path: root/data/CVE/list.2007

CVE-2007-6763 (SAS Drug Development (SDD) before 32DRG02 mishandles logout actions, w ...)
	NOT-FOR-US: SAS Drug Development (SDD)
CVE-2007-6762 (In the Linux kernel before 2.6.20, there is an off-by-one bug in net/n ...)
	- linux <not-affected> (Fixed before src:linux-2.6 -> src:linux rename)
	NOTE: https://git.kernel.org/linus/2a2f11c227bdf292b3a2900ad04139d301b56ac4
CVE-2007-6761 (drivers/media/video/videobuf-vmalloc.c in the Linux kernel before 2.6. ...)
	- linux <not-affected> (Fixed before src:linux-2.6 -> src:linux rename)
	NOTE: Fixed by: https://git.kernel.org/linus/0b29669c065f60501e7289e1950fa2a618962358 (v2.6.24-rc6)
CVE-2007-6760 (Dataprobe iBootBar (with 2007-09-20 and possibly later beta firmware)  ...)
	NOT-FOR-US: Dataprobe iBootBar
CVE-2007-6759 (Dataprobe iBootBar (with 2007-09-20 and possibly later released firmwa ...)
	NOT-FOR-US: Dataprobe iBootBar
CVE-2007-6758 (Server-side request forgery (SSRF) vulnerability in feed-proxy.php in  ...)
	NOT-FOR-US: feed-proxy.php
CVE-2007-6757 (GE Healthcare Centricity DMS 4.2, 4.1, and 4.0 has a password of Muse! ...)
	NOT-FOR-US: GE Healthcare Centricity DMS
CVE-2007-6756 (ZOLL Defibrillator / Monitor M Series, E Series, and R Series have a d ...)
	NOT-FOR-US: ZOLL Defibrillator / Monitor M Series, E Series, and R Series
CVE-2007-6755 (The NIST SP 800-90A default statement of the Dual Elliptic Curve Deter ...)
	- openssl <unfixed> (unimportant)
	NOTE: Unused/broken in OpenSSL, see http://marc.info/?l=openssl-announce&m=138747119822324&w=2
CVE-2007-6754 (The ipalloc function in libc/stdlib/malloc.c in jemalloc in libc for F ...)
	NOT-FOR-US: NetBSD/FreeBSD libc
CVE-2007-6753 (Untrusted search path vulnerability in Shell32.dll in Microsoft Window ...)
	NOT-FOR-US: Microsoft Windows
CVE-2007-6752 (** DISPUTED ** Cross-site request forgery (CSRF) vulnerability in Drup ...)
	- drupal7 <removed> (unimportant)
CVE-2007-6751 (Cross-site scripting (XSS) vulnerability in the MailForm plugin before ...)
	NOT-FOR-US: MailForm plugin for Movable Type
CVE-2007-6750 (The Apache HTTP Server 1.x and 2.x allows remote attackers to cause a  ...)
	- apache2 2.2.15-3 (medium; bug #533661)
	- apache <removed> (medium; bug #533662)
	[lenny] - apache2 <no-dsa> (Minor issue)
CVE-2007-6749
	REJECTED
CVE-2007-6748
	REJECTED
CVE-2007-6747
	REJECTED
CVE-2007-6746 (telepathy-idle before 0.1.15 does not verify (1) that the issuer is a  ...)
	- telepathy-idle 0.1.15-1 (low; bug #706094)
	[wheezy] - telepathy-idle <no-dsa> (Minor issue)
	[squeeze] - telepathy-idle <no-dsa> (Minor issue)
CVE-2007-6745 (clamav 0.91.2 suffers from a floating point exception when using ScanO ...)
	- clamav 0.91.2-1~volatile1
	[etch] - clamav <not-affected> (Vulnerable code not present)
	[sarge] - clamav <not-affected> (Vulnerable code not present)
CVE-2007-6744 (Flexera Macrovision InstallShield before 2008 sends a digital-signatur ...)
	NOT-FOR-US: Flexera Macrovision InstallShield
CVE-2007-6743 (Double free vulnerability in IBM Tivoli Directory Server (TDS) 5.2 bef ...)
	NOT-FOR-US: Tivoli
CVE-2007-6742 (The get_filter_list function in IBM Tivoli Directory Server (TDS) 5.2  ...)
	NOT-FOR-US: Tivoli
CVE-2007-6741 (The ftp_PORT function in FTPServer.py in pyftpdlib before 0.2.0 does n ...)
	- python-pyftpdlib <not-affected> (Fixed before initial upload to the archive)
CVE-2007-6740 (The ftp_STOU function in FTPServer.py in pyftpdlib before 0.2.0 does n ...)
	- python-pyftpdlib <not-affected> (Fixed before initial upload to the archive)
CVE-2007-6739 (FTPServer.py in pyftpdlib before 0.2.0 allows remote attackers to caus ...)
	- python-pyftpdlib <not-affected> (Fixed before initial upload to the archive)
CVE-2007-6738 (pyftpdlib before 0.1.1 does not choose a random value for the port ass ...)
	- python-pyftpdlib <not-affected> (Fixed before initial upload to the archive)
CVE-2007-6737 (FTPServer.py in pyftpdlib before 0.2.0 does not increment the attempte ...)
	- python-pyftpdlib <not-affected> (Fixed before initial upload to the archive)
CVE-2007-6736 (Multiple directory traversal vulnerabilities in FTPServer.py in pyftpd ...)
	- python-pyftpdlib <not-affected> (Fixed before initial upload to the archive)
CVE-2007-6735 (NWFTPD.nlm before 5.08.06 in the FTP server in Novell NetWare does not ...)
	NOT-FOR-US: Novell NetWare
CVE-2007-6734 (NWFTPD.nlm before 5.08.07 in the FTP server in Novell NetWare 6.5 SP7  ...)
	NOT-FOR-US: Novell NetWare
CVE-2007-6733 (The nfs_lock function in fs/nfs/file.c in the Linux kernel 2.6.9 does  ...)
	- linux-2.6 2.6.10-1
CVE-2007-6732 (Multiple buffer overflows in the dtt_load function in loaders/dtt_load ...)
	- xmp 2.6.1-1 (low; bug #546730)
	[etch] - xmp <no-dsa> (Minor issue, fringe app/formats)
	[lenny] - xmp <no-dsa> (Minor issue, fringe app/formats)
CVE-2007-6731 (Extended Module Player (XMP) 2.5.1 and earlier allow remote attackers  ...)
	- xmp 2.6.1-1 (low; bug #546730)
	[etch] - xmp <no-dsa> (Minor issue, fringe app/formats)
	[lenny] - xmp <no-dsa> (Minor issue, fringe app/formats)
CVE-2007-6730 (Multiple cross-site request forgery (CSRF) vulnerabilities in the web  ...)
	NOT-FOR-US: ZyXEL P-330W
CVE-2007-6729 (Cross-site scripting (XSS) vulnerability in the web management interfa ...)
	NOT-FOR-US: ZyXEL P-330W
CVE-2007-6728 (Cross-site scripting (XSS) vulnerability in XMB 1.5 allows remote atta ...)
	NOT-FOR-US: XMB
CVE-2007-6727 (SQL injection vulnerability in topic.php in KerviNet Forum 1.1 allows  ...)
	NOT-FOR-US: KerviNet Forum
CVE-2007-6726 (Multiple cross-site scripting (XSS) vulnerabilities in Dojo 0.4.1 and  ...)
	NOT-FOR-US: Dojo
CVE-2007-6725 (The CCITTFax decoding filter in Ghostscript 8.60, 8.61, and possibly o ...)
	{DSA-2080-1}
	- ghostscript 8.63.dfsg.1-1 (medium; bug #524803)
	- gs-gpl <removed> (medium; bug #561717)
CVE-2007-6724 (Vidalia bundle before 0.1.2.18, when running on Windows, installs Priv ...)
	NOT-FOR-US: Vidalia
CVE-2007-6723 (TorK before 0.22, when running on Windows and Mac OS X, installs Privo ...)
	- tork <not-affected> (Affects only Windows and MacOS)
CVE-2007-6722 (Vidalia bundle before 0.1.2.18, when running on Windows and Mac OS X,  ...)
	NOT-FOR-US: Vidalia
CVE-2007-6721 (The Legion of the Bouncy Castle Java Cryptography API before release 1 ...)
	- bouncycastle 1.38-1
CVE-2007-6720 (libmikmod 3.1.9 through 3.2.0, as used by MikMod, SDL-mixer, and possi ...)
	- libmikmod 3.1.11-6.1 (low; bug #461519)
	[etch] - libmikmod <no-dsa> (Minor issue)
	[lenny] - libmikmod <no-dsa> (Minor issue)
	- sdl-mixer1.2 1.2.8-1 (low; bug #422021)
	[etch] - sdl-mixer1.2 <no-dsa> (Minor issue)
CVE-2007-XXXX [tdiary XSS]
	- tdiary 2.2.0-1 (bug #464778)
	[etch] - tdiary 2.0.2+20060303-5
	NOTE: fixed in r6 point update
	NOTE: http://www.tdiary.org/20071215.html
CVE-2007-6719 (SQL injection vulnerability in Wiz-Ad 1.3 allows remote attackers to e ...)
	NOT-FOR-US: Wiz-Ad
CVE-2007-6718 (MPlayer, possibly 1.0rc1, allows remote attackers to cause a denial of ...)
	- mplayer 1.0~rc3+svn20100502-1 (low; bug #407010)
	[lenny] - mplayer <no-dsa> (Some have been fixed in Lenny/libavcodec, some crashers left)
	NOTE: http://sam.zoy.org/blog/2007-01-16-exposing-file-parsing-vulnerabilities
CVE-2007-6717 (Buffer overflow in tftp in bos.net.tcp.client in IBM AIX 5.2.0 and 5.3 ...)
	NOT-FOR-US: IBM AIX
CVE-2007-6716 (fs/direct-io.c in the dio subsystem in the Linux kernel before 2.6.23  ...)
	{DSA-1653-1}
	- linux-2.6 2.6.23-1
	- linux-2.6.24 <not-affected> (Vulnerable code not present)
	NOTE: 848c4dd5153c7a0de55470ce99a8e13a63b4703f
CVE-2007-6715 (Mozilla Firefox allows remote attackers to cause a denial of service ( ...)
	- iceweasel <removed> (unimportant)
	NOTE: browser dos not treated as security issues
	NOTE: cant reproduce on 2.0.0.12-1 and 2.0.0.14-2, already fixed?
CVE-2007-6713 (Unspecified vulnerability in Flip4Mac WMV before 2.2.0.49 has unknown  ...)
	NOT-FOR-US: Flip4Mac
CVE-2007-6714 (DBMail before 2.2.9, when using authldap with an LDAP server that supp ...)
	- dbmail 2.2.9
CVE-2007-6712 (Integer overflow in the hrtimer_forward function (hrtimer.c) in Linux  ...)
	{DSA-1588-1}
	- linux-2.6 2.6.26-1
	- linux-2.6.24 <not-affected>
	NOTE: upstream commit 13788ccc41ceea5893f9c747c59bc0b28f2416c2, not present in 2.6.25.x,
	NOTE: but fixed in git, so marking as fixed in 2.6.26-1
CVE-2007-6711 (Unspecified vulnerability in customer.php in FreeWebshop.org 2.2.5, 2. ...)
	NOT-FOR-US: FreeWebShop.org
CVE-2007-6710
	RESERVED
CVE-2007-6709 (The Cisco Linksys WAG54GS Wireless-G ADSL Gateway with 1.01.03 and ear ...)
	NOT-FOR-US: Cisco Linksys
CVE-2007-6708 (Multiple cross-site request forgery (CSRF) vulnerabilities on the Cisc ...)
	NOT-FOR-US: Cisco Linksys
CVE-2007-6707 (Multiple cross-site scripting (XSS) vulnerabilities on the Cisco Links ...)
	NOT-FOR-US: Cisco Linksys
CVE-2007-6706 (Unspecified vulnerability in nlnotes.dll in the client in IBM Lotus No ...)
	NOT-FOR-US: IBM Lotus Notes
CVE-2007-6705 (The WebSphere MQ XA 5.3 before FP13 and 6.0.x before 6.0.2.1 client fo ...)
	NOT-FOR-US: WebSphere
CVE-2007-6704 (Multiple cross-site scripting (XSS) vulnerabilities in F5 FirePass 410 ...)
	NOT-FOR-US: F5 FirePass
CVE-2007-6703 (Unspecified vulnerability in vdccm before 0.10.1 in SynCE (SynCE-dccm) ...)
	- vdccm <removed>
CVE-2007-6702 (goform/QuickStart_c0 on the GoAhead Web Server on the FS4104-AW (aka r ...)
	NOT-FOR-US: FS4104-AW firmware
CVE-2007-6701 (Multiple stack-based buffer overflows in the Spooler service (nwspool. ...)
	NOT-FOR-US: Novell Client
CVE-2007-6700 (Cross-site scripting (XSS) vulnerability in cgi-bin/bgplg in the web i ...)
	NOT-FOR-US: openbsd
CVE-2007-6699 (Multiple buffer overflows in the AIM PicEditor 9.5.1.8 ActiveX control ...)
	NOT-FOR-US: AIM PicEditor
CVE-2007-6698 (The BDB backend for slapd in OpenLDAP before 2.3.36 allows remote auth ...)
	{DSA-1541-1}
	- openldap2.3 2.3.38-1
	- openldap2.2 <removed>
	- openldap2 <not-affected> (slapd not built)
CVE-2007-6696 (Multiple cross-site scripting (XSS) vulnerabilities in WebCalendar 1.1 ...)
	- webcalendar 1.1.6-7 (bug #466935)
	[lenny] - webcalendar <not-affected> (See http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=466935#37)
CVE-2007-6695 (Cross-site scripting (XSS) vulnerability in index.php in Drake CMS 0.4 ...)
	NOT-FOR-US: Drake CMS
CVE-2007-6694 (The chrp_show_cpuinfo function (chrp/setup.c) in Linux kernel 2.4.21 t ...)
	{DSA-1565-1 DSA-1503-2 DSA-1504-1 DSA-1503-1}
	- linux-2.6 2.6.24-1
	- linux-2.6.24 <not-affected> (Fixed before initial upload, upstream in 2.6.24)
	NOTE: Upstream commit 9ac71d00398674aaec664f30559f0a21d963862f, part of 2.6.24
CVE-2007-6697 (Buffer overflow in the LWZReadByte function in IMG_gif.c in SDL_image  ...)
	{DSA-1493-2 DSA-1493-1}
	- sdl-image1.2 1.2.6-2 (medium)
CVE-2007-6693 (Unspecified vulnerability in the WebCam module in Menalto Gallery befo ...)
	- gallery2 2.2.4-1 (bug #457644)
	- gallery <not-affected> (Vulnerable code not present)
CVE-2007-6692 (Open redirect vulnerability in Menalto Gallery before 2.2.4 allows rem ...)
	- gallery2 2.2.4-1 (bug #457644)
	- gallery <not-affected> (Vulnerable code not present)
CVE-2007-6691 (Multiple unspecified vulnerabilities in Menalto Gallery before 2.2.4 h ...)
	- gallery2 2.2.4-1 (bug #457644)
	- gallery <not-affected> (Vulnerable code not present)
CVE-2007-6690 (The Gallery Remote module in Menalto Gallery before 2.2.4 does not che ...)
	- gallery2 2.2.4-1 (bug #457644)
	- gallery <not-affected> (Vulnerable code not present)
CVE-2007-6689 (Menalto Gallery before 2.2.4 does not properly check for malicious fil ...)
	- gallery2 2.2.4-1 (bug #457644)
	- gallery <not-affected> (Vulnerable code not present)
CVE-2007-6688 (Unspecified vulnerability in the Installation application in Menalto G ...)
	- gallery <not-affected> (Vulnerable code not present)
	- gallery2 2.2.4-1 (bug #457644)
CVE-2007-6687 (Multiple cross-site scripting (XSS) vulnerabilities in Menalto Gallery ...)
	- gallery2 2.2.4-1 (bug #457644)
	- gallery <not-affected> (Vulnerable code not present)
CVE-2007-6686 (The URL rewrite module in Menalto Gallery before 2.2.4 allows attacker ...)
	- gallery2 2.2.4-1 (bug #457644)
	- gallery <not-affected> (Vulnerable code not present)
CVE-2007-6685 (Unspecified vulnerability in the Publish XP module Menalto Gallery bef ...)
	- gallery <not-affected> (Vulnerable code not present)
	- gallery2 2.2.4-1 (bug #457644)
CVE-2007-6680 (Trusted Execution in IBM AIX 6.1 uses an incorrect pathname argument i ...)
	NOT-FOR-US: IBM AIX
CVE-2007-6679 (Unspecified vulnerability in the Administrative Console in IBM WebSphe ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2007-6678
	REJECTED
CVE-2007-6677 (Cross-site scripting (XSS) vulnerability in Peter's Random Anti-Spam I ...)
	NOT-FOR-US: Peter's Random Anti-Spam Image
CVE-2007-6676 (The default configuration of Uber Uploader (UU) 5.3.6 and earlier does ...)
	NOT-FOR-US: Uber Uploader
CVE-2007-6675 (The b_system_comments_show function in htdocs/modules/system/blocks/sy ...)
	NOT-FOR-US: XOOPS
CVE-2007-6674 (Cross-site scripting (XSS) vulnerability in Default.asp in RapidShare  ...)
	NOT-FOR-US: RapidShare Database
CVE-2007-6673 (Cross-site scripting (XSS) vulnerability in Makale Scripti allows remo ...)
	NOT-FOR-US: Makale Scripti
CVE-2007-6672 (Mortbay Jetty 6.1.5 and 6.1.6 allows remote attackers to bypass protec ...)
	- jetty 6.1.18-1 (medium; bug #462793; bug #559765)
CVE-2007-6671 (SQL injection vulnerability in login_form.asp in Instant Softwares Dat ...)
	NOT-FOR-US: Instant Softwares Dating Site
CVE-2007-6670 (SQL injection vulnerability in search.php in PHCDownload 1.1.0 allows  ...)
	NOT-FOR-US: PHCDownload
CVE-2007-6669 (Cross-site scripting (XSS) vulnerability in search.php in PHCDownload  ...)
	NOT-FOR-US: PHCDownload
CVE-2007-6668 (admin/uploadgames.php in MySpace Content Zone (MCZ) 3.x does not requi ...)
	NOT-FOR-US: MySpace Content Zone
CVE-2007-6667 (SQL injection vulnerability in faq.php in MyPHP Forum 3.0 and earlier  ...)
	NOT-FOR-US: MyPHP Forum
CVE-2007-6666 (SQL injection vulnerability in rss.php in Zenphoto 1.1 through 1.1.3 a ...)
	NOT-FOR-US: Zenphoto
CVE-2007-6665 (SQL injection vulnerability in admin/login.asp in Netchemia oneSCHOOL  ...)
	NOT-FOR-US: Netchemia
CVE-2007-6664 (SQL injection vulnerability in index.php in WebPortal CMS 0.6.0 and ea ...)
	NOT-FOR-US: WebPortal
CVE-2007-6663 (SQL injection vulnerability in (1) Puarcade.php and (2) PUarcade.html. ...)
	NOT-FOR-US: Pragmatic Utopia PU Arcade
CVE-2007-6662 (Directory traversal vulnerability in file.php in CuteNews 2.6 allows r ...)
	NOT-FOR-US: CuteNews
CVE-2007-6661 (2z project 0.9.6.1 allows attackers to change the password without sup ...)
	NOT-FOR-US: 2z project
CVE-2007-6660 (2z project 0.9.6.1 allows remote attackers to obtain sensitive informa ...)
	NOT-FOR-US: 2z project
CVE-2007-6659 (Multiple cross-site scripting (XSS) vulnerabilities in 2z project 0.9. ...)
	NOT-FOR-US: 2z project
CVE-2007-6658 (SQL injection vulnerability in admin.php/vars.php in CustomCMS (CCMS)  ...)
	NOT-FOR-US: CCMS
CVE-2007-6657 (PHP remote file inclusion vulnerability in source/includes/load_forum. ...)
	NOT-FOR-US: Mihalism
CVE-2007-6656 (SQL injection vulnerability in content_css.php in the TinyMCE module f ...)
	NOT-FOR-US: CMS Made Simple
CVE-2007-6655 (PHP remote file inclusion vulnerability in includes/function.php in Ko ...)
	NOT-FOR-US: Kontakt Formular
CVE-2007-6654 (Buffer overflow in a certain ActiveX control in Macrovision InstallShi ...)
	NOT-FOR-US: Macrovision InstallShield Update Service Web Agent
CVE-2007-6653 (Directory traversal vulnerability in download.php in Mihalism Multi Ho ...)
	NOT-FOR-US: Mihalism
CVE-2007-6652 (cpie.php in XCMS 1.83 and earlier sends a redirect to the web browser  ...)
	NOT-FOR-US: XCMS
CVE-2007-6651 (Directory traversal vulnerability in wiki/edit.php in Bitweaver R2 CMS ...)
	NOT-FOR-US: Bitweaver
CVE-2007-6650 (Unrestricted file upload vulnerability in fisheye/upload.php in Bitwea ...)
	NOT-FOR-US: Bitweaver
CVE-2007-6649 (PHP remote file inclusion vulnerability in includes/tumbnail.php in Ma ...)
	NOT-FOR-US: MatPo Bilder Gallery
CVE-2007-6648 (Directory traversal vulnerability in index.php in SanyBee Gallery 0.1. ...)
	NOT-FOR-US: SanyBee Gallery
CVE-2007-6647 (SQL injection vulnerability in index.php in w-Agora 4.2.1 and earlier  ...)
	NOT-FOR-US: w-Agora
CVE-2007-6646 (Multiple cross-site scripting (XSS) vulnerabilities in LiveCart 1.0.1, ...)
	NOT-FOR-US: LiveCart
CVE-2007-6645 (Unspecified vulnerability in Joomla! before 1.5 RC4 allows remote auth ...)
	NOT-FOR-US: Joomla!
CVE-2007-6644 (Joomla! before 1.5 RC4 allows remote authenticated administrators to p ...)
	NOT-FOR-US: Joomla!
CVE-2007-6643 (Cross-site scripting (XSS) vulnerability in the com_poll component in  ...)
	NOT-FOR-US: Joomla!
CVE-2007-6642 (Multiple cross-site request forgery (CSRF) vulnerabilities in Joomla!  ...)
	NOT-FOR-US: Joomla!
CVE-2007-6641 (Cross-site scripting (XSS) vulnerability in dir.php in milliscripts Re ...)
	NOT-FOR-US: milliscripts
CVE-2007-6640 (Creammonkey 0.9 through 1.1 and GreaseKit 1.2 through 1.3 does not pro ...)
	NOT-FOR-US: Creammonkey and GreaseKit
CVE-2007-6639 (SQL injection vulnerability in index.php in IPTBB 0.5.4 and earlier al ...)
	NOT-FOR-US: IPTBB
CVE-2007-6638 (March Networks DVR 3204 stores sensitive information under the web roo ...)
	NOT-FOR-US: March Networks
CVE-2007-6637 (Multiple cross-site scripting (XSS) vulnerabilities in Adobe Flash Pla ...)
	- flashplugin-nonfree 1:1.4 (bug #459071)
	[sarge] - flashplugin-nonfree <no-dsa> (Contrib not supported)
	[etch] - flashplugin-nonfree <no-dsa> (Contrib not supported)
	NOTE: http://www.adobe.com/support/security/advisories/apsa07-06.html
CVE-2007-6636 (Unspecified vulnerability in the StorageFarabDb module in Bitflu befor ...)
	NOT-FOR-US: Bitflu
CVE-2007-6635 (FAQMasterFlexPlus, possibly 1.5 or 1.52, stores the admin password in  ...)
	NOT-FOR-US: FAQMasterFlexPlus
CVE-2007-6634 (Multiple SQL injection vulnerabilities in FAQMasterFlexPlus, possibly  ...)
	NOT-FOR-US: FAQMasterFlexPlus
CVE-2007-6633 (Multiple cross-site scripting (XSS) vulnerabilities in FAQMasterFlexPl ...)
	NOT-FOR-US: FAQMasterFlexPlus
CVE-2007-6632 (showCode.php in xml2owl 0.1.1 allows remote attackers to execute arbit ...)
	NOT-FOR-US: xml2owl
CVE-2007-6631 (Multiple buffer overflows in LScube libnemesi 0.6.4-rc1 and earlier al ...)
	NOT-FOR-US: LScube libnemesi
CVE-2007-6630 (The Url_init function in utils/url.c in Netembryo 0.0.4, when used by  ...)
	NOT-FOR-US: Netembryo
CVE-2007-6629 (Interpretation conflict in LScube Feng 0.1.15 and earlier allows remot ...)
	NOT-FOR-US: LScube Feng
CVE-2007-6628 (LScube Feng 0.1.15 and earlier allows remote attackers to cause a deni ...)
	NOT-FOR-US: LScube Feng
CVE-2007-6627 (Integer overflow in the RTSP_remove_msg function in RTSP_lowlevel.c in ...)
	NOT-FOR-US: LScube Feng
CVE-2007-6626 (Multiple buffer overflows in the RTSP_valid_response_msg function in R ...)
	NOT-FOR-US: LScube Feng
CVE-2007-6625 (The Platform Service Process (asampsp) in Fan-Out Driver Platform Serv ...)
	NOT-FOR-US: Platform Service Process (asampsp)
CVE-2007-6624 (Directory traversal vulnerability in printview.php in PNphpBB2 1.2i an ...)
	NOT-FOR-US: PNphpBB2
CVE-2007-6623 (Absolute path traversal vulnerability in ZeusCMS 0.3 and earlier might ...)
	NOT-FOR-US: ZeusCMS
CVE-2007-6622 (SQL injection vulnerability in security.php in ZeusCMS 0.3 and earlier ...)
	NOT-FOR-US: ZeusCMS
CVE-2007-6621 (Directory traversal vulnerability in joovili.images.php in Joovili 3.0 ...)
	NOT-FOR-US: Joovili
CVE-2007-6620 (Directory traversal vulnerability in include/images.inc.php in Joovili ...)
	NOT-FOR-US: Joovili
CVE-2007-6619 (The Setup Wizard in Atlassian JIRA Enterprise Edition before 3.12.1 do ...)
	NOT-FOR-US: Setup Wizard in Atlassian JIRA Enterprise Edition
CVE-2007-6618 (JIRA Enterprise Edition before 3.12.1 allows remote attackers to delet ...)
	NOT-FOR-US: JIRA Enterprise Edition
CVE-2007-6617 (Cross-site scripting (XSS) vulnerability in 500page.jsp in JIRA Enterp ...)
	NOT-FOR-US: JIRA Enterprise Edition
CVE-2007-6616 (Cross-site scripting (XSS) vulnerability in simpleforum.cgi in SimpleF ...)
	NOT-FOR-US: SimpleForum
CVE-2007-6615 (Directory traversal vulnerability in includes/block.php in Agares Medi ...)
	NOT-FOR-US: Agares Media phpAutoVideo
CVE-2007-6614 (PHP remote file inclusion vulnerability in admin/frontpage_right.php i ...)
	NOT-FOR-US: Agares Media phpAutoVideo
CVE-2007-6613 (Stack-based buffer overflow in the print_iso9660_recurse function in i ...)
	- libcdio 0.78.2+dfsg1-2 (low; bug #459129)
	[sarge] - libcdio <not-affected> (Packages prior to 0.78.2 didn't build the tools into binary package)
	[etch] - libcdio <not-affected> (Packages prior to 0.78.2 didn't build the tools into binary package)
	NOTE: applications that use libcdio are not vulnerable, problem only lies in the info tool
CVE-2007-6610 (unp 1.0.12, and other versions before 1.0.14, does not properly escape ...)
	- unp 1.0.13 (bug #448437; low)
	[etch] - unp <no-dsa> (Only used as archiver in third-party software)
CVE-2007-6609 (Multiple stack-based buffer overflows in the CPLI_ReadTag_OGG function ...)
	NOT-FOR-US: CoolPlayer
CVE-2007-6608 (Multiple cross-site scripting (XSS) vulnerabilities in OpenBiblio 0.5. ...)
	NOT-FOR-US: OpenBiblio
CVE-2007-6607 (OpenBiblio 0.5.2-pre4 and earlier allows remote attackers to obtain se ...)
	NOT-FOR-US: OpenBiblio
CVE-2007-6606 (OpenBiblio 0.5.2-pre4 and earlier allows remote attackers to obtain co ...)
	NOT-FOR-US: OpenBiblio
CVE-2007-6605 (Buffer overflow in a certain ActiveX control in SkyFexClient.ocx 1.0.2 ...)
	NOT-FOR-US: SkyFex Client
CVE-2007-6604 (Multiple directory traversal vulnerabilities in index.php in XCMS 1.82 ...)
	NOT-FOR-US: XCMS
CVE-2007-6603 (Hot or Not Clone has insufficient access control for producing and rea ...)
	NOT-FOR-US: Hot or Not Clone
CVE-2007-6602 (SQL injection vulnerability in app/models/identity.php in NoseRub 0.5. ...)
	NOT-FOR-US: NoseRub
CVE-2007-6601 (The DBLink module in PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8 ...)
	{DSA-1463-1 DSA-1460-1}
	- postgresql-8.2 8.2.6-1
	- postgresql-8.1 8.1.11-1
CVE-2007-6600 (PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, 7.4 ...)
	{DSA-1463-1 DSA-1460-1}
	- postgresql-8.2 8.2.6-1
	- postgresql-8.1 8.1.11-1
	[sarge] - postgresql <unfixed>
CVE-2007-6597 (Multiple cross-site scripting (XSS) vulnerabilities in IPortalX before ...)
	NOT-FOR-US: IPortalX
CVE-2007-6599 (Race condition in fileserver in OpenAFS 1.3.50 through 1.4.5 and 1.5.0 ...)
	{DSA-1458-1}
	- openafs 1.4.6.dfsg1-1 (medium)
	NOTE: http://www.openafs.org/security/OPENAFS-SA-2007-003.txt
CVE-2007-6595 (ClamAV 0.92 allows local users to overwrite arbitrary files via a syml ...)
	{DSA-1497-1}
	- clamav 0.92.1~dfsg-1 (low; bug #458532)
	[etch] - clamav <not-affected> (Minor issue, first issue doesn't apply)
	[sarge] - clamav <no-dsa> (Security Support has stopped)
CVE-2007-6596 (ClamAV 0.92 does not recognize Base64 UUEncoded archives, which allows ...)
	- clamav 0.92.1~dfsg-1 (unimportant; bug #458532)
	[etch] - clamav <no-dsa> (Minor issue)
	[sarge] - clamav <no-dsa> (Security Support has stopped)
	NOTE: this is more a feature request than a bug
CVE-2007-6594 (IBM Lotus Notes 8 for Linux before 8.0.1 uses (1) unspecified weak per ...)
	NOT-FOR-US: Lotus Notes
CVE-2007-6593 (Multiple stack-based buffer overflows in l123sr.dll in Autonomy (forme ...)
	NOT-FOR-US: IBM Lotus Notes
CVE-2007-6592 (Apple Safari 2, when a user accepts an SSL server certificate on the b ...)
	NOT-FOR-US: Safari
CVE-2007-6591 (KDE Konqueror 3.5.5 and 3.95.00, when a user accepts an SSL server cer ...)
	- kdebase 4:4.0.3-1 (low; bug #458968)
	[etch] - kdebase <no-dsa> (Minor issue)
	[lenny] - kdebase <no-dsa> (Minor issue)
	NOTE: filed http://bugs.kde.org/show_bug.cgi?id=154921
	NOTE: No longer occurs in KDE 4.0.3 according to upstream bug
CVE-2007-6590
	REJECTED
CVE-2007-6589 (The jar protocol handler in Mozilla Firefox before 2.0.0.10 and SeaMon ...)
	{DSA-1534-1}
	- iceape 1.1.7-1 (medium)
	- iceweasel 2.0.0.10-1 (medium)
CVE-2007-6588 (Cross-site scripting (XSS) vulnerability in PHCDownload 1.10 allows re ...)
	NOT-FOR-US: PHCDownload
CVE-2007-6587 (SQL injection vulnerability in plog-rss.php in Plogger 1.0 Beta 3.0 al ...)
	NOT-FOR-US: Plogger
CVE-2007-6586 (SQL injection vulnerability in sezione_news.php in nicLOR-CMS allows r ...)
	NOT-FOR-US: nicLOR-CMS
CVE-2007-6585 (PHP remote file inclusion vulnerability in confirmUnsubscription.php i ...)
	NOT-FOR-US: NmnNewsletter
CVE-2007-6584 (Multiple directory traversal vulnerabilities in 1024 CMS 1.3.1 allow r ...)
	NOT-FOR-US: 1024 CMS
CVE-2007-6583 (SQL injection vulnerability in admin/ops/findip/ajax/search.php in 102 ...)
	NOT-FOR-US: 1024 CMS
CVE-2007-6582 (Directory traversal vulnerability in index.php in mBlog 1.2 allows rem ...)
	NOT-FOR-US: mBlog
CVE-2007-6581 (Multiple directory traversal vulnerabilities in Social Engine 2.0 allo ...)
	NOT-FOR-US: Social Engine
CVE-2007-6580 (Multiple SQL injection vulnerabilities in Wallpaper Site 1.0.09 allow  ...)
	NOT-FOR-US: Wallpaper Site
CVE-2007-6579 (Multiple SQL injection vulnerabilities in Ip Reg 0.3 allow remote atta ...)
	NOT-FOR-US: Ip Reg
CVE-2007-6578 (SQL injection vulnerability in go.php in PHP ZLink 0.3 allows remote a ...)
	NOT-FOR-US: PHP ZLink
CVE-2007-6577 (Multiple SQL injection vulnerabilities in index.php in zBlog 1.2 allow ...)
	NOT-FOR-US: zBlog
CVE-2007-6576 (Multiple SQL injection vulnerabilities in Adult Script 1.6.5 and earli ...)
	NOT-FOR-US: Adult Script
CVE-2007-6575 (SQL injection vulnerability in default.php in MMSLamp allows remote at ...)
	NOT-FOR-US: MMSLamp
CVE-2007-6574 (Multiple cross-site scripting (XSS) vulnerabilities in Dokeos 1.8.4 an ...)
	NOT-FOR-US: Dokeos
CVE-2007-6573 (QK SMTP Server 3 allows remote attackers to cause a denial of service  ...)
	NOT-FOR-US: QK SMTP
CVE-2007-6572 (Cross-site scripting (XSS) vulnerability in Sun Java System Web Server ...)
	NOT-FOR-US: Sun Java System Web Server
CVE-2007-6571 (Cross-site scripting (XSS) vulnerability in Sun Java System Web Proxy  ...)
	NOT-FOR-US: Sun Java System Web Proxy
CVE-2007-6570 (Cross-site scripting (XSS) vulnerability in the View URL Database func ...)
	NOT-FOR-US: Sun Java System Web Proxy Server
CVE-2007-6569 (Cross-site scripting (XSS) vulnerability in the View Error Log functio ...)
	NOT-FOR-US: Sun Java System Web Proxy Server
CVE-2007-6568 (PHP remote file inclusion vulnerability in config.inc.php in XZero Com ...)
	NOT-FOR-US: XZero Community Classifieds
CVE-2007-6567 (Directory traversal vulnerability in index.php in XZero Community Clas ...)
	NOT-FOR-US: XZero Community Classifieds
CVE-2007-6566 (SQL injection vulnerability in post.php in XZero Community Classifieds ...)
	NOT-FOR-US: XZero Community Classifieds
CVE-2007-6565 (Multiple SQL injection vulnerabilities in Blakord Portal 1.3.A Beta an ...)
	NOT-FOR-US: Blakord Portal
CVE-2007-6611 (Cross-site scripting (XSS) vulnerability in view.php in Mantis before  ...)
	{DSA-1467-1}
	- mantis 1.0.8-4 (low; bug #458377)
CVE-2007-6683 (The browser plugin in VideoLAN VLC 0.8.6d allows remote attackers to o ...)
	{DSA-1543-1 DTSA-132-1}
	- vlc 0.8.6.c-4.1 (medium; bug #458318)
	- mozilla-browser-plugin 0.8.6.e-2.2 (bug #480370)
	NOTE: the plugin is in the same srcpkg but has its own implementation for VLCOPT
	[lenny] - vlc 0.8.6.c-4.1~lenny1
	NOTE: see https://trac.videolan.org/vlc/ticket/1371
CVE-2007-6682 (Format string vulnerability in the httpd_FileCallBack function (networ ...)
	{DSA-1543-1}
	- vlc 0.8.6.c-4.1 (medium; bug #458318)
	[lenny] - vlc 0.8.6.c-4.1~lenny1
	NOTE: see http://www.securityfocus.com/archive/1/485488/30/0/threaded
CVE-2007-6681 (Stack-based buffer overflow in modules/demux/subtitle.c in VideoLAN VL ...)
	{DSA-1543-1}
	- vlc 0.8.6.c-4.1 (low; bug #458318)
	[lenny] - vlc 0.8.6.c-4.1~lenny1
	NOTE: see http://www.securityfocus.com/archive/1/485488/30/0/threaded
CVE-2007-6684 (The RTSP module in VideoLAN VLC 0.8.6d allows remote attackers to caus ...)
	- vlc 0.8.6.c-4.1 (bug #458318)
	[lenny] - vlc 0.8.6.c-4.1~lenny1
	NOTE: That's hardly a security problem, just a bug
CVE-2007-6598 (Dovecot before 1.0.10, with certain configuration options including us ...)
	{DSA-1457-1}
	- dovecot 1:1.0.10-1 (low; bug #458315)
	[sarge] - dovecot <not-affected> (Vulnerable code not present)
	[etch] - dovecot <no-dsa> (very minor issue)
	NOTE: http://dovecot.org/list/dovecot-news/2007-December/000057.html
	NOTE: low, because issue is only with quite rare configurations
CVE-2007-6612 (Directory traversal vulnerability in DirHandler (lib/mongrel/handlers. ...)
	- mongrel 1.1.3-1 (medium)
CVE-2007-6564 (Cross-site scripting (XSS) vulnerability in admin.php in Limbo CMS 1.0 ...)
	NOT-FOR-US: Limbo CMS
CVE-2007-6563 (Heap-based buffer overflow in WinAce 2.65 and earlier, and possibly ot ...)
	NOT-FOR-US: WinAce
CVE-2007-6562 (Multiple stack-based buffer overflows in the use of FD_SET in TCPreen  ...)
	{DSA-1443-1}
	- tcpreen 1.4.3-0.3 (medium; bug #457781)
CVE-2007-6561 (Multiple stack-based buffer overflows in PDFLib allow user-assisted re ...)
	NOT-FOR-US: PDFLib
CVE-2007-6560 (Multiple cross-site scripting (XSS) vulnerabilities in Logaholic befor ...)
	NOT-FOR-US: Logaholic
CVE-2007-6559 (Multiple SQL injection vulnerabilities in Logaholic before 2.0 RC8 all ...)
	NOT-FOR-US: Logaholic
CVE-2007-6558 (TotalPlayer 3.0 allows user-assisted remote attackers to cause a denia ...)
	NOT-FOR-US: TotalPlayer
CVE-2007-6557 (Multiple SQL injection vulnerabilities in MeGaCheatZ 1.1 allow remote  ...)
	NOT-FOR-US: MeGaCheatZ
CVE-2007-6556 (Multiple SQL injection vulnerabilities in websihirbazi 5.1.1 allow rem ...)
	NOT-FOR-US: websihirbazi
CVE-2007-6555 (PHP remote file inclusion vulnerability in modules/mod_pxt_latest.php  ...)
	NOT-FOR-US: Joomla! extension
CVE-2007-6554 (Multiple directory traversal vulnerabilities in TeamCal Pro 3.1.000 an ...)
	NOT-FOR-US: TeamCal
CVE-2007-6553 (Multiple PHP remote file inclusion vulnerabilities in TeamCal Pro 3.1. ...)
	NOT-FOR-US: TeamCal
CVE-2007-6552 (Directory traversal vulnerability in index.php in AuraCMS 2.2 allows r ...)
	NOT-FOR-US: AuraCMS
CVE-2007-6551 (SQL injection vulnerability in showMsg.php in MailMachine Pro 2.2.4, a ...)
	NOT-FOR-US: MailMachine
CVE-2007-6550 (form.php in PMOS Help Desk 2.4 and earlier sends a redirect to the web ...)
	NOT-FOR-US: PMOS Help Desk
CVE-2007-6549 (Unspecified vulnerability in RunCMS before 1.6.1 has unknown impact an ...)
	NOT-FOR-US: RunCMS
CVE-2007-6548 (Multiple direct static code injection vulnerabilities in RunCMS before ...)
	NOT-FOR-US: RunCMS
CVE-2007-6547 (RunCMS before 1.6.1 does not require entry of the old password during  ...)
	NOT-FOR-US: RunCMS
CVE-2007-6546 (RunCMS before 1.6.1 uses a predictable session id, which makes it easi ...)
	NOT-FOR-US: RunCMS
CVE-2007-6545 (Multiple cross-site scripting (XSS) vulnerabilities in RunCMS before 1 ...)
	NOT-FOR-US: RunCMS
CVE-2007-6544 (Multiple SQL injection vulnerabilities in RunCMS before 1.6.1 allow re ...)
	NOT-FOR-US: RunCMS
CVE-2007-6543 (SQL injection vulnerability in suggest-link.php in eSyndiCat Link Exch ...)
	NOT-FOR-US: eSyndiCat Link Exchange Script
CVE-2007-6542 (PHP remote file inclusion vulnerability in admin/frontpage_right.php i ...)
	NOT-FOR-US: Arcadem LEArcadem LE
CVE-2007-6541 (Multiple cross-site scripting (XSS) vulnerabilities in neuron news 1.0 ...)
	NOT-FOR-US: neuron news
CVE-2007-6540 (SQL injection vulnerability in neuron news 1.0 allows remote attackers ...)
	NOT-FOR-US: neuron news
CVE-2007-6539 (PHP local file inclusion vulnerability in index.php in IDevspot iSuppo ...)
	NOT-FOR-US: IDevspot iSupport
CVE-2007-6538 (SQL injection vulnerability in ing/blocks/mrbs/code/web/view_entry.php ...)
	- moodle <not-affected> (Vulnerable code not present, third party module)
CVE-2007-6537 (Stack-based buffer overflow in the zfile_gunzip function in zfile.c in ...)
	NOT-FOR-US: WinUAE
CVE-2007-6536 (The Custom Button Installer dialog in Google Toolbar 4 and 5 beta pres ...)
	NOT-FOR-US: Google Toolbar
CVE-2007-6535 (Buffer overflow in the YShortcut ActiveX control in YShortcut.dll 2006 ...)
	NOT-FOR-US: YShortcut ActiveX control
CVE-2007-6534 (Multiple unspecified vulnerabilities in Microsoft Office Publisher all ...)
	NOT-FOR-US: Microsoft Office Publisher
CVE-2007-6533 (Buffer overflow in Zoom Player 6.00 beta 2 and earlier allows user-ass ...)
	NOT-FOR-US: Zoom Player
CVE-2007-6532 (Double free vulnerability in the Widget Library (libxfcegui4) in Xfce  ...)
	- libxfcegui4 4.4.2 (low)
	[sarge] - libxfcegui4 <no-dsa> (Minor issue)
	[etch] - libxfcegui4 <no-dsa> (Minor issue)
CVE-2007-6531 (Stack-based buffer overflow in the Panel (xfce4-panel) component in Xf ...)
	- xfce4-panel 4.4.2 (low)
	[sarge] - xfce4-panel <no-dsa> (Minor issue)
	[etch] - xfce4-panel <no-dsa> (Minor issue)
CVE-2007-6530 (Buffer overflow in the XUpload.ocx ActiveX control in Persits Software ...)
	NOT-FOR-US: XUpload
CVE-2007-6529 (Multiple unspecified vulnerabilities in TikiWiki before 1.9.9 have unk ...)
	- tikiwiki <removed>
CVE-2007-6528 (Directory traversal vulnerability in tiki-listmovies.php in TikiWiki b ...)
	- tikiwiki <removed>
CVE-2007-6527 (uploadimg.php in the Automatic Image Upload with Thumbnails (imgUpload ...)
	NOT-FOR-US: PunBB
CVE-2007-6526 (Cross-site scripting (XSS) vulnerability in tiki-special_chars.php in  ...)
	- tikiwiki <removed>
CVE-2007-6525 (Unspecified vulnerability in eClient in IBM DB2 Content Manager (CM) T ...)
	NOT-FOR-US: IBM DB2 Content Manager
CVE-2007-6524 (Opera before 9.25 allows remote attackers to obtain potentially sensit ...)
	NOT-FOR-US: Opera
CVE-2007-6523 (Algorithmic complexity vulnerability in Opera 9.50 beta and 9.x before ...)
	NOT-FOR-US: Opera
CVE-2007-6522 (The rich text editing functionality in Opera before 9.25 allows remote ...)
	NOT-FOR-US: Opera
CVE-2007-6521 (Unspecified vulnerability in Opera before 9.25 allows remote attackers ...)
	NOT-FOR-US: Opera
CVE-2007-6520 (Opera before 9.25 allows remote attackers to conduct cross-domain scri ...)
	NOT-FOR-US: Opera
CVE-2007-6519 (Unspecified vulnerability in the File-on-File Mounting File System (FF ...)
	NOT-FOR-US: HP Tru64 UNIX
CVE-2007-6518 (Multiple SQL injection vulnerabilities in search.php in WoltLab Burnin ...)
	NOT-FOR-US: WoltLab Burning Board
CVE-2007-6517 (SQL injection vulnerability in the forget password section (LostPwd.as ...)
	NOT-FOR-US: Eagle Software Aeries Browser Interface
CVE-2007-6516 (Buffer overflow in RavWare Software MAS Flic ActiveX Control (masflc.o ...)
	NOT-FOR-US: RavWare Software MAS Flic ActiveX Control
CVE-2007-6515 (support/dispatch.cgi in SiteScape Forum allows remote attackers to exe ...)
	NOT-FOR-US: SiteScape
CVE-2007-6513 (HP eSupportDiagnostics ActiveX control (hpediag.dll) 1.0.11.0 exports  ...)
	NOT-FOR-US: HP eSupportDiagnostics ActiveX control
CVE-2007-6512 (PHP MySQL Banner Exchange 2.2.1 stores sensitive information under the ...)
	NOT-FOR-US: PHP MySQL Banner Exchange
CVE-2007-6511 (Websense Enterprise 6.3.1 allows remote attackers to bypass content fi ...)
	NOT-FOR-US: Websense Enterprise
CVE-2007-6510 (Multiple stack-based buffer overflows in ProWizard 4 PC (prowiz) 1.62  ...)
	NOT-FOR-US: ProWizard
CVE-2007-6509 (Unspecified vulnerability in Appian Enterprise Business Process Manage ...)
	NOT-FOR-US: Appian Enterprise Business Process Management Suite
CVE-2007-6508 (Directory traversal vulnerability in view.php in xeCMS 1.0 allows remo ...)
	NOT-FOR-US: xeCMS
CVE-2007-6514 (Apache HTTP Server, when running on Linux with a document root on a Wi ...)
	- linux-2.6 2.6.17-1 (low; bug #529318)
	- linux-2.6.24 <not-affected> (Fixed before initial upload, 2.6.17)
	NOTE: While labeled as an Apache flaw, fix required in smbfs
CVE-2007-XXXX [venkman preinst symlink dos]
	- venkman 0.9.87.2-1 (bug #456520)
	[lenny] - venkman <not-affected> (Vulnerable code not present)
	[sarge] - venkman <not-affected> (Vulnerable code not present)
	[etch] - venkman <not-affected> (Vulnerable code not present)
CVE-2007-XXXX [unace unspecified security issue related to uninitialized variable]
	- unace-nonfree 2.5-3
	[etch] - unace-nonfree 2.5-1etch1
CVE-2007-6507 (SpntSvc.exe daemon in Trend Micro ServerProtect 5.58 for Windows, befo ...)
	NOT-FOR-US: Trend Micro ServerProtect
CVE-2007-6506 (The HPRulesEngine.ContentCollection.1 ActiveX Control in RulesEngine.d ...)
	NOT-FOR-US: HP Software Update
CVE-2007-6505 (Solaris 9, with Solaris Auditing enabled and certain patches for sshd  ...)
	NOT-FOR-US: Solaris
CVE-2007-6504 (Unspecified vulnerability in IIS/iibind.asp in Hosting Controller 6.1  ...)
	NOT-FOR-US: Hosting Controller
CVE-2007-6503 (Multiple unspecified vulnerabilities in Hosting Controller 6.1 Hot fix ...)
	NOT-FOR-US: Hosting Controller
CVE-2007-6502 (Hosting Controller 6.1 Hot fix 3.3 and earlier allows remote authentic ...)
	NOT-FOR-US: Hosting Controller
CVE-2007-6501 (Unspecified vulnerability in Hosting Controller 6.1 Hot fix 3.3 and ea ...)
	NOT-FOR-US: Hosting Controller
CVE-2007-6500 (Unspecified vulnerability in Hosting Controller 6.1 Hot fix 3.3 and ea ...)
	NOT-FOR-US: Hosting Controller
CVE-2007-6499 (Unspecified vulnerability in Hosting Controller 6.1 Hot fix 3.3 and ea ...)
	NOT-FOR-US: Hosting Controller
CVE-2007-6498 (Multiple SQL injection vulnerabilities in Hosting Controller 6.1 Hot f ...)
	NOT-FOR-US: Hosting Controller
CVE-2007-6497 (Hosting Controller 6.1 Hot fix 3.3 and earlier (1) allows remote attac ...)
	NOT-FOR-US: Hosting Controller
CVE-2007-6496 (Hosting Controller 6.1 Hot fix 3.3 and earlier allows remote attackers ...)
	NOT-FOR-US: Hosting Controller
CVE-2007-6495 (inc_newuser.asp in Hosting Controller 6.1 Hot fix 3.3 and earlier allo ...)
	NOT-FOR-US: Hosting Controller
CVE-2007-6494 (Hosting Controller 6.1 Hot fix 3.3 and earlier allows remote attackers ...)
	NOT-FOR-US: Hosting Controller
CVE-2007-6493 (The IMWeb.IMWebControl.1 ActiveX control in IMWeb.dll 7.0.0.x, and pos ...)
	NOT-FOR-US: iMesh
CVE-2007-6492 (The IMWeb.IMWebControl.1 ActiveX control in IMWeb.dll 7.0.0.x, and pos ...)
	NOT-FOR-US: iMesh
CVE-2007-6491 (Multiple SQL injection vulnerabilities in Kvaliitti WebDoc 3.0 CMS all ...)
	NOT-FOR-US: Kvaliitti WebDoc CMS
CVE-2007-6490 (Cross-site request forgery (CSRF) vulnerability in Falcon Series One C ...)
	NOT-FOR-US: Falcon Series One CMS
CVE-2007-6489 (Multiple cross-site scripting (XSS) vulnerabilities in Falcon Series O ...)
	NOT-FOR-US: Falcon Series One CMS
CVE-2007-6488 (Multiple PHP remote file inclusion vulnerabilities in Falcon Series On ...)
	NOT-FOR-US: Falcon Series One CMS
CVE-2007-6487 (Unspecified vulnerability in Plain Black WebGUI 7.4.0 through 7.4.17 a ...)
	NOT-FOR-US: Plain Black WebGUI
CVE-2007-6486 (Multiple cross-site scripting (XSS) vulnerabilities in shout.php (aka  ...)
	NOT-FOR-US: LineShout
CVE-2007-6485 (Multiple PHP remote file inclusion vulnerabilities in Centreon 1.4.1 ( ...)
	- centreon-web <itp> (bug #913903)
CVE-2007-6484 (SQL injection vulnerability in index.php in phpRPG 0.8 allows remote a ...)
	NOT-FOR-US: phpRPG
CVE-2007-6483 (Directory traversal vulnerability in SafeNet Sentinel Protection Serve ...)
	NOT-FOR-US: SafeNet Sentinel Protection and Keys Server
CVE-2007-6482 (Unspecified vulnerability in the Device Manager daemon (utdevmgrd) in  ...)
	NOT-FOR-US: utdevmgrd in Sun Ray Server Software
CVE-2007-6481 (Unspecified vulnerability in the Device Manager daemon (utdevmgrd) in  ...)
	NOT-FOR-US: utdevmgrd in Sun Ray Server Software
CVE-2007-6480 (The Oracle database component in Sun Management Center (Sun MC) 3.6.1, ...)
	NOT-FOR-US: Oracle database component in Sun Management Center
CVE-2007-6479 (Unrestricted file upload vulnerability in the "My productions" compone ...)
	NOT-FOR-US: Dokeos
CVE-2007-6478 (Stack-based buffer overflow in Rosoft Media Player 4.1.7, 4.1.8, and p ...)
	NOT-FOR-US: Rosoft Media Player
CVE-2007-6477 (Cross-site scripting (XSS) vulnerability in the on-line help feature i ...)
	NOT-FOR-US: Citrix Web Interface and NFuse
CVE-2007-6476 (GF-3XPLORER 2.4 allows remote attackers to obtain configuration inform ...)
	NOT-FOR-US: GF-3XPLORER
CVE-2007-6475 (Multiple directory traversal vulnerabilities in GF-3XPLORER 2.4 allow  ...)
	NOT-FOR-US: GF-3XPLORER
CVE-2007-6474 (Multiple cross-site scripting (XSS) vulnerabilities in GF-3XPLORER 2.4 ...)
	NOT-FOR-US: GF-3XPLORER
CVE-2007-6473 (Heap-based buffer overflow in Texas Imperial Software WFTPD Pro Explor ...)
	NOT-FOR-US: WFTPD Explorer Pro
CVE-2007-6472 (Multiple SQL injection vulnerabilities in phpMyRealty (PMR) 1.0.9 allo ...)
	NOT-FOR-US: phpMyRealty
CVE-2007-6471 (Incomplete blacklist vulnerability in main.php in phPay 2.02.01 on Win ...)
	NOT-FOR-US: phPay
CVE-2007-6470 (phpRPG 0.8 stores sensitive information under the web root with insuff ...)
	NOT-FOR-US: phpRPG
CVE-2007-6469 (SQL injection vulnerability in index.php in phpRPG 0.8, when magic_qut ...)
	NOT-FOR-US: phpRPG
CVE-2007-6468 (Buffer overflow in the HuffDecode function in hw_utils/hwrcon/huffman. ...)
	NOT-FOR-US: Hammer of Thyrion
CVE-2007-6467 (SQL injection vulnerability in index.php in MKPortal 1.1 RC1 allows re ...)
	NOT-FOR-US: MKPortal
CVE-2007-6466 (Multiple SQL injection vulnerabilities in index.php in FreeWebshop 2.2 ...)
	NOT-FOR-US: FreeWebshop
CVE-2007-6465 (Multiple cross-site scripting (XSS) vulnerabilities in ganglia-web in  ...)
	- ganglia-monitor-core <not-affected> (ganglia web-frontend not included)
CVE-2007-6464 (Multiple PHP remote file inclusion vulnerabilities in Form tools 1.5.0 ...)
	NOT-FOR-US: Form tools
CVE-2007-6463 (Multiple cross-site scripting (XSS) vulnerabilities in the admin panel ...)
	NOT-FOR-US: PHP Real Estate Classifieds
CVE-2007-6462 (SQL injection vulnerability in fullnews.php in PHP Real Estate Classif ...)
	NOT-FOR-US: PHP Real Estate Classifieds
CVE-2007-6461 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in Fl ...)
	- flyspray <removed>
CVE-2007-6460 (Multiple cross-site scripting (XSS) vulnerabilities in Anon Proxy Serv ...)
	NOT-FOR-US: Anon Proxy Server
CVE-2007-6459 (Anon Proxy Server 0.100, and probably 0.101, allows remote attackers t ...)
	NOT-FOR-US: Anon Proxy Server
CVE-2007-6458 (SQL injection vulnerability in shop/mainfile.php in 123tkShop 0.9.1 al ...)
	NOT-FOR-US: 123tkShop
CVE-2007-6457 (Stack-based buffer overflow in the webmail feature in SurgeMail 38k4 a ...)
	NOT-FOR-US: NetWin SurgeMail 38k4
CVE-2007-6456 (Unspecified vulnerability in OpenOffice.org code in Planamesa NeoOffic ...)
	NOT-FOR-US: Planamesa NeoOffice
	NOTE: referring to OpenOffice security team this is what is described in CVE-2007-4575 for OO
CVE-2007-6455 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in Ma ...)
	NOT-FOR-US: Mambo
	NOTE: Mambo is in experimental
CVE-2007-6454 (Heap-based buffer overflow in the handshakeHTTP function in servhs.cpp ...)
	{DSA-1583-1 DSA-1441-1}
	- peercast 0.1218+svn20071220+2 (medium; bug #457300)
	- gnome-peercast 0.5.4-1.2 (medium; bug #466539)
CVE-2007-6453 (Directory traversal vulnerability in raidenhttpd-admin/workspace.php i ...)
	NOT-FOR-US: RaidenHTTPD
CVE-2007-6452 (Unspecified vulnerability in the benchmark reporting system in Google  ...)
	- gwt 1.6.4-1 (low; bug #563542)
CVE-2007-6451 (Unspecified vulnerability in the CIP dissector in Wireshark (formerly  ...)
	{DSA-1446-1 DTSA-104-1}
	- wireshark 0.99.7-1
	- ethereal <removed>
CVE-2007-6450 (The RPL dissector in Wireshark (formerly Ethereal) 0.9.8 to 0.99.6 all ...)
	{DSA-1446-1 DTSA-104-1}
	- wireshark 0.99.7-1
	- ethereal <removed>
CVE-2007-6449
	REJECTED
CVE-2007-6448
	REJECTED
CVE-2007-6447
	REJECTED
CVE-2007-6446
	REJECTED
CVE-2007-6445
	REJECTED
CVE-2007-6444
	REJECTED
CVE-2007-6443
	REJECTED
CVE-2007-6442
	REJECTED
CVE-2007-6441 (The WiMAX dissector in Wireshark (formerly Ethereal) 0.99.6 allows rem ...)
	{DTSA-104-1}
	- wireshark 0.99.7-1
	[sarge] - ethereal <not-affected> (vulnerable code introduced in 0.99.6)
	[etch] - wireshark <not-affected> (vulnerable code introduced in 0.99.6)
CVE-2007-6440
	REJECTED
CVE-2007-6439 (Wireshark (formerly Ethereal) 0.99.6 allows remote attackers to cause  ...)
	{DTSA-104-1}
	- wireshark 0.99.7-1
	[sarge] - ethereal <not-affected> (vulnerable code introduced in 0.99.6)
	[etch] - wireshark <not-affected> (vulnerable code introduced in 0.99.6)
CVE-2007-6438 (Unspecified vulnerability in the SMB dissector in Wireshark (formerly  ...)
	{DTSA-104-1}
	- wireshark 0.99.7-1
	[sarge] - ethereal <not-affected> (vulnerable code introduced in 0.99.6)
	[etch] - wireshark <not-affected> (vulnerable code introduced in 0.99.6)
CVE-2007-6437 (Balabit syslog-ng 2.0.x before 2.0.6 and 2.1.x before 2.1.8 allows rem ...)
	{DSA-1464-1 DTSA-105-1}
	- syslog-ng 2.0.6-1 (low; bug #457334)
	[sarge] - syslog-ng <not-affected> (Vulnerable code not present)
CVE-2007-6436 (Stack-based buffer overflow in JSGCI.DLL in JustSystems Ichitaro 2005, ...)
	NOT-FOR-US: JustSystems
CVE-2007-6435 (Stack-based buffer overflow in Novell GroupWise before 6.5.7, when HTM ...)
	NOT-FOR-US: Novell GroupWise
CVE-2007-6434 (Linux kernel 2.6.23 allows local users to create low pages in virtual  ...)
	- linux-2.6 2.6.23-2
	[etch] - linux-2.6 <not-affected> (Only Linux 2.6.23 and above affected)
CVE-2007-6433 (The getRenderedEjbql method in the org.jboss.seam.framework.Query clas ...)
	- jbosseam <itp> (bug #451956)
CVE-2007-6432 (Stack-based buffer overflow in AldFs32.dll in Adobe PageMaker 7.0.1 an ...)
	NOT-FOR-US: Adobe PageMaker
CVE-2007-6431 (Unspecified vulnerability in Adobe Flash Media Server 2 before 2.0.5,  ...)
	NOT-FOR-US: Adobe Flash Media Server
CVE-2007-6430 (Asterisk Open Source 1.2.x before 1.2.26 and 1.4.x before 1.4.16, and  ...)
	{DSA-1525-1}
	- asterisk 1:1.4.16.2~dfsg-1 (low; bug #457063)
	[etch] - asterisk <no-dsa> (Minor issue, eventually fix in a later DSA)
	[sarge] - asterisk <not-affected> (Vulnerable code not present)
CVE-2007-6429 (Multiple integer overflows in X.Org Xserver before 1.4.1 allow context ...)
	{DSA-1466-2 DTSA-110-1}
	- xorg-server 2:1.4.1~git20080105-2
CVE-2007-6428 (The ProcGetReservedColormapEntries function in the TOG-CUP extension i ...)
	{DSA-1466-2 DTSA-110-1}
	- xorg-server 2:1.4.1~git20080105-2
CVE-2007-6427 (The XInput extension in X.Org Xserver before 1.4.1 allows context-depe ...)
	{DSA-1466-2 DTSA-110-1}
	- xorg-server 2:1.4.1~git20080105-2
CVE-2007-6426 (Multiple heap-based buffer overflows in EMC RepliStor 6.2 SP2, and pos ...)
	NOT-FOR-US: EMC RepliStor
CVE-2007-6425 (Unspecified vulnerability in HP-UX B.11.31, when running ARPA Transpor ...)
	NOT-FOR-US: HP-UX
CVE-2007-6424 (registry.pl in Fonality Trixbox 2.0 PBX products, when running in cert ...)
	NOT-FOR-US: Fonality Trixbox
CVE-2007-6423
	- apache2 <not-affected> (disputed / only for Windows)
CVE-2007-6422 (The balancer_handler function in mod_proxy_balancer in the Apache HTTP ...)
	- apache2 2.2.8-1 (low)
	[sarge] - apache2 <not-affected> (vulnerable code introduced in 2.2)
	[etch] - apache2 2.2.3-4+etch4 (low)
CVE-2007-6421 (Cross-site scripting (XSS) vulnerability in balancer-manager in mod_pr ...)
	- apache2 2.2.8-1 (low)
	[sarge] - apache2 <not-affected> (vulnerable code introduced in 2.2)
	[etch] - apache2 2.2.3-4+etch4 (low)
CVE-2007-6420 (Cross-site request forgery (CSRF) vulnerability in the balancer-manage ...)
	- apache2 2.2.9-1 (low)
	[etch] - apache2 <no-dsa> (minor issue)
	[sarge] - apache2 <not-affected> (vulnerable code introduced in 2.2)
	NOTE: Won't be fixed in etch.
CVE-2007-6419 (Unspecified vulnerability in rpc.yppasswdd in HP HP-UX B.11.11, B.11.2 ...)
	NOT-FOR-US: HP-UX
CVE-2007-6417 (The shmem_getpage function (mm/shmem.c) in Linux kernel 2.6.11 through ...)
	{DSA-1436-1}
	- linux-2.6 2.6.23-2
CVE-2007-6416 (The copy_to_user function in the PAL emulation functionality for Xen 3 ...)
	- xen-unstable <not-affected> (We only have xen for i386 and amd64)
	- xen-3 <not-affected> (We only have xen for i386 and amd64)
	- xen-3.0 <not-affected> (We only have xen for i386 and amd64)
CVE-2007-6415 (scponly 4.6 and earlier allows remote authenticated users to bypass in ...)
	{DSA-1473-1}
	- scponly 4.6-1.2 (high)
CVE-2007-6414 (admin/administrator.php in Adult Script 1.6 and earlier sends a redire ...)
	NOT-FOR-US: Adult ScriptAdult Script
CVE-2007-6413 (Sun Solaris 10 with the 120011-04 and 120012-04 patches, and later 120 ...)
	NOT-FOR-US: Sun Solaris
CVE-2007-6412 (Direct static code injection vulnerability in wiki/index.php in Bitwea ...)
	NOT-FOR-US: Bitweaver
CVE-2007-6411 (Multiple buffer overflows in the HandleEmotsConfig function in the GG  ...)
	NOT-FOR-US: Gadu-Gadu client
CVE-2007-6410 (Gadu-Gadu does not properly perform protocol handling, which allows re ...)
	NOT-FOR-US: Gadu-Gadu client
CVE-2007-6409 (The gg protocol handler in Gadu-Gadu, when this product is installed b ...)
	NOT-FOR-US: Gadu-Gadu client
CVE-2007-6408 (IBM Tivoli Provisioning Manager Express provides unspecified informati ...)
	NOT-FOR-US: IBM Tivoli Provisioning Manager Express
CVE-2007-6407 (Multiple cross-site scripting (XSS) vulnerabilities in IBM Tivoli Prov ...)
	NOT-FOR-US: IBM Tivoli Provisioning Manager Express
CVE-2007-6406 (Multiple cross-site scripting (XSS) vulnerabilities in CA (formerly Co ...)
	NOT-FOR-US: CA eTrust Threat Management Console
CVE-2007-6405 (Sergey Lyubka Simple HTTPD (shttpd) 1.38 and earlier on Windows allows ...)
	NOT-FOR-US: Simple HTTPD
CVE-2007-6404 (Directory traversal vulnerability in Sergey Lyubka Simple HTTPD (shttp ...)
	NOT-FOR-US: Simple HTTPD
CVE-2007-6403 (Stack-based buffer overflow in Nullsoft Winamp 5.32 allows user-assist ...)
	NOT-FOR-US: Winamp
CVE-2007-6402 (Stack-based buffer overflow in mplayerc.exe in Media Player Classic (M ...)
	NOT-FOR-US: Media Player Classic
CVE-2007-6401 (Stack-based buffer overflow in mplayer2.exe in Microsoft Windows Media ...)
	NOT-FOR-US: Microsoft Windows Media Player
CVE-2007-6400 (Directory traversal vulnerability in download_file.php in PolDoc CMS ( ...)
	NOT-FOR-US: PolDoc CMS
CVE-2007-6399 (index.php in Flat PHP Board 1.2 and earlier allows remote authenticate ...)
	NOT-FOR-US: Flat PHP Board
CVE-2007-6398 (Flat PHP Board 1.2 and earlier allows remote attackers to bypass authe ...)
	NOT-FOR-US: Flat PHP Board
CVE-2007-6397 (Multiple directory traversal vulnerabilities in index.php in Flat PHP  ...)
	NOT-FOR-US: Flat PHP Board
CVE-2007-6396 (Direct static code injection vulnerability in index.php in Flat PHP Bo ...)
	NOT-FOR-US: Flat PHP Board
CVE-2007-6395 (Flat PHP Board 1.2 and earlier stores sensitive information under the  ...)
	NOT-FOR-US: Flat PHP Board
CVE-2007-6394 (SQL injection vulnerability in index.php in Content Injector 1.53 allo ...)
	NOT-FOR-US: Content Injector
CVE-2007-6393 (SQL injection vulnerability in albums.php in Ace Image Hosting Script  ...)
	NOT-FOR-US: Ace Image Hosting Script
CVE-2007-6392 (SQL injection vulnerability in DWdirectory 2.1 and earlier allows remo ...)
	NOT-FOR-US: DWdirectory
CVE-2007-6391 (SQL injection vulnerability in patch/comments.php in SH-News 3.0 allow ...)
	NOT-FOR-US: SH-News
CVE-2007-6390 (Cross-site request forgery (CSRF) vulnerability in the mycalendar plug ...)
	- serendipity <not-affected> (This is an external plugin not included in our packages)
CVE-2007-6389 (The notify feature in GNOME screensaver (gnome-screensaver) 2.20.0 mig ...)
	- gnome-screensaver 2.22.0-1 (low; bug #455484)
	[etch] - gnome-screensaver <no-dsa> (Minor issue)
CVE-2007-6388 (Cross-site scripting (XSS) vulnerability in mod_status in the Apache H ...)
	- apache <removed> (low)
	- apache2 2.2.8-1 (low)
	[etch] - apache2 2.2.3-4+etch6
	[etch] - apache 1.3.34-4.1+etch1
CVE-2007-6358 (pdftops.pl before 1.20 in alternate pdftops filter allows local users  ...)
	{DSA-1437-1}
	- cups 1.3.5-1 (low; bug #456960)
	- cupsys 1.3.5-1 (low; bug #456960)
	[sarge] - cupsys <no-dsa> (Minor issue)
	NOTE: the debian package is a bit confusing here as it also ships a pdftops
	NOTE: wrapper script as an example but the original script is installed
	NOTE: under /usr/lib/cups/filters
CVE-2007-6356 (exiftags before 1.01 allows attackers to cause a denial of service (in ...)
	{DSA-1533-2 DSA-1533-1}
	- exiftags 1.01-0.1 (low; bug #457062)
CVE-2007-6355 (Integer overflow in exiftags before 1.01 has unknown impact and attack ...)
	{DSA-1533-2 DSA-1533-1}
	- exiftags 1.01-0.1 (bug #457062)
CVE-2007-6354 (Unspecified vulnerability in exiftags before 1.01 has unknown impact a ...)
	{DSA-1533-2 DSA-1533-1}
	- exiftags 1.01-0.1 (bug #457062)
CVE-2007-6352 (Integer overflow in libexif 0.6.16 and earlier allows context-dependen ...)
	{DSA-1487-1}
	- libexif 0.6.16-2.1 (medium; bug #457330)
CVE-2007-6351 (libexif 0.6.16 and earlier allows context-dependent attackers to cause ...)
	{DSA-1487-1}
	- libexif 0.6.16-2.1 (low; bug #457330)
CVE-2007-6349 (P4Webs.exe in Perforce P4Web 2006.2 and earlier, when running on Windo ...)
	NOT-FOR-US: P4Web
CVE-2007-6418 (The libdspam7-drv-mysql cron job in Debian GNU/Linux includes the MySQ ...)
	{DSA-1501-1}
	- dspam 3.6.8-5.1 (low; bug #448519)
CVE-2007-6387 (Multiple stack-based buffer overflows in the awApi4.AnswerWorks.1 Acti ...)
	NOT-FOR-US: Vantage Linguistics AnswerWorks ActiveX
CVE-2007-6386 (Stack-based buffer overflow in PccScan.dll before build 1451 in Trend  ...)
	NOT-FOR-US: Trend Micro AntiVirus
CVE-2007-6385 (The proxy server in Kerio WinRoute Firewall before 6.4.1 does not prop ...)
	NOT-FOR-US: Kerio WinRoute Firewall
CVE-2007-6384 (Unspecified vulnerability in the Image Converter functionality in BEA  ...)
	NOT-FOR-US: BEA WebLogic Mobility Server
CVE-2007-6383 (The DAV component in Chandler Server (Cosmo) before 0.10.1 does not ch ...)
	NOT-FOR-US: Chandler
CVE-2007-6382 (The Event Dispatch Thread in Robocode before 1.5.1 allows remote attac ...)
	NOT-FOR-US: Robocode
CVE-2007-6381 (SQL injection vulnerability in the indexed_search system extension in  ...)
	{DSA-1439-1}
	- typo3-src 4.1.5-1 (low; bug #457446)
	NOTE: you need to be a logged in backend user to exploit this
CVE-2007-6380 (Multiple SQL injection vulnerabilities in e-Xoops (exoops) 1.08, and 1 ...)
	NOT-FOR-US: e-Xoops
CVE-2007-6379 (BadBlue 2.72b and earlier allows remote attackers to obtain sensitive  ...)
	NOT-FOR-US: BadBlue
CVE-2007-6378 (Directory traversal vulnerability in upload.dll in BadBlue 2.72b and e ...)
	NOT-FOR-US: BadBlue
CVE-2007-6377 (Stack-based buffer overflow in the PassThru functionality in ext.dll i ...)
	NOT-FOR-US: BadBlue
CVE-2007-6376 (Directory traversal vulnerability in autohtml.php in Francisco Burzi P ...)
	NOT-FOR-US: PHP-Nuke
CVE-2007-6375 (Multiple SQL injection vulnerabilities in Bitweaver 2.0.0 and earlier  ...)
	NOT-FOR-US: Bitweaver
CVE-2007-6374 (Multiple cross-site scripting (XSS) vulnerabilities in Bitweaver 2.0.0 ...)
	NOT-FOR-US: Bitweaver
CVE-2007-6373 (Multiple SQL injection vulnerabilities in GestDown 1.00 Beta allow rem ...)
	NOT-FOR-US: GestDown
CVE-2007-6372 (Unspecified vulnerability in Juniper JUNOS 7.3 through 8.4 allows remo ...)
	NOT-FOR-US: JUNOS
CVE-2007-6371 (Nokia N95 cell phone with RM-159 12.0.013 firmware allows remote attac ...)
	NOT-FOR-US: Nokia N95
CVE-2007-6370
	REJECTED
CVE-2007-6369 (Multiple directory traversal vulnerabilities in resize.php in the Pict ...)
	NOT-FOR-US: PictPress
CVE-2007-6368 (Directory traversal vulnerability in index.php in ezContents 1.4.5 all ...)
	NOT-FOR-US: ezContents
CVE-2007-6367 (Multiple cross-site scripting (XSS) vulnerabilities in the guestbook i ...)
	NOT-FOR-US: SineCMS
CVE-2007-6366 (Multiple SQL injection vulnerabilities in SineCMS 2.3.4 and earlier al ...)
	NOT-FOR-US: SineCMS
CVE-2007-6365 (Cross-site scripting (XSS) vulnerability in modules/ecal/display.php i ...)
	NOT-FOR-US: bcoos
CVE-2007-6364 (Cross-site scripting (XSS) vulnerability in modificarPerfil.php in JLM ...)
	NOT-FOR-US: JLMForo System
CVE-2007-6363 (IBM Tivoli Netcool Security Manager 1.3.0 before Interim Fix 1, when u ...)
	NOT-FOR-US: IBM Tivoli Netcool Security Manager
CVE-2007-6362 (SQL injection vulnerability in index.php in the RSGallery (com_rsgalle ...)
	NOT-FOR-US: RSGallery
CVE-2007-6361 (Gekko 0.8.2 and earlier stores sensitive information under the web roo ...)
	NOT-FOR-US: Gekko
CVE-2007-6360 (Unspecified vulnerability in the Sun eXtended System Control Facility  ...)
	NOT-FOR-US: Sun eXtended System Control Facility
CVE-2007-6359 (The cs_validate_page function in bsd/kern/ubc_subr.c in the xnu kernel ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2007-6357 (Stack-based buffer overflow in Microsoft Office Access allows remote,  ...)
	NOT-FOR-US: Microsoft Office Access
CVE-2007-6353 (Integer overflow in exif.cpp in exiv2 library allows context-dependent ...)
	{DSA-1474-1}
	- exiv2 0.15-2 (medium; bug #456760)
CVE-2007-6350 (scponly 4.6 and earlier allows remote authenticated users to bypass in ...)
	{DSA-1473-1}
	- scponly 4.6-1.1 (high; bug #437148)
CVE-2007-6348 (SquirrelMail 1.4.11 and 1.4.12, as distributed on sourceforge.net befo ...)
	- squirrelmail <not-affected> (Compromised packages were never in Debian)
CVE-2007-6347 (PHP remote file inclusion vulnerability in blocks/block_site_map.php i ...)
	NOT-FOR-US: ViArt, CMS, HelpDesk, Shop Evaluation, Shop Free
CVE-2007-6346 (Cross-site scripting (XSS) vulnerability in Rainboard before 2.10 allo ...)
	NOT-FOR-US: Rainboard
CVE-2007-6345 (SQL injection vulnerability in aurora framework before 20071208 allows ...)
	NOT-FOR-US: aurora
CVE-2007-6344 (Directory traversal vulnerability in modules/cms/index.php in Mcms Eas ...)
	NOT-FOR-US: Mcms Easy Web Make
CVE-2007-6343 (Cross-site scripting (XSS) vulnerability in HP OpenView Network Node M ...)
	NOT-FOR-US: HP OpenView Network Node Manager
CVE-2007-6342 (SQL injection vulnerability in the David Castro AuthCAS module (AuthCA ...)
	NOT-FOR-US: Apache AuthCAS module
CVE-2007-6341 (Net/DNS/RR/A.pm in Net::DNS 0.60 build 654, as used in packages such a ...)
	{DSA-1515-1}
	- libnet-dns-perl 0.63-1 (low; bug #457445)
	NOTE: maybe this should be unimportant as applications using net-dns should handle this croak
CVE-2007-6340 (Geert Moernaut LSrunasE 1.0 and Supercrypt 1.0 use the RC4 stream ciph ...)
	NOT-FOR-US: Geert Moernaut LSrunasE and Supercrypt
CVE-2007-6339 (The Akamai Download Manager (aka DLM or dlmanager) ActiveX control (Do ...)
	NOT-FOR-US: Akamai Download Manager
CVE-2007-6338 (SQL injection vulnerability in userlogin.jsp in Trivantis CourseMill E ...)
	NOT-FOR-US: Trivantis CourseMill Enterprise Learning Management System
CVE-2007-6337 (Unspecified vulnerability in the bzip2 decompression algorithm in nsis ...)
	{DTSA-101-1}
	- clamav 0.92~dfsg-1~volatile2
	[sarge] - clamav <not-affected> (Vulnerable code not present)
	[etch] - clamav <not-affected> (Vulnerable code not present)
CVE-2007-6336 (Off-by-one error in ClamAV before 0.92 allows remote attackers to exec ...)
	{DSA-1435-1 DTSA-101-1}
	- clamav 0.92~dfsg-1~volatile2
	[sarge] - clamav <not-affected> (Vulnerable code not present)
CVE-2007-6335 (Integer overflow in libclamav in ClamAV before 0.92 allows remote atta ...)
	{DSA-1435-1 DTSA-101-1}
	- clamav 0.92~dfsg-1~volatile2
	[sarge] - clamav <not-affected> (Vulnerable code not present)
CVE-2007-6334 (Ingres 2.5 and 2.6 on Windows, as used in multiple CA products and pos ...)
	NOT-FOR-US: Ingres on Windows
CVE-2007-6333 (The HPInfoDLL.HPInfo.1 ActiveX control in HPInfoDLL.dll 1.0, as shippe ...)
	NOT-FOR-US: HP Info Center / HP Quick Launch Buttons
CVE-2007-6332 (The HPInfoDLL.HPInfo.1 ActiveX control in HPInfoDLL.dll 1.0, as shippe ...)
	NOT-FOR-US: HP Info Center HP Quick Launch Buttons
CVE-2007-6331 (Absolute path traversal vulnerability in the HPInfoDLL.HPInfo.1 Active ...)
	NOT-FOR-US: HP Info Center / HP Quick Launch Buttons
CVE-2007-6330 (Meridian Prolog Manager 2007, and 7.5 and earlier, sends all usernames ...)
	NOT-FOR-US: Meridian Prolog Manager
CVE-2007-6329 (Microsoft Office 2007 12.0.6015.5000 and MSO 12.0.6017.5000 do not sig ...)
	NOT-FOR-US: Microsoft Office
CVE-2007-6328
	- dosbox 0.72-1 (unimportant; bug #458950)
	NOTE: this is not a security issue, its a feature of dosbox and the first
	NOTE: thing documented in the manpage
CVE-2007-6327 (Buffer overflow in a certain ActiveX control in Online Media Technolog ...)
	NOT-FOR-US: Online Media Technologies
CVE-2007-6326 (Sergey Lyubka Simple HTTPD (shttpd) 1.3 on Windows allows remote attac ...)
	NOT-FOR-US: Simple HTTPD
CVE-2007-6325 (PHP remote file inclusion vulnerability in adminbereich/designconfig.p ...)
	NOT-FOR-US: Fastpublish
CVE-2007-6324 (PHP remote file inclusion vulnerability in head.php in CityWriter 0.9. ...)
	NOT-FOR-US: CityWriter
CVE-2007-6323 (Multiple directory traversal vulnerabilities in MMS Gallery PHP 1.0 al ...)
	NOT-FOR-US: MMS Gallery PHP
CVE-2007-6322 (Directory traversal vulnerability in filedownload.php in xml2owl 0.1.1 ...)
	NOT-FOR-US: xml2owl
CVE-2007-6320 (Feature 4.7.x-dev and 5.x-dev before 20071206, a Drupal module, does n ...)
	NOT-FOR-US: Feature (third party drupal module)
CVE-2007-6319 (Multiple unspecified vulnerabilities in Lyris ListManager 8.x before 8 ...)
	NOT-FOR-US: Lyris ListManager
CVE-2007-6318 (SQL injection vulnerability in wp-includes/query.php in WordPress 2.3. ...)
	- wordpress 2.3.2-1 (low; bug #459305)
	[etch] - wordpress <not-affected> (Vulnerable code not present)
	NOTE: Patch: https://bugs.edge.launchpad.net/ubuntu/+source/wordpress/+bug/181416
CVE-2007-6317 (Multiple directory traversal vulnerabilities in BarracudaDrive Web Ser ...)
	NOT-FOR-US: BarracudaDrive
CVE-2007-6316 (Cross-site scripting (XSS) vulnerability in BarracudaDrive Web Server  ...)
	NOT-FOR-US: BarracudaDrive
CVE-2007-6315 (Group Chat in BarracudaDrive Web Server before 3.8 allows remote authe ...)
	NOT-FOR-US: BarracudaDrive
CVE-2007-6314 (BarracudaDrive Web Server before 3.8 allows remote attackers to read t ...)
	NOT-FOR-US: BarracudaDrive
CVE-2007-6313 (MySQL Server 5.1.x before 5.1.23 and 6.0.x before 6.0.4 does not check ...)
	- mysql-dfsg-5.0 <not-affected> (this only affects >= 5.1.x, update for experimental is on its way)
	- mysql-dfsg-4.1 <removed>
CVE-2007-6312 (Cross-site scripting (XSS) vulnerability in the logon page in Web Repo ...)
	NOT-FOR-US: Web Security Suite
CVE-2007-6311 (SQL injection vulnerability in (1) index.php, and possibly (2) admin/i ...)
	NOT-FOR-US: Falt4Extreme
CVE-2007-6310 (Multiple cross-site scripting (XSS) vulnerabilities in Falt4Extreme RC ...)
	NOT-FOR-US: Falt4Extreme
CVE-2007-6309 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in we ...)
	NOT-FOR-US: webSPELL
CVE-2007-6308 (Cross-site scripting (XSS) vulnerability in HttpLogger 0.8.1 allows re ...)
	NOT-FOR-US: HttpLogger
CVE-2007-6307 (Multiple cross-site scripting (XSS) vulnerabilities in clickstats.php  ...)
	NOT-FOR-US: wwwstats
CVE-2007-6306 (Multiple cross-site scripting (XSS) vulnerabilities in the image map f ...)
	- libjfreechart-java 1.0.9-1 (low; bug #456148)
	[sarge] - libjfreechart-java <no-dsa> (Contrib not supported)
CVE-2007-6305 (Multiple unspecified vulnerabilities in IBM Hardware Management Consol ...)
	NOT-FOR-US: IBM Hardware Management Console
CVE-2007-6302 (Multiple heap-based buffer overflows in avirus.exe in Novell NetMail 3 ...)
	NOT-FOR-US: Novell NetMail
CVE-2007-6301 (Cross-site scripting (XSS) vulnerability in compose.php in OpenNewslet ...)
	NOT-FOR-US: OpenNewsletter
CVE-2007-6300 (Cross-site request forgery (CSRF) vulnerability in Fusion News 3.9.0 a ...)
	NOT-FOR-US: Fusion News
CVE-2007-6298 (Cross-site scripting (XSS) vulnerability in the Shoutbox module for Dr ...)
	NOT-FOR-US: shoutbox (third party module for Drupal)
CVE-2007-6297 (Multiple cross-site scripting (XSS) vulnerabilities in PHPMyChat 0.14. ...)
	NOT-FOR-US: PHPMyChat
CVE-2007-6296 (PHP remote file inclusion vulnerability in users_popupL.php3 in phpMyC ...)
	NOT-FOR-US: PHPMyChat
CVE-2007-6295 (Cross-site scripting (XSS) vulnerability in the WebRunMenuFrame page i ...)
	NOT-FOR-US: IBM Lotus Sametime
CVE-2007-6294 (Multiple unspecified vulnerabilities in IBM Hardware Management Consol ...)
	NOT-FOR-US: IBM Hardware Management Console
CVE-2007-6293 (Multiple unspecified vulnerabilities in IBM Hardware Management Consol ...)
	NOT-FOR-US: IBM Hardware Management Console
CVE-2007-6292 (SQL injection vulnerability in leggi_commenti.asp in MWOpen 1.4 and ea ...)
	NOT-FOR-US: MWOpen
CVE-2007-6291 (SQL injection vulnerability in abm.aspx in Xigla Absolute Banner Manag ...)
	NOT-FOR-US: Xigla Absolute Banner Manager .NET
CVE-2007-6290 (Multiple directory traversal vulnerabilities in js/get_js.php in SERWe ...)
	NOT-FOR-US: SERWeb
CVE-2007-6289 (Multiple PHP remote file inclusion vulnerabilities in SerWeb 2.0.0 dev ...)
	NOT-FOR-US: SERWeb
CVE-2007-6288 (Multiple SQL injection vulnerabilities in TCExam before 5.1.000 allow  ...)
	NOT-FOR-US: TCExam
CVE-2007-6287 (Cross-site scripting (XSS) vulnerability in the login page in Lxlabs H ...)
	NOT-FOR-US: HyperVM
CVE-2007-6286 (Apache Tomcat 5.5.11 through 5.5.25 and 6.0.0 through 6.0.15, when the ...)
	- tomcat5.5 <not-affected> (Does not use apr connector)
	- tomcat5 <removed>
CVE-2007-6285 (The default configuration for autofs 5 (autofs5) in some Linux distrib ...)
	- autofs <not-affected> (-hosts feature not present, auto.net has nosuid,nodev)
	- autofs5 5.0.3-1
	NOTE: for autofs5 see 12disable_default_auto_master.dpatch
CVE-2007-6284 (The xmlCurrentChar function in libxml2 before 2.6.31 allows context-de ...)
	{DSA-1461-1}
	- libxml2 2.6.30.dfsg-3.1 (medium; bug #460292)
	- libxml 1.8.17-14.1 (medium)
CVE-2007-6283 (Red Hat Enterprise Linux 5 and Fedora install the Bind /etc/rndc.key f ...)
	- bind9 <not-affected> (On Debian this file is rw for user bind and just readable for group bind)
CVE-2007-6282 (The IPsec implementation in Linux kernel before 2.6.25 allows remote r ...)
	{DSA-1630-1}
	- linux-2.6 2.6.25-1
	- linux-2.6.24 2.6.24-6~etchnhalf.4
	NOTE: Upstream commit 920fc941a9617f95ccb283037fe6f8a38d95bb69
CVE-2007-6281 (Heap-based buffer overflow in Open File Manager service (ofmnt.exe) in ...)
	NOT-FOR-US: St. Bernard Open File Manager
CVE-2007-6304 (The federated engine in MySQL 5.0.x before 5.0.51a, 5.1.x before 5.1.2 ...)
	{DSA-1451-1}
	- mysql-dfsg-5.0 5.0.45-5 (low; bug #455737)
	- mysql-dfsg-4.1 <removed>
CVE-2007-6303 (MySQL 5.0.x before 5.0.51a, 5.1.x before 5.1.23, and 6.0.x before 6.0. ...)
	- mysql-dfsg-5.0 5.0.45-5 (low; bug #455737)
	- mysql-dfsg-4.1 <removed>
	[etch] - mysql-dfsg-5.0 <not-affected> (Vulnerable code introduced after 5.0.32)
CVE-2007-6299 (Multiple SQL injection vulnerabilities in Drupal and vbDrupal 4.7.x be ...)
	- drupal5 5.5-1
	- drupal 4.7.10-1
CVE-2007-6321 (Cross-site scripting (XSS) vulnerability in RoundCube webmail 0.1rc2,  ...)
	- roundcube 0.1~rc2-6 (low; bug #455840)
	NOTE: http://seclists.org/bugtraq/2007/Dec/0107.html
CVE-2007-6280
	RESERVED
CVE-2007-6279 (Multiple double free vulnerabilities in Free Lossless Audio Codec (FLA ...)
	- flac 1.2.1-1 (unimportant)
	NOTE: According to upstream this issue is not exploitable for code injection
	NOTE: due to the layout of the seektable memory
CVE-2007-6278 (Free Lossless Audio Codec (FLAC) libFLAC before 1.2.1 allows user-assi ...)
	- flac 1.2.1-1 (unimportant)
	NOTE: Such validations are within the responsibility of the respective applications
CVE-2007-6277 (Multiple buffer overflows in Free Lossless Audio Codec (FLAC) libFLAC  ...)
	{DSA-1469-1}
	- flac 1.2.1-1
CVE-2007-6276 (The accept_connections function in the virtual private network daemon  ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2007-6275 (SQL injection vulnerability in modules/adresses/ratefile.php in bcoos  ...)
	NOT-FOR-US: bcoos
CVE-2007-6274 (Multiple cross-site scripting (XSS) vulnerabilities in modules/ecal/di ...)
	NOT-FOR-US: bcoos
CVE-2007-6273 (Multiple format string vulnerabilities in the configuration file in So ...)
	NOT-FOR-US: SonicWALL GLobal VPN Client
CVE-2007-6272 (Multiple SQL injection vulnerabilities in index.php in Joomla! 1.5 RC3 ...)
	NOT-FOR-US: Joomla!
CVE-2007-6271 (Absolute News Manager.NET 5.1 allows remote attackers to obtain sensit ...)
	NOT-FOR-US: Absolute News Manager.NET
CVE-2007-6270 (Multiple cross-site scripting (XSS) vulnerabilities in Absolute News M ...)
	NOT-FOR-US: Absolute News Manager.NET
CVE-2007-6269 (Multiple SQL injection vulnerabilities in xlaabsolutenm.aspx in Absolu ...)
	NOT-FOR-US: Absolute News Manager.NET
CVE-2007-6268 (Directory traversal vulnerability in pages/default.aspx in Absolute Ne ...)
	NOT-FOR-US: Absolute News Manager.NET
CVE-2007-6267 (Citrix EdgeSight 4.2 and 4.5 for Presentation Server, EdgeSight 4.2 an ...)
	NOT-FOR-US: Citrix EdgeSight
CVE-2007-6266 (Multiple SQL injection vulnerabilities in bcoos 1.0.10 and earlier all ...)
	NOT-FOR-US: bcoos
CVE-2007-6265 (Unspecified vulnerability in avast! 4 Home and Professional Editions b ...)
	NOT-FOR-US: avast!
CVE-2007-6264
	RESERVED
CVE-2007-6263 (The dataconn function in ftpd.c in netkit ftpd (netkit-ftpd) 0.17, whe ...)
	- linux-ftpd-ssl 0.17.18+0.3-9.1 (low; bug #454733)
	[sarge] - linux-ftpd-ssl <no-dsa> (Minor issue)
	[etch] - linux-ftpd-ssl <no-dsa> (Minor issue)
CVE-2007-6262 (A certain ActiveX control in axvlc.dll in VideoLAN VLC 0.8.6 before 0. ...)
	- vlc <not-affected> (Windows only issue)
CVE-2007-6261 (Integer overflow in the load_threadstack function in the Mach-O loader ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2007-6260 (The installation process for Oracle 10g and llg uses accounts with def ...)
	NOT-FOR-US: Oracle
CVE-2007-6259
	RESERVED
CVE-2007-6258 (Multiple stack-based buffer overflows in the legacy mod_jk2 2.0.3-DEV  ...)
	- libapache2-mod-jk2 2.0.4-1
CVE-2007-6257
	RESERVED
CVE-2007-6256
	REJECTED
CVE-2007-6255 (Buffer overflow in the Microsoft HeartbeatCtl ActiveX control in HRTBE ...)
	NOT-FOR-US: Microsoft HRTBEAT.OCX
CVE-2007-6254 (Stack-based buffer overflow in the SAP Business Objects BusinessObject ...)
	NOT-FOR-US: SAP
CVE-2007-6253 (Multiple buffer overflows in Adobe Form Designer 5.0 and Form Client 5 ...)
	NOT-FOR-US: Adobe Form Designer
CVE-2007-6252 (Multiple stack-based buffer overflows in the Learn2 Corporation STRunn ...)
	NOT-FOR-US: Street Technologies
CVE-2007-6251
	RESERVED
CVE-2007-6250 (Stack-based buffer overflow in AOL AOLMediaPlaybackControl (AOLMediaPl ...)
	NOT-FOR-US: AmpX ActiveX control
CVE-2007-6249 (etc-update in Portage before 2.1.3.11 on Gentoo Linux relies on the um ...)
	NOT-FOR-US: Gentoo portage
CVE-2007-6248
	RESERVED
CVE-2007-6247
	REJECTED
CVE-2007-6246 (Adobe Flash Player 9.x up to 9.0.48.0, 8.x up to 8.0.35.0, and 7.x up  ...)
	- flashplugin-nonfree 9.0.115.0.1
	[sarge] - flashplugin-nonfree <no-dsa> (Contrib not supported)
	[etch] - flashplugin-nonfree <no-dsa> (Contrib not supported)
CVE-2007-6245 (Adobe Flash Player 9.x up to 9.0.48.0, 8.x up to 8.0.35.0, and 7.x up  ...)
	- flashplugin-nonfree 9.0.115.0.1
	[sarge] - flashplugin-nonfree <no-dsa> (Contrib not supported)
	[etch] - flashplugin-nonfree <no-dsa> (Contrib not supported)
CVE-2007-6244 (Multiple cross-site scripting (XSS) vulnerabilities in Adobe Flash Pla ...)
	- flashplugin-nonfree 9.0.115.0.1
	[sarge] - flashplugin-nonfree <no-dsa> (Contrib not supported)
	[etch] - flashplugin-nonfree <no-dsa> (Contrib not supported)
CVE-2007-6243 (Adobe Flash Player 9.x up to 9.0.48.0, 8.x up to 8.0.35.0, and 7.x up  ...)
	- flashplugin-nonfree 9.0.115.0.1
	[sarge] - flashplugin-nonfree <no-dsa> (Contrib not supported)
	[etch] - flashplugin-nonfree <no-dsa> (Contrib not supported)
CVE-2007-6242 (Unspecified vulnerability in Adobe Flash Player 9.0.48.0 and earlier m ...)
	- flashplugin-nonfree 9.0.115.0.1
	[sarge] - flashplugin-nonfree <no-dsa> (Contrib not supported)
	[etch] - flashplugin-nonfree <no-dsa> (Contrib not supported)
CVE-2007-6241 (Multiple unspecified vulnerabilities in Beehive Forum 0.7.1 have unkno ...)
	NOT-FOR-US: Beehive Forum
CVE-2007-6240 (SQL injection vulnerability in active.asp in Snitz Forums 2000 3.4.06  ...)
	NOT-FOR-US: Snitz Forums
CVE-2007-6239 (The "cache update reply processing" functionality in Squid 2.x before  ...)
	{DSA-1646-2 DSA-1482-1}
	- squid 2.6.17-1 (medium; bug #455910)
CVE-2007-6238 (Unspecified vulnerability in Apple QuickTime 7.2 on Windows XP allows  ...)
	NOT-FOR-US: Apple QuickTime
CVE-2007-6237 (cp.php in DeluxeBB 1.09 does not verify that the membercookie paramete ...)
	NOT-FOR-US: DeluxeBB
CVE-2007-6236 (Microsoft Windows Media Player (WMP) allows remote attackers to cause  ...)
	NOT-FOR-US: Microsoft Windows Media Player
CVE-2007-6235 (A certain ActiveX control in RealNetworks RealPlayer 11 allows remote  ...)
	NOT-FOR-US: RealNetworks RealPlayer 11
CVE-2007-6234 (index.php in FTP Admin 0.1.0 allows remote attackers to bypass authent ...)
	NOT-FOR-US: FTP Admin 0.1.0
CVE-2007-6233 (Directory traversal vulnerability in index.php in FTP Admin 0.1.0 allo ...)
	NOT-FOR-US: FTP Admin 0.1.0
CVE-2007-6232 (Cross-site scripting (XSS) vulnerability in index.php in FTP Admin 0.1 ...)
	NOT-FOR-US: FTP Admin 0.1.0
CVE-2007-6231 (Multiple PHP remote file inclusion vulnerabilities in tellmatic 1.0.7  ...)
	NOT-FOR-US: tellmatic
CVE-2007-6230 (Directory traversal vulnerability in common/classes/class_HeaderHandle ...)
	NOT-FOR-US: Rayzz
CVE-2007-6229 (PHP remote file inclusion vulnerability in common/classes/class_Header ...)
	NOT-FOR-US: Rayzz
CVE-2007-6228 (Stack-based buffer overflow in the Helper class in the yt.ythelper.2 A ...)
	NOT-FOR-US: Yahoo! Toolbar
CVE-2007-6227 (QEMU 0.9.0 allows local users of a Windows XP SP2 guest operating syst ...)
	- qemu <not-affected> (Windows issue)
CVE-2007-6226 (The American Power Conversion (APC) AP7932 0u 30amp Switched Rack Powe ...)
	NOT-FOR-US: American Power Conversion (APC)
CVE-2007-6225 (Unspecified vulnerability in Sun Solaris 10, when 64bit mode is used o ...)
	NOT-FOR-US: Sun Solaris 10
CVE-2007-6224 (The RealNetworks RealAudioObjects.RealAudio ActiveX control in rmoc326 ...)
	NOT-FOR-US: RealAudioObjects.RealAudio ActiveX
CVE-2007-6223 (SQL injection vulnerability in garage.php in phpBB Garage 1.2.0 Beta3  ...)
	NOT-FOR-US: phpBB Garage
CVE-2007-6222 (The CheckCustomerAccess function in functions.php in CRM-CTT Interleav ...)
	NOT-FOR-US: Interleave
CVE-2007-6221 (TuMusika Evolution 1.7R5 allows remote attackers to obtain configurati ...)
	NOT-FOR-US: TuMusika
CVE-2007-6220 (typespeed before 0.6.4 allows remote attackers to cause a denial of se ...)
	- typespeed 0.6.4-1 (unimportant; bug #454527)
CVE-2007-6219 (Cross-site scripting (XSS) vulnerability in IBM Tivoli Netcool Securit ...)
	NOT-FOR-US: IBM Tivoli Netcool Security Manager
CVE-2007-6218 (Multiple PHP remote file inclusion vulnerabilities in Ossigeno CMS 2.2 ...)
	NOT-FOR-US: Ossigeno CMS
CVE-2007-6217 (Multiple SQL injection vulnerabilities in login.asp in Irola My-Time ( ...)
	NOT-FOR-US: Irola My-Time
CVE-2007-6216 (Race condition in the Fibre Channel protocol (fcp) driver and Devices  ...)
	NOT-FOR-US: Sun Solaris
CVE-2007-6215 (Multiple directory traversal vulnerabilities in play.php in Web-MeetMe ...)
	NOT-FOR-US: Web-MeetMe
CVE-2007-6214 (Directory traversal vulnerability in include/file_download.php in Lear ...)
	NOT-FOR-US: LearnLoop
CVE-2007-6213 (Multiple directory traversal vulnerabilities in mod/chat/index.php in  ...)
	NOT-FOR-US: WebED
CVE-2007-6212 (Directory traversal vulnerability in region.php in KML share 1.1 allow ...)
	NOT-FOR-US: KML share
CVE-2007-6207 (Xen 3.x, possibly before 3.1.2, when running on IA64 systems, does not ...)
	- xen-3 3.1.2-1
CVE-2007-6206 (The do_coredump function in fs/exec.c in Linux kernel 2.4.x and 2.6.x  ...)
	{DSA-1503-2 DSA-1504-1 DSA-1503-1 DSA-1436-1}
	- linux-2.6 2.6.24-1
	- linux-2.6.24 <not-affected> (Fixed before initial upload, upstream in 2.6.24)
CVE-2007-6205 (Cross-site scripting (XSS) vulnerability in the remote RSS sidebar plu ...)
	{DSA-1528-1}
	- serendipity 1.2.1-1 (low)
CVE-2007-6204 (Multiple stack-based buffer overflows in HP OpenView Network Node Mana ...)
	NOT-FOR-US: HP OpenView
CVE-2007-6203 (Apache HTTP Server 2.0.x and 2.2.x does not sanitize the HTTP Method s ...)
	- apache2 2.2.6-3 (low)
	[sarge] - apache2 <no-dsa> (minor issue)
	- apache <not-affected> (vulnerable code not present)
	NOTE: Might be exploitable with older flash plugins via HTTP Request Splitting
	[etch] - apache2 2.2.3-4+etch4
CVE-2007-6208 (sylprint.pl in claws mail tools (claws-mail-tools) allows local users  ...)
	- claws-mail 3.1.0-2 (low; bug #454089)
CVE-2007-6210 (zabbix_agentd 1.1.4 in ZABBIX before 1.4.3 runs "UserParameter" script ...)
	{DSA-1420-1 DTSA-93-1}
	- zabbix 1:1.4.2-4 (bug #452682)
CVE-2007-6202 (SQL injection vulnerability in plugins/search/search.php in Neocrome S ...)
	NOT-FOR-US: Neocrome Seditio CMS
CVE-2007-6211 (Send ICMP Nasty Garbage (sing) on Debian GNU/Linux allows local users  ...)
	- sing 1.1-16 (low; bug #454167)
	[etch] - sing 1.1-13etch1
	[sarge] - sing 1.1-9sarge1
CVE-2007-6209 (Util/difflog.pl in zsh 4.3.4 allows local users to overwrite arbitrary ...)
	- zsh 4.3.4-dev-3-2 (low; bug #454073)
	[etch] - zsh <no-dsa> (Minor issue)
	[sarge] - zsh <no-dsa> (Minor issue)
CVE-2007-6201 (Unspecified vulnerability in Wesnoth 1.2.x before 1.2.8, and 1.3.x bef ...)
	- wesnoth 1:1.2.8-1 (low)
	[etch] - wesnoth 1.2-4
	[sarge] - wesnoth 0.9.0-8
CVE-2007-6200 (Unspecified vulnerability in rsync before 3.0.0pre6, when running a wr ...)
	- rsync 2.6.9-6 (low; bug #453652)
	[etch] - rsync <no-dsa> (Minor issue)
CVE-2007-6199 (rsync before 3.0.0pre6, when running a writable rsync daemon that is n ...)
	- rsync 2.6.9-6 (unimportant; bug #453652)
	NOTE: Security feature enhancement, not really a security problem
CVE-2007-6198 (portal/server.pt in the Plumtree portal in BEA AquaLogic Interaction 5 ...)
	NOT-FOR-US: Plumtree
CVE-2007-6197 (The Plumtree portal in BEA AquaLogic Interaction 5.0.2 through 5.0.4 a ...)
	NOT-FOR-US: Plumtree
CVE-2007-6196 (Cross-site scripting (XSS) vulnerability in util.php in Calacode @Mail ...)
	NOT-FOR-US: Calacode
CVE-2007-6195 (Buffer overflow in the sw_rpc_agent_init function in swagentd in Softw ...)
	NOT-FOR-US: HP-UX
CVE-2007-6194 (Unspecified vulnerability in HP Select Identity 4.01 before 4.01.012 a ...)
	NOT-FOR-US: HP Select Identity
CVE-2007-6193 (The web management interface in Citrix NetScaler 8.0 build 47.8 stores ...)
	NOT-FOR-US: Citrix
CVE-2007-6192 (The web management interface in Citrix NetScaler 8.0 build 47.8 uses w ...)
	NOT-FOR-US: Citrix
CVE-2007-6191 (Multiple PHP remote file inclusion vulnerabilities in Armin Burger p.m ...)
	NOT-FOR-US: Armin Burger p.mapper
CVE-2007-6190 (The HTTP daemon in the Cisco Unified IP Phone, when the Extension Mobi ...)
	NOT-FOR-US: Cisco Unified IP Phone
CVE-2007-6189 (A certain ActiveX control in (1) OScan8.ocx and (2) Oscan81.ocx in Bit ...)
	NOT-FOR-US: BitDefender Online Anti-Virus Scanner
CVE-2007-6188 (Multiple directory traversal vulnerabilities in TuMusika Evolution 1.7 ...)
	NOT-FOR-US: TuMusika Evolution
CVE-2007-6187 (Multiple directory traversal vulnerabilities in PHP Content Architect  ...)
	NOT-FOR-US: PHP Content Architect
CVE-2007-6186 (Unspecified vulnerability in PHPDevShell before 0.7.0 has unknown impa ...)
	NOT-FOR-US: PHPDevShell
CVE-2007-6185 (Directory traversal vulnerability in users/files.php in Eurologon CMS  ...)
	NOT-FOR-US: Eurologon CMS
CVE-2007-6184 (Directory traversal vulnerability in index.php in Project Alumni 1.0.9 ...)
	NOT-FOR-US: Project Alumni
CVE-2007-6182 (The responder program in ISPsystem ISPmanager (aka ISPmgr) 4.2.15.1 al ...)
	NOT-FOR-US: ISPmanager
CVE-2007-6181 (Heap-based buffer overflow in cygwin1.dll in Cygwin 1.5.7 and earlier  ...)
	NOT-FOR-US: Cygwin
CVE-2007-6180 (Race condition in the Remote Procedure Call kernel module (rpcmod) in  ...)
	NOT-FOR-US: Solaris
CVE-2007-6179 (Multiple PHP remote file inclusion vulnerabilities in Charray's CMS 0. ...)
	NOT-FOR-US: Charray's CMS
CVE-2007-6178 (Multiple PHP remote file inclusion vulnerabilities in Easy Hosting Con ...)
	NOT-FOR-US: Easy Hosting Control Panel for Ubuntu
CVE-2007-6177 (PHP remote file inclusion vulnerability in Exchange/include.php in PHP ...)
	NOT-FOR-US: PHP-CON
CVE-2007-6176 (kb_whois.cgi in K+B-Bestellsystem (aka KB-Bestellsystem) allows remote ...)
	NOT-FOR-US: KB-Bestellsystem
CVE-2007-6175 (Buffer overflow in Lhaplus 1.55 and earlier allows remote attackers to ...)
	NOT-FOR-US: Lhaplus
CVE-2007-6174 (PHPDevShell before 0.7.0 allows remote authenticated users to gain pri ...)
	NOT-FOR-US: PHPDevShell
CVE-2007-6173 (Cross-site scripting (XSS) vulnerability in c/portal/login in Liferay  ...)
	- liferay-portal <itp> (bug #569819)
CVE-2007-6172 (Multiple SQL injection vulnerabilities in wpQuiz 2.7 allow remote atta ...)
	NOT-FOR-US: wpQuiz
CVE-2007-6169 (SQL injection vulnerability in admin/index2.asp in GOUAE DWD Realty al ...)
	NOT-FOR-US: GOUAE DWD Realty
CVE-2007-6168 (SQL injection vulnerability in default.asp in VU Case Manager allows r ...)
	NOT-FOR-US: VU Case Manager
CVE-2007-6167 (Untrusted search path vulnerability in yast2-core in SUSE Linux might  ...)
	NOT-FOR-US: Yast2
CVE-2007-6166 (Stack-based buffer overflow in Apple QuickTime before 7.3.1, as used i ...)
	NOT-FOR-US: Apple QuickTime
CVE-2007-6165 (Mail in Apple Mac OS X Leopard (10.5.1) allows user-assisted remote at ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2007-6164 (Multiple SQL injection vulnerabilities in Eurologon CMS allow remote a ...)
	NOT-FOR-US: Eurologon CMS
CVE-2007-6163 (SQL injection vulnerability in admin/index2.asp in GOUAE DWD Realty al ...)
	NOT-FOR-US: GOUAE DWD Realty
CVE-2007-6162 (Cross-site scripting (XSS) vulnerability in index.php in FMDeluxe 2.1. ...)
	NOT-FOR-US: FMDeluxe
CVE-2007-6161 (index.php in Tilde CMS 4.x and earlier allows remote attackers to obta ...)
	NOT-FOR-US: Tilde CMS
CVE-2007-6160 (Cross-site scripting (XSS) vulnerability in index.php in Tilde CMS 4.x ...)
	NOT-FOR-US: Tilde CMS
CVE-2007-6159 (SQL injection vulnerability in index.php in Tilde CMS 4.x and earlier  ...)
	NOT-FOR-US: Tilde CMS
CVE-2007-6158 (Multiple SQL injection vulnerabilities in caladmin.inc.php in Proverbs ...)
	NOT-FOR-US: Proverbs Web Calendar
CVE-2007-6157 (Cross-site scripting (XSS) vulnerability in index.php in SimpleGallery ...)
	NOT-FOR-US: SimpleGallery
CVE-2007-6156 (Multiple cross-site scripting (XSS) vulnerabilities in base_qry_main.p ...)
	- acidbase 1.3.9-1 (low; bug #453838)
	[etch] - acidbase <not-affected> (vulnerable code not present, in etch acidbase exits in this case)
CVE-2007-6155
	RESERVED
CVE-2007-6154
	RESERVED
CVE-2007-6153
	RESERVED
CVE-2007-6152
	RESERVED
CVE-2007-6151 (The isdn_ioctl function in isdn_common.c in Linux kernel 2.6.23 allows ...)
	{DSA-1503-2 DSA-1504-1 DSA-1503-1 DSA-1479-1}
	- linux-2.6 2.6.23-2
CVE-2007-6149 (Multiple integer overflows in the Edge server in Adobe Flash Media Ser ...)
	NOT-FOR-US: Adobe Flash Media Server
CVE-2007-6148 (Use-after-free vulnerability in the Edge server in Adobe Flash Media S ...)
	NOT-FOR-US: Adobe Flash Media Server
CVE-2007-6147 (Multiple PHP remote file inclusion vulnerabilities in IAPR COMMENCE 1. ...)
	NOT-FOR-US: IAPR COMMENCE
CVE-2007-6146 (Hitachi JP1/File Transmission Server/FTP 01-00 through 08-10-02 on Win ...)
	NOT-FOR-US: JP1/File Transmission Server/FTP on windows
CVE-2007-6145 (Unspecified vulnerability in Hitachi JP1/File Transmission Server/FTP  ...)
	NOT-FOR-US: Hitachi JP1/File Transmission Server/FTP
CVE-2007-6144 (Heap-based buffer overflow in the PPlayer.XPPlayer.1 ActiveX control i ...)
	NOT-FOR-US: Xunlei Thunder
CVE-2007-6143 (SQL injection vulnerability in default.asp (aka the Login Page) in VU  ...)
	NOT-FOR-US: VU Case Manager
CVE-2007-6142 (Multiple cross-site scripting (XSS) vulnerabilities in ph03y3nk just a ...)
	NOT-FOR-US: JAF CMS
CVE-2007-6141 (Cross-site scripting (XSS) vulnerability in vBTube.php in vBTube 1.1 B ...)
	NOT-FOR-US: vBTube
CVE-2007-6140 (Multiple SQL injection vulnerabilities in Dora Emlak 2.0 allow remote  ...)
	NOT-FOR-US: Dora Emlak
CVE-2007-6139 (PHP remote file inclusion vulnerability in index.php in Mp3 ToolBox 1. ...)
	NOT-FOR-US: Mp3 ToolBox
CVE-2007-6138 (SQL injection vulnerability in redir.asp in VU Mass Mailer allows remo ...)
	NOT-FOR-US: VU Mass Mailer
CVE-2007-6137 (SQL injection vulnerability in news.php in Content Injector 1.52 allow ...)
	NOT-FOR-US: Content Injector
CVE-2007-6136 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in M2 ...)
	NOT-FOR-US: M2Scripts MySpace Scripts
CVE-2007-6135 (Cross-site scripting (XSS) vulnerability in phpslideshow.php in PHPSli ...)
	NOT-FOR-US: PHPSlideShow
CVE-2007-6134 (SQL injection vulnerability in pkinc/public/article.php in PHPKIT 1.6. ...)
	NOT-FOR-US: PHPKIT
CVE-2007-6133 (PHP remote file inclusion vulnerability in admin/kfm/initialise.php in ...)
	NOT-FOR-US: DevMass Shopping Cart
CVE-2007-6183 (Format string vulnerability in the mdiag_initialize function in gtk/sr ...)
	{DSA-1431-1 DTSA-102-1}
	- ruby-gnome2 0.16.0-10 (medium; bug #453689)
CVE-2007-6171 (SQL injection vulnerability in the Postgres Realtime Engine (res_confi ...)
	- asterisk 1:1.4.15~dfsg-1 (medium)
	[sarge] - asterisk <not-affected> (Vulnerable code not present)
	[etch] - asterisk <not-affected> (Vulnerable code not present)
CVE-2007-6170 (SQL injection vulnerability in the Call Detail Record Postgres logging ...)
	{DSA-1417-1}
	- asterisk 1:1.4.15~dfsg-1 (medium)
CVE-2007-6150 (The "internal state tracking" code for the random and urandom devices  ...)
	- kfreebsd-7 7.0~cvs20080107-1
	- kfreebsd-6 6.3~cvs20080107-1
	- kfreebsd-5 <removed> (medium; bug #453944)
	[etch] - kfreebsd-5 <no-dsa> (kfreebsd not supported)
CVE-2007-6132
	REJECTED
CVE-2007-6131 (buttonpressed.sh in scanbuttond 0.2.3 allows local users to overwrite  ...)
	- scanbuttond 0.2.3-6 (unimportant; bug #453239)
	NOTE: this is just an example script, maintainer adds a note about it
	NOTE: 0.2.3-6 adds a security note about this script
CVE-2007-6130 (gnump3d 2.9final does not apply password protection to its plugins, wh ...)
	- gnump3d 3.0-1 (medium)
	[sarge] - gnump3d <not-affected> (Vulnerable code not present)
	[etch] - gnump3d <not-affected> (Vulnerable code not present)
CVE-2007-6129 (Directory traversal vulnerability in scripts/include/show_content.php  ...)
	NOT-FOR-US: Amber script
CVE-2007-6128 (SQL injection vulnerability in events.php in WorkingOnWeb 2.0.1400 all ...)
	NOT-FOR-US: WorkingOnWeb
CVE-2007-6127 (Multiple SQL injection vulnerabilities in project alumni 1.0.9 and ear ...)
	NOT-FOR-US: Alumni
CVE-2007-6126 (Multiple cross-site scripting (XSS) vulnerabilities in project alumni  ...)
	NOT-FOR-US: Alumni
CVE-2007-6125 (SQL injection vulnerability in search_form.php in Softbiz Freelancers  ...)
	NOT-FOR-US: Softbiz Freelancers Script
CVE-2007-6124 (Cross-site scripting (XSS) vulnerability in signin.php in Softbiz Free ...)
	NOT-FOR-US: Softbiz Freelancers Script
CVE-2007-6123 (Unspecified vulnerability in IRC Services 5.1.8 has unknown impact and ...)
	NOT-FOR-US: IRC Services
CVE-2007-6122 (The default_encrypt function in encrypt.c in IRC Services before 5.0.6 ...)
	NOT-FOR-US: IRC Services
CVE-2007-6110 (Cross-site scripting (XSS) vulnerability in htsearch in htdig 3.2.0b6  ...)
	{DSA-1429-1}
	- htdig 1:3.2.0b6-4 (low; bug #453278)
	[sarge] - htdig <not-affected> (Vulnerable code not present)
CVE-2007-6109 (Stack-based buffer overflow in emacs allows user-assisted attackers to ...)
	{DTSA-98-1 DTSA-99-1}
	- emacs22 22.1+1-2.2 (bug #455432)
	- emacs21 21.4a+1-5.2 (bug #455433)
	[etch] - emacs21 <no-dsa> (Minor issue, .el scripts opened need to be trusted)
	- xemacs21 21.4.21-4 (bug #457764)
	[etch] - xemacs21 <no-dsa> (Minor issue, .el scripts opened need to be trusted)
CVE-2007-6108
	RESERVED
CVE-2007-6107
	RESERVED
CVE-2007-6106 (SQL injection vulnerability in index.php in AlstraSoft E-Friends 4.98  ...)
	NOT-FOR-US: AlstraSoft E-Friends
CVE-2007-6105 (Multiple PHP remote file inclusion vulnerabilities in TalkBack 2.2.7 a ...)
	NOT-FOR-US: TalkBack
CVE-2007-6104 (Cross-site scripting (XSS) vulnerability in the Instant Web Publishing ...)
	NOT-FOR-US: FileMaker Pro
CVE-2007-6103 (I Hear U (IHU) 0.5.6 and earlier allows remote attackers to cause (1)  ...)
	- ihu 0.5.6-3.1 (unimportant; bug #453280)
	NOTE: Would only terminate normal phone call by hanging up, not a real security bug
CVE-2007-6102 (Cross-site scripting (XSS) vulnerability in Feed to JavaScript (Feed2J ...)
	NOT-FOR-US: feed2js
CVE-2007-6101 (Ability Mail Server before 2.61 allows remote authenticated users to c ...)
	NOT-FOR-US: Ability Mail Server
CVE-2007-6100 (Cross-site scripting (XSS) vulnerability in libraries/auth/cookie.auth ...)
	- phpmyadmin 4:2.11.2.2-1
	[sarge] - phpmyadmin <not-affected> (Vulnerable code not present)
	[etch] - phpmyadmin <not-affected> (Vulnerable code not present)
	NOTE: https://www.phpmyadmin.net/security/PMASA-2007-8/
	NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/960064b55f68cd74969e8f0eee56da045f6ea57a
CVE-2007-6099 (Unspecified vulnerability in Ingate Firewall before 4.6.0 and SIParato ...)
	NOT-FOR-US: Ingate Firewall Siparator
CVE-2007-6098 (Ingate Firewall before 4.6.0 and SIParator before 4.6.0 do not log tru ...)
	NOT-FOR-US: Ingate Firewall Siparator
CVE-2007-6097 (Unspecified vulnerability in the ICMP implementation in Ingate Firewal ...)
	NOT-FOR-US: Ingate Firewall Siparator
CVE-2007-6096 (Ingate Firewall before 4.6.0 and SIParator before 4.6.0 use cleartext  ...)
	NOT-FOR-US: Ingate Firewall Siparator
CVE-2007-6095 (The SIP component in Ingate Firewall before 4.6.0 and SIParator before ...)
	NOT-FOR-US: Ingate Firewall Siparator
CVE-2007-6094 (The IPsec module in the VPN component in Ingate Firewall before 4.6.0  ...)
	NOT-FOR-US: Ingate Firewall Siparator
CVE-2007-6093 (The SRTP implementation in Ingate Firewall before 4.6.0 and SIParator  ...)
	NOT-FOR-US: Ingate Firewall Siparator
CVE-2007-6092 (Buffer overflow in libsrtp in Ingate Firewall before 4.6.0 and SIParat ...)
	NOT-FOR-US: Ingate Firewall Siparator
CVE-2007-6091 (Multiple SQL injection vulnerabilities in files/login.asp in JiRo's Ba ...)
	NOT-FOR-US: JiRo's Banner System (JBS)
CVE-2007-6090 (Cross-site scripting (XSS) vulnerability in index.php in Nuked-Klan 1. ...)
	NOT-FOR-US: Nuked-Klan
CVE-2007-6089 (PHP remote file inclusion vulnerability in index.php in meBiblio 0.4.5 ...)
	NOT-FOR-US: meBiblio
CVE-2007-6088 (PHP remote file inclusion vulnerability in includes/functions_mod_user ...)
	NOT-FOR-US: phpBBViet
CVE-2007-6087 (Cross-site request forgery (CSRF) vulnerability in index.php in Vigile ...)
	NOT-FOR-US: VigileCMS
CVE-2007-6086 (Directory traversal vulnerability in index.php in VigileCMS 1.4 allows ...)
	NOT-FOR-US: VigileCMS
CVE-2007-6085 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in Vi ...)
	NOT-FOR-US: VigileCMS
CVE-2007-6084 (SQL injection vulnerability in software-description.php in HotScripts  ...)
	NOT-FOR-US: HotScripts Clone script
CVE-2007-6083 (SQL injection vulnerability in admin/index.php in IceBB 1.0-rc6 allows ...)
	NOT-FOR-US: IceBB
CVE-2007-6082 (Direct static code injection vulnerability in acp/savenews.php in Sciu ...)
	NOT-FOR-US: Sciurus Hosting Panel
CVE-2007-6081 (AdventNet EventLog Analyzer build 4030 for Windows, and possibly other ...)
	NOT-FOR-US: Windows
CVE-2007-6080 (SQL injection vulnerability in modules/banners/click.php in the banner ...)
	NOT-FOR-US: bcoos
CVE-2007-6079 (Directory traversal vulnerability in include/common.php in bcoos 1.0.1 ...)
	NOT-FOR-US: bcoos
CVE-2007-6078 (Multiple SQL injection vulnerabilities in SkyPortal RC6 allow remote a ...)
	NOT-FOR-US: SkyPortal
CVE-2007-6076
	RESERVED
CVE-2007-6075
	RESERVED
CVE-2007-6074
	RESERVED
CVE-2007-6073
	RESERVED
CVE-2007-6072
	RESERVED
CVE-2007-6071
	RESERVED
CVE-2007-6070
	REJECTED
CVE-2007-6069
	RESERVED
CVE-2007-6068
	RESERVED
CVE-2007-6067 (Algorithmic complexity vulnerability in the regular expression parser  ...)
	{DSA-1463-1 DSA-1460-1}
	- postgresql-8.2 8.2.6-1
	- postgresql-8.1 8.1.11-1
	- tcl8.3 8.3.5-13
	[etch] - tcl8.3 <no-dsa> (Minor issue)
	- tcl8.4 8.4.17-1
	[etch] - tcl8.4 <no-dsa> (Minor issue)
	[sarge] - postgresql <unfixed>
CVE-2007-6066
	RESERVED
CVE-2007-6065
	RESERVED
CVE-2007-6064
	RESERVED
CVE-2007-6063 (Buffer overflow in the isdn_net_setcfg function in isdn_net.c in Linux ...)
	{DSA-1503-2 DSA-1504-1 DSA-1503-1 DSA-1436-1}
	- linux-2.6 2.6.23-2
CVE-2007-6062 (irc-channel.c in ngIRCd before 0.10.3 allows remote attackers to cause ...)
	- ngircd 0.10.3-1 (bug #451875)
	[etch] - ngircd 0.10.0-2etch1
CVE-2007-6061 (Audacity 1.3.2 creates a temporary directory with a predictable name w ...)
	- audacity 1.3.4-1.1 (bug #453283; low)
	[etch] - audacity <no-dsa> (Minor issue)
CVE-2007-6060 (AhnLab Antivirus 3 Internet Security 2008 Platinum appends data to a f ...)
	NOT-FOR-US: AhnLab Antivirus 3 Internet Security 2008 Platinum
CVE-2007-6059
	NOT-FOR-US: Javamail
CVE-2007-6058 (Multiple SQL injection vulnerabilities in index.php in ProfileCMS 1.0  ...)
	NOT-FOR-US: ProfileCMS
CVE-2007-6057 (PHP remote file inclusion vulnerability in index.php in datecomm Socia ...)
	NOT-FOR-US: datecomm Social Networking Script
CVE-2007-6056 (frame.html in Aida-Web (Aida Web) allows remote attackers to bypass a  ...)
	NOT-FOR-US: Aida-Web
CVE-2007-6055 (Cross-site scripting (XSS) vulnerability in c/portal/login in Liferay  ...)
	- liferay-portal <itp> (bug #569819)
CVE-2007-6054 (Cross-site scripting (XSS) vulnerability in the login page in the mana ...)
	NOT-FOR-US: Aruba 800 Mobility Controller
CVE-2007-6053 (IBM DB2 UDB 9.1 before Fixpak 4 does not properly handle use of large  ...)
	NOT-FOR-US: IBM DB2
CVE-2007-6052 (IBM DB2 UDB 9.1 before Fixpak 4 does not properly perform vector aggre ...)
	NOT-FOR-US: IBM DB2
CVE-2007-6051 (IBM DB2 UDB 9.1 before Fixpak 4 assigns incorrect privileges to the (1 ...)
	NOT-FOR-US: IBM DB2
CVE-2007-6050 (Unspecified vulnerability in DB2LICD in IBM DB2 UDB 9.1 before Fixpak  ...)
	NOT-FOR-US: IBM DB2
CVE-2007-6049 (Unspecified vulnerability in the SSL LOAD GSKIT action in IBM DB2 UDB  ...)
	NOT-FOR-US: IBM DB2
CVE-2007-6048 (IBM DB2 UDB 9.1 before Fixpak 4 uses incorrect permissions on ACLs for ...)
	NOT-FOR-US: IBM DB2
CVE-2007-6047 (Unspecified vulnerability in the DB2DART tool in IBM DB2 UDB 9.1 befor ...)
	NOT-FOR-US: IBM DB2
CVE-2007-6046 (Unspecified vulnerability in unspecified setuid programs in IBM DB2 UD ...)
	NOT-FOR-US: IBM DB2
CVE-2007-6045 (Unspecified vulnerability in (1) DB2WATCH and (2) DB2FREEZE in IBM DB2 ...)
	NOT-FOR-US: IBM DB2
CVE-2007-6044 (Multiple unspecified vulnerabilities in IBM WebSphere MQ 6.0 have unkn ...)
	NOT-FOR-US: IBM WebSphere
CVE-2007-6043 (The CryptGenRandom function in Microsoft Windows 2000 generates predic ...)
	NOT-FOR-US: Windows
CVE-2007-6042 (PHP remote file inclusion vulnerability in fehler.inc.php in SWSoft Co ...)
	NOT-FOR-US: SWSoft Confixx Professional
CVE-2007-6041 (Buffer overflow in the Sequencer::queueMessage function in sequencer.c ...)
	NOT-FOR-US: Rigs of Rods (RoR)
CVE-2007-6040 (The Belkin F5D7230-4 Wireless G Router allows remote attackers to caus ...)
	NOT-FOR-US: Belkin F5D7230-4 Wireless G Router
CVE-2007-6039 (PHP 5.2.5 and earlier allows context-dependent attackers to cause a de ...)
	- php5 5.2.5-1 (unimportant; bug #453295)
	NOTE: Not a vulnerability per Debian PHP security policy, requires malicious
	NOTE: script to trigger this issue
CVE-2007-6077 (The session fixation protection mechanism in cgi_process.rb in Rails 1 ...)
	- rails 1.2.6-1 (low; bug #452748)
CVE-2007-6111 (Multiple unspecified vulnerabilities in Wireshark (formerly Ethereal)  ...)
	{DTSA-92-1}
	- wireshark 0.99.7~pre1-1 (low; bug #452381)
	[etch] - wireshark <not-affected> (Vulnerable code not present)
	[sarge] - ethereal <not-affected> (Vulnerable code not present)
CVE-2007-6112 (Buffer overflow in the PPP dissector Wireshark (formerly Ethereal) 0.9 ...)
	{DTSA-92-1}
	- wireshark 0.99.7~pre1-1 (medium; bug #452381)
	[etch] - wireshark <not-affected> (Vulnerable code not present)
	[sarge] - ethereal <not-affected> (Vulnerable code not present)
CVE-2007-6113 (Integer signedness error in the DNP3 dissector in Wireshark (formerly  ...)
	{DTSA-92-1}
	- wireshark 0.99.6pre1-1 (low)
	[etch] - wireshark <no-dsa> (Minor issue, exotic dissector, very intrusive backport)
CVE-2007-6114 (Multiple buffer overflows in Wireshark (formerly Ethereal) 0.99.0 thro ...)
	{DSA-1414-1 DTSA-92-1}
	- wireshark 0.99.7~pre1-1 (medium; bug #452381)
	[sarge] - ethereal <not-affected> (Vulnerable code not present)
CVE-2007-6115 (Buffer overflow in the ANSI MAP dissector for Wireshark (formerly Ethe ...)
	{DTSA-92-1}
	- wireshark 0.99.7~pre1-1 (medium; bug #452381)
	[etch] - wireshark <not-affected> (Vulnerable code not present)
	[sarge] - ethereal <not-affected> (Vulnerable code not present)
CVE-2007-6116 (The Firebird/Interbase dissector in Wireshark (formerly Ethereal) 0.99 ...)
	{DTSA-92-1}
	- wireshark 0.99.7~pre1-1 (low; bug #452381)
	[etch] - wireshark <not-affected> (Vulnerable code not present)
	[sarge] - ethereal <not-affected> (Vulnerable code not present)
CVE-2007-6117 (Unspecified vulnerability in the HTTP dissector for Wireshark (formerl ...)
	{DSA-1414-1 DTSA-92-1}
	- wireshark 0.99.7~pre1-1 (bug #452381)
	[sarge] - ethereal <not-affected> (Vulnerable code not present)
CVE-2007-6118 (The MEGACO dissector in Wireshark (formerly Ethereal) 0.9.14 to 0.99.6 ...)
	{DSA-1414-1 DTSA-92-1}
	- wireshark 0.99.7~pre1-1 (low; bug #452381)
CVE-2007-6119 (The DCP ETSI dissector in Wireshark (formerly Ethereal) 0.99.6 allows  ...)
	{DTSA-92-1}
	- wireshark 0.99.7~pre1-1 (low; bug #452381)
	[etch] - wireshark <not-affected> (Vulnerable code not present)
	[sarge] - ethereal <not-affected> (Vulnerable code not present)
CVE-2007-6120 (The Bluetooth SDP dissector Wireshark (formerly Ethereal) 0.99.2 to 0. ...)
	{DSA-1414-1 DTSA-92-1}
	- wireshark 0.99.7~pre1-1 (low; bug #452381)
	[sarge] - ethereal <not-affected> (Vulnerable code not present)
CVE-2007-6121 (Wireshark (formerly Ethereal) 0.8.16 to 0.99.6 allows remote attackers ...)
	{DSA-1414-1 DTSA-92-1}
	- wireshark 0.99.7~pre1-1 (low; bug #452381)
CVE-2007-6038 (PHP remote file inclusion vulnerability in xajax_functions.php in the  ...)
	NOT-FOR-US: Joomla! extension
CVE-2007-6037 (Cross-site scripting (XSS) vulnerability in ws/generic_api_call.pl in  ...)
	NOT-FOR-US: Citrix NetScaler
CVE-2007-6036 (The parseRTSPRequestString function in LIVE555 Media Server 2007.11.01 ...)
	NOT-FOR-US: LIVE555 Media Server
CVE-2007-6034
	REJECTED
CVE-2007-6033 (Invensys Wonderware InTouch 8.0 creates a NetDDE share with insecure p ...)
	NOT-FOR-US: Invensys Wonderware InTouch
CVE-2007-6032 (SQL injection vulnerability in calendar/page.asp in Aleris Web Publish ...)
	NOT-FOR-US: Aleris Web Publishing Server
CVE-2007-6031 (Unspecified vulnerability in VanDyke VShell 3.0.1 allows remote attack ...)
	NOT-FOR-US: VanDyke VShell
CVE-2007-6030 (Unspecified vulnerability in Weird Solutions BOOTPTurbo 1.2 has unknow ...)
	NOT-FOR-US: Weird Solutions BOOTPTurbo
CVE-2007-6029 (Unspecified vulnerability in ClamAV 0.91.1 and 0.91.2 allows remote at ...)
	NOTE: this information is based upon a vague advisory by a vulnerability
	NOTE: information sales organization that does not coordinate with vendors or
	NOTE: release actionable advisories. So maybe it is not fixed _but_ since it is
	NOTE: not disclosed it would be hard to fix and track it.
CVE-2007-6028 (Multiple stack-based buffer overflows in the VSFlexGrid.VSFlexGridL Ac ...)
	NOT-FOR-US: ComponentOne FlexGrid
CVE-2007-6027 (PHP remote file inclusion vulnerability in admin.jjgallery.php in the  ...)
	NOT-FOR-US: Joomla! extension
CVE-2007-6026 (Stack-based buffer overflow in Microsoft msjet40.dll 4.0.8618.0 (aka M ...)
	NOT-FOR-US: Microsoft Jet Engine
CVE-2007-6025 (Stack-based buffer overflow in driver_wext.c in wpa_supplicant 0.6.0 a ...)
	- wpasupplicant 0.6.0-4
	[etch] - wpasupplicant <not-affected> (Vulnerable code not present)
	[sarge] - wpasupplicant <not-affected> (Vulnerable code not present)
CVE-2007-6024
	RESERVED
CVE-2007-6023
	RESERVED
CVE-2007-6022
	RESERVED
CVE-2007-6021 (Heap-based buffer overflow in Adobe PageMaker 7.0.1 and 7.0.2 allows u ...)
	NOT-FOR-US: Adobe PageMaker
CVE-2007-6020 (Multiple stack-based buffer overflows in foliosr.dll in the Folio Flat ...)
	NOT-FOR-US: KeyView
CVE-2007-6019 (Adobe Flash Player 9.0.115.0 and earlier, and 8.0.39.0 and earlier, al ...)
	- flashplugin-nonfree 1:1.4
CVE-2007-6018 (IMP Webmail Client 4.1.5, Horde Application Framework 3.1.5, and Horde ...)
	{DSA-1470-1}
	- horde3 3.1.6-1 (bug #461131; low)
	- imp4 <not-affected> (xss.php is only present in horde3 package)
CVE-2007-6017 (The PVATLCalendar.PVCalendar.1 ActiveX control in pvcalendar.ocx in th ...)
	NOT-FOR-US: Symantec Backup Exec
CVE-2007-6016 (Multiple stack-based buffer overflows in the PVATLCalendar.PVCalendar. ...)
	NOT-FOR-US: Symantec Backup Exec
CVE-2007-6015 (Stack-based buffer overflow in the send_mailslot function in nmbd in S ...)
	{DSA-1427-1 DTSA-100-1}
	- samba 3.0.28-1 (high)
CVE-2007-6014 (SQL injection vulnerability in post.php in Beehive Forum 0.7.1 and ear ...)
	NOT-FOR-US: Beehive Forum
CVE-2007-6013 (Wordpress 1.5 through 2.3.1 uses cookie values based on the MD5 hash o ...)
	- wordpress 2.5.0-1 (low; bug #452251)
	[etch] - wordpress <no-dsa> (Minor issue)
	NOTE: if untrusted people are allowed to read the database they could still
	NOTE: crack the hash with more work, so maybe this is unimportant?
CVE-2007-6012 (SQL injection vulnerability in SearchR.asp in DocuSafe 4.1.0 and 4.1.2 ...)
	NOT-FOR-US: DocuSafe
CVE-2007-6035 (SQL injection vulnerability in graph.php in Cacti before 0.8.7a allows ...)
	{DSA-1418-1}
	- cacti 0.8.7a-1 (medium; bug #452085)
CVE-2007-6011 (Unspecified vulnerability in main.php of BugHotel Reservation System b ...)
	NOT-FOR-US: BugHotel
CVE-2007-6010 (Unspecified vulnerability in pioneers (formerly gnocatan) 0.11.3 allow ...)
	{DTSA-89-1}
	- pioneers 0.11.3-2 (low; bug #449541)
	[etch] - pioneers <no-dsa> (Minor issue)
CVE-2007-6009 (Multiple buffer overflows in ACD products allow user-assisted remote a ...)
	NOT-FOR-US: ACD products
CVE-2007-6008 (Heap-based buffer overflow in emlsr.dll before 2.0.0.4 in Autonomy (fo ...)
	NOT-FOR-US: Autonomy
CVE-2007-6007 (Integer overflow in the ID_PSP.apl plug-in for ACD ACDSee Photo Manage ...)
	NOT-FOR-US: Pro Photo Manager
CVE-2007-6006 (TestLink before 1.7.1 does not enforce an unspecified authorization me ...)
	NOT-FOR-US: TestLink
CVE-2007-6005 (Unspecified vulnerability in the GpcContainer.GpcContainer.1 ActiveX c ...)
	NOT-FOR-US: WebEx
CVE-2007-6004 (Multiple SQL injection vulnerabilities in index.php in Toko Instan 7.6 ...)
	NOT-FOR-US: Toko Instan
CVE-2007-6003 (Cross-site scripting (XSS) vulnerability in cgi/b/ic/connect in the Th ...)
	NOT-FOR-US: SpeedTouch
CVE-2007-6002 (Cross-site scripting (XSS) vulnerability in Fenriru (1) Sleipnir 2.5.1 ...)
	NOT-FOR-US: Fenriru
CVE-2007-6001 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in Ba ...)
	- bandersnatch <removed> (low; bug #435709)
CVE-2007-6000 (KDE Konqueror 3.5.6 and earlier allows remote attackers to cause a den ...)
	- kdebase <unfixed> (unimportant; bug #451794)
	NOTE: not reproducible with 4:3.5.8.dfsg.1-1, poked maintainer
	NOTE: it seems konqueror only treats the cookie value until some special length
	NOTE: as cookie, after this length it will open the rest as site content. This eats alot
	NOTE: ram and cpu but depending on how much ram the system has, konqueror will die after
	NOTE: no memory is left, not treated as security problem.
CVE-2007-5999 (SQL injection vulnerability in product_desc.php in Softbiz Auctions Sc ...)
	NOT-FOR-US: Softbiz
CVE-2007-5998 (SQL injection vulnerability in ads.php in Softbiz Ad Management plus S ...)
	NOT-FOR-US: Softbiz
CVE-2007-5997 (SQL injection vulnerability in campaign_stats.php in Softbiz Banner Ex ...)
	NOT-FOR-US: Softbiz Banner Exchange Network Script
CVE-2007-5996 (SQL injection vulnerability in searchresult.php in Softbiz Link Direct ...)
	NOT-FOR-US: Softbiz Link Directory Script
CVE-2007-5995 (PHP remote file inclusion vulnerability in examples/patExampleGen/bbco ...)
	NOT-FOR-US: patBBcode
CVE-2007-5994 (PHP remote file inclusion vulnerability in check_noimage.php in Fritz  ...)
	NOT-FOR-US: php photo album
CVE-2007-5993 (Cross-site scripting (XSS) vulnerability in Visionary Technology in Li ...)
	NOT-FOR-US: vtls
CVE-2007-5992 (SQL injection vulnerability in index.php in datecomm Social Networking ...)
	NOT-FOR-US: Social Networking Script
CVE-2007-5991 (SQL injection vulnerability in index.php in ExoPHPdesk allows remote a ...)
	NOT-FOR-US: ExoPHPdesk
CVE-2007-5990 (Cross-site scripting (XSS) vulnerability in ExoPHPdesk allows remote a ...)
	NOT-FOR-US: ExoPHPdesk
CVE-2007-5989 (Unspecified vulnerability in the skype4com URI handler in Skype before ...)
	NOT-FOR-US: Skype
CVE-2007-5988 (blocks/shoutbox_block.php in BtiTracker 1.4.4 does not verify user acc ...)
	NOT-FOR-US: BtiTracker
CVE-2007-5987 (details.php in BtiTracker before 1.4.5, when torrent viewing is disabl ...)
	NOT-FOR-US: BtiTracker
CVE-2007-5986 (SQL injection vulnerability in include/functions.php in BtiTracker bef ...)
	NOT-FOR-US: BtiTracker
CVE-2007-5985 (Multiple cross-site scripting (XSS) vulnerabilities in BtiTracker befo ...)
	NOT-FOR-US: BtiTracker
CVE-2007-5984 (classes/Url.php in Justin Hagstrom AutoIndex PHP Script before 2.2.4 a ...)
	NOT-FOR-US: AutoIndex
CVE-2007-5983 (Cross-site scripting (XSS) vulnerability in index.php in Justin Hagstr ...)
	NOT-FOR-US: AutoIndex
CVE-2007-5982 (Multiple cross-site scripting (XSS) vulnerabilities in X7 Chat 2.0.4,  ...)
	NOT-FOR-US: X7 Chat
CVE-2007-5981 (Lantronix SCS3200 does not properly handle public-key requests, which  ...)
	NOT-FOR-US: Lantronix
CVE-2007-5980 (Cross-site scripting (XSS) vulnerability in home/rss.php in eggblog be ...)
	NOT-FOR-US: eggblog
CVE-2007-5979 (Cross-site scripting (XSS) vulnerability in download_plugin.php3 in F5 ...)
	NOT-FOR-US: F5 Firepass
CVE-2007-5978 (SQL injection vulnerability in brokenlink.php in the mylinks module fo ...)
	NOT-FOR-US: XOOPS
CVE-2007-5977 (Cross-site scripting (XSS) vulnerability in db_create.php in phpMyAdmi ...)
	- phpmyadmin 4:2.11.2.1-1 (unimportant; bug #451465)
	[etch] - phpmyadmin <not-affected> (Vulnerable code not present)
	[sarge] - phpmyadmin <not-affected> (Vulnerable code not present)
	NOTE: https://www.phpmyadmin.net/security/PMASA-2007-7/
	NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/83adea5d6f79640648d3d5384c910820f1d085c3
	NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/6225d4533abb0ffee0c985354326295a746cc79e
CVE-2007-5976 (SQL injection vulnerability in db_create.php in phpMyAdmin before 2.11 ...)
	- phpmyadmin 4:2.11.2.1-1 (unimportant; bug #451465)
CVE-2007-5975 (SQL injection vulnerability in index.php in TBSource, as used in (1) T ...)
	NOT-FOR-US: TBSource
CVE-2007-5974 (SQL injection vulnerability in mailer.php in JPortal 2 allows remote a ...)
	NOT-FOR-US: JPortal
CVE-2007-5973 (SQL injection vulnerability in articles.php in JPortal 2.3.1 and earli ...)
	NOT-FOR-US: JPortal
CVE-2007-5972 (Double free vulnerability in the krb5_def_store_mkey function in lib/k ...)
	- krb5 1.6.dfsg.4~beta1-1 (unimportant; bug #454974)
	NOTE: potential attackers must have privileges to store the krb5kdc master key
	NOTE: http://mailman.mit.edu/pipermail/kerberos/2007-December/012717.html
CVE-2007-5971 (Double free vulnerability in the gss_krb5int_make_seal_token_v3 functi ...)
	- krb5 1.6.dfsg.4~beta1-1 (unimportant; bug #454974)
	NOTE: Not exploitable in real-world circumstances:
	NOTE: http://mailman.mit.edu/pipermail/kerberos/2007-December/012717.html
CVE-2007-5970 (MySQL 5.1.x before 5.1.23 and 6.0.x before 6.0.4 allows remote authent ...)
	- mysql-dfsg-5.0 <not-affected> (Vulnerable code not present referring to maintainer)
	- mysql-dfsg-4.1 <removed>
	- mysql-dfsg <removed>
	NOTE: version in experimental is affected by this
	NOTE: the debian maintainers do not yet have access to this issue: http://lists.mysql.com/packagers/377
CVE-2007-5969 (MySQL Community Server 5.0.x before 5.0.51, Enterprise Server 5.0.x be ...)
	{DSA-1451-1}
	- mysql-dfsg-5.0 5.0.45-4 (low; bug #455010)
	- mysql-dfsg-4.1 <removed>
CVE-2007-5968
	REJECTED
CVE-2007-5967 (A flaw in Mozilla's embedded certificate code might allow web sites to ...)
	NOT-FOR-US: Historic Mozilla issue
CVE-2007-5966 (Integer overflow in the hrtimer_start function in kernel/hrtimer.c in  ...)
	{DSA-1436-1}
	- linux-2.6 2.6.23-2
CVE-2007-5965 (QSslSocket in Trolltech Qt 4.3.0 through 4.3.2 does not properly verif ...)
	- qt4-x11 4.3.3-1
	[etch] - qt4-x11 <not-affected> (Vulnerable code was introduced in 4.3)
	- qt-x11-free <not-affected> (Vulnerable code was introduced in 4.3)
CVE-2007-5964 (The default configuration of autofs 5 in some Linux distributions, suc ...)
	- autofs 3.1.4-8 (medium)
	- autofs5 5.0.3-1
CVE-2007-5963 (Unspecified vulnerability in kdebase allows local users to cause a den ...)
	- kdebase <unfixed> (unimportant)
	NOTE: This has only theoretical security impact
CVE-2007-5962 (Memory leak in a certain Red Hat patch, applied to vsftpd 2.0.5 on Red ...)
	- vsftpd <not-affected> (Vulnerability in Red Hat-specific patch)
CVE-2007-5961 (Cross-site scripting (XSS) vulnerability in the Red Hat Network channe ...)
	NOT-FOR-US: Red Hat Network channel search feature
CVE-2007-5960 (Mozilla Firefox before 2.0.0.10 and SeaMonkey before 1.1.7 sets the Re ...)
	{DSA-1506-1 DSA-1425-1 DSA-1424-1}
	- iceweasel 2.0.0.10-1
	- iceape 1.1.7-1
	- xulrunner 1.8.1.11-1
	NOTE: MFSA2007-39
CVE-2007-5959 (Multiple unspecified vulnerabilities in Mozilla Firefox before 2.0.0.1 ...)
	{DSA-1506-1 DSA-1425-1 DSA-1424-1}
	- iceweasel 2.0.0.10-1
	- iceape 1.1.7-1
	- xulrunner 1.8.1.11-1
	NOTE: MFSA2007-38
CVE-2007-5958 (X.Org Xserver before 1.4.1 allows local users to determine the existen ...)
	{DSA-1466-2 DTSA-110-1}
	- xorg-server 2:1.4.1~git20080105-2
CVE-2007-5957 (Unspecified vulnerability in IBM Informix Dynamic Server (IDS) 10.00.T ...)
	NOT-FOR-US: IBM Informix Dynamic Server
CVE-2007-5956 (Directory traversal vulnerability in IBM Informix Dynamic Server (IDS) ...)
	NOT-FOR-US: IBM Informix Dynamic Server
CVE-2007-5955 (Cross-site scripting (XSS) vulnerability in updir.php in UPDIR.NET bef ...)
	NOT-FOR-US: UPDIR.NET
CVE-2007-5954 (Cross-site scripting (XSS) vulnerability in buscador.php in JLMForo Sy ...)
	NOT-FOR-US: JLMForo System
CVE-2007-5953 (Unspecified vulnerability in Really Simple CalDAV Store (RSCDS) before ...)
	NOT-FOR-US: Really Simple CalDAV Store
CVE-2007-5952 (Cross-site scripting (XSS) vulnerability in admin/index.php in Helios  ...)
	NOT-FOR-US: Helios Calendar
CVE-2007-5951 (SQL injection vulnerability in articles.php in E-Vendejo 0.2 allows re ...)
	NOT-FOR-US: E-Vendejo
CVE-2007-5950 (Cross-site scripting (XSS) vulnerability in NetCommons before 1.0.11,  ...)
	NOT-FOR-US: NetCommons
CVE-2007-5949 (Cross-site scripting (XSS) vulnerability in IBM Tivoli Service Desk 6. ...)
	NOT-FOR-US: IBM Tivoli Service Desk
CVE-2007-5948 (Multiple cross-site scripting (XSS) vulnerabilities in main.php in SF- ...)
	NOT-FOR-US: SF-Shoutbox
CVE-2007-5947 (The jar protocol handler in Mozilla Firefox before 2.0.0.10 and SeaMon ...)
	{DSA-1506-1 DSA-1425-1 DSA-1424-1}
	- iceweasel 2.0.0.10-1 (low; bug #451624)
	- iceape 1.1.7-1
	- xulrunner 1.8.1.11-1
	NOTE: MFSA2007-37
CVE-2007-5946 (Unspecified vulnerability in the Aries PA-RISC emulator on HP-UX B.11. ...)
	NOT-FOR-US: HP-UX
CVE-2007-5945 (USVN before 0.6.5 allows remote attackers to obtain a list of reposito ...)
	NOT-FOR-US: usvn
CVE-2007-5944 (Cross-site scripting (XSS) vulnerability in Servlet Engine / Web Conta ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2007-5943 (Simple Machines Forum (SMF) 1.1.4 allows remote attackers to read a me ...)
	NOT-FOR-US: Simple Machines Forum
CVE-2007-5942 (Bandersnatch 0.4 allows remote attackers to obtain sensitive informati ...)
	- bandersnatch <removed> (unimportant; bug #451365)
	NOTE: Installation path disclosure not treated as a security issue
CVE-2007-5941 (Stack-based buffer overflow in the SWCtl.SWCtl ActiveX control in Adob ...)
	NOT-FOR-US: Adobe Shockwave
CVE-2007-5940 (feynmf.pl in feynmf 1.08, as used in TeXLive 2007, allows local users  ...)
	- texlive-bin 2005.dfsg.2-1
	- feynmf 1.08-1
CVE-2007-5939 (The gss_userok function in appl/ftp/ftpd/gss_userok.c in Heimdal 0.7.2 ...)
	- heimdal <not-affected> (vulnerable code not present, ticketfile is just unlinked which is ok)
CVE-2007-5938 (The iwl_set_rate function in compatible/iwl3945-base.c in iwlwifi 1.1. ...)
	- linux-2.6 2.6.23-2
	[etch] - linux-2.6 <not-affected> (Vulnerable code not present)
	NOTE: we ship the iwl code in /debian/patches/features/all/v7-iwlwifi-add-iwlwifi-wireless-drivers.patch
CVE-2007-5937 (Multiple buffer overflows in dvi2xx.c in dviljk in teTeX and TeXlive 2 ...)
	- texlive-bin 2007-13
	[etch] - texlive-bin <no-dsa> (Minor issue)
CVE-2007-5936 (dvips in teTeX and TeXlive 2007 and earlier allows local users to obta ...)
	- texlive-bin 2007-13
	[etch] - texlive-bin <no-dsa> (Minor issue)
CVE-2007-5935 (Stack-based buffer overflow in hpc.c in dvips in teTeX and TeXlive 200 ...)
	{DTSA-97-1}
	- texlive-bin 2007.dfsg.1-1
	[etch] - texlive-bin <no-dsa> (Minor issue)
CVE-2007-5934 (The LOB functionality in PEAR MDB2 before 2.5.0a1 interprets a request ...)
	- php-mdb2 2.5.0b2-1
CVE-2007-5933 (Pioneers (formerly gnocatan) before 0.11.3 allows remote attackers to  ...)
	{DTSA-89-1}
	- pioneers 0.11.3-2 (low; bug #449541)
	[etch] - pioneers <no-dsa> (Minor issue)
CVE-2007-5932 (Multiple cross-site scripting (XSS) vulnerabilities in Fatwire Content ...)
	NOT-FOR-US: Fatwire Content Server
CVE-2007-5931 (The reDirect function in lib/controllers/RepViewController.php in Oran ...)
	NOT-FOR-US: OrangeHRM
CVE-2007-5930 (Cross-site scripting (XSS) vulnerability in the web interface in Cerbe ...)
	NOT-FOR-US: Cerberus Ftp Server
CVE-2007-5929 (Buffer overflow in OpenBase 10.0.5 and earlier might allow remote auth ...)
	NOT-FOR-US: OpenBase
CVE-2007-5928 (OpenBase 10.0.5 and earlier allows remote authenticated users to trigg ...)
	NOT-FOR-US: OpenBase
CVE-2007-5927 (Directory traversal vulnerability in OpenBase 10.0.5 and earlier allow ...)
	NOT-FOR-US: OpenBase
CVE-2007-5926 (OpenBase 10.0.5 and earlier allows remote authenticated users to execu ...)
	NOT-FOR-US: OpenBase
CVE-2007-5925 (The convert_search_mode_to_innobase function in ha_innodb.cc in the In ...)
	{DSA-1413-1 DTSA-91-1}
	- mysql-dfsg-5.0 5.0.45-3 (medium; bug #451235)
	- mysql-dfsg-4.1 <removed>
	- mysql-dfsg <removed>
CVE-2007-5924 (Cross-site scripting (XSS) vulnerability in the Web Server (HTTP) task ...)
	NOT-FOR-US: IBM Lotus Domino
CVE-2007-5923 (Cross-site scripting (XSS) vulnerability in forms/smpwservices.fcc in  ...)
	NOT-FOR-US: eTrust SiteMinder Agent
CVE-2007-5922 (The modules/mdop.m in the Cypress 1.0k script for BitchX, as downloade ...)
	- ircii-pana <not-affected> (Does not ship this script)
CVE-2007-5921 (Unspecified vulnerability in the ioctl interface in the Solaris Volume ...)
	NOT-FOR-US: Solaris
CVE-2007-5920 (index.php in Domenico Mancini PicoFlat CMS before 0.4.18 allows remote ...)
	NOT-FOR-US: Domenico Mancini PicoFlat CMS
CVE-2007-5919 (MyWebFTP, possibly 5.3.2, stores sensitive information under the web r ...)
	NOT-FOR-US: MyWebFTP
CVE-2007-5918 (Cross-site request forgery (CSRF) vulnerability in edit.php in the MS  ...)
	NOT-FOR-US: MS TopSites
CVE-2007-5917 (Cross-site request forgery (CSRF) vulnerability in admin/admin_account ...)
	NOT-FOR-US: Skalinks
CVE-2007-5916 (SQL injection vulnerability in the login page in phphelpdesk 0.6.16 al ...)
	NOT-FOR-US: phphelpdesk
CVE-2007-5915 (Directory traversal vulnerability in index.php in phphelpdesk 0.6.16 a ...)
	NOT-FOR-US: phphelpdesk
CVE-2007-5914 (Direct static code injection vulnerability in dirsys/modules/config/po ...)
	NOT-FOR-US: JBC Explorer
CVE-2007-5913 (dirsys/modules/auth.php in JBC Explorer 7.20 RC1 and earlier does not  ...)
	NOT-FOR-US: JBC Explorer
CVE-2007-5912 (SQL injection vulnerability in mailer.php in jPORTAL 2 allows remote a ...)
	NOT-FOR-US: jPORTAL
CVE-2007-5911 (Multiple stack-based buffer overflows in the AxMetaStream ActiveX cont ...)
	NOT-FOR-US: Viewpoint Media Player
CVE-2007-5910 (Stack-based buffer overflow in Autonomy (formerly Verity) KeyView View ...)
	NOT-FOR-US: IBM Lotus Notes, Symantec Mail Security, and others
CVE-2007-5909 (Multiple stack-based buffer overflows in Autonomy (formerly Verity) Ke ...)
	NOT-FOR-US: IBM Lotus Notes, Symantec Mail Security, and others
CVE-2007-5908
	REJECTED
CVE-2007-5907 (Xen 3.1.1 does not prevent modification of the CR4 TSC from applicatio ...)
	- xen-3 3.1.2-1 (unimportant; bug #451626)
	- xen-3.0 <removed> (unimportant)
	NOTE: CONFIG_SECCOMP isn't activated in Debian kernels
CVE-2007-5906 (Xen 3.1.1 allows virtual guest system users to cause a denial of servi ...)
	- xen-3 3.1.2-1 (medium; bug #451626)
	- xen-3.0 <removed>
CVE-2007-5905 (Adobe ColdFusion 8 and MX 7 allows remote attackers to hijack sessions ...)
	NOT-FOR-US: Adobe ColdFusion
CVE-2007-5904 (Multiple buffer overflows in CIFS VFS in Linux kernel 2.6.23 and earli ...)
	{DSA-1428-1}
	- linux-2.6 2.6.24-1
	- linux-2.6.24 <not-affected> (Fixed before initial upload, upstream in 2.6.24)
	NOTE: Upstream commit 133672efbc1085f9af990bdc145e1822ea93bcf3
CVE-2007-5903
	RESERVED
CVE-2007-5902 (Integer overflow in the svcauth_gss_get_principal function in lib/rpc/ ...)
	- krb5 1.6.dfsg.4~beta1-1 (unimportant; bug #454974)
	NOTE: Not exploitable in real-world circumstances:
	NOTE: http://mailman.mit.edu/pipermail/kerberos/2007-December/012717.html
CVE-2007-5901 (Use-after-free vulnerability in the gss_indicate_mechs function in lib ...)
	- krb5 1.6.dfsg.4~beta1-1 (unimportant; bug #454974)
	NOTE: Not exploitable in real-world circumstances:
	NOTE: http://mailman.mit.edu/pipermail/kerberos/2007-December/012717.html
CVE-2007-5900 (PHP before 5.2.5 allows local users to bypass protection mechanisms co ...)
	NOTE: Apparently a dupe of CVE-2007-4659 due to temporary revoke of the patch
	NOTE: from CVS and later re-introduction
	NOTE: https://bugs.php.net/bug.php?id=41561
CVE-2007-5899 (The output_add_rewrite_var function in PHP before 5.2.5 rewrites local ...)
	{DSA-1444-1}
	- php5 5.2.5-1 (bug #453295)
	NOTE: http://cvs.php.net/viewvc.cgi/php-src/ext/standard/url_scanner_ex.re?r1=1.76.2.2.2.1&r2=1.76.2.2.2.2&view=patch
	NOTE: fixed in php5/etch svn
CVE-2007-5898 (The (1) htmlentities and (2) htmlspecialchars functions in PHP before  ...)
	{DSA-1444-1}
	- php5 5.2.5-1 (bug #453295)
	NOTE: http://cvs.php.net/viewvc.cgi/php-src/ext/standard/html.c?r1=1.111.2.2.2.14&r2=1.111.2.2.2.15&view=patch
	NOTE: fixed in php5/etch svn
CVE-2007-5897 (Buffer overflow in MDSYS.SDO_CS in Oracle Database Server 8iR3, 9iR1,  ...)
	NOT-FOR-US: Oracle
CVE-2007-5896 (Mozilla Firefox 2.0.0.9 allows remote attackers to cause a denial of s ...)
	- iceweasel <removed> (unimportant)
	NOTE: Browser crashes not treated as security problems
CVE-2007-5895
	RESERVED
CVE-2007-5894
	- krb5 1.6.dfsg.4~beta1-1 (unimportant; bug #454974)
	NOTE: Not exploitable in real-world circumstances:
	NOTE: http://mailman.mit.edu/pipermail/kerberos/2007-December/012717.html
CVE-2007-5893 (HTTPSocket.cpp in the C++ Sockets Library before 2.2.5 allows remote a ...)
	NOT-FOR-US: Sockets Library
CVE-2007-5892 (Stack-based buffer overflow in the pdg2.dll ActiveX control in SSReade ...)
	NOT-FOR-US: SSReader
CVE-2007-5891 (Multiple cross-site scripting (XSS) vulnerabilities in jsp/Login.do in ...)
	NOT-FOR-US: ManageEngine OpManager and OpManager
CVE-2007-5890 (Directory traversal vulnerability in index.php in easyGB 2.1.1 allows  ...)
	NOT-FOR-US: easyGB
CVE-2007-5889 (Multiple PHP remote file inclusion vulnerabilities in IDMOS 1.0 Alpha  ...)
	NOT-FOR-US: IDMOS
CVE-2007-5888 (Cross-site scripting (XSS) vulnerability in displayecard.php in Copper ...)
	NOT-FOR-US: Coppermine Photo Gallery
CVE-2007-5887 (SQL injection vulnerability in boards/printer.asp in ASP Message Board ...)
	NOT-FOR-US: ASP Message Board
CVE-2007-5886
	RESERVED
CVE-2007-5885
	RESERVED
CVE-2007-5884
	RESERVED
CVE-2007-5883
	RESERVED
CVE-2007-5882
	RESERVED
CVE-2007-5881
	RESERVED
CVE-2007-5880
	RESERVED
CVE-2007-5879
	RESERVED
CVE-2007-5878
	RESERVED
CVE-2007-5877
	RESERVED
CVE-2007-5876
	RESERVED
CVE-2007-5875
	RESERVED
CVE-2007-5874
	RESERVED
CVE-2007-5873
	RESERVED
CVE-2007-5872
	RESERVED
CVE-2007-5871
	RESERVED
CVE-2007-5870
	RESERVED
CVE-2007-5869
	RESERVED
CVE-2007-5868
	RESERVED
CVE-2007-5867
	RESERVED
CVE-2007-5866
	RESERVED
CVE-2007-5865
	RESERVED
CVE-2007-5864
	RESERVED
CVE-2007-5863 (Software Update in Apple Mac OS X 10.5.1 allows remote attackers to ex ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2007-5862 (Java in Mac OS X 10.4 through 10.4.11 allows remote attackers to bypas ...)
	NOT-FOR-US: Cisco IP Phone 7940
CVE-2007-5861 (Unspecified vulnerability in Spotlight in Apple Mac OS X 10.4.11 allow ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2007-5860 (Unspecified vulnerability in Spin Tracer in Apple Mac OS X 10.5.1 allo ...)
	NOT-FOR-US: Spin Tracer (Apple Mac OS X)
CVE-2007-5859 (Unspecified vulnerability in Safari RSS in Apple Mac OS X 10.4.11 allo ...)
	NOT-FOR-US: Safari RSS (Apple Mac OS X)
CVE-2007-5858 (WebKit in Safari in Apple Mac OS X 10.4.11 and 10.5.1, iPhone 1.0 thro ...)
	NOT-FOR-US: Safari (Apple Mac OS X)
CVE-2007-5857 (Quick Look in Apple Mac OS X 10.5.1 does not prevent a movie from acce ...)
	NOT-FOR-US: Quick Look (Apple Mac OS X)
CVE-2007-5856 (Quick Look Apple Mac OS X 10.5.1, when previewing an HTML file, does n ...)
	NOT-FOR-US: Quick Look (Apple Mac OS X)
CVE-2007-5855 (Mail in Apple Mac OS X 10.4.11 and 10.5.1, when an SMTP account has be ...)
	NOT-FOR-US: Mail (Apple Mac OS X)
CVE-2007-5854 (Launch Services in Apple Mac OS X 10.4.11 and 10.5.1 does not treat HT ...)
	NOT-FOR-US: Launch Services (Apple Mac OS X)
CVE-2007-5853 (Unspecified vulnerability in IO Storage Family in Apple Mac OS X 10.4. ...)
	NOT-FOR-US: IO Storage Family (Apple Mac OS X)
CVE-2007-5852
	RESERVED
CVE-2007-5851 (iChat in Apple Mac OS X 10.4.11 allows network-adjacent remote attacke ...)
	NOT-FOR-US: iChat (Apple Mac OS X)
CVE-2007-5850 (Heap-based buffer overflow in Desktop Services in Apple Mac OS X 10.4. ...)
	NOT-FOR-US: Desktop Services (Apple Mac OS X)
CVE-2007-5849 (Integer underflow in the asn1_get_string function in the SNMP back end ...)
	{DSA-1437-1}
	- cupsys 1.3.5-1 (medium; bug #457453)
	- cups 1.3.5-1 (medium; bug #457453)
	[sarge] - cupsys <not-affected> (Vulnerable code not present)
CVE-2007-5848 (Buffer overflow in CUPS in Apple Mac OS X 10.4.11 allows local admin u ...)
	- cupsys 1.2.0
	- cups 1.2.0
	NOTE: This only affects the Cups 1.1 series
	[sarge] - cupsys <no-dsa> (Minor issue, may only lead to an infinite loop)
CVE-2007-5847 (Race condition in the CFURLWriteDataAndPropertiesToResource API in Cor ...)
	NOT-FOR-US: Core Foundation (Apple Mac OS X)
CVE-2007-5846 (The SNMP agent (snmp_agent.c) in net-snmp before 5.4.1 allows remote a ...)
	{DSA-1483-1 DTSA-88-1}
	- net-snmp 5.4.1~dfsg-1
	NOTE: 5.4.1 already includes a fix by the upstream author
CVE-2007-5845 (Directory traversal vulnerability in error.php in GuppY 4.6.3, 4.5.16, ...)
	NOT-FOR-US: GuppY
CVE-2007-5844 (Directory traversal vulnerability in inc/includes.inc in GuppY 4.6.3 a ...)
	NOT-FOR-US: GuppY
CVE-2007-5843 (PHP remote file inclusion vulnerability in includes/common.php in scWi ...)
	NOT-FOR-US: scWiki
CVE-2007-5842 (Multiple PHP remote file inclusion vulnerabilities in Vortex Portal 1. ...)
	NOT-FOR-US: Vortex Portal
CVE-2007-5841 (PHP remote file inclusion vulnerability in admin/index.php in nuBoard  ...)
	NOT-FOR-US: nuBoard
CVE-2007-5840 (PHP remote file inclusion vulnerability in starnet/themes/c-sky/main.i ...)
	NOT-FOR-US: SyndeoCMS
CVE-2007-5838 (Aclient in Symantec Altiris Deployment Solution 6.x before 6.8.380.0 a ...)
	NOT-FOR-US: Symantec
CVE-2007-5837 (GUI.pm in yarssr 0.2.2, when Gnome default URL handling is disabled, a ...)
	{DSA-1477-1}
	- yarssr 0.2.2-3 (bug #448721)
CVE-2007-5836 (SQL injection vulnerability in Amazing Flash AFCommerce allows remote  ...)
	NOT-FOR-US: Amazing Flash AFCommerce
CVE-2007-5835 (Install.php in BosDev BosNews 4 and 5 does not require authentication  ...)
	NOT-FOR-US: BosDev BosNews
CVE-2007-5834 (Cross-site scripting (XSS) vulnerability in BosDev BosNews 4 allows re ...)
	NOT-FOR-US: BosDev BosNews
CVE-2007-5833 (Multiple cross-site scripting (XSS) vulnerabilities in BosDev BosMarke ...)
	NOT-FOR-US: BosDev BosMarket Business Directory System
CVE-2007-5832 (Unspecified vulnerability in selectLanguage.do in SSL-Explorer before  ...)
	NOT-FOR-US: SSL-Explorer
CVE-2007-5831 (Directory traversal vulnerability in fileSystem.do in SSL-Explorer bef ...)
	NOT-FOR-US: SSL-Explorer
CVE-2007-5830 (Unspecified vulnerability in the administrative interface in Avaya Mes ...)
	NOT-FOR-US: Avaya Messaging Storage Server
CVE-2007-5829 (The Disk Mount scanner in Symantec AntiVirus for Macintosh 9.x and 10. ...)
	NOT-FOR-US: Symantec AntiVirus
CVE-2007-5828
	- python-django 1.2.1 (unimportant)
	NOTE: this is documented in docs/csrf.txt included in the python-django package and
	NOTE: there is a plugin enabling this feature. This is intended behaviour pre-1.2.
	NOTE: https://docs.djangoproject.com/en/1.10/ref/csrf/#using-csrf
CVE-2007-5827 (iSCSI Enterprise Target (iscsitarget) 0.4.15 uses weak permissions for ...)
	{DTSA-106-1}
	- iscsitarget 0.4.15-5 (bug #448873)
	NOTE: init script has "dump" function, which marks conffile correctly
CVE-2007-5826 (Absolute path traversal vulnerability in the EDraw Flowchart ActiveX c ...)
	NOT-FOR-US: EDraw Flowchart
CVE-2007-5825 (Format string vulnerability in the ws_addarg function in webserver.c i ...)
	{DSA-1597-1}
	- mt-daapd 0.9~r1696-1 (bug #459961)
CVE-2007-5824 (webserver.c in mt-dappd in Firefly Media Server 0.2.4 and earlier allo ...)
	{DSA-1597-1}
	- mt-daapd 0.9~r1696-1.1 (bug #459961)
CVE-2007-5823 (Directory traversal vulnerability in forum.php in Ben Ng Scribe 0.2 an ...)
	NOT-FOR-US: Ben Ng Scribe
CVE-2007-5822 (Direct static code injection vulnerability in forum.php in Ben Ng Scri ...)
	NOT-FOR-US: Ben Ng Scribe
CVE-2007-5821 (Multiple directory traversal vulnerabilities in DM Guestbook 0.4.1 and ...)
	NOT-FOR-US: DM Guestbook
CVE-2007-5820 (Directory traversal vulnerability in index.php in Ax Developer CMS (Ax ...)
	NOT-FOR-US: Ax Developer CMS
CVE-2007-5819 (IBM Tivoli Continuous Data Protection for Files (CDP) 3.1.0 uses weak  ...)
	NOT-FOR-US: IBM Tivoli
CVE-2007-5818 (Cross-site request forgery (CSRF) vulnerability in blocks_edit_do.php  ...)
	NOT-FOR-US: sBlog
CVE-2007-5817 (dialog.php in CONTENTCustomizer 3.1mp and earlier allows remote attack ...)
	NOT-FOR-US: CONTENTCustomizer
CVE-2007-5816 (dialog.php in CONTENTCustomizer 3.1mp and earlier allows remote attack ...)
	NOT-FOR-US: CONTENTCustomizer
CVE-2007-5815 (Absolute path traversal vulnerability in the WebCacheCleaner ActiveX c ...)
	NOT-FOR-US: WebCacheCleaner
CVE-2007-5814 (Multiple buffer overflows in the SonicWall SSL-VPN NetExtender NELaunc ...)
	NOT-FOR-US: SonicWall SSL-VPN NetExtender
CVE-2007-5813 (Multiple directory traversal vulnerabilities in download.php in ISPwor ...)
	NOT-FOR-US: ISPworker
CVE-2007-5812 (Directory traversal vulnerability in modules/Builder/DownloadModule.ph ...)
	NOT-FOR-US: ModuleBuilder
CVE-2007-5811
	NOT-FOR-US: phpMyConferences
CVE-2007-5810 (Hitachi Web Server 01-00 through 03-00-01, as used by certain Cosminex ...)
	NOT-FOR-US: Hitachi Web Server
CVE-2007-5809 (Cross-site scripting (XSS) vulnerability in Hitachi Web Server 01-00 t ...)
	NOT-FOR-US: Hitachi Web Server
CVE-2007-5808 (Unspecified vulnerability in the Groupmax Collaboration - Schedule com ...)
	NOT-FOR-US: Hitachi Groupmax Collaboration Portal
CVE-2007-5807 (Buffer overflow in the register function in Ultra Star Reader ActiveX  ...)
	NOT-FOR-US: SSReader
CVE-2007-5806 (Cross-site scripting (XSS) vulnerability in Services/Utilities/classes ...)
	NOT-FOR-US: ILIAS
CVE-2007-5805 (cfgcon in IBM AIX 5.2 and 5.3 does not properly validate the argument  ...)
	NOT-FOR-US: IBM AIX
CVE-2007-5804 (cfgcon in IBM AIX 5.2 and 5.3 does not properly validate the argument  ...)
	NOT-FOR-US: IBM AIX
CVE-2007-5803 (Multiple cross-site scripting (XSS) vulnerabilities in CGI programs in ...)
	{DSA-1883-2 DSA-1883-1}
	- nagios2 <removed> (low; bug #482445)
	- nagios3 3.0.2-1 (low; bug #485439)
CVE-2007-5802 (Directory traversal vulnerability in index.php in Firewolf Technologie ...)
	NOT-FOR-US: Firewolf Technologies Synergiser
CVE-2007-5801 (Unspecified vulnerability in WORK system e-commerce before 4.0.2 has u ...)
	NOT-FOR-US: WORK system e-commerce
CVE-2007-5800 (Multiple PHP remote file inclusion vulnerabilities in the BackUpWordPr ...)
	NOT-FOR-US: BackUpWordPress
CVE-2007-5799 (Multiple cross-site request forgery (CSRF) vulnerabilities in uddigui/ ...)
	NOT-FOR-US: IBM WebSphere
CVE-2007-5798 (Multiple cross-site scripting (XSS) vulnerabilities in uddigui/navigat ...)
	NOT-FOR-US: IBM WebSphere
CVE-2007-5797 (SQLLoginModule in Apache Geronimo 2.0 through 2.1 does not throw an ex ...)
	- geronimo <itp> (bug #481869)
CVE-2007-5796 (Cross-site scripting (XSS) vulnerability in the management console in  ...)
	NOT-FOR-US: Blue Coat ProxySG
CVE-2007-5794 (Race condition in nss_ldap, when used in applications that are linked  ...)
	{DSA-1430-1}
	- libnss-ldap 256-1 (bug #453868)
CVE-2007-5839 (The e_hostname function in commands.c in BitchX 1.1a allows local user ...)
	- ircii-pana <removed> (low; bug #449149)
	[etch] - ircii-pana <no-dsa> (Minor issue)
	[sarge] - ircii-pana <no-dsa> (Minor issue)
CVE-2007-5795 (The hack-local-variables function in Emacs before 22.2, when enable-lo ...)
	{DTSA-79-1}
	- emacs22 22.1+1-2.1 (medium; bug #449008)
	NOTE: Emacs 21 is not affected
CVE-2007-5793 (Stonesoft StoneGate IPS before 4.0 does not properly decode Fullwidth/ ...)
	NOT-FOR-US: Stonesoft StoneGate IPS
CVE-2007-5792 (The Vonage Motorola Phone Adapter VT 2142-VD does not encrypt RTP pack ...)
	NOT-FOR-US: Vonage Motorola Phone Adapter
CVE-2007-5791 (The Vonage Motorola Phone Adapter VT 2142-VD does not properly verify  ...)
	NOT-FOR-US: Vonage Motorola Phone Adapter
CVE-2007-5790 (The Globe7 soft phone client 7.3 uses weak cryptography (reversed sequ ...)
	NOT-FOR-US: Globe7 soft phone client
CVE-2007-5789 (The Grandstream HT-488 0.1 allows remote attackers to cause a denial o ...)
	NOT-FOR-US: Grandstream HT-488
CVE-2007-5788 (Buffer overflow in the SIP parser on the Grandstream HT-488 0.1 allows ...)
	NOT-FOR-US: Grandstream HT-488
CVE-2007-5787 (Micro Login System 1.0 stores sensitive information under the web root ...)
	NOT-FOR-US: Micro Login System
CVE-2007-5786 (Multiple PHP remote file inclusion vulnerabilities in GoSamba 1.0.1 al ...)
	NOT-FOR-US: GoSamba
CVE-2007-5785 (SQL injection vulnerability in file.php in JobSite Professional 2.0 al ...)
	NOT-FOR-US: JobSite
CVE-2007-5784 (PHP remote file inclusion vulnerability in index.php in CaupoShop Pro  ...)
	NOT-FOR-US: CaupoShop Pro
CVE-2007-5783 (SQL injection vulnerability in emc.asp in emagiC CMS.Net 4.0 allows re ...)
	NOT-FOR-US: emagiC cms
CVE-2007-5782 (Directory traversal vulnerability in dl.php in FireConfig 0.5 allows r ...)
	NOT-FOR-US: FireConfig
CVE-2007-5781 (PHP remote file inclusion vulnerability in inc/sige_init.php in Sige 0 ...)
	NOT-FOR-US: Sige
CVE-2007-5780 (PHP remote file inclusion vulnerability in pub/pub08_comments.php in t ...)
	NOT-FOR-US: teatro
CVE-2007-5779 (Buffer overflow in the GomManager (GomWeb Control) ActiveX control in  ...)
	NOT-FOR-US: Gretech Online Movie Player
CVE-2007-5778 (Mobile Spy (1) stores login credentials in cleartext under the Retinax ...)
	NOT-FOR-US: Mobile Spy
CVE-2007-5777 (Blue-Collar Productions i-Gallery 3.4 stores sensitive information und ...)
	NOT-FOR-US: Blue-Collar Productions i-Gallery
CVE-2007-5776 (Directory traversal vulnerability in igallery.asp in Blue-Collar Produ ...)
	NOT-FOR-US: Blue-Collar Productions i-Gallery
CVE-2007-5775 (Unspecified vulnerability in BitDefender allows attackers to execute a ...)
	NOT-FOR-US: BitDefender
CVE-2007-5774 (index.php in the File Manager module in Flatnuke 3 allows remote attac ...)
	NOT-FOR-US: Flatnuke
CVE-2007-5773 (Cross-site request forgery (CSRF) vulnerability in index.php in the Fi ...)
	NOT-FOR-US: Flatnuke
CVE-2007-5772 (Direct static code injection vulnerability in the download module in F ...)
	NOT-FOR-US: Flatnuke
CVE-2007-5771 (Flatnuke 3 (aka FlatnuX) allows remote attackers to obtain administrat ...)
	NOT-FOR-US: Flatnuke
CVE-2007-5770 (The (1) Net::ftptls, (2) Net::telnets, (3) Net::imap, (4) Net::pop, an ...)
	{DSA-1412-1 DSA-1411-1 DSA-1410-1}
	- ruby1.9 1.9.0+20071016-1
	- ruby1.8 1.8.6.111-1 (low; bug #451374)
CVE-2007-5769 (Double free vulnerability in the getreply function in ftp.c in netkit  ...)
	- netkit-ftp <not-affected> (Vulnerable code not present)
CVE-2007-5768 (The Globe7 soft phone client 7.3 sends username and password informati ...)
	NOT-FOR-US: Globe7 soft phone client
CVE-2007-5767 (Heap-based buffer overflow in the Client Trust application (clntrust.e ...)
	NOT-FOR-US: Geronimo Apache
CVE-2007-5766 (SQL injection vulnerability in okxLOV.jsp in Oracle E-Business Suite 1 ...)
	NOT-FOR-US: Oracle
CVE-2007-5765
	RESERVED
CVE-2007-5764 (Buffer overflow in the pioout program in printers.rte in IBM AIX 5.2,  ...)
	NOT-FOR-US: IBM AIX
CVE-2007-5763
	REJECTED
CVE-2007-5762 (NICM.SYS driver 3.0.0.4, as used in Novell NetWare Client 4.91 SP4, al ...)
	NOT-FOR-US: Novell NetWare Client
CVE-2007-5761 (The NantSys device 5.0.0.115 in Motorola netOctopus 5.1.2 build 1011 h ...)
	NOT-FOR-US: Motorola netOctopus
CVE-2007-5760 (Array index error in the XFree86-Misc extension in X.Org Xserver befor ...)
	{DSA-1466-2 DTSA-110-1}
	- xorg-server 2:1.4.1~git20080105-2
CVE-2007-5759
	REJECTED
CVE-2007-5758 (Stack-based buffer overflow in db2dasrrm in the DB2 Administration Ser ...)
	NOT-FOR-US: IBM DB2
CVE-2007-5757 (Untrusted search path vulnerability in db2pd in IBM DB2 Universal Data ...)
	NOT-FOR-US: IBM DB2
CVE-2007-5756 (Multiple array index errors in the bpf_filter_init function in NPF.SYS ...)
	NOT-FOR-US: WinPcap
CVE-2007-5755 (Multiple stack-based buffer overflows in the AOL AmpX ActiveX control  ...)
	NOT-FOR-US: AOL Radio
CVE-2007-5754 (PHP remote file inclusion vulnerability in urlinn_includes/config.php  ...)
	NOT-FOR-US: phpFaber
CVE-2007-5753 (Unspecified vulnerability in Light FMan PHP (lfman or lightfman) befor ...)
	NOT-FOR-US: Light FMan PHP
CVE-2007-5752 (adduser.php in PHP-AGTC Membership (AGTC-Membership) System 1.1a does  ...)
	NOT-FOR-US: PHP-AGTC Membership
CVE-2007-5750
	RESERVED
CVE-2007-5749
	RESERVED
CVE-2007-5748
	RESERVED
CVE-2007-5747 (Integer underflow in OpenOffice.org before 2.4 allows remote attackers ...)
	{DSA-1547-1}
	- openoffice.org 2.4.0~ooh680m5-1
CVE-2007-5746 (Integer overflow in OpenOffice.org before 2.4 allows remote attackers  ...)
	{DSA-1547-1}
	- openoffice.org 2.4.0~ooh680m5-1
CVE-2007-5745 (Multiple heap-based buffer overflows in OpenOffice.org before 2.4 allo ...)
	{DSA-1547-1}
	- openoffice.org 2.4.0~ooh680m5-1
CVE-2007-5744
	RESERVED
CVE-2007-5743 (viewvc 1.0.3 allows improper access control to files in a repository w ...)
	- viewvc 1.0.3-2.1 (bug #416696)
CVE-2007-5742 (Directory traversal vulnerability in the WML engine preprocessor for W ...)
	{DSA-1421-1 DTSA-90-1}
	- wesnoth 1:1.2.8-1 (medium; bug #453500)
CVE-2007-5741 (Plone 2.5 through 2.5.4 and 3.0 through 3.0.2 allows remote attackers  ...)
	{DSA-1405-2 DSA-1405-1}
	- zope-cmfplone 2.5.2-2 (bug #449523)
	[sarge] - zope-cmfplone <not-affected> (Upstream confirms that 2.0 branch is not vulnerable)
	NOTE: Fix available:
	NOTE: http://plone.org/about/security/advisories/cve-2007-5741
CVE-2007-5740 (The format string protection mechanism in IMAPD for Perdition Mail Ret ...)
	{DSA-1398-1 DTSA-84-1}
	- perdition 1.17.1-1 (medium; bug #448853)
CVE-2007-5751 (Liferea before 1.4.6 uses weak permissions (0644) for the feedlist.opm ...)
	{DTSA-107-1}
	- liferea 1.4.6-1 (low; bug #448850)
	[etch] - liferea <not-affected> (backup feedlist introduced in 1.2.7)
	[sarge] - liferea <not-affected> (backup feedlist introduced in 1.2.7)
	NOTE: this file can contain credentials for rss feeds
CVE-2007-5739 (Directory traversal vulnerability in component/flashupload/download.js ...)
	NOT-FOR-US: Korean GHBoard
CVE-2007-5738 (The FlashUpload component in Korean GHBoard uses a client-side protect ...)
	NOT-FOR-US: Korean GHBoard
CVE-2007-5737 (Unrestricted file upload vulnerability in component/upload.jsp in Kore ...)
	NOT-FOR-US: Korean GHBoard
CVE-2007-5736 (Unrestricted file upload vulnerability in upload.php in SeeBlick 1.0 B ...)
	NOT-FOR-US: SeeBlick
CVE-2007-5735 (eFileMan 7.1.0.87-88 stores sensitive information under the web root w ...)
	NOT-FOR-US: eFileMan
CVE-2007-5734 (Unrestricted file upload vulnerability in eFileMan 7.1.0.87-88 allows  ...)
	NOT-FOR-US: eFileMan
CVE-2007-5733 (Unrestricted file upload vulnerability in upload/upload.php in Japanes ...)
	NOT-FOR-US: Japanese PHP Gallery Hosting
CVE-2007-5732 (Directory traversal vulnerability in downloadfile.php in eLouai's Forc ...)
	NOT-FOR-US: eLouai's Force Download
CVE-2007-5731 (Absolute path traversal vulnerability in Apache Jakarta Slide 2.1 and  ...)
	- slide-webdavclient <not-affected> (Vulnerable code is only in the server part, but debian only has the client part)
CVE-2007-5730 (Heap-based buffer overflow in QEMU 0.8.2, as used in Xen and possibly  ...)
	{DSA-1284-1}
	- qemu 0.9.0-2 (bug #424070)
	- kvm 72+dfsg-1
	- linux-2.6 <not-affected> (vulnerability does not affected kernel module)
	- linux-2.6.24 <not-affected> (vulnerability does not affected kernel module)
CVE-2007-5729 (The NE2000 emulator in QEMU 0.8.2 allows local users to execute arbitr ...)
	{DSA-1284-1}
	- qemu 0.9.0-2 (bug #424070)
	- kvm 72+dfsg-1
	- linux-2.6 <not-affected> (vulnerability does not affected kernel module)
	- linux-2.6.24 <not-affected> (vulnerability does not affected kernel module)
CVE-2007-5728 (Cross-site scripting (XSS) vulnerability in phpPgAdmin 3.5 to 4.1.1, a ...)
	{DSA-1693-1}
	- phppgadmin 4.1.3-0.1 (bug #449103; low)
CVE-2007-5727 (Incomplete blacklist vulnerability in the stripScripts function in com ...)
	NOT-FOR-US: OneOrZero Helpdesk
CVE-2007-5726 (Unspecified vulnerability in the Stream Control Transmission Protocol  ...)
	NOT-FOR-US: Sun Solaris
CVE-2007-5725 (Multiple cross-site scripting (XSS) vulnerabilities in Smart-Shop allo ...)
	NOT-FOR-US: Smart-Shop
CVE-2007-5724 (Multiple cross-site scripting (XSS) vulnerabilities in Omnistar Live a ...)
	NOT-FOR-US: Omnistar Live
CVE-2007-5723 (Heap-based buffer overflow in the samp_send function in nuauth/sasl.c  ...)
	{DTSA-82-1}
	- nufw 2.2.7-1 (low)
	[etch] - nufw <not-affected> (Vulnerable code not present)
CVE-2007-5722 (Stack-based buffer overflow in a certain ActiveX control in GLChat.ocx ...)
	NOT-FOR-US: GlobalLink
CVE-2007-5721 (PHP remote file inclusion vulnerability in _theme/breadcrumb.php in My ...)
	NOT-FOR-US: MySpacePros MySpace Resource Script
CVE-2007-5720 (Unrestricted file upload vulnerability in the profiles script in Profi ...)
	NOT-FOR-US: ProfileCMS
CVE-2007-5719 (SQL injection vulnerability in bb_func_search.php in miniBB 2.1 allows ...)
	NOT-FOR-US: miniBB
CVE-2007-5717 (Unspecified vulnerability in Sun Fire X2100 M2 and X2200 M2 Embedded L ...)
	NOT-FOR-US: Sun Fire
CVE-2007-5716 (Unspecified vulnerability in the Internet Protocol (IP) functionality  ...)
	NOT-FOR-US: Sun Solaris 10
CVE-2007-5715 (DenyHosts 2.6 processes OpenSSH sshd "not listed in AllowUsers" log me ...)
	- denyhosts 2.6-2 (low)
	[etch] - denyhosts <no-dsa> (Minor issue)
	NOTE: bug was fixed with 06_permit_rootlogin_no.dpatch
CVE-2007-5714 (The Gentoo ebuild of MLDonkey before 2.9.0-r3 has a p2p user account w ...)
	- mldonkey <not-affected> (Gentoo-specific packaging flaw)
CVE-2007-5713 (Off-by-one error in the GeoIP module in the AMX Mod X 1.76d plugin for ...)
	NOT-FOR-US: Half-Life Server
CVE-2007-5712 (The internationalization (i18n) framework in Django 0.91, 0.95, 0.95.1 ...)
	{DSA-1640-1}
	- python-django 0.96-1.1 (low; bug #448838)
CVE-2007-5711 (Massive Entertainment World in Conflict 1.001 and earlier allows remot ...)
	NOT-FOR-US: Conflict
CVE-2007-5710 (Cross-site scripting (XSS) vulnerability in wp-admin/edit-post-rows.ph ...)
	- wordpress 2.3.1-1 (unimportant)
	NOTE: requires register_globals On, which we don't support
CVE-2007-5709 (Stack-based buffer overflow in Sony SonicStage CONNECT Player (CP) 4.3 ...)
	NOT-FOR-US: Sony SonicStage CONNECT Player
CVE-2007-5718 (vobcopy 0.5.14 allows local users to append data to an arbitrary file, ...)
	- vobcopy 1.0.2-1 (low; bug #448319)
	[etch] - vobcopy <no-dsa> (Minor issue)
	[sarge] - vobcopy <no-dsa> (Minor issue)
CVE-2007-5706 (Absolute path traversal vulnerability in download.php in Jeebles Direc ...)
	NOT-FOR-US: Jeebles
CVE-2007-5705 (Unspecified vulnerability in the Settings component in the administrat ...)
	NOT-FOR-US: Jeebles
CVE-2007-5704 (Multiple SQL injection vulnerabilities in CodeWidgets.com Online Event ...)
	NOT-FOR-US: CodeWidgets
CVE-2007-5703 (Multiple cross-site scripting (XSS) vulnerabilities in (1) Request-spk ...)
	NOT-FOR-US: RSA KEON
CVE-2007-5702 (Cross-site scripting (XSS) vulnerability in swamp/action/LoginActions  ...)
	NOT-FOR-US: SWAMP OpenSUSE
CVE-2007-5701 (Incomplete blacklist vulnerability in the Certificate Authority (CA) i ...)
	NOT-FOR-US: IBM Lotus Domino
CVE-2007-5700 (The Evaluate LotusScript method in IBM Lotus Domino before 7.0.3 uses  ...)
	NOT-FOR-US: IBM Lotus Domino
CVE-2007-5699 (Stack-based buffer overflow in eIQNetworks Enterprise Security Analyze ...)
	NOT-FOR-US: eIQNetworks
CVE-2007-5698 (Cross-site scripting (XSS) vulnerability in default.asp in CREApark GO ...)
	NOT-FOR-US: CREApark GOLD KOY PORTALI
CVE-2007-5697 (Multiple PHP remote file inclusion vulnerabilities in PHP Image 1.2 al ...)
	NOT-FOR-US: phpImage
CVE-2007-5696 (PHP remote file inclusion vulnerability in includes.php in phpBasic al ...)
	NOT-FOR-US: phpBasic
CVE-2007-5695 (Open redirect vulnerability in command.php in SiteBar 3.3.8 allows rem ...)
	{DSA-1423-1}
	- sitebar 3.3.8-12.1 (low; bug #448690)
	NOTE: there is no real exploit scenario
CVE-2007-5694 (Absolute path traversal vulnerability in the translation module (trans ...)
	{DSA-1423-1}
	- sitebar 3.3.8-12.1 (low; bug #447135)
CVE-2007-5693 (Eval injection vulnerability in the translation module (translator.php ...)
	{DSA-1423-1}
	- sitebar 3.3.8-12.1 (low; bug #447135)
CVE-2007-5692 (Multiple cross-site scripting (XSS) vulnerabilities in SiteBar 3.3.8 a ...)
	{DSA-1423-1}
	- sitebar 3.3.8-12.1 (low; bug #448689)
CVE-2007-5691 (ParseFTPList.cpp in Mozilla Firefox 2.0.0.7 allows remote FTP servers  ...)
	- iceweasel 2.0.0.8-1 (unimportant)
	NOTE: Browser crashes not treated as security problems
CVE-2007-5690
	- zaptel 1:1.4.8~dfsg-1 (unimportant; bug #448763)
	NOTE: zaptel does copy argv[1] into ifr_name but zaptel is not suid root or something
	NOTE: similar so this is no security issue in Debian even if sethdl-new will segfault
CVE-2007-5689 (The Java Virtual Machine (JVM) in Sun Java Runtime Environment (JRE) i ...)
	- sun-java6 6-03-1 (medium)
	- sun-java5 1.5.0-13-1 (medium)
	[etch] - sun-java5 1.5.0-14-1etch1
	- openjdk-6 6b08-1 (bug #566766)
CVE-2007-5688 (Multiple SQL injection vulnerabilities in directory.php in the Multi-F ...)
	NOT-FOR-US: Multi Host Forum Pro
CVE-2007-5687 (Multiple buffer overflows in the rich text processing functionality in ...)
	NOT-FOR-US: JustSystems Ichitaro
CVE-2007-5686 (initscripts in rPath Linux 1 sets insecure permissions for the /var/lo ...)
	- shadow <unfixed> (unimportant)
	NOTE: See #290803, on Debian LOG_UNKFAIL_ENAB in login.defs is set to no so
	NOTE: unknown usernames are not recorded on login failures
CVE-2007-5685 (The safe_path function in shttp before 0.0.5 allows remote attackers t ...)
	NOT-FOR-US: shttp
CVE-2007-5684 (Multiple directory traversal vulnerabilities in TikiWiki 1.9.8.1 and e ...)
	- tikiwiki <removed>
CVE-2007-5683 (Multiple cross-site scripting (XSS) vulnerabilities in TikiWiki 1.9.8. ...)
	- tikiwiki <removed>
CVE-2007-5682 (Incomplete blacklist vulnerability in tiki-graph_formula.php in TikiWi ...)
	- tikiwiki <removed>
CVE-2007-5681
	RESERVED
CVE-2007-5680
	RESERVED
CVE-2007-5707 (OpenLDAP before 2.3.39 allows remote attackers to cause a denial of se ...)
	{DSA-1541-1}
	- openldap2.3 2.3.38-1 (medium; bug #440632)
	- openldap2.2 <removed>
	- openldap2 <not-affected> (slapd not built)
CVE-2007-5708 (slapo-pcache (overlays/pcache.c) in slapd in OpenLDAP before 2.3.39, w ...)
	{DSA-1541-1 DTSA-87-1}
	- openldap2.3 2.3.39-1 (medium; bug #448644)
CVE-2007-2983 (Multiple buffer overflows in the British Telecommunications Consumer w ...)
	NOT-FOR-US: British Telecommunications Consumer webhelper
CVE-2007-5679 (SQL injection vulnerability in index.php in DeeEmm.com DM CMS 0.7.0.Be ...)
	NOT-FOR-US: DM CMS
CVE-2007-5678 (SQL injection vulnerability in the Music module in phpBasic allows rem ...)
	NOT-FOR-US: phpBasic
CVE-2007-5677 (Cross-site scripting (XSS) vulnerability in shoutbox/blocco.php in Hac ...)
	NOT-FOR-US: Hackish
CVE-2007-5676 (PHP remote file inclusion vulnerability in modules/Forums/favorites.ph ...)
	NOT-FOR-US: PHP-Nuke
CVE-2007-5675 (Stack-based buffer overflow in the DebugPrint function in MultiXTpm Ap ...)
	NOT-FOR-US: MultiXTpm Application Server
CVE-2007-5674 (Directory traversal vulnerability in index.php in InstaGuide Weather ( ...)
	NOT-FOR-US: InstaGuide Weather
CVE-2007-5673 (Cross-site scripting (XSS) vulnerability in cgi-bin/webif.exe in ifnet ...)
	NOT-FOR-US: ifnet WebIf
CVE-2007-5672
	RESERVED
CVE-2007-5671 (HGFS.sys in the VMware Tools package in VMware Workstation 5.x before  ...)
	- vmware-package <not-affected> (Only vulnerable on windows hosted systems)
CVE-2007-5670
	REJECTED
CVE-2007-5669
	RESERVED
CVE-2007-5668
	RESERVED
CVE-2007-5667 (NWFILTER.SYS in Novell Client 4.91 SP 1 through SP 4 for Windows 2000, ...)
	NOT-FOR-US: Novell Client
CVE-2007-5666 (Untrusted search path vulnerability in Adobe Reader and Acrobat 8.1.1  ...)
	NOT-FOR-US: Adobe Reader
CVE-2007-5665 (STEngine.exe 3.5.0.20 in Novell ZENworks Endpoint Security Management  ...)
	NOT-FOR-US: Novell ZENworks Endpoint Security Management
CVE-2007-5664 (db2dasrrm in the DB2 Administration Server (DAS) in IBM DB2 Universal  ...)
	NOT-FOR-US: IBM DB2
CVE-2007-5663 (Adobe Reader and Acrobat 8.1.1 and earlier allows remote attackers to  ...)
	NOT-FOR-US: Adobe Reader
CVE-2007-5662
	RESERVED
CVE-2007-5661 (The Macrovision InstallShield InstallScript One-Click Install (OCI) Ac ...)
	NOT-FOR-US: Macrovision InstallShield
CVE-2007-5660 (Unspecified vulnerability in the Update Service ActiveX control in isu ...)
	NOT-FOR-US: MacroVision FLEXnet Connect and InstallShield 2008
CVE-2007-5659 (Multiple buffer overflows in Adobe Reader and Acrobat 8.1.1 and earlie ...)
	NOT-FOR-US: Adobe Reader
CVE-2007-5658 (Heap-based buffer overflow in TIBCO SmartSockets RTserver 6.8.0 and ea ...)
	NOT-FOR-US: TIBCO SmartSockets RTserver
CVE-2007-5657 (TIBCO SmartSockets RTserver 6.8.0 and earlier, RTworks before 4.0.4, a ...)
	NOT-FOR-US: TIBCO SmartSockets RTserver
CVE-2007-5656 (TIBCO SmartSockets RTserver 6.8.0 and earlier, RTworks before 4.0.4, a ...)
	NOT-FOR-US: TIBCO SmartSockets RTserver
CVE-2007-5655 (TIBCO SmartSockets RTserver 6.8.0 and earlier, RTworks before 4.0.4, a ...)
	NOT-FOR-US: TIBCO SmartSockets RTserver
CVE-2007-5654 (LiteSpeed Web Server before 3.2.4 allows remote attackers to trigger u ...)
	NOT-FOR-US: LiteSpeed
CVE-2007-5653 (The Component Object Model (COM) functions in PHP 5.x on Windows do no ...)
	- php5 <not-affected> (windows only)
CVE-2007-5652 (IBM DB2 UDB 9.1 before Fixpak 4 does not properly manage storage of a  ...)
	NOT-FOR-US: IBM DB2
CVE-2007-5651 (Unspecified vulnerability in the Extensible Authentication Protocol (E ...)
	NOT-FOR-US: Cisco IOS
CVE-2007-5650 (Directory traversal vulnerability in system.php in ReloadCMS 1.2.7 all ...)
	NOT-FOR-US: ReloadCMS
CVE-2007-5649 (Cross-site scripting (XSS) vulnerability in lostpwd.php in Creative Di ...)
	NOT-FOR-US: Creative Digital Resources SocketMail
CVE-2007-5648 (Multiple cross-site scripting (XSS) vulnerabilities in rnote.php in rN ...)
	NOT-FOR-US: rnote
CVE-2007-5647 (Multiple cross-site scripting (XSS) vulnerabilities in SocketKB 1.1.5  ...)
	NOT-FOR-US: SocketKB
CVE-2007-5646 (SQL injection vulnerability in Sources/Search.php in Simple Machines F ...)
	NOT-FOR-US: Simple Machines Forum
CVE-2007-5644 (Lussumo Vanilla 1.1.3 and earlier does not require admin privileges fo ...)
	NOT-FOR-US: Lussumo Vanilla
CVE-2007-5643 (Multiple SQL injection vulnerabilities in Lussumo Vanilla 1.1.3 and ea ...)
	NOT-FOR-US: Lussumo Vanilla
CVE-2007-5642 (Multiple directory traversal vulnerabilities in PHP Project Management ...)
	NOT-FOR-US: PHP Project Management
CVE-2007-5641 (Multiple PHP remote file inclusion vulnerabilities in PHP Project Mana ...)
	NOT-FOR-US: PHP Project Management
CVE-2007-5640 (The Nortel UNIStim IP Softphone 2050, IP Phone 1140E, and additional N ...)
	NOT-FOR-US: Nortel VOIP products
CVE-2007-5639 (The Nortel UNIStim IP Softphone 2050, IP Phone 1140E, and other Nortel ...)
	NOT-FOR-US: Nortel VOIP products
CVE-2007-5638 (The Nortel UNIStim IP Softphone 2050, IP Phone 1140E, and additional N ...)
	NOT-FOR-US: Nortel VOIP products
CVE-2007-5637 (The Nortel UNIStim IP Softphone 2050, IP Phone 1140E, and additional N ...)
	NOT-FOR-US: Nortel VOIP products
CVE-2007-5636 (Buffer overflow in the Nortel UNIStim IP Softphone 2050 allows remote  ...)
	NOT-FOR-US: Nortel VOIP products
CVE-2007-5635 (Multiple unspecified vulnerabilities in Salford Software Support Incid ...)
	NOT-FOR-US: Salford Software Support Incident Tracke
CVE-2007-5634 (Speedfan.sys in Alfredo Milani Comparetti SpeedFan 4.33, when used on  ...)
	NOT-FOR-US: SpeedFan
CVE-2007-5633 (Speedfan.sys in Alfredo Milani Comparetti SpeedFan 4.33, when used on  ...)
	NOT-FOR-US: SpeedFan
CVE-2007-5632 (Multiple unspecified vulnerabilities in the kernel in Sun Solaris 8 th ...)
	NOT-FOR-US: Solaris
CVE-2007-5631 (Multiple PHP remote file inclusion vulnerabilities in PeopleAggregator ...)
	NOT-FOR-US: PeopleAggregator
CVE-2007-5630 (SQL injection vulnerability in tnews.php in BBsProcesS BBPortalS 1.5.1 ...)
	NOT-FOR-US: BBsProcesS BBPortalS
CVE-2007-5629 (Cross-site scripting (XSS) vulnerability in admin/logon.asp in Shoppin ...)
	NOT-FOR-US: ShoppingTree CandyPress Store #
CVE-2007-5628 (PHP remote file inclusion vulnerability in src/scripture.php in The On ...)
	NOT-FOR-US: TOWeLS
CVE-2007-5627 (PHP remote file inclusion vulnerability in content/fnc-readmail3.php i ...)
	NOT-FOR-US: Socketmail
CVE-2007-5626 (make_catalog_backup in Bacula 2.2.5, and probably earlier, sends a MyS ...)
	- bacula 5.0.0-1 (unimportant; bug #446809)
	NOTE: this script needs the default database password and name needs to be set which
	NOTE: would be a bigger problem in a non-trusted environment. Apart from
	NOTE: this is documented in the bacula documentation
	NOTE: Since bacula 5.0.0 "make_catalog_backup.pl" is used by default, which is not affected
CVE-2007-5625 (Cross-site scripting (XSS) vulnerability in filename.asp in ASP Site S ...)
	NOT-FOR-US: Site Search SearchSimon Lite
CVE-2007-5624 (Cross-site scripting (XSS) vulnerability in Nagios 2.x before 2.10 all ...)
	{DSA-1883-2 DSA-1883-1}
	- nagios2 2.9-1.1 (low; bug #448371)
CVE-2007-5623 (Buffer overflow in the check_snmp function in Nagios Plugins (nagios-p ...)
	{DSA-1495-1}
	- nagios-plugins 1.4.8-2.2 (medium; bug #448372)
	[sarge] - nagios-plugins <not-affected> (Vulnerable code not present)
CVE-2007-5622 (Double free vulnerability in the ftpprchild function in ftppr in 3prox ...)
	- 3proxy <itp> (bug #718219)
CVE-2007-5621 (Multiple cross-site scripting (XSS) vulnerabilities in the Token modul ...)
	NOT-FOR-US: Token Drupal
	NOTE: Token is not included in the drupal packages
CVE-2007-5620 (Directory traversal vulnerability in admin/inc/help.php in ZZ:FlashCha ...)
	NOT-FOR-US: ZZ:FlashChat
CVE-2007-5619 (Unspecified vulnerability in VMware Server before 1.0.4 causes user pa ...)
	- vmware-package <removed> (low; bug #486177)
	[etch] - vmware-package <no-dsa> (Contrib not supported)
	NOTE: vmware-package just builds vmware from downloaded tarballs, the package itself
	NOTE: does not download them, however it needs to update its hashes for upstream tarballs
CVE-2007-5618 (Unquoted Windows search path vulnerability in the Authorization and ot ...)
	- vmware-package <not-affected> (Only vulnerable on windows hosted systems)
	[etch] - vmware-package <no-dsa> (Contrib not supported)
CVE-2007-5617 (Unspecified vulnerability in VMware Player 1.0.x before 1.0.5 and 2.0  ...)
	- vmware-package <removed> (low; bug #486177)
	[etch] - vmware-package <no-dsa> (Contrib not supported)
	NOTE: vmware-package just builds vmware from downloaded tarballs, the package itself
	NOTE: does not download them, however it needs to update its hashes for upstream tarballs
CVE-2007-5616 (ssh-signer in SSH Tectia Client and Server 5.x before 5.2.4, and 5.3.x ...)
	NOT-FOR-US: SSH Tectia Client and Server
CVE-2007-5615 (CRLF injection vulnerability in Mortbay Jetty before 6.1.6rc0 allows r ...)
	- jetty 6.1.19-1 (low; bug #454529)
CVE-2007-5614 (Mortbay Jetty before 6.1.6rc1 does not properly handle "certain quote  ...)
	- jetty 6.1.19-1 (low; bug #454529)
CVE-2007-5613 (Cross-site scripting (XSS) vulnerability in Dump Servlet in Mortbay Je ...)
	- jetty 6.1.19-1 (low; bug #454529)
CVE-2007-5612 (CIM Server in IBM Director 5.20.1 and earlier allows remote attackers  ...)
	NOT-FOR-US: IBM Director
CVE-2007-5611
	RESERVED
CVE-2007-5610 (The DeleteSingleFile function in the HPISDataManagerLib.Datamgr Active ...)
	NOT-FOR-US: ActiveX control
CVE-2007-5609
	RESERVED
CVE-2007-5608 (The DownloadFile function in the HPISDataManagerLib.Datamgr ActiveX co ...)
	NOT-FOR-US: ActiveX control
CVE-2007-5607 (Buffer overflow in the RegistryString function in the HPISDataManagerL ...)
	NOT-FOR-US: ActiveX control
CVE-2007-5606 (Buffer overflow in the MoveFile function in the HPISDataManagerLib.Dat ...)
	NOT-FOR-US: ActiveX control
CVE-2007-5605 (Buffer overflow in the GetFileTime function in the HPISDataManagerLib. ...)
	NOT-FOR-US: ActiveX control
CVE-2007-5604 (Buffer overflow in the ExtractCab function in the HPISDataManagerLib.D ...)
	NOT-FOR-US: ActiveX control
CVE-2007-5603 (Stack-based buffer overflow in the SonicWall SSL-VPN NetExtender NELau ...)
	NOT-FOR-US: SonicWall SSL-VPN NetExtender
CVE-2007-5602 (Multiple stack-based buffer overflows in SwiftView Viewer before 8.3.5 ...)
	NOT-FOR-US: SwiftView Viewer
CVE-2007-5601 (Stack-based buffer overflow in the Database Component in MPAMedia.dll  ...)
	NOT-FOR-US: RealPlayer (windows only issue)
CVE-2007-5600 (Incomplete blacklist vulnerability in index.php in Artmedic CMS 3.4 an ...)
	NOT-FOR-US: Artmedic CMS
CVE-2007-5599 (Multiple PHP remote file inclusion vulnerabilities in awrate 1.0 allow ...)
	NOT-FOR-US: awrate
CVE-2007-5598 (Cross-site scripting (XSS) vulnerability in Weblinks for Drupal 4.7.x  ...)
	- drupal5 <not-affected> (bug #447748)
	- drupal <not-affected> (bug #447746)
	NOTE: drupal weblinks is not included in the drupal package in debian
CVE-2007-5597 (The hook_comments API in Drupal 4.7.x before 4.7.8 and 5.x before 5.3  ...)
	- drupal5 5.3-1
	- drupal 4.7.8-1
CVE-2007-5596 (The core Upload module in Drupal 4.7.x before 4.7.8 and 5.x before 5.3 ...)
	- drupal5 5.3-1
	- drupal 4.7.8-1
CVE-2007-5595 (CRLF injection vulnerability in the drupal_goto function in includes/c ...)
	- drupal5 5.3-1
	- drupal 4.7.8-1
CVE-2007-5594 (Drupal 5.x before 5.3 does not apply its Drupal Forms API protection a ...)
	- drupal5 5.3-1
	- drupal 4.7.8-1
CVE-2007-5593 (install.php in Drupal 5.x before 5.3, when the configured database ser ...)
	- drupal5 5.3-1
	- drupal 4.7.8-1
CVE-2007-5592 (Multiple PHP remote file inclusion vulnerabilities in awzMB 4.2 beta 1 ...)
	NOT-FOR-US: awzMB
CVE-2007-5591 (The CS1000 signaling server in Nortel Enterprise VoIP-Core-CS 1000M Ch ...)
	NOT-FOR-US: Nortel Enterprise VoIP-Core-CS
CVE-2007-5590 (Multiple buffer overflows in Miranda before 0.7.1 allow remote attacke ...)
	NOT-FOR-US: Miranda
CVE-2007-5588 (Cross-site scripting (XSS) vulnerability in mnoGoSearch before 3.2.43  ...)
	{DTSA-103-1}
	- mnogosearch 3.3.4-4.1 (low; bug #447753)
	[sarge] - mnogosearch <no-dsa> (Minor issue)
	[etch] - mnogosearch <no-dsa> (Minor issue)
CVE-2007-5587 (Buffer overflow in Macrovision SafeDisc secdrv.sys before 4.3.86.0, as ...)
	NOT-FOR-US: Microsoft Windows
CVE-2007-5586
	REJECTED
CVE-2007-5585 (xscreensaver 5.03 and earlier, when running without xscreensaver-gl-ex ...)
	{DTSA-83-1}
	- xscreensaver 5.03-3.1 (medium; bug #448157)
	[etch] - xscreensaver <not-affected> (Vulnerable code not present)
	[sarge] - xscreensaver <not-affected> (Vulnerable code not present)
CVE-2007-5584 (Unspecified vulnerability in Cisco Firewall Services Module (FWSM) 3.2 ...)
	NOT-FOR-US: Cisco
CVE-2007-5583 (Cisco IP Phone 7940 with firmware P0S3-08-7-00 allows remote attackers ...)
	NOT-FOR-US: Cisco IP Phone
CVE-2007-5582 (Cross-site scripting (XSS) vulnerability in the login page in Cisco Ci ...)
	NOT-FOR-US: Cisco
CVE-2007-5581 (Multiple cross-site scripting (XSS) vulnerabilities in mpweb/scripts/m ...)
	NOT-FOR-US: Cisco Unified MeetingPlace
CVE-2007-5580 (Buffer overflow in a certain driver in Cisco Security Agent 4.5.1 befo ...)
	NOT-FOR-US: Cisco
CVE-2007-5589 (Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin befo ...)
	{DSA-1403-1}
	- phpmyadmin 4:2.11.1.2-1
	NOTE: https://www.phpmyadmin.net/security/PMASA-2007-6/
	NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/c32d999eb16a9e2748a834e3ad722cc4d33f7dd5
CVE-2007-5579 (login.php in Pligg CMS 9.5 uses a guessable confirmation code when res ...)
	NOT-FOR-US: Pligg CMS
CVE-2007-5578 (Basic Analysis and Security Engine (BASE) before 1.3.8 sends a redirec ...)
	- acidbase 1.3.8 (low)
	[etch] - acidbase <no-dsa> (Minor issue)
CVE-2007-5577 (Multiple cross-site scripting (XSS) vulnerabilities in Joomla! before  ...)
	NOT-FOR-US: Joomla!
CVE-2007-5576 (BEA Tuxedo 8.0 before RP392 and 8.1 before RP293, and WebLogic Enterpr ...)
	NOT-FOR-US: BEA Tuxedo
CVE-2007-5575 (Cross-site request forgery (CSRF) vulnerability in 1024 CMS 1.2.5 allo ...)
	NOT-FOR-US: 1024 CMS
CVE-2007-5574 (PHP remote file inclusion vulnerability in djpage.php in PHPDJ 0.5 all ...)
	NOT-FOR-US: PHPDJPHPDJ
CVE-2007-5573 (PHP remote file inclusion vulnerability in classes/core/language.php i ...)
	- limesurvey <itp> (bug #472802)
CVE-2007-5572 (Multiple cross-site request forgery (CSRF) vulnerabilities in Simple P ...)
	NOT-FOR-US: SPHPBlog
CVE-2007-5571 (Cisco Firewall Services Module (FWSM) 3.1(6), and 3.2(2) and earlier,  ...)
	NOT-FOR-US: Cisco Firewall Services Module
CVE-2007-5570 (Cisco Firewall Services Module (FWSM) 3.2(1), and 3.1(5) and earlier,  ...)
	NOT-FOR-US: Cisco Firewall Services Module
CVE-2007-5569 (Cisco PIX and ASA appliances with 7.1 and 7.2 software, when configure ...)
	NOT-FOR-US: Cisco
CVE-2007-5568 (Cisco PIX and ASA appliances with 7.0 through 8.0 software, and Cisco  ...)
	NOT-FOR-US: Cisco
CVE-2007-5567 (PHP remote file inclusion vulnerability in _lib/fckeditor/upload_confi ...)
	- moin <not-affected> (Does not contain the vulnerable code)
	- karrigell <not-affected> (Does not contain the vulnerable code)
	- knowledgeroot <not-affected> (Does not contain the vulnerable code)
CVE-2007-5566
	NOT-FOR-US: PHPBlog
CVE-2007-5565
	NOT-FOR-US: phpSCMS
CVE-2007-5564 (Multiple cross-site scripting (XSS) vulnerabilities in NSSboard (forme ...)
	NOT-FOR-US: NSSboard
CVE-2007-5563 (Unspecified vulnerability in VirtueMart before 1.0.13 allows remote at ...)
	NOT-FOR-US: VirtueMart
CVE-2007-5562 (Cross-site scripting (XSS) vulnerability in cgi-bin/welcome (aka the l ...)
	NOT-FOR-US: Netgear firmware
CVE-2007-5561 (Format string vulnerability in the logging function in the Oracle OPMN ...)
	NOT-FOR-US: Oracle
CVE-2007-5560 (Heap-based buffer overflow in the Juniper HTTP Service allows remote a ...)
	NOT-FOR-US: Juniper HTTP Service
CVE-2007-5559 (Heap-based buffer overflow in the IBM ThinkVantage TPM Service allows  ...)
	NOT-FOR-US: IBM ThinkVantage TPM Service
CVE-2007-5558 (Integer overflow in the LG Mobile handset allows remote attackers to c ...)
	NOT-FOR-US: LG Mobile handset
CVE-2007-5557 (Unspecified vulnerability in the NEC mobile handset allows remote atta ...)
	NOT-FOR-US: NEC mobile handset
CVE-2007-5556 (Unspecified vulnerability in the Avaya VoIP Handset allows remote atta ...)
	NOT-FOR-US: Avaya VoIP Handset
CVE-2007-5555 (Unspecified vulnerability in Symantec Altiris Deployment Solution allo ...)
	NOT-FOR-US: Symantec Altiris Deployment Solution
CVE-2007-5554 (Oracle allows remote attackers to obtain server memory contents via cr ...)
	NOT-FOR-US: Oracle
CVE-2007-5553
	REJECTED
CVE-2007-5552 (Integer overflow in Cisco IOS allows remote attackers to execute arbit ...)
	NOT-FOR-US: Cisco
CVE-2007-5551 (Off-by-one error in Cisco IOS allows remote attackers to execute arbit ...)
	NOT-FOR-US: Cisco
CVE-2007-5550 (Unspecified vulnerability in Cisco IOS allows remote attackers to obta ...)
	NOT-FOR-US: Cisco
CVE-2007-5549 (Unspecified vulnerability in Command EXEC in Cisco IOS allows local us ...)
	NOT-FOR-US: Cisco
CVE-2007-5548 (Multiple stack-based buffer overflows in Command EXEC in Cisco IOS all ...)
	NOT-FOR-US: Cisco
CVE-2007-5547 (Cross-site scripting (XSS) vulnerability in Cisco IOS allows remote at ...)
	NOT-FOR-US: Cisco
CVE-2007-5546 (Multiple stack-based buffer overflows in TIBCO SmartPGM FX allow remot ...)
	NOT-FOR-US: TIBCO SmartPGM FX
CVE-2007-5545 (Format string vulnerability in TIBCO SmartPGM FX allows remote attacke ...)
	NOT-FOR-US: TIBCO SmartPGM FX
CVE-2007-5544 (IBM Lotus Notes before 6.5.6, and 7.x before 7.0.3; and Domino before  ...)
	NOT-FOR-US: IBM Lotus Notes
CVE-2007-5543 (Stack-based buffer overflow in Miranda IM 0.6.8 and 0.7.0 allows remot ...)
	NOT-FOR-US: Miranda
CVE-2007-5542 (Stack-based buffer overflow in Miranda IM 0.6.8 allows remote attacker ...)
	NOT-FOR-US: Miranda
CVE-2007-5541 (Unspecified vulnerability in Opera before 9.24, when using an "externa ...)
	NOT-FOR-US: Opera
CVE-2007-5540 (Unspecified vulnerability in Opera before 9.24 allows remote attackers ...)
	NOT-FOR-US: Opera
CVE-2007-5539 (Unspecified vulnerability in Cisco Unified Intelligent Contact Managem ...)
	NOT-FOR-US: Cisco
CVE-2007-5538 (Buffer overflow in the Centralized TFTP File Locator Service in Cisco  ...)
	NOT-FOR-US: Cisco
CVE-2007-5537 (Cisco Unified Communications Manager (CUCM, formerly CallManager) 5.1  ...)
	NOT-FOR-US: Cisco
CVE-2007-5536 (Unspecified vulnerability in OpenSSL before A.00.09.07l on HP-UX B.11. ...)
	NOT-FOR-US: HP-UX
CVE-2007-5535 (Unspecified vulnerability in newbb_plus in RunCms 1.5.2 has unknown im ...)
	NOT-FOR-US: RunCms
CVE-2007-5534 (Unspecified vulnerability in the HCM component in Oracle PeopleSoft En ...)
	NOT-FOR-US: Oracle
CVE-2007-5533 (Unspecified vulnerability in the People Tools component in Oracle Peop ...)
	NOT-FOR-US: Oracle
CVE-2007-5532 (Unspecified vulnerability in the People Tools component in Oracle Peop ...)
	NOT-FOR-US: Oracle
CVE-2007-5531 (Unspecified vulnerability in Oracle Help for Web, as used in Oracle Ap ...)
	NOT-FOR-US: Oracle
CVE-2007-5530 (Unspecified vulnerability in the Database Control component in Oracle  ...)
	NOT-FOR-US: Oracle
CVE-2007-5529 (Unspecified vulnerability in the Oracle Self-Service Web Applications  ...)
	NOT-FOR-US: Oracle
CVE-2007-5528 (Multiple unspecified vulnerabilities in Oracle E-Business Suite 12.0.2 ...)
	NOT-FOR-US: Oracle
CVE-2007-5527 (Multiple unspecified vulnerabilities in Oracle E-Business Suite 11.5.1 ...)
	NOT-FOR-US: Oracle
CVE-2007-5526 (Unspecified vulnerability in the Oracle Portal component in Oracle App ...)
	NOT-FOR-US: Oracle
CVE-2007-5525 (Unspecified vulnerability in the Oracle Single Sign-On component in Or ...)
	NOT-FOR-US: Oracle
CVE-2007-5524 (Unspecified vulnerability in the Oracle Single Sign-On component in Or ...)
	NOT-FOR-US: Oracle
CVE-2007-5523 (Unspecified vulnerability in the Oracle Internet Directory component i ...)
	NOT-FOR-US: Oracle
CVE-2007-5522 (Unspecified vulnerability in the Oracle Portal component in Oracle App ...)
	NOT-FOR-US: Oracle
CVE-2007-5521 (Unspecified vulnerability in the Oracle Containers for J2EE component  ...)
	NOT-FOR-US: Oracle
CVE-2007-5520 (Unspecified vulnerability in the Oracle Internet Directory component i ...)
	NOT-FOR-US: Oracle
CVE-2007-5519 (Unspecified vulnerability in the Oracle Portal component in Oracle App ...)
	NOT-FOR-US: Oracle
CVE-2007-5518 (Unspecified vulnerability in the Oracle HTTP Server component in Oracl ...)
	NOT-FOR-US: Oracle
CVE-2007-5517 (Unspecified vulnerability in the Oracle Portal component in Oracle App ...)
	NOT-FOR-US: Oracle
CVE-2007-5516 (Unspecified vulnerability in the Oracle Process Mgmt &amp; Notificatio ...)
	NOT-FOR-US: Oracle
CVE-2007-5515 (Unspecified vulnerability in the Spatial component in Oracle Database  ...)
	NOT-FOR-US: Oracle
CVE-2007-5514 (Multiple unspecified vulnerabilities in Oracle Database 10.2.0.3 have  ...)
	NOT-FOR-US: Oracle
CVE-2007-5513 (The XML DB (XMLDB) component in Oracle Database 9.2.0.8, 9.2.0.8DV, an ...)
	NOT-FOR-US: Oracle
CVE-2007-5512 (Unspecified vulnerability in the Oracle Database Vault component in Or ...)
	NOT-FOR-US: Oracle
CVE-2007-5511 (SQL injection vulnerability in Workspace Manager for Oracle Database b ...)
	NOT-FOR-US: Oracle
CVE-2007-5510 (Multiple unspecified vulnerabilities in the Workspace Manager componen ...)
	NOT-FOR-US: Oracle
CVE-2007-5509 (Unspecified vulnerability in the Spatial component in Oracle Database  ...)
	NOT-FOR-US: Oracle
CVE-2007-5508 (Multiple SQL injection vulnerabilities in the CTXSYS Intermedia applic ...)
	NOT-FOR-US: Oracle
CVE-2007-5507 (The GIOP service in TNS Listener in the Oracle Net Services component  ...)
	NOT-FOR-US: Oracle
CVE-2007-5506 (The Core RDBMS component in Oracle Database 9.0.1.5+, 9.2.0.8, 9.2.0.8 ...)
	NOT-FOR-US: Oracle
CVE-2007-5505 (Multiple unspecified vulnerabilities in Oracle Database 9.0.1.5+, 9.2. ...)
	NOT-FOR-US: Oracle
CVE-2007-5504 (Multiple unspecified vulnerabilities in Oracle Database 9.0.1.5+ and 1 ...)
	NOT-FOR-US: Oracle
CVE-2007-5503 (Multiple integer overflows in Cairo before 1.4.12 might allow remote a ...)
	{DSA-1542-1 DTSA-96-1}
	- libcairo 1.4.10-1.1 (medium; bug #453686)
CVE-2007-5502 (The PRNG implementation for the OpenSSL FIPS Object Module 1.1.1 does  ...)
	NOT-FOR-US: OpenSSL Fips object module
CVE-2007-5501 (The tcp_sacktag_write_queue function in net/ipv4/tcp_input.c in Linux  ...)
	- linux-2.6 2.6.23-1 (high)
	[etch] - linux-2.6 <not-affected> (Vulnerable code was introduced in 2.6.21)
	NOTE: http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=96a2d41a3e495734b63bff4e5dd0112741b93b38
CVE-2007-5500 (The wait_task_stopped function in the Linux kernel before 2.6.23.8 che ...)
	{DSA-1428-1}
	- linux-2.6 2.6.23-2
CVE-2007-5499
	REJECTED
CVE-2007-5498 (The Xen hypervisor block backend driver for Linux kernel 2.6.18, when  ...)
	- xen-unstable <not-affected> (Vulnerable code not present)
	- xen-3 <not-affected> (Vulnerable code not present)
CVE-2007-5497 (Multiple integer overflows in libext2fs in e2fsprogs before 1.40.3 all ...)
	{DSA-1422-1 DTSA-95-1}
	- e2fsprogs 1.40.3-1 (bug #454760)
CVE-2007-5496 (Cross-site scripting (XSS) vulnerability in setroubleshoot 2.0.5 allow ...)
	NOT-FOR-US: setroubleshoot
CVE-2007-5495 (sealert in setroubleshoot 2.0.5 allows local users to overwrite arbitr ...)
	NOT-FOR-US: setroubleshoot
CVE-2007-5494 (Memory leak in the Red Hat Content Accelerator kernel patch in Red Hat ...)
	- linux-2.6 <not-affected> (RedHat specific patch)
CVE-2007-5493 (The SMS handler for Windows Mobile 2005 Pocket PC Phone edition allows ...)
	NOT-FOR-US: Windows Mobile
CVE-2007-5492 (Static code injection vulnerability in the translation module (transla ...)
	{DSA-1423-1}
	- sitebar 3.3.8-12.1 (bug #447135)
CVE-2007-5491 (Directory traversal vulnerability in the translation module (translato ...)
	{DSA-1423-1}
	- sitebar 3.3.8-12.1 (bug #447135)
CVE-2007-5490 (SQL injection vulnerability in default.asp in Okul Otomasyon Portal 2. ...)
	NOT-FOR-US: Okul Otomasyon Portal
CVE-2007-5489 (Directory traversal vulnerability in index.php in Artmedic CMS 3.4 and ...)
	NOT-FOR-US: Artmedic CMS
CVE-2007-5487 (Stack-based buffer overflow in COWON America jetAudio Basic 7.0.3 allo ...)
	NOT-FOR-US: COWON America jetAudioc
CVE-2007-5486 (dotProject before 2.1 does not properly check privileges when invoking ...)
	NOT-FOR-US: dotProject
CVE-2007-5485 (SQL injection vulnerability in index.php in the mg2 1.0 module for Kws ...)
	NOT-FOR-US: KwsPHP
CVE-2007-5484 (Directory traversal vulnerability in wxis.exe in WWWISIS 7.1 allows lo ...)
	NOT-FOR-US: WWWISIS
CVE-2007-5483 (Unspecified vulnerability in the Administrative Scripting Tools (such  ...)
	NOT-FOR-US: IBM WebSphere
CVE-2007-5482 (Unspecified vulnerability in the FTP service in Sun StorEdge/StorageTe ...)
	NOT-FOR-US: Sun firmware
CVE-2007-5481 (Distributed Checksum Clearinghouse (DCC) 1.3.65 allows remote attacker ...)
	- dcc <not-affected> (vulnerable code introduced in 1.3.65)
CVE-2007-5480 (Multiple cross-site scripting (XSS) vulnerabilities in InnovaAge Innov ...)
	NOT-FOR-US: ZInnovaAge InnovaShop
CVE-2007-5479 (Cross-site scripting (XSS) vulnerability in Search.asp in Xcomputer al ...)
	NOT-FOR-US: Xcomputer
CVE-2007-5478 (Cross-site scripting (XSS) vulnerability in projects in Nabh Stringbea ...)
	NOT-FOR-US: Sbportal
CVE-2007-5477 (Cross-site scripting (XSS) vulnerability in auth.w in djeyl.net WebMod ...)
	NOT-FOR-US: djeyl.net WebMod
CVE-2007-5476 (Unspecified vulnerability in Adobe Flash Player 9.0.47.0 and earlier,  ...)
	NOT-FOR-US: Opera specific flash vulnerability
CVE-2007-5475 (Multiple buffer overflows in the Marvell wireless driver, as used in L ...)
	NOT-FOR-US: Linksys WAP4400N Wi-Fi access point
CVE-2007-5474 (The driver for the Linksys WRT350N Wi-Fi access point with firmware 2. ...)
	NOT-FOR-US: Linksys WRT350N Wi-Fi access point
CVE-2007-5473 (StaticFileHandler.cs in System.Web in Mono before 1.2.5.2, when runnin ...)
	- mono <not-affected> (Windows-specific vulnerability)
CVE-2007-5472 (Cross-site scripting (XSS) vulnerability in the Server component in CA ...)
	NOT-FOR-US: HIPS
CVE-2007-5488 (Multiple SQL injection vulnerabilities in cdr_addon_mysql in Asterisk- ...)
	- asterisk-addons 1.4.4-1
CVE-2007-5471 (libgssapi before 0.6-13.7, as used by the ISC BIND named daemon in SUS ...)
	- libgssapi 0.8-1
CVE-2007-5470 (Microsoft Expression Media stores the catalog password in cleartext in ...)
	NOT-FOR-US: Microsoft Expression Media
CVE-2007-5469
	- openser 1.3.0-1 (unimportant; bug #446956)
	NOTE: should be only "exploitable" in local network with untrusted users
CVE-2007-5468 (Cisco CallManager 5.1.1.3000-5 does not verify the Digest authenticati ...)
	NOT-FOR-US: Cisco
CVE-2007-5467 (Integer overflow in eXtremail 2.1.1 and earlier allows remote attacker ...)
	NOT-FOR-US: eXtremail
CVE-2007-5466 (Multiple buffer overflows in eXtremail 2.1.1 and earlier allow remote  ...)
	NOT-FOR-US: eXtremail
CVE-2007-5465 (Directory traversal vulnerability in doop CMS 1.3.7 and earlier allows ...)
	NOT-FOR-US: doop CMS
CVE-2007-5464 (Stack-based buffer overflow in Live for Speed 0.5X10 and earlier allow ...)
	NOT-FOR-US: Live for Speed
CVE-2007-5463 (ideal_process.php in the iDEAL payment module in ViArt Shop 3.3 beta a ...)
	NOT-FOR-US: ViArt Shop
CVE-2007-5462 (Unspecified vulnerability in the Sun Solaris RPC services library (lib ...)
	NOT-FOR-US: Solaris
CVE-2007-5460 (Microsoft ActiveSync 4.1, as used in Windows Mobile 5.0, uses weak enc ...)
	NOT-FOR-US: Microsoft ActiveSync
CVE-2007-5459 (Cross-site scripting (XSS) vulnerability in the sidebar HTML page in t ...)
	NOT-FOR-US: MouseoverDictionary
CVE-2007-5458 (SQL injection vulnerability in index.php in the newsletter module 1.0  ...)
	NOT-FOR-US: KwsPHP
CVE-2007-5457 (Multiple PHP remote file inclusion vulnerabilities in Michael Dempfle  ...)
	NOT-FOR-US: Joomla! extension
CVE-2007-5456 (Microsoft Internet Explorer 7 and earlier allows remote attackers to b ...)
	NOT-FOR-US: Internet Explorer
CVE-2007-5455 (Cross-site scripting (XSS) vulnerability in wxis.exe in WWWISIS 7.1 an ...)
	NOT-FOR-US: WWWISIS
CVE-2007-5454 (Directory traversal vulnerability in index.php in PHP File Sharing Sys ...)
	NOT-FOR-US: PHP File Sharing
CVE-2007-5453 (Multiple eval injection vulnerabilities in Php-Stats 0.1.9.2 allow rem ...)
	NOT-FOR-US: Php-Stats
CVE-2007-5452 (Multiple SQL injection vulnerabilities in php-stats.recjs.php in Php-S ...)
	NOT-FOR-US: Php-Stats
CVE-2007-5451 (PHP remote file inclusion vulnerability in admin.color.php in the com_ ...)
	NOT-FOR-US: Joomla! extension
CVE-2007-5450 (Unspecified vulnerability in Safari on the Apple iPod touch (aka iTouc ...)
	NOT-FOR-US: Apple firmware
CVE-2007-5449 (SQL injection vulnerability in searchresult.php in Softbiz Recipes Por ...)
	NOT-FOR-US: Softbiz Recipes Portal Script
CVE-2007-5448 (Madwifi 0.9.3.2 and earlier allows remote attackers to cause a denial  ...)
	- madwifi 1:0.9.3.2-2 (medium; bug #446824)
	[etch] - madwifi 1:0.9.2+r1842.20061207-2etch2
CVE-2007-5447 (ioncube_loader_win_5.2.dll in the ionCube Loader 6.5 extension for PHP ...)
	NOT-FOR-US: ionCube
CVE-2007-5446 (Absolute path traversal vulnerability in a certain ActiveX control in  ...)
	NOT-FOR-US: PBEmail
CVE-2007-5445 (Buffer overflow in the DB Software Laboratory VImpX (VImpAX1) ActiveX  ...)
	NOT-FOR-US: VImpX
CVE-2007-5444 (CMS Made Simple 1.1.3.1 allows remote attackers to obtain the full pat ...)
	NOT-FOR-US: CMS Made Simpe
CVE-2007-5443 (Multiple cross-site scripting (XSS) vulnerabilities in CMS Made Simple ...)
	NOT-FOR-US: CMS Made Simpe
CVE-2007-5442 (CMS Made Simple 1.1.3.1 does not check the permissions assigned to use ...)
	NOT-FOR-US: CMS Made Simpe
CVE-2007-5441 (CMS Made Simple 1.1.3.1 does not check the permissions assigned to use ...)
	NOT-FOR-US: CMS Made Simpe
CVE-2007-5440
	NOT-FOR-US: Crs Manager
CVE-2007-5439 (CA (formerly Computer Associates) eTrust ITM (Threat Manager) 8.1 stor ...)
	NOT-FOR-US: eTrust ITM
CVE-2007-5438 (Unspecified vulnerability in a certain ActiveX control in Reconfig.DLL ...)
	- vmware-package <not-affected> (Windows only)
CVE-2007-5437 (The web console in CA (formerly Computer Associates) eTrust ITM (Threa ...)
	NOT-FOR-US: eTrust ITM
CVE-2007-5436 (Buffer overflow in a certain ActiveX control in ScanObjectBrowser.DLL  ...)
	NOT-FOR-US: G DATA Antivirus
CVE-2007-5435 (Unspecified vulnerability in CA ERwin Process Modeler (formerly AllFus ...)
	NOT-FOR-US: CA ERwin Process Modeler
CVE-2007-5434 (Cross-site scripting (XSS) vulnerability in PRO-search 0.17.1 and earl ...)
	NOT-FOR-US: PRO-search
CVE-2007-5433 (Multiple cross-site scripting (XSS) vulnerabilities in index.cgi in Si ...)
	NOT-FOR-US: Site-Up
CVE-2007-5432 (Stride 1.0 has a default administrator username of "scott" with the pa ...)
	NOT-FOR-US: Stride
CVE-2007-5431 (include/imageupload.js in the MyFTPUploader module in Stride 1.0 conta ...)
	NOT-FOR-US: Stride module
CVE-2007-5430 (Multiple SQL injection vulnerabilities in Stride 1.0 allow remote atta ...)
	NOT-FOR-US: Stride
CVE-2007-5429 (Cross-site scripting (XSS) vulnerability in index.php in Nucleus 3.01  ...)
	NOT-FOR-US: Nucleus
CVE-2007-5428 (Cross-site scripting (XSS) vulnerability in UMI CMS allows remote atta ...)
	NOT-FOR-US: UMI CMS
CVE-2007-5427 (Cross-site scripting (XSS) vulnerability in the com_search component i ...)
	NOT-FOR-US: Joomla!
CVE-2007-5426 (Multiple cross-site scripting (XSS) vulnerabilities in ActiveKB NX 2.5 ...)
	NOT-FOR-US: ActiveKB NX
CVE-2007-5425 (SQL injection vulnerability in admin/index.php in Interspire ActiveKB  ...)
	NOT-FOR-US: ActiveKB NX
CVE-2007-5424 (The disable_functions feature in PHP 4 and 5 allows attackers to bypas ...)
	- php4 <removed> (unimportant)
	- php5 <removed> (unimportant)
	NOTE: if the function is blacklisted but not its alias it is a configuration
	NOTE: issue of the site not a vulnerability in php
CVE-2007-5423 (tiki-graph_formula.php in TikiWiki 1.9.8 allows remote attackers to ex ...)
	- tikiwiki <removed>
CVE-2007-5422 (Unspecified vulnerability in "Solaris Auditing" in the Basic Security  ...)
	NOT-FOR-US: Solaris Auditing
CVE-2007-5421
	REJECTED
CVE-2007-5420 (The 3Com 3CRWER100-75 router with 1.2.10ww software, when remote manag ...)
	NOT-FOR-US: 3Com 3CRWER100-75
CVE-2007-5419 (The 3Com 3CRWER100-75 router with 1.2.10ww software, when enabling an  ...)
	NOT-FOR-US: 3Com 3CRWER100-75
CVE-2007-5418 (Multiple PHP remote file inclusion vulnerabilities in CARE2X 2G 2.2 al ...)
	NOT-FOR-US: CARE2X
CVE-2007-5417 (Directory traversal vulnerability in index.php in boastMachine (aka bM ...)
	NOT-FOR-US: boastMachine
CVE-2007-5416 (Drupal 5.2 and earlier does not properly unset variables when the inpu ...)
	- drupal5 <unfixed> (unimportant; bug #446887)
	- drupal <unfixed> (unimportant)
	NOTE: The underlying PHP issue has been fixed in DSA 1206.
	NOTE: Plus, register_globals is not supported in Debian
CVE-2007-5415 (Cross-site scripting (XSS) vulnerability in Mozilla Firefox 2.0, when  ...)
	- iceweasel <removed> (unimportant)
	NOTE: if you are on a site which allows UTF-7 sure you need to sanitize the
	NOTE: equivalent strings in UTF-7
	NOTE: referring to the mozilla security team this is a non-issue and a duplicate of
	NOTE: CVE-2007-5414, mailed mitre
CVE-2007-5414 (Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 2.0 ...)
	- iceweasel 2.0+dfsg-1
CVE-2007-5413 (httpd.tkd in Radia Integration Server in Hewlett-Packard (HP) OpenView ...)
	NOT-FOR-US: HP OpenView
CVE-2007-5412 (Multiple PHP remote file inclusion vulnerabilities in the Quoc-Huy MP3 ...)
	NOT-FOR-US: Joomla! extension
CVE-2007-5411 (Cross-site scripting (XSS) vulnerability in the Linksys SPA941 VoIP Ph ...)
	NOT-FOR-US: Linksys
CVE-2007-5410 (PHP remote file inclusion vulnerability in admin.wmtrssreader.php in t ...)
	NOT-FOR-US: Joomla! extension
CVE-2007-5409 (PHP remote file inclusion vulnerability in admin/nuseo_admin_d.php in  ...)
	NOT-FOR-US: NuSEO
CVE-2007-5408 (SQL injection vulnerability in category.php in cpDynaLinks 1.02 allows ...)
	NOT-FOR-US: cpDynaLinks
CVE-2007-5407 (Multiple PHP remote file inclusion vulnerabilities in the JContentSubs ...)
	NOT-FOR-US: Joomla! extension
CVE-2007-5406 (kpagrdr.dll 2.0.0.2 and 10.3.0.0 in the Applix Presents reader in Auto ...)
	NOT-FOR-US: KeyView
CVE-2007-5405 (Multiple buffer overflows in kpagrdr.dll 2.0.0.2 and 10.3.0.0 in the A ...)
	NOT-FOR-US: KeyView
CVE-2007-5404 (Layton HelpBox 3.7.1 generates different responses depending on whethe ...)
	NOT-FOR-US: Layton HelpBox
CVE-2007-5403 (Multiple cross-site scripting (XSS) vulnerabilities in Layton HelpBox  ...)
	NOT-FOR-US: Layton HelpBox
CVE-2007-5402 (Multiple SQL injection vulnerabilities in Layton HelpBox 3.7.1 allow ( ...)
	NOT-FOR-US: Layton HelpBox
CVE-2007-5401 (Unrestricted file upload vulnerability in uploadrequest.asp in Layton  ...)
	NOT-FOR-US: Layton HelpBox
CVE-2007-5400 (Heap-based buffer overflow in the Shockwave Flash (SWF) frame handling ...)
	NOT-FOR-US: RealPlayer
CVE-2007-5399 (Multiple heap-based buffer overflows in emlsr.dll in the EML reader in ...)
	NOT-FOR-US: KeyView
CVE-2007-5398 (Stack-based buffer overflow in the reply_netbios_packet function in nm ...)
	{DSA-1409-3 DSA-1409-2 DSA-1409-1}
	- samba 3.0.27-1 (high)
CVE-2007-5397 (Heap-based buffer overflow in the activePDF Server service (aka APServ ...)
	NOT-FOR-US: activePDF Server
CVE-2007-5396 (Format string vulnerability in the ext_yahoo_contact_added function in ...)
	NOT-FOR-US: Miranda
CVE-2007-5395 (Stack-based buffer overflow in the separate_word function in tokenize. ...)
	{DSA-1432-1}
	- link-grammar 4.2.5-1 (medium; bug #450695)
CVE-2007-5394 (Stack-based buffer overflow in AldFs32.dll in Adobe PageMaker 7.0.1 an ...)
	NOT-FOR-US: Adobe PageMaker
CVE-2007-5393 (Heap-based buffer overflow in the CCITTFaxStream::lookChar method in x ...)
	{DSA-1537-1 DSA-1509-1 DSA-1480-1 DSA-1408-1 DTSA-85-1 DTSA-86-1}
	- poppler 0.6.2-1 (medium; bug #450628)
	- kdegraphics 4:3.5.8-2 (medium; bug #450630)
	- xpdf 3.02-1.3 (medium; bug #450629)
	- koffice 1:1.6.3-4 (medium; bug #450631)
	- cups 1.1.22-7
	- gpdf <removed>
	- pdftohtml <removed>
	[etch] - pdftohtml 0.36-13etch1
	- tetex-bin 3.0-12
	NOTE: pdftex links to poppler since 3.0-12, thus marking as fixed
	- cupsys <not-affected> (we use xpdf-utils in sarge and poppler-utils since etch to not embedd this code)
	NOTE: cups uses xpdf-utils and poppler-utils
	- libextractor 0.5.12-1
	NOTE: libextractor uses internal pdf decoder since 0.5.12-1, thus marking as fixed
	- swftools 0.9.2+ds1-2
CVE-2007-5392 (Integer overflow in the DCTStream::reset method in xpdf/Stream.cc in X ...)
	{DSA-1537-1 DSA-1509-1 DSA-1480-1 DTSA-85-1 DTSA-86-1}
	- poppler 0.6.2-1 (medium; bug #450628)
	- kdegraphics 4:3.5.8-2 (medium; bug #450630)
	[etch] - kdegraphics <not-affected> (Vulnerable code not used)
	- xpdf 3.02-1.3 (medium; bug #450629)
	- koffice 1:1.6.3-4 (medium; bug #450631)
	- cups 1.1.22-7
	- gpdf <removed>
	- pdftohtml <removed>
	[etch] - pdftohtml 0.36-13etch1
	- tetex-bin 3.0-12
	NOTE: pdftex links to poppler since 3.0-12, thus marking as fixed
	- cupsys <not-affected> (we use xpdf-utils in sarge and poppler-utils since etch to not embedd this code)
	NOTE: cups uses xpdf-utils and poppler-utils
	- libextractor 0.5.12-1
	NOTE: libextractor uses internal pdf decoder since 0.5.12-1, thus marking as fixed
	- swftools 0.9.2+ds1-2
CVE-2007-5461 (Absolute path traversal vulnerability in Apache Tomcat 4.0.0 through 4 ...)
	{DSA-1453-1 DSA-1447-1}
	- tomcat5.5 5.5.25-2 (low; bug #448664)
	- tomcat5 <removed>
	NOTE: patch: http://mail-archives.apache.org/mod_mbox/tomcat-users/200710.mbox/%3C47135C2D.1000705@apache.org%3E
CVE-2007-5391 (Unspecified vulnerability in HP Select Identity 4.01 through 4.01.010  ...)
	NOT-FOR-US: HP Select Identity
CVE-2007-5390 (PHP remote file inclusion vulnerability in index.php in PicoFlat CMS 0 ...)
	NOT-FOR-US: PicoFlat
CVE-2007-5389
	NOT-FOR-US: Joomla! extension
CVE-2007-5388 (Multiple PHP remote file inclusion vulnerabilities in WebDesktop 0.1 a ...)
	NOT-FOR-US: WebDesktop
CVE-2007-5387 (PHP remote file inclusion vulnerability in active/components/xmlrpc/cl ...)
	NOT-FOR-US: Pindorama
CVE-2007-5386 (Cross-site scripting (XSS) vulnerability in scripts/setup.php in phpMy ...)
	{DSA-1403-1}
	- phpmyadmin 4:2.11.1.2-1 (bug #446451)
	[sarge] - phpmyadmin <not-affected> (vulnerable script not present)
	NOTE: https://www.phpmyadmin.net/security/PMASA-2007-5/
	NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/27d5467dc3ba6e594d5e5cd291a908b48464e289
CVE-2007-5385 (Multiple cross-site scripting (XSS) vulnerabilities in the Thomson/Alc ...)
	NOT-FOR-US: Thomson/Alcatel SpeedTouch 7G router
CVE-2007-5384 (Multiple cross-site request forgery (CSRF) vulnerabilities in the Thom ...)
	NOT-FOR-US: Thomson/Alcatel SpeedTouch 7G router
CVE-2007-5383 (The Thomson/Alcatel SpeedTouch 7G router, as used for the BT Home Hub  ...)
	NOT-FOR-US: Thomson/Alcatel SpeedTouch 7G router
CVE-2007-5382 (The conversion utility for converting CiscoWorks Wireless LAN Solution ...)
	NOT-FOR-US: CiscoWorks
CVE-2007-5381 (Stack-based buffer overflow in the Line Printer Daemon (LPD) in Cisco  ...)
	NOT-FOR-US: Line Printer Daemon (LPD) Cisco
CVE-2007-5380 (Session fixation vulnerability in Rails before 1.2.4, as used for Ruby ...)
	- rails 1.2.5-1
CVE-2007-5379 (Rails before 1.2.4, as used for Ruby on Rails, allows remote attackers ...)
	- rails 1.2.5-1
	[etch] - rails <not-affected> (Vulnerable code not present)
CVE-2007-5378 (Buffer overflow in the FileReadGIF function in tkImgGIF.c for Tk Toolk ...)
	{DSA-1743-1 DSA-1416-1 DSA-1415-1}
	- tk8.3 8.3.5-10 (medium; bug #446465)
	- tk8.4 8.4.16-1 (medium)
	- libtk-img 1.3-release-8 (medium)
CVE-2007-5377 (The (1) tramp-make-temp-file and (2) tramp-make-tramp-temp-file functi ...)
	- tramp <not-affected> (the version we ship still uses make-temp-file)
	- emacs22 <not-affected> (the version we ship still uses make-temp-file)
CVE-2007-5376
	RESERVED
CVE-2007-5375 (Interpretation conflict in the Sun Java Virtual Machine (JVM) allows u ...)
	- sun-java6 6-03-1 (low)
	- sun-java5 1.5.0-13-1 (low)
	[etch] - sun-java5 1.5.0-14-1etch1
	- openjdk-6 6b08-1 (bug #566766)
CVE-2007-5374 (cp_memberedit.php in LightBlog 8.4.1.1 does not check for administrati ...)
	NOT-FOR-US: LightBlog
CVE-2007-5373 (ldapscripts 1.4 and 1.7 sends a password as a command line argument wh ...)
	{DSA-1517-1 DTSA-68-1}
	- ldapscripts 1.7.1-2 (bug #445582; medium)
CVE-2007-5372 (Multiple SQL injection vulnerabilities in (a) LedgerSMB 1.0.0 through  ...)
	- sql-ledger <unfixed> (unimportant; bug #446366)
	NOTE: It's documented behaviour that SQL-Ledger should only be run in an
	NOTE: authenticated HTTP zone and without untrusted users
CVE-2007-5371 (Multiple SQL injection vulnerabilities in mutate_content.dynamic.php i ...)
	NOT-FOR-US: MODx
CVE-2007-5370 (Multiple cross-site scripting (XSS) vulnerabilities in cgi-bin/dnewswe ...)
	NOT-FOR-US: NetWin
CVE-2007-5369 (The GetMagicNumberString function in Massive Entertainment World in Co ...)
	NOT-FOR-US: conflict
CVE-2007-5368 (Multiple unspecified vulnerabilities in labeld in Trusted Extensions i ...)
	NOT-FOR-US: Sun Solaris
CVE-2007-5367 (Unspecified vulnerability in the Virtual File System (VFS) in Sun Sola ...)
	NOT-FOR-US: Sun Solaris
CVE-2007-5366 (The Tomcat 4.1-based Servlet Service in Fujitsu Interstage Application ...)
	NOT-FOR-US: Fujitsu Interstage Application Server
CVE-2007-5365 (Stack-based buffer overflow in the cons_options function in options.c  ...)
	{DSA-1388-3 DSA-1388-1}
	- dhcp 2.0pl5dfsg1-20.2 (medium; bug #446354)
	- dhcp3 <not-affected> (dhcp3 does enforce a fixed minimum paket size if it is lower, see line 513 in options.c)
	NOTE: dhcp has a request for removal #446386
CVE-2007-5364
	NOT-FOR-US: ViArt Shopping Cart
CVE-2007-5363 (PHP remote file inclusion vulnerability in admin.panoramic.php in the  ...)
	NOT-FOR-US: Joomla! extension
CVE-2007-5362 (Multiple PHP remote file inclusion vulnerabilities in the Avant-Garde  ...)
	NOT-FOR-US: Joomla! and mambo extension
CVE-2007-5361 (The Communication Server in Alcatel-Lucent OmniPCX Enterprise 7.1 and  ...)
	NOT-FOR-US: Alcatel-Lucent OmniPCX Enterprise
CVE-2007-5360 (Buffer overflow in OpenPegasus Management server, when compiled to use ...)
	NOT-FOR-US: OpenPegasus Management server
CVE-2007-5359
	RESERVED
CVE-2007-5358 (Multiple buffer overflows in the voicemail functionality in Asterisk 1 ...)
	- asterisk 1:1.4.13~dfsg-1 (medium)
	[sarge] - asterisk <not-affected> (Only Asterisk 1.4.x is affected)
	[etch] - asterisk <not-affected> (Only Asterisk 1.4.x is affected)
CVE-2007-5357
	REJECTED
CVE-2007-5356
	REJECTED
CVE-2007-5355 (The Web Proxy Auto-Discovery (WPAD) feature in Microsoft Internet Expl ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2007-5354
	REJECTED
CVE-2007-5353
	REJECTED
CVE-2007-5352 (Unspecified vulnerability in Local Security Authority Subsystem Servic ...)
	NOT-FOR-US: Microsoft Windows
CVE-2007-5351 (Unspecified vulnerability in Server Message Block Version 2 (SMBv2) si ...)
	NOT-FOR-US: Microsoft Vista
CVE-2007-5350 (Unspecified vulnerability in the Windows Advanced Local Procedure Call ...)
	NOT-FOR-US: Microsoft Vista
CVE-2007-5349
	REJECTED
CVE-2007-5348 (Integer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2007-5347 (Microsoft Internet Explorer 5.01 through 7 allows remote attackers to  ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2007-5346
	REJECTED
CVE-2007-5345
	REJECTED
CVE-2007-5344 (Microsoft Internet Explorer 5.01 through 7 allows remote attackers to  ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2007-5343
	REJECTED
CVE-2007-5342 (The default catalina.policy in the JULI logging component in Apache To ...)
	{DSA-1447-1}
	- tomcat5.5 5.5.25-4 (low; bug #458237)
	- tomcat5 <not-affected> (Vulnerable code not present)
CVE-2007-5341 (Remote code execution in the Venkman script debugger in Mozilla Firefo ...)
	- iceweasel 2.0.0.8-1
CVE-2007-5340 (Multiple vulnerabilities in the Javascript engine in Mozilla Firefox b ...)
	{DSA-1401-1 DSA-1396-1 DSA-1392-1 DSA-1391-1 DTSA-69-1 DTSA-71-1 DTSA-80-1}
	- iceweasel 2.0.0.8-1 (high)
	- xulrunner 1.8.1.9-1 (high)
	- icedove 2.0.0.9-1 (low)
	- iceape 1.1.5 (high)
	NOTE: MFSA2007-29
CVE-2007-5339 (Multiple vulnerabilities in Mozilla Firefox before 2.0.0.8, Thunderbir ...)
	{DSA-1401-1 DSA-1396-1 DSA-1392-1 DSA-1391-1 DTSA-69-1 DTSA-71-1 DTSA-80-1}
	- iceweasel 2.0.0.8-1 (high)
	- xulrunner 1.8.1.9-1 (bug #447734; high)
	- icedove 2.0.0.9-1 (low)
	- iceape 1.1.5
	NOTE: MFSA2007-29
CVE-2007-5338 (Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5 allow remote ...)
	{DSA-1534-2 DSA-1401-1 DSA-1396-1 DSA-1392-1 DTSA-69-1 DTSA-80-1}
	- iceweasel 2.0.0.8-1
	- xulrunner 1.8.1.9-1
	- iceape 1.1.5
	NOTE: MFSA2007-35
CVE-2007-5337 (Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5, when runnin ...)
	{DSA-1401-1 DSA-1396-1 DSA-1392-1 DTSA-69-1 DTSA-80-1}
	- iceweasel 2.0.0.8-1
	- xulrunner 1.8.1.9-1
	- iceape 1.1.5
	NOTE: MFSA2007-34
CVE-2007-5336
	REJECTED
CVE-2007-5335 (Mozilla Firefox 2.0 before 2.0.0.8 allows remote attackers to obtain s ...)
	{DSA-1396-1}
	- iceweasel 2.0.0.8-1 (low)
	NOTE: Firefox 2.0-specific issue, doesn't affect xulrunner, iceape or icedove
	NOTE: not mentioned in debian changelog, but mozilla #390983 confirms it went into 2.0.0.8
CVE-2007-5334 (Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5 can hide the ...)
	{DSA-1401-1 DSA-1396-1 DSA-1392-1 DTSA-69-1 DTSA-80-1}
	- iceweasel 2.0.0.8-1
	- xulrunner 1.8.1.9-1
	- iceape 1.1.5
	NOTE: MFSA2007-33
CVE-2007-5333 (Apache Tomcat 6.0.0 through 6.0.14, 5.5.0 through 5.5.25, and 4.1.0 th ...)
	- tomcat5.5 5.5.26-1 (low; bug #465645)
	- tomcat5 <removed>
CVE-2007-5332 (Multiple unspecified vulnerabilities in (1) mediasvr and (2) caloggerd ...)
	NOT-FOR-US: ARCServe BackUp
CVE-2007-5331 (Queue.dll for the message queuing service (LQserver.exe) in CA BrightS ...)
	NOT-FOR-US: ARCServe BackUp
CVE-2007-5330 (The cadbd RPC service in CA BrightStor ARCServe BackUp v9.01 through R ...)
	NOT-FOR-US: ARCServe BackUp
CVE-2007-5329 (Unspecified vulnerability in dbasvr in CA BrightStor ARCServe BackUp v ...)
	NOT-FOR-US: ARCServe BackUp
CVE-2007-5328 (The Message Engine RPC service in CA BrightStor ARCServe BackUp v9.01  ...)
	NOT-FOR-US: ARCServe BackUp
CVE-2007-5327 (Stack-based buffer overflow in the RPC interface for the Message Engin ...)
	NOT-FOR-US: ARCServe BackUp
CVE-2007-5326 (Multiple buffer overflows in (1) RPC and (2) rpcx.dll in CA BrightStor ...)
	NOT-FOR-US: ARCServe BackUp
CVE-2007-5325 (Multiple buffer overflows in (1) the Message Engine and (2) AScore.dll ...)
	NOT-FOR-US: ARCServe BackUp
CVE-2007-5324
	REJECTED
CVE-2007-5323 (The RepliStor Server Service in EMC Replistor 6.1.3 allows remote atta ...)
	NOT-FOR-US: RepliStor Server Service
CVE-2007-5322 (Insecure method vulnerability in the FPOLE.OCX 6.0.8450.0 ActiveX cont ...)
	NOT-FOR-US: Microsoft Visual FoxPro
CVE-2007-5321 (Directory traversal vulnerability in index.php in Verlihub Control Pan ...)
	NOT-FOR-US: Verlihub Control Panel
CVE-2007-5320 (Multiple absolute path traversal vulnerabilities in Pegasus Imaging Im ...)
	NOT-FOR-US: Imaging ImagXpress
CVE-2007-5319 (Unspecified vulnerability in the vuidmice STREAMS modules in Sun Solar ...)
	NOT-FOR-US: Solaris
CVE-2007-5318 (Unspecified vulnerability in preview.php in TYPOlight webCMS 2.4.6 all ...)
	NOT-FOR-US: Typolight webCMS
CVE-2007-5317
	REJECTED
CVE-2007-5316 (SQL injection vulnerability in browsecats.php in Softbiz Jobs and Recr ...)
	NOT-FOR-US: Softbiz Jobs
CVE-2007-5315 (PHP remote file inclusion vulnerability in common.php in LiveAlbum 0.9 ...)
	NOT-FOR-US: LiveAlbum
CVE-2007-5314 (PHP remote file inclusion vulnerability in system/funcs/xkurl.php in x ...)
	NOT-FOR-US: xKiosk WEB
CVE-2007-5313 (PHP remote file inclusion vulnerability in install/config.php in Pictu ...)
	NOT-FOR-US: Picturesolution
CVE-2007-5312 (Cross-site scripting (XSS) vulnerability in TorrentTrader Classic 1.07 ...)
	NOT-FOR-US: TorrentTrader Classic
CVE-2007-5311 (Directory traversal vulnerability in backend/admin-functions.php in To ...)
	NOT-FOR-US: TorrentTrader Classic
CVE-2007-5310 (PHP remote file inclusion vulnerability in admin.wmtportfolio.php in t ...)
	NOT-FOR-US: TorrentTrader Classic
CVE-2007-5309 (PHP remote file inclusion vulnerability in admin.wmtgallery.php in the ...)
	NOT-FOR-US: Joomla! extension
CVE-2007-5308 (SQL injection vulnerability in galerie.php in PHP Homepage M (phpHPm)  ...)
	NOT-FOR-US: phpHPm)
CVE-2007-5307 (ELSEIF CMS Beta 0.6 does not properly unset variables when the input d ...)
	NOT-FOR-US: ELSEIF CMS
CVE-2007-5306 (ELSEIF CMS Beta 0.6 allows remote attackers to obtain sensitive inform ...)
	NOT-FOR-US: ELSEIF CMS
CVE-2007-5305 (Multiple PHP remote file inclusion vulnerabilities in ELSEIF CMS Beta  ...)
	NOT-FOR-US: ELSEIF CMS
CVE-2007-5304 (Multiple cross-site scripting (XSS) vulnerabilities in ELSEIF CMS Beta ...)
	NOT-FOR-US: ELSEIF CMS
CVE-2007-5303 (Cross-site scripting (XSS) vulnerability in news_page.php in SnewsCMS  ...)
	NOT-FOR-US: SnewsCMS
CVE-2007-5302 (Multiple cross-site scripting (XSS) vulnerabilities in HP System Manag ...)
	NOT-FOR-US: HP System Management Homepage
CVE-2007-5300 (Off-by-one error in the do_login_loop function in libwzd-core/wzd_logi ...)
	{DSA-1452-1}
	- wzdftpd 0.8.2-2.1 (medium; bug #446192)
CVE-2007-5299 (Multiple directory traversal vulnerabilities in SkaDate 5.0 and 6.0, a ...)
	NOT-FOR-US: SkaDate
CVE-2007-5298 (Multiple PHP remote file inclusion vulnerabilities in CMS Creamotion a ...)
	NOT-FOR-US: CMS Creamotion
CVE-2007-5297 (Cross-site scripting (XSS) vulnerability in index.php in Minki 1.30 al ...)
	NOT-FOR-US: Minki
CVE-2007-5296 (Multiple cross-site scripting (XSS) vulnerabilities in dblisttest.asp  ...)
	NOT-FOR-US: dbList
CVE-2007-5295 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in (a ...)
	NOT-FOR-US: Wikepage Opus
CVE-2007-5294 (PHP remote file inclusion vulnerability in core/aural.php in IDMOS 1.0 ...)
	NOT-FOR-US: IDMOS
CVE-2007-5293 (Multiple cross-site scripting (XSS) vulnerabilities in IDMOS 1.0-beta  ...)
	NOT-FOR-US: IDMOS
CVE-2007-5292 (Cross-site scripting (XSS) vulnerability in photos.cfm in Directory Im ...)
	NOT-FOR-US: Directory Image Gallery
CVE-2007-5291 (Cross-site scripting (XSS) vulnerability in Edit.asp in DB Manager 2.0 ...)
	NOT-FOR-US: DB Manager
CVE-2007-5290 (Multiple cross-site scripting (XSS) vulnerabilities in MailBee WebMail ...)
	NOT-FOR-US: MailBee WebMail Pro
CVE-2007-5289 (HP Mercury Quality Center (QC) 9.2 and earlier, and possibly TestDirec ...)
	NOT-FOR-US: HP Mercury Quality Center
CVE-2007-5301 (Buffer overflow in the vorbis_stream_info function in input/vorbis/vor ...)
	{DSA-1538-1 DTSA-66-1}
	- alsaplayer 0.99.80~rc4-1 (low; bug #446034)
CVE-2007-5288
	REJECTED
CVE-2007-5287
	REJECTED
CVE-2007-5286
	REJECTED
CVE-2007-5285
	REJECTED
CVE-2007-5284
	REJECTED
CVE-2007-5283 (The TSC Domain Manager in Hitachi TPBroker Object Transaction Monitor  ...)
	NOT-FOR-US: Hitachi TPBroker
CVE-2007-5282 (Hitachi Cosminexus Agent 03-00 through 03-05, and Cosminexus Library S ...)
	NOT-FOR-US: Hitachi Cosminexus
CVE-2007-5281 (The Java Secure Socket Extension (JSSE) in the Hitachi Cosminexus Deve ...)
	NOT-FOR-US: Hitachi Cosminexus
CVE-2007-5280 (Multiple cross-site scripting (XSS) vulnerabilities in messages.jsp in ...)
	NOT-FOR-US: Appfuse
CVE-2007-5279 (Heap-based buffer overflow in ConeXware PowerArchiver before 10.20.21  ...)
	NOT-FOR-US: PowerArchiver
CVE-2007-5278 (Zomplog 3.8.1 and earlier stores potentially sensitive information und ...)
	NOT-FOR-US: Zomplog
CVE-2007-5277 (Microsoft Internet Explorer 6 drops DNS pins based on failed connectio ...)
	NOT-FOR-US: Internet Explorer
CVE-2007-5276 (Opera 9 drops DNS pins based on failed connections to irrelevant TCP p ...)
	NOT-FOR-US: Opera
CVE-2007-5275 (The Adobe Macromedia Flash 9 plug-in allows remote attackers to cause  ...)
	- flashplugin-nonfree 9.0.115.0.1 (bug #449110)
	[sarge] - flashplugin-nonfree <no-dsa> (Contrib not supported)
	[etch] - flashplugin-nonfree <no-dsa> (Contrib not supported)
CVE-2007-5274 (Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 2 and earli ...)
	- sun-java6 6-03-1 (low)
	- sun-java5 1.5.0-13-1 (low)
	[etch] - sun-java5 1.5.0-14-1etch1
	- openjdk-6 6b08-1 (bug #566766)
CVE-2007-5273 (Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 2 and earli ...)
	- sun-java6 6-03-1 (low)
	- sun-java5 1.5.0-13-1 (low)
	[etch] - sun-java5 1.5.0-14-1etch1
	- openjdk-6 6b08-1 (bug #566766)
CVE-2007-5272 (SQL injection vulnerability in kategori.asp in Furkan Tastan Blog allo ...)
	NOT-FOR-US: Furkan Tastan Blog
CVE-2007-5271 (Multiple PHP remote file inclusion vulnerabilities in Trionic Cite CMS ...)
	NOT-FOR-US: Trionic Cite CMS
CVE-2007-5270 (Unspecified vulnerability in the Boost module before 4.7.x-1.0, and 5. ...)
	- drupal <not-affected> (does not ship this module)
CVE-2007-5269 (Certain chunk handlers in libpng before 1.0.29 and 1.2.x before 1.2.21 ...)
	- libpng 1.2.15~beta5-3 (low; bug #446308)
	[sarge] - libpng <no-dsa> (Minor issue)
	[etch] - libpng 1.2.15~beta5-1+etch2
CVE-2007-5268 (pngrtran.c in libpng before 1.0.29 and 1.2.x before 1.2.21 use (1) log ...)
	- libpng <not-affected> (Vulnerable code not present in Debian version, introduced in 1.2.19)
CVE-2007-5267 (Off-by-one error in ICC profile chunk handling in the png_set_iCCP fun ...)
	- libpng <not-affected> (vulnerable code not present)
	NOTE: the version in Debian does not use strncpy to copy the buffer so this off-by-one
	NOTE: is not present in this old version. Instead it allocates space for strlen(name)+1
	NOTE: and uses strcpy(new_iccp_name, name) which is not nice but safe
CVE-2007-5266 (Off-by-one error in ICC profile chunk handling in the png_set_iCCP fun ...)
	- libpng <not-affected> (vulnerable code not present)
	NOTE: the version in Debian does not use strncpy to copy the buffer so this off-by-one
	NOTE: is not present in this old version. Instead it allocates space for strlen(name)+1
	NOTE: and uses strcpy(new_iccp_name, name) which is not nice but safe
CVE-2007-5265 (Multiple format string vulnerabilities in websrv.cpp in Dawn of Time 1 ...)
	NOT-FOR-US: Dawn of Time
CVE-2007-5264 (Battlefront Dropteam 1.3.3 and earlier sends the client's online accou ...)
	NOT-FOR-US: Battlefront
CVE-2007-5263 (Multiple buffer overflows in Battlefront Dropteam 1.3.3 and earlier al ...)
	NOT-FOR-US: Battlefront
CVE-2007-5262 (Multiple format string vulnerabilities in Battlefront Dropteam 1.3.3 a ...)
	NOT-FOR-US: Battlefront
CVE-2007-5261 (Multiple SQL injection vulnerabilities in MultiCart 1.0 allow remote a ...)
	NOT-FOR-US: MultiCart
CVE-2007-5260 (ASP-CMS 1.0 stores sensitive information under the web root with insuf ...)
	NOT-FOR-US: ASP-CMS
CVE-2007-5259 (Cross-site request forgery (CSRF) vulnerability in Ilient SysAid 4.5.0 ...)
	NOT-FOR-US: SysAid
CVE-2007-5258 (PHP remote file inclusion vulnerability in log.php in phpFreeLog alpha ...)
	NOT-FOR-US: FreeLog
CVE-2007-5257 (Stack-based buffer overflow in the EDraw.OfficeViewer ActiveX control  ...)
	NOT-FOR-US: EDraw Office Viewer
CVE-2007-5256 (Multiple stack-based buffer overflows in FSD 2.052 d9 and earlier, and ...)
	NOT-FOR-US: FSD
CVE-2007-5255 (Cross-site scripting (XSS) vulnerability in Google Mini Search Applian ...)
	NOT-FOR-US: Google Mini Search Appliance
CVE-2007-5254 (VirusBlokAda Vba32 AntiVirus 3.12.2 uses weak permissions (Everyone:Wr ...)
	NOT-FOR-US: VirusBlokAda Vba32 AntiVirus
CVE-2007-5253 (c32web.exe in McMurtrey/Whitaker Cart32 before 6.4 allows remote attac ...)
	NOT-FOR-US: Cart32
CVE-2007-5252 (Buffer overflow in NetSupport Manager (NSM) Client 10.00 and 10.20, an ...)
	NOT-FOR-US: NetSupport Manager/School Student
CVE-2007-5251 (Multiple cross-site scripting (XSS) vulnerabilities in Helm 3.2.16 all ...)
	NOT-FOR-US: Helm
CVE-2007-5250 (The Windows dedicated server for the Unreal engine, as used by America ...)
	NOT-FOR-US: Americas Army
CVE-2007-5249 (Multiple buffer overflows in the logging function in the Unreal engine ...)
	NOT-FOR-US: Americas Army
CVE-2007-5248 (Multiple format string vulnerabilities in the ID Software Doom 3 engin ...)
	NOT-FOR-US: Doom 3 engine
CVE-2007-5247 (Multiple format string vulnerabilities in the Monolith Lithtech engine ...)
	NOT-FOR-US: Monolith engine
CVE-2007-5246 (Multiple stack-based buffer overflows in Firebird LI 2.0.0.12748 and 2 ...)
	- firebird2.0 2.0.3.12981.ds1-1
	- firebird1.5 <removed> (medium; bug #446472)
CVE-2007-5245 (Multiple stack-based buffer overflows in Firebird LI 1.5.3.4870 and 1. ...)
	- firebird2.0 2.0.3.12981.ds1-1
	- firebird1.5 <removed> (medium; bug #446475)
CVE-2007-5244 (Stack-based buffer overflow in Borland InterBase LI 8.0.0.53 through 8 ...)
	NOT-FOR-US: Borland InterBase
CVE-2007-5243 (Multiple stack-based buffer overflows in Borland InterBase LI 8.0.0.53 ...)
	NOT-FOR-US: Borland InterBase
CVE-2007-5242 (Unspecified vulnerability in (1) SYS$EI1000.EXE and (2) SYS$EI1000_MON ...)
	NOT-FOR-US: HP OpenVMS
CVE-2007-5241 (Buffer overflow in NET$CSMACD.EXE in HP OpenVMS 8.3 and earlier allows ...)
	NOT-FOR-US: HP OpenVMS
CVE-2007-5240 (Visual truncation vulnerability in the Java Runtime Environment in Sun ...)
	- sun-java6 6-03-1 (low)
	- sun-java5 1.5.0-13-1 (low)
	[etch] - sun-java5 1.5.0-14-1etch1
	- openjdk-6 6b08-1 (bug #566766)
CVE-2007-5239 (Java Web Start in Sun JDK and JRE 6 Update 2 and earlier, JDK and JRE  ...)
	- sun-java6 6-03-1 (low)
	- sun-java5 1.5.0-13-1 (low)
	[etch] - sun-java5 1.5.0-14-1etch1
	- openjdk-6 6b08-1 (bug #566766)
CVE-2007-5238 (Java Web Start in Sun JDK and JRE 6 Update 2 and earlier, JDK and JRE  ...)
	- sun-java6 6-03-1 (unimportant)
	- sun-java5 1.5.0-13-1 (unimportant)
	[etch] - sun-java5 1.5.0-14-1etch1
	- openjdk-6 6b08-1 (bug #566766)
	NOTE: Leaked information hardly sensitive
CVE-2007-5237 (Java Web Start in Sun JDK and JRE 6 Update 2 and earlier does not prop ...)
	- sun-java6 6-03-1 (medium)
	- sun-java5 1.5.0-13-1 (medium)
	[etch] - sun-java5 1.5.0-14-1etch1
	- openjdk-6 6b08-1 (bug #566766)
CVE-2007-5236 (Java Web Start in Sun JDK and JRE 5.0 Update 12 and earlier, and SDK a ...)
	- sun-java6 <not-affected> (Windows only)
	- sun-java5 <not-affected> (Windows only)
	- openjdk-6 <not-affected> (Windows only)
CVE-2007-5235 (Cross-site scripting (XSS) vulnerability in index.php in Uebimiau 2.7. ...)
	NOT-FOR-US: Uebimiau
CVE-2007-5234 (PHP remote file inclusion vulnerability in upload/common/footer.php in ...)
	NOT-FOR-US: Ossigeno CMS
CVE-2007-5233 (SQL injection vulnerability in index.php in Web Template Management Sy ...)
	NOT-FOR-US: Web Template Management System
CVE-2007-5232 (Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 2 and earli ...)
	- sun-java6 6-03-1 (low)
	- sun-java5 1.5.0-13-1 (low)
	[etch] - sun-java5 1.5.0-14-1etch1
	- openjdk-6 6b08-1 (bug #566766)
CVE-2007-5231 (Unrestricted file upload vulnerability in admin/upload_files.php in Zo ...)
	NOT-FOR-US: Zomplog
CVE-2007-5230 (admin/upload_files.php in Zomplog 3.8.1 and earlier does not check for ...)
	NOT-FOR-US: Zomplog
CVE-2007-5229 (Cross-site request forgery (CSRF) vulnerability in the FeedBurner Feed ...)
	NOT-FOR-US: FeedBurner FeedSmith wordpress plugin
CVE-2007-5228 (Cross-site scripting (XSS) vulnerability in the subscription functiona ...)
	- drupal <not-affected> (does not shipt this module)
CVE-2007-5227 (Multiple cross-site scripting (XSS) vulnerabilities in messaging/cours ...)
	NOT-FOR-US: BlackBoard Learning System
CVE-2007-5226 (irc_server.c in dircproxy 1.2.0 and earlier allows remote attackers to ...)
	- dircproxy 1.0.5-5.1 (low; bug #445883)
	[sarge] - dircproxy <no-dsa> (Minor issue)
	[etch] - dircproxy 1.0.5-5etch1
CVE-2007-5225 (Integer signedness error in FIFO filesystems (named pipes) on Sun Sola ...)
	NOT-FOR-US: Sun Solaris
CVE-2007-5224 (inc/exif.inc.php in Original Photo Gallery 0.11.2 and earlier allows r ...)
	NOT-FOR-US: Original Photo Gallery
CVE-2007-5223 (Multiple unspecified vulnerabilities in AlstraSoft Affiliate Network P ...)
	NOT-FOR-US: AlstraSoft
CVE-2007-5222 (SQL injection vulnerability in index.php in MAXdev MDPro (MD-Pro) 1.0. ...)
	NOT-FOR-US: MAXdev
CVE-2007-5221 (PHP remote file inclusion vulnerability in mail/childwindow.inc.php in ...)
	NOT-FOR-US: Poppawid
CVE-2007-5220 (SQL injection vulnerability in catalog.asp in ASP Product Catalog allo ...)
	NOT-FOR-US: ASP Product Catalog
CVE-2007-5219 (Directory traversal vulnerability in the CLAVSetting.CLSetting.1 Activ ...)
	NOT-FOR-US: CyberLink Power DVD
CVE-2007-5218 (Cross-site scripting (XSS) vulnerability in index.php in Don Barnes DR ...)
	NOT-FOR-US: Don Barnes DRBGuestbook
CVE-2007-5217 (Stack-based buffer overflow in the ADM4 ActiveX control in adm4.dll in ...)
	NOT-FOR-US: Altnet Download Manager
CVE-2007-5216 (Multiple PHP remote file inclusion vulnerabilities in eArk (e-Ark) 1.0 ...)
	NOT-FOR-US: eArk
CVE-2007-5215 (Multiple PHP remote file inclusion vulnerabilities in Jacob Hinkle God ...)
	NOT-FOR-US: GodSend
CVE-2007-5214 (Multiple cross-site scripting (XSS) vulnerabilities in the AXIS 2100 N ...)
	NOT-FOR-US: Axis Network Camera
CVE-2007-5213 (Multiple cross-site request forgery (CSRF) vulnerabilities in the AXIS ...)
	NOT-FOR-US: Axis Network Camera
CVE-2007-5212 (Multiple cross-site scripting (XSS) vulnerabilities in the AXIS 2100 N ...)
	NOT-FOR-US: Axis Network Camera
CVE-2007-5211 (Multiple cross-site scripting (XSS) vulnerabilities in Arbor Networks  ...)
	NOT-FOR-US: Peakflow
CVE-2007-5210 (Arbor Networks Peakflow SP before 3.5.1 patch 14, and 3.6.x before 3.6 ...)
	NOT-FOR-US: Peakflow
CVE-2007-5209 (Stack-based buffer overflow in DriveLock.exe in CenterTools DriveLock  ...)
	NOT-FOR-US: CenterTools
CVE-2007-5208 (hpssd in Hewlett-Packard Linux Imaging and Printing Project (hplip) 1. ...)
	{DSA-1462-1 DTSA-72-1}
	- hplip 1.6.10-4.3 (medium; bug #447341)
	[sarge] - hplip <not-affected> (This code was using smtp directly)
CVE-2007-5206
	RESERVED
CVE-2007-5205
	RESERVED
CVE-2007-5204
	RESERVED
CVE-2007-5203
	RESERVED
CVE-2007-5202
	RESERVED
CVE-2007-5201 (The FTP backend for Duplicity before 0.4.9 sends the password as a com ...)
	- duplicity 0.4.3-2 (low; bug #442840)
	[etch] - duplicity <not-affected> (Vulnerable code introduced in 0.4.3)
	[sarge] - duplicity <not-affected> (Vulnerable code introduced in 0.4.3)
	NOTE: ftp is an inherently insecure protocol, any security-sensitive data would
	NOTE: be transferred through the scp, sftp or rsync backends.
	NOTE: http://lists.debian.org/debian-release/2008/01/msg00190.html
CVE-2007-5200 (hugin, as used on various operating systems including SUSE openSUSE 10 ...)
	{DTSA-74-1}
	- hugin 0.6.1-1.1 (low; bug #447344)
	[etch] - hugin <no-dsa> (Minor issue)
CVE-2007-5199 (A single byte overflow in catalogue.c in X.Org libXfont 1.3.1 allows r ...)
	- libxfont 1:1.3.2-1
	NOTE: https://bugzilla.suse.com/show_bug.cgi?id=327854
	NOTE: https://cgit.freedesktop.org/xorg/lib/libXfont/commit/?id=5bf703700ee4a5d6eae20da07cb7a29369667aef
CVE-2007-5198 (Buffer overflow in the redir function in check_http.c in Nagios Plugin ...)
	{DSA-1495-1 DTSA-67-1}
	- nagios-plugins 1.4.8-2.2 (low; bug #445475)
	NOTE: Requires the webserver, which has to be checked, to be compromised
CVE-2007-5197 (Buffer overflow in the Mono.Math.BigInteger class in Mono 1.2.5.1 and  ...)
	{DSA-1397-1 DTSA-76-1}
	- mono 1.2.5.1-2
CVE-2007-5196 (Unspecified vulnerability in the SSL implementation in Groupwise clien ...)
	NOT-FOR-US: novell-groupwise-client
CVE-2007-5195 (Unspecified vulnerability in the SSL implementation in Groupwise clien ...)
	NOT-FOR-US: novell-groupwise-client
CVE-2007-5194 (The Chroot server in rMake 1.0.11 creates a /dev/zero device file with ...)
	NOT-FOR-US: rMake
CVE-2007-5192
	RESERVED
CVE-2007-5191 (mount and umount in util-linux and loop-aes-utils call the setuid and  ...)
	{DSA-1450-1 DSA-1449-1 DTSA-64-1 DTSA-70-1}
	- util-linux 2.13-8 (low)
	- loop-aes-utils 2.13-2 (low)
CVE-2007-5190 (Multiple cross-site scripting (XSS) vulnerabilities in Alcatel OmniVis ...)
	NOT-FOR-US: Alcatel OmniVista
CVE-2007-5189 (Multiple SQL injection vulnerabilities in mes_add.php in x-script Gues ...)
	NOT-FOR-US: X-Script
CVE-2007-5188 (Unspecified vulnerability in the XOOPS uploader class in Xoops 2.0.17. ...)
	NOT-FOR-US: Xoops
CVE-2007-5187 (SQL injection vulnerability in infusions/calendar_events_panel/show_si ...)
	NOT-FOR-US: Php-Fusion
CVE-2007-5186 (PHP remote file inclusion vulnerability in index.php in Segue CMS 1.8. ...)
	NOT-FOR-US: Segue CMS
CVE-2007-5185 (Multiple PHP remote file inclusion vulnerabilities in phpWCMS XT 0.0.7 ...)
	NOT-FOR-US: phpWCMS XT
CVE-2007-5184 (Format string vulnerability in the SMBDirList function in dirlist.c in ...)
	NOT-FOR-US: smbFtpd
CVE-2007-5183 (Cross-site scripting (XSS) vulnerability in Mailbox.mws in OdysseySuit ...)
	NOT-FOR-US: OdysseySuite
CVE-2007-5182 (Cross-site scripting (XSS) vulnerability in mail.asp in Netkamp Emlak  ...)
	NOT-FOR-US: Netkamp Emlak Scripti
CVE-2007-5181 (SQL injection vulnerability in detay.asp in Netkamp Emlak Scripti allo ...)
	NOT-FOR-US: Netkamp Emlak Scripti
CVE-2007-5180 (Multiple SQL injection vulnerabilities in Ohesa Emlak Portali allow re ...)
	NOT-FOR-US: Ohesa Emlak Portali
CVE-2007-5179 (Multiple cross-site scripting (XSS) vulnerabilities in iletisim.asp in ...)
	NOT-FOR-US: Iletisim Formu
CVE-2007-5178 (contrib/mx_glance_sdesc.php in the mx_glance 2.3.3 module for mxBB pla ...)
	NOT-FOR-US: mxBB
CVE-2007-5177 (SQL injection vulnerability in index.php in the MambAds (com_mambads)  ...)
	NOT-FOR-US: Mambo extension
CVE-2007-5176 (Multiple cross-site scripting (XSS) vulnerabilities in GroupLink eHelp ...)
	NOT-FOR-US: eHelpDesk
CVE-2007-5175 (PHP remote file inclusion vulnerability lib/base.php in actSite 1.991  ...)
	NOT-FOR-US: actSite
CVE-2007-5174 (Directory traversal vulnerability in phpinc/news.php in actSite 1.56 a ...)
	NOT-FOR-US: actSite
CVE-2007-5173 (PHP remote file inclusion vulnerability in includes/openid/Auth/OpenID ...)
	NOT-FOR-US: phpBB Openid
CVE-2007-5207 (guilt 0.27 allows local users to overwrite arbitrary files via a symli ...)
	- guilt 0.27-1.2 (medium; bug #445308)
CVE-2007-5193 (The default configuration for twiki 4.1.2 on Debian GNU/Linux, and pos ...)
	- twiki 1:4.1.2-3 (bug #444982; low)
	[etch] - twiki <no-dsa> (Minor packaging flaw, doesn't warrant an update)
CVE-2007-5172 (Quicksilver Forums before 1.4.1 allows remote attackers to obtain sens ...)
	NOT-FOR-US: Quicksilver Forums
CVE-2007-5171 (Unspecified vulnerability in Quicksilver Forums before 1.4.1 allows re ...)
	NOT-FOR-US: Quicksilver Forums
CVE-2007-5170 (Unspecified vulnerability in the embedded service processor (SP) befor ...)
	NOT-FOR-US: Sun Fire
CVE-2007-5169 (Stack-based buffer overflow in MAIPM6.dll in Adobe PageMaker 7.0.1 and ...)
	NOT-FOR-US: Adobe PageMaker
CVE-2007-5168 (Multiple PHP remote file inclusion vulnerabilities in ClanLite 1.23.01 ...)
	NOT-FOR-US: Clan lite
CVE-2007-5167 (PHP remote file inclusion vulnerability in .systeme/fonctions.php in p ...)
	NOT-FOR-US: phpLister
CVE-2007-5166 (Multiple PHP remote file inclusion vulnerabilities in SiteSys 1.0a all ...)
	NOT-FOR-US: SiteSys
CVE-2007-5165
	NOT-FOR-US: myIpacNG-stats
CVE-2007-5164
	NOT-FOR-US: UniversiBO
CVE-2007-5163
	NOT-FOR-US: nexty
CVE-2007-5162 (The connect method in lib/net/http.rb in the (1) Net::HTTP and (2) Net ...)
	{DSA-1412-1 DSA-1411-1 DSA-1410-1}
	- ruby1.9 1.9.0+20071016-1 (low)
	- ruby1.8 1.8.6.111-1 (low; bug #444929)
	NOTE: fix for 1.8 http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=rev&revision=13504
CVE-2007-5161 (Cross-zone scripting vulnerability in the internal browser in i-System ...)
	NOT-FOR-US: Feedreader 3
	NOTE: editor not included in native wordpress
CVE-2007-5160 (Multiple PHP remote file inclusion vulnerabilities in Thierry Leriche  ...)
	NOT-FOR-US: Thierry Leriche Restaurant Management System
CVE-2007-5159 (The ntfs-3g package before 1.913-2.fc7 in Fedora 7, and an ntfs-3g pac ...)
	- ntfs-3g 1:1.913-2 (medium; bug #445315)
CVE-2007-5158 (The focus handling for the onkeydown event in Microsoft Internet Explo ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2007-5157 (PHP remote file inclusion vulnerability in phfito-post.php in Alex Koc ...)
	NOT-FOR-US: PHP Fidonet Tosser
CVE-2007-5156 (Incomplete blacklist vulnerability in editor/filemanager/upload/php/up ...)
	- knowledgeroot 0.9.8.4-1.1 (unimportant; bug #444928)
	- moin 1.5.8-4.1 (unimportant)
	NOTE: This problem should rather be addressed by proper httpd config
	NOTE: The change only adds a workaround for insecure configs
	- karrigell <not-affected> (Does not include vulnerable php code)
	- gforge 4.6.99+svn6169-1 (low; bug #447590)
	[etch] - gforge <not-affected> (fckeditor is not shipped in these versions)
	[sarge] - gforge <not-affected> (fckeditor is not shipped in these versions)
CVE-2007-5155 (IceGUI.DLL in ICEOWS 4.20b invokes a function with incorrect arguments ...)
	NOT-FOR-US: ICEOWS
CVE-2007-5154 (Session fixation vulnerability in Aipo and Aipo ASP 3.0.1.0 and earlie ...)
	NOT-FOR-US: Aipo
CVE-2007-5153 (Unspecified vulnerability in Sun Java System Access Manager 7.1, when  ...)
	NOT-FOR-US: Sun Java System Access Manager
CVE-2007-5152 (Sun Java System Access Manager 7.1, when installed in a Sun Java Syste ...)
	NOT-FOR-US: Sun Java System Access Manager
CVE-2007-5151 (SQL injection vulnerability in the abget_admin function in includes/nu ...)
	NOT-FOR-US: NukeSentinel
CVE-2007-5150 (SQL injection vulnerability in the is_god function in includes/nukesen ...)
	NOT-FOR-US: NukeSentinel
CVE-2007-5149 (PHP remote file inclusion vulnerability in NewsCMS/news/newstopic_inc. ...)
	NOT-FOR-US: North Country Public Radio Public Media Manager
CVE-2007-5148
	NOT-FOR-US: FrontAccounting
CVE-2007-5147 (Multiple PHP remote file inclusion vulnerabilities in Puzzle Apps CMS  ...)
	NOT-FOR-US: Puzzle Apps CMS
CVE-2007-5146 (Multiple PHP remote file inclusion vulnerabilities in dedi-group Der D ...)
	NOT-FOR-US: Der Dirigent
CVE-2007-5145 (Multiple buffer overflows in system DLL files in Microsoft Windows XP, ...)
	NOT-FOR-US: Windows XP
CVE-2007-5144 (Buffer overflow in the GDI engine in Windows Live Messenger, as used f ...)
	NOT-FOR-US: Windows Live Messenger
CVE-2007-5143 (F-Secure Anti-Virus for Windows Servers 7.0 64-bit edition allows loca ...)
	NOT-FOR-US: Anti-Virus for Windows Servers
CVE-2007-5142 (Cross-site scripting (XSS) vulnerability in buscar.asp in Solidweb Nov ...)
	NOT-FOR-US: Solidweb Novus
CVE-2007-5141 (SQL injection vulnerability in search.php in SiteX CMS 0.7.3 Beta allo ...)
	NOT-FOR-US: SiteX
CVE-2007-5140 (PHP remote file inclusion vulnerability in includes/archive/archive_to ...)
	NOT-FOR-US: IntegraMOD Nederland
CVE-2007-5139 (PHP remote file inclusion vulnerability in admin/include/header.php in ...)
	NOT-FOR-US: Chupix
CVE-2007-5138 (PHP remote file inclusion vulnerability in forum/forum.php in lustig.c ...)
	NOT-FOR-US: lustig.cms
CVE-2007-5137 (Buffer overflow in the ReadImage function in generic/tkImgGIF.c in Tcl ...)
	{DSA-1743-1}
	- tk8.4 8.4.16-1
	[etch] - tk8.4 <not-affected> (Vulnerability was introduced in 8.4.13)
	[sarge] - tk8.4 <not-affected> (Vulnerability was introduced in 8.4.13)
	- tk8.3 <not-affected> (Vulnerability was introduced in 8.4.13)
	- libtk-img 1.3-release-8
CVE-2007-5136 (Cross-site scripting (XSS) vulnerability in DFD Cart 1.1.4 and earlier ...)
	NOT-FOR-US: DFD Cart
CVE-2007-5134 (Cisco Catalyst 6500 and Cisco 7600 series devices use 127/8 IP address ...)
	NOT-FOR-US: Cisco firmware
CVE-2007-5133 (Microsoft Windows Explorer (explorer.exe) allows user-assisted remote  ...)
	NOT-FOR-US: Microsoft Windows Explorer
CVE-2007-5132 (Race condition in the kernel in Sun Solaris 8 through 10 allows local  ...)
	NOT-FOR-US: Solaris
CVE-2007-5131 (SQL injection vulnerability in index.php in Interspire ActiveKB NX 2.x ...)
	NOT-FOR-US: ActiveKB
CVE-2007-5130 (SimpGB 1.46.02 allows remote attackers to obtain sensitive information ...)
	NOT-FOR-US: SimpGB
CVE-2007-5129 (SimpGB 1.46.02 stores sensitive information under the web root with in ...)
	NOT-FOR-US: SimpGB
CVE-2007-5128 (SimpNews 2.41.03 on Windows, when PHP before 5.0.0 is used, allows rem ...)
	NOT-FOR-US: SimpNews
CVE-2007-5127 (Multiple cross-site scripting (XSS) vulnerabilities in SimpGB 1.46.02  ...)
	NOT-FOR-US: SimpGB
CVE-2007-5126 (Unspecified vulnerability in the client in Symantec Veritas Backup Exe ...)
	NOT-FOR-US: Symantec Veritas Backup Exec
CVE-2007-5125
	REJECTED
CVE-2007-5124 (The embedded Internet Explorer server control in AOL Instant Messenger ...)
	NOT-FOR-US: AOL Messenger
CVE-2007-5123 (SQL injection vulnerability in notas.asp in Novus 1.0 allows remote at ...)
	NOT-FOR-US: Solidweb Novus
CVE-2007-5122 (SQL injection vulnerability in store_info.php in SoftBiz Classifieds P ...)
	NOT-FOR-US: SoftBiz Classifieds PLUS
CVE-2007-5121 (Cross-site scripting (XSS) vulnerability in JSPWiki 2.5.139-beta allow ...)
	- jspwiki <not-affected> (The version we ship does not process a redirect parameter in Login.jsp and other source files)
	[sarge] - jspwiki <no-dsa> (Contrib not supported)
CVE-2007-5120 (Multiple cross-site scripting (XSS) vulnerabilities in JSPWiki 2.4.103 ...)
	- jspwiki 2.5.139-1 (medium; bug #445477)
	[sarge] - jspwiki <no-dsa> (Contrib not supported)
CVE-2007-5119 (JSPWiki 2.4.103 and 2.5.139-beta allows remote attackers to obtain sen ...)
	- jspwiki 2.5.139-1 (unimportant; bug #445477)
	[sarge] - jspwiki <no-dsa> (Contrib not supported)
CVE-2007-5118 (Unspecified vulnerability in the HID (Human Interface Device) class dr ...)
	NOT-FOR-US: Solaris
CVE-2007-5117 (Multiple PHP remote file inclusion vulnerabilities in FrontAccounting  ...)
	NOT-FOR-US: FrontAccounting
CVE-2007-5116 (Buffer overflow in the polymorphic opcode support in the Regular Expre ...)
	{DSA-1400-1 DTSA-78-1}
	- perl 5.8.8-12 (medium; bug #450794)
	NOTE: http://public.activestate.com/cgi-bin/perlbrowse/30647
CVE-2007-5135 (Off-by-one error in the SSL_get_shared_ciphers function in OpenSSL 0.9 ...)
	{DSA-1379-1}
	- openssl 0.9.8e-9 (low; bug #444435)
	[sarge] - openssl 0.9.7e-3sarge5
CVE-2007-5115 (Multiple PHP remote file inclusion vulnerabilities in Ekke Doerre Cont ...)
	NOT-FOR-US: Ekke Doerre Contenido
CVE-2007-5114
	NOT-FOR-US: phpmyProfiler
CVE-2007-5113 (report.cgi in Google Urchin allows remote attackers to bypass authenti ...)
	NOT-FOR-US: Google Urchin
CVE-2007-5112 (Cross-site scripting (XSS) vulnerability in session.cgi (aka the login ...)
	NOT-FOR-US: Google Urchin
CVE-2007-5111 (A certain ActiveX control in EBCRYPT.DLL 2.0 in EB Design ebCrypt allo ...)
	NOT-FOR-US: ebCrypt
CVE-2007-5110 (Absolute path traversal vulnerability in the EbCrypt.eb_c_PRNGenerator ...)
	NOT-FOR-US: ebCrypt
CVE-2007-5109 (Cross-site request forgery (CSRF) vulnerability in index.php in FlatNu ...)
	NOT-FOR-US: flatnuke
CVE-2007-5108 (Unspecified vulnerability in IAC Search &amp; Media ask.com toolbar ha ...)
	NOT-FOR-US: IAC Search & Media ask.com toolbar
CVE-2007-5107 (Stack-based buffer overflow in the AskJeevesToolBar.SettingsPlugin.1 A ...)
	NOT-FOR-US: AskJeevesToolBar
CVE-2007-5106 (Cross-site scripting (XSS) vulnerability in wp-register.php in WordPre ...)
	- wordpress 2.0.2-1 (low)
CVE-2007-5105 (Cross-site scripting (XSS) vulnerability in wp-register.php in WordPre ...)
	- wordpress 2.0.4-1 (low)
CVE-2007-5104 (SQL injection vulnerability in index.php in the Arcade module in bcoos ...)
	NOT-FOR-US: bcoos
CVE-2007-5103 (Directory traversal vulnerability in config.inc.php in Wordsmith 1.0 R ...)
	NOT-FOR-US: Wordsmith
CVE-2007-5102 (PHP remote file inclusion vulnerability in config.inc.php in Wordsmith ...)
	NOT-FOR-US: Wordsmith
CVE-2007-5101 (ChironFS before 1.0 RC7 sets user/group ownership to the mounter accou ...)
	NOT-FOR-US: ChironFS
CVE-2007-5100 (Multiple PHP remote file inclusion vulnerabilities in phpBB Plus 1.53, ...)
	NOT-FOR-US: phpBB plus (phpbb2 does not include this module)
CVE-2007-5099 (PHP remote file inclusion vulnerability in show.php in David Watters H ...)
	NOT-FOR-US: helplink
CVE-2007-5098 (Multiple PHP remote file inclusion vulnerabilities in DFD Cart 1.1.4 a ...)
	NOT-FOR-US: DFD Cart
CVE-2007-5097
	NOT-FOR-US: Online Fantasy Football League
CVE-2007-5096 (PHP remote file inclusion vulnerability in modules/webmail2/inc/rfc822 ...)
	NOT-FOR-US: guanxiCRM Business Solution
CVE-2007-5095 (Microsoft Windows Media Player (WMP) 9 on Windows XP SP2 invokes Inter ...)
	NOT-FOR-US: Windows Media Player
CVE-2007-5094 (Heap-based buffer overflow in iaspam.dll in the SMTP Server in Ipswitc ...)
	NOT-FOR-US: Ipswitch IMail Server
CVE-2007-5093 (The disconnect method in the Philips USB Webcam (pwc) driver in Linux  ...)
	{DSA-1503-2 DSA-1504-1 DSA-1503-1 DSA-1381-2}
	- linux-2.6 2.6.23-1
CVE-2007-5092 (Directory traversal vulnerability in index.php in the Dance Music modu ...)
	NOT-FOR-US: phpNuke module
CVE-2007-5091 (Multiple cross-site scripting (XSS) vulnerabilities in eGroupWare 1.4. ...)
	- egroupware 1.2.107-2.dfsg-2 (low; bug #444351)
CVE-2007-5090 (Unspecified vulnerability in IBM Rational ClearQuest (CQ), when a Micr ...)
	NOT-FOR-US: IBM Rational ClearQuest
CVE-2007-5089 (PHP remote file inclusion vulnerability in php-inc/log.inc.php in sk.l ...)
	NOT-FOR-US: Sklog
CVE-2007-5088 (Cross-site scripting (XSS) vulnerability in search/cust_bill_event.cgi ...)
	NOT-FOR-US: freeside
CVE-2007-5087 (The ATM module in the Linux kernel before 2.4.35.3, when CLIP support  ...)
	- linux-2.6 <not-affected> (2.6 code base handles ARP entries differently)
CVE-2007-5086 (Kaspersky Anti-Virus (KAV) and Internet Security 7.0 build 125 do not  ...)
	NOT-FOR-US: Kaspersky Anti-Virus and Internet Security 7.0
CVE-2007-5085 (Unspecified vulnerability in the management EJB (MEJB) in Apache Geron ...)
	NOT-FOR-US: Geronimo Apache
CVE-2007-5084 (Multiple SQL injection vulnerabilities in Computer Associates (CA) Bri ...)
	NOT-FOR-US: CA BrightStor Hierarchical Storage Manager
CVE-2007-5083 (Multiple integer overflows in Computer Associates (CA) BrightStor Hier ...)
	NOT-FOR-US: CA BrightStor Hierarchical Storage Manager
CVE-2007-5082 (Multiple stack-based buffer overflows in Computer Associates (CA) Brig ...)
	NOT-FOR-US: CA BrightStor Hierarchical Storage Manager
CVE-2007-5081 (Heap-based buffer overflow in RealNetworks RealPlayer 8, 10, 10.1, and ...)
	NOT-FOR-US: RealPlayer
CVE-2007-5080 (Integer overflow in RealNetworks RealPlayer 10 and 10.5, RealOne Playe ...)
	NOT-FOR-US: RealPlayer
CVE-2007-5079 (Red Hat Enterprise Linux 4 does not properly compile and link gdm with ...)
	- gdm <not-affected> (Red Hat-specific packaging flaw)
CVE-2007-5078 (Multiple cross-site scripting (XSS) vulnerabilities in eGov Manager al ...)
	NOT-FOR-US: eGov Manager
CVE-2007-5077
	RESERVED
CVE-2007-5076
	RESERVED
CVE-2007-5075
	RESERVED
CVE-2007-5074
	RESERVED
CVE-2007-5073
	RESERVED
CVE-2007-5072 (Multiple cross-site scripting (XSS) vulnerabilities in Simple PHP Blog ...)
	NOT-FOR-US: Simple PHP Blog
CVE-2007-5071 (Incomplete blacklist vulnerability in upload_img_cgi.php in Simple PHP ...)
	NOT-FOR-US: Simple PHP Blog
CVE-2007-5070 (Heap-based buffer overflow in the EasyMailMessagePrinter ActiveX contr ...)
	NOT-FOR-US: Easy Mail Message Printer
CVE-2007-5069 (Directory traversal vulnerability in data/compatible.php in the Nuke M ...)
	NOT-FOR-US: PHP-Nuke
CVE-2007-5068 (SQL injection vulnerability in index.php in phpFullAnnu (PFA) 6.0 allo ...)
	NOT-FOR-US: phpFullAnnu
CVE-2007-5067 (Multiple buffer overflows in iMatix Xitami Web Server 2.5c2 allow remo ...)
	NOT-FOR-US: iMatix Xitami Web Server
CVE-2007-5066 (Unspecified vulnerability in Webmin before 1.370 on Windows allows rem ...)
	- webmin <removed>
CVE-2007-5065 (PHP remote file inclusion vulnerability in admin.slideshow1.php in the ...)
	NOT-FOR-US: Joomla! extension
CVE-2007-5064 (Buffer overflow in a certain ActiveX control in Xunlei Web Thunder 5.6 ...)
	NOT-FOR-US: Xunlei Web Thunder
CVE-2007-5063 (Adam Scheinberg Flip 3.0 and earlier stores sensitive information unde ...)
	NOT-FOR-US: Adam Scheinberg Flip
CVE-2007-5062 (account.php in Adam Scheinberg Flip 3.0 and earlier allows remote atta ...)
	NOT-FOR-US: Adam Scheinberg Flip
CVE-2007-5061 (SQL injection vulnerability in mods/banners/navlist.php in Clansphere  ...)
	NOT-FOR-US: Clansphere
CVE-2007-5060 (Cross-site request forgery (CSRF) vulnerability in the cpass functiona ...)
	NOT-FOR-US: XCMS
CVE-2007-5059 (Multiple cross-site scripting (XSS) vulnerabilities in GreenSQL allow  ...)
	NOT-FOR-US: GreenSQL
CVE-2007-5058 (Cross-site scripting (XSS) vulnerability in the Web administration int ...)
	NOT-FOR-US: Barracuda
CVE-2007-5057 (NetSupport Manager Client before 10.20.0004 allows remote attackers to ...)
	NOT-FOR-US: NetSupport Manager Client
CVE-2007-5056 (Eval injection vulnerability in adodb-perf-module.inc.php in ADOdb Lit ...)
	NOT-FOR-US: ADOdb Lite
CVE-2007-5055 (Multiple directory traversal vulnerabilities in iziContents 1 RC6 and  ...)
	NOT-FOR-US: iziContents
CVE-2007-5054 (Multiple PHP remote file inclusion vulnerabilities in iziContents 1 RC ...)
	NOT-FOR-US: iziContents
CVE-2007-5053 (Multiple incomplete blacklist vulnerabilities in iziContents 1 RC6 and ...)
	NOT-FOR-US: iziContents
CVE-2007-5052 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in Vi ...)
	NOT-FOR-US: Vigile CMS
CVE-2007-5051 (Multiple cross-site scripting (XSS) vulnerabilities in PhpGedView 4.1. ...)
	{DSA-1559-1}
	- phpgedview 4.1.e+4.1.1-2 (low; bug #443901)
CVE-2007-5050 (Directory traversal vulnerability in index.php in Neuron News 1.0 allo ...)
	NOT-FOR-US: Neuron News
CVE-2007-5049
	REJECTED
CVE-2007-5048 (Heap-based buffer overflow in Lhaplus before 1.55 allows remote attack ...)
	NOT-FOR-US: lhaplus
CVE-2007-5047 (Norton Internet Security 2008 15.0.0.60 does not properly validate cer ...)
	NOT-FOR-US: Norton Internet Security
CVE-2007-5046 (Cross-site scripting (XSS) vulnerability in the Webmail interface for  ...)
	NOT-FOR-US: IceWarp Merak Mail Server
CVE-2007-5045 (Argument injection vulnerability in Apple QuickTime 7.1.5 and earlier, ...)
	- iceweasel <not-affected> (Only affects Firefox/Thunderbird on Windows)
	- icedove <not-affected> (Only affects Firefox/Thunderbird on Windows)
CVE-2007-5044 (ZoneAlarm Pro 7.0.362.000 does not properly validate certain parameter ...)
	NOT-FOR-US: ZoneAlam Pro
CVE-2007-5043 (Kaspersky Internet Security 7.0.0.125 does not properly validate certa ...)
	NOT-FOR-US: Kaspersky Internet Security
CVE-2007-5042 (Outpost Firewall Pro 4.0.1025.7828 does not properly validate certain  ...)
	NOT-FOR-US: Outpost Firewall PRO
CVE-2007-5041 (G DATA InternetSecurity 2007 does not properly validate certain parame ...)
	NOT-FOR-US: G DATA InternetSecurity
CVE-2007-5040 (Ghost Security Suite alpha 1.200 does not properly validate certain pa ...)
	NOT-FOR-US: Ghost Security Suite
CVE-2007-5039 (Ghost Security Suite beta 1.110 does not properly validate certain par ...)
	NOT-FOR-US: Ghost Security Suite
CVE-2007-5038 (The offer_account_by_email function in User.pm in the WebService for B ...)
	- bugzilla <not-affected> (Affected versions were never present in the archive)
CVE-2007-5037 (Buffer overflow in the inotifytools_snprintf function in src/inotifyto ...)
	{DSA-1440-1}
	- inotify-tools 3.11-1 (medium; bug #443913)
CVE-2007-5036 (Multiple buffer overflows in the AirDefense Airsensor M520 with firmwa ...)
	NOT-FOR-US: AirDefense firmware
CVE-2007-5035
	NOT-FOR-US: openEngine
CVE-2007-5034 (ELinks before 0.11.3, when sending a POST request for an https URL, ap ...)
	{DSA-1380-1}
	- elinks 0.11.1-1.5 (low; bug #443914)
CVE-2007-5033 (Cross-site scripting (XSS) vulnerability in profile.php in phpBB XS 2  ...)
	NOT-FOR-US: phpBB XS
CVE-2007-5032 (Cross-site request forgery (CSRF) vulnerability in admin.php in Franci ...)
	NOT-FOR-US: Php-Nuke
CVE-2007-5031 (The TSrvOptIA_NA::rebind method in SrvOptions/SrvOptIA_NA.cpp in Dibbl ...)
	- dibbler 0.6.1-1 (low; bug #444002)
CVE-2007-5030 (Multiple integer overflows in Dibbler 0.6.0 allow remote attackers to  ...)
	- dibbler 0.6.1-1 (low; bug #444002)
CVE-2007-5029 (Dibbler 0.6.0 does not verify that certain length parameters are appro ...)
	- dibbler 0.6.1-1 (low; bug #444002)
CVE-2007-5028 (Dibbler 0.6.0 on Linux uses weak world-writable permissions for unspec ...)
	- dibbler 0.6.1-1 (medium; bug #444002)
CVE-2007-5027 (Multiple cross-site scripting (XSS) vulnerabilities in cgi-bin/ddns in ...)
	NOT-FOR-US: WBR3404TX firmware
CVE-2007-5026 (dBlog CMS, probably 2.0, stores sensitive information under the web ro ...)
	NOT-FOR-US: dBlog CMS
CVE-2007-5025 (Unspecified vulnerability in EMC VMware ACE before 1.0.3 Build 54075 a ...)
	NOT-FOR-US: VMware
CVE-2007-5024 (EMC VMware Server before 1.0.4 Build 56528 writes passwords in clearte ...)
	NOT-FOR-US: VMware
CVE-2007-5023 (Unquoted Windows search path vulnerability in EMC VMware Workstation b ...)
	NOT-FOR-US: VMware
CVE-2007-5022 (Unspecified vulnerability in certain IBM Tivoli Storage Manager (TSM)  ...)
	NOT-FOR-US: IBM Tivoli Storage Manager
CVE-2007-5021
	REJECTED
CVE-2007-5020 (Unspecified vulnerability in Adobe Acrobat and Reader 8.1 on Windows a ...)
	NOT-FOR-US: Acrobat Reader
CVE-2007-XXXX [mimep insecure tempfile usage and insecure calls to LaTeX and dvips]
	- mp 3.7.1-8 (low)
	[sarge] - mp <no-dsa> (Minor issue)
	[etch] - mp <no-dsa> (Minor issue)
	NOTE: Can be fixed in a point update
CVE-2007-5019 (Buffer overflow in the Sun Java Web Start ActiveX control in Java Runt ...)
	- sun-java6 <removed> (unimportant)
	- sun-java5 <removed> (unimportant)
	- openjdk-6 <removed> (unimportant)
	NOTE: exploiting this would not work under Linux
CVE-2007-5018 (Stack-based buffer overflow in IMAPD in Mercury/32 4.52 allows remote  ...)
	NOT-FOR-US: Pegasus Mail Mercury
CVE-2007-5017 (Absolute path traversal vulnerability in a certain ActiveX control in  ...)
	NOT-FOR-US: Yahoo! Messenger
CVE-2007-5016 (SQL injection vulnerability in userreviews.php in OneCMS 2.4 allows re ...)
	NOT-FOR-US: OneCMS
CVE-2007-5015 (Multiple PHP remote file inclusion vulnerabilities in Streamline PHP M ...)
	NOT-FOR-US: Streamline
CVE-2007-5014 (Multiple PHP remote file inclusion vulnerabilities in pSlash 0.70 allo ...)
	NOT-FOR-US: pSlash
CVE-2007-5013 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in Ph ...)
	NOT-FOR-US: Phormer
CVE-2007-5012 (Cross-site scripting (XSS) vulnerability in picture.php in PhpWebGalle ...)
	NOT-FOR-US: PhpWebGallery
CVE-2007-5011 (webbatch.exe in WebBatch allows remote attackers to obtain sensitive i ...)
	NOT-FOR-US: WebBatch
CVE-2007-5010 (Cross-site scripting (XSS) vulnerability in WebBatch allows remote att ...)
	NOT-FOR-US: WebBatch
CVE-2007-5009 (PHP remote file inclusion vulnerability in language/lang_german/lang_m ...)
	NOT-FOR-US: Phpbb Plus
	NOTE: vulnerable code not included in phpbb2
CVE-2007-5008 (The logins command in HP-UX B.11.31, B.11.23, and B.11.11 does not cor ...)
	NOT-FOR-US: HP-UX
CVE-2007-5007 (Stack-based buffer overflow in the ir_fetch_seq function in balsa befo ...)
	- balsa 2.3.20-1 (low)
	[etch] - balsa 2.3.13-3
	NOTE: Minor issue fixed in 4.0r4 point release
	[sarge] - balsa <no-dsa> (Minor issue)
	NOTE: attacker needs to get the victim a prepared server to use
CVE-2007-5006 (Multiple command handlers in CA (Computer Associates) BrightStor ARCse ...)
	NOT-FOR-US: CA ARCserve Backup
CVE-2007-5005 (Directory traversal vulnerability in rxRPC.dll in CA (Computer Associa ...)
	NOT-FOR-US: CA ARCserve Backup
CVE-2007-5004 (Integer overflow in CA (Computer Associates) BrightStor ARCserve Backu ...)
	NOT-FOR-US: CA ARCserve Backup
CVE-2007-5003 (Multiple stack-based buffer overflows in CA (Computer Associates) Brig ...)
	NOT-FOR-US: CA ARCserve Backup
CVE-2007-5002
	REJECTED
CVE-2007-5001 (Linux kernel before 2.4.21 allows local users to cause a denial of ser ...)
	- linux-2.6 <not-affected> (RedHat/RHEL3 specific patch only)
CVE-2007-5000 (Cross-site scripting (XSS) vulnerability in the (1) mod_imap module in ...)
	[sarge] - apache2 <no-dsa> (minor issue)
	[sarge] - apache <no-dsa> (minor issue)
	- apache2 2.2.8-1 (low)
	- apache <removed> (low)
	[etch] - apache2 2.2.3-4+etch4
	[etch] - apache 1.3.34-4.1+etch1
CVE-2007-4999 (libpurple in Pidgin 2.1.0 through 2.2.1, when using HTML logging, allo ...)
	- pidgin 2.2.2-1 (medium)
CVE-2007-4998 (cp, when running with an option to preserve symlinks on multiple OSes, ...)
	- coreutils 4.1.2
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=356471
CVE-2007-4997 (Integer underflow in the ieee80211_rx function in net/ieee80211/ieee80 ...)
	{DSA-1428-1}
	- linux-2.6 2.6.23-1
CVE-2007-4996 (libpurple in Pidgin before 2.2.1 does not properly handle MSN nudge me ...)
	- pidgin 2.2.1-1 (medium)
	NOTE: Gaim not affected, vulnerable code was introduced in 2.2.0
CVE-2007-4995 (Off-by-one error in the DTLS implementation in OpenSSL 0.9.8 before 0. ...)
	{DSA-1571-1}
	- openssl 0.9.8f-1 (low)
	- openssl097 <not-affected> (DTLS support was introduced in 0.9.8)
	- openssl096 <not-affected> (DTLS support was introduced in 0.9.8)
	[sarge] - openssl <not-affected> (DTLS support was introduced in 0.9.8)
CVE-2007-4994 (Certificate Server 7.2 in Red Hat Certificate System (RHCS) does not p ...)
	NOT-FOR-US: Redhat Certificate Server
CVE-2007-4993 (pygrub (tools/pygrub/src/GrubConf.py) in Xen 3.0.3, when booting a gue ...)
	{DSA-1384-1}
	- xen-3 3.1.1-1 (medium; bug #444430)
	- xen-3.0 <removed>
CVE-2007-4992 (Stack-based buffer overflow in the process_packet function in fbserver ...)
	- firebird1.5 <removed> (medium; bug #446373)
	- firebird2.0 2.0.3.12981.ds1-1 (medium)
CVE-2007-4991 (The SOCKS4 Proxy in Microsoft Internet Security and Acceleration (ISA) ...)
	NOT-FOR-US: Microsoft Internet Security and Acceleration
CVE-2007-4990 (The swap_char2b function in X.Org X Font Server (xfs) before 1.0.5 all ...)
	{DSA-1385-1}
	- xfs 1:1.0.5-1
CVE-2007-4989
	REJECTED
CVE-2007-4988 (Sign extension error in the ReadDIBImage function in ImageMagick befor ...)
	{DSA-1903-1 DSA-1858-1 DTSA-63-1}
	- imagemagick 7:6.2.4.5.dfsg1-2 (medium; bug #444267)
	- graphicsmagick 1.1.11-1 (medium; bug #444266)
CVE-2007-4987 (Off-by-one error in the ReadBlobString function in blob.c in ImageMagi ...)
	{DSA-1858-1 DTSA-63-1}
	- imagemagick 7:6.2.4.5.dfsg1-2 (medium; bug #444267)
CVE-2007-4986 (Multiple integer overflows in ImageMagick before 6.3.5-9 allow context ...)
	{DSA-1903-1 DSA-1858-1 DTSA-63-1}
	- imagemagick 7:6.2.4.5.dfsg1-2 (medium; bug #444267)
	- graphicsmagick 1.1.11-1 (medium; bug #444266)
CVE-2007-4985 (ImageMagick before 6.3.5-9 allows context-dependent attackers to cause ...)
	{DSA-1903-1 DSA-1858-1 DTSA-63-1}
	- imagemagick 7:6.2.4.5.dfsg1-2 (medium; bug #444267)
	- graphicsmagick 1.1.11-1 (medium; bug #444266)
CVE-2007-4984 (SQL injection vulnerability in index.php in the Ktauber.com StylesDemo ...)
	NOT-FOR-US: StylesDemo
CVE-2007-4983 (Directory traversal vulnerability in the JetAudio.Interface.1 ActiveX  ...)
	NOT-FOR-US: jetAudio
CVE-2007-4982 (Multiple absolute path traversal vulnerabilities in the MW6QRCode.QRCo ...)
	NOT-FOR-US: QRCode
CVE-2007-4981 (Cross-site scripting (XSS) vulnerability in the save function in Obedi ...)
	NOT-FOR-US: Obedit
CVE-2007-4980 (The readRequest method in org/gcaldaemon/core/http/HTTPListener.java i ...)
	NOT-FOR-US: GCALDaemon
CVE-2007-4979 (SQL injection vulnerability in index.php in the sondages module in Kws ...)
	NOT-FOR-US: KwsPHP
CVE-2007-4978 (Multiple PHP remote file inclusion vulnerabilities in phpSyncML 0.1.2  ...)
	NOT-FOR-US: phpSyncML
CVE-2007-4977 (Cross-site scripting (XSS) vulnerability in mode.php in Coppermine Pho ...)
	NOT-FOR-US: Coppermine Photo Gallery
CVE-2007-4976 (Directory traversal vulnerability in viewlog.php in Coppermine Photo G ...)
	NOT-FOR-US: Coppermine Photo Gallery
CVE-2007-4975 (Cross-site scripting (XSS) vulnerability in hilfe.php in b1gMail 6.3.1 ...)
	NOT-FOR-US: b1gMail
CVE-2007-4974 (Heap-based buffer overflow in the flac_buffer_copy function in libsndf ...)
	{DSA-1442-1}
	- libsndfile 1.0.17-4 (bug #443386; medium)
	[sarge] - libsndfile <not-affected> (Vulnerable code not present)
	- ardour 1:2.1-1.1 (medium; bug #445889)
	[sarge] - ardour <not-affected> (Vulnerable code not present)
	[etch] - ardour <not-affected> (Vulnerable code not present)
CVE-2007-4973
	RESERVED
CVE-2007-4972 (RegMon 7.04 does not properly validate certain parameters to System Se ...)
	NOT-FOR-US: NtRegmon
CVE-2007-4971 (ProSecurity 1.40 Beta 2 does not properly validate certain parameters  ...)
	NOT-FOR-US: ProSecurity
CVE-2007-4970 (ProcessGuard 3.410 does not properly validate certain parameters to Sy ...)
	NOT-FOR-US: ProcessGuard
CVE-2007-4969 (Process Monitor 1.22 does not properly validate certain parameters to  ...)
	NOT-FOR-US: Process Monitor
CVE-2007-4968 (Privatefirewall 5.0.14.2 does not properly validate certain parameters ...)
	NOT-FOR-US: Privatefirewal
CVE-2007-4967 (Online Armor Personal Firewall 2.0.1.215 does not properly validate ce ...)
	NOT-FOR-US: Online Armor Personal Firewall
CVE-2007-4966 (SQL injection vulnerability in www/people/editprofile.php in GForge 4. ...)
	NOTE: Duplicate of CVE-2007-3913
CVE-2007-4965 (Multiple integer overflows in the imageop module in Python 2.5.1 and e ...)
	{DSA-1620-1 DSA-1551-1}
	- python2.5 2.5.1-6 (low; bug #443333)
	[etch] - python2.5 <no-dsa> (Minor issue)
	[sarge] - python2.5 <no-dsa> (Minor issue)
	- python2.4 2.4.4-7 (low; bug #443335)
	[etch] - python2.4 <no-dsa> (Minor issue)
CVE-2007-4964 (WinImage 8.10 and earlier allows remote attackers to cause a denial of ...)
	NOT-FOR-US: WinImage
CVE-2007-4963 (Visual truncation vulnerability in WinImage 8.10 and earlier allows re ...)
	NOT-FOR-US: WinImage
CVE-2007-4962 (Directory traversal vulnerability in WinImage 8.10 and earlier allows  ...)
	NOT-FOR-US: WinImage
CVE-2007-4961 (The login_to_simulator method in Linden Lab Second Life, as used by th ...)
	- secondlife-client <itp> (low; bug #406335)
CVE-2007-4960 (Argument injection vulnerability in the Linden Lab Second Life secondl ...)
	- secondlife-client <itp> (low; bug #406335)
CVE-2007-4959 (Cross-site scripting (XSS) vulnerability in catalog_products_with_imag ...)
	NOT-FOR-US: osCMax
CVE-2007-4958 (Multiple cross-site scripting (XSS) vulnerabilities in TinyWebGallery  ...)
	NOT-FOR-US: TinyWebGallery
CVE-2007-4957 (Multiple directory traversal vulnerabilities in download.php in Chupix ...)
	NOT-FOR-US: ChupixCMS
CVE-2007-4956 (Multiple SQL injection vulnerabilities in KwsPHP 1.0 allow remote atta ...)
	NOT-FOR-US: KwsPhp
CVE-2007-4955 (PHP remote file inclusion vulnerability in admin.joomlaflashfun.php in ...)
	NOT-FOR-US: Joomla! extension
CVE-2007-4954 (PHP remote file inclusion vulnerability in admin.joom12pic.php in the  ...)
	NOT-FOR-US: Joomla! extension
CVE-2007-4953 (SQL injection vulnerability in index.php in SimpCMS allows remote atta ...)
	NOT-FOR-US: SimpCMS
CVE-2007-4952 (SQL injection vulnerability in article.php in OmniStar Article Manager ...)
	NOT-FOR-US: OmniStar Article Manager
CVE-2007-4951
	NOT-FOR-US: YaPiG
CVE-2007-4950
	NOT-FOR-US: Phportal
CVE-2007-4949
	NOT-FOR-US: phpreactor
CVE-2007-4948 (Multiple PHP remote file inclusion vulnerabilities in Webmedia Explore ...)
	NOT-FOR-US: Webmedia Explorer
CVE-2007-4947 (Multiple PHP remote file inclusion vulnerabilities in myphpPagetool 0. ...)
	NOT-FOR-US: myphpPagetool
CVE-2007-4946 (LetterGrade allows remote attackers to obtain sensitive information (i ...)
	NOT-FOR-US: LetterGrade
CVE-2007-4945 (Multiple cross-site scripting (XSS) vulnerabilities in LetterGrade all ...)
	NOT-FOR-US: LetterGrade
CVE-2007-4944 (The canvas.createPattern function in Opera 9.x before 9.22 for Linux,  ...)
	NOT-FOR-US: Opera
CVE-2007-4943 (Multiple buffer overflows in a certain ActiveX control in sparser.dll  ...)
	NOT-FOR-US: Baofeng Storm
CVE-2007-4942 (PHP remote file inclusion vulnerability in modules/Discipline/StudentF ...)
	NOT-FOR-US: Focus/SIS
CVE-2007-4941 (KMPlayer 2.9.3.1210 and earlier allows remote attackers to cause a den ...)
	NOT-FOR-US: KMPlayer for windows
	NOTE: its not kmplayer we ship its a windows only media player
CVE-2007-4940 (Multiple integer overflows in Media Player Classic (MPC) 6.4.9.0 and e ...)
	NOT-FOR-US: Media Player Classic
CVE-2007-4939 (Heap-based buffer overflow in mplayerc.exe in Media Player Classic (MP ...)
	NOT-FOR-US: Media Player Classic
CVE-2007-4938 (Heap-based buffer overflow in libmpdemux/aviheader.c in MPlayer 1.0rc1 ...)
	{DTSA-65-1}
	- mplayer 1.0~rc1-16.1 (bug #443478)
CVE-2007-4937 (CS Guestbook stores sensitive information under the web root with insu ...)
	NOT-FOR-US: CS Guestbook
CVE-2007-4936 (Unspecified vulnerability in Office Efficiencies SafeSquid 4.1.x has u ...)
	NOT-FOR-US: SafeSquid
CVE-2007-4935 (Multiple PHP remote file inclusion vulnerabilities in phpFFL 1.24 allo ...)
	NOT-FOR-US: phpFFL
CVE-2007-4934 (Multiple PHP remote file inclusion vulnerabilities in phpFFL 1.24 allo ...)
	NOT-FOR-US: phpFFL
CVE-2007-4933 (Direct static code injection vulnerability in includes/admin/sub/conf_ ...)
	NOT-FOR-US: Shop-Script FREE
CVE-2007-4932 (admin.php in Shop-Script FREE 2.0 and earlier sends a redirect to the  ...)
	NOT-FOR-US: Shop-Script FREE
CVE-2007-4931 (HP System Management Homepage (SMH) for Windows, when used in conjunct ...)
	NOT-FOR-US: HP System Management Homepage
CVE-2007-4930 (Multiple cross-site request forgery (CSRF) vulnerabilities in the AXIS ...)
	NOT-FOR-US: Axis firmware
CVE-2007-4929 (Multiple cross-site scripting (XSS) vulnerabilities in the AXIS 207W c ...)
	NOT-FOR-US: Axis firmware
CVE-2007-4928 (The AXIS 207W camera stores a WEP or WPA key in cleartext in the confi ...)
	NOT-FOR-US: Axis firmware
CVE-2007-4927 (axis-cgi/buffer/command.cgi on the AXIS 207W camera allows remote auth ...)
	NOT-FOR-US: Axis firmware
CVE-2007-4926 (The AXIS 207W camera uses a base64-encoded cleartext username and pass ...)
	NOT-FOR-US: Axis firmware
CVE-2007-4925 (The ewirePC_Decrypt function in ewirepcfunctions.php in eWire Payment  ...)
	NOT-FOR-US: eWire Payment Client
CVE-2007-4924 (The Open Phone Abstraction Library (opal), as used by (1) Ekiga before ...)
	- opal 2.2.11~dfsg1-1 (low)
	[etch] - opal 2.2.3.dfsg-3+etch1 (bug #454141)
	NOTE: will be fixed by regular stable update
CVE-2007-4923 (PHP remote file inclusion vulnerability in admin.joomlaradiov5.php in  ...)
	NOT-FOR-US: Joomla extension
CVE-2007-4922 (SQL injection vulnerability in play.php in the jeuxflash 1.0 module fo ...)
	NOT-FOR-US: KwsPhp
CVE-2007-4921 (PHP remote file inclusion vulnerability in _includes/settings.inc.php  ...)
	NOT-FOR-US: Ajax File Browser
CVE-2007-4920 (SQL injection vulnerability in soporte_derecha_w.php in PHP Webquest 2 ...)
	NOT-FOR-US: Webquest
CVE-2007-4919 (Multiple SQL injection vulnerabilities in JBlog 1.0 allow (1) remote a ...)
	NOT-FOR-US: Jblog
CVE-2007-4918 (SQL injection vulnerability in classes/gelato.class.php in Gelato allo ...)
	NOT-FOR-US: Gelato
CVE-2007-4917 (Cross-site scripting (XSS) vulnerability in tracking.php in PHP-Stats  ...)
	NOT-FOR-US: Php-Stats
CVE-2007-4916 (Heap-based buffer overflow in the FileFind::FindFile method in (1) MFC ...)
	NOT-FOR-US: MFC Library
CVE-2007-4915 (The Intersil isl3893 extensions for Boa 0.93.15, as used on the FreeLa ...)
	- boa <not-affected> (We don't ship this extension)
CVE-2007-4914 (Unspecified vulnerability in the subscriptions manager in Invision Pow ...)
	NOT-FOR-US: Invision Power Board
CVE-2007-4913 (ips_kernel/class_upload.php in Invision Power Board (IPB or IP.Board)  ...)
	NOT-FOR-US: Invision Power Board
CVE-2007-4912 (Cross-site scripting (XSS) vulnerability in ips_kernel/class_ajax.php  ...)
	NOT-FOR-US: Invision Power Board
CVE-2007-4911 (JSMP3OGGWt.dll in JetCast Server 2.0.0.4308 allows remote attackers to ...)
	NOT-FOR-US: JetCast Server
CVE-2007-4910 (Unspecified vulnerability in netInvoicing before 2.7.3 has unknown imp ...)
	NOT-FOR-US: Netinvoicing
CVE-2007-4909 (Interpretation conflict in WinSCP before 4.0.4 allows remote attackers ...)
	NOT-FOR-US: WinSCP
CVE-2007-4908 (Directory traversal vulnerability in index.php in AuraCMS 2.1 and earl ...)
	NOT-FOR-US: AuraCMS
CVE-2007-4907 (Multiple PHP remote file inclusion vulnerabilities in X-Cart allow rem ...)
	NOT-FOR-US: X-Cart
CVE-2007-4906 (PHP remote file inclusion vulnerability in tasks/send_queued_emails.ph ...)
	NOT-FOR-US: NuclearBB
CVE-2007-4905 (Unrestricted file upload vulnerability in mod/contak.php in AuraCMS 2. ...)
	NOT-FOR-US: AuraCMS
CVE-2007-4904 (RealNetworks RealPlayer 10.1.0.3114 and earlier, and Helix Player 1.0. ...)
	- helix-player <unfixed> (unimportant; bug #443130)
	NOTE: Just a floating point exception by via a crafted .au file)
CVE-2007-4903 (Multiple buffer overflows in a certain ActiveX control in CryptoX.dll  ...)
	NOT-FOR-US: Ultra Crypto Component
CVE-2007-4902 (Absolute path traversal vulnerability in a certain ActiveX control in  ...)
	NOT-FOR-US: Ultra Crypto Component
CVE-2007-4901 (The embedded Internet Explorer server control in AOL Instant Messenger ...)
	NOT-FOR-US: AOL Instant Messenger
CVE-2007-4900 (Cross-site scripting (XSS) vulnerability in the logon page in RSA EnVi ...)
	NOT-FOR-US: RSA EnVision
CVE-2007-4899 (Multiple cross-site scripting (XSS) vulnerabilities in Boinc Forum 5.1 ...)
	NOT-FOR-US: Boinc Forum
CVE-2007-4898 (Unspecified vulnerability in the Multiwiki plugin in XWiki before 1.1  ...)
	NOT-FOR-US: Xwiki
CVE-2007-4897 (pwlib, as used by Ekiga 2.0.5 and possibly other products, allows remo ...)
	{DTSA-94-1}
	- pwlib 1.10.10-1.1 (low; bug #454133)
	- pwlib-titan 1.11.2-1.1 (low; bug #454139)
	[etch] - pwlib 1.10.2-2+etch1
	[sarge] - pwlib 1.8.4-1+sarge1.1
CVE-2007-4896 (Multiple cross-site scripting (XSS) vulnerabilities in admin/header.ph ...)
	NOT-FOR-US: Toms Gaestebuch
CVE-2007-4895 (Directory traversal vulnerability in dwoprn.php in Sisfo Kampus 2006 ( ...)
	NOT-FOR-US: Sisfo Kampus
CVE-2007-4894 (Multiple SQL injection vulnerabilities in Wordpress before 2.2.3 and W ...)
	- wordpress 2.2.3-1 (medium)
	[etch] - wordpress <not-affected> (Vulnerable code not yet introduced)
CVE-2007-4893 (wp-admin/admin-functions.php in Wordpress before 2.2.3 and Wordpress m ...)
	- wordpress 2.2.3-1 (low)
	[etch] - wordpress <not-affected> (Vulnerable code not yet introduced)
CVE-2007-4892 (Multiple SQL injection vulnerabilities in SWSoft Plesk 7.6.1, 8.1.0, 8 ...)
	NOT-FOR-US: Plesk (Windows)
CVE-2007-XXXX [libgd2: gdImageColorTransparent can write outside buffer]
	- libwmf <unfixed> (unimportant)
	- racket 5.0.2-1 (unimportant; bug #601525)
	NOTE: Only present in one of the sample pl-scheme packages (plot)
	- libgd2 2.0.35.dfsg-3
	[etch] - libgd2 2.0.33-5.2etch1
CVE-2007-4891 (A certain ActiveX control in PDWizard.ocx 6.0.0.9782 and earlier in Mi ...)
	NOT-FOR-US: PDWizard
CVE-2007-4890 (Absolute directory traversal vulnerability in a certain ActiveX contro ...)
	NOT-FOR-US: Microsoft Visual Studio
CVE-2007-4889 (The MySQL extension in PHP 5.2.4 and earlier allows remote attackers t ...)
	- php5 <removed> (unimportant)
	NOTE: basedir and safemode not supported
CVE-2007-4888 (The "You are not allowed..." error handler in XWiki 1.0 B1 and 1.0 B2  ...)
	NOT-FOR-US: Xwiki
CVE-2007-4887 (The dl function in PHP 5.2.4 and earlier allows context-dependent atta ...)
	- php5 5.2.5-1 (unimportant)
	NOTE: Only triggerable by malicious script
CVE-2007-4886 (Incomplete blacklist vulnerability in index.php in AuraCMS 1.x and pro ...)
	NOT-FOR-US: Aura CMS
CVE-2007-4885 (Avnex AV MP3 Player allows user-assisted remote attackers to cause a d ...)
	NOT-FOR-US: Avnex AV MP3 Player
CVE-2007-4884 (Media Player Classic (MPC) allows user-assisted remote attackers to ca ...)
	NOT-FOR-US: Windows
CVE-2007-4883 (Cross-site scripting (XSS) vulnerability in the BotQuery extension in  ...)
	- mediawiki-extensions <not-affected> (We don't ship this extension)
CVE-2007-4882 (Multiple cross-site scripting (XSS) vulnerabilities in TechExcel Custo ...)
	NOT-FOR-US: TechExcel CustomerWise
CVE-2007-4881 (SQL injection vulnerability in profile/myprofile.php in psi-labs.com s ...)
	NOT-FOR-US: Psilabs
CVE-2007-4880 (Buffer overflow in the Client Acceptor Daemon (CAD), dsmcad.exe, in ce ...)
	NOT-FOR-US: IBM Tivoli Storage Manager (TSM)
CVE-2007-4879 (Mozilla Firefox before Firefox 2.0.0.13, and SeaMonkey before 1.1.9, c ...)
	{DSA-1534-2 DSA-1535-1 DSA-1534-1 DSA-1532-1}
	- iceweasel 2.0.0.13-1 (low; bug #444803)
	- iceape 1.1.9-1 (low; bug #444805)
	- xulrunner 1.8.1.13-1
CVE-2007-4878
	RESERVED
CVE-2007-4877
	RESERVED
CVE-2007-4876
	RESERVED
CVE-2007-4875
	RESERVED
CVE-2007-4874 (Multiple cross-site scripting (XSS) vulnerabilities in SimpNews 2.41.0 ...)
	NOT-FOR-US: SimpNews
CVE-2007-4873 (SimpNews 2.41.03 stores sensitive information under the web root with  ...)
	NOT-FOR-US: SimpNews
CVE-2007-4872 (SimpNews 2.41.03 allows remote attackers to obtain sensitive informati ...)
	NOT-FOR-US: SimpNews
CVE-2007-4871
	RESERVED
CVE-2007-4870
	RESERVED
CVE-2007-4869
	RESERVED
CVE-2007-4868
	RESERVED
CVE-2007-4867
	RESERVED
CVE-2007-4866
	RESERVED
CVE-2007-4865
	RESERVED
CVE-2007-4864
	RESERVED
CVE-2007-4863 (SQL injection vulnerability in example.php in SAXON 5.4 allows remote  ...)
	NOT-FOR-US: SAXON
CVE-2007-4862 (Cross-site scripting (XSS) vulnerability in admin/menu.php in SAXON 5. ...)
	NOT-FOR-US: SAXON
CVE-2007-4861 (SAXON 5.4, with display_errors enabled, allows remote attackers to obt ...)
	NOT-FOR-US: SAXON
CVE-2007-4860
	RESERVED
CVE-2007-4859
	RESERVED
CVE-2007-4858
	RESERVED
CVE-2007-4857
	RESERVED
CVE-2007-4856
	RESERVED
CVE-2007-4855
	RESERVED
CVE-2007-4854
	RESERVED
CVE-2007-4853
	RESERVED
CVE-2007-4852
	RESERVED
CVE-2007-4851
	REJECTED
CVE-2007-4850 (curl/interface.c in the cURL library (aka libcurl) in PHP 5.2.4 and 5. ...)
	- php4 <removed> (unimportant)
	- php5 5.2.6-1 (unimportant)
	NOTE: Safe mode bypasses not treated as security problems
CVE-2007-4849 (JFFS2, as used on One Laptop Per Child (OLPC) build 542 and possibly o ...)
	{DSA-1378-2 DSA-1378-1}
	- linux-2.6 2.6.23-1 (bug #442245; low)
CVE-2007-4848 (Microsoft Internet Explorer 4.0 through 7 allows remote attackers to d ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2007-4847 (Google Picasa allows remote attackers to read image files stored by Pi ...)
	NOT-FOR-US: Google Picasa
CVE-2007-4846 (SQL injection vulnerability in start.php in Webace-Linkscript (wls) 1. ...)
	NOT-FOR-US: Webace-Linkscript
CVE-2007-4845 (Multiple SQL injection vulnerabilities in UPLOAD/index.php in RW::Down ...)
	NOT-FOR-US: RW::Download
CVE-2007-4844 (X-Diesel Unreal Commander 0.92 build 565 and 573 does not properly rea ...)
	NOT-FOR-US: Unreal Commander
CVE-2007-4843 (Directory traversal vulnerability in X-Diesel Unreal Commander 0.92 bu ...)
	NOT-FOR-US: Unreal Commander
CVE-2007-4842 (Directory traversal vulnerability in Enriva Development Magellan Explo ...)
	NOT-FOR-US: Magellan Explorer
CVE-2007-4841 (Mozilla Firefox before 2.0.0.8, Thunderbird before 2.0.0.8, and SeaMon ...)
	- iceweasel <not-affected> (windows only issue)
	- iceape <not-affected> (windows only issue)
	- xulrunner <not-affected> (windows only issue)
	- icedove <not-affected> (windows only issue)
	NOTE: MFSA2007-36
	NOTE: see https://bugzilla.mozilla.org/show_bug.cgi?id=394974
CVE-2007-4840 (PHP 5.2.4 and earlier allows context-dependent attackers to cause a de ...)
	- glibc 2.7-1 (unimportant)
	NOTE: Original PHP issue only triggerable by malicious script
CVE-2007-4839 (Unspecified vulnerability in the PD tools component in IBM WebSphere A ...)
	NOT-FOR-US: IBM WebSphere
CVE-2007-4838 (Multiple buffer overflows in CellFactor Revolution 1.03 and earlier al ...)
	NOT-FOR-US: CellFactor Revolution
CVE-2007-4837 (SQL injection vulnerability in anket.asp in Proxy Anket 3.0.1 allows r ...)
	NOT-FOR-US: Proxy Anket
CVE-2007-4836 (Cross-site scripting (XSS) vulnerability in index.php in phpMyQuote 0. ...)
	NOT-FOR-US: phpMyQuote
CVE-2007-4835 (SQL injection vulnerability in index.php in phpMyQuote 0.20 allows rem ...)
	NOT-FOR-US: phpMyQuote
CVE-2007-4834 (Multiple PHP remote file inclusion vulnerabilities in phpRealty 0.02 a ...)
	NOT-FOR-US: phpRealty
CVE-2007-4833 (Unspecified vulnerability in the Edge Component in IBM WebSphere Appli ...)
	NOT-FOR-US: IBM WebSphere
CVE-2007-4832 (Format string vulnerability in CellFactor Revolution 1.03 and earlier  ...)
	NOT-FOR-US: CellFactor Revolution
CVE-2007-4831 (Multiple cross-site scripting (XSS) vulnerabilities in account_setting ...)
	NOT-FOR-US: TorrentTrader
CVE-2007-4830 (Cross-site scripting (XSS) vulnerability in CMD_BANDWIDTH_BREAKDOWN in ...)
	NOT-FOR-US: DirectAdmin
CVE-2007-4829 (Directory traversal vulnerability in the Archive::Tar Perl module 1.36 ...)
	- perl 5.10.0-19
	[etch] - perl <not-affected> (Was merged into Perl as of 5.10)
	- libarchive-tar-perl 1.38-1 (low; bug #449544)
	[sarge] - libarchive-tar-perl <no-dsa> (Minor issue)
	[etch] - libarchive-tar-perl <no-dsa> (Minor issue)
CVE-2007-4828 (Cross-site scripting (XSS) vulnerability in the API pretty-printing mo ...)
	- mediawiki 1.10.2-1 (low; bug #442255)
	[etch] - mediawiki <not-affected> (Does not include the vulnerable code)
CVE-2007-4827 (Unspecified vulnerability in the Modbus/TCP Diagnostic function in Min ...)
	NOT-FOR-US: Modbus Slave ActiveX Control
CVE-2007-4826 (bgpd in Quagga before 0.99.9 allows explicitly configured BGP peers to ...)
	{DSA-1382-1}
	- quagga 0.99.9-1 (low; bug #442133)
	NOTE: Upstream says that this can only be exploited by configured peers.
CVE-2007-4825 (Directory traversal vulnerability in PHP 5.2.4 and earlier allows atta ...)
	- php5 5.2.5-1 (unimportant)
	- php4 <not-affected> (error message "Allowed memory size of 8388608 bytes exhausted...")
	NOTE: php5 PoC can be reproduced, basedir violations not treated as security problems
CVE-2007-4824 (Multiple cross-application scripting (XAS) vulnerabilities in Google P ...)
	NOT-FOR-US: Google Picasa
CVE-2007-4823 (Multiple buffer overflows in Google Picasa have unspecified attack vec ...)
	NOT-FOR-US: Google Picasa
CVE-2007-4822 (Cross-site request forgery (CSRF) vulnerability in the device manageme ...)
	NOT-FOR-US: Buffalo AirStation firmware
CVE-2007-4821 (Buffer overflow in a certain ActiveX control in officeviewer.ocx 5.2.2 ...)
	NOT-FOR-US: EDraw Office Viewer
CVE-2007-4820 (Absolute path traversal vulnerability in blanko.preview.php in Sisfo K ...)
	NOT-FOR-US: Sisfo Kampus
CVE-2007-4819 (Multiple cross-site scripting (XSS) vulnerabilities in Txx CMS 0.2 all ...)
	NOT-FOR-US: Txx CMS
CVE-2007-4818 (Multiple PHP remote file inclusion vulnerabilities in Txx CMS 0.2 allo ...)
	NOT-FOR-US: Txx CMS
CVE-2007-4817 (Unrestricted file upload vulnerability in the Restaurante (com_restaur ...)
	NOT-FOR-US: Joomla component
	NOTE: not included in standard joomla installation, joomla has an itp though
CVE-2007-4816 (Multiple buffer overflows in the BaoFeng2 storm ActiveX control in Mps ...)
	NOT-FOR-US: BaoFeng2
CVE-2007-4815 (Multiple PHP remote file inclusion vulnerabilities in WebED in Markus  ...)
	NOT-FOR-US: WebED
CVE-2007-4814 (Buffer overflow in the SQLServer ActiveX control in the Distributed Ma ...)
	NOT-FOR-US: Microsoft SQL Server Enterprise Manager
CVE-2007-4813 (Cross-site scripting (XSS) vulnerability in Domino Blogsphere 3.01 Bet ...)
	NOT-FOR-US: Domino Blogsphere
CVE-2007-4812 (Buffer overflow in Apple Safari 3.0.3 522.15.5, and other versions bef ...)
	NOT-FOR-US: Mac OS
CVE-2007-4811 (Multiple cross-site scripting (XSS) vulnerabilities in Netjuke 1.0-rc2 ...)
	NOT-FOR-US: Netjuke
CVE-2007-4810 (Multiple SQL injection vulnerabilities in Netjuke 1.0-rc2 allow remote ...)
	NOT-FOR-US: Netjuke
CVE-2007-4809 (Multiple PHP remote file inclusion vulnerabilities in Online Fantasy F ...)
	NOT-FOR-US: Online Fantasy Football League
CVE-2007-4808 (Multiple SQL injection vulnerabilities in TLM CMS 3.2 allow remote att ...)
	NOT-FOR-US: TLM CMS
CVE-2007-4807 (Multiple PHP remote file inclusion vulnerabilities in Focus/SIS 2.2 al ...)
	NOT-FOR-US: Focus/SIS
CVE-2007-4806 (PHP remote file inclusion vulnerability in modules/Discipline/Category ...)
	NOT-FOR-US: Focus/SIS
CVE-2007-4805 (Directory traversal vulnerability in getgalldata.php in fuzzylime (cms ...)
	NOT-FOR-US: Fuzzylime CMS
CVE-2007-4804 (Multiple SQL injection vulnerabilities in AuraCMS 1.5rc allow remote a ...)
	NOT-FOR-US: AuraCMS
CVE-2007-4803 (Buffer overflow in AtomixMP3 2.3 allows user-assisted remote attackers ...)
	NOT-FOR-US: AtomixMP3
CVE-2007-4802 (Multiple heap-based buffer overflows in GlobalLink 2.7.0.8 allow remot ...)
	NOT-FOR-US: GlobalLink
CVE-2007-4801
	RESERVED
CVE-2007-4800
	RESERVED
CVE-2007-4799 (The perfstat kernel extension in bos.perf.perfstat in AIX 5.3 does not ...)
	NOT-FOR-US: AIX perfstat kernel extension
CVE-2007-4798 (Unspecified vulnerability in invscout in Inventory Scout in invscout.r ...)
	NOT-FOR-US: invscout
CVE-2007-4797 (Multiple buffer overflows in unspecified svprint (System V print) comm ...)
	NOT-FOR-US: System V print
CVE-2007-4796 (Buffer overflow in uucp in bos.net.uucp in IBM AIX 5.2 and 5.3 allows  ...)
	NOT-FOR-US: uucp IBM AIX
CVE-2007-4795 (Buffer overflow in mkpath in bos.rte.methods in IBM AIX 5.2 and 5.3 al ...)
	NOT-FOR-US: mkpath IBM AIX
CVE-2007-4794 (Buffer overflow in fcstat in devices.common.IBM.fc.rte in IBM AIX 5.2  ...)
	NOT-FOR-US: fcstat IBM AIX
CVE-2007-4793 (Buffer overflow in xlplm in plm.server.rte in IBM AIX 5.2 and 5.3 allo ...)
	NOT-FOR-US: xlplm IBM AIX
CVE-2007-4792 (Buffer overflow in ibstat in devices.common.IBM.ib.rte in IBM AIX 5.3  ...)
	NOT-FOR-US: ibstat IBM AIX
CVE-2007-4791 (Buffer overflow in the swcons command in bos.rte.console in IBM AIX 5. ...)
	NOT-FOR-US: swcons IBM AIX
CVE-2007-4790 (Stack-based buffer overflow in certain ActiveX controls in (1) FPOLE.O ...)
	NOT-FOR-US: Microsoft Visual FoxPro
CVE-2007-4789 (Cisco Content Switching Modules (CSM) 4.2 before 4.2.7, and Cisco Cont ...)
	NOT-FOR-US: Cisco CSM
CVE-2007-4788 (Cisco Content Switching Modules (CSM) 4.2 before 4.2.3a, and Cisco Con ...)
	NOT-FOR-US: Cisco CSM
CVE-2007-4787 (The virus detection engine in Sophos Anti-Virus before 2.49.0 does not ...)
	NOT-FOR-US: Sophos Anti-Virus
CVE-2007-4786 (Cisco Adaptive Security Appliance (ASA) running PIX 7.0 before 7.0.7.1 ...)
	NOT-FOR-US: Cisco ASA
CVE-2007-4785 (Sony Micro Vault Fingerprint Access Software, as distributed with Sony ...)
	NOT-FOR-US: Sony Micro Vault
CVE-2007-4784 (The setlocale function in PHP before 5.2.4 allows context-dependent at ...)
	- php5 5.2.5-1 (unimportant; bug #441972)
	NOTE: Only triggerable by malicious script
CVE-2007-4783 (The iconv_substr function in PHP 5.2.4 and earlier allows context-depe ...)
	- php5 5.2.5-1 (unimportant; bug #441972)
	NOTE: Only triggerable by malicious script
CVE-2007-4782 (PHP before 5.2.3 allows context-dependent attackers to cause a denial  ...)
	- php5 5.2.3-1 (unimportant)
	NOTE: Only triggerable by malicious script
CVE-2007-4781 (administrator/index.php in the installer component (com_installer) in  ...)
	NOT-FOR-US: Joomla!
CVE-2007-4780 (Joomla! 1.5 before RC2 (aka Endeleo) allows remote attackers to obtain ...)
	NOT-FOR-US: Joomla!
CVE-2007-4779 (Cross-site scripting (XSS) vulnerability in Joomla! 1.5 before RC2 (ak ...)
	NOT-FOR-US: Joomla!
CVE-2007-4778 (Multiple SQL injection vulnerabilities in the content component (com_c ...)
	NOT-FOR-US: Joomla!
CVE-2007-4777 (SQL injection vulnerability in Joomla! 1.5 before RC2 (aka Endeleo) al ...)
	NOT-FOR-US: Joomla!
CVE-2007-4776 (Buffer overflow in Microsoft Visual Basic 6.0 and Enterprise Edition 6 ...)
	NOT-FOR-US: Microsoft Visual Basic
CVE-2007-4775
	RESERVED
CVE-2007-4774 (The Linux kernel before 2.4.36-rc1 has a race condition. It was possib ...)
	- linux <not-affected> (Fixed before src:linux-2.6 -> src:linux rename)
	NOTE: https://osdn.net/projects/linux-kernel-docs/scm/git/linux-2.4.36/listCommit?skip=60
CVE-2007-4773 (Systrace before 1.6.0 has insufficient escape policy enforcement. ...)
	- systrace <removed>
CVE-2007-4772 (The regular expression parser in TCL before 8.4.17, as used in Postgre ...)
	{DSA-1463-1 DSA-1460-1}
	- postgresql-8.2 8.2.6-1
	- postgresql-8.1 8.1.11-1
	- tcl8.3 8.3.5-13 (low)
	[etch] - tcl8.3 <no-dsa> (Minor issue)
	- tcl8.4 8.4.17-1 (low)
	[etch] - tcl8.4 <no-dsa> (Minor issue)
	[sarge] - postgresql <unfixed>
CVE-2007-4771 (Heap-based buffer overflow in the doInterval function in regexcmp.cpp  ...)
	{DSA-1511-1}
	- icu 3.8-6 (bug #463688)
CVE-2007-4770 (libicu in International Components for Unicode (ICU) 3.8.1 and earlier ...)
	{DSA-1511-1}
	- icu 3.8-6 (bug #463688)
CVE-2007-4769 (The regular expression parser in TCL before 8.4.17, as used in Postgre ...)
	{DSA-1463-1 DSA-1460-1}
	- postgresql-8.2 8.2.6-1
	- postgresql-8.1 8.1.11-1
	- tcl8.3 <not-affected> (only builds with UCS-4 internal char encoding affected, Debian builds use UCS-2 referring to maintainer)
	- tcl8.4 <not-affected> (only builds with UCS-4 internal char encoding affected, Debian builds use UCS-2 referring to maintainer)
	[sarge] - postgresql <unfixed>
CVE-2007-4768 (Heap-based buffer overflow in Perl-Compatible Regular Expression (PCRE ...)
	{DSA-1570-1 DSA-1399-1 DTSA-77-1}
	- pcre3 7.3-1
	- kazehakase 0.5.2-1
	- glib2.0 2.14.3-1 (unimportant)
	NOTE: glib only embeds pcre in the udeb, no attack vector
CVE-2007-4767 (Perl-Compatible Regular Expression (PCRE) library before 7.3 does not  ...)
	{DSA-1570-1 DSA-1399-1 DTSA-77-1}
	- pcre3 7.3-1
	- kazehakase 0.5.2-1
	- glib2.0 2.14.3-1 (unimportant)
	NOTE: glib only embeds pcre in the udeb, no attack vector
CVE-2007-4766 (Multiple integer overflows in Perl-Compatible Regular Expression (PCRE ...)
	{DSA-1570-1 DSA-1399-1 DTSA-77-1}
	- pcre3 7.3-1
	- kazehakase 0.5.2-1
	- glib2.0 2.14.3-1 (unimportant)
	NOTE: glib only embeds pcre in the udeb, no attack vector
CVE-2007-4765
	RESERVED
CVE-2007-4764 (Directory traversal vulnerability in pawfaliki.php in Pawfaliki 0.5.1  ...)
	NOT-FOR-US: Pawfaliki
CVE-2007-4763 (PHP remote file inclusion vulnerability in dbmodules/DB_adodb.class.ph ...)
	NOT-FOR-US: PHPOF
CVE-2007-4762 (Multiple SQL injection vulnerabilities in embadmin/login.asp in E-SMAR ...)
	NOT-FOR-US: E-SMARTCART
CVE-2007-4761 (Unrestricted file upload vulnerability in upload.php in Barbo91 1.1 al ...)
	NOT-FOR-US: Barbo91
CVE-2007-4760 (The javadoc tool in Cosminexus Developer's Kit for Java in Cosminexus  ...)
	NOT-FOR-US: Cosminexus Developer's Kit
CVE-2007-4759 (Multiple unspecified vulnerabilities in the image-processing APIs in C ...)
	NOT-FOR-US: Cosminexus Developer's Kit
CVE-2007-4758 (Multiple buffer overflows in the image-processing APIs in Cosminexus D ...)
	NOT-FOR-US: Cosminexus Developer's Kit
CVE-2007-4757 (PHP remote file inclusion vulnerability in menu.php in phpMytourney al ...)
	NOT-FOR-US: phpMytourney
CVE-2007-4756 (Directory traversal vulnerability in the FTP client in Total Commander ...)
	NOT-FOR-US: Total Commander
CVE-2007-4755 (Alien Arena 2007 6.10 and earlier allows remote attackers to cause a d ...)
	- alien-arena 6.05-4.1 (low; bug #442075)
CVE-2007-4754 (Format string vulnerability in the safe_bprintf function in acesrc/ace ...)
	- alien-arena 6.05-4.1 (medium; bug #442075)
CVE-2007-4753 (The Thomson ST 2030 SIP phone with software 1.52.1 allows remote attac ...)
	NOT-FOR-US: Thomson ST 2030 SIP phone
CVE-2007-4751 (RemoteDocs R-Viewer before 1.6.3768 stores encrypted RDZ file data in  ...)
	NOT-FOR-US: RemoteDocs R-Viewer
CVE-2007-4750 (Unspecified vulnerability in RemoteDocs R-Viewer before 1.6.3768 allow ...)
	NOT-FOR-US: RemoteDocs R-Viewer
CVE-2007-4749 (The cmdjob utility in Autodesk Backburner 3.0.2 allows remote attacker ...)
	NOT-FOR-US: Autodesk Backburner
CVE-2007-4752 (ssh in OpenSSH before 4.7 does not properly handle when an untrusted c ...)
	{DSA-1576-1}
	- openssh 1:4.7p1-1 (low; bug #444738)
	[etch] - openssh <no-dsa> (minor issue in weak security measure)
	[sarge] - openssh <no-dsa> (minor issue in weak security measure)
	NOTE: An exploit needs limited control over the machine running a
	NOTE: trusted X client, so this is only a slight privilege
	NOTE: escalation. The X Security extension is merely an afterthought
	NOTE: and is unlikely to provide strong security guarantees.
CVE-2007-4748 (Buffer overflow in the PowerPlayer.dll ActiveX control in PPStream 2.0 ...)
	NOT-FOR-US: PowerPlayer
CVE-2007-4747 (The telnet service in Cisco Video Surveillance IP Gateway Encoder/Deco ...)
	NOT-FOR-US: Cisco firmware
CVE-2007-4746 (The Cisco Video Surveillance IP Gateway Encoder/Decoder (Standalone an ...)
	NOT-FOR-US: Cisco firmware
CVE-2007-4745 (Multiple cross-site scripting (XSS) vulnerabilities in the AkoBook 3.4 ...)
	NOT-FOR-US: AkoBook
CVE-2007-4744 (PHP remote file inclusion vulnerability in environment.php in AnyInven ...)
	NOT-FOR-US: AnyInventory
CVE-2007-4742 (Claroline before 1.8.6 allows remote authenticated administrators to o ...)
	NOT-FOR-US: Claroline
CVE-2007-4741 (Cross-site scripting (XSS) vulnerability in admin/adminusers.php in Cl ...)
	NOT-FOR-US: Claroline
CVE-2007-4740 (The HPRevolutionRegistryManager ActiveX control in Hp.Revolution.Regis ...)
	NOT-FOR-US: HPRevolutionRegistryManager
CVE-2007-4739 (reprepro 1.3.0 through 2.2.3 does not properly verify signatures when  ...)
	{DSA-1394-1}
	- reprepro 2.2.4-1 (high; bug #440535)
	NOTE: patch for etch in the BTS
	[sarge] - reprepro <not-affected> (Vulnerable code introduced in 1.3.0)
CVE-2007-4738 (Multiple PHP remote file inclusion vulnerabilities in SpeedTech PHP Li ...)
	NOT-FOR-US: SpeedTech PHP Library
CVE-2007-4737 (Multiple PHP remote file inclusion vulnerabilities in SpeedTech PHP Li ...)
	NOT-FOR-US: SpeedTech PHP Library
CVE-2007-4736 (SQL injection vulnerability in category.php in CartKeeper CKGold Shopp ...)
	NOT-FOR-US: CartKeeper CKGold Shopping Cart
CVE-2007-4735 (Buffer overflow in Next Generation Software Virtual DJ (VDJ) 5.0 allow ...)
	NOT-FOR-US: Virtual DJ
CVE-2007-4734 (Buffer overflow in Ots Labs OTSTurntables 1.00 allows user-assisted re ...)
	NOT-FOR-US: OTSTurntables
CVE-2007-4733 (The Aztech DSL600EU router, when WAN access to the web interface is di ...)
	NOT-FOR-US: Aztech firmware
CVE-2007-4732 (Unspecified vulnerability in the strfreectty function in the Special F ...)
	NOT-FOR-US: Special File System
CVE-2007-4743 (The original patch for CVE-2007-3999 in svc_auth_gss.c in the RPCSEC_G ...)
	{DSA-1387-1 DSA-1367-1}
	- krb5 1.6.dfsg.1-7 (high; bug #441209)
	[sarge] - krb5 <not-affected> (Vulnerable code not present)
	- librpcsecgss 0.14-4 (high; bug #441393)
	NOTE: http://article.gmane.org/gmane.comp.encryption.kerberos.announce/86
	NOTE: 1.6.dfsg.1-7 somehow already includes the updated version
CVE-2007-4731 (Stack-based buffer overflow in the TMregChange function in TMReg.dll i ...)
	NOT-FOR-US: Trend Micro ServerProtect
CVE-2007-4730 (Buffer overflow in the compNewPixmap function in compalloc.c in the Co ...)
	{DSA-1372-1 DTSA-73-1}
	- xorg-server 2:1.4-1
	NOTE: XFree86 is not affected
CVE-2007-4729
	RESERVED
CVE-2007-4728
	RESERVED
CVE-2007-4727 (Buffer overflow in the fcgi_env_add function in mod_proxy_backend_fast ...)
	{DSA-1362-1}
	- lighttpd 1.4.18-1 (medium; bug #441555)
	NOTE: http://www.lighttpd.net/assets/2007/9/9/lighttpd_sa_2007_12.txt
	NOTE: http://www.lighttpd.net/download/lighttpd-1.4.x_mod_fastcgi_overrun.patch
	NOTE: http://www.milw0rm.com/exploits/4391
CVE-2007-4726 (Directory traversal vulnerability in Web Oddity 0.09b allows remote at ...)
	NOT-FOR-US: Web Oddity
CVE-2007-4725 (Stack consumption vulnerability in AkkyWareHOUSE 7-zip32.dll before 4. ...)
	NOT-FOR-US: AkkyWareHOUSE
CVE-2007-4724 (Cross-site request forgery (CSRF) vulnerability in cal2.jsp in the cal ...)
	- tomcat5.5 <not-affected> (Version already ships fixed files)
	- tomcat5 <removed> (unimportant; bug #441205)
	- libservlet2.4-java 5.0.30-6 (unimportant)
	NOTE: DSA should not be required, minor issue, jsp just present as example
CVE-2007-4723 (Directory traversal vulnerability in Ragnarok Online Control Panel 4.3 ...)
	NOT-FOR-US: Ragnarok
CVE-2007-4722 (Multiple stack-based buffer overflows in the Quantum Streaming Interne ...)
	NOT-FOR-US: Quantum Streaming
CVE-2007-4721
	REJECTED
CVE-2007-4720 (Unspecified vulnerability in the Shared Trace Service in Hitachi JP1/C ...)
	NOT-FOR-US: Hitachi
CVE-2007-4719 (SQL injection vulnerability in read.php in 212cafeBoard 6.30 Beta allo ...)
	NOT-FOR-US: 212cafeBoard
CVE-2007-4718 (Directory traversal vulnerability in inc/lib/language.lib.php in Claro ...)
	NOT-FOR-US: Claroline
CVE-2007-4717 (Multiple cross-site scripting (XSS) vulnerabilities in Claroline befor ...)
	NOT-FOR-US: Claroline
CVE-2007-4716 (Multiple SQL injection vulnerabilities in PHD Help Desk before 1.31 al ...)
	NOT-FOR-US: PHD Help Desk
CVE-2007-4715 (Multiple PHP remote file inclusion vulnerabilities in Weblogicnet allo ...)
	NOT-FOR-US: Weblogicnet
CVE-2007-4714 (SQL injection vulnerability in error_view.php in Yvora 1.0 allows remo ...)
	NOT-FOR-US: Yvora
CVE-2007-4713 (Multiple cross-site scripting (XSS) vulnerabilities in urchin.cgi in U ...)
	NOT-FOR-US: Urchin
CVE-2007-4712 (PHP remote file inclusion vulnerability in index.php in eNetman 1 allo ...)
	NOT-FOR-US: eNetman
CVE-2007-4711 (Multiple cross-site scripting (XSS) vulnerabilities in Toms Gaestebuch ...)
	NOT-FOR-US: Toms Gaestebuch
CVE-2007-4710 (Unspecified vulnerability in ColorSync in Apple Mac OS X 10.4.11 allow ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2007-4709 (Directory traversal vulnerability in CFNetwork in Apple Mac OS X 10.5. ...)
	NOT-FOR-US: CFNetwork (Apple Mac OS X)
CVE-2007-4708 (Format string vulnerability in Address Book in Apple Mac OS X 10.4.11  ...)
	NOT-FOR-US: Address Book (Apple Mac OS X)
CVE-2007-4707 (Multiple unspecified vulnerabilities in the Flash media handler in App ...)
	NOT-FOR-US: Apple QuickTime
CVE-2007-4706 (Heap-based buffer overflow in Apple QuickTime before 7.3.1 allows remo ...)
	NOT-FOR-US: Apple QuickTime
CVE-2007-4705
	RESERVED
CVE-2007-4704 (The Application Firewall in Apple Mac OS X 10.5 does not apply changed ...)
	NOT-FOR-US: Mac OS X
CVE-2007-4703 (The Application Firewall in Apple Mac OS X 10.5 does not prevent a roo ...)
	NOT-FOR-US: Mac OS X
CVE-2007-4702 (The Application Firewall in Apple Mac OS X 10.5, when "Block all incom ...)
	NOT-FOR-US: Mac OS X
CVE-2007-4701 (WebKit on Apple Mac OS X 10.4 through 10.4.10 does not create temporar ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2007-4700 (Unspecified vulnerability in WebKit on Apple Mac OS X 10.4 through 10. ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2007-4699 (The default configuration of Safari in Apple Mac OS X 10.4 through 10. ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2007-4698 (Apple Safari 3 before Beta Update 3.0.4 on Windows, and Mac OS X 10.4  ...)
	NOT-FOR-US: Apple Mac OS X, Windows
CVE-2007-4697 (Unspecified vulnerability in WebCore in Apple Mac OS X 10.4 through 10 ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2007-4696 (Race condition in WebCore in Apple Mac OS X 10.4 through 10.4.10 allow ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2007-4695 (Unspecified "input validation" vulnerability in WebCore in Apple Mac O ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2007-4694 (Safari in Apple Mac OS X 10.4 through 10.4.10 allows remote attackers  ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2007-4693 (The SecurityAgent component in Mac OS X 10.4 through 10.4.10 allows at ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2007-4692 (The tabbed browsing feature in Apple Safari 3 before Beta Update 3.0.4 ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2007-4691 (The NSURL component in Apple Mac OS X 10.4 through 10.4.10 performs ca ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2007-4690 (Double free vulnerability in the NFS component in Apple Mac OS X 10.4  ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2007-4689 (Double free vulnerability in the Networking component in Apple Mac OS  ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2007-4688 (The Networking component in Apple Mac OS X 10.4 through 10.4.10 allows ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2007-4687 (The remote_cmds component in Apple Mac OS X 10.4 through 10.4.10 conta ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2007-4686 (Integer signedness error in the ttioctl function in bsd/kern/tty.c in  ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2007-4685 (The kernel in Apple Mac OS X 10.4 through 10.4.10 allows local users t ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2007-4684 (Integer overflow in the kernel in Apple Mac OS X 10.4 through 10.4.10  ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2007-4683 (Directory traversal vulnerability in the kernel in Apple Mac OS X 10.4 ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2007-4682 (CoreText in Apple Mac OS X 10.4 through 10.4.10 allows attackers to ca ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2007-4681 (Buffer overflow in CoreFoundation in Apple Mac OS X 10.3.9 and 10.4 th ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2007-4680 (CFNetwork in Apple Mac OS X 10.3.9 and 10.4 through 10.4.10 does not p ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2007-4679 (CFFTP in CFNetwork for Apple Mac OS X 10.4 through 10.4.10 allows remo ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2007-4678 (AppleRAID in Apple Mac OS X 10.3.9 and 10.4 through 10.4.10 allows att ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2007-4677 (Heap-based buffer overflow in Apple QuickTime before 7.3 allows remote ...)
	NOT-FOR-US: Apple QuickTime
CVE-2007-4676 (Heap-based buffer overflow in Apple QuickTime before 7.3 allows remote ...)
	NOT-FOR-US: Apple QuickTime
CVE-2007-4675 (Heap-based buffer overflow in the QuickTime VR extension 7.2.0.240 in  ...)
	NOT-FOR-US: Apple QuickTime
CVE-2007-4674 (An "integer arithmetic" error in Apple QuickTime 7.2 allows remote att ...)
	NOT-FOR-US: Apple QuickTime
CVE-2007-4673 (Argument injection vulnerability in Apple QuickTime 7.2 for Windows XP ...)
	NOT-FOR-US: Apple QuickTime
CVE-2007-4672 (Stack-based buffer overflow in Apple QuickTime before 7.3 allows remot ...)
	NOT-FOR-US: Apple QuickTime
CVE-2007-4671 (Unspecified vulnerability in Safari in Apple iPhone 1.1.1, and Safari  ...)
	NOT-FOR-US: Safari
CVE-2007-4670 (Unspecified vulnerability in PHP before 5.2.4 has unknown impact and a ...)
	- php5 5.2.4-1 (unimportant)
	- php4 <removed> (unimportant)
	NOTE: This refers to an improved fix for MOPB 03-2007, which is CVE-2007-1285 and a non-issue
CVE-2007-4669 (The Services API in Firebird before 2.0.2 allows remote authenticated  ...)
	{DSA-1529-1}
	- firebird2.0 2.0.3.12981.ds1-1 (bug #441405)
	[etch] - firebird2 <no-dsa> (Fixed packages have been released through backports.org, see #1529)
	[sarge] - firebird2 <unfixed>
CVE-2007-4668 (Unspecified vulnerability in the server in Firebird before 2.0.2 allow ...)
	{DSA-1529-1}
	- firebird2.0 2.0.3.12981.ds1-1 (bug #441405)
	[etch] - firebird2 <no-dsa> (Fixed packages have been released through backports.org, see #1529)
	[sarge] - firebird2 <unfixed>
CVE-2007-4667 (Unspecified vulnerability in the Services API in Firebird before 2.0.2 ...)
	{DSA-1529-1}
	- firebird2.0 2.0.3.12981.ds1-1 (bug #441405)
	[etch] - firebird2 <no-dsa> (Fixed packages have been released through backports.org, see #1529)
	[sarge] - firebird2 <unfixed>
CVE-2007-4666 (Unspecified vulnerability in the server in Firebird before 2.0.2, when ...)
	{DSA-1529-1}
	- firebird2.0 2.0.3.12981.ds1-1 (bug #441405)
	[etch] - firebird2 <no-dsa> (Fixed packages have been released through backports.org, see #1529)
	[sarge] - firebird2 <unfixed>
CVE-2007-4665 (Unspecified vulnerability in the server in Firebird before 2.0.2 allow ...)
	{DSA-1529-1}
	- firebird2.0 2.0.3.12981.ds1-1 (bug #441405)
	[etch] - firebird2 <no-dsa> (Fixed packages have been released through backports.org, see #1529)
	[sarge] - firebird2 <unfixed>
CVE-2007-4664 (Unspecified vulnerability in the (1) attach database and (2) create da ...)
	{DSA-1529-1}
	- firebird2.0 2.0.3.12981.ds1-1 (bug #441405)
	[etch] - firebird2 <no-dsa> (Fixed packages have been released through backports.org, see #1529)
	[sarge] - firebird2 <unfixed>
CVE-2007-4663 (Directory traversal vulnerability in PHP before 5.2.4 allows attackers ...)
	- php5 5.2.4-1 (unimportant)
	NOTE: open_basedir not supported
CVE-2007-4662 (Buffer overflow in the php_openssl_make_REQ function in PHP before 5.2 ...)
	{DSA-1444-1 DTSA-61-1}
	- php5 5.2.4-1
	NOTE: fixed in php5/etch svn
	NOTE: fix is at http://cvs.php.net/viewcvs.cgi/php-src/ext/openssl/openssl.c?r1=1.146&r2=1.147
CVE-2007-4661 (The chunk_split function in string.c in PHP 5.2.3 does not properly ca ...)
	- php5 5.2.4-1 (unimportant)
	NOTE: This CVE refers to an incomplete fix for CVE-2007-2872, an issue only
	NOTE: triggerable by malicious script
CVE-2007-4660 (Unspecified vulnerability in the chunk_split function in PHP before 5. ...)
	{DSA-1444-1 DTSA-61-1}
	- php5 5.2.4-1
	NOTE: fixed in php5/etch svn
	NOTE: http://cvs.php.net/viewvc.cgi/php-src/ext/standard/string.c?r1=1.445.2.14.2.60&r2=1.445.2.14.2.61&pathrev=PHP_5_2
	NOTE: http://cvs.php.net/viewvc.cgi/php-src/ext/standard/string.c?r1=1.445.2.14.2.61&r2=1.445.2.14.2.62&pathrev=PHP_5_2
CVE-2007-4659 (The zend_alter_ini_entry function in PHP before 5.2.4 does not properl ...)
	{DTSA-61-1}
	- php5 5.2.4-1 (low)
	[etch] - php5 <no-dsa> (Backport prone to regressions, causes more problems that it does resolved, minor issue anyway)
CVE-2007-4658 (The money_format function in PHP 5 before 5.2.4, and PHP 4 before 4.4. ...)
	{DSA-1444-1 DTSA-61-1}
	- php5 5.2.4-1 (low)
	NOTE: fixed in php5/etch svn
	NOTE: http://cvs.php.net/viewcvs.cgi/php-src/ext/standard/string.c?r1=1.640&r2=1.641, starting "Line 7667"
	NOTE: limited format string vulnerability, the will be put into strfmon and the format string chars are limited to i,n and %
CVE-2007-4657 (Multiple integer overflows in PHP 4 before 4.4.8, and PHP 5 before 5.2 ...)
	{DSA-1578-1 DSA-1444-1 DTSA-61-1}
	- php5 5.2.4-1
	- php4 <removed>
	NOTE: http://cvs.php.net/viewcvs.cgi/php-src/ext/standard/string.c?r1=1.640&r2=1.641
	NOTE: Only exploitable by malicious script
CVE-2007-4656 (backup-manager-upload in Backup Manager before 0.6.3 provides the FTP  ...)
	{DSA-1518-1}
	- backup-manager 0.7.6-3 (bug #439392)
CVE-2007-4655 (Multiple directory traversal vulnerabilities in CGI RESCUE Shopping Ba ...)
	NOT-FOR-US: CGI RESCUE Shopping Basket
CVE-2007-4654 (Unspecified vulnerability in SSHield 1.6.1 with OpenSSH 3.0.2p1 on Cis ...)
	NOT-FOR-US: SSHield
CVE-2007-4653 (SQL injection vulnerability in links.php in the Links MOD 1.2.2 and ea ...)
	NOT-FOR-US: Cisco Content Services Switch
CVE-2007-4652 (The session extension in PHP before 5.2.4 might allow local users to b ...)
	- php5 5.2.4-1 (unimportant)
	NOTE: open_basedir() not supported
CVE-2007-4651 (Unspecified vulnerability in Adobe Connect Enterprise Server 6 allows  ...)
	NOT-FOR-US: Adobe Connect Enterprise Server
CVE-2007-4650 (Multiple unspecified vulnerabilities in Gallery before 2.2.3 allow att ...)
	{DSA-1404-1}
	- gallery2 2.2.3-1
	NOTE: does not affect gallery 1.x (package 'gallery')
CVE-2007-4649 (MicroWorld eScan Virus Control 9.0.722.1, Anti-Virus 9.0.722.1, and In ...)
	NOT-FOR-US: MicroWorld eScan Virus Contro
CVE-2007-4648 (The nvcoaft51 driver in Norman Virus Control (NVC) 5.82 uses weak perm ...)
	NOT-FOR-US: Norman Virus Control
CVE-2007-4647 (newswire/uploadmedia.cgi in 2coolcode Our Space (Ourspace) 2.0.9 allow ...)
	NOT-FOR-US: Ourspace
CVE-2007-4646 (Buffer overflow in the pop3 service in Hexamail Server 3.0.0.001 Lite  ...)
	NOT-FOR-US: Hexamail
CVE-2007-4645 (SQL injection vulnerability in index.php in NMDeluxe 2.0.0 allows remo ...)
	NOT-FOR-US: NMDeluxe
CVE-2007-4644 (Format string vulnerability in the Cl_GetPackets function in cl_main.c ...)
	NOT-FOR-US: Doomsday/deng
CVE-2007-4643 (Integer underflow in Doomsday (aka deng) 1.9.0-beta5.1 and earlier all ...)
	NOT-FOR-US: Doomsday/deng
CVE-2007-4642 (Multiple buffer overflows in Doomsday (aka deng) 1.9.0-beta5.1 and ear ...)
	NOT-FOR-US: Doomsday/deng
CVE-2007-4641 (Directory traversal vulnerability in index.php in Pakupaku CMS 0.4 and ...)
	NOT-FOR-US: Pakupaku
CVE-2007-4640 (Unrestricted file upload vulnerability in index.php in Pakupaku CMS 0. ...)
	NOT-FOR-US: Pakupaku
CVE-2007-4639 (EnterpriseDB Advanced Server 8.2 does not properly handle certain debu ...)
	NOT-FOR-US: EnterpriseDB
CVE-2007-4638 (Blizzard Entertainment StarCraft Brood War 1.15.1 and earlier allows r ...)
	NOT-FOR-US: StarCraft
CVE-2007-4637 (xGB.php in xGB 2.0 does not require authentication for an admin edit a ...)
	NOT-FOR-US: xGB
CVE-2007-4636 (Multiple PHP remote file inclusion vulnerabilities in phpBG 0.9.1 allo ...)
	NOT-FOR-US: phpBG
CVE-2007-4635 (Yahoo! Messenger 8.1.0.209 and 8.1.0.402 allows remote attackers to ca ...)
	NOT-FOR-US: Yahoo! Messenger
CVE-2007-4634 (Multiple SQL injection vulnerabilities in Cisco CallManager and Unifie ...)
	NOT-FOR-US: Cisco
CVE-2007-4633 (Multiple cross-site scripting (XSS) vulnerabilities in Cisco CallManag ...)
	NOT-FOR-US: Cisco
CVE-2007-4632 (Cisco IOS 12.2E, 12.2F, and 12.2S places a "no login" line into the VT ...)
	NOT-FOR-US: Cisco
CVE-2007-4631 (The DataLoader::doStart function in dataloader.cpp in QGit 1.5.6 and o ...)
	- qgit 1.5.5-1.1 (bug #440950; low)
	[etch] - qgit <no-dsa> (Minor issue)
CVE-2007-4630 (Cross-site scripting (XSS) vulnerability in xlaapmview.asp in Absolute ...)
	NOT-FOR-US: Absolute Poll Manager
CVE-2007-4629 (Buffer overflow in the processLine function in maptemplate.c in MapSer ...)
	{DSA-1539-1}
	- mapserver 4.10.3-1
CVE-2007-4628 (SQL injection vulnerability in shownews.php in phpns 1.1 allows remote ...)
	NOT-FOR-US: phpns
CVE-2007-4627 (SQL injection vulnerability in index.php in ABC eStore 3.0 allows remo ...)
	NOT-FOR-US: ABC eStore
CVE-2007-4626 (Unspecified vulnerability in Polipo before 1.0.2 allows remote attacke ...)
	- polipo 1.0.2-1 (low)
	[sarge] - polipo <no-dsa> (Minor issue)
	[etch] - polipo <no-dsa> (Minor issue)
CVE-2007-4625 (Polipo before 1.0.2 allows remote HTTP servers to cause a denial of se ...)
	- polipo 1.0.2-1 (low)
	[sarge] - polipo <no-dsa> (Minor issue)
	[etch] - polipo <no-dsa> (Minor issue)
CVE-2007-4624 (Cross-site scripting (XSS) vulnerability in pframe.php in AbleDesign D ...)
	NOT-FOR-US: AbleDesign Dynamic Picture Frame
CVE-2007-4623 (Stack-based buffer overflow in the sendrmt function in bellmail in IBM ...)
	NOT-FOR-US: IBM AIX
CVE-2007-4622 (Integer underflow in the dns_name_fromtext function in (1) libdns_nons ...)
	NOT-FOR-US: IBM AIX
CVE-2007-4621 (Buffer overflow in crontab in IBM AIX 5.2 allows local users to gain p ...)
	NOT-FOR-US: IBM AIX
CVE-2007-4620 (Multiple stack-based buffer overflows in Computer Associates (CA) Aler ...)
	NOT-FOR-US: CA products
CVE-2007-4619 (Multiple integer overflows in Free Lossless Audio Codec (FLAC) libFLAC ...)
	{DSA-1469-1}
	- flac 1.2.1-1 (medium)
CVE-2007-4618 (Unspecified vulnerability in BEA WebLogic Server 6.1 Gold through SP7  ...)
	NOT-FOR-US: BEA WebLogic
CVE-2007-4617 (Unspecified vulnerability in BEA WebLogic Server 6.1 Gold through SP7, ...)
	NOT-FOR-US: BEA WebLogic
CVE-2007-4616 (The SSL server implementation in BEA WebLogic Server 7.0 Gold through  ...)
	NOT-FOR-US: BEA WebLogic
CVE-2007-4615 (The SSL client implementation in BEA WebLogic Server 7.0 SP7, 8.1 SP2  ...)
	NOT-FOR-US: BEA WebLogic
CVE-2007-4614 (BEA WebLogic Server 9.1 does not properly handle propagation of an adm ...)
	NOT-FOR-US: BEA WebLogic
CVE-2007-4613 (SSL libraries in BEA WebLogic Server 6.1 Gold through SP7, 7.0 Gold th ...)
	NOT-FOR-US: BEA WebLogic
CVE-2007-4612 (CRLF injection vulnerability in contact.php in Moonware (aka Dale Moon ...)
	NOT-FOR-US: Moonware
CVE-2007-4611 (SQL injection vulnerability in viewevent.php in Moonware (aka Dale Moo ...)
	NOT-FOR-US: Moonware
CVE-2007-4610 (Unrestricted file upload vulnerability in config/upload.php in Moonwar ...)
	NOT-FOR-US: Moonware
CVE-2007-4609 (eyeOS uses predictable checksum values in the checknum parameter for a ...)
	NOT-FOR-US: eyeOS
CVE-2007-4608 (PHP remote file inclusion vulnerability in protection.php in ePersonne ...)
	NOT-FOR-US: ePersonnel
CVE-2007-4607 (Buffer overflow in the EasyMailSMTPObj ActiveX control in emsmtp.dll 6 ...)
	NOT-FOR-US: EasyMailSMTPObj ActiveX control
CVE-2007-4606 (PHP remote file inclusion vulnerability in convert/mvcw_conver.php in  ...)
	NOT-FOR-US: Php-Nuke
CVE-2007-4605 (PHP remote file inclusion vulnerability in convert/mvcw.php in Virtual ...)
	NOT-FOR-US: Vwar
CVE-2007-4604 (SQL injection vulnerability in viewitem.php in DL PayCart 1.01 allows  ...)
	NOT-FOR-US: DL PayCart
CVE-2007-4603 (Multiple SQL injection vulnerabilities in index.php in ACG News 1.0 al ...)
	NOT-FOR-US: ACG news
CVE-2007-4602 (SQL injection vulnerability in cms/revert-content.php in Implied by De ...)
	NOT-FOR-US: Micro-CMS
CVE-2007-4600 (The "Protect Worksheet" functionality in Mathsoft Mathcad 12 through 1 ...)
	NOT-FOR-US: Mathsoft Mathcad
CVE-2007-4599 (Stack-based buffer overflow in RealNetworks RealPlayer 10 and possibly ...)
	NOT-FOR-US: RealPlayer
CVE-2007-4598 (IBM SurePOS 500 has (1) a default password of "12345" for the manager  ...)
	NOT-FOR-US: IBM
CVE-2007-4597 (SQL injection vulnerability in index.php in TurnkeyWebTools SunShop Sh ...)
	NOT-FOR-US: SunShop Shopping Cart
CVE-2007-4596 (The perl extension in PHP does not follow safe_mode restrictions, whic ...)
	- php5 <removed> (unimportant)
	NOTE: Safe mode violations not treated as vulnerabilities
CVE-2007-4595 (Cross-site scripting (XSS) vulnerability in Mayaa before 1.1.12 allows ...)
	NOT-FOR-US: Mayaa
CVE-2007-4594 (Entrust Entelligence Security Provider (ESP) 8 does not properly valid ...)
	NOT-FOR-US: Entrust Entelligence Security Provider
CVE-2007-4593 (Unspecified vulnerability in vstor2-ws60.sys in VMWare Workstation 6.0 ...)
	- vmware-package <not-affected> (Only vulnerable on windows hosted systems)
CVE-2007-4592 (Multiple cross-site scripting (XSS) vulnerabilities in the web interfa ...)
	NOT-FOR-US: Rational
CVE-2007-4591 (vstor-ws60.sys in VMWare Workstation 6.0 allows local users to cause a ...)
	- vmware-package <not-affected> (Only vulnerable on windows hosted systems)
CVE-2007-4590 (The get_system_info command in Ignite-UX C.7.0 through C.7.3, and DynR ...)
	NOT-FOR-US: Ignite-UX
CVE-2007-4589 (Multiple cross-site scripting (XSS) vulnerabilities in InterWorx Hosti ...)
	NOT-FOR-US: InterWorx Hosting Control Panel
CVE-2007-4588 (Multiple cross-site scripting (XSS) vulnerabilities in InterWorx Hosti ...)
	NOT-FOR-US: InterWorx Hosting Control Panel
CVE-2007-4587 (Cross-site scripting (XSS) vulnerability in Easy Software Cafeteria es ...)
	NOT-FOR-US: escafeWeb
CVE-2007-4586 (Multiple buffer overflows in php_iisfunc.dll in the iisfunc extension  ...)
	NOT-FOR-US: iisfunc (windows only)
CVE-2007-4585 (Directory traversal vulnerability in activateuser.php in 2532|Gigs 1.2 ...)
	NOT-FOR-US: 2532|Gigs
CVE-2007-4584 (Stack-based buffer overflow in BitchX 1.1 Final allows remote IRC serv ...)
	- ircii-pana <removed> (medium; bug #443544)
CVE-2007-4583 (Multiple absolute path traversal vulnerabilities in the nvUtility.Util ...)
	NOT-FOR-US: ACTi Network Video Recorder
CVE-2007-4582 (Buffer overflow in the nvUnifiedControl.AUnifiedControl.1 ActiveX cont ...)
	NOT-FOR-US: ACTi Network Video Recorder
CVE-2007-4581 (SQL injection vulnerability in acrotxt.php in WBB2-Addon: Acrotxt 1 al ...)
	NOT-FOR-US: WBB2-Addon: Acrotxt 1
CVE-2007-4601 (A regression error in tcp-wrappers 7.6.dbs-10 and 7.6.dbs-11 might all ...)
	- tcp-wrappers 7.6.dbs-12 (bug #405342; medium)
	[etch] - tcp-wrappers <not-affected> (Vulnerability was introduced in -10)
	[sarge] - tcp-wrappers <not-affected> (Vulnerability was introduced in -10)
CVE-2007-4580 (Buffer underflow in redlight.sys in BufferZone 2.1 and 2.5 allows loca ...)
	NOT-FOR-US: BufferZone (Windows)
CVE-2007-4579
	REJECTED
CVE-2007-4578 (Sophos Anti-Virus for Windows and for Unix/Linux before 2.48.0 allows  ...)
	NOT-FOR-US: Sophos
CVE-2007-4577 (Sophos Anti-Virus for Unix/Linux before 2.48.0 allows remote attackers ...)
	NOT-FOR-US: Sophos
CVE-2007-4576
	REJECTED
CVE-2007-4575 (HSQLDB before 1.8.0.9, as used in OpenOffice.org (OOo) 2 before 2.3.1, ...)
	{DSA-1419-1}
	- openoffice.org 2.3.1~rc1-1 (medium; bug #454463)
	- hsqldb 1.8.0.9-1
CVE-2007-4574 (Unspecified vulnerability in the "stack unwinder fixes" in kernel in R ...)
	- linux-2.6 <not-affected> (Redhat specific vulnerability)
	NOTE: I contacted the redhat security team about this, this was caused by an incomplete
	NOTE: backport for stack unwinder fixes in the linux kernel made by them.
	NOTE: redhat sent a reproducer to the vendor-sec list
CVE-2007-4573 (The IA32 system call emulation functionality in Linux kernel 2.4.x and ...)
	{DSA-1504-1 DSA-1381-2 DSA-1378-2 DSA-1378-1}
	- linux-2.6 2.6.22-5 (medium)
CVE-2007-4572 (Stack-based buffer overflow in nmbd in Samba 3.0.0 through 3.0.26a, wh ...)
	{DSA-1409-3 DSA-1409-2 DSA-1409-1}
	- samba 3.0.27-1 (high; bug #451385)
CVE-2007-4571 (The snd_mem_proc_read function in sound/core/memalloc.c in the Advance ...)
	{DSA-1505-1 DSA-1479-1}
	- linux-2.6 2.6.22-5 (low; bug #444571)
	- alsa-driver 1.0.15-1
	NOTE: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=600
	NOTE: http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=ccec6e2c4a74adf76ed4e2478091a311b1806212
	NOTE: very easy to exploit locally
CVE-2007-4570 (Algorithmic complexity vulnerability in the MCS translation daemon in  ...)
	NOT-FOR-US: MCS translation daemon
CVE-2007-4569 (backend/session.c in KDM in KDE 3.3.0 through 3.5.7, when autologin is ...)
	{DSA-1376-1 DTSA-60-1}
	- kdebase 4:3.5.7-4
	[sarge] - kdebase <not-affected> (problem not present in code)
	NOTE: http://www.kde.org/info/security/advisory-20070919-1.txt
CVE-2007-4568 (Integer overflow in the build_range function in X.Org X Font Server (x ...)
	{DSA-1385-1}
	- xfs 1:1.0.5-1
CVE-2007-4567 (The ipv6_hop_jumbo function in net/ipv6/exthdrs.c in the Linux kernel  ...)
	- linux-2.6 2.6.22-1
	[etch] - linux-2.6 <not-affected> (Introduced in 2.6.20)
CVE-2007-4566 (Multiple buffer overflows in the login mechanism in sidvault in Alpha  ...)
	NOT-FOR-US: SIDVault
CVE-2007-4565 (sink.c in fetchmail before 6.3.9 allows context-dependent attackers to ...)
	{DSA-1377-2}
	- fetchmail 6.3.8-8 (bug #440006; low)
	[etch] - fetchmail <no-dsa> (Hardly a security problem)
	[sarge] - fetchmail <not-affected> (problem not present in source)
CVE-2007-4564 (Cosminexus Manager in Cosminexus Application Server 07-00 and later mi ...)
	NOT-FOR-US: Hitachi Cosminexus
CVE-2007-4563 (Cosminexus Manager in Cosminexus Application Server 06-50 and later mi ...)
	NOT-FOR-US: Hitachi Cosminexus
CVE-2007-4562 (Unspecified vulnerability in Hitachi DABroker before 03-02-/D and Cosm ...)
	NOT-FOR-US: Hitachi DABroker
CVE-2007-4561 (Heap-based buffer overflow in the RTSP service in Helix DNA Server bef ...)
	NOT-FOR-US: Helix DNA Server
CVE-2007-4560 (clamav-milter in ClamAV before 0.91.2, when run in black hole mode, al ...)
	{DSA-1366-1}
	- clamav 0.91.2-1~volatile1 (high)
CVE-2007-4559 (Directory traversal vulnerability in the (1) extract and (2) extractal ...)
	- python2.3 <removed> (unimportant)
	- python2.4 <unfixed> (unimportant; bug #440097)
	- python2.5 <unfixed> (unimportant; bug #440099)
	NOTE: According to upstream this is the intended behaviour for the module.
	NOTE: Since this is a library interface to embed Tar functionality into applications
	NOTE: it is in order to not provide the full security safety belts one might
	NOTE: expect from an enduser application like tar(1). Plus, addressing this would
	NOTE: mean to diverge from upstream permanently and could break the behaviour
	NOTE: of external apps. Anyone who wants to see this "fixed" should rather file
	NOTE: a PEP on an improved tar interface with additional security guarantees
	NOTE: provided by design.
CVE-2007-4558
	REJECTED
CVE-2007-4557 (Cross-site scripting (XSS) vulnerability in the webacc servlet in Nove ...)
	NOT-FOR-US: Novell
CVE-2007-4556 (Struts support in OpenSymphony XWork before 1.2.3, and 2.x before 2.0. ...)
	NOT-FOR-US: OpenSymphony XWork
CVE-2007-4555 (Cross-site scripting (XSS) vulnerability in Ipswitch WS_FTP allows rem ...)
	NOT-FOR-US: Ipswitch WS_FTP
CVE-2007-4554 (Cross-site scripting (XSS) vulnerability in tiki-remind_password.php i ...)
	- tikiwiki <removed>
CVE-2007-4553 (The Thomson ST 2030 SIP phone with software 1.52.1 allows remote attac ...)
	NOT-FOR-US: Thomson ST 2030 SIP phone
CVE-2007-4552 (SQL injection vulnerability in index.php in Agares Media Arcadem 2.01  ...)
	NOT-FOR-US: Agares Media Arcadem
CVE-2007-4551 (PHP remote file inclusion vulnerability in index.php in Agares Media A ...)
	NOT-FOR-US: Agares Media Arcadem
CVE-2007-4550 (Format string vulnerability in ALPass 2.7 English and 3.02 Korean migh ...)
	NOT-FOR-US: ALPass
CVE-2007-4549 (Multiple buffer overflows in ALPass 2.7 English and 3.02 Korean allow  ...)
	NOT-FOR-US: ALPass
CVE-2007-4548 (The login method in LoginModule implementations in Apache Geronimo 2.0 ...)
	NOT-FOR-US: Apache Geronimo
CVE-2007-4547 (Unreal Commander 0.92 build 565 and 573 writes portions of heap memory ...)
	NOT-FOR-US: Unreal Commander
CVE-2007-4546 (Unreal Commander 0.92 build 565 and 573 lists the filenames from the C ...)
	NOT-FOR-US: Unreal Commander
CVE-2007-4545 (Multiple directory traversal vulnerabilities in Unreal Commander 0.92  ...)
	NOT-FOR-US: Unreal Commander
CVE-2007-4544 (Cross-site scripting (XSS) vulnerability in wp-newblog.php in WordPres ...)
	NOT-FOR-US: WordPress multi-user (MU)
CVE-2007-4543 (Cross-site scripting (XSS) vulnerability in enter_bug.cgi in Bugzilla  ...)
	- bugzilla 2.22.1-2.2 (low; bug #440106)
	[etch] - bugzilla <no-dsa> (Affected code only shipped in example, minor issue anyway)
	[sarge] - bugzilla <not-affected> (Vulnerable code not present)
CVE-2007-4542 (Multiple cross-site scripting (XSS) vulnerabilities in MapServer befor ...)
	{DSA-1539-1}
	- mapserver 4.10.3-1 (bug #439346)
CVE-2007-4541 (Multiple cross-site scripting (XSS) vulnerabilities in Olate Download  ...)
	NOT-FOR-US: Olate Download
CVE-2007-4540 (Multiple SQL injection vulnerabilities in download.php in Olate Downlo ...)
	NOT-FOR-US: Olate Download
CVE-2007-4539 (The WebService (XML-RPC) interface in Bugzilla 2.23.3 through 3.0.0 do ...)
	- bugzilla <not-affected> (Affected versions were never present in the archive)
CVE-2007-4538 (email_in.pl in Bugzilla 2.23.4 through 3.0.0 allows remote attackers t ...)
	- bugzilla <not-affected> (Affected versions were never present in the archive)
CVE-2007-4537 (Heap-based buffer overflow in the Huffman decompression algorithm impl ...)
	NOT-FOR-US: Skulltag
CVE-2007-4536 (TorrentTrader 1.07 and earlier sets insecure permissions for files in  ...)
	NOT-FOR-US: TorrentTrader
CVE-2007-4535 (The VStr::Resize function in str.cpp in Vavoom 1.24 and earlier allows ...)
	NOT-FOR-US: Vavoom
CVE-2007-4534 (Buffer overflow in the VThinker::BroadcastPrintf function in p_thinker ...)
	NOT-FOR-US: Vavoom
CVE-2007-4533 (Format string vulnerability in the Say command in sv_main.cpp in Vavoo ...)
	NOT-FOR-US: Vavoom
CVE-2007-4532 (Soldat game server 1.4.2 and earlier, and dedicated server 2.6.2 and e ...)
	NOT-FOR-US: Soldat game server
CVE-2007-4531 (Soldat game server 1.4.2 and earlier, and dedicated server 2.6.2 and e ...)
	NOT-FOR-US: Soldat game server
CVE-2007-4530 (Multiple cross-site scripting (XSS) vulnerabilities in TeamSpeak Serve ...)
	- teamspeak-server 2.0.23.19-1
CVE-2007-4529 (The WebAdmin interface in TeamSpeak Server 2.0.20.1 allows remote auth ...)
	- teamspeak-server 2.0.23.19-1
CVE-2007-4528 (The Foreign Function Interface (ffi) extension in PHP 5.0.5 does not f ...)
	NOT-FOR-US: ffi extension for php
CVE-2007-4527 (Unrestricted file upload vulnerability in phUploader.php in phphq.Net  ...)
	NOT-FOR-US: phUploader
CVE-2007-4526 (The Client Login Extension (CLE) in Novell Identity Manager before 3.5 ...)
	NOT-FOR-US: Novell Identity Manager
CVE-2007-4525
	- spip 2.0.6-1
CVE-2007-4524 (PHP remote file inclusion vulnerability in adisplay.php in PhPress 0.2 ...)
	NOT-FOR-US: PhPress
CVE-2007-4523 (Multiple cross-site scripting (XSS) vulnerabilities in Ripe Website Ma ...)
	NOT-FOR-US: Ripe Website Manager
CVE-2007-4522 (Multiple SQL injection vulnerabilities in Ripe Website Manager 0.8.9 a ...)
	NOT-FOR-US: Ripe Website Manager
CVE-2007-4521 (Asterisk Open Source 1.4.5 through 1.4.11, when configured to use an I ...)
	- asterisk <not-affected> (The voicemail backend is not enabled in Debian)
	[sarge] - asterisk <not-affected> (Only Asterisk 1.4.x is affected)
	[etch] - asterisk <not-affected> (Only Asterisk 1.4.x is affected)
	NOTE: Patch: http://lists.digium.com/pipermail/asterisk-commits/2007-August/015743.html
	NOTE: the backend will be enabled in future uploads with a fixed package.
CVE-2007-4520
	RESERVED
CVE-2007-4519
	RESERVED
CVE-2007-4518
	RESERVED
CVE-2007-4517 (Buffer overflow in the XDB.XDB_PITRIG_PKG.PITRIG_DROPMETADATA procedur ...)
	NOT-FOR-US: Oracle
CVE-2007-4516 (The Volume Manager Scheduler Service (aka VxSchedService.exe) in Syman ...)
	NOT-FOR-US: Volume Manager Scheduler Service
CVE-2007-4515 (Buffer overflow in a certain ActiveX control in YVerInfo.dll before 20 ...)
	NOT-FOR-US: Yahoo! Messenger
CVE-2007-4514 (Unspecified vulnerability in HP ProCurve Manager and HP ProCurve Manag ...)
	NOT-FOR-US: HP ProCurve Manager
CVE-2007-4513 (Multiple stack-based buffer overflows in IBM AIX 5.2 and 5.3 allow loc ...)
	NOT-FOR-US: IBM AIX
CVE-2007-4512 (Cross-site scripting (XSS) vulnerability in Sophos Anti-Virus for Wind ...)
	NOT-FOR-US: Sophos Anti-Virus for Windows
CVE-2007-4511 (The Sun Admin Console in Sun Application Server 9.0_0.1 does not apply ...)
	NOT-FOR-US: Sun Application Server
CVE-2007-4510 (ClamAV before 0.91.2, as used in Kolab Server 2.0 through 2.2beta1 and ...)
	{DSA-1366-1}
	- clamav 0.91.2-1~volatile1
	[sarge] - clamav <not-affected> (Vulnerable code not present)
	NOTE: Only exploitable if CL_EXPERIMENTAL is set
CVE-2007-4509 (SQL injection vulnerability in index.php in the EventList component (c ...)
	NOT-FOR-US: EventList component for Joomla!
CVE-2007-4508 (Stack-based buffer overflow in Rebellion Asura engine, as used for the ...)
	NOT-FOR-US: Rebellion Asura engine
CVE-2007-4507 (Multiple buffer overflows in the php_ntuser component for PHP 5.2.3 al ...)
	NOT-FOR-US: External PHP component only relevant for Windows
CVE-2007-4506 (SQL injection vulnerability in index.php in the NeoRecruit component ( ...)
	NOT-FOR-US: NeoRecruit component for Joomla!
CVE-2007-4505 (SQL injection vulnerability in index.php in the RemoSitory component ( ...)
	NOT-FOR-US: RemoSitory component for Mambo
CVE-2007-4504 (Directory traversal vulnerability in index.php in the RSfiles componen ...)
	NOT-FOR-US: RSfiles component for Joomla!
CVE-2007-4503 (SQL injection vulnerability in index.php in the Nice Talk component (c ...)
	NOT-FOR-US: Nice Talk component for Joomla!
CVE-2007-4502 (SQL injection vulnerability in index.php in the BibTeX component (com_ ...)
	NOT-FOR-US: BibTeX component for Joomla!
CVE-2007-4501 (Unspecified vulnerability in PassphraseRequester in SSHKeychain before ...)
	NOT-FOR-US: SSHKeychain
CVE-2007-4500 (Unspecified vulnerability in TunnelRunner in SSHKeychain before 0.8.2  ...)
	NOT-FOR-US: SSHKeychain
CVE-2007-4499 (Unrestricted file upload vulnerability in output.php in American Finan ...)
	NOT-FOR-US: American Financing eMail Image Upload
CVE-2007-4498 (The Grandstream SIP Phone GXV-3000 with firmware 1.0.1.7, Loader 1.0.0 ...)
	NOT-FOR-US: Grandstream SIP Phone
CVE-2007-4497 (Unspecified vulnerability in EMC VMware Workstation before 5.5.5 Build ...)
	- vmware-package 0.16
CVE-2007-4496 (Unspecified vulnerability in EMC VMware Workstation before 5.5.5 Build ...)
	- vmware-package 0.16
CVE-2007-4495 (Unspecified vulnerability in the ata disk driver in Sun Solaris 10 on  ...)
	NOT-FOR-US: Solaris
CVE-2007-4494 (The tipafriend function in eZ publish before 3.8.9, and 3.9 before 3.9 ...)
	- ezpublish <removed>
CVE-2007-4493 (eZ publish before 3.8.9, and 3.9 before 3.9.3, does not properly check ...)
	- ezpublish <removed>
CVE-2007-4492 (Multiple unspecified vulnerabilities in the ata disk driver in Sun Sol ...)
	NOT-FOR-US: Solaris
CVE-2007-4491 (SQL injection vulnerability in uyeler2.php in Gurur haber 2.0 allows r ...)
	NOT-FOR-US: Gurur haber
CVE-2007-4490 (Multiple buffer overflows in EarthAgent.exe in Trend Micro ServerProte ...)
	NOT-FOR-US: Trend Micro
CVE-2007-4489 (Buffer overflow in the IUAComFormX ActiveX control in uacomx.ocx 2.0.1 ...)
	NOT-FOR-US: eCentrex VOIP
CVE-2007-4488 (Multiple cross-site scripting (XSS) vulnerabilities in the Siemens Gig ...)
	NOT-FOR-US: Siemens GigaSet firmware
CVE-2007-4487 (Cross-site scripting (XSS) vulnerability in D22-Shoutbox for Invision  ...)
	NOT-FOR-US: Invision Power Board
CVE-2007-4486 (Multiple PHP remote file inclusion vulnerabilities in index.php in Lin ...)
	NOT-FOR-US: Linkliste
CVE-2007-4485 (PHP remote file inclusion vulnerability in visitor.php in Butterfly on ...)
	NOT-FOR-US: Butterfly online visitors counter
CVE-2007-4484 (PHP remote file inclusion vulnerability in login.php in My_REFERER 1.0 ...)
	NOT-FOR-US: My_REFERER
CVE-2007-4483 (Cross-site scripting (XSS) vulnerability in index.php in the WordPress ...)
	{DSA-1285-1}
	- wordpress 2.1.3-1 (medium)
CVE-2007-4482 (Cross-site scripting (XSS) vulnerability in index.php in the Pool 1.0. ...)
	NOT-FOR-US: Pool 1.0.7 theme for WordPress
CVE-2007-4481 (Cross-site scripting (XSS) vulnerability in index.php in the (1) Blix  ...)
	NOT-FOR-US: Rus themes for WordPress
CVE-2007-4480 (Cross-site scripting (XSS) vulnerability in index.php in the Sirius 1. ...)
	NOT-FOR-US: Sirius 1.0 theme for WordPress
CVE-2007-4479 (Cross-site scripting (XSS) vulnerability in search.html in Search Engi ...)
	NOT-FOR-US: Search Engine Builder
CVE-2007-4478 (Cross-site scripting (XSS) vulnerability in Microsoft Internet Explore ...)
	NOT-FOR-US: Internet Explorer
CVE-2007-4477 (The administration interface in the Planet VC-200M VDSL2 router allows ...)
	NOT-FOR-US: Planet VC-200M VDSL2 router
CVE-2007-4476 (Buffer overflow in the safer_name_suffix function in GNU tar has unspe ...)
	{DSA-1566-1 DSA-1438-1}
	- tar 1.18-1 (low; bug #441444)
	- cpio 2.9-5 (low; bug #449222)
CVE-2007-4475 (Stack-based buffer overflow in EAI WebViewer3D ActiveX control (webvie ...)
	NOT-FOR-US: EAI WebViewer3D ActiveX control
CVE-2007-4474 (Multiple stack-based buffer overflows in the IBM Lotus Domino Web Acce ...)
	NOT-FOR-US: IBM Lotus Domino Web Access
CVE-2007-4473 (Gesytec Easylon OPC Server before 2.3.44 does not properly validate se ...)
	NOT-FOR-US: Gesytec Easylon OPC Server
CVE-2007-4472 (Multiple buffer overflows in the Broderbund Expressit 3DGreetings Play ...)
	NOT-FOR-US: Broderbund Expressit
CVE-2007-4471 (Multiple unspecified vulnerabilities in the Intuit QuickBooks Online E ...)
	NOT-FOR-US: QuickBooks
CVE-2007-4470 (Multiple stack-based buffer overflows in the Earth Resource Mapping NC ...)
	NOT-FOR-US: Earth Resource Mapping NCSView
CVE-2007-4469
	RESERVED
CVE-2007-4468
	RESERVED
CVE-2007-4467 (Multiple stack-based buffer overflows in the Oracle JInitiator ActiveX ...)
	NOT-FOR-US: Oracle
CVE-2007-4466 (Multiple stack-based buffer overflows in Electronic Arts (EA) SnoopyCt ...)
	NOT-FOR-US: Electronic Arts (EA) SnoopyCtrl ActiveX
CVE-2007-4465 (Cross-site scripting (XSS) vulnerability in mod_autoindex.c in the Apa ...)
	- apache <removed> (low)
	- apache2 2.2.6-1 (bug #453783)
	[sarge] - apache <no-dsa> (browser issue, low impact)
	[sarge] - apache2 <no-dsa> (browser issue, low impact)
	NOTE: This is really a browser bug, see CVE-2006-5152. But still unfixed in MSIE.
	NOTE: Etch's default configuration not vulnerable due to AddDefaultCharset,
	NOTE: but many users change this.
	NOTE: The apache2 fix is actually a workaround. It will not be applied to apache 1.3.
CVE-2007-4464 (CRLF injection vulnerability in the Fileinfo 2.0.9 plugin for Total Co ...)
	NOT-FOR-US: Total Commander
CVE-2007-4463 (The Fileinfo 2.0.9 plugin for Total Commander allows user-assisted rem ...)
	NOT-FOR-US: Total Commander
CVE-2007-4462 (lib/Locale/Po4a/Po.pm in po4a before 0.32 allows local users to overwr ...)
	- po4a 0.31-1 (bug #439226)
	[etch] - po4a 0.29-1etch1
	[sarge] - po4a 0.20-2sarge1
CVE-2007-4461 (NuFW 2.2.3, and certain other versions after 2.0, allows remote attack ...)
	- nufw 2.2.4-1 (bug #439227)
	[etch] - nufw <not-affected>
CVE-2007-4460 (The RenderV2ToFile function in tag_file.cpp in id3lib (aka libid3) 3.8 ...)
	{DSA-1365-3 DSA-1365-2 DSA-1365-1}
	- id3lib3.8.3 3.8.3-7 (low; bug #438540)
CVE-2007-4459 (Cisco IP Phone 7940 and 7960 with P0S3-08-6-00 firmware, and other SIP ...)
	NOT-FOR-US: Cisco IP Phone
CVE-2007-4458 (PHP remote file inclusion vulnerability in includes/class/class_tpl.ph ...)
	NOT-FOR-US: Firesoft
CVE-2007-4457 (Directory traversal vulnerability in forumreply.php in Dalai Forum 1.1 ...)
	NOT-FOR-US: Dalai Forum
CVE-2007-4456 (SQL injection vulnerability in index.php in the SimpleFAQ (com_simplef ...)
	NOT-FOR-US: mambo
	NOTE: mambo is in experimental though
CVE-2007-4455 (The SIP channel driver (chan_sip) in Asterisk Open Source 1.4.x before ...)
	- asterisk 1:1.4.11~dfsg-1
	[sarge] - asterisk <not-affected> (not affected according to advisory)
	[etch] - asterisk <not-affected> (not affected according to advisory)
CVE-2007-4454 (Eval injection vulnerability in environment.php in Olate Download (od) ...)
	NOT-FOR-US: Olate Download
CVE-2007-4453
	NOT-FOR-US: vBulletin
CVE-2007-4452 (The client in Toribash 2.71 and earlier allows remote attackers to cau ...)
	NOT-FOR-US: Toribash
CVE-2007-4451 (The server in Toribash 2.71 and earlier on Windows allows remote attac ...)
	NOT-FOR-US: Toribash
CVE-2007-4450 (The server in Toribash 2.71 and earlier does not properly handle long  ...)
	NOT-FOR-US: Toribash
CVE-2007-4449 (The client in Toribash 2.71 and earlier allows remote attackers to cau ...)
	NOT-FOR-US: Toribash
CVE-2007-4448 (The server in Toribash 2.71 and earlier does not properly handle parti ...)
	NOT-FOR-US: Toribash
CVE-2007-4447 (Multiple buffer overflows in the client in Toribash 2.71 and earlier a ...)
	NOT-FOR-US: Toribash
CVE-2007-4446 (Format string vulnerability in the server in Toribash 2.71 and earlier ...)
	NOT-FOR-US: Toribash
CVE-2007-4445 (Image Space rFactor 1.250 and earlier allows remote attackers to cause ...)
	NOT-FOR-US: Image space rfactor
CVE-2007-4444 (Multiple buffer overflows in Image Space rFactor 1.250 and earlier all ...)
	NOT-FOR-US: Image space rfactor
CVE-2007-4443 (The UCC dedicated server for the Unreal engine, possibly 2003 and 2004 ...)
	NOT-FOR-US: Unreal on Windows
CVE-2007-4442 (Stack-based buffer overflow in the logging function in the Unreal engi ...)
	NOT-FOR-US: Unreal on Windows
CVE-2007-4441 (Buffer overflow in php_win32std.dll in the win32std extension for PHP  ...)
	- php5 <not-affected> (Windows-specific)
CVE-2007-4440 (Stack-based buffer overflow in the MercuryS SMTP server in Mercury Mai ...)
	NOT-FOR-US: Mercury mail system
CVE-2007-4439 (PHP remote file inclusion vulnerability in popup_window.php in Squirre ...)
	NOT-FOR-US: Squirrelcart
CVE-2007-4438 (Session fixation vulnerability in Ampache before 3.3.3.5 allows remote ...)
	- ampache 3.3.3.5-dfsg-1 (bug #407337)
CVE-2007-4437 (SQL injection vulnerability in albums.php in Ampache before 3.3.3.5 al ...)
	- ampache 3.3.3.5-dfsg-1 (bug #407337)
CVE-2007-4436 (The Drupal Project module before 5.x-1.0, 4.7.x-2.3, and 4.7.x-1.3 and ...)
	- drupal <not-affected> (External addon, see bug #439379)
CVE-2007-4435 (Multiple SQL injection vulnerabilities in TorrentTrader before 1.07 al ...)
	NOT-FOR-US: TorrentTrader
CVE-2007-4434 (Cross-site scripting (XSS) vulnerability in textfilesearch.asp in the  ...)
	NOT-FOR-US: Text File Search ASP
CVE-2007-4433 (Cross-site scripting (XSS) vulnerability in textfilesearch.aspx in the ...)
	NOT-FOR-US: Text File Search ASP
CVE-2007-4432 (Untrusted search path vulnerability in the wrapper scripts for the (1) ...)
	NOT-FOR-US: SUSE
CVE-2007-4431 (Cross-domain vulnerability in Apple Safari for Windows 3.0.3 and earli ...)
	NOT-FOR-US: Safari/windows
CVE-2007-4430 (Unspecified vulnerability in Cisco IOS 12.0 through 12.4 allows contex ...)
	NOT-FOR-US: Cisco IOS
CVE-2007-4429 (Unspecified vulnerability in Skype allows remote attackers to cause a  ...)
	NOT-FOR-US: Skype
CVE-2007-4428 (Lhaz 1.33 allows remote attackers to execute arbitrary code via unknow ...)
	NOT-FOR-US: lhaz
CVE-2007-4427 (Unspecified vulnerability in the login page redirection logic in the C ...)
	NOT-FOR-US: InterSystems Cache
CVE-2007-4426 (Live for Speed (LFS) S1 and S2 allows remote attackers to cause a deni ...)
	NOT-FOR-US: Live for Speed
CVE-2007-4425 (Multiple buffer overflows in Live for Speed (LFS) demo, S1, and S2 all ...)
	NOT-FOR-US: Live for Speed
CVE-2007-4424 (Apple Safari for Windows 3.0.3 and earlier does not prompt the user be ...)
	NOT-FOR-US: Safari
CVE-2007-4423 (Stack-based buffer overflow in the AUTH_LIST_GROUPS_FOR_AUTHID functio ...)
	NOT-FOR-US: IBM DB2
CVE-2007-4422 (The login interface in Symantec Enterprise Firewall 6.x, when a VPN wi ...)
	NOT-FOR-US: Symantec Enterprise Firewall
CVE-2007-4421 (SQL injection vulnerability in Admin.php in Olate Download (od) 3.4.1  ...)
	NOT-FOR-US: Olate Download
CVE-2007-4420 (Absolute path traversal vulnerability in a certain ActiveX control in  ...)
	NOT-FOR-US: EDraw Office Viewer Component
CVE-2007-4419 (Admin.php in Olate Download (od) 3.4.1 uses an MD5 hash of the admin u ...)
	NOT-FOR-US: Olate Download
CVE-2007-4418 (IBM DB2 UDB 8 before Fixpak 15 does not properly check authorization,  ...)
	NOT-FOR-US: IBM DB2
CVE-2007-4417 (IBM DB2 UDB 8 before Fixpak 15 and 9.1 before Fixpak 3 does not proper ...)
	NOT-FOR-US: IBM DB2
CVE-2007-4416
	NOT-FOR-US: BellaBook
CVE-2007-4415 (Cisco VPN Client on Windows before 5.0.01.0600, and the 5.0.01.0600 In ...)
	NOT-FOR-US: Cisco VPN client/windows
CVE-2007-4414 (Cisco VPN Client on Windows before 4.8.02.0010 allows local users to g ...)
	NOT-FOR-US: Cisco VPN client/windows
CVE-2007-4413 (Direct static code injection vulnerability in admincp/user_help.php in ...)
	NOT-FOR-US: Headstart Solutions DeskPRO 3.0.2
CVE-2007-4412 (Multiple cross-site scripting (XSS) vulnerabilities in Headstart Solut ...)
	NOT-FOR-US: Deskpro
CVE-2007-4411 (ircu 2.10.12.05 and earlier allows remote attackers to discover the hi ...)
	- ircd-ircu 2.10.12.10.dfsg1-1 (low; bug #439314)
	[etch] - ircd-ircu <no-dsa> (Minor issue)
CVE-2007-4410 (ircu 2.10.12.05 and earlier does not properly synchronize a kick actio ...)
	- ircd-ircu 2.10.12.10.dfsg1-1 (low; bug #439314)
	[etch] - ircd-ircu <no-dsa> (Minor issue)
CVE-2007-4409 (Race condition in ircu 2.10.12.01 through 2.10.12.05 allows remote att ...)
	- ircd-ircu <not-affected> (Version affected not yet in unstable, maintainer informed)
CVE-2007-4408 (ircu 2.10.12.05 and earlier ignores timestamps in bounces, which allow ...)
	- ircd-ircu 2.10.12.10.dfsg1-1 (low; bug #439314)
	[etch] - ircd-ircu <no-dsa> (Minor issue)
CVE-2007-4407 (ircu 2.10.12.03 and 2.10.12.04 does not associate a timestamp with ops ...)
	- ircd-ircu <not-affected> (Version affected not yet in unstable, maintainer informed)
CVE-2007-4406 (ircu 2.10.12.01 through 2.10.12.04 does not remove ops privilege after ...)
	- ircd-ircu <not-affected> (Version affected not yet in unstable, maintainer informed)
CVE-2007-4405 (ircu 2.10.12.02 through 2.10.12.04 allows remote attackers to cause a  ...)
	- ircd-ircu <not-affected> (Version affected not yet in unstable, maintainer informed)
CVE-2007-4404 (ircu 2.10.12.01 allows remote attackers to (1) cause a denial of servi ...)
	- ircd-ircu <not-affected> (Version affected not yet in unstable, maintainer informed)
CVE-2007-4403 (The mIRC Control Plug-in for Winamp allows user-assisted remote attack ...)
	NOT-FOR-US: mirc/winamp
CVE-2007-4402 (Multiple unspecified scripts in mIRC allow user-assisted remote attack ...)
	NOT-FOR-US: mirc
CVE-2007-4401 (Multiple CRLF injection vulnerabilities in the Advanced mIRC Integrati ...)
	NOT-FOR-US: mirc
CVE-2007-4400 (CRLF injection vulnerability in the included media script in Konversat ...)
	- konversation 1.0.1-4 (low; bug #439837)
	[etch] - konversation <no-dsa> (minor issue)
	[sarge] - konversation <no-dsa> (minor issue)
CVE-2007-4399 (CRLF injection vulnerability in the xmms.bx 1.0 script for BitchX allo ...)
	NOT-FOR-US: xmms.bx 1.0 script for BitchX (not included in Debian package)
CVE-2007-4398 (Multiple CRLF injection vulnerabilities in the (1) now-playing.rb and  ...)
	- irssi-scripts 20070925 (low; bug #439840)
	- weechat-scripts 20070425-0.1 (low; bug #439839)
	[etch] - irssi-scripts <no-dsa> (minor issue)
	[etch] - weechat-scripts <no-dsa> (minor issue)
	[sarge] - irssi-scripts <no-dsa> (minor issue)
CVE-2007-4397 (Multiple CRLF injection vulnerabilities in (1) xmms-thing 1.0, (2) XMM ...)
	NOT-FOR-US: various IRC now_playing scripts
CVE-2007-4396 (Multiple CRLF injection vulnerabilities in (1) ixmmsa.pl 0.3, (2) l33t ...)
	- irssi-scripts 20070925 (low; bug #439840)
	[etch] - irssi-scripts <no-dsa> (minor issue)
	[sarge] - irssi-scripts <no-dsa> (minor issue)
	NOTE: weechat-scripts does not include the mentioned scripts
CVE-2007-4395 (Multiple unspecified vulnerabilities in the Role Based Access Control  ...)
	NOT-FOR-US: Sun Solaris 8
CVE-2007-4394 (Unspecified vulnerability in a "core clean" cron job created by the fi ...)
	NOT-FOR-US: findutils-locate on SUSE Linux
CVE-2007-4393 (The installation script for orarun on SUSE Linux before 20070810 place ...)
	NOT-FOR-US: oracle
CVE-2007-4392 (Winamp 5.35 allows remote attackers to cause a denial of service (prog ...)
	NOT-FOR-US: winamp
CVE-2007-4391 (Heap-based buffer overflow in Kakadu kdu_v32m.dll in Yahoo! Messenger  ...)
	NOT-FOR-US: kakadu
CVE-2007-4390 (The Command Line Interface (CLI), aka Adonis Administration Console, o ...)
	NOT-FOR-US: BlueCat
CVE-2007-4389 (Cross-site request forgery (CSRF) vulnerability in /xslt in 2wire 1701 ...)
	NOT-FOR-US: 2wire
CVE-2007-4388 (2wire 1701HG and 2071 Gateway routers, with 5.29.51 and possibly 3.17. ...)
	NOT-FOR-US: 2wire
CVE-2007-4387 (Cross-site request forgery (CSRF) vulnerability in /xslt in 2wire 1701 ...)
	NOT-FOR-US: 2wire
CVE-2007-4386 (SQL injection vulnerability in search.php in GetMyOwnArcade allows rem ...)
	NOT-FOR-US: GetMyOwnArcade
CVE-2007-4385 (OWASP Stinger before 2.5 allows remote attackers to bypass input valid ...)
	NOT-FOR-US: Stinger
CVE-2007-4384 (Multiple PHP remote file inclusion vulnerabilities in depouilg.php3 in ...)
	NOT-FOR-US: Stephane Pineau VOTE
CVE-2007-4383
	NOT-FOR-US: Trackeur
CVE-2007-4382 (CounterPath X-Lite 3.0 34025, and possibly eyeBeam, allows remote atta ...)
	NOT-FOR-US: CounterPath X-Lite
CVE-2007-4381 (Unspecified vulnerability in the font parsing implementation in Sun JD ...)
	- sun-java5 1.5.0-10-1
CVE-2007-4380 (Aclient in Symantec Altiris Deployment Solution 6 before 6.8 SP2 (6.8. ...)
	NOT-FOR-US: Altiris Deployment Solution
CVE-2007-4379 (Babo Violent 2 2.08.00 and earlier allows remote attackers to cause a  ...)
	NOT-FOR-US: Babo Violent
CVE-2007-4378 (Multiple format string vulnerabilities in Babo Violent 2 2.08.00 and e ...)
	NOT-FOR-US: Babo Violent
CVE-2007-4377 (Stack-based buffer overflow in the IMAP service in SurgeMail 38k allow ...)
	NOT-FOR-US: SurgeMail
CVE-2007-4376 (Unrestricted file upload vulnerability in banner-upload.php in Szymon  ...)
	NOT-FOR-US: Szymon Kosok Best Top List
CVE-2007-4375 (The administrative interface (aka DkService.exe) in Diskeeper 9 Profes ...)
	NOT-FOR-US: Diskeeper
CVE-2007-4374 (Babo Violent 2 2.08.00 does not validate the sender field of a chat me ...)
	NOT-FOR-US: Babo Violent
CVE-2007-4373 (The server in Babo Violent 2 2.08.00 and earlier does not properly imp ...)
	NOT-FOR-US: Babo Violent
CVE-2007-4372 (Unspecified vulnerability in NetWin SurgeMail 38k on Windows Server 20 ...)
	NOT-FOR-US: SurgeMail
CVE-2007-XXXX [pam usb wrongly allows authentication without password in ssh sessions]
	- libpam-usb 0.4.1-1 (medium)
	NOTE: see http://sourceforge.net/mailarchive/forum.php?thread_name=7D75703BC8E1C149BF78A1E79AAAB169B8A2E4%40svits28.main.ad.rit.edu&forum_name=pamusb-devel
CVE-2007-XXXX [lwat sometimes logs passwords in access.log]
	- lwat 0.15-2 (low)
CVE-2007-4371 (Unrestricted file upload vulnerability in admin/pages/blog-add.php in  ...)
	NOT-FOR-US: Neuron Blog
CVE-2007-4370 (Multiple buffer overflows in the (1) client and (2) server in Racer 0. ...)
	NOT-FOR-US: Racer
CVE-2007-4369 (Directory traversal vulnerability in go/_files in SOTEeSKLEP before 4. ...)
	NOT-FOR-US: SOTEeSKLEP
CVE-2007-4368 (SQL injection vulnerability in /main in IBM Rational ClearQuest (CQ) W ...)
	NOT-FOR-US: IBM Rational ClearQuest (CQ)
CVE-2007-4367 (Opera before 9.23 allows remote attackers to execute arbitrary code vi ...)
	NOT-FOR-US: Opera
CVE-2007-4366 (WengoPhone 2.1 allows remote attackers to cause a denial of service (d ...)
	- wengophone 2.1.1.dfsg0-3 (bug #438419)
CVE-2007-4365 (Cross-site scripting (XSS) vulnerability in eXV2 CMS 2.0.5 and earlier ...)
	NOT-FOR-US: eXV2 CMS
CVE-2007-4364 (Fedora Commons before 2.2.1 does not properly handle certain authentic ...)
	NOT-FOR-US: Fedora Commons
CVE-2007-4363 (Multiple cross-site scripting (XSS) vulnerabilities in the nodereferen ...)
	NOT-FOR-US: Drupal Content Construction Kit (CCK)
CVE-2007-4362 (SQL injection vulnerability in category.php in Prozilla Webring allows ...)
	NOT-FOR-US: Prozilla Webring
CVE-2007-4361 (NETGEAR (formerly Infrant) ReadyNAS RAIDiator before 4.00b2-p2-T1 beta ...)
	NOT-FOR-US: ReadyNAS RAIDiator
CVE-2007-4360 (Unspecified vulnerability in Dell Remote Access Card 4 (DRAC4) with fi ...)
	NOT-FOR-US: Dell
CVE-2007-4359 (Multiple SQL injection vulnerabilities in SkilMatch Staffing Systems J ...)
	NOT-FOR-US: JobLister3
CVE-2007-4358 (Zoidcom 0.6.7 and earlier allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Zoidcom
CVE-2007-4357 (Mozilla Firefox 2.0.0.6 and earlier allows remote attackers to spoof t ...)
	- mozilla-firefox <removed> (unimportant)
	- mozilla <removed> (unimportant)
	- iceweasel <removed> (unimportant)
	- iceape <removed> (unimportant)
CVE-2007-4356 (Microsoft Internet Explorer 6 and 7 embeds FTP credentials in HTML fil ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2007-4355 (Buffer overflow in the at program on IBM AIX 5.3 allows local users to ...)
	NOT-FOR-US: AIX
CVE-2007-4354 (Buffer overflow in fileplace in bos.perf.tools in IBM AIX 5.2 and 5.3  ...)
	NOT-FOR-US: AIX
CVE-2007-4353 (Multiple buffer overflows in IBM AIX 5.2 and 5.3 allow local users in  ...)
	NOT-FOR-US: AIX
CVE-2007-4352 (Array index error in the DCTStream::readProgressiveDataUnit method in  ...)
	{DSA-1537-1 DSA-1509-1 DSA-1480-1 DTSA-85-1 DTSA-86-1}
	- poppler 0.6.2-1 (medium; bug #450628)
	- kdegraphics 4:3.5.8-2 (medium; bug #450630)
	[etch] - kdegraphics <not-affected> (Vulnerable code not used)
	- xpdf 3.02-1.3 (medium; bug #450629)
	- koffice 1:1.6.3-4 (medium; bug #450631)
	- cupsys 1.1.22-7
	- cups 1.1.22-7
	- gpdf <removed>
	- pdftohtml <removed>
	[etch] - pdftohtml 0.36-13etch1
	- tetex-bin 3.0-12
	NOTE: pdftex links to poppler since 3.0-12, thus marking as fixed
	NOTE: cups uses xpdf-utils and poppler-utils since version 1.1.22-7
	- libextractor 0.5.12-1
	NOTE: libextractor uses internal pdf decoder since 0.5.12-1, thus marking as fixed
	- swftools 0.9.2+ds1-2
CVE-2007-4351 (Off-by-one error in the ippReadIO function in cups/ipp.c in CUPS 1.3.3 ...)
	{DSA-1407-1 DTSA-81-1}
	- cupsys 1.3.4-1 (medium; bug #448866)
	- cups 1.3.4-1 (medium; bug #448866)
	[sarge] - cupsys <not-affected> (Only vulnerable to code injection since 1.2.x, effects are harmless otherwise)
CVE-2007-4350 (Cross-site scripting (XSS) vulnerability in the management interface i ...)
	NOT-FOR-US: HP SiteScope
CVE-2007-4349 (The Shared Trace Service (aka OVTrace) in HP Performance Agent C.04.70 ...)
	NOT-FOR-US: HP OpenView Report
CVE-2007-4348 (Cross-site scripting (XSS) vulnerability in the CAD service in IBM Tiv ...)
	NOT-FOR-US: IBM Tivoli Storage Manager
CVE-2007-4347 (Multiple integer overflows in the Job Engine (bengine.exe) service in  ...)
	NOT-FOR-US: Job Engine
CVE-2007-4346 (The Job Engine (bengine.exe) service in Symantec Backup Exec for Windo ...)
	NOT-FOR-US: Job Engine
CVE-2007-4345 (Buffer overflow in IMail Client 9.22, as shipped with IPSwitch IMail S ...)
	NOT-FOR-US: IMail Client
CVE-2007-4344 (Multiple input validation errors in ACD ACDSee Photo Manager 9.0 build ...)
	NOT-FOR-US: ACDSee
CVE-2007-4343 (Stack-based buffer overflow in IrfanView 3.99 and 4.00 allows user-ass ...)
	NOT-FOR-US: IrfanView
CVE-2007-4342 (PHP remote file inclusion vulnerability in include.php in PHPCentral L ...)
	NOT-FOR-US: PHPCentral
CVE-2007-4341 (PHP remote file inclusion vulnerability in adm/my_statistics.php in Om ...)
	NOT-FOR-US: Omnistar Lib2 PHP
CVE-2007-4340 (PHP remote file inclusion vulnerability in index.php in phpDVD 1.0.4 a ...)
	NOT-FOR-US: phpDVD
CVE-2007-4339 (Multiple PHP remote file inclusion vulnerabilities in PHPCentral Poll  ...)
	NOT-FOR-US: PHPCentral Poll Script
CVE-2007-4338 (index.php in Ryan Haudenschilt Family Connections (FCMS) before 0.9 al ...)
	NOT-FOR-US: Family Connections
CVE-2007-4337 (Multiple buffer overflows in the httplib_parse_sc_header function in l ...)
	{DSA-1683-1}
	- streamripper 1.62.2-1 (low)
CVE-2007-4336 (Buffer overflow in the Live Picture Corporation DXSurface.LivePicture. ...)
	NOT-FOR-US: Microsoft
CVE-2007-4335 (Format string vulnerability in the SMTP server component in Qbik WinGa ...)
	NOT-FOR-US: Qbik WinGate
CVE-2007-4334 (Cross-site scripting (XSS) vulnerability in whois.php in Php-stats 0.1 ...)
	NOT-FOR-US: Php-stats
CVE-2007-4333 (Multiple cross-site scripting (XSS) vulnerabilities in signup.php in A ...)
	NOT-FOR-US: Article Dashboard
CVE-2007-4332 (SQL injection vulnerability in article.php in Article Dashboard, when  ...)
	NOT-FOR-US: Article Dashboard
CVE-2007-4331 (PHP remote file inclusion vulnerability in index.php in FindNix allows ...)
	NOT-FOR-US: FindNix
CVE-2007-4330 (PHP remote file inclusion vulnerability in shoutbox.php in Shoutbox 1. ...)
	NOT-FOR-US: Shoutbox
CVE-2007-4329 (Multiple PHP remote file inclusion vulnerabilities in Web News 1.1 all ...)
	NOT-FOR-US: Web News
CVE-2007-4328 (Multiple PHP remote file inclusion vulnerabilities in Mapos Bilder Gal ...)
	NOT-FOR-US: Bilder Galerie
CVE-2007-4327 (Multiple PHP remote file inclusion vulnerabilities in File Uploader 1. ...)
	NOT-FOR-US: File Uploader
CVE-2007-4326 (Multiple PHP remote file inclusion vulnerabilities in Bilder Uploader  ...)
	NOT-FOR-US: Bilder Uploader
CVE-2007-4325 (PHP remote file inclusion vulnerability in index.php in Gaestebuch 1.5 ...)
	NOT-FOR-US: Gaestebuch
CVE-2007-4324 (ActionScript 3 (AS3) in Adobe Flash Player 9.0.47.0, and other version ...)
	- flashplugin-nonfree 9.0.115.0.1
	[etch] - flashplugin-nonfree 9.0.115.0.1~etch1
	[sarge] - flashplugin-nonfree <no-dsa> (Non-free not supported)
CVE-2007-4323 (DenyHosts 2.6 does not properly parse sshd log files, which allows rem ...)
	- denyhosts 2.6-2.1 (bug #438162; medium)
	[etch] - denyhosts 2.6-1etch1
CVE-2007-4322 (BlockHosts before 2.0.4 does not properly parse (1) sshd and (2) vsftp ...)
	NOT-FOR-US: BlockHosts
CVE-2007-4321 (fail2ban 0.8 and earlier does not properly parse sshd log files, which ...)
	{DSA-1456-1}
	- fail2ban 0.8.0-4 (bug #438187; medium)
CVE-2007-4320 (PHP remote file inclusion vulnerability in admin/addons/archive/archiv ...)
	NOT-FOR-US: Ncaster
CVE-2007-4319 (The management interface in ZyNOS firmware 3.62(WK.6) on the Zyxel Zyw ...)
	NOT-FOR-US: Zyxel
CVE-2007-4318 (Cross-site scripting (XSS) vulnerability in Forms/General_1 in the man ...)
	NOT-FOR-US: Zyxel
CVE-2007-4317 (Multiple cross-site request forgery (CSRF) vulnerabilities in the mana ...)
	NOT-FOR-US: Zyxel
CVE-2007-4316 (The management interface in ZyNOS firmware 3.62(WK.6) on the Zyxel Zyw ...)
	NOT-FOR-US: Zyxel
CVE-2007-4315 (The AMD ATI atidsmxx.sys 3.0.502.0 driver on Windows Vista allows loca ...)
	NOT-FOR-US: ATI
CVE-2007-4314 (pixlie.php in Pixlie 1.7 allows remote attackers to trigger the readin ...)
	NOT-FOR-US: Pixlie
CVE-2007-4313 (PHP remote file inclusion vulnerability in public_includes/pub_blocks/ ...)
	NOT-FOR-US: Php Blue Dragon CMS
CVE-2007-4312 (SQL injection vulnerability in index.php in Php Blue Dragon CMS 3.0.0  ...)
	NOT-FOR-US: Php Blue Dragon CMS
CVE-2007-4311 (The xfer_secondary_pool function in drivers/char/random.c in the Linux ...)
	{DSA-1503-2 DSA-1503-1}
	- linux-2.6 <not-affected> (buffer is local to the function that uses sizeof on it)
CVE-2007-4310 (The finger daemon (in.fingerd) in Sun Solaris 7 through 9 allows remot ...)
	NOT-FOR-US: Solaris
CVE-2007-4309 (IBM Lotus Notes 5.x through 7.0.2 allows user-assisted remote authenti ...)
	NOT-FOR-US: IBM Lotus Notes
CVE-2007-4308 (The (1) aac_cfg_open and (2) aac_compat_ioctl functions in the SCSI la ...)
	{DSA-1503-2 DSA-1504-1 DSA-1503-1 DSA-1363-1}
	- linux-2.6 2.6.22-4 (medium; bug #443694)
CVE-2007-4307 (Multiple cross-site scripting (XSS) vulnerabilities in Storesprite 7 a ...)
	NOT-FOR-US: Storesprite
CVE-2007-4306 (Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 2.10 ...)
	- phpmyadmin <unfixed> (unimportant)
	[sarge] - phpmyadmin <not-affected>
	NOTE: It seems that this requires knowledge of a unguessable session token.
	NOTE: Confirmed by upstream. Sarge is not affected at all.
CVE-2007-4305 (Multiple race conditions in the (1) Sudo monitor mode and (2) Sysjail  ...)
	NOT-FOR-US: NetBSD and OpenBSD
CVE-2007-4304 (CerbNG for FreeBSD 4.8 does not properly implement VM protection when  ...)
	NOT-FOR-US: CerbNG for FreeBSD
CVE-2007-4303 (Multiple race conditions in (1) certain rules and (2) argument copying ...)
	NOT-FOR-US: CerbNG for FreeBSD
CVE-2007-4302 (Multiple race conditions in certain system call wrappers in Generic So ...)
	NOT-FOR-US: Generic Software Wrappers Toolkit
CVE-2007-4301 (Multiple cross-site scripting (XSS) vulnerabilities in the management  ...)
	NOT-FOR-US: WebCart
CVE-2007-4300
	RESERVED
CVE-2007-4299
	RESERVED
CVE-2007-4298
	RESERVED
CVE-2007-4297 (Multiple cross-site scripting (XSS) vulnerabilities in yorumkaydet.asp ...)
	NOT-FOR-US: Modulu
CVE-2007-4296 (Unspecified vulnerability in assp.pl in Anti-Spam SMTP Proxy Server (A ...)
	NOT-FOR-US: Anti-Spam SMTP Proxy Server
CVE-2007-4295 (Unspecified vulnerability in Cisco IOS 12.0 through 12.4 allows remote ...)
	NOT-FOR-US: Cisco
CVE-2007-4294 (Unspecified vulnerability in Cisco Unified Communications Manager (CUC ...)
	NOT-FOR-US: Cisco
CVE-2007-4293 (Cisco IOS 12.0 through 12.4 allows remote attackers to cause a denial  ...)
	NOT-FOR-US: Cisco
CVE-2007-4292 (Multiple memory leaks in Cisco IOS 12.0 through 12.4 allow remote atta ...)
	NOT-FOR-US: Cisco
CVE-2007-4291 (Cisco IOS 12.0 through 12.4 allows remote attackers to cause a denial  ...)
	NOT-FOR-US: Cisco
CVE-2007-4290
	NOT-FOR-US: Guestbook Script
CVE-2007-4289 (Sun Java System Portal Server 7.0 does not properly process XSLT style ...)
	NOT-FOR-US: Sun Java System Portal Server
CVE-2007-4288 (Microsoft Windows Media Player 11 (wmplayer.exe) allows user-assisted  ...)
	NOT-FOR-US: Microsoft
CVE-2007-4287 (PHP remote file inclusion vulnerability in fc_functions/fc_example.php ...)
	NOT-FOR-US: FishCart
CVE-2007-4286 (Buffer overflow in the Next Hop Resolution Protocol (NHRP) functionali ...)
	NOT-FOR-US: Cisco
CVE-2007-4285 (Unspecified vulnerability in Cisco IOS and Cisco IOS XR 12.x up to 12. ...)
	NOT-FOR-US: Cisco
CVE-2007-4284 (Multiple cross-site scripting (XSS) vulnerabilities in Cisco Unified M ...)
	NOT-FOR-US: Cisco
CVE-2007-4283 (PHP remote file inclusion vulnerability in bridge/yabbse.inc.php in Co ...)
	NOT-FOR-US: Coppermine Photo Gallery (CPG)
CVE-2007-4282 (The "Extended properties for entries" (entryproperties) plugin in sere ...)
	- serendipity 1.1.4-1
	[etch] - serendipity <not-affected> (introduced in 1.1.x)
CVE-2007-4281 (Cross-site scripting (XSS) vulnerability in KnowledgeTree Open Source  ...)
	- knowledgetree <removed>
CVE-2007-4279 (PHP remote file inclusion vulnerability in config.php in FrontAccounti ...)
	NOT-FOR-US: FrontAccounting
CVE-2007-4278 (Stack-based buffer overflow in the giomgr process in ESRI ArcSDE servi ...)
	NOT-FOR-US: ESRI ArcSDE
CVE-2007-4277 (The Trend Micro AntiVirus scan engine before 8.550-1001, as used in Tr ...)
	NOT-FOR-US: Trend Micro AntiVirus
CVE-2007-4276 (Stack-based buffer overflow in IBM DB2 UDB 8 before Fixpak 15 and 9.1  ...)
	NOT-FOR-US: IBM DB2
CVE-2007-4275 (Multiple untrusted search path vulnerabilities in IBM DB2 UDB 8 before ...)
	NOT-FOR-US: IBM DB2
CVE-2007-4274
	REJECTED
CVE-2007-4273 (IBM DB2 UDB 8 before Fixpak 15 and 9.1 before Fixpak 3 allows local us ...)
	NOT-FOR-US: IBM DB2
CVE-2007-4272 (Multiple vulnerabilities in IBM DB2 UDB 8 before Fixpak 15 and 9.1 bef ...)
	NOT-FOR-US: IBM DB2
CVE-2007-4271 (Directory traversal vulnerability in IBM DB2 UDB 8 before Fixpak 15 an ...)
	NOT-FOR-US: IBM DB2
CVE-2007-4270 (Multiple race conditions in IBM DB2 UDB 8 before Fixpak 15 and 9.1 bef ...)
	NOT-FOR-US: IBM DB2
CVE-2007-4269 (Integer overflow in the Networking component in Apple Mac OS X 10.4 th ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2007-4268 (Integer signedness error in the Networking component in Apple Mac OS X ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2007-4267 (Stack-based buffer overflow in the Networking component in Apple Mac O ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2007-4266
	RESERVED
CVE-2007-4265 (Multiple cross-site scripting (XSS) vulnerabilities in VisionProject 3 ...)
	NOT-FOR-US: VisionProject
CVE-2007-4264 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in Ka ...)
	NOT-FOR-US: snif
CVE-2007-4280 (The Skinny channel driver (chan_skinny) in Asterisk Open Source before ...)
	- asterisk 1:1.4.10~dfsg-1
	NOTE: https://downloads.avaya.com/elmodocs2/security/ASA-2007-019.htm
	[sarge] - asterisk <not-affected> (not affected according to advisory)
	[etch] - asterisk <not-affected> (not affected according to advisory)
CVE-2007-4263 (Unspecified vulnerability in the server side of the Secure Copy (SCP)  ...)
	NOT-FOR-US: Cisco
CVE-2007-4262 (Unrestricted file upload vulnerability in EZPhotoSales 1.9.3 and earli ...)
	NOT-FOR-US: EZPhotoSales
CVE-2007-4261 (EZPhotoSales 1.9.3 and earlier stores sensitive information under the  ...)
	NOT-FOR-US: EZPhotoSales
CVE-2007-4260 (EZPhotoSales 1.9.3 and earlier has a default "admin" account for galle ...)
	NOT-FOR-US: EZPhotoSales
CVE-2007-4259 (EZPhotoSales 1.9.3 and earlier allows remote attackers to download arb ...)
	NOT-FOR-US: EZPhotoSales
CVE-2007-4258 (SQL injection vulnerability in directory.php in Prozilla Pub Site Dire ...)
	NOT-FOR-US: Prozilla
CVE-2007-4257 (Multiple buffer overflows in Live for Speed (LFS) S1 and S2 allow user ...)
	NOT-FOR-US: Live for Speed
CVE-2007-4256 (Directory traversal vulnerability in showpage.cgi in YNP Portal System ...)
	NOT-FOR-US: YNP Portal System
CVE-2007-4255 (Buffer overflow in the mSQL extension in PHP 5.2.3 allows context-depe ...)
	- php5 <removed> (unimportant)
	- php4 <removed> (unimportant)
	NOTE: Only exploitable by malicious script
CVE-2007-4254 (Stack-based buffer overflow in a certain ActiveX control in VDT70.DLL  ...)
	NOT-FOR-US: Microsoft
CVE-2007-4253 (SQL injection vulnerability in the News module in modules.php in Envol ...)
	NOT-FOR-US: Envolution
CVE-2007-4252 (Absolute path traversal vulnerability in a certain ActiveX control in  ...)
	NOT-FOR-US: CHILKAT ASP String
CVE-2007-4251 (OpenOffice.org (OOo) 2.2 does not properly handle files with multiple  ...)
	- openoffice.org <unfixed> (unimportant)
	NOTE: Only a crasher with malformed documents
CVE-2007-4250 (The isChecked function in Toolbar.DLL in Advanced Searchbar before 3.3 ...)
	NOT-FOR-US: Advanced Searchbar
CVE-2007-4249 (The isChecked function in Toolbar.DLL in the ExportNation toolbar for  ...)
	NOT-FOR-US: ExportNation toolbar
CVE-2007-4248 (The CallCmd function in toolbar_gaming.dll in the Toolbar Gaming toolb ...)
	NOT-FOR-US: Toolbar Gaming toolbar
CVE-2007-4247 (Windows Calendar on Microsoft Windows Vista allows remote attackers to ...)
	NOT-FOR-US: Microsoft
CVE-2007-4246 (Unspecified vulnerability, possibly a buffer overflow, in Justsystem I ...)
	NOT-FOR-US: Justsystem Ichitaro
CVE-2007-4245 (Cross-site scripting (XSS) vulnerability in Search.php in DiMeMa CONTE ...)
	NOT-FOR-US: DiMeMa CONTENTdm
CVE-2007-4244 (PHP remote file inclusion vulnerability in langset.php in J! Reactions ...)
	NOT-FOR-US: Joomla!
CVE-2007-4243 (Unspecified vulnerability in pfilter-reporter.pl in Astaro Security Ga ...)
	NOT-FOR-US: Astaro Security Gateway
CVE-2007-4242 (The pop3 Proxy in Astaro Security Gateway (ASG) 7 does not perform vir ...)
	NOT-FOR-US: Astaro Security Gateway
CVE-2007-4241 (Buffer overflow in ldcconn in Hewlett-Packard (HP) Controller for Cisc ...)
	NOT-FOR-US: Hewlett-Packard
CVE-2007-4240 (The check_logout function in class/auth.php in Help Center Live (hcl)  ...)
	NOT-FOR-US: Help Center Live
CVE-2007-4239 (Cross-site scripting (XSS) vulnerability in user/forgotPassStep2.jsp i ...)
	NOT-FOR-US: C-SAM oneWallet
CVE-2007-4238 (AIX 5.2 and 5.3 install pioinit with user and group ownership of bin,  ...)
	NOT-FOR-US: AIX
CVE-2007-4237 (Buffer overflow in the atm subset in arp in devices.common.IBM.atm.rte ...)
	NOT-FOR-US: AIX
CVE-2007-4236 (Buffer overflow in lpd in bos.rte.printers in AIX 5.2 and 5.3 allows l ...)
	NOT-FOR-US: AIX
CVE-2007-4235 (Multiple PHP remote file inclusion vulnerabilities in VietPHP allow re ...)
	NOT-FOR-US: VietPHP
CVE-2007-4234 (Unspecified vulnerability in Camera Life before 2.6 allows remote atta ...)
	NOT-FOR-US: Camera Life
CVE-2007-4233 (Multiple unspecified vulnerabilities in Camera Life before 2.6 allow a ...)
	NOT-FOR-US: Camera Life
CVE-2007-4232 (PHP remote file inclusion vulnerability in admin/inc/change_action.php ...)
	NOT-FOR-US: PHPNews
CVE-2007-4231 (PHP remote file inclusion vulnerability in order/login.php in IDevSpot ...)
	NOT-FOR-US: PhpHostBot
CVE-2007-4230
	NOT-FOR-US: BellaBiblio
CVE-2007-4229 (Unspecified vulnerability in KDE Konqueror 3.5.7 and earlier allows re ...)
	- kdebase <unfixed> (unimportant)
	NOTE: Browser DoS not treated as vulnerabilities
CVE-2007-4228 (rmpvc on IBM AIX 4.3 allows local users to cause a denial of service ( ...)
	NOT-FOR-US: AIX
CVE-2007-4227 (Microsoft Windows Explorer (explorer.exe) allows user-assisted remote  ...)
	NOT-FOR-US: Microsoft
CVE-2007-4226 (Directory traversal vulnerability in the BlueCat Networks Proteus IPAM ...)
	NOT-FOR-US: BlueCat Networks Proteus IPAM appliance
CVE-2007-4225 (Visual truncation vulnerability in KDE Konqueror 3.5.7 allows remote a ...)
	- kdebase 4:3.5.7-3 (bug #433072; low)
	[sarge] - kdebase <no-dsa> (Minor issue)
	[etch] - kdebase <no-dsa> (Minor issue)
CVE-2007-4224 (KDE Konqueror 3.5.7 allows remote attackers to spoof the URL address b ...)
	- kdebase 4:3.5.7-3 (bug #433072; low)
	[sarge] - kdebase <no-dsa> (Minor issue)
	[etch] - kdebase <no-dsa> (Minor issue)
CVE-2007-4223 (Dbgv.sys in Microsoft Sysinternals DebugView before 4.72 provides an u ...)
	NOT-FOR-US: Microsoft Sysinternals DebugView
CVE-2007-4222 (Buffer overflow in the TagAttributeListCopy function in nnotes.dll in  ...)
	NOT-FOR-US: IBM Lotus Notes
CVE-2007-4221 (Multiple buffer overflows in Motorola Timbuktu Pro before 8.6.5 for Wi ...)
	NOT-FOR-US: Motorola Timbuktu
CVE-2007-4220 (Directory traversal vulnerability in Motorola Timbuktu Pro before 8.6. ...)
	NOT-FOR-US: Motorola Timbuktu
CVE-2007-4219 (Integer overflow in the RPCFN_SYNC_TASK function in StRpcSrv.dll, as u ...)
	NOT-FOR-US: Trend Micro ServerProtect
CVE-2007-4218 (Multiple buffer overflows in the ServerProtect service (SpntSvc.exe) i ...)
	NOT-FOR-US: Trend Micro ServerProtect
CVE-2007-4217 (Stack-based buffer overflow in the domacro function in ftp in IBM AIX  ...)
	NOT-FOR-US: IBM AIX
CVE-2007-4216 (vsdatant.sys 6.5.737.0 in Check Point Zone Labs ZoneAlarm before 7.0.3 ...)
	NOT-FOR-US: ZoneAlarm
CVE-2007-4215
	RESERVED
CVE-2007-4214
	RESERVED
CVE-2007-4213 (Palm OS on Treo 650, 680, 700p, and 755p Smart phones allows remote at ...)
	NOT-FOR-US: Palm OS
CVE-2007-4212 (Multiple cross-site scripting (XSS) vulnerabilities in the Search Modu ...)
	NOT-FOR-US: PHP-Nuke
CVE-2007-4211 (The ACL plugin in Dovecot before 1.0.3 allows remote authenticated use ...)
	- dovecot 1:1.0.3-2 (low)
	[etch] - dovecot <no-dsa> (minor issue)
	[sarge] - dovecot <no-dsa> (minor issue)
CVE-2007-4210 (Multiple SQL injection vulnerabilities in module.php in LANAI (la-nai) ...)
	NOT-FOR-US: LANAI CMS
CVE-2007-4209 (SQL injection vulnerability in Recherche.php in Aceboard forum allows  ...)
	NOT-FOR-US: Aceboard forum
CVE-2007-4208 (SQL injection vulnerability in default.asp in Next Gen Portfolio Manag ...)
	NOT-FOR-US: Next Gen Portfolio Manager
CVE-2007-4207 (SQL injection vulnerability in admin_console/index.asp in Gallery In A ...)
	NOT-FOR-US: Gallery In A Box
CVE-2007-4206 (Kaspersky Anti-Spam 3.0 MP1 before Critical Fix 2 (3.0.278.4) sets inc ...)
	NOT-FOR-US: Kaspersky Anti-Spam
CVE-2007-4205 (XHA (Linux-HA) on the BlueCat Networks Adonis DNS/DHCP Appliance 5.0.2 ...)
	NOT-FOR-US: BlueCat Networks Adonis
CVE-2007-4204 (Hitachi Groupmax Collaboration - Schedule, as used in Groupmax Collabo ...)
	NOT-FOR-US: Hitachi Groupmax Collaboration
CVE-2007-4203 (Session fixation vulnerability in Mambo 4.6.2 CMS allows remote attack ...)
	NOT-FOR-US: Mambo
CVE-2007-4202 (Guidance Software EnCase Enterprise Edition (EEE) 6 does not properly  ...)
	NOT-FOR-US: Guidance Software EnCase
CVE-2007-4201 (Guidance Software EnCase 6.2 and 6.5 does not properly handle a volume ...)
	NOT-FOR-US: Guidance Software EnCase
CVE-2007-4200 (ntfs.c in fsstat in Brian Carrier The Sleuth Kit (TSK) before 2.09 int ...)
	- sleuthkit 2.09-1 (unimportant)
	NOTE: Labelling this as a security problem is a bit far-fetched.
CVE-2007-4199 (Brian Carrier The Sleuth Kit (TSK) before 2.09 allows user-assisted re ...)
	- sleuthkit 2.09-1 (unimportant)
	NOTE: Labelling this as a security problem is a bit far-fetched.
CVE-2007-4198 (The fs_data_put_str function in ntfs.c in fls in Brian Carrier The Sle ...)
	- sleuthkit 2.09-1 (unimportant)
	NOTE: Labelling this as a security problem is a bit far-fetched.
CVE-2007-4197 (icat in Brian Carrier The Sleuth Kit (TSK) before 2.09 omits NULL poin ...)
	- sleuthkit 2.09-1 (unimportant)
	NOTE: Labelling this as a security problem is a bit far-fetched.
CVE-2007-4196 (icat in Brian Carrier The Sleuth Kit (TSK) before 2.09 misinterprets a ...)
	- sleuthkit 2.09-1 (unimportant)
	NOTE: Labelling this as a security problem is a bit far-fetched.
CVE-2007-4195 (Use-after-free vulnerability in ext2fs.c in Brian Carrier The Sleuth K ...)
	- sleuthkit 2.09-1 (unimportant)
	NOTE: Labelling this as a security problem is a bit far-fetched.
CVE-2007-4194 (Guidance Software EnCase 5.0 allows user-assisted remote attackers to  ...)
	NOT-FOR-US: Guidance Software EnCase
CVE-2007-4193 (Multiple cross-site request forgery (CSRF) vulnerabilities in index.ph ...)
	NOT-FOR-US: DVD Rental System
CVE-2007-4192 (Multiple cross-site scripting (XSS) vulnerabilities in IDE Group DVD R ...)
	NOT-FOR-US: DVD Rental System
CVE-2007-4191 (Panda Antivirus 2008 stores service executables under the product's in ...)
	NOT-FOR-US: Panda Antivirus
CVE-2007-4190 (CRLF injection vulnerability in Joomla! before 1.0.13 (aka Sunglow) al ...)
	NOT-FOR-US: Joomla!
CVE-2007-4189 (Multiple cross-site scripting (XSS) vulnerabilities in Joomla! before  ...)
	NOT-FOR-US: Joomla!
CVE-2007-4188 (Session fixation vulnerability in Joomla! before 1.0.13 (aka Sunglow)  ...)
	NOT-FOR-US: Joomla!
CVE-2007-4187 (Multiple eval injection vulnerabilities in the com_search component in ...)
	NOT-FOR-US: Joomla!
CVE-2007-4186 (PHP remote file inclusion vulnerability in admin.tour_toto.php in the  ...)
	NOT-FOR-US: Joomla! addon
CVE-2007-4185 (Joomla! 1.0.12 allows remote attackers to obtain sensitive information ...)
	NOT-FOR-US: Joomla!
CVE-2007-4184 (SQL injection vulnerability in administrator/popups/pollwindow.php in  ...)
	NOT-FOR-US: Joomla!
CVE-2007-4183 (SQL injection vulnerability in main.php in paBugs 2.0 Beta 3 and earli ...)
	NOT-FOR-US: paBugs
CVE-2007-4182 (Unrestricted file upload vulnerability in index.php in WikiWebWeaver 1 ...)
	NOT-FOR-US: WikiWebWeaver
CVE-2007-4181
	NOT-FOR-US: Pluck
CVE-2007-4180
	NOT-FOR-US: Pluck
CVE-2007-4179 (Unspecified vulnerability in the Address and Routing Parameter Area (A ...)
	NOT-FOR-US: HPUX
CVE-2007-4178 (Cross-site scripting (XSS) vulnerability in index.php in WebDirector 2 ...)
	NOT-FOR-US: Webdirector
CVE-2007-4177 (Multiple cross-site scripting (XSS) vulnerabilities in Interact before ...)
	NOT-FOR-US: Interact
CVE-2007-4176 (Multiple unspecified vulnerabilities in EQDKP Plus before 0.4.4.5 have ...)
	NOT-FOR-US: EQDKP Plus
CVE-2007-4175 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in Op ...)
	NOT-FOR-US: Openrat CMS
CVE-2007-4174 (Tor before 0.1.2.16, when ControlPort is enabled, does not properly re ...)
	- tor 0.1.2.16-1 (medium)
CVE-2007-4173 (SQL injection vulnerability in duyuruoku.asp in Hunkaray Okul Portali  ...)
	NOT-FOR-US: Hunkaray Okul Portali
CVE-2007-4172 (Multiple cross-site scripting (XSS) vulnerabilities in Open Webmail (O ...)
	NOT-FOR-US: Openwebmail
CVE-2007-4171 (SQL injection vulnerability in komentar.php in the Forum Module for au ...)
	NOT-FOR-US: Aura CMS
CVE-2007-4170 (Multiple PHP remote file inclusion vulnerabilities in AL-Athkar 2.0 al ...)
	NOT-FOR-US: AL-Athkar
CVE-2007-4169
	NOT-FOR-US: vgallite
CVE-2007-4167 (PHP remote file inclusion vulnerability in cat_viewed.php in AL-Carica ...)
	NOT-FOR-US: AL-Caricatier
CVE-2007-4166 (Cross-site scripting (XSS) vulnerability in index.php in the Unnamed t ...)
	NOT-FOR-US: Xu Yiyang
CVE-2007-4165 (Cross-site scripting (XSS) vulnerability in index.php in the Blue Memo ...)
	- wordpress <not-affected> (Wordpress doesn't ship this theme)
CVE-2007-4164 (CRLF injection vulnerability in the redirect feature in Sun Java Syste ...)
	NOT-FOR-US: IndexScript
CVE-2007-4163 (Multiple SQL injection vulnerabilities in IndexScript 2.7 and 2.8 befo ...)
	NOT-FOR-US: IndexScript
CVE-2007-4162 (TIBCO Rendezvous (RV) 7.5.2 does not protect confidentiality or integr ...)
	NOT-FOR-US: TIBCO Rendezvous (RV)
CVE-2007-4161 (rvd in TIBCO Rendezvous (RV) 7.5.2, when -no-lead-wc is omitted, might ...)
	NOT-FOR-US: TIBCO Rendezvous (RV)
CVE-2007-4160 (The default configuration of TIBCO Rendezvous (RV) 7.5.2 clients, when ...)
	NOT-FOR-US: TIBCO Rendezvous (RV)
CVE-2007-4159 (index.html in the HTTP administration interface in certain daemons in  ...)
	NOT-FOR-US: TIBCO Rendezvous (RV)
CVE-2007-4158 (Memory leak in TIBCO Rendezvous (RV) daemon (rvd) 7.5.2, 7.5.3 and 7.5 ...)
	NOT-FOR-US: TIBCO Rendezvous (RV)
CVE-2007-4157 (PHPBlogger stores sensitive information under the web root with insuff ...)
	NOT-FOR-US: PHPBlogger
CVE-2007-4156 (Multiple SQL injection vulnerabilities in wolioCMS allow remote attack ...)
	NOT-FOR-US: wolioCMS
CVE-2007-4155 (Absolute path traversal vulnerability in a certain ActiveX control in  ...)
	- vmware-package 0.16
CVE-2007-4154 (SQL injection vulnerability in options.php in WordPress 2.2.1 allows r ...)
	{DSA-1564-1}
	- wordpress 2.2.2-1
CVE-2007-4153 (Multiple cross-site scripting (XSS) vulnerabilities in WordPress 2.2.1 ...)
	{DSA-1564-1}
	- wordpress 2.2.2-1 (low)
	NOTE: see issue 4690 and 4691 in wordpress trac
CVE-2007-4152 (The Visionsoft Audit on Demand Service (VSAOD) in Visionsoft Audit 12. ...)
	NOT-FOR-US: Visionsoft Audit on Demand Service
CVE-2007-4151 (The Visionsoft Audit on Demand Service (VSAOD) in Visionsoft Audit 12. ...)
	NOT-FOR-US: Visionsoft Audit on Demand Service
CVE-2007-4150 (The Visionsoft Audit on Demand Service (VSAOD) in Visionsoft Audit 12. ...)
	NOT-FOR-US: Visionsoft Audit on Demand Service
CVE-2007-4149 (The Visionsoft Audit on Demand Service (VSAOD) in Visionsoft Audit 12. ...)
	NOT-FOR-US: Visionsoft Audit on Demand Service
CVE-2007-4148 (Heap-based buffer overflow in the Visionsoft Audit on Demand Service ( ...)
	NOT-FOR-US: Visionsoft Audit on Demand Service
CVE-2007-4147 (Multiple unspecified vulnerabilities in Interspire ArticleLive NX befo ...)
	NOT-FOR-US: Interspire ArticleLive NX
CVE-2007-4146 (Cross-site scripting (XSS) vulnerability in webevent.cgi in WebEvent 2 ...)
	NOT-FOR-US: WebEvent
CVE-2007-4145 (Heap-based buffer overflow in the BlueSkychat (BlueSkyCat) ActiveX con ...)
	NOT-FOR-US: BlueSkychat
CVE-2007-4144 (Cross-site scripting (XSS) vulnerability in sample-forms/simple-contac ...)
	NOT-FOR-US: MitriDAT eMail Form Processor Pro
CVE-2007-4143 (user.php in the Billing Control Panel in phpCoupon allows remote authe ...)
	NOT-FOR-US: Billing Control Panel in phpCoupon
CVE-2007-4142 (Cross-site scripting (XSS) vulnerability in IBM Lotus Sametime Server  ...)
	NOT-FOR-US: IBM Lotus Sametime Server
CVE-2007-4141 (OpenRat CMS 0.8-beta1 and earlier allows remote attackers to obtain se ...)
	NOT-FOR-US: OpenRat CMS
CVE-2007-4140 (Buffer overflow in Live for Speed (LFS) S2 ALPHA PATCH 0.5x allows use ...)
	NOT-FOR-US: Live for Speed
CVE-2007-4139 (Cross-site scripting (XSS) vulnerability in the Temporary Uploads edit ...)
	NOT-FOR-US: Temporary Uploads
CVE-2007-4138 (The Winbind nss_info extension (nsswitch/idmap_ad.c) in idmap_ad.so in ...)
	- samba 3.0.26-1
	[etch] - samba <not-affected> (Vulnerable code was introduced in 3.0.25)
	[sarge] - samba <not-affected> (Vulnerable code was introduced in 3.0.25)
CVE-2007-4137 (Off-by-one error in the QUtf8Decoder::toUnicode function in Trolltech  ...)
	{DSA-1426-1}
	- qt-x11-free 3:3.3.7-8 (medium; bug #442780)
	- qt4-x11 <not-affected> (Not exploitable according to upstream)
CVE-2007-4136 (The ricci daemon in Red Hat Conga 0.10.0 allows remote attackers to ca ...)
	NOT-FOR-US: Conga
CVE-2007-4135 (The NFSv4 ID mapper (nfsidmap) before 0.17 does not properly handle re ...)
	- libnfsidmap 0.18-0 (low; bug #442935)
	NOTE: https://issues.rpath.com/browse/RPL-1731
CVE-2007-4134 (Directory traversal vulnerability in extract.c in star before 1.5a84 a ...)
	- star 1.5a67-1.1 (bug #440100; low)
	[etch] - star <no-dsa> (Minor issue)
CVE-2007-4133 (The (1) hugetlb_vmtruncate_list and (2) hugetlb_vmtruncate functions i ...)
	{DSA-1504-1 DSA-1381-2}
	- linux-2.6 2.6.20-1
CVE-2007-4132 (Unspecified vulnerability in Red Hat Network Satellite Server 5.0.0 al ...)
	NOT-FOR-US: Red Hat Satellite Server
CVE-2007-4131 (Directory traversal vulnerability in the contains_dot_dot function in  ...)
	{DSA-1438-1}
	- tar 1.18-2 (medium; bug #439335)
CVE-2007-4130 (The Linux kernel 2.6.9 before 2.6.9-67 in Red Hat Enterprise Linux (RH ...)
	- linux-2.6 2.6.12-1 (low)
	NOTE: a fix is included in 2.6, see line 854 mempolicy.c
	NOTE: it was maybe fixed earlier, 2.6.12 is the first version in git
	NOTE: which I can see and ships the fix
CVE-2007-4129 (CoolKey 1.1.0 allows local users to overwrite arbitrary files via a sy ...)
	- coolkey 1.1.0-3
CVE-2007-4128 (SQL injection vulnerability in index.php in the Firestorm Technologies ...)
	NOT-FOR-US: com_gmaps for Joomla!
CVE-2007-4127
	NOT-FOR-US: Ralf Image Gallery
CVE-2007-4126 (Unspecified vulnerability in the dynamic tracing framework (DTrace) on ...)
	NOT-FOR-US: Sun Solaris
CVE-2007-4125 (Unspecified vulnerability in the Address and Routing Parameter Area (A ...)
	NOT-FOR-US: HP-UX
CVE-2007-4124 (The session failover function in Cosminexus Component Container in Cos ...)
	NOT-FOR-US: Cosminexus
CVE-2007-4123 (The Groupmax Scheduler_Facilities management tool in Hitachi Groupmax  ...)
	NOT-FOR-US: Hitachi Groupmax
CVE-2007-4122 (Unspecified vulnerability in Hitachi JP1/Cm2/Hierarchical Viewer (HV)  ...)
	NOT-FOR-US: Hitachi Hierarchical Viewer
CVE-2007-4121 (Multiple SQL injection vulnerabilities in admin.aspx in E-Commerce Scr ...)
	NOT-FOR-US: E-Commerce Scripts Shopping Cart Script
CVE-2007-4120
	NOT-FOR-US: vBulletin
CVE-2007-4119 (Multiple SQL injection vulnerabilities in yonetici.asp in Berthanas Zi ...)
	NOT-FOR-US: Defteri
CVE-2007-4118 (PHP remote file inclusion vulnerability in includes/functions.inc.php  ...)
	NOT-FOR-US: phpVoter
CVE-2007-4117
	NOT-FOR-US: phpVoter
CVE-2007-XXXX [teamspeak-server arbitrary file disclosure]
	- teamspeak-server 2.0.23.19-1 (bug #435707; medium)
CVE-2007-XXXX [tor insufficient authentication on control port]
	- tor 0.1.2.16-1
CVE-2007-4116 (SQL injection vulnerability in philboard_forum.asp in Metyus Forum Por ...)
	NOT-FOR-US: Metyus Forum Portal
CVE-2007-4115 (Multiple cross-site scripting (XSS) vulnerabilities in IT!CMS (itcms)  ...)
	NOT-FOR-US: IT!CMS (itcms)
CVE-2007-4114 (Multiple SQL injection vulnerabilities in unuttum.asp in SuskunDuygula ...)
	NOT-FOR-US: SuskunDuygular Uyelik Sistemi
CVE-2007-4113 (Unspecified vulnerability in Advanced Webhost Billing System (AWBS) be ...)
	NOT-FOR-US: Advanced Webhost Billing System (AWBS)
CVE-2007-4112 (Multiple SQL injection vulnerabilities in Advanced Webhost Billing Sys ...)
	NOT-FOR-US: Advanced Webhost Billing System (AWBS)
CVE-2007-4111 (SQL injection vulnerability in the login script in Real Estate listing ...)
	NOT-FOR-US: Real Estate listing website
CVE-2007-4110 (SQL injection vulnerability in sign_in.aspx in Message Board / Threade ...)
	NOT-FOR-US: Message Board / Threaded Discussion Forum Application Template
CVE-2007-4109 (SQL injection vulnerability in sign_in.aspx in WebStore (Online Store  ...)
	NOT-FOR-US: WebStore (Online StoreWebStore (Online Store Application Template)
CVE-2007-4108 (SQL injection vulnerability in sign_in.aspx in WebEvents (Online Event ...)
	NOT-FOR-US: WebEvents (Online Event Registration Template)
CVE-2007-4107 (SQL injection vulnerability in editpost.php in phpMyForum before 4.1.4 ...)
	NOT-FOR-US: phpMyForum
CVE-2007-4106 (SQL injection vulnerability in login.asp in CodeWidgets Pay Roll - Tim ...)
	NOT-FOR-US: CodeWidgets Pay Roll - Time Sheet and Punch Card Application With Web Interface
CVE-2007-4105 (A certain ActiveX control in BaiduBar.dll in Baidu Soba Search Bar 5.4 ...)
	NOT-FOR-US: Baidu Soba Search Bar
CVE-2007-4104 (Multiple cross-site scripting (XSS) vulnerabilities in the WP-FeedStat ...)
	NOT-FOR-US: WP-FeedStats plugin for WordPress
CVE-2007-4103 (The IAX2 channel driver (chan_iax2) in Asterisk Open 1.2.x before 1.2. ...)
	- asterisk 1:1.4.9~dfsg-1
	[etch] - asterisk <not-affected> (Only 1.2.20, 1.2.21, 1.2.21.1 and 1.2.22 affected)
	[sarge] - asterisk <not-affected> (1.0 not affected)
CVE-2007-4102 (Cross-site scripting (XSS) vulnerability in search.php for sBlog 0.7.3 ...)
	NOT-FOR-US: sBlog
CVE-2007-4101 (Multiple PHP remote file inclusion vulnerabilities in Madoa Poll 1.1 a ...)
	NOT-FOR-US: Madoa Poll
CVE-2007-4100 (MLDonkey before 2.9.0 does not load certain code from $MLDONKEY/web_in ...)
	- mldonkey 2.9.0-1 (bug #435439)
	[etch] - mldonkey <no-dsa> (Minor issue)
CVE-2007-4099 (Tor before 0.1.2.15 can select a guard node beyond the first listed ne ...)
	- tor 0.1.2.15-1
CVE-2007-4098 (Tor before 0.1.2.15 does not properly distinguish "streamids from diff ...)
	- tor 0.1.2.15-1
CVE-2007-4097 (Tor before 0.1.2.15 sends "destroy cells" containing the reason for te ...)
	- tor 0.1.2.15-1
CVE-2007-4096 (Buffer overflow in Tor before 0.1.2.15, when using BSD natd support, a ...)
	- tor 0.1.2.15-1
CVE-2007-4095 (SQL injection vulnerability in BSM Store Dependent Forums 1.02 allows  ...)
	NOT-FOR-US: BSM Store Dependent Forums
CVE-2007-4094 (PHP remote file inclusion vulnerability in library/authorize.php in ID ...)
	NOT-FOR-US: IDevSpot PhpHostBot
CVE-2007-4093 (Minb Is Not a Blog (minb) stores sensitive information under the web r ...)
	NOT-FOR-US: Minb Is Not a Blog (minb)
CVE-2007-4092 (Directory traversal vulnerability in index.php in iFoto 1.0.1 and earl ...)
	NOT-FOR-US: iFoto
CVE-2007-4091 (Multiple off-by-one errors in the sender.c in rsync 2.6.9 might allow  ...)
	{DSA-1360-1}
	- rsync 2.6.9-5 (bug #438125; medium)
CVE-2007-4090 (Multiple cross-site scripting (XSS) vulnerabilities in Vikingboard 0.1 ...)
	NOT-FOR-US: Vikingboard
CVE-2007-4089 (Vikingboard 0.1.2 allows remote attackers to obtain sensitive informat ...)
	NOT-FOR-US: Vikingboard
CVE-2007-4088 (Multiple cross-site scripting (XSS) vulnerabilities in Vikingboard 0.1 ...)
	NOT-FOR-US: Vikingboard
CVE-2007-4087 (AlstraSoft Video Share Enterprise allows remote attackers to obtain se ...)
	NOT-FOR-US: AlstraSoft Video Share Enterprise
CVE-2007-4086 (Multiple SQL injection vulnerabilities in AlstraSoft Video Share Enter ...)
	NOT-FOR-US: AlstraSoft Video Share Enterprise
CVE-2007-4085 (Multiple SQL injection vulnerabilities in AlstraSoft AskMe Pro allow r ...)
	NOT-FOR-US: AlstraSoft AskMe Pro
CVE-2007-4084 (Multiple SQL injection vulnerabilities in AlstraSoft Affiliate Network ...)
	NOT-FOR-US: AlstraSoft Affiliate Network
CVE-2007-4083 (Multiple cross-site scripting (XSS) vulnerabilities in AlstraSoft AskM ...)
	NOT-FOR-US: AlstraSoft AskMe Pro
CVE-2007-4082 (Cross-site scripting (XSS) vulnerability in contact_author.php AlstraS ...)
	NOT-FOR-US: AlstraSoft Article Manager Pro
CVE-2007-4081 (Multiple cross-site scripting (XSS) vulnerabilities in AlstraSoft Affi ...)
	NOT-FOR-US: AlstraSoft Affiliate Network Pro
CVE-2007-4080 (Cross-site scripting (XSS) vulnerability in index.php AlstraSoft E-Fri ...)
	NOT-FOR-US: AlstraSoft
CVE-2007-4079 (Multiple cross-site scripting (XSS) vulnerabilities in AlstraSoft SMS  ...)
	NOT-FOR-US: AlstraSoft
CVE-2007-4078 (Multiple cross-site scripting (XSS) vulnerabilities in AlstraSoft Text ...)
	NOT-FOR-US: AlstraSoft
CVE-2007-4077 (Multiple cross-site scripting (XSS) vulnerabilities in AlstraSoft Vide ...)
	NOT-FOR-US: AlstraSoft
CVE-2007-4076 (Multiple SQL injection vulnerabilities in index.asp in Alisveris Sites ...)
	NOT-FOR-US: Alisveris Sitesi Scripti
CVE-2007-4075 (Cross-site scripting (XSS) vulnerability in index.asp in Alisveris Sit ...)
	NOT-FOR-US: Alisveris Sitesi Scripti
CVE-2007-4074 (The default configuration of Centre for Speech Technology Research (CS ...)
	- festival 1.96~beta-6 (bug #435445; low)
	[etch] - festival <no-dsa> (Minor issue)
CVE-2007-4073 (Webbler CMS before 3.1.6 does not properly restrict use of "mail a fri ...)
	NOT-FOR-US: Webbler CMS
CVE-2007-4072 (Webbler CMS before 3.1.6 provides the full installation path within HT ...)
	NOT-FOR-US: Webbler CMS
CVE-2007-4071 (Multiple cross-site scripting (XSS) vulnerabilities in uploader/index. ...)
	NOT-FOR-US: Webbler CMS
CVE-2007-4070 (Unspecified vulnerability in Low Bandwidth X proxy (lbxproxy) on Sun S ...)
	- lbxproxy <removed>
CVE-2007-4069 (SQL injection vulnerability in show_cat.php in IndexScript 2.8 and ear ...)
	NOT-FOR-US: IndexScript
CVE-2007-4068 (Multiple SQL injection vulnerabilities in Webyapar 2.0 allow remote at ...)
	NOT-FOR-US: Webyapar
CVE-2007-4067 (Absolute path traversal vulnerability in the clInetSuiteX6.clWebDav Ac ...)
	NOT-FOR-US: Clever Internet ActiveX Suite
CVE-2007-4066 (Multiple buffer overflows in Xiph.Org libvorbis before 1.2.0 allow con ...)
	{DSA-1471-1}
	- libvorbisidec 1.0.2+svn16259-2 (bug #669196)
	- libvorbis 1.2.0.dfsg-1
	NOTE: svn revisionsions fixing this: https://bugzilla.redhat.com/show_bug.cgi?id=249780
CVE-2007-4065 (lib/vorbisfile.c in libvorbisfile in Xiph.Org libvorbis before 1.2.0 a ...)
	{DSA-1471-1}
	- libvorbisidec 1.0.2+svn16259-2 (bug #669196)
	- libvorbis 1.2.0.dfsg-1
	NOTE: Just an infinite loop in an enduser multimedia libarary, not treated as a vulnerability
	NOTE: svn revisionions fixing this: https://bugzilla.redhat.com/show_bug.cgi?id=249780
CVE-2007-4064 (Multiple cross-site scripting (XSS) vulnerabilities in Drupal 5.x befo ...)
	- drupal 4.7.7-1 (low)
	- drupal5 5.2-1 (low)
	[sarge] - drupal <not-affected> (Only Drupal 5.x is affected)
CVE-2007-4063 (Multiple cross-site request forgery (CSRF) vulnerabilities in Drupal 5 ...)
	- drupal5 5.2-1 (low)
	NOTE: DRUPAL-SA-2007-017
CVE-2007-4062 (The SCANCTRL.ScanCtrlCtrl.1 ActiveX control in scan.dll in Nessus Vuln ...)
	- nessus-core <not-affected> (Windows only)
CVE-2007-4061 (Directory traversal vulnerability in a certain ActiveX control in Ness ...)
	- nessus-core <not-affected> (Windows only)
CVE-2007-4060 (Multiple buffer overflows in the HttpSprockMake function in http.c in  ...)
	NOT-FOR-US: corehttp
CVE-2007-4059 (Absolute path traversal vulnerability in a certain ActiveX control in  ...)
	- vmware-package 0.16
CVE-2007-4058 (Absolute path traversal vulnerability in a certain ActiveX control in  ...)
	- vmware-package 0.16
CVE-2007-4057 (Unrestricted file upload vulnerability in pfs.php in Neocrome Seditio  ...)
	NOT-FOR-US: Neocrome Seditio
CVE-2007-4056 (SQL injection vulnerability in directory.php in Prozilla Adult Directo ...)
	NOT-FOR-US: Adult Directory
CVE-2007-4055 (SQL injection vulnerability in comments_get.asp in SimpleBlog 3.0 allo ...)
	NOT-FOR-US: SimpleBlog
CVE-2007-4054 (SQL injection vulnerability in category.php in PHP123 Top Sites allows ...)
	NOT-FOR-US: PHP123 Top Sites
CVE-2007-4053 (SQL injection vulnerability in include/img_view.class.php in LinPHA 1. ...)
	NOT-FOR-US: LinPHA
CVE-2007-4052 (Cross-site scripting (XSS) vulnerability in utilities/login.asp in nuk ...)
	NOT-FOR-US: nukedit
CVE-2007-4051 (Heap-based buffer overflow in the FindFiles function in UltraDefrag 1. ...)
	NOT-FOR-US: UltraDefrag
CVE-2007-4050 (Unspecified vulnerability in WebUI in ADempiere Bazaar before 3.3 beta ...)
	NOT-FOR-US: ADempiere Bazaar
CVE-2007-4049
	REJECTED
CVE-2007-4048 (Cross-site scripting (XSS) vulnerability in index.php in phpSysInfo 2. ...)
	{DTSA-58-1}
	- phpsysinfo 2.5.1-6.1 (unimportant; bug #435935)
	- phpgroupware 0.9.16.012-1 (low; bug #435936; bug #472685)
	[etch] - phpgroupware <not-affected> (Affected code is not used in phpgroupware)
	- egroupware 1.2.107-2.dfsg-1.1 (low; bug #435937)
	NOTE: phpsysinfo alone doesn't maintain any data, which makes this an issue
CVE-2007-4047 (geoBlog (aka BitDamaged) 1 does not require authentication for (1) del ...)
	NOT-FOR-US: geoBlog
CVE-2007-4046 (SQL injection vulnerability in index.php in the Pony Gallery (com_pony ...)
	NOT-FOR-US: Pony Gallery
CVE-2007-4045 (The CUPS service, as used in SUSE Linux before 20070720 and other Linu ...)
	- cupsys 1.2
	- cups 1.2
	NOTE: Since 1.2 allocation has changed and this issue is no longer exploitable
CVE-2007-4044
	REJECTED
CVE-2007-4043 (file.cgi in Secure Computing SecurityReporter (aka Network Security An ...)
	NOT-FOR-US: Secure Computing SecurityReporter
CVE-2007-4042 (Multiple argument injection vulnerabilities in Netscape Navigator 9 al ...)
	NOT-FOR-US: Netscape Navigator
CVE-2007-4041 (Multiple argument injection vulnerabilities in Mozilla Firefox 2.0.0.5 ...)
	{DSA-1346-1 DSA-1345-1 DSA-1344-1 DTSA-51-1 DTSA-52-1 DTSA-53-1}
	- iceweasel 2.0.0.6-1
	- xulrunner 1.8.1.9-1
	- iceape 1.1.5-1
CVE-2007-4040 (Argument injection vulnerability involving Microsoft Outlook and Outlo ...)
	NOT-FOR-US: Micrsoft Outlook
CVE-2007-4039 (Argument injection vulnerability involving Mozilla, when certain URIs  ...)
	- icedove <not-affected> (Windows-specific)
CVE-2007-4038 (Argument injection vulnerability in Mozilla Firefox before 2.0.0.5, wh ...)
	{DSA-1338-1}
	- iceweasel 2.0.0.5-1
CVE-2007-4037
	NOT-FOR-US: Guidance Software
CVE-2007-4036
	NOT-FOR-US: Guidance Software
CVE-2007-4035
	NOT-FOR-US: Guidance Software
CVE-2007-4034 (Stack-based buffer overflow in the YDPCTL.YDPControl.1 (aka Yahoo! Ins ...)
	NOT-FOR-US: Yahoo! Widgets
CVE-2007-4033 (Buffer overflow in the intT1_EnvGetCompletePath function in lib/t1lib/ ...)
	{DSA-1390-1}
	- t1lib 5.1.0-3 (bug #439927)
	NOTE: originally posted as a php vuln, actually in libt1
	NOTE: http://www.securityfocus.com/bid/25079 (particularly the discussions)
CVE-2007-4032 (Buffer overflow in CrystalPlayer Pro 1.98 allows user-assisted remote  ...)
	NOT-FOR-US: CrystalPlayer
CVE-2007-4031 (Directory traversal vulnerability in a certain ActiveX control in Ness ...)
	NOT-FOR-US: Nessus ActiveX control
CVE-2007-4030
	RESERVED
CVE-2007-4029 (libvorbis 1.1.2, and possibly other versions before 1.2.0, allows cont ...)
	{DSA-1471-1}
	- libvorbisidec 1.0.2+svn16259-2 (bug #669196)
	- libvorbis 1.2.0.dfsg-1 (medium; bug #437916)
	NOTE: svn revisions fixing this https://bugzilla.redhat.com/show_bug.cgi?id=249780
CVE-2007-4028 (Absolute path traversal vulnerability in index.php in Webspell 4.01.02 ...)
	NOT-FOR-US: WebSPELL
CVE-2007-4027 (Buffer overflow in cli32 in Areca CLI 1.72.250 and earlier might allow ...)
	NOT-FOR-US: Areca
CVE-2007-4026 (epesi framework before 0.8.6 does not properly verify file extensions, ...)
	NOT-FOR-US: epesi
CVE-2007-4025 (Unspecified vulnerability in Sun Java System (SJS) Application Server  ...)
	NOT-FOR-US: Sun Java System Application Server
CVE-2007-4024 (Cross-site scripting (XSS) vulnerability in W1L3D4_aramasonuc.asp in W ...)
	NOT-FOR-US: W1L3D4
CVE-2007-4023 (Cross-site scripting (XSS) vulnerability in the login CGI program in A ...)
	NOT-FOR-US: Aruba Mobility Controller
CVE-2007-4022 (Cross-site scripting (XSS) vulnerability in frontend/x/htaccess/change ...)
	NOT-FOR-US: cPanel
CVE-2007-4021 (Multiple cross-site scripting (XSS) vulnerabilities in login.php in Br ...)
	NOT-FOR-US: Brain Book Software Secure
CVE-2007-4020 (Multiple cross-site scripting (XSS) vulnerabilities in login.php in Ad ...)
	NOT-FOR-US: AdMan
CVE-2007-4019
	REJECTED
CVE-2007-5645
	REJECTED
CVE-2007-4018 (Citrix Access Gateway Advanced Edition before firmware 4.5.5 allows at ...)
	NOT-FOR-US: Citrix
CVE-2007-4017 (Cross-site request forgery (CSRF) vulnerability in the web-based admin ...)
	NOT-FOR-US: Citrix
CVE-2007-4016 (Unspecified vulnerability in the client components in Citrix Access Ga ...)
	NOT-FOR-US: Citrix
CVE-2007-4015
	REJECTED
CVE-2007-4014 (Cross-site scripting (XSS) vulnerability in a certain index.php instal ...)
	NOT-FOR-US: Blix themes for WordPress
CVE-2007-4013 (Multiple unspecified vulnerabilities in (1) Net6Helper.DLL (aka Net6La ...)
	NOT-FOR-US: Citrix
CVE-2007-4012 (Cisco 4100 and 4400, Airespace 4000, and Catalyst 6500 and 3750 Wirele ...)
	NOT-FOR-US: Cisco
CVE-2007-4011 (Cisco 4100 and 4400, Airespace 4000, and Catalyst 6500 and 3750 Wirele ...)
	NOT-FOR-US: Cisco
CVE-2007-4010 (The win32std extension in PHP 5.2.3 does not follow safe_mode and disa ...)
	- php5 <not-affected> (Windows-specific issue)
CVE-2007-4009 (PHP remote file inclusion vulnerability in admin/business_inc/saveserv ...)
	NOT-FOR-US: SWSoft Confixx
CVE-2007-4008 (Directory traversal vulnerability in custom.php in Entertainment Media ...)
	NOT-FOR-US: Entertainment CMS
CVE-2007-4007 (PHP remote file inclusion vulnerability in index.php in Article Direct ...)
	NOT-FOR-US: Article Directory
CVE-2007-4006 (Buffer overflow in Mike Dubman Windows RSH daemon (rshd) 1.7 has unkno ...)
	NOT-FOR-US: Mike Dubman Windows RSH daemon
CVE-2007-4005 (Stack-based buffer overflow in Mike Dubman Windows RSH daemon (rshd) 1 ...)
	NOT-FOR-US: Mike Dubman Windows RSH daemon
CVE-2007-4004 (Buffer overflow in the ftp client in IBM AIX 5.3 SP6 and 5.2.0 allows  ...)
	NOT-FOR-US: IBM AIX
CVE-2007-4003 (pioout in IBM AIX 5.3 SP6 allows local users to execute arbitrary code ...)
	NOT-FOR-US: IBM AIX
CVE-2007-4002
	RESERVED
CVE-2007-4001
	RESERVED
CVE-2007-4000 (The kadm5_modify_policy_internal function in lib/kadm5/srv/svr_policy. ...)
	- krb5 1.6.dfsg.1-7 (high)
	[etch] - krb5 <not-affected> (Vulnerable code not present)
	[sarge] - krb5 <not-affected> (Vulnerable code not present)
CVE-2007-3999 (Stack-based buffer overflow in the svcauth_gss_validate function in li ...)
	{DSA-1368-1 DSA-1367-1}
	- librpcsecgss 0.14-3
	- krb5 1.6.dfsg.1-7 (high)
	[sarge] - krb5 <not-affected> (Vulnerable code not present)
CVE-2007-3998 (The wordwrap function in PHP 4 before 4.4.8, and PHP 5 before 5.2.4, d ...)
	{DSA-1578-1 DSA-1444-1 DTSA-61-1}
	- php5 5.2.4-1 (low)
	- php4 <removed> (low)
	NOTE: this applies to php4 as well
	NOTE: i think it is medium since it can be easily used to DoS on shared hosting systems
	NOTE: a diff between 5.2.3 (debian) and 5.2.4 (upstream) of ext/standard/string.c
	NOTE: so maybe this is already fixed in 5.2.3, not sure
	NOTE: fixed in php5/etch svn
	NOTE: http://cvs.php.net/viewcvs.cgi/php-src/ext/standard/string.c?r1=1.445.2.14.2.63&r2=1.445.2.14.2.64
CVE-2007-3997 (The (1) MySQL and (2) MySQLi extensions in PHP 4 before 4.4.8, and PHP ...)
	- php5 5.2.4-1 (unimportant)
	- php4 <removed> (unimportant)
	NOTE: only exploitable by malicious script
CVE-2007-3996 (Multiple integer overflows in libgd in PHP before 5.2.4 allow remote a ...)
	{DSA-1613-1}
	- libgd2 2.0.35.dfsg-1 (bug #443456; medium)
	- libwmf <unfixed> (unimportant)
	- racket 5.0.2-1 (unimportant; bug #601525)
	NOTE: Only present in one of the sample pl-scheme packages (plot)
	NOTE: Debian's PHP packages are linked dynamically against libgd
	NOTE: see http://www.php.net/releases/5_2_4.php
CVE-2007-3995
	RESERVED
CVE-2007-3994
	RESERVED
CVE-2007-3993 (Unspecified vulnerability in the attachment filter in Kerio MailServer ...)
	NOT-FOR-US: Kerio MailServer
CVE-2007-3992 (SQL injection vulnerability in vir_login.asp in iExpress Property Pro  ...)
	NOT-FOR-US: iExpress Property Pro
CVE-2007-3991 (Multiple cross-site scripting (XSS) vulnerabilities in cv.asp in Asp c ...)
	NOT-FOR-US: Asp cvmatik
CVE-2007-3990 (SQL injection vulnerability in default.asp in Dora Emlak 1.0, when the ...)
	NOT-FOR-US: Dora Emlak
CVE-2007-3989 (Multiple cross-site scripting (XSS) vulnerabilities in default.asp in  ...)
	NOT-FOR-US: Dora Emlak
CVE-2007-3988 (Session fixation vulnerability in Virtual Hosting Control System (VHCS ...)
	NOT-FOR-US: Virtual Hosting Control System
CVE-2007-3987 (SQL injection vulnerability in SearchResults.asp in ImageRacer 1.0, wh ...)
	NOT-FOR-US: ImageRacer
CVE-2007-3986 (file.cgi in Secure Computing SecurityReporter (aka Network Security An ...)
	NOT-FOR-US: Secure Computing SecurityReporter
CVE-2007-3985 (Directory traversal vulnerability in file.cgi in Secure Computing Secu ...)
	NOT-FOR-US: Secure Computing SecurityReporter
CVE-2007-3984 (Buffer overflow in a certain ActiveX control in the NixonMyPrograms cl ...)
	NOT-FOR-US: Zenturi ProgramChecker
CVE-2007-3983 (Absolute path traversal vulnerability in the Data Dynamics DDActiveRep ...)
	NOT-FOR-US: ActiveReports
CVE-2007-3982 (Absolute path traversal vulnerability in the Data Dynamics ActiveRepor ...)
	NOT-FOR-US: ActiveReports
CVE-2007-3981 (SQL injection vulnerability in index.php in WSN Links Basic Edition al ...)
	NOT-FOR-US: WSN Links
CVE-2007-3980 (PHP remote file inclusion vulnerability in page.php in RCMS Pro RGameS ...)
	NOT-FOR-US: RCMS Pro RGameScript Pro
CVE-2007-3979 (SQL injection vulnerability in index.php in BlogSite Professional (aka ...)
	NOT-FOR-US: BlogSite Professional
CVE-2007-3978 (Session fixation vulnerability in bwired allows remote attackers to hi ...)
	NOT-FOR-US: bwired
CVE-2007-3977 (Cross-site scripting (XSS) vulnerability in bwired allows remote attac ...)
	NOT-FOR-US: bwired
CVE-2007-3976 (SQL injection vulnerability in index.php in bwired allows remote attac ...)
	NOT-FOR-US: bwired
CVE-2007-3975 (Cross-site scripting (XSS) vulnerability in index.php in Elite Forum 1 ...)
	NOT-FOR-US: Elite Forum
CVE-2007-3974 (admin/ajoutaut.php in JBlog 1.0 does not require authentication, which ...)
	NOT-FOR-US: JBlog
CVE-2007-3973 (Multiple cross-site scripting (XSS) vulnerabilities in JBlog 1.0 allow ...)
	NOT-FOR-US: JBlog
CVE-2007-3972 (ESET NOD32 Antivirus before 2.2289 allows remote attackers to cause a  ...)
	NOT-FOR-US: ESET NOD32 Antivirus
CVE-2007-3971 (Integer overflow in ESET NOD32 Antivirus before 2.2289 allows remote a ...)
	NOT-FOR-US: ESET NOD32 Antivirus
CVE-2007-3970 (Race condition in ESET NOD32 Antivirus before 2.2289 allows remote att ...)
	NOT-FOR-US: ESET NOD32 Antivirus
CVE-2007-3969 (Buffer overflow in Panda Antivirus before 20070720 allows remote attac ...)
	NOT-FOR-US: Panda Antivirus
CVE-2007-3968 (index.php in dirLIST before 0.1.1 allows remote attackers to list the  ...)
	NOT-FOR-US: dirLIST
CVE-2007-3967 (Directory traversal vulnerability in index.php in PHP Directory Lister ...)
	NOT-FOR-US: dirLIST
CVE-2007-3966 (SQL injection vulnerability in Munch Pro allows remote attackers to ex ...)
	NOT-FOR-US: Munch Pro
CVE-2007-3965 (Unspecified vulnerability in uFMOD before 1.2.5 has unknown impact and ...)
	NOT-FOR-US: uFMOD
CVE-2007-3964 (Itaka before 0.2.1, when using Authentication mode, allows remote atta ...)
	NOT-FOR-US: Itaka
CVE-2007-3963 (Multiple cross-site scripting (XSS) vulnerabilities in UseBB 1.0.7, an ...)
	NOT-FOR-US: UseBB
CVE-2007-3962 (Multiple stack-based buffer overflows in fsplib.c in fsplib before 0.9 ...)
	NOT-FOR-US: fsplib, vulnerable code not present in lib.c from fsp source package
CVE-2007-3961 (Off-by-one error in the fsp_readdir_r function in fsplib.c in fsplib b ...)
	NOT-FOR-US: fsplib, vulnerable code not present in lib.c from fsp source package
CVE-2007-3960 (Multiple unspecified vulnerabilities in IBM WebSphere Application Serv ...)
	NOT-FOR-US: IBM WebSphere
CVE-2007-3959 (The IM Server (aka IMserve or IMserver) 2.0.5.30 and probably earlier  ...)
	NOT-FOR-US: Ipswitch Collaboration Suite (ICS)
CVE-2007-3958 (Microsoft Windows Explorer (explorer.exe) allows user-assisted remote  ...)
	NOT-FOR-US: Microsoft
CVE-2007-3957 (Buffer overflow in Nipun Jain xserver 0.1 alpha allows remote attacker ...)
	NOT-FOR-US: Nipun Jain xserver
CVE-2007-3956 (TeamSpeak WebServer 2.0 for Windows does not validate parameter value  ...)
	- teamspeak-server 2.0.23.19-1 (bug #435707)
CVE-2007-3955 (Buffer overflow in the IEToolbar.IEContextMenu.1 ActiveX control in Li ...)
	NOT-FOR-US: LinkedIn Toolbar
CVE-2007-3954 (Argument injection vulnerability in Microsoft Internet Explorer, when  ...)
	NOT-FOR-US: Microsoft
CVE-2007-3953 (The OLE2 parsing in Norman Antivirus before 5.91.02 allows remote atta ...)
	NOT-FOR-US: Norman Antivirus
CVE-2007-3952 (The OLE2 parsing in Norman Antivirus before 5.91.02 allows remote atta ...)
	NOT-FOR-US: Norman Antivirus
CVE-2007-3951 (Multiple buffer overflows in Norman Antivirus 5.90 allow remote attack ...)
	NOT-FOR-US: Norman Antivirus
CVE-2007-3950 (lighttpd 1.4.15, when run on 32 bit platforms, allows remote attackers ...)
	{DSA-1362-1}
	- lighttpd 1.4.16-1 (bug #434888)
CVE-2007-3949 (mod_access.c in lighttpd 1.4.15 ignores trailing / (slash) characters  ...)
	{DSA-1362-1}
	- lighttpd 1.4.16-1 (bug #434888)
CVE-2007-3948 (connections.c in lighttpd before 1.4.16 might accept more connections  ...)
	- lighttpd 1.4.16-1 (low; bug #434888)
CVE-2007-3947 (request.c in lighttpd 1.4.15 allows remote attackers to cause a denial ...)
	{DSA-1362-1}
	- lighttpd 1.4.16-1 (bug #428368)
	[etch] - libghttpd <no-dsa> (Accidentally omitted in DSA, but doesn't warrant another update itself)
CVE-2007-3946 (mod_auth (http_auth.c) in lighttpd before 1.4.16 allows remote attacke ...)
	{DSA-1362-1}
	- lighttpd 1.4.16-1 (bug #434888)
CVE-2007-3945 (Rule Set Based Access Control (RSBAC) before 1.3.5 does not properly u ...)
	NOT-FOR-US: Rule Set Based Access Control (RSBAC)
CVE-2007-3944 (Multiple heap-based buffer overflows in the Perl Compatible Regular Ex ...)
	NOT-FOR-US: MobileSafari
CVE-2007-3943 (SQL injection vulnerability in Infinite Responder before 1.48 allows r ...)
	NOT-FOR-US: Infinite Responder
CVE-2007-3942
	NOT-FOR-US: Simple Machines Forum
CVE-2007-3941 (Cross-site scripting (XSS) vulnerability in profile.php in Jasmine CMS ...)
	NOT-FOR-US: Jasmine CMS
CVE-2007-3940 (Cross-site scripting (XSS) vulnerability in default.asp in QuickerSite ...)
	NOT-FOR-US: QuickerSite
CVE-2007-3939 (SQL injection vulnerability in index.php in SpoonLabs Vivvo Article Ma ...)
	NOT-FOR-US: Vivvo Article Management CMS
CVE-2007-3938 (SQL injection vulnerability in index.php in MAXdev MDPro (MD-Pro) 1.0. ...)
	NOT-FOR-US: MAXdev MDPro (MD-Pro)
CVE-2007-3937 (Multiple SQL injection vulnerabilities in A-shop 0.70 and earlier allo ...)
	NOT-FOR-US: A-shop
CVE-2007-3936 (Directory traversal vulnerability in admin/filebrowser.asp in A-shop 0 ...)
	NOT-FOR-US: A-shopA-shop
CVE-2007-3935 (PHP remote file inclusion vulnerability in link_main.php in the SupaNa ...)
	NOT-FOR-US: SupaNav
CVE-2007-3934 (PHP remote file inclusion vulnerability in postscript/postscript.php i ...)
	NOT-FOR-US: BBS E-Market
CVE-2007-3933 (SQL injection vulnerability in insertorder.cfm in QuickEStore 8.2 and  ...)
	NOT-FOR-US: QuickEStore
CVE-2007-3932 (uploadimg.php in the Expose RC35 and earlier (com_expose) component fo ...)
	NOT-FOR-US: Expose RC35 for Joomla
CVE-2007-3931 (The wrap_setuid_third_party_application function in the installation s ...)
	NOT-FOR-US: Samsung SCX-4200 Driver installation script
CVE-2007-3930 (Interpretation conflict between Microsoft Internet Explorer and DocuWi ...)
	NOT-FOR-US: Microsoft
CVE-2007-3929 (Use-after-free vulnerability in the BitTorrent support in Opera before ...)
	NOT-FOR-US: Opera
CVE-2007-3928 (Buffer overflow in Yahoo! Messenger 8.1 allows user-assisted remote au ...)
	NOT-FOR-US: Yahoo! Messenger
CVE-2007-3927 (Multiple buffer overflows in Ipswitch IMail Server 2006 before 2006.21 ...)
	NOT-FOR-US: Ipswitch IMail Server
CVE-2007-3926 (Ipswitch IMail Server 2006 before 2006.21 allows remote attackers to c ...)
	NOT-FOR-US: Ipswitch IMail Server
CVE-2007-3925 (Multiple buffer overflows in the IMAP service (imapd32.exe) in Ipswitc ...)
	NOT-FOR-US: Ipswitch IMail Server
CVE-2007-3924 (Argument injection vulnerability in Microsoft Internet Explorer, when  ...)
	NOT-FOR-US: Microsoft
CVE-2007-3923 (The Common Internet File System (CIFS) optimization in Cisco Wide Area ...)
	NOT-FOR-US: Cisco
CVE-2007-3922 (Unspecified vulnerability in the Java Runtime Environment (JRE) Applet ...)
	- sun-java5 1.5.0-12-2
	[etch] - sun-java5 1.5.0-14-1etch1
	- sun-java6 6-02-1
	- openjdk-6 6b08-1 (bug #566766)
CVE-2007-3921 (gforge 3.1 and 4.5.14 allows local users to truncate arbitrary files v ...)
	{DSA-1402-1}
	- gforge 4.6.99+svn6169-1
CVE-2007-3920 (GNOME screensaver 2.20 in Ubuntu 7.10, when used with Compiz, does not ...)
	{DTSA-75-1}
	[etch] - gnome-screensaver <not-affected> (Affected Compiz not present in Etch version)
	[etch] - xorg-server <not-affected> (Affected Compiz not present in Etch version)
	- gnome-screensaver 2.20.0-1.1
	- xorg-server 2:1.4.1~git20080118-1 (bug #449108; medium)
CVE-2007-3919 ((1) xenbaked and (2) xenmon.py in Xen 3.1 and earlier allow local user ...)
	{DSA-1395-1}
	- xen-unstable 3.0-unstable+hg11561-1 (low; bug #464044)
	- xen-3 3.1.2-1 (low)
CVE-2007-3918 (Cross-site scripting (XSS) vulnerability in account/verify.php in GFor ...)
	{DSA-1383-1}
	- gforge 4.6.99+svn6094-1
CVE-2007-3917 (The multiplayer engine in Wesnoth 1.2.x before 1.2.7 and 1.3.x before  ...)
	{DSA-1386-1}
	- wesnoth 1.2.7-1
CVE-2007-3916 (The main function in skkdic-expr.c in SKK Tools 1.2 allows local users ...)
	- skktools 1.2+0.20061004-3 (low)
	[sarge] - skktools <no-dsa> (Minor issue)
	[etch] - skktools <no-dsa> (Minor issue)
CVE-2007-3915 (Mondo 2.24 has insecure handling of temporary files. ...)
	- mondo 2.24-2 (low)
CVE-2007-3914
	RESERVED
CVE-2007-3913 (SQL injection vulnerability in Gforge before 3.1 allows remote attacke ...)
	{DSA-1369-1 DTSA-57-1}
	- gforge 4.6.99+svn6086-1
CVE-2007-3912 (checkrestart in debian-goodies before 0.34 allows local users to gain  ...)
	{DSA-1527-1}
	- debian-goodies 0.34 (bug #440411; medium)
CVE-2007-3911 (Multiple heap-based buffer overflows in (1) clsscheduler.exe (aka sche ...)
	NOT-FOR-US: BakBone NetVault Reporter
CVE-2007-3910 (Cross-site scripting (XSS) vulnerability in Bandersnatch 0.4 allows re ...)
	- bandersnatch <removed> (low; bug #435709)
CVE-2007-3909 (Multiple SQL injection vulnerabilities in Bandersnatch 0.4 allow remot ...)
	- bandersnatch <removed> (low; bug #435709)
CVE-2007-3908 (Unspecified vulnerability in HP ServiceGuard for Linux for Red Hat Ent ...)
	NOT-FOR-US: HP ServiceGuard
CVE-2007-3907 (Unspecified vulnerability in login.pl in LedgerSMB 1.2.0 through 1.2.6 ...)
	NOT-FOR-US: LedgerSMB
CVE-2007-3906 (Unspecified vulnerability in Kaspersky Anti-Virus for Check Point Fire ...)
	NOT-FOR-US: Kaspersky Anti-Virus
CVE-2007-3905 (SQL injection vulnerability in Zoph before 0.7.0.1 might allow remote  ...)
	{DSA-1389-2 DSA-1389-1}
	- zoph 0.7.0.2-1 (bug #435711)
CVE-2007-3904
	REJECTED
CVE-2007-3903 (Microsoft Internet Explorer 6 and 7 allows remote attackers to execute ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2007-3902 (Use-after-free vulnerability in the CRecalcProperty function in mshtml ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2007-3901 (Stack-based buffer overflow in the DirectShow Synchronized Accessible  ...)
	NOT-FOR-US: Microsoft DirectX
CVE-2007-3900
	REJECTED
CVE-2007-3899 (Unspecified vulnerability in Microsoft Word 2000 SP3, Word 2002 SP3, a ...)
	NOT-FOR-US: Microsoft Word
CVE-2007-3898 (The DNS server in Microsoft Windows 2000 Server SP4, and Server 2003 S ...)
	NOT-FOR-US: Microsoft Windows
CVE-2007-3897 (Heap-based buffer overflow in Microsoft Outlook Express 6 and earlier, ...)
	NOT-FOR-US: Outlook Express
CVE-2007-3896 (The URL handling in Shell32.dll in the Windows shell in Microsoft Wind ...)
	NOT-FOR-US: Windows
CVE-2007-3895 (Buffer overflow in Microsoft DirectShow in Microsoft DirectX 7.0 throu ...)
	NOT-FOR-US: Microsoft DirectX
CVE-2007-3894
	REJECTED
CVE-2007-3893 (Unspecified vulnerability in Microsoft Internet Explorer 5.01 through  ...)
	NOT-FOR-US: Internet Explorer
CVE-2007-3892 (Microsoft Internet Explorer 5.01 through 7 allows remote attackers to  ...)
	NOT-FOR-US: Internet Explorer
CVE-2007-3891 (Unspecified vulnerability in Windows Vista Weather Gadgets in Windows  ...)
	NOT-FOR-US: Windows Vista
CVE-2007-3890 (Microsoft Excel in Office 2000 SP3, Office XP SP3, Office 2003 SP2, an ...)
	NOT-FOR-US: Microsoft
CVE-2007-3889 (Multiple SQL injection vulnerabilities in Insanely Simple Blog 0.5 and ...)
	NOT-FOR-US: Insanely Simple Blog
CVE-2007-3888 (Multiple cross-site scripting (XSS) vulnerabilities in Insanely Simple ...)
	NOT-FOR-US: Insanely Simple Blog
CVE-2007-3887 (Multiple cross-site scripting (XSS) vulnerabilities in mesaj_formu.asp ...)
	NOT-FOR-US: ASP Ziyaretci Defteri
CVE-2007-3886 (Cross-site scripting (XSS) vulnerability in default.asp in Element CMS ...)
	NOT-FOR-US: Element CMS
CVE-2007-3885 (Cross-site scripting (XSS) vulnerability in philboard_search.asp in hu ...)
	NOT-FOR-US: husrevforum
CVE-2007-3884 (SQL injection vulnerability in philboard_forum.asp in husrevforum 1.0. ...)
	NOT-FOR-US: husrevforum
CVE-2007-3883 (The Data Dynamics ActiveBar ActiveX control (actbar3.ocx) 3.2 and earl ...)
	NOT-FOR-US: Data Dynamics ActiveBar ActiveX control
CVE-2007-3882 (SQL injection vulnerability in index.php in Expert Advisor allows remo ...)
	NOT-FOR-US: Expert Advisor
CVE-2007-3881 (SQL injection vulnerability in index.php in Pictures Rating (Picture R ...)
	NOT-FOR-US: Pictures Rating
CVE-2007-3880 (Format string vulnerability in srsexec in Sun Remote Services (SRS) Ne ...)
	NOT-FOR-US: Net Connect
CVE-2007-3879
	RESERVED
CVE-2007-3878
	RESERVED
CVE-2007-3877
	RESERVED
CVE-2007-3876 (Stack-based buffer overflow in SMB in Apple Mac OS X 10.4.11 allows lo ...)
	NOT-FOR-US: SMB (Apple Mac OS X)
CVE-2007-3875 (arclib.dll before 7.3.0.9 in CA Anti-Virus (formerly eTrust Antivirus) ...)
	NOT-FOR-US: CA Anti-Virus
CVE-2007-3874 (Directory traversal vulnerability in the tftp/mftp daemon in the PXE s ...)
	NOT-FOR-US: Symantec Altiris Deployment Solution
CVE-2007-3873 (Stack-based buffer overflow in vstlib32.dll 1.2.0.1012 in the SSAPI En ...)
	NOT-FOR-US: SSAPI Engine
CVE-2007-3872 (Multiple stack-based buffer overflows in the Shared Trace Service (OVT ...)
	NOT-FOR-US: HP OpenView
CVE-2007-3871 (Stampit Web uses guessable id values for online stamp purchases, which ...)
	NOT-FOR-US: Stampit
CVE-2007-XXXX [dokuwiki XSS in spellchecker]
	- dokuwiki 0.0.20070626b-1 (unimportant; bug #434134)
	NOTE: IE browser bug are not treated as security issues in packages applications
CVE-2007-3870 (Multiple unspecified vulnerabilities in the Human Capital Management c ...)
	NOT-FOR-US: Oracle
CVE-2007-3869 (Multiple unspecified vulnerabilities in the Customer Relationship Mana ...)
	NOT-FOR-US: Oracle
CVE-2007-3868 (Multiple unspecified vulnerabilities in PeopleTools in Oracle PeopleSo ...)
	NOT-FOR-US: Oracle
CVE-2007-3867 (Multiple unspecified vulnerabilities in Oracle E-Business Suite 11.5.1 ...)
	NOT-FOR-US: Oracle
CVE-2007-3866 (Multiple unspecified vulnerabilities in Oracle E-Business Suite 11.5.1 ...)
	NOT-FOR-US: Oracle
CVE-2007-3865 (Unspecified vulnerability in the Oracle Customer Intelligence componen ...)
	NOT-FOR-US: Oracle
CVE-2007-3864 (Multiple unspecified vulnerabilities in Oracle Collaboration Suite 10. ...)
	NOT-FOR-US: Oracle
CVE-2007-3863 (Unspecified vulnerability in Oracle JDeveloper for Application Server  ...)
	NOT-FOR-US: Oracle
CVE-2007-3862 (Unspecified vulnerability in Oracle Application Server 9.0.4.3 and 10. ...)
	NOT-FOR-US: Oracle
CVE-2007-3861 (Unspecified vulnerability in Oracle Jdeveloper in Oracle Application S ...)
	NOT-FOR-US: Oracle
CVE-2007-3860 (Unspecified vulnerability in Oracle Application Express (formerly Orac ...)
	NOT-FOR-US: Oracle
CVE-2007-3859 (Unspecified vulnerability in the Oracle Internet Directory component f ...)
	NOT-FOR-US: Oracle
CVE-2007-3858 (Multiple unspecified vulnerabilities in Oracle Database 10.2.0.3 allow ...)
	NOT-FOR-US: Oracle
CVE-2007-3857 (Multiple unspecified vulnerabilities in Oracle Database 10.1.0.5 allow ...)
	NOT-FOR-US: Oracle
CVE-2007-3856 (Unspecified vulnerability in the Oracle Data Mining component for Orac ...)
	NOT-FOR-US: Oracle
CVE-2007-3855 (Multiple unspecified vulnerabilities in Oracle Database 9.0.1.5+, 9.2. ...)
	NOT-FOR-US: Oracle
CVE-2007-3854 (Multiple unspecified vulnerabilities in Oracle Database 9.0.1.5+, 9.2. ...)
	NOT-FOR-US: Oracle
CVE-2007-3853 (Multiple unspecified vulnerabilities in Oracle Database 10.1.0.5 and 1 ...)
	NOT-FOR-US: Oracle
CVE-2007-3852 (The init script (sysstat.in) in sysstat 5.1.2 up to 7.1.6 creates /tmp ...)
	- sysstat <not-affected> (We have our own init script not prone to this vulnerability)
CVE-2007-3851 (The drm/i915 component in the Linux kernel before 2.6.22.2, when used  ...)
	{DSA-1356-1}
	- linux-2.6 2.6.22-4
CVE-2007-3850 (The eHCA driver in Linux kernel 2.6 before 2.6.22, when running on Pow ...)
	- linux-2.6 <not-affected> (Debian's kernel doesn't enable CONFIG_PPC_64K_PAGES)
CVE-2007-3849 (Red Hat Enterprise Linux (RHEL) 5 ships the rpm for the Advanced Intru ...)
	NOT-FOR-US: RedHat Advanced Intrusion Detection Environment
CVE-2007-3848 (Linux kernel 2.4.35 and other versions allows local users to send arbi ...)
	{DSA-1503-2 DSA-1504-1 DSA-1503-1 DSA-1356-1}
	- linux-2.6 2.6.22-4
CVE-2007-3847 (The date handling code in modules/proxy/proxy_util.c (mod_proxy) in Ap ...)
	- apache2 2.2.6-1 (bug #441845; low)
	[etch] - apache2 2.2.3-4+etch3 (bug #441845; low)
	- apache <removed> (unimportant)
	NOTE: Apache 1.3 is non-threaded, therefore unimportant
CVE-2007-3846 (Directory traversal vulnerability in Subversion before 1.4.5, as used  ...)
	NOT-FOR-US: TortoiseSVN on Windows
CVE-2007-3845 (Mozilla Firefox before 2.0.0.6, Thunderbird before 1.5.0.13 and 2.x be ...)
	{DSA-1391-1 DSA-1346-1 DSA-1345-1 DSA-1344-1 DTSA-51-1 DTSA-52-1 DTSA-53-1 DTSA-71-1}
	- iceweasel 2.0.0.6-1 (medium)
	- xulrunner 1.8.1.6-1 (medium)
	- iceape 1.1.3-2 (medium)
	- icedove 2.0.0.6-1 (medium)
	NOTE: MFSA2007-27
CVE-2007-3844 (Mozilla Firefox 2.0.0.5, Thunderbird 2.0.0.5 and before 1.5.0.13, and  ...)
	{DSA-1391-1 DSA-1346-1 DSA-1345-1 DSA-1344-1 DTSA-51-1 DTSA-52-1 DTSA-53-1 DTSA-71-1}
	- iceweasel 2.0.0.6-1 (medium)
	- xulrunner 1.8.1.6-1 (medium)
	- iceape 1.1.3-2 (medium)
	- icedove 2.0.0.6-1 (medium)
	NOTE: MFSA2007-26
CVE-2007-3843 (The Linux kernel before 2.6.23-rc1 checks the wrong global variable fo ...)
	{DSA-1363-1}
	- linux-2.6 2.6.23-1 (bug #446073)
CVE-2007-3842 (Cross-site scripting (XSS) vulnerability in the 8e6 R3000 Enterprise F ...)
	NOT-FOR-US: 8e6 R3000 Enterprise Filter
CVE-2007-3841 (Unspecified vulnerability in Pidgin (formerly Gaim) 2.0.2 for Linux al ...)
	NOTE: this information is based upon a vague advisory by a vulnerability
	NOTE: information sales organization that does not coordinate with vendors or
	NOTE: release actionable advisories. So maybe it is not fixed _but_ since it is
	NOTE: not disclosed it would be hard to fix and track it.
CVE-2007-3840 (SQL injection vulnerability in referralUrl.php in Traffic Stats allows ...)
	NOT-FOR-US: Traffic Stats
CVE-2007-3839 (Cross-site scripting (XSS) vulnerability in takeprofedit.php in TBDev. ...)
	NOT-FOR-US: TBDev.NET
CVE-2007-3838 (Cross-site scripting (XSS) vulnerability in takeprofedit.php in TBDev. ...)
	NOT-FOR-US: TBDev.NET
CVE-2007-3837 (Heap-based buffer overflow in HydraIRC 0.3.151 allows remote IRC serve ...)
	NOT-FOR-US: HydraIRC
CVE-2007-3836 (Format string vulnerability in HydraIRC 0.3.151 allows remote attacker ...)
	NOT-FOR-US: HydraIRC
CVE-2007-3835 (Cross-site scripting (XSS) vulnerability in Ex Libris MetaLib 3.13 and ...)
	NOT-FOR-US: Ex Libris MetaLib
CVE-2007-3834 (Multiple cross-site scripting (XSS) vulnerabilities in Ex Libris ALEPH ...)
	NOT-FOR-US: Ex Libris ALEPH
CVE-2007-3833 (The AOL Instant Messenger (AIM) protocol handler in Cerulean Studios T ...)
	NOT-FOR-US: Trillian
CVE-2007-3832 (Buffer overflow in the AOL Instant Messenger (AIM) protocol handler in ...)
	NOT-FOR-US: Trillian
CVE-2007-3831 (PHP remote file inclusion in main.php in ISS Proventia Network IPS GX5 ...)
	NOT-FOR-US: ISS Proventia Network IPS
CVE-2007-3830 (Cross-site scripting (XSS) vulnerability in alert.php in ISS Proventia ...)
	NOT-FOR-US: ISS Proventia Network IPS
CVE-2007-3829 (Multiple stack-based buffer overflows in (a) InterActual Player 2.60.1 ...)
	NOT-FOR-US: InterActual Player
CVE-2007-3828 (Unspecified vulnerability in mDNSResponder in Apple Mac OS X allows re ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2007-3827 (Mozilla Firefox allows for cookies to be set with a null domain (aka " ...)
	NOTE: Unreproducible for upstream
	NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=388097
CVE-2007-3826 (Microsoft Internet Explorer 7 on Windows XP SP2 allows remote attacker ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2007-3825 (Multiple stack-based buffer overflows in the RPC implementation in ale ...)
	NOT-FOR-US: CA Alert Notification Server
CVE-2007-3824 (SQL injection vulnerability in katgoster.asp in MzK Blog (tr) allows r ...)
	NOT-FOR-US: MzK Blog
CVE-2007-3823 (The Logging Server (Logsrv.exe) in IPSwitch WS_FTP 7.5.29.0 allows rem ...)
	NOT-FOR-US: IPSwitch WS_FTP
CVE-2007-3822 (Multiple cross-site scripting (XSS) vulnerabilities in Webcit before 7 ...)
	NOT-FOR-US: Webcit
CVE-2007-3821 (Cross-site request forgery (CSRF) vulnerability in Webcit before 7.11  ...)
	NOT-FOR-US: Webcit
CVE-2007-3819 (Opera 9.21 allows remote attackers to spoof the data: URI scheme in th ...)
	NOT-FOR-US: Opera
CVE-2007-3818 (Cross-site scripting (XSS) vulnerability in the LoginToboggan module 5 ...)
	NOT-FOR-US: LoginToboggan
CVE-2007-3817 (Cross-site scripting (XSS) vulnerability in the LoginToboggan module 4 ...)
	NOT-FOR-US: LoginToboggan
CVE-2007-3816
	NOT-FOR-US: JWIG
CVE-2007-3815 (Buffer overflow in pirs32.exe in Poslovni informator Republike Sloveni ...)
	NOT-FOR-US: Poslovni informator Republike Slovenije
CVE-2007-3814 (Multiple SQL injection vulnerabilities in MKPortal 1.1.1 allow remote  ...)
	NOT-FOR-US: MKPortal
CVE-2007-3813 (PHP remote file inclusion vulnerability in include/user.php in the NoB ...)
	NOT-FOR-US: NoBoard BETA module for MKPortal
CVE-2007-3812 (SQL injection vulnerability in forums.php in CMScout 1.23 and earlier  ...)
	NOT-FOR-US: CMScout
CVE-2007-3811 (Multiple SQL injection vulnerabilities in eSyndiCat allow remote attac ...)
	NOT-FOR-US: eSyndiCat
CVE-2007-3810 (SQL injection vulnerability in index.php in Realtor 747 allows remote  ...)
	NOT-FOR-US: Realtor 747
CVE-2007-3809 (Multiple SQL injection vulnerabilities in Prozilla Directory Script al ...)
	NOT-FOR-US: Prozilla Directory Script
CVE-2007-3808 (SQL injection vulnerability in includes/search.php in paFileDB 3.6 all ...)
	NOT-FOR-US: paFileDB
CVE-2007-3807 (Multiple cross-site scripting (XSS) vulnerabilities in SiteScape Forum ...)
	NOT-FOR-US: SiteScape Forum
CVE-2007-3806 (The glob function in PHP 5.2.3 allows context-dependent attackers to c ...)
	{DSA-1578-1 DSA-1572-1 DTSA-61-1}
	- php5 5.2.4-1 (medium; bug #441433)
	- php4 <removed>
	[etch] - php5 <no-dsa> (requires malicious script)
	[etch] - php4 <no-dsa> (requires malicious script)
	[sarge] - php4 <no-dsa> (requires malicious script)
CVE-2007-3805 (The IKE implementation in Clavister CorePlus before 8.80.03, and 8.80. ...)
	NOT-FOR-US: Clavister CorePlus
CVE-2007-3804 (The AntiVirus engine in the HTTP-ALG in Clavister CorePlus before 8.81 ...)
	NOT-FOR-US: Clavister CorePlus
CVE-2007-3803 (The SMTP ALG in Clavister CorePlus before 8.80.04, and 8.81.00, does n ...)
	NOT-FOR-US: Clavister CorePlus
CVE-2007-3802
	REJECTED
CVE-2007-3801
	REJECTED
CVE-2007-3800 (Unspecified vulnerability in the Real-time scanner (RTVScan) component ...)
	NOT-FOR-US: Symantec
CVE-2007-3799 (The session_start function in ext/session in PHP 4.x up to 4.4.7 and 5 ...)
	{DSA-1578-1 DSA-1444-1 DTSA-61-1}
	NOTE: this does not affect default installs, only those who have written
	NOTE: custom session handlers (which isn't *that* uncommon though), and
	NOTE: also may not work if other cookie values are set.
	NOTE: fix sneaked into php 5.2.3 sans-mention:
	NOTE: http://cvs.php.net/viewvc.cgi/php-src/ext/session/session.c?r1=1.417.2.8.2.36&r2=1.417.2.8.2.37&pathrev=PHP_5_2
	NOTE: fixed in php4/etch, php5/etch, php4/sarge svn
	- php4 <removed> (low)
	- php5 5.2.4-1 (low; bug #441433)
CVE-2007-3798 (Integer overflow in print-bgp.c in the BGP dissector in tcpdump 3.9.6  ...)
	{DSA-1353-1}
	- tcpdump 3.9.5-3 (bug #434030)
CVE-2007-3797
	RESERVED
CVE-2007-3796 (The password reset feature in the Spam Quarantine HTTP interface for M ...)
	NOT-FOR-US: Spam Quarantine HTTP interface for MailMarshal SMTP
CVE-2007-3795 (Unspecified vulnerability in Hitachi TP1/Server Base before 03-05-/P,  ...)
	NOT-FOR-US: Hitachi
CVE-2007-3794 (Buffer overflow in Hitachi Cosminexus V4 through V7, Processing Kit fo ...)
	NOT-FOR-US: Hitachi
CVE-2007-3793 (SQL injection vulnerability in Job Management Partner 1/NETM/DM (JP1/N ...)
	NOT-FOR-US: Job Management Partner
CVE-2007-3792 (Multiple PHP remote file inclusion vulnerabilities in AzDG Dating Gold ...)
	NOT-FOR-US: AzDG Dating Gold
CVE-2007-3791 (Buffer overflow in the w_read function in sockets.c in Cami Sardinha a ...)
	{DSA-1361-1}
	- postfix-policyd 1.80-2.2 (bug #435735)
CVE-2007-3790 (The com_print_typeinfo function in the bz2 extension in PHP 5.2.3 allo ...)
	- php5 <not-affected> (com_print_typeinfo is a windows only func)
	- php4 <not-affected> (com_print_typeinfo is a windows only func)
CVE-2007-3789 (SQL injection vulnerability in admin/index.php in Inmostore 4.0 allows ...)
	NOT-FOR-US: Inmostore
CVE-2007-3788 (The eSoft InstaGate EX2 UTM device stores the admin password within th ...)
	NOT-FOR-US: eSoft InstaGate
CVE-2007-3787 (The eSoft InstaGate EX2 UTM device does not require entry of the old p ...)
	NOT-FOR-US: eSoft InstaGate
CVE-2007-3786
	NOT-FOR-US: eSoft InstaGate
CVE-2007-3785 (Absolute path traversal vulnerability in a certain ActiveX control in  ...)
	NOT-FOR-US: EldoS SecureBlackbox
CVE-2007-3784 (Cross-site scripting (XSS) vulnerability in the Belkin G Plus Router F ...)
	NOT-FOR-US: Belkin
CVE-2007-3783 (SQL injection vulnerability in default.asp in enVivo!CMS allows remote ...)
	NOT-FOR-US: enVivo!CMS
CVE-2007-3782 (MySQL Community Server before 5.0.45 allows remote authenticated users ...)
	{DSA-1413-1}
	- mysql-dfsg-5.0 5.0.42
	[sarge] - mysql-dfsg <not-affected> (Vulnerable functionality was introduced in 5.0)
	[sarge] - mysql-dfsg-4.1 <not-affected> (Vulnerable functionality was introduced in 5.0)
CVE-2007-3781 (MySQL Community Server before 5.0.45 does not require privileges such  ...)
	{DSA-1451-1}
	- mysql-dfsg-5.0 5.0.45-1
	[etch] - mysql-dfsg-5.0 <no-dsa> (Minor issue, too intrusive to backport)
	[sarge] - mysql-dfsg <no-dsa> (Minor issue, too intrusive to backport)
	[sarge] - mysql-dfsg-4.1 <no-dsa> (Minor issue, too intrusive to backport)
CVE-2007-3780 (MySQL Community Server before 5.0.45 allows remote attackers to cause  ...)
	{DSA-1413-1}
	- mysql-dfsg-5.0 5.0.44
	[sarge] - mysql-dfsg <not-affected> (Introduced with SSL support in 4.1)
CVE-2007-3779 (PHP local file inclusion vulnerability in gpg_pop_init.php in the G/PG ...)
	NOT-FOR-US: G/PGP (GPG) Plugin for Squirrelmail
CVE-2007-3778 (The G/PGP (GPG) Plugin 2.0, and 2.1dev before 20060912, for Squirrelma ...)
	NOT-FOR-US: G/PGP (GPG) Plugin for Squirrelmail
CVE-2007-3777 (avg7core.sys 7.5.0.444 in Grisoft AVG Anti-Virus 7.5.448 and Free Edit ...)
	NOT-FOR-US: Grisoft AVG Anti-Virus
CVE-2007-3776 (Cisco Unified Communications Manager (CUCM, formerly CallManager) and  ...)
	NOT-FOR-US: Cisco
CVE-2007-3775 (Unspecified vulnerability in Cisco Unified Communications Manager (CUC ...)
	NOT-FOR-US: Cisco
CVE-2007-3774 (Dvbbs 7.1.0 SP1 stores sensitive information under the web root with i ...)
	NOT-FOR-US: Dvbbs
CVE-2007-3773 (Cross-site request forgery (CSRF) vulnerability in the Email-Template  ...)
	NOT-FOR-US: Generic YouTube Clone Script
CVE-2007-3772 (Directory traversal vulnerability in news/show.php in PsNews 1.1 allow ...)
	NOT-FOR-US: PsNews
CVE-2007-3771 (Stack-based buffer overflow in the Internet E-mail Auto-Protect featur ...)
	NOT-FOR-US: Symantec Antivirus
CVE-2007-3770 (The terminal_helper_execute function in terminal/terminal.c in Xfce Te ...)
	{DSA-1393-1}
	- xfce4-terminal 0.2.6-3 (bug #437454)
CVE-2007-3769 (Cross-site scripting (XSS) vulnerability in the mirrored server manage ...)
	NOT-FOR-US: SurgeFTP
CVE-2007-3768 (The mirror mechanism in SurgeFTP 2.3a1 allows user-assisted, remote FT ...)
	NOT-FOR-US: SurgeFTP
CVE-2007-3767
	RESERVED
CVE-2007-3766
	RESERVED
CVE-2007-3765 (The STUN implementation in Asterisk 1.4.x before 1.4.8, AsteriskNOW be ...)
	- asterisk 1:1.4.8~dfsg-1 (bug #433681)
	[sarge] - asterisk <not-affected> (1.0.x not affected)
	[etch] - asterisk <not-affected> (1.2.x not affected)
	NOTE: https://downloads.avaya.com/elmodocs2/security/ASA-2007-017.htm
CVE-2007-3764 (The Skinny channel driver (chan_skinny) in Asterisk before 1.2.22 and  ...)
	{DSA-1358-1}
	- asterisk 1:1.4.8~dfsg-1
	NOTE: Etch and Sarge affected
	NOTE: https://downloads.avaya.com/elmodocs2/security/ASA-2007-016.htm
CVE-2007-3763 (The IAX2 channel driver (chan_iax2) in Asterisk before 1.2.22 and 1.4. ...)
	{DSA-1358-1}
	- asterisk 1:1.4.8~dfsg-1
	NOTE: Etch and Sarge affected
	NOTE: https://downloads.avaya.com/elmodocs2/security/ASA-2007-015.htm
CVE-2007-3762 (Stack-based buffer overflow in the IAX2 channel driver (chan_iax2) in  ...)
	{DSA-1358-1}
	- asterisk 1:1.4.8~dfsg-1 (high)
	NOTE: Etch and Sarge affected
	NOTE: https://downloads.avaya.com/elmodocs2/security/ASA-2007-014.htm
CVE-2007-3820 (konqueror/konq_combo.cc in Konqueror 3.5.7 allows remote attackers to  ...)
	- kdebase 4:3.5.7-3 (bug #433072; low)
	[sarge] - kdebase <no-dsa> (Minor issue)
	[etch] - kdebase <no-dsa> (Minor issue)
	NOTE: http://marc.info/?l=full-disclosure&m=118437069815691&w=2
CVE-2007-3761 (Cross-site scripting (XSS) vulnerability in Safari in Apple iPhone 1.1 ...)
	NOT-FOR-US: Safari
CVE-2007-3760 (Cross-site scripting (XSS) vulnerability in Safari in Apple iPhone 1.1 ...)
	NOT-FOR-US: Safari
CVE-2007-3759 (Safari in Apple iPhone 1.1.1, when requested to disable Javascript, do ...)
	NOT-FOR-US: Safari
CVE-2007-3758 (Safari in Apple iPhone 1.1.1, and Safari 3 before Beta Update 3.0.4 on ...)
	NOT-FOR-US: Safari
CVE-2007-3757 (Safari in Apple iPhone 1.1.1 allows remote user-assisted attackers to  ...)
	NOT-FOR-US: Safari
CVE-2007-3756 (Safari in Apple iPhone 1.1.1, and Safari 3 before Beta Update 3.0.4 on ...)
	NOT-FOR-US: Safari
CVE-2007-3755 (Mail in Apple iPhone 1.1.1 allows remote user-assisted attackers to fo ...)
	NOT-FOR-US: Aplle iPhone
CVE-2007-3754 (Mail in Apple iPhone 1.1.1, when using SSL, does not warn the user whe ...)
	NOT-FOR-US: Aplle iPhone
CVE-2007-3753 (Apple iPhone 1.1.1, with Bluetooth enabled, allows physically proximat ...)
	NOT-FOR-US: Aplle iPhone
CVE-2007-3752 (Heap-based buffer overflow in Apple iTunes before 7.4 allows remote at ...)
	NOT-FOR-US: iTunes
CVE-2007-3751 (Unspecified vulnerability in QuickTime for Java in Apple QuickTime bef ...)
	NOT-FOR-US: Apple QuickTime
CVE-2007-3750 (Heap-based buffer overflow in Apple QuickTime before 7.3 allows remote ...)
	NOT-FOR-US: Apple QuickTime
CVE-2007-3749 (The kernel in Apple Mac OS X 10.4 through 10.4.10 does not reset the c ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2007-3748 (Buffer overflow in the UPnP IGD (Internet Gateway Device Standardized  ...)
	NOT-FOR-US: iChat on Apple Mac OS X
CVE-2007-3747 (The Java interface to CoreAudio on Apple Mac OS X 10.3.9 and 10.4.10 d ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2007-3746 (The Java interface to CoreAudio on Apple Mac OS X 10.3.9 and 10.4.10 d ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2007-3745 (The Java interface to CoreAudio on Apple Mac OS X 10.3.9 and 10.4.10 c ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2007-3744 (Heap-based buffer overflow in the UPnP IGD (Internet Gateway Device St ...)
	NOT-FOR-US: Apple Mac OSX
CVE-2007-3743 (Stack-based buffer overflow in bookmark handling in Apple Safari 3 Bet ...)
	NOT-FOR-US: Apple Safari
CVE-2007-3742 (WebKit in Apple Safari 3 Beta before Update 3.0.3, and iPhone before 1 ...)
	NOT-FOR-US: Apple Safari
CVE-2007-3741 (The (1) psp (aka .tub), (2) bmp, (3) pcx, and (4) psd plugins in gimp  ...)
	- gimp 2.2.17-1 (unimportant)
	NOTE: Only DoS by memleaks or double-frees, not treated as security problems
CVE-2007-3740 (The CIFS filesystem in the Linux kernel before 2.6.22, when Unix exten ...)
	{DSA-1504-1 DSA-1378-2 DSA-1378-1}
	- linux-2.6 2.6.22
CVE-2007-3739 (mm/mmap.c in the hugetlb kernel, when run on PowerPC systems, does not ...)
	{DSA-1504-1 DSA-1378-2 DSA-1378-1}
	- linux-2.6 2.6.20-1
CVE-2007-3738 (Multiple unspecified vulnerabilities in Mozilla Firefox before 2.0.0.5 ...)
	{DSA-1534-2 DSA-1339-1 DSA-1338-1 DSA-1337-1 DTSA-45-1 DTSA-47-1 DTSA-51-1}
	- iceape 1.1.3-1 (medium)
	- xulrunner 1.8.1.5-1 (medium)
	- iceweasel 2.0.0.5-1 (medium)
	NOTE: MFSA2007-25
CVE-2007-3737 (Mozilla Firefox before 2.0.0.5 allows remote attackers to execute arbi ...)
	{DSA-1339-1 DSA-1338-1 DSA-1337-1 DTSA-45-1 DTSA-47-1 DTSA-51-1}
	- iceape 1.1.3-1 (high)
	- xulrunner 1.8.1.5-1 (high)
	- iceweasel 2.0.0.5-1 (high)
	NOTE: MFSA2007-21
CVE-2007-3736 (Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 2.0 ...)
	{DSA-1339-1 DSA-1338-1 DSA-1337-1 DTSA-45-1 DTSA-47-1 DTSA-51-1}
	- iceweasel 2.0.0.5-1 (high)
	- iceape 1.1.3-1 (high)
	- xulrunner 1.8.1.5-1 (high)
	NOTE: MFSA2007-19
CVE-2007-3735 (Multiple unspecified vulnerabilities in the JavaScript engine in Mozil ...)
	{DSA-1391-1 DSA-1339-1 DSA-1338-1 DSA-1337-1 DTSA-45-1 DTSA-47-1 DTSA-51-1 DTSA-71-1}
	- iceweasel 2.0.0.5-1 (high)
	- icedove 2.0.0.6-1 (low)
	NOTE: Affects only broken setups, enabling js in Icedove is strongly not recommended
	- iceape 1.1.3-1 (high)
	- xulrunner 1.8.1.5-1 (high)
	NOTE: MFSA2007-18
CVE-2007-3734 (Multiple unspecified vulnerabilities in the browser engine in Mozilla  ...)
	{DSA-1391-1 DSA-1339-1 DSA-1338-1 DSA-1337-1 DTSA-45-1 DTSA-47-1 DTSA-51-1 DTSA-71-1}
	- iceweasel 2.0.0.5-1 (high)
	- icedove 2.0.0.6-1 (high; bug #444010)
	- iceape 1.1.3-1 (high)
	- xulrunner 1.8.1.5-1 (high)
	NOTE: MFSA2007-18
CVE-2007-3733
	REJECTED
CVE-2007-3732 (In Linux 2.6 before 2.6.23, the TRACE_IRQS_ON function in iret_exc cal ...)
	- linux-2.6 2.6.23-1
	NOTE: Upstream fix: https://git.kernel.org/linus/a10d9a71bafd3a283da240d2868e71346d2aef6f (v2.6.23-rc1)
CVE-2007-3731 (The Linux kernel 2.6.20 and 2.6.21 does not properly handle an invalid ...)
	{DSA-1378-2 DSA-1378-1}
	- linux-2.6 2.6.23-1
CVE-2007-3730 (The default configuration of the POP server in TCP/IP Services 5.6 for ...)
	NOT-FOR-US: HP OpenVMS
CVE-2007-3729 (The default configuration of the POP server in TCP/IP Services 5.6 for ...)
	NOT-FOR-US: HP OpenVMS
CVE-2007-3728 (Buffer overflow in lib/silcclient/client_notify.c of SILC Client and S ...)
	- silc-toolkit 1.1.2-1
	[etch] - silc-toolkit <not-affected> (Only the 1.1.x branch is affected)
	NOTE: http://silcnet.org/docs/changelog/SILC Toolkit 1.1.2
CVE-2007-3727 (Multiple unspecified vulnerabilities in Webmatic before 2.7 have unkno ...)
	NOT-FOR-US: WebMatic
CVE-2007-3726 (Integer signedness error in the SET_VALUE function in rarvm.cpp in unr ...)
	- unrar-nonfree 3.7.3-1.1 (low; bug #437703)
	[etch] - unrar-nonfree <no-dsa> (Non-free not supported)
	[sarge] - unrar-nonfree <no-dsa> (Non-free not supported)
	- rar 1:3.7b1-1 (low; bug #437704)
	[etch] - rar <not-affected> (Vulnerable code was fixed already)
	[sarge] - rar <no-dsa> (Non-free not supported)
CVE-2007-3725 (The RAR VM (unrarvm.c) in Clam Antivirus (ClamAV) before 0.91 allows u ...)
	{DSA-1340-1 DTSA-43-1}
	- clamav 0.91-1
	[sarge] - clamav <not-affected> (Vulnerable code was introduced in 0.9x)
CVE-2007-3724 (The process scheduler in the Microsoft Windows XP kernel does not make ...)
	NOT-FOR-US: Microsoft Windows XP
CVE-2007-3723 (The process scheduler in the Sun Solaris kernel does not make use of t ...)
	NOT-FOR-US: Solaris
CVE-2007-3722 (The 4BSD process scheduler in the FreeBSD kernel performs scheduling b ...)
	- kfreebsd-5 <removed> (low)
	[etch] - kfreebsd-5 <no-dsa> (kfreebsd not supported)
CVE-2007-3721 (The ULE process scheduler in the FreeBSD kernel gives preference to "i ...)
	- kfreebsd-5 <removed> (low)
	[etch] - kfreebsd-5 <no-dsa> (kfreebsd not supported)
CVE-2007-3720 (The process scheduler in the Linux kernel 2.4 performs scheduling base ...)
	- linux-2.6 <not-affected> (There's a separate ID for 2.6, see CVE-2007-3719)
CVE-2007-3719 (The process scheduler in the Linux kernel 2.6.16 gives preference to " ...)
	- linux <unfixed> (unimportant)
	- linux-2.6 <removed> (unimportant)
	NOTE: This is the existing default behaviour of the scheduler, can be tuned
	NOTE: to suit individual needs
CVE-2007-3718 (Multiple unspecified vulnerabilities in the SVG parsing engine in Appl ...)
	NOT-FOR-US: Apple Safari
CVE-2007-3717 (rcp on Sun Solaris 8, 9, and 10 before 20070710 does not properly call ...)
	NOT-FOR-US: Sun Solaris
CVE-2007-3716 (The Java XML Digital Signature implementation in Sun JDK and JRE 6 bef ...)
	- sun-java6 6-02-1 (medium)
	- openjdk-6 6b08-1 (bug #566766)
CVE-2007-3715 (Sun Java System Application Server and Web Server 7.0 through 9.0 befo ...)
	NOT-FOR-US: Sun Java System Application Server and Web Server
CVE-2007-3714 (Directory traversal vulnerability in Ada Image Server (ImgSvr) 0.6.5 a ...)
	NOT-FOR-US: Ada Image Server
CVE-2007-3713 (Multiple buffer overflows in Konst CenterICQ 4.9.11 through 4.21 allow ...)
	{DSA-1433-1 DTSA-55-1}
	- centericq 4.22.1-2.1 (bug #438511; medium)
	- centerim 4.22.1-2.1 (medium)
CVE-2007-3712 (Multiple cross-site scripting (XSS) vulnerabilities in HiddenChest "is ...)
	NOT-FOR-US: HiddenChest
CVE-2007-3711 (Unspecified vulnerability in TOS 2.1.x, 2.2.x before 2.2.5, and 2.5.x  ...)
	NOT-FOR-US: TippingPoint IPS
CVE-2007-3710 (PHP remote file inclusion vulnerability in example/gamedemo/inc.functi ...)
	NOT-FOR-US: PHP Comet-Server
CVE-2007-3709 (CRLF injection vulnerability in the redirect function in url_helper.ph ...)
	- codeigniter <itp> (bug #471583)
CVE-2007-3708 (Cross-site scripting (XSS) vulnerability in CodeIgniter 1.5.3 before 2 ...)
	- codeigniter <itp> (bug #471583)
CVE-2007-3707 (Directory traversal vulnerability in index.php in CodeIgniter 1.5.3 be ...)
	- codeigniter <itp> (bug #471583)
CVE-2007-3706 (The _sanitize_globals function in CodeIgniter 1.5.3 before 20070628 al ...)
	- codeigniter <itp> (bug #471583)
CVE-2007-3705 (SQL injection vulnerability in FuseTalk 2.0 allows remote attackers to ...)
	NOT-FOR-US: FuseTalk
CVE-2007-3704 (Entertainment CMS allows remote attackers to bypass authentication and ...)
	NOT-FOR-US: Entertainment CMS
CVE-2007-3703 (Stack-based buffer overflow in a certain ActiveX control in sasatl.dll ...)
	NOT-FOR-US: Zenturi ProgramChecker
CVE-2007-3702 (Directory traversal vulnerability in the load function in cgi-bin/mail ...)
	NOT-FOR-US: Mail Machine
CVE-2007-3701 (TippingPoint IPS before 20070710 does not properly handle a hex-encode ...)
	NOT-FOR-US: TippingPoint IPS
CVE-2007-3700 (Sun Java System Access Manager (formerly Java System Identity Server)  ...)
	NOT-FOR-US: Sun Java System Access Manager
CVE-2007-3699 (The Decomposer component in multiple Symantec products allows remote a ...)
	NOT-FOR-US: Symantec
CVE-2007-3698 (The Java Secure Socket Extension (JSSE) in Sun JDK and JRE 6 Update 1  ...)
	- sun-java5 1.5.0-12-1
	- sun-java6 6-02-1
	[etch] - sun-java5 1.5.0-14-1etch1
	- openjdk-6 6b08-1 (bug #566766)
CVE-2007-3697 (PHP remote file inclusion vulnerability in phpbb/sendmsg.php in FlashB ...)
	NOT-FOR-US: FlashBB
CVE-2007-3696 (CA ERwin Data Model Validator (formerly AllFusion Data Model Validator ...)
	NOT-FOR-US: CA ERwin Data Model Validator
CVE-2007-3695 (Buffer overflow in LICRCMD.EXE in CA ERwin Process Modeler (formerly A ...)
	NOT-FOR-US: CA ERwin
CVE-2007-3694 (Cross-site scripting (XSS) vulnerability in login.php in Miro Project  ...)
	NOT-FOR-US: Broadcast Machine
CVE-2007-3693 (Cross-site scripting (XSS) vulnerability in Gobi as of 20070711, built ...)
	NOT-FOR-US: gobi
CVE-2007-3692 (Directory traversal vulnerability in download.cgi in EZFactory KDDI Do ...)
	NOT-FOR-US: EZFactory KDDI Download CGI
CVE-2007-3691 (Multiple SQL injection vulnerabilities in changePW.php in AV Tutorial  ...)
	NOT-FOR-US: AV Tutorial
CVE-2007-3690 (The Forward module before 4.7-1.1 and 5.x before 5.x-1.0 for Drupal al ...)
	NOT-FOR-US: Forward module for Drupal
CVE-2007-3689 (The Print module before 4.7-1.0 and 5.x before 5.x-1.2 for Drupal allo ...)
	NOT-FOR-US: Print module for Drupal
CVE-2007-3688 (Multiple cross-site request forgery (CSRF) vulnerabilities in DotClear ...)
	NOT-FOR-US: DotClear
CVE-2007-3687 (SQL injection vulnerability in inferno.php in the Inferno Technologies ...)
	NOT-FOR-US: Inferno Technologies
CVE-2007-3686 (CRLF injection vulnerability in db.php in Unobtrusive Ajax Star Rating ...)
	NOT-FOR-US: Unobtrusive Ajax Star Rating Bar
CVE-2007-3685 (Cross-site scripting (XSS) vulnerability in rpc.php in Unobtrusive Aja ...)
	NOT-FOR-US: Unobtrusive Ajax Star Rating Bar
CVE-2007-3684 (Multiple SQL injection vulnerabilities in Unobtrusive Ajax Star Rating ...)
	NOT-FOR-US: Unobtrusive Ajax Star Rating Bar
CVE-2007-3683 (SQL injection vulnerability in pagetopic.php in Aigaion 1.3.3 and earl ...)
	NOT-FOR-US: Aigaion
CVE-2007-3682 (SQL injection vulnerability in index.php in OpenLD 1.2.2 and earlier a ...)
	NOT-FOR-US: OpenLD
CVE-2007-3681 (The IOCTL 9031 (BIOCGSTATS) handler in the NPF.SYS device driver in Wi ...)
	NOT-FOR-US: WinPcap
CVE-2007-3680 (Stack-based buffer overflow in the odm_searchpath function in libodm i ...)
	NOT-FOR-US: IBM AIX
CVE-2007-3679 (The Citrix EPA ActiveX control (aka the "endpoint checking control" or ...)
	NOT-FOR-US: Citrix
CVE-2007-3678 (Stack-based buffer overflow in the MSWord text-import extension (Word  ...)
	NOT-FOR-US: QuarkXPress
CVE-2007-3677 (Multiple SQL injection vulnerabilities in Maxsi eVisit Analyst allow r ...)
	NOT-FOR-US: Maxsi eVisit Analyst
CVE-2007-3676 (IBM DB2 Universal Database (UDB) Administration Server (DAS) 8 before  ...)
	NOT-FOR-US: IBM DB2
CVE-2007-3675 (Multiple format string vulnerabilities in the kavwebscan.CKAVWebScan A ...)
	NOT-FOR-US: Kaspersky Online Scanner
CVE-2007-3674
	RESERVED
CVE-2007-3673 (Symantec symtdi.sys before 7.0.0, as distributed in Symantec AntiVirus ...)
	NOT-FOR-US: Symantec AntiVirus
CVE-2007-3672 (Cross-site scripting (XSS) vulnerability in ecrire/tools.php in DotCle ...)
	NOT-FOR-US: DotClear
CVE-2007-3671 (Unspecified vulnerability in the kernel in Microsoft Windows Vista has ...)
	NOT-FOR-US: Microsoft Windows
CVE-2007-3670 (Argument injection vulnerability in Microsoft Internet Explorer, when  ...)
	- iceweasel <not-affected> (Only affects Firefox/Thunderbird on Windows)
	- icedove <not-affected> (Only affects Firefox/Thunderbird on Windows)
	NOTE: MFSA2007-23
CVE-2007-3669 (Multiple unspecified vulnerabilities in the Innovasys DockStudioXP Inn ...)
	NOT-FOR-US: InnovaDSXP2.OCX ActiveX Control
CVE-2007-3668 (Multiple unspecified vulnerabilities in NMSDVDXU.DLL in NuMedia NMSDVD ...)
	NOT-FOR-US: NMSDVDXLib
CVE-2007-3667 (Unspecified vulnerability in EXCLEXPT.DLL in ActiveReportsExcelReport  ...)
	NOT-FOR-US: ActiveReportsExcelReport
CVE-2007-3666 (Buffer overflow in RemoteCommand.DLL in Symantec Norton Ghost 12.0 all ...)
	NOT-FOR-US: Symantec Ghost
CVE-2007-3665 (Multiple unspecified vulnerabilities in FileBackup.DLL in Symantec Nor ...)
	NOT-FOR-US: Symantec Ghost
CVE-2007-3664 (Multiple unspecified vulnerabilities in Eltima Software RunService Act ...)
	NOT-FOR-US: Eltima Software
CVE-2007-3663 (Divide-by-zero error in Media Player Classic (MPC) 6.4.9.0 allows user ...)
	NOT-FOR-US: guliverkli Media Player Classic
CVE-2007-3662 (Media Player Classic (MPC) 6.4.9.0 allows user-assisted remote attacke ...)
	NOT-FOR-US: guliverkli Media Player Classic
CVE-2007-3661 (Eltima Software Virtual Serial Port (VSPAX) ActiveX control (VSPort.DL ...)
	NOT-FOR-US: Eltima Software
CVE-2007-3660 (The Nonnoi ASP/Barcode ActiveX control (nonnoi_ASPBarcode.dll) allows  ...)
	NOT-FOR-US: Nonnoi
CVE-2007-3659 (Buffer overflow in the doBrowserAction function in FreeWRL 1.19.3 allo ...)
	NOT-FOR-US: FreeWRL
CVE-2007-3658 (Unspecified vulnerability in Microsoft Register Server (REGSVR) allows ...)
	NOT-FOR-US: Microsoft
CVE-2007-3657
	NOTE: Disputed Firefox issue, browser crashes not treated as security problems anyway
CVE-2007-3656 (Mozilla Firefox before 1.8.0.13 and 1.8.1.x before 1.8.1.5 does not pe ...)
	{DSA-1339-1 DSA-1338-1 DSA-1337-1 DTSA-45-1 DTSA-47-1 DTSA-51-1}
	- iceweasel 2.0.0.5-1 (high)
	- iceape 1.1.3-1 (high)
	- xulrunner 1.8.1.5-1 (high)
	NOTE: MFSA2007-24
CVE-2007-3655 (Stack-based buffer overflow in javaws.exe in Sun Java Web Start in JRE ...)
	- sun-java5 1.5.0-12-1
	[etch] - sun-java5 1.5.0-14-1etch1
	- sun-java6 6-02-1
CVE-2007-3654 (The display driver allocattr functions in NetBSD 3.0 through 4.0_BETA2 ...)
	NOT-FOR-US: NetBSD
CVE-2007-3653 (Multiple cross-site scripting (XSS) vulnerabilities in Farsi Script (a ...)
	NOT-FOR-US: Farsi Script
CVE-2007-3652 (SQL injection vulnerability in class/page.php in Farsi Script (aka FaS ...)
	NOT-FOR-US: Farsi Script
CVE-2007-3651 (class/page.php in Farsi Script (aka FaScript) FaName 1.0 allows remote ...)
	NOT-FOR-US: Farsi Script
CVE-2007-3650 (myWebland myBloggie 2.1.6 allow remote attackers to obtain sensitive i ...)
	NOT-FOR-US: myWebland myBloggie
CVE-2007-3649 (Absolute path traversal vulnerability in a certain ActiveX control in  ...)
	NOT-FOR-US: Hewlett-Packard (HP) Photo Digital Imaging ActiveX control
CVE-2007-3648 (SQL injection vulnerability in Webmatic before 2.6.2, and possibly oth ...)
	NOT-FOR-US: WebMatic
CVE-2007-3647 (The isloggedin function in Php/login.inc.php in phpTrafficA 1.4.3 and  ...)
	NOT-FOR-US: phpTrafficA
CVE-2007-3646 (SQL injection vulnerability in index.php in FlashGameScript 1.7 and ea ...)
	NOT-FOR-US: FlashGameScript
CVE-2007-3645 (archive_read_support_format_tar.c in libarchive before 2.2.4 allows us ...)
	{DSA-1455-1}
	- libarchive 2.2.4-1 (bug #432924; low)
CVE-2007-3644 (archive_read_support_format_tar.c in libarchive before 2.2.4 allows us ...)
	{DSA-1455-1}
	- libarchive 2.2.4-1 (bug #432924; low)
CVE-2007-3643 (admin/index.php in AV Arcade 2.1b grants administrative privileges whe ...)
	NOT-FOR-US: AV Arcade
CVE-2007-3642 (The decode_choice function in net/netfilter/nf_conntrack_h323_asn1.c i ...)
	{DSA-1356-1}
	- linux-2.6 2.6.22-2
CVE-2007-3641 (archive_read_support_format_tar.c in libarchive before 2.2.4 does not  ...)
	{DSA-1455-1}
	- libarchive 2.2.4-1 (bug #432924; low)
CVE-2007-3640 (Adobe Integrated Runtime (AIR, aka Apollo) allows context-dependent at ...)
	NOT-FOR-US: Adobe Apollo
CVE-2007-3639 (WordPress before 2.2.2 allows remote attackers to redirect visitors to ...)
	{DSA-1564-1}
	- wordpress 2.2.2-1
CVE-2007-3638 (Buffer overflow in Yahoo! Messenger 8.1 allows user-assisted remote au ...)
	NOT-FOR-US: Yahoo! Messenger
CVE-2007-3637 (SQL injection vulnerability in MKPortal 1.1.1 allows remote attackers  ...)
	NOT-FOR-US: MKPortal
CVE-2007-3636 (Multiple unspecified vulnerabilities in the G/PGP (GPG) Plugin 2.1 for ...)
	NOT-FOR-US: G/PGP (GPG) Plugin for Squirrelmail
CVE-2007-3635 (Multiple unspecified vulnerabilities in the G/PGP (GPG) Plugin before  ...)
	NOT-FOR-US: G/PGP (GPG) Plugin for Squirrelmail
CVE-2007-3634 (Unspecified vulnerability in the G/PGP (GPG) Plugin 2.0 for Squirrelma ...)
	NOT-FOR-US: G/PGP (GPG) Plugin for Squirrelmail
CVE-2007-3633 (Absolute path traversal vulnerability in the Chilkat Software Chilkat  ...)
	NOT-FOR-US: Chilkat Software
CVE-2007-3632 (Multiple PHP remote file inclusion vulnerabilities in LimeSurvey (aka  ...)
	NOTE: Moodle contains a copy of the files, but not the string
	NOTE: "homedir", so it is not affected.
CVE-2007-3631 (SQL injection vulnerability in index.php in GameSiteScript (gss) 3.1 a ...)
	NOT-FOR-US: GameSiteScript
CVE-2007-3630 (changePW.php in AV Tutorial Script (avtutorial) 1.0 does not require a ...)
	NOT-FOR-US: AV Tutorial
CVE-2007-3629 (SQL injection vulnerability in oku.asp in Levent Veysi Portal 1.0 allo ...)
	NOT-FOR-US: Levent Veysi Portal
CVE-2007-3628 (Unspecified vulnerability in the fetch function in MDB2.php in PEAR St ...)
	NOT-FOR-US: Structures-DataGrid-DataSource-MDB2
CVE-2007-3627 (Multiple SQL injection vulnerabilities in PHP Lite Calendar Express 2. ...)
	NOT-FOR-US: PHP Lite Calender Express
CVE-2007-3626 (Unspecified vulnerability in the ADM daemon in Hitachi TPBroker before ...)
	NOT-FOR-US: Hitachi
CVE-2007-3625 (The Program Neighborhood Agent in Citrix Presentation Server Clients f ...)
	NOT-FOR-US: Citrix
CVE-2007-3624 (Heap-based buffer overflow in the Message HTTP Server in SAP Message S ...)
	NOT-FOR-US: SAP
CVE-2007-3623 (Cross-site scripting (XSS) vulnerability in the Hitachi JP1/HiCommand  ...)
	NOT-FOR-US: Hitachi
CVE-2007-3622 (Unspecified vulnerability in DomainPOP in Alt-N Technologies MDaemon b ...)
	NOT-FOR-US: MDaemon
CVE-2007-3621 (Multiple CRLF injection vulnerabilities in callboth.php in AsteriDex 3 ...)
	NOT-FOR-US: AsteriDex
CVE-2007-3620 (Multiple directory traversal vulnerabilities in Maia Mailguard 1.0.2 a ...)
	NOT-FOR-US: Maia Mailguard
CVE-2007-3619 (Directory traversal vulnerability in login.php in Maia Mailguard 1.0.2 ...)
	NOT-FOR-US: Maia Mailguard
CVE-2007-3618 (Stack-based buffer overflow in the NetWorker Remote Exec Service (nsre ...)
	NOT-FOR-US: EMC Software NetWorker
CVE-2007-3617 (The report module in vtiger CRM before 5.0.3 does not properly apply s ...)
	NOT-FOR-US: vtiger CRM
CVE-2007-3616 (index.php in vtiger CRM before 5.0.3 allows remote authenticated users ...)
	NOT-FOR-US: vtiger CRM
CVE-2007-3615 (Internet Communication Manager (aka ICMAN.exe or ICM) in SAP NetWeaver ...)
	NOT-FOR-US: SAP
CVE-2007-3614 (Multiple stack-based buffer overflows in waHTTP.exe (aka the SAP DB We ...)
	NOT-FOR-US: SAP DB Web Server
CVE-2007-3613 (Cross-site scripting (XSS) vulnerability in ADM:GETLOGFILE in SAP Inte ...)
	NOT-FOR-US: SAP
CVE-2007-3612 (Stack-based buffer overflow in Visual IRC (ViRC) 2.0 allows remote IRC ...)
	NOT-FOR-US: Visual IRC
CVE-2007-3611 (admin.php in VRNews 1.1.1, and possibly other 1.x versions, does not r ...)
	NOT-FOR-US: VRNews
CVE-2007-3610 (SQL injection vulnerability in categories_type.php in phpVID 0.9.9 all ...)
	NOT-FOR-US: phpVID
CVE-2007-3609 (Multiple SQL injection vulnerabilities in eMeeting Online Dating Softw ...)
	NOT-FOR-US: eMeeting
CVE-2007-3608 (Multiple unspecified vulnerabilities in ActiveX controls in the EnjoyS ...)
	NOT-FOR-US: SAP
CVE-2007-3607 (Multiple unspecified vulnerabilities in ActiveX controls in the EnjoyS ...)
	NOT-FOR-US: SAP
CVE-2007-3606 (Heap-based buffer overflow in the rfcguisink.rfcguisink.1 ActiveX cont ...)
	NOT-FOR-US: SAP
CVE-2007-3605 (Stack-based buffer overflow in the kweditcontrol.kwedit.1 ActiveX cont ...)
	NOT-FOR-US: SAP
CVE-2007-3604 (vtiger CRM before 5.0.3 allows remote authenticated users with access  ...)
	NOT-FOR-US: vtiger CRM
CVE-2007-3603 (SQL injection vulnerability in the dashboard (include/utils/SearchUtil ...)
	NOT-FOR-US: vtiger CRM
CVE-2007-3602 (The SOAP webservice in vtiger CRM before 5.0.3 does not ensure that au ...)
	NOT-FOR-US: vtiger CRM
CVE-2007-3601 (vtiger CRM before 5.0.3, when a migrated build is used, allows remote  ...)
	NOT-FOR-US: vtiger CRM
CVE-2007-3600 (WordPlugin in the wordintegration component in vtiger CRM before 5.0.3 ...)
	NOT-FOR-US: vtiger CRM
CVE-2007-3599 (vtiger CRM before 5.0.3 allows remote authenticated users to import an ...)
	NOT-FOR-US: vtiger CRM
CVE-2007-3598 (index.php in vtiger CRM before 5.0.3 allows remote authenticated users ...)
	NOT-FOR-US: vtiger CRM
CVE-2007-3597 (Session fixation vulnerability in Zen Cart 1.3.7 and earlier allows re ...)
	NOT-FOR-US: Zen Cart
CVE-2007-3596 (inc/vul_check.inc in phpVideoPro before 0.8.8 permits non-alphanumeric ...)
	NOT-FOR-US: phpVideoPro
CVE-2007-3595
	REJECTED
CVE-2007-3594 (Multiple cross-site scripting (XSS) vulnerabilities in AdventNet Manag ...)
	NOT-FOR-US: ManageEngine OpManager
CVE-2007-3593 (Multiple cross-site scripting (XSS) vulnerabilities in ManageEngine Ne ...)
	NOT-FOR-US: ManageEngine NetflowAnalyzer
CVE-2007-3592 (PM.php in Elite Bulletin Board before 1.0.10 allows remote authenticat ...)
	NOT-FOR-US: Elite Bulletin Board
CVE-2007-3591 (Unspecified vulnerability in Profile.php in Elite Bulletin Board befor ...)
	NOT-FOR-US: Elite Bulletin Board
CVE-2007-3590 (Cross-site scripting (XSS) vulnerability in visitenkarte.php in b1gBB  ...)
	NOT-FOR-US: b1gBB
CVE-2007-3589 (Multiple SQL injection vulnerabilities in b1gbb 2.24.0 allow remote at ...)
	NOT-FOR-US: b1gbb
CVE-2007-3588 (SQL injection vulnerability in reply.php in VBZooM 1.12 allows remote  ...)
	NOT-FOR-US: VBZooM
CVE-2007-3587 (MyCMS 0.9.8 and earlier allows remote attackers to gain privileges via ...)
	NOT-FOR-US: MyCMS
CVE-2007-3586 (Multiple direct static code injection vulnerabilities in MyCMS 0.9.8 a ...)
	NOT-FOR-US: MyCMS
CVE-2007-3585 (PHP remote file inclusion vulnerability in games.php in MyCMS 0.9.8 an ...)
	NOT-FOR-US: MyCMS
CVE-2007-3584 (SQL injection vulnerability in viewforum.php in PNphpBB2 1.2i and earl ...)
	NOT-FOR-US: PNphpBB2
CVE-2007-3583 (SQL injection vulnerability in details_news.php in Girlserv ads 1.5 an ...)
	NOT-FOR-US: Girlserv ads
CVE-2007-3582 (SQL injection vulnerability in index.php in SuperCali PHP Event Calend ...)
	NOT-FOR-US: SuperCali PHP Event Calendar
CVE-2007-3581 (The Jedox Palo 1.5 client transmits the password in cleartext, which m ...)
	NOT-FOR-US: Jedox
CVE-2007-3580 (PHPIDS does not properly handle certain code containing newlines, as d ...)
	NOT-FOR-US: PHPIDS
CVE-2007-3579 (PHPIDS before 20070703 does not properly handle setting the .text prop ...)
	NOT-FOR-US: PHPIDS
CVE-2007-3578 (PHPIDS before 20070703 does not properly handle (1) arithmetic express ...)
	NOT-FOR-US: PHPIDS
CVE-2007-3577 (PHPIDS before 20070703 does not properly handle use of the substr meth ...)
	NOT-FOR-US: PHPIDS
CVE-2007-3576
	NOT-FOR-US: Microsoft
CVE-2007-3575 (SQL injection vulnerability in includes/functions in FreeDomain.co.nr  ...)
	NOT-FOR-US: FreeDomain.co.nr Clone
CVE-2007-3574 (Multiple cross-site scripting (XSS) vulnerabilities in setup.cgi on th ...)
	NOT-FOR-US: Linksys
CVE-2007-3573 (Multiple SQL injection vulnerabilities in akocomment allow remote atta ...)
	NOT-FOR-US: AkoComment
CVE-2007-3572 (Incomplete blacklist vulnerability in cgi-bin/runDiagnostics.cgi in th ...)
	NOT-FOR-US: Yoggie
CVE-2007-3571 (The Apache Web Server as used in Novell NetWare 6.5 and GroupWise allo ...)
	NOT-FOR-US: Novell
CVE-2007-3570 (The Linux Access Gateway in Novell Access Manager before 3.0 SP1 Relea ...)
	NOT-FOR-US: Novell
CVE-2007-3569 (Multiple cross-site scripting (XSS) vulnerabilities in Oliver Library  ...)
	NOT-FOR-US: Oliver Library Management System
CVE-2007-3568 (The _LoadBMP function in imlib 1.9.15 and earlier allows context-depen ...)
	- imlib 1.9.15-3 (bug #437708; low)
	[sarge] - imlib <no-dsa> (Minor issue, just a crash)
	[etch] - imlib <no-dsa> (Minor issue, just a crash)
CVE-2007-3567 (MySQLDumper 1.21b through 1.23 REV227 uses a "Limit GET" statement in  ...)
	NOT-FOR-US: MysqlDumper
CVE-2007-3566 (Stack-based buffer overflow in the database service (ibserver.exe) in  ...)
	NOT-FOR-US: Borland InterBase
CVE-2007-3565
	RESERVED
CVE-2007-3564 (libcurl 7.14.0 through 7.16.3, when built with GnuTLS support, does no ...)
	{DSA-1333-1}
	- curl 7.16.4-1 (low)
CVE-2007-3563 (SQL injection vulnerability in includes/view_page.php in AV Arcade 2.1 ...)
	NOT-FOR-US: AV Arcade
CVE-2007-3562 (SQL injection vulnerability in videos.php in PHP Director 0.21 and ear ...)
	NOT-FOR-US: PHP Director
CVE-2007-3561 (Cross-site scripting (XSS) vulnerability in ara.asp in Efendy Blog 1.0 ...)
	NOT-FOR-US: Efendy Blog
CVE-2007-3560 (Multiple unspecified vulnerabilities in Esqlanelapse before 2.6 have u ...)
	NOT-FOR-US: Esqlanelapse
CVE-2007-3559 (Cross-site scripting (XSS) vulnerability in infusions/shoutbox_panel/s ...)
	NOT-FOR-US: PHP-Fusion
CVE-2007-3558 (SQL injection vulnerability in Coppermine Photo Gallery (CPG) before 1 ...)
	NOT-FOR-US: Coppermine Photo Gallery
CVE-2007-3557 (SQL injection vulnerability in admin/login.php in Wheatblog (wB) 1.1,  ...)
	NOT-FOR-US: Wheatblog
CVE-2007-3556 (Liesbeth base CMS stores sensitive information under the web root with ...)
	NOT-FOR-US: Liesbeth
CVE-2007-3555 (Cross-site scripting (XSS) vulnerability in index.php in Moodle 1.7.1  ...)
	{DSA-1691-1}
	- moodle 1.8.2-1 (low; bug #432264)
CVE-2007-3554 (Stack-based buffer overflow in the HPSDDX Class (SDD) ActiveX control  ...)
	NOT-FOR-US: HP
CVE-2007-3553 (Cross-site scripting (XSS) vulnerability in Rapid Install Web Server i ...)
	NOT-FOR-US: Oracle
CVE-2007-3552 (Multiple unspecified vulnerabilities in bbs100 before 3.2 allow remote ...)
	NOT-FOR-US: bbs100
CVE-2007-3551 (Buffer overflow in bbs100 before 3.2 allows remote attackers to cause  ...)
	NOT-FOR-US: bbs100
CVE-2007-3550
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2007-3549 (SQL injection vulnerability in view_sub_cat.php in Buddy Zone 1.5 allo ...)
	NOT-FOR-US: Buddy Zone
CVE-2007-3548 (Stack-based buffer overflow in W3Filer 2.1.3 allows remote FTP servers ...)
	NOT-FOR-US: W3Filer
CVE-2007-3547 (Directory traversal vulnerability in qti_checkname.php in QuickTicket  ...)
	NOT-FOR-US: QuickTicket
CVE-2007-3546 (Cross-site scripting (XSS) vulnerability in the Windows GUI in Nessus  ...)
	NOT-FOR-US: Nessus Windows GUI
CVE-2007-3545 (Buffer overflow in Warzone 2100 Resurrection before 2.0.7 allows remot ...)
	NOT-FOR-US: Warzone
CVE-2007-3544 (Unrestricted file upload vulnerability in (1) wp-app.php and (2) app.p ...)
	- wordpress 2.2.2-1
	[etch] - wordpress <not-affected> (Vulnerable code not present)
CVE-2007-3543 (Unrestricted file upload vulnerability in WordPress before 2.2.1 and W ...)
	- wordpress 2.2.1-1
	[etch] - wordpress <not-affected> (Vulnerable code not present)
CVE-2007-3542 (Cross-site scripting (XSS) vulnerability in admin/auth.php in Pluxml 0 ...)
	NOT-FOR-US: Pluxml
CVE-2007-3541 (Cross-site scripting (XSS) vulnerability in Kurinton sHTTPd 20070408 a ...)
	NOT-FOR-US: Kurinton sHTTPd
CVE-2007-3540 (Multiple cross-site scripting (XSS) vulnerabilities in search.asp in r ...)
	NOT-FOR-US: rwAuction
CVE-2007-3539 (Multiple SQL injection vulnerabilities in QuickTicket 1.2 build:200706 ...)
	NOT-FOR-US: QuickTicket
CVE-2007-3538 (SQL injection vulnerability in qtg_msg_view.php in QuickTalk guestbook ...)
	NOT-FOR-US: QuickTalk
CVE-2007-3537 (IBM OS/400 (aka i5/OS) V4R2M0 through V5R3M0 on iSeries machines sends ...)
	NOT-FOR-US: IBM OS/400
CVE-2007-3536 (Multiple buffer overflows in the AMX NetLinx VNC (AmxVnc) ActiveX cont ...)
	NOT-FOR-US: AMX NetLinx VNC
CVE-2007-3535 (Multiple directory traversal vulnerabilities in GL-SH Deaf Forum 6.4.4 ...)
	NOT-FOR-US: GL-SH Deaf Forum
CVE-2007-3534 (SQL injection vulnerability in login.php in WebChat 0.78 allows remote ...)
	NOT-FOR-US: WebChat
CVE-2007-3533 (The 3Com IntelliJack Switch NJ220 before 2.0.23 allows remote attacker ...)
	NOT-FOR-US: 3Com
CVE-2007-3532 (NVIDIA drivers (nvidia-drivers) before 1.0.7185, 1.0.9639, and 100.14. ...)
	- nvidia-kernel-common 20051028+1-0.1 (bug #434398; low)
	[sarge] - nvidia-kernel-common <no-dsa> (Contrib and non-free not supported)
	[etch] - nvidia-kernel-common <no-dsa> (Contrib and non-free not supported)
CVE-2007-3531 (The set_default_speeds function in backend/backend.c in NVidia NVClock ...)
	- nvclock 0.8b-1 (low)
CVE-2007-3530 (PHPDirector 0.21 and earlier stores the admin account name and passwor ...)
	NOT-FOR-US: PHPDirector
CVE-2007-3529 (videos.php in PHPDirector 0.21 and earlier allows remote attackers to  ...)
	NOT-FOR-US: PHPDirector
CVE-2007-3528 (The blowfish mode in DAR before 2.3.4 uses weak Blowfish-CBC cryptogra ...)
	- dar 2.3.3-1 (low; bug #425335)
	[etch] - dar <no-dsa> (Minor issue)
	[sarge] - dar <no-dsa> (Minor issue)
CVE-2007-3527 (Integer overflow in Firebird 2.0.0 allows remote authenticated users t ...)
	{DSA-1529-1}
	- firebird2.0 2.0.3.12981.ds1-1 (bug #441405)
	[etch] - firebird2 <no-dsa> (Fixed packages have been released through backports.org, see #1529)
	[sarge] - firebird2 <unfixed>
CVE-2007-3526 (Multiple SQL injection vulnerabilities in Buddy Zone 1.5 and earlier a ...)
	NOT-FOR-US: Buddy Zone
CVE-2007-3525 (Ripe Website Manager 0.8.9 and earlier allows remote attackers to obta ...)
	NOT-FOR-US: Ripe Website Manager
CVE-2007-3524 (Multiple PHP remote file inclusion vulnerabilities in Ripe Website Man ...)
	NOT-FOR-US: Ripe Website Manager
CVE-2007-3523 (Multiple directory traversal vulnerabilities in Module/Galerie.php in  ...)
	NOT-FOR-US: XCMS
CVE-2007-3522 (Multiple PHP remote file inclusion vulnerabilities in sPHPell 1.01 all ...)
	NOT-FOR-US: sPHPell
CVE-2007-3521 (SQL injection vulnerability in ArcadeBuilder Game Portal Manager 1.7 a ...)
	NOT-FOR-US: ArcadeBuilder Game Portal Manager
CVE-2007-3520 (SQL injection vulnerability in process.php in Easybe 1-2-3 Music Store ...)
	NOT-FOR-US: Easybe
CVE-2007-3519 (SQL injection vulnerability in eventdisplay.php in phpEventCalendar 0. ...)
	NOT-FOR-US: phpEventCalendar
CVE-2007-3518 (SQL injection vulnerability in msg.php in HispaH YouTube Clone Script  ...)
	NOT-FOR-US: HispaH YouTube Clone Script
CVE-2007-3517 (Multiple cross-site scripting (XSS) vulnerabilities in Claroline 1.8.3 ...)
	NOT-FOR-US: Claroline
CVE-2007-3516 (Multiple cross-site scripting (XSS) vulnerabilities in kayit.asp in Go ...)
	NOT-FOR-US: Gorki Online Santrac Sitesi
CVE-2007-3515 (SQL injection vulnerability in view_event.php in TotalCalendar 2.402 a ...)
	NOT-FOR-US: TotalCalendar
CVE-2007-3514 (Cross-domain vulnerability in Apple Safari for Windows 3.0.2 allows re ...)
	NOT-FOR-US: Apple Safari
CVE-2007-3513 (The lcd_write function in drivers/usb/misc/usblcd.c in the Linux kerne ...)
	{DSA-1356-1}
	- linux-2.6 2.6.22-1
	NOTE: Fixed in commit 5afeb104e7901168b21aad0437fb51dc620dfdd3
	NOTE: in Linus' tree.
CVE-2007-3512 (Stack-based buffer overflow in Lhaca File Archiver before 1.22 allows  ...)
	NOT-FOR-US: Lhaca
CVE-2007-3511 (The focus handling for the onkeydown event in Mozilla Firefox 1.5.0.12 ...)
	{DSA-1401-1 DSA-1396-1 DSA-1392-1 DTSA-69-1 DTSA-80-1}
	- iceweasel 2.0.0.8-1 (bug #438873; low)
	- xulrunner 1.8.1.9-1
	- iceape 1.1.5
	NOTE: MFSA2007-32
CVE-2007-3510 (Buffer overflow in the IMAP service in IBM Lotus Domino before 6.5.6 F ...)
	NOT-FOR-US: IBM Lotus Domino
CVE-2007-3509 (Heap-based buffer overflow in the RPC subsystem in Symantec Backup Exe ...)
	NOT-FOR-US: Symantec
CVE-2007-3508
	- glibc 2.6-2 (unimportant; bug #431858)
	NOTE: Not security-relevant
CVE-2007-3507 (Stack-based buffer overflow in the local__vcentry_parse_value function ...)
	- flac123 0.0.11-1 (low; bug #432008)
	[etch] - flac123 <no-dsa> (Minor issue)
CVE-2007-3506 (The ft_bitmap_assure_buffer function in src/base/ftbimap.c in FreeType ...)
	- freetype 2.3.4 (bug #432013)
	[sarge] - freetype <not-affected> (Vulnerable code introduced in 2.3.x)
	[etch] - freetype <not-affected> (Vulnerable code introduced in 2.3.x)
	[lenny] - freetype <not-affected> (Vulnerable code introduced in 2.3.x)
CVE-2007-3505 (Multiple directory traversal vulnerabilities in QuickTalk forum 1.3 al ...)
	NOT-FOR-US: QuickTalk forum
CVE-2007-3504 (Directory traversal vulnerability in the PersistenceService in Sun Jav ...)
	- sun-java5 <not-affected>
	NOTE: Sun Alert ID 102957 says issue is Windows only
CVE-2007-3503 (The Javadoc tool in Sun JDK 6 and JDK 5.0 Update 11 can generate HTML  ...)
	[etch] - sun-java5 1.5.0-14-1etch1
	- sun-java5 1.5.0-12-1
	[etch] - sun-java6 <no-dsa> (non-free)
	- sun-java6 6-01-1 (bug #432006)
	- openjdk-6 6b08-1 (bug #566766)
CVE-2007-3502 (Unspecified vulnerability in the web-based product configuration syste ...)
	NOT-FOR-US: Kaspersky Anti-Spam
CVE-2007-3501 (Cross-site scripting (XSS) vulnerability in CMD_USER_STATS in DirectAd ...)
	NOT-FOR-US: DirectAdmin
CVE-2007-3500 (Xeweb XEForum allows remote attackers to gain privileges via a modifie ...)
	NOT-FOR-US: Xeweb XEForum
CVE-2007-3499 (SlackRoll before 8 accepts gpg exit codes other than 0 and 1 as eviden ...)
	NOT-FOR-US: SlackRoll
CVE-2007-3498 (Cross-site scripting (XSS) vulnerability in smoketests/configForm.php  ...)
	NOT-FOR-US: HTML Purifier
CVE-2007-3497 (Microsoft Internet Explorer 7 allows remote attackers to determine the ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2007-3496 (Cross-site scripting (XSS) vulnerability in SAP Web Dynpro Java (BC-WD ...)
	NOT-FOR-US: SAP Web Dynpro Java
CVE-2007-3495 (Multiple cross-site scripting (XSS) vulnerabilities in the SAP Interne ...)
	NOT-FOR-US: SAP Internet Communication Framework
CVE-2007-3494 (Papoo CMS 3.6, and possibly earlier, does not verify user privileges w ...)
	NOT-FOR-US: Papoo CMS
CVE-2007-3493 (A certain ActiveX control in NCTWavChunksEditor2.dll 2.6.1.148 in NCTA ...)
	NOT-FOR-US: NCTAudioStudio
CVE-2007-3492 (Conti FtpServer 1.0 allows remote authenticated users to cause a denia ...)
	NOT-FOR-US: Conti FtpServer
CVE-2007-3491 (Buffer overflow in _mprosrv in Progress Software OpenEdge before 9.1E0 ...)
	NOT-FOR-US: Progress Software OpenEdge
CVE-2007-3490 (Unspecified vulnerability in Microsoft Excel 2003 SP2 allows remote at ...)
	NOT-FOR-US: Microsoft Excel 2003 SP2
CVE-2007-3489 (Cross-site request forgery (CSRF) vulnerability in pop/WizU.html in th ...)
	NOT-FOR-US: Check Point VPN-1 Edge X
CVE-2007-3488 (Heap-based buffer overflow in the viewer ActiveX control in Sony Netwo ...)
	NOT-FOR-US: Sony Network Camera SNC-P5 1.0
CVE-2007-3487 (Absolute path traversal in a certain ActiveX control in hpqxml.dll 2.0 ...)
	NOT-FOR-US: Hewlett-Packard (HP) Photo Digital Imaging ActiveX control
CVE-2007-3486 (Cross-site scripting (XSS) vulnerability in AltaVista search engine al ...)
	NOT-FOR-US: AltaVista
CVE-2007-3485 (Multiple cross-site scripting (XSS) vulnerabilities in Yandex.Server a ...)
	NOT-FOR-US: Yandex.Server
CVE-2007-3484
	NOT-FOR-US: Google Custom Search Engine
CVE-2007-3483 (Research in Motion BlackBerry Enterprise Server 4.0 through 4.1 has a  ...)
	NOT-FOR-US: BlackBerry Enterprise Server
CVE-2007-3482 (Cross-domain vulnerability in Apple Safari for Windows 3.0.1 allows re ...)
	NOT-FOR-US: Apple Safari
CVE-2007-3481
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2007-3480 (PCSoft WinDEV 11 (01F110053p) allows user-assisted remote attackers to ...)
	NOT-FOR-US: PCSoft WinDEV
CVE-2007-3479 (Stack-based buffer overflow in PCSoft WinDEV 11 (01F110053p) allows us ...)
	NOT-FOR-US: PCSoft WinDEV
CVE-2007-3478 (Race condition in gdImageStringFTEx (gdft_draw_bitmap) in gdft.c in th ...)
	- libgd2 2.0.35.dfsg-1 (unimportant)
	NOTE: this is a crash, and does not seem to be attacker controlled.
CVE-2007-3477 (The (a) imagearc and (b) imagefilledarc functions in GD Graphics Libra ...)
	{DSA-1613-1}
	- libgd2 2.0.35.dfsg-1 (low)
	- libwmf <unfixed> (unimportant)
	- racket 5.0.2-1 (unimportant; bug #601525)
	NOTE: Only present in one of the sample pl-scheme packages (plot)
	NOTE: CPU consumption DoS
CVE-2007-3476 (Array index error in gd_gif_in.c in the GD Graphics Library (libgd) be ...)
	{DSA-1613-1}
	- libgd2 2.0.35.dfsg-1 (low)
	- libwmf <unfixed> (unimportant)
	- racket 5.0.2-1 (unimportant; bug #601525)
	NOTE: Only present in one of the sample pl-scheme packages (plot)
	NOTE: can write a 0 to a 4k window in heap, very unlikely to be controllable.
CVE-2007-3475 (The GD Graphics Library (libgd) before 2.0.35 allows user-assisted rem ...)
	- libgd2 2.0.35.dfsg-1 (unimportant)
	NOTE: out-of-band memory read, does not appear attacker controlled.
CVE-2007-3474 (Multiple unspecified vulnerabilities in the GIF reader in the GD Graph ...)
	NOTE: appears to be prophylactic dup of CVE-2007-3476.
CVE-2007-3473 (The gdImageCreateXbm function in the GD Graphics Library (libgd) befor ...)
	- libgd2 2.0.35.dfsg-1 (unimportant)
	NOTE: this is only a NULL deref crash (same as CVE-2007-3472)
CVE-2007-3472 (Integer overflow in gdImageCreateTrueColor function in the GD Graphics ...)
	- libgd2 2.0.35.dfsg-1 (unimportant)
	NOTE: this is only a NULL deref crash.
CVE-2007-3471 (Buffer overflow in the dtsession Common Desktop Environment (CDE) Sess ...)
	NOT-FOR-US: Sun Solaris dtsession
CVE-2007-3470 (Multiple unspecified vulnerabilities in the KSSL kernel module in Sun  ...)
	NOT-FOR-US: Sun Solaris
CVE-2007-3469 (Unspecified vulnerability in the TCP Loopback/Fusion implementation in ...)
	NOT-FOR-US: Sun Solaris
CVE-2007-3468 (input.c in VideoLAN VLC Media Player before 0.8.6c allows remote attac ...)
	{DSA-1332-1}
	- vlc 0.8.6.c.debian-1 (bug #429726)
CVE-2007-3467 (Integer overflow in the __status_Update function in stats.c VideoLAN V ...)
	{DSA-1332-1}
	- vlc 0.8.6.c-1 (bug #429726)
CVE-2007-3466
	RESERVED
CVE-2007-3465 (Check Point SofaWare Safe@Office, with firmware before Embedded NGX 7. ...)
	NOT-FOR-US: Check Point SofaWare Safe
CVE-2007-3464 (Check Point SofaWare Safe@Office, with firmware before Embedded NGX 7. ...)
	NOT-FOR-US: Check Point SofaWare Safe
CVE-2007-3463
	NOT-FOR-US: Microsoft Windows XP SP2
CVE-2007-3462 (Cross-site request forgery (CSRF) vulnerability in Check Point SofaWar ...)
	NOT-FOR-US: Check Point SofaWare Safe
CVE-2007-3461 (SQL injection vulnerability in property.php in elkagroup Image Gallery ...)
	NOT-FOR-US: elkagroup Image Gallery
CVE-2007-3460 (Multiple PHP remote file inclusion vulnerabilities in index.php3 in EV ...)
	NOT-FOR-US: EVA-Web
CVE-2007-3459 (A certain ActiveX control in Avaxswf.dll 1.0.0.1 in Civitech Avax Vect ...)
	NOT-FOR-US: Civitech Avax Vector
CVE-2007-3458 (The libsldap library in Sun Solaris 8, 9, and 10 allows local users to ...)
	NOT-FOR-US: Sun Solaris libsldap
CVE-2007-3457 (Adobe Flash Player 8.0.34.0 and earlier insufficiently validates HTTP  ...)
	- flashplugin-nonfree 9.0.48.0.1
	[sarge] - flashplugin-nonfree <no-dsa> (non-free not supported)
	[etch] - flashplugin-nonfree <no-dsa> (non-free not supported)
CVE-2007-3456 (Integer overflow in Adobe Flash Player 9.0.45.0 and earlier might allo ...)
	- flashplugin-nonfree 9.0.48.0.1
	[sarge] - flashplugin-nonfree <no-dsa> (non-free not supported)
	[etch] - flashplugin-nonfree <no-dsa> (non-free not supported)
CVE-2007-3455 (cgiChkMasterPwd.exe before 8.0.0.142 in Trend Micro OfficeScan Corpora ...)
	NOT-FOR-US: Trend Micro OfficeScan Corporate Edition
CVE-2007-3454 (Stack-based buffer overflow in CGIOCommon.dll before 8.0.0.1042 in Tre ...)
	NOT-FOR-US: Trend Micro OfficeScan Corporate Edition
CVE-2007-3453 (SQL injection vulnerability in Papoo 3.6, and possibly earlier, allows ...)
	NOT-FOR-US: Papoo
CVE-2007-3452 (SQL injection vulnerability in essentials/minutes/doc.php in eDocStore ...)
	NOT-FOR-US: eDocStore
CVE-2007-3451 (PHP remote file inclusion vulnerability in admin/index.php in 6ALBlog  ...)
	NOT-FOR-US: 6ALBlog
CVE-2007-3450 (SQL injection vulnerability in member.php in 6ALBlog allows remote att ...)
	NOT-FOR-US: 6ALBlog
CVE-2007-3449 (SQL injection vulnerability in member.php in 6ALBlog allows remote att ...)
	NOT-FOR-US: 6ALBlog
CVE-2007-3448 (Cross-site scripting (XSS) vulnerability in index.php in BugMall Shopp ...)
	NOT-FOR-US: BugMall Shopping Cart
CVE-2007-3447 (SQL injection vulnerability in BugMall Shopping Cart 2.5 and earlier a ...)
	NOT-FOR-US: BugMall Shopping Cart
CVE-2007-3446 (BugMall Shopping Cart 2.5 and earlier has a default username "demo" an ...)
	NOT-FOR-US: BugMall Shopping Cart
CVE-2007-3445 (Buffer overflow in SJ Labs SJphone 1.60.303c, running under Windows Mo ...)
	NOT-FOR-US: SJphone
CVE-2007-3444 (The Research in Motion BlackBerry 7270 with 4.0 SP1 Bundle 83 allows r ...)
	NOT-FOR-US: BlackBerry 7270
CVE-2007-3443 (The Research in Motion BlackBerry 7270 before 4.0 SP1 Bundle 108 does  ...)
	NOT-FOR-US: BlackBerry 7270
CVE-2007-3442 (Format string vulnerability on the Research in Motion BlackBerry 7270  ...)
	NOT-FOR-US: BlackBerry 7270
CVE-2007-3441 (Format string vulnerability in the Aastra 9112i SIP Phone with firmwar ...)
	NOT-FOR-US: Aastra 9112i SIP Phone
CVE-2007-3440 (The Snom 320 SIP Phone, running snom320 linux 3.25, snom320-SIP 6.2.3, ...)
	NOT-FOR-US: Snom 320 SIP Phone
CVE-2007-3439 (The Snom 320 SIP Phone, running snom320 linux 3.25, snom320-SIP 6.2.3, ...)
	NOT-FOR-US: Snom 320 SIP Phone
CVE-2007-3438 (Buffer overflow in the SIP header parsing module in the Nortel PC Clie ...)
	NOT-FOR-US: Nortel PC Client SIP Soft Phone
CVE-2007-3437 (AOL Instant Messenger (AIM) 6.1.32.1 on Windows XP allows remote attac ...)
	NOT-FOR-US: AOL Instant Messenger
CVE-2007-3436 (Microsoft MSN Messenger 4.7 on Windows XP allows remote attackers to c ...)
	NOT-FOR-US: Microsoft
CVE-2007-3435 (Stack-based buffer overflow in the BeginPrint method in a certain Acti ...)
	NOT-FOR-US: BarCodeAx.dll
CVE-2007-3434 (index.php in Pharmacy System 2 and earlier allows remote attackers to  ...)
	NOT-FOR-US: Pharmacy System
CVE-2007-3433 (SQL injection vulnerability in index.php in Pharmacy System 2 and earl ...)
	NOT-FOR-US: Pharmacy System
CVE-2007-3432 (Unrestricted file upload vulnerability in admin/images.php in Pluxml 0 ...)
	NOT-FOR-US: Pluxml
CVE-2007-3431 (PHP remote file inclusion vulnerability in cal.func.php in Valerio Cap ...)
	NOT-FOR-US: Dagger
CVE-2007-3430 (SQL injection vulnerability in index.php in Simple Invoices 2007 05 25 ...)
	NOT-FOR-US: Simple Invoices
CVE-2007-3429 (Unrestricted file upload vulnerability in signup.php in e107 0.7.8 and ...)
	NOT-FOR-US: e107
CVE-2007-3428 (Multiple unspecified vulnerabilities in phpTrafficA before 1.4.2 allow ...)
	NOT-FOR-US: phpTrafficA
CVE-2007-3427 (SQL injection vulnerability in index.php in phpTrafficA 1.4.2 and earl ...)
	NOT-FOR-US: phpTrafficA
CVE-2007-3426 (Cross-site scripting (XSS) vulnerability in index.php in phpTrafficA 1 ...)
	NOT-FOR-US: phpTrafficA
CVE-2007-3425 (Directory traversal vulnerability in index.php in phpTrafficA 1.4.2 an ...)
	NOT-FOR-US: phpTrafficA
CVE-2007-3424 (The moveim function in cgi-bin/cgi-lib/instantmessage.pl in web-app.or ...)
	NOT-FOR-US: WebAPP
CVE-2007-3423 (cgi-bin/cgi-lib/instantmessage.pl in web-app.org WebAPP before 0.9.9.7 ...)
	NOT-FOR-US: WebAPP
CVE-2007-3422 (The getcgi function in cgi-bin/cgi-lib/subs.pl in web-app.org WebAPP b ...)
	NOT-FOR-US: WebAPP
CVE-2007-3421 (The (1) login, (2) admin profile edit, (3) reminder, (4) edit profile, ...)
	NOT-FOR-US: WebAPP
CVE-2007-3420 (The Random Cookie Password functionality in the loaduser function in c ...)
	NOT-FOR-US: WebAPP
CVE-2007-3419 (The editprofile3 function in cgi-bin/cgi-lib/user.pl in web-app.org We ...)
	NOT-FOR-US: WebAPP
CVE-2007-3418 (The displaypost function in cgi-bin/cgi-lib/forum_display.pl in web-ap ...)
	NOT-FOR-US: WebAPP
CVE-2007-3417 (Multiple cross-site scripting (XSS) vulnerabilities in cgi-bin/cgi-lib ...)
	NOT-FOR-US: WebAPP
CVE-2007-3416 (Multiple cross-site request forgery (CSRF) vulnerabilities in the admi ...)
	NOT-FOR-US: WebAPP
CVE-2007-3415 (Multiple SQL injection vulnerabilities in index.php in phpRaider 1.0.0 ...)
	NOT-FOR-US: phpRaider
CVE-2007-3414 (Multiple cross-site scripting (XSS) vulnerabilities in access2asp 4.5  ...)
	NOT-FOR-US: access2asp
CVE-2007-3413 (Multiple cross-site scripting (XSS) vulnerabilities in bosDataGrid 2.5 ...)
	NOT-FOR-US: bosDataGrid
CVE-2007-3412 (Cross-site scripting (XSS) vulnerability in edit_image.asp in ClickGal ...)
	NOT-FOR-US: ClickGallery Server
CVE-2007-3411 (SQL injection vulnerability in edit_image.asp in ClickGallery Server 5 ...)
	NOT-FOR-US: ClickGallery Server
CVE-2007-3410 (Stack-based buffer overflow in the SmilTimeValue::parseWallClockValue  ...)
	- helix-player <not-affected> (Debian versions of Helix player not affected according to maintainer)
CVE-2007-3409 (Net::DNS before 0.60, a Perl module, allows remote attackers to cause  ...)
	{DSA-1515-1}
	- libnet-dns-perl 0.60-1 (low)
CVE-2007-3408 (Multiple unspecified vulnerabilities in Dia before 0.96.1-6 have unspe ...)
	- dia <not-affected> (Windows packaging with bundled FreeType libs)
CVE-2007-3407 (Sergey Lyubka Simple HTTPD (shttpd) 1.38 allows remote attackers to ob ...)
	NOT-FOR-US: Simple HTTPD
CVE-2007-3406 (Multiple absolute path traversal vulnerabilities in Microsoft Internet ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2007-3405 (Multiple cross-site scripting (XSS) vulnerabilities in defter_yaz.asp  ...)
	NOT-FOR-US: Lebisoft zdefter
CVE-2007-3404 (Directory traversal vulnerability in ShowImage.php in SiteDepth CMS 3. ...)
	NOT-FOR-US: SiteDepth CMS
CVE-2007-3403 (Unrestricted file upload vulnerability in upload.php in dreamLog (aka  ...)
	NOT-FOR-US: dreamLog
CVE-2007-3402 (SQL injection vulnerability in index.php in pagetool 1.07 allows remot ...)
	NOT-FOR-US: pagetool
CVE-2007-3401 (PHP remote file inclusion vulnerability in footer.inc.php in B1G b1gBB ...)
	NOT-FOR-US: B1GBB
CVE-2007-3400 (The NCTAudioEditor2 ActiveX control in NCTWMAFile2.dll 2.6.2.157, as d ...)
	NOT-FOR-US: NCTAudioEditor2 ActiveX control
CVE-2007-3399 (SQL injection vulnerability in include/get_userdata.php in Power Phlog ...)
	NOT-FOR-US: Power Phlogger
CVE-2007-3398 (LiteWEB 2.7 allows remote attackers to cause a denial of service (hang ...)
	NOT-FOR-US: LiveWEB
CVE-2007-3397 (The web container in IBM WebSphere Application Server (WAS) before 6.0 ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2007-3396 (Cross-site scripting (XSS) vulnerability in index.wkf in KeyFocus (KF) ...)
	NOT-FOR-US: KeyFocus
CVE-2007-3395
	REJECTED
CVE-2007-3394 (Multiple SQL injection vulnerabilities in eNdonesia 8.4 allow remote a ...)
	NOT-FOR-US: eNdonesia
CVE-2007-3388 (Multiple format string vulnerabilities in (1) qtextedit.cpp, (2) qdata ...)
	{DSA-1426-1}
	- qt-x11-free 3:3.3.7-6
	- qt4-x11 <not-affected> (This problem is not present in any version of Qt 4)
	NOTE: http://web.archive.org/web/20080206133848/http://trolltech.com:80/company/newsroom/announcements/press.2007-07-27.7503755960
CVE-2007-3387 (Integer overflow in the StreamPredictor::StreamPredictor function in x ...)
	{DSA-1357-1 DSA-1355-1 DSA-1354-1 DSA-1352-1 DSA-1350-1 DSA-1349-1 DSA-1348-1 DSA-1347-1 DTSA-49-1 DTSA-50-1 DTSA-54-1 DTSA-62-1}
	- poppler 0.5.4-6.1 (bug #435460)
	- gpdf <removed>
	- xpdf 3.02-1.1 (bug #435462)
	- kdegraphics 4:3.5.7-3
	- koffice 1:1.6.3-2
	- pdftohtml <removed>
	[etch] - pdftohtml 0.36-13etch1
	- tetex-bin 3.0-12
	NOTE: pdftex links to poppler since 3.0-12, thus marking as fixed
	- cupsys <not-affected> (unimportant; bug #436099)
	- cups <not-affected> (unimportant; bug #436099)
	NOTE: cups uses xpdf-utils
	- pdfkit.framework 0.8-4
	NOTE: links to poppler since 0.8-4, thus marking as fixed
	- libextractor 0.5.12-1
	NOTE: libextractor uses internal pdf decoder since 0.5.12-1, thus marking as fixed
	- ipe <not-affected> (Does not include the vulnerable code)
	- swftools 0.9.2+ds1-2
CVE-2007-3386 (Cross-site scripting (XSS) vulnerability in the Host Manager Servlet f ...)
	{DSA-1447-1}
	- tomcat5.5 5.5.25-1
CVE-2007-3385 (Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 ...)
	{DSA-1453-1 DSA-1447-1}
	- tomcat5.5 5.5.25-1
	- tomcat5 <removed>
CVE-2007-3384 (Multiple cross-site scripting (XSS) vulnerabilities in examples/servle ...)
	NOT-FOR-US: tomcat 3.3
CVE-2007-3383 (Cross-site scripting (XSS) vulnerability in SendMailServlet in the exa ...)
	- tomcat4 <removed> (low)
	[sarge] - tomcat4 <no-dsa> (Contrib not supported)
	NOTE: affects example app in tomcat4-webapps
CVE-2007-3382 (Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 ...)
	{DSA-1453-1 DSA-1447-1}
	- tomcat5.5 5.5.25-1
	- tomcat5 <removed>
CVE-2007-3381 (The GDM daemon in GNOME Display Manager (GDM) before 2.14.13, 2.16.x b ...)
	- gdm 2.18.4-1 (low)
	[sarge] - gdm <no-dsa> (Minor issue)
	[etch] - gdm <no-dsa> (Minor issue)
CVE-2007-3380 (The Distributed Lock Manager (DLM) in the cluster manager for Linux ke ...)
	- linux-2.6 2.6.23-1
	[etch] - linux-2.6 <not-affected> (Vulnerable code not present)
CVE-2007-3379 (Unspecified vulnerability in the kernel in Red Hat Enterprise Linux (R ...)
	- linux-2.6 <not-affected> (Red Hat-specific vulnerability)
CVE-2007-3378 (The (1) session_save_path, (2) ini_set, and (3) error_log functions in ...)
	- php4 <removed> (unimportant)
	- php5 5.2.4-1 (unimportant)
CVE-2007-3377 (Header.pm in Net::DNS before 0.60, a Perl module, (1) generates predic ...)
	{DSA-1515-1}
	- libnet-dns-perl 0.60-1 (low)
CVE-2007-3376 (Buffer overflow in Apple Safari 3.0.2 on Windows XP SP2 allows user-as ...)
	NOT-FOR-US: Apple Safari
CVE-2007-3375 (Stack-based buffer overflow in Lhaca File Archiver before 1.21 allows  ...)
	NOT-FOR-US: Lhaca
CVE-2007-3374 (Buffer overflow in cluster/cman/daemon/daemon.c in cman (redhat-cluste ...)
	- redhat-cluster <not-affected> (Just relevant in newer versions, we don't ship this file)
CVE-2007-3373 (daemon.c in cman (redhat-cluster-suite) before 20070622 does not clear ...)
	- redhat-cluster <not-affected> (Just relevant in newer versions, we don't ship this file)
CVE-2007-3389 (Wireshark before 0.99.6 allows remote attackers to cause a denial of s ...)
	- wireshark 0.99.6pre1-1
	[etch] - wireshark <not-affected> (Only affected 0.99.5)
	- ethereal <not-affected> (Vulnerable code not present)
CVE-2007-3390 (Wireshark 0.99.5 and 0.10.x up to 0.10.14, when running on certain sys ...)
	{DSA-1322-1}
	- wireshark 0.99.6pre1-1
	- ethereal <not-affected> (Vulnerable code not present)
CVE-2007-3391 (Wireshark 0.99.5 allows remote attackers to cause a denial of service  ...)
	- wireshark 0.99.6pre1-1
	[etch] - wireshark <not-affected> (Only affected 0.99.5)
	- ethereal <not-affected> (Vulnerable code not present)
CVE-2007-3392 (Wireshark before 0.99.6 allows remote attackers to cause a denial of s ...)
	{DSA-1322-1}
	- wireshark 0.99.6pre1-1
	- ethereal <not-affected> (Vulnerable code not present)
CVE-2007-3393 (Off-by-one error in the DHCP/BOOTP dissector in Wireshark before 0.99. ...)
	{DSA-1322-1}
	- wireshark 0.99.6pre1-1
	- ethereal <not-affected> (Vulnerable code not present)
CVE-2007-3372 (The Avahi daemon in Avahi before 0.6.20 allows attackers to cause a de ...)
	{DSA-1690-1}
	- avahi 0.6.20-2 (low)
	[etch] - avahi <no-dsa> (Minor issue, only affects local users)
CVE-2007-3371 (PHP remote file inclusion vulnerability in plugins/widgets/htmledit/ht ...)
	NOT-FOR-US: Powl
CVE-2007-3370 (Multiple PHP remote file inclusion vulnerabilities in Sun Board 1.00.0 ...)
	NOT-FOR-US: Sun Board
CVE-2007-3369 (Buffer overflow in the Polycom SoundPoint IP 601 SIP phone with BootRO ...)
	NOT-FOR-US: Polycom SoundPoint IP 601 SIP phone
CVE-2007-3368 (Buffer overflow in the HTTP server on the Polycom SoundPoint IP 601 SI ...)
	NOT-FOR-US: Polycom SoundPoint IP 601 SIP phone
CVE-2007-3367 (Simple CGI Wrapper (scgiwrap) in cPanel before 10.9.1, and 11.x before ...)
	NOT-FOR-US: cPanel
CVE-2007-3366 (Cross-site scripting (XSS) vulnerability in Simple CGI Wrapper (scgiwr ...)
	NOT-FOR-US: cPanel
CVE-2007-3365 (MyServer 0.8.9 and earlier does not properly handle uppercase characte ...)
	NOT-FOR-US: MyServer
CVE-2007-3364 (Cross-site scripting (XSS) vulnerability in the cgi-bin/post.mscgi sam ...)
	NOT-FOR-US: MyServer
CVE-2007-3363 (Multiple unspecified vulnerabilities in ageet AGEphone before 1.6.3 al ...)
	NOT-FOR-US: AGEphone
CVE-2007-3362 (ageet AGEphone before 1.6.2, running on Windows Mobile 5 on the HTC Hy ...)
	NOT-FOR-US: AGEphone
CVE-2007-3361 (The Nortel PC Client SIP Soft Phone 4.1 3.5.208[20051015] allows remot ...)
	NOT-FOR-US: Nortel PC Client SIP Soft Phone
CVE-2007-3360 (hook.c in BitchX 1.1-final allows remote IRC servers to execute arbitr ...)
	- ircii-pana <removed> (medium; bug #432120)
	NOTE: http://bugs.debian.org/cgi-bin/bugreport.cgi?msg=10;filename=bitchx_CVE-2007-3360.patch;att=1;bug=432120
CVE-2007-3359 (Multiple PHP remote file inclusion vulnerabilities in SerWeb 0.9.6 and ...)
	NOT-FOR-US: SerWeb
CVE-2007-3358 (PHP remote file inclusion vulnerability in html/load_lang.php in SerWe ...)
	NOT-FOR-US: SerWeb
CVE-2007-3357 (NetClassifieds Premium Edition does not use encryption for (1) stored  ...)
	NOT-FOR-US: NetClassifieds Premium Edition
CVE-2007-3356 (NetClassifieds Premium Edition allows remote attackers to obtain sensi ...)
	NOT-FOR-US: NetClassifieds Premium Edition
CVE-2007-3355 (Multiple cross-site scripting (XSS) vulnerabilities in NetClassifieds  ...)
	NOT-FOR-US: NetClassifieds Premium Edition
CVE-2007-3354 (Multiple SQL injection vulnerabilities in NetClassifieds Premium Editi ...)
	NOT-FOR-US: NetClassifieds Premium Edition
CVE-2007-3353
	NOT-FOR-US: MyEvent
CVE-2007-3352 (Cross-site scripting (XSS) vulnerability in the preview form in Stephe ...)
	NOT-FOR-US: Stephen Ostermiller Contact Form
CVE-2007-3351 (The SJPhone SIP soft phone 1.60.303c, when installed on the Dell Axim  ...)
	NOT-FOR-US: SJPhone SIP
CVE-2007-3350 (AOL Instant Messenger (AIM) 6.1.32.1 on Windows XP allows remote attac ...)
	NOT-FOR-US: AIM
CVE-2007-3349 (The Aastra 9112i SIP Phone with firmware 1.4.0.1048 and boot version 1 ...)
	NOT-FOR-US: Aastra 9112i SIP Phone
CVE-2007-3348 (The D-Link DPH-540/DPH-541 phone allows remote attackers to cause a de ...)
	NOT-FOR-US: D-Link DPH-540/DPH-541 phone
CVE-2007-3347 (The D-Link DPH-540/DPH-541 phone accepts SIP INVITE messages that are  ...)
	NOT-FOR-US: D-Link DPH-540/DPH-541 phone
CVE-2007-3346 (Directory traversal vulnerability in index.php in PHPAccounts 0.5 allo ...)
	NOT-FOR-US: PHPAccounts
CVE-2007-3345 (Multiple SQL injection vulnerabilities in index.php in PHPAccounts 0.5 ...)
	NOT-FOR-US: PHPAccounts
CVE-2007-3344 (Multiple cross-site scripting (XSS) vulnerabilities in netjukebox 4.01 ...)
	NOT-FOR-US: netjukebox
CVE-2007-3343 (Cross-site scripting (XSS) vulnerability in RaidenHTTPD before 2.0.14  ...)
	NOT-FOR-US: RaidenHTTPD
CVE-2007-3342 (Multiple cross-site scripting (XSS) vulnerabilities in Movable Type (M ...)
	NOT-FOR-US: Movable Type
CVE-2007-3341 (Unspecified vulnerability in the FTP implementation in Microsoft Inter ...)
	NOT-FOR-US: Microsoft
CVE-2007-3340 (BugHunter HTTP SERVER (httpsv.exe) 1.6.2 allows remote attackers to ca ...)
	NOT-FOR-US: HTTP Server 1.6.2
CVE-2007-3339 (Multiple cross-site scripting (XSS) vulnerabilities in forum/include/e ...)
	NOT-FOR-US: ColdFusion
CVE-2007-3338 (Multiple stack-based buffer overflows in Ingres database server 2006 9 ...)
	NOT-FOR-US: Ingres
CVE-2007-3337 (wakeup in Ingres database server 2006 9.0.4, r3, 2.6, and 2.5, as used ...)
	NOT-FOR-US: Ingres
CVE-2007-3336 (Multiple "pointer overwrite" vulnerabilities in Ingres database server ...)
	NOT-FOR-US: Ingres
CVE-2007-3335 (Multiple SQL injection vulnerabilities in the admin panel in PHPEcho C ...)
	NOT-FOR-US: PHPEcho CMS
CVE-2007-3334 (Multiple heap-based buffer overflows in the (1) Communications Server  ...)
	NOT-FOR-US: Ingres
CVE-2007-3333 (Stack-based buffer overflow in capture in IBM AIX 5.3 SP6 and 5.2.0 al ...)
	NOT-FOR-US: IBM AIX
CVE-2007-3332 (Directory traversal vulnerability in Satellite.php in Satel Lite for P ...)
	NOT-FOR-US: Satel Lite for PhpNuke
CVE-2007-3331 (Cross-site request forgery (CSRF) vulnerability in STphp EasyNews PRO  ...)
	NOT-FOR-US: STphp EasyNews PRO
CVE-2007-3330 (Cross-site scripting (XSS) vulnerability in STphp EasyNews PRO 4.0 all ...)
	NOT-FOR-US: STphp EasyNews PRO
CVE-2007-3329 (Multiple array index errors in the (1) get_intra_block, (2) get_inter_ ...)
	NOT-FOR-US: Xvid
CVE-2007-3328 (Multiple cross-site scripting (XSS) vulnerabilities in Interact 2.4 be ...)
	NOT-FOR-US: Interact
CVE-2007-3327 (httpsv.exe in HTTP Server 1.6.2 allows remote attackers to obtain sens ...)
	NOT-FOR-US: HTTP Server 1.6.2
CVE-2007-3326 (Multiple directory traversal vulnerabilities in vBulletin 3.x.x allow  ...)
	NOT-FOR-US: vBulletin
CVE-2007-3325 (PHP remote file inclusion vulnerability in lib/language.php in LAN Man ...)
	NOT-FOR-US: LAN Management System
CVE-2007-3324 (Multiple cross-site scripting (XSS) vulnerabilities in Comersus Cart 7 ...)
	NOT-FOR-US: Comersus Cart
CVE-2007-3323 (SQL injection vulnerability in comersus_optReviewReadExec.asp in Comer ...)
	NOT-FOR-US: Comersus Shop Cart
CVE-2007-4168
	REJECTED
CVE-2007-3322 (The Avaya 4602 SW IP Phone (Model 4602D02A) with 2.2.2 and earlier SIP ...)
	NOT-FOR-US: Avaya IP Phone
CVE-2007-3321 (The Avaya 4602 SW IP Phone (Model 4602D02A) with 2.2.2 and earlier SIP ...)
	NOT-FOR-US: Avaya IP Phone
CVE-2007-3320 (The Avaya 4602SW IP Phone (Model 4602D02A) with 2.2.2 and earlier SIP  ...)
	NOT-FOR-US: Avaya IP Phone
CVE-2007-3319 (The Avaya 4602SW IP Phone (Model 4602D02A) with 2.2.2 and earlier SIP  ...)
	NOT-FOR-US: Avaya IP Phone
CVE-2007-3318 (Buffer overflow in the Session Initiation Protocol (SIP) User Access C ...)
	NOT-FOR-US: Avaya one-X Desktop Edition
CVE-2007-3317 (The Session Initiation Protocol (SIP) User Access Client (UAC) message ...)
	NOT-FOR-US: Avaya one-X Desktop Edition
CVE-2007-3316 (Multiple format string vulnerabilities in plugins in VideoLAN VLC Medi ...)
	{DSA-1332-1}
	- vlc 0.8.6.c-1 (medium; bug #429726)
CVE-2007-3315 (Multiple PHP remote file inclusion vulnerabilities in YourFreeScreamer ...)
	NOT-FOR-US: YourFreeScreamer
CVE-2007-3314 (Stack-based buffer overflow in peviewer.spl in Altap Servant Salamande ...)
	NOT-FOR-US: Altap Servant Salamander
CVE-2007-3313 (Multiple SQL injection vulnerabilities in Jasmine CMS 1.0 allow remote ...)
	NOT-FOR-US: Jasmine CMS
CVE-2007-3312 (Directory traversal vulnerability in admin/plugin_manager.php in Jasmi ...)
	NOT-FOR-US: Jasmine CMS
CVE-2007-3311 (SQL injection vulnerability in print.php in the Articles 1.02 and earl ...)
	NOT-FOR-US: Articles
CVE-2007-3310 (Cross-site scripting (XSS) vulnerability in arama.asp in TDizin allows ...)
	NOT-FOR-US: TDizin
CVE-2007-3309 (Unspecified vulnerability in Simple Machines Forum (SMF) 1.1.2 allows  ...)
	NOT-FOR-US: Simple Machines Forum
CVE-2007-3308 (Simple Machines Forum (SMF) 1.1.2 uses a concatenation method with ins ...)
	NOT-FOR-US: Simple Machines Forum
CVE-2007-3307 (SQL injection vulnerability in game_listing.php in Solar Empire 2.9.1. ...)
	NOT-FOR-US: Solar Empire
CVE-2007-3306 (PHP remote file inclusion vulnerability in crontab/run_billing.php in  ...)
	NOT-FOR-US: MiniBill
CVE-2007-3305 (Heap-based buffer overflow in Cerulean Studios Trillian 3.x before 3.1 ...)
	NOT-FOR-US: Cerulean Studios Trillian
CVE-2007-3304 (Apache httpd 1.3.37, 2.0.59, and 2.2.4 with the Prefork MPM module, al ...)
	- apache <removed> (low)
	- apache2 2.2.4-2 (low)
	[etch] - apache2 2.2.3-4+etch2
	[sarge] - apache2 2.0.54-5sarge2 (low)
	[etch] - apache 1.3.34-4.1+etch1
CVE-2007-3303 (Apache httpd 2.0.59 and 2.2.4, with the Prefork MPM module, allows loc ...)
	- apache2 <unfixed> (unimportant)
	NOTE: If you can execute arbitrary code, a DoS is not a problem.
CVE-2007-3302 (The CallCode ActiveX control in caller.dll 3.0 before 20070713, and 3. ...)
	NOT-FOR-US: CA
CVE-2007-3301 (SQL injection vulnerability in forum/include/error/autherror.cfm in Fu ...)
	NOT-FOR-US: FuseTalk
CVE-2007-3300 (Multiple F-Secure anti-virus products for Microsoft Windows and Linux  ...)
	NOT-FOR-US: F-Secure
CVE-2007-3299 (Cross-site scripting (XSS) vulnerability in AWFFull before 3.7.4, when ...)
	- awffull 3.7.4final-1 (unimportant)
	NOTE: awffull (a webalizer fork) does not have any cookie based authentication
	NOTE: or other sensitive data that could be leaked through this
CVE-2007-3298 (SQL injection vulnerability in Spey before 0.4.1 allows remote attacke ...)
	NOT-FOR-US: Spey
CVE-2007-3297 (Multiple PHP remote file inclusion vulnerabilities in Musoo 0.21 allow ...)
	NOT-FOR-US: Musoo
CVE-2007-3296 (The ThunderServer.webThunder.1 ActiveX control in xunlei Web Thunderbo ...)
	NOT-FOR-US: Web Thunderbolt
CVE-2007-3295 (Directory traversal vulnerability in Yet another Bulletin Board (YaBB) ...)
	NOT-FOR-US: YaBB
CVE-2007-3294 (Multiple buffer overflows in libtidy, as used in the Tidy extension fo ...)
	- php5 <removed> (unimportant)
	NOTE: Only exploitable by malicious script
CVE-2007-3293 (SQL injection vulnerability in categoria.php in LiveCMS 3.4 and earlie ...)
	NOT-FOR-US: LiveCMS
CVE-2007-3292 (Unrestricted file upload vulnerability in LiveCMS 3.4 and earlier allo ...)
	NOT-FOR-US: LiveCMS
CVE-2007-3291 (Cross-site scripting (XSS) vulnerability in LiveCMS 3.4 and earlier al ...)
	NOT-FOR-US: LiveCMS
CVE-2007-3290 (categoria.php in LiveCMS 3.4 and earlier allows remote attackers to ob ...)
	NOT-FOR-US: LiveCMS
CVE-2007-3289 (PHP remote file inclusion vulnerability in spaw/spaw_control.class.php ...)
	NOT-FOR-US: WiwiMod for XOOPS
CVE-2007-3288 (Cross-site scripting (XSS) vulnerability in the skeltoac stats (Automa ...)
	NOT-FOR-US: skeltoac stats plugin for WordPress
CVE-2007-3287
	RESERVED
CVE-2007-3286 (Multiple buffer overflows in unspecified ActiveX controls in COM objec ...)
	NOT-FOR-US: Avaya IP Softphone
CVE-2007-3285 (Mozilla Firefox before 2.0.0.5, when run on Windows, allows remote att ...)
	- iceweasel <not-affected> (Affects only Firefox in Windows)
	NOTE: MFSA2007-22
CVE-2007-3284 (corefoundation.dll in Apple Safari 3.0.1 (552.12.2) for Windows allows ...)
	NOT-FOR-US: Apple Safari
CVE-2007-3283 (GNOME XScreenSaver in Sun Solaris 8 and 9 before 20070417, when root i ...)
	- xscreensaver <not-affected> (Not a security issue: works as documented)
CVE-2007-3282 (Buffer overflow in the Microsoft Office MSODataSourceControl ActiveX o ...)
	NOT-FOR-US: Microsoft Office
CVE-2007-3281 (Cross-site scripting (XSS) vulnerability in index.php in Php Hosting B ...)
	NOT-FOR-US: Php Hosting Biller
CVE-2007-3280 (The Database Link library (dblink) in PostgreSQL 8.1 implements functi ...)
	- postgresql-8.1 <not-affected> (Neither PL/pgsql nor dblink are enabled by default)
	- postgresql-8.2 <not-affected> (Neither PL/pgsql nor dblink are enabled by default)
CVE-2007-3279 (PostgreSQL 8.1 and probably later versions, when the PL/pgSQL (plpgsql ...)
	- postgresql-8.1 <not-affected> (Neither PL/pgsql nor dblink are enabled by default)
	- postgresql-8.2 <not-affected> (Neither PL/pgsql nor dblink are enabled by default)
CVE-2007-3278 (PostgreSQL 8.1 and probably later versions, when local trust authentic ...)
	{DSA-1463-1 DSA-1460-1}
	- postgresql-8.1 <not-affected> (local trust authentication is not enabled in Debian)
	- postgresql-8.2 <not-affected> (local trust authentication is not enabled in Debian)
CVE-2007-3277 (Unspecified vulnerability in the localization before 1.2 module for WI ...)
	NOT-FOR-US: localization module for WIKINDX
CVE-2007-3276 (Cross-site scripting (XSS) vulnerability in index.php in Site@School ( ...)
	NOT-FOR-US: Site
CVE-2007-3275 (MailWasher Server before 2.2.1, when used with LDAP or Active Director ...)
	NOT-FOR-US: MailWasher Server
CVE-2007-3274 (Apple Safari 3.0 and 3.0.1 on Windows XP SP2 allows attackers to cause ...)
	NOT-FOR-US: Apple Safari
CVE-2007-3273 (SQL injection vulnerability in index.cfm in FuseTalk 2.0 allows remote ...)
	NOT-FOR-US: FuseTalk
CVE-2007-3272 (Directory traversal vulnerability in index.php in MiniBB 2.0.5 allows  ...)
	NOT-FOR-US: MiniBB
CVE-2007-3271 (PHP remote file inclusion vulnerability in templates/2blue/bodyTemplat ...)
	NOT-FOR-US: YourFreeScreamer
CVE-2007-3270 (PHP remote file inclusion vulnerability in Includes/global.inc.php in  ...)
	NOT-FOR-US: phpMyInventory
CVE-2007-3269 (Multiple cross-site scripting (XSS) vulnerabilities in Papoo Light 3.6 ...)
	NOT-FOR-US: Papoo Light
CVE-2007-3268 (The TFTP implementation in IBM Tivoli Provisioning Manager for OS Depl ...)
	NOT-FOR-US: IBM Tivoli Provisioning Manager
CVE-2007-3267 (Cross-site scripting (XSS) vulnerability in low.php in Fuzzylime Forum ...)
	NOT-FOR-US: Fuzzylime Forum
CVE-2007-3266 (Directory traversal vulnerability in webif.cgi in ifnet WEBIF allows r ...)
	NOT-FOR-US: WEBIF
CVE-2007-3265 (Cross-site scripting (XSS) vulnerability in the Samples component in I ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2007-3264 (Unspecified vulnerability in the PD tools component in IBM WebSphere A ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2007-3263 (Unspecified vulnerability in the Default Messaging Component in IBM We ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2007-3262 (Unspecified vulnerability in the Default Messaging Component in IBM We ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2007-3261 (Cross-site scripting (XSS) vulnerability in widgets/widget_search.php  ...)
	NOT-FOR-US: dKret
CVE-2007-3260 (HP System Management Homepage (SMH) before 2.1.9 for Linux, when used  ...)
	NOT-FOR-US: HP System Management Homepage
CVE-2007-3259 (Calendarix 0.7.20070307 allows remote attackers to obtain sensitive in ...)
	NOT-FOR-US: Calendarix
CVE-2007-3258 (calendar.php in Calendarix 0.7.20070307 allows remote attackers to obt ...)
	NOT-FOR-US: Calendarix
CVE-2007-3257 (Camel (camel-imap-folder.c) in the mailer component for Evolution Data ...)
	{DSA-1325-1 DSA-1321-1}
	- evolution 2.12.0-1
	- evolution-data-server 1.10.2-2 (bug #429876)
	[sarge] - evolution-data-server <not-affected> (Vulnerable code present in a different source package)
CVE-2007-3256 (Xythos Enterprise Document Manager (XEDM), Digital Locker (XDL), and p ...)
	NOT-FOR-US: Xythos Enterprise Document Manager
CVE-2007-3255 (Multiple cross-site request forgery (CSRF) vulnerabilities in Xythos E ...)
	NOT-FOR-US: Xythos Enterprise Document Manager
CVE-2007-3254 (Multiple cross-site scripting (XSS) vulnerabilities in Xythos Enterpri ...)
	NOT-FOR-US: Xythos Enterprise Document Manager
CVE-2007-3253 (Multiple unspecified vulnerabilities in Astaro Security Gateway (ASG)  ...)
	NOT-FOR-US: Astaro Security Gateway
CVE-2007-3252 (PortalApp stores sensitive information under the web root with insuffi ...)
	NOT-FOR-US: PortalApp
CVE-2007-3251 (Multiple directory traversal vulnerabilities in e-Vision CMS 2.02 and  ...)
	NOT-FOR-US: e-Vision CMS
CVE-2007-3250 (SQL injection vulnerability in mod_banners.php in Elxis CMS before 200 ...)
	NOT-FOR-US: Elxis CMS
CVE-2007-3249 (Cross-site scripting (XSS) vulnerability in mod_lettermansubscribe.php ...)
	NOT-FOR-US: Letterman Subscriber
CVE-2007-3248 (Unspecified vulnerability in Sun Solaris 10 before 20070614, when IPv6 ...)
	NOT-FOR-US: Sun Solaris
CVE-2007-3247 (SQL injection vulnerability in VirtueMart before 1.0.11 allows remote  ...)
	NOT-FOR-US: VirtueMart
CVE-2007-3246 (The do_set_password function in modules/chanserv/set.c in IRC Services ...)
	NOT-FOR-US: IRC Services
CVE-2007-3245 (IRC Services before 5.0.62, and 5.1 before 5.1pre3, allows remote atta ...)
	NOT-FOR-US: IRC Services
CVE-2007-3244 (SQL injection vulnerability in bb-includes/formatting-functions.php in ...)
	NOT-FOR-US: bbPress
CVE-2007-3243 (Cross-site scripting (XSS) vulnerability in bb-login.php in bbPress 0. ...)
	NOT-FOR-US: bbPress
CVE-2007-3242 (The Menu Manager Mod for (1) web-app.net WebAPP (aka WebAPP NE) 0.9.9. ...)
	NOT-FOR-US: WebAPP
CVE-2007-3241 (Cross-site scripting (XSS) vulnerability in blogroll.php in the cordob ...)
	NOT-FOR-US: cordobo-green-park theme for WordPress
CVE-2007-3240 (Cross-site scripting (XSS) vulnerability in 404.php in the Vistered-Li ...)
	NOT-FOR-US: Vistered-Little theme for WordPress
CVE-2007-3239 (Cross-site scripting (XSS) vulnerability in searchform.php in the Andy ...)
	NOT-FOR-US: AndyBlue theme for WordPress
CVE-2007-3238 (Cross-site scripting (XSS) vulnerability in functions.php in the defau ...)
	{DSA-1502-1}
	- wordpress 2.2.2-1 (low)
CVE-2007-3237 (PHP remote file inclusion vulnerability in admin/spaw/spaw_control.cla ...)
	NOT-FOR-US: XOOPS
CVE-2007-3236 (PHP remote file inclusion vulnerability in footer.php in the Horoscope ...)
	NOT-FOR-US: XOOPS
CVE-2007-3235 (Cross-site scripting (XSS) vulnerability in low.php in Fuzzylime Forum ...)
	NOT-FOR-US: Fuzzylime Forum
CVE-2007-3234 (SQL injection vulnerability in low.php in Fuzzylime Forum 1.0 allows r ...)
	NOT-FOR-US: Fuzzylime Forum
CVE-2007-3233 (The TEC-IT TBarCode OCX ActiveX control (TBarCode7.ocx) 7.0.2.3524 all ...)
	NOT-FOR-US: TEC-IT
CVE-2007-3232 (The IBM TotalStorage DS400 with firmware 4.15 uses a blank password fo ...)
	NOT-FOR-US: IBM
CVE-2007-3231 (Buffer overflow in MeCab before 0.96 has unknown impact and attack vec ...)
	- mecab 0.95-1.1 (bug #429174; low)
	[etch] - mecab <no-dsa> (Minor issue)
	[sarge] - mecab <no-dsa> (Minor issue)
CVE-2007-3230 (PHP remote file inclusion vulnerability in phphtml.php in Idan Sofer P ...)
	NOT-FOR-US: PHP::HTML
CVE-2007-3229 (index.php in Singapore Gallery allows remote attackers to obtain sensi ...)
	NOT-FOR-US: Singapore Gallery
CVE-2007-3228 (PHP remote file inclusion vulnerability in saf/lib/PEAR/PhpDocumentor/ ...)
	NOT-FOR-US: Sitellite CMS
CVE-2007-3227 (Cross-site scripting (XSS) vulnerability in the to_json (ActiveRecord: ...)
	- rails 1.2.5-1 (bug #429177)
CVE-2007-3226 (Cross-site scripting (XSS) vulnerability in dotProject before 2.1 RC2  ...)
	NOT-FOR-US: dotProject
CVE-2007-3225 (Unspecified vulnerability in Sun Java System Directory Server (slapd)  ...)
	NOT-FOR-US: Sun Java System Directory Server
CVE-2007-3224 (Unspecified vulnerability in Sun ONE/Java System Directory Server (sla ...)
	NOT-FOR-US: Sun Java System Directory Server
CVE-2007-3223 (Unspecified vulnerability in the NFS server in Sun Solaris 10 before 2 ...)
	NOT-FOR-US: Sun Solaris
CVE-2007-3222 (PHP remote file inclusion vulnerability in modify.php in the XFsection ...)
	NOT-FOR-US: XOOPS
CVE-2007-3221 (PHP remote file inclusion vulnerability in admin/spaw/spaw_control.cla ...)
	NOT-FOR-US: XOOPS
CVE-2007-3220 (PHP remote file inclusion vulnerability in admin/editor2/spaw_control. ...)
	NOT-FOR-US: XOOPS
CVE-2007-3219 (Unspecified vulnerability in sources/action_public/xmlout.php in Invis ...)
	NOT-FOR-US: Invision Power Board (IPB)
CVE-2007-3218 (Cross-site scripting (XSS) vulnerability in request.php in PHP Live! 3 ...)
	NOT-FOR-US: PHP Live!
CVE-2007-3217 (Multiple PHP remote file inclusion vulnerabilities in Prototype of an  ...)
	NOT-FOR-US: Prototype of an PHP application
CVE-2007-3216 (Multiple buffer overflows in the LGServer component of CA (Computer As ...)
	NOT-FOR-US: CA BrightStor products
CVE-2007-3215 (PHPMailer 1.7, when configured to use sendmail, allows remote attacker ...)
	{DSA-1315-1}
	- libphp-phpmailer 1.73-4 (high; bug #429179)
	- flyspray 0.9.8-12 (bug #429191; bug #429195)
	[etch] - flyspray <not-affected> (Vulnerable code not)
	[sarge] - flyspray <not-affected> (Vulnerable code not included)
	- moodle 1.8.2-2 (bug #429190)
	- owl-dms 0.94-2 (bug #429197)
	- knowledgeroot 0.9.8.2-2 (bug #429196)
	[etch] - knowledgeroot <not-affected> (Vulnerable code not used)
	[etch] - owl-dms <not-affected> (Vulnerable code not used)
	- ipplan 4.85-2 (bug #429193)
	- glpi 0.68.3.2-1 (bug #429192)
	[etch] - glpi <not-affected> (Vulnerable code not used)
	- wordpress 2.2.1-1 (bug #429194)
	[etch] - wordpress <not-affected> (Vulnerable code not present)
	- mahara 1.0.5-2 (bug #504253)
	[lenny] - mahara 1.0.4-3
	[etch] - phpgroupware <not-affected> (bug #504255; Vulnerable code not used)
	- phpgroupware 0.9.16.012+dfsg-9 (medium; bug #504255)
	- egroupware <not-affected> (bug #504283; Vulnerable code not used)
CVE-2007-3214 (SQL injection vulnerability in style.php in e-Vision CMS 2.02 and earl ...)
	NOT-FOR-US: e-Vision CMS
CVE-2007-3213 (Multiple cross-site scripting (XSS) vulnerabilities in comments.cgi in ...)
	NOT-FOR-US: Sporum Forum
CVE-2007-3212 (Multiple cross-site scripting (XSS) vulnerabilities in links.php in Be ...)
	NOT-FOR-US: Beehive Forum
CVE-2007-3211 (Cross-site scripting (XSS) vulnerability in 404.php in Domain Technolo ...)
	NOT-FOR-US: Domain Technologie Control (DTC)
CVE-2007-3210 (Stack-based buffer overflow in nptoken.mox in the Cellosoft Tokens Obj ...)
	NOT-FOR-US: Cellosoft Tokens Object
CVE-2007-3209 (Mail Notification 4.0, when WITH_SSL is set to 0 at compile time, uses ...)
	- mail-notification 4.0.dfsg.1-2 (low; bug #428157)
	[sarge] - mail-notification <not-affected> (Only affects 3.x and 4.x)
	[etch] - mail-notification <no-dsa> (Minor issue, needs proper documentation in errata)
CVE-2007-3208 (CRLF injection vulnerability in Yet another Bulletin Board (YaBB) 2.1  ...)
	NOT-FOR-US: YaBB
CVE-2007-3207 (Buffer overflow in the NFS mount daemon (XNFS.NLM) in Novell NetWare 6 ...)
	NOT-FOR-US: Novell NetWare
CVE-2007-3206
	RESERVED
CVE-2007-3205 (The parse_str function in (1) PHP, (2) Hardened-PHP, and (3) Suhosin,  ...)
	- php4 <removed> (unimportant)
	- php5 <removed> (unimportant)
	NOTE: That's by design
CVE-2007-3204 (SQL injection vulnerability in auth.php in Just For Fun Network Manage ...)
	NOTE: This is an jffnms ID, which has been wrongly reported by an external party,
	NOTE: The data is sufficiently sanitised with the Debian fix for CVE-2007-3192
CVE-2007-3203 (Stack-based buffer overflow in smtpdll.dll in the SMTP service in 602P ...)
	NOT-FOR-US: 602Pro LAN SUITE
CVE-2007-3202 (Cross-site scripting (XSS) vulnerability in the rich text editor in We ...)
	NOT-FOR-US: Webwiz
CVE-2007-3201 (Visual truncation vulnerability in Windows Privacy Tray (WinPT) 1.2.0  ...)
	NOT-FOR-US: Windows Privacy Tray (WinPT)
CVE-2007-3200 (NMASINST in Novell Modular Authentication Service (NMAS) 3.1.2 and ear ...)
	NOT-FOR-US: Novell
CVE-2007-3199 (Unrestricted file upload vulnerability in Link Request Contact Form 3. ...)
	NOT-FOR-US: Link Request Contact Form
CVE-2007-3198 (Cross-site scripting (XSS) vulnerability in comments.php in Maran PHP  ...)
	NOT-FOR-US: Maran PHP Blog
CVE-2007-3197 (SQL injection vulnerability in vBSupport.php in vBSupport 1.1 before 1 ...)
	NOT-FOR-US: vBulletin
CVE-2007-3196 (SQL injection vulnerability in vBSupport.php in vSupport Integrated Ti ...)
	NOT-FOR-US: VBulletin
CVE-2007-3195 (Cross-site scripting (XSS) vulnerability in index.php in ERFAN WIKI 1. ...)
	NOT-FOR-US: ERFAN WIKI
CVE-2007-3194
	NOT-FOR-US: myBloggie
CVE-2007-3193 (lib/WikiUser/LDAP.php in PhpWiki before 1.3.13p1, when the configurati ...)
	{DSA-1371-1}
	- phpwiki 1.3.12p3-6.1 (low; bug #429201)
CVE-2007-3192 (admin/setup.php in Just For Fun Network Management System (JFFNMS) 0.8 ...)
	{DSA-1374-1}
	- jffnms 0.8.3dfsg.1-4 (medium)
	NOTE: 20_security.dpatch is addressing this bug however the maintainer didn't include
	NOTE: a note about the CVE id.
CVE-2007-3191 (Just For Fun Network Management System (JFFNMS) 0.8.3 allows remote at ...)
	{DSA-1374-1}
	- jffnms 0.8.3dfsg.1-4
CVE-2007-3190 (Multiple SQL injection vulnerabilities in auth.php in Just For Fun Net ...)
	{DSA-1374-1}
	- jffnms 0.8.3dfsg.1-4
CVE-2007-3189 (Cross-site scripting (XSS) vulnerability in auth.php in Just For Fun N ...)
	{DSA-1374-1}
	- jffnms 0.8.3dfsg.1-4
CVE-2007-3188 (SQL injection vulnerability in down_indir.asp in Fullaspsite GeometriX ...)
	NOT-FOR-US: Fullaspsite GeometriX Download Portal
CVE-2007-3187 (Multiple unspecified vulnerabilities in Apple Safari for Windows allow ...)
	NOT-FOR-US: Apple
CVE-2007-3186 (Apple Safari Beta 3.0.1 for Windows allows remote attackers to execute ...)
	NOT-FOR-US: Apple
CVE-2007-3185 (Apple Safari Beta 3.0.1 for Windows public beta allows remote attacker ...)
	NOT-FOR-US: Apple
CVE-2007-3184 (Cisco Trust Agent (CTA) before 2.1.104.0, when running on MacOS X, all ...)
	NOT-FOR-US: Cisco
CVE-2007-3183 (Multiple SQL injection vulnerabilities in Calendarix 0.7.20070307, whe ...)
	NOT-FOR-US: Calendarix
CVE-2007-3182 (Multiple cross-site scripting (XSS) vulnerabilities in Calendarix 0.7. ...)
	NOT-FOR-US: Calendarix
CVE-2007-3181 (Buffer overflow in fbserver.exe in Firebird SQL 2 before 2.0.1 allows  ...)
	{DSA-1529-1}
	- firebird2.0 2.0.3.12981.ds1-1 (medium)
	[etch] - firebird2 <no-dsa> (Fixed packages have been released through backports.org, see #1529)
	[sarge] - firebird2 <unfixed> (medium)
	NOTE: maybe fixed prior to 2.0.3.12981.ds1-1 (2.0.1) but couldn't find any earlier source code
	NOTE: in the pool to check and since this version is in testing and unstable...
CVE-2007-3180 (Buffer overflow in Help and Support Center before 4.4 C on HP Windows  ...)
	NOT-FOR-US: HP
CVE-2007-3179 (Multiple SQL injection vulnerabilities in archives.php in Particle Blo ...)
	NOT-FOR-US: Particle Blogger
CVE-2007-3178 (Multiple SQL injection vulnerabilities in Zindizayn Okul Web Sistemi 1 ...)
	NOT-FOR-US: Sistemi
CVE-2007-3177 (Ingate Firewall and SIParator before 4.5.2 allow remote attackers to b ...)
	NOT-FOR-US: Ingate Firewall / SIParator
CVE-2007-3176 (Unspecified vulnerability in Ingate Firewall and SIParator before 4.5. ...)
	NOT-FOR-US: Ingate Firewall / SIParator
CVE-2007-3175 (Multiple SQL injection vulnerabilities in W2B Online Banking allow rem ...)
	NOT-FOR-US: W2B Online Banking
CVE-2007-3174 (Cross-site scripting (XSS) vulnerability in auth.w2b in W2B Online Ban ...)
	NOT-FOR-US: W2B Online Banking
CVE-2007-3173 (Almnzm allows remote attackers to obtain sensitive information via an  ...)
	NOT-FOR-US: Almnzm
CVE-2007-3172 (Directory traversal vulnerability in demo/pop3/error.php in Uebimiau W ...)
	NOT-FOR-US: UebiMiau
CVE-2007-3171 (Uebimiau Webmail allows remote attackers to obtain sensitive informati ...)
	NOT-FOR-US: UebiMiau
CVE-2007-3170 (Multiple cross-site scripting (XSS) vulnerabilities in Uebimiau Webmai ...)
	NOT-FOR-US: Uebimiau
CVE-2007-3169 (Buffer overflow in a certain ActiveX control in the EDraw Office Viewe ...)
	NOT-FOR-US: EDraw Office Viewer Component
CVE-2007-3168 (A certain ActiveX control in the EDraw Office Viewer Component (edrawo ...)
	NOT-FOR-US: EDraw Office Viewer Component
CVE-2007-3167 (Stack-based buffer overflow in the Vivotek Motion Jpeg ActiveX control ...)
	NOT-FOR-US: Vivotek
CVE-2007-3166 (Buffer overflow in Qualcomm Eudora 7.1.0.9 allows user-assisted, remot ...)
	NOT-FOR-US: Qualcomm Eudora
CVE-2007-3165 (Tor before 0.1.2.14 can construct circuits in which an entry guard is  ...)
	- tor 0.1.2.14-1 (medium)
CVE-2007-3164 (Microsoft Internet Explorer 7, when prompting for HTTP Basic Authentic ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2007-3163 (Incomplete blacklist vulnerability in the filemanager in Frederico Cal ...)
	- moin 1.5.8-4.1 (unimportant; bug #429205)
	- knowledgeroot 0.9.8.2-2 (unimportant; bug #429204)
	- karrigell <removed> (unimportant; bug #429207)
	NOTE: This is only exploitable on NTFS filesystems
	NOTE: Given the state of Linux' NTFS support it seems highly unlikely
	NOTE: and given the state of ext3/XFS highly stupid to run a Debian-based
	NOTE: web server with NTFS
CVE-2007-3162 (Buffer overflow in the NotSafe function in the idaiehlp ActiveX contro ...)
	NOT-FOR-US: Internet Download Accelerator
CVE-2007-3161 (Buffer overflow in Ace-FTP Client 1.24a allows user-assisted, remote F ...)
	NOT-FOR-US: Ace-FTP Client
CVE-2007-3160 (PHP remote file inclusion vulnerability in admin/header.php in PHP Rea ...)
	NOT-FOR-US: PHP Real Estate Classifieds Premium Plus
CVE-2007-3159 (http.c in MiniWeb Http Server 0.8.x allows remote attackers to cause a ...)
	NOT-FOR-US: MiniWeb
CVE-2007-3158 (download_script.asp in ASP Folder Gallery allows remote attackers to r ...)
	NOT-FOR-US: ASP Folder Gallery
CVE-2007-3157 (IPSecDrv.sys 10.4.0.12 in SafeNET High Assurance Remote 1.4.0 Build 12 ...)
	NOT-FOR-US: SafeNET
CVE-2007-3156 (Multiple cross-site scripting (XSS) vulnerabilities in pam_login.cgi i ...)
	- webmin <removed>
CVE-2007-3155 (Unspecified vulnerability in eGroupWare before 1.2.107-2 has unknown i ...)
	- egroupware 1.2.107-2.dfsg-1 (bug #429208)
CVE-2007-3154 (Unspecified vulnerability in Walter Zorn wz_tooltip.js (aka wz_tooltip ...)
	NOTE: Apparently a bogus issue; upstream developer of wz_tooltip.js isn't aware
	NOTE: of any security problem, see #429215, #429209, #429214, #429213
CVE-2007-3153 (The ares_init:randomize_key function in c-ares, on platforms other tha ...)
	NOT-FOR-US: c-ares
CVE-2007-3152 (c-ares before 1.4.0 uses a predictable seed for the random number gene ...)
	NOT-FOR-US: c-ares
CVE-2007-3151 (rpttop.htm in the web management interface in Packeteer PacketShaper 7 ...)
	NOT-FOR-US: Packeteer PacketShaper
CVE-2007-3150 (Google Desktop allows user-assisted remote attackers to execute arbitr ...)
	NOT-FOR-US: Google Desktop
CVE-2007-3149 (sudo, when linked with MIT Kerberos 5 (krb5), does not properly check  ...)
	- sudo <not-affected> (Not linked with krb5)
CVE-2007-3148 (Buffer overflow in the Yahoo! Webcam Viewer ActiveX control in ywcvwr. ...)
	NOT-FOR-US: Yahoo! Webcam Viewer
CVE-2007-3147 (Buffer overflow in the Yahoo! Webcam Upload ActiveX control in ywcupl. ...)
	NOT-FOR-US: Yahoo! Webcam Upload
CVE-2007-3146 (Zen Help Desk 2.1 stores sensitive information under the web root with ...)
	NOT-FOR-US: Zen Help Desk
CVE-2007-3145 (Visual truncation vulnerability in Galeon 2.0.1 allows remote attacker ...)
	- galeon <removed> (unimportant; bug #429216)
	NOTE: Hardly a problem, Galeon's rotting any way and doesn't offer up-to-date
	NOTE: phishing protections anyway
CVE-2007-3144 (Visual truncation vulnerability in Mozilla 1.7.12 allows remote attack ...)
	NOTE: Minor issue, exact details unknown to upstream
CVE-2007-3143 (Visual truncation vulnerability in Konqueror 3.5.5 allows remote attac ...)
	- kdebase 4:3.5.7-3 (low)
	[sarge] - kdebase <no-dsa> (Minor issue)
	[etch] - kdebase <no-dsa> (Minor issue)
	NOTE: referring to maintainer this is definetly fixed in 4:3.5.7-3
CVE-2007-3142 (Visual truncation vulnerability in Opera 9.21 allows remote attackers  ...)
	NOT-FOR-US: Opera
CVE-2007-3141 (PHP remote file inclusion vulnerability in core/editor.php in phpWebTh ...)
	NOT-FOR-US: phpWebThings
CVE-2007-3140 (SQL injection vulnerability in xmlrpc.php in WordPress 2.2 allows remo ...)
	- wordpress 2.2.1-1 (bug #428073)
	[etch] - wordpress <not-affected> (Doesn't affect 2.0.x branch)
CVE-2007-3139 (config/general.php in Quick.Cart 2.2 and earlier uses a default userna ...)
	NOT-FOR-US: Quick.Cart
CVE-2007-3138 (Directory traversal vulnerability in index.php in Open Solution Quick. ...)
	NOT-FOR-US: Quick.Cart
CVE-2007-3137 (Multiple cross-site scripting (XSS) vulnerabilities in 4print.asp in W ...)
	NOT-FOR-US: WmsCMS
CVE-2007-3136 (PHP remote file inclusion vulnerability in inc/nuke_include.php in new ...)
	NOT-FOR-US: newsSync
CVE-2007-3135 (Cross-site scripting (XSS) vulnerability in atomPhotoBlog.php in Atom  ...)
	NOT-FOR-US: Atom Photoblog
CVE-2007-3134 (Multiple cross-site scripting (XSS) vulnerabilities in atomPhotoBlog.p ...)
	NOT-FOR-US: Atom PhotoBlog
CVE-2007-3133 (SQL injection vulnerability in urunbak.asp in W1L3D4 WEBmarket 0.1 all ...)
	NOT-FOR-US: W1L3D4
CVE-2007-3132 (Multiple vulnerabilities in Symantec Ghost Solution Suite 2.0.0 and ea ...)
	NOT-FOR-US: Symantec Ghost
CVE-2007-3131 (Cross-site scripting (XSS) vulnerability in add_comment.php in Light B ...)
	NOT-FOR-US: Light Blog
CVE-2007-3130 (Multiple PHP remote file inclusion vulnerabilities in the OpenWiki (fo ...)
	NOT-FOR-US: OpenWiki
CVE-2007-3129 (Cross-site scripting (XSS) vulnerability in login.php in Utopia News P ...)
	NOT-FOR-US: Utopia News Pro
CVE-2007-3128 (SQL injection vulnerability in content.php in WSPortal 1.0, when magic ...)
	NOT-FOR-US: WSPortal
CVE-2007-3127 (content.php in WSPortal 1.0, when magic_quotes_gpc is disabled, allows ...)
	NOT-FOR-US: WSPortal
CVE-2007-3126 (Gimp before 2.8.22 allows context-dependent attackers to cause a denia ...)
	- gimp 2.8.22-1 (unimportant; bug #885382)
	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=773233
	NOTE: https://git.gnome.org/browse/gimp/commit/?id=46bcd82800e37b0f5aead76184430ef2fe802748 (master)
	NOTE: https://git.gnome.org/browse/gimp/commit/?id=323ecb73f7bf36788fb7066eb2d6678830cd5de7 (gimp-2-8)
CVE-2007-3125
	REJECTED
CVE-2007-3124 (Buffer overflow in backup/src/vmsbackup.c (aka the backup utility) in  ...)
	NOT-FOR-US: FreeVMS
CVE-2007-3123 (unrar.c in libclamav in ClamAV before 0.90.3 and 0.91 before 0.91rc1 a ...)
	{DSA-1320-1 DTSA-43-1}
	- clamav 0.90.3-1
CVE-2007-3122 (The parsing engine in ClamAV before 0.90.3 and 0.91 before 0.91rc1 all ...)
	{DSA-1320-1 DTSA-43-1}
	- clamav 0.90.3-1
CVE-2007-3121 (Buffer overflow in the CCdecode function in contrib/ntsc-cc.c in the z ...)
	- zvbi 0.2.25-1 (bug #429221; unimportant)
	NOTE: Only exploitable through malformed closed captions
	NOTE: Malicious TV networks have more subtle methods to control people...
CVE-2007-3120 (Cross-site scripting (XSS) vulnerability in public/code/cp_dpage.php i ...)
	NOT-FOR-US: All In One Control Panel (AIOCP)
CVE-2007-3119 (SQL injection vulnerability in news.asp in Kartli Alisveris Sistemi (a ...)
	NOT-FOR-US: Kartli Alisveris Sistemi
CVE-2007-3118 (Multiple PHP remote file inclusion vulnerabilities in Kravchuk letter  ...)
	NOT-FOR-US: Kravchuk letter
CVE-2007-3117 (Cross-site scripting (XSS) vulnerability in the SEO module in ADPLAN 3 ...)
	NOT-FOR-US: ADPLAN
CVE-2007-3116 (Memory leak in server/MaraDNS.c in MaraDNS 1.2.12.06 and 1.3.05 allows ...)
	{DSA-1319-1}
	- maradns 1.2.12.06-1
	[sarge] - maradns <not-affected> (1.0.x branch not affected)
CVE-2007-3115 (Multiple memory leaks in server/MaraDNS.c in MaraDNS before 1.2.12.06, ...)
	{DSA-1319-1}
	- maradns 1.2.12.06-1
	[sarge] - maradns <not-affected> (1.0.x branch not affected)
CVE-2007-3114 (Memory leak in server/MaraDNS.c in MaraDNS before 1.2.12.05, and 1.3.x ...)
	{DSA-1319-1}
	- maradns 1.2.12.05-1
	[sarge] - maradns <not-affected> (1.0.x branch not affected)
CVE-2007-3113 (Cacti 0.8.6i, and possibly other versions, allows remote authenticated ...)
	{DSA-1954-1}
	- cacti 0.8.6j-1.1 (low; bug #429224)
	[sarge] - cacti <no-dsa> (Minor issue, would only be run within authentication)
	[etch] - cacti <no-dsa> (Minor issue, would only be run within authentication)
CVE-2007-3112 (graph_image.php in Cacti 0.8.6i, and possibly other versions, allows r ...)
	{DSA-1954-1}
	- cacti 0.8.6j-1.1 (low; bug #429224)
	[sarge] - cacti <no-dsa> (Minor issue, would only be run within authentication)
	[etch] - cacti <no-dsa> (Minor issue, would only be run within authentication)
CVE-2007-3111 (Buffer overflow in the Provideo Camimage ActiveX control in ISSCamCont ...)
	NOT-FOR-US: Provideo Camimage
CVE-2007-3110 (Cross-site scripting (XSS) vulnerability in the Andy Frank Beatnik 1.0 ...)
	NOT-FOR-US: Andy Frank Beatnik
CVE-2007-3109 (The CERN Image Map Dispatcher (htimage.exe) in Microsoft FrontPage all ...)
	NOT-FOR-US: Microsoft FrontPage
CVE-2007-3108 (The BN_from_montgomery function in crypto/bn/bn_mont.c in OpenSSL 0.9. ...)
	{DSA-1571-1}
	- openssl 0.9.8e-6 (bug #438142; low)
	- openssl097 <removed> (bug #438180)
	[sarge] - openssl <no-dsa> (Not exploitable in a real-world scenario)
	[etch] - openssl097 <no-dsa> (Not exploitable in a real-world scenario)
CVE-2007-3107 (The signal handling in the Linux kernel before 2.6.22, including 2.6.2 ...)
	- linux-2.6 2.6.22-1 (unimportant)
	NOTE: Not reproducibly reliably by an attacker, mostly a bug
	NOTE: This is fixed by 9a08e732533b940d2d31f4e9999dfee5e1ca3914
	NOTE: in Linus' tree.
CVE-2007-3106 (lib/info.c in libvorbis 1.1.2, and possibly other versions before 1.2. ...)
	{DSA-1471-1}
	- libvorbisidec 1.0.2+svn16259-2 (bug #669196)
	- libvorbis 1.2.0.dfsg-1 (medium)
CVE-2007-3105 (Stack-based buffer overflow in the random number generator (RNG) imple ...)
	{DSA-1504-1 DSA-1363-1}
	- linux-2.6 2.6.22-4
CVE-2007-3104 (The sysfs_readdir function in the Linux kernel 2.6, as used in Red Hat ...)
	{DSA-1428-1}
	- linux-2.6 2.6.22-4 (low)
CVE-2007-3103 (The init.d script for the X.Org X11 xfs font server on various Linux d ...)
	{DSA-1342-1}
	- xfs 1:1.0.8-2.1 (low)
	NOTE: i've checked 1.0.8, and this problem is no longer present
CVE-2007-3102 (Unspecified vulnerability in the linux_audit_record_event function in  ...)
	- openssh <not-affected> (This is a redhat/fedora specific issue)
	NOTE: this issue was introduced by a patch of redhat (openssh-4.3p1-audit.patch)
	NOTE: The patch fixing this (openssh-4.3p2-cve-2007-3102.patch) can be found on:
	NOTE: http://mirror.linux.duke.edu/pub/fedora/linux/core/updates/6/SRPMS/openssh-4.3p2-25.fc6.src.rpm
CVE-2007-3101 (Multiple cross-site scripting (XSS) vulnerabilities in certain JSF app ...)
	NOT-FOR-US: Apache MyFaces Tomahawk
CVE-2007-3100 (usr/log.c in iscsid in open-iscsi (iscsi-initiator-utils) before 2.0-8 ...)
	{DSA-1314-1}
	- open-iscsi 2.0.865-1 (low; bug #429225)
CVE-2007-3099 (usr/mgmt_ipc.c in iscsid in open-iscsi (iscsi-initiator-utils) before  ...)
	{DSA-1314-1}
	- open-iscsi 2.0.865-1 (medium; bug #429225)
CVE-2007-3098 (The SNMPc Server (crserv.exe) process in Castle Rock Computing SNMPc b ...)
	NOT-FOR-US: Castle Rock Computing SNMPc
CVE-2007-3097 (my.activation.php3 in F5 FirePass 4100 SSL VPN allows remote attackers ...)
	NOT-FOR-US: F5 Firepass 4100 SSL VPN
CVE-2007-3096 (Directory traversal vulnerability in login.php in PBLang (PBL) 4.67.16 ...)
	NOT-FOR-US: PBLang (PBL)
CVE-2007-3095 (Unspecified vulnerability in Symantec Reporting Server 1.0.197.0, and  ...)
	NOT-FOR-US: Symantec Reporting Server
CVE-2007-3094 (Unspecified vulnerability in the authentication mechanism in Solaris M ...)
	NOT-FOR-US: Solaris Management Console
CVE-2007-3093 (Unspecified vulnerability in the logging mechanism in Solaris Manageme ...)
	NOT-FOR-US: Solaris Management Console
CVE-2007-3092 (Microsoft Internet Explorer 6 allows remote attackers to spoof the URL ...)
	NOT-FOR-US: MSIE6
CVE-2007-3091 (Race condition in Microsoft Internet Explorer 6 SP1; 6 and 7 for Windo ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2007-3090
	REJECTED
CVE-2007-3089 (Mozilla Firefox before 2.0.0.5 does not prevent use of document.write  ...)
	{DSA-1339-1 DSA-1338-1 DSA-1337-1 DTSA-45-1 DTSA-47-1 DTSA-51-1}
	- iceweasel 2.0.0.5-1 (low; bug #427691)
	- iceape 1.1.3-1 (low)
	- xulrunner 1.8.1.5-1 (low)
	NOTE: MFSA2007-20
CVE-2007-3088 (SQL injection vulnerability in index.php in Comicsense allows remote a ...)
	NOT-FOR-US: Comicsense
CVE-2007-3087 (Peercast places a cleartext password in a query string, which might al ...)
	NOT-FOR-US: PeerCast
CVE-2007-3086 (Unrestricted critical resource lock in Agnitum Outpost Firewall PRO 4. ...)
	NOT-FOR-US: Outpost Firewall PRO
CVE-2007-3085 (Multiple PHP remote file inclusion vulnerabilities in PBSite allow rem ...)
	NOT-FOR-US: PBSite
CVE-2007-3084 (PHP remote file inclusion vulnerability in sampleblogger.php in Comdev ...)
	NOT-FOR-US: Comdev Web Blogger
CVE-2007-3083 (Z-Blog 1.7 stores sensitive information under the web root with insuff ...)
	NOT-FOR-US: Z-Blog
CVE-2007-3082 (Directory traversal vulnerability in sendcard.php in Sendcard 3.4.1 an ...)
	NOT-FOR-US: Sendcard
CVE-2007-3081 (PHP remote file inclusion vulnerability in sampleecommerce.php in Comd ...)
	NOT-FOR-US: Comdev eCommerce
CVE-2007-3080 (SQL injection vulnerability in haberoku.asp in Hunkaray Okul Portaly 1 ...)
	NOT-FOR-US: Hunkaray Okul Portaly
CVE-2007-3079 (listmembers.php in EQdkp 1.3.2c and earlier allows remote attackers to ...)
	NOT-FOR-US: EQdkp
CVE-2007-3078 (Multiple cross-site scripting (XSS) vulnerabilities in Aigaion before  ...)
	NOT-FOR-US: Aigaion
CVE-2007-3077 (SQL injection vulnerability in listmembers.php in EQdkp 1.3.2 and earl ...)
	NOT-FOR-US: EQdkp
CVE-2007-3076 (A certain ActiveX control in sasatl.dll in Zenturi ProgramChecker allo ...)
	NOT-FOR-US: Zenturi ProgramChecker
CVE-2007-3075 (Directory traversal vulnerability in Microsoft Internet Explorer allow ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2007-3074 (Mozilla Firefox 2.0.0.4 and earlier allows remote attackers to read fi ...)
	{DSA-1707-1 DSA-1704-1 DSA-1697-1}
	- iceweasel 2.0.0.4-1 (low)
	- iceape 1.0.9-1 (low)
	- xulrunner 1.8.1.4-1 (low)
CVE-2007-3073 (Directory traversal vulnerability in Mozilla Firefox 2.0.0.4 and earli ...)
	NOTE: Duplicate of CVE-2008-4067
CVE-2007-3072 (Directory traversal vulnerability in Mozilla Firefox before 2.0.0.4 on ...)
	- iceweasel <not-affected> (Only affects Windows versions of Firefox)
CVE-2007-3071 (Buffer overflow in the GetWebStoreURL function in a certain ActiveX co ...)
	NOT-FOR-US: eSellerate
CVE-2007-3070 (Cross-site scripting (XSS) vulnerability in index.php in BDigital Web  ...)
	NOT-FOR-US: BDigital Web Solutions WebStudio
CVE-2007-3069 (xscreensaver in Sun Solaris 10 before 20070604, when a GNOME session w ...)
	NOT-FOR-US: Sun Solaris
CVE-2007-3068 (Stack-based buffer overflow in DVD X Player 4.1 Professional allows re ...)
	NOT-FOR-US: DVD X Player
CVE-2007-3067 (Cross-site scripting (XSS) vulnerability in the Attunement and Key Tra ...)
	NOT-FOR-US: EQdkp
CVE-2007-3066 (Multiple PHP remote file inclusion vulnerabilities in php(Reactor) 1.2 ...)
	NOT-FOR-US: IBM DB2
CVE-2007-3065 (SQL injection vulnerability in viewimage.php in Particle Soft Particle ...)
	NOT-FOR-US: Particle Gallery
CVE-2007-3064 (Cross-site scripting (XSS) vulnerability in diary.php in My Databook a ...)
	NOT-FOR-US: My Datebook
CVE-2007-3063 (SQL injection vulnerability in diary.php in My Databook allows remote  ...)
	NOT-FOR-US: My Datebook
CVE-2007-3062 (Cross-site scripting (XSS) vulnerability in HP System Management Homep ...)
	NOT-FOR-US: HP System Management Homepage
CVE-2007-3061 (Cactushop 6 and earlier stores sensitive information under the web roo ...)
	NOT-FOR-US: Cactushop
CVE-2007-3060 (Multiple cross-site scripting (XSS) vulnerabilities in PHP Live! 3.2.2 ...)
	NOT-FOR-US: PHP Live!
CVE-2007-3059 (SendCard 3.3.0 allows remote attackers to obtain sensitive information ...)
	NOT-FOR-US: SendCard
CVE-2007-3058 (Multiple PHP remote file inclusion vulnerabilities in Madirish Webmail ...)
	NOT-FOR-US: Madirish Webmail
CVE-2007-3057 (PHP remote file inclusion vulnerability in include/wysiwyg/spaw_contro ...)
	NOT-FOR-US: XOOPS
CVE-2007-3056 (Cross-site scripting (XSS) vulnerability in filedetails.php in WebSVN  ...)
	- websvn 1.61-22.3 (unimportant; bug #439337)
	NOTE: Websvn does not have cookie based authentication by itself.
	NOTE: I therefore don't think this is serious enough for a stable update.
CVE-2007-3055 (Cross-site scripting (XSS) vulnerability in index.php in Codelib Linke ...)
	NOT-FOR-US: Codelib Linker
CVE-2007-3054 (Cross-site scripting (XSS) vulnerability in search.php in Codelib Link ...)
	NOT-FOR-US: Codelib Linker
CVE-2007-3053 (Session fixation vulnerability in Calimero.CMS 3.3.1232 and earlier al ...)
	NOT-FOR-US: Calimero
CVE-2007-3052 (SQL injection vulnerability in index.php in the PNphpBB2 1.2i and earl ...)
	NOT-FOR-US: PostNuke
CVE-2007-3051 (SQL injection vulnerability in inc/class_users.php in RevokeSoft Revok ...)
	NOT-FOR-US: RevokeSoft RevokeBB
CVE-2007-3050 (Session fixation vulnerability in chameleon cms 3.0 and earlier allows ...)
	NOT-FOR-US: chameleon cms
CVE-2007-3049 (Cross-site scripting (XSS) vulnerability in index.php in Buttercup web ...)
	NOT-FOR-US: Buttercup BWFM
CVE-2007-3048
	- screen <not-affected> (not reproducible)
CVE-2007-3047 (The Vonage VoIP Telephone Adapter has a default administrator username ...)
	NOT-FOR-US: Vonage
CVE-2007-3046 (Buffer overflow in Advanced Software Production Line Vortex Library be ...)
	NOT-FOR-US: Advanced Software Production Line Vortex Library
CVE-2007-3045 (Unspecified vulnerability in Hitachi TP1/NET/OSI-TP-Extended on HI-UX/ ...)
	NOT-FOR-US: Hitachi TP1
CVE-2007-3044 (Unspecified vulnerability in the Map I/O Service (xpwmap) in Hitachi X ...)
	NOT-FOR-US: Hitachi
CVE-2007-3043 (Cross-site scripting (XSS) vulnerability in Collaboration - File Shari ...)
	NOT-FOR-US: Hitachi Collaboration
CVE-2007-3042 (Cross-site scripting (XSS) vulnerability in Meneame before 2 allows re ...)
	NOT-FOR-US: Meneame
CVE-2007-3041 (Unspecified vulnerability in the pdwizard.ocx ActiveX object for Inter ...)
	NOT-FOR-US: Microsoft
CVE-2007-3040 (Stack-based buffer overflow in agentdpv.dll 2.0.0.3425 in Microsoft Ag ...)
	NOT-FOR-US: Windows
CVE-2007-3039 (Stack-based buffer overflow in the Microsoft Message Queuing (MSMQ) se ...)
	NOT-FOR-US: Windows
CVE-2007-3038 (The Teredo interface in Microsoft Windows Vista and Vista x64 Edition  ...)
	NOT-FOR-US: Microsoft
CVE-2007-3037 (Microsoft Windows Media Player 7.1, 9, 10, and 11 allows remote attack ...)
	NOT-FOR-US: Microsoft
CVE-2007-3036 (Unspecified vulnerability in the (1) Windows Services for UNIX 3.0 and ...)
	NOT-FOR-US: Windows Services for UNIX
CVE-2007-3035 (Unspecified vulnerability in Microsoft Windows Media Player 7.1, 9, 10 ...)
	NOT-FOR-US: Microsoft
CVE-2007-3034 (Integer overflow in the AttemptWrite function in Graphics Rendering En ...)
	NOT-FOR-US: Microsoft
CVE-2007-3033 (Cross-site scripting (XSS) vulnerability in Windows Vista Feed Headlin ...)
	NOT-FOR-US: Microsoft
CVE-2007-3032 (Unspecified vulnerability in Windows Vista Contacts Gadget in Windows  ...)
	NOT-FOR-US: Microsoft
CVE-2007-3031
	REJECTED
CVE-2007-3030 (Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, and 2003 Viewer allows u ...)
	NOT-FOR-US: Microsoft Excel
CVE-2007-3029 (Unspecified vulnerability in Microsoft Excel 2002 SP3 and 2003 SP2 all ...)
	NOT-FOR-US: Microsoft Excel
CVE-2007-3028 (The LDAP service in Windows Active Directory in Microsoft Windows 2000 ...)
	NOT-FOR-US: Microsoft
CVE-2007-3027 (Race condition in Microsoft Internet Explorer 5.01, 6, and 7 allows re ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2007-3026 (Integer overflow in Panda Software AdminSecure allows remote attackers ...)
	NOT-FOR-US: Panda
CVE-2007-3025 (Unspecified vulnerability in libclamav/phishcheck.c in ClamAV before 0 ...)
	- clamav <not-affected> (Solaris-specific bug)
CVE-2007-3024 (libclamav/others.c in ClamAV before 0.90.3 and 0.91 before 0.91rc1 use ...)
	{DSA-1320-1 DTSA-43-1}
	- clamav 0.90.3-1
CVE-2007-3023 (unsp.c in ClamAV before 0.90.3 and 0.91 before 0.91rc1 does not proper ...)
	{DSA-1320-1 DTSA-43-1}
	- clamav 0.90.3-1
CVE-2007-3022 (Symantec Reporting Server 1.0.197.0, and other versions before 1.0.224 ...)
	NOT-FOR-US: Symantec
CVE-2007-3021 (Symantec Reporting Server 1.0.197.0, and other versions before 1.0.224 ...)
	NOT-FOR-US: Symantec
CVE-2007-3020
	RESERVED
CVE-2007-3019
	RESERVED
CVE-2007-3018 (activeWeb contentserver CMS before 5.6.2964 does not limit the file-cr ...)
	NOT-FOR-US: activeWeb contentserver CMS
CVE-2007-3017 (The WYSIWYG editor applet in activeWeb contentserver CMS before 5.6.29 ...)
	NOT-FOR-US: activeWeb contentserver CMS
CVE-2007-3016
	RESERVED
CVE-2007-3015
	RESERVED
CVE-2007-3014 (Multiple cross-site scripting (XSS) vulnerabilities in activeWeb conte ...)
	NOT-FOR-US: activeWeb contentserver CMS
CVE-2007-3013 (SQL injection vulnerability in activeWeb contentserver before 5.6.2964 ...)
	NOT-FOR-US: activeWeb contentserver CMS
CVE-2007-3012 (The web interface in Fujitsu-Siemens Computers PRIMERGY BX300 Switch B ...)
	NOT-FOR-US: Fujitsu-Siemens
CVE-2007-3011 (The DBAsciiAccess CGI Script in the web interface in Fujitsu-Siemens C ...)
	NOT-FOR-US: Fujitsu-Siemens
CVE-2007-3010 (masterCGI in the Unified Maintenance Tool in Alcatel OmniPCX Enterpris ...)
	NOT-FOR-US: Alcatel OmniPCX Enterprise Communication Server
CVE-2007-3009 (Format string vulnerability in the MprLogToFile::logEvent function in  ...)
	NOT-FOR-US: Mbedthis AppWeb
CVE-2007-3008 (Mbedthis AppWeb before 2.2.2 enables the HTTP TRACE method, which has  ...)
	NOT-FOR-US: Mbedthis AppWeb
CVE-2007-3007 (PHP 5 before 5.2.3 does not enforce the open_basedir or safe_mode rest ...)
	- php5 5.2.3-1 (unimportant)
CVE-2007-3006 (Buffer overflow in Acoustica MP3 CD Burner 4.32 allows user-assisted r ...)
	NOT-FOR-US: Acoustica MP3 CD Burner
CVE-2007-3005
	REJECTED
CVE-2007-3004
	REJECTED
CVE-2007-3003 (Multiple SQL injection vulnerabilities in myBloggie 2.1.6 and earlier  ...)
	NOT-FOR-US: myBloggie
CVE-2007-3002 (PHP JackKnife (PHPJK) allows remote attackers to obtain sensitive info ...)
	NOT-FOR-US: PHP JackKnife
CVE-2007-3001 (Multiple cross-site scripting (XSS) vulnerabilities in PHP JackKnife ( ...)
	NOT-FOR-US: PHP JackKnife
CVE-2007-3000 (Multiple SQL injection vulnerabilities in PHP JackKnife (PHPJK) allow  ...)
	NOT-FOR-US: PHP JackKnife
CVE-2007-2999 (Microsoft Windows Server 2003, when time restrictions are in effect fo ...)
	NOT-FOR-US: Microsoft
CVE-2007-2998 (The Pascal run-time library (PAS$RTL.EXE) before 20070418 on OpenVMS f ...)
	NOT-FOR-US: OpenVMS
CVE-2007-2997
	NOT-FOR-US: SalesCart Shopping Cart
CVE-2007-2996 (Unspecified vulnerability in perl.rte 5.8.0.10 through 5.8.0.95 on IBM ...)
	NOT-FOR-US: IBM AIX
CVE-2007-2995 (Unspecified vulnerability in sysmgt.websm.rte in IBM AIX 5.2.0 and 5.3 ...)
	NOT-FOR-US: IBM AIX
CVE-2007-2994 (SQL injection vulnerability in news.php in DGNews 2.1 allows remote at ...)
	NOT-FOR-US: DGNews
CVE-2007-2993 (Multiple cross-site scripting (XSS) vulnerabilities in OmegaMw7.asp in ...)
	NOT-FOR-US: OMEGA INterneSErvicesLosungen (INSEL)
CVE-2007-2992 (Multiple SQL injection vulnerabilities in OmegaMw7.asp in OMEGA (aka O ...)
	NOT-FOR-US: OMEGA INterneSErvicesLosungen (INSEL)
CVE-2007-2991 (Cross-site scripting (XSS) vulnerability in includes/send.inc.php in E ...)
	NOT-FOR-US: Evenzia CMS
CVE-2007-2990 (Unspecified vulnerability in inetd in Sun Solaris 10 before 20070529 a ...)
	NOT-FOR-US: Sun Solaris
CVE-2007-2989 (The libike library in Sun Solaris 9 before 20070529 contains a logic e ...)
	NOT-FOR-US: Sun Solaris
CVE-2007-2988 (A certain admin script in Inout Meta Search Engine sends a redirect to ...)
	NOT-FOR-US: Inout Meta Search Engine
CVE-2007-2987 (Multiple buffer overflows in certain ActiveX controls in sasatl.dll in ...)
	NOT-FOR-US: Zenturi ProgramChecker
CVE-2007-2986 (PHP remote file inclusion vulnerability in lib/live_status.lib.php in  ...)
	NOT-FOR-US: AdminBot
CVE-2007-2985 (Pheap 2.0 allows remote attackers to bypass authentication by setting  ...)
	NOT-FOR-US: Pheap
CVE-2007-2984 (Multiple stack-based buffer overflows in the Media Technology Group CD ...)
	NOT-FOR-US: Media Technology Group CDPass
CVE-2007-2982 (Multiple buffer overflows in the British Telecommunications Business C ...)
	NOT-FOR-US: British Telecommunications Business Connect
CVE-2007-2981 (Buffer overflow in a certain ActiveX control in LEAD Technologies LEAD ...)
	NOT-FOR-US: LeadTools
CVE-2007-2980 (Heap-based buffer overflow in a certain ActiveX control in LEADTOOLS L ...)
	NOT-FOR-US: LeadTools
CVE-2007-2979 (Techno Dreams Web Directory / Search Engine 2.0 stores sensitive infor ...)
	NOT-FOR-US: Techno Dreams Web Directory / Search Engine
CVE-2007-2978 (Session fixation vulnerability in eggblog 3.1.0 and earlier allows rem ...)
	NOT-FOR-US: eggblog
CVE-2007-2977 (Buffer overflow in the receive function in submit/submitcommon.c in th ...)
	NOT-FOR-US: DOMjudge
CVE-2007-2976 (Centrinity FirstClass 8.3 and earlier, and Server and Internet Service ...)
	NOT-FOR-US: Centrinity
CVE-2007-2975 (The admin console in Ignite Realtime Openfire 3.3.0 and earlier (forme ...)
	NOT-FOR-US: Ignite Realtime
CVE-2007-2974 (Buffer overflow in the file parsing engine in Avira Antivir Antivirus  ...)
	NOT-FOR-US: Avira Antivirus
CVE-2007-2973 (Avira Antivir Antivirus before 7.03.00.09 allows remote attackers to c ...)
	NOT-FOR-US: Avira Antivirus
CVE-2007-2972 (The file parsing engine in Avira Antivir Antivirus before 7.04.00.24 a ...)
	NOT-FOR-US: Avira Antivirus
CVE-2007-2971 (SQL injection vulnerability in getnewsitem.php in gCards 1.46 and earl ...)
	NOT-FOR-US: gCards
CVE-2007-2970 (Multiple cross-site scripting (XSS) vulnerabilities in cgi/block.cgi i ...)
	NOT-FOR-US: 8e6 R3000 Internet Filter
CVE-2007-2969 (PHP remote file inclusion vulnerability in newsletter.php in WAnewslet ...)
	NOT-FOR-US: WAnewsletter
CVE-2007-2968 (Cross-site scripting (XSS) vulnerability in register.php in cpCommerce ...)
	NOT-FOR-US: cpCommerce
CVE-2007-XXXX [webpy HTTP response splitting vulnerability]
	- webpy 0.210-1 (bug #427715; unimportant)
	NOTE: This is not a vulnerability, but an additional precaution function for
	NOTE: a development framework. If someone wants to have this updated in Etch, this
	NOTE: needs to go through a point update
CVE-2007-2967 (Multiple F-Secure anti-virus products for Microsoft Windows and Linux  ...)
	NOT-FOR-US: F-Secure
CVE-2007-2966 (Buffer overflow in the LHA decompression component in F-Secure anti-vi ...)
	NOT-FOR-US: F-Secure
CVE-2007-2965 (Unspecified vulnerability in the Real-time Scanning component in multi ...)
	NOT-FOR-US: F-Secure
CVE-2007-2964 (The fsmsh.dll host module in F-Secure Policy Manager Server 7.00 and e ...)
	NOT-FOR-US: F-Secure
CVE-2007-2963 (Multiple cross-site scripting (XSS) vulnerabilities in Invision Power  ...)
	NOT-FOR-US: Invision Power Board
CVE-2007-2962 (Cross-site scripting (XSS) vulnerability in search.php in Particle Gal ...)
	NOT-FOR-US: Particle Gallery
CVE-2007-2961 (Unrestricted file upload vulnerability in FileCloset before 1.1.5 allo ...)
	NOT-FOR-US: FileCloset
CVE-2007-2960 (Multiple directory traversal vulnerabilities in Scallywag 2005-04-25 a ...)
	NOT-FOR-US: Scallywag
CVE-2007-2959 (SQL injection vulnerability in manufacturer.php in cpCommerce before 1 ...)
	NOT-FOR-US: cpCommerce
CVE-2007-2958 (Format string vulnerability in the inc_put_error function in src/inc.c ...)
	- sylpheed-claws 1.0.5-5.2 (low; bug #441854)
	[etch] - sylpheed-claws <no-dsa> (Minor issue)
	[sarge] - sylpheed-claws <no-dsa> (Minor issue)
	- sylpheed 2.4.5-1 (low)
	[etch] - sylpheed <no-dsa> (Minor issue)
	[sarge] - sylpheed <no-dsa> (Minor issue)
	NOTE: the cvs referenced in redhat bugzilla is not available anymore however
	NOTE: http://www.colino.net/claws-mail/getpatchset.php3?ver=2.10.0cvs153 fixes the bug
CVE-2007-2957 (Integer overflow in McAfee E-Business Server before 8.5.3 for Solaris, ...)
	NOT-FOR-US: McAfee on Solaris
CVE-2007-2956 (Stack-based buffer overflow in the readRadianceHeader function in (1)  ...)
	NOT-FOR-US: Qtpfsgui and pfstools
CVE-2007-2955 (Multiple unspecified "input validation error" vulnerabilities in multi ...)
	NOT-FOR-US: Norton Antivirus/Internet Security/System Works
CVE-2007-2954 (Multiple stack-based buffer overflows in the Spooler service (nwspool. ...)
	NOT-FOR-US: Novell Client
CVE-2007-2953 (Format string vulnerability in the helptags_one function in src/ex_cmd ...)
	{DSA-1364-2 DSA-1364-1}
	- vim 1:7.1-056+1 (low)
CVE-2007-2952 (Multiple stack-based buffer overflows in the filter service (aka k9fil ...)
	NOT-FOR-US: Blue Coat K9 Web Protection
CVE-2007-2951 (The parseIrcUrl function in src/kvirc/kernel/kvi_ircurl.cpp in KVIrc 3 ...)
	- kvirc 2:3.2.4-5 (bug #434419; medium)
CVE-2007-2950 (Centennial Discovery 2006 Feature Pack 1, which is used by (1) Numara  ...)
	NOT-FOR-US: Centennial
CVE-2007-2949 (Integer overflow in the seek_to_and_unpack_pixeldata function in the p ...)
	{DSA-1335-1}
	- gimp 2.2.16-1 (medium)
	- ingimp 2.2.16.20070710-1
	NOTE: http://secunia.com/secunia_research/2007-63/advisory
CVE-2007-2948 (Multiple stack-based buffer overflows in stream/stream_cddb.c in MPlay ...)
	{DSA-1313-1}
	- mplayer 1.0~rc1-14
CVE-2007-2947 (Multiple PHP remote file inclusion vulnerabilities in OpenBASE Alpha 0 ...)
	NOT-FOR-US: OpenBASE Alpha
CVE-2007-2946 (Buffer overflow in a certain ActiveX control in LeadTools Raster Dialo ...)
	NOT-FOR-US: LeadTools Raster Dialog File_D Object (LTRDFD14e.DLL)
CVE-2007-2945 (RMForum stores sensitive information under the web root with insuffici ...)
	NOT-FOR-US: RMForum
CVE-2007-2944 (WabCMS 1.0 stores sensitive information under the web root with insuff ...)
	NOT-FOR-US: WabCMS
CVE-2007-2943 (PHP remote file inclusion vulnerability in class/class.php in Webavis  ...)
	NOT-FOR-US: Webavis
CVE-2007-2942 (SQL injection vulnerability in user.php in My Little Forum 1.7 and ear ...)
	NOT-FOR-US: My Little Forum
CVE-2007-2941 (Multiple PHP remote file inclusion vulnerabilities in the creator in v ...)
	NOT-FOR-US: vBulletin Google Yahoo Site Map
CVE-2007-2940 (Multiple PHP remote file inclusion vulnerabilities in FlaP 1.0b (1.0 B ...)
	NOT-FOR-US: FlaP
CVE-2007-2939 (Multiple PHP remote file inclusion vulnerabilities in Mazen's PHP Chat ...)
	NOT-FOR-US: Mazen's PHP Chat
CVE-2007-2938 (Buffer overflow in the BaseRunner ActiveX control in the Ademco ATNBas ...)
	NOT-FOR-US: BaseRunner ActiveX control in the Ademco ATNBaseLoader100 Module
CVE-2007-2937 (PHP remote file inclusion vulnerability in admin/admin.php in TROforum ...)
	NOT-FOR-US: TROforum
CVE-2007-2936 (Multiple PHP remote file inclusion vulnerabilities in Frequency Clock  ...)
	NOT-FOR-US: Frequency Clock
CVE-2007-2935 (core/spellcheck/spellcheck.php in Fundanemt before 2.2.0.1 allows remo ...)
	NOT-FOR-US: Fundanemt
CVE-2007-2934 (Directory traversal vulnerability in skins/common.css.php in Vistered  ...)
	NOT-FOR-US: Vistered Little
CVE-2007-2933 (SQL injection vulnerability in index.php in the Phil-a-Form (com_phila ...)
	NOT-FOR-US: Phil-a-Form
CVE-2007-2932 (Cross-site scripting (XSS) vulnerability in index.php in BoastMachine  ...)
	NOT-FOR-US: BoastMachine
CVE-2007-2931 (Heap-based buffer overflow in Microsoft MSN Messenger 6.2, 7.0, and 7. ...)
	NOT-FOR-US: MSN Messenger
CVE-2007-2930 (The (1) NSID_SHUFFLE_ONLY and (2) NSID_USE_POOL PRNG algorithms in ISC ...)
	- bind <removed> (bug #442910)
	[etch] - bind <no-dsa> (It's documented in README.Debian that Bind 8 has architectual limitations and should not be used unless you know what you're doing)
	[sarge] - bind <no-dsa> (It's documented in README.Debian that Bind 8 has architectual limitations and should not be used unless you know what you're doing)
CVE-2007-2929 (The IBM Lenovo Access Support acpRunner ActiveX control, as distribute ...)
	NOT-FOR-US: IBM Lenovo Access Support
CVE-2007-2928 (Format string vulnerability in the IBM Lenovo Access Support acpRunner ...)
	NOT-FOR-US: IBM Lenovo Access Support
CVE-2007-2927 (Unspecified vulnerability in Atheros 802.11 a/b/g wireless adapter dri ...)
	NOT-FOR-US: Windows Atheros drivers
CVE-2007-2926 (ISC BIND 9 through 9.5.0a5 uses a weak random number generator during  ...)
	{DSA-1341-2}
	- bind9 1:9.4.1-P1-1
CVE-2007-2925 (The default access control lists (ACL) in ISC BIND 9.4.0, 9.4.1, and 9 ...)
	- bind9 1:9.4.1-P1-1 (medium)
	[etch] - bind9 <not-affected> (Only 9.4.x and 9.5.x are affected)
	[sarge] - bind9 <not-affected> (Only 9.4.x and 9.5.x are affected)
CVE-2007-2924 (Multiple buffer overflows in RealNetworks GameHouse dldisplay ActiveX  ...)
	NOT-FOR-US: RealNetworks GameHouse
CVE-2007-2923 (The launch method in the LocalExec ActiveX control (LocalExec.ocx) in  ...)
	NOT-FOR-US: LocalExec ActiveX control
CVE-2007-2922
	RESERVED
CVE-2007-2921 (Multiple buffer overflows in acgm.dll in the Corel / Micrografx Active ...)
	NOT-FOR-US: Corel
CVE-2007-2920 (Multiple stack-based buffer overflows in the Zoomify Viewer ActiveX co ...)
	NOT-FOR-US: Zoomify Viewer
CVE-2007-2919 (Multiple stack-based buffer overflows in the FViewerLoading ActiveX co ...)
	NOT-FOR-US: FViewerLoading
CVE-2007-2918 (Multiple stack-based buffer overflows in ActiveX controls (1) VibeC in ...)
	NOT-FOR-US: Logitech
CVE-2007-2917 (Multiple buffer overflows in a certain ActiveX control in odapi.dll in ...)
	NOT-FOR-US: Authentium
CVE-2007-2916 (Cross-site scripting (XSS) vulnerability in showown.php in GMTT Music  ...)
	NOT-FOR-US: GMTT Music Distro
CVE-2007-2915 (Cross-site scripting (XSS) vulnerability in RM EasyMail Plus allows re ...)
	NOT-FOR-US: RM EasyMail Plus
CVE-2007-2914 (Multiple cross-site scripting (XSS) vulnerabilities in PsychoStats 3.0 ...)
	NOT-FOR-US: PsychoStats
CVE-2007-2913 (Cross-site scripting (XSS) vulnerability in index.php in ClonusWiki .5 ...)
	NOT-FOR-US: ClonusWiki
CVE-2007-2912 (Unspecified vulnerability in Jelsoft vBulletin before 3.6.6, when unau ...)
	NOT-FOR-US: Jelsoft vBulletin
CVE-2007-2911 (SQL injection vulnerability in admincp/attachment.php in Jelsoft vBull ...)
	NOT-FOR-US: Jelsoft vBulletin
CVE-2007-2910 (Cross-site scripting (XSS) vulnerability in Jelsoft vBulletin before 3 ...)
	NOT-FOR-US: Jelsoft vBulletin
CVE-2007-2909 (Cross-site scripting (XSS) vulnerability in calendar.php in Jelsoft vB ...)
	NOT-FOR-US: Jelsoft vBulletin
CVE-2007-2908 (Cross-site scripting (XSS) vulnerability in calendar.php in Jelsoft vB ...)
	NOT-FOR-US: vBulletin
CVE-2007-2907 (Unspecified vulnerability in SSL-Explorer before 0.2.13 allows remote  ...)
	NOT-FOR-US: SSL-Explorer
CVE-2007-2906 (Java Embedding Plugin 0.9.6.1 allows remote attackers to cause a denia ...)
	NOT-FOR-US: Java Embedding Plugin for Mac OS X
CVE-2007-2905 (SQL injection vulnerability in includes/rating.php in 2z Project 0.9.5 ...)
	NOT-FOR-US: 2z Project
CVE-2007-2904 (Cross-site scripting (XSS) vulnerability in Sun Java System Messaging  ...)
	NOT-FOR-US: Sun Java System Messaging Server
CVE-2007-2903 (Buffer overflow in the HelpPopup method in the Microsoft Office 2000 C ...)
	NOT-FOR-US: Microsoft Office ActiveX control
CVE-2007-2902 (SQL injection vulnerability in main/auth/my_progress.php in Dokeos 1.8 ...)
	NOT-FOR-US: Dokeos
CVE-2007-2901 (Multiple cross-site scripting (XSS) vulnerabilities in Dokeos 1.8.0 an ...)
	NOT-FOR-US: Dokeos
CVE-2007-2900 (Multiple PHP remote file inclusion vulnerabilities in Scallywag 2005-0 ...)
	NOT-FOR-US: Scallywag
CVE-2007-2899 (Direct static code injection vulnerability in admin_config.php in NavB ...)
	NOT-FOR-US: Navboard
CVE-2007-2898 (SQL injection vulnerability in includes/rating.php in 2z Project 0.9.5 ...)
	NOT-FOR-US: 2z Project
CVE-2007-2897 (Microsoft Internet Information Services (IIS) 6.0 allows remote attack ...)
	NOT-FOR-US: Microsoft IIS
CVE-2007-2896 (Race condition in the Symantec Enterprise Security Manager (ESM) 6.5.3 ...)
	NOT-FOR-US: Symantec
CVE-2007-2895 (Buffer overflow in a certain ActiveX control in LTRDF14e.DLL 14.5.0.44 ...)
	NOT-FOR-US: LeadTools Raster Dialog File_D Object (LTRDFD14e.DLL)
CVE-2007-2894 (The emulated floppy disk controller in Bochs 2.3 allows local users of ...)
	- bochs <unfixed> (unimportant)
CVE-2007-2893 (Heap-based buffer overflow in the bx_ne2k_c::rx_frame function in iode ...)
	{DSA-1351-1}
	- bochs 2.3+20070705-1 (low; bug #427144)
	NOTE: kvm/qemu are tracked as CVE-2007-5729 and CVE-2007-5730
CVE-2007-2892 (Cross-site scripting (XSS) vulnerability in news.asp in ASP-Nuke 2.0.7 ...)
	NOT-FOR-US: ASP-Nuke
CVE-2007-2891 (Multiple PHP remote file inclusion vulnerabilities in FirmWorX 0.1.2 a ...)
	NOT-FOR-US: FirmWorX
CVE-2007-2890 (SQL injection vulnerability in category.php in cpCommerce 1.1.0 and ea ...)
	NOT-FOR-US: cpCommerce
CVE-2007-2889 (SQL injection vulnerability in tracking/courseLog.php in Dokeos 1.6.5  ...)
	NOT-FOR-US: Dokeos
CVE-2007-2888 (Stack-based buffer overflow in UltraISO 8.6.2.2011 and earlier allows  ...)
	NOT-FOR-US: UltraISO
CVE-2007-2887 (Cross-site scripting (XSS) vulnerability in index.php in Web Icerik Yo ...)
	NOT-FOR-US: WIYS
CVE-2007-2886 (Unspecified vulnerability in the Nortel CS 1000 M media card in Enterp ...)
	NOT-FOR-US: Nortel
CVE-2007-2885 (The NotSafe function in the MSVDTDatabaseDesigner7 ActiveX control in  ...)
	NOT-FOR-US: Microsoft Visual Database Tools
CVE-2007-2884 (Multiple stack-based buffer overflows in Microsoft Visual Basic 6 allo ...)
	NOT-FOR-US: Microsoft Visual Basic
CVE-2007-2883 (Credant Mobile Guardian Shield for Windows 5.2.1.105 and earlier store ...)
	NOT-FOR-US: Credant
CVE-2007-2882 (Unspecified vulnerability in the NFS client module in Sun Solaris 8 th ...)
	NOT-FOR-US: Sun Solaris
CVE-2007-2881 (Multiple stack-based buffer overflows in the SOCKS proxy support (sock ...)
	NOT-FOR-US: Sun Java Web Proxy Server
CVE-2007-2880 (Multiple cross-site scripting (XSS) vulnerabilities in Digirez 3.4 all ...)
	NOT-FOR-US: Digirez
CVE-2007-2879 (Cross-site scripting (XSS) vulnerability in mods.php in GTP GNUTurk Po ...)
	NOT-FOR-US: GNUTurk
CVE-2007-2878 (The VFAT compat ioctls in the Linux kernel before 2.6.21.2, when run o ...)
	{DSA-1479-1}
	- linux-2.6 2.6.21-3
CVE-2007-2877 (Buffer overflow in tcl/win/tclWinReg.c in Tcl (Tcl/Tk) before 8.5a6 al ...)
	NOTE: Not a security issue; Windows-only anyway.
CVE-2007-2876 (The sctp_new function in (1) ip_conntrack_proto_sctp.c and (2) nf_conn ...)
	{DSA-1356-1}
	- linux-2.6 2.6.21-5 (medium)
CVE-2007-2875 (Integer underflow in the cpuset_tasks_read function in the Linux kerne ...)
	{DSA-1363-1}
	- linux-2.6 2.6.21-5 (medium)
CVE-2007-2874 (Buffer overflow in the wpa_printf function in the debugging code in wp ...)
	- wpasupplicant <not-affected> (Fedora-only issue)
CVE-2007-2873 (SpamAssassin 3.1.x, 3.2.0, and 3.2.1 before 20070611, when running as  ...)
	- spamassassin 3.2.1-1 (low)
	[sarge] - spamassassin <no-dsa> (Only obscure setups affected, only locally exploitable)
	[etch] - spamassassin 3.1.7-2etch1
	NOTE: Minor issue fixed in etch r6 point update
	NOTE: Only obscure setups affected, only locally exploitable
CVE-2007-2872 (Multiple integer overflows in the chunk_split function in PHP 5 before ...)
	- php5 5.2.3-1 (unimportant)
	NOTE: Only triggerable by malicious script
	NOTE: Fix from 5.2.3 was ineffective
CVE-2007-2871 (Mozilla Firefox 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, and SeaM ...)
	{DSA-1308-1 DSA-1306-1 DSA-1300-1 DTSA-45-1 DTSA-47-1 DTSA-51-1}
	NOTE: MFSA2007-17
	- iceweasel 2.0.0.4-1 (low)
	- iceape 1.1.2-1 (low)
	[sarge] - mozilla <no-dsa> (Mozilla products from Sarge no longer supported)
	- xulrunner 1.8.1.4-1 (low)
CVE-2007-2870 (Mozilla Firefox 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, and SeaM ...)
	{DSA-1308-1 DSA-1306-1 DSA-1300-1 DTSA-45-1 DTSA-47-1 DTSA-51-1}
	NOTE: MFSA2007-16
	- iceweasel 2.0.0.4-1 (medium)
	- iceape 1.1.2-1 (medium)
	[sarge] - mozilla <no-dsa> (Mozilla products from Sarge no longer supported)
	- xulrunner 1.8.1.4-1 (medium)
CVE-2007-2869 (The form autocomplete feature in Mozilla Firefox 1.5.x before 1.5.0.12 ...)
	{DSA-1308-1 DSA-1306-1 DTSA-45-1 DTSA-51-1}
	NOTE: MFSA2007-13
	- iceweasel 2.0.0.4-1
	- iceape 1.1.2-1
	- mozilla <removed>
	- xulrunner 1.8.1.4-1
CVE-2007-2868 (Multiple vulnerabilities in the JavaScript engine for Mozilla Firefox  ...)
	{DSA-1308-1 DSA-1306-1 DSA-1305-1 DSA-1300-1 DTSA-45-1 DTSA-46-1 DTSA-47-1 DTSA-51-1}
	NOTE: MFSA2007-12
	- iceweasel 2.0.0.4-1 (high)
	- iceape 1.1.2-1 (high)
	[sarge] - mozilla <no-dsa> (Mozilla products from Sarge no longer supported)
	- icedove 2.0.0.4-1 (low)
	- xulrunner 1.8.1.4-1 (high)
	[sarge] - mozilla-thunderbird <no-dsa> (Mozilla products from Sarge no longer supported)
CVE-2007-2867 (Multiple vulnerabilities in the layout engine for Mozilla Firefox 1.5. ...)
	{DSA-1308-1 DSA-1306-1 DSA-1305-1 DSA-1300-1 DTSA-45-1 DTSA-46-1 DTSA-47-1 DTSA-51-1}
	NOTE: MFSA2007-12
	- iceweasel 2.0.0.4-1 (high)
	- iceape 1.1.2-1 (high)
	[sarge] - mozilla <no-dsa> (Mozilla products from Sarge no longer supported)
	- icedove 2.0.0.4-1 (low)
	- xulrunner 1.8.1.4-1 (high)
	[sarge] - mozilla-thunderbird <no-dsa> (Mozilla products from Sarge no longer supported)
CVE-2007-2866 (Multiple SQL injection vulnerabilities in modules/admin/modules/galler ...)
	NOT-FOR-US: PHPEcho CMS
CVE-2007-2865 (Cross-site scripting (XSS) vulnerability in sqledit.php in phpPgAdmin  ...)
	{DSA-1693-1}
	- phppgadmin 4.1.2-1 (low; bug #427151)
	[sarge] - phppgadmin <not-affected> (Vulnerable code not present)
	NOTE: http://phppgadmin.cvs.sourceforge.net/phppgadmin/webdb/classes/Misc.php?r1=1.156&r2=1.157&pathrev=MAIN
CVE-2007-2864 (Stack-based buffer overflow in the Anti-Virus engine before content up ...)
	NOT-FOR-US: CA Anti-Virus
CVE-2007-2863 (Stack-based buffer overflow in the Anti-Virus engine before content up ...)
	NOT-FOR-US: CA Anti-Virus
CVE-2007-2862 (Multiple SQL injection vulnerabilities in CubeCart 3.0.16 might allow  ...)
	NOT-FOR-US: CubeCart
CVE-2007-2861 (Multiple PHP remote file inclusion vulnerabilities in Simple Accessibl ...)
	NOT-FOR-US: SAXON
CVE-2007-2860 (user.php in BoastMachine 3.0 platinum allows remote authenticated user ...)
	NOT-FOR-US: BoastMachine
CVE-2007-2859 (Multiple PHP remote file inclusion vulnerabilities in SimpGB 1.46.0 al ...)
	NOT-FOR-US: SimpGB
CVE-2007-2858 (SQL injection vulnerability in the IP-Search functionality in the IP-T ...)
	NOT-FOR-US: IP-Tracking Mod for phpBB
CVE-2007-2857 (PHP remote file inclusion vulnerability in sample/xls2mysql in ABC Exc ...)
	NOT-FOR-US: ABC Excel Parser Pro
CVE-2007-2856 (Buffer overflow in the Dart Communications PowerTCP ZIP Compression Ac ...)
	NOT-FOR-US: Dart Communications PowerTCP
CVE-2007-2855 (Buffer overflow in a certain ActiveX control in DartZipLite.dll 1.8.5. ...)
	NOT-FOR-US: Dart ZipLite
CVE-2007-2854 (Multiple SQL injection vulnerabilities in account_change.php in BtiTra ...)
	NOT-FOR-US: BtiTracker
CVE-2007-2853 (The VCDAPILibApi ActiveX control in vc9api.DLL 9.0.0.57 in Virtual CD  ...)
	NOT-FOR-US: Virtual CD
CVE-2007-2852 (Multiple stack-based buffer overflows in ESET NOD32 Antivirus before 2 ...)
	NOT-FOR-US: ESET NOD32 Antivirus
CVE-2007-2851 (A certain ActiveX control in LeadTools Raster Variant Object Library ( ...)
	NOT-FOR-US: LeadTools
CVE-2007-2850 (The Session Reliability Service (XTE) in Citrix MetaFrame Presentation ...)
	NOT-FOR-US: Citrix
CVE-2007-2849 (KnowledgeTree Document Management (aka KnowledgeTree Open Source) befo ...)
	- knowledgetree <removed> (bug #432123)
CVE-2007-2848 (Stack-based buffer overflow in the SetPath function in the shComboBox  ...)
	NOT-FOR-US: Sky Software
CVE-2007-2847 (Multiple cross-site scripting (XSS) vulnerabilities in hlstats.php in  ...)
	NOT-FOR-US: HLstats
CVE-2007-2846 (Heap-based buffer overflow in the SIS unpacker in avast! Anti-Virus Ma ...)
	NOT-FOR-US: Avast
CVE-2007-2845 (Heap-based buffer overflow in the CAB unpacker in avast! Anti-Virus Ma ...)
	NOT-FOR-US: Avast
CVE-2007-2844 (PHP 4.x and 5.x before 5.2.1, when running on multi-threaded systems,  ...)
	- php5 <not-affected> (Multi-threaded operation not supported in Debian)
	- php4 <not-affected> (Multi-threaded operation not supported in Debian)
CVE-2007-2843 (Cross-domain vulnerability in Apple Safari 2.0.4 allows remote attacke ...)
	NOT-FOR-US: Apple Safari
	NOTE: Does not seem to work with Konqueror.
CVE-2007-2842
	RESERVED
CVE-2007-2841
	REJECTED
CVE-2007-2840
	RESERVED
CVE-2007-2839 (gfax 0.4.2 and probably other versions creates temporary files insecur ...)
	{DSA-1329-1}
	- gfax 0.6 (bug #431893; low)
	NOTE: Vulnerable code no longer present since 0.6, so marking this as fixed version
CVE-2007-2838 (The populate_conns function in src/populate_conns.c in GSAMBAD 0.1.4 a ...)
	{DSA-1327-1}
	- gsambad 0.1.6-2 (bug #431331)
CVE-2007-2837 (The (1) getRule and (2) getChains functions in server/rules.cpp in fir ...)
	{DSA-1326-1}
	- fireflier 1.1.7
CVE-2007-2836 (Directory traversal vulnerability in session.rb in Hiki 0.8.0 through  ...)
	{DSA-1324-1}
	- hiki 0.8.7-1 (bug #430691; medium)
	[sarge] - hiki <not-affected> (Vulnerable code not present)
CVE-2007-2835 (Multiple stack-based buffer overflows in (1) CCE_pinyin.c and (2) xl_p ...)
	{DSA-1328-1}
	- unicon 3.0.4-12 (bug #431336)
CVE-2007-2834 (Integer overflow in the TIFF parser in OpenOffice.org (OOo) before 2.3 ...)
	{DSA-1375-1}
	- openoffice.org 2.2.1-9 (medium)
	[sarge] - openoffice.org 1.1.3-9sarge8
CVE-2007-2833 (Emacs 21 allows user-assisted attackers to cause a denial of service ( ...)
	{DSA-1316-1}
	- emacs21 21.4a+1-5.1 (bug #408929; low)
	- emacs-snapshot <removed>
	NOTE: The bug is not present in emacs22 22.2+1-1. It was probably
	NOTE: fixed before the first emacs22 upload.
CVE-2007-2832 (Cross-site scripting (XSS) vulnerability in the web application firewa ...)
	NOT-FOR-US: Cisco
CVE-2007-2831 (Array index error in the (1) ieee80211_ioctl_getwmmparams and (2) ieee ...)
	- madwifi 1:0.9.3-2 (high; bug #425738)
	[etch] - madwifi 1:0.9.2+r1842.20061207-2etch1
CVE-2007-2830 (The ath_beacon_config function in if_ath.c in MadWifi before 0.9.3.1 a ...)
	- madwifi 1:0.9.3-2 (medium; bug #425738)
	[etch] - madwifi 1:0.9.2+r1842.20061207-2etch1
CVE-2007-2829 (The 802.11 network stack in net80211/ieee80211_input.c in MadWifi befo ...)
	- madwifi 1:0.9.3-2 (medium; bug #425738)
	[etch] - madwifi 1:0.9.2+r1842.20061207-2etch1
CVE-2007-2828 (Cross-site request forgery (CSRF) vulnerability in adsense-deluxe.php  ...)
	NOT-FOR-US: AdSense-Deluxe
CVE-2007-2827 (Heap-based buffer overflow in LEAD Technologies LEADTOOLS ISIS ActiveX ...)
	NOT-FOR-US: LeadTools
CVE-2007-2826 (PHP remote file inclusion vulnerability in lib/addressbook.php in Madi ...)
	NOT-FOR-US: Madirish Webmail
CVE-2007-2825 (Multiple cross-site scripting (XSS) vulnerabilities in ReadMsg.php in  ...)
	NOT-FOR-US: @Mail
CVE-2007-2824 (SQL injection vulnerability in paypal.php in AlstraSoft E-Friends 4.21 ...)
	NOT-FOR-US: AlstraSoft E-Friends
CVE-2007-2823 (Multiple buffer overflows in HT Editor before 2.0.6 might allow remote ...)
	NOT-FOR-US: HT Editor
CVE-2007-2822 (TutorialCMS 1.01 and earlier, when register_globals is enabled, allows ...)
	NOT-FOR-US: TutorialCMS
CVE-2007-2821 (SQL injection vulnerability in wp-admin/admin-ajax.php in WordPress be ...)
	{DSA-1502-1}
	- wordpress 2.2-1 (high)
	NOTE: seems present in etch even though admin-ajax.php was not shipped yet
CVE-2007-2820 (Multiple stack-based buffer overflows in the KSign KSignSWAT ActiveX C ...)
	NOT-FOR-US: KSign
CVE-2007-2819 (Cross-site scripting (XSS) vulnerability in reportItem.do in Track+ 3. ...)
	NOT-FOR-US: Track+
CVE-2007-2818 (Cross-site scripting (XSS) vulnerability in cand_login.asp in CactuSof ...)
	NOT-FOR-US: Parodia
CVE-2007-2817 (SQL injection vulnerability in read/index.php in ol'bookmarks 0.7.4 al ...)
	NOT-FOR-US: ol'bookmarks
CVE-2007-2816 (Multiple PHP remote file inclusion vulnerabilities in ol'bookmarks 0.7 ...)
	NOT-FOR-US: ol'bookmarks
CVE-2007-2815 (The "hit-highlighting" functionality in webhits.dll in Microsoft Inter ...)
	NOT-FOR-US: Microsoft IIS
CVE-2007-2814 (Multiple stack-based buffer overflows in the Pegasus ImagN' ActiveX co ...)
	NOT-FOR-US: Pegasus ImagN'
CVE-2007-2813 (Cisco IOS 12.4 and earlier, when using the crypto packages and SSL sup ...)
	NOT-FOR-US: Cisco
CVE-2007-2812 (Cross-site scripting (XSS) vulnerability in hlstats.php in HLstats 1.3 ...)
	NOT-FOR-US: HLstats
CVE-2007-2811 (Cross-site scripting (XSS) vulnerability in OSK Advance-Flow 4.41 and  ...)
	NOT-FOR-US: OSK Advance-Flow
CVE-2007-2810 (SQL injection vulnerability in down_indir.asp in Gazi Download Portal  ...)
	NOT-FOR-US: Gazi Download Portal
CVE-2007-2809 (Buffer overflow in the transfer manager in Opera before 9.21 for Windo ...)
	NOT-FOR-US: Opera
CVE-2007-2808 (Cross-site scripting (XSS) vulnerability in gnatsweb.pl in Gnatsweb 4. ...)
	{DSA-1486-1}
	- gnatsweb 4.00-1.1 (low; bug #427156)
CVE-2007-2807 (Stack-based buffer overflow in mod/server.mod/servrmsg.c in Eggdrop 1. ...)
	{DSA-1826-1 DSA-1448-1}
	- eggdrop 1.6.18-1.1 (medium; bug #427157)
CVE-2007-2806 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in Ga ...)
	NOT-FOR-US: GaliX
CVE-2007-2805 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in Cl ...)
	NOT-FOR-US: ClientExec
CVE-2007-2804 (Multiple cross-site scripting (XSS) vulnerabilities in scripts/prodLis ...)
	NOT-FOR-US: CandyPress Store
CVE-2007-2803 (SQL injection vulnerability in default.asp in Vizayn Urun Tanitim Site ...)
	NOT-FOR-US: Vizayn Urun Tanitim Sitesi
CVE-2007-2802 (Cross-site scripting (XSS) vulnerability in cp/ps/Main/login/Login in  ...)
	NOT-FOR-US: RM EasyMail Plus
CVE-2007-2801 (Multiple cross-site scripting (XSS) vulnerabilities in open.php in eTi ...)
	NOT-FOR-US: eTicket
CVE-2007-2800 (index.php in eTicket 1.5.5.1 and earlier allows remote attackers to ob ...)
	NOT-FOR-US: eTicket
CVE-2007-2799 (Integer overflow in the "file" program 4.20, when running on 32-bit sy ...)
	{DSA-1343-2 DSA-1343-1}
	- file 4.21-1 (medium; bug #428293)
CVE-2007-2798 (Stack-based buffer overflow in the rename_principal_2_svc function in  ...)
	{DSA-1323-1}
	- krb5 1.6.dfsg.1-5 (high; bug #430785)
CVE-2007-XXXX [mantis multiple issues fixed in 1.0.7]
	- mantis 1.0.7+dfsg-1
	[sarge] - mantis 0.19.2-5sarge5
	NOTE: "email notifications bypass security on custom fields" and "XSS vulnerabilities"
CVE-2007-XXXX [NTFS driver for FUSE unspecified issue]
	- ntfs-3g 1:1.516-1
	NOTE: local root exploit
CVE-2007-2797 (xterm, including 192-7.el4 in Red Hat Enterprise Linux and 208-3.1 in  ...)
	- xterm <not-affected> (Debian uses safe compile-time settings)
CVE-2007-2796 (Arris Cadant C3 CMTS allows remote attackers to cause a denial of serv ...)
	NOT-FOR-US: Arris Cadant
CVE-2007-2795 (Multiple buffer overflows in Ipswitch IMail before 2006.21 allow remot ...)
	NOT-FOR-US: Ipswitch IMail
CVE-2007-2794
	RESERVED
CVE-2007-2793 (PHP remote file inclusion vulnerability in ImageImageMagick.php in Gee ...)
	NOT-FOR-US: Geeklog
CVE-2007-2792 (SQL injection vulnerability in the Yet another Newsletter Component (a ...)
	NOT-FOR-US: com_yanc for Mambo
	NOTE: com_yanc component not in Mambo Debian package
CVE-2007-2791 (Unspecified vulnerability in the Secure Shell (SSH) in HP Tru64 UNIX 5 ...)
	NOT-FOR-US: HP Tru64
CVE-2007-2790 (Cross-site scripting (XSS) vulnerability in shopcontent.asp in VP-ASP  ...)
	NOT-FOR-US: VP-ASP Shopping Cart
CVE-2007-2789 (The BMP image parser in Sun Java Development Kit (JDK) before 1.5.0_11 ...)
	- sun-java5 1.5.0-11-1 (medium)
	[etch] - sun-java5 1.5.0-14-1etch1
	- sun-java6 6-01-1 (bug #422403)
	- openjdk-6 6b08-1 (bug #566766)
CVE-2007-2788 (Integer overflow in the embedded ICC profile image parser in Sun Java  ...)
	- sun-java5 1.5.0-11-1 (medium)
	[etch] - sun-java5 1.5.0-14-1etch1
	- sun-java6 6-01-1 (bug #422403)
	- openjdk-6 6b08-1 (bug #566766)
CVE-2007-2787 (Stack-based buffer overflow in the BrowseDir function in the (1) lttmb ...)
	NOT-FOR-US: LeadTools Raster Thumbnail Object Library
CVE-2007-2786 (Ratbox IRC Daemon (aka ircd-ratbox) 2.2.5 and earlier allows remote at ...)
	NOT-FOR-US: ircd-ratbox
CVE-2007-2785 (manage-admins.php in eSyndiCat Pro 1.x allows remote attackers to crea ...)
	NOT-FOR-US: eSyndiCat Pro
CVE-2007-2784 (Unspecified vulnerability in globus-job-manager in Globus Toolkit 4.1. ...)
	NOT-FOR-US: Globus Toolkit
CVE-2007-2783 (Unspecified vulnerability in Rational Soft Hidden Administrator 1.7 an ...)
	NOT-FOR-US: Rational Soft Hidden Administrator
CVE-2007-2782 (Packeteer PacketShaper uses fixed increments in TCP initial sequence n ...)
	NOT-FOR-US: Packeteer PacketShaper
CVE-2007-2781 (Cross-site scripting (XSS) vulnerability in include/sessionRegister.ph ...)
	NOT-FOR-US: WikyBlog
CVE-2007-2780 (PsychoStats 3.0.6b and earlier allows remote attackers to obtain sensi ...)
	NOT-FOR-US: PsychoStats
CVE-2007-2779 (PHP remote file inclusion vulnerability in template_csv.php in Libstat ...)
	NOT-FOR-US: Libstats
CVE-2007-2778 (Multiple directory traversal vulnerabilities in MolyX BOARD 2.5.0 allo ...)
	NOT-FOR-US: MolyX BOARD
CVE-2007-2777 (Unrestricted file upload vulnerability in admin/addsptemplate.php in A ...)
	NOT-FOR-US: AlstraSoft Template Seller Pro
CVE-2007-2776 (AlstraSoft Template Seller Pro 3.25 and earlier sends a redirect to th ...)
	NOT-FOR-US: AlstraSoft Template Seller Pro
CVE-2007-2775 (AlstraSoft Live Support 1.21 sends a redirect to the web browser but d ...)
	NOT-FOR-US: AlstraSoft Live Support
CVE-2007-2774 (Multiple PHP remote file inclusion vulnerabilities in SunLight CMS 5.3 ...)
	NOT-FOR-US: SunLight CMS
CVE-2007-2773 (SQL injection vulnerability in plugins/mp3playlist/mp3playlist.php in  ...)
	NOT-FOR-US: Zomplog
CVE-2007-2772 ((1) caloggerd.exe (camt70.dll) and (2) mediasvr.exe (catirpc.dll and r ...)
	NOT-FOR-US: CA BrightStor Backup
CVE-2007-2771 (Stack-based buffer overflow in the LEAD Technologies LeadTools JPEG 20 ...)
	NOT-FOR-US: LeadTools JPEG 2000
CVE-2007-2770 (Stack-based buffer overflow in Eudora 7.1 allows user-assisted, remote ...)
	NOT-FOR-US: Eudora
CVE-2007-2769 (BES before 3.5.0 in OPeNDAP 4 (Hydrax) before 1.2.1 does not properly  ...)
	NOT-FOR-US: OPeNDAP
CVE-2007-2768 (OpenSSH, when using OPIE (One-Time Passwords in Everything) for PAM, a ...)
	- openssh <unfixed> (bug #436571; unimportant)
	[etch] - openssh <no-dsa> (Minor issue)
	[sarge] - openssh <no-dsa> (Minor issue)
	NOTE: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=112279
CVE-2007-2767 (Unspecified vulnerability in BES before 3.5.0 in OPeNDAP 4 (Hydrax) be ...)
	NOT-FOR-US: OPeNDAP
CVE-2007-2766 (lib/backup-methods.sh in Backup Manager before 0.7.6 provides the MySQ ...)
	- backup-manager 0.7.6-1 (low)
	[sarge] - backup-manager <no-dsa> (Minor issue)
	[etch] - backup-manager 0.7.5-5
CVE-2007-2765 (blockhosts.py in BlockHosts before 2.0.3 does not properly parse daemo ...)
	NOT-FOR-US: BlockHosts
CVE-2007-2764 (The embedded Linux kernel in certain Sun-Brocade SilkWorm switches bef ...)
	NOT-FOR-US: Sun-Brocade SilkWorm
CVE-2007-2763 (Buffer overflow in the UnlockSupport function in the LockModules subsy ...)
	NOT-FOR-US: Sienzo Digital Music Mentor ActiveX control
CVE-2007-2762 (Multiple PHP remote file inclusion vulnerabilities in Build it Fast (b ...)
	NOT-FOR-US: Build it Fast
CVE-2007-2761 (Stack-based buffer overflow in MagicISO 5.4 build 239 and earlier allo ...)
	NOT-FOR-US: MagicISO
CVE-2007-2760 (The canUpdate function in model/MRole.java in Adempiere before 3.1.6 d ...)
	NOT-FOR-US: Adempiere
CVE-2007-2759 (Multiple SQL injection vulnerabilities in the insert function in the V ...)
	NOT-FOR-US: Adempiere
CVE-2007-2758 (Multiple buffer overflows in WinImage 8.0.8000 allow user-assisted rem ...)
	NOT-FOR-US: WinImage
CVE-2007-2757 (Multiple cross-site scripting (XSS) vulnerabilities in Redoable 1.2 al ...)
	NOT-FOR-US: Redoable
CVE-2007-2756 (The gdPngReadData function in libgd 2.0.34 allows user-assisted attack ...)
	{DSA-1613-1}
	- libgd2 2.0.35.dfsg-1 (bug #426100; bug #426099; bug #425584; low)
	[etch] - libgd <no-dsa> (Minor issue)
	[sarge] - libgd <no-dsa> (Minor issue)
	[etch] - libgd2 <no-dsa> (Minor issue)
	[sarge] - libgd2 <no-dsa> (Minor issue)
	NOTE: https://web.archive.org/web/20090212193455/http://bugs.libgd.org/?do=details&task_id=86
CVE-2007-2755 (The PrecisionID Barcode 1.9 ActiveX control in PrecisionID_Barcode.dll ...)
	NOT-FOR-US: PrecisionID
CVE-2007-2754 (Integer signedness error in truetype/ttgload.c in Freetype 2.3.4 and e ...)
	{DSA-1334-1 DSA-1302-1}
	- freetype 2.2.1-6 (bug #425625)
	[sarge] - freetype 2.1.7-8
CVE-2007-2753 (RunawaySoft Haber portal 1.0 stores sensitive information under the we ...)
	NOT-FOR-US: RunawaySoft
CVE-2007-2752 (SQL injection vulnerability in devami.asp in RunawaySoft Haber portal  ...)
	NOT-FOR-US: RunawaySoft
CVE-2007-2751 (Multiple PHP remote file inclusion vulnerabilities in PHPGlossar 0.8 a ...)
	NOT-FOR-US: PHPGlossar
CVE-2007-2750 (SQL injection vulnerability in print.php in SimpNews 2.40.01 and earli ...)
	NOT-FOR-US: SimpNews
CVE-2007-2749 (SQL injection vulnerability in question.php in FAQEngine 4.16.03 and e ...)
	NOT-FOR-US: FAQEngine
CVE-2007-2748 (The substr_count function in PHP 5.2.1 and earlier allows context-depe ...)
	- php4 <not-affected> (Debian shipped the correct fix from the beginning)
	- php5 <not-affected> (Debian shipped the correct fix from the beginning)
CVE-2007-2747 (Directory traversal vulnerability in rdw_helpers.py in rdiffWeb before ...)
	NOT-FOR-US: rdiffWeb
CVE-2007-2746 (The viewList function in lib/WebGUI/Asset/Wobject/DataForm.pm in Plain ...)
	NOT-FOR-US: Plain Black WebGUI
CVE-2007-2745 (Cross-site scripting (XSS) vulnerability in printcal.pl in vDesk Webma ...)
	NOT-FOR-US: vDesk Webmail
CVE-2007-2744 (Stack-based buffer overflow in the PrecisionID Barcode 1.9 ActiveX con ...)
	NOT-FOR-US: PrecisionID
CVE-2007-2743 (PHP remote file inclusion vulnerability in custom_vars.php in GlossWor ...)
	NOT-FOR-US: GlossWord
CVE-2007-2742 (Unrestricted file upload vulnerability in labs.beffa.org w2box 4.0.0 B ...)
	NOT-FOR-US: w2box
CVE-2007-2741 (Stack-based buffer overflow in Little CMS (lcms) before 1.15 allows re ...)
	- lcms 1.15-1 (medium)
CVE-2007-2740 (Unspecified vulnerability in xajax before 0.2.5 has unknown impact and ...)
	- php-xajax 0.2.5-1 (bug #426103; unimportant)
	NOTE: This issue was created because of an upstream changelog entry, which however
	NOTE: was meant for the XSS, which is the general issue.
CVE-2007-2739 (Cross-site scripting (XSS) vulnerability in xajax before 0.2.5 allows  ...)
	{DSA-1692-1}
	- php-xajax 0.2.5-1 (bug #426103; low)
CVE-2007-2738 (SQL injection vulnerability in glossaire-p-f.php in the Glossaire 1.7  ...)
	NOT-FOR-US: Glossaire for Xoops
CVE-2007-2737 (SQL injection vulnerability in index.php in the MyConference 1.0 modul ...)
	NOT-FOR-US: MyConference for Xoops
CVE-2007-2736 (PHP remote file inclusion vulnerability in index.php in Achievo 1.1.0  ...)
	NOT-FOR-US: Achievo
CVE-2007-2735 (SQL injection vulnerability in edit_day.php in the ResManager 1.2.1 an ...)
	NOT-FOR-US: ResManager for Xoops
CVE-2007-2734 (The 3Com TippingPoint IPS do not properly handle certain full-width an ...)
	NOT-FOR-US: 3Com TippingPoint IPS
CVE-2007-2733 (Unrestricted file upload vulnerability in Jetbox CMS allows remote aut ...)
	NOT-FOR-US: Jetbox CMS
CVE-2007-2732 (Multiple cross-site scripting (XSS) vulnerabilities in Jetbox CMS allo ...)
	NOT-FOR-US: Jetbox CMS
CVE-2007-2731 (CRLF injection vulnerability in formmail.php in Jetbox CMS 2.1 might a ...)
	NOT-FOR-US: Jetbox CMS
CVE-2007-2730 (Check Point ZoneAlarm Pro before 6.5.737.000 does not properly test fo ...)
	NOT-FOR-US: Check Point Zone Labs ZoneAlarm Internet Security Suite
CVE-2007-2729 (Comodo Firewall Pro 2.4.18.184 and Comodo Personal Firewall 2.3.6.81,  ...)
	NOT-FOR-US: Comodo Personal Firewall
CVE-2007-2728 (The soap extension in PHP calls php_rand_r with an uninitialized seed  ...)
	- php5 5.2.3-1 (low)
	[etch] - php5 <not-affected> (Version from 5.2.0 correctly uses rand())
	- php4 <not-affected> (no soap functions in php4)
CVE-2007-2727 (The mcrypt_create_iv function in ext/mcrypt/mcrypt.c in PHP before 4.4 ...)
	[etch] - php5 <not-affected> (Version from 5.2.0 correctly uses rand())
	- php5 5.2.2-1 (low)
	NOTE: Code not present in PHP 4.
CVE-2007-2726 (BitsCast 0.13.0 allows remote attackers to cause a denial of service ( ...)
	NOT-FOR-US: BitsCast
CVE-2007-2725 (The DB Software Laboratory DeWizardX (DEWizardAX.ocx) ActiveX control  ...)
	NOT-FOR-US: DeWizardX
CVE-2007-2724 (Cross-site scripting (XSS) vulnerability in all_photos.html in fotolog ...)
	NOT-FOR-US: fotolog
CVE-2007-2723 (Media Player Classic 6.4.9.0 allows user-assisted remote attackers to  ...)
	NOT-FOR-US: guliverkli Media Player Classic
CVE-2007-2722 (Unspecified vulnerability in NewzCrawler 1.8 allows remote attackers t ...)
	NOT-FOR-US: NewzCrawler
CVE-2007-2721 (The jpc_qcx_getcompparms function in jpc/jpc_cs.c for the JasPer JPEG- ...)
	{DSA-2036-1}
	- jasper 1.900.1-6 (medium; bug #413033; bug #528543)
	NOTE: Jasper was initially fixed in 1.900.1-3, but the fix got dropped later, see #528543
	- ghostscript 8.61.dfsg.1~svn8187-1.1 (medium; bug #447188)
	- gs-gpl <removed> (medium; bug #561717)
	NOTE: see http://ghostscript.com/pipermail/gs-cvs/2007-October/007877.html
CVE-2007-2720 (Group-Office before 2.16-13 does not properly validate user IDs, which ...)
	NOT-FOR-US: Group-Office
CVE-2007-2719 (Session fixation vulnerability in HP Systems Insight Manager (SIM) 4.2 ...)
	NOT-FOR-US: HP Systems Insight Manager
CVE-2007-2718 (Cross-site scripting (XSS) vulnerability in the WebMail system in Stal ...)
	NOT-FOR-US: Stalker CommuniGate Pro
CVE-2007-2717 (SQL injection vulnerability in shop/page.php in iGeneric (iG) Shop 1.4 ...)
	NOT-FOR-US: iGeneric (iG) Shop
CVE-2007-2716 (Multiple cross-site scripting (XSS) vulnerabilities in EQdkp 1.3.2c an ...)
	NOT-FOR-US: EQdkp
CVE-2007-2715 (Admin/users.php in Snaps! Gallery 1.4.4 allows remote attackers to cha ...)
	NOT-FOR-US: Snaps! Gallery
CVE-2007-2714 (Unspecified vulnerability in akismet.php in Matt Mullenweg Akismet bef ...)
	- wordpress 2.2-1
	NOTE: See http://plugins.trac.wordpress.org/changeset/12812/akismet/trunk/akismet.php
CVE-2007-2713 (ifdate 2.x sends a redirect to the web browser but does not exit when  ...)
	NOT-FOR-US: iFdate
CVE-2007-2712 (Unspecified vulnerability in MH Software Connect Daily before 3.3.3 ha ...)
	NOT-FOR-US: MH Software Connect Daily Web Calendar
CVE-2007-2711 (Stack-based buffer overflow in TinyIdentD 2.2 and earlier allows remot ...)
	NOT-FOR-US: TinyIdentD
CVE-2007-2710 (PHP remote file inclusion vulnerability in functions/prepend_adm.php i ...)
	NOT-FOR-US: NagiosQL
CVE-2007-2709 (PHP remote file inclusion vulnerability in functions/prepend_adm.php i ...)
	NOT-FOR-US: NagiosQL
CVE-2007-2708 (PHP remote file inclusion vulnerability in newsadmin.php in Feindt Com ...)
	NOT-FOR-US: News-Script
CVE-2007-2707 (PHP remote file inclusion vulnerability in linksnet_linkslog_rss.php i ...)
	NOT-FOR-US: Linksnet Newsfeed
CVE-2007-2706 (PHP remote file inclusion vulnerability in maint/ftpmedia.php in Media ...)
	NOT-FOR-US: Geeklog
CVE-2007-2705 (Directory traversal vulnerability in the Test View Console in BEA WebL ...)
	NOT-FOR-US: BEA WebLogic Integration
CVE-2007-2704 (BEA WebLogic Server 9.0 through 9.2 allows remote attackers to cause a ...)
	NOT-FOR-US: BEA WebLogic Server
CVE-2007-2703 (BEA WebLogic Portal 9.2 GA can corrupt a visitor entitlements role if  ...)
	NOT-FOR-US: BEA WebLogic Portal
CVE-2007-2702 (Cross-site scripting (XSS) vulnerability in the GroupSpace application ...)
	NOT-FOR-US: BEA WebLogic Portal
CVE-2007-2701 (The JMS Message Bridge in BEA WebLogic Server 7.0 through SP7 and 8.1  ...)
	NOT-FOR-US: BEA WebLogic
CVE-2007-2700 (The WLST script generated by the configToScript command in BEA WebLogi ...)
	NOT-FOR-US: BEA WebLogic
CVE-2007-2699 (The Administration Console in BEA WebLogic Express and WebLogic Server ...)
	NOT-FOR-US: BEA WebLogic
CVE-2007-2698 (The Administration Console in BEA WebLogic Server 9.0 may show plainte ...)
	NOT-FOR-US: BEA WebLogic
CVE-2007-2697 (The embedded LDAP server in BEA WebLogic Express and WebLogic Server 7 ...)
	NOT-FOR-US: BEA WebLogic
CVE-2007-2696 (The JMS Server in BEA WebLogic Server 6.1 through SP7, 7.0 through SP6 ...)
	NOT-FOR-US: BEA WebLogic
CVE-2007-2695 (The HttpClusterServlet and HttpProxyServlet in BEA WebLogic Express an ...)
	NOT-FOR-US: BEA WebLogic
CVE-2007-2694 (Multiple cross-site scripting (XSS) vulnerabilities in BEA WebLogic Ex ...)
	NOT-FOR-US: BEA WebLogic
CVE-2007-2693 (MySQL before 5.1.18 allows remote authenticated users without SELECT p ...)
	- mysql-dfsg-5.0 <not-affected> (Only MySQL 5.1 affected)
	[sarge] - mysql-dfsg-4.1 <not-affected> (Only MySQL 5.1 affected)
	[sarge] - mysql-dfsg <not-affected> (Only MySQL 5.1 affected)
CVE-2007-2692 (The mysql_change_db function in MySQL 5.0.x before 5.0.40 and 5.1.x be ...)
	{DSA-1413-1}
	- mysql-dfsg-5.0 5.0.42 (bug #424778)
	[sarge] - mysql-dfsg-4.1 <not-affected> (Vulnerable functionality not implemented)
	[sarge] - mysql-dfsg <not-affected> (Vulnerable functionality not implemented)
	NOTE: http://bugs.mysql.com/bug.php?id=28499
CVE-2007-2691 (MySQL before 4.1.23, 5.0.x before 5.0.42, and 5.1.x before 5.1.18 does ...)
	{DSA-1413-1}
	- mysql-dfsg-5.0 5.0.41a-1 (bug #424778; bug #424830)
CVE-2007-2690 (Multiple IBM ISS Proventia Series products, including the A, G, and M  ...)
	NOT-FOR-US: ISS
CVE-2007-2689 (Check Point Web Intelligence does not properly handle certain full-wid ...)
	NOT-FOR-US: Check Point
CVE-2007-2688 (The Cisco Intrusion Prevention System (IPS) and IOS with Firewall/IPS  ...)
	NOT-FOR-US: Cisco
CVE-2007-2687 (Stack-based buffer overflow in the MicroWorld Agent service (MWAGENT.E ...)
	NOT-FOR-US: MicroWorld
CVE-2007-2686 (Cross-site scripting (XSS) vulnerability in index.php in Jetbox CMS 2. ...)
	NOT-FOR-US: Jetbox CMS
CVE-2007-2685 (Multiple SQL injection vulnerabilities in index.php in Jetbox CMS 2.1  ...)
	NOT-FOR-US: Jetbox CMS
CVE-2007-2684 (Jetbox CMS 2.1 allows remote attackers to obtain sensitive information ...)
	NOT-FOR-US: Jetbox CMS
CVE-2007-2683 (Buffer overflow in Mutt 1.4.2 might allow local users to execute arbit ...)
	- mutt 1.5.15+20070608-1 (low; bug #426116)
	[etch] - mutt <no-dsa> (Minor issue, hardly exploitable)
	[sarge] - mutt <no-dsa> (Minor issue, hardly exploitable)
CVE-2007-2682 (The installer for Adobe Version Cue CS3 Server on Apple Mac OS X, as u ...)
	NOT-FOR-US: Adobe
CVE-2007-2681 (Directory traversal vulnerability in blogs/index.php in b2evolution 1. ...)
	- b2evolution <unfixed> (unimportant)
	NOTE: This is a register_globals=on issue.
	NOTE: More than just blogs/index.php is affected (that file isn't
	NOTE: installed by the Debian package).
CVE-2007-2680 (Cross-site scripting (XSS) vulnerability in the management interface i ...)
	NOT-FOR-US: Canon
CVE-2007-2679 (PHP file inclusion vulnerability in index.php in Ivan Peevski gallery  ...)
	NOT-FOR-US: Simple PHP Scripts
CVE-2007-2678 (Buffer overflow in the isChecked function in toolbar.dll in Netsprint  ...)
	NOT-FOR-US: Netsprint
CVE-2007-2677 (Multiple PHP remote file inclusion vulnerabilities in phpChess Communi ...)
	NOT-FOR-US: phpChess
CVE-2007-2676 (PHP remote file inclusion vulnerability in skins/header.php in Open Tr ...)
	NOT-FOR-US: Open Translation Engine
CVE-2007-2675 (SQL injection vulnerability in search.php in Pre Classifieds Listings  ...)
	NOT-FOR-US: Pre Classifieds Listings
CVE-2007-2674 (SQL injection vulnerability in detail.php in Pre Shopping Mall 1.0 all ...)
	NOT-FOR-US: Pre Shopping Mall
CVE-2007-2673 (SQL injection vulnerability in includes/funcs_vendors.php in Censura 1 ...)
	NOT-FOR-US: Censura
CVE-2007-2672 (SQL injection vulnerability in index.php in PHP Coupon Script 3.0 allo ...)
	NOT-FOR-US: PHP Coupon Script
CVE-2007-2671 (Mozilla Firefox 2.0.0.3 allows remote attackers to cause a denial of s ...)
	- iceweasel <removed> (unimportant)
	NOTE: Browser crashes not treated as security problems
CVE-2007-2670 (PHPChain 1.0 and earlier allows remote attackers to obtain the install ...)
	NOT-FOR-US: PHPChain
CVE-2007-2669 (Multiple cross-site scripting (XSS) vulnerabilities in PHPChain 1.0 an ...)
	NOT-FOR-US: PHPChain
CVE-2007-2668 (Buffer overflow in webdesproxy 0.0.1 allows remote attackers to execut ...)
	NOT-FOR-US: webdesproxy
CVE-2007-2667 (Buffer overflow in the DB Software Laboratory VImpX ActiveX control in ...)
	NOT-FOR-US: VImpX
CVE-2007-2666 (Stack-based buffer overflow in LexRuby.cxx (SciLexer.dll) in Scintilla ...)
	NOT-FOR-US: notepad++
CVE-2007-2665 (PHP remote file inclusion vulnerability in block.php in PhpFirstPost 0 ...)
	NOT-FOR-US: PhpFirstPost
CVE-2007-2664 (PHP remote file inclusion vulnerability in includes/common.php in Yaap ...)
	NOT-FOR-US: Yaap
CVE-2007-2663 (PHP remote file inclusion vulnerability in language/1/splash.lang.php  ...)
	NOT-FOR-US: Beacon
CVE-2007-2662 (SQL injection vulnerability in EfesTECH Haber 5.0 allows remote attack ...)
	NOT-FOR-US: EfesTECH
CVE-2007-2661 (SQL injection vulnerability in archshow.asp in BlogMe 3.0 allows remot ...)
	NOT-FOR-US: BlogMe
CVE-2007-2660
	NOT-FOR-US: PhpConcept
CVE-2007-2659 (Directory traversal vulnerability in index.php in PHP Advanced Transfe ...)
	NOT-FOR-US: PHP Advanced Transfer Manager (phpATM)
CVE-2007-2658 (Unspecified vulnerability in the ID Automation Linear Barcode 1.6.0.5  ...)
	NOT-FOR-US: ID Automation
CVE-2007-2657 (Unspecified vulnerability in the PrecisionID Barcode 1.3 ActiveX contr ...)
	NOT-FOR-US: PrecisionID
CVE-2007-2656 (Stack-based buffer overflow in the Hewlett-Packard (HP) Magview Active ...)
	NOT-FOR-US: HP
CVE-2007-2655 (Unspecified vulnerability in NetWin Webmail 3.1s-1 in SurgeMail before ...)
	NOT-FOR-US: NetWin
CVE-2007-2654 (xfs_fsr in xfsdump creates a .fsr temporary directory with insecure pe ...)
	- xfsdump 2.2.45-1 (bug #417894; low)
	[etch] - xfsdump <no-dsa> (Minor issue)
CVE-2007-2653
	REJECTED
CVE-2007-2652 (Multiple unspecified vulnerabilities in Free-SA before 1.2.2 allow rem ...)
	NOT-FOR-US: Free-SA
CVE-2007-2651 (Multiple off-by-one errors in VooDoo cIRCle before 1.1.beta27 allow re ...)
	NOT-FOR-US: VooDoo cIRCle
CVE-2007-2650 (The OLE2 parser in Clam AntiVirus (ClamAV) allows remote attackers to  ...)
	{DSA-1320-1 DTSA-43-1}
	- clamav 0.90.2-1
CVE-2007-2649 (Deutsche Telekom (T-com) Speedport W 700v uses JavaScript delays for i ...)
	NOT-FOR-US: Speedport W 700v
CVE-2007-2648 (Stack-based buffer overflow in the Clever Database Comparer 2.2 Active ...)
	NOT-FOR-US: Clever Database Comparer
CVE-2007-2647 (Static code injection vulnerability in admin/admin_configuration.php i ...)
	NOT-FOR-US: MonAlbum
CVE-2007-2646 (Heap-based buffer overflow in yEnc32 1.0.7.207 allows user-assisted re ...)
	NOT-FOR-US: yEnc32
CVE-2007-2645 (Integer overflow in the exif_data_load_data_entry function in exif-dat ...)
	{DSA-1487-1}
	- libexif 0.6.15-1 (bug #424775)
CVE-2007-2644 (A certain ActiveX control in Morovia Barcode ActiveX Professional 3.3. ...)
	NOT-FOR-US: Morovia
CVE-2007-2643 (Directory traversal vulnerability in phpThumb.php in PinkCrow Designs  ...)
	NOT-FOR-US: maGAZIn
CVE-2007-2642 (Directory traversal vulnerability in galeria.php in R2K Gallery 1.7 al ...)
	NOT-FOR-US: R2K Gallery
CVE-2007-2641 (SQL injection vulnerability in W1L3D4_bolum.asp in W1L3D4 Philboard 0. ...)
	NOT-FOR-US: W1L3D4
CVE-2007-2640 (LibTMCG before 1.1.1 does not perform a range check to avoid "trivial  ...)
	NOT-FOR-US: LibTMCG
CVE-2007-2639 (Directory traversal vulnerability in TFTPdWin 0.4.2 allows remote atta ...)
	NOT-FOR-US: TFTPDWIN
CVE-2007-2638 (eFileCabinet 3.3 allows remote attackers to bypass authentication and  ...)
	NOT-FOR-US: eFileCabinet
CVE-2007-2637 (MoinMoin before 20070507 does not properly enforce ACLs for calendars  ...)
	{DSA-1514-1}
	- moin 1.5.7-2 (low)
CVE-2007-2636 (Unspecified vulnerability in phpTodo before 0.8.1 allows remote attack ...)
	NOT-FOR-US: phpTodo
CVE-2007-2635 (Unspecified vulnerability in Interchange before 5.4.2 allows remote at ...)
	- interchange 5.4.2-1 (low)
CVE-2007-2634 (PHP remote file inclusion vulnerability in common/errormsg.php in aFor ...)
	NOT-FOR-US: aForum
CVE-2007-2633 (Directory traversal vulnerability in H-Sphere SiteStudio 1.6 allows re ...)
	NOT-FOR-US: H-Sphere
CVE-2007-2632 (Multiple cross-site scripting (XSS) vulnerabilities in PHP Multi User  ...)
	NOT-FOR-US: phpMUR
CVE-2007-2631 (Cross-site request forgery (CSRF) vulnerability in SquirrelMail 1.4.8- ...)
	NOTE: Duplicate of CVE-2007-2589
CVE-2007-2630 (Incomplete blacklist vulnerability in filemanager/browser/default/conn ...)
	- moin 1.5.8-4.1 (unimportant)
	- karrigell <not-affected> (Vulnerable php code not present)
	- knowledgeroot 0.9.8.2-2 (unimportant)
CVE-2007-2629 (Bradford CampusManager Network Control Application Server 3.1(6) allow ...)
	NOT-FOR-US: Bradford
CVE-2007-2628 (PHP remote file inclusion vulnerability in include/logout.php in Justi ...)
	NOT-FOR-US: PHPSecurityAdmin
CVE-2007-2627 (Cross-site scripting (XSS) vulnerability in sidebar.php in WordPress,  ...)
	- wordpress 2.2.2-1 (low)
	[etch] - wordpress <not-affected> (Vulnerable code not present)
CVE-2007-2626
	NOT-FOR-US: SchoolBoard
CVE-2007-2625 (Cross-site scripting (XSS) vulnerability in shared/code/cp_authorizati ...)
	NOT-FOR-US: All In One Control Panel (AIOCP)
CVE-2007-2624 (Dynamic variable evaluation vulnerability in shared/config/cp_config.p ...)
	NOT-FOR-US: All In One Control Panel (AIOCP)
CVE-2007-2623 (Multiple buffer overflows in RControl.dll in Remote Display Dev kit 1. ...)
	NOT-FOR-US: Remote Display Dev kit
CVE-2007-2622 (Multiple SQL injection vulnerabilities in TaskDriver 1.2 and earlier a ...)
	NOT-FOR-US: TaskDriver
CVE-2007-2621 (SQL injection vulnerability in event_view.php in Thyme Calendar 1.3 al ...)
	NOT-FOR-US: Thyme Calendar
CVE-2007-2620 (PHP remote file inclusion vulnerability in inc/config.inc.php in Jakub ...)
	NOT-FOR-US: Jakub Steiner (aka jimmac) original
CVE-2007-2619 (Symantec pcAnywhere 11.5.x and 12.0.x retains unencrypted login creden ...)
	NOT-FOR-US: Symantec pcAnywhere
CVE-2007-2618 (CRLF injection vulnerability in index.php in Drake CMS 0.4.0 allows re ...)
	NOT-FOR-US: Drake CMS
CVE-2007-2617 (srsexec in Sun Remote Services (SRS) Net Connect Software Proxy Core p ...)
	NOT-FOR-US: Sun Solaris
CVE-2007-2616 (Stack-based buffer overflow in the SSL version of the NMDMC.EXE servic ...)
	NOT-FOR-US: Novell NetMail
CVE-2007-2615 (Multiple PHP remote file inclusion vulnerabilities in Crie seu PHPLoja ...)
	NOT-FOR-US: PHPLojaFacil
CVE-2007-2614 (PHP remote file inclusion vulnerability in examples/widget8.php in php ...)
	NOT-FOR-US: phpHtmlLib
CVE-2007-2613 (WikkaWiki (Wikka Wiki) before 1.1.6.3 allows attackers in a shared vir ...)
	NOT-FOR-US: WikkaWiki
CVE-2007-2612 (SQL injection vulnerability in libs/Wakka.class.php in WikkaWiki (Wikk ...)
	NOT-FOR-US: WikkaWiki
CVE-2007-2611 (Multiple PHP remote file inclusion vulnerabilities in CGX 20050314 all ...)
	NOT-FOR-US: CGX
CVE-2007-2610 (Cross-site scripting (XSS) vulnerability in OpenLD before 1.1.9, and 1 ...)
	NOT-FOR-US: OpenLD
CVE-2007-2609 (Multiple PHP remote file inclusion vulnerabilities in gnuedu 1.3b2 all ...)
	NOT-FOR-US: gnuedu
CVE-2007-2608 (PHP remote file inclusion vulnerability in lib/smarty/SmartyFU.class.p ...)
	NOT-FOR-US: Miplex2
CVE-2007-2607 (PHP remote file inclusion vulnerability in views/print/printbar.php in ...)
	NOT-FOR-US: LaVague
CVE-2007-2606 (Multiple buffer overflows in Firebird 2.1 allow attackers to trigger m ...)
	{DSA-1529-1}
	- firebird2.0 2.0.3.12981.ds1-1 (low; bug #444976)
	[etch] - firebird2 <no-dsa> (Fixed packages have been released through backports.org, see #1529)
	[sarge] - firebird2 <unfixed> (low)
	NOTE: Minor issue, because conffile is restricted
CVE-2007-2605 (Unspecified vulnerability in the GetPropertyById function in ISoftomat ...)
	NOT-FOR-US: Brujula Toolbar
CVE-2007-2604 (Unspecified vulnerability in the FlexLabel ActiveX control allows remo ...)
	NOT-FOR-US: FlexLabel
CVE-2007-2603 (Unspecified vulnerability in the Init function in the Audio CD Ripper  ...)
	NOT-FOR-US: Audio CD Ripper
CVE-2007-2602 (Buffer overflow in MIBEXTRA.EXE in Ipswitch WhatsUp Gold 11 allows att ...)
	NOT-FOR-US: Ipswitch WhatsUp
CVE-2007-2601 (Buffer overflow in a certain ActiveX control in the GDivX Zenith Playe ...)
	NOT-FOR-US: GDivX Zenith Player
CVE-2007-2600 (Multiple cross-site scripting (XSS) vulnerabilities in TutorialCMS (ak ...)
	NOT-FOR-US: TutorialCMS
CVE-2007-2599 (Multiple SQL injection vulnerabilities in TutorialCMS (aka Photoshop T ...)
	NOT-FOR-US: TutorialCMS
CVE-2007-2598 (SQL injection vulnerability in print.php in SimpleNews 1.0.0 FINAL all ...)
	NOT-FOR-US: PHP SimpleNEWS
CVE-2007-2597 (Multiple PHP remote file inclusion vulnerabilities in telltarget CMS 1 ...)
	NOT-FOR-US: telltarget CMS
CVE-2007-2596 (PHP remote file inclusion vulnerability in common/func.php in aForum 1 ...)
	NOT-FOR-US: aForum
CVE-2007-2595 (RSAuction 2.73.1.3 allows remote authenticated users to move their own ...)
	NOT-FOR-US: RSAuction
CVE-2007-2594 (PHP remote file inclusion vulnerability in inc/articles.inc.php in php ...)
	NOT-FOR-US: phpMyPortal
CVE-2007-2593 (The Terminal Server in Microsoft Windows 2003 Server, when using TLS,  ...)
	NOT-FOR-US: Microsoft
CVE-2007-2592 (Multiple cross-site scripting (XSS) vulnerabilities in Nokia Intellisy ...)
	NOT-FOR-US: Nokia
CVE-2007-2591 (usrmgr/userList.asp in Nokia Intellisync Mobile Suite 6.4.31.2, 6.6.0. ...)
	NOT-FOR-US: Nokia
CVE-2007-2590 (Nokia Intellisync Mobile Suite 6.4.31.2, 6.6.0.107, and 6.6.2.2, possi ...)
	NOT-FOR-US: Nokia
CVE-2007-2589 (Cross-site request forgery (CSRF) vulnerability in compose.php in Squi ...)
	{DSA-1290-1}
	- squirrelmail 2:1.4.10a-1 (low)
	NOTE: CVE id has later been assigned to a part of this issue
CVE-2007-2588 (Multiple buffer overflows in the Office Viewer OCX ActiveX control (oa ...)
	NOT-FOR-US: Office Viewer OCX ActiveX
CVE-2007-2587 (The IOS FTP Server in Cisco IOS 11.3 through 12.4 allows remote authen ...)
	NOT-FOR-US: Cisco
CVE-2007-2586 (The FTP Server in Cisco IOS 11.3 through 12.4 does not properly check  ...)
	NOT-FOR-US: Cisco
CVE-2007-2585 (Stack-based buffer overflow in the Verify function in the BarCodeWiz A ...)
	NOT-FOR-US: BarCodeWiz ActiveX control
CVE-2007-2584 (Buffer overflow in the IsOldAppInstalled function in the McSubMgr.McSu ...)
	NOT-FOR-US: Subscription Manager ActiveX control
CVE-2007-2583 (The in_decimal::set function in item_cmpfunc.cc in MySQL before 5.0.40 ...)
	{DSA-1413-1}
	- mysql-dfsg-5.0 5.0.41-1 (low; bug #426353)
	[sarge] - mysql-dfsg <not-affected> (Vulnerable functionality not implemented)
	NOTE: [sarge] Not affected, test case doesn't crash the daemon
CVE-2007-2582 (Multiple buffer overflows in the DB2 JDBC Applet Server (DB2JDS) servi ...)
	NOT-FOR-US: IBM DB2
CVE-2007-2581 (Multiple cross-site scripting (XSS) vulnerabilities in Microsoft Windo ...)
	NOT-FOR-US: Microsoft
CVE-2007-2580 (Unspecified vulnerability in Apple Safari allows local users to obtain ...)
	NOT-FOR-US: Safari
CVE-2007-2579 (Multiple cross-site scripting (XSS) vulnerabilities in ACP3 4.0 beta 3 ...)
	NOT-FOR-US: ACP3
CVE-2007-2578 (Unspecified vulnerability in search/list/action_search/index.php in AC ...)
	NOT-FOR-US: ACP3
CVE-2007-2577 (Multiple SQL injection vulnerabilities in ACP3 4.0 beta 3 allow remote ...)
	NOT-FOR-US: ACP3
CVE-2007-2576 (Buffer overflow in the East Wind Software advdaudio.ocx 1.5.1.1 Active ...)
	NOT-FOR-US: advdaudio.ocx ActiveX control
CVE-2007-2575 (PHP remote file inclusion vulnerability in watermark.php in the vm (ak ...)
	NOT-FOR-US: vm watermark 0.4.1 mod for Gallery
CVE-2007-2574 (Directory traversal vulnerability in index.php in Archangel Weblog 0.9 ...)
	NOT-FOR-US: Archangel Weblog
CVE-2007-2573 (PHP remote file inclusion vulnerability in plugin/HP_DEV/cms2.php in P ...)
	NOT-FOR-US: PHPtree
CVE-2007-2572 (PHP remote file inclusion vulnerability in modules/noevents/templates/ ...)
	NOT-FOR-US: NoAh (aka PHP Content Architect, phparch)
CVE-2007-2571 (SQL injection vulnerability in index.php in the wfquotes 1.0 0 module  ...)
	NOT-FOR-US: wfquotes module for XOOPS
CVE-2007-2570 (PHP remote file inclusion vulnerability in handlers/page/show.php in W ...)
	NOT-FOR-US: Wikivi5
CVE-2007-2569 (Multiple PHP remote file inclusion vulnerabilities in Friendly 1.0d1 a ...)
	NOT-FOR-US: Friendly
CVE-2007-2568 (Multiple stack-based buffer overflows in VCDGear 3.55 allow user-assis ...)
	NOT-FOR-US: VCDGear
CVE-2007-2567 (Buffer overflow in the SaveBarCode function in the Taltech Tal Bar Cod ...)
	NOT-FOR-US: Taltech Tal Bar Code ActiveX control
CVE-2007-2566 (The SaveBarCode function in the Taltech Tal Bar Code ActiveX control a ...)
	NOT-FOR-US: Taltech Tal Bar Code ActiveX control
CVE-2007-2565 (Cdelia Software ImageProcessing allows user-assisted remote attackers  ...)
	NOT-FOR-US: Cdelia Software ImageProcessing
CVE-2007-2564 (Multiple stack-based buffer overflows in the Sienzo Digital Music Ment ...)
	NOT-FOR-US: Sienzo Digital Music Mentor ActiveX control
CVE-2007-2563 (Buffer overflow in the AddFile function in VersalSoft HTTP File Upload ...)
	NOT-FOR-US: VersalSoft HTTP File Upload ActiveX control
CVE-2007-2562 (Cross-site scripting (XSS) vulnerability in index.php in Kayako eSuppo ...)
	NOT-FOR-US: Kayako eSupport
CVE-2007-2561 (SQL injection vulnerability in index.asp in fipsCMS 2.1 allows remote  ...)
	NOT-FOR-US: fipsCMS
CVE-2007-2560 (Directory traversal vulnerability in theme/acgv.php in ACGVannu 1.3 an ...)
	NOT-FOR-US: ACGVannu
CVE-2007-2559 (Multiple PHP remote file inclusion vulnerabilities in american cart 3. ...)
	NOT-FOR-US: american cart
CVE-2007-2558
	NOT-FOR-US: pfa CMS
CVE-2007-2557 (MOStlyDB Admin in Mambo 4.6.1 does not properly check privileges, whic ...)
	NOT-FOR-US: Mambo
CVE-2007-2556 (SQL injection vulnerability in Nuked-klaN 1.7.6 allows remote attacker ...)
	NOT-FOR-US: Nuked-klaN
CVE-2007-2555 (Unspecified vulnerability in Default.aspx in Podium CMS allows remote  ...)
	NOT-FOR-US: Podium CMS
CVE-2007-2554 (Associated Press (AP) Newspower 4.0.1 and earlier uses a default blank ...)
	NOT-FOR-US: Newspower
CVE-2007-2553 (Unspecified vulnerability in dop in HP Tru64 UNIX 5.1B-4, 5.1B-3, and  ...)
	NOT-FOR-US: HP Tru64 UNIX
CVE-2007-2552 (The RecentChanges feature in WikkaWiki (Wikka Wiki) before 1.1.6.3 all ...)
	NOT-FOR-US: WikkaWiki
CVE-2007-2551 (Cross-site scripting (XSS) vulnerability in usersettings.php in WikkaW ...)
	NOT-FOR-US: WikkaWiki
CVE-2007-2550 (Multiple CRLF injection vulnerabilities in Devellion CubeCart 3.0.15 a ...)
	NOT-FOR-US: CubeCart
CVE-2007-2549 (SQL injection vulnerability in index.php in TurnkeyWebTools SunShop Sh ...)
	NOT-FOR-US: TurnkeyWebTools
CVE-2007-2548 (Unspecified vulnerability in index.php in TurnkeyWebTools SunShop Shop ...)
	NOT-FOR-US: TurnkeyWebTools
CVE-2007-2547 (Cross-site scripting (XSS) vulnerability in index.php in TurnkeyWebToo ...)
	NOT-FOR-US: TurnkeyWebTools
CVE-2007-2546 (Session fixation vulnerability in Simple Machines Forum (SMF) 1.1.2 an ...)
	NOT-FOR-US: SMF
CVE-2007-2545 (Multiple PHP remote file inclusion vulnerabilities in Persism CMS 0.9. ...)
	NOT-FOR-US: Persism
CVE-2007-2544 (PHP remote file inclusion vulnerability in templates/default/tpl_messa ...)
	NOT-FOR-US: TopTree BBS
CVE-2007-2543 (SQL injection vulnerability in game.php in the Flashgames 1.0.1 module ...)
	NOT-FOR-US: XOOPS
CVE-2007-2542 (PHP remote file inclusion vulnerability in header.php in workbench sur ...)
	NOT-FOR-US: workbench survival guide
CVE-2007-2541 (PHP remote file inclusion vulnerability in includes/ajax_listado.php i ...)
	NOT-FOR-US: Versado
CVE-2007-2540 (Multiple PHP remote file inclusion vulnerabilities in PMECMS 1.0 and e ...)
	NOT-FOR-US: PMECMS
CVE-2007-2539 (The show_files function in RunCms 1.5.2 and earlier allows remote atta ...)
	NOT-FOR-US: RunCms
CVE-2007-2538 (SQL injection vulnerability in class/debug/debug_show.php in RunCms 1. ...)
	NOT-FOR-US: RunCms
CVE-2007-2537 (Multiple SQL injection vulnerabilities in mainfile.php in NPDS 5.10 an ...)
	NOT-FOR-US: NPDS
CVE-2007-2536 (PicoZip allows remote attackers to cause a denial of service (infinite ...)
	NOT-FOR-US: Picozip
CVE-2007-2535 (WinAce allows remote attackers to cause a denial of service (infinite  ...)
	NOT-FOR-US: WinAce
CVE-2007-2534
	NOT-FOR-US: phpHoo3
CVE-2007-2533 (Multiple buffer overflows in Trend Micro ServerProtect 5.58 before Sec ...)
	NOT-FOR-US: Trend Micro ServerProtect
CVE-2007-2532 (Multiple cross-site scripting (XSS) vulnerabilities in Minh Nguyen Duo ...)
	NOT-FOR-US: Minh Nguyen Duong Obie Website Mini Web Shop
CVE-2007-2531 (PHP remote file inclusion vulnerability in berylium-classes.php in Ber ...)
	NOT-FOR-US: Berylium2
CVE-2007-2530 (Multiple PHP remote file inclusion vulnerabilities in Tropicalm Crowel ...)
	NOT-FOR-US: Tropicalm
CVE-2007-2529 (Integer signedness error in the acl (facl) system call in Solaris 10 b ...)
	NOT-FOR-US: Solaris 10
CVE-2007-2528 (Buffer overflow in AgRpcCln.dll for Trend Micro ServerProtect 5.58 for ...)
	NOT-FOR-US: Trend Micro ServerProtect
CVE-2007-2527 (Multiple PHP remote file inclusion vulnerabilities in DynamicPAD befor ...)
	NOT-FOR-US: DynamicPAD
CVE-2007-2526 (Heap-based buffer overflow in the ConnectAsyncEx function in VNC Viewe ...)
	NOT-FOR-US: VNC Viewer ActiveX control
CVE-2007-2525 (Memory leak in the PPP over Ethernet (PPPoE) socket implementation in  ...)
	{DSA-1503-2 DSA-1504-1 DSA-1503-1 DSA-1356-1}
	- linux-2.6 2.6.22-1
	NOTE: Fixed in commit 202a03acf9994076055df40ae093a5c5474ad0bd in
	NOTE: Linus' tree.
CVE-2007-2524 (Cross-site scripting (XSS) vulnerability in index.pl in Open Ticket Re ...)
	{DSA-1298-1}
	- otrs2 2.1.1-1 (bug #423524)
	NOTE: 2.1 and 2.2 are not affected, so recording earliest 2.1 version as fix
CVE-2007-2523 (CA Anti-Virus for the Enterprise r8 and Threat Manager r8 before 20070 ...)
	NOT-FOR-US: CA Anti-Virus
CVE-2007-2522 (Stack-based buffer overflow in the inoweb Console Server in CA Anti-Vi ...)
	NOT-FOR-US: CA Anti-Virus
CVE-2007-2521 (PHP remote file inclusion vulnerability in common.php in E-GADS! befor ...)
	NOT-FOR-US: E-GADS!
CVE-2007-2520 (SQL injection vulnerability in admin.php in MyNews 0.10, when magic_qu ...)
	NOT-FOR-US: MyNews
CVE-2007-2519 (Directory traversal vulnerability in the installer in PEAR 1.0 through ...)
	- php5 5.2.3-1 (unimportant; bug #441433)
	- php4 <removed> (unimportant)
	NOTE: The installation of the PEAR needs to be trusted anyway, this doesn't
	NOTE: cross trust boundaries
CVE-2007-2518
	REJECTED
CVE-2007-2517
	RESERVED
CVE-2007-2516
	RESERVED
CVE-2007-2515
	RESERVED
CVE-2007-2514 (Stack-based buffer overflow in XferWan.exe as used in multiple product ...)
	NOT-FOR-US: Symantec
CVE-2007-2513 (Novell GroupWise 7 before SP2 20070524, and GroupWise 6 before 6.5 pos ...)
	NOT-FOR-US: Novell GroupWise
CVE-2007-2512 (Alcatel-Lucent IP-Touch Telephone running OmniPCX Enterprise 7.0 and l ...)
	NOT-FOR-US: Alcatel-Lucent
CVE-2007-2511 (Buffer overflow in the user_filter_factory_create function in PHP befo ...)
	{DTSA-39-1}
	- php5 5.2.2-1
	NOTE: Only triggerable by malicious script
CVE-2007-2510 (Buffer overflow in the make_http_soap_request function in PHP before 5 ...)
	{DSA-1295-1 DTSA-39-1}
	- php5 5.2.2-1 (low)
CVE-2007-2509 (CRLF injection vulnerability in the ftp_putcmd function in PHP before  ...)
	{DSA-1296-1 DSA-1295-1 DTSA-39-1 DTSA-40-1}
	- php5 5.2.2-1 (low)
	- php4 4.4.7-1 (low)
CVE-2007-2508 (Multiple stack-based buffer overflows in Trend Micro ServerProtect 5.5 ...)
	NOT-FOR-US: Trend Micro
CVE-2007-2507 (Directory traversal vulnerability in includes/download.php in Treble D ...)
	NOT-FOR-US: Treble Designs 1024 CMS
CVE-2007-2506 (WebSpeed 3.x in OpenEdge 10.x in Progress Software Progress 9.1e, and  ...)
	NOT-FOR-US: OpenEdge WebSpeed
CVE-2007-2505 (Stack-based buffer overflow in InterVations MailCOPA 8.01 20070323 all ...)
	NOT-FOR-US: MailCOPA
CVE-2007-2504
	NOT-FOR-US: PHP Turbulence
CVE-2007-2503
	NOT-FOR-US: PHP Turbulence
CVE-2007-2502 (Unspecified vulnerability in HP ProCurve 9300m Series switches with so ...)
	NOT-FOR-US: HP ProCurve 9300m Series switches
CVE-2007-2501 (Eval injection vulnerability in codepress.html in CodePress before 0.9 ...)
	NOT-FOR-US: CodePress
CVE-2007-2500 (server/parser/sprite_definition.cpp in GNU Gnash (aka GNU Flash Player ...)
	{DTSA-48-1}
	- gnash 0.7.2+cvs20070518.1557-1 (bug #423433)
CVE-2007-2499 (Multiple cross-site scripting (XSS) vulnerabilities in DVDdb 0.6 and e ...)
	NOT-FOR-US: DVDdb
CVE-2007-2498 (libmp4v2.dll in Winamp 5.02 through 5.34 allows user-assisted remote a ...)
	NOT-FOR-US: Winamp
CVE-2007-2497 (RealNetworks RealPlayer 10 Gold allows remote attackers to cause a den ...)
	NOT-FOR-US: RealPlayer
	NOTE: helix-player not affected
CVE-2007-2496 (The WordOCX ActiveX control in WordViewer.ocx 3.2.0.5 allows remote at ...)
	NOT-FOR-US: WordViewer.ocx
CVE-2007-2495 (Multiple stack-based buffer overflows in the ExcelOCX ActiveX control  ...)
	NOT-FOR-US: ExcelViewer .ocx
CVE-2007-2494 (Multiple stack-based buffer overflows in the PowerPointOCX ActiveX con ...)
	NOT-FOR-US: PowerPointViewer .ocx
CVE-2007-2493 (PHP remote file inclusion vulnerability in faq.php in the FAQ &amp; RU ...)
	NOT-FOR-US: FAQ & RULES module for mxBB
CVE-2007-2492 (SQL injection vulnerability in index.php in the v4bJournal module for  ...)
	NOT-FOR-US: v4bJournal module for PostNuke
CVE-2007-2491 (The PIIX4 power management subsystem in EMC VMware Workstation 5.5.3.3 ...)
	NOT-FOR-US: EMC VMware
CVE-2007-2490 (Unspecified vulnerability in LiveData Server before 5.00.62 allows rem ...)
	NOT-FOR-US: LiveData Server
CVE-2007-2489 (Heap-based buffer overflow in LiveData Protocol Server 5.00.045, and o ...)
	NOT-FOR-US: LiveData Protocol Server
CVE-2007-2487 (Stack-based buffer overflow in AtomixMP3 allows remote attackers to ex ...)
	NOT-FOR-US: AtomixMP3
CVE-2007-2486 (Directory traversal vulnerability in download.asp in Motobit 1.3 and 1 ...)
	NOT-FOR-US: Motobit
CVE-2007-2485 (PHP remote file inclusion vulnerability in myflash-button.php in the m ...)
	NOT-FOR-US: myflash plugin for WordPress
CVE-2007-2484 (PHP remote file inclusion vulnerability in js/wptable-button.php in th ...)
	NOT-FOR-US: wp-Table plugin for WordPress
CVE-2007-2483 (Directory traversal vulnerability in js/wptable-button.php in the wp-T ...)
	NOT-FOR-US: wp-Table plugin for WordPress
CVE-2007-2482 (Directory traversal vulnerability in wordtube-button.php in the wordTu ...)
	NOT-FOR-US: wordTube plugin for WordPress
CVE-2007-2481 (PHP remote file inclusion vulnerability in wordtube-button.php in the  ...)
	NOT-FOR-US: wordTube plugin for WordPress
CVE-2007-XXXX [schroot may use outdated configuration information]
	- schroot <not-affected> (Upstream: "This bug was never present in a Debian release.")
CVE-2007-2488 (The IAX2 channel driver (chan_iax2) in Asterisk before 20070504 does n ...)
	{DSA-1358-1}
	- asterisk 1:1.4.5~dfsg-1 (low)
	NOTE: no-dsa / unimportant candidate, the opposite side of the telephone line
	NOTE: could just as well hang-up
	NOTE: https://downloads.avaya.com/elmodocs2/security/ASA-2007-013.htm
CVE-2007-2480 (The _udp_lib_get_port function in net/ipv4/udp.c in Linux kernel 2.6.2 ...)
	- linux-2.6 2.6.22-1 (medium)
CVE-2007-2479 (Cerulean Studios Trillian Pro before 3.1.5.1 allows remote attackers t ...)
	NOT-FOR-US: Cerulean Trillian
CVE-2007-2478 (Multiple heap-based buffer overflows in the IRC component in Cerulean  ...)
	NOT-FOR-US: Cerulean Trillian
CVE-2007-2477
	NOT-FOR-US: phpMyChat
CVE-2007-2476 (Unspecified vulnerability in Novell SecureLogin (NSL) 6 SP1 before 6.0 ...)
	NOT-FOR-US: Novell
CVE-2007-2475 (Unspecified vulnerability in the ADSCHEMA utility in Novell SecureLogi ...)
	NOT-FOR-US: Novell
CVE-2007-2474 (Multiple PHP remote file inclusion vulnerabilities in Turnkey Web Tool ...)
	NOT-FOR-US: Turnkey Web Tools SunShop Shopping Cart
CVE-2007-2473 (SQL injection vulnerability in stylesheet.php in CMS Made Simple 1.0.5 ...)
	NOT-FOR-US: CMS Made Simple
CVE-2007-2472 (Cross-site scripting (XSS) vulnerability in sendcard.php in Sendcard 3 ...)
	NOT-FOR-US: Sendcard
CVE-2007-2471 (Directory traversal vulnerability in sendcard.php in Sendcard 3.4.1 an ...)
	NOT-FOR-US: Sendcard
CVE-2007-2470 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in Fi ...)
	NOT-FOR-US: FileRun
CVE-2007-2469 (SQL injection vulnerability in index.php in FileRun 1.0 and earlier al ...)
	NOT-FOR-US: FileRun
CVE-2007-2468 (Unspecified vulnerability in HP OpenVMS for Integrity Servers 8.2-1 an ...)
	NOT-FOR-US: HP OpenVMS
CVE-2007-2467 (ZoneAlarm Pro 6.5.737.000, 6.1.744.001, and possibly earlier versions  ...)
	NOT-FOR-US: Check Point Zone Labs ZoneAlarm Internet Security Suite
CVE-2007-2466 (Unspecified vulnerability in the LDAP Software Development Kit (SDK) f ...)
	NOT-FOR-US: Sun Java System Directory Server
CVE-2007-2465 (Unspecified vulnerability in Sun Solaris 9, when Solaris Auditing (BSM ...)
	NOT-FOR-US: Sun Solaris
CVE-2007-2464 (Race condition in Cisco Adaptive Security Appliance (ASA) and PIX 7.1  ...)
	NOT-FOR-US: Cisco
CVE-2007-2463 (Unspecified vulnerability in Cisco Adaptive Security Appliance (ASA) a ...)
	NOT-FOR-US: Cisco
CVE-2007-2462 (Unspecified vulnerability in Cisco Adaptive Security Appliance (ASA) a ...)
	NOT-FOR-US: Cisco
CVE-2007-2461 (The DHCP relay agent in Cisco Adaptive Security Appliance (ASA) and PI ...)
	NOT-FOR-US: Cisco
CVE-2007-2460 (PHP remote file inclusion vulnerability in modules/admin/include/confi ...)
	NOT-FOR-US: FireFly
CVE-2007-2459 (Heap-based buffer overflow in the BMP reader (bmp.c) in Imager perl mo ...)
	{DSA-1498-1}
	- libimager-perl 0.58-1 (bug #421582)
CVE-2007-2458 (Multiple PHP remote file inclusion vulnerabilities in Pixaria Gallery  ...)
	NOT-FOR-US: Pixaria Gallery
CVE-2007-2457 (PHP remote file inclusion vulnerability in resources/includes/class.Sm ...)
	NOT-FOR-US: Pixaria Gallery
CVE-2007-2456 (Multiple PHP remote file inclusion vulnerabilities in FireFly 1.1.01 a ...)
	NOT-FOR-US: FireFly
CVE-2007-2455 (Parallels allows local users to cause a denial of service (virtual mac ...)
	NOT-FOR-US: Parallels
CVE-2007-2454 (Heap-based buffer overflow in the VGA device in Parallels allows local ...)
	NOT-FOR-US: Parallels
CVE-2007-2453 (The random number feature in Linux kernel 2.6 before 2.6.20.13, and 2. ...)
	{DSA-1356-1}
	- linux-2.6 2.6.21-5 (low)
CVE-2007-2452 (Heap-based buffer overflow in the visit_old_format function in locate/ ...)
	- findutils 4.2.31-1 (low; bug #426862)
	[sarge] - findutils <no-dsa> (Not vulnerable in default configuration, minor issue)
	[etch] - findutils 4.2.28-1etch1 (low)
CVE-2007-2451 (Unspecified vulnerability in drivers/crypto/geode-aes.c in GEODE-AES i ...)
	- linux-2.6 2.6.21-3
	[etch] - linux-2.6 <not-affected> (Vulnerable code not present, introduced in 2.6.20)
CVE-2007-2450 (Multiple cross-site scripting (XSS) vulnerabilities in the (1) Manager ...)
	{DSA-1468-1}
	- tomcat4 <removed> (low)
	- tomcat5 <removed> (low)
	- tomcat5.5 5.5.25-1 (low)
	[sarge] - tomcat4 <no-dsa> (Contrib not supported)
CVE-2007-2449 (Multiple cross-site scripting (XSS) vulnerabilities in certain JSP fil ...)
	- tomcat4 <removed> (unimportant)
	- tomcat5 <removed> (unimportant)
	- tomcat5.5 5.5.25-1 (unimportant)
	NOTE: Only present in the examples, not in production code
CVE-2007-2448 (Subversion 1.4.3 and earlier does not properly implement the "partial  ...)
	- subversion 1.4.4dfsg1-1 (bug #428194; low)
	[etch] - subversion <no-dsa> (Minor issue)
	[sarge] - subversion <no-dsa> (Minor issue)
CVE-2007-2447 (The MS-RPC functionality in smbd in Samba 3.0.0 through 3.0.25rc3 allo ...)
	{DSA-1291-2 DTSA-41-1}
	- samba 3.0.25-1 (high)
CVE-2007-2446 (Multiple heap-based buffer overflows in the NDR parsing in smbd in Sam ...)
	{DSA-1291-2 DTSA-41-1}
	- samba 3.0.25-1 (high)
CVE-2007-2445 (The png_handle_tRNS function in pngrutil.c in libpng before 1.0.25 and ...)
	{DSA-1613-1}
	- libgd2 2.0.35.dfsg-1 (low)
	[etch] - libgd2 2.0.33-5.2etch1 (low)
	- libpng 1.2.15~beta5-2
	- libpng3 <not-affected>
	[etch] - libpng 1.2.15~beta5-1+etch2
	NOTE: Only a crash, no code injection. Calling this DoS stretches things rather far
CVE-2007-2444 (Logic error in the SID/Name translation functionality in smbd in Samba ...)
	{DSA-1291-2 DTSA-41-1}
	- samba 3.0.25-1
CVE-2007-2443 (Integer signedness error in the gssrpc__svcauth_unix function in svc_a ...)
	{DSA-1323-1}
	- krb5 1.6.dfsg.1-5 (bug #430787; medium)
CVE-2007-2442 (The gssrpc__svcauth_gssapi function in the RPC library in MIT Kerberos ...)
	{DSA-1323-1}
	- krb5 1.6.dfsg.1-5 (bug #430787; high)
CVE-2007-2441 (Caucho Resin Professional 3.1.0 and Caucho Resin 3.1.0 and earlier for ...)
	NOT-FOR-US: Caucho Resin Professional
CVE-2007-2440 (Directory traversal vulnerability in Caucho Resin Professional 3.1.0 a ...)
	NOT-FOR-US: Caucho Resin Professional
CVE-2007-2439 (Caucho Resin Professional 3.1.0 and Caucho Resin 3.1.0 and earlier for ...)
	NOT-FOR-US: Caucho Resin Professional
CVE-2007-2438 (The sandbox for vim allows dangerous functions such as (1) writefile,  ...)
	{DSA-1364-2 DSA-1364-1}
	- vim 1:7.1-022+1 (bug #435401; low)
	[sarge] - vim <not-affected> (Vulnerable code not present)
	NOTE: Exploitable through modelines, needs to be used with care in any case
CVE-2007-2437 (The X render (Xrender) extension in X.org X Window System 7.0, 7.1, an ...)
	- xorg-server 2:1.3.0.0.dfsg-4 (unimportant; bug #422936)
	NOTE: etch vulnerable (patch below applies)
	NOTE: git url to fix the issue
	NOTE: http://gitweb.freedesktop.org/?p=xorg/xserver.git;a=commitdiff;h=71fc5b3e9309182978ead676965d65ca93a4e3b9
	NOTE: Not considered a security problem, only exploitable by authenticated users
	NOTE: If an attacker convinces such a user to run his exploit code blindly she could
	NOTE: just as well provide a binary which does more harm
CVE-2007-2436
	REJECTED
CVE-2007-2435 (Sun Java Web Start in JDK and JRE 5.0 Update 10 and earlier, and Java  ...)
	- sun-java5 1.5.0-11-1 (medium; bug #423062)
	[etch] - sun-java5 1.5.0-14-1etch1
CVE-2007-2434 (Buffer overflow in asnsp.dll in Aventail Connect 4.1.2.13 allows remot ...)
	NOT-FOR-US: Aventail Connect
CVE-2007-2433 (Cross-site scripting (XSS) vulnerability in index.php in Ariadne 2.4.1 ...)
	NOT-FOR-US: Ariadne
CVE-2007-2432 (Cross-site scripting (XSS) vulnerability in utilities/search.asp in nu ...)
	NOT-FOR-US: Nukedit
CVE-2007-2431 (Dynamic variable evaluation vulnerability in shared/config/tce_config. ...)
	NOT-FOR-US: TCExam
CVE-2007-2430 (shared/code/tce_tmx.php in TCExam 4.0.011 and earlier allows remote at ...)
	NOT-FOR-US: TCExam
CVE-2007-2429 (ManageEngine PasswordManager Pro (PMP) allows remote attackers to obta ...)
	NOT-FOR-US: ManageEngine PasswordManager Pro (PMP)
CVE-2007-2428 (Multiple PHP remote file inclusion vulnerabilities in page.php in Ahhp ...)
	NOT-FOR-US: Ahhp-Portal
CVE-2007-2427 (SQL injection vulnerability in index.php in the pnFlashGames 1.5 modul ...)
	NOT-FOR-US: pnFlashGames
CVE-2007-2426 (PHP remote file inclusion vulnerability in myfunctions/mygallerybrowse ...)
	NOT-FOR-US: myGallery
CVE-2007-2425 (Directory traversal vulnerability in fileview.php in Imageview 5.3 all ...)
	NOT-FOR-US: Imageview
CVE-2007-2424 (PHP remote file inclusion vulnerability in help/index.php in The Merch ...)
	NOT-FOR-US: The Merchant
CVE-2007-2423 (Cross-site scripting (XSS) vulnerability in index.php in MoinMoin 1.5. ...)
	{DSA-1514-1}
	- moin 1.5.7-3 (medium; bug #422408)
CVE-2007-2422
	NOT-FOR-US: Comdev One Admin
CVE-2007-2421 (Buffer overflow in Hitachi Groupmax Mobile Option for Mobile-Phone 07- ...)
	NOT-FOR-US: Hitachi Groupmax
CVE-2007-2420 (SQL injection vulnerability in bry.asp in Burak Yilmaz Blog 1.0 allows ...)
	NOT-FOR-US: Burak Yilmaz Blog
CVE-2007-2419 (Multiple buffer overflows in an ActiveX control (boisweb.dll) in Macro ...)
	NOT-FOR-US: Macrovision
CVE-2007-2418 (Heap-based buffer overflow in the Rendezvous / Extensible Messaging an ...)
	NOT-FOR-US: Cerulean Trillian
CVE-2007-2417 (Heap-based buffer overflow in _mprosrv.exe in Progress Software Progre ...)
	NOT-FOR-US: Progress Software Progress and OpenEdge
CVE-2007-2416 (SQL injection vulnerability in home.php in E-Annu allows remote attack ...)
	NOT-FOR-US: E-Annu
CVE-2007-2415 (Pi3Web Web Server 2.0.3 PL1 allows remote attackers to cause a denial  ...)
	NOT-FOR-US: Pi3Web Web Server
CVE-2007-2414 (MyServer before 0.8.8 allows remote attackers to cause a denial of ser ...)
	NOT-FOR-US: MyServer
CVE-2007-2413
	REJECTED
CVE-2007-2412
	NOT-FOR-US: Seir Anphin
CVE-2007-2411
	NOT-FOR-US: Sphider
CVE-2007-2410 (WebCore on Apple Mac OS X 10.3.9 and 10.4.10 retains properties of cer ...)
	NOT-FOR-US: Mac OS X
CVE-2007-2409 (Cross-domain vulnerability in WebCore on Apple Mac OS X 10.3.9 and 10. ...)
	NOT-FOR-US: Mac OS X
CVE-2007-2408 (WebKit in Apple Safari 3 Beta before Update 3.0.3 does not properly re ...)
	NOT-FOR-US: Apple Safari
CVE-2007-2407 (The Samba server on Apple Mac OS X 10.3.9 and 10.4.10, when Windows fi ...)
	- samba <not-affected> (MacOS/Apple-specific vulnerability)
CVE-2007-2406 (Quartz Composer on Apple Mac OS X 10.4.10 does not initialize a certai ...)
	NOT-FOR-US: Mac OS X
CVE-2007-2405 (Integer underflow in Preview in PDFKit on Apple Mac OS X 10.4.10 allow ...)
	NOT-FOR-US: Mac OS X
CVE-2007-2404 (CRLF injection vulnerability in CFNetwork on Apple Mac OS X 10.3.9 and ...)
	NOT-FOR-US: Mac OS X
CVE-2007-2403 (CFNetwork on Apple Mac OS X 10.3.9 and 10.4.10 does not properly valid ...)
	NOT-FOR-US: Mac OS X
CVE-2007-2402 (QuickTime for Java in Apple Quicktime before 7.2 does not perform suff ...)
	NOT-FOR-US: Apple Quicktime
CVE-2007-2401 (CRLF injection vulnerability in WebCore in Apple Mac OS X 10.3.9, 10.4 ...)
	NOT-FOR-US: Apple
CVE-2007-2400 (Race condition in Apple Safari 3 Beta before 3.0.2 on Mac OS X, Window ...)
	NOT-FOR-US: Apple
CVE-2007-2399 (WebKit in Apple Mac OS X 10.3.9, 10.4.9 and later, and iPhone before 1 ...)
	NOT-FOR-US: Apple
CVE-2007-2398 (Apple Safari 3.0.1 beta (522.12.12) on Windows allows remote attackers ...)
	NOT-FOR-US: Apple Safari
CVE-2007-2397 (QuickTime for Java in Apple Quicktime before 7.2 does not properly che ...)
	NOT-FOR-US: Apple Quicktime
CVE-2007-2396 (The JDirect support in QuickTime for Java in Apple Quicktime before 7. ...)
	NOT-FOR-US: Apple Quicktime
CVE-2007-2395 (Unspecified vulnerability in Apple QuickTime before 7.3 allows remote  ...)
	NOT-FOR-US: Apple QuickTime
CVE-2007-2394 (Integer overflow in Apple Quicktime before 7.2 on Mac OS X 10.3.9 and  ...)
	NOT-FOR-US: Apple Quicktime
CVE-2007-2393 (The design of QuickTime for Java in Apple Quicktime before 7.2 allows  ...)
	NOT-FOR-US: Apple Quicktime
CVE-2007-2392 (Apple Quicktime before 7.2 on Mac OS X 10.3.9 and 10.4.9 allows user-a ...)
	NOT-FOR-US: Apple Quicktime
CVE-2007-2391 (Cross-site scripting (XSS) vulnerability in Apple Safari Beta 3.0.1 fo ...)
	NOT-FOR-US: Apple
CVE-2007-2390 (Buffer overflow in iChat in Apple Mac OS X 10.3.9 and 10.4.9 allows re ...)
	NOT-FOR-US: Apple
CVE-2007-2389 (Apple QuickTime for Java 7.1.6 on Mac OS X and Windows does not clear  ...)
	NOT-FOR-US: Apple
CVE-2007-2388 (Apple QuickTime for Java 7.1.6 on Mac OS X and Windows does not proper ...)
	NOT-FOR-US: Apple
CVE-2007-2387 (Apple Xserve Lights-Out Management before Firmware Update 1.0 on Intel ...)
	NOT-FOR-US: Apple
CVE-2007-2386 (Buffer overflow in mDNSResponder in Apple Mac OS X 10.4 up to 10.4.9 a ...)
	NOT-FOR-US: Apple mDNSResponder
CVE-2007-2385 (The Yahoo! UI framework exchanges data using JavaScript Object Notatio ...)
	- yui <removed> (unimportant; bug #557745)
	- bcfg2 <not-affected> (present in source but not included in any binary files)
	- serendipity 1.5.3-1 (low; bug #557746)
	- moodle <not-affected> (uses system libjs-yui)
	- jifty 0.91117-1 (low; bug #557748)
	- webgui <not-affected> (uses system libjs-yui)
	- loggerhead <not-affected> (uses system libjs-yui)
	NOTE: see https://web.archive.org/web/20071105202514/http://www.fortifysoftware.com/servlet/downloads/public/JavaScript_Hijacking.pdf
	NOTE: This allows to steal data from affected websites. Therefore web applications should
	NOTE: only be considered vunerabile if they process confidential data.
	NOTE: The frameworks should be fixed in any case.
CVE-2007-2384 (The Script.aculo.us framework exchanges data using JavaScript Object N ...)
	NOTE: see http://www.fortifysoftware.com/servlet/downloads/public/JavaScript_Hijacking.pdf
	NOTE: This allows to steal data from affected websites. Therefore web applications should
	NOTE: only be considered vunerabile if they process confidential data.
	NOTE: The frameworks should be fixed in any case.
CVE-2007-2383 (The Prototype (prototypejs) framework before 1.5.1 RC3 exchanges data  ...)
	{DSA-1952-1}
	- prototypejs <not-affected> (fixed before initial upload)
	- auth2db 0.2.5-2+dfsg-1 (low; bug #555217)
	- asterisk 1:1.6.2.0~rc3-1 (low; bug #555220)
	[etch] - asterisk <no-dsa> (minor issue)
	[lenny] - asterisk <no-dsa> (minor issue)
	- libaws 2.7-1 (low; bug #555221)
	[etch] - libaws <no-dsa> (minor issue)
	[lenny] - libaws <no-dsa> (minor issue)
	- libjson-ruby <not-affected> (has prototype.js >= 1.5.1)
	- lucene2 2.9.1+ds1-2 (low; bug #555225)
	[etch] - lucene2 <not-affected> (prototype.js not present)
	[lenny] - lucene2 <no-dsa> (minor issue)
	- glpi 0.72.3-1 (low; bug #555228)
	[etch] - glpi <no-dsa> (minor issue)
	[lenny] - glpi <no-dsa> (minor issue)
	- knowledgeroot 0.9.9.5-1 (low; bug #555229)
	[etch] - knowledgeroot <no-dsa> (minor issue)
	[lenny] - knowledgeroot <not-affected> (Uses the prototype.js copy from scriptaculous)
	- mt-daapd 0.9~r1696.dfsg-6 (low; bug #555231)
	[etch] - mt-daapd <no-dsa> (minor issue)
	- mediatomb 0.11.0-3 (low; bug #555232)
	- op-panel 0.30~dfsg-1 (low; bug #555234)
	- ebug-http 0.31-2.1 (low; bug #555235)
	[lenny] - ebug-http <no-dsa> (Minor issue)
	- poker-network 1.7.6-1 (low; bug #555237)
	[etch] - poker-network <no-dsa> (minor issue)
	- webhelpers <not-affected> (fixed since initial inclusion)
	- qwik <removed> (low; bug #555240)
	[etch] - qwik <no-dsa> (minor issue)
	[lenny] - qwik <no-dsa> (minor issue)
	- wordpress <not-affected> (fixed since initial inclusion)
	- exaile <not-affected> (fixed since initial inclusion)
	- hobix 0.5~svn20070319-4 (low; bug #555246)
	[lenny] - hobix <no-dsa> (minor issue)
	- pixelpost 1.7.1-6 (low; bug #555248)
	[lenny] - pixelpost <no-dsa> (minor issue)
	- symfony 1.0.21-1.1 (low; bug #555250)
	[lenny] - symfony <no-dsa> (minor issue)
	- jscropperui 1.2.1-1 (low; bug #555255)
	[lenny] - jscropperui <no-dsa> (minor issue)
	- rt-extension-emailcompletion <not-affected> (fixed since initial inclusion)
	- scriptaculous <not-affected> (fixed since initial inclusion)
	- activeldap <not-affected> (fixed since initial inclusion)
	- mantis <not-affected> (fixed since initial inclusion)
	- otrs2 <not-affected> (fixed since initial inclusion)
	- webcalendar 1.2~b1-2 (low; bug #555268)
	[lenny] - webcalendar <not-affected> (prototype.js not present)
	- plone3 <removed> (low; bug #555274)
	- wesnoth <not-affected> (fixed since initial inclusion)
	- libhtml-prototype-perl 1.48-3 (low; bug #558977)
	[etch] - libhtml-prototype-perl <no-dsa> (minor issue)
	[lenny] - libhtml-prototype-perl <no-dsa> (minor issue)
	NOTE: see http://www.fortifysoftware.com/servlet/downloads/public/JavaScript_Hijacking.pdf
	NOTE: This allows to steal data from affected websites. Therefore web applications should
	NOTE: only be considered vunerabile if they process confidential data.
	NOTE: The frameworks should be fixed in any case.
CVE-2007-2382 (The Moo.fx framework exchanges data using JavaScript Object Notation ( ...)
	NOT-FOR-US: Moo.fx framework
	NOTE: see http://www.fortifysoftware.com/servlet/downloads/public/JavaScript_Hijacking.pdf
	NOTE: This allows to steal data from affected websites. Therefore web applications should
	NOTE: only be considered vunerabile if they process confidential data.
	NOTE: The frameworks should be fixed in any case.
CVE-2007-2381 (The MochiKit framework exchanges data using JavaScript Object Notation ...)
	NOTE: see http://www.fortifysoftware.com/servlet/downloads/public/JavaScript_Hijacking.pdf
	NOTE: This allows to steal data from affected websites. Therefore web applications should
	NOTE: only be considered vunerabile if they process confidential data.
	NOTE: The frameworks should be fixed in any case.
CVE-2007-2380 (The Microsoft Atlas framework exchanges data using JavaScript Object N ...)
	NOT-FOR-US: Microsoft Atlas
CVE-2007-2379 (The jQuery framework exchanges data using JavaScript Object Notation ( ...)
	- jquery <removed> (unimportant)
	NOTE: the paper in this reference is a guideline on how to avoid writing unsafe jquery applications. there really isn't anything to fix in the library itself.
	NOTE: https://www.fortify.com/vulncat/en/vulncat/javascript/javascript_hijacking_ad_hoc_ajax.html
CVE-2007-2378 (The Google Web Toolkit (GWT) framework exchanges data using JavaScript ...)
	- gwt <removed> (unimportant; bug #563542)
	NOTE: javascript security guidelines provided to developers to avoid these issues
	NOTE: https://developers.google.com/web-toolkit/articles/security_for_gwt_applications
CVE-2007-2377 (The Getahead Direct Web Remoting (DWR) framework 1.1.4 exchanges data  ...)
	NOT-FOR-US: Getahead Direct Web Remoting
CVE-2007-2376 (The Dojo framework exchanges data using JavaScript Object Notation (JS ...)
	NOT-FOR-US: Dojo
CVE-2007-2375 (The agent remote upgrade interface in Symantec Enterprise Security Man ...)
	NOT-FOR-US: Symantec
CVE-2007-2374 (Unspecified vulnerability in Microsoft Windows 2000, XP, and Server 20 ...)
	NOT-FOR-US: Microsoft
CVE-2007-2373 (SQL injection vulnerability in viewcat.php in the WF-Links (wflinks) 1 ...)
	NOT-FOR-US: WF-Links (wflinks) module for XOOPS
CVE-2007-2372 (admin/send_mod.php in Gregory Kokanosky phpMyNewsletter 0.8 beta5 and  ...)
	NOT-FOR-US: phpMyNewsletter
CVE-2007-2371 (admin/index.php in Gregory Kokanosky phpMyNewsletter 0.8 beta5 and ear ...)
	NOT-FOR-US: phpMyNewsletter
CVE-2007-2370 (SQL injection vulnerability in index.php in the John Mordo Jobs 2.4 an ...)
	NOT-FOR-US: Jobs module for XOOPS
CVE-2007-2369 (Directory traversal vulnerability in picture.php in WebSPELL 4.01.02 a ...)
	NOT-FOR-US: WebSPELL
CVE-2007-2368 (picture.php in WebSPELL 4.01.02 and earlier allows remote attackers to ...)
	NOT-FOR-US: WebSPELL
CVE-2007-2367 (Buffer overflow in wserve_console.exe in Wserve HTTP Server (whttp) 4. ...)
	NOT-FOR-US: Wserve HTTP Server (whttp)
CVE-2007-2366 (Buffer overflow in Corel Paint Shop Pro 11.20 allows user-assisted rem ...)
	NOT-FOR-US: Corel
CVE-2007-2365 (Buffer overflow in Adobe Photoshop CS2 and CS3, Photoshop Elements 5.0 ...)
	NOT-FOR-US: Adobe
CVE-2007-2364 (Multiple PHP remote file inclusion vulnerabilities in burnCMS 0.2 and  ...)
	NOT-FOR-US: burnCMS
CVE-2007-2363 (Buffer overflow in IrfanView 4.00 and earlier allows user-assisted rem ...)
	NOT-FOR-US: IrfanView
CVE-2007-2362 (Multiple buffer overflows in MyDNS 1.1.0 allow remote attackers to (1) ...)
	{DSA-1434-1 DTSA-36-1}
	- mydns 1:1.1.0-8
	[sarge] - mydns <not-affected> (Vulnerable code not present)
CVE-2007-2361 (Symantec Norton Ghost, Norton Save &amp; Recovery, LiveState Recovery, ...)
	NOT-FOR-US: Symantec
CVE-2007-2360 (Symantec Norton Ghost, Norton Save &amp; Recovery, LiveState Recovery, ...)
	NOT-FOR-US: Symantec
CVE-2007-2359 (Buffer overflow in Ghost Service Manager, as used in Symantec Norton G ...)
	NOT-FOR-US: Symantec
CVE-2007-2358
	- b2evolution <not-affected> (Debian's version does not contain the affected variables)
CVE-2007-2357 (Cross-site scripting (XSS) vulnerability in mods/Core/result.php in Si ...)
	NOT-FOR-US: SineCms
CVE-2007-2356 (Stack-based buffer overflow in the set_color_table function in sunras. ...)
	{DSA-1301-1}
	- gimp 2.2.14-2
CVE-2007-2355 (The get_url function in DODS_Dispatch.pm for the CGI_server in OPeNDAP ...)
	NOT-FOR-US: OPeNDAP
CVE-2007-2354 (Progress Webspeed Messenger allows remote attackers to obtain sensitiv ...)
	NOT-FOR-US: Progress Webspeed Messenger
CVE-2007-2353 (Apache Axis 1.0 allows remote attackers to obtain sensitive informatio ...)
	- axis <unfixed> (unimportant)
	NOTE: only path disclosure
CVE-2007-2352 (Multiple format string vulnerabilities in AFFLIB 2.2.6 allow remote at ...)
	NOT-FOR-US: AFFLIB
CVE-2007-2351 (Unspecified vulnerability in the HP Power Manager Remote Agent (RA) 4. ...)
	NOT-FOR-US: HP Power Manager Remote Agent
CVE-2007-2350 (admin/config.php in the music-on-hold module in freePBX 2.2.x allows r ...)
	NOT-FOR-US: freePBX
CVE-2007-2349 (Cross-site scripting (XSS) vulnerability in Invision Power Board (IP.B ...)
	NOT-FOR-US: Invision Power Board
CVE-2007-2348 (mirror --script in lftp before 3.5.9 does not properly quote shell met ...)
	- lftp 3.5.9-1 (unimportant)
	NOTE: Non-issue, also already documented as potentially risky
CVE-2007-2347 (PHP remote file inclusion vulnerability in main/forum/komentar.php in  ...)
	NOT-FOR-US: OneClick CMS
CVE-2007-2346 (Multiple PHP remote file inclusion vulnerabilities in PHP-Generics 1.0 ...)
	NOT-FOR-US: PHP-Generics
CVE-2007-2345 (PHP remote file inclusion vulnerability in include/include_stream.inc. ...)
	NOT-FOR-US: phpBrowse
CVE-2007-2344 (The BOOTPD component in Enterasys NetSight Console 2.1 and NetSight In ...)
	NOT-FOR-US: Enterasys
CVE-2007-2343 (Stack-based buffer overflow in the TFTPD component in Enterasys NetSig ...)
	NOT-FOR-US: Enterasys
CVE-2007-2342 (SQL injection vulnerability in error.asp in CreaScripts CreaDirectory  ...)
	NOT-FOR-US: CreaScripts Creadirectory
CVE-2007-2341 (PHP remote file inclusion vulnerability in suite/index.php in phpBandM ...)
	NOT-FOR-US: phpBandManager
CVE-2007-2340 (Multiple PHP remote file inclusion vulnerabilities in inc/include_all. ...)
	NOT-FOR-US: phporacleview
CVE-2007-2339 (Multiple SQL injection vulnerabilities in Phorum before 5.1.22 allow r ...)
	NOT-FOR-US: Phorum
CVE-2007-2338 (Cross-site request forgery (CSRF) vulnerability in include/admin/banli ...)
	NOT-FOR-US: Phorum
CVE-2007-2337 (Multiple cross-site scripting (XSS) vulnerabilities in Exponent CMS 0. ...)
	NOT-FOR-US: Exponent CMS
CVE-2007-2336 (Unspecified vulnerability in InterVations NaviCOPA Web Server 2.01 200 ...)
	NOT-FOR-US: NaviCOPA HTTP Server
CVE-2007-2335 (Cross-site scripting (XSS) vulnerability in the RSS feed reader functi ...)
	NOT-FOR-US: Lunascape
CVE-2007-2334 (Nortel VPN Router (aka Contivity) 1000, 2000, 4000, and 5000 before 5_ ...)
	NOT-FOR-US: Nortel
CVE-2007-2333 (Nortel VPN Router (aka Contivity) 1000, 2000, 4000, and 5000 before 5_ ...)
	NOT-FOR-US: Nortel
CVE-2007-2332 (Nortel VPN Router (aka Contivity) 1000, 2000, 4000, and 5000 before 6_ ...)
	NOT-FOR-US: Nortel
CVE-2007-2331 (PHP remote file inclusion vulnerability in cart.php in Shop-Script 2.0 ...)
	NOT-FOR-US: Shop-Script
CVE-2007-2330 (PHP remote file inclusion vulnerability in includes_handler.php in Dyn ...)
	NOT-FOR-US: DynaTracker
CVE-2007-2329 (PHP remote file inclusion vulnerability in searchbot.php in Searchacti ...)
	NOT-FOR-US: Searchactivity
CVE-2007-2328 (PHP remote file inclusion vulnerability in addvip.php in phpMYTGP 1.4b ...)
	NOT-FOR-US: phpMYTGP
CVE-2007-2327 (PHP remote file inclusion vulnerability in _editor.php in HTMLeditbox  ...)
	NOT-FOR-US: HTMLeditbox
CVE-2007-2326 (Multiple PHP remote file inclusion vulnerabilities in HYIP Manager Pro ...)
	- smarty <removed> (unimportant; bug #488523)
	- moodle 1.8.2-2 (unimportant; bug #488525)
	- gallery2 2.2.5-2 (unimportant; bug #488527)
	NOTE: this is a non-issue
	NOTE: to exploit this, the smarty files need to be installed in a http daemon accessible directory
	NOTE: (should be the case for embedded copies), however
	NOTE: additionally this relies on register_globals being switched on.
CVE-2007-2325 (PHP remote file inclusion vulnerability in include.php in MyNewsGroups ...)
	NOT-FOR-US: MyNewsGroups
CVE-2007-2324 (Directory traversal vulnerability in file.php in JulmaCMS 1.4 allows r ...)
	NOT-FOR-US: JulmaCMS
CVE-2007-2323 (Multiple buffer overflows in the WinDVDX ActiveX control in InterVideo ...)
	NOT-FOR-US: InterVideo
CVE-2007-2322 (NMMediaServer.exe in Nero MediaHome 2.5.5.0 and CE 1.3.0.4 allows remo ...)
	NOT-FOR-US: Nero
CVE-2007-2321 (Unspecified vulnerability in the search functionality in SilverStripe  ...)
	NOT-FOR-US: SilverStripe
CVE-2007-2320 (SQL injection vulnerability in kontakt.php in Papoo 3.02 and earlier a ...)
	NOT-FOR-US: Papoo
CVE-2007-2319 (PHP remote file inclusion vulnerability in the AutoStand 1.1 and earli ...)
	NOT-FOR-US: AutoStand
CVE-2007-2318 (Multiple format string vulnerabilities in FileZilla before 2.2.32 allo ...)
	- filezilla 3.0.0~beta2-3 (bug #421776)
	NOTE: http://sourceforge.net/project/shownotes.php?release_id=501534&group_id=21558
CVE-2007-2317 (Multiple PHP remote file inclusion vulnerabilities in MiniBB Forum 1.5 ...)
	NOT-FOR-US: MiniBB
CVE-2007-2316 (Unspecified vulnerability in the admin script in Open Business Managem ...)
	NOT-FOR-US: Open Business Management
CVE-2007-2315 (MiniShare 1.5.4, and possibly earlier, allows remote attackers to caus ...)
	NOT-FOR-US: MiniShare
CVE-2007-2314 (Multiple SQL injection vulnerabilities in Crea-Book 1.0, and possibly  ...)
	NOT-FOR-US: Crea-Book
CVE-2007-2313 (PHP remote file inclusion vulnerability in getinfo1.php in the Shotcas ...)
	NOT-FOR-US: Shotcast module for mxBB
CVE-2007-2312 (Multiple SQL injection vulnerabilities in the Virtual War (VWar) 1.5.0 ...)
	NOT-FOR-US: Virtual War (VWar)
CVE-2007-2311
	NOT-FOR-US: BlooFoxCMS
CVE-2007-2310 (Cross-site scripting (XSS) vulnerability in plugins/spaw/img_popup.php ...)
	NOT-FOR-US: BloofoxCMS
CVE-2007-2309 (Cross-site scripting (XSS) vulnerability in cas.php in FloweRS 2.0 all ...)
	NOT-FOR-US: FloweRS
CVE-2007-2308 (Cross-site scripting (XSS) vulnerability in cas.php in FloweRS 2.0 all ...)
	NOT-FOR-US: FloweRS
CVE-2007-2307 (PHP remote file inclusion vulnerability in engine/engine.inc.php in We ...)
	NOT-FOR-US: WebKalk2
CVE-2007-2306 (Multiple cross-site scripting (XSS) vulnerabilities in the Virtual War ...)
	NOT-FOR-US: Virtual War (VWar)
CVE-2007-2305 (Multiple SQL injection vulnerabilities in authenticate.php in Quick an ...)
	NOT-FOR-US: QDBlog
CVE-2007-2304 (Multiple directory traversal vulnerabilities in Quick and Dirty Blog ( ...)
	NOT-FOR-US: QDBlog
CVE-2007-2303 (Directory traversal vulnerability in includes/footer.php in News Manag ...)
	NOT-FOR-US: NMDeluxe
CVE-2007-2302 (PHP remote file inclusion vulnerability in autoindex.php in Expow 0.8  ...)
	NOT-FOR-US: Expow
CVE-2007-2301 (Multiple PHP remote file inclusion vulnerabilities in audioCMS arash 0 ...)
	NOT-FOR-US: audioCMS
CVE-2007-2300 (Multiple cross-site scripting (XSS) vulnerabilities in Endy Kristanto  ...)
	NOT-FOR-US: phpwebnews
CVE-2007-2299 (Multiple SQL injection vulnerabilities in Frogss CMS 0.7 and earlier a ...)
	NOT-FOR-US: CMS Frogss
CVE-2007-2298 (Multiple PHP remote file inclusion vulnerabilities in Garennes 0.6.1 a ...)
	NOT-FOR-US: Garennes
CVE-2007-2297 (The SIP channel driver (chan_sip) in Asterisk before 1.2.18 and 1.4.x  ...)
	{DSA-1358-1}
	- asterisk 1:1.4.2~dfsg-1 (medium; bug #419820)
	[sarge] - asterisk <not-affected> (correctly logs a warning)
CVE-2007-2296 (Integer overflow in the FlipFileTypeAtom_BtoN function in Apple Quickt ...)
	NOT-FOR-US: Apple QuickTime
CVE-2007-2295 (Heap-based buffer overflow in the JVTCompEncodeFrame function in Apple ...)
	NOT-FOR-US: Apple QuickTime
CVE-2007-2294 (The Manager Interface in Asterisk before 1.2.18 and 1.4.x before 1.4.3 ...)
	{DSA-1358-1}
	- asterisk 1:1.4.3~dfsg-1 (low)
	NOTE: Etch and Sarge affected
	NOTE: https://downloads.avaya.com/elmodocs2/security/ASA-2007-012.htm
CVE-2007-2293 (Multiple stack-based buffer overflows in the process_sdp function in c ...)
	- asterisk 1:1.4.3~dfsg-1 (high)
	[sarge] - asterisk <not-affected> (1.0.x not affected)
	[etch] - asterisk <not-affected> (1.2.x not affected)
	[lenny] - asterisk <not-affected> (vulnerable code not present)
	NOTE: https://downloads.avaya.com/elmodocs2/security/ASA-2007-010.htm
CVE-2007-2292 (CRLF injection vulnerability in the Digest Authentication support for  ...)
	{DSA-1401-1 DSA-1396-1 DSA-1392-1 DTSA-69-1 DTSA-80-1}
	- iceweasel 2.0.0.8-1 (low)
	- xulrunner 1.8.1.9-1
	- iceape 1.1.5
CVE-2007-2291 (CRLF injection vulnerability in the Digest Authentication support for  ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2007-2290 (Multiple PHP remote file inclusion vulnerabilities in B2 Weblog and Ne ...)
	NOT-FOR-US: B2 Weblog
	NOTE: Debian's b2evolution does not contain the string "b2inc",
	NOTE: and does not seem to suffer from this vulnerability.
CVE-2007-2289 (PHP remote file inclusion vulnerability in admin/includes/spaw/dialogs ...)
	NOT-FOR-US: Download-Engine
CVE-2007-2288 (PHP remote file inclusion vulnerability in info.php in Doruk100.net do ...)
	NOT-FOR-US: doruk100net
CVE-2007-2287 (PHP remote file inclusion vulnerability in accept.php in comus 2.0 Fin ...)
	NOT-FOR-US: comus
CVE-2007-2286 (PHP remote file inclusion vulnerability in config.php in Built2Go PHP  ...)
	NOT-FOR-US: Built2Go
CVE-2007-2285 (Directory traversal vulnerability in examples/layout/feed-proxy.php in ...)
	NOT-FOR-US: Jack Slocum Ext
CVE-2007-2284 (Buffer overflow in ABC-View Manager 1.42 allows user-assisted remote a ...)
	NOT-FOR-US: ABC-View Manager
CVE-2007-2283 (Buffer overflow in Fresh View 7.15 allows user-assisted remote attacke ...)
	NOT-FOR-US: Fresh View
CVE-2007-2282 (Cisco Network Services (CNS) NetFlow Collection Engine (NFC) before 6. ...)
	NOT-FOR-US: Cisco
CVE-2007-2281 (Integer overflow in the _ncp32._NtrpTCPReceiveMsg function in rds.exe  ...)
	NOT-FOR-US: HP OpenView Storage Data Protector
CVE-2007-2280 (Stack-based buffer overflow in OmniInet.exe (aka the backup client ser ...)
	NOT-FOR-US: HP OpenView Storage Data Protector
CVE-2007-2279 (The Scheduler Service (VxSchedService.exe) in Symantec Storage Foundat ...)
	NOT-FOR-US: Symantec
CVE-2007-2278 (Multiple PHP remote file inclusion vulnerabilities in DCP-Portal 6.1.1 ...)
	NOT-FOR-US: DCP-Portal
CVE-2007-2277 (Session fixation vulnerability in Plogger allows remote attackers to h ...)
	NOT-FOR-US: Plogger
CVE-2007-2276
	NOT-FOR-US: TippingPoint IPS
CVE-2007-2275 (Unspecified vulnerability in HP StorageWorks Command View Advanced Edi ...)
	NOT-FOR-US: HP StorageWorks
CVE-2007-2274 (The BitTorrent implementation in Opera 9.2 allows remote attackers to  ...)
	NOT-FOR-US: Opera
CVE-2007-2273 (PHP remote file inclusion vulnerability in include/loading.php in Ales ...)
	NOT-FOR-US: wavewoo
CVE-2007-2272 (PHP remote file inclusion vulnerability in docs/front-end-demo/cart2.p ...)
	NOT-FOR-US: Advanced Webhost Billing System
CVE-2007-2271 (Directory traversal vulnerability in Rajneel Lal TotaRam USP FOSS Dist ...)
	NOT-FOR-US: TotaRam
CVE-2007-2270 (The Linksys SPA941 VoIP Phone allows remote attackers to cause a denia ...)
	NOT-FOR-US: Linksys
CVE-2007-2269 (Directory traversal vulnerability in top.php3 in SWsoft Plesk for Wind ...)
	NOT-FOR-US: Plesk
CVE-2007-2268 (Multiple directory traversal vulnerabilities in SWsoft Plesk for Windo ...)
	NOT-FOR-US: Plesk
CVE-2007-2267 (Unspecified vulnerability in Sun Cluster 3.1 and Solaris Cluster 3.2 b ...)
	NOT-FOR-US: Sun Cluster
CVE-2007-2266 (Progress Webspeed Messenger allows remote attackers to read, create, m ...)
	NOT-FOR-US: Progress Webspeed Messenger
CVE-2007-2265 (Cross-site scripting (XSS) vulnerability in YA Book 0.98-alpha allows  ...)
	NOT-FOR-US: YA Book
CVE-2007-2264 (Heap-based buffer overflow in RealNetworks RealPlayer 8, 10, 10.1, and ...)
	NOT-FOR-US: RealPlayer
CVE-2007-2263 (Heap-based buffer overflow in RealNetworks RealPlayer 10.0, 10.1, and  ...)
	NOT-FOR-US: RealPlayer
CVE-2007-2262 (Multiple PHP remote file inclusion vulnerabilities in html/php/detail. ...)
	NOT-FOR-US: jmuffin
CVE-2007-2261 (PHP remote file inclusion vulnerability in espaces/communiques/annotat ...)
	NOT-FOR-US: C-Arbre
CVE-2007-2260 (Multiple PHP remote file inclusion vulnerabilities in bibtex mase beta ...)
	NOT-FOR-US: bibtex mase
CVE-2007-2259 (SQL injection vulnerability in forum.php in EsForum 3.0 allows remote  ...)
	NOT-FOR-US: EsForum
CVE-2007-2258 (PHP remote file inclusion vulnerability in includes/init.inc.php in PH ...)
	NOT-FOR-US: PHPMyBibli
CVE-2007-2257 (PHP remote file inclusion vulnerability in subscp.php in Fully Modded  ...)
	NOT-FOR-US: Fully Modded phpBB2
CVE-2007-2256 (Cross-site scripting (XSS) vulnerability in you.php in TJSChat 0.95 al ...)
	NOT-FOR-US: TJSChat
CVE-2007-2255 (Multiple PHP remote file inclusion vulnerabilities in Download-Engine  ...)
	NOT-FOR-US: Download-Engine
CVE-2007-2254 (PHP remote file inclusion vulnerability in admin/setup/level2.php in P ...)
	NOT-FOR-US: PHP Classifieds
CVE-2007-2253 (Exponent CMS 0.96.6 Alpha and earlier allows remote attackers to obtai ...)
	NOT-FOR-US: Exponent CMS
CVE-2007-2252 (Directory traversal vulnerability in iconspopup.php in Exponent CMS 0. ...)
	NOT-FOR-US: Exponent CMS
CVE-2007-2251 (Unspecified vulnerability in the Roles module in Xaraya 1.1.2 and earl ...)
	NOT-FOR-US: Xaraya
CVE-2007-2250 (admin.php in Phorum before 5.1.22 allows remote attackers to obtain th ...)
	NOT-FOR-US: Phorum
CVE-2007-2249 (include/controlcenter/users.php in Phorum before 5.1.22 allows remote  ...)
	NOT-FOR-US: Phorum
CVE-2007-2248 (Multiple cross-site scripting (XSS) vulnerabilities in admin.php in Ph ...)
	NOT-FOR-US: Phorum
CVE-2007-2247 (SQL injection vulnerability in modules/news/article.php in phpMySpace  ...)
	NOT-FOR-US: phpMySpace
CVE-2007-2246 (Unspecified vulnerability in HP-UX B.11.00 and B.11.11, when running s ...)
	NOT-FOR-US: HP-UX
CVE-2007-2245 (Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin befo ...)
	{DSA-1370-2 DSA-1370-1}
	- phpmyadmin 4:2.10.1-1 (low)
	NOTE: https://www.phpmyadmin.net/security/PMASA-2007-4/
	NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/b4134b65a7e7ed355121b6c2db9ea6c9624509bc
CVE-2007-2244 (Multiple buffer overflows in Adobe Photoshop CS2 and CS3, Illustrator  ...)
	NOT-FOR-US: Adobe Photoshop
CVE-2007-2243 (OpenSSH 4.6 and earlier, when ChallengeResponseAuthentication is enabl ...)
	- openssh <unfixed> (bug #436571; unimportant)
	[etch] - openssh <no-dsa> (Minor issue)
	[sarge] - openssh <no-dsa> (Minor issue)
CVE-2007-2242 (The IPv6 protocol allows remote attackers to cause a denial of service ...)
	{DSA-1356-1}
	- linux-2.6 2.6.21-1 (low; bug #421595)
	- kfreebsd-5 <removed> (low)
	[etch] - kfreebsd-5 <no-dsa> (No security support for KFreeBSD)
	NOTE: This should be off by default, tweakable by a simple knob.
	NOTE: (FreeBSD has it turned on for hosts, too.)
CVE-2007-2241 (Unspecified vulnerability in query.c in ISC BIND 9.4.0, and 9.5.0a1 th ...)
	- bind9 1:9.4.1-1 (medium)
	[etch] - bind9 <not-affected> (Only 9.4/9.5 branches affected)
	[sarge] - bind9 <not-affected> (Only 9.4/9.5 branches affected)
CVE-2007-2240 (The IBM Lenovo Access Support acpRunner ActiveX control, as distribute ...)
	NOT-FOR-US: IBM Lenovo Access Support acpRunner ActiveX control
CVE-2007-2239 (Stack-based buffer overflow in the SaveBMP method in the AXIS Camera C ...)
	NOT-FOR-US: AXIS Camera Control
CVE-2007-2238 (Multiple stack-based buffer overflows in the Whale Client Components A ...)
	NOT-FOR-US: Whale Client Components ActiveX control
CVE-2007-2237 (Microsoft Windows Graphics Device Interface (GDI+, GdiPlus.dll) allows ...)
	NOT-FOR-US: Microsoft
CVE-2007-2236 (footer.php in PunBB 1.2.14 and earlier allows remote attackers to incl ...)
	NOT-FOR-US: PunBB
CVE-2007-2235 (Multiple cross-site scripting (XSS) vulnerabilities in PunBB 1.2.14 an ...)
	NOT-FOR-US: PunBB
CVE-2007-2234 (include/common.php in PunBB 1.2.14 and earlier does not properly handl ...)
	NOT-FOR-US: PunBB
CVE-2007-2233 (cosign-bin/cosign.cgi in Cosign 2.0.2 and earlier allows remote authen ...)
	NOT-FOR-US: CoSign
CVE-2007-2232 (The CHECK command in Cosign 2.0.1 and earlier allows remote attackers  ...)
	NOT-FOR-US: CoSign
CVE-2007-2231 (Directory traversal vulnerability in index/mbox/mbox-storage.c in Dove ...)
	{DSA-1359-1}
	- dovecot 1.0.rc29-1
	[sarge] - dovecot <not-affected> (Vulnerable code not present)
CVE-2007-2230 (SQL injection vulnerability in CA Clever Path Portal allows remote aut ...)
	NOT-FOR-US: CA Clever Path
CVE-2007-2229 (Microsoft Windows Vista uses insecure default permissions for unspecif ...)
	NOT-FOR-US: Microsoft
CVE-2007-2228 (rpcrt4.dll (aka the RPC runtime library) in Microsoft Windows XP SP2,  ...)
	NOT-FOR-US: Windows
CVE-2007-2227 (The MHTML protocol handler in Microsoft Outlook Express 6 and Windows  ...)
	NOT-FOR-US: Microsoft
CVE-2007-2226
	REJECTED
CVE-2007-2225 (A component in Microsoft Outlook Express 6 and Windows Mail in Windows ...)
	NOT-FOR-US: Microsoft
CVE-2007-2224 (Object linking and embedding (OLE) Automation, as used in Microsoft Wi ...)
	NOT-FOR-US: Microsoft
CVE-2007-2223 (Microsoft XML Core Services (MSXML) 3.0 through 6.0 allows remote atta ...)
	NOT-FOR-US: Microsoft XML
CVE-2007-2222 (Multiple buffer overflows in the (1) ActiveListen (Xlisten.dll) and (2 ...)
	NOT-FOR-US: Microsoft
CVE-2007-2221 (Unspecified vulnerability in the mdsauth.dll COM object in Microsoft W ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2007-2220
	REJECTED
CVE-2007-2219 (Unspecified vulnerability in the Win32 API on Microsoft Windows 2000,  ...)
	NOT-FOR-US: Microsoft
CVE-2007-2218 (Unspecified vulnerability in the Windows Schannel Security Package for ...)
	NOT-FOR-US: Microsoft
CVE-2007-2217 (Kodak Image Viewer in Microsoft Windows 2000 SP4, and in some cases XP ...)
	NOT-FOR-US: Kodak Image Viewer
CVE-2007-2216 (The tblinf32.dll (aka vstlbinf.dll) ActiveX control for Internet Explo ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2007-2215
	REJECTED
CVE-2007-2214 (Unrestricted file upload vulnerability in includes/upload_file.php in  ...)
	NOT-FOR-US: DmCMS
CVE-2007-2213 (Unspecified vulnerability in the Initialize function in NetscapeFTPHan ...)
	NOT-FOR-US: WS_FTP
CVE-2007-2212 (Multiple SQL injection vulnerabilities in calendar.php in MyBB (aka My ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2007-2211 (SQL injection vulnerability in calendar.php in MyBB (aka MyBulletinBoa ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2007-2210 (A certain ActiveX control in askPopStp.dll in Netsprint Ask IE Toolbar ...)
	NOT-FOR-US: Netsprint
CVE-2007-2209 (Buffer overflow in igcore15d.dll 15.1.2.0 and 15.2.0.0 for AccuSoft Im ...)
	NOT-FOR-US: AccuSoft
CVE-2007-2208 (Multiple PHP remote file inclusion vulnerabilities in Extreme PHPBB2 3 ...)
	NOT-FOR-US: Extreme PHPBB2
CVE-2007-2207 (SQL injection vulnerability in contact/index.php in Ripe Website Manag ...)
	NOT-FOR-US: Ripe Website Manager
CVE-2007-2206 (Cross-site scripting (XSS) vulnerability in contact/index.php in Ripe  ...)
	NOT-FOR-US: Ripe Website Manager
CVE-2007-2205 (PHP remote file inclusion vulnerability in modules/rtmessageadd.php in ...)
	NOT-FOR-US: LAN Management System
CVE-2007-2204 (Multiple PHP remote file inclusion vulnerabilities in GPL PHP Board (G ...)
	NOT-FOR-US: GPL PHP Board
CVE-2007-2203 (Cross-site scripting (XSS) vulnerability in Big Blue Guestbook allows  ...)
	NOT-FOR-US: Big Blue Guestbook
CVE-2007-2202 (PHP remote file inclusion vulnerability in inc_ACVS/SOAP/Transport.php ...)
	NOT-FOR-US: Accueil et Conseil en Visites et Sejours Web Services
CVE-2007-2201 (Multiple PHP remote file inclusion vulnerabilities in Post Revolution  ...)
	NOT-FOR-US: Post Revolution
CVE-2007-2200 (Directory traversal vulnerability in navigator/navigator_ok.php in Pag ...)
	NOT-FOR-US: Pagode
CVE-2007-2199 (PHP remote file inclusion vulnerability in lib/pcltar.lib.php (aka pcl ...)
	NOT-FOR-US: Joomla!
CVE-2007-2198 (Cross-site scripting (XSS) vulnerability in LAN Management System (LMS ...)
	NOT-FOR-US: LAN Management System
CVE-2007-2197 (Race condition in the NeatUpload ASP.NET component 1.2.11 through 1.2. ...)
	NOT-FOR-US: NeatUpload
CVE-2007-2196
	NOT-FOR-US: Jambook module for Mambo and Joomla
CVE-2007-2195 (aMSN (aka Alvaro's Messenger) 0.96 and earlier allows remote attackers ...)
	- amsn <not-affected> (Appears bogus, no such port is opened; bug #557754)
CVE-2007-2194 (Stack-based buffer overflow in XnView 1.90.3 allows user-assisted remo ...)
	NOT-FOR-US: XnView
CVE-2007-2193 (Stack-based buffer overflow in the ID_X.apl plugin in ACDSee 9.0 Build ...)
	NOT-FOR-US: ACDSee
CVE-2007-2192 (Buffer overflow in Photofiltre Studio 8.1.1 allows user-assisted remot ...)
	NOT-FOR-US: Photofiltre
CVE-2007-2191 (Multiple cross-site scripting (XSS) vulnerabilities in freePBX 2.2.x a ...)
	NOT-FOR-US: freePBX
CVE-2007-2190 (PHP remote file inclusion vulnerability in admin/public/webpages.php i ...)
	NOT-FOR-US: Eba News
CVE-2007-2189 (PHP remote file inclusion vulnerability in admin/admin_album_otf.php i ...)
	NOT-FOR-US: mxBB Smartor Album
CVE-2007-2188 (eXtremail 2.1.1 and earlier does not verify the ID field (aka transact ...)
	NOT-FOR-US: eXtremail
CVE-2007-2187 (Stack-based buffer overflow in eXtremail 2.1.1 and earlier allows remo ...)
	NOT-FOR-US: eXtremail
CVE-2007-2186 (Foxit Reader 2.0 allows remote attackers to cause a denial of service  ...)
	NOT-FOR-US: Foxit Reader
CVE-2007-2185 (Multiple PHP remote file inclusion vulnerabilities in Supasite 1.23b a ...)
	NOT-FOR-US: Supasite
CVE-2007-2184 (Directory traversal vulnerability in imgsrv.php in jchit counter 1.0.0 ...)
	NOT-FOR-US: jchit
CVE-2007-2183 (SQL injection vulnerability in index.php in PHP-Ring Webring System (a ...)
	NOT-FOR-US: PHP-Ring Webring System
CVE-2007-2182 (Unrestricted file upload vulnerability in forum_write.php in Maran PHP ...)
	NOT-FOR-US: Maran PHP Forum
CVE-2007-2181 (PHP remote file inclusion vulnerability in admin/login.php in Webinsta ...)
	NOT-FOR-US: WEBInsta
CVE-2007-2180 (Buffer overflow in Nullsoft Winamp 5.3 allows user-assisted remote att ...)
	NOT-FOR-US: Nullsoft Winamp
CVE-2007-2179 (Multiple unspecified vulnerabilities in IXceedCompression in XceddZipL ...)
	NOT-FOR-US: RaidenFTPD
CVE-2007-2178 (Multiple unspecified vulnerabilities in Objective Development Sharity  ...)
	NOT-FOR-US: Sharity
CVE-2007-2177 (Stack-based buffer overflow in the Microgaming Download Helper ActiveX ...)
	NOT-FOR-US: Microgaming Download Helper
CVE-2007-2176 (Unspecified vulnerability in Mozilla Firefox allows remote attackers t ...)
	NOT-FOR-US: Related to Apple QuickTime as well, no information about Mozilla being affected is available
CVE-2007-2175 (Apple QuickTime Java extensions (QTJava.dll), as used in Safari and ot ...)
	NOT-FOR-US: Apple QuickTime
CVE-2007-2174 (The IOCTL handling in srescan.sys in the ZoneAlarm Spyware Removal Eng ...)
	NOT-FOR-US: ZoneAlarm
CVE-2007-2173 (Eval injection vulnerability in (1) courier-imapd.indirect and (2) cou ...)
	NOT-FOR-US: Gentoo's packaging of courier
CVE-2007-2172 (A typo in Linux kernel 2.6 before 2.6.21-rc6 and 2.4 before 2.4.35 cau ...)
	{DSA-1503-2 DSA-1504-1 DSA-1503-1 DSA-1363-1 DSA-1356-1}
	- linux-2.6 2.6.21-1 (medium)
CVE-2007-2171 (Stack-based buffer overflow in the base64_decode function in GWINTER.e ...)
	NOT-FOR-US: Novell GroupWise
CVE-2007-2170 (The APPLSYS.FND_DM_NODES package in Oracle E-Business Suite does not c ...)
	NOT-FOR-US: Oracle E-Business Suite
CVE-2007-2169 (Static code injection vulnerability in add.php in Mozzers SubSystem 1. ...)
	NOT-FOR-US: Mozzers SubSystem
CVE-2007-2168 (Static code injection vulnerability in process.php in AimStats 3.2 and ...)
	NOT-FOR-US: AimStats
CVE-2007-2167 (Static code injection vulnerability in process.php in AimStats 3.2 all ...)
	NOT-FOR-US: AimStats
CVE-2007-2166 (PHP remote file inclusion vulnerability in administration/user/lib/gro ...)
	NOT-FOR-US: OpenSurveyPilot
CVE-2007-2165 (The Auth API in ProFTPD before 20070417, when multiple simultaneous au ...)
	- proftpd 1.3.0-24 (low)
	[sarge] - proftpd <no-dsa> (Minor issue)
	- proftpd-dfsg 1.3.0-24 (low)
	[etch] - proftpd-dfsg 1.3.0-19etch1
	NOTE: Minor issue Fixed in 4.0r4 point release
CVE-2007-2164 (Konqueror 3.5.5 release 45.4 allows remote attackers to cause a denial ...)
	- kdelibs <unfixed> (unimportant)
	NOTE: Browser crashes are not treated as security problems
CVE-2007-2163 (Apple Safari allows remote attackers to cause a denial of service (bro ...)
	NOT-FOR-US: Apple Safari
CVE-2007-2162 ((1) Mozilla Firefox 2.0.0.3 and (2) GNU IceWeasel 2.0.0.3 allow remote ...)
	- iceweasel <removed> (unimportant)
	NOTE: Browser crashes are not treated as security problems
CVE-2007-2161 (Microsoft Internet Explorer 7 allows remote attackers to cause a denia ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2007-2160 (Multiple cross-site request forgery (CSRF) vulnerabilities in the Data ...)
	NOT-FOR-US: dba module for Drupal
CVE-2007-2159 (Multiple cross-site scripting (XSS) vulnerabilities in the Database Ad ...)
	NOT-FOR-US: dba module for Drupal
CVE-2007-2158 (PHP remote file inclusion vulnerability in index.php in jGallery 1.3 a ...)
	NOT-FOR-US: jGallery
CVE-2007-2157 (Directory traversal vulnerability in upload/force_download.php in Zomp ...)
	NOT-FOR-US: Zomplog
CVE-2007-2156 (Multiple PHP remote file inclusion vulnerabilities in Rezervi Generic  ...)
	NOT-FOR-US: Rezervi Generic
CVE-2007-2155 (Directory traversal vulnerability in template.php in in phpFaber TopSi ...)
	NOT-FOR-US: phpFaber TopSites
CVE-2007-2154 (PHP remote file inclusion vulnerability in services/samples/inclusionS ...)
	NOT-FOR-US: Cabron Connector
CVE-2007-2153 (Cross-site scripting (XSS) vulnerability in atmail.php in @Mail 5.0 al ...)
	NOT-FOR-US: @Mail
CVE-2007-2152 (Buffer overflow in the On-Access Scanner in McAfee VirusScan Enterpris ...)
	NOT-FOR-US: McAfee VirusScan Enterprise
CVE-2007-2151 (The administration server in McAfee e-Business Server before 8.1.1 and ...)
	NOT-FOR-US: McAfee
CVE-2007-2150 (BlueArc-FTPD in BlueArc Titan 2x00 devices with firmware 4.2.944b allo ...)
	NOT-FOR-US: BlueArc
CVE-2007-2149 (Stephen Craton (aka WiredPHP) Chatness 2.5.3 and earlier stores userna ...)
	NOT-FOR-US: Chatness
CVE-2007-2148 (Direct static code injection vulnerability in admin/save.php in Stephe ...)
	NOT-FOR-US: Chatness
CVE-2007-2147 (admin/options.php in Stephen Craton (aka WiredPHP) Chatness 2.5.3 and  ...)
	NOT-FOR-US: Chatness
CVE-2007-2146 (The imagecomments function in classes.php in MiniGal b13 allow remote  ...)
	NOT-FOR-US: MiniGal
CVE-2007-2145 (The imagecomments function in classes.php in MiniGal b13 allows remote ...)
	NOT-FOR-US: MiniGal
CVE-2007-2144 (PHP remote file inclusion vulnerability in includes/CAltInstaller.php  ...)
	NOT-FOR-US: JoomlaPack
CVE-2007-2143 (PHP remote file inclusion vulnerability in index.php in the Be2004-2 t ...)
	NOT-FOR-US: Be2004-2 template for Joomla
CVE-2007-2142 (Multiple PHP remote file inclusion vulnerabilities in AjPortal2Php all ...)
	NOT-FOR-US: AjPortal2Php
CVE-2007-2141 (Direct static code injection vulnerability in shoutbox.php in ShoutPro ...)
	NOT-FOR-US: ShoutPro
CVE-2007-2140 (PHP remote file inclusion vulnerability in everything.php in Franklin  ...)
	NOT-FOR-US: Flip-search-add-on
CVE-2007-2139 (Multiple stack-based buffer overflows in the SUN RPC service in CA (fo ...)
	NOT-FOR-US: CA BrightStor
CVE-2007-2137 (Heap-based buffer overflow in kde.dll in IBM Tivoli Monitoring Express ...)
	NOT-FOR-US: Tivoli
CVE-2007-2136 (Stack-based buffer overflow in bgs_sdservice.exe in BMC Patrol Perform ...)
	NOT-FOR-US: BMC Patrol PerformAgent
CVE-2007-2135 (The ADI_BINARY component in the Oracle E-Business Suite allows remote  ...)
	NOT-FOR-US: Oracle
CVE-2007-2134 (Unspecified vulnerability in the HTML Server in Oracle JD Edwards Ente ...)
	NOT-FOR-US: Oracle
CVE-2007-2133 (Unspecified vulnerability in the PeopleSoft Enterprise Human Capital M ...)
	NOT-FOR-US: Oracle
CVE-2007-2132 (Unspecified vulnerability in the PeopleTools component in Oracle Peopl ...)
	NOT-FOR-US: Oracle
CVE-2007-2131 (Unspecified vulnerability in PeopleTools in Oracle PeopleSoft Enterpri ...)
	NOT-FOR-US: Oracle
CVE-2007-2130 (Unspecified vulnerability in Workflow Cartridge, as used in Oracle Dat ...)
	NOT-FOR-US: Oracle
CVE-2007-2129 (Unspecified vulnerability in the Agent component in Oracle Enterprise  ...)
	NOT-FOR-US: Oracle
CVE-2007-2128 (Unspecified vulnerability in the Sales Online component for Oracle E-B ...)
	NOT-FOR-US: Oracle
CVE-2007-2127 (Multiple unspecified vulnerabilities in Oracle E-Business Suite 12.0.0 ...)
	NOT-FOR-US: Oracle
CVE-2007-2126 (Unspecified vulnerability in Oracle E-Business Suite 11.5.10CU2 has un ...)
	NOT-FOR-US: Oracle
CVE-2007-2125 (Unspecified vulnerability in Collaborative Workspace in Oracle Collabo ...)
	NOT-FOR-US: Oracle
CVE-2007-2124 (Unspecified vulnerability in the Portal component in Oracle Applicatio ...)
	NOT-FOR-US: Oracle
CVE-2007-2123 (Unspecified vulnerability in the Portal component in Oracle Applicatio ...)
	NOT-FOR-US: Oracle
CVE-2007-2122 (Unspecified vulnerability in the Wireless component in Oracle Applicat ...)
	NOT-FOR-US: Oracle
CVE-2007-2121 (Unspecified vulnerability in the COREid Access component in Oracle App ...)
	NOT-FOR-US: Oracle
CVE-2007-2120 (The Oracle Discoverer servlet in Oracle Application Server 9.0.4.3, 10 ...)
	NOT-FOR-US: Oracle
CVE-2007-2119 (Cross-site scripting (XSS) vulnerability in boundary_rules.jsp in the  ...)
	NOT-FOR-US: Oracle
CVE-2007-2118 (Unspecified vulnerability in the Upgrade/Downgrade component of Oracle ...)
	NOT-FOR-US: Oracle
CVE-2007-2117 (Unspecified vulnerability in the Oracle Text component in Oracle Datab ...)
	NOT-FOR-US: Oracle
CVE-2007-2116 (Unspecified vulnerability in the Advanced Replication component in Ora ...)
	NOT-FOR-US: Oracle
CVE-2007-2115 (Unspecified vulnerability in the Change Data Capture (CDC) component i ...)
	NOT-FOR-US: Oracle
CVE-2007-2114 (Multiple unspecified vulnerabilities in Oracle Database 10.1.0.5 and 1 ...)
	NOT-FOR-US: Oracle
CVE-2007-2113 (SQL injection vulnerability in the Upgrade/Downgrade component (DBMS_U ...)
	NOT-FOR-US: Oracle
CVE-2007-2112 (Unspecified vulnerability in the Authentication component for Oracle D ...)
	NOT-FOR-US: Oracle
CVE-2007-2111 (SQL injection vulnerability in the SYS.DBMS_AQADM_SYS package in Oracl ...)
	NOT-FOR-US: Oracle
CVE-2007-2110 (Unspecified vulnerability in the Core RDBMS component for Oracle Datab ...)
	NOT-FOR-US: Oracle
CVE-2007-2109 (Multiple unspecified vulnerabilities in Oracle Database 10.2.0.3 have  ...)
	NOT-FOR-US: Oracle
CVE-2007-2108 (Unspecified vulnerability in the Core RDBMS component in Oracle Databa ...)
	NOT-FOR-US: Oracle
CVE-2007-XXXX [buffer overflow in mixmaster importing type 2 messages]
	- mixmaster 3.0b2-5 (low; bug #418662)
	[etch] - mixmaster 3.0b2-4.etch1
	[sarge] - mixmaster <not-affected> (Code generation in Sarge pads over this)
CVE-2007-XXXX [heap-based buffer overflow in git-blame with long file names]
	[etch] - git-core <not-affected> (1.4.4.4 tagged 2007-1-8, bug introduced 2007-1-30)
	- git-core 1:1.5.1.2-1 (low)
	NOTE: http://git.kernel.org/?p=git/git.git;a=commit;h=1bb88be99e4fdedcd5cc5292c11b566a00028deb
	NOTE: http://git.kernel.org/?p=git/git.git;a=commitdiff;h=1cfe77333f274c9ba9879c2eb61057a790eb050f
	NOTE: http://git.kernel.org/?p=git/git.git;a=tag;h=ae9ced19800491a5d80de5ee36bc07d68868a4dd
CVE-2007-2138 (Untrusted search path vulnerability in PostgreSQL before 7.3.19, 7.4.x ...)
	{DSA-1311-1 DSA-1309-1}
	- postgresql-8.2 8.2.4-1
	- postgresql-8.1 8.1.9-1
	- postgresql-7.4 1:7.4.17-1
CVE-2007-2107 (SQL injection vulnerability in visit.php in the Rha7 Downloads (rha7do ...)
	NOT-FOR-US: Rha7 Downloads
CVE-2007-2106 (Directory traversal vulnerability in index.php in Kai Content Manageme ...)
	NOT-FOR-US: Kai Content Management System
CVE-2007-2105 (Directory traversal vulnerability in admin/index.php in Monkey CMS 0.0 ...)
	NOT-FOR-US: Monkey CMS
CVE-2007-2104 (Multiple directory traversal vulnerabilities in iXon CMS 0.30 allow re ...)
	NOT-FOR-US: iXon CMS
CVE-2007-2103 (Multiple PHP remote file inclusion vulnerabilities in my little forum  ...)
	NOT-FOR-US: my little forum
CVE-2007-2102 (Cross-site scripting (XSS) vulnerability in weblog.php in my little we ...)
	NOT-FOR-US: my little weblog
CVE-2007-2101 (FAC Guestbook 3.01 stores sensitive information under the web root wit ...)
	NOT-FOR-US: FAC Guestbook
CVE-2007-2100 (FAC Guestbook 2.0 stores sensitive information under the web root with ...)
	NOT-FOR-US: FAC Guestbook
CVE-2007-2099 (Cross-site scripting (XSS) vulnerability in htdocs/php.php in OpenConc ...)
	NOT-FOR-US: OpenConcept Back-End CMS
CVE-2007-2098 (Multiple cross-site scripting (XSS) vulnerabilities in showpic.php in  ...)
	NOT-FOR-US: Wabbit PHP Gallery
CVE-2007-2097
	NOT-FOR-US: OpenConcept Back-End CMS
CVE-2007-2096 (PHP remote file inclusion vulnerability in common.php in Hinton Design ...)
	NOT-FOR-US: PHPHD Download System
CVE-2007-2095 (PHP remote file inclusion vulnerability in chat.php in MySpeach 1.9 al ...)
	NOT-FOR-US: MySpeach
CVE-2007-2094 (PHP remote file inclusion vulnerability in index.php in Anthologia 0.5 ...)
	NOT-FOR-US: Anthologia
CVE-2007-2093 (Direct static code injection vulnerability in index.php in Limesoft Gu ...)
	NOT-FOR-US: Limesoft Guestbook
CVE-2007-2092 (Direct static code injection vulnerability in index.php in Limesoft Gu ...)
	NOT-FOR-US: Limesoft Guestbook
CVE-2007-2091 (PHP remote file inclusion vulnerability in blocks/tsdisplay4xoops_bloc ...)
	NOT-FOR-US: tsdisplay4xoops
CVE-2007-2090 (Cross-site scripting (XSS) vulnerability in index.php in TuMusika Evol ...)
	NOT-FOR-US: TuMusika Evolution
CVE-2007-2089 (Multiple PHP remote file inclusion vulnerabilities in the Jx Developme ...)
	NOT-FOR-US: Jx Development Article component for Mambo and Joomla
CVE-2007-2088 (Multiple PHP remote file inclusion vulnerabilities in Sitebar 3.3.5 an ...)
	- sitebar 3.3.8-7 (low)
	NOTE: this was register globals only and is fixed in Debian anyway
CVE-2007-2087 (Multiple PHP remote file inclusion vulnerabilities in CNStats 2.12, wh ...)
	NOT-FOR-US: CNStats
CVE-2007-2086 (Multiple PHP remote file inclusion vulnerabilities in CNStats 2.9 allo ...)
	NOT-FOR-US: CNStats
CVE-2007-2085 (Cross-site scripting (XSS) vulnerability in oe2edit.cgi in oe2edit CMS ...)
	NOT-FOR-US: oe2edit CMS
CVE-2007-2084
	NOT-FOR-US: MobilePublisherphp
CVE-2007-2083 (vsdatant.sys in Check Point Zone Labs ZoneAlarm Pro before 7.0.302.000 ...)
	NOT-FOR-US: Check Point Zone Labs ZoneAlarm Internet Security Suite
CVE-2007-2082 (Direct static code injection vulnerability in admin/settings.php in My ...)
	NOT-FOR-US: MyBlog
CVE-2007-2081 (MyBlog 0.9.8 and earlier allows remote attackers to bypass authenticat ...)
	NOT-FOR-US: MyBlog
CVE-2007-2080 (Multiple SQL injection vulnerabilities in XAMPP 1.6.0a for Windows all ...)
	NOT-FOR-US: XAMPP
CVE-2007-2079 (The ADONewConnection Connect function in adodb.php in XAMPP 1.6.0a and ...)
	NOT-FOR-US: XAMPP
CVE-2007-2078
	NOT-FOR-US: Maian Weblog
CVE-2007-2077 (PHP remote file inclusion vulnerability in search.php in Maian Search  ...)
	NOT-FOR-US: Maian Search
CVE-2007-2076 (PHP remote file inclusion vulnerability in index.php in Maian Gallery  ...)
	NOT-FOR-US: Maian Gallery
CVE-2007-2075 (ScramDisk 4 Linux before 1.0-1 does not perform permission checks on m ...)
	NOT-FOR-US: ScramDisk
CVE-2007-2074 (Certain programs in containers in ScramDisk 4 Linux before 1.0-1 execu ...)
	NOT-FOR-US: ScramDisk
CVE-2007-2073 (PHP remote file inclusion vulnerability in index.php in Ivan Gallery S ...)
	NOT-FOR-US: Ivan Gallery Script
CVE-2007-2072
	NOT-FOR-US: Ivan Gallery Script
CVE-2007-2071 (Multiple cross-site scripting (XSS) vulnerabilities in Open-gorotto 2. ...)
	NOT-FOR-US: Open-gorotto
CVE-2007-2070 (Multiple PHP remote file inclusion vulnerabilities in Turnkey Web Tool ...)
	NOT-FOR-US: SunShop Shopping Cart
CVE-2007-2069 (Directory traversal vulnerability in scr/soustab.php in openMairie 1.1 ...)
	NOT-FOR-US: openMairie
CVE-2007-2068 (Multiple PHP remote file inclusion vulnerabilities in the StoreFront m ...)
	NOT-FOR-US: StoreFront extension for Gallery
CVE-2007-2067 (Multiple PHP remote file inclusion vulnerabilities in Marco Antonio Is ...)
	NOT-FOR-US: WebSlider
CVE-2007-2066 (UseBB before 1.0.6 allows remote attackers to obtain sensitive informa ...)
	NOT-FOR-US: UseBB
CVE-2007-2065 (PHP remote file inclusion vulnerability in db/PollDB.php in Robert Lad ...)
	NOT-FOR-US: ActionPoll
CVE-2007-2064 (Multiple PHP remote file inclusion vulnerabilities in Robert Ladstaett ...)
	NOT-FOR-US: ActionPoll
CVE-2007-2063 (SSH Tectia Server for IBM z/OS before 5.4.0 uses insecure world-writab ...)
	NOT-FOR-US: IBM zOS
CVE-2007-2062 (Stack-based buffer overflow in VCDGear 3.55 and 3.56 BETA allows user- ...)
	NOT-FOR-US: VCDGear
CVE-2007-2061 (Cross-site scripting (XSS) vulnerability in check_login.asp in AfterLo ...)
	NOT-FOR-US: MailBee WebMail Pro
CVE-2007-2060 (Cross-zone scripting vulnerability in the Wizz RSS Reader before 2.1.9 ...)
	NOT-FOR-US: Wizz RSS Reader
CVE-2007-2059 (Multiple buffer overflows in the ESA protocol implementation in eIQnet ...)
	NOT-FOR-US: eIQnetworks Enterprise Security Analyzer
CVE-2007-2058 (Directory traversal vulnerability in Acubix PicoZip 4.02 allows user-a ...)
	NOT-FOR-US: Acubix PicoZip
CVE-2007-2057 (Stack-based buffer overflow in aircrack-ng airodump-ng 0.7 allows remo ...)
	{DSA-1280-1 DTSA-35-1}
	- aircrack-ng 1:0.7-3 (medium)
	NOTE: http://trac.aircrack-ng.org/changeset/288
CVE-2007-2056
	REJECTED
CVE-2007-2055 (AFFLIB 2.2.8 and earlier allows attackers to execute arbitrary command ...)
	NOT-FOR-US: AFFLIB
CVE-2007-2054 (Multiple format string vulnerabilities in AFFLIB before 2.2.6 allow re ...)
	NOT-FOR-US: AFFLIB
CVE-2007-2053 (Multiple stack-based buffer overflows in AFFLIB before 2.2.6 allow rem ...)
	NOT-FOR-US: AFFLIB
CVE-2007-2052 (Off-by-one error in the PyLocale_strxfrm function in Modules/_localemo ...)
	{DSA-1620-1 DSA-1551-1}
	- python2.4 2.4.4-3 (bug #416931; low)
	- python2.5 2.5.1-1 (bug #416934; low)
	- python2.3 <removed> (low)
CVE-2007-2051 (Buffer overflow in the parsecmd function in bftpd before 1.8 has unkno ...)
	NOT-FOR-US: bftpd
CVE-2007-2050 (Multiple directory traversal vulnerabilities in header.php in RicarGBo ...)
	NOT-FOR-US: RicarGBooK
CVE-2007-2049 (Multiple PHP remote file inclusion vulnerabilities in the Calendar Mod ...)
	NOT-FOR-US: Calendar Module for Mambo
CVE-2007-2048 (Directory traversal vulnerability in /console in the Management Consol ...)
	NOT-FOR-US: webMethods Glue
CVE-2007-2047 (CRLF injection vulnerability in www/delivery/ck.php in Openads 2.3 (ak ...)
	NOT-FOR-US: Openads
CVE-2007-2046 (Multiple CRLF injection vulnerabilities in adclick.php in (a) Openads  ...)
	NOT-FOR-US: Openads
CVE-2007-2045 (Unspecified vulnerability in the IP implementation in Sun Solaris 8 an ...)
	NOT-FOR-US: Sun Solaris
CVE-2007-2044 (PHP remote file inclusion vulnerability in mod_weather.php in the Anto ...)
	NOT-FOR-US: Weather module for Mambo and Joomla
CVE-2007-2043 (Multiple PHP remote file inclusion vulnerabilities in the Avant-Garde  ...)
	NOT-FOR-US: MOSMedia Lite
CVE-2007-2042 (Multiple PHP remote file inclusion vulnerabilities in the Avant-Garde  ...)
	NOT-FOR-US: MOSMedia Lite
CVE-2007-2041 (Cisco Wireless LAN Controller (WLC) before 4.0.206.0 saves the WLAN AC ...)
	NOT-FOR-US: Cisco
CVE-2007-2040 (Cisco Aironet 1000 Series and 1500 Series Lightweight Access Points be ...)
	NOT-FOR-US: Cisco
CVE-2007-2039 (The Network Processing Unit (NPU) in the Cisco Wireless LAN Controller ...)
	NOT-FOR-US: Cisco
CVE-2007-2038 (The Network Processing Unit (NPU) in the Cisco Wireless LAN Controller ...)
	NOT-FOR-US: Cisco
CVE-2007-2037 (Cisco Wireless LAN Controller (WLC) before 3.2.116.21, and 4.0.x befor ...)
	NOT-FOR-US: Cisco
CVE-2007-2036 (The SNMP implementation in the Cisco Wireless LAN Controller (WLC) bef ...)
	NOT-FOR-US: Cisco
CVE-2007-2035 (Cisco Wireless Control System (WCS) before 4.0.66.0 stores sensitive i ...)
	NOT-FOR-US: Cisco
CVE-2007-2034 (Unspecified vulnerability in Cisco Wireless Control System (WCS) befor ...)
	NOT-FOR-US: Cisco
CVE-2007-2033 (Unspecified vulnerability in Cisco Wireless Control System (WCS) befor ...)
	NOT-FOR-US: Cisco
CVE-2007-2032 (Cisco Wireless Control System (WCS) before 4.0.96.0 has a hard-coded F ...)
	NOT-FOR-US: Cisco
CVE-2007-2031 (Buffer overflow in the HTTP proxy service for 3proxy 0.5 to 0.5.3g, an ...)
	- 3proxy <itp> (bug #718219)
CVE-2007-2030 (lharc.c in lha does not securely create temporary files, which might a ...)
	- lha 1.14i-10.2 (bug #437621; low)
	[sarge] - lha <no-dsa> (Non-free not supported)
	[etch] - lha <no-dsa> (Non-free not supported)
CVE-2007-2029 (File descriptor leak in the PDF handler in Clam AntiVirus (ClamAV) all ...)
	{DSA-1281-1 DTSA-37-1}
	- clamav 0.90.2-1 (low; bug #418849)
	NOTE: closed report: https://bugzilla.clamav.net/show_bug.cgi?id=459
	NOTE: Commit r3021 looks as if it's just a null pointer dereference.
CVE-2007-2028 (Memory leak in freeRADIUS 1.1.5 and earlier allows remote attackers to ...)
	- freeradius 1.1.6-1 (low)
	[sarge] - freeradius <no-dsa> (Minor issue)
	[etch] - freeradius <no-dsa> (Minor issue)
CVE-2007-2027 (Untrusted search path vulnerability in the add_filename_to_string func ...)
	- elinks 0.11.1-1.4 (bug #417789; low)
	[sarge] - elinks <no-dsa> (Hardly exploitable)
	[etch] - elinks <no-dsa> (Hardly exploitable)
	NOTE: Unrealistic attack vector, no evidence code injection is possible
CVE-2007-2026 (The gnu regular expression code in file 4.20 allows context-dependent  ...)
	- file 4.20-6 (low)
	[etch] - file 4.17-5etch3
	[sarge] - file <not-affected> (version too old)
CVE-2007-2025 (Unrestricted file upload vulnerability in the UpLoad feature (lib/plug ...)
	{DSA-1371-1}
	- phpwiki 1.3.12p3-6.1 (bug #441390)
CVE-2007-2024 (Unrestricted file upload vulnerability in the UpLoad feature (lib/plug ...)
	{DSA-1371-1}
	- phpwiki 1.3.12p3-6.1 (bug #441390)
CVE-2007-2023 (USB20.dll in Secustick USB flash drive decouples the authorization and ...)
	NOT-FOR-US: Secustick USB flash drive
CVE-2007-2022 (Adobe Macromedia Flash Player 7 and 9, when used with Opera before 9.2 ...)
	- flashplugin-nonfree 9.0.48.0.1
	[sarge] - flashplugin-nonfree <no-dsa> (Non-free not supported)
	[etch] - flashplugin-nonfree <no-dsa> (Non-free not supported)
	NOTE: Flash Plugin has a vulnerablity, which will only be disclosed in a few months
	NOTE: Some browser vendors produce updates, which fix this issue on the browser side,
	NOTE: but that it not of concern for Debian
CVE-2007-2021 (Multiple PHP remote file inclusion vulnerabilities in Pineapple Techno ...)
	NOT-FOR-US: Pineapple Technologies Lore
CVE-2007-2020
	NOT-FOR-US: xodagallery
CVE-2007-2019 (PHP remote file inclusion vulnerability in init.gallery.php in phpGall ...)
	NOT-FOR-US: phpGalleryScript
CVE-2007-2018 (SQL injection vulnerability in msg.php in AlstraSoft Video Share Enter ...)
	NOT-FOR-US: AlstraSoft Video Share Enterprise
CVE-2007-2017 (siteadmin/useredit.php in AlstraSoft Video Share Enterprise does not c ...)
	NOT-FOR-US: AlstraSoft Video Share Enterprise
CVE-2007-2016 (Cross-site scripting (XSS) vulnerability in mysql/phpinfo.php in phpMy ...)
	- phpmyadmin 4:2.6.2-3 (unimportant)
CVE-2007-2015 (PHP remote file inclusion vulnerability in index.php in Request It 1.0 ...)
	NOT-FOR-US: Request It
CVE-2007-2014 (PHP remote file inclusion vulnerability in include/blocks/week_events. ...)
	NOT-FOR-US: MyNews
CVE-2007-2013 (Cross-site scripting (XSS) vulnerability in index.php in JEx-Treme Ein ...)
	NOT-FOR-US: Passworschutz
CVE-2007-2012 (Multiple directory traversal vulnerabilities in MimarSinan CompreXX 4. ...)
	NOT-FOR-US: CompreXX
CVE-2007-2011 (Cross-site scripting (XSS) vulnerability in login.php in DeskPro 2.0.1 ...)
	NOT-FOR-US: DeskPro
CVE-2007-2010 (Double free vulnerability in bftpd before 1.8 allows remote authentica ...)
	NOT-FOR-US: bftpd
CVE-2007-2009 (PHP remote file inclusion vulnerability in index.php in SimpCMS Light  ...)
	NOT-FOR-US: SimpCMS Light
CVE-2007-2008 (Directory traversal vulnerability in admin.php in pL-PHP beta 0.9 allo ...)
	NOT-FOR-US: pL-PHP
CVE-2007-2007 (admin.php in pL-PHP beta 0.9 allows remote attackers to bypass authent ...)
	NOT-FOR-US: pL-PHP
CVE-2007-2006 (Multiple SQL injection vulnerabilities in login.php in pL-PHP beta 0.9 ...)
	NOT-FOR-US: pL-PHP
CVE-2007-2005 (Multiple PHP remote file inclusion vulnerabilities in the Taskhopper 1 ...)
	NOT-FOR-US: Taskhopper component for Mambo and Joomla
CVE-2007-2004 (Multiple SQL injection vulnerabilities in InoutMailingListManager 3.1  ...)
	NOT-FOR-US: InoutMailingListManager
CVE-2007-2003 (InoutMailingListManager 3.1 and earlier sends a Location redirect head ...)
	NOT-FOR-US: InoutMailingListManager
CVE-2007-2002 (InoutMailingListManager 3.1 and earlier allows remote attackers to acc ...)
	NOT-FOR-US: InoutMailingListManager
CVE-2007-2001 (Multiple direct static code injection vulnerabilities in admin/configu ...)
	NOT-FOR-US: Crea-Book
CVE-2007-2000 (Multiple SQL injection vulnerabilities in admin/admin.php in Crea-Book ...)
	NOT-FOR-US: Crea-Book
CVE-2007-1999 (PHP remote file inclusion vulnerability in index.php in Weatimages 1.7 ...)
	NOT-FOR-US: Weatimages
CVE-2007-1998 (Direct static code injection vulnerability in HIOX Guest Book (HGB) 4. ...)
	NOT-FOR-US: HIOX Guest Book
CVE-2007-1997 (Integer signedness error in the (1) cab_unstore and (2) cab_extract fu ...)
	{DSA-1281-1 DTSA-37-1}
	- clamav 0.90.2-1 (high)
CVE-2007-1996 (PHP remote file inclusion vulnerability in codebreak.php in CodeBreak, ...)
	NOT-FOR-US: CodeBreak
CVE-2007-1995 (bgpd/bgp_attr.c in Quagga 0.98.6 and earlier, and 0.99.6 and earlier 0 ...)
	{DSA-1293-1}
	- quagga 0.99.6-5 (low; bug #418323)
	NOTE: The attributes are non-transitive, which means that they
	NOTE: are not propagated via BGP and therefore must originate
	NOTE: from a peer (which is explicitly configured).
CVE-2007-1994 (Unspecified vulnerability in the Address and Routing Parameter Area (A ...)
	NOT-FOR-US: HP-UX ARPA transport
CVE-2007-1993 (Buffer overflow in the pfs_mountd.rpc RPC daemon in the Portable File  ...)
	NOT-FOR-US: HP-UX Portable File System
CVE-2007-1992 (Multiple PHP remote file inclusion vulnerabilities in the com_zoom 2.5 ...)
	NOT-FOR-US: com_zoom
CVE-2007-1991 (Cross-site scripting (XSS) vulnerability in mail/signup.asp in CmailSe ...)
	NOT-FOR-US: CmailServer WebMail
CVE-2007-1990 (PHP remote file inclusion vulnerability in games.php in Sam Crew MyBlo ...)
	NOT-FOR-US: MyBlog
CVE-2007-1989 (Multiple cross-site scripting (XSS) vulnerabilities in DotClear before ...)
	NOT-FOR-US: DotClear
CVE-2007-1988 (Cross-site scripting (XSS) vulnerability in kernel/filters.inc.php in  ...)
	NOT-FOR-US: PHPEcho CMS
CVE-2007-1987
	NOT-FOR-US: PHPEcho CMS
CVE-2007-1986 (Multiple PHP remote file inclusion vulnerabilities in barnraiser AROUN ...)
	NOT-FOR-US: AROUNDMe
CVE-2007-1985 (Multiple PHP remote file inclusion vulnerabilities in phpexplorator.ph ...)
	NOT-FOR-US: phpexplorator
CVE-2007-1984 (PHP remote file inclusion vulnerability in index.php in lite-cms 0.2.1 ...)
	NOT-FOR-US: lite-cms
CVE-2007-1983 (PHP remote file inclusion vulnerability in include/default_header.php  ...)
	NOT-FOR-US: Cyboards PHP Lite
CVE-2007-1982 (Multiple PHP remote file inclusion vulnerabilities in Really Simple PH ...)
	NOT-FOR-US: Really Simple PHP and Ajax
CVE-2007-1981 (The safevoid_vsnprintf function in Metamod-P 1.19p29 and earlier on Wi ...)
	NOT-FOR-US: Metamod-P
CVE-2007-1980 (SQL injection vulnerability in index.php in the Topliste 1.0 module fo ...)
	NOT-FOR-US: Topliste module for PHP-Fusion
CVE-2007-1979 (SQL injection vulnerability in index.php in the PopnupBlog 2.52 and ea ...)
	NOT-FOR-US: PopnupBlog module for Xoops
CVE-2007-1978 (SQL injection vulnerability in index.php in the Arcade 1.00 module for ...)
	NOT-FOR-US: Arcade module for PHP-Fusion
CVE-2007-1977 (Cross-site scripting (XSS) vulnerability in index_cms.php in holaCMS 1 ...)
	NOT-FOR-US: holaCMS
CVE-2007-1976
	NOT-FOR-US: Virii Info module for Xoops
CVE-2007-1975 (Multiple PHP remote file inclusion vulnerabilities in SLAED CMS 2 allo ...)
	NOT-FOR-US: SLAED CMS
CVE-2007-1974 (SQL injection vulnerability in the getArticle function in class/wfsart ...)
	NOT-FOR-US: Xoops modules
CVE-2007-1973 (Race condition in the Virtual DOS Machine (VDM) in the Windows Kernel  ...)
	NOT-FOR-US: Microsoft Windows
CVE-2007-1972
	NOT-FOR-US: BMC Patrol PerformAgent
CVE-2007-XXXX [mydms SQL injection]
	- mydms 1.4.4+1-5
CVE-2007-1971 (SQL injection vulnerability in fotokategori.asp in Gazi Okul Sitesi 20 ...)
	NOT-FOR-US: fotokategori.asp
CVE-2007-1970 (Mozilla Firefox does not warn the user about HTTP elements on an HTTPS ...)
	- iceweasel <removed> (unimportant; bug #556267)
	[etch] - iceweasel <end-of-life> (Etch Packages no longer covered by security support)
	[lenny] - iceweasel <no-dsa> (Minor issue)
CVE-2007-1969 (Cross-site scripting (XSS) vulnerability in admin/modify.php in Sam Cr ...)
	NOT-FOR-US: MyBlog
CVE-2007-1968 (PHP remote file inclusion vulnerability in games.php in Sam Crew MyBlo ...)
	NOT-FOR-US: MyBlog
CVE-2007-1967
	NOT-FOR-US: stat12
CVE-2007-1966 (Session fixation vulnerability in eXV2 CMS 2.0.4.3 and earlier allows  ...)
	NOT-FOR-US: eXV2 CMS
CVE-2007-1965 (Multiple cross-site scripting (XSS) vulnerabilities in eXV2 CMS 2.0.4. ...)
	NOT-FOR-US: eXV2 CMS
CVE-2007-1964 (member.php in MyBB (aka MyBulletinBoard), when debug mode is available ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2007-1963 (SQL injection vulnerability in the create_session function in class_se ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2007-1962 (SQL injection vulnerability in index.php in the WF-Snippets 1.02 and e ...)
	NOT-FOR-US: WF-Snippets module for Xoops
CVE-2007-1961 (PHP remote file inclusion vulnerability in mutant_functions.php in the ...)
	NOT-FOR-US: Mutant portal for phpBB
CVE-2007-1960 (SQL injection vulnerability in visit.php in the Rha7 Downloads (rha7do ...)
	NOT-FOR-US: Rha7 Downloads
CVE-2007-1959 (Unspecified vulnerability in the process_cmdent function in command.cp ...)
	- tinymux <unfixed> (unimportant)
CVE-2007-1958 (Buffer overflow in TinyMUX before 2.4 allows attackers to cause a deni ...)
	- tinymux 2.4.3.31-1
CVE-2007-1957 (Multiple PHP remote file inclusion vulnerabilities in Guernion Sylvain ...)
	NOT-FOR-US: Portail Web Php
CVE-2007-1956 (SQL injection vulnerability in ubbthreads.php in Groupee UBB.threads 6 ...)
	NOT-FOR-US: Groupee UBB.threads
CVE-2007-1955 (Multiple stack-based buffer overflows in the SignKorea SKCrypAX Active ...)
	NOT-FOR-US: SKCrypAX ActiveX control
CVE-2007-1954 (Multiple directory traversal vulnerabilities in ArchiveXpert 2.02 buil ...)
	NOT-FOR-US: ArchiveXpert
CVE-2007-1953 (Session fixation vulnerability in onelook courts on-line allows remote ...)
	NOT-FOR-US: onelook courts on-line
CVE-2007-1952 (Session fixation vulnerability in onelook onebyone CMS allows remote a ...)
	NOT-FOR-US: onelook onebyone CMS
CVE-2007-1951 (Session fixation vulnerability in onelook obo Shop allows remote attac ...)
	NOT-FOR-US: onelook obo Shop
CVE-2007-1950 (Cross-site scripting (XSS) vulnerability in index_cms.php in WebBlizza ...)
	NOT-FOR-US: WebBlizzard CMS
CVE-2007-1949 (Session fixation vulnerability in WebBlizzard CMS allows remote attack ...)
	NOT-FOR-US: WebBlizzard CMS
CVE-2007-1948 (Buffer overflow in IrfanView 3.99 allows context-dependent attackers t ...)
	NOT-FOR-US: IrfanView
CVE-2007-1947 (Cross-zone scripting vulnerability in the DOM templates (domplates) us ...)
	NOT-FOR-US: Firebug extension for Firefox
CVE-2007-1946 (Integer overflow in Windows Explorer in Microsoft Windows XP SP1 might ...)
	NOT-FOR-US: WIndows Explorer
CVE-2007-1945 (Unspecified vulnerability in the Servlet Engine/Web Container in IBM W ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2007-1944 (The Java Message Service (JMS) in IBM WebSphere Application Server (WA ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2007-1943 (Integer overflow in ACDSee Photo Manager 9.0 allows context-dependent  ...)
	NOT-FOR-US: ACDSee Photo Manager
CVE-2007-1942 (Integer overflow in FastStone Image Viewer 2.9 allows context-dependen ...)
	NOT-FOR-US: FastStone Image Viewer
CVE-2007-1941 (Cross-site scripting (XSS) vulnerability in the Active Content Filter  ...)
	NOT-FOR-US: Domino Web Access
CVE-2007-1940 (IBM Tivoli Business Service Manager (TBSM) 4.1 before Interim Fix 1 lo ...)
	NOT-FOR-US: IBM Tivoli Business Service Manager
CVE-2007-1939 (Cross-site scripting (XSS) vulnerability in the embedded webserver in  ...)
	NOT-FOR-US: LanguageTool
CVE-2007-1938 (Ichitaro 2005 through 2007, and possibly related products, allows remo ...)
	NOT-FOR-US: Ichitaro
CVE-2007-1937 (PHP remote file inclusion vulnerability in smilies.php in Scorp Book 1 ...)
	NOT-FOR-US: Scorp Book
CVE-2007-1936 (PHP remote file inclusion vulnerability in scaradcontrol.php in ScarAd ...)
	NOT-FOR-US: ScarAdControl
CVE-2007-1935 (PHP file inclusion vulnerability in admin/index.php in ScarAdControl ( ...)
	NOT-FOR-US: ScarAdControl
CVE-2007-1934 (Directory traversal vulnerability in member.php in the eBoard 1.0.7 mo ...)
	NOT-FOR-US: eBoard module for PHP-Nuke
CVE-2007-1933 (Multiple directory traversal vulnerabilities in PcP-Guestbook (PcP-Boo ...)
	NOT-FOR-US: PcP-Guestbook
CVE-2007-1932 (Directory traversal vulnerability in scarnews.inc.php in ScarNews 1.2. ...)
	NOT-FOR-US: ScarNews
CVE-2007-1931 (SQL injection vulnerability in index.php in the slownik module in Smod ...)
	NOT-FOR-US: SmodCMS
CVE-2007-1930 (Directory traversal vulnerability in download2.php in cattaDoc 2.21, a ...)
	NOT-FOR-US: cattaDoc
CVE-2007-1929 (Directory traversal vulnerability in downloadpic.php in Beryo 2.0, and ...)
	NOT-FOR-US: Beryo
CVE-2007-1928 (Directory traversal vulnerability in index.php in witshare 0.9 allows  ...)
	NOT-FOR-US: witshare
CVE-2007-1927 (Cross-site scripting (XSS) vulnerability in signup.asp in CmailServer  ...)
	NOT-FOR-US: CmailServer WebMail
CVE-2007-1926 (Cross-site scripting (XSS) vulnerability in JBMC Software DirectAdmin  ...)
	NOT-FOR-US: JBMC Software DirectAdmin
CVE-2007-1925 (The borrado function in modules/Your_Account/index.php in Tru-Zone Nuk ...)
	NOT-FOR-US: Tru-Zone Nuke ET
CVE-2007-1924
	NOT-FOR-US: phpContact
CVE-2007-1923 ((1) LedgerSMB and (2) DWS Systems SQL-Ledger implement access control  ...)
	- sql-ledger <unfixed> (unimportant; bug #409703)
CVE-2007-1922 (The Impulse Tracker (IT) and ScreamTracker 3 (S3M) modules in IN_MOD.D ...)
	NOT-FOR-US: Winamp
CVE-2007-1921 (LIBSNDFILE.DLL, as used by AOL Nullsoft Winamp 5.33 and possibly other ...)
	NOT-FOR-US: Winamp
CVE-2007-1920 (SQL injection vulnerability in index.php in the aktualnosci module in  ...)
	NOT-FOR-US: aktualnosci module in SmodBIP
CVE-2007-1919 (Cross-site scripting (XSS) vulnerability in index.php in Arizona Dream ...)
	NOT-FOR-US: Arizona Dream Livre d'or
CVE-2007-1918 (The RFC_SET_REG_SERVER_PROPERTY function in the SAP RFC Library 6.40 a ...)
	NOT-FOR-US: SAP RFC Library
CVE-2007-1917 (Buffer overflow in the SYSTEM_CREATE_INSTANCE function in the SAP RFC  ...)
	NOT-FOR-US: SAP RFC Library
CVE-2007-1916 (Buffer overflow in the RFC_START_GUI function in the SAP RFC Library 6 ...)
	NOT-FOR-US: SAP RFC Library
CVE-2007-1915 (Buffer overflow in the RFC_START_PROGRAM function in the SAP RFC Libra ...)
	NOT-FOR-US: SAP RFC Library
CVE-2007-1914 (The RFC_START_PROGRAM function in the SAP RFC Library 6.40 and 7.00 be ...)
	NOT-FOR-US: SAP RFC Library
CVE-2007-1913 (The TRUSTED_SYSTEM_SECURITY function in the SAP RFC Library 6.40 and 7 ...)
	NOT-FOR-US: SAP RFC Library
CVE-2007-1912 (Heap-based buffer overflow in Microsoft Windows allows user-assisted r ...)
	NOT-FOR-US: Microsoft Windows
CVE-2007-1911 (Multiple unspecified vulnerabilities in Microsoft Word 2007 allow remo ...)
	NOT-FOR-US: Microsoft Word
CVE-2007-1910 (Buffer overflow in wwlib.dll in Microsoft Word 2007 allows remote atta ...)
	NOT-FOR-US: Microsoft Word
CVE-2007-1909 (SQL injection vulnerability in login.php in Ryan Haudenschilt Battle.n ...)
	NOT-FOR-US: Battle.net Clan Script
CVE-2007-1908 (PHP file inclusion vulnerability in php121db.php in PHP121 Instant Mes ...)
	NOT-FOR-US: PHP121 Instant Messenger
CVE-2007-1907 (PHP remote file inclusion vulnerability in warn.php in Pathos Content  ...)
	NOT-FOR-US: Pathos CMS
CVE-2007-1906 (Directory traversal vulnerability in richedit/keyboard.php in eCardMAX ...)
	NOT-FOR-US: eCardMAX HotEditor
CVE-2007-1905 (Cross-site scripting (XSS) vulnerability in auth.php in Pineapple Tech ...)
	NOT-FOR-US: QuizShock
CVE-2007-1904 (Directory traversal vulnerability in AOL Instant Messenger (AIM) 5.9 a ...)
	NOT-FOR-US: AOL Instant Messenger
CVE-2007-1903 (Cross-site scripting (XSS) vulnerability in search.php in SonicBB 1.0  ...)
	NOT-FOR-US: SonicBB
CVE-2007-1902 (Multiple SQL injection vulnerabilities in SonicBB 1.0 allow remote att ...)
	NOT-FOR-US: SonicBB
CVE-2007-1901 (SonicBB 1.0 allows remote attackers to obtain sensitive information vi ...)
	NOT-FOR-US: SonicBB
CVE-2007-1900 (CRLF injection vulnerability in the FILTER_VALIDATE_EMAIL filter in ex ...)
	{DSA-1283-1 DTSA-39-1}
	- php5 5.2.0-11 (low)
CVE-2007-1899 (Multiple SQL injection vulnerabilities in myWebland myBloggie 2.1.6 al ...)
	NOT-FOR-US: myWebland myBloggie
CVE-2007-1898 (formmail.php in Jetbox CMS 2.1 allows remote attackers to send arbitra ...)
	NOT-FOR-US: Jetbox CMS
CVE-2007-1897 (SQL injection vulnerability in xmlrpc (xmlrpc.php) in WordPress 2.1.2, ...)
	{DSA-1285-1}
	- wordpress 2.1.3-1 (medium)
CVE-2007-1896 (Directory traversal vulnerability in chat.php in Sky GUNNING MySpeach  ...)
	NOT-FOR-US: Sky GUNNING MySpeach
CVE-2007-1895 (PHP remote file inclusion vulnerability in chat.php in Sky GUNNING MyS ...)
	NOT-FOR-US: Sky GUNNING MySpeach
CVE-2007-1894 (Cross-site scripting (XSS) vulnerability in wp-includes/general-templa ...)
	{DSA-1285-1}
	- wordpress 2.1.3-1 (medium)
CVE-2007-1893 (xmlrpc (xmlrpc.php) in WordPress 2.1.2, and probably earlier, allows r ...)
	{DSA-1285-1}
	- wordpress 2.1.3-1 (medium)
CVE-2007-1892 (Stack-based buffer overflow in Akamai Technologies Download Manager Ac ...)
	NOT-FOR-US: Akamai
CVE-2007-1891 (Stack-based buffer overflow in the GetPrivateProfileSectionW function  ...)
	NOT-FOR-US: Akamai
CVE-2007-1890 (Integer overflow in the msg_receive function in PHP 4 before 4.4.5 and ...)
	- php4 <removed> (unimportant)
	- php5 <removed> (unimportant)
	NOTE: local code execution only, possibly only on FreeBSD
CVE-2007-1889 (Integer signedness error in the _zend_mm_alloc_int function in the Zen ...)
	{DSA-1283-1 DTSA-39-1}
	- php5 5.2.0-11 (medium)
CVE-2007-1888 (Buffer overflow in the sqlite_decode_binary function in src/encode.c i ...)
	- sqlite 2.8.17-2.1 (unimportant; bug #441233; bug #526328)
	NOTE: this is really just an "unsafe" API, not really a security issue against sqlite itself.
	NOTE: SQLite 3 no longer contains the affected function.
CVE-2007-1887 (Buffer overflow in the sqlite_decode_binary function in the bundled sq ...)
	{DSA-1283-1 DTSA-39-1}
	- php4 <not-affected> (SQLite not enabled in PHP 4 packages)
	- php5 5.2.0-11 (medium)
	- php4-sqlite <removed> (medium; bug #420456)
	NOTE: php5 is vulnerable due to improper use of the system sqlite libs
CVE-2007-1886 (Integer overflow in the str_replace function in PHP 4.4.5 and PHP 5.2. ...)
	NOTE: Duplicate of CVE-2007-1885
CVE-2007-1885 (Integer overflow in the str_replace function in PHP 4 before 4.4.5 and ...)
	NOTE: Dupe of CVE-2007-0906; Fixed in DSA-1264, php5 5.2.0-9, php4 6:4.4.4-9
CVE-2007-1884 (Multiple integer signedness errors in the printf function family in PH ...)
	NOTE: Dupe of CVE-2007-0909; Fixed in DSA-1264, php5 5.2.0-9, php4 6:4.4.4-9
CVE-2007-1883 (PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 allows context-depende ...)
	- php4 <removed> (unimportant)
	- php5 <removed> (unimportant)
	NOTE: Only triggerable by malicious script
CVE-2007-1882 (qcbin/servlet/tdservlet/TDAPI_GeneralWebTreatment in HP Mercury Qualit ...)
	NOT-FOR-US: HP Mercury Quality Center
CVE-2007-1881 (Unspecified vulnerability in KLIF (klif.sys) in Kaspersky Anti-Virus,  ...)
	NOT-FOR-US: Kaspersky Anti-Virus
CVE-2007-1880 (Integer overflow in the _NtSetValueKey function in klif.sys in Kaspers ...)
	NOT-FOR-US: Kaspersky Anti-Virus
CVE-2007-1879 (The StartUploading function in KL.SysInfo ActiveX control (AxKLSysInfo ...)
	NOT-FOR-US: KL.SysInfo ActiveX control
CVE-2007-1878 (Cross-zone scripting vulnerability in the DOM templates (domplates) us ...)
	NOT-FOR-US: Firebug extension for Firefox
CVE-2007-1877 (VMware Workstation before 5.5.4 allows attackers to cause a denial of  ...)
	NOT-FOR-US: VMware
CVE-2007-1876 (VMware Workstation before 5.5.4, when running a 64-bit Windows guest o ...)
	NOT-FOR-US: VMware
CVE-2007-1875
	RESERVED
CVE-2007-1874 (Adobe ColdFusion MX 7 for Linux and Solaris uses insecure permissions  ...)
	NOT-FOR-US: Adobe ColdFusion MX
CVE-2007-1873 (Cross-site scripting (XSS) vulnerability in Mephisto 0.7.3 allows remo ...)
	NOT-FOR-US: mephisto
CVE-2007-1872 (Cross-site scripting (XSS) vulnerability in toendaCMS 1.5.3 allows rem ...)
	NOT-FOR-US: toendaCMS
CVE-2007-1871 (Cross-site scripting (XSS) vulnerability in chcounter 3.1.3 allows rem ...)
	NOT-FOR-US: chcounter
CVE-2007-1870 (lighttpd before 1.4.14 allows attackers to cause a denial of service ( ...)
	{DSA-1303-1}
	- lighttpd 1.4.15-1 (low; bug #422254)
CVE-2007-1869 (lighttpd 1.4.12 and 1.4.13 allows remote attackers to cause a denial o ...)
	{DSA-1303-1}
	- lighttpd 1.4.15-1 (medium; bug #422254)
CVE-2007-1868 (The management service in IBM Tivoli Provisioning Manager for OS Deplo ...)
	NOT-FOR-US: IBM Tivoli Provisioning Manager
CVE-2007-1867 (Buffer overflow in IrfanView 3.99 allows remote attackers to execute a ...)
	NOT-FOR-US: IrfanView
CVE-2007-1866 (Stack-based buffer overflow in the dns_decode_reverse_name function in ...)
	NOT-FOR-US: dproxy-nexgen
CVE-2007-1865
	NOT-FOR-US: not a bug
CVE-2007-1864 (Buffer overflow in the bundled libxmlrpc library in PHP before 4.4.7,  ...)
	{DSA-1331-1 DSA-1330-1}
	- php4 <removed>
	- php5 5.2.2-1
CVE-2007-1863 (cache_util.c in the mod_cache module in Apache HTTP Server (httpd), wh ...)
	- apache2 2.2.4-1 (low)
	- apache <removed> (unimportant)
	[sarge] - apache2 2.0.54-5sarge2
	[etch] - apache2 2.2.3-4+etch2
	NOTE: Apache 1.3 is non-threaded, therefore unimportant
CVE-2007-1862 (The recall_headers function in mod_mem_cache in Apache 2.2.4 does not  ...)
	- apache2 <not-affected> (Only Apache 2.2.4 was affected, and all versions of 2.2.4 in Debian are fixed)
CVE-2007-1861 (The nl_fib_lookup function in net/ipv4/fib_frontend.c in Linux Kernel  ...)
	{DSA-1289-1}
	- linux-2.6 2.6.21-1
CVE-2007-1860 (mod_jk in Apache Tomcat JK Web Server Connector 1.2.x before 1.2.23 de ...)
	{DSA-1312-1}
	- libapache-mod-jk 1:1.2.23-1 (bug #425836)
CVE-2007-1859 (XScreenSaver 4.10, when using a remote directory service for credentia ...)
	- xscreensaver 5.03-1 (low; bug #433964)
	[etch] - xscreensaver <no-dsa> (Minor issue, requires attacker with high level of control, see #433964)
	[sarge] - xscreensaver <no-dsa> (Minor issue, requires attacker with high level of control, see #433964)
CVE-2007-1858 (The default SSL cipher configuration in Apache Tomcat 4.1.28 through 4 ...)
	NOTE: insecure ciphers should not be (and usually are not) enabled in browsers
	[sarge] - tomcat4 <no-dsa> (low)
	[etch] - tomcat5 <no-dsa> (low; bug #423435)
	- tomcat5 <removed> (low; bug #423435)
	- tomcat5.5 5.5.17-1 (low)
	- tomcat4 <removed> (low)
CVE-2007-1857
	REJECTED
CVE-2007-1856 (Vixie Cron before 4.1-r10 on Gentoo Linux is installed with insecure p ...)
	- cron <not-affected> (Debian uses proper permission scheme)
CVE-2007-1855 (Multiple PHP remote file inclusion vulnerabilities in smarty/smarty_cl ...)
	NOT-FOR-US: Shop-Script
CVE-2007-1854 (Unspecified vulnerability in Hitachi Cosminexus Component Container 07 ...)
	NOT-FOR-US: Hitachi Cosminexus Component Container
CVE-2007-1853 (Unspecified vulnerability in Hitachi JP1/HiCommand DeviceManager, Glob ...)
	NOT-FOR-US: Hitachi DeviceManager
CVE-2007-1852
	NOT-FOR-US: 2BGal
CVE-2007-1851 (Multiple directory traversal vulnerabilities in Really Simple PHP and  ...)
	NOT-FOR-US: Really Simple PHP and Ajax
CVE-2007-1850 (Directory traversal vulnerability in classes/captcha/captcha.jpg.php i ...)
	NOT-FOR-US: Drake CMS
CVE-2007-1849 (Directory traversal vulnerability in 404.php in Drake CMS allows remot ...)
	NOT-FOR-US: Drake CMS
CVE-2007-1848 (Cross-site scripting (XSS) vulnerability in admin/classes/ui.dta.php i ...)
	NOT-FOR-US: Drake CMS
CVE-2007-1847 (SQL injection vulnerability in viewcat.php in the Repository module fo ...)
	NOT-FOR-US: Repository module for Xoops
CVE-2007-1846 (SQL injection vulnerability in index.php in the MyAds 2.04jp and earli ...)
	NOT-FOR-US: MyAds
CVE-2007-1845 (SQL injection vulnerability in show_event.php in the Expanded Calendar ...)
	NOT-FOR-US: Expanded Calendar module for PHP-Fusion
CVE-2007-1844 (Multiple PHP remote file inclusion vulnerabilities in Aardvark Topsite ...)
	NOT-FOR-US: Aardvark Topsites
CVE-2007-1843 (PHP remote file inclusion vulnerability in gmapfactory/params.php in M ...)
	NOT-FOR-US: MapLab
CVE-2007-1842 (Directory traversal vulnerability in login.php in JSBoard before 2.0.1 ...)
	NOT-FOR-US: JSBoard
CVE-2007-1841 (The isakmp_info_recv function in src/racoon/isakmp_inf.c in racoon in  ...)
	{DSA-1299-1 DTSA-42-1}
	- ipsec-tools 1:0.6.6-3.2 (medium; bug #423252)
	[sarge] - ipsec-tools <not-affected> (the older stream of development used in the sarge package is not vulnerable - a code change that went into that branch coincidentally fixed it and this change was already there in sarge)
CVE-2007-XXXX [initramfs-tools creates /dev/root world-readable]
	- initramfs-tools 0.85g (low; bug #417995)
CVE-2007-1840 (lib/modules.inc in LDAP Account Manager (LAM) before 1.3.0 does not es ...)
	{DSA-1287-1}
	- ldap-account-manager 1.1.1-2 (medium; bug #415379)
CVE-2007-1839 (Multiple PHP remote file inclusion vulnerabilities in CodeBB 1.1b3 and ...)
	NOT-FOR-US: CodeBB
CVE-2007-1838 (SQL injection vulnerability in view.php in the Friendfinder 3.3 and ea ...)
	NOT-FOR-US: Friendfinder module for Xoops
CVE-2007-1837 (Multiple PHP remote file inclusion vulnerabilities in MangoBery CMS 0. ...)
	NOT-FOR-US: MangoBery CMS
CVE-2007-1836 (The command line administration interface in Data Domain OS before 4.0 ...)
	NOT-FOR-US: Data Domain OS
CVE-2007-1835 (PHP 4 before 4.4.5 and PHP 5 before 5.2.1, when using an empty session ...)
	- php4 <removed> (unimportant)
	- php5 <removed> (unimportant)
	NOTE: open_basedir bypasses not supported
CVE-2007-1834 (Cisco Unified CallManager (CUCM) 5.0 before 5.0(4a)SU1 and Cisco Unifi ...)
	NOT-FOR-US: Cisco
CVE-2007-1833 (The Skinny Call Control Protocol (SCCP) implementation in Cisco Unifie ...)
	NOT-FOR-US: Cisco
CVE-2007-1832 (web-app.org WebAPP before 0.9.9.6 allows remote authenticated users to ...)
	NOT-FOR-US: WebAPP
CVE-2007-1831 (web-app.org WebAPP before 0.9.9.6 allows remote authenticated users to ...)
	NOT-FOR-US: WebAPP
CVE-2007-1830 (Unspecified vulnerability in the Username Hijacking Patch 20070312 for ...)
	NOT-FOR-US: WebAPP
CVE-2007-1829 (Multiple unspecified vulnerabilities in web-app.net WebAPP have unknow ...)
	NOT-FOR-US: WebAPP
CVE-2007-1828 (Multiple cross-site scripting (XSS) vulnerabilities in web-app.org Web ...)
	NOT-FOR-US: WebAPP
CVE-2007-1827 (Multiple unspecified vulnerabilities in form input validation in web-a ...)
	NOT-FOR-US: WebAPP
CVE-2007-1826 (Unspecified vulnerability in the IPSec Manager Service for Cisco Unifi ...)
	NOT-FOR-US: Cisco
CVE-2007-1825 (Buffer overflow in the imap_mail_compose function in PHP 5 before 5.2. ...)
	NOTE: Dupe of CVE-2007-0906; Fixed in DSA-1264, php5 5.2.0-9, php4 6:4.4.4-9
CVE-2007-1824 (Buffer overflow in the php_stream_filter_create function in PHP 5 befo ...)
	{DSA-1283-1 DTSA-39-1}
	- php5 5.2.0-11 (medium)
CVE-2007-1823 (T-Mobile voice mail systems allow remote attackers to retrieve or remo ...)
	NOT-FOR-US: T-Mobile
CVE-2007-1822 (Alcatel-Lucent Lucent Technologies voice mail systems allow remote att ...)
	NOT-FOR-US: Alcatel-Lucent
CVE-2007-1821 (Sprint Nextel Sprint voice mail systems allow remote attackers to retr ...)
	NOT-FOR-US: Sprint Nextel
CVE-2007-1820 (Nortel Networks CallPilot and Meridian Mail voicemail systems, when a  ...)
	NOT-FOR-US: Nortel Networks
CVE-2007-1819 (Stack-based buffer overflow in the SPIDERLib.Loader ActiveX control (S ...)
	NOT-FOR-US: ActiveX control in TestDirector
CVE-2007-1818 (PHP remote file inclusion vulnerability in MOD_forum_fields_parse.php  ...)
	NOT-FOR-US: Forum picture and META tags module for phpBB
CVE-2007-1817 (SQL injection vulnerability in index.php in the Lykos Reviews (lykos_r ...)
	NOT-FOR-US: Lykos Reviews module for Xoops
CVE-2007-1816 (SQL injection vulnerability in viewcat.php in the Tutoriais module for ...)
	NOT-FOR-US: Tutorials module for Xoops
CVE-2007-1815 (SQL injection vulnerability in viewcat.php in the Library module for X ...)
	NOT-FOR-US: Library module for Xoops
CVE-2007-1814 (SQL injection vulnerability in viewcat.php in the Core module for Xoop ...)
	NOT-FOR-US: Core module for Xoops
CVE-2007-1813 (SQL injection vulnerability in display.php in the eCal 2.24 and earlie ...)
	NOT-FOR-US: eCal module for Xoops
CVE-2007-1812 (PHP remote file inclusion vulnerability in utilitaires/gestion_sondage ...)
	NOT-FOR-US: BT-Sondage
CVE-2007-1811 (SQL injection vulnerability in index.php in the Tiny Event (tinyevent) ...)
	NOT-FOR-US: Tiny Event module for Xoops
CVE-2007-1810 (SQL injection vulnerability in product_details.php in the Kshop 1.17 a ...)
	NOT-FOR-US: Kshop module for Xoops
CVE-2007-1809 (Multiple PHP remote file inclusion vulnerabilities in GraFX Company We ...)
	NOT-FOR-US: WebSite Builder
CVE-2007-1808 (SQL injection vulnerability in show.php in the Camportail 1.1 and earl ...)
	NOT-FOR-US: Camportail module for Xoops
CVE-2007-1807 (SQL injection vulnerability in modules/myalbum/viewcat.php in the myAl ...)
	NOT-FOR-US: myAlbum-P module for Xoops
CVE-2007-1806 (SQL injection vulnerability in categos.php in the RM+Soft Gallery (rmg ...)
	NOT-FOR-US: RM+Soft Gallery module for Xoops
CVE-2007-1805 (SQL injection vulnerability in genre.php in the debaser 0.92 and earli ...)
	NOT-FOR-US: debaser module for Xoops
CVE-2007-1804 (PulseAudio 0.9.5 allows remote attackers to cause a denial of service  ...)
	{DTSA-44-1}
	- pulseaudio 0.9.6-1 (low)
	[etch] - pulseaudio <no-dsa> (Minor issue)
CVE-2007-1803 (Unspecified vulnerability in MailDwarf 3.01 and earlier allows remote  ...)
	NOT-FOR-US: MailDwarf
CVE-2007-1802 (Cross-site scripting (XSS) vulnerability in MailDwarf 3.01 and earlier ...)
	NOT-FOR-US: MailDwarf
CVE-2007-1801 (Directory traversal vulnerability in inc/lang.php in sBLOG 0.7.3 Beta  ...)
	NOT-FOR-US: sBLOG
CVE-2007-1800 (Cisco Secure ACS does not require authentication when Cisco Trust Agen ...)
	NOT-FOR-US: Cisco
CVE-2007-1799 (Directory traversal vulnerability in torrent.cpp in KTorrent before 2. ...)
	{DSA-1373-2 DSA-1373-1}
	- ktorrent 2.1.4.dfsg.1-1 (medium; bug #432007)
CVE-2007-1798 (Buffer overflow in the drmgr command in IBM AIX 5.2 and 5.3 allows loc ...)
	NOT-FOR-US: IBM AIX
CVE-2007-1797 (Multiple integer overflows in ImageMagick before 6.3.3-5 allow remote  ...)
	{DSA-1903-1 DSA-1858-1}
	- imagemagick 7:6.2.4.5.dfsg1-1 (medium)
	- graphicsmagick 1.1.7-15 (medium)
CVE-2007-1796 (Multiple unspecified vulnerabilities in JCcorp URLshrink before 1.3.2  ...)
	NOT-FOR-US: URLshrink
CVE-2007-1795 (JCcorp URLshrink 1.3.1 allows remote attackers to execute arbitrary PH ...)
	NOT-FOR-US: URLshrink
CVE-2007-1794 (The Javascript engine in Mozilla 1.7 and earlier on Sun Solaris 8, 9,  ...)
	NOTE: Duplicate of CVE-2006-3805
CVE-2007-1793 (SPBBCDrv.sys in Symantec Norton Personal Firewall 2006 9.1.0.33 and 9. ...)
	NOT-FOR-US: Symantec Norton Personal Firewall
CVE-2007-1792 (libdayzero.dll in the Filter Hub Service (filter-hub.exe) in Symantec  ...)
	NOT-FOR-US: Symantec Mail Security
CVE-2007-1791 (SQL injection vulnerability in wall.php in Picture-Engine 1.2.0 and ea ...)
	NOT-FOR-US: Picture-Engine
CVE-2007-1790 (Multiple PHP remote file inclusion vulnerabilities in Kaqoo Auction So ...)
	NOT-FOR-US: Kaqoo Auction Software
CVE-2007-1789 (Flyspray 0.9.9 allows remote attackers to obtain sensitive information ...)
	- flyspray <not-affected> (Code was introduced in 0.9.9, not sensitive anyway)
CVE-2007-1788 (Flyspray 0.9.9, when output_buffering is disabled or "set to a low val ...)
	- flyspray 0.9.8-10 (medium)
	[sarge] - flyspray <not-affected> (Vulnerable code not present)
CVE-2007-1787 (Multiple PHP remote file inclusion vulnerabilities in lib/timesheet.cl ...)
	NOT-FOR-US: Time-Assistant
CVE-2007-1786 (SQL injection vulnerability in Hitachi Collaboration - Online Communit ...)
	NOT-FOR-US: Hitachi Collaboration
CVE-2007-1785 (The RPC service in mediasvr.exe in CA BrightStor ARCserve Backup 11.5  ...)
	NOT-FOR-US: CA BrightStor ARCserve Backup
CVE-2007-1784 (The JNILoader ActiveX control (STJNILoader.ocx) 3.1.0.26 in IBM Lotus  ...)
	NOT-FOR-US: JNILoader ActiveX control
CVE-2007-1783
	REJECTED
CVE-2007-XXXX [low-entropy default passphrase in Debian's dtc-xen]
	- dtc-xen 0.2.8-1 (low; bug #414480)
CVE-2007-XXXX [file permission race conidition in Debian's dtc-xen]
	- dtc-xen 0.2.8-1 (low; bug #414482)
CVE-2007-XXXX [too lenient UTF-8 decoder in kjs/function.cpp]
	- kdelibs 4:3.5.5a.dfsg.1-8
CVE-2007-XXXX [double-free vulnerability in the Real Media demuxer]
	- ffmpeg 0.cvs20060823-8 (low; bug #379922)
	- xmovie <not-affected> (this is not an issue in the avformat ffmpeg code copy)
CVE-2007-XXXX [various crashes and infinite loops in ffmpeg]
	- ffmpeg 0.cvs20060823-8 (low; bug #407003)
	- xmovie <removed>
CVE-2007-1782 (CruiseWorks 1.09e and earlier does not properly restrict user access t ...)
	NOT-FOR-US: CruiseWorks
CVE-2007-1781 (Minna De Office 1.x and 2.x does not properly restrict user access to  ...)
	NOT-FOR-US: Minna De Office
CVE-2007-1780 (Cross-site scripting (XSS) vulnerability in the DHT shell (owdhtshell) ...)
	NOT-FOR-US: Overlay Weaver
CVE-2007-1779 (Multiple SQL injection vulnerabilities in the MySQL back-end in Advanc ...)
	NOT-FOR-US: Advanced Website Creator
CVE-2007-1778 (PHP remote file inclusion vulnerability in db/mysql.php in the Eve-Nuk ...)
	NOT-FOR-US: Eve-Nuke
CVE-2007-1777 (Integer overflow in the zip_read_entry function in PHP 4 before 4.4.5  ...)
	{DSA-1283-1 DSA-1282-1 DTSA-39-1 DTSA-40-1}
	- php4 6:4.4.6-1 (medium)
	- php5 5.2.0-11 (medium)
CVE-2007-1776 (SQL injection vulnerability in index.php in the DesignForJoomla.com D4 ...)
	NOT-FOR-US: D4J eZine
CVE-2007-1775 (Unrestricted file upload vulnerability in upload.php3 in JBrowser 2.4  ...)
	NOT-FOR-US: JBrowser
CVE-2007-1774 (Multiple cross-site scripting (XSS) vulnerabilities in aBitWhizzy allo ...)
	NOT-FOR-US: aBitWhizzy
CVE-2007-1773 (Multiple directory traversal vulnerabilities in aBitWhizzy allow remot ...)
	NOT-FOR-US: aBitWhizzy
CVE-2007-1772 (The FTP service in HP JetDirect print servers allows remote attackers  ...)
	NOT-FOR-US: HP JetDirect
CVE-2007-1771 (PHP remote file inclusion vulnerability in manage/javascript/formjavas ...)
	NOT-FOR-US: Ay System Solutions Web Content System
CVE-2007-1770 (Buffer overflow in the ArcSDE service (giomgr) in Environmental System ...)
	NOT-FOR-US: ArcSDE
CVE-2007-1769
	REJECTED
CVE-2007-1768 (Cross-site scripting (XSS) vulnerability in app/helpers/application_he ...)
	NOT-FOR-US: Mephisto
CVE-2007-1767 (Unspecified vulnerability in (1) Deskbar.dll and (2) Toolbar.dll in AO ...)
	NOT-FOR-US: AOL
CVE-2007-1766 (PHP remote file inclusion vulnerability in login/engine/db/profiledit. ...)
	NOT-FOR-US: Advanced Login
CVE-2007-1765 (Unspecified vulnerability in Microsoft Windows 2000 SP4 through Vista  ...)
	NOT-FOR-US: Microsoft
CVE-2007-1764 (Stack-based buffer overflow in FastStone Image Viewer 2.8 allows user- ...)
	NOT-FOR-US: FastStone Image Viewer
CVE-2007-1763 (The ATI kernel driver (atikmdag.sys) in Microsoft Windows Vista allows ...)
	NOT-FOR-US: Microsoft
CVE-2007-1762 (Mozilla Firefox 2.0.0.1 through 2.0.0.3 does not canonicalize URLs bef ...)
	- iceweasel 3.0.1-1 (unimportant; bug #445515)
	NOTE: I don't believe this has relevant security impact, such a black list
	NOTE: will register URLs found in the wild and the used adresses will be
	NOTE: volatile anyway
CVE-2007-1761
	REJECTED
CVE-2007-1760
	REJECTED
CVE-2007-1759
	REJECTED
CVE-2007-1758
	REJECTED
CVE-2007-1757
	REJECTED
CVE-2007-1756 (Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2003 Viewer, and Office  ...)
	NOT-FOR-US: Microsoft Excel
CVE-2007-1755
	REJECTED
CVE-2007-1754 (PUBCONV.DLL in Microsoft Office Publisher 2007 does not properly clear ...)
	NOT-FOR-US: Microsoft Office
CVE-2007-1753
	REJECTED
CVE-2007-1752
	REJECTED
CVE-2007-1751 (Microsoft Internet Explorer 5.01, 6, and 7 allows remote attackers to  ...)
	NOT-FOR-US: Microsoft
CVE-2007-1750 (Unspecified vulnerability in Microsoft Internet Explorer 6 allows remo ...)
	NOT-FOR-US: Microsoft
CVE-2007-1749 (Integer underflow in the CDownloadSink class code in the Vector Markup ...)
	NOT-FOR-US: Vector Markup Language
CVE-2007-1748 (Stack-based buffer overflow in the RPC interface in the Domain Name Sy ...)
	NOT-FOR-US: Microsoft Windows
CVE-2007-1747 (Unspecified vulnerability in MSO.dll in Microsoft Office 2000 SP3, 200 ...)
	NOT-FOR-US: Microsoft Office
CVE-2007-1746
	RESERVED
CVE-2007-1745 (The chm_decompress_stream function in libclamav/chmunpack.c in Clam An ...)
	{DSA-1281-1 DTSA-37-1}
	- clamav 0.90.2-1 (high)
CVE-2007-1744 (Directory traversal vulnerability in the Shared Folders feature for VM ...)
	NOT-FOR-US: VMware
CVE-2007-1743 (suexec in Apache HTTP Server (httpd) 2.2.3 does not verify combination ...)
	- apache2 <unfixed> (unimportant)
CVE-2007-1742 (suexec in Apache HTTP Server (httpd) 2.2.3 uses a partial comparison f ...)
	- apache2 2.2.8-5 (unimportant)
CVE-2007-1741 (Multiple race conditions in suexec in Apache HTTP Server (httpd) 2.2.3 ...)
	- apache2 2.2.8-5 (unimportant)
CVE-2007-1740
	REJECTED
CVE-2007-1739 (Heap-based buffer overflow in the LDAP server in IBM Lotus Domino befo ...)
	NOT-FOR-US: IBM Lotus Domino
CVE-2007-1738 (TrueCrypt 4.3, when installed setuid root, allows local users to cause ...)
	NOT-FOR-US: TrueCrypt
CVE-2007-1737 (Opera 9.10 does not check URLs embedded in (1) object or (2) iframe HT ...)
	NOT-FOR-US: Opera
CVE-2007-1736 (Mozilla Firefox 2.0.0.3 does not check URLs embedded in (1) object or  ...)
	- iceweasel <removed> (unimportant)
	NOTE: I don't believe this has relevant security impact, such a black list
	NOTE: will register URLs found in the wild and the used adresses will be
	NOTE: volatile anyway
CVE-2007-1735 (Stack-based buffer overflow in Corel WordPerfect Office X3 (13.0.0.565 ...)
	NOT-FOR-US: Corel WordPerfect
CVE-2007-1734 (The DCCP support in the do_dccp_getsockopt function in net/dccp/proto. ...)
	- linux-2.6 2.6.20-1 (medium; bug #420875)
	[etch] - linux-2.6 <not-affected> (Vulnerable code not present)
CVE-2007-1733 (Buffer overflow in InterVations NaviCOPA HTTP Server 2.01 allows remot ...)
	NOT-FOR-US: NaviCOPA HTTP Server
CVE-2007-1732
	- wordpress 2.1.3-1 (unimportant)
	NOTE: Administrators can post full HTML, that is a feature. Rightly disputed.
CVE-2007-1731 (Multiple stack-based buffer overflows in High Performance Anonymous FT ...)
	NOT-FOR-US: hpaftpd
CVE-2007-1730 (Integer signedness error in the DCCP support in the do_dccp_getsockopt ...)
	- linux-2.6 2.6.21-1 (medium)
	[etch] - linux-2.6 <not-affected> (Vulnerable code not present)
CVE-2007-1729 (SQL injection vulnerability in includes/start.php in Flexbb 1.0.0 1000 ...)
	NOT-FOR-US: Flexbb
CVE-2007-1728 (The Remote Play feature in Sony Playstation 3 (PS3) 1.60 and Playstati ...)
	NOT-FOR-US: Sony Playstation 3
CVE-2007-1727 (Unspecified vulnerability in HP OpenView Network Node Manager (OV NNM) ...)
	NOT-FOR-US: HP OpenView
CVE-2007-1726 (Unrestricted file upload vulnerability in index.php in IceBB 1.0-rc5 a ...)
	NOT-FOR-US: IceBB
CVE-2007-1725 (SQL injection vulnerability in index.php in IceBB 1.0-rc5 allows remot ...)
	NOT-FOR-US: IceBB
CVE-2007-1724 (Unspecified vulnerability in ReactOS 0.3.1 has unknown impact and atta ...)
	NOT-FOR-US: ReactOS
CVE-2007-1723 (Multiple cross-site scripting (XSS) vulnerabilities in the administrat ...)
	NOT-FOR-US: IronMail
CVE-2007-1722 (Buffer overflow in the DownloadCertificateExt function in SignKorea SK ...)
	NOT-FOR-US: SKCommAX ActiveX control
CVE-2007-1721 (Multiple PHP remote file inclusion vulnerabilities in C-Arbre 0.6PR7 a ...)
	NOT-FOR-US: C-Arbre
CVE-2007-1720 (Directory traversal vulnerability in addressbook.php in the Addressboo ...)
	NOT-FOR-US: Addressbook 1.2 module for PHP-Nuke
CVE-2007-1719 (Buffer overflow in eject.c in Jason W. Bacon mcweject 0.9 on FreeBSD,  ...)
	NOT-FOR-US: mcweject
CVE-2007-1718 (CRLF injection vulnerability in the mail function in PHP 4.0.0 through ...)
	{DSA-1283-1 DSA-1282-1 DTSA-39-1 DTSA-40-1}
	- php4 <removed> (medium)
	[sarge] - php4 <not-affected> (Vulnerable code not present)
	- php5 5.2.0-11 (medium)
CVE-2007-1717 (The mail function in PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 t ...)
	- php4 6:4.4.6-2 (unimportant)
	- php5 5.2.2-1 (unimportant)
	NOTE: This is a regular bug, not a security problem
CVE-2007-1716 (pam_console does not properly restore ownership for certain console de ...)
	NOT-FOR-US: pam_console
CVE-2007-1715 (PHP remote file inclusion vulnerability in frontpage.php in Free Image ...)
	NOT-FOR-US: Free Image Hosting
CVE-2007-1714 (Cross-site scripting (XSS) vulnerability in index.php in CcCounter 2.0 ...)
	NOT-FOR-US: CcCounter
CVE-2007-1713 (CRLF injection vulnerability in BSMTP.DLL in B21Soft BASP21 2003.0211, ...)
	NOT-FOR-US: BASP21
CVE-2007-1712 (SQL injection vulnerability in default.asp in ActiveWebSoftwares Activ ...)
	NOT-FOR-US: Active Auction Pro
CVE-2007-1711 (Double free vulnerability in the unserializer in PHP 4.4.5 and 4.4.6 a ...)
	{DSA-1283-1 DSA-1282-1}
	- php4 6:4.4.6-2
	- php5 5.2.0-9
	NOTE: register_globals not supported
CVE-2007-1710 (The readfile function in PHP 4.4.4, 5.1.6, and 5.2.1 allows context-de ...)
	- php4 <removed> (unimportant)
	- php5 <removed> (unimportant)
	NOTE: Safe mode violations not supported, insufficient measure
CVE-2007-1709 (Buffer overflow in the confirm_phpdoc_compiled function in the phpDOC  ...)
	NOT-FOR-US: PECL phpDOC
CVE-2007-1708 (PHP remote file inclusion vulnerability in lib/db/ez_sql.php in ttCMS  ...)
	NOT-FOR-US: ttCMS
CVE-2007-1707 (PHP remote file inclusion vulnerability in index.php in Net Side Conte ...)
	NOT-FOR-US: Net-Side.net CMS
CVE-2007-1706 (SQL injection vulnerability in eWebQuiz.asp in eWebQuiz 8 allows remot ...)
	NOT-FOR-US: eWebQuiz
CVE-2007-1705 (SQL injection vulnerability in default.asp in Active Trade 2 allows re ...)
	NOT-FOR-US: Active Trade
CVE-2007-1704 (SQL injection vulnerability in index.php in the Car Manager (com_resma ...)
	NOT-FOR-US: Joomla module Car Manager
CVE-2007-1703 (SQL injection vulnerability in index.php in the RWCards (com_rwcards)  ...)
	NOT-FOR-US: Joomla module RWCards
CVE-2007-1702 (PHP remote file inclusion vulnerability in mod_flatmenu.php in the Fla ...)
	NOT-FOR-US: Flatmenu
CVE-2007-1701 (PHP 4 before 4.4.5, and PHP 5 before 5.2.1, when register_globals is e ...)
	- php5 5.2.0-9 (unimportant)
	- php4 6:4.4.4-9 (unimportant)
	NOTE: register_globals not supported
	NOTE: Dupe of CVE-2007-0910
CVE-2007-1700 (The session extension in PHP 4 before 4.4.5, and PHP 5 before 5.2.1, c ...)
	{DSA-1283-1 DTSA-39-1}
	- php5 5.2.0-9
	- php4 6:4.4.4-9
	[etch] - php5 5.2.0-8+etch1
	[etch] - php4 6:4.4.4-8+etch1
	[sarge] - php4 4:4.3.10-21
	NOTE: This was fixed as a side-effect of previous security fixes, noting the
	NOTE: status as of DSA-1286 as fixed version. likewise the oldstable
	NOTE: version was fixed.
CVE-2007-1699 (Multiple PHP remote file inclusion vulnerabilities in the SWmenu (com_ ...)
	NOT-FOR-US: Mambo module SWmenu
CVE-2007-1698 (download.php in Philex 0.2.3 and earlier allows remote attackers to re ...)
	NOT-FOR-US: Philex
CVE-2007-1697 (PHP remote file inclusion vulnerability in header.inc.php in Philex 0. ...)
	NOT-FOR-US: Philex
CVE-2007-1696 (SQL injection vulnerability in ViewNewspapers.asp in Active Newsletter ...)
	NOT-FOR-US: Active Newsletter
CVE-2007-1695
	- phpbb2 <not-affected> (requires register_globals to exploit)
	NOTE: Vulnerability is disputed, but is a non-issue anyway.
CVE-2007-1694
	RESERVED
CVE-2007-1693 (The SIP channel module in Yet Another Telephony Engine (Yate) before 1 ...)
	- yate 1.2.0-1.dfsg-1 (low; bug #421994)
	[etch] - yate <no-dsa> (Minor issue, fringe application)
CVE-2007-1692 (The default configuration of Microsoft Windows uses the Web Proxy Auto ...)
	NOT-FOR-US: Microsoft
CVE-2007-1691 (Stack-based buffer overflow in Second Sight Software ActiveMod ActiveX ...)
	NOT-FOR-US: Second Sight Software
CVE-2007-1690 (Multiple stack-based buffer overflows in Second Sight Software ActiveG ...)
	NOT-FOR-US: Second Sight Software
CVE-2007-1689 (Buffer overflow in the ISAlertDataCOM ActiveX control in ISLALERT.DLL  ...)
	NOT-FOR-US: Norton
CVE-2007-1688 (Buffer overflow in the PhPInfo ActiveX control in PhPCtrl.dll in Calli ...)
	NOT-FOR-US: PhPInfo ActiveX control
CVE-2007-1687 (Multiple buffer overflows in the Internet Pictures Corporation iPIX Im ...)
	NOT-FOR-US: iPIX Image Well ActiveX control
CVE-2007-1686
	RESERVED
CVE-2007-1685 (Buffer overflow in k9filter.exe in BlueCoat K9 Web Protection 3.2.36,  ...)
	NOT-FOR-US: BlueCoat
CVE-2007-1684 (The Run function in SolidWorks sldimdownload ActiveX control in sldimd ...)
	NOT-FOR-US: sldimdownload ActiveX control
CVE-2007-1683 (Stack-based buffer overflow in the DoWebMenuAction function in the Inc ...)
	NOT-FOR-US: IncrediMail
CVE-2007-1682 (Multiple stack-based buffer overflows in the FileManager ActiveX contr ...)
	NOT-FOR-US: FileManager ActiveX
CVE-2007-1681 (Format string vulnerability in libwebconsole_services.so in Sun Java W ...)
	NOT-FOR-US: Sun Solaris
CVE-2007-1680 (Stack-based buffer overflow in the createAndJoinConference function in ...)
	NOT-FOR-US: AudioConf ActiveX control
CVE-2007-1679
	NOTE: Allegedly a duplicate of CVE-2006-4255.
	NOTE: The other issue needs a CSRF attack to exploit.
CVE-2007-1678 (Cross-site scripting (XSS) vulnerability in the Fizzle 0.5 extension f ...)
	NOT-FOR-US: Fizzle 0.5 extension for Firefox
CVE-2007-1677 (Multiple buffer overflows in the ISO network protocol support in the N ...)
	NOT-FOR-US: NetBSD
CVE-2007-1676
	RESERVED
CVE-2007-1675 (Buffer overflow in the CRAM-MD5 authentication mechanism in the IMAP s ...)
	NOT-FOR-US: IBM Lotus Domino
CVE-2007-1674 (Stack-based buffer overflow in the Alert Service (aolnsrvr.exe) in LAN ...)
	NOT-FOR-US: LANDesk Management Suite
CVE-2007-1673 (unzoo.c, as used in multiple products including AMaViS 2.4.1 and earli ...)
	[sarge] - zoo <no-dsa> (Minor issue)
	[etch] - zoo <no-dsa> (Minor issue)
	- zoo 2.10-19 (bug #424686)
	- unzoo 4.4-7 (bug #424690)
	[sarge] - unzoo <no-dsa> (Minor issue)
	[etch] - unzoo <no-dsa> (Minor issue)
CVE-2007-1672 (avast! antivirus before 4.7.981 allows remote attackers to cause a den ...)
	NOT-FOR-US: avast
CVE-2007-1671 (avpack32.dll before 7.3.0.6 in Avira AntiVir allows remote attackers t ...)
	NOT-FOR-US: Avira
CVE-2007-1670 (Panda Software Antivirus before 20070402 allows remote attackers to ca ...)
	NOT-FOR-US: Panda
CVE-2007-1669 (zoo decoder 2.10 (zoo-2.10), as used in multiple products including (1 ...)
	NOT-FOR-US: Barracuda
CVE-2007-1668
	RESERVED
CVE-2007-1666 (The processor_request function in the debugger server for DataRescue I ...)
	NOT-FOR-US: IDA Pro
CVE-2007-1665 (Memory leak in the token OCR functionality in ekg before 1:1.7~rc2-1et ...)
	{DSA-1318-1}
	- ekg 1:1.7~rc2-2 (low)
	[sarge] - ekg <not-affected> (Vulnerable code not present)
CVE-2007-1664 (ekg before 1:1.7~rc2-1etch1 on Debian GNU/Linux Etch allows remote att ...)
	{DSA-1318-1}
	- ekg 1:1.7~rc2-2 (low)
	[sarge] - ekg <not-affected> (Vulnerable code not present)
CVE-2007-1663 (Memory leak in the image message functionality in ekg before 1:1.7~rc2 ...)
	{DSA-1318-1}
	- ekg 1:1.7~rc2-2 (low)
	[sarge] - ekg <not-affected> (Vulnerable code not present)
CVE-2007-1662 (Perl-Compatible Regular Expression (PCRE) library before 7.3 reads pas ...)
	{DSA-1570-1 DSA-1399-1 DTSA-77-1}
	- pcre3 7.3-1
	- kazehakase 0.5.2-1
	- glib2.0 2.14.3-1 (unimportant)
	NOTE: glib only embeds pcre in the udeb, no attack vector
CVE-2007-1661 (Perl-Compatible Regular Expression (PCRE) library before 7.3 backtrack ...)
	{DSA-1570-1 DSA-1399-1 DTSA-77-1}
	- pcre3 7.3-1
	- kazehakase 0.5.2-1
	- glib2.0 2.14.3-1 (unimportant)
	NOTE: glib only embeds pcre in the udeb, no attack vector
CVE-2007-1660 (Perl-Compatible Regular Expression (PCRE) library before 7.0 does not  ...)
	{DSA-1570-1 DSA-1399-1 DTSA-77-1}
	- pcre3 7.3-1
	- kazehakase 0.5.2-1
	- glib2.0 2.14.3-1 (unimportant)
	NOTE: glib only embeds pcre in the udeb, no attack vector
CVE-2007-1659 (Perl-Compatible Regular Expression (PCRE) library before 7.3 allows co ...)
	{DSA-1570-1 DSA-1399-1 DTSA-77-1}
	- kazehakase 0.5.2-1
	- pcre3 7.3-1
	- glib2.0 2.14.3-1 (unimportant)
	NOTE: glib only embeds pcre in the udeb, no attack vector
CVE-2007-1658 (Windows Mail in Microsoft Windows Vista might allow user-assisted remo ...)
	NOT-FOR-US: Microsoft
CVE-2007-1657 (Stack-based buffer overflow in the file_compress function in minigzip  ...)
	- python2.5 <not-affected> (does not build minigzip.c)
CVE-2007-1656 (Multiple SQL injection vulnerabilities in index.php in Katalog Plyt Au ...)
	NOT-FOR-US: Plyt Audio
CVE-2007-1655 (Buffer overflow in the fun_ladd function in funmath.cpp in TinyMUX bef ...)
	{DSA-1317-1}
	- tinymux 2.4.3.31-1.1 (bug #417539)
CVE-2007-1654 (Buffer overflow in the Ne7sshSftp::addOpenHandle function in ne7ssh_sf ...)
	NOT-FOR-US: ne7ssh
CVE-2007-1653 (GlowWorm FW before 1.5.3b4 allows remote attackers to cause a denial o ...)
	NOT-FOR-US: GlowWorm FW
CVE-2007-1652 (OpenID allows remote attackers to forcibly log a user into an OpenID e ...)
	NOT-FOR-US: MyOpenID.com
CVE-2007-1651 (Cross-site request forgery (CSRF) vulnerability in OpenID allows remot ...)
	NOT-FOR-US: MyOpenID.com
CVE-2007-1650 (pcapsipdump.cpp in pcapsipdump before 0.1.3 allows remote attackers to ...)
	NOT-FOR-US: pcapsipdump
CVE-2007-1649 (PHP 5.2.1 allows context-dependent attackers to read portions of heap  ...)
	- php5 5.2.2-1
	[etch] - php5 <not-affected> (Only affects PHP 5.2.1)
CVE-2007-1648 (0irc 1345 build 20060823 allows remote attackers to cause a denial of  ...)
	NOT-FOR-US: 0irc
CVE-2007-1647 (Moodle 1.5.2 and earlier stores sensitive information under the web ro ...)
	- moodle 1.5.3-1 (low)
CVE-2007-1646 (Multiple cross-site scripting (XSS) vulnerabilities in SubHub 2.3.0 al ...)
	NOT-FOR-US: SubHub
CVE-2007-1645 (Buffer overflow in FutureSoft TFTP Server 2000 on Microsoft Windows 20 ...)
	NOT-FOR-US: FutureSoft TFTP Server
CVE-2007-1644 (The dynamic DNS update mechanism in the DNS Server service on Microsof ...)
	NOT-FOR-US: Microsoft DNS Server
CVE-2007-1643 (Multiple PHP remote file inclusion vulnerabilities in LAN Management S ...)
	NOT-FOR-US: LAN Management System
CVE-2007-1642 (Unspecified vulnerability in ManageEngine Firewall Analyzer allows rem ...)
	NOT-FOR-US: ManageEngine Firewall Analyzer
CVE-2007-1641 (SQL injection vulnerability in index.php in PortailPHP 2.0 allows remo ...)
	NOT-FOR-US: PortailPHP
CVE-2007-1640 (Multiple PHP remote file inclusion vulnerabilities in ClassWeb 2.03 an ...)
	NOT-FOR-US: ClassWeb
CVE-2007-1639 (Unrestricted file upload vulnerability in PHProjekt 5.2.0, when magic_ ...)
	NOT-FOR-US: PHProjekt
CVE-2007-1638 (Multiple cross-site request forgery (CSRF) vulnerabilities in the chec ...)
	NOT-FOR-US: PHProjekt
CVE-2007-1637 (Multiple buffer overflows in the IMAILAPILib ActiveX control (IMailAPI ...)
	NOT-FOR-US: IMAILAPILib ActiveX control
CVE-2007-1636 (Directory traversal vulnerability in index.php in RoseOnlineCMS 3 B1 a ...)
	NOT-FOR-US: RoseOnlineCMS
CVE-2007-1635 (Static code injection vulnerability in admin/settings.php in Net Porta ...)
	NOT-FOR-US: Net Portal Dynamic System
CVE-2007-1634 (Variable extraction vulnerability in grab_globals.php in Net Portal Dy ...)
	NOT-FOR-US: Net Portal Dynamic System
CVE-2007-1633 (Directory traversal vulnerability in bbcode_ref.php in the Giorgio Cir ...)
	NOT-FOR-US: Splatt Forum
CVE-2007-1632 (Unspecified vulnerability in TYPOlight webCMS before 2.2 Build 5 has u ...)
	NOT-FOR-US: webCMS
CVE-2007-1631
	NOT-FOR-US: CLBOX
CVE-2007-1630 (SQL injection vulnerability in default.asp in ActiveWebSoftwares Activ ...)
	NOT-FOR-US: Active Link Engine
CVE-2007-1629 (SQL injection vulnerability in default.asp in ActiveWebSoftwares Activ ...)
	NOT-FOR-US: Active Photo Gallery
CVE-2007-1628 (Multiple PHP remote file inclusion vulnerabilities in Study planner (S ...)
	NOT-FOR-US: Study planner
CVE-2007-1627
	REJECTED
CVE-2007-1626 (PHP remote file inclusion vulnerability in iframe.php in the iFrame Mo ...)
	NOT-FOR-US: iFrame Module for PHP-NUKE
CVE-2007-1625 (Cross-site scripting (XSS) vulnerability in save_entry.php in realGues ...)
	NOT-FOR-US: realGuestbook
CVE-2007-1624 (Multiple SQL injection vulnerabilities in realGuestbook 5.01 allow rem ...)
	NOT-FOR-US: realGuestbook
CVE-2007-1623 (Multiple cross-site scripting (XSS) vulnerabilities in realGuestbook 5 ...)
	NOT-FOR-US: realGuestbook
CVE-2007-1622 (Cross-site scripting (XSS) vulnerability in wp-admin/vars.php in WordP ...)
	{DSA-1285-1}
	- wordpress 2.1.3-1 (medium)
CVE-2007-1621 (PHP remote file inclusion vulnerability in templates/head.php in Activ ...)
	NOT-FOR-US: Active PHP Bookmark Notes
CVE-2007-1620 (Multiple PHP remote file inclusion vulnerabilities in PHP DB Designer  ...)
	NOT-FOR-US: PHP DB Designer
CVE-2007-1619 (SQL injection vulnerability in viewcomments.php in ScriptMagix Photo R ...)
	NOT-FOR-US: ScriptMagix
CVE-2007-1618 (SQL injection vulnerability in index.php in ScriptMagix FAQ Builder 2. ...)
	NOT-FOR-US: ScriptMagix
CVE-2007-1617 (SQL injection vulnerability in index.php in ScriptMagix Recipes 2.0 an ...)
	NOT-FOR-US: ScriptMagix
CVE-2007-1616 (SQL injection vulnerability in index.php in ScriptMagix Lyrics 2.0 and ...)
	NOT-FOR-US: ScriptMagix
CVE-2007-1615 (SQL injection vulnerability in index.php in ScriptMagix Jokes 2.0 and  ...)
	NOT-FOR-US: ScriptMagix
CVE-2007-1614 (Stack-based buffer overflow in the zzip_open_shared_io function in zzi ...)
	{DTSA-56-1}
	- zziplib 0.13.49-0 (bug #436701; low)
	[etch] - zziplib <no-dsa> (Minor issue)
	NOTE: http://www.securitylab.ru/forum/read.php?FID=21&TID=40858&MID=326187#message326187
	NOTE: If an attacker can supply arbitrary file names, we likely suffer from
	NOTE: an information disclosure issue anyway.
CVE-2007-1613 (Directory traversal vulnerability in view.php in MPM Chat 2.5 allows r ...)
	NOT-FOR-US: MPM Chat
CVE-2007-1612 (SQL injection vulnerability in index.php in Katalog Plyt Audio 1.0 and ...)
	NOT-FOR-US: Plyt Audio
CVE-2007-1611 (Cross-site scripting (XSS) vulnerability in the RSS reader in a certai ...)
	NOT-FOR-US: IKANARI JIJYOU
CVE-2007-1610 (Cross-site scripting (XSS) vulnerability in the RSS reader in Glue Sof ...)
	NOT-FOR-US: NewsGlue
CVE-2007-1609 (Cross-site scripting (XSS) vulnerability in servlet/Spy in Dynamic Mon ...)
	NOT-FOR-US: Oracle Application Server
CVE-2007-1608 (CRLF injection vulnerability in IBM WebSphere Application Server (WAS) ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2007-1607 (search.php in w-Agora (Web-Agora) allows remote attackers to obtain po ...)
	NOT-FOR-US: Web-Agora
CVE-2007-1606 (Multiple cross-site scripting (XSS) vulnerabilities in w-Agora (Web-Ag ...)
	NOT-FOR-US: Web-Agora
CVE-2007-1605 (w-Agora (Web-Agora) allows remote attackers to obtain sensitive inform ...)
	NOT-FOR-US: Web-Agora
CVE-2007-1604 (Multiple unrestricted file upload vulnerabilities in w-Agora (Web-Agor ...)
	NOT-FOR-US: Web-Agora
CVE-2007-1603 (admin/contest.php in Weekly Drawing Contest 0.0.1 allows remote attack ...)
	NOT-FOR-US: Weekly Drawing Contest
CVE-2007-1602 (SQL injection vulnerability in check_vote.php in Weekly Drawing Contes ...)
	NOT-FOR-US: Weekly Drawing Contest
CVE-2007-1601
	NOT-FOR-US: Weekly Drawing Contest
CVE-2007-1600 (PHP remote file inclusion vulnerability in module.php in Digital Eye G ...)
	NOT-FOR-US: Digital Eye Gallery
CVE-2007-1599 (wp-login.php in WordPress allows remote attackers to redirect authenti ...)
	{DSA-1601-1}
	- wordpress 2.2.2-1 (bug #437085; low)
CVE-2007-1598 (Stack-based buffer overflow in InterVations FileCOPA FTP Server 1.01 a ...)
	NOT-FOR-US: FileCOPA FTP
CVE-2007-1597 (Unclassified NewsBoard 1.6.3 stores sensitive information under the we ...)
	NOT-FOR-US: Unclassified NewsBoard
CVE-2007-1596 (Multiple PHP remote file inclusion vulnerabilities in the NFN Address  ...)
	NOT-FOR-US: NFN Address Book
CVE-2007-1595 (The Asterisk Extension Language (AEL) in pbx/pbx_ael.c in Asterisk doe ...)
	- asterisk 1:1.4.0~dfsg-1 (low)
	[etch] - asterisk <not-affected> (Only affects 1.4.x)
	[sarge] - asterisk <not-affected> (Only affects 1.4.x)
CVE-2007-1593 (The administrative service in Symantec Veritas Volume Replicator (VVR) ...)
	NOT-FOR-US: Symantec
CVE-2007-1592 (net/ipv6/tcp_ipv6.c in Linux kernel 2.6.x up to 2.6.21-rc3 inadvertent ...)
	{DSA-1503-2 DSA-1503-1 DSA-1304 DSA-1286-1}
	- linux-2.6 2.6.20-1 (medium)
CVE-2007-1591 (VsapiNT.sys in the Scan Engine 8.0 for Trend Micro AntiVirus 14.10.104 ...)
	NOT-FOR-US: Trend Micro
CVE-2007-1590 (The Grandstream BudgeTone 200 IP phone, with program 1.1.1.14 and boot ...)
	NOT-FOR-US: Grandstream
CVE-2007-1589 (TrueCrypt before 4.3, when set-euid mode is used on Linux, allows loca ...)
	NOT-FOR-US: Truecrypt
CVE-2007-1588 (server.cpp in MyServer 0.8.5 calls Process::setuid before calling Proc ...)
	NOT-FOR-US: MyServer
CVE-2007-1587 (templates/config/mail.tpl in Tim Soderstrom StatsDawg 0.92 allows remo ...)
	NOT-FOR-US: StatsDawg
CVE-2007-1586 (ZynOS 3.40 allows remote attackers to cause a denial of service (link  ...)
	NOT-FOR-US: Zyxel
CVE-2007-1585 (The Linksys WAG200G with firmware 1.01.01, WRT54GC 2 with firmware 1.0 ...)
	NOT-FOR-US: Cisco
CVE-2007-1584 (Buffer underflow in the header function in PHP 5.2.0 allows context-de ...)
	NOTE: Dupe of CVE-2007-0907; Fixed in DSA-1264, php5 5.2.0-9, php4 6:4.4.4-9
CVE-2007-1583 (The mb_parse_str function in PHP 4.0.0 through 4.4.6 and 5.0.0 through ...)
	{DSA-1283-1 DSA-1282-1 DTSA-39-1 DTSA-40-1}
	- php5 5.2.0-11 (medium)
	- php4 <removed> (medium)
CVE-2007-1582 (The resource system in PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 ...)
	- php5 <removed> (unimportant)
	- php4 <removed> (unimportant)
	NOTE: Only triggerable by malicious script
CVE-2007-1581 (The resource system in PHP 5.0.0 through 5.2.1 allows context-dependen ...)
	- php5 <removed> (unimportant)
	NOTE: Only triggerable by malicious script
CVE-2007-1580 (FTPDMIN 0.96 allows remote attackers to cause a denial of service (dae ...)
	NOT-FOR-US: FTPDMIN
CVE-2007-1579 (Stack-based buffer overflow in Atrium MERCUR IMAPD allows remote attac ...)
	NOT-FOR-US: MERCUR IMAPD
CVE-2007-1578 (Multiple integer signedness errors in the NTLM implementation in Atriu ...)
	NOT-FOR-US: MERCUR IMAPD
CVE-2007-1577 (Directory traversal vulnerability in index.php in GeBlog 0.1 allows re ...)
	NOT-FOR-US: GeBlog
CVE-2007-1576 (Multiple cross-site scripting (XSS) vulnerabilities in PHProjekt 5.2.0 ...)
	NOT-FOR-US: PHProjekt
CVE-2007-1575 (Multiple SQL injection vulnerabilities in PHProjekt 5.2.0, when magic_ ...)
	NOT-FOR-US: PHProjekt
CVE-2007-1574 (CARE2X 2.2, and possibly earlier, allows remote attackers to obtain co ...)
	NOT-FOR-US: CARE2X
CVE-2007-1573 (SQL injection vulnerability in admincp/attachment.php in Jelsoft vBull ...)
	NOT-FOR-US: vBulletin
CVE-2007-1572 (SQL injection vulnerability in search.asp in JGBBS 3.0 Beta 1 and earl ...)
	NOT-FOR-US: JGBBS
CVE-2007-1571 (PHP remote file inclusion vulnerability in includes/base.php in Radica ...)
	NOT-FOR-US: Activist Mobilization Platform
CVE-2007-1570
	REJECTED
CVE-2007-1569 (Stack-based buffer overflow in NewsBin Pro 4.32 allows remote attacker ...)
	NOT-FOR-US: NewsBin Pro
CVE-2007-1568 (Stack-based buffer overflow in DaanSystems NewsReactor 20070220.21 all ...)
	NOT-FOR-US: NewsReactor
CVE-2007-1567 (Stack-based buffer overflow in War FTP Daemon 1.65, and possibly earli ...)
	NOT-FOR-US: WarFTPd
CVE-2007-1566 (SQL injection vulnerability in News/page.asp in NetVIOS Portal allows  ...)
	NOT-FOR-US: NetVIOS Portal
CVE-2007-1565 (Konqueror 3.5.5 allows remote attackers to cause a denial of service ( ...)
	- kdelibs <unfixed> (unimportant)
CVE-2007-1564 (The FTP protocol implementation in Konqueror 3.5.5 allows remote serve ...)
	- kdelibs 4:3.5.5a.dfsg.1-7
CVE-2007-1563 (The FTP protocol implementation in Opera 9.10 allows remote attackers  ...)
	NOT-FOR-US: Opera
CVE-2007-1562 (The FTP protocol implementation in Mozilla Firefox before 1.5.0.11 and ...)
	- iceweasel 2.0.0.3-1 (low)
CVE-2007-1560 (The clientProcessRequest() function in src/client_side.c in Squid 2.6  ...)
	- squid 2.6.5-6 (low)
	[sarge] - squid <not-affected> (Vulnerable code not present)
CVE-2007-1559 (Multiple stack-based buffer overflows in SonicDVDDashVRNav.dll in Roxi ...)
	NOT-FOR-US: Roxio
CVE-2007-1558 (The APOP protocol allows remote attackers to guess the first 3 charact ...)
	{DSA-1305-1 DSA-1300-1 DTSA-46-1 DTSA-47-1}
	NOTE: Affects various clients, but no practical security implications
	NOTE: MFSA2007-15
	- icedove 2.0.0.4-1
	- iceape 1.1.2-1
	- fetchmail 6.3.8-1 (unimportant)
	[etch] - fetchmail 6.3.6-1etch3
	- mailfilter 0.8.2-1 (unimportant)
	- mutt 1.5.18-6 (unimportant)
	NOTE: i couldn't pinpoint exact mutt fixed version, but lenny's version has the
	NOTE: patch and etch's version does not (http://dev.mutt.org/trac/ticket/2846)
	- balsa 2.3.17-1 (unimportant)
	- claws-mail 2.9.1-1 (unimportant)
CVE-2007-1557 (Format string vulnerability in F-Secure Anti-Virus Client Security 6.0 ...)
	NOT-FOR-US: F-Secure
CVE-2007-1556 (SQL injection vulnerability in kommentare.php in Creative Files 1.2 al ...)
	NOT-FOR-US: Creative Files
CVE-2007-1555 (SQL injection vulnerability in forum.php in the Minerva mod 2.0.21 bui ...)
	NOT-FOR-US: Minerva module of phpBB
CVE-2007-1554 (Direct static code injection vulnerability in admin/configuration.php  ...)
	NOT-FOR-US: Guestbara
CVE-2007-1553 (admin/configuration.php in Guestbara 1.2 and earlier allows remote att ...)
	NOT-FOR-US: Guestbara
CVE-2007-1552 (Unrestricted file upload vulnerability in usercp.php in MetaForum 0.51 ...)
	NOT-FOR-US: MetaForum
CVE-2007-1551 (Multiple cross-site scripting (XSS) vulnerabilities in phpx 3.5.15 all ...)
	NOT-FOR-US: phpx
CVE-2007-1550 (Multiple SQL injection vulnerabilities in phpx 3.5.15 allow remote att ...)
	NOT-FOR-US: phpx
CVE-2007-1549 (Unrestricted file upload vulnerability in gallery.php in phpx 3.5.15 a ...)
	NOT-FOR-US: phpx
CVE-2007-1548 (SQL injection vulnerability in functions/functions_filters.asp in Web  ...)
	NOT-FOR-US: Web Wiz Forums
CVE-2007-1547 (The ReadRequestFromClient function in server/os/io.c in Network Audio  ...)
	{DSA-1273-1}
	- nas 1.8-4 (low; bug #416038)
CVE-2007-1546 (Array index error in Network Audio System (NAS) before 1.8a SVN 237 al ...)
	{DSA-1273-1}
	- nas 1.8-4 (low; bug #416038)
CVE-2007-1545 (The AddResource function in server/dia/resource.c in Network Audio Sys ...)
	{DSA-1273-1}
	- nas 1.8-4 (low; bug #416038)
CVE-2007-1544 (Integer overflow in the ProcAuWriteElement function in server/dia/audi ...)
	{DSA-1273-1}
	- nas 1.8-4 (low; bug #416038)
CVE-2007-1543 (Stack-based buffer overflow in the accept_att_local function in server ...)
	{DSA-1273-1}
	- nas 1.8-4 (medium; bug #416038)
CVE-2007-1542 (Unspecified vulnerability in the Cisco IP Phone 7940 and 7960 running  ...)
	NOT-FOR-US: Cisco
CVE-2007-1541 (Directory traversal vulnerability in am.pl in SQL-Ledger 2.6.27 only c ...)
	- sql-ledger 2.8.14-1 (unimportant; bug #409703)
	NOTE: It's documented behaviour that SQL-Ledger should only be run in an
	NOTE: authenticated HTTP zone and without untrusted users
CVE-2007-1540 (Directory traversal vulnerability in am.pl in (1) SQL-Ledger 2.6.27 an ...)
	- sql-ledger 2.8.14-1 (unimportant; bug #409703)
	NOTE: It's documented behaviour that SQL-Ledger should only be run in an
	NOTE: authenticated HTTP zone and without untrusted users
CVE-2007-1539 (Directory traversal vulnerability in inc/map.func.php in pragmaMX Land ...)
	NOT-FOR-US: pragmaMX Landkarten
CVE-2007-1538
	NOT-FOR-US: McAfee
CVE-2007-1537 (\Device\NdisTapi (NDISTAPI.sys) in Microsoft Windows XP SP2 and 2003 S ...)
	NOT-FOR-US: Microsoft
CVE-2007-1536 (Integer underflow in the file_printf function in the "file" program be ...)
	{DSA-1274-1}
	- file 4.20-1 (bug #415362; high)
	NOTE: Has got lots of reverse dependencies.
	NOTE: Some of them process remotely supplied untrusted input.
CVE-2007-1535 (Microsoft Windows Vista establishes a Teredo address without user acti ...)
	NOT-FOR-US: Microsoft
CVE-2007-1534 (DFSR.exe in Windows Meeting Space in Microsoft Windows Vista remains a ...)
	NOT-FOR-US: Microsoft
CVE-2007-1533 (The Teredo implementation in Microsoft Windows Vista uses the same non ...)
	NOT-FOR-US: Microsoft
CVE-2007-1532 (The neighbor discovery implementation in Microsoft Windows Vista allow ...)
	NOT-FOR-US: Microsoft
CVE-2007-1531 (Microsoft Windows XP and Vista overwrites ARP table entries included i ...)
	NOT-FOR-US: Microsoft
CVE-2007-1530 (The LLTD Mapper in Microsoft Windows Vista does not properly gather re ...)
	NOT-FOR-US: Microsoft
CVE-2007-1529 (The LLTD Responder in Microsoft Windows Vista does not send the Mapper ...)
	NOT-FOR-US: Microsoft
CVE-2007-1528 (The LLTD Mapper in Microsoft Windows Vista allows remote attackers to  ...)
	NOT-FOR-US: Microsoft
CVE-2007-1527 (The LLTD Mapper in Microsoft Windows Vista does not verify that an IP  ...)
	NOT-FOR-US: Microsoft
CVE-2007-1526 (Sun Java System Web Server 6.1 before 20070314 allows remote authentic ...)
	NOT-FOR-US: Sun Java System Web Server
CVE-2007-1525 (Direct static code injection vulnerability in postpost.php in Dayfox B ...)
	NOT-FOR-US: Dayfox Blog
CVE-2007-1524 (Directory traversal vulnerability in themes/default/ in ZomPlog 3.7.6  ...)
	NOT-FOR-US: ZomPlog
CVE-2007-1523 (Heap-based buffer overflow in the kernel in NetBSD 3.0, certain versio ...)
	NOT-FOR-US: NetBSD
CVE-2007-1522 (Double free vulnerability in the session extension in PHP 5.2.0 and 5. ...)
	{DSA-1283-1}
	- php5 5.2.2-1 (medium)
CVE-2007-1521 (Double free vulnerability in PHP before 4.4.7, and 5.x before 5.2.2, a ...)
	{DSA-1283-1 DSA-1282-1 DTSA-39-1 DTSA-40-1}
	- php5 5.2.0-11 (medium)
	- php4 6:4.4.6-2 (medium)
CVE-2007-1520 (The cross-site request forgery (CSRF) protection in PHP-Nuke 8.0 and e ...)
	NOT-FOR-US: PHP-Nuke
CVE-2007-1519 (Cross-site scripting (XSS) vulnerability in modules.php in PHP-Nuke 8. ...)
	NOT-FOR-US: PHP-Nuke
CVE-2007-1518 (SQL injection vulnerability in usergroups.php in Woltlab Burning Board ...)
	NOT-FOR-US: Woltlab Burning Board
CVE-2007-1517 (SQL injection vulnerability in comments.php in WSN Guest 1.02 and 1.21 ...)
	NOT-FOR-US: WSN Guest
CVE-2007-1561 (The channel driver in Asterisk before 1.2.17 and 1.4.x before 1.4.2 al ...)
	{DSA-1358-1}
	- asterisk 1:1.4.2~dfsg-5 (bug #415466; medium)
	NOTE: http://voipsa.org/pipermail/voipsec_voipsa.org/2007-March/002275.html
CVE-2007-1594 (The handle_response function in chan_sip.c in Asterisk before 1.2.17 a ...)
	NOTE: Duplicate of CVE-2007-2297
CVE-2007-1516 (PHP remote file inclusion vulnerability in functions/update.php in Cic ...)
	NOT-FOR-US: CcMail
CVE-2007-1515 (Multiple cross-site scripting (XSS) vulnerabilities in Horde IMP H3 4. ...)
	- imp4 4.1.3-4 (medium; bug #415117)
CVE-2007-1514 (PHP remote file inclusion vulnerability in index.php in ViperWeb Porta ...)
	NOT-FOR-US: ViperWeb Portal
CVE-2007-1513 (PHP remote file inclusion vulnerability in comanda.php in GraFX Compan ...)
	NOT-FOR-US: WebSite Builder
CVE-2007-1512 (Stack-based buffer overflow in the AfxOleSetEditMenu function in the M ...)
	NOT-FOR-US: Microsoft Windows
CVE-2007-1511 (Buffer overflow in FrontBase Relational Database Server 4.2.7 and earl ...)
	NOT-FOR-US: FrontBase Relational Database Server
CVE-2007-1510 (SQL injection vulnerability in post.php in Particle Blogger 1.0.0 thro ...)
	NOT-FOR-US: Particle Blogger
CVE-2007-1509 (Directory traversal vulnerability in enkrypt.php in Sascha Schroeder k ...)
	NOT-FOR-US: krypt
CVE-2007-1508 (Cross-site scripting (XSS) vulnerability in CMD_USER_STATS in DirectAd ...)
	NOT-FOR-US: DirectAdmin
CVE-2007-1507 (The default configuration in OpenAFS 1.4.x before 1.4.4 and 1.5.x befo ...)
	{DSA-1271-1}
	- openafs 1.4.2-6 (medium)
CVE-2007-1506 (Cross-site scripting (XSS) vulnerability in PORTAL.wwv_main.render_war ...)
	NOT-FOR-US: Oracle Portal
CVE-2007-1505 (Fujitsu FENCE-Pro before V5L01, and Systemwalker Desktop Encryption V1 ...)
	NOT-FOR-US: Fujistu FENCE-Pro
CVE-2007-1504 (Cross-site scripting (XSS) vulnerability in the Servlet Service in Fuj ...)
	NOT-FOR-US: Fujitsu Interstage Application Server
CVE-2007-1503 (Multiple format string vulnerabilities in comm.c in Rhapsody IRC 0.28b ...)
	- rhapsody <removed> (medium)
CVE-2007-1502 (Multiple buffer overflows in Rhapsody IRC 0.28b allow remote attackers ...)
	- rhapsody <removed> (medium)
CVE-2007-1501 (Stack-based buffer overflow in Avant Browser 11.0 build 26 allows remo ...)
	NOT-FOR-US: Avant Browse
CVE-2007-1500 (The Linux Security Auditing Tool (LSAT) allows local users to overwrit ...)
	NOT-FOR-US: Linux Security Auditing Tool
CVE-2007-1499 (Microsoft Internet Explorer 7.0 on Windows XP and Vista allows remote  ...)
	NOT-FOR-US: Internet Explorer
CVE-2007-1498 (Multiple stack-based buffer overflows in the SiteManager.SiteMgr.1 Act ...)
	NOT-FOR-US: SiteManager.SiteMgr.1 ActiveX control
CVE-2007-1497 (nf_conntrack in netfilter in the Linux kernel before 2.6.20.3 does not ...)
	{DSA-1289-1}
	- linux-2.6 2.6.20-1 (medium)
CVE-2007-1496 (nfnetlink_log in netfilter in the Linux kernel before 2.6.20.3 allows  ...)
	{DSA-1289-1}
	- linux-2.6 2.6.21-1 (medium)
CVE-2007-1495 (The \Device\SymEvent driver in Symantec Norton Personal Firewall 2006  ...)
	NOT-FOR-US: Symantec Norton Personal Firewall
CVE-2007-1494 (Cross-site scripting (XSS) vulnerability in NukeSentinel before 2.5.06 ...)
	NOT-FOR-US: NukeSentinel
CVE-2007-1493 (nukesentinel.php in NukeSentinel 2.5.06 and earlier uses a permissive  ...)
	NOT-FOR-US: NukeSentinel
CVE-2007-1492 (winmm.dll in Microsoft Windows XP allows user-assisted remote attacker ...)
	NOT-FOR-US: Microsoft Windows XP
CVE-2007-1491 (Apache Tomcat in Avaya S87XX, S8500, and S8300 before CM 3.1.3, and Av ...)
	NOT-FOR-US: Avaya S87XX
CVE-2007-1490 (Unspecified maintenance web pages in Avaya S87XX, S8500, and S8300 bef ...)
	NOT-FOR-US: Avaya S87XX
CVE-2007-1489 (Unspecified vulnerability in web-app.org Web Automated Perl Portal (We ...)
	NOT-FOR-US: WebAPP
CVE-2007-1488 (Unspecified vulnerability in Sun Java System Web Server 6.0 and 6.1 be ...)
	NOT-FOR-US: Sun Java System Web Server
CVE-2007-1487 (Directory traversal vulnerability in index.php in Sascha Schroeder (ak ...)
	NOT-FOR-US: CyberTeddy WebLog
CVE-2007-1486 (PHP remote file inclusion vulnerability in template.class.php in Carbo ...)
	NOT-FOR-US: Carbonize Lazarus Guestbook
CVE-2007-1485
	NOT-FOR-US: LIBFtp
CVE-2007-1484 (The array_user_key_compare function in PHP 4.4.6 and earlier, and 5.x  ...)
	- php4 <removed> (unimportant)
	- php5 5.2.2-1 (unimportant)
	NOTE: local malicious scripts only
CVE-2007-1483 (Multiple PHP remote file inclusion vulnerabilities in WebCalendar 0.9. ...)
	- webcalendar 1.0.5-1 (high)
	[sarge] - webcalendar 0.9.45-4sarge7
	NOTE: This was fixed in Sarge as a side-effect of an earlier fix, marking current
	NOTE: Sarge version as fixed version
CVE-2007-1482 (Cross-site scripting (XSS) vulnerability in index.php in WBBlog allows ...)
	NOT-FOR-US: WBBlog
CVE-2007-1481 (SQL injection vulnerability in index.php in WBBlog allows remote attac ...)
	NOT-FOR-US: WBBlog
CVE-2007-1480 (Creative Guestbook 1.0 allows remote attackers to add an administrativ ...)
	NOT-FOR-US: Creative Guestbook
CVE-2007-1479 (Cross-site scripting (XSS) vulnerability in Guestbook.php in Creative  ...)
	NOT-FOR-US: Creative Guestbook
CVE-2007-1478 (download.php in McGallery 0.5b allows remote attackers to read arbitra ...)
	NOT-FOR-US: McGallery
CVE-2007-1477
	NOT-FOR-US: Point Of Sale for osCommerce
CVE-2007-1476 (The SymTDI device driver (SYMTDI.SYS) in Symantec Norton Personal Fire ...)
	NOT-FOR-US: Symantec Norton Personal Firewall
CVE-2007-1475 (Multiple buffer overflows in the (1) ibase_connect and (2) ibase_pconn ...)
	- php4 <removed> (unimportant)
	NOTE: Can only be triggered by malicious script
CVE-2007-1474 (Argument injection vulnerability in the cleanup cron script in Horde P ...)
	{DSA-1406-1}
	- horde3 3.1.3-4 (medium)
CVE-2007-1473 (Cross-site scripting (XSS) vulnerability in framework/NLS/NLS.php in H ...)
	{DSA-1406-1}
	- horde3 3.1.4-1 (low; bug #434045)
CVE-2007-1472 (Variable overwrite vulnerability in groupit/base/groupit.start.inc in  ...)
	NOT-FOR-US: Groupit
CVE-2007-1471 (admin/default.asp in Orion-Blog 2.0 allows remote attackers to bypass  ...)
	NOT-FOR-US: Orion-Blog
CVE-2007-1470 (Multiple buffer overflows in LIBFtp 5.0 allow user-assisted remote att ...)
	NOT-FOR-US: LIBFtp
CVE-2007-1469 (SQL injection vulnerability in gallery.asp in Absolute Image Gallery 2 ...)
	NOT-FOR-US: Absolute Image Gallery
CVE-2007-1468 (Cross-site scripting (XSS) vulnerability in IBM Rational ClearQuest (C ...)
	NOT-FOR-US: IBM Rational ClearQuest
CVE-2007-1467 (Multiple cross-site scripting (XSS) vulnerabilities in (1) PreSearch.h ...)
	NOT-FOR-US: Cisco
CVE-2007-1466 (Integer overflow in the WP6GeneralTextPacket::_readContents function i ...)
	- libwpd 0.8.9-1 (medium)
	[etch] - libwpd 0.8.7-6
CVE-2007-1465 (Stack-based buffer overflow in dproxy.c for dproxy 0.1 through 0.5 all ...)
	NOT-FOR-US: dproxy
CVE-2007-1464 (Format string vulnerability in the whiteboard Jabber protocol in Inksc ...)
	- inkscape 0.45.1-1 (medium)
	[etch] - inkscape <not-affected> (Versions prior to 0.45 used loudmouth, which isn't affected)
CVE-2007-1463 (Format string vulnerability in Inkscape before 0.45.1 allows user-assi ...)
	- inkscape 0.45.1-1 (low)
	[etch] - inkscape <no-dsa> (Minor issue)
	[sarge] - inkscape <no-dsa> (Minor issue)
	NOTE: shell code would be prominently inside the file names
CVE-2007-1462 (The luci server component in conga preserves the password between page ...)
	NOT-FOR-US: conga
CVE-2007-1461 (The compress.bzip2:// URL wrapper provided by the bz2 extension in PHP ...)
	- php5 5.2.2-1 (unimportant)
	NOTE: Safemode and open_basedir bypasses not supported
CVE-2007-1460 (The zip:// URL wrapper provided by the PECL zip extension in PHP befor ...)
	- php5 5.2.2-1 (unimportant)
	NOTE: Safemode and open_basedir bypasses not supported
CVE-2007-1459 (Multiple PHP remote file inclusion vulnerabilities in WebCreator 0.2.6 ...)
	NOT-FOR-US: WebCreator
CVE-2007-1458 (Multiple PHP remote file inclusion vulnerabilities in CARE2X 1.1 allow ...)
	NOT-FOR-US: CARE2X
CVE-2007-1457 (Buffer overflow in the urarlib_get function in Christian Scheurer Uniq ...)
	NOT-FOR-US: UniquE RAR File Library
CVE-2007-1456
	NOT-FOR-US: PHP Photo Album
CVE-2007-1455 (Multiple absolute path traversal vulnerabilities in Fantastico, as use ...)
	NOT-FOR-US: Fantastico
CVE-2007-1454 (ext/filter in PHP 5.2.0, when FILTER_SANITIZE_STRING is used with the  ...)
	{DSA-1283-1 DTSA-39-1}
	- php5 5.2.0-11 (medium)
CVE-2007-1453 (Buffer underflow in the PHP_FILTER_TRIM_DEFAULT macro in the filtering ...)
	{DSA-1283-1 DTSA-39-1}
	- php5 5.2.0-11 (medium)
CVE-2007-1452 (The FDF support (ext/fdf) in PHP 5.2.0 and earlier does not implement  ...)
	- php5 <not-affected> (cpdf extension not enabled in binary build)
CVE-2007-1451 (GuppY 4.0 allows remote attackers to delete arbitrary files via a dire ...)
	NOT-FOR-US: GuppY
CVE-2007-1450 (SQL injection vulnerability in mainfile.php in PHP-Nuke 8.0 and earlie ...)
	NOT-FOR-US: PHP-Nuke
CVE-2007-1449 (Directory traversal vulnerability in mainfile.php in PHP-Nuke 8.0 and  ...)
	NOT-FOR-US: PHP-Nuke
CVE-2007-1448 (The Tape Engine in CA (formerly Computer Associates) BrightStor ARCser ...)
	NOT-FOR-US: BrightStor ARCserve Backup
CVE-2007-1447 (The Tape Engine in CA (formerly Computer Associates) BrightStor ARCser ...)
	NOT-FOR-US: BrightStor ARCserve Backup
CVE-2007-1446 (Multiple PHP remote file inclusion vulnerabilities in Open Education S ...)
	NOT-FOR-US: Open Education System
CVE-2007-1445 (SQL injection vulnerability in the heme preview feature for default.as ...)
	NOT-FOR-US: BP Blog
CVE-2007-1444 (netserver in netperf 2.4.3 allows local users to overwrite arbitrary f ...)
	- netperf 2.4.3-8 (bug #413658; medium)
	[sarge] - netperf <no-dsa> (Non-free not supported)
	[etch] - netperf <no-dsa> (Non-free not supported)
CVE-2007-1443 (Multiple cross-site scripting (XSS) vulnerabilities in register.php in ...)
	NOT-FOR-US: Woltlab Burning Board
CVE-2007-1442 (Oracle Database 10g uses a NULL pDacl parameter when calling the SetSe ...)
	NOT-FOR-US: Oracle Database
CVE-2007-1441 (The 4thPass browser (BlackBerry Browser) on the RIM BlackBerry 8100 (P ...)
	NOT-FOR-US: BlackBerry 8100
CVE-2007-1440 (SQL injection vulnerability in search.asp in JGBBS 3.0 Beta 1 allows r ...)
	NOT-FOR-US: JGBBS
CVE-2007-1439 (PHP remote file inclusion vulnerability in ressourcen/dbopen.php in bi ...)
	NOT-FOR-US: MySQL Commander
CVE-2007-1438 (SQL injection vulnerability in devami.asp in X-Ice News System 1.0 all ...)
	NOT-FOR-US: X-Ice News System
CVE-2007-1437 (Unspecified vulnerability in LedgerSMB before 1.1.5 and SQL-Ledger bef ...)
	- sql-ledger 2.8.14-1 (unimportant; bug #409703)
	NOTE: It's documented behaviour that SQL-Ledger should only be run in an
	NOTE: authenticated HTTP zone and without untrusted users
CVE-2007-1436 (Unspecified vulnerability in admin.pl in SQL-Ledger before 2.6.26 and  ...)
	- sql-ledger 2.8.14-1 (unimportant; bug #409703)
	NOTE: It's documented behaviour that SQL-Ledger should only be run in an
	NOTE: authenticated HTTP zone and without untrusted users
CVE-2007-1435 (Buffer overflow in D-Link TFTP Server 1.0 allows remote attackers to c ...)
	NOT-FOR-US: D-Link TFTP Server
CVE-2007-1434 (SQL injection vulnerability in Grayscale Blog 0.8.0, and possibly earl ...)
	NOT-FOR-US: Grayscale Blog
CVE-2007-1433 (Cross-site scripting (XSS) vulnerability in Grayscale Blog 0.8.0, and  ...)
	NOT-FOR-US: Grayscale Blog
CVE-2007-1432 (Grayscale Blog 0.8.0, and possibly earlier versions, allows remote att ...)
	NOT-FOR-US: Grayscale Blog
CVE-2007-1431 (Multiple unspecified vulnerabilities in PennMUSH 1.8.3 before 1.8.3p1  ...)
	- pennmush 1.8.2p7-1 (low; bug #436249)
	[sarge] - pennmush <no-dsa> (Minor issue)
	[etch] - pennmush <no-dsa> (Minor issue)
CVE-2007-1430 (PHP remote file inclusion vulnerability in include/adodb-connection.in ...)
	NOT-FOR-US: ClipShare
CVE-2007-1429 (Multiple PHP remote file inclusion vulnerabilities in Moodle 1.7.1 all ...)
	- moodle <not-affected>
	NOTE: Security problem with the Windows version
	NOTE: Debian Maintainer and Upstream state that debian is not affected
	NOTE: and the problem is not reproducible there
CVE-2007-1428 (SQL injection vulnerability in search.php in PHP Labs JobSitePro 1.0 a ...)
	NOT-FOR-US: JobSitePro
CVE-2007-1427 (Directory traversal vulnerability in download_pdf.php in AssetMan 2.4a ...)
	NOT-FOR-US: AssetMan
CVE-2007-1426 (The web interface in AstroCam 2.0.0 through 2.6.5 allows remote attack ...)
	NOT-FOR-US: AstroCam
CVE-2007-1425 (SQL injection vulnerability in index.php in Triexa SonicMailer Pro 3.2 ...)
	NOT-FOR-US: SonicMailer Pro
CVE-2007-1424 (Multiple PHP remote file inclusion vulnerabilities in Softnews Media G ...)
	NOT-FOR-US: DataLife Engine
CVE-2007-1423 (Multiple PHP remote file inclusion vulnerabilities in WORK system e-co ...)
	NOT-FOR-US: WORK system e-commerce
CVE-2007-1422 (SQL injection vulnerability in goster.asp in fystyq Duyuru Scripti all ...)
	NOT-FOR-US: Duyuru Scripti
CVE-2007-1421 (Multiple PHP remote file inclusion vulnerabilities in Premod SubDog 2  ...)
	NOT-FOR-US: SubDog
CVE-2007-1420 (MySQL 5.x before 5.0.36 allows local users to cause a denial of servic ...)
	- mysql-dfsg-5.0 5.0.32-8 (bug #414790)
	[etch] - mysql-dfsg-5.0 5.0.32-7etch1
CVE-2007-1419 (The Java Management Extensions Remote API Remote Method Invocation ove ...)
	NOT-FOR-US: JMX RMI-IIOP
CVE-2007-1418 (Cross-site scripting (XSS) vulnerability in skins/ace/popup-notopic.ph ...)
	NOT-FOR-US: DekiWiki
CVE-2007-1417 (SQL injection vulnerability in index.php in HC NEWSSYSTEM 1.0-4 allows ...)
	NOT-FOR-US: NEWSSYSTEM
CVE-2007-1416 (PHP remote file inclusion vulnerability in createurl.php in JCcorp (ak ...)
	NOT-FOR-US: URLshrink
CVE-2007-1415 (Multiple PHP remote file inclusion vulnerabilities in PMB Services 3.0 ...)
	NOT-FOR-US: PMB Services
CVE-2007-1414 (Multiple PHP remote file inclusion vulnerabilities in Coppermine Photo ...)
	NOT-FOR-US: Coppermine Photo Gallery
CVE-2007-1413 (Buffer overflow in the snmpget function in the snmp extension in PHP 5 ...)
	- php4 <removed> (unimportant)
	- php5 <removed> (unimportant)
	NOTE: Only triggerable by malicious script
CVE-2007-1412 (The cpdf_open function in the ClibPDF (cpdf) extension in PHP 4.4.6 al ...)
	- php4 <not-affected> (cpdf extension not enabled in binary build)
	- php5 <not-affected> (cpdf extension not enabled in binary build)
CVE-2007-1411 (Buffer overflow in PHP 4.4.6 and earlier, and unspecified PHP 5 versio ...)
	- php4 <not-affected> (no mssql extension in Debian)
	- php5 <not-affected> (no mssql extension in Debian)
CVE-2007-1410 (SQL injection vulnerability in kategori.asp in GaziYapBoz Game Portal  ...)
	NOT-FOR-US: GaziYapBoz Game Portal
CVE-2007-1409 (WordPress allows remote attackers to obtain sensitive information via  ...)
	- wordpress <not-affected> (Path disclosure)
CVE-2007-1408 (Multiple vulnerabilities in (1) bank.php, (2) landfill.php, (3) outpos ...)
	NOT-FOR-US: Vallheru
CVE-2007-1407 (Unspecified vulnerability in OpenSolution Quick.Cart before 2.1 has un ...)
	NOT-FOR-US: Quick.Cart
CVE-2007-1406 (Trac before 0.10.3.1 does not send a Content-Disposition HTTP header s ...)
	[etch] - trac 0.10.3-1etch1
	- trac 0.10.4-1 (bug #414134; bug #420219)
	NOTE: Browser bug, only exploitable on IE, still fixed in a point release
CVE-2007-1405 (Cross-site scripting (XSS) vulnerability in the "download wiki page as ...)
	[etch] - trac 0.10.3-1etch1
	- trac 0.10.4-1 (bug #414134; bug #420219)
	NOTE: Browser bug, only exploitable on IE, still fixed in a point release
CVE-2007-1404 (tftpd.exe in ProSysInfo TFTP Server TFTPDWIN 0.4.2 allows remote attac ...)
	NOT-FOR-US: ProSysInfo TFTP Server
CVE-2007-1403 (Multiple stack-based buffer overflows in an ActiveX control in SwDir.d ...)
	NOT-FOR-US: ActiveX control
CVE-2007-1402 (The Rediff Toolbar 2.0 ActiveX control in redifftoolbar.dll allows rem ...)
	NOT-FOR-US: Rediff Toolbar ActiveX control
CVE-2007-1401 (Buffer overflow in the crack extension (CrackLib), as bundled with PHP ...)
	NOT-FOR-US: php doesn't ship with cracklib activated in debian.
CVE-2007-1400 (Plash permits sandboxed processes to open /dev/tty, which allows local ...)
	NOT-FOR-US: Plash
CVE-2007-1399 (Stack-based buffer overflow in the zip:// URL wrapper in PECL ZIP 1.8. ...)
	{DSA-1330-1}
	- php5 5.2.2-1 (medium)
CVE-2007-1398 (The frag3 preprocessor in Snort 2.6.1.1, 2.6.1.2, and 2.7.0 beta, when ...)
	- snort <not-affected> (Vulnerable code not present)
CVE-2007-1397 (Multiple stack-based buffer overflows in the (1) ExtractRnick and (2)  ...)
	NOT-FOR-US: FiSH IRC Encryption
CVE-2007-1396 (The import_request_variables function in PHP 4.0.7 through 4.4.6, and  ...)
	- php5 5.2.2-1 (unimportant)
	NOTE: Non-issue
CVE-2007-1395 (Incomplete blacklist vulnerability in index.php in phpMyAdmin 2.8.0 th ...)
	{DSA-1370-2 DSA-1370-1}
	- phpmyadmin 4:2.10.0.2-1 (medium)
	[sarge] - phpmyadmin <not-affected> (Vulnerable code not present)
	NOTE: https://www.phpmyadmin.net/security/PMASA-2007-2/
	NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/6215e201eb98226837954059f6c99c9aa1c55a9a
CVE-2007-1394 (Direct static code injection vulnerability in startsession.php in Flat ...)
	NOT-FOR-US: Flat Chat
CVE-2007-1393 (PHP remote file inclusion vulnerability in mysave.php in Magic CMS 4.2 ...)
	NOT-FOR-US: Magic CMS
CVE-2007-1392 (Directory traversal vulnerability in down.php in netForo! 0.1g allows  ...)
	NOT-FOR-US: netForo!
CVE-2007-1391 (PHP remote file inclusion vulnerability in modules/abook/foldertree.ph ...)
	NOT-FOR-US: WEBO
CVE-2007-1390 (Multiple cross-site scripting (XSS) vulnerabilities in dynaliens 2.0 a ...)
	NOT-FOR-US: dynalias
CVE-2007-1389 (dynaliens 2.0 and 2.1 allows remote attackers to bypass authentication ...)
	NOT-FOR-US: dynalias
CVE-2007-1388 (The do_ipv6_setsockopt function in net/ipv6/ipv6_sockglue.c in Linux k ...)
	- linux-2.6 2.6.18.dfsg.1-12
CVE-2007-1387 (The DirectShow loader (loader/dshow/DS_VideoDecoder.c) in MPlayer 1.0r ...)
	{DSA-1536-1}
	- mplayer 1.0~rc1-13 (bug #414075; low)
	- xine-lib 1.1.2+dfsg-3 (bug #414072; low)
	[etch] - mplayer 1.0~rc1-12etch
	[sarge] - xine-lib <no-dsa> (Only affects external, proprietary w32codecs addons)
CVE-2007-1386
	RESERVED
CVE-2007-1385 (chunkcounter.cpp in KTorrent before 2.1.2 allows remote attackers to c ...)
	- ktorrent 2.0.3+dfsg1-2.1 (bug #414832; medium)
CVE-2007-1384 (Directory traversal vulnerability in torrent.cpp in KTorrent before 2. ...)
	- ktorrent 2.0.3+dfsg1-2.1 (bug #414832; medium)
CVE-2007-1383 (Integer overflow in the 16 bit variable reference counter in PHP 4 all ...)
	- php4 <removed> (unimportant)
	NOTE: Only triggerable by malicious PHP scripts, PHP5 not "affected"
CVE-2007-1382 (The PHP COM extensions for PHP on Windows systems allow context-depend ...)
	NOT-FOR-US: Windows PHP COM extensions
CVE-2007-1381 (The wddx_deserialize function in wddx.c 1.119.2.10.2.12 and 1.119.2.10 ...)
	- php5 <not-affected> (Affected only a php5 CVS version, not a release)
CVE-2007-1380 (The php_binary serialization handler in the session extension in PHP b ...)
	{DSA-1283-1 DSA-1282-1 DTSA-39-1 DTSA-40-1}
	[etch] - php5 5.2.0-8+etch1
	- php4 6:4.4.6-1 (low)
	- php5 5.2.0-11 (low)
CVE-2007-1379 (The ovrimos_close function in the Ovrimos extension for PHP before 4.4 ...)
	- php4 <not-affected> (Ovrimus support not included in Debian's PHP packages)
CVE-2007-1378 (The ovrimos_longreadlen function in the Ovrimos extension for PHP befo ...)
	- php4 <not-affected> (Ovrimus support not included in Debian's PHP packages)
CVE-2007-1377 (AcroPDF.DLL in Adobe Reader 8.0, when accessed from Mozilla Firefox, N ...)
	NOT-FOR-US: Adobe Reader
CVE-2007-1376 (The shmop functions in PHP before 4.4.5, and before 5.2.1 in the 5.x s ...)
	{DSA-1283-1 DTSA-39-1}
	- php4 <removed>
	- php5 5.2.0-11
	NOTE: Only triggerable by malicious script
CVE-2007-1375 (Integer overflow in the substr_compare function in PHP 5.2.1 and earli ...)
	{DSA-1283-1 DTSA-39-1}
	- php5 5.2.0-11 (low)
	NOTE: Should be fixed, could be used as a stepstone for further attacks
CVE-2007-1374 (Cross-site scripting (XSS) vulnerability in pop_profile.asp in Snitz F ...)
	NOT-FOR-US: Snitz Forums
CVE-2007-1373 (Stack-based buffer overflow in Mercury/32 (aka Mercury Mail Transport  ...)
	NOT-FOR-US: Mercury Mail Transport System
CVE-2007-1372 (PHP remote file inclusion vulnerability in styles/internal/header.php  ...)
	NOT-FOR-US: PostGuestbook
CVE-2007-1371 (Multiple buffer overflows in Conquest 8.2a and earlier (1) allow local ...)
	- conquest 8.2b-1 (low)
	[sarge] - conquest <no-dsa> (Minor issue)
	[etch] - conquest <no-dsa> (Minor issue)
CVE-2007-1370 (Zend Platform 2.2.3 and earlier has incorrect ownership for scd.sh and ...)
	NOT-FOR-US: Zend Platform
CVE-2007-1369 (ini_modifier (sgid-zendtech) in Zend Platform 2.2.3 and earlier allows ...)
	NOT-FOR-US: Zend Platform
CVE-2007-1368 (The Project issue tracking module before 4.7.x-1.3, 4.7.x-2.* before 4 ...)
	NOT-FOR-US: Drupal module Project
CVE-2007-1367 (Cross-site scripting (XSS) vulnerability in the login page in Avaya Co ...)
	NOT-FOR-US: Avaya Communications Manager
CVE-2007-1366 (QEMU 0.8.2 allows local users to crash a virtual machine via the divis ...)
	{DSA-1284-1 DTSA-38-1 DTSA-133-1}
	- qemu 0.9.0-2 (bug #424070)
	- kvm 66+dfsg-1.1
CVE-2007-1365 (Buffer overflow in kern/uipc_mbuf2.c in OpenBSD 3.9 and 4.0 allows rem ...)
	NOT-FOR-US: OpenBSD Kernel
CVE-2007-1364 (DropAFew before 0.2.1 does not require authorization for certain privi ...)
	NOT-FOR-US: DropAFew
CVE-2007-1363 (Multiple SQL injection vulnerabilities in DropAFew before 0.2.1 allow  ...)
	NOT-FOR-US: DropAFew
CVE-2007-1362 (Mozilla Firefox 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, and SeaM ...)
	{DSA-1308-1 DSA-1306-1 DSA-1300-1 DTSA-45-1 DTSA-47-1 DTSA-51-1}
	NOTE: MFSA2007-14
	- iceape 1.1.2-1 (low)
	- iceweasel 2.0.0.4-1 (low)
	- xulrunner 1.8.1.4-1 (low)
CVE-2007-1361 (Cross-site scripting (XSS) vulnerability in virtuemart_parser.php in V ...)
	NOT-FOR-US: VirtueMart
CVE-2007-1360 (Unspecified vulnerability in the Nodefamily module for Drupal 5.x befo ...)
	NOT-FOR-US: Drupal module Nodefamily
CVE-2007-1359 (Interpretation conflict in ModSecurity (mod_security) 2.1.0 and earlie ...)
	- libapache-mod-security 2.1.2-1
CVE-2007-1358 (Cross-site scripting (XSS) vulnerability in certain applications using ...)
	- tomcat4 <removed> (low)
	[sarge] - tomcat4 <no-dsa> (Contrib not supported)
CVE-2007-1357 (The atalk_sum_skb function in AppleTalk for Linux kernel 2.6.x before  ...)
	{DSA-1304 DSA-1286-1}
	- linux-2.6 2.6.20-1
CVE-2007-1356
	REJECTED
CVE-2007-1355 (Multiple cross-site scripting (XSS) vulnerabilities in the appdev/samp ...)
	- tomcat4 <removed> (unimportant)
	- tomcat5 <removed> (unimportant)
	- tomcat5.5 5.5.25-1 (unimportant)
	NOTE: Just an example application for documentation purposes
CVE-2007-1354 (The Access Control functionality (JMXOpsAccessControlFilter) in JMX Co ...)
	NOT-FOR-US: JBoss Application Server
CVE-2007-1353 (The setsockopt function in the L2CAP and HCI Bluetooth support in the  ...)
	{DSA-1503-2 DSA-1504-1 DSA-1503-1 DSA-1356-1}
	- linux-2.6 2.6.22-1 (low)
CVE-2007-1352 (Integer overflow in the FontFileInitTable function in X.Org libXfont b ...)
	{DSA-1294-1}
	- libxfont 1:1.2.2-2 (medium)
CVE-2007-1351 (Integer overflow in the bdfReadCharacters function in bdfread.c in (1) ...)
	{DSA-1454-1 DSA-1294-1}
	- libxfont 1:1.2.2-2 (medium)
	- freetype 2.3.5-1 (medium; bug #426771)
CVE-2007-1350 (Stack-based buffer overflow in webadmin.exe in Novell NetMail 3.5.2 al ...)
	NOT-FOR-US: Novell NetMail
CVE-2007-1349 (PerlRun.pm in Apache mod_perl before 1.30, and RegistryCooker.pm in mo ...)
	- apache <removed> (low)
	- libapache2-mod-perl2 2.0.2-5 (low; bug #433549)
	[etch] - libapache2-mod-perl2 <no-dsa> (Minor issue)
	[etch] - apache 1.3.34-4.1+etch1
CVE-2007-1348
	REJECTED
CVE-2007-1347 (Microsoft Windows Explorer on Windows 2000 SP4 FR and XP SP2 FR, and p ...)
	NOT-FOR-US: Microsoft Windows Explorer
CVE-2007-1346 (Unspecified vulnerability in ipmitool for Sun Fire X2100M2 and X2200M2 ...)
	NOT-FOR-US: Sun Fire Server
CVE-2007-1345 (Unspecified vulnerability in cube.exe in the GINA component for CA (Co ...)
	NOT-FOR-US: CA eTrust Admin
CVE-2007-1344 (Multiple buffer overflows in src/ezstream.c in Ezstream before 0.3.0 a ...)
	NOT-FOR-US: Ezstream
CVE-2007-1343 (includes/functions.php in Craig Knudsen WebCalendar before 1.0.5 does  ...)
	{DSA-1267-1}
	- webcalendar 1.0.5-1 (high)
CVE-2007-1342 (Cross-site scripting (XSS) vulnerability in admincp/index.php in Jelso ...)
	NOT-FOR-US: vBulletin
CVE-2007-1341 (include/auth/auth.php in Simple Invoices before 2007 03 05 does not us ...)
	NOT-FOR-US: Simple Invoices
CVE-2007-1340 (PHP remote file inclusion vulnerability in eintrag.php in Weltennetz N ...)
	NOT-FOR-US: News-Letterman
CVE-2007-1339 (SQL injection vulnerability in index.php in Links Management Applicati ...)
	NOT-FOR-US: Links Management Application
CVE-2007-1338 (The default configuration of the AirPort utility in Apple AirPort Extr ...)
	NOT-FOR-US: Apple AirPort Extreme
CVE-2007-1337 (The virtual machine process (VMX) in VMware Workstation before 5.5.4 d ...)
	NOT-FOR-US: VMware
CVE-2007-1336
	RESERVED
CVE-2007-1335
	RESERVED
CVE-2007-1334
	RESERVED
CVE-2007-1333
	RESERVED
CVE-2007-1332 (Multiple cross-site request forgery (CSRF) vulnerabilities in TKS Bank ...)
	NOT-FOR-US: TKS Banking Solutions ePortfolio
CVE-2007-1331 (Multiple cross-site scripting (XSS) vulnerabilities in TKS Banking Sol ...)
	NOT-FOR-US: TKS Banking Solutions ePortfolio
CVE-2007-1330 (Comodo Firewall Pro (CFP) (formerly Comodo Personal Firewall) 2.4.18.1 ...)
	NOT-FOR-US: Comodo Firewall Pro
CVE-2007-1329 (Directory traversal vulnerability in SQL-Ledger, and LedgerSMB before  ...)
	- sql-ledger <unfixed> (unimportant; bug #409703)
	NOTE: It's documented behaviour that SQL-Ledger should only be run in an
	NOTE: authenticated HTTP zone and without untrusted users
CVE-2007-1328 (Cross-site scripting (XSS) vulnerability in formulaire.php in Bernard  ...)
	NOT-FOR-US: JOLY BJ Webring
CVE-2007-1327 (The SILC_SERVER_CMD_FUNC function in apps/silcd/command.c in silc-serv ...)
	NOT-FOR-US: silc daemon
CVE-2007-1326 (SQL injection vulnerability in index.php in Serendipity 1.1.1 allows r ...)
	- serendipity <removed> (unimportant)
	NOTE: http://blog.s9y.org/archives/164-Serendipity-1.1.2-released.html
CVE-2007-1325 (The PMA_ArrayWalkRecursive function in libraries/common.lib.php in php ...)
	{DSA-1370-2 DSA-1370-1}
	- phpmyadmin 4:2.10.0.2-1
	[sarge] - phpmyadmin <not-affected> (Vulnerable code not present)
	NOTE: https://www.phpmyadmin.net/security/PMASA-2007-3/
	NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/b81f9a364c2a2204e6acbdff5b71e6cc6daead1e
CVE-2007-1324 (SnapGear 560, 585, 580, 640, 710, and 720 appliances before the 3.1.4u ...)
	NOT-FOR-US: SnapGear
CVE-2007-1323
	REJECTED
CVE-2007-1322 (QEMU 0.8.2 allows local users to halt a virtual machine by executing t ...)
	{DSA-1284-1 DTSA-38-1 DTSA-133-1}
	- qemu 0.9.0-2 (bug #424070)
	- kvm 66+dfsg-1.1
CVE-2007-1321 (Integer signedness error in the NE2000 emulator in QEMU 0.8.2, as used ...)
	{DSA-1284-1 DTSA-38-1 DTSA-133-1}
	- qemu 0.9.0-2 (bug #424070)
	- kvm 66+dfsg-1.1
CVE-2007-1320 (Multiple heap-based buffer overflows in the cirrus_invalidate_region f ...)
	{DSA-1384-1 DSA-1284-1 DTSA-38-1 DTSA-133-1}
	- qemu 0.9.0-2 (bug #424070)
	- kvm 66+dfsg-1.1
	- xen-3 3.1.0-2 (bug #444007; medium)
	- xen-3.0 <removed>
CVE-2007-1319 (Unspecified vulnerability in the IOPCServer::RemoveGroup function in t ...)
	NOT-FOR-US: DeviceXPlorer OLE
CVE-2007-1318
	RESERVED
CVE-2007-1317
	RESERVED
CVE-2007-1316
	RESERVED
CVE-2007-1315
	RESERVED
CVE-2007-1314
	RESERVED
CVE-2007-1313 (NETxAutomation NETxEIB OPC Server before 3.0.1300 does not properly va ...)
	NOT-FOR-US: NETxAutomation NETxEIB OPC Server
CVE-2007-1312
	RESERVED
CVE-2007-1311
	RESERVED
CVE-2007-1310
	RESERVED
CVE-2007-1309 (Novell Access Management 3 SSLVPN Server allows remote authenticated u ...)
	NOT-FOR-US: Novell Access Management
CVE-2007-1308 (ecma/kjs_html.cpp in KDE JavaScript (KJS), as used in Konqueror in KDE ...)
	- kdelibs <unfixed> (unimportant)
	NOTE: Browser crashes not treated as security problems
CVE-2007-1307 (Unspecified vulnerability in Lenovo Intel PRO/1000 LAN adapter before  ...)
	NOT-FOR-US: Microsoft Windows Driver for Intel PRO/1000 LAN
CVE-2007-1306 (Asterisk 1.4 before 1.4.1 and 1.2 before 1.2.16 allows remote attacker ...)
	{DSA-1358-1}
	- asterisk 1:1.2.16~dfsg-1 (medium)
CVE-2007-1305 (Multiple cross-site scripting (XSS) vulnerabilities in add2.php in Sav ...)
	NOT-FOR-US: Sava's Guestbook
CVE-2007-1304 (Multiple SQL injection vulnerabilities in add2.php in Sava's Guestbook ...)
	NOT-FOR-US: Sava's Guestbook
CVE-2007-1303 (Directory traversal vulnerability in rb.cgi in RRDBrowse 1.6 and earli ...)
	NOT-FOR-US: RRDBrowse
CVE-2007-1302 (SQL injection vulnerability in guestbook.php in LI-Guestbook 1.1, when ...)
	NOT-FOR-US: LI-Guestbook
CVE-2007-1301 (Stack-based buffer overflow in the IMAP service in MailEnable Enterpri ...)
	NOT-FOR-US: MailEnable Enterprise
CVE-2007-1300 (DOURAN Software Technologies ISPUtil 3.32.84.1, and possibly earlier v ...)
	NOT-FOR-US: ISPUtil
CVE-2007-1299 (PHP remote file inclusion vulnerability in index.php in Mani Stats Rea ...)
	NOT-FOR-US: Mani Stats Reader
CVE-2007-1298 (SQL injection vulnerability in subcat.php in AJ Auction 1.0 allows rem ...)
	NOT-FOR-US: AJ Auction
CVE-2007-1297 (SQL injection vulnerability in view_profile.php in AJDating 1.0 allows ...)
	NOT-FOR-US: AJ Dating
CVE-2007-1296 (SQL injection vulnerability in postingdetails.php in AJ Classifieds 1. ...)
	NOT-FOR-US: AJ Classifieds
CVE-2007-1295 (SQL injection vulnerability in topic_title.php in AJ Forum 1.0 allows  ...)
	NOT-FOR-US: AJ Forum
CVE-2007-1294 (A certain ActiveX control in the DivXBrowserPlugin (npdivx32.dll) in D ...)
	NOT-FOR-US: DivXBrowserPlugin ActiveX control
CVE-2007-1293 (SQL injection vulnerability in Rigter Portal System (RPS) 6.2, when ma ...)
	NOT-FOR-US: Rigter Portal System
CVE-2007-1292 (SQL injection vulnerability in inlinemod.php in Jelsoft vBulletin befo ...)
	NOT-FOR-US: vBulletin
CVE-2007-1291 (Multiple cross-site scripting (XSS) vulnerabilities in Tyger Bug Track ...)
	NOT-FOR-US: TygerBT
CVE-2007-1290 (SQL injection vulnerability in ViewReport.php in Tyger Bug Tracking Sy ...)
	NOT-FOR-US: TygerBT
CVE-2007-1289 (SQL injection vulnerability in ViewBugs.php in Tyger Bug Tracking Syst ...)
	NOT-FOR-US: TygerBT
CVE-2007-1288 (Multiple PHP remote file inclusion vulnerabilities in Webmobo WB News  ...)
	NOT-FOR-US: WB News
CVE-2007-XXXX [unsafe temporary file in lintian's objdump-info]
	- lintian 1.23.28 (low)
	[sarge] - lintian <not-affected> (Vulnerable code not present)
CVE-2007-1287 (A regression error in the phpinfo function in PHP 4.4.3 to 4.4.6, and  ...)
	- php4 <removed> (unimportant)
	[sarge] - php4 <not-affected> (Regression introduced in 4.4.3)
	NOTE: Non-issue, explicit debug feature
CVE-2007-1286 (Integer overflow in PHP 4.4.4 and earlier allows remote context-depend ...)
	{DSA-1283-1 DSA-1282-1 DTSA-39-1 DTSA-40-1}
	- php4 6:4.4.6-1 (low)
	- php5 5.2.0-11 (low)
CVE-2007-1285 (The Zend Engine in PHP 4.x before 4.4.7, and 5.x before 5.2.2, allows  ...)
	- php5 5.2.2-1 (unimportant)
	- php4 <removed> (unimportant)
	NOTE: Needs to be sanisited within apps, only crashes the current instance anyway
CVE-2007-1284
	RESERVED
CVE-2007-1283
	RESERVED
CVE-2007-1282 (Integer overflow in Mozilla Thunderbird before 1.5.0.10 and SeaMonkey  ...)
	{DSA-1336-1}
	- icedove 1.5.0.10.dfsg1-1 (medium)
CVE-2007-1281 (Kaspersky AntiVirus Engine 6.0.1.411 for Windows and 5.5-10 for Linux  ...)
	NOT-FOR-US: Kaspersky AntiVirus Engine
CVE-2007-1280 (Cross-site scripting (XSS) vulnerability in Adobe RoboHelp X5, 6, and  ...)
	NOT-FOR-US: Adobe
CVE-2007-1279 (Unspecified vulnerability in the installer for Adobe Bridge 1.0.3 upda ...)
	NOT-FOR-US: Adobe
CVE-2007-1278 (Unspecified vulnerability in the IIS connector in Adobe JRun 4.0 Updat ...)
	NOT-FOR-US: Adobe JRun and Coldfusion
CVE-2007-1277 (WordPress 2.1.1, as downloaded from some official distribution sites d ...)
	- wordpress <not-affected> (orig.tar.gz not compromised)
CVE-2007-1276 (Multiple cross-site scripting (XSS) vulnerabilities in chooser.cgi in  ...)
	- webmin <removed>
CVE-2007-1275
	RESERVED
CVE-2007-1274
	RESERVED
CVE-2007-XXXX [buffer overruns in GIT's http-push.c, fixed in 1.5.0.3]
	- git-core 1:1.5.0.3-1 (bug #413629; low)
	[etch] - git-core 1:1.4.4.4-2 (bug #413629; low)
CVE-2007-1273 (Integer overflow in the ktruser function in NetBSD-current before 2006 ...)
	NOT-FOR-US: NetBSD Kernel
CVE-2007-1272
	RESERVED
CVE-2007-1271 (Buffer overflow in VMware ESX Server 3.0.0 and 3.0.1 might allow attac ...)
	NOT-FOR-US: VMware ESX Server
CVE-2007-1270 (Double free vulnerability in VMware ESX Server 3.0.0 and 3.0.1 allows  ...)
	NOT-FOR-US: VMware ESX Server
CVE-2007-1269 (GNUMail 1.1.2 and earlier does not properly use the --status-fd argume ...)
	- gnumail <unfixed> (unimportant)
	NOTE: this is a "feature request", since gnupg is fixed from CVE-2007-1263
CVE-2007-1268 (Mutt 1.5.13 and earlier does not properly use the --status-fd argument ...)
	- mutt <unfixed> (unimportant)
	NOTE: this is a "feature request", since gnupg is fixed from CVE-2007-1263
CVE-2007-1267 (Sylpheed 2.2.7 and earlier does not properly use the --status-fd argum ...)
	- sylpheed <unfixed> (unimportant)
	NOTE: this is a "feature request", since gnupg is fixed from CVE-2007-1263
CVE-2007-1266 (Evolution 2.8.1 and earlier does not properly use the --status-fd argu ...)
	- evolution <unfixed> (unimportant)
	NOTE: this is a "feature request", since gnupg is fixed from CVE-2007-1263
CVE-2007-1265 (KMail 1.9.5 and earlier does not properly use the --status-fd argument ...)
	- kdepim <unfixed> (unimportant)
	NOTE: this is a "feature request", since gnupg is fixed from CVE-2007-1263
CVE-2007-1264 (Enigmail 0.94.2 and earlier does not properly use the --status-fd argu ...)
	- enigmail 2:0.95.0+1-1 (unimportant; bug #415225)
	NOTE: this is a "feature request", since gnupg is fixed from CVE-2007-1263
CVE-2007-1263 (GnuPG 1.4.6 and earlier and GPGME before 1.1.4, when run from the comm ...)
	{DSA-1266-1}
	- gnupg 1.4.6-2 (bug #413922; low)
	- gpgme1.0 1.1.2-3 (bug #414170; low)
	- gnupg2 2.0.3-1
	[sarge] - gnupg2 <no-dsa> (Minor issue)
	[etch] - gnupg2 <no-dsa> (Minor issue)
CVE-2007-1262 (Multiple cross-site scripting (XSS) vulnerabilities in the HTML filter ...)
	{DSA-1290-1}
	- squirrelmail 2:1.4.10a-1
CVE-2007-1261 (Unspecified vulnerability in the reports system in OpenBiblio before 0 ...)
	NOT-FOR-US: OpenBiblio
CVE-2007-1260 (Stack-based buffer overflow in the connectHandle function in server.cp ...)
	NOT-FOR-US: WebMod
CVE-2007-1259 (Multiple unspecified vulnerabilities in WebAPP before 0.9.9.6 have unk ...)
	NOT-FOR-US: WebAPP
CVE-2007-1258 (Unspecified vulnerability in Cisco IOS 12.2SXA, SXB, SXD, and SXF; and ...)
	NOT-FOR-US: Cisco
CVE-2007-1257 (The Network Analysis Module (NAM) in Cisco Catalyst Series 6000, 6500, ...)
	NOT-FOR-US: Cisco
CVE-2007-1256 (Mozilla Firefox 2.0.0.2 allows remote attackers to spoof the address b ...)
	- iceweasel <removed> (unimportant)
	NOTE: Not exploitable
CVE-2007-1255 (Unrestricted file upload vulnerability in admin.bbcode.php in Connecti ...)
	NOT-FOR-US: Connectix Boards
CVE-2007-1254 (SQL injection vulnerability in part.userprofile.php in Connectix Board ...)
	NOT-FOR-US: Connectix Boards
CVE-2007-1253 (Eval injection vulnerability in the (a) kmz_ImportWithMesh.py Script f ...)
	- blender 2.42a-6 (medium)
	[sarge] - blender <not-affected> (bug was introduced in version 2.42)
	NOTE: http://lists.alioth.debian.org/pipermail/secure-testing-team/2007-March/001095.html
CVE-2007-1252 (Buffer overflow in Symantec Mail Security for SMTP 5.0 before Patch 17 ...)
	NOT-FOR-US: Symantec Mail Security
CVE-2007-1251 (Format string vulnerability in the new_warning function in ntserv/warn ...)
	NOT-FOR-US: Netrek Vanilla Server
CVE-2007-1250 (SQL injection vulnerability in section/default.asp in ANGEL Learning M ...)
	NOT-FOR-US: Learning Management Suite
CVE-2007-1249 (MoveSortedContentAction in C1 Financial Services Contelligent 9.1.4 do ...)
	NOT-FOR-US: Contelligent
CVE-2007-1248 (Multiple cross-site scripting (XSS) vulnerabilities in built2go News M ...)
	NOT-FOR-US: News Manager Blog
CVE-2007-1247 (Multiple PHP remote file inclusion vulnerabilities in aWeb Labs aWebNe ...)
	NOT-FOR-US: aWebNews
CVE-2007-1246 (The DMO_VideoDecoder_Open function in loader/dmo/DMO_VideoDecoder.c in ...)
	{DSA-1536-1}
	- mplayer 1.0~rc1-13 (bug #414075; medium)
	- xine-lib 1.1.2+dfsg-3 (bug #414072; medium)
	[etch] - mplayer 1.0~rc1-12etch
	[sarge] - xine-lib <no-dsa> (Only affects external, proprietary w32codecs addons)
	NOTE: vlc checked, and is not affected.
CVE-2007-1245 (IrfanView 3.99 allows remote attackers to cause a denial of service (a ...)
	NOT-FOR-US: IrfanView
CVE-2007-1244 (Cross-site request forgery (CSRF) vulnerability in the AdminPanel in W ...)
	- wordpress 2.1.2-1 (medium)
	[etch] - wordpress 2.0.10
CVE-2007-1243 (Audins Audiens 3.3 allows remote attackers to bypass authentication an ...)
	NOT-FOR-US: Audins Audiens
CVE-2007-1242 (SQL injection vulnerability in system/index.php in Audins Audiens 3.3  ...)
	NOT-FOR-US: Audins Audiens
CVE-2007-1241 (Cross-site scripting (XSS) vulnerability in setup.php in Audins Audien ...)
	NOT-FOR-US: Audins Audiens
CVE-2007-1240 (Multiple cross-site scripting (XSS) vulnerabilities in Docebo CMS 3.0. ...)
	NOT-FOR-US: Docebo CMS
CVE-2007-1239 (Microsoft Excel 2003 does not properly parse .XLS files, which allows  ...)
	NOT-FOR-US: Microsoft Office
CVE-2007-1238 (Microsoft Office 2003 allows user-assisted remote attackers to cause a ...)
	NOT-FOR-US: Microsoft Office
CVE-2007-1237 (sitex allows remote attackers to obtain potentially sensitive informat ...)
	NOT-FOR-US: sitex
CVE-2007-1236 (sitex allows remote attackers to obtain sensitive information via a re ...)
	NOT-FOR-US: sitex
CVE-2007-1235 (Unrestricted file upload vulnerability in sitex allows remote attacker ...)
	NOT-FOR-US: sitex
CVE-2007-1234 (Multiple cross-site scripting (XSS) vulnerabilities in sitex allow rem ...)
	NOT-FOR-US: sitex
CVE-2007-1233 (PHP remote file inclusion vulnerability in downloadcounter.php in STWC ...)
	NOT-FOR-US: STWC-Counter
CVE-2007-1232 (Directory traversal vulnerability in SQLiteManager 1.2.0 allows remote ...)
	NOT-FOR-US: SQLiteManager
CVE-2007-1231 (Multiple cross-site scripting (XSS) vulnerabilities in SQLiteManager 1 ...)
	NOT-FOR-US: SQLiteManager
CVE-2007-1230 (Multiple cross-site scripting (XSS) vulnerabilities in wp-includes/fun ...)
	- wordpress 2.1.2-1 (medium)
	[etch] - wordpress 2.0.10
CVE-2007-1229 (Cross-site scripting (XSS) vulnerability in the Nullsoft ShoutcastServ ...)
	NOT-FOR-US: Nullsoft ShoutcastServer
CVE-2007-1228 (IBM DB2 UDB 8.2 before Fixpak 7 (aka fixpack 14), and DB2 9 before Fix ...)
	NOT-FOR-US: IBM DB2
CVE-2007-1227 (VShieldCheck in McAfee VirusScan for Mac (Virex) before 7.7 patch 1 al ...)
	NOT-FOR-US: McAfee VirusScan
CVE-2007-1226 (McAfee VirusScan for Mac (Virex) before 7.7 patch 1 has weak permissio ...)
	NOT-FOR-US: McAfee VirusScan
CVE-2007-1225 (The connection log file implementation in Grok Developments NetProxy 4 ...)
	NOT-FOR-US: Grok Developments NetProxy
CVE-2007-1224 (Grok Developments NetProxy 4.03 allows remote attackers to bypass URL  ...)
	NOT-FOR-US: Grok Developments NetProxy
CVE-2007-1223 (Unspecified vulnerability in Hitachi OSAS/FT/W before 20070223 allows  ...)
	NOT-FOR-US: Hitachi OSAS/FT/W
CVE-2007-1222 (Parallels Desktop for Mac before 20070216 implements Drag and Drop by  ...)
	NOT-FOR-US: Parallels Desktop
CVE-2007-1221 (The Hypervisor in Microsoft Xbox 360 kernel 4532 and 4548 allows attac ...)
	NOT-FOR-US: Microsoft Xbox 360
CVE-2007-1220 (The Hypervisor in Microsoft Xbox 360 kernel 4532 and 4548 does not pro ...)
	NOT-FOR-US: Microsoft Xbox 360
CVE-2007-1219 (PHP remote file inclusion vulnerability in actions/del.php in Admin Ph ...)
	NOT-FOR-US: Phorum
CVE-2007-1217 (Buffer overflow in the bufprint function in capiutil.c in libcapi, as  ...)
	- isdnutils 1:3.9.20060704-3 (bug #408530; low)
	[sarge] - isdnutils <no-dsa> (Not exploitable over ISDN network)
	- asterisk-chan-capi 0.7.1-1.1 (bug #411293; unimportant)
	- linux-2.6 2.6.21-1 (bug #411294; unimportant)
	NOTE: Not exploitable over ISDN network, only theoretically through a dedicated CAPI server
CVE-2007-1216 (Double free vulnerability in the GSS-API library (lib/gssapi/krb5/k5un ...)
	{DSA-1276-1}
	- krb5 1.4.4-8 (high)
CVE-2007-1215 (Buffer overflow in the Graphics Device Interface (GDI) in Microsoft Wi ...)
	NOT-FOR-US: Microsoft GDI
CVE-2007-1214 (Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2003 Viewer, and 2004 fo ...)
	NOT-FOR-US: Microsoft Excel
CVE-2007-1213 (The TrueType Fonts rasterizer in Microsoft Windows 2000 SP4 allows loc ...)
	NOT-FOR-US: Microsoft Windows
CVE-2007-1212 (Buffer overflow in the Graphics Device Interface (GDI) in Microsoft Wi ...)
	NOT-FOR-US: Microsoft GDI
CVE-2007-1211 (Unspecified kernel GDI functions in Microsoft Windows 2000 SP4; XP SP2 ...)
	NOT-FOR-US: Microsoft Windows
CVE-2007-1210
	REJECTED
CVE-2007-1209 (Use-after-free vulnerability in the Client/Server Run-time Subsystem ( ...)
	NOT-FOR-US: Windows Vista
CVE-2007-1208
	REJECTED
CVE-2007-1207
	REJECTED
CVE-2007-1206 (The Virtual DOS Machine (VDM) in the Windows Kernel in Microsoft Windo ...)
	NOT-FOR-US: Microsoft Windows
CVE-2007-1205 (Unspecified vulnerability in Microsoft Agent (msagent\agentsvr.exe) in ...)
	NOT-FOR-US: Microsoft Windows
CVE-2007-1204 (Stack-based buffer overflow in the Universal Plug and Play (UPnP) serv ...)
	NOT-FOR-US: Microsoft Windows
CVE-2007-1203 (Unspecified vulnerability in Microsoft Excel 2000 SP3, 2002 SP3, 2003  ...)
	NOT-FOR-US: Microsoft Excel
CVE-2007-1202 (Word (or Word Viewer) in Microsoft Office 2000 SP3, XP SP3, 2003 SP2,  ...)
	NOT-FOR-US: Microsoft Word
CVE-2007-1201 (Unspecified vulnerability in certain COM objects in Microsoft Office W ...)
	NOT-FOR-US: Microsoft Office
CVE-2007-1200
	RESERVED
CVE-2007-1199 (Adobe Reader and Acrobat Trial allow remote attackers to read arbitrar ...)
	NOT-FOR-US: Acrobat Reader
CVE-2007-1198 (Cross-site scripting (XSS) vulnerability in TaskFreak! before 0.5.7 al ...)
	NOT-FOR-US: TaskFreak!
CVE-2007-1197 (Multiple unspecified vulnerabilities in Epiware before 4.7.5 have unkn ...)
	NOT-FOR-US: Epiware
CVE-2007-1196 (Unspecified vulnerability in Citrix Presentation Server Client for Win ...)
	NOT-FOR-US: Citrix
CVE-2007-1195 (Multiple buffer overflows in XM Easy Personal FTP Server 5.3.0 allow r ...)
	NOT-FOR-US: XM Easy Personal FTP Server
CVE-2007-1194 (Norman SandBox Analyzer does not use the proper range for Interrupt De ...)
	NOT-FOR-US: SandBox Analyzer
CVE-2007-1193 (Multiple unspecified vulnerabilities in the Login page in OrangeHRM be ...)
	NOT-FOR-US: OrangeHRM
CVE-2007-1192 (Thomas R. Pasawicz HyperBook Guestbook 1.30 stores sensitive informati ...)
	NOT-FOR-US: HyperBook Guestbook
CVE-2007-1191 (The Social Bookmarks (del.icio.us) plug-in 8F in Quicksilver writes us ...)
	NOT-FOR-US: Quicksilver plugin Social Bookmarks
CVE-2007-1190 (Unspecified vulnerability in the EmbeddedWB Web Browser ActiveX contro ...)
	NOT-FOR-US: EmbeddedWB ActiveX control
CVE-2007-1189 (Integer overflow in the envwrite function in the Alcatel-Lucent Bell L ...)
	NOT-FOR-US: Alcatel-Lucent Bell Labs Plan 9
CVE-2007-1188 (WebAPP before 0.9.9.5 allows remote attackers to submit Search form in ...)
	NOT-FOR-US: WebAPP
CVE-2007-1187 (WebAPP before 0.9.9.5 allows remote authenticated users, without admin ...)
	NOT-FOR-US: WebAPP
CVE-2007-1186 (WebAPP before 0.9.9.5 does not "censor" the Latest Member real name, w ...)
	NOT-FOR-US: WebAPP
CVE-2007-1185 (The (1) Search, (2) Edit Profile, (3) Recommend, and (4) User Approval ...)
	NOT-FOR-US: WebAPP
CVE-2007-1184 (The default configuration of WebAPP before 0.9.9.5 has a CAPTCHA setti ...)
	NOT-FOR-US: WebAPP
CVE-2007-1183 (WebAPP before 0.9.9.5 allows remote authenticated users to spoof anoth ...)
	NOT-FOR-US: WebAPP
CVE-2007-1182 (WebAPP before 0.9.9.5 allows remote Guest users to edit a Guest profil ...)
	NOT-FOR-US: WebAPP
CVE-2007-1181 (WebAPP before 0.9.9.5 passes (1) Unused Informations and (2) the usern ...)
	NOT-FOR-US: WebAPP
CVE-2007-1180 (WebAPP before 0.9.9.5 does not check referrers in certain forms, which ...)
	NOT-FOR-US: WebAPP
CVE-2007-1179 (WebAPP before 0.9.9.5 does not properly manage e-mail addresses in cer ...)
	NOT-FOR-US: WebAPP
CVE-2007-1178 (WebAPP before 0.9.9.5 does not check access in certain contexts relate ...)
	NOT-FOR-US: WebAPP
CVE-2007-1177 (WebAPP before 0.9.9.5 does not properly filter certain characters in c ...)
	NOT-FOR-US: WebAPP
CVE-2007-1176 (Multiple cross-site scripting (XSS) vulnerabilities in WebAPP before 0 ...)
	NOT-FOR-US: WebAPP
CVE-2007-1175 (Cross-site scripting (XSS) vulnerability in an admin feature in WebAPP ...)
	NOT-FOR-US: WebAPP
CVE-2007-1174 (Multiple cross-site scripting (XSS) vulnerabilities in WebAPP before 2 ...)
	NOT-FOR-US: WebAPP
CVE-2007-1173 (Multiple buffer overflows in the CentennialIPTransferServer service (X ...)
	NOT-FOR-US: CentennialIPTransferServer
CVE-2007-1172 (SQL injection vulnerability in nukesentinel.php in NukeSentinel 2.5.05 ...)
	NOT-FOR-US: WebAPP
CVE-2007-1171 (SQL injection vulnerability in includes/nsbypass.php in NukeSentinel 2 ...)
	NOT-FOR-US: NukeSentinel
CVE-2007-1170 (SimBin GTR - FIA GT Racing Game 1.5.0.0 and earlier, GT Legends 1.1.0. ...)
	NOT-FOR-US: SimBin Racing
CVE-2007-1169 (The web interface in Trend Micro ServerProtect for Linux (SPLX) 1.25,  ...)
	NOT-FOR-US: Trend Micro ServerProtect
CVE-2007-1168 (Trend Micro ServerProtect for Linux (SPLX) 1.25, 1.3, and 2.5 before 2 ...)
	NOT-FOR-US: Trend Micro ServerProtect
CVE-2007-1167 (inc/filebrowser/browser.php in deV!L`z Clanportal (DZCP) 1.4.5 and ear ...)
	NOT-FOR-US: Clanportal
CVE-2007-1166 (SQL injection vulnerability in result.php in Nabopoll 1.2 allows remot ...)
	NOT-FOR-US: Nabopoll
CVE-2007-1165 (Multiple PHP remote file inclusion vulnerabilities in DBGuestbook 1.1  ...)
	NOT-FOR-US: DBGuestbook
CVE-2007-1164 (Multiple PHP remote file inclusion vulnerabilities in DBImageGallery 1 ...)
	NOT-FOR-US: DBImageGallery
CVE-2007-1163 (SQL injection vulnerability in printview.php in webSPELL 4.01.02 and e ...)
	NOT-FOR-US: webSPELL
CVE-2007-1162 (A certain ActiveX control in the Common Controls Replacement Project ( ...)
	NOT-FOR-US: Common Controls ActiveX control
CVE-2007-1161 (Cross-site scripting (XSS) vulnerability in call_entry.php in Call Cen ...)
	NOT-FOR-US: Call Center Software
CVE-2007-1218 (Off-by-one buffer overflow in the parse_elements function in the 802.1 ...)
	{DSA-1272-1}
	- tcpdump 3.9.5-2 (bug #413430; low)
CVE-2007-1160 (webSPELL 4.0, and possibly later versions, allows remote attackers to  ...)
	NOT-FOR-US: webSPELL
CVE-2007-1159 (Cross-site scripting (XSS) vulnerability in modules/out.php in Pyropho ...)
	NOT-FOR-US: Pyrophobia
CVE-2007-1158 (Directory traversal vulnerability in index.php in the Pagesetter 6.2.0 ...)
	NOT-FOR-US: Pagesetter
CVE-2007-1157 (Cross-site request forgery (CSRF) vulnerability in jmx-console/HtmlAda ...)
	NOT-FOR-US: JBoss
CVE-2007-1156 (JBrowser allows remote attackers to bypass authentication and access c ...)
	NOT-FOR-US: JBrowser
CVE-2007-1155 (Unrestricted file upload vulnerability in webSPELL allows remote authe ...)
	NOT-FOR-US: webSPELL
CVE-2007-1154 (SQL injection vulnerability in webSPELL allows remote attackers to exe ...)
	NOT-FOR-US: webSPELL
CVE-2007-1153 (Multiple PHP remote file inclusion vulnerabilities in CutePHP CuteNews ...)
	NOT-FOR-US: CuteNews
CVE-2007-1152 (Multiple directory traversal vulnerabilities in Pyrophobia 2.1.3.1 all ...)
	NOT-FOR-US: Pyrophobia
CVE-2007-1151 (Cross-site scripting (XSS) vulnerability in LoveCMS 1.4 allows remote  ...)
	NOT-FOR-US: LoveCMS
CVE-2007-1150 (Unrestricted file upload vulnerability in LoveCMS 1.4 allows remote au ...)
	NOT-FOR-US: LoveCMS
CVE-2007-1149 (Multiple directory traversal vulnerabilities in LoveCMS 1.4 allow remo ...)
	NOT-FOR-US: LoveCMS
CVE-2007-1148 (PHP remote file inclusion vulnerability in install/index.php in LoveCM ...)
	NOT-FOR-US: LoveCMS
CVE-2007-1147 (PHP remote file inclusion vulnerability in view.php in hbm allows remo ...)
	NOT-FOR-US: hbm
CVE-2007-1146 (PHP remote file inclusion vulnerability in function.php in arabhost al ...)
	NOT-FOR-US: arabhost
CVE-2007-1145 (Multiple cross-site scripting (XSS) vulnerabilities in Kayako SupportS ...)
	NOT-FOR-US: Kayako SupportSuite
CVE-2007-1144 (Directory traversal vulnerability in jwpn-photos.php in J-Web Pics Nav ...)
	NOT-FOR-US: J-Web Pics Navigator
CVE-2007-1143 (Directory traversal vulnerability in pn-menu.php in J-Web Pics Navigat ...)
	NOT-FOR-US: J-Web Pics Navigator
CVE-2007-1142 (Cross-site scripting (XSS) vulnerability in Magic News Plus 1.0.2 allo ...)
	NOT-FOR-US: Magic News Plus
CVE-2007-1141 (PHP remote file inclusion vulnerability in preview.php in Magic News P ...)
	NOT-FOR-US: Magic News Plus
CVE-2007-1140 (Directory traversal vulnerability in edit.php in pheap allows remote a ...)
	NOT-FOR-US: pheap
CVE-2007-1139 (Unrestricted file upload vulnerability in Cromosoft Simple Plantilla P ...)
	NOT-FOR-US: Simple Plantilla PHP
CVE-2007-1138 (Absolute path traversal vulnerability in list_main_pages.php in Cromos ...)
	NOT-FOR-US: Simple Plantilla PHP
CVE-2007-1137 (putmail.py in Putmail before 1.4 does not detect when a user attempts  ...)
	NOT-FOR-US: Putmail
CVE-2007-1136 (index.php in WebMplayer before 0.6.1-Alpha allows remote attackers to  ...)
	NOT-FOR-US: WebMplayer
CVE-2007-1135 (Multiple SQL injection vulnerabilities in WebMplayer before 0.6.1-Alph ...)
	NOT-FOR-US: WebMplayer
CVE-2007-1134 (Unspecified vulnerability in Watchtower (WT) before 0.12 has unknown i ...)
	NOT-FOR-US: Watchtower
CVE-2007-1133 (PHP remote file inclusion vulnerability in fcring.php in FCRing 1.3 al ...)
	NOT-FOR-US: FCRing
CVE-2007-1132 (Multiple cross-site scripting (XSS) vulnerabilities in the "Contact Us ...)
	NOT-FOR-US: MTCMS
CVE-2007-1131 (PHP remote file inclusion vulnerability in sinapis.php in Sinapis Foru ...)
	NOT-FOR-US: Sinapis Forum
CVE-2007-1130 (PHP remote file inclusion vulnerability in sinagb.php in Sinapis Gaste ...)
	NOT-FOR-US: Sinapis Gastebuch
CVE-2007-1129 (Multiple unrestricted file upload vulnerabilities in MTCMS 3.2 allow r ...)
	NOT-FOR-US: MTCMS
CVE-2007-1128 (shopkitplus allows remote attackers to obtain sensitive information vi ...)
	NOT-FOR-US: shopkitplus
CVE-2007-1127 (Directory traversal vulnerability in enc/stylecss.php in shopkitplus a ...)
	NOT-FOR-US: shopkitplus
CVE-2007-1126 (Directory traversal vulnerability in index.php in xtcommerce allows re ...)
	NOT-FOR-US: xtcommerce
CVE-2007-1125 (Cross-site scripting (XSS) vulnerability in gallery.php in XeroXer Sim ...)
	NOT-FOR-US: XeroXer Simple
CVE-2007-1124 (Directory traversal vulnerability in gallery.php in XeroXer Simple one ...)
	NOT-FOR-US: XeroXer Simple
CVE-2007-1123 (Multiple PHP remote file inclusion vulnerabilities in ZPanel 2.0 allow ...)
	NOT-FOR-US: ZPanel
CVE-2007-1122 (Multiple SQL injection vulnerabilities in Mathis Dirksen-Thedens Zephy ...)
	NOT-FOR-US: ZephyrSoft Toolbox Address Book Continued
CVE-2007-1121 (Multiple SQL injection vulnerabilities in Mathis Dirksen-Thedens Zephy ...)
	NOT-FOR-US: ZephyrSoft Toolbox Address Book Continued
CVE-2007-1120 (The (1) Import.LoadFromURL and (2) Export.asText.SaveToFile functions  ...)
	NOT-FOR-US: TeeChart Pro ActiveX control
CVE-2007-1119 (Unspecified vulnerability in Novell ZENworks 7 Desktop Management Supp ...)
	NOT-FOR-US: Novell ZENworks
CVE-2007-1118 (Multiple PHP remote file inclusion vulnerabilities in eFiction 3.1.1 a ...)
	NOT-FOR-US: eFiction
CVE-2007-1117 (Unspecified vulnerability in Publisher 2007 in Microsoft Office 2007 a ...)
	NOT-FOR-US: Microsoft Office
CVE-2007-1116 (The CheckLoadURI function in Mozilla Firefox 1.8 lists the about: URI  ...)
	{DSA-1308-1 DSA-1306-1 DSA-1300-1 DTSA-45-1 DTSA-47-1 DTSA-51-1}
	- iceweasel 2.0.0.4-1 (low)
	- iceape 1.1.2-1 (low)
	- xulrunner 1.8.1.4-1 (bug #415919; bug #415944; bug #415945; low)
	NOTE: according to a blog comment at http://www.gnucitizen.org/projects/hscan-redux/,
	NOTE: older mozillas are not vulnerable
CVE-2007-1115 (The child frames in Opera 9 before 9.20 inherit the default charset fr ...)
	NOT-FOR-US: Opera
CVE-2007-1114 (The child frames in Microsoft Internet Explorer 7 inherit the default  ...)
	NOT-FOR-US: Microsoft IE
CVE-2007-1113
	RESERVED
CVE-2007-1112 (Kaspersky Anti-Virus 6.0 and Internet Security 6.0 exposes unsafe meth ...)
	NOT-FOR-US: Kaspersky Anti-Virus
CVE-2007-1111 (Multiple cross-site scripting (XSS) vulnerabilities in ActiveCalendar  ...)
	NOT-FOR-US: ActiveCalendar
CVE-2007-1110 (Directory traversal vulnerability in data/showcode.php in ActiveCalend ...)
	NOT-FOR-US: ActiveCalendar
CVE-2007-1109 (Multiple cross-site scripting (XSS) vulnerabilities in Phpwebgallery 1 ...)
	NOT-FOR-US: Phpwebgallery
CVE-2007-1108 (PHP remote file inclusion vulnerability in index.php in Christian Schn ...)
	NOT-FOR-US: CS-Gallery
CVE-2007-1107 (SQL injection vulnerability in thumbnails.php in Coppermine Photo Gall ...)
	NOT-FOR-US: Coppermine Photo Gallery
CVE-2007-1106 (PHP remote file inclusion vulnerability in includes/functions_nomoketo ...)
	NOT-FOR-US: NoMoKeTos Rules
CVE-2007-1105 (PHP remote file inclusion vulnerability in functions.php in Extreme ph ...)
	NOT-FOR-US: phpBB Extreme
CVE-2007-1104 (PHP remote file inclusion vulnerability in top.php in PHP Module Imple ...)
	NOT-FOR-US: PHP Module Implementation
CVE-2007-1103 (Tor does not verify a node's uptime and bandwidth advertisements, whic ...)
	- tor <unfixed> (unimportant)
	NOTE: Minor issue, just puts more noise on the node
CVE-2007-1102 (Photostand 1.2.0 allows remote attackers to obtain sensitive informati ...)
	NOT-FOR-US: Photostand
CVE-2007-1101 (Multiple cross-site scripting (XSS) vulnerabilities in Photostand 1.2. ...)
	NOT-FOR-US: Photostand
CVE-2007-1100 (Directory traversal vulnerability in download.php in Ahmet Sacan Pickl ...)
	NOT-FOR-US: Pickle
CVE-2007-1099 (dbclient in Dropbear SSH client before 0.49 does not sufficiently warn ...)
	- dropbear 0.49-1 (unimportant; bug #412899)
	[etch] - dropbear 0.48.1-2 (unimportant)
	NOTE: That's a lack of a security feature (strict hostkey checking in openssh
	NOTE: termininoloy) and an awkward interface, but not a vulnerability per se
	NOTE: Especially as dropbear is specifically labeled a stripped down SSH implementation
CVE-2007-1098 (Multiple unspecified vulnerabilities in ScryMUD before 2.1.11 have unk ...)
	NOT-FOR-US: ScryMUD
CVE-2007-1097 (Unrestricted file upload vulnerability in the onAttachFiles function i ...)
	NOT-FOR-US: Wiclear
CVE-2007-1096 (Cross-site scripting (XSS) vulnerability in ps_cart.php in VirtueMart  ...)
	NOT-FOR-US: VirtueMart
CVE-2007-1095 (Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5 do not prope ...)
	{DSA-1401-1 DSA-1396-1 DSA-1392-1 DTSA-69-1 DTSA-80-1}
	- iceweasel 2.0.0.8-1 (low; bug #445514)
	- xulrunner 1.8.1.9-1
	- iceape 1.1.5
	NOTE: MFSA2007-30
CVE-2007-1094 (Microsoft Internet Explorer 7 allows remote attackers to cause a denia ...)
	NOT-FOR-US: Microsoft IE
CVE-2007-1093 (Multiple unspecified vulnerabilities in JP1/Cm2/Network Node Manager ( ...)
	NOT-FOR-US: Network Node Manager
CVE-2007-1092 (Mozilla Firefox 1.5.0.9 and 2.0.0.1, and SeaMonkey before 1.0.8 allow  ...)
	- iceweasel 2.0.0.2+dfsg-1 (low)
CVE-2007-1091 (Microsoft Internet Explorer 7 allows remote attackers to prevent users ...)
	NOT-FOR-US: Microsoft IE
CVE-2007-1090 (Microsoft Windows Explorer on Windows XP and 2003 allows remote user-a ...)
	NOT-FOR-US: Microsoft Windows
CVE-2007-1089 (IBM DB2 Universal Database (UDB) 9.1 GA through 9.1 FP1 allows local u ...)
	NOT-FOR-US: IBM DB2
CVE-2007-1088 (Stack-based buffer overflow in IBM DB2 8.x before 8.1 FixPak 15 and 9. ...)
	NOT-FOR-US: IBM DB2
CVE-2007-1087 (IBM DB2 8.x before 8.1 FixPak 15 and 9.1 before Fix Pack 2 does not pr ...)
	NOT-FOR-US: IBM DB2
CVE-2007-1086 (Unspecified binaries in IBM DB2 8.x before 8.1 FixPak 15 and 9.1 befor ...)
	NOT-FOR-US: IBM DB2
CVE-2007-1085 (Cross-site scripting (XSS) vulnerability in Google Desktop allows remo ...)
	NOT-FOR-US: Google Desktop
CVE-2007-1084 (Mozilla Firefox 2.0.0.1 and earlier does not prompt users before savin ...)
	- iceweasel <removed> (unimportant; bug #556268)
	- iceape <removed> (unimportant)
	- epiphany-browser <unfixed> (unimportant; bug #556272)
	NOTE: only epiphany-gecko backend affected
	- galeon 2.0.7-2 (unimportant; bug #556270)
	- kazehakase 0.5.8-2 (bug #556271)
	[lenny] - kazehakase 0.5.4-2lenny1
	- conkeror <not-affected> (doesn't support bookmarks)
	- webkit <not-affected> (doesn't support javascript embedded in bookmarks)
CVE-2007-1083 (Buffer overflow in the Configuration Checker (ConfigChk) ActiveX contr ...)
	NOT-FOR-US: ConfigChk ActiveX control
CVE-2007-1082 (FTP Explorer 1.0.1 Build 047, and other versions before 1.0.1.52, allo ...)
	NOT-FOR-US: FTP Explorer
CVE-2007-1081 (The start function in class.t3lib_formmail.php in TYPO3 before 4.0.5,  ...)
	- typo3-src 4.0.5+debian-1
	[etch] - typo3-src 4.0.2+debian-3
CVE-2007-1080 (Multiple heap-based buffer overflows in TurboFTP 5.30 Build 572 allow  ...)
	NOT-FOR-US: TurboFTP
CVE-2007-1079 (Stack-based buffer overflow in Rhino Software, Inc. FTP Voyager 14.0.0 ...)
	NOT-FOR-US: FTP Voyager
CVE-2007-1078 (PHP remote file inclusion vulnerability in index.php in FlashGameScrip ...)
	NOT-FOR-US: FlashGameScript
CVE-2007-1077 (SQL injection vulnerability in page.asp in Design4Online UserPages2 2. ...)
	NOT-FOR-US: UserPages2
CVE-2007-1076 (Multiple directory traversal vulnerabilities in phpTrafficA 1.4.1, and ...)
	NOT-FOR-US: phpTrafficA
CVE-2007-1075 (TurboFTP 5.30 Build 572 allows remote servers to cause a denial of ser ...)
	NOT-FOR-US: TurboFTP
CVE-2007-1074 (Multiple buffer overflows in NewsBin Pro 5.33 and NewsBin Pro 4.x allo ...)
	NOT-FOR-US: NewsBin Pro
CVE-2007-1073 (Static code injection vulnerability in install.php in mcRefer allows r ...)
	NOT-FOR-US: mcRefer
CVE-2007-1072 (The command line interface (CLI) in Cisco Unified IP Phone 7906G, 7911 ...)
	NOT-FOR-US: Cisco
CVE-2007-1071 (Integer overflow in the gifGetBandProc function in ImageIO in Apple Ma ...)
	NOT-FOR-US: Apple ImageIO
CVE-2007-1069 (The memory management in VMware Workstation before 5.5.4 allows attack ...)
	NOT-FOR-US: VMware
CVE-2007-1068 (The (1) TTLS CHAP, (2) TTLS MSCHAP, (3) TTLS MSCHAPv2, (4) TTLS PAP, ( ...)
	NOT-FOR-US: Cisco
CVE-2007-1067 (Cisco Secure Services Client (CSSC) 4.x, Trust Agent 1.x and 2.x, Cisc ...)
	NOT-FOR-US: Cisco
CVE-2007-1066 (Cisco Secure Services Client (CSSC) 4.x, Trust Agent 1.x and 2.x, Cisc ...)
	NOT-FOR-US: Cisco
CVE-2007-1065 (Cisco Secure Services Client (CSSC) 4.x, Trust Agent 1.x and 2.x, Cisc ...)
	NOT-FOR-US: Cisco
CVE-2007-1064 (Cisco Secure Services Client (CSSC) 4.x, Trust Agent 1.x and 2.x, Cisc ...)
	NOT-FOR-US: Cisco
CVE-2007-1063 (The SSH server in Cisco Unified IP Phone 7906G, 7911G, 7941G, 7961G, 7 ...)
	NOT-FOR-US: Cisco
CVE-2007-1062 (The Cisco Unified IP Conference Station 7935 3.2(15) and earlier, and  ...)
	NOT-FOR-US: Cisco
CVE-2007-1061 (SQL injection vulnerability in index.php in Francisco Burzi PHP-Nuke 8 ...)
	NOT-FOR-US: PHP-Nuke
CVE-2007-1060 (Multiple PHP remote file inclusion vulnerabilities in Interspire SendS ...)
	NOT-FOR-US: SendStudio
CVE-2007-1059 (PHP remote file inclusion vulnerability in function.php in Ultimate Fu ...)
	NOT-FOR-US: Ultimate Fun Book
CVE-2007-1058 (SQL injection vulnerability in user_pages/page.asp in Online Web Build ...)
	NOT-FOR-US: Online Web Building
CVE-2007-1057 (The Net Direct client for Linux before 6.0.5 in Nortel Application Swi ...)
	NOT-FOR-US: Nortel Application Switch
CVE-2007-1056 (VMware Workstation 5.5.3 build 34685 does not provide per-user restric ...)
	NOT-FOR-US: VMware
CVE-2007-1055 (Cross-site scripting (XSS) vulnerability in the AJAX features in index ...)
	- mediawiki 1.7.1-9 (bug #406238; medium)
CVE-2007-1054 (Cross-site scripting (XSS) vulnerability in the AJAX features in index ...)
	- mediawiki 1.7.1-9 (bug #406238; medium)
CVE-2007-1053
	NOT-FOR-US: phpXmms
CVE-2007-1052
	NOT-FOR-US: PBLang
CVE-2007-1051 (Comodo Firewall Pro (formerly Comodo Personal Firewall) 2.4.17.183 and ...)
	NOT-FOR-US: Comodo Firewall Pro
CVE-2007-1050 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in Ab ...)
	NOT-FOR-US: MyCalendar
CVE-2007-1048 (PHP remote file inclusion vulnerability in admin_rebuild_search.php in ...)
	NOT-FOR-US: phpbb_wordsearch
CVE-2007-1047 (Unspecified vulnerability in Distributed Checksum Clearinghouse (DCC)  ...)
	- dcc <removed> (medium; bug #439718)
CVE-2007-1046 (Dem_trac allows remote attackers to read log file contents via a direc ...)
	NOT-FOR-US: Dem_trac
CVE-2007-1045 (mAlbum 0.3 has default accounts (1) "login"/"pass" for its administrat ...)
	NOT-FOR-US: mAlbum
CVE-2007-1044 (Pearson Education PowerSchool 4.3.6 allows remote attackers to list th ...)
	NOT-FOR-US: PowerSchool
CVE-2007-1043 (Ezboo webstats, possibly 3.0.3, allows remote attackers to bypass auth ...)
	NOT-FOR-US: Ezboo
CVE-2007-1042 (Directory traversal vulnerability in news.php in Xpression News (X-New ...)
	NOT-FOR-US: Xpression News
CVE-2007-1041 (Multiple stack-based buffer overflows in S&amp;H Computer Systems News ...)
	NOT-FOR-US: News Rover
CVE-2007-1040 (Directory traversal vulnerability in archives.php in Xpression News (X ...)
	NOT-FOR-US: Xpression News
CVE-2007-1039 (Unspecified vulnerability in Peanut Knowledge Base (PeanutKB) 0.0.3 an ...)
	NOT-FOR-US: Peanut Knowledge Base
CVE-2007-1038 (Shemes.com Grabit 1.5.3, and possibly earlier, allows remote attackers ...)
	NOT-FOR-US: Grabit
CVE-2007-1037 (Stack-based buffer overflow in News File Grabber 4.1.0.1 and earlier a ...)
	NOT-FOR-US: News File Grabber
CVE-2007-XXXX [vserver patch allows renice of processes in different context]
	- linux-2.6 2.6.18.dfsg.1-12 (bug #412143)
CVE-2007-XXXX [apg generates insecure passwords on 64-bit architectures]
	- apg 2.2.3.dfsg.1-2 (low; bug #412618)
	[etch] - apg <no-dsa> (Minor issue)
	[sarge] - apg <no-dsa> (Minor issue)
CVE-2007-XXXX [mt-daapd remote access & default password]
	- mt-daapd 0.9~r1586-1 (unimportant; bug #404640)
	NOTE: User-unfriendly packaging flaw, but not a vulnerability per se
CVE-2007-XXXX [amavids-new uses contrib/non-free packers without security support in default config]
	- amavisd-new 1:2.5.2-1 (unimportant; bug #410588)
	NOTE: Doesn't affect a standard Debian installation, only users, which install
	NOTE: proprietary apps, it should be fixed for sanity, but not a direct vulnerability
CVE-2007-1049 (Cross-site scripting (XSS) vulnerability in the wp_explain_nonce funct ...)
	{DTSA-34-1}
	- wordpress 2.1.1-1 (low)
CVE-2007-1070 (Multiple stack-based buffer overflows in Trend Micro ServerProtect for ...)
	NOT-FOR-US: Trend Micro ServerProtect
CVE-2007-1036 (The default configuration of JBoss does not restrict access to the (1) ...)
	NOT-FOR-US: JBoss
CVE-2007-1035 (Unspecified vulnerability in certain demonstration scripts in getID3 1 ...)
	NOT-FOR-US: Mediafield and Audio modules for Drupal
	NOTE: this is not a php-getid3 problem, but related to the way these modules embed getid3
CVE-2007-1034 (SQL injection vulnerability in the category file in modules.php in the ...)
	NOT-FOR-US: Emporium for PHP-Nuke
CVE-2007-1033 (Unspecified vulnerability in the Secure site 4.7.x-1.x-dev and 5.x-1.x ...)
	NOT-FOR-US: Secure site for Drupal
CVE-2007-1032 (Unspecified vulnerability in phpMyFAQ 1.6.9 and earlier, when register ...)
	NOT-FOR-US: phpMyFAQ
CVE-2007-1031 (Directory traversal vulnerability in include/db_conn.php in SpoonLabs  ...)
	NOT-FOR-US: Vivvo Article Management CMS
CVE-2007-1030 (Niels Provos libevent 1.2 and 1.2a allows remote attackers to cause a  ...)
	- libevent <not-affected> (vulnerable version 1.2 was never uploaded)
CVE-2007-1029 (Stack-based buffer overflow in the Connect method in the IMAP4 compone ...)
	NOT-FOR-US: Quiksoft EasyMail Objects
CVE-2007-1028 (Cross-site scripting (XSS) vulnerability in the Barry Jaspan Image Pag ...)
	NOT-FOR-US: Image Pager
CVE-2007-1027 (Certain setuid DB2 binaries in IBM DB2 before 9 Fix Pack 2 for Linux a ...)
	NOT-FOR-US: IBM DB2
CVE-2007-1026 (SQL injection vulnerability in view.php in XLAtunes 0.1 and earlier al ...)
	NOT-FOR-US: XLAtunes
CVE-2007-1025 (PHP remote file inclusion vulnerability in inc/functions_inc.php in VS ...)
	NOT-FOR-US: VS-Link-Partner
CVE-2007-1024 (PHP remote file inclusion vulnerability in include.php in Meganoide's  ...)
	NOT-FOR-US: Meganoide's news
CVE-2007-1023 (SQL injection vulnerability in pop_profile.asp in Snitz Forums 2000 3. ...)
	NOT-FOR-US: Snitz Forums 2000
CVE-2007-1022 (SQL injection vulnerability in h_goster.asp in Turuncu Portal 1.0 allo ...)
	NOT-FOR-US: Turuncu Portal
CVE-2007-1021 (SQL injection vulnerability in inc_listnews.asp in CodeAvalanche News  ...)
	NOT-FOR-US: CodeAvalanche News
CVE-2007-1020 (Cross-site scripting (XSS) vulnerability in index.php in CedStat 1.31  ...)
	NOT-FOR-US: CedStat
CVE-2007-1019 (SQL injection vulnerability in news.php in webSPELL 4.01.02, when regi ...)
	NOT-FOR-US: webSPELL
CVE-2007-1018 (PHP remote file inclusion vulnerability in tpl/header.php in VirtualSy ...)
	NOT-FOR-US: VS-News-System
CVE-2007-1017 (PHP remote file inclusion vulnerability in show_news_inc.php in Virtua ...)
	NOT-FOR-US: VS-News-System
CVE-2007-1016 (SQL injection vulnerability in Aktueldownload Haber script allows remo ...)
	NOT-FOR-US: Aktueldownload Haber
CVE-2007-1015 (SQL injection vulnerability in HaberDetay.asp in Aktueldownload Haber  ...)
	NOT-FOR-US: Aktueldownload Haber
CVE-2007-1014 (Stack-based buffer overflow in VicFTPS before 5.0 allows remote attack ...)
	NOT-FOR-US: VicFTPS
CVE-2007-1013 (PHP remote file inclusion vulnerability in generate.php in VirtualSyst ...)
	NOT-FOR-US: VirtualSystem Htaccess Password Generator
CVE-2007-1012 (Cross-site scripting (XSS) vulnerability in faq.php in DeskPRO 1.1.0 a ...)
	NOT-FOR-US: DeskPRO
CVE-2007-1011 (PHP remote file inclusion vulnerability in functions_inc.php in VS-Gas ...)
	NOT-FOR-US: VS-Gastebuch
CVE-2007-1010 (Multiple PHP remote file inclusion vulnerabilities in ZebraFeeds 1.0,  ...)
	NOT-FOR-US: ZebraFeeds
CVE-2007-1009 (Macrovision InstallAnywhere Enterprise before 8.0.1 uses the InstallSc ...)
	NOT-FOR-US: InstallAnywhere
CVE-2007-1008 (Apple iTunes 7.0.2 allows user-assisted remote attackers to cause a de ...)
	NOT-FOR-US: Apple iTunes
CVE-2007-1007 (Format string vulnerability in GnomeMeeting 1.0.2 and earlier allows r ...)
	{DSA-1262-1}
	- gnomemeeting <removed> (high)
CVE-2007-1006 (Multiple format string vulnerabilities in the gm_main_window_flash_mes ...)
	- ekiga 2.0.3-2.1 (bug #411944; high)
CVE-2007-1005 (Heap-based buffer overflow in SW3eng.exe in the eID Engine service in  ...)
	NOT-FOR-US: eTrust Intrusion Detection
CVE-2007-1004 (Mozilla Firefox might allow remote attackers to conduct spoofing and p ...)
	- iceweasel 2.0.0.4-1 (low)
	- iceape 1.0.9-1 (low)
	- xulrunner 1.8.0.4-1 (low)
	NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=370555
CVE-2007-1003 (Integer overflow in ALLOCATE_LOCAL in the ProcXCMiscGetXIDList functio ...)
	{DSA-1294-1}
	- xorg-server 2:1.1.1-21 (medium)
CVE-2007-1002 (Format string vulnerability in the write_html function in calendar/gui ...)
	{DSA-1325-1}
	- evolution 2.10.2-1
	[sarge] - evolution <not-affected> (Vulnerable code not present)
CVE-2007-1001 (Multiple integer overflows in the (1) createwbmp and (2) readwbmp func ...)
	- libgd2 2.0.33-1 (medium)
	NOTE: This has been fixed in libgd2 for a while, and php is linked against libgd2.
CVE-2007-1000 (The ipv6_getsockopt_sticky function in net/ipv6/ipv6_sockglue.c in the ...)
	- linux-2.6 2.6.18.dfsg.1-12 (medium)
CVE-2007-0999 (Format string vulnerability in Ekiga 2.0.3, and probably other version ...)
	- ekiga 2.0.3-5 (bug #414069; high)
CVE-2007-0998 (The VNC server implementation in QEMU, as used by Xen and possibly oth ...)
	- xen-3.0 <removed> (bug #436250; medium)
	[etch] - xen-3.0 <unfixed>
	NOTE: Fedora disabled the VNC access to the Qemu monitor
	NOTE: An adjusted patch has been sent to the debian bugreport
CVE-2007-0997 (Race condition in the tee (sys_tee) system call in the Linux kernel 2. ...)
	- linux-2.6 2.6.18-1
CVE-2007-0996 (The child frames in Mozilla Firefox before 1.5.0.10 and 2.x before 2.0 ...)
	{DSA-1336-1}
	NOTE: MFSA-2007-02
	- iceweasel 2.0.0.2+dfsg-1 (low)
	- xulrunner 1.8.0.10-1 (low)
CVE-2007-0995 (Mozilla Firefox before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey  ...)
	{DSA-1336-1}
	NOTE: MFSA-2007-02
	- iceweasel 2.0.0.2+dfsg-1 (low)
	- iceape 1.0.8-1 (low)
	- xulrunner 1.8.0.10-1 (low)
	[sarge] - mozilla-thunderbird <no-dsa> (Mozilla products from Sarge no longer supported)
	[sarge] - mozilla-firefox <no-dsa> (Mozilla products from Sarge no longer supported)
	[sarge] - mozilla <no-dsa> (Mozilla products from Sarge no longer supported)
CVE-2007-0994 (A regression error in Mozilla Firefox 2.x before 2.0.0.2 and 1.x befor ...)
	{DSA-1336-1}
	- iceweasel 2.0.0.2+dfsg-2 (medium)
CVE-2007-0993
	REJECTED
CVE-2007-0992
	REJECTED
CVE-2007-0991
	REJECTED
CVE-2007-0990
	REJECTED
CVE-2007-0989
	REJECTED
CVE-2007-0988 (The zend_hash_init function in PHP 5 before 5.2.1 and PHP 4 before 4.4 ...)
	{DSA-1264-1}
	[etch] - php4 6:4.4.4-8+etch1
	[etch] - php5 5.2.0-8+etch1
	- php4 6:4.4.4-9
	- php5 5.2.0-9
CVE-2007-0987 (Directory traversal vulnerability in index.php in Jupiter CMS 1.1.5 al ...)
	NOT-FOR-US: Jupiter CMS
CVE-2007-0986 (PHP remote file inclusion vulnerability in index.php in Jupiter CMS 1. ...)
	NOT-FOR-US: Jupiter CMS
CVE-2007-0985 (SQL injection vulnerability in nickpage.php in phpCC 4.2 beta and earl ...)
	NOT-FOR-US: phpCC
CVE-2007-0984 (SQL injection vulnerability in admin_poll.asp in PollMentor 2.0 allows ...)
	NOT-FOR-US: PollMentor
CVE-2007-0983 (PHP remote file inclusion vulnerability in _admin/nav.php in AT Conten ...)
	NOT-FOR-US: AT Contenator
CVE-2007-0982 (Cross-site scripting (XSS) vulnerability in error.php in TaskFreak! 0. ...)
	NOT-FOR-US: TaskFreak!
CVE-2007-0981 (Mozilla based browsers, including Firefox before 1.5.0.10 and 2.x befo ...)
	{DSA-1336-1}
	NOTE: MFSA-2007-07
	- iceweasel 2.0.0.1+dfsg-3 (bug #411192; high)
	- xulrunner 1.8.0.10-1 (high)
	- iceape 1.0.8-1 (high)
	[sarge] - mozilla-firefox <no-dsa> (Mozilla products from Sarge no longer supported)
	[sarge] - mozilla <no-dsa> (Mozilla products from Sarge no longer supported)
CVE-2007-0980 (Unspecified vulnerability in HP Serviceguard for Linux; packaged for S ...)
	NOT-FOR-US: HP Serviceguard
CVE-2007-0979 (Unspecified vulnerability in LifeType before 1.1.6, and 1.2 before 1.2 ...)
	NOT-FOR-US: LifeType
CVE-2007-0978 (Buffer overflow in swcons in IBM AIX 5.3 allows local users to gain pr ...)
	NOT-FOR-US: IBM AIX
CVE-2007-0977 (IBM Lotus Domino R5 and R6 WebMail, with "Generate HTML for all fields ...)
	NOT-FOR-US: IBM Lotus Domino
CVE-2007-0976 (Buffer overflow in the ActSoft DVD-Tools ActiveX control (dvdtools.ocx ...)
	NOT-FOR-US: ActSoft DVD-Tools ActiveX control
CVE-2007-0975 (Variable extraction vulnerability in Ian Bezanson Apache Stats before  ...)
	NOT-FOR-US: Apache Stats
CVE-2007-0974 (Multiple unspecified vulnerabilities in Ian Bezanson DropBox before 0. ...)
	NOT-FOR-US: DropBox
CVE-2007-0973 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in Ju ...)
	NOT-FOR-US: Jupiter CMS
CVE-2007-0972 (Unrestricted file upload vulnerability in modules/emoticons.php in Jup ...)
	NOT-FOR-US: Jupiter CMS
CVE-2007-0971 (Multiple SQL injection vulnerabilities in Jupiter CMS 1.1.5 allow remo ...)
	NOT-FOR-US: Jupiter CMS
CVE-2007-0970 (Multiple SQL injection vulnerabilities in WebTester 5.0.20060927 and e ...)
	NOT-FOR-US: WebTester
CVE-2007-0969 (Multiple cross-site scripting (XSS) vulnerabilities in WebTester 5.0.2 ...)
	NOT-FOR-US: WebTester
CVE-2007-0968 (Unspecified vulnerability in Cisco Firewall Services Module (FWSM) bef ...)
	NOT-FOR-US: Cisco
CVE-2007-0967 (Cisco Firewall Services Module (FWSM) 3.x before 3.1(3.1) allows remot ...)
	NOT-FOR-US: Cisco
CVE-2007-0966 (Cisco Firewall Services Module (FWSM) 3.x before 3.1(3.11), when the H ...)
	NOT-FOR-US: Cisco
CVE-2007-0965 (Cisco FWSM 3.x before 3.1(3.2), when authentication is configured to u ...)
	NOT-FOR-US: Cisco
CVE-2007-0964 (Cisco FWSM 3.x before 3.1(3.18), when authentication is configured to  ...)
	NOT-FOR-US: Cisco
CVE-2007-0963 (Unspecified vulnerability in Cisco Firewall Services Module (FWSM) 3.x ...)
	NOT-FOR-US: Cisco
CVE-2007-0962 (Cisco PIX 500 and ASA 5500 Series Security Appliances 7.0 before 7.0(4 ...)
	NOT-FOR-US: Cisco
CVE-2007-0961 (Cisco PIX 500 and ASA 5500 Series Security Appliances 6.x before 6.3(5 ...)
	NOT-FOR-US: Cisco
CVE-2007-0960 (Unspecified vulnerability in Cisco PIX 500 and ASA 5500 Series Securit ...)
	NOT-FOR-US: Cisco
CVE-2007-0959 (Cisco PIX 500 and ASA 5500 Series Security Appliances 7.2.2, when conf ...)
	NOT-FOR-US: Cisco
CVE-2007-0958 (Linux kernel 2.6.x before 2.6.20 allows local users to read unreadable ...)
	{DSA-1304 DSA-1286-1}
	- linux-2.6 2.6.20-1
CVE-2007-0957 (Stack-based buffer overflow in the krb5_klog_syslog function in the ka ...)
	{DSA-1276-1}
	- krb5 1.4.4-8 (high)
CVE-2007-0956 (The telnet daemon (telnetd) in MIT krb5 before 1.6.1 allows remote att ...)
	{DSA-1276-1}
	- krb5 1.4.4-8 (high)
CVE-2007-0955 (The NTLM_UnPack_Type3 function in MENTLM.dll in MailEnable Professiona ...)
	NOT-FOR-US: Mail Enable Professional
CVE-2007-0954 (MOHA Chat 0.1b7 and earlier does not require authentication for use of ...)
	NOT-FOR-US: MOHA Chat
CVE-2007-0953 (Cross-site scripting (XSS) vulnerability in search.pl in @Mail 4.61 an ...)
	NOT-FOR-US: @Mail
CVE-2007-0952 (Multiple cross-site scripting (XSS) vulnerabilities in Scriptsez.net V ...)
	NOT-FOR-US: Virtual Calendar
CVE-2007-0951 (SQL injection vulnerability in listmain.asp in Fullaspsite ASP Hosting ...)
	NOT-FOR-US: Fullaspsite ASP Hosting Site
CVE-2007-0950 (Cross-site scripting (XSS) vulnerability in listmain.asp in Fullaspsit ...)
	NOT-FOR-US: Fullaspsite ASP Hosting Site
CVE-2007-0949 (Stack-based buffer overflow in iTinySoft Studio Total Video Player 1.0 ...)
	NOT-FOR-US: iTinySoft
CVE-2007-0948 (Heap-based buffer overflow in Microsoft Virtual PC 2004 and PC for Mac ...)
	NOT-FOR-US: Microsoft Virtual PC
CVE-2007-0947 (Use-after-free vulnerability in Microsoft Internet Explorer 7 on Windo ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2007-0946 (Unspecified vulnerability in Microsoft Internet Explorer 7 on Windows  ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2007-0945 (Microsoft Internet Explorer 6 SP1 on Windows 2000 SP4; 6 and 7 on Wind ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2007-0944 (Unspecified vulnerability in the CTableCol::OnPropertyChange method in ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2007-0943 (Unspecified vulnerability in Internet Explorer 5.01 and 6 SP1 allows r ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2007-0942 (Microsoft Internet Explorer 5.01 SP4 on Windows 2000 SP4; 6 SP1 on Win ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2007-0941
	REJECTED
CVE-2007-0940 (Unspecified vulnerability in the Cryptographic API Component Object Mo ...)
	NOT-FOR-US: Microsoft CAPICOM
CVE-2007-0939 (Cross-site scripting (XSS) vulnerability in Microsoft Content Manageme ...)
	NOT-FOR-US: Microsoft Content Management Server
CVE-2007-0938 (Microsoft Content Management Server (MCMS) 2001 SP1 and 2002 SP2 does  ...)
	NOT-FOR-US: Microsoft Content Management Server
CVE-2007-0937
	REJECTED
CVE-2007-0936 (Multiple unspecified vulnerabilities in Microsoft Visio 2002 allow rem ...)
	NOT-FOR-US: Microsoft
CVE-2007-0935
	REJECTED
CVE-2007-0934 (Unspecified vulnerability in Microsoft Visio 2002 allows remote user-a ...)
	NOT-FOR-US: Microsoft
CVE-2007-0933 (Buffer overflow in the wireless driver 6.0.0.18 for D-Link DWL-G650+ ( ...)
	NOT-FOR-US: D-Link
CVE-2007-0932 (The (1) Aruba Mobility Controllers 200, 600, 2400, and 6000 and (2) Al ...)
	NOT-FOR-US: Aruba Mobility Controller
CVE-2007-0931 (Heap-based buffer overflow in the management interfaces in (1) Aruba M ...)
	NOT-FOR-US: Aruba Mobility Controller
CVE-2007-0930 (Variable extract vulnerability in Apache Stats before 0.0.3beta allows ...)
	NOT-FOR-US: Apache Stats
CVE-2007-0929 (Directory traversal vulnerability in php rrd browser before 0.2.1 allo ...)
	NOT-FOR-US: prb (php rrd browser)
CVE-2007-0928 (Virtual Calendar stores sensitive information under the web root with  ...)
	NOT-FOR-US: Virtual Calendar
CVE-2007-0927 (Heap-based buffer overflow in uTorrent 1.6 allows remote attackers to  ...)
	NOT-FOR-US: uTorrent
CVE-2007-0926 (The dologin function in guestbook.php in KvGuestbook 1.0 Beta allows r ...)
	NOT-FOR-US: KvGuestbook
CVE-2007-0925 (Cross-site scripting (XSS) vulnerability in search/SearchResults.aspx  ...)
	NOT-FOR-US: Community Server
CVE-2007-0924 (Till Gerken phpPolls 1.0.3 allows remote attackers to bypass authentic ...)
	NOT-FOR-US: phpPolls
CVE-2007-0923 (buscador/buscador.htm in Portal Search allows remote attackers to obta ...)
	NOT-FOR-US: Portal Search
CVE-2007-0922 (Cross-site scripting (XSS) vulnerability in buscador/buscador.htm in P ...)
	NOT-FOR-US: Portal Search
CVE-2007-0921 (Portal Search allows remote attackers to redirect a URL to an arbitrar ...)
	NOT-FOR-US: Portal Search
CVE-2007-0920 (SQL injection vulnerability in philboard_forum.asp in Philboard 1.14 a ...)
	NOT-FOR-US: Philboard
CVE-2007-0919 (Directory traversal vulnerability in Nickolas Grigoriadis Mini Web ser ...)
	NOT-FOR-US: MiniWebsvr
CVE-2007-0918 (The ATOMIC.TCP signature engine in the Intrusion Prevention System (IP ...)
	NOT-FOR-US: Cisco
CVE-2007-0917 (The Intrusion Prevention System (IPS) feature for Cisco IOS 12.4XE to  ...)
	NOT-FOR-US: Cisco
CVE-2007-0916 (Unspecified vulnerability in the Address and Routing Parameter Area (A ...)
	NOT-FOR-US: HP-UX
CVE-2007-0915 (Distributed SLS daemon (SLSd) on HP-UX B.11.11 allows remote attackers ...)
	NOT-FOR-US: HP-UX
CVE-2007-0914 (Race condition in the TCP subsystem for Solaris 10 allows remote attac ...)
	NOT-FOR-US: Sun Solaris
CVE-2007-0913 (Unspecified vulnerability in Microsoft Powerpoint allows remote user-a ...)
	NOT-FOR-US: Microsoft
CVE-2007-0912 (Cross-Site Request Forgery (CSRF) vulnerability in admin/admin.adm.php ...)
	NOT-FOR-US: JPortal
CVE-2007-0911 (Off-by-one error in the str_ireplace function in PHP 5.2.1 might allow ...)
	- php5 5.2.2-1 (bug #410561; bug #410995; medium)
	[etch] - php5 <not-affected> (A regression only affecting 5.2.1)
CVE-2007-0910 (Unspecified vulnerability in PHP before 5.2.1 allows attackers to "clo ...)
	{DSA-1264-1}
	- php5 5.2.0-9 (bug #410561; bug #410995; medium)
	[etch] - php5 5.2.0-8+etch1
	- php4 6:4.4.4-9
	[etch] - php4 6:4.4.4-8+etch1
CVE-2007-0909 (Multiple format string vulnerabilities in PHP before 5.2.1 might allow ...)
	{DSA-1264-1}
	- php5 5.2.0-9 (bug #410561; bug #410995; medium)
	[etch] - php5 5.2.0-8+etch1
	- php4 6:4.4.4-9
	[etch] - php4 6:4.4.4-8+etch1
CVE-2007-0908 (The WDDX deserializer in the wddx extension in PHP 5 before 5.2.1 and  ...)
	{DSA-1264-1}
	- php5 5.2.0-9
	[etch] - php5 5.2.0-8+etch1
	- php4 6:4.4.4-9
	NOTE: this extension is not enabled by default in the php packages
CVE-2007-0907 (Buffer underflow in PHP before 5.2.1 allows attackers to cause a denia ...)
	{DSA-1264-1}
	- php5 5.2.0-9 (bug #410561; bug #410995; medium)
	[etch] - php5 5.2.0-8+etch1
CVE-2007-0906 (Multiple buffer overflows in PHP before 5.2.1 allow attackers to cause ...)
	{DSA-1264-1}
	NOTE: (4) is a non-issue, as we don't use the bundled sqlite
	- php5 5.2.0-9 (bug #410561; bug #410995; medium)
	- php4 6:4.4.4-9
	[etch] - php4 6:4.4.4-8+etch1
	[etch] - php5 5.2.0-8+etch1
CVE-2007-0905 (PHP before 5.2.1 allows attackers to bypass safe_mode and open_basedir ...)
	- php5 5.2.0-9 (bug #410561; bug #410995; unimportant)
	NOTE: we normally don't spend much time on safe_mode and open_basedir
	NOTE: issues, but the because the attack vectors are "unspecified", it
	NOTE: might be harder for us to try and sort out the fixes for this
	NOTE: from the session fixes in CVE-2007-0906 (see there for more info)
CVE-2007-0904 (SQL injection vulnerability in projects.php in LightRO CMS 1.0 allows  ...)
	NOT-FOR-US: LightRO CMS
CVE-2007-0903 (Unspecified vulnerability in the mod_roster_odbc module in ejabberd be ...)
	- ejabberd 1.1.2-5
CVE-2007-0902 (Unspecified vulnerability in the "Show debugging information" feature  ...)
	- moin <unfixed> (unimportant)
	NOTE: this is a version information disclosure.
CVE-2007-0901 (Multiple cross-site scripting (XSS) vulnerabilities in Info pages in M ...)
	- moin 1.5 (bug #411084; medium)
	NOTE: Despite what the CVE says, this is not a problem in the 1.5.x code
CVE-2007-0900 (Multiple PHP remote file inclusion vulnerabilities in TagIt! Tagboard  ...)
	NOT-FOR-US: TagIt! Tagboard
CVE-2007-0899 (There is a possible heap overflow in libclamav/fsg.c before 0.100.0. ...)
	{DSA-1263-1}
	- clamav 0.90-1
	[etch] - clamav 0.88.7-2
CVE-2007-0898 (Directory traversal vulnerability in clamd in Clam AntiVirus ClamAV be ...)
	{DSA-1263-1}
	- clamav 0.90-1 (bug #411117)
	[etch] - clamav 0.88.7-2
CVE-2007-0897 (Clam AntiVirus ClamAV before 0.90 does not close open file descriptors ...)
	{DSA-1263-1}
	- clamav 0.90-1 (bug #411118)
	[etch] - clamav 0.88.7-2
CVE-2007-0896 (Cross-site scripting (XSS) vulnerability in the (1) Sage before 1.3.10 ...)
	- firefox-sage 1.3.10-1
	[etch] - firefox-sage <not-affected> (HTML mode not enabled in Etch)
	NOTE: http://secunia.com/advisories/24086/
	NOTE: might not affect Debian version because HTML mode is disabled. sf: pinged maintainer
CVE-2007-0451 (Apache SpamAssassin before 3.1.8 allows remote attackers to cause a de ...)
	- spamassassin 3.1.7-2 (bug #410843)
	NOTE: http://issues.apache.org/SpamAssassin/show_bug.cgi?id=5318
CVE-2007-0895 (Race condition in recursive directory deletion with the (1) -r or (2)  ...)
	NOT-FOR-US: Sun Solaris
CVE-2007-0894 (MediaWiki before 1.9.2 allows remote attackers to obtain sensitive inf ...)
	- mediawiki <removed> (unimportant)
	NOTE: Only path disclosure
CVE-2007-0893 (Directory traversal vulnerability in phpMyVisites before 2.2 allows re ...)
	NOT-FOR-US: phpMyVisites
CVE-2007-0892 (CRLF injection vulnerability in phpMyVisites before 2.2 allows remote  ...)
	NOT-FOR-US: phpMyVisites
CVE-2007-0891 (Cross-site scripting (XSS) vulnerability in the GetCurrentCompletePath ...)
	NOT-FOR-US: phpMyVisites
CVE-2007-0890 (Cross-site scripting (XSS) vulnerability in scripts/passwdmysql in cPa ...)
	NOT-FOR-US: cPanel
CVE-2007-0889 (Kiwi CatTools before 3.2.0 beta uses weak encryption ("reversible enco ...)
	NOT-FOR-US: Kiwi CatTools
CVE-2007-0888 (Directory traversal vulnerability in the TFTP server in Kiwi CatTools  ...)
	NOT-FOR-US: Kiwi CatTools
CVE-2007-0887 (axigen 1.2.6 through 2.0.0b1 does not properly parse login credentials ...)
	NOT-FOR-US: Axigen
CVE-2007-0886 (Heap-based buffer underflow in axigen 1.2.6 through 2.0.0b1 allows rem ...)
	NOT-FOR-US: Axigen
CVE-2007-0885 (Cross-site scripting (XSS) vulnerability in jira/secure/BrowseProject. ...)
	NOT-FOR-US: Rainbow.Zen
CVE-2007-0884 (Buffer overflow in Roaring Penguin MIMEDefang 2.59 and 2.60 allows rem ...)
	- mimedefang <not-affected> (Only versions 2.59 and 2.60 vulnerable)
CVE-2007-0883 (Directory traversal vulnerability in portalgroups/portalgroups/getfile ...)
	NOT-FOR-US: IP3 NetAccess
CVE-2007-0882 (Argument injection vulnerability in the telnet daemon (in.telnetd) in  ...)
	NOT-FOR-US: Sun Solaris
CVE-2007-0881 (PHP remote file inclusion vulnerability in the Seitenschutz plugin for ...)
	NOT-FOR-US: OPENi-CMS
CVE-2007-0880 (Capital Request Forms stores sensitive information under the web root  ...)
	NOT-FOR-US: Capital Request Forms
CVE-2007-0879 (Buffer overflow in SmidgeonSoft PEBrowse Professional 8.2.1.0 allows u ...)
	NOT-FOR-US: PEBrowse
CVE-2007-0878 (Unspecified vulnerability in Microsoft Internet Explorer on Windows Mo ...)
	NOT-FOR-US: Microsoft
CVE-2007-0877 (Unspecified vulnerability in March Networks DVR 3000 and 4000 Digital  ...)
	NOT-FOR-US: March Networks DVR
CVE-2007-0876 (Cross-site scripting (XSS) vulnerability in Quick Digital Image Galler ...)
	NOT-FOR-US: Quick Digital Image Gallery
CVE-2007-0875
	NOT-FOR-US: mcRefer
CVE-2007-0874 (Allons_voter 1.0 allows remote attackers to bypass authentication and  ...)
	NOT-FOR-US: Allons_voter
CVE-2007-0873 (nabopoll 1.1.2 allows remote attackers to bypass authentication and ac ...)
	NOT-FOR-US: nabopoll
CVE-2007-0872 (Directory traversal vulnerability in the Plain Old Webserver (POW) add ...)
	NOT-FOR-US: Plain Old Webserver
CVE-2007-0871 (Unrestricted file upload vulnerability in eXtremePow eXtreme File Host ...)
	NOT-FOR-US: eXtreme File Hosting
CVE-2007-XXXX [dokuwiki conf directory accessible by web users]
	- dokuwiki 0.0.20061106-3 (bug #410557)
CVE-2007-0870 (Unspecified vulnerability in Microsoft Word 2000 allows remote attacke ...)
	NOT-FOR-US: Microsoft
CVE-2007-0869 (Cross-site scripting (XSS) vulnerability in the Attachment Manager (ad ...)
	NOT-FOR-US: vBulletin
CVE-2007-0868 (Unspecified vulnerability in the Chat Room functionality in Yahoo! Mes ...)
	NOT-FOR-US: Yahoo! Messenger
CVE-2007-0867 (PHP remote file inclusion vulnerability in classes/menu.php in Site-As ...)
	NOT-FOR-US: Site-Assistant
CVE-2007-0866 (Unspecified vulnerability in HP OpenView Storage Data Protector on HP- ...)
	NOT-FOR-US: HP OpenView
CVE-2007-0865 (SQL injection vulnerability in comments.php in LushiNews 1.01 and earl ...)
	NOT-FOR-US: LushiWarPlaner
CVE-2007-0864 (SQL injection vulnerability in register.php in LushiWarPlaner 1.0 allo ...)
	NOT-FOR-US: LushiWarPlaner
CVE-2007-0863
	NOT-FOR-US: Trevorchan
CVE-2007-0862
	NOT-FOR-US: gnopaste
CVE-2007-0861
	NOT-FOR-US: phpCOIN
CVE-2007-0860
	NOT-FOR-US: local Calendar System
CVE-2007-0859 (The Find feature in Palm OS Treo smart phones operates despite the sys ...)
	NOT-FOR-US: Palm OS Treo
CVE-2007-XXXX [ikiwiki allows web user to edit images and other non-page format files in the wiki]
	- ikiwiki 1.42 (low)
	[etch] - ikiwiki 1.33.1
CVE-2007-0858
	RESERVED
CVE-2007-0857 (Multiple cross-site scripting (XSS) vulnerabilities in MoinMoin before ...)
	- moin 1.5.3-1.2 (bug #410338; medium; bug #410552)
CVE-2007-0856 (TmComm.sys 1.5.0.1052 in the Trend Micro Anti-Rootkit Common Module (R ...)
	NOT-FOR-US: Trend Micro Anti-Rootkit Common Module
CVE-2007-0855 (Stack-based buffer overflow in RARLabs Unrar, as packaged in WinRAR an ...)
	- rar 1:3.7b1-1 (high; bug #410582)
	[sarge] - rar <no-dsa> (Non-free)
	[etch] - rar <no-dsa> (Non-free)
	- unrar-nonfree 1:3.7.3-1 (high; bug #410580)
	[sarge] - unrar-nonfree 1:3.5.2-0.2
	[etch] - unrar-nonfree 1:3.5.4-1.1
	NOTE: amavid-new automatically uses "rar -p-" or "unrar -p-",
	NOTE: which probably turns this into remote code execution
	NOTE: clamav can also call unrar -p-, but AFAICS not in default configuration
	NOTE: unrar-free and clamav (which embeds unrar-free code) not affected
CVE-2007-0854 (Remote file inclusion vulnerability in scripts2/objcache in cPanel Web ...)
	NOT-FOR-US: cPanel WebHost Manager
CVE-2007-0853 (SQL injection vulnerability in DevTrack 6.0.3 allows remote attackers  ...)
	NOT-FOR-US: DevTrack
CVE-2007-0852 (Cross-site scripting (XSS) vulnerability in DevTrack 6.x allows remote ...)
	NOT-FOR-US: DevTrack
CVE-2007-0851 (Buffer overflow in the Trend Micro Scan Engine 8.000 and 8.300 before  ...)
	NOT-FOR-US: Trend Micro Scan Engine
CVE-2007-0850 (scripts/cronscript.php in SysCP 1.2.15 and earlier includes and execut ...)
	NOT-FOR-US: SysCP
CVE-2007-0849 (scripts/cronscript.php in SysCP 1.2.15 and earlier does not properly q ...)
	NOT-FOR-US: SysCP
CVE-2007-0848 (PHP remote file inclusion vulnerability in classes/class_mail.inc.php  ...)
	NOT-FOR-US: Maian Recipe
CVE-2007-0847 (SQL injection vulnerability in mod/PM/reply.php in Open Tibia Server C ...)
	NOT-FOR-US: Open Tibia Server CMS
CVE-2007-0846 (Cross-site scripting (XSS) vulnerability in forum.php in Open Tibia Se ...)
	NOT-FOR-US: Open Tibia Server CMS
CVE-2007-0845 (admin/index.php in Advanced Poll 2.0.0 through 2.0.5-dev allows remote ...)
	NOT-FOR-US: Advanced Poll
CVE-2007-0843 (The ReadDirectoryChangesW API function on Microsoft Windows 2000, XP,  ...)
	NOT-FOR-US: Microsoft Windows
CVE-2007-0842 (The 64-bit versions of Microsoft Visual C++ 8.0 standard library (MSVC ...)
	NOT-FOR-US: Microsoft
CVE-2007-0841 (Multiple unspecified vulnerabilities in vbDrupal before 4.7.6.0 have u ...)
	NOT-FOR-US: vbDrupal
CVE-2007-0840 (Cross-site scripting (XSS) vulnerability in HLstats before 1.35 allows ...)
	NOT-FOR-US: HLstats
CVE-2007-0839 (Multiple PHP remote file inclusion vulnerabilities in index/index_albu ...)
	NOT-FOR-US: WebMatic
CVE-2007-0838 (FreeProxy before 3.92 Build 1626 allows malicious users to cause a den ...)
	NOT-FOR-US: FreeProxy
CVE-2007-0837 (PHP remote file inclusion vulnerability in examples/inc/top.inc.php in ...)
	NOT-FOR-US: AgerMenu
CVE-2007-0836 (admin.php in Coppermine Photo Gallery 1.4.10, and possibly earlier, al ...)
	NOT-FOR-US: Coppermine Photo Gallery
CVE-2007-0835 (admin.php in Coppermine Photo Gallery 1.4.10, and possibly earlier, al ...)
	NOT-FOR-US: Coppermine Photo Gallery
CVE-2007-0834 (Cross-site scripting (XSS) vulnerability in FlashChat 4.7.8 allows rem ...)
	NOT-FOR-US: FlashChat
CVE-2007-0833 (VMware Workstation 5.5.3 34685, when the "Enable copy and paste to and ...)
	NOT-FOR-US: VMware
CVE-2007-0832 (VMware Workstation 5.5.3 34685 does not immediately change the availab ...)
	NOT-FOR-US: VMware
CVE-2007-0831 (** DISPUTED ** Multiple PHP remote file inclusion vulnerabilities in A ...)
	NOT-FOR-US: Atsphp
CVE-2007-0830
	NOT-FOR-US: vBulletin
CVE-2007-0829 (avast! Server Edition before 4.7.726 does not demand a password in a c ...)
	NOT-FOR-US: avast!
CVE-2007-0828 (PHP remote file inclusion vulnerability in affichearticles.php3 in MyS ...)
	NOT-FOR-US: MySQLNewsEngine
CVE-2007-0827 (The Alibaba Alipay PTA Module ActiveX control (PTA.DLL) allows remote  ...)
	NOT-FOR-US: Alibaba Alipay PTA Module ActiveX control
CVE-2007-0826 (SQL injection vulnerability in forum.asp in Kisisel Site 2007 allows r ...)
	NOT-FOR-US: Kisisel Site
CVE-2007-0825 (FlashFXP 3.4.0 build 1145 allows remote servers to cause a denial of s ...)
	NOT-FOR-US: FlashFXP
CVE-2007-0824 (PHP remote file inclusion vulnerability in inhalt.php in LightRO CMS 1 ...)
	NOT-FOR-US: LightRO CMS
CVE-2007-0823 (xterm on Slackware Linux 10.2 stores information that had been display ...)
	- xterm <not-affected> (Not a security problem)
CVE-2007-0822 (umount, when running with the Linux 2.6.15 kernel on Slackware Linux 1 ...)
	- util-linux <not-affected> (Not a security problem)
CVE-2007-0821 (Multiple directory traversal vulnerabilities in Cedric CLAIRE PortailP ...)
	NOT-FOR-US: PortailPhp
CVE-2007-0820 (Multiple PHP remote file inclusion vulnerabilities in Cedric CLAIRE Po ...)
	NOT-FOR-US: PortailPhp
CVE-2007-0819 (HP Network Node Manager (NNM) Remote Console 7.50, 7.51, and 7.53 assi ...)
	NOT-FOR-US: HP Network Node Manager
CVE-2007-0818
	REJECTED
CVE-2007-0817 (Cross-site scripting (XSS) vulnerability in Adobe ColdFusion web serve ...)
	NOT-FOR-US: Adobe ColdFusion web server
CVE-2007-0816 (The RPC Server service (catirpc.exe) in CA (formerly Computer Associat ...)
	NOT-FOR-US: (CA) BrightStor
CVE-2007-0815 (Cross-site scripting (XSS) vulnerability in images_archive.asp in Uapp ...)
	NOT-FOR-US: Uphotogallery
CVE-2007-0814 (Multiple cross-site scripting (XSS) vulnerabilities in Adrenalin's ASP ...)
	NOT-FOR-US: ASP Chat
CVE-2007-0813 (Cross-site scripting (XSS) vulnerability in Home production MySearchEn ...)
	NOT-FOR-US: MySearchEngine
CVE-2007-0812 (SQL injection vulnerability in pms.php in Woltlab Burning Board (wBB)  ...)
	NOT-FOR-US: Woltlab Burning Board
CVE-2007-0811 (Microsoft Internet Explorer 6.0 SP1 on Windows 2000, and 6.0 SP2 on Wi ...)
	NOT-FOR-US: Microsoft
CVE-2007-0810 (PHP remote file inclusion vulnerability in MVCnPHP/BaseView.php in Gee ...)
	NOT-FOR-US: GeekLog
CVE-2007-0809 (PHP remote file inclusion vulnerability in includes/class_template.php ...)
	NOT-FOR-US: Categories Hierarchy
CVE-2007-0808 (PHP remote file inclusion vulnerability in Mina Ajans Script allows re ...)
	NOT-FOR-US: Mina Ajans Script
CVE-2007-0807 (Cross-site scripting (XSS) vulnerability in info.php in flashChat 4.7. ...)
	NOT-FOR-US: flashChat
CVE-2007-0806 (Les News 2.2 allows remote attackers to bypass authentication and gain ...)
	NOT-FOR-US: Les News
CVE-2007-0805 (The ps (/usr/ucb/ps) command on HP Tru64 UNIX 5.1 1885 allows local us ...)
	NOT-FOR-US: HP Tru64 UNIX
CVE-2007-0804 (Directory traversal vulnerability in admin/subpages.php in GGCMS 1.1.0 ...)
	NOT-FOR-US: GGCMS
CVE-2007-0803 (Multiple buffer overflows in STLport before 5.0.3 allow remote attacke ...)
	- stlport5 5.0.3-1 (bug #410864; low)
	[etch] - stlport5 5.0.2-12
	[sarge] - stlport5 <not-affected> (Vulnerable code not compiled in)
CVE-2007-0802 (Mozilla Firefox 2.0.0.1 allows remote attackers to bypass the Phishing ...)
	- iceweasel 2.0.0.16-1 (low)
	NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=367538
CVE-2007-0801 (The nsExternalAppHandler::SetUpTempFile function in Mozilla Firefox 1. ...)
	- iceweasel 2.0.0.2+dfsg-1 (low)
	- firefox 45.0-1 (low)
	- firefox-esr 45.0esr-1 (low)
	- iceape 1.0.8-1 (low)
	- xulrunner 1.8.0.10-1 (low)
CVE-2007-0800 (Cross-zone vulnerability in Mozilla Firefox 1.5.0.9 considers blocked  ...)
	NOTE: MFSA-2007-05
	- iceweasel 2.0.0.2+dfsg-1 (medium)
	- iceape 1.0.8-1 (medium)
	- xulrunner 1.8.0.10-1 (medium)
	[sarge] - mozilla-firefox <no-dsa> (Mozilla products from Sarge no longer supported)
	[sarge] - mozilla <no-dsa> (Mozilla products from Sarge no longer supported)
CVE-2007-0799 (SQL injection vulnerability in badword.asp in Ublog Reload 1.0.5 allow ...)
	NOT-FOR-US: Ublog Reload
CVE-2007-0798 (Multiple cross-site scripting (XSS) vulnerabilities in Ublog Reload 1. ...)
	NOT-FOR-US: Ublog Reload
CVE-2007-0797 (PHP remote file inclusion vulnerability in theme/settings.php in bluev ...)
	NOT-FOR-US: SMA-DB
CVE-2007-0796 (Blue Coat Systems WinProxy 6.1a and 6.0 r1c, and possibly earlier, all ...)
	NOT-FOR-US: WinProxy
CVE-2007-0795 (Multiple PHP remote file inclusion vulnerabilities in Wap Portal Serve ...)
	NOT-FOR-US: Wap Portal Server
CVE-2007-0794
	NOT-FOR-US: GlobalMegaCorp dvddb
CVE-2007-0793 (PHP remote file inclusion vulnerability in inc/common.php in GlobalMeg ...)
	NOT-FOR-US: GlobalMegaCorp dvddb
CVE-2007-0792 (The mod_perl initialization script in Bugzilla 2.23.3 does not set the ...)
	- bugzilla <not-affected> (Only development version 2.23.3 is affected)
CVE-2007-0791 (Cross-site scripting (XSS) vulnerability in Atom feeds in Bugzilla 2.2 ...)
	- bugzilla 2.22.1-2.1 (bug #409824; low)
	[etch] - bugzilla <no-dsa> (Minor issue, far-fetched attack, minor impact)
	[sarge] - bugzilla <not-affected> (Vulnerable code not present)
CVE-2007-0790 (Heap-based buffer overflow in SmartFTP 2.0.1002 allows remote FTP serv ...)
	NOT-FOR-US: SmartFTP
CVE-2007-0789 (SQL injection vulnerability in Mambo before 4.5.5 allows remote attack ...)
	- mambo 4.6.1-1 (medium)
	NOTE: only the 4.5.x tree was vulnerable
CVE-2007-0788 (Cross-site scripting (XSS) vulnerability in MediaWiki 1.9.x before 1.9 ...)
	- mediawiki <not-affected> (Only in 1.9 branch, fixed in 1.9.2)
CVE-2007-0787 (PHP remote file inclusion vulnerability in controller.php in Simple In ...)
	NOT-FOR-US: Simple Invoices
CVE-2007-0786 (SQL injection vulnerability in view.php in Noname Media Photo Galerie  ...)
	NOT-FOR-US: Noname Media Photo Galerie Standard
CVE-2007-0785 (PHP remote file inclusion vulnerability in previewtheme.php in Flipsou ...)
	NOT-FOR-US: Flipsource Flip
CVE-2007-0784 (SQL injection vulnerability in login.asp for tPassword in the Raymond  ...)
	NOT-FOR-US: RBL ASP tPassword
CVE-2007-0783
	RESERVED
CVE-2007-0782
	RESERVED
CVE-2007-0781
	RESERVED
CVE-2007-0780 (browser.js in Mozilla Firefox 1.5.x before 1.5.0.10 and 2.x before 2.0 ...)
	NOTE: MFSA-2007-05
	- iceweasel 2.0.0.2+dfsg-1 (medium)
	- iceape 1.0.8-1 (medium)
	- xulrunner 1.8.0.10-1 (medium)
	[sarge] - mozilla-firefox <not-affected> (Vulnerable code not present)
	[sarge] - mozilla <not-affected> (Vulnerable code not present)
CVE-2007-0779 (GUI overlay vulnerability in Mozilla Firefox 1.5.x before 1.5.0.10 and ...)
	NOTE: MFSA-2007-04
	- iceweasel 2.0.0.2+dfsg-1 (low)
	- iceape 1.0.8-1 (low)
	- xulrunner 1.8.0.10-1 (low)
	[sarge] - mozilla-firefox <no-dsa> (Mozilla products from Sarge no longer supported)
	[sarge] - mozilla <not-affected> (introduced in firefox 1.5)
CVE-2007-0778 (The page cache feature in Mozilla Firefox before 1.5.0.10 and 2.x befo ...)
	{DSA-1336-1}
	NOTE: MFSA-2007-03
	- iceweasel 2.0.0.2+dfsg-1 (low)
	- iceape 1.0.8-1 (low)
	- xulrunner 1.8.0.10-1 (low)
	[sarge] - mozilla-firefox <no-dsa> (Mozilla products from Sarge no longer supported)
	[sarge] - mozilla <no-dsa> (Mozilla products from Sarge no longer supported)
CVE-2007-0777 (The JavaScript engine in Mozilla Firefox before 1.5.0.10 and 2.x befor ...)
	NOTE: MFSA-2007-01
	- iceweasel 2.0.0.2+dfsg-1 (high)
	- iceape 1.0.8-1 (high)
	- icedove 1.5.0.10.dfsg1-1 (low)
	- xulrunner 1.8.0.10-1 (high)
	[sarge] - mozilla-firefox <no-dsa> (Mozilla products from Sarge no longer supported)
	[sarge] - mozilla-thunderbird <no-dsa> (Mozilla products from Sarge no longer supported)
	[sarge] - mozilla <no-dsa> (Mozilla products from Sarge no longer supported)
CVE-2007-0776 (Heap-based buffer overflow in the _cairo_pen_init function in Mozilla  ...)
	NOTE: MFSA-2007-01
	- iceweasel 2.0.0.2+dfsg-1 (high)
	- iceape 1.0.8-1 (high)
	- icedove 1.5.0.10.dfsg1-1 (low)
	- xulrunner 1.8.0.10-1 (high)
	[sarge] - mozilla-firefox <not-affected> (Only affected Firefox 2.0 et al)
	[sarge] - mozilla-thunderbird <not-affected> (Only affected Firefox 2.0 et al)
	[sarge] - mozilla <not-affected> (Only affected Firefox 2.0 et al)
CVE-2007-0775 (Multiple unspecified vulnerabilities in the layout engine in Mozilla F ...)
	{DSA-1336-1}
	NOTE: MFSA-2007-01
	- iceweasel 2.0.0.2+dfsg-1 (high)
	- iceape 1.0.8-1 (high)
	- icedove 1.5.0.10.dfsg1-1 (low)
	- xulrunner 1.8.0.10-1 (high)
	[sarge] - mozilla-firefox <no-dsa> (Mozilla products from Sarge no longer supported)
	[sarge] - mozilla-thunderbird <no-dsa> (Mozilla products from Sarge no longer supported)
	[sarge] - mozilla <no-dsa> (Mozilla products from Sarge no longer supported)
	NOTE: Only one of the crashes can be triggered in Sarge, 326864
CVE-2007-0774 (Stack-based buffer overflow in the map_uri_to_worker function (native/ ...)
	- libapache-mod-jk 1:1.2.21-1 (medium)
	[sarge] - libapache-mod-jk <not-affected>
	[etch] - libapache-mod-jk <not-affected>
	NOTE: affects only 1.2.19 and 1.2.20
CVE-2007-0773 (The Linux kernel before 2.6.9-42.0.8 in Red Hat 4.4 allows local users ...)
	- linux-2.6 2.6.12-1
CVE-2007-0772 (The Linux kernel 2.6.13 and other versions before 2.6.20.1 allows remo ...)
	- linux-2.6 2.6.18.dfsg.1-11
CVE-2007-0771 (The utrace support in Linux kernel 2.6.18, and other versions, allows  ...)
	- linux-2.6 <not-affected> (RHEL-specific backport, only present in -mm tree)
CVE-2007-0770 (Buffer overflow in GraphicsMagick and ImageMagick allows user-assisted ...)
	{DSA-1260}
	- graphicsmagick 1.1.7-12
	- imagemagick 7:6.2.4.5.dfsg1-0.14 (bug #410435)
CVE-2007-1667 (Multiple integer overflows in (1) the XGetPixel function in ImUtil.c i ...)
	{DSA-1903-1 DSA-1858-1 DSA-1294-1}
	- xfree86 <removed> (bug #414046; medium)
	- libx11 2:1.0.3-7 (bug #414045; medium)
	- graphicsmagick 1.1.7-14 (bug #417862; medium)
	- imagemagick 7:6.2.4.5.dfsg1-1 (medium)
	NOTE: Discovered through CVE-2007-0770.
	NOTE: With certain mail user agents, this issue is likely exploitable
	NOTE: without much user interaction.
CVE-2007-0844 (The auth_via_key function in pam_ssh.c in pam_ssh before 1.92, when th ...)
	- libpam-ssh 1.91.0-9.2 (bug #410236; low)
	[etch] - libpam-ssh <no-dsa> (Minor issue)
	[sarge] - libpam-ssh <no-dsa> (Minor issue)
CVE-2007-0769
	NOT-FOR-US: Phorum
CVE-2007-0768 (Multiple cross-site scripting (XSS) vulnerabilities in the Contact Det ...)
	NOT-FOR-US: Yahoo! Messenger
CVE-2007-0767 (Cross-site scripting (XSS) vulnerability in the core in Phorum before  ...)
	NOT-FOR-US: Phorum
CVE-2007-0766 (Stack-based buffer overflow in Remotesoft .NET Explorer 2.0.1 allows u ...)
	NOT-FOR-US: .NET Explorer
CVE-2007-0765 (SQL injection vulnerability in news.php in dB Masters Curium CMS 1.03  ...)
	NOT-FOR-US: Curium CMS
CVE-2007-0764 (Unrestricted file upload vulnerability in F3Site 2.1 and earlier allow ...)
	NOT-FOR-US: F3Site
CVE-2007-0763 (Cross-site scripting (XSS) vulnerability in the news comment functiona ...)
	NOT-FOR-US: F3Site
CVE-2007-0762 (PHP remote file inclusion vulnerability in includes/functions.php in p ...)
	NOT-FOR-US: phpBB++
CVE-2007-0761 (PHP remote file inclusion vulnerability in config.php in phpBB ezBoard ...)
	NOT-FOR-US: phpBB ezBoard converter
CVE-2007-0760 (EQdkp 1.3.1 and earlier authenticates administrative requests by verif ...)
	NOT-FOR-US: EQdkp
CVE-2007-0759 (Multiple SQL injection vulnerabilities in EasyMoblog 0.5.1 allow remot ...)
	NOT-FOR-US: EasyMoblog
CVE-2007-0758 (PHP remote file inclusion vulnerability in lang.php in PHPProbid 5.24  ...)
	NOT-FOR-US: PHPProbid
CVE-2007-0757 (PHP remote file inclusion vulnerability in index.php in Miguel Nunes C ...)
	NOT-FOR-US: CoD2 DreamStats
CVE-2007-0756 (Chicken of the VNC (cotv) 2.0 allows remote attackers to cause a denia ...)
	NOT-FOR-US: Chicken of the VNC
CVE-2007-0755
	RESERVED
CVE-2007-0754 (Heap-based buffer overflow in Apple QuickTime before 7.1.3 allows user ...)
	NOT-FOR-US: Apple QuickTime
CVE-2007-0753 (Format string vulnerability in the VPN daemon (vpnd) in Apple Mac OS X ...)
	NOT-FOR-US: Apple
CVE-2007-0752 (The PPP daemon (pppd) in Apple Mac OS X 10.4.8 checks ownership of the ...)
	NOT-FOR-US: Apple
CVE-2007-0751 (A cleanup script in crontabs in Apple Mac OS X 10.3.9 and 10.4.9 might ...)
	NOT-FOR-US: Apple
CVE-2007-0750 (Integer overflow in CoreGraphics in Apple Mac OS X 10.4 up to 10.4.9 a ...)
	NOT-FOR-US: Apple
CVE-2007-0749 (Multiple stack-based buffer overflows in the is_command function in pr ...)
	NOT-FOR-US: Apple Darwin Streaming Server
CVE-2007-0748 (Heap-based buffer overflow in Apple Darwin Streaming Proxy, when using ...)
	NOT-FOR-US: Apple Darwin Streaming Server
CVE-2007-0747 (load_webdav in Apple Mac OS X 10.3.9 through 10.4.9 does not properly  ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2007-0746 (Heap-based buffer overflow in the VideoConference framework in Apple M ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2007-0745 (The Apple Security Update 2007-004 uses an incorrect configuration fil ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2007-0744 (SMB in Apple Mac OS X 10.3.9 through 10.4.9 does not properly clean th ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2007-0743 (URLMount in Apple Mac OS X 10.3.9 through 10.4.9 passes the username a ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2007-0742 (The WebFoundation framework in Apple Mac OS X 10.3.9 and earlier allow ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2007-0741 (Buffer overflow in natd in network_cmds in Apple Mac OS X 10.3.9 throu ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2007-0740 (Alias Manager in Apple Mac OS X 10.3.9 and 10.4.9 does not display fil ...)
	NOT-FOR-US: Apple
CVE-2007-0739 (The Login Window in Apple Mac OS X 10.4 through 10.4.9 displays the so ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2007-0738 (The Login Window in Apple Mac OS X 10.4 through 10.4.9 does not displa ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2007-0737 (The Login Window in Apple Mac OS X 10.3.9 through 10.4.9 does not prop ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2007-0736 (Integer overflow in the RPC library in Libinfo in Apple Mac OS X 10.3. ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2007-0735 (Use-after-free vulnerability in Libinfo in Apple Mac OS X 10.3.9 throu ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2007-0734 (fsck, as used by the AirPort Disk feature of the AirPort Extreme Base  ...)
	NOT-FOR-US: AirPort Extreme Base Station
CVE-2007-0733 (Unspecified vulnerability in ImageIO in Apple Mac OS X 10.3.9 and 10.4 ...)
	NOT-FOR-US: Apple Mac ImageIO
CVE-2007-0732 (Unspecified vulnerability in the CoreServices daemon in CarbonCore in  ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2007-0731 (Stack-based buffer overflow in the Apple-specific Samba module (SMB Fi ...)
	NOT-FOR-US: Apple Mac
CVE-2007-0730 (Server Manager (servermgrd) in Apple Mac OS X 10.3.9 and 10.4 through  ...)
	NOT-FOR-US: Apple Mac Server Manager
CVE-2007-0729 (Apple File Protocol (AFP) Client in Apple Mac OS X 10.3.9 through 10.4 ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2007-0728 (Unspecified vulnerability in Apple Mac OS X 10.3.9 and 10.4 through 10 ...)
	NOT-FOR-US: Apple Mac
CVE-2007-0727
	REJECTED
CVE-2007-0726 (The SSH key generation process in OpenSSH in Apple Mac OS X 10.3.9 and ...)
	NOT-FOR-US: Apple OpenSSH
CVE-2007-0725 (Buffer overflow in the AirPortDriver module for AirPort in Apple Mac O ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2007-0724 (The IOKit HID interface in Apple Mac OS X 10.3.9 and 10.4 through 10.4 ...)
	NOT-FOR-US: Apple Mac
CVE-2007-0723 (Unspecified vulnerability in the authentication feature for DirectoryS ...)
	NOT-FOR-US: Mac OS X
CVE-2007-0722 (Integer overflow in Apple Mac OS X 10.3.9 and 10.4 through 10.4.8 allo ...)
	NOT-FOR-US: Apple Mac
CVE-2007-0721 (Unspecified vulnerability in diskimages-helper in Apple Mac OS X 10.3. ...)
	NOT-FOR-US: Apple Mac
CVE-2007-0720 (The CUPS service on multiple platforms allows remote attackers to caus ...)
	- cups 1.2.7-1 (bug #434734; low)
	- cupsys 1.2.7-1 (bug #434734; low)
	[sarge] - cupsys <no-dsa> (Minor, conceptual design problem)
	[etch] - cupsys <no-dsa> (Minor, conceptual design problem)
CVE-2007-0719 (Stack-based buffer overflow in Apple Mac OS X 10.3.9 and 10.4 through  ...)
	NOT-FOR-US: Apple Mac
CVE-2007-0718 (Heap-based buffer overflow in Apple QuickTime before 7.1.5 allows remo ...)
	NOT-FOR-US: Apple QuickTime
CVE-2007-0717 (Integer overflow in Apple QuickTime before 7.1.5 allows remote user-as ...)
	NOT-FOR-US: Apple QuickTime
CVE-2007-0716 (Stack-based buffer overflow in Apple QuickTime before 7.1.5 allows rem ...)
	NOT-FOR-US: Apple QuickTime
CVE-2007-0715 (Heap-based buffer overflow in Apple QuickTime before 7.1.5 allows remo ...)
	NOT-FOR-US: Apple QuickTime
CVE-2007-0714 (Integer overflow in Apple QuickTime before 7.1.5 allows remote user-as ...)
	NOT-FOR-US: Apple QuickTime
CVE-2007-0713 (Heap-based buffer overflow in Apple QuickTime before 7.1.5 allows remo ...)
	NOT-FOR-US: Apple QuickTime
CVE-2007-0712 (Heap-based buffer overflow in Apple QuickTime before 7.1.5 allows remo ...)
	NOT-FOR-US: Apple QuickTime
CVE-2007-0711 (Integer overflow in Apple QuickTime before 7.1.5, when installed on Wi ...)
	NOT-FOR-US: Apple QuickTime
CVE-2007-0710 (The Bonjour functionality in iChat in Apple Mac OS X 10.3.9 allows rem ...)
	NOT-FOR-US: Apple iChat
CVE-2007-0709 (cmdmon.sys in Comodo Firewall Pro (formerly Comodo Personal Firewall)  ...)
	NOT-FOR-US: Comodo Firewall Pro
CVE-2007-0708 (cmdmon.sys in Comodo Firewall Pro (formerly Comodo Personal Firewall)  ...)
	NOT-FOR-US: Comodo Firewall Pro
CVE-2007-0707 (Stack-based buffer overflow in GOM Player 2.0.12.3375 allows user-assi ...)
	NOT-FOR-US: GOM Player
CVE-2007-0706 (Cross-zone scripting vulnerability in Darksky RSS bar for Internet Exp ...)
	NOT-FOR-US: Darksky RSS
CVE-2007-0705 (Cross-zone scripting vulnerability in Sleipnir 2.49 and earlier, and P ...)
	NOT-FOR-US: Sleipnir
CVE-2007-0704 (PHP remote file inclusion vulnerability in install.php in Somery 0.4.6 ...)
	NOT-FOR-US: Somery
CVE-2007-0703 (PHP remote file inclusion vulnerability in library/StageLoader.php in  ...)
	NOT-FOR-US: WebBuilder
CVE-2007-0702 (Multiple PHP remote file inclusion vulnerabilities in phpEventMan 1.0. ...)
	NOT-FOR-US: phpEventMan
CVE-2007-0701 (PHP remote file inclusion vulnerability in inc/common.inc.php in Epist ...)
	NOT-FOR-US: Epistemon
CVE-2007-0700 (Directory traversal vulnerability in index.php in Guernion Sylvain Por ...)
	NOT-FOR-US: Portail Web
CVE-2007-0699 (PHP remote file inclusion vulnerability in includes/includes.php in Gu ...)
	NOT-FOR-US: Portail Web
CVE-2007-0698 (Multiple SQL injection vulnerabilities in ACGVannu 1.3 and earlier all ...)
	NOT-FOR-US: ACGVannu
CVE-2007-0697 (index2.php in ACGVannu 1.3 and earlier allows remote attackers to chan ...)
	NOT-FOR-US: ACGVannu
CVE-2007-0696 (Cross-site scripting (XSS) vulnerability in error messages in Free LAN ...)
	NOT-FOR-US: Free LAN Intranet Portal
CVE-2007-0695 (Multiple SQL injection vulnerabilities in Free LAN In(tra|ter)net Port ...)
	NOT-FOR-US: Free LAN Intranet Portal
CVE-2007-0694 (Cross-site scripting (XSS) vulnerability in footer.php in DGNews 2.1 a ...)
	NOT-FOR-US: DGNews
CVE-2007-0693 (SQL injection vulnerability in news.php in DGNews 2.1 allows remote at ...)
	NOT-FOR-US: DGNews
CVE-2007-0692 (DGNews 2.1 allows remote attackers to obtain sensitive information via ...)
	NOT-FOR-US: DGNews
CVE-2007-0691
	REJECTED
CVE-2007-0690 (myEvent 1.6 allows remote attackers to obtain sensitive information vi ...)
	NOT-FOR-US: myEvent
CVE-2007-0689 (MyBB 1.2.4 allows remote attackers to obtain sensitive information via ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2007-XXXX [remctl ACL bypass vulnerability]
	- remctl 2.2-2
	[sarge] - remctl <not-affected> (Vulnerable code not present)
CVE-2007-0688 (SQL injection vulnerability in oku.asp in Hunkaray Duyuru Scripti allo ...)
	NOT-FOR-US: Hunkaray Duyuru Scripti
CVE-2007-0687 (SQL injection vulnerability in i-search.php in Michelle's L2J Dropcalc ...)
	NOT-FOR-US: L2J Dropcalc
CVE-2007-0686 (The Intel 2200BG 802.11 Wireless Mini-PCI driver 9.0.3.9 (w29n51.sys)  ...)
	NOT-FOR-US: Intel 2200BG Cards drive.
CVE-2007-0685 (Internet Explorer on Windows Mobile 5.0 and Windows Mobile 2003 and 20 ...)
	NOT-FOR-US: Internet Explorer
CVE-2007-0684 (PHP remote file inclusion vulnerability in portal.php in Cerulean Port ...)
	NOT-FOR-US: Cerulean Portal System
CVE-2007-0683 (PHP remote file inclusion vulnerability in includes/functions.php in O ...)
	NOT-FOR-US: Omegaboard
CVE-2007-0682 (PHP remote file inclusion vulnerability in theme/include_mode/template ...)
	NOT-FOR-US: JV2 Folder Gallery
CVE-2007-0681 (profile.php in ExtCalendar 2 and earlier allows remote attackers to ch ...)
	NOT-FOR-US: ExtCalendar
CVE-2007-0680 (PHP remote file inclusion vulnerability in includes/functions.php in P ...)
	NOT-FOR-US: Phpbb Tweaked it is a module to phpbb
CVE-2007-0679 (PHP remote file inclusion vulnerability in lang/leslangues.php in Nico ...)
	NOT-FOR-US: PHPMyRing
CVE-2007-0678 (SQL injection vulnerability in windows.asp in Fullaspsite Asp Hosting  ...)
	NOT-FOR-US: Fullaspsite Asp Hosting Sites
CVE-2007-0677 (PHP remote file inclusion vulnerability in fw/class.Quick_Config_Brows ...)
	NOT-FOR-US: Cadre PHP Framework
CVE-2007-0676 (SQL injection vulnerability in faq.php in ExoPHPDesk 1.2.1 and earlier ...)
	NOT-FOR-US: ExoPHPDesk
CVE-2007-0675 (A certain ActiveX control in sapi.dll (aka the Speech API) in Speech C ...)
	NOT-FOR-US: Windows Vista
CVE-2007-0674 (Pictures and Videos on Windows Mobile 5.0 and Windows Mobile 2003 and  ...)
	NOT-FOR-US: Windows Mobile
CVE-2007-0673 (LGSERVER.EXE in BrightStor ARCserve Backup for Laptops &amp; Desktops  ...)
	NOT-FOR-US: (CA) BrightStor
CVE-2007-0672 (LGSERVER.EXE in BrightStor Mobile Backup 4.0 allows remote attackers t ...)
	NOT-FOR-US: (CA) BrightStor
CVE-2007-0671 (Unspecified vulnerability in Microsoft Excel 2000, XP, 2003, and 2004  ...)
	NOT-FOR-US: Microsoft Excel
CVE-2007-0670 (Buffer overflow in bos.rte.libc in IBM AIX 5.2 and 5.3 allows local us ...)
	NOT-FOR-US: IBM AIX
CVE-2007-0669 (Unspecified vulnerability in Twiki 4.0.0 through 4.1.0 allows local us ...)
	- twiki 1:4.0.5-9 (bug #410256)
CVE-2007-0668 (The Loopback Filesystem (LOFS) in Sun Solaris 10 allows local users in ...)
	NOT-FOR-US: Sun Solaris.
CVE-2007-0667 (The redirect function in Form.pm for (1) LedgerSMB before 1.1.5 and (2 ...)
	- sql-ledger <unfixed> (bug #409703; unimportant)
	NOTE: It's documented behaviour that SQL-Ledger should only be run in an
	NOTE: authenticated HTTP zone and without untrusted users
	[etch] - sql-ledger <no-dsa> (Should only be used with trusted users)
	NOTE: sql-ledger 2.6.22-2 adds a note to README.Debian that sql-ledger
	NOTE: is not secure with untrusted users.
CVE-2007-0666 (Ipswitch WS_FTP Server 5.04 allows FTP site administrators to execute  ...)
	NOT-FOR-US: WS_FTP Server
CVE-2007-0665 (Format string vulnerability in the SCP module in Ipswitch WS_FTP 2007  ...)
	NOT-FOR-US: WS_FTP Server
CVE-2007-0664 (thttpd before 2.25b-r6 in Gentoo Linux is started from the system root ...)
	- thttpd <not-affected> (Gentoo-specific packaging flaw)
	NOTE: In accordance with Debian Policy is not possible start Webserver
	NOTE: in root directory (/).
CVE-2007-0663 (SQL injection vulnerability in index.php in Eclectic Designs Cascadian ...)
	NOT-FOR-US: Eclectic Designs CascadianFAQ
CVE-2007-0662 (PHP remote file inclusion vulnerability in includes/usercp_viewprofile ...)
	NOT-FOR-US: Hailboards
CVE-2007-0661 (Intel Enterprise Southbridge 2 Baseboard Management Controller (BMC),  ...)
	NOT-FOR-US: Intel BMC
CVE-2007-0660 (Cross-site scripting (XSS) vulnerability in the IFrame module before 0 ...)
	NOT-FOR-US: DotNetNuke
CVE-2007-0659 (download.php in the MuddyDogPaws FileDownload snippet before 2.5 for M ...)
	NOT-FOR-US: MODx MuddyDogPaws FileDownload
CVE-2007-0658 (The (1) Textimage 4.7.x before 4.7-1.2 and 5.x before 5.x-1.1 module f ...)
	NOT-FOR-US: Drupal addon module "Textimage"
CVE-2007-0657 (Unspecified vulnerability in Nexuiz 2.2.2 allows remote attackers to r ...)
	- nexuiz 2.2.3-1 (medium)
	[etch] - nexuiz <not-affected> (Vulnerable code not present, was introduced in 2.2.2)
CVE-2007-0656 (PHP remote file inclusion vulnerability in includes/functions.php in p ...)
	NOT-FOR-US: phpBB2-MODificat it is a module to phpbb2
CVE-2007-0655 (The MicroWorld Agent service (MWAGENT.EXE) in MicroWorld Technologies  ...)
	NOT-FOR-US: MicroWorld
CVE-2007-0654 (Integer underflow in X MultiMedia System (xmms) 1.2.10 allows user-ass ...)
	{DSA-1277-1}
	- xmms 1:1.2.10+20070301-2 (bug #416423; low)
CVE-2007-0653 (Integer overflow in X MultiMedia System (xmms) 1.2.10, and possibly ot ...)
	{DSA-1277-1}
	- xmms 1:1.2.10+20070301-2 (bug #416423; low)
CVE-2007-0652 (Cross-site request forgery (CSRF) vulnerability in MailEnable Professi ...)
	NOT-FOR-US: MailEnable Professional
CVE-2007-0651 (Multiple cross-site scripting (XSS) vulnerabilities in MailEnable Prof ...)
	NOT-FOR-US: MailEnable Professional
CVE-2007-0650 (Buffer overflow in the open_sty function in mkind.c for makeindex 2.14 ...)
	- tetex-bin <not-affected> (Only vulnerable if compiled w/o kpathsea support, Debian does)
CVE-2007-0649 (Variable overwrite vulnerability in interface/globals.php in OpenEMR 2 ...)
	NOT-FOR-US: OpenEMR
CVE-2007-0648 (Cisco IOS after 12.3(14)T, 12.3(8)YC1, 12.3(8)YG, and 12.4, with voice ...)
	NOT-FOR-US: Cisco
CVE-2007-0647 (Format string vulnerability in Help Viewer 3.0.0 allows remote user-as ...)
	NOT-FOR-US: AppleKit
CVE-2007-0646 (Format string vulnerability in iMovie HD 6.0.3, and Safari in Apple Ma ...)
	NOT-FOR-US: iMovie
CVE-2007-0645 (Format string vulnerability in iPhoto 6.0.5 allows remote user-assiste ...)
	NOT-FOR-US: iPhoto
CVE-2007-0644 (Format string vulnerability in Apple Safari 2.0.4 (419.3) allows remot ...)
	NOT-FOR-US: Apple Safari
CVE-2007-0643 (Stack-based buffer overflow in Bloodshed Dev-C++ 4.9.9.2 allows user-a ...)
	NOT-FOR-US: Bloodshed Dev-C++
CVE-2007-0642 (SQL injection vulnerability in tForum 2.00 in the Raymond BERTHOU scri ...)
	NOT-FOR-US: Raymond BERTHOU script collection
CVE-2007-0641 (Buffer overflow in the EnumPrintersA function in dapcnfsd.dll 0.6.4.0  ...)
	NOT-FOR-US: Shaffer Solutions (SSC)
CVE-2007-0640 (Buffer overflow in ZABBIX before 1.1.5 has unknown impact and attack v ...)
	- zabbix 1:1.1.4-8 (bug #409257)
CVE-2007-0639 (Multiple static code injection vulnerabilities in error.php in GuppY 4 ...)
	NOT-FOR-US: GuppY
CVE-2007-0638 (show.php in Vlad Alexa Mancini PHPFootball 1.6 allows remote attackers ...)
	NOT-FOR-US: PHPFootball
CVE-2007-0637 (Directory traversal vulnerability in zd_numer.php in Galeria Zdjec 3.0 ...)
	NOT-FOR-US: Galeria Zdjec
CVE-2007-0636 (Unspecified vulnerability in inotify before 0.3.5 has unknown impact a ...)
	NOT-FOR-US: incron
CVE-2007-0635 (Multiple PHP remote file inclusion vulnerabilities in EncapsCMS 0.3.6  ...)
	NOT-FOR-US: EncapsCMS
CVE-2007-0634 (Unspecified vulnerability in Sun Solaris 10 before 20070130 allows rem ...)
	NOT-FOR-US: Sun Solaris
CVE-2007-XXXX [kaya buffer overflow, cross-site scripting and data leak]
	- kaya 0.2.0-6 (bug #409062)
CVE-2007-XXXX [file descriptor leak when a Compose file uses the "include" directive]
	- libx11 2:1.0.3-5 (low)
	NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=9279
CVE-2007-0633 (PHP remote file inclusion vulnerability in include/themes/themefunc.ph ...)
	NOT-FOR-US: MyNews
CVE-2007-0632 (SQL injection vulnerability in artreplydelete.asp in ASP EDGE 1.3a and ...)
	NOT-FOR-US: ASP EDGE
CVE-2007-0631 (SQL injection vulnerability in index.php in Eclectic Designs Cascadian ...)
	NOT-FOR-US: Eclectic Designs CascadianFAQ
CVE-2007-0630 (Multiple SQL injection vulnerabilities in the generate_csv function in ...)
	NOT-FOR-US: xNews
CVE-2007-0629 (The www_purgeList method in Plain Black WebGUI before 7.3.8 does not p ...)
	NOT-FOR-US: Plain Black WebGUI
CVE-2007-0628 (Multiple cross-site scripting (XSS) vulnerabilities in Sun Java System ...)
	NOT-FOR-US: Sun Java System Access Manager
CVE-2007-0627 (Michael Still gtalkbot before 1.2 places username and password argumen ...)
	NOT-FOR-US: gtalkbot
CVE-2007-0626 (The comment_form_add_preview function in comment.module in Drupal befo ...)
	- drupal 4.7.6-1
CVE-2007-0625 (nxconfigure.sh in NoMachine NX Server before 2.1.0-18 does not validat ...)
	NOT-FOR-US: NoMachine NX Server
CVE-2007-0624 (user.php in MAXdev MDPro 1.0.76 allows remote attackers to obtain the  ...)
	NOT-FOR-US: MAXdev MDPro
CVE-2007-0623 (SQL injection vulnerability in index.php in MAXdev MDPro 1.0.76 allows ...)
	NOT-FOR-US: MAXdev MDPro
CVE-2007-0622 (Cross-site request forgery (CSRF) vulnerability in MyBB (aka MyBulleti ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2007-0621
	REJECTED
CVE-2007-0620 (download.php in FD Script 1.3.2 and earlier allows remote attackers to ...)
	NOT-FOR-US: FD Script
CVE-2007-0619 (chmlib before 0.39 allows user-assisted remote attackers to execute ar ...)
	- chmlib 2:0.39-1 (bug #408603; medium)
CVE-2007-0618 (Unspecified vulnerability in (1) pop3d, (2) pop3ds, (3) imapd, and (4) ...)
	NOT-FOR-US: IBM AIX
CVE-2007-0617 (The SpamBlocker.dll ActiveX control in Earthlink TotalAccess is marked ...)
	NOT-FOR-US: Earthlink TotalAccess
CVE-2007-0616 (Directory traversal vulnerability in zen/template-functions.php in zen ...)
	NOT-FOR-US: zenphoto
CVE-2007-0615 (Unspecified vulnerability in Hitachi JP1/HIBUN Advanced Edition Manage ...)
	NOT-FOR-US: Hitachi
CVE-2007-0614 (The Bonjour functionality in mDNSResponder, iChat 3.1.6, and InstantMe ...)
	NOT-FOR-US: Apple
CVE-2007-0613 (The Bonjour functionality in mDNSResponder, iChat 3.1.6, and InstantMe ...)
	NOT-FOR-US: Apple
CVE-2007-0612 (Multiple ActiveX controls in Microsoft Windows 2000, XP, 2003, and Vis ...)
	NOT-FOR-US: Microsoft ActiveX
CVE-2007-0611 (Multiple cross-site scripting (XSS) vulnerabilities in Free LAN In(tra ...)
	NOT-FOR-US: Free LAN Intranet Portal
CVE-2007-0610 (Cross-site scripting (XSS) vulnerability in the mailform feature in CM ...)
	NOT-FOR-US: CMSimple
CVE-2007-0609 (Directory traversal vulnerability in Advanced Guestbook 2.4.2 allows r ...)
	NOT-FOR-US: Advanced Guestbook
CVE-2007-0608 (Advanced Guestbook 2.4.2 allows remote attackers to obtain sensitive i ...)
	NOT-FOR-US: Advanced Guestbook
CVE-2007-0607 (W-Agora (Web-Agora) 4.2.1, when register_globals is enabled, stores gl ...)
	NOT-FOR-US: Web-Agora
CVE-2007-0606 (w-agora 4.2.1 allows remote attackers to obtain sensitive information  ...)
	NOT-FOR-US: Web-Agora
CVE-2007-0605 (Cross-site scripting (XSS) vulnerability in picture.php in Advanced Gu ...)
	NOT-FOR-US: Advanced Guestbook
CVE-2007-0604 (Cross-site scripting (XSS) vulnerability in Movable Type (MT) before 3 ...)
	NOT-FOR-US: Movable Type
CVE-2007-0603 (PGP Desktop before 9.5.1 does not validate data objects received over  ...)
	NOT-FOR-US: PGP Desktop
CVE-2007-0602 (Buffer overflow in libvsapi.so in the VSAPI library in Trend Micro Vir ...)
	NOT-FOR-US: Trend Micro AntiVirus
CVE-2007-0601 (common/safety.php in Aztek Forum 4.00 allows remote attackers to enter ...)
	NOT-FOR-US: Aztek Forum
CVE-2007-0600 (SQL injection vulnerability in news_page.asp in Martyn Kilbryde Newspo ...)
	NOT-FOR-US: makit news
CVE-2007-0599 (Variable overwrite vulnerability in common/config.php in Aztek Forum 4 ...)
	NOT-FOR-US: Aztek Forum
CVE-2007-0598 (SQL injection vulnerability in forum/load.php in Aztek Forum 4.00 allo ...)
	NOT-FOR-US: Aztek Forum
CVE-2007-0597 (Aztek Forum 4.00 allows remote attackers to obtain sensitive informati ...)
	NOT-FOR-US: Aztek Forum
CVE-2007-0596 (PHP remote file inclusion vulnerability in index/main.php in Aztek For ...)
	NOT-FOR-US: Aztek Forum
CVE-2007-0595 (Cross-site scripting (XSS) vulnerability in search in High 5 Review Si ...)
	NOT-FOR-US: high5 Review
CVE-2007-0594 (Siteman 2.0.x2 stores sensitive information under the web root with in ...)
	NOT-FOR-US: Siteman
CVE-2007-0593 (Siteman 1.1.11 stores sensitive information under the web root with in ...)
	NOT-FOR-US: Siteman
CVE-2007-0592 (Cross-site scripting (XSS) vulnerability in EzDatabase 2.1.3 allows re ...)
	NOT-FOR-US: EzDatabase
CVE-2007-0591 (PHP remote file inclusion vulnerability in configure.php in Vu Le An V ...)
	NOT-FOR-US: VirtualPath
CVE-2007-0590 (Cross-site scripting (XSS) vulnerability in busca2.asp in Forum Livre  ...)
	NOT-FOR-US: Forum Livre
CVE-2007-0589 (SQL injection vulnerability in Forum Livre 1.0 allows remote attackers ...)
	NOT-FOR-US: Forum Livre
CVE-2007-0588 (The InternalUnpackBits function in Apple QuickDraw, as used by Quickti ...)
	NOT-FOR-US: Apple
CVE-2007-0587
	RESERVED
CVE-2007-0586
	RESERVED
CVE-2007-0585 (include/debug.php in Webfwlog 0.92 and earlier, when register_globals  ...)
	NOT-FOR-US: Webfwlog
CVE-2007-0584 (PHP remote file inclusion vulnerability in membres/membreManager.php i ...)
	NOT-FOR-US: PhP Generic
CVE-2007-0583 (Multiple cross-site scripting (XSS) vulnerabilities in HTTP Commander  ...)
	NOT-FOR-US: HTTP Commander
CVE-2007-0582 (SQL injection vulnerability in default.asp in ChernobiLe 1.0 allows re ...)
	NOT-FOR-US: ChernobiLe
CVE-2007-0581 (PHP remote file inclusion vulnerability in functions.php in EclipseBB  ...)
	NOT-FOR-US: EclipseBB
CVE-2007-0580 (PHP remote file inclusion vulnerability in menu.php in Foro Domus 2.10 ...)
	NOT-FOR-US: Foro Domus
CVE-2007-0579 (Unspecified vulnerability in the calendar component in Horde Groupware ...)
	NOT-FOR-US: Horde Groupware
CVE-2007-0578 (The http_open function in httpget.c in mpg123 before 0.64 allows remot ...)
	- mpg123 0.61-5 (bug #409296; unimportant)
	NOTE: Not much of a security problem; user will abort mpg123 and never listen to
	NOTE: the faulty stream again
CVE-2007-0577 (PHP remote file inclusion vulnerability in function.inc.php in ACGVcli ...)
	NOT-FOR-US: ACGVclick
CVE-2007-0576 (PHP remote file inclusion vulnerability in xt_counter.php in Xt-Stats  ...)
	NOT-FOR-US: Xt-Stats
CVE-2007-0575 (Multiple SQL injection vulnerabilities in the administrative login pag ...)
	NOT-FOR-US: ASPCode.net AdMentor
CVE-2007-0574 (SQL injection vulnerability in rss/show_webfeed.php in SpoonLabs Vivvo ...)
	NOT-FOR-US: SpoonLabs Vivvo Article Management CMS
CVE-2007-0573 (PHP remote file inclusion vulnerability in includes/config.inc.php in  ...)
	NOT-FOR-US: nsGalPHP
CVE-2007-0572 (PHP remote file inclusion vulnerability in include/irc/phpIRC.php in D ...)
	NOT-FOR-US: Drunken:Golem Gaming Portal
CVE-2007-0571 (PHP remote file inclusion vulnerability in include/lib/lib_head.php in ...)
	NOT-FOR-US: phpMyReports
CVE-2007-0570 (PHP remote file inclusion vulnerability in ains_main.php in Johannes G ...)
	NOT-FOR-US: Ad Fundum Integratable News Script
CVE-2007-0569 (SQL injection vulnerability in xNews.php in xNews 1.3 allows remote at ...)
	NOT-FOR-US: xNews
CVE-2007-0568 (PHP remote file inclusion vulnerability in system/lib/package.php in M ...)
	NOT-FOR-US: MyPHPCommander
CVE-2007-0567 (Cross-site scripting (XSS) vulnerability in admin.php in Interactive-S ...)
	NOT-FOR-US: Interactive-Scripts.Com
CVE-2007-0566 (SQL injection vulnerability in news_detail.asp in ASP NEWS 3 and earli ...)
	NOT-FOR-US: ASP NEWS
CVE-2007-0565 (CGI-Rescue Shopping Basket Professional 7.50 and earlier allows remote ...)
	NOT-FOR-US: CGI RESCUE
CVE-2007-0564 (The license registering interface in Symantec Web Security (SWS) befor ...)
	NOT-FOR-US: Symantec
CVE-2007-0563 (Multiple cross-site scripting (XSS) vulnerabilities in Symantec Web Se ...)
	NOT-FOR-US: Symantec
CVE-2007-0562 (Windows Explorer (explorer.exe) 6.0.2900.2180 in Microsoft Windows XP  ...)
	NOT-FOR-US: Windows Explorer
CVE-2007-0561 (Multiple PHP remote file inclusion vulnerabilities in Xero Portal 1.2  ...)
	NOT-FOR-US: Xero Portal
CVE-2007-0560 (SQL injection vulnerability in user.asp in ASP EDGE 1.2b and earlier a ...)
	NOT-FOR-US: ASP EDGE
CVE-2007-0559 (PHP remote file inclusion vulnerability in config.php in RPW 1.0.2 all ...)
	NOT-FOR-US: RPW
CVE-2007-0558 (PHP remote file inclusion vulnerability in modules/mail/main.php in In ...)
	NOT-FOR-US: vHostAdmin
CVE-2007-0557 (rMake before 1.0.4 drops root privileges in a way that retains the ori ...)
	NOT-FOR-US: rPath
CVE-2007-0556 (The query planner in PostgreSQL before 8.0.11, 8.1 before 8.1.7, and 8 ...)
	- postgresql-8.2 8.2.2-1
	- postgresql-8.1 8.1.7-1
	- postgresql-7.4 <not-affected> (only PostgreSQL 8.x)
	- postgresql <not-affected> (only PostgreSQL 8.x)
CVE-2007-0555 (PostgreSQL 7.3 before 7.3.13, 7.4 before 7.4.16, 8.0 before 8.0.11, 8. ...)
	{DSA-1261-1}
	- postgresql-8.2 8.2.2-1
	- postgresql-8.1 8.1.7-1
	- postgresql-7.4 1:7.4.16-1
	- postgresql <not-affected> (only transitional package)
CVE-2007-0554 (SQL injection vulnerability in print.asp in Guo Xu Guos Posting System ...)
	NOT-FOR-US: Guos Posting System
CVE-2007-0553 (Multiple cross-site scripting (XSS) vulnerabilities in index.inc.php i ...)
	NOT-FOR-US: PHProxy
CVE-2007-0552 (Cross-site scripting (XSS) vulnerability in install/default/error404.h ...)
	NOT-FOR-US: Onnac
CVE-2007-0551 (Multiple PHP remote file inclusion vulnerabilities in cmsimple/cms.php ...)
	NOT-FOR-US: CMSimple
CVE-2007-0550 (Cross-site scripting (XSS) vulnerability in search.php in 212cafeBoard ...)
	NOT-FOR-US: 212cafe Guestbook
CVE-2007-0549 (Cross-site scripting (XSS) vulnerability in list3.php in 212cafeBoard  ...)
	NOT-FOR-US: 212cafe Guestbook
CVE-2007-0548 (KarjaSoft Sami HTTP Server 2.0.1 allows remote attackers to cause a de ...)
	NOT-FOR-US: KarjaSoft
CVE-2007-0547 (Cross-site scripting (XSS) vulnerability in CGI-RESCUE WebFORM 4.3 and ...)
	NOT-FOR-US: CGI RESCUE
CVE-2007-0546 (Toxiclab Shoutbox 1 stores sensitive information under the web root wi ...)
	NOT-FOR-US: Toxiclab Shoutbox
CVE-2007-0545 (Maxtricity Tagger 0.1 stores sensitive information under the web root  ...)
	NOT-FOR-US: Maxtricity Tagger
CVE-2007-0544 (Cross-site scripting (XSS) vulnerability in private.php in MyBB (aka M ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2007-0543 (ZixForum 1.14 and earlier stores sensitive information under the web r ...)
	NOT-FOR-US: ZixForum
CVE-2007-0542 (Cross-site scripting (XSS) vulnerability in show.php in 212cafe Guestb ...)
	NOT-FOR-US: 212cafe Guestbook
CVE-2007-0541 (WordPress allows remote attackers to determine the existence of arbitr ...)
	{DTSA-33-1}
	- wordpress 2.1.0-1 (low)
CVE-2007-0540 (WordPress allows remote attackers to cause a denial of service (bandwi ...)
	{DSA-1564-1}
	- wordpress 2.1.0-1 (low)
CVE-2007-0539 (The wp_remote_fopen function in WordPress before 2.1 allows remote att ...)
	{DTSA-33-1}
	- wordpress 2.1.0-1 (low)
CVE-2007-0538 (Telligent Community Server 2.1 and earlier allows remote attackers to  ...)
	NOT-FOR-US: Telligent
CVE-2007-0537 (The KDE HTML library (kdelibs), as used by Konqueror 3.5.5, does not p ...)
	- kdelibs 4:3.5.5a.dfsg.1-6 (bug #409868; medium)
CVE-2007-0536 (The chroot helper in rMake for rPath Linux 1 does not drop supplementa ...)
	NOT-FOR-US: rPath
CVE-2007-0535 (Multiple eval injection vulnerabilities in Vote! Pro 4.0, and possibly ...)
	NOT-FOR-US: Vote! Pro
CVE-2007-0534 (Multiple cross-site scripting (XSS) vulnerabilities in the (1) Project ...)
	NOT-FOR-US: Drupal module "Project"
CVE-2007-0533 (The AToZed IntraWeb component 8.0 and earlier for Borland Delphi and K ...)
	NOT-FOR-US: Borland Delphi
CVE-2007-0532 (Tuan Do Uploader (aka php-uploader) 6 beta 1 stores sensitive informat ...)
	NOT-FOR-US: Uploader
CVE-2007-0531 (PHP remote file inclusion vulnerability in includes/login.php in FreeW ...)
	NOT-FOR-US: FreeWebShop
CVE-2007-0530
	NOT-FOR-US: Advanced Guestbook
CVE-2007-0529 (Cross-site scripting (XSS) vulnerability in index.html (aka the admini ...)
	NOT-FOR-US: PHP Link Directory
CVE-2007-0528 (The admin web console implemented by the Centrality Communications (ak ...)
	NOT-FOR-US: Centrality Communications
CVE-2007-0527 (SQL injection vulnerability in the is_remembered function in class.log ...)
	NOT-FOR-US: Website Baker
CVE-2007-0526 (Multiple cross-site scripting (XSS) vulnerabilities in Bitweaver 1.3.1 ...)
	NOT-FOR-US: Bitweaver
CVE-2007-0525 (Multiple buffer overflows in Nickolas Grigoriadis Mini Web server (Min ...)
	NOT-FOR-US: Mini Web server
CVE-2007-0524 (The LG Chocolate KG800 phone allows remote attackers to cause a denial ...)
	NOT-FOR-US: LG
CVE-2007-0523 (The Nokia N70 phone allows remote attackers to cause a denial of servi ...)
	NOT-FOR-US: Nokia
CVE-2007-0522 (The Motorola MOTORAZR V3 phone allows remote attackers to cause a deni ...)
	NOT-FOR-US: Motorola
CVE-2007-0521 (The Sony Ericsson K700i and W810i phones allow remote attackers to cau ...)
	NOT-FOR-US: Sony Ericsson
CVE-2007-0520 (SQL injection vulnerability in banner.php in Unique Ads (UDS) 1.x allo ...)
	NOT-FOR-US: Unique Ads
CVE-2007-0519 (Cross-site scripting (XSS) vulnerability in memcp.php in XMB U2U Insta ...)
	NOT-FOR-US: XMB Host
CVE-2007-0518 (Scriptsez Smart PHP Subscriber (aka subscribe) stores sensitive inform ...)
	NOT-FOR-US: Scriptsez
CVE-2007-0517 (Scriptsez Random PHP Quote 1.0 stores sensitive information under the  ...)
	NOT-FOR-US: Scriptsez
CVE-2007-0516 (Yana Framework before 2.8.5a allows remote authenticated users with pe ...)
	NOT-FOR-US: Yana
CVE-2007-0515 (Unspecified vulnerability in Microsoft Word allows user-assisted remot ...)
	NOT-FOR-US: Microsoft
CVE-2007-0514 (Multiple cross-site scripting (XSS) vulnerabilities in multiple Hitach ...)
	NOT-FOR-US: Hitachi
CVE-2007-0513 (Hitachi HiRDB Datareplicator 7HiRDB, 7(64), 6, 6(64), 5.0, and 5.0(64) ...)
	NOT-FOR-US: Hitachi
CVE-2007-0512 (Hitachi TP1/LiNK 05-00 through 05-03-/F, 03-04 through 03-06-/K, and 0 ...)
	NOT-FOR-US: Hitachi
CVE-2007-0511 (Multiple PHP remote file inclusion vulnerabilities in phpXMLDOM (phpXD ...)
	NOT-FOR-US: phpXD
CVE-2007-0510 (Multiple buffer overflows in (1) graphs.c, (2) output.c, and (3) prese ...)
	- awffull <unfixed> (unimportant)
	NOTE: This appears to be a bug without a vulnerability vector.
CVE-2007-0509 (Multiple unspecified vulnerabilities in MaklerPlus before 1.2 have unk ...)
	NOT-FOR-US: MaklerPlus
CVE-2007-0507 (SQL injection vulnerability in the Acidfree module for Drupal before 4 ...)
	NOT-FOR-US: Drupal module "Acidfree"
CVE-2007-0506 (The project_issue_access function in the Project issue tracking 4.7.0  ...)
	NOT-FOR-US: Drupal module "Project"
CVE-2007-0505 (Unrestricted file upload vulnerability in the Project issue tracking 4 ...)
	NOT-FOR-US: Drupal module "Project"
CVE-2007-0504 (Eval injection vulnerability in poll_frame.php in Vote! Pro 4.0, and p ...)
	NOT-FOR-US: Vote! Pro
CVE-2007-0503 (Unspecified vulnerability in kcms_calibrate in Sun Solaris 8 and 9 bef ...)
	NOT-FOR-US: Sun
CVE-2007-0502 (SQL injection vulnerability in gallery.php in webSPELL 4.01.02 allows  ...)
	NOT-FOR-US: webSPELL
CVE-2007-0501 (PHP remote file inclusion vulnerability in index.php in Mafia Scum Too ...)
	NOT-FOR-US: Advanced Random Generators
CVE-2007-0500 (PHP remote file inclusion vulnerability in include/includes.php in Bra ...)
	NOT-FOR-US: Bradabra
CVE-2007-0499 (PHP remote file inclusion vulnerability in config.php in Sangwan Kim p ...)
	NOT-FOR-US: phpIndexPage
CVE-2007-0498 (PHP remote file inclusion vulnerability in up.php in MySpeach 2.1 beta ...)
	NOT-FOR-US: MySpeach
CVE-2007-0497 (PHP remote file inclusion vulnerability in upload/top.php in Upload-Se ...)
	NOT-FOR-US: Upload-Service
CVE-2007-0496 (PHP remote file inclusion vulnerability in lib/nl/nl.php in Neon Labs  ...)
	NOT-FOR-US: Neon Lab
CVE-2007-0495 (PHP remote file inclusion vulnerability in include/config.inc.php in P ...)
	NOT-FOR-US: PhpSherpa
CVE-2007-0492 (Multiple SQL injection vulnerabilities in gallery.php in webSPELL 4.01 ...)
	NOT-FOR-US: webSPELL
CVE-2007-0491 (PHP remote file inclusion vulnerability in up.php in Sky GUNNING MySpe ...)
	NOT-FOR-US: MySpeach
CVE-2007-0490 (index.php in Open-Realty 2.3.4 allows remote attackers to obtain sensi ...)
	NOT-FOR-US: Open-Realty
CVE-2007-0489 (PHP remote file inclusion vulnerability in includes/functions.visohotl ...)
	NOT-FOR-US: VisoHotlink
CVE-2007-0488 (The Huawei Versatile Routing Platform 1.43 2500E-003 firmware on the Q ...)
	NOT-FOR-US: Huawei
CVE-2007-0487
	NOT-FOR-US: FreeForum
CVE-2007-0486
	NOT-FOR-US: Openads
CVE-2007-0485 (PHP remote file inclusion vulnerability in defines.php in WebChat 0.77 ...)
	NOT-FOR-US: Webdev
CVE-2007-0484 (Multiple SQL injection vulnerabilities in Enthusiast 3.1 allow remote  ...)
	NOT-FOR-US: ReviewPost
CVE-2007-0483 (Multiple cross-site scripting (XSS) vulnerabilities in Enthusiast 3.1  ...)
	NOT-FOR-US: ReviewPost
CVE-2007-0482 (cgi-bin/main in Sun Ray Server Software 2.0 and 3.0 before 20070123 al ...)
	NOT-FOR-US: Sun
CVE-2007-0481 (Cisco IOS allows remote attackers to cause a denial of service (crash) ...)
	NOT-FOR-US: Cisco
CVE-2007-0480 (Cisco IOS 9.x, 10.x, 11.x, and 12.x and IOS XR 2.0.x, 3.0.x, and 3.2.x ...)
	NOT-FOR-US: Cisco
CVE-2007-0479 (Memory leak in the TCP listener in Cisco IOS 9.x, 10.x, 11.x, and 12.x ...)
	NOT-FOR-US: Cisco
CVE-2007-0478 (WebCore on Apple Mac OS X 10.3.9 and 10.4.10, as used in Safari, does  ...)
	NOT-FOR-US: Apple Safari
CVE-2007-0477 (Cross-site scripting (XSS) vulnerability in Openads 2.0.x before 2.0.1 ...)
	NOT-FOR-US: Openads
CVE-2007-0476 (The gencert.sh script, when installing OpenLDAP before 2.1.30-r10, 2.2 ...)
	- openldap2 <not-affected> (Gentoo packaging bug)
CVE-2007-0475 (Multiple stack-based buffer overflows in utilities/smb4k_*.cpp in Smb4 ...)
	- smb4k 0.8.1-1 (low)
	[etch] - smb4k <no-dsa> (Minor issue)
	NOTE: not all problems fixed in 0.8.0
CVE-2007-0474 (Smb4K before 0.8.0 allow local users, when present on the Smb4K sudoer ...)
	- smb4k 0.8.1-1 (low)
	[etch] - smb4k <no-dsa> (Minor issue)
	NOTE: not fixed in 0.8.0, see
	NOTE: https://web.archive.org/web/20070712072042/http://developer.berlios.de/bugs/?func=detailbug&bug_id=9631&group_id=769
CVE-2007-0473 (The writeFile function in core/smb4kfileio.cpp in Smb4K before 0.8.0 d ...)
	- smb4k 0.8.0-1 (low)
	[etch] - smb4k <no-dsa> (Minor issue)
CVE-2007-0472 (Multiple race conditions in Smb4K before 0.8.0 allow local users to (1 ...)
	- smb4k 0.8.0-1 (low)
	[etch] - smb4k <no-dsa> (Minor issue)
CVE-2007-0508 (PHP remote file inclusion vulnerability in lib/selectlang.php in BBClo ...)
	- bbclone 0.4.6-8 (bug #408839; medium)
CVE-2007-XXXX [hinfo code injection]
	- hinfo 1.02-3.1 (bug #402316; low)
	[sarge] - hinfo <no-dsa> (Package completely broken, hardly usable for an attack)
CVE-2007-0494 (ISC BIND 9.0.x, 9.1.x, 9.2.0 up to 9.2.7, 9.3.0 up to 9.3.3, 9.4.0a1 u ...)
	{DSA-1254-1}
	- bind9 1:9.3.4-2 (medium; bug #408432)
	- bind <not-affected>
CVE-2007-0493 (Use-after-free vulnerability in ISC BIND 9.3.0 up to 9.3.3, 9.4.0a1 up ...)
	- bind9 1:9.3.4-2 (medium; bug #408432)
	[sarge] - bind9 <not-affected> (Vulnerable code not present)
	- bind <not-affected>
CVE-2007-XXXX [gstreamer ffmpeg missing checks of packet sizes, chunk sizes, and fragment positions]
	- gstreamer0.10-ffmpeg 0.10.1-6
	- gst-ffmpeg 0.8.7-10
	[etch] - ffmpeg 0.cvs20060823-5
	- ffmpeg 0.cvs20060823-6
	- xmovie <not-affected> (this is not an issue in the avformat ffmpeg code copy)
	- mplayer 1.0~rc1-12
CVE-2007-0471 (sre/params.php in the Integrity Clientless Security (ICS) component in ...)
	NOT-FOR-US: Check Point
CVE-2007-0470 (Multiple unspecified vulnerabilities in tip in Sun Solaris 8, 9, and 1 ...)
	NOT-FOR-US: Sun Solaris
CVE-2007-0469 (The extract_files function in installer.rb in RubyGems before 0.9.1 do ...)
	- libgems-ruby 0.9.3-1 (low; bug #408299)
	[etch] - libgems-ruby <no-dsa> (Minor issue, needs implicit trust on installed data)
CVE-2007-0468 (Stack-based buffer overflow in rcdll.dll in msdev.exe in Visual C++ (M ...)
	NOT-FOR-US: Visual C++
CVE-2007-0467 (crashdump in Apple Mac OS X 10.4.8 allows local users in the admin gro ...)
	NOT-FOR-US: Apple
CVE-2007-0466 (Telestream Flip4Mac Windows Media Components for Quicktime 2.1.0.33 al ...)
	NOT-FOR-US: Telestream
CVE-2007-0465 (Format string vulnerability in Apple Installer 2.1.5 on Mac OS X 10.4. ...)
	NOT-FOR-US: Apple
CVE-2007-0464 (The _CFNetConnectionWillEnqueueRequests function in CFNetwork 129.19 o ...)
	NOT-FOR-US: CFNetwork on Apple Mac OS
CVE-2007-0463 (Format string vulnerability in Apple Software Update 2.0.5 on Mac OS X ...)
	NOT-FOR-US: Apple
CVE-2007-0462 (The _GetSrcBits32ARGB function in Apple QuickDraw, as used by Quicktim ...)
	NOT-FOR-US: Apple
CVE-2007-0461 (Multiple memory leaks in the Dazuko anti-virus helper module before 2. ...)
	- dazuko-source <removed> (bug #408300)
	[sarge] - dazuko-source <not-affected> (Vulnerable code not present)
CVE-2007-0460 (Multiple buffer overflows in ulogd for SUSE Linux 9.3 up to 10.1, and  ...)
	- ulogd 1.23-6 (medium)
CVE-2007-0459 (packet-tcp.c in the TCP dissector in Wireshark (formerly Ethereal) 0.9 ...)
	- wireshark 0.99.4-5 (low)
	[sarge] - ethereal <not-affected> (Vulnerable code not present)
CVE-2007-0458 (Unspecified vulnerability in the HTTP dissector in Wireshark (formerly ...)
	- wireshark 0.99.4-5 (low)
	[sarge] - ethereal <not-affected> (Vulnerable code not present)
CVE-2007-0457 (Unspecified vulnerability in the IEEE 802.11 dissector in Wireshark (f ...)
	- wireshark 0.99.4-5 (low)
	[sarge] - ethereal <not-affected> (Vulnerable code not present)
CVE-2007-0456 (Unspecified vulnerability in the LLT dissector in Wireshark (formerly  ...)
	- wireshark 0.99.4-5 (low)
	[sarge] - ethereal <not-affected> (Vulnerable code not present)
CVE-2007-0455 (Buffer overflow in the gdImageStringFTEx function in gdft.c in GD Grap ...)
	{DSA-1936-1}
	- libgd2 2.0.35.dfsg-1 (bug #408982; low)
	[sarge] - libgd2 <no-dsa> (Minor issue, hardly exploitable)
	[etch] - libgd2 <no-dsa> (Minor issue, hardly exploitable)
CVE-2007-0454 (Format string vulnerability in the afsacl.so VFS module in Samba 3.0.6 ...)
	{DSA-1257}
	- samba 3.0.23d-5 (medium)
CVE-2007-0453 (Buffer overflow in the nss_winbind.so.1 library in Samba 3.0.21 throug ...)
	- samba <not-affected> (Solaris-specific vulnerability)
CVE-2007-0452 (smbd in Samba 3.0.6 through 3.0.23d allows remote authenticated users  ...)
	{DSA-1257}
	- samba 3.0.23d-5 (low)
CVE-2007-0450 (Directory traversal vulnerability in Apache HTTP Server and Tomcat 5.x ...)
	- tomcat5 <removed> (unimportant)
	- tomcat5.5 5.5.23-1 (unimportant)
	NOTE: This only adds an additional control settings for path delimiters, the
	NOTE: necessary proxies still need to be secured or fixed individually (e.g.
	NOTE: as done for mod_jk in a DSA
CVE-2007-0449 (Multiple buffer overflows in LGSERVER.EXE in CA BrightStor ARCserve Ba ...)
	NOT-FOR-US: CA BrightStor
CVE-2007-0448 (The fopen function in PHP 5.2.0 does not properly handle invalid URI h ...)
	- php5 <removed> (unimportant)
	NOTE: open_basedir bypasses not supported
CVE-2007-0447 (Heap-based buffer overflow in the Decomposer component in multiple Sym ...)
	NOT-FOR-US: Symantec
CVE-2007-0446 (Stack-based buffer overflow in magentproc.exe for Hewlett-Packard Merc ...)
	NOT-FOR-US: HP Mercury
CVE-2007-0445 (Heap-based buffer overflow in the arj.ppl module in the OnDemand Scann ...)
	NOT-FOR-US: Kaspersky Anti-Virus
CVE-2007-0444 (Stack-based buffer overflow in the print provider library (cpprov.dll) ...)
	NOT-FOR-US: Citrix
CVE-2007-0443 (Multiple buffer overflows in the CDDBControl ActiveX control in Gracen ...)
	NOT-FOR-US: GraceNote ActiveX Control
CVE-2007-0442 (Unspecified vulnerability in IBM OS/400 R530 and R535 has unknown impa ...)
	NOT-FOR-US: IBM OS/400
CVE-2007-0441 (Unspecified vulnerability in HP OpenView Network Node Manager (OV NNM) ...)
	NOT-FOR-US: OpenView Network Node Manager
CVE-2007-0440
	RESERVED
CVE-2007-0439
	RESERVED
CVE-2007-0438
	RESERVED
CVE-2007-0437 (Multiple cross-site scripting (XSS) vulnerabilities in the sample Cach ...)
	NOT-FOR-US: InterSystems Cache
CVE-2007-0436 (Barron McCann X-Kryptor Driver BMS1446HRR (Xgntr BMS1351 Install BMS14 ...)
	NOT-FOR-US: X-Kryptor
CVE-2007-0435 (T-Com Speedport 500V routers with firmware 1.31 allow remote attackers ...)
	NOT-FOR-US: T-Com Speedport
CVE-2007-0434 (BEA AquaLogic Enterprise Security 2.0 through 2.0 SP2, 2.1 through 2.1 ...)
	NOT-FOR-US: BEA
CVE-2007-0433 (Unspecified vulnerability in BEA AquaLogic Enterprise Security 2.0 thr ...)
	NOT-FOR-US: BEA
CVE-2007-0432 (BEA AquaLogic Service Bus 2.0, 2.1, and 2.5 does not properly reject m ...)
	NOT-FOR-US: BEA
CVE-2007-0431 (AVM Fritz!Box 7050, and possibly other product models, allows remote a ...)
	NOT-FOR-US: AVM
CVE-2007-0430 (The shared_region_map_file_np function in Apple Mac OS X 10.4.8 and ea ...)
	NOT-FOR-US: Apple Mac OS
CVE-2007-0429 (DivXBrowserPlugin (aka DivX Web Player) npdivx32.dll, as distributed w ...)
	NOT-FOR-US: DivX Web Player
CVE-2007-0428 (Unspecified vulnerability in the chtbl_lookup function in hash.c for W ...)
	- wzdftpd 0.8.1-1 (medium)
CVE-2007-0427 (Stack-based buffer overflow in Microsoft Help Workshop 4.03.0002 allow ...)
	NOT-FOR-US: Microsoft
CVE-2007-0426 (BEA WebLogic Portal 9.2, when running in a WebLogic Server clustered e ...)
	NOT-FOR-US: BEA
CVE-2007-0425 (Unspecified vulnerability in BEA WebLogic Platform and Server 8.1 thro ...)
	NOT-FOR-US: BEA
CVE-2007-0424 (Unspecified vulnerability in the BEA WebLogic Server proxy plug-in for ...)
	NOT-FOR-US: BEA
CVE-2007-0423 (BEA WebLogic Portal 9.2 does not properly handle when an administrator ...)
	NOT-FOR-US: BEA
CVE-2007-0422 (BEA WebLogic Server 9.0, 9.1, and 9.2 Gold, when running on Solaris 9, ...)
	NOT-FOR-US: BEA
CVE-2007-0421 (BEA WebLogic Server 6.1 through 6.1 SP7, and 7.0 through 7.0 SP7 allow ...)
	NOT-FOR-US: BEA
CVE-2007-0420 (BEA WebLogic Server 9.0, 9.1, and 9.2 Gold allows remote attackers to  ...)
	NOT-FOR-US: BEA
CVE-2007-0419 (The BEA WebLogic Server proxy plug-in before June 2006 for the Apache  ...)
	NOT-FOR-US: BEA
CVE-2007-0418 (BEA WebLogic Server 7.0 through 7.0 SP6, 8.1 through 8.1 SP5, 9.0, and ...)
	NOT-FOR-US: BEA
CVE-2007-0417 (BEA WebLogic Server 7.0 through 7.0 SP7, 8.1 through 8.1 SP5, 9.0, and ...)
	NOT-FOR-US: BEA
CVE-2007-0416 (The WSEE runtime (WS-Security runtime) in BEA WebLogic Server 9.0 and  ...)
	NOT-FOR-US: BEA
CVE-2007-0415 (BEA WebLogic Server 8.1 through 8.1 SP5 does not properly enforce acce ...)
	NOT-FOR-US: BEA
CVE-2007-0414 (BEA WebLogic Server 6.1 through 6.1 SP7, 7.0 through 7.0 SP6, 8.1 thro ...)
	NOT-FOR-US: BEA
CVE-2007-0413 (BEA WebLogic Server 8.1 through 8.1 SP5 stores cleartext data in a bac ...)
	NOT-FOR-US: BEA
CVE-2007-0412 (BEA WebLogic Server 6.1 through 6.1 SP7, 7.0 through 7.0 SP7, and 8.1  ...)
	NOT-FOR-US: BEA
CVE-2007-0411 (BEA WebLogic Server 8.1 through 8.1 SP5, 9.0, 9.1, and 9.2 Gold, when  ...)
	NOT-FOR-US: BEA
CVE-2007-0410 (Unspecified vulnerability in the thread management in BEA WebLogic 7.0 ...)
	NOT-FOR-US: BEA
CVE-2007-0409 (BEA WebLogic 7.0 through 7.0 SP6, 8.1 through 8.1 SP4, and 9.0 initial ...)
	NOT-FOR-US: BEA
CVE-2007-0408 (BEA Weblogic Server 8.1 through 8.1 SP4 does not properly validate cli ...)
	NOT-FOR-US: BEA
CVE-2007-0407 (Cross-site scripting (XSS) vulnerability in Operation/User.pm in Plain ...)
	NOT-FOR-US: Poplar Gedcom Viewer
CVE-2007-0406 (Multiple buffer overflows in the (1) main function in (a) client.c, an ...)
	- gxine 0.5.8-2 (medium; bug #405876)
CVE-2007-0405 (The LazyUser class in the AuthenticationMiddleware for Django 0.95 doe ...)
	- python-django 0.95.1-1 (bug #407786)
CVE-2007-0404 (bin/compile-messages.py in Django 0.95 does not quote argument strings ...)
	- python-django 0.95.1-1 (bug #407786)
CVE-2007-0403 (SQL injection vulnerability in admin/memberlist.php in Easebay Resourc ...)
	NOT-FOR-US: Easebay Resources
CVE-2007-0402 (Cross-site scripting (XSS) vulnerability in admin/edit_member.php in E ...)
	NOT-FOR-US: Easebay Resources
CVE-2007-0401 (SQL injection vulnerability in admin/memberlist.php in Easebay Resourc ...)
	NOT-FOR-US: Easebay Resources
CVE-2007-0400 (Cross-site scripting (XSS) vulnerability in admin/memberlist.php in Ea ...)
	NOT-FOR-US: Easebay Resources
CVE-2007-0399 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in Si ...)
	NOT-FOR-US: Simple Machines Forum
CVE-2007-0398 (Multiple cross-site scripting (XSS) vulnerabilities in forum.php3 in A ...)
	NOT-FOR-US: MisterSPa-forum
CVE-2007-XXXX [wordpress unregister_globals workaround from 2.0.7]
	- wordpress 2.0.7 (bug #407116; unimportant)
	NOTE: Non-issue, hash issue fixed since months in Sarge and Etch,
	NOTE: register_globals unsupported anyway
CVE-2007-0397 (The Cisco Security Monitoring, Analysis and Response System (CS-MARS)  ...)
	NOT-FOR-US: Cisco
CVE-2007-0396 (Unspecified vulnerability in HP-UX B.11.23, when running IPFilter in c ...)
	NOT-FOR-US: HP-UX
CVE-2007-0395 (PHP remote file inclusion vulnerability in libraries/grab_globals.lib. ...)
	NOT-FOR-US: ComVironment
CVE-2007-0394 (HP HP-UX B11.11 does not properly verify the status of file descriptor ...)
	NOT-FOR-US: HP-UX
CVE-2007-0393 (Sun Solaris 9 does not properly verify the status of file descriptors  ...)
	NOT-FOR-US: Sun Solaris
CVE-2007-0392 (IBM AIX 5.3 does not properly verify the status of file descriptors be ...)
	NOT-FOR-US: IBM AIX
CVE-2007-0391 (Format string vulnerability in the log creation functionality of BitDe ...)
	NOT-FOR-US: BitDefender
CVE-2007-0390 (Cross-site scripting (XSS) vulnerability in index.php in sabros.us 1.7 ...)
	NOT-FOR-US: sabros.us
CVE-2007-0389 (Directory traversal vulnerability in ArsDigita Community System (ACS)  ...)
	NOT-FOR-US: ArsDigita Community System
CVE-2007-0388 (SQL injection vulnerability in search.php in Woltlab Burning Board (wB ...)
	NOT-FOR-US: Woltlab Burning Board
CVE-2007-0387 (SQL injection vulnerability in models/category.php in the Weblinks com ...)
	NOT-FOR-US: Joomla!
CVE-2007-0386 (Unspecified vulnerability in the rating section in PostNuke 0.764 has  ...)
	NOT-FOR-US: PostNuke
CVE-2007-0385 (The faq section in PostNuke 0.764 allows remote attackers to obtain se ...)
	NOT-FOR-US: PostNuke
CVE-2007-0384 (Cross-site scripting (XSS) vulnerability in preview in the reviews sec ...)
	NOT-FOR-US: PostNuke
CVE-2007-0383
	NOT-FOR-US: WDaemon
CVE-2007-0382 (Multiple SQL injection vulnerabilities in letterman.class.php in the L ...)
	NOT-FOR-US: Letterman 1.2.3 (com_letterman) component for Joomla!
CVE-2007-0381 (Multiple SQL injection vulnerabilities in ATutor 1.5.3.2 allow remote  ...)
	NOT-FOR-US: ATutor
CVE-2007-0380 (DocMan 1.3 RC2 allows remote attackers to obtain sensitive information ...)
	NOT-FOR-US: DocMan
CVE-2007-0379 (Cross-site scripting (XSS) vulnerability in DocMan 1.3 RC2 allows remo ...)
	NOT-FOR-US: DocMan
CVE-2007-0378 (Multiple SQL injection vulnerabilities in DocMan 1.3 RC2 allow attacke ...)
	NOT-FOR-US: DocMan
CVE-2007-0377 (Multiple SQL injection vulnerabilities in Xoops 2.0.16 allow remote at ...)
	NOT-FOR-US: Xoops
CVE-2007-0376 (Cross-site scripting (XSS) vulnerability in Virtuemart 1.0.7 allows re ...)
	NOT-FOR-US: Virtuemart
CVE-2007-0375 (Joomla! 1.5.0 Beta allows remote attackers to obtain sensitive informa ...)
	NOT-FOR-US: Joomla!
CVE-2007-0374 (SQL injection vulnerability in (1) Joomla! 1.0.11 and 1.5 Beta, and (2 ...)
	- mambo 4.6.1-5 (bug #407995; low)
CVE-2007-0373 (Multiple SQL injection vulnerabilities in Joomla! 1.5.0 Beta allow rem ...)
	NOT-FOR-US: Joomla!
CVE-2007-0372 (Multiple SQL injection vulnerabilities in Francisco Burzi PHP-Nuke 7.9 ...)
	NOT-FOR-US: PHP-Nuke
CVE-2007-0371 (A certain ActiveX control in the Common Controls Replacement Project ( ...)
	NOT-FOR-US: Common Controls Replacement Project (CCRP)
CVE-2007-0370 (Unrestricted file upload vulnerability in index.php in phpBP RC3 (2.20 ...)
	NOT-FOR-US: phpBP
CVE-2007-0369 (SQL injection vulnerability in phpBP RC3 (2.204) and earlier allows re ...)
	NOT-FOR-US: phpBP
CVE-2007-0368 (Stack-based buffer overflow in mbse-bbs 0.70 and earlier allows local  ...)
	NOT-FOR-US: mbse
CVE-2007-0367 (Rumpus 5.1 and earlier has weak permissions for certain files and dire ...)
	NOT-FOR-US: Maxum Rumpus
CVE-2007-0366 (Untrusted search path vulnerability in Rumpus 5.1 and earlier allows l ...)
	NOT-FOR-US: Maxum Rumpus
CVE-2007-0365 (Multiple cross-site scripting (XSS) vulnerabilities in All In One Cont ...)
	NOT-FOR-US: All In One Control Panel
CVE-2007-0364 (Multiple cross-site scripting (XSS) vulnerabilities in nicecoder.com I ...)
	NOT-FOR-US: nicecoder.com INDEXU
CVE-2007-XXXX [libjabber DoS]
	- centericq 4.21.0-18 (unimportant; bug #406982)
	NOTE: Affected function isn't used in the source
CVE-2007-XXXX [python-django flup/FastCGI/debugging issue]
	- python-django 0.95.1-1 (bug #407607)
CVE-2007-XXXX [gstreamer-ffmpeg unspecified issue related to sps and pps ids]
	- gstreamer0.10-ffmpeg 0.10.1-5
	- gst-ffmpeg 0.8.7-9
	- mplayer 1.0~rc1-12
	[etch] - ffmpeg 0.cvs20060823-5
	- ffmpeg 0.cvs20060823-6
	- xmovie <not-affected> (this is not an issue in the avformat ffmpeg code copy)
CVE-2007-XXXX [netpbm heap corruption]
	- netpbm-free 2:10.0-11 (bug #407605)
CVE-2007-0363 (Cross-site scripting (XSS) vulnerability in admin-search.php in (1) Op ...)
	NOT-FOR-US: Openads
CVE-2007-0362 (Cross-site scripting (XSS) vulnerability in the RSS feed component in  ...)
	NOT-FOR-US: FreshReader
CVE-2007-0361 (PHP remote file inclusion vulnerability in mep/frame.php in PHPMyphoru ...)
	NOT-FOR-US: PHPMyphorum
CVE-2007-0360 (PHP remote file inclusion vulnerability in lang/index.php in Oreon 1.2 ...)
	NOT-FOR-US: Oreon
CVE-2007-0359 (PHP remote file inclusion vulnerability in frontpage.php in Uberghey C ...)
	NOT-FOR-US: Travelsized CMS
CVE-2007-0358 (Unspecified vulnerability in the FTP server implementation in HP Jetdi ...)
	NOT-FOR-US: HP Jetdirect
CVE-2007-0357 (Directory traversal vulnerability in the AVM IGD CTRL Service in Fritz ...)
	NOT-FOR-US: AVM
CVE-2007-0356 (The Common Controls Replacement Project (CCRP) FolderTreeview (FTV) Ac ...)
	NOT-FOR-US: Common Controls Replacement Project (CCRP)
CVE-2007-0355 (Buffer overflow in the Apple Minimal SLP v2 Service Agent (slpd) in Ma ...)
	NOT-FOR-US: Apple
CVE-2007-0354 (SQL injection vulnerability in email.php in MGB OpenSource Guestbook 0 ...)
	NOT-FOR-US: MGB OpenSource Guestbook
CVE-2007-0353 (Cross-site scripting (XSS) vulnerability in (1) index.php and (2) logi ...)
	NOT-FOR-US: myBloggie
CVE-2007-0352 (Stack-based buffer overflow in Microsoft Help Workshop 4.03.0002 allow ...)
	NOT-FOR-US: Microsoft
CVE-2007-0351 (Microsoft Windows XP and Windows Server 2003 do not properly handle us ...)
	NOT-FOR-US: Microsoft
CVE-2007-0350 (Multiple SQL injection vulnerabilities in (a) index.php and (b) dl.php ...)
	NOT-FOR-US: FileMailer
CVE-2007-0349 (Directory traversal vulnerability in upgrade.php in nicecoder.com INDE ...)
	NOT-FOR-US: INDEXU
CVE-2007-0348 (Stack-based buffer overflow in the IASystemInfo.dll ActiveX control in ...)
	NOT-FOR-US: ActiveX control in InterActual Player
CVE-2007-0347 (The is_eow function in format.c in CVSTrac before 2.0.1 does not prope ...)
	- cvstrac 2.0.1-1
	[etch] - cvstrac <not-affected> (Vulnerable code not present)
	[sarge] - cvstrac <not-affected> (Vulnerable code not present)
	NOTE: the vulnerable code can't be found on other places in 1.1.5 and also similar things
	NOTE: are done like using %q instead of %s for user supplied data
CVE-2007-0346 (SQL injection vulnerability in index.php in SmE FileMailer 1.21 allows ...)
	NOT-FOR-US: FileMailer
CVE-2007-0345 (The (1) Activity Monitor.app/Contents/Resources/pmTool, (2) Keychain A ...)
	NOT-FOR-US: Apple
CVE-2007-0344 (Multiple format string vulnerabilities in (1) _invitedToRoom: and (2)  ...)
	- colloquy <removed>
CVE-2007-0343 (OpenBSD before 20070116 allows remote attackers to cause a denial of s ...)
	NOT-FOR-US: OpenBSD
CVE-2007-0342 (WebCore in Apple WebKit build 18794 allows remote attackers to cause a ...)
	NOT-FOR-US: Apple WebKit
CVE-2007-0341 (Cross-site scripting (XSS) vulnerability in phpMyAdmin 2.8.1 and earli ...)
	- phpmyadmin 4:2.9.1.1-2 (medium)
	[sarge] - phpmyadmin <not-affected> (Vulnerable code not present)
CVE-2007-0340 (SQL injection vulnerability in inc/header.inc.php in ThWboard 3.0b2.84 ...)
	NOT-FOR-US: ThWboard
CVE-2007-0339 (SQL injection vulnerability in index.php (aka the login form) in Scrip ...)
	NOT-FOR-US: FileMailer
CVE-2007-0338 (Heap-based buffer overflow in Dream FTP Server allows remote attackers ...)
	NOT-FOR-US: BolinTech Dream FTP Server
CVE-2007-0337 (Directory traversal vulnerability in sesskglogadmin.php in KGB 1.9 and ...)
	NOT-FOR-US: KGB
CVE-2007-0336 (Undercover.app/Contents/Resources/uc in Rixstep Undercover allows loca ...)
	NOT-FOR-US: Rixstep
CVE-2007-0335 (Multiple directory traversal vulnerabilities in Jax Petition Book 1.0. ...)
	NOT-FOR-US: Jax Petition Book
CVE-2007-0334 (Unspecified vulnerability in the SIP module in InGate Firewall and SIP ...)
	NOT-FOR-US: Outpost Firewall Pro
CVE-2007-0333 (Agnitum Outpost Firewall PRO 4.0 allows local users to bypass access r ...)
	NOT-FOR-US: Outpost Firewall Pro
CVE-2007-0332 ((1) admin/adminlien.php3 and (2) admin/modif.php3 in liens_dynamiques  ...)
	NOT-FOR-US: liens_dynamiques
CVE-2007-0331 (Cross-site scripting (XSS) vulnerability in liens.php3 in liens_dynami ...)
	NOT-FOR-US: liens_dynamiques
CVE-2007-0330 (Buffer overflow in wsbho2k0.dll, as used by wsftpurl.exe, in Ipswitch  ...)
	NOT-FOR-US: Ipswitch WS_FTP
CVE-2007-0329 (download.php in Joonas Viljanen JV2 Folder Gallery allows remote attac ...)
	NOT-FOR-US: Joonas Viljanen JV2 Folder Gallery
CVE-2007-0328 (The DWUpdateService ActiveX control in the agent (agent.exe) in Macrov ...)
	NOT-FOR-US: Macrovision
CVE-2007-0327
	RESERVED
CVE-2007-0326 (Multiple stack-based buffer overflows in the PhotoChannel Networks PNI ...)
	NOT-FOR-US: PNI Digital Media Photo Upload
CVE-2007-0325 (Multiple buffer overflows in the Trend Micro OfficeScan Web-Deployment ...)
	NOT-FOR-US: Trend Micro OfficeScan
CVE-2007-0324 (Multiple buffer overflows in the LizardTech DjVu Browser Plug-in befor ...)
	NOT-FOR-US: LizardTech DjVu Browser Plug-in
CVE-2007-0323 (Buffer overflow in the SetLanguage function in Research In Motion (RIM ...)
	NOT-FOR-US: Research In Motion (RIM) TeamOn Import Object ActiveX control
CVE-2007-0322 (Multiple stack-based buffer overflows in the Intuit QuickBooks Online  ...)
	NOT-FOR-US: Intuit QuickBooks
CVE-2007-0321 (Buffer overflow in the Update Service Agent ActiveX Control in isusweb ...)
	NOT-FOR-US: FLEXnet Connect
CVE-2007-0320 (Multiple buffer overflows in (a) an ActiveX control (iftw.dll) and (b) ...)
	NOT-FOR-US: InstallFromTheWeb
CVE-2007-0319 (Multiple stack-based buffer overflows in the Motive ActiveEmailTest.Em ...)
	NOT-FOR-US: Motive ActiveEmailTest
CVE-2007-0318 (The do_hfs_truncate function in Mac OS X 10.4.8 allows context-depende ...)
	NOT-FOR-US: Apple Mac OS
CVE-2007-0317 (Format string vulnerability in the LogMessage function in FileZilla be ...)
	- filezilla 3.0.0~beta2-3 (medium; bug #407683)
CVE-2007-0316 (Multiple SQL injection vulnerabilities in All In One Control Panel (AI ...)
	NOT-FOR-US: All In One Control Panel (AIOCP)
CVE-2007-0315 (Multiple buffer overflows in FileZilla before 2.2.30a allow remote att ...)
	- filezilla <not-affected> (fixed before the first Debian upload)
CVE-2007-0314 (Multiple PHP remote file inclusion vulnerabilities in Article System 1 ...)
	NOT-FOR-US: Article System
CVE-2007-0313 (Unspecified vulnerability in GONICUS System Administration (GOsa) befo ...)
	- gosa 2.5.8-1 (medium)
	[etch] - gosa 2.5.6-2.1
CVE-2007-0312 (wcSimple Poll stores sensitive information under the web root with ins ...)
	NOT-FOR-US: wcSimple
CVE-2007-0311 (Texas Imperial Software WFTPD and WFTPD Pro Server 3.25 and earlier al ...)
	NOT-FOR-US: Texas Imperial Software WFTPD Pro Server
CVE-2007-0310 (BMC Remedy Action Request System 5.01.02 Patch 1267 generates differen ...)
	NOT-FOR-US: BMC Software
CVE-2007-0309 (SQL injection vulnerability in blocks/block-Old_Articles.php in Franci ...)
	NOT-FOR-US: PHP-Nuke
CVE-2007-0308 (Cross-site scripting (XSS) vulnerability in Plain Black WebGUI before  ...)
	NOT-FOR-US: Poplar Gedcom Viewer
CVE-2007-0307 (PHP remote file inclusion vulnerability in include/common.php in Popla ...)
	NOT-FOR-US: Poplar Gedcom Viewer
CVE-2007-0306 (SQL injection vulnerability in visu_user.asp in Digiappz DigiAffiliate ...)
	NOT-FOR-US: Digiappz
CVE-2007-0305 (SQL injection vulnerability in etkinlikbak.asp in Okul Web Otomasyon S ...)
	NOT-FOR-US: Okul Merkezi Portal
CVE-2007-0304 (SQL injection vulnerability in duyuru.asp in MiNT Haber Sistemi 2.7 al ...)
	NOT-FOR-US: MiNT Haber Sistemi
CVE-2007-0303 (Multiple unspecified vulnerabilities in Zina 1.0rc1 and earlier have u ...)
	NOT-FOR-US: Zina
CVE-2007-0302 (Multiple cross-site scripting (XSS) vulnerabilities in InstantASP 4.1. ...)
	NOT-FOR-US: InstantASP
CVE-2007-0301 (PHP remote file inclusion vulnerability in _admin/admin_menu.php in Fd ...)
	NOT-FOR-US: FdWeB
CVE-2007-0300 (PHP remote file inclusion vulnerability in i-accueil.php in TLM CMS 1. ...)
	NOT-FOR-US: TLM CMS
CVE-2007-0299 (Integer overflow in the byte_swap_sbin function in bsd/ufs/ufs/ufs_byt ...)
	NOT-FOR-US: Apple Mac OS
CVE-2007-0298 (PHP remote file inclusion vulnerability in show.php in LunarPoll, when ...)
	NOT-FOR-US: LunarPoll
CVE-2007-0297 (Unspecified vulnerability in Oracle PeopleSoft Enterprise and JD Edwar ...)
	NOT-FOR-US: Oracle
CVE-2007-0296 (Unspecified vulnerability in Oracle PeopleSoft Enterprise and JD Edwar ...)
	NOT-FOR-US: Oracle
CVE-2007-0295 (Unspecified vulnerability in Oracle PeopleSoft Enterprise and JD Edwar ...)
	NOT-FOR-US: Oracle
CVE-2007-0294 (Unspecified vulnerability in Oracle Enterprise Manager 10.2.0.1 has un ...)
	NOT-FOR-US: Oracle
CVE-2007-0293 (Multiple unspecified vulnerabilities in Oracle Enterprise Manager 10.1 ...)
	NOT-FOR-US: Oracle
CVE-2007-0292 (Multiple unspecified vulnerabilities in Oracle Enterprise Manager 10.1 ...)
	NOT-FOR-US: Oracle
CVE-2007-0291 (Unspecified vulnerability in Oracle E-Business Suite and Applications  ...)
	NOT-FOR-US: Oracle
CVE-2007-0290 (Multiple unspecified vulnerabilities in Oracle E-Business Suite and Ap ...)
	NOT-FOR-US: Oracle
CVE-2007-0289 (Multiple unspecified vulnerabilities in Oracle Collaboration Suite 9.0 ...)
	NOT-FOR-US: Oracle
CVE-2007-0288 (Unspecified vulnerability in Oracle Application Server 10.1.4.0 has un ...)
	NOT-FOR-US: Oracle
CVE-2007-0287 (Unspecified vulnerability in Oracle Application Server 9.0.4.3, 10.1.2 ...)
	NOT-FOR-US: Oracle
CVE-2007-0286 (Unspecified vulnerability in Oracle Application Server 10.1.2.0.2 and  ...)
	NOT-FOR-US: Oracle
CVE-2007-0285 (Unspecified vulnerability in Oracle Application Server 9.0.4.3, 10.1.2 ...)
	NOT-FOR-US: Oracle
CVE-2007-0284 (Multiple unspecified vulnerabilities in Oracle Application Server 9.0. ...)
	NOT-FOR-US: Oracle
CVE-2007-0283 (Unspecified vulnerability in Oracle Application Server 9.0.4.3 and Col ...)
	NOT-FOR-US: Oracle
CVE-2007-0282 (Unspecified vulnerability in Oracle HTTP Server 9.0.1.5, Application S ...)
	NOT-FOR-US: Oracle
CVE-2007-0281 (Multiple unspecified vulnerabilities in Oracle HTTP Server 9.0.1.5, 9. ...)
	NOT-FOR-US: Oracle
CVE-2007-0280 (Unspecified vulnerability in Oracle HTTP Server 9.0.1.5, Application S ...)
	NOT-FOR-US: Oracle
CVE-2007-0279 (Multiple unspecified vulnerabilities in Oracle HTTP Server 9.2.0.8 and ...)
	NOT-FOR-US: Oracle
CVE-2007-0278 (Multiple unspecified vulnerabilities in Oracle Database 8.1.7.4, 9.0.1 ...)
	NOT-FOR-US: Oracle
CVE-2007-0277 (Unspecified vulnerability in Oracle Database client-only 10.1.0.4 has  ...)
	NOT-FOR-US: Oracle
CVE-2007-0276 (Multiple unspecified vulnerabilities in Oracle Database 8.1.7.4 and 9. ...)
	NOT-FOR-US: Oracle
CVE-2007-0275 (Cross-site scripting (XSS) vulnerability in Oracle Reports Web Cartrid ...)
	NOT-FOR-US: Oracle
CVE-2007-0274 (Multiple unspecified vulnerabilities in Oracle Database 9.2.0.7 and 10 ...)
	NOT-FOR-US: Oracle
CVE-2007-0273 (Unspecified vulnerability in Oracle Database 9.0.1.5, 9.2.0.8, 10.1.0. ...)
	NOT-FOR-US: Oracle
CVE-2007-0272 (Multiple buffer overflows in MDSYS.MD in Oracle Database 8.1.7.4, 9.0. ...)
	NOT-FOR-US: Oracle
CVE-2007-0271 (Unspecified vulnerability in Oracle Database 9.0.1.5 and 9.2.0.7 has u ...)
	NOT-FOR-US: Oracle
CVE-2007-0270 (Buffer overflow in SYS.DBMS_DRS in Oracle Database 9.2.0.7 and 10.1.0. ...)
	NOT-FOR-US: Oracle
CVE-2007-0269 (Unspecified vulnerability in Oracle Database 9.2.0.8, 10.1.0.5, and 10 ...)
	NOT-FOR-US: Oracle
CVE-2007-0268 (Multiple unspecified vulnerabilities in Oracle Database 9.0.1.5, 9.2.0 ...)
	NOT-FOR-US: Oracle
CVE-2007-0267 (The ufs_lookup function in the Mac OS X 10.4.8 and FreeBSD 6.1 kernels ...)
	NOT-FOR-US: UFS filesystem on MacOS/FreeBSD
CVE-2007-0266 (SQL injection vulnerability in boxx/ShowAppendix.asp in Ezboxx Portal  ...)
	NOT-FOR-US: Ezboxx Portal
CVE-2007-0265 (Multiple cross-site scripting (XSS) vulnerabilities in Ezboxx Portal S ...)
	NOT-FOR-US: Ezboxx Portal
CVE-2007-0264 (Buffer overflow in Winzip32.exe in WinZip 9.0 allows local users to ca ...)
	NOT-FOR-US: Winzip
CVE-2007-0263 (Unspecified vulnerability in Total Commander before 6.5.6 allows user- ...)
	NOT-FOR-US: Total Commander
CVE-2007-0262 (WordPress 2.0.6, and 2.1Alpha 3 (SVN:4662), does not properly verify t ...)
	{DTSA-33-1}
	- wordpress 2.0.8-1 (bug #407289)
CVE-2007-0261 (snews.php in sNews 1.5.30 and earlier does not properly exit when auth ...)
	NOT-FOR-US: sNews
CVE-2007-0260
	NOT-FOR-US: Naig
CVE-2007-0259 (Ezboxx Portal System Beta 0.7.6 and earlier allows remote attackers to ...)
	NOT-FOR-US: Ezboxx Portal
CVE-2007-0258 (Cross-site scripting (XSS) vulnerability in index.php in (1) Fastilo 2 ...)
	NOT-FOR-US: Fastilo
CVE-2007-0257
	- kernel-patch-grsecurity2 2.1.10-1 (bug #407350)
	NOTE: exploitable as per http://grsecurity.net/pipermail/grsecurity/2007-January/000830.html
CVE-2007-0256 (VideoLAN VLC 0.8.6a allows remote attackers to cause a denial of servi ...)
	- vlc 0.8.6.c-1 (unimportant; bug #407290)
CVE-2007-0255 (XINE 0.99.4 allows user-assisted remote attackers to cause a denial of ...)
	NOTE: I've been looking into this, but I can't find a copy of the VLC code anywhere
	NOTE: This appears to be a generic crash
CVE-2007-0254 (Format string vulnerability in the errors_create_window function in er ...)
	- xine-ui 0.99.4+dfsg+cvs20061111-1 (low; bug #407369)
	NOTE: If've verified the Etch version to contain the necessary format strings
CVE-2007-0253
	- kernel-patch-grsecurity2 2.1.10-1 (unimportant; bug #407350)
	NOTE: See CVE-2007-0257
CVE-2007-0252 (Unspecified vulnerability in easy-content filemanager allows remote at ...)
	NOT-FOR-US: easy-content
CVE-2007-0251 (Integer underflow in the DecodeGRE function in src/decode.c in Snort 2 ...)
	- snort <not-affected> (DecodeGRE function not in unstable version)
	NOTE: unstable contains version 2.3.3-11, and the last upstream is 2.6.1.2
	NOTE: This is fixed in upstream CVS so it's very likely to never affect Debian.
CVE-2007-0250 (index.php in Nwom topsites 3.0 allows remote attackers to obtain poten ...)
	NOT-FOR-US: NWOM Topsites 3.0
CVE-2007-0249 (Cross-site scripting (XSS) vulnerability in index.php in Nwom topsites ...)
	NOT-FOR-US: NWOM Topsites 3.0
CVE-2007-0247 (squid/src/ftp.c in Squid before 2.6.STABLE7 allows remote FTP servers  ...)
	- squid 2.6.5-4 (low)
	[sarge] - squid <not-affected> (Vulnerable code not present)
CVE-2007-0246 (plugins/scmcvs/www/cvsweb.php in the CVSWeb CGI in GForge 4.5.16 befor ...)
	{DSA-1297-1}
	- gforge-plugin-scmcvs 4.5.14-6
CVE-2007-0245 (Heap-based buffer overflow in OpenOffice.org (OOo) 2.2.1 and earlier a ...)
	{DSA-1307-1}
	- openoffice.org 2.2.1~rc1-1
	[lenny] - openoffice.org 2.0.4.dfsg.2-7etch1
CVE-2007-0244 (pptpgre.c in PoPToP Point to Point Tunneling Server (pptpd) before 1.3 ...)
	{DSA-1288-2 DSA-1288-1}
	- pptpd 1.3.4-1
CVE-2007-0243 (Buffer overflow in Sun JDK and Java Runtime Environment (JRE) 5.0 Upda ...)
	- sun-java5 1.5.0-10-1
CVE-2007-0242 (The UTF-8 decoder in codecs/qutfcodec.cpp in Qt 3.3.8 and 4.2.3 does n ...)
	{DSA-1292-1}
	- qt4-x11 4.2.2-2
	- qt-x11-free 3:3.3.7-4
CVE-2007-0241
	RESERVED
	- linux-2.6 2.6.18.dfsg.1-12
CVE-2007-0240 (Cross-site scripting (XSS) vulnerability in Zope 2.10.2 and earlier al ...)
	{DSA-1275-1}
	- zope2.9 2.9.7-1
	[etch] - zope2.9 2.9.6-4etch1
CVE-2007-0239 (OpenOffice.org (OOo) Office Suite allows user-assisted remote attacker ...)
	{DSA-1270-1}
	- openoffice.org 2.0.4.dfsg.2-6
	[etch] - openoffice.org 2.0.4.dfsg.2-5etch1
CVE-2007-0238 (Stack-based buffer overflow in filter\starcalc\scflt.cxx in the StarCa ...)
	{DSA-1270-1}
	- openoffice.org 2.0.4.dfsg.2-6
	[etch] - openoffice.org 2.0.4.dfsg.2-5etch1
CVE-2007-0237 (The ndeb-binary feature in Lookup (lookup-el) allows local users to ov ...)
	{DSA-1269-1}
	- lookup-el 1.4-5 (low)
CVE-2007-0236 (Double free vulnerability in the _ATPsndrsp function in Apple Mac OS X ...)
	NOT-FOR-US: Mac OS X
CVE-2007-0235 (Stack-based buffer overflow in the glibtop_get_proc_map_s function in  ...)
	{DSA-1255-1}
	- libgtop2 2.14.4-3 (medium; bug #407020)
	NOTE: libgtop does not contain the affected code.
CVE-2007-0234
	REJECTED
CVE-2007-0233 (wp-trackback.php in WordPress 2.0.6 and earlier does not properly unse ...)
	- wordpress 2.1.0-1 (unimportant)
	NOTE: This is argubly a php bug, CVE-2006-3017
CVE-2007-0232 (PHP remote file inclusion vulnerability in routines/fieldValidation.ph ...)
	NOT-FOR-US: Jshop Server
CVE-2007-0231 (Cross-site scripting (XSS) vulnerability in Movable Type (MT) 3.33, wh ...)
	NOT-FOR-US: Movable Type
CVE-2007-0230 (** DISPUTED ** PHP remote file inclusion vulnerability in install.php  ...)
	NOT-FOR-US: CS-Cart
CVE-2007-0229 (Integer overflow in the ffs_mountfs function in Mac OS X 10.4.8 and Fr ...)
	NOT-FOR-US: MacOS X
CVE-2007-0228 (The DataCollector service in EIQ Networks Network Security Analyzer al ...)
	NOT-FOR-US: EIQ Networks Network Security Analyzer
CVE-2007-0227 (slocate 3.1 does not properly manage database entries that specify nam ...)
	- slocate 3.1-1.1 (bug #411937; low)
	[sarge] - slocate <not-affected> (Performs correct access checks)
	[etch] - slocate <no-dsa> (Minor issue)
	NOTE: slocate will allow users to find files in directories with the
	NOTE: executable bit set but without the readable bit set. This is
	NOTE: an information leak.
CVE-2007-0226 (SQL injection vulnerability in wbsearch.aspx in uniForum 4 and earlier ...)
	NOT-FOR-US: uniForum
CVE-2007-0225 (Cross-site scripting (XSS) vulnerability in shopcustadmin.asp in VP-AS ...)
	NOT-FOR-US: Shopping Cart
CVE-2007-0224 (SQL injection vulnerability in shopgiftregsearch.asp in VP-ASP Shoppin ...)
	NOT-FOR-US: Shopping Cart
CVE-2007-0223 (SQL injection vulnerability in shared/code/cp_functions_downloads.php  ...)
	NOT-FOR-US: All In One Control Panel (AIOCP)
CVE-2007-0222 (Directory traversal vulnerability in the EmChartBean server side compo ...)
	NOT-FOR-US: Oracle Application Server
CVE-2007-0221 (Integer overflow in the IMAP (IMAP4) support in Microsoft Exchange Ser ...)
	NOT-FOR-US: Microsoft
CVE-2007-0220 (Cross-site scripting (XSS) vulnerability in Outlook Web Access (OWA) i ...)
	NOT-FOR-US: Microsoft
CVE-2007-0219 (Microsoft Internet Explorer 5.01, 6, and 7 uses certain COM objects fr ...)
	NOT-FOR-US: Microsoft
CVE-2007-0218 (Microsoft Internet Explorer 5.01 and 6 allows remote attackers to exec ...)
	NOT-FOR-US: Microsoft
CVE-2007-0217 (The wininet.dll FTP client code in Microsoft Internet Explorer 5.01 an ...)
	NOT-FOR-US: Microsoft
CVE-2007-0216 (wkcvqd01.dll in Microsoft Works 6 File Converter, as used in Office 20 ...)
	NOT-FOR-US: Microsoft Office
CVE-2007-0215 (Stack-based buffer overflow in Microsoft Excel 2000 SP3, 2002 SP3, 200 ...)
	NOT-FOR-US: Microsoft Excel
CVE-2007-0214 (The HTML Help ActiveX control (Hhctrl.ocx) in Microsoft Windows 2000 S ...)
	NOT-FOR-US: Microsoft
CVE-2007-0213 (Microsoft Exchange Server 2000 SP3, 2003 SP1 and SP2, and 2007 does no ...)
	NOT-FOR-US: Microsoft
CVE-2007-0212
	REJECTED
CVE-2007-0211 (The hardware detection functionality in the Windows Shell in Microsoft ...)
	NOT-FOR-US: Microsoft
CVE-2007-0210 (The Window Image Acquisition (WIA) Service in Microsoft Windows XP SP2 ...)
	NOT-FOR-US: Microsoft
CVE-2007-0209 (Microsoft Word in Office 2000 SP3, XP SP3, Office 2003 SP2, Works Suit ...)
	NOT-FOR-US: Microsoft
CVE-2007-0208 (Microsoft Word in Office 2000 SP3, XP SP3, Office 2003 SP2, Works Suit ...)
	NOT-FOR-US: Microsoft
CVE-2007-0207
	REJECTED
CVE-2007-0206 (Unspecified vulnerability in HP OpenView Network Node Manager (OV NNM) ...)
	NOT-FOR-US: OpenView Network Node Manager
CVE-2007-XXXX [udev wrong permissions on raid devices]
	- udev 0.105-2 (bug #404927)
	[sarge] - udev <not-affected> (Doesn't affect Sarge)
CVE-2007-XXXX [yacas insecure rpath]
	- yacas 1.0.57-3 (bug #399226; bug #399227; low)
CVE-2007-0248 (The aclMatchExternal function in Squid before 2.6.STABLE7 allows remot ...)
	- squid 2.6.5-4 (low; bug #407202)
	[sarge] - squid <not-affected> (Vulnerable code not present)
	NOTE: reference - http://secunia.com/advisories/23767/
CVE-2007-XXXX [bcfg2 password disclosure]
	- bcfg2 0.8.7.3-1 (low; bug #406285)
	[etch] - bcfg2 0.8.6.1-1.1etch1
CVE-2007-XXXX [mysql 5.0 several DoS vulns]
	- mysql-dfsg-5.0 5.0.32-1
CVE-2007-0205 (Directory traversal vulnerability in admin/skins.php for @lex Guestboo ...)
	NOT-FOR-US: @alex
CVE-2007-0204 (Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin befo ...)
	- phpmyadmin 4:2.9.1.1-2 (bug #406486; low)
	[sarge] - phpmyadmin <not-affected> (vulnerable code not present)
CVE-2007-0203 (Multiple unspecified vulnerabilities in phpMyAdmin before 2.9.2-rc1 ha ...)
	- phpmyadmin 4:2.9.1.1-2 (bug #406486; low)
	[sarge] - phpmyadmin <not-affected> (vulnerable code not present)
	NOTE: duplicate of CVE-2006-6374?
CVE-2007-0202 (SQL injection vulnerability in index.php in @lex Guestbook 4.0.2 and e ...)
	NOT-FOR-US: @lex
CVE-2007-0201 (Buffer overflow in the cmd_usr function in ftp-gw in TIS Internet Fire ...)
	NOT-FOR-US: TIS
CVE-2007-0200 (PHP remote file inclusion vulnerability in template.php in Geoffrey Go ...)
	NOT-FOR-US: Geoffrey Golliher Axiom Photo/News Gallery
CVE-2007-0199 (The Data-link Switching (DLSw) feature in Cisco IOS 11.0 through 12.4  ...)
	NOT-FOR-US: Cisco
CVE-2007-0198 (The JTapi Gateway process in Cisco Unified Contact Center Enterprise,  ...)
	NOT-FOR-US: Cisco
CVE-2007-0197 (Finder 10.4.6 on Apple Mac OS X 10.4.8 allows user-assisted remote att ...)
	NOT-FOR-US: Apple Mac OS
CVE-2007-0196 (SQL injection vulnerability in admin_check_user.asp in Motionborg Web  ...)
	NOT-FOR-US: Motionborg Web Real Estate
CVE-2007-0195 (my.activation.php3 in F5 FirePass 5.4 through 5.5.1 and 6.0 displays d ...)
	NOT-FOR-US: F5
CVE-2007-0194 (admin.php in MKPortal M1.1 RC1 allows remote attackers to obtain sensi ...)
	NOT-FOR-US: MKPortal
CVE-2007-0193 (FON La Fonera routers do not properly limit DNS service access by unau ...)
	NOT-FOR-US: FON La Fonera
CVE-2007-0192 (Cross-site request forgery (CSRF) vulnerability in the save_main opera ...)
	NOT-FOR-US: MKPortal
CVE-2007-0191 (Cross-site scripting (XSS) vulnerability in admin.php in MKPortal allo ...)
	NOT-FOR-US: MKPortal
CVE-2007-0190 (PHP remote file inclusion vulnerability in edit_address.php in edit-x  ...)
	NOT-FOR-US: edit-x ecommerce
CVE-2007-0189
	NOT-FOR-US: GeoBB
CVE-2007-0188 (F5 FirePass 5.4 through 5.5.1 does not properly enforce host access re ...)
	NOT-FOR-US: F5
CVE-2007-0187 (F5 FirePass 5.4 through 5.5.2 and 6.0 allows remote attackers to acces ...)
	NOT-FOR-US: F5
CVE-2007-0186 (Multiple cross-site scripting (XSS) vulnerabilities in F5 FirePass SSL ...)
	NOT-FOR-US: F5
CVE-2007-0185 (Getahead Direct Web Remoting (DWR) before 1.1.4 allows attackers to ca ...)
	NOT-FOR-US: Getahead
CVE-2007-0184 (Getahead Direct Web Remoting (DWR) before 1.1.4 allows attackers to ob ...)
	NOT-FOR-US: Getahead
CVE-2007-0183 (Cross-site scripting (XSS) vulnerability in /search in iPlanet Web Ser ...)
	NOT-FOR-US: iPlanet Web
CVE-2007-0182 (Multiple PHP remote file inclusion vulnerabilities in magic photo stor ...)
	NOT-FOR-US: Magic photo storage website
CVE-2007-0181 (PHP remote file inclusion vulnerability in include/common_function.php ...)
	NOT-FOR-US: Magic Photo Storage website
CVE-2007-0180 (Stack-based buffer overflow in EF Commander 5.75 allows user-assisted  ...)
	NOT-FOR-US: EF Commander
CVE-2007-0179 (SQL injection vulnerability in comment.php in PHPKIT 1.6.1 R2 allows r ...)
	NOT-FOR-US: PHPKIT
CVE-2007-0178 (PHP remote file inclusion vulnerability in info.php in Easy Banner Pro ...)
	NOT-FOR-US: Easy Banner Pro
CVE-2007-0177 (Cross-site scripting (XSS) vulnerability in the AJAX module in MediaWi ...)
	- mediawiki 1.7.1-6 (bug #406238; medium)
	NOTE: vendor advisory: http://sourceforge.net/forum/forum.php?forum_id=652721
CVE-2007-0176 (Cross-site scripting (XSS) vulnerability in search/advanced_search.php ...)
	{DSA-1475-1}
	- gforge 4.6.99+svn6347-1 (low; bug #406244)
	[sarge] - gforge <not-affected> (Vulnerable code not present)
CVE-2007-0175 (Cross-site scripting (XSS) vulnerability in htsrv/login.php in b2evolu ...)
	{DSA-1568-1}
	- b2evolution 0.9.2-4 (bug #410568; low)
CVE-2007-0174 (Multiple stack-based multiple buffer overflows in the BRWOSSRE2UC.dll  ...)
	NOT-FOR-US: Sina UC2006
CVE-2007-0173 (Directory traversal vulnerability in index.php in L2J Statistik Script ...)
	NOT-FOR-US: L2J Statistik Script
CVE-2007-0172 (Multiple PHP remote file inclusion vulnerabilities in AllMyGuests 0.3. ...)
	NOT-FOR-US: AllMyGuest
CVE-2007-0171 (PHP remote file inclusion vulnerability in index.php in AllMyLinks 0.5 ...)
	NOT-FOR-US: AllMyLinks
CVE-2007-0170 (PHP remote file inclusion vulnerability in index.php in AllMyVisitors  ...)
	NOT-FOR-US: AllmyVisitors
CVE-2007-0169 (Multiple buffer overflows in Computer Associates (CA) BrightStor ARCse ...)
	NOT-FOR-US: Computer Associates (CA)
CVE-2007-0168 (The Tape Engine service in Computer Associates (CA) BrightStor ARCserv ...)
	NOT-FOR-US: Computer Associates (CA)
CVE-2007-0167 (Multiple PHP file inclusion vulnerabilities in WGS-PPC (aka PPC Search ...)
	NOT-FOR-US: PPC Search
CVE-2007-0166 (The jail rc.d script in FreeBSD 5.3 up to 6.2 does not verify pathname ...)
	- kfreebsd-5 <not-affected>
CVE-2007-0165 (Unspecified vulnerability in libnsl in Sun Solaris 8 and 9 allows remo ...)
	NOT-FOR-US: Solaris
CVE-2007-0164 (Camouflage 1.2.1 embeds password information in the carrier file, whic ...)
	NOT-FOR-US: Camouflage
CVE-2007-0163 (SecureKit Steganography 1.7.1 and 1.8 embeds password information in t ...)
	NOT-FOR-US: Steganography
CVE-2007-0162 (Unsanity Application Enhancer (APE) 2.0.2 installs with insecure permi ...)
	NOT-FOR-US: Mac OS X
CVE-2007-0161 (The PML Driver HPZ12 (HPZipm12.exe) in the HP all-in-one drivers, as u ...)
	NOT-FOR-US: HP all-in-one drivers
CVE-2007-0160 (Stack-based buffer overflow in the LiveJournal support (hooks/ljhook.c ...)
	- centericq 4.21.0-17 (low)
	[sarge] - centericq <no-dsa> (Not exploitable with official LiveJournal server)
	NOTE: The bug really exist but, is not exploitable because the LiveJournal server
	NOTE: has a length restriction on both the username (15 characters) and the real name
	NOTE: (50 characters). In my opnion is only exploitable if the user try connect in
	NOTE: fake LiveJournal server. All version of Debian centericq packages have a
	NOTE: compromised code.
CVE-2007-0159 (Directory traversal vulnerability in the GeoIP_update_database_general ...)
	- geoip 1.3.17-1.1 (bug #406628; low)
	[sarge] - geoip <no-dsa> (Minor issue)
CVE-2007-0158 (thttpd 2007 has buffer underflow. ...)
	- thttpd <removed>
CVE-2007-0157 (Array index error in the uri_lookup function in the URI parser for neo ...)
	- neon26 0.26.2-3.1 (medium; bug #404723)
	NOTE: neon25 doesn't have the uri_lookup macro
CVE-2007-0156 (M-Core stores the database under the web document root, which allows r ...)
	NOT-FOR-US: M-Core
CVE-2007-0155 (HarikaOnline 2.0 stores sensitive information under the web root with  ...)
	NOT-FOR-US: HarikaOnline
CVE-2007-0154 (Webulas stores sensitive information under the web root with insuffici ...)
	NOT-FOR-US: Webulas
CVE-2007-0153 (AJLogin 3.5 stores sensitive information under the web root with insuf ...)
	NOT-FOR-US: AJLogin
CVE-2007-0152 (OhhASP stores sensitive information under the web root with insufficie ...)
	NOT-FOR-US: OhhASP
CVE-2007-0151 (MitiSoft stores sensitive information under the web root with insuffic ...)
	NOT-FOR-US: MitiSoft
CVE-2007-0150 (Multiple PHP remote file inclusion vulnerabilities in index.php in Day ...)
	NOT-FOR-US: Dayfox
CVE-2007-0149 (EMembersPro 1.0 stores sensitive information under the web root with i ...)
	NOT-FOR-US: EMembersPro
CVE-2007-0148 (Format string vulnerability in OmniGroup OmniWeb 5.5.1 allows remote a ...)
	NOT-FOR-US: OminiGroup
CVE-2007-0147 (Cuyahoga before 1.0.1 installs the FCKEditor component with an incorre ...)
	NOT-FOR-US: Cuyahoga
CVE-2007-0146 (Multiple cross-site scripting (XSS) vulnerabilities in Fix and Chips C ...)
	NOT-FOR-US: Fix and Chips
CVE-2007-0145 (PHP remote file inclusion vulnerability in bn_smrep1.php in BinGoPHP N ...)
	NOT-FOR-US: BinGoPHP
CVE-2007-0144 (Cross-site scripting (XSS) vulnerability in search.asp in Digitizing Q ...)
	NOT-FOR-US: DIGITIZING QUOTE AND ORDERING SYSTEM
CVE-2007-0143 (Multiple PHP remote file inclusion vulnerabilities in NUNE News Script ...)
	NOT-FOR-US: NUNE News
CVE-2007-0142 (SQL injection vulnerability in orange.asp in ShopStoreNow E-commerce S ...)
	NOT-FOR-US: ShopStoreNow
CVE-2007-0141 (Cross-site scripting (XSS) vulnerability in yald.php in Yet Another Li ...)
	NOT-FOR-US: YALD
CVE-2007-0140 (SQL injection vulnerability in down.asp in Kolayindir Download (Yenion ...)
	NOT-FOR-US: Kolayindir
CVE-2007-0139 (Unspecified vulnerability in the DECnet-Plus 7.3-2 feature in DECnet/O ...)
	NOT-FOR-US: DECnet-Plus
CVE-2007-0138 (formbankcgi.exe in Fersch Formbankserver 1.9, when the PATH_INFO begin ...)
	NOT-FOR-US: Formbankserver
CVE-2007-0137 (Cross-site scripting (XSS) vulnerability in SimpleBoxes/SerendipityNZ  ...)
	NOT-FOR-US: Serene Bach
CVE-2007-0136 (Multiple cross-site scripting (XSS) vulnerabilities in Drupal before 4 ...)
	- drupal 4.7.5-1
	NOTE: vendor advisory: http://drupal.org/node/104233 - DRUPAL-SA-2007-001
CVE-2007-0135 (PHP remote file inclusion vulnerability in inc/init.inc.php in Aratix  ...)
	NOT-FOR-US: Aratix
CVE-2007-0134 (Multiple eval injection vulnerabilities in iGeneric iG Shop 1.0 allow  ...)
	NOT-FOR-US: IG Shop
CVE-2007-0133 (Multiple SQL injection vulnerabilities in display_review.php in iGener ...)
	NOT-FOR-US: IG Shop
CVE-2007-0132 (SQL injection vulnerability in compare_product.php in iGeneric iG Shop ...)
	NOT-FOR-US: IG Shop
CVE-2007-0131 (JAMWiki before 0.5.0 does not properly check permissions during moves  ...)
	NOT-FOR-US: JAMWiki
CVE-2007-0130 (SQL injection vulnerability in user.php in iGeneric iG Calendar 1.0 al ...)
	NOT-FOR-US: iG Calendar
CVE-2007-0129 (SQL injection vulnerability in main.asp in LocazoList 2.01a beta5 and  ...)
	NOT-FOR-US: LocazoList
CVE-2007-0128 (SQL injection vulnerability in info_book.asp in Digirez 3.4 and earlie ...)
	NOT-FOR-US: Digirez
CVE-2007-0127 (The Javascript SVG support in Opera before 9.10 does not properly vali ...)
	NOT-FOR-US: Opera
CVE-2007-0126 (Heap-based buffer overflow in Opera 9.02 allows remote attackers to ex ...)
	NOT-FOR-US: Opera
CVE-2007-0125 (Kaspersky Labs Antivirus Engine 6.0 for Windows and 5.5-10 for Linux b ...)
	NOT-FOR-US: Kaspersky Labs
CVE-2007-0124 (Unspecified vulnerability in Drupal before 4.6.11, and 4.7 before 4.7. ...)
	- drupal 4.7.5-1 (low)
CVE-2007-0123 (Unrestricted file upload vulnerability in Uber Uploader 4.2 allows rem ...)
	NOT-FOR-US: Uber Uploader
CVE-2007-0122 (Multiple SQL injection vulnerabilities in Coppermine Photo Gallery 1.4 ...)
	NOT-FOR-US: Coppermine Photo Gallery
CVE-2007-0121 (Cross-site scripting (XSS) vulnerability in search.asp in RI Blog 1.3  ...)
	NOT-FOR-US: RI Blog
CVE-2007-0120 (Acunetix Web Vulnerability Scanner (WVS) 4.0 Build 20060717 and earlie ...)
	NOT-FOR-US: Acunetix Web Vulnerability Scanner
CVE-2007-0119 (Multiple cross-site scripting (XSS) vulnerabilities in EditTag 1.2 all ...)
	NOT-FOR-US: EditTag
CVE-2007-0118 (Multiple absolute path traversal vulnerabilities in EditTag 1.2 allow  ...)
	NOT-FOR-US: EditTag
CVE-2007-0117 (DiskManagementTool in the DiskManagement.framework 92.29 on Mac OS X 1 ...)
	NOT-FOR-US: Mac OS
CVE-2007-0116 (Digger Solutions Intranet Open Source (IOS) stores sensitive informati ...)
	NOT-FOR-US: Digger Solutions Intranet Open Source (IOS)
CVE-2007-0115 (Static code injection vulnerability in Coppermine Photo Gallery 1.4.10 ...)
	NOT-FOR-US: Coppermine Photo Gallery
CVE-2007-0114 (Sun Java System Content Delivery Server 5.0 and 5.0 PU1 allows remote  ...)
	NOT-FOR-US: Sun Java System Content Delivery Server
CVE-2007-0113 (Buffer overflow in Packeteer PacketShaper PacketWise 8.x allows remote ...)
	NOT-FOR-US: PacketWise
CVE-2007-0112 (SQL injection vulnerability in cats.asp in createauction allows remote ...)
	NOT-FOR-US: createauction
CVE-2007-0111 (Buffer overflow in Resco Photo Viewer for PocketPC 4.11 and 6.01, as u ...)
	NOT-FOR-US: PocketPC
CVE-2007-0110 (Cross-site scripting (XSS) vulnerability in nidp/idff/sso in Novell Ac ...)
	NOT-FOR-US: Novell Access Manager
CVE-2007-0109 (wp-login.php in WordPress 2.0.5 and earlier displays different error m ...)
	- wordpress 2.0.6-1 (low)
	NOTE: http://trac.wordpress.org/changeset/4665
CVE-2007-0108 (nwgina.dll in Novell Client 4.91 SP3 for Windows 2000/XP/2003 does not ...)
	NOT-FOR-US: Novell Client
CVE-2007-0105 (Stack-based buffer overflow in the CSAdmin service in Cisco Secure Acc ...)
	NOT-FOR-US: Cisco
CVE-2007-0104 (The Adobe PDF specification 1.3, as implemented by (a) xpdf 3.0.1 patc ...)
	- kdegraphics 4:3.5.5-3 (unimportant)
	- koffice <unfixed> (unimportant)
	- poppler 0.4.5-5.1 (unimportant)
	- xpdf 3.02 (bug #406852; unimportant)
	- swftools <not-affected> (first version that entered the archive is based on xpdf 3.02)
	NOTE: hardly a security issue; if someone sends someone a crafted PDF file triggering
	NOTE: such an endless loop the user will simply abort kpdf and never look at
	NOTE: that file again, this is only denial of service by a _very_ far stretch
	NOTE: of imagination. I suppose KDE Security only issued an update for it
	NOTE: because the shared underlying code was part of the Month of Apple Bugs
	NOTE: and they wanted to debunk claims of code injection.
CVE-2007-0103 (The Adobe PDF specification 1.3, as implemented by Adobe Acrobat befor ...)
	NOT-FOR-US: Acrobat Reader
CVE-2007-0102 (The Adobe PDF specification 1.3, as implemented by Apple Mac OS X Prev ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2007-0101 (Cross-site request forgery (CSRF) vulnerability in SPINE allows remote ...)
	NOT-FOR-US: SPINE
CVE-2007-0100 (The Perforce client does not restrict the set of files that it overwri ...)
	NOT-FOR-US: Perforce
CVE-2007-0099 (Race condition in the msxml3 module in Microsoft XML Core Services 3.0 ...)
	NOT-FOR-US: Microsoft
CVE-2007-0098 (Directory traversal vulnerability in language.php in VerliAdmin 0.3 an ...)
	NOT-FOR-US: VerliAdmin
CVE-2007-0097 (Multiple stack-based buffer overflows in the (1) LoadTree and (2) Read ...)
	NOT-FOR-US: ConeXware PowerArchive
CVE-2007-0096 (CarbonCommunities stores sensitive information under the web root with ...)
	NOT-FOR-US: Carbon Communities
CVE-2007-0095 (phpMyAdmin 2.9.1.1 allows remote attackers to obtain sensitive informa ...)
	- phpmyadmin 4:2.9.1.1-1 (bug #399329; unimportant)
	NOTE: Only path disclosure
CVE-2007-0094 (Sven Moderow GuestBook 0.3a stores sensitive information under the web ...)
	NOT-FOR-US: Sven Moderow GuestBook
CVE-2007-0093 (SQL injection vulnerability in page.php in Simple Web Content Manageme ...)
	NOT-FOR-US: Simple Web Content Management System
CVE-2007-0092 (SQL injection vulnerability in productdetail.asp in E-SMARTCART 1.0 al ...)
	NOT-FOR-US: E-SMARTCART
CVE-2007-0091 (newsCMSlite stores sensitive information under the web root with insuf ...)
	NOT-FOR-US: newsCMSlite
CVE-2007-0090 (WineGlass stores sensitive information under the web root with insuffi ...)
	NOT-FOR-US: WineGlass
CVE-2007-0089 (jgbbs stores sensitive information under the web root with insufficien ...)
	NOT-FOR-US: jgbbs
CVE-2007-0088 (Multiple directory traversal vulnerabilities in openmedia allow remote ...)
	NOT-FOR-US: openmedia
CVE-2007-0087
	NOT-FOR-US: Microsoft IIS
CVE-2007-0086
	- apache <unfixed> (unimportant)
	- apache2 <unfixed> (unimportant)
CVE-2007-0085 (Unspecified vulnerability in sys/dev/pci/vga_pci.c in the VGA graphics ...)
	NOT-FOR-US: OpenBSD VGA wscons driver
CVE-2007-0084
	NOT-FOR-US: Windows NT
CVE-2007-0083 (Cross-site scripting (XSS) vulnerability in Nuked Klan 1.7 and earlier ...)
	NOT-FOR-US: Nuked Klan
CVE-2007-0082 (users_adm/start1.php in IMGallery 2.5 and earlier does not properly ha ...)
	NOT-FOR-US: IMGallery
CVE-2007-0081 (Sunbelt Kerio Personal Firewall (SKPF) 4.3.268 and 4.3.246, and possib ...)
	NOT-FOR-US: Sunbelt Kerio Personal Firewall
CVE-2007-0080
	- freeradius <unfixed> (unimportant)
	NOTE: Data triggering the buffer overflow can only be controlled by root
CVE-2007-0079 (rblog stores sensitive information under the web root with insufficien ...)
	NOT-FOR-US: rblog
CVE-2007-0078 (BattleBlog stores sensitive information under the web root with insuff ...)
	NOT-FOR-US: BattleBlog
CVE-2007-0077 (lblog stores sensitive information under the web root with insufficien ...)
	NOT-FOR-US: lblog
CVE-2007-0076 (Openforum stores sensitive information under the web root with insuffi ...)
	NOT-FOR-US: Openforum
CVE-2007-0075 (AspBB stores sensitive information under the web root with insufficien ...)
	NOT-FOR-US: AspBB
CVE-2007-0074 (Heap-based buffer overflow in an unspecified procedure in Trend Micro  ...)
	NOT-FOR-US: Trend Micro
CVE-2007-0073 (Heap-based buffer overflow in an unspecified procedure in Trend Micro  ...)
	NOT-FOR-US: Trend Micro
CVE-2007-0072 (Heap-based buffer overflow in an unspecified procedure in Trend Micro  ...)
	NOT-FOR-US: Trend Micro
CVE-2007-0071 (Integer overflow in Adobe Flash Player 9.0.115.0 and earlier, and 8.0. ...)
	- flashplugin-nonfree 1:1.4
	NOTE: Fix came from Adobe via new Adobe Flash Player, debian package didn't change
CVE-2007-0070
	RESERVED
CVE-2007-0069 (Unspecified vulnerability in the kernel in Microsoft Windows XP SP2, S ...)
	NOT-FOR-US: Microsoft Windows
CVE-2007-0068 (IBM Lotus Domino 7.0.x before 7.0.3 does not revalidate the signature  ...)
	NOT-FOR-US: IBM Lotus Domino
CVE-2007-0067 (Unspecified vulnerability in the Lotus Domino Web Server 6.0, 6.5.x be ...)
	NOT-FOR-US: Lotus Domino Server
CVE-2007-0066 (The kernel in Microsoft Windows 2000 SP4, XP SP2, and Server 2003, whe ...)
	NOT-FOR-US: Microsoft Windows
CVE-2007-0065 (Heap-based buffer overflow in Object Linking and Embedding (OLE) Autom ...)
	NOT-FOR-US: Microsoft Windows
CVE-2007-0064 (Heap-based buffer overflow in Windows Media Format Runtime 7.1, 9, 9.5 ...)
	NOT-FOR-US: Windows
CVE-2007-0063 (Integer underflow in the DHCP server in EMC VMware Workstation before  ...)
	- vmware-package 0.16
CVE-2007-0062 (Integer overflow in the ISC dhcpd 3.0.x before 3.0.7 and 3.1.x before  ...)
	- vmware-package 0.16
CVE-2007-0061 (The DHCP server in EMC VMware Workstation before 5.5.5 Build 56455 and ...)
	- vmware-package 0.16
CVE-2007-0060 (Stack-based buffer overflow in the Message Queuing Server (Cam.exe) in ...)
	NOT-FOR-US: CA
CVE-2007-0059 (Cross-zone scripting vulnerability in Apple Quicktime 3 to 7.1.3 allow ...)
	NOT-FOR-US: Apple Quicktime
CVE-2007-0058 (Cisco Clean Access (CCA) 3.5.x through 3.5.9 and 3.6.x through 3.6.1.1 ...)
	NOT-FOR-US: Cisco
CVE-2007-0057 (Cisco Clean Access (CCA) 3.6.x through 3.6.4.2 and 4.0.x through 4.0.3 ...)
	NOT-FOR-US: Cisco
CVE-2007-0056 (Multiple cross-site scripting (XSS) vulnerabilities in AShop Deluxe 4. ...)
	NOT-FOR-US: AShop Deluxe
CVE-2007-0055 (Directory traversal vulnerability in formbankcgi.exe/AbfrageForm in Fo ...)
	NOT-FOR-US: Formbankserver
CVE-2007-0054 (Cross-site scripting (XSS) vulnerability in gbrowse.php in Belchior Fo ...)
	NOT-FOR-US: Belchior Foundry vCard PRO
CVE-2007-0053 (SQL injection vulnerability in detail.asp in ASP SiteWare autoDealer 2 ...)
	NOT-FOR-US: ASP SiteWare autoDealer
CVE-2007-0052 (SQL injection vulnerability in haberdetay.asp in Vizayn Haber allows r ...)
	NOT-FOR-US: Vizayn Haber
CVE-2007-0051 (Format string vulnerability in Apple iPhoto 6.0.5 (316), and other ver ...)
	NOT-FOR-US: Apple iPhoto
CVE-2007-0106 (Cross-site scripting (XSS) vulnerability in the CSRF protection scheme ...)
	- wordpress 2.0.6-1 (bug #405691; medium)
	NOTE: http://www.hardened-php.net/advisory_022007.141.html
CVE-2007-0107 (WordPress before 2.0.6, when mbstring is enabled for PHP, decodes alte ...)
	- wordpress 2.0.6-1 (bug #405691; medium)
	NOTE: http://www.hardened-php.net/advisory_012007.140.html
CVE-2007-0050
	NOT-FOR-US: OpenPinboard
CVE-2007-0049 (Geckovich TaskTracker Pro 1.5 and earlier allows remote attackers to a ...)
	NOT-FOR-US: TaskTracker
CVE-2007-0048 (Adobe Acrobat Reader Plugin before 8.0.0, and possibly the plugin dist ...)
	NOT-FOR-US: Adobe Acrobat Reader with Internet Explorer
CVE-2007-0047 (CRLF injection vulnerability in Adobe Acrobat Reader Plugin before 8.0 ...)
	NOT-FOR-US: Adobe Acrobat Reader with Internet Explorer
CVE-2007-0046 (Double free vulnerability in the Adobe Acrobat Reader Plugin before 8. ...)
	NOT-FOR-US: Adobe Acrobat Reader Plugin
CVE-2007-0045 (Multiple cross-site scripting (XSS) vulnerabilities in Adobe Acrobat R ...)
	{DSA-1336-1}
	NOT-FOR-US: Adobe Acrobat Reader Plugin
	NOTE: a fix for this is also in iceweasle 2.0.0.2+dfsg-1 (MFSA-2007-02)
	NOTE: and icape 1.0.8-1
CVE-2007-0044 (Adobe Acrobat Reader Plugin before 8.0.0 for the Firefox, Internet Exp ...)
	NOT-FOR-US: Adobe Acrobat Reader Plugin
CVE-2007-0043 (The Just In Time (JIT) Compiler service in Microsoft .NET Framework 1. ...)
	NOT-FOR-US: Microsoft .NET
CVE-2007-0042 (Interpretation conflict in ASP.NET in Microsoft .NET Framework 1.0, 1. ...)
	NOT-FOR-US: Microsoft .NET
CVE-2007-0041 (The PE Loader service in Microsoft .NET Framework 1.0, 1.1, and 2.0 fo ...)
	NOT-FOR-US: Microsoft .NET
CVE-2007-0040 (The LDAP service in Windows Active Directory in Microsoft Windows 2000 ...)
	NOT-FOR-US: Microsoft Windows
CVE-2007-0039 (The Exchange Collaboration Data Objects (EXCDO) functionality in Micro ...)
	NOT-FOR-US: Microsoft
CVE-2007-0038 (Stack-based buffer overflow in the animated cursor code in Microsoft W ...)
	NOT-FOR-US: Microsoft
CVE-2007-0037
	REJECTED
CVE-2007-0036
	REJECTED
CVE-2007-0035 (Word (or Word Viewer) in Microsoft Office 2000 SP3, XP SP3, 2003 SP2,  ...)
	NOT-FOR-US: Microsoft Word
CVE-2007-0034 (Buffer overflow in the Advanced Search (Finder.exe) feature of Microso ...)
	NOT-FOR-US: Microsoft Outlook
CVE-2007-0033 (Microsoft Outlook 2002 and 2003 allows user-assisted remote attackers  ...)
	NOT-FOR-US: Microsoft Outlook
CVE-2007-0032
	REJECTED
CVE-2007-0031 (Heap-based buffer overflow in Microsoft Excel 2000 SP3, 2002 SP3, 2003 ...)
	NOT-FOR-US: Microsoft Excel
CVE-2007-0030 (Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2004 for Mac, and v.X fo ...)
	NOT-FOR-US: Microsoft Excel
CVE-2007-0029 (Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2004 for Mac, and v.X fo ...)
	NOT-FOR-US: Microsoft Excel
CVE-2007-0028 (Microsoft Excel 2000, 2002, 2003, Viewer 2003, Office 2004 for Mac, an ...)
	NOT-FOR-US: Microsoft Excel
CVE-2007-0027 (Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2004 for Mac, and v.X fo ...)
	NOT-FOR-US: Microsoft Excel
CVE-2007-0026 (The OLE Dialog component in Microsoft Windows 2000 SP4, XP SP2, and 20 ...)
	NOT-FOR-US: Microsoft
CVE-2007-0025 (The MFC component in Microsoft Windows 2000 SP4, XP SP2, and 2003 SP1  ...)
	NOT-FOR-US: Microsoft
CVE-2007-0024 (Integer overflow in the Vector Markup Language (VML) implementation (v ...)
	NOT-FOR-US: Microsoft IE
CVE-2007-0023 (The CFUserNotificationSendRequest function in UserNotificationCenter.a ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2007-0022 (Untrusted search path vulnerability in writeconfig in Apple Mac OS X 1 ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2007-0021 (Format string vulnerability in Apple iChat 3.1.6 allows remote attacke ...)
	NOT-FOR-US: Apple iChat
CVE-2007-0020 (Heap-based buffer overflow in the SFTP protocol handler for Panic Tran ...)
	NOT-FOR-US: Panic Transmit
CVE-2007-0019 (Multiple heap-based buffer overflows in rumpusd in Rumpus 5.1 and earl ...)
	NOT-FOR-US: Maxum Rumpus
CVE-2007-0018 (Stack-based buffer overflow in the NCTAudioFile2.AudioFile ActiveX con ...)
	NOT-FOR-US: NCTAudioFile2 ActiveX control
CVE-2007-0017 (Multiple format string vulnerabilities in (1) the cdio_log_handler fun ...)
	{DSA-1252-1}
	- vlc 0.8.6-svn20061012.debian-1.2 (bug #405425; medium)
CVE-2007-0016 (Stack-based buffer overflow in MoviePlay 4.76 allows remote attackers  ...)
	NOT-FOR-US: MoviePlay
CVE-2007-XXXX [webcam-server unspecified vulnerability]
	- webcam-server 0.50-2
CVE-2007-0015 (Buffer overflow in Apple QuickTime 7.1.3 allows remote attackers to ex ...)
	NOT-FOR-US: Apple Quicktime
CVE-2007-0014 (ChainKey Java Code Protection allows attackers to decompile Java class ...)
	NOT-FOR-US: ChainKey Java Code Protection
CVE-2007-0013
	RESERVED
CVE-2007-0012 (Sun JRE 5.0 before update 14 allows remote attackers to cause a denial ...)
	- sun-java5 <removed> (unimportant)
	- sun-java6 <removed> (unimportant)
	- openjdk-6 <removed> (unimportant)
	NOTE: not a security issue, browser dos treated as regular bugs, also likely Windows-specific
CVE-2007-0011 (The web portal interface in Citrix Access Gateway (aka Citrix Advanced ...)
	NOT-FOR-US: Citrix Access Gateway
CVE-2007-0010 (The GdkPixbufLoader function in GIMP ToolKit (GTK+) in GTK 2 (gtk2) be ...)
	{DSA-1256-1}
	- gtk+2.0 2.8.20-5
CVE-2007-0009 (Stack-based buffer overflow in the SSLv2 support in Mozilla Network Se ...)
	{DSA-1336-1}
	NOTE: MFSA-2007-06
	- iceweasel 2.0.0.2+dfsg-1 (low)
	- iceape 1.0.8-1 (low)
	- xulrunner 1.8.0.10-1 (low)
	- icedove 1.5.0.10.dfsg1-1
	[sarge] - mozilla-firefox <no-dsa> (Mozilla products from Sarge no longer supported)
	[sarge] - mozilla <no-dsa> (Mozilla products from Sarge no longer supported)
CVE-2007-0008 (Integer underflow in the SSLv2 support in Mozilla Network Security Ser ...)
	{DSA-1336-1}
	NOTE: MFSA-2007-06
	- iceweasel 2.0.0.2+dfsg-1 (low)
	- iceape 1.0.8-1 (low)
	- xulrunner 1.8.0.10-1 (low)
	- icedove 1.5.0.10.dfsg1-1
	[sarge] - mozilla-firefox <no-dsa> (Mozilla products from Sarge no longer supported)
	[sarge] - mozilla <no-dsa> (Mozilla products from Sarge no longer supported)
CVE-2007-0007 (gnucash 2.0.4 and earlier allows local users to overwrite arbitrary fi ...)
	- gnucash 2.0.5-1 (bug #411942; medium)
CVE-2007-0006 (The key serial number collision avoidance code in the key_alloc_serial ...)
	- linux-2.6 2.6.18.dfsg.1-12
CVE-2007-0005 (Multiple buffer overflows in the (1) read and (2) write handlers in th ...)
	{DSA-1286-1}
	- linux-2.6 2.6.20-1
CVE-2007-0004 (The NFS client implementation in the kernel in Red Hat Enterprise Linu ...)
	NOTE: if security relevant at all, it's 2.4.* only
	- linux-2.6 <not-affected> (2.4 only)
CVE-2007-0003 (pam_unix.so in Linux-PAM 0.99.7.0 allows context-dependent attackers t ...)
	- pam <not-affected> (Only pam 0.99.7 affected)
CVE-2007-0002 (Multiple heap-based buffer overflows in WordPerfect Document importer/ ...)
	{DSA-1270-1 DSA-1268-1}
	- libwpd 0.8.9-1
	NOTE: openoffice.org changelog indicates libwpd is included but not used
	- openoffice.org 2.0.4.dfsg.2-6
	[etch] - openoffice.org 2.0.4.dfsg.2-5etch1
	[etch] - libwpd 0.8.7-6
CVE-2007-0001 (The file watch implementation in the audit subsystem (auditctl -w) in  ...)
	- linux-2.6 <not-affected> (Red Hat specific vulnerability)