: Inktomi
CVE-2006-6657 (The if_clone_list function in NetBSD-current before 20061027, NetBSD 3 ...)
	NOT-FOR-US: NetBSD
CVE-2006-6656 (Unspecified vulnerability in ptrace in NetBSD-current before 20061027, ...)
	NOT-FOR-US: NetBSD
CVE-2006-6655 (The procfs implementation in NetBSD-current before 20061023, NetBSD 3. ...)
	NOT-FOR-US: NetBSD
CVE-2006-6654 (The sendmsg function in NetBSD-current before 20061023, NetBSD 3.0 and ...)
	NOT-FOR-US: NetBSD
CVE-2006-6653 (The accept function in NetBSD-current before 20061023, NetBSD 3.0 and  ...)
	NOT-FOR-US: NetBSD
CVE-2006-6652 (Buffer overflow in the glob implementation (glob.c) in libc in NetBSD- ...)
	NOT-FOR-US: NetBSD
CVE-2006-6651 (Race condition in W29N51.SYS in the Intel 2200BG wireless driver 9.0.3 ...)
	NOT-FOR-US: Intel
CVE-2006-6650 (PHP remote file inclusion vulnerability in charts_constants.php in the ...)
	NOT-FOR-US: mxBB
CVE-2006-6649 (Cross-site scripting (XSS) vulnerability in display.php in HyperVM 1.2 ...)
	NOT-FOR-US: HyperVM
CVE-2006-6648 (PHP remote file inclusion vulnerability in main.inc.php in planetluc.c ...)
	NOT-FOR-US: RateMe
CVE-2006-6647 (Cross-site scripting (XSS) vulnerability in the MySite 4.7.x before 4. ...)
	NOT-FOR-US: MySite for Drupal
CVE-2006-6646 (Multiple cross-site scripting (XSS) vulnerabilities in Drupal (1) Proj ...)
	NOT-FOR-US: Drupal Project Issue Tracking
CVE-2006-6645 (PHP remote file inclusion vulnerability in language/lang_english/lang_ ...)
	NOT-FOR-US: Web Links module for mxBB
CVE-2006-6644 (PHP remote file inclusion vulnerability in pages/meeting_constants.php ...)
	NOT-FOR-US: Meeting module for mxBB
CVE-2006-6643 (Fightersoft Multimedia Star FTP server 1.10 allows remote attackers to ...)
	NOT-FOR-US: Fightersoft Multimedia Star FTP server
CVE-2006-6642 (SQL injection vulnerability in haber.asp in Contra Haber Sistemi 1.0 a ...)
	NOT-FOR-US: Sistemi
CVE-2006-6641 (Unspecified vulnerability in CA CleverPath Portal before maintenance v ...)
	NOT-FOR-US: CA CleverPath Portal
CVE-2006-6640 (Multiple cross-site scripting (XSS) vulnerabilities in Omniture SiteCa ...)
	NOT-FOR-US: SiteCatalyst
CVE-2006-6639 (Multiple unspecified vulnerabilities in chetcpasswd 2.4.1 allow local  ...)
	- chetcpasswd <removed> (medium)
CVE-2006-6638 (IBM DB2 8.1 before FixPak 14 allows remote attackers to cause a denial ...)
	NOT-FOR-US: IBM
CVE-2006-6637 (The Servlet Engine and Web Container in IBM WebSphere Application Serv ...)
	NOT-FOR-US: IBM
CVE-2006-6636 (Unspecified vulnerability in the Utility Classes for IBM WebSphere App ...)
	NOT-FOR-US: IBM
CVE-2006-6635 (PHP remote file inclusion vulnerability in includes/functions.php in J ...)
	NOT-FOR-US: JumbaCMS
CVE-2006-6634 (Multiple PHP remote file inclusion vulnerabilities in the ExtCalThai ( ...)
	NOT-FOR-US: ExtCalThai for Mambo
CVE-2006-6633 (PHP remote file inclusion vulnerability in include/yapbb_session.php i ...)
	NOT-FOR-US: YapBB
CVE-2006-6632 (PHP remote file inclusion vulnerability in genepi.php in Genepi 1.6 an ...)
	NOT-FOR-US: Genepi
CVE-2006-6631 (PHP remote file inclusion vulnerability in lib/xml/oai/GetRecord.php i ...)
	NOT-FOR-US: osprey
CVE-2006-6630 (PHP remote file inclusion vulnerability in ListRecords.php in osprey 1 ...)
	NOT-FOR-US: osprey
CVE-2006-6629 (lib/WeBWorK/PG/Translator.pm in WeBWorK Program Generation (PG) Langua ...)
	NOT-FOR-US: WeBWorK
CVE-2006-6628 (Integer overflow in OpenOffice.org (OOo) 2.1 allows user-assisted remo ...)
	- openoffice.org 2.0.4.dfsg.2-3 (unimportant; bug #404105)
	NOTE: No code injection possible, just a crash
CVE-2006-6627 (Integer overflow in the packed PE file parsing implementation in BitDe ...)
	NOT-FOR-US: BitDefender
CVE-2006-6626 (Cross-site scripting (XSS) vulnerability in an unspecified component o ...)
	- moodle 1.6-1
	NOTE: Does not affect moodle 1.6 according to SecurityFocus.
CVE-2006-6625 (Cross-site scripting (XSS) vulnerability in mod/forum/discuss.php in M ...)
	- moodle 1.6.3-2 (low)
	NOTE: "SC#341 fixed initilaization of navtail variable"
	NOTE: http://moodle.cvs.sourceforge.net/moodle/moodle/mod/forum/discuss.php?view=log
CVE-2006-6624 (The FTP Server in Sambar Server 6.4 allows remote authenticated users  ...)
	NOT-FOR-US: Sambar
CVE-2006-6623 (Sygate Personal Firewall 5.6.2808 relies on the Process Environment Bl ...)
	NOT-FOR-US: Sygate
CVE-2006-6622 (Soft4Ever Look 'n' Stop (LnS) 2.05p2 before 20061215 relies on the Pro ...)
	NOT-FOR-US: Soft4Ever Look 'n' Stop
CVE-2006-6621 (Filseclab Personal Firewall 3.0.0.8686 relies on the Process Environme ...)
	NOT-FOR-US: Filseclab Personal Firewall
CVE-2006-6620 (Comodo Personal Firewall 2.3.6.81 relies on the Process Environment Bl ...)
	NOT-FOR-US: Comodo Personal Firewall
CVE-2006-6619 (AVG Anti-Virus plus Firewall 7.5.431 relies on the Process Environment ...)
	NOT-FOR-US: AVG Anti-Virus plus Firewall
CVE-2006-6618 (AntiHook 3.0.0.23 - Desktop relies on the Process Environment Block (P ...)
	NOT-FOR-US: AntiHook 3.0.0.23 - Desktop
CVE-2006-6617 (projectserver/logon/pdsrequest.asp in Microsoft Project Server 2003 al ...)
	NOT-FOR-US: Microsoft
CVE-2006-6616 (index.php in w00t Gallery 1.4.0 allows remote authenticated users with ...)
	NOT-FOR-US: w00t Gallery
CVE-2006-6615 (PHP remote file inclusion vulnerability in includes/act_constants.php  ...)
	NOT-FOR-US: Activity Games module for mxBB
CVE-2006-6614 (The save_log_local function in Fully Automatic Installation (FAI) 2.10 ...)
	- fai 3.1.3 (low; bug #402644)
	[sarge] - fai <no-dsa> (Minor issue, only in rare configs and use cases)
CVE-2006-6613 (Directory traversal vulnerability in language.php in phpAlbum 0.4.1 Be ...)
	NOT-FOR-US: phpAlbum
CVE-2006-6612 (PHP remote file inclusion vulnerability in basic.inc.php in PhpMyCms 0 ...)
	NOT-FOR-US: PhpMyCms
CVE-2006-6611 (PHP remote file inclusion vulnerability in interface.php in Barman 0.0 ...)
	NOT-FOR-US: Barman
CVE-2006-6610 (clientcommands in Nexuiz before 2.2.1 has unknown impact and remote at ...)
	- nexuiz 2.2.1-1 (low)
	NOTE: Only game console command execution possible, not shell commands
CVE-2006-6609 (Nexuiz before 2.2.1 allows remote attackers to cause a denial of servi ...)
	- nexuiz 2.2.1-1
CVE-2006-6608 (Unspecified vulnerability in SSH key based authentication in HP Integr ...)
	NOT-FOR-US: HP
CVE-2006-6607 (The Java Key Store (JKS) for WebSphere Application Server (WAS) for IB ...)
	NOT-FOR-US: IBM
CVE-2006-6606 (Multiple SQL injection vulnerabilities in Clarens jclarens before 0.6. ...)
	NOT-FOR-US: jclarens
CVE-2006-6605 (Stack-based buffer overflow in the POP service in MailEnable Standard  ...)
	NOT-FOR-US: MailEnable
CVE-2006-6604 (Directory traversal vulnerability in downloaddetails.php in TorrentFlu ...)
	- torrentflux 2.1-7 (medium; bug #400582)
CVE-2006-6603 (Buffer overflow in the YMMAPI.YMailAttach ActiveX control (ymmapi.dll) ...)
	NOT-FOR-US: YMMAPI.YMailAttach
CVE-2006-6602 (explorer.exe in Windows Explorer 6.00.2900.2180 in Microsoft Windows X ...)
	NOT-FOR-US: Windows
CVE-2006-6601 (Windows Media Player 10.00.00.4036 in Microsoft Windows XP SP2 allows  ...)
	NOT-FOR-US: Microsoft
CVE-2006-6600 (Cross-site scripting (XSS) vulnerability in dir.php in TorrentFlux 2.2 ...)
	- torrentflux 2.1-7 (medium; bug #400582)
CVE-2006-6599 (maketorrent.php in TorrentFlux 2.2 allows remote authenticated users t ...)
	- torrentflux 2.1-7 (medium; bug #400582)
CVE-2006-6598 (Directory traversal vulnerability in viewnfo.php in (1) TorrentFlux be ...)
	- torrentflux 2.1-6
CVE-2006-6597 (Argument injection vulnerability in HyperAccess 8.4 allows user-assist ...)
	NOT-FOR-US: HyperAccess
CVE-2006-6596 (HyperAccess 8.4 allows user-assisted remote attackers to execute arbit ...)
	NOT-FOR-US: HyperAccess
CVE-2006-6595 (Multiple SQL injection vulnerabilities in ScriptMate User Manager 2.1  ...)
	NOT-FOR-US: ScriptMate User Manager
CVE-2006-6594 (SQL injection vulnerability in utilities/usermessages.asp in ScriptMat ...)
	NOT-FOR-US: ScriptMate User Manager
CVE-2006-6593 (PHP remote file inclusion vulnerability in zufallscodepart.php in AMAZ ...)
	NOT-FOR-US: AMAZONIA MOD for phpBB
CVE-2006-6592 (Multiple PHP remote file inclusion vulnerabilities in Bloq 0.5.4 allow ...)
	NOT-FOR-US: Bloq
CVE-2006-6591 (PHP remote file inclusion vulnerability in fonctions/template.php in E ...)
	NOT-FOR-US: EXlor
CVE-2006-6590 (PHP remote file inclusion vulnerability in usercp_menu.php in AR Membe ...)
	NOT-FOR-US: AR Memberscript
CVE-2006-6589 (Cross-site scripting (XSS) vulnerability in ecommerce/control/keywords ...)
	NOT-FOR-US: Apache Open For BusinessProject (OFBiz)
CVE-2006-6588 (The forum implementation in the ecommerce component in the Apache Open ...)
	NOT-FOR-US: Apache Open For BusinessProject (OFBiz)
CVE-2006-6587 (Cross-site scripting (XSS) vulnerability in the forum implementation i ...)
	NOT-FOR-US: Apache Open For BusinessProject (OFBiz)
CVE-2006-6586 (Multiple PHP remote file inclusion vulnerabilities in Vortex Blog (vBl ...)
	NOT-FOR-US: Vortex Blog
CVE-2006-6585 (The Extensions manager in Mozilla Firefox 2.0 does not properly popula ...)
	- iceweasel 2.0.0.1+dfsg-1
	- firefox 45.0-1
	- firefox-esr 45.0esr-1
CVE-2006-6584 (Multiple buffer overflows in italkplus (Italk+) before 0.92.1 allow re ...)
	NOT-FOR-US: italkplus (Italk+)
CVE-2006-6583 (ScriptMate User Manager 2.1 and earlier allow remote attackers to obta ...)
	NOT-FOR-US: ScriptMate User Manager
CVE-2006-6582 (Multiple cross-site scripting (XSS) vulnerabilities in ScriptMate User ...)
	NOT-FOR-US: ScriptMate User Manager
CVE-2006-6581 (PHP remote file inclusion vulnerability in tests/debug_test.php in Ver ...)
	NOT-FOR-US: PHP_Debug
CVE-2006-6580 (admin/change.php in ProNews 1.5 does not check whether a user is permi ...)
	NOT-FOR-US: ProNews
CVE-2006-6579 (Microsoft Windows XP has weak permissions (FILE_WRITE_DATA and FILE_RE ...)
	NOT-FOR-US: Microsoft
CVE-2006-6578 (Microsoft Internet Information Services (IIS) 5.1 permits the IUSR_Mac ...)
	NOT-FOR-US: Microsoft
CVE-2006-6577 (SQL injection vulnerability in polls.php in Neocrome Land Down Under ( ...)
	NOT-FOR-US: Neocrome Land Down Under
CVE-2006-6576 (Heap-based buffer overflow in Golden FTP Server (goldenftpd) 1.92 allo ...)
	NOT-FOR-US: Golden FTP Server
CVE-2006-6575 (PHP remote file inclusion vulnerability in ldap.php in Brian Drawert Y ...)
	NOT-FOR-US: Yet Another PHP LDAP Admin Project (yaplap)
CVE-2006-6574 (Mantis before 1.1.0a2 does not implement per-item access control for I ...)
	{DSA-1467-1}
	- mantis 1.0.6+dfsg-3 (bug #402802)
	[sarge] - mantis 0.19.2-5sarge5
CVE-2006-XXXX [gaim crash when receiving an invalid UPnP response]
	- gaim 1:2.0.0+beta5-9 (low)
	[sarge] - gaim <no-dsa> (minor issue)
CVE-2006-XXXX [dsniff urlsnarf missing output sanitization]
	- dsniff 2.4b1+debian-16 (unimportant; bug #400624)
	NOTE: While older terminals were vulnerable to some attacks involving terminal
	NOTE: sequences, the lack of shell escaping is not a vulnerability in dsniff
CVE-2006-XXXX [archivemail insecure temporary file issues]
	- archivemail 0.6.2-2
	[sarge] - archivemail <no-dsa> (minor issue)
CVE-2006-XXXX [pythonpaste web root esacpe]
	- paste 1.0.1-1
	NOTE: http://pythonpaste.org/archives/message/20061218.050654.e8997561.en.html
CVE-2006-XXXX [moodle unspecified security bug in the forum module (discuss.php)]
	- moodle 1.6.3-2
CVE-2006-XXXX [znc file access security hole]
	- znc 0.045-3 (bug #403141; medium)
CVE-2006-6573 (Unspecified vulnerability in Citrix Access Gateway 4.5 Advanced Editio ...)
	NOT-FOR-US: Citrix
CVE-2006-6572 (Unspecified vulnerability in Citrix Advanced Access Control (AAC) Opti ...)
	NOT-FOR-US: Citrix
CVE-2006-6571 (Multiple cross-site scripting (XSS) vulnerabilities in form.php in Gen ...)
	NOT-FOR-US: GenesisTrader
CVE-2006-6570 (Unrestricted file upload vulnerability in upload.php in GenesisTrader  ...)
	NOT-FOR-US: GenesisTrader
CVE-2006-6569 (form.php in GenesisTrader 1.0 allows remote attackers to read source c ...)
	NOT-FOR-US: GenesisTrader
CVE-2006-6568 (Directory traversal vulnerability in includes/kb_constants.php in the  ...)
	NOT-FOR-US: Knowledge Base (mx_kb) 2.0.2 module for mxBB
CVE-2006-6567 (PHP remote file inclusion vulnerability in includes/kb_constants.php i ...)
	NOT-FOR-US: Knowledge Base (mx_kb) 2.0.2 module for mxBB
CVE-2006-6566 (PHP remote file inclusion vulnerability in includes/profilcp_constants ...)
	NOT-FOR-US: Profile Control Panel (CPanel) module for mxBB
CVE-2006-6565 (FileZilla Server before 0.9.22 allows remote attackers to cause a deni ...)
	NOT-FOR-US: FileZilla Server
CVE-2006-6564 (FileZilla Server before 0.9.22 allows remote attackers to cause a deni ...)
	NOT-FOR-US: FileZilla Server
CVE-2006-6563 (Stack-based buffer overflow in the pr_ctrls_recv_request function in c ...)
	- proftpd-dfsg 1.3.0-17 (medium)
	[sarge] - proftpd <not-affected> (Vulnerable code not activated in binary build)
CVE-2006-6562
	RESERVED
CVE-2006-6561 (Unspecified vulnerability in Microsoft Word 2000, 2002, and Word Viewe ...)
	NOT-FOR-US: Microsoft
CVE-2006-6560 (PHP remote file inclusion vulnerability in includes/common.php in the  ...)
	NOT-FOR-US: mx_modsdb 1.0.0 module for MxBBmx_modsdb 1.0.0 module for MxBB
CVE-2006-6559 (SQL injection vulnerability in ProductDetails.asp in Lotfian Request F ...)
	NOT-FOR-US: Lotfian Request For Travel
CVE-2006-6558 (Crob FTP Server 3.6.1 b.263 allows remote attackers to cause a denial  ...)
	NOT-FOR-US: Crob FTP Server
CVE-2006-6557 (Multiple unspecified vulnerabilities in Skulls! before 0.2.6 have unkn ...)
	NOT-FOR-US: Skulls!
CVE-2006-6556 (The eyeHome function in apps/eyeHome.eyeapp/aplic.php in EyeOS before  ...)
	NOT-FOR-US: EyeOS
CVE-2006-6555 (Multiple SQL injection vulnerabilities in EasyFill before 0.5.1 allow  ...)
	NOT-FOR-US: EasyFill
CVE-2006-6554 (Unspecified vulnerability in Kerio MailServer before 6.3.1 allows remo ...)
	NOT-FOR-US: Kerio MailServer
CVE-2006-6553 (PHP remote file inclusion vulnerability in includes/newssuite_constant ...)
	NOT-FOR-US: NewsSuite 1.03 module for mxBB
CVE-2006-6552 (PHP remote file inclusion vulnerability in admin/plugins/NP_UserSharin ...)
	NOT-FOR-US: BLOG:CMS
CVE-2006-6551 (PHP remote file inclusion vulnerability in libs/tucows/api/cartridges/ ...)
	NOT-FOR-US: Tucows Client Code Suite (CCS)
CVE-2006-6550
	NOT-FOR-US: Phorum
CVE-2006-6549
	NOT-FOR-US: Rad Upload
CVE-2006-6548 (Multiple cross-site scripting (XSS) vulnerabilities in cPanel WebHost  ...)
	NOT-FOR-US: cPanel WebHost Manager
CVE-2006-6547 (Buffer overflow in the readAA function in read_aa.cpp in Winamp iPod P ...)
	NOT-FOR-US: Winamp
CVE-2006-6546 (PHP remote file inclusion vulnerability in inc/shows.inc.php in cutene ...)
	NOT-FOR-US: cutenews
CVE-2006-6545 (PHP remote file inclusion vulnerability in includes/common.php in the  ...)
	NOT-FOR-US: ErrorDocs 1.0.0 and earlier module for mxBB
CVE-2006-6544 (Cross-site scripting (XSS) vulnerability in CM68 News allows remote at ...)
	NOT-FOR-US: CM68 News
CVE-2006-6543 (Multiple SQL injection vulnerabilities in login.asp in AppIntellect Sp ...)
	NOT-FOR-US: AppIntellect SpotLight CRM
CVE-2006-6542 (SQL injection vulnerability in news.php in Fantastic News 2.1.4 and ea ...)
	NOT-FOR-US: Fantastic News
CVE-2006-6541
	NOT-FOR-US: Animated Smiley Generator
CVE-2006-6540 (SQL injection vulnerability in bt-trackback.php in Bluetrait before 1. ...)
	NOT-FOR-US: Bluetrait
CVE-2006-6539 (Multiple buffer overflows in Winamp Web Interface (Wawi) 7.5.13 and ea ...)
	NOT-FOR-US: Winamp Web Interface
CVE-2006-6538 (D-LINK DWL-2000AP+ firmware 2.11 allows remote attackers to cause (1)  ...)
	NOT-FOR-US: D-LINK
CVE-2006-6537 (IBM WebSphere Host On-Demand 6.0, 7.0, 8.0, 9.0, and possibly 10, allo ...)
	NOT-FOR-US: IBM
CVE-2006-6536 (Cross-site scripting (XSS) vulnerability in hata.asp in Cilem Haber Fr ...)
	NOT-FOR-US: Cilem Haber Free Edition
CVE-2006-6535 (The dev_queue_xmit function in Linux kernel 2.6 can fail before callin ...)
	{DSA-1304}
	- linux-2.6 <not-affected> (Fixed before upload into the archive; 2.6.10)
CVE-2006-6534 (Multiple cross-site scripting (XSS) vulnerabilities in osCommerce 3.0a ...)
	NOT-FOR-US: osCommerce
CVE-2006-6533 (Directory traversal vulnerability in admin/templates_boxes_layout.php  ...)
	NOT-FOR-US: osCommerce
CVE-2006-6532 (Multiple cross-site scripting (XSS) vulnerabilities in Vt-Forum Lite 1 ...)
	NOT-FOR-US: Vt-Forum Lite
CVE-2006-6531 (Cross-site scripting (XSS) vulnerability in the Help Tip module before ...)
	NOT-FOR-US: Help Tip module for Drupal
CVE-2006-6530 (SQL injection vulnerability in the Help Tip module before 4.7.x-1.0 fo ...)
	NOT-FOR-US: Help Tip module for Drupal
CVE-2006-6529 (The Chatroom Module before 4.7.x.-1.0 for Drupal displays private mess ...)
	NOT-FOR-US: Chatroom Module for Drupal
CVE-2006-6528 (The Chatroom Module before 4.7.x.-1.0 for Drupal broadcasts Chatroom v ...)
	NOT-FOR-US: Chatroom Module for Drupal
CVE-2006-6527 (PHP remote file inclusion vulnerability in guest.php in Gizzar 0316200 ...)
	NOT-FOR-US: Gizzar
CVE-2006-6526 (PHP remote file inclusion vulnerability in index.php in Gizzar 0316200 ...)
	NOT-FOR-US: Gizzar
CVE-2006-6525 (SQL injection vulnerability in vdateUsr.asp in EzHRS HR Assist 1.05 an ...)
	NOT-FOR-US: EzHRS HR Assist
CVE-2006-6524 (SQL injection vulnerability in vdateUsr.asp in EzHRS HR Assist 1.05 an ...)
	NOT-FOR-US: EzHRS HR Assist
CVE-2006-6523 (Cross-site scripting (XSS) vulnerability in mail/manage.html in BoxTra ...)
	NOT-FOR-US: BoxTrapper in cPanel
CVE-2006-6522 (Multiple cross-site scripting (XSS) vulnerabilities in WikiTimeScale T ...)
	NOT-FOR-US: WikiTimeScale TwoZero
CVE-2006-6521 (SQL injection vulnerability in lire-avis.php in Messageriescripthp 2.0 ...)
	NOT-FOR-US: Messageriescripthp
CVE-2006-6520 (Multiple cross-site scripting (XSS) vulnerabilities in Messageriescrip ...)
	NOT-FOR-US: Messageriescripthp
CVE-2006-6519 (SQL injection vulnerability in lire-avis.php in ProNews 1.5 allows rem ...)
	NOT-FOR-US: ProNews
CVE-2006-6518 (Multiple cross-site scripting (XSS) vulnerabilities in ProNews 1.5 all ...)
	NOT-FOR-US: ProNews
CVE-2006-6517 (Multiple cross-site scripting (XSS) vulnerabilities in KDPics 1.16 and ...)
	NOT-FOR-US: KDPics
CVE-2006-6516 (Multiple PHP remote file inclusion vulnerabilities in KDPics 1.16 and  ...)
	NOT-FOR-US: KDPics
CVE-2006-6515 (Mantis before 1.1.0a2 sets the default value of $g_bug_reminder_thresh ...)
	- mantis 1.0.6+dfsg-1 (unimportant)
	NOTE: http://www.mantisbt.org/bugs/print_bug_page.php?bug_id=5163
	NOTE: Not a security bug, only a very annoying feature.
CVE-2006-6514 (Winamp Web Interface (Wawi) 7.5.13 and earlier uses an insufficient co ...)
	NOT-FOR-US: Winamp Web Interface (Wawi)
CVE-2006-6513 (The CControl::Download function (/dl URI) in Winamp Web Interface (Waw ...)
	NOT-FOR-US: Winamp Web Interface (Wawi)
CVE-2006-6512 (Directory traversal vulnerability in the Browse function (/browse URI) ...)
	NOT-FOR-US: Winamp Web Interface (Wawi)
CVE-2006-6511 (dadaIMC .99.3 uses an insufficiently restrictive FilesMatch directive  ...)
	NOT-FOR-US: dadaIMC
CVE-2006-6510 (An unspecified ActiveX control in SiteKiosk before 6.5.150 is installe ...)
	NOT-FOR-US: SiteKiosk
CVE-2006-6509 (Cross-site scripting (XSS) vulnerability in the skinning feature in Si ...)
	NOT-FOR-US: SiteKiosk
CVE-2006-6508 (Cross-site request forgery (CSRF) vulnerability in phpBB 2.0.21 allows ...)
	{DSA-1488-1}
	NOTE: This is covered/duped by CVE-2006-6841
	- phpbb2 2.0.21-6
CVE-2006-6507 (Mozilla Firefox 2.0 before 2.0.0.1 allows remote attackers to bypass C ...)
	NOTE: MFSA-2006-76
	- iceweasel 2.0.0.1+dfsg-1 (high)
	- xulrunner <not-affected> (maintainer reported)
	- iceape <not-affected> (maintainer reported)
CVE-2006-6506 (The "Feed Preview" feature in Mozilla Firefox 2.0 before 2.0.0.1 sends ...)
	NOTE: MFSA-2006-75
	- iceweasel 2.0.0.1+dfsg-1 (low)
	- iceape <not-affected> (maintainer reported)
CVE-2006-6505 (Multiple heap-based buffer overflows in Mozilla Thunderbird before 1.5 ...)
	{DSA-1265-1}
	NOTE: MFSA-2006-74
	[sarge] - mozilla-thunderbird <no-dsa> (Mozilla products from Sarge no longer supported)
	- icedove 1.5.0.9.dfsg1-1 (high)
	- iceape 1.0.7-1 (high)
	- mozilla <removed>
CVE-2006-6504 (Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, and SeaMonke ...)
	NOTE: MFSA-2006-73
	- iceweasel 2.0.0.1+dfsg-1 (high)
	- xulrunner 1.8.0.9-1 (high)
	- iceape 1.0.7-1 (high)
	- firefox 45.0-1 (high)
	- firefox-esr 45.0esr-1 (high)
	NOTE: Flaw was introduced in Firefox 1.5.0.4
	- icedove 1.5.0.9.dfsg1-1 (high)
CVE-2006-6503 (Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, Thunderbird  ...)
	{DSA-1265-1 DSA-1258-1 DSA-1253-1}
	NOTE: MFSA-2006-72
	- iceweasel 2.0.0.1+dfsg-1 (high)
	- xulrunner 1.8.0.9-1 (high)
	- iceape 1.0.7-1 (high)
	- firefox 45.0-1 (high)
	- firefox-esr 45.0esr-1 (high)
	- mozilla <removed> (high)
	- mozilla-firefox <removed> (high)
	- mozilla-thunderbird <removed> (high)
	- icedove 1.5.0.9.dfsg1-1 (high)
CVE-2006-6502 (Use-after-free vulnerability in the LiveConnect bridge code for Mozill ...)
	{DSA-1265-1 DSA-1258-1 DSA-1253-1}
	NOTE: MFSA-2006-71
	- iceweasel 2.0.0.1+dfsg-1 (high)
	- xulrunner 1.8.0.9-1 (high)
	- iceape 1.0.7-1 (high)
	- firefox 45.0-1 (high)
	- firefox-esr 45.0esr-1 (high)
	- mozilla <removed> (high)
	- mozilla-firefox <removed> (high)
	- mozilla-thunderbird <removed> (unimportant)
	- icedove 1.5.0.9.dfsg1-1 (unimportant)
	NOTE: Not exploitable in standard Icedove configuration
CVE-2006-6501 (Unspecified vulnerability in Mozilla Firefox 2.x before 2.0.0.1, 1.5.x ...)
	{DSA-1265-1 DSA-1258-1 DSA-1253-1}
	NOTE: MFSA-2006-70
	- iceweasel 2.0.0.1+dfsg-1 (high)
	- xulrunner 1.8.0.9-1 (high)
	- iceape 1.0.7-1 (high)
	- firefox 45.0-1 (high)
	- firefox-esr 45.0esr-1 (high)
	- mozilla <removed> (high)
	- mozilla-firefox <removed> (high)
	- mozilla-thunderbird <removed> (low)
	- icedove 1.5.0.9.dfsg1-1 (low)
CVE-2006-6500 (Heap-based buffer overflow in Mozilla Firefox 2.x before 2.0.0.1, 1.5. ...)
	NOTE: MFSA-2006-69
	- iceweasel <not-affected> (windows only)
	- xulrunner <not-affected> (Windows only)
	- iceape <not-affected> (windows only)
	- firefox <not-affected> (windows only)
	- mozilla <not-affected> (windows only)
	- mozilla-firefox <not-affected> (windows only)
	- mozilla-thunderbird <not-affected> (windows only)
	- icedove <not-affected> (windows only)
CVE-2006-6499 (The js_dtoa function in Mozilla Firefox 2.x before 2.0.0.1, 1.5.x befo ...)
	{DSA-1265-1 DSA-1258-1 DSA-1253-1}
	NOTE: MFSA-2006-68
	- iceweasel 2.0.0.1+dfsg-1 (high)
	- xulrunner 1.8.0.9-1 (high)
	- iceape 1.0.7-1 (high)
	- firefox 45.0-1 (high)
	- firefox-esr 45.0esr-1 (high)
	- mozilla <removed> (high)
	- mozilla-firefox <removed> (high)
	- mozilla-thunderbird <removed> (low)
	- icedove 1.5.0.9.dfsg1-1 (low)
	NOTE: Is it possible to reduce the floating point precision in Linux as a non-priv
	NOTE: user? I don't think so
CVE-2006-6498 (Multiple unspecified vulnerabilities in the JavaScript engine for Mozi ...)
	{DSA-1265-1 DSA-1258-1 DSA-1253-1}
	NOTE: MFSA-2006-68
	- iceweasel 2.0.0.1+dfsg-1 (high)
	- xulrunner 1.8.0.9-1 (high)
	- iceape 1.0.7-1 (high)
	- firefox 45.0-1 (high)
	- firefox-esr 45.0esr-1 (high)
	- mozilla <removed> (high)
	- mozilla-firefox <removed> (high)
	- mozilla-thunderbird <removed> (low)
	- icedove 1.5.0.9.dfsg1-1 (low)
CVE-2006-6497 (Multiple unspecified vulnerabilities in the layout engine for Mozilla  ...)
	{DSA-1265-1 DSA-1258-1 DSA-1253-1}
	NOTE: MFSA-2006-68
	- iceweasel 2.0.0.1+dfsg-1 (medium)
	- xulrunner 1.8.0.9-1 (medium)
	- iceape 1.0.7-1 (medium)
	- firefox 45.0-1 (medium)
	- firefox-esr 45.0esr-1 (medium)
	- mozilla <removed> (medium)
	- mozilla-firefox <removed> (medium)
	- mozilla-thunderbird <removed> (low)
	- icedove 1.5.0.9.dfsg1-1 (low)
CVE-2006-6496 (The (1) VetMONNT.sys and (2) VetFDDNT.sys drivers in CA Anti-Virus 200 ...)
	NOT-FOR-US: CA Anti-Virus
CVE-2006-6495 (Stack-based buffer overflow in ld.so.1 in Sun Solaris 8, 9, and 10 all ...)
	NOT-FOR-US: Solaris
CVE-2006-6494 (Directory traversal vulnerability in ld.so.1 in Sun Solaris 8, 9, and  ...)
	NOT-FOR-US: Solaris
CVE-2006-6493 (Buffer overflow in the krbv4_ldap_auth function in servers/slapd/kerbe ...)
	- openldap2.3 <not-affected> (kerberos support not enabled)
	- openldap2 <not-affected> (kerberos support not enabled)
CVE-2006-6492
	REJECTED
CVE-2006-6491
	REJECTED
CVE-2006-6490 (Multiple buffer overflows in the SupportSoft (1) SmartIssue (tgctlsi.d ...)
	NOT-FOR-US: SupportSoft ActiveX
CVE-2006-6489 (The SISCO OSI stack, as used in SISCO MMS-EASE, ICCP Toolkit for MMS-E ...)
	NOT-FOR-US: SISCO OSI stack
CVE-2006-6488 (Stack-based buffer overflow in the DoModal function in the Dialog Wrap ...)
	NOT-FOR-US: ICONICS
CVE-2006-6487 (Cross-site scripting (XSS) vulnerability in index.php in DT Guestbook  ...)
	NOT-FOR-US: DT Guestbook
CVE-2006-6486 (SQL injection vulnerability in EasyPage allows remote attackers to exe ...)
	NOT-FOR-US: EasyPage
CVE-2006-6485 (Multiple cross-site scripting (XSS) vulnerabilities in ShopSite 8.1 an ...)
	NOT-FOR-US: ShopSite
CVE-2006-6484 (The IMAP service for MailEnable Professional and Enterprise Edition 2. ...)
	NOT-FOR-US: MailEnable
CVE-2006-6483 (Adobe ColdFusion MX 7.x before 7.0.2 does not properly filter HTML tag ...)
	NOT-FOR-US: ColdFusion
CVE-2006-6482 (Adobe ColdFusion MX7 allows remote attackers to obtain sensitive infor ...)
	NOT-FOR-US: ColdFusion
CVE-2006-6481 (Clam AntiVirus (ClamAV) 0.88.6 allows remote attackers to cause a deni ...)
	{DSA-1238-1}
	- clamav 0.88.7-1 (low; bug #401874)
CVE-2006-6480 (admin/admin_membre/fiche_membre.php in AnnonceScriptHP 2.0 allows remo ...)
	NOT-FOR-US: AnnonceScriptHP
CVE-2006-6479 (Multiple cross-site scripting (XSS) vulnerabilities in AnnonceScriptHP ...)
	NOT-FOR-US: AnnonceScriptHP
CVE-2006-6478 (Multiple SQL injection vulnerabilities in AnnonceScriptHP 2.0 allow re ...)
	NOT-FOR-US: AnnonceScriptHP
CVE-2006-6477 (FRAgent.exe in Mandiant First Response (MFR) before 1.1.1, when run in ...)
	NOT-FOR-US: Mandiant First Response (MFR)
CVE-2006-6476 (FRAgent.exe in Mandiant First Response (MFR) before 1.1.1, when run in ...)
	NOT-FOR-US: Mandiant First Response (MFR)
CVE-2006-6475 (FRAgent.exe in Mandiant First Response (MFR) before 1.1.1, when run in ...)
	NOT-FOR-US: Mandiant First Response (MFR)
CVE-2006-6474 (Untrusted search path vulnerability in McAfee VirusScan for Linux 4510 ...)
	NOT-FOR-US: McAfee
CVE-2006-6473 (Multiple unspecified vulnerabilities in Xerox WorkCentre and WorkCentr ...)
	NOT-FOR-US: Xerox WorkCentre
CVE-2006-6472 (The httpd.conf file in Xerox WorkCentre and WorkCentre Pro before 12.0 ...)
	NOT-FOR-US: Xerox WorkCentre
CVE-2006-6471 (Xerox WorkCentre and WorkCentre Pro before 12.050.03.000, 13.x before  ...)
	NOT-FOR-US: Xerox WorkCentre
CVE-2006-6470 (The SNMP Agent in Xerox WorkCentre and WorkCentre Pro before 12.050.03 ...)
	NOT-FOR-US: Xerox WorkCentre
CVE-2006-6469 (Xerox WorkCentre and WorkCentre Pro before 12.050.03.000, 13.x before  ...)
	NOT-FOR-US: Xerox WorkCentre
CVE-2006-6468 (Xerox WorkCentre and WorkCentre Pro before 12.050.03.000, 13.x before  ...)
	NOT-FOR-US: Xerox WorkCentre
CVE-2006-6467 (Xerox WorkCentre and WorkCentre Pro before 12.050.03.000, 13.x before  ...)
	NOT-FOR-US: Xerox WorkCentre
CVE-2006-6466 (Multiple cross-site scripting (XSS) vulnerabilities in WBmap.php in Wi ...)
	NOT-FOR-US: WikyBlog
CVE-2006-6465
	NOT-FOR-US: WikyBlog
CVE-2006-6464 (viewcart in Midicart accepts negative numbers in the Qty (quantity) fi ...)
	NOT-FOR-US: Midicart
CVE-2006-6463 (Unrestricted file upload vulnerability in admin/add.php in Midicart al ...)
	NOT-FOR-US: Midicart
CVE-2006-6462 (PHP remote file inclusion vulnerability in engine/oldnews.inc.php in C ...)
	NOT-FOR-US: CM68 News
CVE-2006-6461 (tr1.php in Yourfreeworld Stylish Text Ads Script allows remote attacke ...)
	NOT-FOR-US: Yourfreeworld Stylish Text Ads Script
CVE-2006-6460 (Yourfreeworld.com Short Url &amp; Url Tracker Script allows remote att ...)
	NOT-FOR-US: Yourfreeworld.com Short Url Script
CVE-2006-6459 (Cross-site scripting (XSS) vulnerability in toplist.php in PhpBB Topli ...)
	NOT-FOR-US: Toplist for phpBB
CVE-2006-6458 (The Trend Micro scan engine before 8.320 for Windows and before 8.150  ...)
	NOT-FOR-US: Trend Micro (Windows)
CVE-2006-6457 (tiki-wiki_rss.php in Tikiwiki 1.9.5, 1.9.2, and possibly other version ...)
	- tikiwiki <removed> (bug #404472)
	NOTE: Might be a mis-report, check with upstream
CVE-2006-6456 (Unspecified vulnerability in Microsoft Word 2000, 2002, and 2003 and W ...)
	NOT-FOR-US: Microsoft Word
CVE-2006-6455 (Multiple SQL injection vulnerabilities in admin/default.asp in DUware  ...)
	NOT-FOR-US: DUware
CVE-2006-6454 (execInBackground.php in J-OWAMP Web Interface 2.1b and earlier allows  ...)
	NOT-FOR-US: J-OWAMP Web Interface
CVE-2006-6453 (PHP remote file inclusion vulnerability in JOWAMP_ShowPage.php in J-OW ...)
	NOT-FOR-US: J-OWAMP Web Interface
CVE-2006-6452 (Multiple cross-site scripting (XSS) vulnerabilities in the MyArticles  ...)
	NOT-FOR-US: RunCMS
CVE-2006-6451 (Multiple cross-site scripting (XSS) vulnerabilities in SWsoft Plesk 8. ...)
	NOT-FOR-US: Plesk
CVE-2006-6450 (Multiple SQL injection vulnerabilities in dagent/downloadreport.asp in ...)
	NOT-FOR-US: Novell ZENworks Patch Management
CVE-2006-6449 (Vt-Forum Lite 1.3 and earlier store sensitive information under the we ...)
	NOT-FOR-US: Vt-Forum Lite
CVE-2006-6448 (Multiple SQL injection vulnerabilities in Vt-Forum Lite 1.3 and earlie ...)
	NOT-FOR-US: Vt-Forum
CVE-2006-6447 (Multiple cross-site scripting (XSS) vulnerabilities in Vt-Forum Lite 1 ...)
	NOT-FOR-US: Vt-Forum Lite
CVE-2006-6446 (SQL injection vulnerability in index.php in iWare Professional 5.0.4,  ...)
	NOT-FOR-US: iWare Professional
CVE-2006-6445 (Directory traversal vulnerability in error.php in Envolution 1.1.0 and ...)
	NOT-FOR-US: Envolution
CVE-2006-6444 (Stack-based buffer overflow in Nostra DivX Player 2.1, 2.2.00.0, and p ...)
	NOT-FOR-US: Nostra DivX Player
CVE-2006-6443 (Buffer overflow in the Novell Distributed Print Services (NDPS) Print  ...)
	NOT-FOR-US: Novell Distributed Print Services
CVE-2006-6442 (Stack-based buffer overflow in the SetClientInfo function in the CDDBC ...)
	NOT-FOR-US: America Online
CVE-2006-6441 (Xerox WorkCentre and WorkCentre Pro before 12.050.03.000, 13.x before  ...)
	NOT-FOR-US: Xerox WorkCentre and WorkCentre Pro
CVE-2006-6440 (Multiple unspecified vulnerabilities in Xerox WorkCentre and WorkCentr ...)
	NOT-FOR-US: Xerox WorkCentre and WorkCentre Pro
CVE-2006-6439 (Xerox WorkCentre and WorkCentre Pro before 12.050.03.000, 13.x before  ...)
	NOT-FOR-US: Xerox WorkCentre and WorkCentre Pro
CVE-2006-6438 (Xerox WorkCentre and WorkCentre Pro before 12.050.03.000, 13.x before  ...)
	NOT-FOR-US: Xerox WorkCentre and WorkCentre Pro
CVE-2006-6437 (ops3-dmn in Xerox WorkCentre and WorkCentre Pro before 12.050.03.000,  ...)
	NOT-FOR-US: Xerox WorkCentre and WorkCentre Pro
CVE-2006-6436 (Cross-site scripting (XSS) vulnerability in the Network controller in  ...)
	NOT-FOR-US: Xerox WorkCentre and WorkCentre Pro
CVE-2006-6435 (The SNMP implementation in Xerox WorkCentre and WorkCentre Pro before  ...)
	NOT-FOR-US: Xerox WorkCentre and WorkCentre Pro
CVE-2006-6434 (Unspecified vulnerability in the Web User Interface in Xerox WorkCentr ...)
	NOT-FOR-US: Xerox WorkCentre and WorkCentre Pro
CVE-2006-6433 (Xerox WorkCentre and WorkCentre Pro before 12.060.17.000, 13.x before  ...)
	NOT-FOR-US: Xerox WorkCentre and WorkCentre Pro
CVE-2006-6432 (Unspecified vulnerability in the Scan-to-mailbox feature in Xerox Work ...)
	NOT-FOR-US: Xerox WorkCentre and WorkCentre Pro
CVE-2006-6431 (Unspecified vulnerability in Xerox WorkCentre and WorkCentre Pro befor ...)
	NOT-FOR-US: Xerox WorkCentre and WorkCentre Pro
CVE-2006-6430 (Web services in Xerox WorkCentre and WorkCentre Pro before 12.060.17.0 ...)
	NOT-FOR-US: Xerox WorkCentre and WorkCentre Pro
CVE-2006-6429 (Xerox WorkCentre and WorkCentre Pro before 12.060.17.000, 13.x before  ...)
	NOT-FOR-US: Xerox WorkCentre and WorkCentre Pro
CVE-2006-6428 (Xerox WorkCentre and WorkCentre Pro before 12.060.17.000, 13.x before  ...)
	NOT-FOR-US: Xerox WorkCentre and WorkCentre Pro
CVE-2006-6427 (The Web User Interface in Xerox WorkCentre and WorkCentre Pro before 1 ...)
	NOT-FOR-US: Xerox WorkCentre and WorkCentre Pro
CVE-2006-6426 (PHP remote file inclusion vulnerability in design/thinkedit/render.php ...)
	NOT-FOR-US: ThinkEdit
CVE-2006-6425 (Stack-based buffer overflow in the IMAP daemon (IMAPD) in Novell NetMa ...)
	NOT-FOR-US: Novell NetMail
CVE-2006-6424 (Multiple buffer overflows in Novell NetMail before 3.52e FTF2 allow re ...)
	NOT-FOR-US: Novell NetMail
CVE-2006-6423 (Stack-based buffer overflow in the IMAP service for MailEnable Profess ...)
	NOT-FOR-US: MailEnable
CVE-2006-6422 (Agileco AgileBill 1.4.x and AgileVoice 1.4.x do not properly handle ce ...)
	NOT-FOR-US: AgileBill AgileVoice
CVE-2006-6421 (Cross-site scripting (XSS) vulnerability in the private message box im ...)
	- phpbb2 2.0.21-6 (medium)
	[sarge] - phpbb2 <not-affected>
CVE-2006-6420 (Multiple cross-site scripting (XSS) vulnerabilities in jce.php in the  ...)
	NOT-FOR-US: Joomla Content Editor (JCE)
CVE-2006-6419 (jce.php in the JCE Admin Component in Ryan Demmer Joomla Content Edito ...)
	NOT-FOR-US: Joomla Content Editor (JCE)
CVE-2006-6418 (Buffer overflow in the POSIX Threads library (libpthread) on HP Tru64  ...)
	NOT-FOR-US: HP Tru64 UNIX
CVE-2006-6417 (PHP remote file inclusion vulnerability in inc/CONTROL/import/import-m ...)
	- b2evolution <not-affected> (vulnerable code added later)
CVE-2006-6416 (Multiple PHP remote file inclusion vulnerabilities in PhpLeague - Univ ...)
	NOT-FOR-US: PhpLeague
CVE-2006-6415
	NOT-FOR-US: phpAdsNew
CVE-2006-6414 (Multiple SQL injection vulnerabilities in dettaglio.asp in dol storye  ...)
	NOT-FOR-US: dol storye
CVE-2006-6413 (Cross-site scripting (XSS) vulnerability in Amateras sns 3.11 and earl ...)
	NOT-FOR-US: Amateras sns
CVE-2006-6412
	RESERVED
CVE-2006-6411 (PhoneCtrl.exe in Linksys WIP 330 Wireless-G IP Phone 1.00.06A allows r ...)
	NOT-FOR-US: Linksys
CVE-2006-6410 (Buffer overflow in an ActiveX control in VMWare 5.5.1 allows local use ...)
	NOT-FOR-US: VMware
CVE-2006-6409 (F-Secure Anti-Virus for Linux Gateways 4.65 allows remote attackers to ...)
	NOT-FOR-US: F-Secure
CVE-2006-6408 (Kaspersky Anti-Virus for Linux Mail Servers 5.5.10 allows remote attac ...)
	NOT-FOR-US: Kaspersky
CVE-2006-6407 (F-Prot Antivirus for Linux x86 Mail Servers 4.6.6 allows remote attack ...)
	NOT-FOR-US: F-Prot
CVE-2006-6406 (Clam AntiVirus (ClamAV) 0.88.6 allows remote attackers to bypass virus ...)
	{DSA-1238-1}
	- clamav 0.88.7-1 (medium; bug #401873)
CVE-2006-6405 (BitDefender Mail Protection for SMB 2.0 allows remote attackers to byp ...)
	NOT-FOR-US: BitDefender
CVE-2006-6404 (INNOVATION Data Processing FDR/UPSTREAM 3.3.0 (GA Oct 2003) allows rem ...)
	NOT-FOR-US: Innovation Data Processing's FDR Backup
CVE-2006-6403 (mystats.php in MyStats 1.0.8 and earlier allows remote attackers to ob ...)
	NOT-FOR-US: MyStats
CVE-2006-6402 (SQL injection vulnerability in mystats.php in MyStats 1.0.8 and earlie ...)
	NOT-FOR-US: MyStats
CVE-2006-6401 (Multiple cross-site scripting (XSS) vulnerabilities in mystats.php in  ...)
	NOT-FOR-US: MyStats
CVE-2006-6400 (Buffer overflow in JustSystems Hanako 2004 through 2006, Hanako viewer ...)
	NOT-FOR-US: JustSystems
CVE-2006-6399 (SQL injection vulnerability in Superfreaker Studios UPublisher 1.0 all ...)
	NOT-FOR-US: Superfreaker Studios UPublisher
CVE-2006-6398 (Multiple SQL injection vulnerabilities in Superfreaker Studios UPublis ...)
	NOT-FOR-US: Superfreaker Studios UPublisher
CVE-2006-6397
	NOTE: not a vuln
CVE-2006-6396 (Stack-based buffer overflow in BlazeVideo HDTV Player 2.1, and possibl ...)
	NOT-FOR-US: BlazeVideo HDTV Player
CVE-2006-6395 (Multiple memory leaks in Ulrik Petersen Emdros Database Engine before  ...)
	NOT-FOR-US: Ulrik Petersen Emdros Database Engine
CVE-2006-6394 (SQL injection vulnerability in certain database classes in Jonas Gauff ...)
	NOT-FOR-US: Jonas Gauffin Publicera
CVE-2006-6393 (Cross-site scripting (XSS) vulnerability in Jonas Gauffin Publicera 1. ...)
	NOT-FOR-US: Jonas Gauffin Publicera
CVE-2006-6392 (Directory traversal vulnerability in index.php in plx Web Studio (aka  ...)
	NOT-FOR-US: plxWebDev
CVE-2006-6391 (Multiple directory traversal vulnerabilities in Open Solution Quick.Ca ...)
	NOT-FOR-US: Open Solution Quick.Cart
CVE-2006-6390 (Multiple directory traversal vulnerabilities in Open Solution Quick.Ca ...)
	NOT-FOR-US: Open Solution Quick.Cart
CVE-2006-6389 (Multiple cross-site scripting (XSS) vulnerabilities in ac4p Mobile all ...)
	NOT-FOR-US: ac4p Mobile
CVE-2006-6388 (Cross-site scripting (XSS) vulnerability in naprednaPretraga.php in LI ...)
	NOT-FOR-US: LINK Content Management Server
CVE-2006-6387 (Multiple SQL injection vulnerabilities in LINK Content Management Serv ...)
	NOT-FOR-US: LINK Content Management Server
CVE-2006-6386 (Cross-site scripting (XSS) vulnerability in the CVS management/tracker ...)
	NOT-FOR-US: CVS management/tracker (drupal plugin)
CVE-2006-6384 (Absolute path traversal vulnerability in abitwhizzy.php before 2006120 ...)
	NOT-FOR-US: abitwhizzy.php
CVE-2006-6383 (PHP 5.2.0 and 4.4 allows local users to bypass safe_mode and open_base ...)
	- php5 <removed> (unimportant)
	- php4 <removed> (unimportant)
	NOTE: safe-mode and basedir violations not treated as security issues
CVE-2006-6382 (The control panel for Positive Software H-Sphere before 2.5.0 RC3 crea ...)
	NOT-FOR-US: Positive Software H-Sphere
CVE-2006-6381 (Directory traversal vulnerability in getfile.asp in Ultimate HelpDesk  ...)
	NOT-FOR-US: Ultimate HelpDesk
CVE-2006-6380 (Cross-site scripting (XSS) vulnerability in index.asp in Ultimate Help ...)
	NOT-FOR-US: Ultimate HelpDesk
CVE-2006-6379 (Buffer overflow in the BrightStor Backup Discovery Service in multiple ...)
	NOT-FOR-US: BrightStor Backup Discovery Service
CVE-2006-6378 (BTSaveMySql 1.2 stores sensitive data under the web root with insuffic ...)
	NOT-FOR-US: BTSaveMySql
CVE-2006-6377 (Uploadscript 1.2 and earlier stores sensitive data under the web root  ...)
	NOT-FOR-US: Uploadscript
CVE-2006-6376 (Multiple directory traversal vulnerabilities in fm.php in Simple File  ...)
	NOT-FOR-US: Simple File Manager
CVE-2006-6375 (Cross-site scripting (XSS) vulnerability in display.php in Simple Mach ...)
	NOT-FOR-US: Simple machines Forum
CVE-2006-6374 (Multiple CRLF injection vulnerabilities in PhpMyAdmin 2.7.0-pl2 allow  ...)
	- phpmyadmin <not-affected> (low; bug #404744)
	[sarge] - phpmyadmin <not-affected> (doesn't use sessions at all)
	[etch] - phpmyadmin <not-affected> (not exploitable with Etch's php versions)
	NOTE: not exploitable with PHP 5.1.2+ and 4.4.2+
	NOTE: https://www.phpmyadmin.net/security/PMASA-2007-1/
	NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/c9d93f63940fe960d3b6341d8bfb7b707c87e744
CVE-2006-6373 (PhpMyAdmin 2.7.0-pl2 allows remote attackers to obtain sensitive infor ...)
	- phpmyadmin 4:2.9.1.1-1 (unimportant)
	NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/98575f4e563c9323df597e2a9783e637b00b87e9
	NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/416285c4930ed24504edf58774384db4ffec1f86
	NOTE: The commits are both the same but they seem to be cherry-picks one of the other at some point
	NOTE: https://www.phpmyadmin.net/security/PMASA-2006-8/
	NOTE: path is known in Debian anyway
CVE-2006-6372 (Multiple cross-site scripting (XSS) vulnerabilities in pbguestbook.php ...)
	NOT-FOR-US: JAB Guest Book
CVE-2006-6371 (Cross-site scripting (XSS) vulnerability in pbguestbook.php in JAB Gue ...)
	NOT-FOR-US: JAB Guest Book
CVE-2006-6370 (SQL injection vulnerability in forum/modules/gallery/post.php in Invis ...)
	NOT-FOR-US: Invision Gallery
CVE-2006-6369 (SQL injection vulnerability in lib/entry_reply_entry.php in Invision C ...)
	NOT-FOR-US: Invision Community Blog Mod
CVE-2006-6385 (Stack-based buffer overflow in Intel PRO 10/100, PRO/1000, and PRO/10G ...)
	NOT-FOR-US: Affects only Windows despite other claims
CVE-2006-6368 (PHP remote file inclusion vulnerability in login.php.inc in awrate 1.0 ...)
	NOT-FOR-US: awrate
CVE-2006-6367 (Multiple SQL injection vulnerabilities in detail.asp in DUware DUdownl ...)
	NOT-FOR-US: Duware
CVE-2006-6366 (Cross-site scripting (XSS) vulnerability in includes/elements/spellche ...)
	NOT-FOR-US: Cerberus Helpdesk
CVE-2006-6365 (SQL injection vulnerability in detail.asp in DUware DUpaypal 3.1, and  ...)
	NOT-FOR-US: Duware
CVE-2006-6364 (Cross-site scripting (XSS) vulnerability in error.php in Inside System ...)
	NOT-FOR-US: Inside Systems Mail (ISMail)
CVE-2006-6363 (Cross-site scripting (XSS) vulnerability in admin.pl in BlueSocket Sec ...)
	NOT-FOR-US: BlueSocket Secure Controller
CVE-2006-6362
	REJECTED
CVE-2006-6361 (Heap-based buffer overflow in the uploadprogress_php_rfc1867_file func ...)
	NOT-FOR-US: Bitflux Upload Progress Mete
CVE-2006-6360 (PHP remote file inclusion vulnerability in activate.php in PHP Upload  ...)
	NOT-FOR-US: PHP Upload Center
CVE-2006-6359 (Cross-site scripting (XSS) vulnerability in Stefan Frech online-bookma ...)
	NOT-FOR-US: Stefan Frech online-bookmarks
CVE-2006-6358 (SQL injection vulnerability in the login function in auth.inc in Stefa ...)
	NOT-FOR-US: Stefan Frech online-bookmarks
CVE-2006-6357 (Cross-site scripting (XSS) vulnerability in templates/cat_temp.php in  ...)
	NOT-FOR-US: PHPNews
CVE-2006-6356 (Multiple cross-site scripting (XSS) vulnerabilities in templates/link_ ...)
	NOT-FOR-US: PHPNews
CVE-2006-6355 (SQL injection vulnerability in default.asp in DuWare DuClassmate allow ...)
	NOT-FOR-US: DuWare
CVE-2006-6354 (Multiple SQL injection vulnerabilities in detail.asp in DuWare DuNews  ...)
	NOT-FOR-US: DuWare
CVE-2006-6353 (Multiple unspecified vulnerabilities in BOMArchiveHelper in Mac OS X a ...)
	NOT-FOR-US: Mac OS X
CVE-2006-6352 (FRISK Software F-Prot Antivirus before 4.6.7 allows user-assisted remo ...)
	NOT-FOR-US: F-Prot Antivirus
CVE-2006-6351 (KhaledMuratList stores sensitive data under the web root with insuffic ...)
	NOT-FOR-US: KhaledMuratList
CVE-2006-6350 (listpics 5 stores sensitive data under the web root with insufficient  ...)
	NOT-FOR-US: listpics 5
CVE-2006-6349 (Multiple SQL injection vulnerabilities in PWP Technologies The Classif ...)
	NOT-FOR-US: PWP Technologies The Classified Ad System
CVE-2006-6348 (Cross-site scripting (XSS) vulnerability in board.php in mowdBB RC-6 a ...)
	NOT-FOR-US: mowdBB
CVE-2006-6347 (Unrestricted file upload vulnerability in TFT-Gallery allows remote au ...)
	NOT-FOR-US: TFT-Gallery
CVE-2006-6346 (Unspecified vulnerability in SAP Internet Graphics Service (IGS) 6.40  ...)
	NOT-FOR-US: SAP
CVE-2006-6345 (Directory traversal vulnerability in SAP Internet Graphics Service (IG ...)
	NOT-FOR-US: SAP
CVE-2006-6344 (Multiple unspecified vulnerabilities in Neocrome Seditio 1.10 and earl ...)
	NOT-FOR-US: Neocrome Seditio
CVE-2006-6343 (SQL injection vulnerability in polls.php in Neocrome Seditio 1.10 and  ...)
	NOT-FOR-US: Neocrome Seditio
CVE-2006-6342 (Multiple SQL injection vulnerabilities in KLF-DESIGN (aka Kim L. Frase ...)
	NOT-FOR-US: KLF-DESIGN
CVE-2006-6341 (Multiple PHP remote file inclusion vulnerabilities in mg.applanix 1.3. ...)
	NOT-FOR-US: mg.applanix
CVE-2006-6340 (keystone.exe in nVIDIA nView allows attackers to cause a denial of ser ...)
	NOT-FOR-US: nVIDIA nView
CVE-2006-6339 (SQL injection vulnerability in sites/index.php in deV!L`z Clanportal ( ...)
	NOT-FOR-US: deV!L`z Clanportal
CVE-2006-6338 (Unrestricted file upload vulnerability in upload/index.php in deV!L`z  ...)
	NOT-FOR-US: deV!L`z Clanportal
CVE-2006-6337 (Multiple SQL injection vulnerabilities in giris.asp in Aspee and Dogan ...)
	NOT-FOR-US: Aspee Ziyaretci Defteri
CVE-2006-6336 (Heap-based buffer overflow in the Mail Management Server (MAILMA.exe)  ...)
	NOT-FOR-US: Eudora WorldMail
CVE-2006-6335 (Multiple buffer overflows in Sophos Anti-Virus scanning engine before  ...)
	NOT-FOR-US: Sophos Anti-Virus
CVE-2006-6334 (Heap-based buffer overflow in the SendChannelData function in wfica.oc ...)
	NOT-FOR-US: Citrix Presentation Server Client
CVE-2006-6333 (The tr_rx function in ibmtr.c for Linux kernel 2.6.19 assigns the wron ...)
	- linux-2.6 2.6.20-1
	[etch] - linux-2.6 <not-affected> (Only affects 2.6.19, introduced after 2.6.18)
CVE-2006-6332 (Stack-based buffer overflow in net80211/ieee80211_wireless.c in MadWif ...)
	- madwifi 1:0.9.2+r1842.20061207-2 (high; bug #402836; bug #402111)
	[etch] - madwifi <no-dsa> (Non-free not supported)
CVE-2006-6331 (metaInfo.php in TorrentFlux 2.2, when $cfg["enable_file_priority"] is  ...)
	- torrentflux 2.1-7 (bug #400582; medium)
CVE-2006-6330 (index.php for TorrentFlux 2.2 allows remote registered users to execut ...)
	- torrentflux 2.1-6 (bug #399169; medium)
CVE-2006-6329 (index.php for TorrentFlux 2.2 allows remote attackers to delete files  ...)
	- torrentflux 2.1-6 (bug #399169)
CVE-2006-6328 (Directory traversal vulnerability in index.php for TorrentFlux 2.2 all ...)
	- torrentflux 2.1-5 (bug #395930; medium)
	NOTE: duplicate of CVE-2006-5609
CVE-2006-6327
	RESERVED
CVE-2006-6326
	RESERVED
CVE-2006-6325
	RESERVED
CVE-2006-6324
	RESERVED
CVE-2006-6323
	RESERVED
CVE-2006-6322
	RESERVED
CVE-2006-6321
	RESERVED
CVE-2006-6320
	RESERVED
CVE-2006-6319
	RESERVED
CVE-2006-6318 (The show_elog_list function in elogd.c in elog 2.6.2 and earlier allow ...)
	{DSA-1242-1}
	- elog 2.6.2+r1754-1
CVE-2006-6317
	RESERVED
CVE-2006-6316
	RESERVED
CVE-2006-6315
	RESERVED
CVE-2006-6314
	RESERVED
CVE-2006-6313
	RESERVED
CVE-2006-6312
	RESERVED
CVE-2006-6311 (Microsoft Internet Explorer 6.0.2900.2180 allows remote attackers to c ...)
	NOT-FOR-US: Microsoft
CVE-2006-6310 (Microsoft Internet Explorer 6.0 SP1 and earlier allows remote attacker ...)
	NOT-FOR-US: Microsoft
CVE-2006-6309 (Multiple array index errors in IBM Tivoli Storage Manager (TSM) before ...)
	NOT-FOR-US: Tivoli
CVE-2006-6308
	NOT-FOR-US: Symantec LiveState
CVE-2006-6307 (srvloc.sys in Novell Client for Windows before 4.91 SP3 allows remote  ...)
	NOT-FOR-US: Novell Netware
CVE-2006-6306 (Format string vulnerability in Novell Modular Authentication Services  ...)
	NOT-FOR-US: Novell Netware
CVE-2006-6305 (Unspecified vulnerability in Net-SNMP 5.3 before 5.3.0.1, when configu ...)
	- net-snmp <not-affected> (Only affects version 5.3.0)
CVE-2006-6304 (The do_coredump function in fs/exec.c in the Linux kernel 2.6.19 sets  ...)
	- linux-2.6 <not-affected> (Only affects plain 2.6.19)
CVE-2006-6303 (The read_multipart function in cgi.rb in Ruby before 1.8.5-p2 does not ...)
	NOTE: http://www.ruby-lang.org/en/news/2006/12/04/another-dos-vulnerability-in-cgi-library/
	- ruby1.8 1.8.5-4 (low)
CVE-2006-6300 (Cross-site scripting (XSS) vulnerability in CuteNews 1.3.6 allows remo ...)
	NOT-FOR-US: CuteNews
CVE-2006-6299 (Integer overflow in Msg.dll in Novell ZENworks 7 Asset Management (ZAM ...)
	NOT-FOR-US: Novell ZENworks
CVE-2006-6298 (SQL injection vulnerability in uye_giris_islem.asp in Metyus Okul Yone ...)
	NOT-FOR-US: Metyus Okul Yonetim Sistemi
CVE-2006-6297 (Stack consumption vulnerability in the KFILE JPEG (kfile_jpeg) plugin  ...)
	- kdegraphics <unfixed> (unimportant)
	NOTE: Generic bug, treating it as a security problem is quite a stretch
CVE-2006-6296 (The RpcGetPrinterData function in the Print Spooler (spoolsv.exe) serv ...)
	NOT-FOR-US: Microsoft
CVE-2006-6295 (PHP remote file inclusion vulnerability in includes/mx_common.php in t ...)
	NOT-FOR-US: MxBB Portal
CVE-2006-6294 (Multiple unspecified vulnerabilities in FRISK Software F-Prot Antiviru ...)
	NOT-FOR-US: F-Prot Antivirus
CVE-2006-6293 (Heap-based buffer overflow in FRISK Software F-Prot Antivirus before 4 ...)
	NOT-FOR-US: F-Prot Antivirus
CVE-2006-6292 (Apple Airport Extreme firmware 0.1.27 in Mac OS X 10.4.8 on Mac mini,  ...)
	NOT-FOR-US: Apple Airport
CVE-2006-6291 (Stack overflow in the IMAP module (MEIMAPS.EXE) in MailEnable Professi ...)
	NOT-FOR-US: MailEnable Professional
CVE-2006-6290 (Multiple stack-based buffer overflows in the IMAP module (MEIMAPS.EXE) ...)
	NOT-FOR-US: MailEnable
CVE-2006-6289 (Woltlab Burning Board (wBB) Lite 1.0.2 does not properly unset variabl ...)
	NOT-FOR-US: Woltlab Burning Board
CVE-2006-6288 (Multiple buffer overflows in Niek Albers CoolPlayer 216 and earlier al ...)
	NOT-FOR-US: Niek Albers CoolPlayer
CVE-2006-6287 (Stack-based buffer overflow in AtomixMP3 2.3 and earlier allows remote ...)
	NOT-FOR-US: AtomixMP3
CVE-2006-6286 (Palm Desktop 4.1.4 and earlier stores user data with weak permissions  ...)
	NOT-FOR-US: Palm Desktop
CVE-2006-6285
	NOT-FOR-US: Kai Blankenhorn Bitfolge
CVE-2006-6284 (Directory traversal vulnerability in admin.php in Vikingboard 0.1.2 al ...)
	NOT-FOR-US: Vikingboard
CVE-2006-6283 (Multiple cross-site scripting (XSS) vulnerabilities in Vikingboard 0.1 ...)
	NOT-FOR-US: Vikingboard
CVE-2006-6282 (members.php in Vikingboard 0.1.2 allows remote attackers to trigger a  ...)
	NOT-FOR-US: Vikingboard
CVE-2006-6281 (PHP remote file inclusion vulnerability in check_status.php in dicshun ...)
	NOT-FOR-US: dicshunary
CVE-2006-6280 (SQL injection vulnerability in viewthread.php in Oxygen (O2PHP Bulleti ...)
	NOT-FOR-US: Oxygen (O2PHP Bulletin Board)
CVE-2006-6279 (index.php in @lex Guestbook 4.0.1 allows remote attackers to obtain se ...)
	NOT-FOR-US: @lex Guestbook
CVE-2006-6278 (Cross-site scripting (XSS) vulnerability in index.php in @lex Guestboo ...)
	NOT-FOR-US: @lex Guestbook
CVE-2006-6277 (Directory traversal vulnerability in admin/FileServer.php in ContentSe ...)
	NOT-FOR-US: ContentServ
CVE-2006-6276 (HTTP request smuggling vulnerability in Sun Java System Proxy Server b ...)
	NOT-FOR-US: Sun Java System Proxy Server
CVE-2006-6275 (Race condition in the kernel in Sun Solaris 8 through 10 allows local  ...)
	NOT-FOR-US: Solaris
CVE-2006-6274 (SQL injection vulnerability in articles.asp in Expinion.net iNews (1)  ...)
	NOT-FOR-US: Expinion.net iNews
CVE-2006-6302 (fail2ban 0.7.4 and earlier does not properly parse sshd log files, whi ...)
	- fail2ban <not-affected> (looks fixed in 0.6, see #401793)
CVE-2006-6301 (DenyHosts 2.5 does not properly parse sshd log files, which allows rem ...)
	- denyhosts 2.6-1 (medium; bug #401795)
CVE-2006-6273 (sp_index.php in Simple PHP Gallery 1.1 allows remote attackers to obta ...)
	NOT-FOR-US: Simple PHP Gallery
CVE-2006-6272 (Cross-site scripting (XSS) vulnerability in sp_index.php in Simple PHP ...)
	NOT-FOR-US: Simple PHP Gallery
CVE-2006-6271 (Multiple cross-site scripting (XSS) vulnerabilities in PHPOLL 0.96 all ...)
	NOT-FOR-US: PHPOLL
CVE-2006-6270 (Multiple SQL injection vulnerabilities in ASPMForum allow remote attac ...)
	NOT-FOR-US: ASPMForum
CVE-2006-6269 (Multiple SQL injection vulnerabilities in Infinitytechs Restaurants CM ...)
	NOT-FOR-US: Infinitytechs Restaurants CM
CVE-2006-6268 (SQL injection vulnerability in system/core/profile/profile.inc.php in  ...)
	NOT-FOR-US: Neocrome Land Down Under
CVE-2006-6267 (PostNuke 0.7.5.0, and certain minor versions, allows remote attackers  ...)
	NOT-FOR-US: PostNuke
CVE-2006-6266 (Teredo clients, when following item 6 of RFC4380 section 5.2.3, start  ...)
	NOTE: It seems that no significant packet amplification takes place.
	NOTE: Probably harmless.
CVE-2006-6265 (Teredo clients, when located behind a restricted NAT, allow remote att ...)
	NOTE: Potential firewall bypass is inherent to tunneling software.
	NOTE: Not a bug.
CVE-2006-6264 (Teredo creates trusted peer entries for arbitrary incoming source Tere ...)
	NOTE: Potential firewall bypass is inherent to tunneling software.
	NOTE: Not a bug.
CVE-2006-6263 (Teredo clients, when source routing is enabled, recognize a Routing he ...)
	NOTE: Potential firewall bypass is inherent to tunneling software.
	NOTE: Not a bug.
CVE-2006-6262 (Directory traversal vulnerability in mboard.php in PHPJunkYard (aka Kl ...)
	NOT-FOR-US: PHPJunkYard MBoard
CVE-2006-6261 (Buffer overflow in Quintessential Player 4.50.1.82 and earlier allows  ...)
	NOT-FOR-US: Quintessential Player
CVE-2006-6260 (SQL injection vulnerability in login.asp in Redbinaria Sistema Integra ...)
	NOT-FOR-US: Redbinaria Sistema Integrado de Administracion de Portales (SIAP)
CVE-2006-6259 (Multiple directory traversal vulnerabilities in (a) class/functions.ph ...)
	NOT-FOR-US: AlternC
CVE-2006-6258 (The phpmyadmin subsystem in AlternC 0.9.5 and earlier transmits the SQ ...)
	NOT-FOR-US: AlternC
CVE-2006-6257 (The file manager in AlternC 0.9.5 and earlier, when warnings are enabl ...)
	NOT-FOR-US: AlternC
CVE-2006-6256 (Cross-site scripting (XSS) vulnerability in the file manager in admin/ ...)
	NOT-FOR-US: AlternC
CVE-2006-6255 (Direct static code injection vulnerability in util.php in the NukeAI 0 ...)
	NOT-FOR-US: NukeAI
CVE-2006-6254 (administration/telecharger.php in Cahier de texte 2.0 allows remote at ...)
	NOT-FOR-US: Cahier de texte
CVE-2006-6253 (Cahier de texte 2.0 stores sensitive information under the web root, p ...)
	NOT-FOR-US: Cahier de texte
CVE-2006-6252 (Microsoft Windows Live Messenger 8.0 and earlier, when gestual emotico ...)
	NOT-FOR-US: Microsoft Windows Live Messenger
CVE-2006-6251 (Stack-based buffer overflow in VUPlayer 2.44 and earlier allows remote ...)
	NOT-FOR-US: VUPlayer
CVE-2006-6250 (Format string vulnerability in Songbird Media Player 0.2 and earlier a ...)
	NOT-FOR-US: Songbird Media Player
CVE-2006-6249 (Cross-site scripting (XSS) vulnerability in Chama Cargo 4.36 and earli ...)
	NOT-FOR-US: Chama Cargo
CVE-2006-6248 (index.php in GPhotos 1.5 allows remote attackers to obtain sensitive i ...)
	NOT-FOR-US: GPhotos
CVE-2006-6247 (Multiple SQL injection vulnerabilities in Uapplication UPhotoGallery 1 ...)
	NOT-FOR-US: UPhotoGallery
CVE-2006-6246 (Photo Organizer 2.32b and earlier does not properly check the ownershi ...)
	NOT-FOR-US: Photo Organizer
CVE-2006-6245 (Multiple SQL injection vulnerabilities in Photo Organizer (PO) 2.32b a ...)
	NOT-FOR-US: Photo Organizer
CVE-2006-6244 (Coalescent Systems freePBX (formerly Asterisk Management Portal) befor ...)
	NOT-FOR-US: Coalescent Systems freePBX
CVE-2006-6243 (Multiple SQL injection vulnerabilities in index.asp in FipsSHOP allow  ...)
	NOT-FOR-US: FipsSHOP
CVE-2006-6242 (Multiple directory traversal vulnerabilities in Serendipity 1.0.3 and  ...)
	- serendipity 1.0.4-1 (unimportant; bug #401614)
	NOTE: Only exploitable with register_globals
CVE-2006-6241 (Sorin Chitu Telnet-FTP Server 1.0 allows remote authenticated users to ...)
	NOT-FOR-US: Sorin Chitu Telnet-FTP Server
CVE-2006-6240 (Directory traversal vulnerability in Sorin Chitu Telnet-FTP Server 1.0 ...)
	NOT-FOR-US: Sorin Chitu Telnet-FTP Server
CVE-2006-6239 (webadmin in MailEnable NetWebAdmin Professional 2.32 and Enterprise 2. ...)
	NOT-FOR-US: MailEnable NetWebAdmin
CVE-2006-6238 (The AutoFill feature in Apple Safari 2.0.4 does not properly verify th ...)
	NOT-FOR-US: Apple Safari
CVE-2006-6237 (SQL injection vulnerability in the decode_cookie function in thread.ph ...)
	NOT-FOR-US: Woltlab Burning Board Lite
CVE-2006-6236 (Adobe Reader (Adobe Acrobat Reader) 7.0 through 7.0.8 allows remote at ...)
	NOT-FOR-US: Acrobat Reader
CVE-2006-6235 (A "stack overwrite" vulnerability in GnuPG (gpg) 1.x before 1.4.6, 2.x ...)
	{DSA-1231-1}
	- gnupg 1.4.6-1 (high; bug #401894; bug #401898; bug #401914)
	- gnupg2 2.0.0-5.2 (high; bug #401895; bug #401913)
CVE-2006-6234 (Multiple SQL injection vulnerabilities in the Content module in PHP-Nu ...)
	NOT-FOR-US: PHP-Nuke
CVE-2006-6233 (SQL injection vulnerability in the Downloads module for unknown versio ...)
	NOT-FOR-US: PostNuke
CVE-2006-6232 (PHP remote file inclusion vulnerability in admin/index.php in DreamAcc ...)
	NOT-FOR-US: DreamAccount
CVE-2006-6231 (vuBB 0.2.1 and earlier allows remote attackers to obtain sensitive inf ...)
	NOT-FOR-US: VuBB
CVE-2006-6230 (SQL injection vulnerability in vuBB 0.2.1 and earlier allows remote at ...)
	NOT-FOR-US: VuBB
CVE-2006-6229 (Codewalkers ltwCalendar (aka PHP Event Calendar) before 4.2.1 logs fai ...)
	NOT-FOR-US: Codewalkers ltwCalendar
CVE-2006-6228 (Cross-site scripting (XSS) vulnerability in Codewalkers ltwCalendar (a ...)
	NOT-FOR-US: Codewalkers ltwCalendar
CVE-2006-6227 (The Core::Receive function in neonet/core.cpp for NeoEngine 0.8.2 and  ...)
	NOT-FOR-US: NeoEngine
CVE-2006-6226 (Multiple format string vulnerabilities in NeoEngine 0.8.2 and earlier, ...)
	NOT-FOR-US: NeoEngine
CVE-2006-6225 (Multiple PHP remote file inclusion vulnerabilities in GeekLog 1.4 allo ...)
	NOT-FOR-US: GeekLog
CVE-2006-6224 (PHP remote file inclusion vulnerability in the installation scripts in ...)
	NOT-FOR-US: Puntal
CVE-2006-6223 (Cross-site scripting (XSS) vulnerability in Google Search Appliance an ...)
	NOT-FOR-US: Google Search Appliance
CVE-2006-6222 (Stack-based buffer overflow in the NetBackup bpcd daemon (bpcd.exe) in ...)
	NOT-FOR-US: Symantec Veritas NetBackup
CVE-2006-6221 (2X ThinClientServer Enterprise Edition before 4.0.2248 allows remote a ...)
	NOT-FOR-US: 2X ThinClientServer Enterprise Edition
CVE-2006-6220 (Multiple SQL injection vulnerabilities in Recipes Website (Recipes Com ...)
	NOT-FOR-US: Recipes Complete Website
CVE-2006-6219 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in de ...)
	NOT-FOR-US: dev4u CMS
CVE-2006-6218 (Multiple SQL injection vulnerabilities in index.php in dev4u CMS allow ...)
	NOT-FOR-US: dev4u CMS
CVE-2006-6217 (PHP remote file inclusion vulnerability in formdisp.php in the Mermaid ...)
	NOT-FOR-US: Mermaid module for PHP-NUKE
CVE-2006-6216 (SQL injection vulnerability in admin_hacks_list.php in the Nivisec Hac ...)
	NOT-FOR-US: Nivisec Hacks List
CVE-2006-6215 (Multiple SQL injection vulnerabilities in Wallpaper Website (Wallpaper ...)
	NOT-FOR-US: Wallpaper Complete Website
CVE-2006-6214 (SQL injection vulnerability in wallpaper.php in Wallpaper Website (Wal ...)
	NOT-FOR-US: Wallpaper Complete Website
CVE-2006-6213 (index.php in PEGames uses the extract function to overwrite critical v ...)
	NOT-FOR-US: PEGames
CVE-2006-6212 (PHP remote file inclusion vulnerability in centre.php in Site News (si ...)
	NOT-FOR-US: Site News
CVE-2006-6211 (Multiple cross-site scripting (XSS) vulnerabilities in BirdBlog 1.4.0  ...)
	NOT-FOR-US: BirdBlog
CVE-2006-6210 (SQL injection vulnerability in listpics.asp in ASP ListPics 5.0 allows ...)
	NOT-FOR-US: ASP ListPics
CVE-2006-6209 (Multiple SQL injection vulnerabilities in MidiCart ASP Shopping Cart a ...)
	NOT-FOR-US: MidiCart ASP Shopping Cart
CVE-2006-6208 (Multiple SQL injection vulnerabilities in Enthrallweb eClassifieds all ...)
	NOT-FOR-US: Enthreallweb eClassifieds
CVE-2006-6207
	NOT-FOR-US: Evolve Merchant
CVE-2006-6206 (SQL injection vulnerability in item.asp in WarHound General Shopping C ...)
	NOT-FOR-US: WarHound General Shopping Cart
CVE-2006-6205 (Multiple cross-site scripting (XSS) vulnerabilities in result.asp in E ...)
	NOT-FOR-US: Enthrallweb eHomes
CVE-2006-6204 (Multiple SQL injection vulnerabilities in Enthrallweb eHomes allow rem ...)
	NOT-FOR-US: Enthrallweb eHomes
CVE-2006-6203 (Directory traversal vulnerability in startdown.php in the Flyspray ME  ...)
	NOT-FOR-US: Flyspray componenten for Mamba, this appears to be different from the Flyspray bug tracker
CVE-2006-6202 (PHP remote file inclusion vulnerability in modules/NukeAI/util.php in  ...)
	NOT-FOR-US: PHP-Nuke
CVE-2006-6201 (Heap-based buffer overflow in Borland idsql32.dll 5.1.0.4, as used by  ...)
	NOT-FOR-US: Borland idsql32.dll
CVE-2006-6200 (Multiple SQL injection vulnerabilities in the (1) rate_article and (2) ...)
	NOT-FOR-US: PHP-Nuke
CVE-2006-6199 (Stack-based buffer overflow in BlazeVideo BlazeDVD Standard and Profes ...)
	NOT-FOR-US: BlazeVideo BlazeDVD
CVE-2006-6198 (Multiple cross-site scripting (XSS) vulnerabilities in cPanel WebHost  ...)
	NOT-FOR-US: cPanel
CVE-2006-6197 (Multiple cross-site scripting (XSS) vulnerabilities in b2evolution 1.8 ...)
	- b2evolution <not-affected> (0.9 releases not vulnerable)
CVE-2006-6196 (Cross-site scripting (XSS) vulnerability in the search functionality i ...)
	NOT-FOR-US: Fixit iDMS Pro Image Gallery
CVE-2006-6195 (Multiple SQL injection vulnerabilities in Fixit iDMS Pro Image Gallery ...)
	NOT-FOR-US: Fixit iDMS Pro Image Gallery
CVE-2006-6194 (Multiple SQL injection vulnerabilities in index.asp in Ultimate Survey ...)
	NOT-FOR-US: Ultimate Survey Pro
CVE-2006-6193 (SQL injection vulnerability in edit.asp in BasicForum 1.1 and earlier  ...)
	NOT-FOR-US: BasicForum
CVE-2006-6192 (Unspecified scripts in the admin directory in 8pixel.net SimpleBlog 3. ...)
	NOT-FOR-US: 8pixel.net SimpleBlog
CVE-2006-6191 (SQL injection vulnerability in admin/edit.asp in 8pixel.net simpleblog ...)
	NOT-FOR-US: 8pixel.net SimpleBlog
CVE-2006-6190 (SQL injection vulnerability in anna.pl in Anna^ IRC Bot before 0.30 (a ...)
	NOT-FOR-US: Anna^ IRC Bot
CVE-2006-6189 (SQL injection vulnerability in displayCalendar.asp in ClickTech Click  ...)
	NOT-FOR-US: ClickTech Click Blog
CVE-2006-6188 (Cross-site scripting (XSS) vulnerability in view_search.asp in ClickTe ...)
	NOT-FOR-US: ClickTech Click Gallery
CVE-2006-6187 (Multiple SQL injection vulnerabilities in ClickTech Click Gallery allo ...)
	NOT-FOR-US: ClickTech Click Gallery
CVE-2006-6186 (Multiple directory traversal vulnerabilities in enomphp 4.0 allow remo ...)
	NOT-FOR-US: enomphp
CVE-2006-6185 (Directory traversal vulnerability in script.php in Wabbit PHP Gallery  ...)
	NOT-FOR-US: Wabbit PHP Gallery
CVE-2006-6184 (Multiple stack-based buffer overflows in Allied Telesyn TFTP Server (A ...)
	NOT-FOR-US: Allied Telesyn TFTP Server
CVE-2006-6183 (Multiple stack-based buffer overflows in 3Com 3CTftpSvc 2.0.1, and pos ...)
	NOT-FOR-US: 3Com 3CTftpSvc
CVE-2006-6182 (The Gabriele Teotino GNotebook 0.7.0.1 gadget for Google Desktop store ...)
	NOT-FOR-US: Gabriele Teotino GNotebook
CVE-2006-6181 (Multiple SQL injection vulnerabilities in default.asp in ClickTech Cli ...)
	NOT-FOR-US: ClickTech ClickContact
CVE-2006-6180 (Cross-site scripting (XSS) vulnerability in articles.asp in Expinion.n ...)
	NOT-FOR-US: iNews Publisher
CVE-2006-6179 (Buffer overflow in PCCSRV\Web_console\RemoteInstallCGI\CgiRemoteInstal ...)
	NOT-FOR-US: Trend Micro OfficeScan
CVE-2006-6178 (Buffer overflow in PCCSRV\Web_console\RemoteInstallCGI\Wizard.exe for  ...)
	NOT-FOR-US: Trend Micro OfficeScan
CVE-2006-XXXX [libxslt segfault / DoS]
	- libxslt 1.1.19-1 (low)
	[sarge] - libxslt <not-affected> (vulnerability added later)
CVE-2006-6177 (SQL injection vulnerability in system/core/users/users.profile.inc.php ...)
	NOT-FOR-US: Neocrome Seditio
CVE-2006-6176 (Cross-site scripting (XSS) vulnerability in admin.php in Blogn before  ...)
	NOT-FOR-US: Blogn
CVE-2006-6175 (Directory traversal vulnerability in lib/FBView.php in Horde Kronolith ...)
	- kronolith2 2.1.4-1 (bug #400899; bug #401061)
	- kronolith <not-affected> (Vulnerable code not present)
CVE-2006-6174 (Cross-site scripting (XSS) vulnerability in tDiary before 2.0.3 and 2. ...)
	- tdiary 2.0.2+20060303-4.1 (bug #400447; bug #400650)
CVE-2006-6173 (Buffer overflow in the shared_region_make_private_np function in vm/vm ...)
	NOT-FOR-US: Mac OS X
CVE-2006-6172 (Buffer overflow in the asmrp_eval function in the RealMedia RTSP strea ...)
	{DSA-1244-1}
	- xine-lib 1.1.2+dfsg-2 (medium; bug #401740)
	- mplayer 1.0~rc1-11 (medium)
CVE-2006-6171
	{DSA-1218}
	- proftpd-dfsg 1.3.0-13 (low; bug #399070)
CVE-2006-6170 (Buffer overflow in the tls_x509_name_oneline function in the mod_tls m ...)
	{DSA-1222-1}
	- proftpd-dfsg 1.3.0-16 (medium; bug #400793)
CVE-2006-6168 (tiki-register.php in TikiWiki before 1.9.7 allows remote attackers to  ...)
	- tikiwiki 1.9.7+dfsg-1 (low)
CVE-2006-6167
	NOT-FOR-US: Active PHP Bookmarks
CVE-2006-6166 (Cross-site scripting (XSS) vulnerability in jce.php in the JCE Admin C ...)
	NOT-FOR-US: Joomla Content Editor (JCE) for Joomla!
CVE-2006-6165
	NOTE: non-issue
CVE-2006-6164 (The _dl_unsetenv function in loader.c in the ELF ld.so in OpenBSD 3.9  ...)
	NOT-FOR-US: OpenBSD
CVE-2006-6163 (Cross-site scripting (XSS) vulnerability in tiki-setup_base.php in Tik ...)
	- tikiwiki 1.9.7+dfsg-1 (low)
CVE-2006-6162 (Cross-site scripting (XSS) vulnerability in tiki-edit_structures.php i ...)
	- tikiwiki 1.9.7+dfsg-1 (low)
CVE-2006-6161 (Multiple SQL injection vulnerabilities in Doug Luxem Liberum Help Desk ...)
	NOT-FOR-US: Doug Luxem Liberum Help Desk
CVE-2006-6160 (SQL injection vulnerability in details.asp in Doug Luxem Liberum Help  ...)
	NOT-FOR-US: Doug Luxem Liberum Help Desk
CVE-2006-6159 (Multiple cross-site scripting (XSS) vulnerabilities in newticket.php i ...)
	NOT-FOR-US: DeskPRO
CVE-2006-6158 (Multiple cross-site scripting (XSS) vulnerabilities in (a) PMOS Help D ...)
	NOT-FOR-US: PMOS Help Desk
CVE-2006-6157 (SQL injection vulnerability in index.php in ContentNow 1.39 and earlie ...)
	NOT-FOR-US: ContentNow
CVE-2006-6156 (Cross-site scripting (XSS) vulnerability in auth/message.php in HIOX S ...)
	NOT-FOR-US: HIOX Star Rating System Script (HSRS)
CVE-2006-6155 (Multiple SQL injection vulnerabilities in addrating.php in HIOX Star R ...)
	NOT-FOR-US: HIOX Star Rating System Script (HSRS)
CVE-2006-6154 (PHP remote file inclusion vulnerability in addcode.php in HIOX Star Ra ...)
	NOT-FOR-US: HIOX Star Rating System Script (HSRS)
CVE-2006-6153 (Multiple cross-site scripting (XSS) vulnerabilities in vSpin.net Class ...)
	NOT-FOR-US: vSpin.net
CVE-2006-6152 (Multiple SQL injection vulnerabilities in vSpin.net Classified System  ...)
	NOT-FOR-US: vSpin.net
CVE-2006-6151 (PHP remote file inclusion vulnerability in centre.php in Messagerie Lo ...)
	NOT-FOR-US: Messagerie Locale
CVE-2006-6150 (PHP remote file inclusion vulnerability in memory/OWLMemoryProperty.ph ...)
	NOT-FOR-US: OWLLib
CVE-2006-6149 (SQL injection vulnerability in index.asp in JiRos FAQ Manager 1.0 allo ...)
	NOT-FOR-US: JiRos FAQ Manager
CVE-2006-6148 (Multiple cross-site scripting (XSS) vulnerabilities in submitlink.asp  ...)
	NOT-FOR-US: JiRos FAQ Manager
CVE-2006-6147 (Multiple SQL injection vulnerabilities in JiRos Links Manager allow re ...)
	NOT-FOR-US: JiRos Links Manager
CVE-2006-6146 (Buffer overflow in the HPDF_Page_Circle function in hpdf_page_operator ...)
	NOT-FOR-US: libharu
CVE-2006-6145 (CRYPTOCard CRYPTO-Server before 6.4.56 stores LDAP credentials in plai ...)
	NOT-FOR-US: CRYPTOCard
CVE-2006-6144 (The "mechglue" abstraction interface of the GSS-API library for Kerber ...)
	- krb5 <not-affected> (Only 1.5 onwards are vulnerable)
CVE-2006-6143 (The RPC library in Kerberos 5 1.4 through 1.4.4, and 1.5 through 1.5.1 ...)
	- krb5 1.4.4-6 (high)
	[sarge] - krb5 <not-affected>
CVE-2006-6142 (Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail 1. ...)
	{DSA-1241-1}
	- squirrelmail 2:1.4.9a-1
CVE-2006-6141 (Buffer overflow in Tftpd32 3.01 allows remote attackers to cause a den ...)
	NOT-FOR-US: Tftpd32
CVE-2006-6140 (PHP remote file inclusion vulnerability in Sisfo Kampus 2006 (Semarang ...)
	NOT-FOR-US: Sisfo Kampus
CVE-2006-6139 (Directory traversal vulnerability in downloadexcel.php in Sisfo Kampus ...)
	NOT-FOR-US: Sisfo Kampus
CVE-2006-6138 (Directory traversal vulnerability in download.php in Sisfo Kampus 0.8  ...)
	NOT-FOR-US: Sisfo Kampus
CVE-2006-6137 (Multiple PHP remote file inclusion vulnerabilities in Sisfo Kampus 0.8 ...)
	NOT-FOR-US: Sisfo Kampus
CVE-2006-6136 (IBM WebSphere Application Server 6.1.0 before Fix Pack 3 (6.1.0.3) doe ...)
	NOT-FOR-US: IBM WebSphere
CVE-2006-6135 (Multiple unspecified vulnerabilities in IBM WebSphere Application Serv ...)
	NOT-FOR-US: IBM WebSphere
CVE-2006-6134 (Heap-based buffer overflow in the WMCheckURLScheme function in WMVCORE ...)
	NOT-FOR-US: Windows Media
CVE-2006-6133 (Stack-based buffer overflow in Visual Studio Crystal Reports for Micro ...)
	NOT-FOR-US: Business Objects Crystal Reports
CVE-2006-6132 (Multiple SQL injection vulnerabilities in Link Exchange Lite allow rem ...)
	NOT-FOR-US: Link Exchange Lite
CVE-2006-6131 (Untrusted search path vulnerability in (1) WSAdminServer and (2) WSWeb ...)
	NOT-FOR-US: Kerio WebSTAR
CVE-2006-6130 (Apple Mac OS X AppleTalk allows local users to cause a denial of servi ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2006-6169 (Heap-based buffer overflow in the ask_outfile_name function in openfil ...)
	{DSA-1231-1}
	- gnupg 1.4.5-3 (medium; bug #401765)
	- gnupg2 2.0.0-5.1 (medium; bug #400777)
CVE-2006-XXXX [smb4k security issue]
	- smb4k 0.7.5-1
	[sarge] - smb4k <not-affected> (Vulnerable code not present)
CVE-2006-6129 (Integer overflow in the fatfile_getarch2 in Apple Mac OS X allows loca ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2006-6128 (The ReiserFS functionality in Linux kernel 2.6.18, and possibly other  ...)
	- linux <not-affected> (Kernel rejects the malformed filesystem)
	- linux-2.6 <removed>
	[squeeze] - linux-2.6 <not-affected> (Kernel rejects the malformed filesystem)
	NOTE: It's not obvious when or how this was fixed
CVE-2006-6127 (Apple Mac OS X kernel allows local users to cause a denial of service  ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2006-6126 (Apple Mac OS X allows local users to cause a denial of service (memory ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2006-6125 (Heap-based buffer overflow in the wireless driver (WG311ND5.SYS) 2.3.1 ...)
	NOT-FOR-US: NetGear
CVE-2006-6124 (Cross-site scripting (XSS) vulnerability in SeleniumServer Web Server  ...)
	NOT-FOR-US: SeleniumServer Web Server
CVE-2006-6123 (Coppermine Photo Gallery (CPG) 1.4.8 stable, with register_globals ena ...)
	NOT-FOR-US: Coppermine Photo Gallery (CPG)
CVE-2006-6122 (Multiple buffer overflows in TIN before 1.8.2 have unspecified impact  ...)
	- tin 1:1.8.2-1
CVE-2006-6121 (Acer Notebook LunchApp.APlunch ActiveX control allows remote attackers ...)
	NOT-FOR-US: Acer
CVE-2006-6120 (Integer overflow in the KPresenter import filter for Microsoft PowerPo ...)
	- koffice 1:1.6.1-1 (bug #401230; medium)
CVE-2006-6119 (mmgallery 1.55 allows remote attackers to obtain sensitive information ...)
	NOT-FOR-US: mmgallery
CVE-2006-6118 (Cross-site scripting (XSS) vulnerability in thumbs.php in mmgallery 1. ...)
	NOT-FOR-US: mmgallery
CVE-2006-6117 (SQL injection vulnerability in index1.asp in fipsGallery 1.5 and earli ...)
	NOT-FOR-US: fipsGallery
CVE-2006-6116 (SQL injection vulnerability in default2.asp in fipsForum 2.6 and earli ...)
	NOT-FOR-US: fipsForum
CVE-2006-6115 (SQL injection vulnerability in index.asp in fipsCMS 4.5 and earlier al ...)
	NOT-FOR-US: fipsCMS
CVE-2006-6114
	REJECTED
CVE-2006-6113 (Monkey Boards 0.3.5 allows remote attackers to obtain sensitive inform ...)
	NOT-FOR-US: Monkey Boards
CVE-2006-6112 (LifeType 1.0.x and 1.1.x have insufficient access control for all of t ...)
	NOT-FOR-US: LifeType
CVE-2006-6111 (Multiple SQL injection vulnerabilities in Alan Ward A-Cart Pro 2.0 all ...)
	NOT-FOR-US: Alan Ward A-Cart Pro
CVE-2006-6110 (Multiple SQL injection vulnerabilities in an unspecified BPG-InfoTech  ...)
	NOT-FOR-US: BPG-InfoTech Content Management System
CVE-2006-6109 (Multiple SQL injection vulnerabilities in CandyPress Store 3.5.2.14 al ...)
	NOT-FOR-US: CandyPress Store
CVE-2006-6108 (Cross-site scripting (XSS) vulnerability in EC-CUBE before 1.0.1a-beta ...)
	NOT-FOR-US: EC-CUBE
CVE-2006-6107 (Unspecified vulnerability in the match_rule_equal function in bus/sign ...)
	- dbus 1.0.2-1 (low)
	[sarge] - dbus <no-dsa> (Minor issue)
CVE-2006-6106 (Multiple buffer overflows in the cmtp_recv_interopmsg function in the  ...)
	{DSA-1503-2 DSA-1503-1 DSA-1304}
	- linux-2.6 2.6.18.dfsg.1-9
CVE-2006-6105 (Format string vulnerability in the host chooser window (gdmchooser) in ...)
	- gdm 2.16.4-1 (medium; bug #403219)
	[sarge] - gdm <not-affected> (Vulnerable code not present)
CVE-2006-6104 (The System.Web class in the XSP for ASP.NET server 1.1 through 2.0 in  ...)
	- mono 1.2.2.1-1 (low)
CVE-2006-6103 (Integer overflow in the ProcDbeSwapBuffers function in the DBE extensi ...)
	{DSA-1249-1}
	- xorg-server 2:1.1.1-15
CVE-2006-6102 (Integer overflow in the ProcDbeGetVisualInfo function in the DBE exten ...)
	{DSA-1249-1}
	- xorg-server 2:1.1.1-15
CVE-2006-6101 (Integer overflow in the ProcRenderAddGlyphs function in the Render ext ...)
	{DSA-1249-1}
	- xorg-server 2:1.1.1-15
CVE-2006-6100
	REJECTED
CVE-2006-6099
	REJECTED
CVE-2006-6098
	REJECTED
CVE-2006-6097 (GNU tar 1.16 and 1.15.1, and possibly other versions, allows user-assi ...)
	{DSA-1223-1}
	- tar 1.16-2 (high; bug #399845)
CVE-2006-6096 (Cross-site scripting (XSS) vulnerability in activenews_search.asp in A ...)
	NOT-FOR-US: ActiveNews Manage
CVE-2006-6095 (Multiple SQL injection vulnerabilities in ActiveNews Manager allow rem ...)
	NOT-FOR-US: ActiveNews Manage
CVE-2006-6094 (Multiple SQL injection vulnerabilities in ActiveNews Manager allow rem ...)
	NOT-FOR-US: ActiveNews Manage
CVE-2006-6093 (Multiple PHP remote file inclusion vulnerabilities in adminprint.php i ...)
	NOT-FOR-US: PicturesPro Photo Cart
CVE-2006-6092 (Multiple SQL injection vulnerabilities in vehiclelistings.asp in 20/20 ...)
	NOT-FOR-US: Auto Gallery
CVE-2006-6091 (Cross-site scripting (XSS) vulnerability in Grim Pirate GrimBB before  ...)
	NOT-FOR-US: GrimBB
CVE-2006-6090 (Multiple SQL injection vulnerabilities in BaalAsp forum allow remote a ...)
	NOT-FOR-US: BaalAsp
CVE-2006-6089 (Multiple cross-site scripting (XSS) vulnerabilities in addpost1.asp in ...)
	NOT-FOR-US: BaalAsp forum
CVE-2006-6088 (Multiple cross-site scripting (XSS) vulnerabilities in BlueCollar i-Ga ...)
	NOT-FOR-US: i-Gallery
CVE-2006-6087 (Cross-site scripting (XSS) vulnerability in weblog.php in my little we ...)
	NOT-FOR-US: my little weblog
CVE-2006-6086 (PHP remote file inclusion vulnerability in src/ark_inc.php in e-Ark 1. ...)
	NOT-FOR-US: e-Ark
CVE-2006-6085 (Kile before 1.9.3 does not assign a backup file the same permissions a ...)
	- kile 1:1.9.3-1 (low)
	[sarge] - kile <no-dsa> (Minor issue)
CVE-2006-6084 (Directory traversal vulnerability in abitwhizzy.php in aBitWhizzy allo ...)
	NOT-FOR-US: aBitWhizzy
CVE-2006-6083 (SQL injection vulnerability in search.asp in CreaScripts Creadirectory ...)
	NOT-FOR-US: CreaScripts Creadirectory
CVE-2006-6082 (Multiple cross-site scripting (XSS) vulnerabilities in CreaScripts Cre ...)
	NOT-FOR-US: CreaScripts Creadirectory
CVE-2006-6081 (PHP remote file inclusion vulnerability in Smarty_Compiler.class.php i ...)
	NOT-FOR-US: Telaen
CVE-2006-6080 (Multiple SQL injection vulnerabilities in categories.asp in gNews Publ ...)
	NOT-FOR-US: gNews
CVE-2006-6079 (Multiple PHP remote file inclusion vulnerabilities in LoudMouth 2.4 al ...)
	NOT-FOR-US: LoudMouth (PHP thingy, not libloudmouth)
CVE-2006-6078 (PHP remote file inclusion vulnerability in common.inc.php in a-ConMan  ...)
	NOT-FOR-US: a-ConMan
CVE-2006-6077 (The (1) Password Manager in Mozilla Firefox 2.0, and 1.5.0.8 and earli ...)
	{DSA-1336-1}
	NOTE: MFSA-2007-02
	- iceweasel 2.0.0.2+dfsg-1 (high; bug #409220)
	- iceape 1.0.8-1 (high)
	[sarge] - mozilla-firefox <no-dsa> (Mozilla products from Sarge no longer supported)
	[sarge] - mozilla <no-dsa> (Mozilla products from Sarge no longer supported)
	- xulrunner 1.8.0.10-1 (medium)
	NOTE: Epiphany affected by xulrunner
CVE-2006-6076 (Buffer overflow in the Tape Engine (tapeeng.exe) in CA (formerly Compu ...)
	NOT-FOR-US: BrightStor
CVE-2006-6075 (Cross-site scripting (XSS) vulnerability in addpost1.asp in BaalAsp fo ...)
	NOT-FOR-US: BaalAsp forum
CVE-2006-6074 (Multiple SQL injection vulnerabilities in Enthrallweb eShopping Cart a ...)
	NOT-FOR-US: Enthrallweb eShopping Cart
CVE-2006-6073 (Multiple SQL injection vulnerabilities in Enthrallweb eShopping Cart a ...)
	NOT-FOR-US: Enthrallweb eShopping Cart
CVE-2006-6072 (SQL injection vulnerability in bpg/publications_list.asp in BPG-InfoTe ...)
	NOT-FOR-US: BPG-InfoTech Easy Publisher
CVE-2006-6071 (TWiki 4.0.5 and earlier, when running under Apache 1.3 using ApacheLog ...)
	- twiki 1:4.0.5-2 (bug #401303; low)
CVE-2006-6070 (SQL injection vulnerability in module/account/register/register.asp in ...)
	NOT-FOR-US: ASP Nuke
CVE-2006-6069 (index.php in mAlbum 0.3 and earlier allows remote attackers to obtain  ...)
	NOT-FOR-US: mAlbum
CVE-2006-6068 (Directory traversal vulnerability in the cached_album function in func ...)
	NOT-FOR-US: mAlbum
CVE-2006-6067 (Multiple SQL injection vulnerabilities in 20/20 DataShed (aka Real Est ...)
	NOT-FOR-US: DataShed
CVE-2006-6066 (Multiple SQL injection vulnerabilities in Dragon Calendar / Events Lis ...)
	NOT-FOR-US: Dragon Calendar
CVE-2006-6065 (PHP remote file inclusion vulnerability in includes/mx_common.php in t ...)
	NOT-FOR-US: CalSnails Module for MxBB Portal
CVE-2006-6064 (Multiple buffer overflows in the Message Parsing Interpreter (MPI) in  ...)
	NOT-FOR-US: Fuzzball MUCK
CVE-2006-6063 (Stack-based buffer overflow in Un4seen XMPlay 3.3.0.5 and earlier allo ...)
	NOT-FOR-US: XMPlay
CVE-2006-6062 (Unspecified vulnerability in Apple Mac OS X 10.4.8, and possibly other ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2006-6061 (com.apple.AppleDiskImageController in Apple Mac OS X 10.4.8, and possi ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2006-6060 (The NTFS filesystem code in Linux kernel 2.6.x up to 2.6.18, and possi ...)
	{DSA-1304}
	- linux-2.6 2.6.18.dfsg.1-10 (unimportant)
	NOTE: Mounting filesystem partitions should be limited to root
CVE-2006-6059 (Buffer overflow in MA521nd5.SYS driver 5.148.724.2003 for NetGear MA52 ...)
	NOT-FOR-US: NetGear
CVE-2006-6058 (The minix filesystem code in Linux kernel 2.6.x before 2.6.24, includi ...)
	{DSA-1504-1 DSA-1436-1}
	- linux-2.6 2.6.22-6
	NOTE: Mounting filesystem partitions should be limited to root
CVE-2006-6057 (The Linux kernel 2.6.x up to 2.6.18, and possibly other versions, on F ...)
	- linux-2.6 <not-affected> (Debian kernels up to 2.6.18 didn't include GFS)
CVE-2006-6056 (Linux kernel 2.6.x up to 2.6.18 and possibly other versions, when SELi ...)
	{DSA-1304}
	- linux-2.6 2.6.18.dfsg.1-10 (unimportant)
	NOTE: Mounting filesystem partitions should be limited to root
CVE-2006-6055 (Stack-based buffer overflow in A5AGU.SYS 1.0.1.41 for the D-Link DWL-G ...)
	NOT-FOR-US: D-Link
CVE-2006-6054 (The ext2 file system code in Linux kernel 2.6.x allows local users to  ...)
	{DSA-1503-2 DSA-1504-1 DSA-1503-1}
	- linux-2.6 2.6.18.dfsg.1-10 (unimportant)
	NOTE: Mounting filesystem partitions should be limited to root
CVE-2006-6053 (The ext3fs_dirhash function in Linux kernel 2.6.x allows local users t ...)
	{DSA-1503-2 DSA-1503-1 DSA-1304}
	- linux-2.6 2.6.18.dfsg.1-10 (unimportant)
	NOTE: Mounting filesystem partitions should be limited to root
CVE-2006-6052 (NetEpi Case Manager before 0.98 generates different error messages dep ...)
	NOT-FOR-US: NetEpi Case Manager
CVE-2006-6051 (PHP remote file inclusion vulnerability in reporter.logic.php in the M ...)
	NOT-FOR-US: MosReporter (com_reporter) component for Joomla!
CVE-2006-6050 (Multiple SQL injection vulnerabilities in ClickTech Texas Rank'em allo ...)
	NOT-FOR-US: Rank'em
CVE-2006-6049 (PHP remote file inclusion vulnerability in shambo2.php in the Shambo2  ...)
	NOT-FOR-US: Shambo2 (com_shambo2) component for Mambo
CVE-2006-6048 (SQL injection vulnerability in index.php in Etomite CMS 0.6.1.2, when  ...)
	NOT-FOR-US: Etomite CMS
CVE-2006-6047 (Directory traversal vulnerability in manager/index.php in Etomite 0.6. ...)
	NOT-FOR-US: Etomite CMSEtomite CMS
CVE-2006-6046 (Multiple cross-site scripting (XSS) vulnerabilities in eggblog 3.1.0 a ...)
	NOT-FOR-US: eggblog
CVE-2006-6045 (Multiple PHP remote file inclusion vulnerabilities in Comdev One Admin ...)
	NOT-FOR-US: omdev One Admin
CVE-2006-6044 (PHP remote file inclusion vulnerability in gallery_top.inc.php in PHPQ ...)
	NOT-FOR-US: PHPQuickGallery
CVE-2006-6043 (PHP file inclusion vulnerability in loginform-inc.php in Oliver (forme ...)
	NOT-FOR-US: Oliver (formerly Webshare)
CVE-2006-6042 (PHP remote file inclusion vulnerability in core/editor.php in phpWebTh ...)
	NOT-FOR-US: phpWebThings
CVE-2006-6041 (Multiple PHP remote file inclusion vulnerabilities in Laurent Van den  ...)
	NOT-FOR-US: WORK system e-commerce
CVE-2006-6040 (Multiple cross-site scripting (XSS) vulnerabilities in admincp/index.p ...)
	NOT-FOR-US: vBulletin
CVE-2006-6039 (SQL injection vulnerability in matchdetail.php in Powie's PHP MatchMak ...)
	NOT-FOR-US: MatchMaker
CVE-2006-6038 (SQL injection vulnerability in editpoll.php in Powie's PHP Forum (pFor ...)
	NOT-FOR-US: Powie's PHP Forum
CVE-2006-6037 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in Da ...)
	NOT-FOR-US: Travelsized CMS
CVE-2006-6036 (SQL injection vulnerability in OpenHuman before 1.0 allows remote atta ...)
	NOT-FOR-US: OpenHuman
CVE-2006-6035 (Cross-site scripting (XSS) vulnerability in list.php in BLOG:CMS 4.1.3 ...)
	NOT-FOR-US: BLOG:CMS
CVE-2006-6034 (Multiple SQL injection vulnerabilities in SitesOutlet E-commerce Kit-1 ...)
	NOT-FOR-US: SitesOutlet E-commerce Kit-1
CVE-2006-6033 (Multiple directory traversal vulnerabilities in Simple PHP Blog (SPHPB ...)
	NOT-FOR-US: Simple PHP Blog
CVE-2006-6032 (Multiple cross-site scripting (XSS) vulnerabilities in Simple PHP Blog ...)
	NOT-FOR-US: Simple PHP Blog
CVE-2006-6031 (Multiple SQL injection vulnerabilities in Greater Cincinnati Internet  ...)
	NOT-FOR-US: ASPCart
CVE-2006-6030 (Multiple SQL injection vulnerabilities in E-Calendar Pro 3.0 allow rem ...)
	NOT-FOR-US: E-Calendar ProE-Calendar Pro
CVE-2006-6029 (SQL injection vulnerability in vir_Login.asp in Property Pro 1.0 allow ...)
	NOT-FOR-US: Property Pro
CVE-2006-6028 (Directory traversal vulnerability in textview.php in Anton Vlasov DoSe ...)
	NOT-FOR-US: DoSePa
CVE-2006-6027 (Adobe Reader (Adobe Acrobat Reader) 7.0 through 7.0.8 allows remote at ...)
	NOT-FOR-US: Adobe Reader
CVE-2006-6026 (Heap-based buffer overflow in Real Networks Helix Server and Helix Mob ...)
	NOT-FOR-US: Helix DNA Server
CVE-2006-6025 (QUALCOMM Eudora WorldMail 4.0 allows remote attackers to cause a denia ...)
	NOT-FOR-US: QUALCOMM Eudora WorldMail
CVE-2006-6024 (Multiple buffer overflows in Eudora Worldmail, possibly Worldmail 3 ve ...)
	NOT-FOR-US: Eudora Worldmail
CVE-2006-6023
	NOT-FOR-US: Bloo
CVE-2006-6022 (Cross-site scripting (XSS) vulnerability in login_form.asp in BestWebA ...)
	NOT-FOR-US: BestWebApp Dating Site
CVE-2006-6021 (SQL injection vulnerability in the login component in BestWebApp Datin ...)
	NOT-FOR-US: BestWebApp Dating Site
CVE-2006-6020 (Cross-site scripting (XSS) vulnerability in announce.php in Blog Torre ...)
	NOT-FOR-US: Blog Torrent Preview
CVE-2006-6019 (Cross-site scripting (XSS) vulnerability in extensions/googiespell/goo ...)
	NOT-FOR-US: Bloo
CVE-2006-6018
	NOT-FOR-US: My-BIC
CVE-2006-6017 (WordPress before 2.0.5 does not properly store a profile containing a  ...)
	- wordpress 2.0.5-0.1
CVE-2006-6016 (wp-admin/user-edit.php in WordPress before 2.0.5 allows remote authent ...)
	- wordpress 2.0.5-0.1
CVE-2006-6015 (Buffer overflow in the JavaScript implementation in Safari on Apple Ma ...)
	- kdebase <unfixed> (unimportant; bug #400121)
	NOTE: Browser crashes are not treated as security problems
CVE-2006-6014 (The NetBSD-current kernel before 20061028 does not properly perform bo ...)
	NOT-FOR-US: NetBSD
CVE-2006-6013 (Integer signedness error in the fw_ioctl (FW_IOCTL) function in the Fi ...)
	- kfreebsd-5 5.4-21
	[etch] - kfreebsd-5 <no-dsa> (no security support)
CVE-2006-6012 (Cross-site scripting (XSS) vulnerability in csm/asp/listings.asp in MG ...)
	NOT-FOR-US: Car Site Manager
CVE-2006-6011 (Unspecified vulnerability in SAP Web Application Server before 6.40 pa ...)
	NOT-FOR-US: SAP
CVE-2006-6010 (SAP allows remote attackers to obtain potentially sensitive informatio ...)
	NOT-FOR-US: SAP
CVE-2006-6009 (Unspecified vulnerability in the Java Runtime Environment (JRE) Swing  ...)
	- sun-java5 1.5.0-08-1
CVE-2006-6008 (ftpd in Linux Netkit (linux-ftpd) 0.17, and possibly other versions, d ...)
	{DSA-1217}
	- linux-ftpd 0.17-23
CVE-2006-6007 (save_profile.asp in WebEvents (Online Event Registration Template) 2.0 ...)
	NOT-FOR-US: WebEvents (Online Event Registration Template)
CVE-2006-6006
	REJECTED
CVE-2006-6005
	REJECTED
CVE-2006-6004
	REJECTED
CVE-2006-6003
	REJECTED
CVE-2006-6002
	REJECTED
CVE-2006-6001
	REJECTED
CVE-2006-6000
	REJECTED
CVE-2006-5999
	REJECTED
CVE-2006-5998
	REJECTED
CVE-2006-5997
	REJECTED
CVE-2006-5996
	REJECTED
CVE-2006-5995
	REJECTED
CVE-2006-5994 (Unspecified vulnerability in Microsoft Word 2000 and 2002, Office Word ...)
	NOT-FOR-US: Microsoft Word
CVE-2006-5993
	REJECTED
CVE-2006-5992
	REJECTED
CVE-2006-5991 (Multiple SQL injection vulnerabilities in wwweb concepts CactuShop all ...)
	NOT-FOR-US: CactuShop
CVE-2006-5990 (VMWare VirtualCenter client 2.x before 2.0.1 Patch 1 (Build 33643) and ...)
	NOT-FOR-US: VMware
CVE-2006-5989 (Off-by-one error in the der_get_oid function in mod_auth_kerb 5.0 allo ...)
	{DSA-1247-1}
	- libapache-mod-auth-kerb 5.3-1 (low; bug #400589)
CVE-2006-5988 (Unspecified vulnerability in Windows 2000 Advanced Server SP4 running  ...)
	NOT-FOR-US: Windows
CVE-2006-5987 (SQL injection vulnerability in default.asp in ASPintranet, possibly 1. ...)
	NOT-FOR-US: ASPintranet
CVE-2006-5986 (admin/options.php in Extreme CMS 0.9, and possibly earlier, does not r ...)
	NOT-FOR-US: Extreme CMS
CVE-2006-5985 (Multiple cross-site scripting (XSS) vulnerabilities in admin/options.p ...)
	NOT-FOR-US: Extreme CMS
CVE-2006-5984 (Multiple cross-site scripting (XSS) vulnerabilities in Helm Web Hostin ...)
	NOT-FOR-US: Helm Hosting Control Panel
CVE-2006-5983 (Multiple cross-site scripting (XSS) vulnerabilities in JBMC Software D ...)
	NOT-FOR-US: DirectAdmin
CVE-2006-5982 (SeleniumServer FTP Server 1.0, and possibly earlier, stores user passw ...)
	NOT-FOR-US: Selenium Server
CVE-2006-5981 (Multiple directory traversal vulnerabilities in SeleniumServer FTP Ser ...)
	NOT-FOR-US: Selenium Server
CVE-2006-5980 (adm_lgn_admin.asp in Renasoft NetJetServer 2.5.3.939, and possibly ear ...)
	NOT-FOR-US: NetJetServer
CVE-2006-5979 (Renasoft NetJetServer 2.5.3.939, and possibly earlier, uses insecure p ...)
	NOT-FOR-US: NetJetServer
CVE-2006-5978 (Unspecified vulnerability in E-Xoopport before 2.2.0 has unknown impac ...)
	NOT-FOR-US: E-Xoopport
CVE-2006-5977 (Multiple SQL injection vulnerabilities in MultiCalendars allow remote  ...)
	NOT-FOR-US: MultiCalendars
CVE-2006-5976 (Multiple SQL injection vulnerabilities in admin_login.asp in BlogMe 3. ...)
	NOT-FOR-US: BlogMe
CVE-2006-5975 (Multiple cross-site scripting (XSS) vulnerabilities in comments.asp in ...)
	NOT-FOR-US: BlogMe
CVE-2006-5974 (fetchmail 6.3.5 and 6.3.6 before 6.3.6-rc4, when refusing a message de ...)
	- fetchmail 6.3.6-1 (low)
	[sarge] - fetchmail <not-affected> (Vulnerable code not present)
CVE-2006-5973 (Off-by-one buffer overflow in Dovecot 1.0test53 through 1.0.rc14, and  ...)
	- dovecot 1.0.rc15-1
	[sarge] - dovecot <not-affected> (Vulnerable code not present)
CVE-2006-XXXX [Firefox Sage Extension Feed Script Insertion Vulnerability]
	- firefox-sage <not-affected> (medium; bug #399170)
	NOTE: Debian's version has HTML disabled
CVE-2006-5972 (Stack-based buffer overflow in WG111v2.SYS in NetGear WG111v2 wireless ...)
	NOT-FOR-US: NetGear
CVE-2006-5971 (Absolute path traversal vulnerability in admin/logfile.txt in Verity U ...)
	NOT-FOR-US: Verity Ultraseek
CVE-2006-5970 (Verity Ultraseek before 5.7 allows remote attackers to obtain sensitiv ...)
	NOT-FOR-US: Verity Ultraseek
CVE-2006-5969 (CRLF injection vulnerability in the evalFolderLine function in fvwm 2. ...)
	- fvwm 1:2.5.18-2 (low; bug #400303)
	[sarge] - fvwm <no-dsa> (Minor issue)
CVE-2006-5968 (MDaemon 9.0.5, 9.0.6, 9.51, and 9.53, and possibly other versions, ins ...)
	NOT-FOR-US: MDaemon
CVE-2006-5967 (Race condition in Panda ActiveScan 5.53.00, and other versions before  ...)
	NOT-FOR-US: Panda ActiveScan
CVE-2006-5966 (Panda ActiveScan 5.53.00, and other versions before 5.54.01, allows re ...)
	NOT-FOR-US: Panda ActiveScan
CVE-2006-5965 (PassGo SSO Plus 2.1.0.32, and probably earlier versions, uses insecure ...)
	NOT-FOR-US: PassGo SSO Plus
CVE-2006-5964 (choShilA.bpl in PentaZip 8.5.1.190 and PentaSuite-PRO 8.5.1.221 allows ...)
	NOT-FOR-US: PentaZip
CVE-2006-5963 (Directory traversal vulnerability in PentaZip 8.5.1.190 and PentaSuite ...)
	NOT-FOR-US: PentaZip
CVE-2006-5962 (Multiple SQL injection vulnerabilities in Hpecs Shopping Cart allow re ...)
	NOT-FOR-US: Hpecs Shopping Cart
CVE-2006-5961 (Buffer overflow in Mercury Mail Transport System 4.01b for Windows has ...)
	NOT-FOR-US: Mercury Mail Transport
CVE-2006-5960 (Multiple cross-site scripting (XSS) vulnerabilities in account_login.a ...)
	NOT-FOR-US: A+ Store E-Commerce
CVE-2006-5959 (SQL injection vulnerability in browse.asp in A+ Store E-Commerce allow ...)
	NOT-FOR-US: A+ Store E-Commerce
CVE-2006-5958 (Multiple cross-site scripting (XSS) vulnerabilities in INFINICART allo ...)
	NOT-FOR-US: INFINICART
CVE-2006-5957
	NOT-FOR-US: INFINICART
CVE-2006-5956 (XLineSoft PHPRunner 3.1 stores the (1) database server name, (2) datab ...)
	NOT-FOR-US: PHPRunner
CVE-2006-5955 (SQL injection vulnerability in listings.asp in 20/20 DataShed (aka Rea ...)
	NOT-FOR-US: DataShed
CVE-2006-5954 (SQL injection vulnerability in page.asp in NetVIOS 2.0 and earlier all ...)
	NOT-FOR-US: NetVIOS
CVE-2006-5953 (SQL injection vulnerability in viewcart.asp in Evolve shopping cart (a ...)
	NOT-FOR-US: Evolve shopping cart
CVE-2006-5952 (SQL injection vulnerability in admin/default.asp in ASP Smiley 1.0 all ...)
	NOT-FOR-US: ASP Smiley
CVE-2006-5951 (PHP remote file inclusion vulnerability in pipe.php in Exophpdesk 1.2  ...)
	NOT-FOR-US: Exophpdesk
CVE-2006-5950 (Unspecified vulnerability in ALTools ALFTP FTP Server 4.1 beta 1, and  ...)
	NOT-FOR-US: ALTools ALFTP FTP Server
CVE-2006-5949 (Directory traversal vulnerability in ALTools ALFTP FTP Server 4.1 beta ...)
	NOT-FOR-US: ALTools ALFTP FTP Server
CVE-2006-5948 (PHP remote file inclusion vulnerability in pntUnit/Inspect.php in phpP ...)
	NOT-FOR-US: phpPeanuts
CVE-2006-5947 (Multiple directory traversal vulnerabilities in Conxint FTP Server 2.2 ...)
	NOT-FOR-US: Conxint FTP Server
CVE-2006-5946 (SQL injection vulnerability in demo/glossary/glossary.asp in FunkyASP  ...)
	NOT-FOR-US: FunkyASP Glossary
CVE-2006-5945 (Multiple SQL injection vulnerabilities in MGinternet Car Site Manager  ...)
	NOT-FOR-US: MGinternet Car Site Manager
CVE-2006-5944 (Cross-site scripting (XSS) vulnerability in csm/asp/listings.asp in MG ...)
	NOT-FOR-US: MGinternet Car Site Manager
CVE-2006-5943 (Multiple SQL injection vulnerabilities in inventory/display/imager.asp ...)
	NOT-FOR-US: Less Inventory Manager
CVE-2006-5942 (Cross-site scripting (XSS) vulnerability in inventory/display/display_ ...)
	NOT-FOR-US: Less Inventory Manager
CVE-2006-5941
	REJECTED
CVE-2006-5940 (Unspecified vulnerability in Grisoft AVG Anti-Virus before 7.1.407 has ...)
	NOT-FOR-US: Grisoft AVG Anti-Virus
CVE-2006-5939 (Grisoft AVG Anti-Virus before 7.1.407 allows remote attackers to cause ...)
	NOT-FOR-US: Grisoft AVG Anti-Virus
CVE-2006-5938 (Grisoft AVG Anti-Virus before 7.1.407 has unknown impact and remote at ...)
	NOT-FOR-US: Grisoft AVG Anti-Virus
CVE-2006-5937 (Multiple integer overflows in Grisoft AVG Anti-Virus before 7.1.407 al ...)
	NOT-FOR-US: Grisoft AVG Anti-Virus
CVE-2006-5936 (SQL injection vulnerability in dept.asp in SiteXpress E-Commerce Syste ...)
	NOT-FOR-US: SiteXpress E-Commerce
CVE-2006-5935 (SQL injection vulnerability in index.php in ShopSystems 4.0 and earlie ...)
	NOT-FOR-US: ShopSystems
CVE-2006-5934 (SQL injection vulnerability in admin/default.asp in Estate Agent Manag ...)
	NOT-FOR-US: Estate Agent Manager
CVE-2006-5933 (SQL injection vulnerability in update.asp in UltraSite 1.0 allows remo ...)
	NOT-FOR-US: UltraSite
CVE-2006-5932 (Kahua before 0.7, when running multiple applications under a single su ...)
	NOT-FOR-US: Kahua
CVE-2006-5931 (Multiple PHP remote file inclusion vulnerabilities in Aigaion Web base ...)
	NOT-FOR-US: Aigaion
CVE-2006-5930 (Multiple PHP remote file inclusion vulnerabilities in Aigaion Web base ...)
	NOT-FOR-US: Aigaion
CVE-2006-5929 (PHP remote file inclusion vulnerability in firepjs.php in Phpjobschedu ...)
	NOT-FOR-US: Phpjobscheduler
CVE-2006-5928 (Multiple PHP remote file inclusion vulnerabilities in Phpjobscheduler  ...)
	NOT-FOR-US: Phpjobscheduler
CVE-2006-5927 (SQL injection vulnerability in cpLogin.asp in ASP Scripter Easy Portal ...)
	NOT-FOR-US: ASP Scripter Easy Portal
CVE-2006-5926 (Multiple SQL injection vulnerabilities in mail.php in Vallheru before  ...)
	NOT-FOR-US: Vallheru
CVE-2006-5925 (Links web browser 1.00pre12 and Elinks 0.9.2 with smbclient installed  ...)
	{DSA-1240-1 DSA-1228-1 DSA-1226-1}
	- links 0.99+1.00pre12-1.1 (medium; bug #399188)
	- elinks 0.11.1-1.2 (medium; bug #399187)
	- links2 2.1pre25-2 (medium; bug #400718)
CVE-2006-5924 (Cross-site scripting (XSS) vulnerability in index.php in Efficient IP  ...)
	NOT-FOR-US: Efficient IP iPmanager (IPm)
CVE-2006-5923 (PHP remote file inclusion vulnerability in index.php in Chris Mac gtca ...)
	NOT-FOR-US: gtcatalog
CVE-2006-5922 (index.php in Wheatblog (wB) allows remote attackers to obtain sensitiv ...)
	NOT-FOR-US: Wheatblog
CVE-2006-5921 (Multiple cross-site scripting (XSS) vulnerabilities in add_comment.php ...)
	NOT-FOR-US: Wheatblog
CVE-2006-5920
	NOT-FOR-US: Exporia
CVE-2006-5919 (PHP remote file inclusion vulnerability in admin/e_data/visEdit_contro ...)
	NOT-FOR-US: KnowledgeBuilder
CVE-2006-5918 (Unrestricted file upload vulnerability in RapidKill (aka PHP Rapid Kil ...)
	NOT-FOR-US: RapidKill
CVE-2006-5917 (Multiple SQL injection vulnerabilities in OmniStar Article Manager all ...)
	NOT-FOR-US: OmniStar Article Manager
CVE-2006-5916 (Intego VirusBarrier X4 allows context-dependent attackers to bypass vi ...)
	NOT-FOR-US: Intego VirusBarrier
CVE-2006-5915 (Multiple cross-site scripting (XSS) vulnerabilities in ls.php in SAMED ...)
	NOT-FOR-US: LandShop
CVE-2006-5914 (SQL injection vulnerability in ls.php in SAMEDIA LandShop allows remot ...)
	NOT-FOR-US: LandShop
CVE-2006-5913 (Microsoft Internet Explorer 7 allows remote attackers to (1) cause a s ...)
	NOT-FOR-US: Microsoft
CVE-2006-5912 (Unspecified vulnerability in Campware Campsite before 2.6.2 has unknow ...)
	NOT-FOR-US: Campware Campsite
CVE-2006-5911 (Multiple PHP remote file inclusion vulnerabilities in Campware Campsit ...)
	NOT-FOR-US: Campware Campsite
CVE-2006-5910 (Multiple PHP remote file inclusion vulnerabilities in Campware Campsit ...)
	NOT-FOR-US: Campware Campsite
CVE-2006-5909 (generaloptions.php in Paul Tarjan Stanford Conference And Research For ...)
	NOT-FOR-US: Stanford Conference And Research Forum (SCARF)
CVE-2006-5908 (Multiple SQL injection vulnerabilities in the login_user function in y ...)
	NOT-FOR-US: Yet Another News System
CVE-2006-5907 (SQL injection vulnerability in modules/bannieres/bannieres.php in Jean ...)
	NOT-FOR-US: SCRIPT BANNIERES
CVE-2006-5906
	NOT-FOR-US: SCRIPT BANNIERES
CVE-2006-5905 (Web Directory Pro allows remote attackers to (1) backup the database a ...)
	NOT-FOR-US: Web Directory Pro
CVE-2006-5904 (Multiple PHP remote file inclusion vulnerabilities in MWChat Pro 7.0 a ...)
	NOT-FOR-US: MWChat Pro
CVE-2006-5903 (Rahul Jonna Gmail File Space (GSpace) allows remote attackers to perfo ...)
	NOT-FOR-US: GSpace
CVE-2006-5902 (viksoe GMail Drive shell extension allows remote attackers to perform  ...)
	NOT-FOR-US: viksoe GMail Drive
CVE-2006-5901 (Hawking Technology wireless router WR254-CA uses a hardcoded IP addres ...)
	NOT-FOR-US: Hawking Technology wireless router WR254-CA
CVE-2006-5900 (Cross-site scripting (XSS) vulnerability in the incubator/tests/Zend/H ...)
	NOT-FOR-US: Zend Framework Preview
CVE-2006-5899
	NOT-FOR-US: @cid stat
CVE-2006-5898 (Directory traversal vulnerability in localization/languages.lib.php3 i ...)
	NOT-FOR-US: PhpMyChat
CVE-2006-5897 (Multiple directory traversal vulnerabilities in PhpMyChat Plus 1.9 and ...)
	NOT-FOR-US: PhpMyChat Plus
CVE-2006-5896 (REMLAB Web Mech Designer 2.0.5 allows remote attackers to obtain the f ...)
	NOT-FOR-US: Web Mech Designer
CVE-2006-5895 (PHP remote file inclusion vulnerability in core/core.php in EncapsCMS  ...)
	NOT-FOR-US: EncapsCMS
CVE-2006-5894 (Directory traversal vulnerability in lang.php in Rama CMS 0.68 and ear ...)
	NOT-FOR-US: Rama CMS
CVE-2006-5893 (Multiple PHP remote file inclusion vulnerabilities in iWonder Designs  ...)
	NOT-FOR-US: iWonder Designs Storystream
CVE-2006-5892 (SQL injection vulnerability in MoreInfo.asp in The Net Guys ASPired2Po ...)
	NOT-FOR-US: The Net Guys ASPired2Poll
CVE-2006-5891 (SQL injection vulnerability in detail.asp in Superfreaker Studios USto ...)
	NOT-FOR-US: Superfreaker Studios UStore
CVE-2006-5890 (SQL injection vulnerability in detail.asp in Superfreaker Studios USup ...)
	NOT-FOR-US: Superfreaker Studios UStore
CVE-2006-5889 (SQL injection vulnerability in printLog.php in BrewBlogger (BB) 1.3.1  ...)
	NOT-FOR-US: BrewBlogger
CVE-2006-5888 (SQL injection vulnerability in viewarticle.asp in Superfreaker Studios ...)
	NOT-FOR-US: Superfreaker Studios UPublisher
CVE-2006-5887 (SQL injection vulnerability in CampusNewsDetails.asp in Dynamic Datawo ...)
	NOT-FOR-US: Dynamic Dataworx NuSchool
CVE-2006-5886 (SQL injection vulnerability in propertysdetails.asp in Dynamic Datawor ...)
	NOT-FOR-US: Dynamic Dataworx NuRealestate (NuRems)
CVE-2006-5885 (SQL injection vulnerability in Products.asp in NuStore 1.0 allows remo ...)
	NOT-FOR-US: NuStore
CVE-2006-5884 (Multiple unspecified vulnerabilities in DirectAnimation ActiveX contro ...)
	NOT-FOR-US: DirectAnimation ActiveX controls for Microsoft Internet Explorer
CVE-2006-5883 (Multiple cross-site scripting (XSS) vulnerabilities in cPanel 10 allow ...)
	NOT-FOR-US: cPanel 10
CVE-2006-5882 (Stack-based buffer overflow in the Broadcom BCMWL5.SYS wireless device ...)
	NOT-FOR-US: Broadcom BCMWL5.SYS
CVE-2006-5881 (SQL injection vulnerability in cl_CatListing.asp in Dynamic Dataworx N ...)
	NOT-FOR-US: Dynamic Dataworx NuCommunity
CVE-2006-5880 (SQL injection vulnerability on the subMenu page in switch.asp in Munch ...)
	NOT-FOR-US: Munch Pro
CVE-2006-5879 (SQL injection vulnerability in default1.asp in ASPPortal 4.0.0 beta an ...)
	NOT-FOR-US: ASPPortal
CVE-2006-5878 (Cross-site request forgery (CSRF) vulnerability in Edgewall Trac 0.10  ...)
	{DSA-1209}
	- trac 0.10.1-1 (bug #397683)
CVE-2006-5877 (The enigmail extension before 0.94.2 does not properly handle large, e ...)
	- enigmail 2:0.94.2-1 (bug #406604)
CVE-2006-5876 (The soup_headers_parse function in soup-headers.c for libsoup HTTP lib ...)
	{DSA-1248-1}
	- libsoup 2.2.98-2 (bug #405197; medium)
CVE-2006-5875 (eoc.py in Enemies of Carlotta (EoC) before 1.2.4 allows remote attacke ...)
	{DSA-1236-1}
	- enemies-of-carlotta 1.2.4-1 (medium)
CVE-2006-5874 (Clam AntiVirus (ClamAV) 0.88 and earlier allows remote attackers to ca ...)
	{DSA-1232-1}
	- clamav 0.86-1
CVE-2006-5873 (Buffer overflow in the cluster_process_heartbeat function in cluster.c ...)
	{DSA-1230-1}
	- l2tpns 2.1.21-1 (medium; bug #401742)
	NOTE: http://secunia.com/advisories/23230/
CVE-2006-5872 (login.pl in SQL-Ledger before 2.6.21 and LedgerSMB before 1.1.5 allows ...)
	{DSA-1239-1}
	- sql-ledger 2.6.21-1
CVE-2006-5871 (smbfs in Linux kernel 2.6.8 and other versions, and 2.4.x before 2.4.3 ...)
	{DSA-1237 DSA-1233}
	- linux-2.6 <not-affected> (Current Linux versions already implement intended behaviour)
CVE-2006-5870 (Multiple integer overflows in OpenOffice.org (OOo) 2.0.4 and earlier,  ...)
	{DSA-1246-1}
	- openoffice.org 2.0.4-1 (medium; bug #405986; bug #405679)
CVE-2006-5869 (pstotext before 1.9 allows user-assisted attackers to execute arbitrar ...)
	{DSA-1220}
	- pstotext 1.9-4 (bug #356988; medium)
CVE-2006-5868 (Multiple buffer overflows in Imagemagick 6.0 before 6.0.6.2, and 6.2 b ...)
	{DSA-1213}
	- imagemagick 7:6.2.4.5.dfsg1-0.11
CVE-2006-5867 (fetchmail before 6.3.6-rc4 does not properly enforce TLS and may trans ...)
	{DSA-1259-1}
	- fetchmail 6.3.6-1 (low)
CVE-2006-5866 (Directory traversal vulnerability in Mdoc/view-sourcecode.php for phpM ...)
	NOT-FOR-US: phpManta
CVE-2006-5865 (PHP remote file inclusion vulnerability in language.inc.php in MyAlbum ...)
	NOT-FOR-US: Script Dowload
CVE-2006-5863 (PHP remote file inclusion vulnerability in inc/session.php for LetterI ...)
	NOT-FOR-US: LetterIt
CVE-2006-5862 (Directory traversal vulnerability in the session mechanism of the web  ...)
	NOT-FOR-US: Network Administration Visualized
CVE-2006-5861 (The Independent Management Architecture (IMA) service (ImaSrv.exe) in  ...)
	NOT-FOR-US: Citrix
CVE-2006-5860 (Cross-site scripting (XSS) vulnerability in the administrator console  ...)
	NOT-FOR-US: Adobe JRun
CVE-2006-5859 (Cross-site scripting (XSS) vulnerability in Adobe ColdFusion MX 7 7.0  ...)
	NOT-FOR-US: Adobe ColdFusion
CVE-2006-5858 (Adobe ColdFusion MX 7 through 7.0.2, and JRun 4, when run on Microsoft ...)
	NOT-FOR-US: Adobe
CVE-2006-5857 (Adobe Reader and Acrobat 7.0.8 and earlier allows user-assisted remote ...)
	NOT-FOR-US: Adobe
CVE-2006-5856 (Stack-based buffer overflow in the Adobe Download Manager before 2.2 a ...)
	NOT-FOR-US: Adobe Download Manager
CVE-2006-5855 (Multiple buffer overflows in IBM Tivoli Storage Manager (TSM) before 5 ...)
	NOT-FOR-US: Tivoli
CVE-2006-5854 (Multiple buffer overflows in the Spooler service (nwspool.dll) in Nove ...)
	NOT-FOR-US: Novell Netware
CVE-2006-5853 (Cross-site scripting (XSS) vulnerability in logon.aspx in Immediacy CM ...)
	NOT-FOR-US: Immediacy CMS
CVE-2006-5852 (Untrusted search path vulnerability in openexec in OpenBase SQL before ...)
	NOT-FOR-US: OpenBase SQL
CVE-2006-5851 (openexec in OpenBase SQL before 10.0.1 allows local users to create ar ...)
	NOT-FOR-US: OpenBase SQL
CVE-2006-5850 (Stack-based buffer overflow in Essentia Web Server 2.15 for Windows al ...)
	NOT-FOR-US: Essentia Web Server
CVE-2006-5849 (PHP remote file inclusion vulnerability in inc/irayofuncs.php in Irayo ...)
	NOT-FOR-US: IrayoBlog
CVE-2006-5848
	REJECTED
CVE-2006-5847 (Cross-site scripting (XSS) vulnerability in index.php in FreeWebshop 2 ...)
	NOT-FOR-US: FreeWebshop
CVE-2006-5846 (Directory traversal vulnerability in index.php in FreeWebshop 2.2.2 an ...)
	NOT-FOR-US: FreeWebshop
CVE-2006-5845 (Unrestricted file upload vulnerability in index.php in Speedywiki 2.0  ...)
	NOT-FOR-US: Speedywiki
CVE-2006-5844 (Speedywiki 2.0 allows remote attackers to obtain the full path of the  ...)
	NOT-FOR-US: Speedywiki
CVE-2006-5843 (Cross-site scripting (XSS) vulnerability in index.php in Speedywiki 2. ...)
	NOT-FOR-US: Speedywiki
CVE-2006-5842 (The keystore file in Unicore Client before 5.6 build 5, when running o ...)
	NOT-FOR-US: Unicore
CVE-2006-5841 (Multiple PHP remote file inclusion vulnerabilities in dodosmail.php in ...)
	NOT-FOR-US: DodosMail
CVE-2006-5840
	NOT-FOR-US: Abarcar Realty Portal
CVE-2006-5839 (PHP remote file inclusion vulnerability in ad_main.php in PHPAdventure ...)
	NOT-FOR-US: PHPAdventure
CVE-2006-5838 (PHP remote file inclusion vulnerability in lib/class.Database.php in N ...)
	NOT-FOR-US: NewP News Publication System
CVE-2006-5837 (Static code injection vulnerability in chat_panel.php in the SimpleCha ...)
	NOT-FOR-US: SimpleChat 1.0.0 module for iWare Professional CMS
CVE-2006-5836 (The fpathconf syscall function in bsd/kern/kern_descrip.c in the Darwi ...)
	NOT-FOR-US: Darwin kernel (XNU) 8.8.1 in Apple Mac OS X
CVE-2006-5835 (The Notes Remote Procedure Call (NRPC) protocol in IBM Lotus Notes Dom ...)
	NOT-FOR-US: IBM Lotus Notes Domino
CVE-2006-5834 (Directory traversal vulnerability in general.php in OpenSolution Quick ...)
	NOT-FOR-US: OpenSolution Quick.Cms.Lite
CVE-2006-5833 (gbcms_php_files/up_loader.php GreenBeast CMS 1.3 does not require auth ...)
	NOT-FOR-US: GreenBeast CMS
CVE-2006-5832 (All In One Control Panel (AIOCP) 1.3.007 and earlier allows remote att ...)
	NOT-FOR-US: All In One Control Panel (AIOCP)
CVE-2006-5831 (PHP remote file inclusion vulnerability in admin/code/index.php in All ...)
	NOT-FOR-US: All In One Control Panel (AIOCP)
CVE-2006-5830 (Multiple cross-site scripting (XSS) vulnerabilities in All In One Cont ...)
	NOT-FOR-US: All In One Control Panel (AIOCP)
CVE-2006-5829 (Multiple SQL injection vulnerabilities in All In One Control Panel (AI ...)
	NOT-FOR-US: All In One Control Panel (AIOCP)
CVE-2006-5828 (SQL injection vulnerability in detail.php in DeltaScripts PHP Classifi ...)
	NOT-FOR-US: PHP Classifieds
CVE-2006-5827 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ph ...)
	NOT-FOR-US: phpComasy CMS
CVE-2006-5826 (Buffer overflow in Texas Imperial Software WFTPD Pro Server 3.23.1.1 a ...)
	NOT-FOR-US: Texas Imperial Software WFTPD Pro Server
CVE-2006-5825 (Cross-site scripting (XSS) vulnerability in index.php in Kayako Suppor ...)
	NOT-FOR-US: Kayako SupportSuite
CVE-2006-5824 (Integer overflow in the ffs_rdextattr function in FreeBSD 6.1 allows l ...)
	- kfreebsd-5 <removed>
	[etch] - kfreebsd-5 <no-dsa> (no security support for freebsd)
CVE-2006-5823 (The zlib_inflate function in Linux kernel 2.6.x allows local users to  ...)
	{DSA-1503-2 DSA-1504-1 DSA-1503-1}
	- linux-2.6 2.6.18.dfsg.1-10 (low)
CVE-2006-5822 (Stack-based buffer overflow in the NetBackup bpcd daemon (bpcd.exe) in ...)
	NOT-FOR-US: Symantec Veritas NetBackup
CVE-2006-5821 (Heap-based buffer overflow in the IMA_SECURE_DecryptData1 function in  ...)
	NOT-FOR-US: Citrix
CVE-2006-5820 (The LinkSBIcons method in the SuperBuddy ActiveX control (Sb.SuperBudd ...)
	NOT-FOR-US: SuperBuddy ActiveX control
CVE-2006-5819 (Verity Ultraseek before 5.7 allows remote attackers to use the server  ...)
	NOT-FOR-US: Verity Ultraseek
CVE-2006-5864 (Stack-based buffer overflow in the ps_gettext function in ps.c for GNU ...)
	{DSA-1243-1 DSA-1214}
	- gv 1:3.6.2-3 (medium; bug #398292)
	- evince 0.4.0-3 (medium; bug #400904; bug #400906; bug #402063)
CVE-2006-5818 (Multiple buffer overflows in tunekrnl in IBM Lotus Domino 6.x before 6 ...)
	NOT-FOR-US: Lotus Domino
CVE-2006-5817 (prl_dhcpd in Parallels Desktop for Mac Build 1940 uses insecure permis ...)
	NOT-FOR-US: Parallels
CVE-2006-5816 (Multiple PHP remote file inclusion vulnerabilities in Dmitry Sheiko Bu ...)
	NOT-FOR-US: Business Card Web Builder
CVE-2006-5815 (Stack-based buffer overflow in the sreplace function in ProFTPD 1.3.0  ...)
	{DSA-1222-1}
	- proftpd-dfsg 1.3.0-15 (bug #399070; high)
CVE-2006-5814 (Unspecified vulnerability in Novell eDirectory allows remote attackers ...)
	NOT-FOR-US: Novell eDirectory
CVE-2006-5813 (Unspecified vulnerability in Novell eDirectory 8.8 allows attackers to ...)
	NOT-FOR-US: Novell eDirectory
CVE-2006-5812 (Unspecified vulnerability in Kerio MailServer allows attackers to caus ...)
	NOT-FOR-US: Kerio
CVE-2006-5811 (PHP remote file inclusion vulnerability in library/translation.inc.php ...)
	NOT-FOR-US: OpenEMR
CVE-2006-5810 (Cross-site scripting (XSS) vulnerability in modules/wfdownloads/newlis ...)
	NOT-FOR-US: XOOPS
CVE-2006-5809 (Multiple unspecified vulnerabilities in Jonathon J. Freeman OvBB befor ...)
	NOT-FOR-US: OvBB
CVE-2006-5808 (The installation of Cisco Secure Desktop (CSD) before 3.1.1.45 uses in ...)
	NOT-FOR-US: Cisco
CVE-2006-5807 (Cisco Secure Desktop (CSD) before 3.1.1.45 allows local users to escap ...)
	NOT-FOR-US: Cisco
CVE-2006-5806 (SSL VPN Client in Cisco Secure Desktop before 3.1.1.45, when configure ...)
	NOT-FOR-US: Cisco
CVE-2006-5805 (Microsoft Internet Explorer 7 allows remote attackers to cause a secur ...)
	NOT-FOR-US: Microsoft
CVE-2006-5804 (PHP remote file inclusion vulnerability in admin.php in Advanced Guest ...)
	NOT-FOR-US: Advanced Guestbook
CVE-2006-5803 (PHP remote file inclusion vulnerability in modules/mx_smartor/album.ph ...)
	NOT-FOR-US: mxBB Smartor Album
CVE-2006-5802 (SQL injection vulnerability in message_details.php in The Web Drivers  ...)
	NOT-FOR-US: The Web Drivers Simple Forum
CVE-2006-5801 (The owserver module in owfs and owhttpd 2.5p5 and earlier does not pro ...)
	NOT-FOR-US: owfs
CVE-2006-5800 (Cross-site scripting (XSS) vulnerability in default.asp in xenis.creat ...)
	NOT-FOR-US: Xenis.creator
CVE-2006-5799 (Multiple cross-site scripting (XSS) vulnerabilities in default.asp in  ...)
	NOT-FOR-US: Xenis.creator
CVE-2006-5798 (SQL injection vulnerability in default.asp in Xenis.creator CMS allows ...)
	NOT-FOR-US: Xenis.creator
CVE-2006-5797 (Multiple SQL injection vulnerabilities in default.asp in Xenis.creator ...)
	NOT-FOR-US: Xenis.creator
CVE-2006-5796 (Multiple PHP remote file inclusion vulnerabilities in Soholaunch Pro E ...)
	NOT-FOR-US: Soholaunch Pro
CVE-2006-5795 (Multiple PHP remote file inclusion vulnerabilities in OpenEMR 2.8.1 an ...)
	NOT-FOR-US: OpenEMR
CVE-2006-5794 (Unspecified vulnerability in the sshd Privilege Separation Monitor in  ...)
	- openssh 1:4.3p2-6 (unimportant)
	NOTE: Not a direct vulnerability
CVE-2006-5793 (The sPLT chunk handling code (png_set_sPLT function in pngset.c) in li ...)
	- libpng 1.2.13-0 (low; bug #398706)
	[sarge] - libpng <no-dsa> (Minor issue)
CVE-2006-XXXX [obexpushd arbitrary command execution]
	- obexpushd 0.4+svn10-1 (bug #397297; medium)
CVE-2006-XXXX [motion insecure tempfile creation]
	- motion 3.2.3-2 (bug #393846; low)
	[sarge] - motion <no-dsa> (Minor issue)
CVE-2006-5792 (Unspecified vulnerability in XLink Omni-NFS Enterprise allows remote a ...)
	NOT-FOR-US: XLink Omni-NFS Enterprise
CVE-2006-5791 (Multiple cross-site scripting (XSS) vulnerabilities in elogd.c in ELOG ...)
	{DSA-1242-1}
	- elog 2.6.2+r1754-1 (medium; bug #392016)
CVE-2006-5790 (Multiple format string vulnerabilities in elogd.c in ELOG 2.6.2 and ea ...)
	{DSA-1242-1}
	- elog 2.6.2+r1754-1 (medium; bug #392016)
CVE-2006-5789 (War FTP Daemon (WarFTPd) 1.82.00-RC11 allows remote authenticated user ...)
	NOT-FOR-US: WarFTPd
CVE-2006-5788 (PHP remote file inclusion vulnerability in (1) index.php and (2) admin ...)
	NOT-FOR-US: IPrimal Forums
CVE-2006-5787 (admin/index.php in IPrimal Forums as of 20061105 allows remote attacke ...)
	NOT-FOR-US: IPrimal Forums
CVE-2006-5786 (Directory traversal vulnerability in class2.php in e107 0.7.5 and earl ...)
	NOT-FOR-US: e107
CVE-2006-5785 (Unspecified vulnerability in SAP Web Application Server 6.40 before pa ...)
	NOT-FOR-US: SAP Web Application Server
CVE-2006-5784 (Unspecified vulnerability in enserver.exe in SAP Web Application Serve ...)
	NOT-FOR-US: SAP Web Application Server
CVE-2006-5783
	NOTE: irreproducible firefox issue
CVE-2006-5782 (radexecd.exe in HP OpenView Client Configuraton Manager (CCM) does not ...)
	NOT-FOR-US: HP OpenView
CVE-2006-5781 (Stack-based buffer overflow in the handshake function in iodine 0.3.2  ...)
	NOT-FOR-US: iodine
CVE-2006-5780 (Stack-based buffer overflow in nfsd.exe in XLink Omni-NFS Server 5.2 a ...)
	NOT-FOR-US: XLink Omni-NFS
CVE-2006-5779 (OpenLDAP before 2.3.29 allows remote attackers to cause a denial of se ...)
	- openldap2.2 <removed> (bug #397673)
	- openldap2.3 2.3.29-1
CVE-2006-5777 (Creasito E-Commerce Content Manager 1.3.08 allows remote attackers to  ...)
	NOT-FOR-US: Creasito E-Commerce Content Manager
CVE-2006-5776
	NOT-FOR-US: Ariadne
CVE-2006-5775 (Cross-site scripting (XSS) vulnerability in profile.php in FunkBoard 0 ...)
	NOT-FOR-US: FunkBoard
CVE-2006-5774 (Cross-site scripting (XSS) vulnerability in Hyper NIKKI System before  ...)
	NOT-FOR-US: Hyper NIKKI System
CVE-2006-5773 (Directory traversal vulnerability in index.php in FreeWebshop 2.2.1 an ...)
	NOT-FOR-US: FreeWebshop
CVE-2006-5772 (Multiple SQL injection vulnerabilities in index.php in FreeWebshop 2.2 ...)
	NOT-FOR-US: FreeWebshop
CVE-2006-5771 (Cross-site scripting (XSS) vulnerability in Arkoon SSL360 1.0 and 2.0  ...)
	NOT-FOR-US: Arkoon SSL360
CVE-2006-5770 (Multiple cross-site scripting (XSS) vulnerabilities in ac4p Mobile all ...)
	NOT-FOR-US: Mobile
CVE-2006-5769 (Multiple cross-site scripting (XSS) vulnerabilities in admin.tool CMS  ...)
	NOT-FOR-US: admin.tool CMS
CVE-2006-5768 (Multiple PHP remote file inclusion vulnerabilities in Cyberfolio 2.0 R ...)
	NOT-FOR-US: Cyberfolio
CVE-2006-5767 (PHP remote file inclusion vulnerability in includes/xhtml.php in Drake ...)
	NOT-FOR-US: Drake CMS
CVE-2006-5766 (PHP remote file inclusion vulnerability in volume.php in Article Syste ...)
	NOT-FOR-US: Article System
CVE-2006-5765 (SQL injection vulnerability in rss.php in Article Script 1.6.3 and ear ...)
	NOT-FOR-US: Article Script
CVE-2006-5764 (PHP remote file inclusion vulnerability in contact.php in Free File Ho ...)
	NOT-FOR-US: Free File Hosting
CVE-2006-5763 (Multiple PHP remote file inclusion vulnerabilities in Free File Hostin ...)
	NOT-FOR-US: Free File Hosting
CVE-2006-5762 (PHP remote file inclusion vulnerability in forgot_pass.php in Free Fil ...)
	NOT-FOR-US: Free File Hosting
CVE-2006-5761 (Cross-site scripting (XSS) vulnerability in index.php in Rhadrix If-CM ...)
	NOT-FOR-US: Rhadrix If-CMS
CVE-2006-5760 (Multiple PHP remote file inclusion vulnerabilities in phpDynaSite 3.2. ...)
	NOT-FOR-US: phpDynaSite
CVE-2006-5759 (index.php in Rhadrix If-CMS, possibly 1.01 and 2.07, allows remote att ...)
	NOT-FOR-US: Rhadrix If-CMS
CVE-2006-5758 (The Graphics Rendering Engine in Microsoft Windows 2000 through 2000 S ...)
	NOT-FOR-US: Microsoft
CVE-2006-5757 (Race condition in the __find_get_block_slow function in the ISO9660 fi ...)
	{DSA-1304}
	- linux-2.6 2.6.18.dfsg.1-10 (low)
CVE-2006-5756
	REJECTED
CVE-2006-5755 (Linux kernel before 2.6.18, when running on x86_64 systems, does not p ...)
	{DSA-1381-2}
	- linux-2.6 2.6.18.dfsg.1-10
CVE-2006-5754 (The aio_setup_ring function in Linux kernel does not properly initiali ...)
	{DSA-1304}
	- linux-2.6 <not-affected> (Fixed before initial upload; 2.6.10)
CVE-2006-5753 (Unspecified vulnerability in the listxattr system call in Linux kernel ...)
	{DSA-1503-2 DSA-1503-1 DSA-1356-1 DSA-1304}
	- linux-2.6 2.6.20-1
CVE-2006-5752 (Cross-site scripting (XSS) vulnerability in mod_status.c in the mod_st ...)
	- apache2 2.2.4-2 (low)
	[sarge] - apache2 2.0.54-5sarge2
	[etch] - apache2 2.2.3-4+etch2
	- apache <removed> (low)
	[etch] - apache 1.3.34-4.1+etch1
CVE-2006-5751 (Integer overflow in the get_fdb_entries function in net/bridge/br_ioct ...)
	{DSA-1233}
	- linux-2.6 2.6.18-8 (medium)
CVE-2006-5750 (Directory traversal vulnerability in the DeploymentFileRepository clas ...)
	NOT-FOR-US: JBoss
CVE-2006-5749 (The isdn_ppp_ccp_reset_alloc_state function in drivers/isdn/isdn_ppp.c ...)
	- linux-2.6 2.6.18.dfsg.1-10
CVE-2006-5748 (Multiple unspecified vulnerabilities in the JavaScript engine in Mozil ...)
	{DSA-1227-1 DSA-1225-1 DSA-1224-1}
	NOTE: MFSA-2006-65
	- firefox 45.0-1 (high)
	- firefox-esr 45.0esr-1 (high)
	- iceweasel 2.0+dfsg-1 (high)
	- icedove 1.5.0.8-1 (medium)
	- mozilla <removed> (high)
	- xulrunner 1.8.0.8-1 (high)
CVE-2006-5747 (Unspecified vulnerability in Mozilla Firefox before 1.5.0.8, Thunderbi ...)
	NOTE: MFSA-2006-65
	- firefox 45.0-1 (high)
	- firefox-esr 45.0esr-1 (high)
	- iceweasel 2.0+dfsg-1 (high)
	- icedove 1.5.0.8-1 (medium)
	- mozilla <removed> (medium)
	- xulrunner 1.5.0.8-1 (high)
	- mozilla-firefox <removed>
	- mozilla-thunderbird <removed>
	[sarge] - mozilla <not-affected> (Vulnerable code not present)
	[sarge] - mozilla-firefox <not-affected> (Vulnerable code not present)
	[sarge] - mozilla-thunderbird <not-affected> (Vulnerable code not present)
CVE-2006-5746 (The console in AirMagnet Enterprise before 7.5 build 6307 does not pro ...)
	NOT-FOR-US: AirMagnet
CVE-2006-5745 (Unspecified vulnerability in the setRequestHeader method in the XMLHTT ...)
	NOT-FOR-US: Microsoft
CVE-2006-5744 (Multiple SQL injection vulnerabilities in Highwall Enterprise and High ...)
	NOT-FOR-US: Highwall Enterprise
CVE-2006-5743 (Multiple cross-site scripting (XSS) vulnerabilities in Highwall Enterp ...)
	NOT-FOR-US: Highwall Enterprise
CVE-2006-5742 (The AirMagnet Enterprise console and Remote Sensor console (Laptop) in ...)
	NOT-FOR-US: AirMagnet Enterprise
CVE-2006-5741 (Multiple cross-site scripting (XSS) vulnerabilities in AirMagnet Enter ...)
	NOT-FOR-US: AirMagnet Enterprise
CVE-2006-5739 (PHP remote file inclusion vulnerability in cpadmin/cpa_index.php in Le ...)
	NOT-FOR-US: communityPortals
CVE-2006-5738 (Multiple SQL injection vulnerabilities in PunBB before 1.2.14 allow re ...)
	NOT-FOR-US: PunBB
CVE-2006-5737 (PunBB uses a predictable cookie_seed value that can be derived from th ...)
	NOT-FOR-US: PunBB
CVE-2006-5736 (SQL injection vulnerability in search.php in PunBB before 1.2.14, when ...)
	NOT-FOR-US: PunBB
CVE-2006-5735 (Directory traversal vulnerability in include/common.php in PunBB befor ...)
	NOT-FOR-US: PunBB
CVE-2006-5734 (Multiple PHP remote file inclusion vulnerabilities in ATutor 1.5.3.2 a ...)
	NOT-FOR-US: ATutor
CVE-2006-5733 (Directory traversal vulnerability in error.php in PostNuke 0.763 and e ...)
	NOT-FOR-US: PostNuke
CVE-2006-5732 (SQL injection vulnerability in logout.php in T.G.S. CMS 0.1.7 and earl ...)
	NOT-FOR-US: T.G.S. CMS
CVE-2006-5731 (Directory traversal vulnerability in classes/index.php in Lithium CMS  ...)
	NOT-FOR-US: Lithium CMS
CVE-2006-5730 (PHP remote file inclusion vulnerability in manager/media/browser/mcpuk ...)
	NOT-FOR-US: Modx CMS
CVE-2006-5729 (Yazd Discussion Forum before 3.0 beta does not properly manage forum p ...)
	NOT-FOR-US: Yazd Discussion Forum
CVE-2006-5728 (XM Easy Personal FTP Server 5.2.1 and earlier allows remote authentica ...)
	NOT-FOR-US: XM Easy Personal FTP Server
CVE-2006-5727 (PHP remote file inclusion vulnerability in admin/controls/cart.php in  ...)
	NOT-FOR-US: sazcart
CVE-2006-5726 (alloccgblk in the UFS filesystem in Solaris 10 allows local users to c ...)
	NOT-FOR-US: Solaris
CVE-2006-5725 (The SSL server in AEP Smartgate 4.3b allows remote attackers to determ ...)
	NOT-FOR-US: AEP Smartgate
CVE-2006-5724 (Heap-based buffer overflow the "Answering Service" function in ICQ 200 ...)
	NOT-FOR-US: ICQ
CVE-2006-5723 (SQL injection vulnerability in DataparkSearch Engine 4.42 and earlier  ...)
	NOT-FOR-US: DataparkSearch Engine
CVE-2006-5722 (Multiple PHP remote file inclusion vulnerabilities in Segue CMS 1.5.9  ...)
	NOT-FOR-US: Segue CMS
CVE-2006-5721 (The \Device\SandBox driver in Outpost Firewall PRO 4.0 (964.582.059) a ...)
	NOT-FOR-US: Outpost Firewall PRO
CVE-2006-5720 (SQL injection vulnerability in modules/journal/search.php in the Journ ...)
	NOT-FOR-US: PHP-Nuke
CVE-2006-5719 (SQL injection vulnerability in libs/sessions.lib.php in BytesFall Expl ...)
	NOT-FOR-US: BytesFall Explorer (bfExplorer)
CVE-2006-5718 (Cross-site scripting (XSS) vulnerability in error.php in phpMyAdmin 2. ...)
	- phpmyadmin 4:2.9.0.3-1 (low; bug #396638)
	[sarge] - phpmyadmin <not-affected> (Vulnerable code not present)
	NOTE: https://www.phpmyadmin.net/security/PMASA-2006-6/
	NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/39893dd0c956de6505d5a4d4590ad3e1f64bdffa
CVE-2006-5717 (Multiple cross-site scripting (XSS) vulnerabilities in Zend Google Dat ...)
	NOT-FOR-US: Zend Google Data Client Library (ZendGData)
CVE-2006-5716 (Directory traversal vulnerability in aff_news.php in FreeNews 2.1 allo ...)
	NOT-FOR-US: FreeNews
CVE-2006-5715 (Easy File Sharing (EFS) Easy Address Book 1.2, when run on an NTFS fil ...)
	NOT-FOR-US: Easy File Sharing (EFS) Easy Address Book
CVE-2006-5714 (Easy File Sharing (EFS) Web Server 4.0, when running on an NTFS file s ...)
	NOT-FOR-US: Easy File Sharing (EFS) Web Server
CVE-2006-5713 (Cross-site scripting (XSS) vulnerability in Easy File Sharing (EFS) We ...)
	NOT-FOR-US: Easy File Sharing (EFS) Web Server
CVE-2006-5712 (Cross-site scripting (XSS) vulnerability in Mirapoint WebMail allows r ...)
	NOT-FOR-US: Mirapoint WebMail
CVE-2006-5711 (ECI Telecom B-FOCuS Wireless 802.11b/g ADSL2+ Router allows remote att ...)
	NOT-FOR-US: ECI Telecom
CVE-2006-5710 (The Airport driver for certain Orinoco based Airport cards in Darwin k ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2006-5709 (Unspecified vulnerability in WorldClient in Alt-N Technologies MDaemon ...)
	NOT-FOR-US: Alt-N Technologies MDaemon
CVE-2006-5708 (Multiple unspecified vulnerabilities in MDaemon and WorldClient in Alt ...)
	NOT-FOR-US: Alt-N Technologies MDaemon
CVE-2006-5707 (SQL injection vulnerability in index.php in PHPEasyData Pro 1.4.1 and  ...)
	NOT-FOR-US: PHPEasyData
CVE-2006-5706 (Unspecified vulnerabilities in PHP, probably before 5.2.0, allow local ...)
	- php5 5.2.0-1 (unimportant)
	- php4 <removed> (unimportant)
	NOTE: lack of basedir restrictions are not security-relevant by Debian PHP security policy
CVE-2006-5705 (Multiple directory traversal vulnerabilities in plugins/wp-db-backup.p ...)
	- wordpress 2.0.5-0.1
CVE-2006-5704 (HP NonStop Server G06.29, when running Standard Security T6533G06 befo ...)
	NOT-FOR-US: HP
CVE-2006-5703 (Cross-site scripting (XSS) vulnerability in tiki-featured_link.php in  ...)
	- tikiwiki 1.9.6+dfsg-1 (low)
CVE-2006-5702 (Tikiwiki 1.9.5 allows remote attackers to obtain sensitive information ...)
	- tikiwiki 1.9.6+dfsg-1 (medium)
CVE-2006-5701 (Double free vulnerability in squashfs module in the Linux kernel 2.6.x ...)
	- linux-2.6 <not-affected> (Vulnerable code not present)
	- squashfs 1:3.1r2-6.1
	NOTE: Mounting filesystem partitions should be limited to root
CVE-2006-5700
	REJECTED
CVE-2006-5699
	REJECTED
CVE-2006-5698
	REJECTED
CVE-2006-5697
	REJECTED
CVE-2006-5696
	REJECTED
CVE-2006-5695
	REJECTED
CVE-2006-5694
	REJECTED
CVE-2006-5693
	REJECTED
CVE-2006-5692
	REJECTED
CVE-2006-5691
	REJECTED
CVE-2006-5690
	REJECTED
CVE-2006-5689
	REJECTED
CVE-2006-5688
	REJECTED
CVE-2006-5687
	REJECTED
CVE-2006-5686
	REJECTED
CVE-2006-5685
	REJECTED
CVE-2006-5684
	REJECTED
CVE-2006-5683
	REJECTED
CVE-2006-5682
	REJECTED
CVE-2006-5681 (QuickTime for Java on Mac OS X 10.4 through 10.4.8, when used with Qua ...)
	NOT-FOR-US: QuickTime on Mac OS X
CVE-2006-5680 (The libarchive library in FreeBSD 6-STABLE after 2006-09-05 and before ...)
	- libarchive 1.3.1-1 (unimportant)
CVE-2006-5679 (Integer overflow in the ffs_mountfs function in FreeBSD 6.1 allows loc ...)
	- kfreebsd-5 <removed> (medium)
	[etch] - kfreebsd-5 <no-dsa> (no security support for freebsd)
CVE-2006-5678
	NOT-FOR-US: Les Visiteurs
CVE-2006-5677 (resmom/start_exec.c in pbs_mom in TORQUE Resource Manager 2.0.0p8 and  ...)
	- torque 2.1.6-1
CVE-2006-5676 (SQL injection vulnerability in consult/classement.php in Uni-Vert PhpL ...)
	NOT-FOR-US: PhpLeague
CVE-2006-5675 (Multiple unspecified vulnerabilities in Pentaho Business Intelligence  ...)
	NOT-FOR-US: Pentaho Business Intelligence (BI) Suite
CVE-2006-5674 (Multiple PHP remote file inclusion vulnerabilities in miniBB 2.0.2 and ...)
	NOT-FOR-US: miniBB
CVE-2006-5673 (PHP remote file inclusion vulnerability in bb_func_txt.php in miniBB 2 ...)
	NOT-FOR-US: miniBB
CVE-2006-5672 (PHP remote file inclusion vulnerability in web/init_mysource.php in My ...)
	NOT-FOR-US: MySource CMS
CVE-2006-5671 (PHP remote file inclusion vulnerability in contact.php in Free Image H ...)
	NOT-FOR-US: Free Image Hosting
CVE-2006-5670 (PHP remote file inclusion vulnerability in forgot_pass.php in Free Ima ...)
	NOT-FOR-US: Free Image Hosting
CVE-2006-5669 (PHP remote file inclusion vulnerability in gestion/savebackup.php in G ...)
	NOT-FOR-US: Gepi
CVE-2006-5668 (Unspecified vulnerability in Ampache 3.3.2 and earlier, when register_ ...)
	NOT-FOR-US: Ampache
CVE-2006-5667 (Multiple PHP remote file inclusion vulnerabilities in P-Book 1.17 and  ...)
	NOT-FOR-US: P-Book
CVE-2006-5666 (SQL injection vulnerability in includes/menu.inc.php in E-Annu 1.0 all ...)
	NOT-FOR-US: E-Annu
CVE-2006-5665 (PHP remote file inclusion vulnerability in admin/modules_data.php in t ...)
	NOT-FOR-US: phpBB module Spider Friendly
CVE-2006-5664 (The installation script in IBM Informix Dynamic Server 10.00, Informix ...)
	NOT-FOR-US: IBM Informix
CVE-2006-5663 (IBM Informix Dynamic Server 10.00, Informix Client Software Developmen ...)
	NOT-FOR-US: IBM Informix
CVE-2006-5662 (SQL injection vulnerability in easy notesManager (eNM) 0.0.1 allows re ...)
	NOT-FOR-US: easy notesManager (eNM)
CVE-2006-5661 (Cross-site scripting (XSS) vulnerability in nquser.php in VIRtech Netq ...)
	NOT-FOR-US: Netquery
CVE-2006-5660 (Cisco Security Agent Management Center (CSAMC) 5.1 before 5.1.0.79 doe ...)
	NOT-FOR-US: Cisco
CVE-2006-5659 (PAM_extern before 0.2 sends a password as a command line argument, whi ...)
	NOT-FOR-US: PAM_extern
CVE-2006-5658 (BlooMooWeb ActiveX control (AidemATL.dll) allows remote attackers to ( ...)
	NOT-FOR-US: BlooMooWeb ActiveX control
CVE-2006-5657 (Multiple off-by-one errors in src/text.c in Vilistextum before 2.6.9 h ...)
	NOT-FOR-US: Vilistextum
CVE-2006-5656 (Memory leak in the push_align function in src/util.c in Vilistextum be ...)
	NOT-FOR-US: Vilistextum
CVE-2006-5655 (SQL injection vulnerability in index.php in OpenDocMan 1.2p3 allows re ...)
	NOT-FOR-US: OpenDocMan
CVE-2006-5654 (Unspecified vulnerability in the Network Security Services (NSS) in Su ...)
	NOT-FOR-US: Sun Java System Web Server
CVE-2006-5653 (Cross-site scripting (XSS) vulnerability in the errorHTML function in  ...)
	NOT-FOR-US: Sun Java System Messenger Express
CVE-2006-5652 (Cross-site scripting (XSS) vulnerability in Sun iPlanet Messaging Serv ...)
	NOT-FOR-US: Sun
CVE-2006-5651 (list.php in DigiOz Guestbook before 1.7.1 allows remote attackers to o ...)
	NOT-FOR-US: DigiOz Guestbook
CVE-2006-5650 (The ICQPhone.SipxPhoneManager ActiveX control in America Online ICQ 5. ...)
	NOT-FOR-US: ICQPhone.SipxPhoneManager
CVE-2006-5649 (Unspecified vulnerability in the "alignment check exception handling"  ...)
	{DSA-1237 DSA-1233}
	- linux-2.6 2.6.18-4
CVE-2006-5648 (Ubuntu Linux 6.10 for the PowerPC (PPC) allows local users to cause a  ...)
	- linux-2.6 2.6.18-1 (low)
CVE-2006-5647 (Sophos Anti-Virus and Endpoint Security before 6.0.5, Anti-Virus for L ...)
	NOT-FOR-US: Sophos
CVE-2006-5646 (Heap-based buffer overflow in Sophos Anti-Virus and Endpoint Security  ...)
	NOT-FOR-US: Sophos
CVE-2006-5645 (Sophos Anti-Virus and Endpoint Security before 6.0.5, Anti-Virus for L ...)
	NOT-FOR-US: Sophos
CVE-2006-5644
	RESERVED
CVE-2006-5643 (Cross-site scripting (XSS) vulnerability in search_de.html in foresite ...)
	NOT-FOR-US: foresite CMS
CVE-2006-5642 (Unspecified vulnerability in NmnLogger 1.0.0 and earlier has unknown i ...)
	NOT-FOR-US: NmnLogger
CVE-2006-5641 (SQL injection vulnerability in MainAnnounce2.asp in Techno Dreams Anno ...)
	NOT-FOR-US: Techno Dreams
CVE-2006-5640 (SQL injection vulnerability in guestbookview.asp in Techno Dreams Gues ...)
	NOT-FOR-US: Techno Dreams
CVE-2006-5639 (Unspecified vulnerability in the random number generator in OpenWBEM ( ...)
	NOT-FOR-US: OpenWBEM
CVE-2006-5638 (Multiple SQL injection vulnerabilities in cherche.php in PHPMyRing 4.2 ...)
	NOT-FOR-US: PHPMyRing
CVE-2006-5637 (PHP remote file inclusion vulnerability in faq_reply.php in Faq Admini ...)
	NOT-FOR-US: Faq Administrator
CVE-2006-5636 (PHP remote file inclusion vulnerability in common.php in Simple Websit ...)
	NOT-FOR-US: Simple Website Software
CVE-2006-5635 (SQL injection vulnerability in forum/search.asp in Web Wiz Forums allo ...)
	NOT-FOR-US: Web Wiz Forums
CVE-2006-5634 (Multiple PHP remote file inclusion vulnerabilities in phpProfiles 2.1  ...)
	NOT-FOR-US: phpProfiles
CVE-2006-5633 (Firefox 1.5.0.7 and 2.0, and Seamonkey 1.1b, allows remote attackers t ...)
	- firefox 45.0-1 (unimportant)
	- firefox-esr 45.0esr-1 (unimportant)
	- iceweasel <removed> (unimportant)
	- icedove <unfixed> (unimportant)
	- mozilla <removed> (unimportant)
	- xulrunner <unfixed> (unimportant)
	- mozilla-firefox <removed> (unimportant)
	- mozilla-thunderbird <removed> (unimportant)
CVE-2006-5632 (Cross-site scripting (XSS) vulnerability in change_pass.php in iG Shop ...)
	NOT-FOR-US: iG Shop
CVE-2006-5631 (Cross-site scripting (XSS) vulnerability in change_pass.php in iG Shop ...)
	NOT-FOR-US: iG Shop
CVE-2006-5630 (Hosting Controller 6.1 before Hotfix 3.3 allows remote attackers to (1 ...)
	NOT-FOR-US: Hosting Controller
CVE-2006-5629 (Multiple SQL injection vulnerabilities in Hosting Controller 6.1 befor ...)
	NOT-FOR-US: Hosting Controller
CVE-2006-5628 (SQL injection vulnerability in login.asp in UNISOR Content Management  ...)
	NOT-FOR-US: UNISOR Content Management System (CMS)
CVE-2006-5627 (Multiple PHP remote file inclusion vulnerabilities in QnECMS 2.5.6 and ...)
	NOT-FOR-US: QnECMS
CVE-2006-5626 (Cross-site scripting (XSS) vulnerability in cms_images/js/htmlarea/htm ...)
	NOT-FOR-US: phpFaber
CVE-2006-5625 (PHP remote file inclusion vulnerability in wwwdev/nxheader.inc.php in  ...)
	NOT-FOR-US: N/X 2002 Professional Edition Web Content Management System (WCMS)
CVE-2006-5624 (Multiple PHP remote file inclusion vulnerabilities in Multi-Page Comme ...)
	NOT-FOR-US: Multi-Page Comment System (MPCS)
CVE-2006-5623 (PHP remote file inclusion vulnerability in ip.inc.php in Electronic En ...)
	NOT-FOR-US: Electronic Engineering Tool (EE Tool)
CVE-2006-5622 (SQL injection vulnerability in picmgr.php in Coppermine Photo Gallery  ...)
	NOT-FOR-US: Coppermine Photo Gallery
CVE-2006-5621 (PHP remote file inclusion vulnerability in end.php in ask_rave 0.9 PR, ...)
	NOT-FOR-US: ask_rave
CVE-2006-5620 (PHP remote file inclusion vulnerability in include/menu_builder.php in ...)
	NOT-FOR-US: MiniBILL
CVE-2006-5619 (The seqfile handling (ip6fl_get_n function in ip6_flowlabel.c) in Linu ...)
	{DSA-1233}
	- linux-2.6 2.6.18-4 (low)
CVE-2006-5618 (Directory traversal vulnerability in script/cat_for_aff.php in Netref  ...)
	NOT-FOR-US: Netref
CVE-2006-5617 (Directory traversal vulnerability in index.php in Thepeak File Upload  ...)
	NOT-FOR-US: Thepeak File Upload Manager
CVE-2006-5616 (Multiple unspecified vulnerabilities in OpenPBS, as used in SUSE Linux ...)
	NOT-FOR-US: OpenPBS
CVE-2006-5615 (PHP remote file inclusion vulnerability in publish.php in Textpattern  ...)
	NOT-FOR-US: Textpattern
CVE-2006-5614 (Microsoft Windows NAT Helper Components (ipnathlp.dll) on Windows XP S ...)
	NOT-FOR-US: Microsoft
CVE-2006-5613 (PHP remote file inclusion in Core/core.inc.php in MP3 Streaming DownSa ...)
	NOT-FOR-US: MP3 Streaming DownSampler (mp3SDS)
CVE-2006-5612 (PHP remote file inclusion vulnerability in aide.php3 (aka aide.php) in ...)
	NOT-FOR-US: GestArt
CVE-2006-5611 (Unspecified vulnerability in Toshiba Bluetooth Stack before 4.20.01 ha ...)
	NOT-FOR-US: Toshiba
CVE-2006-5610 (PHP remote file inclusion vulnerability in player/includes/common.php  ...)
	NOT-FOR-US: Teake Nutma Foing
CVE-2006-5609 (Directory traversal vulnerability in dir.php in TorrentFlux 2.1 allows ...)
	- torrentflux 2.1-5 (bug #395930; medium)
CVE-2006-5608 (SQL injection vulnerability in Extended Tracker (xtracker) 4.7 before  ...)
	NOT-FOR-US: Extended Tracker (xtracker) for Drupal
CVE-2006-5607 (Directory traversal vulnerability in /cgi-bin/webcm in INCA IM-204 all ...)
	NOT-FOR-US: INCA IM-204
CVE-2006-5606 (Multiple SQL injection vulnerabilities in BytesFall Explorer (bfExplor ...)
	NOT-FOR-US: BytesFall Explorer (bfExplorer)
CVE-2006-5605 (Multiple cross-site scripting (XSS) vulnerabilities in phpcards.footer ...)
	NOT-FOR-US: phpCards
CVE-2006-5604 (Directory traversal vulnerability in phpcards.header.php in phpCards 1 ...)
	NOT-FOR-US: phpCards
CVE-2006-5603 (SQL injection vulnerability in pop_mail.asp in Snitz Forums 2000 3.4.0 ...)
	NOT-FOR-US: Snitz Forums
CVE-2006-5600 (Axalto Protiva 1.1, possibly only non-commercial versions, stores pass ...)
	NOT-FOR-US: Axalto Protiva
CVE-2006-5599 (Cross-site scripting (XSS) vulnerability in Oracle Application Express ...)
	NOT-FOR-US: Oracle
CVE-2006-5598 (Cross-site scripting (XSS) vulnerability in index.php for GOOP Gallery ...)
	NOT-FOR-US: GOOP Gallery
CVE-2006-5597 (join.asp in MiniHTTP Web Forum &amp; File Server PowerPack 4.0 allows  ...)
	NOT-FOR-US: MiniHTTP Web Forum
CVE-2006-5596 (Directory traversal vulnerability in the SSL server in AEP Smartgate 4 ...)
	NOT-FOR-US: AEP Smartgate
CVE-2006-5595 (Unspecified vulnerability in the AirPcap support in Wireshark (formerl ...)
	- wireshark 0.99.4-1 (bug #396258)
CVE-2006-5594 (PHP remote file inclusion vulnerability in University of British Colum ...)
	NOT-FOR-US: iPeer
CVE-2006-5593 (Buffer overflow in Desknet's (niokeru) before 5.0J R1.0 might allow re ...)
	NOT-FOR-US: Desknet's (niokeru)
CVE-2006-5592 (Admin/adpoll.asp in PacPoll 4.0 and earlier allows remote attackers to ...)
	NOT-FOR-US: PacPoll
CVE-2006-5591 (Multiple SQL injection vulnerabilities in Admin/check.asp in PacPoll 4 ...)
	NOT-FOR-US: PacPoll
CVE-2006-5590 (PHP remote file inclusion vulnerability in index.php in ArticleBeach S ...)
	NOT-FOR-US: ArticleBeach Script
CVE-2006-5589 (Multiple SQL injection vulnerabilities in LedgerSMB (LSMB) 1.1.0 and e ...)
	NOT-FOR-US: LedgerSMB (LSMB)
CVE-2006-5588 (Multiple PHP remote file inclusion vulnerabilities in CMS Faethon 2.0  ...)
	NOT-FOR-US: CMS Faethon
CVE-2006-5587 (Multiple PHP remote file inclusion vulnerabilities in MDweb 1.3 and ea ...)
	NOT-FOR-US: MDweb
CVE-2006-5586 (The Graphics Rendering Engine in Microsoft Windows 2000 SP4 and XP SP2 ...)
	NOT-FOR-US: Microsoft GDI
CVE-2006-5585 (The Client-Server Run-time Subsystem in Microsoft Windows XP SP2 and S ...)
	NOT-FOR-US: Microsoft
CVE-2006-5584 (The Remote Installation Service (RIS) in Microsoft Windows 2000 SP4 us ...)
	NOT-FOR-US: Microsoft
CVE-2006-5583 (Buffer overflow in the SNMP Service in Microsoft Windows 2000 SP4, XP  ...)
	NOT-FOR-US: Microsoft
CVE-2006-5582
	REJECTED
CVE-2006-5581 (Unspecified vulnerability in Microsoft Internet Explorer 6 allows remo ...)
	NOT-FOR-US: Microsoft
CVE-2006-5580
	RESERVED
CVE-2006-5579 (Microsoft Internet Explorer 6 allows remote attackers to execute arbit ...)
	NOT-FOR-US: Microsoft
CVE-2006-5578 (Microsoft Internet Explorer 6 and earlier allows remote attackers to r ...)
	NOT-FOR-US: Microsoft
CVE-2006-5577 (Microsoft Internet Explorer 6 and earlier allows remote attackers to o ...)
	NOT-FOR-US: Microsoft
CVE-2006-5576
	REJECTED
CVE-2006-5575
	REJECTED
CVE-2006-5574 (Unspecified vulnerability in the Brazilian Portuguese Grammar Checker  ...)
	NOT-FOR-US: Microsoft
CVE-2006-5573
	REJECTED
CVE-2006-5572
	REJECTED
CVE-2006-5571 (Stack-based buffer overflow in /scripts/cruise/cws.exe in CruiseWorks  ...)
	NOT-FOR-US: CruiseWorks
CVE-2006-5570 (Directory traversal vulnerability in /scripts/cruise/cws.exe in Cruise ...)
	NOT-FOR-US: CruiseWorks
CVE-2006-5569 (FtpXQ Server 3.0.1 installs with two default testing accounts, which a ...)
	NOT-FOR-US: FtpXQ
CVE-2006-5568 (FtpXQ Server 3.0.1 allows remote attackers to cause a denial of servic ...)
	NOT-FOR-US: FtpXQ
CVE-2006-5567 (Multiple heap-based buffer overflows in AOL Nullsoft WinAmp before 5.3 ...)
	NOT-FOR-US: WinAmp
CVE-2006-5566 (CRLF injection vulnerability in premium/index.php in Shop-Script allow ...)
	NOT-FOR-US: Shop-Script
CVE-2006-5565 (CRLF injection vulnerability in MAXdev MD-Pro 1.0.76 allows remote att ...)
	NOT-FOR-US: MAXdev MD-Pro
CVE-2006-5564 (Cross-site scripting (XSS) vulnerability in user.php in MAXdev MD-Pro  ...)
	NOT-FOR-US: MAXdev MD-Pro
CVE-2006-5563 (Unspecified vulnerability in Yahoo! Messenger (Service 18) before 8.1. ...)
	NOT-FOR-US: Yahoo! Messenger
CVE-2006-5562 (PHP remote file inclusion vulnerability in include/database.php in Sou ...)
	NOT-FOR-US: SourceForge (gforge is not affected)
CVE-2006-5561 (SQL injection vulnerability in admincp.php in Discuz! GBK 5.0.0 allows ...)
	NOT-FOR-US: Discuz! GBK
CVE-2006-5560 (Cross-site scripting (XSS) vulnerability in heading.php in Boesch Prog ...)
	NOT-FOR-US: ProgSys
CVE-2006-5559 (The Execute method in the ADODB.Connection 2.7 and 2.8 ActiveX control ...)
	NOT-FOR-US: ADODB.Connection 2.7 ActiveX control
CVE-2006-5558 (Format string vulnerability in the swask command in HP-UX B.11.11 and  ...)
	NOT-FOR-US: HP-UX
CVE-2006-5557 (Stack-based buffer overflow in the (1) swpackage and (2) swmodify comm ...)
	NOT-FOR-US: HP-UX
CVE-2006-5556 (Buffer overflow in the localtime_r function, and certain other functio ...)
	NOT-FOR-US: swask
CVE-2006-5555 (PHP remote file inclusion vulnerability in constantes.inc.php in EPNad ...)
	NOT-FOR-US: EPNadmin
CVE-2006-5554 (Directory traversal vulnerability in index.php in Imageview 5 allows r ...)
	NOT-FOR-US: Imageview
CVE-2006-5553 (Cisco Security Agent (CSA) for Linux 4.5 before 4.5.1.657 and 5.0 befo ...)
	NOT-FOR-US: Cisco
CVE-2006-5552 (Multiple heap-based buffer overflows in RevilloC MailServer 1.21 and e ...)
	NOT-FOR-US: RevilloC MailServer
CVE-2006-5551 (Stack-based buffer overflow in QK SMTP 3.01 and earlier might allow re ...)
	NOT-FOR-US: QK SMTP
CVE-2006-5550 (The kernel in FreeBSD 6.1 and OpenBSD 4.0 allows local users to cause  ...)
	- kfreebsd-5 <removed> (low)
	[etch] - kfreebsd-5 <no-dsa> (no security support for freebsd)
CVE-2006-5549
	NOT-FOR-US: Adobe PHP SDK
CVE-2006-5548 (PHP remote file inclusion vulnerability in OTSCMS/OTSCMS.php in Open T ...)
	NOT-FOR-US: Open Tibia Server Content Management System
CVE-2006-5547 (PHP remote file inclusion vulnerability in OTSCMS/OTSCMS.php in Open T ...)
	NOT-FOR-US: Open Tibia Server Content Management System
CVE-2006-5546 (PHP remote file inclusion vulnerability in OTSCMS/OTSCMS.php in Open T ...)
	NOT-FOR-US: Open Tibia Server Content Management System
CVE-2006-5545 (Premium Antispam in Symantec Mail Security for Domino Server 5.1.x bef ...)
	NOT-FOR-US: Symantec
CVE-2006-5544 (Visual truncation vulnerability in Microsoft Internet Explorer 7 allow ...)
	NOT-FOR-US: Microsoft
CVE-2006-5543 (PHP remote file inclusion vulnerability in misc/function.php3 in PHP G ...)
	NOT-FOR-US: PHP Generator of Object SQL Database
CVE-2006-5542 (backend/tcop/postgres.c in PostgreSQL 8.1.x before 8.1.5 allows remote ...)
	- postgresql-8.1 8.1.5-1 (unimportant)
	NOTE: All crashes can only be triggered by authenticated users, these are not
	NOTE: treated as vulnerabilities.
CVE-2006-5541 (backend/parser/parse_coerce.c in PostgreSQL 7.4.1 through 7.4.14, 8.0. ...)
	- postgresql-7.4 1:7.4.14-1 (unimportant)
	- postgresql-8.1 8.1.5-1 (unimportant)
	[sarge] - postgresql <unfixed> (unimportant)
	NOTE: All crashes can only be triggered by authenticated users, these are not
	NOTE: treated as vulnerabilities.
CVE-2006-5540 (backend/parser/analyze.c in PostgreSQL 8.1.x before 8.1.5 allows remot ...)
	- postgresql-8.1 8.1.5-1 (unimportant)
	NOTE: All crashes can only be triggered by authenticated users, these are not
	NOTE: treated as vulnerabilities.
CVE-2006-5539 (PHP remote file inclusion vulnerability in login/secure.php in UeberPr ...)
	NOT-FOR-US: UeberProject Management System
CVE-2006-5538 (D-Link DSL-G624T firmware 3.00B01T01.YA-C.20060616 allows remote attac ...)
	NOT-FOR-US: D-Link
CVE-2006-5537 (Multiple cross-site scripting (XSS) vulnerabilities in cgi-bin/webcm i ...)
	NOT-FOR-US: D-Link
CVE-2006-5536 (Directory traversal vulnerability in cgi-bin/webcm in D-Link DSL-G624T ...)
	NOT-FOR-US: D-Link
CVE-2006-5535 (Multiple cross-site scripting (XSS) vulnerabilities in WebHostManager  ...)
	NOT-FOR-US: WebHostManager cPanel
CVE-2006-5534 (Multiple cross-site scripting (XSS) vulnerabilities in index.htm in Zw ...)
	NOT-FOR-US: Zwahlen Online Shop Freeware
CVE-2006-5533 (Multiple PHP remote file inclusion vulnerabilities in AROUNDMe 0.6.9,  ...)
	NOT-FOR-US: AROUNDMe
CVE-2006-5532 (Cross-site scripting (XSS) vulnerability in rmgs/images.php in RMSOFT  ...)
	NOT-FOR-US: RMSOFT Gallery System
CVE-2006-5531 (PHP remote file inclusion vulnerability in embedded.php in Ascended Gu ...)
	NOT-FOR-US: Ascended Guestbook
CVE-2006-5530 (Multiple cross-site scripting (XSS) vulnerabilities in Boesch SimpNews ...)
	NOT-FOR-US: SimpNews
CVE-2006-5529 (Cross-site scripting (XSS) vulnerability in smumdadotcom_ascyb_alumni/ ...)
	NOT-FOR-US: SchoolAlumni Portal
CVE-2006-5528 (Directory traversal vulnerability in mod.php in SchoolAlumni Portal 2. ...)
	NOT-FOR-US: SchoolAlumni Portal
CVE-2006-5527 (PHP remote file inclusion vulnerability in lib.editor.inc.php in Intel ...)
	NOT-FOR-US: InteliEditor
CVE-2006-5526 (Multiple PHP remote file inclusion vulnerabilities in Teake Nutma Foin ...)
	NOT-FOR-US: Fully Modded phpBB (phpbbfm) / Teake Nutma Foing
CVE-2006-5525 (Incomplete blacklist vulnerability in mainfile.php in PHP-Nuke 7.9 and ...)
	NOT-FOR-US: PHP-Nuke
CVE-2006-5524 (Cross-site scripting (XSS) vulnerability in index.php in phplist 2.10. ...)
	- phplist <itp> (bug #612288)
CVE-2006-5523 (PHP remote file inclusion vulnerability in common.php in EZ-Ticket 0.0 ...)
	NOT-FOR-US: EZ-Ticket
CVE-2006-5522 (Multiple PHP remote file inclusion vulnerabilities in Johannes Erdfelt ...)
	NOT-FOR-US: Kawf
CVE-2006-5521 (PHP remote file inclusion vulnerability in DNS/RR.php in Net_DNS 0.03  ...)
	NOT-FOR-US: Net_DNS
CVE-2006-5520 (PHP remote file inclusion vulnerability in functions.php in DeltaScrip ...)
	NOT-FOR-US: PHP Classifieds
CVE-2006-5519 (PHP remote file inclusion vulnerability in Savant2/Savant2_Plugin_opti ...)
	- egroupware <not-affected> (there is no path variable used to include plugin.php)
CVE-2006-5518 (Multiple PHP remote file inclusion vulnerabilities in Christopher Fowl ...)
	NOT-FOR-US: RSSonate
CVE-2006-5517 (Multiple PHP remote file inclusion vulnerabilities in Rhode Island Ope ...)
	NOT-FOR-US: Open Meetings Filing Application
CVE-2006-5516 (Multiple cross-site scripting (XSS) vulnerabilities in actions/userset ...)
	NOT-FOR-US: WikiNi
CVE-2006-5515 (Cross-site scripting (XSS) vulnerability in lib-history.inc.php in php ...)
	NOT-FOR-US: phpPgAds / phpAdsNew
CVE-2006-5514 (SQL injection vulnerability in quiz.php in Web Group Communication Cen ...)
	NOT-FOR-US: Web Group Communication
CVE-2006-5513 (SQL injection vulnerability in GeoNetwork opensource before 2.0.3 allo ...)
	NOT-FOR-US: GeoNetwork opensource
CVE-2006-5740 (Unspecified vulnerability in the LDAP dissector in Wireshark (formerly ...)
	- wireshark 0.99.4-1 (bug #396258; medium)
CVE-2006-5602 (Multiple memory leaks in xsupplicant before 1.2.6, and possibly other  ...)
	- xsupplicant 1.2.4.dfsg.1-3 (bug #396204; medium)
CVE-2006-5601 (Stack-based buffer overflow in the eap_do_notify function in eap.c in  ...)
	- xsupplicant 1.2.4.dfsg.1-3 (bug #396204; medium)
CVE-2006-XXXX [several possible mysql 5.0 local DoS vulnerabilities]
	- mysql-dfsg-5.0 5.0.26-1 (low)
CVE-2006-5512 (Cross-site scripting (XSS) vulnerability in article.htm in Zwahlen Onl ...)
	NOT-FOR-US: Zwahlen Online Shop
CVE-2006-5511 (Direct static code injection vulnerability in delete.php in JaxUltraBB ...)
	NOT-FOR-US: JaxUltraBB
CVE-2006-5510 (Directory traversal vulnerability in explorer_load_lang.php in PH Pexp ...)
	NOT-FOR-US: Pexplorer
CVE-2006-5509 (Eval injection vulnerability in addentry.php in WoltLab Burning Book 1 ...)
	NOT-FOR-US: Burning Book
CVE-2006-5508 (Multiple SQL injection vulnerabilities in addentry.php in WoltLab Burn ...)
	NOT-FOR-US: Burning Book
CVE-2006-5507 (Multiple PHP remote file inclusion vulnerabilities in Der Dirigent (De ...)
	NOT-FOR-US: Der Dirigent
CVE-2006-5506 (Multiple PHP remote file inclusion vulnerabilities in WiClear 0.10 all ...)
	NOT-FOR-US: WiClear
CVE-2006-5505 (Multiple PHP file inclusion vulnerabilities in 2BGal 3.0 allow remote  ...)
	NOT-FOR-US: 2BGal
CVE-2006-5504 (Cross-site scripting (XSS) vulnerability in index.php in Simple Machin ...)
	NOT-FOR-US: Simple Machines Forum
CVE-2006-5503 (Cross-site scripting (XSS) vulnerability in index.php in Simple Machin ...)
	NOT-FOR-US: Simple Machines Forum
CVE-2006-5502 (Heap-based buffer overflow in the AOL.PicDownloadCtrl.1 ActiveX contro ...)
	NOT-FOR-US: AOL Security Edition
CVE-2006-5501 (Buffer overflow in the AOL.PicDownloadCtrl.1 ActiveX control (YGPPicDo ...)
	NOT-FOR-US: AOL Security Edition
CVE-2006-5500 (Multiple SQL injection vulnerabilities in the checkUser function in in ...)
	NOT-FOR-US: XchangeBoard
CVE-2006-5499 (Multiple cross-site scripting (XSS) vulnerabilities in Serendipity (s9 ...)
	- serendipity 1.0.2-1
CVE-2006-5498 (Directory traversal vulnerability in themes/program/themesettings.inc. ...)
	NOT-FOR-US: Segue CMS
CVE-2006-5497 (PHP remote file inclusion vulnerability in themes/program/themesetting ...)
	NOT-FOR-US: Segue CMS
CVE-2006-5496 (Multiple cross-site scripting (XSS) vulnerabilities in Timothy Claason ...)
	NOT-FOR-US: Timothy Claason KnowledgeBank
CVE-2006-5495 (Multiple PHP remote file inclusion vulnerabilities in Trawler Web CMS  ...)
	NOT-FOR-US: Trawler Web CMS
CVE-2006-5494 (Multiple PHP remote file inclusion vulnerabilities in modules/My_eGall ...)
	NOT-FOR-US: pandaBB for PHP-Nuke
CVE-2006-5493 (PHP remote file inclusion vulnerability in template/purpletech/base_in ...)
	NOT-FOR-US: DigitalHive
CVE-2006-5492 (Unspecified vulnerability in Maerys Archive (Maarch) before 2.0.1 allo ...)
	NOT-FOR-US: Maarch
CVE-2006-5491 (Multiple SQL injection vulnerabilities in include/index.php in UltraCM ...)
	NOT-FOR-US: UltraCMS
CVE-2006-5490 (Multiple SQL injection vulnerabilities in Segue Content Management Sys ...)
	NOT-FOR-US: Segue CMS
CVE-2006-5489 (Research in Motion (RIM) BlackBerry Enterprise Server 4.1 SP2 before H ...)
	NOT-FOR-US: RIM BlackBerry Enterprise Server
CVE-2006-5488 (SQL injection vulnerability in XchangeBoard 1.70, and possibly earlier ...)
	NOT-FOR-US: XchangeBoard
CVE-2006-5487 (Directory traversal vulnerability in Marshal MailMarshal SMTP 5.x, 6.x ...)
	NOT-FOR-US: Marshal MailMarshal SMTP
CVE-2006-5486 (Cross-site scripting (XSS) vulnerability in Webmail in Sun Java System ...)
	NOT-FOR-US: Sun Java System Messaging Server
CVE-2006-5485 (Multiple PHP remote file inclusion vulnerabilities in SpeedBerg 1.2bet ...)
	NOT-FOR-US: SpeedBerg
CVE-2006-5484 (SSH Tectia Client/Server/Connector 5.1.0 and earlier, Manager 2.2.0 an ...)
	NOT-FOR-US: SSH Tectia
CVE-2006-5483 (p1003_1b.c in FreeBSD 6.1 allows local users to cause an unspecified d ...)
	- kfreebsd-5 <removed> (low)
	[etch] - kfreebsd-5 <no-dsa> (no security support for freebsd)
CVE-2006-5482 (ufs_vnops.c in FreeBSD 6.1 allows local users to cause an unspecified  ...)
	- kfreebsd-5 <removed> (low)
	[etch] - kfreebsd-5 <no-dsa> (no security support for freebsd)
CVE-2006-5481 (Multiple PHP remote file inclusion vulnerabilities in 2le.net Castor P ...)
	NOT-FOR-US: Castor
CVE-2006-5480 (PHP remote file inclusion vulnerability in lib/rs.php in 2le.net Casto ...)
	NOT-FOR-US: Castor
CVE-2006-5479 (The NCP Engine in Novell eDirectory before 8.7.3.8 FTF1 allows remote  ...)
	NOT-FOR-US: Novell eDirectory
CVE-2006-5478 (Multiple stack-based buffer overflows in Novell eDirectory 8.8.x befor ...)
	NOT-FOR-US: Novell eDirectory
CVE-2006-5477 (Drupal 4.6.x before 4.6.10 and 4.7.x before 4.7.4 allows form submissi ...)
	- drupal <not-affected> (Our version of drupal is too old)
CVE-2006-5476 (Cross-site request forgery (CSRF) vulnerability in Drupal 4.6.x before ...)
	- drupal <not-affected> (Our version of drupal is too old)
CVE-2006-5475 (Multiple cross-site scripting (XSS) vulnerabilities in the XML parser  ...)
	- drupal <not-affected> (Our version of drupal is too old)
CVE-2006-5474 (The "forgot password" function in OneOrZero Helpdesk before 1.6.5.4 ge ...)
	NOT-FOR-US: OneOrZero Helpdesk
CVE-2006-5473
	NOT-FOR-US: Softerra PHP Developer Library
CVE-2006-5472 (PHP remote file inclusion vulnerability in Softerra PHP Developer Libr ...)
	NOT-FOR-US: Softerra PHP Developer Library
CVE-2006-5471 (PHP remote file inclusion vulnerability in example/lib/grid3.lib.php i ...)
	NOT-FOR-US: Softerra PHP Developer Library
CVE-2006-5470
	REJECTED
CVE-2006-5469 (Unspecified vulnerability in the WBXML dissector in Wireshark (formerl ...)
	- wireshark 0.99.4-1 (bug #396258; medium)
CVE-2006-5468 (Unspecified vulnerability in the HTTP dissector in Wireshark (formerly ...)
	- wireshark 0.99.4-1 (bug #396258; medium)
CVE-2006-5467 (The cgi.rb CGI library for Ruby 1.8 allows remote attackers to cause a ...)
	{DSA-1235-1 DSA-1234-1}
	- ruby1.8 1.8.5-3 (low; bug #398457)
	- ruby1.9 1.9.0+20070606-1 (low)
	[etch] - ruby1.9 <no-dsa> (Minor issue)
CVE-2006-5466 (Heap-based buffer overflow in the showQueryPackage function in librpm  ...)
	- rpm 4.4.1-11 (low; bug #397076)
	[sarge] - rpm <no-dsa> (You need to trust the RPMs you're installing)
	NOTE: Only hypothetical, far-fetched attacks feasible
CVE-2006-5465 (Buffer overflow in PHP before 5.2.0 allows remote attackers to execute ...)
	{DSA-1206-1}
	- php4 4:4.4.4-4 (high; bug #396764)
	- php5 5.1.6-6 (high; bug #396766)
CVE-2006-5464 (Multiple unspecified vulnerabilities in the layout engine in Mozilla F ...)
	{DSA-1227-1 DSA-1225-1 DSA-1224-1}
	NOTE: MFSA-2006-65
	- firefox 45.0-1 (low)
	- firefox-esr 45.0esr-1 (low)
	- iceweasel 2.0+dfsg-1 (low)
	- icedove 1.5.0.8-1 (low)
	- mozilla <removed> (low)
	- xulrunner 1.8.0.8-1 (low)
CVE-2006-5463 (Unspecified vulnerability in Mozilla Firefox before 1.5.0.8, Thunderbi ...)
	{DSA-1227-1 DSA-1225-1 DSA-1224-1}
	NOTE: MFSA-2006-67
	- firefox 45.0-1 (high)
	- firefox-esr 45.0esr-1 (high)
	- iceweasel 2.0+dfsg-1 (high)
	- icedove 1.5.0.8-1 (medium)
	- mozilla <removed> (high)
	- xulrunner 1.8.0.8-1 (high)
CVE-2006-5462 (Mozilla Network Security Service (NSS) library before 3.11.3, as used  ...)
	{DSA-1227-1 DSA-1225-1 DSA-1224-1}
	NOTE: MFSA-2006-66
	NOTE: this is the similar to CVE-2006-4339, see also CVE-2006-4340
	NOTE: the fixes for CVE-2006-4340 were incomplete
	- firefox 45.0-1 (high)
	- firefox-esr 45.0esr-1 (high)
	- iceweasel 2.0+dfsg-1 (high)
	- icedove 1.5.0.8-1 (medium)
	- mozilla <removed> (high)
	- xulrunner 1.8.0.8-1 (high)
CVE-2006-5461 (Avahi before 0.6.15 does not verify the sender identity of netlink mes ...)
	- avahi 0.6.15-1 (low)
CVE-2006-XXXX [diffmon information leakage]
	- diffmon 20020222-2.2 (bug #382132)
CVE-2006-5460
	NOT-FOR-US: phpht Topsites
CVE-2006-5459 (Multiple PHP remote file inclusion vulnerabilities in Download-Engine  ...)
	NOT-FOR-US: Download-Engine
CVE-2006-5458 (PHP remote file inclusion vulnerability in common.php in Hinton Design ...)
	NOT-FOR-US: phpht Topsites
CVE-2006-5457 (Multiple cross-site scripting (XSS) vulnerabilities in the registratio ...)
	NOT-FOR-US: Casino Script (Masvet)
CVE-2006-5456 (Multiple buffer overflows in GraphicsMagick before 1.1.7 and ImageMagi ...)
	{DSA-1213}
	- graphicsmagick 1.1.7-9 (medium)
	- imagemagick 7:6.2.4.5.dfsg1-0.11 (bug #393025)
CVE-2006-5455 (Cross-site request forgery (CSRF) vulnerability in editversions.cgi in ...)
	- bugzilla 2.22.1-1 (bug #395094; low)
	[sarge] - bugzilla <no-dsa> (CSRF infrastructure not present, too intrusive to backport)
CVE-2006-5454 (Bugzilla 2.18.x before 2.18.6, 2.20.x before 2.20.3, 2.22.x before 2.2 ...)
	- bugzilla 2.22.1-1 (bug #395094; low)
	[sarge] - bugzilla <not-affected> (Vulnerable code not present)
CVE-2006-5453 (Multiple cross-site scripting (XSS) vulnerabilities in Bugzilla 2.18.x ...)
	{DSA-1208-1}
	- bugzilla 2.22.1-1 (bug #395094; low)
CVE-2006-5452 (Buffer overflow in dtmail on HP Tru64 UNIX 4.0F through 5.1B and HP-UX ...)
	NOT-FOR-US: HP Tru64
CVE-2006-5451 (Multiple cross-site scripting (XSS) vulnerabilities in TorrentFlux 2.1 ...)
	- torrentflux 2.1-5 (bug #395099; low)
CVE-2006-5450 (SQL injection vulnerability in index.asp in Kinesis Interactive Cinema ...)
	NOT-FOR-US: Kinesis Interactive Cinema System (KICS) CMS
CVE-2006-5449 (procmail in Ingo H3 before 1.1.2 Horde module allows remote authentica ...)
	{DSA-1204-1}
	- ingo1 1.1.2-1 (bug #396099)
CVE-2006-5448 (The drmstor.dll ActiveX object in Microsoft Windows Digital Rights Man ...)
	NOT-FOR-US: Microsoft
CVE-2006-5447 (Cross-site scripting (XSS) vulnerability in index.php in DEV Web Manag ...)
	NOT-FOR-US: DEV Web Management System (WMS)
CVE-2006-5446 (SQL injection vulnerability in lobby/config.php in Casinosoft Casino S ...)
	NOT-FOR-US: Casinosoft Casino Script (aka Masvet)
CVE-2006-5445 (Unspecified vulnerability in the SIP channel driver (channels/chan_sip ...)
	- asterisk 1:1.2.13~dfsg-1 (medium; bug #395080)
CVE-2006-5444 (Integer overflow in the get_input function in the Skinny channel drive ...)
	{DSA-1229-1}
	- asterisk 1:1.2.13~dfsg-1 (medium; bug #395080; bug #394025)
CVE-2006-5443 (Unspecified vulnerability in XIAO Gang WWW Interactive Mathematics Ser ...)
	- wims 3.60-1 (bug #395102)
CVE-2006-5442 (ViewVC 1.0.2 and earlier does not specify a charset in its HTTP header ...)
	- viewvc 1.0.3-1 (medium; bug #397669)
CVE-2006-5441 (PHP remote file inclusion vulnerability in adminfoot.php in Comdev Web ...)
	NOT-FOR-US: Comdev Web Blogger
CVE-2006-5440 (PHP remote file inclusion vulnerability in adminfoot.php in Comdev For ...)
	NOT-FOR-US: Comdev Web Blogger
CVE-2006-5439 (PHP remote file inclusion vulnerability in adminfoot.php in Comdev Mis ...)
	NOT-FOR-US: Comdev Web Blogger
CVE-2006-5438 (PHP remote file inclusion vulnerability in adminfoot.php in Comdev For ...)
	NOT-FOR-US: Comdev Web Blogger
CVE-2006-5437
	NOT-FOR-US: phpAdsNew
CVE-2006-5436 (PHP remote file inclusion vulnerability in index.php in FreeFAQ 1.0.e  ...)
	NOT-FOR-US: FreeFAQ
CVE-2006-5435
	- phpbb2 <not-affected> (not vulnerable)
CVE-2006-5434 (PHP remote file inclusion vulnerability in p-news.php in P-News 1.16 a ...)
	NOT-FOR-US: P-News
CVE-2006-5433 (PHP remote file inclusion vulnerability in modules/guestbook/index.php ...)
	NOT-FOR-US: ALiCE-CMS
CVE-2006-5432 (Multiple direct static code injection vulnerabilities in db/txt.inc.ph ...)
	NOT-FOR-US: phpPowerCards
CVE-2006-5431 (PHP remote file inclusion vulnerability in gorum/dbproperty.php in PHP ...)
	NOT-FOR-US: PHPOutsourcing Zorum
CVE-2006-5430 (Cross-site scripting (XSS) vulnerability in the search functionality i ...)
	NOT-FOR-US: db-central (dbc) Enterprise CMS
CVE-2006-5429 (Multiple PHP remote file inclusion vulnerabilities in Barry Nauta BRIM ...)
	NOT-FOR-US: BRIM
CVE-2006-5428 (rpc.php in Cerberus Helpdesk 3.2.1 does not verify a client's privileg ...)
	NOT-FOR-US: Cerberus Helpdesk
CVE-2006-5427 (PHP remote file inclusion vulnerability in plugins/main.php in Php AMX ...)
	NOT-FOR-US: Php AMX
CVE-2006-5426 (PHP remote file inclusion vulnerability in lib/lcUser.php in LoCal Cal ...)
	NOT-FOR-US: LoCal Calendar System
CVE-2006-5425 (XORP (eXtensible Open Router Platform) 1.2 and 1.3 allows remote attac ...)
	NOT-FOR-US: XORP (eXtensible Open Router Platform)
CVE-2006-5424 (Unspecified vulnerability in Justsystem Ichitaro 2006, 2006 trial vers ...)
	NOT-FOR-US: Justsystem Ichitaro
CVE-2006-5423 (PHP remote file inclusion vulnerability in admin/admin_module.php in L ...)
	NOT-FOR-US: Lou Portail
CVE-2006-5422 (PHP remote file inclusion vulnerability in calcul-page.php in Lodel (p ...)
	NOT-FOR-US: Lodel
CVE-2006-5421 (WSN Forum 1.3.4 and earlier allows remote attackers to execute arbitra ...)
	NOT-FOR-US: WSN Forum
CVE-2006-5420 (Kerio WinRoute Firewall 6.2.2 and earlier allows remote attackers to c ...)
	NOT-FOR-US: Kerio WinRoute Firewall
CVE-2006-5419 (PHP remote file inclusion vulnerability in client.php in University of ...)
	NOT-FOR-US: Specimen Image Database (SID)
CVE-2006-5418 (PHP remote file inclusion vulnerability in archive/archive_topic.php i ...)
	NOT-FOR-US: pbpbb archive for search engines (SearchIndexer) (aka phpBBSEI) for phpBB
CVE-2006-5417 (McAfee Network Agent (mcnasvc.exe) 1.0.178.0, as used by multiple McAf ...)
	NOT-FOR-US: McAfee
CVE-2006-5416 (Cross-site scripting (XSS) vulnerability in my.acctab.php3 in F5 Netwo ...)
	NOT-FOR-US: F5
CVE-2006-5415 (PHP remote file inclusion vulnerability in includes/functions_newshr.p ...)
	NOT-FOR-US: News Defilante Horizontale
CVE-2006-5414 (Barry Nauta BRIM before 1.2.1 allows remote authenticated users to rea ...)
	NOT-FOR-US: Barry Nauta BRIM
CVE-2006-5413 (Multiple PHP remote file inclusion vulnerabilities in SuperMod 3.0.0 f ...)
	NOT-FOR-US: SuperMod for YABB (YaBBSM)
CVE-2006-5412 (admin.php in PHP Outburst Easynews 4.4.1 and earlier, when register_gl ...)
	NOT-FOR-US: PHP Outburst Easynews
CVE-2006-5411 (Unrestricted file upload vulnerability in upload.php for Free Web Publ ...)
	NOT-FOR-US: Free Web Publishing System (FreeWPS)
CVE-2006-5410 (PHP remote file inclusion vulnerability in templates/tmpl_dfl/scripts/ ...)
	NOT-FOR-US: BoonEx Dolphin
CVE-2006-5409 (Multiple SQL injection vulnerabilities in the wireless IDS management  ...)
	NOT-FOR-US: Highwall Enterprise and Highwall Endpoint
CVE-2006-5408 (Multiple cross-site scripting (XSS) vulnerabilities in the wireless ID ...)
	NOT-FOR-US: Highwall Enterprise and Highwall Endpoint
CVE-2006-5407 (PHP remote file inclusion vulnerability in open_form.php in osTicket a ...)
	NOT-FOR-US: osTicket
CVE-2006-5406 (Passgo Defender 5.2 creates the application directory with insecure pe ...)
	NOT-FOR-US: Passgo Defender
CVE-2006-5405 (Unspecified vulnerability in Toshiba Bluetooth wireless device driver  ...)
	NOT-FOR-US: Toshiba Bluetooth wireless device driver
CVE-2006-5404 (Unspecified vulnerability in an ActiveX control used in Symantec Autom ...)
	NOT-FOR-US: Symantec
CVE-2006-5403 (Stack-based buffer overflow in an ActiveX control used in Symantec Aut ...)
	NOT-FOR-US: Symantec
CVE-2006-5402 (Multiple PHP remote file inclusion vulnerabilities in PHPmybibli 3.0.1 ...)
	NOT-FOR-US: PHPMyBibli
CVE-2006-5401 (PHP remote file inclusion vulnerability in template/barnraiser_01/p_ne ...)
	NOT-FOR-US: AROUNDMe
CVE-2006-5400 (PHP remote file inclusion vulnerability in forum/track.php in CyberBra ...)
	NOT-FOR-US: CyberBrau
CVE-2006-5399 (PHP remote file inclusion vulnerability in classes/Import_MM.class.php ...)
	NOT-FOR-US: PHPRecipeBook
CVE-2006-5398 (SQL injection vulnerability in comments.php in Simplog 0.9.3.1 allows  ...)
	NOT-FOR-US: Simplog
CVE-2006-5397 (The Xinput module (modules/im/ximcp/imLcIm.c) in X.Org libX11 1.0.2 an ...)
	- libx11 2:1.0.3-3 (low; bug #398460)
CVE-2006-5396 (The tcp_fuse_rcv_drain function in the Sun Solaris 10 kernel before 20 ...)
	NOT-FOR-US: Sun Solaris
CVE-2006-5395 (Buffer overflow in Microsoft Class Package Export Tool (aka clspack.ex ...)
	NOT-FOR-US: Microsoft
CVE-2006-5394 (The default configuration of Cisco Secure Desktop (CSD) has an uncheck ...)
	NOT-FOR-US: Cisco
CVE-2006-5393 (Cisco Secure Desktop (CSD) does not require that the ClearPageFileAtSh ...)
	NOT-FOR-US: Cisco
CVE-2006-5392 (Multiple PHP remote file inclusion vulnerabilities in OpenDock FullCor ...)
	NOT-FOR-US: OpenDock FullCore
CVE-2006-5391 (Xfire 1.64 and earlier allows remote attackers to cause a denial of se ...)
	NOT-FOR-US: Xfire
CVE-2006-5390 (PHP remote file inclusion vulnerability in includes/functions_mod_user ...)
	NOT-FOR-US: ACP User Registration (MMW) module for phpBB
CVE-2006-5389 (tools/tellhim.php in PHP-Wyana allows remote attackers to obtain sensi ...)
	NOT-FOR-US: PHP-Wyana
CVE-2006-5388 (SQL injection vulnerability in index.php in WebSPELL 4.01.01 and earli ...)
	NOT-FOR-US: WebSPELL
CVE-2006-5387 (PHP remote file inclusion vulnerability in mods/iai/includes/constants ...)
	NOT-FOR-US: PlusXL phpBB module
CVE-2006-5386 (PHP remote file inclusion vulnerability in process.php in NuralStorm W ...)
	NOT-FOR-US: NuralStorm Webmail
CVE-2006-5385 (PHP remote file inclusion vulnerability in admin/admin_spam.php in the ...)
	NOT-FOR-US: SpamOborona phpBB module
CVE-2006-5384 (PHP remote file inclusion vulnerability in modification/SendAlertEmail ...)
	NOT-FOR-US: CDS Agenda
CVE-2006-5383 (SQL injection vulnerability in comadd.php in Def-Blog 1.0.1 and earlie ...)
	NOT-FOR-US: Def-Blog
CVE-2006-5382 (3Com Switch SS3 4400 switches, firmware 5.11, 6.00 and 6.10 and earlie ...)
	NOT-FOR-US: 3Com
CVE-2006-XXXX [unspecified steam cache vulnerability]
	- steam <not-affected> (affects the old steam environment for corporate knowledge management package shipped in lenny and before, not the new Valve steam package)
CVE-2006-5381 (Contenido CMS stores sensitive data under the web root with insufficie ...)
	NOT-FOR-US: Contenido CMS
CVE-2006-5380
	NOT-FOR-US: Contenido CMS
CVE-2006-5379 (The accelerated rendering functionality of NVIDIA Binary Graphics Driv ...)
	- nvidia-graphics-drivers 1.0.8776-1 (bug #393573)
	[sarge] - nvidia-graphics-drivers <not-affected> (1.0.7174 not affected)
	NOTE: see http://nvidia.custhelp.com/cgi-bin/nvidia.cfg/php/enduser/std_adp.php?p_faqid=1971
CVE-2006-5378 (Unspecified vulnerability in JD Edwards HTML Server in JD Edwards Ente ...)
	NOT-FOR-US: EnterpriseOne
CVE-2006-5377 (Unspecified vulnerability in PeopleSoft component in Oracle PeopleSoft ...)
	NOT-FOR-US: PeopleSoft
CVE-2006-5376 (Multiple unspecified vulnerabilities in PeopleTools component in Oracl ...)
	NOT-FOR-US: PeopleSoft
CVE-2006-5375 (Multiple unspecified vulnerabilities in PeopleTools component in Oracl ...)
	NOT-FOR-US: PeopleSoft
CVE-2006-5374 (Unspecified vulnerability in Oracle Pharmaceutical Applications 4.5.1  ...)
	NOT-FOR-US: Oracle
CVE-2006-5373 (Unspecified vulnerability in Oracle Install Base component in Oracle E ...)
	NOT-FOR-US: Oracle
CVE-2006-5372 (Multiple unspecified vulnerabilities in Oracle E-Business Suite 11.5.1 ...)
	NOT-FOR-US: Oracle
CVE-2006-5371 (Unspecified vulnerability in Oracle Email Center component in Oracle E ...)
	NOT-FOR-US: Oracle
CVE-2006-5370 (Multiple unspecified vulnerabilities in Oracle E-Business Suite 11.5.1 ...)
	NOT-FOR-US: Oracle
CVE-2006-5369 (Unspecified vulnerability in Oracle Application Object Library in Orac ...)
	NOT-FOR-US: Oracle
CVE-2006-5368 (Unspecified vulnerability in Oracle Exchange component in Oracle E-Bus ...)
	NOT-FOR-US: Oracle
CVE-2006-5367 (Multiple unspecified vulnerabilities in Oracle E-Business Suite 11.5.7 ...)
	NOT-FOR-US: Oracle
CVE-2006-5366 (Multiple unspecified vulnerabilities in Oracle Collaboration Suite 9.0 ...)
	NOT-FOR-US: Oracle
CVE-2006-5365 (Unspecified vulnerability in Oracle Forms in Oracle Application Server ...)
	NOT-FOR-US: Oracle
CVE-2006-5364 (Unspecified vulnerability in Oracle Containers for J2EE component in O ...)
	NOT-FOR-US: Oracle
CVE-2006-5363 (Unspecified vulnerability in Oracle Single Sign-On component in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2006-5362 (Unspecified vulnerability in Oracle Containers for J2EE component in O ...)
	NOT-FOR-US: Oracle
CVE-2006-5361 (Unspecified vulnerability in Oracle Containers for J2EE in Oracle Appl ...)
	NOT-FOR-US: Oracle
CVE-2006-5360 (Unspecified vulnerability in Oracle Forms component in Oracle Applicat ...)
	NOT-FOR-US: Oracle
CVE-2006-5359 (Multiple unspecified vulnerabilities in Oracle Reports Developer compo ...)
	NOT-FOR-US: Oracle
CVE-2006-5358 (Unspecified vulnerability in Oracle Forms component in Oracle Applicat ...)
	NOT-FOR-US: Oracle
CVE-2006-5357 (Unspecified vulnerability in Oracle HTTP Server component in Oracle Ap ...)
	NOT-FOR-US: Oracle
CVE-2006-5356 (Unspecified vulnerability in Oracle Containers for J2EE component in O ...)
	NOT-FOR-US: Oracle
CVE-2006-5355 (Unspecified vulnerability in Oracle Single Sign-On component in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2006-5354 (Unspecified vulnerability in Oracle HTTP Server 9.2.0.7 and 10.1.0.5,  ...)
	NOT-FOR-US: Oracle
CVE-2006-5353 (Unspecified vulnerability in Oracle HTTP Server component in Oracle Ap ...)
	NOT-FOR-US: Oracle
CVE-2006-5352 (Multiple unspecified vulnerabilities in Oracle Application Express 1.5 ...)
	NOT-FOR-US: Oracle
CVE-2006-5351 (Multiple unspecified vulnerabilities in Oracle Application Express (fo ...)
	NOT-FOR-US: Oracle
CVE-2006-5350 (Unspecified vulnerability in Oracle HTTP Server 9.2.0.7 and Oracle E-B ...)
	NOT-FOR-US: Oracle
CVE-2006-5349 (Unspecified vulnerability in Oracle HTTP Server 9.2.0.7, when running  ...)
	NOT-FOR-US: Oracle
CVE-2006-5348 (Unspecified vulnerability in Oracle HTTP Server 9.2.0.7, Oracle Collab ...)
	NOT-FOR-US: Oracle
CVE-2006-5347 (Unspecified vulnerability in Oracle HTTP Server 9.2.0.7 and Oracle Col ...)
	NOT-FOR-US: Oracle
CVE-2006-5346 (Unspecified vulnerability in Oracle HTTP Server 9.2.0.7, as used in Or ...)
	NOT-FOR-US: Oracle
CVE-2006-5345 (Unspecified vulnerability in Oracle Spatial component in Oracle Databa ...)
	NOT-FOR-US: Oracle
CVE-2006-5344 (Multiple unspecified vulnerabilities in Oracle Spatial component in Or ...)
	NOT-FOR-US: Oracle
CVE-2006-5343 (Unspecified vulnerability in Database Scheduler component in Oracle Da ...)
	NOT-FOR-US: Oracle
CVE-2006-5342 (Unspecified vulnerability in Oracle Spatial component in Oracle Databa ...)
	NOT-FOR-US: Oracle
CVE-2006-5341 (Multiple unspecified vulnerabilities in XMLDB component in Oracle Data ...)
	NOT-FOR-US: Oracle
CVE-2006-5340 (Multiple unspecified vulnerabilities in Oracle Spatial component in Or ...)
	NOT-FOR-US: Oracle
CVE-2006-5339 (Unspecified vulnerability in Oracle Spatial component in Oracle Databa ...)
	NOT-FOR-US: Oracle
CVE-2006-5338 (Unspecified vulnerability in the Core RDBMS component in Oracle Databa ...)
	NOT-FOR-US: Oracle
CVE-2006-5337 (Unspecified vulnerability in the Core RDBMS component in Oracle Databa ...)
	NOT-FOR-US: Oracle
CVE-2006-5336 (Multiple unspecified vulnerabilities in the Change Data Capture (CDC)  ...)
	NOT-FOR-US: Oracle
CVE-2006-5335 (Multiple unspecified vulnerabilities in Oracle Database 10.1.0.5 and 1 ...)
	NOT-FOR-US: Oracle
CVE-2006-5334 (Unspecified vulnerability in Oracle Spatial component in Oracle Databa ...)
	NOT-FOR-US: Oracle
CVE-2006-5333 (Unspecified vulnerability in Oracle Spatial component in Oracle Databa ...)
	NOT-FOR-US: Oracle
CVE-2006-5332 (Unspecified vulnerability in xdb.dbms_xdbz in the XMLDB component for  ...)
	NOT-FOR-US: Oracle
CVE-2006-5331 (The altivec_unavailable_exception function in arch/powerpc/kernel/trap ...)
	- linux <not-affected> (Fixed before src:linux-2.6 -> src:linux rename)
	NOTE: Fixed by: https://git.kernel.org/linus/6c4841c2b6c32a134f9f36e5e08857138cc12b10 (2.6.19-rc3)
	NOTE: https://bugzilla.suse.com/show_bug.cgi?id=213229
CVE-2006-5330 (CRLF injection vulnerability in Adobe Flash Player plugin 9.0.16 and e ...)
	- flashplugin-nonfree 9.0.31.0.1 (bug #402822; medium)
	NOTE: It is not clear if this is already fix in 9.0.21.78.X (previous version)
	NOTE: or not but it's fix in 9.0.31.0.1 for sure.
	[sarge] - flashplugin-nonfree <no-dsa> (Contrib not supported, only installer package)
	[etch] - flashplugin-nonfree <no-dsa> (Contrib not supported, only installer package)
CVE-2006-5329
	REJECTED
CVE-2006-5328 (OpenBase SQL 10.0 and earlier, as used in Apple Xcode 2.2 2.2 and earl ...)
	NOT-FOR-US: OpenBase SQL
CVE-2006-5327 (Untrusted search path vulnerability in OpenBase SQL 10.0 and earlier,  ...)
	NOT-FOR-US: OpenBase SQL
CVE-2006-5326 (PHP remote file inclusion vulnerability in language/lang/lang_contact_ ...)
	NOT-FOR-US: Prillian French module for phpBB
CVE-2006-5325 (Multiple PHP remote file inclusion vulnerabilities in Dimitri Seitz Se ...)
	NOT-FOR-US: dwingmods for phpBB
CVE-2006-5324 (The Web Services Notification (WSN) security component of IBM WebSpher ...)
	NOT-FOR-US: IBM WebSphere
CVE-2006-5323 (Unspecified vulnerability in IBM WebSphere Application Server before 6 ...)
	NOT-FOR-US: IBM WebSphere
CVE-2006-5322 (Multiple SQL injection vulnerabilities in phplist before 2.10.3 allow  ...)
	- phplist <itp> (bug #612288)
CVE-2006-5321 (Multiple cross-site scripting (XSS) vulnerabilities in phplist before  ...)
	- phplist <itp> (bug #612288)
CVE-2006-5320 (Directory traversal vulnerability in getimg.php in Album Photo Sans No ...)
	NOT-FOR-US: Album Photo Sans Nom
CVE-2006-5319 (Directory traversal vulnerability in redir.php in Foafgen 0.3 allows r ...)
	NOT-FOR-US: Foafgen
CVE-2006-5318 (PHP remote file inclusion vulnerability in index.php in Nayco JASmine  ...)
	NOT-FOR-US: Nayco JASmine
CVE-2006-5317 (PHP remote file inclusion vulnerability in index.php in eboli allows r ...)
	NOT-FOR-US: eboli
CVE-2006-5316 (registroTL stores sensitive information under the web root with insuff ...)
	NOT-FOR-US: registroTL
CVE-2006-5315 (PHP remote file inclusion vulnerability in main.php in registroTL allo ...)
	NOT-FOR-US: registroTL
CVE-2006-5314 (PHP remote file inclusion vulnerability in ftag.php in TribunaLibre 3. ...)
	NOT-FOR-US: TribunaLibre
CVE-2006-5313 (Hastymail 1.5 and earlier before 20061008 allows remote authenticated  ...)
	- hastymail <removed>
CVE-2006-5312 (PHP remote file inclusion vulnerability in shoutbox.php in the Ajax Sh ...)
	NOT-FOR-US: Ajax Shoutbox
CVE-2006-5311 (PHP remote file inclusion vulnerability in includes/archive/archive_to ...)
	NOT-FOR-US: Buzlas
CVE-2006-5310 (PHP remote file inclusion vulnerability in common/visiteurs/include/me ...)
	NOT-FOR-US: phpMyConferences
CVE-2006-5309 (PHP remote file inclusion vulnerability in language/lang_french/lang_p ...)
	NOT-FOR-US: Prillian French module for phpBB
CVE-2006-5308 (Multiple PHP remote file inclusion vulnerabilities in Open Conference  ...)
	NOT-FOR-US: Open Conference Systems
CVE-2006-5307 (Multiple PHP remote file inclusion vulnerabilities in AFGB GUESTBOOK 2 ...)
	NOT-FOR-US: AFGB GUESTBOOK
CVE-2006-5306 (Multiple PHP remote file inclusion vulnerabilities in the Journals Sys ...)
	NOT-FOR-US: Journals System module for phpBB
CVE-2006-5305 (PHP remote file inclusion vulnerability in lat2cyr.php in the lat2cyr  ...)
	NOT-FOR-US: lat2cyr
CVE-2006-5304 (PHP remote file inclusion vulnerability in inc/settings.php in IncCMS  ...)
	NOT-FOR-US: IncCMS Core
CVE-2006-5303 (Secure Computing SafeWord RemoteAccess 2.1 allows local users to obtai ...)
	NOT-FOR-US: Secure Computing SafeWord RemoteAccess
CVE-2006-5302 (Multiple PHP remote file inclusion vulnerabilities in Redaction System ...)
	NOT-FOR-US: Redaction System
CVE-2006-5301 (PHP remote file inclusion vulnerability in includes/antispam.php in th ...)
	NOT-FOR-US: SpamBlockerMODv module for phpBB
CVE-2006-5300 (Unspecified vulnerability in HP Version Control Agent before 2.1.5 all ...)
	NOT-FOR-US: HP
CVE-2006-5299 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in Gc ...)
	NOT-FOR-US: Gcontact
CVE-2006-5298 (The mutt_adv_mktemp function in the Mutt mail client 1.5.12 and earlie ...)
	- mutt 1.5.13-1.1 (bug #396104; low)
	[sarge] - mutt <no-dsa> (Minor issue, tmp dirs on NFS cause problems in many scenarios)
CVE-2006-5297 (Race condition in the safe_open function in the Mutt mail client 1.5.1 ...)
	- mutt 1.5.13-1.1 (bug #396104; low)
	[sarge] - mutt <no-dsa> (Minor issue, tmp dirs on NFS cause problems in many scenarios)
CVE-2006-5296 (PowerPoint in Microsoft Office 2003 does not properly handle a contain ...)
	NOT-FOR-US: Microsoft
CVE-2006-5294 (Cross-site scripting (XSS) vulnerability in index.php in phplist befor ...)
	- phplist <itp> (bug #612288)
CVE-2006-5293 (Cross-site scripting (XSS) vulnerability in index.php in PhpOutsourcin ...)
	NOT-FOR-US: PhpOutsourcing Noah's Classifieds
CVE-2006-5292 (PHP remote file inclusion vulnerability in photo_comment.php in Exhibi ...)
	NOT-FOR-US: Exhibit Engine
CVE-2006-5291 (PHP remote file inclusion vulnerability in admin/includes/spaw/spaw_co ...)
	NOT-FOR-US: Download-Engine
CVE-2006-5290 (The ESS/ Network Controller and MicroServer Web Server components of X ...)
	NOT-FOR-US: Xerox WorkCentre
CVE-2006-5289 (Multiple PHP remote file inclusion vulnerabilities in Vtiger CRM 4.2 a ...)
	NOT-FOR-US: Vtiger CRM
CVE-2006-5288 (Cisco 2700 Series Wireless Location Appliances before 2.1.34.0 have a  ...)
	NOT-FOR-US: Cisco
CVE-2006-5287 (Multiple SQL injection vulnerabilities in sign.php in Xeobook 0.93 all ...)
	NOT-FOR-US: Xeobook
CVE-2006-5286 (Unspecified vulnerability in IKE.NLM in Novell BorderManager 3.8 allow ...)
	NOT-FOR-US: Novell BorderManager
CVE-2006-5285 (SQL injection vulnerability in index.php in XeoPort 0.81, and possibly ...)
	NOT-FOR-US: XeoPort
CVE-2006-5284 (PHP remote file inclusion vulnerability in auth/phpbb.inc.php in Shen  ...)
	NOT-FOR-US: PHP News Reader (aka pnews)
CVE-2006-5283 (PHP remote file inclusion vulnerability in ftag.php in Minichat 6.0 al ...)
	NOT-FOR-US: Minichat
CVE-2006-5282 (Multiple PHP remote file inclusion vulnerabilities in SH-News 3.1 and  ...)
	NOT-FOR-US: SH-News
CVE-2006-5281 (PHP remote file inclusion vulnerability in naboard_pnr.php in n@board  ...)
	NOT-FOR-US: n@board
CVE-2006-5280 (PHP remote file inclusion vulnerability in includes/import-archive.php ...)
	NOT-FOR-US: communityPortals
CVE-2006-5279
	RESERVED
CVE-2006-5278 (Integer overflow in the Real-Time Information Server (RIS) Data Collec ...)
	NOT-FOR-US: Cisco
CVE-2006-5277 (Off-by-one error in the Certificate Trust List (CTL) Provider service  ...)
	NOT-FOR-US: Cisco
CVE-2006-5276 (Stack-based buffer overflow in the DCE/RPC preprocessor in Snort befor ...)
	- snort <not-affected> (snort versions 2.3.x do not contain the DCE RPC preprocessor)
CVE-2006-5275
	RESERVED
CVE-2006-5274 (Integer overflow in McAfee ePolicy Orchestrator 3.5 through 3.6.1, Pro ...)
	NOT-FOR-US: McAfee
CVE-2006-5273 (Heap-based buffer overflow in McAfee ePolicy Orchestrator 3.5 through  ...)
	NOT-FOR-US: McAfee
CVE-2006-5272 (Stack-based buffer overflow in McAfee ePolicy Orchestrator 3.5 through ...)
	NOT-FOR-US: McAfee
CVE-2006-5271 (Integer underflow in McAfee ePolicy Orchestrator 3.5 through 3.6.1, Pr ...)
	NOT-FOR-US: McAfee
CVE-2006-5270 (Integer overflow in the Microsoft Malware Protection Engine (mpengine. ...)
	NOT-FOR-US: Microsoft
CVE-2006-5269 (Heap-based buffer overflow in an unspecified procedure in Trend Micro  ...)
	NOT-FOR-US: Trend Micro
CVE-2006-5268 (Unspecified vulnerability in Trend Micro ServerProtect 5.7 and 5.58 al ...)
	NOT-FOR-US: Trend Micro
CVE-2006-5267
	RESERVED
CVE-2006-5266 (Multiple buffer overflows in Microsoft Dynamics GP (formerly Great Pla ...)
	NOT-FOR-US: Microsoft issue
CVE-2006-5265 (Unspecified vulnerability in Microsoft Dynamics GP (formerly Great Pla ...)
	NOT-FOR-US: Microsoft issue
CVE-2006-5264 (Cross-site scripting (XSS) vulnerability in sql.php in MysqlDumper 1.2 ...)
	NOT-FOR-US: MysqlDumper
CVE-2006-5263 (Directory traversal vulnerability in templates/header.php3 in phpMyAge ...)
	NOT-FOR-US: phpMyAgenda
CVE-2006-5262 (CRLF injection vulnerability in lib/session.php in Hastymail 1.5 and e ...)
	- hastymail <removed>
CVE-2006-5261 (Multiple PHP remote file inclusion vulnerabilities in PHPMyNews 1.4 an ...)
	NOT-FOR-US: PHPMyNews
CVE-2006-5260 (PHP remote file inclusion vulnerability in compteur.php in Compteur 2  ...)
	NOT-FOR-US: Compteur 2
CVE-2006-5259 (PHP remote file inclusion vulnerability in param_editor.php in Compteu ...)
	NOT-FOR-US: Compteur 2
CVE-2006-5258 (The spell checking component of (1) Asbru Web Content Management befor ...)
	NOT-FOR-US: Asbru Web Content Management
CVE-2006-5257 (PHP remote file inclusion vulnerability in modules/forum/include/confi ...)
	NOT-FOR-US: Ciamos Content Management System
CVE-2006-5256 (PHP remote file inclusion vulnerability in claroline/inc/lib/import.li ...)
	NOT-FOR-US: Claroline
CVE-2006-5255
	NOT-FOR-US: gCards
CVE-2006-5254 (PHP remote file inclusion vulnerability in registration_detailed.inc.p ...)
	NOT-FOR-US: Detailed User Registration (com_registration_detailed), aka regdetailed
CVE-2006-5253 (PHP remote file inclusion vulnerability in strload.php in Dayana Netwo ...)
	NOT-FOR-US: phpOnline (aka PHP-Online)
CVE-2006-5252 (PHP remote file inclusion vulnerability in includes/core.lib.php in We ...)
	NOT-FOR-US: Webmedia Explorer
CVE-2006-5251 (PHP remote file inclusion vulnerability in index.php in Deep CMS 2.0a  ...)
	NOT-FOR-US: Deep CMS
CVE-2006-5250 (PHP remote file inclusion vulnerability in lib/googlesearch/GoogleSear ...)
	NOT-FOR-US: BlueShoes
CVE-2006-5249 (PHP remote file inclusion vulnerability in tagmin/delTagUser.php in Ta ...)
	NOT-FOR-US: TagIt! Tagboard
CVE-2006-5248 (Eazy Cart stores sensitive information under the web root with insuffi ...)
	NOT-FOR-US: Eazy Cart
CVE-2006-5247 (Multiple cross-site scripting (XSS) vulnerabilities in Eazy Cart allow ...)
	NOT-FOR-US: Eazy Cart
CVE-2006-5246 (Eazy Cart allows remote attackers to change prices and other critical  ...)
	NOT-FOR-US: Eazy Cart
CVE-2006-5245 (Eazy Cart allows remote attackers to bypass authentication and gain ad ...)
	NOT-FOR-US: Eazy Cart
CVE-2006-5244 (Multiple PHP remote file inclusion vulnerabilities in OpenDock Easy Bl ...)
	NOT-FOR-US: Easy Blog
CVE-2006-5243 (Multiple PHP remote file inclusion vulnerabilities in OpenDock Easy Do ...)
	NOT-FOR-US: Easy Blog
CVE-2006-5242 (SQL injection vulnerability in Etomite Content Management System (CMS) ...)
	NOT-FOR-US: Etomite Content Management System
CVE-2006-5241 (Multiple PHP remote file inclusion vulnerabilities in OpenDock Easy Ga ...)
	NOT-FOR-US: Easy Gallery
CVE-2006-5240 (PHP remote file inclusion vulnerability in engine/require.php in Docmi ...)
	NOT-FOR-US: Docmint
CVE-2006-5239 (Multiple cross-site scripting (XSS) vulnerabilities in eXpBlog 0.3.5 a ...)
	NOT-FOR-US: eXpBlog
CVE-2006-5238 (Unspecified vulnerability in the file upload module in Blue Smiley Org ...)
	NOT-FOR-US: Blue Smiley Organizer
CVE-2006-5237 (SQL injection vulnerability in Blue Smiley Organizer before 4.46 allow ...)
	NOT-FOR-US: Blue Smiley Organizer
CVE-2006-5236 (SQL injection vulnerability in search.php in 4images 1.7.x allows remo ...)
	NOT-FOR-US: 4images
CVE-2006-5235 (PHP remote file inclusion vulnerability in includes/functions_kb.php i ...)
	NOT-FOR-US: Dimension of phpBB
CVE-2006-5234
	NOT-FOR-US: phpWebSite
CVE-2006-5233 (Polycom SoundPoint IP 301 VoIP Desktop Phone, firmware version 1.4.1.0 ...)
	NOT-FOR-US: Polycom SoundPoint IP 301 VoIP Desktop Phone
CVE-2006-5232
	NOT-FOR-US: iSearch
CVE-2006-5231 (Grandstream GXP-2000 VoIP Desktop Phone, firmware version 1.1.0.5, all ...)
	NOT-FOR-US: Grandstream GXP-2000 VoIP Desktop Phone
CVE-2006-5230 (PHP remote file inclusion vulnerability in forum.php in FreeForum 0.9. ...)
	NOT-FOR-US: FreeForum
CVE-2006-5295 (Unspecified vulnerability in ClamAV before 0.88.5 allows remote attack ...)
	{DSA-1196-1}
	- clamav 0.88.5-1 (high; bug #393445)
CVE-2006-5229 (OpenSSH portable 4.1 on SUSE Linux, and possibly other platforms and v ...)
	NOTE: This issues depends on the stack of selected authentication modules, while
	NOTE: some are resilient against such timing attacks, some aren't
	NOTE: This is inside responsibility of an admin
CVE-2006-5228 (Multiple SQL injection vulnerabilities in the Google Gadget login.php  ...)
	NOT-FOR-US: ackerTodo
CVE-2006-5227 (Cross-site scripting (XSS) vulnerability in admin.php in TorrentFlux 2 ...)
	- torrentflux 2.1-4 (bug #392501; low)
CVE-2006-5226 (PHP remote file inclusion vulnerability in moteur/moteur.php in Prolog ...)
	NOT-FOR-US: Freenews
CVE-2006-5225 (Multiple SQL injection vulnerabilities in AAIportal before 1.4.0 allow ...)
	NOT-FOR-US: AAIportal
CVE-2006-5224 (PHP remote file inclusion vulnerability in includes/logger_engine.php  ...)
	NOT-FOR-US: Security Suite IP Logger in dwingmods for phpBB
CVE-2006-5223 (PHP remote file inclusion vulnerability in includes/functions_user_vie ...)
	NOT-FOR-US: User Viewed Posts Tracker module for phpBB
CVE-2006-5222 (Multiple PHP remote file inclusion vulnerabilities in Dimension of php ...)
	NOT-FOR-US: Dimension of phpBB
CVE-2006-5221 (Multiple SQL injection vulnerabilities in Cahier de texte 2.0 allow re ...)
	NOT-FOR-US: Cahier de textes
CVE-2006-5220 (Multiple PHP remote file inclusion vulnerabilities in WebYep 1.1.9, wh ...)
	NOT-FOR-US: WebYep
CVE-2006-5219 (SQL injection vulnerability in blog/index.php in the blog module in Mo ...)
	- moodle 1.6.2+20060930-1 (medium; bug #390294)
	[sarge] - moodle <not-affected> (Vulnerable code not present)
CVE-2006-5218 (Integer overflow in the systrace_preprepl function (STRIOCREPLACE) in  ...)
	NOT-FOR-US: systrace in OpenBSD and NetBSD
CVE-2006-5217 (SQL injection vulnerability in giris_yap.asp in Emek Portal 2.1 allows ...)
	NOT-FOR-US: Emek Portal
CVE-2006-5216 (Stack-based buffer overflow in Sergey Lyubka Simple HTTPD (shttpd) 1.3 ...)
	NOT-FOR-US: Simple HTTPD
CVE-2006-5215 (The Xsession script, as used by X Display Manager (xdm) in NetBSD befo ...)
	- xdm 1:1.0.5-1 (low)
	[sarge] - xfree86 <no-dsa> (Minor issue)
	NOTE: probably fixed earlier than 1:1.0.5
CVE-2006-5214 (Race condition in the Xsession script, as used by X Display Manager (x ...)
	- xdm 1:1.0.5-1 (low)
	- xorg 1:7.1.0-13 (low)
	[sarge] - xfree86 <no-dsa> (Minor issue)
	NOTE: probably fixed earlier than 1:1.0.5
CVE-2006-5213 (Sun Solaris 10 before 20061006 uses "incorrect and insufficient permis ...)
	NOT-FOR-US: Solaris
CVE-2006-5212 (Trend Micro OfficeScan 6.0 in Client/Server/Messaging (CSM) Suite for  ...)
	NOT-FOR-US: Trend Micro OfficeScan
CVE-2006-5211 (Trend Micro OfficeScan 6.0 in Client/Server/Messaging (CSM) Suite for  ...)
	NOT-FOR-US: Trend Micro OfficeScan
CVE-2006-5210 (Directory traversal vulnerability in IronWebMail before 6.1.1 HotFix-1 ...)
	NOT-FOR-US: IronWebMail
CVE-2006-5209 (PHP remote file inclusion vulnerability in admin/admin_topic_action_lo ...)
	NOT-FOR-US: Admin Topic Action Logging Mod for phpBB
CVE-2006-5208 (Multiple SQL injection vulnerabilities in PHP Classifieds 7.1 allow re ...)
	NOT-FOR-US: PHP Classifieds
CVE-2006-5207 (PHP remote file inclusion vulnerability in images/smileys/smileys_pack ...)
	NOT-FOR-US: phpMyTeam
CVE-2006-5206 (SQL injection vulnerability in Invision Gallery 2.0.7 allows remote at ...)
	NOT-FOR-US: Invision Gallery
CVE-2006-5205 (Directory traversal vulnerability in Invision Gallery 2.0.7 allows rem ...)
	NOT-FOR-US: Invision Gallery
CVE-2006-5204 (Cross-site scripting (XSS) vulnerability in action_admin/member.php in ...)
	NOT-FOR-US: Invision Power Board (IPB)
CVE-2006-5203 (Invision Power Board (IPB) 2.1.7 and earlier allows remote restricted  ...)
	NOT-FOR-US: Invision Power Board (IPB)
CVE-2006-5202 (Linksys WRT54g firmware 1.00.9 does not require credentials when makin ...)
	NOT-FOR-US: Linksys
CVE-2006-5201 (Multiple packages on Sun Solaris, including (1) NSS; (2) Java JDK and  ...)
	- sun-java5 1.5.0-10-1 (bug #393042)
	NOTE: this is similar to CVE-2006-4339
CVE-2006-5200 (Unspecified vulnerability in Adobe Breeze 5 Licensed Server and Breeze ...)
	NOT-FOR-US: Adobe
CVE-2006-5199 (Adobe Contribute Publishing Server leaks the administrator password in ...)
	NOT-FOR-US: Adobe
CVE-2006-5198 (The WZFILEVIEW.FileViewCtrl.61 ActiveX control (aka Sky Software "File ...)
	NOT-FOR-US: WinZip
CVE-2006-5197 (PDshopPro stores sensitive information under the web root with insuffi ...)
	NOT-FOR-US: PDshopPro
CVE-2006-5196 (The HTTP interface in the Motorola SURFboard SB4200 Cable Modem allows ...)
	NOT-FOR-US: Motorola SURFboard
CVE-2006-5195 (Multiple cross-site scripting (XSS) vulnerabilities in Wheatblog 1.0 a ...)
	NOT-FOR-US: Wheatblog
CVE-2006-5194 (Cross-site scripting (XSS) vulnerability in index.php in net2ftp 0.93  ...)
	NOT-FOR-US: net2ftp
CVE-2006-5193 (PHP remote file inclusion vulnerability in index.php in Josh Schmidt W ...)
	NOT-FOR-US: WikyBlog
CVE-2006-5192 (PHP remote file inclusion vulnerability in includes/footer.php in phpG ...)
	NOT-FOR-US: phpGreetz
CVE-2006-5191 (PHP remote file inclusion vulnerability in includes/functions_static_t ...)
	NOT-FOR-US: Nivisec Static Topics module for phpBB
CVE-2006-5190 (Multiple cross-site scripting (XSS) vulnerabilities in osCommerce 2.2  ...)
	NOT-FOR-US: osCommerce
CVE-2006-5189 (PHP remote file inclusion vulnerability in funzioni/lib/show_hlp.php i ...)
	NOT-FOR-US: klinza professional cms
CVE-2006-5188 (Directory traversal vulnerability in download.php in webGENEius GOOP G ...)
	NOT-FOR-US: webGENEius GOOP Gallery
CVE-2006-5187 (PHP remote file inclusion vulnerability in includes/functions.php in B ...)
	NOT-FOR-US: Bulletin Board Ace (BBaCE)
CVE-2006-5186 (PHP remote file inclusion vulnerability in functions.php in phpMyProfi ...)
	NOT-FOR-US: phpMyProfiler
CVE-2006-5185 (Eval injection vulnerability in Template.php in HAMweather 3.9.8.4 and ...)
	NOT-FOR-US: HAMweather
CVE-2006-5184 (SQL injection vulnerability in PKR Internet Taskjitsu before 2.0.6 all ...)
	NOT-FOR-US: PKR Internet Taskjitsu
CVE-2006-5183 (Multiple PHP remote file inclusion vulnerabilities in Dayfox Designs D ...)
	NOT-FOR-US: Dayfox Blog
CVE-2006-5182 (PHP remote file inclusion vulnerability in frontpage.php in Dan Jensen ...)
	NOT-FOR-US: Travelsized CMS
CVE-2006-5181 (Multiple PHP remote file inclusion vulnerabilities in Joshua Muheim ph ...)
	NOT-FOR-US: phpMyWebmin
CVE-2006-5180 (PHP remote file inclusion vulnerability in include/main.inc.php in Seb ...)
	NOT-FOR-US: Newswriter SW
CVE-2006-5179 (Intoto iGateway VPN and iGateway SSL-VPN allow context-dependent attac ...)
	NOT-FOR-US: Intoto iGateway
CVE-2006-5178 (Race condition in the symlink function in PHP 5.1.6 and earlier allows ...)
	- php5 5.2.0-1 (bug #391281; unimportant)
	- php4 4:4.4.4-1 (bug #391282; unimportant)
	NOTE: open_basedir is not supported
CVE-2006-5177 (The NTLM authentication in MailEnable Professional 2.0 and Enterprise  ...)
	NOT-FOR-US: MailEnable Professional
CVE-2006-5176 (Buffer overflow in NTLM authentication in MailEnable Professional 2.0  ...)
	NOT-FOR-US: MailEnable Professional
CVE-2006-5175 (Cross-site request forgery (CSRF) vulnerability in the administrative  ...)
	NOT-FOR-US: TeraStation HD-HTGL
CVE-2006-5174 (The copy_from_user function in the uaccess code in Linux kernel 2.6 be ...)
	{DSA-1237 DSA-1233}
	- linux-2.6 2.6.18-5
	NOTE: s390 only, fix in 2.6.18-3 was reverted in 2.6.18-4
CVE-2006-5173 (Linux kernel does not properly save or restore EFLAGS during a context ...)
	- linux-2.6 2.6.18-1
CVE-2006-5172 (Stack-based buffer overflow in the RPC interface in Mediasvr.exe in Co ...)
	NOT-FOR-US: Computer Associates (CA) Brightstor
CVE-2006-5171 (Stack-based buffer overflow in the RPC interface in Mediasvr.exe in Co ...)
	NOT-FOR-US: Computer Associates (CA) Brightstor
CVE-2006-5170 (pam_ldap in nss_ldap on Red Hat Enterprise Linux 4, Fedora Core 3 and  ...)
	{DSA-1203-1}
	- libpam-ldap 180-1.2 (bug #392984; medium)
CVE-2006-5169 (Cross-site scripting (XSS) vulnerability in John Himmelman (aka DaRk2k ...)
	NOT-FOR-US: PowerPortal
CVE-2006-5168 (Cross-site scripting (XSS) vulnerability in the search functionality i ...)
	NOT-FOR-US: Pebble
CVE-2006-XXXX [zabbix format string vulnerabilities]
	- zabbix 1:1.1.2-4 (bug #391388)
CVE-2006-XXXX [zabbix buffer overflows]
	- zabbix 1:1.1.2-4 (bug #391388)
CVE-2006-5167 (Multiple PHP remote file inclusion vulnerabilities in BasiliX 1.1.1 an ...)
	NOT-FOR-US: BasiliX
CVE-2006-5166 (PHP remote file inclusion vulnerability in functions.php in PHP Web Sc ...)
	NOT-FOR-US: PHP Web Scripts Easy Banner Free
CVE-2006-5165 (PHP remote file inclusion vulnerability in inc/functions.inc.php in Sk ...)
	NOT-FOR-US: Skrypty PPA Gallery
CVE-2006-5164 (Multiple cross-site scripting (XSS) vulnerabilities in cart.php in Sum ...)
	NOT-FOR-US: digiSHOP
CVE-2006-5163 (IBM Informix Dynamic Server 10.UC3RC1 Trial for Linux and possibly oth ...)
	NOT-FOR-US: IBM
CVE-2006-5162 (wininet.dll in Microsoft Internet Explorer 6.0 SP2 and earlier allows  ...)
	NOT-FOR-US: Microsoft
CVE-2006-5161 (IBM Client Security Password Manager stores and distributes saved pass ...)
	NOT-FOR-US: IBM
CVE-2006-5160
	- firefox <not-affected> (no real issues)
CVE-2006-5159
	NOT-FOR-US: Bogus Firefox issue
CVE-2006-5158 (The nlmclnt_mark_reclaim in clntlock.c in NFS lockd in Linux kernel be ...)
	- linux-2.6 2.6.15
CVE-2006-5157 (Format string vulnerability in the ActiveX control (ATXCONSOLE.OCX) in ...)
	NOT-FOR-US: TrendMicro OfficeScan
CVE-2006-5156 (Buffer overflow in McAfee ePolicy Orchestrator before 3.5.0.720 and Pr ...)
	NOT-FOR-US: McAfee
CVE-2006-5155 (PHP remote file inclusion vulnerability in core/pdf.php in VideoDB 2.2 ...)
	NOT-FOR-US: VideoDB
CVE-2006-5154 (PHP remote file inclusion vulnerability in cp/sig.php in DeluxeBB 1.09 ...)
	NOT-FOR-US: DeluxeBB
CVE-2006-5153 (The (1) fwdrv.sys and (2) khips.sys drivers in Sunbelt Kerio Personal  ...)
	NOT-FOR-US: Kerio Personal Firewall
CVE-2006-5152 (Cross-site scripting (XSS) vulnerability in Microsoft Internet Explore ...)
	NOT-FOR-US: Microsoft
CVE-2006-5151 (Unspecified vulnerability in HP Ignite-UX server before C.6.9.150 for  ...)
	NOT-FOR-US: HP
CVE-2006-5150 (SQL injection vulnerability in the reports system in OpenBiblio before ...)
	NOT-FOR-US: OpenBiblio
CVE-2006-5149 (Multiple directory traversal vulnerabilities in OpenBiblio before 0.5. ...)
	NOT-FOR-US: OpenBiblio
CVE-2006-5148 (Multiple PHP remote file inclusion vulnerabilities in Forum82 2.5.2b a ...)
	NOT-FOR-US: Forum82
CVE-2006-5147 (PHP remote file inclusion vulnerability in wamp_dir/setup/yesno.phtml  ...)
	NOT-FOR-US: VAMP Webmail
CVE-2006-5146 (Multiple cross-site scripting (XSS) vulnerabilities in Yblog allow rem ...)
	NOT-FOR-US: Yblog
CVE-2006-5145 (Multiple SQL injection vulnerabilities in OlateDownload 3.4.0 allow re ...)
	NOT-FOR-US: OlateDownload
CVE-2006-5144 (Cross-site scripting (XSS) vulnerability in userupload.php in OlateDow ...)
	NOT-FOR-US: OlateDownload
CVE-2006-5143 (Multiple buffer overflows in CA BrightStor ARCserve Backup r11.5 SP1 a ...)
	NOT-FOR-US: Backup Agent RPC Server
CVE-2006-5142 (Stack-based buffer overflow in CA BrightStor ARCserve Backup R11.5 cli ...)
	NOT-FOR-US: CA BrightStor ARCserver Backup
CVE-2006-5141 (PHP remote file inclusion vulnerability in script.php in Kevin A. Gord ...)
	NOT-FOR-US: Open Geo Targeting (aka geotarget)
CVE-2006-5140 (SQL injection vulnerability in display.php in Lappy512 PHP Krazy Image ...)
	NOT-FOR-US: Image Host Script (phpkimagehost)
CVE-2006-5139 (Unspecified vulnerability in MkPortal allows remote attackers to corru ...)
	NOT-FOR-US: MkPortal
CVE-2006-5138 (Groupee UBB.threads 6.5.1.1 allows remote attackers to obtain sensitiv ...)
	NOT-FOR-US: Groupee UBB.threads
CVE-2006-5137 (Multiple direct static code injection vulnerabilities in Groupee UBB.t ...)
	NOT-FOR-US: Groupee UBB.threads
CVE-2006-5136 (Multiple PHP remote file inclusion vulnerabilities in ubbt.inc.php in  ...)
	NOT-FOR-US: Groupee UBB.threads
CVE-2006-5135 (Multiple PHP remote file inclusion vulnerabilities in A-Blog 2 allow r ...)
	NOT-FOR-US: A-Blog
CVE-2006-5134 (Mercury SiteScope 8.2 (8.1.2.0) allows remote authenticated users to c ...)
	NOT-FOR-US: Mercury SiteScope
CVE-2006-5133 (Buffer overflow in GuildFTPd 0.999.13 allows remote attackers to have  ...)
	NOT-FOR-US: GuildFTPd
CVE-2006-5132 (Multiple PHP remote file inclusion vulnerabilities in phpMyAgenda 3.0  ...)
	NOT-FOR-US: phpMyAgenda
CVE-2006-5131 (module/shout/jafshout.php (aka the shoutbox) in ph03y3nk just another  ...)
	NOT-FOR-US: just another flat file (JAF) CMS
CVE-2006-5130 (Multiple cross-site scripting (XSS) vulnerabilities in ph03y3nk just a ...)
	NOT-FOR-US: ust another flat file (JAF) CMS
CVE-2006-5129 (Multiple cross-site scripting (XSS) vulnerabilities in ph03y3nk just a ...)
	NOT-FOR-US: ust another flat file (JAF) CMS
CVE-2006-5128 (SQL injection vulnerability in index.php in Bartels Schoene ConPresso  ...)
	NOT-FOR-US: ConPresso
CVE-2006-5127 (Multiple cross-site scripting (XSS) vulnerabilities in Bartels Schoene ...)
	NOT-FOR-US: ConPresso
CVE-2006-5126 (PHP remote file inclusion vulnerability in index.php in John Himmelman ...)
	NOT-FOR-US: PowerPortal
CVE-2006-5125 (Directory traversal vulnerability in window.php, possibly used by home ...)
	NOT-FOR-US: phpMyWebmin
CVE-2006-5124 (Multiple PHP remote file inclusion vulnerabilities in Joshua Muheim ph ...)
	NOT-FOR-US: phpMyWebmin
CVE-2006-5123 (Multiple PHP remote file inclusion vulnerabilities in Albrecht Guenthe ...)
	NOT-FOR-US: PHProjekt
CVE-2006-5122 (Multiple cross-site scripting (XSS) vulnerabilities in Mercury SiteSco ...)
	NOT-FOR-US: SiteScope
CVE-2006-5121 (SQL injection vulnerability in modules/Downloads/admin.php in the Admi ...)
	NOT-FOR-US: PostNuke
CVE-2006-5120 (Multiple cross-site scripting (XSS) vulnerabilities in Scott Metoyer R ...)
	NOT-FOR-US: Red Mombin
CVE-2006-5119 (Multiple cross-site scripting (XSS) vulnerabilities in Zen Cart 1.3.5  ...)
	NOT-FOR-US: Zen Cart
CVE-2006-5118 (PHP remote file inclusion vulnerability in index.php3 in the PDD packa ...)
	NOT-FOR-US: PHPSelect Web Development Division
CVE-2006-5117 (phpMyAdmin before 2.9.1-rc1 has a libraries directory under the web do ...)
	- phpmyadmin 4:2.9.0.2-0.1 (bug #391090; unimportant)
	NOTE: Only path disclosure
CVE-2006-5116 (Multiple cross-site request forgery (CSRF) vulnerabilities in phpMyAdm ...)
	{DSA-1207-1}
	- phpmyadmin 4:2.9.0.2-0.1 (bug #391090; bug #400553; low)
	[sarge] - phpmyadmin <not-affected> (Vulnerable code not present)
	NOTE: https://www.phpmyadmin.net/security/PMASA-2006-5/
	NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/b3906852bbcb5c4e116cc20e214b7f6793ca97aa
	NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/ac2f606a21d474596a4b2cada961385439cbc8f0
	NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/50319d634c620044a0542495939cd68530f00259
CVE-2006-5115 (Directory traversal vulnerability in kgcall.php in KGB 1.87 allows rem ...)
	NOT-FOR-US: KGB
CVE-2006-5114 (Multiple cross-site scripting (XSS) vulnerabilities in wgate in SAP In ...)
	NOT-FOR-US: SAP
CVE-2006-5113 (Directory traversal vulnerability in common.php in Yuuki Yoshizawa Exp ...)
	NOT-FOR-US: Exporia
CVE-2006-5112 (Buffer overflow in InterVations NaviCOPA Web Server 2.01 allows remote ...)
	NOT-FOR-US: NaviCOPA Web Server
CVE-2006-5111 (The libksba library 0.9.12 and possibly other versions, as used by gpg ...)
	- libksba 0.9.14-1 (low; bug #391278)
	[sarge] - libksba <no-dsa> (Minor issue)
CVE-2006-5110 (Cross-site scripting (XSS) vulnerability in home.php in PHP Invoice 2. ...)
	NOT-FOR-US: PHP Invoice
CVE-2006-5109 (Devellion CubeCart 2.0.x allows remote attackers to obtain sensitive i ...)
	NOT-FOR-US: CubeCart
CVE-2006-5108 (Multiple cross-site scripting (XSS) vulnerabilities in Devellion CubeC ...)
	NOT-FOR-US: CubeCart
CVE-2006-5107 (Multiple SQL injection vulnerabilities in Devellion CubeCart 2.0.x all ...)
	NOT-FOR-US: CubeCart
CVE-2006-5106 (Cross-site scripting (XSS) vulnerability in FacileForms before 1.4.7 f ...)
	NOT-FOR-US: FacileForms for Mambo and Joomla!
CVE-2006-5105 (Multiple PHP remote file inclusion vulnerabilities in SyntaxCMS 1.1.1  ...)
	NOT-FOR-US: SyntaxCMS
CVE-2006-5104 (SQL injection vulnerability in global.php in Jelsoft vBulletin 2.x all ...)
	NOT-FOR-US: vBulletin
CVE-2006-5103 (PHP remote file inclusion vulnerability in admin/index2.php in bbsNew  ...)
	NOT-FOR-US: bbsNew
CVE-2006-5102 (PHP remote file inclusion vulnerability in include/editfunc.inc.php in ...)
	NOT-FOR-US: Newswriter SW
CVE-2006-5101 (PHP remote file inclusion vulnerability in include.php in Comdev CSV I ...)
	NOT-FOR-US: Comdev CSV Importer
CVE-2006-5100 (PHP remote file inclusion vulnerability in parse/parser.php in WEB//NE ...)
	NOT-FOR-US: WEB//NEWS (aka webnews)
CVE-2006-5099 (lib/exec/fetch.php in DokuWiki before 2006-03-09e, when conf[imconvert ...)
	- dokuwiki 0.0.20060309-5.2 (bug #391291; medium)
CVE-2006-5098 (lib/exec/fetch.php in DokuWiki before 2006-03-09e allows remote attack ...)
	- dokuwiki 0.0.20060309-5.2 (bug #391291; medium)
CVE-2006-5097
	NOT-FOR-US: net2ftp
CVE-2006-5096 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in Vi ...)
	NOT-FOR-US: VirtueMart
CVE-2006-5095
	NOT-FOR-US: MyPhotos
CVE-2006-5094 (PHP remote file inclusion vulnerability in includes/functions_kb.php i ...)
	NOT-FOR-US: phpBB XS
CVE-2006-5093 (PHP remote file inclusion vulnerability in index.php in Tagmin Control ...)
	NOT-FOR-US: TagIt! Tagboard
CVE-2006-5092 (PHP remote file inclusion vulnerability in navigation/menu.php in A-Bl ...)
	NOT-FOR-US: A-Blog
CVE-2006-5091 (Unspecified vulnerability in HP-UX B.11.11 and B.11.23 CIFS Server (Sa ...)
	NOT-FOR-US: HP-UX Samba
CVE-2006-5090 (Multiple cross-site scripting (XSS) vulnerabilities in Phoenix Evoluti ...)
	NOT-FOR-US: Phoenix Evolution CMS (PECMS)
CVE-2006-5089
	NOT-FOR-US: My-BIC
CVE-2006-5088 (PHP remote file inclusion vulnerability in connected_users.lib.php3 in ...)
	NOT-FOR-US: phpMyChat
CVE-2006-5087 (Multiple PHP remote file inclusion vulnerabilities in evoBB 0.3 and ea ...)
	NOT-FOR-US: evoBB
CVE-2006-5086 (Blog Pixel Motion 2.1.1 allows remote attackers to change the username ...)
	NOT-FOR-US: Blog Pixel Motion
CVE-2006-5085 (Static code injection vulnerability in config.php in Blog Pixel Motion ...)
	NOT-FOR-US: Blog Pixel Motion
CVE-2006-5084 (Format string vulnerability in the NSRunAlertPanel function in eBay Sk ...)
	NOT-FOR-US: Skype
CVE-2006-5083 (PHP remote file inclusion vulnerability in includes/functions_portal.p ...)
	NOT-FOR-US: Integrated MODs (IM) Portal
CVE-2006-5082 (Unspecified vulnerability in Sugar Suite Open Source (SugarCRM) before ...)
	- sugarcrm-ce-5.0 <itp> (bug #457876)
CVE-2006-5081 (PHP remote file inclusion vulnerability in acc.php in QuickBlogger (QB ...)
	NOT-FOR-US: QuickBlogger
CVE-2006-5080 (Cross-site scripting (XSS) vulnerability in the search function in Six ...)
	NOT-FOR-US: Movable Type
CVE-2006-5079 (PHP remote file inclusion vulnerability in class.mysql.php in Matt Hum ...)
	NOT-FOR-US: paBugs
CVE-2006-5078 (PHP remote file inclusion vulnerability in view/general.php in Kristia ...)
	NOT-FOR-US: Polaring
CVE-2006-5077 (PHP remote file inclusion vulnerability in admin/admin_topic_action_lo ...)
	NOT-FOR-US: Minerva
CVE-2006-5076 (Multiple PHP remote file inclusion vulnerabilities in OpenConcept Back ...)
	NOT-FOR-US: OpenConcept Back-End
CVE-2006-5075 (The Kernel SSL Proxy service (svc:/network/ssl/proxy) in Sun Solaris 1 ...)
	NOT-FOR-US: Solaris
CVE-2006-5074 (Cross-site scripting (XSS) vulnerability in home.php in PHP Invoice 2. ...)
	NOT-FOR-US: PHP Invoice
CVE-2006-5073 (Unspecified vulnerability in Sun Solaris 8, 9 and 10 allows remote att ...)
	NOT-FOR-US: Solaris
CVE-2006-5072 (The System.CodeDom.Compiler classes in Novell Mono create temporary fi ...)
	- mono 1.1.17.1-5
CVE-2006-5071 (Multiple cross-site scripting (XSS) vulnerabilities in eyeOS before 0. ...)
	NOT-FOR-US: eyeOS
CVE-2006-5070 (PHP remote file inclusion vulnerability in fsl2/objects/fs_form_links. ...)
	NOT-FOR-US: faceStones Personal
CVE-2006-5069 (Cross-site scripting (XSS) vulnerability in class.tx_indexedsearch.php ...)
	- typo3-src <not-affected> (only versions 4.0.0+4.0.1 affected)
CVE-2006-5068 (PHP remote file inclusion vulnerability in admin/index.php in Brudaswe ...)
	NOT-FOR-US: BrudaNews
CVE-2006-5067
	NOT-FOR-US: PHP System Administration Toolkit (PHPSaTK)
CVE-2006-5066 (Multiple cross-site scripting (XSS) vulnerabilities in DanPHPSupport 0 ...)
	NOT-FOR-US: DanPHPSupport
CVE-2006-5065 (PHP remote file inclusion vulnerability in libs/dbmax/mysql.php in Zoo ...)
	NOT-FOR-US: ZoomStats
CVE-2006-5064 (Multiple cross-site scripting (XSS) vulnerabilities in BirdBlog 1.4 an ...)
	NOT-FOR-US: BirdBlog
CVE-2006-5063 (Cross-site scripting (XSS) vulnerability in Elog 2.6.1 allows remote a ...)
	{DSA-1242-1}
	- elog 2.6.2+r1719-1 (bug #389361)
CVE-2006-5062 (PHP remote file inclusion vulnerability in templates/pb/language/lang_ ...)
	NOT-FOR-US: PBLang (PBL)
CVE-2006-5061 (PHP remote file inclusion vulnerability in mcf.php in Advanced-Clan-Sc ...)
	NOT-FOR-US: Advanced-Clan-Script (AVCX)
CVE-2006-5060 (Cross-site scripting (XSS) vulnerability in login.php in Jamroom 3.0.1 ...)
	NOT-FOR-US: Jamroom
CVE-2006-5059 (Multiple cross-site scripting (XSS) vulnerabilities in WWWthreads 5.4. ...)
	NOT-FOR-US: WWWthreads
CVE-2006-5058 (Buffer overflow in (1) Call of Duty 1.5b and earlier, (2) Call of Duty ...)
	NOT-FOR-US: Call of Duty
CVE-2006-5057 (Multiple cross-site scripting (XSS) vulnerabilities in Ktools.net Phot ...)
	NOT-FOR-US: PhotoStore
CVE-2006-5056 (Cross-site scripting (XSS) vulnerability in index.php in Opial Audio/V ...)
	NOT-FOR-US: Opial Audio/Video Download Management
CVE-2006-5055 (PHP remote file inclusion vulnerability in admin/testing/tests/0004_in ...)
	NOT-FOR-US: syntaxCMS
CVE-2006-5054 (SQL injection vulnerability in uye/uye_ayrinti.asp in iyzi Forum 1 Bet ...)
	NOT-FOR-US: iyzi Forum
CVE-2006-5053 (PHP remote file inclusion vulnerability in webnews/template.php in Web ...)
	NOT-FOR-US: Web-News
CVE-2006-5052 (Unspecified vulnerability in portable OpenSSH before 4.4, when running ...)
	[etch] - openssh <no-dsa> (Minor issue)
	- openssh 1:4.6p1-1 (low)
CVE-2006-5051 (Signal handler race condition in OpenSSH before 4.4 allows remote atta ...)
	{DSA-1638-1 DSA-1212 DSA-1189-1}
	- openssh 1:4.6p1-1 (low)
	- openssh-krb5 <removed> (high)
	NOTE: From my analysis only openssh with Kerberos support should be vulnerable
	NOTE: However, we'll fix openssh as well just to make sure
CVE-2006-5050 (Directory traversal vulnerability in httpd in Rob Landley BusyBox allo ...)
	- busybox <not-affected> (bug #390555; irreproducible)
	[sarge] - busybox <not-affected> (Vulnerable code not present)
CVE-2006-5049 (Unspecified vulnerability in Classifieds (com_classifieds) component 1 ...)
	NOT-FOR-US: Classifieds (com_classifieds) component for Joomla!
CVE-2006-5048 (Multiple PHP remote file inclusion vulnerabilities in Security Images  ...)
	NOT-FOR-US: Security Images (com_securityimages) component for Joomla!
CVE-2006-5047 (Unspecified vulnerability in rsgallery2.html.php in RS Gallery2 compon ...)
	NOT-FOR-US: RS Gallery2 component for Joomla! (com_rsgallery2)
CVE-2006-5046 (Unspecified vulnerability in RS Gallery2 (com_rsgallery2) 1.11.3 and e ...)
	NOT-FOR-US: RS Gallery2 component for Joomla! (com_rsgallery2)
CVE-2006-5045 (Unspecified vulnerability in PollXT component (com_pollxt) 1.22.07 and ...)
	NOT-FOR-US: PollXT component (com_pollxt) for Joomla!
CVE-2006-5044 (Unspecified vulnerability in Prince Clan (Princeclan) Chess component  ...)
	NOT-FOR-US: Prince Clan (Princeclan) Chess componen (com_pcchess) for Mambo and Joomla!
CVE-2006-5043 (Multiple PHP remote file inclusion vulnerabilities in the Joomlaboard  ...)
	NOT-FOR-US: JoomlaBoard (com_joomlaboard) for Joomla!
CVE-2006-5042 (Unspecified vulnerability in mosMedia (com_mosmedia) 1.0.8 and earlier ...)
	NOT-FOR-US: mosMedia (com_mosmedia) for Joomla!
CVE-2006-5041 (Unspecified vulnerability in Hot Properties (possibly com_hotpropertie ...)
	NOT-FOR-US: Hot Properties (possibly com_hotproperties) for Joomla!
CVE-2006-5040 (Unspecified vulnerability in SEF404x (com_sef) for Joomla! has unspeci ...)
	NOT-FOR-US: SEF404x (com_sef) for Joomla!
CVE-2006-5039 (Unspecified vulnerability in Events 1.3 beta module (com_events) for J ...)
	NOT-FOR-US: Events 1.3 beta module (com_events) for Joomla!
CVE-2006-5038 (The FiWin SS28S WiFi VoIP SIP/Skype Phone, firmware version 01_02_07,  ...)
	NOT-FOR-US: FiWin
CVE-2006-5037
	NOT-FOR-US: MySource Matrix
CVE-2006-5036
	NOT-FOR-US: MySource Matrix
CVE-2006-5035 (Multiple cross-site scripting (XSS) vulnerabilities in Paul Smith Comp ...)
	NOT-FOR-US: vCAP
CVE-2006-5034 (Directory traversal vulnerability in Paul Smith Computer Services vCAP ...)
	NOT-FOR-US: vCAP
CVE-2006-5033 (Unspecified vulnerability in StoresAndCalendarsList.cgi in Paul Smith  ...)
	NOT-FOR-US: vCAP
CVE-2006-5032 (PHP remote file inclusion vulnerability in dix.php3 in PHPartenaire 1. ...)
	NOT-FOR-US: PHPartenaire
CVE-2006-5031 (Directory traversal vulnerability in app/webroot/js/vendors.php in Cak ...)
	- cakephp 1.1.13.4450-1
CVE-2006-5030 (SQL injection vulnerability in modules/messages/index.php in exV2 2.0. ...)
	NOT-FOR-US: exV2
CVE-2006-5029 (SQL injection vulnerability in thread.php in WoltLab Burning Board (wB ...)
	NOT-FOR-US: WoltLab Burning Board (wBB)
CVE-2006-5028 (Directory traversal vulnerability in filemanager/filemanager.php in SW ...)
	NOT-FOR-US: Plesk
CVE-2006-5027 (Jeroen Vennegoor JevonCMS, possibly pre alpha, allows remote attackers ...)
	NOT-FOR-US: JevonCMS
CVE-2006-5026 (Multiple unspecified vulnerabilities in Paisterist Simple HTTP Scanner ...)
	NOT-FOR-US: Paisterist Simple HTTP Scanner (sHTTPScanner)
CVE-2006-5025 (Multiple unspecified vulnerabilities in Paisterist Simple HTTP Scanner ...)
	NOT-FOR-US: Paisterist Simple HTTP Scanner (sHTTPScanner)
CVE-2006-5024 (Multiple unspecified vulnerabilities in Paisterist Simple HTTP Scanner ...)
	NOT-FOR-US: Paisterist Simple HTTP Scanner (sHTTPScanner)
CVE-2006-5023 (SQL injection vulnerability in kategori.asp in xweblog 2.1 and earlier ...)
	NOT-FOR-US: xweblog
CVE-2006-5022 (PHP remote file inclusion vulnerability in includes/global.php in Josh ...)
	NOT-FOR-US: pNews System 1.1.0 (aka PowerNews)
CVE-2006-5021 (Multiple PHP remote file inclusion vulnerabilities in redgun RedBLoG 0 ...)
	NOT-FOR-US: RedBLoG
CVE-2006-5020 (Multiple PHP remote file inclusion vulnerabilities in SolidState 0.4 a ...)
	NOT-FOR-US: SolidState
CVE-2006-5019 (Google Mini 4.4.102.M.36 and earlier allows remote attackers to obtain ...)
	NOT-FOR-US: Google Mini
CVE-2006-5018 (ContentKeeper 123.25 and earlier places passwords in cleartext in an I ...)
	NOT-FOR-US: ContentKeeper
CVE-2006-5017 (SQL injection vulnerability in admin/all_users.php in Szava Gyula and  ...)
	NOT-FOR-US: e-Vision CMS
CVE-2006-5016 (Unrestricted file upload vulnerability in admin/x_image.php in Szava G ...)
	NOT-FOR-US: e-Vision CMS
CVE-2006-5015 (PHP remote file inclusion vulnerability in hit.php in Kietu 3.2 allows ...)
	NOT-FOR-US: Kietu
CVE-2006-5014 (Unspecified vulnerability in cPanel before 10.9.0 12 Tree allows remot ...)
	NOT-FOR-US: cPanel
CVE-2006-5013 (Sun Solaris 10 before patch 118855-16 (20060925), when run on x64 syst ...)
	NOT-FOR-US: Solaris
CVE-2006-5012 (Unspecified vulnerability in Sun Solaris 8, 9, and 10 before 20060925  ...)
	NOT-FOR-US: Solaris
CVE-2006-5011 (Untrusted search path vulnerability in snappd in IBM AIX 5.2.0 and 5.3 ...)
	NOT-FOR-US: AIX
CVE-2006-5010 (Untrusted search path vulnerability in acctctl in IBM AIX 5.3.0 allows ...)
	NOT-FOR-US: AIX
CVE-2006-5009 (Unspecified vulnerability in xlock in IBM AIX 5.2.0 and 5.3.0 allows l ...)
	NOT-FOR-US: AIX
CVE-2006-5008 (Unspecified vulnerability in utape in IBM AIX 5.2.0 and 5.3.0 allows a ...)
	NOT-FOR-US: AIX
CVE-2006-5007 (Untrusted search path vulnerability in uucp in IBM AIX 5.2.0 and 5.3.0 ...)
	NOT-FOR-US: AIX
CVE-2006-5006 (Buffer overflow in cfgmgr in IBM AIX 5.2.0 and 5.3.0 allows local user ...)
	NOT-FOR-US: AIX
CVE-2006-5005 (Unspecified vulnerability in bos.net.tcp.client in IBM AIX 5.2.0 and 5 ...)
	NOT-FOR-US: AIX
CVE-2006-5004 (Unspecified vulnerability in the rdist command in IBM AIX 5.2.0 and 5. ...)
	NOT-FOR-US: AIX
CVE-2006-5003 (Unspecified vulnerability in the named8 command in IBM AIX 5.2.0 and 5 ...)
	NOT-FOR-US: AIX
CVE-2006-5002 (Unspecified vulnerability in IBM Inventory Scout for AIX 2.2.0.0 throu ...)
	NOT-FOR-US: AIX
CVE-2006-5001 (Unspecified vulnerability in the log analyzer in WS_FTP Server 5.05 be ...)
	NOT-FOR-US: WS_FTP
CVE-2006-5000 (Multiple buffer overflows in WS_FTP Server 5.05 before Hotfix 1, and p ...)
	NOT-FOR-US: WS_FTP
CVE-2006-4999
	RESERVED
CVE-2006-4998
	RESERVED
CVE-2006-4997 (The clip_mkip function in net/atm/clip.c of the ATM subsystem in Linux ...)
	{DSA-1237 DSA-1233}
	- linux-2.6 2.6.18-1
CVE-2006-4996 (Unspecified vulnerability in JoomlaLib (com_joomlalib) before 1.2.2 fo ...)
	NOT-FOR-US: JoomlaLib (com_joomlalib) for Joomla!
CVE-2006-4995 (PHP remote file inclusion vulnerability in BSQ Sitestats (bsq_sitestat ...)
	NOT-FOR-US: BSQ Sitestats for Joomla!
CVE-2006-4994 (Multiple unquoted Windows search path vulnerabilities in Apache Friend ...)
	NOT-FOR-US: XAMPP
CVE-2006-4993 (Multiple PHP remote file inclusion vulnerabilities in AllMyGuests 0.4. ...)
	NOT-FOR-US: AllMyGuests
CVE-2006-4992 (Multiple PHP remote file inclusion vulnerabilities in JD-WordPress for ...)
	NOT-FOR-US: JD-WordPress for Joomla!
CVE-2006-4991 (RSA Keon Certificate Authority (KeonCA) Manager 6.5.1 and 6.6 allows p ...)
	NOT-FOR-US: RSA Keon Certificate Authority (KeonCA) Manager
CVE-2006-4990 (Multiple PHP remote file inclusion vulnerabilities in PhotoPost allow  ...)
	NOT-FOR-US: PhotoPost
CVE-2006-4989 (Patrick Michaelis Wili-CMS allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: Wili-CMS
CVE-2006-4988 (Multiple cross-site scripting (XSS) vulnerabilities in Patrick Michael ...)
	NOT-FOR-US: Wili-CMS
CVE-2006-4987 (Multiple PHP remote file inclusion vulnerabilities in Patrick Michaeli ...)
	NOT-FOR-US: Wili-CMS
CVE-2006-4986 (Grayscale BandSite CMS allows remote attackers to obtain sensitive inf ...)
	NOT-FOR-US: BandSite CMS
CVE-2006-4985 (Multiple cross-site scripting (XSS) vulnerabilities in Grayscale BandS ...)
	NOT-FOR-US: BandSite CMS
CVE-2006-4984 (Multiple PHP remote file inclusion vulnerabilities in Grayscale BandSi ...)
	NOT-FOR-US: BandSite CMS
CVE-2006-4983 (Cisco NAC allows quarantined devices to communicate over the network w ...)
	NOT-FOR-US: Cisco
CVE-2006-4982 (Cisco NAC maintains an exception list that does not record device prop ...)
	NOT-FOR-US: Cisco
CVE-2006-4981 (Symantec Sygate NAC allows physically proximate attackers to bypass co ...)
	NOT-FOR-US: Symantec
CVE-2006-4980 (Buffer overflow in the repr function in Python 2.3 through 2.6 before  ...)
	{DSA-1198-1 DSA-1197-1}
	- python2.5 2.5-1 (bug #391589)
	- python2.4 2.4.3-9 (bug #391589)
	- python2.3 2.3.5-16 (bug #393053)
	- python2.2 <not-affected> (Compiled without UCS-4 support)
CVE-2006-4979 (Direct static code injection vulnerability in cfgphpquiz/install.php i ...)
	NOT-FOR-US: PhpQuiz
CVE-2006-4978 (Multiple SQL injection vulnerabilities in Walter Beschmout PhpQuiz 1.2 ...)
	NOT-FOR-US: PhpQuiz
CVE-2006-4977 (Multiple unrestricted file upload vulnerabilities in (1) back/upload_i ...)
	NOT-FOR-US: PhpQuiz
CVE-2006-4976 (The Date Library in John Lim ADOdb Library for PHP allows remote attac ...)
	- libphp-adodb <unfixed> (unimportant)
	- gallery2 <removed> (unimportant)
	- phppgadmin 5.1+ds-1 (unimportant)
	- egroupware <unfixed> (unimportant)
	- phpwiki <unfixed> (unimportant)
	- moodle <removed> (unimportant)
	NOTE: full path is known in Debian anyway
CVE-2006-4975 (Yahoo! Messenger for WAP permits saving messages that contain JavaScri ...)
	NOT-FOR-US: Yahoo! Messenger
CVE-2006-4974 (Buffer overflow in Ipswitch WS_FTP Limited Edition (LE) 5.08 allows re ...)
	NOT-FOR-US: WS_FTP
CVE-2006-4973 (Cross-site scripting (XSS) vulnerability in Default.aspx in Perpetual  ...)
	NOT-FOR-US: DotNetNuke
CVE-2006-4972 (Cross-site scripting (XSS) vulnerability in archive/index.php/forum-4. ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2006-4971 (MyBB (aka MyBulletinBoard) allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2006-4970 (PHP remote file inclusion vulnerability in enc/content.php in WAHM E-C ...)
	NOT-FOR-US: Pie Cart Pro
CVE-2006-4969 (Multiple PHP remote file inclusion vulnerabilities in WAHM E-Commerce  ...)
	NOT-FOR-US: Pie Cart Pro
CVE-2006-4968 (PHP remote file inclusion vulnerability in includes/functions_admin.ph ...)
	NOT-FOR-US: PNphpBB
	NOTE: code in phpBB is different and not affected
CVE-2006-4967 (Multiple cross-site scripting (XSS) vulnerabilities in NextAge Cart al ...)
	NOT-FOR-US: NextAge Cart
CVE-2006-4966 (PHP remote file inclusion vulnerability in inc/ifunctions.php in chump ...)
	NOT-FOR-US: phpQuestionnaire
CVE-2006-4965 (Apple QuickTime 7.1.3 Player and Plug-In allows remote attackers to ex ...)
	NOT-FOR-US: Apple
	NOTE: also used for related MFSA-2007-28, but still a QuickTime/Windows only issue
CVE-2006-4964 (Cross-site scripting (XSS) vulnerability in MAXdev MDPro 1.0.76 before ...)
	NOT-FOR-US: MAXdev MDPro
CVE-2006-4963 (Directory traversal vulnerability in index.php in Exponent CMS 0.96.3  ...)
	NOT-FOR-US: Exponent CMS
CVE-2006-4962 (Directory traversal vulnerability in pbd_engine.php in Php Blue Dragon ...)
	NOT-FOR-US: Php Blue Dragon
CVE-2006-4961 (SQL injection vulnerability in the GetModuleConfig function in public_ ...)
	NOT-FOR-US: Php Blue Dragon
CVE-2006-4960 (Cross-site scripting (XSS) vulnerability in index.php Php Blue Dragon  ...)
	NOT-FOR-US: Php Blue Dragon
CVE-2006-4959 (Sun Secure Global Desktop (SSGD, aka Tarantella) before 4.3 allows rem ...)
	NOT-FOR-US: Sun Secure Global Desktop
CVE-2006-4958 (Multiple cross-site scripting (XSS) vulnerabilities in Sun Secure Glob ...)
	NOT-FOR-US: Sun Secure Global Desktop
CVE-2006-4957 (SQL injection vulnerability in the GetMember function in functions.php ...)
	NOT-FOR-US: MyReview
CVE-2006-4956 (Cross-site scripting (XSS) vulnerability in the updateuser servlet in  ...)
	NOT-FOR-US: Neon WebMail for Java
CVE-2006-4955 (Directory traversal vulnerability in the downloadfile servlet in Neon  ...)
	NOT-FOR-US: Neon WebMail for Java
CVE-2006-4954 (The updateuser servlet in Neon WebMail for Java before 5.08 does not v ...)
	NOT-FOR-US: Neon WebMail for Java
CVE-2006-4953 (Multiple SQL injection vulnerabilities in Neon WebMail for Java before ...)
	NOT-FOR-US: Neon WebMail for Java
CVE-2006-4952 (The updatemail servlet in Neon WebMail for Java before 5.08 allows rem ...)
	NOT-FOR-US: Neon WebMail for Java
CVE-2006-4951 (Neon WebMail for Java before 5.08 allows remote attackers to execute a ...)
	NOT-FOR-US: Neon WebMail for Java
CVE-2006-4950 (Cisco IOS 12.2 through 12.4 before 20060920, as used by Cisco IAD2430, ...)
	NOT-FOR-US: Cisco
CVE-2006-4949 (Cross-site scripting (XSS) vulnerability in the Drupal 4.6 Site Profil ...)
	NOT-FOR-US: Profile Directory (profile_pages.module) for Drupal
CVE-2006-4948 (Stack-based buffer overflow in tftpd.exe in ProSysInfo TFTP Server TFT ...)
	NOT-FOR-US: TFTPDWIN
CVE-2006-4947 (Cross-site scripting (XSS) vulnerability in the Drupal 4.7 Search Keyw ...)
	NOT-FOR-US: Search Keywords module for Drupal
CVE-2006-4946 (PHP remote file inclusion vulnerability in include/startup.inc.php in  ...)
	NOT-FOR-US: CMSDevelopment Business Card Web Builder (BCWB)
CVE-2006-4945 (Multiple PHP remote file inclusion vulnerabilities in Cardway (aka Fre ...)
	NOT-FOR-US: DigitalWebShop
CVE-2006-4944 (PHP remote file inclusion vulnerability in includes/pear/Net/DNS/RR.ph ...)
	NOT-FOR-US: ProgSys
CVE-2006-4943 (course/jumpto.php in Moodle before 1.6.2 does not validate the session ...)
	- moodle 1.6.2-1
	[sarge] - moodle <not-affected> (File not present)
CVE-2006-4942 (Moodle before 1.6.2, when the configuration lacks (1) algebra or (2) t ...)
	- moodle 1.6.2-1
CVE-2006-4941 (Multiple cross-site scripting (XSS) vulnerabilities in Moodle before 1 ...)
	- moodle 1.6.2-1
CVE-2006-4940 (login/forgot_password.php in Moodle before 1.6.2 allows remote attacke ...)
	- moodle 1.6.2-1
	[sarge] - moodle <not-affected> (Function not present)
CVE-2006-4939 (backup/backup_scheduled.php in Moodle before 1.6.2 generates trace dat ...)
	- moodle 1.6.2-1 (unimportant)
	NOTE: Path disclosure
CVE-2006-4938 (help.php in Moodle before 1.6.2 does not check the existence of certai ...)
	- moodle 1.6.2-1 (unimportant)
	NOTE: Path disclosure
CVE-2006-4937 (lib/setup.php in Moodle before 1.6.2 sets the error reporting level to ...)
	- moodle 1.6.2-1
CVE-2006-4936 (Moodle before 1.6.2 does not properly validate the module instance id  ...)
	- moodle 1.6.2-1
CVE-2006-4935 (The Database module in Moodle before 1.6.2 does not properly handle up ...)
	- moodle 1.6.2-1
CVE-2006-4934
	RESERVED
CVE-2006-4933
	RESERVED
CVE-2006-4932
	RESERVED
CVE-2006-4931
	RESERVED
CVE-2006-4930
	RESERVED
CVE-2006-4929
	RESERVED
CVE-2006-4928
	RESERVED
CVE-2006-4927 (The (a) NAVENG (NAVENG.SYS) and (b) NAVEX15 (NAVEX15.SYS) device drive ...)
	NOT-FOR-US: Symantec AntiVirus
CVE-2006-4926 (The NDIS-TDI Hooking Engine, as used in the (1) KLICK (KLICK.SYS) and  ...)
	NOT-FOR-US: Kaspersky Labs
CVE-2006-4925 (packet.c in ssh in OpenSSH allows remote attackers to cause a denial o ...)
	- openssh 1:5.1p1-5 (unimportant)
	NOTE: That's a non-issue
CVE-2006-4924 (sshd in OpenSSH before 4.4, when using the version 1 SSH protocol, all ...)
	{DSA-1212 DSA-1189-1}
	- openssh 1:4.3p2-4 (low; bug #389995)
	- openssh-krb5 <unfixed> (low)
CVE-2006-4923 (Cross-site scripting (XSS) vulnerability in search.php in eSyndiCat Po ...)
	NOT-FOR-US: eSyndiCat Portal System
CVE-2006-4922 (Unrestricted file upload vulnerability in starnet/editors/htmlarea/pop ...)
	NOT-FOR-US: Site@School
CVE-2006-4921 (PHP remote file inclusion vulnerability in Site@School (S@S) 2.4.03 an ...)
	NOT-FOR-US: Site@School
CVE-2006-4920 (Multiple PHP remote file inclusion vulnerabilities in Site@School (S@S ...)
	NOT-FOR-US: Site@School
CVE-2006-4919 (Directory traversal vulnerability in starnet/editors/htmlarea/popups/i ...)
	NOT-FOR-US: Site@School
CVE-2006-4918 (Multiple PHP remote file inclusion vulnerabilities in Simple Discussio ...)
	NOT-FOR-US: Simple Discussion Board
CVE-2006-4917 (Cross-site scripting (XSS) vulnerability in search.php in PT News 1.7. ...)
	NOT-FOR-US: PT News
CVE-2006-4916 (SQL injection vulnerability in uye_profil.asp in Tekman Portal (TR) 1. ...)
	NOT-FOR-US: Tekman Portal
CVE-2006-4915 (Cross-site scripting (XSS) vulnerability in index.php in Innovate Port ...)
	NOT-FOR-US: Innovate Portal
CVE-2006-4914 (Directory traversal vulnerability in A.l-Pifou 1.8p2 allows remote att ...)
	NOT-FOR-US: A.l-Pifou
CVE-2006-4913 (Directory traversal vulnerability in chat/getStartOptions.php in Alstr ...)
	NOT-FOR-US: AlstraSoft E-friends
CVE-2006-4912 (PHP remote file inclusion vulnerability in PHP DocWriter 0.3 and earli ...)
	NOT-FOR-US: PHP DocWriter
CVE-2006-4911 (Unspecified vulnerability in Cisco IPS 5.0 before 5.0(6p2) and 5.1 bef ...)
	NOT-FOR-US: Cisco
CVE-2006-4910 (The web administration interface (mainApp) to Cisco IDS before 4.1(5c) ...)
	NOT-FOR-US: Cisco
CVE-2006-4909 (Cross-site scripting (XSS) vulnerability in Cisco Guard DDoS Mitigatio ...)
	NOT-FOR-US: Cisco
CVE-2006-4908 (OSU 3.11alpha and 3.10a allows remote attackers to obtain sensitive in ...)
	NOT-FOR-US: OSU
CVE-2006-4907 (OSU 3.11alpha and 3.10a allows remote attackers to obtain sensitive in ...)
	NOT-FOR-US: OSU
CVE-2006-4906 (SQL injection vulnerability in modules/calendar/week.php in More.group ...)
	NOT-FOR-US: More.groupware
CVE-2006-4905 (PHP remote file inclusion vulnerability in index.php in Artmedic Links ...)
	NOT-FOR-US: Artmedic Links
CVE-2006-4904 (Dynamic variable evaluation vulnerability in cmpi.php in Qualiteam X-C ...)
	NOT-FOR-US: X-Cart
CVE-2006-4903
	RESERVED
CVE-2006-4902 (The NetBackup bpcd daemon (bpcd.exe) in Symantec Veritas NetBackup 5.0 ...)
	NOT-FOR-US: Symantec Veritas NetBackup
CVE-2006-4901 (Computer Associates (CA) eTrust Security Command Center 1.0 and r8 up  ...)
	NOT-FOR-US: CA eTrust
CVE-2006-4900 (Directory traversal vulnerability in Computer Associates (CA) eTrust S ...)
	NOT-FOR-US: CA eTrust
CVE-2006-4899 (The ePPIServlet script in Computer Associates (CA) eTrust Security Com ...)
	NOT-FOR-US: CA eTrust
CVE-2006-4898 (PHP remote file inclusion vulnerability in include/phpxd/phpXD.php in  ...)
	NOT-FOR-US: guanxiCRM
CVE-2006-4897 (CMtextS 1.0 and earlier stores users_logins/admin.txt under the web do ...)
	NOT-FOR-US: CMtextS
CVE-2006-4896
	REJECTED
CVE-2006-4895 (IDevSpot NexieAffiliate 1.9 and earlier allows remote attackers to del ...)
	NOT-FOR-US: IDevSpot NexieAffiliate
CVE-2006-4894 (Cross-site scripting (XSS) vulnerability in forms/lostpassword.php in  ...)
	NOT-FOR-US: IDevSpot NexieAffiliate
CVE-2006-4893 (PHP remote file inclusion vulnerability in bb_usage_stats/includes/bb_ ...)
	NOT-FOR-US: phpBB XS
CVE-2006-4892 (SQL injection vulnerability in faqview.asp in Techno Dreams FAQ Manage ...)
	NOT-FOR-US: Techno Dreams FAQ
CVE-2006-4891 (SQL injection vulnerability in ArticlesTableview.asp in Techno Dreams  ...)
	NOT-FOR-US: Techno Dreams
CVE-2006-4890 (Multiple PHP remote file inclusion vulnerabilities in UNAK-CMS 1.5 and ...)
	NOT-FOR-US: UNAK-CMS
CVE-2006-4889 (Multiple PHP remote file inclusion vulnerabilities in Telekorn SignKor ...)
	NOT-FOR-US: Telekorn SignKorn Guestbook
CVE-2006-4888 (Microsoft Internet Explorer 6 and earlier allows remote attackers to c ...)
	NOT-FOR-US: Microsoft
CVE-2006-4887 (Apple Remote Desktop (ARD) for Mac OS X 10.2.8 and later does not drop ...)
	NOT-FOR-US: Apple
CVE-2006-4886 (The VirusScan On-Access Scan component in McAfee VirusScan Enterprise  ...)
	NOT-FOR-US: McAfee
CVE-2006-4885 (PHP remote file inclusion vulnerability in Shadowed Portal 5.599 and e ...)
	NOT-FOR-US: Shadowed Portal
CVE-2006-4884 (Multiple cross-site scripting (XSS) vulnerabilities in IDevSpot iSuppo ...)
	NOT-FOR-US: IDevSpot iSupport
CVE-2006-4883 (Multiple cross-site scripting (XSS) vulnerabilities in IDevSpot BizDir ...)
	NOT-FOR-US: IDevSpot BizDirectory
CVE-2006-4882 (SQL injection vulnerability in Review.asp in Julian Roberts Charon Car ...)
	NOT-FOR-US: Cart 3
CVE-2006-4881 (Multiple cross-site scripting (XSS) vulnerabilities in David Bennett P ...)
	NOT-FOR-US: PHP-Post (PHPp)
CVE-2006-4880 (David Bennett PHP-Post (PHPp) 1.0 and earlier allows remote attackers  ...)
	NOT-FOR-US: PHP-Post (PHPp)
CVE-2006-4879 (SQL injection vulnerability in profile.php in David Bennett PHP-Post ( ...)
	NOT-FOR-US: PHP-Post (PHPp)
CVE-2006-4878 (Directory traversal vulnerability in footer.php in David Bennett PHP-P ...)
	NOT-FOR-US: PHP-Post (PHPp)
CVE-2006-4877 (Variable overwrite vulnerability in David Bennett PHP-Post (PHPp) 1.0  ...)
	NOT-FOR-US: PHP-Post (PHPp)
CVE-2006-4876 (Multiple SQL injection vulnerabilities in Jupiter CMS allow remote att ...)
	NOT-FOR-US: Jupiter CMS
CVE-2006-4875 (Unrestricted file upload vulnerability in modules/galleryuploadfunctio ...)
	NOT-FOR-US: Jupiter CMS
CVE-2006-4874 (Multiple cross-site scripting (XSS) vulnerabilities in Jupiter CMS all ...)
	NOT-FOR-US: Jupiter CMS
CVE-2006-4873 (Jupiter CMS allows remote attackers to obtain sensitive information vi ...)
	NOT-FOR-US: Jupiter CMS
CVE-2006-4872 (SQL injection vulnerability in search.asp in Keyvan1 (aka Keyvan Jangh ...)
	NOT-FOR-US: ECardPro
CVE-2006-4871 (SQL injection vulnerability in search_run.asp in Keyvan1 (aka Keyvan J ...)
	NOT-FOR-US: EShoppingPro
CVE-2006-4870 (Multiple PHP remote file inclusion vulnerabilities in AEDating 4.1, an ...)
	NOT-FOR-US: AEDating
CVE-2006-4869 (PHP remote file inclusion vulnerability in phpunity-postcard.php in ph ...)
	NOT-FOR-US: phpunity.postcard
CVE-2006-4868 (Stack-based buffer overflow in the Vector Graphics Rendering engine (v ...)
	NOT-FOR-US: Microsoft
CVE-2006-4867 (SQL injection vulnerability in mods.php in GNUTurk 2G and earlier allo ...)
	NOT-FOR-US: GNUTurk
CVE-2006-4866 (Buffer overflow in kextload in Apple OS X, as used by TDIXSupport in R ...)
	NOT-FOR-US: Apple
CVE-2006-4865 (Walter Beschmout PhpQuiz allows remote attackers to obtain sensitive i ...)
	NOT-FOR-US: PhpQuiz
CVE-2006-4864 (PHP remote file inclusion vulnerability in index.php in All Enthusiast ...)
	NOT-FOR-US: ReviewPost
CVE-2006-4863
	NOT-FOR-US: mcLinksCounter
CVE-2006-4862 (SQL injection vulnerability in default.aspx in easypage allows remote  ...)
	NOT-FOR-US: easypage
CVE-2006-4861 (SQL injection vulnerability in loginprocess.asp in Mohammed Mehdi Panj ...)
	NOT-FOR-US: Complain Center
CVE-2006-4860 (Multiple unspecified vulnerabilities in (1) index.php, (2) minixml.inc ...)
	NOT-FOR-US: Limbo
CVE-2006-4859 (Unrestricted file upload vulnerability in contact.html.php in the Cont ...)
	NOT-FOR-US: Limbo
CVE-2006-4858 (PHP remote file inclusion vulnerability in install.serverstat.php in t ...)
	NOT-FOR-US: Serverstat (com_serverstat) component for Mambo
CVE-2006-4857 (SQL injection vulnerability in default.asp (aka the login page) in Cli ...)
	NOT-FOR-US: ClickBlog
CVE-2006-4856 (Multiple cross-site scripting (XSS) vulnerabilities in Roller WebLogge ...)
	NOT-FOR-US: WebLogger
CVE-2006-4855 (The \Device\SymEvent driver in Symantec Norton Personal Firewall 2006  ...)
	NOT-FOR-US: Symantec
CVE-2006-4854
	REJECTED
CVE-2006-4853 (SQL injection vulnerability in kategorix.asp in Haberx 1.02 through 1. ...)
	NOT-FOR-US: Haberx
CVE-2006-4852 (SQL injection vulnerability in browse.asp in QuadComm Q-Shop 3.5 allow ...)
	NOT-FOR-US: QuadComm Q-Shop
CVE-2006-4851 (PHP remote file inclusion vulnerability in system/_b/contentFiles/gBHT ...)
	NOT-FOR-US: BolinOS
CVE-2006-4850 (PHP remote file inclusion vulnerability in system/_b/contentFiles/gBIn ...)
	NOT-FOR-US: BolinOS
CVE-2006-4849 (PHP remote file inclusion vulnerability in header.php in MobilePublish ...)
	NOT-FOR-US: MobilePublisherPHP
CVE-2006-4848
	NOT-FOR-US: Hitweb
CVE-2006-4847 (Multiple buffer overflows in Ipswitch WS_FTP Server 5.05 before Hotfix ...)
	NOT-FOR-US: WS_FTP
CVE-2006-4846 (Unspecified vulnerability in Citrix Access Gateway with Advanced Acces ...)
	NOT-FOR-US: Citrix
CVE-2006-4845 (PHP remote file inclusion vulnerability in includes/footer.html.inc.ph ...)
	NOT-FOR-US: TeamCal
CVE-2006-4844 (PHP remote file inclusion vulnerability in inc/claro_init_local.inc.ph ...)
	NOT-FOR-US: Claroline
CVE-2006-4843 (Cross-site scripting (XSS) vulnerability in the Active Content Filter  ...)
	NOT-FOR-US: IBM Lotus Domino
CVE-2006-4842 (The Netscape Portable Runtime (NSPR) API 4.6.1 and 4.6.2, as used in S ...)
	- xulrunner 1.8.0.9-1 (low; bug #405062)
	[sarge] - mozilla <no-dsa> (Minor issue)
	NOTE: could not find setuid binary in sid, but evolution-data-server has a setgid mail binary
	NOTE: see https://bugzilla.mozilla.org/show_bug.cgi?id=351470
CVE-2006-4841
	RESERVED
CVE-2006-4840
	REJECTED
CVE-2006-4839 (Sophos Anti-Virus 5.1 allows remote attackers to cause a denial of ser ...)
	NOT-FOR-US: Sophos
CVE-2006-4838 (Multiple cross-site scripting (XSS) vulnerabilities in DCP-Portal SE 6 ...)
	NOT-FOR-US: DCP-Portal
CVE-2006-4837 (Multiple PHP remote file inclusion vulnerabilities in DCP-Portal SE 6. ...)
	NOT-FOR-US: DCP-Portal
CVE-2006-4836 (SQL injection vulnerability in login.php in DCP-Portal SE 6.0 allows r ...)
	NOT-FOR-US: DCP-Portal
CVE-2006-4835 (Bluview Blue Magic Board (BMB) (aka BMForum) 5.5 allows remote attacke ...)
	NOT-FOR-US: Blue Magic Board (BMB) (aka BMForum)
CVE-2006-4834 (PHP remote file inclusion vulnerability in index.php in Jule Slootbeek ...)
	NOT-FOR-US: phpQuiz
CVE-2006-4833 (Verso NetPerformer FRAD ACT SDM-95xx 7.xx (R1) and earlier, SDM-93xx 1 ...)
	NOT-FOR-US: NetPerformer
CVE-2006-4832 (Buffer overflow in the telnet service in Verso NetPerformer FRAD ACT S ...)
	NOT-FOR-US: NetPerformer
CVE-2006-4831 (Unspecified vulnerability in IP over DNS is now easy (iodine) before 0 ...)
	NOT-FOR-US: IP over DNS is now easy (iodine)
CVE-2006-4830 (Directory traversal vulnerability in EditBlogTemplatesPlugin.java in D ...)
	NOT-FOR-US: Blojsom
CVE-2006-4829 (Multiple cross-site scripting (XSS) vulnerabilities in David Czarnecki ...)
	NOT-FOR-US: Blojsom
CVE-2006-4828 (PHP remote file inclusion vulnerability in zipndownload.php in PhotoPo ...)
	NOT-FOR-US: PhotoPost
CVE-2006-4827 (Multiple PHP remote file inclusion vulnerabilities in Vmist Downstat 1 ...)
	NOT-FOR-US: Vmist Downstat
CVE-2006-4826 (PHP remote file inclusion vulnerability in bottom.php in Shadowed Port ...)
	NOT-FOR-US: Shadowed Portal
CVE-2006-4825 (Multiple cross-site scripting (XSS) vulnerabilities in cl_files/index. ...)
	NOT-FOR-US: PHP Event Calendar
CVE-2006-4824 (PHP remote file inclusion vulnerability in lib/activeutil.php in Quick ...)
	NOT-FOR-US: Quicksilver Forums (QSF)
CVE-2006-4823 (PHP remote file inclusion vulnerability in scripts/news_page.php in Re ...)
	NOT-FOR-US: Magic News
CVE-2006-4822 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in eM ...)
	NOT-FOR-US: emuCMS
CVE-2006-4821 (Cross-site scripting (XSS) vulnerability in the Drupal 4.7 Userreview  ...)
	NOT-FOR-US: Drupal Userreview module
CVE-2006-4820 (Unspecified vulnerability in X.25 on HP-UX B.11.00, B.11.11, and B.11. ...)
	NOT-FOR-US: HP-UX
CVE-2006-4819 (Heap-based buffer overflow in Opera 9.0 and 9.01 allows remote attacke ...)
	NOT-FOR-US: Opera
CVE-2006-4818
	RESERVED
CVE-2006-4817
	RESERVED
CVE-2006-4816
	RESERVED
CVE-2006-4815
	RESERVED
CVE-2006-4814 (The mincore function in the Linux kernel before 2.4.33.6 does not prop ...)
	{DSA-1503-2 DSA-1503-1 DSA-1304}
	- linux-2.6 2.6.18.dfsg.1-9 (low)
	- kernel-patch-openvz 028.18.1
CVE-2006-4813 (The __block_prepare_write function in fs/buffer.c for Linux kernel 2.6 ...)
	{DSA-1233}
	- linux-2.6 2.6.13-1
CVE-2006-4812 (Integer overflow in PHP 5 up to 5.1.6 and 4 before 4.3.0 allows remote ...)
	- php4 <not-affected>
	- php5 5.1.6-5 (bug #391586)
CVE-2006-4811 (Integer overflow in Qt 3.3 before 3.3.7, 4.1 before 4.1.5, and 4.2 bef ...)
	{DSA-1200-1}
	- qt-x11-free 3:3.3.7-1 (bug #394192; bug #394313)
	- qt4-x11 4.2.1-1 (bug #394192)
CVE-2006-4810 (Buffer overflow in the readline function in util/texindex.c, as used b ...)
	{DSA-1219}
	- texinfo 4.8.dfsg.1-4
CVE-2006-4809 (Stack-based buffer overflow in loader_pnm.c in imlib2 before 1.2.1, an ...)
	- imlib2 1.3.0.0debian1-3 (medium; bug #397371)
CVE-2006-4808 (Heap-based buffer overflow in loader_tga.c in imlib2 before 1.2.1, and ...)
	- imlib2 1.3.0.0debian1-3 (medium; bug #397371)
CVE-2006-4807 (loader_tga.c in imlib2 before 1.2.1, and possibly other versions, allo ...)
	- imlib2 1.3.0.0debian1-3 (medium; bug #397371)
CVE-2006-4806 (Multiple integer overflows in imlib2 allow user-assisted remote attack ...)
	- imlib2 1.3.0.0debian1-3 (medium; bug #397371)
CVE-2006-4805 (epan/dissectors/packet-xot.c in the XOT dissector (dissect_xot_pdu) in ...)
	{DSA-1201-1}
	- wireshark 0.99.4-1 (bug #396258; medium)
CVE-2006-4804
	RESERVED
CVE-2006-4803 (The Fan-Out Linux and UNIX receiver scripts in Novell Identity Manager ...)
	NOT-FOR-US: Novell Identity Manager
CVE-2006-4802 (Format string vulnerability in the Real Time Virus Scan service in Sym ...)
	NOT-FOR-US: Symantec
CVE-2006-4801 (Race condition in Deja Vu, as used in Roxio Toast Titanium 7 and possi ...)
	NOT-FOR-US: Roxio Toast
CVE-2006-4800 (Multiple buffer overflows in libavcodec in ffmpeg before 0.4.9_p200605 ...)
	{DSA-1215}
	- ffmpeg 0.cvs20060329-1
	- xmovie <removed>
	- xine-lib 1.1.2-1
	- gst-ffmpeg 0.8.7-7 (medium; bug #401304)
	- gstreamer0.10-ffmpeg 0.10.1-3 (medium; bug #401311)
	- mplayer 1.0~rc1-1
	NOTE: according to the changelog, libxine (starting from 1.1.2-4) links dynamically against ffmpeg
CVE-2006-4799 (Buffer overflow in ffmpeg for xine-lib before 1.1.2 might allow contex ...)
	{DSA-1215}
	- xine-lib 1.1.2-1 (bug #369876; medium)
	NOTE: according to the changelog, libxine (starting from 1.1.2-4) links dynamically against ffmpeg
CVE-2006-4798 (SQL-Ledger before 2.4.4 stores a password in a query string, which mig ...)
	- sql-ledger 2.4.5-1
CVE-2006-4797 (Cross-site scripting (XSS) vulnerability in tag.php in CloudNine Inter ...)
	NOT-FOR-US: CJ Tag Board
CVE-2006-4796 (Cross-site scripting (XSS) vulnerability in forum.asp in Snitz Forums  ...)
	NOT-FOR-US: Snitz Forums
CVE-2006-4795 (Unspecified vulnerability in the Address and Routing Parameter Area (A ...)
	NOT-FOR-US: HP-UX
CVE-2006-4794 (Multiple cross-site scripting (XSS) vulnerabilities in e107 0.7.5 allo ...)
	NOT-FOR-US: e107
CVE-2006-4793 (Multiple SQL injection vulnerabilities in icerik.asp in TualBLOG 1.0 a ...)
	NOT-FOR-US: TualBLOG
CVE-2006-5778 (ftpd in linux-ftpd 0.17, and possibly other versions, performs a chdir ...)
	{DSA-1217}
	- linux-ftpd 0.17-23 (low; bug #384454)
CVE-2006-XXXX [ejabberd HTML code injection]
	- ejabberd 1.1.1-8
CVE-2006-4792
	RESERVED
CVE-2006-4791
	RESERVED
CVE-2006-4789 (Buffer overflow in Open Movie Editor 0.0.20060901 allows local users t ...)
	NOT-FOR-US: Open Movie Editor
CVE-2006-4788 (PHP remote file inclusion vulnerability in includes/log.inc.php in Tel ...)
	NOT-FOR-US: SignKorn Guestbook
CVE-2006-4787 (AlphaMail before 1.0.16 allows local users to obtain sensitive informa ...)
	NOT-FOR-US: AlphaMail
CVE-2006-4786 (Moodle 1.6.1 and earlier allows remote attackers to obtain sensitive i ...)
	- moodle 1.6.2-1 (low)
CVE-2006-4785 (SQL injection vulnerability in blog/edit.php in Moodle 1.6.1 and earli ...)
	- moodle 1.6.2-1 (medium; bug #387177)
CVE-2006-4784 (Multiple cross-site scripting (XSS) vulnerabilities in Moodle 1.6.1 an ...)
	- moodle 1.6.2-1 (low)
CVE-2006-4783 (SQL injection vulnerability in squads.php in WebSPELL 4.01.01 and earl ...)
	NOT-FOR-US: WebSPELL
CVE-2006-4782 (src/index.php in WebSPELL 4.01.01 and earlier, when register_globals i ...)
	NOT-FOR-US: WebSPELL
CVE-2006-4781 (Heap-based buffer overflow in FutureSoft TFTP Server Multithreaded (MT ...)
	NOT-FOR-US: FutureSoft TFTP Server
CVE-2006-4780 (PHP remote file inclusion vulnerability in includes/functions.php in p ...)
	NOT-FOR-US: phpBB XS
CVE-2006-4779 (PHP remote file inclusion vulnerability in includes/functions_portal.p ...)
	NOT-FOR-US: Vitrax Premodded phpBB
CVE-2006-4778 (SQL injection vulnerability in Creative Commons Tools ccHost before 3. ...)
	NOT-FOR-US: Creative Commons Tools ccHost
CVE-2006-4777 (Heap-based buffer overflow in the DirectAnimation Path Control (Direct ...)
	NOT-FOR-US: DirectAnimation.PathControl
CVE-2006-4776 (Heap-based buffer overflow in the VLAN Trunking Protocol (VTP) feature ...)
	NOT-FOR-US: Cisco
CVE-2006-4775 (The VLAN Trunking Protocol (VTP) feature in Cisco IOS 12.1(19) and Cat ...)
	NOT-FOR-US: Cisco
CVE-2006-4774 (The VLAN Trunking Protocol (VTP) feature in Cisco IOS 12.1(19) allows  ...)
	NOT-FOR-US: Cisco
CVE-2006-4773 (Sun StorEdge 6130 Array Controllers with firmware 06.12.10.11 and earl ...)
	NOT-FOR-US: Sun StorEdge
CVE-2006-4772 (HotPlug CMS stores sensitive information under the web root with insuf ...)
	NOT-FOR-US: HotPlug CMS
CVE-2006-4771 (Cross-site scripting (XSS) vulnerability in haut.php in ForumJBC 4 all ...)
	NOT-FOR-US: ForumJBC
CVE-2006-4770 (PHP remote file inclusion vulnerability in menu.php in MiniPort@l 2.0  ...)
	NOT-FOR-US: MiniPort@l
CVE-2006-4769 (PHP remote file inclusion vulnerability in abf_js.php in p4CMS 1.05 al ...)
	NOT-FOR-US: p4CMS
CVE-2006-4768 (Multiple direct static code injection vulnerabilities in add_go.php in ...)
	NOT-FOR-US: Stefan Ernst Newsscript (aka WM-News)
CVE-2006-4767 (Multiple directory traversal vulnerabilities in Stefan Ernst Newsscrip ...)
	NOT-FOR-US: Stefan Ernst Newsscript (aka WM-News)
CVE-2006-4766 (Directory traversal vulnerability in print.php in Stefan Ernst Newsscr ...)
	NOT-FOR-US: Stefan Ernst Newsscript (aka WM-News)
CVE-2006-4765 (NETGEAR DG834GT Wireless ADSL router running firmware 1.01.28 allows a ...)
	NOT-FOR-US: NETGEAR
CVE-2006-4764 (PHP remote file inclusion vulnerability in common.php in Thomas LETE W ...)
	NOT-FOR-US: WTools
CVE-2006-4763 (IBM Lotus Domino Web Access (DWA) 7.0.1 does not expire a client's Lig ...)
	NOT-FOR-US: IBM Lotus Domino Web Access
CVE-2006-4762 (Multiple cross-site scripting (XSS) vulnerabilities in Ykoon RssReader ...)
	NOT-FOR-US: Ykoon RssReader
CVE-2006-4761 (Multiple cross-site scripting (XSS) vulnerabilities in Luke Hutteman S ...)
	NOT-FOR-US: SharpReader
CVE-2006-4760 (Multiple cross-site scripting (XSS) vulnerabilities in Benjamin Pasero ...)
	NOT-FOR-US: RSSOwl
CVE-2006-4759 (PunBB 1.2.12 does not properly handle an avatar directory pathname end ...)
	NOT-FOR-US: PunBB
CVE-2006-4758 (phpBB 2.0.21 does not properly handle pathnames ending in %00, which a ...)
	{DSA-1488-1}
	- phpbb2 2.0.21-4 (bug #388120; unimportant)
	NOTE: Only exploitable by admins, which you'd need to trust
CVE-2006-4757 (Multiple SQL injection vulnerabilities in the admin section in e107 0. ...)
	NOT-FOR-US: e107
CVE-2006-4756 (SQL injection vulnerability in alpha.php in phpMyDirectory 10.4.6 and  ...)
	NOT-FOR-US: phpMyDirectory
CVE-2006-4755 (Cross-site scripting (XSS) vulnerability in alpha.php in phpMyDirector ...)
	NOT-FOR-US: phpMyDirectory
CVE-2006-4754 (Cross-site scripting (XSS) vulnerability in index.php in PHProg before ...)
	NOT-FOR-US: PHProg
CVE-2006-4753 (Directory traversal vulnerability in index.php in PHProg before 1.1 al ...)
	NOT-FOR-US: PHProg
CVE-2006-4752 (Laurentiu Matei eXpandable Home Page (XHP) CMS 0.5.1 allows remote att ...)
	NOT-FOR-US: Laurentiu Matei eXpandable Home Page (XHP) CMS
CVE-2006-4751 (Cross-site scripting (XSS) vulnerability in index.php in Laurentiu Mat ...)
	NOT-FOR-US: Laurentiu Matei eXpandable Home Page (XHP) CMS
CVE-2006-4750 (PHP remote file inclusion vulnerability in openi-admin/base/fileloader ...)
	NOT-FOR-US: OPENi-CMS
CVE-2006-4749 (Multiple PHP remote file inclusion vulnerabilities in PHP Advanced Tra ...)
	NOT-FOR-US: PHP Advanced Transfer Manager (phpATM)
CVE-2006-4748 (Multiple SQL injection vulnerabilities in F-ART BLOG:CMS 4.1 allow rem ...)
	NOT-FOR-US: F-ART BLOG:CMS
CVE-2006-4747 (Multiple cross-site scripting (XSS) vulnerabilities in IdevSpot TextAd ...)
	NOT-FOR-US: IdevSpot TextAds
CVE-2006-4746 (PHP remote file inclusion vulnerability in news/include/customize.php  ...)
	NOT-FOR-US: Web Server Creator
CVE-2006-4745 (ScaryBear PocketExpense Pro 3.9.1 uses an internally recorded key to p ...)
	NOT-FOR-US: ScaryBear PocketExpense Pro
CVE-2006-4744 (Abidia (1) O-Anywhere and (2) Abidia Wireless transmit authentication  ...)
	NOT-FOR-US: Abidia (1) O-Anywhere and (2) Abidia Wireless
CVE-2006-4743 (WordPress 2.0.2 through 2.0.5 allows remote attackers to obtain sensit ...)
	- wordpress 2.0.5-0.1 (unimportant)
	NOTE: path disclosure only
CVE-2006-4742 (Cross-site scripting (XSS) vulnerability in user_add.php in IDevSpot P ...)
	NOT-FOR-US: PhpLinkExchange
CVE-2006-4741 (PHP remote file inclusion vulnerability in bits_listings.php in IDevSp ...)
	NOT-FOR-US: PhpLinkExchange
CVE-2006-4740 (Jetbox CMS allows remote attackers to obtain sensitive information via ...)
	NOT-FOR-US: Jetbox CMS
CVE-2006-4739 (Multiple cross-site scripting (XSS) vulnerabilities in Jetbox CMS allo ...)
	NOT-FOR-US: Jetbox CMS
CVE-2006-4738 (PHP remote file inclusion vulnerability in phpthumb.php in Jetbox CMS  ...)
	NOT-FOR-US: Jetbox CMS
CVE-2006-4737 (SQL injection vulnerability in index.php in Jetbox CMS allows remote a ...)
	NOT-FOR-US: Jetbox CMS
CVE-2006-4736 (Multiple SQL injection vulnerabilities in index.php in CMS.R. 5.5 allo ...)
	NOT-FOR-US: CMS.R
CVE-2006-4735 (Kellan Elliott-McCrea MagpieRSS allows remote attackers to obtain sens ...)
	- magpierss <unfixed> (unimportant)
	NOTE: path disclosure only
CVE-2006-4734 (Multiple SQL injection vulnerabilities in tiki-g-admin_processes.php i ...)
	- tikiwiki 1.9.5+dfsg1-2 (medium; bug #388122)
CVE-2006-4733 (PHP remote file inclusion vulnerability in sipssys/code/box.inc.php in ...)
	NOT-FOR-US: simple, integrated publishing system (SIPS)
CVE-2006-4732 (Unspecified vulnerability in Microsoft Visual Basic (VB) 6 has an unkn ...)
	NOT-FOR-US: Microsoft
CVE-2006-4731 (Multiple directory traversal vulnerabilities in (1) login.pl and (2) a ...)
	{DSA-1239-1}
	- sql-ledger 2.6.19-1
CVE-2006-4730
	RESERVED
CVE-2006-4729
	RESERVED
CVE-2006-4728
	RESERVED
CVE-2006-4727 (Cross-site scripting (XSS) vulnerability in emfadmin/statusView.do in  ...)
	NOT-FOR-US: Tumbleweed EMF Administration Module
CVE-2006-4726 (Cross-site scripting (XSS) vulnerability in Adobe ColdFusion MX 6.1 th ...)
	NOT-FOR-US: Adobe
CVE-2006-4725 (Adobe ColdFusion MX 7 and 7.01 allows local users to bypass security r ...)
	NOT-FOR-US: Adobe
CVE-2006-4724 (Unspecified vulnerability in the ColdFusion Flash Remoting Gateway in  ...)
	NOT-FOR-US: Adobe
CVE-2006-4723 (PHP remote file inclusion vulnerability in raidenhttpd-admin/slice/che ...)
	NOT-FOR-US: RaidenHTTPD
CVE-2006-4722 (PHP remote file inclusion vulnerability in Open Bulletin Board (OpenBB ...)
	NOT-FOR-US: Open Bulletin Board (OpenBB)
CVE-2006-4721 (Directory traversal vulnerability in admin.php in CCleague Pro Sports  ...)
	NOT-FOR-US: CCleague Pro Sports CMS
CVE-2006-4720 (PHP remote file inclusion vulnerability in random2.php in mcGalleryPRO ...)
	NOT-FOR-US: mcGalleryPRO
CVE-2006-4719 (Multiple PHP remote file inclusion vulnerabilities in MyABraCaDaWeb 1. ...)
	NOT-FOR-US: MyABraCaDaWeb
CVE-2006-4718 (Multiple cross-site scripting (XSS) vulnerabilities in livre_or.php in ...)
	NOT-FOR-US: KorviBlog
CVE-2006-4717 (The login redirection mechanism in the Drupal 4.7 Pubcookie module bef ...)
	NOT-FOR-US: Pubcookie module for Drupal
CVE-2006-4716 (PHP remote file inclusion vulnerability in demarrage.php in Fire Soft  ...)
	NOT-FOR-US: Fire Soft Board (FSB)
CVE-2006-4715 (SQL injection vulnerability in pdf_version.php in SpoonLabs Vivvo Arti ...)
	NOT-FOR-US: SpoonLabs Vivvo Article Management CMS
CVE-2006-4714 (PHP remote file inclusion vulnerability in index.php in SpoonLabs Vivv ...)
	NOT-FOR-US: SpoonLabs Vivvo Article Management CMS
CVE-2006-4713 (PHP remote file inclusion vulnerability in config.php in PSYWERKS PUMA ...)
	NOT-FOR-US: PSYWERKS PUMA
CVE-2006-4712 (Multiple cross-site scripting (XSS) vulnerabilities in Sage 1.3.6 allo ...)
	- firefox-sage 1.3.6-3 (bug #388149; medium)
CVE-2006-4711 (Multiple cross-site scripting (XSS) vulnerabilities in Sage allow remo ...)
	- firefox-sage 1.3.6-3 (bug #388149; medium)
CVE-2006-4710 (Multiple cross-site scripting (XSS) vulnerabilities in NewsGator FeedD ...)
	NOT-FOR-US: NewsGator FeedDemon
CVE-2006-4709 (SQL injection vulnerability in topic.php in Vikingboard 0.1b allows re ...)
	NOT-FOR-US: Vikingboard
CVE-2006-4708 (Multiple cross-site scripting (XSS) vulnerabilities in Vikingboard 0.1 ...)
	NOT-FOR-US: Vikingboard
CVE-2006-4707 (Cross-site scripting (XSS) vulnerability in admin/global.php (aka the  ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2006-4706 (Cross-site scripting (XSS) vulnerability in inc/functions_post.php in  ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2006-4705 (SQL injection vulnerability in login.php in dwayner79 and Dominic Gamb ...)
	NOT-FOR-US: Timesheet (aka Timesheet.php)
CVE-2006-4704 (Cross-zone scripting vulnerability in the WMI Object Broker (WMIScript ...)
	NOT-FOR-US: Microsoft
CVE-2006-4703
	REJECTED
CVE-2006-4702 (Buffer overflow in the Windows Media Format Runtime in Microsoft Windo ...)
	NOT-FOR-US: Microsoft
CVE-2006-4701
	REJECTED
CVE-2006-4700
	REJECTED
CVE-2006-4699
	REJECTED
CVE-2006-4698
	REJECTED
CVE-2006-4697 (Microsoft Internet Explorer 5.01, 6, and 7 uses certain COM objects fr ...)
	NOT-FOR-US: Microsoft
CVE-2006-4696 (Unspecified vulnerability in the Server service in Microsoft Windows 2 ...)
	NOT-FOR-US: Microsoft
CVE-2006-4695 (Unspecified vulnerability in certain COM objects in Microsoft Office W ...)
	NOT-FOR-US: Microsoft Office
CVE-2006-4694 (Unspecified vulnerability in PowerPoint in Microsoft Office 2000, Offi ...)
	NOT-FOR-US: Microsoft
CVE-2006-4693 (Unspecified vulnerability in Microsoft Word 2004 for Mac and v.X for M ...)
	NOT-FOR-US: Microsoft Word
CVE-2006-4692 (Argument injection vulnerability in the Windows Object Packager (packa ...)
	NOT-FOR-US: Microsoft Word
CVE-2006-4691 (Stack-based buffer overflow in the NetpManageIPCConnect function in th ...)
	NOT-FOR-US: Microsoft
CVE-2006-4690
	REJECTED
CVE-2006-4689 (Unspecified vulnerability in the driver for the Client Service for Net ...)
	NOT-FOR-US: Microsoft
CVE-2006-4688 (Buffer overflow in Client Service for NetWare (CSNW) in Microsoft Wind ...)
	NOT-FOR-US: Microsoft
CVE-2006-4687 (Microsoft Internet Explorer 5.01 through 6 allows remote attackers to  ...)
	NOT-FOR-US: Microsoft
CVE-2006-4686 (Buffer overflow in the Extensible Stylesheet Language Transformations  ...)
	NOT-FOR-US: Microsoft
CVE-2006-4685 (The XMLHTTP ActiveX control in Microsoft XML Parser 2.6 and XML Core S ...)
	NOT-FOR-US: Microsoft
CVE-2006-4684 (The docutils module in Zope (Zope2) 2.7.0 through 2.7.9 and 2.8.0 thro ...)
	{DSA-1176-1}
	- zope2.7 <removed>
	- zope2.8 2.8.8-2
CVE-2006-4683 (IBM Director before 5.10 allows remote attackers to obtain sensitive i ...)
	NOT-FOR-US: IBM Director
CVE-2006-4682 (Multiple unspecified vulnerabilities in IBM Director before 5.10 allow ...)
	NOT-FOR-US: IBM Director
CVE-2006-4681 (Directory traversal vulnerability in Redirect.bat in IBM Director befo ...)
	NOT-FOR-US: IBM Director
CVE-2006-4680 (The Remote UI in Canon imageRUNNER includes usernames and passwords wh ...)
	NOT-FOR-US: Canon imageRUNNER
CVE-2006-4679 (DokuWiki before 2006-03-09c enables the debug feature by default, whic ...)
	- dokuwiki 0.0.20060309-5.1 (low; bug #388082)
CVE-2006-4678 (PHP remote file inclusion vulnerability in News Evolution 3.0.3 allows ...)
	NOT-FOR-US: News Evolution
CVE-2006-4677
	NOT-FOR-US: phpopenchat
CVE-2006-4676 (TIBCO RendezVous 7.4.11 and earlier logs base64-encoded usernames and  ...)
	NOT-FOR-US: TIBCO RendezVous
CVE-2006-4675 (Unrestricted file upload vulnerability in lib/exe/media.php in DokuWik ...)
	- dokuwiki 0.0.20060309-5.1 (medium; bug #388082)
CVE-2006-4674 (Direct static code injection vulnerability in doku.php in DokuWiki bef ...)
	- dokuwiki 0.0.20060309-5.1 (medium; bug #388082)
CVE-2006-4673 (Global variable overwrite vulnerability in maincore.php in PHP-Fusion  ...)
	NOT-FOR-US: PHP-Fusion
CVE-2006-4672 (PHP remote file inclusion vulnerability in profitCode ppalCart 2.5 EE, ...)
	NOT-FOR-US: ppalCart
CVE-2006-4671 (PHP remote file inclusion vulnerability in headlines.php in Fantastic  ...)
	NOT-FOR-US: Fantastic News
CVE-2006-4670 (Multiple PHP remote file inclusion vulnerabilities in PhotoKorn Galler ...)
	NOT-FOR-US: PhotoKorn Gallery
CVE-2006-4669 (PHP remote file inclusion vulnerability in admin/system/include.php in ...)
	NOT-FOR-US: Somery
CVE-2006-4668 (Cross-site scripting (XSS) vulnerability in index.php in Rob Hensley A ...)
	NOT-FOR-US: AckerTodo
CVE-2006-4667 (Multiple SQL injection vulnerabilities in RunCMS 1.4.1 allow remote at ...)
	NOT-FOR-US: RunCMS
CVE-2006-4666 (Multiple PHP remote file inclusion vulnerabilities in Stefan Ernst New ...)
	NOT-FOR-US: Newsscript (aka WM-News)
CVE-2006-4665 (Cross-site scripting (XSS) vulnerability in index.php in MKPortal M1.1 ...)
	NOT-FOR-US: MKPortal
CVE-2006-4664 (PHP remote file inclusion vulnerability in includes/functions_portal.p ...)
	NOT-FOR-US: Premod Shadow
CVE-2006-4663
	NOT-FOR-US: User problem
CVE-2006-4662 (Heap-based buffer overflow in the MCRegEx__Search function in AOL ICQ  ...)
	NOT-FOR-US: AOL ICQ
CVE-2006-4661 (AOL ICQ Toolbar 1.3 for Internet Explorer (toolbaru.dll) does not prop ...)
	NOT-FOR-US: AOL ICQ Toolbar
CVE-2006-4660 (Multiple cross-site scripting (XSS) vulnerabilities in the RSS Feed mo ...)
	NOT-FOR-US: AOL ICQ Toolbar
CVE-2006-4659 (The Panda Platinum Internet Security 2006 10.02.01 and 2007 11.00.00 u ...)
	NOT-FOR-US: Panda Platinum Internet Security
CVE-2006-4658 (Panda Platinum Internet Security 2006 10.02.01 and 2007 11.00.00 uses  ...)
	NOT-FOR-US: Panda Platinum Internet Security
CVE-2006-4657 (Panda Platinum Internet Security 2006 10.02.01 and 2007 11.00.00 store ...)
	NOT-FOR-US: Panda Platinum Internet Security
CVE-2006-4656 (PHP remote file inclusion vulnerability in admin/editeur/spaw_control. ...)
	NOT-FOR-US: Web Provence SL_Site
CVE-2006-4655 (Buffer overflow in the Strcmp function in the XKEYBOARD extension in X ...)
	NOT-FOR-US: X11R6.4
CVE-2006-4654 (Format string vulnerability in Easy Address Book Web Server 1.2 allows ...)
	NOT-FOR-US: Address Book Web Server
CVE-2006-4653 ((1) Amazing Little Poll and (2) Amazing Little Picture Poll store sens ...)
	NOT-FOR-US: Amazing Little Poll
CVE-2006-4652 ((1) Amazing Little Poll and (2) Amazing Little Picture Poll have a def ...)
	NOT-FOR-US: Amazing Little Poll
CVE-2006-4651 (Directory traversal vulnerability in download/index.php, and possibly  ...)
	NOT-FOR-US: Php download
CVE-2006-4650 (Cisco IOS 12.0, 12.1, and 12.2, when GRE IP tunneling is used and the  ...)
	NOT-FOR-US: Cisco
CVE-2006-4649 (PHP remote file inclusion vulnerability in bp_news.php in BinGo News ( ...)
	NOT-FOR-US: BinGo News
CVE-2006-4648 (PHP remote file inclusion vulnerability in bp_ncom.php in BinGo News ( ...)
	NOT-FOR-US: BinGo News
CVE-2006-4647 (PHP remote file inclusion vulnerability in news.php in Sponge News 2.2 ...)
	NOT-FOR-US: Sponge News
CVE-2006-4646 (Cross-site scripting (XSS) vulnerability in the Drupal 4.7 Pathauto mo ...)
	NOT-FOR-US: Drupal Pathauto module
CVE-2006-4645 (PHP remote file inclusion vulnerability in akarru.gui/main_content.php ...)
	NOT-FOR-US: Social BookMarking Engine
CVE-2006-4644 (PHP remote file inclusion vulnerability in modules/home.module.php in  ...)
	NOT-FOR-US: phpFullAnnu
CVE-2006-4643 (SQL injection vulnerability in consult/joueurs.php in Uni-Vert PhpLeag ...)
	NOT-FOR-US: PhpLeague
CVE-2006-4642 (AuditWizard 6.3.2, when using "Remote Audit," logs the administrator p ...)
	NOT-FOR-US: AuditWizard
CVE-2006-4641 (SQL injection vulnerability in kategori.asp in Muratsoft Haber Portal  ...)
	NOT-FOR-US: Muratsoft Haber Portal
CVE-2006-4640 (Unspecified vulnerability in Adobe Flash Player before 9.0.16.0 allows ...)
	- flashplugin-nonfree 7.0.68.0.1
	[sarge] - flashplugin-nonfree <no-dsa> (Contrib not supported)
CVE-2006-4639 (Multiple PHP remote file inclusion vulnerabilities in C-News.fr C-News ...)
	NOT-FOR-US: C-News.fr C-News
CVE-2006-4638 (PHP remote file inclusion vulnerability in article.php in ACGV News 0. ...)
	NOT-FOR-US: ACGV News
CVE-2006-4637 (Multiple PHP remote file inclusion vulnerabilities in ACGV News 0.9.1  ...)
	NOT-FOR-US: ACGV News
CVE-2006-4636 (Directory traversal vulnerability in SZEWO PhpCommander 3.0 and earlie ...)
	NOT-FOR-US: PhpCommander
CVE-2006-4635 (Unspecified vulnerability in MySource Classic 2.14.6, and possibly ear ...)
	NOT-FOR-US: MySource Classic
CVE-2006-4634 (Cross-site scripting (XSS) vulnerability in index.php in VBZooM allows ...)
	NOT-FOR-US: VBZooM
CVE-2006-4633 (index.php in SoftBB 0.1, and possibly earlier, allows remote attackers ...)
	NOT-FOR-US: SoftBB
CVE-2006-4632 (Multiple SQL injection vulnerabilities in SoftBB 0.1, and possibly ear ...)
	NOT-FOR-US: SoftBB
CVE-2006-4631 (Direct static code injection vulnerability in admin/save_opt.php in So ...)
	NOT-FOR-US: SoftBB
CVE-2006-4630 (PHP remote file inclusion vulnerability in jscript.php in Sky GUNNING  ...)
	NOT-FOR-US: MySpeach
CVE-2006-4629 (PHP remote file inclusion vulnerability in affichage/commentaires.php  ...)
	NOT-FOR-US: C-News.fr C-News
CVE-2006-4628 (Cross-site scripting (XSS) vulnerability in VCD-db before 0.983 allows ...)
	NOT-FOR-US: VCD-db
CVE-2006-4627 (System Information ActiveX control (msinfo.dll), when accessed via Mic ...)
	NOT-FOR-US: System Information ActiveX control
CVE-2006-4626 (Heap-based buffer overflow in alwil avast! Anti-virus Engine before 4. ...)
	NOT-FOR-US: avast! Anti-virus Engine
CVE-2006-4625 (PHP 4.x up to 4.4.4 and PHP 5 up to 5.1.6 allows local users to bypass ...)
	- php4 4:4.4.4-1 (bug #391282; unimportant)
	- php5 5.2.0-1 (bug #391281; unimportant)
	NOTE: open_basedir violations not supported in Debian's PHP
CVE-2006-4624 (CRLF injection vulnerability in Utils.py in Mailman before 2.1.9rc1 al ...)
	{DSA-1188-1}
	- mailman 1:2.1.8-3
CVE-2006-4623 (The Unidirectional Lightweight Encapsulation (ULE) decapsulation compo ...)
	{DSA-1304}
	- linux-2.6 2.6.18-1
CVE-2006-4790 (verify.c in GnuTLS before 1.4.4, when using an RSA key with exponent 3 ...)
	{DSA-1182-1}
	NOTE: GNUTLS-SA-2006-4
	- gnutls13 1.4.4-1 (high)
	- gnutls12 <removed> (high)
	- gnutls11 <removed> (high)
CVE-2006-XXXX [gnutls Adaptive Chosen Ciphertext Attack]
	NOTE: GNUTLS-SA-2006-3 (withdrawn)
	- gnutls13 1.4.3-1 (unimportant)
	- gnutls12 <removed> (unimportant)
	- gnutls11 <removed> (unimportant)
CVE-2006-4622 (PHP remote file inclusion vulnerability in annonce.php in AnnonceV (ak ...)
	NOT-FOR-US: AnnonceV
CVE-2006-4621 (PHP remote file inclusion vulnerability in settings.php in Pheap 1.2,  ...)
	NOT-FOR-US: Pheap
CVE-2006-4620 (The useredit_account.wdm module in Alt-N WebAdmin 3.2.5 running with M ...)
	NOT-FOR-US: Alt-N WebAdmin
CVE-2006-4619 (The start update window in update.exe in Avira AntiVir PersonalEdition ...)
	NOT-FOR-US: Avira
CVE-2006-4618 (PHP remote file inclusion vulnerability in adodb-postgres7.inc.php in  ...)
	- libphp-adodb <not-affected> (vulnerable code seems to be In-link specific)
	- egroupware <not-affected> (vulnerable code seems to be In-link specific)
	- moodle <not-affected> (vulnerable code seems to be In-link specific)
	- phppgadmin <not-affected> (vulnerable code seems to be In-link specific)
	- gallery2 <not-affected> (vulnerable code seems to be In-link specific)
	- phpwiki <not-affected> (vulnerable code seems to be In-link specific)
CVE-2006-4617 (Unrestricted file upload vulnerability in fileupload.html in vtiger CR ...)
	NOT-FOR-US: vtiger CRM
CVE-2006-4616 (SMTP service in MailEnable Standard, Professional, and Enterprise befo ...)
	NOT-FOR-US: MailEnable
CVE-2006-4615 (Shape Services IM+ Mobile Instant Messenger for Pocket PC 3.10 stores  ...)
	NOT-FOR-US: Shape Services
CVE-2006-4614 (PDAapps Verichat for Pocket PC 1.30bh stores usernames and passwords i ...)
	NOT-FOR-US: PDAapps Verichat
CVE-2006-4613 (Multiple unspecified vulnerabilities in SnapGear before 3.1.4u1 allow  ...)
	NOT-FOR-US: SnapGear
CVE-2006-4612 (SQL injection vulnerability in ReplyNew.asp in ZIXForum 1.12 allows re ...)
	NOT-FOR-US: ZIXForum
CVE-2006-4611 (Buffer overflow in the _tor_resolve function in dsocks.c in dsocks bef ...)
	NOT-FOR-US: dsocks
CVE-2006-4610 (PHP remote file inclusion vulnerability in index.php in GrapAgenda 0.1 ...)
	NOT-FOR-US: GrapAgenda
CVE-2006-4609
	NOT-FOR-US: PHProjekt
CVE-2006-4608 (Multiple cross-site scripting (XSS) vulnerabilities in Longino Jacome  ...)
	NOT-FOR-US: php-Revista
CVE-2006-4607 (admin/index.php in Longino Jacome php-Revista 1.1.2 allows remote atta ...)
	NOT-FOR-US: php-Revista
CVE-2006-4606 (Multiple SQL injection vulnerabilities in Longino Jacome php-Revista 1 ...)
	NOT-FOR-US: php-Revista
CVE-2006-4605 (PHP remote file inclusion vulnerability in index.php in Longino Jacome ...)
	NOT-FOR-US: php-Revista
CVE-2006-4604 (PHP remote file inclusion vulnerability in LFXlib/access_manager.php i ...)
	NOT-FOR-US: Lanifex Database of Managed Objects (DMO)
CVE-2006-4603 (NCH Swift Sound Web Dictate 1.02 allows remote attackers to bypass aut ...)
	NOT-FOR-US: Swift Sound Web Dictate
CVE-2006-4601 (SQL injection vulnerability in index.php in Annuaire 1Two 2.2 allows r ...)
	NOT-FOR-US: 1Two
CVE-2006-4600 (slapd in OpenLDAP before 2.3.25 allows remote authenticated users with ...)
	- openldap2.3 2.3.25-1
	- openldap2.2 <removed> (low)
	- openldap2 <not-affected> (low) (slapd not built from this version)
CVE-2006-4599 (SQL injection vulnerability in aut_verifica.inc.php in Autentificator  ...)
	NOT-FOR-US: Autentificator
CVE-2006-4598 (Multiple SQL injection vulnerabilities in links.php in ssLinks 1.22 al ...)
	NOT-FOR-US: ssLinks
CVE-2006-4597 (SQL injection vulnerability in devam.asp in ICBlogger 2.0 and earlier  ...)
	NOT-FOR-US: ICBlogger
CVE-2006-4596 (PHP remote file inclusion in MyBace Light Skrip, when register_globals ...)
	NOT-FOR-US: MyBace Light Skrip
CVE-2006-4595 (muforum (&#181;forum) 0.4c stores membres/members.dat under the web do ...)
	NOT-FOR-US: muforum
CVE-2006-4594 (Multiple PHP remote file inclusion vulnerabilities in PHP Advanced Tra ...)
	NOT-FOR-US: phpAtm
CVE-2006-4593 (Cross-site scripting (XSS) vulnerability in index.php in SoftBB 0.1 an ...)
	NOT-FOR-US: SoftBB
CVE-2006-4592 (Incomplete blacklist vulnerability in default.asp in 8pixel.net Simple ...)
	NOT-FOR-US: Simple Blog
CVE-2006-4591 (Multiple PHP remote file inclusion vulnerabilities in AlstraSoft Templ ...)
	NOT-FOR-US: AltraSoft Template Seller
CVE-2006-4590 (SQL injection vulnerability in admin/default.asp in Jetstat.com JS ASP ...)
	NOT-FOR-US: Jetstat.com JS ASP Faq Manager
CVE-2006-4589 (PHP remote file inclusion vulnerability in 0_admin/modules/Wochenkarte ...)
	NOT-FOR-US: DynCMS
CVE-2006-4588 (vtiger CRM 4.2.4, and possibly earlier, allows remote attackers to byp ...)
	NOT-FOR-US: vtiger CRM
CVE-2006-4587 (Multiple cross-site scripting (XSS) vulnerabilities in vtiger CRM 4.2. ...)
	NOT-FOR-US: vtiger CRM
CVE-2006-4586 (The admin panel in Tr Forum 2.0 accepts a username and password hash f ...)
	NOT-FOR-US: Tr Forum
CVE-2006-4585 (SQL injection vulnerability in admin/editer.php in Tr Forum 2.0 allows ...)
	NOT-FOR-US: Tr Forum
CVE-2006-4584 (Tr Forum 2.0 allows remote attackers to bypass authentication and add  ...)
	NOT-FOR-US: Tr Forum
CVE-2006-4583 (Multiple PHP remote file inclusion vulnerabilities in FlashChat before ...)
	NOT-FOR-US: FlashChat
CVE-2006-4582 (Cross-site request forgery (CSRF) vulnerability in The Address Book 1. ...)
	NOT-FOR-US: The Address Book
CVE-2006-4581 (Unrestricted file upload vulnerability in The Address Book 1.04e valid ...)
	NOT-FOR-US: The Address Book
CVE-2006-4580 (register.php in The Address Book 1.04e allows remote attackers to bypa ...)
	NOT-FOR-US: The Address Book
CVE-2006-4579 (Directory traversal vulnerability in users.php in The Address Book 1.0 ...)
	NOT-FOR-US: The Address Book
CVE-2006-4578 (export.php in The Address Book 1.04e writes username and password hash ...)
	NOT-FOR-US: The Address Book
CVE-2006-4577 (Multiple cross-site scripting (XSS) vulnerabilities in The Address Boo ...)
	NOT-FOR-US: The Address Book
CVE-2006-4576 (Cross-site scripting (XSS) vulnerability in The Address Book 1.04e all ...)
	NOT-FOR-US: The Address Book
CVE-2006-4575 (Multiple SQL injection vulnerabilities in The Address Book 1.04e allow ...)
	NOT-FOR-US: The Address Book
CVE-2006-4574 (Off-by-one error in the MIME Multipart dissector in Wireshark (formerl ...)
	- wireshark 0.99.4-1 (bug #396258; medium)
CVE-2006-4573 (Multiple unspecified vulnerabilities in the "utf8 combining characters ...)
	{DSA-1202-1}
	- screen 4.0.3-0.1 (bug #395225; bug #395999; medium)
CVE-2006-4572 (ip6_tables in netfilter in the Linux kernel before 2.6.16.31 allows re ...)
	- linux-2.6 2.6.18.dfsg.1-9 (medium)
CVE-2006-4571 (Multiple unspecified vulnerabilities in Firefox before 1.5.0.7, Thunde ...)
	{DSA-1210 DSA-1192-1 DSA-1191-1}
	NOTE: MFSA-2006-64
	- mozilla <removed> (high)
	- firefox 1.5.dfsg+1.5.0.7-1 (high)
	- thunderbird 1.5.0.7-1 (high)
	- xulrunner 1.8.0.7-1 (high)
CVE-2006-4570 (Mozilla Thunderbird before 1.5.0.7 and SeaMonkey before 1.0.5, with "L ...)
	{DSA-1192-1 DSA-1191-1}
	NOTE: MFSA-2006-63
	- thunderbird 1.5.0.7-1
	- mozilla <removed>
CVE-2006-4569 (The popup blocker in Mozilla Firefox before 1.5.0.7 opens the "blocked ...)
	NOTE: MFSA-2006-62
	- firefox 1.5.dfsg+1.5.0.7-1 (low)
	- xulrunner 1.8.0.7-1 (low)
	- thunderbird 1.5.0.7-1
	[sarge] - mozilla-firefox <not-affected> (Regression only affecting 1.5)
CVE-2006-4568 (Mozilla Firefox before 1.5.0.7 and SeaMonkey before 1.0.5 allows remot ...)
	{DSA-1210 DSA-1192-1 DSA-1191-1}
	NOTE: MFSA-2006-61
	- mozilla <removed> (low)
	- firefox 1.5.dfsg+1.5.0.7-1 (low)
	- xulrunner 1.8.0.7-1 (low)
	- thunderbird 1.5.0.7-1
CVE-2006-4567 (Mozilla Firefox before 1.5.0.7 and Thunderbird before 1.5.0.7 makes it ...)
	NOTE: MFSA-2006-58
	- firefox 1.5.dfsg+1.5.0.7-1 (unimportant)
	- thunderbird 1.5.0.7-1 (unimportant)
	[sarge] - mozilla-firefox <unfixed> (unimportant)
	[sarge] - mozilla-thunderbird <unfixed> (unimportant)
	NOTE: The internal update mechanism is disabled in Debian
CVE-2006-4566 (Mozilla Firefox before 1.5.0.7, Thunderbird before 1.5.0.7, and SeaMon ...)
	{DSA-1210 DSA-1192-1 DSA-1191-1}
	NOTE: MFSA-2006-57
	- mozilla <removed> (high)
	- firefox 1.5.dfsg+1.5.0.7-1 (high)
	- thunderbird 1.5.0.7-1 (low)
	- xulrunner 1.8.0.7-1 (high)
CVE-2006-4565 (Heap-based buffer overflow in Mozilla Firefox before 1.5.0.7, Thunderb ...)
	{DSA-1210 DSA-1192-1 DSA-1191-1}
	NOTE: MFSA-2006-57
	- mozilla <removed> (high)
	- firefox 1.5.dfsg+1.5.0.7-1 (high)
	- xulrunner 1.8.0.7-1 (high)
	- thunderbird 1.5.0.7-1 (low)
CVE-2006-4564 (SQL injection vulnerability in Sources/ManageBoards.php in Simple Mach ...)
	NOT-FOR-US: Simple Machines Forum
CVE-2006-4563 (Cross-site scripting (XSS) vulnerability in the MyHeadlines before 4.3 ...)
	NOT-FOR-US: PHP-Nuke
CVE-2006-4562
	NOT-FOR-US: Symantec
CVE-2006-4561 (Mozilla Firefox 1.5.0.6 allows remote attackers to execute arbitrary J ...)
	- xulrunner 1.8.0.7-1 (low)
	- firefox 1.5.dfsg+1.5.0.7-1 (low)
	[sarge] - mozilla <no-dsa> (Mozilla products from Sarge no longer supported)
	[sarge] - mozilla-firefox <no-dsa> (Mozilla products from Sarge no longer supported)
CVE-2006-4560 (Internet Explorer 6 on Windows XP SP2 allows remote attackers to execu ...)
	NOT-FOR-US: Internet Explorer
CVE-2006-4559 (Multiple PHP remote file inclusion vulnerabilities in Yet Another Comm ...)
	NOT-FOR-US: Yet Another Community System (YACS) CMS
CVE-2006-4558 (DeluxeBB 1.06 and earlier, when run on the Apache HTTP Server with the ...)
	NOT-FOR-US: DeluxeBB
CVE-2006-4557
	NOT-FOR-US: Discloser
CVE-2006-4556
	NOT-FOR-US: JIM component for Mambo and Joomla!
CVE-2006-4555 (Buffer overflow in the Retro64 / Miniclip CR64Loader ActiveX control a ...)
	NOT-FOR-US: Miniclip CR64Loader ActiveX control
CVE-2006-4554 (Stack-based buffer overflow in the ReadFile function in the ZOO-proces ...)
	NOT-FOR-US: BeCubed Compression Plus
CVE-2006-4553 (PHP remote file inclusion vulnerability in plugin.class.php in the com ...)
	NOT-FOR-US: com_comprofiler Components for Mambo and Joomla!
CVE-2006-4552 (Cross-site scripting (XSS) vulnerability in CHXO Feedsplitter 2006-01- ...)
	NOT-FOR-US: CHXO Feedsplitter
CVE-2006-4551 (Eval injection vulnerability in CHXO Feedsplitter 2006-01-21 allows re ...)
	NOT-FOR-US: CHXO Feedsplitter
CVE-2006-4550 (Directory traversal vulnerability in CHXO Feedsplitter 2006-01-21 allo ...)
	NOT-FOR-US: CHXO Feedsplitter
CVE-2006-4549 (CHXO Feedsplitter 2006-01-21 allows remote attackers to read the sourc ...)
	NOT-FOR-US: CHXO Feedsplitter
CVE-2006-4548 (e107 0.75 and earlier does not properly unset variables when the input ...)
	NOTE: this should be fixed in PHP (CVE-2006-3017)
CVE-2006-4547 (Lyris ListManager 8.95 allows remote authenticated users to obtain sen ...)
	NOT-FOR-US: Lyris ListManager
CVE-2006-4546 (Lyris ListManager 8.95 allows remote authenticated users, who have adm ...)
	NOT-FOR-US: Lyris ListManager
CVE-2006-4545
	NOT-FOR-US: ModuleBased CMS Pre-Alpha
CVE-2006-4544 (Multiple PHP remote file inclusion vulnerabilities in ExBB 1.9.1, when ...)
	NOT-FOR-US: ExBB
CVE-2006-4543 (Cross-site scripting (XSS) vulnerability in index.php in HLStats 1.34  ...)
	NOT-FOR-US: HLStats
CVE-2006-4542 (Webmin before 1.296 and Usermin before 1.226 do not properly handle a  ...)
	{DSA-1199-1}
	- webmin <removed> (bug #391284)
	- usermin <removed>
CVE-2006-4541 (RapDrv.sys in BlackICE PC Protection 3.6.cpn, cpj, cpiE, and possibly  ...)
	NOT-FOR-US: BlackICE PC Protection
CVE-2006-4540 (Cross-site scripting (XSS) vulnerability in learncenter.asp in Learn.c ...)
	NOT-FOR-US: Learn.com LearnCenter
CVE-2006-4539 ((1) includes/widgets/module_company_tickets.php and (2) includes/widge ...)
	NOT-FOR-US: Cerberus Helpdesk
CVE-2006-4538 (Linux kernel 2.6.17 and earlier, when running on IA64 or SPARC platfor ...)
	{DSA-1237 DSA-1233}
	- linux-2.6 2.6.17-9
CVE-2006-4537 (NET$SESSION_CONTROL.EXE in DECnet-Plus in OpenVMS ALPHA 7.3-2 and Alph ...)
	NOT-FOR-US: OpenVMS
CVE-2006-4536 (SQL injection vulnerability in module/rejestracja.php in CMS Frogss 0. ...)
	NOT-FOR-US: CMS Frogss
CVE-2006-4535 (The Linux kernel 2.6.17.10 and 2.6.17.11 and 2.6.18-rc5 allows local u ...)
	{DSA-1184-2 DSA-1183-1}
	- linux-2.6 2.6.18-1
CVE-2006-4534 (Unspecified vulnerability in Microsoft Word 2000, 2002, and Office 200 ...)
	NOT-FOR-US: Microsoft
CVE-2006-4533 (Multiple PHP remote file inclusion vulnerabilities in Plume CMS 1.0.6  ...)
	NOT-FOR-US: Plume CMS
CVE-2006-4532 (PHP remote file inclusion vulnerability in articles/article.php in Yet ...)
	NOT-FOR-US: Yet Another Community System (YACS) CMS
CVE-2006-4531 (PHP remote file inclusion vulnerability in lib/config.php in Pheap CMS ...)
	NOT-FOR-US: Pheap CMS
CVE-2006-4530 (Direct static code injection vulnerability in include/change.php in me ...)
	NOT-FOR-US: membrepass
CVE-2006-4529 (SQL injection vulnerability in recherchemembre.php in membrepass 1.5.  ...)
	NOT-FOR-US: membrepass
CVE-2006-4528 (Multiple cross-site scripting (XSS) vulnerabilities in membrepass 1.5  ...)
	NOT-FOR-US: membrepass
CVE-2006-4527 (includes/content/gateway.inc.php in CubeCart 3.0.12 and earlier, when  ...)
	NOT-FOR-US: CubeCart
CVE-2006-4526 (SQL injection vulnerability in includes/content/viewCat.inc.php in Cub ...)
	NOT-FOR-US: CubeCart
CVE-2006-4525 (Cross-site scripting (XSS) vulnerability in CubeCart 3.0.12 and earlie ...)
	NOT-FOR-US: CubeCart
CVE-2006-4524 (Multiple SQL injection vulnerabilities in login_verif.asp in Digiappz  ...)
	NOT-FOR-US: Digiappz Freekot
CVE-2006-4523 (The web-based management interface in 2Wire, Inc. HomePortal and Offic ...)
	NOT-FOR-US: 2Wire
CVE-2006-4522 (Unspecified vulnerability in dtterm in IBM AIX 5.2 and 5.3 allows loca ...)
	NOT-FOR-US: IBM AIX
CVE-2006-XXXX [hostapd dos]
	- hostapd 1:0.5.4-1
	[sarge] - hostapd <not-affected> (Vulnerable code not present)
CVE-2006-4521 (The BerDecodeLoginDataRequest function in the libnmasldap.so NMAS modu ...)
	NOT-FOR-US: Novell eDirectory
CVE-2006-4520 (ncp in Novell eDirectory before 8.7.3 SP9, and 8.8.x before 8.8.1 FTF2 ...)
	NOT-FOR-US: Novell eDirectory
CVE-2006-4519 (Multiple integer overflows in the image loader plug-ins in GIMP before ...)
	{DSA-1335-1}
	- gimp 2.2.16-1 (medium)
	NOTE: Security problems were fixed in 2.2.16, but only 2.2.17 fixes a PSD regression
CVE-2006-4518 (Qbik WinGate 6.1.4 and earlier allows remote attackers to cause a deni ...)
	NOT-FOR-US: Qbik WinGate
CVE-2006-4517 (Novell iManager 2.5 and 2.0.2 allows remote attackers to cause a denia ...)
	NOT-FOR-US: Novell iManager
CVE-2006-4516 (Integer signedness error in FreeBSD 6.0-RELEASE allows local users to  ...)
	- kfreebsd-5 <removed> (low)
	[etch] - kfreebsd-5 <no-dsa> (no security support for freebsd)
CVE-2006-4515
	RESERVED
CVE-2006-4514 (Heap-based buffer overflow in the ole_info_read_metabat function in Gn ...)
	{DSA-1221-1}
	- libgsf 1.14.2-1
CVE-2006-4513 (Multiple integer overflows in the WV library in wvWare (formerly mswor ...)
	- wv 1.2.4-1 (bug #396256; medium)
	- abiword 2.4.6-1
	[sarge] - abiword 2.4.6-1.1 (bug #396360)
	NOTE: exact abiword fixed version not known, but <= 2.4.6-1
CVE-2006-4512
	RESERVED
CVE-2006-4511 (Messenger Agents (nmma.exe) in Novell GroupWise 2.0.2 and 1.0.6 allows ...)
	NOT-FOR-US: Novell GroupWise
CVE-2006-4510 (The evtFilteredMonitorEventsRequest function in the LDAP service in No ...)
	NOT-FOR-US: Novell eDirectory
CVE-2006-4509 (Integer overflow in the evtFilteredMonitorEventsRequest function in th ...)
	NOT-FOR-US: Novell eDirectory
CVE-2006-4508 (Unspecified vulnerability in (1) Tor 0.1.0.x before 0.1.0.18 and 0.1.1 ...)
	- tor 0.1.1.23-1
CVE-2006-4507 (Unspecified vulnerability in the TIFF viewer (possibly libTIFF) in the ...)
	NOT-FOR-US: Sony
	NOTE: According to the original advisory, this is just CVE-2006-3459
CVE-2006-4506 (idmlib.sh in nxdrv in Novell Identity Manager (IDM) 3.0.1 allows local ...)
	NOT-FOR-US: Novell Identity Manager
CVE-2006-4505 (CRLF injection vulnerability in links.php in NX5Linx 1.0 allows remote ...)
	NOT-FOR-US: NX5Linx
CVE-2006-4504 (SQL injection vulnerability in NX5Linx 1.0 allows remote attackers to  ...)
	NOT-FOR-US: NX5Linx
CVE-2006-4503 (Directory traversal vulnerability in link.php in NX5Linx 1.0 allows re ...)
	NOT-FOR-US: NX5Linx
CVE-2006-4502 (ezPortal/ztml CMS 1.0 allows remote attackers to bypass authentication ...)
	NOT-FOR-US: ezPortal/ztml CMS
CVE-2006-4501 (SQL injection vulnerability in index.php in ezPortal/ztml CMS 1.0 allo ...)
	NOT-FOR-US: ezPortal/ztml CMS
CVE-2006-4500 (Cross-site scripting (XSS) vulnerability in index.php in ezPortal/ztml ...)
	NOT-FOR-US: ezPortal/ztml CMS
CVE-2006-4499 (ModernBill 5.0.4 and earlier uses cURL with insecure settings for CURL ...)
	NOT-FOR-US: ModernBill
CVE-2006-4498 (PHP remote file inclusion vulnerability in sommaire_admin.php in PhpAl ...)
	NOT-FOR-US: PortailPHP
CVE-2006-4497 (SQL injection vulnerability in comments.php in IwebNegar 1.1 allows re ...)
	NOT-FOR-US: IwebNegar
CVE-2006-4496 (Cross-site scripting (XSS) vulnerability in comments.php in IwebNegar  ...)
	NOT-FOR-US: IwebNegar
CVE-2006-4495 (Microsoft Internet Explorer allows remote attackers to cause a denial  ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2006-4494 (Microsoft Visual Studio 6.0 allows remote attackers to cause a denial  ...)
	NOT-FOR-US: Microsoft
CVE-2006-4493 (xbiff2 1.9 creates $HOME/.xbiff2rc in a user's home directory with ins ...)
	NOT-FOR-US: xbiff2
	NOTE: xbase-clients contains xbiff, but it is not affected as it doesn't use a .xbiffrc
CVE-2006-4492 (Unspecified vulnerability in Cybozu Office 6.5 Build 1.2 for Windows a ...)
	NOT-FOR-US: Cybozu Office
CVE-2006-4491 (Directory traversal vulnerability in Cybozu Collaborex, AG before 1.2( ...)
	NOT-FOR-US: Cybozu Collaborex
CVE-2006-4490 (Multiple directory traversal vulnerabilities in Cybozu Office before 6 ...)
	NOT-FOR-US: Cybozu Office
CVE-2006-4489 (Multiple PHP remote file inclusion vulnerabilities in MiniBill 2006-07 ...)
	NOT-FOR-US: MiniBill
CVE-2006-4488 (PHP remote file inclusion vulnerability in modules/userstop/userstop.p ...)
	NOT-FOR-US: ExBB Italia
CVE-2006-4487 (DUware DUpoll 3.0 and 3.1 stores _private/Dupoll.mdb under the web doc ...)
	NOT-FOR-US: DUpoll
CVE-2006-4486 (Integer overflow in memory allocation routines in PHP before 5.1.6, wh ...)
	{DSA-1331-1}
	- php5 5.1.6-1
	- php4 4:4.4.4-1
CVE-2006-4485 (The stripos function in PHP before 5.1.5 has unknown impact and attack ...)
	- php5 5.1.6-1
	- php4 <not-affected> (Vulnerable function doesn't exist)
CVE-2006-4484 (Buffer overflow in the LWZReadByte_ function in ext/gd/libgd/gd_gif_in ...)
	- libgd2 2.0.33-5.1 (medium; bug #384838)
	- xloadimage <unfixed> (unimportant; bug #384841)
	NOTE: xloadimage is a crasher only, not a security problem
CVE-2006-4483 (The cURL extension files (1) ext/curl/interface.c and (2) ext/curl/str ...)
	- php5 5.1.6-1 (unimportant)
	- php4 4:4.4.4-1 (unimportant)
	NOTE: Safe mode violations not supported, insufficient measure
CVE-2006-4482 (Multiple heap-based buffer overflows in the (1) str_repeat and (2) wor ...)
	{DSA-1206-1}
	- php5 5.1.6-1 (medium)
	- php4 4:4.4.4-1 (medium)
CVE-2006-4481 (The (1) file_exists and (2) imap_reopen functions in PHP before 5.1.5  ...)
	- php5 5.1.6-1 (unimportant)
	- php4 4:4.4.4-1 (unimportant)
	NOTE: Basedir violations not supported
CVE-2006-4480 (Incomplete blacklist vulnerability in the nk_CSS function in nuked.php ...)
	NOT-FOR-US: Nuked-Klan
CVE-2006-4479 (Cross-site scripting (XSS) vulnerability in loginreq2.php in Visual Sh ...)
	NOT-FOR-US: ezContents
CVE-2006-4478 (SQL injection vulnerability in headeruserdata.php in Visual Shapers ez ...)
	NOT-FOR-US: ezContents
CVE-2006-4477 (Multiple PHP remote file inclusion vulnerabilities in Visual Shapers e ...)
	NOT-FOR-US: ezContents
CVE-2006-4476 (Multiple unspecified vulnerabilities in Joomla! before 1.0.11, related ...)
	NOT-FOR-US: Joomla!
CVE-2006-4475 (Joomla! before 1.0.11 does not limit access to the Admin Popups functi ...)
	NOT-FOR-US: Joomla!
CVE-2006-4474 (Multiple cross-site scripting (XSS) vulnerabilities in Joomla! before  ...)
	NOT-FOR-US: Joomla!
CVE-2006-4473 (Unspecified vulnerability in com_content in Joomla! before 1.0.11, whe ...)
	NOT-FOR-US: Joomla!
CVE-2006-4472 (Multiple unspecified vulnerabilities in Joomla! before 1.0.11 allow at ...)
	NOT-FOR-US: Joomla!
CVE-2006-4471 (The Admin Upload Image functionality in Joomla! before 1.0.11 allows r ...)
	NOT-FOR-US: Joomla!
CVE-2006-4470 (Joomla! before 1.0.11 omits some checks for whether _VALID_MOS is defi ...)
	NOT-FOR-US: Joomla!
CVE-2006-4469 (Unspecified vulnerability in PEAR.php in Joomla! before 1.0.11 allows  ...)
	NOT-FOR-US: Joomla!
CVE-2006-4468 (Multiple unspecified vulnerabilities in Joomla! before 1.0.11, related ...)
	NOT-FOR-US: Joomla!
CVE-2006-4467 (Simple Machines Forum (SMF) 1.1RCx before 1.1RC3, and 1.0.x before 1.0 ...)
	NOT-FOR-US: Simple Machines Forum
CVE-2006-4466 (Joomla! before 1.0.11 does not properly unset variables when the input ...)
	NOT-FOR-US: Joomla!
CVE-2006-4465
	NOT-FOR-US: Microsoft
CVE-2006-4464 (The Nokia Browser, possibly Nokia Symbian 60 Browser 3rd edition, allo ...)
	NOT-FOR-US: Nokia
CVE-2006-4463 (SQL injection vulnerability in the administrator control panel in Jets ...)
	NOT-FOR-US: JS ASP Faq Manager
CVE-2006-4462 (Gonafish.com LinksCaffe 2.0 and 3.0 do not properly restrict access to ...)
	NOT-FOR-US: LinksCaffe
CVE-2006-4461 (Paessler IPCheck Server Monitor before 5.3.3.639/640 does not properly ...)
	NOT-FOR-US: Paessler IPCheck Server Monitor (not related to ipcheck in Debian)
CVE-2006-4460 (Cross-site scripting (XSS) vulnerability in PHP iAddressBook before 0. ...)
	NOT-FOR-US: iAddressBook
CVE-2006-4459 (Integer overflow in AnywhereUSB/5 1.80.00 allows local users to cause  ...)
	NOT-FOR-US: AnywhereUSB/5
CVE-2006-4458 (Directory traversal vulnerability in calendar/inc/class.holidaycalc.in ...)
	- phpgroupware 0.9.16.011-1 (bug #386061; medium)
CVE-2006-4457 (PHP remote file inclusion vulnerability in index.php in phpECard 2.1.4 ...)
	NOT-FOR-US: phpECard
CVE-2006-4456 (PHP remote file inclusion vulnerability in functions.php in phpECard 2 ...)
	NOT-FOR-US: phpECard
CVE-2006-4455
	- xchat <not-affected> (not reproducible)
CVE-2006-4454 (Cross-site scripting (XSS) vulnerability in hlstats.php in HLstats 1.3 ...)
	NOT-FOR-US: HLstats
CVE-2006-4453 (Cross-site scripting (XSS) vulnerability in PmWiki before 2.1.18 allow ...)
	NOT-FOR-US: PmWiki
CVE-2006-4452 (PHP remote file inclusion vulnerability in security/include/_class.sec ...)
	NOT-FOR-US: Web3news
CVE-2006-4451 (Direct static code injection vulnerability in CJ Tag Board 3.0 allows  ...)
	NOT-FOR-US: Tag Board
CVE-2006-4450 (usercp_avatar.php in PHPBB 2.0.20, when avatar uploading is enabled, a ...)
	- phpbb2 2.0.21-1 (unimportant)
	NOTE: That's by design and even disabled by default
CVE-2006-4449 (Cross-site scripting (XSS) vulnerability in attachment.php in MyBullet ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2006-4448 (Multiple PHP remote file inclusion vulnerabilities in interact 2.2, wh ...)
	NOT-FOR-US: interact
CVE-2006-4447 (X.Org and XFree86, including libX11, xdm, xf86dga, xinit, xload, xtran ...)
	{DSA-1193-1}
	- xbase-clients 1:7.1.ds-2 (unimportant)
	- xtrans 1.0.0-6 (unimportant)
	- xorg-server 1:1.0.2-9 (low)
	- libx11 2:1.0.0-7 (unimportant)
	- xdm 1:1.0.5-1 (unimportant)
	- xterm <unfixed> (unimportant)
CVE-2006-4446 (Heap-based buffer overflow in DirectAnimation.PathControl COM object ( ...)
	NOT-FOR-US: Microsoft
CVE-2006-4445
	NOT-FOR-US: CuteNews
CVE-2006-4444 (Multiple SQL injection vulnerabilities in Cybozu Garoon 2.1.0 for Wind ...)
	NOT-FOR-US: Cybozu Garoon
CVE-2006-4443 (PHP remote file inclusion vulnerability in myajaxphp.php in AlstraSoft ...)
	NOT-FOR-US: AlstraSoft Video Share Enterprise
CVE-2006-4442 (Cross-site scripting (XSS) vulnerability in PHP iAddressBook before 0. ...)
	NOT-FOR-US: iAddressBook
CVE-2006-4441 (Multiple PHP remote file inclusion vulnerabilities in Ay System Soluti ...)
	NOT-FOR-US: Ay System Solutions CMS
CVE-2006-4440 (PHP remote file inclusion vulnerability in main.php in Ay System Solut ...)
	NOT-FOR-US: Ay System Solutions CMS
CVE-2006-4439 (pkgadd in Sun Solaris 10 before 20060825 installs files with insecure  ...)
	NOT-FOR-US: Solaris
CVE-2006-4438 (Heap-based buffer overflow in SpIDer for Dr.Web Scanner for Linux 4.33 ...)
	NOT-FOR-US: SpIDer for Dr.Web Scanner
CVE-2006-4437 (Eval injection vulnerability in Tagger LE allows remote attackers to e ...)
	NOT-FOR-US: Tagger LE
CVE-2006-4602 (Unrestricted file upload vulnerability in jhot.php in TikiWiki 1.9.4 S ...)
	- tikiwiki 1.9.4+dfsg2-3
CVE-2006-4436 (isakmpd in OpenBSD 3.8, 3.9, and possibly earlier versions, creates Se ...)
	{DSA-1175-1}
	- isakmpd 20041012-4 (bug #385894; medium)
CVE-2006-4435 (OpenBSD 3.8, 3.9, and possibly earlier versions allows context-depende ...)
	NOT-FOR-US: OpenBSD
CVE-2006-4434 (Use-after-free vulnerability in Sendmail before 8.13.8 allows remote a ...)
	{DSA-1164}
	- sendmail 8.13.8-1 (bug #385054; medium)
CVE-2006-4433 (PHP before 4.4.3 and 5.x before 5.1.4 does not limit the character set ...)
	- php4 4:4.4.4-1 (unimportant)
	- php5 5.1.4-0.1 (unimportant)
	NOTE: Sanitising this is an application's job
CVE-2006-4432 (Directory traversal vulnerability in Zend Platform 2.2.1 and earlier a ...)
	NOT-FOR-US: Zend Platform
CVE-2006-4431 (Multiple buffer overflows in the (a) Session Clustering Daemon and the ...)
	NOT-FOR-US: Zend Platform
CVE-2006-4430 (The Cisco Network Admission Control (NAC) 3.6.4.1 and earlier allows r ...)
	NOT-FOR-US: Cisco
CVE-2006-4429
	NOT-FOR-US: PHlyMail Lite
CVE-2006-4428
	NOT-FOR-US: Jupiter CMS
CVE-2006-4427 (index.php in eFiction before 2.0.7 allows remote attackers to bypass a ...)
	NOT-FOR-US: eFiction
CVE-2006-4426 (PHP remote file inclusion vulnerability in AES/modules/auth/phpsecurit ...)
	NOT-FOR-US: AlberT-EasySite
CVE-2006-4425 (Multiple PHP remote file inclusion vulnerabilities in phpCOIN 1.2.3 al ...)
	NOT-FOR-US: phpCOIN
CVE-2006-4424 (PHP remote file inclusion vulnerability in coin_includes/constants.php ...)
	NOT-FOR-US: phpCOIN
CVE-2006-4423 (Multiple PHP remote file inclusion vulnerabilities in Bigace 1.8.2 all ...)
	NOT-FOR-US: Bigace
CVE-2006-4422
	NOT-FOR-US: Jetbox CMS
CVE-2006-4421 (Cross-site scripting (XSS) vulnerability in template/default/thanks_co ...)
	NOT-FOR-US: Yet Another PHP Image Gallery
CVE-2006-4420 (Directory traversal vulnerability in include_lang.php in Phaos 0.9.2 a ...)
	NOT-FOR-US: Phaos
CVE-2006-4419 (SQL injection vulnerability in note.php in ProManager 0.73 allows remo ...)
	NOT-FOR-US: ProManager
CVE-2006-4418 (Directory traversal vulnerability in index.php for Wikepage 2006.2a Op ...)
	NOT-FOR-US: Wikepage
CVE-2006-4417 (SQL injection vulnerability in edituser.php in Xoops before 2.0.15 all ...)
	NOT-FOR-US: Xoops
CVE-2006-4416 (Untrusted search path vulnerability in the mkvg command in IBM AIX 5.2 ...)
	NOT-FOR-US: IBM AIX
CVE-2006-4415
	RESERVED
CVE-2006-4414
	RESERVED
CVE-2006-4413 (Apple Remote Desktop before 3.1 uses insecure permissions for certain  ...)
	NOT-FOR-US: Apple Remote Desktop
CVE-2006-4412 (WebKit in Apple Mac OS X 10.3.x through 10.3.9 and 10.4 through 10.4.8 ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2006-4411 (The VPN service in Apple Mac OS X 10.3.x through 10.3.9 and 10.4.x thr ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2006-4410 (The Security Framework in Apple Mac OS X 10.3.9, and 10.4.x before 10. ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2006-4409 (The Online Certificate Status Protocol (OCSP) service in the Security  ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2006-4408 (The Security Framework in Apple Mac OS X 10.4 through 10.4.8 allows re ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2006-4407 (The Security Framework in Apple Mac OS X 10.3.x up to 10.3.9 does not  ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2006-4406 (Buffer overflow in PPP on Apple Mac OS X 10.4.x up to 10.4.8 and 10.3. ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2006-4405
	RESERVED
CVE-2006-4404 (The Installer application in Apple Mac OS X 10.4.8 and earlier, when u ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2006-4403 (The FTP server in Apple Mac OS X 10.4.8 and earlier, when FTP Access i ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2006-4402 (Heap-based buffer overflow in the Finder in Apple Mac OS X 10.4.8 and  ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2006-4401 (Unspecified vulnerability in CFNetwork in Mac OS 10.4.8 and earlier al ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2006-4400 (Stack-based buffer overflow in the Apple Type Services (ATS) server in ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2006-4399 (User interface inconsistency in Workgroup Manager in Apple Mac OS X 10 ...)
	NOT-FOR-US: Mac OS
CVE-2006-4398 (Multiple buffer overflows in the Apple Type Services (ATS) server in M ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2006-4397 (Unchecked error condition in LoginWindow in Apple Mac OS X 10.4 throug ...)
	NOT-FOR-US: Mac OS
CVE-2006-4396 (The Apple Type Services (ATS) server in Mac OS X 10.4.8 and earlier do ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2006-4395 (Unspecified vulnerability in QuickDraw Manager in Apple Mac OS X 10.3. ...)
	NOT-FOR-US: Mac OS
CVE-2006-4394 (A logic error in LoginWindow in Apple Mac OS X 10.4 through 10.4.7, al ...)
	NOT-FOR-US: Mac OS
CVE-2006-4393 (Unspecified vulnerability in LoginWindow in Apple Mac OS X 10.4 throug ...)
	NOT-FOR-US: Mac OS
CVE-2006-4392 (The Mach kernel, as used in operating systems including (1) Mac OS X 1 ...)
	NOT-FOR-US: Mac OS
CVE-2006-4391 (Buffer overflow in Apple ImageIO on Apple Mac OS X 10.4 through 10.4.7 ...)
	NOT-FOR-US: Mac OS
CVE-2006-4390 (CFNetwork in Apple Mac OS X 10.4 through 10.4.7 and 10.3.9 allows remo ...)
	NOT-FOR-US: Mac OS
CVE-2006-4389 (Apple QuickTime before 7.1.3 allows user-assisted remote attackers to  ...)
	NOT-FOR-US: Apple QuickTime
CVE-2006-4388 (Integer overflow in Apple QuickTime before 7.1.3 allows user-assisted  ...)
	NOT-FOR-US: Apple QuickTime
CVE-2006-4387 (Apple Mac OS X 10.4 through 10.4.7, when the administrator clears the  ...)
	NOT-FOR-US: Mac OS
CVE-2006-4386 (Integer overflow in Apple QuickTime before 7.1.3 allows user-assisted  ...)
	NOT-FOR-US: Apple QuickTime
CVE-2006-4385 (Buffer overflow in Apple QuickTime before 7.1.3 allows user-assisted r ...)
	NOT-FOR-US: Apple QuickTime
CVE-2006-4384 (Heap-based buffer overflow in Apple QuickTime before 7.1.3 allows user ...)
	NOT-FOR-US: Apple QuickTime
CVE-2006-4383
	RESERVED
CVE-2006-4382 (Multiple buffer overflows in Apple QuickTime before 7.1.3 allow user-a ...)
	NOT-FOR-US: Apple QuickTime
CVE-2006-4381 (Integer overflow in Apple QuickTime before 7.1.3 allows user-assisted  ...)
	NOT-FOR-US: Apple QuickTime
CVE-2006-4380 (MySQL before 4.1.13 allows local users to cause a denial of service (p ...)
	{DSA-1169}
	- mysql-dfsg-5.0 <not-affected> (only 4.1 affected)
	- mysql-dfsg <not-affected> (only 4.1 affected)
	- mysql-dfsg-4.1 <removed>
CVE-2006-4379 (Stack-based buffer overflow in the SMTP Daemon in Ipswitch Collaborati ...)
	NOT-FOR-US: Ipswitch Collaboration 2006 Suite
CVE-2006-4378
	NOT-FOR-US: Rssxt component for Joomla! (com_rssxt)
CVE-2006-4377 (Multiple SQL injection vulnerabilities in Guder und Koch Netzwerktechn ...)
	NOT-FOR-US: Eichhorn Portal
CVE-2006-4376 (Multiple cross-site scripting (XSS) vulnerabilities in Guder und Koch  ...)
	NOT-FOR-US: Eichhorn Portal
CVE-2006-4375
	NOT-FOR-US: Contacts XTD (ContXTD) component for Mambo (com_contxtd)
CVE-2006-4374 (IrfanView 3.98 (with plugins) allows user-assisted attackers to cause  ...)
	NOT-FOR-US: IrfanView
CVE-2006-4373 (PHP remote file inclusion vulnerability in modules/visitors2/include/c ...)
	NOT-FOR-US: pSlash
CVE-2006-4372 (PHP remote file inclusion vulnerability in admin.lurm_constructor.php  ...)
	NOT-FOR-US: Lurm Constructor component (com_lurm_constructor) for Mambo
CVE-2006-4371 (Multiple directory traversal vulnerabilities in Alt-N WebAdmin 3.2.3 a ...)
	NOT-FOR-US: Alt-N WebAdmin
CVE-2006-4370 (Alt-N WebAdmin 3.2.3 and 3.2.4 running with MDaemon 9.0.5, and possibl ...)
	NOT-FOR-US: Alt-N WebAdmin
CVE-2006-4369 (Absolute path traversal vulnerability in includes/functions_portal.php ...)
	NOT-FOR-US: IntegraMOD Portal
CVE-2006-4368 (PHP remote file inclusion vulnerability in includes/functions_portal.p ...)
	NOT-FOR-US: IntegraMOD Portal
CVE-2006-4367 (SQL injection vulnerability in alltopics.php in the All Topics Hack 1. ...)
	NOT-FOR-US: All Topics Hack for phpBB
CVE-2006-4366 (PHP remote file inclusion vulnerability in index.php in RedBLoG 0.5 al ...)
	NOT-FOR-US: RedBLoG
CVE-2006-4365 (Multiple PHP remote file inclusion vulnerabilities in VistaBB 2.0.33 a ...)
	NOT-FOR-US: VistaBB
CVE-2006-4364 (Multiple heap-based buffer overflows in the POP3 server in Alt-N Techn ...)
	NOT-FOR-US: Alt-N Technologies MDaemon
CVE-2006-4363 (PHP remote file inclusion vulnerability in admin.cropcanvas.php in the ...)
	NOT-FOR-US: CropImage component (com_cropimage) for Mambo
CVE-2006-4362 (Cross-site scripting (XSS) vulnerability in getad.php in Diesel Paid M ...)
	NOT-FOR-US: Diesel Paid Mail
CVE-2006-4361 (Multiple cross-site scripting (XSS) vulnerabilities in jobseekers/forg ...)
	NOT-FOR-US: Diesel Job Site
CVE-2006-4360 (Cross-site scripting (XSS) vulnerability in E-commerce 4.7 for Drupal  ...)
	NOT-FOR-US: E-commerce for Drupal
CVE-2006-4359 (Stack-based buffer overflow in Trident Software PowerZip 7.06 Build 38 ...)
	NOT-FOR-US: PowerZip
CVE-2006-4358 (Cross-site scripting (XSS) vulnerability in index.php in Diesel Pay al ...)
	NOT-FOR-US: Diesel Pay
CVE-2006-4357 (PHP remote file inclusion vulnerability in clients/index.php in Diesel ...)
	NOT-FOR-US: Diesel Smart Traffic
CVE-2006-4356 (SQL injection vulnerability in Drupal Easylinks Module (easylinks.modu ...)
	NOT-FOR-US: Easylinks Module for Drupal
CVE-2006-4355 (Cross-site scripting (XSS) vulnerability in Drupal Easylinks Module (e ...)
	NOT-FOR-US: Easylinks Module for Drupal
CVE-2006-4354 (PHP remote file inclusion vulnerability in e/class/CheckLevel.php in P ...)
	NOT-FOR-US: Phome Empire CMS
CVE-2006-4353 (Unspecified vulnerability in Sun Java System Content Delivery Server 4 ...)
	NOT-FOR-US: Sun Java System Content Delivery Server
CVE-2006-4352 (The ArrowPoint cookie functionality for Cisco 11000 series Content Ser ...)
	NOT-FOR-US: Cisco
CVE-2006-4351 (Cross-site scripting (XSS) vulnerability in index.php in OneOrZero 1.6 ...)
	NOT-FOR-US: OneOrZero
CVE-2006-4350 (SQL injection vulnerability in index.php in OneOrZero 1.6.4.1 allows r ...)
	NOT-FOR-US: OneOrZero
CVE-2006-4349
	NOT-FOR-US: ToendaCMS
CVE-2006-4348 (PHP remote file inclusion vulnerability in config.kochsuite.php in the ...)
	NOT-FOR-US: Kochsuite (com_kochsuite) component for Mambo and Joomla!
CVE-2006-4347 (SQL injection vulnerability in user logon authentication request handl ...)
	NOT-FOR-US: Cool Manager
CVE-2006-4346 (Asterisk 1.2.10 supports the use of client-controlled variables to det ...)
	- asterisk 1:1.2.11.dfsg-1 (medium; bug #385060)
CVE-2006-4345 (Stack-based buffer overflow in channels/chan_mgcp.c in MGCP in Asteris ...)
	- asterisk 1:1.2.11.dfsg-1 (medium; bug #385060)
CVE-2006-4344 (CRLF injection vulnerability in CGI-Rescue Mail F/W System (formd) bef ...)
	NOT-FOR-US: CGI-Rescue Mail F/W System
CVE-2006-4343 (The get_server_hello function in the SSLv2 client code in OpenSSL 0.9. ...)
	{DSA-1195-1 DSA-1185-2}
	- openssl 0.9.8c-2 (bug #389940)
	- openssl097 0.9.7k-2
	- openssl096 <removed>
CVE-2006-4342 (The kernel in Red Hat Enterprise Linux 3, when running on SMP systems, ...)
	- linux-2.6 <not-affected> (Flaw specific to Red Hat backport)
CVE-2006-4341
	REJECTED
CVE-2006-4340 (Mozilla Network Security Service (NSS) library before 3.11.3, as used  ...)
	{DSA-1210 DSA-1192-1 DSA-1191-1}
	NOTE: MFSA-2006-60, this is the similar to CVE-2006-4339
	- mozilla <removed> (high)
	- firefox 1.5.dfsg+1.5.0.7-1 (high)
	- thunderbird 1.5.0.7-1 (high)
	- xulrunner 1.8.0.7-1 (high)
CVE-2006-4339 (OpenSSL before 0.9.7, 0.9.7 before 0.9.7k, and 0.9.8 before 0.9.8c, wh ...)
	{DSA-1174-1 DSA-1173-1}
	- openssl 0.9.8b-3 (medium)
	- openssl097 0.9.7i-2 (medium)
	- openssl096 <removed>
CVE-2006-4338 (unlzh.c in the LHZ component in gzip 1.3.5 allows context-dependent at ...)
	{DSA-1181-1}
	- gzip 1.3.5-15 (medium)
	- lha 1.14i-10.1 (medium; bug #401301)
	[sarge] - lha <no-dsa> (Non-free not supported)
	[etch] - lha <no-dsa> (Non-free not supported)
CVE-2006-4337 (Buffer overflow in the make_table function in the LHZ component in gzi ...)
	{DSA-1181-1}
	- gzip 1.3.5-15 (high)
	- lha 1.14i-10.1 (high; bug #401301)
	[sarge] - lha <no-dsa> (Non-free not supported)
	[etch] - lha <no-dsa> (Non-free not supported)
CVE-2006-4336 (Buffer underflow in the build_tree function in unpack.c in gzip 1.3.5  ...)
	{DSA-1181-1}
	- gzip 1.3.5-15 (high)
CVE-2006-4335 (Array index error in the make_table function in unlzh.c in the LZH dec ...)
	{DSA-1181-1}
	- gzip 1.3.5-15 (high)
	- lha 1.14i-10.1 (high; bug #401301)
	[sarge] - lha <no-dsa> (Non-free not supported)
	[etch] - lha <no-dsa> (Non-free not supported)
CVE-2006-4334 (Unspecified vulnerability in gzip 1.3.5 allows context-dependent attac ...)
	{DSA-1974-1 DSA-1181-1}
	- gzip 1.3.5-15 (high)
CVE-2006-4333 (The SSCOP dissector in Wireshark (formerly Ethereal) before 0.99.3 all ...)
	{DSA-1171}
	- wireshark 0.99.2-5.1 (low; bug #384529)
	- ethereal <removed> (low; bug #384528)
CVE-2006-4332 (Unspecified vulnerability in the DHCP dissector in Wireshark (formerly ...)
	- wireshark <not-affected> (windows only)
	- ethereal <not-affected> (windows only)
CVE-2006-4331 (Multiple off-by-one errors in the IPSec ESP preference parser in Wires ...)
	- wireshark 0.99.2-5.1 (medium; bug #384529)
	- ethereal <not-affected> (only wireshark 0.99.2 affected)
CVE-2006-4330 (Unspecified vulnerability in the SCSI dissector in Wireshark (formerly ...)
	- wireshark 0.99.2-5 (medium; bug #384529)
	- ethereal <not-affected> (only wireshark 0.99.2 affected)
CVE-2006-4329 (Multiple PHP remote file inclusion vulnerabilities in Shadows Rising R ...)
	NOT-FOR-US: Shadows Rising
CVE-2006-4328 (SQL injection vulnerability in admin.php in CloudNine Interactive Link ...)
	NOT-FOR-US: CloudNine
CVE-2006-4327 (Multiple cross-site scripting (XSS) vulnerabilities in add_url.php in  ...)
	NOT-FOR-US: CloudNine
CVE-2006-4326 (Stack-based buffer overflow in Justsystem Ichitaro 9.x through 13.x, I ...)
	NOT-FOR-US: Ichitaro
CVE-2006-4325 (Cross-site scripting (XSS) vulnerability in gbook.php in Doika guestbo ...)
	NOT-FOR-US: Doika
CVE-2006-4324 (Cross-site scripting (XSS) vulnerability in add_url2.php in CityForFre ...)
	NOT-FOR-US: CityForFree
CVE-2006-4323 (SQL injection vulnerability in list.php in CityForFree indexcity 1.0,  ...)
	NOT-FOR-US: CityForFree
CVE-2006-4322 (PHP remote file inclusion vulnerability in estateagent.php in the Esta ...)
	NOT-FOR-US: Mambo
CVE-2006-4321 (PHP remote file inclusion vulnerability in cpg.php in the Coppermine P ...)
	NOT-FOR-US: Mambo
CVE-2006-4320 (PHP remote file inclusion vulnerability in sef.php in the OpenSEF 2.0. ...)
	NOT-FOR-US: OpenSEF for Joomla
CVE-2006-4319 (Buffer overflow in the format command in Solaris 8, 9, and 10 allows l ...)
	NOT-FOR-US: Solaris
CVE-2006-4318 (Buffer overflow in WFTPD Server 3.23 allows remote attackers to execut ...)
	NOT-FOR-US: WFTPD
CVE-2006-4317 (Cross-site scripting (XSS) vulnerability in attachment.php in WoltLab  ...)
	NOT-FOR-US: WoltLab
CVE-2006-4316 (SSH Tectia Management Agent 2.1.2 allows local users to gain root priv ...)
	NOT-FOR-US: SSH Tectia Management Agent
CVE-2006-4315 (Unquoted Windows search path vulnerability in multiple SSH Tectia prod ...)
	NOT-FOR-US: SSH Tectia Management Agent
CVE-2006-4314 (The manager server in Symantec Enterprise Security Manager (ESM) 6 and ...)
	NOT-FOR-US: Symantec
CVE-2006-4313 (Multiple unspecified vulnerabilities in Cisco VPN 3000 series concentr ...)
	NOT-FOR-US: Cisco
CVE-2006-4312 (Cisco PIX 500 Series Security Appliances and ASA 5500 Series Adaptive  ...)
	NOT-FOR-US: Cisco
CVE-2006-4311 (PHP remote file inclusion vulnerability in Sonium Enterprise Adressboo ...)
	NOT-FOR-US: Sonium Enterprise Adressbook
CVE-2006-4310 (Mozilla Firefox 1.5.0.6 allows remote attackers to cause a denial of s ...)
	{DSA-1227-1 DSA-1225-1 DSA-1224-1}
	- firefox 45.0-1
	- firefox-esr 45.0esr-1
	- iceweasel 2.0+dfsg-1
	- mozilla <removed>
	- mozilla-firefox <removed>
	- xulrunner 1.8.0.8-1
CVE-2006-4309 (VNC server on the AK-Systems Windows Terminal 1.2.5 ExVLP is not passw ...)
	NOT-FOR-US: AK-Systems Windows Terminal
CVE-2006-4308 (Multiple cross-site scripting (XSS) vulnerabilities in Blackboard Lear ...)
	NOT-FOR-US: Blackboard Learning System
CVE-2006-4307 (Unspecified vulnerability in the format command in Sun Solaris 8 and 9 ...)
	NOT-FOR-US: Solaris
CVE-2006-4306 (Unspecified vulnerability in Sun Solaris 8 and 9 before 20060821 allow ...)
	NOT-FOR-US: Solaris
CVE-2006-4305 (Buffer overflow in SAP DB and MaxDB before 7.6.00.30 allows remote att ...)
	{DSA-1190-1}
	- maxdb-7.5.00 7.5.00.34-5 (high; bug #386182)
CVE-2006-4304 (Buffer overflow in the sppp driver in FreeBSD 4.11 through 6.1, NetBSD ...)
	- kfreebsd-5 5.4-18 (bug #391289)
	[etch] - kfreebsd-5 <no-dsa> (Etch doesn't have security support for the FreeBSD kernel)
CVE-2006-4303 (Race condition in (1) libnsl and (2) TLI/XTI API routines in Sun Solar ...)
	NOT-FOR-US: Solaris
CVE-2006-4302 (The Java Plug-in J2SE 1.3.0_02 through 5.0 Update 5, and Java Web Star ...)
	- sun-java5 1.5.0-07-1
CVE-2006-4301 (Microsoft Internet Explorer 6.0 SP1 allows remote attackers to cause a ...)
	NOT-FOR-US: Microsoft
CVE-2006-4300 (SQL injection vulnerability in comments.asp in SimpleBlog 2.0 and earl ...)
	NOT-FOR-US: SimpleBlog
CVE-2006-4299 (Cross-site scripting (XSS) vulnerability in tiki-searchindex.php in Ti ...)
	- tikiwiki 1.9.4+dfsg2-2 (low; bug #384796)
CVE-2006-4298 (Multiple directory traversal vulnerabilities in cache.php in osCommerc ...)
	NOT-FOR-US: osCommerce
CVE-2006-4297 (SQL injection vulnerability in shopping_cart.php in osCommerce before  ...)
	NOT-FOR-US: osCommerce
CVE-2006-4296 (PHP remote file inclusion vulnerability in classes/Tar.php in bigAPE-B ...)
	NOT-FOR-US: bigAPE-Backup component (com_babackup) for Mambo
CVE-2006-4295 (Cross-site scripting (XSS) vulnerability in ascan_6.asp in Panda Activ ...)
	NOT-FOR-US: Panda ActiveScan
CVE-2006-4294 (Directory traversal vulnerability in viewfile in TWiki 4.0.0 through 4 ...)
	- twiki 1:4.0.4-3 (bug #389267; low)
CVE-2006-4293 (Multiple cross-site scripting (XSS) vulnerabilities in cPanel 10 allow ...)
	NOT-FOR-US: cPanel
CVE-2006-4292 (Unspecified vulnerability in Niels Provos Honeyd before 1.5b allows re ...)
	- honeyd 1.5b-1 (low; bug #384806)
	[sarge] - honeyd <no-dsa> (Minor issue)
CVE-2006-4291 (PHP remote file inclusion vulnerability in handlers/email/mod.listmail ...)
	NOT-FOR-US: PHlyMail Lite
CVE-2006-4290 (Directory traversal vulnerability in Sony VAIO Media Server 2.x, 3.x,  ...)
	NOT-FOR-US: Sony
CVE-2006-4289 (Buffer overflow in Sony VAIO Media Server 2.x, 3.x, 4.x, and 5.x befor ...)
	NOT-FOR-US: Sony
CVE-2006-4288 (PHP remote file inclusion vulnerability in admin.a6mambocredits.php in ...)
	NOT-FOR-US: a6mambocredits component (com_a6mambocredits) for Mambo
CVE-2006-4287 (Multiple PHP remote file inclusion vulnerabilities in NES Game and NES ...)
	NOT-FOR-US: NES Game and NES System
CVE-2006-4286
	NOT-FOR-US: contentpublisher component (com_contentpublisher) for Mambo
CVE-2006-4285 (PHP remote file inclusion vulnerability in news.php in Fantastic News  ...)
	NOT-FOR-US: Fantastic News
CVE-2006-4284 (SQL injection vulnerability in comments.asp in LBlog 1.05 and earlier  ...)
	NOT-FOR-US: LBlog
CVE-2006-4283 (Multiple PHP remote file inclusion vulnerabilities in SOLMETRA SPAW Ed ...)
	NOT-FOR-US: SOLMETRA SPAW Editor
CVE-2006-4282 (PHP remote file inclusion vulnerability in MamboLogin.php in the Mambo ...)
	NOT-FOR-US: MamboWiki component (com_mambowiki) for Mambo and Joomla!
CVE-2006-4281 (PHP remote file inclusion vulnerability in akocomments.php in AkoComme ...)
	NOT-FOR-US: AkoComment 1.1 module (com_akocomment) for Mambo
CVE-2006-4280
	NOT-FOR-US: ANJEL (formerly MaMML) Component (com_anjel) for Mambo
CVE-2006-4279 (SQL injection vulnerability in topic_post.php in XennoBB 2.2.1 and ear ...)
	NOT-FOR-US: XennoBB
CVE-2006-4278 (PHP remote file inclusion vulnerability in includes/layout/plain.foote ...)
	NOT-FOR-US: SportsPHool
CVE-2006-4277 (Multiple PHP remote file inclusion vulnerabilities in Tutti Nova 1.6 a ...)
	NOT-FOR-US: Tutti Nova
CVE-2006-4276 (PHP remote file inclusion vulnerability in Tutti Nova 1.6 and earlier  ...)
	NOT-FOR-US: Tutti Nova
CVE-2006-4275 (PHP remote file inclusion vulnerability in catalogshop.php in the Cata ...)
	NOT-FOR-US: CatalogShop component for Mambo (com_catalogshop)
CVE-2006-4274
	REJECTED
CVE-2006-4273 (Cross-site scripting (XSS) vulnerability in Jelsoft vBulletin 3.5.4 an ...)
	NOT-FOR-US: Jelsoft vBulletin
CVE-2006-4272
	NOT-FOR-US: Jelsoft vBulletin
CVE-2006-4271
	NOT-FOR-US: Jelsoft vBulletin
CVE-2006-4270 (PHP remote file inclusion vulnerability in mambelfish.class.php in the ...)
	NOT-FOR-US: mambelfish component (com_mambelfish) for Mambo
CVE-2006-4269
	NOT-FOR-US: x-shop component (com_x-shop) for Mambo and Joomla!
CVE-2006-4268 (Multiple cross-site scripting (XSS) vulnerabilities in CubeCart 3.0.11 ...)
	NOT-FOR-US: CubeCart
CVE-2006-4267 (Multiple SQL injection vulnerabilities in CubeCart 3.0.11 and earlier  ...)
	NOT-FOR-US: CubeCart
CVE-2006-4266 (Symantec Norton Personal Firewall 2006 9.1.0.33, and possibly earlier, ...)
	NOT-FOR-US: Symantec
CVE-2006-4265 (Kaspersky Anti-Hacker 1.8.180, when Stealth Mode is enabled, allows re ...)
	NOT-FOR-US: Kaspersky
CVE-2006-4264
	NOT-FOR-US: lmtg_myhomepage Component (com_lmtg_myhomepage) for Mambo
CVE-2006-4263 (Multiple PHP remote file inclusion vulnerabilities in the Product Scro ...)
	NOT-FOR-US: mambo-phpshop (com_phpshop) for Mambo and Joomla!
CVE-2006-4262 (Multiple buffer overflows in cscope 15.5 and earlier allow user-assist ...)
	{DSA-1186-1}
	- cscope 15.5+cvs20060902-1 (low; bug #385893)
CVE-2006-4261
	REJECTED
CVE-2006-4260 (Directory traversal vulnerability in index.php in Fotopholder 1.8 allo ...)
	NOT-FOR-US: Fotopholder
CVE-2006-4259 (Cross-site scripting (XSS) vulnerability in index.php in Fotopholder 1 ...)
	NOT-FOR-US: Fotopholder
CVE-2006-4258 (Absolute path traversal vulnerability in the get functionality in Anti ...)
	NOT-FOR-US: Anti-Spam SMTP Proxy
CVE-2006-4257 (IBM DB2 Universal Database (UDB) before 8.1 FixPak 13 allows remote au ...)
	NOT-FOR-US: IBM DB2
CVE-2006-4256 (index.php in Horde Application Framework before 3.1.2 allows remote at ...)
	{DSA-1406-1}
	- horde3 3.1.3-1 (low; bug #383416)
CVE-2006-4255 (Cross-site scripting (XSS) vulnerability in horde/imp/search.php in Ho ...)
	- imp4 4.1.3-1 (low; bug #383416)
CVE-2006-4254 (Unspecified vulnerability in setlocale in IBM AIX 5.1.0 through 5.3.0  ...)
	NOT-FOR-US: IBM AIX
CVE-2006-4253 (Concurrency vulnerability in Mozilla Firefox 1.5.0.6 and earlier allow ...)
	NOTE: MFSA-2006-59
	- xulrunner 1.8.0.7-1 (medium)
	- firefox 1.5.dfsg+1.5.0.7-1 (medium)
	- mozilla <removed> (medium)
	- thunderbird 1.5.0.7-1 (low)
	- mozilla-firefox <removed> (unimportant)
	[sarge] - mozilla <unfixed> (unimportant)
	[sarge] - mozilla-thunderbird <unfixed> (unimportant)
	NOTE: On Sarge this is only a crasher, code injection is only possible for Firefox 1.5 et al.
CVE-2006-4252 (PowerDNS Recursor 3.1.3 and earlier allows remote attackers to cause a ...)
	- pdns-recursor 3.1.4-1 (bug #398559)
	- pdns <not-affected> (Recursor module has been moved to pdns-recursor)
CVE-2006-4251 (Buffer overflow in PowerDNS Recursor 3.1.3 and earlier might allow rem ...)
	{DSA-1211}
	- pdns-recursor 3.1.4-1 (bug #398557; high)
	- pdns 2.9.20-4
	NOTE: Recursor module has been moved to pdns-recursor
CVE-2006-4250 (Buffer overflow in man and mandb (man-db) 2.4.3 and earlier allows loc ...)
	{DSA-1278-1}
	- man-db 2.4.3-5
CVE-2006-4249 (Unspecified vulnerability in PlonePAS in Plone 2.5 and 2.5.1, when ano ...)
	- zope-cmfplone 2.5.1-3 (bug #401796)
	[sarge] - zope-cmfplone <not-affected> (Vulnerable code not present)
CVE-2006-4248 (thttpd on Debian GNU/Linux, and possibly other distributions, allows l ...)
	{DSA-1205-1}
	- thttpd 2.23beta1-5 (bug #396277)
CVE-2006-4247 (Unspecified vulnerability in the Password Reset Tool before 0.4.1 on P ...)
	[sarge] - zope-cmfplone <not-affected> (Vulnerable code not present)
	- zope-cmfplone 2.5.1-1
CVE-2006-4246 (Usermin before 1.220 (20060629) allows remote attackers to read arbitr ...)
	{DSA-1177-1}
	- usermin <removed> (bug #374609)
CVE-2006-4245 (archivemail 0.6.2 uses temporary files insecurely leading to a possibl ...)
	- archivemail 0.6.2-2 (bug #385253)
CVE-2006-4244 (SQL-Ledger 2.4.4 through 2.6.17 authenticates users by verifying that  ...)
	{DSA-1239-1}
	- sql-ledger 2.6.18-1 (medium; bug #386519)
CVE-2006-4243 (linux vserver 2.6 before 2.6.17 suffers from privilege escalation in r ...)
	- linux-2.6 2.6.17-9
CVE-2006-4242 (PHP remote file inclusion vulnerability in install.jim.php in the JIM  ...)
	NOT-FOR-US: JIM component for Joomla or Mambo
CVE-2006-4241 (PHP remote file inclusion vulnerability in processor/reporter.sql.php  ...)
	NOT-FOR-US: Reporter Mambo component (com_reporter)
CVE-2006-4240 (PHP remote file inclusion vulnerability in index.php in Fusion News 3. ...)
	NOT-FOR-US: Fusion News
CVE-2006-4239 (PHP remote file inclusion vulnerability in include/urights.php in Outr ...)
	NOT-FOR-US: Outreach Project Tool
CVE-2006-4238 (SQL injection vulnerability in torrents.php in WebTorrent (WTcom) 0.2. ...)
	NOT-FOR-US: WebTorrent (WTcom)
CVE-2006-4237 (PHP remote file inclusion vulnerability in pageheaderdefault.inc.php i ...)
	NOT-FOR-US: Invisionix Roaming System Remote (IRSR)
CVE-2006-4236 (Multiple PHP remote file inclusion vulnerabilities in POWERGAP allow r ...)
	NOT-FOR-US: POWERGAP
CVE-2006-4235 (Buffer overflow in the import project functionality in Sony SonicStage ...)
	NOT-FOR-US: Sony
CVE-2006-4234 (PHP remote file inclusion vulnerability in classes/query.class.php in  ...)
	NOT-FOR-US: dotProject
CVE-2006-4233 (Globus Toolkit 3.2.x, 4.0.x, and 4.1.0 before 20060815 allow local use ...)
	NOT-FOR-US: Globus Toolkit
CVE-2006-4232 (Race condition in the grid-proxy-init tool in Globus Toolkit 3.2.x, 4. ...)
	NOT-FOR-US: Globus Toolkit
CVE-2006-4231 (IrfanView 3.98 (with plugins) allows remote attackers to cause a denia ...)
	NOT-FOR-US: IrfanView
CVE-2006-4230 (Multiple PHP remote file inclusion vulnerabilities in index.php in Liz ...)
	NOT-FOR-US: Lizge Web Portal
CVE-2006-4229 (PHP remote file inclusion vulnerability in archive.php in the mosListM ...)
	NOT-FOR-US: mosListMessenger Component (com_lm) for Mambo and Joomla!
CVE-2006-4228 (Symantec Veritas NetBackup PureDisk Remote Office Edition 6.0 before M ...)
	NOT-FOR-US: Symantec
CVE-2006-4227 (MySQL before 5.0.25 and 5.1 before 5.1.12 evaluates arguments of suid  ...)
	- mysql-dfsg-5.0 5.0.24-3 (low; bug #384798)
CVE-2006-4226 (MySQL before 4.1.21, 5.0 before 5.0.25, and 5.1 before 5.1.12, when ru ...)
	{DSA-1169}
	- mysql-dfsg-5.0 5.0.24-3 (low; bug #384798)
	[sarge] - mysql-dfsg <not-affected> (Vulnerable code not present)
CVE-2006-4225
	REJECTED
CVE-2006-4224 (Cross-site scripting (XSS) vulnerability in calendar.php in Virtual Wa ...)
	NOT-FOR-US: Virtual War
CVE-2006-4223 (IBM WebSphere Application Server (WAS) before 6.0.2.13 allows context- ...)
	NOT-FOR-US: IBM WebSphere Application
CVE-2006-4222 (Multiple unspecified vulnerabilities in IBM WebSphere Application Serv ...)
	NOT-FOR-US: IBM WebSphere Application
CVE-2006-4221 (Stack-based buffer overflow in the IBM Access Support eGatherer Active ...)
	NOT-FOR-US: IBM
CVE-2006-4220 (Multiple cross-site scripting (XSS) vulnerabilities in webacc in Novel ...)
	NOT-FOR-US: Novell GroupWise WebAccess
CVE-2006-4219 (The Terminal Services COM object (tsuserex.dll) allows remote attacker ...)
	NOT-FOR-US: Terminal Services COM object
CVE-2006-4218 (Directory traversal vulnerability in Zen Cart 1.3.0.2 and earlier allo ...)
	NOT-FOR-US: Zen Cart
CVE-2006-4217 (PHP remote file inclusion vulnerability in modules/usersonline/users.p ...)
	NOT-FOR-US: WEBInsta CMS
CVE-2006-4216
	REJECTED
CVE-2006-4215 (PHP remote file inclusion vulnerability in index.php in Zen Cart 1.3.0 ...)
	NOT-FOR-US: Zen Cart
CVE-2006-4214 (Multiple SQL injection vulnerabilities in Zen Cart 1.3.0.2 and earlier ...)
	NOT-FOR-US: Zen Cart
CVE-2006-4213 (PHP remote file inclusion vulnerability in config.php in David Kent No ...)
	NOT-FOR-US: Thatware
CVE-2006-4212 (SQL injection vulnerability in b0zz and Chris Vincent Owl Intranet Eng ...)
	NOT-FOR-US: Owl Intranet Engine
CVE-2006-4211 (Cross-site scripting (XSS) vulnerability in b0zz and Chris Vincent Owl ...)
	NOT-FOR-US: Owl Intranet Engine
CVE-2006-4210 (nu_mail.inc.php in Andreas Kansok phPay 2.02 and 2.02.1, when register ...)
	NOT-FOR-US: phPay
CVE-2006-4209 (PHP remote file inclusion vulnerability in install3.php in WEBInsta Ma ...)
	NOT-FOR-US: WEBInsta Mailing List Manager
CVE-2006-4208 (Directory traversal vulnerability in wp-db-backup.php in Skippy WP-DB- ...)
	- wordpress 2.0.5-0.1 (unimportant; bug #384800)
	NOTE: Only exploitable by admin users, someone with the privilege to backup
	NOTE: your data must be trustworthy
CVE-2006-4207 (Multiple PHP remote file inclusion vulnerabilities in Bob Jewell Discl ...)
	NOT-FOR-US: Discloser
CVE-2006-4206 (Cross-site scripting (XSS) vulnerability in calendar.asp in ASPPlaygro ...)
	NOT-FOR-US: ASPPlayground.NET Forum Advanced Edition
CVE-2006-4205 (Multiple PHP remote file inclusion vulnerabilities in WebDynamite Proj ...)
	NOT-FOR-US: WebDynamite ProjectButler
CVE-2006-4204 (Multiple PHP remote file inclusion vulnerabilities in PHProjekt 5.1 an ...)
	NOT-FOR-US: PHProjekt
CVE-2006-4203 (PHP remote file inclusion vulnerability in help.mmp.php in the MMP Com ...)
	NOT-FOR-US: MMP Component (com_mmp) for Mambo
CVE-2006-4202 (SQL injection vulnerability in proje_goster.php in Spidey Blog Script  ...)
	NOT-FOR-US: Spidey Blog Script
CVE-2006-4201 (Unspecified vulnerability in the backup agent and Cell Manager in HP O ...)
	NOT-FOR-US: HP OpenView Storage Data Protector
CVE-2006-4200 (Unspecified vulnerability in 04WebServer 1.83 and earlier allows remot ...)
	NOT-FOR-US: 04WebServer
CVE-2006-4199 (Cross-site scripting (XSS) vulnerability in Soft3304 04WebServer 1.83  ...)
	NOT-FOR-US: 04WebServer
CVE-2006-4198 (PHP remote file inclusion vulnerability in includes/session.php in Whe ...)
	NOT-FOR-US: Wheatblog
CVE-2006-4197 (Multiple buffer overflows in libmusicbrainz (aka mb_client or MusicBra ...)
	{DSA-1162}
	- libmusicbrainz-2.1 2.1.4-1 (medium; bug #383030)
	- libmusicbrainz-2.0 <removed> (medium; bug #383031)
CVE-2006-4196 (PHP remote file inclusion vulnerability in index.php in WEBInsta CMS 0 ...)
	NOT-FOR-US: WEBInsta CMS
CVE-2006-4195 (PHP remote file inclusion vulnerability in param.peoplebook.php in the ...)
	NOT-FOR-US: Peoplebook Component for Mambo (com_peoplebook)
CVE-2006-XXXX [gallery2 session ID disclosure]
	- gallery2 2.1.2-1
CVE-2006-XXXX [insecure filehandling in mysql_upgrade]
	- mysql-dfsg-5.0 5.0.24-1
	NOTE: mysql_upgrade not in 4.x
CVE-2006-4194
	NOT-FOR-US: Cisco
CVE-2006-4193 (Microsoft Internet Explorer 6.0 SP1 and possibly other versions allows ...)
	NOT-FOR-US: MS IE
CVE-2006-4192 (Multiple buffer overflows in MODPlug Tracker (OpenMPT) 1.17.02.43 and  ...)
	- libmodplug 1:0.7-5.2 (medium; bug #383574)
	- gst-plugins-bad0.10 0.10.3-3.1 (medium; bug #407956)
CVE-2006-4191 (Directory traversal vulnerability in memcp.php in XMB (Extreme Message ...)
	NOT-FOR-US: XMB
CVE-2006-4190 (Directory traversal vulnerability in autohtml.php in the AutoHTML modu ...)
	NOT-FOR-US: PHP-Nuke module AutoHTML
CVE-2006-4189 (Multiple PHP remote file inclusion vulnerabilities in Dolphin 5.1 allo ...)
	NOT-FOR-US: Dolphin
CVE-2006-4188 (Unspecified vulnerability in the LP subsystem in HP-UX B.11.00, B.11.0 ...)
	NOT-FOR-US: HP-UX
CVE-2006-4187 (Unspecified vulnerability in HP-UX B.11.00, B.11.11 and B.11.23, when  ...)
	NOT-FOR-US: HP-UX
CVE-2006-4186 (The iManager in eMBoxClient.jar in Novell eDirectory 8.7.3.8 writes pa ...)
	NOT-FOR-US: Novell eDirectory
CVE-2006-4185 (Unspecified vulnerability in the NCPENGINE in Novell eDirectory 8.7.3. ...)
	NOT-FOR-US: Novell eDirectory
CVE-2006-4184 (SmartLine DeviceLock before 5.73 Build 305 does not properly enforce a ...)
	NOT-FOR-US: SmartLine DeviceLock
CVE-2006-4183 (Heap-based buffer overflow in Microsoft DirectX SDK (February 2006) an ...)
	NOT-FOR-US: Microsoft
CVE-2006-4182 (Integer overflow in ClamAV 0.88.1 and 0.88.4, and other versions befor ...)
	{DSA-1196-1}
	- clamav 0.88.5-1 (high; bug #393445)
CVE-2006-4181 (Format string vulnerability in the sqllog function in the SQL accounti ...)
	NOT-FOR-US: GNU Radius
CVE-2006-4180
	REJECTED
CVE-2006-4179
	RESERVED
CVE-2006-4178 (Integer signedness error in the i386_set_ldt call in FreeBSD 5.5, and  ...)
	- kfreebsd-5 <removed> (bug #391289; low)
	[etch] - kfreebsd-5 <no-dsa> (Etch doesn't have security support for the FreeBSD kernel)
CVE-2006-4177 (Heap-based buffer overflow in the NCP engine in Novell eDirectory befo ...)
	NOT-FOR-US: Novell eDirectory
CVE-2006-4176
	RESERVED
CVE-2006-4175 (The LDAP server (ns-slapd) in Sun Java System Directory Server 5.2 Pat ...)
	NOT-FOR-US: Sun Java System Directory Server
CVE-2006-4174
	RESERVED
CVE-2006-4173
	RESERVED
CVE-2006-4172 (Integer overflow vulnerability in the i386_set_ldt call in FreeBSD 5.5 ...)
	- kfreebsd-5 <removed> (bug #391289; low)
	[etch] - kfreebsd-5 <no-dsa> (Etch doesn't have security support for the FreeBSD kernel)
CVE-2006-4171
	RESERVED
CVE-2006-4170
	REJECTED
CVE-2006-4169 (Multiple directory traversal vulnerabilities in the G/PGP (GPG) Plugin ...)
	NOT-FOR-US: G/PGP (GPG) plugin for Squirrelmail
CVE-2006-4168 (Integer overflow in the exif_data_load_data_entry function in libexif/ ...)
	{DSA-1310-1}
	- libexif 0.6.16-1 (bug #430012)
CVE-2006-4167
	RESERVED
CVE-2006-4166 (PHP remote file inclusion vulnerability in TinyWebGallery 1.5 and earl ...)
	NOT-FOR-US: TinyWebGallery
CVE-2006-4165 (Cross-site scripting (XSS) vulnerability in NetCommons 1.0.8 and earli ...)
	NOT-FOR-US: NetCommons
CVE-2006-4164 (PHP remote file inclusion vulnerability in inc/header.inc.php in phpPr ...)
	NOT-FOR-US: phpPrintAnalyzer
CVE-2006-4163
	NOT-FOR-US: miniBloggie
CVE-2006-4162 (Cross-site scripting (XSS) vulnerability in Dragonfly CMS 9.0.6.1 and  ...)
	NOT-FOR-US: Dragonfly CMS
CVE-2006-4161 (Directory traversal vulnerability in the avatar_gallery action in prof ...)
	NOT-FOR-US: XennoBB
CVE-2006-4160 (Multiple PHP remote file inclusion vulnerabilities in Tony Bibbs and V ...)
	NOT-FOR-US: MVCnPHP
CVE-2006-4159 (Multiple PHP remote file inclusion vulnerabilities in Chaussette 08070 ...)
	NOT-FOR-US: Chaussette
CVE-2006-4158 (PHP remote file inclusion vulnerability in Login.php in Spaminator 1.7 ...)
	NOT-FOR-US: Spaminator
CVE-2006-4157 (Cross-site scripting (XSS) vulnerability in index.php in Yet another B ...)
	NOT-FOR-US: Yet another Bulletin Board (YaBB)
CVE-2006-4156
	NOT-FOR-US: pearlabs mafia moblog
CVE-2006-4155 (Unspecified vulnerability in func_topic_threaded.php (aka threaded vie ...)
	NOT-FOR-US: Invision Power Board (IPB)
CVE-2006-4154 (Format string vulnerability in the mod_tcl module 1.0 for Apache 2.x a ...)
	NOT-FOR-US: mod_tcl
CVE-2006-4153
	RESERVED
CVE-2006-4152
	RESERVED
CVE-2006-4151
	RESERVED
CVE-2006-4150
	RESERVED
CVE-2006-4149
	RESERVED
CVE-2006-4148
	RESERVED
CVE-2006-4147
	RESERVED
CVE-2006-4146 (Buffer overflow in the (1) DWARF (dwarfread.c) and (2) DWARF2 (dwarf2r ...)
	- gdb 7.3-1 (unimportant)
	NOTE: Every sensible use of gdb involves executing the debugged binary
	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;a=commit;h=d53d4ac5aaf62c631e8d915e049eaf3f52fe24c8
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=204841
	NOTE: https://bugs.launchpad.net/ubuntu/+source/gdb/+bug/62695
CVE-2006-4145 (The Universal Disk Format (UDF) filesystem driver in Linux kernel 2.6. ...)
	{DSA-1184-2}
	- linux-2.6 2.6.17-7
CVE-2006-4143 (Netgear FVG318 running firmware 1.0.40 allows remote attackers to caus ...)
	NOT-FOR-US: Netgear
CVE-2006-4142 (SQL injection vulnerability in extra/online.php in Virtual War (VWar)  ...)
	NOT-FOR-US: Virtual War (VWar)
CVE-2006-4141 (SQL injection vulnerability in news.php in Virtual War (VWar) 1.5.0 an ...)
	NOT-FOR-US: Virtual War (VWar)
CVE-2006-4140 (Directory traversal vulnerability in IPCheck Server Monitor before 5.3 ...)
	NOT-FOR-US: IPCheck Server Monitor
CVE-2006-4139 (Race condition in Sun Solaris 10 allows attackers to cause a denial of ...)
	NOT-FOR-US: Solaris
CVE-2006-4138 (Multiple unspecified vulnerabilities in Microsoft Windows Help File vi ...)
	NOT-FOR-US: Microsoft
CVE-2006-4137 (IBM WebSphere Application Server before 6.1.0.1 allows attackers to ob ...)
	NOT-FOR-US: IBM WebSphere
CVE-2006-4136 (Multiple unspecified vulnerabilities in IBM WebSphere Application Serv ...)
	NOT-FOR-US: IBM WebSphere
CVE-2006-4135
	NOT-FOR-US: Calendarix
CVE-2006-4134 (Unspecified vulnerability related to a "design flaw" in SAP Internet G ...)
	NOT-FOR-US: SAP
CVE-2006-4133 (Heap-based buffer overflow in SAP Internet Graphics Service (IGS) 6.40 ...)
	NOT-FOR-US: SAP
CVE-2006-4132 (ArcSoft MMS Composer 1.5.5.6 and possibly earlier, and 2.0.0.13 and po ...)
	NOT-FOR-US: ArcSoft MMS Composer
CVE-2006-4131 (Multiple buffer overflows in ArcSoft MMS Composer 1.5.5.6, and possibl ...)
	NOT-FOR-US: ArcSoft MMS Composer
CVE-2006-4130 (PHP remote file inclusion vulnerability in admin.remository.php in the ...)
	NOT-FOR-US: Remository Component (com_remository) for Mambo and Joomla!
CVE-2006-4129 (PHP remote file inclusion vulnerability in admin.webring.docs.php in t ...)
	NOT-FOR-US: Webring Component (com_webring) for Joomla!
CVE-2006-4128 (Multiple heap-based buffer overflows in Symantec VERITAS Backup Exec f ...)
	NOT-FOR-US: Symantec VERITAS
CVE-2006-4127 (Multiple format string vulnerabilities in DConnect Daemon 0.7.0 and ea ...)
	NOT-FOR-US: DConnect Daemon (dcd)
CVE-2006-4126 (The dc_chat function in cmd.dc.c in DConnect Daemon 0.7.0 and earlier  ...)
	NOT-FOR-US: DConnect Daemon (dcd)
CVE-2006-4125 (Stack-based buffer overflow in main.c in DConnect Daemon 0.7.0 and ear ...)
	NOT-FOR-US: DConnect Daemon (dcd)
CVE-2006-4124 (The libXm library in LessTif 0.95.0 and earlier allows local users to  ...)
	- lesstif2 1:0.94.4-1 (bug #382411; medium)
CVE-2006-4123 (PHP remote file inclusion vulnerability in boitenews4/index.php in Boi ...)
	NOT-FOR-US: Boite de News
CVE-2006-4122 (Simple one-file guestbook 1.0 and earlier allows remote attackers to b ...)
	NOT-FOR-US: Simple one-file guestbook
CVE-2006-4121 (PHP remote file inclusion vulnerability in owimg.php3 in See-Commerce  ...)
	NOT-FOR-US: See-Commerce
CVE-2006-4120 (Cross-site scripting (XSS) vulnerability in the Recipe module (recipe. ...)
	NOT-FOR-US: Recipe module (recipe.module) for Drupal
CVE-2006-4119 (SQL injection vulnerability in gc.php in GeheimChaos 0.5 and earlier a ...)
	NOT-FOR-US: GeheimChaos
CVE-2006-4118 (Multiple SQL injection vulnerabilities in GeheimChaos 0.5 and earlier  ...)
	NOT-FOR-US: GeheimChaos
CVE-2006-4117 (The squeue_drain function in Sun Solaris 10, possibly only when run on ...)
	NOT-FOR-US: Solaris
CVE-2006-4116 (Multiple stack-based buffer overflows in Lhaz before 1.32 allow user-a ...)
	NOT-FOR-US: Lhaz
CVE-2006-4115 (PHP remote file inclusion vulnerability in common.inc.php in PgMarket  ...)
	NOT-FOR-US: PgMarket
CVE-2006-4114 (SQL injection vulnerability in view_com.php in Nicolas Grandjean PHPMy ...)
	NOT-FOR-US: PHPMyRing
CVE-2006-4113 (PHP remote file inclusion vulnerability in genpage-cgi.php in Brian Fr ...)
	NOT-FOR-US: hitweb
CVE-2006-4112 (Unspecified vulnerability in the "dependency resolution mechanism" in  ...)
	- rails 1.1.6-1 (bug #382255; medium)
CVE-2006-4111 (Ruby on Rails before 1.1.5 allows remote attackers to execute Ruby cod ...)
	- rails 1.1.5-1 (bug #382255; medium)
CVE-2006-4110 (Apache 2.2.2, when running on Windows, allows remote attackers to read ...)
	- apache2 <not-affected> (Affects Apache on Windows only)
CVE-2006-4109 (Cross-site scripting (XSS) vulnerability in Bibliography (biblio.modul ...)
	NOT-FOR-US: Bibliography (biblio.module) for Drupal
CVE-2006-4108 (SQL injection vulnerability in Bibliography (biblio.module) 4.6 before ...)
	NOT-FOR-US: Bibliography (biblio.module) for Drupal
CVE-2006-4107 (SQL injection vulnerability in the Job Search module (job.module) 4.6  ...)
	NOT-FOR-US: Job Search module (job.module) for Drupal
CVE-2006-4106 (Cross-site scripting (XSS) vulnerability in blursoft blur6ex 0.3 allow ...)
	NOT-FOR-US: blur6ex
CVE-2006-4105 (Cross-site scripting (XSS) vulnerability in Fill Threads Database (FTD ...)
	NOT-FOR-US: Fill Threads Database
CVE-2006-4104 (Cross-site scripting (XSS) vulnerability in admin.cgi in mojoscripts.c ...)
	NOT-FOR-US: mojoGallery
CVE-2006-4103 (PHP remote file inclusion vulnerability in article-raw.php in Jason Al ...)
	NOT-FOR-US: phNNTP
CVE-2006-4102 (PHP remote file inclusion vulnerability in tpl.inc.php in Falko Timme  ...)
	NOT-FOR-US: SQLiteWebAdmin
CVE-2006-4101
	RESERVED
CVE-2006-4100
	RESERVED
CVE-2006-4099 (Business Objects Crystal Enterprise 9 and 10 generates predictable ses ...)
	NOT-FOR-US: Business Objects
CVE-2006-4098 (Stack-based buffer overflow in the CSRadius service in Cisco Secure Ac ...)
	NOT-FOR-US: Cisco
CVE-2006-4097 (Multiple unspecified vulnerabilities in the CSRadius service in Cisco  ...)
	NOT-FOR-US: Cisco
CVE-2006-4096 (BIND before 9.2.6-P1 and 9.3.x before 9.3.2-P1 allows remote attackers ...)
	{DSA-1172-1}
	- bind <not-affected> (Not vulnerable according to CERT advisory)
	- bind9 1:9.3.2-P1-1 (medium; bug #386245; bug #386237)
CVE-2006-4095 (BIND before 9.2.6-P1 and 9.3.x before 9.3.2-P1 allows remote attackers ...)
	{DSA-1172-1}
	- bind <not-affected> (Not vulnerable according to CERT advisory)
	- bind9 1:9.3.2-P1-1 (medium; bug #386245; bug #386237)
CVE-2006-4094
	RESERVED
CVE-2006-4093 (Linux kernel 2.x.6 before 2.6.17.9 and 2.4.x before 2.4.33.1 on PowerP ...)
	{DSA-1184-2 DSA-1237}
	- linux-2.6 2.6.17-7
CVE-2006-4092 (Simpliciti Locked Browser does not properly limit a user's actions to  ...)
	NOT-FOR-US: Simpliciti Locked Browser
CVE-2006-4091 (Multiple cross-site scripting (XSS) vulnerabilities in Archangel Manag ...)
	NOT-FOR-US: Archangel Weblog
CVE-2006-4090 (Cross-site scripting (XSS) vulnerability in Webligo BlogHoster 2.2 all ...)
	NOT-FOR-US: Webligo BlogHoster
CVE-2006-4089 (Multiple buffer overflows in Andy Lo-A-Foe AlsaPlayer 0.99.76 and earl ...)
	{DSA-1179-1}
	- alsaplayer 0.99.76-9 (medium; bug #382842)
CVE-2006-4088 (Multiple cross-site scripting (XSS) vulnerabilities in CivicSpace 0.8. ...)
	NOT-FOR-US: CivicSpace
CVE-2006-4087 (Cross-site scripting (XSS) vulnerability in admin.cgi in mojoscripts.c ...)
	NOT-FOR-US: mojoGallery
CVE-2006-4086 (Cross-site scripting (XSS) vulnerability in index.php in Elaine Aquino ...)
	NOT-FOR-US: Online Zone Journals (OZJournals)
CVE-2006-4085 (PHP remote file inclusion vulnerability in Olaf Noehring The Search En ...)
	NOT-FOR-US: The Search Engine Project (TSEP)
CVE-2006-4084 (Unspecified vulnerability in phpAutoMembersArea (phpAMA) before 3.2.4  ...)
	NOT-FOR-US: phpAutoMembersArea (phpAMA)
CVE-2006-4083 (PHP remote file inclusion vulnerability in viewevent.php in myWebland  ...)
	NOT-FOR-US: myEvent
CVE-2006-4082 (Barracuda Spam Firewall (BSF), possibly 3.3.03.053, contains a hardcod ...)
	NOT-FOR-US: Barracuda Spam Firewall
CVE-2006-4081 (preview_email.cgi in Barracuda Spam Firewall (BSF) 3.3.01.001 through  ...)
	NOT-FOR-US: Barracuda Spam Firewall
CVE-2006-4080 (DeluxeBB 1.08, and possibly earlier, uses cookies that include the MD5 ...)
	NOT-FOR-US: DeluxeBB
CVE-2006-4079 (Cross-site scripting (XSS) vulnerability in newpost.php in DeluxeBB 1. ...)
	NOT-FOR-US: DeluxeBB
CVE-2006-4078 (pm.php (aka the PM system) in DeluxeBB 1.08, and possibly earlier, all ...)
	NOT-FOR-US: DeluxeBB
CVE-2006-4077 (PHP remote file inclusion vulnerability in CheckUpload.php in Vincenzo ...)
	NOT-FOR-US: Comet WebFileManager
CVE-2006-4076 (Multiple PHP remote file inclusion vulnerabilities in Wim Fleischhauer ...)
	NOT-FOR-US: docpile: wim's edition
CVE-2006-4075 (Multiple PHP remote file inclusion vulnerabilities in Wim Fleischhauer ...)
	NOT-FOR-US: docpile: wim's edition
CVE-2006-4074 (PHP remote file inclusion vulnerability in lib/tpl/default/main.php in ...)
	NOT-FOR-US: JD-Wiki Component (com_jd-wiki) for Joomla!
CVE-2006-4073 (Multiple PHP remote file inclusion vulnerabilities in Fabian Hainz php ...)
	NOT-FOR-US: phpCC
CVE-2006-4072 (Multiple SQL injection vulnerabilities in Club-Nuke [XP] 2.0 LCID 2048 ...)
	NOT-FOR-US: Club-Nuke [XP]
CVE-2006-4144 (Integer overflow in the ReadSGIImage function in sgi.c in ImageMagick  ...)
	{DSA-1213}
	- imagemagick 7:6.2.4.5.dfsg1-0.10 (medium; bug #383314)
	- graphicsmagick 1.1.7-7 (medium; bug #383333)
CVE-2006-XXXX [crash in the certificate verification logic]
	NOTE: GNUTLS-SA-2006-2
	- gnutls11 <removed> (unimportant)
	- gnutls12 1.2.11-3 (unimportant)
	- gnutls13 1.4.2-1 (unimportant)
	NOTE: Normal bug, no reliable denial of service potential
CVE-2006-4071 (Sign extension vulnerability in the createBrushIndirect function in th ...)
	NOT-FOR-US: Microsoft
CVE-2006-4070 (Format string vulnerability in Imendio Planner 0.13 allows user-assist ...)
	NOT-FOR-US: Imendio Planner
CVE-2006-4069 (Multiple cross-site scripting (XSS) vulnerabilities in Elaine Aquino O ...)
	NOT-FOR-US: Online Zone Journals (OZJournals)
CVE-2006-4068 (The pswd.js script relies on the client to calculate whether a usernam ...)
	NOT-FOR-US: pswd.js
CVE-2006-4067 (Cross-site scripting (XSS) vulnerability in cake/libs/error.php in Cak ...)
	- cakephp 1.1.13.4450-1
CVE-2006-4066 (The Graphical Device Interface Plus library (gdiplus.dll) in Microsoft ...)
	NOT-FOR-US: Microsoft
CVE-2006-4065 (Multiple PHP remote file inclusion vulnerabilities in Dmitry Sheiko SA ...)
	NOT-FOR-US: SAPID Gallery
CVE-2006-4064 (SQL injection vulnerability in default.asp in YenerTurk Haber Script 1 ...)
	NOT-FOR-US: YenerTurk Haber Script
CVE-2006-4063 (Multiple PHP remote file inclusion vulnerabilities in Csaba Godor SAPI ...)
	NOT-FOR-US: SAPID Blog
CVE-2006-4062 (PHP remote file inclusion vulnerability in usr/extensions/get_tree.inc ...)
	NOT-FOR-US: SAPID Shop
CVE-2006-4061
	NOT-FOR-US: phpPrintAnalyzer
CVE-2006-4060 (PHP remote file inclusion vulnerability in calendar.php in Visual Even ...)
	NOT-FOR-US: Visual Events Calendar
CVE-2006-4059 (Multiple PHP remote file inclusion vulnerabilities in USOLVED NEWSolve ...)
	NOT-FOR-US: USOLVED NEWSolved Lite
CVE-2006-4058 (Cross-site scripting (XSS) vulnerability in archive.php in Simplog 0.9 ...)
	NOT-FOR-US: Simplog
CVE-2006-4057 (Buffer overflow in the preview_create function in gui.cpp in Mitch Mur ...)
	NOT-FOR-US: Eremove
CVE-2006-4056 (Multiple SQL injection vulnerabilities in the authentication process i ...)
	NOT-FOR-US: katzlbt The Address Book
CVE-2006-4055 (Multiple PHP remote file inclusion vulnerabilities in Olaf Noehring Th ...)
	NOT-FOR-US: The Search Engine Project (TSEP)
CVE-2006-4054 (Multiple PHP remote file inclusion vulnerabilities in ME Download Syst ...)
	NOT-FOR-US: ME Download System
CVE-2006-4053 (PHP remote file inclusion vulnerability in templates/header.php in ME  ...)
	NOT-FOR-US: ME Download System
CVE-2006-4052 (Multiple PHP remote file inclusion vulnerabilities in Turnkey Web Tool ...)
	NOT-FOR-US: Turnkey Web Tools PHP Simple Shop
CVE-2006-4051 (PHP remote file inclusion vulnerability in global.php in Turnkey Web T ...)
	NOT-FOR-US: Turnkey Web Tools PHP Live Helper
CVE-2006-4050 (PHP remote file inclusion vulnerability in auto_check_renewals.php in  ...)
	NOT-FOR-US: phpAutoMembersArea (phpAMA)
CVE-2006-4049 (Unspecified vulnerability in the utxconfig utility in Sun Ray Server S ...)
	NOT-FOR-US: Sun
CVE-2006-4048 (Netious CMS 0.4 initializes session IDs based on the client IP address ...)
	NOT-FOR-US: Netious CMS
CVE-2006-4047 (SQL injection vulnerability in index.php in Netious CMS 0.4 and earlie ...)
	NOT-FOR-US: Netious CMS
CVE-2006-4045 (PHP remote file inclusion vulnerability in news.php in Torbstoff News  ...)
	NOT-FOR-US: Torbstoff News
CVE-2006-4044 (PHP remote file inclusion vulnerability in Beautifier/Core.php in Brad ...)
	NOT-FOR-US: phpCodeCabinet
CVE-2006-4043 (index.php in myWebland myBloggie 2.1.4 and earlier allows remote attac ...)
	NOT-FOR-US: myWebland myBloggie
CVE-2006-4042 (Multiple SQL injection vulnerabilities in trackback.php in myWebland m ...)
	NOT-FOR-US: myWebland myBloggie
CVE-2006-4041 (SQL injection vulnerability in Pike before 7.6.86, when using a Postgr ...)
	- pike7.6 7.6.86-1
	[sarge] - pike7.6 <unfixed> (unimportant; bug #382607; bug #383766)
	[sarge] - pike7.2 <unfixed> (unimportant; bug #382607; bug #383766)
	NOTE: No applications using pike+postgres in Sarge, fix provides
	NOTE: new functions for proper quoting
CVE-2006-4040 (PHP remote file inclusion vulnerability in myevent.php in myWebland my ...)
	NOT-FOR-US: myWebland myEvent
CVE-2006-4039 (Multiple SQL injection vulnerabilities in eintragen.php in GaesteChaos ...)
	NOT-FOR-US: GaesteChaos
CVE-2006-4038 (Multiple cross-site scripting (XSS) vulnerabilities in eintragen.php i ...)
	NOT-FOR-US: GaesteChaos
CVE-2006-4037 (Unspecified vulnerability in Fenestrae Faxination Server allows remote ...)
	NOT-FOR-US: Fenestrae Faxination Server
CVE-2006-4036 (PHP remote file inclusion vulnerability in includes/usercp_register.ph ...)
	NOT-FOR-US: ZoneX Publishers
CVE-2006-4035 (SQL injection vulnerability in counterchaos.php in CounterChaos 0.48c  ...)
	NOT-FOR-US: CounterChaos
CVE-2006-4034 (PHP remote file inclusion vulnerability in include/html/config.php in  ...)
	NOT-FOR-US: ModernGigabyte ModernBill
CVE-2006-4033 (Heap-based buffer overflow in Lhaplus.exe in Lhaplus 1.52, and possibl ...)
	NOT-FOR-US: Lhaplus
CVE-2006-4032 (Unspecified vulnerability in Cisco IOS CallManager Express (CME) allow ...)
	NOT-FOR-US: Cisco
CVE-2006-4031 (MySQL 4.1 before 4.1.21 and 5.0 before 5.0.24 allows a local user to a ...)
	- mysql-dfsg-5.0 5.0.24-1 (bug #382415; low)
	- mysql-dfsg <removed> (bug #380271; low)
	[sarge] - mysql-dfsg-4.1 <no-dsa> (Now documented design error, no real fix feasible)
	[sarge] - mysql-dfsg <no-dsa> (Now documented design error, no real fix feasible)
CVE-2006-4030 (Unspecified vulnerability in the stats module in Gallery 1.5.1-RC2 and ...)
	{DSA-1148-1}
	- gallery 1.5.3-1
	- gallery2 <not-affected> (vulnerable code not present)
CVE-2006-4029 (Stack-based buffer overflow in sipd.dll in AGEphone 1.24 and 1.38.1 al ...)
	NOT-FOR-US: AGEphone
CVE-2006-4028 (Multiple unspecified vulnerabilities in WordPress before 2.0.4 have un ...)
	- wordpress 2.0.4-1
CVE-2006-4027
	RESERVED
CVE-2006-XXXX [realtime-lsm-source: wrong permissions might lead to local root]
	- realtime-lsm 0.8.7-2 (bug #382161; low)
	[sarge] - realtime-lsm <not-affected>
	NOTE: only to user 1017 or group 1001 and only while root is building the module
CVE-2006-4026 (PHP remote file inclusion vulnerability in SAPID CMS 123 rc3 allows re ...)
	NOT-FOR-US: SAPID CMS
CVE-2006-4025 (SQL injection vulnerability in profile.php in XennoBB 2.1.0 and earlie ...)
	NOT-FOR-US: XennoBB
CVE-2006-4024 (The FESTAHES_Load function in pce/hes.c in Festalon 0.5.0 through 0.5. ...)
	- festalon <not-affected> (vuln. code introduced in 0.5.0)
CVE-2006-4023 (The ip2long function in PHP 5.1.4 and earlier may incorrectly validate ...)
	- php5 <removed> (unimportant; bug #382257)
	- php4 <removed> (unimportant; bug #382270)
	NOTE: Not every lack of protection of programmer's flaws is a vulnerability
	NOTE: See notes by Sean for details
	NOTE: > the entry states that this is more likely a bug in any
	NOTE: > applications not performing further validation/sanitizing,
	NOTE: > and i tend to agree based on the php.net documentation, which
	NOTE: > states: "ip2long() should not be used as the sole form of IP
	NOTE: > validation. Combine it with long2ip()".
CVE-2006-4022 (Intel 2100 PRO/Wireless Network Connection driver PROSet before 7.1.4. ...)
	NOT-FOR-US: Intel Windows driver
CVE-2006-4021 (The cryptographic module in ScatterChat 1.0.x allows attackers to iden ...)
	NOT-FOR-US: ScatterChat
CVE-2006-4020 (scanf.c in PHP 5.1.4 and earlier, and 4.4.3 and earlier, allows contex ...)
	- php5 5.1.6-1 (unimportant; bug #382256; bug #382262)
	- php4 4:4.4.4-1 (unimportant; bug #382261)
	NOTE: Only exploitable by malicious, local user
CVE-2006-4019 (Dynamic variable evaluation vulnerability in compose.php in SquirrelMa ...)
	{DSA-1154}
	- squirrelmail 2:1.4.8-1 (bug #382621)
CVE-2006-4018 (Heap-based buffer overflow in the pefromupx function in libclamav/upx. ...)
	{DSA-1153}
	- clamav 0.88.4-1 (high; bug #382004; bug #382007)
CVE-2006-4017 (Cross-site scripting (XSS) vulnerability in the search module in Inter ...)
	NOT-FOR-US: Inter Network Marketing (INM) CMS G3
CVE-2006-4016 (Cross-site scripting (XSS) vulnerability in /toendaCMS in toendaCMS st ...)
	NOT-FOR-US: toendaCMS
CVE-2006-4015 (Hewlett-Packard (HP) ProCurve 3500yl, 6200yl, and 5400zl switches with ...)
	NOT-FOR-US: Hewlett-Packard
CVE-2006-4014 (Symantec Brightmail AntiSpam (SBAS) before 6.0.4, when the Control Cen ...)
	NOT-FOR-US: Symantec
CVE-2006-4013 (Multiple directory traversal vulnerabilities in Symantec Brightmail An ...)
	NOT-FOR-US: Symantec
CVE-2006-4012 (Multiple PHP remote file inclusion vulnerabilities in circeOS SaveWeb  ...)
	NOT-FOR-US: circeOS SaveWeb
CVE-2006-4011 (PHP remote file inclusion vulnerability in esupport/admin/autoclose.ph ...)
	NOT-FOR-US: Kayako eSupport
CVE-2006-4010 (SQL injection vulnerability in war.php in Virtual War (Vwar) 1.5.0 and ...)
	NOT-FOR-US: Virtual War
CVE-2006-4009 (Cross-site scripting (XSS) vulnerability in war.php in Virtual War (Vw ...)
	NOT-FOR-US: Virtual War
CVE-2006-4008 (PHP remote file inclusion vulnerability in index.php in Knusperleicht  ...)
	NOT-FOR-US: Knusperleicht Guestbook
CVE-2006-4007 (PHP remote file inclusion vulnerability in index.php in Knusperleicht  ...)
	NOT-FOR-US: Knusperleicht Faq
CVE-2006-4006 (The do_gameinfo function in BomberClone 0.11.6 and earlier, and possib ...)
	{DSA-1180-1}
	- bomberclone 0.11.7-1 (bug #382082; medium)
CVE-2006-4005 (BomberClone 0.11.6 and earlier allows remote attackers to cause a deni ...)
	{DSA-1180-1}
	- bomberclone 0.11.7-1 (bug #382082; medium)
CVE-2006-4004 (Directory traversal vulnerability in index.php in vbPortal 3.0.2 throu ...)
	NOT-FOR-US: vbPortal
CVE-2006-4003 (The config method in Henrik Storner Hobbit monitor before 4.1.2p2 perm ...)
	NOT-FOR-US: Henrik Storner Hobbit monitor
CVE-2006-4002 (Cross-site scripting (XSS) vulnerability in user.module in Drupal 4.6  ...)
	{DSA-1147-1}
	- drupal 4.5.8-2 (bug #382087; medium)
CVE-2006-4001 (Login.pm in Barracuda Spam Firewall (BSF) 3.3.01.001 through 3.3.03.05 ...)
	NOT-FOR-US: Barracuda Spam Firewall
CVE-2006-4000 (Directory traversal vulnerability in cgi-bin/preview_email.cgi in Barr ...)
	NOT-FOR-US: Barracuda Spam Firewall
CVE-2006-3999 (ISS BlackICE PC Protection 3.6.cpj, 3.6.cpiE, and possibly earlier ver ...)
	NOT-FOR-US: ISS BlackICE
CVE-2006-3998 (PHP remote file inclusion vulnerability in conf.php in WoWRoster (aka  ...)
	NOT-FOR-US: WoWRoster
CVE-2006-3997 (PHP remote file inclusion vulnerability in hsList.php in WoWRoster (ak ...)
	NOT-FOR-US: WoWRoster
CVE-2006-3996 (SQL injection vulnerability in links/index.php in ATutor 1.5.3.1 and e ...)
	NOT-FOR-US: ATutor
CVE-2006-3995 (Multiple PHP remote file inclusion vulnerabilities in (1) uhp_config.p ...)
	NOT-FOR-US: UHP (User Home Pages) 0.5 component (aka com_uhp) for Mambo
CVE-2006-3994 (SQL injection vulnerability in the u2u_send_recp function in u2u.inc.p ...)
	NOT-FOR-US: XMB (aka extreme message board)
CVE-2006-3993 (PHP remote file inclusion vulnerability in copyright.php in Olaf Noehr ...)
	NOT-FOR-US: The Search Engine Project
CVE-2006-3992 (Unspecified vulnerability in the Centrino (1) w22n50.sys, (2) w22n51.s ...)
	NOT-FOR-US: Intel
CVE-2006-3991 (PHP remote file inclusion vulnerability in index.php in Vlad Vostrykh  ...)
	NOT-FOR-US: Voodoo chat
CVE-2006-3990 (Multiple PHP remote file inclusion vulnerabilities in Paul M. Jones Sa ...)
	- egroupware <not-affected>
	NOTE: According to upstream egroupware is not affected, see #382207
CVE-2006-3989 (PHP remote file inclusion vulnerability in index.php in Knusperleicht  ...)
	NOT-FOR-US: Knusperleicht
CVE-2006-3988 (PHP remote file inclusion vulnerability in index.php in Knusperleicht  ...)
	NOT-FOR-US: Knusperleicht
CVE-2006-3987 (Multiple PHP remote file inclusion vulnerabilities in index.php in Knu ...)
	NOT-FOR-US: Knusperleicht
CVE-2006-3986 (PHP remote file inclusion vulnerability in index.php in Knusperleicht  ...)
	NOT-FOR-US: Knusperleicht
CVE-2006-3985 (Stack-based buffer overflow in DZIPS32.DLL 6.0.0.4 in ConeXware PowerA ...)
	NOT-FOR-US: ConeXware
CVE-2006-3984 (PHP remote file inclusion vulnerability in phpAdsNew/view.inc.php in A ...)
	NOT-FOR-US: Phpauction
CVE-2006-3983 (PHP remote file inclusion vulnerability in editprofile.php in php(Reac ...)
	NOT-FOR-US: php(Reactor)
CVE-2006-3982 (PHP remote file inclusion vulnerability in quickie.php in Knusperleich ...)
	NOT-FOR-US: Knusperleicht
CVE-2006-3981 (PHP remote file inclusion vulnerability in about.mgm.php in Mambo Gall ...)
	NOT-FOR-US: Mambo Gallery Manager for Mambo
CVE-2006-3980 (PHP remote file inclusion vulnerability in administrator/components/co ...)
	NOT-FOR-US: Mambo Gallery Manager for Mambo
CVE-2006-3979 (The AdminAPI of ColdFusion MX 7 allows attackers to bypass authenticat ...)
	NOT-FOR-US: ColdFusion MX
CVE-2006-3978 (Unspecified vulnerability in a Verity third party library, as used on  ...)
	NOT-FOR-US: Adobe ColdFusion MX
CVE-2006-3977 (Unspecified vulnerability in CA eTrust Antivirus WebScan before 1.1.0. ...)
	NOT-FOR-US: CA eTrust Antivirus WebScan
CVE-2006-3976 (Unspecified vulnerability in CA eTrust Antivirus WebScan before 1.1.0. ...)
	NOT-FOR-US: CA eTrust Antivirus WebScan
CVE-2006-3975 (Unspecified vulnerability in CA eTrust Antivirus WebScan allows remote ...)
	NOT-FOR-US: CA eTrust Antivirus WebScan
CVE-2006-3974 (Cross-site scripting (XSS) vulnerability in cgi-bin/admin in 3Com Offi ...)
	NOT-FOR-US: 3Com
CVE-2006-3973 (My Firewall Plus 5.0 Build 1119 does not verify if explorer.exe is run ...)
	NOT-FOR-US: My Firewall Plus
CVE-2006-3972 (Directory traversal vulnerability in includes/operator_chattranscript. ...)
	NOT-FOR-US: Ajax Chat
CVE-2006-3971 (Cross-site scripting (XSS) vulnerability in visitor/livesupport/chat.p ...)
	NOT-FOR-US: Ajax Chat
CVE-2006-XXXX [Buffer overflow in XML::Parser::Expat triggered by utf8]
	- libxml-parser-perl 2.34-4.2 (bug #378411; medium)
CVE-2006-XXXX [Buffer overflow in XML::Parser::Expat triggered by deep nesting]
	- libxml-parser-perl 2.34-4.1 (bug #378412; medium)
CVE-2006-3970 (PHP remote file inclusion vulnerability in lmo.php in the LMO Componen ...)
	NOT-FOR-US: LMO for joomla
CVE-2006-3969 (PHP remote file inclusion vulnerability in administrator/components/co ...)
	NOT-FOR-US: Colophon for joomla
CVE-2006-3968 (The crypto provider in Sun Solaris 10 3/05 HW2 without patch 121236-01 ...)
	NOT-FOR-US: Solaris
CVE-2006-3967 (PHP remote file inclusion vulnerability in component/option,com_moskoo ...)
	NOT-FOR-US: moskool
CVE-2006-3966 (PHP remote file inclusion vulnerability in /lib/tree/layersmenu.inc.ph ...)
	NOT-FOR-US: MyNewsGroups
CVE-2006-3965 (Banex PHP MySQL Banner Exchange 2.21 stores lib.inc under the web docu ...)
	NOT-FOR-US: Banex PHP MySQL Banner Exchange
CVE-2006-3964 (PHP remote file inclusion vulnerability in members.php in Banex PHP My ...)
	NOT-FOR-US: Banex PHP MySQL Banner Exchange
CVE-2006-3963 (Multiple SQL injection vulnerabilities in Banex PHP MySQL Banner Excha ...)
	NOT-FOR-US: Banex PHP MySQL Banner Exchange
CVE-2006-3962 (PHP remote file inclusion vulnerability in administrator/components/co ...)
	NOT-FOR-US: com_bayesiannaivefilter for mambo
CVE-2006-3961 (Buffer overflow in McSubMgr ActiveX control (mcsubmgr.dll) in McAfee S ...)
	NOT-FOR-US: McAfee
CVE-2006-3960 (SQL injection vulnerability in top.php in X-Scripts X-Poll, probably 2 ...)
	NOT-FOR-US: X-Scripts X-Poll
CVE-2006-3959 (SQL injection vulnerability in protect.php in X-Scripts X-Protection 1 ...)
	NOT-FOR-US: X-Scripts X-Protection
CVE-2006-3958 (Multiple unspecified cross-site scripting (XSS) vulnerabilities in Tas ...)
	NOT-FOR-US: Taskjitsu
CVE-2006-3957 (PHP remote file inclusion vulnerability in payment.php in BosDev BosDa ...)
	NOT-FOR-US: BosDates
CVE-2006-3956 (Multiple cross-site scripting (XSS) vulnerabilities in contact.php in  ...)
	NOT-FOR-US: Advanced Webhost Billing System
CVE-2006-3955 (Multiple PHP remote file inclusion vulnerabilities in MiniBB Forum 1.5 ...)
	NOT-FOR-US: MiniBB Forum
CVE-2006-3954 (Directory traversal vulnerability in usercp.php in MyBB (aka MyBulleti ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2006-3953 (Cross-site scripting (XSS) vulnerability in usercp.php in MyBB (aka My ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2006-3952 (Stack-based buffer overflow in EFS Software Easy File Sharing FTP Serv ...)
	NOT-FOR-US: EFS Software Easy File Sharing FTP
CVE-2006-3951 (PHP remote file inclusion vulnerability in moodle.php in Mam-moodle al ...)
	NOT-FOR-US: Mam-moodle alpha component (com_moodle) for Mambo
CVE-2006-3950 (SQL injection vulnerability in x-statistics.php in X-Scripts X-Statist ...)
	NOT-FOR-US: X-Statistics
CVE-2006-3949 (PHP remote file inclusion vulnerability in artlinks.dispnew.php in the ...)
	NOT-FOR-US: com_artlinks for Mambo
CVE-2006-3948 (Cross-site scripting (XSS) vulnerability in modules.php in PHP-Nuke IN ...)
	NOT-FOR-US: php-nuke
CVE-2006-3947 (PHP remote file inclusion vulnerability in components/com_mambatstaff/ ...)
	NOT-FOR-US: Mambatstaff
CVE-2006-3946 (WebCore in Apple Mac OS X 10.3.9 and 10.4 through 10.4.7 allows remote ...)
	NOT-FOR-US: Apple Safari 2.0.4
	NOTE: konqueror 3.5.x is not affected
	NOTE: PoC http://web.archive.org/web/20130701013045/http://browserfun.blogspot.com/2006/07/mobb-31-safari-khtmlparserpoponeblock.html
CVE-2006-3945 (The CSS functionality in Opera 9 on Windows XP SP2 allows remote attac ...)
	NOT-FOR-US: Opera
CVE-2006-3944 (Microsoft Internet Explorer 6 on Windows XP SP2 allows remote attacker ...)
	NOT-FOR-US: Microsoft
CVE-2006-3943 (Stack-based buffer overflow in NDFXArtEffects in Microsoft Internet Ex ...)
	NOT-FOR-US: Microsoft
CVE-2006-3942 (The server driver (srv.sys) in Microsoft Windows NT 4.0, 2000, XP, and ...)
	NOT-FOR-US: Microsoft
CVE-2006-3941 (Unspecified vulnerability in the daemons for Sun N1 Grid Engine 5.3 an ...)
	NOT-FOR-US: N1 Grid Engine
CVE-2006-3940 (Multiple SQL injection vulnerabilities in phpbb-Auction allow remote a ...)
	NOT-FOR-US: phpbb-Auction
CVE-2006-3939 (ScriptsCenter ezUpload Pro 2.2.0 allows remote attackers to perform ad ...)
	NOT-FOR-US: ScriptsCenter ezUpload Pro
CVE-2006-3938 (DotClear allows remote attackers to obtain sensitive information via a ...)
	NOT-FOR-US: DotClear
CVE-2006-3937 (post.php in x_atrix xGuestBook 1.02 allows remote attackers to obtain  ...)
	NOT-FOR-US: x_atrix xGuestBook
CVE-2006-3936 (system/workplace/editors/editor.jsp in Alkacon OpenCms before 6.2.2 al ...)
	NOT-FOR-US: Alkacon OpenCms
CVE-2006-3935 (system/workplace/views/admin/admin-main.jsp in Alkacon OpenCms before  ...)
	NOT-FOR-US: Alkacon OpenCms
CVE-2006-3934 (Absolute path traversal vulnerability in downloadTrigger.jsp in Alkaco ...)
	NOT-FOR-US: Alkacon OpenCms
CVE-2006-3933 (Cross-site scripting (XSS) vulnerability in Alkacon OpenCms before 6.2 ...)
	NOT-FOR-US: OpenCms
CVE-2006-3932 (SQL injection vulnerability in links.php in Gonafish LinksCaffe 3.0 al ...)
	NOT-FOR-US: LinksCaffe
CVE-2006-3931 (Buffer overflow in the daemon function in midirecord.cc in Tuomas Aira ...)
	NOT-FOR-US: Midirecord
CVE-2006-3930 (PHP remote file inclusion vulnerability in admin.a6mambohelpdesk.php i ...)
	NOT-FOR-US: a6mambohelpdesk Mambo Component 18RC1
CVE-2006-3929 (Cross-site scripting (XSS) vulnerability in the Forms/rpSysAdmin scrip ...)
	NOT-FOR-US: Zyxel
CVE-2006-3928 (PHP remote file inclusion vulnerability in index.php in WMNews 0.2a an ...)
	NOT-FOR-US: WMNews
CVE-2006-3927 (Cross-site scripting (XSS) vulnerability in auctionsearch.php in PhpPr ...)
	NOT-FOR-US: PhpProBid
CVE-2006-3926 (Multiple SQL injection vulnerabilities in PhpProBid 5.24 allow remote  ...)
	NOT-FOR-US: PhpProBid
CVE-2006-3925 (Stack-based buffer overflow in ITIRecorder.MicRecorder ActiveX control ...)
	NOT-FOR-US: ITIRecorder.MicRecorder ActiveX control
CVE-2006-3924 (Multiple cross-site scripting (XSS) vulnerabilities in Dokeos before 1 ...)
	NOT-FOR-US: Dokeos
CVE-2006-3923 (Cross-site scripting (XSS) vulnerability in add.php in Fire-Mouse Topl ...)
	NOT-FOR-US: Fire-Mouse Toplist
CVE-2006-3922 (PHP remote file inclusion vulnerability in mod_membre/inscription.php  ...)
	NOT-FOR-US: PortailPHP
CVE-2006-3921 (Sun Java System Application Server (SJSAS) 7 through 8.1 and Web Serve ...)
	NOT-FOR-US: Sun Java System Application Server
CVE-2006-3920 (The TCP implementation in Sun Solaris 8, 9, and 10 before 20060726 all ...)
	NOT-FOR-US: Sun Solaris
CVE-2006-3919 (SQL injection vulnerability in index.php in SD Studio CMS allows remot ...)
	NOT-FOR-US: SD Studio CMS
CVE-2006-3918 (http_protocol.c in (1) IBM HTTP Server 6.0 before 6.0.2.13 and 6.1 bef ...)
	{DSA-1167-1}
	- apache2 2.0.55-4.1 (bug #381376; low)
	[sarge] - apache2 2.0.54-5sarge2
	- apache 1.3.34-3 (bug #381381; medium)
CVE-2006-3917 (PHP remote file inclusion vulnerability in inc/gabarits.php in R. Cors ...)
	NOT-FOR-US: PHP Forge
CVE-2006-3916 (Cross-site scripting (XSS) vulnerability in snews.php in sNews (aka So ...)
	NOT-FOR-US: Solucija News
CVE-2006-3915 (Microsoft Internet Explorer 6 on Windows XP SP2 allows remote attacker ...)
	NOT-FOR-US: Microsoft
CVE-2006-3914 (Cross-site scripting (XSS) vulnerability in Blackboard Academic Suite  ...)
	NOT-FOR-US: Academic Suite
CVE-2006-3913 (Buffer overflow in Freeciv 2.1.0-beta1 and earlier, and SVN 15 Jul 200 ...)
	{DSA-1142-1}
	- freeciv 2.0.8-3 (bug #381378; medium)
CVE-2006-3912 (Stack-based buffer overflow in the SFX module in WinRAR before 3.60 be ...)
	NOT-FOR-US: WinRAR
CVE-2006-3911 (PHP remote file inclusion vulnerability in OSI Codes PHP Live! 3.2.1 a ...)
	NOT-FOR-US: PHP Live
CVE-2006-3910 (Internet Explorer 6 on Windows XP SP2, when Outlook is installed, allo ...)
	NOT-FOR-US: Microsoft
CVE-2006-3909 (Cross-site scripting (XSS) vulnerability in calendar.php in WWWthreads ...)
	NOT-FOR-US: WWWthreads
CVE-2006-3908 (Format string vulnerability in the flush_output function in ConsoleStr ...)
	- gnelib 0.75+svn20091130-1
	NOTE: issue was fixed back in 2006 but there hasn't been any
	NOTE: release since 0.70 which is affected
CVE-2006-3907 (Siemens SpeedStream 2624 allows remote attackers to cause a denial of  ...)
	NOT-FOR-US: Siemens
CVE-2006-3906 (Internet Key Exchange (IKE) version 1 protocol, as implemented on Cisc ...)
	NOT-FOR-US: Cisco
CVE-2006-3905 (SQL injection vulnerability in Webland MyBloggie 2.1.3 allows remote a ...)
	NOT-FOR-US: Webland MyBloggie
CVE-2006-3904 (SQL injection vulnerability in manager/index.php in Etomite CMS 0.6.1  ...)
	NOT-FOR-US: Etomite CMS
CVE-2006-3903 (CRLF injection vulnerability in (1) index.php and (2) admin.php in myW ...)
	NOT-FOR-US: Webland MyBloggie
CVE-2006-3902 (Cross-site scripting (XSS) vulnerability in index.php in phpFaber TopS ...)
	NOT-FOR-US: phpFaber TopSites
CVE-2006-3901 (Multiple stack-based buffer overflows in Tumbleweed Email Firewall (EM ...)
	NOT-FOR-US: Tumbleweed Email Firewall
CVE-2006-3900 (Cross-site scripting (XSS) vulnerability in guestbook.php in TP-Book 1 ...)
	NOT-FOR-US: TP-Book
CVE-2006-3899 (Microsoft Internet Explorer 6.0 on Windows XP SP2 allows remote attack ...)
	NOT-FOR-US: Microsoft
CVE-2006-3898 (Microsoft Internet Explorer 6.0 on Windows XP SP2 allows remote attack ...)
	NOT-FOR-US: Microsoft
CVE-2006-3897 (Stack overflow in Microsoft Internet Explorer 6 on Windows 2000 allows ...)
	NOT-FOR-US: Microsoft
CVE-2006-3896 (The NeoScale Systems CryptoStor 700 series appliance before 2.6 relies ...)
	NOT-FOR-US: NeoScale Systems CryptoStor
CVE-2006-3895
	RESERVED
CVE-2006-3894 (The RSA Crypto-C before 6.3.1 and Cert-C before 2.8 libraries, as used ...)
	NOT-FOR-US: RSA BSAFE
CVE-2006-3893 (Multiple buffer overflows in the ActiveX controls in Newtone ImageKit  ...)
	NOT-FOR-US: Newtone ImageKit
CVE-2006-3892 (The Management Console server in EMC NetWorker (formerly Legato NetWor ...)
	NOT-FOR-US: EMC NetWorker
CVE-2006-3891
	RESERVED
CVE-2006-3890 (Stack-based buffer overflow in the Sky Software FileView ActiveX contr ...)
	NOT-FOR-US: Sky Software FileView ActiveX
CVE-2006-3889
	RESERVED
CVE-2006-3888 (Buffer overflow in AOL You've Got Pictures (YGP) Pic Downloader YGPPDo ...)
	NOT-FOR-US: AOL
CVE-2006-3887 (Buffer overflow in AOL You've Got Pictures (YGP) Screensaver ActiveX c ...)
	NOT-FOR-US: AOL
CVE-2006-3886 (SQL injection vulnerability in Shalwan MusicBox 2.3.4 and earlier allo ...)
	NOT-FOR-US: Shalwan MusicBox
CVE-2006-3885 (Directory traversal vulnerability in Check Point Firewall-1 R55W befor ...)
	NOT-FOR-US: Check Point Firewall-1
CVE-2006-3884 (Multiple SQL injection vulnerabilities in links.php in Gonafish LinksC ...)
	NOT-FOR-US: Gonafish LinksCaffe
CVE-2006-3883 (Multiple cross-site scripting (XSS) vulnerabilities in Gonafish LinksC ...)
	NOT-FOR-US: Gonafish LinksCaffe
CVE-2006-3882 (Shalwan MusicBox 2.3.4 and earlier allows remote attackers to obtain c ...)
	NOT-FOR-US: Shalwan MusicBox
CVE-2006-3881 (Cross-site scripting (XSS) vulnerability in Shalwan MusicBox 2.3.4 and ...)
	NOT-FOR-US: Shalwan MusicBox
CVE-2006-3880
	NOT-FOR-US: Zen Cart
CVE-2006-3879 (Integer overflow in the loadChunk function in loaders/load_gt2.c in li ...)
	- libmikmod <not-affected> (Debian's 3.1.1 version doesn't have GT2 support)
CVE-2006-3878 (Opsware Network Automation System (NAS) 6.0 installs /etc/init.d/mysql ...)
	NOT-FOR-US: Opsware Network Automation System
CVE-2006-3877 (Unspecified vulnerability in PowerPoint in Microsoft Office 2000, Offi ...)
	NOT-FOR-US: Microsoft
CVE-2006-3876 (Unspecified vulnerability in PowerPoint in Microsoft Office 2000, Offi ...)
	NOT-FOR-US: Microsoft
CVE-2006-3875 (Unspecified vulnerability in Microsoft Excel 2000, 2002, 2003, 2004 fo ...)
	NOT-FOR-US: Microsoft
CVE-2006-3874
	REJECTED
CVE-2006-3873 (Heap-based buffer overflow in URLMON.DLL in Microsoft Internet Explore ...)
	NOT-FOR-US: Microsoft
CVE-2006-3872
	REJECTED
CVE-2006-3871
	REJECTED
CVE-2006-3870
	REJECTED
CVE-2006-3869 (Heap-based buffer overflow in URLMON.DLL in Microsoft Internet Explore ...)
	NOT-FOR-US: Microsoft
CVE-2006-3868 (Unspecified vulnerability in Microsoft Office XP and 2003 allows remot ...)
	NOT-FOR-US: Microsoft
CVE-2006-3867 (Unspecified vulnerability in Microsoft Excel 2000, 2002, 2003, 2004 fo ...)
	NOT-FOR-US: Microsoft
CVE-2006-3866
	REJECTED
CVE-2006-3865
	REJECTED
CVE-2006-3864 (Unspecified vulnerability in mso.dll in Microsoft Office 2000, XP, and ...)
	NOT-FOR-US: Microsoft
CVE-2006-3863
	REJECTED
CVE-2006-3862 (Buffer overflow in IBM Informix Dynamic Server (IDS) 9.40.TC5 through  ...)
	NOT-FOR-US: IBM Informix Dynamic Server
CVE-2006-3861 (IBM Informix Dynamic Server (IDS) before 9.40.xC7 and 10.00 before 10. ...)
	NOT-FOR-US: IBM Informix Dynamic Server
CVE-2006-3860 (IBM Informix Dynamic Server (IDS) before 9.40.xC7 and 10.00 before 10. ...)
	NOT-FOR-US: IBM Informix Dynamic Server
CVE-2006-3859 (IBM Informix Dynamic Server (IDS) allows remote authenticated users to ...)
	NOT-FOR-US: IBM Informix Dynamic Server
CVE-2006-3858 (IBM Informix Dynamic Server (IDS) before 9.40.xC8 and 10.00 before 10. ...)
	NOT-FOR-US: IBM Informix Dynamic Server
CVE-2006-3857 (Multiple buffer overflows in IBM Informix Dynamic Server (IDS) before  ...)
	NOT-FOR-US: IBM Informix Dynamic Server
CVE-2006-3856 (IBM Informix Dynamic Server (IDS) before 9.40.xC7 and 10.00 before 10. ...)
	NOT-FOR-US: IBM Informix Dynamic Server
CVE-2006-3855 (The ifx_load_internal function in IBM Informix Dynamic Server (IDS) al ...)
	NOT-FOR-US: IBM Informix Dynamic Server
CVE-2006-3854 (Buffer overflow in IBM Informix Dynamic Server (IDS) 9.40.TC7, 9.40.TC ...)
	NOT-FOR-US: IBM Informix Dynamic Server
CVE-2006-3853 (Buffer overflow in IBM Informix Dynamic Server (IDS) before 9.40.TC7 a ...)
	NOT-FOR-US: IBM Informix Dynamic Server
CVE-2006-3852 (Cross-site scripting (XSS) vulnerability in index.php in Micro GuestBo ...)
	NOT-FOR-US: Micro GuestBook
CVE-2006-3851 (SQL injection vulnerability in upgradev1.php in X7 Chat 2.0.4 and earl ...)
	NOT-FOR-US: X7 Chat
CVE-2006-3850
	NOT-FOR-US: Vanilla CMS
CVE-2006-3849 (Stack-based buffer overflow in Warzone 2100 and Warzone Resurrection 2 ...)
	NOT-FOR-US: Warzone
CVE-2006-3848 (Cross-site scripting (XSS) vulnerability in CGI wrapper for IP Calcula ...)
	- ipcalc 0.41-1 (bug #381469; low)
	[sarge] - ipcalc <no-dsa> (No exploit potential)
CVE-2006-3847 (PHP remote file inclusion vulnerability in (1) admin.php, and possibly ...)
	NOT-FOR-US: MoSpray
CVE-2006-3846 (PHP remote file inclusion vulnerability in extadminmenus.class.php in  ...)
	NOT-FOR-US: MultiBanners
CVE-2006-3845 (Stack-based buffer overflow in lzh.fmt in WinRAR 3.00 through 3.60 bet ...)
	NOT-FOR-US: WinRAR
CVE-2006-3844 (Buffer overflow in Quick 'n Easy FTP Server 3.0 allows remote authenti ...)
	NOT-FOR-US: Quick 'n Easy FTP Server
CVE-2006-3843 (PHP remote file inclusion vulnerability in com_calendar.php in Calenda ...)
	NOT-FOR-US: Calendar Mambo Module
CVE-2006-3842 (Cross-site scripting (XSS) vulnerability in Zoho Virtual Office 3.2 Bu ...)
	NOT-FOR-US: Zoho Virtual Office
CVE-2006-3841 (Cross-site scripting (XSS) vulnerability in WebScarab before 20060718- ...)
	NOT-FOR-US: WebScarab
CVE-2006-3840 (The SMB Mailslot parsing functionality in PAM in multiple ISS products ...)
	NOT-FOR-US: various ISS products
CVE-2006-3839
	RESERVED
CVE-2006-3838 (Multiple stack-based buffer overflows in eIQnetworks Enterprise Securi ...)
	NOT-FOR-US: eIQnetworks Enterprise
CVE-2006-XXXX [syslog-ng dos]
	- syslog-ng 2.0rc1-2 (low)
	[sarge] - syslog-ng <not-affected> (Vulnerable code not present)
CVE-2006-XXXX [courier-authdaemon: wrong socket permissions may lead to password disclosure]
	- courier-authlib 0.58-3.1 (bug #378571; medium)
	[sarge] - courier-authlib <not-affected> (bug #378571; medium)
CVE-2006-4046 (Multiple stack-based buffer overflows in Open Cubic Player 2.6.0pre6 a ...)
	- ocp 0.1.10rc6-1 (medium; bug #381098)
CVE-2006-XXXX [uqwk buffer overflow]
	- uqwk 2.21-13 (bug #376577; low)
	[sarge] - uqwk <no-dsa> (Minor issue)
CVE-2006-3837 (delcookie.php in Professional Home Page Tools Guestbook changes the ex ...)
	NOT-FOR-US: Professional Home Page Tools Guestbook
CVE-2006-3836 (Directory traversal vulnerability in index.php in UNIDOmedia Chameleon ...)
	NOT-FOR-US: UNIDOmedia Chameleon
CVE-2006-3835 (Apache Tomcat 5 before 5.5.17 allows remote attackers to list director ...)
	- tomcat5 <not-affected> (bug #380361; maintainter can't reproduce)
	- tomcat5.5 <not-affected> (bug #380376; maintainer can't reproduce)
CVE-2006-3834 (EJ3 TOPo 2.2.178 includes the password in cleartext in the ID field to ...)
	NOT-FOR-US: EJ3 TOPo
CVE-2006-3833 (index.php in EJ3 TOPo 2.2.178 allows remote attackers to overwrite exi ...)
	NOT-FOR-US: EJ3 TOPo
CVE-2006-3832 (SQL injection vulnerability in index.php in Gerrit van Aaken Loudblog  ...)
	NOT-FOR-US: Gerrit van Aaken Loudblog
CVE-2006-3831 (The Backup selection in Kailash Nadh boastMachine (formerly bMachine)  ...)
	NOT-FOR-US: Kailash Nadh boastMachine (formerly bMachine)
CVE-2006-3830 (The Languages selection in the admin interface in Kailash Nadh boastMa ...)
	NOT-FOR-US: Kailash Nadh boastMachine (formerly bMachine)
CVE-2006-3829 (Cross-site request forgery (CSRF) vulnerability in bmc/admin.php in Ka ...)
	NOT-FOR-US: Kailash Nadh boastMachine (formerly bMachine)
CVE-2006-3828 (Incomplete blacklist vulnerability in Kailash Nadh boastMachine (forme ...)
	NOT-FOR-US: Kailash Nadh boastMachine (formerly bMachine)
CVE-2006-3827 (SQL injection vulnerability in bmc/Inc/core/admin/search.inc.php in Ka ...)
	NOT-FOR-US: Kailash Nadh boastMachine (formerly bMachine)
CVE-2006-3826 (Multiple cross-site scripting (XSS) vulnerabilities in Kailash Nadh bo ...)
	NOT-FOR-US: Kailash Nadh boastMachine (formerly bMachine)
CVE-2006-3825 (The IPv4 implementation in Sun Solaris 10 before 20060721 allows local ...)
	NOT-FOR-US: Solaris
CVE-2006-3824 (systeminfo.c for Sun Solaris allows local users to read kernel memory  ...)
	NOT-FOR-US: Solaris
CVE-2006-3823 (SQL injection vulnerability in index.php in GeodesicSolutions (1) GeoA ...)
	NOT-FOR-US: GeodesicSolutions GeoAuctions Premier and GeoClassifieds Basic
CVE-2006-3822 (SQL injection vulnerability in index.php in GeodesicSolutions GeoAucti ...)
	NOT-FOR-US: GeodesicSolutions GeoAuctions
CVE-2006-3821 (Multiple cross-site scripting (XSS) vulnerabilities in ATutor 1.5.3 al ...)
	NOT-FOR-US: ATutor
CVE-2006-3820 (Cross-site scripting (XSS) vulnerability in loudblog/index.php in Loud ...)
	NOT-FOR-US: Loudblog
CVE-2006-3819 (Eval injection vulnerability in the configure script in TWiki 4.0.0 th ...)
	- twiki <not-affected> (only 4.0.x is affected)
CVE-2006-3818 (Cross-site scripting (XSS) vulnerability in the login page in Novell G ...)
	NOT-FOR-US: Novell GroupWise WebAccess
CVE-2006-3817 (Cross-site scripting (XSS) vulnerability in Novell GroupWise WebAccess ...)
	NOT-FOR-US: Novell GroupWise WebAccess
CVE-2006-3816 (Krusader 1.50-beta1 up to 1.70.0 stores passwords for remote connectio ...)
	- krusader <not-affected> (bug #380063; file in directory with 0700 permissions)
CVE-2006-3815 (heartbeat.c in heartbeat before 2.0.6 sets insecure permissions in a s ...)
	{DSA-1128}
	- heartbeat 1.2.4-13 (bug #379904; bug #380289)
CVE-2006-3814 (Buffer overflow in the Loader_XM::load_instrument_internal function in ...)
	{DSA-1166}
	- cheesetracker 0.9.9-6 (bug #380364; low)
CVE-2006-3813 (A regression error in the Perl package for Red Hat Enterprise Linux 4  ...)
	NOT-FOR-US: Perl in Red Hat Enterprise Linux 4
CVE-2006-3812 (Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMon ...)
	NOTE: MFSA-2006-56
	[sarge] - mozilla <not-affected>
	- mozilla <removed> (medium)
	- xulrunner 1.8.0.5-1 (medium)
	[sarge] - mozilla-firefox <not-affected> (Only Firefox 1.5 is affected)
	- firefox 1.5.dfsg+1.5.0.5-1 (medium)
	- thunderbird 1.5.0.5-1 (unimportant)
	[sarge] - mozilla-thunderbird <not-affected> (unimportant)
CVE-2006-3811 (Multiple vulnerabilities in Mozilla Firefox before 1.5.0.5, Thunderbir ...)
	{DSA-1161 DSA-1160 DSA-1159}
	NOTE: MFSA-2006-55
	- mozilla <removed> (high)
	- xulrunner 1.8.0.5-1 (high)
	- mozilla-firefox <removed> (high)
	- firefox 1.5.dfsg+1.5.0.5-1 (high)
	- thunderbird 1.5.0.5-1 (medium)
	- mozilla-thunderbird <removed> (medium)
CVE-2006-3810 (Cross-site scripting (XSS) vulnerability in Mozilla Firefox 1.5 before ...)
	{DSA-1159}
	NOTE: MFSA-2006-54
	- mozilla <not-affected> (mozilla 1.7 not affected)
	- xulrunner 1.8.0.5-1 (high)
	- mozilla-firefox <not-affected> (only firefox >= 1.5)
	- firefox 1.5.dfsg+1.5.0.5-1 (high)
	- thunderbird 1.5.0.5-1 (medium)
CVE-2006-3809 (Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMon ...)
	{DSA-1161 DSA-1160 DSA-1159}
	NOTE: MFSA-2006-53
	- mozilla <removed> (medium)
	- xulrunner 1.8.0.5-1 (medium)
	- mozilla-firefox <removed> (medium)
	- firefox 1.5.dfsg+1.5.0.5-1 (medium)
	- thunderbird 1.5.0.5-1 (medium)
	- mozilla-thunderbird <removed> (medium)
CVE-2006-3808 (Mozilla Firefox before 1.5.0.5 and SeaMonkey before 1.0.3 allows remot ...)
	{DSA-1161 DSA-1160 DSA-1159}
	NOTE: MFSA-2006-52
	- mozilla <removed> (medium)
	- xulrunner 1.8.0.5-1 (medium)
	- mozilla-firefox <removed> (medium)
	- firefox 1.5.dfsg+1.5.0.5-1 (medium)
	- thunderbird 1.5.0.5-1
CVE-2006-3807 (Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMon ...)
	{DSA-1161 DSA-1160 DSA-1159}
	NOTE: MFSA-2006-51
	- mozilla <removed> (high)
	- xulrunner 1.8.0.5-1 (high)
	- mozilla-firefox <removed> (high)
	- firefox 1.5.dfsg+1.5.0.5-1 (high)
	- thunderbird 1.5.0.5-1 (medium)
	- mozilla-thunderbird <removed> (medium)
CVE-2006-3806 (Multiple integer overflows in the Javascript engine in Mozilla Firefox ...)
	{DSA-1161 DSA-1160 DSA-1159}
	NOTE: MFSA-2006-50
	- mozilla <removed> (high)
	- xulrunner 1.8.0.5-1 (high)
	- mozilla-firefox <removed> (high)
	- firefox 1.5.dfsg+1.5.0.5-1 (high)
	- thunderbird 1.5.0.5-1 (medium)
	- mozilla-thunderbird <removed> (medium)
CVE-2006-3805 (The Javascript engine in Mozilla Firefox before 1.5.0.5, Thunderbird b ...)
	{DSA-1161 DSA-1160 DSA-1159}
	NOTE: MFSA-2006-50
	- mozilla <removed> (high)
	- xulrunner 1.8.0.5-1 (high)
	- mozilla-firefox <removed> (high)
	- firefox 1.5.dfsg+1.5.0.5-1 (high)
	- thunderbird 1.5.0.5-1 (medium)
	- mozilla-thunderbird <removed> (medium)
CVE-2006-3804 (Heap-based buffer overflow in Mozilla Thunderbird before 1.5.0.5 and S ...)
	NOTE: MFSA-2006-49
	- mozilla-firefox <not-affected> (only firefox >= 1.5)
	[sarge] - mozilla <not-affected> (mozilla 1.7 not affected)
	- mozilla <removed> (high)
	- thunderbird 1.5.0.5-1 (high)
	- mozilla-thunderbird <not-affected> (high)
CVE-2006-3803 (Race condition in the JavaScript garbage collection in Mozilla Firefox ...)
	NOTE: MFSA-2006-48
	- mozilla <not-affected> (mozilla 1.7 not affected)
	- xulrunner 1.8.0.5-1 (high)
	- mozilla-firefox <not-affected> (only firefox >= 1.5)
	- firefox 1.5.dfsg+1.5.0.5-1 (high)
	- thunderbird 1.5.0.5-1 (medium)
	- mozilla-thunderbird <not-affected>
CVE-2006-3802 (Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMon ...)
	NOTE: MFSA-2006-47
	- mozilla <not-affected> (mozilla 1.7 not affected)
	- xulrunner 1.8.0.5-1 (medium)
	- mozilla-firefox <not-affected> (only firefox >= 1.5)
	- firefox 1.5.dfsg+1.5.0.5-1 (medium)
	- thunderbird 1.5.0.5-1 (medium)
	- mozilla-thunderbird <not-affected>
CVE-2006-3801 (Mozilla Firefox 1.5 before 1.5.0.5 and SeaMonkey before 1.0.3 does not ...)
	NOTE: MFSA-2006-44
	- mozilla-firefox <not-affected> (only firefox >= 1.5)
	- mozilla-thunderbird <not-affected> (only firefox >= 1.5)
	- mozilla <not-affected> (mozilla 1.7 not affected)
	- firefox 1.5.dfsg+1.5.0.5-1 (high)
	- xulrunner 1.8.0.5-1 (high)
	- thunderbird 1.5.0.5-1 (medium)
CVE-2006-3800 (Cross-site scripting (XSS) vulnerability in Amazing Flash AFCommerce S ...)
	NOT-FOR-US: AFCommerce
CVE-2006-3799 (DeluxeBB 1.07 and earlier allows remote attackers to bypass SQL inject ...)
	NOT-FOR-US: DeluxeBB
CVE-2006-3798 (DeluxeBB 1.07 and earlier allows remote attackers to overwrite the (1) ...)
	NOT-FOR-US: DeluxeBB
CVE-2006-3797 (SQL injection vulnerability in DeluxeBB 1.07 and earlier allows remote ...)
	NOT-FOR-US: DeluxeBB
CVE-2006-3796 (DeluxeBB 1.07 and earlier does not properly handle a username composed ...)
	NOT-FOR-US: DeluxeBB
CVE-2006-3795 (Multiple cross-site scripting (XSS) vulnerabilities in DeluxeBB before ...)
	NOT-FOR-US: DeluxeBB
CVE-2006-3794
	NOT-FOR-US: AFCommerce
CVE-2006-3793 (PHP remote file inclusion vulnerability in constants.php in SiteDepth  ...)
	NOT-FOR-US: SiteDepth
CVE-2006-3792 (SQL injection vulnerability in ServerClientUfo::recv_packet in server_ ...)
	NOT-FOR-US: UFO2000
CVE-2006-3791 (The decode_stringmap function in server_transport.cpp for UFO2000 svn  ...)
	NOT-FOR-US: UFO2000
CVE-2006-3790 (The decode_stringmap function in server_transport.cpp for UFO2000 svn  ...)
	NOT-FOR-US: UFO2000
CVE-2006-3789 (Multiple array index errors in the (1) recv_rules, (2) recv_select_uni ...)
	NOT-FOR-US: UFO2000
CVE-2006-3788 (Multiple buffer overflows in multiplay.cpp in UFO2000 svn 1057 allow r ...)
	NOT-FOR-US: UFO2000
CVE-2006-3787 (kpf4ss.exe in Sunbelt Kerio Personal Firewall 4.3.x before 4.3.268 doe ...)
	NOT-FOR-US: Sunbelt Kerio Personal Firewall
CVE-2006-3786 (Symantec pcAnywhere 12.5 uses weak integrity protection for .cif (aka  ...)
	NOT-FOR-US: Symantec pcAnywhere
CVE-2006-3785 (Symantec pcAnywhere 12.5 obfuscates the passwords in a GUI textbox wit ...)
	NOT-FOR-US: Symantec pcAnywhere
CVE-2006-3784 (Symantec pcAnywhere 12.5 uses weak default permissions for the "Symant ...)
	NOT-FOR-US: Symantec pcAnywhere
CVE-2006-3783 (Sun Solaris 10 allows local users to cause a denial of service (panic) ...)
	NOT-FOR-US: Solaris
CVE-2006-3782 (Unspecified vulnerability in the kernel debugger (kmdb) in Sun Solaris ...)
	NOT-FOR-US: Solaris
CVE-2006-3781 (Unspecified vulnerability in Sun Solaris 10 allows context-dependent a ...)
	NOT-FOR-US: Solaris
CVE-2006-3780 (Keyifweb Keyif Portal 2.0 stores sensitive information under the web r ...)
	NOT-FOR-US: Keyifweb Keyif Portal
CVE-2006-3779 (Citrix MetaFrame up to XP 1.0 Feature 1, except when running on Window ...)
	NOT-FOR-US: Citrix
CVE-2006-3778 (IBM Lotus Notes 6.0, 6.5, and 7.0 does not properly handle replies to  ...)
	NOT-FOR-US: IBM
CVE-2006-3777 (PHP remote file inclusion vulnerability in index.php in IDevSpot PhpLi ...)
	NOT-FOR-US: IDevSpot PhpLinkExchange
CVE-2006-3776 (PHP remote file inclusion vulnerability in order/index.php in IDevSpot ...)
	NOT-FOR-US: IDevSpot (1) PhpHostBot 1.0 and (2) AutoHost 3.0
CVE-2006-3775 (SQL injection vulnerability in the init function in class_session.php  ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2006-3774 (PHP remote file inclusion vulnerability in performs.php in the perForm ...)
	NOT-FOR-US: perForms component (com_performs) for Joomla!
CVE-2006-3773 (PHP remote file inclusion vulnerability in smf.php in the SMF-Forum 1. ...)
	NOT-FOR-US: MF-Forum Bridge Component (com_smf) For Joomla! and Mambo
CVE-2006-3772 (PHP-Post 0.21 and 1.0, and possibly earlier versions, when auto-login  ...)
	NOT-FOR-US: PHP-Post
CVE-2006-3771 (Multiple PHP remote file inclusion vulnerabilities in component.php in ...)
	NOT-FOR-US: iManage CMS
CVE-2006-3770 (Multiple SQL injection vulnerabilities in index.php in phpFaber TopSit ...)
	NOT-FOR-US: phpFaber TopSites
CVE-2006-3769 (Multiple cross-site scripting (XSS) vulnerabilities in Top XL 1.1 and  ...)
	NOT-FOR-US: Top XL
CVE-2006-3768 (Integer underflow in filecpnt.exe in FileCOPA FTP Server 1.01 before 2 ...)
	NOT-FOR-US: FileCOPA FTP Server
CVE-2006-3767 (Cross-site scripting (XSS) vulnerability in showprofile.php in Darren' ...)
	NOT-FOR-US: Darren's $5 Script Archive osDate
CVE-2006-3766 (Darren's $5 Script Archive osDate 1.1.7 and earlier allows users to bo ...)
	NOT-FOR-US: Darren's $5 Script Archive osDate
CVE-2006-3765 (Multiple cross-site scripting (XSS) vulnerabilities in Huttenlocher We ...)
	NOT-FOR-US: uttenlocher Webdesign hwdeGUEST
CVE-2006-3764 (Till Gerken phpPolls 1.0.3 allows remote attackers to create a new pol ...)
	NOT-FOR-US: phpPolls
CVE-2006-3763 (SQL injection vulnerability in category.php in Diesel Joke Site allows ...)
	NOT-FOR-US: Diesel Joke Site
CVE-2006-3762 (The Touch Control ActiveX control 2.0.0.55 allows remote attackers to  ...)
	NOT-FOR-US: Touch Control ActiveX control
CVE-2006-3761 (Cross-site scripting (XSS) vulnerability in inc/functions_post.php in  ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2006-3760 (Multiple SQL injection vulnerabilities in MyBB (aka MyBulletinBoard) 1 ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2006-3759 (Unspecified vulnerability in MyBB (aka MyBulletinBoard) 1.1.4, related ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2006-3758 (inc/init.php in Archive Mode (Light) in MyBB (aka MyBulletinBoard) 1.1 ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2006-3757 (index.php in Zen Cart 1.3.0.2 allows remote attackers to obtain sensit ...)
	NOT-FOR-US: Zen Cart
CVE-2006-3756 (Cross-site scripting (XSS) vulnerability in Geeklog 1.4.0sr4 and earli ...)
	NOT-FOR-US: Geeklog
CVE-2006-3755 (PHP remote file inclusion vulnerability in Include/editor/class.rich.p ...)
	NOT-FOR-US: FlushCMS
CVE-2006-3754 (PHP remote file inclusion vulnerability in Include/editor/rich_files/c ...)
	NOT-FOR-US: FlushCMS
CVE-2006-3753 (setcookie.php for the administration login in Professional Home Page T ...)
	NOT-FOR-US: Professional Home Page Tools Guestbook
CVE-2006-3752 (Multiple SQL injection vulnerabilities in class.php in Professional Ho ...)
	NOT-FOR-US: Professional Home Page Tools Guestbook
CVE-2006-3751 (PHP remote file inclusion vulnerability in popups/ImageManager/config. ...)
	NOT-FOR-US: HTMLArea3
CVE-2006-3750 (PHP remote file inclusion vulnerability in server.php in the Hashcash  ...)
	NOT-FOR-US: Hashcash Component (com_hashcash) for Joomla
CVE-2006-3749 (PHP remote file inclusion vulnerability in sitemap.xml.php in Sitemap  ...)
	NOT-FOR-US: Sitemap component (com_sitemap) for Mambo
CVE-2006-3748 (PHP remote file inclusion vulnerability in includes/abbc/abbc.class.ph ...)
	NOT-FOR-US: LoudMouth Component for Mambo
CVE-2006-3747 (Off-by-one error in the ldap scheme handling in the Rewrite module (mo ...)
	{DSA-1132-1 DSA-1131-1}
	- apache 1.3.34-3 (medium; bug #380231)
	- apache2 2.0.55-4.1 (medium; bug #380182)
CVE-2006-3746 (Integer overflow in parse_comment in GnuPG (gpg) 1.4.4 allows remote a ...)
	{DSA-1141-1 DSA-1140-1}
	- gnupg 1.4.5-1 (medium; bug #381204)
	- gnupg2 1.9.20-2 (medium)
CVE-2006-3745 (Unspecified vulnerability in the sctp_make_abort_user function in the  ...)
	{DSA-1184-2 DSA-1183-1}
	- linux-2.6 2.6.17-7
CVE-2006-3744 (Multiple integer overflows in ImageMagick before 6.2.9 allows user-ass ...)
	{DSA-1168-1}
	- imagemagick 7:6.2.4.5.dfsg1-0.10 (bug #385062)
	- graphicsmagick 1.1.7-7
CVE-2006-3743 (Multiple buffer overflows in ImageMagick before 6.2.9 allow user-assis ...)
	{DSA-1168-1}
	- imagemagick 7:6.2.4.5.dfsg1-0.10 (bug #385062)
	- graphicsmagick 1.1.7-8
CVE-2006-3742 (The KDE PAM configuration shipped with Fedora Core 5 causes KDM passwo ...)
	- kdebase <not-affected>
	NOTE: only in Fedora
CVE-2006-3741 (The perfmonctl system call (sys_perfmonctl) in Linux kernel 2.4.x and  ...)
	{DSA-1233}
	- linux-2.6 2.6.18-1
CVE-2006-3740 (Integer overflow in the scan_cidfont function in X.Org 6.8.2 and XFree ...)
	{DSA-1193-1}
	- libxfont 1:1.2.2-1
CVE-2006-3739 (Integer overflow in the CIDAFM function in X.Org 6.8.2 and XFree86 X s ...)
	{DSA-1193-1}
	- libxfont 1:1.2.2-1
CVE-2006-3738 (Buffer overflow in the SSL_get_shared_ciphers function in OpenSSL 0.9. ...)
	{DSA-1195-1 DSA-1185-2}
	- openssl 0.9.8c-2 (bug #389940)
	- openssl097 0.9.7k-2
	- openssl096 <removed>
CVE-2006-XXXX [htdig: several unspecified security problems]
	- htdig 1:3.2.0b6-1
CVE-2006-XXXX [ldap account manager sets trivial password instead of disabling it]
	- ldap-account-manager 1.0.2-1.1 (bug #368804; medium)
	[sarge] - ldap-account-manager <not-affected>
CVE-2006-XXXX [ldap account manager wrongly unlocks some passwords]
	- ldap-account-manager 1.0.3-1 (bug #375453; medium)
	[sarge] - ldap-account-manager <not-affected>
CVE-2006-3737 (Cross-site scripting (XSS) vulnerability in filemanager/filemanager.ph ...)
	NOT-FOR-US: Plesk
CVE-2006-3736 (PHP remote file inclusion vulnerability in core/videodb.class.xml.php  ...)
	NOT-FOR-US: VideoDB for Mambo
CVE-2006-3735 (Multiple PHP remote file inclusion vulnerabilities in Mail2Forum (modu ...)
	NOT-FOR-US: Mail2Forum
CVE-2006-3734 (Multiple unspecified vulnerabilities in the Command Line Interface (CL ...)
	NOT-FOR-US: Cisco
CVE-2006-3733 (jmx-console/HtmlAdaptor in the jmx-console in the JBoss web applicatio ...)
	NOT-FOR-US: Cisco
CVE-2006-3732 (Cisco Security Monitoring, Analysis and Response System (CS-MARS) befo ...)
	NOT-FOR-US: Cisco
CVE-2006-3731 (Mozilla Firefox 1.5.0.4 and earlier allows remote user-assisted attack ...)
	- firefox 1.5.dfsg+1.5.0.6-1 (bug #379050; low)
	[sarge] - mozilla-firefox <not-affected> (Unreproducible on Sarge)
CVE-2006-3730 (Integer overflow in Microsoft Internet Explorer 6 on Windows XP SP2 al ...)
	NOT-FOR-US: MSIE
CVE-2006-3729 (DataSourceControl in Internet Explorer 6 on Windows XP SP2 with Office ...)
	NOT-FOR-US: MSIE
CVE-2006-3728 (Unspecified vulnerability in the kernel in Solaris 10 with patch 11882 ...)
	NOT-FOR-US: Solaris
CVE-2006-3727 (Multiple SQL injection vulnerabilities in Eskolar CMS 0.9.0.0 allow re ...)
	NOT-FOR-US: Eskolar CMS
CVE-2006-3726 (Buffer overflow in FileCOPA FTP Server before 1.01 released on 18th Ju ...)
	NOT-FOR-US: FileCOPA FTP Server
CVE-2006-3725 (Norton Personal Firewall 2006 9.1.0.33 allows local users to cause a d ...)
	NOT-FOR-US: Norton Personal Firewall
CVE-2006-3724 (Unspecified vulnerability in JD Edwards HTML Server for Oracle OneWorl ...)
	NOT-FOR-US: Oracle
CVE-2006-3723 (Unspecified vulnerability in PeopleSoft Enterprise Portal for Oracle P ...)
	NOT-FOR-US: Oracle
CVE-2006-3722 (Unspecified vulnerability in PeopleSoft Enterprise Portal for Oracle P ...)
	NOT-FOR-US: Oracle
CVE-2006-3721 (Multiple unspecified vulnerabilities in Oracle Management Service for  ...)
	NOT-FOR-US: Oracle
CVE-2006-3720 (Unspecified vulnerability in Enterprise Config Management for Oracle E ...)
	NOT-FOR-US: Oracle
CVE-2006-3719 (Unspecified vulnerability in CORE: Repository for Oracle Enterprise Ma ...)
	NOT-FOR-US: Oracle
CVE-2006-3718 (Multiple unspecified vulnerabilities in Oracle Exchange for Oracle E-B ...)
	NOT-FOR-US: Oracle
CVE-2006-3717 (Multiple unspecified vulnerabilities in Oracle E-Business Suite and Ap ...)
	NOT-FOR-US: Oracle
CVE-2006-3716 (Multiple unspecified vulnerabilities in Oracle E-Business Suite and Ap ...)
	NOT-FOR-US: Oracle
CVE-2006-3715 (Unspecified vulnerability in Calendar for Oracle Collaboration Suite 1 ...)
	NOT-FOR-US: Oracle
CVE-2006-3714 (Unspecified vulnerability in OC4J for Oracle Application Server 10.1.2 ...)
	NOT-FOR-US: Oracle
CVE-2006-3713 (Unspecified vulnerability in OC4J for Oracle Application Server 10.1.3 ...)
	NOT-FOR-US: Oracle
CVE-2006-3712 (Unspecified vulnerability in OC4J for Oracle Application Server 9.0.4. ...)
	NOT-FOR-US: Oracle
CVE-2006-3711 (Unspecified vulnerability in OC4J for Oracle Application Server 9.0.2. ...)
	NOT-FOR-US: Oracle
CVE-2006-3710 (Unspecified vulnerability in OC4J for Oracle Application Server 9.0.2. ...)
	NOT-FOR-US: Oracle
CVE-2006-3709 (Unspecified vulnerability in OC4J for Oracle Application Server 9.0.2. ...)
	NOT-FOR-US: Oracle
CVE-2006-3708 (Unspecified vulnerability in OC4J for Oracle Application Server 9.0.2. ...)
	NOT-FOR-US: Oracle
CVE-2006-3707 (Unspecified vulnerability in OC4J for Oracle Application Server 9.0.2. ...)
	NOT-FOR-US: Oracle
CVE-2006-3706 (Unspecified vulnerability in OC4J for Oracle Application Server 9.0.2. ...)
	NOT-FOR-US: Oracle
CVE-2006-3705 (Multiple unspecified vulnerabilities in Oracle Database 10.1.0.5 have  ...)
	NOT-FOR-US: Oracle
CVE-2006-3704 (Unspecified vulnerability in the Oracle ODBC Driver for Oracle Databas ...)
	NOT-FOR-US: Oracle
CVE-2006-3703 (Unspecified vulnerability in InterMedia for Oracle Database 9.0.1.5, 9 ...)
	NOT-FOR-US: Oracle
CVE-2006-3702 (Multiple unspecified vulnerabilities in Oracle Database 8.1.7.4, 9.0.1 ...)
	NOT-FOR-US: Oracle
CVE-2006-3701 (Unspecified vulnerability in the Dictionary component in Oracle Databa ...)
	NOT-FOR-US: Oracle
CVE-2006-3700 (Multiple unspecified vulnerabilities in Oracle Database 9.2.0.6 and 10 ...)
	NOT-FOR-US: Oracle
CVE-2006-3699 (Unspecified vulnerability in the Core RDBMS component in Oracle Databa ...)
	NOT-FOR-US: Oracle
CVE-2006-3698 (Multiple unspecified vulnerabilities in Oracle Database 10.1.0.5 have  ...)
	NOT-FOR-US: Oracle
CVE-2006-3697 (Agnitum Outpost Firewall Pro 3.51.759.6511 (462), as used in (1) Lavas ...)
	NOT-FOR-US: Outpost Firewall Pro
CVE-2006-3696 (filtnt.sys in Outpost Firewall Pro before 3.51.759.6511 (462) allows l ...)
	NOT-FOR-US: Outpost Firewall Pro
CVE-2006-3694 (Multiple unspecified vulnerabilities in Ruby before 1.8.5 allow remote ...)
	{DSA-1157 DSA-1139-1}
	- ruby1.8 1.8.4-3 (bug #378029; medium)
	- ruby1.9 1.9.0+20060609-1 (medium)
CVE-2006-3693 (Rocks Clusters 4.1 and earlier allows local users to gain privileges v ...)
	NOT-FOR-US: Rocks Clusters
CVE-2006-3692
	NOT-FOR-US: ListMessenger
CVE-2006-3691 (Multiple SQL injection vulnerabilities in VBZooM 1.11 and earlier allo ...)
	NOT-FOR-US: VBZooM
CVE-2006-3690 (Multiple PHP remote file inclusion vulnerabilities in MiniBB Forum 1.5 ...)
	NOT-FOR-US: MiniBB
CVE-2006-3689
	NOT-FOR-US: Codeworks Gnomedia SubberZ[Lite]
CVE-2006-3688 (SQL injection vulnerability in Room.php in Francisco Charrua Photo-Gal ...)
	NOT-FOR-US: Francisco Charrua Photo-Gallery
CVE-2006-3687 (Stack-based buffer overflow in the Universal Plug and Play (UPnP) serv ...)
	NOT-FOR-US: D-Link
CVE-2006-3686 (Unspecified vulnerability in [SYSEXE]SMPUTIL.EXE in HP OpenVMS 7.3-2 a ...)
	NOT-FOR-US: HP OpenVMS
CVE-2006-3685 (PHP remote file inclusion vulnerability in CzarNews 1.12 through 1.14  ...)
	NOT-FOR-US: CzarNews
CVE-2006-3684 (PHP remote file inclusion vulnerability in calendar.php in SoftComplex ...)
	NOT-FOR-US: SoftComplex PHP Event Calendar
CVE-2006-3683 (PHP remote file inclusion vulnerability in poll.php in Flipper Poll 1. ...)
	NOT-FOR-US: Flipper Poll
CVE-2006-3682 (awstats.pl in AWStats 6.5 build 1.857 and earlier allows remote attack ...)
	- awstats 6.5-2 (bug #378960; low)
	[sarge] - awstats 6.4-1sarge3
	NOTE: A previous DSA introduced a fix that renders this vulnerability in ineffective
CVE-2006-3681 (Multiple cross-site scripting (XSS) vulnerabilities in awstats.pl in A ...)
	- awstats 6.5-2 (bug #378960; unimportant)
	NOTE: Path disclosure is not an issue for Debian
CVE-2006-3680 (Cross-site scripting (XSS) vulnerability in photocycle in Photocycle 1 ...)
	NOT-FOR-US: Photocycle
CVE-2006-3679 (FatWire Content Server 5.5.0 allows remote attackers to bypass access  ...)
	NOT-FOR-US: FatWire Content Server
CVE-2006-3678 (TippingPoint IPS running the TippingPoint Operating System (TOS) befor ...)
	NOT-FOR-US: TippingPoint
CVE-2006-3677 (Mozilla Firefox 1.5 before 1.5.0.5 and SeaMonkey before 1.0.3 allows r ...)
	NOTE: MFSA-2006-45
	- mozilla <not-affected> (mozilla 1.7 not affected)
	- xulrunner 1.8.0.5-1 (high)
	- mozilla-firefox <not-affected> (only firefox >= 1.5)
	- firefox 1.5.dfsg+1.5.0.5-1 (high)
	- thunderbird <not-affected>
	- mozilla-thunderbird <not-affected>
CVE-2006-3676 (admin/gallery_admin.php in planetGallery before 14.07.2006 allows remo ...)
	NOT-FOR-US: planetGallery
CVE-2006-3675 (Password Safe 2.11, 2.16 and 3.0BETA1 does not respect the configurati ...)
	NOT-FOR-US: Password Safe
	NOTE: mypasswordsafe and pwsafe might use code from Password Safe,
	NOTE: but the problematic functionality is not present
CVE-2006-3674 (nNetObject.cpp in Armagetron Advanced 2.8.2 and earlier allows remote  ...)
	- armagetron 0.2.8.2.1-1 (bug #379062; low)
	[sarge] - armagetron <no-dsa> (Minor game DoS)
	[etch] - armagetron <no-dsa> (Minor game DoS)
CVE-2006-3673 (nNetObject.cpp in Armagetron Advanced 2.8.2 and earlier allows remote  ...)
	- armagetron 0.2.8.2.1-1 (bug #379062; low)
	[sarge] - armagetron <no-dsa> (Minor game DoS)
	[etch] - armagetron <no-dsa> (Minor game DoS)
CVE-2006-3672 (KDE Konqueror 3.5.1 and earlier allows remote attackers to cause a den ...)
	- kdelibs 4:3.5.4-1 (bug #378962; unimportant)
CVE-2006-3671 (Cross-site request forgery (CSRF) vulnerability in the communicate fun ...)
	{DTSA-31-1}
	- hyperestraier 1.3.3-1 (bug #379060; low)
CVE-2006-3670 (Stack-based buffer overflow in Winlpd 1.26 allows remote attackers to  ...)
	NOT-FOR-US: Winlpd
CVE-2006-3669 (Mercury Messenger, possibly 1.7.1.1 and other versions, when running o ...)
	NOT-FOR-US: Mercury Messenger
CVE-2006-3668 (Heap-based buffer overflow in the it_read_envelope function in Dynamic ...)
	{DSA-1123}
	- libdumb 1:0.9.3-5 (bug #379064; medium)
CVE-2006-3667 (Unspecified vulnerability in Sybase/Financial Fusion Consumer Banking  ...)
	NOT-FOR-US: Sybase/Financial Fusion Consumer Banking Suite
CVE-2006-3666 (SQL injection vulnerability in AjaxPortal 3.0, with magic_quotes_gpc d ...)
	NOT-FOR-US: AjaxPortal
CVE-2006-3665 (SquirrelMail 1.4.6 and earlier, with register_globals enabled, allows  ...)
	- squirrelmail 2:1.4.7-1 (unimportant)
	NOTE: Operation with registers_globals not supported
CVE-2006-3664 (Unspecified vulnerability in NIS server on Sun Solaris 8, 9, and 10 al ...)
	NOT-FOR-US: Sun Solaris
CVE-2006-3663 (Finjan Vital Security Appliance 5100/8100 NG 8.3.5 stores passwords in ...)
	NOT-FOR-US: Finjan Appliance
CVE-2006-3662
	NOT-FOR-US: ATutor
CVE-2006-3661 (Cross-site scripting (XSS) vulnerability in Index.PHP in CuteNews 1.4. ...)
	NOT-FOR-US: CuteNews
CVE-2006-3660 (Unspecified vulnerability in Microsoft PowerPoint 2003 has unknown imp ...)
	NOT-FOR-US: Microsoft PowerPoint
CVE-2006-3659 (Microsoft Internet Explorer 6 allows remote attackers to cause a denia ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2006-3658 (Microsoft Internet Explorer 6 allows remote attackers to cause a denia ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2006-3657 (Microsoft Internet Explorer 6 allows remote attackers to cause a denia ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2006-3656 (Unspecified vulnerability in Microsoft PowerPoint 2003 allows user-ass ...)
	NOT-FOR-US: Microsoft PowerPoint
CVE-2006-3655 (Unspecified vulnerability in mso.dll in Microsoft PowerPoint 2003 allo ...)
	NOT-FOR-US: Microsoft PowerPoint
CVE-2006-3654 (Buffer overflow in wksss.exe 8.4.702.0 in Microsoft Works Spreadsheet  ...)
	NOT-FOR-US: Microsoft Works Spreadsheet
CVE-2006-3653 (wksss.exe 8.4.702.0 in Microsoft Works Spreadsheet 8.0 allows remote a ...)
	NOT-FOR-US: Microsoft Works Spreadsheet
CVE-2006-3652 (Microsoft Internet Security and Acceleration (ISA) Server 2004 allows  ...)
	NOT-FOR-US: Microsoft Internet Security and Acceleration Server
CVE-2006-3651 (Unspecified vulnerability in Microsoft Word 2000, 2002, and Office 200 ...)
	NOT-FOR-US: Microsoft
CVE-2006-3650 (Microsoft Office 2000, XP, 2003, 2004 for Mac, and v.X for Mac do not  ...)
	NOT-FOR-US: Microsoft
CVE-2006-3649 (Buffer overflow in Microsoft Visual Basic for Applications (VBA) SDK 6 ...)
	NOT-FOR-US: Microsoft
CVE-2006-3648 (Unspecified vulnerability in Microsoft Windows 2000 SP4, XP SP1 and SP ...)
	NOT-FOR-US: Microsoft
CVE-2006-3647 (Integer overflow in Microsoft Word 2000, 2002, 2003, 2004 for Mac, and ...)
	NOT-FOR-US: Microsoft
CVE-2006-3646
	REJECTED
CVE-2006-3645
	REJECTED
CVE-2006-3644
	REJECTED
CVE-2006-3643 (Cross-site scripting (XSS) vulnerability in Internet Explorer 5.01 and ...)
	NOT-FOR-US: Microsoft
CVE-2006-3642
	REJECTED
CVE-2006-3641
	REJECTED
CVE-2006-3640 (Microsoft Internet Explorer 5.01 and 6 allows certain script to persis ...)
	NOT-FOR-US: Microsoft
CVE-2006-3639 (Microsoft Internet Explorer 5.01 and 6 does not properly identify the  ...)
	NOT-FOR-US: Microsoft
CVE-2006-3638 (Microsoft Internet Explorer 5.01 and 6 does not properly handle uninit ...)
	NOT-FOR-US: Microsoft
CVE-2006-3637 (Microsoft Internet Explorer 5.01 SP4 and 6 does not properly handle va ...)
	NOT-FOR-US: Microsoft
CVE-2006-3636 (Multiple cross-site scripting (XSS) vulnerabilities in Mailman before  ...)
	{DSA-1188-1}
	- mailman 1:2.1.8-3
CVE-2006-3635 (The ia64 subsystem in the Linux kernel before 2.6.26 allows local user ...)
	- linux <not-affected> (Fixed before initial rename to src:linux)
	NOTE: https://bugzilla.suse.com/show_bug.cgi?id=199440
	NOTE: Fixed by: https://git.kernel.org/linus/4dcc29e1574d88f4465ba865ed82800032f76418 (2.6.26-rc5)
CVE-2006-3634 (The (1) __futex_atomic_op and (2) futex_atomic_cmpxchg_inatomic functi ...)
	- linux-2.6 2.6.17-1 (medium)
CVE-2006-3633 (OSSP shiela 1.1.5 and earlier allows remote authenticated users to exe ...)
	NOT-FOR-US: shiela
CVE-2006-3632 (Buffer overflow in Wireshark (aka Ethereal) 0.8.16 to 0.99.0 allows re ...)
	{DSA-1127}
	- ethereal <removed> (bug #378745; high)
	- wireshark 0.99.2-1 (high)
CVE-2006-3631 (Unspecified vulnerability in the SSH dissector in Wireshark (aka Ether ...)
	{DSA-1127}
	- ethereal <removed> (bug #378745; high)
	- wireshark 0.99.2-1 (high)
CVE-2006-3630 (Multiple off-by-one errors in Wireshark (aka Ethereal) 0.9.7 to 0.99.0 ...)
	{DSA-1127}
	- ethereal <removed> (bug #378745; high)
	- wireshark 0.99.2-1 (high)
CVE-2006-3629 (Unspecified vulnerability in the MOUNT dissector in Wireshark (aka Eth ...)
	{DSA-1127}
	- ethereal <removed> (bug #378745; high)
	- wireshark 0.99.2-1 (high)
CVE-2006-3628 (Multiple format string vulnerabilities in Wireshark (aka Ethereal) 0.1 ...)
	{DSA-1127}
	- ethereal <removed> (bug #378745; high)
	- wireshark 0.99.2-1 (high)
CVE-2006-3627 (Unspecified vulnerability in the GSM BSSMAP dissector in Wireshark (ak ...)
	- ethereal <removed> (bug #378745; high)
	- wireshark 0.99.2-1 (high)
	[sarge] - ethereal <no-dsa> (Vulnerable code not present)
CVE-2006-3625 (FLV Players 8 allows remote attackers to obtain sensitive information  ...)
	NOT-FOR-US: FLV Players
CVE-2006-3624 (Multiple cross-site scripting (XSS) vulnerabilities in FLV Players 8 a ...)
	NOT-FOR-US: FLV Players
CVE-2006-3623 (Directory traversal vulnerability in Framework Service component in Mc ...)
	NOT-FOR-US: McAfee ePolicy Orchestrator
CVE-2006-3622 (The showtopic module in Koobi Pro CMS 5.6 allows remote attackers to o ...)
	NOT-FOR-US: Koobi Pro CMS
CVE-2006-3621 (SQL injection vulnerability in the showtopic module in Koobi Pro CMS 5 ...)
	NOT-FOR-US: Koobi Pro CMS
CVE-2006-3620 (Cross-site scripting (XSS) vulnerability in the showtopic module in Ko ...)
	NOT-FOR-US: Koobi Pro CMS
CVE-2006-3619 (Directory traversal vulnerability in FastJar 0.93, as used in Gnu GCC  ...)
	{DSA-1170}
	- gcc-4.1 4.1.1-11 (bug #368397; low)
	- gcc-3.4 3.4.4-0
	NOTE: gcc-3.4 no longer builds the fastjar package
CVE-2006-3618 (SQL injection vulnerability in pblguestbook.php in Pixelated By Lev (P ...)
	NOT-FOR-US: Pixelated By Lev (PBL) Guestbook
CVE-2006-3617 (Cross-site scripting (XSS) vulnerability in pblguestbook.php in Pixela ...)
	NOT-FOR-US: Pixelated By Lev (PBL) Guestbook
CVE-2006-3616 (Multiple cross-site scripting (XSS) vulnerabilities in Carbonize Lazar ...)
	NOT-FOR-US: Carbonize Lazarus Guestbook
CVE-2006-3615 (Multiple PHP remote file inclusion vulnerabilities in Phorum 5.1.14, w ...)
	NOT-FOR-US: Phorum
CVE-2006-3614 (index.php in Orbitcoders OrbitMATRIX 1.0 allows remote attackers to tr ...)
	NOT-FOR-US: Orbitcoders OrbitMATRIX
CVE-2006-3613 (Multiple cross-site scripting (XSS) vulnerabilities in Chamberland Tec ...)
	NOT-FOR-US: Chamberland Technology ezWaiter
CVE-2006-3612 (Cross-site scripting (XSS) vulnerability in Phorum 5.1.14 allows remot ...)
	NOT-FOR-US: Phorum
CVE-2006-3611 (Directory traversal vulnerability in pm.php in Phorum 5 allows remote  ...)
	NOT-FOR-US: Phorum
CVE-2006-3610 (index.php in Orbitcoders OrbitMATRIX 1.0 allows remote attackers to ob ...)
	NOT-FOR-US: Orbitcoders OrbitMATRIX
CVE-2006-3609 (Cross-site scripting (XSS) vulnerability in index.php in Orbitcoders O ...)
	NOT-FOR-US: Orbitcoders OrbitMATRIX
CVE-2006-3608 (The Gallery module in Simone Vellei Flatnuke 2.5.7 and earlier, when G ...)
	NOT-FOR-US: Simone Vellei Flatnuke
CVE-2006-3607 (Multiple cross-site scripting (XSS) vulnerabilities in Softbiz Banner  ...)
	NOT-FOR-US: Softbiz Banner Exchange Script (aka Banner Exchange Network Script)
CVE-2006-3606 (Unspecified vulnerability in Sun Solaris X Inter Client Exchange libra ...)
	NOTE: Sun Solaris
CVE-2006-3605 (Microsoft Internet Explorer 6 allows remote attackers to cause a denia ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2006-3604 (Directory traversal vulnerability in FlexWATCH Network Camera 3.0 and  ...)
	NOT-FOR-US: FlexWATCH Network Camera
CVE-2006-3603 (Cross-site scripting (XSS) vulnerability in index.php in FlexWATCH Net ...)
	NOT-FOR-US: FlexWATCH Network Camera
CVE-2006-3602 (Directory traversal vulnerability in jscripts/tiny_mce/tiny_mce_gzip.p ...)
	NOTE: this is CVE-2005-4600
	NOT-FOR-US: Farsinews
CVE-2006-3601
	NOT-FOR-US: DotNetNuke
CVE-2006-3600 (Multiple stack-based buffer overflows in the LookupTRM::lookup functio ...)
	{DSA-1135-1}
	- libtunepimp 0.4.2-4 (bug #378091; medium)
CVE-2006-3599 (SQL injection vulnerability in the Nuke Advanced Classifieds module fo ...)
	NOT-FOR-US: Nuke Advanced Classifieds module for PHP-Nuke
CVE-2006-3598 (SQL injection vulnerability in the Sections module for PHP-Nuke allows ...)
	NOT-FOR-US: Sections module for PHP-Nuke
CVE-2006-3597 (passwd before 1:4.0.13 on Ubuntu 6.06 LTS leaves the root password bla ...)
	- shadow <not-affected> (fix for a mistake in the Ubuntu installer)
CVE-2006-3596 (The device driver for Intel-based gigabit network adapters in Cisco In ...)
	NOT-FOR-US: Cisco
CVE-2006-3595 (The default configuration of IOS HTTP server in Cisco Router Web Setup ...)
	NOT-FOR-US: Cisco
CVE-2006-3594 (Buffer overflow in Cisco Unified CallManager (CUCM) 5.0(1) through 5.0 ...)
	NOT-FOR-US: Cisco
CVE-2006-3593 (The command line interface (CLI) in Cisco Unified CallManager (CUCM) 5 ...)
	NOT-FOR-US: Cisco
CVE-2006-3592 (Unspecified vulnerability in the command line interface (CLI) in Cisco ...)
	NOT-FOR-US: Cisco
CVE-2006-3591 (Microsoft Internet Explorer 6 allows remote attackers to cause a denia ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2006-3626 (Race condition in Linux kernel 2.6.17.4 and earlier allows local users ...)
	{DSA-1111}
	- linux-2.6 2.6.17-4 (bug #378324; high)
CVE-2006-XXXX [insufficient form variable escaping]
	- webauth 3.5.2-1
CVE-2006-3590 (mso.dll, as used by Microsoft PowerPoint 2000 through 2003, allows use ...)
	NOT-FOR-US: Microsoft PowerPoint
CVE-2006-3589 (vmware-config.pl in VMware for Linux, ESX Server 2.x, and Infrastructu ...)
	NOT-FOR-US: VMware
CVE-2006-3588 (Unspecified vulnerability in Adobe (Macromedia) Flash Player 8.0.24.0  ...)
	- flashplugin-nonfree 7.0.68.0.1
	[sarge] - flashplugin-nonfree <no-dsa> (Contrib not supported)
CVE-2006-3587 (Unspecified vulnerability in Adobe (Macromedia) Flash Player 8.0.24.0  ...)
	- flashplugin-nonfree 7.0.68.0.1
	[sarge] - flashplugin-nonfree <no-dsa> (Contrib not supported)
CVE-2006-3586 (SQL injection vulnerability in Jetbox CMS 2.1 SR1 allows remote attack ...)
	NOT-FOR-US: Jetbox CMS
CVE-2006-3585 (Multiple cross-site scripting (XSS) vulnerabilities in Jetbox CMS 2.1  ...)
	NOT-FOR-US: Jetbox CMS
CVE-2006-3584 (Dynamic variable evaluation vulnerability in index.php in Jetbox CMS 2 ...)
	NOT-FOR-US: Jetbox CMS
CVE-2006-3583 (Session fixation vulnerability in Jetbox CMS 2.1 SR1 allows remote att ...)
	NOT-FOR-US: Jetbox CMS
CVE-2006-3582 (Multiple heap-based buffer overflows in Audacious AdPlug 2.0 and earli ...)
	- adplug 2.0.1-1 (bug #378279; medium)
CVE-2006-3581 (Multiple stack-based buffer overflows in Audacious AdPlug 2.0 and earl ...)
	- adplug 2.0.1-1 (bug #378279; medium)
CVE-2006-3580 (SQL injection vulnerability in pages.asp in ASP Stats Generator before ...)
	NOT-FOR-US: ASP Stats Generator
CVE-2006-3579 (Cross-site scripting (XSS) vulnerability in Fujitsu ServerView 2.50 up ...)
	NOT-FOR-US: Fujitsu ServerView
CVE-2006-3578 (Directory traversal vulnerability in Fujitsu ServerView 2.50 up to 3.6 ...)
	NOT-FOR-US: Fujitsu ServerView
CVE-2006-3577 (SQL injection vulnerability in index.php in LifeType 1.0.5 allows remo ...)
	NOT-FOR-US: LifeType
CVE-2006-3576 (SQL injection vulnerability in search.php in SenseSites CommonSense CM ...)
	NOT-FOR-US: SenseSites CommonSense
CVE-2006-3575 (Unknown vulnerability in the Buffer Overflow Protection in McAfee Viru ...)
	NOT-FOR-US: McAfee VirusScan Enterprise
CVE-2006-3574 (Multiple cross-site scripting (XSS) vulnerabilities in Hitachi Groupma ...)
	NOT-FOR-US: Hitachi Groupmax Collaboration Portal and Web Client and uCosminexus Collaboration Portal and Forum/File Sharing
CVE-2006-3573 (Format string vulnerability in the WriteText function in agl_text.cpp  ...)
	NOT-FOR-US: Milan Mimica Sparklet
CVE-2006-3572 (SQL injection vulnerability in forumthread.php in Papoo 3 RC3 and earl ...)
	NOT-FOR-US: Papoo
CVE-2006-3571 (Multiple cross-site scripting (XSS) vulnerabilities in interna/hilfe.p ...)
	NOT-FOR-US: Papoo
CVE-2006-3570 (Cross-site scripting (XSS) vulnerability in the webform module in Drup ...)
	- drupal <not-affected> (webform module is not in Debian Drupal 4.5 package)
CVE-2006-3569 (Unspecified vulnerability in NetApp Data ONTAP 7.0x through 7.0.4P8D9, ...)
	NOT-FOR-US: IBM Data ONTAP
CVE-2006-3568 (Multiple cross-site scripting (XSS) vulnerabilities in guestbook.php i ...)
	NOT-FOR-US: Fantastic Guestbook
CVE-2006-3567 (Cross-site scripting (XSS) vulnerability in the web administration int ...)
	NOT-FOR-US: Juniper
CVE-2006-3566 (search.results.php in HiveMail 3.1 and earlier allows remote attackers ...)
	NOT-FOR-US: HiveMail
CVE-2006-3565 (SQL injection vulnerability in search.results.php in HiveMail 1.3 and  ...)
	NOT-FOR-US: HiveMail
CVE-2006-3564 (Multiple cross-site scripting (XSS) vulnerabilities in HiveMail 1.3 an ...)
	NOT-FOR-US: HiveMail
CVE-2006-3563 (Cross-site scripting (XSS) vulnerability in gallery/thumb.php in Winge ...)
	NOT-FOR-US: Winged Gallery
CVE-2006-3562 (PHP remote file inclusion vulnerabilities in plume cms 1.0.4 allow rem ...)
	NOT-FOR-US: Plume CMS
CVE-2006-3561 (BT Voyager 2091 Wireless firmware 2.21.05.08m_A2pB018c1.d16d and earli ...)
	NOT-FOR-US: BT Voyager
CVE-2006-3560 (SQL injection vulnerability in topics.php in Blue Dojo Graffiti Forums ...)
	NOT-FOR-US: Blue Dojo Graffiti Forums
CVE-2006-3559 (Multiple SQL injection vulnerabilities in Arif Supriyanto auraCMS 1.62 ...)
	NOT-FOR-US: auraCMS
CVE-2006-3558 (Multiple cross-site scripting (XSS) vulnerabilities in Arif Supriyanto ...)
	NOT-FOR-US: auraCMS
CVE-2006-3557 (MT Orumcek Toplist 2.2 stores DB/orumcektoplist.mdb under the web root ...)
	NOT-FOR-US: MT Orumcek Toplist
CVE-2006-3556 (PHP remote file inclusion vulnerability in extcalendar.php in Mohamed  ...)
	NOT-FOR-US: Mohamed Moujami ExtCalendar
CVE-2006-3555 (Multiple cross-site scripting (XSS) vulnerabilities in submit.php in P ...)
	NOT-FOR-US: PHP-Fusion
CVE-2006-3554 (Directory traversal vulnerability in index.php in MKPortal 1.0.1 Final ...)
	NOT-FOR-US: MKPortal
CVE-2006-3553 (PlaNet Concept planetNews allows remote attackers to bypass authentica ...)
	NOT-FOR-US: planetNews
CVE-2006-3552 (Premium Anti-Spam in Ipswitch IMail Secure Server 2006 and Collaborati ...)
	NOT-FOR-US: Ipswitch IMail Secure Server 2006 and Collaboration Suite 2006 Premium
CVE-2006-3551 (NCP Secure Enterprise Client (aka VPN/PKI client) 8.30 Build 59, and p ...)
	NOT-FOR-US: NCP VPN/PKI Client (apparently nothing to do with Novell)
CVE-2006-3550 (Multiple cross-site scripting (XSS) vulnerabilities in F5 Networks Fir ...)
	NOT-FOR-US: F5 Netowrks FirePass
CVE-2006-3549 (services/go.php in Horde Application Framework 3.0.0 through 3.0.10 an ...)
	{DSA-1406-1}
	- horde3 3.1.2-1 (bug #378281; low)
CVE-2006-3548 (Multiple cross-site scripting (XSS) vulnerabilities in Horde Applicati ...)
	{DSA-1406-1}
	- horde3 3.1.2-1 (bug #378281; low)
CVE-2006-3547
	NOT-FOR-US: EMC VMware Player
CVE-2006-3546 (Patrice Freydiere ImgSvr (aka ADA Image Server) allows remote attacker ...)
	NOT-FOR-US: Patrice Freydiere ImgSvr
CVE-2006-3545 (** DISPUTED ** Microsoft Internet Explorer 7.0 Beta allows remote atta ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2006-3544
	NOT-FOR-US: Invision Power Board
CVE-2006-3543
	NOT-FOR-US: Invision Power Board
CVE-2006-3542 (Multiple cross-site scripting (XSS) vulnerabilities in Garry Glendown  ...)
	NOT-FOR-US: Garry Glendown Shopping Cart
CVE-2006-3541 (SQL injection vulnerability in Meine Links (aka My Links) in Kyberna k ...)
	NOT-FOR-US: Meine Links (aka My Links) in Kyberna ky2help
CVE-2006-3540 (Check Point Zone Labs ZoneAlarm Internet Security Suite 6.5.722.000, 6 ...)
	NOT-FOR-US: Check Point Zone Labs ZoneAlarm Internet Security Suite
CVE-2006-3539 (Multiple cross-site scripting (XSS) vulnerabilities in DKScript.com Dr ...)
	NOT-FOR-US: DKScript.com Dragon's Kingdom Script
CVE-2006-3538 (Multiple cross-site scripting (XSS) vulnerabilities in demo.php in Bea ...)
	NOT-FOR-US: BeatificFaith Eprayer
CVE-2006-3537 (PHP remote file inclusion vulnerability in index.php in Randshop befor ...)
	NOT-FOR-US: Randshop
CVE-2006-3536 (Direct static code injection vulnerability in code/class_db_text.php i ...)
	NOT-FOR-US: EJ3 TOPo
CVE-2006-3535 (Directory traversal vulnerability in Nullsoft SHOUTcast DSP before 1.9 ...)
	NOT-FOR-US: Nullsoft SHOUTcast DSP
CVE-2006-3534 (Directory traversal vulnerability in Nullsoft SHOUTcast DSP before 1.9 ...)
	NOT-FOR-US: Nullsoft SHOUTcast DSP
CVE-2006-3533 (Multiple cross-site scripting (XSS) vulnerabilities in Pivot 1.30 RC2  ...)
	- pivot <itp> (bug #305786)
CVE-2006-3532 (PHP file inclusion vulnerability in includes/edit_new.php in Pivot 1.3 ...)
	- pivot <itp> (bug #305786)
CVE-2006-3531 (includes/editor/insert_image.php in Pivot 1.30 RC2 and earlier creates ...)
	- pivot <itp> (bug #305786)
CVE-2006-3530 (PHP remote file inclusion vulnerability in com_pccookbook/pccookbook.p ...)
	NOT-FOR-US: PccookBook Component for Mambo and Joomla
CVE-2006-3529 (Memory leak in Juniper JUNOS 6.4 through 8.0, built before May 10, 200 ...)
	NOT-FOR-US: Juniper JUNOS
CVE-2006-3528 (Multiple PHP remote file inclusion vulnerabilities in Simpleboard Mamb ...)
	NOT-FOR-US: Simpleboard Mambo module
CVE-2006-3527 (Multiple PHP remote file inclusion vulnerabilities in BosClassifieds C ...)
	NOT-FOR-US: BosClassifieds Classified Ads
CVE-2006-3526 (Multiple cross-site scripting (XSS) vulnerabilities in guestbook.php i ...)
	NOT-FOR-US: Sport-slo Advanced Guestbook
CVE-2006-3525 (SQL injection vulnerability in category.php in PHCDownload 1.0.0 Final ...)
	NOT-FOR-US: PHCDownload
CVE-2006-3524 (Buffer overflow in SIPfoundry sipXtapi released before 20060324 allows ...)
	NOT-FOR-US: SIPfoundry sipXtapi
CVE-2006-3523 (Clearswift MIMEsweeper for Web before 5.1.15 Hotfix allows remote atta ...)
	NOT-FOR-US: Clearswift MIMEsweeper
CVE-2006-3522 (Cross-site scripting (XSS) vulnerability in Clearswift MIMEsweeper for ...)
	NOT-FOR-US: Clearswift MIMEsweeper
CVE-2006-3521 (Multiple cross-site scripting (XSS) vulnerabilities in index/siteforge ...)
	NOT-FOR-US: SiteForge Collaborative Development Platform
CVE-2006-3520 (PHP remote file inclusion vulnerability in skins/advanced/advanced1.ph ...)
	NOT-FOR-US: Sabdrimer Pro
CVE-2006-3519 (Multiple cross-site scripting (XSS) vulnerabilities in The Banner Engi ...)
	NOT-FOR-US: The Banner Engine
CVE-2006-3518 (SQL injection vulnerability in SayfalaAltList.asp in Webvizyon Portal  ...)
	NOT-FOR-US: Webvizyon Portal
CVE-2006-3517 (PHP remote file inclusion vulnerability in stats.php in RW::Download,  ...)
	NOT-FOR-US: RW::Download
CVE-2006-3516 (Multiple SQL injection vulnerabilities in FreeHost allow remote attack ...)
	NOT-FOR-US: FreeHost
CVE-2006-3515 (SQL injection vulnerability in the loginADP function in ajaxp.php in A ...)
	NOT-FOR-US: AjaxPortal
CVE-2006-3514 (Multiple cross-site scripting (XSS) vulnerabilities in admin/actions.p ...)
	NOT-FOR-US: PHP-Blogger
CVE-2006-3513 (danim.dll in Microsoft Internet Explorer 6 allows remote attackers to  ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2006-3512 (Internet Explorer 6 on Windows XP allows remote attackers to cause a d ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2006-3511 (Internet Explorer 6 on Windows XP SP2 allows remote attackers to cause ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2006-3510 (The Remote Data Service Object (RDS.DataControl) in Microsoft Internet ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2006-3509 (Integer overflow in the API for the AirPort wireless driver on Apple M ...)
	NOT-FOR-US: Apple
CVE-2006-3508 (Heap-based buffer overflow in the AirPort wireless driver on Apple Mac ...)
	NOT-FOR-US: Apple
CVE-2006-3507 (Multiple stack-based buffer overflows in the AirPort wireless driver o ...)
	NOT-FOR-US: Apple
CVE-2006-3506 (Buffer overflow in the Xsan Filesystem driver on Mac OS X 10.4.7 and O ...)
	NOT-FOR-US: Mac OS X
CVE-2006-3505 (WebKit in Apple Mac OS X 10.3.9 and 10.4.7 allows remote attackers to  ...)
	NOT-FOR-US: Apple Mac OS
CVE-2006-3504 (The Download Validation in LaunchServices for Apple Mac OS X 10.4.7 ca ...)
	NOT-FOR-US: Apple Mac OS
CVE-2006-3503 (Integer overflow in ImageIO in Apple Mac OS X 10.4.7 allows user-assis ...)
	NOT-FOR-US: Apple Mac OS
CVE-2006-3502 (Unspecified vulnerability in ImageIO in Apple Mac OS X 10.4.7 allows u ...)
	NOT-FOR-US: Apple Mac OS
CVE-2006-3501 (Integer overflow in ImageIO for Apple Mac OS X 10.4.7 allows user-assi ...)
	NOT-FOR-US: Apple Mac OS
CVE-2006-3500 (The dynamic linker (dyld) in Apple Mac OS X 10.4.7 allows local users  ...)
	NOT-FOR-US: Apple Mac OS
CVE-2006-3499 (The dynamic linker (dyld) in Apple Mac OS X 10.3.9 allows local users  ...)
	NOT-FOR-US: Apple Mac OS
CVE-2006-3498 (Stack-based buffer overflow in bootpd in the DHCP component for Apple  ...)
	NOT-FOR-US: Apple Mac OS
CVE-2006-3497 (Unspecified vulnerability in the "compression state handling" in Bom f ...)
	NOT-FOR-US: Apple Mac OS
CVE-2006-3496 (AFP Server in Apple Mac OS X 10.3.9 and 10.4.7 allows remote attackers ...)
	NOT-FOR-US: Apple Mac OS
CVE-2006-3495 (AFP Server in Apple Mac OS X 10.3.9 and 10.4.7 stores reconnect keys i ...)
	NOT-FOR-US: Apple Mac OS
CVE-2006-3494 (Multiple cross-site scripting (XSS) vulnerabilities in Buddy Zone 1.0. ...)
	NOT-FOR-US: Buddy Zone
CVE-2006-3493 (Buffer overflow in LsCreateLine function (mso_203) in mso.dll and mso9 ...)
	NOT-FOR-US: Microsoft Office
CVE-2006-3492 (The CORBA::ORBInvokeRec::set_answer_invoke function in orb.cc in MICO  ...)
	NOT-FOR-US: MICO
CVE-2006-3491 (Stack-based buffer overflow in Kaillera Server 0.86 and earlier allows ...)
	NOT-FOR-US: Kaillera Server
CVE-2006-3490 (F-Secure Anti-Virus 2003 through 2006 and other versions, Internet Sec ...)
	NOT-FOR-US: F-Secure Anti-Virus
CVE-2006-3489 (F-Secure Anti-Virus 2003 through 2006 and other versions, Internet Sec ...)
	NOT-FOR-US: F-Secure Anti-Virus
CVE-2006-3488 (Absolute path traversal vulnerability in administrador.asp in VirtuaSt ...)
	NOT-FOR-US: VirtuaStore
CVE-2006-3487 (VirtuaStore 2.0 stores sensitive files under the web root with insuffi ...)
	NOT-FOR-US: VirtuaStore
CVE-2006-3485 (Multiple SQL injection vulnerabilities in AstroDog Press Some Chess 1. ...)
	NOT-FOR-US: AstroDog Press Some Chess
CVE-2006-3484 (Multiple cross-site scripting (XSS) vulnerabilities in ATutor before 1 ...)
	NOT-FOR-US: ATutor
CVE-2006-3483 (PHPMailList 1.8.0 stores sensitive information under the web document  ...)
	NOT-FOR-US: PHPMailList
CVE-2006-3482 (Cross-site scripting (XSS) vulnerability in maillist.php in PHPMailLis ...)
	NOT-FOR-US: PHPMailList
CVE-2006-3481 (Multiple SQL injection vulnerabilities in Joomla! before 1.0.10 allow  ...)
	NOT-FOR-US: Joomla!
CVE-2006-3480 (Multiple cross-site scripting (XSS) vulnerabilities in Joomla! before  ...)
	NOT-FOR-US: Joomla!
CVE-2006-3479 (Cross-site request forgery (CSRF) vulnerability in the del_block funct ...)
	NOT-FOR-US: Nuked-Klan
CVE-2006-3478 (PHP remote file inclusion vulnerability in styles/default/global_heade ...)
	NOT-FOR-US: MyPHP CMS
CVE-2006-3477 (Unspecified vulnerability in the POP service in Stalker CommuniGate Pr ...)
	NOT-FOR-US: Stalker CommuniGate Pro
CVE-2006-3476 (Cross-site scripting (XSS) vulnerability in comments.php in PhpWebGall ...)
	NOT-FOR-US: PhpWebGallery
CVE-2006-3475 (Multiple PHP remote file inclusion vulnerabilities in free QBoard 1.1  ...)
	NOT-FOR-US: QBoard
CVE-2006-3474 (Multiple SQL injection vulnerabilities in Belchior Foundry vCard PRO a ...)
	NOT-FOR-US: Belchior Foundry vCard PRO
CVE-2006-3473 (CRLF injection vulnerability in form_mail Drupal Module before 1.8.2.2 ...)
	- drupal <not-affected> (form_mail Module not in debian)
CVE-2006-3472 (Microsoft Internet Explorer 6.0 and 6.0 SP1 allows remote attackers to ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2006-3471 (Microsoft Internet Explorer 6 on Windows XP allows remote attackers to ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2006-3470 (The Dell Openmanage CD launches X11 and SSH daemons that do not requir ...)
	NOT-FOR-US: Dell Openmanage CD
CVE-2006-3469 (Format string vulnerability in time.cc in MySQL Server 4.1 before 4.1. ...)
	{DSA-1112}
	- mysql-dfsg-5.0 5.0.22-1 (bug #375694)
CVE-2006-3468 (Linux kernel 2.6.x, when using both NFS and EXT3, allows remote attack ...)
	{DSA-1184-2}
	- linux-2.6 2.6.17-6
CVE-2006-3467 (Integer overflow in FreeType before 2.2 allows remote attackers to cau ...)
	{DSA-1193-1 DSA-1178-1}
	- freetype 2.2.1-5 (bug #379920; medium)
	- libxfont 1:1.2.0-2 (medium; bug #383353)
CVE-2006-3466
	REJECTED
CVE-2006-3465 (Unspecified vulnerability in the custom tag support for the TIFF libra ...)
	{DSA-1137-1}
	- tiff 3.8.2-6
	- tiff3 <not-affected> (fixed prior to initial upload)
CVE-2006-3464 (TIFF library (libtiff) before 3.8.2 allows context-dependent attackers ...)
	{DSA-1137-1}
	- tiff 3.8.2-6
	- tiff3 <not-affected> (fixed prior to initial upload)
CVE-2006-3463 (The EstimateStripByteCounts function in TIFF library (libtiff) before  ...)
	{DSA-1137-1}
	- tiff 3.8.2-6
	- tiff3 <not-affected> (fixed prior to initial upload)
CVE-2006-3462 (Heap-based buffer overflow in the NeXT RLE decoder in the TIFF library ...)
	{DSA-1137-1}
	- tiff 3.8.2-6
	- tiff3 <not-affected> (fixed prior to initial upload)
CVE-2006-3461 (Heap-based buffer overflow in the PixarLog decoder in the TIFF library ...)
	{DSA-1137-1}
	- tiff 3.8.2-6
	- tiff3 <not-affected> (fixed prior to initial upload)
CVE-2006-3460 (Heap-based buffer overflow in the JPEG decoder in the TIFF library (li ...)
	{DSA-1137-1}
	- tiff 3.8.2-6
	- tiff3 <not-affected> (fixed prior to initial upload)
CVE-2006-3459 (Multiple stack-based buffer overflows in the TIFF library (libtiff) be ...)
	{DSA-1137-1}
	- tiff 3.8.2-6
	- tiff3 <not-affected> (fixed prior to initial upload)
CVE-2006-3486
	- mysql-dfsg-5.0 5.0.22-4 (unimportant; bug #378102)
	[sarge] - mysql-dfsg-4.1 <not-affected> (Vulnerable code not present)
	[sarge] - mysql-dfsg <not-affected> (Vulnerable code not present)
	NOTE: Only DoS possible, only root can trigger this -> non-issue
CVE-2006-3457 (Symantec On-Demand Agent (SODA) before 2.5 MR2 Build 2157, and the Vir ...)
	NOT-FOR-US: Symantec
CVE-2006-3456 (The Symantec NAVOPTS.DLL ActiveX control (aka Symantec.Norton.AntiViru ...)
	NOT-FOR-US: Symantec
CVE-2006-3455 (The SAVRT.SYS device driver, as used in Symantec AntiVirus Corporate E ...)
	NOT-FOR-US: Symantec
CVE-2006-3454 (Multiple format string vulnerabilities in Symantec AntiVirus Corporate ...)
	NOT-FOR-US: Symantec
CVE-2006-3453 (Buffer overflow in Adobe Acrobat 6.0 to 6.0.4 allows remote attackers  ...)
	NOT-FOR-US: Adobe acrobat
CVE-2006-3452 (Adobe Reader and Acrobat 6.0.4 and earlier, on Mac OSX, has insecure f ...)
	NOT-FOR-US: Adobe acrobat
CVE-2006-3451 (Microsoft Internet Explorer 5 SP4 and 6 do not properly garbage collec ...)
	NOT-FOR-US: Microsoft
CVE-2006-3450 (Microsoft Internet Explorer 6 allows remote attackers to execute arbit ...)
	NOT-FOR-US: Microsoft
CVE-2006-3449 (Unspecified vulnerability in Microsoft PowerPoint 2000 through 2003, p ...)
	NOT-FOR-US: Microsoft
CVE-2006-3448 (Buffer overflow in the Step-by-Step Interactive Training in Microsoft  ...)
	NOT-FOR-US: Microsoft
CVE-2006-3447
	REJECTED
CVE-2006-3446
	REJECTED
CVE-2006-3445 (Integer overflow in the ReadWideString function in agentdpv.dll in Mic ...)
	NOT-FOR-US: Microsoft
CVE-2006-3444 (Unspecified vulnerability in the kernel in Microsoft Windows 2000 SP4, ...)
	NOT-FOR-US: Microsoft
CVE-2006-3443 (Untrusted search path vulnerability in Winlogon in Microsoft Windows 2 ...)
	NOT-FOR-US: Microsoft
CVE-2006-3442 (Unspecified vulnerability in Pragmatic General Multicast (PGM) in Micr ...)
	NOT-FOR-US: Microsoft
CVE-2006-3441 (Buffer overflow in the DNS Client service in Microsoft Windows 2000 SP ...)
	NOT-FOR-US: Microsoft
CVE-2006-3440 (Buffer overflow in the Winsock API in Microsoft Windows 2000 SP4, XP S ...)
	NOT-FOR-US: Microsoft
CVE-2006-3439 (Buffer overflow in the Server Service in Microsoft Windows 2000 SP4, X ...)
	NOT-FOR-US: Microsoft
CVE-2006-3438 (Unspecified vulnerability in Microsoft Hyperlink Object Library (hlink ...)
	NOT-FOR-US: Microsoft
CVE-2006-3437
	REJECTED
CVE-2006-3436 (Cross-site scripting (XSS) vulnerability in Microsoft .NET Framework 2 ...)
	NOT-FOR-US: Microsoft
CVE-2006-3435 (PowerPoint in Microsoft Office 2000, XP, 2003, 2004 for Mac, and v.X f ...)
	NOT-FOR-US: Microsoft
CVE-2006-3434 (Unspecified vulnerability in Microsoft Office 2000, XP, 2003, 2004 for ...)
	NOT-FOR-US: Microsoft
CVE-2006-3433
	REJECTED
CVE-2006-3432
	REJECTED
CVE-2006-3431 (Buffer overflow in certain Asian language versions of Microsoft Excel  ...)
	NOT-FOR-US: Microsoft Excel
CVE-2006-3430 (SQL injection vulnerability in checkprofile.asp in (1) PatchLink Updat ...)
	NOT-FOR-US: Novell PatchLink Update Server
CVE-2006-3429 (Cross-site scripting (XSS) vulnerability in TigerTom TTCalc 1.0 allows ...)
	NOT-FOR-US: TTCalc
CVE-2006-3428 (Cross-site scripting (XSS) vulnerability in TigerTom TTCalc 1.0 allows ...)
	NOT-FOR-US: TTCalc
CVE-2006-3427 (Microsoft Internet Explorer 6 allows remote attackers to cause a denia ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2006-3426 (Directory traversal vulnerability in (a) PatchLink Update Server (PLUS ...)
	NOT-FOR-US: Novell PatchLink Update Server
CVE-2006-3425 (FastPatch for (a) PatchLink Update Server (PLUS) before 6.1 P1 and 6.2 ...)
	NOT-FOR-US: Novell PatchLink Update Server
CVE-2006-3424 (Multiple buffer overflows in WebEx Downloader ActiveX Control, possibl ...)
	NOT-FOR-US: WebEx Downloader ActiveX Control
CVE-2006-3423 (WebEx Downloader ActiveX Control and WebEx Downloader Java before 2.1. ...)
	NOT-FOR-US: WebEx Downloader ActiveX Control
CVE-2006-3422 (PHP remote file inclusion vulnerability in WonderEdit Pro CMS allows r ...)
	NOT-FOR-US: WonderEdit Pro CMS
CVE-2006-3421 (PHP remote file inclusion vulnerability in SmartSiteCMS 1.0 and earlie ...)
	NOT-FOR-US: SmartSiteCMS
CVE-2006-3420 (Cross-site request forgery (CSRF) vulnerability in editpost.php in MyB ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2006-3419 (Tor before 0.1.1.20 uses OpenSSL pseudo-random bytes (RAND_pseudo_byte ...)
	- tor 0.1.1.20-1
CVE-2006-3418 (Tor before 0.1.1.20 does not validate that a server descriptor's finge ...)
	- tor 0.1.1.20-1
CVE-2006-3417 (Tor client before 0.1.1.20 prefers entry points based on is_fast or is ...)
	- tor 0.1.1.20-1
CVE-2006-3416
	- tor 0.1.1.20-1
CVE-2006-3415 (Tor before 0.1.1.20 uses improper logic to validate the "OR" destinati ...)
	- tor 0.1.1.20-1
CVE-2006-3414 (Tor before 0.1.1.20 supports server descriptors that contain hostnames ...)
	- tor 0.1.1.20-1
CVE-2006-3413 (The privoxy configuration file in Tor before 0.1.1.20, when run on App ...)
	- tor 0.1.1.20-1
CVE-2006-3412 (Tor before 0.1.1.20 does not sufficiently obey certain firewall option ...)
	- tor 0.1.1.20-1
CVE-2006-3411 (TLS handshakes in Tor before 0.1.1.20 generate public-private keys bas ...)
	- tor 0.1.1.20-1
CVE-2006-3410 (Tor before 0.1.1.20 creates "internal circuits" primarily consisting o ...)
	- tor 0.1.1.20-1
CVE-2006-3409 (Integer overflow in Tor before 0.1.1.20 allows remote attackers to exe ...)
	- tor 0.1.1.20-1
CVE-2006-3408 (Unspecified vulnerability in the directory server (dirserver) in Tor b ...)
	- tor 0.1.1.20-1
CVE-2006-3407 (Tor before 0.1.1.20 allows remote attackers to spoof log entries or po ...)
	- tor 0.1.1.20-1
CVE-2006-3406 (Directory traversal vulnerability in qtofm.php in QTOFileManager 1.0 a ...)
	NOT-FOR-US: QTOFileManager
CVE-2006-3405 (Cross-site scripting (XSS) vulnerability in qtofm.php in QTOFileManage ...)
	NOT-FOR-US: QTOFileManager
CVE-2006-3403 (The smdb daemon (smbd/service.c) in Samba 3.0.1 through 3.0.22 allows  ...)
	{DSA-1110}
	- samba 3.0.23a-1 (bug #378070)
CVE-2006-3402 (SQL injection vulnerability in VirtuaStore 2.0 allows remote attackers ...)
	NOT-FOR-US: VirtuaStore
CVE-2006-3401 (Stack-based buffer overflow in Quake 3 Engine as used by Quake 3: Aren ...)
	NOT-FOR-US: Quake 3
CVE-2006-3400 (Stack-based buffer overflow in the CG_ServerCommand function in Quake  ...)
	NOT-FOR-US: Soldier of Fortune 2
CVE-2006-3399 (Cross-site scripting (XSS) vulnerability in wiki.php in MoniWiki befor ...)
	NOT-FOR-US: MoniWiki
CVE-2006-3398 (The "change password forms" in Taskjitsu before 2.0.1 includes passwor ...)
	NOT-FOR-US: Taskjitsu
CVE-2006-3397 (Multiple cross-site scripting (XSS) vulnerabilities in Taskjitsu befor ...)
	NOT-FOR-US: Taskjitsu
CVE-2006-3396 (PHP remote file inclusion vulnerability in galleria.html.php in Galler ...)
	NOT-FOR-US: Galleria Mambo Module
CVE-2006-3395 (PHP remote file inclusion vulnerability in top.php in SiteBuilder-FX 3 ...)
	NOT-FOR-US: SiteBuilder-FX
CVE-2006-3394 (SQL injection vulnerability in the files mod in index.php in BXCP 0.3. ...)
	NOT-FOR-US: BXCP
CVE-2006-3393 (Papyrus NASCAR Racing 4 4.1.3.1.6 and earlier, 2002 Season 1.1.0.2 and ...)
	NOT-FOR-US: Papyrus NASCAR Racing
CVE-2006-3392 (Webmin before 1.290 and Usermin before 1.220 calls the simplify_path f ...)
	{DSA-1199-1}
	- webmin <removed> (medium; bug #381537)
CVE-2006-3391 (The Execute function in iMBCContents ActiveX Control before 2.0.0.59 a ...)
	NOT-FOR-US: iMBCContents
CVE-2006-3390 (WordPress 2.0.3 allows remote attackers to obtain the installation pat ...)
	- wordpress 2.0.4-1 (unimportant)
	NOTE: http://wordpress.org/news/2006/07/wordpress-204/
CVE-2006-3389 (index.php in WordPress 2.0.3 allows remote attackers to obtain sensiti ...)
	- wordpress 2.0.4-1 (unimportant)
	NOTE: http://wordpress.org/news/2006/07/wordpress-204/
CVE-2006-3388 (Cross-site scripting (XSS) vulnerability in phpMyAdmin before 2.8.2 al ...)
	- phpmyadmin 4:2.8.2-0.1 (bug #377748; low)
	[sarge] - phpmyadmin <not-affected> (Vulnerable code not present)
	NOTE: https://www.phpmyadmin.net/security/PMASA-2006-4/
	NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/6d6f47bdb2c7f5519dcc6497a6ebf9ebc305e6de
CVE-2006-3387 (Directory traversal vulnerability in sources/post.php in Fusion News 1 ...)
	NOT-FOR-US: Fusion News
CVE-2006-3386 (index.php in Vincent Leclercq News 5.2 allows remote attackers to obta ...)
	NOT-FOR-US: Vincent Leclercq News
CVE-2006-3385 (Cross-site scripting (XSS) vulnerability in divers.php in Vincent Lecl ...)
	NOT-FOR-US: Vincent Leclercq News
CVE-2006-3384 (SQL injection vulnerability in divers.php in Vincent Leclercq News 5.2 ...)
	NOT-FOR-US: Vincent Leclercq News
CVE-2006-3383 (Cross-site scripting (XSS) vulnerability in index.php in mAds 1.0 allo ...)
	NOT-FOR-US: mAds
CVE-2006-3382 (Cross-site scripting (XSS) vulnerability in search.php in mAds 1.0 all ...)
	NOT-FOR-US: mAds
CVE-2006-3381 (SturGeoN Upload allows remote attackers to execute arbitrary PHP code  ...)
	NOT-FOR-US: SturGeoN
CVE-2006-3380 (Algorithmic complexity vulnerability in FreeStyle Wiki before 3.6.2 al ...)
	NOT-FOR-US: FreeStyle Wiki
CVE-2006-3379 (Algorithmic complexity vulnerability in Hiki Wiki 0.6.0 through 0.6.5  ...)
	{DSA-1119}
	- hiki 0.8.6-1 (bug #378059; low)
CVE-2006-3378 (passwd command in shadow in Ubuntu 5.04 through 6.06 LTS, when called  ...)
	{DSA-1150-1}
	- shadow 1:4.0.14-1 (bug #379174)
CVE-2006-3377 (Cross-site scripting (XSS) vulnerability in JMB Software AutoRank PHP  ...)
	NOT-FOR-US: JMB Software AutoRank PHP
CVE-2006-3376 (Integer overflow in player.c in libwmf 0.2.8.4, as used in multiple pr ...)
	{DSA-1194-1}
	- libwmf 0.2.8.4-2 (bug #381538; medium)
CVE-2006-3375 (PHP remote file inclusion vulnerability in includes/header.inc.php in  ...)
	NOT-FOR-US: Randshop
CVE-2006-3374 (PHP remote file inclusion vulnerability in index.php in Randshop 1.2 a ...)
	NOT-FOR-US: Randshop
CVE-2006-3373 (Unspecified vulnerability in the client/bin/logfetch script in Hobbit  ...)
	NOT-FOR-US: Hobbit
CVE-2006-3372 (Apple Safari 2.0.4/419.3 allows remote attackers to cause a denial of  ...)
	NOT-FOR-US: Apple Safari
CVE-2006-3371 (Eupla Foros 1.0 stores the inc/config.inc file under the web document  ...)
	NOT-FOR-US: Eupla Foros
CVE-2006-3370 (Blueboy 1.0.3 stores bb_news_config.inc under the web document root wi ...)
	NOT-FOR-US: Blueboy
CVE-2006-3369 (Kamikaze-QSCM 0.1 stores config.inc under the web document root with i ...)
	NOT-FOR-US: Kamikaze-QSCM
CVE-2006-3368 (Efone 20000723 stores config.inc under the web document root with insu ...)
	NOT-FOR-US: Efone
CVE-2006-3367 (Mp3 JudeBox Server (Mp3NetBox) Beta 1 stores config.inc under the web  ...)
	NOT-FOR-US: Mp3NetBox
CVE-2006-3366 (Multiple cross-site scripting (XSS) vulnerabilities in V3 Chat allow r ...)
	NOT-FOR-US: V3 Chat
CVE-2006-3365 (V3 Chat allows remote attackers to obtain the installation path via (1 ...)
	NOT-FOR-US: V3 Chat
CVE-2006-3364 (SQL injection vulnerability in index.php in the NP_SEO plugin in BLOG: ...)
	NOT-FOR-US: BLOG:CMS
CVE-2006-3363 (PHP remote file inclusion vulnerability in index.php in the Glossaire  ...)
	NOT-FOR-US: Glossaire for Xoops
CVE-2006-3362 (Unrestricted file upload vulnerability in connectors/php/connector.php ...)
	- knowledgeroot <not-affected> (fixed before first upload; see bug #381912)
CVE-2006-3361 (PHP remote file inclusion vulnerability in Stud.IP 1.3.0-2 and earlier ...)
	NOT-FOR-US: Stud.IP
CVE-2006-3360 (Directory traversal vulnerability in index.php in phpSysInfo 2.5.1 all ...)
	- phpsysinfo <unfixed> (unimportant)
	- egroupware <unfixed> (unimportant)
	- phpgroupware <unfixed> (unimportant)
	NOTE: Only the existence of files inside the WWW root is leaked. If this is
	NOTE: a threat to your setup you most probably shouldn't install a script which
	NOTE: exposes all your system data, either.
CVE-2006-3359 (Multiple SQL injection vulnerabilities in index.php in NewsPHP 2006 PR ...)
	NOT-FOR-US: NewsPHP
CVE-2006-3358 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in Ne ...)
	NOT-FOR-US: NewsPHP
CVE-2006-3357 (Heap-based buffer overflow in HTML Help ActiveX control (hhctrl.ocx) i ...)
	NOT-FOR-US: HTML Help ActiveX control
CVE-2006-3356 (The TIFFFetchAnyArray function in ImageIO in Apple OS X 10.4.7 and ear ...)
	NOT-FOR-US: Apple
CVE-2006-3355 (Heap-based buffer overflow in httpdget.c in mpg123 before 0.59s-rll al ...)
	- mpg123 0.60-1 (bug #377264; medium)
	[sarge] - mpg123 <no-dsa> (Non-free not supported)
CVE-2006-3354 (Microsoft Internet Explorer 6 allows remote attackers to cause a denia ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2006-3353 (Opera 9 allows remote attackers to cause a denial of service (crash) v ...)
	NOT-FOR-US: Opera
CVE-2006-3352
	NOTE: firefox, but invalid
CVE-2006-3351 (Buffer overflow in Windows Explorer (explorer.exe) on Windows XP and 2 ...)
	NOT-FOR-US: Windows Explorer
CVE-2006-3695 (Trac before 0.9.6 does not disable the "raw" or "include" commands whe ...)
	{DSA-1152}
	- trac 0.9.6-1 (medium)
	[sarge] - trac 0.8.1-3sarge5
CVE-2006-3458 (Zope 2.7.0 to 2.7.8, 2.8.0 to 2.8.7, and 2.9.0 to 2.9.3 (Zope2) does n ...)
	{DSA-1113}
	- zope2.7 <removed> (bug #377285; medium)
	- zope2.8 2.8.7-2 (bug #377277; medium)
	- zope2.9 2.9.3-3 (bug #377286; medium)
CVE-2006-3404 (Buffer overflow in the xcf_load_vector function in app/xcf/xcf-load.c  ...)
	{DSA-1116}
	- gimp 2.2.11-3.1 (bug #377049; medium)
CVE-2006-3350 (Stack-based buffer overflow in AutoVue SolidModel Professional Desktop ...)
	NOT-FOR-US: AutoVue SolidModel Professional Desktop
CVE-2006-3349 (Multiple SQL injection vulnerabilities in SmS Script allow remote atta ...)
	NOT-FOR-US: SmS Script
CVE-2006-3348 (Multiple SQL injection vulnerabilities in HSPcomplete 3.2.2 and 3.3 Be ...)
	NOT-FOR-US: HSPcomplete
CVE-2006-3347 (SQL injection vulnerability in index.php in deV!Lz Clanportal DZCP 1.3 ...)
	NOT-FOR-US: deV!Lz Clanportal DZCP
CVE-2006-3346 (SQL injection vulnerability in tree.php in MyNewsGroups 0.6 allows rem ...)
	NOT-FOR-US: MyNewsGroups
CVE-2006-3345 (Cross-site scripting (XSS) vulnerability in AliPAGER, possibly 1.5 and ...)
	NOT-FOR-US: AliPAGER
CVE-2006-3344 (Siemens Speedstream Wireless Router 2624 allows local users to bypass  ...)
	NOT-FOR-US: Siemens Speedstream Wireless Router
CVE-2006-3343 (PHP remote file inclusion vulnerability in recipe/cookbook.php in Cris ...)
	NOT-FOR-US: CrisoftRicette
CVE-2006-3342 (Cross-site scripting (XSS) vulnerability in index.php in Arctic 1.0.2  ...)
	NOT-FOR-US: Arctic
CVE-2006-3341 (SQL injection vulnerability in annonces-p-f.php in MyAds module 2.04jp ...)
	NOT-FOR-US: MyAds module for Xoops
CVE-2006-3340 (Multiple PHP remote file inclusion vulnerabilities in Pearl For Mambo  ...)
	NOT-FOR-US: Pearl For Mambo
CVE-2006-3339 (secure/ConfigureReleaseNote.jspa in Atlassian JIRA 3.6.2-#156 allows r ...)
	NOT-FOR-US: Atlassian
CVE-2006-3338 (Cross-site scripting (XSS) vulnerability in Atlassian JIRA 3.6.2-#156  ...)
	NOT-FOR-US: Atlassian
CVE-2006-3337 (Cross-site scripting (XSS) vulnerability in frontend/x/files/select.ht ...)
	NOT-FOR-US: cPanel (not the Chinese language tool in Debian)
CVE-2006-3336 (TWiki 01-Dec-2000 up to 4.0.3 allows remote attackers to bypass the up ...)
	- twiki 1:4.0.4-3 (low; bug #381907)
	NOTE: only in some server configurations
CVE-2006-3335 (Unspecified vulnerability in mkdir in HP-UX B.11.00, B.11.04, B.11.11, ...)
	NOT-FOR-US: HP-UX
CVE-2006-3334 (Buffer overflow in the png_decompress_chunk function in pngrutil.c in  ...)
	- libpng 1.2.8rel-5.2 (bug #377298; bug #397892; unimportant)
	NOTE: A static 50 char array consumes 13 machine words on 32bit archs, so the overflow
	NOTE: cannot overwrite other memory sections
CVE-2006-3333 (Cross-site scripting (XSS) vulnerability in index.php in Zorum Forum 3 ...)
	NOT-FOR-US: Zorum Forum
CVE-2006-3332 (SQL injection vulnerability in index.php in Zorum Forum 3.5 allows rem ...)
	NOT-FOR-US: Zorum Forum
CVE-2006-3331 (Opera before 9.0 does not reset the SSL security bar after displaying  ...)
	NOT-FOR-US: Opera
CVE-2006-3330 (Cross-site scripting (XSS) vulnerability in AddAsset1.php in PHP/MySQL ...)
	NOT-FOR-US: PHP/MySQL Classifieds
CVE-2006-3329 (SQL injection vulnerability in search.php in PHP/MySQL Classifieds (PH ...)
	NOT-FOR-US: PHP/MySQL Classifieds
CVE-2006-3328 (new_ticket.cgi in Hostflow 2.2.1-15 allows remote attackers to steal a ...)
	NOT-FOR-US: Hostflow
CVE-2006-3327 (Cross-site scripting (XSS) vulnerability in Custom dating biz dating s ...)
	NOT-FOR-US: Custom dating biz dating script
CVE-2006-3326 (Directory traversal vulnerability in QuickZip 3.06.3 allows remote use ...)
	NOT-FOR-US: QuickZip
CVE-2006-3325 (client/cl_parse.c in the id3 Quake 3 Engine 1.32c and the Icculus Quak ...)
	- ioquake3 1.36+svn1788j-1
	- tremulous 1.1.0-6 (bug #660834)
	[squeeze] - tremulous 1.1.0-7~squeeze1
CVE-2006-3324 (The Automatic Downloading option in the id3 Quake 3 Engine and the Icc ...)
	- ioquake3 1.36+svn1788j-1
	- tremulous 1.1.0-6 (bug #660832)
	[squeeze] - tremulous 1.1.0-7~squeeze1
CVE-2006-3323 (PHP remote file inclusion vulnerability in admin/admin.php in MF Piada ...)
	NOT-FOR-US: MF Piadas
CVE-2006-3322 (SQL injection vulnerability in includes/functions_logging.php in phpRa ...)
	NOT-FOR-US: phpRaid
CVE-2006-3321 (Multiple cross-site scripting (XSS) vulnerabilities in openforum.asp i ...)
	NOT-FOR-US: OpenForum
CVE-2006-3320 (Cross-site scripting (XSS) vulnerability in command.php in SiteBar 3.3 ...)
	{DSA-1130-1}
	- sitebar 3.3.8-1.1 (bug #377299; low)
CVE-2006-3319 (Cross-site scripting (XSS) vulnerability in rss/index.php in PHP iCale ...)
	NOT-FOR-US: PHP iCalendar
CVE-2006-3318 (SQL injection vulnerability in register.php for phpRaid 3.0.6 and poss ...)
	NOT-FOR-US: phpRaid
CVE-2006-3317 (PHP remote file inclusion vulnerability in phpRaid 3.0.6 allows remote ...)
	NOT-FOR-US: phpRaid
CVE-2006-3316 (Multiple PHP remote file inclusion vulnerabilities in phpRaid 3.0.5 al ...)
	NOT-FOR-US: phpRaid
CVE-2006-3315 (PHP remote file inclusion vulnerability in page.php in an unspecified  ...)
	NOT-FOR-US: "unspecified RahnemaCo.com product, possibly eShop"
CVE-2006-3314 (PHP remote file inclusion vulnerability in page.php in an unspecified  ...)
	NOT-FOR-US: "unspecified RahnemaCo.com product, possibly eShop"
CVE-2006-3313 (Cross-site scripting (XSS) vulnerability in search.jsp in Netsoft smar ...)
	NOT-FOR-US: Netsoft smartNet
CVE-2006-3312 (Multiple cross-site scripting (XSS) vulnerabilities in ashmans and Bil ...)
	NOT-FOR-US: QaTraq
CVE-2006-3311 (Buffer overflow in Adobe Flash Player 8.0.24.0 and earlier, Flash Prof ...)
	- flashplugin-nonfree 7.0.68.0.1
	[sarge] - flashplugin-nonfree <no-dsa> (Contrib not supported)
CVE-2006-3310
	RESERVED
CVE-2006-3309 (SQL injection vulnerability in SPT--ForumTopics.php in Scout Portal To ...)
	NOT-FOR-US: Scout Portal
CVE-2006-3308 (Unspecified vulnerability in the wpprop code for Project EROS bbsengin ...)
	NOT-FOR-US: bbsengine
CVE-2006-3307 (Multiple SQL injection vulnerabilities in Project EROS bbsengine befor ...)
	NOT-FOR-US: bbsengine
CVE-2006-3306 (Cross-site scripting (XSS) vulnerability in the preparestring function ...)
	NOT-FOR-US: bbsengine
CVE-2006-3305 (Multiple cross-site scripting (XSS) vulnerabilities in UebiMiau Webmai ...)
	NOT-FOR-US: UebiMiau
CVE-2006-3304 (SQL injection vulnerability in cp.php in DeluxeBB 1.07 and earlier all ...)
	NOT-FOR-US: DeluxeBB
CVE-2006-3303 (Multiple cross-site scripting (XSS) vulnerabilities in pm.php in Delux ...)
	NOT-FOR-US: DeluxeBB
CVE-2006-3302 (PHP remote file inclusion vulnerability in mod_cbsms.php in CBSMS Mamb ...)
	NOT-FOR-US: CBSMS Mambo module
CVE-2006-3301 (Multiple cross-site scripting (XSS) vulnerabilities in phpQLAdmin 2.2. ...)
	- phpqladmin <removed> (bug #376442; low)
CVE-2006-3300 (PHP remote file inclusion vulnerability in sms_config/gateway.php in P ...)
	NOT-FOR-US: phpmysms
CVE-2006-3299 (Cross-site scripting (XSS) vulnerability in index.php in Usenet Script ...)
	NOT-FOR-US: Usenet Script
CVE-2006-3298 (Yahoo! Messenger 7.5.0.814 and 7.0.438 allows remote attackers to caus ...)
	NOT-FOR-US: Offical Yahoo! Messenger client
CVE-2006-3297 (Cross-site scripting (XSS) vulnerability in error.php in UebiMiau Webm ...)
	NOT-FOR-US: UebiMiau
CVE-2006-3296 (SQL injection vulnerability in view.php in Open Guestbook 0.5 allows r ...)
	NOT-FOR-US: Open Guestbook
CVE-2006-3295 (Cross-site scripting (XSS) vulnerability in header.php in Open Guestbo ...)
	NOT-FOR-US: Open Guestbook
CVE-2006-3294 (PHP remote file inclusion vulnerability in mod_cbsms_messages.php in C ...)
	NOT-FOR-US: CBSMS Mambo module
CVE-2006-3293 (parse_notice (TiCPU) in EnergyMech (emech) before 3.0.2 allows remote  ...)
	NOT-FOR-US: EnergyMech
CVE-2006-3292 (SQL injection vulnerability in the Search gadget in Jaws 0.6.2 allows  ...)
	NOT-FOR-US: Jaws
CVE-2006-3291 (The web interface on Cisco IOS 12.3(8)JA and 12.3(8)JA1, as used on th ...)
	NOT-FOR-US: Cisco
CVE-2006-3290 (HTTP server in Cisco Wireless Control System (WCS) for Linux and Windo ...)
	NOT-FOR-US: Cisco
CVE-2006-3289 (Cross-site scripting (XSS) vulnerability in the login page of the HTTP ...)
	NOT-FOR-US: Cisco
CVE-2006-3288 (Unspecified vulnerability in the TFTP server in Cisco Wireless Control ...)
	NOT-FOR-US: Cisco
CVE-2006-3287 (Cisco Wireless Control System (WCS) for Linux and Windows 4.0(1) and e ...)
	NOT-FOR-US: Cisco
CVE-2006-3286 (The internal database in Cisco Wireless Control System (WCS) for Linux ...)
	NOT-FOR-US: Cisco
CVE-2006-3285 (The internal database in Cisco Wireless Control System (WCS) for Linux ...)
	NOT-FOR-US: Cisco
CVE-2006-3284 (Cross-site scripting (XSS) vulnerability in Dating Agent PRO 4.7.1 all ...)
	NOT-FOR-US: Dating Agent PRO
CVE-2006-3283 (SQL injection vulnerability in Dating Agent PRO 4.7.1 allows remote at ...)
	NOT-FOR-US: Dating Agent PRO
CVE-2006-3282 (requirements.php in Dating Agent PRO 4.7.1 allows remote attackers to  ...)
	NOT-FOR-US: Dating Agent PRO
CVE-2006-3281 (Microsoft Internet Explorer 6.0 does not properly handle Drag and Drop ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2006-3280 (Cross-domain vulnerability in Microsoft Internet Explorer 6.0 allows r ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2006-3279 (Cross-site scripting (XSS) vulnerability in aeDating 4.1 allows remote ...)
	NOT-FOR-US: aeDating
CVE-2006-3278 (Cross-site scripting (XSS) vulnerability in H-Sphere 2.5.1 Beta 1 and  ...)
	NOT-FOR-US: H-Sphere
CVE-2006-3277 (The SMTP service of MailEnable Standard 1.92 and earlier, Professional ...)
	NOT-FOR-US: MailEnable
CVE-2006-3276 (Heap-based buffer overflow in RealNetworks Helix DNA Server 10.0 and 1 ...)
	NOT-FOR-US: Helix DNA Server
CVE-2006-3275 (SQL injection vulnerability in profile.php in YaBB SE 1.5.5 and earlie ...)
	NOT-FOR-US: YaBB
CVE-2006-3274 (Directory traversal vulnerability in Webmin before 1.280, when run on  ...)
	- webmin <not-affected> (only windows)
CVE-2006-3273 (Cross-site scripting (XSS) vulnerability in menu.php in Some Chess 1.5 ...)
	NOT-FOR-US: Some Chess
CVE-2006-3272 (Cross-site request forgery (CSRF) vulnerability in menu.php in Some Ch ...)
	NOT-FOR-US: Some Chess
CVE-2006-3271 (Multiple SQL injection vulnerabilities in Softbiz Dating 1.0 allow rem ...)
	NOT-FOR-US: Softbiz Dating
CVE-2006-3270 (SQL injection vulnerability in cms_admin.php in THoRCMS 1.3.1 allows r ...)
	NOT-FOR-US: THoRCMS
CVE-2006-3269 (PHP remote file inclusion vulnerability in includes/functions_cms.php  ...)
	NOT-FOR-US: THoRCMS
CVE-2006-3268 (Unspecified vulnerability in the Windows Client API in Novell GroupWis ...)
	NOT-FOR-US: Novell GroupWise
CVE-2006-3267 (SQL injection vulnerability in index.php in Infinite Core Technologies ...)
	NOT-FOR-US: Infinite Core Technologies
CVE-2006-3266 (Multiple PHP remote file inclusion vulnerabilities in Bee-hive Lite 1. ...)
	NOT-FOR-US: Bee-hive
CVE-2006-3265 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in Qd ...)
	NOT-FOR-US: Qdig
CVE-2006-3264 (Cross-site scripting (XSS) vulnerability in mclient.cgi in Namo DeepSe ...)
	NOT-FOR-US: Namo DeepSearch
CVE-2006-3263 (SQL injection vulnerability in the Weblinks module (weblinks.php) in M ...)
	- mambo 4.5.3h-2 (medium)
CVE-2006-3262 (SQL injection vulnerability in the Weblinks module (weblinks.php) in M ...)
	- mambo 4.5.3h-2 (medium)
CVE-2006-3261 (Cross-site scripting (XSS) vulnerability in Trend Micro Control Manage ...)
	NOT-FOR-US: Trend Micro Control Manager
CVE-2006-3260 (Cross-site scripting (XSS) vulnerability in index.php in vlbook 1.02 a ...)
	NOT-FOR-US: vlbook
CVE-2006-3259 (Multiple cross-site scripting (XSS) vulnerabilities in e107 0.7.5 allo ...)
	NOT-FOR-US: e107
CVE-2006-3258 (Multiple cross-site scripting (XSS) vulnerabilities in index.html in B ...)
	NOT-FOR-US: BNBT TrinEdit and EasyTracker
CVE-2006-3257 (Multiple cross-site scripting (XSS) vulnerabilities in Claroline 1.7.7 ...)
	NOT-FOR-US: Claroline
CVE-2006-3256 (SQL injection vulnerability in report.php in Woltlab Burning Board (WB ...)
	NOT-FOR-US: Woltlab Burning Board
CVE-2006-3255 (SQL injection vulnerability in showmods.php in Woltlab Burning Board ( ...)
	NOT-FOR-US: Woltlab Burning Board
CVE-2006-3254 (SQL injection vulnerability in newthread.php in Woltlab Burning Board  ...)
	NOT-FOR-US: Woltlab Burning Board
CVE-2006-3253
	NOT-FOR-US: vBulletin
CVE-2006-3252 (Buffer overflow in the Online Registration Facility for Algorithmic Re ...)
	NOT-FOR-US: Algorithmic Research PrivateWire VPN
CVE-2006-3251 (Heap-based buffer overflow in the array_push function in hashcash.c fo ...)
	{DSA-1114}
	- hashcash 1.21 (bug #376444)
CVE-2006-3250 (Heap-based buffer overflow in Windows Live Messenger 8.0 allows user-a ...)
	NOT-FOR-US: Windows Live Messenger
CVE-2006-3249
	NOT-FOR-US: Phorum
CVE-2006-3248
	REJECTED
CVE-2006-3247 (Multiple cross-site scripting (XSS) vulnerabilities in show.php in GL- ...)
	NOT-FOR-US: GL-SH Deaf Forum
CVE-2006-3246 (Cross-site scripting (XSS) vulnerability in show.php in GL-SH Deaf For ...)
	NOT-FOR-US: GL-SH Deaf Forum
CVE-2006-3245 (Multiple cross-site scripting (XSS) vulnerabilities in activatemember  ...)
	NOT-FOR-US: mvnForum
CVE-2006-3244 (Multiple SQL injection vulnerabilities in Anthill 0.2.6 and earlier al ...)
	NOT-FOR-US: Anthill
CVE-2006-3243 (SQL injection vulnerability in usercp.php in MyBB (MyBulletinBoard) 1. ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2006-3242 (Stack-based buffer overflow in the browse_get_namespace function in im ...)
	{DSA-1108}
	- mutt 1.5.11+cvs20060403-2 (low; bug #375828)
CVE-2006-3241 (Cross-site scripting (XSS) vulnerability in messages.php in XennoBB 1. ...)
	NOT-FOR-US: XennoBB
CVE-2006-3240 (Cross-site scripting (XSS) vulnerability in classes/ui.class.php in do ...)
	NOT-FOR-US: dotProject
CVE-2006-3239 (SQL injection vulnerability in message.php in VBZooM 1.11 and earlier  ...)
	NOT-FOR-US: VBZooM
CVE-2006-3238 (Multiple SQL injection vulnerabilities in VBZooM 1.00 and earlier allo ...)
	NOT-FOR-US: VBZooM
CVE-2006-3237 (Cross-site scripting (XSS) vulnerability in index.php in Enterprise Gr ...)
	NOT-FOR-US: Enterprise Groupware System
CVE-2006-3236 (Multiple SQL injection vulnerabilities in thinkWMS 1.0 and earlier all ...)
	NOT-FOR-US: thinkWMS
CVE-2006-3235 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in Fi ...)
	NOT-FOR-US: FineShop
CVE-2006-3234 (Multiple SQL injection vulnerabilities in index.php in FineShop 3.0 an ...)
	NOT-FOR-US: FineShop
CVE-2006-3233 (Cross-site scripting (XSS) vulnerability in openwebmail-read.pl in Ope ...)
	NOT-FOR-US: OpenWebMail
CVE-2006-3232 (Unspecified vulnerability in IBM WebSphere Application Server before 6 ...)
	NOT-FOR-US: IBM WebSphere
CVE-2006-3231 (Unspecified vulnerability in IBM WebSphere Application Server (WAS) be ...)
	NOT-FOR-US: IBM WebSphere
CVE-2006-3230 (Cross-site scripting (XSS) vulnerability in index.tmpl in Azureus Trac ...)
	NOT-FOR-US: Azureus plugin that isn't distributed by default
CVE-2006-3229 (Cross-site scripting (XSS) vulnerability in Open WebMail (OWM) 2.52, a ...)
	NOT-FOR-US: OpenWebMail
CVE-2006-3228 (Buffer overflow in in_midi.dll for WinAmp 2.90 up to 5.23, including 5 ...)
	NOT-FOR-US: WinAmp
CVE-2006-3227 (Interpretation conflict between Internet Explorer and other web browse ...)
	NOT-FOR-US: Internet Explorer
CVE-2006-3226 (Cisco Secure Access Control Server (ACS) 4.x for Windows uses the clie ...)
	NOT-FOR-US: Cisco
CVE-2006-3225 (Cross-site scripting (XSS) vulnerability in Sun ONE Application Server ...)
	NOT-FOR-US: Sun ONE Application Server
CVE-2006-3224 (Apple Safari 2.0.3 (417.9.3) on Mac OS X 10.4.6 allows remote attacker ...)
	NOT-FOR-US: Apple Safari
CVE-2006-3223 (Format string vulnerability in CA Integrated Threat Management (ITM),  ...)
	NOT-FOR-US: CA Integrated Threat Management (ITM), eTrust Antivirus (eAV), and eTrust PestPatrol (ePP)
CVE-2006-3222 (The FTP proxy module in Fortinet FortiOS (FortiGate) before 2.80 MR12  ...)
	NOT-FOR-US: Fortinet FortiOS
CVE-2006-3221 (SQL injection vulnerability in index.php in DataLife Engine 4.1 and ea ...)
	NOT-FOR-US: DataLife
CVE-2006-3220 (SQL injection vulnerability in studienplatztausch.php in Woltlab Burni ...)
	NOT-FOR-US: Woltlab Burning Board
CVE-2006-3219 (SQL injection vulnerability in thread.php in Woltlab Burning Board (WB ...)
	NOT-FOR-US: Woltlab Burning Board
CVE-2006-3218 (SQL injection vulnerability in profile.php in Woltlab Burning Board (W ...)
	NOT-FOR-US: Woltlab Burning Board
CVE-2006-3217 (JaguarEditControl (JEdit) ActiveX Control 1.1.0.20 and earlier allows  ...)
	NOT-FOR-US: JaguarEditControl
CVE-2006-3216 (Clearswift MAILsweeper for SMTP before 4.3.20 and MAILsweeper for Exch ...)
	NOT-FOR-US: MAILsweeper
CVE-2006-3215 (Clearswift MAILsweeper for SMTP before 4.3.20 and MAILsweeper for Exch ...)
	NOT-FOR-US: MAILsweeper
CVE-2006-3214 (Unspecified vulnerability in Hitachi Groupmax Address Server 7 and ear ...)
	NOT-FOR-US: Hitachi Groupmax
CVE-2006-3213 (SQL injection vulnerability in WeBBoA Hosting 1.1 allows remote attack ...)
	NOT-FOR-US: WeBBoA Hosting
CVE-2006-3212 (Cross-site scripting (XSS) vulnerability in sign.php in cjGuestbook 1. ...)
	NOT-FOR-US: cjGuestbook
CVE-2006-3211 (Cross-site scripting (XSS) vulnerability in sign.php in cjGuestbook 1. ...)
	NOT-FOR-US: cjGuestbook
CVE-2006-3210 (Ralf Image Gallery (RIG) 0.7.4 and other versions before 1.0, when reg ...)
	NOT-FOR-US: Ralf Image Gallery
CVE-2006-3209 (** DISPUTED ** The Task scheduler (at.exe) on Microsoft Windows XP spa ...)
	NOT-FOR-US: Microsoft Windows
CVE-2006-3208 (Direct static code injection vulnerability in Ultimate PHP Board (UPB) ...)
	NOT-FOR-US: Ultimate PHP Board
CVE-2006-3207 (Directory traversal vulnerability in newpost.php in Ultimate PHP Board ...)
	NOT-FOR-US: Ultimate PHP Board
CVE-2006-3206 (register.php in Ultimate PHP Board (UPB) 1.9.6 and earlier allows remo ...)
	NOT-FOR-US: Ultimate PHP Board
CVE-2006-3205 (Ultimate PHP Board (UPB) 1.9.6 and earlier allows remote attackers to  ...)
	NOT-FOR-US: Ultimate PHP Board
CVE-2006-3204 (Ultimate PHP Board (UPB) 1.9.6 and earlier uses a cryptographically we ...)
	NOT-FOR-US: Ultimate PHP Board
CVE-2006-3203 (The installation of Ultimate PHP Board (UPB) 1.9.6 and earlier include ...)
	NOT-FOR-US: Ultimate PHP Board
CVE-2006-3202 (The ip6_savecontrol function in NetBSD 2.0 through 3.0, under certain  ...)
	NOT-FOR-US: NetBSD's KAME stack
CVE-2006-3201 (Unspecified vulnerability in the kernel in HP-UX B.11.00, B.11.11, and ...)
	NOT-FOR-US: HP-UX
CVE-2006-3200 (Unspecified versions of Internet Explorer allow remote attackers to ca ...)
	NOT-FOR-US: Internet Explorer
CVE-2006-3199 (Opera 9 allows remote attackers to cause a denial of service (crash) v ...)
	NOT-FOR-US: Opera
CVE-2006-3198 (Integer overflow in Opera 8.54 and earlier allows remote attackers to  ...)
	NOT-FOR-US: Opera
CVE-2006-3197 (Cross-site scripting (XSS) vulnerability in Invision Power Board (IPB) ...)
	NOT-FOR-US: Invision Power Board
CVE-2006-3196 (index.php in singapore 0.10.0 and earlier allows remote attackers to o ...)
	NOT-FOR-US: singapore
CVE-2006-3195 (Cross-site scripting (XSS) vulnerability in index.php in singapore 0.1 ...)
	NOT-FOR-US: singapore
CVE-2006-3194 (Directory traversal vulnerability in index.php in singapore 0.10.0 and ...)
	NOT-FOR-US: singapore
CVE-2006-3193 (Multiple PHP remote file inclusion vulnerabilities in Grayscale BandSi ...)
	NOT-FOR-US: BandSite
CVE-2006-3192 (PHP remote file inclusion vulnerability in Ad Manager Pro 2.6 allows r ...)
	NOT-FOR-US: Ad Manager
CVE-2006-3191 (Cross-site scripting (XSS) vulnerability in comment.php in MPCS 0.2 al ...)
	NOT-FOR-US: MPCS
CVE-2006-3190 (SQL injection vulnerability in administration/includes/login/auth.php  ...)
	NOT-FOR-US: HotPlug CMS
CVE-2006-3189 (Cross-site scripting (XSS) vulnerability in administration/tblcontent/ ...)
	NOT-FOR-US: HotPlug CMS
CVE-2006-3188 (Multiple SQL injection vulnerabilities in Sharky e-shop 3.05 and earli ...)
	NOT-FOR-US: Sharky e-shop
CVE-2006-3187 (Multiple cross-site scripting (XSS) vulnerabilities in Sharky e-shop 3 ...)
	NOT-FOR-US: Sharky e-shop
CVE-2006-3186 (Multiple cross-site scripting (XSS) vulnerabilities in CMS Faethon 1.3 ...)
	NOT-FOR-US: CMS Faethon
CVE-2006-3185 (PHP remote file inclusion vulnerability in data/header.php in CMS Faet ...)
	NOT-FOR-US: CMS Faethon
CVE-2006-3184 (Direct static code injection vulnerability in ASP Stats Generator befo ...)
	NOT-FOR-US: ASP Stats Generator
CVE-2006-3183 (Cross-site scripting (XSS) vulnerability in index.php in MobeScripts M ...)
	NOT-FOR-US: Mobile Space Community
CVE-2006-3182 (Directory traversal vulnerability in index.php in MobeScripts Mobile S ...)
	NOT-FOR-US: Mobile Space Community
CVE-2006-3181 (SQL injection vulnerability in index.php in MobeScripts Mobile Space C ...)
	NOT-FOR-US: Mobile Space Community
CVE-2006-3180 (Cross-site scripting (XSS) vulnerability in ftp_index.php in Confixx P ...)
	NOT-FOR-US: Confixx Pro
CVE-2006-3179 (Cross-site scripting (XSS) vulnerability in tools_ftp_pwaendern.php in ...)
	NOT-FOR-US: Confixx Pro
CVE-2006-3178 (Directory traversal vulnerability in extract_chmLib example program in ...)
	{DSA-1144-1}
	- chmlib 0.38-1 (bug #374085; low)
CVE-2006-3177 (PHP remote file inclusion vulnerability in Admin/rtf_parser.php in The ...)
	NOT-FOR-US: The Bible Portal Project
CVE-2006-3176 (SQL injection vulnerability in xarancms_haupt.php in xarancms 2.0 allo ...)
	NOT-FOR-US: xarancms
CVE-2006-3175 (Multiple PHP remote file inclusion vulnerabilities in mcGuestbook 1.3  ...)
	NOT-FOR-US: mcGuestbook
CVE-2006-3174 (Cross-site scripting (XSS) vulnerability in search.php in SquirrelMail ...)
	- squirrelmail 2:1.4.7-1 (bug #375782; unimportant)
	NOTE: Operation with registers_globals not supported
CVE-2006-3173 (Multiple PHP remote file inclusion vulnerabilities in Content*Builder  ...)
	NOT-FOR-US: Content*Builder
CVE-2006-3172 (Multiple PHP remote file inclusion vulnerabilities in Content*Builder  ...)
	NOT-FOR-US: Content*Builder
CVE-2006-3171 (CRLF injection vulnerability in CS-Forum before 0.82 allows remote att ...)
	NOT-FOR-US: CS-Forum
CVE-2006-3170 (CS-Forum before 0.82 allows remote attackers to obtain sensitive infor ...)
	NOT-FOR-US: CS-Forum
CVE-2006-3169 (Multiple cross-site scripting (XSS) vulnerabilities in CS-Forum 0.81 a ...)
	NOT-FOR-US: CS-Forum
CVE-2006-3168 (SQL injection vulnerability in CS-Forum before 0.82 allows remote atta ...)
	NOT-FOR-US: CS-Forum
CVE-2006-3167 (Free Realty before 2.9 allows remote attackers to obtain the full path ...)
	NOT-FOR-US: Free Realty
CVE-2006-3166 (Cross-site scripting (XSS) vulnerability in propview.php in Free Realt ...)
	NOT-FOR-US: Free Realty
CVE-2006-3165 (SQL injection vulnerability in propview.php in Free Realty 2.9-0.7 and ...)
	NOT-FOR-US: Free Realty
CVE-2006-3164 (SQL injection vulnerability in category.php in TPL Design tplShop 2.0  ...)
	NOT-FOR-US: tplShop
CVE-2006-3163 (Multiple SQL injection vulnerabilities in galeria.php in IMGallery 2.4 ...)
	NOT-FOR-US: IMGallery
CVE-2006-3162 (PHP remote file inclusion vulnerability in include/inc_foot.php in Sma ...)
	NOT-FOR-US: SmartSiteCMS
CVE-2006-3161 (SQL injection vulnerability in misc.php in SaphpLesson 1.1 and earlier ...)
	NOT-FOR-US: SaphpLesson
CVE-2006-3160 (Cross-site scripting (XSS) vulnerability in fm.php in ONEdotOH Simple  ...)
	NOT-FOR-US: Simple File Manager
CVE-2006-3159 (pipe_master in Sun ONE/iPlanet Messaging Server 5.2 HotFix 1.16 (built ...)
	NOT-FOR-US: Sun ONE/iPlanet Messaging Server
CVE-2006-3158 (index.php in Eduha Meeting does not properly restrict file extensions  ...)
	NOT-FOR-US: Eduha Meeting
CVE-2006-3157 (Cross-site scripting (XSS) vulnerability in index.php in Thinkfactory  ...)
	NOT-FOR-US: UltimateGoogle
CVE-2006-3156 (Cross-site scripting (XSS) vulnerability in index.cgi in Ultimate eSho ...)
	NOT-FOR-US: Ultimate eShop
CVE-2006-3155 (Multiple cross-site scripting (XSS) vulnerabilities in Ultimate Auctio ...)
	NOT-FOR-US: Ultimate Auction
CVE-2006-3154 (SQL injection vulnerability in index.pl in Ultimate Estate 1.0 and ear ...)
	NOT-FOR-US: Ultimate Estate
CVE-2006-3153 (Cross-site scripting (XSS) vulnerability in index.pl in Ultimate Estat ...)
	NOT-FOR-US: Ultimate Estate
CVE-2006-3152 (Multiple SQL injection vulnerabilities in phpTRADER 4.9 SP5 and earlie ...)
	NOT-FOR-US: phpTRADER
CVE-2006-3151 (Cross-site scripting (XSS) vulnerability in index.php in AssoCIateD (a ...)
	NOT-FOR-US: AssoCIateD
CVE-2006-3150 (SQL injection vulnerability in index.php in CavoxCms 1.0.16 and earlie ...)
	NOT-FOR-US: CavoxCms
CVE-2006-3149 (Cross-site scripting (XSS) vulnerability in topic.php in phpMyForum 4. ...)
	NOT-FOR-US: phpMyForum
CVE-2006-3148 (SQL injection vulnerability, possibly in search.inc.php, in Open-Realt ...)
	NOT-FOR-US: Open-Realty
CVE-2006-3147 (Unspecified vulnerability in Hosting Controller before 6.1 (aka Hotfix ...)
	NOT-FOR-US: Hosting Controller
CVE-2006-3146 (The TOSRFBD.SYS driver for Toshiba Bluetooth Stack 4.00.29 and earlier ...)
	NOT-FOR-US: Toshiba drivers for Windows
CVE-2006-3145 (Buffer overflow in pamtofits of NetPBM 10.30 through 10.33 allows remo ...)
	- netpbm-free <not-affected> (Debian's version is too old; affects 10.30 to 10.33 only)
CVE-2006-3144 (PHP remote file inclusion vulnerability in micro_cms_files/microcms-in ...)
	NOT-FOR-US: IBD Micro CMS
CVE-2006-3143 (Cross-site scripting (XSS) vulnerability in icue_login.asp in Maximus  ...)
	NOT-FOR-US: Maximus SchoolMAX
CVE-2006-3142 (SQL injection vulnerability in forum.php in VBZooM 1.11 allows remote  ...)
	NOT-FOR-US: VBZooM
CVE-2006-3141 (Cross-site scripting (XSS) vulnerability in details.cfm in Tradingeye  ...)
	NOT-FOR-US: Tradingeye Shop
CVE-2006-3140 (SQL injection vulnerability in index.php in openCI 1.0 BETA 0.20.1 and ...)
	NOT-FOR-US: openCI
CVE-2006-3139 (Multiple SQL injection vulnerabilities in war.php in Virtual War (VWar ...)
	NOT-FOR-US: Virtual War
CVE-2006-3138 (Multiple cross-site scripting (XSS) vulnerabilities in phpMyDirectory  ...)
	NOT-FOR-US: phpMyDirectory
CVE-2006-3137 (Cross-site scripting (XSS) vulnerability in productDetail.asp in Edge  ...)
	NOT-FOR-US: Edge eCommerce Shop
CVE-2006-3136
	NOT-FOR-US: Nucleus
CVE-2006-3135 (Multiple SQL injection vulnerabilities in CMS Mundo 1.0 build 008, and ...)
	NOT-FOR-US: CMS Mundo
CVE-2006-3134 (Buffer overflow in GraceNote CDDBControl ActiveX Control, as used by m ...)
	NOT-FOR-US: GraceNote ActiveX Control
CVE-2006-3133
	RESERVED
CVE-2006-3132 (Cross-site scripting (XSS) vulnerability in qtofm.php4 in QTOFileManag ...)
	NOT-FOR-US: QTOFileManager
CVE-2006-3131 (Multiple cross-site scripting (XSS) vulnerabilities in Clubpage allow  ...)
	NOT-FOR-US: Clubpage
CVE-2006-3130 (SQL injection vulnerability in index.php in Clubpage allows remote att ...)
	NOT-FOR-US: Clubpage
CVE-2006-3129 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in NC ...)
	NOT-FOR-US: LinkList
CVE-2006-3128 (choose_file.php in easy-CMS 0.1.2, when mod_mime is installed, does no ...)
	NOT-FOR-US: easy-CMS
CVE-2006-3127 (Memory leak in Network Security Services (NSS) 3.11, as used in Sun Ja ...)
	- mozilla <not-affected> (SunSolve claims it is only in 3.11; latest released is 3.10)
CVE-2006-3126 (c2faxrecv in capi4hylafax 01.02.03 allows remote attackers to execute  ...)
	{DSA-1165}
	- capi4hylafax 1:01.03.00.99.svn.300-3
CVE-2006-3125 (Array index error in tetrinet.c in gtetrinet 0.7.8 and earlier allows  ...)
	{DSA-1163}
	- gtetrinet 0.7.10-1
CVE-2006-3124 (Buffer overflow in the HTTP header parsing in Streamripper before 1.61 ...)
	{DSA-1158}
	- streamripper 1.61.25-2
CVE-2006-3123 (Multiple integer overflows in the (1) dodecrypt and (2) doencrypt func ...)
	{DSA-1138-1}
	- cfs 1.4.1-17
CVE-2006-3122 (The supersede_lease function in memory.c in ISC DHCP (dhcpd) server 2. ...)
	{DSA-1143-1}
	- dhcp 2.0pl5-19.5 (bug #380273)
CVE-2006-3121 (The peel_netstring function in cl_netstring.c in the heartbeat subsyst ...)
	{DSA-1151-1}
	- heartbeat-2 2.0.6-2
	- heartbeat 1.2.4-14
CVE-2006-3120 (Format string vulnerability in Brian Wotring Osiris before 4.2.1 allow ...)
	{DSA-1129}
	- osiris 4.2.0-2 (medium)
CVE-2006-3119 (The fbgs framebuffer Postscript/PDF viewer in fbi before 2.01 has a ty ...)
	{DSA-1124}
	- fbi 2.05-1
CVE-2006-3118 (spread uses a temporary file with a static filename based on the port  ...)
	- spread 3.17.3-4 (bug #375617; low)
	[sarge] - spread <no-dsa> (Minimal security implications)
CVE-2006-3117 (Heap-based buffer overflow in OpenOffice.org (aka StarOffice) 1.1.x up ...)
	{DSA-1104}
	- openoffice.org 2.0.3-1
CVE-2006-3116 (Multiple PHP remote file inclusion vulnerabilities in phpRaid 3.0.4 an ...)
	NOT-FOR-US: phpRaid
CVE-2006-3115 (SQL injection vulnerability in view.php in phpRaid 3.0.4, and possibly ...)
	NOT-FOR-US: phpRaid
CVE-2006-3114 (PC Tools AntiVirus 2.1.0.51 uses insecure default permissions on the " ...)
	NOT-FOR-US: PC Tools AntiVirus
CVE-2006-3113 (Mozilla Firefox 1.5 before 1.5.0.5, Thunderbird before 1.5.0.5, and Se ...)
	NOTE: MFSA-2006-46
	- mozilla <not-affected> (mozilla 1.7 not affected)
	- xulrunner 1.8.0.5-1 (high)
	- mozilla-firefox <not-affected> (only firefox >= 1.5)
	- firefox 1.5.dfsg+1.5.0.5-1 (high)
	- thunderbird 1.5.0.5-1 (medium)
	- mozilla-thunderbird <not-affected>
CVE-2006-3112 (Chipmailer 1.09 allows remote attackers to obtain sensitive informatio ...)
	NOT-FOR-US: Chipmailer
CVE-2006-3111 (Multiple SQL injection vulnerabilities in main.php in Chipmailer 1.09  ...)
	NOT-FOR-US: Chipmailer
CVE-2006-3110 (Cross-site scripting (XSS) vulnerability in main.php in Chipmailer 1.0 ...)
	NOT-FOR-US: Chipmailer
CVE-2006-3109 (Cross-site scripting (XSS) vulnerability in Cisco CallManager 3.3 befo ...)
	NOT-FOR-US: Cisco
CVE-2006-3108 (Cross-site scripting (XSS) vulnerability in EmailArchitect Email Serve ...)
	NOT-FOR-US: EmailArchitect
CVE-2006-3107 (Multiple PHP remote file inclusion vulnerabilities in Docebo 3.0.3 and ...)
	NOT-FOR-US: Docebo
CVE-2006-3106 (Cross-site scripting (XSS) vulnerability in index.php in phpMyDesktop| ...)
	NOT-FOR-US: phpMyDesktop
CVE-2006-3105 (CRLF injection vulnerability in Bitweaver 1.3 allows remote attackers  ...)
	NOT-FOR-US: Bitweaver
CVE-2006-3104 (users/index.php in Bitweaver 1.3 allows remote attackers to obtain sen ...)
	NOT-FOR-US: Bitweaver
CVE-2006-3103 (Cross-site scripting (XSS) vulnerability in Bitweaver 1.3 allows remot ...)
	NOT-FOR-US: Bitweaver
CVE-2006-3102 (Race condition in articles/BitArticle.php in Bitweaver 1.3, when run o ...)
	NOT-FOR-US: Bitweaver
CVE-2006-3101 (Cross-site scripting (XSS) vulnerability in LogonProxy.cgi in Cisco Se ...)
	NOT-FOR-US: Cisco
CVE-2006-3099
	RESERVED
CVE-2006-3098
	RESERVED
CVE-2006-3097 (Unspecified vulnerability in Support Tools Manager (xstm, cstm, and st ...)
	NOT-FOR-US: HP-UX Support Tools Manager
CVE-2006-3096 (Multiple SQL injection vulnerabilities in iPostMX 2005 2.0 and earlier ...)
	NOT-FOR-US: iPostMX
CVE-2006-3095 (Multiple cross-site scripting (XSS) vulnerabilities in iPostMX 2005 2. ...)
	NOT-FOR-US: iPostMX
CVE-2006-3094 (Multiple SQL injection vulnerabilities in Calendarix Basic 0.7.2006040 ...)
	NOT-FOR-US: Calendarix Basic
CVE-2006-3093 (Multiple unspecified vulnerabilities in Adobe Acrobat Reader (acroread ...)
	NOT-FOR-US: Adobe Reader
CVE-2006-3092 (PhpMyFactures 1.2 and earlier allows remote attackers to bypass authen ...)
	NOT-FOR-US: PhpMyFactures
CVE-2006-3091 (PhpMyFactures 1.0, and possibly 1.2 and earlier, allows remote attacke ...)
	NOT-FOR-US: PhpMyFactures
CVE-2006-3090 (Multiple SQL injection vulnerabilities in PhpMyFactures 1.0, and possi ...)
	NOT-FOR-US: PhpMyFactures
CVE-2006-3089 (Multiple cross-site scripting (XSS) vulnerabilities in PhpMyFactures 1 ...)
	NOT-FOR-US: PhpMyFactures
CVE-2006-3088 (Cross-site scripting (XSS) vulnerability in index.php in Car Classifie ...)
	NOT-FOR-US: Car Classifieds
CVE-2006-3087 (Multiple cross-site scripting (XSS) vulnerabilities in EZGallery 1.5 a ...)
	NOT-FOR-US: EZGallery
CVE-2006-3086 (Stack-based buffer overflow in the HrShellOpenWithMonikerDisplayName f ...)
	NOT-FOR-US: Microsoft
CVE-2006-3084 (The (1) ftpd and (2) ksu programs in (a) MIT Kerberos 5 (krb5) up to 1 ...)
	{DSA-1146-1}
	- krb5 1.4.3-9 (medium)
CVE-2006-3083 (The (1) krshd and (2) v4rcp applications in (a) MIT Kerberos 5 (krb5)  ...)
	{DSA-1146-1}
	- krb5 1.4.3-9 (medium)
CVE-2006-3082 (parse-packet.c in GnuPG (gpg) 1.4.3 and 1.9.20, and earlier versions,  ...)
	{DSA-1115 DSA-1107}
	- gnupg 1.4.3-2 (bug #375052; bug #375473; low)
	- gnupg2 1.9.20-1.1 (bug #375053; low)
CVE-2006-3081 (mysqld in MySQL 4.1.x before 4.1.18, 5.0.x before 5.0.19, and 5.1.x be ...)
	{DSA-1112}
	- mysql-dfsg-5.0 5.0.19-1 (bug #373913; high)
CVE-2006-3100 (termpkg 3.3 suffers from buffer overflow. ...)
	- termpkg 3.3-7 (bug #358028; medium)
CVE-2006-3085 (xt_sctp in netfilter for Linux kernel before 2.6.17.1 allows attackers ...)
	- linux-2.6 2.6.16-15
CVE-2006-XXXX [webalizer-stonesteps XSS]
	- webalizer-stonesteps 2.4.1.2-1
CVE-2006-3080 (Cross-site scripting (XSS) vulnerability in viewposts.cfm in aXentForu ...)
	NOT-FOR-US: aXentForum
CVE-2006-3079 (Cross-site scripting (XSS) vulnerability in index.cfm in SSPwiz Plus 1 ...)
	NOT-FOR-US: SSPwiz Plus
CVE-2006-3078 (Multiple SQL injection vulnerabilities in APBoard 2.2-r3 and earlier a ...)
	NOT-FOR-US: APBoard
CVE-2006-3077 (Cross-site scripting (XSS) vulnerability in guestbook.cfm in aXentGues ...)
	NOT-FOR-US: aXentGuestbook
CVE-2006-3076 (PHP remote file inclusion vulnerability in software_upload/public_incl ...)
	NOT-FOR-US: PhpBlueDragon
CVE-2006-3075 (Multiple PHP remote file inclusion vulnerabilities in PictureDis Profe ...)
	NOT-FOR-US: PictureDis Professional
CVE-2006-3074 (klif.sys in Kaspersky Internet Security 6.0 and 7.0, Kaspersky Anti-Vi ...)
	NOT-FOR-US: Several Kaspersky products
CVE-2006-3073 (Multiple cross-site scripting (XSS) vulnerabilities in the WebVPN feat ...)
	NOT-FOR-US: Cisco
CVE-2006-3072 (M4 Macro Library in Symantec Security Information Manager before 4.0.2 ...)
	NOT-FOR-US: Symantec Security Information Manager
CVE-2006-3071 (Cross-site scripting (XSS) vulnerability in index.php in MP3 Search/Ar ...)
	NOT-FOR-US: MP3 Search/Archive
CVE-2006-3070 (write_ok.php in Zeroboard 4.1 pl8, when installed on Apache with mod_m ...)
	NOT-FOR-US: Zeroboard
CVE-2006-3069
	NOT-FOR-US: DoubleSpeak
CVE-2006-3068 (IBM DB2 Universal Database (UDB) before 8.2 FixPak 12 allows remote at ...)
	NOT-FOR-US: IBM DB2
CVE-2006-3067 (Multiple unspecified vulnerabilities in IBM DB2 Universal Database (UD ...)
	NOT-FOR-US: IBM DB2
CVE-2006-3066 (Buffer overflow in the TCP/IP listener in IBM DB2 Universal Database ( ...)
	NOT-FOR-US: IBM DB2
CVE-2006-3065 (SQL injection vulnerability in engine/shards/blog.php in blur6ex 0.3.4 ...)
	NOT-FOR-US: blur6ex
CVE-2006-3064 (SQL injection vulnerability in the add_hit function in include/functio ...)
	NOT-FOR-US: Coppermine Photo Gallery
CVE-2006-3063 (Multiple cross-site scripting (XSS) vulnerabilities in myPHP Guestbook ...)
	NOT-FOR-US: myPHP Guestbook
CVE-2006-3062 (Cross-site scripting (XSS) vulnerability in index.php in myPHP Guestbo ...)
	NOT-FOR-US: myPHP Guestbook
CVE-2006-3061 (Multiple cross-site scripting (XSS) vulnerabilities in 5 Star Review a ...)
	NOT-FOR-US: 5 Star Review
CVE-2006-3060 (Cross-site scripting (XSS) vulnerability in P.A.I.D 2.2 allows remote  ...)
	NOT-FOR-US: P.A.I.D
CVE-2006-3059 (Unspecified vulnerability in Microsoft Excel 2000 through 2004 allows  ...)
	NOT-FOR-US: Microsoft Excel
CVE-2006-3058
	RESERVED
CVE-2006-3057 (Unspecified vulnerability in NetworkManager daemon for DHCP (dhcdbd) a ...)
	- dhcdbd 1.14-1
CVE-2006-3056 (SQL injection vulnerability in language.php in VBZooM 1.01 allows remo ...)
	NOT-FOR-US: VBZooM
CVE-2006-3055 (Multiple SQL injection vulnerabilities in VBZooM 1.02 allow remote att ...)
	NOT-FOR-US: VBZooM
CVE-2006-3054 (Multiple SQL injection vulnerabilities in VBZooM 1.11 allow remote att ...)
	NOT-FOR-US: VBZooM
CVE-2006-3053
	NOT-FOR-US: PHORUM
CVE-2006-3052 (Cross-site scripting (XSS) vulnerability in Event Registration allows  ...)
	NOT-FOR-US: Event Registration
CVE-2006-3051 (Cross-site scripting (XSS) vulnerability in list.php in SixCMS 6.0, an ...)
	NOT-FOR-US: SixCMS
CVE-2006-3050 (Directory traversal vulnerability in detail.php in SixCMS 6.0, and oth ...)
	NOT-FOR-US: SixCMS
CVE-2006-3049 (Multiple cross-site scripting (XSS) vulnerabilities in booking3.php in ...)
	NOT-FOR-US: Mole Group Ticket Booking Script
CVE-2006-3048 (SQL injection vulnerability in TikiWiki 1.9.3.2 and possibly earlier v ...)
	- tikiwiki 1.9.4-1 (medium)
CVE-2006-3047 (Cross-site scripting (XSS) vulnerability in TikiWiki 1.9.3.2 and possi ...)
	- tikiwiki 1.9.4-1 (medium)
CVE-2006-3046 (Unspecified vulnerability in the admin login feature in Subtext 1.5, i ...)
	NOT-FOR-US: Subtext
CVE-2006-3045 (PHP remote file inclusion vulnerability in manage_songs.php in Foing 0 ...)
	NOT-FOR-US: Foing
CVE-2006-3044 (Cross-site scripting (XSS) vulnerability in LogiSphere 1.6.0 allows re ...)
	NOT-FOR-US: LogiSphere
CVE-2006-3043 (Cross-site scripting (XSS) vulnerability in search.cfm in CreaFrameXe  ...)
	NOT-FOR-US: CFXe-CMS
CVE-2006-3042
	NOT-FOR-US: ISPConfig
CVE-2006-3041
	NOT-FOR-US: Codewalkers Ltwcalendar
CVE-2006-3040
	NOT-FOR-US: Amr Talkbox
CVE-2006-3039 (Cross-site scripting (XSS) vulnerability in index.php in Cescripts Rea ...)
	NOT-FOR-US: Cescripts Realty Home Rent
CVE-2006-3038 (Cross-site scripting (XSS) vulnerability in index.php in Cescripts Rea ...)
	NOT-FOR-US: Cescripts Realty Home Rent
CVE-2006-3037 (Multiple cross-site scripting (XSS) vulnerabilities in publish.php in  ...)
	NOT-FOR-US: ST AdManager Lite
CVE-2006-3036 (Multiple cross-site scripting (XSS) vulnerabilities in 35mmslidegaller ...)
	NOT-FOR-US: 35mmslidegallery
CVE-2006-3035 (Multiple cross-site scripting (XSS) vulnerabilities in addwords.php in ...)
	NOT-FOR-US: MyScrapbook
CVE-2006-3034 (MyScrapbook 3.1 allows remote attackers to obtain sensitive informatio ...)
	NOT-FOR-US: MyScrapbook
CVE-2006-3033 (Cross-site scripting (XSS) vulnerability in MyScrapbook 3.1 allows rem ...)
	NOT-FOR-US: MyScrapbook
CVE-2006-3032 (Multiple cross-site scripting (XSS) vulnerabilities in Xtreme ASP Phot ...)
	NOT-FOR-US: Xtreme ASP Photo Gallery
CVE-2006-3031 (Multiple cross-site scripting (XSS) vulnerabilities in index.asp in fi ...)
	NOT-FOR-US: fipsCMS
CVE-2006-3030 (Multiple cross-site scripting (XSS) vulnerabilities in DwZone Shopping ...)
	NOT-FOR-US: DwZone Shopping Cart
CVE-2006-3029 (Cross-site scripting (XSS) vulnerability in default.asp in ClickTech C ...)
	NOT-FOR-US: ClickTech Clickcart
CVE-2006-3028 (PHP remote file inclusion vulnerability in stat_modules/users_age/modu ...)
	NOT-FOR-US: Minerva
CVE-2006-3027 (Multiple SQL injection vulnerabilities in Enthrallwebe ePhotos 2.2 and ...)
	NOT-FOR-US: Enthrallwebe ePhotos
CVE-2006-3026 (Multiple cross-site scripting (XSS) vulnerabilities in ClickGallery 5. ...)
	NOT-FOR-US: ClickGallery
CVE-2006-3025 (Cross-site scripting (XSS) vulnerability in Cal.PHP3 in Chris Lea Luci ...)
	NOT-FOR-US: Chris Lea Lucid Calendar
CVE-2006-3024 (Multiple cross-site scripting (XSS) vulnerabilities in EvGenius Counte ...)
	NOT-FOR-US: EvGenius Counter
CVE-2006-3023 (Multiple cross-site scripting (XSS) vulnerabilities in thumbnails.asp  ...)
	NOT-FOR-US: Uapplication Uphotogallery
CVE-2006-3022 (Cross-site scripting (XSS) vulnerability in zoom.php in fipsGallery 1. ...)
	NOT-FOR-US: fipsGallery
CVE-2006-3021 (Multiple cross-site scripting (XSS) vulnerabilities in BlueCollar i-Ga ...)
	NOT-FOR-US: BlueCollar i-Gallery
CVE-2006-3020 (Multiple cross-site scripting (XSS) vulnerabilities in FullPhoto.asp i ...)
	NOT-FOR-US: WS-Album
CVE-2006-3019 (Multiple PHP remote file inclusion vulnerabilities in phpCMS 1.2.1pl2  ...)
	NOT-FOR-US: phpCMS
CVE-2006-3018 (Unspecified vulnerability in the session extension functionality in PH ...)
	- php5 5.1.4-0.1 (unimportant)
	- php4 <removed> (unimportant)
	NOTE: Sanitising is the application's responsibilitys
CVE-2006-3017 (zend_hash_del_key_or_index in zend_hash.c in PHP before 4.4.3 and 5.x  ...)
	{DSA-1206-1}
	- php5 5.1.4-0.1 (medium)
	- php4 4:4.4.4-1 (medium; bug #381998)
CVE-2006-3016 (Unspecified vulnerability in session.c in PHP before 5.1.3 has unknown ...)
	- php5 5.1.4-0.1 (unimportant)
	- php4 4:4.4.4-1 (unimportant; bug #382259)
	NOTE: Sanitising is the application's responsibilitys
CVE-2006-3015 (Argument injection vulnerability in WinSCP 3.8.1 build 328 allows remo ...)
	NOT-FOR-US: WinSCP
CVE-2006-3014 (Microsoft Excel allows user-assisted attackers to execute arbitrary ja ...)
	NOT-FOR-US: Microsoft Excel / Flashplayer for Windows
CVE-2006-3013 (Interpretation conflict in resetpw.php in phpBannerExchange before 2.0 ...)
	NOT-FOR-US: phpBannerExchange
CVE-2006-3012 (SQL injection vulnerability in phpBannerExchange before 2.0 Update 6 a ...)
	NOT-FOR-US: phpBannerExchange
CVE-2006-3011 (The error_log function in basic_functions.c in PHP before 4.4.4 and 5. ...)
	- php4 4:4.4.4-1 (unimportant)
	- php5 5.1.6-1 (unimportant)
	NOTE: Safe mode violations are not supported
CVE-2006-3010 (Multiple SQL injection vulnerabilities in Open Business Management (OB ...)
	NOT-FOR-US: Open Business Management
CVE-2006-3009 (Multiple cross-site scripting (XSS) vulnerabilities in Open Business M ...)
	NOT-FOR-US: Open Business Management
CVE-2006-3008
	REJECTED
CVE-2006-3007 (Multiple cross-site scripting (XSS) vulnerabilities in SHOUTcast 1.9.5 ...)
	NOT-FOR-US: SHOUTcast
CVE-2006-3006 (Cross-site scripting (XSS) vulnerability in iFoto 0.20, and possibly o ...)
	NOT-FOR-US: iFoto
CVE-2006-3005 (The JPEG library in media-libs/jpeg before 6b-r7 on Gentoo Linux is bu ...)
	- libjpeg6b <not-affected> (--maxmem is set during configure)
	- libjpeg-mmx <removed> (bug #373672; low)
	[sarge] - libjpeg-mmx <no-dsa> (If this poses a threat, the admin can apply resource limits)
CVE-2006-3004 (Multiple cross-site scripting (XSS) vulnerabilities in Ez Ringtone Man ...)
	NOT-FOR-US: Ez Ringtone
CVE-2006-3003 (details.php in Easy Ad-Manager allows remote attackers to obtain the f ...)
	NOT-FOR-US: Easy Ad-Manager
CVE-2006-3002 (Cross-site scripting (XSS) vulnerability in details.php in Easy Ad-Man ...)
	NOT-FOR-US: OkScripts product
CVE-2006-3001 (Cross-site scripting (XSS) vulnerability in search.php in OkScripts Ok ...)
	NOT-FOR-US: OkScripts product
CVE-2006-3000 (Cross-site scripting (XSS) vulnerability in search.php in OkScripts Ok ...)
	NOT-FOR-US: OkScripts product
CVE-2006-2999 (Cross-site scripting (XSS) vulnerability in search.php in OkScripts Qu ...)
	NOT-FOR-US: OkScripts product
CVE-2006-2998 (PHP remote file inclusion vulnerability in board/post.php in free QBoa ...)
	NOT-FOR-US: QBoard
CVE-2006-2997 (Cross-site scripting (XSS) vulnerability in ZMS 2.9 and earlier, when  ...)
	- zope-zms <unfixed> (bug #373667; unimportant)
	[sarge] - zope-zms <no-dsa> (Only exploitable with register_globals)
	NOTE: register_globals is an unsupported mode of operation in Debian
CVE-2006-2996 (PHP remote file inclusion vulnerability in inc/design.inc.php in LoveC ...)
	NOT-FOR-US: aePartner
CVE-2006-2995 (Multiple PHP remote file inclusion vulnerabilities in WebprojectDB 0.1 ...)
	NOT-FOR-US: WebprojectDB
CVE-2006-2994 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ph ...)
	NOT-FOR-US: phazizGuestbook
CVE-2006-2993 (Multiple SQL injection vulnerabilities in My Photo Scrapbook 1.0 and e ...)
	NOT-FOR-US: My Photo Scrapbook
CVE-2006-2992 (Cross-site scripting (XSS) vulnerability in display.asp in My Photo Sc ...)
	NOT-FOR-US: My Photo Scrapbook
CVE-2006-2991 (Multiple cross-site scripting (XSS) vulnerabilities in Ringlink 3.2 al ...)
	NOT-FOR-US: Ringlink
CVE-2006-2990 (Cross-site scripting (XSS) vulnerability in default.asp in VanillaSoft ...)
	NOT-FOR-US: VanillaSoft
CVE-2006-2989 (Cross-site scripting (XSS) vulnerability in listpics.asp in ASP ListPi ...)
	NOT-FOR-US: ASP ListPics
CVE-2006-2988 (Cross-site scripting (XSS) vulnerability in dictionary.php in Chemical ...)
	NOT-FOR-US: Chemical Dictionary
CVE-2006-2987 (Multiple SQL injection vulnerabilities in Dominios Europa PICRATE (aka ...)
	NOT-FOR-US: PICRATE
CVE-2006-2986 (Multiple cross-site scripting (XSS) vulnerabilities in Baby Katie Medi ...)
	NOT-FOR-US: vSCAL and vsREAL
CVE-2006-2985 (SQL injection vulnerability in index.php in IntegraMOD 1.4.0 and earli ...)
	NOT-FOR-US: IntegraMOD
CVE-2006-2984 (Cross-site scripting (XSS) vulnerability in index.php in IntegraMOD 1. ...)
	NOT-FOR-US: IntegraMOD
CVE-2006-2983 (PHP remote file inclusion vulnerability in Enterprise Timesheet and Pa ...)
	NOT-FOR-US: Enterprise Timesheet and Payroll Systems (EPS)
CVE-2006-2982 (Multiple PHP remote file inclusion vulnerabilities in Enterprise Times ...)
	NOT-FOR-US: Enterprise Timesheet and Payroll Systems (EPS)
CVE-2006-2981 (SQL injection vulnerability in vs_search.php in Arantius Vice Stats be ...)
	NOT-FOR-US: Arantius Vice Stats
CVE-2006-2980 (SQL injection vulnerability in block_forum_topic_new.php in ViArt Shop ...)
	NOT-FOR-US: ViArt
CVE-2006-2979 (Multiple cross-site scripting (XSS) vulnerabilities in ViArt Shop Free ...)
	NOT-FOR-US: ViArt
CVE-2006-2978 (Mafia Moblog 0.6M1 and earlier allows remote attackers to obtain the i ...)
	NOT-FOR-US: Moblog
CVE-2006-2977 (SQL injection vulnerability in big.php in Mafia Moblog 0.6M1 and earli ...)
	NOT-FOR-US: Moblog
CVE-2006-2976 (Unspecified vulnerability in usermgr.php in Coppermine Photo Gallery b ...)
	NOT-FOR-US: Coppermine
CVE-2006-2975 (Multiple cross-site scripting (XSS) vulnerabilities in pblguestbook.ph ...)
	NOT-FOR-US: PBL Guestbook
CVE-2006-2974 (Multiple cross-site scripting (XSS) vulnerabilities in EmailArchitect  ...)
	NOT-FOR-US: EmailArchitect
CVE-2006-2973 (Multiple SQL injection vulnerabilities in month.php in PHP Lite Calend ...)
	NOT-FOR-US: PHP Lite Calendar
CVE-2006-2972 (SQL injection vulnerability in vs_resource.php in Arantius Vice Stats  ...)
	NOT-FOR-US: Arantius Vice Stats
CVE-2006-2971 (Integer overflow in the recv_packet function in 0verkill 0.16 allows r ...)
	- overkill 0.16-9 (bug #373687; low)
	[sarge] - overkill <no-dsa> (Only DoS against an obscure game, no code injection possible)
CVE-2006-2970 (videoPage.php in L0j1k tinyMuw 0.1.0 allows remote attackers to obtain ...)
	NOT-FOR-US: tinyMuw
CVE-2006-2969 (Cross-site scripting (XSS) vulnerability in L0j1k tinyMuw 0.1.0 allow  ...)
	NOT-FOR-US: tinyMuw
CVE-2006-2968 (Cross-site scripting (XSS) vulnerability in search.php in PHP Labware  ...)
	NOT-FOR-US: LabWiki
CVE-2006-2967 (Syworks SafeNET allows local users to bypass restrictions on network r ...)
	NOT-FOR-US: SafeNET
CVE-2006-2966 (Cross-site scripting (XSS) vulnerability in Particle Soft Particle Wik ...)
	NOT-FOR-US: Particle Wiki
CVE-2006-2965 (Multiple cross-site scripting (XSS) vulnerabilities in Particle Soft P ...)
	NOT-FOR-US: Particle Whois
CVE-2006-2964 (Multiple PHP remote file inclusion vulnerabilities in Xtreme Scripts D ...)
	NOT-FOR-US: Xtreme Downloads
CVE-2006-2963 (Cross-site scripting (XSS) vulnerability in Suchergebnisse.asp in Caba ...)
	NOT-FOR-US: Cabacos Web CMS
CVE-2006-2962 (PHP remote file inclusion vulnerability in sql_fcnsOLD.php in Emergeni ...)
	NOT-FOR-US: Empris
CVE-2006-2961 (Stack-based buffer overflow in CesarFTP 0.99g and earlier allows remot ...)
	NOT-FOR-US: CesarFTP
CVE-2006-2960 (PHP remote file inclusion vulnerability in includes/joomla.php in Joom ...)
	NOT-FOR-US: Joomla!
CVE-2006-2959 (SQL injection vulnerability in inc_header.asp in Snitz Forum 3.4.05 an ...)
	NOT-FOR-US: Snitz Forum
CVE-2006-2958 (Directory traversal vulnerability in FilZip 3.05 allows remote attacke ...)
	NOT-FOR-US: FilZip
CVE-2006-2957 (Cross-site scripting (XSS) vulnerability in i.List 1.5 beta and earlie ...)
	NOT-FOR-US: i.List
CVE-2006-2956 (Multiple cross-site scripting (XSS) vulnerabilities in i.List 1.5 beta ...)
	NOT-FOR-US: i.List
CVE-2006-2955 (Multiple cross-site scripting (XSS) vulnerabilities in KAPhotoservice  ...)
	NOT-FOR-US: KAPhotoservice
CVE-2006-2954 (SQL injection vulnerability in files.asp in OfficeFlow 2.6 and earlier ...)
	NOT-FOR-US: OfficeFlow
CVE-2006-2953 (Cross-site scripting (XSS) vulnerability in default.asp in OfficeFlow  ...)
	NOT-FOR-US: OfficeFlow
CVE-2006-2952 (Directory traversal vulnerability in Net Portal Dynamic System (NPDS)  ...)
	NOT-FOR-US: NPDS
CVE-2006-2951 (Multiple cross-site scripting (XSS) vulnerabilities in Net Portal Dyna ...)
	NOT-FOR-US: NPDS
CVE-2006-2950 (Net Portal Dynamic System (NPDS) 5.10 and earlier allows remote attack ...)
	NOT-FOR-US: NPDS
CVE-2006-2949 (Cross-site scripting (XSS) vulnerability in private.php in MyBB 1.1.2  ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2006-2948 (A-CART 2.0 stores the acart2_0.mdb file under the web document root wi ...)
	NOT-FOR-US: A-CART
CVE-2006-2947 (Dmx Forum 2.1a allows remote attackers to obtain username and password ...)
	NOT-FOR-US: Dmx Forum
CVE-2006-2946 (Dmx Forum 2.1a stores _includes/bd.inc under the web root with insuffi ...)
	NOT-FOR-US: Dmx Forum
CVE-2006-2945 (Unspecified vulnerability in the user profile change functionality in  ...)
	- dokuwiki 0.0.20060309-4 (bug #373689; low)
CVE-2006-2944 (Unspecified vulnerability in CGI-RESCUE FORM2MAIL 1.21 and earlier all ...)
	NOT-FOR-US: FORM2MAIL
CVE-2006-2943 (Unspecified vulnerability in CGI-RESCUE WebFORM 4.1 and earlier allows ...)
	NOT-FOR-US: WebFORM
CVE-2006-2942 (TWiki 4.0.0, 4.0.1, and 4.0.2 allows remote attackers to gain Twiki ad ...)
	- twiki <not-affected> (Debian's version is old and does not include affected file)
CVE-2006-2941 (Mailman before 2.1.9rc1 allows remote attackers to cause a denial of s ...)
	- mailman <not-affected> (Mailman uses the system version of the affected Python lib)
CVE-2006-2940 (OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions ...)
	{DSA-1195-1 DSA-1185-2}
	- openssl 0.9.8c-2 (bug #389940)
	- openssl097 0.9.7k-2
	- openssl096 <removed>
CVE-2006-2939
	REJECTED
CVE-2006-2938
	REJECTED
CVE-2006-2937 (OpenSSL 0.9.7 before 0.9.7l and 0.9.8 before 0.9.8d allows remote atta ...)
	{DSA-1185-2}
	- openssl 0.9.8c-2 (bug #389940)
	- openssl097 0.9.7k-2
	- openssl096 <not-affected>
CVE-2006-2936 (The ftdi_sio driver (usb/serial/ftdi_sio.c) in Linux kernel 2.6.x up t ...)
	{DSA-1184-2}
	- linux-2.6 2.6.17-5 (low)
CVE-2006-2935 (The dvd_read_bca function in the DVD handling code in drivers/cdrom/cd ...)
	{DSA-1184-2 DSA-1183-1}
	- linux-2.6 2.6.17-5 (low)
CVE-2006-2934 (SCTP conntrack (ip_conntrack_proto_sctp.c) in netfilter for Linux kern ...)
	- linux-2.6 2.6.17-3
CVE-2006-2933 (kdesktop_lock in kdebase before 3.1.3-5.11 for KDE in Red Hat Enterpri ...)
	[sarge] - kdebase <not-affected> (Only KDE < 3.2 vulnerable)
	- kdebase 3.5.2-1 (medium)
	NOTE: exact fixed version not known, however bug only affects < 3.2
CVE-2006-2932 (A regression error in the restore_all code path of the 4/4GB split sup ...)
	- linux-2.6 <not-affected> (vulnerable code not present)
CVE-2006-2931 (CMS Mundo before 1.0 build 008 does not properly verify uploaded image ...)
	NOT-FOR-US: CMS Mundo
CVE-2006-2930 (Unspecified vulnerability in Sun Grid Engine 5.3 and Sun N1 Grid Engin ...)
	NOT-FOR-US: Sun
CVE-2006-2929 (PHP remote file inclusion vulnerability in contrib/forms/evaluation/C_ ...)
	NOT-FOR-US: OpenEMR
CVE-2006-2928 (Multiple PHP remote file inclusion vulnerabilities in CMS-Bandits 2.5  ...)
	NOT-FOR-US: CMS-Bandits
CVE-2006-2927 (Multiple cross-site scripting (XSS) vulnerabilities in post.asp in Cod ...)
	NOT-FOR-US: CAForum
CVE-2006-2926 (Stack-based buffer overflow in the WWW Proxy Server of Qbik WinGate 6. ...)
	NOT-FOR-US: Qbik
CVE-2006-2925 (Cross-site scripting (XSS) vulnerability in the web interface in Ingat ...)
	NOT-FOR-US: Ingate
CVE-2006-2924 (Ingate Firewall in the SIP module before 4.4.1 and SIParator before 4. ...)
	NOT-FOR-US: Ingate
CVE-2006-2923 (The iax_net_read function in the iaxclient open source library, as use ...)
	- iaxclient 0.0+svn20060520-2
CVE-2006-2922 (Multiple PHP remote file inclusion vulnerabilities in MiraksGalerie 2. ...)
	NOT-FOR-US: MiraksGalerie
CVE-2006-2921 (PHP remote file inclusion vulnerability in cmpro_header.inc.php in Cla ...)
	NOT-FOR-US: CMPro
CVE-2006-2920 (Sylpheed-Claws before 2.2.2 and Sylpheed before 2.2.6 allow remote att ...)
	- sylpheed 2.2.6-1 (low)
	[sarge] - sylpheed <no-dsa> (Minor evasion of phishing protection feature)
	- sylpheed-gtk1 1.0.6-3 (bug #373187; low)
	- sylpheed-claws 1.0.5-3 (bug #372891; low)
	[sarge] - sylpheed-claws <no-dsa> (Minor evasion of phishing protection feature)
	- sylpheed-claws-gtk2 2.3.0-1 (bug #372889; low)
CVE-2006-2919 (Unspecified vulnerability in Microsoft NetMeeting 3.01 allows remote a ...)
	NOT-FOR-US: Microsoft
CVE-2006-2918 (The Lanap BotDetect APS.NET CAPTCHA component before 1.5.4.0 stores th ...)
	NOT-FOR-US: Lanap BotDetect APS.NET CAPTCHA component
CVE-2006-2917 (Directory traversal vulnerability in the IMAP server in WinGate 6.1.2. ...)
	NOT-FOR-US: WinGate
CVE-2006-2916 (artswrapper in aRts, when running setuid root on Linux 2.6.0 or later  ...)
	- arts 1.5.3-2 (bug #374003; low)
	[sarge] - arts <not-affected> (Not setuid root in Debian)
	NOTE: artswrapper is not suid root by default, but README.Debian describes it
CVE-2006-2915 (Multiple SQL injection vulnerabilities in DeluxeBB 1.06 allow remote a ...)
	NOT-FOR-US: DeluxeBB
CVE-2006-2914 (PHP remote file inclusion vulnerability in DeluxeBB 1.06 allows remote ...)
	NOT-FOR-US: DeluxeBB
CVE-2006-2913 (Cross-site scripting (XSS) vulnerability in SelectaPix 1.31 allows rem ...)
	NOT-FOR-US: SelectaPix
CVE-2006-2912 (Multiple SQL injection vulnerabilities in SelectaPix 1.31 allow remote ...)
	NOT-FOR-US: SelectaPix
CVE-2006-2911 (SQL injection vulnerability in controlpanel/index.php in CMS Mundo bef ...)
	NOT-FOR-US: CMS Mundo
CVE-2006-2910 (Buffer overflow in jetAudio 6.2.6.8330 (Basic), and possibly other ver ...)
	NOT-FOR-US: jetAudio
CVE-2006-2909 (Stack-based buffer overflow in the info tip shell extension (zipinfo.d ...)
	NOT-FOR-US: PicoZip
CVE-2006-2908 (The domecode function in inc/functions_post.php in MyBulletinBoard (My ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2006-2907
	RESERVED
CVE-2006-2906 (The LZW decoding in the gdImageCreateFromGifPtr function in the Thomas ...)
	{DSA-1117}
	- libgd2 2.0.33-5 (bug #372912; low)
	- tetex-bin <not-affected> (Links dynamically, see #382506)
CVE-2006-2905 (Partial Links 1.2.2 allows remote attackers to obtain sensitive inform ...)
	NOT-FOR-US: Partial Links
CVE-2006-2904 (SQL injection vulnerability in index.php in Partial Links 1.2.2 allows ...)
	NOT-FOR-US: Partial Links
CVE-2006-2903 (Cross-site scripting (XSS) vulnerability in admin.php in Particle Link ...)
	NOT-FOR-US: Partial Links
CVE-2006-2902 (Directory traversal vulnerability in Particle Links 1.2.2 might allow  ...)
	NOT-FOR-US: Partial Links
CVE-2006-2901 (The web server for D-Link Wireless Access-Point (DWL-2100ap) firmware  ...)
	NOT-FOR-US: D-Link
CVE-2006-2900 (Internet Explorer 6 allows user-assisted remote attackers to read arbi ...)
	NOT-FOR-US: Microsoft
CVE-2006-2899 (Unspecified vulnerability in ESTsoft InternetDISK versions before 2006 ...)
	NOT-FOR-US: ESTsoft InternetDISK
CVE-2006-2898 (The IAX2 channel driver (chan_iax2) for Asterisk 1.2.x before 1.2.9 an ...)
	{DSA-1126}
	- asterisk 1:1.2.10.dfsg-2 (bug #380054)
	- iax 0.2.2-5
	[sarge] - iax <not-affected> (Vulnerable code not present)
	- iaxmodem 0.1.8.dfsg-2
CVE-2006-2897 (Cross-site scripting (XSS) vulnerability in FunkBoard 0.71 allows remo ...)
	NOT-FOR-US: Funkboard
CVE-2006-2896 (profile.php in FunkBoard CF0.71 allows remote attackers to change arbi ...)
	NOT-FOR-US: Funkboard
CVE-2006-2895 (Cross-site scripting (XSS) vulnerability in MediaWiki 1.6.0 up to vers ...)
	- mediawiki <not-affected> (Affects only 1.6.0-1.6.6)
CVE-2006-2894 (Mozilla Firefox 1.5.0.4, 2.0.x before 2.0.0.8, Mozilla Suite 1.7.13, M ...)
	{DSA-1401-1 DSA-1392-1 DTSA-69-1 DTSA-80-1}
	- iceweasel 2.0.0.8
	- xulrunner 1.8.1.9-1
	- iceape 1.1.5
CVE-2006-2893 (index.php in GANTTy 1.0.3 allows remote attackers to obtain the full p ...)
	NOT-FOR-US: GANTTy
CVE-2006-2892 (Cross-site scripting (XSS) vulnerability in index.php in GANTTy 1.0.3  ...)
	NOT-FOR-US: GANTTy
CVE-2006-2891 (Cross-site scripting (XSS) vulnerability in admin/index.php for Pixelp ...)
	NOT-FOR-US: Pixelpost
CVE-2006-2890 (Pixelpost 1-5rc1-2 and earlier, when register_globals is enabled, allo ...)
	NOT-FOR-US: Pixelpost
CVE-2006-2889 (Multiple SQL injection vulnerabilities in index.php in Pixelpost 1-5rc ...)
	NOT-FOR-US: Pixelpost
CVE-2006-2888 (PHP remote file inclusion vulnerability in _wk/wk_lang.php in Wikiwig  ...)
	NOT-FOR-US: Wikiwig
CVE-2006-2887 (Multiple SQL injection vulnerabilities in myNewsletter 1.1.2 and earli ...)
	NOT-FOR-US: myNewsletter
CVE-2006-2886 (view.php in KnowledgeTree Open Source 3.0.3 and earlier allows remote  ...)
	- knowledgetree <removed> (bug #373137; low)
CVE-2006-2885 (Multiple cross-site scripting (XSS) vulnerabilities in KnowledgeTree O ...)
	- knowledgetree <removed> (bug #373137; low)
CVE-2006-2884 (SQL injection vulnerability in index.php in Kmita FAQ 1.0 allows remot ...)
	NOT-FOR-US: Kmita
CVE-2006-2883 (Cross-site scripting (XSS) vulnerability in search.php in Kmita FAQ 1. ...)
	NOT-FOR-US: Kmita
CVE-2006-2882 (Multiple cross-site scripting (XSS) vulnerabilities submit.asp in ASPS ...)
	NOT-FOR-US: ASPScriptz
CVE-2006-2881 (Multiple PHP remote file inclusion vulnerabilities in DreamAccount 3.1 ...)
	NOT-FOR-US: DreamAccount
CVE-2006-2880 (Cross-site scripting (XSS) vulnerability in the Contributed Packages f ...)
	NOT-FOR-US: pyblosxom package doesn't ship plugins
CVE-2006-2879 (SQL injection vulnerability in newscomments.php in Alex News-Engine 1. ...)
	NOT-FOR-US: Alex News-Engine
CVE-2006-2878 (The spellchecker (spellcheck.php) in DokuWiki 2006/06/04 and earlier a ...)
	- dokuwiki 0.0.20060309-4 (bug #370369; bug #370785; high)
CVE-2006-2877 (PHP remote file inclusion vulnerability in Bookmark4U 2.0.0 and earlie ...)
	NOT-FOR-US: Bookmark4U
CVE-2006-2876 (Cross-site scripting (XSS) vulnerability in cat.php in PHP Pro Publish ...)
	NOT-FOR-US: PHP Pro Publish
CVE-2006-2875 (Stack-based buffer overflow in the CL_ParseDownload function of Quake  ...)
	- tremulous 1.1.0-6 (bug #660827)
	[squeeze] - tremulous 1.1.0-7~squeeze1
	- ioquake3 1.36+svn1788j-1
CVE-2006-2874 (Unspecified vulnerability in OSADS Alliance Database before 1.4 has un ...)
	NOT-FOR-US: OSADS
CVE-2006-2873 (Cross-site scripting (XSS) vulnerability in hava.asp in Enigma Haber 4 ...)
	NOT-FOR-US: Enigma Haber
CVE-2006-2872 (PHP remote file inclusion vulnerability in config.php in Rumble 1.02 a ...)
	NOT-FOR-US: Rumble
CVE-2006-2871
	NOT-FOR-US: CyBoards
CVE-2006-2870 (Cross-site scripting (XSS) vulnerability in forum_search.asp in Intell ...)
	NOT-FOR-US: Intelligent Solutions Inc.
CVE-2006-2869 (Unspecified vulnerability in the CHM unpacker in avast! before 4.7.844 ...)
	NOT-FOR-US: Avast
CVE-2006-2868 (Multiple PHP remote file inclusion vulnerabilities in Claroline 1.7.6  ...)
	NOT-FOR-US: Claroline
CVE-2006-2867 (SQL injection vulnerability in editpost.php in CoolForum 0.8.3 beta an ...)
	NOT-FOR-US: CoolForum
CVE-2006-2866 (PHP remote file inclusion vulnerability in layout/prepend.php in DotCl ...)
	NOT-FOR-US: DotClear
CVE-2006-2865
	NOTE: phpbb2, but invalid
CVE-2006-2864 (Multiple PHP remote file inclusion vulnerabilities in BlueShoes Framew ...)
	NOT-FOR-US: BlueShoes
CVE-2006-2863 (PHP remote file inclusion vulnerability in class.cs_phpmailer.php in C ...)
	NOT-FOR-US: CS-Cart
CVE-2006-2862 (SQL injection vulnerability in viewimage.php in Particle Gallery 1.0.0 ...)
	NOT-FOR-US: Particle Gallery
CVE-2006-2861 (SQL injection vulnerability in index.php in Particle Wiki 1.0.2 and ea ...)
	NOT-FOR-US: Particle Wiki
CVE-2006-2860 (PHP remote file inclusion vulnerability in Webspotblogging 3.0.1 allow ...)
	NOT-FOR-US: Webspotblogging
CVE-2006-2859
	NOT-FOR-US: MyBloggie
CVE-2006-2858 (SQL injection vulnerability in viewmsg.asp in LocazoList Classifieds 1 ...)
	NOT-FOR-US: LocazoList
CVE-2006-2857 (SQL injection vulnerability in index.php in LifeType 1.0.4 allows remo ...)
	NOT-FOR-US: LifeType
CVE-2006-2856 (ActiveState ActivePerl 5.8.8.817 for Windows configures the site/lib d ...)
	NOT-FOR-US: ActiveState
CVE-2006-2855 (SQL injection vulnerability in index.php in xueBook 1.0 allows remote  ...)
	NOT-FOR-US: xueBook
CVE-2006-2854 (SQL injection vulnerability in index.php in iBWd Guestbook 1.0 allows  ...)
	NOT-FOR-US: iBWd
CVE-2006-2853 (SQL injection vulnerability in content.php in abarcar Realty Portal 5. ...)
	NOT-FOR-US: abarcar
CVE-2006-2852 (PHP remote file inclusion vulnerability in dotWidget CMS 1.0.6 and ear ...)
	NOT-FOR-US: dotWidget
CVE-2006-2851 (Cross-site scripting (XSS) vulnerability in index.php in dotProject 2. ...)
	NOT-FOR-US: dotProject
CVE-2006-2850 (Cross-site scripting (XSS) vulnerability in recentchanges.php in PHP L ...)
	NOT-FOR-US: LabWiki
CVE-2006-2849 (PHP remote file inclusion vulnerability in includes/webdav/server.php  ...)
	NOT-FOR-US: Bytehoard
CVE-2006-2848 (links.asp in aspWebLinks 2.0 allows remote attackers to change the adm ...)
	NOT-FOR-US: aspWebLinks
CVE-2006-2847 (SQL injection vulnerability in links.asp in aspWebLinks 2.0 allows rem ...)
	NOT-FOR-US: aspWebLinks
CVE-2006-2846 (Cross-site scripting (XSS) vulnerability in Print.PHP in VisionGate Po ...)
	NOT-FOR-US: VisionGate
CVE-2006-2845 (PHP remote file inclusion vulnerability in Redaxo 3.0 up to 3.2 allows ...)
	NOT-FOR-US: Redaxo
CVE-2006-2844 (Multiple PHP remote file inclusion vulnerabilities in Redaxo 3.0 allow ...)
	NOT-FOR-US: Redaxo
CVE-2006-2843 (PHP remote file inclusion vulnerability in Redaxo 2.7.4 allows remote  ...)
	NOT-FOR-US: Redaxo
CVE-2006-2841 (Multiple PHP remote file inclusion vulnerabilities in AssoCIateD (aka  ...)
	NOT-FOR-US: AssoCIateD
CVE-2006-2840 (Cross-site scripting (XSS) vulnerability in (1) uploads.php and (2) "u ...)
	NOT-FOR-US: PmWiki
CVE-2006-2839 (Directory traversal vulnerability in PG Problem Editor module (PGProbl ...)
	NOT-FOR-US: WeBWorK
CVE-2006-2838 (Buffer overflow in the web console in F-Secure Anti-Virus for Microsof ...)
	NOT-FOR-US: F-Secure
CVE-2006-2837 (Cross-site scripting (XSS) vulnerability in Techno Dreams Guest Book a ...)
	NOT-FOR-US: Techno Dreams
CVE-2006-2836 (SQL injection vulnerability in comment.php in Pineapple Technologies L ...)
	NOT-FOR-US: Pineapple Technologies Lore
CVE-2006-2835 (SQL injection vulnerability in saphplesson 2.0 allows remote attackers ...)
	NOT-FOR-US: saphplesson
CVE-2006-2834 (PHP remote file inclusion vulnerability in includes/common.php in gnop ...)
	NOT-FOR-US: gnopaste
CVE-2006-2833 (Cross-site scripting (XSS) vulnerability in the taxonomy module in Dru ...)
	{DSA-1125}
	- drupal 4.5.8-1.1 (medium)
CVE-2006-2832 (Cross-site scripting (XSS) vulnerability in the upload module (upload. ...)
	{DSA-1125}
	- drupal 4.5.8-1.1 (medium)
CVE-2006-2831 (Drupal 4.6.x before 4.6.8 and 4.7.x before 4.7.2, when running under c ...)
	{DSA-1125}
	NOTE: Although not in the changelog, sesse@ (responsible for 4.5.8-1.1)
	NOTE: says he pulled in the entire patch for DRUPAL-SA-2006-007, which
	NOTE: fixes CVE-2006-2831.
	- drupal 4.5.8-1.1 (medium)
CVE-2006-2830 (Buffer overflow in TIBCO Rendezvous before 7.5.1, TIBCO Runtime Agent  ...)
	NOT-FOR-US: TIBCO
CVE-2006-2829 (Buffer overflow in Hawk Monitoring Agent (HMA) for TIBCO Hawk before 4 ...)
	NOT-FOR-US: TIBCO
CVE-2006-2828 (Global variable overwrite vulnerability in PHP-Nuke allows remote atta ...)
	NOT-FOR-US: PHP-Nuke
CVE-2006-2827
	NOT-FOR-US: X-Cart
CVE-2006-2826 (SQL injection vulnerability in sessions.inc in PHP Base Library (PHPLi ...)
	NOT-FOR-US: PHPLIB
CVE-2006-2825 (cPanel does not automatically synchronize the PHP open_basedir configu ...)
	NOT-FOR-US: cPanel the vhost manager, not cpanel the Chinese desktop configuration tool
CVE-2006-2824 (Logicalware MailManager before 2.0.10 does not remove 0xc8 0x27 (0xc8  ...)
	NOT-FOR-US: Logicalware
CVE-2006-2823 (Katrien De Graeve a.shopKart 2.0 (aka ashopKart20) stores sensitive in ...)
	NOT-FOR-US: ashopKart
CVE-2006-2822 (SQL injection vulnerability in admin/default.asp in Dusan Drobac CodeA ...)
	NOT-FOR-US: cforum
CVE-2006-2821 (Multiple cross-site scripting (XSS) vulnerabilities in DeltaScripts Pr ...)
	NOT-FOR-US: DeltaScripts
CVE-2006-2820 (Cross-site scripting (XSS) vulnerability in HotWebScripts.com Weblog O ...)
	NOT-FOR-US: HotWebScripts
CVE-2006-2819 (PHP remote file inclusion vulnerability in Wiki.php in Barnraiser Iglo ...)
	NOT-FOR-US: Barnraiser Igloo
CVE-2006-2818 (PHP remote file inclusion vulnerability in common-menu.php in Cameron  ...)
	NOT-FOR-US: Cameron McKay Informium
CVE-2006-2817 (SQL injection vulnerability in bolum.php in tekno.Portal allows remote ...)
	NOT-FOR-US: tekno.Portal
CVE-2006-2816 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in co ...)
	NOT-FOR-US: CoolPHP
CVE-2006-2815 (Multiple cross-site scripting (XSS) vulnerabilities in Two Shoes M-Fac ...)
	NOT-FOR-US: SimpleBoard
CVE-2006-2814 (Multiple buffer overflows in the (1) vGetPost and (2) main functions i ...)
	NOT-FOR-US: iShopCart
CVE-2006-2813 (Directory traversal vulnerability in easy-scart.cgi in iShopCart allow ...)
	NOT-FOR-US: iShopCart
CVE-2006-2812 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in Do ...)
	NOT-FOR-US: PICRATE
CVE-2006-2811 (Multiple PHP remote file inclusion vulnerabilities in Cantico Ovidenti ...)
	NOT-FOR-US: Ovidentia
CVE-2006-2810 (Multiple cross-site scripting (XSS) vulnerabilities in Belchior Foundr ...)
	NOT-FOR-US: Belchior vCard
CVE-2006-2809 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ar ...)
	NOT-FOR-US: ar-blog
CVE-2006-2808 (Cross-site scripting (XSS) vulnerability in Lycos Tripod htmlGEAR gues ...)
	NOT-FOR-US: Lycos
CVE-2006-2807 (ASPwebSoft Speedy Asp Discussion Forum allows remote attackers to chan ...)
	NOT-FOR-US: ASPwebSoft
CVE-2006-2806 (The SMTP server in Apache Java Mail Enterprise Server (aka Apache Jame ...)
	NOT-FOR-US: Apache James
CVE-2006-2842
	- squirrelmail 2:1.4.7-1 (unimportant; bug #373731)
	NOTE: Only exploitable with register_globals enabled
CVE-2006-XXXX [webalizer: symlink vulnerability]
	- webalizer 2.01.10-29 (low; bug #359745)
	[sarge] - webalizer <no-dsa> (Minor issue)
	NOTE: Only exploitable in far-fetched scenarios, running it as root is insecure anyway
CVE-2006-2805 (SQL injection vulnerability in VBulletin 3.0.10 allows remote attacker ...)
	NOT-FOR-US: vBulletin
CVE-2006-2804 (Cross-site scripting (XSS) vulnerability in index.cfm in Goss Intellig ...)
	NOT-FOR-US: Goss iCM
CVE-2006-2803 (Multiple cross-site scripting (XSS) vulnerabilities in PHP ManualMaker ...)
	NOT-FOR-US: PHP ManualMaker
CVE-2006-2802 (Buffer overflow in the HTTP Plugin (xineplug_inp_http.so) for xine-lib ...)
	{DSA-1105}
	- xine-lib 1.1.1-2 (bug #369876; medium)
CVE-2006-2801 (Multiple SQL injection vulnerabilities in Unak CMS 1.5 RC2 and earlier ...)
	NOT-FOR-US: Unak CMS
CVE-2006-2800 (Multiple cross-site scripting (XSS) vulnerabilities in Unak CMS 1.5 RC ...)
	NOT-FOR-US: Unak CMS
CVE-2006-2799 (Cross-site scripting (XSS) vulnerability in content_footer.php in toen ...)
	NOT-FOR-US: toendaCMS
CVE-2006-2798 (Multiple cross-site scripting (XSS) vulnerabilities in phpCommunityCal ...)
	NOT-FOR-US: phpCommunityCalendar
CVE-2006-2797 (Multiple SQL injection vulnerabilities in phpCommunityCalendar 4.0.3 a ...)
	NOT-FOR-US: phpCommunityCalendar
CVE-2006-2796 (Cross-site scripting (XSS) vulnerability in gallery.php in Captivate 1 ...)
	NOT-FOR-US: Captivate gallery.php
CVE-2006-2795 (Multiple cross-site scripting (XSS) vulnerabilities in XiTi Tracking S ...)
	NOT-FOR-US: XiTi Tracking Script
CVE-2006-2794 (Hesabim.asp in ASPSitem 2.0 and earlier allows remote attackers to rea ...)
	NOT-FOR-US: ASPSitem
CVE-2006-2793 (SQL injection vulnerability in Anket.asp in ASPSitem 2.0 and earlier a ...)
	NOT-FOR-US: ASPSitem
CVE-2006-2792 (SQL injection vulnerability in misc.php in Woltlab Burning Board (WBB) ...)
	NOT-FOR-US: wbboard
CVE-2006-2791 (Directory traversal vulnerability in index.php in iBoutique.MALL and p ...)
	NOT-FOR-US: iBoutique.MALL
CVE-2006-2790 (A package component in Sun Storage Automated Diagnostic Environment (S ...)
	NOT-FOR-US: Sun StorADE
CVE-2006-2789 (Evolution 2.2.x and 2.3.x in GNOME 2.7 and 2.8, when "load images if s ...)
	- evolution 2.4.0-1 (low)
	[sarge] - evolution <not-affected> (Not reproducible on Sarge's evolution)
	NOTE: Verified that the patch has been applied in 2.4.0-1,
	NOTE: may have been fixed earlier.
CVE-2006-2788 (Double free vulnerability in the getRawDER function for nsIX509Cert in ...)
	{DSA-1210 DSA-1192-1 DSA-1191-1}
	- mozilla <removed> (high)
	- firefox 1.5.dfsg+1.5.0.4 (high)
	- xulrunner 1.8.0.4-1 (high)
CVE-2006-2787 (EvalInSandbox in Mozilla Firefox and Thunderbird before 1.5.0.4 allows ...)
	{DSA-1134-1 DSA-1120 DSA-1118}
	NOTE: MFSA-2006-31
	- firefox 1.5.dfsg+1.5.0.4-1 (medium)
	- thunderbird 1.5.0.4-1 (medium)
	- mozilla 2:1.7.13-0.3 (medium)
	- xulrunner 1.8.0.4-1 (medium)
CVE-2006-2786 (HTTP response smuggling vulnerability in Mozilla Firefox and Thunderbi ...)
	{DSA-1134-1 DSA-1120 DSA-1118}
	NOTE: MFSA-2006-33
	- firefox 1.5.dfsg+1.5.0.4-1 (medium)
	- thunderbird 1.5.0.4-1 (medium)
	- mozilla 2:1.7.13-0.3 (medium)
	- xulrunner 1.8.0.4-1 (medium)
CVE-2006-2785 (Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 1.5 ...)
	{DSA-1134-1 DSA-1120 DSA-1118}
	NOTE: MFSA-2006-34
	- firefox 1.5.dfsg+1.5.0.4-1 (medium)
	- mozilla 2:1.7.13-0.3 (medium)
	- xulrunner 1.8.0.4-1 (medium)
CVE-2006-2784 (The PLUGINSPAGE functionality in Mozilla Firefox before 1.5.0.4 allows ...)
	{DSA-1134-1 DSA-1120 DSA-1118}
	NOTE: MFSA-2006-36
	- firefox 1.5.dfsg+1.5.0.4-1 (medium)
	- mozilla <removed> (medium)
	- xulrunner 1.8.0.4-1 (medium)
CVE-2006-2783 (Mozilla Firefox and Thunderbird before 1.5.0.4 strip the Unicode Byte- ...)
	{DSA-1134-1 DSA-1120 DSA-1118}
	NOTE: MFSA-2006-42
	- firefox 1.5.dfsg+1.5.0.4-1 (medium)
	- thunderbird 1.5.0.4-1 (medium)
	- mozilla 2:1.7.13-0.3 (medium)
	- xulrunner 1.8.0.4-1 (medium)
	- webkit 1.0.1-1 (bug #535793)
	NOTE: http://trac.webkit.org/changeset/33380
	- qt4-x11 4:4.6.2-4 (low; bug #561760)
	[lenny] - qt4-x11 <no-dsa> (Minor impact, no apps in Lenny which use qtwebkit )
	NOTE: QT4 might be fixed earlier, but only 4.6.2 was checked against, Lenny is affected
	- kdelibs <not-affected> (bug #561765)
CVE-2006-2782 (Firefox 1.5.0.2 does not fix all test cases associated with CVE-2006-1 ...)
	{DSA-1134-1 DSA-1120 DSA-1118}
	NOTE: MFSA-2006-41
	- firefox 1.5.dfsg+1.5.0.4-1 (medium)
	- mozilla 2:1.7.13-0.3 (medium)
	- xulrunner 1.8.0.4-1 (medium)
CVE-2006-2781 (Double free vulnerability in nsVCard.cpp in Mozilla Thunderbird before ...)
	{DSA-1134-1 DSA-1118}
	NOTE: MFSA-2006-40
	- thunderbird 1.5.0.4-1 (high)
	- mozilla 2:1.7.13-0.3 (high)
CVE-2006-2780 (Integer overflow in Mozilla Firefox and Thunderbird before 1.5.0.4 all ...)
	{DSA-1134-1 DSA-1120 DSA-1118}
	NOTE: MFSA-2006-32
	- firefox 1.5.dfsg+1.5.0.4-1 (high)
	- thunderbird 1.5.0.4-1 (high)
	- mozilla 2:1.7.13-0.3 (high)
	- xulrunner 1.8.0.4-1 (high)
CVE-2006-2779 (Mozilla Firefox and Thunderbird before 1.5.0.4 allow remote attackers  ...)
	{DSA-1160 DSA-1159 DSA-1134-1 DSA-1120 DSA-1118}
	NOTE: MFSA-2006-32
	- firefox 1.5.dfsg+1.5.0.4-1 (high)
	- thunderbird 1.5.0.4-1 (high)
	- mozilla 2:1.7.13-0.3 (high)
	- xulrunner 1.8.0.4-1 (high)
CVE-2006-2778 (The crypto.signText function in Mozilla Firefox and Thunderbird before ...)
	{DSA-1134-1 DSA-1120 DSA-1118}
	NOTE: MFSA-2006-38
	- firefox 1.5.dfsg+1.5.0.4-1 (high)
	- thunderbird 1.5.0.4-1 (high)
	- mozilla 2:1.7.13-0.3 (high)
	- xulrunner 1.8.0.4-1 (high)
CVE-2006-2777 (Unspecified vulnerability in Mozilla Firefox before 1.5.0.4 and SeaMon ...)
	{DSA-1134-1 DSA-1120 DSA-1118}
	NOTE: MFSA-2006-43
	- firefox 1.5.dfsg+1.5.0.4-1 (high)
	- mozilla 2:1.7.13-0.3 (high)
	- xulrunner 1.8.0.4-1 (high)
CVE-2006-2776 (Certain privileged UI code in Mozilla Firefox and Thunderbird before 1 ...)
	{DSA-1134-1 DSA-1120 DSA-1118}
	NOTE: MFSA-2006-37
	- firefox 1.5.dfsg+1.5.0.4-1 (high)
	- thunderbird 1.5.0.4-1 (high)
	- mozilla 2:1.7.13-0.3 (high)
	- xulrunner 1.8.0.4-1 (high)
CVE-2006-2775 (Mozilla Firefox and Thunderbird before 1.5.0.4 associates XUL attribut ...)
	{DSA-1134-1 DSA-1120 DSA-1118}
	NOTE: MFSA-2006-35
	- firefox 1.5.dfsg+1.5.0.4-1 (high)
	- thunderbird 1.5.0.4-1 (high)
	- mozilla 2:1.7.13-0.3 (high)
	- xulrunner 1.8.0.4-1 (high)
CVE-2006-2774 (Cross-site scripting (XSS) vulnerability in search.php in QontentOne C ...)
	NOT-FOR-US: QontentOne
CVE-2006-2773 (admin/redigera/redigera2.asp in Hogstorps hogstorp Guestbook 2.0 does  ...)
	NOT-FOR-US: Hogstorps
CVE-2006-2772 (Cross-site scripting (XSS) vulnerability in add.asp in Hogstorps hogst ...)
	NOT-FOR-US: Hogstorps
CVE-2006-2771 (admin/radera/tabort.asp in Hogstorps hogstorp guestbook 2.0 does not v ...)
	NOT-FOR-US: Hogstorps
CVE-2006-2770 (Directory traversal vulnerability in randompic.php in pppBLOG 0.3.8 an ...)
	NOT-FOR-US: pppBLOG
CVE-2006-2769 (The HTTP Inspect preprocessor (http_inspect) in Snort 2.4.0 through 2. ...)
	- snort 2.3.3-8 (low; bug #381726)
	[sarge] - snort <no-dsa> (Minor impact)
CVE-2006-2768 (PHP remote file inclusion vulnerability in METAjour 2.1, when register ...)
	NOT-FOR-US: METAjour
CVE-2006-2767 (PHP remote file inclusion vulnerability in Ottoman 1.1.2, when registe ...)
	NOT-FOR-US: Ottoman
CVE-2006-2766 (Buffer overflow in INETCOMM.DLL, as used in Microsoft Internet Explore ...)
	NOT-FOR-US: Microsoft
CVE-2006-2765 (Cross-site scripting (XSS) vulnerability in news_information.php in In ...)
	NOT-FOR-US: Interlink
CVE-2006-2764 (Cross-site scripting (XSS) vulnerability in GuestbookXL 1.3 allows rem ...)
	NOT-FOR-US: GuestbookXL
CVE-2006-2763 (SQL injection vulnerability in Pre News Manager 1.0 allows remote atta ...)
	NOT-FOR-US: Pre News Manager
CVE-2006-2762 (PHP remote file inclusion vulnerability in includes/config.php in WebC ...)
	{DSA-1096-1}
	- webcalendar 1.0.4-1 (medium)
CVE-2006-2761 (SQL injection vulnerability in Hitachi HITSENSER3 HITSENSER3/PRP, HITS ...)
	NOT-FOR-US: Hitachi
CVE-2006-2760 (SQL injection vulnerability in modules.php in 4nNukeWare 4nForum 0.91  ...)
	NOT-FOR-US: 4nForum
CVE-2006-2759 (jetty 6.0.x (jetty6) beta16 allows remote attackers to read arbitrary  ...)
	- jetty <not-affected> (vulnerable code not in Debian version)
CVE-2006-2758 (Directory traversal vulnerability in jetty 6.0.x (jetty6) beta16 allow ...)
	- jetty <not-affected> (vulnerable code not in Debian version)
CVE-2006-2757 (Cross-site scripting (XSS) vulnerability in Chipmunk guestbook allows  ...)
	NOT-FOR-US: Chipmunk guestbook
CVE-2006-2756 (Eitsop My Web Server 1.0 allows remote attackers to cause a denial of  ...)
	NOT-FOR-US: Eitsop
CVE-2006-2755 (Cross-site scripting (XSS) vulnerability in index.php in UBBThreads 5. ...)
	NOT-FOR-US: UBBThreads
CVE-2006-2754 (Stack-based buffer overflow in st.c in slurpd for OpenLDAP before 2.3. ...)
	- openldap2.3 2.3.24-1 (bug #375494; bug #377047; unimportant)
	NOTE: File is only written and read by slurpd, only editable by root
CVE-2006-2752 (The RedCarpet /etc/ximian/rcd.conf configuration file in Novell Linux  ...)
	NOT-FOR-US: RedCarpet
CVE-2006-2751 (Cross-site scripting (XSS) vulnerability in Open Searchable Image Cata ...)
	NOT-FOR-US: OSIC
CVE-2006-2750 (Cross-site scripting (XSS) vulnerability in the do_mysql_query functio ...)
	NOT-FOR-US: OSIC
CVE-2006-2749 (SQL injection vulnerability in search.php in Open Searchable Image Cat ...)
	NOT-FOR-US: OSIC
CVE-2006-2748 (SQL injection vulnerability in the do_mysql_query function in core.php ...)
	NOT-FOR-US: OSIC
CVE-2006-2747 (Directory traversal vulnerability in index.php in PhpMyDesktop|arcade  ...)
	NOT-FOR-US: PhpMyDesktop
CVE-2006-2746 (Multiple cross-site scripting (XSS) vulnerabilities in F@cile Interact ...)
	NOT-FOR-US: F@cile
CVE-2006-2745 (Multiple PHP remote file inclusion vulnerabilities in F@cile Interacti ...)
	NOT-FOR-US: F@cile
CVE-2006-2744 (PHP remote file inclusion vulnerability in p-popupgallery.php in F@cil ...)
	NOT-FOR-US: F@cile
CVE-2006-2743 (Drupal 4.6.x before 4.6.7 and 4.7.0, when running on Apache with mod_m ...)
	{DSA-1125}
	- drupal 4.5.8-1.1 (bug #368835; medium)
CVE-2006-2742 (SQL injection vulnerability in Drupal 4.6.x before 4.6.7 and 4.7.0 all ...)
	{DSA-1125}
	- drupal 4.5.8-1.1 (medium)
CVE-2006-2741 (Cross-site scripting (XSS) vulnerability in Epicdesigns tinyBB 0.3 all ...)
	NOT-FOR-US: tinyBB
CVE-2006-2740 (Multiple SQL injection vulnerabilities in Epicdesigns tinyBB 0.3 allow ...)
	NOT-FOR-US: tinyBB
CVE-2006-2739 (PHP remote file inclusion vulnerability in footers.php in Epicdesigns  ...)
	NOT-FOR-US: tinyBB
CVE-2006-2738 (The open source version of Open-Xchange 0.8.2 and earlier uses a stati ...)
	NOT-FOR-US: Open-Xchange
CVE-2006-2737 (utilities/register.asp in Nukedit 4.9.6 and earlier allows remote atta ...)
	NOT-FOR-US: Nukedit
CVE-2006-2736 (PHP remote file inclusion vulnerability in blend_data/blend_common.php ...)
	NOT-FOR-US: Blend Portal
CVE-2006-2735 (PHP remote file inclusion vulnerability in language/lang_english/lang_ ...)
	NOT-FOR-US: Amod
CVE-2006-2734 (enter.asp in Mini-Nuke 2.3 and earlier makes it easier for remote atta ...)
	NOT-FOR-US: Mini-Nuke
CVE-2006-2733 (membership.asp in Mini-Nuke 2.3 and earlier uses plaintext security co ...)
	NOT-FOR-US: Mini-Nuke
CVE-2006-2732 (SQL injection vulnerability in Your_Account.asp in Mini-Nuke 2.3 and e ...)
	NOT-FOR-US: Mini-Nuke
CVE-2006-2731 (Multiple SQL injection vulnerabilities in Enigma Haber 4.3 and earlier ...)
	NOT-FOR-US: Enigma Haber
CVE-2006-2730 (PHP remote file inclusion vulnerability in admin/lib_action_step.php i ...)
	NOT-FOR-US: Hot Open Tickets
CVE-2006-2729 (Cross-site scripting (XSS) vulnerability in superalbum/index.php in Ph ...)
	NOT-FOR-US: Photoalbum
CVE-2006-2728 (Cross-site scripting (XSS) vulnerability in superalbum/index.php in Ph ...)
	NOT-FOR-US: Photoalbum
CVE-2006-2727 (home/register.php in Eggblog before 3.0 allows remote attackers to cha ...)
	NOT-FOR-US: Eggblog
CVE-2006-2726 (PHP remote file inclusion vulnerability in Fastpublish CMS 1.6.9.d all ...)
	NOT-FOR-US: Fastpublish
CVE-2006-2725 (SQL injection vulnerability in rss/posts.php in Eggblog before 3.07 al ...)
	NOT-FOR-US: Eggblog
CVE-2006-2724 (Cross-site scripting (XSS) vulnerability in PunBB 1.2.11 allows remote ...)
	NOT-FOR-US: PunBB
CVE-2006-2723 (Unspecified versions of Mozilla Firefox allow remote attackers to caus ...)
	- firefox 45.0-1 (unimportant)
	- firefox-esr 45.0esr-1 (unimportant)
	- iceweasel <removed> (unimportant)
	- mozilla <removed> (unimportant)
	- mozilla-firefox <removed> (unimportant)
	- xulrunner <unfixed> (unimportant)
	NOTE: Non-issue
CVE-2006-2722 (SQL injection vulnerability in view_album.php in SelectaPix 1.4 allows ...)
	NOT-FOR-US: SelectaPix
CVE-2006-2721 (Cross-site scripting (XSS) vulnerability in news.php in VARIOMAT allow ...)
	NOT-FOR-US: VARIOMAT
CVE-2006-2720 (SQL injection vulnerability in news.php in VARIOMAT allows remote atta ...)
	NOT-FOR-US: VARIOMAT
CVE-2006-2719 (JIWA Financials 6.4.14 stores usernames and passwords for all accounts ...)
	NOT-FOR-US: JIWA
CVE-2006-2718 (JIWA Financials 6.4.14 passes a Microsoft SQL Server account's usernam ...)
	NOT-FOR-US: JIWA
CVE-2006-2717 (Unspecified vulnerability in Secure Elements Class 5 AVR client and se ...)
	NOT-FOR-US: C5 EVM
CVE-2006-2716 (Secure Elements Class 5 AVR server (aka C5 EVM) before 2.8.1 uses a ha ...)
	NOT-FOR-US: C5 EVM
CVE-2006-2715 (The Administration Console in Secure Elements Class 5 AVR (aka C5 EVM) ...)
	NOT-FOR-US: C5 EVM
CVE-2006-2714 (Secure Elements Class 5 AVR client (aka C5 EVM) before 2.8.1 does not  ...)
	NOT-FOR-US: C5 EVM
CVE-2006-2713 (Secure Elements Class 5 AVR client (aka C5 EVM) before 2.8.1 generates ...)
	NOT-FOR-US: C5 EVM
CVE-2006-2712 (Secure Elements Class 5 AVR (aka C5 EVM) client and server before 2.8. ...)
	NOT-FOR-US: C5 EVM
CVE-2006-2711 (Secure Elements Class 5 AVR (aka C5 EVM) 2.8.1 and earlier, and possib ...)
	NOT-FOR-US: C5 EVM
CVE-2006-2710 (Secure Elements Class 5 AVR (aka C5 EVM) before 2.8.1 uses the same in ...)
	NOT-FOR-US: C5 EVM
CVE-2006-2709 (Secure Elements Class 5 AVR (aka C5 EVM) before 2.8.1 do not validate  ...)
	NOT-FOR-US: C5 EVM
CVE-2006-2708 (Secure Elements Class 5 AVR client (aka C5 EVM) before 2.8.1 allows re ...)
	NOT-FOR-US: C5 EVM
CVE-2006-2707 (Secure Elements Class 5 AVR server (aka C5 EVM) before 2.8.1 does not  ...)
	NOT-FOR-US: C5 EVM
CVE-2006-2706 (Secure Elements Class 5 AVR server (aka C5 EVM) before 2.8.1 allows re ...)
	NOT-FOR-US: C5 EVM
CVE-2006-2705 (Secure Elements Class 5 AVR server (aka C5 EVM) before 2.8.1 allows re ...)
	NOT-FOR-US: C5 EVM
CVE-2006-2704 (Secure Elements Class 5 AVR server and client (aka C5 EVM) before 2.8. ...)
	NOT-FOR-US: C5 EVM
CVE-2006-2703 (The RedCarpet command-line client (rug) does not verify SSL certificat ...)
	NOT-FOR-US: RedCarpet
CVE-2006-2702 (vars.php in WordPress 2.0.2, possibly when running on Mac OS X, allows ...)
	- wordpress 2.0.3-1 (bug #369014; medium)
CVE-2006-2701 (SQL injection vulnerability in Geeklog 1.4.0sr2 and earlier allows rem ...)
	NOT-FOR-US: Geeklog
CVE-2006-2700 (SQL injection vulnerability in admin/auth.inc.php in Geeklog 1.4.0sr2  ...)
	NOT-FOR-US: Geeklog
CVE-2006-2699 (Cross-site scripting (XSS) vulnerability in getimage.php in Geeklog 1. ...)
	NOT-FOR-US: Geeklog
CVE-2006-2698 (Geeklog 1.4.0sr2 and earlier allows remote attackers to obtain the ful ...)
	NOT-FOR-US: Geeklog
CVE-2006-2697 (Multiple SQL injection vulnerabilities in Easy-Content Forums 1.0 allo ...)
	NOT-FOR-US: Easy-Content
CVE-2006-2696 (Cross-site scripting (XSS) vulnerabilities in Easy-Content Forums 1.0  ...)
	NOT-FOR-US: Easy-Content
CVE-2006-2695 (admin/upprocess.php in DGNews 1.5 and earlier allows remote attackers  ...)
	NOT-FOR-US: DGNews
CVE-2006-2694 (Multiple PHP remote file inclusion vulnerabilities in EzUpload Pro 2.1 ...)
	NOT-FOR-US: EzUpload
CVE-2006-2693 (Directory traversal vulnerability in admin/admin_hacks_list.php in Niv ...)
	NOT-FOR-US: Nivisec
CVE-2006-2692 (Multiple unspecified vulnerabilities in aMuleWeb for AMule before 2.1. ...)
	- amule 2.1.2-1 (medium)
CVE-2006-2691 (Unspecified "information leakage" vulnerabilities in aMuleWeb for AMul ...)
	- amule 2.1.2-1 (medium)
CVE-2006-2690 (An unspecified script in EVA-Web 2.1.2 and earlier, probably index.php ...)
	NOT-FOR-US: EVA-Web
CVE-2006-2689 (Multiple cross-site scripting (XSS) vulnerabilities in EVA-Web 2.1.2 a ...)
	NOT-FOR-US: EVA-Web
CVE-2006-2688 (SQL injection vulnerability in the employees node (class.employee.inc) ...)
	NOT-FOR-US: Achievo
CVE-2006-2687 (Cross-site scripting (XSS) vulnerability in adduser.php in PHP-AGTC Me ...)
	NOT-FOR-US: AGTC
CVE-2006-2686 (PHP remote file inclusion vulnerabilities in ActionApps 2.8.1 allow re ...)
	NOT-FOR-US: ActionApps
CVE-2006-2685 (PHP remote file inclusion vulnerability in Basic Analysis and Security ...)
	- acidbase 1.2.5-1 (bug #370576; low)
CVE-2006-2684 (Cross-site scripting (XSS) vulnerability in the search module in CMS M ...)
	NOT-FOR-US: Mundo
CVE-2006-2683 (PHP remote file inclusion vulnerability in 404.php in open-medium.CMS  ...)
	NOT-FOR-US: open-medium
CVE-2006-2682 (PHP remote file inclusion vulnerability in BE_config.php in Back-End C ...)
	NOT-FOR-US: Back-End
CVE-2006-2681 (PHP remote file inclusion vulnerability in SocketMail Lite and Pro 2.2 ...)
	NOT-FOR-US: SocketMail
CVE-2006-2680 (Cross-site scripting (XSS) vulnerability in index.php in AZ Photo Albu ...)
	NOT-FOR-US: AZ Photo Album
CVE-2006-2679 (Unspecified vulnerability in the VPN Client for Windows Graphical User ...)
	NOT-FOR-US: Cisco
CVE-2006-2678 (Multiple cross-site scripting (XSS) vulnerabilities in Pre News Manage ...)
	NOT-FOR-US: Pre News Manager
CVE-2006-2677 (SiteScape Forum 7.2 and possibly earlier stores the avf.rc configurait ...)
	NOT-FOR-US: SiteScape Forum
CVE-2006-2676 (Dispatch.cgi/_user/uservCard/ in SiteScape Forum 7.2 and possibly earl ...)
	NOT-FOR-US: SiteScape Forum
CVE-2006-2675 (PHP remote file inclusion vulnerability in ubbt.inc.php in UBBThreads  ...)
	NOT-FOR-US: UBBThreads
CVE-2006-2674 (Multiple SQL injection vulnerabilities in Tamber Forum 1.9.13 and earl ...)
	NOT-FOR-US: Tamber Forum
CVE-2006-2673 (Cross-site scripting (XSS) vulnerability in search.html in Bulletin Bo ...)
	NOT-FOR-US: Elite-Board
CVE-2006-2672 (Multiple cross-site scripting (XSS) vulnerabilities in Realty Pro One  ...)
	NOT-FOR-US: Realty Pro One
CVE-2006-2671 (SQL injection vulnerability in ChatPat 1.0 allows remote attackers to  ...)
	NOT-FOR-US: ChatPat
CVE-2006-2670 (Multiple cross-site scripting (XSS) vulnerabilities in ChatPat 1.0 all ...)
	NOT-FOR-US: ChatPat
CVE-2006-2669 (Multiple cross-site scripting (XSS) vulnerabilities in Pre Shopping Ma ...)
	NOT-FOR-US: Pre Shopping Mall
CVE-2006-2668 (Multiple PHP remote file inclusion vulnerabilities in Docebo LMS 2.05  ...)
	NOT-FOR-US: Docebo LMS
CVE-2006-2667 (Direct static code injection vulnerability in WordPress 2.0.2 and earl ...)
	- wordpress 2.0.3-1 (bug #369014; medium)
CVE-2006-2666 (PHP remote file inclusion vulnerability in includes/mailaccess/pop3.ph ...)
	NOT-FOR-US: V-Webmail
CVE-2006-2665 (PHP remote file inclusion vulnerability in includes/mailaccess/pop3/co ...)
	NOT-FOR-US: V-Webmail
CVE-2006-2664 (Cross-site scripting (XSS) vulnerability in iFdate 1.2 allows remote a ...)
	NOT-FOR-US: iFdate
CVE-2006-2663 (Multiple cross-site scripting (XSS) vulnerabilities in iFlance 1.1 all ...)
	NOT-FOR-US: iFlance
CVE-2006-2662 (VMware Server before RC1 does not clear user credentials from memory a ...)
	NOT-FOR-US: VMware Server
CVE-2006-2661 (ftutil.c in Freetype before 2.2 allows remote attackers to cause a den ...)
	{DSA-1095-1}
	- freetype 2.2.1-1 (medium)
CVE-2006-2660 (Buffer consumption vulnerability in the tempnam function in PHP 5.1.4  ...)
	- php4 4:4.4.4-1 (unimportant)
	- php5 5.1.6-1 (unimportant)
	NOTE: using a long enough path (>MAXPATHLEN) allows you to have
	NOTE: tempnam create a file without the temp extension. sounds like
	NOTE: another shoot yourself in the foot issue, since the local user
	NOTE: could just as easily create the file manually, and if the
	NOTE: tempnam function is taking unsanitized input, it's an
	NOTE: application error
CVE-2006-2658 (Directory traversal vulnerability in the xsp component in mod_mono in  ...)
	- xsp 1.1.15-1
CVE-2006-2657
	REJECTED
CVE-2006-2655 (The build process for ypserv in FreeBSD 5.3 up to 6.1 accidentally dis ...)
	NOT-FOR-US: build process for ypserv in FreeBSD
CVE-2006-2654 (Directory traversal vulnerability in smbfs smbfs on FreeBSD 4.10 up to ...)
	NOT-FOR-US: FreeBSD-specific (see CVE-2006-1864 for Linux-specific CVE)
CVE-2006-2653 (Cross-site scripting (XSS) vulnerability in login_error.shtml for D-Li ...)
	NOT-FOR-US: D-Link
CVE-2006-2652 (Cross-site scripting (XSS) vulnerability in WikiNi 0.4.2 and earlier a ...)
	NOT-FOR-US: WikiNi
CVE-2006-2651 (Cross-site scripting (XSS) vulnerability in index.php in Vacation Rent ...)
	NOT-FOR-US: Vacation Rental Script
CVE-2006-2650 (SQL injection vulnerability in cosmicshop/search.php in CosmicShopping ...)
	NOT-FOR-US: CosmicShoppingCart
CVE-2006-2649 (Multiple cross-site scripting (XSS) vulnerabilities in (a) search.php, ...)
	NOT-FOR-US: CosmicShoppingCart
CVE-2006-2648 (Cross-site scripting (XSS) vulnerability in perform_search.asp for ASP ...)
	NOT-FOR-US: ASPBB
CVE-2006-2647 (Untrusted search path vulnerability in update_flash for IBM AIX 5.1, 5 ...)
	NOT-FOR-US: IBM AIX
CVE-2006-2646 (Buffer overflow in Alt-N MDaemon, possibly 9.0.1 and earlier, allows r ...)
	NOT-FOR-US: Alt-N MDaemon
CVE-2006-2645 (PHP remote file inclusion vulnerability in manager/frontinc/prepend.ph ...)
	NOT-FOR-US: Plume
CVE-2006-2644 (AWStats 6.5, and possibly other versions, allows remote authenticated  ...)
	{DSA-1075-1}
	- awstats 6.5-2 (bug #365910)
CVE-2006-XXXX [specialy crafted WAV turns mkvmerge into a malloc bomb]
	- mkvtoolnix 1.7.0-2 (bug #370144; low)
CVE-2006-XXXX ['Cache' shell injection vulnerability]
	- wordpress 2.0.3-1 (high; bug #369014)
CVE-2006-2753 (SQL injection vulnerability in MySQL 4.1.x before 4.1.20 and 5.0.x bef ...)
	{DSA-1092-1}
	- mysql-dfsg <not-affected> (Vulnerable code was introduced in 4.1, see #369741)
	- mysql <not-affected> (Vulnerable code was introduced in 4.1, see #369754)
	- mysql-dfsg-5.0 5.0.22-1 (bug #369735; medium)
	- mysql-dfsg-4.1 <removed> (bug #369754; medium)
CVE-2006-2659 (libs/comverp.c in Courier MTA before 0.53.2 allows attackers to cause  ...)
	{DSA-1101}
	- courier 0.53.2-1 (bug #368834)
CVE-2006-2656 (Stack-based buffer overflow in the tiffsplit command in libtiff 3.8.2  ...)
	{DSA-1091-1}
	- tiff 3.8.2-3 (bug #369819; low)
	- tiff3 <not-affected> (fixed prior to initial upload)
CVE-2006-2643 (Cross-site scripting (XSS) vulnerability in index.php in Monster Top L ...)
	NOT-FOR-US: Monster Top List
CVE-2006-2642
	NOT-FOR-US: Php-residence
CVE-2006-2641
	NOT-FOR-US: John Frank Asset Manager
CVE-2006-2640 (Cross-site scripting (XSS) vulnerability in OmegaMw7a.ASP in OMEGA (ak ...)
	NOT-FOR-US: OMEGA INterneSErvicesLosungen (INSEL)
CVE-2006-2639 (Cross-site scripting (XSS) vulnerability in the input forms in prattmi ...)
	NOT-FOR-US: PHPSimpleChoose
CVE-2006-2638 (SQL injection vulnerability in member.asp in qjForum allows remote att ...)
	NOT-FOR-US: qjForum
CVE-2006-2637 (Cross-site scripting (XSS) vulnerability in view.php in TuttoPhp (1) M ...)
	NOT-FOR-US: TuttoPhp
CVE-2006-2636 (newsadmin.asp in Katy Whitton NewsCMSLite allows remote attackers to b ...)
	NOT-FOR-US: Katy Whitton NewsCMSLite
CVE-2006-2635 (Multiple cross-site scripting (XSS) vulnerabilities in Tikiwiki (aka T ...)
	- tikiwiki 1.9.4-1 (medium)
CVE-2006-2634 (Cross-site scripting (XSS) vulnerability in Neocrome Land Down Under ( ...)
	NOT-FOR-US: Neocrome Seditio
CVE-2006-2633 (Absolute path traversal vulnerability in the copy action in index.php  ...)
	NOT-FOR-US: Andrew Godwin ByteHoard
CVE-2006-2632 (Cross-site scripting (XSS) vulnerability in Andrew Godwin ByteHoard 2. ...)
	NOT-FOR-US: Andrew Godwin ByteHoard
CVE-2006-2631 (phpFoX allows remote authenticated users to modify arbitrary accounts  ...)
	NOT-FOR-US: phpFoX
CVE-2006-2630 (Stack-based buffer overflow in Symantec Antivirus 10.1 and Client Secu ...)
	NOT-FOR-US: Symantec
CVE-2006-2629 (Race condition in Linux kernel 2.6.15 to 2.6.17, when running on SMP p ...)
	- linux-2.6 2.6.18-1 (low)
CVE-2006-2628
	RESERVED
CVE-2006-2627
	RESERVED
CVE-2006-2626
	RESERVED
CVE-2006-2625
	RESERVED
CVE-2006-2624
	RESERVED
CVE-2006-2623
	RESERVED
CVE-2006-2622
	RESERVED
CVE-2006-2621
	RESERVED
CVE-2006-2620
	RESERVED
CVE-2006-2619
	RESERVED
CVE-2006-2618 (Cross-site scripting (XSS) vulnerability in (1) AlstraSoft Web Host Di ...)
	NOT-FOR-US: AlstraSoft Web Host Directory
CVE-2006-2617 ((1) AlstraSoft Web Host Directory 1.2, aka (2) HyperStop WebHost Direc ...)
	NOT-FOR-US: AlstraSoft Web Host Directory
CVE-2006-2616 (SQL injection vulnerability in the search script in (1) AlstraSoft Web ...)
	NOT-FOR-US: AlstraSoft Web Host Directory
CVE-2006-2615 (ping.php in Russcom.Ping allows remote attackers to execute arbitrary  ...)
	NOT-FOR-US: Russcom.Ping
CVE-2006-2614 (Sun N1 System Manager 1.1 for Solaris 10 before patch 121161-01 record ...)
	NOT-FOR-US: Sun Solaris
CVE-2006-2613 (Mozilla Suite 1.7.13, Mozilla Firefox 1.5.0.3 and possibly other versi ...)
	NOTE: Installation path disclosure is uninteresting on Debian systems.
	NOTE: The profile path might be more sensitive, but exploit that
	NOTE: requires another, real security bug.
CVE-2006-2612 (Novell Client for Windows 4.8 and 4.9 does not restrict access to the  ...)
	NOT-FOR-US: Novell Client for Windows
	NOTE: The Windows clipboard is a public resource anyway.
CVE-2006-2611 (Cross-site scripting (XSS) vulnerability in includes/Sanitizer.php in  ...)
	- mediawiki1.7 <not-affected> (Fixed in 1.7 prior to release)
	- mediawiki1.5 <removed>
CVE-2006-2610 (Cross-site scripting (XSS) vulnerability in view.php in phpRaid 2.9.5  ...)
	NOT-FOR-US: phpRaid
CVE-2006-2609 (artmedic newsletter 4.1.2 and possibly other versions, when register_g ...)
	NOT-FOR-US: artmedic newsletter
CVE-2006-2608 (artmedic newsletter 4.1 and possibly other versions, when register_glo ...)
	NOT-FOR-US: artmedic newsletter
CVE-2006-XXXX [mono xsp file disclosure]
	- xsp 1.1.15-1 (medium)
CVE-2006-2607 (do_command.c in Vixie cron (vixie-cron) 4.1 does not check the return  ...)
	- cron 3.0pl1-64 (bug #85609; bug #86775; medium)
CVE-2006-2606 (Cross-site scripting (XSS) vulnerability in Chatty, possibly 1.0.2 and ...)
	NOT-FOR-US: Chatty
CVE-2006-2605 (Cross-site scripting (XSS) vulnerability in DSChat 1.0 and earlier all ...)
	NOT-FOR-US: DSChat
CVE-2006-2604
	REJECTED
CVE-2006-2603
	REJECTED
CVE-2006-2602
	REJECTED
CVE-2006-2601
	REJECTED
CVE-2006-2600
	REJECTED
CVE-2006-2599
	REJECTED
CVE-2006-2598
	REJECTED
CVE-2006-2597
	REJECTED
CVE-2006-2596
	REJECTED
CVE-2006-2595
	REJECTED
CVE-2006-2594
	REJECTED
CVE-2006-2593
	REJECTED
CVE-2006-2592 (Unspecified vulnerability in DSChat 1.0 allows remote attackers to exe ...)
	NOT-FOR-US: DSChat
CVE-2006-2591 (Unspecified vulnerability in e107 before 0.7.5 has unknown impact and  ...)
	NOT-FOR-US: e107
CVE-2006-2590 (SQL injection vulnerability in e107 before 0.7.5 allows remote attacke ...)
	NOT-FOR-US: e107
CVE-2006-2589 (SQL injection vulnerability in rss.php in MyBB (aka MyBulletinBoard) 1 ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2006-2588 (Russcom PHPImages allows remote attackers to upload files of arbitrary ...)
	NOT-FOR-US: Russcom PHPImages
CVE-2006-2587 (Buffer overflow in the WebTool HTTP server component in (1) PunkBuster ...)
	NOT-FOR-US: WebTool HTTP server
CVE-2006-2586 (Cross-site scripting (XSS) vulnerability in IpLogger 1.7 and earlier a ...)
	NOT-FOR-US: IpLogger
CVE-2006-2585 (SQL injection vulnerability in Destiney Links Script 2.1.2 allows remo ...)
	NOT-FOR-US: Destiney Links Script
CVE-2006-2584 (Multiple cross-site scripting (XSS) vulnerabilities in post.php in Sky ...)
	NOT-FOR-US: SkyeBox
CVE-2006-2583 (PHP remote file inclusion vulnerability in nucleus/libs/PLUGINADMIN.ph ...)
	NOT-FOR-US: Nucleus
CVE-2006-2582 (The editing form in RWiki 2.1.0pre1 through 2.1.0 allows remote attack ...)
	NOT-FOR-US: RWiki
CVE-2006-2581 (Cross-site scripting (XSS) vulnerability in Wiki content in RWiki 2.1. ...)
	NOT-FOR-US: RWiki
CVE-2006-2580 (Multiple unspecified vulnerabilities in HP OpenView Network Node Manag ...)
	NOT-FOR-US: HP OpenView Network Node Manager
CVE-2006-2579 (Unspecified vulnerability in HP OpenView Storage Data Protector 5.1 an ...)
	NOT-FOR-US: HP OpenView Storage Data Protector
CVE-2006-2578 (admin/cron.php in eSyndicat Directory 1.2, when register_globals is en ...)
	NOT-FOR-US: eSyndicat Directory
CVE-2006-2577 (Multiple PHP remote file inclusion vulnerabilities in Docebo 3.0.3 and ...)
	NOT-FOR-US: Docebo
CVE-2006-2576 (Multiple PHP remote file inclusion vulnerabilities in Docebo 3.0.3 and ...)
	NOT-FOR-US: Docebo
CVE-2006-2575 (The setFrame function in Lib/2D/Surface.hpp for NetPanzer 0.8 and earl ...)
	- netpanzer 0.8+svn20060319-2 (bug #370146; low)
	[sarge] - netpanzer <no-dsa> (Minor DoS against a game)
CVE-2006-2574 (Multiple unspecified vulnerabilities in Software Distributor in HP-UX  ...)
	NOT-FOR-US: Software Distributor in HP-UX
CVE-2006-2573 (SQL injection vulnerability in index.php in DGBook 1.0, with magic_quo ...)
	NOT-FOR-US: DGBook
CVE-2006-2572 (Cross-site scripting (XSS) vulnerability in index.php in DGBook 1.0 al ...)
	NOT-FOR-US: DGBook
CVE-2006-2571 (Cross-site scripting (XSS) vulnerability in search.html in Alkacon Ope ...)
	NOT-FOR-US: Alkacon OpenCms
CVE-2006-2570 (PHP remote file inclusion vulnerability in CaLogic Calendars 1.2.2 all ...)
	NOT-FOR-US: CaLogic Calendars
CVE-2006-2569 (SQL injection vulnerability in links.php in 4R Linklist 1.0 RC2 and ea ...)
	NOT-FOR-US: Linklist
CVE-2006-2568 (PHP remote file inclusion vulnerability in addpost_newpoll.php in UBB. ...)
	NOT-FOR-US: UBB.threads
CVE-2006-2567 (Cross-site scripting (XSS) vulnerability in submit_article.php in Alst ...)
	NOT-FOR-US: Alstrasoft Article Manager Pro
CVE-2006-2566 (Alstrasoft Article Manager Pro 1.6 allows remote attackers to obtain s ...)
	NOT-FOR-US: Alstrasoft Article Manager Pro
CVE-2006-2565 (SQL injection vulnerability in Alstrasoft Article Manager Pro 1.6 allo ...)
	NOT-FOR-US: Alstrasoft Article Manager Pro
CVE-2006-2564 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in Al ...)
	NOT-FOR-US: Alstrasoft Article Manager Pro
CVE-2006-2563 (The cURL library (libcurl) in PHP 4.4.2 and 5.1.4 allows attackers to  ...)
	- php4 4:4.4.4-1 (bug #370166; unimportant)
	- php5 5.1.6-1 (bug #370165; unimportant)
	NOTE: Safe mode violations are not supported
CVE-2006-2562 (ZyXEL P-335WT router allows remote attackers to bypass access restrict ...)
	NOT-FOR-US: ZyXEL P-335WT router
CVE-2006-2561 (Edimax BR-6104K router allows remote attackers to bypass access restri ...)
	NOT-FOR-US: Edimax BR-6104K router
CVE-2006-2560 (Sitecom WL-153 router firmware before 1.38 allows remote attackers to  ...)
	NOT-FOR-US: Sitecom WL-153 router
CVE-2006-2559 (Linksys WRT54G Wireless-G Broadband Router allows remote attackers to  ...)
	NOT-FOR-US: Linksys WRT54G router
CVE-2006-2558 (Cross-site scripting (XSS) vulnerability in IpLogger 1.7 and earlier a ...)
	NOT-FOR-US: IpLogger
CVE-2006-2557 (PHP remote file inclusion vulnerability in extras/poll/poll.php in Flo ...)
	NOT-FOR-US: Newsportal
CVE-2006-2556 (Cross-site scripting (XSS) vulnerability in Florian Amrhein NewsPortal ...)
	- newsportal <itp> (bug #149069)
	NOTE: RFP #149069 closed after no activity since too long time
CVE-2006-2555 (The parse_command function in Genecys 0.2 and earlier allows remote at ...)
	NOT-FOR-US: Genecys
CVE-2006-2554 (Buffer overflow in the tell_player_surr_changes function in Genecys 0. ...)
	NOT-FOR-US: Genecys
CVE-2006-2553 (Cross-site scripting (XSS) vulnerability in Jemscripts DownloadControl ...)
	NOT-FOR-US: DownloadControl
CVE-2006-2552 (Jemscripts DownloadControl 1.0 allows remote attackers to obtain sensi ...)
	NOT-FOR-US: DownloadControl
CVE-2006-2551 (Unspecified vulnerability in the kernel in HP-UX B.11.00 allows local  ...)
	NOT-FOR-US: HP-UX
CVE-2006-2550 (perlpodder before 0.5 allows remote attackers to execute arbitrary cod ...)
	NOT-FOR-US: perlpodder
CVE-2006-2549 (Stack-based buffer overflow in PDF Form Filling and Flattening Tool be ...)
	NOT-FOR-US: PDF Form Filling and Flattening Tool
CVE-2006-2548 (Prodder before 0.5, and perlpodder before 0.5, allows remote attackers ...)
	NOT-FOR-US: prodder/perlpodder
CVE-2006-2547 (Unspecified vulnerability in the sapdba command in SAP with Informix b ...)
	NOT-FOR-US: Sap
CVE-2006-2546 (A recommended admin password reset mechanism for BEA WebLogic Server 8 ...)
	NOT-FOR-US: BEA
CVE-2006-2545 (Multiple cross-site scripting (XSS) vulnerabilities in Xtreme Topsites ...)
	NOT-FOR-US: Xtreme Topsites
CVE-2006-2544 (Multiple SQL injection vulnerabilities in Xtreme Topsites 1.1, with ma ...)
	NOT-FOR-US: Xtreme Topsites
CVE-2006-2543 (Xtreme Topsites 1.1 allows remote attackers to trigger MySQL errors an ...)
	NOT-FOR-US: Xtreme Topsites
CVE-2006-2542 (xmcdconfig in xmcd for Debian GNU/Linux 2.6-17.1 creates /var/lib/cddb ...)
	{DSA-1086-1}
	- xmcd 2.6-17.2 (bug #366816; medium)
CVE-2006-2541 (SQL injection vulnerability in settings.asp in Zixforum 1.12 allows re ...)
	NOT-FOR-US: Zixforum
CVE-2006-2540 (Privacy leak in install.php for Diesel PHP Job Site sends sensitive in ...)
	NOT-FOR-US: Diesel
CVE-2006-2539 (Sybase EAServer 5.0 for HP-UX Itanium, 5.2 for IBM AIX, HP-UX PA-RISC, ...)
	NOT-FOR-US: Sybase
CVE-2006-2538 (IE Tab 1.0.9 plugin for Mozilla Firefox 1.5.0.3 allows remote user-ass ...)
	NOT-FOR-US: Windows-only Firefox plugin
CVE-2006-2537 (Multiple format string vulnerabilities in (a) OpenBOR 2.0046 and earli ...)
	NOT-FOR-US: *BOR
CVE-2006-2536 (Cross-site scripting (XSS) vulnerability in Destiney Links Script 2.1. ...)
	NOT-FOR-US: Destiney
CVE-2006-2535 (index.php in Destiney Links Script 2.1.2 allows remote attackers to ob ...)
	NOT-FOR-US: Destiney
CVE-2006-2534 (Destiney Links Script 2.1.2 does not protect library and other support ...)
	NOT-FOR-US: Destiney
CVE-2006-2533 (Cross-site scripting (XSS) vulnerability in (1) addWeblog.php and (2)  ...)
	NOT-FOR-US: Destiney
CVE-2006-2532 (stats.php in Destiney Rated Images Script 0.5.0 allows remote attacker ...)
	NOT-FOR-US: Destiney
CVE-2006-2531 (Ipswitch WhatsUp Professional 2006 only verifies the user's identity v ...)
	NOT-FOR-US: Ipswitch
CVE-2006-2530 (avatar_upload.asp in Avatar MOD 1.3 for Snitz Forums 3.4, and possibly ...)
	NOT-FOR-US: Snitz mod
CVE-2006-2529 (editor/filemanager/upload/php/upload.php in FCKeditor before 2.3 Beta, ...)
	- knowledgeroot <not-affected> (fixed before first upload; see bug #381912)
CVE-2006-2528 (PHP remote file inclusion vulnerability in classified_right.php in php ...)
	NOT-FOR-US: phpBazar
CVE-2006-2527 (Admin/admin.php in phpBazar 2.1.0 and earlier allows remote attackers  ...)
	NOT-FOR-US: phpBazar
CVE-2006-2526 (PHP remote file inclusion vulnerability in index.php in PHP Easy Galer ...)
	NOT-FOR-US: PHP Easy Galerie
CVE-2006-2525 (SQL injection vulnerability in UseBB 1.0 RC1 and earlier allows remote ...)
	NOT-FOR-US: UseBB
CVE-2006-2524 (Cross-site scripting (XSS) vulnerability in UseBB 1.0 RC1 and earlier  ...)
	NOT-FOR-US: UseBB
CVE-2006-2523 (PHP remote file inclusion vulnerability in config.php in phpListPro 2. ...)
	NOT-FOR-US: phpListPro
CVE-2006-2522 (Dayfox Blog 2.0 and earlier stores user credentials in edit/slog_users ...)
	NOT-FOR-US: Dayfox
CVE-2006-2521 (PHP remote file inclusion vulnerability in cron.php in phpMyDirectory  ...)
	NOT-FOR-US: phpMyDirectory
CVE-2006-2520 (Directory traversal vulnerability in BitZipper 4.1.2 SR-1 and earlier  ...)
	NOT-FOR-US: BitZipper
CVE-2006-2519 (Directory traversal vulnerability in include/inc_ext/spaw/spaw_control ...)
	NOT-FOR-US: phpwcms
CVE-2006-2518 (Cross-site scripting (XSS) vulnerability in phpwcms 1.2.5-DEV allows r ...)
	NOT-FOR-US: phpwcms
CVE-2006-2517 (SQL injection vulnerability in MyWeb Portal Office, Standard Edition,  ...)
	NOT-FOR-US: MyWeb
CVE-2006-2516 (mainfile.php in XOOPS 2.0.13.2 and earlier, when register_globals is e ...)
	NOT-FOR-US: XOOPS
CVE-2006-2515 (Cross-site scripting (XSS) vulnerability in index.php in Hiox Guestboo ...)
	NOT-FOR-US: Hiox
CVE-2006-2514 (Coppermine galleries before 1.4.6, when running on Apache with mod_mim ...)
	NOT-FOR-US: Coppermine
CVE-2006-2513 (Unspecified vulnerability in the installation process in Sun Java Syst ...)
	NOT-FOR-US: Sun
CVE-2006-2512 (SQL injection vulnerability in Hitachi EUR Professional Edition, EUR V ...)
	NOT-FOR-US: Hitachi
CVE-2006-2511 (The ActiveX version of FrontRange iHEAT allows remote authenticated us ...)
	NOT-FOR-US: FrontRange
CVE-2006-2510 (Cross-site scripting (XSS) vulnerability in the URL submission form in ...)
	NOT-FOR-US: YourFreeWorld.com
CVE-2006-2509 (SQL injection vulnerability in login.php in YourFreeWorld.com Short Ur ...)
	NOT-FOR-US: YourFreeWorld.com
CVE-2006-2508 (SQL injection vulnerability in tr1.php in YourFreeWorld.com Stylish Te ...)
	NOT-FOR-US: YourFreeWorld.com
CVE-2006-2507 (Multiple PHP remote file inclusion vulnerabilities in Teake Nutma Foin ...)
	NOT-FOR-US: phpbb2 mod
CVE-2006-2506 (Multiple cross-site scripting (XSS) vulnerabilities in search.php in S ...)
	NOT-FOR-US: Sphider
CVE-2006-2505 (Oracle Database Server 10g Release 2 allows local users to execute arb ...)
	NOT-FOR-US: Oracle
CVE-2006-2504 (Multiple SQL injection vulnerabilities in mono AZBOARD 1.0 and earlier ...)
	NOT-FOR-US: AZBOARD
CVE-2006-2503 (SQL injection vulnerability in misc.php in DeluxeBB 1.06 allows remote ...)
	NOT-FOR-US: DeluxeBB
CVE-2006-2502 (Stack-based buffer overflow in pop3d in Cyrus IMAPD (cyrus-imapd) 2.3. ...)
	- cyrus-imapd-2.2 <not-affected> (Vulnerable code not present)
CVE-2006-2501 (Cross-site scripting (XSS) vulnerability in Sun ONE Web Server 6.0 SP9 ...)
	NOT-FOR-US: Sun
CVE-2006-2500 (Cross-site scripting (XSS) vulnerability in add_news.asp in CodeAvalan ...)
	NOT-FOR-US: CodeAvalanche News
CVE-2006-2499 (SQL injection vulnerability in default.asp in CodeAvalanche News (CANe ...)
	NOT-FOR-US: CodeAvalanche News
CVE-2006-2498 (Invision Power Board (IPB) before 2.1.6 allows remote attackers to exe ...)
	NOT-FOR-US: Invision
CVE-2006-2497 (Multiple cross-site scripting (XSS) vulnerabilities in AspBB 0.5.2 all ...)
	NOT-FOR-US: AspBB
CVE-2006-2496 (Buffer overflow in iMonitor 2.4 in Novell eDirectory 8.8 allows remote ...)
	NOT-FOR-US: Novell
CVE-2006-2495 (Cross-site request forgery (CSRF) vulnerability in the Entry Manager i ...)
	- serendipity 1.0-1
CVE-2006-2494 (Stack-based buffer overflow in IntelliTamper 2.07 allows remote attack ...)
	NOT-FOR-US: IntelliTampe
CVE-2006-2493
	REJECTED
CVE-2006-2492 (Buffer overflow in Microsoft Word in Office 2000 SP3, Office XP SP3, O ...)
	NOT-FOR-US: Microsoft
CVE-2006-2491 (Cross-site scripting (XSS) vulnerability in (1) index.php and (2) bmc/ ...)
	NOT-FOR-US: BoastMachine
CVE-2006-2490 (Multiple cross-site scripting (XSS) vulnerabilities in Mobotix IP Netw ...)
	NOT-FOR-US: Mobotix
CVE-2006-2489 (Integer overflow in CGI scripts in Nagios 1.x before 1.4.1 and 2.x bef ...)
	{DSA-1072-1}
	- nagios 2:1.4-1 (bug #366682; bug #366803; bug #368193; high)
	- nagios2 2.3-1 (bug #366683; bug #368199; high)
CVE-2006-2488 (Multiple cross-site scripting (XSS) vulnerabilities in Spymac WebOS (W ...)
	NOT-FOR-US: Spymac
CVE-2006-2487 (Multiple PHP remote file inclusion vulnerabilities in ScozNews 1.2.1 a ...)
	NOT-FOR-US: ScozNews
CVE-2006-2486 (SQL injection vulnerability in find.php in YapBB 1.2 Beta2 and earlier ...)
	NOT-FOR-US: YapBB
CVE-2006-2485 (PHP remote file inclusion vulnerability in includes/class_template.php ...)
	NOT-FOR-US: Quezza
CVE-2006-2484 (Cross-site scripting (XSS) vulnerability in index.html in IceWarp WebM ...)
	NOT-FOR-US: IceWarp
CVE-2006-2483 (PHP remote file inclusion vulnerability in cart_content.php in Squirre ...)
	NOT-FOR-US: Squirrelcart
CVE-2006-2482 (Heap-based buffer overflow in the TZipTV component in (1) ZipTV for De ...)
	NOT-FOR-US: ZipTV
CVE-2006-2481 (VMware ESX Server 2.0.x before 2.0.2 and 2.x before 2.5.2 patch 4 stor ...)
	NOT-FOR-US: VMware ESX
CVE-2006-2480 (Format string vulnerability in Dia 0.94 allows user-assisted attackers ...)
	- dia 0.95.0-4 (bug #368202; low)
	[sarge] - dia <no-dsa> (Hardly exploitable, would require obviously malformed file names)
CVE-2006-2479 (The Update functionality in Bitrix Site Manager 4.1.x does not verify  ...)
	NOT-FOR-US: Bitrix
CVE-2006-2478 (Bitrix Site Manager 4.1.x allows remote attackers to redirect users to ...)
	NOT-FOR-US: Bitrix
CVE-2006-2477 (Cross-site scripting (XSS) vulnerability in the administrative interfa ...)
	NOT-FOR-US: Bitrix
CVE-2006-2476 (Bitrix Site Manager 4.1.x stores updater.log under the web document ro ...)
	NOT-FOR-US: Bitrix
CVE-2006-2475 (Directory traversal vulnerability in (1) edit_mailtexte.cgi and (2) be ...)
	NOT-FOR-US: Cosmoshop
CVE-2006-2474 (SQL injection vulnerability in lshop.cgi in Cosmoshop 8.11.106 and ear ...)
	NOT-FOR-US: Cosmoshop
CVE-2006-2473
	NOT-FOR-US: OpenWiki
CVE-2006-2472 (Unspecified vulnerability in BEA WebLogic Server 9.1 and 9.0, 8.1 thro ...)
	NOT-FOR-US: BEA
CVE-2006-2471 (Multiple vulnerabilities in BEA WebLogic Server 8.1 through SP4, 7.0 t ...)
	NOT-FOR-US: BEA
CVE-2006-2470 (Unspecified vulnerability in the WebLogic Server Administration Consol ...)
	NOT-FOR-US: BEA
CVE-2006-2469 (The HTTP handlers in BEA WebLogic Server 9.0, 8.1 up to SP5, 7.0 up to ...)
	NOT-FOR-US: BEA
CVE-2006-2468 (The WebLogic Server Administration Console in BEA WebLogic Server 8.1  ...)
	NOT-FOR-US: BEA
CVE-2006-2467 (BEA WebLogic Server 8.1 up to SP4, 7.0 up to SP6, and 6.1 up to SP7 di ...)
	NOT-FOR-US: BEA
CVE-2006-2466 (BEA WebLogic Server 8.1 up to SP4 and 7.0 up to SP6 allows remote atta ...)
	NOT-FOR-US: BEA
CVE-2006-2465 (Buffer overflow in MP3Info 0.8.4 allows attackers to execute arbitrary ...)
	- mp3info 0.8.4-9.1 (bug #368207; low)
	[sarge] - mp3info <no-dsa> (Hardly exploitable)
CVE-2006-2464 (stopWebLogic.sh in BEA WebLogic Server 8.1 before Service Pack 4 and 7 ...)
	NOT-FOR-US: BEA
CVE-2006-2463 (view_album.php in SelectaPix 1.31 and earlier allows remote attackers  ...)
	NOT-FOR-US: SelectaPix
CVE-2006-2462 (BEA WebLogic Server 8.1 before Service Pack 4 and 7.0 before Service P ...)
	NOT-FOR-US: BEA
CVE-2006-2461 (BEA WebLogic Server before 8.1 Service Pack 4 does not properly set th ...)
	NOT-FOR-US: BEA
CVE-2006-2460 (Sugar Suite Open Source (SugarCRM) 4.2 and earlier, when register_glob ...)
	- sugarcrm-ce-5.0 <itp> (bug #457876)
CVE-2006-2459 (SQL injection vulnerability in messages.php in PHP-Fusion 6.00.307 and ...)
	NOT-FOR-US: PHP-Fusion
CVE-2006-2458 (Multiple heap-based buffer overflows in Libextractor 0.5.13 and earlie ...)
	{DSA-1081-1}
	- libextractor 0.5.14-1
CVE-2006-2457
	RESERVED
CVE-2006-2456
	RESERVED
CVE-2006-2455
	RESERVED
CVE-2006-2454
	RESERVED
CVE-2006-2453 (Multiple unspecified format string vulnerabilities in Dia have unspeci ...)
	- dia 0.95.0-4 (bug #368202; medium)
	[sarge] - dia <no-dsa> (Hardly exploitable, would require obviously malformed file names)
CVE-2006-2452 (GNOME GDM 2.8, 2.12, 2.14, and 2.15, when the "face browser" feature i ...)
	- gdm 2.16.1-1 (bug #375281; medium)
	[sarge] - gdm <not-affected> (Vulnerable code has only been introduced with 2.8)
CVE-2006-2451 (The suid_dumpable support in Linux kernel 2.6.13 up to versions before ...)
	- linux-2.6 2.6.17-3 (high)
CVE-2006-2450 (auth.c in LibVNCServer 0.7.1 allows remote attackers to bypass authent ...)
	- libvncserver 0.8.2-1 (high; bug #376824)
CVE-2006-2449 (KDE Display Manager (KDM) in KDE 3.2.0 up to 3.5.3 allows local users  ...)
	{DSA-1156}
	- kdebase 4:3.5.2-2 (bug #374002; medium)
CVE-2006-2448 (Linux kernel before 2.6.16.21 and 2.6.17, when running on PowerPC, doe ...)
	- linux-2.6 2.6.16-15
CVE-2006-2447 (SpamAssassin before 3.1.3, when running with vpopmail and the paranoid ...)
	{DSA-1090-1}
	- spamassassin 3.1.3-1 (medium)
CVE-2006-2446 (Race condition between the kfree_skb and __skb_unlink functions in the ...)
	{DSA-1184-2 DSA-1183-1}
	- linux-2.6 2.6.16-1
	NOTE: I'm not sure at which point this was merged, but I checked 2.6.16 and the
	NOTE: patch is included there
CVE-2006-2445 (Race condition in run_posix_cpu_timers in Linux kernel before 2.6.16.2 ...)
	- linux-2.6 2.6.16-15
CVE-2006-2444 (The snmp_trap_decode function in the SNMP NAT helper for Linux kernel  ...)
	{DSA-1184-2 DSA-1183-1}
	- linux-2.6 2.6.16-15
CVE-2006-2442 (kphone 4.2 creates .qt/kphonerc with world-readable permissions, which ...)
	{DSA-1062-1}
	- kphone 1:4.2-3 (bug #337830; medium)
CVE-2006-2439 (Stack-based buffer overflow in ZipCentral 4.01 allows remote user-assi ...)
	NOT-FOR-US: ZipCentral
CVE-2006-2438 (Directory traversal vulnerability in the viewfile servlet in the docum ...)
	NOT-FOR-US: Caucho
CVE-2006-2437 (The viewfile servlet in the documentation package (resin-doc) for Cauc ...)
	NOT-FOR-US: Caucho
CVE-2006-2436 (WebSphere Application Server 5.0.2 (or any earlier cumulative fix) sto ...)
	NOT-FOR-US: IBM
CVE-2006-2435 (Unspecified vulnerability in IBM WebSphere Application Server 5.0.2 an ...)
	NOT-FOR-US: IBM
CVE-2006-2434 (Unspecified vulnerability in WebSphere 5.1.1 (or any earlier cumulativ ...)
	NOT-FOR-US: IBM
CVE-2006-2433 (Unspecified vulnerability in IBM WebSphere Application Server 6.0.2, 6 ...)
	NOT-FOR-US: IBM
CVE-2006-2432 (IBM WebSphere Application Server 5.0.2 (or any earlier cumulative fix) ...)
	NOT-FOR-US: IBM
CVE-2006-2431 (Cross-site scripting (XSS) vulnerability in the 500 Internal Server Er ...)
	NOT-FOR-US: IBM
CVE-2006-2430 (IBM WebSphere Application Server 5.0.2 and earlier, 5.1.1 and earlier, ...)
	NOT-FOR-US: IBM
CVE-2006-2429 (Unspecified vulnerability in IBM WebSphere Application Server 6.0.2, 6 ...)
	NOT-FOR-US: IBM
CVE-2006-2428 (add.asp in DUware DUbanner 3.1 allows remote attackers to execute arbi ...)
	NOT-FOR-US: Duware
CVE-2006-2427 (freshclam in (1) Clam Antivirus (ClamAV) 0.88 and (2) ClamXav 1.0.3h a ...)
	- clamav <not-affected> (clamav-freshclam doesn't ship freshclam setuid or setgid)
CVE-2006-2426 (Sun Java Runtime Environment (JRE) 1.5.0_6 and earlier, JDK 1.5.0_6 an ...)
	{DSA-1769-1}
	- sun-java5 1.5.0-10-1 (bug #384734)
	- sun-java6 6-13-1 (bug #521414)
	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
	- openjdk-6 6b14-1.5~pre1-3 (bug #566766)
CVE-2006-2425 (Multiple cross-site scripting (XSS) vulnerabilities in PRV.php in PhpR ...)
	NOT-FOR-US: phpRemoteView
CVE-2006-2424 (PHP remote file inclusion vulnerability in ezUserManager 1.6 and earli ...)
	NOT-FOR-US: ezUserManager
CVE-2006-2423 (Cross-site scripting (XSS) vulnerability in ftplogin/index.php in Conf ...)
	NOT-FOR-US: Confixx
CVE-2006-2422 (phpCOIN 1.2.3 and earlier stores messages based upon e-mail addresses, ...)
	NOT-FOR-US: phpCOIN
CVE-2006-2421 (Stack-based buffer overflow in Pragma FortressSSH 4.0.7.20 allows remo ...)
	NOT-FOR-US: Pragma
CVE-2006-2420 (Bugzilla 2.20rc1 through 2.20 and 2.21.1, when using RSS 1.0, allows r ...)
	NOTE: "this issue normally would not be included in CVE, it is being identified since the Bugzilla developers have addressed it."
	- bugzilla <unfixed> (unimportant)
CVE-2006-2419 (Cross-site scripting (XSS) vulnerability in index.php in Directory Lis ...)
	NOT-FOR-US: Directory Listing Script
CVE-2006-2418 (Cross-site scripting (XSS) vulnerabilities in certain versions of phpM ...)
	{DSA-1207-1}
	- phpmyadmin 4:2.8.1-1 (bug #368082; medium)
CVE-2006-2417 (Cross-site scripting (XSS) vulnerability in phpMyAdmin 2.8.0.x before  ...)
	- phpmyadmin 4:2.8.1-1 (bug #368082; medium)
	[sarge] - phpmyadmin <not-affected> (Vulnerable code not present)
CVE-2006-2416 (SQL injection vulnerability in class2.php in e107 0.7.2 and earlier al ...)
	NOT-FOR-US: e107
CVE-2006-2415 (Multiple cross-site scripting (XSS) vulnerabilities in FlexChat 2.0 an ...)
	NOT-FOR-US: FlexChat
CVE-2006-2414 (Directory traversal vulnerability in Dovecot 1.0 beta and 1.0 allows r ...)
	{DSA-1080-1}
	- dovecot 1.0.beta8-1 (low)
	[sarge] - dovecot <not-affected> (vulnerability introduced in 1.0)
CVE-2006-2413 (GNUnet before SVN revision 2781 allows remote attackers to cause a den ...)
	- gnunet 0.7.0e-1 (bug #368159; medium)
	[sarge] - gnunet <not-affected> (according to maintainer)
CVE-2006-2412 (The raydium_network_read function in network.c in Raydium SVN revision ...)
	NOT-FOR-US: Raydium
CVE-2006-2411 (Buffer overflow in raydium_network_read function in network.c in Raydi ...)
	NOT-FOR-US: Raydium
CVE-2006-2410 (raydium_network_netcall_exec function in network.c in Raydium SVN revi ...)
	NOT-FOR-US: Raydium
CVE-2006-2409 (Format string vulnerability in the raydium_log function in console.c i ...)
	NOT-FOR-US: Raydium
CVE-2006-2408 (Multiple buffer overflows in Raydium before SVN revision 310 allow rem ...)
	NOT-FOR-US: Raydium
CVE-2006-2407 (Stack-based buffer overflow in (1) WeOnlyDo wodSSHServer ActiveX Compo ...)
	NOT-FOR-US: ActiveX component
CVE-2006-2406 (Directory traversal vulnerability in bb_lib/abbc.css.php in Unclassifi ...)
	NOT-FOR-US: Unclassified NewsBoard
CVE-2006-2405 (Directory traversal vulnerability in unb_lib/abbc.conf.php in Unclassi ...)
	NOT-FOR-US: Unclassified NewsBoard
CVE-2006-2404 (Directory traversal vulnerability in popup.php in RadScripts RadLance  ...)
	NOT-FOR-US: RadScripts
CVE-2006-2403 (Buffer overflow in FileZilla before 2.2.23 allows remote attackers to  ...)
	- filezilla <not-affected> (fixed before the first Debian upload)
CVE-2006-2402 (Buffer overflow in the changeRegistration function in servernet.cpp fo ...)
	NOT-FOR-US: Outgun
CVE-2006-2401 (The leetnet functions (leetnet/rudp.cpp) in Outgun 1.0.3 bot 2 and ear ...)
	NOT-FOR-US: Outgun
CVE-2006-2400 (The leetnet functions (leetnet/rudp.cpp) in Outgun 1.0.3 bot 2 and ear ...)
	NOT-FOR-US: Outgun
CVE-2006-2399 (Stack-based buffer overflow in the ServerNetworking::incoming_client_d ...)
	NOT-FOR-US: Outgun
CVE-2006-2398 (Directory traversal vulnerability in index.php in GPhotos 1.5 and earl ...)
	NOT-FOR-US: GPhotos web gallery
CVE-2006-2397 (Multiple cross-site scripting (XSS) vulnerabilities in GPhotos 1.5 and ...)
	NOT-FOR-US: GPhotos web gallery
CVE-2006-2396 (Cross-site scripting (XSS) vulnerability in phpODP 1.5h allows remote  ...)
	NOT-FOR-US: phpODP
CVE-2006-2395 (PHP remote file inclusion vulnerability in resources/includes/popp.con ...)
	NOT-FOR-US: PopPhoto
CVE-2006-2394 (Cross-site scripting (XSS) vulnerability in chat.php in PHP Live Helpe ...)
	NOT-FOR-US: PHP Live Support
CVE-2006-2393 (The client_cmd function in Empire 4.3.2 and earlier allows remote atta ...)
	NOT-FOR-US: Debian's 'empire' is a different game
CVE-2006-2392 (PHP remote file inclusion vulnerability in public_includes/pub_popup/p ...)
	NOT-FOR-US: PHP Blue Dragon Platinum
CVE-2006-2391 (Buffer overflow in EMC Retrospect Client 5.1 through 7.5 allows remote ...)
	NOT-FOR-US: EMC Retrospect
CVE-2006-2390 (Cross-site scripting (XSS) vulnerability in OZJournals 1.2 allows remo ...)
	NOT-FOR-US: OZJournals
CVE-2006-2389 (Unspecified vulnerability in Microsoft Office 2003 SP1 and SP2, Office ...)
	NOT-FOR-US: Microsoft
CVE-2006-2388 (Microsoft Office Excel 2000 through 2004 allows user-assisted attacker ...)
	NOT-FOR-US: Microsoft
CVE-2006-2387 (Unspecified vulnerability in Microsoft Excel 2000, 2002, 2003, 2004 fo ...)
	NOT-FOR-US: Microsoft
CVE-2006-2386 (Unspecified vulnerability in Microsoft Outlook Express 6 and earlier a ...)
	NOT-FOR-US: Microsoft
CVE-2006-2385 (Unspecified vulnerability in Microsoft Internet Explorer 5.01 SP4 and  ...)
	NOT-FOR-US: Microsoft
CVE-2006-2384 (Microsoft Internet Explorer 5.01 SP4 and 6 SP1 and earlier allows remo ...)
	NOT-FOR-US: Microsoft
CVE-2006-2383 (Unspecified vulnerability in Microsoft Internet Explorer 5.01 SP4 and  ...)
	NOT-FOR-US: Microsoft
CVE-2006-2382 (Heap-based buffer overflow in Microsoft Internet Explorer 5.01 SP4 and ...)
	NOT-FOR-US: Microsoft
CVE-2006-2381
	REJECTED
CVE-2006-2380 (Microsoft Windows 2000 SP4 does not properly validate an RPC server du ...)
	NOT-FOR-US: Microsoft
CVE-2006-2379 (Buffer overflow in the TCP/IP Protocol driver in Microsoft Windows 200 ...)
	NOT-FOR-US: Microsoft
CVE-2006-2378 (Buffer overflow in the ART Image Rendering component (jgdw400.dll) in  ...)
	NOT-FOR-US: Microsoft
CVE-2006-2377
	REJECTED
CVE-2006-2376 (Integer overflow in the PolyPolygon function in Graphics Rendering Eng ...)
	NOT-FOR-US: Microsoft
CVE-2006-2375
	REJECTED
CVE-2006-2374 (The Server Message Block (SMB) driver (MRXSMB.SYS) in Microsoft Window ...)
	NOT-FOR-US: Microsoft
CVE-2006-2373 (The Server Message Block (SMB) driver (MRXSMB.SYS) in Microsoft Window ...)
	NOT-FOR-US: Microsoft
CVE-2006-2372 (Buffer overflow in the DHCP Client service for Microsoft Windows 2000  ...)
	NOT-FOR-US: Microsoft
CVE-2006-2371 (Buffer overflow in the Remote Access Connection Manager service (RASMA ...)
	NOT-FOR-US: Microsoft
CVE-2006-2370 (Buffer overflow in the Routing and Remote Access service (RRAS) in Mic ...)
	NOT-FOR-US: Microsoft
CVE-2006-2369 (RealVNC 4.1.1, and other products that use RealVNC such as AdderLink I ...)
	- vnc4 4.1.1+X4.3.0-10 (high)
	[sarge] - vnc4 <not-affected> (vuln not in 4.0)
CVE-2006-2368 (Cross-site scripting (XSS) vulnerability in index.php in Clansys (aka  ...)
	NOT-FOR-US: Clansys
CVE-2006-2367 (Cross-site scripting (XSS) vulnerability in index.php in Clansys (aka  ...)
	NOT-FOR-US: Clansys
CVE-2006-2366 (ircp_io.c in libopenobex for ircp 1.2, when ircp is run with the -r op ...)
	- libopenobex 1.2-3 (bug #366484)
CVE-2006-2365 (Cross-site scripting (XSS) vulnerability in a_login.php in Vizra allow ...)
	NOT-FOR-US: Vizra
CVE-2006-2364 (Cross-site scripting (XSS) vulnerability in the validation feature in  ...)
	NOT-FOR-US: Macromedia
CVE-2006-2363 (SQL injection vulnerability in the weblinks option (weblinks.html.php) ...)
	NOT-FOR-US: Limbo
CVE-2006-2362 (Buffer overflow in getsym in tekhex.c in libbfd in Free Software Found ...)
	- binutils 2.17-1 (low; bug #368237)
	[sarge] - binutils <no-dsa> (Very minor issue)
CVE-2006-2361 (PHP remote file inclusion vulnerability in pafiledb_constants.php in D ...)
	NOT-FOR-US: phpbb mod
CVE-2006-2360 (SQL injection vulnerability in charts.php in the Chart mod for phpBB a ...)
	NOT-FOR-US: phpbb mod
CVE-2006-2359 (Cross-site scripting (XSS) vulnerability in charts.php in the Chart mo ...)
	NOT-FOR-US: phpbb mod
CVE-2006-2192
	RESERVED
CVE-2006-2358 (Multiple cross-site scripting (XSS) vulnerabilities in various scripts ...)
	NOT-FOR-US: Web Labs CMS
CVE-2006-2357 (Ipswitch WhatsUp Professional 2006 and WhatsUp Professional 2006 Premi ...)
	NOT-FOR-US: Ipswitch WhatsUp
CVE-2006-2356 (NmConsole/utility/RenderMap.asp in Ipswitch WhatsUp Professional 2006  ...)
	NOT-FOR-US: Ipswitch WhatsUp
CVE-2006-2355 (Ipswitch WhatsUp Professional 2006 and Ipswitch WhatsUp Professional 2 ...)
	NOT-FOR-US: Ipswitch WhatsUp
CVE-2006-2354 (NmConsole/Login.asp in Ipswitch WhatsUp Professional 2006 and Ipswitch ...)
	NOT-FOR-US: Ipswitch WhatsUp
CVE-2006-2353 (NmConsole/DeviceSelection.asp in Ipswitch WhatsUp Professional 2006 an ...)
	NOT-FOR-US: Ipswitch WhatsUp
CVE-2006-2352 (Multiple cross-site scripting (XSS) vulnerabilities in IPswitch WhatsU ...)
	NOT-FOR-US: Ipswitch WhatsUp
CVE-2006-2351 (Multiple cross-site scripting (XSS) vulnerabilities in IPswitch WhatsU ...)
	NOT-FOR-US: Ipswitch WhatsUp
CVE-2006-2350
	REJECTED
CVE-2006-2349 (E-Business Designer (eBD) 3.1.4 and earlier allows remote attackers to ...)
	NOT-FOR-US: E-Business Designer
CVE-2006-2348 (Cross-site scripting (XSS) vulnerability in form_grupo.html in E-Busin ...)
	NOT-FOR-US: E-Business Designer
CVE-2006-2347 (E-Business Designer (eBD) 3.1.4 and earlier allows remote attackers to ...)
	NOT-FOR-US: E-Business Designer
CVE-2006-2346 (vpopmail 5.4.14 and 5.4.15, with cleartext passwords enabled, allows r ...)
	- vpopmail <not-affected> (vulnerability introduced in 5.4.14)
	NOTE: Unable to reach CVS to determine if prior versions are affected
	NOTE: Micah will return to this one
CVE-2006-2345 (Cross-site scripting (XSS) vulnerability in inc/elementz.php in AliPAG ...)
	NOT-FOR-US: AliPAGER
CVE-2006-2344 (SQL injection vulnerability in inc/elementz.php in AliPAGER 1.5, with  ...)
	NOT-FOR-US: AliPAGER
CVE-2006-2343 (Cross-site scripting (XSS) vulnerability in Search.do in ManageEngine  ...)
	NOT-FOR-US: ManageEngine OpManager
CVE-2006-2342 (IBM WebSphere Application Server 6.0.2 before FixPack 3 allows remote  ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2006-2341 (The HTTP proxy in Symantec Gateway Security 5000 Series 2.0.1 and 3.0, ...)
	NOT-FOR-US: Symantec Gateway Security
CVE-2006-2340 (Cross-site scripting (XSS) vulnerability in PassMasterFlex and PassMas ...)
	NOT-FOR-US: PassMasterFlex
CVE-2006-2339 (SQL injection vulnerability in index.php in evoTopsites 2.x and evoTop ...)
	NOT-FOR-US: evoTopsites
CVE-2006-2338 (PlaNet Concept plaNetStat 20050127 allows remote attackers to gain adm ...)
	NOT-FOR-US: PlaNet
CVE-2006-2337 (Directory traversal vulnerability in webcm in the D-Link DSL-G604T Wir ...)
	NOT-FOR-US: D-Link
CVE-2006-2336 (SQL injection vulnerability in showthread.php in MyBB (aka MyBulletinB ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2006-2335 (Jelsoft vBulletin accepts uploads of Cascading Style Sheets (CSS) and  ...)
	NOT-FOR-US: vBulletin
CVE-2006-2334 (The RtlDosPathNameToNtPathName_U API function in NTDLL.DLL in Microsof ...)
	NOT-FOR-US: Windows
CVE-2006-2333 (Multiple SQL injection vulnerabilities in MyBB (aka MyBulletinBoard) 1 ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2006-2332 (Mozilla Firefox 1.5.0.3 allows remote attackers to cause a denial of s ...)
	NOTE: 1.5.dfsg+1.5.0.3-2 didn't crash or do anything but stutter on the sample pages, marking it fixed in there
	- firefox 1.5.dfsg+1.5.0.3-2
CVE-2006-2331 (Multiple directory traversal vulnerabilities in PHP-Fusion 6.00.306 al ...)
	NOT-FOR-US: PHP-Fusion
CVE-2006-2330 (PHP-Fusion 6.00.306 and earlier, running under Apache HTTP Server 1.3. ...)
	NOT-FOR-US: PHP-Fusion
CVE-2006-2329 (AngelineCMS 0.6.5 and earlier allow remote attackers to obtain sensiti ...)
	NOT-FOR-US: AngelineCMS
CVE-2006-2328 (SQL injection vulnerability in lib/adodb/server.php in AngelineCMS 0.6 ...)
	NOT-FOR-US: AngelineCMS
CVE-2006-2327 (Multiple integer overflows in the DPRPC library (DPRPCNLM.NLM) NDPS/iP ...)
	NOT-FOR-US: Novell
CVE-2006-2326 (Directory traversal vulnerability in index.php in OnlyScript.info Onli ...)
	NOT-FOR-US: OnlyScript.info
CVE-2006-2325 (Cross-site scripting (XSS) vulnerability in index.php in OnlyScript.in ...)
	NOT-FOR-US: OnlyScript.info
CVE-2006-2324 (180solutions Zango downloads "required Adware components" without chec ...)
	NOT-FOR-US: 180solutions
CVE-2006-2323 (Multiple PHP remote file inclusion vulnerabilities in SmartISoft phpLi ...)
	NOT-FOR-US: SmartISoft
CVE-2006-2322 (The transparent proxy feature of the Cisco Application Velocity System ...)
	NOT-FOR-US: Cisco
CVE-2006-2321 (Multiple cross-site scripting (XSS) vulnerabilities in Ideal Science I ...)
	NOT-FOR-US: Ideal Science
CVE-2006-2320 (Multiple SQL injection vulnerabilities in Ideal Science Ideal BB 1.5.4 ...)
	NOT-FOR-US: Ideal Science
CVE-2006-2319 (Ideal Science Ideal BB 1.5.4a and earlier does not properly check file ...)
	NOT-FOR-US: Ideal Science
CVE-2006-2318 (Incomplete blacklist vulnerability in Ideal Science Ideal BB 1.5.4a an ...)
	NOT-FOR-US: Ideal Science
CVE-2006-2317 (Unspecified vulnerability in Ideal Science Ideal BB 1.5.4a and earlier ...)
	NOT-FOR-US: Ideal Science
CVE-2006-2316 (S24EvMon.exe in the Intel PROset/Wireless software, possibly 10.1.0.33 ...)
	NOT-FOR-US: Intel Windows software
CVE-2006-2315
	NOT-FOR-US: ISPConfig
CVE-2006-2314 (PostgreSQL 8.1.x before 8.1.4, 8.0.x before 8.0.8, 7.4.x before 7.4.13 ...)
	{DSA-1087-1}
	- postgresql 7.5.4 (medium; bug #368645)
	- postgresql-7.4 1:7.4.13-1 (medium)
	- postgresql-8.1 8.1.4-1 (medium)
	- pygresql 3.8-1.1 (medium)
	[sarge] - pygresql <not-affected> (Already includes proper quoting)
	NOTE: Beginning with version 7.5.4, postgresql is a transition
	NOTE: package which does not contain actual code. That's why
	NOTE: it's marked as fixed here. (Previous versions are vulnerable.)
	NOTE: The following packages needed to adapted to cope with the new system:
	NOTE: psycopg 1.1.21-5 (bug #369230)
	NOTE: python-pgsql 2.4.0-8 (bug #369250)
	NOTE: pygresql 1:3.8-1.1 (bug #369239)
	NOTE: dovecot 1.0.beta8-3 (bug #369359)
	NOTE: postfix 2.2.10-2 (bug #369349)
CVE-2006-2313 (PostgreSQL 8.1.x before 8.1.4, 8.0.x before 8.0.8, 7.4.x before 7.4.13 ...)
	{DSA-1087-1}
	- postgresql 7.5.4 (high; bug #368645)
	- postgresql-7.4 1:7.4.13-1 (high)
	- postgresql-8.1 8.1.4-1 (high)
	NOTE: Beginning with version 7.5.4, postgresql is a transition
	NOTE: package which does not contain actual code. That's why
	NOTE: it's marked as fixed here. (Previous versions are vulnerable.)
CVE-2006-2312 (Argument injection vulnerability in the URI handler in Skype 2.0.*.104 ...)
	NOT-FOR-US: Skype
CVE-2006-2311 (Cross-site scripting (XSS) vulnerability in BlueDragon Server and Serv ...)
	NOT-FOR-US: BlueDragon Server and Server JX
CVE-2006-2310 (BlueDragon Server and Server JX 6.2.1.286 for Windows allows remote at ...)
	NOT-FOR-US: BlueDragon Server and Server JX
CVE-2006-2309 (The HTTP service in EServ/3 3.25 allows remote attackers to obtain sen ...)
	NOT-FOR-US: EServ
CVE-2006-2308 (Directory traversal vulnerability in the IMAP service in EServ/3 3.25  ...)
	NOT-FOR-US: EServ
CVE-2006-2307 (Cross-site scripting (XSS) vulnerability in Website Baker CMS before 2 ...)
	NOT-FOR-US: Website Baker
CVE-2006-2306 (Cross-site scripting (XSS) vulnerability in moreinfo.asp in EPublisher ...)
	NOT-FOR-US: EPublisherPro
CVE-2006-2305 (Multiple cross-site scripting (XSS) vulnerabilities in Jadu CMS allow  ...)
	NOT-FOR-US: Jadu
CVE-2006-2304 (Multiple integer overflows in the DPRPC library (DPRPCW32.DLL) in Nove ...)
	NOT-FOR-US: Novell software for Windows
CVE-2006-2303 (Cross-Application Scripting (XAS) vulnerability in ICQ Client 5.04 bui ...)
	NOT-FOR-US: Windows ICQ client
CVE-2006-2302 (SQL injection vulnerability in admin_default.asp in DUGallery 2.x allo ...)
	NOT-FOR-US: DUGallery
CVE-2006-2301 (SQL injection vulnerability in admin_default.asp in OzzyWork Galeri al ...)
	NOT-FOR-US: OzzyWork
CVE-2006-2300 (Multiple SQL injection vulnerabilities in EImagePro allow remote attac ...)
	NOT-FOR-US: EImagePro
CVE-2006-2299
	RESERVED
CVE-2006-2298 (The Internet Key Exchange version 1 (IKEv1) implementation in the libi ...)
	NOT-FOR-US: Solaris
CVE-2006-2297 (Heap-based buffer overflow in Microsoft Infotech Storage System Librar ...)
	NOT-FOR-US: Microsoft Infotech Storage System
CVE-2006-2296 (SQL injection vulnerability in search_result.asp in EDirectoryPro 2.0  ...)
	NOT-FOR-US: EDirectoryPro
CVE-2006-2295 (Directory traversal vulnerability in Dynamic Galerie 1.0 allows remote ...)
	NOT-FOR-US: Dynamic Galerie
CVE-2006-2294 (Cross-site scripting (XSS) vulnerability in Dynamic Galerie 1.0 allows ...)
	NOT-FOR-US: Dynamic Galerie
CVE-2006-2293 (SQL injection vulnerability in all_calendars.asp in MultiCalendars 3.0 ...)
	NOT-FOR-US: MultiCalendars
CVE-2006-2292 (Multiple SQL injection vulnerabilities in IA-Calendar allow remote att ...)
	NOT-FOR-US: IA-Calendar
CVE-2006-2291 (Cross-site scripting (XSS) vulnerability in calendar_new.asp in IA-Cal ...)
	NOT-FOR-US: IA-Calendar
CVE-2006-2290 (Multiple cross-site scripting (XSS) vulnerabilities in kommentar.php i ...)
	NOT-FOR-US: 2005-Comments-Script
CVE-2006-2289 (Buffer overflow in avahi-core in Avahi before 0.6.10 allows local user ...)
	- avahi 0.6.10-1 (medium)
CVE-2006-2288 (Avahi before 0.6.10 allows local users to cause a denial of service (m ...)
	- avahi 0.6.10-1 (low)
CVE-2006-2287 (Multiple cross-site scripting (XSS) vulnerabilities in Vision Source 0 ...)
	NOT-FOR-US: Vision Source
CVE-2006-2286 (Multiple PHP remote file inclusion vulnerabilities in claro_init_globa ...)
	NOT-FOR-US: Dokeos
CVE-2006-2285 (PHP remote file inclusion vulnerability in authldap.php in Dokeos 1.6. ...)
	NOT-FOR-US: Dokeos
CVE-2006-2284 (Multiple PHP remote file inclusion vulnerabilities in Claroline 1.7.5  ...)
	NOT-FOR-US: Claroline
CVE-2006-2283 (Multiple PHP remote file inclusion vulnerabilities in SpiffyJr phpRaid ...)
	NOT-FOR-US: phpRaid
CVE-2006-2282 (Cross-site scripting (XSS) vulnerability in X7 Chat 2.0.2 and earlier  ...)
	NOT-FOR-US: X7 Chat
CVE-2006-2281 (X-Scripts X-Poll (xpoll) 2.30 allows remote attackers to execute arbit ...)
	NOT-FOR-US: X-Scripts X-Poll
CVE-2006-2280 (Directory traversal vulnerability in website.php in openEngine 1.8 Bet ...)
	NOT-FOR-US: openEngine
CVE-2006-2279 (Multiple SQL injection vulnerabilities in SaphpLesson 3.0 allow remote ...)
	NOT-FOR-US: SaphpLesson
CVE-2006-2278 (SaphpLesson 3.0 does not initialize array variables, which allows remo ...)
	NOT-FOR-US: SaphpLesson
CVE-2006-2277 (Multiple Apple Mac OS X 10.4 applications might allow context-dependen ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2006-2276 (bgpd in Quagga 0.98 and 0.99 before 20060504 allows local users to cau ...)
	{DSA-1059-1}
	- quagga 0.99.4-1 (bug #366980; low)
CVE-2006-2275 (Linux SCTP (lksctp) before 2.6.17 allows remote attackers to cause a d ...)
	- linux-2.6 2.6.16-13
CVE-2006-2274 (Linux SCTP (lksctp) before 2.6.17 allows remote attackers to cause a d ...)
	{DSA-1103 DSA-1097-1}
	- linux-2.6 2.6.16-13
CVE-2006-2273 (The InstallProduct routine in the Verisign VUpdater.Install (aka i-Nav ...)
	NOT-FOR-US: Verisign
CVE-2006-2272 (Linux SCTP (lksctp) before 2.6.17 allows remote attackers to cause a d ...)
	{DSA-1103 DSA-1097-1}
	- linux-2.6 2.6.16-13
CVE-2006-2271 (The ECNE chunk handling in Linux SCTP (lksctp) before 2.6.17 allows re ...)
	{DSA-1103 DSA-1097-1}
	- linux-2.6 2.6.16-13
CVE-2006-2270 (PHP remote file inclusion vulnerability in includes/config.php in Jetb ...)
	NOT-FOR-US: Jetbox CMS
CVE-2006-2269 (Cross-site scripting (XSS) vulnerability in myWebland MyBloggie 2.1.3  ...)
	NOT-FOR-US: myWebland MyBloggie
CVE-2006-2268 (SQL injection vulnerability in FlexCustomer 0.0.4 and earlier allows r ...)
	NOT-FOR-US: FlexCustomer
CVE-2006-2267 (Kerio WinRoute Firewall before 6.2.1 allows remote attackers to cause  ...)
	NOT-FOR-US: Kerio WinRoute Firewall
CVE-2006-2266 (SQL injection vulnerability in Chirpy! 0.1 allows remote attackers to  ...)
	NOT-FOR-US: Chirpy!
CVE-2006-2265 (Cross-site scripting vulnerability in admin/main.asp in Ocean12 Calend ...)
	NOT-FOR-US: Ocean12 Calendar Manager Pro
CVE-2006-2264 (Multiple SQL injection vulnerabilities in Ocean12 Calendar Manager Pro ...)
	NOT-FOR-US: Ocean12 Calendar Manager Pro
CVE-2006-2263 (SQL injection vulnerability in shopcurrency.asp in VP-ASP 6.00 allows  ...)
	NOT-FOR-US: VP-ASP
CVE-2006-2262 (Cross-site scripting (XSS) vulnerability in index.php in singapore 0.9 ...)
	NOT-FOR-US: singapore
CVE-2006-2261 (PHP remote file inclusion vulnerability in day.php in ACal 2.2.6 allow ...)
	NOT-FOR-US: ACal
CVE-2006-2260 (Cross-site scripting (XSS) vulnerability in the project module (projec ...)
	- drupal <not-affected> (bug #366947)
CVE-2006-2259 (SQL injection vulnerability in Logon.asp in MaxxSchedule 1.0 allows re ...)
	NOT-FOR-US: MaxxSchedule
CVE-2006-2258 (Cross-site scripting (XSS) vulnerability in Logon.asp in MaxxSchedule  ...)
	NOT-FOR-US: MaxxSchedule
CVE-2006-2257 (Cross-site scripting (XSS) vulnerability in index.php in easyEvent 1.2 ...)
	NOT-FOR-US: easyEvent
CVE-2006-2256 (PHP remote file inclusion vulnerability in includes/dbal.php in EQdkp  ...)
	NOT-FOR-US: EQdkp
CVE-2006-2255 (Multiple SQL injection vulnerabilities in Creative Community Portal 1. ...)
	NOT-FOR-US: Creative Community Portal
CVE-2006-2254 (Buffer overflow in filecpnt.exe in FileCOPA 1.01 allows remote attacke ...)
	NOT-FOR-US: FileCOPA
CVE-2006-2253 (PHP remote file inclusion vulnerability in visible_count_inc.php in St ...)
	NOT-FOR-US: Statit
CVE-2006-2252 (Cross-site scripting vulnerability in submit.php in OpenFAQ 0.4.0 allo ...)
	NOT-FOR-US: OpenFAQ
CVE-2006-2251 (SQL injection vulnerability in the do_mmod function in mod.php in Invi ...)
	NOT-FOR-US: Invision Community Blog
CVE-2006-2250 (CuteNews 1.4.1 allows remote attackers to obtain sensitive information ...)
	NOT-FOR-US: CuteNews
CVE-2006-2249 (Multiple cross-site scripting (XSS) vulnerabilities in search.php in C ...)
	NOT-FOR-US: CuteNews
CVE-2006-2248 (Xeneo Web Server 2.2.22.0 allows remote attackers to obtain the source ...)
	NOT-FOR-US: Xeneo Web Server
CVE-2006-2247 (WebCalendar 1.0.1 to 1.0.3 generates different error messages dependin ...)
	{DSA-1056-1}
	- webcalendar 1.0.2-2.2 (medium; bug #366927)
CVE-2006-2246 (Cross-site scripting (XSS) vulnerability in UBlog 1.6 Access Edition a ...)
	NOT-FOR-US: UBlog
CVE-2006-2245 (PHP remote file inclusion vulnerability in auction\auction_common.php  ...)
	NOT-FOR-US: Auction mod 1.3m for phpBB
CVE-2006-2244 (Multiple SQL injection vulnerabilities in Web4Future News Portal allow ...)
	NOT-FOR-US: Web4Future News Portal
CVE-2006-2243 (Multiple cross-site scripting (XSS) vulnerabilities in Web4Future News ...)
	NOT-FOR-US: Web4Future News Portal
CVE-2006-2242 (acFTP 1.4 allows remote attackers to cause a denial of service (applic ...)
	NOT-FOR-US: acFTP
CVE-2006-2241 (PHP remote file inclusion vulnerability in show.php in Fast Click SQL  ...)
	NOT-FOR-US: Fast Click SQL Lite
CVE-2006-2240 (Unspecified vulnerability in the (1) web cache or (2) web proxy in Fuj ...)
	NOT-FOR-US: Fujitsu NetShelter/FW
CVE-2006-2239 (SQL injection vulnerability in readarticle.php in Newsadmin 1.1 allows ...)
	NOT-FOR-US: Newsadmin
CVE-2006-2238 (Heap-based buffer overflow in Apple QuickTime before 7.1 allows remote ...)
	NOT-FOR-US: Apple
CVE-2006-2237 (The web interface for AWStats 6.4 and 6.5, when statistics updates are ...)
	{DSA-1058-1}
	- awstats 6.5-2 (bug #365909; bug #365910; medium)
CVE-2006-2236 (Buffer overflow in the Quake 3 Engine, as used by (1) ET 2.60, (2) Ret ...)
	- tremulous 1.1.0-6 (bug #660827)
	[squeeze] - tremulous 1.1.0-7~squeeze1
	- ioquake3 1.36+svn1788j-1
CVE-2006-2235 (CodeMunkyX (aka free-php.net) Simple Poll 1.0, when authentication is  ...)
	NOT-FOR-US: Simple Poll
CVE-2006-2234 (Multiple cross-site scripting (XSS) vulnerabilities in TyroCMS beta 1. ...)
	NOT-FOR-US: TyroCMS
CVE-2006-2233 (Buffer overflow in BankTown Client Control (aka BtCxCtl20Com) 1.4.2.51 ...)
	NOT-FOR-US: BankTown Client Control
CVE-2006-2232 (Cross-site scripting (XSS) vulnerability in Scriptsez Cute Guestbook 2 ...)
	NOT-FOR-US: Scriptsez Cute Guestbook
CVE-2006-2231 (Multiple cross-site scripting (XSS) vulnerabilities in addguest.cgi in ...)
	NOT-FOR-US: Big Webmaster Guestbook Script
CVE-2006-2230 (Multiple format string vulnerabilities in xiTK (xitk/main.c) in xine 0 ...)
	{DSA-1093-1}
	- xine-ui 0.99.4-2 (medium; bug #363370; bug #372172)
CVE-2006-2229 (OpenVPN 2.0.7 and earlier, when configured to use the --management opt ...)
	- openvpn <unfixed> (unimportant)
	NOTE: One needs to explicitly set the IP to something else than 127.0.0.1
	NOTE: in order to be vulnerable. The man page recommends not to do it.
CVE-2006-2228 (Cross-site scripting (XSS) vulnerability in w-Agora (aka Web-Agora) 4. ...)
	NOT-FOR-US: Web-Agora
CVE-2006-2227 (Cross-site scripting (XSS) vulnerability in misc.php in PunBB 1.2.11 a ...)
	NOT-FOR-US: PunBB
CVE-2006-2226 (Buffer overflow in XM Easy Personal FTP Server 4.2 and 5.0.1 allows re ...)
	NOT-FOR-US: Easy Personal FTP Server
CVE-2006-2225 (Buffer overflow in XM Easy Personal FTP Server 4.3 and earlier allows  ...)
	NOT-FOR-US: Easy Personal FTP Server
CVE-2006-2224 (RIPd in Quagga 0.98 and 0.99 before 20060503 does not properly enforce ...)
	{DSA-1059-1}
	- quagga 0.99.3-2 (bug #365940; medium)
CVE-2006-2223 (RIPd in Quagga 0.98 and 0.99 before 20060503 does not properly impleme ...)
	{DSA-1059-1}
	- quagga 0.99.3-2 (bug #365940; medium)
CVE-2006-2222 (Buffer overflow in zawhttpd 0.8.23, and possibly previous versions, al ...)
	NOT-FOR-US: zawhttpd
CVE-2006-2221 (A third-party installer generation tool, possibly BitRock InstallBuild ...)
	- ejabberd <not-affected> (only binary distribution is affected)
CVE-2006-2220 (phpBB 2.0.20 does not properly verify user-specified input variables u ...)
	- phpbb2 <unfixed> (unimportant)
	NOTE: SQL query disclosure
CVE-2006-2219 (phpBB 2.0.20 does not verify user-specified input variable types befor ...)
	- phpbb2 <unfixed> (unimportant)
	NOTE: path disclosure
CVE-2006-2218 (Unspecified vulnerability in Internet Explorer 6.0 on Microsoft Window ...)
	NOT-FOR-US: MS IE
CVE-2006-2217 (SQL injection vulnerability in index.php in Invision Power Board allow ...)
	NOT-FOR-US: Invision Power Board
CVE-2006-2216 (Open Bulletin Board (OpenBB) 1.0.8 allows remote attackers to obtain t ...)
	NOT-FOR-US: OpenBB
CVE-2006-2215
	REJECTED
CVE-2006-XXXX [cyrus-imapd allows user probes]
	- cyrus-imapd-2.2 2.2.13-3
	- kolab-cyrus-imapd 2.2.13-1
CVE-2006-2214 (Multiple SQL injection vulnerabilities in 4images 1.7.1 and earlier al ...)
	NOT-FOR-US: 4images
CVE-2006-2213 (Hostapd 0.3.7-2 allows remote attackers to cause a denial of service ( ...)
	{DSA-1065-1}
	- hostapd 1:0.5.0-1 (bug #365897; high)
CVE-2006-2212 (Buffer overflow in KarjaSoft Sami FTP Server 2.0.2 and earlier allows  ...)
	NOT-FOR-US: KarjaSoft Sami FTP Server
CVE-2006-2211 (Absolute path traversal vulnerability in index.php in 321soft PhP-Gall ...)
	NOT-FOR-US: 321soft PhP-Gallery
CVE-2006-2210 (Cross-site scripting (XSS) vulnerability in index.php in 321soft PhP-G ...)
	NOT-FOR-US: 321soft PhP-Gallery
CVE-2006-2209 (Multiple SQL injection vulnerabilities in index.php in PHP Arena paChe ...)
	NOT-FOR-US: paCheckBook
CVE-2006-2208 (Multiple cross-site scripting (XSS) vulnerabilities in mynews.inc.php  ...)
	NOT-FOR-US: paCheckBook
CVE-2006-2207
	RESERVED
CVE-2006-2206 (The MS-Logon authentication scheme in UltraVNC (aka Ultr@VNC) 1.0.1 us ...)
	NOT-FOR-US: UltraVNC
CVE-2006-2205 (The audio_write function in NetBSD 3.0 allows local users to cause a d ...)
	NOT-FOR-US: NetBSD kernel
CVE-2006-2204 (SQL injection vulnerability in the topic deletion functionality (post_ ...)
	NOT-FOR-US: Invision Power Board
CVE-2006-2203 (Unspecified vulnerability in Kerio MailServer before 6.1.4 has unknown ...)
	NOT-FOR-US: Kerio MailServer
CVE-2006-2202 (SQL injection vulnerability in post.php in Invision Gallery 2.0.6 allo ...)
	NOT-FOR-US: Invision Gallery
CVE-2006-2201 (Unspecified vulnerability in CA Resource Initialization Manager (CAIRI ...)
	NOT-FOR-US: CA Resource Initialization Manager
CVE-2006-2200 (Stack-based buffer overflow in libmms, as used by (a) MiMMS 0.0.9 and  ...)
	- libmms 0.2-7 (bug #374577; medium)
	- mimms 2.0.0-1 (bug #374577; medium)
	- xine-lib 1.1.2-2 (bug #374577; unimportant)
	NOTE: Not exploitable within xine, as alloced buffer are large enough
CVE-2006-2199 (Unspecified vulnerability in Java Applets in OpenOffice.org 1.1.x (aka ...)
	{DSA-1104}
	- openoffice.org 2.0.3-1
CVE-2006-2198 (OpenOffice.org (aka StarOffice) 1.1.x up to 1.1.5 and 2.0.x before 2.0 ...)
	{DSA-1104}
	- openoffice.org 2.0.3-1
CVE-2006-2197 (Integer overflow in wv2 before 0.2.3 might allow context-dependent att ...)
	{DSA-1100}
	- wv2 0.2.2-6 (medium)
CVE-2006-2196 (Unspecified vulnerability in pinball 0.3.1 allows local users to gain  ...)
	{DSA-1102}
	- pinball 0.3.1-6
CVE-2006-2195 (Cross-site scripting (XSS) vulnerability in horde 3 (horde3) before 3. ...)
	{DSA-1099-1 DSA-1098-1}
	- horde3 3.1.1-3
CVE-2006-2194 (The winbind plugin in pppd for ppp 2.4.4 and earlier does not check th ...)
	{DSA-1106}
	- ppp 2.4.4rel-1 (medium)
CVE-2006-2193 (Buffer overflow in the t2p_write_pdf_string function in tiff2pdf in li ...)
	{DSA-1091-1}
	- tiff 3.8.2-4 (bug #371064; bug #370355; medium)
	- tiff3 <not-affected> (fixed prior to initial upload)
CVE-2006-2191
	- mailman 1:2.1.9-1 (unimportant)
	NOTE: https://mail.python.org/pipermail/mailman-announce/2006-September/000087.html
	NOTE: not exploitable
CVE-2006-2190 (Cross-site scripting (XSS) vulnerability in ow-shared.pl in OpenWebMai ...)
	NOT-FOR-US: OpenWebMail
CVE-2006-2189 (SQL injection vulnerability in search.php in Servous sBLOG 0.7.2 allow ...)
	NOT-FOR-US: Servous sBLOG
CVE-2006-2188 (Multiple cross-site scripting (XSS) vulnerabilities in CMScout 1.10 an ...)
	NOT-FOR-US: CMScout
CVE-2006-2187 (Multiple cross-site scripting (XSS) vulnerabilities in zenphoto 1.0.1  ...)
	NOT-FOR-US: zenphoto
CVE-2006-2186 (zenphoto 1.0.1 beta and earlier allow remote attackers to obtain sensi ...)
	NOT-FOR-US: zenphoto
CVE-2006-2185 (PORTAL.NLM in Novell Netware 6.5 SP5 writes the username and password  ...)
	NOT-FOR-US: Novell
CVE-2006-2184 (Cross-site scripting (XSS) vulnerability in search.php in PHPKB Knowle ...)
	NOT-FOR-US: PHPKB Knowledge Base
CVE-2006-2183 (Untrusted search path vulnerability in Truecrypt 4.1, when running sui ...)
	NOT-FOR-US: Truecrypt
CVE-2006-2182 (Multiple PHP remote file inclusion vulnerabilities in (1) eday.php, (2 ...)
	NOT-FOR-US: albinator
CVE-2006-2181 (Multiple cross-site scripting (XSS) vulnerabilities in Albinator 2.0.8 ...)
	NOT-FOR-US: albinator
CVE-2006-2180 (Buffer overflow in Golden FTP Server Pro 2.70 allows remote attackers  ...)
	NOT-FOR-US: Golden FTP Server Pro
CVE-2006-2179 (Multiple SQL injection vulnerabilities in CyberBuild allow remote atta ...)
	NOT-FOR-US: CyberBuild
CVE-2006-2178 (Multiple cross-site scripting (XSS) vulnerabilities in CyberBuild allo ...)
	NOT-FOR-US: CyberBuild
CVE-2006-2177 (Cross-site scripting (XSS) vulnerability in viewcat.php in geoBlog 1.0 ...)
	NOT-FOR-US: geoBlog
CVE-2006-2176 (Multiple cross-site scripting (XSS) vulnerabilities in links.php in PH ...)
	NOT-FOR-US: PHP Linkliste
CVE-2006-2175 (PHP remote file inclusion vulnerability in FtrainSoft Fast Click 2.3.8 ...)
	NOT-FOR-US: Fast Click
CVE-2006-2174 (Multiple cross-site scripting (XSS) vulnerabilities in admin/server_da ...)
	NOT-FOR-US: Virtual Hosting Control System (VHCS)
CVE-2006-2173 (Buffer overflow in FileZilla FTP Server 2.2.22 allows remote authentic ...)
	NOT-FOR-US: FileZilla FTP Server
CVE-2006-2172 (Buffer overflow in Gene6 FTP Server 3.1.0 allows remote authenticated  ...)
	NOT-FOR-US: Gene6 FTP Server
CVE-2006-2171 (Buffer overflow in WDM.exe in WarFTPD allows remote attackers to execu ...)
	NOT-FOR-US: WarFTPD
CVE-2006-2170 (Buffer overflow in ArgoSoft FTP Server 1.4.3.6 allows remote attackers ...)
	NOT-FOR-US: ArgoSoft FTP Server
CVE-2006-2169 (RT: Request Tracker 3.5.HEAD allows remote attackers to obtain sensiti ...)
	- request-tracker3.4 <not-affected> (file not included in 3.4)
CVE-2006-2168 (FileProtection Express 1.0.1 and earlier allows remote attackers to by ...)
	NOT-FOR-US: FileProtection Express
CVE-2006-2167 (Cross-site scripting (XSS) vulnerability in SloughFlash SF-Users 1.0,  ...)
	NOT-FOR-US: SloughFlash
CVE-2006-2166 (Unspecified vulnerability in the HTTP management interface in Cisco Un ...)
	NOT-FOR-US: Cisco
CVE-2006-2165 (Multiple cross-site scripting (XSS) vulnerabilities in Avactis Shoppin ...)
	NOT-FOR-US: Avactis
CVE-2006-2164 (Multiple SQL injection vulnerabilities in Avactis Shopping Cart 0.1.2  ...)
	NOT-FOR-US: Avactis
CVE-2006-2163 (Cross-site scripting (XSS) vulnerability in index.php in Pinnacle Cart ...)
	NOT-FOR-US: Pinnacle
CVE-2006-2162 (Buffer overflow in CGI scripts in Nagios 1.x before 1.4 and 2.x before ...)
	{DSA-1072-1}
	- nagios 2:1.4-1 (bug #366682; bug #366803; medium)
	- nagios2 2.3-1 (bug #366683; medium)
CVE-2006-2161 (Buffer overflow in (1) TZipBuilder 1.79.03.01, (2) Abakt 0.9.2 and 0.9 ...)
	NOT-FOR-US: TZipBuilder/Abakt
CVE-2006-2160 (Cross-site scripting (XSS) vulnerability in Russcom Network Loginphp ( ...)
	NOT-FOR-US: Russcom
CVE-2006-2159 (CRLF injection vulnerability in help.php in Russcom Network Loginphp a ...)
	NOT-FOR-US: Russcom
CVE-2006-2158 (Dynamic variable evaluation vulnerability in index.php in Stadtaus Gue ...)
	NOT-FOR-US: Stadtaus
CVE-2006-2157 (SQL injection vulnerability in gallery.php in Plogger Beta 2.1 and ear ...)
	NOT-FOR-US: Plogger
CVE-2006-2156 (Directory traversal vulnerability in help/index.php in X7 Chat 2.0 and ...)
	NOT-FOR-US: X7 Chat
CVE-2006-2155 (EMC Retrospect for Windows 6.5 before 6.5.382, 7.0 before 7.0.344, and ...)
	NOT-FOR-US: EMC Retrospect
CVE-2006-2154 (EMC Retrospect for Windows 6.5 before 6.5.382, 7.0 before 7.0.344, and ...)
	NOT-FOR-US: EMC Retrospect
CVE-2006-2153 (Cross-site scripting (XSS) vulnerability in HTM_PASSWD in DirectAdmin  ...)
	NOT-FOR-US: DirectAdmin
CVE-2006-2152 (PHP remote file inclusion vulnerability in admin/addentry.php in phpBB ...)
	NOT-FOR-US: phpBB Advanced Guestbook
CVE-2006-2151 (PHP remote file inclusion vulnerability in toplist.php in phpBB TopLis ...)
	NOT-FOR-US: phpBB TopList
CVE-2006-2150 (PHP remote file inclusion vulnerability in top/list.php in phpBB TopLi ...)
	NOT-FOR-US: phpBB TopList
CVE-2006-2149 (PHP remote file inclusion vulnerability in sources/lostpw.php in Aardv ...)
	NOT-FOR-US: Aardvark Topsites
CVE-2006-2147 (resmgrd in resmgr for SUSE Linux and other distributions does not prop ...)
	{DSA-1047-1}
	- resmgr 1.0-4 (low)
CVE-2006-2146 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in HB ...)
	NOT-FOR-US: HB-NS
CVE-2006-2145 (Multiple SQL injection vulnerabilities in index.php in HB-NS 1.1.6 all ...)
	NOT-FOR-US: HB-NS
CVE-2006-2144 (PHP remote file inclusion vulnerability in kopf.php in DMCounter 0.9.2 ...)
	NOT-FOR-US: DMCounter
CVE-2006-2143 (Multiple cross-site scripting (XSS) vulnerabilities in TextFileBB 1.0. ...)
	NOT-FOR-US: TextFileBB
CVE-2006-2142 (PHP remote file inclusion vulnerability in classes/adodbt/sql.php in L ...)
	NOT-FOR-US: Limbo
CVE-2006-2141 (Cross-site scripting (XSS) vulnerability in popup_image in Collaborati ...)
	NOT-FOR-US: Collaborative Portal Server
CVE-2006-2140 (Multiple cross-site scripting (XSS) vulnerabilities in OrbitHYIP 2.0 a ...)
	NOT-FOR-US: OrbitHYIP
CVE-2006-2139 (Multiple SQL injection vulnerabilities in PHP Newsfeed 20040723 allow  ...)
	NOT-FOR-US: PHP Newsfeed
CVE-2006-2138 (Cross-site scripting (XSS) vulnerability in neomail.pl in NeoMail 1.29 ...)
	NOT-FOR-US: NeoMail
CVE-2006-2137 (PHP remote file inclusion vulnerability in master.php in OpenPHPNuke a ...)
	NOT-FOR-US: OpenPHPNuke
CVE-2006-2136 (SQL injection vulnerability in news.php in AZNEWS allows remote attack ...)
	NOT-FOR-US: AZNEWS
CVE-2006-2135 (SQL injection vulnerability in login.php in Ruperts News allows remote ...)
	NOT-FOR-US: Ruperts News
CVE-2006-2134 (PHP remote file inclusion vulnerability in /includes/kb_constants.php  ...)
	NOT-FOR-US: phpbb2 mod
CVE-2006-2148 (Multiple buffer overflows in client.c in CGI:IRC (CGIIRC) before 0.5.8 ...)
	{DSA-1052-1}
	- cgiirc 0.5.9-1 (bug #365680; medium)
	[sarge] - cgiirc 0.5.4-6sarge1 (bug #365680; medium)
CVE-2006-2133 (SQL injection vulnerability in index.php in BoonEx Barracuda 1.1 and e ...)
	NOT-FOR-US: BoonEx Barracuda
CVE-2006-2132 (SQL injection vulnerability in detail.asp in DUclassified allows remot ...)
	NOT-FOR-US: DUclassified
CVE-2006-2131 (include/class_poll.php in Advanced Poll 2.0.4 uses the HTTP_X_FORWARDE ...)
	NOT-FOR-US: Advanced Poll
CVE-2006-2130 (SQL injection vulnerability in include/class_poll.php in Advanced Poll ...)
	NOT-FOR-US: Advanced Poll
CVE-2006-2129 (Direct static code injection vulnerability in Pro Publish 2.0 allows r ...)
	NOT-FOR-US: Pro Publish
CVE-2006-2128 (Multiple SQL injection vulnerabilities in Pro Publish 2.0 allow remote ...)
	NOT-FOR-US: Pro Publish
CVE-2006-2127 (SQL injection vulnerability in weblog_posting.php in Blog Mod 0.2.x al ...)
	NOT-FOR-US: Blog Mod
CVE-2006-2126 (SQL injection vulnerability in pocategories.php in MaxTrade 1.0.1 and  ...)
	NOT-FOR-US: MaxTrade
CVE-2006-2125
	REJECTED
CVE-2006-2124 (Multiple cross-site scripting (XSS) vulnerabilities in SunShop 3.5 and ...)
	NOT-FOR-US: SunShop
CVE-2006-2123 (Multiple SQL injection vulnerabilities in the report interface in Netw ...)
	NOT-FOR-US: Network Administration Visualiazed
CVE-2006-2122 (PHP remote file inclusion vulnerability in index.php in CoolMenus allo ...)
	NOT-FOR-US: CoolMenus
CVE-2006-2121 (PHP remote file include vulnerability in admin/config_settings.tpl.php ...)
	NOT-FOR-US: I-RATER Platinum
CVE-2006-2120 (The TIFFToRGB function in libtiff before 3.8.1 allows remote attackers ...)
	{DSA-1078-1}
	- tiff 3.8.1 (bug #366588; medium)
	- tiff3 <not-affected> (fixed prior to initial upload)
CVE-2006-2119 (PHP remote file inclusion vulnerability in event/index.php in Artmedic ...)
	NOT-FOR-US: Artmedic
CVE-2006-2118 (JMK's Picture Gallery allows remote attackers to bypass authentication ...)
	NOT-FOR-US: JMK
CVE-2006-2117 (Cross-site scripting (XSS) vulnerability in Thyme 1.3 allows remote at ...)
	NOT-FOR-US: Thyme
CVE-2006-2116 (planetGallery allows remote attackers to gain administrator privileges ...)
	NOT-FOR-US: planetGallery
CVE-2006-2115 (Format string vulnerability in SWS web Server 0.1.7 allows remote atta ...)
	NOT-FOR-US: SWS
CVE-2006-2114 (Buffer overflow in SWS web Server 0.1.7 allows remote attackers to exe ...)
	NOT-FOR-US: SWS
CVE-2006-2113 (The embedded HTTP server in Fuji Xerox Printing Systems (FXPS) print e ...)
	NOT-FOR-US: Fuji Xerox Printing Systems
CVE-2006-2112 (Fuji Xerox Printing Systems (FXPS) print engine, as used in products i ...)
	NOT-FOR-US: Fuji Xerox Printing Systems
CVE-2006-2111 (A component in Microsoft Outlook Express 6 allows remote attackers to  ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2006-2110 (Virtual Private Server (Vserver) 2.0.x before 2.0.2-rc18 and 2.1.x bef ...)
	{DSA-1060-1}
	- kernel-patch-vserver 2:2.0.1-4 (low)
	- linux-2.6 2.6.16-11 (low)
CVE-2006-2109 (Cross-site scripting (XSS) vulnerability in the parse_query_str functi ...)
	NOTE: #357204: request for removal
	- jsboard 2.0.10-2 (bug #368305; low)
CVE-2006-2108 (parser.exe in Oc&#233; (OCE) 3121/3122 Printer allows remote attackers ...)
	NOT-FOR-US: OCE
CVE-2006-2107 (Buffer overflow in BL4 SMTP Server 0.1.4 and earlier allows remote att ...)
	NOT-FOR-US: BL4
CVE-2006-2106 (Cross-site scripting (XSS) vulnerability in Edgewall Software Trac 0.9 ...)
	- trac 0.9.5-1 (medium)
	[sarge] - trac <unfixed> (medium)
	NOTE: http://trac.edgewall.org/changeset/3201
	NOTE: http://trac.edgewall.org/changeset/3287
	NOTE: the second reference fixes a regression in the first. i *believe*
	NOTE: that these correctly solve the problem, though we really ought
	NOTE: to run this by upstream or the reporter.
CVE-2006-2105 (Directory traversal vulnerability in index.php in Jupiter CMS 1.1.4 an ...)
	NOT-FOR-US: Jupiter
CVE-2006-2104 (Multiple cross-site scripting (XSS) vulnerabilities in Kamgaing Email  ...)
	NOT-FOR-US: Kamgaing
CVE-2006-2103 (SQL injection vulnerability in MyBB (MyBulletinBoard) 1.1.1 allows rem ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2006-2102 (Directory traversal vulnerability in PowerISO 2.9 allows remote attack ...)
	NOT-FOR-US: PowerISO
CVE-2006-2101 (Directory traversal vulnerability in WinISO 5.3 allows remote attacker ...)
	NOT-FOR-US: WinISO
CVE-2006-2100 (Directory traversal vulnerability in Magic ISO 5.0 Build 0166 allows r ...)
	NOT-FOR-US: Magic ISO
CVE-2006-2099 (Directory traversal vulnerability in UltraISO 8.0.0.1392 allows remote ...)
	NOT-FOR-US: UltraISO
CVE-2006-2098 (PHP remote file inclusion vulnerability in Thumbnail AutoIndex before  ...)
	NOT-FOR-US: Thumbnail AutoIndex
CVE-2006-2097 (SQL injection vulnerability in func_msg.php in Invision Power Board (I ...)
	NOT-FOR-US: Invision
CVE-2006-2096 (plug.php in Land Down Under (LDU) 802 and earlier allows remote attack ...)
	NOT-FOR-US: LDU
CVE-2006-2095 (Phex before 2.8.6 allows remote attackers to cause a denial of service ...)
	NOT-FOR-US: Phex
CVE-2006-2094 (Microsoft Internet Explorer before Windows XP Service Pack 2 and Windo ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2006-2093 (Nessus before 2.2.8, and 3.x before 3.0.3, allows user-assisted attack ...)
	- libnasl 2.2.8-1 (bug #365898; low)
	[sarge] - libnasl <no-dsa> (Hardly exploitable, see #365898)
CVE-2006-2092 (Unspecified vulnerability in HP StorageWorks Secure Path for Windows 4 ...)
	NOT-FOR-US: HP
CVE-2006-2091 (admin.php in Virtual War (VWar) 1.5 and versions before 1.2 allows rem ...)
	NOT-FOR-US: Virtual War
CVE-2006-2090 (Multiple SQL injection vulnerabilities in misc.php in MySmartBB 1.1.x  ...)
	NOT-FOR-US: MySmartBB
CVE-2006-2089 (Multiple cross-site scripting (XSS) vulnerabilities in misc.php in MyS ...)
	NOT-FOR-US: OpenBB
CVE-2006-2088 (Multiple cross-site scripting (XSS) vulnerabilities in Devsyn Open Bul ...)
	NOT-FOR-US: OpenBB
CVE-2006-2087 (The Gmax Mail client in Hitachi Groupmax before 20060426 allows remote ...)
	NOT-FOR-US: Hitachi Groupmax
CVE-2006-2086 (Buffer overflow in JuniperSetupDLL.dll, loaded from JuniperSetup.ocx b ...)
	NOT-FOR-US: juniper SSL-VPN
CVE-2006-2085 (Multiple buffer overflows in (1) CxAce60.dll and (2) CxAce60u.dll in S ...)
	NOT-FOR-US: SpeedProject Squeez
CVE-2006-2084 (Multiple cross-site scripting (XSS) vulnerabilities in FarsiNews 2.5.3 ...)
	NOT-FOR-US: FarsiNews
CVE-2006-2083 (Integer overflow in the receive_xattr function in the extended attribu ...)
	- rsync 2.6.8-1 (bug #365614; high)
	[sarge] - rsync <not-affected> (xattr patch appeared in 2.6.7)
	[woody] - rsync <not-affected> (xattr patch appeared in 2.6.7)
CVE-2006-2082 (Directory traversal vulnerability in Quake 3 engine, as used in produc ...)
	- ioquake3 1.36+svn1788j-1
	- tremulous 1.1.0-6 (bug #660831)
	[squeeze] - tremulous 1.1.0-7~squeeze1
CVE-2006-2081 (Oracle Database Server 10g Release 2 allows local users to execute arb ...)
	NOT-FOR-US: Oracle
CVE-2006-2080 (SQL injection vulnerability in portfolio_photo_popup.php in Verosky Me ...)
	NOT-FOR-US: Verosky
CVE-2006-2079 (Cross-site scripting (XSS) vulnerability in portfolio.php in Verosky M ...)
	NOT-FOR-US: Verosky
CVE-2006-2078 (Multiple unspecified vulnerabilities in multiple FITELnet products, in ...)
	NOT-FOR-US: FITELnet
CVE-2006-2077 (Buffer overflow in Paul Rombouts pdnsd before 1.2.4 has unknown impact ...)
	- pdnsd 1.2.4par-0.1 (bug #368268; medium)
CVE-2006-2076 (Memory leak in Paul Rombouts pdnsd before 1.2.4 allows remote attacker ...)
	- pdnsd 1.2.4par-0.1 (bug #368268; medium)
CVE-2006-2075 (Unspecified vulnerability in MyDNS 1.1.0 allows remote attackers to ca ...)
	[sarge] - mydns 1.0.0-4sarge1
	- mydns 1.1.0+pre-3 (medium; bug #348826)
CVE-2006-2074 (Unspecified vulnerability in Juniper Networks JUNOSe E-series routers  ...)
	NOT-FOR-US: Juniper Networks JUNOSe
CVE-2006-2073 (Unspecified vulnerability in ISC BIND allows remote attackers to cause ...)
	- bind9 1:9.3.3-1 (low)
	NOTE: Only exploitable by trusted users after TSIG transaction
	NOTE: https://lists.isc.org/pipermail/bind-users/2011-October/085298.html
CVE-2006-2072 (Multiple unspecified vulnerabilities in DeleGate 9.x before 9.0.6 and  ...)
	NOT-FOR-US: DeleGate
CVE-2006-2071 (Linux kernel 2.4.x and 2.6.x up to 2.6.16 allows local users to bypass ...)
	- linux-2.6 2.6.16-8
CVE-2006-2070 (Cross-site scripting (XSS) vulnerability in member.php in DevBB 1.0.0  ...)
	NOT-FOR-US: DevBB
CVE-2006-2069 (The recursor in PowerDNS before 3.0.1 allows remote attackers to cause ...)
	- pdns-recursor 3.0.1-1 (medium)
CVE-2006-2068 (Unspecified vulnerability in Hitachi JP1 products allow remote attacke ...)
	NOT-FOR-US: Hitachi JP1
CVE-2006-2067 (SQL injection vulnerability in vb_board_functions.php in MKPortal 1.1, ...)
	NOT-FOR-US: MKPortal
CVE-2006-2066 (Multiple cross-site scripting (XSS) vulnerabilities pm_popup.php in MK ...)
	NOT-FOR-US: MKPortal
CVE-2006-2065 (SQL injection vulnerability in save.php in PHPSurveyor 0.995 and earli ...)
	NOT-FOR-US: PHPSurveyor
CVE-2006-2064 (Unspecified vulnerability in the libpkcs11 library in Sun Solaris 10 m ...)
	NOT-FOR-US: Sun
CVE-2006-2063 (Multiple cross-site scripting (XSS) vulnerabilities in Leadhound Full  ...)
	NOT-FOR-US: Leadhound
CVE-2006-2062 (Multiple SQL injection vulnerabilities in Leadhound Full and LITE 2.1, ...)
	NOT-FOR-US: Leadhound
CVE-2006-2061 (SQL injection vulnerability in lib/func_taskmanager.php in Invision Po ...)
	NOT-FOR-US: Invision
CVE-2006-2060 (Directory traversal vulnerability in action_admin/paysubscriptions.php ...)
	NOT-FOR-US: Invision
CVE-2006-2059 (action_public/search.php in Invision Power Board (IPB) 2.1.x and 2.0.x ...)
	NOT-FOR-US: Invision
CVE-2006-2058 (Argument injection vulnerability in Avant Browser 10.1 Build 17 allows ...)
	NOT-FOR-US: Avant
CVE-2006-2057 (Argument injection vulnerability in Mozilla Firefox 1.0.6 allows user- ...)
	NOT-FOR-US: Only on Windows
CVE-2006-2056 (Argument injection vulnerability in Internet Explorer 6 for Windows XP ...)
	NOT-FOR-US: Microsoft
CVE-2006-2055 (Argument injection vulnerability in Microsoft Outlook 2003 SP1 allows  ...)
	NOT-FOR-US: Micrsoft Outlook
CVE-2006-2054 (3Com Baseline Switch 2848-SFP Plus Model #3C16486 with firmware before ...)
	NOT-FOR-US: 3Com
CVE-2006-2053 (Multiple SQL injection vulnerabilities in QuickEStore 7.9 and earlier  ...)
	NOT-FOR-US: QuickEStore
CVE-2006-2052 (Cross-site scripting (XSS) vulnerability in Verosky Media Instant Phot ...)
	NOT-FOR-US: Verosky
CVE-2006-2051 (Multiple cross-site scripting (XSS) vulnerabilities in myadmin/index.p ...)
	NOT-FOR-US: NextAge
CVE-2006-2050 (SQL injection vulnerability in dcboard.cgi in DCScripts DCForumLite 3. ...)
	NOT-FOR-US: DCScripts
CVE-2006-2049 (Cross-site scripting (XSS) vulnerability in dcboard.cgi in DCScripts D ...)
	NOT-FOR-US: DCScripts
CVE-2006-2048 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in Ed ...)
	NOT-FOR-US: phpWebFTP
CVE-2006-2047 (Application Dynamics Cartweaver ColdFusion 2.16.11 and earlier allows  ...)
	NOT-FOR-US: ColdFusion
CVE-2006-2046 (Multiple SQL injection vulnerabilities in Application Dynamics Cartwea ...)
	NOT-FOR-US: ColdFusion
CVE-2006-2045 (The (1) shadow password file in na-img-4.0.34.bin for the IP3 Networks ...)
	NOT-FOR-US: IP3
CVE-2006-2044 (na-img-4.0.34.bin for the IP3 Networks NetAccess NA75 has a default us ...)
	NOT-FOR-US: IP3
CVE-2006-2043 (na-img-4.0.34.bin for the IP3 Networks NetAccess NA75 allows local use ...)
	NOT-FOR-US: IP3
CVE-2006-2042 (Adobe Dreamweaver 8 before 8.0.2 and MX 2004 can generate code that al ...)
	NOT-FOR-US: Adobe
CVE-2006-2041 (PhpWebGallery before 1.6.0RC1 allows remote attackers to obtain arbitr ...)
	NOT-FOR-US: PhpWebGallery
CVE-2006-2040 (Multiple SQL injection vulnerabilities in photokorn 1.53 and 1.542 all ...)
	NOT-FOR-US: photokorn
CVE-2006-2039 (Multiple SQL injection vulnerabilities in the osTicket module in Help  ...)
	NOT-FOR-US: Help Center Live
CVE-2006-2038 (Multiple SQL injection vulnerabilities in ampleShop 2.1 and earlier al ...)
	NOT-FOR-US: ampleShop
CVE-2006-2037 (Cross-site scripting (XSS) vulnerability in index.php in Thwboard 3.0  ...)
	NOT-FOR-US: Thwboard
CVE-2006-2036 (iOpus Secure Email Attachments (SEA), probably 1.0, does not properly  ...)
	NOT-FOR-US: iOpus
CVE-2006-2035 (Websense, when configured to permit access to the dynamic content cate ...)
	NOT-FOR-US: Websense
CVE-2006-2034 (SQL injection vulnerability in function/showprofile.php in FlexBB 0.5. ...)
	NOT-FOR-US: FlexBB
CVE-2006-2033 (PHP remote file inclusion vulnerability in Core CoreNews 2.0.1 and ear ...)
	NOT-FOR-US: Core
CVE-2006-2032 (Multiple SQL injection vulnerabilities in Core CoreNews 2.0.1 and earl ...)
	NOT-FOR-US: Core
CVE-2006-2031 (Cross-site scripting (XSS) vulnerability in index.php in phpMyAdmin 2. ...)
	- phpmyadmin 4:2.8.1-1 (bug #363519; low)
	[sarge] - phpmyadmin <not-affected> (Vulnerable code not present)
	NOTE: https://www.phpmyadmin.net/security/PMASA-2006-2/
	NOTE: The first linked commit is the official one for linked in PMASA
	NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/79f778db99ac05e2028166d5a61ed25591e348c3
	NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/fad722d2f488375f9cc94c0c75326e661c280ecc
CVE-2006-2030 (The Allied Telesyn AT-9724TS switch allows remote attackers to cause a ...)
	NOT-FOR-US: Allied Telesyn
CVE-2006-2029 (Multiple SQL injection vulnerabilities in Jeremy Ashcraft Simplog 0.9. ...)
	NOT-FOR-US: Simplog
CVE-2006-2028 (Cross-site scripting (XSS) vulnerability in imagelist.php in Jeremy As ...)
	NOT-FOR-US: Simplog
CVE-2006-2027 (Buffer overflow in Unicode processing in the logging functionality in  ...)
	NOT-FOR-US: Pablo Software
CVE-2006-2026 (Double free vulnerability in tif_jpeg.c in libtiff before 3.8.1 allows ...)
	{DSA-1054-1}
	[sarge] - tiff 3.7.2-3sarge1
	[woody] - tiff 3.5.5-7woody1
	- tiff 3.8.1
	- tiff3 <not-affected> (fixed prior to initial upload)
CVE-2006-2025 (Integer overflow in the TIFFFetchData function in tif_dirread.c for li ...)
	{DSA-1054-1}
	[sarge] - tiff 3.7.2-3sarge1
	[woody] - tiff 3.5.5-7woody1
	- tiff 3.8.1
	- tiff3 <not-affected> (fixed prior to initial upload)
CVE-2006-2024 (Multiple vulnerabilities in libtiff before 3.8.1 allow context-depende ...)
	{DSA-1054-1}
	[sarge] - tiff 3.7.2-3sarge1
	[woody] - tiff 3.5.5-7woody1
	- tiff 3.8.1
	- tiff3 <not-affected> (fixed prior to initial upload)
CVE-2006-2023 (Integer overflow in the RTSP_msg_len function in rtsp/RTSP_msg_len.c i ...)
	NOT-FOR-US: Fenice
CVE-2006-2022 (Buffer overflow in the parse_url function in the RTSP module (rtsp/par ...)
	NOT-FOR-US: Fenice
CVE-2006-2021 (Absolute path traversal vulnerability in recordings/misc/audio.php in  ...)
	NOT-FOR-US: Asterisk@Home
CVE-2006-2020 (Asterisk Recording Interface (ARI) in Asterisk@Home before 2.8 stores  ...)
	NOT-FOR-US: Asterisk@Home
CVE-2006-2019 (Apple Mac OS X Safari 2.0.3, 1.3.1, and possibly other versions allows ...)
	NOT-FOR-US: Apple
CVE-2006-XXXX [librsvg2 crash on certain svg files]
	- librsvg 2.14.3-2 (bug #361653; bug #361540; medium)
CVE-2006-2018 (SQL injection vulnerability in calendar.php in vBulletin 3.0.x allows  ...)
	NOT-FOR-US: vBulletin
CVE-2006-2017 (Dnsmasq 2.29 allows remote attackers to cause a denial of service (app ...)
	- dnsmasq 2.30-1 (medium)
	[sarge] - dnsmasq <not-affected> (Vulnerability was introduced in 2.28)
CVE-2006-2016 (Multiple cross-site scripting (XSS) vulnerabilities in phpLDAPadmin 0. ...)
	{DSA-1057-1}
	- phpldapadmin 0.9.8.3-1 (bug #365313; low)
	- egroupware 1.2-104.dfsg-1 (bug #365314; low)
	NOTE: egroupware 1.2-1.dfsg-1 dropped phpldapadmin
CVE-2006-2015 (Cross-site scripting (XSS) vulnerability in SL_site 1.0 allows remote  ...)
	NOT-FOR-US: SL_site
CVE-2006-2014 (Directory traversal vulnerability in gallerie.php in SL_site 1.0 allow ...)
	NOT-FOR-US: SL_site
CVE-2006-2013 (SQL injection vulnerability in page.php in SL_site 1.0 allows remote a ...)
	NOT-FOR-US: SL_site
CVE-2006-2012 (Format string vulnerability in Skulltag 0.96f and earlier allows remot ...)
	NOT-FOR-US: Skulltag
CVE-2006-2011 (Cross-site scripting (XSS) vulnerability in member.php in 4images 1.7  ...)
	NOT-FOR-US: 4images
CVE-2006-2010 (Multiple SQL injection vulnerabilities in check_login.asp in Bloggage  ...)
	NOT-FOR-US: Bloggage
CVE-2006-2009 (PHP remote file inclusion vulnerability in agenda.php3 in phpMyAgenda  ...)
	NOT-FOR-US: phpMyAgenda
CVE-2006-2008 (PHP remote file inclusion vulnerability in movie_cls.php in Built2Go P ...)
	NOT-FOR-US: Built2Go
CVE-2006-2007 (Heap-based buffer overflow in Winny 2.0 b7.1 and earlier allows remote ...)
	NOT-FOR-US: Winny
CVE-2006-2006 (Multiple directory traversal vulnerabilities in IZArc Archiver 3.5 bet ...)
	NOT-FOR-US: IZArc Archiver
CVE-2006-2005 (Eval injection vulnerability in index.php in ClanSys 1.1 allows remote ...)
	NOT-FOR-US: ClanSys
CVE-2006-2004 (Multiple SQL injection vulnerabilities in RI Blog 1.1 allow remote att ...)
	NOT-FOR-US: RI Blog
CVE-2006-2003 (Cross-site scripting (XSS) vulnerability in cgi-bin/guest in Community ...)
	NOT-FOR-US: Community Architect Guestbook
CVE-2006-2002 (PHP remote file inclusion vulnerability in stats.php in MyGamingLadder ...)
	NOT-FOR-US: MyGamingLadder
CVE-2006-2001 (Cross-site scripting (XSS) vulnerability in index.php in Scry Gallery  ...)
	NOT-FOR-US: Scry Gallery
CVE-2006-2000 (Cross-site scripting (XSS) vulnerability in /lms/a2z.jsp in logMethods ...)
	NOT-FOR-US: logMethods
CVE-2006-1999 (The multiplayer menu in OpenTTD 0.4.7 allows remote attackers to cause ...)
	NOT-FOR-US: OpenTTD
CVE-2006-1998 (OpenTTD 0.4.7 and earlier allows local users to cause a denial of serv ...)
	NOT-FOR-US: OpenTTD
CVE-2006-1997 (Unspecified vulnerability in Sybase Pylon Anywhere groupware synchroni ...)
	NOT-FOR-US: Sybase Pylon Anywhere
CVE-2006-1996 (Scry Gallery 1.1 allows remote attackers to obtain sensitive informati ...)
	NOT-FOR-US: Scry Gallery
CVE-2006-1995 (Directory traversal vulnerability in index.php in Scry Gallery 1.1 all ...)
	NOT-FOR-US: Scry Gallery
CVE-2006-1994 (PHP remote file inclusion vulnerability in dForum 1.5 and earlier allo ...)
	NOT-FOR-US: dForum
CVE-2006-1992 (mshtml.dll 6.00.2900.2873, as used in Microsoft Internet Explorer, all ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2006-1991 (The substr_compare function in string.c in PHP 5.1.2 allows context-de ...)
	- php4 <not-affected> (substr_compare does not exist in PHP 4.4.2)
	- php5 5.1.4-0.1 (bug #365312; medium)
CVE-2006-1990 (Integer overflow in the wordwrap function in string.c in PHP 4.4.2 and ...)
	- php4 4:4.4.2-1.1 (bug #365311; unimportant)
	- php5 5.1.4-0.1 (bug #365312; unimportant)
	NOTE: This could only be exploited by a malicious, local user, which is an
	NOTE: unsupported use case
CVE-2006-1989 (Buffer overflow in the get_database function in the HTTP client in Fre ...)
	{DSA-1050-1}
	- clamav 0.88.2
	[sarge] - clamav 0.84-2.sarge.9
CVE-2006-1988 (The WebTextRenderer(WebInternal) _CG_drawRun:style:geometry: function  ...)
	NOT-FOR-US: Apple Safari
	NOTE: PoC exploit does not work with konqueror 4:3.5.2-2
CVE-2006-1987 (Apple Safari 2.0.3 allows remote attackers to cause a denial of servic ...)
	NOT-FOR-US: Apple Safari
	NOTE: PoC exploit does not work with konqueror 4:3.5.2-2
CVE-2006-1986 (Apple Safari 2.0.3 allows remote attackers to cause a denial of servic ...)
	NOT-FOR-US: Apple Safari
	NOTE: PoC exploit does not work with konqueror 4:3.5.2-2
CVE-2006-1985 (Heap-based buffer overflow in BOM BOMArchiveHelper 10.4 (6.3) Build 31 ...)
	NOT-FOR-US: BOMArchiveHelper
CVE-2006-1984 (Unspecified vulnerability in the _cg_TIFFSetField function in Mac OS X ...)
	NOT-FOR-US: Mac OS X
CVE-2006-1983 (Multiple heap-based buffer overflows in Mac OS X 10.4.6 and earlier al ...)
	NOT-FOR-US: Mac OS X
CVE-2006-1982 (Heap-based buffer overflow in the LZWDecodeVector function in Mac OS X ...)
	NOT-FOR-US: Mac OS X
CVE-2006-1981 (Unspecified vulnerability in Java InputMethods on Mac OS X 10.4.5 may  ...)
	NOT-FOR-US: Mac OS X
CVE-2006-1980 (Cross-site scripting (XSS) vulnerability in W2B Online Banking allows  ...)
	NOT-FOR-US: W2B Online Banking
CVE-2006-1979 (Cross-site scripting (XSS) vulnerability in mwguest.php in Manic Web M ...)
	NOT-FOR-US: Manic Web MWGuest
CVE-2006-1978 (SQL injection vulnerability in inc/start.php in FlexBB 0.5.5 and earli ...)
	NOT-FOR-US: FlexBB
CVE-2006-1977 (Cross-site scripting (XSS) vulnerability in FlexBB 0.5.7 BETA and earl ...)
	NOT-FOR-US: FlexBB
CVE-2006-1993 (Mozilla Firefox 1.5.0.2, when designMode is enabled, allows remote att ...)
	{DSA-1055-1 DSA-1053-1}
	- firefox 1.5.dfsg+1.5.0.3-1 (bug #364810; high)
	- mozilla <removed> (high)
	[sarge] - mozilla-thunderbird <no-dsa> (Not directly exploitable in Thunderbird)
CVE-2006-XXXX [typo3 mailforms can be abused to send spam]
	- typo3-src 4.0.2-1 (bug #364350)
CVE-2006-XXXX [moinmoin XSS]
	- moin 1.5.3-1
CVE-2006-1976 (Cross-site scripting (XSS) vulnerability in addRequest.php in Prayer R ...)
	NOT-FOR-US: Prayer Request Board
CVE-2006-1975 (Cross-site scripting (XSS) vulnerability in guestbook_newentry.php in  ...)
	NOT-FOR-US: PHP-Gastebuch
CVE-2006-1974 (SQL injection vulnerability in index.php in MyBB (MyBulletinBoard) bef ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2006-1973 (Multiple unspecified vulnerabilities in Linksys RT31P2 VoIP router all ...)
	NOT-FOR-US: Linksys router
CVE-2006-1972 (Cross-site scripting (XSS) vulnerability in EasyGallery.php in Wingnut ...)
	NOT-FOR-US: EasyGallery
CVE-2006-1971 (Cross-site scripting (XSS) vulnerability in login.php in KRANKIKOM Con ...)
	NOT-FOR-US: KRANKIKOM ContentBoxX
CVE-2006-1970 (Cross-site scripting (XSS) vulnerability in classifieds/viewcat.cgi in ...)
	NOT-FOR-US: KCScripts Classifieds
CVE-2006-1969 (Cross-site scripting (XSS) vulnerability in search/search.cgi in an un ...)
	NOT-FOR-US: KCScripts
CVE-2006-1968 (Cross-site scripting (XSS) vulnerability in news/NsVisitor.cgi in KCSc ...)
	NOT-FOR-US: KCScripts
CVE-2006-1967 (Cross-site scripting (XSS) vulnerability in calendar/Visitor.cgi in KC ...)
	NOT-FOR-US: KCScripts
CVE-2006-1966 (An unspecified Fortinet product, possibly Fortinet28, allows remote at ...)
	NOT-FOR-US: Fortinet
CVE-2006-1965 (Multiple cross-site scripting (XSS) vulnerabilities in aasi media Net  ...)
	NOT-FOR-US: Net Clubs Pro
CVE-2006-1964 (SQL injection vulnerability in Haberler.asp in ASPSitem 1.83 and earli ...)
	NOT-FOR-US: ASPSitem
CVE-2006-1963 (Directory traversal vulnerability in main.php in PCPIN Chat 5.0.4 and  ...)
	NOT-FOR-US: PCPIN Chat
CVE-2006-1962 (SQL injection vulnerability in PCPIN Chat 5.0.4 and earlier allows rem ...)
	NOT-FOR-US: PCPIN Chat
CVE-2006-1961 (Cisco CiscoWorks Wireless LAN Solution Engine (WLSE) and WLSE Express  ...)
	NOT-FOR-US: Cisco
CVE-2006-1960 (Cross-site scripting (XSS) vulnerability in the appliance web user int ...)
	NOT-FOR-US: Cisco
CVE-2006-1959 (PHP remote file inclusion vulnerability in direct.php in ActualScripts ...)
	NOT-FOR-US: ActualScripts ActualAnalyzer Lite
CVE-2006-1958 (Multiple SQL injection vulnerabilities in WWWThreads RC 3 allow remote ...)
	NOT-FOR-US: WWWThreads
CVE-2006-1957 (The com_rss option (rss.php) in (1) Mambo and (2) Joomla! allows remot ...)
	- mambo 4.6.1-4 (bug #364769; medium)
CVE-2006-1956 (The com_rss option (rss.php) in (1) Mambo and (2) Joomla! allows remot ...)
	- mambo 4.6.1-4 (bug #364769; medium)
CVE-2006-1955 (PHP remote file inclusion vulnerability in authent.php4 in Nicolas Fis ...)
	NOT-FOR-US: RechnungsZentrale
CVE-2006-1954 (SQL injection vulnerability in authent.php4 in Nicolas Fischer (aka NF ...)
	NOT-FOR-US: RechnungsZentrale
CVE-2006-1953 (Directory traversal vulnerability in Caucho Resin 3.0.17 and 3.0.18 fo ...)
	NOT-FOR-US: Caucho
CVE-2006-1952 (Directory traversal vulnerability in WinAgents TFTP Server for Windows ...)
	NOT-FOR-US: WinAgents TFTP Server for Windows
CVE-2006-1951 (Directory traversal vulnerability in SolarWinds TFTP Server 8.1 and ea ...)
	NOT-FOR-US: SolarWinds TFTP Server
CVE-2006-1950 (Multiple cross-site scripting (XSS) vulnerabilities in banners.cgi in  ...)
	NOT-FOR-US: PerlCoders BannerFarm
CVE-2006-1949 (SQL injection vulnerability in plexcart.pl in NicPlex PlexCart X3 and  ...)
	NOT-FOR-US: NicPlex PlexCart
CVE-2006-1948 (The "Add Sender to Address Book" operation (AddSenderToAddressBook.lss ...)
	NOT-FOR-US: Lotus Notes
CVE-2006-1947 (Multiple SQL injection vulnerabilities in plexum.php in NicPlex Plexum ...)
	NOT-FOR-US: NicPlex PlexCart
CVE-2006-1946 (Multiple cross-site scripting (XSS) vulnerabilities in Visale 1.0 and  ...)
	NOT-FOR-US: Visale
CVE-2006-1945 (Cross-site scripting (XSS) vulnerability in awstats.pl in AWStats 6.5  ...)
	{DSA-1075-1}
	- awstats 6.5-2 (bug #364443; medium)
	NOTE: this might be the same core issue as CVE-2005-2732
CVE-2006-1944 (Multiple cross-site scripting (XSS) vulnerabilities in SibSoft Communi ...)
	NOT-FOR-US: SibSoft CommuniMail
CVE-2006-1943 (Multiple cross-site scripting (XSS) vulnerabilities in Smarter Scripts ...)
	NOT-FOR-US: Smarter Scripts IntelliLink Pro
CVE-2006-1942 (Mozilla Firefox 1.5.0.2 and possibly other versions before 1.5.0.4, Ne ...)
	{DSA-1134-1 DSA-1120 DSA-1118}
	NOTE: MFSA-2006-39
	- firefox 1.5.dfsg+1.5.0.4-1 (low)
	- thunderbird <not-affected> (Windows-specific)
	- mozilla 2:1.7.13-0.3 (low)
	- xulrunner <not-affected> (Windows-specific)
CVE-2006-1941 (Neon Responder 5.4 for LANsurveyor allows remote attackers to cause a  ...)
	NOT-FOR-US: Neon Responder
CVE-2006-1940 (Unspecified vulnerability in Ethereal 0.10.4 up to 0.10.14 allows remo ...)
	{DSA-1049-1}
	- ethereal 0.99.0-1 (bug #364758; medium)
	[sarge] - ethereal 0.10.10-2sarge5 (bug #364758; medium)
	[woody] - ethereal 0.9.4-1woody15 (bug #364758; medium)
CVE-2006-1939 (Multiple unspecified vulnerabilities in Ethereal 0.9.x up to 0.10.14 a ...)
	{DSA-1049-1}
	- ethereal 0.99.0-1 (bug #364758; medium)
	[sarge] - ethereal 0.10.10-2sarge5 (bug #364758; medium)
	[woody] - ethereal 0.9.4-1woody15 (bug #364758; medium)
CVE-2006-1938 (Multiple unspecified vulnerabilities in Ethereal 0.8.x up to 0.10.14 a ...)
	{DSA-1049-1}
	- ethereal 0.99.0-1 (bug #364758; medium)
	[sarge] - ethereal 0.10.10-2sarge5 (bug #364758; medium)
	[woody] - ethereal 0.9.4-1woody15 (bug #364758; medium)
CVE-2006-1937 (Multiple unspecified vulnerabilities in Ethereal 0.10.x up to 0.10.14  ...)
	{DSA-1049-1}
	- ethereal 0.99.0-1 (bug #364758; medium)
	[sarge] - ethereal 0.10.10-2sarge5 (bug #364758; medium)
	[woody] - ethereal 0.9.4-1woody15 (bug #364758; medium)
CVE-2006-1936 (Buffer overflow in Ethereal 0.8.5 up to 0.10.14 allows remote attacker ...)
	{DSA-1049-1}
	- ethereal 0.99.0-1 (bug #364758; medium)
	[sarge] - ethereal 0.10.10-2sarge5 (bug #364758; medium)
	[woody] - ethereal 0.9.4-1woody15 (bug #364758; medium)
CVE-2006-1935 (Buffer overflow in Ethereal 0.9.15 up to 0.10.14 allows remote attacke ...)
	{DSA-1049-1}
	- ethereal 0.99.0-1 (bug #364758; medium)
	[sarge] - ethereal 0.10.10-2sarge5 (bug #364758; medium)
	[woody] - ethereal 0.9.4-1woody15 (bug #364758; medium)
CVE-2006-1934 (Multiple buffer overflows in Ethereal 0.10.x up to 0.10.14 allow remot ...)
	{DSA-1049-1}
	- ethereal 0.99.0-1 (bug #364758; medium)
	[sarge] - ethereal 0.10.10-2sarge5 (bug #364758; medium)
	[woody] - ethereal 0.9.4-1woody15 (bug #364758; medium)
CVE-2006-1933 (Multiple unspecified vulnerabilities in Ethereal 0.10.x up to 0.10.14  ...)
	{DSA-1049-1}
	- ethereal 0.99.0-1 (bug #364758; medium)
	[sarge] - ethereal 0.10.10-2sarge5 (bug #364758; medium)
	[woody] - ethereal 0.9.4-1woody15 (bug #364758; medium)
CVE-2006-1932 (Off-by-one error in the OID printing routine in Ethereal 0.10.x up to  ...)
	{DSA-1049-1}
	- ethereal 0.99.0-1 (bug #364758; medium)
	[sarge] - ethereal 0.10.10-2sarge5 (bug #364758; medium)
	[woody] - ethereal 0.9.4-1woody15 (bug #364758; medium)
CVE-2006-1931 (The HTTP/XMLRPC server in Ruby before 1.8.2 uses blocking sockets, whi ...)
	{DSA-1157}
	NOTE: the redhat bugzilla entry says this is fixed in 1.8.3
	- ruby1.8 1.8.3 (bug #365520)
CVE-2006-1930
	NOT-FOR-US: Green Minute
CVE-2006-1929 (PHP remote file inclusion vulnerability in include/common.php in I-Rat ...)
	NOT-FOR-US: I-Rater Platinum
CVE-2006-1928 (Cisco IOS XR, when configured for Multi Protocol Label Switching (MPLS ...)
	NOT-FOR-US: Cisco
CVE-2006-1927 (Cisco IOS XR, when configured for Multi Protocol Label Switching (MPLS ...)
	NOT-FOR-US: Cisco
CVE-2006-1926 (SQL injection vulnerability in showtopic.php in ThWboard 2.84 beta 3 a ...)
	NOT-FOR-US: ThWboard
CVE-2006-1925 (Directory traversal vulnerability in the editnews module (inc/editnews ...)
	NOT-FOR-US: CuteNews
CVE-2006-1924 (SQL injection vulnerability in functions/db_api.php in LinPHA 1.1.1 al ...)
	NOT-FOR-US: LinPHA
CVE-2006-1923 (Multiple cross-site scripting (XSS) vulnerabilities in LinPHA before 1 ...)
	NOT-FOR-US: LinPHA
CVE-2006-1922 (PHP remote file inclusion vulnerability in (1) about.php or (2) auth.p ...)
	NOT-FOR-US: TotalCalendar
CVE-2006-1921 (nettools.php in PHP Net Tools 2.7.1 allows remote attackers to execute ...)
	NOT-FOR-US: PHP Net Tools
CVE-2006-1920 (SQL injection vulnerability in index.php in PMTool 1.2.2 allows remote ...)
	NOT-FOR-US: PMTool
CVE-2006-1919 (PHP remote file inclusion vulnerability in index.php in Internet Photo ...)
	NOT-FOR-US: Internet Photoshow
CVE-2006-1918 (Multiple cross-site scripting (XSS) vulnerabilities in Papoo 2.1.5 all ...)
	NOT-FOR-US: Papoo
CVE-2006-1917 (SQL injection vulnerability in member.php in Blackorpheus ClanMemberSk ...)
	NOT-FOR-US: Blackorpheus ClanMemberSkript
CVE-2006-1916 (Multiple cross-site scripting (XSS) vulnerabilities in profile.php in  ...)
	NOT-FOR-US: DbbS
CVE-2006-1915 (SQL injection vulnerability in topics.php in DbbS 2.0-alpha and earlie ...)
	NOT-FOR-US: DbbS
CVE-2006-1914 (DbbS 2.0-alpha and earlier allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: DbbS
CVE-2006-1913 (Cross-site scripting (XSS) vulnerability in jax_guestbook.php in Jax G ...)
	NOT-FOR-US: Jax Guestbook
CVE-2006-1912 (MyBB (MyBulletinBoard) 1.1.0 does not set the constant KILL_GLOBAL var ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2006-1911 (Cross-site scripting (XSS) vulnerability in MyBB (MyBulletinBoard) 1.1 ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2006-1910 (config.php in S9Y Serendipity 1.0 beta 2 allows remote attackers to in ...)
	- serendipity 1.0-1
CVE-2006-1909 (Directory traversal vulnerability in index.php in Coppermine 1.4.4 all ...)
	NOT-FOR-US: Coppermine
CVE-2006-1908 (Cross-site scripting vulnerability in addevent.php in myEvent 1.x allo ...)
	NOT-FOR-US: myEvent
CVE-2006-1907 (Multiple SQL injection vulnerabilities in myEvent 1.x allow remote att ...)
	NOT-FOR-US: myEvent
CVE-2006-1906 (Cross-site scripting (XSS) vulnerability in index.php in jjgan852 phpL ...)
	NOT-FOR-US: phpLister
CVE-2006-1905 (Multiple format string vulnerabilities in xiTK (xitk/main.c) in xine 0 ...)
	- xine-ui 0.99.4-1 (bug #363370; unimportant)
	NOTE: This is a non-issue: An attacker would need to trick the user into opening
	NOTE: an MP3 file with a very obviously manipulated filename containing the shellcode
CVE-2006-1904 (Cross-site scripting (XSS) vulnerability in index.php in AnimeGenesis  ...)
	NOT-FOR-US: AnimeGenesis Gallery
CVE-2006-1903 (Multiple cross-site scripting (XSS) vulnerabilities in UserLand Manila ...)
	NOT-FOR-US: UserLand Manila
CVE-2006-1902 (fold_binary in fold-const.c in GNU Compiler Collection (gcc) 4.1 impro ...)
	- gcc-4.1 4.1.0-2 (bug #356896; unimportant)
	NOTE: Turned out to be a non-issue
CVE-2006-1901 (Mozilla Camino 1.0 and earlier allow remote attackers to cause a denia ...)
	NOT-FOR-US: Mozilla Camino
CVE-2006-1900 (Multiple buffer overflows in World Wide Web Consortium (W3C) Amaya 9.4 ...)
	- amaya 9.51-1 (bug #362575; medium)
CVE-2006-1899 (Multiple cross-site scripting (XSS) vulnerabilities in dev Neuron Blog ...)
	NOT-FOR-US: Neuron Blog
CVE-2006-1898 (Multiple cross-site scripting (XSS) vulnerabilities in Ralph Capper Ti ...)
	NOT-FOR-US: Tiny PHP Forum
CVE-2006-1897 (Webplus (aka talentsoft) Web+Shop 5.3.6, when Redirect URL for "Script ...)
	NOT-FOR-US: Webplus (aka talentsoft) Web+Shop
CVE-2006-1896 (Unspecified vulnerability in phpBB allows remote authenticated users w ...)
	{DSA-1066-1}
	- phpbb2 2.0.18-3 (bug #365533; medium)
CVE-2006-1895 (Direct static code injection vulnerability in includes/template.php in ...)
	- phpbb2 <not-affected> (bug #365535)
CVE-2006-1894 (Cross-site scripting (XSS) vulnerability in RevoBoard 1.8, as derived  ...)
	NOT-FOR-US: RevoBoard / PunBB
CVE-2006-1893 (Cross-site scripting (XSS) vulnerability in print.php in ar-blog 5.2 a ...)
	NOT-FOR-US: ar-blog
CVE-2006-1892 (avast! 4 Linux Home Edition 1.0.5 allows local users to modify permiss ...)
	NOT-FOR-US: avast! 4 Linux Home Edition
CVE-2006-1891 (Cross-site scripting (XSS) vulnerability in Martin Scheffler betaboard ...)
	NOT-FOR-US: betaboard
CVE-2006-1890 (Multiple PHP remote file inclusion vulnerabilities in myWebland myEven ...)
	NOT-FOR-US: myWebland
CVE-2006-1889 (Cross-site scripting (XSS) vulnerability in the search action handler  ...)
	NOT-FOR-US: Boardsolution
CVE-2006-1888 (phpGraphy 0.9.11 and earlier allows remote attackers to bypass authent ...)
	NOT-FOR-US: phpGraphy
CVE-2006-1887 (Unspecified vulnerability in Oracle JD Edwards EnterpriseOne Security  ...)
	NOT-FOR-US: Oracle JD Edwards EnterpriseOne
CVE-2006-1886 (Unspecified vulnerability in the PeopleTools component in Oracle Peopl ...)
	NOT-FOR-US: Oracle
CVE-2006-1885 (Multiple unspecified vulnerabilities in the Reporting Framework compon ...)
	NOT-FOR-US: Oracle
CVE-2006-1884 (Unspecified vulnerability in the Oracle Thesaurus Management System co ...)
	NOT-FOR-US: Oracle
CVE-2006-1883 (Unspecified vulnerability in the Oracle Application Object Library com ...)
	NOT-FOR-US: Oracle
CVE-2006-1882 (Multiple unspecified vulnerabilities in Oracle E-Business Suite and Ap ...)
	NOT-FOR-US: Oracle
CVE-2006-1881 (Unspecified vulnerability in the Financials for Asia/Pacific component ...)
	NOT-FOR-US: Oracle
CVE-2006-1880 (Multiple unspecified vulnerabilities in Oracle E-Business Suite and Ap ...)
	NOT-FOR-US: Oracle
CVE-2006-1879 (Multiple unspecified vulnerabilities in the Email Server component in  ...)
	NOT-FOR-US: Oracle
CVE-2006-1878 (Cross-site scripting (XSS) vulnerability in index.php in phpFaber TopS ...)
	NOT-FOR-US: phpFaber TopSites
CVE-2006-1877 (Unspecified vulnerability in Oracle Database Server 8.1.7.4, 9.0.1.5,  ...)
	NOT-FOR-US: Oracle
CVE-2006-1876 (Unspecified vulnerability in Oracle Database Server 9.2.0.7 and 10.1.0 ...)
	NOT-FOR-US: Oracle
CVE-2006-1875 (Unspecified vulnerability in Oracle Database Server 9.0.1.5, 9.2.0.7,  ...)
	NOT-FOR-US: Oracle
CVE-2006-1874 (Unspecified vulnerability in Oracle Database Server 8.1.7.4, 9.0.1.5,  ...)
	NOT-FOR-US: Oracle
CVE-2006-1873 (Unspecified vulnerability in Oracle Database Server 9.2.0.7, 10.1.0.4, ...)
	NOT-FOR-US: Oracle
CVE-2006-1872 (Unspecified vulnerability in Oracle Database Server 9.0.1.5 and 9.2.0. ...)
	NOT-FOR-US: Oracle
CVE-2006-1871 (SQL injection vulnerability in Oracle Database Server 9.2.0.7 and 10.1 ...)
	NOT-FOR-US: Oracle
CVE-2006-1870 (Unspecified vulnerability in Oracle Database Server 8.1.7.4, 9.0.1.5,  ...)
	NOT-FOR-US: Oracle
CVE-2006-1869 (Unspecified vulnerability in Oracle Database Server 8.1.7.4 and 9.0.1. ...)
	NOT-FOR-US: Oracle
CVE-2006-1868 (Buffer overflow in the Advanced Replication component in Oracle Databa ...)
	NOT-FOR-US: Oracle
CVE-2006-1867 (Unspecified vulnerability in Oracle Database Server 9.2.0.6 has unknow ...)
	NOT-FOR-US: Oracle
CVE-2006-1866 (Multiple unspecified vulnerabilities in Oracle Database Server 8.1.7.4 ...)
	NOT-FOR-US: Oracle
CVE-2006-1865 (Argument injection vulnerability in Beagle before 0.2.5 allows attacke ...)
	- beagle 0.2.6-2 (bug #365371; medium)
CVE-2006-1864 (Directory traversal vulnerability in smbfs in Linux 2.6.16 and earlier ...)
	{DSA-1103 DSA-1097-1}
	- linux-2.6 2.6.16-13
CVE-2006-1863 (Directory traversal vulnerability in CIFS in Linux 2.6.16 and earlier  ...)
	{DSA-1103}
	- linux-2.6 2.6.16-10
CVE-2006-1862 (The virtual memory implementation in Linux kernel 2.6.x allows local u ...)
	- linux-2.6 <not-affected> (seems to be RedHat-specific)
CVE-2006-1861 (Multiple integer overflows in FreeType before 2.2 allow remote attacke ...)
	{DSA-1095-1}
	- freetype 2.2.1-1
CVE-2006-1860 (lease_init in fs/locks.c in Linux kernel before 2.6.16.16 allows attac ...)
	- linux-2.6 2.6.16-14
CVE-2006-1859 (Memory leak in __setlease in fs/locks.c in Linux kernel before 2.6.16. ...)
	- linux-2.6 2.6.16-14
CVE-2006-1858 (SCTP in Linux kernel before 2.6.16.17 allows remote attackers to cause ...)
	{DSA-1103 DSA-1097-1}
	- linux-2.6 2.6.16-14
CVE-2006-1857 (Buffer overflow in SCTP in Linux kernel before 2.6.16.17 allows remote ...)
	{DSA-1103 DSA-1097-1}
	- linux-2.6 2.6.16-14
CVE-2006-1856 (Certain modifications to the Linux kernel 2.6.16 and earlier do not ad ...)
	{DSA-1184-2}
	- linux-2.6 2.6.16-12
CVE-2006-1855 (choose_new_parent in Linux kernel before 2.6.11.12 includes certain de ...)
	{DSA-1184-2}
	NOTE: probably fixed before, but this is the oldest linux-2.6 in the changelog
	- linux-2.6 2.6.12-1
CVE-2006-1854
	NOT-FOR-US: BluePay Manager
CVE-2006-1853 (Multiple SQL injection vulnerabilities in ModernBill 4.3.2 and earlier ...)
	NOT-FOR-US: ModernBill
CVE-2006-1852 (SQL injection vulnerability in category.php in Article Publisher Pro 1 ...)
	NOT-FOR-US: Article Publisher Pro
CVE-2006-1851 (xFlow 5.46.11 and earlier allows remote attackers to determine the ins ...)
	NOT-FOR-US: xFlow
CVE-2006-1850 (Multiple cross-site scripting (XSS) vulnerabilities in xFlow 5.46.11 a ...)
	NOT-FOR-US: xFlow
CVE-2006-1849 (Multiple SQL injection vulnerabilities in members_only/index.cgi in xF ...)
	NOT-FOR-US: xFlow
CVE-2006-1848 (Multiple cross-site scripting (XSS) vulnerabilities in stats_view.php  ...)
	NOT-FOR-US: LinPHA
CVE-2006-1847 (SQL injection vulnerability in the Your_Account module in PHP-Nuke 7.8 ...)
	NOT-FOR-US: PHP-Nuke
CVE-2006-1846 (Cross-site scripting (XSS) vulnerability in the Your_Account module in ...)
	NOT-FOR-US: PHP-Nuke
CVE-2006-1845
	REJECTED
CVE-2006-1844 (The Debian installer for the (1) shadow 4.0.14 and (2) base-config 2.5 ...)
	[sarge] - shadow 1:4.0.3-31sarge8
	[sarge] - base-config <not-affected>
	NOTE: The installer is fixed separately, but the postinst of the shadow update
	NOTE: corrects permissions of a faulty install
	NOTE: seems to be a duplicate of CVE-2006-1376
	- shadow 1:4.0.14-9 (bug #358210; bug #356939)
	- base-config 2.68 (bug #254068; low)
CVE-2006-1843 (Cross-site scripting (XSS) vulnerability in global.php in ShoutBOOK 1. ...)
	NOT-FOR-US: ShoutBOOK
CVE-2006-1842 (Cross-site scripting (XSS) vulnerability in global.php in ShoutBOOK 1. ...)
	NOT-FOR-US: ShoutBOOK
CVE-2006-1841 (Cross-site scripting (XSS) vulnerability in search.php in boastMachine ...)
	NOT-FOR-US: boastMachine
CVE-2006-1840 (Multiple format string vulnerabilities in Empire Server before 4.3.1 a ...)
	NOT-FOR-US: Wolfpack Empire Server (vms-empire in Debian is a different game)
CVE-2006-1839 (PHP remote file inclusion vulnerability in language.php in PHP Album 0 ...)
	NOT-FOR-US: PHP Album
CVE-2006-1838 (edit_kategorie.php in Fuju News 1.0 allows remote attackers to bypass  ...)
	NOT-FOR-US: Fuju News
CVE-2006-1837 (SQL injection vulnerability in archiv2.php in Fuju News 1.0 allows rem ...)
	NOT-FOR-US: Fuju News
CVE-2006-1836 (Untrusted search path vulnerability in unspecified components in Syman ...)
	NOT-FOR-US: Symantec LiveUpdate
CVE-2006-1835 (Cross-site scripting (XSS) vulnerability in yearcal.php in Calendarix  ...)
	NOT-FOR-US: Calendarix
CVE-2006-1834 (Integer signedness error in Opera before 8.54 allows remote attackers  ...)
	NOT-FOR-US: Opera
CVE-2006-1833 (Intel RNG Driver in NetBSD 1.6 through 3.0 may incorrectly detect the  ...)
	NOT-FOR-US: NetBSD
CVE-2006-1832 (sysinfo.cgi in sysinfo 1.21 allows remote attackers to obtain the inst ...)
	NOT-FOR-US: sysinfo
CVE-2006-1831 (Direct static code injection vulnerability in sysinfo.cgi in sysinfo 1 ...)
	NOT-FOR-US: sysinfo
CVE-2006-1830 (Sun Java Studio Enterprise 8, when installed as root, creates certain  ...)
	NOT-FOR-US: Sun Java Studio Enterprise
CVE-2006-1829 (EAServer Manager in Sybase EAServer 5.2 and 5.3 allows remote authenti ...)
	NOT-FOR-US: EAServer Manager in Sybase EAServer
CVE-2006-1828 (SQL injection vulnerability in php121language.php in PHP121 1.4 allows ...)
	NOT-FOR-US: PHP121
CVE-2006-1827 (Integer signedness error in format_jpeg.c in Asterisk 1.2.6 and earlie ...)
	{DSA-1048-1}
	- asterisk 1:1.2.7.1.dfsg-1 (bug #364195; medium)
	[sarge] - asterisk 1:1.0.7.dfsg.1-2sarge2 (bug #364195; medium)
	[woody] - asterisk 0.1.11-3woody1 (bug #364195; medium)
CVE-2006-1826 (Multiple cross-site scripting (XSS) vulnerabilities in Snipe Gallery 3 ...)
	NOT-FOR-US: Snipe Gallery
CVE-2006-1825 (Cross-site scripting (XSS) vulnerability in index.php in phpLinks 2.1. ...)
	NOT-FOR-US: phpLinks
CVE-2006-1824 (Multiple cross-site scripting (XSS) vulnerabilities in PhpGuestbook.ph ...)
	NOT-FOR-US: PhpGuestbook
CVE-2006-1823 (Directory traversal vulnerability in FarsiNews 2.5.3 Pro and earlier a ...)
	NOT-FOR-US: FarsiNews
CVE-2006-1822 (Cross-site scripting (XSS) vulnerability in search.php in FarsiNews 2. ...)
	NOT-FOR-US: FarsiNews
CVE-2006-1821 (Directory traversal vulnerability in index.php in ModX 0.9.1 allows re ...)
	NOT-FOR-US: ModX CMS
CVE-2006-1820 (Cross-site scripting (XSS) vulnerability in index.php in ModX 0.9.1 al ...)
	NOT-FOR-US: ModX CMS
CVE-2006-1819 (Directory traversal vulnerability in the loadConfig function in index. ...)
	NOT-FOR-US: phpWebSite
CVE-2006-1818 (Multiple cross-site scripting (XSS) vulnerabilities in warforge.NEWS 1 ...)
	NOT-FOR-US: warforge.NEWS
CVE-2006-1817 (SQL injection vulnerability in authcheck.php in warforge.NEWS 1.0, wit ...)
	NOT-FOR-US: warforge.NEWS
CVE-2006-1816 (PHP remote file inclusion vulnerability in VBulletin 3.5.1, 3.5.2, and ...)
	NOT-FOR-US: VBulletin
CVE-2006-1815 (Multiple cross-site scripting (XSS) vulnerabilities in register.php in ...)
	NOT-FOR-US: Tritanium Bulletin Board
CVE-2006-1814 (NetBSD 1.6, 2.0, 2.1 and 3.0 allows local users to cause a denial of s ...)
	NOT-FOR-US: NetBSD kernel
CVE-2006-1813 (Directory traversal vulnerability in index.php in phpWebFTP 3.2 and ea ...)
	NOT-FOR-US: phpWebFTP
CVE-2006-1812 (phpWebFTP 3.2 and earlier stores script.js under the web document root ...)
	NOT-FOR-US: phpWebFTP
CVE-2006-1811 (Multiple SQL injection vulnerabilities in FlexBB 0.5.5 BETA allow remo ...)
	NOT-FOR-US: FlexBB
CVE-2006-1810 (Multiple cross-site scripting (XSS) vulnerabilities in FlexBB 0.5.5 BE ...)
	NOT-FOR-US: FlexBB
CVE-2006-1809 (index.php in Lifetype 1.0.3 allows remote attackers to obtain sensitiv ...)
	NOT-FOR-US: Lifetype
CVE-2006-1808 (Cross-site scripting (XSS) vulnerability in index.php in Lifetype 1.0. ...)
	NOT-FOR-US: Lifetype
CVE-2006-1807 (Multiple SQL injection vulnerabilities in index.php in Musicbox 2.3.3  ...)
	NOT-FOR-US: Musicbox
CVE-2006-1806 (Cross-site scripting (XSS) vulnerability in index.php in Musicbox 2.3. ...)
	NOT-FOR-US: Musicbox
CVE-2006-1805 (SQL injection vulnerability in member.php in PowerClan 1.14 allows rem ...)
	NOT-FOR-US: PowerClan
CVE-2006-1804 (SQL injection vulnerability in sql.php in phpMyAdmin 2.7.0-pl1 allows  ...)
	- phpmyadmin 4:2.8.1-1 (bug #363519; low)
	[sarge] - phpmyadmin <not-affected>
	NOTE: https://www.phpmyadmin.net/security/PMASA-2006-3/
	NOTE: The first linked commit is the official commit from PMASA
	NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/fde2f613ad402e442a3b54d628ad85444faaeabe
	NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/0bf717892f9207c6161dc7800eb63e940478ec47
CVE-2006-1803 (Cross-site scripting (XSS) vulnerability in sql.php in phpMyAdmin 2.7. ...)
	- phpmyadmin 4:2.8.1-1 (bug #363519; low)
	[sarge] - phpmyadmin <not-affected> (CSRF code not present in Sarge, too intrusive to backport)
	NOTE: maintainer considers this not-affected.
CVE-2006-1802 (Cross-site scripting (XSS) vulnerability in index.php in TinyWebGaller ...)
	NOT-FOR-US: TinyWebGallery
CVE-2006-1801 (Cross-site scripting (XSS) vulnerability in planetsearchplus.php in pl ...)
	NOT-FOR-US: planetSearch+
CVE-2006-1800 (Directory traversal vulnerability in posts.php in SimpleBBS 1.0.6 thro ...)
	NOT-FOR-US: SimpleBBS
CVE-2006-1799 (censtore.cgi in Censtore 7.3.002 and earlier allows remote attackers t ...)
	NOT-FOR-US: Censtore
CVE-2006-1798 (SQL injection vulnerability in rateit.php in RateIt 2.2 allows remote  ...)
	NOT-FOR-US: RateIt
CVE-2006-1797 (The kernel in NetBSD-current before September 28, 2005 allows local us ...)
	NOT-FOR-US: NetBSD kernel
CVE-2006-1796 (Cross-site scripting (XSS) vulnerability in the paging links functiona ...)
	- wordpress 2.0.1 (bug #328909)
CVE-2006-1795 (Cross-site scripting (XSS) vulnerability in tablepublisher.cgi in UPDI ...)
	NOT-FOR-US: UPDI Network Enterprise
CVE-2006-1794 (SQL injection vulnerability in Mambo 4.5.3, 4.5.3h, and possibly earli ...)
	NOTE: only in experimental
	- mambo 4.5.3h-1 (bug #354468)
CVE-2006-1793 (Directory traversal vulnerability in runCMS 1.2 and earlier allows rem ...)
	NOT-FOR-US: runCMS
CVE-2006-1792 (Unspecified vulnerability in the POP service in MailEnable Standard Ed ...)
	NOT-FOR-US: MailEnable
CVE-2006-1791 (Directory traversal vulnerability in acc.php in QuickBlogger 1.4 allow ...)
	NOT-FOR-US: QuickBlogger
CVE-2006-1790 (A regression fix in Mozilla Firefox 1.0.7 allows remote attackers to c ...)
	{DSA-1051-1 DSA-1046-1}
	- firefox 1.5
	- mozilla-firefox <not-affected> (problematic fix not backported into 1.0.4-2sarge5)
	[sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8
	- thunderbird 1.5.0.2-1
	- mozilla 2:1.7.13-0.1
CVE-2006-1789 (Directory traversal vulnerability in pajax_call_dispatcher.php in PAJA ...)
	NOT-FOR-US: pajax
CVE-2006-1788 (Adobe Document Server for Reader Extensions 6.0, during log on, provid ...)
	NOT-FOR-US: Adobe
CVE-2006-1787 (Adobe Document Server for Reader Extensions 6.0 includes a user's sess ...)
	NOT-FOR-US: Adobe
CVE-2006-1786 (Cross-site scripting (XSS) vulnerability in Adobe Document Server for  ...)
	NOT-FOR-US: Adobe
CVE-2006-1785 (Adobe Document Server for Reader Extensions 6.0 allows remote authenti ...)
	NOT-FOR-US: Adobe
CVE-2006-1784 (PHP remote file inclusion vulnerability in admin/configset.php in Sphi ...)
	NOT-FOR-US: Sphider
CVE-2006-1783 (Cross-site scripting (XSS) vulnerability in PatroNet CMS allows remote ...)
	NOT-FOR-US: PatroNet CMS
CVE-2006-1782 (Unspecified vulnerability in Solaris 8 and 9 allows local users to obt ...)
	NOT-FOR-US: Sun Solaris
CVE-2006-1781 (PHP remote file inclusion vulnerability in functions.php in Circle R M ...)
	NOT-FOR-US: Circle R Monster Top List
CVE-2006-1780 (The Bourne shell (sh) in Solaris 8, 9, and 10 allows local users to ca ...)
	NOT-FOR-US: Sun Solaris
CVE-2006-1779 (Cross-site scripting (XSS) vulnerability in login.php in Jeremy Ashcra ...)
	NOT-FOR-US: Simplog
CVE-2006-1778 (Multiple SQL injection vulnerabilities in Jeremy Ashcraft Simplog 0.9. ...)
	NOT-FOR-US: Simplog
CVE-2006-1777 (Directory traversal vulnerability in doc/index.php in Jeremy Ashcraft  ...)
	NOT-FOR-US: Simplog
CVE-2006-1776 (PHP remote file inclusion vulnerability in doc/index.php in Jeremy Ash ...)
	NOT-FOR-US: Simplog
CVE-2006-1775 (Multiple cross-site scripting (XSS) vulnerabilities in phpBB 2.0.19 al ...)
	- phpbb2 <unfixed> (unimportant)
	NOTE: Only exploitable by authenticated admin users
CVE-2006-1774 (HP System Management Homepage (SMH) 2.1.3.132, when running on CompaqH ...)
	NOT-FOR-US: HP System Management Homepage
CVE-2006-1773 (SQL injection vulnerability in include.php in PHPKIT 1.6.1 Release 2 a ...)
	NOT-FOR-US: PHPKIT
CVE-2006-1772 (debconf in Debian GNU/Linux, when configuring mnogosearch in the mnogo ...)
	- mnogosearch 3.2.37-3.1 (bug #361775)
	[sarge] - mnogosearch <no-dsa> (Minor issue)
CVE-2006-1771 (Directory traversal vulnerability in misc in pbcs.dll in SAXoTECH SAXo ...)
	NOT-FOR-US: SAXoPRESS
CVE-2006-1770 (Multiple PHP remote file inclusion vulnerabilities in Azerbaijan Desig ...)
	NOT-FOR-US: AzDGVote
CVE-2006-1769 (Multiple cross-site scripting (XSS) vulnerabilities in UserLand Manila ...)
	NOT-FOR-US: UserLand Manila
CVE-2006-1768 (Multiple cross-site scripting (XSS) vulnerabilities in register.php in ...)
	NOT-FOR-US: Tritanium Bulletin Board
CVE-2006-1767 (Multiple PHP remote file inclusion vulnerabilities in nicecoder.com IN ...)
	NOT-FOR-US: INDEXU
CVE-2006-1766 (Multiple SQL injection vulnerabilities in Papoo 2.1.5, and 3 beta1 and ...)
	NOT-FOR-US: Papoo
CVE-2006-1765 (Cross-site scripting (XSS) vulnerability in index.php in JBook 1.3 all ...)
	NOT-FOR-US: JBook
CVE-2006-1764 (Hosting Controller 6.1 stores forum/db/forum.mdb under the web documen ...)
	NOT-FOR-US: Hosting Controller
CVE-2006-1763 (Multiple SQL injection vulnerabilities in index.php in blur6ex 0.3.452 ...)
	NOT-FOR-US: blur6ex
CVE-2006-1762 (Directory traversal vulnerability in index.php in blur6ex 0.3.452 allo ...)
	NOT-FOR-US: blur6ex
CVE-2006-1761 (Cross-site scripting vulnerability in index.php in blur6ex 0.3.452 all ...)
	NOT-FOR-US: blur6ex
CVE-2006-1760 (Multiple cross-site scripting (XSS) vulnerabilities in JetPhoto allow  ...)
	NOT-FOR-US: JetPhoto
CVE-2006-1759 (Cross-site scripting (XSS) vulnerability in allgemein_transfer.php in  ...)
	NOT-FOR-US: SWSoft Confixx
CVE-2006-1758 (SQL injection vulnerability in index.php in Vegadns 0.99 allows remote ...)
	NOT-FOR-US: Vegadns
CVE-2006-1757 (Cross-site scripting (XSS) vulnerability in index.php in Vegadns 0.99  ...)
	NOT-FOR-US: Vegadns
CVE-2006-1756 (MD News 1 allows remote attackers to bypass authentication via a direc ...)
	NOT-FOR-US: MD News 1
CVE-2006-1755 (SQL injection vulnerability in admin.php in MD News 1 allows remote at ...)
	NOT-FOR-US: MD News 1
CVE-2006-1754 (SQL injection vulnerability in index.php in SWSoft Confixx 3.0.6, 3.0. ...)
	NOT-FOR-US: SWSoft Confixx
CVE-2006-1753 (A cron job in fcheck before 2.7.59 allows local users to overwrite arb ...)
	{DSA-1035-1}
	- fcheck 2.7.59-8
CVE-2006-1752 (Multiple cross-site scripting (XSS) vulnerabilities in the backend in  ...)
	NOT-FOR-US: MvBlog
CVE-2006-1751 (Multiple SQL injection vulnerabilities in MvBlog before 1.6 allow remo ...)
	NOT-FOR-US: MvBlog
CVE-2006-1750 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in Au ...)
	NOT-FOR-US: Autogallery
CVE-2006-1749 (PHP remote file inclusion vulnerability in config.php in phpListPro 2. ...)
	NOT-FOR-US: phpListPro
CVE-2006-1748 (Cross-site scripting (XSS) vulnerability in XMB Forum 1.9.5 allows rem ...)
	NOT-FOR-US: XMB Forum
CVE-2006-1747 (PHP remote file inclusion vulnerability in Virtual War (VWar) 1.5.0 al ...)
	NOT-FOR-US: Virtual War
CVE-2006-1746 (Directory traversal vulnerability in PHPList 2.10.2 and earlier allows ...)
	- phplist <itp> (bug #612288)
CVE-2006-1745 (Cross-site scripting (XSS) vulnerability in login.php in Bitweaver 1.3 ...)
	NOT-FOR-US: Bitweaver
CVE-2006-1743 (Multiple SQL injection vulnerabilities in form.php in JBook 1.4 allow  ...)
	NOT-FOR-US: JBook
CVE-2006-1742 (The JavaScript engine in Mozilla Firefox and Thunderbird 1.x before 1. ...)
	{DSA-1051-1 DSA-1046-1 DSA-1044-1}
	- firefox 1.5.dfsg+1.5.0.2-2 (medium)
	- mozilla-firefox 1.5.dfsg+1.5.0.2-2 (medium)
	- mozilla 2:1.7.13-0.1 (medium)
	- thunderbird 1.5.0.2-1 (low)
	[sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8 (low)
	- xulrunner 1.8.0.1-9
	NOTE: The Mozilla Foundation labels this as "critical", but it's not
	NOTE: clear if this bug is exploitable.
CVE-2006-1741 (Mozilla Firefox 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite b ...)
	{DSA-1051-1 DSA-1046-1 DSA-1044-1}
	- firefox 1.5.dfsg+1.5.0.2-2 (medium)
	- mozilla-firefox 1.5.dfsg+1.5.0.2-2 (medium)
	- mozilla 2:1.7.13-0.1 (medium)
	- thunderbird 1.5.0.2-1 (low)
	[sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8 (low)
CVE-2006-1740 (Mozilla Firefox 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite b ...)
	{DSA-1051-1 DSA-1046-1 DSA-1044-1}
	- firefox 1.5.dfsg+1.5.0.2-2 (low)
	- mozilla-firefox 1.5.dfsg+1.5.0.2-2 (low)
	- mozilla 2:1.7.13-0.1 (low)
	- thunderbird 1.5.0.2-1 (low)
	[sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8 (low)
CVE-2006-1739 (The CSS border-rendering code in Mozilla Firefox and Thunderbird 1.x b ...)
	{DSA-1051-1 DSA-1046-1 DSA-1044-1}
	- firefox 1.5.dfsg+1.5.0.2-2 (medium)
	- mozilla-firefox 1.5.dfsg+1.5.0.2-2 (medium)
	- mozilla 2:1.7.13-0.1 (medium)
	- thunderbird 1.5.0.2-1 (low)
	[sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8 (low)
CVE-2006-1738 (Unspecified vulnerability in Mozilla Firefox and Thunderbird 1.x befor ...)
	{DSA-1051-1 DSA-1046-1 DSA-1044-1}
	- firefox 1.5.dfsg+1.5.0.2-2 (medium)
	- mozilla-firefox 1.5.dfsg+1.5.0.2-2 (medium)
	- mozilla 2:1.7.13-0.1 (medium)
	- thunderbird 1.5.0.2-1 (low)
	[sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8 (low)
CVE-2006-1737 (Integer overflow in Mozilla Firefox and Thunderbird 1.x before 1.5 and ...)
	{DSA-1051-1 DSA-1046-1 DSA-1044-1}
	- firefox 1.5.dfsg+1.5.0.2-2 (medium)
	- mozilla-firefox 1.5.dfsg+1.5.0.2-2 (medium)
	- mozilla 2:1.7.13-0.1 (medium)
	- thunderbird 1.5.0.2-1 (low)
	[sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8 (low)
CVE-2006-1736 (Mozilla Firefox 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite b ...)
	{DSA-1051-1 DSA-1046-1 DSA-1044-1}
	- firefox 1.5.dfsg+1.5.0.2-2 (low)
	- mozilla-firefox 1.5.dfsg+1.5.0.2-2 (low)
	- mozilla 2:1.7.13-0.1 (low)
	[sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8
CVE-2006-1735 (Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, ...)
	{DSA-1051-1 DSA-1046-1 DSA-1044-1}
	- firefox 1.5.dfsg+1.5.0.2-2 (high)
	- mozilla-firefox 1.5.dfsg+1.5.0.2-2 (high)
	- mozilla 2:1.7.13-0.1 (high)
	- thunderbird 1.5.0.2-1 (medium)
	[sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8 (medium)
CVE-2006-1734 (Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, ...)
	{DSA-1051-1 DSA-1046-1 DSA-1044-1}
	- firefox 1.5.dfsg+1.5.0.2-2 (high)
	- mozilla-firefox 1.5.dfsg+1.5.0.2-2 (high)
	- mozilla 2:1.7.13-0.1 (high)
	- thunderbird 1.5.0.2-1 (medium)
	[sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8 (medium)
CVE-2006-1733 (Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, ...)
	{DSA-1051-1 DSA-1046-1 DSA-1044-1}
	- firefox 1.5.dfsg+1.5.0.2-2 (high)
	- mozilla-firefox 1.5.dfsg+1.5.0.2-2 (high)
	- mozilla 2:1.7.13-0.1 (high)
	- thunderbird 1.5.0.2-1 (medium)
	[sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8 (medium)
CVE-2006-1732 (Unspecified vulnerability in Mozilla Firefox and Thunderbird 1.x befor ...)
	{DSA-1051-1 DSA-1046-1 DSA-1044-1}
	- firefox 1.5.dfsg+1.5.0.2-2 (medium)
	- mozilla-firefox 1.5.dfsg+1.5.0.2-2 (medium)
	- mozilla 2:1.7.13-0.1 (medium)
	- thunderbird 1.5.0.2-1 (low)
	[sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8 (low)
	- xulrunner 1.8.0.1-9
CVE-2006-1731 (Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, ...)
	{DSA-1051-1 DSA-1046-1 DSA-1044-1}
	- firefox 1.5.dfsg+1.5.0.2-2 (medium)
	- mozilla-firefox 1.5.dfsg+1.5.0.2-2 (medium)
	- mozilla 2:1.7.13-0.1 (medium)
	- thunderbird 1.5.0.2-1 (low)
	[sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8 (low)
CVE-2006-1730 (Integer overflow in Mozilla Firefox and Thunderbird 1.x before 1.5.0.2 ...)
	{DSA-1051-1 DSA-1046-1 DSA-1044-1}
	- firefox 1.5.dfsg+1.5.0.2-1 (high)
	- mozilla-firefox 1.5.dfsg+1.5.0.2-1 (high)
	- mozilla 2:1.7.13-0.1 (high)
	- thunderbird 1.5.0.2-1 (medium)
	[sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8 (medium)
	NOTE: MFSA2006-22 says that it is not clear whether Thunderbird is
	NOTE: exploitable in the default configuration.
	- xulrunner 1.8.0.1-9
CVE-2006-1729 (Mozilla Firefox 1.x before 1.5.0.2 and 1.0.x before 1.0.8, Mozilla Sui ...)
	{DSA-1134-1 DSA-1051-1 DSA-1046-1 DSA-1044-1}
	- firefox 1.5.dfsg+1.5.0.2-1 (medium)
	- mozilla-firefox 1.5.dfsg+1.5.0.2-1 (medium)
	- mozilla 2:1.7.13-0.1 (medium)
	[sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8 (medium)
	- xulrunner 1.8.0.1-9
	NOTE: Can likely be used to steal OpenSSH keys and the like.
CVE-2006-1728 (Unspecified vulnerability in Mozilla Firefox and Thunderbird 1.x befor ...)
	{DSA-1051-1 DSA-1046-1 DSA-1044-1}
	- firefox 1.5.dfsg+1.5.0.2-1 (high)
	- mozilla-firefox 1.5.dfsg+1.5.0.2-1 (high)
	- mozilla <removed> (high)
	- thunderbird 1.5.0.2-1 (medium)
	[sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8 (medium)
	- xulrunner 1.8.0.1-9
CVE-2006-1727 (Unspecified vulnerability in Mozilla Firefox and Thunderbird 1.x befor ...)
	{DSA-1051-1 DSA-1046-1 DSA-1044-1}
	- firefox 1.5.dfsg+1.5.0.2-1 (medium)
	- mozilla-firefox 1.5.dfsg+1.5.0.2-1 (medium)
	- mozilla 2:1.7.13-0.1 (medium)
	- thunderbird 1.5.0.2-1 (medium)
	[sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8 (medium)
	- xulrunner 1.8.0.1-9
	NOTE: If print preview (and this bug) can be triggered from JavaScript,
	NOTE: the urgency should probably be raised.
CVE-2006-1726 (Unspecified vulnerability in Firefox and Thunderbird 1.5 before 1.5.0. ...)
	- firefox 1.5.dfsg+1.5.0.2-1 (high)
	- thunderbird 1.5.0.2-1 (medium)
	- xulrunner 1.8.0.1-9
	NOTE: New bug in Firefox 1.5.
CVE-2006-1725 (Mozilla Firefox 1.5 before 1.5.0.2 and SeaMonkey before 1.0.1 causes c ...)
	- firefox 1.5.dfsg+1.5.0.2-1 (low)
	- xulrunner 1.8.0.1-9
	NOTE: New bug in Firefox 1.5.
CVE-2006-1724 (Unspecified vulnerability in Firefox and Thunderbird before 1.5.0.2, 1 ...)
	{DSA-1051-1 DSA-1046-1 DSA-1044-1}
	- firefox 1.5.dfsg+1.5.0.2-1 (medium)
	- mozilla <removed> (medium)
	- thunderbird 1.5.0.2-1 (low)
	[sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8 (low)
	- xulrunner 1.8.0.1-9
	NOTE: MFSA2006-20 says exploitability has not been confirmed.
	NOTE: Thunderbird is potentially affected as well, but not in the
	NOTE: default configuration.
CVE-2006-1723 (Unspecified vulnerability in Firefox and Thunderbird before 1.5.0.2, a ...)
	{DSA-1051-1 DSA-1046-1}
	- firefox 1.5.dfsg+1.5.0.2 (medium)
	[sarge] - mozilla-firefox <no-dsa> (Mozilla products from Sarge no longer supported)
	- mozilla <removed> (medium)
	- thunderbird 1.5.0.2-1 (low)
	- xulrunner 1.8.0.1-9
	NOTE: This is probably: https://bugzilla.mozilla.org/show_bug.cgi?id=320459
CVE-2006-1722 (Cross-site scripting (XSS) vulnerability in suche.htm in ShopXS 4.0 al ...)
	NOT-FOR-US: ShopXS
CVE-2006-1721 (digestmd5.c in the CMU Cyrus Simple Authentication and Security Layer  ...)
	{DSA-1042-1}
	- cyrus-sasl2 2.1.19.dfsg1-0.2 (bug #361937; low)
	- cyrus-sasl2-mit <not-affected> (does not install digest-md5)
CVE-2006-1720 (Cross-site scripting (XSS) vulnerability in search.php in SaphpLesson  ...)
	NOT-FOR-US: SaphpLesson
CVE-2006-1719 (Internet Explorer 6 allows remote attackers to cause a denial of servi ...)
	NOT-FOR-US: Internet Explorer
CVE-2006-1718 (Magus Perde Clever Copy 3.0 and earlier stores sensitive information u ...)
	NOT-FOR-US: Clever Copy
CVE-2006-1717 (Cross-site scripting (XSS) vulnerability in newthread.php in MyBB (aka ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2006-1716 (Cross-site scripting (XSS) vulnerability in inc/functions_post.php in  ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2006-1715 (Multiple directory traversal vulnerabilities in Christian Kindahl TUGZ ...)
	NOT-FOR-US: TUGZip
CVE-2006-1714 (CRLF injection vulnerability in index.php in Christoph Roeder phpMyFor ...)
	NOT-FOR-US: phpMyForum
CVE-2006-1713 (Cross-site scripting (XSS) vulnerability in index.php in Christoph Roe ...)
	NOT-FOR-US: phpMyForum
CVE-2006-1710 (SQL injection vulnerability in admin.php in Design Nation DNGuestbook  ...)
	NOT-FOR-US: DNGuestbook
CVE-2006-1744 (Buffer overflow in pl_main.c in sail in BSDgames before 2.17-7 allows  ...)
	{DSA-1036-1}
	- bsdgames 2.17-7 (bug #360989)
CVE-2006-1712 (Cross-site scripting (XSS) vulnerability in the private archive script ...)
	- mailman 0:2.1.7-2.1.8rc1-1
	[sarge] - mailman <not-affected> (Only affects Mailman 2.1.7)
CVE-2006-1711 (Plone 2.0.5, 2.1.2, and 2.5-beta1 does not restrict access to the (1)  ...)
	{DSA-1032-1}
	- zope-cmfplone 2.1.2-2
CVE-2006-1709 (Cross-site scripting (XSS) vulnerability in shop_main.cgi in interakti ...)
	NOT-FOR-US: interaktiv.shop
CVE-2006-1708 (SQL injection vulnerability in member.php in Clansys 1.1 allows remote ...)
	NOT-FOR-US: Clansys
CVE-2006-1707 (index.php in Shopweezle 2.0 allows remote attackers to include arbitra ...)
	NOT-FOR-US: Shopweezle
CVE-2006-1706 (Multiple SQL injection vulnerabilities in Shopweezle 2.0 allow remote  ...)
	NOT-FOR-US: Shopweezle
CVE-2006-1705 (Oracle Database 9.2.0.0 to 10.2.0.3 allows local users with "SELECT" p ...)
	NOT-FOR-US: Oracle
CVE-2006-1704 (Sire 2.0 nws allows remote attackers to upload arbitrary image files w ...)
	NOT-FOR-US: Sire 2.0 nws
CVE-2006-1703 (PHP remote file inclusion vulnerability in lire.php in Sire 2.0 nws al ...)
	NOT-FOR-US: Sire 2.0 nws
CVE-2006-1702 (PHP remote file inclusion vulnerability in spip_login.php3 in SPIP 1.8 ...)
	- spip 2.0.6-1
CVE-2006-1701 (Cross-site scripting (XSS) vulnerability in the Pages module in Shadow ...)
	NOT-FOR-US: Shadowed Portal
CVE-2006-1700 (Buy.php in Aweb Scripts Seller uses predictable cookies for authentica ...)
	NOT-FOR-US: Aweb Scripts Seller
CVE-2006-1699 (Cross-site scripting (XSS) vulnerability in index.php in Aweb Banner G ...)
	NOT-FOR-US: Aweb Banner
CVE-2006-1698 (Cross-site scripting (XSS) vulnerability in Matt Wright Guestbook 2.3. ...)
	NOT-FOR-US: Matt Wright Guestbook
CVE-2006-1697 (Cross-site scripting (XSS) vulnerability in Matt Wright Guestbook 2.3. ...)
	NOT-FOR-US: Matt Wright Guestbook
CVE-2006-1696 (Cross-site scripting (XSS) vulnerability in Gallery before 1.5.3 allow ...)
	- gallery 1.5.3-1 (bug #361758)
CVE-2006-1695 (The fbgs script in the fbi package 2.01-1.4, when the TMPDIR environme ...)
	{DSA-1068-1}
	- fbi 2.05-1 (bug #361370)
CVE-2006-1694 (SQL injection vulnerability in members.php in XBrite Members 1.1 and e ...)
	NOT-FOR-US: XBrite Members
CVE-2006-1693 (Unspecified vulnerability in GlobalSCAPE Secure FTP Server before 3.1. ...)
	NOT-FOR-US: GlobalSCAPE Secure FTP Server
CVE-2006-1692 (Multiple SQL injection vulnerabilities in MWNewsletter 1.0.0b allow re ...)
	NOT-FOR-US: MWNewsletter
CVE-2006-1691 (SQL injection vulnerability in MWNewsletter 1.0.0b allows remote attac ...)
	NOT-FOR-US: MWNewsletter
CVE-2006-1690 (Cross-site scripting (XSS) vulnerability in subscribe.php in MWNewslet ...)
	NOT-FOR-US: MWNewsletter
CVE-2006-1689 (Unspecified vulnerability in su in HP HP-UX B.11.11, when using the LD ...)
	NOT-FOR-US: HP-UX
CVE-2006-1688 (Multiple PHP remote file inclusion vulnerabilities in SQuery 4.5 and e ...)
	NOT-FOR-US: SQuery / Autonomous LAN party
CVE-2006-1687 (Cross-site scripting (XSS) vulnerability in APT-webshop-system 4.0 PRO ...)
	NOT-FOR-US: APT-webshop-system
CVE-2006-1686 (Unspecified vulnerability in modules.php in APT-webshop-system 4.0 PRO ...)
	NOT-FOR-US: APT-webshop-system
CVE-2006-1685 (Multiple SQL injection vulnerabilities in modules.php in APT-webshop-s ...)
	NOT-FOR-US: APT-webshop-system
CVE-2006-1684 (Unspecified vulnerability in ecotwo Shopsystem 1.0-192 and earlier all ...)
	NOT-FOR-US: ecotwo Shopsystem
CVE-2006-1683 (SQL injection vulnerability in admin/login.php in Chipmunk Guestbook a ...)
	NOT-FOR-US: Chipmunk Guestbook
CVE-2006-1682 (Cross-site scripting (XSS) vulnerability in webplus.exe in TalentSoft  ...)
	NOT-FOR-US: TalentSoft Web+Shop
CVE-2006-1681 (Cross-site scripting (XSS) vulnerability in Cherokee HTTPD 0.5 and ear ...)
	- cherokee 0.5.1-1
CVE-2006-1680 (Jupiter CMS 1.1.5, when display_errors is enabled, allows remote attac ...)
	NOT-FOR-US: Jupiter CMS
CVE-2006-1679 (Cross-site scripting (XSS) vulnerability in modules/online.php in Jupi ...)
	NOT-FOR-US: Jupiter CMS
CVE-2006-1678 (Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin befo ...)
	{DSA-1207-1}
	- phpmyadmin 4:2.8.0.3-1 (bug #362567)
	NOTE: https://www.phpmyadmin.net/security/PMASA-2006-1/
	NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/0933619b6b2534b221817ea3f631cb984c258d6b
CVE-2006-1677 (MAXdev MDPro 1.0.73 and 1.0.72, and possibly other versions before 1.0 ...)
	NOT-FOR-US: MAXdev MD-Pro
CVE-2006-1676 (SQL injection vulnerability in the display function in the Topics modu ...)
	NOT-FOR-US: MAXdev MD-Pro
CVE-2006-1675 (Multiple cross-site scripting (XSS) vulnerabilities in PHPWebGallery 1 ...)
	NOT-FOR-US: PHPWebGallery
CVE-2006-1674 (Cross-site scripting (XSS) vulnerability in search.php in PHPWebGaller ...)
	NOT-FOR-US: PHPWebGallery
CVE-2006-1673 (Cross-site scripting (XSS) vulnerability in vbugs.php in Dark_Wizard v ...)
	NOT-FOR-US: Dark_Wizard vBug Tracker
CVE-2006-1672 (The installation of Cisco Transport Controller (CTC) for Cisco Optical ...)
	NOT-FOR-US: Cisco
CVE-2006-1671 (Control cards for Cisco Optical Networking System (ONS) 15000 series n ...)
	NOT-FOR-US: Cisco
CVE-2006-1670 (Control cards for Cisco Optical Networking System (ONS) 15000 series n ...)
	NOT-FOR-US: Cisco
CVE-2006-1669 (SQL injection vulnerability in chat/messagesL.php3 in phpHeaven Team P ...)
	NOT-FOR-US: PHPMyChat
CVE-2006-1668 (newimage.php in Eric Gerdes Crafty Syntax Image Gallery (CSIG) (aka PH ...)
	NOT-FOR-US: Crafty Syntax Image Gallery
CVE-2006-1667 (SQL injection vulnerability in slides.php in Eric Gerdes Crafty Syntax ...)
	NOT-FOR-US: Crafty Syntax Image Gallery
CVE-2006-1666 (SQL injection vulnerability in forum.php in Arab Portal 2.0.1 stable a ...)
	NOT-FOR-US: Arab Portal
CVE-2006-1665 (Multiple cross-site scripting (XSS) vulnerabilities in Arab Portal 2.0 ...)
	NOT-FOR-US: Arab Portal
CVE-2006-1664 (Buffer overflow in xine_list_delete_current in libxine 1.14 and earlie ...)
	- xine-lib <not-affected> (Not reproducible with Debian version, see bug #363127)
	- vlc <not-affected> (affected part of xine-lib code copy not present)
CVE-2006-1663
	REJECTED
CVE-2006-1662 (The frontpage option in Limbo CMS 1.0.4.2 and 1.0.4.1 allows remote at ...)
	NOT-FOR-US: Limbo CMS
CVE-2006-1661 (Multiple cross-site scripting (XSS) vulnerabilities in SKForum 1.5 and ...)
	NOT-FOR-US: SKForum
CVE-2006-1660 (Cross-site scripting (XSS) vulnerability in image_desc.php in Softbiz  ...)
	NOT-FOR-US: Softbiz Image Gallery
CVE-2006-1659 (Multiple SQL injection vulnerabilities in Softbiz Image Gallery allow  ...)
	NOT-FOR-US: Softbiz Image Gallery
CVE-2006-1658 (Direct static code injection vulnerability in ticker.db.php in Chucky  ...)
	NOT-FOR-US: Chucky A. Ivey N.T.
CVE-2006-1657 (Cross-site scripting (XSS) vulnerability in index.php in Chucky A. Ive ...)
	NOT-FOR-US: Chucky A. Ivey N.T.
CVE-2006-XXXX [linphone insecure password leakage]
	- linphone 1.3.5-1 (bug #361913)
CVE-2006-1656 (vserver in util-vserver 0.30.209 executes a command as root when the s ...)
	- util-vserver 0.30.210-1 (bug #360438; unimportant)
CVE-2006-1655 (Multiple buffer overflows in mpg123 0.59r allow user-assisted attacker ...)
	{DSA-1074-1}
	- mpg123 0.59r-22 (bug #361863)
	- mp3gain 1.5.2-r2-6 (low)
	[wheezy] - mp3gain 1.5.2-r2-2+deb7u1
	[squeeze] - mp3gain <no-dsa> (Minor issue)
CVE-2006-1654 (Directory traversal vulnerability in the HP Color LaserJet 2500 Toolbo ...)
	NOT-FOR-US: HP Colour LaserJet 2500 and 4600 Toolbox
CVE-2006-1653 (PHP remote file inclusion vulnerability in loadkernel.php in AngelineC ...)
	NOT-FOR-US: AngelineCMS
CVE-2006-1652 (Multiple buffer overflows in (a) UltraVNC (aka Ultr@VNC) 1.0.1 and ear ...)
	NOT-FOR-US: UltraVNC
CVE-2006-1651
	NOT-FOR-US: MS ISA
CVE-2006-1650 (Firefox 1.5.0.1 allows remote attackers to spoof the address bar and p ...)
	NOTE: other reports indicate that Firefox is not vulnerable
CVE-2006-1649 (The "restore to" selection in the "quarantine a file" capability of ES ...)
	NOT-FOR-US: Eset Software NOD32 Antivirus 2.5
CVE-2006-1648 (SMART SynchronEyes Student and Teacher 6.0, and possibly earlier versi ...)
	NOT-FOR-US: SMART SynchronEyes
CVE-2006-1647 (An unspecified "logical programming mistake" in SMART SynchronEyes Stu ...)
	NOT-FOR-US: SMART SynchronEyes
CVE-2006-1646 (The Internet Key Exchange version 1 (IKEv1) implementation (isakmp_agg ...)
	NOT-FOR-US: This is a slightly different racoon version, the Linux fork in Debian was already addressed in CVE-2005-3732
CVE-2006-1645 (Cross-site scripting (XSS) vulnerability in Anton Vlasov and Rostislav ...)
	NOT-FOR-US: ReloadCMS
CVE-2006-1644 (login.php in Interact 2.1.1 generates different responses depending on ...)
	NOT-FOR-US: Interact
CVE-2006-1643 (SQL injection vulnerability in login.php in Interact 2.1.1 allows remo ...)
	NOT-FOR-US: Interact
CVE-2006-1642 (Cross-site scripting (XSS) vulnerability in Interact 2.1.1 allows remo ...)
	NOT-FOR-US: Interact
CVE-2006-1641 (Multiple SQL injection vulnerabilities in CzarNews 1.14 allow remote a ...)
	NOT-FOR-US: CzarNews
CVE-2006-1640 (Cross-site scripting (XSS) vulnerability in news.php in CzarNews 1.14  ...)
	NOT-FOR-US: CzarNews
CVE-2006-1639 (SQL injection vulnerability in index.php in wpBlog 0.4 allows remote a ...)
	NOT-FOR-US: wpBlog
CVE-2006-1638 (Multiple SQL injection vulnerabilities in aWebBB 1.2 allow remote atta ...)
	NOT-FOR-US: aWebBB
CVE-2006-1637 (Multiple cross-site scripting (XSS) vulnerabilities in aWebBB 1.2 allo ...)
	NOT-FOR-US: aWebBB
CVE-2006-1636 (PHP remote file inclusion vulnerability in get_header.php in VWar 1.5. ...)
	NOT-FOR-US: VWar
CVE-2006-1635 (LucidCMS 2.0.0 RC4 allows remote attackers to obtain sensitive informa ...)
	NOT-FOR-US: LucidCMS
CVE-2006-1634 (Cross-site scripting (XSS) vulnerability in index.php in LucidCMS 2.0. ...)
	NOT-FOR-US: LucidCMS
CVE-2006-1633
	RESERVED
CVE-2006-1632
	RESERVED
CVE-2006-1631 (Unspecified vulnerability in the HTTP compression functionality in Cis ...)
	NOT-FOR-US: Cisco
CVE-2006-1629 (OpenVPN 2.0 through 2.0.5 allows remote malicious servers to execute a ...)
	{DSA-1045-1}
	- openvpn 2.0.6-1 (bug #360559; medium)
CVE-2006-1628 (Adobe LiveCycle Workflow 7.01 and LiveCycle Forum Manager 7.01 allows  ...)
	NOT-FOR-US: Adobe LiveCycle
CVE-2006-1627 (Adobe Document Server for Reader Extensions 6.0 does not provide prope ...)
	NOT-FOR-US: Adobe Document Server
CVE-2006-1626 (Internet Explorer 6 for Windows XP SP2 and earlier allows remote attac ...)
	NOT-FOR-US: Internet Explorer
CVE-2006-1625 (Cross-site scripting (XSS) vulnerability in inc/functions_post.php in  ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2006-1624 (The default configuration of syslogd in the Linux sysklogd package doe ...)
	- sysklogd <unfixed> (unimportant)
	NOTE: No sane person will open a network socket for syslog without apropriate
	NOTE: firewall rules. The default is not to listen to the network.
CVE-2006-1623 (Unspecified vulnerability in main.php in an unspecified "file created  ...)
	NOT-FOR-US: FleXiBle Development
CVE-2006-1622 (Cross-site scripting (XSS) vulnerability in PHPSelect linksubmit allow ...)
	NOT-FOR-US: PHPSelect
CVE-2006-1621 (Directory traversal vulnerability in admin/folders/saveuploadfiles.asp ...)
	NOT-FOR-US: Hosting Controller
CVE-2006-1620 (admin/accounts/AccountActions.asp in Hosting Controller 2002 RC 1 allo ...)
	NOT-FOR-US: Hosting Controller
CVE-2006-1619 (IBM WebSphere Application Server 4.0.1 through 4.0.3 allows remote att ...)
	NOT-FOR-US: WebSphere
CVE-2006-1618 (Format string vulnerability in the (1) Con_message and (2) conPrintf f ...)
	NOT-FOR-US: Doomsday/deng
CVE-2006-1617 (Multiple cross-site scripting (XSS) vulnerabilities in Advanced Poll 2 ...)
	NOT-FOR-US: Advanced Poll
CVE-2006-1616 (Multiple SQL injection vulnerabilities in Advanced Poll 2.02 allow rem ...)
	NOT-FOR-US: Advanced Poll
CVE-2006-1613 (Multiple SQL injection vulnerabilities in aWebNews 1.0 allow remote at ...)
	NOT-FOR-US: aWebNews
CVE-2006-1612 (Multiple cross-site scripting (XSS) vulnerabilities in visview.php in  ...)
	NOT-FOR-US: aWebNews
CVE-2006-1611 (Directory traversal vulnerability in KGB Archiver before 1.1.5.22 allo ...)
	NOT-FOR-US: KGB Archiver
CVE-2006-1610 (PHP remote file inclusion vulnerability in lib/armygame.php in SQuery  ...)
	NOT-FOR-US: SQuery / Autonomous LAN party
CVE-2006-1609 (Unspecified vulnerability in Hitachi XFIT/S, XFIT/S/JCA, XFIT/S/ZGN, a ...)
	NOT-FOR-US: Hitachi XFIT
CVE-2006-1608 (The copy function in file.c in PHP 4.4.2 and 5.1.2 allows local users  ...)
	- php4 4:4.4.4-1 (bug #361856; unimportant)
	- php5 5.1.4-0.1 (bug #361915; unimportant)
	NOTE: Safe mode violations not supported
CVE-2006-1607 (Unspecified vulnerability in the banner module in Exponent CMS before  ...)
	NOT-FOR-US: Exponent CMS
CVE-2006-1606 (Unspecified vulnerability in the image module in Exponent CMS before 0 ...)
	NOT-FOR-US: Exponent CMS
CVE-2006-1605 (Unspecified vulnerability in the image module in Exponent CMS before 0 ...)
	NOT-FOR-US: Exponent CMS
CVE-2006-1604 (Unspecified vulnerability in Exponent CMS before 0.96.5 RC 1 has unkno ...)
	NOT-FOR-US: Exponent CMS
CVE-2006-1603 (Cross-site scripting (XSS) vulnerability in profile.php in phpBB 2.0.1 ...)
	- phpbb2 <not-affected> (According to Jeroen a non-issue, see notes)
	NOTE: <jvw> jmm: unable to everify, the variable in question is only printed
	NOTE: at one single page, and there it doesn't get taken from GET nor POST in my tests
	NOTE: <jvw> and, shock, the password isn't saved unhashed in the DB, so having
	NOTE: javascript in your password can't be exposed otherwise
	NOTE: <jvw> I'd forget about it unless someone comes with a proof of concept
CVE-2006-1602 (PHP remote file inclusion vulnerability in includes/functions_common.p ...)
	NOT-FOR-US: PHPNuke Clan
CVE-2006-1601 (Unspecified vulnerability in SunPlex Manager in Sun Cluster 3.1 4/04 a ...)
	NOT-FOR-US: Sun Cluster
CVE-2006-1600 (SQL injection vulnerability in category.php in PhpWebGallery 1.4.1 all ...)
	NOT-FOR-US: PhpWebGallery
CVE-2006-1599 (Unspecified vulnerability in VCEngine.php in v-creator before 1.3-pre3 ...)
	NOT-FOR-US: v-creator
CVE-2006-1598 (AN HTTPD 1.42n, and possibly other versions before 1.42p, allows remot ...)
	NOT-FOR-US: AN HTTPD
CVE-2006-1597
	RESERVED
CVE-2006-1596 (PHP remote file inclusion vulnerability in learnPath/include/scormExpo ...)
	NOT-FOR-US: Claroline
CVE-2006-1595 (Cross-site scripting (XSS) vulnerability in document/rqmkhtml.php in C ...)
	NOT-FOR-US: Claroline
CVE-2006-1594 (Multiple directory traversal vulnerabilities in document/rqmkhtml.php  ...)
	NOT-FOR-US: Claroline
CVE-2006-1593 (The (1) ZD_MissingPlayer, (2) ZD_UseItem, and (3) ZD_LoadNewClientLeve ...)
	NOT-FOR-US: X-Doom, ZDaemon
	NOTE: vulnerable functions don't exist in lxdoom, prboom
CVE-2006-1592 (Buffer overflow in the is_client_wad_ok function in w_wad.cpp for (1)  ...)
	NOT-FOR-US: X-Doom, ZDaemon
	NOTE: vulnerable functions don't exist in lxdoom, prboom
CVE-2006-1591 (Heap-based buffer overflow in Microsoft Windows Help winhlp32.exe allo ...)
	NOT-FOR-US: Microsoft Windows Help
CVE-2006-1590 (Cross-site scripting (XSS) vulnerability in the PrintFreshPage functio ...)
	- acidbase 1.2.5-1 (bug #363548; unimportant)
	[sarge] - acidbase <no-dsa> (Hardly exploitable)
	- acidlab <removed> (bug #363549; unimportant)
	[sarge] - acidlab <no-dsa> (Hardly exploitable)
	NOTE: Not exploitable with the default configuration anyway.
CVE-2006-1589 (The elf_load_file function in NetBSD 2.0 through 3.0 allows local user ...)
	NOT-FOR-US: NetBSD kernel
CVE-2006-1588 (The bridge ioctl (if_bridge code) in NetBSD 1.6 through 3.0 does not c ...)
	NOT-FOR-US: NetBSD kernel
CVE-2006-1587 (NetBSD 1.6 up to 3.0, when a user has "set record" in .mailrc with the ...)
	NOT-FOR-US: NetBSD
CVE-2006-1614 (Integer overflow in the cli_scanpe function in the PE header parser (l ...)
	{DSA-1024-1}
	- clamav 0.88.1-1
CVE-2006-1630 (The cli_bitset_set function in libclamav/others.c in Clam AntiVirus (C ...)
	{DSA-1024-1}
	- clamav 0.88.1-1
CVE-2006-1615 (Multiple format string vulnerabilities in the logging code in Clam Ant ...)
	{DSA-1024-1}
	- clamav 0.88.1-1
CVE-2006-1586 (SQL injection vulnerability in admin_login.asp in ISP of Egypt SiteMan ...)
	NOT-FOR-US: Egypt SiteMan
CVE-2006-1585 (Multiple SQL injection vulnerabilities in MonAlbum 0.8.7 allow remote  ...)
	NOT-FOR-US: MonAlbum
CVE-2006-1584 (Unspecified vulnerability in index.php in Warcraft III Replay Parser f ...)
	NOT-FOR-US: Warcraft III Replay
CVE-2006-1583 (Cross-site scripting (XSS) vulnerability in index.php in Warcraft III  ...)
	NOT-FOR-US: Warcraft III Replay
CVE-2006-1582 (Cross-site scripting (XSS) vulnerability in index.php in Blank'N'Berg  ...)
	NOT-FOR-US: Blank'N'Berg
CVE-2006-1581 (Directory traversal vulnerability in index.php in Blank'N'Berg 0.2 all ...)
	NOT-FOR-US: Blank'N'Berg
CVE-2006-1580 (Multiple cross-site scripting (XSS) vulnerabilities in Bugzero 4.3.1 a ...)
	NOT-FOR-US: Bugzero
CVE-2006-1579 (SQL injection vulnerability in topics.php in Dynamic Bulletin Board Sy ...)
	NOT-FOR-US: Dynamic Bulletin Board System
CVE-2006-1578 (Multiple SQL injection vulnerabilities in Keystone Digital Library Sui ...)
	NOT-FOR-US: Keystone Digital Library Suite
CVE-2006-1577 (Multiple cross-site scripting (XSS) vulnerabilities in view_all_set.ph ...)
	{DSA-1133-1}
	[woody] - mantis <not-affected> (Vulnerable code not present)
	- mantis 0.19.4-3.1 (bug #361138)
CVE-2006-1576 (Direct static code injection vulnerability in QLnews 1.2 allows remote ...)
	NOT-FOR-US: QLnews
CVE-2006-1575 (Multiple cross-site scripting (XSS) vulnerabilities in news.php in QLn ...)
	NOT-FOR-US: QLnews
CVE-2006-1574 (Cross-site scripting (XSS) vulnerability in Groupmax World Wide Web, W ...)
	NOT-FOR-US: Groupmax World Wide Web et. al.
CVE-2006-1573 (PHP remote file inclusion vulnerability in index.php in MediaSlash Gal ...)
	NOT-FOR-US: MediaSlash Gallery
CVE-2006-1572 (SQL injection vulnerability in post.php in Oxygen 1.1.3 allows remote  ...)
	NOT-FOR-US: Oxygen
CVE-2006-1571 (Multiple SQL injection vulnerabilities in loginprocess.php in qliteNew ...)
	NOT-FOR-US: qliteNews
CVE-2006-1570 (Cross-site scripting (XSS) vulnerability in Esqlanelapse 2.0 and 2.2 a ...)
	NOT-FOR-US: Esqlanelapse
CVE-2006-1569 (Multiple SQL injection vulnerabilities in RedCMS 0.1 allow remote atta ...)
	NOT-FOR-US: RedCMS
CVE-2006-1568 (Multiple cross-site scripting (XSS) vulnerabilities in register.php in ...)
	NOT-FOR-US: RedCMS
CVE-2006-1567 (Cross-site scripting (XSS) vulnerability in searchresults.asp in SiteS ...)
	NOT-FOR-US: SiteSearch Indexer
CVE-2006-1566 (Untrusted search path vulnerability in libtunepimp-perl 0.4.2-1 in Deb ...)
	- libtunepimp 0.4.2-3 (bug #359241; low)
	[sarge] - libtunepimp <not-affected> (rpath not set to /tmp in Sarge)
CVE-2006-1565 (Untrusted search path vulnerability in libgpib-perl 3.2.06-2 in Debian ...)
	- gpib 3.2.06-3 (bug #359239; low)
	[sarge] - gpib <not-affected> (rpath not set to /tmp in Sarge)
CVE-2006-1564 (Untrusted search path vulnerability in libapache2-svn 1.3.0-4 for Subv ...)
	- subversion 1.3.0-5 (bug #359234; low)
	[sarge] - subversion <not-affected> (No rpaths set in Sarge)
CVE-2006-1563 (Direct static code injection vulnerability in config.php in vscripts ( ...)
	NOT-FOR-US: VBook
CVE-2006-1562 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in vs ...)
	NOT-FOR-US: VBook
CVE-2006-1561 (SQL injection vulnerability in index.php in vscripts (aka Kuba Kunkiew ...)
	NOT-FOR-US: VBook
CVE-2006-1560 (Multiple SQL injection vulnerabilities in SkinTech phpNewsManager 1.48 ...)
	NOT-FOR-US: SkinTech phpNewsManager
CVE-2006-1559 (SQL injection vulnerability in PHP Script Index allows remote attacker ...)
	NOT-FOR-US: PHP Script Index
CVE-2006-1558 (Cross-site scripting (XSS) vulnerability in search.php in PHP Script I ...)
	NOT-FOR-US: PHP Script Index
CVE-2006-1557 (Multiple SQL injection vulnerabilities in X-Changer 0.2 allow remote a ...)
	NOT-FOR-US: X-Changer
CVE-2006-1556 (Multiple cross-site scripting (XSS) vulnerabilities in view_caricatier ...)
	NOT-FOR-US: AL-Caricatier
CVE-2006-1555 (VSNS Lemon 3.2.0 allows remote attackers to bypass authentication and  ...)
	NOT-FOR-US: VSNS Lemon
CVE-2006-1554 (Cross-site scripting (XSS) vulnerability in VSNS Lemon 3.2.0 allows re ...)
	NOT-FOR-US: VSNS Lemon
CVE-2006-1553 (SQL injection vulnerability in functions/final_functions.php in VSNS L ...)
	NOT-FOR-US: VSNS Lemon
CVE-2006-1552 (Integer overflow in ImageIO in Apple Mac OS X 10.4 up to 10.4.5 allows ...)
	NOT-FOR-US: Apple
CVE-2006-1551 (Eval injection vulnerability in pajax_call_dispatcher.php in PAJAX 0.5 ...)
	NOT-FOR-US: PAJAX
CVE-2006-1549 (PHP 4.4.2 and 5.1.2 allows local users to cause a crash (segmentation  ...)
	- php4 <removed> (bug #361854; unimportant)
	- php5 5.1.4-0.1 (bug #361917; unimportant)
	[sarge] - php4 <no-dsa> (there are easier ways to segfault your own program)
CVE-2006-1548 (Cross-site scripting (XSS) vulnerability in (1) LookupDispatchAction a ...)
	- libstruts1.2-java 1.2.9-1 (bug #360551)
	[sarge] - libstruts1.2-java <no-dsa> (Only in contrib, relies on proprietary Java)
CVE-2006-1547 (ActionForm in Apache Software Foundation (ASF) Struts before 1.2.9 wit ...)
	- libstruts1.2-java 1.2.9-1 (bug #360551)
	[sarge] - libstruts1.2-java <no-dsa> (Only in contrib, relies on proprietary Java)
CVE-2006-1546 (Apache Software Foundation (ASF) Struts before 1.2.9 allows remote att ...)
	- libstruts1.2-java 1.2.9-1 (bug #360551)
	[sarge] - libstruts1.2-java <no-dsa> (Only in contrib, relies on proprietary Java)
CVE-2006-1545 (Direct static code injection vulnerability in admin/config.php in vscr ...)
	NOT-FOR-US: VNews
CVE-2006-1544 (Multiple cross-site scripting (XSS) vulnerabilities in news.php in vsc ...)
	NOT-FOR-US: VNews
CVE-2006-1543 (Multiple SQL injection vulnerabilities in vscripts (aka Kuba Kunkiewic ...)
	NOT-FOR-US: VNews
CVE-2006-1542 (Stack-based buffer overflow in Python 2.4.2 and earlier, running on Li ...)
	NOT-FOR-US: Bogus issue, this doesn't trigger any local overflow
	NOTE: Should be rejected
CVE-2006-1541 (SQL injection vulnerability in Default.asp in EzASPSite 2.0 RC3 and ea ...)
	NOT-FOR-US: EzASPSite
CVE-2006-1540 (MSO.DLL in Microsoft Office 2000, Office XP (2002), and Office 2003 al ...)
	NOT-FOR-US: Microsoft
CVE-2006-1539 (Multiple buffer overflows in the checkscores function in scores.c in t ...)
	- bsdgames 2.17-6 (bug #361160)
	[sarge] - bsdgames <no-dsa> (Minor impact)
CVE-2006-1538 (The Enova X-Wall ASIC encrypts with a key obtained via Microwire from  ...)
	NOT-FOR-US: Enova X-Wall ASIC
CVE-2006-1537 (Craig Knudsen WebCalendar 1.1.0-CVS allows remote attackers to obtain  ...)
	- webcalendar <unfixed> (unimportant)
CVE-2006-1536 (Multiple SQL injection vulnerabilities in Phoetux.net PhxContacts 0.93 ...)
	NOT-FOR-US: Phoetux.net PhxContacts
CVE-2006-1535 (Cross-site scripting (XSS) vulnerability in login.php in Phoetux.net P ...)
	NOT-FOR-US: Phoetux.net PhxContacts
CVE-2006-1534 (Multiple SQL injection vulnerabilities in Null news allow remote attac ...)
	NOT-FOR-US: Null news
CVE-2006-1533 (SQL injection vulnerability in newsletter.php in Sourceworkshop newsle ...)
	NOT-FOR-US: Sourceworkshop newsletter
CVE-2006-1532 (Cross-site scripting (XSS) vulnerability in search.php in PHP Classifi ...)
	NOT-FOR-US: PHP Classifieds
CVE-2006-1531 (Unspecified vulnerability in Firefox and Thunderbird before 1.5.0.2, a ...)
	{DSA-1046-1}
	- firefox 1.5.0.2 (medium)
	- mozilla-firefox <not-affected> (pre-1.5 version not vulnerable)
	- thunderbird 1.5.0.2-1 (low)
	- mozilla-thunderbird <not-affected> (pre-1.5 version not vulnerable)
	- xulrunner 1.8.0.1-9
	NOTE: MFSA2006-20 says exploitability has not been confirmed.
	NOTE: Thunderbird is potentially affected as well, but not in the
	NOTE: default configuration.
CVE-2006-1530 (Unspecified vulnerability in Firefox and Thunderbird before 1.5.0.2, a ...)
	{DSA-1046-1}
	- firefox 1.5.0.2 (medium)
	- mozilla-firefox <not-affected> (pre-1.5 version not vulnerable)
	- thunderbird 1.5.0.2-1 (low)
	- mozilla-thunderbird <not-affected> (pre-1.5 version not vulnerable)
	- xulrunner 1.8.0.1-9
	NOTE: MFSA2006-20 says exploitability has not been confirmed.
	NOTE: Thunderbird is potentially affected as well, but not in the
	NOTE: default configuration.
CVE-2006-1529 (Unspecified vulnerability in Firefox and Thunderbird before 1.5.0.2, a ...)
	{DSA-1046-1}
	- firefox 1.5.0.2-1 (medium)
	- mozilla-firefox <not-affected> (pre-1.5 version not vulnerable)
	- thunderbird 1.5.0.2-1 (low)
	- mozilla-thunderbird <not-affected> (pre-1.5 version not vulnerable)
	- xulrunner 1.8.0.1-9
	NOTE: MFSA2006-20 says exploitability has not been confirmed.
	NOTE: Thunderbird is potentially affected as well, but not in the
	NOTE: default configuration.
CVE-2006-1528 (Linux kernel before 2.6.13 allows local users to cause a denial of ser ...)
	{DSA-1184-2 DSA-1183-1}
	- linux-2.6 2.6.13-1
CVE-2006-1527 (The SCTP-netfilter code in Linux kernel before 2.6.16.13 allows remote ...)
	- linux-2.6 2.6.16-12 (low)
CVE-2006-1526 (Buffer overflow in the X render (Xrender) extension in X.org X server  ...)
	- xorg-server 1:1.0.2-8 (bug #378464)
	[sarge] - xfree86 <not-affected> (Vulnerable code not present)
CVE-2006-1525 (ip_route_input in Linux kernel 2.6 before 2.6.16.8 allows local users  ...)
	{DSA-1103 DSA-1097-1}
	- linux-2.6 2.6.16-9
CVE-2006-1524 (madvise_remove in Linux kernel 2.6.16 up to 2.6.16.6 does not follow f ...)
	{DSA-1103 DSA-1097-1}
	- linux-2.6 2.6.16-8
CVE-2006-1523 (The __group_complete_signal function in the RCU signal handling (signa ...)
	{DSA-1103}
	- linux-2.6 2.6.16-7
CVE-2006-1522 (The sys_add_key function in the keyring code in Linux kernel 2.6.16.1  ...)
	- linux-2.6 2.6.16-7
CVE-2006-1521
	REJECTED
CVE-2006-1520 (Format string vulnerability in ANSI C Sender Policy Framework library  ...)
	NOTE: Debian ships debugging disabled (this isn't a problem with a debugging command-line flag)
	- libspf <not-affected> (bug #368780; low)
CVE-2006-1519
	REJECTED
CVE-2006-1518 (Buffer overflow in the open_table function in sql_base.cc in MySQL 5.0 ...)
	{DSA-1079-1 DSA-1073-1 DSA-1071-1}
	- mysql-dfsg-5.0 5.0.21-1 (bug #365939; medium)
	- mysql-dfsg-4.1 <removed> (bug #365939; medium)
	- mysql-dfsg <removed> (bug #365939; bug #356751; medium)
	- mysql <removed> (bug #365939; medium)
CVE-2006-1517 (sql_parse.cc in MySQL 4.0.x up to 4.0.26, 4.1.x up to 4.1.18, and 5.0. ...)
	{DSA-1079-1 DSA-1073-1 DSA-1071-1}
	- mysql-dfsg-5.0 5.0.21-1 (bug #365939; low)
	- mysql-dfsg-4.1 <removed> (bug #365939; low)
	- mysql-dfsg <removed> (bug #365939; bug #356751; low)
	- mysql <removed> (bug #365939; low)
CVE-2006-1516 (The check_connection function in sql_parse.cc in MySQL 4.0.x up to 4.0 ...)
	{DSA-1079-1 DSA-1073-1 DSA-1071-1}
	- mysql-dfsg-5.0 5.0.21-1 (bug #365939; bug #365938; bug #366044; low)
	- mysql-dfsg-4.1 <removed> (bug #365939; bug #366043; low)
	- mysql-dfsg <removed> (bug #365939; bug #356751; low)
	- mysql <removed> (bug #365939; low)
CVE-2006-1515 (Buffer overflow in the addnewword function in typespeed 0.4.4 and earl ...)
	{DSA-1084-1}
	- typespeed 0.4.4-10
CVE-2006-1514 (Multiple buffer overflows in the abcmidi-yaps translator in abcmidi 20 ...)
	{DSA-1043-1}
	- abcmidi 20060422-1
CVE-2006-1513 (Multiple buffer overflows in abc2ps before 1.3.3 allow user-assisted a ...)
	{DSA-1041-1}
	- abc2ps <removed> (bug #373685; low)
CVE-2006-1512
	REJECTED
CVE-2006-1511 (Buffer overflow in the ILASM assembler in the Microsoft .NET 1.0 and 1 ...)
	NOT-FOR-US: Microsoft
CVE-2006-1510 (Buffer overflow in calloc.c in the Microsoft Windows XP SP2 ntdll.dll  ...)
	NOT-FOR-US: Microsoft
CVE-2006-1509 (/sbin/passwd in HP-UX B.11.00, B.11.11, and B.11.23 before 20060326 "d ...)
	NOT-FOR-US: HP-UX
CVE-2006-1508 (Multiple cross-site scripting (XSS) vulnerabilities in MH Software Con ...)
	NOT-FOR-US: MH Software Connect Daily Web Calendar
CVE-2006-1507 (Cross-site scripting (XSS) vulnerability in PHPKIT 1.6.03 allows remot ...)
	NOT-FOR-US: PHPKIT
CVE-2006-1506 (Unspecified vulnerability in rsh in Sun Microsystems Sun Grid Engine 5 ...)
	NOT-FOR-US: Sun Microsystems Sun Grid Engine 5.3
CVE-2006-1505 (base_maintenance.php in Basic Analysis and Security Engine (BASE) befo ...)
	- acidbase 1.2.4-1 (bug #361139)
CVE-2006-1504 (Multiple cross-site scripting (XSS) vulnerabilities in Arab Portal 2.0 ...)
	NOT-FOR-US: Arab Portal
CVE-2006-1503 (PHP remote file inclusion vulnerability in includes/functions_install. ...)
	NOT-FOR-US: Virtual Wa
CVE-2006-1502 (Multiple integer overflows in MPlayer 1.0pre7try2 allow remote attacke ...)
	NOT-FOR-US: MPlayer
	NOTE: I can't find the vulnerable code in xine-lib
CVE-2006-1501 (SQL injection vulnerability in index.php in OneOrZero 1.6.3.0 allows r ...)
	NOT-FOR-US: OneOrZero
CVE-2006-1500 (SQL injection vulnerability in index.php in Tilde CMS 3.0 allows remot ...)
	NOT-FOR-US: Tilde CMS 3.0
CVE-2006-1499 (SQL injection vulnerability in vCounter.php in vCounter 1.0 allows rem ...)
	NOT-FOR-US: vCounter
CVE-2006-1497 (Directory traversal vulnerability in index.php in ViHor Design allows  ...)
	NOT-FOR-US: ViHor Design
CVE-2006-1496 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in Vi ...)
	NOT-FOR-US: ViHor Design
CVE-2006-1495 (SQL injection vulnerability in general/sendpassword.php in (1) PHPColl ...)
	NOT-FOR-US: PHPCollab / NetOffice
CVE-2006-1494 (Directory traversal vulnerability in file.c in PHP 4.4.2 and 5.1.2 all ...)
	- php4 4:4.4.4-1 (bug #361855; unimportant)
	- php5 5.1.4-0.1 (bug #361916; unimportant)
	NOTE: open_basedir violations are not supported
CVE-2006-1493 (Cross-site scripting (XSS) vulnerability in dir.php in Explorer XP all ...)
	NOT-FOR-US: Explorer XP
CVE-2006-1492 (Directory traversal vulnerability in dir.php in Explorer XP allows rem ...)
	NOT-FOR-US: Explorer XP
CVE-2006-1489 (Multiple SQL injection vulnerabilities in FusionZONE CouponZONE local. ...)
	NOT-FOR-US: FusionZONE CouponZONE
CVE-2006-XXXX [unixodbc rpath set to /home]
	- unixodbc 2.2.11-11 (bug #358142; low)
	[sarge] - unixodbc <not-affected> (rpath not set to /home in Sarge)
CVE-2006-XXXX [fftw rpath set to user home]
	- fftw 2.1.3-17 (bug #358157; low)
	[sarge] - fftw <not-affected> (No rpath set in Sarge)
CVE-2006-XXXX [gauche-config rpath set to user home]
	- gauche 0.8.7-1 (bug #358139; low)
	[sarge] - gauche <not-affected> (gauche-config is a shell script in Sarge)
CVE-2006-XXXX [tcpquota rpath set to user home]
	- tcpquota 1.6.15-11 (bug #358369; low)
	[sarge] - tcpquota <no-dsa> (Only exploitable with strange AFS cell name)
CVE-2006-XXXX [hamlib3-perl rpath set to user home]
	- hamlib 1.2.5-3 (bug #358166; low)
	[sarge] - hamlib <no-dsa> (Only exploitable with strange user name)
CVE-2006-1550 (Multiple buffer overflows in the xfig import code (xfig-import.c) in D ...)
	{DSA-1025-1}
	- dia 0.94.0-18 (bug #360566)
CVE-2006-1498 (Cross-site scripting (XSS) vulnerability in MediaWiki before 1.5.8 and ...)
	- mediawiki 1.4.15-1
	- mediawiki1.5 1.5.8-1
CVE-2006-1491 (Eval injection vulnerability in Horde Application Framework versions 3 ...)
	{DSA-1034-1 DSA-1033-1}
	- horde3 3.1.1-1 (bug #361967)
CVE-2006-1490 (PHP before 5.1.3-RC1 might allow remote attackers to obtain portions o ...)
	- php5 5.1.4-0.1 (bug #359907; low)
	- php4 4:4.4.2-1.1 (bug #359904; low)
	[sarge] - php4 <no-dsa> (Application's responsibility to sanitize input)
CVE-2006-1488 (ActiveCampaign SupportTrio 2.5 allows remote attackers to obtain the f ...)
	NOT-FOR-US: ActiveCampaign SupportTrio
CVE-2006-1487 (Cross-site scripting (XSS) vulnerability in ActiveCampaign SupportTrio ...)
	NOT-FOR-US: ActiveCampaign SupportTrio
CVE-2006-1486 (Multiple cross-site scripting (XSS) vulnerabilities in index.cfm in re ...)
	NOT-FOR-US: realestateZONE
CVE-2006-1485 (gm-upload.cgi in Greymatter 1.3.1 allows remote authenticated users wi ...)
	NOT-FOR-US: Greymatter
CVE-2006-1484 (Genius VideoCAM NB Driver does not drop privileges when saving files,  ...)
	NOT-FOR-US: Genius VideoCAM NB Driver
CVE-2006-1483 (Blazix Web Server before 1.2.6, when running on Windows, allows remote ...)
	NOT-FOR-US: Blazix Web Server
CVE-2006-1482 (Cross-site scripting (XSS) vulnerability in index.php in ConfTool 1.1  ...)
	NOT-FOR-US: ConfTool
CVE-2006-1481 (SQL injection vulnerability in search.php in PHP Ticket 0.71 allows re ...)
	NOT-FOR-US: PHP Ticket
CVE-2006-1480 (Directory traversal vulnerability in start.php in WebAlbum 2.02 allows ...)
	NOT-FOR-US: WebAlbum
CVE-2006-1479 (Multiple cross-site scripting (XSS) vulnerabilities in Serge Rey gtd-p ...)
	NOT-FOR-US: Serge Rey gtd-php
CVE-2006-1478 (Directory traversal vulnerability in (1) initiate.php and (2) possibly ...)
	NOT-FOR-US: Turnkey Web Tools PHP Live Helper
CVE-2006-1477 (Multiple PHP remote file inclusion vulnerabilities in Turnkey Web Tool ...)
	NOT-FOR-US: Turnkey Web Tools PHP Live Helper
CVE-2006-1476 (Windows Firewall in Microsoft Windows XP SP2 produces incorrect applic ...)
	NOT-FOR-US: Windows Firewall
CVE-2006-1475 (Windows Firewall in Microsoft Windows XP SP2 does not produce applicat ...)
	NOT-FOR-US: Windows Firewall
CVE-2006-1474 (Cross-site scripting (XSS) vulnerability in the "failed" functionality ...)
	NOT-FOR-US: Raindance Web Conferencing Pro
CVE-2006-1473 (Integer overflow in AFP Server for Apple Mac OS X 10.3.9 and 10.4.7 al ...)
	NOT-FOR-US: Apple
CVE-2006-1472 (Unspecified vulnerability in AFP Server in Apple Mac OS X 10.3.9 allow ...)
	NOT-FOR-US: Apple
CVE-2006-1471 (Format string vulnerability in the CF_syslog function launchd in Apple ...)
	NOT-FOR-US: Apple
CVE-2006-1470 (OpenLDAP in Apple Mac OS X 10.4 up to 10.4.6 allows remote attackers t ...)
	- openldap2 <not-affected> (Vulnerable code not present)
	- openldap2.2 <removed> (medium)
CVE-2006-1469 (Stack-based buffer overflow in ImageIO in Apple Mac OS X 10.4 up to 10 ...)
	NOT-FOR-US: Apple
CVE-2006-1468 (Unspecified vulnerability in Apple File Protocol (AFP) server in Apple ...)
	NOT-FOR-US: Apple
CVE-2006-1467 (Integer overflow in the AAC file parsing code in Apple iTunes before 6 ...)
	NOT-FOR-US: Apple iTunes
CVE-2006-1466 (Xcode Tools before 2.3 for Mac OS X 10.4, when running the WebObjects  ...)
	NOT-FOR-US: Apple
CVE-2006-1465 (Buffer overflow in Apple QuickTime before 7.1 allows remote attackers  ...)
	NOT-FOR-US: Apple
CVE-2006-1464 (Buffer overflow in Apple QuickTime before 7.1 allows remote attackers  ...)
	NOT-FOR-US: Apple
CVE-2006-1463 (Heap-based buffer overflow in Apple QuickTime before 7.1 allows remote ...)
	NOT-FOR-US: Apple
CVE-2006-1462 (Multiple integer overflows in Apple QuickTime before 7.1 allow remote  ...)
	NOT-FOR-US: Apple
CVE-2006-1461 (Multiple buffer overflows in Apple QuickTime before 7.1 allow remote a ...)
	NOT-FOR-US: Apple
CVE-2006-1460 (Multiple buffer overflows in Apple QuickTime before 7.1 allow remote a ...)
	NOT-FOR-US: Apple
CVE-2006-1459 (Multiple integer overflows in Apple QuickTime before 7.1 allow remote  ...)
	NOT-FOR-US: Apple
CVE-2006-1458 (Integer overflow in Apple QuickTime Player before 7.1 allows remote at ...)
	NOT-FOR-US: Apple
CVE-2006-1457 (Safari on Apple Mac OS X 10.4.6, when "Open `safe' files after downloa ...)
	NOT-FOR-US: Apple
CVE-2006-1456 (Buffer overflow in QuickTime Streaming Server in Apple Mac OS X 10.3.9 ...)
	NOT-FOR-US: Apple
CVE-2006-1455 (QuickTime Streaming Server in Apple Mac OS X 10.3.9 and 10.4.6 allows  ...)
	NOT-FOR-US: Apple
CVE-2006-1454 (Heap-based buffer overflow in Apple QuickTime before 7.1 allows remote ...)
	NOT-FOR-US: Apple
CVE-2006-1453 (Stack-based buffer overflow in Apple QuickTime before 7.1 allows remot ...)
	NOT-FOR-US: Apple
CVE-2006-1452 (Stack-based buffer overflow in Preview in Apple Mac OS 10.4 up to 10.4 ...)
	NOT-FOR-US: Apple
CVE-2006-1451 (MySQL Manager in Apple Mac OS X 10.3.9 and 10.4.6, when setting up a n ...)
	NOT-FOR-US: MySQL Manager
CVE-2006-1450 (Mail in Apple Mac OS X 10.3.9 and 10.4.6 allows remote attackers to ex ...)
	NOT-FOR-US: Apple
CVE-2006-1449 (Integer overflow in Mail in Apple Mac OS X 10.3.9 and 10.4.6 allows re ...)
	NOT-FOR-US: Apple
CVE-2006-1448 (Finder in Apple Mac OS X 10.3.9 and 10.4.6 allows user-assisted attack ...)
	NOT-FOR-US: Apple
CVE-2006-1447 (LaunchServices in Apple Mac OS X 10.4.6 allows remote attackers to cau ...)
	NOT-FOR-US: Apple
CVE-2006-1446 (Keychain in Apple Mac OS X 10.3.9 and 10.4.6 might allow an applicatio ...)
	NOT-FOR-US: Apple
CVE-2006-1445 (Buffer overflow in the FTP server (FTPServer) in Apple Mac OS X 10.3.9 ...)
	NOT-FOR-US: Apple
CVE-2006-1444 (CoreGraphics in Apple Mac OS X 10.4.6, when "Enable access for assisti ...)
	NOT-FOR-US: Apple
CVE-2006-1443 (Integer underflow in CoreFoundation in Apple Mac OS X 10.3.9 and 10.4. ...)
	NOT-FOR-US: Apple
CVE-2006-1442 (The bundle API in CoreFoundation in Apple Mac OS X 10.3.9 and 10.4.6 l ...)
	NOT-FOR-US: Apple
CVE-2006-1441 (Integer overflow in CFNetwork in Apple Mac OS X 10.4.6 allows remote a ...)
	NOT-FOR-US: Apple
CVE-2006-1440 (BOM in Apple Mac OS X 10.3.9 and 10.4.6 allows attackers to overwrite  ...)
	NOT-FOR-US: Apple
CVE-2006-1439 (NSSecureTextField in AppKit in Apple Mac OS X 10.4.6 does not re-enabl ...)
	NOT-FOR-US: Apple
CVE-2006-1438 (Multiple cross-site scripting (XSS) vulnerabilities in Andy's PHP Know ...)
	NOT-FOR-US: aphpkb
CVE-2006-1437 (UPOINT @1 Event Publisher stores sensitive information under the web d ...)
	NOT-FOR-US: UPOINT
CVE-2006-1436 (Multiple cross-site scripting (XSS) vulnerabilities in UPOINT @1 Event ...)
	NOT-FOR-US: UPOINT
CVE-2006-1435 (Cross-site scripting (XSS) vulnerability in genmessage.php in Accounti ...)
	NOT-FOR-US: Accounting Receiving and Inventory Administration (ARIA), different from debian aria
CVE-2006-1434 (Cross-site scripting (XSS) vulnerability in inscription.php in Annuair ...)
	NOT-FOR-US: Annuaire (Directory)
CVE-2006-1433 (Annuaire (Directory) 1.0 allows remote attackers to obtain sensitive i ...)
	NOT-FOR-US: Annuaire (Directory)
CVE-2006-1432 (fusionZONE couponZONE 4.2 allows remote attackers to obtain the full p ...)
	NOT-FOR-US: fusionZONE couponZONE
CVE-2006-1431 (Cross-site scripting (XSS) vulnerability in local.cfm in fusionZONE co ...)
	NOT-FOR-US: fusionZONE couponZONE
CVE-2006-1430 (Multiple cross-site scripting (XSS) vulnerabilities in CONTROLzx HMS ( ...)
	NOT-FOR-US: CONTROLzx HMS
CVE-2006-1429 (Cross-site scripting (XSS) vulnerability in accountlogon.cfm in classi ...)
	NOT-FOR-US: classifiedZONE
CVE-2006-1428 (Multiple cross-site scripting (XSS) vulnerabilities in phpCOIN 1.2.2 a ...)
	NOT-FOR-US: phpCOIN
CVE-2006-1427 (Multiple cross-site scripting (XSS) vulnerabilities in WebAPP 0.9.9.3. ...)
	NOT-FOR-US: WebAPP
CVE-2006-1426 (Multiple SQL injection vulnerabilities in Pixel Motion Blog allow remo ...)
	NOT-FOR-US: Blog Pixel Motion
CVE-2006-1425 (Cross-site scripting (XSS) vulnerability in track.php in phpmyfamily 1 ...)
	NOT-FOR-US: phpmyfamily
CVE-2006-1424
	REJECTED
CVE-2006-1423 (SQL injection vulnerability in showflat.php in UBB.threads 5.5.1, 6.0  ...)
	NOT-FOR-US: UBB.threads
CVE-2006-1422 (SQL injection vulnerability in details_view.php in PHP Booking Calenda ...)
	NOT-FOR-US: PHP Booking Calendar
CVE-2006-1421 (Multiple SQL injection vulnerabilities in akocomment.php in AkoComment ...)
	NOT-FOR-US: AkoComment
CVE-2006-1420 (SQL injection vulnerability in print.php in SaphpLesson 2.0 allows rem ...)
	NOT-FOR-US: SaphpLesson
CVE-2006-1419 (SQL injection vulnerability in the Calendar module in nuked-klan 1.7.5 ...)
	NOT-FOR-US: nuked-klan
CVE-2006-1418 (Cross-site scripting (XSS) vulnerability in default.asp in Caloris Pla ...)
	NOT-FOR-US: Caloris Planitia E-School Management
CVE-2006-1417 (Multiple cross-site scripting (XSS) vulnerabilities in Caloris Planiti ...)
	NOT-FOR-US: Caloris Planitia Online Quiz System
CVE-2006-1416 (Cross-site scripting (XSS) vulnerability in afmsearch.aspx in Absolute ...)
	NOT-FOR-US: Absolute FAQ Manager .NET
CVE-2006-1415 (Cross-site scripting (XSS) vulnerability in iforget.aspx in dotNetBB 2 ...)
	NOT-FOR-US: dotNetBB
CVE-2006-1414 (Multiple cross-site scripting (XSS) vulnerabilities in toast.asp in To ...)
	NOT-FOR-US: Toast Forums
CVE-2006-1413 (Multiple cross-site scripting (XSS) vulnerabilities in EZHomepagePro 1 ...)
	NOT-FOR-US: EZHomepagePro
CVE-2006-1412 (TFT Gallery 0.10 stores sensitive information under the web root with  ...)
	NOT-FOR-US: TFT Gallery
CVE-2006-1411 (Cross-site scripting (XSS) vulnerability in Absolute Image Gallery XE  ...)
	NOT-FOR-US: Absolute Image Gallery
CVE-2006-1410 (Multiple cross-site scripting (XSS) vulnerabilities in XIGLA Absolute  ...)
	NOT-FOR-US: XIGLA Absolute Live Support
CVE-2006-1409 (Buffer overflow in Vavoom 1.19.1 and earlier allows remote attackers t ...)
	NOT-FOR-US: Vavoom
	NOTE: code in prboom and lxdoom looks completely different
CVE-2006-1408 (Vavoom 1.19.1 and earlier allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Vavoom
	NOTE: code in prboom and lxdoom looks completely different
CVE-2006-1407 (Multiple cross-site scripting (XSS) vulnerabilities in Helm Web Hostin ...)
	NOT-FOR-US: Helm Web Hosting Control Panel
CVE-2006-1406 (Multiple cross-site scripting (XSS) vulnerabilities in wbadmlog.aspx i ...)
	NOT-FOR-US: uniForum
CVE-2006-1405 (Cross-site scripting (XSS) vulnerability in search.aspx in SweetSuite. ...)
	NOT-FOR-US: SweetSuite.NET Content Management System
CVE-2006-1404 (Multiple cross-site scripting (XSS) vulnerabilities in bol.cgi in Blan ...)
	NOT-FOR-US: BlankOL
CVE-2006-1403 (Format string vulnerability in the PrintString function in c_console.c ...)
	NOT-FOR-US: csDoom
	NOTE: prboom, lxdoom not affected
CVE-2006-1402 (Buffer overflow in client/server Doom (csDoom) 0.7 and earlier allows  ...)
	NOT-FOR-US: csDoom
	NOTE: prboom, lxdoom not affected
CVE-2006-1401 (Multiple cross-site scripting (XSS) vulnerabilities in search.php in C ...)
	NOT-FOR-US: Calendar Express
CVE-2006-1400 (Cross-site scripting (XSS) vulnerability in MyTasks/PersonalTaskEdit.a ...)
	NOT-FOR-US: Metisware Instructor
CVE-2006-1399 (Cross-site scripting (XSS) vulnerability in searchresult.php in Meetin ...)
	NOT-FOR-US: Meeting Reserve
CVE-2006-1398 (Cross-site scripting (XSS) vulnerability in guestbook.php in G-Book 1. ...)
	NOT-FOR-US: G-Book
CVE-2006-1397 (Multiple cross-site scripting (XSS) vulnerabilities in (a) phpAdsNew a ...)
	NOT-FOR-US: phpAdsNew
CVE-2006-1396 (Multiple cross-site scripting (XSS) vulnerabilities in Cholod MySQL Ba ...)
	NOT-FOR-US: Cholod
CVE-2006-1395 (SQL injection vulnerability in mb.cgi in Cholod MySQL Based Message Bo ...)
	NOT-FOR-US: Cholod
CVE-2006-1394 (Multiple cross-site scripting (XSS) vulnerabilities in the Microsoft I ...)
	NOT-FOR-US: Pubcookie
CVE-2006-1393 (Multiple cross-site scripting (XSS) vulnerabilities in the mod_pubcook ...)
	NOT-FOR-US: Pubcookie
CVE-2006-1392 (Multiple cross-site scripting (XSS) vulnerabilities in index.cgi in th ...)
	NOT-FOR-US: Pubcookie
CVE-2006-1391 (The (a) Quick 'n Easy Web Server before 3.1.1 and (b) Baby ASP Web Ser ...)
	NOT-FOR-US: Quick 'n Easy/Baby Web Server
CVE-2006-1390 (The configuration of NetHack 3.4.3-r1 and earlier, Falcon's Eye 1.9.4a ...)
	NOT-FOR-US: Shortcoming of Gentoo-specific games packaging
CVE-2006-1389 (Unspecified vulnerability in swagentd in HP-UX B.11.00, B.11.04, and B ...)
	NOT-FOR-US: HP-UX
CVE-2006-1388 (Unspecified vulnerability in Microsoft Internet Explorer 6.0 allows re ...)
	NOT-FOR-US: Internet Explorer
CVE-2006-1387 (TWiki 4.0, 4.0.1, and 20010901 through 20040904 allows remote authenti ...)
	- twiki 1:4.0.4-3 (bug #367973)
CVE-2006-1386 (The (1) rdiff and (2) preview scripts in TWiki 4.0 and 4.0.1 ignore ac ...)
	- twiki <not-affected> (only affects 4.0.0 - 4.1.0, version in Debian too young)
CVE-2006-1385 (Stack-based buffer overflow in the parseTaggedData function in WavePac ...)
	NOT-FOR-US: Cisco
CVE-2006-1384 (Cross-site scripting (XSS) vulnerability in apwc_win_main.jsp in the w ...)
	NOT-FOR-US: IBM Tivoli Business Systems Manager
CVE-2006-1383 (Directory traversal vulnerability in Baby FTP Server (BabyFTP) 1.24 al ...)
	NOT-FOR-US: Baby FTP Server
CVE-2006-1382 (PHP remote file inclusion vulnerability in impex/ImpExData.php in vBul ...)
	NOT-FOR-US: vBulletin
CVE-2006-1381 (Trend Micro OfficeScan 5.5, and probably other versions before 6.5, us ...)
	NOT-FOR-US: Trend Micro
CVE-2006-1380 (ISNTSmtp directory in Trend Micro InterScan Messaging Security Suite ( ...)
	NOT-FOR-US: Trend Micro
CVE-2006-1379 (Trend Micro PC-cillin Internet Security 2006 14.00.1485 and 14.10.0.10 ...)
	NOT-FOR-US: Trend Micro
CVE-2006-1378 (PasswordSafe 3.0 beta, when running on Windows before XP, uses a weak  ...)
	NOT-FOR-US: PasswordSafe
CVE-2006-1377 (Cross-site scripting (XSS) vulnerability in img.php in (1) EasyMoblog  ...)
	NOT-FOR-US: EasyMoblog
CVE-2006-1376 (The installation of Debian GNU/Linux 3.1r1 from the network install CD ...)
	[sarge] - shadow 1:4.0.3-31sarge8
	[sarge] - base-config <not-affected>
	NOTE: The installer is fixed separately, but the postinst of the shadow update
	NOTE: corrects permissions of a faulty install
	- shadow 1:4.0.14-9 (bug #358210; bug #356939)
	- base-config 2.68 (bug #254068; low)
CVE-2006-1375 (AdMan 1.0.20051221 and earlier allows remote attackers to obtain the f ...)
	NOT-FOR-US: AdMan
CVE-2006-1374 (SQL injection vulnerability in viewStatement.php in AdMan 1.0.20051221 ...)
	NOT-FOR-US: AdMan
CVE-2006-1373 (Cross-site scripting (XSS) vulnerability in status_image.php in PHP Li ...)
	NOT-FOR-US: PHP Live!
CVE-2006-1372 (Multiple SQL injection vulnerabilities in 1WebCalendar 4.0 and earlier ...)
	NOT-FOR-US: 1WebCalendar
CVE-2006-1371 (Laurentiu Matei eXpandable Home Page (XHP) CMS 0.5 and earlier allows  ...)
	NOT-FOR-US: Laurentiu Matei eXpandable Home Page
CVE-2006-1370 (Buffer overflow in RealNetworks RealPlayer 10.5 6.0.12.1040 through 6. ...)
	NOT-FOR-US: Real Player, according to Real Helix not affected
CVE-2006-1369 (Cross-site scripting (XSS) vulnerability in Invision Power Board (IPB) ...)
	NOT-FOR-US: Invision Power Board
CVE-2006-1368 (Buffer overflow in the USB Gadget RNDIS implementation in the Linux ke ...)
	{DSA-1103 DSA-1097-1}
	- linux-2.6 2.6.16-1
CVE-2006-1367 (The Motorola PEBL U6 08.83.76R, the Motorola V600, and possibly the Mo ...)
	NOT-FOR-US: Motorola hardware
CVE-2006-1366 (Buffer overflow in the Motorola PEBL U6 08.83.76R, and possibly other  ...)
	NOT-FOR-US: Motorola hardware
CVE-2006-1365 (The Motorola PEBL U6, the Motorola V600, and possibly the Motorola E39 ...)
	NOT-FOR-US: Motorola hardware
CVE-2006-1364 (Microsoft w3wp (aka w3wp.exe) does not properly handle when the AspCom ...)
	NOT-FOR-US: Microsoft
CVE-2006-1363 (images.php in Justin White (aka YTZ) Free Web Publishing System (FreeW ...)
	NOT-FOR-US: Justin White (aka YTZ) Free Web Publishing System
CVE-2006-1362 (Multiple SQL injection vulnerabilities in Mini-Nuke CMS System 1.8.2 a ...)
	NOT-FOR-US: Mini-Nuke
CVE-2006-1361 (Cross-site scripting (XSS) vulnerability in OSWiki before 0.3.1 allows ...)
	NOT-FOR-US: OSWiki
CVE-2006-1360 (Multiple SQL injection vulnerabilities in MusicBox 2.3 Beta 2 allow re ...)
	NOT-FOR-US: MusicBox
CVE-2006-1359 (Microsoft Internet Explorer 6 and 7 Beta 2 allows remote attackers to  ...)
	NOT-FOR-US: Microsoft
CVE-2006-1358 (Unspecified vulnerability in BEA WebLogic Portal 8.1 up to SP5 causes  ...)
	NOT-FOR-US: BEA WebLogic
CVE-2006-1357 (Cross-site scripting (XSS) vulnerability in my.support.php3 in F5 Fire ...)
	NOT-FOR-US: F5 Firepass 4100 SSL VPN
CVE-2006-1356 (Stack-based buffer overflow in the count_vcards function in LibVC 3, a ...)
	- libvc 003-4
CVE-2006-1355 (avast! Antivirus 4.6.763 and earlier sets "BUILTIN\Everyone" permissio ...)
	NOT-FOR-US: avast AV
CVE-2006-1354 (Unspecified vulnerability in FreeRADIUS 1.0.0 up to 1.1.0 allows remot ...)
	{DSA-1089-1}
	- freeradius 1.1.0-1.2 (bug #359042; high)
CVE-2006-1353 (Multiple SQL injection vulnerabilities in ASPPortal 3.1.1 and earlier  ...)
	NOT-FOR-US: ASPPortal
CVE-2006-1352 (BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, 7.0 SP6  ...)
	NOT-FOR-US: BEA WebLogic
CVE-2006-1351 (BEA WebLogic Server 6.1 SP7 and earlier allows remote attackers to rea ...)
	NOT-FOR-US: BEA WebLogic
CVE-2006-1350 (PHP remote file include vulnerability in index.php in 99Articles.com ( ...)
	NOT-FOR-US: 99Articles.com
CVE-2006-1349 (Multiple cross-site scripting (XSS) vulnerabilities in Musicbox 2.3 Be ...)
	NOT-FOR-US: MusicBox
CVE-2006-1348 (Cross-site scripting (XSS) vulnerability in index.php in Greg Neustaet ...)
	NOT-FOR-US: Greg Neustaetter gCards
CVE-2006-1347 (SQL injection vulnerability in loginfunction.php in Greg Neustaetter g ...)
	NOT-FOR-US: Greg Neustaetter gCards
CVE-2006-1346 (Directory traversal vulnerability in inc/setLang.php in Greg Neustaett ...)
	NOT-FOR-US: Greg Neustaetter gCards
CVE-2006-1345 (polls.php in MyBB (aka MyBulletinBoard) 1.10 allows remote attackers t ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2006-1344 (Cross-site scripting (XSS) vulnerability in VeriSign haydn.exe, as use ...)
	NOT-FOR-US: VeriSign haydn.exe
CVE-2006-1343 (net/ipv4/netfilter/ip_conntrack_core.c in Linux kernel 2.4 and 2.6, an ...)
	{DSA-1184-2 DSA-1097-1}
	- linux-2.6 2.6.16-15
CVE-2006-1342 (net/ipv4/af_inet.c in Linux kernel 2.4 does not clear sockaddr_in.sin_ ...)
	- linux-2.6 <not-affected> (Only affects 2.4 kernels)
CVE-2006-1341 (SQL injection vulnerability in events.php in Maian Events 1.0 allows r ...)
	NOT-FOR-US: Maian Events
CVE-2006-1340 (CuteNews 1.4.1 and possibly other versions allows remote attackers to  ...)
	NOT-FOR-US: CuteNews
CVE-2006-1339 (Directory traversal vulnerability in inc/functions.inc.php in CuteNews ...)
	NOT-FOR-US: CuteNews
CVE-2006-1338 (Webmail in MailEnable Professional Edition before 1.73 and Enterprise  ...)
	NOT-FOR-US: MailEnable
CVE-2006-1337 (Buffer overflow in the POP 3 (POP3) service in MailEnable Standard Edi ...)
	NOT-FOR-US: MailEnable
CVE-2006-1336 (Cross-site scripting vulnerability in calendar.php in ExtCalendar 1.0  ...)
	NOT-FOR-US: ExtCalendar
CVE-2006-1335 (gnome screensaver before 2.14, when running on an X server with AllowD ...)
	- gnome-screensaver 2.14.1-1 (bug #357885)
CVE-2006-1334 (Multiple SQL injection vulnerabilities in Maian Weblog 2.0 allow remot ...)
	NOT-FOR-US: Maian Weblog
CVE-2006-1333 (Multiple SQL injection vulnerabilities in BetaParticle Blog 6.0 and ea ...)
	NOT-FOR-US: BetaParticle Blog
CVE-2006-1332 (Noah's Classifieds 1.3 and earlier allows remote attackers to obtain s ...)
	NOT-FOR-US: Noah's Classifieds
CVE-2006-1331 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in No ...)
	NOT-FOR-US: Noah's Classifieds
CVE-2006-1330 (Multiple SQL injection vulnerabilities in phpWebsite 0.83 and earlier  ...)
	NOT-FOR-US: phpWebsite
CVE-2006-1329 (The SASL negotiation in Jabber Studio jabberd before 2.0s11 allows rem ...)
	- jabberd2 2.0s11-1 (bug #357874)
CVE-2006-1328 (SQL injection vulnerability in count.php in Skull-Splitter PHP Downloa ...)
	NOT-FOR-US: Skull-Splitter PHP
CVE-2006-1327 (SQL injection vulnerability in reg.php in SoftBB 0.1 allows remote att ...)
	NOT-FOR-US: SoftBB
CVE-2006-1326 (Multiple cross-site scripting (XSS) vulnerabilities in Invision Power  ...)
	NOT-FOR-US: Invision Power Board
CVE-2006-1325 (Cross-site scripting (XSS) vulnerability in Streber 0.055 allows remot ...)
	NOT-FOR-US: Streber
CVE-2006-1324 (Cross-site scripting (XSS) vulnerability in acp/lib/class_db_mysql.php ...)
	NOT-FOR-US: Woltlab Burning Board
CVE-2006-1323 (Directory traversal vulnerability in WinHKI 1.6 and earlier allows use ...)
	NOT-FOR-US: WinHKI
CVE-2006-1322 (Novell Netware NWFTPD 5.06.05 allows remote attackers to cause a denia ...)
	NOT-FOR-US: Netware
CVE-2006-1318 (Microsoft Office 2003 SP1 and SP2, Office XP SP3, Office 2000 SP3, Off ...)
	NOT-FOR-US: Microsoft Office
CVE-2006-1317
	REJECTED
CVE-2006-1316 (Unspecified vulnerability in Microsoft Office 2003 SP1 and SP2, Office ...)
	NOT-FOR-US: Microsoft
CVE-2006-1315 (The Server Service (SRV.SYS driver) in Microsoft Windows 2000 SP4, XP  ...)
	NOT-FOR-US: Microsoft
CVE-2006-1314 (Heap-based buffer overflow in the Server Service (SRV.SYS driver) in M ...)
	NOT-FOR-US: Microsoft
CVE-2006-1313 (Microsoft JScript 5.1, 5.5, and 5.6 on Windows 2000 SP4, and 5.6 on Wi ...)
	NOT-FOR-US: Microsoft JScript
CVE-2006-1312
	REJECTED
CVE-2006-1311 (The RichEdit component in Microsoft Windows 2000 SP4, XP SP2, and 2003 ...)
	NOT-FOR-US: Microsoft
CVE-2006-1310
	REJECTED
CVE-2006-1309 (Microsoft Excel 2000 through 2004 allows user-assisted attackers to ex ...)
	NOT-FOR-US: Microsoft
CVE-2006-1308 (Unspecified vulnerability in Microsoft Excel 2000 through 2004 allows  ...)
	NOT-FOR-US: Microsoft
CVE-2006-1307
	REJECTED
CVE-2006-1306 (Microsoft Excel 2000 through 2004 allows user-assisted attackers to ex ...)
	NOT-FOR-US: Microsoft
CVE-2006-1305 (Microsoft Outlook 2000, 2002, and 2003 allows user-assisted remote att ...)
	NOT-FOR-US: Microsoft
CVE-2006-1304 (Buffer overflow in Microsoft Excel 2000 through 2003 allows user-assis ...)
	NOT-FOR-US: Microsoft
CVE-2006-1303 (Multiple unspecified vulnerabilities in Microsoft Internet Explorer 5. ...)
	NOT-FOR-US: Microsoft
CVE-2006-1302 (Buffer overflow in Microsoft Excel 2000 through 2003 allows user-assis ...)
	NOT-FOR-US: Microsoft
CVE-2006-1301 (Microsoft Excel 2000 through 2004 allows user-assisted attackers to ex ...)
	NOT-FOR-US: Microsoft
CVE-2006-1300 (Microsoft .NET framework 2.0 (ASP.NET) in Microsoft Windows 2000 SP4,  ...)
	NOT-FOR-US: Microsoft
CVE-2006-1299
	REJECTED
CVE-2006-1298 (Format string vulnerability in the Job Engine service (bengine.exe) in ...)
	NOT-FOR-US: Veritas Backup
CVE-2006-1297 (Unspecified vulnerability in Veritas Backup Exec for Windows Server Re ...)
	NOT-FOR-US: Veritas Backup
CVE-2006-1296 (Untrusted search path vulnerability in Beagle 0.2.2.1 might allow loca ...)
	- beagle 0.2.3-1 (bug #357392; low)
CVE-2006-1295 (Cross-site scripting (XSS) vulnerability in recherche.php3 in SPIP 1.8 ...)
	- spip 2.0.6-1
CVE-2006-1294 (PHP remote file include vulnerability in PageController.php in Knowled ...)
	NOT-FOR-US: KnowledgebasePublisher
CVE-2006-1293 (Cross-site scripting (XSS) vulnerability in index.php in Contrexx CMS  ...)
	NOT-FOR-US: Contrexx
CVE-2006-1292 (Directory traversal vulnerability in Jim Hu and Chad Little PHP iCalen ...)
	NOT-FOR-US: Jim Hu and Chad Little PHP iCalendar
CVE-2006-1291 (publish.ical.php in Jim Hu and Chad Little PHP iCalendar 2.21 and earl ...)
	NOT-FOR-US: Jim Hu and Chad Little PHP iCalendar
CVE-2006-1290 (Multiple cross-site scripting (XSS) vulnerabilities in Milkeyway Capti ...)
	NOT-FOR-US: Milkeyway Captive Portal
CVE-2006-1289 (Multiple SQL injection vulnerabilities in Milkeyway Captive Portal 0.1 ...)
	NOT-FOR-US: Milkeyway Captive Portal
CVE-2006-1288 (Multiple SQL injection vulnerabilities in Invision Power Board (IPB) 2 ...)
	NOT-FOR-US: Invision Power Board
CVE-2006-1287 (Cross-site scripting (XSS) vulnerability in Invision Power Board (IPB) ...)
	NOT-FOR-US: Invision Power Board
CVE-2006-1286 (Buffer overflow in the login dialog in dbisqlc.exe in SQLAnywhere for  ...)
	NOT-FOR-US: Symantec Ghost
CVE-2006-1285 (SQLAnywhere in Symantec Ghost 8.0 and 8.2, as used in Symantec Ghost S ...)
	NOT-FOR-US: Symantec Ghost
CVE-2006-1284 (The installation of SQLAnywhere in Symantec Ghost 8.0 and 8.2, as used ...)
	NOT-FOR-US: Symantec Ghost
CVE-2006-1283 (opiepasswd in One-Time Passwords in Everything (OPIE) in FreeBSD 4.10- ...)
	- libpam-opie <not-affected> (FreeBSD specific vulnerability)
CVE-2006-1282 (CRLF injection vulnerability in inc/function.php in MyBulletinBoard (M ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2006-1281 (Cross-site scripting (XSS) vulnerability in member.php in MyBulletinBo ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2006-1280 (CGI::Session 4.03-1 does not set proper permissions on temporary files ...)
	- libcgi-session-perl 4.07-1 (low; bug #356555)
	[sarge] - libcgi-session-perl <no-dsa> (Minor issues)
CVE-2006-1279 (CGI::Session 4.03-1 allows local users to overwrite arbitrary files vi ...)
	- libcgi-session-perl 4.11-1 (low; bug #356555)
	[sarge] - libcgi-session-perl <no-dsa> (Minor issues)
CVE-2006-1278 (SQL injection vulnerability in @1 File Store 2006.03.07 allows remote  ...)
	NOT-FOR-US: @1 File Store
CVE-2006-1277 (Cross-site scripting (XSS) vulnerability in signup.php in @1 File Stor ...)
	NOT-FOR-US: @1 File Store
CVE-2006-1276 (admin.php in Himpfen Consulting Company PHP SimpleNEWS 1.0.0 allows re ...)
	NOT-FOR-US: PHP SimpleNEWS
CVE-2006-1275 (GGZ Gaming Zone 0.0.12 allows remote attackers to cause a denial of se ...)
	NOT-FOR-US: GGZ Gaming Zone
CVE-2006-1274 (Classic Planer in AntiVir PersonalEdition Classic 7 does not drop priv ...)
	NOT-FOR-US: Antivir
CVE-2006-1273
	NOT-FOR-US: Reportedly problem with a firefox addon
CVE-2006-1272 (Multiple cross-site scripting (XSS) vulnerabilities in member.php in M ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2006-1271 (SQL injection vulnerability in index.php in OxyNews allows remote atta ...)
	NOT-FOR-US: OxyNews
CVE-2006-1270 (Multiple cross-site scripting (XSS) vulnerabilities in zones.php in In ...)
	NOT-FOR-US: Inprotect
CVE-2006-1269 (Buffer overflow in the parse function in parse.c in zoo 2.10 might all ...)
	- zoo 2.10-18 (bug #367858; low)
	[sarge] - zoo <no-dsa> (Attack vector very far-fetched, hardly exploitable)
CVE-2006-1268 (The Internet Key Exchange implementation in Funkwerk X2300 7.2.1 allow ...)
	NOT-FOR-US: Funkwerk X2300
CVE-2006-1267 (Invision Power Board 2.1.4 allows remote attackers to hijack sessions  ...)
	NOT-FOR-US: Invision Power Board
CVE-2006-1266 (Cross-site scripting (XSS) vulnerability in Service_Requests.asp in VP ...)
	NOT-FOR-US: VPMi Enterprise
CVE-2006-1265 (SQL injection vulnerability in discussion.class.php in xhawk.net discu ...)
	NOT-FOR-US: xhawk.net discussion
CVE-2006-1264 (Cross-site scripting (XSS) vulnerability in xhawk.net discussion 2.0 b ...)
	NOT-FOR-US: xhawk.net discussion
CVE-2006-1263 (Multiple "unannounced" cross-site scripting (XSS) vulnerabilities in W ...)
	- wordpress 2.0.2-1
CVE-2006-1262 (Multiple SQL injection vulnerabilities in ASPPortal 3.00 have unknown  ...)
	NOT-FOR-US: ASPPortal
CVE-2006-1261 (Multiple cross-site scripting (XSS) vulnerabilities in ASPPortal 3.00  ...)
	NOT-FOR-US: ASPPortal
CVE-2006-1260 (Horde Application Framework 3.0.9 allows remote attackers to read arbi ...)
	{DSA-1034-1 DSA-1033-1}
	- horde3 3.1-1 (bug #358812)
CVE-2006-1259 (Multiple SQL injection vulnerabilities in Maian Support 1.0 allow remo ...)
	NOT-FOR-US: Maian Support
CVE-2006-1258 (Cross-site scripting (XSS) vulnerability in phpMyAdmin 2.8.0.1 allows  ...)
	- phpmyadmin 4:2.8.0.2-2 (bug #382228)
	[sarge] - phpmyadmin <not-affected> (Vulnerable code not present)
CVE-2006-1257 (The sample files in the authfiles directory in Microsoft Commerce Serv ...)
	NOT-FOR-US: Microsoft
CVE-2006-1256 (Cross-site scripting (XSS) vulnerability in guestbook.php in Soren Boy ...)
	NOT-FOR-US: Soren Boysen (SkullSplitter) PHP Guestbook
CVE-2006-1255 (Stack-based buffer overflow in the IMAP service in Mercur Messaging 5. ...)
	NOT-FOR-US: Mercur Messaging
CVE-2006-1254 (Unspecified vulnerability in BorderWare MXtreme 5.0 and 6.0 allows rem ...)
	NOT-FOR-US: BorderWare MXtreme
CVE-2006-1253 (Unspecified vulnerability in glFTPd before 2.01 RC5 allows remote atta ...)
	NOT-FOR-US: glFTPd
CVE-2006-1252 (Eval injection vulnerability in cal.php in Light Weight Calendar (LWC) ...)
	NOT-FOR-US: Light Weight Calendar
CVE-2006-1251 (Argument injection vulnerability in greylistclean.cron in sa-exim 4.2  ...)
	- sa-exim 4.2.1-1 (bug #345071; bug #356301)
CVE-2006-1250 (Unspecified vulnerability in the Webmail module in Winmail before 4.3  ...)
	NOT-FOR-US: Winmail
CVE-2006-1249 (Integer overflow in Apple QuickTime Player 7.0.3 and 7.0.4 and iTunes  ...)
	NOT-FOR-US: Apple Quicktime
CVE-2006-1248 (Unspecified vulnerability in usermod in HP-UX B.11.00, B.11.11, and B. ...)
	NOT-FOR-US: HP-UX
CVE-2006-1247 (rm_mlcache_file in bos.rte.install in AIX 5.1.0 through 5.3.0 allows l ...)
	NOT-FOR-US: AIX
CVE-2006-1246 (Unspecified vulnerability in mklvcopy in BOS.RTE.LVM in IBM AIX 5.3 al ...)
	NOT-FOR-US: AIX
CVE-2006-1245 (Buffer overflow in mshtml.dll in Microsoft Internet Explorer 6.0.2900. ...)
	NOT-FOR-US: Microsoft
CVE-2006-1244 (Unspecified vulnerability in certain versions of xpdf after 3.00, as u ...)
	{DSA-1019-1 DSA-982-1}
	- xpdf <not-affected> (All issues previously fixed)
	NOTE: Discussion has shown that the revamp patch doesn't fix new vulnerabilities
	- gpdf 2.10.0-3
	- koffice 2.3.3-1
	NOTE: xpdf (and therewith the questionable code) is not part of koffice for some time now
CVE-2006-1243 (Directory traversal vulnerability in install05.php in Simple PHP Blog  ...)
	NOT-FOR-US: Simple PHP Blog
CVE-2006-1242 (The ip_push_pending_frames function in Linux 2.4.x and 2.6.x before 2. ...)
	{DSA-1103 DSA-1097-1}
	- linux-2.6 2.6.16-4
CVE-2006-1241 (Firebird 1.5.2.4731 installs (1) fb_lock_mgr, (2) gds_drop, and (3) fb ...)
	- firebird2 <not-affected> (Not setuid in Debian)
CVE-2006-1240 (Buffer overflow in inet_server.cpp in (1) fb_inet_server and (2) fbser ...)
	- firebird2 <not-affected> (Not setuid in Debian)
CVE-2006-1239 (Cross-site scripting (XSS) vulnerability in issue/createissue.aspx in  ...)
	NOT-FOR-US: Gemini
CVE-2006-1238 (SQL injection vulnerability in DSLogin 1.0, with magic_quotes_gpc disa ...)
	NOT-FOR-US: DSLogin
CVE-2006-1237 (Multiple SQL injection vulnerabilities in DSNewsletter 1.0, with magic ...)
	NOT-FOR-US: DSNewsletter
CVE-2006-1236 (Buffer overflow in the SetUp function in socket/request.c in CrossFire ...)
	{DSA-1009-1}
	- crossfire 1.9.0-2 (medium)
CVE-2006-1235 (Directory traversal vulnerability in admin/deleteuser.php in HitHost 1 ...)
	NOT-FOR-US: HitHost
CVE-2006-1234 (SQL injection vulnerability in index.php in DSCounter 1.2, with magic_ ...)
	NOT-FOR-US: DSCounter
CVE-2006-1233 (Multiple cross-site scripting (XSS) vulnerabilities in WMNews allow re ...)
	NOT-FOR-US: WMNews
CVE-2006-1232 (Multiple SQL injection vulnerabilities in DSDownload 1.0, with magic_q ...)
	NOT-FOR-US: DSDownload
CVE-2006-1231 (CAPI4HylaFAX 1.3, when compiled with GENERATE_DEBUGSFFDATAFILE set, al ...)
	- capi4hylafax <not-affected> (Affected DEFINE not defined)
CVE-2006-1230 (Multiple cross-site scripting (XSS) vulnerabilities in create.php in v ...)
	NOT-FOR-US: vCard
CVE-2006-1229 (SQL injection vulnerability in search.asp in Hosting Controller 6.1 (H ...)
	NOT-FOR-US: Hosting Controller
CVE-2006-1228 (Session fixation vulnerability in Drupal 4.5.x before 4.5.8 and 4.6.x  ...)
	{DSA-1007-1}
	- drupal 4.5.8-1
CVE-2006-1227 (Drupal 4.5.x before 4.5.8 and 4.6.x before 4.5.8, when menu.module is  ...)
	{DSA-1007-1}
	- drupal 4.5.8-1
CVE-2006-1226 (Cross-site scripting (XSS) vulnerability in Drupal 4.5.x before 4.5.8  ...)
	{DSA-1007-1}
	- drupal 4.5.8-1
CVE-2006-1225 (CRLF injection vulnerability in Drupal 4.5.x before 4.5.8 and 4.6.x be ...)
	{DSA-1007-1}
	- drupal 4.5.8-1
CVE-2006-1224 (Directory traversal vulnerability in dwnld.php in GuppY 4.5.11 allows  ...)
	NOT-FOR-US: GuppY
CVE-2006-1223 (Cross-site scripting (XSS) vulnerability in Jupiter Content Manager 1. ...)
	NOT-FOR-US: Jupiter Content Manager
CVE-2006-1222 (Multiple cross-site scripting (XSS) vulnerabilities in zeroboard 4.1 p ...)
	NOT-FOR-US: zeroboard
CVE-2006-1221 (Untrusted search path vulnerability in the TrueVector service (VSMON.e ...)
	NOT-FOR-US: TrueVector
CVE-2006-XXXX [Insufficient filename sanitising in darcsweb]
	- darcsweb 0.15-1
CVE-2006-1220 (Integer overflow in the mach_msg_send function in the kernel for Mac O ...)
	NOT-FOR-US: MacOS X
CVE-2006-1219 (Directory traversal vulnerability in Gallery 2.0.3 and earlier, and 2. ...)
	- gallery2 2.0.4-1
CVE-2006-1218 (Unspecified vulnerability in the HTTP proxy in Novell BorderManager 3. ...)
	NOT-FOR-US: Novell BorderManager
CVE-2006-1217 (SQL injection vulnerability in DSPoll 1.1 allows remote attackers to e ...)
	NOT-FOR-US: DSPoll
CVE-2006-1216 (Cross-site scripting (XSS) vulnerability in bigshow.php in Runcms 1.x  ...)
	NOT-FOR-US: Runcms
CVE-2006-1215 (Cross-site scripting (XSS) vulnerability in misc.php in Woltlab Burnin ...)
	NOT-FOR-US: Woltlab BB
CVE-2006-1214 (UnrealIRCd 3.2.3 allows remote attackers to cause an unspecified denia ...)
	NOT-FOR-US: UnrealIRCd
CVE-2006-1213 (JiRo's Banner System Experience and Professional 1.0 and earlier allow ...)
	NOT-FOR-US: JiRo's Banner System Experience and Professional
CVE-2006-1212 (Unspecified vulnerability in index.php in Core CoreNews 2.0.1 allows r ...)
	NOT-FOR-US: CoreNews
CVE-2006-1211 (IBM Tivoli Micromuse Netcool/NeuSecure 3.0.236 configures a MySQL data ...)
	NOT-FOR-US: Tivoli
CVE-2006-1210 (The web interface for IBM Tivoli Micromuse Netcool/NeuSecure 3.0.236 i ...)
	NOT-FOR-US: Tivoli
CVE-2006-1209 (PHP Advanced Transfer Manager 1.00 through 1.30 stores sensitive infor ...)
	NOT-FOR-US: PHP Advanced Transfer Manager
CVE-2006-1208 (Sergey Korostel PHP Upload Center allows remote attackers to execute a ...)
	NOT-FOR-US: Sergey Korostel PHP Upload Center
CVE-2006-1207 (PHP Upload Center stores password hashes under the web root with insuf ...)
	NOT-FOR-US: PHP Upload Center
CVE-2006-1206 (Matt Johnston Dropbear SSH server 0.47 and earlier, as used in embedde ...)
	- dropbear 0.48-1
CVE-2006-1205 (Multiple cross-site scripting (XSS) vulnerabilities in myWebland myBlo ...)
	NOT-FOR-US: myBloggie
CVE-2006-1204 (Multiple cross-site scripting (XSS) vulnerabilities in txtForum 1.0.4- ...)
	NOT-FOR-US: txtForum
CVE-2006-1203 (PHP remote file include vulnerability in common.php in txtForum 1.0.4- ...)
	NOT-FOR-US: txtForum
CVE-2006-1202 (Multiple cross-site scripting (XSS) vulnerabilities in textfileBB 1.0  ...)
	NOT-FOR-US: textfileBB
CVE-2006-1201 (Directory traversal vulnerability in resetpw.php in eschew.net phpBann ...)
	NOT-FOR-US: phpBannerExchange
CVE-2006-1200 (Direct static code injection vulnerability in add_link.txt in daverave ...)
	NOT-FOR-US: daverave Link Bank
CVE-2006-1199 (Cross-site scripting (XSS) vulnerability in iframe.php in daverave Lin ...)
	NOT-FOR-US: daverave Link Bank
CVE-2006-1198 (Comvigo IM Lock 2006 uses a simple substitution cipher to encrypt a pa ...)
	NOT-FOR-US: Comvigo IM Lock
CVE-2006-1197 (SafeDisc installs the driver service for the secdrv.sys driver with in ...)
	NOT-FOR-US: SafeDisc
CVE-2006-1196 (Multiple cross-site scripting (XSS) vulnerabilities in QwikiWiki 1.5 a ...)
	NOT-FOR-US: QwikiWiki
CVE-2006-1195 (The enet_protocol_handle_send_fragment function in protocol.c for ENet ...)
	NOT-FOR-US: Enet lib (Cube, Sauerbraten)
CVE-2006-1194 (Integer signedness error in the enet_protocol_handle_incoming_commands ...)
	NOT-FOR-US: Enet lib (Cube, Sauerbraten)
CVE-2006-1193 (Cross-site scripting (XSS) vulnerability in Microsoft Exchange Server  ...)
	NOT-FOR-US: Microsoft Exchange Server
CVE-2006-1192 (Microsoft Internet Explorer 5.01 through 6 allows remote attackers to  ...)
	NOT-FOR-US: Microsoft
CVE-2006-1191 (Microsoft Internet Explorer 5.01 through 6 does not always correctly i ...)
	NOT-FOR-US: Microsoft
CVE-2006-1190 (Microsoft Internet Explorer 5.01 through 6 does not always return the  ...)
	NOT-FOR-US: Microsoft
CVE-2006-1189 (Buffer overflow in URLMON.DLL in Microsoft Internet Explorer 5.01 thro ...)
	NOT-FOR-US: Microsoft
CVE-2006-1188 (Microsoft Internet Explorer 5.01 through 6 allows remote attackers to  ...)
	NOT-FOR-US: Microsoft
CVE-2006-1187
	REJECTED
CVE-2006-1186 (Microsoft Internet Explorer 5.01 through 6 allows remote attackers to  ...)
	NOT-FOR-US: Microsoft
CVE-2006-1185 (Unspecified vulnerability in Microsoft Internet Explorer 5.01 through  ...)
	NOT-FOR-US: Microsoft
CVE-2006-1184 (Microsoft Distributed Transaction Coordinator (MSDTC) for Windows NT 4 ...)
	NOT-FOR-US: Microsoft
CVE-2006-1183 (The Ubuntu 5.10 installer does not properly clear passwords from the i ...)
	- base-config <not-affected> (UBuntu specific)
	- shadow <not-affected> (UBuntu specific)
CVE-2006-1182 (Adobe Graphics Server 2.0 and 2.1 (formerly AlterCast) and Adobe Docum ...)
	NOT-FOR-US: Adobe Graphics Server
CVE-2006-1181
	RESERVED
CVE-2006-1180
	RESERVED
CVE-2006-1179
	RESERVED
CVE-2006-1178 (Tamarack MMSd before 7.992 allows remote attackers to cause a denial o ...)
	NOT-FOR-US: Tamarack MMSd
CVE-2006-1177
	RESERVED
CVE-2006-1176 (Buffer overflow in eBay Enhanced Picture Services (aka EPUImageControl ...)
	NOT-FOR-US: eBay Enhanced Picture Services
CVE-2006-1175 (The WeOnlyDo! SFTP (wodSFTP) ActiveX control is marked as safe for scr ...)
	NOT-FOR-US: WeOnlyDo! SFTP
CVE-2006-1174 (useradd in shadow-utils before 4.0.3, and possibly other versions befo ...)
	- shadow 1:4.0.15-10 (low)
	[sarge] - shadow <not-affected> (Vulnerable code was introduced later)
CVE-2006-1173 (Sendmail before 8.13.7 allows remote attackers to cause a denial of se ...)
	{DSA-1155}
	- sendmail 8.13.7-1 (low; bug #373801)
CVE-2006-1172 (Stack-based buffer overflow in the createPKCS10 function in Cryptomath ...)
	NOT-FOR-US: ActiveX control
CVE-2006-1171
	REJECTED
CVE-2006-1170
	REJECTED
CVE-2006-1169
	REJECTED
CVE-2006-1168 (The decompress function in compress42.c in (1) ncompress 4.2.4 and (2) ...)
	{DSA-1149-1}
	- ncompress 4.2.4-16
CVE-2006-1167 (SGI ProPack 3 SP6 kernel displays the frame buffer contents of the las ...)
	NOT-FOR-US: SGI
CVE-2006-1165 (Cross-site scripting (XSS) vulnerability in the mediamanager module in ...)
	- dokuwiki 0.0.20060309-3 (bug #357436)
CVE-2006-1164 (Nodez 4.6.1.1 and earlier stores sensitive data in the list.gtdat file ...)
	NOT-FOR-US: Nodez
CVE-2006-1163 (Cross-site scripting (XSS) vulnerability in Nodez 4.6.1.1 allows remot ...)
	NOT-FOR-US: Nodez
CVE-2006-1162 (Directory traversal vulnerability in Nodez 4.6.1.1 and earlier allows  ...)
	NOT-FOR-US: Nodez
CVE-2006-1161 (Absolute path traversal vulnerability in Easy File Sharing (EFS) Web S ...)
	NOT-FOR-US: Easy File Sharing (EFS) Web Server
CVE-2006-1160 (Cross-site scripting (XSS) vulnerability in Easy File Sharing (EFS) We ...)
	NOT-FOR-US: Easy File Sharing (EFS) Web Server
CVE-2006-1159 (Format string vulnerability in Easy File Sharing (EFS) Web Server 3.2  ...)
	NOT-FOR-US: Easy File Sharing (EFS) Web Server
CVE-2006-1158 (Kerio MailServer before 6.1.3 Patch 1 allows remote attackers to cause ...)
	NOT-FOR-US: Kerio MailServer
CVE-2006-1157 (Cross-site scripting (XSS) vulnerability in Vz Scripts ADP Forum 2.0.3 ...)
	NOT-FOR-US: Vz Scripts ADP Forum
CVE-2006-1156 (SQL injection vulnerability in manas tungare Site Membership Script be ...)
	NOT-FOR-US: manas tungare Site Membership Script
CVE-2006-1155 (Cross-site scripting (XSS) vulnerability in manas tungare Site Members ...)
	NOT-FOR-US: manas tungare Site Membership Script
CVE-2006-1154 (PHP remote file inclusion vulnerability in archive.php in Fantastic Ne ...)
	NOT-FOR-US: Fantastic News
CVE-2006-1153 (SQL injection vulnerability in D2-Shoutbox 4.2 allows remote attackers ...)
	NOT-FOR-US: D2-Shoutbox
CVE-2006-1152 (PHP remote file inclusion vulnerability in index.php in M-Phorum 0.2 a ...)
	NOT-FOR-US: M-Phorum
CVE-2006-1151 (Cross-site scripting vulnerability in index.php in M-Phorum 0.2 allows ...)
	NOT-FOR-US: M-Phorum
CVE-2006-1150 (Buffer overflow in Tenes Empanadas Graciela (TEG) 0.11.1, automaticall ...)
	- teg 0.11.1-3 (bug #357645; low)
	[sarge] - teg <no-dsa> (Only DoS against exotic, mostly single player game)
CVE-2006-1149 (PHP remote file inclusion vulnerability in lib/OWL_API.php in OWL Intr ...)
	NOT-FOR-US: OWL Intranet Engine
CVE-2006-1148 (Multiple stack-based buffer overflows in the procConnectArgs function  ...)
	- peercast 0.1217.toots.20060314-1
CVE-2006-1147 (The Com_sprintf function in q_shared.c in Alien Arena 2006 Gold Editio ...)
	NOT-FOR-US: Alien Arena Gold
CVE-2006-1146 (Stack-based buffer overflow in the Cmd_Say_f function in g_cmds.c in A ...)
	NOT-FOR-US: Alien Arena Gold
CVE-2006-1145 (Format string vulnerability in the safe_cprintf function in acebot_cmd ...)
	NOT-FOR-US: Alien Arena Gold
CVE-2006-1144 (Cross-site scripting (XSS) vulnerability in HitHost 1.0.0 allows remot ...)
	NOT-FOR-US: Hit Host
CVE-2006-1143 (Cross-site scripting (XSS) vulnerability in FTPoed Blog Engine 1.1 all ...)
	NOT-FOR-US: FTPoed Blog Engine
CVE-2006-1142 (Unspecified vulnerability in Ravenous Web Server before 0.7.1 allows r ...)
	NOT-FOR-US: Ravenous Web Server
CVE-2006-1141 (Buffer overflow in qmailadmin.c in QmailAdmin before 1.2.10 allows rem ...)
	- qmailadmin <removed> (bug #357896; medium)
CVE-2006-1140 (SQL injection vulnerability in rss.php in RedBLoG 0.5 allows remote at ...)
	NOT-FOR-US: RedBLoG
CVE-2006-1139 (Unspecified vulnerability in the ESS/ Network Controller in Xerox Copy ...)
	NOT-FOR-US: Xerox CopyCentre
CVE-2006-1138 (Unspecified vulnerability in the web server code in Xerox CopyCentre a ...)
	NOT-FOR-US: Xerox CopyCentre
CVE-2006-1137 (Multiple unspecified vulnerabilities in Xerox CopyCentre and Xerox Wor ...)
	NOT-FOR-US: Xerox CopyCentre
CVE-2006-1136 (Buffer overflow in the PostScript file interpreter code for Xerox Copy ...)
	NOT-FOR-US: Xerox CopyCentre
CVE-2006-1135 (Multiple cross-site scripting (XSS) vulnerabilities in sBlog 0.7.2 all ...)
	NOT-FOR-US: sBlog
CVE-2006-1134 (SQL injection vulnerability in CyBoards PHP Lite 1.25, when magic_quot ...)
	NOT-FOR-US: CyBoards
CVE-2006-1133 (Multiple cross-site scripting (XSS) vulnerabilities in vbzoom 1.11 all ...)
	NOT-FOR-US: vbzoom
CVE-2006-1132 (SQL injection vulnerability in show.php in vbzoom 1.11 allow remote at ...)
	NOT-FOR-US: vbzoom
CVE-2006-1131 (Cross-site scripting (XSS) vulnerability in read.php in bitweaver CMS  ...)
	NOT-FOR-US: bitweaver
CVE-2006-1130 (Cross-site scripting (XSS) vulnerability in EKINboard 1.0.3 allows rem ...)
	NOT-FOR-US: EKINboard
CVE-2006-1129 (SQL injection vulnerability in config.php in EKINboard 1.0.3 allows re ...)
	NOT-FOR-US: EKINboard
CVE-2006-1166 (Monotone 0.25 and earlier, when a user creates a file in a directory c ...)
	- monotone 0.26pre1-0.1 (low)
	[sarge] - monotone <no-dsa> (Only exploitable in very far-fetched situation)
	NOTE: Needs a case-insensitive file system (e.g. VFAT or Samba) on the client
	NOTE: and massive social engineering
CVE-2006-1128 (Directory traversal vulnerability in the session handling class (Galle ...)
	- gallery2 2.0.3
CVE-2006-1127 (Cross-site scripting (XSS) vulnerability in Gallery 2 up to 2.0.2 allo ...)
	- gallery2 2.0.3
CVE-2006-1126 (Gallery 2 up to 2.0.2 allows remote attackers to spoof their IP addres ...)
	- gallery2 2.0.3
CVE-2006-1125 (Grisoft AVG Free 7.1, and other versions including 7.0.308, sets Every ...)
	NOT-FOR-US: Grisoft AVG
CVE-2006-1124 (Buffer overflow in RevilloC MailServer and Proxy 1.21 allows remote at ...)
	NOT-FOR-US: RevilloC MailServer and Proxy
CVE-2006-1123 (SQL injection vulnerability in D2KBlog 1.0.3 and earlier allows remote ...)
	NOT-FOR-US: D2KBlog
CVE-2006-1122 (Cross-site scripting (XSS) vulnerability in Default.asp in D2KBlog 1.0 ...)
	NOT-FOR-US: D2KBlog
CVE-2006-1121 (Cross-site scripting (XSS) vulnerability in CuteNews 1.4.1 allows remo ...)
	NOT-FOR-US: CuteNews
CVE-2006-1120 (Multiple cross-site scripting (XSS) vulnerabilities in DCP-Portal 6.1. ...)
	NOT-FOR-US: DCP-Portal
CVE-2006-1119 (fantastico in Cpanel does not properly handle when it has insufficient ...)
	NOT-FOR-US: Cpanel (PHP)
CVE-2006-1118 (SQL injection vulnerability in bmail before Aardvark PR9.1 allows remo ...)
	NOT-FOR-US: Aardvark
CVE-2006-1117 (nCipher firmware before V10, as used by (1) nShield, (2) nForce, (3) n ...)
	NOT-FOR-US: nCipher
CVE-2006-1116 (The CBC-MAC integrity functions in the nCipher nCore API before 2.18 t ...)
	NOT-FOR-US: nCipher
CVE-2006-1115 (nCipher HSM before 2.22.6, when generating a Diffie-Hellman public/pri ...)
	NOT-FOR-US: nCipher
CVE-2006-1114 (Multiple directory traversal vulnerabilities in Loudblog before 0.42 a ...)
	NOT-FOR-US: Loudblog
CVE-2006-1113 (SQL injection vulnerability in podcast.php in Loudblog before 0.42 all ...)
	NOT-FOR-US: Loudblog
CVE-2006-1112 (Aztek Forum 4.0 allows remote attackers to obtain sensitive informatio ...)
	NOT-FOR-US: Aztek Forum
CVE-2006-1111 (Aztek Forum 4.0 allows remote attackers to obtain sensitive informatio ...)
	NOT-FOR-US: Aztek Forum
CVE-2006-1110 (Cross-site scripting (XSS) vulnerability in Aztek Forum 4.0 allows rem ...)
	NOT-FOR-US: Aztek Forum
CVE-2006-1109 (SQL injection vulnerability in index.asp in Total Ecommerce 1.0 allows ...)
	NOT-FOR-US: Total Ecommerce
CVE-2006-1108 (SQL injection vulnerability in news.php in NMDeluxe before 1.0.1 allow ...)
	NOT-FOR-US: NMDeluxe
CVE-2006-1107 (Cross-site scripting (XSS) vulnerability in news.php in NMDeluxe befor ...)
	NOT-FOR-US: NMDeluxe
CVE-2006-1106 (Cross-site scripting (XSS) vulnerability in Pixelpost 1.5 beta 1 and e ...)
	NOT-FOR-US: Pixelpost
CVE-2006-1105 (Pixelpost 1.5 beta 1 and earlier allows remote attackers to obtain con ...)
	NOT-FOR-US: Pixelpost
CVE-2006-1104 (Multiple SQL injection vulnerabilities in Pixelpost 1.5 beta 1 and ear ...)
	NOT-FOR-US: Pixelpost
CVE-2006-1103 (engine/server.cpp in Sauerbraten 2006_02_28, as derived from the Cube  ...)
	NOT-FOR-US: Sauerbraten / cube engine
CVE-2006-1102 (Sauerbraten 2006_02_28, as derived from the Cube engine, allows remote ...)
	NOT-FOR-US: Sauerbraten / cube engine
CVE-2006-1101 (The (1) sgetstr and (2) getint functions in Sauerbraten 2006_02_28, as ...)
	NOT-FOR-US: Sauerbraten / cube engine
CVE-2006-1100 (Buffer overflow in the sgetstr function in shared/cube.h in Sauerbrate ...)
	NOT-FOR-US: Sauerbraten / cube engine
CVE-2006-1099 (PHP remote file include vulnerability in logIT 1.3 and 1.4 allows remo ...)
	NOT-FOR-US: logIT
CVE-2006-1098 (** DISPUTED ** Multiple SQL injection vulnerabilities in NZ Ecommerce  ...)
	NOT-FOR-US: NZ Ecommerce
CVE-2006-1097 (Multiple cross-site scripting (XSS) vulnerabilities in Datenbank MOD 2 ...)
	NOT-FOR-US: Woltlab Burning Board
CVE-2006-1096
	NOT-FOR-US: NZ Ecommerce
CVE-2006-1095 (Directory traversal vulnerability in the FileSession object in Mod_pyt ...)
	NOTE: only version 3.2.7 is vulnerable, 3.2.8 is out
	NOTE: currently 3.1.3 is in Debian; very unlikely that 3.2.7 will be packaged
CVE-2006-1094 (SQL injection vulnerability in Datenbank MOD 2.7 and earlier for Woltl ...)
	NOT-FOR-US: Woltlab Burning Board
CVE-2006-1093 (Unspecified vulnerability in IBM WebSphere 5.0.2.10 through 5.0.2.15 a ...)
	NOT-FOR-US: IBM WebSphere
CVE-2006-1092 (Unspecified vulnerability in the pagedata subsystem of the process fil ...)
	NOT-FOR-US: Solaris
CVE-2006-1091 (Kaspersky Antivirus 5.0.5 and 5.5.3 allows remote attackers to cause a ...)
	NOT-FOR-US: Kaspersky Antivirus
CVE-2006-1090 (register.php in PunBB 1.2.10 allows remote attackers to cause an unspe ...)
	NOT-FOR-US: PunBB
CVE-2006-1089 (Cross-site scripting (XSS) vulnerability in header.php in PunBB 1.2.10 ...)
	NOT-FOR-US: PunBB
CVE-2006-1088 (PHP-Stats 0.1.9.1 and earlier allows remote attackers to obtain potent ...)
	NOT-FOR-US: PHP-Stats
CVE-2006-1087 (Direct static code injection vulnerability in the modify_config action ...)
	NOT-FOR-US: PHP-Stats
CVE-2006-1086
	REJECTED
CVE-2006-1085 (admin.php in PHP-Stats 0.1.9.1 and earlier allows remote attackers to  ...)
	NOT-FOR-US: PHP-Stats
CVE-2006-1084 (Multiple SQL injection vulnerabilities in PHP-Stats 0.1.9.1 and earlie ...)
	NOT-FOR-US: PHP-Stats
CVE-2006-1083 (Multiple directory traversal vulnerabilities in PHP-Stats 0.1.9.1 and  ...)
	NOT-FOR-US: PHP-Stats
CVE-2006-1082 (Multiple cross-site scripting (XSS) vulnerabilities in phpArcadeScript ...)
	NOT-FOR-US: phpArcadeScript
CVE-2006-1081 (SQL injection vulnerability in forgotten_password.php in Jonathan Beck ...)
	NOT-FOR-US: PluggedOut Nexus
CVE-2006-1080 (Cross-site scripting (XSS) vulnerability in login.php in Game-Panel 2. ...)
	NOT-FOR-US: Game-Panel
CVE-2006-1079 (htpasswd, as used in Acme thttpd 2.25b and possibly other products suc ...)
	- thttpd 2.23beta1-2.4 (bug #253816; low)
	NOTE: apache's htpasswd not vulnerable, but source contains note about
	NOTE: not being safe for sudo
	NOTE: filed whishlist bug to add this to manpage
CVE-2006-1078 (Multiple buffer overflows in htpasswd, as used in Acme thttpd 2.25b, a ...)
	- thttpd 2.23beta1-2.4 (bug #253816; low)
	NOTE: apache's htpasswd not vulnerable
CVE-2006-1077 (Multiple cross-site scripting (XSS) vulnerabilities in the commentary  ...)
	NOT-FOR-US: Evo-Dev evoBlog
CVE-2006-1076 (SQL injection vulnerability in index.php, possibly during a showtopic  ...)
	NOT-FOR-US: checkInvision Power Board
CVE-2006-1075 (Format string vulnerability in the visualization function in Jason Boe ...)
	NOT-FOR-US: Liero Xtreme
CVE-2006-1074 (Jason Boettcher Liero Xtreme 0.62b and earlier allow remote attackers  ...)
	NOT-FOR-US: Liero Xtreme
CVE-2006-1073 (Directory traversal vulnerability in index.php in Daverave Simplog 1.0 ...)
	NOT-FOR-US: Daverave Simplog
CVE-2006-1072 (Cross-site scripting (XSS) vulnerability in Daverave Simplog 1.0.2 and ...)
	NOT-FOR-US: Daverave Simplog
CVE-2006-1071 (Cross-site scripting (XSS) vulnerability in index.php in DVguestbook 1 ...)
	NOT-FOR-US: DVguestbook
CVE-2006-1070 (Cross-site scripting (XSS) vulnerability in dv_gbook.php in DVguestboo ...)
	NOT-FOR-US: DVguestbook
CVE-2006-1069 (Unspecified vulnerability in the session handling for Geeklog 1.4.x be ...)
	NOT-FOR-US: Geeklog
CVE-2006-1068 (Netgear 614 and 624 routers, possibly running VXWorks, allow remote at ...)
	NOT-FOR-US: VXWorks
CVE-2006-1067 (Linksys WRT54G routers version 5 (running VXWorks) allow remote attack ...)
	NOT-FOR-US: VXWorks
CVE-2006-1066 (Linux kernel 2.6.16-rc2 and earlier, when running on x86_64 systems wi ...)
	{DSA-1017-1}
	- linux-2.6 2.6.16-1
CVE-2006-1065 (SQL injection vulnerability in search.php in MyBulletinBoard (MyBB) 1. ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2006-1064 (Multiple cross-site scripting (XSS) vulnerabilities in Lurker 2.0 and  ...)
	{DSA-999-1}
	- lurker 2.1-1
CVE-2006-1063 (Unspecified vulnerability in Lurker 2.0 and earlier allows remote atta ...)
	{DSA-999-1}
	- lurker 2.1-1
CVE-2006-1062 (Unspecified vulnerability in lurker.cgi for Lurker 2.0 and earlier all ...)
	{DSA-999-1}
	- lurker 2.1-1
CVE-2006-1061 (Heap-based buffer overflow in cURL and libcURL 7.15.0 through 7.15.2 a ...)
	- curl 7.15.3-1
	[woody] - curl <not-affected> (Vulnerable code not present)
	[sarge] - curl <not-affected> (Vulnerable code not present)
CVE-2006-1060 (Heap-based buffer overflow in zgv before 5.8 and xzgv before 0.8 might ...)
	{DSA-1038-1 DSA-1037-1}
	- xzgv 0.8-5.1 (bug #362288; medium)
	- zgv 5.9-2
CVE-2006-1059 (The winbindd daemon in Samba 3.0.21 to 3.0.21c writes the machine trus ...)
	- samba 3.0.22-1
	[woody] - samba <not-affected>
	[sarge] - samba <not-affected>
CVE-2006-1058 (BusyBox 1.1.1 does not use a salt when generating passwords, which mak ...)
	- busybox 1:1.1.3-1 (low; bug #360578)
	[woody] - busybox <not-affected>
	[sarge] - busybox <not-affected>
CVE-2006-1057 (Race condition in daemon/slave.c in gdm before 2.14.1 allows local use ...)
	{DSA-1040-1}
	- gdm 2.14.4-1
CVE-2006-1056 (The Linux kernel before 2.6.16.9 and the FreeBSD kernel, when running  ...)
	{DSA-1103 DSA-1097-1}
	- linux-2.6 2.6.16-9
	- kfreebsd-5 5.4-17
	- xen-3.0 3.0.2+hg9656-1
CVE-2006-1055 (The fill_write_buffer function in sysfs/file.c in Linux kernel 2.6.12  ...)
	- linux-2.6 2.6.16-6
CVE-2006-1054
	REJECTED
CVE-2006-1053
	REJECTED
CVE-2006-1052 (The selinux_ptrace logic in hooks.c in SELinux for Linux 2.6.6 allows  ...)
	{DSA-1184-2}
	- linux-2.6 2.6.15+2.6.16-rc5-0experimental.1 (low)
CVE-2006-1051 (SQL injection vulnerability in Akarru Social BookMarking Engine before ...)
	NOT-FOR-US: Akurru Social BookMarking Engine
CVE-2006-1050
	NOT-FOR-US: Kwik-Pay Payroll
CVE-2006-1319 (chpst in runit 1.3.3-1 for Debian GNU/Linux, when compiled on little e ...)
	- runit 1.4.1-1 (bug #356016; medium)
	[sarge] - runit <not-affected>
CVE-2006-1049 (Multiple SQL injection vulnerabilities in the Admin functionality in J ...)
	NOT-FOR-US: Joomla!
CVE-2006-1048 (Joomla! 1.0.7 and earlier allows attackers to bypass intended access r ...)
	NOT-FOR-US: Joomla!
CVE-2006-1047 (Unspecified vulnerability in the "Remember Me login functionality" in  ...)
	NOT-FOR-US: Joomla!
CVE-2006-1046 (server.cpp in Monopd 0.9.3 allows remote attackers to cause a denial o ...)
	- monopd 0.9.3-2 (bug #355797; low)
	[sarge] - monopd <no-dsa> (Very minor security ramifications)
CVE-2006-1045 (The HTML rendering engine in Mozilla Thunderbird 1.5, when "Block load ...)
	{DSA-1051-1 DSA-1046-1}
	- thunderbird 1.5.0.2-1
	[sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8
	- firefox 1.5.dfsg+1.5.0.2-1
	- xulrunner 1.8.0.1-9
CVE-2006-1044 (Multiple buffer overflows in LISTSERV 14.3 and 14.4, including LISTSER ...)
	NOT-FOR-US: LISTSERV
CVE-2006-1043 (Stack-based buffer overflow in Microsoft Visual Studio 6.0 and Microso ...)
	NOT-FOR-US: Microsoft
CVE-2006-1042 (Multiple SQL injection vulnerabilities in Gregarius 0.5.2 allow remote ...)
	NOT-FOR-US: Gregarius
CVE-2006-1041 (Multiple cross-site scripting (XSS) vulnerabilities in Gregarius 0.5.2 ...)
	NOT-FOR-US: Gregarius
CVE-2006-1040 (Cross-site scripting (XSS) vulnerability in vBulletin 3.0.12 and 3.5.3 ...)
	NOT-FOR-US: vBulletin
CVE-2006-1039 (SAP Web Application Server (WebAS) Kernel before 7.0 allows remote att ...)
	NOT-FOR-US: SAP
CVE-2006-1038 (Buffer overflow in SecureCRT 5.0.4 and earlier and SecureFX 3.0.4 and  ...)
	NOT-FOR-US: SecureCRT
CVE-2006-1037 (SQL injection vulnerability in the Oracle Diagnostics module 2.2 and e ...)
	NOT-FOR-US: Oracle
CVE-2006-1036 (Multiple unspecified vulnerabilities in the Oracle Diagnostics module  ...)
	NOT-FOR-US: Oracle
CVE-2006-1035 (Unspecified vulnerability in the Oracle Diagnostics module 2.2 and ear ...)
	NOT-FOR-US: Oracle
CVE-2006-1034 (Multiple cross-site scripting (XSS) vulnerabilities in Woltlab Burning ...)
	NOT-FOR-US: Woltlab Burning Board
CVE-2006-1033 (Multiple cross-site scripting (XSS) vulnerabilities in Dragonfly CMS b ...)
	NOT-FOR-US: Dragonfly CMS
CVE-2006-1032 (Eval injection vulnerability in the decode function in rpc_decoder.php ...)
	NOT-FOR-US: phpRPC
CVE-2006-1031 (config/config_inc.php in iGENUS Webmail 2.02 and earlier allows remote ...)
	NOT-FOR-US: iGENUS Webmail
CVE-2006-1030 (Unspecified vulnerability in mod_templatechooser in Joomla! 1.0.7 allo ...)
	NOT-FOR-US: Joomla!
CVE-2006-1029 (The cross-site scripting (XSS) countermeasures in class.inputfilter.ph ...)
	NOT-FOR-US: Joomla!
CVE-2006-1028 (feedcreator.class.php (aka the syndication component) in Joomla! 1.0.7 ...)
	NOT-FOR-US: Joomla!
CVE-2006-1027 (feedcreator.class.php (aka the syndication component) in Joomla! 1.0.7 ...)
	NOT-FOR-US: Joomla!
CVE-2006-1026 (JFacets before 0.2 allows remote attackers to gain privileges as any a ...)
	NOT-FOR-US: JFacets
CVE-2006-1025 (Cross-site scripting (XSS) vulnerability in manage.asp in Addsoft Stor ...)
	NOT-FOR-US: Addsoft StoreBot
CVE-2006-1024 (SQL injection vulnerability in MgrLogin.asp in Addsoft StoreBot 2005 P ...)
	NOT-FOR-US: Addsoft StoreBot
CVE-2006-1023 (Directory traversal vulnerability in HP System Management Homepage (SM ...)
	NOT-FOR-US: HP System Management
CVE-2006-1022 (PHP remote file include vulnerability in sol_menu.php in PeHePe Uyelik ...)
	NOT-FOR-US: PeHePe Uyelik Sistemi
CVE-2006-1021 (Cross-site scripting (XSS) vulnerability in sol_menu.php in PeHePe Uye ...)
	NOT-FOR-US: PeHePe Uyelik Sistemi
CVE-2006-1020 (SQL injection vulnerability in forumlib.php in Johnny_Vegas Vegas Foru ...)
	NOT-FOR-US: Johnny_Vegas Vegas Forum
CVE-2006-1019 (Cross-site scripting (XSS) vulnerability in fce.php in UKiBoard 3.0.1  ...)
	NOT-FOR-US: UkiBoard
CVE-2006-1018 (SQL injection vulnerability in poems.php in DCI-Designs Dawaween 1.03  ...)
	NOT-FOR-US: DCI-Design Dawaween
CVE-2006-1017 (The c-client library 2000, 2001, or 2004 for PHP before 4.4.4 and 5.x  ...)
	NOT-FOR-US: c-client
CVE-2006-1016 (Buffer overflow in the IsComponentInstalled method in Internet Explore ...)
	NOT-FOR-US: Windows
CVE-2006-1015 (Argument injection vulnerability in certain PHP 3.x, 4.x, and 5.x appl ...)
	- php5 5.1.4-0.1 (bug #368595; unimportant)
	- php4 <removed> (bug #368592; unimportant)
	NOTE: It's the application's job to sanitize input passed to a function
CVE-2006-1014 (Argument injection vulnerability in certain PHP 4.x and 5.x applicatio ...)
	- php5 5.1.4-0.1 (bug #368595; unimportant)
	- php4 <removed> (bug #368592; unimportant)
	NOTE: It's the application's job to sanitize input passed to a function
CVE-2006-1013 (PHP remote file include vulnerability in index.php in SMartBlog (aka S ...)
	NOT-FOR-US: SMartBlog
CVE-2006-1012 (SQL injection vulnerability in WordPress 1.5.2, and possibly other ver ...)
	- wordpress 2.0.1-1
CVE-2006-1011 (LetterMerger 1.2 stores user information in Access database files with ...)
	NOT-FOR-US: LetterMerger
CVE-2006-1010 (Buffer overflow in socket/request.c in CrossFire before 1.9.0, when ol ...)
	{DSA-1001-1}
	- crossfire 1.9.0-1
CVE-2006-1009 (M4 Project enigma-suite before 0.73.3 (Windows) has a default password ...)
	NOT-FOR-US: M4 Project enigma-suite
CVE-2006-1008 (Multiple cross-site scripting (XSS) vulnerabilities in N8cms 1.1 and 1 ...)
	NOT-FOR-US: N8cms
CVE-2006-1007 (Multiple SQL injection vulnerabilities in N8cms 1.1 and 1.2 allow remo ...)
	NOT-FOR-US: N8cms
CVE-2006-1006 (Multiple SQL injection vulnerabilities in sendcard.php in sendcard bef ...)
	NOT-FOR-US: sendcard
CVE-2006-1005 (agencyprofile.asp in Parodia 6.2 and earlier might allow remote attack ...)
	NOT-FOR-US: Parodia
CVE-2006-1004 (Cross-site scripting (XSS) vulnerability in agencyprofile.asp in Parod ...)
	NOT-FOR-US: Parodia
CVE-2006-1003 (The backup configuration option in NETGEAR WGT624 Wireless Firewall Ro ...)
	NOT-FOR-US: NETGEAR hardware issue
CVE-2006-1002 (NETGEAR WGT624 Wireless DSL router has a default account of super_user ...)
	NOT-FOR-US: NETGEAR hardware issue
CVE-2006-1001 (SQL injection vulnerability in the board module in LanSuite LanParty I ...)
	NOT-FOR-US: LanSuite LanParty Intranet System
CVE-2006-1000 (Multiple SQL injection vulnerabilities in Pentacle In-Out Board 3.0 an ...)
	NOT-FOR-US: Pentacle In-Out Board
CVE-2006-0999 (The SSL server implementation in NILE.NLM in Novell NetWare 6.5 and No ...)
	NOT-FOR-US: Novell
CVE-2006-0998 (The SSL server implementation in NILE.NLM in Novell NetWare 6.5 and No ...)
	NOT-FOR-US: Novell
CVE-2006-0997 (The SSL server implementation in NILE.NLM in Novell NetWare 6.5 and No ...)
	NOT-FOR-US: Novell
CVE-2006-0996 (Cross-site scripting (XSS) vulnerability in phpinfo (info.c) in PHP 5. ...)
	- php4 4:4.4.4-1 (bug #361853; unimportant)
	- php5 5.1.4-0.1 (bug #361914; unimportant)
	NOTE: Non-issue, explicit debug feature
CVE-2006-0995 (EMC Dantz Retrospect 7 backup client 7.0.107, and other versions befor ...)
	NOT-FOR-US: EMC Dantz Retrospect
CVE-2006-0994 (Multiple Sophos Anti-Virus products, including Anti-Virus for Windows  ...)
	NOT-FOR-US: Sophos
CVE-2006-0993 (The web management interface in 3Com TippingPoint SMS Server before 2. ...)
	NOT-FOR-US: 3Com
CVE-2006-0992 (Stack-based buffer overflow in Novell GroupWise Messenger before 2.0 P ...)
	NOT-FOR-US: Novell GroupWise
CVE-2006-0991 (Buffer overflow in the NetBackup Sharepoint Services server daemon (bp ...)
	NOT-FOR-US: Veritas NetBackup
CVE-2006-0990 (Stack-based buffer overflow in the NetBackup Catalog daemon (bpdbm) in ...)
	NOT-FOR-US: Veritas NetBackup
CVE-2006-0989 (Stack-based buffer overflow in the volume manager daemon (vmd) in Veri ...)
	NOT-FOR-US: Veritas NetBackup
CVE-2006-0988 (The default configuration of the DNS Server service on Windows Server  ...)
	NOT-FOR-US: MS Windows issue
CVE-2006-0987 (The default configuration of ISC BIND before 9.4.1-P1, when configured ...)
	- bind <unfixed> (bug #355787; unimportant)
	- bind9 1:9.4.0-1 (bug #356266; unimportant)
	NOTE: This is within the responsibilities of a local admin, especially when
	NOTE: operating a DNS server, affected sites can configure AllowRecursion
CVE-2006-0986 (WordPress 2.0.1 and earlier allows remote attackers to obtain sensitiv ...)
	- wordpress 2.0.2-1 (bug #355055; unimportant)
CVE-2006-0985 (Multiple cross-site scripting (XSS) vulnerabilities in the "post comme ...)
	- wordpress 2.0.2-1 (bug #355055; medium)
CVE-2006-0984 (Cross-site scripting (XSS) vulnerability in inc_header.php in EJ3 TOPo ...)
	NOT-FOR-US: EJ3 TOPo not in debian
CVE-2006-0983 (Cross-site scripting (XSS) vulnerability in index.php in QwikiWiki 1.4 ...)
	NOT-FOR-US: QWikiWiki not in debian
CVE-2006-0982 (The on-access scanner for McAfee Virex 7.7 for Macintosh, in some circ ...)
	NOT-FOR-US: McAfee Virex 7.7 for Macintosh
CVE-2006-0981 (Directory traversal vulnerability in e-merge WinAce 2.6 and earlier al ...)
	NOT-FOR-US: WinAce
CVE-2006-0980 (Multiple cross-site scripting (XSS) vulnerabilities in Jay Eckles CGI  ...)
	NOT-FOR-US: Jay Eckles CGI Calendar
CVE-2006-0979 (Unspecified vulnerability in the local weblog publisher in Nidelven IT ...)
	NOT-FOR-US: Nidelven IT Issue Dealer
CVE-2006-0978 (Multiple cross-site scripting (XSS) vulnerabilities in the View Header ...)
	NOT-FOR-US: ArGoSoft Mail Server
CVE-2006-0977 (Craig Morrison Mail Transport System Professional (aka MTS Pro) acts a ...)
	NOT-FOR-US: MTS Pro
CVE-2006-0976 (Directory traversal vulnerability in scan_lang_insert.php in Boris Her ...)
	NOT-FOR-US: SPiD
CVE-2006-0975
	REJECTED
CVE-2006-0974 (Cross-site scripting (XSS) vulnerability in failure.asp in Battleaxe b ...)
	NOT-FOR-US: bttlxeForum 2.0
CVE-2006-0973 (SQL injection vulnerability in topics.php in Appalachian State Univers ...)
	NOT-FOR-US: phpWebSite
CVE-2006-0972 (SQL injection vulnerability in news.php in Tony Baird Fantastic News 2 ...)
	NOT-FOR-US: Tony Baird Fantastic News
CVE-2006-0971 (Directory traversal vulnerability in Lionel Reyero DirectContact 0.3b  ...)
	NOT-FOR-US: DirectContact
CVE-2006-0970 (PHP remote file inclusion vulnerability in index.php in one or more Ac ...)
	NOT-FOR-US: ActiveCampaign products
CVE-2006-0969 (PHP remote file inclusion vulnerability in index.php in Top sites de P ...)
	NOT-FOR-US: PixelArtKingdom TopSites
CVE-2006-0968 (The ncprwsnt service in NCP Network Communication Secure Client 8.11 B ...)
	NOT-FOR-US: NCP Network Communication Secure Client
CVE-2006-0967 (NCP Network Communication Secure Client 8.11 Build 146, and possibly o ...)
	NOT-FOR-US: NCP Network Communication Secure Client
CVE-2006-0966 (NCP Network Communication Secure Client 8.11 Build 146, and possibly o ...)
	NOT-FOR-US: NCP Network Communication Secure Client
CVE-2006-0965 (NCP Network Communication Secure Client 8.11 Build 146, and possibly o ...)
	NOT-FOR-US: NCP Network Communication Secure Client
CVE-2006-0964 (Client Firewall in NCP Network Communication Secure Client 8.11 Build  ...)
	NOT-FOR-US: NCP Network Communication Secure Client
CVE-2006-0963 (Multiple buffer overflows in STLport 5.0.2 might allow local users to  ...)
	- stlport5 5.0.2-1 (bug #358471; medium)
CVE-2006-0962 (SQL injection vulnerability in vuBB 0.2 allows remote attackers to exe ...)
	NOT-FOR-US: VuBB
CVE-2006-0961 (SQL injection vulnerability in yazdir.asp in Cilem Hiber 1.1 allows re ...)
	NOT-FOR-US: Cilem Hiber
CVE-2006-0960 (uConfig agent in Compex NetPassage WPE54G router allows remote attacke ...)
	NOT-FOR-US: Compex NetPassage WPE54G router
CVE-2006-0959 (SQL injection vulnerability in misc.php in MyBulletinBoard (MyBB) 1.03 ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2006-0958 (Cross-site scripting (XSS) vulnerability in func.inc.php in ZoneO-Soft ...)
	NOT-FOR-US: ZoneO-Soft freeForum
CVE-2006-0957 (Direct static code injection vulnerability in func.inc.php in ZoneO-So ...)
	NOT-FOR-US: ZoneO-Soft freeForum
CVE-2006-0956 (nuauth in NuFW before 1.0.21 does not properly handle blocking TLS soc ...)
	- nufw 1.0.23-1 (bug #358475; low)
CVE-2006-0955
	RESERVED
CVE-2006-0954
	RESERVED
CVE-2006-0953
	RESERVED
CVE-2006-0952
	RESERVED
CVE-2006-0951 (The GUI (nod32.exe) in NOD32 2.5 runs with SYSTEM privileges when the  ...)
	NOT-FOR-US: NOD32
CVE-2006-0950 (unalz 0.53 allows user-assisted attackers to overwrite arbitrary files ...)
	- unalz 0.55-1 (bug #356832; low)
	[sarge] - unalz <no-dsa> (Minor issue)
CVE-2006-0949 (RaidenHTTPD 1.1.47 allows remote attackers to obtain source code of sc ...)
	NOT-FOR-US: RaidenHTTPD
CVE-2006-0948 (AOL 9.0 Security Edition revision 4184.2340, and probably other versio ...)
	NOT-FOR-US: AOL
CVE-2006-0947 (Thomson SpeedTouch modem running firmware 5.3.2.6.0 allows remote atta ...)
	NOT-FOR-US: Thomson modem firmware
CVE-2006-0946 (Cross-site scripting (XSS) vulnerability in Thomson SpeedTouch modems  ...)
	NOT-FOR-US: Thomson modem firmware
CVE-2006-0945 (PHP remote file include vulnerability in admin/index.php in Archangel  ...)
	NOT-FOR-US: Archangel Weblog
CVE-2006-0944 (Archangel Weblog 0.90.02 allows remote attackers to bypass authenticat ...)
	NOT-FOR-US: Archangel Weblog
CVE-2006-0943 (SQL injection vulnerability in the sondages module in index.php in Pws ...)
	NOT-FOR-US: PwsPHP
CVE-2006-0942 (SQL injection vulnerability in profil.php in PwsPHP 1.2.3, and possibl ...)
	NOT-FOR-US: PwsPHP
CVE-2006-0941 (Multiple cross-site scripting (XSS) vulnerabilities in post.php in Sho ...)
	NOT-FOR-US: ShoutLIVE
CVE-2006-0940 (Multiple direct static code injection vulnerabilities in savesettings. ...)
	NOT-FOR-US: ShoutLIVE
CVE-2006-0939 (SQL injection vulnerability in DCI-Taskeen 1.03 allows remote attacker ...)
	NOT-FOR-US: DCI-Taskeen
CVE-2006-0938 (Cross-site scripting (XSS) vulnerability in eZ publish 3.7.3 and earli ...)
	- ezpublish <removed>
CVE-2006-1320 (util.c in rssh 2.3.0 in Debian GNU/Linux does not use braces to make a ...)
	{DSA-1109}
	- rssh 2.3.0-1.1 (bug #346322; bug #363978; low)
CVE-2006-1321 (Cross-site scripting (XSS) vulnerability in webcheck before 1.9.6 allo ...)
	- webcheck 1.9.6
CVE-2006-0937 (U.N.U. Mailgust 1.9 allows remote attackers to obtain sensitive inform ...)
	NOT-FOR-US: U.N.U. Mailgust
CVE-2006-0936 (Free Host Shop Website Generator 3.3 allows remote authenticated users ...)
	NOT-FOR-US: Free Host Shop Website Generator
CVE-2006-0935 (Microsoft Word 2003 allows remote attackers to cause a denial of servi ...)
	NOT-FOR-US: Microsoft
CVE-2006-0934 (Cross-site scripting (XSS) vulnerability in webinsta Limbo 1.0.4.2 all ...)
	NOT-FOR-US: webinsta Limbo
CVE-2006-0933 (Cross-site scripting (XSS) vulnerability in PHPX 3.5.9 allows remote a ...)
	NOT-FOR-US: PHPX
CVE-2006-0932 (Directory traversal vulnerability in zip.lib.php 0.1.1 in PEAR::Archiv ...)
	NOT-FOR-US: zip.lib.php
CVE-2006-0931 (Directory traversal vulnerability in PEAR::Archive_Tar 1.2, and other  ...)
	- php5 <removed> (bug #368545; unimportant)
	- php4 <removed> (bug #368545; unimportant)
	NOTE: is this really a vulnerability in pear? it seems it should be a bug
	NOTE: in any application not checking for such archives.
	NOTE: Lack of a security feature is not a vulnerability
CVE-2006-0930 (Directory traversal vulnerability in Webmail in ArGoSoft Mail Server P ...)
	NOT-FOR-US: ArgoSoft Mail Server
CVE-2006-0929 (Directory traversal vulnerability in the IMAP server in ArGoSoft Mail  ...)
	NOT-FOR-US: ArgoSoft Mail Server
CVE-2006-0928 (The POP3 Server in ArGoSoft Mail Server Pro 1.8 allows remote attacker ...)
	NOT-FOR-US: ArgoSoft Mail Server
CVE-2006-0927 (Multiple cross-site scripting (XSS) vulnerabilities in the JGS-XA JGS- ...)
	NOT-FOR-US: Woltlab Burning Board
CVE-2006-0926 (Multiple directory traversal vulnerabilities in Allume StuffIt Standar ...)
	NOT-FOR-US: StuffIt
CVE-2006-0925 (Format string vulnerability in the IMAP4rev1 server in Alt-N MDaemon 8 ...)
	NOT-FOR-US: Alt-N MDaemon
CVE-2006-0924 (Cross-site scripting (XSS) vulnerability in Brown Bear iCal 3.10 allow ...)
	NOT-FOR-US: iCal
CVE-2006-0923 (Multiple cross-site scripting (XSS) vulnerabilities in MyPHPNuke (MPN) ...)
	NOT-FOR-US: MyPHPNuke
CVE-2006-0922 (CubeCart 3.0 through 3.6 does not properly check authorization for an  ...)
	NOT-FOR-US: CubeCart
CVE-2006-0921 (Multiple directory traversal vulnerabilities in connector.php in FCKed ...)
	- knowledgeroot <not-affected> (fixed before first upload; see bug #381912)
CVE-2006-0920 (Oi! Email Marketing System 3.0 (aka Oi! 3) stores the server's FTP pas ...)
	NOT-FOR-US: Oi! Email Marketing System
CVE-2006-0919 (SQL injection vulnerability in index.php (aka the login page) in Oi! E ...)
	NOT-FOR-US: Oi! Email Marketing System
CVE-2006-0918 (Buffer overflow in RITLabs The Bat! 3.60.07 allows remote attackers to ...)
	NOT-FOR-US: The Bat!
CVE-2006-0917 (Melange Chat Server (aka M-Chat), when accessed via a web browser, aut ...)
	NOT-FOR-US: Melange Chat Server
CVE-2006-0916 (Bugzilla 2.19.3 through 2.20 does not properly handle "//" sequences i ...)
	- bugzilla 2.20.1-1 (bug #354457; high)
	[woody] - bugzilla <not-affected> (Only 2.17 and above are affected)
	[sarge] - bugzilla <not-affected> (Only 2.17 and above are affected)
CVE-2006-0915 (Bugzilla 2.16.10 does not properly handle certain characters in the (1 ...)
	- bugzilla 2.20.1-1 (bug #354457; high)
	[woody] - bugzilla <not-affected> (Only 2.17 and above are affected)
	[sarge] - bugzilla <not-affected> (Only 2.17 and above are affected)
CVE-2006-0914 (Bugzilla 2.16.10, 2.17 through 2.18.4, and 2.20 does not properly hand ...)
	- bugzilla 2.20.1-1 (bug #354457; high)
	[woody] - bugzilla <not-affected> (Only 2.17 and above are affected)
	[sarge] - bugzilla <not-affected> (Only 2.17 and above are affected)
CVE-2006-0913 (SQL injection vulnerability in whineatnews.pl in Bugzilla 2.17 through ...)
	- bugzilla 2.20.1-1 (bug #354457; high)
	[woody] - bugzilla <not-affected> (Only 2.17 and above are affected)
	[sarge] - bugzilla <not-affected> (Only 2.17 and above are affected)
CVE-2006-0912 (Oreka before 0.5 allows remote attackers to cause a denial of service  ...)
	NOT-FOR-US: Oreka
CVE-2006-0911 (NmService.exe in Ipswitch WhatsUp Professional 2006 allows remote atta ...)
	NOT-FOR-US: WhatsUp Professional
CVE-2006-0910 (Invision Power Board (IPB) 2.1.4 and earlier allows remote attackers t ...)
	NOT-FOR-US: Invision Power Board
CVE-2006-0909 (Invision Power Board (IPB) 2.1.4 and earlier allows remote attackers t ...)
	NOT-FOR-US: Invision Power Board
CVE-2006-0908 (PHP-Nuke 7.8 Patched 3.2 allows remote attackers to bypass SQL injecti ...)
	NOT-FOR-US: PHP-Nuke
CVE-2006-0907 (SQL injection vulnerability in PHP-Nuke before 7.8 Patched 3.2 allows  ...)
	NOT-FOR-US: PHP-Nuke
CVE-2006-0906 (SQL injection vulnerability in D3Jeeb Pro 3 allows remote attackers to ...)
	NOT-FOR-US: D3Jeeb Pro
CVE-2006-0905 (A "programming error" in fast_ipsec in FreeBSD 4.8-RELEASE through 6.1 ...)
	- kfreebsd-5 5.4-16
CVE-2006-0904
	REJECTED
CVE-2006-0903 (MySQL 5.0.18 and earlier allows local users to bypass logging mechanis ...)
	{DSA-1079-1 DSA-1073-1 DSA-1071-1}
	- mysql-dfsg-5.0 5.0.19-3 (bug #359701; bug #366162; bug #366163)
CVE-2006-0902
	RESERVED
CVE-2006-0901 (Unspecified vulnerability in the hsfs filesystem in Solaris 8, 9, and  ...)
	NOT-FOR-US: Solaris
CVE-2006-0900 (nfsd in FreeBSD 6.0 kernel allows remote attackers to cause a denial o ...)
	- kfreebsd-5 5.4-15
CVE-2006-0899 (Directory traversal vulnerability in index.php in 4Images 1.7.1 and ea ...)
	NOT-FOR-US: 4Images
CVE-2006-0898 (Crypt::CBC Perl module 2.16 and earlier, when running in RandomIV mode ...)
	{DSA-996-1}
	- libcrypt-cbc-perl 2.17-1
CVE-2006-0897
	NOT-FOR-US: VCS Virtual Program Management Intranet
CVE-2006-0896 (Cross-site scripting (XSS) vulnerability in Sources/Register.php in Si ...)
	NOT-FOR-US: Simple Machine Forum
CVE-2006-0895 (NOCC Webmail 1.0 allows remote attackers to obtain the installation pa ...)
	NOT-FOR-US: NOCC Webmail
CVE-2006-0894 (Multiple cross-site scripting (XSS) vulnerabilities in NOCC Webmail 1. ...)
	NOT-FOR-US: NOCC Webmail
CVE-2006-0893 (NOCC Webmail 1.0 allows remote attackers to obtain sensitive informati ...)
	NOT-FOR-US: NOCC Webmail
CVE-2006-0892 (NOCC Webmail 1.0 stores e-mail attachments in temporary files with pre ...)
	NOT-FOR-US: NOCC Webmail
CVE-2006-0891 (Multiple directory traversal vulnerabilities in NOCC Webmail 1.0 allow ...)
	NOT-FOR-US: NOCC Webmail
CVE-2006-0890 (Directory traversal vulnerability in SpeedProject Squeez 5.1, as used  ...)
	NOT-FOR-US: SpeedProject Squeez
CVE-2006-0889 (Cross-site scripting (XSS) vulnerability in Calcium 3.10.1 allows remo ...)
	NOT-FOR-US: Calcium
CVE-2006-0888 (index.php in Invision Power Board (IPB) 2.0.1, with Code Confirmation  ...)
	NOT-FOR-US: Invision Power Board
CVE-2006-0887 (Eval injection vulnerability in sessions.inc in PHP Base Library (PHPL ...)
	NOT-FOR-US: PHPLIB
CVE-2006-0886 (Cross-site scripting (XSS) vulnerability in register.php in DEV web ma ...)
	NOT-FOR-US: DEV web management system
CVE-2006-0885 (Cross-site scripting (XSS) vulnerability in show_news.php in CuteNews  ...)
	NOT-FOR-US: CuteNews
CVE-2006-0884 (The WYSIWYG rendering engine ("rich mail" editor) in Mozilla Thunderbi ...)
	{DSA-1051-1 DSA-1046-1}
	[sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8
	- thunderbird 1.5.0.2-1
	- firefox 1.5.dfsg+1.5.0.2-1
	- xulrunner 1.8.0.1-9
	- mozilla 2:1.7.13-0.1
CVE-2006-0883 (OpenSSH on FreeBSD 5.3 and 5.4, when used with OpenPAM, does not prope ...)
	- openssh 1:3.8.1p1-4
	[woody] - openssh <not-affected>
CVE-2006-0882 (Directory traversal vulnerability in include.php in Noah's Classifieds ...)
	NOT-FOR-US: Noah's Classifieds
CVE-2006-0881 (Multiple PHP remote file include vulnerabilities in gorum/gorumlib.php ...)
	NOT-FOR-US: Noah's Classifieds
CVE-2006-0880 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in No ...)
	NOT-FOR-US: Noah's Classifieds
CVE-2006-0879 (SQL injection vulnerability in the search tool in Noah's Classifieds 1 ...)
	NOT-FOR-US: Noah's Classifieds
CVE-2006-0878 (Noah's Classifieds 1.3 allows remote attackers to obtain the installat ...)
	NOT-FOR-US: Noah's Classifieds
CVE-2006-0877 (Cross-site scripting vulnerability in Easy Forum 2.5 allows remote att ...)
	NOT-FOR-US: Easy Forum
CVE-2006-0876 (POPFile before 0.22.4 allows remote attackers to cause a denial of ser ...)
	{DSA-1061-1}
	- popfile 0.22.4-1 (bug #354464; medium)
CVE-2006-0875 (Cross-site scripting vulnerability in ratefile.php in RunCMS 1.3a5 all ...)
	NOT-FOR-US: runCMS
CVE-2006-0874 (Multiple unspecified vulnerabilities in Intensive Point iUser Ecommerc ...)
	NOT-FOR-US: Intensive Point iUser Ecommerce
CVE-2006-0873 (Absolute path traversal vulnerability in docs/showdocs.php in Coppermi ...)
	NOT-FOR-US: Coppermine Photo Gallery
CVE-2006-0872 (Directory traversal vulnerability in init.inc.php in Coppermine Photo  ...)
	NOT-FOR-US: Coppermine Photo Gallery
CVE-2006-0871 (Directory traversal vulnerability in the _setTemplate function in Mamb ...)
	- mambo 4.5.3h-1 (bug #354468)
	NOTE: only in experimental
CVE-2006-0870 (SQL injection vulnerability in pages.asp in Mini-Nuke CMS System 1.8.2 ...)
	NOT-FOR-US: Mini-Nuke CMS
CVE-2006-0869 (Directory traversal vulnerability in the "remember me" feature in live ...)
	NOT-FOR-US: PHP PEAR LiveUser
CVE-2006-0868 (Multiple unspecified injection vulnerabilities in unspecified Auth Con ...)
	- php-auth 1.2.4-0.1 (bug #354474)
CVE-2006-0867 (Buffer overflow in certain versions of South River (aka SRT) WebDrive, ...)
	NOT-FOR-US: WebDrive
CVE-2006-0866 (PunBB 1.2.10 and earlier allows remote attackers to conduct brute forc ...)
	NOT-FOR-US: PunBB
CVE-2006-0865 (PunBB 1.2.10 and earlier allows remote attackers to cause a denial of  ...)
	NOT-FOR-US: PunBB
CVE-2006-0864 (filescan in Global Hauri ViRobot 2.0 20050817 does not verify the Cook ...)
	NOT-FOR-US: Global Hauri ViRobot
CVE-2006-0863 (InfoVista PortalSE 2.0 Build 20087 on Solaris 8 allows remote attacker ...)
	NOT-FOR-US: InfoVista PortalSE
CVE-2006-0862 (Unspecified vulnerability in InfoVista PortalSE 2.0 Build 20087 on Sol ...)
	NOT-FOR-US: InfoVista PortalSE
CVE-2006-0861 (Michael Salzer Guestbox 0.6, and other versions before 0.8, allows rem ...)
	NOT-FOR-US: Michael Salzer Guestbox
CVE-2006-0860 (Multiple cross-site scripting (XSS) vulnerabilities in Michael Salzer  ...)
	NOT-FOR-US: Michael Salzer Guestbox
CVE-2006-0859 (Michael Salzer Guestbox 0.6, and other versions before 0.8, allows rem ...)
	NOT-FOR-US: Michael Salzer Guestbox
CVE-2006-0858 (Unquoted Windows search path vulnerability in (1) snsmcon.exe, (2) the ...)
	NOT-FOR-US: StarForce Safe'n'Sec Personal
CVE-2006-0857 (Cross-site scripting (XSS) vulnerability in Chatbox Plugin 1.0 in e107 ...)
	NOT-FOR-US: e107 CMS Chatbox plugin
CVE-2006-0856 (SQL injection vulnerability in login.php in Scriptme SmE GB Host 1.21  ...)
	NOT-FOR-US: SmE GB Host
CVE-2006-0855 (Stack-based buffer overflow in the fullpath function in misc.c for zoo ...)
	{DSA-991-1}
	- zoo 2.10-17 (bug #354461)
CVE-2006-0854 (PHP remote file inclusion vulnerability in common.php in Intensive Poi ...)
	NOT-FOR-US: Intensive Point iUser Ecommerce
CVE-2006-0853 (Buffer overflow in the IMAP service of TrueNorth Internet Anywhere (IA ...)
	NOT-FOR-US: TrueNorth Internet Anywhere
CVE-2006-0852 (Direct static code injection vulnerability in write.php in Admbook 1.2 ...)
	NOT-FOR-US: Admbook
CVE-2006-0851 (SQL injection vulnerability in the forum module of ilchClan 1.05g and  ...)
	NOT-FOR-US: ilchClan
CVE-2006-0850 (SQL injection vulnerability in include/includes/user/login.php in ilch ...)
	NOT-FOR-US: ilchClan
CVE-2006-0849
	REJECTED
CVE-2006-0848 (The "Open 'safe' files after downloading" option in Safari on Apple Ma ...)
	NOT-FOR-US: Apple Safari
CVE-2006-0847 (Directory traversal vulnerability in the staticfilter component in Che ...)
	- cherrypy2.1 2.1.1-1 (bug #353542)
	- python-cherrypy 2.1.1-1 (bug #354479)
CVE-2006-0846 (Multiple cross-site scripting (XSS) vulnerabilities in Leif M. Wright' ...)
	NOT-FOR-US: Leif M. Wright's Blog
CVE-2006-0845 (Leif M. Wright's Blog 3.5 allows remote authenticated users with admin ...)
	NOT-FOR-US: Leif M. Wright's Blog
CVE-2006-0844 (Leif M. Wright's Blog 3.5 does not make a password comparison when aut ...)
	NOT-FOR-US: Leif M. Wright's Blog
CVE-2006-0843 (Leif M. Wright's Blog 3.5 stores the config file and other txt files u ...)
	NOT-FOR-US: Leif M. Wright's Blog
CVE-2006-0842 (Cross-site scripting (XSS) vulnerability in Calacode @Mail 4.3 allows  ...)
	NOT-FOR-US: Calacode @Mail
CVE-2006-0841 (Multiple cross-site scripting (XSS) vulnerabilities in Mantis 1.00rc4  ...)
	{DSA-1133-1}
	- mantis 0.19.4-3.1 (bug #378353)
CVE-2006-0840 (manage_user_page.php in Mantis 1.00rc4 and earlier does not properly h ...)
	{DSA-944-1}
	- mantis 1.0
	NOTE: This was actually fixed upstream in Mantis 1.0.0rc5,
	NOTE: which was never uploaded.
CVE-2006-0839 (The frag3 preprocessor in Sourcefire Snort 2.4.3 does not properly rea ...)
	- snort <not-affected> (frag3 is only in 2.4, currently there is 2.3.3 in sid)
CVE-2006-0838 (IBM Tivoli Micromuse Netcool/NeuSecure 3.0.236 stores cleartext passwo ...)
	NOT-FOR-US: Tivoli
CVE-2006-0837 (IBM Tivoli Micromuse Netcool/NeuSecure 3.0.236 has world-readable perm ...)
	NOT-FOR-US: Tivoli
CVE-2006-0836 (Mozilla Thunderbird 1.5 allows user-assisted attackers to cause an uns ...)
	NOTE: Denial of service by tricking someone into importing a manipulated LDIF file
	NOTE: That's a bug, but calling it a security problem is very far-fetched
CVE-2006-0835 (SQL injection vulnerability in dropbase.php in MitriDAT Web Calendar P ...)
	NOT-FOR-US: MitriDAT Web Calendar
CVE-2006-0834 (Uniden UIP1868P VoIP Telephone and Router has a default password of ad ...)
	NOT-FOR-US: Uniden UIP1868P VoIP Telephone
CVE-2006-0833 (Multiple cross-site scripting (XSS) vulnerabilities in Barracuda Direc ...)
	NOT-FOR-US: Barracuda Directory
CVE-2006-0832 (Multiple SQL injection vulnerabilities in admin.asp in WPC.easy allow  ...)
	NOT-FOR-US: WPC.easy
CVE-2006-0831 (PHP remote file include vulnerability in index.php in Tasarim Rehberi  ...)
	NOT-FOR-US: Tasarim Rehberi
CVE-2006-0830 (The scripting engine in Internet Explorer allows remote attackers to c ...)
	NOT-FOR-US: Microsoft
CVE-2006-0829 (Cross-site scripting vulnerability in E-Blah Platinum 9.7 allows remot ...)
	NOT-FOR-US: E-Blah Platinum
CVE-2006-0828 (Unspecified vulnerability in ESS/ Network Controller and MicroServer W ...)
	NOT-FOR-US: Xerox WorkCentre / ESS/ Network Controller
CVE-2006-0827 (Cross-site scripting vulnerability in ESS/ Network Controller and Micr ...)
	NOT-FOR-US: Xerox WorkCentre / ESS/ Network Controller
CVE-2006-0826 (Unspecified vulnerability in ESS/ Network Controller and MicroServer W ...)
	NOT-FOR-US: Xerox WorkCentre / ESS/ Network Controller
CVE-2006-0825 (Multiple unspecified vulnerabilities in ESS/ Network Controller and Mi ...)
	NOT-FOR-US: Xerox WorkCentre / ESS/ Network Controller
CVE-2006-0824 (Multiple unspecified vulnerabilities in lib-common.php in Geeklog 1.4. ...)
	NOT-FOR-US: Geeklog
CVE-2006-0823 (Multiple SQL injection vulnerabilities in Geeklog 1.4.0 before 1.4.0sr ...)
	NOT-FOR-US: Geeklog
CVE-2006-0822 (Unspecified vulnerability in EmuLinker Kaillera Server before 0.99.17  ...)
	NOT-FOR-US: EmuLinker Kaillera Server
CVE-2006-0821 (SQL injection vulnerability in index.php in BXCP 0.299 allows remote a ...)
	NOT-FOR-US: BXCP
CVE-2006-0820 (Cross-site scripting (XSS) vulnerability in Dwarf HTTP Server 1.3.2 al ...)
	NOT-FOR-US: Dwarf HTTP Server
CVE-2006-0819 (Dwarf HTTP Server 1.3.2 allows remote attackers to obtain the source c ...)
	NOT-FOR-US: Dwarf HTTP Server
CVE-2006-0818 (Absolute path directory traversal vulnerability in (1) MERAK Mail Serv ...)
	NOT-FOR-US: MERAK Mail Server and VisNetic MailServer
CVE-2006-0817 (Absolute path directory traversal vulnerability in (a) MERAK Mail Serv ...)
	NOT-FOR-US: MERAK Mail Server and VisNetic MailServer
CVE-2006-0816 (Orion Application Server before 2.0.7, when running on Windows, allows ...)
	NOT-FOR-US: Orion Application Server
CVE-2006-0815 (NetworkActiv Web Server 3.5.15 allows remote attackers to read script  ...)
	NOT-FOR-US: NetworkActiv Web Server
CVE-2006-0814 (response.c in Lighttpd 1.4.10 and possibly previous versions, when run ...)
	NOT-FOR-US: Lighttpd under windows
CVE-2006-0813 (Heap-based buffer overflow in WinACE 2.60 allows user-assisted attacke ...)
	NOT-FOR-US: WinACE
CVE-2006-0812 (The VisNetic AntiVirus Plug-in (DKAVUpSch.exe) for Mail Server 4.6.0.4 ...)
	NOT-FOR-US: WinACE VisNetic AntiVirus
CVE-2006-0811 (Cross-site scripting (XSS) vulnerability in reguser.php in Skate Board ...)
	NOT-FOR-US: Skate Board
CVE-2006-0810 (Unspecified vulnerability in config.php in Skate Board 0.9 allows remo ...)
	NOT-FOR-US: Skate Board
CVE-2006-0809 (Multiple SQL injection vulnerabilities in Skate Board 0.9 allow remote ...)
	NOT-FOR-US: Skate Board
CVE-2006-0808 (MUTE 0.4 allows remote attackers to cause a denial of service (message ...)
	NOT-FOR-US: MUTE
CVE-2006-0807 (Stack-based buffer overflow in NJStar Chinese and Japanese Word Proces ...)
	NOT-FOR-US: NJStar
CVE-2006-0806 (Multiple cross-site scripting (XSS) vulnerabilities in ADOdb 4.71, as  ...)
	{DSA-1031-1 DSA-1030-1 DSA-1029-1}
	- libphp-adodb 4.72-0.1 (bug #358872; medium)
	- moodle 1.6.1+20060825-1 (bug #360396; medium)
	- cacti 0.8.6d-1 (medium)
	NOTE: according to maintainer, "Moodle neither uses nor plans to use
	NOTE: ADODB_Pager, so it's not affected by #360396, but include patch for
	NOTE: it anyway, just in case somebody decides to use it out of the blue
CVE-2006-0805 (The CAPTCHA functionality in php-Nuke 6.0 through 7.9 uses fixed chall ...)
	NOT-FOR-US: php-Nuke
CVE-2006-0804 (Off-by-one error in TIN 1.8.0 and earlier might allow attackers to exe ...)
	- tin 1:1.8.2-1
	[sarge] - tin <not-affected> (Vulnerable code not present)
CVE-2006-0803 (The signature verification functionality in the YaST Online Update (YO ...)
	NOT-FOR-US: YaSt Online Update
CVE-2006-0802 (Cross-site scripting (XSS) vulnerability in the NS-Languages module fo ...)
	NOT-FOR-US: PostNuke
CVE-2006-0801 (SQL injection vulnerability in the NS-Languages module for PostNuke 0. ...)
	NOT-FOR-US: PostNuke
CVE-2006-0800 (Interpretation conflict in PostNuke 0.761 and earlier allows remote at ...)
	NOT-FOR-US: PostNuke
CVE-2006-0799 (Microsoft Internet Explorer allows remote attackers to spoof a legitim ...)
	NOT-FOR-US: Microsoft
CVE-2006-0798 (Multiple directory traversal vulnerabilities in the IMAP service in Ma ...)
	NOT-FOR-US: Macallan Mail Solution
CVE-2006-0797 (Nokia N70 cell phone allows remote attackers to cause a denial of serv ...)
	NOT-FOR-US: Nokia cell phone
CVE-2006-0796 (Cross-site scripting (XSS) vulnerability in default.php in Clever Copy ...)
	NOT-FOR-US: Clever Copy
CVE-2006-0795 (Absolute path traversal vulnerability in convert.cgi in Quirex 2.0.2 a ...)
	NOT-FOR-US: Quirex
CVE-2006-0794 (help.php in V-webmail 1.6.2 allows remote attackers to obtain the inst ...)
	NOT-FOR-US: V-webmail
CVE-2006-0793 (frameset.php in V-webmail 1.6.2 allows remote attackers to conduct phi ...)
	NOT-FOR-US: V-webmail
CVE-2006-0792 (Cross-site scripting (XSS) vulnerability in preferences.personal.php i ...)
	NOT-FOR-US: V-webmail
CVE-2006-0791 (PHP remote file inclusion vulnerability in index.php in DreamCost Host ...)
	NOT-FOR-US: DreamCost HostAdmin
CVE-2006-0790 (Rockliffe MailSite 7.0 and earlier allows remote attackers to cause a  ...)
	NOT-FOR-US: Rockliffe MailSite
CVE-2006-0789 (Certain unspecified Kyocera printers have a default "admin" account wi ...)
	NOT-FOR-US: Kyocera printers
CVE-2006-0788 (Kyocera 3830 (aka FS-3830N) printers have a back door that allows remo ...)
	NOT-FOR-US: Kyocera printers
CVE-2006-0787 (wimpy_trackplays.php in Plaino Wimpy MP3 Player, possibly 5.2 and earl ...)
	NOT-FOR-US: Plaino Wimpy
CVE-2006-0786 (Incomplete blacklist vulnerability in include.php in PHPKIT 1.6.1 Rele ...)
	NOT-FOR-US: PHPKIT
CVE-2006-0785 (Absolute path traversal vulnerability in include.php in PHPKIT 1.6.1 R ...)
	NOT-FOR-US: PHPKIT
CVE-2006-0784 (D-Link DWL-G700AP with firmware 2.00 and 2.01 allows remote attackers  ...)
	NOT-FOR-US: D-Link hardware
CVE-2006-0783 (Cross-site scripting (XSS) vulnerability in page.php in in Siteframe B ...)
	NOT-FOR-US: Siteframe Beaumont
CVE-2006-0782 (Unspecified vulnerability in weblog.pl in PerlBlog 1.09b and earlier a ...)
	NOT-FOR-US: PerlBlog
CVE-2006-0781 (Directory traversal vulnerability in weblog.pl in PerlBlog 1.09b and e ...)
	NOT-FOR-US: PerlBlog
CVE-2006-0780 (Multiple cross-site scripting (XSS) vulnerabilities in weblog.pl in Pe ...)
	NOT-FOR-US: PerlBlog
CVE-2006-0779 (Cross-site scripting (XSS) vulnerability in u2u.php in XMB Forums 1.9. ...)
	NOT-FOR-US: XMB Forums
CVE-2006-0778 (Multiple SQL injection vulnerabilities in XMB Forums 1.9.3 and earlier ...)
	NOT-FOR-US: XMB Forums
CVE-2006-0777 (Unspecified vulnerability in guestex.pl in Teca Scripts Guestex 1.0 al ...)
	NOT-FOR-US: Teca Scripts Guestex
CVE-2006-0776 (Cross-site scripting (XSS) vulnerability in guestex.pl in Teca Scripts ...)
	NOT-FOR-US: Teca Scripts Guestex
CVE-2006-0775 (Multiple SQL injection vulnerabilities in show.php in BirthSys 3.1 all ...)
	NOT-FOR-US: BirthSys
CVE-2006-0774 (SQL injection vulnerability in deleteSession() in DB_eSession library  ...)
	NOT-FOR-US: DB_eSession
CVE-2006-0773 (Cross-site scripting (XSS) vulnerability in Hitachi Business Logic - C ...)
	NOT-FOR-US: Hitachi Business Logic
CVE-2006-0772 (SQL injection vulnerability in Hitachi Business Logic - Container 02-0 ...)
	NOT-FOR-US: Hitachi Business Logic
CVE-2006-0771 (Format string vulnerability in PunkBuster 1.180 and earlier, as used b ...)
	NOT-FOR-US: PunkBuster
CVE-2006-0770 (Cross-site scripting (XSS) vulnerability in calendar.php in MyBulletin ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2006-0769 (Unspecified vulnerability in in.rexecd in Solaris 10 allows local user ...)
	NOT-FOR-US: Solaris
CVE-2006-0768 (Kadu 0.4.3 allows remote attackers to cause a denial of service (appli ...)
	NOT-FOR-US: Kadu
CVE-2006-0767 (CGIWrap before 3.10 allows remote attackers to obtain sensitive inform ...)
	- cgiwrap 3.9-3.1
	[sarge] - cgiwrap <no-dsa> (Only leaks information about the existance of users on a system)
CVE-2006-0766 (ICQ Inc. (formerly Mirabilis) ICQ 2003a, 2003b, Lite 4.0, Lite 4.1, an ...)
	NOT-FOR-US: ICQ
CVE-2006-0765 (GUI display truncation vulnerability in ICQ Inc. (formerly Mirabilis)  ...)
	NOT-FOR-US: ICQ
CVE-2006-0764 (The Authentication, Authorization, and Accounting (AAA) capability in  ...)
	NOT-FOR-US: Cisco
CVE-2006-0763 (Cross-site scripting (XSS) vulnerability in dowebmailforward.cgi in cP ...)
	NOT-FOR-US: cPanel (not the same as in the cpanel package)
CVE-2006-0762 (WinAbility Folder Guard 4.11 allows local users to gain unauthorized a ...)
	NOT-FOR-US: WinAbility Folder Guard
CVE-2006-0761 (Buffer overflow in BlackBerry Attachment Service in Research in Motion ...)
	NOT-FOR-US: BlackBerry
CVE-2006-0760 (LightTPD 1.4.8 and earlier, when the web root is on a case-insensitive ...)
	NOT-FOR-US: LightTPD on windows
CVE-2006-0759 (Multiple SQL injection vulnerabilities in HiveMail 1.3 and earlier all ...)
	NOT-FOR-US: HiveMail
CVE-2006-0758 (Multiple cross-site scripting (XSS) vulnerabilities in HiveMail 1.3 an ...)
	NOT-FOR-US: HiveMail
CVE-2006-0757 (Multiple eval injection vulnerabilities in HiveMail 1.3 and earlier al ...)
	NOT-FOR-US: HiveMail
CVE-2006-0756 (** DISPUTED ** dotProject 2.0.1 and earlier leaves (1) phpinfo.php and ...)
	NOT-FOR-US: dotProject
CVE-2006-0755 (** DISPUTED ** Multiple PHP remote file include vulnerabilities in dot ...)
	NOT-FOR-US: dotProject
CVE-2006-0754 (** DISPUTED ** dotProject 2.0.1 and earlier allows remote attackers to ...)
	NOT-FOR-US: dotProject
CVE-2006-0753 (Memory leak in Microsoft Internet Explorer 6 for Windows XP Service Pa ...)
	NOT-FOR-US: Microsoft
CVE-2006-0752 (Niels Provos Honeyd before 1.5 replies to certain illegal IP packet fr ...)
	- honeyd 1.5a-1 (bug #353064; low)
	[sarge] - honeyd <no-dsa> (Too insignificant)
CVE-2006-0751 (Multiple unspecified vulnerabilities in the (1) Filesystem in USErspac ...)
	NOT-FOR-US: Network Object Oriented File System (NOOFS)
CVE-2006-0750 (SQL injection vulnerability in army.php in supersmashbrothers (SSB) Ar ...)
	NOT-FOR-US: supersmashbrothers
CVE-2006-0749 (nsHTMLContentSink.cpp in Mozilla Firefox and Thunderbird 1.x before 1. ...)
	{DSA-1051-1 DSA-1046-1 DSA-1044-1}
	- firefox 1.5.dfsg+1.5.0.2 (low)
	- mozilla-firefox 1.5.dfsg+1.5.0.2 (low)
	- mozilla 2:1.7.13-0.1 (low)
	- thunderbird 1.5.0.2-1 (low)
	[sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8 (low)
CVE-2006-0748 (Mozilla Firefox and Thunderbird 1.x before 1.5.0.2 and 1.0.x before 1. ...)
	{DSA-1051-1 DSA-1046-1 DSA-1044-1}
	- firefox 1.5.dfsg+1.5.0.2-1 (high)
	- mozilla-firefox 1.5.dfsg+1.5.0.2-1 (high)
	- mozilla 2:1.7.13-0.1 (high)
	- thunderbird 1.5.0.2-1 (high)
	[sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8 (high)
	- xulrunner 1.8.0.1-9
CVE-2006-0747 (Integer underflow in Freetype before 2.2 allows remote attackers to ca ...)
	{DSA-1095-1}
	- freetype 2.2.1-1 (medium)
CVE-2006-0746 (Certain patches for kpdf do not include all relevant patches from xpdf ...)
	{DSA-1008-1}
	- kdegraphics 4:3.5.0-3
	NOTE: Only affected the 3.3.2 KDE backport
CVE-2006-0745 (X.Org server (xorg-server) 1.0.0 and later, X11R6.9.0, and X11R7.0 ina ...)
	- xorg-x11 6.9.0.dfsg.1-5 (bug #360388; medium)
	- xorg-server 1:1.0.2-1 (bug #378465; medium)
	- xfree86 <not-affected>
CVE-2006-0744 (Linux kernel before 2.6.16.5 does not properly handle uncanonical retu ...)
	{DSA-1103}
	- linux-2.6 2.6.16-7
CVE-2006-0743 (Format string vulnerability in LocalSyslogAppender in Apache log4net 1 ...)
	NOT-FOR-US: Log4Net
CVE-2006-0742 (The die_if_kernel function in arch/ia64/kernel/unaligned.c in Linux ke ...)
	{DSA-1103 DSA-1097-1}
	- linux-2.6 2.6.15-8
CVE-2006-0741 (Linux kernel before 2.6.15.5, when running on Intel processors, allows ...)
	{DSA-1103 DSA-1097-1}
	- linux-2.6 2.6.15-8
CVE-2006-0740
	REJECTED
CVE-2006-0739 (eStara SIP softphone allows remote attackers to cause a denial of serv ...)
	NOT-FOR-US: eStara SIP softphone
CVE-2006-0738 (Multiple format string vulnerabilities in eStara SIP softphone allow r ...)
	NOT-FOR-US: eStara SIP softphone
CVE-2006-0737 (eStara SIP softphone allows remote attackers to cause a denial of serv ...)
	NOT-FOR-US: eStara SIP softphone
CVE-2006-0736 (Stack-based buffer overflow in the pam_micasa PAM authentication modul ...)
	NOT-FOR-US: pam_micasa / Novell
CVE-2006-2440 (Heap-based buffer overflow in the libMagick component of ImageMagick 6 ...)
	{DSA-1168-1}
	- imagemagick 6:6.2.4.5-0.6 (bug #345595)
CVE-2006-0735 (Cross-site scripting (XSS) vulnerability in BBcode.pm in M. Blom HTML: ...)
	NOT-FOR-US: My Blog
CVE-2006-0734 (The SV_CheckForDuplicateNames function in Valve Software Half-Life CST ...)
	NOT-FOR-US: Half-Life
CVE-2006-0733 (** DISPUTED ** Cross-site scripting (XSS) vulnerability in WordPress 2 ...)
	- wordpress <unfixed> (unimportant)
CVE-2006-0732 (Directory traversal vulnerability in SAP Business Connector (BC) 4.6 a ...)
	NOT-FOR-US: SAP Business Connector
CVE-2006-0731 (WmRoot/adapter-index.dsp in SAP Business Connector Core Fix 7 and earl ...)
	NOT-FOR-US: SAP Business Connector
CVE-2006-0730 (Multiple unspecified vulnerabilities in Dovecot before 1.0beta3 allow  ...)
	- dovecot 1.0.beta3-1 (bug #353341; medium)
	[sarge] - dovecot <not-affected> (Vulnerable code was introduced in 1.0beta1)
CVE-2006-0729 (SQL injection vulnerability in functions.php in Teca Diary PE 1.0 allo ...)
	NOT-FOR-US: Teca Diary
CVE-2006-0728 (SQL injection vulnerability in search.php in webSPELL 4.01.00 and earl ...)
	NOT-FOR-US: webSPELL
CVE-2006-0727 (SQL injection vulnerability in mstrack.php in MusOX DF MSAnalysis (DFM ...)
	NOT-FOR-US: MusOX DF
CVE-2006-0726 (Cross-site scripting (XSS) vulnerability in linking.php in CPG-Nuke Dr ...)
	NOT-FOR-US: CPG-Nuke
CVE-2006-0725 (PHP remote file inclusion vulnerability in prepend.php in Plume CMS 1. ...)
	NOT-FOR-US: Plume CMS
CVE-2006-0724 (profile.php in Reamday Enterprises Magic News Lite 1.2.3, when registe ...)
	NOT-FOR-US: Reamday Enterprises Magic News Lite
CVE-2006-0723 (PHP remote file inclusion vulnerability in preview.php in Reamday Ente ...)
	NOT-FOR-US: Reamday Enterprises Magic News Lite
CVE-2006-0722 (settings.php in Reamday Enterprises Magic Downloads 1.1.3, when regist ...)
	NOT-FOR-US: Reamday Enterprises Magic News Lite
CVE-2006-0721 (SQL injection vulnerability in pmlite.php in RunCMS 1.2 and 1.3a allow ...)
	NOT-FOR-US: RunCMS
CVE-2006-0720 (Stack-based buffer overflow in Nullsoft Winamp 5.12 and 5.13 allows us ...)
	NOT-FOR-US: Winamp
CVE-2006-0719 (SQL injection vulnerability in member_login.php in PHP Classifieds 6.1 ...)
	NOT-FOR-US: PHP Classifieds
CVE-2006-0718 (The Internet Key Exchange version 1 (IKEv1) implementation in Avaya VS ...)
	NOT-FOR-US: Avaya VSU
CVE-2006-0717 (IBM Tivoli Directory Server 6.0 allows remote attackers to cause a den ...)
	NOT-FOR-US: Tivoli
CVE-2006-0716 (SQL injection vulnerability in index.php in sNews 1.3 allows remote at ...)
	NOT-FOR-US: sNews
CVE-2006-0715 (Cross-site scripting (XSS) vulnerability in sNews 1.3 allows remote at ...)
	NOT-FOR-US: sNews
CVE-2006-0714 (Directory traversal vulnerability in the installation file (sql/instal ...)
	- flyspray <not-affected> (Vulnerable code not included in Debian)
CVE-2006-0713 (Directory traversal vulnerability in LinPHA 1.0 allows remote attacker ...)
	NOT-FOR-US: LinPHA
CVE-2006-0712 (mail_html template in Squishdot 1.5.0 and earlier does not properly va ...)
	NOT-FOR-US: Squishdot
CVE-2006-0711 (The (1) addfolder and (2) deletefolder functions in neomail-prefs.pl i ...)
	NOT-FOR-US: NeoMail
CVE-2006-0710 (Double free vulnerability in isode.eddy in Isode M-Vault Server 11.3 a ...)
	NOT-FOR-US: Isode M-Vault
CVE-2006-0709 (Buffer overflow in Metamail 2.7-50 allows remote attackers to cause a  ...)
	{DSA-995-1}
	- metamail 2.7-51 (bug #352482; bug #353539)
CVE-2006-0708 (Multiple buffer overflows in NullSoft Winamp 5.13 and earlier allow re ...)
	NOT-FOR-US: Winamp
CVE-2006-0707 (PyBlosxom before 1.3.2, when running on certain webservers, allows rem ...)
	- pyblosxom 1.3.2-1 (high)
	[sarge] - pyblosxom <not-affected> (Vulnerable path handling code not present)
CVE-2006-0706 (Cross-site scripting vulnerability in eintrag.php in G&#228;stebuch (G ...)
	NOT-FOR-US: Gaestebuch
CVE-2006-0705 (Format string vulnerability in a logging function as used by various S ...)
	NOT-FOR-US: Proprietary SFTP servers
CVE-2006-0704 (iE Integrator 4.4.220114, when configured without a "bespoke error pag ...)
	NOT-FOR-US: iE Integrator
CVE-2006-0703 (Unspecified vulnerability in index.php in imageVue 16.1 has unknown im ...)
	NOT-FOR-US: imageVue
CVE-2006-0702 (admin/upload.php in imageVue 16.1 allows remote attackers to upload ar ...)
	NOT-FOR-US: imageVue
CVE-2006-0701 (readfolder.php in imageVue 16.1 allows remote attackers to list direct ...)
	NOT-FOR-US: imageVue
CVE-2006-0700 (imageVue 16.1 allows remote attackers to obtain folder permission sett ...)
	NOT-FOR-US: imageVue
CVE-2006-0699 (Cross-site scripting (XSS) vulnerability in search.php in QWikiWiki 1. ...)
	NOT-FOR-US: QWikiWiki
CVE-2006-0698 (Unspecified vulnerabilities in Zen Cart before 1.2.7 allow remote atta ...)
	NOT-FOR-US: Zen Cart
CVE-2006-0697 (Zen Cart before 1.2.7 does not protect the admin/includes directory, w ...)
	NOT-FOR-US: Zen Cart
CVE-2006-0696 (SQL injection vulnerability in Zen Cart before 1.2.7 allows remote att ...)
	NOT-FOR-US: Zen Cart
CVE-2006-0695 (Ansilove before 1.03 does not filter uploaded file extensions, which a ...)
	NOT-FOR-US: Ansilove
CVE-2006-0694 (Unspecified vulnerability in the loaders (load_*.php) in Ansilove befo ...)
	NOT-FOR-US: Ansilove
CVE-2006-0693 (Multiple SQL injection vulnerabilities in rb_auth.php in Roberto Butti ...)
	NOT-FOR-US: Roberto Butti CALimba
CVE-2006-0692 (Multiple SQL injection vulnerabilities in Carey Briggs PHP/MYSQL Times ...)
	NOT-FOR-US: Carey Briggs Timesheet
CVE-2006-0691 (edituser.php in TTS Time Tracking Software 3.0 does not verify that th ...)
	NOT-FOR-US: TTS Time Tracking Software
CVE-2006-0690 (Multiple SQL injection vulnerabilities in TTS Time Tracking Software 3 ...)
	NOT-FOR-US: TTS Time Tracking Software
CVE-2006-0689 (Cross-site scripting (XSS) vulnerability in the Registration Form in T ...)
	NOT-FOR-US: TTS Time Tracking Software
CVE-2006-0688 (PHP remote file include vulnerability in application.php in nicecoder. ...)
	NOT-FOR-US: nicecoder.com indexu
CVE-2006-0687 (process.php in DocMGR 0.54.2 does not initialize the $siteModInfo vari ...)
	NOT-FOR-US: DocMGR
CVE-2006-0686 (add_user.php in Virtual Hosting Control System (VHCS) 2.4.7.1 and earl ...)
	NOT-FOR-US: Virtual Hosting Control System
CVE-2006-0685 (The check_login function in login.php in Virtual Hosting Control Syste ...)
	NOT-FOR-US: Virtual Hosting Control System
CVE-2006-0684 (change_password.php in Virtual Hosting Control System (VHCS) 2.4.7.1 a ...)
	NOT-FOR-US: Virtual Hosting Control System
CVE-2006-0683 (Cross-site scripting (XSS) vulnerability in Virtual Hosting Control Sy ...)
	NOT-FOR-US: Virtual Hosting Control System
CVE-2006-0682 (Multiple cross-site scripting (XSS) vulnerabilities in bbcodes system  ...)
	NOT-FOR-US: e107
CVE-2006-0681 (Format string vulnerability in powerd.c in Power Daemon (powerd) 2.0.2 ...)
	NOT-FOR-US: powerd
	NOTE: powerd supposedly normally comes with sysvinit, but not in debian
CVE-2006-0680 (Unspecified vulnerability in WebGUI before 6.8.6-gamma allows remote a ...)
	NOT-FOR-US: WebGUI
CVE-2006-0679 (SQL injection vulnerability in index.php in the Your_Account module in ...)
	NOT-FOR-US: PHP-Nuke
CVE-2006-0678 (PostgreSQL 7.3.x before 7.3.14, 7.4.x before 7.4.12, 8.0.x before 8.0. ...)
	NOTE: Only vulnerable when compiled with asserts
	- postgresql <unfixed> (unimportant)
	- postgresql-8.0 8.0.7-1 (unimportant)
	- postgresql-8.1 8.1.3-1 (unimportant)
CVE-2006-0677 (telnetd in Heimdal 0.6.x before 0.6.6 and 0.7.x before 0.7.2 allows re ...)
	{DSA-977-1}
	- heimdal 0.7.2-1
CVE-2006-0676 (Cross-site scripting (XSS) vulnerability in header.php in PHP-Nuke 6.0 ...)
	NOT-FOR-US: PHP-Nuke
CVE-2006-0675 (Cross-site scripting (XSS) vulnerability in search.php in Siteframe 5. ...)
	NOT-FOR-US: SiteFrame
CVE-2006-0674 (Buffer overflow in the arp command of IBM AIX 5.3 L, 5.3, 5.2.2, 5.2 L ...)
	NOT-FOR-US: IBM AIX
CVE-2006-0673 (Multiple SQL injection vulnerabilities in cms/index.php in Magic Calen ...)
	NOT-FOR-US: Magic Calendar Lite
CVE-2006-0672 (Unspecified vulnerability in HP PSC 1210 All-in-One Drivers before 1.0 ...)
	NOT-FOR-US: HP PSC 1210 All-in-One printer
CVE-2006-0671 (Buffer overflow in Sony Ericsson K600i, V600i, W800i, and T68i cell ph ...)
	NOT-FOR-US: Sony Ericsson
CVE-2006-0670 (Buffer overflow in l2cap.c in hcidump 1.29 allows remote attackers to  ...)
	{DSA-990-1}
	- bluez-hcidump 1.30-1 (bug #351881; medium)
CVE-2006-0669
	NOT-FOR-US: Forum Light
CVE-2006-0668 (SQL injection vulnerability in index.php in PwsPHP 1.2.3 allows remote ...)
	NOT-FOR-US: PwsPHP
CVE-2006-0667 (lscfg in IBM AIX 5.2 and 5.3 allows local users to modify arbitrary fi ...)
	NOT-FOR-US: AIX
CVE-2006-0666 (Unspecified vulnerability in the (1) unix_mp and (2) unix_64 kernels i ...)
	NOT-FOR-US: AIX
CVE-2006-0665 (Unspecified vulnerability in (1) query_store.php and (2) manage_proj_c ...)
	{DSA-1133-1}
	- mantis 0.19.4-3
	[woody] - mantis <not-affected> (Complete rewrite in 0.19)
CVE-2006-0664 (Cross-site scripting (XSS) vulnerability in config_defaults_inc.php in ...)
	{DSA-1133-1}
	- mantis 0.19.4-3
	[woody] - mantis <not-affected> (Complete rewrite in 0.19)
CVE-2006-0663 (Multiple cross-site scripting (XSS) vulnerabilities in Lotus Domino iN ...)
	NOT-FOR-US: Lotus Domino
CVE-2006-0662 (Cross-site scripting (XSS) vulnerability in Lotus Domino iNotes Client ...)
	NOT-FOR-US: Lotus Domino
CVE-2006-0661 (Cross-site scripting (XSS) vulnerability in Scriptme SmE GB Host 1.21  ...)
	NOT-FOR-US: SmE GB Host
CVE-2006-0660 (Multiple directory traversal vulnerabilities in FarsiNews 2.5 and earl ...)
	NOT-FOR-US: FarsiNews
CVE-2006-0659 (Multiple PHP remote file include vulnerabilities in RunCMS 1.2 and ear ...)
	NOT-FOR-US: Runcms
CVE-2006-0658 (Incomplete blacklist vulnerability in connector.php in FCKeditor 2.0 a ...)
	- knowledgeroot <not-affected> (fixed before first upload; see bug #381912)
	- moin 1.5.8-4.1
	[etch] - moin <not-affected> (Vulnerable php code not present)
	- karrigell <not-affected> (Vulnerable php code not present)
CVE-2006-0657 (Cross-site scripting (XSS) vulnerability in Softcomplex PHP Event Cale ...)
	NOT-FOR-US: Softcomplex
CVE-2006-0656 (Directory traversal vulnerability in HP Systems Insight Manager 4.2 th ...)
	NOT-FOR-US: HP
CVE-2006-0655 (Multiple cross-site scripting (XSS) vulnerabilities in (1) link_edited ...)
	NOT-FOR-US: Hinton Design phpht Topsites
CVE-2006-0654 (check.php in Hinton Design phpht Topsites 1.3 does not validate passwo ...)
	NOT-FOR-US: Hinton Design phpht Topsites
CVE-2006-0653 (Multiple SQL injection vulnerabilities in Hinton Design phpht Topsites ...)
	NOT-FOR-US: Hinton Design phpht Topsites
CVE-2006-0652 (WHMCompleteSolution (WHMCS) before 2.3 assigns incorrect permissions t ...)
	NOT-FOR-US: WHMCompleteSolution
CVE-2006-0651 (SQL injection vulnerability in index.php in vwdev allows remote attack ...)
	NOT-FOR-US: vwdev
CVE-2006-0650 (Cross-site scripting (XSS) vulnerability in cpaint2.inc.php in the CPA ...)
	NOT-FOR-US: CPAINT
CVE-2006-0649 (Cross-site scripting (XSS) vulnerability in DataparkSearch before 4.37 ...)
	NOT-FOR-US: DataparkSearch
CVE-2006-0648 (Multiple directory traversal vulnerabilities in PHP iCalendar 2.0.1, 2 ...)
	NOT-FOR-US: PHP iCalendar
CVE-2006-0647 (LDAP service in Sun Java System Directory Server 5.2, running on Linux ...)
	NOT-FOR-US: Sun Java System Directory Server
CVE-2006-0646 (ld in SUSE Linux 9.1 through 10.0, and SLES 9, in certain circumstance ...)
	- binutils <not-affected> (SuSE specific vulnerability)
CVE-2006-0645 (Tiny ASN.1 Library (libtasn1) before 0.2.18, as used by (1) GnuTLS 1.2 ...)
	{DSA-986-1 DSA-985-1}
	- libtasn1-2 <removed> (bug #352182; bug #365234)
	NOTE: upload of libtasn1-2 0.3.1-1 was reverted in 1:0.2.17-2 because of soname change
	- libtasn1-3 0.3.4-1
	- gnutls13 1.3.5-1
	- gnutls12 1.2.11-1
	- gnutls11 <removed>
CVE-2006-XXXX [dpkg-sig: insecure temp file bug]
	- dpkg-sig 0.13 (bug #352723; low)
	[sarge] - dpkg-sig <no-dsa> (Only affected in debug mode)
CVE-2006-2441 (Pioneers meta-server before 0.9.55, when the server-console is not ins ...)
	- pioneers 0.9.55-1 (bug #351986; medium)
	[sarge] - gnocatan <not-affected> (Not exploitable in Sarge per maintainer)
CVE-2006-0644 (Multiple directory traversal vulnerabilities in install.php in CPG-Nuk ...)
	NOT-FOR-US: CPG-Nuke Dragonfly CMS
CVE-2006-0643 (Cross-site scripting (XSS) vulnerability in WiredRed e/pop Web Confere ...)
	NOT-FOR-US: WiredRed e/pop Web Conferencing
CVE-2006-0642 (Trend Micro ServerProtect 5.58, and possibly InterScan Messaging Secur ...)
	NOT-FOR-US: Trend Micro
CVE-2006-0641 (Orbicule Undercover uses a third-party web server to determine the IP  ...)
	NOT-FOR-US: Orbicule Undercover
CVE-2006-0640 (Orbicule Undercover allows attackers with physical or root access to d ...)
	NOT-FOR-US: Orbicule Undercover
CVE-2006-0639 (Cross-site scripting (XSS) vulnerability in search.php in MyBB (aka My ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2006-0638 (SQL injection vulnerability in moderation.php in MyBB (aka MyBulletinB ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2006-0637 (Buffer overflow in cram.dll in QUALCOMM Eudora WorldMail 3.0 allows re ...)
	NOT-FOR-US: QUALCOMM Eudora WorldMail
CVE-2006-0636 (desktop.php in eyeOS 0.8.9 and earlier tests for the existence of the  ...)
	NOT-FOR-US: eyeOS
CVE-2006-0635 (Tiny C Compiler (TCC) 0.9.23 (aka TinyCC) evaluates the "i&gt;sizeof(i ...)
	- tcc 0.9.24~cvs20070502-1 (bug #352202; low)
	[sarge] - tcc <no-dsa> (Only incorrect code gen, hardly any production use)
	[etch] - tcc <no-dsa> (Documented as insecure; only incorrect code gen, hardly any production use)
CVE-2006-0634 (Borland C++Builder 6 (BCB6) with Update Pack 4 Enterprise edition (ent ...)
	NOT-FOR-US: Borland C++Builder
CVE-2006-0633 (The make_password function in ipsclass.php in Invision Power Board (IP ...)
	NOT-FOR-US: Invision Power Board
CVE-2006-0632 (The gen_rand_string function in phpBB 2.0.19 uses insufficiently rando ...)
	- phpbb2 2.0.20 (low)
	[sarge] - phpbb2 <no-dsa> (Minor issue)
	NOTE: According to maintainers phpbb2 doesn't have useful countermeasures against
	NOTE: brute-force password guessing and as password seeding is based on milliseconds
	NOTE: NTP-timed attacks may even be in the area of a couple thousands attempts
	NOTE: instead of a million
	NOTE: Fixed in 2.0.20
CVE-2006-0631 (CRLF injection vulnerability in mailback.pl in Erik C. Thauvin mailbac ...)
	NOT-FOR-US: Erik C. Thauvin mailback
CVE-2006-0630 (RITLabs The Bat! before 3.0.0.15 displays certain important headers fr ...)
	NOT-FOR-US: The Bat!
CVE-2006-0629 (Unspecified vulnerability in AOL Instant Messenger (AIM) 5.9.3861 allo ...)
	NOT-FOR-US: AIM
CVE-2006-0628 (myquiz.pl in Dale Ray MyQuiz 1.01 allows remote attackers to execute a ...)
	NOT-FOR-US: Dale Ray MyQuiz
CVE-2006-0627 (Cross-site scripting (XSS) vulnerability in Clever Copy 2.0, 2.0a, and ...)
	NOT-FOR-US: Clever Copy
CVE-2006-0624 (SQL injection vulnerability in check.asp in Whomp Real Estate Manager  ...)
	NOT-FOR-US: Whomp Real Estate Manager
CVE-2006-0623 (QNX Neutrino RTOS 6.3.0 ships /etc/rc.d/rc.local with world-writable p ...)
	NOT-FOR-US: QNX
CVE-2006-0622 (QNX Neutrino RTOS 6.3.0 allows local users to cause a denial of servic ...)
	NOT-FOR-US: QNX
CVE-2006-0621 (Multiple buffer overflows in QNX Neutrino RTOS 6.2.0 allow local users ...)
	NOT-FOR-US: QNX
CVE-2006-0620 (Race condition in phfont in QNX Neutrino RTOS 6.2.1 allows local users ...)
	NOT-FOR-US: QNX
CVE-2006-0619 (Multiple stack-based buffer overflows in QNX Neutrino RTOS 6.3.0 allow ...)
	NOT-FOR-US: QNX
CVE-2006-0618 (Format string vulnerability in fontsleuth in QNX Neutrino RTOS 6.3.0 a ...)
	NOT-FOR-US: QNX
CVE-2006-0617 (Multiple unspecified vulnerabilities in Sun Java JDK and JRE 5.0 Updat ...)
	NOT-FOR-US: Sun Java
CVE-2006-0616 (Unspecified vulnerability in Sun Java JDK and JRE 5.0 Update 4 and ear ...)
	NOT-FOR-US: Sun Java
CVE-2006-0615 (Multiple unspecified vulnerabilities in Sun Java JDK and JRE 5.0 Updat ...)
	NOT-FOR-US: Sun Java
CVE-2006-0614 (Unspecified vulnerability in Sun Java JDK and JRE 5.0 Update 3 and ear ...)
	NOT-FOR-US: Sun Java
CVE-2006-0613 (Unspecified vulnerability in Java Web Start after 1.0.1_02, as used in ...)
	NOT-FOR-US: Sun Java
CVE-2006-0612 (Powersave daemon before 0.10.15.2 allows local users to gain privilege ...)
	- powersave 0.11.2-1
CVE-2006-0611 (Directory traversal vulnerability in compose.pl in @Mail 4.3 and earli ...)
	NOT-FOR-US: @Mail
CVE-2006-0610 (Multiple SQL injection vulnerabilities in 2200net Calendar system 1.2, ...)
	NOT-FOR-US: 2200net Calender system
CVE-2006-0609 (Cross-site scripting (XSS) vulnerability in add.php in Hinton Design p ...)
	NOT-FOR-US: Hinton Design phphd
CVE-2006-0608 (Multiple SQL injection vulnerabilities in Hinton Design phphd 1.0 allo ...)
	NOT-FOR-US: Hinton Design phphd
CVE-2006-0607 (check.php in Hinton Design phphd 1.0 does not check passwords when cer ...)
	NOT-FOR-US: Hinton Design phphd
CVE-2006-0606 (SQL injection vulnerability in Unknown Domain Shoutbox 2005.07.21 allo ...)
	NOT-FOR-US: Unknown Domain Shoutbox
CVE-2006-0605 (Multiple cross-site scripting (XSS) vulnerabilities in Unknown Domain  ...)
	NOT-FOR-US: Unknown Domain Shoutbox
CVE-2006-0604 (check.php in Hinton Design phphg Guestbook 1.2 does not check the user ...)
	NOT-FOR-US: Hinton Design phphd
CVE-2006-0603 (Multiple cross-site scripting vulnerabilities in signed.php in Hinton  ...)
	NOT-FOR-US: Hinton Design phphd
CVE-2006-0602 (Multiple SQL injection vulnerabilities in Hinton Design phphg Guestboo ...)
	NOT-FOR-US: Hinton Design phphd
CVE-2006-0601
	RESERVED
CVE-2006-0596
	RESERVED
CVE-2006-0595
	RESERVED
CVE-2006-0594
	RESERVED
CVE-2006-0598 (Buffer overflow in elogd.c in elog before 2.5.7 r1558-4 allows attacke ...)
	{DSA-967-1}
	- elog 2.6.1+r1642-1
CVE-2006-0597 (Multiple stack-based buffer overflows in elogd.c in elog before 2.5.7  ...)
	{DSA-967-1}
	- elog 2.6.1+r1642-1
CVE-2006-0599 (The (1) elog.c and (2) elogd.c components in elog before 2.5.7 r1558-4 ...)
	{DSA-967-1}
	- elog 2.6.1+r1642-1
CVE-2006-0600 (elog before 2.5.7 r1558-4 allows remote attackers to cause a denial of ...)
	{DSA-967-1}
	- elog 2.6.1+r1642-1
CVE-2006-0593 (Cross-site scripting (XSS) vulnerability in PHP-Fusion before 6.00.304 ...)
	NOT-FOR-US: PHP-Fusion
CVE-2006-0592 (Unspecified vulnerability in the Lexmark Printer Sharing LexBce Server ...)
	NOT-FOR-US: Lexmark Printer
CVE-2006-0591 (The crypt_gensalt functions for BSDI-style extended DES-based and Free ...)
	NOT-FOR-US: crypt_blowfish implementation from OWL, does not seem to be in Debian
CVE-2006-0590 (MyTopix 1.2.3 allows remote attackers to obtain the installation path  ...)
	NOT-FOR-US: MyTopix
CVE-2006-0589 (MyTopix 1.2.3 allows remote attackers to obtain the installation path  ...)
	NOT-FOR-US: MyTopix
CVE-2006-0588 (SQL injection vulnerability in search.php in MyTopix 1.2.3 allows remo ...)
	NOT-FOR-US: MyTopix
CVE-2006-0587 (Unspecified vulnerability in util.php in Gallery before 1.5.2-pl2 allo ...)
	- gallery 1.5.2-pl2-1
CVE-2006-0586 (Multiple SQL injection vulnerabilities in Oracle 10g Release 1 before  ...)
	NOT-FOR-US: Oracle
CVE-2006-0585 (jscript.dll in Microsoft Internet Explorer 6.0 SP1 and earlier allows  ...)
	NOT-FOR-US: Microsoft
CVE-2006-0584 (The PSCipher function in PeopleSoft People Tools 8.4x uses PKCS #5 wit ...)
	NOT-FOR-US: PeopleSoft People Tools
CVE-2006-0583 (SQL injection vulnerability in mailarticle.php in Clever Copy 3.0 and  ...)
	NOT-FOR-US: Clever Copy
CVE-2006-0582 (Unspecified vulnerability in rshd in Heimdal 0.6.x before 0.6.6 and 0. ...)
	{DSA-977-1}
	- heimdal 0.7.2-1
CVE-2006-0581 (SQL injection vulnerability in Hosting Controller 6.1 Hotfix 2.8 allow ...)
	NOT-FOR-US: Hosting Controller
CVE-2006-0580 (IBM Lotus Domino Server 7.0 allows remote attackers to cause a denial  ...)
	NOT-FOR-US: Lotus Domino
CVE-2006-0579 (Multiple integer overflows in (1) the new_demux_packet function in dem ...)
	- mplayer <not-affected> (fixed before first upload; 1.0pre7try3)
	NOTE: code not in ffmpeg and xine-lib
CVE-2006-0578 (Blue Coat Proxy Security Gateway OS (SGOS) 4.1.2.1 does not enforce CO ...)
	NOT-FOR-US: Blue Coat Proxy Security Gateway OS
CVE-2006-0577 (Lexmark X1185 printer allows local users to gain SYSTEM privileges by  ...)
	NOT-FOR-US: Lexmark printer
CVE-2006-0576 (Untrusted search path vulnerability in opcontrol in OProfile 0.9.1 and ...)
	- oprofile 0.9.1-9 (bug #352910; low)
	[sarge] - oprofile <no-dsa> (requires sudo access to be vulnerable)
CVE-2006-0575 (convert-fcrontab in Fcron 2.9.5 and 3.0.0 allows remote attackers to c ...)
	- fcron <not-affected> (Not included in Debian package)
CVE-2006-0574 (Cross-site scripting (XSS) vulnerability in mime/handle.html in cPanel ...)
	NOT-FOR-US: cPanel
CVE-2006-0573 (Multiple cross-site scripting (XSS) vulnerabilies in cPanel 10 and ear ...)
	NOT-FOR-US: cPanel
CVE-2006-0572 (phpstatus 1.0 does not require passwords when using cookies to identif ...)
	NOT-FOR-US: phpstatus
CVE-2006-0571 (Multiple cross-site scripting (XSS) vulnerabilities in phpstatus 1.0 a ...)
	NOT-FOR-US: phpstatus
CVE-2006-0570 (Multiple SQL injection vulnerabilities in phpstatus 1.0, when gpc_magi ...)
	NOT-FOR-US: phpstatus
CVE-2006-0569 (Cross-site scripting (XSS) vulnerability in user_class.php in Papoo 2. ...)
	NOT-FOR-US: Papoo
CVE-2006-0568 (Cross-site scripting (XSS) vulnerability in throw.main in Outblaze all ...)
	NOT-FOR-US: Outblaze
CVE-2006-0567 (Directory traversal vulnerability in Files Xaraya module before 0.5.1, ...)
	NOT-FOR-US: Xaraya
CVE-2006-0566 (The LDAP component in CommuniGate Pro Core Server 5.0.7 allows remote  ...)
	NOT-FOR-US: Communigate Pro
CVE-2006-0565 (PHP remote file include vulnerability in inc/backend_settings.php in L ...)
	NOT-FOR-US: LoudBlog
CVE-2006-0564 (Stack-based buffer overflow in Microsoft HTML Help Workshop 4.74.8702. ...)
	NOT-FOR-US: Microsoft
CVE-2006-0563 (SQL injection vulnerability in exec.php in PluggedOut Blog 1.9.9c allo ...)
	NOT-FOR-US: PluggedOut Blog
CVE-2006-0562 (Cross-site scripting (XSS) vulnerability in problem.php in PluggedOut  ...)
	NOT-FOR-US: PluggedOut Blog
CVE-2006-0561 (Cisco Secure Access Control Server (ACS) 3.x for Windows stores ACS ad ...)
	NOT-FOR-US: Cisco
CVE-2006-0560
	REJECTED
CVE-2006-0559 (Format string vulnerability in the SMTP server for McAfee WebShield 4. ...)
	NOT-FOR-US: McAfee WebShield
CVE-2006-0558 (perfmon (perfmon.c) in Linux kernel on IA64 architectures allows local ...)
	{DSA-1103}
	- linux-2.6 2.6.16-1 (bug #365375; low)
CVE-2006-0557 (sys_mbind in mempolicy.c in Linux kernel 2.6.16 and earlier does not s ...)
	{DSA-1103}
	- linux-2.6 2.6.15-8
CVE-2006-0556
	REJECTED
CVE-2006-0555 (The Linux Kernel before 2.6.15.5 allows local users to cause a denial  ...)
	{DSA-1103}
	- linux-2.6 2.6.15-8
CVE-2006-0554 (Linux kernel 2.6 before 2.6.15.5 allows local users to obtain sensitiv ...)
	{DSA-1103}
	- linux-2.6 2.6.15-8
CVE-2006-0553 (PostgreSQL 8.1.0 through 8.1.2 allows authenticated database users to  ...)
	- postgresql-8.1 8.1.3-1
CVE-2006-0552 (Unspecified vulnerability in the Net Listener component of Oracle Data ...)
	NOT-FOR-US: Oracle
CVE-2006-0551 (SQL injection vulnerability in the Data Pump Metadata API in Oracle Da ...)
	NOT-FOR-US: Oracle
CVE-2006-0550 (Buffer overflow in an unspecified Oracle Client utility might allow re ...)
	NOT-FOR-US: Oracle
CVE-2006-0549 (SQL injection vulnerability in the SYS.DBMS_METADATA_UTIL package in O ...)
	NOT-FOR-US: Oracle
CVE-2006-0548 (SQL injection vulnerability in the Oracle Text component of Oracle Dat ...)
	NOT-FOR-US: Oracle
CVE-2006-0547 (Oracle Database 8i, 9i, and 10g allow remote authenticated users to ex ...)
	NOT-FOR-US: Oracle
CVE-2006-0546 (Unspecified vulnerability in index.php in a certain application availa ...)
	NOT-FOR-US: Strange app at www.egeinternet.com
CVE-2006-0545 (SQL injection vulnerability in showflat.php in Groupee (formerly known ...)
	NOT-FOR-US: UBB.threads
CVE-2006-0544 (urlmon.dll in Microsoft Internet Explorer 7.0 beta 2 (aka 7.0.5296.0)  ...)
	NOT-FOR-US: Microsoft
CVE-2006-0543 (Cerulean Trillian 3.1.0.120 allows remote attackers to cause a denial  ...)
	NOT-FOR-US: Cerulean Trillian
CVE-2006-0542 (Multiple SQL injection vulnerabilities in config.php in NukedWeb Guest ...)
	NOT-FOR-US: NukedWeb
CVE-2006-0541 (Multiple cross-site scripting (XSS) vulnerabilities in Tachyon Vanilla ...)
	NOT-FOR-US: Tachyon Vanilla Guestbook
CVE-2006-0540 (Multiple SQL injection vulnerabilities in Tachyon Vanilla Guestbook 1. ...)
	NOT-FOR-US: Tachyon Vanilla Guestbook
CVE-2006-0539 (The convert-fcrontab program in fcron 3.0.0 might allow local users to ...)
	- fcron <not-affected> (Vulnerable app in the Debian package, not setuid anyway)
CVE-2006-0538 (CipherTrust IronMail 5.0.1, when "Denial of Service Protection" is ena ...)
	NOT-FOR-US: IronMail
CVE-2006-0537 (Buffer overflow in the POP3 server in Kinesphere Corporation eXchange  ...)
	NOT-FOR-US: eXchange POP3
CVE-2006-0536 (Cross-site scripting (XSS) vulnerability in neomail.pl in NeoMail 1.27 ...)
	NOT-FOR-US: NeoMail
CVE-2006-0535 (Multiple cross-site scripting (XSS) vulnerabilities in Community Serve ...)
	NOT-FOR-US: Community Server
CVE-2006-0534 (Multiple cross-site scripting (XSS) vulnerabilities in default.asp in  ...)
	NOT-FOR-US: CyberShop Ultimate E-commerce
CVE-2006-0533 (Cross-site scripting (XSS) vulnerability in webmailaging.cgi in cPanel ...)
	NOT-FOR-US: cPanel
	NOTE: Not Debian's cpanel
CVE-2006-0532 (Cross-site scripting (XSS) vulnerability in resultat.asp in SoftMaker  ...)
	NOT-FOR-US: SoftMaker Shop
CVE-2006-0531 (Unspecified vulnerability in Sun Java System Access Manager 7.0 allows ...)
	NOT-FOR-US: Sun Java System Access Manager
CVE-2006-0530 (Computer Associates (CA) Message Queuing (CAM / CAFT) before 1.07 Buil ...)
	NOT-FOR-US: CA Message Queuing
	NOTE: CA Message Queuing is embeded in a lot of products, but they all seem
	NOTE: to be commercial products (see list in referenced URL)
CVE-2006-0529 (Computer Associates (CA) Message Queuing (CAM / CAFT) before 1.07 Buil ...)
	NOT-FOR-US: CA Message Queuing
	NOTE: CA Message Queuing is embeded in a lot of products, but they all seem
	NOTE: to be commercial products (see list in referenced URL)
CVE-2006-0528 (The cairo library (libcairo), as used in GNOME Evolution and possibly  ...)
	- evolution 2.2.3-4 (low)
	[sarge] - evolution <not-affected> (Vulnerability was apparantly introduced in 2.3.1)
	[woody] - evolution <not-affected> (Vulnerability was apparantly introduced in 2.3.1)
CVE-2006-0527 (BIND 4 (BIND4) and BIND 8 (BIND8), if used as a target forwarder, allo ...)
	- bind 1:8.4.7-1 (low)
	[sarge] - bind <no-dsa> (Architectual limitatiom, upgrade to BIND 9 as a a fix)
	NOTE: BIND 8 is unsuitable for forwarder use because of its
	NOTE: architecture. Upgrade to BIND 9 as a fix.
	NOTE: This was fixed in sid by documenting it as an unfixable design limitation
CVE-2006-0526 (The default configuration of the America Online (AOL) client software  ...)
	NOT-FOR-US: AOL
CVE-2006-0525 (Multiple Adobe products, including (1) Photoshop CS2, (2) Illustrator  ...)
	NOT-FOR-US: Windows issue
CVE-2006-0524 (Cross-site scripting (XSS) vulnerability in ashnews.php in Derek Ashau ...)
	NOT-FOR-US: Derek Ashauer ashnews
CVE-2006-0523 (SQL injection vulnerability in global.php in MyBB before 1.03 allows r ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2006-0522 (SQL injection vulnerability in the Authentication Servlet in Symantec  ...)
	NOT-FOR-US: Symantec Sygate Management Server
CVE-2006-0521 (Cross-site scripting (XSS) vulnerability in results.php in BrowserCRM  ...)
	NOT-FOR-US: Browser CRM
CVE-2006-0520 (SQL injection vulnerability index.php in Dragoran Portal module 1.3 fo ...)
	NOT-FOR-US: Invision Power Board
CVE-2006-0519 (SPIP 1.8.2-e and earlier and 1.9 Alpha 2 (5539) and earlier allows rem ...)
	- spip 2.0.6-1 (medium; bug #351336)
CVE-2006-0518 (Cross-site scripting (XSS) vulnerability in index.php3 in SPIP 1.8.2-e ...)
	- spip 2.0.6-1 (medium; bug #351335)
CVE-2006-0517 (Multiple SQL injection vulnerabilities in formulaires/inc-formulaire_f ...)
	- spip 2.0.6-1 (medium; bug #351334)
CVE-2006-0625 (Directory traversal vulnerability in Spip_RSS.PHP in SPIP 1.8.2g and e ...)
	- spip 2.0.6-1 (medium; bug #352076)
	NOTE: http://www.securityfocus.com/bid/16556
CVE-2006-0626 (SQL injection vulnerability in spip_acces_doc.php3 in SPIP 1.8.2g and  ...)
	- spip 2.0.6-1 (medium; bug #352077)
	NOTE: http://www.securityfocus.com/bid/16551
CVE-2006-0516 (Unspecified vulnerability in the kernel processing in Solaris 10 64 bi ...)
	NOT-FOR-US: Solaris
CVE-2006-0515 (Cisco PIX/ASA 7.1.x before 7.1(2) and 7.0.x before 7.0(5), PIX 6.3.x b ...)
	NOT-FOR-US: Cisco
CVE-2006-0514
	RESERVED
CVE-2006-0513 (Directory traversal vulnerability in pkmslogout in Tivoli Web Server P ...)
	NOT-FOR-US: Tivoli
CVE-2006-0512 (PADL MigrationTools 46 creates temporary files insecurely, which allow ...)
	{DSA-1187-1}
	- migrationtools 46-2.1 (bug #338920; medium)
CVE-2006-0511 (** DISPUTED ** Blackboard Academic Suite 6.0 and earlier does not prop ...)
	NOT-FOR-US: Blackboard Academic Suite
CVE-2006-0510 (SQL injection vulnerability in userlogin.jsp in Daffodil CRM 1.5 allow ...)
	NOT-FOR-US: Daffodil
CVE-2006-0509 (Multiple cross-site scripting (XSS) vulnerabilities in clients.php in  ...)
	NOT-FOR-US: Cerberus Helpdesk
CVE-2006-0508 (Easy CMS stores the images directory under the web document root with  ...)
	NOT-FOR-US: Easy CMS
CVE-2006-0507 (Multiple cross-site scripting (XSS) vulnerabilities in Easy CMS allow  ...)
	NOT-FOR-US: Easy CMS
CVE-2006-0506 (Cross-site scripting (XSS) vulnerability in index.php in Nuked-klaN 1. ...)
	NOT-FOR-US: Nuked-klaN
CVE-2006-0505 (zbattle.net Zbattle client 1.09 SR-1 beta allows remote attackers to c ...)
	NOT-FOR-US: Zbattle
CVE-2006-0504 (Unspecified vulnerability in MailEnable Enterprise Edition before 1.2  ...)
	NOT-FOR-US: MailEnable Enterprise Edition
CVE-2006-0503 (IMAP service in MailEnable Professional Edition before 1.72 allows rem ...)
	NOT-FOR-US: MailEnable Professional Edition
CVE-2006-0502 (PHP remote file inclusion vulnerability in loginout.php in FarsiNews 2 ...)
	NOT-FOR-US: FarsiNews
CVE-2006-0501 (Cross-site scripting (XSS) vulnerability in MyCO Guestbook 1.0 allows  ...)
	NOT-FOR-US: MyCo Guestbook
CVE-2006-0500 (MyCO Guestbook 1.0 stores the admin directory under the web document r ...)
	NOT-FOR-US: MyCo Guestbook
CVE-2006-0499 (Cross-site scripting (XSS) vulnerability in rlink.php in Rlink 1.0.0 m ...)
	NOT-FOR-US: Rlink module add-on for phpbb (not included in Debian package)
CVE-2006-0498 (Multiple cross-site scripting (XSS) vulnerabilities in PHP GEN before  ...)
	NOT-FOR-US: PHP GEN
CVE-2006-0497 (Multiple SQL injection vulnerabilities in PHP GEN before 1.4 allow rem ...)
	NOT-FOR-US: PHP GEN
CVE-2006-0496 (Cross-site scripting (XSS) vulnerability in Mozilla 1.7.12 and possibl ...)
	- iceweasel 3.0-1 (unimportant; bug #349339)
	- mozilla-firefox <removed> (unimportant; bug #349339)
	- iceape <removed> (unimportant)
	- xulrunner <unfixed> (unimportant)
	NOTE: This is not a direct vulnerability, but rather the lack of protection
	NOTE: for shooting into own's own foot, so we should treat it as a security
	NOTE: enhancement bug and not as a vulnerability.
CVE-2006-0495 (Cross-site scripting (XSS) vulnerability in the Add Thread to Favorite ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2006-0494 (Directory traversal vulnerability in MyBB (aka MyBulletinBoard) 1.02 a ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2006-0493 (Cross-site scripting (XSS) vulnerability in MG2 (formerly known as Min ...)
	NOT-FOR-US: MG2
CVE-2006-0492 (Multiple SQL injection vulnerabilities in Calendarix allow remote atta ...)
	NOT-FOR-US: Calendarix
CVE-2006-0491 (SQL injection vulnerability in SZUserMgnt.class.php in SZUserMgnt 1.4  ...)
	NOT-FOR-US: SZUserMgnt
CVE-2006-0490 (SQL injection vulnerability in login.asp in ASPThai.Net ASPThai Forums ...)
	NOT-FOR-US: ASPThai Forums
CVE-2006-0489 (** DISPUTED ** Buffer overflow in the font command of mIRC, probably 6 ...)
	NOT-FOR-US: mIRC
CVE-2006-0488 (The VDM (Virtual DOS Machine) emulation environment for MS-DOS applica ...)
	NOT-FOR-US: Microsoft
CVE-2006-0487 (Multiple unspecified vulnerabilities in Tumbleweed MailGate Email Fire ...)
	NOT-FOR-US: Tumbleweed MailGate Email Firewall
CVE-2006-0486 (Certain Cisco IOS releases in 12.2S based trains with maintenance rele ...)
	NOT-FOR-US: IOS
CVE-2006-0485 (The TCL shell in Cisco IOS 12.2(14)S before 12.2(14)S16, 12.2(18)S bef ...)
	NOT-FOR-US: IOS
CVE-2006-0484 (Directory traversal vulnerability in Vis.pl, as part of the FACE CONTR ...)
	NOT-FOR-US: FACE CONTROL product
CVE-2006-0483 (Cisco VPN 3000 series concentrators running software 4.7.0 through 4.7 ...)
	NOT-FOR-US: Cisco
CVE-2006-0482 (Linux kernel 2.6.15.1 and earlier, when running on SPARC architectures ...)
	{DSA-1017-1}
	- linux-2.6 2.6.15-4
CVE-2006-0481 (Heap-based buffer overflow in the alpha strip capability in libpng 1.2 ...)
	- libpng 1.2.8rel-3 (bug #352902; bug #352918)
	[sarge] - libpng <not-affected> (Only 1.2.7 affected)
	[woody] - libpng <not-affected> (Only 1.2.7 affected)
	[sarge] - libpng3 1.2.8rel-1
CVE-2006-0480 (Cross-site scripting (XSS) vulnerability in the Articles module in sPa ...)
	NOT-FOR-US: sPaiz-Nuke
CVE-2006-0479 (pmwiki.php in PmWiki 2.1 beta 20, with register_globals enabled, allow ...)
	NOT-FOR-US: PmWiki
CVE-2006-0478 (CRE Loaded 6.15 allows remote attackers to perform privileged actions, ...)
	NOT-FOR-US: CRE Loaded
CVE-2006-0477 (Buffer overflow in git-checkout-index in GIT before 1.1.5 allows remot ...)
	- git-core 1.1.5-1 (bug #350274)
CVE-2006-0476 (Buffer overflow in Nullsoft Winamp 5.12 allows remote attackers to exe ...)
	NOT-FOR-US: Winamp
CVE-2006-0475 (PHP-Ping 1.3 does not properly validate ping counts, which allows remo ...)
	NOT-FOR-US: PHP-Ping
CVE-2006-0474 (Multiple integer overflows in Shareaza 2.2.1.0 allow remote attackers  ...)
	NOT-FOR-US: Shareaza
CVE-2006-0473 (Cross-site scripting (XSS) vulnerability in the bbcode function in web ...)
	NOT-FOR-US: My little homepage
CVE-2006-0472 (Cross-site scripting (XSS) vulnerability in guestbook.php in my little ...)
	NOT-FOR-US: My little homepage
CVE-2006-0471 (Cross-site scripting (XSS) vulnerability in the bbcode function in fun ...)
	NOT-FOR-US: My little homepage
CVE-2006-0470 (Cross-site scripting (XSS) vulnerability in search.php in MyBulletinBo ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2006-0469 (Cross-site scripting (XSS) vulnerability in UebiMiau 2.7.9, and possib ...)
	NOT-FOR-US: uebimiau
	NOTE: this had an ITP back in 2002, but it never was done (bug #164116)
CVE-2006-0468 (CommuniGate Pro Core Server before 5.0.7 allows remote attackers to ca ...)
	NOT-FOR-US: CommuniGate Pro
CVE-2006-0467 (Unspecified vulnerability in Pioneers (formerly gnocatan) before 0.9.4 ...)
	{DSA-964-1}
	[woody] - gnocatan 0.6.1-5woody3
	[sarge] - gnocatan 0.8.1.59-1sarge1
	- pioneers 0.9.49-1 (bug #350237; medium)
CVE-2006-0466 (Cross-site scripting (XSS) vulnerability in search.asp in Goldstag Con ...)
	NOT-FOR-US: Goldstag Content Management System
CVE-2006-0465 (Cross-site scripting (XSS) vulnerability in risultati_ricerca.php in a ...)
	NOT-FOR-US: active121 Site Manager
CVE-2006-0464 (Multiple SQL injection vulnerabilities in index.php in IdeoContent Man ...)
	NOT-FOR-US: IdeoContent Manager
CVE-2006-0463 (Cross-site scripting (XSS) vulnerability in IdeoContent Manager allows ...)
	NOT-FOR-US: IdeoContent Manager
CVE-2006-0462 (SQL injection vulnerability in comentarios.php in AndoNET Blog 2004.09 ...)
	NOT-FOR-US: AndoNET Blog
CVE-2006-0461 (Cross-site scripting (XSS) vulnerability in core.input.php in Expressi ...)
	NOT-FOR-US: ExpressionEngine
CVE-2006-0460 (Multiple buffer overflows in BomberClone before 0.11.6.2 allow remote  ...)
	{DSA-997-1}
	- bomberclone 0.11.6.2-1
CVE-2006-0459 (flex.skl in Will Estes and John Millaway Fast Lexical Analyzer Generat ...)
	{DSA-1020-1}
	- flex 2.5.33-1
CVE-2006-0458 (The DCC ACCEPT command handler in irssi before 0.8.9+0.8.10rc5-0ubuntu ...)
	- irssi-text <not-affected> (Only 0.8.10rc versions are affected)
CVE-2006-0457 (Race condition in the (1) add_key, (2) request_key, and (3) keyctl fun ...)
	- linux-2.6 2.6.15-6
CVE-2006-0456 (The strnlen_user function in Linux kernel before 2.6.16 on IBM S/390 c ...)
	{DSA-1103}
	- linux-2.6 2.6.16-1
CVE-2006-0455 (gpgv in GnuPG before 1.4.2.1, when using unattended signature verifica ...)
	{DSA-978-1}
	- gnupg 1.4.2.2-1 (bug #353017; bug #353019; bug #354620; medium)
	- gnupg2 <not-affected> (Vulnerable code not activated)
CVE-2006-0454 (Linux kernel before 2.6.15.3 down to 2.6.12, while constructing an ICM ...)
	- linux-2.6 2.6.15-5
	[sarge] - kernel-source-2.6.8 <not-affected>
	[sarge] - kernel-source-2.4.27 <not-affected>
CVE-2006-0453 (The LDAP component in Fedora Directory Server 1.0 allow remote attacke ...)
	NOT-FOR-US: Fedora Directory Server
CVE-2006-0452 (dn2ancestor in the LDAP component in Fedora Directory Server 1.0 allow ...)
	NOT-FOR-US: Fedora Directory Server
CVE-2006-0451 (Multiple memory leaks in the LDAP component in Fedora Directory Server ...)
	NOT-FOR-US: Fedora Directory Server
CVE-2006-0450 (phpBB 2.0.19 and earlier allows remote attackers to cause a denial of  ...)
	- phpbb2 <unfixed> (unimportant)
	NOTE: As discussed with the phpbb maintainers; this is only a lack of feature
	NOTE: (phpbb2 doesn't allow a kind of rate control for maximum login/searches for
	NOTE: a certain time frame), but not a directly fixable security problem
CVE-2006-0449 (Early termination vulnerability in the IMAP service in E-Post Mail 4.0 ...)
	NOT-FOR-US: E-Post Mail / SPA-PRO Mail
CVE-2006-0448 (Multiple directory traversal vulnerabilities in (1) EPSTIMAP4S.EXE and ...)
	NOT-FOR-US: E-Post Mail / SPA-PRO Mail
CVE-2006-0447 (Multiple buffer overflows in E-Post Mail Server 4.10 and SPA-PRO Mail  ...)
	NOT-FOR-US: E-Post Mail / SPA-PRO Mail
CVE-2006-0446 (Unspecified vulnerability in WeBWorK 2.1.3 and 2.2-pre1 allows remote  ...)
	NOT-FOR-US: WeBWorK
CVE-2006-0445 (index.php in Phpclanwebsite 1.23.1 allows remote authenticated users t ...)
	NOT-FOR-US: Phpclanwebsite
CVE-2006-0444 (SQL injection vulnerability in index.php in Phpclanwebsite (aka PCW) 1 ...)
	NOT-FOR-US: Phpclanwebsite
CVE-2006-0443 (Cross-site scripting (XSS) vulnerability in archive.php in CheesyBlog  ...)
	NOT-FOR-US: CheesyBlog
CVE-2006-0442 (Multiple cross-site scripting (XSS) vulnerabilities in usercp.php in M ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2006-0441 (Stack-based buffer overflow in Sami FTP Server 2.0.1 allows remote att ...)
	NOT-FOR-US: Sami FTP Server
CVE-2006-0440 (Text Rider 2.4 allows attackers to bypass authentication and upload fi ...)
	NOT-FOR-US: Text Rider
CVE-2006-0439 (Text Rider 2.4 stores sensitive data in the data directory under the w ...)
	NOT-FOR-US: Text Rider
CVE-2006-0438 (Cross-site request forgery (CSRF) vulnerability in phpBB 2.0.19, when  ...)
	- phpbb2 <unfixed> (unimportant)
	NOTE: No real world risk according to maintainer
CVE-2006-0437 (Cross-site scripting (XSS) vulnerability in admin_smilies.php in phpBB ...)
	- phpbb2 <unfixed> (unimportant)
	NOTE: Intended behaviour according to maintainer
CVE-2006-0436 (Unspecified vulnerability in HP HP-UX B.11.00, B.11.04, and B.11.11 al ...)
	NOT-FOR-US: HP-UX
CVE-2006-0435 (Unspecified vulnerability in Oracle PL/SQL (PLSQL), as used in Databas ...)
	NOT-FOR-US: Oracle
CVE-2006-0434 (Directory traversal vulnerability in action.php in phpXplorer allows r ...)
	NOT-FOR-US: phpXplorer
CVE-2006-0433 (Selective Acknowledgement (SACK) in FreeBSD 5.3 and 5.4 does not prope ...)
	- kfreebsd-5 5.4-13
CVE-2006-0432 (Unspecified vulnerability in BEA WebLogic Server and WebLogic Express  ...)
	NOT-FOR-US: BEA WebLogic
CVE-2006-0431 (Unspecified vulnerability in BEA WebLogic Server and WebLogic Express  ...)
	NOT-FOR-US: BEA WebLogic
CVE-2006-0430 (Certain configurations of BEA WebLogic Server and WebLogic Express 9.0 ...)
	NOT-FOR-US: BEA WebLogic
CVE-2006-0429 (BEA WebLogic Server and WebLogic Express 9.0 causes new security provi ...)
	NOT-FOR-US: BEA WebLogic
CVE-2006-0428 (Unspecified vulnerability in BEA WebLogic Portal 8.1 SP3 through SP5,  ...)
	NOT-FOR-US: BEA WebLogic
CVE-2006-0427 (Unspecified vulnerability in BEA WebLogic Server and WebLogic Express  ...)
	NOT-FOR-US: BEA WebLogic
CVE-2006-0426 (BEA WebLogic Server and WebLogic Express 8.1 through SP4, when configu ...)
	NOT-FOR-US: BEA WebLogic
CVE-2006-0425 (BEA WebLogic Portal 8.1 through SP4 allows remote attackers to obtain  ...)
	NOT-FOR-US: BEA WebLogic
CVE-2006-0424 (BEA WebLogic Server and WebLogic Express 8.1 through SP4, 7.0 through  ...)
	NOT-FOR-US: BEA WebLogic
CVE-2006-0423 (BEA WebLogic Portal 8.1 through SP3 stores the password for the RDBMS  ...)
	NOT-FOR-US: BEA WebLogic
CVE-2006-0422 (Multiple unspecified vulnerabilities in BEA WebLogic Server and WebLog ...)
	NOT-FOR-US: BEA WebLogic
CVE-2006-0421 (By design, BEA WebLogic Server and WebLogic Express 7.0 and 6.1, when  ...)
	NOT-FOR-US: BEA WebLogic
CVE-2006-0420 (BEA WebLogic Server and WebLogic Express 8.1 through SP4 and 7.0 throu ...)
	NOT-FOR-US: BEA WebLogic
CVE-2006-0419 (BEA WebLogic Server and WebLogic Express 9.0, 8.1 through SP5, and 7.0 ...)
	NOT-FOR-US: BEA WebLogic
CVE-2006-0418 (Eval injection vulnerability in 123 Flash Chat Server 5.0 and 5.1 allo ...)
	NOT-FOR-US: 123 Flash Chat Server
CVE-2006-0417 (SQL injection vulnerability in login.php in miniBloggie 1.0 and earlie ...)
	NOT-FOR-US: miniBloggie
CVE-2006-0416 (SleeperChat 0.3f and earlier allows remote attackers to bypass authent ...)
	NOT-FOR-US: SleeperChat
CVE-2006-0415 (Cross-site scripting (XSS) vulnerability in index.php in SleeperChat 0 ...)
	NOT-FOR-US: SleeperChat
CVE-2006-0414 (Tor before 0.1.1.20 allows remote attackers to identify hidden service ...)
	- tor 0.1.1.11-alpha-1 (bug #349283)
CVE-2006-0413 (Multiple SQL injection vulnerabilities in index.php in NewsPHP allow r ...)
	NOT-FOR-US: NewsPHP
CVE-2006-0412 (SQL injection vulnerability in CyberShop allows remote attackers to ex ...)
	NOT-FOR-US: CyberShop
CVE-2006-0411 (claro_init_local.inc.php in Claroline 1.7.2 uses guessable session coo ...)
	NOT-FOR-US: Claroline
CVE-2006-0410 (SQL injection vulnerability in ADOdb before 4.71, when using PostgreSQ ...)
	{DSA-1031-1 DSA-1030-1 DSA-1029-1}
	- libphp-adodb 4.72-0.1 (bug #349985; medium)
	- moodle 1.6-1 (bug #360395; medium)
	- cacti 0.8.6d-1 (medium)
CVE-2006-0409 (Cross-site scripting (XSS) vulnerability in index.php in Pixelpost Pho ...)
	NOT-FOR-US: Pixelpost Photoblog
CVE-2006-0408 (rsh utility in Sun Grid Engine (SGE) before 6.0u7_1 allows local users ...)
	NOT-FOR-US: Sun Grid Engine
CVE-2006-0407 (Cross-site scripting (XSS) vulnerability in post.php in AZ Bulletin Bo ...)
	NOT-FOR-US: AZ Bulletin Board
CVE-2006-0406 (search.php in MyBB 1.0.2 allows remote attackers to obtain sensitive i ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2006-0405 (The TIFFFetchShortPair function in tif_dirread.c in libtiff 3.8.0 allo ...)
	- tiff 3.8.0-2 (bug #350715)
	- tiff3 <not-affected> (fixed prior to initial upload)
	[sarge] - tiff <not-affected> (Vulnerability was introduced later)
	[woody] - tiff <not-affected> (Vulnerability was introduced later)
CVE-2006-0404 (Note-A-Day Weblog 2.2 stores sensitive data under the web document roo ...)
	NOT-FOR-US: Note-A-Day Weblog
CVE-2006-0403 (Multiple SQL injection vulnerabilities in e-moBLOG 1.3 allow remote at ...)
	NOT-FOR-US: e-moBLOG
CVE-2006-0402 (SQL injection vulnerability in Zoph before 0.5pre1 allows remote attac ...)
	{DSA-989-1}
	- zoph 0.5-1 (bug #350717)
CVE-2006-0401 (Unspecified vulnerability in Mac OS X before 10.4.6, when running on a ...)
	NOT-FOR-US: Apple
CVE-2006-0400 (CoreTypes in Apple Mac OS X 10.4 up to 10.4.5 allows remote attackers  ...)
	NOT-FOR-US: Apple
CVE-2006-0399 (Unspecified vulnerability in Safari, LaunchServices, and/or CoreTypes  ...)
	NOT-FOR-US: Apple
CVE-2006-0398 (Unspecified vulnerability in Safari, LaunchServices, and/or CoreTypes  ...)
	NOT-FOR-US: Apple
CVE-2006-0397 (Unspecified vulnerability in Safari, LaunchServices, and/or CoreTypes  ...)
	NOT-FOR-US: Apple
CVE-2006-0396 (Buffer overflow in Mail in Apple Mac OS X 10.4 up to 10.4.5, when patc ...)
	NOT-FOR-US: Apple
CVE-2006-0395 (The Download Validation in Mail in Mac OS X 10.4 does not properly rec ...)
	NOT-FOR-US: Apple
CVE-2006-0394
	REJECTED
CVE-2006-0393 (OpenSSH in Apple Mac OS X 10.4.7 allows remote attackers to cause a de ...)
	NOT-FOR-US: Apple
CVE-2006-0392 (Buffer overflow in Apple Mac OS X 10.4.7 allows user-assisted attacker ...)
	NOT-FOR-US: Apple
CVE-2006-0391 (Directory traversal vulnerability in the BOM framework in Mac OS X 10. ...)
	NOT-FOR-US: Apple
CVE-2006-0390
	REJECTED
CVE-2006-0389 (Cross-site scripting (XSS) vulnerability in Syndication (Safari RSS) i ...)
	NOT-FOR-US: Apple
CVE-2006-0388 (Safari in Mac OS X 10.3 before 10.3.9 and 10.4 before 10.4.5 allows re ...)
	NOT-FOR-US: Apple
CVE-2006-0387 (Stack-based buffer overflow in Safari in Mac OS X 10.4.5 and earlier,  ...)
	NOT-FOR-US: Apple
CVE-2006-0386 (FileVault in Mac OS X 10.4.5 and earlier does not properly mount user  ...)
	NOT-FOR-US: Apple
CVE-2006-0385
	RESERVED
CVE-2006-0384 (automount in Mac OS X 10.4.5 and earlier allows remote file servers to ...)
	NOT-FOR-US: Apple
CVE-2006-0383 (IPSec when used with VPN networks in Mac OS X 10.4 through 10.4.5 allo ...)
	NOT-FOR-US: Apple
CVE-2006-0382 (Apple Mac OS X 10.4.5 and allows local users to cause a denial of serv ...)
	NOT-FOR-US: Apple
CVE-2006-0381 (A logic error in the IP fragment cache functionality in pf in FreeBSD  ...)
	- kfreebsd-5 5.4-14
CVE-2006-0380 (A logic error in FreeBSD kernel 5.4-STABLE and 6.0 causes the kernel t ...)
	NOT-FOR-US: FreeBSD, possibly affects kfreebsd-5
CVE-2006-0379 (FreeBSD kernel 5.4-STABLE and 6.0 does not completely initialize a buf ...)
	NOT-FOR-US: FreeBSD, possibly affects kfreebsd-5
CVE-2006-0378 (Cross-site scripting (XSS) vulnerability in Netrix X-Site Manager allo ...)
	NOT-FOR-US: Netrix X-Site Manager
CVE-2006-0377 (CRLF injection vulnerability in SquirrelMail 1.4.0 to 1.4.5 allows rem ...)
	{DSA-988-1}
	- squirrelmail 2:1.4.6-1 (bug #354063; bug #355424)
CVE-2006-0376 (The 802.11 wireless client in certain operating systems including Wind ...)
	NOT-FOR-US: Windows
CVE-2006-0375 (Advantage Century Telecommunication (ACT) P202S IP Phone 1.01.21 runni ...)
	NOT-FOR-US: Advantage Century Telecommunication (ACT) P202S IP Phone
CVE-2006-0374 (Advantage Century Telecommunication (ACT) P202S IP Phone 1.01.21 runni ...)
	NOT-FOR-US: Advantage Century Telecommunication (ACT) P202S IP Phone
CVE-2006-0373 (Cross-site scripting (XSS) vulnerability in register.aspx in Douran Fo ...)
	NOT-FOR-US: Douran FollowWeb
CVE-2006-0372 (Multiple SQL injection vulnerabilities in config.php in Insane Visions ...)
	NOT-FOR-US: Insane Visions BlogPHP
CVE-2006-0371 (Directory traversal vulnerability in index.php in Noah Medling RCBlog  ...)
	NOT-FOR-US: Noah Medling RCBlog
CVE-2006-0370 (Noah Medling RCBlog 1.03 stores the data and config directories under  ...)
	NOT-FOR-US: Noah Medling RCBlog
CVE-2006-0369
	- mysql-dfsg-4.1 <unfixed> (unimportant)
	NOTE: This isn't a security hole, it's expected behaviour
CVE-2006-0368 (Cisco CallManager 3.2 and earlier, 3.3 before 3.3(5)SR1, 4.0 before 4. ...)
	NOT-FOR-US: Cisco
CVE-2006-0367 (Unspecified vulnerability in Cisco CallManager 3.2 and earlier, 3.3 be ...)
	NOT-FOR-US: Cisco
CVE-2006-0366 (Cross-site scripting (XSS) vulnerability in Phpclanwebsite (aka PCW) a ...)
	NOT-FOR-US: Phpclanwebsite
CVE-2006-0365 (Cross-site scripting (XSS) vulnerability in XMB (aka extreme message b ...)
	NOT-FOR-US: XMB
CVE-2006-0364 (Cross-site scripting (XSS) vulnerability in MyBulletinBoard (MyBB) all ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2006-0363 (The "Remember my Password" feature in MSN Messenger 7.5 stores passwor ...)
	NOT-FOR-US: MSN Messenger
CVE-2006-0362 (TippingPoint Intrusion Prevention System (IPS) TOS before 2.1.4.6324,  ...)
	NOT-FOR-US: TippingPoint IPS
CVE-2006-0361 (Cross-site scripting (XSS) vulnerability in addcomment.php in Bit 5 Bl ...)
	NOT-FOR-US: Bit 5 Blog
CVE-2006-0360 (MPM SIP HP-180W Wireless IP Phone WE.00.17 allows remote attackers to  ...)
	NOT-FOR-US: MPM SIP IP Phone
CVE-2006-0359 (Buffer overflow in CounterPath eyeBeam SIP Softphone allows remote att ...)
	NOT-FOR-US: eyeBeam SIP Softphone
CVE-2006-0358 (Multiple SQL injection vulnerabilities in PowerPortal, possibly 1.1 be ...)
	NOT-FOR-US: PowerPortal
CVE-2006-0357 (Grant Averett Cerberus FTP Server 2.32, and possibly earlier versions, ...)
	NOT-FOR-US: Grant Averett Cerberus FTP Server
CVE-2006-0356 (Ari Pikivirta Home Ftp Server 1.0.7 allows remote attackers to cause a ...)
	NOT-FOR-US: Ari Pikivirta Home Ftp Server
CVE-2006-0355 (Helmsman Research (aka CoolUtils) HomeFtp 1.1 allows remote attackers  ...)
	NOT-FOR-US: Helmsman Research (aka CoolUtils) HomeFtp
CVE-2006-0354 (Cisco IOS before 12.3-7-JA2 on Aironet Wireless Access Points (WAP) al ...)
	NOT-FOR-US: Cisco
CVE-2006-0352 (The default configuration of Fluffington FLog 1.01 installs users.0.da ...)
	NOT-FOR-US: Fluffington FLog
CVE-2006-0351 (Unspecified "critical denial-of-service vulnerability" in MyDNS before ...)
	{DSA-963-1}
	[sarge] - mydns 1.0.0-4sarge1
	- mydns 1.1.0+pre-3 (medium; bug #348826)
CVE-2006-0350 (Cross-site scripting (XSS) vulnerability in eggblog 2.0 allow remote a ...)
	NOT-FOR-US: eggblog
CVE-2006-0349 (SQL injection vulnerability in eggblog 2.0 allows remote attackers to  ...)
	NOT-FOR-US: eggblog
CVE-2006-0348 (Format string vulnerability in the write_logfile function in ELOG befo ...)
	{DSA-967-1}
	- elog 2.6.1+r1642-1 (bug #349528; medium)
CVE-2006-0347 (Directory traversal vulnerability in ELOG before 2.6.1 allows remote a ...)
	{DSA-967-1}
	- elog 2.6.1+r1642-1 (bug #349528; medium)
CVE-2006-0346 (Cross-site scripting (XSS) vulnerability in SaralBlog 1.0 allows remot ...)
	NOT-FOR-US: SaralBlog
CVE-2006-0345 (Multiple SQL injection vulnerabilities in SaralBlog 1.0 allow remote a ...)
	NOT-FOR-US: SaralBlog
CVE-2006-0344 (Directory traversal vulnerability in Intervations FileCOPA FTP Server  ...)
	NOT-FOR-US: FileCOPA FTP Server
CVE-2006-0343 (Unspecified vulnerability in the Port Discovery Standard and Advanced  ...)
	NOT-FOR-US: Hitachi JP1/NetInsight II
CVE-2006-0342 (RockLiffe MailSite HTTP Mail management agent (httpma) 7.0.3.1 allows  ...)
	NOT-FOR-US: RockLiffe MailSite
CVE-2006-0341 (Cross-site scripting (XSS) vulnerability in WCONSOLE.DLL in Rockliffe  ...)
	NOT-FOR-US: RockLiffe MailSite
CVE-2006-0340 (Unspecified vulnerability in Stack Group Bidding Protocol (SGBP) suppo ...)
	NOT-FOR-US: Cisco
CVE-2006-0339 (Buffer overflow in BitComet Client 0.60 allows remote attackers to exe ...)
	NOT-FOR-US: BitComet
CVE-2006-0338 (Multiple F-Secure Anti-Virus products and versions for Windows and Lin ...)
	NOT-FOR-US: F-Secure
CVE-2006-0337 (Buffer overflow in multiple F-Secure Anti-Virus products and versions  ...)
	NOT-FOR-US: F-Secure
CVE-2006-0336 (Kerio WinRoute Firewall before 6.1.4 Patch 2 allows attackers to cause ...)
	NOT-FOR-US: Kerio Firewall
CVE-2006-0335 (Multiple unspecified vulnerabilities in Kerio WinRoute Firewall before ...)
	NOT-FOR-US: Kerio Firewall
CVE-2006-0334 (Cross-site scripting (XSS) vulnerability in search.php in My Amazon St ...)
	NOT-FOR-US: My Amazon Store Manager
CVE-2006-0333 (Cross-site scripting (XSS) vulnerability in ar-blog 5.2 allows remote  ...)
	NOT-FOR-US: ar-blog
CVE-2006-0332 (Pantomime in Ecartis 1.0.0 snapshot 20050909 stores e-mail attachments ...)
	- ecartis 1.0.0+cvs.20030911-11 (low; bug #348824)
	[sarge] - ecartis <no-dsa> (No real fix available, only rare setups affected, minor exploit potential)
CVE-2006-0331 (Buffer overflow in Change passwd 3.1 (chpasswd) SquirrelMail plugin al ...)
	NOT-FOR-US: Squirrelmail plugin
CVE-2006-0330 (Cross-site scripting (XSS) vulnerability in Gallery before 1.5.2 allow ...)
	{DSA-1148-1}
	- gallery 1.5.2-1
CVE-2006-0329 (SQL injection vulnerability in HITSENSER Data Mart Server BS, BS-S, BS ...)
	NOT-FOR-US: HITSENSER Data Mart Server BS
CVE-2006-0328 (Format string vulnerability in Tftpd32 2.81 allows remote attackers to ...)
	NOT-FOR-US: Tftpd32, different from the tftpd in Debian
CVE-2006-0327 (TYPO3 3.7.1 allows remote attackers to obtain sensitive information vi ...)
	- typo3-src 4.0.2-1 (bug #364351; unimportant)
	NOTE: Only path disclosure
CVE-2006-0326
	RESERVED
CVE-2006-0325 (Etomite Content Management System 0.6, and possibly earlier versions,  ...)
	NOT-FOR-US: Etomite CMS
CVE-2006-0324 (SQL injection vulnerability in WebspotBlogging 3.0 allows remote attac ...)
	NOT-FOR-US: WebspotBlogging
CVE-2006-0323 (Buffer overflow in swfformat.dll in multiple RealNetworks products and ...)
	NOT-FOR-US: Real Player (initial advisory claimed Helix affected, which is incorrect
CVE-2006-0322 (Unspecified vulnerability the edit comment formatting functionality in ...)
	- mediawiki 1.4.15-1 (low)
CVE-2006-0353 (unix_random.c in lshd for lsh 2.0.1 leaks file descriptors related to  ...)
	{DSA-956-1}
	- lsh-utils 2.0.1cdbs-4 (low; bug #349303)
	NOTE: woody seems to be vulnerable as well (looking at the source code).
CVE-2006-0283 (Unspecified vulnerability in Oracle Database Server 10.1.0.4.2, Applic ...)
	NOT-FOR-US: Oracle
CVE-2006-0321 (fetchmail 6.3.0 and other versions before 6.3.2 allows remote attacker ...)
	- fetchmail 6.3.2-1 (bug #348747; low)
	[sarge] - fetchmail <not-affected> (regression in fetchmail 6.3.0 and 6.3.1)
	[woody] - fetchmail <not-affected> (regression in fetchmail 6.3.0 and 6.3.1)
CVE-2006-0320 (SQL injection vulnerability in admin/processlogin.php in Bit 5 Blog 8. ...)
	NOT-FOR-US: Bit 5 Blog
CVE-2006-0319 (Directory traversal vulnerability in the FTP server (port 22003/tcp) i ...)
	NOT-FOR-US: Farmers WIFE
CVE-2006-0318 (SQL injection vulnerability in index.php in BlogPHP 1.0, when magic_qu ...)
	NOT-FOR-US: BlogPHP
CVE-2006-0317 (Cross-site scripting (XSS) vulnerability in rkrt_stats.php in RedKerne ...)
	NOT-FOR-US: RedKernel Referrer Tracker
CVE-2006-0316 (Buffer overflow in YGPPicFinder.DLL in AOL You've Got Pictures (YGP) P ...)
	NOT-FOR-US: AOL You've Got Pictures (YGP) Picture Finder Tool ActiveX Control
CVE-2006-0315 (index.php in EZDatabase before 2.1.2 does not properly cleanse the p p ...)
	NOT-FOR-US: EZDatabase
CVE-2006-0314 (PDFdirectory before 1.0 stores sensitive data in plaintext, which allo ...)
	NOT-FOR-US: PDFdirectory
CVE-2006-0313 (Multiple SQL injection vulnerabilities in PDFdirectory before 1.0 allo ...)
	NOT-FOR-US: PDFdirectory
CVE-2006-0312 (create.php in aoblogger 2.3 allows remote attackers to bypass authenti ...)
	NOT-FOR-US: aoblogger
CVE-2006-0311 (SQL injection vulnerability in login.php in aoblogger 2.3 allows remot ...)
	NOT-FOR-US: aoblogger
CVE-2006-0310 (Cross-site scripting (XSS) vulnerability in aoblogger 2.3 allows remot ...)
	NOT-FOR-US: aoblogger
CVE-2006-0309 (Linksys BEFVP41 VPN Router 2.0 with firmware 1.01.04 allows remote att ...)
	NOT-FOR-US: Linksys hardware issue
CVE-2006-0308 (PHP remote file inclusion vulnerability in htmltonuke.php in the htmlt ...)
	NOT-FOR-US: HTMLtoNuke
CVE-2006-0307 (The DM Primer in the DM Deployment Common Component in Computer Associ ...)
	NOT-FOR-US: CA BrightStor products
CVE-2006-0306 (The DM Primer (dmprimer.exe) in the DM Deployment Common Component in  ...)
	NOT-FOR-US: CA BrightStor products
CVE-2006-0305 (Clipcomm CPW-100E VoIP 802.11b Wireless Handset Phone running firmware ...)
	NOT-FOR-US: Clipcomm hardware
CVE-2006-0304 (Buffer overflow in Dual DHCP DNS Server 1.0 allows remote attackers to ...)
	NOT-FOR-US: dual dns server
CVE-2006-0303 (Multiple unspecified vulnerabilities in the (1) publishing component,  ...)
	NOT-FOR-US: Joomla!
CVE-2006-0302 (ZyXel P2000W VoIP 802.11b Wireless Phone running firmware WV.00.02 all ...)
	NOT-FOR-US: ZyXel hardware
CVE-2006-0301 (Heap-based buffer overflow in Splash.cc in xpdf, as used in other prod ...)
	{DSA-1019-1 DSA-998-1 DSA-984-1 DSA-983-1 DSA-982-1 DSA-979-1 DSA-974-1 DSA-972-1 DSA-971-1}
	- poppler 0.4.5-1 (medium)
	- tetex-bin 3.0-12 (medium)
	[sarge] - tetex-bin <not-affected> (tetex2 uses an older version, which is not affected)
	- kdegraphics 4:3.5.1-2 (medium)
	- gpdf 2.10.0-3 (medium)
	- xpdf 3.01-6 (bug #350785; bug #350783; medium)
	- koffice 1.5.0-1 (medium)
	- libextractor 0.5.10-1 (medium)
	- pdfkit.framework 0.8-4 (medium)
	- swftools <not-affected> (splash/ is not included, therefore no vulnerable code)
CVE-2006-0300 (Buffer overflow in tar 1.14 through 1.15.90 allows user-assisted attac ...)
	{DSA-987-1}
	- tar 1.15.1-3 (bug #354091; high)
	- dpkg <not-affected> (has completely different tar implementation)
	[woody] - tar <not-affected>
CVE-2006-0299 (The E4X implementation in Mozilla Firefox before 1.5.0.1, Thunderbird  ...)
	[sarge] - mozilla-firefox <not-affected> (Only Firefox 1.5 is affected)
	- mozilla <not-affected> (E4X not implemented in Mozilla 1.7)
	- firefox 1.5.dfsg+1.5.0.1-1 (bug #351442)
	[sarge] - mozilla-thunderbird <not-affected> (Only 1.5 is affected)
	- thunderbird 1.5.0.2-1
CVE-2006-0298 (The XML parser in Mozilla Firefox before 1.5.0.1 and SeaMonkey before  ...)
	[sarge] - mozilla-firefox <not-affected> (Only Firefox 1.5 is affected)
	- mozilla <not-affected> (Mozilla 1.7 is not affected)
	- firefox 1.5.dfsg+1.5.0.1-1 (bug #351442)
	[sarge] - mozilla-thunderbird <not-affected> (Only 1.5 is affected)
	- thunderbird 1.5.0.2-1
CVE-2006-0297 (Multiple integer overflows in Mozilla Firefox 1.5, Thunderbird 1.5 if  ...)
	[sarge] - mozilla-firefox <not-affected> (Only Firefox 1.5 is affected)
	- mozilla <not-affected> (Mozilla 1.7 is not affected)
	- firefox 1.5.dfsg+1.5.0.1-1 (bug #351442)
	[sarge] - mozilla-thunderbird <not-affected> (Only 1.5 is affected)
	- thunderbird 1.5.0.2-1
	- xulrunner 1.8.0.1-9
CVE-2006-0296 (The XULDocument.persist function in Mozilla, Firefox before 1.5.0.1, a ...)
	{DSA-1051-1 DSA-1046-1 DSA-1044-1}
	- firefox 1.5.dfsg+1.5.0.1-1 (bug #351442)
	- mozilla 2:1.7.13-0.1
	- thunderbird 1.5.0.2-1
CVE-2006-0295 (Mozilla Firefox 1.5, Thunderbird 1.5 if Javascript is enabled in mail, ...)
	- firefox 1.5.dfsg+1.5.0.1-1 (bug #351442)
	[sarge] - mozilla-firefox <not-affected>
	[sarge] - mozilla-thunderbird <not-affected> (Only 1.5 is affected)
	- thunderbird 1.5.0.2-1
CVE-2006-0294 (Mozilla Firefox before 1.5.0.1, Thunderbird 1.5 if running Javascript  ...)
	- firefox 1.5.dfsg+1.5.0.1-1 (bug #351442)
	[sarge] - mozilla-firefox <not-affected> (Only Firefox 1.5 is affected)
	[sarge] - mozilla-thunderbird <not-affected> (Only 1.5 is affected)
	- mozilla-thunderbird <removed>
	- thunderbird 1.5.0.2-1
CVE-2006-0293 (The function allocation code (js_NewFunction in jsfun.c) in Firefox 1. ...)
	{DSA-1051-1 DSA-1046-1}
	- firefox 1.5.dfsg+1.5.0.1-1 (bug #351442)
	[sarge] - mozilla-firefox <not-affected> (Only Firefox 1.5 is affected)
	[sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8
	- mozilla 2:1.7.13-0.1
CVE-2006-0292 (The Javascript interpreter (jsinterp.c) in Mozilla and Firefox before  ...)
	{DSA-1051-1 DSA-1046-1 DSA-1044-1}
	- firefox 1.5.dfsg+1.5.0.1-1 (bug #351442)
	[sarge] - mozilla-firefox 1.0.4-2sarge6
	[sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8
	- thunderbird 1.5.0.2-1
	- mozilla 2:1.7.13-0.1
CVE-2006-0291 (Multiple unspecified vulnerabilities in Oracle Database Server 10.2.0. ...)
	NOT-FOR-US: Oracle
CVE-2006-0290 (Unspecified vulnerability in Oracle Database Server 9.2.0.7, Applicati ...)
	NOT-FOR-US: Oracle
CVE-2006-0289 (Multiple unspecified vulnerabilities in Oracle Application Server 6.0. ...)
	NOT-FOR-US: Oracle
CVE-2006-0288 (Multiple unspecified vulnerabilities in the Oracle Reports Developer c ...)
	NOT-FOR-US: Oracle
CVE-2006-0287 (Unspecified vulnerability in the Oracle HTTP Server component of Oracl ...)
	NOT-FOR-US: Oracle
CVE-2006-0286 (Unspecified vulnerability in the Oracle HTTP Server component of Oracl ...)
	NOT-FOR-US: Oracle
CVE-2006-0285 (Unspecified vulnerability in the Java Net component of Oracle Database ...)
	NOT-FOR-US: Oracle
CVE-2006-0284 (Multiple unspecified vulnerabilities in Oracle Application Server 9.0. ...)
	NOT-FOR-US: Oracle
CVE-2006-0282 (Unspecified vulnerability in Oracle Database Server 8.1.7.4, 9.0.1.5,  ...)
	NOT-FOR-US: Oracle
CVE-2006-0281 (Unspecified vulnerability in Oracle JD Edwards HTML Server 8.95.F1 SP2 ...)
	NOT-FOR-US: Oracle
CVE-2006-0280 (Unspecified vulnerability in Oracle PeopleSoft Enterprise Portal 8.4 B ...)
	NOT-FOR-US: Oracle
CVE-2006-0279 (Multiple unspecified vulnerabilities in Oracle E-Business Suite and Ap ...)
	NOT-FOR-US: Oracle
CVE-2006-0278 (Multiple unspecified vulnerabilities in Oracle E-Business Suite and Ap ...)
	NOT-FOR-US: Oracle
CVE-2006-0277 (Multiple unspecified vulnerabilities in Oracle E-Business Suite and Ap ...)
	NOT-FOR-US: Oracle
CVE-2006-0276 (Multiple unspecified vulnerabilities in Oracle Collaboration Suite Rel ...)
	NOT-FOR-US: Oracle
CVE-2006-0275 (Unspecified vulnerability in the Oracle Reports Developer component of ...)
	NOT-FOR-US: Oracle
CVE-2006-0274 (Unspecified vulnerability in the Oracle Reports Developer component of ...)
	NOT-FOR-US: Oracle
CVE-2006-0273 (Unspecified vulnerability in the Portal component of Oracle Applicatio ...)
	NOT-FOR-US: Oracle
CVE-2006-0272 (Unspecified vulnerability in the XML Database component of Oracle Data ...)
	NOT-FOR-US: Oracle
CVE-2006-0271 (Unspecified vulnerability in the Upgrade &amp; Downgrade component of  ...)
	NOT-FOR-US: Oracle
CVE-2006-0270 (Unspecified vulnerability in the Transparent Data Encryption (TDE) Wal ...)
	NOT-FOR-US: Oracle
CVE-2006-0269 (Unspecified vulnerability in the Streams Capture component of Oracle D ...)
	NOT-FOR-US: Oracle
CVE-2006-0268 (Unspecified vulnerability in the Security component of Oracle Database ...)
	NOT-FOR-US: Oracle
CVE-2006-0267 (Unspecified vulnerability in the Query Optimizer component of Oracle D ...)
	NOT-FOR-US: Oracle
CVE-2006-0266 (Unspecified vulnerability in the Query Optimizer component of Oracle D ...)
	NOT-FOR-US: Oracle
CVE-2006-0265 (Multiple unspecified vulnerabilities in Oracle Database server 8.1.7.4 ...)
	NOT-FOR-US: Oracle
CVE-2006-0264
	REJECTED
CVE-2006-0263 (Multiple unspecified vulnerabilities in Oracle Database server 8.1.7.4 ...)
	NOT-FOR-US: Oracle
CVE-2006-0262 (Unspecified vulnerability in the Net Foundation Layer component of Ora ...)
	NOT-FOR-US: Oracle
CVE-2006-0261 (Multiple unspecified vulnerabilities in Oracle Database server 8.1.7.4 ...)
	NOT-FOR-US: Oracle
CVE-2006-0260 (Multiple unspecified vulnerabilities in Oracle Database server 9.2.0.7 ...)
	NOT-FOR-US: Oracle
CVE-2006-0259 (Multiple unspecified vulnerabilities in Oracle Database server 10.1.0. ...)
	NOT-FOR-US: Oracle
CVE-2006-0258 (Unspecified vulnerability in the Connection Manager component of Oracl ...)
	NOT-FOR-US: Oracle
CVE-2006-0257 (Unspecified vulnerability in the Change Data Capture component of Orac ...)
	NOT-FOR-US: Oracle
CVE-2006-0256 (Unspecified vulnerability in the Advanced Queuing component of Oracle  ...)
	NOT-FOR-US: Oracle
CVE-2006-0255 (Unquoted Windows search path vulnerability in Check Point VPN-1 Secure ...)
	NOT-FOR-US: Check Point VPN
CVE-2006-0254 (Multiple cross-site scripting (XSS) vulnerabilities in Apache Geronimo ...)
	- geronimo <itp> (bug #481869)
CVE-2006-0253 (Buffer overflow in the Bluetooth OBEX Object Push service in "Blue Nei ...)
	NOT-FOR-US: AmbiCom Blue Neighbors
CVE-2006-0252 (SQL injection vulnerability in Benders Calendar 1.0 allows remote atta ...)
	NOT-FOR-US: Benders Calendar
CVE-2006-0251 (Cross-site scripting (XSS) vulnerability in fom.cgi in Faq-O-Matic 2.7 ...)
	- faqomatic 2.712-3
CVE-2006-0250 (Format string vulnerability in the snmp_input function in snmptrapd in ...)
	NOT-FOR-US: cmu-snmp-linux fork from CMU SNMP
	NOTE: This bug is present in a fork, not in the mainline
	NOTE: CMU-SNMP/UCD-SNMP/NET-SNMP versions.
CVE-2006-0249 (SQL injection vulnerability in viewcat.php in BitDamaged geoBlog MOD_1 ...)
	NOT-FOR-US: geoBlog
CVE-2006-0248 (Virata-EmWeb web server 6_1_0, as used in (1) Intracom JetSpeed 500 an ...)
	NOT-FOR-US: Virata-EmWeb web server
CVE-2006-0247 (Cross-site scripting (XSS) vulnerability in anyboard.cgi in Netbula An ...)
	NOT-FOR-US: Anyboard
CVE-2006-0246 (Cross-site scripting (XSS) vulnerability in down.pl in Widexl Download ...)
	NOT-FOR-US: Widexl Download Tracker
CVE-2006-0245 (Multiple cross-site scripting (XSS) vulnerabilities in CubeCart 3.0.7- ...)
	NOT-FOR-US: CubeCart
CVE-2006-0244 (** DISPUTED ** Directory traversal vulnerability in workspaces.php in  ...)
	NOT-FOR-US: phpXplorer
CVE-2006-0243 (Cross-site scripting (XSS) vulnerability in SMBCMS 2.1 allows remote a ...)
	NOT-FOR-US: SMBCMS
CVE-2006-0242 (Cross-site scripting vulnerability in index.php in PHP Fusebox 4.0.6 a ...)
	NOT-FOR-US: PHP Fusebox
CVE-2006-0241 (Cross-site scripting vulnerability in WBNews 1.1.0 and earlier allows  ...)
	NOT-FOR-US: WBNews
CVE-2006-0240 (Multiple SQL injection vulnerabilities in Simple Blog 2.1 allow remote ...)
	NOT-FOR-US: Simple Blog
CVE-2006-0239 (Multiple cross-site scripting (XSS) vulnerabilities in Simple Blog 2.1 ...)
	NOT-FOR-US: Simple Blog
CVE-2006-0238 (SQL injection vulnerability in wp-stats.php in GaMerZ WP-Stats 2.0 all ...)
	NOT-FOR-US: GaMerZ WP-Stats
CVE-2006-0237 (Cross-site scripting (XSS) vulnerability in index.php in GTP iCommerce ...)
	NOT-FOR-US: GTP iCommerce
CVE-2006-0236 (GUI display truncation vulnerability in Mozilla Thunderbird 1.0.2, 1.0 ...)
	[sarge] - mozilla-thunderbird <no-dsa> (Mozilla products from Sarge no longer supported)
CVE-2006-0235 (SQL injection vulnerability in WhiteAlbum 2.5 allows remote attackers  ...)
	NOT-FOR-US: WhiteAlbum
CVE-2006-0234 (SQL injection vulnerability in index.php in microBlog 2.0 RC-10 allows ...)
	NOT-FOR-US: microBlog
CVE-2006-0233 (Cross-site scripting (XSS) vulnerability in functions.php in microBlog ...)
	NOT-FOR-US: microBlog
CVE-2006-0232 (Symantec Scan Engine 5.0.0.24, and possibly other versions before 5.1. ...)
	NOT-FOR-US: Symantec Scan Engine
CVE-2006-0231 (Symantec Scan Engine 5.0.0.24, and possibly other versions before 5.1. ...)
	NOT-FOR-US: Symantec Scan Engine
CVE-2006-0230 (Symantec Scan Engine 5.0.0.24, and possibly other versions before 5.1. ...)
	NOT-FOR-US: Symantec Scan Engine
CVE-2006-0229 (Unquoted Windows search path vulnerability in Wehntrust might allow lo ...)
	NOT-FOR-US: Wehntrust
CVE-2006-0228 (The RBAC functionality in grsecurity before 2.1.8 does not properly ha ...)
	- kernel-patch-grsecurity2 2.1.8-1 (bug #349246; medium)
	- kernel-patch-2.4-grsecurity <removed> (bug #349247; medium)
CVE-2006-0227 (Multiple unspecified vulnerabilities in lpsched in Sun Solaris 8, 9, a ...)
	NOT-FOR-US: lpsched in Sun Solaris
CVE-2006-0226 (Integer overflow in IEEE 802.11 network subsystem (ieee80211_ioctl.c)  ...)
	NOT-FOR-US: freebsd kernel
CVE-2006-0225 (scp in OpenSSH 4.2p1 allows attackers to execute arbitrary commands vi ...)
	- openssh 1:4.3p2-1 (low; bug #349645; bug #352254)
	[sarge] - openssh <no-dsa> (Protocol flaws inherited from rcp)
	- dropbear 0.48-1 (unimportant)
	NOTE: dropbear doesn't include scp in binary package
CVE-2006-0224 (Buffer overflow in Library of Assorted Spiffy Things (LibAST) 0.6.1 an ...)
	{DSA-976-1}
	- libast 0.7-1
CVE-2006-0223 (Directory traversal vulnerability in Shanghai TopCMM 123 Flash Chat Se ...)
	NOT-FOR-US: TopCMM
CVE-2006-0222 (Cross-site scripting (XSS) vulnerability in fullview.php in AlstraSoft ...)
	NOT-FOR-US: AlstraSoft Template Seller Pro
CVE-2006-0221 (SQL injection vulnerability in index.asp in the Admin Panel in Dragon  ...)
	NOT-FOR-US: Dragon Design Services Network (DDSN)
CVE-2006-0220 (Multiple cross-site scripting (XSS) vulnerabilities in DCP-Portal 5.3  ...)
	NOT-FOR-US: DCP-Portal
CVE-2006-0219 (The original distribution of MyBulletinBoard (MyBB) to update from old ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2006-0218 (Multiple unspecified vulnerabilities in MyBulletinBoard (MyBB) before  ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2006-0217 (Multiple cross-site scripting (XSS) vulnerabilities in Ultimate Auctio ...)
	NOT-FOR-US: Ultimate Auction
CVE-2006-0216 (admin.php in QualityEBiz Quality PPC (QPPC) 1.0 build 1644 allows remo ...)
	NOT-FOR-US: QualityEBiz Quality PPC
CVE-2006-0215 (Cross-site scripting (XSS) vulnerability in admin.php in QualityEBiz Q ...)
	NOT-FOR-US: QualityEBiz Quality PPC
CVE-2006-0214 (Eval injection vulnerability in ezDatabase 2.0 and earlier allows remo ...)
	NOT-FOR-US: ezDatabase
CVE-2006-0213 (Kolab Server 2.0.1, 2.0.2 and development versions pre-2.1-20051215 an ...)
	NOT-FOR-US: Kolab Server
	NOTE: libkolab-perl are extensions for this server, but server does not seem to be in debian
CVE-2006-0212 (Directory traversal vulnerability in OBEX Push services in Toshiba Blu ...)
	NOT-FOR-US: Toshiba Bluetooth Stack
CVE-2006-0211 (Cross-site scripting (XSS) vulnerability in forgotPassword.asp in Helm ...)
	NOT-FOR-US: Helm Hosting Control Panel
CVE-2006-0210 (Cross-site scripting (XSS) vulnerability in index.php in Interspire Tr ...)
	NOT-FOR-US: Interspire TrackPoint NX
CVE-2006-0209 (SQL injection vulnerability in general_functions.php in TankLogger 2.4 ...)
	NOT-FOR-US: TankLogger
CVE-2006-0208 (Multiple cross-site scripting (XSS) vulnerabilities in PHP 4.4.1 and 5 ...)
	- php5 5.1.2-1
	- php4 4:4.4.2-1 (bug #354682; low)
	[sarge] - php4 <no-dsa> (html_errors shouldn't be used)
CVE-2006-0207 (Multiple HTTP response splitting vulnerabilities in PHP 5.1.1 allow re ...)
	{DSA-1331-1}
	- php5 5.1.2-1 (bug #347894)
	- php4 4:4.4.2-1 (bug #354683)
CVE-2006-0206 (Eval injection vulnerability in Light Weight Calendar (LWC) 1.0 (20040 ...)
	NOT-FOR-US: Light Weight Calendar
CVE-2006-0205 (Multiple SQL injection vulnerabilities in Wordcircle 2.17 allow remote ...)
	NOT-FOR-US: Wordcircle
CVE-2006-0204 (Multiple cross-site scripting (XSS) vulnerabilities in Wordcircle 2.17 ...)
	NOT-FOR-US: Wordcircle
CVE-2006-0203 (membership.asp in Mini-Nuke CMS System 1.8.2 and earlier does not veri ...)
	NOT-FOR-US: Mini-Nuke
CVE-2006-0202 (Dave Nielsen and Patrick Breitenbach PayPal Web Services (aka PHP Tool ...)
	NOT-FOR-US: PayPal Web Services
CVE-2006-0201 (Dave Nielsen and Patrick Breitenbach PayPal Web Services (aka PHP Tool ...)
	NOT-FOR-US: PayPal Web Services
CVE-2006-0200 (Format string vulnerability in the error-reporting feature in the mysq ...)
	- php5 5.1.2-1 (bug #347894; unimportant)
	- php4 <not-affected> (vulnerable code was introduced in PHP5)
	NOTE: Not built into the binary packages
CVE-2006-0199 (SQL injection vulnerability in news.asp in Mini-Nuke CMS System 1.8.2  ...)
	NOT-FOR-US: Mini-Nuke
CVE-2006-0198 (Cross-site scripting (XSS) vulnerability in a certain module, possibly ...)
	NOT-FOR-US: XOOPS
CVE-2006-0197 (The XClientMessageEvent struct used in certain components of X.Org 6.8 ...)
	NOTE: Historic X11 bug #349251
CVE-2006-0196 (Unspecified vulnerability in Serial line sniffer (aka slsnif) 0.4.4 al ...)
	NOT-FOR-US: slsnif
CVE-2006-0195 (Interpretation conflict in the MagicHTML filter in SquirrelMail 1.4.0  ...)
	{DSA-988-1}
	- squirrelmail 2:1.4.6-1 (bug #354062)
CVE-2006-0194 (Cross-site scripting (XSS) vulnerability in default.asp in FogBugz 4.0 ...)
	NOT-FOR-US: FogBugz
CVE-2006-0193 (Cross-site scripting (XSS) vulnerability in the Hosting Control Panel  ...)
	NOT-FOR-US: Positive Software H-Sphere
CVE-2006-0192 (SQL injection vulnerability in Login_Validate.asp in ASPSurvey 1.10 al ...)
	NOT-FOR-US: ASPSurvey
CVE-2006-0191 (Unspecified vulnerability in Sun Solaris 10 allows local users to caus ...)
	NOT-FOR-US: Sun Solaris
CVE-2006-0190 (Unspecified vulnerability in Sun Solaris 9 and 10 for the x86 platform ...)
	NOT-FOR-US: Sun Solaris
CVE-2006-0189 (Buffer overflow in eStara Softphone 3.0.1.14 through 3.0.1.46 allows r ...)
	NOT-FOR-US: eStara Softphone
CVE-2006-0188 (webmail.php in SquirrelMail 1.4.0 to 1.4.5 allows remote attackers to  ...)
	{DSA-988-1}
	- squirrelmail 2:1.4.6-1 (bug #354064)
CVE-2006-2443 (The Debian package of knowledgetree 2.0.7 creates environment.php with ...)
	- knowledgetree 2.0.7-2 (bug #348306; medium)
CVE-2006-0187 (By design, Microsoft Visual Studio 2005 automatically executes code in ...)
	NOT-FOR-US: Microsoft
CVE-2006-0186
	REJECTED
CVE-2006-0185 (Multiple cross-site scripting vulnerabilities in the (1) Pool or (2) N ...)
	NOT-FOR-US: PHP-Nuke
CVE-2006-0184 (Multiple SQL injection vulnerabilities in AspTopSites allow remote att ...)
	NOT-FOR-US: AspTopSites
CVE-2006-0183 (Direct static code injection vulnerability in edit.php in ACal Calenda ...)
	NOT-FOR-US: ACal Calendar Project
CVE-2006-0182 (login.php in ACal Calendar Project 2.2.5 allows remote attackers to by ...)
	NOT-FOR-US: ACal Calendar Project
CVE-2006-0181 (Cisco Security Monitoring, Analysis and Response System (CS-MARS) befo ...)
	NOT-FOR-US: Cisco
CVE-2006-0180 (Cross-site scripting (XSS) vulnerability in CaLogic Calendars 1.2.2 al ...)
	NOT-FOR-US: CaLogic Calendars
CVE-2006-0179 (The Cisco IP Phone 7940 allows remote attackers to cause a denial of s ...)
	NOT-FOR-US: Cisco
CVE-2006-0178 (Format string vulnerability in /bin/ftp in UNICOS 9.0.2.2 allows local ...)
	NOT-FOR-US: Cray UNICOS
CVE-2006-0177 (Multiple buffer overflows in Cray UNICOS 9.0.2.2 might allow local use ...)
	NOT-FOR-US: Cray UNICOS
CVE-2006-0176 (Buffer overflow in certain functions in src/fileio.c and src/unix/file ...)
	- xmame 0.104-1 (medium; bug #349653)
	NOTE: Only xmame-svgalib is vulnerable, the xmame-x package has a debconf
	NOTE: question, that makes it very clear that setuid root is only for single-user
	NOTE: systems and xmame-sdl and xmess aren't setuid at all
	[sarge] - xmame <no-dsa> (XMame is non-free software)
CVE-2006-0175 (Cross-site scripting (XSS) vulnerability in search_form.asp in Web Wiz ...)
	NOT-FOR-US: Web Wiz Forums
CVE-2006-0174 (Hummingbird Collaboration (aka Hummingbird Enterprise Collaboration) 5 ...)
	NOT-FOR-US: Hummingbird Collaboration
CVE-2006-0173 (Hummingbird Collaboration (aka Hummingbird Enterprise Collaboration) 5 ...)
	NOT-FOR-US: Hummingbird Collaboration
CVE-2006-0172 (Cross-site scripting (XSS) vulnerability in the file manager utility i ...)
	NOT-FOR-US: Hummingbird Collaboration
CVE-2006-0171 (PHP remote file include vulnerability in index.php in OrjinWeb E-comme ...)
	NOT-FOR-US: OrjinWeb E-commerce
CVE-2006-0170
	REJECTED
CVE-2006-0169 (addresses.php3 in MyPhPim 01.05 does not restrict uploaded files, whic ...)
	NOT-FOR-US: MyPhPim
CVE-2006-0168 (Cross-site scripting (XSS) vulnerability in MyPhPim 01.05 allows remot ...)
	NOT-FOR-US: MyPhPim
CVE-2006-0167 (SQL injection vulnerability in MyPhPim 01.05 allows remote attackers t ...)
	NOT-FOR-US: MyPhPim
CVE-2006-0166 (Symantec Norton SystemWorks and SystemWorks Premier 2005 and 2006 stor ...)
	NOT-FOR-US: Symantec SystemWorks
CVE-2006-0165 (Cross-site scripting (XSS) vulnerability in the DataForm Entries funct ...)
	NOT-FOR-US: WebGUI
CVE-2006-0164 (phgstats.inc.php in phgstats before 0.5.1, if register_globals is enab ...)
	NOT-FOR-US: phgstats
CVE-2006-0163 (SQL injection vulnerability in the search module (modules/Search/index ...)
	NOT-FOR-US: PHP-Nuke
CVE-2006-0161 (Unspecified vulnerability in uucp in Sun Solaris 8 and 9 has unknown i ...)
	NOT-FOR-US: Solaris
CVE-2006-0160 (SQL injection vulnerability in add_post.php3 in Venom Board 1.22 allow ...)
	NOT-FOR-US: Venom Board
CVE-2006-0159 (SQL injection vulnerability in escribir.php in Foro Domus 2.10 allows  ...)
	NOT-FOR-US: Foro Domus
CVE-2006-0158 (SQL injection vulnerability in index.php in CyberDoc SiteSuite CMS all ...)
	NOT-FOR-US: CyberDoc SiteSuite CMS
CVE-2006-0157 (settings.php in Reamday Enterprises Magic News Plus 1.0.3 allows remot ...)
	NOT-FOR-US: Reamday Enterprises Magic News Plus
CVE-2006-0156 (Cross-site scripting (XSS) vulnerability in Foxrum 4.0.4f allows remot ...)
	NOT-FOR-US: Foxforum
CVE-2006-0155 (Cross-site scripting (XSS) vulnerability in posts.php in 427BB 2.2 and ...)
	NOT-FOR-US: 427BB
CVE-2006-0154 (SQL injection vulnerability in showthread.php in 427BB 2.2 and 2.2.1 a ...)
	NOT-FOR-US: 427BB
CVE-2006-0153 (427BB 2.2 and 2.2.1 verifies authentication credentials based on the u ...)
	NOT-FOR-US: 427BB
CVE-2006-0152 (Cross-site scripting (XSS) in search_result.php in phpChamber 1.2 and  ...)
	NOT-FOR-US: phpChamber
CVE-2006-0151 (sudo 1.6.8 and other versions does not clear the PYTHONINSPECT environ ...)
	{DSA-946-2}
	- sudo 1.6.8p12-1 (medium)
	NOTE: The whole black list approach is flawed, for the DSA we'll switch to
	NOTE: a white list approach of known to be safe env vars.
CVE-2006-0150 (Multiple format string vulnerabilities in the auth_ldap_log_reason fun ...)
	{DSA-952-1}
	- libapache-auth-ldap <removed> (bug #347416)
CVE-2006-0149 (Cross-site scripting (XSS) vulnerability in SimpBook 1.0, with html_en ...)
	NOT-FOR-US: SimpBook
CVE-2006-0148 (NetSarang Xlpd 2.1 allows remote attackers to cause a denial of servic ...)
	NOT-FOR-US: NetSarang Xlpd
CVE-2006-0147 (Dynamic code evaluation vulnerability in tests/tmssql.php test script  ...)
	{DSA-1031-1 DSA-1030-1 DSA-1029-1}
	- libphp-adodb 4.72-0.1 (medium; bug #349985)
	- cacti 0.8.6d-1 (medium)
	- moodle 1.6.3-2 (medium)
	NOTE: exact moodle fixed version not known, but at least <= 1.6.3-2
CVE-2006-0146 (The server.php test script in ADOdb for PHP before 4.70, as used in mu ...)
	{DSA-1031-1 DSA-1030-1 DSA-1029-1}
	- libphp-adodb 4.72-0.1 (medium; bug #349985)
	- cacti 0.8.6d-1 (medium)
	- moodle 1.6.3-2 (medium)
	NOTE: exact moodle fixed version not known, but at least <= 1.6.3-2
CVE-2006-0145 (The kernfs_xread function in kernfs in NetBSD 1.6 through 2.1, and Ope ...)
	NOT-FOR-US: NetBSD
CVE-2006-0144 (The proxy server feature in go-pear.php in PHP PEAR 0.2.2, as used in  ...)
	NOT-FOR-US: Neither php-pear nor php4-pear ship this file
CVE-2006-0143 (Microsoft Windows Graphics Rendering Engine (GRE) allows remote attack ...)
	NOT-FOR-US: Windows
CVE-2006-0142 (Cross-site scripting (XSS) vulnerability in andromeda.php in Andromeda ...)
	NOT-FOR-US: Andromeda
CVE-2006-0141 (Qualcomm Eudora Internet Mail Server (EIMS) before 3.2.8 allows remote ...)
	NOT-FOR-US: Eudora
CVE-2006-0140 (Cross-site scripting (XSS) vulnerability in post.php in NavBoard V16 S ...)
	NOT-FOR-US: Navboard
CVE-2006-0139 (The send-private-message functionality (send-private-message.asp) in P ...)
	NOT-FOR-US: PD9 Software MegaBBS
CVE-2006-0162 (Heap-based buffer overflow in libclamav/upx.c in Clam Antivirus (ClamA ...)
	{DSA-947-1}
	- clamav 0.88-1
CVE-2006-0138 (aMSN (aka Alvaro's Messenger) allows remote attackers to cause a denia ...)
	- amsn 0.98.9-1 (low; bug #557754)
	[squeeze] - amsn <no-dsa> (minor issue)
	[etch] - amsn <no-dsa> (minor issue)
	[lenny] - amsn <no-dsa> (minor issue)
CVE-2006-0137 (SQL injection vulnerability in linkcategory.php in Phanatic Softwares  ...)
	NOT-FOR-US: Phanatic Softwares Chimera Web Portal System
CVE-2006-0136 (Multiple cross-site scripting (XSS) vulnerabilities in the guestbook m ...)
	NOT-FOR-US: Phanatic Softwares Chimera Web Portal System
CVE-2006-0135 (SQL injection vulnerability in login.php in TheWebForum (twf) 1.2.1 al ...)
	NOT-FOR-US: TheWebForum
CVE-2006-0134 (Cross-site scripting (XSS) vulnerability in register.php in TheWebForu ...)
	NOT-FOR-US: TheWebForum
CVE-2006-0133 (Multiple directory traversal vulnerabilities in AIX 5.3 ML03 allow loc ...)
	NOT-FOR-US: AIX
CVE-2006-0132 (Directory traversal vulnerability in webftp.php in SysCP WebFTP 1.2.6  ...)
	NOT-FOR-US: SysCP WebFTP
CVE-2006-0131 (boastMachine 3.1 allows remote attackers to obtain sensitive informati ...)
	NOT-FOR-US: boastMachine
CVE-2006-0130 (Mail Management Agent (MAILMA) (aka Mail Management Server) in Rocklif ...)
	NOT-FOR-US: Mail Management Agent
CVE-2006-0129 (Mail Management Agent (MAILMA) (aka Mail Management Server) in Rocklif ...)
	NOT-FOR-US: Mail Management Agent
CVE-2006-0128 (Buffer overflow in the IMAP service of Rockliffe MailSite before 6.1.2 ...)
	NOT-FOR-US: Rockliffe MailSite
CVE-2006-0127 (Directory traversal vulnerability in the IMAP service of Rockliffe Mai ...)
	NOT-FOR-US: Rockliffe MailSite
CVE-2006-0126 (rxvt-unicode before 6.3, on certain platforms that use openpty and non ...)
	- rxvt-unicode 6.3-1
	[sarge] - rxvt-unicode <not-affected> (rxvt-unicode author disagrees with CVE, GNU/Linux not affected - see 6.3 entry in http://dist.schmorp.de/rxvt-unicode/Changes)
	[woody] - rxvt-unicode <not-affected> (rxvt-unicode author disagrees with CVE, GNU/Linux not affected - see 6.3 entry in http://dist.schmorp.de/rxvt-unicode/Changes)
CVE-2006-0125 (Unspecified vulnerability in appserv/main.php in AppServ 2.4.5 allows  ...)
	NOT-FOR-US: AppServ
CVE-2006-0124 (Cross-site scripting (XSS) vulnerability in crear.php in ADN Forum 1.0 ...)
	NOT-FOR-US: ADN Forum
CVE-2006-0123 (Multiple SQL injection vulnerabilities in ADN Forum 1.0b allow remote  ...)
	NOT-FOR-US: ADN Forum
CVE-2006-0122 (Cross-site scripting (XSS) vulnerability in Public/Index.asp in Aquife ...)
	NOT-FOR-US: Aquifer CMS
CVE-2006-0121 (Multiple memory leaks in IBM Lotus Notes and Domino Server before 6.5. ...)
	NOT-FOR-US: Notes/Domino
CVE-2006-0120 (Multiple unspecified vulnerabilities in IBM Lotus Notes and Domino Ser ...)
	NOT-FOR-US: Notes/Domino
CVE-2006-0119 (Multiple unspecified vulnerabilities in IBM Lotus Notes and Domino Ser ...)
	NOT-FOR-US: Notes/Domino
CVE-2006-0118 (Unspecified vulnerability in IBM Lotus Notes and Domino Server before  ...)
	NOT-FOR-US: Notes/Domino
CVE-2006-0117 (Buffer overflow in IBM Lotus Notes and Domino Server before 6.5.5 allo ...)
	NOT-FOR-US: Notes/Domino
CVE-2006-0116 (Cross-site scripting vulnerability search.inetstore in iNETstore Ebusi ...)
	NOT-FOR-US: iNETstore Ebusiness Software
CVE-2006-0115 (Multiple SQL injection vulnerabilities in OnePlug Solutions OnePlug CM ...)
	NOT-FOR-US: OnePlug Solutions OnePlug CMS
CVE-2006-0114 (The vCard functions in Joomla! 1.0.5 use predictable sequential IDs fo ...)
	NOT-FOR-US: Joomla!
CVE-2006-0113 (Enhanced Simple PHP Gallery 1.7 allows remote attackers to obtain the  ...)
	NOT-FOR-US: Enhanced Simple PHP Gallery
CVE-2006-0112 (Cross-site scripting (XSS) vulnerability in index.php in Enhanced Simp ...)
	NOT-FOR-US: Enhanced Simple PHP Gallery
CVE-2006-0111 (Cross-site scripting vulnerability in index.php in Boxcar Media Shoppi ...)
	NOT-FOR-US: Boxcar Media Shopping Cart
CVE-2006-0110 (Cross-site scripting (XSS) vulnerability in escribir.php in Foro Domus ...)
	NOT-FOR-US: Foro Domus
CVE-2006-0109 (Cross-site scripting vulnerability in category.php in Modular Merchant ...)
	NOT-FOR-US: Modular Merchant Shopping Cart
CVE-2006-0108 (SQL injection vulnerability in mcl_login.asp in Timecan CMS allows rem ...)
	NOT-FOR-US: Timecan CMS
CVE-2006-0107 (SQL injection vulnerability in Timecan CMS allows remote attackers to  ...)
	NOT-FOR-US: Timecan CMS
CVE-2006-0105 (PostgreSQL 8.0.x before 8.0.6 and 8.1.x before 8.1.2, when running on  ...)
	NOT-FOR-US: PostgreSQL on Windows
CVE-2006-0104 (Directory traversal vulnerability in TinyPHPForum 3.6 and earlier allo ...)
	NOT-FOR-US: TinyPHPForum
CVE-2006-0103 (TinyPHPForum 3.6 and earlier stores the (1) users/[USERNAME].hash and  ...)
	NOT-FOR-US: TinyPHPForum
CVE-2006-0102 (Cross-site scripting (XSS) vulnerability in TinyPHPForum (TPF) 3.6 and ...)
	NOT-FOR-US: TinyPHPForum
CVE-2006-0101 (Multiple cross-site scripting (XSS) vulnerabilities in sBLOG 0.7.1 Bet ...)
	NOT-FOR-US: sBLOG
CVE-2006-0100 (Buffer overflow in NicoFTP 3.0.1.19 and earlier might allow local user ...)
	NOT-FOR-US: NicoFTP
CVE-2006-0099 (PHP remote file include vulnerability in (1) include/templates/categor ...)
	NOT-FOR-US: Valdersoft Shopping Cart
CVE-2006-0098 (The dupfdopen function in sys/kern/kern_descrip.c in OpenBSD 3.7 and 3 ...)
	NOT-FOR-US: OpenBSD
CVE-2006-0097 (Stack-based buffer overflow in the create_named_pipe function in libmy ...)
	- php4 <not-affected> (Windows specific)
	- php5 <not-affected> (Windows specific)
CVE-2006-0096 (wan/sdla.c in Linux kernel 2.6.x before 2.6.11 and 2.4.x before 2.4.29 ...)
	{DSA-1017-1}
	- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.11)
	- kernel-source-2.4.27 2.4.27-8
CVE-2006-0095 (dm-crypt in Linux kernel 2.6.15 and earlier does not clear a structure ...)
	{DSA-1017-1}
	- linux-2.6 2.6.16-1
	- kernel-source-2.4.27 <not-affected> (2.4 doesn't have dm-crypt)
CVE-2006-0094 (PHP remote file include vulnerability in forum.php in oaBoard 1.0 allo ...)
	NOT-FOR-US: oaBoard
CVE-2006-0093 (Cross-site scripting (XSS) vulnerability in index.php in @Card ME PHP  ...)
	NOT-FOR-US: @Card ME PHP
CVE-2006-0092
	REJECTED
CVE-2006-0091 (Cross-site scripting (XSS) vulnerability in webmail in Open-Xchange 0. ...)
	NOT-FOR-US: Open-Xchange
CVE-2006-0090 (Directory traversal vulnerability in index.php in IDV Directory Viewer ...)
	NOT-FOR-US: IDV Directory Viewer
CVE-2006-0089 (Buffer overflow in ESRI ArcPad 7.0.0.156 allows remote attackers to ca ...)
	NOT-FOR-US: ESRI ArcPad
CVE-2006-0088 (SQL injection vulnerability in intouch.lib.php in inTouch 0.5.1 Alpha  ...)
	NOT-FOR-US: inTouch
CVE-2006-0087 (SQL injection vulnerability in (1) pages.php and (2) detail.php in Liz ...)
	NOT-FOR-US: Lizard Cart
CVE-2006-0086 (Cross-site scripting vulnerability in index.php in Next Generation Ima ...)
	NOT-FOR-US: Next Generation Image Gallery
CVE-2006-0085 (SQL injection vulnerability in Nkads 1.0 alfa 3 allows remote attacker ...)
	NOT-FOR-US: Nkads
CVE-2006-0084 (Cross-site scripting vulnerability in index.php in raSMP 2.0.0 and ear ...)
	NOT-FOR-US: raSMP
CVE-2006-0083 (Format string vulnerability in the logging code of SMS Server Tools (s ...)
	{DSA-930-2 DSA-930-1}
	- smstools 1.16-1.1 (bug #347221; medium)
CVE-2006-0106 (gdi/driver.c and gdi/printdrv.c in Wine 20050930, and other versions,  ...)
	{DSA-954-1 CVE-2005-4560}
	- wine 0.9.2-1 (bug #346197; medium)
CVE-2006-0082 (Format string vulnerability in the SetImageInfo function in image.c fo ...)
	{DSA-1213}
	- imagemagick 6:6.2.4.5-0.6 (bug #345876)
CVE-2006-0081 (ialmnt5.sys in the ialmrnt5 display driver in Intel Graphics Accelerat ...)
	NOT-FOR-US: Intel
CVE-2006-0080 (Cross-site scripting (XSS) vulnerability in vBulletin 3.5.2, and possi ...)
	NOT-FOR-US: vBulletin
CVE-2006-0079 (SQL injection vulnerability in auth.php in ScozNet ScozBook BETA 1.1 a ...)
	NOT-FOR-US: ScozNet
CVE-2006-0078 (Multiple cross-site scripting (XSS) vulnerabilities in B-net Software  ...)
	NOT-FOR-US: B-Net Software
CVE-2006-0077 (Off-by-one error in the getfattr function in File::ExtAttr before 0.03 ...)
	NOT-FOR-US: File::ExtAttr
CVE-2006-0076 (PHP remote file include vulnerability in forum.php in oaBoard 1.0 allo ...)
	NOT-FOR-US: oaBoard
CVE-2006-0075 (Direct static code injection vulnerability in phpBook 1.3.2 and earlie ...)
	NOT-FOR-US: phpBook
CVE-2006-0074 (SQL injection vulnerability in profile.php in PHPenpals allows remote  ...)
	NOT-FOR-US: PHPenpals
CVE-2006-0073 (Cross-site scripting (XSS) vulnerability in DiscusWare Discus Freeware ...)
	NOT-FOR-US: DiscusWare Discus
CVE-2006-0072 (Buffer overflow in termsh on SCO OpenServer 5.0.7 allows remote attack ...)
	NOT-FOR-US: SCO Openserver
CVE-2006-0071 (The ebuild for pinentry before 0.7.2-r2 on Gentoo Linux sets setgid bi ...)
	- pinentry <not-affected> (Gentoo-specific packaging flaw)
CVE-2006-0070
	- drupal <not-affected> (According to upstream advisory is junk, behaviour intentional)
	NOTE: This will probably be REJECTED anyway
CVE-2006-0069 (Cross-site scripting (XSS) vulnerability in addentry.php in Chipmunk G ...)
	NOT-FOR-US: Chipmunk Guestbook
CVE-2006-0068 (SQL injection vulnerability in Primo Cart 1.0 and earlier allows remot ...)
	NOT-FOR-US: Primo Cart
CVE-2006-0067 (SQL injection vulnerability in login.php in VEGO Links Builder 2.00 an ...)
	NOT-FOR-US: VEGO Links Builder
CVE-2006-0066 (SQL injection vulnerability in index.php in PHPjournaler 1.0 allows re ...)
	NOT-FOR-US: PHPjournaler
CVE-2006-0065 (SQL injection vulnerability in (1) functions.php, (2) functions_update ...)
	NOT-FOR-US: VEGO Web Forum
CVE-2006-0064 (PHP remote file include vulnerability in includes/orderSuccess.inc.php ...)
	NOT-FOR-US: CubeCart
CVE-2006-0063 (Cross-site scripting (XSS) vulnerability in phpBB 2.0.19, when "Allowe ...)
	- phpbb2 2.0.21-1 (unimportant)
	[sarge] - phpbb2 <no-dsa> (Affects only an inherently unsafe option only suitable for trusted users)
	NOTE: According to the maintainer only affects a config option that is strongly
	NOTE: discouraged due to potential security problems
	NOTE: (Upstream fix was in 2.0.20.)
CVE-2006-0062 (xlockmore 5.13 allows potential xlock bypass when FVWM switches to the ...)
	- xlockmore 1:5.13-2.1 (bug #309760)
CVE-2006-0061 (xlockmore 5.13 and 5.22 segfaults when using libpam-opensc and returns ...)
	- xlockmore 1:5.22-1.2 (bug #318123; bug #399003; low)
	[sarge] - xlockmore <no-dsa> (Minor issue)
CVE-2006-0060
	RESERVED
CVE-2006-0059 (Heap-based buffer overflow in the ISO Transport Service over TCP (RFC  ...)
	NOT-FOR-US: LiveData
CVE-2006-0058 (Signal handler race condition in Sendmail 8.13.x before 8.13.6 allows  ...)
	{DSA-1015-1}
	- sendmail 8.13.6-1 (bug #358440; high)
CVE-2006-0057 (Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers t ...)
	NOT-FOR-US: Windows
CVE-2006-0056 (Double free vulnerability in the authentication and authentication tok ...)
	- pam-mysql 0.6.2-1 (bug #353589; medium)
	[sarge] - pam-mysql <not-affected> (Vulnerable code not present)
CVE-2006-0055 (The ispell_op function in ee on FreeBSD 4.10 to 6.0 uses predictable f ...)
	- ee 1:1.4.2-5 (bug #348322)
CVE-2006-0054 (The ipfw firewall in FreeBSD 6.0-RELEASE allows remote attackers to ca ...)
	NOT-FOR-US: FreeBSD
CVE-2006-0053 (Imager (libimager-perl) before 0.50 allows user-assisted attackers to  ...)
	{DSA-1028-1}
	- libimager-perl 0.50-1 (bug #359661)
CVE-2006-0052 (The attachment scrubber (Scrubber.py) in Mailman 2.1.5 and earlier, wh ...)
	{DSA-1027-1}
	- mailman 2.1.6-1 (bug #358892)
CVE-2006-0051 (Buffer overflow in playlistimport.cpp in Kaffeine Player 0.4.2 through ...)
	{DSA-1023-1}
	- kaffeine 0.8-1
CVE-2006-0050 (snmptrapfmt in Debian 3.0 allows local users to overwrite arbitrary fi ...)
	{DSA-1013-1}
	- snmptrapfmt 1.10
CVE-2006-0049 (gpg in GnuPG before 1.4.2.2 does not properly verify non-detached sign ...)
	{DSA-993-2}
	- gnupg 1.4.2.2-1 (bug #356125; medium)
	- gnupg2 <not-affected> (Vulnerable code not activated)
CVE-2006-0048 (Francesco Stablum tcpick 0.2.1 allows remote attackers to cause a deni ...)
	- tcpick 0.2.1-3 (bug #360571; low)
	[sarge] - tcpick <no-dsa> (Minor issue)
CVE-2006-0047 (packets.c in Freeciv 2.0 before 2.0.8 allows remote attackers to cause ...)
	{DSA-994-1}
	- freeciv 2.0.8-1 (medium; bug #355211)
CVE-2006-0046 (squid_redirect script in adzapper before 2006-01-29 allows remote atta ...)
	{DSA-966-1}
	- adzapper 20060115-1
CVE-2006-0045 (crawl before 4.0.0 does not securely call programs when saving and loa ...)
	{DSA-949-1}
	- crawl 1:4.0.0beta26-7 (medium)
CVE-2006-0044 (Unspecified vulnerability in context.py in Albatross web application t ...)
	{DSA-942-1}
	- albatross 1.33-1
CVE-2006-0043 (Buffer overflow in the realpath function in nfs-server rpc.mountd, as  ...)
	{DSA-975-1}
	- nfs-user-server 2.2beta47-22 (high; bug #350020)
	NOTE: nfs-utils (kernel NFS server) is not affected
	NOTE: (it uses PATH_MAX for the buffer passed to realpath).
CVE-2006-0042 (Unspecified vulnerability in (1) apreq_parse_headers and (2) apreq_par ...)
	{DSA-1000-2}
	- libapreq2 2.07-1
CVE-2006-0041
	REJECTED
CVE-2006-0040 (GNOME Evolution 2.4.2.1 and earlier allows remote attackers to cause a ...)
	- evolution 2.10.1 (bug #398064; low)
	[etch] - evolution <no-dsa> (Minor issue)
	[sarge] - evolution <not-affected> (Not reproducable on Sarge)
CVE-2006-0039 (Race condition in the do_add_counters function in netfilter for Linux  ...)
	{DSA-1103 DSA-1097-1}
	- linux-2.6 2.6.16-14
CVE-2006-0038 (Integer overflow in the do_replace function in netfilter for Linux bef ...)
	{DSA-1103 DSA-1097-1}
	- linux-2.6 2.6.16-1
CVE-2006-0037 (ip_nat_pptp in the PPTP NAT helper (netfilter/ip_nat_helper_pptp.c) in ...)
	- linux-2.6 2.6.15-3
	[sarge] - kernel-source-2.6.8 <not-affected> (Vulnerable code not present)
	[sarge] - kernel-source-2.4.27 <not-affected> (Vulnerable code not present)
CVE-2006-0036 (ip_nat_pptp in the PPTP NAT helper (netfilter/ip_nat_helper_pptp.c) in ...)
	- linux-2.6 2.6.15-3
	[sarge] - kernel-source-2.6.8 <not-affected> (Vulnerable code not present)
	[sarge] - kernel-source-2.4.27 <not-affected> (Vulnerable code not present)
CVE-2006-0035 (The netlink_rcv_skb function in af_netlink.c in Linux kernel 2.6.14 an ...)
	- linux-2.6 2.6.15-3
CVE-2006-0019 (Heap-based buffer overflow in the encodeURI and decodeURI functions in ...)
	{DSA-948-1}
	- kdelibs 4:3.5.1-1 (medium)
CVE-2006-0034 (Heap-based buffer overflow in the CRpcIoManagerServer::BuildContext fu ...)
	NOT-FOR-US: Microsoft
CVE-2006-0033 (Unspecified vulnerability in Microsoft Office 2003 SP1 and SP2, Office ...)
	NOT-FOR-US: Microsoft
CVE-2006-0032 (Cross-site scripting (XSS) vulnerability in the Indexing Service in Mi ...)
	NOT-FOR-US: Microsoft
CVE-2006-0031 (Stack-based buffer overflow in Microsoft Excel 2000, 2002, and 2003, i ...)
	NOT-FOR-US: Microsoft
CVE-2006-0030 (Unspecified vulnerability in Microsoft Excel 2000, 2002, and 2003, in  ...)
	NOT-FOR-US: Microsoft
CVE-2006-0029 (Unspecified vulnerability in Microsoft Excel 2000, 2002, and 2003, in  ...)
	NOT-FOR-US: Microsoft
CVE-2006-0028 (Unspecified vulnerability in Microsoft Excel 2000, 2002, and 2003, in  ...)
	NOT-FOR-US: Microsoft
CVE-2006-0027 (Unspecified vulnerability in Microsoft Exchange allows remote attacker ...)
	NOT-FOR-US: Microsoft
CVE-2006-0026 (Buffer overflow in Microsoft Internet Information Services (IIS) 5.0,  ...)
	NOT-FOR-US: Microsoft
CVE-2006-0025 (Stack-based buffer overflow in Microsoft Windows Media Player 9 and 10 ...)
	NOT-FOR-US: Microsoft Windows Media Player
CVE-2006-0024 (Multiple unspecified vulnerabilities in Adobe Flash Player 8.0.22.0 an ...)
	- flashplugin-nonfree 7.0.61-4 (bug #357038; bug #357105)
	[sarge] - flashplugin-nonfree <no-dsa> (Only affects proprietary Flash plugin)
CVE-2006-0023 (Microsoft Windows XP SP1 and SP2 before August 2004, and possibly othe ...)
	NOT-FOR-US: Microsoft
CVE-2006-0022 (Unspecified vulnerability in Microsoft PowerPoint in Microsoft Office  ...)
	NOT-FOR-US: Microsoft PowerPoint
CVE-2006-0021 (Microsoft Windows XP SP1 and SP2, and Server 2003 up to SP1, allows re ...)
	NOT-FOR-US: Microsoft
CVE-2006-0020 (An unspecified Microsoft WMF parsing application, as used in Internet  ...)
	NOT-FOR-US: Microsoft
CVE-2006-0018
	REJECTED
CVE-2006-0017
	REJECTED
CVE-2006-0016
	REJECTED
CVE-2006-0015 (Cross-site scripting (XSS) vulnerability in _vti_bin/_vti_adm/fpadmdll ...)
	NOT-FOR-US: Microsoft
CVE-2006-0014 (Buffer overflow in Microsoft Outlook Express 5.5 and 6 allows remote a ...)
	NOT-FOR-US: Microsoft
CVE-2006-0013 (Buffer overflow in the Web Client service (WebClnt.dll) for Microsoft  ...)
	NOT-FOR-US: Microsoft
CVE-2006-0012 (Unspecified vulnerability in Windows Explorer in Microsoft Windows 200 ...)
	NOT-FOR-US: Microsoft
CVE-2006-0011
	REJECTED
CVE-2006-0010 (Heap-based buffer overflow in T2EMBED.DLL in Microsoft Windows 2000 SP ...)
	NOT-FOR-US: Microsoft
CVE-2006-0009 (Buffer overflow in Microsoft Office 2000 SP3, XP SP3, and other versio ...)
	NOT-FOR-US: Microsoft
CVE-2006-0008 (The ShellAbout API call in Korean Input Method Editor (IME) in Korean  ...)
	NOT-FOR-US: Microsoft
CVE-2006-0007 (Buffer overflow in GIFIMP32.FLT, as used in Microsoft Office 2003 SP1  ...)
	NOT-FOR-US: Microsoft
CVE-2006-0006 (Heap-based buffer overflow in the bitmap processing routine in Microso ...)
	NOT-FOR-US: Microsoft
CVE-2006-0005 (Buffer overflow in the plug-in for Microsoft Windows Media Player (WMP ...)
	NOT-FOR-US: Microsoft
CVE-2006-0004 (Microsoft PowerPoint 2000 in Office 2000 SP3 has an interaction with I ...)
	NOT-FOR-US: Microsoft
CVE-2006-0003 (Unspecified vulnerability in the RDS.Dataspace ActiveX control, which  ...)
	NOT-FOR-US: RDS.Dataspace
CVE-2006-0002 (Unspecified vulnerability in Microsoft Outlook 2000 through 2003, Exch ...)
	NOT-FOR-US: Microsoft
CVE-2006-0001 (Stack-based buffer overflow in Microsoft Publisher 2000 through 2003 a ...)
	NOT-FOR-US: Microsoft